From 6e30959439c54712abfdc63c2afca7b9449a14b6 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 9 Jan 2023 15:35:48 +0100 Subject: [PATCH] Deployed 108e93fcf to 2.5 with MkDocs 1.4.1 and mike 1.1.2 --- 2.5/404.html | 2457 ++++++ .../source-code-pro-v21-latin-regular.eot | Bin 0 -> 11260 bytes .../source-code-pro-v21-latin-regular.svg | 326 + .../source-code-pro-v21-latin-regular.ttf | Bin 0 -> 19720 bytes .../source-code-pro-v21-latin-regular.woff | Bin 0 -> 12772 bytes .../source-code-pro-v21-latin-regular.woff2 | Bin 0 -> 9960 bytes .../fonts/source-sans-pro-v21-latin-700.eot | Bin 0 -> 14950 bytes .../fonts/source-sans-pro-v21-latin-700.svg | 337 + .../fonts/source-sans-pro-v21-latin-700.ttf | Bin 0 -> 29848 bytes .../fonts/source-sans-pro-v21-latin-700.woff | Bin 0 -> 16104 bytes .../fonts/source-sans-pro-v21-latin-700.woff2 | Bin 0 -> 12924 bytes .../source-sans-pro-v21-latin-regular.eot | Bin 0 -> 15027 bytes .../source-sans-pro-v21-latin-regular.svg | 337 + .../source-sans-pro-v21-latin-regular.ttf | Bin 0 -> 29856 bytes .../source-sans-pro-v21-latin-regular.woff | Bin 0 -> 16156 bytes .../source-sans-pro-v21-latin-regular.woff2 | Bin 0 -> 13036 bytes .../images/checkmk/long_check_output.png | Bin 0 -> 76878 bytes .../images/checkmk/no_updates_available.png | Bin 0 -> 3256 bytes .../images/checkmk/updates_available.png | Bin 0 -> 4034 bytes 2.5/assets/images/favicon.png | Bin 0 -> 10281 bytes 2.5/assets/images/i_u_m/nightly_footer.png | Bin 0 -> 6291 bytes 2.5/assets/images/logo.svg | 179 + .../images/manual-guides/mailcow-bl_wl.png | Bin 0 -> 56090 bytes .../mailcow-domain_email_tags.png | Bin 0 -> 58292 bytes .../mailcow-domain_tags_ribbon.png | Bin 0 -> 24809 bytes .../manual-guides/mailcow-netfilter_regex.png | Bin 0 -> 73545 bytes .../mailcow-netfilter_settings.png | Bin 0 -> 52622 bytes .../manual-guides/mailcow-spamalias.png | Bin 0 -> 24577 bytes .../manual-guides/mailcow-spamfilter.png | Bin 0 -> 78804 bytes .../images/manual-guides/mailcow-tagging.png | Bin 0 -> 55546 bytes .../troubleshooting/mailcow-backupmx.png | Bin 0 -> 6740 bytes 2.5/assets/javascripts/bundle.d6c3db9e.min.js | 29 + .../javascripts/bundle.d6c3db9e.min.js.map | 8 + 2.5/assets/javascripts/client.js | 112 + .../javascripts/lunr/min/lunr.ar.min.js | 1 + .../javascripts/lunr/min/lunr.da.min.js | 18 + .../javascripts/lunr/min/lunr.de.min.js | 18 + .../javascripts/lunr/min/lunr.du.min.js | 18 + .../javascripts/lunr/min/lunr.es.min.js | 18 + .../javascripts/lunr/min/lunr.fi.min.js | 18 + .../javascripts/lunr/min/lunr.fr.min.js | 18 + .../javascripts/lunr/min/lunr.hi.min.js | 1 + .../javascripts/lunr/min/lunr.hu.min.js | 18 + .../javascripts/lunr/min/lunr.it.min.js | 18 + .../javascripts/lunr/min/lunr.ja.min.js | 1 + .../javascripts/lunr/min/lunr.jp.min.js | 1 + .../javascripts/lunr/min/lunr.ko.min.js | 1 + .../javascripts/lunr/min/lunr.multi.min.js | 1 + .../javascripts/lunr/min/lunr.nl.min.js | 18 + .../javascripts/lunr/min/lunr.no.min.js | 18 + .../javascripts/lunr/min/lunr.pt.min.js | 18 + .../javascripts/lunr/min/lunr.ro.min.js | 18 + .../javascripts/lunr/min/lunr.ru.min.js | 18 + .../lunr/min/lunr.stemmer.support.min.js | 1 + .../javascripts/lunr/min/lunr.sv.min.js | 18 + .../javascripts/lunr/min/lunr.ta.min.js | 1 + .../javascripts/lunr/min/lunr.th.min.js | 1 + .../javascripts/lunr/min/lunr.tr.min.js | 18 + .../javascripts/lunr/min/lunr.vi.min.js | 1 + .../javascripts/lunr/min/lunr.zh.min.js | 1 + 2.5/assets/javascripts/lunr/tinyseg.js | 206 + 2.5/assets/javascripts/lunr/wordcut.js | 6708 +++++++++++++++++ .../workers/search.16e2a7d4.min.js | 48 + .../workers/search.16e2a7d4.min.js.map | 8 + 2.5/assets/stylesheets/extra.css | 67 + 2.5/assets/stylesheets/main.472b142f.min.css | 1 + .../stylesheets/main.472b142f.min.css.map | 1 + .../stylesheets/palette.08040f6c.min.css | 1 + .../stylesheets/palette.08040f6c.min.css.map | 1 + 2.5/b_n_r-accidental_deletion/index.html | 15 + 2.5/b_n_r-backup/index.html | 15 + 2.5/b_n_r-backup_restore-maildir/index.html | 15 + 2.5/b_n_r-backup_restore-mysql/index.html | 15 + 2.5/b_n_r-coldstandby/index.html | 15 + 2.5/b_n_r-restore/index.html | 15 + 2.5/b_n_r_accidental_deletion/index.html | 15 + 2.5/b_n_r_backup/index.html | 15 + .../b_n_r-accidental_deletion/index.html | 2616 +++++++ 2.5/backup_restore/b_n_r-backup/index.html | 2773 +++++++ .../b_n_r-backup_restore-maildir/index.html | 2606 +++++++ .../b_n_r-backup_restore-mysql/index.html | 2610 +++++++ .../b_n_r-coldstandby/index.html | 2677 +++++++ 2.5/backup_restore/b_n_r-restore/index.html | 2588 +++++++ 2.5/client-android/index.html | 15 + 2.5/client-apple/index.html | 15 + 2.5/client-emclient/index.html | 15 + 2.5/client-kontact/index.html | 15 + 2.5/client-manual/index.html | 15 + 2.5/client-outlook/index.html | 15 + 2.5/client-thunderbird/index.html | 15 + 2.5/client-windows/index.html | 15 + 2.5/client/client-android/index.html | 2537 +++++++ 2.5/client/client-apple/index.html | 2645 +++++++ 2.5/client/client-emclient/index.html | 2539 +++++++ 2.5/client/client-kontact/index.html | 2547 +++++++ 2.5/client/client-manual/index.html | 2651 +++++++ 2.5/client/client-outlook/index.html | 2677 +++++++ 2.5/client/client-thunderbird/index.html | 2556 +++++++ 2.5/client/client-windows/index.html | 2540 +++++++ 2.5/client/client/index.html | 2554 +++++++ 2.5/client/index.html | 15 + .../source-code-pro-v21-latin-regular.eot | Bin 0 -> 11260 bytes .../source-code-pro-v21-latin-regular.svg | 326 + .../source-code-pro-v21-latin-regular.ttf | Bin 0 -> 19720 bytes .../source-code-pro-v21-latin-regular.woff | Bin 0 -> 12772 bytes .../source-code-pro-v21-latin-regular.woff2 | Bin 0 -> 9960 bytes .../fonts/source-sans-pro-v21-latin-700.eot | Bin 0 -> 14950 bytes .../fonts/source-sans-pro-v21-latin-700.svg | 337 + .../fonts/source-sans-pro-v21-latin-700.ttf | Bin 0 -> 29848 bytes .../fonts/source-sans-pro-v21-latin-700.woff | Bin 0 -> 16104 bytes .../fonts/source-sans-pro-v21-latin-700.woff2 | Bin 0 -> 12924 bytes .../source-sans-pro-v21-latin-regular.eot | Bin 0 -> 15027 bytes .../source-sans-pro-v21-latin-regular.svg | 337 + .../source-sans-pro-v21-latin-regular.ttf | Bin 0 -> 29856 bytes .../source-sans-pro-v21-latin-regular.woff | Bin 0 -> 16156 bytes .../source-sans-pro-v21-latin-regular.woff2 | Bin 0 -> 13036 bytes .../images/checkmk/long_check_output.png | Bin 0 -> 76878 bytes .../images/checkmk/no_updates_available.png | Bin 0 -> 3256 bytes .../images/checkmk/updates_available.png | Bin 0 -> 4034 bytes 2.5/de/assets/images/favicon.png | Bin 0 -> 10281 bytes 2.5/de/assets/images/i_u_m/nightly_footer.png | Bin 0 -> 6291 bytes 2.5/de/assets/images/logo.svg | 179 + .../images/manual-guides/mailcow-bl_wl.png | Bin 0 -> 72166 bytes .../mailcow-domain_email_tags.png | Bin 0 -> 66858 bytes .../mailcow-domain_tags_ribbon.png | Bin 0 -> 27233 bytes .../manual-guides/mailcow-netfilter_regex.png | Bin 0 -> 73193 bytes .../mailcow-netfilter_settings.png | Bin 0 -> 56268 bytes .../manual-guides/mailcow-spamalias.png | Bin 0 -> 24593 bytes .../manual-guides/mailcow-spamfilter.png | Bin 0 -> 90470 bytes .../images/manual-guides/mailcow-tagging.png | Bin 0 -> 69226 bytes .../troubleshooting/mailcow-backupmx.png | Bin 0 -> 6740 bytes 2.5/de/assets/javascripts/client.js | 112 + 2.5/de/assets/stylesheets/extra.css | 67 + .../b_n_r-accidental_deletion/index.html | 2616 +++++++ 2.5/de/backup_restore/b_n_r-backup/index.html | 2773 +++++++ .../b_n_r-backup_restore-maildir/index.html | 2606 +++++++ .../b_n_r-backup_restore-mysql/index.html | 2610 +++++++ .../b_n_r-coldstandby/index.html | 2677 +++++++ .../backup_restore/b_n_r-restore/index.html | 2588 +++++++ 2.5/de/client/client-android/index.html | 2537 +++++++ 2.5/de/client/client-apple/index.html | 2645 +++++++ 2.5/de/client/client-emclient/index.html | 2539 +++++++ 2.5/de/client/client-kontact/index.html | 2547 +++++++ 2.5/de/client/client-manual/index.html | 2651 +++++++ 2.5/de/client/client-outlook/index.html | 2660 +++++++ 2.5/de/client/client-thunderbird/index.html | 2556 +++++++ 2.5/de/client/client-windows/index.html | 2540 +++++++ 2.5/de/client/client/index.html | 2554 +++++++ 2.5/de/i_u_m/i_u_m_deinstall/index.html | 2552 +++++++ 2.5/de/i_u_m/i_u_m_install/index.html | 2895 +++++++ 2.5/de/i_u_m/i_u_m_migration/index.html | 2598 +++++++ 2.5/de/i_u_m/i_u_m_update/index.html | 2848 +++++++ 2.5/de/index.html | 2753 +++++++ .../u_e-clamav-additional_dbs/index.html | 2723 +++++++ .../ClamAV/u_e-clamav-whitelist/index.html | 2631 +++++++ .../u_e-docker-cust_dockerfiles/index.html | 2557 +++++++ .../Dovecot/u_e-dovecot-any_acl/index.html | 2549 +++++++ .../u_e-dovecot-catchall_vacation/index.html | 2534 +++++++ .../Dovecot/u_e-dovecot-expunge/index.html | 2753 +++++++ .../Dovecot/u_e-dovecot-extra_conf/index.html | 2546 +++++++ .../Dovecot/u_e-dovecot-fts/index.html | 2671 +++++++ .../u_e-dovecot-idle_interval/index.html | 2685 +++++++ .../Dovecot/u_e-dovecot-mail-crypt/index.html | 2576 +++++++ .../Dovecot/u_e-dovecot-more/index.html | 2629 +++++++ .../u_e-dovecot-public_folder/index.html | 2618 +++++++ .../u_e-dovecot-static_master/index.html | 2556 +++++++ .../u_e-dovecot-vmail-volume/index.html | 2669 +++++++ .../Nginx/u_e-nginx_custom/index.html | 2727 +++++++ .../Nginx/u_e-nginx_webmail-site/index.html | 2586 +++++++ .../u_e-postfix-attachment_size/index.html | 2546 +++++++ .../u_e-postfix-custom_transport/index.html | 2535 +++++++ .../index.html | 2620 +++++++ .../Postfix/u_e-postfix-extra_cf/index.html | 2548 +++++++ .../Postfix/u_e-postfix-pflogsumm/index.html | 2543 +++++++ .../index.html | 2544 +++++++ .../Postfix/u_e-postfix-relayhost/index.html | 2644 +++++++ .../u_e-postfix-trust_networks/index.html | 2646 +++++++ .../manual-guides/Redis/u_e-redis/index.html | 2710 +++++++ .../Rspamd/u_e-rspamd/index.html | 3022 ++++++++ 2.5/de/manual-guides/SOGo/u_e-sogo/index.html | 2754 +++++++ .../Unbound/u_e-unbound-fwd/index.html | 2641 +++++++ .../u_e-watchdog-thresholds/index.html | 2889 +++++++ .../u_e-mailcow_ui-bl_wl/index.html | 2540 +++++++ .../u_e-mailcow_ui-config/index.html | 2556 +++++++ .../mailcow-UI/u_e-mailcow_ui-css/index.html | 2534 +++++++ .../mailcow-UI/u_e-mailcow_ui-fido/index.html | 2619 +++++++ .../u_e-mailcow_ui-netfilter/index.html | 2616 +++++++ .../u_e-mailcow_ui-pushover/index.html | 2544 +++++++ .../u_e-mailcow_ui-spamalias/index.html | 2535 +++++++ .../u_e-mailcow_ui-spamfilter/index.html | 2539 +++++++ .../u_e-mailcow_ui-sub_addressing/index.html | 2602 +++++++ .../mailcow-UI/u_e-mailcow_ui-tags/index.html | 2642 +++++++ .../mailcow-UI/u_e-mailcow_ui-tfa/index.html | 2816 +++++++ 2.5/de/manual-guides/u_e-80_to_443/index.html | 2555 +++++++ .../u_e-autodiscover_config/index.html | 2576 +++++++ .../u_e-reeanble-weak-protocols/index.html | 2544 +++++++ .../manual-guides/u_e-update-hooks/index.html | 2538 +++++++ .../manual-guides/u_e-why_unbound/index.html | 2535 +++++++ 2.5/de/models/model-acl/index.html | 2549 +++++++ 2.5/de/models/model-passwd/index.html | 2649 +++++++ 2.5/de/models/model-sender_rcv/index.html | 2611 +++++++ .../firststeps-disable_ipv6/index.html | 2620 +++++++ .../firststeps-dmarc_reporting/index.html | 2862 +++++++ .../firststeps-ip_bindings/index.html | 2682 +++++++ .../firststeps-local_mta/index.html | 2545 +++++++ .../firststeps-logging/index.html | 2802 +++++++ .../firststeps-rp/index.html | 2953 ++++++++ .../firststeps-rspamd_ui/index.html | 2538 +++++++ .../firststeps-snat/index.html | 2542 +++++++ .../firststeps-ssl/index.html | 2867 +++++++ .../firststeps-sync_jobs_migration/index.html | 2612 +++++++ .../prerequisite/prerequisite-dns/index.html | 2823 +++++++ .../prerequisite-system/index.html | 2978 ++++++++ .../third_party-borgmatic/index.html | 2998 ++++++++ .../checkmk/u_e-checkmk/index.html | 2669 +++++++ .../third_party-exchange_onprem/index.html | 2688 +++++++ .../gitea/third_party-gitea/index.html | 2568 +++++++ .../gogs/third_party-gogs/index.html | 2567 +++++++ .../mailman3/third_party-mailman3/index.html | 3170 ++++++++ .../index.html | 2692 +++++++ .../third_party-nextcloud/index.html | 2729 +++++++ .../third_party-portainer/index.html | 2644 +++++++ .../third_party-roundcube/index.html | 2832 +++++++ .../debug-admin_login_sogo/index.html | 2653 +++++++ .../debug-attach_service/index.html | 2779 +++++++ .../debug-common_problems/index.html | 2752 +++++++ 2.5/de/troubleshooting/debug-logs/index.html | 2571 +++++++ .../debug-mysql_aria/index.html | 2595 +++++++ .../debug-mysql_upgrade/index.html | 2588 +++++++ .../troubleshooting/debug-reset_pw/index.html | 2793 +++++++ .../debug-reset_tls/index.html | 2542 +++++++ .../debug-rm_volumes/index.html | 2543 +++++++ .../debug-rspamd_memory_leaks/index.html | 2550 +++++++ 2.5/de/troubleshooting/debug/index.html | 2540 +++++++ 2.5/debug-admin_login_sogo/index.html | 15 + 2.5/debug-attach_service/index.html | 15 + 2.5/debug-common_problems/index.html | 15 + 2.5/debug-logs/index.html | 15 + 2.5/debug-mysql_aria/index.html | 15 + 2.5/debug-mysql_upgrade/index.html | 15 + 2.5/debug-reset-tls/index.html | 15 + 2.5/debug-reset_pw/index.html | 15 + 2.5/debug-reset_tls/index.html | 15 + 2.5/debug-rm_volumes/index.html | 15 + 2.5/debug-rspamd_memory_leaks/index.html | 15 + 2.5/debug/index.html | 15 + .../source-code-pro-v21-latin-regular.eot | Bin 0 -> 11260 bytes .../source-code-pro-v21-latin-regular.svg | 326 + .../source-code-pro-v21-latin-regular.ttf | Bin 0 -> 19720 bytes .../source-code-pro-v21-latin-regular.woff | Bin 0 -> 12772 bytes .../source-code-pro-v21-latin-regular.woff2 | Bin 0 -> 9960 bytes .../fonts/source-sans-pro-v21-latin-700.eot | Bin 0 -> 14950 bytes .../fonts/source-sans-pro-v21-latin-700.svg | 337 + .../fonts/source-sans-pro-v21-latin-700.ttf | Bin 0 -> 29848 bytes .../fonts/source-sans-pro-v21-latin-700.woff | Bin 0 -> 16104 bytes .../fonts/source-sans-pro-v21-latin-700.woff2 | Bin 0 -> 12924 bytes .../source-sans-pro-v21-latin-regular.eot | Bin 0 -> 15027 bytes .../source-sans-pro-v21-latin-regular.svg | 337 + .../source-sans-pro-v21-latin-regular.ttf | Bin 0 -> 29856 bytes .../source-sans-pro-v21-latin-regular.woff | Bin 0 -> 16156 bytes .../source-sans-pro-v21-latin-regular.woff2 | Bin 0 -> 13036 bytes .../images/checkmk/long_check_output.png | Bin 0 -> 76878 bytes .../images/checkmk/no_updates_available.png | Bin 0 -> 3256 bytes .../images/checkmk/updates_available.png | Bin 0 -> 4034 bytes 2.5/en/assets/images/favicon.png | Bin 0 -> 10281 bytes 2.5/en/assets/images/i_u_m/nightly_footer.png | Bin 0 -> 6291 bytes 2.5/en/assets/images/logo.svg | 179 + .../images/manual-guides/mailcow-bl_wl.png | Bin 0 -> 56090 bytes .../mailcow-domain_email_tags.png | Bin 0 -> 58292 bytes .../mailcow-domain_tags_ribbon.png | Bin 0 -> 24809 bytes .../manual-guides/mailcow-netfilter_regex.png | Bin 0 -> 73545 bytes .../mailcow-netfilter_settings.png | Bin 0 -> 52622 bytes .../manual-guides/mailcow-spamalias.png | Bin 0 -> 24577 bytes .../manual-guides/mailcow-spamfilter.png | Bin 0 -> 78804 bytes .../images/manual-guides/mailcow-tagging.png | Bin 0 -> 55546 bytes .../troubleshooting/mailcow-backupmx.png | Bin 0 -> 6740 bytes 2.5/en/assets/javascripts/client.js | 112 + 2.5/en/assets/stylesheets/extra.css | 67 + .../b_n_r-accidental_deletion/index.html | 2616 +++++++ 2.5/en/backup_restore/b_n_r-backup/index.html | 2773 +++++++ .../b_n_r-backup_restore-maildir/index.html | 2606 +++++++ .../b_n_r-backup_restore-mysql/index.html | 2610 +++++++ .../b_n_r-coldstandby/index.html | 2677 +++++++ .../backup_restore/b_n_r-restore/index.html | 2588 +++++++ 2.5/en/client/client-android/index.html | 2537 +++++++ 2.5/en/client/client-apple/index.html | 2645 +++++++ 2.5/en/client/client-emclient/index.html | 2539 +++++++ 2.5/en/client/client-kontact/index.html | 2547 +++++++ 2.5/en/client/client-manual/index.html | 2651 +++++++ 2.5/en/client/client-outlook/index.html | 2677 +++++++ 2.5/en/client/client-thunderbird/index.html | 2556 +++++++ 2.5/en/client/client-windows/index.html | 2540 +++++++ 2.5/en/client/client/index.html | 2554 +++++++ 2.5/en/i_u_m/i_u_m_deinstall/index.html | 2552 +++++++ 2.5/en/i_u_m/i_u_m_install/index.html | 2894 +++++++ 2.5/en/i_u_m/i_u_m_migration/index.html | 2598 +++++++ 2.5/en/i_u_m/i_u_m_update/index.html | 2848 +++++++ 2.5/en/index.html | 2753 +++++++ .../u_e-clamav-additional_dbs/index.html | 2723 +++++++ .../ClamAV/u_e-clamav-whitelist/index.html | 2631 +++++++ .../u_e-docker-cust_dockerfiles/index.html | 2557 +++++++ .../Dovecot/u_e-dovecot-any_acl/index.html | 2549 +++++++ .../u_e-dovecot-catchall_vacation/index.html | 2534 +++++++ .../Dovecot/u_e-dovecot-expunge/index.html | 2753 +++++++ .../Dovecot/u_e-dovecot-extra_conf/index.html | 2546 +++++++ .../Dovecot/u_e-dovecot-fts/index.html | 2671 +++++++ .../u_e-dovecot-idle_interval/index.html | 2685 +++++++ .../Dovecot/u_e-dovecot-mail-crypt/index.html | 2575 +++++++ .../Dovecot/u_e-dovecot-more/index.html | 2629 +++++++ .../u_e-dovecot-public_folder/index.html | 2618 +++++++ .../u_e-dovecot-static_master/index.html | 2556 +++++++ .../u_e-dovecot-vmail-volume/index.html | 2669 +++++++ .../Nginx/u_e-nginx_custom/index.html | 2727 +++++++ .../Nginx/u_e-nginx_webmail-site/index.html | 2586 +++++++ .../u_e-postfix-attachment_size/index.html | 2546 +++++++ .../u_e-postfix-custom_transport/index.html | 2535 +++++++ .../index.html | 2620 +++++++ .../Postfix/u_e-postfix-extra_cf/index.html | 2548 +++++++ .../Postfix/u_e-postfix-pflogsumm/index.html | 2543 +++++++ .../index.html | 2544 +++++++ .../Postfix/u_e-postfix-relayhost/index.html | 2643 +++++++ .../u_e-postfix-trust_networks/index.html | 2646 +++++++ .../manual-guides/Redis/u_e-redis/index.html | 2710 +++++++ .../Rspamd/u_e-rspamd/index.html | 3037 ++++++++ 2.5/en/manual-guides/SOGo/u_e-sogo/index.html | 2754 +++++++ .../Unbound/u_e-unbound-fwd/index.html | 2641 +++++++ .../u_e-watchdog-thresholds/index.html | 2889 +++++++ .../u_e-mailcow_ui-bl_wl/index.html | 2540 +++++++ .../u_e-mailcow_ui-config/index.html | 2556 +++++++ .../mailcow-UI/u_e-mailcow_ui-css/index.html | 2534 +++++++ .../mailcow-UI/u_e-mailcow_ui-fido/index.html | 2619 +++++++ .../u_e-mailcow_ui-netfilter/index.html | 2616 +++++++ .../u_e-mailcow_ui-pushover/index.html | 2544 +++++++ .../u_e-mailcow_ui-spamalias/index.html | 2535 +++++++ .../u_e-mailcow_ui-spamfilter/index.html | 2539 +++++++ .../u_e-mailcow_ui-sub_addressing/index.html | 2602 +++++++ .../mailcow-UI/u_e-mailcow_ui-tags/index.html | 2642 +++++++ .../mailcow-UI/u_e-mailcow_ui-tfa/index.html | 2817 +++++++ 2.5/en/manual-guides/u_e-80_to_443/index.html | 2555 +++++++ .../u_e-autodiscover_config/index.html | 2576 +++++++ .../u_e-reeanble-weak-protocols/index.html | 2544 +++++++ .../manual-guides/u_e-update-hooks/index.html | 2538 +++++++ .../manual-guides/u_e-why_unbound/index.html | 2535 +++++++ 2.5/en/models/model-acl/index.html | 2549 +++++++ 2.5/en/models/model-passwd/index.html | 2649 +++++++ 2.5/en/models/model-sender_rcv/index.html | 2611 +++++++ .../firststeps-disable_ipv6/index.html | 2620 +++++++ .../firststeps-dmarc_reporting/index.html | 2861 +++++++ .../firststeps-ip_bindings/index.html | 2682 +++++++ .../firststeps-local_mta/index.html | 2545 +++++++ .../firststeps-logging/index.html | 2800 +++++++ .../firststeps-rp/index.html | 2954 ++++++++ .../firststeps-rspamd_ui/index.html | 2538 +++++++ .../firststeps-snat/index.html | 2542 +++++++ .../firststeps-ssl/index.html | 2867 +++++++ .../firststeps-sync_jobs_migration/index.html | 2612 +++++++ .../prerequisite/prerequisite-dns/index.html | 2823 +++++++ .../prerequisite-system/index.html | 2976 ++++++++ .../third_party-borgmatic/index.html | 3045 ++++++++ .../checkmk/u_e-checkmk/index.html | 2669 +++++++ .../third_party-exchange_onprem/index.html | 2688 +++++++ .../gitea/third_party-gitea/index.html | 2568 +++++++ .../gogs/third_party-gogs/index.html | 2567 +++++++ .../mailman3/third_party-mailman3/index.html | 3170 ++++++++ .../index.html | 2692 +++++++ .../third_party-nextcloud/index.html | 2727 +++++++ .../third_party-portainer/index.html | 2644 +++++++ .../third_party-roundcube/index.html | 2833 +++++++ .../debug-admin_login_sogo/index.html | 2654 +++++++ .../debug-attach_service/index.html | 2779 +++++++ .../debug-common_problems/index.html | 2752 +++++++ 2.5/en/troubleshooting/debug-logs/index.html | 2546 +++++++ .../debug-mysql_aria/index.html | 2595 +++++++ .../debug-mysql_upgrade/index.html | 2588 +++++++ .../troubleshooting/debug-reset_pw/index.html | 2793 +++++++ .../debug-reset_tls/index.html | 2542 +++++++ .../debug-rm_volumes/index.html | 2543 +++++++ .../debug-rspamd_memory_leaks/index.html | 2550 +++++++ 2.5/en/troubleshooting/debug/index.html | 2540 +++++++ 2.5/firststeps-disable_ipv6/index.html | 15 + 2.5/firststeps-dmarc_reporting/index.html | 15 + 2.5/firststeps-ip_bindings/index.html | 15 + 2.5/firststeps-local_mta/index.html | 15 + 2.5/firststeps-logging/index.html | 15 + 2.5/firststeps-rp/index.html | 15 + 2.5/firststeps-rspamd_ui/index.html | 15 + 2.5/firststeps-snat/index.html | 15 + 2.5/firststeps-ssl/index.html | 15 + 2.5/firststeps-sync_jobs_migration/index.html | 15 + 2.5/i_u_m/i_u_m_deinstall/index.html | 2552 +++++++ 2.5/i_u_m/i_u_m_install/index.html | 2894 +++++++ 2.5/i_u_m/i_u_m_migration/index.html | 2598 +++++++ 2.5/i_u_m/i_u_m_update/index.html | 2848 +++++++ 2.5/i_u_m_deinstall/index.html | 15 + 2.5/i_u_m_install/index.html | 15 + 2.5/i_u_m_migration/index.html | 15 + 2.5/i_u_m_update/index.html | 15 + 2.5/index.html | 2753 +++++++ .../u_e-clamav-additional_dbs/index.html | 2723 +++++++ .../ClamAV/u_e-clamav-whitelist/index.html | 2631 +++++++ .../u_e-docker-cust_dockerfiles/index.html | 2557 +++++++ .../Dovecot/u_e-dovecot-any_acl/index.html | 2549 +++++++ .../u_e-dovecot-catchall_vacation/index.html | 2534 +++++++ .../Dovecot/u_e-dovecot-expunge/index.html | 2753 +++++++ .../Dovecot/u_e-dovecot-extra_conf/index.html | 2546 +++++++ .../Dovecot/u_e-dovecot-fts/index.html | 2671 +++++++ .../u_e-dovecot-idle_interval/index.html | 2685 +++++++ .../Dovecot/u_e-dovecot-mail-crypt/index.html | 2575 +++++++ .../Dovecot/u_e-dovecot-more/index.html | 2629 +++++++ .../u_e-dovecot-public_folder/index.html | 2618 +++++++ .../u_e-dovecot-static_master/index.html | 2556 +++++++ .../u_e-dovecot-vmail-volume/index.html | 2669 +++++++ .../Nginx/u_e-nginx_custom/index.html | 2727 +++++++ .../Nginx/u_e-nginx_webmail-site/index.html | 2586 +++++++ .../u_e-postfix-attachment_size/index.html | 2546 +++++++ .../u_e-postfix-custom_transport/index.html | 2535 +++++++ .../index.html | 2620 +++++++ .../Postfix/u_e-postfix-extra_cf/index.html | 2548 +++++++ .../Postfix/u_e-postfix-pflogsumm/index.html | 2543 +++++++ .../index.html | 2544 +++++++ .../Postfix/u_e-postfix-relayhost/index.html | 2643 +++++++ .../u_e-postfix-trust_networks/index.html | 2646 +++++++ 2.5/manual-guides/Redis/u_e-redis/index.html | 2710 +++++++ .../Rspamd/u_e-rspamd/index.html | 3037 ++++++++ 2.5/manual-guides/SOGo/u_e-sogo/index.html | 2754 +++++++ .../Unbound/u_e-unbound-fwd/index.html | 2641 +++++++ .../u_e-watchdog-thresholds/index.html | 2889 +++++++ .../u_e-mailcow_ui-bl_wl/index.html | 2540 +++++++ .../u_e-mailcow_ui-config/index.html | 2556 +++++++ .../mailcow-UI/u_e-mailcow_ui-css/index.html | 2534 +++++++ .../mailcow-UI/u_e-mailcow_ui-fido/index.html | 2619 +++++++ .../u_e-mailcow_ui-netfilter/index.html | 2616 +++++++ .../u_e-mailcow_ui-pushover/index.html | 2544 +++++++ .../u_e-mailcow_ui-spamalias/index.html | 2535 +++++++ .../u_e-mailcow_ui-spamfilter/index.html | 2539 +++++++ .../u_e-mailcow_ui-sub_addressing/index.html | 2602 +++++++ .../mailcow-UI/u_e-mailcow_ui-tags/index.html | 2642 +++++++ .../mailcow-UI/u_e-mailcow_ui-tfa/index.html | 2817 +++++++ 2.5/manual-guides/u_e-80_to_443/index.html | 2555 +++++++ .../u_e-autodiscover_config/index.html | 2576 +++++++ .../u_e-reeanble-weak-protocols/index.html | 2544 +++++++ 2.5/manual-guides/u_e-update-hooks/index.html | 2538 +++++++ 2.5/manual-guides/u_e-why_unbound/index.html | 2535 +++++++ 2.5/model-acl/index.html | 15 + 2.5/model-passwd/index.html | 15 + 2.5/model-sender_rcv/index.html | 15 + 2.5/models/model-acl/index.html | 2549 +++++++ 2.5/models/model-passwd/index.html | 2649 +++++++ 2.5/models/model-sender_rcv/index.html | 2611 +++++++ .../firststeps-disable_ipv6/index.html | 2620 +++++++ .../firststeps-dmarc_reporting/index.html | 2861 +++++++ .../firststeps-ip_bindings/index.html | 2682 +++++++ .../firststeps-local_mta/index.html | 2545 +++++++ .../firststeps-logging/index.html | 2800 +++++++ .../firststeps-rp/index.html | 2954 ++++++++ .../firststeps-rspamd_ui/index.html | 2538 +++++++ .../firststeps-snat/index.html | 2542 +++++++ .../firststeps-ssl/index.html | 2867 +++++++ .../firststeps-sync_jobs_migration/index.html | 2612 +++++++ 2.5/prerequisite-dns/index.html | 15 + 2.5/prerequisite-system/index.html | 15 + 2.5/prerequisite/prerequisite-dns/index.html | 2823 +++++++ .../prerequisite-system/index.html | 2976 ++++++++ 2.5/search/search_index.json | 1 + 2.5/sitemap.xml | 811 ++ 2.5/sitemap.xml.gz | Bin 0 -> 2207 bytes 2.5/third_party-borgmatic/index.html | 15 + 2.5/third_party-exchange_onprem/index.html | 15 + 2.5/third_party-gitea/index.html | 15 + 2.5/third_party-gogs/index.html | 15 + 2.5/third_party-mailman3/index.html | 15 + .../index.html | 15 + 2.5/third_party-nextcloud/index.html | 15 + 2.5/third_party-portainer/index.html | 15 + 2.5/third_party-roundcube/index.html | 15 + .../third_party-borgmatic/index.html | 3045 ++++++++ .../checkmk/u_e-checkmk/index.html | 2669 +++++++ .../third_party-exchange_onprem/index.html | 2688 +++++++ .../gitea/third_party-gitea/index.html | 2568 +++++++ .../gogs/third_party-gogs/index.html | 2567 +++++++ .../mailman3/third_party-mailman3/index.html | 3170 ++++++++ .../index.html | 2692 +++++++ .../third_party-nextcloud/index.html | 2727 +++++++ .../third_party-portainer/index.html | 2644 +++++++ .../third_party-roundcube/index.html | 2833 +++++++ .../debug-admin_login_sogo/index.html | 2654 +++++++ .../debug-attach_service/index.html | 2779 +++++++ .../debug-common_problems/index.html | 2752 +++++++ 2.5/troubleshooting/debug-logs/index.html | 2546 +++++++ .../debug-mysql_aria/index.html | 2595 +++++++ .../debug-mysql_upgrade/index.html | 2588 +++++++ 2.5/troubleshooting/debug-reset_pw/index.html | 2793 +++++++ .../debug-reset_tls/index.html | 2542 +++++++ .../debug-rm_volumes/index.html | 2543 +++++++ .../debug-rspamd_memory_leaks/index.html | 2550 +++++++ 2.5/troubleshooting/debug/index.html | 2540 +++++++ 2.5/u_e-80_to_443/index.html | 15 + 2.5/u_e-autodiscover_config/index.html | 15 + 2.5/u_e-docker-cust_dockerfiles/index.html | 15 + 2.5/u_e-dovecot-any_acl/index.html | 15 + 2.5/u_e-dovecot-catchall_vacation/index.html | 15 + 2.5/u_e-dovecot-expunge/index.html | 15 + 2.5/u_e-dovecot-extra_conf/index.html | 15 + 2.5/u_e-dovecot-fts/index.html | 15 + 2.5/u_e-dovecot-idle_interval/index.html | 15 + 2.5/u_e-dovecot-mail-crypt/index.html | 15 + 2.5/u_e-dovecot-more/index.html | 15 + 2.5/u_e-dovecot-public_folder/index.html | 15 + 2.5/u_e-dovecot-static_master/index.html | 15 + 2.5/u_e-dovecot-vmail-volume/index.html | 15 + 2.5/u_e-mailcow_ui-bl_wl/index.html | 15 + 2.5/u_e-mailcow_ui-config/index.html | 15 + 2.5/u_e-mailcow_ui-css/index.html | 15 + 2.5/u_e-mailcow_ui-fido/index.html | 15 + 2.5/u_e-mailcow_ui-netfilter/index.html | 15 + 2.5/u_e-mailcow_ui-pushover/index.html | 15 + 2.5/u_e-mailcow_ui-spamalias/index.html | 15 + 2.5/u_e-mailcow_ui-spamfilter/index.html | 15 + 2.5/u_e-mailcow_ui-sub_addressing/index.html | 15 + 2.5/u_e-mailcow_ui-tags/index.html | 15 + 2.5/u_e-mailcow_ui-tfa/index.html | 15 + 2.5/u_e-mailpiler-integration/index.html | 15 + 2.5/u_e-nginx_custom/index.html | 15 + 2.5/u_e-nginx_webmail-site/index.html | 15 + 2.5/u_e-postfix-attachment_size/index.html | 15 + 2.5/u_e-postfix-custom_transport/index.html | 15 + .../index.html | 15 + 2.5/u_e-postfix-extra_cf/index.html | 15 + 2.5/u_e-postfix-pflogsumm/index.html | 15 + .../index.html | 15 + 2.5/u_e-postfix-relayhost/index.html | 15 + 2.5/u_e-postfix-trust_networks/index.html | 15 + 2.5/u_e-redis/index.html | 15 + 2.5/u_e-reeanble-weak-protocols/index.html | 15 + 2.5/u_e-rspamd/index.html | 15 + 2.5/u_e-sogo/index.html | 15 + 2.5/u_e-unbound-fwd/index.html | 15 + 2.5/u_e-update-hooks/index.html | 15 + 2.5/u_e-watchdog-thresholds/index.html | 15 + 2.5/u_e-webmail-site/index.html | 15 + 2.5/u_e-why_unbound/index.html | 15 + versions.json | 1 + 542 files changed, 819614 insertions(+) create mode 100644 2.5/404.html create mode 100644 2.5/assets/fonts/source-code-pro-v21-latin-regular.eot create mode 100644 2.5/assets/fonts/source-code-pro-v21-latin-regular.svg create mode 100644 2.5/assets/fonts/source-code-pro-v21-latin-regular.ttf create mode 100644 2.5/assets/fonts/source-code-pro-v21-latin-regular.woff create mode 100644 2.5/assets/fonts/source-code-pro-v21-latin-regular.woff2 create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-700.eot create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-700.svg create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-700.ttf create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-700.woff create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-700.woff2 create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-regular.eot create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-regular.svg create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-regular.ttf create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-regular.woff create mode 100644 2.5/assets/fonts/source-sans-pro-v21-latin-regular.woff2 create mode 100644 2.5/assets/images/checkmk/long_check_output.png create mode 100644 2.5/assets/images/checkmk/no_updates_available.png create mode 100644 2.5/assets/images/checkmk/updates_available.png create mode 100644 2.5/assets/images/favicon.png create mode 100644 2.5/assets/images/i_u_m/nightly_footer.png create mode 100644 2.5/assets/images/logo.svg create mode 100644 2.5/assets/images/manual-guides/mailcow-bl_wl.png create mode 100644 2.5/assets/images/manual-guides/mailcow-domain_email_tags.png create mode 100644 2.5/assets/images/manual-guides/mailcow-domain_tags_ribbon.png create mode 100644 2.5/assets/images/manual-guides/mailcow-netfilter_regex.png create mode 100644 2.5/assets/images/manual-guides/mailcow-netfilter_settings.png create mode 100644 2.5/assets/images/manual-guides/mailcow-spamalias.png create mode 100644 2.5/assets/images/manual-guides/mailcow-spamfilter.png create mode 100644 2.5/assets/images/manual-guides/mailcow-tagging.png create mode 100644 2.5/assets/images/troubleshooting/mailcow-backupmx.png create mode 100644 2.5/assets/javascripts/bundle.d6c3db9e.min.js create mode 100644 2.5/assets/javascripts/bundle.d6c3db9e.min.js.map create mode 100644 2.5/assets/javascripts/client.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ar.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.da.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.de.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.du.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.es.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.fi.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.fr.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.hi.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.hu.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.it.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ja.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.jp.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ko.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.multi.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.nl.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.no.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.pt.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ro.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ru.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.stemmer.support.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.sv.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.ta.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.th.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.tr.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.vi.min.js create mode 100644 2.5/assets/javascripts/lunr/min/lunr.zh.min.js create mode 100644 2.5/assets/javascripts/lunr/tinyseg.js create mode 100644 2.5/assets/javascripts/lunr/wordcut.js create mode 100644 2.5/assets/javascripts/workers/search.16e2a7d4.min.js create mode 100644 2.5/assets/javascripts/workers/search.16e2a7d4.min.js.map create mode 100644 2.5/assets/stylesheets/extra.css create mode 100644 2.5/assets/stylesheets/main.472b142f.min.css create mode 100644 2.5/assets/stylesheets/main.472b142f.min.css.map create mode 100644 2.5/assets/stylesheets/palette.08040f6c.min.css create mode 100644 2.5/assets/stylesheets/palette.08040f6c.min.css.map create mode 100644 2.5/b_n_r-accidental_deletion/index.html create mode 100644 2.5/b_n_r-backup/index.html create mode 100644 2.5/b_n_r-backup_restore-maildir/index.html create mode 100644 2.5/b_n_r-backup_restore-mysql/index.html create mode 100644 2.5/b_n_r-coldstandby/index.html create mode 100644 2.5/b_n_r-restore/index.html create mode 100644 2.5/b_n_r_accidental_deletion/index.html create mode 100644 2.5/b_n_r_backup/index.html create mode 100644 2.5/backup_restore/b_n_r-accidental_deletion/index.html create mode 100644 2.5/backup_restore/b_n_r-backup/index.html create mode 100644 2.5/backup_restore/b_n_r-backup_restore-maildir/index.html create mode 100644 2.5/backup_restore/b_n_r-backup_restore-mysql/index.html create mode 100644 2.5/backup_restore/b_n_r-coldstandby/index.html create mode 100644 2.5/backup_restore/b_n_r-restore/index.html create mode 100644 2.5/client-android/index.html create mode 100644 2.5/client-apple/index.html create mode 100644 2.5/client-emclient/index.html create mode 100644 2.5/client-kontact/index.html create mode 100644 2.5/client-manual/index.html create mode 100644 2.5/client-outlook/index.html create mode 100644 2.5/client-thunderbird/index.html create mode 100644 2.5/client-windows/index.html create mode 100644 2.5/client/client-android/index.html create mode 100644 2.5/client/client-apple/index.html create mode 100644 2.5/client/client-emclient/index.html create mode 100644 2.5/client/client-kontact/index.html create mode 100644 2.5/client/client-manual/index.html create mode 100644 2.5/client/client-outlook/index.html create mode 100644 2.5/client/client-thunderbird/index.html create mode 100644 2.5/client/client-windows/index.html create mode 100644 2.5/client/client/index.html create mode 100644 2.5/client/index.html create mode 100644 2.5/de/assets/fonts/source-code-pro-v21-latin-regular.eot create mode 100644 2.5/de/assets/fonts/source-code-pro-v21-latin-regular.svg create mode 100644 2.5/de/assets/fonts/source-code-pro-v21-latin-regular.ttf create mode 100644 2.5/de/assets/fonts/source-code-pro-v21-latin-regular.woff create mode 100644 2.5/de/assets/fonts/source-code-pro-v21-latin-regular.woff2 create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-700.eot create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-700.svg create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-700.ttf create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-700.woff create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-700.woff2 create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.eot create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.svg create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.ttf create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.woff create mode 100644 2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.woff2 create mode 100644 2.5/de/assets/images/checkmk/long_check_output.png create mode 100644 2.5/de/assets/images/checkmk/no_updates_available.png create mode 100644 2.5/de/assets/images/checkmk/updates_available.png create mode 100644 2.5/de/assets/images/favicon.png create mode 100644 2.5/de/assets/images/i_u_m/nightly_footer.png create mode 100644 2.5/de/assets/images/logo.svg create mode 100644 2.5/de/assets/images/manual-guides/mailcow-bl_wl.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-domain_email_tags.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-domain_tags_ribbon.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-netfilter_regex.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-netfilter_settings.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-spamalias.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-spamfilter.png create mode 100644 2.5/de/assets/images/manual-guides/mailcow-tagging.png create mode 100644 2.5/de/assets/images/troubleshooting/mailcow-backupmx.png create mode 100644 2.5/de/assets/javascripts/client.js create mode 100644 2.5/de/assets/stylesheets/extra.css create mode 100644 2.5/de/backup_restore/b_n_r-accidental_deletion/index.html create mode 100644 2.5/de/backup_restore/b_n_r-backup/index.html create mode 100644 2.5/de/backup_restore/b_n_r-backup_restore-maildir/index.html create mode 100644 2.5/de/backup_restore/b_n_r-backup_restore-mysql/index.html create mode 100644 2.5/de/backup_restore/b_n_r-coldstandby/index.html create mode 100644 2.5/de/backup_restore/b_n_r-restore/index.html create mode 100644 2.5/de/client/client-android/index.html create mode 100644 2.5/de/client/client-apple/index.html create mode 100644 2.5/de/client/client-emclient/index.html create mode 100644 2.5/de/client/client-kontact/index.html create mode 100644 2.5/de/client/client-manual/index.html create mode 100644 2.5/de/client/client-outlook/index.html create mode 100644 2.5/de/client/client-thunderbird/index.html create mode 100644 2.5/de/client/client-windows/index.html create mode 100644 2.5/de/client/client/index.html create mode 100644 2.5/de/i_u_m/i_u_m_deinstall/index.html create mode 100644 2.5/de/i_u_m/i_u_m_install/index.html create mode 100644 2.5/de/i_u_m/i_u_m_migration/index.html create mode 100644 2.5/de/i_u_m/i_u_m_update/index.html create mode 100644 2.5/de/index.html create mode 100644 2.5/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html create mode 100644 2.5/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html create mode 100644 2.5/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-more/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html create mode 100644 2.5/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html create mode 100644 2.5/de/manual-guides/Nginx/u_e-nginx_custom/index.html create mode 100644 2.5/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html create mode 100644 2.5/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html create mode 100644 2.5/de/manual-guides/Redis/u_e-redis/index.html create mode 100644 2.5/de/manual-guides/Rspamd/u_e-rspamd/index.html create mode 100644 2.5/de/manual-guides/SOGo/u_e-sogo/index.html create mode 100644 2.5/de/manual-guides/Unbound/u_e-unbound-fwd/index.html create mode 100644 2.5/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html create mode 100644 2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html create mode 100644 2.5/de/manual-guides/u_e-80_to_443/index.html create mode 100644 2.5/de/manual-guides/u_e-autodiscover_config/index.html create mode 100644 2.5/de/manual-guides/u_e-reeanble-weak-protocols/index.html create mode 100644 2.5/de/manual-guides/u_e-update-hooks/index.html create mode 100644 2.5/de/manual-guides/u_e-why_unbound/index.html create mode 100644 2.5/de/models/model-acl/index.html create mode 100644 2.5/de/models/model-passwd/index.html create mode 100644 2.5/de/models/model-sender_rcv/index.html create mode 100644 2.5/de/post_installation/firststeps-disable_ipv6/index.html create mode 100644 2.5/de/post_installation/firststeps-dmarc_reporting/index.html create mode 100644 2.5/de/post_installation/firststeps-ip_bindings/index.html create mode 100644 2.5/de/post_installation/firststeps-local_mta/index.html create mode 100644 2.5/de/post_installation/firststeps-logging/index.html create mode 100644 2.5/de/post_installation/firststeps-rp/index.html create mode 100644 2.5/de/post_installation/firststeps-rspamd_ui/index.html create mode 100644 2.5/de/post_installation/firststeps-snat/index.html create mode 100644 2.5/de/post_installation/firststeps-ssl/index.html create mode 100644 2.5/de/post_installation/firststeps-sync_jobs_migration/index.html create mode 100644 2.5/de/prerequisite/prerequisite-dns/index.html create mode 100644 2.5/de/prerequisite/prerequisite-system/index.html create mode 100644 2.5/de/third_party/borgmatic/third_party-borgmatic/index.html create mode 100644 2.5/de/third_party/checkmk/u_e-checkmk/index.html create mode 100644 2.5/de/third_party/exchange_onprem/third_party-exchange_onprem/index.html create mode 100644 2.5/de/third_party/gitea/third_party-gitea/index.html create mode 100644 2.5/de/third_party/gogs/third_party-gogs/index.html create mode 100644 2.5/de/third_party/mailman3/third_party-mailman3/index.html create mode 100644 2.5/de/third_party/mailpiler/third_party-mailpiler_integration/index.html create mode 100644 2.5/de/third_party/nextcloud/third_party-nextcloud/index.html create mode 100644 2.5/de/third_party/portainer/third_party-portainer/index.html create mode 100644 2.5/de/third_party/roundcube/third_party-roundcube/index.html create mode 100644 2.5/de/troubleshooting/debug-admin_login_sogo/index.html create mode 100644 2.5/de/troubleshooting/debug-attach_service/index.html create mode 100644 2.5/de/troubleshooting/debug-common_problems/index.html create mode 100644 2.5/de/troubleshooting/debug-logs/index.html create mode 100644 2.5/de/troubleshooting/debug-mysql_aria/index.html create mode 100644 2.5/de/troubleshooting/debug-mysql_upgrade/index.html create mode 100644 2.5/de/troubleshooting/debug-reset_pw/index.html create mode 100644 2.5/de/troubleshooting/debug-reset_tls/index.html create mode 100644 2.5/de/troubleshooting/debug-rm_volumes/index.html create mode 100644 2.5/de/troubleshooting/debug-rspamd_memory_leaks/index.html create mode 100644 2.5/de/troubleshooting/debug/index.html create mode 100644 2.5/debug-admin_login_sogo/index.html create mode 100644 2.5/debug-attach_service/index.html create mode 100644 2.5/debug-common_problems/index.html create mode 100644 2.5/debug-logs/index.html create mode 100644 2.5/debug-mysql_aria/index.html create mode 100644 2.5/debug-mysql_upgrade/index.html create mode 100644 2.5/debug-reset-tls/index.html create mode 100644 2.5/debug-reset_pw/index.html create mode 100644 2.5/debug-reset_tls/index.html create mode 100644 2.5/debug-rm_volumes/index.html create mode 100644 2.5/debug-rspamd_memory_leaks/index.html create mode 100644 2.5/debug/index.html create mode 100644 2.5/en/assets/fonts/source-code-pro-v21-latin-regular.eot create mode 100644 2.5/en/assets/fonts/source-code-pro-v21-latin-regular.svg create mode 100644 2.5/en/assets/fonts/source-code-pro-v21-latin-regular.ttf create mode 100644 2.5/en/assets/fonts/source-code-pro-v21-latin-regular.woff create mode 100644 2.5/en/assets/fonts/source-code-pro-v21-latin-regular.woff2 create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-700.eot create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-700.svg create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-700.ttf create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-700.woff create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-700.woff2 create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.eot create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.svg create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.ttf create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.woff create mode 100644 2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.woff2 create mode 100644 2.5/en/assets/images/checkmk/long_check_output.png create mode 100644 2.5/en/assets/images/checkmk/no_updates_available.png create mode 100644 2.5/en/assets/images/checkmk/updates_available.png create mode 100644 2.5/en/assets/images/favicon.png create mode 100644 2.5/en/assets/images/i_u_m/nightly_footer.png create mode 100644 2.5/en/assets/images/logo.svg create mode 100644 2.5/en/assets/images/manual-guides/mailcow-bl_wl.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-domain_email_tags.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-domain_tags_ribbon.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-netfilter_regex.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-netfilter_settings.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-spamalias.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-spamfilter.png create mode 100644 2.5/en/assets/images/manual-guides/mailcow-tagging.png create mode 100644 2.5/en/assets/images/troubleshooting/mailcow-backupmx.png create mode 100644 2.5/en/assets/javascripts/client.js create mode 100644 2.5/en/assets/stylesheets/extra.css create mode 100644 2.5/en/backup_restore/b_n_r-accidental_deletion/index.html create mode 100644 2.5/en/backup_restore/b_n_r-backup/index.html create mode 100644 2.5/en/backup_restore/b_n_r-backup_restore-maildir/index.html create mode 100644 2.5/en/backup_restore/b_n_r-backup_restore-mysql/index.html create mode 100644 2.5/en/backup_restore/b_n_r-coldstandby/index.html create mode 100644 2.5/en/backup_restore/b_n_r-restore/index.html create mode 100644 2.5/en/client/client-android/index.html create mode 100644 2.5/en/client/client-apple/index.html create mode 100644 2.5/en/client/client-emclient/index.html create mode 100644 2.5/en/client/client-kontact/index.html create mode 100644 2.5/en/client/client-manual/index.html create mode 100644 2.5/en/client/client-outlook/index.html create mode 100644 2.5/en/client/client-thunderbird/index.html create mode 100644 2.5/en/client/client-windows/index.html create mode 100644 2.5/en/client/client/index.html create mode 100644 2.5/en/i_u_m/i_u_m_deinstall/index.html create mode 100644 2.5/en/i_u_m/i_u_m_install/index.html create mode 100644 2.5/en/i_u_m/i_u_m_migration/index.html create mode 100644 2.5/en/i_u_m/i_u_m_update/index.html create mode 100644 2.5/en/index.html create mode 100644 2.5/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html create mode 100644 2.5/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html create mode 100644 2.5/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-more/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html create mode 100644 2.5/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html create mode 100644 2.5/en/manual-guides/Nginx/u_e-nginx_custom/index.html create mode 100644 2.5/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html create mode 100644 2.5/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html create mode 100644 2.5/en/manual-guides/Redis/u_e-redis/index.html create mode 100644 2.5/en/manual-guides/Rspamd/u_e-rspamd/index.html create mode 100644 2.5/en/manual-guides/SOGo/u_e-sogo/index.html create mode 100644 2.5/en/manual-guides/Unbound/u_e-unbound-fwd/index.html create mode 100644 2.5/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html create mode 100644 2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html create mode 100644 2.5/en/manual-guides/u_e-80_to_443/index.html create mode 100644 2.5/en/manual-guides/u_e-autodiscover_config/index.html create mode 100644 2.5/en/manual-guides/u_e-reeanble-weak-protocols/index.html create mode 100644 2.5/en/manual-guides/u_e-update-hooks/index.html create mode 100644 2.5/en/manual-guides/u_e-why_unbound/index.html create mode 100644 2.5/en/models/model-acl/index.html create mode 100644 2.5/en/models/model-passwd/index.html create mode 100644 2.5/en/models/model-sender_rcv/index.html create mode 100644 2.5/en/post_installation/firststeps-disable_ipv6/index.html create mode 100644 2.5/en/post_installation/firststeps-dmarc_reporting/index.html create mode 100644 2.5/en/post_installation/firststeps-ip_bindings/index.html create mode 100644 2.5/en/post_installation/firststeps-local_mta/index.html create mode 100644 2.5/en/post_installation/firststeps-logging/index.html create mode 100644 2.5/en/post_installation/firststeps-rp/index.html create mode 100644 2.5/en/post_installation/firststeps-rspamd_ui/index.html create mode 100644 2.5/en/post_installation/firststeps-snat/index.html create mode 100644 2.5/en/post_installation/firststeps-ssl/index.html create mode 100644 2.5/en/post_installation/firststeps-sync_jobs_migration/index.html create mode 100644 2.5/en/prerequisite/prerequisite-dns/index.html create mode 100644 2.5/en/prerequisite/prerequisite-system/index.html create mode 100644 2.5/en/third_party/borgmatic/third_party-borgmatic/index.html create mode 100644 2.5/en/third_party/checkmk/u_e-checkmk/index.html create mode 100644 2.5/en/third_party/exchange_onprem/third_party-exchange_onprem/index.html create mode 100644 2.5/en/third_party/gitea/third_party-gitea/index.html create mode 100644 2.5/en/third_party/gogs/third_party-gogs/index.html create mode 100644 2.5/en/third_party/mailman3/third_party-mailman3/index.html create mode 100644 2.5/en/third_party/mailpiler/third_party-mailpiler_integration/index.html create mode 100644 2.5/en/third_party/nextcloud/third_party-nextcloud/index.html create mode 100644 2.5/en/third_party/portainer/third_party-portainer/index.html create mode 100644 2.5/en/third_party/roundcube/third_party-roundcube/index.html create mode 100644 2.5/en/troubleshooting/debug-admin_login_sogo/index.html create mode 100644 2.5/en/troubleshooting/debug-attach_service/index.html create mode 100644 2.5/en/troubleshooting/debug-common_problems/index.html create mode 100644 2.5/en/troubleshooting/debug-logs/index.html create mode 100644 2.5/en/troubleshooting/debug-mysql_aria/index.html create mode 100644 2.5/en/troubleshooting/debug-mysql_upgrade/index.html create mode 100644 2.5/en/troubleshooting/debug-reset_pw/index.html create mode 100644 2.5/en/troubleshooting/debug-reset_tls/index.html create mode 100644 2.5/en/troubleshooting/debug-rm_volumes/index.html create mode 100644 2.5/en/troubleshooting/debug-rspamd_memory_leaks/index.html create mode 100644 2.5/en/troubleshooting/debug/index.html create mode 100644 2.5/firststeps-disable_ipv6/index.html create mode 100644 2.5/firststeps-dmarc_reporting/index.html create mode 100644 2.5/firststeps-ip_bindings/index.html create mode 100644 2.5/firststeps-local_mta/index.html create mode 100644 2.5/firststeps-logging/index.html create mode 100644 2.5/firststeps-rp/index.html create mode 100644 2.5/firststeps-rspamd_ui/index.html create mode 100644 2.5/firststeps-snat/index.html create mode 100644 2.5/firststeps-ssl/index.html create mode 100644 2.5/firststeps-sync_jobs_migration/index.html create mode 100644 2.5/i_u_m/i_u_m_deinstall/index.html create mode 100644 2.5/i_u_m/i_u_m_install/index.html create mode 100644 2.5/i_u_m/i_u_m_migration/index.html create mode 100644 2.5/i_u_m/i_u_m_update/index.html create mode 100644 2.5/i_u_m_deinstall/index.html create mode 100644 2.5/i_u_m_install/index.html create mode 100644 2.5/i_u_m_migration/index.html create mode 100644 2.5/i_u_m_update/index.html create mode 100644 2.5/index.html create mode 100644 2.5/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html create mode 100644 2.5/manual-guides/ClamAV/u_e-clamav-whitelist/index.html create mode 100644 2.5/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-expunge/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-fts/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-more/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-static_master/index.html create mode 100644 2.5/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html create mode 100644 2.5/manual-guides/Nginx/u_e-nginx_custom/index.html create mode 100644 2.5/manual-guides/Nginx/u_e-nginx_webmail-site/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-attachment_size/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-custom_transport/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-extra_cf/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-relayhost/index.html create mode 100644 2.5/manual-guides/Postfix/u_e-postfix-trust_networks/index.html create mode 100644 2.5/manual-guides/Redis/u_e-redis/index.html create mode 100644 2.5/manual-guides/Rspamd/u_e-rspamd/index.html create mode 100644 2.5/manual-guides/SOGo/u_e-sogo/index.html create mode 100644 2.5/manual-guides/Unbound/u_e-unbound-fwd/index.html create mode 100644 2.5/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html create mode 100644 2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html create mode 100644 2.5/manual-guides/u_e-80_to_443/index.html create mode 100644 2.5/manual-guides/u_e-autodiscover_config/index.html create mode 100644 2.5/manual-guides/u_e-reeanble-weak-protocols/index.html create mode 100644 2.5/manual-guides/u_e-update-hooks/index.html create mode 100644 2.5/manual-guides/u_e-why_unbound/index.html create mode 100644 2.5/model-acl/index.html create mode 100644 2.5/model-passwd/index.html create mode 100644 2.5/model-sender_rcv/index.html create mode 100644 2.5/models/model-acl/index.html create mode 100644 2.5/models/model-passwd/index.html create mode 100644 2.5/models/model-sender_rcv/index.html create mode 100644 2.5/post_installation/firststeps-disable_ipv6/index.html create mode 100644 2.5/post_installation/firststeps-dmarc_reporting/index.html create mode 100644 2.5/post_installation/firststeps-ip_bindings/index.html create mode 100644 2.5/post_installation/firststeps-local_mta/index.html create mode 100644 2.5/post_installation/firststeps-logging/index.html create mode 100644 2.5/post_installation/firststeps-rp/index.html create mode 100644 2.5/post_installation/firststeps-rspamd_ui/index.html create mode 100644 2.5/post_installation/firststeps-snat/index.html create mode 100644 2.5/post_installation/firststeps-ssl/index.html create mode 100644 2.5/post_installation/firststeps-sync_jobs_migration/index.html create mode 100644 2.5/prerequisite-dns/index.html create mode 100644 2.5/prerequisite-system/index.html create mode 100644 2.5/prerequisite/prerequisite-dns/index.html create mode 100644 2.5/prerequisite/prerequisite-system/index.html create mode 100644 2.5/search/search_index.json create mode 100644 2.5/sitemap.xml create mode 100644 2.5/sitemap.xml.gz create mode 100644 2.5/third_party-borgmatic/index.html create mode 100644 2.5/third_party-exchange_onprem/index.html create mode 100644 2.5/third_party-gitea/index.html create mode 100644 2.5/third_party-gogs/index.html create mode 100644 2.5/third_party-mailman3/index.html create mode 100644 2.5/third_party-mailpiler_integration/index.html create mode 100644 2.5/third_party-nextcloud/index.html create mode 100644 2.5/third_party-portainer/index.html create mode 100644 2.5/third_party-roundcube/index.html create mode 100644 2.5/third_party/borgmatic/third_party-borgmatic/index.html create mode 100644 2.5/third_party/checkmk/u_e-checkmk/index.html create mode 100644 2.5/third_party/exchange_onprem/third_party-exchange_onprem/index.html create mode 100644 2.5/third_party/gitea/third_party-gitea/index.html create mode 100644 2.5/third_party/gogs/third_party-gogs/index.html create mode 100644 2.5/third_party/mailman3/third_party-mailman3/index.html create mode 100644 2.5/third_party/mailpiler/third_party-mailpiler_integration/index.html create mode 100644 2.5/third_party/nextcloud/third_party-nextcloud/index.html create mode 100644 2.5/third_party/portainer/third_party-portainer/index.html create mode 100644 2.5/third_party/roundcube/third_party-roundcube/index.html create mode 100644 2.5/troubleshooting/debug-admin_login_sogo/index.html create mode 100644 2.5/troubleshooting/debug-attach_service/index.html create mode 100644 2.5/troubleshooting/debug-common_problems/index.html create mode 100644 2.5/troubleshooting/debug-logs/index.html create mode 100644 2.5/troubleshooting/debug-mysql_aria/index.html create mode 100644 2.5/troubleshooting/debug-mysql_upgrade/index.html create mode 100644 2.5/troubleshooting/debug-reset_pw/index.html create mode 100644 2.5/troubleshooting/debug-reset_tls/index.html create mode 100644 2.5/troubleshooting/debug-rm_volumes/index.html create mode 100644 2.5/troubleshooting/debug-rspamd_memory_leaks/index.html create mode 100644 2.5/troubleshooting/debug/index.html create mode 100644 2.5/u_e-80_to_443/index.html create mode 100644 2.5/u_e-autodiscover_config/index.html create mode 100644 2.5/u_e-docker-cust_dockerfiles/index.html create mode 100644 2.5/u_e-dovecot-any_acl/index.html create mode 100644 2.5/u_e-dovecot-catchall_vacation/index.html create mode 100644 2.5/u_e-dovecot-expunge/index.html create mode 100644 2.5/u_e-dovecot-extra_conf/index.html create mode 100644 2.5/u_e-dovecot-fts/index.html create mode 100644 2.5/u_e-dovecot-idle_interval/index.html create mode 100644 2.5/u_e-dovecot-mail-crypt/index.html create mode 100644 2.5/u_e-dovecot-more/index.html create mode 100644 2.5/u_e-dovecot-public_folder/index.html create mode 100644 2.5/u_e-dovecot-static_master/index.html create mode 100644 2.5/u_e-dovecot-vmail-volume/index.html create mode 100644 2.5/u_e-mailcow_ui-bl_wl/index.html create mode 100644 2.5/u_e-mailcow_ui-config/index.html create mode 100644 2.5/u_e-mailcow_ui-css/index.html create mode 100644 2.5/u_e-mailcow_ui-fido/index.html create mode 100644 2.5/u_e-mailcow_ui-netfilter/index.html create mode 100644 2.5/u_e-mailcow_ui-pushover/index.html create mode 100644 2.5/u_e-mailcow_ui-spamalias/index.html create mode 100644 2.5/u_e-mailcow_ui-spamfilter/index.html create mode 100644 2.5/u_e-mailcow_ui-sub_addressing/index.html create mode 100644 2.5/u_e-mailcow_ui-tags/index.html create mode 100644 2.5/u_e-mailcow_ui-tfa/index.html create mode 100644 2.5/u_e-mailpiler-integration/index.html create mode 100644 2.5/u_e-nginx_custom/index.html create mode 100644 2.5/u_e-nginx_webmail-site/index.html create mode 100644 2.5/u_e-postfix-attachment_size/index.html create mode 100644 2.5/u_e-postfix-custom_transport/index.html create mode 100644 2.5/u_e-postfix-disable_sender_verification/index.html create mode 100644 2.5/u_e-postfix-extra_cf/index.html create mode 100644 2.5/u_e-postfix-pflogsumm/index.html create mode 100644 2.5/u_e-postfix-postscreen_whitelist/index.html create mode 100644 2.5/u_e-postfix-relayhost/index.html create mode 100644 2.5/u_e-postfix-trust_networks/index.html create mode 100644 2.5/u_e-redis/index.html create mode 100644 2.5/u_e-reeanble-weak-protocols/index.html create mode 100644 2.5/u_e-rspamd/index.html create mode 100644 2.5/u_e-sogo/index.html create mode 100644 2.5/u_e-unbound-fwd/index.html create mode 100644 2.5/u_e-update-hooks/index.html create mode 100644 2.5/u_e-watchdog-thresholds/index.html create mode 100644 2.5/u_e-webmail-site/index.html create mode 100644 2.5/u_e-why_unbound/index.html create mode 100644 versions.json diff --git a/2.5/404.html b/2.5/404.html new file mode 100644 index 000000000..4beabb9bb --- /dev/null +++ b/2.5/404.html @@ -0,0 +1,2457 @@ + + + + + + + + + + + + + + + + mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+
+ + + +
+ + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ +

404 - Not found

+ +
+
+ + + + +
+ + + +
+ + + +
+
+
+
+ + + + + + + + + + + \ No newline at end of file diff --git a/2.5/assets/fonts/source-code-pro-v21-latin-regular.eot b/2.5/assets/fonts/source-code-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..732a1d88ae47d157d4d7565adb61fdbc917054f8 GIT binary patch literal 11260 zcmbVyWlWtx*X=pDySux)b8s#0?(SCH-QC^YiaQ*jxECu>+@ZJ>S}yOKFE?Lu|J`RY zd#_n*ubs*KdouIR2ms_V000o50}Ak&5h39rp&%h3pn!m6;3ol4RH6NhkpF@I^A!OB zCjWuko)C!tL;bJB1yBb#13Uq40CRvPfD9ndDqjCr zWBF9s0X(0&<7XH9Pyc_atUj~%=OhDge0JdeoIIbA=fAxG0LlNa9h3b(`vm~R)n!!v z*HQczLIU(=01T-BhD-pd6~^pY?Cg(d>{dPT!=2rINur!B9VVt5>m+Aoa43}TtWgUA zu$>5wCiO$g%#P(76N7s@#mZm}UVZsVL920Mc6^>cg9g9icPg;Zjhew*_fh)1tf`N@ zx2I-XuDHQhc{*W7Q8J07#$`OhqU z4PGQa;T#+@h-gqwaZr0XOfHC8fUuQ&A5+$dFQ>kNaF7fYBAxTb1RhugHUxj)3n%NCWTg-I}= z%6M$>>pc%crQe00Lx+)3DJxWjY$Vt6o4nG(Q7KB6jw*G41VAikr)-s)C6%H1_dUTC zOO)gi%oQFr|E$JjAi7G$uAO|VnwFFqL_#E$^pYml3KYuQ_;C7z03y^sjhkCC0X7`# zJ<{?{fY*dmcY5ruKJT0r8p~!nc1;k+#Lyo&hrMbM}wt;)%WEDjcW&Ya|(BA_=fhQt^+P z!@xqIx7iwkOUD3=J2)&RM>8ZUxe9s(HRm5XIZFiN3Y1LvU#EWk1SadXI~uVsN$d)7 zg-pO3o`^w(&Nv5pM@k*aBW^Lz@eNv$tTGzA4`3`}p%ecwD$FrhK(2;3-josM62T%t z67&wbbe{0Bk&UdWB$~OnBS6=`Mst94Lu{kR&ETO8MuC#W1T}|MQ?A8=Acsb))gYDO z0(NndU|gXgGo01SBu)s%DYUTVR&r5@{Hka(kbFZn3{|dV(pcrha^a)qT#C(7YG!3m zmE>}&n+47s9`9#GLN-xuCl^)|J>q11q?ZQLbKw#zGn&hUFHcQ88mx0xM)HTwB;*O! zcGvF`BTh8!QjzVfXpy??r)xaroSEsH1i%^58LJsp?q&!p4XM^7mWP4b5Dt%{JBj19 zjb_YW)x6U15J_tP@VHT5upyl|<+;`s3ruI=M%X%1%2X)5m-?PL>O8@%r{pY_B-jK+ z!iZ=~M|br5zzxaTj9v44#_v(>!TtH$#26nS;LPI|5weK)rlxgY56dTt)vrFyOq(!CPZd@)Jai)u6jT?F&S zwz=EzQ$-sQh&PDw!@H)+9`)c!-|o4Y)F;EGb%FQ@ouvXgY<9+b94}4)iaT+^&l(_S zKqW01Pc(T!i{q*M76U{#DFSXqHB-A#&-lv;%5GnuCf2;z5jd25b0ymCN2%ObGhs1& zY*R85ddbLUGB-ULfC+4;2{AF7j)SjEV}({Eu-(oJJ6OusryUXA{!9gm&^tXG8emx3 zw9bZIpAm7bdyMZ=Dk+J52Rk;}vf&X)GeE5H$drMmBx&)Fs~0o#;f`f~C5vf~Hx?2o zYuZ5hC{0V%0$SkRQv0&%tTJoHp1Rl7>M6t*vRZQh9OFZzA&cFcg@$u&i6voAFMA?* zjE1Ll(1MD*Qe#rcqm3oNm6_NF-uQ}B%0;_ixVyy_8v>NT=#SCbXth-;J2J)BF$Y9p z7_wlF)<}5BFE<}XIcF&%_mnZ1B&s@$blrk@Y3qnDBhYBeAiANXibk{Hc%&I`e+h!G zm_{<_X+BuC2-AJi`uR{5NL|P3b*C*)f5=qw=969N1TPLJVfjzO?ApllAHlGcqQ%?N z^tomp$Pn`Ru?5PphKv3>wnU>NP&N=8X%M!@si8moASHltFg!UpwQRlMM#terZKLgw-XoBTVMEwyY6z zvyu{~QODKs<_9DtOtR;9XBWavr!QILs$H9#aHmIlq(Fh`Hwfr7@Cm>s-l9S11bm%* z*@NIw^@npAkOaQ$kUUzhlA~3SEcG9}3Rp8HVX2?Wb5SvUsTfSZwph?W(uI8~rlUYt z9^KWRgN|(JGZTIht`eSa>{?VHU;IWj7VhZoD))Ng)TXsnkEPr3v*>UkAbX>Ny9O zil|6h=|DHf=b+;s&I9AsAmj=s=Cnf%S>f0i$T_=gH@S0sROsTKolR>Ag5?}_*Ix(* z{_2rON?f&dJsRk2xCXesG~?WGp7% zkzfn+6sv_xY--1omsoe@4tpRHJTb2Gt7t_zvE6uF-yx}?U(T=u=zQs$ocs30Lyd%Tf zj8coyT0BSi!epJ~aQYb-ESNzH5837)lS!p0Z-LV^8C2BoSiw5dtY}32?!}=dN$`DT2X0 zVRnH@hrtUnwjw0CK!oAn+8O%Pgk}xEE?CMgvqFR)bR}fa&iNX%pzB?H{SzPo8?0*X zpSNB4WgR!~$4T5fay0r#j@~0%#n*83e|pyt6DE419C-dey}Wy<>}du4Uu)?80*mtS z6REMOi4k_B(Aj(3GhT|axP;Qhlo8!K5H*C{QxG+579~jTwwuZ6S^I}Xz>S-)a`LA3y7=e>XB@mZ#?wJHvS&I27PdL2~z)a=5bYK(cTs@0Ra);!cM|n5i z@1bpVJRC=%o|A}kdGu8=>?aa=AeB0a;63edOe3(I2hj z`|jm0LFvPOVseP?EM9RK%(HS}B>#QMNMijrtU>w950pHV!o^ax4+FBbZB1TgF}{(>xkTVDFMh6+Vc-T_ndZm4Lb zo{Z`JLgNpombb76T!p79817!LLfJ_^wFfNHm~sv{({w8&0}$89otuG76Bk=&O^BF7hlc zQ%+Y+QF;I+q(iYK8k|kGUDrMaBzis$1o@V7_L|f}5}xdL|3f-7mA&4~Gc%EXgr%CMA%*G-ljjyPK1? z5CYKxZsyX<<`P%=q5=1=_#6cThx6SD_gtZ>P@ctJ|FYxl4>$P;JrMg)-+In&kXmNq zy$mha3g=bAxBI&g+VLo*>wc%*gmBNzPJN}a1GhmpCMThNGREku#;;NQ<26^J46HeO z`d`MKdXBzA^oLFEH0KT~i!EVI-4a25e`e$4|Kf2K%@V zQl<8F!cJvW6(wPaIt6X#prE3}9&V@AgIBn4$=l9gE0!f5)1Nim%?La2YXNgeeiH-XO^r^EDm#u6NHc4q-i*G0N1Q6V^n8o5l$mScH&v%{8KL?Ho*7vHYwj zK#S}?lVWE`=Mg0ZNu!HA<+3W}q`#m24mg7mDTa6o=&1s6!xH)9!?(0Q9Kt8;&N3%V zaDu{gg{T8OJpgBVYv^w@I)~cN!vZn}wbTGR8w>WB8E<|79G}2KoK3VLlCATrVy{)1 zV?z?-L%g~siRq*)^4+V|x9V@z>@$!t4#WNoJCAtU*0^^ap+~5&(ot69G(^7+1rBB_ z^^?lYplp{wVvhXU1B--t>vWVrB2!|75pf|%BaFmwG@mYg?+F3)wo>#eeJ3{GgjnzP zSQU<9=5^vkN2s#2FfNnRj*Ez|=FwMF8IpR!`*S!+rZaYXk1lv8qY2YVr&iKO+$_8a zcpKK8&FBMevW16^1gxyE^Y4HhVyYhXwhQ)Pg^K=pg!lkn&jg zNFqRkJZYOF?CnMB!CNe|2?d|l#WX73<&=0GvF9-mPr$dCKB63RyC3xf`zOQ4Ll!Ql zKWSEr2Urp>Hd^fLjOa`F=d#-A{-_AD>#;CZjUl8{eTWQ@sR=s2GYfU?%~9w5_KI#T zvKqst_^Oc)lCS>;v^q)9K=Z^WEpfD;pGvz6snKM2sSPSmu(VW;Dbq5jVpdkKS<*)J z*bJKhlVfX;=w$5=In#RGr~di;COyGKT5==fYV zz6b9&Azh~Sq0Xbc(*Gc$&;!4^y{pv%qhnLO;jF@bnG{I_ct&Av!>4!;Oc8ad$^+aG zC&WB_WCmXpAc9d%z#xc9#<8|v{y$Wa09X*0G|cwsp*Fwj;#%)G%w?C<4NvY95|;f) zw{m_4zr)ZrgT%y0lA;YAnBLCxzhSXcQ1g}_RY!QS$d^)d`{>_hNsq`JeisCyUWR5Q z>fut`mP22sW20fAYr^JEK_p`7{SbDzgnBLS2=6>nB+SmTP{w#++H4F~2_Tp5ipNvn zQo^(|BmY;1g?<&V+_#w9i>}{)4;Wc(VY<&~x5cK}H<(!}j}z)5RIGdW-t^t=+eXV5 z(BPhYOeavsMjt{Z2@7V2l8m|O3U9hx`?qGqD|H{YLNgFxt6xb)Ila!x7#$`Mkzt3f;2s)b0 zGzC{N{Y|%!$QQ)ro^+WNh=tIJYKxmhm)q-T>Y-ry=bmD(Fjq;uprPe{8Q%^SWXu?! z$ult6ca@q;0-l|Zfn;TpOG-nkoUS)&1(kQnJSJ87V|7N;5b8DKer$sId6?I|ete*` zSb0%eIy8ATHy-IWomTOd_O$VKe09o5Tlw*1yxXn3_yKx;EH2USdKh~)h-2F^Hq7)3 zP+wGi+-HKD7MOW1yr3Ts>K`)B&mf zRPW(y!#nvuNHyLG5_K|ZU`2hI{{m$wQ)&0Fj*@IjygTXN(HubzR#vqRcCeYGi3_O9 z7&$8aEFL=5T`ztt$JOCqI14acL^*BhobnnoCg%$Ndn7ir)rpK>M6#CWqmb9$oPfLt zSDakGNczy=S&-dCTYAWO%?5U(n|3SBtjSYUg~BZc^qsFbSSUkemhkWKX0 z2|C6)$nHRuP(PQjOq=Q4FsU&ZcmDQ@ac#3#q7(3N#sP8sol1?pQHsEX$5y^MhGZCp z=JCJ&Je$DLN;C^nJ!#%ZvyL^D8#Fp}H_Sv>!pdCMZQ)dO$YFuaMLQ18vIW)PAy&%s zrf&Pbzz?L2ZoNe5%+ivGWo)pxjo+|I5bmsYA^it3v({m=%OZ^_|8844c zQFC#MWy84>u)ECM_h^dU07tGbP0P>WlTE>*ER(I zD~It5S9y$coc!+aL1y#Q7!)Y-0WBJ!kNVM!gu8rmktO@?=k@~W`yO}ZV}hTKgr+^1 zY-#7`)sLrG!fJW!i}T=RuGAV_eL*B2Z<@-en9@r0-J@_JnB)N+$2?UDA7v9}c2Q28 zdS8`hU|)`}OhU*Ax31twGBcAD553=63c;j!;UqrJpHMJll*!}3V4r5<7$Tr-1Rt&7 zTsTSs$NP0_Sz80nADh#_2qSv#uja#x$tc{Z7IhZAOfz)&iIku2jyBMOjNYp`q5Vc5 ztDm3MxBH)%(bm$DBKK#FQRRGd@%Pa(RX9Lj)nh8egE|h^K=guzTki1TUP=XqNCx4^ztO`FjLV zkV8lfQa6bn6p~?5<@~I6%?WjjMol|7ljo(faFKjxW?s=DC^jOvz&zu^ z|H8N4$uo^H57EkAkp86#`>f`w%mr<3b3`k+An2@!2#oLR3fLk|gcacrzAvy0&9`|y z2Y%1hwdYLyYSKB8jSnQyys2!N$^Eolhn!b`)ZUql%5kWW~;rC=nwxDje2Egb#Xv>Qk<=ud73P7xv$~ zMoUJ~kZoCFm1%+Q0o%MR>aXfKzI1tu!?rflNmWalAk)CJwAs#SWM$#1jA1UsD|?); zbCJ4RvE0FhWHo2uxM6g@GVeuVlyep!qC2sIxML`L9O1K=CE^*oU4z`oE6O|ZVlfKH z4(gSx;$XDiRr5=uXM;a!s6+NUh6Q4l6b~EhZM4&lBqsm{HL_kGHUyK4V<9rvL)#{ zghw)SFUPU0aU?-H5RC^XN8W{KEI{j#q51HnMXghepDQzYb(dzAUIUnotXMxDwk6o~ z))4HF($v-dr1kY=vs`nDk-5qh{DrQV0{)?N=C7TclWHj@NI^vdhsd;cLZ&FW$^F^M z_UD$9tt6EyC!BoGzeQ7F&7H8SWz9v692W^05A?PFYR~_DC&e$am3Jla(8=d5=`e$0 zDC^f<#>C#~YlmTUdRhx>n{uo*p@tj+hV_O-w1o=;X9zPLXXgrBiGCs5wR1F`#71bz z>8#MPeJvzlJL^F}5kE6b0>pvN-*C%L5v8S)Ziy}^~|UmmVpA>!}BpXZK@hevW$kc z6{B?tZVvv59J9Q3ab6iL)6z0&a{7gzkGJUt^I;WjMOXc}n`3;ABi&}r(n_`zN-YiJ zRi35|a3PY7zG}l9nQNSWZ^8_2MGfdG~=e**YwWNTd_bQ~tJYpU(_GCQH$soStELyw2}!Mpry6uX$ohgtCbf z3;`pA0kgt2%3(l+W=pB39$HoirIJH@F8sdH0NkkcpU9hw4=FfwEDq6?*CsBqZoXO> zh+f;XUW9NcL(GLmg|_5Ovwv)EZU~L+YJO;?Oyaf`n=Q95qjV?8j?$HDUWZHTk!o$~cQ&uX+d&k=r3&LF!j5ta3406$tnKBLKnyjM;pRle)aqf9{Jp@P z{t-*&rG}BE9T=)OOYci@rf`n+YmCo>o&>rGq)NC8$-Q|iX-}9;+Fs6I zRwH=tbx6IvM9oDxkeXYC|I*@TJ&btsEdi5oX}T?eGdm;-mAd!^en1GyxADAG<1fyV zybghFRvt6fN7Hz{;_M{0FKY$4EGSB(4ZF;D?ZY5Tm&RK;Z2_Gg)4iR3M#p~YW}w!{C`MNQF`(3!V09ULKrVp@a0 z3L0EH2CFXK^}Qr}y+ynIf))d^GL2QV%@o31`dp)<@76t_8&?}_pW+(C{NfsM$~M!N zc^_Z4^7g%D_xL(-X{H4m2Kt*4?c1NRi)Kq~XtJckz>fHO3YqwV{~cx+Fmd0Nj-<|& zg?g^a(k)kE#=xRaT|I)$#$Z!BXUZsm)UjXIc9NO;P>)gg#=28T05cg!D0W6~qY`=s zaun4-@bXItS`wil8FGzpvM2!K|5*k${k>ZJeem(k&N+aApX~s6fLt3;tYnYC!i^0D zVNQg(cG4NPyVz-ES$`?*V-LM!uJhtUl^7n&j+RO(Mqd+XQ5(yz2U5aqh;_oYCE7OG zDN&^#=`_XEewM0nNl~><)=V~^^jIwQLTPB2)fML2$AzZIa0}vmRAj4>r5g`YRV9X) zm%Z>|2*)J$sD>t=O*M~!gYNgt()`;6F`x0|OOxliXOlofZxkBBW*Q199718ZAWN`` z*L}v|!!{&2SY5n#&*QEEmv*ZG9`Frc^_0&Sl7L#jHJ9j6>!O@6l94>mD6!|)l~Ia0 zCB3ABK6M!o9rKii4Z!JBE1R+QcervEuU%A}uPh?*QrhC`E?yRg5Ih<5mm3D&d~t;r zgJ0OEv;gLwLD9Cij4eDSOLOB9vP2|kCf%1Be&cM8J}KQMkt``$G>gA%*^VuGd%rUu zxB@X~DThVgP*awAYHVjxn_Cv+ZDE_6V)B@QX!QzEr7m%9azP_huwyQdt(QNNR&I7U z?tJiLH_tF&k`6IJE%aaSii?RemDEr$#B9%`P3qAn_TTso@qpOR%pRM2$|{g znz8X50of*RJ$tnEGUZxwDR$6Cx&gwIgM1RvD*$Z*pS}F~pW3PdbDHm8@PUpO9`V}! z2}D)k5NrWd+OD0unnJLVxaOEKPNPS&x5>%3q2trUk8420>|qzqBI5TRpzr!5`a zX2A|auZ00-%-xsCMM~QvGj+#V07*kS>Bm}fsiCL{uJ(s zu<(fqUmEQdC2_Ov7=pDT!@A|r6o!qH@4 z>p#XflPQ&>m2WYGsf7g2cK-nQpcvkmsCs0?do@UJQJ5Dom5l@KQc=Ah@l#mPknVVZ z;6_t{?wt0yojHF~Dw&C?T~)(z6zJ{KR;}1qw%IK;{S2+|#3hg9lj-L6twh-8TiMdQ z321b#xCj2+l=q<# z%b}Pzx`U)G#T5Mb+wbdN!z5v37oCgTdnE04@fK4l3u|I_cKQg|7?`u%@bRd&GUX^` zOp$i(Y^|G-2sqjXC6+X;j75Zkyn*R+==5&#hcO&%L1O&-1Yi7@nBv_eMO=}U(;>~R z>T)HwH%*Rw42qcVI`Aa}(7EVtqj+&0UhvIC zu)M)xe8jQ5gu%^t0zkQ<>Jl7?d{xJH8kJf$wGk&A5sAhP$&D^AH948ILk~-gXh=%> zUlz&YbBN5kQ*`Brt5d2{__j$){Z>oep(q>!1LpL=7 zPxn1WXkrkEPD4Q6~0S@lvOGg_p*Y`wT`cnqGrxg%hUDUNkD%ez|&+x>| z2(1wY5#Oyrh|^1E#;thL6@;eHmdmdQr6EfYy&4Z06OlY@s~RF&&qxj?E!N!+*kQx| zWK;v!#_7BOg-lQO!#prSP;W@Zwqo9r)M)&-v`Bbg%yzM&G2M~Pq58wOj7@lUqGyt>YRs!QAb6m zSQVc=%wpMdoHK4q<0-O|T52O0t8T4I{cj#uE#}3RN6Y~n_radf3nRw0)kb@tX8@b! z_gpMHjx_yz0hRjwo*ScIRPk}IF8zRmnR{IX)t)v$w{UorMtCVXtlHn1zCON#yq2xU zI^|#a%w-@(PTXOZ45mw3Z*oXYxG%cT_mH|pqitGXrSwN|8C%L+6V42Dn`mEK`8>L` z?_-}MN2)MXZPqDr`_A#ZZU*SWMh9!i9S^pjUT-=>z!YEM%IU-qhl=v%Eo9ecQjjFn zcIS-t1aq8il68>Y%e_ApEN+K94gijgtf6#-QE1C)WcXV=th@W!hLH>AvT&Z783MjE zC#O@$TFCXrC^fXY(i~w^r99HHwJXPpGVx}p6+;5R(NN#k%>|I+S{rB|F6_~4 zCsJDoRLgL7&0~b{O!(c$$Dam>(R!oSZ|$-EF;Zj-ajcr5*uEzQwQZ?}g37X*%rr0O5>85C9rM@@L04#m4Z`8W`j5mZ&BuFgP zcH`4&yc>ABfQD}>E~cg_Z|hlmKmab@;H9FuYBsPrsNrobO$>Mp!J8vYexJ_94(yn5 z_{#%xb+*a{Q%iEqa+++MkgW7US&5D~Ncq6;rjW(VX9=B4X16Iy%=qT&RJZLtvD1g& z1Evf~mDS-uoCp@}S()OXN)K=Q?ofjfHoaRlo4a6hMTlu* z;CZez5@oQRO6>5z(%Vbx1r;DLwzrF;U0YrM7n=>J6;>;$hH)&NPKDYB8D_VUfKU`URq0cMpp?Xrmj={Rt~GqYupukgRxJK@upocQ z9!g<0H3TTMY3{{AeuHAE>x2rjR}CosK}{vSgS+_fASBVmpd$SCz8Q25?w!1DQynS_ zmK)&;q?P36mb?^eSe!#s`eie_O!Uj(>y07=z!b5G6q0mK-Ca|($$LN9dufpE73;|u zwrVm4sK7c?Sj?cH;HMJjMa4LvTrJv+)Jevmiq|Pop3`*EqDX@k3{Q!S#uiQjEg|8= zZ;>L37&e?O%1Y{1*UsM>s>^oRH_}2$9SD56`1$Sjn-gDDAoT;(Y2~)>(9wgg=mA4t zH`6W*S$+Idtn|aM+G1)3tGqc*D*aD4)J*Y580d7qVoH?`Y% z`PFmR3n%ItWE)P_EBuJ8zce}PPHmg^T? ztlrj8yR0NkOkzF8Od=)=hd{vul4`f9v7q?f0wgW&fofhn z3`BBaYi=qD$@xOgA>^^^c++3`Z>`N=eqDqz5CmcjA4+m~KIMQ7|Iebxhs5w& z!ci;iq0z2fim_YL{*XPMlh{ryP%fqw`b>rlN6U0L)!yUTI~?=H_QQ{rS|rht3a+*HpwjifJ1S}6u9SXTuj0vQbJr1$t%Sv>`}5(2 uz%q*&>jqga$^};-0i9*=vq697z}1AORNG%v%(7nk7#TJAzt2)X!~X%67Hy#b literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-code-pro-v21-latin-regular.svg b/2.5/assets/fonts/source-code-pro-v21-latin-regular.svg new file mode 100644 index 000000000..38ac0fa0e --- /dev/null +++ b/2.5/assets/fonts/source-code-pro-v21-latin-regular.svg @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/assets/fonts/source-code-pro-v21-latin-regular.ttf b/2.5/assets/fonts/source-code-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..918694a4d177e31985d6279e52203e470d4fab9a GIT binary patch literal 19720 zcmbV!34mNhwRY9*p6*$CmfolLecz_{o}QVWec!ia5|T;6B$>$`CLs%I;ISy6Ac+wO zB8wn9LR1JCKtx0kL1ghEf<#c@Ap#FUP)N`J)xABFNkrfKU+&!7_nupI>YP)jPMveA zZU`lWRN*2fq_eHPL-erduY~ke0Xoq+G&s8PnxR8@p273^oulI|<16Z(!t*d~?0u{WQ3a-5L9hw9yZ+8Uoq=~$Mo4bO%(^ve4fdC8gfu^Z_o*2GBysXh)c4}qIkRQwp4^QY2i|`O ze6h{jrq;BMCEg>X@j~{zWzC-Lw2#|}XGX7e>zXa=w!U~#Eg>C`5+bs1-?n4t+KQ;@|B5Mxvf%MWtH!+&=7ao@$Gb5dP{BXmUMpqFt0Yo2|08jT;;~dR;dVIiM!1>!QR}+eOkLMdZd=c;WnaZGDJ~mmYg*!`UreQw!Q-FRwKgOPCCzgma(?b=VkV@>9_EsX zR0?frrEa&wE|I8J8VwpqYb6r8s$pgz(0Bflx)sKVuEp25GLcx>80xY_+-qgwrDqRq zI5ZNqB#qYQT_dA=THKC!C4negXYP{wK5|{{hPVz9at<$|b?M8k|G_itKLpzu-LSNXF&het6`Zp5F7u znc&XJig?ZPCVNhC-ZPeUvf(Q?Z9Fs_HzoCUfqAv!_V)Zc)*xCL1T`h|lr!Cm z%N@85j#0(fSpHq^vix7D5(<#aKZ(+-FgE^PD2;X<&=>Tudesd#(5r5^p_3DJbR0k4 zi9%#}?nC+)Za;LEQSV9f{gjm3k~X;tQ;s|#sMICmX+&= zL`6kZjLpRJw}SH;^t=~6Ur8({^*tM563@I| z7Sx{xduE%OW_yHdtk>u3jqz96$f3;}uNWG-V&mpRBi+q=$3}NGHtrf7+uIBh$$DHY zpi_2=-aF(ABX<2`-CG(Ows!5d;@oxYpkn%St$P*?P_W7Ov8kM(v@7GKxz1Y zrd7){!OYE%*pn&m@%wvXF?M}(*|zE>rM`M+rM|eT%5@SW?agN`9ogO3xO-&jS_ zahExU+gg?c@_(kw8k?Gu`B#JaThO1a=nEY<44tIMunQi~sn&=YBdylVv0kFluDzj{ zYbw*$Yf0KCZOy^->ABpDGiV)%*LFBk#udI6cVjdkV z;%_TB8mbwtw~aX)J>Ev=u&r)LW@=d5L9fiOZyR9m ziYviaJe9&o5qe(3iF#Z_2`imE6S^@ z#N`^<@`)plu9zw}Rf#L~<)_n8+Hi{|Xfg#gx8#4EKYX}4ZZ^lO4+FCsm}9_P3CSl< z!mOs;%M(*dr%J4HD_1Rf`E7dBPhEXpZ=d^-{PMS%HDE){0C_N5pQJE;YHCwA)2;dM z(|hv!>CPCZ>xdnH3zmsv7Lyav4=~fAuQ5`X#ZQMhHqA*rISd+RKOAhLh6zX~E1+i@ z&EGA2mzP;@|U+Ae{YWA6%Jeeht@OUQFYj%03Wc9N{BeV5>Ol{`KcqTm- zaq5yzFSx14{PQWeQ4u?je}4Lmd)U0SAjJhYf>y5D*|@GY&}k8gN7|$!)2PYWX0tU~ z{q4R!*#&zCcjRp5TGu?&2ejU_T@{do~x`|7A>#LRg|>V z9etHX3OMhEqf;{Y_M7IXNmi2M}q0h zDz&T1ZX7;ltq+)LHR3Y2MH^L$l}&-H}>7 zsO=7KdhP1`v((Yv8Vu&|By)3QIZ$20{gQLD*^@|Uc@2Z6=R5`Io_Q#GX(L+9p~Zjp zUN(-1sbn&LC3Qa(dy9KKZ>A)F&G}T6%s&oFnHA8X9(;3*iX==uGvo6!=H>k(H+_-_ zsDlQzEh}5Lgud2#{DovqnJgzm1xm7LHH;pGqJU3kw9!#o{>n28Rg|7!I@==Ulrg_E zT&j-y5_4mJAWNr;t#Oj1$m+!)#7#*i?dBC zcApR@ePh&@I!T(s2<42x@xSzPnzppIZfO#(kq)=JBNA!%c-jjVpni5_XtusBGM3Ja zM+8d%QNX6f`8If)rd^Q8f-*a_>VnF$QOa!EN{oH`vQW#iaBgj#ZO|qXpBrdfFlkS5 zKge1A4cq!gcEKF1xRFX0+cai%;`CEqF3jpA(=gT;3JbO;9hYOoumM)E3G`O6$TSj~ zWTq$B#cb*CPFS6%4llO^1j}Pf9q*@-MP>(meE%^A*q47D^*fV&K`~RD6H(T@Ta)ViV$khh z-VlACU|^1vQM#;;8Q8&Jo8&Un^^S?>$W_;>hR~wr*K` zdHox?qN}fNeKSyRmX+2Ey5A3r|9AQZ(@D&pg8Re94fDR4z5mC{)~=k??MG-yIB&bfdCevj=WzlV~iMz>cQ%EjgSitU3>&^Pk$IJ+E< zE+@(q)>ht=y^j+a_m;NoZ*M#=8Xpi|jY0pA4>9|yTqMfGuZ$GWS z+*~0pHk! zZRzw$qNw1`t8$dfOSNV3CPn4zqq{3CmEv-PY~#Rh6sf^qOT^70ab3ts-^~Bj+U<07 z+i3am4{G{@OiIkrQ3C%-{!l0F&%a2oflstFNO!je^B1);yJ|(*jA#nhmgDUz;lU3cqdvx_to(b4obC2{#DePeC+Rp4;e!ha zlen7FV%qrNH@@*${#}vEuihVe4Ke&vo$qyW1Idl4{8xV5+6p|)b7q#u0DdvgjWWhs zodtdc&!a@((eimv=^`lOQ7Buo2+Ft-pp`t7kJEX)rHf>DDpZi20A+ZEvV!acD8nm2 z1u5~-t%yk!&zJ$rN*TR;yvn!6@^lg^^wgGPR<@R@%RD2ur}oX5vh|2kae*r#$nI3AAUgrdWG9prWG6tGlmw{IQ*KZkmt97)840cK+s|jea=S)HXX~HO z0q;8CwPBo8u;`O{SPNJk>LiRXp9)+zwyTRJ6gqcpS~501zKOeRE6XS>4_^LKb4O>2 z^=%vQ_<^Sg{*QnOxJ3L63XJeLl`IdWZtFYGWDA856Gqzm&gFAEv?}EB1OgsUDE~eW zfNc4QN>l>L7QSRv|Ohg=!W0o7o zEUPBSJh6ER{(4%?2X6(Zj#nopAUGf%!C`YOgj`ZvGXBpY#Qt=5de^GnF`Lh3X*U=> z6I4_`7Oe4_8?+YlU?A2~rPhvy<1JPM7_a}O(jPL$ZKjORSfe!Snq{30@!p!!WQjd$ zad?70e>~ef+Z!EdsIJPWtPP!=4amP$n97?}<72MT_Uw3AS)NhoAh{vfFhp$N5ZPGh zlp@UJ$;Usul&yl4t3D4ZIRWLRER-!?1ZDCRpcOondD~a>c-ISfYZzVzeSHyBvH<;< z$19XAUV#3UV|WEv137YN>*?ifEEE z@~y&K0_U*dp97Vgfbz5mW#Jjjm*p5<0Sc?S0A&;k&G7H|Km7zvbEK@Gr{$y( zHuXeU2VV?YyWqlpo@Sy*L6za_x;=4;V81t0q@X@|tLEiT7hL zQ8EFV6NrRiI!^Ln#Yv=dg%QQaB=e(*jXJZKPtWc5cUW!4geed-g%e?u!D$HkQ%xf^ zr{$8}ZakU7@vzC;Evr^%RmzCPCjWb<-`0m3rzJ^QF36 z!JbgE!|v_d+~#iIvm%k*^kXv}Fw1H;bhWL^B*U4Q&)*$JzB#@uJ8|BcUR%OCy8WAL zhW576e+G|NMCbb3J;sKpwcBOy zd`k4qCzi6L5{ts@rc zMMHUorQS#HY0X!Jdebm(qPb6?U7Ptx+(aUUnBt^pT)B8&ViCtlZ{KKY-E^*gc#z!UL%u{0;GpvHw6?2ikPJ^zO3`q*4M@0ojf844)@7TYYINm$lJ zh&Vkg6+Jc*OX_N3x=||Phw;T`D-0%%g*S*2Jz-HH$W^Ns_vtIbaW* z(c1mxOehNr%3@nNcQN8P6SLz53o5t}|FnVv?@@?%F$!p~bA9Fu8#kSmp6(2_c|2{Q zAhV@Goy(=uJDsw@gB!2E<(BI=9vp0`-F@1Mo$2(>6{qd4{gu;VaX2g%C*-vTO0VGd z@wsz;jSLxZ=CrK2@9XYtjjG}1Hu{@nQH8wh_+xN)5C@}tDQJa{5>L+Ct%4`Oj}a;C zS6tn_`I`f6ouPh9Brw(1v@+gv!BTU*>DlP2{X3KCjv&(G$;eo3{aIfb5{Wt)-de~& z0=$KFnT27%)-;oXfj{ALu!f}S!rFx;y`;I?Z(ZIHZ1;xOkM*tab=HN3EkW;eL;b2u zf1STO&^RO0d#h9Cuqo+q*IFB`NqZ#aG$kA%cUL0YqY{?{T7tF1Y=zMS{%nv(6`OCN z5-f0%VudtG<8r#4ifB=#z3NVSZC*kfC+L0p2E8_-eW@i)uQ+}#<0At;N>RTs6BZVb zc$boSOiG|)5-PZ{)LgryvD&AOxA;RnfhC>Zj6JBP8}i5GhP1O`ZMJo@Oy||4P|MjI zYUxoajWpi*psd2bti62=>=k8}n$yh7jji$Ux%Wl6kb>o0ek5I{X6)X0aH#%2jr##-|z|IIZ>J|9#n{=uZi`sffN?|pT=yZ6`gkZ1^Ze%<6Y-p zcxaOO&!Ali+Ra$Osaw!{KI617J{S5~B&=_B?8(&tt z61R?8TXKE%kh#{MXbbhz&VEa(+i!^(J>9aVps@~9`QLOOSha>%A zI+N|N#4WX9cg&H0EEltdEcyz$H)eIDt>BQYt;yykJ-GDtX+oM=TytdV()39T^=32(|k!p$8E5?&eSJK@4HC?_SqL+0p9 zIR*=_z)f1z;X zb;#mO?ixMgsJ;~SSy6BmR zcvuWaim+&?)Gm(TsF*9wlycqzhWjSzME;gZuFB_h`q&8?wt$9Lx!bU}#0_86ox|L6 z@?fhFX%`dqfz%LV|IExwG!5ORb)9T8t$ERyw{ zAetk4=j!R7K{MZ?Fk9rnyQTu3(YzL(#6*0)k#4^2Ov=+_h}u@h3r#-CTB(nsl|WNG z9JBb+7CqYLj0;>+@)2E4r?|UV96~*ivy@ipxUER(uKvT;t$$#;a4t&x1|{6&>zBZj zBwydbwDs3?l75jp%DfxO_YB+pqGrk{r~?gn;{C0LSW1~Lx5+IYADwK<^zCxgn3mQK zv{Wd)Ry&q=Dfun%oG;)}F4E)$_5a8iORLi5R=LINw|e4zbdtx=TA}b-9D%0V-rbDG zRlxEdu(-*7p2qz<7<3xYk9p_;9(sU>{&vnx&nI8tq%3!R{9#rOkdMh1Fh?AiyX5%8 zSlvEAcHkG|j3np<^ih`8a(R+ztyD`V4;}KHeRkryq3ayqy@_$~9Ljt{D3kW!(5nA| z0-i$&`%T|wFHALF5!xL^>aHp%jWIKtTnH!?N z=U!%>Mv<^)$20)}8$CR;ckfJS?dsKQ?;d%5|NcJ?`^SEq4OxZ^070 z<;DDeGhZRJVb7ks{o_yU+xLqx|L`C8?`LZTf0&!0f8!oyyAQN-Vb9MWsQS6*t`x0^ z9Osx_JRK!=7fJ{_gXE___Z(GU8R7Dg&u&DCJp~-mc`GYe`hqLM8&IU3ge)5GjqrIX zHaEfhq4!UoCN9!8*3~s?i^Qi*HYDOnmBf=scqFQ1JaJ{F-<4~ysT|sb)~U2KHaYq; z5v9i#I4x3>C=r(=YGUJIt5?Y=odO-lKq=_ZvfLCS14>_5_QV6Wd;!jP3*WlBkl6!K zj;VM8?Ya{QH`-0a8zz^ZplbQ#l@W}t@OZ4yX5_Sh&7+KD`W;P;7NrxkIaIcWoU1>> z`eABrHT{TtjPF(KY?`87J^A~t6RrR3D!irAIqd1;-eqr#kn^I_o_~nm`mFlodPS&5 zZ_nS?L%W2E+@gBuD^^n^)b8o|2fZ)f#nrGYu#AyyoR|wT??M$ zZZ4@Qxw+~)oBeyXnZMf+PCxiyI^6MH^R=+fr_DV~k8^imjj@C8Nl#&KS0aqKAjKP_ zLX@56155^Grm5gT&4=JpYDulM#`Fz-Z7S5iEM@#JjK#Q|r59<+kGL#%37?x;stA1Z>T#M?hQJlN_&-A9jZ+Q4elzlCRsLe`TFUDgM$aB*Iz#3?>>L&#D8>k z{l~=8^SdV_%W_E68C0Iis@}SmepQ8EWxz_qcG^ha;-28C4Y524W{i1yK9^qXj^H() zts*T--O^xUNi4P`5nmF=ANF{7V69kqWa+a;)beoH;nSGt{9)!Xo-(WNj;M>{&!%jJ~{tgd`Yw{mUVjj$>PLX<3gX1fWoO3SvjBBPG= zQz^*Ms!v<}+3HI=Lk6)v*qN4!JN;c^Dcy=qKdCuFQ?o-uv-w|KwBhK{4HuzrqjTG_ zuJ{GyPO?lt7j|jQ@19{vD%K@weyH08hqvHq@~gAF4W;9C8;2r;7mOf39g~VRogPP> zqhZ&$r8yZIX>vAfXb!cSjGj@IF=L#W2woOjdvNtRw=cse($Li{;voUC}XpNjqQ)ZDT0+R!b!V^l7sK# zTt=_X57Dc+i;wSOCq0zSK2=-GW|_O_SLw?lIc6DbKji8GIRMB*A`>9@7a*6?v+098 zK6e@EQ9A{_P@Vsf{(H;@|$^hWMG?5Z8gncYFF&SCdA zHM&~6LJZrbbFK72V1r=be=XP)K2$vkHB(!uFxaRsKCJaCYi-U%Q)_)D=+s3NZe4r8 z)!_1Y195NbgMPcsXm;8h4zJH_wCgo?i(OY^b%ZO6V{T{C2)+-3i>J}9h^=!md+ACl zwIH1?&(4vnBIkc}n3m@MHe;hDy4S-fe?5HDBeVf??);iV>8zDegTWDr`n-CR!dq!p=IoI=z1ilrre!9bN1@Z` zbb7Z@tI{f}+$vqrYjl=LJrMXIG4KWy_ z$)Y!!Wo4>wr8;Es8f(M=?019zJ3)z{YxDN7Fh3RI&XaTwa-g-IoYUJLGKUoUa;wrD z)J07Oi_xNXsX1lT7*90ITy2rsL7$?+S5|JR3&um{YOPtJ_AAs$f1rVJbp)5&z!lri z%=Q~Y1{Iw2xJcu--uhR6NFhp$_W6>|@aWPcq;wakycJaHkT+fMnF?M?!AJ|c?V0ml zNXTilybfZQ7O#V~ZC;(m+7^yA+m(7(r(G#G8Fc1QsotmaXd@n3(qVPU#1$5UD-v-T zZDryzm(3M_P^Pa`RBPp$>O(q}Qe7!gyD^!7{yPg4ois*Iw0$C4hk2c!5NV}3sMJ?j zROUc+#LP>~t>#paSiCs~kzxmrvcg+hZid9dW}Vg~SNoK_!~}7&cHf!%Aw7?N^>h5( z@mM+?3x~YkP+xRgZ}0Y~Ei_e^okGfsk{3{GbD@?XB4$-sSBm%=VbtxjhNrT1Qz2V) zdvEVHR_oKbkLXIQ5&csxKy5Utah4ghTBA{`WqS1C+*j!|$|4dgLJOWkEHR$9;RT3_-pb?oNda;RzRXVx zkh@UkR=&)m1<0KXke?MG?~v!|dED)w@Ua5q1wc0Qke?SIpHdB7NzX!=#|w}T$?bHS zhdfb$+<<<4hGiZg?XiRH$`aW-SV^YlN>gD=K^*DCxoEP&avL$M}N>vf4(swrg)U7l`)ymOg zmr0KWXO0voz--J^{-3?2g^@;s{;puK%P(95(P#iCJ!~ z33#()lrwY9SmCVUJ#HahL(Gbi!W?g2GnxC%(n+303vg^CYt{$H6bglWG`KXHYltlk zj>(lu`B-p5TWfBt*=9{!ENQDXg}>3zxVFyjsM9V9EqA$=hn8sT9QHcxcxahY>DJoo zz217eaD{~#pF6-2?j5W>hOq~fq)&3>*$6(xWoMp~5=Kh|13d0=t<2Qr!d=5%;n=d; zmT`N~-WZG50ni;zt!nfRwSTuB|IVm2_@Zu$-(vRG1tRUPpsmJW4!I3(qs7+{uIct_ zobK8yjq@E)tDPI*J$gI z<*QUzIi0jCpPig|b6i@1}T65^y0sH~3YvlXCambI5v0~&$-#K#R$Tc<15!!USt<~XZwcVb7 zIMQ5m4T}}B$l0a9jY;4KbM5EMHJXCi-#soP};J%ycYbld`yHMf=A3mMtwc9o1fSjS0Ejr9FhIs2wpS-q znm~VIVA7~enCazjzYJj{vgO9{-P7ePo4RgA*que0}J_IGI7_HOOqgi`N5THzF;&_uiI!@16N+?x*-;<%CQT z_$5j>$m8^TG?2@|T#)r-ANEJ68HPes&4<(nf>&KN|F`_JYKKP`Ved)Cc<&FvE(n%Cd z7O6MU5DJ}H!%7Su2frNJAO(rBoYo?lNg2I@+&-b-JNt0%p@(vZ&jw+XY@v3l-2#sCg zu*(rfPKVO((;4pjYzH7!vVjNzOOJ+WiI|pzkLu`=C;aTAL;n-`?o-OsG#23HX)UGx z{Kw&=ZAZiTk9Ab;e}dkd?|H(Xe-G^y^2=y%KR;>;d15>xYm4_cav8cA`w-@L!Mua# zAM(!<{{4PD{~UW7B(#`+KAUT%zs1fM2}Oj3`Ukl_`Y3iRNGNhIc)poiMh|lb@C?5g z&ku36^eXP}ct)xQ&rcyod=@Fjvx4Wp&^{Y|6n2I-e>;0AmpPQV1-u^S?x$NsQw#69 zuZ-M=G!4&D{$TzIDqT$<%FzFXJ~@MqM!c~QMe=Oq#De*ZaaPjG=BHe!^BJupQ( ze(0DTnRVM zDYp!{2E2J2J-3znC9`gVFD8T`G-!0YjX1eJhsoq%CmThDe&#J3S-e+b@fy{W)fP)N z&f5yVT%S#=wJkn@=^E}y`Xf=zzsK}zjmf0Z7>(DdO(r#5bnZ$1QBwfp7nlmVC16_2 z!^yFGysj>u$YvAOHd}SI&CbX609q#ehyhU1# zN+Vg_Rcy5cf~-&e?==anrk}v~+X_p=RxwWe6S2O>8$ayte~`oEdCVPo8l_$E=l9X8 z5S9KG-&TdN5O@Xm6H$>!BdQloh`uR$M08B_H*re5Rs3!7vqhyvk)j)meqQu!(JMuN zmsCsoBwHodNnVszNW;>t(#xgyNna=~FU}Ot6z?m(sQ6&@t=y{FaESd zQX(%gmUv2HB@HEAC8H&iB^ye1mYiL3amk}4|6TG~skBs4YAW@Xj+O2yy|(nW(tAoD zE`74}H>H0l>ns~7TUjkim)62hA{!m3xMN7ri6)#nMfF1IuSDst>qsn|$b=9`2A5=Y2^_Qx@ z%Zuc-^5ya`$bTq*S3ajGRfHA8iWQ1!#dgJ)6kk_dr?_2lui_!aV~S@LzgN7e6e%l} zer20-T)AF(oAO=daeNJ-Q-xGLsykFqsIBU4>Z{c6Y2+Hc#-Rynl9~a{nVQ3zCo~^u zi?jjldhHjrw`ZWzu zb$fK@=gIs=;CyHB1|}8Fm}KVz|O^v*C#0NyCeV|2CS9K4XJ%$hgsX zj`4QmQRAD&k4>DZ)MPhhO)aJ#(}-!g>2%XZ)2!(%)48ULO;?(3GX2o>i0K8>TV@45 zx9l`en$I)eVt(5Ep+#;9&mYhjrbSeIbs2Z&E2}E&KO!R0TTH25Htx8Q{l0RA`MSBj zd{!hA!*D_CI0l8Om>_T_;G<6Ad&#BP6Mq3b@N+;S`I54|3 zqdnnRg%;VtTAM$d*!ewJINZqFtV2t~iw-$jZz~+j(YkQ3c268-WCHCAM-&t=y3%u> zUl;{AaR`NTneX`R^UdOS8>?I$ObIGsCZ$aBMuG4t;9H?9kKV}^5 z6O_IJSf7D^@CQh259BySrTjTYPJ>*`Wc%EwXn85Q3-Y*>99;Ol9<}a7W{w?qBR_Q) zp58$g_*3#B`FHPb02X#;K|w!yD@)FRch3$3f3@(mt>>?M;7g8^ZLlTd@T@4g1)SS( zFph3SYx~LBpy+1u5P1sEhXMIBU{?bA1wh}%yKC_7NxXfEX-nZBMS%5U{ynBWbA5At zA{noJ^KaQNC1R}0^8XJ2cQJH~kY3@JPLdckqh^_?1Ya9-9Q-l#0E^fP|C-xc1`!ol z^K(KQVkdoUHKEtC*I02qh#xConrSerrNR{y;a5!mf!_}3S`jong1&8nR;)(f>?1!W zzap=a_sAS<=_ov)$GDfcm#r$R-fFhmt!``FnzgoBcUteT*%3N@!>+Ka^K;Nq)*4&Q zXhv_YfmE&oZO@Qn3?kX!_Oe}S|vA>W5y z+(y1j{u?^^8M%qv3cdJ%s>s)%@4qK6L#DTrJ0bqN$cy9<`761a+zmbZki1XsA@`Ew z4`FnVu+>qr3nOiYY=Ax4 z1YY04NZbxBpCvoM^=@(|^nNS!^Z=r&Z$L*cC*(dlcfs9agqj3C0bA9fV)*DRLsqz_ zB!MRZ&SB;8ABB4n8H2AZz{RAEt|;6Wk+t-?!o7s#pr=Ba3hZBK5$>sr$hcjF`&Qha zTexo{rQD^Elogqs8jSrK+=U8H3}S^gtp%5-!=_mwi@iKw>%ip>Ja>b)DZHHp&+NJe zJg-A}EAc`mJ8^7>K1Oit=8rH+%wr4lHMiiMj|5R;H)OaIwXBfqI$&Q1e7g$RI)HsE z-dZ91HE0{OSgS$JHpq7tc-C2U$W1MJM#)yZUCTX8bZ8nMRKfVodd6o>{lh58Wua24yy&<_O9$s<-kZ0vFhydsya?x1Id+ z!i5qF%U8+2L0riHW8W`v;0rsvaj>tQ>v3(wK{0~+aUI1$(f(3gmy;E^vKgJ_W!B@m z87))DayPCN7)#N19}%~8^oi$_JsV7*TMxaeIm5%X^-)$&m0$!z^! z(7xBpbIa@^IkIwWeVMf{25kbBC7`+kJ$D;s)7Qvn zbbt=<911kEh^7>K^f7B%oMCP<1YwqC|`d` zp}Z7u4%A^q0#f-SC>7yZ1uuqKYoQI+rvg6K)&rnifEQ?-`v5f<4gbl*1qzrizBR5+ngkmQ#6D z(RJHZL0lXN80hC2a9UDJW~oP49q}4pq&5t{lHMSqM=wtRY>)Ri~F(p zejs@~HKAq#FtYpMW`F#C|BQiv>llb`ZshpGf&b?V^?!h5ZtZUN!wCWbQOf`NNI=*n~eIgJ1zlwg5P}{ctBgF@EL)!pvX9Nos9t z^3#u=@yEvcj}uX4y#^S${lsOI{PFvl3lI^oEQqCz5#T2;#-BLA20wX{*!&CUva@w` z`l;XGPall``hB+ovDi8M{_$nn_^~1Xg9SuXu-h8^fIqk&5E^)|C$L4fXaO(^R6G9}a0J0GX$ZZWT92mln5lejA zj9i3>QBdLp4jOJ2+>F{f*kJZ_1#Wx96A@e!gV${HBPKG}bc0-?|L}&N6HbuILNH$e zI{p?RAuS`{o9dU5gJpm;WCTvZ(7|vLB*n-S4HBq86>a~&c(PM0 z0h&r^5Iff!&&KP`+0=ToU~-Bh%}eH(buCCH)+>Q}QG5${A82V7wV8LIp)py1Z#EJ; zR_HpNp8MHgYjfLt7lgT-TqlqdWPPqSqSrBUdfd-L4l%EDxXdr7AUUqq!hwj1F`3)y zpo{`m5!x;*bG4lY>o_SSuo$Y6WLY&vvywAcfaqJ8u+~L*ZO|ZC{~H)lStidz;-@P9~hZqS>+<}R$0=%^3dDibN^ zU5u3fswVQ&lubz@nwBJAL7f$Ws0ex>%RHe5KbpqflJ4r{M>GR`TZS~HKC+IHPeJ9$<$ z40#Y%J*`7z0v?z~O*0^`+DI)cFM)YB|Nf(#xPSr4?P}Qu_VsEQ7$+L$=b*b?WSNLT(z&g&3*cP-Bd2EwrqDw4u2NcuKRF>UMK(@Fw0 z5=U14)EVgK9r^tYgy^=G?FnhPKD;D=P$UT-figr+A4en^;OXxvMaEV}r?eo`yx)b- zQ@8(M^`zglNqa2Q@a&SBXy)`R)Be15DIn*X*}Pitbqy3zf>t^~A-EUX(Q>uf@r-~p zCwKrAu$ah!LQ)VOhm0STLBt7O{da+OLbBLiePU=oDqZzpHkL*L87C~v6jKsCoS92p-bPDHLsPfS>2hZ)GnWJjI`8sX&CJ%{ zjisK$(O;Apu^yOPQkV@&Ajq#nJ&87VE&(KA5S6)6;>Jun#mU@wQEDVgm8>|1NGsB0 z7TzxJW#%vS=?~f_f*N+t)sdph&acu(ekKi*0-n1sF{p=eT$YUoh{=>QG@Mw|m=IQz z0TlGJMd^wwr^H5@M3LZ-W9HYZPQMMV(QzpuL)e1{GD9Fn3q?j+u3POJOV2mP?zsNM z-2o|{0#Va_yp*MW5ejl>=nGyZ_v9JfS!`>(e=i~e7($z~XPe7ws`nfo`o>G+JMX9) z-~SjKhR)K%WK;?{;#ghTb%q`(QH)awzK7q51&XA~A0J2gPuB>#&|&Is0;ZgG-<wp?Se1MBc{Mu0EW&Av? zGdyCu+V(E$PULH9d8eqcl0Q~X>JH*&9h``LkW_u+DXx@Rr_;mumojrxhr89p%)!zF z(tVL%?M&~mvNKRRcEk1Ivlm8HfR9WVT{zKrAdbMZ&i z`Y+e9%~wOW$>WA0S=M6~o=0Z$j#{KB*-#+_j*}zE%_1-%jbnV09)*Y=1%&>rcg~zK zBC4FRHOnHfT2y1vsBbFDcm~e+{8DSZs)h-6q0*7xB^O8hPFBCIW`d^J=K^git*_U! z*nsH}?e1@_!1}^D$xnucj2Tr#uf0rc%tP}pfHM%>;C;V4`e;6c3AO));*_I-=Z@p{azSKO6EP9E7KbgUi^VvSkPoPH zNt@*IG`Rq*%sX1uNOkyJ&m65dnljdg9K6r9EKq(E&b!G`)E?!JQ_@f>xHzBfDJ$4$Nj7lB<-KLM9ZSPw6m1Y26_?vj6 z%`sYssUOd6jfc*SP>;-V87Z$|>bn&aX6%MZMa))$1&?UcOcu4~4mwJVA4zVdqQj{N z4cQyW8~b`raa?p=a}~*eO|G^s&#&@aQB8Y9D91ap9MX3*6Cx-PV`twdm9C$FRWpvF zUN&-fQtQ0h^zAWlR$;Pf31fgRAbhL<`;xwrOyXzmoJXOJxKOzczeZ_zECMqBMid3t zON!2Tz*K&&PLaFDvzZA$_+_7_G96*P?wKD|PhWKBkBPMDe_K;<@0#G%W;_~Z+V7YH zdCPq}c@NkdKi?`vii>G7ed4&sL_0XES22kI&Sy^75*{8h#r7OxRZTNkS3NA+C-$zK;V0+? zm|YkpR4Q}zB%Lz7yIgR~kkVu)Z9w=u1QGd8j65|y68rsRNUxR6?RM-8wpU-f<&+Yt ztc7@%OvJXs1b9*JpB9n;*|d&!#utL@ZA}_AwpYv3lWwK;dMX6j+{=H4eCpxl!SB{Z zJCNE^Ly3Za;gl}bdYDBt>x)a-r+A%>a1imWrs$(v0w%^XJ?3G3g`bab>@YO68{?Sb zcxBPT#xfpmEj}@kRvau#a3uO@-1ImN!-3}_fNIfd(zQhnF1GQU>!ewJFEY((P5<^e z1ralMFclLUM8kGqXKTVj7dIh0#)Z#I9ELJEl%<#+7mZ4`iq^+ppu(WhvkXO?8E`gi zz}RYmzG_scyzQUiX)xAn6Ee+}nNFIBk18Djweg(A-tNr5lN)@%=-L|JAKW9U!;#z+ z@=15vSxSt{TP70UkF-YTtBu%GT7xddv-5I&s&AkbPk0@#9=#QQLBAV<2@V^_PbF4r zyeo*~i03{jMe0=dU*J)ja<(C$61Wi`EPTRQbdqkig!rs)y~(!tE0&T-^*4vAQ@S@y z+dW5HNbd5_Z+AT_=~5VFWo(!Ak15OPDe?(q{A!$K9H%FQ2ZxrWOP7Z3c>i&43$wMW zvW;M~4T2B72Fe?yrTcOY^H|jjPJsNwT@g+5WJW(6d9>jE_M}7mGg_o)d$42P%XtfeY#!Ex55RbV;V}0Og`a*d=pqwNo7nIC{a8}aOd7ilT}R_a5=OQA;gid z0^&TSGwYHU3)Z(ijNu4T%mgOdh5x|`2NJ~DSF$i1 z&3eN%W~zZYT5WEHy?mJPqJm`x<=E^nUGVip^}XIbAv9Mpak zwVXibg-7_T;X~r!{aZv}CA!W}J>&~}89(@97pZJjW7rmWLh)$3gVYH(l4dWeIAMAg zKjA{)JAI3SHs>$>lQk`Za6wyIL}zR-qGM8$WqE-VNiH|Pc=MDE9WF}}LJ9$=-+Y8k zVe5U2zl(cH^QQ4Y-qTa$3;yB^DnNHL@G75GJt1ARw&2yC>+UoqNkfj=lA#T0M)*Bw zISR5i1W;Xn;ptf~cB)(=Sc>WSGU-{XRrhS-^o6B^ki;m%=?!7a4I4>K7navwn{K4e zXrj|~l~}K(K%AHY?5PJ@AD_7L7@KUzh24|bubGSVlz&Vy8=62^EVkcR+6_il2chDV z&l;p4J{HE0KhNREp-y?s?H05+I3w>>{8b=c1G7&)*tZ0=r%=@neOj6=;daUkX zL2yE=VBeC?;9jp5Eq1mrfCp5F1Y%X=QgvJIQk|s!@*}9X45r0=5+K^ku^)l8V&h>A zdhU9oKYs2KCjR%#?SWQ|g0jfv6}A02j-Qdm8~5shaAE`8&Z?k6W2(tk5yjoE>Ta9P zt=f+Z^BL+gB`c?JO%i)G!~;{=#qrI!y+Sx(vJUFB@v#+MAPsF1UbXZH1x4*%Wd5Rz zdU-#`dH^(#dgIAcwmDKyfH?6+?Yj&77uY~4Jfjyvd<()D-5x^K0f*dIPXzaT)^>6B zi2I=phq_i|yDI;Z+S(pGZ@~*f8D*K=E~^zMqD5PIq(enjGE374+5Aif>S~jGuIwPlE;i;tLb9`Ae6oD1b zpvZ0r0!O(s1m9;?r_9&QQyYw?B^Nq5OMJ{=Wp?;~GPgAtZ?-+AvPM6FNS!rU%1^*~ z<1Wz=!?iluX56HvMg-|C6`R3+Gsh8{^5g1Ol@7*4$_a6B? zf&Q*1YeUM4p)?EVOBeOx<~$U)ZLP~~R{d;DJ_$(E-tRs3Vf!+Fnp~)v6qHFxl+0mq z=jP!nK^k!vDdhjQ2s>AyMk9?k z+QfI;HBO%*$S!nuGTq9)yn>}2Jt4Z9?r&#g2p;L>KmU|q4w{Rs2QcDKP+S?TCPQdJ zU97$}L^--xt(;-h(v}+QVMJOjIfy7K)6>&H1?>-y-Dio`{QrUr+TgiSM*nJtSR#kAO%$~egfT6fn&%AqZnTugKr4TBtIYNYXS9IsPJO#n0^ z#tZipyvyhSg4^?ajj23d^|WWiqU8&9{9|MV0YrmrXQQ&eAD-zL%2=*)rEtxazfG!t zbN!b8l8??@QB!nBp?UPH_2!m!U;Oz5SC!Q8oWg2hgpu0xgiSp7_?#dWIs!RXBIVJY z?Rs+zQ{5CFbM8{t`7Bpf>9(3Q7woMht4Yhquh=C=7yF%vAO^9pmo;@EebBi{(N;?q zKiFI*pW*XiWcT+LimevMmDgLqXE#C0<*mCt?c>>nOZJvoV)SO~{Z%MIyXSGVN$|lg zo7GJC$c$FUk=>mYdqcX>q#5o%E7EV;8;~76Z}Ak;ea=6tFAtD-<$2WahKO%AjY2gR zS}($g29P4}W^qeUm-(0VvVN%=FalhUy;qsyo^RfyM}Foi3eVg&H+NdpCU0gIpLLD} zxBLv&5fY#(W0S8MF_EI5X*MXnwy%`d>vB^(QUjGo!+_34k{@r|Cn3r%_@t}esBdZ@-Z6H@497IDH>Ws!%Ee~BpvQrjn% z?#Riz2_aw{hZx4XbZ!O6+$2*~mlTGnpe(Y5<}8~(uK7KM26MLm z-bJaB0C}(o`I<~1KpR^MuLV<{Ul5m!>por$yu;N( zgpAGn))fN~-^R&<=4=Y^1|P|iInX7PuSF>37{?=plwjB8Iy9BbT1N8xuBqF!FPYFg zaSpzl_H(7r)x+&`c<|p;&Et^urKgP8H`bz0_)@Myj2)(ynA0$7nvYoC@OlLw@~LrJ zRiiwDM$VO@5^{;SK|0OYUb#G6j%_HjiCzh-@D%7b0Y6~4l;rNHnkH+ZZbR^4mf~)2 za?Fx$C*|u#UKB8nfp48MBIO~vj}Gl}H|Wq5Kth0TUq*Z#j@m!Lo zD2VZw2Lw2j4+tR8b0V~Y{2l3<&_oM0p?+BT_*U1Krh?B^#4C zB|g5NzvBizH8rC_@Yb+%WPY}0jen1*TpiyTpA>ZgwKPI;3k*}YOBb-G?;CcX0e7>e?%xoALGKI2` z5SQb{iNxH2Vip*C+u#kX!Hp+bR~k$aP8x~*;2DSQST&u2cTy7{Det+5Dht)>*3RYo?;;}eu{V=-xlwdbU>2e=+zVxeI1HReMyVraL*{HY z#NcA{9rgk?RWR~e7#8x@{~Y=z2oY~^>kXbY_AAsYMX?W@0R=-oI=hZKGxShABE(J> z+qM|pY&rO-19c!YE$n`~ZT)%`(6%r|4meuZ15n2}369W6)H zkvoi-d+5TXTYI8N=&LtL-ko{g9#PCKGXYQ79Kf%8x^Tq(fiw2YFkUzn`I@xY?b>5k zr4^s37WJA`bMIyE5jL0PCOhy3{yr)!Z({B^kHN^i(7swV@<<`ekfD>&VdX_{@)OYz zz8f6C|En>);l`lS2NvfqCCM`6mH8FU@pC1~3B1KFkOjHU~G1HL0JWw!!52`n*)4N~OD+`=|PG7u$DF6zy%oddj(TQ~{j2cHKt zszdX76zwfxJkeZn%A2ipZ!x*h&glZ&GsrKmS^XOiSeIS6Pv*$uxZxplCP+HF(Y#!P zm2JeA70i)2g)zc?*}^`hd$3>sX2&iiVyvG5TYru2RSpgCd7jRppBFJ1T6c>7RE@mO zo>OmB;`EVl-Wd}U9PqrjWVvpsT%D%Ux9&u$T!kAD@`U7~e;C{Ictn5T5f81F-b~Lh z#J%Zkx2rX>{}tS8b;D@n)CCZCVi$3q>ud|3>42J&-%NYY?sZZ}E3%E#D~K@yX~iJD zoa>VZ!ou&Iq`$K5K>#$kH;VyCwdphBt!2{v;v`j~=!YaN6yg_cwAIFq$klRxuFlNF zQGm&1JeR=&;wkJ^$gpyrbh4yrPbuQ|j|1?C%6q$>Ivd)7Avn$G?KEJSjr>*z#r$eX zQS5=Xp;EIAytONq?pq)XU0zEE)N=gU2r|?lP)KE6Q?>qpu418QPpwLzfH90fJRsh| zew2|Q0ECPC#ur?}o4XxxH^k<}pfiZRgRa>HyJL$2ZNv55OC8;NAWlLFs(Jasq=hBw zYjRajs8Bo*5xRqOYLZ5Y`1d^m{z*hgF%TPM@Yu^onx`jymU%w&T_UoBXA)TVn76!l zdM|!@f4$t#jC^`OtGJ?&)tTL@SonKI{YCMnIlsz)g;8_irO11XEwkb%9>vo!hdytx zDJ5Kim=+Fme%W~S@0?Jxe0gHiOl&o$nc39B7Urw>~L6lFoQ|!hF^m5EmSgk{@RuP(6f~p zUhCD6PhTyx6;E0`ACJ7NyOAJiO?7unyzRFlaL^Q-wCo~%DKp#&A;D7|-kfB+)qXi# zSBKjI=xVzlXtj2^+EYH=Yg?UwI0CJ7_^V{DSO>TiIqeUVzEa1AVyYu_&es@Cb^GJ( zmJ9X?>%LlXyk9EmtkW`zn+_dnPO!|t0;u29wU(@622kE;}|m?tuFBpu2x7elWP!NW+6YqzIW zd<|5xi?9pI>Vx+%qWB75^TwwqI2D-)_paBVmgeD5;3GQ!k_Da-P?OYDBVTS>bgMTl ziYZe>xy*YdgSPdQ&G=_@IdK=|-?CUOGw!h=9NVqC1rp{C9iG(NGT56bjfv;>920^2 zLeB^9l&+i16-zG<6sE;fn2kdpQHex@A04I2cQ`&Z%{SMWyQM*PVMOB`z5desb9Ftv zbugRy*b*&?E3|n1klgXo-sI_nm6M4l+7Bl2AnNI*{@M_6`+l87%)ocD=xxAyVL8X~ z3aatA`BNJ12U<~nOF6oDA_5fMq@A_1K+TY#&>OKLEXP$#YO+ErvP&9aJ#0oZxENE_TMSNU2g?RdrF?H=79T!6h zh$meYq!;I)Y6WvZ2tC6Sr4?a5MW7^n1RDEgW7v%9m89v50X=MQ$%d-pap zfFf(w0ZzT7xr!CdDRsTs{+D%}0R){zD35I@Z7=kfh%hr^{k1}Ay094aQjG9*kkrq8 zGRvCI=4^4fc7xaa&&{~Z9APa@KIiK#jWX$o&5`qq`sm;Fh0XLn*CTt+6aS2CoIE^| zaLoqBoG36RiW0%}hjts0gM075@T=GGwI&*6@O@S{XXz`w;9ETK8k!Wu zq+J@M4&xd!qUcfz_aD^Q%_+*5GMc2dX9k5K=%vN{mre2pyagjaHJWQ!nnu^CClc(A?}HhkjtJY`?QW%N|PrDc{$zcBs_(xxKDphGYcZZG1vYpaKd z?6+cH1(=a9nW^*o0ve|ArstrAC>pjT$FxW*C3&L+wO5Gg#fxTA|l2&Z+DJv@8V${Depl4`ZC=j+yhXd;<0I%H`% za4-D*HYHoabS@gRJ@rd$&rcSqS+gmfsEga>3S7$IIuX^$9crpp&QqJT;gy`T*vBgu zC#I;!7qIi(BDofeU}%RA2Mm?n0wt(i*;|winFNX#GSDnj6I#*?nb2s{0 zSP))4KJ5w2avMK(JcBHX7vjWV1gcxHS~mTQ{pxn3TY~_ofk3+a1`j5~M+?M(gTIW% zM=NGkoO9Gl-$Z+sA^QucFu&a54;ykNMducq7NPY)0Q(Dc=WHs3JH|{jqY*y>?CxiK zFO2RE=dn3Lnp;JT@cqvRWs}j z{pyAO3VI80qI&&BWKc%34Q$F0`(c3Yj{9ep+liluK|Q_)HMRi2d#8-vhB^HBvooP+ z@)<{TBMrV{a8T1Q8*R0dkmTgYjHe?ZH<@{!3-c3VI z;fx*3Kg*?8pD#0TC0QW_P%A&kaq;$DF~^q{k*vZLKrF-urA_33Dy`R-4x^ylTAQNr=%5)n`w3Lzo`b_ z-g&_7K*BYMPXRp2J3Bf3qUdVK*JbBD&sP4G96@!R#V+Lx{;aiU=D1-T-e*3~Q7xyF z-sm#ivSwp&nK@U2ZKcg~sZ*@V-MAdJkX{F49>%y3IU*JC0lG`^A&OPBNBJNiwQ7G< z6qH9E0K_}Bwn9G7<@=}L0I^mYqoi8jN+V4MlyN7v`r0Apc`Mi7*PIf*CT`$@U1hqF za@H!8j}7$D5erYef#w_$fs>8>;ke^k|ApsUeg`V+=Bqf_@RpmBH_s!Lk&N)&g026$ zJ?6+ELSD?&Tf-&-#&Y5B#7c=x%c^2|!deKK(S8V6vQ)9$SpAF%v{S|%GIh?VCh4b{ zy#TY=AT$WF($09Ve5I78KbIG+=UirG_lf^#toMb9s{l)vy3r+)t0vEKih%u0xk~93 z)DdXeyHfioquATrcqz#14t}e;WM7URTqBc__t&A$v}QVlmvCsv4An!H!O>A!9R0pz zD&N&@P^lpd*Rp!eiC8Fg7oUYJgj#QN=CHR@ui+^_uRcG6tx0DN!_xf?!X(qKDUOOp9)KxGg-S|u!D~u-Ygrr zN2k6h+mt)qHOskzgRFJgXz}`Z@0Xo~cKu~7ULX6xvA$mK=8n0+i2f-qA$H(3L16AU zeEz&`cqM<6TYn;cE*Gd0c?AV zDTqp&wiqu&waeDa%lN(^!wh@0f%7iP$vUY%-q5Cf?;3-pg5$P<=spq`BxH8o(AWJ) zLJtxSJOor7e3lv#<2i0qr@DGE*l#UFYaXjwCP$6O7qhUU<>JAGyp| zJWAY3)Io#!ARApp4t*-A24856_!JmY*zMu7MiV#wJvgty=7JxcZIftDb!Y5_`Q#OZ ze^r26EjZ403xeWumd7rmngu96PA(#shOvihfhT15IRyFj+K~BxL3Opr?C63BLfLL_ zea(Ni3*i!rs$Z;|+Be-;@cC@yx&9>$B^cvVu_O(<^lVSRK!bhrM>QuBQVa^Jg>!ht zn-xsK5Y@f9@ERlb%_#JFL*B-Q-gF-b95HHp-@!HZRvbvp4WXZ~Bj7qK5YVoxW0HGckO?wRwbp}#^L{7(LGJH8`x zHJ7vnWd61%40N`t{3~ZnrkJ@9{gnhaz>$t1WJ_ zkT7nWD0R!dEgnximozufip%$ts0}8YEOwwNs>jD)wqSjfW4ArK=WCoKc$yMtw>@yB zXPj_`e=vah6|vZc2$d2Av9BxffW;!#LgjL+x7z=F%p75ufh3N|Tu-3-I0P--jxR{V zZ(F1X^8Br7wFdF$t;Z07Y9U3)i<+e9+3RG+KaTf{&=4VfEa~bgyH-}`|(HN(RS~Ej9X$xTNcKR08;`7(Zo(u79R&b zoME(cy5jzy=rk>;Kxfpy_$H%_Yf^z&9}*m*MrT$lm7rYW&}ezsrToQ6l!COG6Oe=# z4$h(DCGqGb68S?mh+W);%9s&lCr>1{#L5IIuVYt62hTBv{gaTC!(s8z0VqhW$uwCw z{u|ng7?v1o!Bf5*CGYYD>#Lys_%jYJS*s?ePvE30qMjgrVwf*S>FwDxS)AxOx70OL zWswMZpYWbVRihV*QS$9Qs-^S4#_Eozte8^8B-yN+t5P~+rv0Z8BYM+8n-vQSjr!)` z+6Dp0J^GE`26GN0`!*URyUOWP)bL{QGa=bEcK;6H)}uVK$BGtkp&JkOMRhiFcqtEp zw*Oq*>F`ab<=D%9&#&e!m9Zwk7mG)(?vsDL=X?`p`S<=OEdJ5e{QxWr7Q}he0Fn0* z2o&^3rwatMf#+ECU%Qz~koPV7#SIDvM)qSu0D=6+{%<{|si9%_?KK}LsLG&k?l=D= zuOPB&FBDK(2>8U0UekL9w2Z(I4QQ4{r)~8=Eo3z#uDw~>B^_P&OTTppF}(fOezniw z%Il;jtimEb+tl0ySmovXG!#n|^STXa^z!^ind9T!KPb7RWqt3iDCQ|iy~n0r!3Ejn zzCF!LYwap==UJdnxCL=3zNQGRsm4y;t}6Moc%+`={Rc@e z9CFyG@G=(YB=q=qUpSR@z-FhVi4fd4B|Y75ZVW1_Y~BbHRreDv3SDdi0T!5}4;vON z(XgbqTTFUwmwjxsvn*7?1o+0l3IuM_J6hfe`n{2 zz3!etq(fJ$+J@E@({r}M5avPU?dI#)2gw)8x0obF5*h_mhp1NLV3o0$eO9YZCslXq zyv$VbpZP!7V^jxicfhZWUUFYWoYG3gZOkfdWg&|PmX6My?Mi%*0Ys!0Q0;+2hO}wG z7=g})l&z5Z0St=%+z*BzX*gzq;6~V*`0N1yBScQDtKixljUti&Ea|ZEf*1=3?WpDa z>=P*NSesptR@Ryj+&%VI9)h5eJ#06ot)S;U)EDONP=h@Ne6q@AZYyq`@+oOV19{HKAYfv$nffo(PktNiLYgg-Nl3hh88+H3eAb12dr)K1Xu;g>?pYI(GKF?CUv(PFJ>f(8Do?EN6Pn# zWM)NTrVa%}* zlP%)3Ss~;kRpusH5$U8S=FS>{0a85kIZmium~zOMSbC^kyTf)9t?(NdHju7VCn420o*W`Eg?&Mv=`UyQNn(ZuH7dw%zx2tyhJOC!N7I2N$e8_ z7M+cbDdT~U&0*B3fuzuRNLr%jD}2u5aN_@HNm=9Y{^&kOEzaHOERGjb1{XpDyT|(L z$+Lma-r7;q)A4>OrK^F2&!+cCO(DUZW}d=@F55*>yiOt)O@{pm531exi2l42MoqO& z;oOzh5HF5{Qn9SbaHo+K)CKGa*NLuDU4VshkAOcajokn*fHA` zHaN~`?m6}rHI8z(sJof25A_pK02OCvA zGov+C@g^yXazQ#A(SMy_j$yM7+FMxkSTZI{TpFOQm$?&OrVA;Ww)lg16-nLk_Vfr# zhOI}lNpjQh(0>X(FjONXndN!<{rkgbdCRF;S5x7kye3uXmM3jOK+z$Z#TK^svqX5{L6 zRW2&s-SRfq?RMMka^a$`V&O+?zqz}&v!Y+zGbxFMOz4zCB!mtR|38kp?+?`MI%kp? zsuHnq+tZc7wk2(en;oL`4(HOT$tgLF);@EA;7f2xN&s*vrzHgrq`H8V5+ywb&rDz` z3;6ilar3pmCE#TW{GZOUow0WI0Ox?J^GlAnXaZDnm)GZ|%1iZUBr6(?eb&mmdA4+D zhrABRJ~HK=w0qznR=HG&|wINN_}|*e<^vLcnT_ zmLVH1PGo?I#?a72dYa2k^95+J5G_+Cs)5F70-zmQXs6N79)XoYxS&^$x`H5ge{9Dn zkbB%w+XQkiB3&&Y7aEvmDv zfob1$0bmC z9sj+xjxrcR3Z!IEqRKd*IOdukz40MVm_Yk`w%_)=cnaozW?wck!=K2j7mj}x5jbT{p6PjW+-wEvS?%wYBN6d^1OkfhlXOV*i{IYEm1U7 zittMmsOyZ8SB5_1t&%q_i{q>~X#=VnVDKwX$%5k5Xl`CKY?^!;)&)1>iU#+qDS6FC^gD^YYKD0`nSravel5&O;*v^rjq;?H z(j#!m%BGFpal30O03<6mu3pWK>lYR~i*SCd(TKIOE3clSV_oPSO4CCe_;he}2ZBBB z}N{Xl0))Vlp5I`D{!(K0SsZBCJ^QlzC7y zo*cc$i4^%;`I93wWn~4L%;ta3-rN@!rYN>-CQ3}^$-q*j^BK2)UlD1b0h(*+g07`} zjW2`dRi2ZyO{du-SozqC0_Vt7hjjN+C28Oonjo#tBu4&B1s4ZIx(qRy>0|RtH<>Kf zIhh+KL)iVL8gQOIfP0GQmIrY>$}>>L_4^6Bb{YGuN$&EEIu$)VbU9Cp#13SD*8TNv)pPcKC`lQIhgR&W0Kq8SZ3GcefoNcr<(x_S&<|gHZ1bvEy*s|2Rf_akHH37l?enLhFKjWeT734^NO)4x`pF?CBb%>Eix9ed zUlrwIkWeWG2AVg>oc>)>D}yj>nd?b(j$V><44T&uK7z7%jO1L;%{4aq=SizpDIDIQdRcc%td7)(g~LWZ%5E z+}bGYuA0c0Wjvi{o{~4YP~DV#T8Fz;lxH-BvgXQozuEV3`IiM(#hYt8c&gFaZWF~p_~dvFz_o6gT7@#j$S%G2K3Z4_2pQ?h-1RD5D#_?` zZ{A0_Iru;0{$PYz5-)h?E~THH`wi?ktFsQBGpOHA)isF1YrOU3UX_2oP#Z#Jo0_$> z{a>=T*9GYZhSt(pE2_&UG8N>=YAR0@L5S(oPQPx(!zvJc6FG1>|{nsE{HJ2-d zOO5c9+M!W=cod6@W10M5U$)Ov8h~@sEZ2g4nsnDP1~Rf`Izi_PcxW^rmwC#JYCkTc z^EE!&X;o(Ms|L}jvANc>`KmAs=oZ}+Zreuy#?3R(Gix%lO zaP`jtCha~8zv5c)y>s7&PH6K<`$4tWM#JH7O?1leb(ze+Xi$dDmbG@SLStODUzV43 z%x7d5zG`a^|XR&a0DKx9Y!AG!UqQWwV~r-MPM zp-$8~4dEBdLOQ0*+|itdonE!vD9sXmtvX9h6R?~YpP2y$kO#KKYDl=Jm9T~J^;yYy zxtyNrqFVcO{WmS*Xt`sFENn)tPJI%qsS?#w=)xVRAB=vYAw!)qif1}KjU^bD#PV+j z(&q+kvY((~-Z6?Q4dm$SaM+4coZFXX^TlEDRF>(O`^+%}bFKPPuLNgbl4R{dxH@@_ za*i?gfQG=A+AZEcLWN@%I}RAOwWT87-uB6MMb;iD2QJY%ESm2!=Xd9^nOvv8ZC|xr zojWL4ZH?EuDK?+*;jf>dkzq=#WU^+BVx$EqWEI5--)sEQJ!VZ zK;?XW(6o;vE2r-|qCT|qggY>`l`~O`0jNbc(Jgf2`qw>E2+*a@!!$o|3JK?yrbiaS z1owR{k8)tAbPK*)(5j5HO%T_irFC82Pal8!WZOZspxoH=;_8x+3hzg5JDEI6_BO|n>t{;%jg&nNU!qE)^VoG{Z<_>B|h_Zht^Ly3DBOBD4n& z%A!IL>RlI|?6AzOZ!piFUy1 z$(lq5K8*iUpM7ytqhrYzzCvS2)c|UDxZg<#5qP2O35Fv^-8z8b|vyKEr`B za&v6J-&=NLxo%2)%CJUB(D!ZQQisLFApl_h=ZsyoJ(YA&nztMsOWQ7g<7G)OM4Xm*t zKdZ;y07J6;Aqm?5*ciND+)|cpE=*WGV;?nnVP~@GPXyHTUWV)PRX(#xRanP{$7U8c zyL~!?!6$Jy$4Ex#T&NNVFt#z0OIUL?M`3m-d6Z{Pd^t1Gz=8|{k<1g}=yWlTc;8z$ zNvyPpxI{+r;ZnvNBZp=bNaVqo5X3v~TG7_K4#2?(e7Js6)Vd_N%uMk;WH296eCA~Z zORS{m4lfS8y*?-05W(iwV9~7Hn&I`4!fSItOSHFwzntyT0hDjm@)G^;KJD*~%V+!0 zDLgfsyP~ABw_ZQA`D-`Iz4T-KP#`)ev-F#;JTlD49eZ`x@`wgc&W!1aSoqUJ> ze%`srZV>E_iNh-xDN6TqWTE&T?`x~DFqo_H@W8Eie$?ihHpBS!_bOiFR4<1ee zQ`-2%<+N`h{d$zU4Qb6$^?nt}$wJyU%ZLAE$O` zidf%Gy!VcwDCF^i3OP3r;K>w>re ztzH-?WXm|#9Q18@85#VRtY(J`1u)e-lE?j?Nir&7b=v)Px>@L47%+ZBqC_WzpIVD% zKPF~h{|fyDACgMkMQkza#Rd2i(217_9YKaPeTyPjor-e`nk!1gIEXX^IrNk7Knegvv2Q%qD4k$nGKZ))@At9Nvs32O!^HVHhlLmsJ z?E%nu-v0nS^~GLe2HKI4fTEX24A!bJ}@!T&%~J(PK9yBpIBRD-70crunvy|>iL zVT%anjlwICqZblKqEUqc6;kLN^+U}@UP43H9E+N z2T}|&o_nNlWi18PT_GfGe!K@;kzN7I)U}=(MU1NG8XCyuvE#kzL{q*!$(K^Z8bV_V z4V4Tq4TBVj@{2Wt({wY?BbJ+2yn)|5flAByl<`aRFt!x%CnlsE6xex@Ny|2~KPm7J z!U;jNJtPC*#p6J0`omo0B>E&4x%GPEyyqW-j)up6B{nj`AVQmx4DIUw1^vH0^}lHS z!weB6))jl)D1TCnLCVqP7^GPG1Q-tfzwKG6tMTN$0rcsMr)>419lw12M@g{tQQ{xy zNB0N4t>BC6DYR25hIvtp_&?mk2ZMp0kv|e_578%cZMz#rdTu8Yr7jNy5RR*d39sU~ zdqOaX8#+gCJ#u9}GXKq4B+Y}8uo^7AV>n0Q2QU!d+TM9<`?d5n`2}S9d)(Uj4fXoD zJSYb|>Uu$KZ?L7u7UmB^aWjPUEc&*oC}6N6L1|$VF!#Fb6A)Z7`7(oXkxYKR zr(T+qwck&_KtL}>ZnJ8|GDkPRVz|^XEI^86;KwZ7Z=7#FH{<}#`UkLN z&=&?X^38mD(4rTnK75{q&%g-6BIgF~?fm;5I4sBS%Dyhn4(!4UMRkP%UKj)m-D*y| z&(CegwFt!)dzvdX#pSX~1aHxF#Tf1{oEd;P@`{Q|xLlI^MObX)Jcas(Yh0I>=CVqC z=wVy3{}{eUgoln2@n^qP{cts(vPRuUr0r(Q^iIeB{-IiaS&2v|wJ~TgleST{H8Mo4gi5eYyA{hXqI9>;7n5h7~`kLO;n`=47#dnXGd2uy-XE<%Om8H zYxE*uk2f;FD~u}46BJ1KOypmi@RunR{5EoaEsF=$+3JeRZfZ>Q3t6z*%b9DBG)mEyd(Yw`nIG7*(SL5C*CB$mch%9k;o$ zY3$~;jk5W59;=ZHE9gC?W%N#1#^so0^v<$UdXHHFUB$vgq6wQTA`-gBOjis8y9#iNOO@33j1yqWfd1sSUX*)*}TI_*1f$#Fqmu z##YZ!ctsqB;Uy70R$&tfMfNaLSzce^0IUwtU)<_3|2dwvlP2T$RF4=UMnHm67nQ2*;;MbgHeL z+VDl#8~ft9LL#e2#(2MVWPBM{l*ikfT$%GzTyx6}?gs&|%Ncxy%hhel@54!plxc36 z@k)FuF-FRt4*n=VhLdS1y{qZUuPYx-q%0#b_)4d<2b7DKtoC7X^(PxX*$Dm>M>;r& z>PH&~yx-Uk+Q3~~*an~uriscjaySgBmPzhBP|rYqLcs36SizVFbLWnE81r3-1}ZOn z@=4|SXb^1bi!@kyo~ajIsP~P2ShA+k55P~0%QE@5-rwSb$l~gilUW81F0Lq%yJ=b% zIiq?|Em03f(}^BE#a$w=(DEf>lZ*@vDd7vE3bZ0B5Df|PNOF@{!Uxrh`C^GlPT~y- ziUa|3O9KM_kP?V2GfBjJZAG!%P0@RZ=~14eRcDZ0TAI5!A5^c-m{8~7X9NlVK6N|= z+v?eaj)QjouoAGRWo6TbwU&3AWW)Le0VdCu)qFkxtyRQOZDPXHR>9#eoUtcxM@$9UXs zhGfO+BxoyhvEUk;d_pKJ|EvaqVFI$kAp$zsj&iPz2ZePiZqUKyP)AU*-v5}%RXEfp zsf&{rcy}-00FX{nC=`a&Dq$EciI_d2uu3foK@pX0V$f}TK1^p~ve__`JhZ`#mzP|m z7qm2Y0@u&Wx3H{rxfyM#$>eMtC}{>&vbVA-FiVDT+H<{VtQTrWWb$bV^=RuMHgX7^ zP(KX>=cpTm-Y9Q=)n}e<6AS&8VlC8UW{DcmrB)V$(#K|sHE=g8I6O%}@EZ71ZUIa0 zr+gG>(k!ZX8@Z;eGyM&ITsj%ocJz~2Qb@|98~`@&G^uCWFXcaT;U%gSs=mw06-vO` zEoop)HdIL_AC_@tVC`;+Nm1(koSCLhL4{p;spd3iJ}_L-2*8lRo92%pye<~HSSK7TtCH~-s&A|n3Z zTHv{@y#1}6*mmny)!u7tz`?LCZ}}_kAQA7$#c7G@_n$vZS$0G=W4L7oQFK#4N*V_g z7{&kv<|`QPHm#>?+b)hW)8j*P@JNs~E=HcmOdI${Z%DPV- zY29i0b6DE#tn7Q~d3R_Wi3N=Of^&l{X;8KeL*Muvhl@5(U+u&)jXJCTlvEo3#UYUU zs3Q;@ics;nG5~$SM(B`JDuWydgUv>mESXe-=A92EOQgxr?v+ZCL9M^PVr5ym`IOuQ ze_?-7F<@*jzaZ%UY{?=;UND(2A|z75|4iop1t8c~?P^cT-Ze!CZnMq(F zkM4y3#0%|grc2@}DtAzp`^AYqvb%Pdco%RHNA5qI*t7tkXuD3euoXC@!nu+ECL z+N3nXv-8U&<;a3{2-bo~!SUFsQMz4m0NO#G&7w0{bIAE~SPVLAHa>qPg|;%Eypl#) z3BX3?hk~Ric{v!KbKubVd&82^!;e)In88?-p_Q?6|GyJ!O@w?m5;P4@3eOpnpk;>*WH0U(s*8h4wHLHYD zJ+y2cB`*wnl$KSR79CQy9`u~Xb^U)kEqyM(lO;89ag+W#^J@#RG6UEYR*p~t$cgjg z@qXO%xZt8Q=cnxKpK@xqkwxJ8#jML&S(gYMZnpk4nNXS8KLJP~-ppie5=$1bn2RMj zaoAi?vx8i0sxcg5N5%-7)xNh+$atasg_jvw-(hp_gMpt%Kf05Zk-3pkDZ?U+N+J}5 z(yw?rr~?4bIP*u+-{c|4(%ROM5~#`<4l%H_CSpR6r8SXQ){sJwrL`@Qx`m}R@!9S} z_k}8$t!x}f^sBsQ7)WL-0$+in*^0obOqq3n%vLr8j)8x(6@hCoS{TxL%;Y0S5~_RI zjb7|A=OJOu-e4~C%2^aumioJDilI;RpAFRT4o($=QE-pR$AvPPI_O6aIv zXUQ=+A*bl9UHZv6xgeM1id>T$a!c;WJ$WFHjCVu4apZ>r5=Pdw_UXBIU!M;2`n26H<0D!YVUiLD1GV(J=0y;UO#7gW$ zu&6f1B$VA1I`GaKM-+(l>$Un-oTZo8N2P)u2!&?Gk1qjoD zPT+z&L7|32r}#(Y2I*hazkEq(UVdW+ky{>&I`xt4SDScFJR+aP58xoa04mRGL;MYz za)E(5XBE2n&;6h6+rI`&jyMQQ$r|nTe|&h^pLapUSAnn;sTR z`0p|AWj_;*7sG##?k9x&urZls!*#ymRkX2+*F zA{Iz|b=7MlBL`aHdXN&S-%b#lKLh+5xli#ZhrcMbozYy!@luPRAVRLO%gKi-}@QUudD@ z1r;}7OMI1SbzcdlrHl-^5f%AJO^oowF*g)NMvdX%1MkK2Z;o?)J zMGOf1Ov&n|2@!x(f-gpl*C-uen<%4@4wFcERVq+zG8;dEIs!FdY+jHNBG4HXDCeVL z7GqPcgj}NnD&;iqpT|513pcT0k_aJ4*$DZ;lMYhZ+fOinip+b~bR#t~D;SW<$K0lb zeXbt{V3crUA;-0+^87~-8zRC&i9x~5$_#ejnfDaQLwxRb(5cQY$FOc^9gRMn^Ly0kDVU>w=d8!-^-~~VqAYsl9U?%?qgn}40 zK#>+@15_Gf%>XH(pbs|*E2a_RXhxPE43jSwWj3PBwiStpuy7&?w^T%>Mm1VhtHmJ$ z#_H51no~ZBU5lvcc4#YPq!2YB#Z-S3U1LgxzbT_9^F+8w9;0ZsvMd~=IA((`^+^1p zlP7lQ;TE=P)dCduh-l7|`g1@)72QQBxnQ6h#A68jfEBLy`hGZQa0Up-T^*0U?&!n{XyWu#mdDZ}m5poS}waEkiT?GkN? z_vDhdh=t6awpm1z+FqhA$uYu(2(gsPNZEVMM=4t}cB)fUqYc{ND0#@;QFt!0;utU3e!|WoQUWp;<=2Wj(*ot?dh>lh2M$2t!}u_X$1DKbLigJM literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-700.eot b/2.5/assets/fonts/source-sans-pro-v21-latin-700.eot new file mode 100644 index 0000000000000000000000000000000000000000..86925676449bd5d0fe2f11bcae5311bca7c00dc2 GIT binary patch literal 14950 zcmaibRa6|oy7df$yA1B`1h)Xe-Q6v?yCuLdxVzinPO#u1xVyW%LkIyv!p%ABu7BOP zzk7AXxWa>(dS3k!#^CAYKPVE~^3bBR^i8J&f>Y&Rq~)WZW^)=!(DvI(~qUsh^1t`$y3wu*rWuJobPdB{*CKnU9LwO^z%`|o~Jb~tFNoWG#D-|Ws2V=Wm z(k(hxW#2l;HO9RuuHm@HDm^43IX}`6sT@0*uhxczG@wNx|6ZP*{5BubTyj{iSavtN zfY+D;LRf9Ec0n9QUo5X~1JB_t;R@oPvlvR4qgm0j#WYEyWTT6SShNEw&V$~b3bPJ< zfaO68V;F{6RJ-3GkxW=BZ7FuGI$>pdfmENusBc}XO(pFotYcvcX^LZSE`N}v<_O?% zp+9*H0CFNpN-B~;@IC>^mZ_CDU@h2#QXqKJTe3n)g2|jKM<4D`FODlG;ql8?7mj`u zmK@0vR_t;Djq*=+evS#g6nmo3R0%M@7b+)dusSN~mu3HOgQEZ}ZO4BcVS$ImPV7(v2ZgNPKE ztII|DGx{!T`zHIP%3^7NkGoU#Gr(%B&Vinmq;q534}MC|=0al0&4mh$dg0;WdgJG)>H ztg)Q%!8NXXwSv@*XB?RpeC29fjlL{H!&4dO^}Hm?d8h`1I<`0YiV{1lRW~Zpit=j2 zInCgs3QiHm&1!tzq99ra&auK=4a18N+E=oDoIGy~&u`*E#?=jP;8!{9_rjEhE|$+ zjUeK~{*9lxiMsTr{L;Lmskuwg{6c)y5JiJo%RU&nGP;`otfSMaEy3G1=W+Kb$_kT# zx`DZ<(jMLSh>=1Xv?<0o)(i-qiXiB-B#kKOTnL%S_krfCxyOo{JZKM;LNRc-+^Ula z(Yk_t(_tD)7_iPmvOeILNTS}p6bEn@&|Rf<-^wbs{F!b5*r!q{n8dw;rTWy5t@=pd zARx}zdDuk#m2C`3&|On~D2hIAMBrGHlJ_=6!Tgt6%{$R~jzweJ_4|r2L9=+s3tYAv zpS6O99+R-r!r!FkQW${egQynaSJ^N@SlyZ8G!j>a7oeD`YM$)$>X#%z#qZFLWbKOT zT0u@5dJP^Np2fM~glTR}T5&#mY5)-A7LP1AgqM}ekKJ1Z z$!p)IXA9$H>@~t+AtN+Q0K!Cgl8}{(F6`#Gbd*WNE*_hV#Q7D^~T>A4Q*zP9GvLt>3s& zp9A-7TFvK1iwZ+A^h2j?Ptfi@pLeq+*C^~(#{p?ux3sIZJ4h7Hzm!b-Q?ExZ1p-7| zkgaE-QmaFuycX-`>WPSm9>#YI{yB?=An!&*Gaw1`DrTB_&qVf8VOp!U-m zM*=eB5oIP!vcl(-esugw#Ow(5`ywX_g7Iu7Cwqk6?8PF2X4A^A`#upE$qV^X;M@yY+721KPp*5{0+dCXL zY`v_x*dWq%2XtZz%GKQjb@OsV5JCuyQ&T(w4a;Y+t&AF-ND^Q^nutzJd7I4IgUhHi zPEFiLGtfY1JUw4`JS0Fmw3s|7K~_ZL%FCo+(jR)F8n3!9Uuw~4G4PQk*HSyzGIXl3 zr+m~;6InuEW-3S_9RTa?E`joD1kp&B8dg`N)szX$xRg@Y(qPe}q0C|*-m>_j$s_ud zhkNu^XEErBm1o_e;=*&fw|Ls^D#4=~-!gB*ek3iU6-gn@f4G&HYr~zUCjw;7FluU0 z=~57a4g9}8l-XTZ9c_O44NHQcp7vb`Kj~ojA!58MkD$0z;M%PLqtG|b{0zu5)fuip z>8X-sEh^fph^sRK#&k^}P7naAEsAlsMNxQVBKv8Q`rj5+E@)hc)=ErMu{p&{6gd;? z5*AV|5H{LNwqvVhYyRjj3;pelAOwJc*mF_xNmcH|47;9NS;94gs>5l+io){zAlZ;P zh4jU*+*TO4_((HmXm2dZ@@2nd-=TyXq9`5a%EeXK5iqAO9_S(Q8ak@5} zkMqo&{+gi73m#H&4+}YxIEZ+7quQDJ8cc)FK|avIzpcKz{J~5%8?pf_Lu(I)VVp`c zD2Cl1j&ma{B);2K9z5Ks#!aF3T3)2Cv%EDx+vHU1!sEe$U?kj*N!VG|K@h=to< zFtbK1rK+MR-_?c;C;J;WJk4`5>A9B_ne?+D<1@|P4pGjDs&Ufq1;!aIMt;O(xF?zdYDa)1C|zQ+?K10 z7TuYlu6|NEd1)V@rzPFgofRR7bEIE7z>X;Y`_n=yf?I*wVKx# z-GGNfLcS9fb$*%Pe856 zfN&=WogYRFqc{J%gbk;IP@_Mwp;ImZniQq&FiT6vDP|yf=bNJhIGG7aNbycB=)Ij6&*FV-!mKLt;oZ;`nybS6}tJOx=nD>P@2>oZ(dPr@=L|!suDm zccmjcVj8?pqPp7?LX>74I$mr*KMl0<`j@gf$QhSg zZ!fhf@Ee4^pmncaGovO($`(#0HwH+KIOKLymzPclC}=kcoj31wl+1Wy2IR1)Y{8@gP19PaZbus=z$* zRi?b&dz#Mg1iA+TVZ#RQc_~9e{b>;%Ca6tM~a{ z?X>d6=v&FYOd^!VN>*%l!+md?RDU~w21+7*7ei-Ve~ZSZ(7vfWQ_7k2E8}n|EsL>r zByYj7vQQZrtjUG@n2?N^o7>EFIB#)}A;11y%j=jQnqD0O?%nNR8s6++xYj~HlUAm z)(bu?|9H*>t~p90vjNE6)>E*Sry5`=MFi)BkV+Sm?HMSe19_kVG1UbN8y%b7$D&2} zSYiM5`6i(a-625$2e^Z!n~>Q1>T3Y z^u4x=CGMYYw{c#3x1aR#%)-rV3IZ=0@SNWnMPg~q2J{X!vU835T4tP>vnF&XuEPiw zex>Y+1DIuWDV!PL$q-q%g%*4lcBe$!bVr+NqHFg|8D=yA2glCP(Az1K|hN1qpX)qrJ%o7|p;Dn)f%=}o@O2$j}N}9waVcxOk?4Pr9 z`Rs|C&r@W-Bj+5Z$@^JpV%gU&9IvTX(3f68Ujxt8vp7$zrA_LbX3%eeN9QtSRbCkK zU5#0f+_E$;10S>Wx4v1*!5K%qEc2|YU>7%eJWPR1s;}-SrCp^xhGu+mxnlp$6G3np zOJG+N-$94eYNM#&IBQZNE=&G7S8$Y*h${k-lcSz=&Sr7&JDW&~rEnVlh(?a@Hfrv% zlYBa~k54FX(7;T(b!p**tSnuAgKL5=hIp?~4z-05O;B3-YMmf_?E_Exd$~CQH4yw1 zn*Ho_H{{Vh-tJ|3vTG|u2~gs zu+FCy6s{TkbpN-niM~mPOHEZwe3ELWyeboD`J$95LnZgl`-MG4#(-IY!bJ~W&#|iH z`VyL)H^+v;cD0YQXPJ~5?V*hwazEyh%hm;?wAU0jH&SO~Cwmxh3;pDHB?NJ!kGjM) z>2~uP76lY^AGppJCCq{OWf857@7|@kIgL*ZDjd`e(0Gs8R$(#RbiXpTZ zDR?2Egyn78>0%PRRiu#T4@#>ie^w;O(J*q0;J`&@HH>~uw*%ZpUq=_|R>H+ugSN&! z@Y@{0D$5YV)&ly!DhSJ&I;kyB?h?3#!%e;5a5_14hn~v%lgcOq?Jx}L(<4k)d&Z0 zSvqa`Xwn-uoYi|Q6cY}wU|4N6Z1cB3Q5qYXLBx*wR`l1k2j{Eh}6eGFeTD_5}w}*nZs^vGkH3w zc@??+bC6Z+1Z&pKeK7? z+ib%hM6-#$P1r=ir}?Q8KVhsW)2ZmFtlB^t<8ogAh|Ci2OjOzGW}-?uAU^gyd^CQK z0XCx<1XkSB;Xo_ZdSsuL8BV6wbAXDOwx>Ph`cf9@RRN!QuE4nu_tE}-A7su9*QGhc zS-{vtF}XJ+E`ORrJ2GZ#J&bC;#fQ%<=wr`LW^*2FmI_ljh|-3eO`nIs8vyYv!24~z z4OsH5I{oQHcYSxtda_h^3HL+dXUB2-G#v=b&HAMYGQ~f<5%auoHc&3BTTMy-qFL?W zM^IO0(cyk01;+ z9umv^d!5t4G&;$=jsTspr0qWcJ$?H;-j{R{gP@o2d$O!<&C+R6L|QiHMu-b7-Z0nU z`{6C^W&xkN9VG_Ij>hP(ch5lgUeiZ8PxRXs!GscLj2t(dAKv>vTu`u{;Wk&}Y{WMb^p6=li@3dgWQW=>fi$VY8BYN;yl2gDhB0t z0qGc?jyxLu;0c+|pPh+Ihm`&bx*!BOl+~SxV8_97P%gpIOOcn{sKHj$E*xr=>4K~P z7MNN=&HYrQEByxC35RwvRji?PgXL|%HRXr0O9qIk3*(n+Vx-<@YWiWi#I50c zmP%mdm=Z3YV_Eg)MC`I)(y+zVzsy1{skcwtqn<42Yq5L2>9=L%SpOpW*`zX= z1J6-2Yf8h{L|WEcksxK3#VU8OXK7BCD-??807vbD+#!h9#6vM zg)q&?ZQQdrY~c++;ub*Y&qY5YRR3XXzR-q7B*|qJR*N!SqVY~3n6wf3N>RKWx3njU)64# zTaUlAXK4F|{2n{PKg5Xf`GD8OKeXS__@rDzT0r&RpXL@dN-rX`KmH;H|C@@lHw6ypa6^<;_OF)wr;%?aGY`C>HZRp zAW83(?tYiy`5Mst!dR=YJ4wq?kS?z7%APxpA0`V)w}r&;q5#CFcsSFjLL%VYQVT6& zw0~+>oKt+OSK3|k^0vUcAat)sT1No#qofX)QnxaVo>N$PNqtP%ll9A+-`3}(?u3y0 zGdZH!<(M2A22Zj{C`nk(O>lRJLxC9q2F!YngYC{DFsfu#XGk;+M|;w7>#9|!=RnS) z9$#e*go*dW-?%hqwDFaP5keCIhQBa$uX!m)9~0J{v0G-p0!{v7d0^9?B5J5QOjZNc z7c9>&1TRv>Rn1V(?uPS0sZ9F7i2b%xI*(Px2(759r=|VE4OOZy{hdN&NGRV z4~axVhdU=pXJ{=UEZ(gpHjR;2Il@<6w+kUN`?+#DdlMDDo5Z=mXAvB5;{ZHTR zGt7Vl*1?rbzRbZ7pbK3@#gR8L!SCDI&Ud>-z@w+2?9UoW*2_b04)Qzal5@LZwq(7Irz&4|Z7jB0yrt#) zZHp~*lZa4+NYL|xL(cWq4JD7dKKlf=(Cl*{wCvY%7C7_UzdpEt*WUgN_*xP7ow&{i z9>IGX87Wq^Mef?o?kGYr&?0z86$^-4QnAyLZn*2NhYC{~VFaftlPq0jk{>q_&iBLM zy~Jy|*fSyB7{tS^EB$;5m*i)x5+BXc8ylSHL``&lljwn++KO7|nd@VR1?i3y23}&` zcgvZVQ4L4TV>HVhn?x5mvlz^{6OnC2$GeQm5`0l3@6vVC;>Cd;?1|+)Gn5-4C+toc ziJPvd^6-MZGgFR?p$kz~qM3uv1u6EA+c@_Y#FMVizDp4RlE6nl;jE3mI_b zJN1PptD9UUXTA23Hb|Vq<+YsO@ERh>Cnrlyam-#~t7rJ5rJEczG1Eo+{>Z#VO~UYjOj_+Mtji;yTMTBF;0V+@sl|nLq z!g~OUfjIe9!o>H~llNEJMHS$M=K^@HnMa9c(F%?unyGwDLc{xE|9!h^t znc2ku(&D+eoL)~(LALQDP#eg zCb~3~XNTg(yWz?1?1~lweL7AFE-esgwUnrs&C0OZx9^o1vPiwOjdhx%zsrdOLGKzj zP1!szZ42;(^LBqfz;$DqSYgK_N`MA$CQjk;clER)9|Y0K#Y_cbX3{+we~<@?OBMIC z!4AH@LT=opyH~x0^10($r#~o6w=}WQJX8~!oO#AYs?pXbDYRemS@Lr9atC2JGbY;7 zeRA6CB^7k&$-*(gvUs+D%wg`v-H|R|P=WX=2+vB&JkA?F!LJ5@U;7pif#RH%L;~9JQm+z$nT0P}$y_=Gs>byDrH^gM+Ouhgvmw zgO_@>k&&?sW&SYw&)*n=N5Yd7%AVrd-xO}LsJC@}bQn!~PG{Bx!?+FOU{SQFk%>=( z-BGn4KC8uryjT5go&{%%(w9dD0HsNh zGn%wDFapTR{TbQcxZJD104m!JRGUcLkwj0@EVamC>dCjVadT$u4wgn#T%dV8{JpnJ zC6g$chu2Z%#8h5B*RU#B?*&TsQd0%iw`gGZEdS42cNbpW42%d757wFFLToQEDGr^H`wsoU7%EXxy&WimGJkQZ%+p>Z7KOj__6|J?@hn&D{uU9j|X^oPuzfb z_L`Im7!_N!;cJu!M7py90# zjb#n8ev;KwxRN2Ba13MJCWi2b4`tp4J|i(Wvs=%7tAj6k;AEc$)PeDqRnN2k5*|f+ zoKVpYh38s!GF@7;dvSV3nL%@;blf!D3{EzG*EsiXHo-F<+x#7pl?hMS31jjeQ)M^3 z{cF67I-BtO-U>qqg)cu>HQ8i~`mwXEv(Io)p_}KGMmmnE-pzZgvk2A_bDeOVbQvXR z2Nv=4I-WZ!pb1AB{jXsbtsGoa&v!@WSi6!{qhk8r~fxQcN5EJHl+YOAFfbI;6!AeTB)8srtb zemFSQAn^|S`a3z?F)bP_Rct%BP_0W85vvcs-vEm?`pg+KiilSnbW{L^?B7G$oUVjd z`UHqmA#6t#hyK!}pIMY3Fu#wtvvvk4D6<^T2?$v;Gl}=E5D~N={$#0Z$0$4TR*9N)D@Udy0L>k`E5w1Q*sa3*mRJ*}H`tbo zsFp9z=fWx_2_*#Rqo4X0R22gD2O1uy^x)r4%~9^Kef#<}^Yc|VW9jIc*i+-JB~y}V zt71`fwqmLl#brhz2ZAW5vh;^Y)8^FZ&4kcrvUj6|6C>{;Wdx@LowCRu)edIlL*LUY z*8)e7fuv;LzT+{Mp3t+g(asIXywq*xcAnIl4I&RxheoFuR1Tr?9?nkf;5C_`B^OmD zs*1~n7MlR(@Z{w|t1y*wwxh3%ZNg!>gaPEXZQRVCt8EqHg})!dNrUdNN}Vp(7!MaV zk>Nm1`IS_tNFtWJ#BJzwOgWV2aR=Uv88L`ShkD%}dYw{;b%rXeT>q>lqO0pv1-$8TqwYCSm|XFvmGRTfC2^e95k~2wAFax|Zp!Ttn&cjLT9R4>`k0?gdk%_{?j9ugpdjmAA zRpy1v&Am8QFU5336q5I*H$S;c>xf!@cK%^*6NEJB)=y5#(+58(CcV!k%Aqq|YI!$l zaU2OVUKaqpA~Dd>8Q_kh#^!zL%VL_~N86MPF?)ta_@}N8wg+WY=?Q=W*j$Hb4vI7f zdER>yedP51smUp5`;OtGi*>^y2vxUfgSf*eQ|@!3dQ=qV)TqQh#?#HD`$Wt{!lASz z&9%gQIKWFO>?q{V^CSaBAT<>txy1K_PPv0*;+`W^qKbCATJJZ^n>uE#QrRVmU-jV} zRXwN(8g>7^WuT?Olm(N{9@1@1R^rZK8JVyf3s#FdL){@H%Dci9;`2RJp3FuUHoxi? z5bWMc=qAc8JQ2`!tSGGR4UnWeYPCy`Ae*EdV-W8WcDq9;J$1$DsP{*uuUZn0<_QKk zk|AV#L<6cdh%}zFFYamW@<|sDLljgWYDfWvO%bIpB^Oy^gu1SXNBU}j6a6C9?Wy(Z z#$}Y}C-E4u$>}}8a3Zy;Jp(o2cAkanuLi5E1gC}CHC*6cAd;lgR<(m5xn2gGx?_>Z z`!g~_u#!+7Mmm?hb7ymHpoXHr?!epdy5be#AMt?;6=L5Iv1$JPVRu0hE6x`$d0U9a zL$8TLEEL~V2TBUm3H)5%cb?2zQ;>M^*(N(Q6$k6?raYuiy*H4cNj>9mlqbfyVeft_ zGP#;=2)`s8Ez*mL8K8d8I#VK)qar~RNrY8}V zI5hnZbnDCzj$$`JJedPaN~n^e@WHLo`cqT8D^4qFWdp;+k@c7nK9mCZAPZEpMcVsu z3p}lpgvBF+=TPv(0mYf3Aup1CdmFtEig!pY2VpE;tiDGoLhV-KfDW?#7fZt!Z`cm%}?lTLsjT zDD|W!!HPFaYe6UT!GikB5-_ zfv+LZk6HT)30L>$mrV%imDE{6iG^zMc%b40v3)S9R^U4;%??Imp4M!h zS<1%&+Yj?V9L(HduX-Wh2yswLaL?*_aP06D;zDp7_e3iYSB08Wy)@qr=TTO0vyJaW zVp-Q0+_etnR3Z+QvXyzC$adg`V7Hu=m{HOw{dgCrY%MKeW()BYHmTqUC&MYK6zV-+ zg?vaoJp6b);(KCB?<=@fc!Ghb{a_Z9d3D-2lQIiSvuYk!c!tOKl_C3#k5Ki_{)|l& z{V5Iy&LdnBW1CGX28wL3p*;1M@Un;ygg)L~g7YMydS^h?B_Z?VqI%notU@#=qWFfl zj5Rw46mcm`)&&8IGDSF8;e~B+!~5^;q{2hz7qA@rkq|q#(JnrD<-(}h_kDeWxIyyh zQDurNxc7C~OX}5|yv|W7z01*^mE+~Y60-BrJjE$Br6{LGd>rpvy{HDy$OqY<6^o$k zd@%FE+#VhugPy z!z;Q+8>uR*<5&>eLKq5=d?yCU78-kwYF#k6QxQ3kn+oIalv#ra_ha;h-5?9D`(Sp- zvPWButtL4xOYfp1VR||cxrA%O8xr;x=Y~_++8{|K77_B%OuF>&I7`G!H}tS)_D44T zo2(MYMh9xqzuFwc`pb;bb;-9Y5$d18+@Zi-qHh)g7E7M+=m+Qf1E>;ro)DsHeo5yU z7nk4>nr7?IZ!&>FLXM&>SE8X?*)y?l8a-!5YW94TE;4j*v?^(&V*P(}`z6-J-PG2d zc@6cX;H<~3JNHNhqZ;O(Jdv}eOiwAaw_i79S;H>SSVl5vw|h!~@l?3hrPU1Jv81cb zBiYM?Hp#%T5a|L0RY9uvcIOp!ogSzyU&rqe+l4R+^cfYO)O*bV$w*me`&0uxb7>pjqKiA{DWg~C@O0+41hTZ&;wg~INENM%?9VC``_)f>wR{#w@=h=W0`+kCJB9^d; z`C}E3dXTB*q4E4|Hvctu*?nj!-nB^tU(-6o%xLBjgU3=Qe1~VrJO-O;|RPXHW4`E)_o8d~?PO>*9KjoxS3( zjzO4n7I18{phS<5lo%@B@i-*z&5|$Za_O-6^2JH=aqClH>V!3^znGX%2=>c9eLBUh zPtzeV=(Bcrhk0PT48|O#cbSuyT?NH>h*K;j2GZ920$6rhx(qFtnf;VEr`PE8T^05g zGBptDmvLq~m8BGxXTUAL$R@UYn43UCTEwf6P12^uIN>kl)eRul0jfoyUL-uK76E1Q zDK+Tu`bu8MqWq(mriE!kWDpCQuC*(^GIQiHYE%^6Mw-r{k&u?;&Am-vv60rbp@Ss` zCQO?Q|CVmQ0>y}&%$&OuIiuM)<8huOntXE@ajSxmvCRyo(blwMmy`Gtf08>N#wllB ztify9D9O=cmi>_O)&KaZUr@k1w&WUq3fbCg#Ycw5Ce4(AlXItNvoSYXkn?yBc@OfT zcsTx?NCViZJuwhsZ&GtLrj3xvhK;X8@@*SYpXP98KnGblmDfU_wQAa|^Qygsz2G~T zB%o6#oL!H#B9@y%-$H#VIQH>K@W03M91z&9w?VIEV9Pw+AfE1yQ2DSY{}3Bpla>lY+AwY0y_aXFV{B-~Zd2uFQNNf9Y-u#`!0=_x=CJf25m z-BOLN8i!iV-fqf!;5#U5??!{WL2pPIL*)v)|tx?8# zQMk^T&V)Q3N#jM8D^s%_*8QN0Ux+KVLCnbyJTNzN!O~+!9Yv7rFHEMiQ8Huwt9`Oh z$jG&0$QkH8`U7Ej6EsR37Vl36z_LFlvY0B(&Z=_St?OE}8#TqKE~8G)V2QR`n(Ww? zKEWaG$VnEuz*|h}tZPJ`3`l%H;OvX)=Pm^)!Vn#i?k1WZnTOmSuL_a)C@Wk+MA{$% z5d=UVP_D_dLD-)z-|2&?e5K3jZ~Q+58_h3?(aVxlT)R>1g8`_$1Gi$Rx`a-K!r~4= zAMZ|9b9@)o2vd)xuCsVjqTd@zYoBmVLS!Wl)sExxB!fz44Hi>RjJF0XaQ4a0-4UoC zKP%qZ7U2#sVOhZm6kuckaSm}kZ1|CrB883)DQw5KnfH&vJaFo53LtQNmJx%PE&&Nd z+Gv?9bm!r*ZN=~0urs)6SJR#dR`FIzPu70T`7Vy+jHH+(J_5)J;e{y9f3)Gm5FPpk z%%*TFI9Vt!Y~lM4#$8X9{Q-E3O70yVUFV}`iiDHe%`r=9FWO?;Y&hZ=M68>vV5_`y zvM%mUw~YkhDw!KR-l%-6w1GEdv|z$#w>FF^E;B+cb6{wLXV-akUs2WSGfIiTM$lNb z2p@ke0m+vs#CtDdY;#VJS0-7wvmj8AbxFa+XvPNZD}sob+L=NF!M^0X-mi&SP-p3ty+6F^7)q&zECWx75ScV(hE|xci&!-aZ zYrWF$O8tkK&HD6%z+nN=+ZBWu!Th7C83c!F-^LlNTB<@ftVo*hAB}PZT3I8k>RX6qgV#f@!d9v*;kXH4B+S$qATdNq@ z%8(nyvD(U^{5C`zP1CWEA66{#`^;R|9p{I<&MGjg*OPwD-9^;;v?(7#1^L-Yq?%79 zlhUi!LlEZD&{BTzLE!|RdR64XoGiI7thJv9w4v1}alvp6=_bl)7%1ZRHT}0qx?@kK zd#*C_A>Pr#{$u0pjwz3OAb8^8mVaz!INeseDRpq;xX|EHM0Pt7hFzdez2M&x$;=-7 zoAeu?*M;-19eivHs@!qN(66~)d>uy5Sp6)jwu}rO$5{m}_tsQ>>n?Db>NL4azp-OP zOn5J$-e_>me<+xqk5I>hkF=7Ff)|x&zl^hSXqct(^g`iqtJhI4s~r4j)eWS{Mt*WO z=^O>yiP|yc*GUU)WTRGn!8a8ZV_BEMfe)wVRF}}cf8gqGyW7&V6&z$+saDR3*n*9^mqPxw?Xo2BjN*}c&&W6KkZ5|zs7GWi1@?_rGh$rgBJ2aD* z>sV0ji<*t4cc~X_;s0^vE3wthj#K8Jr5d$Fk`*I@QkIdklUNGxC+gc;84b^k3mjtg zc2e$5@Z5LSEOkNj_{KtbyLHq@I%X{=Vxa*oYy!MiM7A8;HwmwYVBJbm=JAvd6yJmL z**w}5D5vsDvUJW2&M-^XI3($m94Y2ySKkq17ObgH=7FL>wpoRBu_9YVO~_r6r*&=} zSTkqWT2m{R7zPwY{qFA^gzs=g3WBTFm(u)VCOW%cuhJ2=(gwbVu5aK7biF-zimSl? z#uNASB3Mp9E8k24vgyyc+?a}3TN4Oi0jVM37GxO$06Q_V`QD%VsUE(eGOhriVbperbJmW>)W)IKPp{9%K|78?>w zbK?Q(DZlqnb_c)9&sbSx&$F%#CZ8&IPx-P$FuW$~8nqM%Z&@j~@F_P2N5+Pr{T5!s zenwtUYrq^JgnKby!yTN~KCD)Doq7^fh4HmhjebSp%(BK+iPY+j(y367)atRHTDE|W zBR-=bE=7l5;TR#iyeGr75LW?3qn%!5H_x6a+xxHbq6ZyEc5=G~@eFh}$2F`EHKM eTY?kcbHDXBOk_*czu5f5KC-Kh`}zO=q5L1w8#G-2 literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-700.svg b/2.5/assets/fonts/source-sans-pro-v21-latin-700.svg new file mode 100644 index 000000000..5f9e7277a --- /dev/null +++ b/2.5/assets/fonts/source-sans-pro-v21-latin-700.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-700.ttf b/2.5/assets/fonts/source-sans-pro-v21-latin-700.ttf new file mode 100644 index 0000000000000000000000000000000000000000..2dbb3d137a928cb4b9938a242044b4a173f4edf8 GIT binary patch literal 29848 zcmeHwd0<<`@&E3VEcuWRS+{J-vQEo~Y)iJ}_`aPuzG5eF4(Gm{#5tNc2ZR7$AY2U) zNVv;U3Y5E?iNvc6N4l zW_GPG&KS#Nr!oZ_=xXoilpd7+#2B9kXmi&<|Inu=esC3IhJ%b1Hg*loX}u<86eUt$ zVob56f2ce-(z5*y$OSmQu<}k2ucgK?K`p+3xyiZtOUv%vmbpPY(@-WIi zk-9q4BIt-{IK7^AwkvF*6-WG5oGLMoOX zVJRqlt~3vLX3BTIm<73?NKz{lN`)jT@y&;%h}Xqh+FSdXgE^ux=}1gPE#z7U8zYh!_xw`6!e_Te$IZ)-eMoK7_a0*(j(GS z((k1=9BGaWhu&dz*d0!X*Aa5mI@%rMj@t^Ig%=j?cjh_`(O4`7oDNpOYFP_fyo~K) z*RsdhOY9&!3S5KI!%4Vw4znX);0ijX{S#chjKzL|^f2(U*mk6CNL7p-dplYmEsgr# z&VD=VAhnYnJp16LgU=sad+^4CeFy8`y8Ny6Z>@Xt;G4gbs9(F0VKvfbq@8FXV-F$y z4(U^*%=uL+m|vAG@C`*@NKr_3R(O@DNX7@3Jq! zvtMuy?mfV6=4$lEL3RT>f*v`_E@wlmlXbD_YzA62ll>JE*2ntU0Gq`I*=)8ElC_$x zVWVs`fZXEKsf&GA8g`T;ZUBiATT3E_Tf#Y=0`dd)-6))yZ zd?sJZPv;l$C-|QvtrV0tN(ZD@q(3PXiUP%a#hHp9DIQcDRTe6HlqW0iQofebn6flw zEM;fPzLeWi-c&JFscJ-Zf$Ar!57gP}N_CI=boEcvZ>m34M^n>Njj7JmKx%F3^3;u~ zC#Ig6dQs}tskfy5H1+Y+7gK+qdN}pd)M#3InlWu&+Mcuv)2>RpIqkl*U!?sdJv%)w z-IpFpZ%Ut;KAiqQ`V;9drN5E>e)?w_EJKrF&TwZ`WYlL&&zPODG-E7dXU2n?OwAn4 zGR+3f37S2c3pH114rdxOt1`zk@6JlkYR>v$)(csOvU9R~v%i;pUH04AU*$~CIXmZp zoab^r%lTTX)M~VPZJD-O+n^oNZqc5sJy&~$_95*ba`m}=xr=kx<(`}S9TZIomUss)#-+HD|EYcm+EfPJ*fLqAJKQ{2lY$!*nFq?LG$D0 z=ghB||7bpJ{@DDbgR#J#T*A zy1ZR^d-JZ%yFKrzyifCv}!g<)55?e*TU5Kg)kH|M&Ut=6{s`d4ANUw&mC? zHm9w^)@bXoEwF8{ooc($_MGi?+Y!6YUSnTmKh1uP{gK2eWG5B!2Cbq@!`oAQApXpm zod@I3(22Y_{;YuX9*RFJSrNvFTsDQRWb@+BD&}TY@#ic&F-Y?`&dty(HB^ zZ-nLw0!syItY&qna})5d5MQ?ATc!9Gz`X+6vJRtY8OGNtk!v;XJCS4z)yNqJj%wr! zPocvxL5U+yi(`V8mg!L1~3(iv#>1y6LS3 zPc7ifCbnF(W{8~t?u_Gk1MUv!oQ;AbTflqb_A>EpCB76L*GD@TodM)XU<-(n8_+*~ zXd4HR-`S^PpgpMf&QcZ7{^l|Fl+$S;V>uj!eIe!4#`MokMLhHWqW7O zY8&u97oataj%poxb6$NWZ&rHnD zJaI@0=5Zaq+aQ5*9wp0Qxy-=wnM*)YAeZS(%kr3$(R@s~QZT=!u^iM^m;~dn1hSb0 zZJ5l*V4GwyGb>=;l^Zv0;Hlr`x_Zm96)gH)u48N0EMs4Or|YH_W9(B{T@%-h+cs=r zAAOhWW@KWAzsnWu;bhm~N_|C%uCP>SbR!XGIJlR}5AfNTb&QxbPeq^SioC=@2|ba` zt?ZZV3HBs=iapJqVb8K(vFF(H>;?8BER~m#M?!wW{u}lt?lRU?Jh_olQI8&6PlYT? zkiMO`7Q)U^;98FF9Cw*IDxpH}61Ls!OyH9#9l_YpAio4j(c@cKP)&VFIe!UCL<>PB zwTkSG+$lMTDzd>OGrK(pN~ABi)AYv*Y(w zxR){)k_F#pNTspAE6P}w6k!=sX6#D|qfp9b#Zm)n;VZd#a7d^tjcNGv%q!YM zZ8|O~dSjo8Hd6bN5-*E=h&J}%egx^=iMCPurlumr8o;Q1$%)!`fLW!rz)NlXmZZpK z<)YnaGqpRBxIXqA+KslyUPgMAo+sK&?LICk!hr2W9%_4XLffhRQbnA{#K#N4mphqR z@e%HWD03zHCWm>DI+5&1MkF1Q3CWLCid2l`l-gM}zXE-f#R~Cm1YRm14-6iD0^zXcy>vsohjn)&&!Suwu#NEX0L(Z8jv3(paxuK05oce6^QFh7X< zLEL*-3GO8d2kwM_J}cs%p>OB0=|~kw!$<+70&yQ=nOwu>@*$Ql?$1I7sGTQ){v)i6 zzsMZYEljC6i&awFgq-aJJv&)mJh^bUA{`H-?{1_Zk{8JZ{7pzMj7vXK0bu{Va%-54 zZ)0YjxNiWhIZTg4_X;Epk^!lnEsf1dB#a5G!p{PVKBOS}mHJ9fR3`D9d=CO{6W`VX zHxhU{2>uU3wuX^jM_Ph34`~_FX-F3#-H7?H1!)NBain{ZW+2T)YDKC=8bi7rX=Xf~ zg!}nO7l^bH`i+irrxcS7TivJc_${RRHmTDBh6%ouE&YhmGh z4^|XepW9&RY==Gc8l!l?3Gn-N!?*k)yv1|aDezWLW&eR0;~~r&N4UflTnR7nQdk^1 z%ti)SD<;e%7FZv7kYyED^HiS3(|HEh@Jyb?vtg}d!=kaXTQM{K2zJYL(D5noTJMK< zdY_nAe+D1(W_Al~n7iSn{*s*qI}%!wHL_;57*T;-wuCjY_hB!c$v)t$KU%$ZYMV{{i%mKTp5FU05Y{Kh#m`8XGpT^qQ zd15|0U!Ku;EwAJCyn#2uhi&F9yp^}{cHY4|c^99~XYg)#wmrO8y=~*#ieM$c5XQwcjg#Ie((j9okla>z&&1;hgtpoe$? zdXx*uPehK$N92fnGCAT=CP!oxMl`Z^e_tWMuLwruNYfJ|xivMpOS?bx&&q98x&}3C1D82}mdo2~9w%;-w?;drdq?%|wotIHV;3 z2}Wc{Fd{>O6&2H{H14hGTQ@ITu}W?VK%E_(ox);Ehu#{G`$LVw9|{V8$Q$>E$TlXQ zC1HKb&k{640xsLnG92O9^{ckPkNV~n*<}k;2~7k`*?wc5-a1`-n^FaBK~^k6txS?Y z3l#KY(mv#J0_Ki=5&K2#2eCiJo`~HW`(y0)v5#W=VyDM8#ZHaQi@g*3E%JPaBlbZI zR%q;K>?2&iK*CHjc>w3(*pb*9^!2}X#K@NaFC3@^G3(fuvBS6?#{E~v7X~dyj)zTs zkG-GV7PRU9?2JUd*xQMxZ@OnwYw7b8|H!K1tkkSo|t!cPwZB4M^fzz}k($Em{{YCsMn z&J@h0Cd@--oN35q!51se49u;0_@0l`jG5E{9ECWokZC8rcyMxIeK=r$6ys|NP6zCe zQaqQ52ulDKNj_|na@Z@CI90Grf*2zqoO)O&RhX42W>g4Er4BXI`hf`+$t+Mch%*EB z$U@XUg85j2-LV?@*T9;PU_p$dEZGiL%+6AW%5Jh|0&LFwCNJ?hsH8_@u@gf;0`4^$bY9K`>hjW zKK%!PG0mwN3^kUaj}Flo`9C>GO1}{2A;{5lkjbNzm@;-NM*n-UgQNqHKKZX}0-0Xm zJ_@{tW1k~Ir=Y&)0s9irmtwESonN}A;%$s6B;jZ zfEypl`XiaoRR6y_1dX4|xxl+8f&DPJ`qxA`(Sv^n6nZCdfcqbbR(=`#8a<2kLDE#{ z2edr-NY=$fGkWKvWITWfod-@#P&)ZUm=Zb{G$qX>v6Et3(8r_+KScTz=?HqAW}^3# z^I;q^_$^|7N~TL-2Asa24_=u37P~2SKOi)pO;CjAFPR!pK|u^FqM*uwYoecMEYj#C ztp&XuZxcyD5)LW_zQv)kCI|1R4K%+9T%hI)8rdQjT7{>HexSF+0X$PMC*a8cQCv1; zZl%)~jKcS1=wv=X{|ScVJjj)3Bk2&i{YQx3(A?qx=FdR&SMj%r-17VX>>B$|D*sK& zWvm$cZ+{zp;uyGq)(L3?MZ|aHR6@!=1B_O)kwf&=w;`afUyD4)aVWMoc4q9c*kky9 zFUe)>cWC_)Kt4ixCZS-ufn+3ln;bP<;FLSUSUnfe@`y|r|*`QG_@>6jk zV|maE6H+`?>f}-rIpZ~gyN_WmA>4lv-`=6S80jB@Z+`-eW}Rc0wQI$=7xNEG7kwV@ zGm%S3ufQXyLz&w#(vTxgv#doAk>xmf2nsWx*GOi>F_q>C=oBtOgZ~E7CFCZNgX$4= zeIaT9%{VNGlKhinvc}{LLPN;Cau_lt>r0AFlYA$}FoI6z<8Ce^WM4_Gnx)2^}cs zgWV=`MZ8XJe}b3CLHEIPxi|I%XnQvH0YRxnMJUVS(pje?<@M`aby5MX4~9s`7A*F^5F)(?)dX}yOGC`DSDt31++-yO*z1MO7t}w zJwho%SPkxI@J970fhh-^)8b4;4Y_#M;Y=4& zuMr+#w(tP8f}1+QF#~$Yf_LJV1w5ydWJM)pB?W!q1*JZm3gP>ufLkT_N?u=%@cPo= z^99hi=_tOjC&nSF9v+(__Lh{tY>(dIa&w^F&Ay7LTXC`EE6)>#E znF8N$40X{ee2(w{%|bd=LOQdAblQY;<_qb}7t%>_@&1n*#b z%lG)(!T6mtJ;gQ-#a>DN{@tHrx52}JWt%7=TS3q-M*t=LcqDck%YxoPtQVfvQL_7C`mJQe1@IO0bGZm@4m$MBufTwG+P5oIic(R0?3z>r6!+Zv|@`R zo>SzHLtyC(n$a404wB(`OT0DXtvL$0sjCw(Gjcj~1$ zy)pQ6|Ni(U=ctUJ;^j$P2|NkhiFf2UBF1o$;M8LRZWOaRX^vv(?_v>~5RxNg0HXnS z(#y0PX1XZB&?Z5(=mq3RK7md}fl{~5>gAbh}k2_hef5h+_#6VSNK0mq%|Kosnud;MGN1b ztcB!I;Gs4rwL4zl5oopVaL`C0JaT03n+0UMlq|A+jqb3hWaB=s@veNkYZ z%EtUaku>%(w|Fh3<)( zM4^cb#dIgngcT%54=DCKdCGOumF9Cg<(enqWOvYvPbXOc@e|UvZU0| zK(v32#+MSaGVL!?0ICM}(?pWvswr{QnYha-15b9OgzZxRjYWqK7z&VR2N79z6bYwO zu8lAg-c(Ra7F;IkPDd|Le`f-p9VN)7O93_q%8*5tivE`+z>R#w3zCC6;HT)c8n$o) z@Hb*bRt+n-1DHB-W(p}$BU-%>ct&t4uy(!_&$Jsb3v#mo&l_=4)OsgsA?e8y(j#mW zNEONBV`A46^;QlwZ}JctYbuO*wM(RC$kcZ~s2r^Yki|(cG~#h4D4OhnM9+}lKzrro zgXVZS5v5s32^q)%-)U_uZfEh=sV$08{yy@1@nymvJsf-Je~5|jJc5LoB6d?UE-||v!rb;o?BFCk_G9GxW9-&R$dsqD*tPJL zZ$dil_*pCVV|ecmPsx4U%m1t`uv93jkg(LI;-=n@AF}l!&&dRu@YB^4Bga9z;?BpK z%H`NMaX0o+$X*|fN|FaU!w825;|=?eaFSQ2 zh$k~7&w?7&(3a#g(r8VbiJIco#BcJ*Ph834q0=Cwd{QIQ)1(hbW1UX9=1I5$)Q~4c zC+QE_2a~na)LQ@b8)+TVoU~pnYd#ulw9kYReI+eJN%pn=HMZohPH-+ota>TMN*5O^ zT?+Kg&G>RR&XkD}$zk15Kj@__{xv_s4ML-Td)>bVoUU3Oys z3rAn6!IeVzYdf(w=4|ZCITyQN_G0JB`RoGh1iBl44{{iPIYDFmZ1DLU^v=0R--iV4 z#r-^3K?-&b#{0QQ`|y^|&cf5#h^L$bYR*OaK1SDG+|Psccs|NqfN%Sd2N>~1E_;;i zgs&p5q$YVU`_Dm1LXKj(EojmKgx9;-p_|+EmQY<^vv0)hgwe9 zh{nUBtrFIMbMTiqIf6&^;88tzRF9m?(3i_`UxE33C89MFp0e@efJCIQ0W2Rc$G%Jj zWHDQe7Z%bMYCR#J&!vupA`zEK5%F=YdO*sJ-f+Fouk`zs#g5AgPF%8t_b!$W92;BM zyL|Z-D)*Duphja{=?=obP96=4C21 zmam?_>-irPJzd1R>+35whN?D1_egt>jbC{s#cFzir5;$c&;U*b%0fY-(V$nU4dSM9 zDMG<;b(PoU!WVJxeXD(}xvVJI*1n}{Nk_OcSk*anLVd%KwAa?zR5FyU%$(WMHrvn7 zDt37t(RuSqVB~NXhvcI*DudpLY9b~TUo?2`(46xI zn^qR~St72|86|V47d4st1~okwZy39LR>-;7WD72CUAft98CeQW6a77)KOK5#l6sZP z2Yf^~2=9GhePbvz zgbXfRd--M2f4uo7&zAO{bo#DKPKxJzUvNDsXD`1p`sF+CAlIcQ9ZR&f9j!$)>zl2O zH@4bU9nz{)e8c<;=M3)~?pp2WwbT^%EFD>>_iDzDIKLNfa#i7CqkZ%8m7CMkH}8zT zQb>QJK&_sWpf_X)0h0@7@BX(B9C%yW`;UJd8|OLEqjFAm5IGfsJIFy@4|q=OGky=? zuy{;PuPr*QT$z_Dpq}LRr0N)}kt< zGF6Q_-^_2c+Z*$_^Vs;uj{bpyEC2rYD+>nt9rzPXnQD?0Sh!S&DFi7bzA1bzh`OQo z(p#F9%B;O~OUVSXNA^{nT6-9b>^MJsQtf+?HIm_z(W}|VNimHVl}{cfPLgFlcix_v zGxyAsuWfyOZAhBI%h#>HxWE6Bb?Yu4JY{_O@{JppFCPah1wShUKjE=}HhBc9TrR`J zm^(OqTW9BZ$E@i)o9o-9y}ptDp5^6#{d(GzJ znT}?kw`^MR?7Gg{jhc$UD!bQdE3oCdv&uWm!}F?2ix*k)3i9oCtU)s~Nly8V$cl{-dQ+!Gap=>6wE0QE!@v|p?(3fq>R%V&AdM|kba`#g8>Tq~< zHLnok6kdSBfpUe%m75$R3YS9G{A$HnCtO;l%2FxQb?KeEJ8@O2Gu371jX&6&nwg?h zWu`U&|F1)9s;bt6cxCk0m7~?wYl6HILSE$Ub-R1L(bv&VXhEqIb%G-yogxHQi{Tid zVIH4l)as1;Zn=J1hAC5-VMwpK>gIc|Z_${tlo`g12Hwvbb{VS*3aX5|qK`x$*kcXZ z?IG(PZ~-wG$pFmoi$c{?FdH6y^6J_wYo;T6+ z*C+`)FI3G7(LKD-;O36#Klnq@gWNTr-+$8l=nQBR3F~B^@mKiQpdXepv>T)+BIX&j zPs}<7E#y*^|eb@?@U(~bfsE6y1x1X&2UrSyzD}s z*|5y!-nb=tD3tHoV$uz#m)OiE)Yby2FiMZY29UKq=3dN|2DPYaQZ=}oG^O&6!Zw>y zvvt4H*6ysIS6;tlo;N(V)UPkn6gsMYSK4Rov3Csb%{1_CQyDhs#mj)Kp;(=xRN4H4WPahsGQ1rX{wXmgZhV_EHBX zVTt*G^=r_rBRfUrl9-Zxq!cIkBlw0&J{{Rqx1`EnV^Qq~bF7_`*_W#;(YwOsn(v=5 zYg=Q!x##9%ZIxEnPQ3+Gw{^|vKpjN++o0Th+)OAmQ6Z@!(nN|7>BiM&#ls^#!^xWz4ooq)5#uk#>yl$ zC@x1tqFe9<;uEPBIy8O*mrOtzw~w4Y(Fai4Gz%z_bgwS1|Den$%cr%AYr1rK4ztx? zySTcv@VVOpXY_)B8w?{7wy=Mz>58&^s?l| zIuW87TnoP%P%kr2%XYD3Ef%B!xuAoj_7ZCJ1R&5{zeh>h^2XQq-zkjYqR^rsO*Inkkp_4Jq_%3}~Ce zhMpqLs11>ZB7-t9z(oty@s^^YG@>C;ExN+)%7K|^ucv}8<@{)KL0L(Wvog`_is)U` zdfXEHLml$G9Iqppe?aT#onRn8+GHMw#Z)$4V*xtUesVopE z3zU_`M{mRU(BQU)9lgyhJv4}^TU%n&B_n9l!53tv2@a4Hx*&2UgOER2?NIY=Gkgn1 z>z9Nb_12VrD4mjGebEEbO&GH0Y@M^SDbLb>A$KQ~4)FV8)8We!eh2hUbwr>|46RTk zq=l^0h>(>KU#qgTI%Or%NE+_Ygo1eB(jIexP!cvr<*|9(J*go?FY*ge3nFq!y(qf{ za<}F6cn$gK=1faYeuJJL9S&Beq@1Eu`h(Gf=ph57=Ngpv3F(=%8oaXAFyUj6%>esR zuX?$1jknd=R8VNQ1+4bEqP26T4HvXptE|(ec^wV@QH{4?#FA&yX^pycjeDBEW3JCU zPjB>@Em;|^X@RyyB;#7tx=|V@tA{KBnDUVb%y2jj6SB+MNPl~e_QV}KTsDm*-K2|X z*3Er(gX)Ykwmx0#Q7PA}FhCIV1g0`__x$)kGg$#?y7ZRwuH#2P@bvn8y`B%EIVc5f zDIG;A8b8TXaZ>ro+5W&u7geazRj?=0BB#`(Wvi9yGMSbibUlUIV8`&!P@AwRd`UKi+B8{9)@2u5U7Bu8SElBsIxpLI z`PCH~lSY}QPxEo<$bg~5fPVwAPX-O8crp$W|1_~iehhdqrGbC({*OeG8>GmRb{Y$_ zt?JxVPf@!1=Lfnn;6bEn)9TN=%~aF>xJtR1r?_oa{_d;JPLHe0^=dSuaSqH-PS!NP z7ubc>p(CSE5i)pRdXR5^>9u|y*xDEU%~sNd!WUPZ3>`@kS~dPw3hMV;;2BfkZ4>!3 zr@&`Vz_X{or%%9jQ{a>J8VHWqz^BlS7FbIv#NrrNLzZCg!(ej79oxccmztLs?^f!4 z(VyV2p5FWF<(IiKy7sPizH$*aRxFNwFYfYQd@;=dftZ%OchpZ&E;artYcaKtJQx14 zXtyffZp0A21)jl^;nZ$9f94c8wNHlYWH{}RV}}I(bQwSP-4p&E)Z38+&yeAW)-c|x zApCOv%sBjAz(q41=Yv-11>3|DYJy^H6Xk80@&)&2_ ziSy`elWE#;W#w?!MVmKY&@MtIJNVU}dHww(K5$j|PlBtEO2Jk1IS8~D|`$4dzS}x9UTq% z(RSghC~DCbFdsCha?AwZ0#8qdOYcwQ*Gz%GI|0v{0)J)#o|_C;C@0{0fMeY9n`PmNH^(u0? zea#!%^@V9wL4D2=tG&coOpaKA%OG5_UzF8U66f48EqP058LgbC@i(N90s)6FA~@}c za~kvJx4_eR5?pXv&aasQCyvVSTp2D_on8_6Wji@lwv&mAd`1#HJ#If^#|du{_~rbX zIQ&(>n^aBnXpL(8Fx7GOT+-Zq+NorAVv4E#? zNU7Z3De&}UxS&VQubBcT{4zXi3Y_Sa;kg6{b?(@Ek{Z8Yn?|T`?f5yA@AbSve^X%{Z;-zz+Y5W#?`XO%FcGc?+;9o)quaGbi#Un zgd~-E6k~0X^fXq0;t?;nJ=IkKMRippB3{Cbv9Qc+HxsaUmd0#Y>CQ8l3i6!6B3rT7pJ(&6)kcf?do8PKD|$-Y zL61|X&&%`F1zTIhP+enpuf~{R$*qmPQa3hZ z`l_(b)LYZlLeZ%Cxy6?0Ee-WQ+B|UbbWkLGE)g@4eXfK@{jEONex?KW9@%z zFE;0@HmK8v`qHu@b1|G0%z}P7N30E0;rAAxk10qZtC#p7nlLg&2n%K=GDJcu6+J;v zFrE7ZS>o~SjC5Cp(PVLIyOvdURp<;Q1L5wuMUBqvuO33O=i@C^b zF4Ej`-E}wIaNTvcZ1F4}9v*QzM}~(Ndq`?JarwQpOGK(D=vht8h8fp+?vASI&aoXk z_@;&F`TApDBfy2K@Wt{bT` z*Beir-Mf2jS$U<;+8+!B7dBLH+7wo#AX?3t5v_X*crkk?jd^MntSPyl5^?LvW!b;> zZg92RI*ZC{^1D0cHWzuF5qo#(^4jGmU`4sBWxXa?v?$;0bLabwqvhU0kKMY!Te5Jd zveT%{>20hVDk1%fl`#G#+Mh#7T@vGhjKjBC$K;Yy7)D;WLD`}fY6 z!Bf{1%(7dPy~&)W=lj58Bja1eM9|DMtUbc@=jgXf^8{t`U;Ti=+s)z)5A zSzA+@@3FP!^3gwM6nY~IYg*Q6syvIVo?vA~Fe|s1x16*iyLh<0b7d7M^`nN5gap8% z;6N)cS5|oyNz;I=(^PWcT}+cYOGuwyQ&?DDZg1GwF=Ja>(}=w{Cz9`~btx<}Y=a2( zbC1nAb6RCMSRDOz%l9|!xNJsQ!Mxl&&v3WHwPaQ6k}9+h8jT-D`!dnqc zYgEq8`slm-p-7u2N4f5%D~3*5(6)WozC{>wG;_T#WW~oY2oWO^R42yQjG&urWL*Si5vuBQcoY9V{07 zjA{aQnT-YR;^DT|rJJoJoksHwLt`Ykl2m>v5@D-<3yW zIxo*}H2O9D7mr?bOYcRaqZjw@@GKgdy};>QFneebt>q&U$ScuX*i$qyrmx-+no+oc z9~Q%T56NsHE`I5F>e$7|Ba9 zkVCnT2tB^5hWST#^FSkK&rh{k{9l64gyCHQ`t_+E>CI0gz->~t(B%2M|F zH>B)hRbhKw^b>wtxYad9%7C#77(Nvk_M}q{LA-w<-p_;q!C3=#wtS4=7lJi~aXFzi zFY$)3_8kgos(nS()kVH)${Ro&jUg}MuqIzP>~lJ4dQK?X9(zqKmz0t#9QFpQMjr3e zw|Gj5yn*hP!JSmIsEL0f`SAMyjJKmrxC1V*PJv$};61R=FGg)%b|C^UD8(0&MaV9c zZWNZ^EVM)+U5(uWU`<5f3#k?AByvtPq#Q^wRK(ly9uMx>6MgZo6U~v>tk@ua)97ot zya^i#bS7wuiRLU#F)THtbjQozv4;nvFYe)=5HAP`=|<8xH{jR0tP}%`cpG7q(=;=w z@3R!9WRk8>8GXezk3GLcKg+ee7GuI*T5MIec!NRW^?Ux7>ar4Jfy1ir_6OZPb)IPz zx>&Bd`!ej{iWHKM;jZX;T5%!0`;1}PRqk{j`Uc&?~JajK}=Yon^&O9Js$J>>4K z^VC#SL|jyLu}M^26ynDwTZvzi=F71=WwyV*2b4Vy=TwU=s$etFW|cu zzwbc(a|M2JililiIN6`1TS;1=HE7}hafUFaHq!DJ2P!(JJIcx=mEIev3(Df>ctknCI?q^+7PokZ`fK}m(mQC8v%RPd$Erg|#oE$wLBM-qja z`EOCP7r!(?6#alG0vs6myTIthZ%+{XssubXj9+`YQz8gE_BYBI8|Lp~AD)+8D{@{N zZxi{7NBCnDfsFX75pFZxf99EyO`B@=jqWSG>@rXtMvlKGazuO)lVJnCN6xIl=hA(n zzzrPy7Ub~a_ppeH>+oB&L>)@Tk`p)j*h00NH7?=XU&^uobl!w@3Pm{uX}Ad%2c3CPP`2DGTeN)Xb_OS zBQ?Qb%?L`~<6ZvRy7jLu^NO-4GaMV`#nKbt9a+X$xD6SGUtYE9GQ~*WvF1LaFn}C9 zoX$F;lOF5)`g+Py5XS*gll7jc8rB`ziX>*hD^|`yN_-ZkAr>-x*xHzq z;;F3kq@*;qHt7nCO1IbRRvHU*mo?0CSBDC$<$SIbusVWa*Q|ymUoHJryp)tw3VotOIfW>@bSZu*?WfW1 zV=wZjqV!9mUcQL`NP31=dUQS-9gz@u<0iH5KttV_X*{zxbE|o*u3>;LDjltyZr;Ab zGQD!NbUtZYPwX~W_;+LcG>SfhoXD{dC9zKKw8U;f1VNP4aYB+5db?y2{pwR4jjVOf zsjM%sdF$Kiy(ON^oW-+i7Z$XcYOG;jV@IQ}#FwF2e!C-7Z*x}n`&_gAB{M^2gg~qX zB`xLNc4Lm;+CIl`9?|Ffa`W;WWzA(Jt>zrBscj*@!CYvyW*fW?pF@vDKUy8VQ^H0< z@DlA!A+97wSxC#z+5gwBZJizC9i;=(8^_$-P&L{!d$~V~z?_1W#r`HeCS3sQ+eQ9Z zij%fCHA0O*lT6 z$*^#kXAYk><})fy-VO6Il+)U4lo@>8yTilp^4b-xtt+BWE!}#<4O^E|pH{|ZE9Od9 z;jd0GkSF_v+Lt9^hJr^fPgK-f*b{}F4JwGK5I>hwIPVh^HH>Nz_Joe)x6M3zeM8so zAB~J%Gwg4h(?kqOt6~8gJbXH{guAZvp=geMy zTC*uO@Tkz3B5ojQhLTYLQw4q2YFinRKbB*0|vicVq zX6r|h`WI%-USgVKTw`*s$r^ol@y5kB;K1$Shacvajbcv5oI^WA=x@yFy@&6>j*erP zjh;ZgI{?W8q)(9s$deP0^?a6qJQatykY}?f^)x|1wG}ql5`GcvR}48>lgpYjS=Juu z92x2C8X4)bxLg(_4R%$IjbV4?U`=OdINaGud;5BTF_)h?#V5F7zCU1@%Pp-cy*7Fx zGLS6sKGa7$iRIZsw)o^q!K1R7OYM0&m$spPeoKFoe|v4?5|7PcG1d%pG?fnr77z~5 zJPSBrHG<-V9{YwXPeVr5V5)~ggVq*Tg{g3nyTpp+jI0JnYrx&;wddLW#T^>IH&kIU zh8j&41UR%|m&01=EGWs*l)Kzvbf!cxB)%DKOCf725+czz(S`(hKf;*>t@p@q`0s!292TtwrGqG!Pn6QcEYDTgFycd5`0O;aLFU8j!Yw+V#o}<83-SWm zk1kbZT2iZK&e8OTEGC!PW-~b+Ul>*>+UsgDY~(#(v%vxJ+k6pc!d0Izmg8DX!~}p| z^$UA`irb*eFYX^+GF)7vEzWZ2ONvw6a27G;Ymq%gC;&bhg#_ znjmQOHy8MyX3zqx*N|UMS|CeOZ&RAfoOf_S<0L$PoVWHvsGu%=NL?n*mNdimdR)U?8S8<@M4XTY_0S)wn1L+Lq!Lq&~lVi|F%DRv|K zGk^P=mfIC26%{4@P85R{rFAf#;w;zFLyq7-SHL>{cq0?#vXh#RG5i&D?VAwiUyC-VF%4)IQ4el8Ai zO_X{*4r#(~Cj42#su+GlJzhH?F9^tsafqKq*^l`t$n)zsqyWEJdzXN`6o=UOCf+PP z3qAX`(6eT|kBIkopn)a)lC$`ZJvPwyalcH+RU&?95L=2S_Pw4Kh|FIunauit*;6>f z*W5LfuFMUnvQ3$lKEA2GsJb@IVA5u`>&@LWA9d!M`?EBW6q^=d8wtM{E$SBb0M+$R zZGnf1y90sl;*uGGz>E@Ge!k6?m&Z5xd&805;^N*&xYs`zEb@m!{vr%#*j4;|J{=yX z*e&<3@ZMk4;`6l>`RVGndpvfV*UQiMv=kS&c;suRztG|LI|>ozk`Un>!kTasb^zcN z)+y*E8x`YAEE$nHhNVjLyH8$`lr5P>Ga8(Q^)osu!d1ZzJm=;#%;+>#S;OV4+`*t5 zX{fs~(9#rW?C!K!I=dUonhPVQ#_leS#@tt3RvHeMmWlX^FLn`sMfx+v5>0Rg7eaL@AAx7T|IJC{{Vw{_uaxb5rzwUDHUg z*f(G>1S)dfxeL{qsqU&gCH=(=v@;?{yTslL%u69kQ?_TJMp}n5{Ot0}FF$err6G+a zQ<-Vb3?A5j;uTk1vA;9Y$vt}tTOIhfC;A7x?gv)v`@>dc8_v0I*>CcZ*Td_Y>__;<3Z6wN5@lQk&rAMoAKAJC}K_@ra;cP@%Tk>iQjJ6t7ltQ0w( z=66lxa2=Opj>z#Oe^u5^z~L7;o{AldJ2;N;lc}{>nJ_raf#W8J|eFvuRKa5qnwasK%;F1SEk zH+NsKuX`WYRxuS-$|^gk1s^03VLR1H$Y1;ELa=-WN)o z&Js#|H1PzE;rGu$_@^NnIVNt{bTYh><4 z5Ao-(K6~`0n?}#R8mxk)1nc)r#8W|uPW*i!{zyR`ymI@MCj`orWdVHM8y!FOtg}u< zUK{>jwZHP~X>XMWzA4#*G@|VAdE~*fsG!{AHuwsAJUt%qXmI89cxE0o*-f=|HRZV3 z^KqZ(WAt4LaA8%cP|Ht?Udx|H??w;OcVFzV)GBF-E|XU6gD|Uo+ON*&=NU?_893d_ zS6|Y>jnNM}E{Tc=MpFJ19-*bvh>0V5`+5Hv+fE;derDyy&P({J=#`grMn3@lL4F4N z60?bt+HF#+2X*^R<@lT2Vt(?iBqOB~m3~qwgb6VyDbJsR26vU9ks8F11XW#-Bq>L=6thkkh0Aev5QFAUSc!MN$>N zLZJjiABWtC9ZcInGwof1=YtVX{})FiYR4GBJ{nW{eJiez>aSY%Q~EX}-Nbqn^7x={ z_xIf@-LzxLUi$Vp%Kcm}hnS2hefkwEr26SUT}I#TMY-GMasp@Tt$or>-FuhNw;56; zyPw*I`VhuZLtO43yJW0pw{o|%>h#mAMn)*tT(sjBMVrV4pMkQiYhG~eg62`Bbh~fU zCf{tz)r$Wwe>0b7fVm5hbWE;rt84XxtTsXU2m2Pd8Ua>^kRpqYm0X=7n5XV(7q^)m zz%(WeumhlA~Jwiz(Hx&5&1rDF@p@O2K0!LAiG|gXN_xtSxmhS@7BkVrK^nZk)*1IlG6J6(vpTqp3#^`37F1D zJbeo!V6H8q8T&CNlr#iB)$9t@Y2Racjlg(GInx+cBe44z&P)8c=7P(tf6(k2KL oL0)A4cXdWxX+fZ3Zob#M=Hohr-jHojEpJJ4IzpJ*|Jx=1A1bG;VE_OC literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-700.woff b/2.5/assets/fonts/source-sans-pro-v21-latin-700.woff new file mode 100644 index 0000000000000000000000000000000000000000..a6786d1f4a52561fd9a03e17378c4c10914d1ffe GIT binary patch literal 16104 zcmYj&18}at6Ykgc)IIH~+f&=NZQHhOpW3!<+qP}nwr+p_xp(Gfva{J|Ht%NMY%)n^ z*F{EH7ytzLDcmQ3-~VyPlppzj$bZuRUql3jgaH5`+8>PRhj@Wofe%GwWfXoeQvd*J z006+_zH>jz6j4y(2LNCwfAACl0K`5U)D%cYfrcIc`2C{;Q2HTVO+M!;11mjS000*A zN6!HO0LJE0DM&D}bTbA3;9>v(;&=dn%M}ii^UKso&kz7$Cj9Bg{2yWXU@w^dfIm&m z9~t+D2%&ty)=jM(U4JmopKp-?0KaU18Q}f1v@!V6V=ei?e)NFZDUvW(tn^%e?6Qyi z^!u?5zy)FiJX`Bo8U0`fKVzZ!(eso)vfi?_ac~3xIFWwj1pok)QWry}(RJ;2Z!J8p z>>tn`FI30|0tH~?5Tk$yxzBE`UKrB&x{$_UV^opo`r$*AXcbRyCV;akX!eg0*R{(O zP+N>qgrM$3$L;-|b4o%f< zuL^T4M>Re+O%+{=JSn~Bc#UcsHLosW#;g#x|FNu>@}CrqCL*d+t1Xi{x!Oc(PiQB) zqlaa-K&}ZJ3kN#WFTENbQgo*zm%$}+PESe5zTA+ieRL^*M*0n)V|b}^w8?W!|e?f8d-h;v2Kl#2y%V5#MLx9PW4`UE07LU8lL&*=%xPG zt>zaU50Lj1jpBP^$m{QK{Ngo%kq|!dymV~3U~Tw$68nd6V352-zS;2@QaZ{vG!+iAMSy*C8Lr<5NM7YVQ$#B1cRFIVOKp#u9qK0UeScO2TjoSH1a0k1e2%xNO@56 zKjb5BE$CDnZZ+6nGEMiN^D=otn7>HZUJ-qizxRbmVvTKK(Q&~WLO4NHd?{-!kRU9& zUO4nk-{m3QG=Gn6*9eUB)PT zf@+pEsWobw?K|gwTq%3ycPLuZLWW>QP_2dOo}&?=h?inv!U@?IF1o~r*=+w z6LuN4Tk_X#7t~@IonLS!^3+GK#_BG9x~Du$L-F0XBy+xqOHOb4O;kIA@1R_Aes|0? z!4GuzW{wEB2i!5AA7XpeBkH!tmQ@O0?5(9#mK`&*blo556}e3`afMQHRZXvoSo%}y zxrjHn9il(RbUN~k=_a#eg4=*kuaC=De%B!`zGfdi?@k_eldJob(L;GL`fLWZKH}PNS|-8yOp-j_5_*Xqc7#y zYAnCj*O4Eq3ZA`4oef6Pi}d#=pV`-s>USI}>cXZu{;UU7ITAzOGt|IMd!$XqcujZd znXIMi4zD@aoHMPI`Du5u`)5O1y;{vlY`t1mDNGleE&Ee$KNoTee$aOsYIP);mvLr8aF@ zZ3j*Vh#{@0)8(I*Dy3rpv73ygvSVp@SXskS6 zth2X^uQnFzMT!Z5h5(@%j&?mo3fE4KHp|OZD73KjSq8gxD;SMB2gk-vY$OG_&dr{C z*L0{gH5$jU%m*lSZd5ectxHE=%14()4|tRmd7NsQZny3p{}b~}D7Aw{yteviDmFWh zzHk|fcIc(98#i>yJOVy^2~d}*2|qMqDP!n?Di3Q%5=g9h-_chAa@TGXW7qB;@%29r&OI{hN|^m8`gqMWxl5 z$X{nd$V|}U$iUWA%{bxL1)>E1F{=> zliI|IwRQS<9J<*OBO}5W6I7e6YO^X6Qm^k&vQ1bShJKS$%f&4bFTcI*no|IABp2X? zwVsi79L7yzIp!RI-s2oPscl_D)zx0S*Oup88d1>CzrO!o;Hq~RID+I51TZvP9Uh(B=-t<*jDbY}i{l%tQhTaa9A zm|YvW%hTE3#}l;@**hinM8koS<1AEW5?`Nop$xR~MYKUxTaFHyp9MjX0i`{6T);}| zbgnlE^qTVY7-*GO`qFC1V>0`$_CBT2P2^d+e2Q< zYRZE}sTYH{9h^KWgX?OU(DfG#coXojP{XQc_MgW|0O$7wY8OX>B>x);2d41F{}T?Q zw*1dDcah27zGWuM6cSA$)9Z*H&U1>sZ7L+BVm%z|`DmodG+(Jf0V&f_bR8X0?I;ZM zUNGx5FA&rfECd!MnA4RKJ{l1en?^sYC*J83DT`WS`p;z+5vVrBU5B)x8<)-8W4ap# zR)@~Pt1qehQ-kZ1V@!sWD;k|GakQKUi)_`l0LB{rt=clltP_h&9ufR3B$BUl>>F5| z4e>EjFHyEBj3aLxh!H(6eUfPgTHSS6(MUbvqX!_pYFoh)TBdH^GF*#-E8c_RYM8n) zEOVk0g+qxQ?^ETIhBqAv(OIJGF?;UO8Di3?@pF{A$w#bPzS-hbjAL0^568ZGXz%-2 z!i7aA_4l`(49TM%KMn`|fm9aGjfD3kALeB3?j#G?06?tu&(A`4IL%9Ed!UWhKAIoa zuZyxgaR)L&3HOfu&CVOer!z?Km2O7~I>0EdDd3WmJQdWe&#cGy^WSSydU?ZnokB9& z2`cp!8-QhDEGh-lEy`y!hMZQ|Y}I&!FnRvabtA!dqo~0mphuy!8VU(>2B4jcItqH^ znKP1gvbQn5Njx;3aLwN5F~M8vXN0rG+1!wA@e0C$zNJnJD18%e@2z_VU*BEHRkd%n@eH{XY&V*972mxxOC;H>!)(WXi8kVIFDy1&w!aOXVU%A7{IK>! zoRe0Zv#sa_5fm$Y&i2%6F(2LLvnltwj#Q(L#KsP(zvbJGCn`$WV)o{#g4mr;1gG6j z#e~!GEhdlOQ4j4;;H#U2)6J#F&Td^&oyCjq{7`3Va?@oRpIPf^Gn--S)dK{uW`>T7rR8qlAQ25aZ?0>RGYtJndT3xf`|gQW z>zaEBm+Ey^7!nzE=Wqu{MV1;G*5>Ar(=o4`EfWekIf!<0MGDE<{uemyu2YN{#8c=z zi~r2>k0)j2XilF5*j1LB_I>#l7jYPKOq`5fAH<}k;R_QLlrm|OD*D99%EQ)lDA5BG z6ori%MJd(HKoe!fq|m!ob61!gFSQJY~I#9z@o|9dpN+f69|RFILc%i#hl%GMeJPP`2KiGcv#W5S<2LJ{stC zIea(Qe0{rNZeg1LcW3dMVDQy~MgpC2+HSVmOub%dx+HG0DwalHZ?a<1L)_mCwX#?k zU^BVaq8_+`?ULFAY`e2O(UFrLap8=Uck7>-7DNLvuTfm39pHM%GBi;)5jYb%Q+|+s z5PmR!uzhez!hAzI1cCO+>owbI^XvER1muS5ka#~cvazA(TK-IQ)zDj-VZ0aqvO?wG z+QwlHDEEM;&)6;G-9YQbc-~Oh$3v_G9 zjZwyeN_qUZv$svR%p`e;;QHNAioDQ{{4^jnVBog%;Vw%;HtjtS29+*D$e$5()1DL? zv;#2yRCEipE}M4Kr00}16Z~)!zf}!O2eF|d9DCJ@GwV0TcC^X|rS3;yEdD)b*l!c3 z`}69QPr!25$QibkSG8IYi5XWWsOoFs{tm6WBOnU@s$U#XjxCN8a+o;NwOpB2U}<|D-ynT<_!KILre&uN{0V?A(_J9Jw(crIHUe0OX{;uo?xHax7m zG29y>Fx{}Qw>eU;`+s30fl2*?$F1H z?w#`4pDk9)4~$otc~MzuIMCws62jJ6i#R@s6W9f?*=x>^ix7@ypwy2& zLZJ~OVvOO!j_j4f#LIW!=mep{2)AhCw6?)KPhD%w+eig&`eDb_NIBKoPjnUBBw z7xW~EFLA13lBle#v2OQh-qDt_w7NE~g(321_O455oiJ1XklWW;awduT5~@$tMJN!@ zn>*qXi;dqL%q#~bYcVEhU!E`!rt&8HG|a~@J^v$T=4k-hPWOxEp zt@*+Ag|d?fF)N)UaTX$Nmjl@Eob6m{RYzua?GOQu4{K|)4(@D2-_E*}nr6b6d*f_S zg5bea{eBh!883 zIKaI}cF12`GaZ^zSm$nfhFhun8rP|6`u(uZ1BT8fBL_`?LK*>Gn;u}`$gb;os3j$D z_Nr%3N)BQit@HO?{|t-P@O?0ptJDR4F#7CRPmuzuL-m0*N)pk|_4ee>Um_V>llnsA z{Y_m@0Y_h?7Xb&g0Ar*mIJB z81q^2=F?#Jepu@C=PC^fLW23{;ihv;nE81gjI)<|W}8B^-|y=rkpnlAo0lO13=#z` zmz~PXNVNiCk=FGGT~C-RS9hU%LT-8~b6dH7uz6u?pte_iTU3jv>P7dVm_Y5l2gHY6;TaMr)IqqkwkJ09mF)k13Ov1m; zenFp}6@-89;twY(dcAa59T^iPmvlOG>@H9^6S?T;=NbH2jBVNu(fY!DfUe|BHNZBA z+_0%%ui}>R~15S+w}ZNQ%7-BLMSXPZRQk`j=`jEp4y`hJJcI@PYUkycH0sdAx4SBLMI+uFme zpW8pyt?J-O=0PC?Qo&+MlLXD=6yqcvq!Wl}KBu&r7n0_T=H#u!F4j1@y(H@YQ70#z ziDTIESg%xuuUgV=UR~_32E+Z$SGHJi{ZnycvQq&%h1|oY-J|wC5WieF7HKqR@1V9B zO0wPGjOox^Z`uB?>b%D_GaC5kOEIF|?!tGs7q$|5z20Xq+E}N50_tNX3wgDQ%aHj6 zx9Jnp2kMQ%(-Gua>@JGn*p+3D9DOdB5VG&1{%v&rXO+1u%%r9R`%qAL=tM~3@e7IuE&tpnG%bCHXoJ1nSA z899kp@E0f0CtcPj9X+>hVLs`{lq<+i6Pk5H1Js5S=k8SF!v%lVqOw z?PI3@I>zK%7KcouGDa%aUl7yHwb{ieQtkU?K8H@z^naoUxC|Ml)S-8~Q0wf}re>Md z=P4C&@~g=b^ozHGOdL*o8k#++vW(Uke>ak(ZA=x~!x80%q4JT7J8sG8X&!6Vg}Id!%z<3D>YZ=_WqhS4w6e52?vh0>4R>y*N!0JM3Nca3kkt4wK2749|%kh;u3*J zmdj$DfwkYTBQgLKZUG%;x@2HxB*W1_BLvBD9V_K1`#3GXY?z zGrisHEZyex71%mK5X;w|95q;{fYVv#23qsMg8LS37!0Ixwg{;1S0rP_OUov8wy)(Z zNuA8i+qH<0*&EBMnAp+!rr$a;miKSp>O?fb+T`(PF(y#-Q;q3o23P_)`MlRY6FZ{p zjqc%F-OLPY&O-*RpH6x|mC-&hi0h~IMEVSJ>fv$*g%SiIK4~5q!h|e#B%=~fEFf+M zk5SKO%Q?Gn_kw55Qk7%e*f~UnNAG#7thxl zK%G$hq6r{oOZF}*z6z;p5v5ij+X%ZYL~=MYQV+Zx!f(YD(f5nBzp+0lp*;fSN;r<1 zG!*t1U@FJjTm+HG?Y^R2Roac0YRcK(ui)Oiw0#1)wO#YZ6^N%H*!J#O+Dd1@e=1-5LW839i1FU4OyVt5wNX zkJ4&|z*9xj0hU(;%_lXPURhq~H=iVWqZcS_<@1+`5-JN1>%vWRCs!wxfJE->_)dnX)u$=Kyd*6s$7%6kt6Ki# zYmyI1TM#onB(+T3{+gKoI>{REuR}mTKpY&USwK=5DZJBnTU0^0f*c#)=}^S(A=$Qb zsk3CchxNH|?2fPW3>$UjL_Z?Ki|*|PH}jP4J%o&%Hz`QK={{)V4XqMv6KouC`q*_8Z)WF$1wJ!r(8s4v&06x?wtuPxj_z?z_`D~ufX4B&unw*hhCK9`Lz zkVROmqv873-0@(~18a3T{?%Ri2Rcw)^Uf_K5D5o5ycRSQnue-J!@*Szh&!&I0_tW8 zv+4`uqtO?n;YA}P5^N;NP!yai#-GMdKws2sux|<8e#8Qnz&bv1!iLBte`F}XE5BYngY6qtDQ6>%8V9EvSC zY>g23-76`DPl&U}7HX{_(>@3Uy0KQ3ggt`0Ygr~hko*}5eKwtqj&NuZgCn6^1rw7FO8-%)8$o9%y^0O=fSZ*BAR@>RdSg*InNH;_l{ zv)#-AcQ6GfBkyFgX;SU*JN4evg?Was$Q^{K_p6km&qC%(ttMpa(Qwnf8TnwDVX!DbIfK0i+dIcH~tyXVq) zR^p5KO&Mz+6RG;ou-(LYX1LP?|I9XvgR2|Rmn5tT@=fxQ?eCodkn*0U?xE~|s0Fh1 zDc@O2+_Ru$9WO2W^_ps!)H%Axodjftk329B`{&dJN@a;|F~pA_U5{HKR{nws-N%#r!5D6@*v z7?s||(MbBt!sE&MJP=EY@mZ}Xi3RHaveaI)PJ5t#VVc8lw}>u9nuG0CFF$$AcOdYUj?i=QtrpYO;&Zl zcNQgMOac0Zv?sDf5#@Pl#zn?PvrO`&;v(Hah(q!g(vk=8VF*q}-I+eHMedFLb>jj= zBV=z#Kqpz58$SR?=tGc16ext2l4ipjLln}A z=()Lv*VCfkr!T&%>`0bs(wa|By+-*Liny%$^^e0HxiQO#F#2rQb^2}CckTk9U4QT1 zKw2+8?erR4!4=-cN;71ze<&krW6WWRJ5mT z7D4_^ONrP=a2C;$xqNFr``hk;+$Qf&p7`mu>8Wy@7LayTd1^{rE=QrrEnwmx@Hwdg z#=Y&e}HQPGS!M;UsVY2c`-#m zMRj3Y&XvnZ7V+2reyToMyzYI}9uf;HG+~SdWfT*}ic*su@2)q!8vNC-yAjI4IdI@6 zaekG8f#oP!vMThed`i1ylp-f52YB|M<*1MU#ZmY2vyXCaw@tJI*~{~!LsQ?!#C5Uz zt(dnLef0rFv8&N9E!LoCvYXQ*0_F7Ha_+G30(U8+!n(Nn>C?h1=0q*OLLoR=7Gs^r zS4!%Ql()G+?oRP0Ic?4j70oQn$XHWTU%OZGZ)@D3If&SeSVK;?cu|;%Jc4nj09oGz~2^uXKW{r$916&bX1q>awy%ns54hFf3}D$n(fDttVxLElUkNJhst9JzR0|s47jO zzZ1-kxC(gQ9|aVc!tIv(Z*@X>cA8Y{(#A*~N{sqYy|-^gN~RO-mzL4FG)FVLshZ5K zVWmh-UP%haV@+Zp!A}>g4z^BcZ)zf++iFBosC~cKIti0hURYINJjK71f!+E9eWAuL zf;%O+0+aPG+KFgNUG$jRuqp-=LK(ObzMnsLZ7v2TSJeMjkAzfkp1);!xnB)$!X)9! z$pxWgBr|epA@yT-P_dS1dLMHf}By3OwGTajF@;O*?uFOYxXHiBb$E zI3&lh-l~_~#jqH!i1I7aj=Aya0C(lZt>L2Lzgu+~HQ}dM#>h*H`x~5JHnvt%+G*io z;oi5Vk;=$GCaix_2h%Ih7*jQyltoNIz6@o?V`gTO860f&b6h&ibTMz z(c-O1n-Ev85}}6YGj#WGrpSH*J4}2wv?PL=Ta?CRJau08a)x|WQ@@qZRE*^JWm={| z!{j22@Y!|xB^xYlej*_P#{Y8PTf=c;@8EYq!wQ$8UK*w0siZ4Ga`FUgBXPsp_{Tj! z#N7G<;X_|%SNsr5FBz|lT8#a2H|U|Dv6^1bd9jU@)<9p4kV#=(6egk@{r2{0f}CHu zH-b6YrlQe^cQ0o3b7fU~n@$$B%8vl9lpq@i@Wq;}?1 z`AN6_)mpndO?G;Fo=-0q8)x0zsU{me=c#Z?#jibcv`Qj~!=nc$=vnGv;SX4zOgMyW zr=F{BKIr|^RZZH-fmTe+mD#2VwQ?MY>}BT0R%4-G#&^cv#M3>3QNqkpA@?bUbbFjd zh9}`6ngSuY;=FL^Z*gIo;q||+uJ^BtcixapaRuHJMIY*PyoScBV%XNs>biTM3Dr}8 zX+U7j`X53UKh&;X-}~?adhVRQw*@ zfoSPz1axN%d+fM*fr=W;8X-gUYH>=_^EjeAVPwDl=9eK{a4LcDGmAr@CQlx@Usx@q zVplKt9scQxDgui=(RI_V=_2}$N7AWcb}4GP8OPGBxU6Z9}HB!(Ot8?-; zN5`ZdgK2Xsq`Y`a3!_TB?at|m%J{}Ahar}9X)|)hL96vZGAM34^cf+)17;M}ZMGsX z#91nMK%49AtkPjQpkFK~ z?-1nG{_!q%xOB{|-)A+vS@M9uiPf3)9+i0>LUjf+JUnANKGKxqnm?bo@Txx$XM)*D zib2%IVc5K8er?><113Josz~bX^Jdw4(KT4B0rv8n|1B(Qi^Rj6M^&(=y()W3g`?m$F#SzvO1kMvx zw&sMm592BNUY!u|4HmsEX}bafi}`t?cG0sa3XHigSNR=1Jv9mW0{z0lin{|_iQ{t_ zSV{&|{1p?dzyp*q!SjGJ(QQGN!q@XmDC<6BtrD#VtiRgUjdleSC96yOSB-xgyXRHU=a5#N>dJv>X5c9U! zqyUHQsEg8iybF4yndVQYZ74-rxAoLLj_ZI5CNam4O@lOjrE-2ce8kY!9=x;4om|<& ze3Ii4w$JU-*Tr~WO=B7+Li8$5dwUTDMN%!mRl~5%ZM5)l?udT#-Y#zb1C>5PKsv<5 z=a|8BV-4mxde3}K27~JBy)vh&cu-a4jEc07y+wNxCSo;2&M6)k z@g({W-SVW~m8&y%&9t_GRUPB()}4y&(_HA(j$2~X?OmMlatc((ExDazRLj?GCI>AVNRpQVgE&tzw?yGw+(y}tQ`^8b>V_BJQ zPhg{KGBPn9`Qh{rxR3A~`{hxysWODuUS%XM6EoxlO>u&Y*B^#QB>EKO)yS%vzb^?r z*Hh6o{c$Fov)zGs5~YCPP-OPfOHE|iWN+&U&`p9`BuggSgVu zs%(~a+xE_=aiOaEy}*29kKA-a-WS6&j%Yx~h8>FargN4jz+l=ih7O6(>d!gSyLCCJ zIdx9Oz`b+Wogm=XiY7F02x(Cmy<{DjQXbC{uh+G#>e7HExY~$C6 zQX@u^->O7^R2g^_d1-j)`o3i=P*+4wK1NKq*Ed3(_=o%Cb;)S`TL|GZivtQIt=mD2 zR3)n$a&U%9pq#LU=6O{$RZ9sOCP7i(K@0D#eeaVz>bt56lr+{;n^YyN#YZq-AfdQS zD-#_su`TUCI@+6Ax$5fD8voZjtJUe%KFt5ysy#T!xvA+2^Y7Yb6JtkSmvuwfEDLF3 zq@QVLTb`7Oki6lrm?zDn!WUH&_z-02_f)#2^o{MEd9)5B>c-dR!Pu_~B|;TK1d6y* zKR-uzTiM2ckaSz_T(#>_vUEYm#4Gq8*G=t}* z1PfFM>*!sd2CGT}ls zK?3ra0-n=z)t06wD<1a)ACCrGOMFw?4FPjat7mN$qt@MiRQY4W0&B_^bEzA2>kSr4 zmpi@O)+5GnmF6W4rH{zW<=I^%j83x?uP)c-=-s;?PfnN8(c^pAmT-|qo(-eVJo$dT zhR0V~D;Fvv#?MT%i6CHqmrY@GngY}-Dho`c18@~S{?gy-s1m2P)Ce7Z6dAol0_B(P z4wY1SsJVT&I14g>Yka$|jxcsgHb*&EQDl2qn$Is(-hc-WV|&10FdzEh;R{gXwf94- z3T5UUoDAc-0R2J4^@`Ky&6>c&xWSF)B*KT8vE0?*lKL~V2En$%*oAqg(njk)`P?|n zfQXnH6&eZ)(vPOA(4&%ge}Ch2C@V!AFKS57L^ur;MebRWL)_vN$YO{#7=)54oVp46 zYarPcXJj52dFFtgn~!vbw8e4AT%KVp=nZ-D)9gC1bjYlE(0XPOrlGieh@S!yZpQ78 zYYnK~1w$d{v}_7%v~Y05q-2V-WZQ?Zx)p^@O>=-|WW}Q4(LYz-1nbin&@LjjjG@TBuf^3;^~5Ys>4kh2cp2Qo z1Dn2WIq_l}77O17uC;C;RC7{XwdTlB(eFp?zlO2!Jyzi=j_{L}t)3pErJ`TW6T0l% zhps8?l@=RX=AP5NsQuZ#UXn&ft%kyu=EBmNaD#=lmfj4pNj%@N8Ga zaoh@Cs5tc`-vib=vZ8%^^OXYC)yy$lBqmG$J&mX9Y8t z|Aeu+jZ(yTC=>5A2%S1>WUUN4ieXU3Q+ln8U0VxblclbVXceH!K8ZB1ERvVtv6h=} zvtKK1jG-HEj#WpD%+T^98H`X}u<%KkMQwF7uOH2xKqu9l2VPz8If0=LoXes!%m#-} zRJ=pEV{8i<4N05}Z_a(bJ+)Q#Z3AT-d32SFYFqx9Yh0dUS5Mzc6>0I4#?p3e2t;E&rUhh@UY#41vPymZYr~oV<8&Ur{+Hd1y?YSv$Kve zEFLpL3TC-Zyw0?Evv{OHM(#Q9{)M>8p=?HV14hE}^##CZKsfK>LR4>zHw3w$?Vg;t zr_OfW|8;x&SEmiWkMwvfvUPbZqIf^I(IjZnNzA%SiC#N9+DT#c6Ui%yD)S{PIk-A> zl4OxD&5hMDM|OFfB1$KAb!)~_){#~UCXuEefcWsBx-KkZK{>sDXywW#Z|gH_P!c0< zU0g~LdU$nh8Rji>AlsnkM<-u&DmSm2>#2Fxwyz#r zI77cjEbBeHU&7Mtmh<($D3C`|j*P3=^q@X9yfDYvlBAa12-C}q8LIft%WW@WOAp{* z+E$fWo{Y`V8RVHqQXts%GH-06nM()%ZD#-zC~Bu$IS`$T+{A(k?4rSjAw=-Q)iHAj zPww}4d6x541g&759Q>7>;N7O_Oj6XmmJCv!Lfo{;G_usZSTB&Ov@0#qOs4Nr%Q>^% zZsr7U!ZU4Y#nN^;#mm0ZS?0O<*R6+HpH?-~J$Mn@9M+{uVJcP}CRQnhhQQ})bSRc& zfQ^29Be~MPQUC*%S+}E2ikL>a%De*I8J1M7vsj#(>y0R)(VY@~8D`+n=x!E2QYAAh zL^7=Q1f3m+A>*zJSm?h)i zO5y%ziewfzX|F_UN!<+70vc^B%tpAXIxzU2V@^Cag|O}ymf z(Y3Iqi@Tanb1wrc7df-o4*o92RC){#V7)z!$8ef`7rcBHd~j0&>boPbLHvj z6Byv9XG*Aj9HV^Hl@^U@4OL<64(<2kEc^Cu#p6#l7bzBGYD{E}GZc?;7hr!SkNQ>hS>G zT`!R^qNyj0yx##AxmeZu>Z0vsuS$Y?_gSNjrnTW+{zYrfi_F$Gk205baj$t7fIyelxf{fffDWrOZH@%(7yBU%^PJFqRvR^|SiC&u95Ze$TvyORMa z0ZhR5+17a-wfp0c2DlP5bD+Dw85hg+H`AYeq%3UZvxkG!2BlUl^{LtYE4%w*^`g4r z&IdxPLIo!#CEJ>`-4qN1w08U*IvzRUdc_oX?l_jl4Zh_hhw=vD@}USb30vA{TaS!ChC{ zD>82PPAmd^YEhY<)k9|ojZu=q?*ojA4jV&dxyF~`1qR;|K|>rS-|M_9&;ofu>SFzu z070k_VL@vR#XV?vKF1Vc!yy)h#}fF0e#{u(>}1d54n)Pz#&T@J=b%y!*=WHOoP#X^ zFBb(DN=Y2zXK#qhE|Im+XLgwkkwq8omavU?=7#p<21K`}jZKlwSufYLjq|*+S%Cr@ zTN?Dj!yRh4Nu2cRRfku>j2qC z+21Gay2w~3J@4@s5d!c&=CkcqU_ycN^n6T(FAm`_(xqUHa#jsUkJNz%2(SSvVQ$`17Et7m;^vE@wf}#PqD0Z zXs2iHV>h~SGPe&4EV^4MS1&`=xE`=^MRgIJe!OQeud_~ptv?SCJhlv*KOWfhn86_n zfD_95#oyT|PEJ-fqe45K6IUhFbQV>Z{6h12_+^?Zb-ZXGIkh z1kGqk_42XBe)-?J(x!->?UqVdFuK>A5`~L1Mivn2kIF0~%H@7(X{e*t1oq_{Cuu#~ zWeVn3&WstShi5*SGQB-(eEGOw!L9wIMEwK<0z(J#rIS?Yz;QkTfIv=u5WtF7PQZVB z)0l?&i{)zo!V2W}M;8PD{2%&X&Xa+zp{{P%?KKw&$Z&+u(f0(Ky&pcQuN)X4UlPpZ zC)RBaq(YMq5V-4bywvn*xo}lqxhAZ--UPqs+#mGYoS~v`&D!RhdMvVSG?_t#!GYK! zicH0XaDMgG@QrkwkYY{}?^6zPzICgJk^)#qX%gm88{M;y7<0!hmn1l5_fEhot1#8} zI3FvQyr_~qZEOmBUiGV}j9q|K~Yx+sr)^)RKsM%hiNj+%64aTuIq-0kp8w0nDI+D&p; z@(vx_z5Vr%B^<%&Gx%F-qq(l|4HlMHtp(}WV*5mPh5D46`*7^CUHt9zRM(2tNGNCV zJI=`!!X>xCGF#Q2W>iVmXTZd9I#roX85v;I^dEakXd46{EB|aCVOe9N8edUZTKiTw z%J!{x1$&Bo2WpOTghA!cyK4cbS^} z;w6#NXV*w>t6U2`u)7)c@a677+<@&E?t#2o3(kM7y{Sj(Zx9NQS2;Ls1^{CNCTB5e zOek9@l9(X<`t}MAXffv>Hql>OfSfvgP+{Po;I^F#!k(! z4y&IaRG6)%|JZ+Z<&c$n^BcL@bRg9~R0yylCo3y}gi@IA7d3dwBSHZGY`1*axw#XT(pD z9HYj?_;Ds+8;QKiDJ=j!@)69yG=OY6ay9>3@3GpAvQ2Ko*zCNbdyacw`TPfJxeF-n zQM1+7L}VH4yjARgu^Ha($k4W{4qF~MKajf79^$PqvlP0ZC*xm>zcK`%ixJ1J9spV; zyM`DB#|PU7RfgddM4@Nd8xXPhlINTpIkzY@J*QKmL40*(Q*aBP@o!2^!=P&1RiQ zIuf{}b%t?^_@s)v{MGoew9~#9#dNhzES9X9Q|iXvS}NwsO%z0F)uJ z@c-{#lc1N<)6*X_(F1#c2Z91-48ULkqWXzjj}?*!r9%>;xstSVamn7f;y!3^rwQev zH724AP$=C|uZ`a*-i#wZR0<6fFW(u?Qy3RAr%7wltQgDF8z)*@ia(V9eb#HAy3y9C zS*1OxUKLE(Jr~iE#MCP~T37(QF@Mt{Z=1p}R1WtUfEnDjleIfY1a~2e)UI$v7ipHs zB{^i#P;eWa>tdcp8gG~}55;CM;DSyR&TQ0RHzh`uD-wdE>>Jwc;A@x+`8N_`VRRJO0puGqZAT1+U)EL0tSuv6C1? zFys+UN`0TXZ|s6L8A<^V>`@vjphkbB4`4EKzYuc%4~?>o*o6 zUY~`D$^Ls5dphG63<Ce7x*ejq&1OWWRlTSB!tX3skEw40L?MGauPX6$9?PxVC z3!gSrM1ZMh1bkXN5G_#xZC@yE9BE!CUJ~n`7;Y?K1YtZsxmiIxAF-NYyZ|*(g1j&r zvZA~Y6Vt-nzodpdCM#13jsZLv9(@5dv%m zUsTRRbP==>@~FGC5dUAGd%^ogkxtG-NCExS?RS+2X0a9wDIcoJ%(>dbYCnHPt+A{llA za6YiQL$Lo=qkbP{9Kn#V4N6(trBYlN@JM4G|6)<)g>PDk6#?Qp354bvJ%)aoFu{{h zosj3RiHXlR#8+t@)xy3@NbWc!&_O>S@c|{3<%3cV;YTjA6(W_F3sa8JM=o|HB8`=@ zRE~?7*hNU1FzAd+9TzGjMW#3_%?ASaz7MYdg~0pAg0z5zBeBTQh%{b5={CuQ@|Y|8 zrGnCkLZo#}p$kf}1RuFvu#jA#m0YouT&Y~RQHm=T)OvvSkI;CfLYo*8Db)C~s+w9c z9|wJc^!CeiMe>&h+zAoe?>3sUx38MbhVx~d>ekym8MSyC_6ZYV3gB-klGN*pJcijc z-PAXlD~C@wT!%9WGyX*%XKYf(X=u3j4TE;*@bGn@1}xEazL`~XkW7dfpc%j)5Zn{N zf3UtzzB54l;Es)=W3!kf5oN3)(4{NGJ(XP|1ri*@ykQ^ zo%E#z>4Qm_DCsdSjh*Z<1mlctaUub;d%&&;oo*`|Tc41cb8@pVav-l{+SY>~seD~B zB|i(Rk5XF@!ehM;k`eDsl_vio^B=Niy=KGtWpd_30RR9100000000000000000000 z0000QKpVn79ENfRU;u<33j9#x4hw`j00A}vBm;3d!@ddJ2_$}BK(7M`P$}^1Aw%Lq=q1;EjmA~_J4kV zyyx5p;Zqu{xMVfJrLCmhXZOw~o_Xp1cO+F_93qruT2&Gbh-_$s%6S_>?(QFg1Tu;& zsI3HIOsL`cZT5h#Q*q8fN|6eo6%cp``ROObHL)??*fLeqFP+h=(X5p%NJ)4MG-cG(sgaeLH6Q3gG{Lb>=YLwH=o( zLwOjx@dO0pA%WtPgR%=5T@;-2BSb*Hs*^7t`C;)I7zWUqTtld}o0@X|qaa;CQ zgFJ=)Z%$j=ygkpLi7bPfa;@ELf$4Ig!r)S%e~JIS&DVC%ym=qO*XB~;A6BTB108S$ z0F}P(O8QsND;a3NOtfY>_>Bt&fhj;#VMPi7Oz-K_ao2>W&-6)Kr0!Gq{C{g@_E#9^ zMFG2g5h_Z@sOqX7s+!66*32XWfq@Xz0`&%ZCqV2rQHjf2)ewf+AUI@qcaDr9VFaPP zcTm|GpKSc|Qquujl@qDa0oJro(R2y8r0Yas6;6_yeM;*}L|TMJd5jc5$WW7$7{5F) zCG?9IAvEi-v<_?7e(tVq_C+U#7`2#dS;(>wV($lG)fSyu6WoH>z@670@ng7UFeB>= zmX{#@FD?Nf4*&@9h&rfMD>P~hTCoCcwi()GH+0w$=$I1-1Z2%Rgznu|CukpCEe)W0 zwp7)F{NrtH1R)xLf_ep_0jR+Och9!G6LH-aU?B5Hb^&19rb#!{8?`|em=FP^k!%GT zL@(zPWCJG1(#18cD@U4*@YlERef7@tBVm-B8%kcdF+n4VmQcogQ7(I*c8n5cLb?D zG1+VuhlA#FF+3iQ&nE~39HEdT5^=?1zEmb6OO{Z!Y>_;9P@y83iWMVDl*m-76j7#3 zrgG(C6)I4wRAE)C#;Z}oR;!k%PMs|ES_E3P@{F6pm^Mu^XN7N-b%@Qj$h6gN#6gFM zjyWN8-g&wUE-+knMdG^a5;xtHy6v_Mcig4A=N{R8_bDEDK=#l>ibozxeDa9~-C!Yr z6d;Yq;;=XXL}(NmLTGoYEBx8Z-yvYA46s5X6Ih{!4xVV<)|~gG4zoL-oeToB`JCqn zY(;Oo9I27&mz}HV(D5LB6V zpDjVCu1Ge#THsfJ%1SnJ=Cm|R+OAr&{A31w`{66M$=PR>74#}yD`?BY1-5ZeDd$LD36si`ZUfm7dSm(yo0Udr=prw2v*KN#x1`{( z@){6hVT%h*+}?Q+QX89GAUf8-nOt#pX?b4GEIW}X%OHNX#%T3U`!ro89MMAqa8SAB zdclQ1NirT*%XS?@=*nDt$7~4~+z*VwZFEFm$s0naC6`<=x&EstBia)Ac2D;j__iK$ z(k`~=UhH6Z8bXwam$QU;r(!E_f9WX6W~qsK;<;86zT({%g&VE70cM*odvr zMn3cSt=`gpw6+!fzVkkhgC|{X4zFdCn{*&%FBZT!uBy+Ddvhg`9z=?v+u&%>j3?OKjSM?u}W2mid9?|e}G0M477B=b%7zG zlM*&1*wmT%wE*1qZIX4uuUhX!|ZSkI-aU; z6xMNyu}5_(lAcs0e_4Q$myc)L*FjVV`g!Oqp-UB(K)BO9ae|}vd_J(ZHy30r><7;S z$rM@jrqT9$Kyb1nsf$L29upB6rt$WOeLoc&$6H%`kO#Y;>P}W6y0_Z|%<&c)3s(i( z*DR{41=Aep)_5*fZmn!pV{S)T@2B8o~=#3BY{*UyzlSFfLGEP6TSY-*J5 zwnwdFP`zJH!`y=s-L$tt3{La(!V(&v&JZ)@umRK6ICDhjxgy!%%*(Av&Ri4p5F|E+$ zwBga(b=A^teKh@$VvIN|#9HN1R$E8udYhSKWPjy8vsRrB@xz&Qk?g7u%AOcq-v zM;2G!hhAJhIZrm-Wa34K@{@gxz`!Q{aIrjf2MrjIXtbI700$6&MoMSHOQgEy3BYe0 zm;!+3I>@(r|D*xX_ndg%`w+J^X>E83opGA zY=&qvC730_?16p>=1fDFIWlWx{Wv-{6 zWJglX`X&S~mI?xuBG8Bi!M-a5T|^ud$$aE>(?yytT(xP?Jh1AT=O7J*w7{Ty#;74k zgNUXd2VBX*C|bS*1du)n)}Tp2%2lHhpdrY}B2E`d2*WaxKsg36x(hbU10ey8tUf#3 zLXieV$^!)yP?UP1l!Gqdx;pS*jCm*$7+}z`ocqQJwMxy>?H`pDV)Ju73CN%1I7xu@ zEXP6uXrO%63N{)FMgscc1qm0^8%98bA_Qr`VmvB5RRbYRlsFU+;7=GXR3tpI2NPn9 zl#}4w4Rj)45iwpjHu+&8*Z%*`aVLZSkM*~;HD2)Nfto5Bz?WnBeVe}pypxaaT!R;| zF+d1XFa;1?sJ@lur3JW<7>qNVpe-?xU3Bh869SHAOyK?Kgp*D=?ToX|Iq!mtesam> z*(n|dxa1+2U1q^}iy@#yy!PaD5=S1Sl|4 zz)=TY{Luv;g9RSqM)6>xlT63}g2}P1UIx7OPDCOWFb9^6y8%aXu=0J9T&z{Zni7LW z@nwOMn zASlCrdG}BW5=J1EN|7?%#{1SKk9_nMCQ5FP^;GZn{=HDrCDLu*^+TWdnLqnW|4eEn z?T9JyXFQNZCyoEFB^DBrQ*-kgXN~V%_SmP0lGCF&>)i5f-`_JQf8p&1%J-?|Q2?bK zZQn7HfPeq|SKwkk=I5)AzXCk`{IKcqg~zpzH$AjJRy=iYdtu*h=9J@;OZWet6xgFahmlLhvDsxkg|zxl%w$Nq{mY`4E` z4*(bJx7Xib7JKc5XI?tsP#`ekkq!Q_$&mzsr~dSv?*jwl9JV#1z_%XT=!1_wSt^%- zk%?I*i(gpTIb_L}!>Li5YBhXn)v5QZ22Glc)gqu>D;vKRR$60~)z$*UEI_UT`~b!u z17_X;&@2V2695`OLV$sT9W*>LmcC9EN?F75dkHHqu;*ntlPa0Q3Q0s|R|&_2{1EoI zfY<@f3^FbR&3ERLArSGs$}kLP?XS@c4k*Ybl18Lpk!yH!s=)IzTy1$sDeEG_aA&Xm z?(itoZ7>31s&ZR+Y6e|`TAr5OfHNjlF5E8bap+ikHtG5(kDjPKk99B5wXS!L!`@Sq zspc38cdR1u1DW{X+dr<;x30R@y5D|VoDAW!v)U4~GBd}#hD-`N2@y@C)M@2R+J8_f z%=bIxT;ERCjcLGzyMIgxkp3arOh-O8%lJhJt+52uW{%r+{+?vQMHH$M)j@Ksxs??2 zpnu~IH!8xKN}|gU+(iR1D@>%l_-L+aDw49Sq{|x6`q3*LTePD^Z2*;Y^2XG{9jzX- zjGYB+p_?466o&%UeJM|q#$^O7KmAA)7`&}o0xRz0Z#?!Hu+d&n4T!=kBS!rq^`5Tc z=P*Y01gA0~Xp>wr)!J+{*&bJsjW(EiqJ&GE3<>pyG?gw{ab3A_Fc-w~LO8ueZrd>| zP8D}KNNq@sH=I%!=5CrUCn->%q=jtVSKk#Qmtjr$ou7C3jlS9coL~A7ze<0E1)EPZ zy$x|cXe3>%FCGrmLS&Zfz1$VDY88+=BQ~%rBwUbOc%AZ9rht0KKPMe%oTO=3uVy5s zXJ?EZOPa@&WLW`;btW}oqOee#Usir7ACe{6fHFL?-=j1MtJM^HqHL&fK_dlO<&<6> z6OjK}$Mzi>x;P!TfNJ3azWxDX)Fxj@7zEPGg||x`hqSenv%~Y0t=@4s$EvVs^=h2t zd0BYBHN36-OqNnfIX$(tv-xkFq=CKl=Ox-C;b`f9ylM_3NkCPT8vO0!1$HjYT*%>V zKj7aQ9s1@fNtu;18i=mcRc4ffPCz)o>qv)ksw(>~MER5{3A&i?O-rJhn}M!PK*32G zlw2!glY_-?#v%#R=;`H(o_{6(a82)K{kd62AP9F)wY;XBZyK|BW3ad|!ds9{K%K9d zi-kxq+;#$?JQD5F{OP+s5TPWb_*wS3?w!&SqWDuBSJm0hEo~gOgd;#8N}dt{c2J-Z zQcZC|Qe3WlR!33wBjdG*coP&kN})_sHI#~b?OF<$n)6^nr9@lbW(o??a)dG{B-K8&>1TR1@w$U?nG*;Y(uf~RuLlSO7Yhk&T z(dVc#8FZl`C#+HkGvJ{W6kUfeYat)dq4>)Q3obY`GoD6VAsYHJvM9$RUPptrYCdpB zUujp)$%MGhw|L1L11xJDDI-9I|-Z6rGYxy!O#Xko;dN8QZZfpSb`gz++ zt8zeHVesK2+}Hn>!tIFvuBpd4HaiflizoeQr4XIGS)>+Zz117cXnD;9NhW-*pM|)Y z5_}ezpB1ABH@_tN-dX>0#M+S#CFv7j0oRE+d*nIn4-)pBq-ja-3O*K@;|MoeFu?{C z((Iq~PwhoocUeur9%wyFvb3z!KLA;FZ1ICfO7Vr{B!AWC;<6={7*QlLj9*fv*5FJxV2RzR{<^6$uMlKz>@4;z`oJy+_gOQrhV-oxw#=WVGiuQ8e| zu12jI+Orx_2B0tevzuIfAzkL)^Se_`ht~ChT}DE~nq$2>rruv~Gqd7ObDq*^`-_X6 zq?f4OHihf!{ba0!n+vuPMfI6f`=OGiJ5*CRmS!B5;NKrdK7^l{mNt=5SS+m3B1N7hr&rB&f!0SQmo3WsHIAXp*i3rj25=k{9d(W}jCgZz0I zW$N`c>#^2dr~bib5ZaneK7uVtXhIX3P<{94f4+j4QzvhYJ&yFjAa>bM6ioQdJEX8q z<&110uxq-RVZrBcU=AgImt#UPc3(gQGT{&v7b8cgnT&LkC8(36FbaZ5&Ocv&kA*ZL z5g`%!5=JXg5O%n0%;wd3b7*stCKCQMbbgZ=(O@1SErA+Iy5GkIfKwG4R?S`4YxrlNs$8S;=@kjy;GrzJ}vOU&LHs8Qx|J?CFUDifw%o2?jK!%`}ki%K8#scuKk@fWlta2lP%+XVa5TqbQS@vyw?Oa>r<5S#1=8ZmPs zlg$WrLR6n6XZxE>Bjbtg2i#Ql5TM=*Xsh?SVLN4&%CoUTd`Ju_XM5z&5@t2@^(2>q znelO(=^dzcjrjS*$$~$kIw(LMvJ1{#H%6gJ%^yu* zFYcF(Mf;3-hnjItIZf9>)xoHTiUY^d@vOb3S%cAoMMWDJR+bmqt`qAwi0%1%$(t^( z=dfqQ+7c)k0ng3<%zpbF-v0x%AKUO(_xag-jcWyS+38mj*!myo>f@DqWg<6cJQT0V zRBN@lV_8PeG`%#G${;2gw&ZpdBo3$Nf?{OOOiRw7zrnerKPyLBA%@vXrZrHxCK0DZ zQ<>LfVm=LrtR+)>Io8sq@=AA;8&x>c+|c=f z8`;cz!)D;0pZ^)`AB_AtlGE-7KO-}%rNnE zO<%hz+ETH*Uqr%Jn$ubzc{yPvv~u+FYVw-?X&*_!_7DdjN?KO@XZ9vZmO&Y#98y5~ z_?qS7ty<+gNHThY{6+unq;<+UkUo5z{3Xak7W8FjE~%@}9PG0f*s=D^p}M*SUrqAI zYi)t@a+_aUkUz%&u=PJSwKDW>hgI(l@b%dba!j2*$zKW`$gA%UZuRMWzWPZxa?QL- zilrvDXXmV?{z;tDw9SL}+6nAf!!=wTb_cNaztxYWY4h!-jAFw8w6W(+_S-V6{5zrW zq}&Q(kgD+lLT)85kIv$MPatyFI;o?-q3Z=wdA?7gOKD16npynk-v`D|@dMDFkTyJvqSupuW*9opa-^p~YtWU@3%nSZWl!{j0G&57A7Y=UR#s^`!R zOx1O(V9}4W!Sv4Ai@Cy_(bc)oKy>v&y|7m=oF82?2vvqxd%40nf!QNUW?Q&b3+0Ae z+Z0TI9JX&&Y)I+eSn(6IOFJa#Ub#iP-?%~5H&Xrp+L^Oe(FcydId2^tO@AJ~DgoYlrt6#41=W@}zrrza!7gORMaPIGbl z&x?8i7O8Jks9JM!je$0Wj&C3w)Oon1BXYtEMY-m31MmKes(37;sHgy8owHfOQz;IBwAwHZ}|EXgW++P83~1f!d~$CPhNuS z;3^DEh`X5>_jv-efTc}Tq}ofE$z0@tdPm(PRI0?BPn8i~C!k}Z*jdG8a;-$0HI8RK zL#SmleFQ=ci(SiV5dVV1G|?qE_`c1!_zOUNd|*d#!Qo7fINMZLk~Bb;o+ib2wmX3O z_`HSCiW6&goHr%93uV@2MKuf?fcjJCYUqQWD@s;zm@uu}t+zR&oyW7P)I1B1 z&$XykTq{r=+R`~6I%}dZi)v;B^3pmy8B)@bC6IlAof<8}W{E5I>^rnL$TD4>Kq;eI z+`k0v32b>vts3IcI}z%F)>?#&*x^CU_#dZ4#-9<9z*VHEn(k4%v2Tdvn=w%*uP(i} zzLTx@<>jTi7%$cN1IhSQCU!>2-#^UYYio+ZS1Y#Hy3XqSmY~Qf-F+Q_j?)|(A$;lp zx{h8CZXmPUB>DEgkiufqz^BeI9pafe5$xaeaZvesFxt8Znig#xRK1?F_9GY^_i>@% zxii$52UUfeCrh7CkUj5@Ir&WUN;rd~yPd=5A4LZI@2R+3#m7zlDffcpiJQ*}xUmK+#gjymE zlhdxx+5W3v=Crc`!*Pi>5@@zx;@=7Yeg(U@7Y!*HC0TQmXTR+Ed&;$O*A_uNi--1V z2SI>kN!8_@BaPL|m2EjP`-jthR zaiFbaz>v3~x!E;$k=DDt=Z`6u$6a0o>)GCpS%pb;(S-R9htTa}fNGvqV}Y>2CB3%S z*emhB5*2P^3qx1ru<5-4p58s~Q%phF3<2?4c;7ay}*5BwhOCoLT^|3K1 zxjaeE=dm-h62b1LX&2d?B(p6X9aaFtCw7%3X87dFdb26DvN$=3&|<(@H_tK9Re{v> zv;E2fvYs6>*GN}&D7IVHHD{&t)*6B8P}{(EgkjNN6i+=X2S)P^ABBni* zT(e7ie`nUe>BmF0XYBwv=?)RsPt6z%h0Y<`IM}hM$loFxe)o}lm>h^^(?$PzJQy*j z1&`lHZyuoiN5;4@ICNy3u}my#^jb^^u!+Ug=`HXrndOJp2`xm)8Y@CWA#4Q{|s^~gW|tqE97ucqCwTP%U}0erZ|`q31}ERHJF5b&r{cC&A-dJaqFYx)~gLQU8dt58JIM<0T92*xmDYnp= z8(Z85R=wzOvrTab|2V*NI;&F#mTb9g2vdEVRTau7z(N- zZPqT8=ZxvuQIxDvw^7pjtr$WwXiOH3!Jx62G+_CjU<;(GAUI8Oidc*ihFD@&=eRpS z*9(*g>KlamP$Iz>C2CQ+bC8uy2$?@coDttSu=GVitg3RwIW*Cc5WiKDWoCIra;cLl zvZT>(f4gdtMD>M%VzN-nNWL7A=FMO&cI(^KizpN4>v0xCEG6t9^N4x>E;-}(#-G|2 z{HQw^%;pR9=|+9Mk@EHA4mUCwo_UHwKL)Bxzs_xQNx_FGV>_i^QI|0v9F$F+=i8$7 zjf-spG{_qM`tvxzIph01ce&`9<$-fKZ||lL^O-FEemY}6pT*=41LW-7`?=u!zKm+! zgT6kGwSt>2Efd|WuVbv#3uf=zH<5Xp)YWUUvJcNRPX=%;F1}{3`mV|jc#G}T-&NbM z6@xd6HTSb=It>wT2QHWmPg3it+4nU{dknFd%|clDsp0~tK%B})SlH}hV$6Ke7?O2| zPq^JpV}eYYu2vS?N~)Vub3dD^SCjBIm=YO%J};On93uyuAgBFM#9?*OfS(@*>ttjk{tTUdoKFyQ?GKZ{j6#)HS;gV6@(%9UHKp z*dsro7$k$8Sit}@9QOzAe?b{rCHfkxQ|Aq^^xV^+Jw(&abGwqd?e?TDx3itA(X?~j zd6F)hUDEA#we!@9%r>pQJ10lq*`~=fw`=sBHP`NTtur&lB@h)T(vtHE_+tLmj)qU4 zx&i`M634;G!35d^Dgt;Rl@&^oi_+2(F2iK90)vstl#U#OL1Ri~7MNdr%*jIPBMP0w zvMTNo6qT`K9wU+e$Hao7+Nb&Xqx18hPL?+?%45|KT1_wa%L~fFTA-8-I@ty&>_8dV zzTGmNS68CwFRL|d>*-pjE^b&=kOCzS4vh;j{OR6`s6LGF{ z@H=kaJyf1Hp`M&2GfBHUEaj>$NtrighO<0tQlHY!%tn7CI&PPt6|%^uEX=fb#Dtw_ zb%GYSVvl5c@<#g|9ye-(GiHO&R}K}z{Z3CQ`bb{SS0hm}wq`N+ful%++h1Ppt~VHy zQq25@Y#h^IpyP0K{pZRA8*zo2sn;gDrU9NjGriP9Cp?OaVFjH|a}=uWI;9}PHK)A@ zj36c1tRaOWgD*^80u0#d$wW4oS+?rpcW)@ZIi& zqh?8L%;ETC_ECqcsiedc$meuLur+u8MJ33vV^NoTXj+5`!&Di}mgBh#pr~6x_A&nRGN>Uc0gN@xl68gJF_#>Ah@xm&O#S_uW4bzDn4PFD#{_G)XS z4+z~qDjdn9!r4tOEfli3X6B?})~TL7Y2rDfr5ll?|nO_}i}|%_`9B1fGaC!?D6f{(y%4RXT+^s)mTx~vf1r(UtPQj+-VSg91#?MB)+goW0|2A zxzWO>cg13P|F~Q;`CwAX;WFO^68I}vJ!QzQ3yX!2jzc$js2YfHXm1^mtN4Q=0{g1P)f#PhPaS0zGc1 zZ&17A_rk_CXZU+fE(E3mt9d;+e2h@)hG3)0OnG;h;Bw9m81_@c6;Tn%98WM}#Gp;0 z{cDXZ9C=u;0|Sl{RtZR@-=R|P&}%YiNFmN3CTIncFM;SgLhP*237rm|pz$cNCLy7Q zDD!@c8AwuV6p36-np&MSZX#7w(&$-e^sH!O0!AdydAw&5@vp|@H+0l=6lz*j)HL%A zF&$KW*tTwe?3iaa1YTF1svw&rsTK~ghciGG063TdW`Q1bI_L-90w$KMShE!e=z1^@ z!7X66B`dKAYXM$MR$|SVZDe{P*SzP&k`-&QK(~OSmaN1Yyb6~1FON1BEnBr2n}l(f z9@3VvXgMZT%>x!K#~k)H(lnekZ&xf@wi***^O#t)9FwFLQNldIaK08e+T(iesAU=e z&eV(GZ`ySLUts|d+vo*AjjV-Dmb=#gxb}@3tLxuQsaZznW!|e5dWBkvl?1YL!N31e zYn(Nc)w*Oh$BbHUt!MS@3jiM*3}|>KfH+e0NqtJ6#*a>`(XDP(YopKTv-+GquP^9} z`X_x!UG{>(&wy7?^qZl;ifz~;V0x2YK=H@?JgV!7JyDgrcRG7jUgwj!(e>2+bGo%= z)pU*#m_1|k3Q~>eN zguNQ|1z%w$;9jro;uId4qxLtDThDl{)y}+W(xc$-N`+m*2E>PBm}qTsG?oKAooEGO zJI%wkExipb1H}H6+(+&^PW-8kC(LMV1~M_j5rWp1nx=uA!Qxy+t{*w8_mzI?oS`EG zXuFc*`IjW}^Jq|3@2i>4>^xvu6V*WMrg_J)&3&~SvXPn9K!QKf_Uov517>yjEB$n> zGZcOErv^!4(~1{fHsrq+OY2e4QvXq>qXRhz9|waxR>i1ktHWryPYv*dD;#t9V<>n@SjbNfUhYQGu_?paKi_bEjCB5BVY|eR_3=51=uuMCr$m2KT=VUx1#Kw#6Zq#XnX$f2o^PYgXT z9i#X!1crD8aP!rg0PejJNdIL{^#1et=zjuq1l7&IAA$Z{$C6zbOz}C#Z1>4>2FUd* zwuG$){EjO^O9+?oM{8Z*@bLZ<+3KqVgTJv#sdEj@~LG)mK29Z_UKZ@09%#RTe8NL@w$CTeqPec#M&ztN*& zGeJ~SD2fE(RS3Wq4k9uXgvSL8TcRpsj%|T`ik78Ec*`}hHV+FKyCRs(IyLyV`C(=r zgl{dIeUUQeL=)ItC72#TZ98Rm-yLI}`s|IQ=}1SnliCDG!8pRhn>vIY7r=H8?0JXe zP`Vthk?08qBmj*VV88|!oCl^;#mwEpHB~FKj7sjq;3OM(~0cj@0i=knsgkfHSmMn01aZpzzqjVjZt03UOvQm zPG5tNHdr&GAG48A!a#^{#7;n8T)ppr|KmU)vrb|VroKA|MZ z()f^8pBgFcL5YN49#|+<8b7akRSKy_I+H!OB;!gYD^deH3I&pPNWPI2sC)OT>1a5l zF|c#R5eoYAg{Ww@k~BgdBS?5Vq=@>>VNJ?Qq{~ZdHGWq#YZRl{qWRi*<5KCXvD#xg z4kP%yNQPe|{s(HGT=EqtRK%@V ziJi_mZI^Nt=BspGl{3z{bSCzp+O_b1yJEK*3+!>zbvO9D_1b%NYSr^=&}fY&V>N3L z(56+p4!3mb)@7VtJ=WT5rU}NIXp(o1c;m`2p`vP8EL04XSZEknICyd5BUm>~%XVDP zmndTpB-jqJ9>qFgf*f?numet5HRoGfZ4+sq{eJY322!{TDjsE`l~Q`8$}}^~HcLOM z;QXRQi-8gg4Fd}YFHSsy1Vkic6jU^H3`{I+9ErGi_ymMmX;nnTnc}!nrdkw9`W#D= z-j=!F@pKg0u-lk0#YHF)6G%GtA{2(Q;a3dAqEr-%Q*kUw mC6gp#*(7CRnle#KqRz!KMA#jQ94k%OZCcn3>wg;b1_J=`%zc*t literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-regular.eot b/2.5/assets/fonts/source-sans-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..e4aed0bbd4487746ea16785032b5025722fa8b3c GIT binary patch literal 15027 zcmajGWmFtZ)Ga&=?t{Aw?hNiQxVyW%Yw+MMgS)!~*8suYHE14!dmuPOzP$Ilcdh&H zRB|023P{z0N(#RjenT?KP47G>mOtP zPvi2B^ZJL_0QCMLUjI~%{}gWjwA=s=00h7b-~)&N9R6WG|Dyd5kIX58yGuoj*^QUjgZsu-0@lJR{>$$B##0CGiy(i%DQ1C!*WBG_G_~!gW$h>Bm~l zWYo?rM{k5r{peuf5VqoWbvO#-Q)I5NsXC{#w2dD=&Co|3uOWc#K3~A)jOZSN=Q+enjMJ7 zH?6~WK=Qp4!*X>(7j>r$I$X-S?r@MJj!`k`$FvqXrdT7n}c3!lVz54x?smsPYf!5|dNyBCS5FdH3z3>KZhe=FDM=G<*H_vaS=P;v; z>*K96i8YC{gi(5y=Dj^-18}b)u+*O-7CRQcWk3He%+EiYGj@rf+UyLgBC2J`yYwg@ zf+tf~4eZG%N6KsnuL87+Fsj9&hvmoq-3-;}aeCu3k9HWiE*ScH!M{`MXGYB{e8W=Q zRh)=+yjI(5+PiX>ACn^1`cvNDz8?aiMk`d;F`;LDlo&(#{?;^&xW_@Y@}P+WN}d9` zlD-nq3{~$MKE^k--4C)V=Ak<+3FxsZiTD)_+U!{HF)5FMDXnII)B}Dwjlln=`fQ@# zyWOcJjl-CTQor|DiyXgJWZR*`W$9vBr#baV-?fJZ{@c!^Camr);t)Op?}15hWh!F5 z^{$JEmN-|e9NV9|BNoa$qfT~baup5ObE_E5>n<%mFHc6p{c9*yQ0|emVVd$Ew};E+ z^mY#@im?=cjvePeCusqLZuv!^e|5^+hxDhHB#6bBYpn$!RiIZ+Cq?&MnVN@DY4F<| zP+UTP2vm8~7;cR*VI$A=k+6cy<`~+i*SzWWSqg~*4%-YoO&sQckE0@(P!ZFa28_=Q zrVUzZ7^Etan!K2@;p3Z7WKV}x4Vn8Jyo?utPz~tCT;^lW+|eiAbK`V*xk^{d^Dov& z!xk5r7`ru|StEE_BhK&>6@P$IWpnKlI&j4Za!~7VO zvpj!`7wT3T{|I1-;H9DP?+Mc;)sHyH+WXQ|nu;jrHXik34@~e0I?50Y1!{`s{WLvG zatsScO}%9}z+=g~0bIrE*FYXn0^VOEw$o~*n&M_(ToY(OG@zm zasFT$ikguiE=^nH6tB&>Qodo>Tukfl;;q3$63^2NDi^VV*{6Hh;#-g)2r=H+@E`|B z8!;xR!6ebboKTsy*<04~v!O{6jqBlvss+gf5q!AF>Y5WV*|^~APSRmQ$($P5{@P{_ zJQJdvUEjHa1i3$fGPWst%e#IFd$s;iDlw!1M!_4fFY4X}sUg?vSnQv0$Vz~SVK|!m z3HYUD6imQj2#x{h7ibXuz3(I^z4_Rh+DS@Ha@zOii2U~J2kNs3kzQn~g@=9+OGFAw z<;p9=$4skjXFk-{o8(quS{l$h=Z5ycw4C(*ZP-sL9klf<7K0U9R#Jox6t{Z`Gb@XKT6t=s3>Qr&ZoNytPo7QDb8o9u<;}9d z>!U`&v18ubwIbqa!1ET&7Z7mA{9^jOJG<^rvY6yX=Ao;L4uz8%|9^4BFVS-%_Y2EK zyE}0>XE>jccDrJj+~LlamDG{YbcZ8aZY`tBm#Sy zXBwcyT!=+zN$Z?zN+#E!`Qt$WwUW1I2<-@->?ry(@}hsvT}K;Fb`Hg&E2?-uo(^i` zLSAID!Y!Tjy@kjG1EP65o~R-8*Lz57>|*$p0>yw>@57HFAycOFU#QNMD|#kwnSi+T zt%Hwntj^BHm^gm*wx4;>!8V(*)O-&pNEQ~Qh&+$AYpa?}(b_1Z1ZS6LE^5w3U zcHCJcn_v# z_i)5oBI5x64hG8mm0~__8dAaJTWu)&pHB4=iEj^Vh7>tYY;{~IOqMtjnX!8&nxr?EcU%axxlP0*bP%!q=Rs-bf0 z#VukSj}*cSe##qCbkGifNSczBlFV?o=aNIq5NZjZ^3h^~iEZ*;JU`3^>ki@6*sS$> z`mVdUlb^7+^KM+F6Rp6hW~AYvJYpKQGw&j_Fk-Gyb0Hf9H{cn7WN8duH9U%x0^hAl zo<}hDDOf+;#rKE{AiZ0C&chdctin%MdGfwA4zI}ItEjI3-Do=0;?+Up$D*L1o5e2v zl14(f)Gqjn>s3U_#3C2-qGLfp&CZ-EyriR{n)CVNhXpF7zD@u8z|yR6a+2=yrW&d4 z>oI+^LTNH%PmFJA9Dg0~x{HTtR?ew(s{iax_d{GG;4~*Nx9E?Or)5ZnA03glVsyUq zqT*2k6rCz~A#x-{(39BK^yW^jMqOmT+Flzk z$>6&jwK=YzsFb>Uz18!$lqhXR$6e7vACKsNWO6&b2PRDx?@hC2UQSrnL~t!7b@Vv% zE*v=x(i*_=E)<0q(xUEoDfWl~Mv+i7oWK1<*q~$5b+k4v;x#X&)8OW?WN@A+&D2&! zM_J+891BG8pXY*84xlM*u`4O!+0@@6&qf@VucE}E27xMl$BbkZndu`o=_SSG+5k_? zP^!{yP(L*21fquV^>;Efy!35%loEqx6m#w$C>qmxw+RFas|(3K zMVqJe(c_;bMis4^!fyqA-8@K=yt$QOD}t_y5~odTvCMOYE0K;aGJQfNR1LMTkyV<$ zUcpw$uix+Tpu=~eBge}td%rd-0#=X;F$tC0CYvtJ=y~bC5r5nE|IS&w`nW>ur19le z_@jE->d_Cg>+ro=$KMi9Tbo|3f`Tu9DcryMC;g>;3vyqN{eU9DuM?=g9!stwnp^vQ zk_1gO61iKKoqo@xp&4VACc_fCMH7YeE6Z4}5@||7F7{_qNKuu*m{EokUj<>tgnibR zXx|xKX7Vb=C?GJTW6jW<1{up zjRs2>7V!`hUyI1`F2;0h0uVBU@H{*{SqhCV^#a&A5_EPnEHzY99;EMSq?)u3yz5vI z4_k@#O;oEjGC4;MW!{RkeQ2K&A}9A~Ewow&%GWNM6L54+t`evaYK$8RTZ=k-W6+oP zCd>)<4-|MP2VLi06;&AcsZ{$F@QZDE>vB#_HOI*Ze9fM0sRq@|37ajXBvD*%DR8&J zMcJS=rk_o5d`|jC86=8VKkU1CXTjd~lXel~LBC`owPu}<-w=d0GmApiKNpNB9jzcE z0!EJE{5E(~!_PNV&+pwTp2nLF3VBxiY78adZ&!(Q%VEaOovzGsoGv~IQbeY=7j?AR z1bUt)R)Hf}Q<$3e@@~Sut?;|MDHC-oz)wbypf$S;A+r{5muHjFd=Wfc=xkYX?W=_& zc`n|+BJrJhtZ)xG@g`;Z4dsha9b50T1SI*qD9B0y5a9h?z!;c9ux+RlygWI+S=D_E zcb*d&3K=>xfYjdrMgoA*-zXOdQ)v92 zcgS^NqzT7DN+I-cZt}n#vJD$L~6s)JX)n<=ZL4*?zN3`dT?eexnk zqi0}l-CwU3M71WYH(-K@T1~2QWrHOnr6h&F>%jQ;Q_DLPNl@J#4&|?@TdFsydNA<9 zl8GgH;F84mS$v4Z2dD8E06utsGYp$`L$OawxH)MaR>qD&DxZSXEQP=9Xi#uYY* zPI6Hx9$?$T+SwpNuc;20U7p74m3VTj47DCD^BWTnx?4};cgvU8Bp56F%^xP zsew;4I*5V0^`c2*1Iq_>^A{T)whZH2}}MNGQe!#`^&m5SIta_2{1!q!cg zR-)(0lQr18$Lv>etySpPD)*}}h1KwS344=FF|xn!ZOddBZ>;B{+AP9pT)RGP zg6W%=V#D_7v|WCQv#pPVYwn_6N>0gWYCiJsZY{kXuuacuVweac?EHu5bTW(}Ja?#h zdL<;1s1+okf^vrrsvTD(@=UjRS^FiMqH6LO->7JXbcVmH$ou+Xi;I9V2ngoI>AYmn z$@r>v>r!pC%NJ3UV*M6F&8qQIL(_ssuU z-sz6JURK@mF}Wm*V!e@rqPZ{>S~j%D=!RAog3czW@VU6zH0lWoV+3#|Z_t5hp~uDS zS1>;lCw|~3uV`*Vam16>Nl#D~5eM~8_wS$Pc+M^1_vTU$?UC7rlauhIL~VhX$37CWstZ| z-icI*u?nyHlf*VDLQN6YRrm|>tjZ`8ho&4e{A5WB$&J_TVKzMW9e%LuS`BFjz}`Er z9Xqe>M@Csq$8TxwxUO2w6m_m?byX+RS zOF>;DO!Mx*Z52${eGs^x4*LCWgk#3`6^Eo_)N|(d3R@lQo$6z*0p+$ z#_A%8I|qo#hSMR=hbu>!d9c95-7(pIhyFc?LD@KSgirf6pVvCRrjQc83$$b&D0;o^ z5o?Yp!xK%?VqDVhJY0d{3-{_oq#UCze(n630amX?SMwv5cd0-xU)Pm0z4`#Uq*mVu zJc@=F#?LPLtFOZ=w<WZ=75hqo|BnojW$W*A^GWLxr>nv4B1Ox_eE^R`?xc{dL)RT z>6{1x-8?v%PuU5cY* z3-6O6Zc)KE%rNbVA=cfTn1j!M-OpmP)0wo(FCZFA@W1d(k+q)@ zcAZHefLpa)X*4F5i-iGn(MBU;n+&JCv=JqMB}M9x4r1a5>3v56+tRUbea&CBC>uy= z@}{Fbh{H#ZkdtDPgc@cLquGQh-!`xdbQa|Yguk$A-T-e$OKFl!)~gO+*q^xsqr<(M zD|rcc(dRV%zOB4x77I8BUqbf*?q-1e4FnvEn5hODnfm}}PPx)2ijWSbOS=n8sz5<5 z?Ql5gR~>Tw;jGHgRRK-%blU=QB6Mo)m}aXc>B>?T zWonHr%8!^AgQJ@aq+r=nllFz=f#(~#;o~Q`Iy%}a;>4Gy0V$CUXTKpC-_8M2gvqDl zbo;6Dl9Zs~?AnyE7o>G;R6ex8W9hM0$PNr;X9=Pac(K!dw!+Zw{ke8sRm4qR*d1i{ zyWyAr0GwQwbTcX#M$HoXJp~j^8U3P@a6KU;@oAHeZf3PFJjN9owq0PA4Xc%4{`KdP zt)R9JS zZs3rIwwhs5Yr@2#W5PDkRKynGUYClin<34Fg!>tnq*5^nd6^{82roEPyGMr_LJXs= z=y!~|s||ln`?J*)q3OU^GQGrMr0Dlc_WkEN2iki_3v$B_%|Z)tY9<$fC1AiWD3^99q5$pjJL3t z`OtIQAR{xVu&)o>;@>VY^U4`fTq&=Q)FI)TCJSnJzasKfDkO;u7zxf&Y*W~6RU3)F zM#w7(Gs?ToB|+qN8cSUMqKxeBq<+xipXOe!)F z3ba{Zq!}*9WF}!5lYx5d>R?F&N#t-gbt_2uC|!OEjpkTZ(c04S$VFt~51(k!-1^en zrJuvp%L;EM50^5i6e4Bf$}4=oyAo);(bJS6AY!G-o$_FP7jv7M;XeQ5==wDj+%?3!Wv)%`ogo}VvW%><2gX{$g1Q-=RY$^Ob7wZT zTMMGNAZMPgksBIG2%!mzCU8h5nh&2s3#B{|FsO6NG$(zV@|-wg#e9P0HCH#011#G_ zKP*p%%fYo$#2z|N@E*#Pc?;9NKC_15m{v)O7>@pQB0>qj5(H*Ql=sUNTJSptqrsoi zBiJY|rA?BRvydul0<=kqAbFV39=N@^_hfcllpPjk26P#+d!g?}d9jD57=^>c+JI;| z0dYKnQna~IA&wYohXtzi3Y<1tvrC)Y|3={k@ijqwNWbC%2#B#Fp49USA=I{r7Z?8O z+(cGs9%BIr**18uc9J9q?H$EM+#z+yaq&Ms$wImQpr-Ruz|tZ@=9Q)M+cgAxB7M3K zog10H9lal@HE}rwEzqL!q!>{$?u{dV|82u}<7i^Ai`LRzV_??fu0=zFi~Q(2uTH-S z{rSQ<{4R>UXl60_%kKy#Hqxj!0K`DFFJ1TbT3P_0>wnmR%3({DO8732v8g@I(x3jB zN>-0vCSzSH}PH(ux8`ent(#3M0~znGUNs zN#``EsOO88IFM1&u|K(yTJo_?yh7InF%GA5A{ zV!bT7)#a|2b@AbUM^m_ofvL8Hrqsg?egoJ&_s)*^=1G(Yi@32BE4BJl*i4)sJCM%R z5e*}7l^0qCFOzvoWum(ql+HB$sC?HE;r&BqxpXj({KID>Q!U{Wcgl*J6gE~4Z&paR z<-T1bz9`mNGy-S>rq#+YrEGa<-w{66Cd{JFYI=kM&?c8?*0eA^=8zrU1p%HYFhEn zUHl#U!^$5An(;iqiJyA&^1X$xCHTYW|AW{5xXGye1A(ItTy4Hwkg6v!GGs|Bs)M6d z*$n-k=N3B8)ic2oP$e>_~A|SV_Fs3psUxD^c26>AI1W}XqCKm2sV#+ zQzoemBEY-lvVYc7#4IjnU}k6TE8fxoGPaa`&x-esyXd9bvD{(&+_>EL`a)>nj(@A* zaI#&m)m^FL=WRC3j(XSa^jU@9ZX1-g5!MOlvq)(8xsgl2I%`M*bo>_rwhHCM&*B zDJZuOi%lI?tX(Q|7Eh;ApmA}!GPeL%pJP2FkjCFf3}$a6F>(dH3OyG@o-1(hP-)K$ z0s(XKJ=~R5rpYC6ygH3~ZKO`pKPD;8epePuj!H=?1s3a9<^`t(j`l&c>)e4h78MJu z1L!N3{Ti9EsnRI(0ZCIytYHt~(68P5O1!rH>YBNyDus5{aF2t^2?V~U18mf{`o=aF z$MYDCrHdzB8!C0KHnN7Yv{u}I6BikxzfR@iZFSr6rh}6$L|p2Kid1S?pmb(K&0)pg z>|5B8^HE#G8kLjjtE&YE?I2i3iK~CdZg+O!2K$-kz}wTr<dO1n4#>=3fI#n@ZigWC5xrL%vr*OwM`N|as{&LHMyJd5kJM<1 z8~DVUf*lAZ9KP!8xW#)Lg~;mk$&xz$%rz`y^c!NK-Die6C?K$iSl?6A;MbBLc#dpR zLfyjzEe^xLfC;46f>3=Vgx?<1LYj^rH18v-(@3%#|LhZ-kizxmBV|5!MvJ?FIO{K+ zw#BnrBxx-`*2z^zs-ljVq^Qwdtq{kM$6XN`xQWeUu=YXEW-DlaSjj%8}y69-vCIFvUrup#?aq z-tl(ZKdAn7ZTif%iA1>1`7wIMS*^QsBV7`? z3WLl7>~;1RFwXM!5QMb2Ru^W0TpNKYmAPQ=)C&Ui&2*%A=BTM z(tdJl&v%*N=lnddm);c;Ev6Cka`8z9ttn0x>1Anqm^_(7eo@PKt>exIbK0&S1uSnb zdF%j-DQuCcHDlKBSXsm-XqPQ`DQNcSu(Q9WRpv)A0_Z%e8Em4H_Ag(vCm-WF`5^C0 zqH9L)yOl-SnNmFUjZ;3$-s%=MFbq-J&7=TYA&&vYX5>*F0)@#!>9SS9p;^(kLL}hp zG@HD!6=c5R9TyE;W#)rqzPD&Iy9_+ENey%OwU)d# z`$VyDebli{U(vFD0Y*o&cuxT`8H$RT6Nna$$|QF%aV=>cgzD_rmltQF`jr#&!jh{G z<&%_Jq63h^j1T&Pur^`Hht}dPVD?|E3EO?-;p3IXga93Mv6n;08d1Cie|)>*K@2#e zFSM=4`Rkw`mj6n;GcAM4xOD;c3q{ODRwo*KH-DU6O<9%hl1N#_OF|bO;BE}#fhHU@ za#=SMA6EDqF;u=|6{pn}KW-Xj&El5VqJn}p)J^c!wuWw0K-z;@3Sj|x?3*msoi(!( zOY}S4$=(4}Yz-xtRNl+=8*^2@Tgt2zHe?Ou6R*AlriPrpvc=&a5y zoE9Qo*0&c&-GQV$L+i z^tXy-s-U6UHew@ON6dQM?{sNCN ze*d^t+y5vI()Z={GKfz&El*_Czm7)1EbXWCt3cK=84RSviOUt#F$psEg)BdXz@632 zOYxRYlCwDIqd_Zw@)*mO-~9nv{8gAl&}@OzgPPatl%(M{MzxRQ?Sd`Xgjf-Byyacf zu;{Wn+CBubk4iYTMg$@P?1`@; zb-RWeoMoY9e5?nynV6Og>UQ!k%SK!@$tKK*A1J_}DAKrR`%j>qB$VEJpT4l@Eh=dY zC)@f37LHLry-_^;k%0NB^)MZ1Cb7f%m|QdlwHo(4e*Y2qN5t z*nX0HV8N5hg+^1Ik--dQ?QIW1AxnCXqQe+N;iZK|=J1wYL}NNsacV~f?^Cy-jowey z?zT^D+|foYfJQlRMZIKAwSo#`1B8qougBPD(-w(23Syx^;TQ)D7^Fl^qC$X!p@B$n zV@0J5{iC2XBJqH|5K3X&$g|ZSEgiXlacPv0r*Vezxu`64u05Yy=bzYpOgKEC-YnuL ze$|q!sb9hT>fRtwqTrUp;NlIugP-*4ZNKMldhdF~cuiC(3hWF0YQ74QyvR?Ff z)vVGUlO4Bm&Koi2I!rMd2L`#hQt+e!C7C7fYW6GFkH$B$iHrzS$1`*!kBr;dBlIZ1 z8*$Uw50s~juH{q8(utVr<+LVU6Zz9v9Jjc<=R1}!CCAl8wR;g^+paRGeVlzesP=Kv zCt4ia!wrciLq+zvk7Fv3OB%{iq1NXtM^082})cK#GDJM8Kc$(AY`Wgo>$&cjP?O*Dpj z1u{1u_|xk85_PP{NSJLblv)E$=krkS58Wtz#gi<5p`GP=Yn(5$tpG2$RZbq)F)uPZ zquN!R;E&$^(@>i$$7V|NE@nx$fBd}q5)~o;6lgSi_#}Z6W#jkygs}4azE-Y*m-Y0aa-Iu3i~8)6cC}B;;OWS zj`2d+@Qoqavt*JsHYP!*%|Bd@2mQJ!?-Y9uGBnCnN!zaFEggsw|7Ed5;iD$*OgCb%tc!j}lYZ_b3?iRsZ{)DdF>v(yN z9E~yyn@oebi@FnQx`A=t={trzZY{@+F{?9p^wwY#R3XWWua8%&qn}VZ5x|-(Cm_ie z6z9*$+mg3AFtmqaRAF1eOkl8McyfUA-}&;?A&oWVAY%+nevyu%Xa*IyAE?C-P5*61 ziY62L-#O4iA&R8I!c~UlR_Keg*B{54f|S_YJGNvNoBZ1$GW>}CL1iPSzQ}>hAKWJ8 zud{v93LjAekG|dA!6+4n(-P;JNePAkZ`@?Dr8VxsC>JsEqbw6Qlp2XK0%E8FvPI;S z?N8`gjwr^T1k*&MI9PunPO^h&PS+l|w9rpbI5E>f(zfW$GW`Bm0FoM=5Njt<4}F9b zQ{{;{1qbog=X-xzfe$isj)jp{slFENoy=10w|oz~quGm9JddF|8;n(As3Q0}^dN#@ zqs$!v$t$?!{wD}C6b=DS*>}Yl6y7jxPAMu#ZLu;JfJK+way~jbhB9_$D;hf|+&DAi zh$7Tc8g0A;&DoxmHQENItT#;6{LS1i#W#;fTZHY>2+CBT(#F4p6QQ10Mk5up{;^2A zm`R99-N^GLNy6Vz7)~Qr$Za4@Ae4biO~WpG*KeZ>oQaW#92Vfy7qv(Fs&Bv-rk-Jy zul&T|G4&(^xjF?PZf>piy9Z$yUQ7M^BWXXa(zjlrHqAPbiSoDh8n|G=NPF4snH`DbhGkT-o@5+lR|W$+m2^n=p(9=@GHh z%I9nLdsIm82Xc#}CLaunsPxbjN_Osu2=RJuBB;KZli!0YwOQT+n;hl`9A8#8I0ioU zbdAM*-r^Un1?v(*=(&LzbvRbuU^7P{;g-5hTh6mM^p#HXKQxyfE8#dhYz2OJ1Hhc* z_|Em4dQi%&hQCTtm|NfnI<{rLoKZ<(MD2UNcpG-I@;ogE`%`%Zk46Xe0u^L_R+qvA zKup@wglS`=w*1fH72Ak1Ic6>GWmX0Znjoo!lTHIQ=K{v9PnA56R3jBDN#f_le6m|| z;f06F@*EeXTKC5?^Ns&LZI{~I9Ci3C#`vb=xiJksxYFFj)8;L*GgoPg>J?F30N6$` zCQuG)Uk%s=$2Bot;9hOFBxeI2KKEhxH~m;gp2Ar|9h4zo-M!`k&DP)Gm;WPZL+Lc4 z-ZWG5NE24;hU-3LcRqu)3I@;oRA4g?=z>L{NaG8`kPW*a-XcEpm|uWkKbTLKGm$&vVWw$R213r@!{Tq_d5WVi{mokS)B^ z%N+M}nEa-1>bvk*lObMi?q%8@>MC>VQNK|c@RUtxCcUS{EsEUyxu@^Tz)b96R1bse z=;v?ldGA$Qtf*Z#GK_TF=bDUotzWHgapsIb5UN_JtC#Qm8f=f#@2VaH+0#wPx#_M@ z{2KnRj`X>=;n2F5AS@ID7FNIAFW2OWW&Ma_9ObTf?e|}ZlC@*xeVl(9_uc0L*qSbi z+BRI`2;DiwLJI(gu}=nRAPfyG`C)H}&R^qe#4jhtvP{flJ6-4M2^v~pb_$CXX@s64 zjTg1#uqvAm*#ID$`0E(Dgm83i}TQ{~D1*WhdRg`QA)~3bQQ7f2k}@G7#1@ zGlg3I+RGqFZH8El0h|io(v55)N@TQz*}kH_=BFbS!f-5_&`?Zl`o=H!jXjt7r{%t7 zS?mK5!9mz_FaQqNL1<4Qf@_}^tP*xpN}UB?1=Q(A5P!Q@ANeu$Z5 zq?%@a9p%5eG!tQ2smrNQHoRB@nwVDnnWkB$nXMMo%r1#`ju}X-vb{tQ)1nf_6v(_a z)JQJCR`aKv#VR?oPcN&))i+01731uREb@jnix1J`)JoAlM!J{Wvr#<`TZG9mVKk-q zLMDO^7ZN7IMCeQBoUe)nd+`yCvC)+KUUn^dpK+RW6A2pyeG-j7t3*@PgIBcZ_z8R3 z;)QNy$o{f7Jc#F$t!g!6Mo3(_%cc#GEEqZdJKFLOUxT=Z0mlgAHC^fpuvT~`&qCs z(Eh73gyeltm(t!iy|J`MhHu6Upraq=HZYiq8rH!!bpDF!c;8QSM2b`#1gGxvA4a!mWjA-RSo+~;gG zZhkdk!~ACZl6tnPO)5h(mM4H1_GtMvQr7VWM*y1_uTX)Ctv zYwtm)KiWP?)98**-VxIw*^VQP8%93FFRpUgkzB6|%X2eAx|%Y)9A?R~%(JqIXr)sS zl4J|36ztvf0GWj8RcTomH+k5Cdf3E*cZJv@agj`2^iVVaH{|Ttj6U7|#pvOivO1k; z0V)wL+&+8i?LyOzvR6Bs(=oyiWfDKx>%gZs+- z^+VEai-lbJB4t;T4;zV%*oqGL+tZfw0DWxt%Ug&Zsj_GO3leH$URit_&dTQ6LzRYw zY|DzOIBG7MYv)E*<094{)r0U~a}QA@iK=4spK_7iq__I)CFzJ#@kFw%tTjd6*;+7{ za=}h(V&xFOnMn!*@LHUm@(r9`GONE49pqGmkFVry&jZyqV!VhYC)t7pFZU@yiZwwK zkpEj78d5$p68fBrgYKpNK9x{t5PYd*BO!TAGKtf$J!l8>O+oHaZ;3e8sG1R~!yy=Z z1$d;jz)uDj(*Kh7qIWH23y((+{;1>YU~nObMoD-EZC~nckW<15l^-vil4J}a=M?T& zWyI-PoHKghB!A%KQkG5Q;TSQo-OjCov;M>MhEd-WytClOi68fS1fJZmnj{fzOChB- zA4T~A&AD6{7f3{zM0oxN=gaSwV)SJft(%5)5OmcK$S7jSDn7((O$3lV3BGTc_A?hNTy|2D(Luud#^d z0?NW`3532xj4C-_a}5Qoz(0`Y$ZI4+`jW=k(kctt^KjJ}0>~4ULybNWzcP1JB4fES z!V+!dB6_8G@IO%hTLlGAZi~*;FxNvITzFzilrKkHWZdd?22^&gu65@g2so~2-{0q> z8UD6F683`d?li9HNHz5R>f4W2S?D;=!)C}`eh%?(fyzrUpp5GM(n&5vi;!)hf>&Ub zDeOfIUNgAR(4cZqaVYDY;V3)!HO?1F>UH1unQNT0o`;4qr{rC0f#BBM=MUf;7*&&Q zmcq!k1f|6H{6+RB4{ajGW%KRF5n*P_``M)7C(ek}AE#z|sFHIdvnixv6B&&ej!T;@ z|AA&aq)_OXSU=LOP<*M?c0scH-UUY6u^?Uwa*JJn;;{$_+Og;$e*JY^5)Q?_Pjg59 zF3pZIo7*`W8^arX?Bv+0GznCLSo<<}pu3f>q4Vk8SY%2YoERv8pD}}KaijKeEvab@ zTTK>6Cz!Dv=)C4=>};&a=wa0h)t>u=6lqK)(ryR_tD1Nt>$25abOW)eMT1>S{ zRRGQy63wu=ejQO7ub#YVv_l02_rChh&n4QtA*5Q!Ft^i@%V^#7GljKjK^MJ{v6x|q za+!SOOn+vBY0lkyw;<0BUE6%HX3d#NJ`dd-H_CbX#;_cYQdfK(c(Vc77q@J(j%F+! zm)R5v5UCS%Cl=C1tKWk9p^XeESCr?8d+;|X>ij&oj{qA?WM#L@vGQ;nz-d=~$PP=RtQJjLilL*jrd zh-}plF8W!&(c#7x5fuLk`MrtnoqtsXYlUxyOtB(>L8cvNS{b4u+ed;u9rJY?Zx-GG zRcmS{$zdYRuNblH75fQ#<8{D-6Xe zWWx=YA&9&EnYE&T5@|)}ic70K6u#nKnS)eufbns#D~g=;9qSid-OoULpj-dk$$kY| zP@OAi8=T^DXUXU$4tYz2ENIZO>RzUijJO7D-oX zp5*l1UPOIST>0uF_m5_XU023#qI3Xyqyr;B?RtmX;Rw}x56gGoR}?% zYMBr^4Kbk6l8*F`y;w|ExRmZq1}7kjbqY(gLq~s+SjpOSn8q=T@jnH6mV8Q_S7Iq) z5O1aJmve+g2$#<~RgsAP)!CTMNlGiTE35jq8XL6u;tIx&265`U3 zQZmC2@-3B~S>fq(Bj4}K*6d^PNTM=k+o*NQPVrPAb*{KgZ z2CicstU5Jta=#xDI%h*t-JUs)@#>xoekHh7wRzC(GvbxmVM3jG+Cs}chNe4~iL@K@ zDiHVa{Lj{NfP)vZ0TJ0#6HYh>2oxu@b*;P4dHhp~3{S0(EXI6?AYfkDIqq5@vGN@- zcH;b(e`wUDGCq0}jycsb2H=*Y`EZ%Uolom(K#$|vy@d(!2iXvKwxz>`XLhLZQ3Ft&2%@Ne9T zAGB`WeOchTO2iUpaR{!T9%#Mgq`tKrm-~-fMIw3G`jZOx-`ajwp(XCCJSmPBlAlY9 z+M?u!PBTJL6di{G(m9RuX!%l@1w1vg63Yu4lv4@lS;@7mmTUdSCsM=fq=o6EJj_d& z==H6~*g$-7@AKb)t(n$H8PXjLKDBYbV^xokbMvTStBku*#B+)Y)?`fv4L`>Pilbkx zI7>9=le{kj-UGha7p|Cj&A&59w6)<~#&Uf_0BXUY$c^@Kl$SLG{dgGW(Eqb3 G^Zx_ixl0oO literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-regular.svg b/2.5/assets/fonts/source-sans-pro-v21-latin-regular.svg new file mode 100644 index 000000000..23df74af9 --- /dev/null +++ b/2.5/assets/fonts/source-sans-pro-v21-latin-regular.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-regular.ttf b/2.5/assets/fonts/source-sans-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..16649b9dc6af65a34882e3db42793d440f1b43db GIT binary patch literal 29856 zcmeIbd0<<`)i*qIC0pKYS(0VRlB~tn;zg1rOY**NiS5|2ojoyGoDH%OlCTD72@t~4 zlmboJw-zW+ww9%|g|dXTY;A#3mH=&fNcuBld_JIUy~9JJpYK2X0%L~f8FRGsj?U@0 zE^Q5ZWc-3L)#jnmKxk3^mYdLi585wXv3}X6=6N??hVP#{|7RzC* z`LZ=DmrazMYkLRx?Pwoe13=b}^tVy}3Z-n#`YosIUsth$v78`d>P_o5u2>da<@hD) z#lY9Fe%UFTcrE)3ZQn$(Z& z16|)*6^NqmA2T+pp2k-dlL(4~`eD}MkXQ!b5x|;oayGyQ@wo^mXDe}XwvMgG=T^22 zpQo_X&{`#B^4%;AgYS}PHTsn+A7>%%B9hWnDz!?I)VSwCQHhc8(caZD#M+oWE=wQD z=`=&GwKIMl-RJuytPZn_)=6%Y`58+cDFrjZ?JdSx7hD+I33@0e9u|vG{j|D22MK* zvIf?U882g}v+LQT>?O939RjWq>ERSyI(xC*B5;N5_5TLfAY<~cQ62_fCT~O8ic-ti zk$2-w@v6Az-TZg+_R&1qzMcCv?t6aU+I>ITH)~(hJ3n~mgm;dAd*9oyO0=#s(O?zI zCX`b!L&koN@+!(I!LDMzWPfIVV`s1{*&Xaoc0c<&yOjNieV5(K zzQ-vb)$9>~=8yZgwBLhkXfZzR&*3_Om~+zp$UN2e_I&1a9BV z{sjy_=V|PH_BnX=YtF&F2ia|0gZ0?Qe#kz;iX37;V56*u^|C%T1GDO9|A2(eVnb}0 z&1NHPjBS8qtzxU$8n%`l&rV>UK;AZD-Y2rn>?FwC7Rcjzb~U>OD|0Qoj@=+;SjDP< zV+SaF2{ZegSMYW|$k+07_@(@D{%1)qMWk)gHPXA%VO5bTq*|x?f$DzM^J=v^re3N3 zzWQ19hiP-uPDwi_?UJ-x(jHIyG~JlqnZ7Okw)Cep8cmgEmgacP&6*cAa)v&`o>7%i zm(i6moUu6LoQ&^eT$OQ4#(f!&WIUJgTE_bsA7}h4Q9I1z9VzPRx2C>y51aS%{Z#D zv(L=lmHk{!NzT%obvdWx?8w=jb9K(GIseFY=XT_tntNZKDz7Q;`n)Ie-po(W@5*13 ze^ve)`Tr>BD>%R4&Vok^J}5X`@TFGLW@%m8N^Mv>L%T-1MSHe(xAt!B%Y~VR?S-=o zmlU2+cxB;_3hym^xbUgM*9-qz_^FQTa&;zMxz4Za(hcj5*X__7Z7w>!Xh+e-MOPF(T=YWGKa5qzKI6&8yNpj2=NI=C zFE2i$_|oFLiyta}toXU&-xa@AyubM4;?GUolx5PHET(dk-xM{qn6{X%H$7v{GWVNz zn(s4zSyEflS<+uJS~5|xwdA~#@0Z+O@?go!B}Xh77Mmq(8MLghTxhwP&pw%Nr7P&TP=A3S44&JTFmKL0%tA)YU0%(%1wWPr%bz1*=We^H5`u<}Elk zL9YaGp2Su_n%Cm{7S#PHYa!)+$oXbSegKl(gHcBDeJdaG#Pcnv%>st?fZFZFseG}UfLpP#S?m}5 zS*Gsl85m>Nt~hn`I<{-|=9MR~ZR?h8*}%+Lb5;AoZaZt}92o->_pPif0a3GTR>%y@!eDjLD-AN3#k8!1IT_hr1tzgfR)EnQDKHMJ zpU+H~#Z)^6KO~P8vr^`s*syUu&-f;vt2QrN!Q$WKbKTn2%h>1N=yT(Wb?h)atjW&} zTi0)92fxYZCNyIEzsaXqBls||Z(Mxh12uRhw3AVYGaTMd2EUAt!NL^5LY|FPFHE#2 zzp0Gnb2EFKJ;9!2d)ZU$Y4!|zmOaOwXTM=Dz${X!$aGh5eTOj{P1U&TH&-_6Lmc7U=pTd}(-_iTQpPK1-JHUveh< z)96>?8*!6K7qbOe0VctRlm^&Bsgc!6t8vX|3;9R5uEqC@P}iXBW2I6juKNLh4dr~4 zJ-8oDT8^jXI2{O_y^WeBAV#f+jwF`)!e=$;S7E16l0pNRP6Q&x`eW=X@G zxSFI~*33U-Rk+4bYT^5~qXd#y)lbq;Q2!*a5LrsmmK`|yuGn*?fNETHcbE$G!tICUF5o<#0LM4>A zCch`IO@Px{JEaq_KT*Kb5%8b()!8Vop=?1}j^J{&SUeT@fIR- zUCfpsu6qU+=qK=xRB_A=tT)rkD=hOQ-zyM}#;=p2NN=N9-rCqpk&?0+g^yzPi1Z-A^^z|KNsdN%tOEXL1a zH$LJLS8+8W!tcZ5(7_rR;H?;8M@;ZON}%J?xrS%(OrFKFc@EFzdDtadmJg4{#%_mY zya|5Gjgb8`tknaEM1Lmi>aP$_-o}0mALd@fdylj8;ZtVA=CvRLFwU03o*jq1cL4s< zd2A=UknKWN#l_Nj0oU?EuH$-c;6>cXi@AxLc?q|0E4T4dZs!i}|#dt>=MPI@dn<=n|L#C;jO$4F>43!MwdLjN*KAQ5ZdjW@s9NjaBCwydb<;^1gq{L~- zi<%&ZoJ7$R*w7)FdD^laNpX5}JgB6OiyEq&Cqz zmblg>TGUOpXiq@elaNqMfrMfTBoqwRQ*T^5vQFBxY{g1tDggC#_w>L+W7yea&?ZVe z)FR@ckcfxeiFk;7V~Sal-nUYhgwL$h75`bOBlUX1%FT$QzWxa`iifF&CW5DI`%#JB z+^4-moeph5UM$k8Op-tg6!fFgZnSa&W|lvdUy-ko56W-JkH{a$Z=-gze22V8zFyuY zzb8{>_ZuAYe)(n0;|q8~O#TezSE-$V^JDq2{Ac-KD)gJw<$d3z)l?gd@;XNUN=6nL zV}2$7aq6B@11(4A6OU>lzazhb-e1Tc;`1|HVI8Lq@Z>%D0LJ-f3ii!vgzuXl@;j4l zb5Wy0>pFSJKcjibU!dGB|6YC?6ukp#@06b-i>@5<-em3ASNSIdPvCe&-YXxHe=ENz zpCO?CkoSx0`}Fzm5BUbM-dJ-w6kdVH7c1ZKNwQ3F3}crgFDoIU+yls!>{i%33Elw3 zVJ28NitF__b+DlZv?#)v23u-`9V*6|iB=}uG2_gJZ7sol3(jI#Qaf-saGD|0PTVQS z$%Xe}hyPK5yOlWY@I$IluNFBLKRgl(e3AhCl^UGspe2Mo62_^Ahf<5ZOPL`D;>$*i zOwS68@JMEZsu7&o@JAM5^u@5p68w%;z`q*agd}n_S;BWP!#eMT6~6?hR&c=zE?f@l z|9zY`WQu4bEI-eXm9RI-I%iOm0B?`*G%DPFH|Gw3jK0&%l`u z?ogqF;&&=a+&a1Ev#th=<(!?(Fk&^<=m71J|4$A`DP)k&kK_-bQ4VAGdm462f z@u~a?K0ieHZ|i|1wZQxZ zZ;|gto5S+W|JC5~0fF<-R6B6vpco;A&ougfeFz%CRXV`sr^M$g@|XCUE?~5Rf1z6P z0Pp`M=J*w8eLtZyNGoC9(~nfCBbvn;q2<&eXx=|Xsi20&7KhNdpaOKI%nRRl%Nw8p z-$RYCDwrV!sJ}DSQvMv@UqCqqA7nhE#NMEtac}B<`6>Asz{sAZ^uo+cfGRW;;vP6Z zX;VzVq(d=5Z$N9)jNrB7AStD5@_@X4CHO|zNsftURNjR|ixof*x<~S(tO)ISu?k5X z7=>(I3T=~jLm+1aNX1c7`>ujEDVfPZpzB{J zN);(j(0o|zMaXob4@pL5Qa;f3pUFFP6@6fx2nT&84|t^yKsS;v_IH9|ci>7o2zuv3 z@;Avh0@f(Fuh^b{vMj=##7~|n>^SxPoBRnrmEFMP*T{C@yV#kDopOLY$Eib5n>EFQ zBu=FT=@jHSlKXSA8+7<1;PpQy0iu!^>oel5@aKeF$zKZXI=v~A$?NhEaQa=LA(VCb z7*Zu9N$42RFu5oHiW$OJROW@N;M=qTh~^Y7CuKl^K_(7CCKc^NJLb>8P1i2~dmSE_ zO4wg94*@?!cLc46;E{ao__}NW-xmpf3mur~f^|$DQyeFVpbxS!9g6Qil&_Y5DL;YQ zYx19f^=+}gUY7rYJ^76MM{tYy@Cx(O3^1$D1iivSC?m;uTSaJU27T}v+NO9$@?VMf zV%3CA5^Ex~z0w!=K25A6(U{Qg$*X7s{rvR|_70Dh>w)=nm3O_P=D4H|*4YV9(Q>O0xhnfW6I8FGn+2AC{ zw-WfOR-6UMXSv`ryRmZ%@h-&xbnq<1(q4Gl>)^A~6W7aCRc!cQ>+%ynlt{lo$nxu=qQz?e@nm~aSqh@3Gk)@)ilIfs?W?m^M zWg?=W=igMkurQg3J1mG6Z1CABYDu2H$q~_c@}P)j>ZF*4PB`Z{RMSpnZ2F|=g-(iP zrl3@#s8Bg=^MG;`W;GdhtX^8#SVJvzMUmzmD zVj-RBLOSz=bXtXUT7-03gmlugNs>ckX411r#x$>{&&5d4b#zSM-(yQng>))ZTNmHwF{T!D5Zu$9S-|1IifDTGp z*r|KKbO3lLMmXA&QLHxI5gHUaPiV)fzEn$MOlZm!p9Po|zmBweicLc&+8<<(XqV9Y zbmBn!Y0=>1+{KI({E3!-R(y1_xd{lYGWwG(!AN2@G-4Jj7W2c*|9?8*lPVM>$4k;E z=pZ|{AJ!y=OK1l@D_S9n5Nm`e3g>i=CD9$@IwdVf-xQR#SH)^6b7+>@zfcKdb&?(UPDDJ|?vgIA6j}As-=eBzI);Itfo$fAk~ig~W+b z_RDW2TO9i;JV|cQcmC}MW+--<{3nbu zN%7a3XFvo0-{b!j2P9!7$={%NUsRBYd}uMsbdrbRg!Q7Qs|CnP_P}lp;&dSsIRWT; zJjbj>-tiRN`xVZZur9w8mUz1FQ#Ludr0-LXQOv-q#TbRK{iH3)l6qi;5iJONN}b4- zdJ?4=w2>XQzy_DX){@muo>Sfy^-3O7eh<|slS^lzxJ{OS>Qu(2PjBK>MxKIGbd>a- zN-@52D8AQ!M}9T1=42@}@D)gxD;k5|!J$HTGvHxSQSz#kg`tC@6{V2xmg@UB6W*5> z7)nv-4I=XFC=*VnG8$nfytLcMgUiL(Sy%;H?_8{c4LxXHX;=+A`cQs5L+DVFfHJhB zEH}wPBk)spS_5CW8Tec9L{=l-Ld=JZ^Z*-4i3Zu~MZmKdrwY%`m!eMZ1Li?))}y`w zCuOZq!6+m>dBB?RO(0bykB^GCo@lj@RY^VMKYtBIygFT!HptXBKd2u)3m}hE8HfDE z)D=js48;xfUc7RUjaLd$O1d#A0|jChlXKy((_B<*_yM#h$xg(7(1>IWX+jBuY{W86=mN-Q2>_ho?$?r#9 z8|B+5gNAa;(e_Gy4AJ|mN41~!RsQ+3um8<2u*dI$>(icWO`=GNo)g&uVUy|pWSnlI zEIAH(EAA3JQ~3ejo46P6Q7BO#MMNYIbST%UxQM<}DTRC%BKFW@ml?3fima;c<7`khfT(ditd_<0m)yY zQyF;*t^z$t%}4q}iNh4_G&SOXT_deS@sq-R+DWw6=sgoEbeFUY6(!dCuQ4WDIKjCz z@zhH#o^)~Xq)Uahxea&j#hE5nh$0`3*o)RdFXi#C_(%LtD6jD6`Hg%BKOS#}_&L3y z`8wX}xf^f0oPzgXIMzx7t~d~{oq~5`cH+I9U3d%TBD{HW3HuJ-1iBZ0A+aBSyFq(= zC+2biR%aK=h1ee#;d(K=9~HX*lD7+GH@;=D^HJLgkLvsffirj?mM{iAuuk3ty%%?JAtA`yMu{#htcK$=DZW1G$MW5jq+D` zZP^(4Kw{*BxO)&I-w3?>G4gw8c?cuFht>zt`en>}Co+^5px-W(iv+IyxO+(8qPt1j zl6PsO!?^o}pgc*@XJT$NFS<+pKAWUf!Fm{XJ`-4zyxETyhXnl>V*gRAi}C#u8y~*oa2De*kNKDaN=Ag?Q8i9yNhSO=!6cYq=a!w*v9@1ZzXf6_7~sW+-A= zfXBxX=`!@n#7?38!opgIw%pB2e}Fh5uN zWND$jK%H-Yua7U3b|2aF^wX59SqLm;z@mi)fL;k}!=a)g zgFanj5SMh9DjbSNYTYgu?kJUok9V%DuL(5vw{Dtw=CZMwgM%wK&lz7bceAwH-qTPs zl&{X7)zvn)f}h$Dst+Fdq_v~D9$c-JKaonLtHBwT=5)Iwwb3ZXGHTpzmoq)xpf4)I z05M~FIv*MNR{y|`(Wb?gYI8?L%aU+tQA=QEso%3aXZD^Gj^8secU-Of$3(q*?T+oG{{B87v z2ZVJoI1FKf3!e-5Y4JaN@ddAucK5u{`%!PAD=IREqtTd-W>p)Fxil)5%Hx7SY8OtNnPbdR=NNL%SUD?0rLH|Ac1EpQ zrNMYNI=h|t$Hy`6wN)onULL=Lk6m7QLRI|x37V@h0&;saf-wvU1Raxj=l-o1Xolu~ z)T>q#wuzmg6KeS=a9wkL&6?Uc>3ovll~`GN^D$M1X}_dy=RS# zp4r!T=4j)*;PLb4A0M2bGj`?LwcnpT`}=FxUO6_S^VE^kF1h5ikyAUtP{Gw~P?!yE zLNqG-5c_Uw<2^icL(6&V)-9hqI&bc{w7YCh-|C6@SG=#ir#B|(TO^$X`f?G+u<~j2 zV8?mbCUE#2oCHLmn*K)Er1UQm65o&NYq0UAK&1d-8_Ck&(d-(r(x6 zu7M@m_Q#xMS?2C*yHcq&zZ8Q9_PDjYR#NAvLoydt)HI!F32Ay6@o-eneBN!U0t}csO z9ko@ZK6AFWpt`-Lc1{R%SU}8Im=z)hNKC|GaB1J$%lGY-X7=0#5+4rXc_f&S621-hFgx$iJq~Re=ELyXp!5!Xo#N^KWpt7QQ*NLselI_ zd{~vT4^*$bvS4jtiB4T;(XO5I66EvRhLsKY$Crzp3~ozMLGUJ~_nX>D*g=YY(5P;_ zaBg>|K2x1toV{pZQBHA=Iip=~BwWcs*8Sq~fIX)7>4phP`m1 zdxjhT;#)y0v<5$nG2!8cb*iv2v1wyr73@!9EKU9+_by(LYs^>Y8FJ>$zweR7OLI#K z)OqHd(dfd-+?yj1j_-X_yU9Jh@;_L1}?n z>&zdU_hg)3`cPReVtm+M?sLwtt27-Wl4Hnw-15fbdYXnByGz?#_SPJSH6%U# z*nF$!yc0*awREpuIK0AXmn{$ij;Dm5@VhW8$n3GLY|_XUwykMuKcOYqZK^N?tX18f z(N1SWQJG^nr)l%>$mS-eF{&#L%&8k)ZPmxD5G*_c0q#E}XP|IQm~anlS%Ouu$fP;{ ze9?x+WwDADyLuFSvJ9Bono8?!o>q5H&bg-!oz!A8k3M{)uHNG7?u=WEfzi5oD=-Gp z|19XIzh_IG0l6fONtLB?2u5*Z`|&NU6R{;LxfFjeZC;P7vBX+B^c+{W)`w^3G;ban z-rRD=np{)n;9`R|s<(0X%)udW2{9FKm42uAVy;LGYp?hsE~kO)zjkRyNB0b4ML}VS zrEB$Sep5@@;LLfMn%120!Or*+Skh|Q&JTjl8e}U5C*=pTCoxhk0ws_o94V(q2vHaV zk(N>^-jpyGx`by1B`w-~wqTRnQD}1NianvR8hu&rZ4+8!a5&^~<`$OMjL(_Vv|*s4 zxv8?UsX5v+77mQ%ISS0h{rkFFOY4i&*Rds-urrlv@wHNLai?KG>^x(b8G55A0mFRx*R6$_M>? zSl(C;A)IgomMw`t&wX7j?(+Ec^oDOYl-PaJ{gNBcm5|Ti+A{z}T<&4_3h2oS6fbxx zYzlV#z^}+FHiynA_^g4P7pGBB(ebR5d z&F>q@%T#ML*%?JS^$}^+k;`;i&Rf*Lg?v?CB$ z`#@z~YrcC{RsW2UDu1+Vq$&{Y;`@7Cfto5`ZF186@#|^sxForUF%<44#()-?hbIyqYTiNgqSe5HNQ*~g)RjsY7npy`3TU%z$O6=XH z%_GB`o4Qtyj;&cUHoBVj?uZ=b{{mj2eTQGA@5f7|6G|V~Z4Ic?QEY+(J4w9k=NZf@_p|}(;*N(e<_O8lc z&=D?ic2q1Fs-9)>nxb}pr7c+E>ZiVFP`DGZSXii>Njd&-R&(D#R`)sQI4W{&IR*Ma&cZ&P+mg0( zXJ`Cybxo$aMMJs8eqee5e+LO^6PU>5AmvV8E!nMogMFiwL3g8*7SlP9vup{kjlb5_ z;;Do^G!J-#z=3_op8}4r`5O=4HD__QFMP^=xS3`Fk-8uK zzLCFi-T7mE8F?CYMnPu(@Ia7DiMiJr{-OhB`+t>S-ynBgBcrPRzk&DB+2 z-tCHig)xy2<#%ID@;73h6n{fwobosFuKV7C_Uz(Zb#_s9^%3#;otx{BV@(+cR;n`k&yEUkEE2d zKk)(l!9+$CKe@9ienBVnrikZNE1)+iW39p8TS3Pi1D-t%-ZR-gcN%=gBs_l_ym}I@ zn+D%B2{#ZNG$1FZN`o(zMplw*AXVucv?t?ZN5rM!&gMJRk@($wKEEpd!GQzZ9>3^? z75tQKeBgvQauXtOe&i9FMXhY3=pUm{o=k(k>zXHKC!%jLYs!4ntewY%XHSFEtd;h; z)8I5a1+G)z@)2PDxxi1kLEy(K32o>(%~VvHFP^C=47qtX`{IVm})eF|GWylAPvr__nSZ%to|zuWFa z*t(`yr!C<2@WA}zA47H_=D2RlkmJ0_&w5Hlkmc6@Q)|qdV)jd8W8<{2#Z>YzlCj8 ztkKc2RKnBJr}*&Xc2L#?0_suXt5{gLna?zjeCPWGm0oY3)!|$kjrQbQM`{)-Dx+*`f|l znJ!{6iFj;Z|L_<%=9g_0En!CVltqKTH^uH2a6}=3!}bJ+p$(4#&*CX?!C|F+&NMi2 zQh^sLaPh|PPX&I(N6sK08SnX#PNH>HpjpCmeiu-qz^y=Y1oQ(y^TZk{(84nSATJkx z#k!wt31kcIIxMRhm=(XCR@x`#lgB-i^Eo6&gsu>hq}Uva!cyT`30ooHf)=HH&NMjT zSK#y)!byG|5>zViLSb7};QL?sA$|llhJNRT#q>rUDWi1Nzfo5)+8G{I(OJe<%j;1;6g@}_DLC0;ItPMxR3?l7ao|v4|@R_%))Pt z(YOLGWJiG)5*!*d0@?ht^akuL@Whlf8(A=sc+jOhS%6;AK%U6MpR#@DxZB)aop5A2 zoSidv)vaibEopG~nsV#h7Z;yZ+vG0mv0qaBt)_wKvbRJ1z76y9EV)&-#qpQx*Y|?yudJrg>G2g8QS=Y7zp=Zfyj3N|XfG+t+>_HebE#q=;R@aUl&P4QMoYnl3X$hFr zIEW%6gPGc{ZL(w&MvQJig=;isUYt^bLhu2=5RrVxWm?crJ%z zlt+mvMg5oByy{M?qr9rJaZ#we!KpX8yQ`bKsyfT<^Zm9!{-Cbj<7_D@at?aS$M5Zr zI$JHl1ukb$l1dtEw)RSEW%S51fssg6SJdbmEJG%|uc5N5t|WAv$G5Dm?c`dcJ)gu|? zbMCzUhFfpF;rcr}&bsKL(@($XqO%|)LoksKNN0*{6QwL8G+S)dp-Z<^wVPXabn#as z8ODMmd&v+}R+vA5aS<7YBT1#3ObsJ#LW$e3!MpUlo~CARmnGm`)Usez=hgvpo#~;P zrQh8ej`dXA167gLbDB;+e@If(6GSuS@+;tkHB8yRly#0wKCYP>BKZvV;J_+-g>_b4 z!%WYDfvzEEW7ykittwwwH@dE^wqdyLxSW_PYV)^6-1YWWd(;t#mRW0E)pG_LX6n_s zqaAf4^cTa(mhj(W_L-D1h|z|RLEJRDh$F&@3ogT&r`24YW6lf5-{soH^X46X$lPbb z?*ztc?~d|4@hu&96JJc2!>@tIe$*VGM>HNC9*z)W6sI=*gMkT$*E&$wID2M`16gJR zZ~dp%=(oleM4OlAL>*B}^-yQWOuf#+!@a-E$*Y{--MuVCT0V$To)N1K|9}Iv@^rG+ ztxD1GiD$>kfE3yAw9-CXMsIVVt+BRcqM>_ZYi)mtUsq?Vo*9sA!=BL+dk?`m;i&t+A*~3e;c2`5Bs?pb#R@WUI^1H)BIn~3ViuRfUwW%*u zGt;+prlT>CuP&%+t_;ko=4-5Nu0Tg!z#VeM_qNvfYTbpVo~lSUan=h;A5C%=T7eW% z(sq)q#P?_{HE}1D!`8+|dv9q*U$eh`et6LA*T-y>Nwy7pN5Io?>qLF`2L8*I8Q$t8 z%Lb2p?y=MwEw!hta#snKcI{jZKGWzijQ+kD9lIHxjbe9>+RZ$7V)Nz+Dvf=8jVL*H zUvus4w_khB-Cbwx+I8A#yLO#Lk_bUzUtpEsgHP_}Teenpm|G>Y*vQ|eR?xU&zW;e2 zS1#SrUEkvEE(umFYF;qWv1KOq@jX-f*dLzU$M8)O`&de6XA55iISc#_?wQCvd`nBd zOJa}UK1jg#X3Y9k%sQQ&1CdhX>!Gj7*DdMg11<5F_{DWSUR|nu0R!<(!EkOKVZ^g& zJWnT#=j9N_cI3q$#NTZoB7Vh$^{{ zQ*4fCZL!;}O4mDV{Ek3n(|nu9RA0f(CKEkg!|$uz#eR)7rrwaU2zfS>t1{Q^7s-8RK`kP4$)BTx_-ls+#73B8<$}VPrRcPl71AnkWJsIQeGabmJE$2!2fxE^lPN zW~bxV;Q&AKD7BO~^38aA*UhdMEw4|^sT%JT|AF5Rsbw)w1Sv7&&vx!C+qSLas+Oy4 zS6>UdqiFG7vPH}jGa44Swrz7=&|$guYTH#UzzrPyWVCSOSFebQ8}UmQL>+qavjzMn z0l$gh!02OtL|%}7$&tk(VS{h~A6t<{6QPd8YIx**c^0_>xu`-r}n*Jv}YqhWh%3yH~!oW5?SQ#mBw1dGlMx zp^sZ0W^X0>(ApyWg5`h~Um)6t(ev&^>*9&GckFlzea7WATq`{Revt=^XRKkv_OgZO2zpd~y%Hdq&^sPT`5 zYr>i8%-Udh%wJQHq>Sf+G8#9LrlakkJm)2Cf!Dc2Mv(Ys5bOgDu2QqFB(215$A`~c z)l{EZ77CSR);H}@h6&bU7z`$cAyUE?L5ej*q|kh`M?D?FOPvl8?hQ~IT$AD*gw+Q_q&j#5fLtc4CeRibx8 z1AbNQxp?Hr`~0OiJsoP`H}f@!Y4PMm=b@bt3sWF%)OdDz>zC!P%B;y;oxiNk)5~wR zj(h#4bte@2z2nxoq*JTqN8vr+fgEs`SSykbC553T&Iv&S%Z!Q(hwO!#7EQ@dtMmwf zXi@zVLXd-z1*IWVgV$T_ZS86G)|BUK2m1p<7H@IXQBm$~?QQi2+<67Q89(y0^p;vn zJuN+@7Dt=gQC)2D(a%iVd@cT}Hba5eTszBYjOfkf<`O_FTKs{gB0xPYW&CPKrQKSX z=XN-&a4n#}dhp42bG&H-?qdFF#HFO?8P@VM#%}N1+|jzeyJ}e4cf`&^{-ymxOMLMW zio9y%Po)R&tEM_+m$1>(ob+I^1<53G{_>>6n_^^Q#4|?hT#{bWtCQ?V+5x_$ee1$- zc;VLeMPso`?=#0b+oSeikojj0YC9G|cfkiamNme`Cj>Nmo%!zcFmYZ`icXKG(>7rD>$QHr z%V(}EG+KCTXhB2c{7`6qW5a?_xpzh&FvI7gPjB;c*0RFV^wFN4RnGiEtb~ehkd{g} zLvz4~(;;r7H?R=07>!{(Jf#c+UZwH4jD}S!xN73E83Bvh;_r)T)H4Dz)Ed44Iz5Vq zZP6{WW^IW-d%@br9$R|>$!J(!sj^7tu{L@dq`WOdtE31atd&Oz$Cb4!!eC)dI(f&K zCl-%#ZbGKXD#C}4DPA-!DgWN`>&H8`UNN@vd&4b@{oaN&$<*cucb9~EtIWP!DLdw| zjoF)ht*0;Q+&-;(X5ob~5aXkjV$(m==d+JNQSB+f1W#vs2*e3be21a;8LP@dHHYQAC}M) z$Z!n$NtCdLW&u4ZiVKX>;l@JK@Vvq~i;WTExy6y<*;F@0ig%doI|_F^Uw>J{12`Hk ztAGCa=Xu&?Wa+wL*XSLObc&MkeICD%9aL#ynV!J77Xsqt7xFfh6_6(r5Enm-w+hJK z1f&9OhDEQZ2triD6C320{^wZ#!OoG9PAcwT(CrBZbJk5P$4ikD>%v2`W(^L`nniE; z;OQbe$j_S=8{9F+QKhftwH4{Q{P<}Yl5)@ZJ;zHavk+FyNUGn5cr9$GT{P}>nJTny zW2d*V*WF(6!}5{URqiTBvCCP})>7WxS4mcsC~pNO_jGM10(;sQDeh!K&HXgcZ>%f~ zmD>Gn^`SbCy~wNem|MJ|nQogSJd#uCaFmpmIh`(_*Jg2+=$%$qEaVL4Wz=}0P%0AT z5cn`=m_|jB2F=&m<@s;iquIr9_NwwayrAeS4b;^Ioc=tuw#F4`|4{4J znQf)THs@0wOR+_lZLcxYZ@PIB^ay?(I~tFrE1q+LVaq*bMqiP-ro7Z!>#Ww6fLT?o z>dII{o3pX3XJk3gcUB9Y#UE3+)$i+xxf@-?KH^xrd=J};-)a7uzxRX6>gvjBx5MEc zYCe0;*jdd*4QF#$=WO(; z#NP#)_=}f$6f00fIz3jXDX=+JX6t?NE;>FbPCAR2}m`1^@v{2Bp@O5QrbM5(ncBUxdg<6UJB&-1f-ok z%=Suefx_QRwt1M{As{a#AeCHV=kaA|^I`(xU{|o+0`gJhXC=4O`}PvlJ9o~Bqxqt=IVJ(Yva zrTm<5Wuz|4?la_8=9l!eK2cs+QsbSI;jx(TcptxGuZ#`n3`8US-f(+uq`f^-i?lWTFn%X@Nq0hCF-!ulB1+RT zz&~=-yZS?+epj8-QBmPQ;dhocxEp(V8r==0@H@)={&JU}Fq+wFyyaL84G0|yzZPB& zdAHbKlh29B$)y~aM?85X-3Y>as@lrR+N!#Otu4W>s&=hjuWhgDGB#M-0vm%pJ;9ou zp4E71ytAvOqnh4IuI?~4x}1&1_Udk(&TX98)HIU{baRNbf5f5k$~tN^y=6 zBPt1aF|6Vl8{Q5sw7czt{<@gAt+&lP+};%IEUB_YeEz5ajP-69>^5!+S(et}fmyBE-cmYeMWsDpw6)ikHreZP zE%~**rAUEeWY}8%26A6W28HR*V5m%c$r}UG>lB6;Z@lrwi*K4cE8hxrYR#WDcJn1S z-E`Bn!S(=eyWP?0a&nzT)@brFvUHijIZMl(Rh2ME67qfT@V$rt=zsKJX^Gc?DfUl1 zSkWTIig7gtdJl*G4k&%WrpV&D+Nw6AS6^+m*XqlxeV*G}>tbz=HQA>f-#yWkar|n@ zSyWqSztpnev+{wS5;kgC4F9b zX7zQ~R$q5r^|jYkUk?mUwiIKAQB!mm@J)IvuyKg{pf?qjgK=Ip+U-VTX{j-BrE#CL z6&r0fW3i2|N!Gv*Cwmk${ti#P592r5)A4z^nBh4X%|LGimX}A$4H}KXXyh-(NBNz< zJ@35Vo^xx*t-Z5C>d>s|ZDWyGEaLG*(hN>&#_v2wY1Mmc2T2^{EWx*Y=(H5hX)qgw zd;jEjo^?;luYT2X&shqmn(&+IKSSmfl<34?4dPD{G);SE?CEQ-QHR=b_uKI^?>_h3 zyFp1A=lnPPdt&z@o}DxylkZ6IVOzlKF%-GA{*n%RN*&n;r^#w}1S`bV8Gy=3tTWax z4P3wzD2J9`9KW33i4~5^biYFWi_|XV6K!c)jRyj)@o2g3VL#7Q^Q^$bCjP)P6}%vR zsN$LUjHBA~7(HT*895Kf|LK3Y>)}BBGZWWVJj3sg&wQo=|2rSDUi{bWA>=&Om^*SB znvtT}`A+`WA-?ExtQ_w0<3&a^E~GP_$TOZTHS=CoZpxc7uK{wcfF$34*do>OA4`8i zo8+4h%cXYy3kiSsDt7FvaiRV+GOX2C0H?mp%qW zpMcztx0O~vO6ff%ypxGNf1=dP>M%O(0$8xTYZ@+=ntu?xh3=gyJ;b6aYA^0-_XIAH z9y%#@Hr;y~{l260!z(w&yo!q(q-NhOF}n9G`kk-zqkG!&O9IkE6=#ckE2TPi70nH< zG?GCY2+UQRM>e~*skcefQ`gr6&zmgVV0A@4&S~-2jh+%cn~V*tu8> za88BYb1u)479cT;JI_cn@&Aq7Pr5~$q7{luON&vYnO0M=%~ouJX_Mp)Qa`&CYb>5y zr|OV!O3$T57E6)AV!0i~fV$LgH5ja^1(?=I&#^tK>i>*swZKqP@?cR(31O6;145;m zxB}CqQU%)pnG!Um&LH(!dZ?)>M5Wl_C`OSg>MASh>MAPh%AFRA!(p-DFXQFwu*S<& zoBlJVidd||S6AoLmzL^_Y&PlPkk=Oq`MjYri`i_U0-oL=+mL@D-OK2S3*1D=jFJhQ km(l8XR#ru)QbUaO^*N zjsUV?BEQ-Cs>v{2A;<~S1 zVp>=Lrv61R)8K|)CdzXxKC@3)3%>zOi;y1ddPxC*2<=!td z*9~WjIgh628J7a@SUDG1(WFmMBK(wf7FHA2^{Qt=z=q*~jty@}OwPO81mN-?{je@s z;>rEW8`!ONw_w0cI11mcYoT~;SP+FgorW1|f*CU9x^OyNT#@1-ML27_5YJYA7T%mV zJ}?OeiZ)ERP4Qnp%t<3Zb)r5ihF+XFy=n}->{I=2v3fZpHIj2R8Vz-#dm7Y0ngb(= zOd?JcuXkA{a zk9Xd4HEJKRM0`lFA8IJC;byxf`Moo*99@~jSdg!931R^ATp6R$b|4b*Hc%PnlLtN` zP+0tmP~PK!s8y&h1}eWRR}t%uDrFfJs~lyDRc+QvSx@IJTIvVD(Sv z_R5yLroL#=XyZyZhM4?&}Y+~mY7M_$?KU$xj)xT|1X13D#3&*UVi z3D(VP%d6_m)76UZA)m`Kz)uINID)Ld^bCa*n8$Sl+c+IY&~=r_X@%c3dbagL{b2lJ zcD?Vu*5I&T99lf+ajGZ|Sh`gQH!cm8@+7v8^*8V>rw9esC}Qu>hVDnYO>F0&S|Qz| zxGgvPmM^fz;R3cCUfEaI_;Y3=naXoEnq0cB-~ORt&&5XtWovTZ%TH1OC3NC|K%FCU zgWO1R6OE7CZ-o=tB+as}lf4`>K`x=W%K~GTD+|oTaM%C6fzbIC3tsEJui_VeETT+z z_l3MgDRAmJ`8@R1q9TqLdkKZVF)*%zV_z~6V9gd&ck{8D8Y4ItVy*NNGVqF{?ygtL zD)Wr{9+YKy5}<8RkgHy=@HO3Bf4z-&%;|zDXt5Pm1)_O_c}?nP@=8&~E5Ww9wC;c7 zrx9$wt;BRz=S}yZPIt&g7xA%i)vIu8dr69A-LcZ> zDrAiZ`QSm$UpeK@!{?O&|7*db!1iMCoMA(eX~M_=h5|qj;xY;+PrLym1s=xNB*9F} zwY2=?W*syKci_`Aj-%hx-#WxH)wO6Od)k)YoMP?U$Y|ZPrK93x3u;Z`{r%(<#3Uix zUs+Zl($uzh5`YNM1%^}(yGbA1U~6%at<&9zxish)A90B2tbTZN?$|2faPO*W{yVY< zcf4kkx8T>}T39}U4jj1qKHYW4BVo^t61`rl%eHda@J@kXYu_1FG>~&SkTBuWvu#UE z1!U_@@l>XqCjY!JmCDGI7 z7GY9cmxzWpk$|yJ$sK{&na;+L({fLn{D5aqb#nsD9b|j|8*eygkoYyijie-86ft(! zVBH_iuT%;!w_}sFD4(C9Q!GE@6wg1LCIyu$jrH@SBd^2MAD-ria(gq+>I_M7mMV)z zDv0p_#xT;t)(CYRVMc==A+-{+!YL3y5$VCrz`%s~e%tt)6^>P%HU?N)7zyrir-M{e zHu{gy^m)w_Nd}6^AyB3ZC7Z~LMvO9wADW}WHinC=3pa?GBW2}B#h>O%nq_9{aYdN?*ArW9&?FojtVm%gWBeoSDuyHLWo z;|?`B7P$Io?n0<~F_gvoE()kL2<1$(Y?%Xs+)h$z`f?tQ? znzGrqyH`XTwbTSAtYCQG1ipNW0;r-n*#>q1|fSW9)uYf z11!AHqIc2;e%W6NO6h-7T`^#V3Eg0|YS;v6W}MzNGCn8M2`RwWVqUC;!-YOFzW(sn z)D|o$7i-x;X|3;c0SgTvT)S7Ba&gckWLhKw_`CFJQeHihnB<+TugQNDrz8seP4%e@ ziDg7dAec=ej8#@Z&aDq4KZ8;{KgftD2rY}2;Lchzzs2@|mVC=w7b!V-e|x#0;`p4V z@B;~AZRR;C{NFIMP*SezX<*$sza|kE1TP9t-|gVL9+@JVso0|%WL3qW0aXmeqLUDJ z>4yB2g}S>Iu4M5&>T!tbCcy3lq(~%N_4(16n!AO4%3+n+uWP1ZW4jEJv$6spBwM=U zck4KBsIZ4Z{+(uzceJzQ@!K`bz(fPNrG^kQ0C^*eRB&=+yT79jWe=B>NLkWq0#L1y2@qyL^@B#5me-*B zfj003?g8X;9*DCT|7gO>5yM2tt`6@&koXr<^gt=ax@j>82bck1_HQ<7 zVLibQZtn%w&Dh2#_j*T9t6n8k3RAY5N9jB9k}g;PAk6N5*Eimt6PRfz)oxw_ zP=ureNMWi*pLBD5q$-%%VS+0u(zDUfo;79$Wv4JBv#dhOH=66bXxe|}eke^6LuQcX z1&C%bagi8MKSq}-LQx>sqe5UumX~?_ivw`aB{(;?n}DohwAq@zvkU_(~G!_-Ywom?<)yl1CfO~2Ca=k-Rw2@3VHdglBj15 z13(3w4)72U@`w<1B4lbze^&p}$VFmA+T7CCwZpn>aqnOvr&*tq3EUB}#utK-0yW0OKv25<4OFj;Ezt9B*rlyUB z1>{WZ+g9tOVs0+7y?n7^ica7qeuvvMGd9^YCf`zkdBMq)oIKsxvmmGHO7nr=pQR;y z=3G-}$)_U!HG&D#!X^0>gJ$Ha^ljM-Kz>v6xI1y ze5(RJLrQX=;Mi{{$~r90BU7myJohKTGO0`+l`-yl3uLl5SKisDlXVN7?{U+qeBRM5 z?s*MJ$L=~50%(K?1c$L`V>1MWhcQ(Q6j&naTvhX;;{LI^64pcc`HC`J2bGS~9lQCG zv>p59merD^Y#=snR7Ty0A?rxARgL+Ox->;;!jM(^;Z6b>ka4%K$#IHu5^6TEx@5S; zZT*n4W#x^tNd8{oq?rzwg!%c6a_SUkBVk5VB#N9zoI0KrrHyjiF?EE4DUqSC_T|k2 z>|emNT_~T#RFFhSMm}McWu@3Q?MKaA*X<|W;CLSUWukbJ;=XIH2~$v%WHxk@)3MLgsG1(3wQ)1KEgARs7~al10YxE;KkHCC1GU|c*X|MbH_1tH{xc;}F@t$Pz(}qR? zops)6vEE9%S#7=|Yql4>kkhsu%P<)VluzqlS@JPXYLpp|l_ABVO*y#uu z^zR1ch3k_0yfAZcVCGr<-014zf9XaE-b5>kRakXRGwM4*d?7u>njHNfwzX6Vog7V; zgl(c09VM*jvhmqy9_eRiJ>t3~-gvNqW_pVZ>!?l9CPK>j0(WzF&3CNi`N-e~Jy1&g z&`tt$z_noDb_)@%%fhxDy%2^~uEVIGkqk3l)SL8!FoC}r7U^BL>}M!0Xlf?~;3r|# zjLL@apdy|6)Jw7&Hph3hD~6;WMqw-iUNRka$T9-?bt@*}cx&a2+AFHtY#P(YDJnAW zsY*|iCCW?7)6XqRivq7T%*v9M*Uc`PT{zDR8))0l^D@TQu}wS0$x_W6pkmCU<$i3Q zo6*`LV}(tM5&?PvO7V10dNDwso`G%m|;AMTEr_T$y(!M>p()#DlVz^=;z z*;N9ccVrvrJcmrlbMdUxvQphwU8* zB6~%A@)qYJg~FxNMol99a}>Av!Yb5;2i2)57#cX;l zG${&}^!f@e?s?jDp7r&UdOl~y(5Hp>z%ymEImcli5pn?MP~WXxwtRiL;^e}i?_9r2 zl*b;U6_ONzhC2a)8SpPva16rfL|ESq(XYtgsx z)>}d^5O*D7|NGrpPN=P945s{|MS0U&lk%A~7d##>*Jqse2aO%$Rg1$PI3eMZYf=As zMa|>V2uFX1B1Qzh*9?daOC;_HT&w4i+zWBn8e)!2Gg8wJ0>;ny`!-WZ0@0LcPkf@) zEn;EVDD+l!jo*uR*m0(p+dfSPB2-90gdn~q6G3n6L$gQc;hr{j*Pis9FLQiW4PjxKOCVj(Io?B(itdPf$XI_7Zu)AWw~U zyTQKk4*|?g_!T5HDABHKN7)L9uN&Uu_Wt&9dvX`Ptj@*yu}ROM<1GN(JPjDPUL(95 zwSA%I8ko^=q2~-43bH8}I&h=k?U&h>(;q#@)Gl!O&2gKcB5(1Og0G{L|4fGxR&3Yqi%_Y%8;vKP5`fCr%mERGbx9*}|7I&u~^R6~lWMwC%W)wrG6h9-NFH2haG%q9U@2m1kqITE zxCyGJB$X$qIlFg4sPFar${U)zHx!M>kTW74m4x&y%x$4vj%LzG`em{czQ44(&7aGg zjCqdXXTr6wIrU||iE9FZoXmuslHdlp%9q@zdpJ0BS}nhhnOve1C5XAo1}6XZ-(o?& z8`7BihMzFZZ(DDvf%|(plaKxQF10|zaJ9;{H2vx- z+lqi26@-JCV6r4PDeQDmD6;m#*9+zQmV!l%2G286j1xF}FBs8bn{JeBzfgNymOW=D zIos~BeN%YE&7*?7-4yzZsKeDNX{p@;24C;Rb`2Sn^A?{J!1=pZT&@Wo}Htbn}e0B5eRpphlXFD^Y|PeC`$H<;&s(q$m(kGc{JLF9HXTTm@37b=@m zyd%8#Vy0px(9XO8xARDHUpgGL!9*;HM|3@mY)jR)=n_)a2~0J$ujS-Z!VyJgKJi;) zL{i+K-`O#$vaFgWjp@JX&rJ|N#fWwB|4eD!ID`qODb ztkX@0NFfyZ#Cz$`n{+NUt@~i%6W2J4SW?(Xjt8J|y^R8Wg=r1TphLiGca-70(-=nD zP$SXGmn+CvrqhKzxxbGb)%FvZ>JRJ6|FCt<|o#BXEm>0{IiE z<%b#G#V-=bQ56lxbiCmWN5i7l37*a)8ZNn=Ubcz(O7ur3ok=+#q^jV`L6gx&FI~2({sjeQShse>I>Qk4+XpVu` zcQls$Se3&zi1LgThlo%`d^MYx+GvlZu!E5G$fs)S$%}60*BF=cUq2d#WyCL(kY#Zr zT+MO1+*JhM$@ZDB5r)RTIY)QGAD6J~^as@-)qfG2Qb?J$6f;5Bv0yU{@yfF)8pT^w z`CP)%OgaUtgmt*aMBT{TtZn97;i&&k5i;hq!o|S^ratRc!aNrwp}RT7px>(m5jxt` z_O_;7;o|4o;95-Y-zVxO)@Ea5U!WKdI}yFV#3JF(CI$XN9mV9|GArEYL$q8%7exxY z3r`$VY3A!$57@oCr8y!l7}LOeNNG!`8ip$pUpI%A0W&&I_CzCT^yM~VYI0Kh^`NL& zmNhVaoj8$n9*ssW*gd9V*ir6y8X6qgElFtAZ27p2mRGs^HIqf-&m-{l7xx%=S zcKHhPc~6uvPK*jQ+-McLqlzp^j>37|TBlYL^70;5P5&BB=}y`K{rE#cfeJD;ZdXiq z?5c(2_ihlh$WA-UWyY$!nC9=xDu`zrI)PK_MZ-i?>!1b?nl<3ldA1a*Q+YU^g2?PZ zHy?bUo+Bv%2}Z~aF&zy;H`66t+3HR&)F-Nnfm70F&z@BeS{Skp2ybK)I}T`kGxw6# zkqe3@Rw&{8W3b>>Y5{9bmnfwGdkqR2$9y073*$rfxxD-H#Z&TfuasVW*nw)d;wjE^ zJS>W~t~r6Rs|d7PQQ={9JFfl-3HZ8}d)F)ImU5fR3-IeDL(VwaR**Al1* zH!6k1O5q!G4(85}gz;D-S`P@W`^BB%oPp51m<Tt+BBISfHGNeMCPra4H)4`Bc%br#sE2;({ zwkPhpL}m3%;dZFR)bF?&?bEp?SOa?@@$JlqZ?k50Ms^#W6S&O4*)q?&&3LNY@wK+*{OL`knjl413;=PDXD#oFN9`C#go{}q0>Zh`P_nQbiI{Z7&IQgfcRMnp>V;}u# zl(9&ez)`f}^L?TX)uMHs?}`Xb^TrNcTG2&_R>2@b-BhnlZDSkD!kKS9MJH`-rV?Om zB+YaXBk9$3vjp9sq&;sqjNjn9_>vL%3AX8Q3IC-Jf5*z>r3LgjfeEQNE%u1-fyg4ZGq9 z`s5^=SgT)>Q{fXBop2<0m=y zVw?*>wd@k^f`sas`ZTw#=>svoIOZ)Y#KjgEXwcLRLXw}K{-P*ls&UBKhHug}0cASj ztb#vZrBQh$hk0#0J-SSjoByYJx)yPu6$1O~tT%9dEStrFEnwCjygrEJBg<-~$#usO zWT)SA7OUs`(Q(@Swix?nZ?lA-1!uG4#UP(a)!4pS@s@Qe4|#8j#jP%&W${0Q|2M_J zf`WbTeYQ;*`u-7ul^ePHxBZiUl0qd3Bg5q#QY$(U4YY);N*>ZXPj{&GnH9GvM>rJ< zClka;zufm9{jat{n{&FoJq#QyxSZWejO%?LLN2;toqZZRpI;IGK#!K~9a;gz=OAy3 zEi(U^gQBbM$;#a*-!7-$!7JZJV|}!sYJsuewSlZYq}Yi%=dq7xwkGGlSrt%)p44k& zX9`}@uBg@_r1*6%Yq#%9UeR`R=~^;ZMTtaMuPf-;RQY)e(`T9NTV(l=tZL6&VbMon zW2fIzUI6!eOETi&R95xw^Xhutm`IP@T4>CZE(}dpIIuP_=gT`ht-^;6lm8*UiH}y2 z%#Dj)5cAJqmu{m9YAEz?u^WKA`x&rW>c|kws~~D;!H<7n`Fw)s4V;X^dXAp{3Kv&4 zL;jQE141Ef_E4HC=nG^-p-1wH3~%as8MiVP~ogWK7F+q_W;u(^y5cbHg4j zqchWtyf3}P9vA#y%buv6O<=yI0j>x*kbrLvqqY$_;MJjMIVlmzwnDjEx_;%zOPCD) zx}2|e((6(6&E!%A=&>6&Ml&+g3T^iD)!MBd7{BW27wLx)uX3<5?2M)G?Tj!)xK}%;IV$)IL*c?k`VpzJw~OIL_I* zpP(xa%sKDC!*RGwH(O|Iwl7_JYHR+3#y$X3^oTO%_%i24k(_2SM6^pJkRMhDE8?2jfR6TS+`$76$q-}vh^IxL!Q$R3n3u_3BraB+^7@g ziPOPh#n|$ru(sK)Lx1rCXK>XsC9)j* zFi0KS?Ky2vvz zVsc2L8RWBC$PKO-jbP*p=q#2)FlQFU4CKhH(ng0QZG?Wj;tR`cM~oAUp&r+u&?s3X z5>cwMca*J%YEYoAoMrF}LQ-XB@?%e2xhLLb!RmF7g10|A-7|Gn7?QIS-~_|Md7Cd8 zU z0J1c5Jf5Z3{q!EQ=oJ}$mRj0_lCD-#H_`Y<&@5`OmxSoLus{y|<|)R#DvzPgl>2lN zY(04VOHXgM&Sf_Bu?ccxYm0WL6x??CnZ8?V(-fBRa!#rjvDt+p;#!QZt`e8T+h?s_ z!N>PO-d}ghO!^=?;iJ)LezwH+^yb;bRFIgehNhS}%V?{$3xpNc7_HsIb>DOz*kvZ& znRw*OWFg30`gKxTh0S!nKR80qw4VoT)3?4e1(2@@TJaUp-qR)lJ}@ z9rMpRO*?Jno;HN8=LDArqR}^owx#tkDapw%49YRnM-HgSXNG|!Pp1(`_Zd6HcAwnW z9&8_9oTG9vaE%1pJ=q_bzFW$+m@*AF`xE=Z9gXWfegc&Odmqb38kf@7FN6$vslnZ^ z$YyL7)lqStNiYSMMi>kQ%Z!mKQ?Yg3MdnT@!!EsQwSiUJgG$n46Iwn}ONv>M>gKg5 zH&2pGE|p8APx`VmoV%0u{X2P9rxFCspd@~_y&UB%ugW;Q@UF*-ei^9RWx^2E`&T46 zf~pF#_HUagvz`g)&Z5*(Kb~`my#eAJH3z$*_`^og+mZs*3a$i$h|I0d;PQ35wD3#gh-PS(DmFFx*{1$jns z722Py&D?^fVho?r@=FJO(|b-1R|){HXI-D(49Ya zxu^U)eb#EhAp8tS@m#$BWXKeUef{u9vWzz=Tz4mYXP1^z2 z1ss~%oyzh&%@Ondee(7o$JF09Z+-P1u#ZLnVn6byYV%b(lDP$*%^^dMlA;)7CX2^w z(pIctz}OwA=0(B}p8{+0!5Q|EHe+Q)df@=x9+M+jq_Bc{7fjgpb5v*C?0-1ga7sGq zJj%w+<>u4SnVIN4RfcoUTG#V~4;{}sw_pYjJRYuIjAO+1#aIO}MZ+SJ7VZhnfrV29 z*)Gg$bOvyaS7E}%h3NeKe5eYL&e4&ruGT3RU6Jqcuh5dN>&6t>>BKY5qOK(%-fs)<#DgHe4i zl_m!XyklwS2LqK$j4ZN>{S-NV{A1j2^Rmh`6v?A!o)8K1Hq87yT{>r8XZnxPC8w!r zi{aK-vt71kX=7fvYk1X=#eJHKuc`8Y(9JG)&4^z6{8@xT`zymz?H$ zq%Cth%zCs+#oS@YjSH9Au9^o%&qNms_`enZV5&4zv49t;?Uf#`l(o4Fyb>R`Nx#7D zCP70>94pAa*WUS@vXQchSQG{d!Fn7z;dR!$+-RaItS{-ham$#x8I#7P8uQF_9&2NY z#{0(0`-#Ujc@hOSr$Vc5%!2` zkI8)os)$;mUfl0LqAqkCvG)RJoglvY51B3}H?G`Em~0!4oCm;ar1qZ};gTu>mv^P? zXyYsD0ekb`PHZmF~6QawM?JLbl5l? zEFGLJ>3HTxD?DQecAe|xXdap6r5mzt73OWkahNLm+z1#v22k3L720JfC3+^Ut7J_s z7q#rjwLdLJxn`!PwYm&UVp3)ZTVhkJN`jJCHTHOD=t;W_b$^`>PnfP~FV@6^DM`>Q zpW5aX&B<5nh&vI7Z-Z+sSCG$0ra`#+fo&3+wgv(Xi0}1F9KA}7ELw01Y1G)9tmFp0~G06;o^un}aU#vFSigfZb)Hck; z8RQAfR#uhXhKb@5DTB%y9!|q~SWf(s5o^h#VQi57k~2#DHh;(0==VG^+20756jOjme;7dZ>Fl^3n}` zMp@!QOenZn%A&0Sw+_=(;{{i@i=|`5A0$i-`D9wXI!`W*vyubyB{nq1GD6yG;3uM% z0F&7AavStC3&C!)wc#1cOQ)B<*z@Uwwv(=uUN4QB3jjj7z*O@`M?6ovtL-rul-Q^`X>g=CNkc8iN6GX z$?&S#)4sqhcDE>RIM*pBoigj@B|MC@hjw8V)zM-2llhIYny8FcS`?8|u)4A6I4_b; zxBtF#$s5dj89LxiXi=tsr0>3@BULGrD7jfo>$X^MvM8Ji@f(MHuD`ptd*-xf!K)}A z`cwPF%5)_M0gTqgV|6dKs7K=}a{8ClLrUDSt`V;#jXQH{6@6kE%K^o3nM80>wHgKA zpYtkk=EU>+_})zmuVT&&_k!2e!ojzNsE#gWCnJD^HPw-iuY_zT<2mk*H*|!lSnO)* zz%x0I+&xns3%X*?6?8-EK{l|ek^euEJ-U*f%1@wD8c?r!3kqH9_re$Ng!9- z6lqbM8LLbInR990YDKS2tGY3Dt1D~}b#Nc?TqKN$4ycTb7Krk`gs zRn;wMa{T|ebj9!?$DuOb9YEpGq-&V?&*or^dzXb&+6p$eK?Q;By%-u#aJ0e>@L|;v zgWu*1q3uH$wBjj(4)`b+w}H?~-T=-$ZH!uOw37n90L~X8dZ_cQXX5*(VRiFyO<+p~ z6^qssb@lzYXGSKx)@gK=_8^rAYQo&OjwTfv3Z!u#T83qzW(<6gR-9WxAEB*%Q&~h> z%5U6rKkxFsVtFb^x@_0CDV8(eyW@4k=={KsC(f)cxX_ssyVuWGKW_>o+~&2Af;d7? z3hZd3hB&+AS?67FdO;pQcS+?eXnju6KVw65CKMPr2K$7$GvuW~!P8zg6Xb1;SAWrZ?HU>7k)v&HpQdr45W(HXitwNVuJE z4*hZ#>>b1ei@y`Hosw*4LbNIW5YN`;9e0qmVcYXr&s8kC(TE_^WL=Qps^c?)>$-V4 z^UrR^dzgFRFzTgl=Dq$a<0qcBpa;bJ^`s~_f&~XM)X+{LOML)#ON}mJ!YETCiH57e zp{9^L+`eAaL9feH2{jfRw(Slr*_h$$c|}8{bUS7o@O1B1&l$)Ce}Sy-BR4khMSvS&&%7vN(0Nn0V>8XW zb;;`YR(5dz%)Se4NLX?pLT|O*EHk@gq_(`R(1-@^mBV0q_{m?T>wo$GGT9iHN9p$U zcXiZ`Ou4o6iaC;9tZ74}qx0^MQ5%YSrRpwY+`q}eoEwR91LYfwqVEfnZ9^1INq$At zJv85pX@$bK9=?&YsV?Yq7v;!$J2s3l#`m;(kUUG-jlmApe#Pw!Hlq&q?1l^oqRyf< z1$n=9Ow26cFIVX{%5vSY3w#f`7(01-=Wf}&Y&$}mnQC#f0fi!KL~{#?^^4KwuW8>Q zFXaU1)h&SqOJBY)|H`=a7F-d(aB?bvv(@1}Xz!m1jKo(^c?55ST^cxP$_xSb%gF3R zG^-P$aflO>S$M^D`NenJmnVpi)5_)Qx??7Xfm4Nx9WiKtnDJYIoGniO)gSms-rMyA zAwMkV&c(8#DU-tBu%7W!2D z)E(-Ns~v*8cwPQfknRVrj`P*eR_ zTq&oz3cF|fO*-l%=eFaz4vjXg=x>A4$MlfZXXdL&~#rNJN~_(Ims2gs93Jup=3E)3P}}#2dJ1O z*n#9J*R@`{Ac0E%E8kta4&{v*9FVD~Zb!mKEEe6{GD0F1320(CM|}*_15nEFMb+#fWR$j5(>ffn zSRf3Qj)+;sDG3M5baf-cS;$pfE}n5FX#|xPWi2AKLoKIP7*`mIm7aT52^7eWvZTN7 z#tv|>6edkHErH9eOLh52LvVky6bVNMXnca;1Q9)jh)n0)@9>{djfcAg$l528eCKz= z6)XI4aKehpvXh%`oxqIY(zcHfFJQo8!9td62VHi{+CBVEk7q)2LyL=Dm0;1;$u})fXXQRS?(41 z=frXsBnTr`LUV!vhRF66ve*UCDm$PekD-4+bcB2DAN%ftv@e#QOsP z*W}J z+&?ARW(0Teg&cW1;}tNrK32r*5qU6Yndwkin4k#-Q3p~!)M`wDk}HzafkHuVVUbo5 zsehfm*q@WY2^A;nr`aAL$w%lv82boOdHvh|TC9zJ!@fK#0Xiokq5$E>qu5izbh8si zm5)kwn?1ab^mnwOlps1kl^1OTvHWE$$|28hF7A_2pYIBui`B5ZWW{{TL0@qy?J^~8 z&K9fR*qb*3*RepNzvRW_gyvS+b70#!750mwP-N zBCZM{KZMD;vxK~V5S&Eb@o&C_Qan{W>5~@s(3pf>L|kn+UD$F>!W&|qE_nnIg$`l( z85y`wE?L@w0r;xsJ-Hb=IFD7WesH`EZf z+qV7y_PeytNi$)F#V7&F{!tr>Ao$aM8k0k?=_ha!N$CBbsFNX;>VY!34_6nw7?71T zjOb?+(YQoCqwA6QvE=kRw}EWi)b}{Cy>D+_(di4hph8o_!ICd{aE>ysa)Nbp+yx4F zB4v3cRePnOS8{VJk7FW!c@#o$;y)uC)aldvQei;(9f+x~7!<59%KrHq3g%}6LwmO9BNQ;#SqOBW@}YnDbVHk|A3`nwUJ zj)Fn?JLIBaKnw?@=~1piJO?D~Qn^8F2js{F(?&uo_E*-jX~C=vY~8YV!rTy}l8UCu z`zT>4i$=+NI)QER%g%y7f)nHP-PuWGf}-~t+re&vxb}MALU<`aH+g7KS7oq@VV6wJ zC!6Cxk$3=gb#%`mL}?9kAJp1UC`}5OFgX^x4}6%RHiT$YRCzB$Uj#l4pjjD_H!7}U zUhTUubtG)f;F;Dm%y7+)-6XnNaCK#3P9vEHHY{+QYdL0f!-~-{`d1Qfi~%{sYZ0}KA>Su^LB9e(ZTJHR|D+R0#*&|+OhQMG$W25w^ zMb-7%JlLVbAimG%6tIpDEXbGeQ_Xm959OCK&MUklH^|rf*h36(^RMp`|LWc$q|8{m z4t+nB7WVf+cIT{E&9Dh{otiAX3OdF;Z53_u@H3u7*S7fgi}@y3CPPJJbQR zCTb#1v%INy7pBqh29WpCSOrVbse&!Xo`0krnHeiXaVs#Pd3hTJp*Af(H91_Nn1(^Z zXCpHh3K7S{J(M|I`7g;7kDKDSje8FgQ#Td7=BdEAo`fkZNwIVcQ_QND6~nE4OdX|X zF{SU%Z1b&i`NWN5WNk_nCE;REO5fp!3CJ&DaZuLCoHb%%(3cKp%zq{LdK8sJCa6<53o2?HbuhOP|@(rCBb!$uCc64NbnO7uYdIAtV zX(D}pI6*u`emG$=`@T3q97!Zef&i6yVZt9Wb)y79TGB)X5e`%(1z{GJ#rc5b#(WlQ zGfA%X1^;NLd?xKv3AT2}Fwf0BdhgQ-iGO!~Uz%!6|_0SsL`rNzk zB*_?)(k9pZSgKq1qQSG>_M+gsF^mW$)yFhg>yxrBj|fCF?FZp~;q->#0@k8ok28;9 z$T^0jZS2#iFAe!*a85wj)c6sbSK~y1cus?%dB#qlpC?TTCDkSs1ZrawGLMK<+s3r< z?h{iwkBD_K56OK&Ddhe@se}oj7TXC^D9Ha+i8MehaU-ROleSWckDS~?N}e?Aicgym zE}}rCJ})Z(0{3|cZ2&>yN3f(QWaCOIb~2_&Fi5^jcBMJt$$71$F{T!68&~XxQYs}v ztq>}rQf#AADx*@a5NVR;i37D6q(=~*s8VbfN1=e4SW#0~FZsj8m?*RJI#ZeQrTO#D z;ec(YEC2UZyVZEHf?v~iw=b)nK*u?0DnkA1TbexWrZS&tE?qC}AKkU%Cp>}Uxum(k zlCKLMh0_c){QIV12XsWl22dle*v6mPH4ES@h*_Xn00J<|vKiI+--c-QMPWkrhY(qb zzBC!CA6WdrhW&;EAH?+B4K1@H;ataVUR)U^CX+5r)2P6X^6vED^WXrVDqq|2{{b0} BX_){3 literal 0 HcmV?d00001 diff --git a/2.5/assets/fonts/source-sans-pro-v21-latin-regular.woff2 b/2.5/assets/fonts/source-sans-pro-v21-latin-regular.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..e49928e8297a96a91c41824c0362e354e6a5c867 GIT binary patch literal 13036 zcmV3W(SHa8*XJK%(Lzcls90u z^`CW0uA`!yir!;HO3qi=|9?%8W5i%zH&E3tMPL$@D3>TCZQ-!O+R~&Vk2D2(NgfQz zgVMcbf?Z+d@ag-G%YDy@9_-&5vF4mBjcO`&*xBt0Leimd@y*-)q!Jj(Y&F>@s~rMvI|KqD10z+2AsU))x@igKXm;J< z`MLFApBycWZ46eh$Y#wpBEq0-un^A13KZcKqtLUe?#^n=^Aw){U;E!a_m00m^UV~O zs@jNz;?|(jG_g9-R8Il?@2ArrwzX5o^3(}%BH)i0hKrI@Y*n?DoZnIZaIj`y!kHzS z#tEi)q(}6roIfbsRF*0IZ+H9ZZ6auUyQe)a5t)V|NRS{RVcz-MWlZg(_wRfw zXM#jX44w_5W;1(4)EHveOVLK`R~HZf1^@s6Q(>zh8*PLfbO>_61xQN^GG!VvV-_-R z5rzQhP8uM~?t>>`^S02Ng2vHnO+xl=4muD*0Kg}ONIzDLSBxBpu2yfP&TSlkfy$rQ zH2}1YhdpSE>noDLhF}0H90x#v^qNjINdO_$`a_rE?3azXc=O@etGkwF#JyGh&tx`l zDbVM_p|P7+%Y_KH{%OJ9$`eesD=xK87xO5mW_z3;YNMadl;-asrH8=fLUrJ(qnSbQ z-Nu*ZuvEBe;Wes(9*q8$=gXr%_lKT*p~rDJjGY#t-(9K&Ea>EV6J@>dg^hnfGPencVT+B-^#l7;H z>5Vs-x8CC3d53xLJ??{#qJHrU3-XK`1|S1asVL>LQ~&@8F~|qwPWcUg``D8LF%=*% zg$clj7%D}lp2bwt*D~=)wThQT)9r`fm zm>)O-X7ly-aG?S40Nra*Yi;bNa_Zvcc~LOG)`WA>1Yhn?lPNN;Srx;+ijo67HqD5K zo!U9NM3^J>dd^cks7h*kCjLl})GJdq6iw%)z4hzw?Ii_)tU{j@Ss=@AizRl=@fQ#lA$|5y|CLtpFXXD+ei9Dkx}dHtn7L8%ADr0TS+)l)u;5UHvf3OHc; z;G4&TLZ3U(&?NSL6%G4e=LewgRPFA?wLK-Wx;e3voe`7Mq5I><&ku(B$G&B0+-pJ4 z*FN^>vRy)n!bVePEkul0d-RU$Gxa-@H#zS<7*?}t6jtW38;4qv4HxPgC5)&Pp!zGA3+^C94@*)#*57c1-VL zQk*>Cd{sD!X-f&Y?CRwf{9*F4S;aI5uD&kVivcUEGB|O7?XBV<6TsoOE`Iu{kEKeU z8?A@?zxMg}=|+O7A#KcNK}jPtizi!ocxj5SCzh}fc+NvwmshOy`LeIadS(ib7HnEv z@U62R!gydFln?(&&LA2ap_MN|!ND3lf*klw&J`DOtW}luS^siSpGHiO$p8!-B7_l9 zQ9??JOV%p3Jq}7b?4-PwDK%XKYs{Lp$$~|jJ@&*_U-`;*-}uH3-}%l?2=*Hv06zdo z7sKFJzPz*mRZv(|mLW$1K)p#dO(k*!P=uxK^XDlvArZP5#s?c+;0NvfI!Fd+FSSu! zLa{v^1fU_NK&4hK00Mt{qzu3Xz~P9qVW|jW5ypf89uQ{0CP&D+vvHaiN+npWzmbAH z2;)QuQn*NElfq3p4>4Y{_{haiZUOQNl3!>*P#967QY6a~k~7k=4|1`DDuaXyX{uzX zk*RJ3C|h}yPX$a!bw)YxDOVJ9f=O|bxE2YcBJ=U5P+dLZ@Mi+bR8*NNsv;`V5ILYx z(qT!;?`43i&S>wisCt<45w-a&_<`N}^qZ-zImY9Z4Z~^1y8OZXXNX^$DJ>52ZN7d_ z|9b2Nct&_+OTnP6X<~R`a~4)$o{aUUn!v#=APsS%Hwo})m>?YjkW<^NomQj&)ls$Q zmFC5iw-%W1e1OD}g4TW)D7K8uSB@WZ5W=OYIRRsrTLHHN4^WxM`XD&}3dcoLOf_@W zJ?6({OvAqBk26IMoy%=A9?Nj9DHDG~o5KSjcZz(n7?4+xGHfoy0p<#pNV<7k zk=OMUY>y4WmfHXTJZ(9hN4b4&5I_)d14wWsG=aTA@g>2}NSF zZF~84yI6LExI?74K-9&eZyI5m22q`YuAKR(4W=z2E2Y7o+#t52RQuM?{wyKL z(&ftB%4I^yU|5Up5*!yl=!%g~R(B!2STYwa!++J5y8e+m2z&IiW&nA=TT*8tF2s?~vgpfoLQCZaJz&9H}VG4-L?w#&5Qg4<2 zo#SeT|F`w2_E;1C+fa9S3jW=eJ2TUT(1X|Voh~pug{1(3pdtkbh4!^9uS{Tw$bo#( zLRe%xry%D_OP(Nqn?syZ90d_CrGP)y zM)F73XfSlKx3~!Xs$(IZ|{L+`QYj6T7o}hHxP`I4%~4#wFnhI1-MJli>`wCfo)*0Y4i*mk>jU`vsogzYi*K z$Y|v%Hb%EYu6gEL+&tS$Gvc$NprT~mbX5!8j~?9c$M7Q%U^T#cfDKv!&H`KqK8u@}=RSBk zq1{sZJ@HwwB^`aZ9X^<2wb`~l)|mdqXJ0L{@Bc`D+3dUZ0i3W+zaRYQ@WLCfytQU$ z5L+G^^`F)D6u?XW9CDN&MRr+R5CJXK0`FCP^n6_ z8np)08ETk%4H^yC#9^>yx^!D^g_QtE2>@mQ;0KWL4aofsxCMaS0RS$*z#$lP(yU%C zxMc=K?^XG_M2(8;-t-(^(W9zSs8`)0cP{WhYVisAFJP7-hZh)F;#>ZVG+Rf{~7Dcxqp;VG|)z-9_d`nDEFd{gO zd4$O{Giqs7)n_I{LJ#X69`*2`;%hMBq0E(N@YHxSXO2xz)XgWR;>Ij1G8XbkNjDNKYC4=}tn*sLWNykHQYc4lTTuuv%7|&IYPn2iuvQ6T zctk{qHt}pTOUS^8K#m%57UW3fplLEYqzU$_h_h-b)`%#CeF&JY=Rglo;_^SiK|A12 zdi=D6Fl0`yai1{8kP;Rloe{InRe@r2ffte=nE~!2r;@{*V>1BF(7c~>ntaX)9Op!# zFg#@WtRv>SMpSg3;AAoFu$dIqb=|@MX)w0uNqx!O?)Rr(cCz$j+(V zRL65UL~g|4Vo2MMpHB}JW-dEp_^FpSu*#CJKydHUo88UUvQOj%x!8CK=q=;fh71>4 zCz=m%{EOtHw0~U-sH@B*DlF>`Ee93L$Z==ek9>cMApXp0z2xuVQF3EVh6A7Vc6}wg%+d$=9hePN1LKwm zda%(0ZEdTN@x&dnC~v%JU(y;3q z)YGqL=vEly5EUj3F8st3J@Ux9!%4utB*LUvLx<;k6_Kz@D2Es)rpMIb50v(P=_iFZXLIQ+~d#|6H!z`VEX}0Kgk2uOKJEqx592>h^@;-OG zMs|>JFjx~XE48iRr#Zb;uoW73!~9UmzGF1FKn zOhW)MkQT}@ONa8_4&L9+_oGpuo>MgyC5w6=)yH~{GtQN}N-s*U@CTC`BIvOK`sM2- zm)U)Q74fqt?A`vcD(C)}7aU4`W${~QoL*j@4BZ0zWZW+EX1%Z0jm(FN8B$s@Koe^l zT_%$e&du}k{6Cbp!|GqD_Y|fX140in9&AwT()8~Zwh1CgUrSSR28gHLC8sEzNVHfunhWg6*jbSG@##!VaQoEr?;YxR@!c0ObnJQNcC<7bF6!SdAhvIe zpwW>Lsjq3zYtGfH+zJJXD zo>H~)=DVKjtU_wk`vShM`cnpVGFDS=~3R7e`g(#qXze;pW$ue{0R_~uvoz-WGqwuotda-w*9FGZt))ZZ z$+s~+RqNq`Ef62 z{+uPtFq)8Q8AOIP9c9HY;Zb39F%!~%^B?+C{$%Jc{xfjd>D5vY6O*TfW4c!9c7tW} z=YO`^9PwFZdht9yWwc2oA@LcpveG{3$?mlOu3d4|%)UnDp~6s@Lq1L|Zc?eBf(pI2 zXLMmFB(B@TibM~EPF_{Ms^-`rXp(pIlbqj(RnsZfWLg14rVs^g-;K8NI87B{hfqiz zH#Mw{ah~ibO45M!&+=p??|YkGCgx`JuC^%Na1DMgUnM&f<`e(gEUcdHV08zOLShEL z-J}FVr;s<7QX@hM3JcDTCgx-5K$xR1Yn%accbptYh2qOo1OfvsK|(IoWPps;Glxqm z#TI|-zgi~ElJfo4@Qx|FVzRV)Ds!$4b@ykt@~U>GKQJ8jbld|X>e8`?u(Z45 z_rKOC2J$pXM~{|CC+Su|kAB%5A`0XZhFsB zAgHKrNlMK4$)xpN=eM|#q&gl4v2vX-$2w$hr90^26>bE^=B-zILliFR|JdcNG=bM- znJHj=*>;l(@^>T*8*$zpSjh`C={VIYhh6aqPwW3Hh!_Zl8 zoEQbJhaoay0hV4iLF%)|bwA$15Q4zJwo4icX{qzyuj)F6X85`Ff9XDg+QJ*fq>3IM za9ETQlkT>KI$_>!tAequ|MHuR4C4qW1zHP=pfNZEdL)$w0cYt?aH=*~dIu{i%3I|2 z_5TsVzJo?Ef}S(vs?-KvmoRI%KCSyl=>C-adZw;^Vcl*>^~dg2 z1D2jSK~`Jy)j^fY>Enr+_vJoVwG;DJNXO03IK3Y|2;0AH|I6<3n1``v%^7yz$xpGf z-uT{BP6Y*|SXR-eJ5!#v3aiVceo$OscE2>tyEkvB)Xy@BUjYd#gvTIGzIOPl=ireI ztxsB?WuCv#@(i3Al2m#;2Hr9OqkT zoz-E`sM3d0tt}&qeW_BO)XsL4hc%?wgU6R@ z@ibMQhS%)za7X57RqRyqXtT~R+C;wa z-TeJ6*Zk^Rc<{sYg9LKn8I#?%g|#(~g&k>`hCJT>>r=Euo~~FUX!eX9)>%y)z^|WX zyczqbiZ)W=9mE~v>+}h^!r`TMf~)W`(yHAV4MZVdV>{`)C`rzDi9Ub7R9KXy;N17u z^Yf4ThP7RK&#}KMC~L{@M;Q8{{@9;^WAe*8oz;w>8XCl(H^wVYcVD%S`PMC$LhG32bmrtJk!+y4tj$)$Q@NxXlaVVDsV@ug4_rZ=a|{$$(c3;PRdi>{e# zD06qrDl3^fIl|Hml}BIxYb}}zA`f`_6?s{G$7^3h_iWoU`m(la4mk4)x18+xAG$wh zXTcV5?ANi`*}h$$l8gfogg5@<-IaN4_Ag+`%Zitodbru~`DSn!u5??p?wP(NQP`j! z3N00T^jlmBMV9TV%cU8rVF_+(oR)Z*)iE-nNY19l0t%d9!Tp34>rQ!&_+^GUNtD9k z$@N}YbAi%mP&g}c+_DlQ_5=I(e+opyHI;ICz1yRyuaT=b27LQ`-Lpi7fkpC3yq*d@ zVVPGH=E8xmatF7Ka>*Kslw#Wb?=a6^?K)|)t z3T3^^t*S3oiu23HRD}m4Es#AU*F^lY`}jZ3#4{<7Rb`j*-A+){t5azqht-gg8o%gE z(t3=cz)`8M>;<3C9;#PkvjQM=2L_wSfEr19x{&MeQn|6BV{6rAk!4r`+vcM1$Wdp| zvGERWLAp<*WXf%WS+*^-3qs*uI(@HDctJSApOn>fdk< zCZF2~%RFl((<J=s!z`pGR!5q*@guQ1?hFaI1Q+C!=i^>Lt zbQu4bq@NVQ1hnv5+x{251P|d3b5Xv)OEqldkXEC!jsCsaVDUCK*t_XTdhVcJgt-Um zL73;}4oX}91gvO(;xi-b!*#__eWY%J73sDiCq(J$q5242u?gv%@TANLO^ndDK~0f{ zIeHj~SpNT51k-s~P(O~#z}T?5&sVaJzVgN}{fp&bUYFGU^S7OANhgiv!{ z_a1qgUJ|wmXGUF2y^cUk7U^l41i_)9{x&i&tIH~9^gkPnm5=XL5=J0%vnoK zhzrln&)?$AO$RTO8~}xhSB*KZ@XeM~cG@blO6k60$oheAGV|sv-YSzOCXN&3`5hmm z*u_8Gkw)?TW8J@!n&UzJ{JxD{%hs$}v_k72x<}6m<_sS_sikG~6fjKdqB~)@h9|l= zpFN-b-*?FH)Y@c)*HSgPq;B|vJ9RAF?-i!kfm3j08ehNy_^MFM-+gdgAw?uIir-#H z6LYf*$5vtRa(`QTu8KIk`_@19M4mEDw5>eHq9wRUu!ebXR6|6uoK1z^Km1~oxg@;Q zm`Ax%(E3?F_`1JYLe;X8y>z`@sF{UH7h*Vauf!yF;yK+wdtu;;(`gB1Eu+zosy9w^a@*r*JrC#P*Caf z?n%`BA2ua{bq-F1Qw``RAu)dQVJDmy z=lP~vMz(6i2faKaTi*z`aAc7lq@A1ZISjntZON3PQc6Ayq81YjJeQ5V zg)korpV$q&MOYTM|4iYQJqbK8|TNfZ4K!#{L!Xw zi(p38F)N;ahq0+w?dD7WZ=SYwv4^UmYT5WJ33e|ihR$Wh@}j~&Z=AOymby&i-(_G@ z54(7m#*uc)xD zZ)JDgh61fb-#UG|ezZhl7(IQup%u6cb8a*VcWMwT)Uq}Mpl}NdCwCf~_+q(HNzpS7 zz8#YzP-T}_q$_lzo7!#8*^Q{(X7CDbFBg5Bf8N2A$WqlpQdJh#t~NNaad`GBK1D}7 zw@sJLka%l-4w*WY4=rN){!uaBuylw?EwGX{Tp^84Vy5y~!~M#xxoBi>NlA&4pX=j;{(upr1NJql z43&8)Ut%`5k=q9?hUJ0p6!{F1i$^19iXK7~p_#{Jr>0T(-l9S)eow0kx|r~j&gMDt z7*Ul!*+jNfD`fPsNfY!0NGdU?xYSS1l*?H>BSYvkfTn#anMIB>kzWVpnTwPxjXg7n zZznCiDymIl+W4#yp!~XvPVrcD!F+Y8UeZxH-mrAA353DR>Nj^SuU}VIruOo#9qp3b z+&Xotd6c|JqdwbK(1&go?$jbys9OP@TUa=$)6m2hON=UtfwB2lR}N2^U0RW@(2j0w zPYoCJ3;O~_BpzXb zB&bk0JyT;W0*%K*NBQM@{qjRcC0x$xR_y%9r9TuXbQBSj@agB8fFXhv$A`q5*B}3k zqXcvCn`&Nu^0CDBoOCPs*R$PdZ7TjUDkdQ@28Ghlym52`sPWWXKjteJ-&OPDqhiy< zTJt5FB3Jw8W<62v^@)QK>yskr3Sp*lcvcn-7Z@9YLfr@Ho655+bX-8(cO?3Ld}0zq zA<6)MX*-svP*yfCZSDeDT6)ISX8!S>1C%@Jr)s+Ifpn%6E(jLRWa_jckxs`HNp~Y! z0B;fB6NBrUm1V|zZEeQ;%2KklKyt64K@rD-tj#NoY@^rkKgoL_e_`G>cJr@hHb`2? zZu-^4-kJygStwuV5C>=S64^Kbj*a05XNn!| z=JEL_ctY(%zm%tSjKb_0VlF50QaQFfQnQ~c;C<$mfGTFjr>#&YOqnRWC>60Yi zJ8Q??OO8iMN_%9r>Swi%2z(edQ1)av#o2U$Q z`zilEG3jJtlMi=@lBZ2mwTw3B>cGo$CG%kmIAgs>;aXM~$3Teqco2l$J9wk-!(sI4xyft_%DT5Va0 zn);%Yl*Kw8iS4|vVB1M#YS6!PC)glJrv+?P3EF`mB_}Pvf8=P&W6?LPNu(+!P!bd5UHzEmBj6;lu6)(F&;iZargu?qlII<{B1?uJx zHNom2uABR{YAe3?r{%qjC948E-~tP+sGIhSKs=N}xt|=5|Nm+9-s_U?(1PpVqJ>ty zTH&^W1IG~!m8sv8adkvuF7~o9ttxLwagBv=_`hYh!(-_xGnCpVma7bsl!P8I38qI4 z=2kSH7Dp$);tz>yfa$?@xYDL!q})6RjSt4MO=6zVEM^m0lu%R=k?qtFU%G{Z(D?}{ zCo(A-egby`gWP*%T_G2}78FMi>XPFpW=ca+uw(g3!eRJ^+u^Ycl^JGTBbKR+ViLM1 z*>p1(4i-5#Fvg|(7_A$QXX9FQdfeDtknVhv3tO+NgX|~MP1~35&J~aq6uUSMu{bt% z3Lkxa1)MHHKnM5P)?RGUahwHnCt3YJD7)H*7atq}@@VATfv zOe#rkHS%~Wl9Q;diTEyJN*7)(FooC!j1~LT8jjw;QET_!-Qm!Z+ z&`~#R+2f$Hyo}`54<`IivQcFA=9xmufrv*J6-pxHj52`^7PBH8n_f}k720Skev$qs zh$I>T_SLKvk~tW9qyTGr0HMs_;_@C&kG6+Bqeq?LSoa8{`w01CbdMbCe7)+K>|Sjz zr*}C}!E?q=h-%W%dxK*_f};cFjDe`;iESlJ2ct70H43M5m4v1L;`#?h1cwd^zQeg5 z=5rJ(Q<^5gL%m!OfUC+19XhJUC@9U9kEjt;_J1gE2mFqI}s?4#j zI&~&k4X^H#RQG|Kl}C4|b{y5JSpc4<+Nc8gE&G-%U(ywo#mkkhCH~?S+vDqJ;{Qj^ zZyO)~CLZ|)QMr@@7bb4#)1l6M#W9%+;p-THpD3pJUtAjVVF1>;jDVa4H6o z7hQ^aUtm3kX?uMwX3%VQBSolX7A}qwq-~@MHJ~j^8Y%@=Acg7<9Fc^SDf^eaJ zU@xthLM^6I>#3CbNwKfc=vT3byFu_1cR|ME5&zym#Kx_n=Lj)6av_%Pqi^|A3}>MQ zP~=)(taHm!!w(A5kOdVR=CAm>t;4>$3txRkd9MTq*^zNz2}Uk9*bF@8TMJQjU2_hiY#T_ z%w}xrR;`=GW@Xjk6LzOC{-Q9!B~08VaiC8&y|uI6sDRa*4ahpwCLju@IYC|Y1Zc-q z2gjeVy)CnZ0p0r5GTp1X&_}@d5%~89)olk4tDbn+a#6h)$#nCz6Y0hn2u{iNqEG8H z`YcXtq@yDpsmMp4)93XCeNkW1m-Q8WRb4B3Jcp!S=nvCCy$#F9*vlFK;*(DA8g%Sl zs@%0ZTbD8qINk0+Cr<4IU9%xYiyzer%<1!y`~vX9{=DK%bfnXCqO){{&Y`^G-g+Pn z{^LIV`|#iQe*mNY%3tyU_E6c4k5|)g044#P-j2I>^|pqc1O`m$E7c~Qs+mtTjNp=% zuw`-px!+q0Z7OHp{{Uw#IP)na?|r_&OWtdzeruC%~+`!61Ewm{IF=c{P18q7Y z^L``uOs}Q>7tVb9w`WqJ`R0+jT*SyT=uq-wxPQ1qOPYlY%eY8hB~asMF#0ix<<5v z2;+~c4aQ~@^3H?EY?{}PXcY94<|QIFE_DzZi`yzE`junLdYsVYI-O9LSfF;v33b7U zzJMtv0x!1;jU`LE)?O!epD{M{Zk|826~kMgGo+_9DcY{la-4^{c{kv{ksJxc z1@;EtLFo6h&kl95Ya%;b&9)jpW#$*o-GJqvyzEI@w|^x~+rC{^GFvOR+0Z*#01 zt(LvBep;1+K>(B5_)Bij6s9Zw2gB@3fSd1Q0RZlO+FSq2-VKJnQ-Fm5K!CmZ^A!X~ z97lFZesudRC7U7JDKHgaW~Q9U306s|NTPZx)wMG{Sy1s2?dc&;ExD=akVT#qDM&vq z1lo`=n=ErMV6()}4{5o3x&+L=5sb>yDORIn_a3WcNxU#~xF_(1(bv1xJCS~K;-O5A zXp(e|M?as-$Ep`54naIzejnZe5#4ee)|a}2>9$X>e=0IyXhHgag3zSC4`2IL zhZ(%*BJiyW=CG~sGt2R>u5`a>GM~?-_YC#r-Xs{3_t<$^;cs0M&)hu?kKa`=8FZUU z!Z>*`>}6U>^GJF_i||lh4A%z?g$v0*BN`~n*$wJLQ-&t49|tfk+|hU8JyTTu>yIky9HBHXa~G?GX|W=bf|H zI4BJWlXf0}gaTjYlT$PyAZI>>PZnK+I!%H&iBr0-~j< zx|?8H9!0V@d^u&TAN{Psn;bn`N`oaymkl*7Ab`-ut3{PEF1wc}L44tOKZ+VmdgK6a zr3g?Uc@e^D(GKT3PwVm*#^WZMP=Xej3am`+0JI*Xa0+KojyibZ!Wf*!5L96fR;ZN| z%XH`8L_|JQiRr>f69hrI0|x}A13Qru0?s8{j3TtcjABShGKyzl2mReh4v&(JxIBs~ zS}EpS1Q<7Xq^?`9R^B(Pr(Mfnr>cHmrc`zHjHx+dw}VbVW+WQcqVlGWzN7R~yDE-r z88c%_Q_pEFy)(S@t`0{-RozOfY%s2CV0fp@iW-t?dHA|@Hkj5lsih&Kka_iuWfh{; zRx#F9o$rCQ%}(1LvB5syK#oX@T|2AIL#JY$iuv3UQ@3?bM`Zh; zZ5Z#<@i^|eJ~GYSGLl;5Q^L&k_N;22$yAMG+AbE9Ig;KsFwSw@^doI&&t!H-6@wXv zHBH-bj*j%_@I45suV`C|u+l24t+CcR>us>n zCOhrA`*O_(9g-9Bex7pL8D~K&TaH|L@@;h5S@TMi>Qv^eRHs~U^sa9*SIzx0Ds@^aS8Z~P&+z2=28*P*^T8y<)zbVFPHQofTZF}iU z{$j-umkuGwixmeU9uf*#0!)G8OCX^{l9DuuC6RPwMWQLmdJrQBdW0g#x}E;A-7%-_ zJ7}$SqHMLzQFV0SNZ>`IK#>@Q)Si>1)*q&sYC57o$tb#*1{GUeh~h(r3SB~&5=#mj zE_{TDC6^K@a+IjiqQ{6CD|Q@RmdA}}lKq0Hu^_%S`w}D+%x?p}h~TSlcEQ2In@g+M zpNSGDNlI^qTkflO$74^DB~OtuRq8Zp)1}XlF;nI&rDn~Rz3)Gy%yioI244&ty)vqa zft-wTX3aEsx(e=7qoANDHyEbF{C5cNQysjltguIi z@v#u!H22R4v-?(gFFRm(ngQd(Er#n1!>|s+_;7<^D&XZxSY_ds56>siX4pDtNDJf# zTfB6Bs78Y;4DC-f`{UIYK}=PeJu5$VXtassrorUFST{InQ%FQB}D~bCCJqo;`bL zZpq(J-?N7jvS$yu>wYTmOGLcx^*wvo_uRT6qxtaeJeoRQ%dBeW%jh1*FX6E>dC{>S z4~2<+6%i0m-$qmLS~h(+u8cJu;S;2zJIb4263a}nf1FaT(COVW)&8_b<-%tP5v7qG z6y{Vy+^t6i%P)O|6MH|}uY44+S*Th|tg={}D)d}+T$?XWT)nnfyk~Up`iOWL)%FMRYIZuiujSs^$Lu zL%NKsWWF6w#itH2{{4mhkaDWO4VO+j`7_0S2p29=!1%B8p<`#9V*blKL1R8okFhi6 zlxci=bOijt;N!x3jan{Cx~5Ljhmw3h`=dQS|B?1TFv-n`wwb-WQRiYL|3$(X^NJsO zYjLT(%6xQAL*y=wg_z=HHm`2=>Fn3LviAE4OLF-WWertVXB8zwqZ*)H$I15}_mMV4 zzbaV5ZSWh9T@cR^@%SjWKFmR!3;9TRfvYYrk>x{0Bp3_MDTcA`nyOFuiAF^}q|8jX z=eD76tGIGN+dM~%)K`HG$m&5Rct6K-3lb?Tk2cNtm{p^&?J||h|6u;CI}I1nxM;HN z@Ln)Em17r+jl2C%GcJ5JyUsW0Agi}qBnryxi?y?FUd|2rCx~;2w1t&IcCK$%q5Q2p zC$2GVM~N<{vtR3Z;PM5%!vm{3S*$i4FRWx<)qb{frR&(Ku#Fk7%d3OWWZ1<8uR_zF zb|6gF3In!W(a1h^@qGLVGKzv@^2|ZGIq>s6OOKK}yK-*08L?b(jLgo3pC0ZV%(W)U zcD%l%)12~wHemF&&J{7QSsl|s7oGHw8SQA)X6_wgk?s&q7z$58s%J8y-Gk|Z%-6l| z+3Z^J|keDFbgm3kq_P_92p;A_z~{NtP_htbI(Rv(3~r_to^{G)?tPG(*R6a{<{Dh=n{`P6!tU{Ye)bm0u?m9GXf> z1Qh}E<(cVrIddrP5NiY_LOi`*Utg^!9r`GfK9!B|rO>e_`D1N{b`Vx9gTV{y?Jbu9 z-+M`FY$`=&kIyoFvR>8Nxci)3^{L#4@L=D8E_s%W`mS&X|OdLN|0%>{ZxWi(MyP0$?Wr0( zxWic{(=+=(tw(AprCZsKmv1JXyLPtr{`kCIR$e%-X1P|5$m6c13Fzc|%Ex=ir?|t; zF)E|#Glrro(lSOeniA(?5v{d5pP|*0`(6!DA#luy?P^ybg9DJ3O~cmN-BZVtyB~n8 z(s>+vokg{9?FD5JfmMW&^#nzFNshQy)k5s6qf{@L3s7!ey(P%kD!C7rEHcH1c#Sq* zoD})0IKH-X$3^iC&Jy1mQ_m}^z!N%fdvkKF3o;(!Lw$gZqFMiKjZr{Oi}BPYTk&xKpSc zHN5eg2Kd#K&(=Y@py|Gd-d!8>=l>^D05h#PcCJHim(u>()c=&u6*R}DidQ)Xolpt4 zef&22rV2#|um2q7H(^}7?{jz`BCxNgDcs+!McK(dCbP>TKsMo;LuC*XEF}KgXJ_~7 z>WO=PrzTRaAf|k&8x)+5m~;w(eQOA|XQzbQ#=K~)rKFG*^-uATdbkMn3EvOt%e%uJ zdf7;hPj9&IXq9a8Yf2zD0)8rIg#zJ@czt@8_>yNS#kd)Zo7ImwWZlYn*L{~o3d4Wr z>)X#unC8@HsU>OWw@|P0)p!!Ga%8LaB;y}XQ2CF#WofOJk0w@0-tSj^DY`HyylEX5 zdKoU5{UF$y%dqCz_I#%d1)cn5X};JO$ZU~wjNEfwEn~Zu)kl~-fgwn*XJ*z|tdcTD z_O_^OY+T%s(uX9^iFv*yXFrY7`_9I5-7p%#P*#3T?INml*uF!D_LepL#p;8EB_G{#L!uuI7I>@&E4E(ptbB=`i5&yLa;MM(2_AQJ_=K zDcJh`T{LDK(tLW_=@GR*g|(}l|A)U0D>Zih+Md@~G?%L~t`zH-dRcGFcqD)Rs=xK9 znAb!$ljBx?gZvKa?22T-IT~~EPbie^)Vq$E7Jrk5mN&glYL6E9UA)@XxEvMgUu)@9B3>u~TtrQvmyC;&PcR0b{ki$SE!^Ze z)i7g0`_>b=z3l9<0-Z&DwP3?f3`^S6w#oO}@>>T!LLO42D&>OrA`Z!9U?{ihrp%*``nnF&?TWzE*L3oID zk{-3NVPRJ9S;B4dU{^kjtl#2Gf5&Cag!i5$hT$U6brR zxI+C&Tt6V*OF_?l$X;6YKptHBOVUujOZ?iMjHH`cb4K#THpJdGW>^_LLKw;t<34Lq zDKXzq7#5mEVz-V~X<~$Ts|)EMD1;ozz?RT~^2x39@ zkka9_nK|AS@7Wn`MO0U#P1K)t%gzbbgUd zv31xEUmkMD@1J9SV-w-Md-`aMCJxz(?p=2oGTKb173wSz(!3OCJ$kK@*D~cgrJ$Fs z-j2do$>K2k4@je8cWBoHcRveovz9`y;heuH)nf?dz;{yCX0t1$O(|45K5MfKUcURF5)_w_C02Ew^ra z`zyGe9pfQFR3tMYRsWd)u1w9wUa#F4hEMO@%&TZ9-lKi{zUFMKRh23Ygxf2h`ZOnF z@uNQ4`z}e&wHb?JxSjR_vnO>ExhQ#29`Xc^l1Ew1gDTc6r5@~2?qqXliz?rPa~vShf9i+d7&_+xL)KC?J4|+H+r2l z`C-MZ^seS&xt@c>v93h@c1%bMx~+a})JviC%X)AHlX|DIVD5Fztd9i;Al#4J5B9Rm zj41Hwl`p~}xC4{G08>^9MV({pdDO*u1I=>-{aU`R;YrNhQvt;cv3k-rB7&VWP!5~n zC(6u0s2&{iJ07EQP6Ku6(3yZ3F;~Np_f;KZ#SMs#4SAJyI{0dB|PU%a*Q8!u*w*G$e=<96Dv`uRCP_+uBci~xM$)mfExtko~r3D-$?JZ zAUVWI=2-E(KlBTGn7vOWz$ZQCsLUahWMUPxN5%o{Q;E@}05%;7tEgLgO_hL*U#s#vq?{O0gx2q~@R;=Q$UJpDLe64t>T=jPr_Z+=EdP&`#; zk24muMpahl*$r;KtC&egUM1S0FU@-EGL_b6=nb&lnI~E&S>eQzUMit4&6m{ZQ(7lA zl$399$cC5Vom+-gJW=fKq_f{-b#f~W4@+zrd6*>y-$@OS_h%Y+|04@bJA ztj2N1g3|4QXgg6Pq0?xz8|pYob)eUL*x3~((PfC~3a*87ccHV;lILk4U1-sf)xIm{ zo;n`B9R{P<=XF%b0b~<{x;>#;=UEV2xMs+Q+$8-sxXJrsAw+ANcPu5Cx+<=!p^_aGx}O`Di^s8fG-G1#U;bnDKX3snRrD}Wmmsl{ z^L&nw&vGh@YcPZU@r!XGnwn7wL%s>7|HsIPd@Y#jc6`&+Z&JNn-zckKKD3ZljbK zB;Qj+SwXZN?6I>@s?vs5ue!bzgPCia6u~Yi@dVx0PPk|CS7C5!vh&u?j=Q)N zn2w_zyN08aA53+AP}kQu3!KKwOxhsQBdX09Ahvx%0GQ=u<5Ky%*@L~kz43XU=!&P5f_3YuAGRE5ew0d;L(lTu^u{X#4WfRr2V^r zrC;u!xO7e#$fo+)6!fAIx5|kgxGBzQ>3(>g(+-IsoZX_6Ze-b`xGZEPS;|$1)a4fjFc$ zowZD+)Ln^ONoOM|#vCM)Gc$GH)9Hh0XaCyeBs)-Y-60Dq)TPGlN#W2TJxVK0KIBmL z!>?p_N+< zJ}RwjC?7I!V?2vhAaJFL=dazehe?wxD+~UPE=C7RAU>sr2pMPR?QthDXOY*tjYc(PwJYLas0oy?+5$G;#>V-F*WJ`bi z^0Vo0?Ik}TsmH=pv%hKtx{K;SJ)V)c;=DUV_EW|G-`)AQ9IVrLZ2Ethy>#+d5G{SS z7~g*Ozli4zFrGd>Rv?7*H}O8b4UFU0PX{Fah+O_FJ|A*YAe-^U^xv2M|77RaeIg`X zs;}WEb1Zk8cW`8-$-pG3A1OqTp5x!qoK@UaUMtF5WCc-Peh1|;cRsIj3t725)AxRGd3_ks zHp0J=wZma^7p`#1ds*0hE}?HwXha#+#AH;dB&jBFb+*p69G^~sc-gi`|IZ1#Q?Z_B11 zP9u?It$V&DY2%6Q!$te?bytk;6@$$mT!3B;2n~T&bUwK)t>iQ#cOxcE?ay^R$6ISj zN*~WAR!sJ~yEPZREHuT0QvxH&4Km1&zopID>8_?MUg5{SSS&8=&!5=q{yFu-@?6h4 zWmJmB>&5E8^pb&*%7je3fyAE@JuaWjUTdjo#C@%}FCg@q26oQqP!h=3LYP5%hfj-* zFo>Unvj;2lw!Fxns9Ut^N4CY}=rU=iq399bLk#U$Z%oMCngH^?V4tg9%@h|~!~_-m z(zT$WbVZ(17Z7dYTrOXmWLy^Bk!$ub%*MXDL(zPfeSm_nc1Vm~3Y)K=Ct} zIBPt6hY;IyyXC1?%|SnXYBBEl;xE?y;**malj9%O6>A1#A6zC30@tO*u5?E*JGWS} zT*hI!t05Z1s}GXzNX~BZFO9Wbz+rn^7hAY&L>fzShNjZ9YN8)X3I9jJ#AlMET!~l( z5wD`Ku6I(@OgZYEG{QNbo5|lFNe>O*E(Ru8?EYj1pRu!FhqH}eJ*$W{OuZ(-c5v0t zXlEn1(7f?W!>O+Gj6HFvH{H_9)KT0=E*43@>SdJJ8slvgp)!mr+uV8R6tT4$HOt7BX;x4%FAVlkuMBJ*hw%(5$HFtW&US!*)x_yvCBi)97e~-$F=KOmefD8)BO`<6wjjeH z)g$;Hqr4clZrn|?eOVLFB?8+lGuEtYijA!vpC+ZuGiO*c=at+(iFZPQHTP!gq^vMN zfHfhIYt*b-Uj3)^?oN8;mqDq*Q*^bKy{7YjA~xwW-~8UPnSHOkA6Vwib${(y<$VmI z56rJ{t%}2#jcq}%((o?y&KqNzHo(`Q&vhYykcV9_qcZS?^-Q{1{YtXt9+RFp@1ryE z9`TvA1$#;Q5R^dqST{e$nXJO~cJu8*1+)7Km<&=ZlQqj(C6>YAZ zux^?x{zOq>;P-^nUER@GZ|>!0n;h2h?TE+pANj*Z_!N;A-GOAb749Uf+5~w!jkSrt z2egpWlCFOmb9QYIk$eVbK)0Xb=@rJFgM=MDqR=PWKgYfQI4L{0Cqs~w0C*vNlM~`5 zXdknayCe3$)!yvVe9c1tu_XUj=UIVa{@-SpGsMc^hE8OIski=A@&8)#WJ{0>dA8Qw ze&z2kT#N)=yfU={w3@%#ez0OimbYnG|Bl;yu7k7=gF>|H5$WWMl+|11HBIyuRhM=O zbktl!RZjoMT3i6HyB-w`1XPXBbPw;}m3U?85P#6)&qR!L49NbvUXt2(bC1s_23=1h zm<3z-#D6w-1iZ#De(Mz}%}1hqy&LG{|8p;;o&&&A!QxppNG}BfS%@pi@BPzYMfw9F z+=+)!fq~ot??fo%v;Nr*pj3bq!236^_?-reFXeoR;EC|3z5J;nku_a)A$@KMIGm0h zFFN=M@A9A2n++M!*^b6r(h6VS<8z&akMv%weaA<$UOsK!hLcS*awWw4seay^6QW+a zEq!olSEqxN9bfVVDjmK8ppl^e9y9w%q9^1eT*oBUltk;R($c^V% z-r9SHZETOPUjd)^j8IK1B*dlAt<5Xzc*K9zNJAEHE}){@DP z;!x@&n6KjYasEBu*MIOpJj}nbEqeaYIW}DmN8$o^91Yv>QFA?AF|6tHB!jNySgM!L zw4YupM%lfv8bZlr_$M+Hp~kZ)Ur`_o;=fBaGFn>3x8ou?_3ee?h@0^|ZGEM~ta^Lj z|KUXwH1}uT%aSxg*~;m@#A*i-?DVCx>{7*ZN86f?HMG3wn0Z~jaLVLE9j$!L;NX(b z!d$*=K=V0!&-F5f!$WI+ehY;dMJq!Hp24RR1ZcPuoaAnQ7qUEOvdpa2gd8s662Gmg z;@C!deS)VAo%PVL0D|LkPlE-d*ehpz_Oy&vCS@A1Q8hJo2zo>bKt-Jb^{(G1aXgU3 zl45-t5Jz}WC&Q9rq$ajrKj8Sz!S6Njy?ZWAm*h$G5ih?kLTaGR-%Yl>7VWR4g`k^1 zj^}6)gt`q%b6+WQWU-1M!+RDdxSgP3ryJN<0*auIY(P&{Ri}DNhVp#wYT2Qxk2j>s z@X}qp4R-MIwY;E%q@$QzK)J=Pk={EL>6UY{Cv(MtK8ZQ98t>S0{2`pPTK@_m2au1v zRim&vLEcg??(S6e!VW;VHpNWw-$tK$f#fCU1vuB;q!#7AQRH%6Xx8A3r2}J-_1LV6 zXx|zG?^pjr5>tmTeR;x%WLM`vdRw^G5+!tVB7~(_GIMCBjAKtqTIbvsQt$kjVl}K6F9w4RJZ*T_diyHw#RCHB2c#gcS87NRt z`D)N;qmA*MW78@O9|%66B z;AXDt_}A|T^fIH?Hoj6)`)DQ7MpT>aM$vcEC({MS&d32PK?=~GvL#_f+;G4O$`lz@-M|KYK-Uk3oK zg`A9nQ(>$nX*15ip*QX^XtDP{TU-Ekqnz_^nBo5?i#h}A)_)Ano1LIn$6tMm)p!uKj@kIuo?R|FP_DKbh>aVw+OG=2>=){#i*}_^qk2`TF ztT+!hxWPL1&#tAGz5tMfEC1EN?_lihiFQ@|iN0)1xODg8Gpg4X1~ONhwZN(U_0beB z06*I^FOGcMoX5-G2064fhrziLRd|S1jqmRyg-w6P9F^D|8(iigA)Oy&2bTw(kz8gS zpZBed+yk))kjOZ#s^gY%xze-x5F_J96W3D&;t%FI=8a;^i9d(nsq|`t9T8SaI$)_`|@)l&CYeKiUr% zl-eC`7NgB%*k}^s9_@mu487C}7!|i3`vjX`^|UBC*^p?zX)?5;zFs`<*AcR{nY6HR zF(fMk#tY`K%o>D(C#$Rno-Bn&)Q3i3vDJ3(7Bc#H552QT20mMTiZJ@MjI2j4%JX5} z8ohN($GSNcitbzJ+N5GgWDl+Lg!Y30Q8M(+AU;7aSxUs)*l=Oi2(mTB6Q!wb#hlke z(`9lc?|Kq>3(Q&=M6YBdw;Pe;UDm&{)|wjumf&3Xt@3E;iKKT=$-@9Yh;m&9w$ItC~Y4u;0K5tHiU($KpR@~et(mT_8*WiQY z@E2zzVyPnAnthbGz!}bNMK|2m$^;d{VxMd~94ITwcrnPNeIW>)~?9nyZ8p=$lWlO=HRPUEva0-5EQ&jQWkE)QBK4?s9BP>`xIKCcB z#S`H-W_E9m{}QfR+nqt{&U9!ijd==Z?{Ia4J4Tq{vED@s8LMtdH8PEEO@ebn*Oy*R zwvzP)fb+FUM+0aC`!k7mmv>1mvoeoF;TgTvtg_-x| z+`Ua`Ur!=>LKmghh1O4+ip8u6geZ%bt{3|UdK=+k;dqHf-qG=rC`{E67gjSQs;4jA zXva^uYlgUTY!$WB5cx4F!}d1^QQB%hsGeEnx;|{}4`}t2NbfM?n*K6+HiF{K&V^M$ z%Qy``n4WdM?~IB|%=UHT)7jeh`mf?+cDz9t%tb!ehB~^QLz?%9v@~S_;E0UL?u}RE zsk)Z&&g;t7+2@-tpIhnW*sir8M+l3VTH;qnb7ttKmBAUR*C_Jrcv5jSZIC< z;3T%@wazPXD9z`h#@_3EcCs~VY|t8htsuyP&GfdW$GUsk6~au5R0vCuURY*r8e7oX z;b;_b;`;N@bvt*vuVc~4nl-%`yc>lgOrJ8tGf3@1X_9r`f_{6f4WHO&yxP5}j9dY0 z8J9F6_levMCHTb$4Tz{_oX1;&!Db3A%^IFIhY+YmJS*qo(!zEePe@>_yp6^}Jr^%z z8mx}4^hS@y*p94t^I1>4ktEnzcqEyEK|i`P{pm)c;*m~0}p|5rq0D9tdKo=pl=62`Pjtm&uxH~O)$kkOK z4Zzfz&z=6YVB>Dyp`1-g_Ry^RRG4>YTbTxV!=$xCoUGJ$LJ`F$BoY>+wD~U|pZRmrlb~fALUxnm_9{1e5>8qCWvAaRGCAydz z5^;Csy=6X8$a1taRI4B@P9X{N&~=5QN|N8-3S)p6 zF}Y2|-@$Y_&2Z^8W!9#n`I$vfvEJXf~yKPovJTh7QT~X zJpaq4Pn{(>LZVw%j@!yFhWi#mmi-SyR!>+EDc|C*+BdA)KONHv!agh_e|;t6QGQ%l zWZNZ+bHGbbVehhdiLD*9gEQqbN&^uUL{AAFz zzRbd`v4+0Q(+RUE2Q~Uq+-UV>8v5#PZrXO|u>r=x&Gz@h&1Td)F0E=+=eOcG%ut`^ zaVu)Imer#xYuisf+ip@4)Z9`_ugEc>W*XLt+xAwx(j1g0A`1$2dn%B5PtfKART!Vc=zHd4b{KC`29&W95`nj?t`;}zjyg7Tlhb_ z^Y6^3@OjaMKcoG?SNOIbj>iF4|40b>$Kw22Cel-~GbsSMKHTB-{cSPBWX@~%qXhTu zJoC_`%)2$8l`vv>cy|`(Jy=~whkqp`eTIxif}1V}+oA8_J!_1~pW8XGPBiX{TizDW zYYd?+DT1Vb8MjLD%RjP9zN*H+xhLP-b?y7FQ|!jCEY~G>ZmuzZbs2EkL72u=*_bv& z2ahkIR!1~O;1z1ZRbL`)b%~<|ur7U>pjgq9tV{W=j^mlZjvv*|z&u>4yQg!`gi3Na zPQZi;rlTYiM#(~U4czcNV4<1ePkt{;_UWX1^Qf@xrWD8KNtfrgUSCcPEPxD|_?-78 zwCBQ+!}l9{-ONJ0jiT4@x*M!ro7ddf)DUT!?%N3yKG~y+ubyMBI7hcSCB!b_a&X+z z%HTQv=r7UwY=Owabi;FPAmR6v+B}Ari-m+1ARX=f7ySYcMb*t=O~3dW$*(rh^7hNG zGAc5RaFgg!{a2b_jhBmjiUzc%#&`P|+#X(a9kGw~tWZjjEUa7Lu#*lIpP6=FsBdTL zyVEH-=*rC%K-Ck^Ml70N-^iNG%R1i_Vz<~-om8Q|U0@qOFS_*c!L#61shH4{BKjj= zTeUi?W^e^N$(hUb6FaBlc2dSI6LK+fgcVR}NY+P5PY&l6?bP2P%wtwryx@v5*L-3qZCC6wR? z)*Hv>N+*e}@R&qTuXEQNhDM0b@cnj4$-d5P1IyEeDVxr7<>{4cE%r@o+$?A6I%cN( z(vfmf0t%*Ijh`?oN^Vk(~dF5ys0N7sgq6KLVs>jT?uB4!gw zIGO|NY}bTdaKZ~KYhGP?A)H5#IKyI8#-;02q_?&)Svr-+bs=zcv;Easzc+ZJNw(V~ z$3;`U7hvLfHTH%bj;@09-<-gMJX$bs*QMC%BpwNovXFo$!veCVlaJYhTzr+OrO=D3 z*RJ2FQ-xW!BV{m)-scOxc0|v316~--Rj@B$NlQY%9sVg$ji&d>A}0UzBk5l9m%bfw z_El%&9dquD%Z*Bk#GB`Z>Q4`o2nvCD%86Gc_opGv@ct%eLl?EF^~4*f77p2hdNaLJ z_#v9IExMj}ymM~D)y(IG1%*=yxiaa+sR_zjEE#S==2d@9y9HYN=vpU3x2*6TxQ z>xMJ7^;H4lae(PWWIVXDIha?HS7r{?Wf6*|_H`OBol3G9ZIq~a>8oaFei}Ep1mm_0 zIq2NV0i?W^z_+oi`698^g=yV9Gu-f`rJhv-4(jsb3NQKPsL@!&fpl z{E~+Ykatk)+i$$yY_Qe3`Ht1Nd%jt$uC0bsZ;jf!?H6I}F2qF_+FXs^qmd=M zP_7-aZ3R=D%Bb$0JI4JgUHcKXjuv8cu%w5shXztiz8Y4|Jp?=l;+Mw5zi;ORu$>1I z)Tuz_G3ybqod*G{uQ);bk@c(v{R_f1YYBB5DP)SE;a3Ks^CE9P7Ufmsl%$Sl>jUJM zOF&gr?dZkZhaUuG`~u6$olKZ*;63fQck6~f+=SfnwWKj6I@~mrRolMR%h)HgbWjl4UYsXwq+i<#k(bVB_XuO{RMWezrW%b_Ab- zpRINaOInM>Nw~(?=^N3OY?M`2eCaE2nQK`%3?dE;rq=Z7z(Ch%T8tuCIdTX_qNoHymGO+XZ$?|rI z@lzO|ns-bh+w+=jcWb(Ta2#x+#+8+&7$!`QKn5Q=Uv7J?&;5DelAoHs1wJe`LBz1r z1+w~T)T!>Hl89z!$uzIk0Z?7B#{3rRCj=2laR0qFAh{C2m6pvdelbu)uFl?P+-=x$ z#qePU+QILd$nhc}$OKXnfus}25w*56D+C4jaQNky_0zz~p>k0hPp3ivuO!r#3*y3N zDAFy`wRkg!KKAu>5l}ukn9CB0)yp#BxyqZ}ugo7M*(?Qqbx;(3UGXUe6olrsWRyNd zM|tN}-QG{$hBobzN{XpkXX1pr+j*32RBtA5#R*HWc~{Nlx-3t#aJwlJa;HZYH733M8_qa%f-NnP4WEN`E}uVnvDmHFO7`yY8`) z;_Q~XZvXMP5KIbp{DbKGRX7?I5bvutr_miw31v&U+gII?Luoy+yu<3WnI}@->GWKX zu}4^luCL<5g>o*K0VuTwbtcgIHg}AislbO#=Pb%= zY2^uv7+FI{IJK%I&n<87t1Z#@weyrOz3aJ8#Khz5vZFiHy9#er?xvx3O?cmWsM!7E zZmGOaBV;c8I`nk26r^hgTrZfe$JD$Y&)DuvtI4=<00KJ(iX_Suu2KM3KT6u*tG>3M zDWCh1{Wwv!t=fV+l3SV7W}BY&jrAuMsfW-z{Y=ZD7wjYLSeQ-QPy%&}cG)$G9ymiT zHc9ODjk%`>#@E-b;RP|(bKc9L>C+V4#YIz+=E@l{5t4B+xznl71HCUeemUgZQEA-y zdu0R%JE_2rGaJvPnB&{PY1yriWjR014mAs@Hm|iI-6&C$k@=M4!QI(2z$}L8kgXSL zvxH=&e4LZ9%ATaO<%9vMRTG&}wQOu@)iF&tG;CyZ+i0MA%5I<3n%iEI3%xndjrPD@%9HrYJy7i;JE=(^V;j1>ZrG=LTnnMc?SYMCzO$l` z6fR|d=!b9cO`zci0PDV(uKS(RPI+!|ng;vA;rHGjGVJW#j<}YxN!n(7jCZxeQk{dU zT6bMpC@WzjlP-AXlksP#eFHSy`d<>`shh*r2eKmYOK3CpV<-(mcBm+(7=f1F}K{B6r? z#sX4jfRC(stQ*-=gqsepO`|sDEbQB@Dq~rYY1V#j7F@rERSS`wj{DiX>D)ggL7V4 zZeGFF-;x>e-nJ-!t&E=S zqt7`fP`@jI^nqKo-MG7Vy~tP)s!#!PGiw7XsX*z$bj7m;^oCEIuKJdXx=2H|PNkqF z;i1?@3sdr#N7?sp&DjA9zP`3&Szx!Lz?2&XTX+FgVZ)bG}Ww95J z3Ggtwqz}#=Xwn2s{aFISLBtvv8PR<8yAUo$KFSqE=BL90-Nh5BQjTs~zw(f)_-%cF zpS|{t2r0YS)kj>tj^xA~v1LMdjrjTSdePoVq>3W>)iaq~{qys(Mpn?r{5K`6yH zuUFhQ(?!r(IhoL7(3@4>GIZYixc=jEt_+gjdr)%Y5Gxsl>%p?x+4#8WX5dexj8<5F zoP7{%BJ!f}ZP!|fP-ui^ke(R==ehh(SKUN^9W2M=?OVPwCs_%bQK&(BEeR~^gwSxF zLx=HNNjcL@UqQ4Tpk?bjk@KcIQ2z?Eh1^7!F3Y9rampk42ysHxjKzLjL^O~*T-y%4W4DVe2_3xIi2|Nb!~<+ zS81~n^$DR!TT5Go)elwU38yYtZ=vip`!OM0$XJ0cxfhvOZKIld1Q)xswoPJJA9_jG zsPuto*B5snt>4$=$7K!t`~U}Be|uem=3|k9W*?K`m!-Y@+u<#Pj}z3C_2llOj0H8` zrrQ{!Y@D!83(q7k_gAC}y(!B4%v^N$8n_nH+r$ss9$W{}w;t2f-z-iE9E1U?A*c0Uml+GQsso z;v)}N?4E-uua=m*Si7bHGLUT%3_&hOZ6>5zG*+BhtgdB$H1#x+%^0vww@xwA^o`t43h|5p8Xyy6i^oyEq9MOBrTi!PvE;b@-o+p)Nu<)FrY z?q$>xS!fH&>}zf<9T_R;wS2RNc|rY2(Z5iw1n2BHG*WZAlcWox^0%Gwq*74ju0Bpx zn66OP>LqkpxWTbozG^No(+xzXi!K7EuvqiS5EC(5xGNUOt~vr>?G((L32+3@9e)5~ z^8htY&!3kk6npl$!kIlZGh)EqMXQWBLb{#|b`(U6|ADeCkV2%hq$)7C_4HDkeqDWy zE^{y8C`srR0i|6CBDHo-C*0jWx^^Lyz6Vbs=sP1J_e3I>m2DN^!*d6Cj|u<5!n}AE z9A$p7mxoA2lk%Kn+L7ncfeXKHQ_=~$cmcfSC>9s=?X8R8A{M%*t$)1KOyYUk-sax> zM-M;ZseoOnmP@ni1pGX_|6jN5AqlK&Ps|zr=<&y&;PxwZ{XA{#AbL1; z{lBQ`-|yV}`NhwH0TOYf&9A?9J#qdIyj+k}2l?Z!x*Hdi%hegUz4;d3xyD~Fswvri z=}N5n&SS_v96V8fM*ujBp$CTK`xfKO+agI75-!#7qN0 zkk|jq6L31!0xBF7O}ado9G5TU+v&crYT(ycX!DmD8#tMtPKg*Sk<5mz_5~*T0nID5 z7Qe40WS6!65lWAIL?Vl3IOw-q`0w?>=Wt%$AV26f12KT*AXe#`uyUI5X73ZtiOL zTeOH_4R>R&3D&*+QBMw}*y(dXo!U(H*>Q&hl{(*0@NWV8Z$p!2IzTGCq>T$WB}5#e z-Od(sB$b3jg#q5Do2-n;eB4Q;wmwh`(oL?MlYMe`A&5g%HV7*j)W0$TXvU-I!-Of` z-NN7J4GT{_WtuCoymod>#we0h{9pb0)pD~|jRGa2)hAZJgJo(gM55~|dd1LMtJVxZ zVs`OwLSv-^dj+d=4(0PwOHyyiV(zhZdpVzOU^k7hU2~bg_gNJ-4x)`s9iL{p|2oJ4 z9Scg+cM`;vIm~&P$0{VXTovPD%*n;EXm?>JzMAY))ZnWc;e_12wq3SlGdk+>paG|Y z1i5Q)QPF_UVFSPUU6}C4fTYu@K_2vGk~6Z;Sj+XP~Uu^?tG!Mn#%`mcIM zj8wRxxjCWZK!}P~^D*sK4iGfW$;7ZgbLqo8+#c2}fLjFx?wFy-)N&^t_^B-{b|({x zIcI|^64S+d&;*P&R4+BVdOB|}(k2L7K&E#INeig8oI_<#J1zz~(<5G%v`se8{g~a4 z?fIRM8Asv**I0Ma(h-HYh?#>9QPDX3*14{?F2Nmj*u%;>=^NkbIC_UIjz=2T8ZuC*smqt>k8~qb`4RZHhnST&?9% z*_s+$YfMpWZ}C(83xds~QYE>xbJ``?xovgITiFk@{^S^b+xx27B>4QyUjxvL2k`Dgf+JPX-(LW{ z(*LNZ`2Mx31Hei2Zp}=5zlGj^8#$OL4e3oE>7LES@!#eNIy!gMa>T6k#?Sy{tNJ

H7DOnRyV&8IsV%h zs_g%MK<<)c4p=Xw>wx)5oAe}^x9Yg#?;yqJ9C`T`F04iJ7U7*R2(iQgDMF$1fG=#u z`IeT`%;P>2!*617XK0*q3p7}3aw@d~cdnfTaEoUjP=oBBWse-+r4HE>qsygZD|fj5%xlRSlKO#xK^7SDh|+=}d{0_Uyq zayzIVSJ%?w05=7400))@$LId}A(H?herXO%wl`H&R^Z3|gpZqIntbJ+eSjyHpYR`j zM-cSxG%Hy0`N04E{sui!_xG4(FBq(s^$jtnN{MFn3oo;P9?$+D0e5rjXCNF1gaztU zzRxvR#}@b!10Ydpj`&alWWGj{`C9r5GQfzxaKMspu)q8GDZ8bxSL1LU9>bH{rQixe zH9&-nGA<%EX>_^J%pHJ;V^Gt4AiO-*Aducfw$Dq@7G$3u>g9r9=oUfI=xb$A)vWK* z+<+7GdBdq47wnS5=EuY4xug5QQ+k!)Lb=CHoly70OOcFA|Bu_Ll%iki6Fq z$mY%3$%SAA^`)r-!2T~fXvycXlH>N6J_Y87RfT0673x7_Jw3lll-|cji;6UcO@z{v zT3Omgn)tD6WwC*Mi_*$~x*$u;dSYDFhdGs~trm0#MPRx$TYVEMwjku^X}IYMidWv5 z|1Zwo0xGKZZ5NkTQV@`kP`bNQkpb!Ml92B16ch%LmX4vjJ4Hf}?(Qz>7~;PNU%%h` zo$svwI_J38nmsO^{nY*3aoyK*?=b@)O3tUgW!rMG(cfI)6{s$~));C6GE`am*46?% zBo{ycg^bt86e6kR-P;KuSt%^(@0a{hUVKFrFQINYQwIkcPCcPuP;R@5}X=>$dk~W@l$=a*n&2DTQh&IBlks z_`_lh?bO(9n%8kcOkj<5_qo`6Uq;35gCdTEzC+CVz34tSkj*zr6mPq{qUrT_(=TUD zYBz+89mlD+N1H5nS`Ss58RoNqIq}}wwF(of*T=fpJA?fHO{xZ~$9Mbgp3Y~vL5s~m zl;1vfEinstyDPe<`;HxDg8{!Xa+6;U7VD+35jfY{Vn!jPxY%YukfP3kf>7pH_@JF~ zD}4--ZhZ&Moq93@P|6&@o=rIrZgMVY7CBo;)qcFwasaIxJ-rQ86p=ZXtrrCV@H!;U z)3NTu)Jw8@w><(v0Usp-wH!1;YqHi%jsqw@zXf#h$;_mL4pi&x>c{ zdtYxsl=Mvtd}KXh*Nz*-n4y&W5smXmzG*K@&opRuJ%mYg#QI;GnDLmGSi}`<6pZ=0 zs_cKIzt#W!pIKztyMCKgi`#C-oW{Bb6v{GT7}6BUi(w*vhz_-o7zv7t^I;5upvCcm zq2R6@7l81!L8v#EnCY`+y8L0xBl|p2wa{W#t=wWf@meP$TQz=0-rMYcqQp|NNzM$Y zKvq2C1YN%1un1RN>@M|k&K+qS&piNgL9mKe3UlyUw|Otq#@Hq5*;@|I^A8oKO`Fo zu59tIE^IFlu6i}mGVnnrp)2{1WaX17mg?V4%pcF{g{_5?$_AytJ&9NrIJx03Ux(GsbmR}EAtG;l7|bp#5gJ#t1^uUOcZx|H}oyqkt`= z3OX$U03wFsl^L7@hk(A*0cAeu&S)_CT4Y%*l)I}dM&Go-0yd$A;ve87sYB#o?(oIy zocok3h-C-rh}FdU*y_x6&ff|)TI%E1?=5q$mA7vV#?z!0yK<}dfm&`N2TrQhc%Js` zc8H-eZN)ZKe&&p?qC-Hkf)TYT`2iih_Ut}73EI2yongS?rR!UTD8Uc_iGcxipuvj-Gs zeV_qnokku(wqZ=@@GEF{!~tO7?E!BJf73lf9gr#yc;GQr&W+`f#6B~pt{BI_5jb&P zlMx$*wbExq&tnQg1)S%a*&FJ@pI;IS zs&~L&x!y&CL#zQCe1bSq+)3zql3hpqN>hWVmNZwSz==n{H@jjaP3n*t>1&Ch3WNCB zhN2o28- zu!9iH2iry}8gU**z^c(63#PFp#hIxglaw&r{bbW!zAu?~ljevPaY8So7kh{pE4e0^0x4 zv({gI{nL-)$pl;Z$o&ej)Wb7g*iL~}2CpG|3FEWIG7b>}Tcd)-=wD}w(sdC3_>vW8 z*8_{2l421ez1O;G&%ihj*9R!}_j5q5e!{051xist*=wpY2WQui4ec3fUUq&ARVPePqLEg;kA&nKx zKN>rxnWhl)Kz}lMKPeoRI`VgTwgo0r>Foy}{o9HC{EufkJ#{`aEb-xX-<91nf^FG` zXlwhvfy-6;qvsXsRm<7@sPURO%?}sbuBo)%P^8u;5zya-CvVeO^e=atP{O74n{~TV z-HMAmTj*@zHs(|(d+r5~ljn{)JaH~+7njG`q04ptkx(<9cw{8~_~ITjDn`2>*rpradgs z?^wQ&ct%xK?G3BPuF+(V|Lr*ifpu|7zxt!JLxVJ+KA}8r4NS#7qdmo<$3y9by^-T@ zTuH0^k4tQIi8*~^ezoKI%w)NQ2UnNX<1pF8VMe?=H<*L@v7-L*o3Z)`Jtma1MUlCU z!QF+g!`(VB1p-1Rokphs>yBowTf4n_5VMZvlTwf@4FV~k1R7fNj1MJ?F+xB7jWOw%$W-;vQ~&abL)nz%bQ6Or>DWQgO{yX)HVsS_JsTNjfh zHmDblP=!wxt6m`~)2FcVjQ?lD7d{z$?{GTtvLbWP*V&>j7T{$FIE{15D zV4}jeo*?Vy&>0YPnbTfF4X&^EMVbWAubc|*OyvaM31>THo6AX75;ettnTmo{*ei z9#vbD!-BYf_g!Xt?nkd$;cEnUrpF}oUl z-WU%Ia!+`FhLKS9&W6ASr|nr|J0GTCr-q!E+~jIU%oCgP(c7;=veo*XzLctnkcgsj1D_%U8YPf#-nmrOL+mL zhl=#607Y-%V*#4ptqFR04CZS6TBMhIhjGFTB3H}Jnn;j~UwVlR*m1H(uJPzYUtOlZ zch44M%*HA&?CY#GVj)7Ny)w&~fLDkli)Q#L08x{~vK>g!$8h7yA70<4HOl^%- z_iR#eXx}moe(`b>t3fc2z*5<{*0q1aSkT!hhxVZt|9agjbSmK1h zEKNSaKH1zypOJ{cNXLkJ#ywk!1F1#4_B_5VTyI@sRkGFOYBlQ_A)uJ~38t|&pm+h2 zD{L||+`jOx*tuV=s~dL&hwoz!JI3p-Wkm-EE$X*;WjEEDD_=U#U7(FiSh^l!9WvP7 zulBzo%b}fFgmyrYjJzSV*GgM*dw9u{7Lw83O5(hh4rmOhuQp7bt1%>+Zo<=*+Dry{2~N$)kUu1uM>y+gY)StU;aW zsp9p`{Q=b4DB#?6pUO3?<|=_a7CjSJ5xN>PMj<_r1;ejfsM$eTzRuyE7X5G5jb<+KB(2sm^F zQT~n$v{+{;<;D%j+?p{i5_gs2pUYTic8wNpJY=?QRlW1CMP|~jwTkOcTG%hsF6Sw` zhZ{fc0*WOPGsi#!2eXd_J7OL5fXNu#t&I^0bbNqhD)>$u7v0o0_KrxVnaN^QSS@(; zNAeHV{LOj9iHKF$O3>)}qGhscdx0ufDbIj+l#uLnr{K;x-`1b)+q8@w{=OevaDODJ zm}PxA|KbC}9((}eyVTA6++5d%1ibdP`HW9J8LgUc+1@{LZ1aOd5=VO7nd}Hs0q5qL z^5Sv4{@I7j-94SsTHxW4lk56Me(?0**T8IY?X!m6LXX0RoSp5`7NSrAz1A0-Xad7- z;Kb$kf)vc;Bf_U-PM-It$xPaWljLy^J` z0~`BEPETCpTAv>>x=698QrlK6F&3`&=l5aQDJ`r=xqfapPK}XZcnZxn!;}7UqMWTa zjY1>g3FeOfIfpWvATU+mRghD1Zul$T4aF5dg+h?3x-hEKNF_kgeak?erBY|%ZZvdU zabL<-hm>VB(q14tBxkN_E5-D_n6uuaT;q*zU5%Fx>9uRa2b#fTT0<|=Q298Yz+Jh< z(ONjAy1I-bWQYS*SWsdh$Odv;r?;oT;u^=Z`P!x}t6M2{z0NMRCO`H7gBTqw^~pl# zO(`d@yw%QWQ%%0IdJTyOSgX0iofIz}UL_q3*Ulk*nfZ*=*7(Fk}nNV?}UVK3XwO7%K5oDOlw2x3`` z8AlA#b~g!6cIatCEhlOtrPX+fK3gWrQLBxOJQq+u2;2CDeAPozzkg-+(+t$WnmC>s zRs&Wmx1vHIBq977v9bPa3-gEtLh-C5YGF#Nl5l#TZzYlXOt(ZpUt0P_y^Z?jq%g6p z#g%+b*)l%&$PZ=RgdCb?F$~<9&I$taN~UJjseJ|a$g8Lc6VfCO6GlyQmZ)&2*j7)`Mtek+Zb~wXl6Xoi`-X?_?Q#6O%3(&UtX*#QAdC#v4-#=a`%a6CqQp!E zslV2@ba+6-=5{8y6hbs47#P)h#QT{qMuMj(MQ@yQ8^s4^BgbF%4QK99bZ4pZ5?2g3 zsx;!*3yJepyycr2ofQ|#>Z{Gvdpj>p{HE~N`5vv6n{%I;%2~#=8NLN7@hcJ&F#?71 zoFFE13YONVW@qUw&0U6kU~Xf+V-?-rhDi5V^WI5|bcWfovgwSfUNv`YS-JH>%{4_e zrzubISh3pSSIS&dJqr8k)S1&y_ocRIxnlRFDu=TU)aOB^dbh($<9<0#OjdpqT|pR; z^2IMIbU%CQjTIIdX<|A+j1h z3f5Aj$3Br-SJt0+hgSqE!;w~5q-ns(``Bczg{M z75`sk7y}6u!FNr&SG9U*f96~nd)3F1>ObCk7kYkv4s52QF^-f9&9Oqx63s&%1KJv^ zYpxP={)8!a%L8nKJk;0(Vm!p3`*s;rvVrW=q;MP~P0^V0HLk1p{+%OpJ-COJCnpMv zRjSD}>DhH4e?@z5M~~*v&BRGXa#5M)-j+M99OAj)MtK;zq1{sy2sh&6&sE*JO(SA*1BI<&;BDlN3fcca|C(4&67#`P!_-h;2A&wVxa*(Z_eiEb@S7u0J&xhN?3_B)m))K|Wg8{1rlG=H?3A zbFcPgj^ro8+Exo*WLRx!IhQyBD_(^9C?$6oYxIsu`8O z_Bj1e@R(+eQGaj|N`mVXxpnB?o?upOHe^^i*MIo&Sw`*Z5I3dHFQt9;yJ&9Xh6-V0 zccb!`CyZxbuX8=wW92HWmaQe{b$3V^?an}+DYGablO*nVF-vuL+9azUPsMh1RkE4D zz!$?j8ugnd`st5KdqRq&n}s=val(7~v9ajh3Pks9RIyuNVeZY?t)IQoHVUH;@%WT( zC7H}3_41(Gj{BGOr2b|F8OOQqvCr6!s=xiPx;gh+2Su^(*ufR1^P<*xsCU^_ZIHK} z>qYzUou0ERS<%_aUSPPldYuPP4LGDq1d8G@D<>fYQ^0@te| z?xi^3&_!AA6Dm6F*Cmdm-+tz>wC9bJe%w@qqyHL(%FCxd?$Y@VaeF@b>coT!ShE*TGhd5U|kq`z!J1t4X%%ya}?gE)`4{jWst&jD4QCv4p#- zcT|#J7d$KsUy{cimyLoDdJ+0BYqJgwRMd*jQgYLy4?UQeo(QbHeEA8Vg_fVVS6WpU zvQG64BSHTvJephT8uQIZTFV=&Et8ScVdt>w7xZjtYQwWV0|OFra>6^i^f%7MldW-z z`=p`m!L7{IH-w|7q1X@%U3sR`468asMyJNvp}EXrAci|UO zP1Z4|gr9bL*{eLO!s)A0mA@=q7!|FTIShtWDr)f~s^aa!&&K8-hK>ifHU}M$ z8CA9mPu*yL7uHDnU5WKYVi9j@FxP@iC$%1KT{E*3Y&Qk7&(uo7r-y_2O~i%ltzC(G zwvPe)LzVdP^Jn8t4BiFFz*{}4C6?V){7|#9;N>t?l5xk-L5rH#r~`tVUN<*=QaY~v zc$c%OzKVL8_qQw3I_~{v^bC`F-hAiRyQwXMr8sG>oj$*QB7HmC_L~&&AP5&f-l+*N6jC+V@HmWT2zL0hcdxn2IwngGyG3fP>6Lc3Afc; zUX#dr`E3vO<$i5-%LM`ox*)oepz~oZ-?v+jRNG77)zW z&g2Bn4mE>S`H%1CT&&WJ~_Mu-SdBAc1!AtVx&3kT=>G z5kir4(RSnt6Hv1OF9A6xE zd0NjV<#Z&%N4J?JI7T@nRiq-CvXvyb9)14g&9T8N2e3j&0+)90h@Dw6X`-L22NfySi-eUqEmEfSa>+%u~InXVKuiU3VOX zCaK#jnC6+Q?G+0?ZYoU^NE^0?U{^}o)F?dQ!U-t@Dbvkeu7tL{x%rcg(ArM&6CK!$ z_gJZL@=pLQCWfc>L`C7HJq0K?^P}e&;f!FGH zmiv_jmeLr!sq##@?JKHf1+BNl;FDjxgLgFqM6`*`O1D^W^;c2YKXMW$eSoEhE2gmX zITJGM7%F^wNpq#}dY7V_d5Xd(Tu}0&NBH$@ezHKEa)^oz)|}VRD?Sk>1wf<1jF0MiPc47P^E*xW148mY8h}<|{Gie%>x>HM`#Wn~hs0u5 zDjwkPyZ*+A8$N!oBNTnTWEku}8Xc9aZ%EI1y*rmkMA7&S9rjqnyL=>b(tvT1{vERl zy-IP!l)QkUZ|Go{y8$fEr-TM3RTUy(mS=0}(F8pOB&>Al@xm~$(t}s#{-_H6lmM}C z?5bCqnsuhtnKviQ*?9oc^bQ3|Ly!K@Ys&{}c8E~pUl5JGHj9W<0k!p#Id=meat zh5zsg!$CXNblQ9C4FG)ja}CJvJUluTAfD!(I48*%IN9|b+Jp9s-F`VE{DbVm(A~TZ zwihOXYTNA+5yPUkyKPj16RWp`D@NOIU(5lnXPv2sAIc2YtTFHtZ@plHqxsE z!C#xC<4(+^PmjctMt1(rSxVa2A4yYxkTmXuwym-_U3;bdakpNskcXv%Eg$R}Yy71d zrn!0Xsk(wN4%-YHY>~9oL!t5sGro|Az$k_dltPy9@GO1=$ypm{N>yqC3M@n-{|J;h zcWyb3egeKL*=G4RWrwZT)0*<%o*iSrNj^{})Mklsjt%Z2V&JNd8xar*0QT6BBk=3} zdgs0!M46Dw7;YIyVah6NT!y6%`49LZDSiy>pxTh zvS?lJ&mVw(kaPj~J}IT`#_*6vF4CakaGIsFo6f(>@b5cZpoxGZiohhV$Qz&|UmF17 z&as)VTmv46sOX1)x0xgkbVG#aMX+~Lml5E~{`<#&zuUt>1|sSnmevgSw{d+N0c4oA z%MsA?TjdYCr5e~R7bPM%jkVye`#DQ4F61cH7V@Kq7T+ zkpkxRK;ISpZs?lF>+1#jzeMFvI^aQQPDYWm(&6Vb0m4RYj~oOT0%hWZ>XHP8FkIbj zROk8JD+UVx|M2S$OL=kM3s$d0DAE7JukFW8AydksEDmwl|LE2~hWYO&zld%+AO%do zxLv~bIHdrykqHzg*zpRdd`6I>;4NGsbalyZ%J+ZK^v}nji_1|PT3W_7nl!J_iJF@9 zsDs7}y`7T?;XBGDs6v{6CJV4CG`7u%`vBn}@)rAl|Mci*NI9}d4T^wp+2E$-z-;#m zq$mvVK*KS+m52l4M2UU`iBGK%HHoJo4e#~dvxxMjOn3|oSps3J$6pdpeWiXQoov2j zk{uPMpm?U7n}Q(!Tm>dm&ua9-8%~LCV$SIPH!Yj}GEf=daRWr)s|KoDg$_A^Y!Ux^ z8<_2*Mv8g@KBr^qOe$^mYd#myXde>T>~9x1^!9tM@6nmNK<08IMA~Hg@_cTS{A~J| zN5A7&UrA6d1c7HT_2X~|S%$Fh?fRzO?Vk4UBVS=>ohx9Q2eMB>YiM7FJg7~EO*#<^gE8#Z>Bm^(-#)}o_Z$Fr-uM6 z%3xj-h9!sZ_fpNpzasMA@BG5r>A>cwh6zmZLKO%Qm;i>aRtBeAM-qlRnw#{hG_uKl ziYTN@o-87}1AgRFMFqyjKqdCEnLnNV7RBs6bo3Ht;c0cshbqzn1oC4@xT2%(yT>n z{X>kQ_`_%rk|%dX<#A+6QeZ;^y;zE+xkX5;^;GqH8zX<~(p{@Mo#r9treR|3T}VNM z!iAJzA2t@TRDG~(K}F`65v z8LOms1{}KQY-WSmx;Ot2&o8`2z6XSH$q!H{n4fwnVf#Q2Dat(E@SH%%=9tn-Al=um zJMZ+>{8@y+YE)mTTI?&Ms1luKxhN~KgUWS-rB#usSk|H}oKoXHx*dLHU= zA$B&wjuZ=DqGhR%PdEepb``JZx&XRacRXr4{i2%7f z|4_GC97nMO9Ztk3PK&PlJ|J{htEe-lALAUBuZwi9TRt;1t6F!*_JJ7xTH?IDV$qn) z>H-%3)-BGbE~2P^h|gfRC8<%1`AG6%<^dcZ_wyR(rbUx9k>l)rho2kK@|pGKh{EvJS~rREo~pWj-ExZ9ewpI;`$3ReB?w z@MXL74TmuCwPh=Yx%_JbmgE{EF%w>7;_2zDo}WJ@ymdc{+5A24YkqcX2ic zbeoBl5;K*eHV_>b&)U^{ggt#>ZDx~ykz!ip=;+-OZ9I>d`fMQ>ulSVv1ESzj%|8yB z7b)b3PU5#G)r3P&18S2x|6;`Qf4RE+5pE(NQ!!ihiqhBj3uft9XIqdAnYz_j&tXAVL?;@F|0TtNMBZu|g`1qZ_gvE=(<)2F;EFy_Tt66e*cn8 zZX3(CL!_tr+Ah?f3PtWzgOdK~8=#-u7%;fr@3p@%0)&0n^TwP97Z-miT3%Q+6>`jL zaPNI|wW*((p~&cu7lN31e7V<}1|4AYxf||IbJ7%$%;}FWVe%!kU7L?cbh4h#M=o$8 zm$aqw03%;ifibiIkG5s93OcZ3tTrh^qyTeyiNa_+D9zqQD2hR&cs`($p20ky33bIE z8`bhaT^MBqqD=Vt5}4ni4#xqD`d-m}1siZio>oT11IC5N)*WqdV^CbogR4C+;Jc30 z;5$B=bzLqxEF`!3m{hD>f`OoAnbVLeki7A<=?@z8Pgk$)EQFI^5md7mZ1Sn3n*wKl zW;k{tvth2L9H8~P-u1BlggFO|>j;874fy@$ugH0XfT*e-Tsi99_O9N;F#XIerD@6V zMC}y;#wOJ-0?0!k1U`8|S7K!aKuv+e^Te3#k1kkGcczfFM|tuW6BqVpGwF>W*Y32~ zrM112E48_<-H%jq`}&1B6vl>8!ndn?c6vbg4&(K&w0LJmv?CW4gJztpA+H@9Z1Ds? zF=<++q&*&j$77{sO?O5FalLr%2n|1PaVxs0hC2f|&L7?(0XCBr7|f2Bqa-z}hx)Xs zh7PYXIvEfZ;@xNbSJ1S(U<79CC4i)G&!SyFZNH}WgnuDUt=c=n#pjhMno3)`pH52ct6d7Xd*Hnu`T`f7qs=x{fSSpIshJ=p zSR_;v34|+()Ay{czZu!S;WlQB8Ud~WDddy@4-2KiLaD^V$XuQjxm1NYdsE5dpAW1B zk=_tCt$4!g*Cpd_pKS2s#B@j$|nV&e`ZNbLU#49d2KTKXX|qnnOd3R_o>O{xR2+tO;d$D$XEg|0B>z z`k^yGcKJ))EBuBTkBq!8;s)7j&7{8eqZ2HCIof~tNDjBn74u@j9_HUn$HL|htg|Ck z%+3~5P%STser^H0sVsC7FMh<4PAGl^#ZyC))k5#1^54kTzOaN@I7yPq6%14rB8W9= zII(EklBE*USHhca-3a}Nnki=(AoYeE1 zrC;c{$*g<~`nYM5&O;*v+THyVu~5LF|AlvMGvw-Gi4Y+v-HW;yfWwv)$ROPfp{|^} z`UzXR4AJ|ESc$x%pMq! zy~{YeTv|w;S37L87A3;*v>B2860R$}UQ*GLVi5w#=e44qc&3DhPZuVqp#vN3DJt0P z?%7@GfrH>`L%2ZVpS)cePJV<)()?R!(+ED#E>`&b2tq>f2T#^VtSr(}- z?afMrFwL`7Enn(w+I+5z0hTkXdkQ3;Kj}NP+WD{pTSJugcXtL#twIdI_QN~!8dqy7p9z;QOD8)_YYhvU`9 zw47Wv7RHZ6SPPQaZi;~K*IRdQjQ#NQ{1gn*t|^Xk`G=sI z{wItI&5rBBP_Da*B0CokZI}56p0IfFUOU0oiHm?_oRjdr&z+16PjK^}R+fflqFH-x z1-zo5sQ+rEj9uYf)(y3h9xx=E$qEj+!g|t(&nDt2t`h6)a?Go1un#8}!rYz3>=1x{ zTX4Hxa{309WC(e>S#2lF^DMNL${PhzVQ4)yl?-ZQ&_{tU>ftt?e+t%u%5v7M+7TZ~ z3aua7lwBKu6@xjp=}T`_w53|rPejUII^xCQGrjBDMmk9jLVckM&^!dMF6n`I&kSdR ztWpNBCs=>L7+HK)en7L{sd}<4*v-qcTD)J;hwW@czsFn&<2)FO-?|?$k0H{~?mcOl zW1b6|4#gm0wpU_ajzXS&!-VBp@6oYuBjzaGd?*O%CI`ZO&2>p4LOw+NRgHj>Tzx#- z>jf!n-@+{ReO>y+$1Qygb(01Gz)geTO;r~@j%(^K*Zw+u@}GA6V*RCFt@99`L;-EZ zcipnp9C0?SH6;BLvyE+X&8qhCIs=Fk z*Tqq?Nl(>1pO2Ex%Z*vvrXUmB)(~x*q~~mfBP~Y+*NrI%3({@Z$0zcynEIhZAg@M? zGm95qQ*~wL0{NOh-Z&pUsqEA5W^hMSjMjV2I@38b`r=^^7s0C`)5oxKBLO0RSABOl zRk)s}k$4XrDf-uyHt_hY=LSli%z%eoDXs%2!Wu&y88>m)8TtFQAVKFvCKg@b2uBu-<*L=iU1{{LN#c zKJLs(t1^#$1c_!*^ZdyHOA~sr8E{evzS;aij~QqJzFwcwv@n}y+g8ijvoh_z*KPv$ z*nf5K-@Emm80*fhY!$Lwv8Zvt@Bs=$v!{LAxpt|@`n*c8s}>$aCCcgX4f*6aCN+^l z0<7SYt-fxyteTI|rI5hp3EpvMOSL^$hho|s7m}x0 zJwNr{5R7U&U3f9-p4SX|P88(vJB6!Oa*23{p?%Ohs3c=ttoUWya#m96bJ~#L-tPX* zr3+U-PR!r7&;->*kAK9@cDlB%SaM1+4Aq!6iW9Ge(qOf#?zBE-^j7#j+Rthmo!q){ z-!*jX+>nl^6o_>Itl=ZfUZ^Vr_9AeHS`0bUm*t-B@1Xy4&k$|MXJPf|*NSL=K@b6) zuz|Mc6?LOo9&~Ka-e8lUDv1jh`6(uZ9=xM_zubc@hR~Laxp}(2i_=Tu(bFCmmrVS! z(EUk6mGjm&Md4X~g0YiVi-XN3+`)%S7sucabj^w>2K+q^KgB|dhac%PBo^zO6=E$c zI8N?Q`K&#l5S#!h1@~YL?ov3@ZI;X-CH0yd9FMC}LD}7TY&iwWKV zbo0xsEw5$w=6k0!mh)9hDu3Hkm9^<@+#-o<09QwQh^&APZ|F6A98l54VEQspWb);?(0?M{q1+l>N1DO z$;oZle&fFKxgf_71ftH76QD6nKXEfl1=i!+4q?x4^}nF>zwbgsVD4NVBiVt; zxDaT0z_8tKb|q>cOPNE_OpAq|#JwF7Th&iK2E4s{6tkL6k#=?@Oj++_-*xdLqnHBWUZyJ&7kzM2FHOPQb8P&}#j|8k8uIC$yQRjVLu;&7e(Lwg%#% zH#;u8XgXOyaXZRZ_fopG-%PRV3!hvr^Cis|Zrl#mbUUlgHnRZU$69H6wKCUqckEc_ zbIx>mDU!y|>va%nal}sz&mr#J&a0Sb{7vZig(vHqX+N-^QLiT9F{mUIKN1z%mn4m;&;e}`pf4al zdtb^_L{U zCyjeID8{BAjMjSIyR9AN{{H32VleXK2?3uMuT7o%7ygU6%7M2gs(7THD|8Z0T-1rc z>aG>+DyAs>X6u?2#c&YYoBx9X zJ(pu}$AKEO=D1u-71aM{3AE7|_iAHP=G7vY{JPG4~dbp!PGH@2K? zFS6cequHH-KEa#%V=kX~(u{88d_+zHPFVNBbZ#fb>%!?~_!K%i zDvlmqZn?vIQe-xC&8cLN4;dp99cVq4#)%G)LP-OaR0h|25x^q1WG3~Q)cXhV+3TE5 zZ|!e~4La!45QK-M%LKxril_2OMd&Ik<}7hllmtQ^H<2x5Hctd3NZdr*u&&1Fa+iwo zbB$KYY0_I-Nacka5TEP2a3N!n2I)12mTxUk(W4y;avA(?;n`pS{=`|iG}PQLVNW&L zsOpS5y((9(nG34;RjrY5^6?uj+G9i(M4VEAA0kIG%D2&J1y3TlZ?Sl#q);+59h&Rj zJc2)ym(d!tJfs{-Dru6e&1kK$pkSRZsm_Siy^H@6HDawu*Gm-PK)}T{^Ef+6wK%Ir z>7`?{xDkbfOmC&5gQB`RUe&+(0S{3^OL!{LdlZ2qv<=MWdt$pc)T5QJrsv6F>!z;7i_eDGm7fmj5Yu7`&T?0b4 zRRG!Kv1%-_*TtK%I}SBskNOUvr2SNx$6zH^&7G%75!QM8jI99Fzz)qxaR2*^sHqR0GoTc<`F41fOdY$QC18|92( zzp+1kio;SeWAM@Pc!jz5!}PDJ>jgTyix{QsN+7*Ur$!-yk9Ct3IGyBIP!d*KI2={b znZx4Z(r(%$DjlXK!U_3CL!u=$lFCIq;|_v)wA^qTFH~1@dLC6~xEKDs!N1rE+u5n$ zo&IXVYLP$vNuJNidvCg@w^!_g3wI)sMc`Or>IW-s{#rI8y~Y8Mk5BornuWD>g$kKg ze#bn+c`x>!-V<*TkWq(kDK7qnxLChh6;RG}fA%+bxSuEQrI76)Yy(b}ezV5??2})U zGdJWDeyd?XmXm^8e^@apqP5-lJyxub7z&UOy3VJaZy~L>(@>`J5nvTCxeh|d2D@_s zkbgd?Kxdgt3*YCL1wc7nPdtE!FgUgb06eqjk-qtU6sR)A$zd1?4CVCNyy@&BF<(4m@7nT*9)?JNNInc>^VpTGJX&OFX_G3)9zClp z`M$hbH3b2)&D1*#lxhSWcCueDR`@I_d7w$V0+`)NlqvISOy7P73*LBLQVXTv<%sUb z*18zI-K>?eUn$bt)vQn3X8_=XSd0_s$ONb^MpzZPG^Qhkb(46)lsHPfDrouML4{nw zKa8HV?Y?5MGq@-X2+(-{1ZX*;?EZ@RDRcIE2cTAu{!+Nc5s}+VF~grXu^K14T8vF6 zF1WaBMjc(UJIVI~N1W9R&EU%Dgvgia77VW0SR+qO)dYhED;K|a73ssU5JICdw8sRC z%tVqn-Z%0LCzxL^8zy%<$8!W0;Wz@vX`yN2sQkxJh9dj`ms z>p@Rv;=OSn@Q4)dmQkOkDtn(GJfhhXce02E8&M+>=2Dn*fuXYI;Z2|YSl*t#)c0(vL)z~G~%ud4CSCHI#)r-ISP_im9CeP@R8npY0EC^jn`Ui z>pE3W&1ZqeG!`Za4U2WCd+d)|wtinMIpxlo&zkxA<9pPyf?oa|H{rez*-R3L-7yUC zN~|+*vh4a0V{(t*Ka{$uZdRuiNN?|s z6qdc*e7;G8SoO6672RSQ&UAdBLktPP`IKw$%9a56qpW%exa0xn3q}fiz3gr#Z3*)? z{$ADlS5mC>L*)ldFCaWLMqu`?ykUl^S+6~PN| z?tlJ_@qAfx(i#y$H;bxa2dEDmEg-DjETjQ~TJI!v1DhjUr%%2B!3e_b_PBN}76!Uf zO?%o&tX=MZD)KOT6210bgOpKUqJgZV^PZ83B%mPFIb{SqffmIEx-DZ-@`lNp16{Mb zQI=?%_J6QYW)|UADnv-TkC^eE>AtD>#5>cWg{TEE7oWa>$jkJPF{%a^!D6fh+xl+f z)t?MFO|;?ARea7)sl4B(*86bqwV}Osw5sB-0Km#Cv=FP1&5}?^9&)~HrHIdFs1&|x74#HfI z$tVb9r`6g5fV9)sp$Di^=;tF)Wv9*OlRgo}Mk*Yz#Zl8M_qW(!P-42~d<;eZQbJ$2 z2zY@}O%V49h(Zit-{qjVy(64eE&CSNkn6>mBspyK0L25*oPChBNz1Tq<49l4wb(-L zfc#^#mnL`w+K&9!wYDJ-!M5I-b7gfAKZ0V!Oyy=RgJfna}>`)Rz5H~Iy>9)PC;c`=6Su|g>M z7zhIqk|Ahsm=v@7=qE$VM7>rM8BF2si}tm}!bKjs3vfRMg=6`A?+}g;15}Yy(x=vD z>_aixw~Mxtyb;5h=fYF@&bCE;H}Cw0x!2rv%s>!7_3fV5%risug178H8qs6*P-ezk z8I2+0$=ldzYp=*;%`sN0QLa+qIkU`-9>=@Q)9Qsu(8}<1I`bA?AvUF*F#7age=*=Z z9!oFAB^Ug&XCUGSG8ZW`1w8M6pZO1=?OKZ$6>j-vK;V0 zSbcb$jb>NA=R|%hvMm{N_CW6<$AcxL1 zkN@QY0Q)|aD)IwXr(NHfb2{ZqamL2_kQ#sz_`pturKX&H#^lgc$hm;$%Z7V=paYa@ zSsnn^if0(|G7+|I9VXrdygTDKl4&pgtK(sJHn@d6*GTR?kS$jUV@JZ<0AsagzFXKX zQ@P;%f;;nlpi9#K?7tX=_8|nW)8(%th6#dqn_^J2VgNNtr#jEb2v`(Yq98m=VQ&$T ztoeLh;OD3tf6r6@0elKl+6CT94;el|nPn4JGD9dNZVRf6Oi77IPWBp`eAwHO z25yFd!&4GtGB9$Y8~xHx2Y)uuYCi2~CXf>~f1uy(05f(l;r0~MTo9Y35&u76(w}c{ z+z%~mvS##;gy%39GvHW^z*2dI@ABa;R8D}2s**(mw!)MmkO}%?(G(0cLJGVqH19+; z5#8W)5F_M$Yt9q54rj9e0ruoQ{~#5yELvu6njirDe+nCbgr-8S1*{@O6}$;3xgm;& z-f02b{Xo~3@@~%IaooDde<0$&P%)5acKZ6OKJdg51$cyRHjqzNr;`-`dIcD!7jwM& zFg1Ars8NC1gTVExi2pu^e@DwNA`2sv6$47frSOImrqMGWdXSJ^HPb<5D}WFNJ=@DSc@+uZ2JnlGB(o(GV2Or^fZr^t=u3iIJm?zl{F;g)UDwx#qR1yBm9jUrLk9LZ{ zYQRaEPX|cwC)jn5J>JXcR8Y$ zy^(%iDloP=V;RBy{`{_$jfKh^IkUpBxq<#Sk*^jBy>5T77t^Se@_EtpQw}aX_?O8T z32}l9cihILCRZFojit1fS2I9dNfoud18|uPSwd8_l%<_`}f8yBms z3p)V-V}RsXaLlE0FW#Chf-a%MK76P6Pp?w3Od(l=Pp$B7m43V6kr8_|qE0@9nUS|$_w5iS~z2>l^A&Lm2 zsNXoT-6?4J%S(zVhW{M9Je#gJP5E3rKJKqE(xHizqr<@v_9cOQ8I7 z>n~B~bNnLuYb~mjji0!rMhAYAsMPN4KjMj|R7%Gwxpcj#?@$jDSM;*;@~2k>^(nIHfiUN|-CEeXQ0s%_V^PKbhK7YLO zhs0;@z3&}s?RBkdUE9p+JI8QsPfVU`OzpU}lZ9GY$lLxI{)yi_n_0D;;yOA{Ca0#& zocT^CYgCH9PkzZ3nK#eO%VU3NQP`G=OAwrh9Fo+;W)5h025|Vw2qr!lUm2`AT8%$v z+76hsz&OI3RMA6_782;Dk>_{^w|%w>00>RqapUNE6E(yL)x`(eqb4oKs&7o*n7p>? zBrfsh=o-?*9|^N@fcb0%q6jmYyLRk7B zhM4eroxbkEf#u#*{@Dol@}tUy7+@F=USLOBe=F0wd|y#jslQY(67Mz~K`vzDJNd=D zFNAOQ=)_gOB}cYVlaoCzu7242YzAd!W6_@KJt6jDuoH-X3rAbmgMKhN@-T67_pAC2 z{Q6Vnn$Jv zII)weD0@t_Cs@ral3eB>dM~&upv~p9RIiM1Kb^(#rt{v8|5AQ$PmO)6N3bgq5ky!TgPYDV!Ye&CkTaATqRT|AOut$?K}T zvIyXyvA$RKu)@Yfx9ObFHJ)k(QW)^yDE)Ju+Va1DpEonv@U^ z^wNIf%1&*r)=bv&2@qlBX|~IP9tyx8Gc4_Kl2)DNPIu6jh`>j$T%XBn#kl=8PZ z>Rc}(_$$`1KExbSSGgiXV-j@d{B>OUMHRmJf5Ri+prf2vPv))2VC@b0fKfs@v_AZ- zj!iz@ZRVqld@Mh+dq3qm9CypkP+<+*e&W&icf>WLYzYc*wQrE#2F`YQ`_^;=O+axJ zW>EEqkSV;}PZOK|-Tc5-N6&e7huKqd^a2WAx3~B7hW-RHkrA$re=#_?fJ12Be#^ex z1HybT@jW@uc$Bb<&4ilU?Owt#=WmM3k9&le^;Z^vNrLxAfzaY3-s@{}*t5u0Afg>julaGRBdl&m z%CM9i?TD^^tNv5{M*1mtOaywgR*7KMIm@RubkbZBK94=2Q#JJtQ7ldGe@P1x!yjY=&B(f{h;d;fLq;%H;t>UXLdhM{NHO@K5P zo>widv%2b;A4#Y1Rp~vF@eeYvR$sEuznC0o6(0thK{(74~ zo%(aqSAknF-AklK{5}|?p=9NM&1{1fV}#+`G@ok^&_T89BdzAo_0~CTz_PmG3*SD?Yn65rqc2o_*(kVq zGbBs`bv=m~nM&)n&6V^~KX@D+dopxkOU4Zmu-E^))AhX6AH^u;n+i`*|BQjeaqkO3 z#_k25qQP5Dly6o?o^z3JHS-yK`(9&?AbE<~(GzOMng_CL&UjDTh9LbX6XN~ldc{O4 z&5x5FXv|DMr|1)EoWq;ecET84Ilu4d57#*&re=#@vg`*C29vi5Xn+-r=CrI>@(nbt zrXG5Cz*(7(>o3XQjf;gjkXfA=LCJ+A?74QafmZ;{aYPbm0jemCTsD6-T$ScT}V6~HIgw0GXI zqjD+4!GoEP*jl2QCmczw1aSb?;;o_%n%X80T*xwf@=(qRhbvn|YtHrFDzhg&(O(C5wW>>d!Xqxgo!S3|H z3S_+Yi!sTodIwnr8}E{Id}zu=>HbHoF3Wh$XbZmA9k1)iy5}F3iR8$Fc@_m$`fKpn8xG1&FUQinHZM{!x zqB1!a#)r@hV{=b(I)PSS0|B`Ri^zv^u>VNSaAoHQ9=VY~IPCiQ=3P91opdzX- zN!zGAGxp%+H^s?V>O_CGaFf4|`9oB5{_z);?+eL;@{YVzvIT##o(BAWSe|=Hm*Fz@ zivA>p(g$RSdxV{1>(1P|&>DuIirdG}f;~UgJO)C^MS3E~@&<;K$AFu;r#uf!FZ$>} zS0UXuW%|L$Ck=<^I9+syiI9F0Z*a{KaC_@$L{6X3$^2LH3QzC%u9GSAsPC8z{ld38 zk{$EdL)HTN+xrp45mS|g+>6Cq07q3&d-`mzlJM8a8*L{Y*irhpbSnk46lqVqAvBHK zG+Dl&r<^ZXxVqdiVn&?SEFN}Bu~5Q!=~$c zm`b+!pX1ksUc_AYI!HqEQ+)vc+}IUE$(o&i=43Y2M?ME9aE(nho`@s`F_BOn)u*T+ z%7CJmn;!|=%rHa_jaQZdN}UchK&d01%L6zw`q_Um>LS^Dui13pmfm=a$~24-6-uvd zc?2hdrJW@O%MoIYr*4Kb7x9p7F}JgmFl8FZ5_H9&q~-EUshFHtK!=}LJ2LFfHb1dp zHOWV{4b9TknT?$TZRy=U$E)@xlA|X7>a_PDd@B~hPyo_UWp{E=E+=51X5T{>iH(#F!3v$oWrpE}Mr&4>} zRl3&MFetN?8p8i!P?~P6;U_)!IKh+B3mId_3rK*78@Fld>d=}SlO4Tbk`VrA@bs@Z zS7p@wLl-f)qC#=SqrU16E3UYh*y1}>gO}(ecEjZ1+*yn|z{~kd<74{CS@Ej%YlP@S z>nu)kaQ3=~Rd4w2k!S>N!1ZJ>uifDNCF}Mzy1tT&oc-nSuS^>X|kUJlD#qRUT^^(sAWlAN<5O9gCNT?!NK; z*0kqwtRH|?<3qW%!3Qs^jw@s!+4~I}+c#mUpMVTMY8~G^qEeEcL)*jS`;y|I$=r(j z{@B>+`%|`0EFAze7SL4Lb_zXzPff{dyw^71US-gb+vF#p zV6yWlCNqS*K>&U7D8d9T%c%D|b7UsdGaikjgSfHbEEh$OgW+vpYCkZpM4E!KoC=6= zMMIW;gT?8|p?f;SQA*JYY$>8AkzdJ$%S26N6OjAAbt}$q;S)=5EZI-F6EVpvIy(*A za|b49d8K*s3}l?7{b}E_LQCyL%lmpU$K*J>BJ>DGHYvT%~8jALdWa!Evfo3 z!13M(KlwcboXggEG-dFi@7vGUb~&BowX_4?)xGhpb`g4|BY~}`@xP&JEafz2Q5vEd znB;|Bj%ilr%uJ}EJU@1kwRO#Mp!9Av?D9>@6+j1RRT+Cv(;^>ws2T-K%XZlna2~<0 zNcaDTsRMK*dgJKW9dkSKM#68rm$D^Hdl9Cvv9Maqzu(XW*>OICJnz15&j6(cXwKrI zC>OWFRsC*_FF532r=FJ>(i=q&iK?P?bPBni04{?=JF_}Bq88W)oHOP9!mN7vu)e_1 zc#y#AGvz@Sevn|v0iCYruk3?8x8-7Ex7p=f;vPe%MK&?}j*Yklq(SZZJgT^3$hGl_ zLAcj2qswXxDup$64p}fLB;QJLVcfR}y1kcRO>Nt5(s`w-s#5{!l-Ka?>1Q z&^qXy?fW{{ob3xUtRz7q-kTi}bP~_WndTP05Vv6dG^>fvOy9f(!PC2y+0KC1zVElB zGU_YPUQqg-)1qNJ%$7Z)dg(V5 z2)4UyzeJvs#@QD%s#JND^QrI5g$FA5Vd(DzImc9gmn2;rH&CCa)wqAZ;O=)~# zL=_?52P+R_aonG?9%>oQAWzW5F^(5gjWA)#QlTI{E|<(jP15QZl| zQblpK+*&MEKwriCyhp=};)FV`QvXb*1mFPtTa`_!ov$kM`Z1h+lf#^>jF{ zG2VghZ(AwsG3rWwZ1^vMRf`kEdP*lOr9kX#nAjaTOUedCc0|2Tv)28n2|e(}{Ws-Rq(f z1`^~E?r?mmUS{9J1{TN}^b4g4j+T@yT$xFIW>uf=5EOaJw4@e9sp7dQG$&uPLr5&| z6h5y0_7SJoDixe+y`K_->2>N-iA3#1Cq#jElf`z@vJqdX)>jHi$C?a+yR^5FcR3_; z!(@T%{pSNsfGN^sqog_pY#40-pS;!cVqmk@oK5>Vi0R437h<~MwL;Yr1%iQO7jEjz zIc0*_P*RWuTatTiqgUp{E;-N2SPeb`-{-IW;FGmS9s~a-5hglF=I4&4)H=^%G@_Q* zlfC-5cP}paPjx#C8+K@c#7)q)c7|M%;L`m=HE*PmlB5wxb9Or^u%ClOvP#Pnyh}mmkbQtGo8NpHS;5Kjdn^j7AoH zy3fs?&BqoNXD%tpL^ZhkDAomu}@L_!tXl&mE&>V{%4LyoB5@QaG2A=9{%54fI%-zg<4}V z;izCOO=!~T0&qQed->GNT#|5SYj3K+G6s~K(*s;TZ1+m*2)J)hq2%81u=48$kq4A_ zMfV&4k#u*bN%8dOmPP($p9c#pyPj-F$h-$rWO(?pkA)t%tBMnHIy(HGRyWOa%q|`! z9En^Rw~F6Tw3OGjrDN~Up1)UJ!Q&qE0AKD+qv%1^nD!EoTJvwCH@jP!C?xFg`%$CJ zj2dAC$Kg-fDoA5q4bgf*VZ%ivAQ)m&t@Ma)zfYTQYExOcdf|)fobo#W}lrF z|AKw}I*w!8I}_Y>PB31Vvux2Ic{N_dJ$3msr(GY`&BQ#Pp1EWaTXKunI7&vut( z<9j&xi(0p$*An%OLF{slAC%}iiA?$8yTldQVSJ*bw{O{p$a5~9IH262A5>kk`D_V| zr$2QyM2ifvSygEfvS;07EPg>tq}-#zWwfIwd~xh|JmrN`SW=wkOy8)z3r_V|uKlQF zTj%vas`cKPV~*~Z*iqHP8H}^7ptTjbmgBD-1*m@T$@2#+jYLQm@BZBf;lHRer>a6* zDR>-rUpEn;apAl`4rcpY8s!`xAzDWXBcN2elyyNlg(Gf|nW82dzS;(epbem5{3ax6 zuSCe4%sEVZ&HzMN$<#mn(ScZrYf%3>Hzs-VWenvxb!%b1h{)h=6Dh{yw>gODfsZ@_ zh}Q1=L#5wd)STYNxess&1-^LBJ|lj{`n4(V{P2te$#q8xTa-T93vlvN0^4(BiE)Fd zo%u31Gz~*?(MJlTK-QC1=n}76Yr*r3+WBdFXwo-cgG9##f*Q|D?c;sjqo1sNJcHsJBH#k!PC=^8m^io^76hb(~AJY!Shg* z=+BRr7rPzWE`;yqg4i3IrHD7$(fK4pZrh=1xQ7JBNHPCCir~w1d-h;kexiP|p1<)I z743{$K(TR=m^4fkD|4W&0-uyQMsJvgIR>4UL86OBu`|8RrYRR5_BD4G*9-b6P-JpE zKthY-O%J#!=ho>Gz%Mf~GGU8exYg>4wkx-@0py2@$DII;{A9i;^BFMu9{>7QW<6hU zdy{O(oXQyZZ;}F5W@E_DjNRp@{T?=hJeAJiOg>un%GV+R%D($v|XrTYcCO zx+i88QrDFtic;4UNFiWybq*yA`eVgPS*~9G6UZS=;!y2Z18C8XoAYktdcgyd-33M4 z z$*y%?^*w#0Yf|;%n3F*@^t0N;C&Wcu|ytadHwn zBSj6md^yrigAJPXN1kAPQ~iR5XXxGF08!dX1I7K|;=m?I|3osXXPEA~y+aMrbT-Gr zB0NI$*s}__69Z$P52#Y*?enDk0^pzC`}k%wf!9pLznL-DdU2%T!Mfj-sg5bZoII=M zy|=Cd@4Rxu!%i)BiTW=qHMD1$-}Ibh@!^oZUQ`OKxCMO&e!#gInnwJWESMoA(TF`J0PC^3*-yAsi}#J3)GQeCC%|UFDQC!Xky!{ z0a@CLgLl2;`CMCdK9oK7Y1?`OgVOe_zS*g%IA5;){fW`_+KN1OzwkKS90JRNov| zvlvjnc^rc1FR4*;3-bCxkO0HN&ZIQlfd}cbDKTVA9!B8lRnR(Oc9oA#6dYVnXJix^ zTIiJNdOC-I>69-@4Cy+MJ!V|t`hPp%t1v*4<32cIYjFO}SWof>0L6D8R9WAvT(ZD> zA&S8Pd_Z%?!1~eX#q8f_zWZl@d&hlyCkm~3g8p}V{RPQkJQ|2ESB-zq=0E=@5aO>w zi?)XB(>e7v7iqzpqKXB~WD0Td#Jhp_+9=>Wcq()~ux6g8s^7a$I#nw_|7&0$M*t{s zHX&dzbks|+bWLGF1RDRjkK~_tF@O_8b2p`@RotirX9@Ad3k`thGdd;|vq)r}N@9a1 z!*v2G1rQUF;Qzf+n7h*2&uaU>(K@pJACenz<4PAG+91#Sz~YJu8 z0TGS7bbI^Ytw4tbY@YYrKCe$2uN7q_e-)%K$SJNpvd^ zWGxBVqpVHvQ9>h1udYR9C8@G(eC&T2um)JnHJ*Nfi@UgpI5_Mn=&H??I6^O%bX%TL z9q}&hjMc^_n-NbR)6p+Xty!z21)svTYF1j>ZeFvh@k+n?lxla5DTv^g-m?Y0zcR~4 z;#vR2qWD2G-8$KS=3PF46Y#JE>ymeBg8VDTU&#ms&F3z0^L1TnKfbM=hwD{5fl|Yk zzJK8~PPLK1U`DUm;SiVeNE9NE9zPebg2N7bH-WRD;@j(75ZVehup$?T#}3V;N`M6R zy+}JCu~@qao-dEGoBgDL*_vOyi_>IQBZyA2EwwQ2i^(4~or;-Vq?<0{49?vs8BtFJ z%Ep?CDYPIDCx7F)YEteAvvFsQ6sBRs<=*HuCje?ApWK;P=gRHd*q{yuPqxqcG&B49 z4s1<(zfgeC3>z!ENMF`T$8DEU=8N2<0iC8iu5h7RT}%3Y!BCYRK| zUNz^hu`}1^JJ;uX5%X2^N}ixk-TVTKd;z?(il@KR3HTYqkk^j~LTpDj3bfc!Q9vA; z{;UQ82(~u?g6#|JR{-6rtLplxf9uaE17aU@&DKjavwa!nSed-@1cO>%;ZkUKXoA#i zCqL{64&@Qy1dCT@r~mPhePJVjKw%bIR4`w4frTBg>-yK!PM@btWQE0O42w1E40p2J9!df`#u1nmhXB zIz#vH9%-=65HA*)jW+GgK3%zMK>?=8k3k&bo}L(n!5$5zsuz06fMNp?j{*E?$D<4} z1h)1`O47U#S9=~}BbGYz-uW&t3gBdihrmG0=b#57L*XNbc&0+o3R(m=^SbvQB&5NF z<`cw9mMgOZzJF<*;EK!M@J(V*aD9nhbd{KH&hlmpEuZavgxROAaZGAc&H{*G3XS!( z8m7zr*=1=L*f?_zL{@kdeVK45sj>qyvi^?kodIRvKE8 z;D=z57E!zOu|{;pwXk&tP+J|~MbohLB!DdeXIh= zsHRWNbxKgTdSwzSke+UrjoA%GbL|2p+o5W9z%+Re%ZQ~NT^@5IdH(H*iR+#uQZ3N= z^8(y(Hk)VH^;n@qUFK*lo*TgOnRpEB{%2}lIw6W9`WOpEa0F{m&RLV`xxLiku?AZcaaclKm_~W6d zudx*-rB*+vYN^Q{4z3TcU{kf_$(Ja^VMACM9g*I5{YoC$$<@0{zr-@1ci8i&WzZUe z8@o^V{*NQhBVRCQ;isD8bsp*~C5liY4$kqV6X%m%F^k1}UG%Z<20%NH4J88>)^8HP z?SkrLVP5gxs8=-P);2axVqwCg`I;pqA5?C%tJVxWdyy@DSf54=pKKM0CUOFzW2-UjK^9FMQ|lYb=wzH>s1bBtkSm3>3ET; z5$Tf+xnfD=kR+2<2P`=AC8ri?&-)dTsVB&eaVts4x{h-Gh0yGA}4vu7O4do$2MeS>BKX9~HJS-Y}zsWVa51fY{YV&uAal8mc~Y`QI8TAFb2 z7TuvS>AKE3D%?-X1q|}tY`_F5;I$6{9&vR7FRSat5}M|_ZvKZFPI`LWLNpuEk@ge7 z!w)y{OxCWq31GW`=|)!;CEx#XeL+BSS+^1Jr`tf#@jM9|*hzrG*^2^vmr%L$!eJ>opNT~Se02LAI1^tSu+JiV6~*MtZ4UwHEAzyr`K;Jp3|#=u_> zWUv*@zYTgPdGVivtkpc$80%`Sr2D@s#|Hk@lfNFr|LxD5!+D}0D`FRpr z^c(2U4ICyb!aq#`UH|I?>Iy%v$3u0m*%A2N4|D|vc*czs_y|}TgHYMStgTG_-yeG1 zhxbRTzi-0C0r(R+;5>~TuipY|?LMQ_0p5G(6MDDB0S0vO!f;#tb{!x#pVqlhH^H}1 zc;!jLIk2`O15~~m(=M+$t|xP3O3Wp5$xB#UQx!w!OwJn|j1MRrb^^VF!S6SJZnqB_ z+n#*iJXryQoL1lIQUotU4w>4Gxl9eJwOyMFOJHA5T-lX%yZhN;ZqHmU3};seO~C6} zB@LSf!l&a=jUF+$Sj@20AKy`T`oNT!r?!6Cwot$N?M56RS%elrD6ZX8yiZDM(3Ek8 zSrH_tM5z4(VBE?Gp?p6M_ihQsn>(JxJbdpwK`%+7H79OyMo3C;RkmEkw6Wa0-`@mC z*X(q9i?lQdA;q1YWnVnRte$zGrXz?cRz>LxVCxUUgpWR*>Uerh$lz0O^3U#XKUV`K z0YE+J)!8ZK`AYd!L5WzU{6ZzpCXBsL&=3#!w=>^eVzBE;bX;6Hnd>ZZ(u-Pe#a-ZV z9~?j{J|=B|{Y_ILPmHP}i->p;g&j0}6eMASuReWZ>|m|#Yv~#(6pA^l>5Q_QUNrpS zbs^qUcPVZ)UZapgvcA8aCsy7olAT@iYFc-QyF@GyZQ-Y)!w2TXuIM+v538u<&PWKsKqKRN_>7s80z$-Uo-1~I+r~?is^B`)WEpSAz=K+kk6a4g zdjnU$-e}h+ahHoJsF32@oQ#Ps9mp|sr$V-9N;^jpN0y?7l~*GB$1R+0$J%mJmWZ_T z^*avRqIHtS#@WKBY4$nDG$!d-n;BH~o284>b%?EOgr)6yb;IGPkoc!s%|N`MEF{mE zcmnEtD6E@AJ}mC5_+}$2HG=cJxPIx74{;B5VxNhO6p{#a=?j>v+3|H;s=K^cROH%C z<#sPHyZW$l_*U*}*lTS&ZB&QUG?jB!C%VFNGL>%{2rhBgx>~B8kyr^7|}!_64=!9P?!MYU%o&n`fbVIpi>j@^jZZ`T1|C;o^2FN*v5?hVa^6>oAg_+q=B{bu}eL9>Oy! zf*Lm5%W_|vqe^Odr-mfAvK|DsCA%nlx7znF2i7R^^NJJM5e~PLJyMR2S-1X}N^R6* z$AHJ~7WF!7UeGN*?g$b!Z6;$4n3VmJ%U+L*n345SqEm^g=D2QMy3hA6?NkRX`QyrR zWfPSyLQ2W5^;}uF-A&0(8InW>(2z&qKMApoGuB}XhOHyN+X0xuOpqo!_ z_&7cL=_fU!g$&iYqEF(riKHVGRW4qg=qDDJznuEId?g78 z_mX;!^m91;xM6(hi=;|7IFAbJ3Qo}Ntae=CkNR|{Pe|e+@AMN+jKP4*rWWyEQ%Jdz zI(x>x^uxN@>GBYqjrSdxs{RALH(Pny8&M%+8&|X>DO_?Ji|@6edZwPIjpuW#hQ^19 zJbkav3z*rWP=ySivs}sYCyL8lqn)7roMpO@#&vr89jn*s1 zWJQlXfzkkHVU188gO--|g##0=QftWhTe*>8KO^lnLHF4v31Gf+~PiLSdnwz%><%D?I&<7x~((49iD^Lpwstoi|W48l`IX4cN8 zPJcI^_HUd~+LjV!oECVjH0&-9p`bW z=cq#jX}oggv)L#RT==EnEj+k;`e8ObfJ$H49|v|haZvy_*@M<jl!%@g~^yPLYPK5>i{&K&o7tKg!t=Gk=33lh!V7jM} zz&R>FTv&Q!!4=_o6zSOOT?8tC)#{&Hha5J13$c?$z{|SXU{Rvf?yp~yABHx;OI15& z-mVm%K!P0I|U+WY)@pgAh?tQ#Tj{lDfo&AYhWmnT*VZQchuu427s zNV1`AkuP4MH>2mxDveuxf(qdvb? zedEz!`CvKn#!#{DSM=se`EpfeqPU$zl4y%Yf_fLC zw9TWRSHNvEEg8$Av0f2nO$75QYA?6}=wb=y(i|Tm+&sOt)Ob~OD_!!xa4v5Xb6#8! zB`+;h5s{IScJ4G)3*C&8tJ+c}yC^x!b%e`VZJk63zJdI(4)U04EJ!ty7d=a+3$7z_ zy&7ianBKA&%KvqgOx(!6SQ6L}a@4oVO0iVcGA83bAkhyT#7Zm0AKt2LgUQc9fL)QDk9 z93Tu)GsXwM^c?~z98Ho=)%AzLu>otJ)7#`G?&s!$O4F-8%G;>V<|o zKVDY94S=}>KTMM66|SlTJ+#CZnLA$Sxl@yAv^PAKZQIXG2cy|-pDm8lrDxUp?21pw z>3TcTGzszD+~ntoG>yaSimRpG2+y$#1t~tB@T*NbvBVMDiypAo61_t>vAC_RlZ{je z^2Z+SgmnviPj$eplQ%VEoxlQq|6z$jxoylYEe}KTM!rOT>JZZTQE<#r_qwNhEK0r+HIeDqrE=k}8??RyH?sw6PC@63Qc-vYHj!)30rl9K zX0wLV`i(-8jI)l=$ovx68cVIJJ#9~OUgZopp=xFNVp3aT>d|9v%)hw+-YT0TmwIQm z@%{>yFkM|0dxO^BFHJhH6n8y76#NLcY0fJuOam2M>^E}I8BbE$3S0~!-!&~oTm|!J zVNTP@hk3JYcc;!~npilV&J>;@tJC&rb0A?NT3<~{Pk*?6xDy2wZt0AOG;9>tcNr2P z7|2}Ko~3z<(B0&x@>k%2!y&47%Si|8w(I-hd$XP>$s|H=E=VC8ynyR)+dhW)+vW2W zN(E(IUXPCIAGb3{?aqYe9*7?rhfv44)V{uSF~BkRZthg@MbMda2l%unodi*E88>Yv zq?3sQ_Q|@Nq4$VtCYaCm?OXe3ki`(>%;#)LS>0a&#-Wb#^*m^TWDjYqP?R8AGCnET z;*4?}&*8MkgC{yZdHtDahDsQDg6?FIv`$1^V0%|!a++~}AZFIYXFnsOmhA-HUF-KP zLuv=HV!*Yb7$NeK`SiIZt8^zZ*n9SKM!+OSW&?KV#!V3{w|BU3*6Ev(Yz!jlE%wAj zO~fW)z4_vw?ARH+mi$e#8a0+RRds9{L|yFIK6Hc&W#{F+lak)({8ituzV*eQF*FVdO1*Rg{%4y^-ym-$B@)ME#y>Qq(8Rcxte z`ggp_W#DWvY8c`uA>lr^%GH4)OH)Q&E$YPVgQ{W`VsTxsOY@21VV0%c1BCO&sGui8 zZrizY_CDR+0DVR%BI|vBKG~31JLVRUtafTxY6!slS^_<{Y7KhpclyZXS5u#&2iO)0 z7#R>tHVP2@5ZFp%N(S%z&g3{t^H9G;rJpS(QrZN%C3KQqa+F@2jhpY+XMO^#T@8Z|T zt22DBq3ceJ(6a_MUD2hAamkV4c>#e|M!&vXmnORp8p=;$kV#D|Gq^qgp750*3@t7~pT^j?#LM>i`A z&O8grDySh8Va*eWK6~N2hkSfJu%hiaCDUY=g7=n3uXHL_O*?ygqh?%YG(>nX7WzOK z@tgX8Sr)8v=hiuIVIZ38m_-i_rJs=QIZ^FFWKa)Yl(C|fDlIoRjI|`m`h5dNyc51E zhV##mt3ZKUXJ9p(!vz&-2Hzek-^Kjwb)z2RZO!vk;de+)4a-<%WKDYhx&2nBgXMxX zEQ8+gMn~SSH{CX|V!RbG%!yX;!DlKRz|S0KpV=Zy@Zb{UvZTsgJ~yx)-wnD!#ME^5 zS&O`~DUPjXRZ+t>qq?52)0I8DTFntMz4mEq;A)z|G}+N-)8c3fPiu$1Qh-8#7#gjE z`I3cqATl7y3;~~&KKelJ$8N42MJ&FhcuM*#yt$BFgpNcfiKQQUTsG7IdnivoQzGxj zeh51fH>L0x_hp~(iVp^@S5NoPcw6se-(g={z75yE)0pLa=n)+1Jx_cB$HJk6AiN*l zUou|myNucv`QELO#yh3aAgDjD+7!2W@&j9Uu&xG-J;EjZ=93zO%w&Q0q)TsaFR`b& zW1Kt3{v}QlCh6K`1|_eJ9nc;Jt5s861F8VeA`I*V!@cJk^uhAz^{5!?g=&A3QM+C* zq>k9cWx_r89k%XXy_!7N%P)QWMVSls)n_*KUE>3E!K>!2vgJg%+EOKu6`d&o=@IsHx!{OCU@37?dfDvwN`Q zYz3Cx+z>n@R$Vgy;4BA1Co3>pTy0=v2bhD`JWyjIJ{B7OsjQsb5m2w_RQ~c zY>VUJ2H#kUm)0efrT^EeYJ{T4Ok@Z6R(*%&Ou$9Liq5!&6+HIPQCDcx<=G_MOL`56 z6A#;V+m#MdYYah6am|Cxa}{E7@?l!%{`ibr2C*8pkz2gHu}WRV;e|;RM7d2AMk-;t z;@ubpE|cgHnePr}icQWaBR z1P=Tra9h@ls8YjE%$lUSipKY~g1s?B2Kx`fYC)4hC9uZNy z(u_Lsy`R!`nX)D$`MGRP@@|7;<<#S{eWRE|IzEIUXXAt3f?~45Sw*g06^FVz*I+hOt7&ir+;Z z9dV39N(xq17)`tfjA1NMFIyyD3maMQ&>!XqA(P8xl~F^B0W@BbNj8nF^ZE}rKFofW z)E6g^87`6U|00p%A?E@+S6usD9Kv#JlfIuMWD0M{o0Sd&pMNaJ$vyjh;j=FTw=Cw( z$j6mB>N`L!@-AS1XSZ#3Snb9o?LI&?hq6LL9v8sEh7e~jJ|~a`F>ONp*fq{(tf`I= zs>prcBEKpWRrQ5*A2&OFMZZUf9;}pibo^1Qi*s0$P0}<*%fSc1u%_!{{ikf%p{7ue zXH2Ko-8wM?haQ4w^2;g@If`QF{E&Gj@zJx5a$d-w<1oI@%b?tN^<8&PyR$osE9WPS^}lA@l$O3m z`jjz21c2Z?Pw_5#9g_o1rCa`^8Q|N_ySLHjIR*+X$?}93`;`H|1PY6za;0xcd>W8e zBZ%0bOl5&BvtcL^+#@evRnmxtzMy8gi0ffJ=QdV*Sij0eq2S?f1#0G1SX25OtyPVLWQuwg4M#jl{mdja*x&4>vi&mhpGxh%VT2K+^W_Q8{Q zi!VP3DP1BrV!`I02KpEGefbu*JdzgJlu^GON_3B+gITv0HetaXX3k$DX@CiOar35d z-tRZ)7yZvj`WW5DN)W>8j0$GWnvj`2j*0t)N0E=VDom*y2>O{L;!a_MXKBM9IOYcZo12U}NSJ@LCzyuXRH|TI8Q?VBF67_~LE^ zmt^Ywcumtle#bYu3(phjbjeHJY;c^$?UfsuT-NWItdTf>7PD4!LhR9H53N&kGN6?5 zdnTXCTZulWe>U!rmd}T;&rScD5evQ6nxA|Acg>;SMiRs4F|BF1Fe9k4@4o$RnUInB z(W?{QtA#HhkHtw6WBa~W?&d<}NVCWej3Uj>V2$!f8QHQHH5zt_60pkhvKLzj-_|qK zmYuWIw{ZuC=;@&UU+%{Wu1^Qe3})f4Aec|UCS15EEo#@<^ln?v&mA(%=* z%mHDcV%A-T(TOhhg#z*Y_cPJX*!S+=n^@m!dvtvwTdaILWHcMDk2_>Jx!jv5u%?s5 ztx~7sWvon1s;*0ZRbymq{HCuzg-?FciJwt_VjGJ}UgYg(f;yF>Y0E37rNW}tj^gwB z&B{v@Cp*${qGbL#1w2n$ip{#)GxHc1ILzM7zKfo8+}lQ7es}}~|5yPSw})AL{@`p? z4@TIv+hAmAp0rZmoZ>W-npZ=lQ)Bbrgmtq|h>Cw2c(6eflfugzV=rVyI2*MpsS3zI zTYOTACKbEb%l|f!?x|Hfd^@M}y-=*RKAE_@&VY7Ri4}|Eeq%WAl4-YWh`jVCfqbNO zEzSK#Ur^$Gj(b3qbT{vrkIaX6`Oof^iT!IzMgD9AT%mK|G+y5^O}3=JezaF{m~_6r zKbYa}xRU9iQpKYa^R@MLNyq910V2jQcP#AH(a$9kqh3P-W68`rDSHj@VjHb{?jI+8 zFV?>=QI8cnNAu+c=8`;<3w7&P&1S8%Ir?!vO`Yil&x4*4gzxrS9}OSkReKccmK0{y z>RYwFznI<{?2Fh)c3RiiYwJN2Cw+&mu)$t3m34)HPHWFSdvC1GEV6f+ge3LF3T4j9 z{%f%3{qRBv|25cIsV~B7#lnU2tA#7+pV0-clNROW`f3L)L&R~v=-5g#b3VH#0d3Cn zqV`x4<8(jQ3hh`WSSXIB6MFQVh$o(bk5}Za+(g+^Xud{dF>U@~Yem{fpAlFbdjDc? zO#r;alHg`!Va)pIX^#a2P90ZP$Gmj1qWNG&*wuMLDW? zbQ;6(4 zBc$dr0t#m;_3pdki35a+qb#lBQ0R^7xTjnTc71fqo2qx<=Q2~>rW7Z^j;Ccd5 z-Xw}A!yc1;S0jPPc8>@etCp8)qS+# zdc29nx%-lSv!|5kKYk6^JZqAFJi(9h{9-`WDLhI``CtKfOILMR(EI9h4hpr&|F66E zj;Fef|Hm5=N8_xtPn$M^p0+&$jj*LA(F*L=R7*Y#F0H1KeQY9@qMyW2IM^Dx#Bs~Xp+kM|BR0+F3W`LtsMQDSQH!D(ecDiakD|1!P zXHHJsgfNH=|EgiPQ_kd;G@i{bVp<|9ge!Y(dBN9Su(E~%<=oKL-Ff}vhs$whNF}m= z96VS~hRsh)DoE0(P8TF<$=~Qnv>NlKF?Q()6bo4wEUeW`)#%Fm4N~THMP91(3ERba-HDY| z-XJkVx#~$;WQhD)@L&!2cJFmLpfkBEzGHN%CKc%%Hf`f0^h(YFMzxJ{Cv2se>mNGH zWa3X51~BUyeAZ^!&9tqx#$v1Av%F?cIJjhVCx+J{X{Kx4q-zRL^M~l=&!aUzn)+o3 z9+Mm-`OcqqK!p7xgsMwb+K70%2B|VnulSXW zNnl_6Wu7=8BZ@EImc3_rxmG4_!f|TM?D1wfk$dl|Ow5z7F-VP5C-V5><{m6|8(i1f z-@t8}Co-@XsbX<7^Q_l+ZyS@_m17~-I3+Vs-;qD{j3>=%)zY>R7k9qKysT^4tFiku zjojR4*eg-}yIl3rSI32Y#kY?6hA};6N z9gfw*bM<5g8wKVlHcsSE0@$q$QIr{-(m5mE8x^j#4PM@LD3ZNliRJ;@y{1E5(zD4c z_?7lY-`8&=rA*N^YlB4@mW zo~NuLH6ay*U?l0r@3Vg@rt#NiXw)NZ4kMULWBa=(=385^^`uyg(hY9U5c}#g^nJK8 z8H+>RGeSwTR9dH;#zcB+Ywft^8||1?gG`b0_c#T}A@VvMJ6ccgV13Jo#<&yxrFr~I7Uz6KBNn-mMIsvA{Ial1?(AIwgpc!snDy<8at9vj$tHZJ$Q;5amRugKVI zs9vIQ5EsUw%bIQW9AxP)UjZ}$eB|}Q9~&=5f~!Zh+&qu(+5FA?K)}7Jj6)Fqg}dOR zAvs^=z;qh8Jf23#-pXdQ`3AnU-^Vju&81`AlDhx#;ub3t>FnRs=||vb9lq>fa2(p8 zEv&0K&$2}%eRIAydOJnKm|JLlT>zwmtwJ(QcRgrnV5jVkrN>G2Rl2T1&QetB4i1n% zWJC?4w~)m7!(p5==CSj6G@prQu5WEr@KJY_8OGLqB(1r`hL=2M?bzFf*my}dcEw!z zv;*JRMQ-}R0UavOW@vrZ9G>jt_k!uBah0xY=T)@V=R6sRXZlYKdtQJyPtx1M z873NYdyk#Z!u$Xy>kN_1!0dE0xN{BmCa0sneA^skuo4^m_{I<^RU)86yV`>7u|gt+ z`hk7_XcCzI`H(-I$2rv%iNVWAN2|O1XWN;u(lY$flc2sf&l#L_2xBFzY}lW#s?o0={sP<=+2RAG+9Y+IIIqWhI<5sLx#B zEJo^JCI~%!^N+J53(a(JInUv)7aVo;&>$9;@432r$V+$JkRA%#ItnOjHFF!EPJRiiKi?npKXq%qL0z1(W0{Pu@&LfG39#xCj)^4%zoZV+m0qZDy7l zN5rB7b9gYuLUQTv82}M~#{XHIyAa{M7B`5;jg=akL97Mf&4pSR-E6j;SDi0|@P5TF zQi;tPPP;=WPdO?do1*tUu^7RI=ThLYKm)^kAWx58QYZcwaXJCz?0}#6!jDCY88BQo z+xU{O6bR~7uY#Atoe9-CwmdcPSjcb;uTBx&ghxA(M!aN`)}pb(k?lVF_LI&Jfm7nB z^F8q?WCeQl+dB(;Ee!KV4Q1Xzee~q0Sc_Fu!lrX`)PjI0gSlfd&bs>PW%c3npGJ&r z!z6ty4X3Zp@g6mq)^E%m1aHq34fXCD_+_tDE`Y9(I`At;;YwyRp|lGfleKEbO;`H; zPP#M%lD{ZmJ8~1CXPi&zPmRYvR8LcT`=5;hVsg0y)^YugieSZi3#{xb=i~eH6cmgZ zFsL6g1MMjQjKm++?yv2&R{5D7Rb7_4M19@l0#?>-hg*uz&SBW31D9Uio5Bpfn)0{4 zQB(Ykg)tF!Z%8k!JOHlJKo>^{kR5by1F}QOqeYs(p9Oy=3;l`QWQ*KoI_H0#5CnuL zbC1ZtT#nFl@mbWz|L5I*Wy9h-kHPZ3(mYJmqCx9L&iS-^XjL4vz93HNfaKv|!uwq- z1m&OBN>JE)6sAUjdV;$`r{D&7y~YLMNk|;Y%I~6i$dAq8o}av~T*4i5uEolthPfIj zK%wl@;AEx?v;w~bf}TI}?)k-Qu2o+P+@uM_NP0e6LS@ zLd~P>57amXsuu(`k@q|cNEwQp*$+tzdA}KF^&cnd;Vgt#tPf zYWBfMoU9e`+l|F*mVv8tqXgg_Hab?=x|YmV zdMZYH$W(62(z&m;iT#uXo9AnMB5X&-cTcRNnu@g4RG}LUn>2=_)4hKIB)le>)14 z$Ii{3CbnaQ3@Txhnrw~SKz^LR8psxUtXHNSNtnk5~UjZs(pw3aeiGM z#|<&LYSfdLwa*s60yS%q%HS%Kye{23M6V5euN^H~!)u}n^of5cLx12?B5{q$mA)gg z4&+w}2j@UaxHg%J_5j^?q(~m3>1=pQF_F`DShEEr$U`~#K5&*1cuOjgs|o8=Bm=CS zncYB`b&4k0KG^t~Bk%0!sM6%r>=DnTqMBe-iI>7+6gpGv9pE;J{ivV)-2?NeKQT}(_a5V>{0S2 z7qPbY7@DqgUa`0S(tvhLe$Oh=a6nBkyurmjQj$MMZ*m(am9K1CuS)`tNHuw*(X-hQ zZkcx^xZzesndLTPl+30%0X1UzV58#L*pOBjf;32IR+;BSHlZ3&IZbaqv)IYVJI9cW6?{Ts=ym%d_yLBQcY-_91A0^4=mpVW_g8F_;w*fbPL3wFf z{y}fiD@Qz^zDMwoZ~LyzwmPpT7yEd&#_#JG53j!#=leN#JNpj%8_mqRArJo-y;J4^s6x6(W(Oti|0O+7XJ%mxrafl2I`9$C);=%}b z_k7F}*^2an(G$$t9SqNP)eqhu2vl_!+Fj!o6TCITX2aOHm!k1{&_U)4vDg&lJ6~vp zrWT3PAf>A~$sXa<&@+e;%iA`#`Uc%iMtcSFluj=nWLgE2x0jTX(k4(@+aojZlSH68}?8px~b28IW304EUuoH@ZuSv2|$ z+$qhYARZ#CV*Z#=AvY%~+g=ss*x^`?!nkjk+Gn@I5f_3}k|5Ua?pgA@ms44d%x2zdR%&u|==QTXbdKaB1v zM^d?xLK{dLsL_e#gK*(L;?-|2f0BFsd$We6Y@^bI!V_~J#(Wku6;i%0*Q_Tq+KD-9a&*9@>G@KX@9y}`BZe8deI+4|y){-5 zurZLS&FM?TW~Bs8Akgxu?Pl`jcNm}3G`xG6)Y#==){ak5pL2o{dnC_y{uZkTvv-9Iu^FSL{~&yjrkHnfi4TY12k!))Vu2B&gdy- zbyG~8B2PS@!;1alymf`?9L8g`ToRs*z~lXRH|CjPZaRG0?dzWzkV5hO!P%{kFhP(1 z+J*O&5T@`g9kua{D4ucin+4kS$`zIT&6gBh?8YIC2SJxAb~~udhqiO*4;CwaNSHAP5PUnU^pb#;T5eJ8Z90HF1D8F@V$jny3H=1 zz0w4CqzF0x`b>fmb8xY!<{_{395ZZRU+@#l)FzBWJ}(Ho`g)kyo6AIjs$L*fL%W%u z2_};4uOfp?3zRGf*YGlk)&n4qkLPiU^(_(xFU9XY_&{fmb!v$W? z29Gz2#b@bnAJ?&vTLt#<_1kx}dMh;ecB(r$&kf*9b7zIAUICCLJ%C-*2qBDr=v|`B z&-AyORwf*I;XJMjq^!c<8*=Zx7D*2mG{UglCVSV$1s1zh91&s$cRl(T&YTvXaHSoP z?A_a?Mx0kj1Rk}jO52HyVt9M?nt8ZKRbZ6V@nO|Fw z^Ljsn87dqqw<%p>?)oXTq(6eIZ@qrg;~vOqT{vxkqZ!2TSM+(P!vVEW`jV;mOTK7P zo3Z%k0+PI?e_6=YH@@MJ#W+a8srWWz<-(okVzO9P8CmI0i=C6lk)}9VOC`02(nFiK zMQ?ORSnu67x1SHt;O|WE+(e90cy*Lat%otlJ~1!A*XxaL^SqMPZ*x75lm3PJQflU= zZ2)`F?_`&*He}U5hxE0Ej z$F)aM4*0-ae60Np&=j&hd3yM_R->aD{!c|C7<-Spjz#Ogs+f_*kCPsoQ#%8I02P*1 z8bYPP!``sGw&DQHCxUhc(9SsT1NXTBlUxL!7Af57c{d`Bac&hirYv+iQocw$1(U@O za>#RVrNxRw=qewGtY4`?HFR(MJo9h*O?}<%FZY{zabNshd;4j_i?UJvdwCfO!4)B&qQ(H^Y|! zy}h&u`8qiEtV=ucJ}@R6Ed#{bKV$OGZTIK+%bj#zMdfqXtCr>0tK*%8#S7cV`|fQ#m57Sl+s!FsPEH3z z{pKAP&0}aw9ema*92{4goLKd{>TVo8~_I=w){I-j+uAn&aMkvuM(U=OR zc}JrYXr2in!7i^%@9M2aOhK}@E}WsZiFBEw=uCad7_xiNrEU1DsJB$NuoevUvv6s%+r*cv|eK7)ztBGIu%4!X2(Ko#fFpK zGiNjF>BuH)JSJP#j<^$v#d%-)JtlZeFxfFT)6^6C7Xy^!`!P?1b|pw~Co%#=fC+nG znYBC%rBWi2zC5y7w@}W;w|Sqr1EmCGO@-l-yA+uk{w&Ip8w2kJ5Pt65 zNrSfe3Xnz$tmCKD^XCzfRlvxId*|%C^YNYZ>rLmTFOKIbDJ2))Yf%-sFo8UMlW8^g z95-jk_vm9Vl^+c_4nZ4-jjm4eymr;ng-DGdZDR1?g7k#E30tR)2G9PQRypj=n`IsO z)olg}n~ke`ZmtuvHD5vHPHSQ=Y@=(qW1*DF`OYAo>L!JHospYdwnNfl&{iZuE-#H} z%d6UY{M8|YVAbjV8`#twj8#K=_cyc#Pc90RtZg1b^%O}4<3S-ASJRQcM!n;!T!UI|9sJmblGgsvmFM_; zy*ipT*#&LuE%NV_6^HJpe&L-udio|QiP)_G{!-aw4m)e>m91~8*#PB`qr*Zm3;3LG zs(FR4{VWmZE`O6{`gv6aXo-hEhwcfV+}=rFH%zNj7+NRQ_w1S--KOH1Sl38tc;Ukz zt?r?`SK|cH_|ki!`=@<3v00Ng86Cd%)_WVYy`3AcR=ykI6{K3`Ug%?OTxM@{%Tu&| zv!{?H2fjnvxU`4rWrZDLr?_pH9T^n!l(&<+BRto4$t`z%SA6!Wqi)7C1-essPq%o4tdQ$*JfBQsBz+!5}$vKPL#I3*nrjJ>`y}kJ6 zI0H77xU2Dwq4&QjO*kwZ^t-g42W-_PCs`@-%7o=0)fJu>1A>(wP7BsAA5C|l5w5uI z(U;@(A^m926bKWe7ta5FTd5itVJ7q-SQ*RZK|;5lvTeHFohf2bv1&#bCXs=J8}!jN zv?~jKO3}RjYLfxSpULxr;O(KC&v)iLVC|+GC*iL}qAfR-R($ySY5;_gRI<-Cc(cVs zxOB}oaJqNj{4QnI`-zst;*g^(tr^>eu*5BRVnwD^)^nkc?=Nq#Z#JR)W8=!=FegS5 z7MOh}W;lLOmXI-u_Sm35>cHM+*2dT9E=V(PI|hf3)Bn)>*@9irpy={q!0H!E*DZE(9Iwp40~d zX$3%=k1!X>_KVqXO6aFnHU)Zn8@L9e5pejUE%GBno4WTvTE#3*fzjB*#RZ?+>s`HZ zO~{n1M(f8@4Z2Ynkbn~+7V!9?L&#Y zU3Xkco=q`-99Bv=UjDjIvR4E*$jn+}S8L5`A3_ndcd>I@=q zU3hZ9wZS?p#yl!GIXi_y*+&sF-`zgVhEH@pBK)wzM);v19A8(I`4yAn2>E96e#*i~ z=ksD$t`V#(%aU5%L!PmQsSpt_)Xl*Zr;--R6Do=G226H-EslQMGy z`v6ZjmY6k(T(zpUaQHCp3W|%}oQ|Y$mXb<5$^G-phK+Nq6Op`IT`wm>ZP4RMpSxXZ zK~}{Vl%7-|ewdI{%u&eey2)9{j=A_Lxmn}OjljOay^!%b(c-(~Z^SPO?7qBsOBI5; zp`q$h7T;r5chKN)awyyOlP*WmIT#y@1CEWj=Z9(lRxNKc5#&Vpj{Sj~POa}SD|hkI zV?a?s3Cu)_E3xIMXp&UxseG9Gx=#?kl(R~?bo^o2V}00bXsqAmc5i^{{aP(c-?)aV*eeeb#iWtCQHMxJYj7GJ*?5 z*zRpc%8yK7Wl`N|U~-JRPXvTq#pF(H4Jr&6!%J*DCXmb%w&b%p_ep?mp{(oX!_5kO z_|5#&SIDnZ;PU}Xq=L)DGbj9wF^=%3R^Tpb+d%nhaegr>PZWtjQ|qERiJPZhv2rqC zW)pL-@7a0Qc$ei{Q}Ngd>N&dWY`nY1XOIb>BlX)+6$dGmJ=UApCW|Ddv~R6yhe^g8 zth{46yVKs~4Y~Nz>LU&X4WcHjIq=NoYZH#_!4zH@_)?-=nO2F%4tewyo72!va9D=}CtQPD~TIE4~N);@YQ7m0XUnX|z z%ODm= z8*ia?xzC^j1yYeznjd1u)dXV3BmmbPtxj9TgpcI9C%!$2a=jcR8^>Y8z+R@5M9&m~ zG#1f1*}u4xeEeZ&b{8iPILztGc;w&`UoEmx9p+j0JTq`MSnh-ea=6!%x1r*Owb#j%pfXWo6YCi-?<#4CNS`bc z_#Oq=G@_{>V*v_Br6cDbH1bSsk-2>0@LD^;rVu*r(yU(t-)0w)S^u7`_smn|{<<5c z8-iP}SzECP$?3JRO|F!Y#miOsg*9*4qb1+V^Hlp=iQ|&XaMWelHjw#=7M5$FpK$}|l*Erz&q#eRo1<`K zpz&=3KzBJtsg`4u_fRB5!M9OrUMTVb4~3N}Jct{%56Zy+9_m3_W~=+PU#G=!|EgM< zdVO<5W6gb@6%;VmYCF{8f&-qGV`C#t@eG&G{u1J)f1r(6#br3D(>ExD7W)TM$H3Xe5VEVj!xRkBpae@EBP-ACeb=?i@HU3 z5K51joiWYa^j_Cndu==3RlcxvPdo(zz9{p(wz!9FM+w?78?vpxWl%w5S+1kj-14Gi zMzVj5T3KS%J)S)*Pi6s}_sEr!1HFYoQqW2!N~L53A)1V&v#DJ3TqlN6ze`dtp!b(eGkFwZ z2|1p62e1z%_63IiY7xFLD8|m!p-z&`?n&l5*$ETsCCYBa3pW zT*?>u>0ob0j3(X(2s4scL*2S@V@aSD03om7I^SRnu+p9%UHwDD)8(Pm`7f>|N<4?) zIIoNNdlp87&PuWy;Abo}^%t3!Y(WfS8v9?A7)kZVy`omWn4lc5nxjPn%dL3Lcm+g% z;R}g}8JUz>os=PgeP#$bl*@F^?usGR+HZZl(WIxCx`NB^G`CNK)9*n;`K%`&?oU`! zRi;e8$RJu>aMz0;Xf~Bp+b7AnY>smt{!Bq>aOFpF)56egm_EaBLz=m}|2rTE940-P z?7Cu(!aeGmkm|kHvfOf9X0EZZUD9tszT&#p%WbB8!dB6_CSJ!^KM5u++0U!nT(oO+ z`exF|5#YBH;4jyu_>dkQyUJ3 z>nplELgV9OKT<{9>&C9Ca+?w?Fw#|t_^>9`N^5qp_C(vP2AOey$>s0^ENpY|umw{RwaKnu{(x$jC(l zOq}$eRi%a(PsHX}b4E6sSiE{iVs{j;=WQ1caTR^Bmmx8TJxe_{q4@-jq!`|$8DaHP z+$eFcriFR64f}LOzEm!Pc2?54)4+xyS?X-SjgkVyqZ8(qP5ifHKwX#*y2a=t$Ac~+ zcd0HE+<9q`NIOUD!zKY=wZrIA3JFrB^#B)uN>^e`L#?joQ8_oq)gGjS?TT)o>ONzi zWSS~n-H&%*4(_6*;|FKq<;#u8%d4Ffg7xnfx_QZ$%xcQxEo)3=*nJl3m&aW5h(qwrp`J+IgKxETlkgnCeZDx7Y;L8 z{$v-4QIlSX^Q7y%6P7JbQbNE+karuvnl9nkE-pqZywW67Yn7z#jE(rhOGLg77wGK` z-8Sz}qP@z=(3;Mn>3g_dj?mjRZEHQZ(gqXZ2PGVWd0*54Wos#W{ZYWZ^@`UyitOI_ z#yq%3H|YOlSO1Xz%k$_qd^eGUWO-TWK%-lh0|Io^;wznsoOoXh#I#8O z?2;W2k&!7z3r7L$aCvud*xTt_9bY@`E})qSHa~hEYw76bjeMIKd_yb#W8NioeCd_u z-}m@ePvnu_bup4D;=x)Adjf!M<&|u(&aEbzugl?NUD;`l*QiCnxtyy2PNib)2yns@ zT3Gy2Z0B)6FI;}aci~dS#PbuF%(64!T!^10;Fs?;EbzZH4Pit2tA3fxJshP7>{*^+j3;CbQ*?{oIkae&60`Fa z(J7p-jG!X{D)DfcF;IbBQ`)wpiu5iy?tg{R!iNBm}fD zV9zTJ-Y~gh@Ld+P0dy@YIo+QY6Mdu}i_iCB;Nzi|WMH2Xz0=7EeLy4Xp8J7o1z(YV zQ@0;KAj8G-&%7uJOUZ7GpSBIS*LYiW;S=c07^tfg{BE|tFf!RR;E}eAWfRjdBJ@0? z)|!kRJ@b~wvV;2QJg=C`P2;H&4O1(hz%iawP-eB;Lz}nAu^bv#$dB`eP+;$o?%@e-{SOmfB!_aT0=+QkR*B?E+y+ zzoD!MRvCX(d7L6DT4+W7VFjP?10xMAskw=hGK)NXDgS7>)}^?++fUE8`-G1M#@2b# z_oC!Vs@X+QKIX||B9e-Y08yBidgeb=7Hz9fIdnm5fLjsclb&x@tYt|&`;}=R*%MyN zf@AG(_7L8E#6%fY(w|1ebZppwh zhE=l?=M^{G-nfFGGoo-Dqgr$R&n%r>;}-F>x}m2fXY~s^4y&lB!(=i!o&B=hK&MX5 zGo}hAv$IgqM93J|5C+HsLB~ex^vym-rM_?J)^YLUuDdTER0{i6rx*+yZLqBye=2h> zEk8QcR5P*DOK$9{-N3dLLfj?%fNfk=<8^rieMS{n*`F3b31sGijTIPn4t&1Pvy2CIt=t6j+zAcNHh%<3}#V<_|=)d+y6?58nE z&iUU(kBs#n&rm{?CQ@>!P*w%F9}e|B%p+N3OGh+5Ru``8kk{KNy5nY?0tUWb;GhVsA%c zpVpl_ccnm1QXB&2{Jcoy4d%bi_2&-dUjhSGpG#EubGv?f`Bxf1h$!8E_y2%k{_hCG zta^0wOPB83YYG1jJ-?)UoeYTmwKdMw|FDC<_8F~A_EC$1ziq`IKgF!j%gJTr_=6Pq z`y=_R=)ILnTKzTZzpV20ZLqgVx$k})2mAd`f6Y9j2CekO)}?5I=|7tO+t0w~V4hY< z7bN~yr5^_hq^p-*`vdj-uebazj25v+Yb`1p_X`Iy3mDf>Fn`oVsBGqHJvii_$%kgnoVexJ|&X zi_|Ycr?N?2n}Kz8yVM{%nUQu_Reev^>K2-0@D>9?LNT48_ds4GeulLZCrglC_~=6x zmnV{3buNIyNVi7t&ey#)67vBsQ3jTb=L8=rTGM6_gRCz+guk|JIrY9hB0P=APLil_ z>rFcd0ldD>Nza{})*0pSO!CcoG8@cLbRYfqod7DJMgtoUnIDCo(LQ@V#VGh1O_;jF zJ%;zlIozz=^|M?lWk+&Isq$hqo0pXjKnPvc)`-MxK3L&^cd037@CEfDVQ~e-7|#N_ z?-&n)lNMV}z5~p&Xc@_~|4A&QpR27ngkL>Ho8x48gS$&^0X7FlUoVps#pIqnvg4v-xWs$8C zS!DL9q4txT| zt?DRO6>Hc$GIOcE@ZITYfqmSfQSs((8|mdgl@jzb!o<1)Rm&1$pwTuAlMX6(P}w7_ zSmTY$#otG_x}CGlcNQZ&G6;K#dy=I|E-ffE*vq(h4{m}6R7m{L>Z_`e(_rb0Rm*BAJm&fEaT-PB_dF;|vrWS;H2J1v z$i7BtA%G-=;>3+wALVXkxI%Rc4MO%ws#i_|RpD=o%{>tjBS)Yk;G0&ZSv54nP?k`l z_Zio*tb^+htvGkVH3q%-u-?$9!!exK)8=3JO7`Y=38i_%m6P(6p#yTIhAGI`bNg5t z`2DL3^A6H*){UKz2HlgofOHO|k|hF{2G(8_+}ck#39eHfpe%LW+0PtakwveO2wY#K zYVLmw{|>D1-3so7Y|nKCdO&fN(jgKlvAPEh%PYjGKD;0;%D~+Y z(I9bUPuIeX$yE&ZK-C)^-@WJ~zHn{UvT?`0xqr7D+0KGFr&GC}aKIuZub1@|L;B$_`xkSn`#gw<8>pb^*rYRGEG#+Vrpd|wi za3Ve>^Gyxl+YPC!!|}?~V{WhQeI69v!jP;lZUBS02@x6Srdt8dVTDq=n`4q>OMb3p zWFNKJkCP0)8>lzhIUcSnEltG?G>+scIf{6gU}tSC988;kcToMDI^%^`fXXGJC}zlW zw{EN#m~6>kB=?@^$rQiu!nlIHKG88{I;iJx-FOh(rDa&K;g$ceNDq6|3nC?nYn0GR zgB6%8rgSB1|FjyaR(GjKdp0k^&+CK2>P^{BFYoqoQwX98>J!0jnmc2d)marETI4la z@?h7I`HfBD{u|Tk+#NQ#NO(uSR&iDO2??^g!JLjzvTGcDPfBUB5yXoqo)wX+Y(>Y(t1C_ujK2{lq46jkTOyA55cR%&!Mqzu; z@&=ZvmV9Nap%}R!)y7hH6;)P*9u=y|b7LWGBV9a!sI+GF$WRkU3IApaF4q(tZ~l<($FU z+;*dIcTHDzZv^+kXzTAnPg1R>i>(JKyM0***4vPj!KPBFaK+tAuTG^$AE`NLZZ#F* zsQ3Ru5`Tp@u^s~1L=N3b3pGLDTKvavXS7&V$c#)~<9zZ_Aev5$I@3%p>e|0T(ld10 z^Kg+2t+@TMPjRQSr=xsjD#XKi*jucU+%9yZ53T(g1N?mX8jV_18H4Ee`#=Bo#Pwuw zK|mv*Tl^XPem$M@rDtJ?e8$+3Gp)pPZDkWa)!P0sjXK(2u$R literal 0 HcmV?d00001 diff --git a/2.5/assets/images/checkmk/no_updates_available.png b/2.5/assets/images/checkmk/no_updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..b32aa619b9080fb9a7cb7e593c094ca0db6a5e1b GIT binary patch literal 3256 zcmZwJc{CK<-vIDw>?ShSGL~#(E!oB|#!wLo+2Scn_H~eb8(X35$!<)tWG##sGh#A? z3fc(4gj2uG1R?g8D_s?7n6EdpAYfwXJah;XK0$zuiPo0D%n?=$7T%2 zV*JA}Ca)33tcsG)xuT%2jlA5|9tv1!Q$o$5<#0{X8H7Q^4Fg#L#PvfRQX5CkKWFTR@fyBc;s-@vV*YPxG5vLBHuCKf(#`kjTW6|AxluM6kNV z8y|hqtXinq0ILDnQqUHl->;rUnvYY&ak3KU+Q)1 zd?V{P7)>24nGYp=qy+3wPgb9!WLqz zclB#xgqK%q?ta8URgK0pTih`*x<$R6$0*Heks zxM6Kdv50v^VGaEky_UYPP%t_+cDr8;NsZa_IKyg7VwIFbrbn%WYiu57o-G=DPkvA1ZG>_gv@P|2^z%DVQ2>!^wwIsTu_g+(51WH?YcPb=ed3Jp5?N_jb z=kb7=D)#$afwCbRP=CnT7BaXCrMd@)WS z#t@W;x;mF{1B2_eM0qiHV<(#AIW$v9=Y166`j8f6M)wN5MU5#C?cye{7No)|XY|CL=LXWCF2COVvs8#?)IrH0TWL`o}!%?YUZ9>g=kILQ# zbW7JBJ_JEN(agoDk93;gwn-m~RBu`bM2Y$ka~AHz1hFzkMdi`QV!j$Hw*OXXJ;^KSEor{t6;g+3Lc-Xqs7*mZb!;5; zBrKZrzL>|Fw$=})h2-Dok5>Bd@Y9!-pu;rI`zO231qaP{>W046CS_?O?Fh*sTJNMK zO&)xxSXNxIysO6byEtkL?xh`}YEds^e5@m+drnns;cB3^C?a$W6X-#oJ!oeibIZeJ zP0Zm4Gmql>VOFCk`qMO;)Y0>t#$OpP9FRu}uI}|N6SF=#9C{tiw<3qCuq6IbPC*NG z7z`Oj`u&BT9@zA2_$O^hmv0mdv5)JonS>&3oh`?T<4>N>RMNEvSUT?&-a!6QAOuD9 z7uUzkDi!)4Ug-2M0`cD8=$o@3_~<0rN? z^9Yn}PUNx6e#TXiy$hsC>EtNas2OQ-q%zR$%6$o8>Z8RUo;=E(3m6BRRLBpeYS~+1Mj;^>A@X+e&|E;2t)p|gF}=*Q zzqOfR^0FthSs;eM_i8!0e+7ABaVJ{d+rO?iIr<5)k+@2za}Ms_gl{_CYy zHOGJ>qNzrnd*>#&XzT4{S4%?bh!Y%bmCgYYsPB)DK_znaz&NByv6XGQ6)p-9#9fl?zxLw)w1=uWw%RFoFa{E?8v~ z)tTbQ^|R2kTX%oBm^^3o@^D^X-LA%w2W(q*hrGq(*Js2 zfd^fek@ykM_a}0~2m8dhD&w`#26rC!B8~oXStM;wGKkFFpt2j!0pd*>raiUL%oah- z8gX9$FRCPsGwDw9RdVLB6WYMYzJkbJoR+^~8xN#3KFza|uyS|!c5jzGBb6KG{cHU8 zs_@Zq!%+(9{pXO@W%%7O%aN*)X4S^J#GC1LC1zzeO?}pO3V0TmX8g8Y#tU;BGCwYW z4$iqf-}3=+1YVQqk@~KEpH@Dv?Nmuy*_4Mo>2r}ykqumTLGY+Mb#1qPof~q!Z9q0u z#v0Rj$)fvFjj;}nU5Cy7n>$Y)V)}iH86S_gdHJ~5^$jWO2Fm+cu9 zDc`fY^H&P+ozNOBi>2`Z<9L;gq~Uyq5nfmkutNa!fQKb-3gO5TEck^F`(2p9#?l@? zjeC=y(a&v|DQ7hx!yc1q8Jv5gBG{z^+GXQ^CwF}kUS43 zcvuRFe+4_w-A!j8OJ?X0mCVrj(X$}M1hYcW;`CtuuxdhDx*O|y_aGMB$@|?r`PiAg zK*n*dFnhbkeqW|&E&^)ei>cQ#6v-9ptty|ioi6a^@}leyICM6r)tCO{uM0IU#oZ89 zroRh7;!UFc6o~3Eiiol0OBX48UiY>-p25YkCgu%-Ez{Hd>QczqbvExK-!OZZb!Z@Z z)zZ@P-UGYSfAx}Yxe9Rx%T@-H524~S7%R)7xr@@to40Pz8f2BjcKxEr*Kj_i(Y?^q zTbWG!Pd??Dde$V0i_OgcYTvUKHpsZWN*4|8P>3#U+?Qu_YxUh6eF9(9;F|~K9qcEp z-e!rDvUu_8#fdFt;-zYW@lwm84l#?VJ?|NKI?BmdisB$T#N+9*z>YRvg7H1Z}g0(3~qu=B{%my}U#G zAyc+($C-R#aK#O%3PQKx?LPaY^GvLV+3WPX^0e1YF@;kOg&`BU*xJ`kknO0_PN-jn z{2B@0S<&GpH|sAvQvH;(gvW%DO2!gmHdL5OUSv1OetZfSO+5LN%{Dp1U)5=Z`otVr z0eds^1inajNz6UZS9tC!^XWQbU^MaAexD@D5c zB=sK;>%4U0`pAmje-mmtcsJN}4BJn7e>c#JL~MKuVg6UdeGIz;I#FUAa zVyJY+SuaN5f0a(=JO#L{X20W=f3^f*Jj-~@Vie_IP|hXr6L8uL^-Of@t~)&XAM~0Y A^Z)<= literal 0 HcmV?d00001 diff --git a/2.5/assets/images/checkmk/updates_available.png b/2.5/assets/images/checkmk/updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..d948cd1d7d70abe1f6e00acee3b891305d4dbdf9 GIT binary patch literal 4034 zcmY+HcQhN``^V9$y+_oDRjSlpH4-aUW7e!yRch}lf*37g6s1MAgqW=wRikEVm7X?YpU?OFexGlD|J>)EbDw+P@8_I*p7Xqt%uMtdXt`<0$jBHB4Ip>O$S7bJ zdp_zb7b~czvyY67DajC`Wf|tQ>FAwm^@GESz9zP@N6Cv+EF}M+Gp_IjKf_qb(hn~h z0rr%K)70#A6p|F2H?;F;OC@P5$m1_(l#C!)!{ccYCdOtX;^t1z6Y0}AM=9RwnBT7$ zB1Rt8ZN0zy5rhBU9JeD?$KXPNyz{?yVp!VM z$$c*jR9jtEZTv$UWgQ_{8&TEPDtuyG+A*g;A}oOptUOoBjD{<2a^~yUJE=`BYpyQ_K&su*;eRCnqywKB&EuC38oFd(P-mmfnFKT!Gd!P7^iJl<9#X zM@=6l*@b7H@6ezMx<~UT(Mc8dIYcxxf^C1xq&~uzq&$HSw(nL9ckGt&7snPapCZqe zy->}j%J6a@;e~R)hy$FKz0&()DaUq37$sU6O%Qq+g1;LkJWHSCw9xn}8{Cws<9UB)odp^yh5J-@gSEWmZ%YNpH%#+n;NbW@R&4*qWgDL4|Oxx!rLy7UKV#7u8^oIPkkhvc8Hf zQ%0QEik}^UE{(3xmuwxdKn|G%VQ@GJh?x2^F?!9MRa-PBbJCM_O(-i~k65p&%UALH zN3C0dkKwBSE8vX%vOs`-FB!~vaoHI7w({i7JjwY|d-Jx)yWbi)10C}c7Hi4+SF)yC z6j1=Mo%vco7&P8oxVq|_2zI9F!1-Y-rxwdW(oWW)i7;%I&UuIsdF`aT>7D_Vkr`ms z8dF|}>5(sXcm6OI^O63=&RIwbB7w=^#AOUkbkd1}?8B_ST!#%mPbLryAlr8PQ5VIJ zK>T}l?$@s*QQojs30TSV4BAx*{-WUDHsBGbKi;g+q7fx-WofCvV|pf0!6td=89pKxVaQx8!b%_lTBMnoR8*xt}qi#mLlHq>rs)VLt*m*n5_D zP&xJXW!>*|IAD;gq(`c^(fg|qvu}6fy4snL)jjde72l~21HPHikr{I0y-t8Ik33WX_^l?mt55Qp$dT7%7)xUvyr$em~>`>F3; zdO3CJwE%e#=az_BY4wv2PY|-tyZqS=wH*hTt&W#mHMzqTJN4`b6J91Lqy`9ley|XG z>FRQdyT3&bpzdpYEWA8Td;r?SUSYL7*<0;iaraK}^3pzSdDM?OzEX+DYQ zY%Mi5XS1!+vY4a9Z|)juvF_NKME6rw9XZWYXP(L^AITLOVHkY5`>eeb1s#|VM1JCL zNtb#p(sZj~Kay!yBj{+BFm3+G*Q1&<7& zC}G$q&Ul;_zggh|7xc240+xE@SO7KQv#_?lQj)}^bOc@kh@8i7;p2#Ucyrqq+=n^p z%`sQzq7?nVduyhrcciO`0TPQ6Wi_{M^~`P^CN`5e3)OgG|2ukXxY}#Ew4JWChLgoEM*1qzJN4DPaI zK<_u+pO2{`WiIX8-VaFwZWYDI1U(Pg+O^hv(0-5@G4n-Imw2mffDl^}&jNBP-SCyp zA+%$1%vKE%hQqNnMzd^^*Z)m6CDf<_~C@xP7SEJI@=9dS*|g?jCGgtaDiTzH0av(pL=oyZLN2k)2`&XO$tlkCSo0{@){XUGJi=^w%S?*pQ;E)ev@CbZ+M1ImX=XAQyZcPJjr6!?AHE?1tc~_ ze3h~fVBgHaKL zh#DFcSYykU|LuPL(KU--d?)vBZgNZ4IfjQwsXcRVxD>jo9o&)zM9TDzL(=z%i-15g z^I!Gd{)8fJMxXxEM{Q8QUV@gvU7Pv7Mrl;EoI#w@Pi9bwL}6QtuRa?JP_k#JPps`n z;7{skygcp!*s+7<7cCmbRs7}`Zi(`Z1X<}wx!bX;Byzw__u!o24`3s+bLqsuLL{{ zo7|OszPz?iPUGV!;KQG-Ar?$L73G}oO&U|pTpZ9%9ighsQl~HkehCYjef?H!K0a^o zE=}Gw?6PabE4C-ciIkZ`p7BL1kq*X|aY01XBsrQFbXMRKOeA*6z2$8e=n_4t+JsC7 zSNE1VIMg}1r~#hJ@^kH^;Nn4pB*DG9;uYLFxRu?J4YZCwau)0`h!voTd^P)S^&qT| zuGL0$jnOsji2!Mba;?!FN}QYss8YiYg?5= zY-arMSOsm-)ad(~B0W7l{s3HWr_-iSn0-;lvRXrHi`h=pxGpsHQn zASuMZIU#{$CY!>L;QrOOGld;HE*Vt+3t+46FkrO&UGfLU3ysw<$U0V6P#mQqK7S?uKScn29=G+xXzV;f2ut0G3JgGq(X zxdm>^__$v#tR3H9zFXZ$gfcl|21bcVaD8blz9CNwb77bY2g-nZf~HSbs4?jkB}MZ9 zmS-U%igQFkJyQXjB4jkFRVn6c%cr9$WLCj%bfx)O@W!4UpVeLngD?+lqmk>yVv05~ zclG3%;fsn_H=<=d9?8jZ3So5$#@{^!*RWEF2*U!0>srj2#l|#Z6Fe*@%RixrHIw+< z8hMn>Z&e=x4~1lcX0Q+}WZ%YP|76{w!kRwTMW4*opHShov5+ViEh3DJ>U!+^1Bi0N z53cv$I8kdl?&-*#cVlUH;g-z$!7N60ITgq8Ss<7CKi~*~d`37y3g74b7b3YRdJ`@{ z%!NlbYvONuLr`;JQ>b59$^VUqlNa=7<0Jf#!2K@~#t1UA#L{DD+6e-V(T+Xkv=!6M z+}lqEmLu3RAfm~C3&qD?04PKA-py}UgUc%Vfd=!ZipnG7j>_y;@zsCRo literal 0 HcmV?d00001 diff --git a/2.5/assets/images/favicon.png b/2.5/assets/images/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..fe6156078be3bb14a2035117bdbc5d116c0cf470 GIT binary patch literal 10281 zcmY*fRa9I}kjCA0(4d3EFgOJF;4VQ17~CbeySuvucM0xp0TP0Ha0n7K=<=U^*?s8h z(|vCB?UH-Dy6THkRhGp>BSnLOfx(oQlTv^0GyiKSNbeLdNJahL!Mdu;O2E{8CqI54 zAXthkiNnA&CZIo?Aij@Lo#gaf-p4n?JywR>Mjb4xMSzOIrZ^$sl55W$JQSVgy|I-4Nx7RI|E$|t_ z0|*WpxK-UA-+6zCmZkgCgl0Qz7@aW*Rxt3M5bg3avnUST- z;5m>K#RI$OX-~53s@YmN9rSO=_uJP=wGC?gYL;cW4`frT(&n+G47}h*!2!|`zJOoK zn#R9u5R8}X;kNkf5WfWc!4PfzgV^WR8noyqE7tW|g1?68bmPD`*P)-I_RiH$iV_yq z=iYQx6BppOh12`EWBE`guJF((&1bb}4{AB)Lt9cTHBwxFX792N!nQ9#E3L~={V+Geq z3XccqL}6>yYawRo5;n+48Y?)n+CJV`tN!IB%HQmI*Xe84bNpgq-!F$ib6_LaX^+EJ zH-fpBv(w(i(4Ge?%uJcqg9X&oe25g2A$VexTYBnlgNox;U`cKqprZ2EM_;2$-ls~9 zkkjEng3+IBXupe_kEr{A71(Dmcv1qj1u8 zB*Rl?=Z*0Jet!0XbWix^>dSYAl3qt@*jVP%nepMtK%P|Ql<}YKUOwXrPYXU*BRaRyKOr-|X)lr|3*s zvX&0f7Op_zmN$;LN(8(_PII~Z_6B+7jcQhnk4yDHFiWD^6E()L661#P@3xs2tQUg2 zwaG}uuPG%fkm!zW4zc*M0xP=zN`35-HmZhC1A@V7*t#WFoqwq>AHNvr7QZ!6tJ`5$f|T1H zv!ikcDoIkZXOCgf<%`yNe~$h3uZYvj_}79Bf|3w+C~p4GogZHdqZxY)Kv>~RcyY#h zM>JsYyt;1KDKqUXp5e!ph|C$d9KWlAH^H7Afk?s(XavDbIf0zkXqnuK=MJ!lXbX^!{0x-=HtyNPCV3U$KsDVJN&Hck>n(?>P^mK{WCtpVP$%rQG zi^3KV`s8N0#BrC@->k9*?(x-Mi-brCE{Mdyn+dZG$RYw?rsxDF5$M3XW1z*^0kk=U zNuIX>!Fe*`yYo8{!B8qs8<$c*(cj4*hjGo-J4cE*6c~hC5{F!WwyanxWMZPx@YU&K zqLbOAB~z5}$4e!&kkGplVq{@4*ZV4JE~iI=j8<{;`;GRKi1}A~MK`b9$Qjf+Dz0cU z9Gp1&RAotnf$sx^7GUZ>xxbNurjEUNM@jBpUeMP~erfV$f=1);EiK(u+#Qv4OcSGQ zOh~YCh^5%e(>n*@_{gl5s(6@yX46?hId&~g-JZZIC?m_{4r$KYu=ThAxxkwwYih|fuQpI+43q$t`2x`dXw(%byY78}x&#!_nXe6- z4W&4rw#pm3dxJf!Ibd~ushZ*i_r!FOo!%19-4!+J za-P$kaPitlC5+Ht#gZy07=p7=RgqbAc4Ac~wYbl?klvAkd&DrO%Llz99-EI0bxHAc zPNqzT4BlK5UX0JH8%WnCYNZ8=spwO3pPffzyqjh%ap~xQ*1($F zT)S~ag|L=Voy2S$c&4kQMDlw)btCD7ux9xC|M9%Eq~+T(-*oc6Kx+44!YM8g4Qp9|{?$tl zEYtW%#mMvuV>0ksb$a={>WtI$2fIDM^R}F~(;LSKp_x~(gT&#F;qZw^@Ls2ydkB9J z&+!6s_7^gkzB@pvjix*>JH#ADHZDrMhI4atgER6tl4&A7xH}XX$7>(vx!Es$H@dUY zLtxLmcSiz4vjjjZ#DZ@m8#eHBd&tTBiClaB$EVaO#QQ~SF*T$$(_wYsAN`TaZ?0jNO;T|QI z1d*3VS2+BlL zQ;UHZ%X_x-c_%>ya?zM>|7`qG!@m8?^VTb3`Dt9DZWZ;-e`d0(gS#CglqxnM!HV3Y zeQ);~YhLWU$ru~L-=e0w4bWCNE(Vf#rpGSBTS6I|lEVsrzA`_<8f=K@Bohm((l;d3 zKqZ8_okhB%{l(Lz+49`aAPgPfNhdlG1AdD4D*NIS!C?FGCq ztVlzEfzz+)+a}wTe+7UbvUg>VfYju_HIe_QMsHgc&y~kGR|_j<9QTtn?+gx&lriFe6<;N$0#wqs$a6ago}h@uy&_WohgHSvU3XxZM@h=6OG` z8U}tUlsLCOzzRVG|BQ}g1oC0DyKI`5BH3Pjn-AT_}rNK!V#(2H5FQn0|c&f{1P+xh)K!=|MpK^ z!^`U@foFl;$83Y-43v(J(L8U~ny=Rx`YzB{D|LW=lk0LcZpEX|oCt%|rtH&%*uioBhtPDY1N+>U-Zq0hTF-tOPtW{ zzHr8EB)UN3auz|@V&S;aNH^W-2swZOAIWSg`Wo|u0)ADqC;Yh;rwOd|G++S|@RNF9 zlLp)+zur%ox3d7&kw2(+$ini9!p1~<6q)rTXB0UT;rm0~tD+U+xLsqaEI^M|yYd`C zOV^h!oXiEYg^c6>3H^sabENQ+z~DyzKmAx1^?P-=r^Hq9aVbh5WyyhBESu{ie1?Lw zyK@h5sc_$5)T!jAEjR?FZb;A=k(0f{F4syDO#<7UBOir?4C}X@#kMEV~L|||5*Jnw2eTsB<5VAz>^(*0@VT<*&XG-bu39|6=SJ{d| z1b&k`i=vX{4+;q}iNn|&4tem-^CyapxUt#t;G~EsnJdaFwwyMEtt>1gM2UQ3QAu+Q zm!{_J^ew@O`&!Jmj=NHv8-$EE)h`xULwpNU2-O@Pw@-RoFZU+!Q7{9r^j6B?*U>w20K%$WCDm)NQ*W3(}G6!2iib)}XjtCA($l($k3+a5eK;tl?w)dRGT#S|(vY2Lj zr#1af@yK8|Im#wKp#vgCc=@cvjPNcxqeP9H z{$7}&!AbPbqzj6OlDwt7lL%%vC#8^^ht!agGihH6EUr<2`#fn z@!^y%s9&~Z`w0#GZJZQjXWFd_mm`Rd(&7>s8$WV{?Ec%?GX4*)((g>Y(>61(TCR{> z>goQ~`} zUOb0Oa2%x{|AqGsijQCp)l~ zSS0)AZ}z>IVNHqJmbC|dUMk?{`m`ZA9yTOIcgupjo)q~;*Q=b2ayBw0_g63s5KD&{ z8U}hdWpK^UcEWDu^g3-nf=BX449nMKnI}V&3wj6cy}J>v8bE;vG2GqYvV-XHZi0O# zq?dSTbE?RmLSBTHa^qj-(BIj43Xy4p#bD`p;qfPw748|MwB`g3uImqO&m(ZZX`a$^ zIhACd|mH$(Wzr~tlX=r|h6^#c?^CWU!gYt|H0W}x1+Hw>y;iP(vy{T?17~|$YJ2{^DitWjx!y<~ zfrz5SKW=$UH(M`Aj{x51FZa8#E;HumRu(C|F@HHIj8ho#B4Jvf-Lqp-shY_aApbTk z)9zw-K1aMO4vJ(tSo5I0ptTtLh^;lCR+Kdy<zDYPAuEu_DU6Z1Mek3dkrAOl!Uw0?CAxVUIn|3oWl1^nf-tJ;Yki$XJ zA$K^NBLDMIgj#$r4tG{_xI0}v-{?#Ajb^Su=u}lDArXI`lpzED3j(jt0Qe**_bm+W z6g;eT9fF`O^k%Vu;MHK#w^f6?_eDRX%!TJvi;i+CgHogxhd7u)TQ#l(5n!@p`>Mt+RJNLAibK1!1Rg2SkQLWX zkN#DMv57r&Ox@T&NXxo9rT8Ie$1BE~0=pMI(mmf|3_xAsbIvMU+S}ix=EDnav6_!~mDrI0Get7yYXTq#n8r^7acBe^66` zaJnv}y*s;88R-$lZd}eAab#gc1PP7|q+SqM&g0@1RB}$!<*eP=Aco~B1AHq&NKdZv zo*b{~*OdNi_>n<@GThzwY}yN zk`Xq`Y|~U9Quh->iO$sa?H~W6sWSVQc{i4dDOe%;TXtf9djL}d!Y??ko?^lx1Spmn z@Q3T7OH_a7vP~O%jbL!f@3o%R71Ed24#{Ni40H~VuedBLXj97KkP*GT*gq8TJTQb% z@=!~2A$pL4o!jUZA_d6<2p#(7Td0q}>d~^T3g9AR;quL<+_EDZL6S;S>c1mPzMybE zghZgqII~XMKNI{7Qs8@~#|1Pw{Ur{f4tPHVZ-4*#XZ~QJarSc!+A|gOE>xMEI&m2Y zMU4t6;1V>z7$3G0=kk>jMd&3y3C`7{87pY#F8OfL(`BvRc=ZT#$^Coy=iZq15~PdA z`faSc?$b6nhl|e`OCB>JEIH-k4YN|`b1JpGETgE86dHDf7oy=7LMO=g#3?+io}cYhw{+>upW)98_#srqq zq;}eN(aCM|>+($<_2=R?N79jhywveG;{Jyp==?Gh$;_(ZALt4 z8PqeS?5awd5L~+dPBHx0-Hk8))@yOOXa1Mmu>=6T!krUsvs`1Ycp(kWgGZC|K$MSP zGVtQG_ZUQjhLOv6uCC$?66E$L2!a$0r+m01R87CvTxpyzCr)36&o{$=Y;R4_C{GVfBPRpgF-ZYa8QSO}qJ=B4ah?o>bsht+9~e|?dx z=8wp>={}K?cPF@~6=>6copAAV|FKVT%_eAeSbQurLyP zN&LiDVhP}1(EPYabtH1hpcGO+-!=hLL*?&1bPVhzZ?b?4yTa`Lh-uT@)t2K78Zv`_C5a%&5#ADxo26UO-D`W4mHEX`y%J^LBg3b3SZ;0WkVGS z2Bk{I6?q@N=FJP2eK+U?;_5PRt)UvM2_Q%RpdAmdmQsX_T{ zOhm-WB$bidpWS!a21DQZ^SPTu{cZFGG2E`wBkkgn=og6j6oa2j$K2q3kqSG8Q9VrZ z)`h;M)qL)_d?ju*59EAXK}auHi380uqIC+k$CrSI8c*k(qx!oe=@+ah)${WiSYBO= zsd!SKik!bR+0;mX7Y?qk-uVWL8|tOm7@dYuherLLBlwSf@u{PAJ_9LPeM?NVTpkH- zhJ)!B;h|xI6!k!aKgNPqbV;L}Z?xz{f@0$P! zXB{T{xuaiwU-<)mKWsZWtJ!BMP-E-^W}Ae~XXI})WbhYTy0ek^d3O=SFD7;zLmOqz zDh<+g@KkIESY8w=)(#l!n|%c8yR2)7*?bB0czASh8jV9O@`w2m?-`(CwY@WsXZt|4 z2wWXQjO*tiF=*GJAKr3ve=SrRUEp@fr7kEG69|o4a?y}%4tBw2^u zY}}0NOlP==lm5)?y!}iob6E-BXvDxoDV*(g?lmrD2HIK2L!SV&uPI;d<1m|%AJ%Vj zFZ0>uFENOo**^<6C42o?;n?iZfNyFHT}NG2Ffz^}u;_+y%yEalhLZoyk~T_6J?IHu zH`rfGj}dp?k&tL?AIulk>HK&|^c5QoJP%OhkM`y?d(xuPEj(6O)Ipiv|6Rt|4$Z29 zQtQOq0m!}@Zqww?O3;Bm`uWH1d2x5`h#e<7wSTv@Vflrn>gK7&g8=dyPq8_;j7xtq0__}Wi3Kg8uN?J{ck|NC$GI(4|MILFhdYhQ5vIk1B zK5e6_xfJvrz5KI(e;eW$2nVsp=o&Da8aMfHger2so3q%+E)$;1%S}eWi3vM<^4xu& zg(bNl6I&^Fvo-iVew`AINLbqc;Rzh-D|(63+`G z{jSXK-)n(ZSU_^=YQuViE^+fzc%}Vh%zd9o`@BD}0?uW!nsR3)kOoIH?GQPz z1b6tM;dJrJl_g4@W6>#BH#3`d4yZ)RCH*uzo*0R)Lsic5S%BJhkMVu4$oO%^?SNiq zXcgHgO5b&A7|1I(qK3x^uw!&+ufj`^p!2q<3Zd6fWbj}OO9DQF$QvSmdxUwN5aXi_ zY@QB9U{5DyJQ{HhC&gHR$nNnZfs;X~vhHqg##?-$J;;iEyOdANxa4Chd}MFCUKx0k zSz?nx`P_wUbfHGn_0?!|ZL7_0cpW;uwo5WjZ_ltH7XjlMJztU$ZhAln)I=F*TT^xm z`N8ki5BvnXh!6KpO5Dx#s#e1a<8l~06?PiF5KNEL8%kXs6M!Pw4^*Pgn?ssCMv;>z zEmSPtLC4%cQA>VT+EIZ!;ejnnqS7%yog>SHLg>1|EsItd9Hfcz7(U$bzd1<0YM^>&YOU=z}SaLUl(yrmhFlp&^baGSY9k6v+PBx><*}M0A zf(#}JhuwV113K;A2vor!`Nq@y)Hhgm-4UrabvAKKf0R)(P->zG#2c6T3c4CM`W}L8 zvE#rlC63{lkuxIQP&ry*O<-$9gv%ZGU_8mq>~@Av5>4Sl4J}rG&r-!PU(KKFxB#OWhYr2z5PcwqO z9%`~m!Qe9EYN{$6cB`HrV}fNV zYN(=l8-}P@A5o-C;)3B}+!8BCTY#4ls+l>(9kd*Kj=;K$lQ)UQT23eT{Vwmmz>+5f z{_PL_d9C?LS>`v0`mKpk`u%7{a!{o;w~(>fqdx_TK^FKKEvj*!(+V4+bycb}1oi}c zZxDPx*E7BUsvkPzM;jOkglu$CJxu79*|)6>HUi>Z}#uzw&qu|)Gy zH6Uv{>o2u> zoqJBAi0jfcCPr#cnz6ziWvE}Jn1}Pb&lxpHFl|!$6>eDZ z)VD10Ut-n*YdaIal)`QJvU5U<^C3G@VLS?k2N@J1-nnbD(N)jc7)Ub2wYn@Uqx31C z@ZV#Y6HFp?O{->Kt!mumuGo}Typl4fr%m{yA5-Bq*lC(o@9Jp;L&CJUYllPDB>!w4 zmfx6%*^Hbn$>-A6b9>sr)mSRg-ndZXv!H8R5oGPYJR~{zAq`36JI3qCIw^!1`nJsIuS>o7^MYU zjgd>IV+Zzn#3Vs15B_dTx;RJn(UZcb<{h?>XxDO|^!Y$BQ>H{`LBE9XZ<0))GX< z#Z~{nLB6YMH}Lws*w=1f%bmT8YsS-)jsu?8hY*&n^5Lsjo1h=f&k||ZZ(+1uY#we_ z&1*OGe7q7%K>aJt~sf$!VgXpt3#BrLfSR`&UvmXU_wwr>3F| zO6>&A!E=FbE3GPxf>NJ=i?jef*Vt}K2A(J=czyrdPzPPht)3T&yyW%0v|Mexd@Vez zQ4~F_tzA6rT)j+nu%3@l;JlNQ*7h?!$yIfuR`eMZDx*o3RSQ_#p((vilpTRd3}I$$ zSEjOKy0WppY#`Nf$cSI4TC8`#uTQD0Zr~@)PI9K8$EHf|jtKvnXikM?k@yOI2wjmx zN;4d*m%t*Kj6*5>7F8*cKAIkW_Yq@;Pa-T-j^N1YsWJwAx7fC{?CHWZc&zW{5G}Mo z77Kxm{!(^GoqnG}27)F%NB}3s68(~xFEz;%jzs?)&#=Qn;Prw599r=4zqjfj)(kr( zf}MG?AN_6juuT|?&8EXoR36Tm9|E6_2KMmkn;U)YigreH4sHM?KCEq?C40kS6aH-t z_rvnH9ga6M-kIfn6@$SE>I&~Zv)>JCeb-|17l%-DZL3xPiIjV&)z-97HRJRCLp zfo%A6%wC2*)ulUOBnn_EnC(v8h*LkcoFziQZ?4nlX`jwm_#gHKU>CLbxb43~-GvTY zmR9RuJvc;^Ey7yEd#{Qm3X8X?FC7)_xxls8A-6E}sl2u;vFnQk?vAJY#K(u4;>N~C ze4GkQA#gyQj=q_hdf7~7=9EgmAiFACb`NIzUg+D_w)>O=OnT_h8kzGgU!zcCiIQ4w z_ls#xVUl87r;xqMb!(-29sk9S!}_JpC|<;TEZ)fJ`4@hoPv3=R=ZO6e!uBhcINMiq zt}dfeh!urdGfRy^9M9=}4g7BaseC1}ui3rY$>=#tFRX_W4W+jd1!qra~M17U2?iO&`i}fI(A^bn@9Sj^IkRuR_98xU$WHo^BK& z)Y}h*wd+xjqXw)=FX=LcXNg5=*{9N&oqpUZ*r?SX+$tuf$-(rD=;-7`pki6+>Hkt) zYu<^77~#UJCf+Oh%W^M$HxFd;^?lu1r|G0V)2{+?I7#9MrxYDoAwmz$`EGIZ4{*{| zm@lrubU~*Xu3-knnqnSSPEN6J&bAZ4%`B|EVljvxEPYP z`589p6vn@O6F8{6dLWPsvn2;W8_WyM#ttbcuPHDzbavWy`_xyVYD|Inwu0*58giq# zqc<84DzHU$q)lvY%8lw>(k27cGA!tS`6wB^om885+tEIxw;O*Me&;&rdWG3K@JAls z$W671?_5@bSh7e`H`=fc8E@8=LY?6IL_XdIhD6o^%XU1Ps#ruJ2@qIao)&UiPcj8D|_uJXHw8<_H<&_dGR-Y1#;~> zeA`hZnk*HkdJnFETTSGODgI`WZEaNWCvmXo`y;ePK8%x;F8MHpP_?^H8vn|K4DclP zD$``k5I%qqFQD_cINqG%MfPmTZH$uMR&$`bdhQLL>L0l?z~3)80xx?G)P>OPn4w4} zjj(ajR88CpZI5X&D^EO;W;nHv*aSM`qB#Q-&?0o4a-?TuO}QfVvPaJ>+1M3GnmKX@ zd!5*(s43R2ACzZ5D>aUhWc5;*9i$H-x>$tdJZSK!&ZRweO%|r;1)irNfQMPMF>W>U z3X`;=J1R3;-Bgcm^PBIYVZJ}P1O48LeR2Vb#)BJL zRq-y)s73AMW`XBzdwF5_004l#O=#V3TMv4tbH9T*uTmq#^k8u_yz!Jk5QxI3)S|7e z+yyrXrrefCt4G?ysril&U)3a}0J*$bAOh zk=B1*{qPFBBXzCt5yXB;fE{*}Rn*yAMs^Tg=>@b7@Eo5>s3BM^f6PR9e-h$=)+X#~ zlgD`eORIa?bs|Q2D4H=k_;;;j7A@|hJn&OW~aPnw#UL&K=NImVfy<1^T|j~Tpw4NM!sGx9peJ|zm`A!9@MZCv5VrV43ZW7(W{#; z@#wC_e|YV|6jH}Bf8GzFrU&Tr41xZ^-8jHKDiD-6XH^k%YbK1>?;jJ3BqkaB3QJzv z5hkt%Km)U5xumkr^H}>|Gs1}UIEP(j;dmlFj-SH~U;AJpj%j$EfMj%Y+&fLfo{iVG zp+tn#jDLgK=3RqftBuK8s&ztx8v z(!SI{ZIEeFPg}W?S*4o@EWx`*Qbp)=Y({rC0XuE!Ogl-Cdy<@5qSjYK!WfKW%JsjD}^>>uR_+t4J!>(sI zl#IzisdRpgAMsXo$KpVX#)Jb2&1#b6cJ>l>DJ$B{iPC7QEG*M?1K4u#Vmy}g#DUQM zarsvP;v~bOo%(umRPAGP_HL8r zjz&0Aa&**}+~)sr&Nb-zF?RBeCT-v&=WR@ydQ;4DX7^Qd4bR0f_Yumj3uRjk-Ylk%no3K@~_r>;6yl2^J(1 zJnWBEnrWz28)0*HO!QbRky7e2SI$zqoaCWxxnA=xhh5s+=oL#SIcFjaYQ-N%Tlp)C z4-o(ET2;QgVyHvtrK~mx0uc;Gm}Jwtc*+MbV}EI!9CzW|8hxloFK*n)45~eAuIUh2 z0mR*>C;7{`c(T6&%|GCrO|8b-YB%k&0+*yGNk^BYy=leLGiALEvD(F8ksiGK@f+w-L)}EYCK{@RevzEt`M+0H+LiWkI{E^7~uEpniU-BNu zLppz9oI9Y4I(>$-x;KN4*Uff(NAE|PM;wE9Yp}n!PEBnoylUZnW?lBbe`y6paG#|d z40gv0V{37DPsDhB$~}vJ-{8dBB%UUCJyGFDVvoDhk4yRckFC@#zywW=>{6J83vz^z z*Q1-#@9V%n38jRo9D%-nU$0hK#nv)j`gJ=AF$1JToqqkz)Z=Q?eLPfnGQVYNcfH*& z8~(Jd=g;BYnJ8j?K8oG0q);PutCB$#k`+u$E|6So|JU+82&(H2s|^0Tam~dC$E`lL zZz_Ay(+Vh&Y6b;Tot&^B-kal7A1;$8B9Gy2`7$*)6Si|h5!E{NSB_ybsEK2sgtb^q zXEC14T{z$m-%bL>xFhNusPihJM_q05bR31amHf6tauRCWS_mZ%JmK@lF`tn#*|>4G zZ?}N37503|Hw(g&w9P)Im2E@gl$czfNZ7ES+FNy1S~;z@n*Dgmzxjcn3V?TY7eM@e zwgZV*5`&BED&K`W;+h5NB$!AC23Rq}k7kDVITCu8x3)!hoTFZ2NGGk&#b16$`p zrrn=(8&Gp<`d~4&`uP$pQvaRN{xi-Ybw}03T=gSu4C|!M)+~czk)}UwDBS!Nn6>0b zwKC5;q;37u0$0=#CnQ=H+_`X9-=AD^nVaBdO~K>B6d4+>4KGvgfnUFY*6M4k@g8ba zX}(Qj;?h((e+U`@bMM>A@jGdy^s>}nvBDUkig`n5k+iUIzRGI3pt2fyt5qeSxZ2*Q zwUYYW4zC{h1l~<-+ZTHy$H{2ve=vb;+R*kFFuGI#8J-^+Ys#?w0I)V%u$Ot1heaoq z*8)FUNd7P^b)#?;)wtyn{nGYVcE(PIq7$CF@MzbmRdP+9;Ls03R8~Tezlp|QpPSVB zaEfInXz%P>QBW{PsG5^#$b^HRa^{taCE2Ifb~Pk&I2uJi$-Ba37gvj|dP_)zYua;i zy-@!3CbEdf)d~@w7a3C(4hnyx`KrJr2F}#yB1u1QQc3Yx`Sy9nBM&5(0xw)*mr1jt z%Ek9b{jn4<{C$j~OZ84K^DIEcM-Rn>K5uU6>v4ZW3P>tfY&*MO9+fE;4OI-_VL;-J zND1^JpRm;3gk6>}Pe{Gpj2Jr(O^3C{7Vk*evtMm-1YI6;75+LDryk%TKhP1{9duEq zUA*OwANrQl-Q1Tloh1xj1foMqd4Ab~VxasoQg zWO!9k+N|J3>s&yQ&|q4DdD_aS<~CVW@>G-ne-(VWB5+CSs`C;EoRhxS5Bmz_*TZ#N8|a5Ado& z3dRW3{VEr>^FSQR(M z()UXtllc$s41lLc55?H!%bXg1_9q6~Z*r2^OG`v-FMd3l3!1C|Xs-`F#m3&JKv@tS17L`^_151P&v?*gL9-?`y6OPP8c5dZ7&)H% z#WpD)g57LC>o^(tLqYl$SH$ijp?z-8tR1H{o|FH$l%3qgV|xsT23(gVmgkSyio_!R z8Rv(e74uu0JPB}M*6*8EQI)D7{#UnwsYx2bF&VD9L;WYLES*kBo3C9^b=WY3icI8; zR+03UUlw-CiSdN^P09qkn_n9xPvqfu@nD=}j}xMU58|x)^3jh)|7g<1-Q@w#En6NcJ~PkxJ5hd-p}FW*r%7_sga4TbzF_CPNl!AYaB9Af`Isk(q}J#A^Y z*-x$cREIuV>Saos-ra|S_bC;v8I3cm!jM69Ed9{8`_A4~kc*`ad&&TzL-v8xH=^Ot zFq+ST+UZWSwgjLNpq9WBFhcUzEkf;7r!=FXi5VQkP*dn{<4-?5T<$QCIN~cAdcA7u zY-N2JMuw#AwN0YyG8p+$P2eXGi+>t9Sa}1ZQ<4F@+RU~^@Nl}JTuB}FiMmVgjp-5@ zA2;cx7yUvSTHtKx+@Y5gz-LK3wksT%jM4##bla~yb|M45XOARMS7st|6HCq22Sh3x z3HFhTIp?fX5D}>-6752vvM=9WVwwEhtzWi$%j>draf*enCg1bNyEHmQcQw`ijT>cS zRwUQBoOmfPeiCo%TTup`kElLr;pVFHlei|>L7Bh0^~FDgRURu7Kfki5UY2du_Xqgv zmy8Vw@xZ=RF_&qd7*izes?;&8BpP3UZADP7HLeX*#Qx$ z?0m!b>G!i@6@F!P3aXrl+mB7a_M0_*y=j|D$1_}cE*gkWHO@J6Hb=U;zD?VnGa0QI zw5@`h6B6mn>5F>=D{G=o8wqhNTm^GGCiv=A%*~NtgDPF~I3opz)aNcTzXHXFwq5z7 z-M~bvHgLZ9@|ZFAWg%<@3pkM5D8gJ5K+90`oaX1C(Tc*Lfa{%FzLXU9A;TEDi?ONluT9jc3- z5$ZIQ16vp)_0hEHp>dRtW^gAs{a!vt&hIK-qOv2TBz2V zIn?9Ya`+Hjc-USMn>HUJ!s;q)Tn@6xx>qpUvTTF%l*it)_N_gNoe48g_a{StPf0s9 z?bq6(##gAnM#=e(?>RW*rg&4QChAMXi;+@7RprDH=Dz+qW&K0k+^miK*zp$75-O}7 z5aWx^122)!ZSJK&H9H$k4zw!*2`nsIH01*UwKRGAbBFdMel5?q23P|We)N{};S7L@ zT$v)B5ox#&TMF$ic6@Z4Bf0yyFu+rC6T`+!zg)cEr&r80bmz_$SNnG(&$iQD9iQu@ zOqBmnfwx0dxA7sE2^_llE8;)B)_>YExz5Mn8t{0HgiVym^Pd6AJ9#y^S{d`t{{!gn BH*Np` literal 0 HcmV?d00001 diff --git a/2.5/assets/images/logo.svg b/2.5/assets/images/logo.svg new file mode 100644 index 000000000..ea3b2796b --- /dev/null +++ b/2.5/assets/images/logo.svg @@ -0,0 +1,179 @@ + + + +image/svg+xml \ No newline at end of file diff --git a/2.5/assets/images/manual-guides/mailcow-bl_wl.png b/2.5/assets/images/manual-guides/mailcow-bl_wl.png new file mode 100644 index 0000000000000000000000000000000000000000..94f27fb058c32b5b99c6561c901db9a48901d09f GIT binary patch literal 56090 zcmd?Qbx@n{*C$+oLQ8=F1=?c4+u~Lz6ljXOyQH`~1Sc(&V#P{vYjFwgn&J+{9g0H; z?t#FDet*Ab-glm7|9JPEo!!~JXBd*}mYj30qn~r`5M@Ov{726p-MMoIUq)J7_0An^ z*quA~ym0SfR^+a}O-n`=(Z--G*w0WTe>B)tag9t1U~khqIY3Eo)B} zOK4gCW=q_kEak$eYDP(Ng8TKvX4nySn=?`QrDi`0mN}Q)h3!5Rp>ah%-s?HD;eCDA z78!I>IeGnIr|JgUhanMj%-#V3{(dNB17O|#XX)Pm$0gWH+(YJ$#=ke;nR>?(E(a6A zJ*4Rs{=4!qXtnu}=H`HgNjKUu78E6VwM1xc^UuYEL(r=(=o}mhH8N^xXI(C0!liqy zTsVFl_s@Ci;+w0Xo2we=CI3NCh<>}a6JS*diW;4pqvUV>=jpExZl4_%7UtsO(xdhn zCV+d`C3<}j#?j14@ee*H=i$uVb&v={D{o>Kv6@YH*>cCod1E(%E1A>zSzLR z>?!8>MOGsZ!20{q7N_sui;&X)pNoyL{y;SxcjVOY#pq&U{F!-#@6pipRenW!V*K`c zMLHxDze&K%u+wsU;xApltXXR;0IL=JrU|sLqwuVR_nf$g*I`2L$aAk<@Ias2s6HS| zLl5UKp@n60ouH_jnQ2kZeRvAA1PI@rUV2I_r+(7r8w;V=+_>dw6LuSaDVfTN<97g<`mH0w zlzh=c?zqtFlU&2MLOe9hRFch_?!V^*FZ=m#Sg31+(uI2?f`v+{Me;n+(m%4JhO3AMnP&z0j(Y`XP22@AZ(Ij0v05X&>dYh7gk> zGx#;R^TVdCe8eMn>c1?C>ny-PQDB-Fr%$4n>pXQ8B=JMd*Gl;%jmZ^%;CNz4 zNCk(VTI2O#Sx6tr;i7zhDj!_Z9W^Dgugl84va;<{Yz(XS>u}kV2$C8-ZP`pdn9M;i_nAZ<)#E+@Uf5^ zxm@qlP(+6X);Y`?*ree&!Lx_ zaQc6Fj}LZn{A)X$$$YqnV_d?SL6>{r8__DPe|Z#Lt3+UMW)&!koSAH_@WsDu%QAmW z;ThJ&j#7mX1o>DJ%k_s5h6Rk2+PPb%C6kg!Oq=(8FYNnMfND23x%zE4gjLj&xB-BoAVX^TxW< zX%pBTQ3AIW2DmS2%Hm22Q<+O`ltEK@9G;$((c;0WuNE`Y2r|hnt^YBAcd#`DJ}$(s z?Y(5&maDOkUteBHoL=5|K$Z`uC&3=;$UChF9vGmmes}AX2h!V(kyze3ujcjk9o`l0UhB}gj z7E9AUQp};6^c-A62l{+p2OTZ*C|$*;rivDE7^NLvl0z^1@vJ{#^m+EC$WLHk=ij<_ zyJxr%d82)PzUjkUyHS_apDu0bnRQ1hnuh`fkU-=*dehv><`jlvgJ$kji#npdLs z4dY0>jwjCw;MZGc*QfBSMBRC?@X7K}5pFPGp?>PRWc#wwq$?dA?;vu5p2Vv`woo1M z<8`I+Y^x{xp(jrwljl7Dst~}ePB;Ll2U7o+JAKQFai_Y0|5C6W(?p|ibU@*2=K#qzRCMc^yWx(0MC{+ z`j8Gi@K;=Vn6%@EukS$z`5g99Y4CUQEeFHfd!~qS{qO9A6&yQ8Ut_-hA``o%LOnYu z?D*CVRwum1_usVe*DTa1d-Yb_eRu8xy$7Y?7iO5QG+Z9h@iDz_Z38Gmd*4p5*BM|^ zuXl1G*V?n#pmx5_xw$!->wTP~=Y+A{xY1Ng&**w`PDm36ZD6w6neR|)>t%+^Ga8s5 zsno^XuzMu``;@+1%rq3;z&JhjXvvic_t0^AODVAn^=Q%^bD8bOYCQkBChvF}-Px$_ zCzn!k<@pl#w&Ve;OXZ_CXYdO;nTNdT5YS;ZGyYpRht z-zaiRzFty{NFR_;ary%-LsR)o)wZJscLEyU6{-|tp7lCm^CJ-!NDT?2P1X%^wWnFd z)(v;Y2(h$99Oo+#H_6xne|k)CmNC_4?P{r*fFq{Ig9_)-(Yis=cM=D}*#5$xAnr)b zOnnT;ww%Lv>2dvYrfyjoMCG{bXd3Nbz#j9Naxd%-rrmG5*tY+*w4~j5Xu`2_vdSJS z%hM6EJ$})LPIGrO20>*3ShLvwne_>-RGZN{Tc#CZAx^)1?Z(&9qHli3pP<;Q!~j{} zkGRuF*QFo(s}BmN_9!HiQ-u6?$jLtP@q;oQ9ebGdG}<$B_YZsjv^K=914SuyHE?5r zO8Ne?JS@;7b==pcOfKiW8J^F8_wn!VjjxBb`63|C9Ne{Twp0f~6UJVVWa4<0H?#*O z_7~eOvXGp3$ez4+SnoLq^UpY7&n(Zx!1G@bKb`@qy8^;IQ2x%LU>Pd zuP#seGXbxw>zV7Wu!nuQcB3Y1%H{!gBC zTL}_-*MrS!*a!2=*(q0tqd0^R_u~}hJ^3`DTIQH(p0^a#LC$bZy@aRTre2EiHh9Yp zbuG2PV0{l&*5qdiPvnvUJATGSnDH2Hv{aB}Cw^O~uMu^45Z4WqHvgl|zU_9}H_!52 zWSj=}^uI&9{Kn9cZ^LTB*9EP^?4kSg@6~^_P}HjOlmt#k!$?DLUp1%nAgL!*0HhV& zu1(XyCF+Ba5O+bvgcl*D=L;V_OwMyWx4!AsI0S{@`{Rxt#<~c}ujy-bZo}uEE~

m`1^@552B%4~SLn;UkubfOf+e;DDcEGVjuM`;&Vu6DVqjSLUIIe*dZ zj<-&mT6h2m0NN~Gs6!@TWh)}?kn|o3vkkD9_i3bjQJaJf$sDjd+$3`6yi-~SuAQGv zQQ~LPWl~afIO~Kl!+^NnOr=Q&E18G>tb^TM+ve#sY;&-@9s%pM3htcY*Py6R5395W zMTK8yr3L`;)_Nwr&U{u>3=V0~ooNe`OnpVL>f|1upJ&mji%nxmtLJ~B6kQfGBXwDE}kITk1>%OAM#v$5w#m_uW!l)lQ_^1Xh$ig)E2rV3(sm|VR}5JHLi)u>(N zCcja7m=B}rR{r$mSB1&*nzpgk9Y&>yxFWfR5v~#iOpQ_F#huvvevTeI^BULr(zu3o z13Z5gz%?#uKzV6Ya@HL|1>S0&((iE?M15}y`f&n^+J*Ak4UVnxNS%rvY(`KCrPo_l zF%ah9G^H*Nz;}g@J0;4dR;Q!Mn~$b4hxB3TWFutSWo{)a82>Ac(MCOX-12XIE9a#h z0X;NGeJk-5+6SQ5A5-~kkhO)t?q;4-4a8N4y^|Fez_$abt1!V^xeG~%>`I#&UI0a9 zBkDG|6LU{ijMab8a&jR;2tK1K-Xpl2n;5?~(YVg*m-K^nw_ z*domZg5**v2R3BdzKRn=xSnH(9yD=&SoVu>@cUi}dVg{HV3XvsD~AHkDN^g}ndM$` zZP}H%xGCaVcW_ijp_xF2Mw2i2a-J1N8~OrIVoN^#m5&q_=$>Z{FTd}p@);QFmOFQu z3P#7t8(#RmpXgTzM?#kiBZJS{4>?lmNL>`R9)L{Qkpia0qia$NQ(c6;7GRHMjQ_3uJ*P(_QCx$TI%tsKFjVZ4xYVJ5} z%^Yl+EWU9a=Gbvs+i%H@p+6B4Xg<_F`?b0g+~=WzvlC53$OH!TL3hR})~g)FkcAI5 z2NlwvZJw$(DeokYYxhvak@_t0)7RgfJFC{V(QSBAoLmt2uv)4gLv=nQ(+0NuLSetXzXF9Z?Mf_JT*PAxEd zbNL+tb1sY-;J(`Dy z9}vI!PeZ;ZUVH4G29Za0XKlyUh_;(4oGdp>LEhG%jfZLF1VvF@ zir4#Eh%XiaYZ_KU_WYnjT5CxiLgoX0<^2A@zB4j1_CCB$a`wWeq{tapmkEy4LM_GP zGvtW{-+b)O8%{wLr!<05F4Y1t)(eup9j#=1zk z>+u2O3=l#Ucbqg{UrPvbiub2=N5R}(~P{O~hp z&ry2pbn``QT>Y;CSQ#58hx{cQLNFDF=a034b&!jtB3iR6WH;{v)jO@D_Xi?0dVhSY ztYU+{651TRXZ_ZvsjGw?z61V3Bj5A_H5E?t8QV=^go3JGJBc_IRdS)ly#x&2oKw;j z6CL}t*SR+EYD%Y~Gs2q_*Lm-BH4NfND{kO*a{ZoJT);+s#CK(!A{_7hP`fLFDw-dW ziw%Ofe&u6oRZe^XeOLm|^rJY7nSbPu8!gILGAEehlJVikU8C)I@}8X#)EJFpG%=RS z3Q_Z^n9Evm-bdS}D}EJ%T)(GJ7nhP_SKjt_k^dty28%!;aR<7)o0Y!DD0JYd7&>w~} zBR!;C_q%yz!}UyBRmrteH7A@fh9(Z6DrFqqD?A$SGzxtkhI$HC_aeWhA)mWg>!!|QROos}8QA}A zf?Z-vf#1H64sL#znR4rLAUf5ltN2^T+R3%a%J5rzlIOH;pT@1ss4(T-I}DC9>kNuY zV8P#Tp0ofv)cVe?hQ%FMNwEJY*63$y#S_<0ti|LrgoBjR@Gc%6vlkCRQK*i(^p9ui9I)<{II>zC9(^AfTz zp{B=-TP_R(8#2@|BSzOH{l&qd(6{U3eTJrQV2bI_knZrCBy6VF*i`rT6HG@q5gU4yinQtg(-vfu)StSY&OZlk3LlU1g%9!!yCTL81ObiucET}9(;mqN3p3|MdV-sy+K{d?9pb0xgR z0BU){UJA*2aD&H+nr{u%6XwK6J$0c#gk^>N>Z7~Je=rH?5_Zs)`55JV@>_KXD z7|p`ONygO|ZJAQHkulWTIo_K);)Ez=6ZX{sOYX7qQJBs^YsHaX(4hXyp)JH|F^t8$ zi>~0?Z$l73M)KA;ST{-xUqs?KwhfqY>~j5b*|?#s(c2AUMKT6@ zE;VhuR9HGMj(4Y)(3vi|ozYU&(g4$og;l&|{{j(3LxW-8v+~$l7xFdoer%-|Hpj;= zTFTD2h}kRY*bA#20a#lTTpSa}u1_`S<=^NZ>~LB;b`?i=%JUnO1RNF<)qL9Tkq*+< z@Pu)Z2J5yFGHtBVCP*sH+n*YELn7;Hie#yt{nTCr2K#O(rcynA6bwr%*y3!+nwiR) z&Qv4UCPiR&<+egD-66($sBa~Wu=s^KBmzaj!_u)i?Cgk0G8d8s8JbsyChE#D`t)|n zq(ouo9Xiz51qakGbbX|Myw+PXhSU4rkf{jj_GIumA6J3Uk}*sZ2LzipOm&mDfDL=C z2PTnwcJUh~RLaGaa=J-3L$gF$azm8`?oLpMl^0)<-~0?wiMQ|L)=6*X*Cr47@)wh1UDGZ3%64YR|vUNvY-Y193BIER}RwGy9$CR@MW6 zgno?4tIP|WR`fwxJ5yV{GsT!K`Xos3Pf2gvhYj*q3Q9brAHcxYWIfI0myHlSo*TpqI-7N7FaUhhOO0+^ z%4dnOc;KD>)LHGFjRC;)=e|MHERDRsTBy)9|1hKlKl%JM54GmFG~!M(Up9Jqt=&%Vyw=r%iHP_I zb~@nI3R^R=Bz!&|0r?6kPX!c?6~R}Pd(#W+gw_Fx}L#rMaU zE3~?T_?_rAnZR{w*@`<& z{DI~0%K+xF%9KcvQ(bi$ekZ$`xmc}+ld-f&pOX+Yz1oD?&7%O|@=CrI{3u~MeUCEf zNNWaX>-)pmo>Szoi(ClInLw#o0mlaXk+E0xm;y%D3Aj-`*-vie`2k z-O9)!8C(DBkxCZ^NV)~3?6QHly50ZAzJ_NSYkkeZ9~kaUboyO#vI?YbBY z)CBg+-jKa&t$$(nKS(k7^X>7`?$f_I7gJ>a$1P!map?UIn;uO5rOsdfM~4Caho=bs zZ@;mX?6H4;>U@n!SA?&{M*p@pVNOtEYNSWW_4+4IlcF5L5d1v>UOPi}4lND{)T|4G z70J(I(EI)03WRwi7dY!{URF64#D?bVi|EY=sfHt0I!r;XWJh+JT=njD;l(V~e!j4@ zFr73-1RYi^fLVj#$po06^i=h;S)AP-Z^Fd}i6}d~b^o?21X{T8hHxOAJ^Sc{pMZr;2l$DHxw%=_Dn4t#nV7XjWENAu)P~``cmzgU#3s z&92>C_N5*QFR{#%YixjQFc8<_+}PBgsj*NmESgA9q0`j-Bn;L7gw10L?lrZvO)QVx z-t{U6uXo2<&8Jl*J5yygtmo4^Jl^f@&8Gzs5xg{5AR$5p?mJ4CFyl0a+>D@-O#$Jzf`{N^mpNKdV!nq#SMcY%bU2z zll8`Lv#6XgKsN%*`poLmm~N?pDf`VcsODjEPG_Kx@oVmMFaH8EiFYx%; z2~Kyp!b1F7(-vAQk826fEGfrZxoksMg!9H zJG7`rS;op@rPAy2F4<+R0jn*?zf6|#%e3Z21)Nudn!F+TmeO6?Ixq$^OyvLds{O$& z`V0C(i+Y|K8Vu|X$S0>J!eA0p3kzb)jY#)9)D#Jjbw{|br! zeC>U}Ra_G7wT-B4{|7qZTHjgJmm~ubx;YGjj+o)XEx$^p=dM?#+5PDdbGp+?HFzPX_U|uVScn9{JkPgWSOeo=Mn^bw-UB++hUc)crXzasZj=2cK_a;9l)HDZ7B7_1aYwPcWrQXHY`5)t>G3!az~v?^ zkxV@B4dk^K18P_Q=$*c=dw+B1X2fTK)`9?_7nT&v%YmK^x4hBkl6*0i{zJ#X)mpQd z#r#s0ED|$c^>G~I*pw|lSlJ&+@Tq7m15~V<-(Gb7Txd#53&}GEX zm{p@6%1@jLlxkey&nZ&Iy&dftsj>pJ_b(m<^xz0a{CP{zIp@Ptk8S>~6qU*?`+~qSYMDF~Du0IpOU-fP~G`Z{e z0|v0^XrK_a=koaC-0uKTnt<7j4}GA}9T@}vi^El$rZg|=fz0sS*}rbvpy2^1F2^)} z&89@LkW;D@=SKjZXhKR{OxAe=31X1n<1!KY&DY zbEu)Tn7Na8^$>jj^T-ageY!wX5Y#|L?UT<=Ao(iyiKk5Xlwuo3QP$&9QXirz%+^3r zzsW|uG2=QPu$KdXRyA#TI3t0Iz3Y169b|{j3rDF3^pf|P&&Gx6_*KUep7;ar++nbq z1qO?pL3eC2(v8;Nx#jtVppN(M4JCx_@$wR34WCU0o89BzX2^7pGveZFTP6 zsJ2d&sy{GYQOOtaMJ3L@@H#Z{o@Vgut!cdC0!87}oV4c&H4i`CdbasA!D4ZS*$gVE z@pBmJ!C53}ihSJfQNMp+H*bY|B9DQcx?`uDV#a{ot;n(PH#Ou=N|9LkH_uHwv&0n} zG4lwOr}+K}Rv-+nKcg)0U|IBqq7On5mk!2=OIOb*)l9oMcM*SS`1I{q!&w7%MI|5O zCI1x;5}obU2Gw@(0*DW=mH!PYggwtRpuf=xNhGUfpSC1(nIL~1`eud87`=0#)M@y< zb;{=es{0#R$n;wHi12CTq8k|rp5Hlw#QF%50XvFAo}1=EM< z=UBrW63khbIL?NrVwdUX1#`wG_^knplqy6?sbF73AiXGZ{>b+qPwoUTwL(P+HVA=2 z>(7-YpI{N)wxc3;DMAQF@nR;rBLkG3N8fd5^)%7fx$5#bcmgB$!@1*UW!ESZFPe*jvs5t)5y#1waj5aa z`9*YTmnu&b&MY*T46T&HOxR{D9uX)e zRf2~OlQh>XpYf;0ohq(#^nDX3`(VhfHRxu>Jsm$tY9ZUvW4zYvNikCJTs7CpWwr^| z>I5_Ey;?nCo+-4sZMsGt8tbAI7Ur*Sg_&k?c?D)Ql-j63x5fAJL2o7*SH2BK+6T_m zMu;bmrN+52s9ru~;h3HM_==Pm6m_TON75Jjp%#}(Oiz-eLy3G~R$DY*!$acr{__ET zw&HQthVs-QLNfb0G|Yq0D2U!}Dlx;2JhpJeo*wjSMd?AqR#jg{4Er&EG4%7L)&uUu z2%=~43Nq~<0OGH$S-Q8zPYl|3J#B1r9{R&9`f8mfXt((bF?`+wMP0b-))oyo@Zn=R zZB;gQI8A1nK0jZGMWt~%y1D3+=J{+2Ui=NrFn|i4> zb*p2NnxEV%NANnPNvINchlkrT#7Wl&yzSUtfvrh6LPn=QsNg@)iT^4mC|aCDuhQT= zrMHdkqc@T2hLp}q!`0NSo^A6o^}VO@ioqY)^Li-X;z+irmBK!-N(md3^1hr`sL`7~ zIaR?YM|&u&SHr3S*zN4Z8MF1Y*~)N>=9Ty2%eC}A57B1Ty+*ACB{g?6H_y+?ptYsVT%Lj{zMQoFy zVg`ef2#E?!_QsL;dB(+~a^E(InlsBC=;Wt^k@s9&xW;x~TGe~vP7Bl%m#ZGxnu9dE zBV94RezgM3a205-$;}_}4pxqV*u#=zx7`VfJ!L)qbO!2X8>?nlqf&}F8(7mc&Nl_bkVfl-+x5&xE)-R*{TAg7v^Rc5e8`*1iA&2h#+8$mwG(o{Nba)*pTN>fNy;VS1(dKKVd;~%1*Ln zLGf|ui|#N=7JRcF8Vye>WGcgV7NM1~=j!t+#v^rQhk+v=zIU_F&RGsa7n`fe$I#p= ze0iFQ7y(Z#LaLRXygmv6fNd$A0zqVBg9l1Qt(4l(mgfVPd%BF8qn)Y%#1WK}%@-?wJAa1$ z5nBB#%WR@~Q7*x0O>HRdgL7G$1c^XWTgvSZ@UMhAOZ=dwWx}Fz*|E`2&#tkvk zqyB#Gov$gF9nV$Ap*1T)6~a^@Qbu3asLp2abQfA(QARtATZ zj8;LWc;P-gVHvA#*RpF-G*WqN_)4AF8l2(?U}&U(47lmd z#O{=$^R-7SaPTS)gecQx-yd0ojz39otIL}MUYpI?R^HJek(-VMX!Jvu$%1jK$GMo@ZHW6*i^|3JM=x4pRmSTPPZB;*gFp8 zI8J%-#6p(w;6ymFKTTieCir=}5kgO=YIr~%BqiU6-Eige}J#`rY)?T|q>$b6!MX96#u-FuywzWOcW2Nddf9u(p zov3=Cs#t6TcS{;NKHc3z3TY^>_^st8<`PmPccXCfFcTqv_F>>EvJwLGGs1Odxiz6! zou+E9Wj?Us9{5@RDS;s%U!`b{b+vw{s+%UIW65K_&YzO=bu_fDYc_^-qr)pUnJPN{ zjB?aFfd+Y6?!CHUu4m2vAY!fD&;tIp`2CjJf&F_y^`lGS*tG1!t_tJ8HXKyvIQG)A zyrPek{ib;xEBEs8yG5hz4;|0bsMz&MJb9gV8O!9R=f1}JI^S6I(S+HB6TTJwEg%SX zotRv8=kZ2Ka%{CY2bhbd<_svmWF^~0suxL#HN6YX6d}4&W=Lh1J0#cbspr0M)z@Et zRDV+@z(aXp2H#I8f;xC;XQkz^M96*Ta>7bQXTIXcTM5F!E07}I#F%|yZGBACV0bJC zTWF=m)>}?mn=)zhaU!R^>%0_Ft^8;$%UGA8(A~@zcVZD;5~+QDrNHVb0pdpiuksA$ zg{jJ)^kn$$O3^hHC8brKc&Sa$BcfSfSrGQ>I{o?6GVixSmY4QWb26%)uXy-6YkaYm zE_#l&n@uFXZ|AJhLgLL!#m3xwMj^AZ1#p6Cr2FpP4l>Rr?ip>&%=XQ23&AvQn7cgv z9CZ2yf-Eln;hL|SL|Rm1<)@*>bO;|dQ?fL@r%u-HUi7WkdgR$aimmC68l!ckQi@Ic zJr(r1wDW3FL`i;klD+nf{tqkFF=>D(FQq;Z^VU%;B=>(DavP)roPlv`7p7O;Vf1O28hQ~!@FMMxE0D=j#Z`HwB;bY z$1l%b5jA}}gNY!DRGgMJZXg!epwEt;8u(r-wrqKN=JE|>=|+cp2@xhg63I-rt@yAq zc>50Iu07wUGI$N?^l19Z!G4w*1l7|t47-zWf2;Z6`nV9sG*7{z9zibZHJT{j71DXP zz$NX3rA!Vjvd({8$X=439%EAn<1uUA7j{ymWPM$pr|F}UMy?>)PmXFQXhQmkyujf* zpH*$3En!4{i~UZ(JxZ^pl&!Q%%W8O0Ca|WxbFFHopE7uo_o(Xruz`%0>qJ9h;d7wH z(6;&`xeU)&n&M%ai2^Voz_lQm|(zb=!i5lETjOxoG zXgY?a;HrpJf&;|a6os1T5K2V{)S1-Htx1Bo)qS0~`^ZHg$p*#7+loGdIGWVmUB4yr z1xNlwzE+7Fi+ZSrHVF%-|H--Ok2>~P;isABaA>E}ADnPQ%_=0mim|8Zqi%?{bi>bA zTe-@TE`%RQ&~;mp$$Q%9zmR=78(IRtTQE%?o6$^N74zvmaoU^gmYMN&x%e63+zV2+ zrm12J#djg$^6%8SDh^*X!C$4bhZPP6JTG8Ce6VaHQ>mW4^zQ`!*LQog?j)tj|l z{DXH*pt&`LC4TQ8@^XM6b>SR4;d6-%+(56UQ|tn@pDFcBHxY_HHOxf}5QY&%K8uqE z5u?tyKdCE2D2JXI{q?@u)XVf4C25vf)DQnp0T85gyQ%Le)x)1&eBfFg9rXqkPdR;n z3=`wHy>z|7VJ0<7+D$&|X#XAk)>z{E=B@ak&#^;b;yQ)|YO4<)3wphb-YtHq767LS z7`&LBHp(+~eN+*xud!naV99AXji5>mnGJXuJq{-d8{{;KoBtHacB1W8XPb zSWUm2Vt-~d*Hasm~Snm@q#|%l<}dyI{V;I^UD>&lbv4tj+)AW zy;62R#Y^+g?gDROH6c0L-k)^R!+Iwy+knBlYun}$5LI*mi=OIHO=IMI-#}iC0$u$; zRKbzotHK4x_W<#0Nkq^u{BdhIj9qYrM?N+H*@9QGL=^JVTsKywW)!ym5~;$+S-?@O z8`n*yTr?+a=teL~7@(Y9A4E@B7p<@Q!;CPh?@|bkI<&6(gLtg#;E$guVNOH09r@N` ztR@@MR_y%VSTL{fyD-iXKSfbUj$iP;R|IK**yi}ty-tpe&?IfpJa4gJGdJgfXRn!? z!1h}A$e%z>?UZ!G&;8!L)mle(c!p zj)60d@ulEI@oR&6bw3?9H7i$W3`OF{Jk6Qj%=7Xj56Q4c8TpbwdPLG?Ls7H|2ekaq)?gJbI$65iqCDANaA7u(gZ-D?)3B zCd_24VcvJH)TjhWky2;TEMr02>n2W=piYr~)cyQ##4SzsHQDMK+gDGMrK~LWy+Gp} zMa0F$)D#zVql?W=yq`3vlD5qmSaVLT$LAkcG21jqI({D7vbQT|?;2^qy!Y|CCMXI* zP&FIZUO=Vuv(j-#jzMi`X=k^}-b2R9DtW<(|N9@@9Y<@HC&l_@n40|sr)JS(^|II$ zJlzbc03cnH>89Km2`OnIb77;C3i^(j+wRHbl6Yld_LUGVZU(nND7)&zXH0t{v2FgV zO>4}LDl{cDwkwmZst8ra(rUde1=zwAcEp}kefga;f0&EiyZzqmHcN>~U7rxJT3d6= z$K?Ms9?cb_bHz-F9Q7<*FyG)Qi=!NPQ63*dZrh>0)45I^v!T|_K4Sw^hXpL~!r|e8 zpci2z|DeA$iAsOOxc%Cio#x?s&8Gt!4K#(cw(A5Aj~3eh`FJ-9$E>Jjk<0hIOlpTY z=SJwOpi6?c(G^~`vdR39Q%>V;+UUe=Y*E=4S_f{-?5X!z+(U!1=oYX4K&HjdKb@8$ zT>Z}9DdpDXYvfxf+m<=ClYQyVD0cp7I8R(nT@3!&_O)QpX<{U528Y;F88Pq~Wy8RW zr_z;NUo?fHcv9@HD5V@Dq+IevreVf*D^&hb>>z@3{F8Wytnfx2K68h0Z^2B^3xqWN z$lEA_kTKE*$_e|tUG8jnZ7lyz%Q8CB8NH(Q(= z4y5v)fp2}DFidi8`)PZ_0Z|37p!ap@yt@=0kFnFlL89Z z>tUCAO8w*>dXwvwkYPVJ&3PNIp}WI6H2wM(><^L!U$n@YR+;#V_(1P+T$)okVT$xv&894f;)F9X6 zMS*)p+qiXUfRKH6u69@P+>7j6n5NE!`tAbx@TT^GiL#$&!5|N%ai@ z8!PFZ`yp>%oS45yYY-;~=B+5q#}O67K}%lolvpy;8t+}FMfi(T=LbZ!pyc=0lg&5o2H`8pD$Z`p-N%i5 zg$o5YNvYM&EnlxUpQgRsB5Skaj4#NpxNi_%n3*RNJ$KKrcOF zuncS_np9R#0g#oZc@%#soGYDMS*ft+sBZmq7!)<79?B|O_NMvp9{sgqUhM9~3ZZpC zr5QlH28q77GRloCzC1?9KZ3-PWDu9BY#%R%m+!`D$wbFK zx#!wqC0WM%y+dh$(E}bEaaVZsnjGq5h= zzQ~trz3UTH$*F^%K5KByXXF+CUTrPs)fLs89h+($R67-$UaM`{bTQH|b9xg9GSmF= zfmfB)ZhHwu>XfjAptQlq&o@{}DuAm<(ADV#3oeY=y+LC9xmu|eAIb0z&G88;!!2_ z7q_AOig(6F(w28LJT+Is$5SE(i}rS3vSzH>D4IOo4P%BdXsWxbq8LvaRiqcluN|6Or|4k}ms2;}7yf@*$a+fDN=b+g6`COFaaaxql4~NL{ z>F8&@TaovULfVVp3fQI8T`JWJ^`8UCw^apXG>jCRsLUDXzfQ$SoIhR= z0Gx0u`>sxrJ!AN0@j1cj=V(DdQJwvliiDZMcV$)>tfjSJM^;EhQe&rcP1~B3AXr;Z z7hMkjrd?$sw4_qSq4Fm~b*Onbp^Py*+s-S zfqd_K82R9q)ILhjT~6+!V29)&o@IQ~cjvY8?TEtY!B750h7ZCrbPU>M&9PUpvQ{w&3Cxk9*; z1YNdHu)xBx9X2n*;TL9-)T-fCRy=zQ*go?~+S95YNl7>M)U?oNtE8-_p&FVoLzV^I zZ^9!D?V9iybGssuQI|qAxSEJ+K@o)+(2tYfW5|_tO_0T>)mFgbotZTqG_|F0NlU(R zG~;6Fb1@BL%sXeHKiEH)QH8{gr>=^~h=Kh+@3GH-Zxz#R7HS)&sWVOEOjzBl^DPX@-u z{ya^SiW1`pVI8hynAZ>gLm}<9oms0MHDpZ0slroA7&PtNil{}o3iK{lt+;mIaJ^DM zR_dk)QT5gZg&A* zQ=7Tks1rzeZ|OVbs5ffH4NRzd>Wj$sLLI+*Eo(Wz;f+(F=cU)kPBnC@HwkrggTBao z=0rBlu-5m;^O?mGxhae%6?IoPs#awidLo%VWPS$mVqq((pJh|k5Q#3#qCQ}uIn=$$ zpr*{Do@9V{(A~%?1s%O(682LP9#zS{`BOo)B(?fQjb4OGw$0$M$2vQ*&=@+FDX9>n z?wbqO5&>IRmn$bW<)rOtK<(!mQ%2y|?W}d_%%}#%JcHVpy?8>OSA&|?vB{`sS}G<2 zfx)nJs`>4ZaRUCEV11$J@iM%VHgX+S6Uw`aPqovvzW?e7L4|O)o7TYHYAQeHQSA#t zT@^)g( zl5UVzLb@3`q?uvpPL&Snp-Z|!fuZBv_&n>p>v#Tp&pQ0cA{N|x@B6y;_q#uvaGk01 z*q!d0-Hx72(4$nZ^jCk&^u!Dk=RyrmWmk8c>PwJ?`I*_S)Pk?O{t?hw)9f^!ozN!Y zIV|WklxS zl}c6Hv18>4cOu(gnwuHdcOXi*@0uwgAkmiY5F1hH8XtMTiHlN|agsYVQFfTJL8l60 zUt&E1<@)kMPgl*3Y`;S1$8cdyJFfn0;JUW(P{ple^*NW7xQzI^)amaT6QDzTtp#oB zjFz+(cB3upm&0YNe3R4vc^-VBD2ZBA7!9$?m%d&WR96=%&5niCy}_2Z>WG#EP4X_p z;gUb7e8j_%4%SCYh-Vh0EfEGKa9g7cosfL5N*901>NgfvsaJ<66eDm#Q`_f-Xr@lW z*9jC=2D*EOI@j)d00o&p$uLZyjuApJ-pwsR*=GbL5-tmoL0w3L(x&vvG5EgLApb(! zYlYJG=&i3be_y{kmv66Czrky467P%os`&M*wV~Y#om!d%m#`Hl3eBp3a&onY3SW1Y zXwMP&Dgo4*Hmj!UcXH|XBtS9G6Q*2-`PJL4eAE}+`RGhb2sYZRZLK8~`JZy^x({sF^8prrz1-pz}9~sEpYg7Sy52xzMAgw&JcQws!ZfFLck2F~f zUygXM?;q@l>chh>n~#p}wWpCQ(^JFJuGzb8wB{=2QnR-A@cH;!vYED@ec`iq{<;VD z(P2xAH_5nWE28f7{?7PfriN)#M-&+Ve^(-XRbTwEOPl~RFb@$TP!gY_vVSOi=Pz1uD_pS zZmu8h+kFY(E=NoF1gd?L%wH^b5R*aX zP{U^k?T~j1FG!r2=1Lp+7;UB;Hpb#Hr-FgH(prrRaoZvJo?<8h9_DlZV@IZn>RmRM zYM%NSGJzJgL09`$GU?RFb28KRCZiol26Y(|m^$BlL47=UoCn66Ab<};A@RP$KLp73 zkw4>aE%A>Yw{)Blkg8{JA~KYfyIAuJh}8m8p?}JqJgfoXQ1+(s`U3j%rqBnNL}yh7N5t0`SmRr)n4e5IR|&ejpWKPCDX58H<#(+b!{aINE=!rHRw* zY8N>@XZ+wBzn8^hYHI24R(({m=iNVER4*??D&>PoCZ5%IAO}*JDV*LZ%Fmf zYeur@#XjQG5e1S5HM~xhTDrxG*L)@7RPXAWY^`^`ehcCM6J;+gM5-}eT1dS_%d>#( z@b3P*osZYY2DM!TeeWc%f6q?lc~qflRJPGR*A*TJoS28?X5BSw4<=h$SX$B#wI=%Z zTB0?P8lROE*mSL|6=%p;XhcrVy9%~Q;XQs>(Wg%d@t}0SSC=X6vm+M!CdWkzupZ2& zr7BF!EpR*L=*_9uTMuCmY!kIa7hxRLQ|zREwwIpP%TdWLI*S>y4nXnVV0x+_F{LD?!qqtpqdlG_L$PzEmF>$jab$uugAtAcm0(+U{zzg3Hzm2TR;XlEh;B8_N{w zuf`fz6k&YY2&6^GnORj)|7Azg*`uV4LA%&foPb{{C*F%c`@pwG7Xb0$IC(u#y-m<_+_3H&$94F>CXs^YF$YD_PupEBk&y^ybGFZ1$mOGcIpwrELe_rC&4iPpqz} zdS3|^10aWYchTO3Dm%%n90ufnChNbvdAg$8lbbzV9mlqCIf;2yGu2Pkt8>}{~Yq}pAoDbriGo$7XbI-lr)=^hdB^SYo-vGDs1TJ7Ah z#EXF5v8-va`2(?7z`fGqE_#h3vVFjt@6mL=_=;mO1i za53Odu|suu2qB)R-r$a16mq`=MW1hNUm3`3^f~P=r0JDi={0C8?i1On;wa4kHkDBz z*h=3%t)eAs%F@Wo%}YHp)g423`IFxQeic%O6M#??&#LfZOO~3shlAO`m_VU7;Imm!*J1%)iUSAgWPbz% zvMGNpMTULRR`6fzf9XfX>;SIc6`YhwFYT{ z1Pw|QBPq7tHP^Gu-H*bzsWlD(<_Vj7XGk+x$L#6}16k4A)cBP|2+O9MdgyRAWk!Xv zlk%vC?rSEIICC8&Z&S0TZ4Lf-HQwRej2)W>i{Y#H$L*mt0&jIPxF{vH(m1mIXtb61 z`xHWIl)aau5eN%t`;T$vyO;|yMS%?SR3~fCi|xg>(Nvx5EZw9H1(GLMrZK&fL3tm2Xd~o@zl^eY(6Bej_q6;vFy7qE>dcg5rp4K0 zTvJR)y}9U~LERELHM!x)PjYgM~-Xf46G zoi1G|x-iI$YzwWfI8B_LK zIzb=ZN!cSk-^+s$wnT)#!wg#5c5BA`qSTz)7XIYzb|lqz{5iHr`v(&18g9#&+qsyFh5+()6{PKq?M>=#lKpZYk$mjCuSFOSd(VIHfO?r?<$?J zUFY3EtMf=0PrBlVY*;N!tgK(z_~&3=ei_I)wQ^%ywONzUysB~*R7L3ad`YjxnJ?kO zfVz-xQr_Wo*W#yY555Rf$v)2%UjqhBwH9j~h$V9j>tsVB`KA3kcO3;MqPOQmwyv{t zWG`xEoipWxo4nAIdHb5)$%rkKuv?ongekz7N?Y(1S=pivvZqFY<}1+!%CS$SA*-s4 za4niBe&}P#s0F}#>6#TU^=XpHcm=e3R}Rw<&>VNeY?Jl&b*E7+kC|p)TT$(dPaJyD`-5P>cj2irYX-aiYwN@*>hld4 z4SLe7!&DCtpvHN<0M-^Hqv7rJn^WWO#ip00KnmWpW_n)@qFLgEFIc-qmIf4bcQ#4n zO_00BiH-NqP>jy8>!si8{u2V#sK4RXnfJa2PNq(2hM}8cjXltzVBtADac^h)V2fW3 zw;7ZnBHTJ|bnMhmWijZ%*z8-}#RFdz z>kdJtFAlf^m9U5Lu_ysY4N2Sk*?NX_BG2Xez$mmgeUV$_{U|SkVU~+98v@N8&8)v6 zZzick_V!4&S>r3;`hBXPnj~)BECWh^b!#9Ay*#BR3ojPGCn1W}L*DJJ=j!(cz663P z6;3;cqyet3_U$ii9T28)!SJgpAFl;|HBdiga(Hq#Miym7dB4x`#f|czjJ!a2r}$B9 zw0P90U1Uw7sjkp)wIB^37%N3yFE8{5_dcJHsrf!tF4@)oOs%?9XG5n&AZ3B$Rg(IJ zviYgHG7nl*epMGQtNp9~HQ%aw4+qQdFsx1N@G84ZKHm$x%LctJr)Qi4U z)mCZlIHUvoG+1DAn3*i7*hMCfc?R?sx2wgaobeG)Nzgpg3CupXgM%7gf&N~()6Lqy zbA}D{Yeykm7|)?IqgSt~b7z)WlbiK&uqoWP3^K+hC|lJOxXD+&Iz%R~&6*{Yz>6v@Hr2#6nHzs?Jx;RP;>D&3-dB%n z7j^%e{MyyF3#pgeHf0|*V4;21b5dZmm5-<=Ti~Om2<>0Fx4;zHEETAKlGz)CB_^-K zPn#*C@;~8uJ5vt0vaW&}n;XC94Ujk+W5tex~%9%4yoE znfVn3WfQy>_Y~u&*Jiw#O$gHrZp(fdUXc==E*8|&uM{C<9 zkg9LVyav0|i^h*EW?VO??v&Dyv~KRLLWCD?2P~?cGZ%jl*_5nnK!$&@Yvsg-=y=ZV zyU71F-^F0B9r`uC8dXW%^ze8!l$nl8|MZ*8O=C9luaxM!xJ@iyzVicCrDH8W2kW}BsM)O)I0lL6px8V+)#`hC?lTL%hI+DCEx%N%HshG0 z%Yf`Uwr?f_v9z%=OWrVM0K;4>v$e7d$M_RuTy)eU5tvVtH;o46=Y+wH8KLo*Y3HTc z>4L_~^J+>VE|LIor2*PH)b}m){&@NAWp94T9eu*2*+ii^QY8x;sb@4 z6iq~J0jZKX{kVYlv)BQtm@i$9?#oKI&CKGXw@xEX3FdS!+6J!m%5NbaJ;hwnm#D?N zsLn7p`uh~A2~~{5voBjONW1AuwCh7gi0n7DKPzz`YrKt2yEn*y^>gMm;x`xV)*|>8 zN-j-K`PW^yV@ohI+V+Li{bhK#`^+s)gA|PftKklPHP-ZCI`H~nB|}zP!HDu#m44K| zG%xmFjNEEI5hLcA^a$BuM!et|yEvMv>FrT%B0ckZjWshZT0S_Vx}=g-9}wg;B|lk* zV6-EGZo$n<0_YhL9JQ9G{Pu%&dbpBNwb(Tr%y2vUX2{G8$plkzHE+>@#Ei>Zf39sT z6JE4D3~2v(0*ZG+;1O>lAqE-73Lz`l^%Vx))c9KUql|ow-90C7e)o=2;sd8);T>8A z`3f&Q-4g-={-b%SJTB!d9dW6pea4qjObvQ!hb4P|2u9f6GQUB~Y+vJiQ_Zvisvn~Y zoo&h#9rbc0uy-aSeR{m9m^F872~eTu9L0{~@QpfOGDwcC){stR;ES zTMihhX}eK-&%kT81zzAuiL=e?<+RI})`^Akc}Nn|f`#&> zFEp1$<F>Ui)Kay{rbP6s3^Ce~3rOu$_CyALgIR#`7T3rzpTq;@ln%tWy2_jZ+< zPRzEkvVe4QaqI5`qk5Xu729j{vVLjE2VeOuAETf__Qsu)nI1@NjCf7*IBg>-AOPW< z%;}0vu=3sS3qNiCMp^1q$yk^~s=AP$gN5vLl}^~LDoT{Q;T6Lh&t^1%2&s;cH;;t|88ch+9bK~cE4ctYpZCF_gty^zDmA$9TyKuAz>yc!nn-ZLwd+EzYAt4Gj^(f32s>z zNk`9hSNXnuA9Xv2jB4h5$Qn$b^}}X&1_HF}k34pGyY=`zsu=2qa^g=KZ4{WN(%@Q3E4+A3L`reN1@QMFI_80~eg`9k?~Pc+_i|w^oH)Bq~{rMnyU* zUSlchTPQtaRi}KMl>XT&YP4Vi-J2nS<fA=_{WRh*OgcL(Y+E$4g&hYKhO^7 zA+rxK;t71^AQj2+Z*vg2-z+26_mb z9@5)8hji%2s{@=72&ikEl;ceRl~dU3##z<-Iwr~)1M+zXqBJ4?AEA{a>;WTFZO!_L z)pbN(+dd0z2rW<7?lS}>Z44yj-R!)c^i*7!gMK1(JEl~LJT3X%v8ab+Gd>{7ORVCm z3|=#)2p-}lwNIXqx$7=brgq+{LZG3t&FA%=S{A!VO4}L}V+|N;J~^K12e-~?uH(s& zP|)T6&*&m``@G|DhwXBeomtnWI-VAvV=r%Q)m)@L_C03m)^dX?Os9y=9iJpl;G5x>1 zcp8w;lci%82BnE;y8YQ`5Y~>>dBTERsw5IRazv)92@+TOm_<+Du*EIni zJuV%=9Plu1U8|An9aR$=9ygC0E(j^G58(#st?@C=XeIy`^lB7WtP;4CL1tj`LQ!P4 zgAMWJXJw9<>X)Bx@SjTLkD)2O)&yTBngoe)*)Lhz$h*n)3oXx16oPe)aye;k98I1W z2A|I7?7)wO>^3Vm53;8F(vPGD)JuKjeR9(|(Jzf|RDiKbdx2@>eaQf#Pg z(HpF#Ap&pFc1ExbVf`+0tv?zXafe1!y9mW!B<4tGQP${wx$sy6Zg`(k7AhKa75UAd z_(hLrBm@EP#Z-Cn3cH}RNg}8vo7)-4z6VDx3WyyV4@Bp?SDNTdq=~UdJ9$68@Yz{; zB@~o>JAF>VfYB1#$ec+TQE>~Ipvun{d=D0S-25AM^ro05-yRf)80xSFxWc05<@tXj z1+&wjk5^pbG;{SGv=iupqxdZ6^39m`?oYP^hwTR4h~||_6d(!PEDjIGfzYArKOmN7 zja3!l7JOQj`$SZd!lCC6y1vsd?*PT_g%0%5749cH4BS~(eH7`2EY@YUNLKgG`xoD2 zABoid=d#l6B0p}D?jPO}N9vPUd&YtC^*@Rrm-!j&0L}MbJ zD#sc<4trig3f{fz#tFTo@V7gx3t3KZ_H7=GlJHrMfeVTaZP+SIgmtWFwF9^-8mUqZ zi1pov0I|3A3FWG(*C5U z0em>jnt^BYjfJ+AT}{+JD=-bZH`ds9e_Z)$SH3Z($Z=iIl)`nh>G-kXF4ysVkGcl4 zUkkY3eA2J4cv9FAR~<#G6!J!Q$AUpRO2JHcE_HzjYftMl^JU98^gv zIkUHE_F=uH2FKgD)bvk$aI(a=@8H#&bt6S^{s^nRy)~taT!p(xCI_$*(*^qsyNpP@ zMqSY<$Jl?OX-BPh4aM2|rsD?U0=uMaG#>4<&nURBOdlIe((sAYQo!odyeIITB==k} z;%nD}3CNr7Y{u||itu_QVMz;2g3WSK&RT}&`an00CW|8z!e<})(kKjk6a$xZ1h+5eKf6VGwXB7yt*Rtr6DhiujkzJYQ%s~+ zA1CTrAmuYsq$&(aG>cD$LSppIwNG$bA(%GGjm}sf6jyP*selUBJCmWHA1)&V=BQwX*K!6Pf!8-i`Ko=ydyok>t?;HO$K+((0noY%MY9icyjM$xmt?kvR<(E4 z&KFNk@?46@#K8kKoOygK#MVz)xiCcGgI`F^bV{GPH>Y@w?d_dnl`{u=#)Y6J$e8f= z84YJmGMkEQUebIFnENDU_~iF`t_!@zpOLuu1Cd&R^FLySU`6lyV!GWt-dYcnx#n?* zv})r8%LpqVG+u*UO)VK5R!B+?PtN)`mj@xl%+;51pHNuvpuB&sijn`iD#Re8G0N|w znhl?fMbos!3L*2}-jEF+?|qJ*75<5-+TP4#pUs~&E zg0gni-5oq{cRuTUuqc_QyO?e-Gd{KgbpO=cMunqon}R>K4S0>K^wG!$X4$@PL5Z4_ zbTtLy>Inr|{Id;M(!pXG42dw*RZQv!7DS=g$DMiV^W93UEN0OF!=RHqf=7D^X^pq# z5g&QgRc87aIFkXRNGtQj)|sBz+4d#__Q9BnFi0t=c-y4p;EnV6B~g^VJmUV^JO2vm zee_TM`c%q#CB<}8_Tc7M;B;Al$ot(NSAu7!C!va?sclD3-tI@@f^#z>_8lLk00o)h zY5er>5~yWWUOh4%52?x&NA(3u(_brL{1-ew!d__H>my2LZAURN#)dpTbCHO9s%_1V zdoDXhcDj>FmaE9GF*5OeqC{c3kEFftUC4SS38Yh~l82wT$R(F%g2n0P(duh#Ebbsay8cVUz#lHZA&KW z4J$T!0R$Q4*M6PpiIX&qV2K3itZ1xbI#q||io9x8qenirL$bi*%3ptKyXislrzFh4W(aofa(FT@`TLO@Q%=e-RK?6QFtApw z(e%j3G@+G;Yqo@Balzrz*yOD2#o6|DPfK*!qrB5-bZ+&<-A_$`2t$u!CnbhUz3jL) z6nQFI%8(6BXFUHh+$&sOve1vS<Ywt{o8O9M5T9$RCE5D*fOB5gCNocZrlu!2Zby+u^fW&sdI(15p8W9)r z!-RI1LCu3A1#Y*_sBSoQ8*n~Naqmyub3O1aP;H}|!X8vJn{uzC=to1IO>Rlkdx`7{3^qnC~ zCXbwD8n>ovLamv7P^I_V%hWuSOQZFU>DR}mnTTAmkHC3JKH7*x2<-Q`$IN0@4KpeQ3mShhQ^vX&Q{+P$kUR^xk*!zhnUaYh{9>ocQjY+iF=ua7?>U2 zjB74FpwGt3ZNqPv#^(9_Y+b`85Wvg?mYcqodo(a{xr=j%&z&UhH=m z_+XEKy+Lp}_UZlvTVU_XP@5(_;tNrk^s~s1aRFe7`1{-_<`H|5^lUMAOSYVe?LX=X zj|S2v_2bclyg(|G<>FnY&6@LTqh*L~w!a&IK|)hHjclE6#uyLADk({YJeZ5wS$Tg! z#a=^g(_i9_+-N?-Eygyv4i)_tm5*ZKA({DJU*260U7ItmXanKWS_FJ&3lgtAFvF#_ zhXm0((xrq_$u{G&ZDd(6@JC3G_U!b|sitT8W9>^THQ{lu8+(5|UhsapMlRvig!^qD zFh@X?qi#(bC?VDci=FjJOR^34ijuhb3%`=r2agFh4f-uwZo_J8QV4w!@lD{XMi;r& z@KFk2EEo_4c|4vPCM4K@N>x17f+_h$SRF6eJUX%)r?Q!99} z=q8-BgWlM7O@1R!53=~U&eXc-JyAB>M%74Kxe@9J*ER?lBPp#V0h7YAUh{tp34 zTAdi&WFnk}KDom(cKgk$I5Js=62lX^`hAaiKHJIEy3s$qXE`t=2v4|gzAi$yDau4- z?Dv0qq?u+TK6lEPmgwa*dtMTU5;nC@D1o{C9l2DP3K8Vg2OJyVfzk{4pN;O|cNu{R z>2A~0UYoX90aWQi!32EhF!ZMZ@ALKpset7np9Uv#xq0m#+N0AyjgO>~t@#i=Kyk_} zuO|C@kMl1282`sLZ!@M9{4Ye(X>!0Gg~pNJt`1$8TRiU5b>_~_Ud^NLekAQAlRym@4CexV#>{^rAD=; zTwlUw_w^mfzTTrg)#e+3y=bcpnVjvc?5z#UleN}+)x+LaQSaa?O+Gi~v)yjAWN>#= zbk&2p8mL`SP4*f;(_2I|{fDJdus9Fh_mrdiYBk&ck985!x}bkkG*6BV2h+=3WtTG8 zEd4giBX?(UG{H41OY|=&*C>jY!#tKdYRreEz7!tO5RC<@A#+r#o3kG6)NjFRl-5UA zCUt})u?+H_h2b{pW2P{B5?&<&r$VQtD3mB1US{EL*4xg*vL9m2&InwdT{i1HSRTv# z@Nkmy@}8T~q}WJk)3(NNym?{3kx=X3pbF&{T+@Uom{N)irgxsC!maJ3h&LYPX&#)D zT0mVYA9Zwf+f_%kH>$oW_t%#z{`{aWYqs?Iv%kO=QK^kootvKu6_SOhXtY3QJJDXt z>)2%{@VrnOGuv@hhf7m@Ap4V-lJ!Jp=HLHVL=g4OlX6_2hU5jZCt=iXHv|V^MlR&R zEmsMR?uU2nrK?eHkD#L%MJ%_N*1ttg%%Y{c z95V~vMX~Qk4dMF4bYm)&6)BT2p3DKDAP+!H-CVR<#$^qfvFe+v5A$bD&PUL!cG;8{_X&f`zJ*GvM$-Qzk_FpH7Rx`Fz~g@~fnkco^s_Sv z5fs?8LZjVZJw*?6*RK|9M8nyoBDjtaBQA=s)f$B~STiWL1YZlUg4zqmt3^tI1h5;R z8{h0(Tx|8*fCsle!oWE=Ae5tCWO@?M`wrtxe|08abG7z&LL!c+(;29mDr$81RO7?z zJgr*)Sx9hWTh51;vC-)ezDucEDWu1Z5(skZFcGxqJ1v=R7jcEnm)l4us#H>b_%c+_M& zh3~45OUg>RreH_0a!GHIHbcd(z%;928q24mG1}y>a2#9aYIa((muz%c|(4{&k zzfT+Sh)|HW8IilAwB@#8v9@7y`jdV@ck^~pd0b)C@a)pxwL)TY-OG8#H~@l5?pz)S z^3~SQ0pdoa9J^ER`D9>IpwqR?4>K^&RYq&O! z_tFv87dkx%egIW9gJk$wR(15Z%cS$Kx?dJ*&9f-#{c6gUT4WM>n+@V{G^-X)z5Z?T&Y#(ZNJG7cLOyP1^q82@ss6u+Z;^z;`F$1*)< z+X#ta(z1K2XQP?qo@fCf%-2Avpo%v$3uT4Qlv>S}EKlk1yVdKRHn2i(G|X{hr@Uo` z^tN)y(dDgP)2(sE6Auqt)>+45M zsj(K(`^W$!8UXxB9rAP!GKeQYGr!*$w{iAGPuVPn+{_I#^^G0`&C`kvcj6UX&y}U3 zn&-wvEOR#DymqjQ1Ojf~b!wATzM}#~z&D#D<|fqL8%P1Jh!YWCu0O6qo!BkO0_I-6 zW2k-zc#6yWPrL0O_pDC!nor;wH-q6ylQp)t&oVYliL?)i^UaQoQghwqsGv)F@!p$76eMpa`maszaa4b{lb1o+BsU8jj~wVs<|E%FStgL8J?b! zC3hbL&emnK1vj3}pgzJ-wy`1VAdR+}TXoQxL6mIOqT&Gu%$*gk3KNbzeERJ2?C#c- zpA-!iV;Hg5ZnZ2CffMjJMm!ELBtIy;lq1e2A#Zrcrkd`xcqlV-lr#I;a2tMPKNXv2 zNcxIvZzfNEm^^68R_%G5?)yHnIXG=n?zHkJcz5C8m*#ZUK6`A@R;t<$06ZG>CDdf< z!-V?uYQW>74-M_+bO7HpQ8_y^Vw-LlZnX{k3h>tg9dl=&-xov5E*>c$L%FR8K%P-| z*8)E>G`$(WSbij&xxvms*M!#Nps7`?2)wnttH$SZ7%mK5&zMu79`XR_Nm#{QC;d!R zKaB%E=eeez39txmt(5k`gc{)hCJjTdYpNxBv13)PR={|CHw~rUUZ=O5Yi~ET`9uug z`E8C+2rq3Kj3wm8EK>gAcu^&`UQ{WOul8gzt`%kL1B477wU zZwvE)c&HeJR zOvYBGYsLihw@%qTj&5W|*xPO=Lam*j;+J;b_Can^o%haGZVF2BAds%bZ&O}9fys#6 zh~-jY^or@Q!?{c*{!*b5*ys_dhTtv{?3Glj^52eO=9dPJW#~V2sG45(@}{d4OGg)# z4<-Ge8Hx;nAC8z6KAgk7%f67f9yuN#c@ z;Rx2$bNFX|=|d`^04vgQs=BsV||^$OOWe2+&^G;RMn&1C)saWzOB)-J;J7!R9+ zI(7cMu5|`mZcRvEb5v-$W0pK{r@y-XxNISn9CS2uxp?^>4X~>8? z5`9{tv*5{U0uN7ADz};BbxUb;RI9JswW(oc;!jb{>LA0nQ2;oVhEa$|nrG*I{nnY@ zf%7lAl5#I%7^JVjyRDi_EG0=N4#RbK+fQcMGSpy?jRqoYVaRkpl^<3vX!~E|=aHQ} z+F_J(eQe*G8BXEqI&OAg53 zVK-OdqJg2IV*fbHi`YMx34v6lI~-DnMJ>DijTCY_9I(NO!+`o?Qy|ZoyrKnoTkyfo zk$-aR>ZoMpi@X5c`e#xP)OWsL*2Gw-_f{USRGzDVasC;O>|%|} z?CGCP9sG?9P00#C7Fq#HLJP2ND0 zw?7RKQXzDalq8y&e5`f3URZ`!C_#Y4!XG`>60t(5mT#md4%U?}`tt zvdo(g>X;`O(WQ|kJud(nzMQ@Fib?}hskZ#U;Xzm}yauuWjLaL=^OM4wY4>JuS7tUf zG)~$3@O6^&{j;1#YuU+7asN5}yM}qYpm=B}s9Bwdyev`~m-fCUU!jXh zrk-*x8hdXLriVvuGg|p3ncjqzCBO*s;H*xZDuZ3>h93qkw=)bkIr@fo(HZO3E)e4? zowLYD8MQ7o)nE}56AG|CMyW36qvm{oFma=z3VrKtf(#2)D2IbCp zD8N&9b_^r!XePGdS9+$$G~-e#j1~@HB6SVZ{6w1MG*XfGo9?rPnpvnXdew-%x0(3G zl50k-=5hl+gN_g)N09gL;AvyO4#iVH6-c%7ATkwgCiHhUKMFq! zNE2;infHtulz7JKm%3t@t31RjJF!X`zcR%_tka$nc8TJYLuNtg}G)*J@X4woxxI=X{j&4 z2B89f$rt?6&`*4l+`lnb*6-!#7*8aJ*1}+pfrg_i*wm#OTN9%ym+dd*Sph}VBsW5U z<)@5+;BfOPWt_LTu%3*_5~HT-ez0x;ctI6MGa*9%)xYsxw(ulyie!SWzt<$}cBs`V zrq^vC$@g;9bObqTVd>D1frdUwOx4Che0V*|k9y8_;aczHBn(qg0APnc%Ib2$wiCWV z)1_+s);k3*T>w;3N4qfkuCvV;MMZP*A&=TENp4}8ii>}y(PrJ+++94HV}Fm(Cc5m0 znv~vOhE=9t5coRjg>A*2f#>6mhy#NeCR=)bLES{0G<6)ss%$7&AcunTKa=8?jT3<; z&kBk!mHo?oqK|CNb2z<~ggcmao;miVE35R?1ehtzBn_|)t4m_@=p-e+R%9GLdUMfR z?`2M!lozpIla|fbFd!m*h1YlxIJ4#!fIxT&xqSAPtPM*xGw#!mkJ*ktGh6688wiOa zvSg|4SGxJle#hDdqDYSUeUx2WND(_Z=g|LImrnv#^VUf$exjJH?eTW^bjv3K_3{vxR> zZU5)_vlBNrUIfoJH9`(}bwzXS`}1(q{WU~iPGN2pTk+A^*oyaWGc|ms$Kl%1%XSv1 zqjLq}56z~zR4MERKRFf6IV2?9^DHZF-cs179X2FYg$@XLLEIvnmCvup4sHb6Gsgf4 zkL60?I3c%3?Qju;A})OqXd%L6+)^~lf+qXCwjy&Wgzsy6ZKHbGuuBiN`maMcAS z;8zUg@c*oQ?SG>tQu_R;{CnE;^5?`|@_I#SO-!p=sds+^-fbT-biixhMTcD7V#nK4*;+)pqKSZR~yWmDr61w-#kUthLw`PWE&zPV2)A! zHxWJ499?vU#movE0x3rv()96Pq*llG7kpv&yei?_QyZ6OPsA!eN!9jrH@}hwe?g*~h(c9I<5g&T{MBbKg+HP9@|%*?;rI97ef|wz z`};9*T-n~8M-m|n;lwJa-CVlwKwI{YvsC?{{qpmIc+BgbQ|1S@)KM%C4W8kw?nIE@NFEMC6k~b`B%{HkeE{R#r=0$OTSh+yb_&;&= zFQ1E)G5(6v{N~5RCj!rO#Z|%tXD>_+s=kg$ktv3(XuD_R(4gu%VxbwjQ}K=~$|(;_ ztWzP)5&fEc_xSyOy2)$XyDeAK5E`%VFYG-N;(^1?J_k2Ius&*M)A%)ZrLe>BH)t+k zMTa47W5sKtaX=zi?3%K~Y$b-`PqSmL%dHALDHwCY$7xzm*OR=poUnhz`PVHqM9*i! z`@9J~R)1tV2s4p4Q)$#@Zh^%My8givJ5(sBM%m5IqGrlA*YM7OUDCk6;LuTZ<-Wd} zvIJMm=B7CQOmV&-@Q7A82-3wb2X{c<0b3$ifbv=h^wjs-T0+>`jvh=i&SO7%z(VV9 zj>@H<{ZTlw(W)xYXM6++wb-9R8&*b2PXlVEPaID#zBu`2|KWCP&Li;-VFnh2rY8)i zhi0hb?H3Mu=eWj?_cBG9Y-r4d!!K^jZV5cO--VoOzVw?+NGJ-j{PtiHP&y(8le=-w z+%7$g`sO;6i8@>Wa{hw{yRd)XzpRDOqX78B8pFS+i@sLSt2~?}x!-UBd{nUgAJWwS z?WaCZGXKNZ%Y6qd9D`{@@$=KPgSi z;h5ki%fqp%&`>yoDzq7AmjUzjOXZ zZ5*a(+TcD7NOU&nuEzNK;K4}uzx8D`5W#tD4R41Z12ur))OdLC@PRGI{o<1!leO;+ zo8C^>Ybt5Q0W+Kjl-Xfz!ueh~yvJ*wy3!VDuC5)OhBE({{11XR&+dW1TLYc9*^g<+ zm#Jj`>jbzgyI*KrGsVKI^QnNNS)ue3Pzzuy*YOwM-X{(MpySC-vg$W0nTtLR#}m^b zI!?t3`vr%MEwj}+7h^_-5dRgoy?rtt%epLqe`3v`lLs(1PS!X1Gyueob8a~Gzi4~U zu%^1EZ8$0lf=CnvQAz*>rA3-Z4MmDb@4X8O2+})Il-@x^KtMrylO|GQqc`c&rG-u; z)Idny6};~6x}W!We?7&55@rgS<06ULxa>BkmWYQ(viQL3fg* zv|y7O`Y_laxD}sUWYlG-TG7}CZXn33*X zA>L&2Bw=)Hhp^Eefc>_@uVQpjk;CBI&JnUCl>tttFh$ zBw{xtvZI(G@h3&Aozc70-5mKSnyeN+e1{)4>{kaAFHD~bA}!8Naq{-}6G291CRrGBzBX8<>j zO$Kw>{?}K4OFHShSxaZqptyZKxYGktj_%v$cU%BZbx(syVHBcdmi^!b#EZrKRcjNI z!bTFq#o2_)P@4+&=u_qdcat^k=^KrwNJsnEk1-(%S0dr4-V38wq+8Bqp?$bLppJ~a zLd@mi84Qg*C0*2PR$g>PW^q3cog>8iddF1|o%G=wW$oiFE+syUA_L&dkaVs+)L`8H z&OPKdDe!u>ch5S9AlZUt}c_`v{p! zusR>KudS>gG~euue0UvY<@pS>98K&sAf<*o8wYEQCMg1C)?2 zbp`0X&H~;u@JpRu+a_1^&sdlK(q|;QfQ6}gH<8LbzZcsT^YK=Mk2f{g{q zJ$JE3mHR}24D?C45jchHb9c=^to|PFaxb$LQCl#aq=g*qpU{)l`t6l|X1kaiL)>*H zdeZ#DgY52HCme;JjfAUk1C_RbeyYgf_O!pQ(uR)<^1fJz6g(e!GF=T4ywxF9Fr_?U zT$n}oo&K)%+gzV3?LObVwYbsN{X<1@%m#YTxKNFePEqLTLKD)t$7Ab0iRtGH$FQeN zoPD(z0)Zqpr63u9t&s-Zn5@qX*iE@F05O0IM8q=;(i+~}NK7q zecPL_OFI`-{K#t1$mL@;KfJ)FFf!sz{t4FT#ZR9>^?_uMe-Yp1u;uRFlyJ?)@A?zc zDyBw&j3vJH2Lv*v2jXf!yfBmXc4m+?7MVDX@RtJj&p=k?&AYr7DMh%4Vjl!+2aHOl zr%xS_$eKfI*XR>gDl(f4VMZ(EE906%lpb-#u>2wD^0NMMx0o zAM|;(YkD~v$NN7XEymyyc zP0Xv62d*2*d9dwY~HiF&>4HT?>oWC6{qb zq6%;o{mbX`sS42G;Fjpw=X@B(KJSgrxBYBhr9mTZshat_&Ev~fttFaxGNb~xcQTQe zgqN&mzHhb0GNZf&1w8wkD1sd6NMD}+V@|Q`C=l(za2l7nh_sWsz%?)jUq8IISz3c> z9>CE$LFa2w`1WbUMtE}Sd z9*D1gTl-!9S_czyegBuA`I{So!k*jvxYfPwA_{Yrw-REmxKBRS4gQ$Kf|^!WIeXpK z7QVnoE#VXOfrS0OY-?0SNHl(TaW*{>vqC+2IQ!z;{wg7Z@tQdC>-vqI=TDE;vlWqd z0x%n0&HUA0G@Rzw<~gmBS1^o{Vp#No!W(qYe0z2)9O;Qk^y-aT>YcnC0xCpU=vsEN zc9L4lX>N-Mn7v7<0bRI;YRcg7sSGi3wq%C7{diyE6o#X_^xQ(r6yKB?erfh+-`2>G zU06*aOi6w!J;4XhsXdFKF~?j&V#*X{0=?d=hw?Ny2ON&8dk6Wye*tqF3B)2-dYOry zi!}{VgxjJNT0WS;8M}!iA16+BwUEq@` zRdHHEFhg7_(6C9+ZD+RaXJ5AS8xO$k*%v>e=*kIK3s-+2U;XVMgX{&&-0T88 zHls_udjibhRQ2v0JtBf}GRs=DwUtu8+1@S!laW0BgfVz*C~*-U(?L`VyseG*FwE_< zOMWQZ;I!W5(AsPduJ;(J0$Q=3@jkPhBZF_5SPI3hc2POmFqHVwo;*|&)x-?4*uyKYqkN-`HgVr z*vU9Ja&I_rXZb?o3i|(3I~){Q-)LKrW_lwlJ8_}gY}d%Ch%&^y`7HAH!^>_?xkX%X(a z5tjNU;2j4^Q9O6WcP$Qz{q5H5tsj6#ihUiGY0hZMKt-i;;>EYLoq;I36Y6|h&jv}n zkrH&@{*2OKZ+>h23Pkw66Ta>Dp!M#WImBu07kHP6I&vq*DZv zdUs`?)jp6{--;K-mKqIG+r2>@9U5w7o~LCY<2OG0lZvbc{C;VeQXWvB z1qQUx+{}Lyd^s)dYf#_b&`x8N`}|bjo+rgZCW~7TY{ePZ+LtK`ZpDZ8L=9%2p>gVn zXS2p_3B3Lt+ZmRnxAW=j#r(D)!N)~0Rt?CJhF9}HN&`*gV#!i&du>0WnYTo5FJ0uM zU_&j%+VIc!F-an<&4m5=adqcr2c7FRoy-GEHgm^x#m{{R;?a|C{p=GD{4hOcGTbDN zSn!QPM(j1XrWAL?j>0dXgb0mZ*<4a?s8vPDll&L{YN4@Sy0bw%M3?vYjYITC?8>&y za_7MW1Ixl{JOu;SUE=!#Z7q1Wuz$eyFn_@Wk80xYY`hCj?`Zh4^>XJmS6R^Cu6zAX z0xg*f+ZnEinHH$53>2X-ceqyZ>mwnCiA)ozC@RW8*`I$3)ba00E5zV~zt>-F6kJjD z61`{O0-g6-9J&iVEdPvlspV3#bP636!M;DZx#D?+sF0NF9Lm4ye~`BW3#(;nnT`<9 zABr8kaZKiBkvPUB6X%Uhm@?Vw442rEgeL@0!xhDrQZ#j=emiPP%8j@I+yaF=w;wD(kN28=7W%H$>U=QsRg9amxuN?V9go zo(gK8z$cys-5uYEYd1Zi`3l{B;VO98LeK^5ZQ_>93iX&~e0K`J=tMSi!sqyr-s&A- z`u0JEG~yC6mt5utS8NgaY6K==HI6|M7(V6MB`;R_jpA99LZ7N4MpI;>I6c<%6DGC1S)>3N7Vt7)?SHa<;1d<1;^6S zm7436xjLJaA~f{6uZhj}lv&np5$+=?wQ%#3z(7su6zTC(*-^&E+C*6Z!q4A7@~vKM z(q?xk{wdVAe6UBifqNnQjW&DgP@~7iC{tdTjUr3LG?Pg$e(T#svd1Tnl1RSS$Bm6? z6mqeL$;H&>7`dp)3vLLQosrIZ0wvRoZKIy*i2og%X%cv})W_;$9qI4- z);JC0+Hsb)(ffQW)$mKLp+D;ImRv|4db32gRx=gvdro&hzt4cNd!ZF-c`_OO1@h2R ztP}|m1Z9%nY2am#4`qa4!SXrp0f+}CTR2px#0@}}blV+@pe4K3bJ2KwcCPXFX1E>Y z96Mnx zmbBiT|Mg4W;oFEb^q#@K_eulm6!6v9o#{%6^#tkjb9a5$7NbM!!%lU@E`$sw)B@wz zl^o5WZWRP`Jxa9I420~l(Wb?8Zyf9NoYn7kH$4^+)lgWI@sa;LPZN^)>-h3hS zN?ghljU_j)dc61ubVVz9hbCj7>iQUQ`+%E-MJy)6)tdXY0?ys|xZGFp=wdo0PIN?2R6ev86X!y^vHTkWDUG0fG>F)zGHqa#m$sms=W&Ksg8pSYw0QIdv!Fs(KO z1jTmR^wW&-+VAaKTYAiS;n$NGul&EC2Z#ZTpM?VB_Z57hlgrDx@6H9e4j3w{=zx6o znFIM;(y@qquibZD>@wscz`RD0KopkBfGD_geQf^u&s>ke1~TXVwmzg-T_?Z2fmf?Ks*Y7U@v3uXOBc z$!IQ={FG$Eg$&Vvfrd|$5=T+^KW+7BkMHDV$nj2ZBnz%2RPOpKfQ>0gjC?=`690rE z-q3$R=kfiCkAd8L=24RiYeOLgv{P^O@}?vkkEgej0E_?LgRP6}%5V9)bqUG=X5RM| zZoh2u|0bpfXvFuzIHmRxvFd3fG?_{_6Kx>Set^qCD5AH!`v!*gV|YH5{|8!AI`Ef| zYQvYvaO=Hp;FTyRvtZt%L(b-J`)w}euM)(ic6aA@{^FYZO9KmBI>?z;X@Qg`s>@qW zzgB`^R!2$79zFP@!)f!wcG{FK;#P*w&h4;cnD zL|nUuOIGi?*h$k79G~6Vn&+f=?!cf<(#LgashvBGH&q%O0BD|?TM~*b6MZO<(nX7? zy|Xv7nm${0bPSUM_c}8rwq7Q;d&d%w)B}BXKSsF?zJMhy55PAPYwGabP01}=t#i(y z1;|w|3}Jp56<_ABsKPU!ZBCd+`adXDc3eWC+z(D6&Sy6rcI|IhBiF_`Q8y9Y)A=f~ zs4Ddh-4?%oqtB1o-m4^>kPcg728kas2*e^nyIhtx$*#ZJhPJF*2O~mUt#K(nlbFJer|p~OuZE}|2HLAM zZ0&k5U1{3$DgT2G8>QWBu8FLnA0qGUG;i|5E;%GSPaoP~iw$8So-XLp37xt0zO7~e zlMZm%ioN)QDSRk>cgDOz3mjRcfjI%Nl9%0zac}h76uhZy)tKm)c)(Mr?(eFvt`>-E z4UVO>wtvDoJ(4+J5n*GVZUn*iwP*}HJDD~M&id^xv@!O)Qy@ut_zjXK(WM; zf_ac%slz{6Q!;(!Ofp#{#l&#I1FET+SH;D!@S2^-98sdO*w*dx)l&mLTs+*jAfQ2Y)yk+p^>e|AT^%v-4An{xc&!LwJ2;zbDiVZYAf zM&#>+gYMbu_nKS^|1)MVQ}}CWRUmppHS@wMeSy|=%3NzK%>}ai#~3yG6bYiP3`Nzk zqmilQFid0dw{yg;ZOmX4GfT``BHROn0S zKjIgoWXErm9AOvYd<#&kt@pSv+eOK-EQFk^NBlV(#TSYQCH_Ms%umwg5Qyf5z`*)l%WEI@=np!z+(Zr*)3|RQUq`V z4Ioi3LJLmVZ=TOTtDCn2BA;jJ%Apq#Lfk z8g?TI8Smg|1X7oL3ef9A_CN&1;d19?dfyV1{B3h_-nJ&8@QJ4(XVv%jDz8g1DFi~V zk@1_K>!%|7gpD`b{R7_-DnjQ>jb8@Vjbvp&+DN#hLJphK@Nwis@Hml;P-R66Vnj@J z`Rvpq)1T%}Qn@mQUMA~9uDU>nOZdg2T-`q~3u{>O#h?NFDwp6{p$(cuV^V6Qt`Ph-($nUviK42p^X>h~Ii2!MWS{r?28Ub&HllFc_90Zb#pFcJ5`z$5 zLsUpvELnVCoKoQDd;40&+8-6oZa#1u;oO>I?;*S43H`xv|9uwYhWHFDtXgyV>voFo z#Mkpd`KavAtNMc{&SbI|pLzc#nB7y@)o%L)NHna#BetbBTvjorAm>Xb+>0*~-oP`QR0@*3yy zcdflJ@aq|@tqt{R$CG!D`K51Eyi8oMdGwH12(0bE$OZaif@W%dA)1(c_FfJbSrkUr9ZRYif+x-x+$?#Qq=X z^!+%%U_5Z(rSv1G4k;e>mfCu0em;+iipty!X?NX=$7_3jL7k3HD&?*r%dq7JUHF>^ z-+z9MDK8Slo@YdU({Xd_b_iB4W*$?-DSWm}l8MU{-COuEeV#p!r96-R{?Cc^+s|QP zbxa%|1y}f30Rs+zf3>2eRut)For+aLOXLf-yXgte(+%%f6jmh(d#zE7~-qd)rMO>5VRU!Z!CqY|gX z@DAcB6uhkl{R9`AOAq2R^I>6ARkYW%NMPuG&1^hu97sIm?B59$oCcg8VG|SMBeb@+ zsrT>x=7J`gJI9^Bpsv!{ljpOynjDUy&76Yb(6hUtmw(P||C6 z-=THn3Ryc7BCx7malS`A^Mdg;F(1NY*2JQgW{+CJ$g0uJjMwJ8c(ulh^`_8B<{g&q zYhXY?j-5OEQ?pud0qbl>3Yhh^UxCWR3H=R(lblwP;M(60y(cA(-rp}PE~mNmx{2p< zi{c>c0;`w*+Iqn_&1;M)0?v21p0}79+PRX~-eJjMZL2(JZM}&2+(-&X4PPO{H7lCG z=8I{+aAUT)Eye2^ZPOXxP|5nNJVBEGm@SK?FI`PD8!Qov4#iN;LXL*cFDOj$bae^a zN`#*eYI|&M#}|_#6mMS3jrmGKXMeK-0002r#8H)ZC6346dvpJ1-^3EGouO&-0IR;Vac{6{NRf0V0uTJMeP`sIT3Z`Ih? zU!9|$K6)fopuPhwaR6!XyyL zCl0aezpVadF-X{glqA0wN@jfSZzAJAF2qutMI`J0Jvm3vK%Iox{AHTBVzg&1U7mKFU z;aa7AwJ&B$GSL76x`UH^qYhH6U~gkm+-oC@aQ0(Cc!FbuFvOzzo|`gh1n}b+@Hc$| z`SR&l7)ZYYf&JsZ{jYvim1#T|z@8(&1y&yd877y3zSQ07efY|xz2TH&@v;fJ)_ecIB@o%d9uKjSL?0w_|v^MFb##dzG zbPG+Egy}USYU)LZ1>WM9$ToeZJM~58xwx;8@i$CSb+^h;1pT%IA3d!8L@aqIXMA_N zHUh^8{{4%d0@Q~3b;PLyNVe~7Md!2$QxPW9t;Qp5RXqc)nL?WpOC z;($oy)hhouCez?{=Lc4bpiolE+Nijlash8V^eeifHcz*2*H;nbkG(o_+VOv$m%d2W zlXy$oi7&SIpf2nuLBO50TG4%w*x27<(3X{!@`Obbi>oH!(eZ1NC)JPxIt= zk30FkPpXKczA~6)1ixl23!!Zl@M}mIK3@Bp-caZb?v@RA(4VRE?96E>ecoWKI)61| z*t!k$@;_9JBr^xId`1nbe|S?t>TEzXKy?Ub+etpDNG8)I?r=6phiZC2(V`P=>+Mf& zl&xFyU8f~eCwOF)DK>1D_qCe)8LGNkZH^UoKkwwTK{geBry_SU1iLNguQp7189jXk z-VU(>%N3am@+#<)x3*l5T2l1Rf{ZXC^UAO6sXu2*msqOwnL+K0*gL+dhN+sto!?pu zZ<)uxsZc(O*E=oqdJ(>N7*A1VP5kpCPw(aj*U|^bpXuCs_6MGy8kmbUiI0f;Yw1So zYPEl?C99Pbos5D{9>J725}Do<57OBuwV!Bw2|DAuo<&lRzPEaE|9lD8`GVfn%d}u- z(yJigLz>#xn{re*nYd?;PGhKF#y-#w`xSwr2F1PKG#GU-+vvrvYhQdR$zd1L99Cxm4OEEZt>lY!~n(6z54AE_1#pE_8l` zU457xNi9kE0_{7<(00bjRgo5^iW&5ne*{vXDCvmIaEr!!r)3UW)-&rtO+o?coWq3s zsp7~L1ob(S(o|TRtjj)bv%-5M<%)--(>J4HP%bwj$2v8`ofWd*+Zb~tbp~nEeBx9! zM`6t2bi&R}yvDj%5eMnGlG4EreU8u{sPyXtTd!%aJwA<~$jUgswJCa()tM1#Gb95o z%a-EIA!00^$HNTFGZ+0D*S;qE3aan!ZfyEa^BA9K*!iTvEG%yt^Ee{H{mLpm*=EI8 z_weR}t0T^U zrmmSgbch?SPie|{auu`XKh0% zEaz|vUC#XD)nBGqA8Pkdb&%Wc&m}POpW9#uU*ya_t1E8Df0mjoK#mT8!yH%1`I;|! z7b9%F0d57Z^2Z?L0VhI(ka#ht!ek=%vJ4?JX0@oi%PreJqIJ~mi0L32wD+{W{$RJ2 zRyW{WWOYaPw{2g6t5aI^d6CL7zSnK%77r&mc09pRvTHcyzqTd!Q| zCaGeFAOydCi9kAwe~tysHic@`3bl!@ZWc3HyA3&CQW4eAXpKrErAidn$U7SAzno*Q zTjxoucP$iLc+}gni6lY{!rhPwf?MA+}^X9Bf z7t^Ap1#!yKr0qnWlSYWsFZv zMkF-e;i*D2fO?QepzfjQQU+Q>wfsU9+HA!d^<85gHn2hlVz%F4Xa;^jBJ(tv za@Lzkoo3#7$UgaSVG-QmDL7U%#kCRRN$dWBw~^`7AIl4Px|8|NiA0o-utvDdyw;UW z26vrKN$&Jk2E0h--Z^2iCAfH|%d3&pxn|ekGJ>N2P_Nd#4)tKNC!0IjP`ZFrK0Ez* zHqUAmaPly2^44IU>kbVCV9KxnGb|>H-@$2B*M+mpjU% zRbt~-g3XvX^H&>T@KITe->BVTDEw97g9E=3k#s@h;f9zVyF*1z?&_p9hzwN1#tYk+ z0<5NinHd*7$fm>-r&3IXsDz)qH}TFXbF0attTmU@Z=i!*JLXgQML`;2tlDIR&x1N= zeWk;+D17hx*9+GA=7H8{CeMI$@|wo|4RbeO>{zMJ$N=gCg%>k4JI?sV%OP<4oC#*r zh9{&>6mF39DuW zq-$T_E?+1~MXH&qOD318oBbx2dHd(Nw|1)xpg%#E3~#=Gf%>x+R~HS`z+p_?&&1^9 z6@aG{H)(#L)}qb@>6At9A|~IT|3T_GRMqy7-H787nW0IXru^b`p_9dCr>FnR1vQs# zX?4BWt+Awa(c2Q61*jXV>?G!?@Ni}J;>TQ?i)l%uE(fKz>H#OhtMs-!6S?F9`M=Z_ zB5MjD7X<2GAdovjq66$kl`?S)Ia+FpG8v4{xOaz7p+Asz)IeMHhpPpU(Ut9`A6$Lr zahW2B$ArPZqH^G9#LZWjwYeiLJ$Jjw@Vxq~%DaM$TuW%Rl>FGW8PmWUV*?BZ#e2Nk zs%#^_*PW}F|B1EyU6^H98y3*U`icu0IPTD(p2OPkYx{u#GYh@GAAujg@U|%!Ca&{p zB>Dm9NTJuXd!}>()E};L3thCC1bi{TB076vJ__1B18QY`pzw=-mB(zFGl%_J%uSv&cc5Z2-@R|BT-XuR6xA@uD!>i$I5Wh2f|WW~4>f zzKJ^5Jd?xF^OMGBj{`6lx>A_?Qo-fV>~p-AE|9gKH>*Zt41B-_FuZpep#B&Gy4Eau zzRB1$Mz0SU8@+Oy7zC#8OOjFc#<>RitHAUL83;L3I0=Ur&h36IURwGf06csp#bbY) z%q>^33fOqiWo4tyeil@~CxPcE$Xz;o3%hYYvR zc0DB)jHaFs;?c#DpDD{vQ(Ozzq#s$$sK_zGy(*=)Z+V-q6j~1MvB0kt-%IC|JEabJ zc^pdnyS<|@CETkFE%pJAPYYXFVk4%Voz;8p`^~GUHJUR(^rN32?f4j52f+v?2~IZT zkAeY_L+h$f0ZMRSynecqu-|bYg?Pw+yX||-*+8*UDqp+(TWT{#w0`0$#Fr6cZ8a(m z?=sZZ%O)tLP8tB;8Q@XU*0J&GZu1_cY`9$}iglybNCmHnm7G176b_F#W!Ku1?pR#a z6rt#UL*Bn7cLgj+{%L`Fat&8e>@74tm7(UFT z*DbjMeLcqH)T!cU=zllw;(5=d2kE~L>nqZGX`;kqXB^9)Lhr2&i66{%qL_^V8O>5> zAuI+|QuFn|ry2EJ;(x)yH2wk=IrC;8rgV}a(_a|P_+^5&!+t0Cb)QLI@OGa5ol{{d z=>Uoidu>%eTIqknB!w#nKt@cKCoH#2j|uaFU9C%*5ER&nT5Oj$GTG#LO})eKpz5%X z8hj1?BemmY@_v2?>ZS!wUm*MzTR?YNQ03#-#8bLrIULY8o_X5zY(t)1-{I%rNT9F? z0DAa$su&wm<1VOnTdv>wbeEN-_J9Tb&=0rQE|;RRmlEM~_8o7Epd85c1St z;*)-cXQNyq(P^r$lmLiRSez&M%f`AwTUmO&5u0;&s%ZkT(*y!98=G`Jznw2c8Z=rU zl^~w5NFy#{>;wXce`r#=-kXn!B>UqBh}>KI;S5`a-T9ha#63iB0X>ob@IX7I(VC@* z9x@gtI&cb-02UwAG*Upu$q}0Zz3G`gdGN$#zdZg8>y1pJvpA0c;;^Ta_-A_F(QIl? zoym8#rNIaB!8KQWYtLC1Z8v?;hur(oFGqM3EsE=zvo9)RMTg30Dxw$17ESccu&8Kv;+po(9-bV5t5-n-xW8j=(s)2Xpr#fd zHY`r{vz#8{K)z~k_>-84PaiqT&TQHuAk2?SD6@44xMozRw`A+I4{>D(>2oAn9&|!9 z@A1MDoZVizS82!Iv>28KQ45;$#}B+(J6d)gnvM|MmW$SE$L|;J7u`V+HyJkj+z|Dm z2!sfNh}m2v`#1v>C&I1B>ChCn>^q{rA9}LX z8nL{7|Jw1~=F=|5>GXCRX2dppcPUbwh!5yJWO3H*Vk}zu%IDhFl3qhl09z#$jdSQwLDC~tG{+NWN$QyXsiNpn9&t6=&nt-qdAm)HpjGPDW}aR2`R$PPGLEZ_$u}GO?YFt0|Wt5S=lEz-%!Zspmv?zsh94%CWTd zAv4G7z4|`x^u{Zq6=9lJ#W7UWK`@P*6&DYj%I`o^??H%5;pni6x^2sz+_M1%q@AJQCa@24fsQ&%Mthhdg3trO@zL zNY4m9E1PO1A^dbk1^MgdbyL%eyys>5&$8zbP{Bs&IiL`YyDYsx&@XqwFnu*%o_WVj zy@JkO8&UB@(Ox`(XX3WU^MgCjb15VxA<|nEGS6VfD;2k8-iTF*a;;C4mwXy}^jg3% zW7=xYX`wA9zs{qL?ZNAEn|@WXtj12>jDo~&LR-zll5?ES6NV2|6YQ}^xB?a`^UZ8O)G(J}+U?aU2xY?D|3eWAc*O7e0YQhi?vWDg@S- zEQ-815??u=ZRqXm^a*0;MhvB;&1=oG)pMkM6!8^lh+28ujKS}6Q%BE@Fp7Cw+p=X8L*Q*b)QPIzLR}1FR>MVZhaK5vumj{_PO4_ z>XY%x#9DBTrzeM3#zezn$>wtXa^LOh0+z@crj*9p`?3d)%LS5(Wr%mG@6O7qqe8w# zo_O|&R_w6ltPJE?HPrV&_>$Qc;uVURCI z6p}|*DdA@zV`@ul*Em5ka9DO}c|^mTAM(>v)^7SPD+S~u-TyyRny8}!AxY-Q+sY>& z{n&TTUNWCfp%k`Ar~ErNX+O&B>+cMu5EZ-;SxoFn8fB?VaQX2Ve`fpDu0e6)Re2N> zjj%=I|9JfVM$~$wR$462TRlzOz^D8{#0BtlSGc5R)mHDodn1NXoDK2Eq{gY?*nift zDi4gGI{)ojdfza(I1%AHRjMwt;lJ&AsnOl)j?PGm`)lRJFE*Y5Ub{a!bCwojH*AD0 zO#fNGzjGALRWu9BdND_T-a|p1+T=~9ii@R%43EHJdpUL^I_GADvig%L5qx{Zj8ffa z+eM{^yNNRaX_+b+r9C%ljTsPCe%9FgIxGH8({0T^zpORK2lRU6t}En3_hK0E#!|KH zhq_d3Z?^Z`n_O7SK2+*t1+W}hmtrk8Ls-Vd+wOwQ`>nQ1l-o3CgV_B*6;;*msQ z(yiw>dsK30g$OQ|PaO&dEBD$$=jQShcaPX2GCJv|brd`~o=75|Zo6Y~;qfD$dzn3G zHyf1w*REGfdIBg8uG><0wEPAEUlS(oi^7S6~dMR{nG^P>?jmQ%3Bh`Dw^|8ug+#j}my^+Ih8MJ~vPZsVxx25=R zxni)5#k7wkUC#}wQ&Li|jMbOliJx~qTK^e4y9 zOaC0aN9vZZ$b`QCSk1wau|DA5jh;MfsL(X@$n$*XCj>8rL!#w)FBCq=pP z$Uo&6=kK0VnXjod*F}zXBBaLXyD<@U;Qd*Zu0^k_&I&31qaDVyuiQA{0H>l~p?&FS zJTR%)8@pD#j@zsuJkq3a6&X*+{^X~0Y&vMk2hO~nl(v~#^Trjdn8dE>5A{m6b7ahG z>s+L=3m(i&s#gj~lTQ3cfxVLq*1Y&}7fWji-i-9GD!a5kp;>NYLeWG~>#rtLaBe3tBp3!$?Pea3uPG34NlNj9~Es8hv6rT=IS* zs;#$`3BhkNh10sKqNA|4?z6hI|ARAAC59zH(qXsPu+k8!?Q8kx-tM1I8I3Q<7ddmg z0s?Ku@x^ieE6R_1>uG6eIr((-oM;~<{P!jeo77de4zowf1#O*LX06#Vj-Ee=Tt=UZ8T3 z+)FBH;?@(w-q+35Q4Sb9y$xeqpg4KCqW`buIu_9X-LN2D&q_hcVLg+D z9*6mYVWip>2&D`uh6A}2bQ}Y`Nd_zy1foF!j3S6kLxGX|uYWX%Wo>(bB>m+}?8gn+ zI8X{2urs7@UMV(9+-8~0Bo_a?fkT2nKa(}`Vr@${4-^#?q$Suay3ht4k4@wT_8>5(l9V&QbhdLpFOc6X$m&dtZwqKDwR{n9FHD+gX|U^YZz&I?>@eS zHM9NmZ?B;r3|_)W^L+O0V$h{X=snVhXc)-GSzY*Nv63izX(HuU^m zgaU2bt$Fp2XDP4S0G;oW-m9E^JgT8g`%=p;pIPi0vv6#7Acf3T)jFq5r+=Nn-r99L$}v^t%k#(c|TV~IsP@!^GPj9w4*`sAy?B5UpG z8MjvR2XOt4TXaoX$Tj8thN)<(>?63-@`@5mgjk&?)0OnM?HD0$GMwQAf2!`>{v`f6 z=d2eZ#yPZi);V`JK>a0LZ9*A=`|Y)9H!44y7P%SeH>d6#%y46e#%nEtvoyFD)7zYx z9_7W6iMll1B_&F%U$Mr7*v0I97&?``DdJ`*8RKjoN!;)J^DFz(@os2V>r)5_ihdU5 z+KDk!Erp+d0+%;+e%p!RsTLxub*Y<33cQq5S65$;ePh)*PG8|?clf=8dbC9ARwGlB zpGTF5-(B2PeW3(wJNx%3DX% zbA}ZIAD|zyIhixt3rA*4MknJ7ipA)WcP^_h`uwQoLFI?Q!VldxC+&6Oi*)mdsf{_D zgsOx4uH3PrPMNXdfpo|>suHz+QusITBOmV&nz!|yr1$I;?E4Z*Yxik}bQa$KvuV7{ zK_;SJPJtZq3xh?beFF>HNoA-E(Q%@?&KSS@EtPi$EeT)?$I=3S;*6T)>>oOs+Zj!# z<>}DdTQE)H^5hjoUN&!!6a>wXfTk8!>P} z(**^ov>W`N5Jx>B1jpV4^pmL6)JS4NZ|$$kw)Rn|SGt*DaJwPx`hI%~8LY~D_`Vgh z+e8F1bKw%JN{VtBGC-g{W^OM-rAS;+?mX5~y+JtBTY#RW(1D1xI57AeDAHIe{ASws z)!!poIDB5FhnYv7sXl}+cO?0|Gh9CH%s}`xkH>8tuV2FQD(<~cgpv8uAjZht&_ zx-)vP&5DZY7#euU9H;$KpGRQYQTL(MXJRw2P5skE&A-S5d(6J}gbdK2Txy$7Kmbfk7Z%f*>G$3zF*HCHn& z?mlQU>A80EiO-X}0l&LVN0U=82ibI55}r!cXM`gYr%OU$iP@Xv9t(S;Axu6LS`Tgn z-lM=i-krqfc=d+1I%RZa6okMs(@p-Y)YzZs{vL6xpYn|)$nMXJDqZqu^euFqb0i8b zKg7+S;(Tty>>;XxdDO4h#F$$p;yCTHqeQ1NKTX|fiM@Zb9V4nc6*rvRdFvbZokr1= z$a*mK&lRbss3P6?R&3&~zh+D(ZEXimsbWtZmBR9S?;O zL{oo}f{BQ{N*YAh#n&I^1@DzE)<@XnWOD}Q`X2rK&mPjqTog=>VPWp{T2)dH72Q=z z`2xhzX>VYxC0|p&>2hn3aj&Nb+AlK%qbH)k>*0wQpKP4Da7RIvd2*tjSlwjW%TYEe z-N{O zdmh$jqG>{@?_C_CHcS*isV(Z^mv#Kb9cJJ|^)$T4iag6c5<0JF$U)YAXYLnK_U;wi zz6-UOqD{oE}NG(^SYkR-i!Xzh%+otN(??~7l5O+PK=Cpl4A_*Q&^{(La5 zrs;in`;7UGKehU@Vnm5~!f@60ry5SgW zR6}iVwj13tFly{NtckOt`*JxaHb#+?*q=erV;9Y~6P{*43zEn}pX9ap3km@rYkGPSLI6trM=i+KcG0 z(8QEJYV~@>lXdiBl9v8nY2yO+`P9d#9ItKrK)3W`6BaRdh(Qroippf^+vfC^WaJl# zF%O8`%;Faa1t)%rfuYggo??bKB=80mrb-KgtM!G~3KVjv(|o6|)K@KiN%oKIX)%YNFF@LZ^mzS;^z4m5xNgGEHzI2 zi~zRUs==z^qz2=e%S9dUzP$sN#eo%W_HOn*{qF8LF1;j~V42g>+(xmi6h)ltC6^%) ztjqh~rdNxDsvekLqP$c>8V&}A>molP&j-0A*S{Hz8ZkWmIJxfTrJF|lU|<uPM()`z%%t_8ioM%C# z?DMS4FDReURsD5k+GX^5|NEgv)wf)V;p=kAaz~tX?%sZ5Q$=|dM&G0JOjoir-aTpt z-*dX89!SCOa)TY{JXYg18&7$_l9u=Eru`&zK55@`KQ^HbL9cEeMI%u=U#`b33w=g+ z9r!n61BIb5{Sf4lqnDRfo$}*n(4;!-3X!4dYKC`%5rV81LErn3zQEYUr_Z`X4=6ca zCEztwcN3t3X1OwR7N-u=$Z(k5FM`Lk?5!4-82|fJ=G7pb9%>e;%V>8K2`O*K z1!2C<5Lj~Sfq7eA*efxSz4K8+-RElshEdsqwYp;;8~YI za>eB5cdPefQRgy=54nzPtZqvoXk8QMH!xn!v?H=RPLtp7S7HJsP#fs9f~OAt93@kd z2;#4WwdWm=i~?+(@yjJY$BvAb>%UpYYW&yd&;{wlV0h)#_cGJ(^Qk9g#weqhfg{w$ zLoLHc^Q8BCIQ8UY?*|`6*HJGC2Me?#ap18e7fEsHMkwcOdn&P%HccBxbJx|2T(7AZ zs}PmD!)(%i+S&nFm;w8b0zNl|_DQ-J2rd-zPEr_r8%Hl8Kx*ML5U_%(fF&ze zACIbw81y-4e~ z&yX_dwhg|QUbevdP)5b7_AMJye(`JNXh~UF%$jmhS?J115vP}tDdk6xsnU-|wN)u( zRswd-KBx6|e#SfHqiIF3_t{v<3T)Yk@cN{ESlTSVJActc1kH8xiObVn_L=B)ynxD` zTEfWwqU6j09)m`CAR^VKO3b`$$_T2jd**AHbAX3$6bFvOBX#OvnEv#*E|*8LdakD8 zf=w+q*ACNzveo{$BoHFyTWD=@M3|V$(DuYHGaWTtmF&udX=h5!k7(j-0#{Ff4QjTU zX%|a!`%dmx^K$g2%v2z)Y#cC9BI?Ym z(R4R$w8XxW{tt-@$k%2e(l%_F-W5ta9whVf&(YI<(P_z*XSN=pJh_nlJs>B4bx1oY z(mFe|(^OMGBTAwzI|Mc!S}K8temMN{=U1rp*1|-V+v9K6IlK!q+t0tc*D2A;#f9t7 z#>j0>t{n_MpmGZE6d+i*H#HtjK2k-5iQ3}kGOjvNHlT@~h_ ziFBhsD>OWzCmz}T-Tx*|rPnX+X+CcKnUhlVeR+d12M3!w!R#X172?RC44j2JxwaAg zkO~Vnb(U|gZ&aOgS8XrmnRSjC^5wOeYmQw@y$`OI$2XRedaM^+z z7jUj`+$WWHa4{MCDQm#w*#s}#uD->&Sb6K_z-UnFSp7G6Eghz-@UahD;70q(4#|gk zcbXJ3-QCW9$gYzdqx@#-{x>&qKg%75HR*;b#m*?GeJ zqt>5=qgQn&ed}Gu=yKLPSn+y>28-t@dH-|rTcfR&%%{Biwqk2;z~@UF&G$vv)|(ra zYum;BorsjkF5hZZus{0sajo`p{>k}e%gvqrHtsVKYTA+s?D7JuG!BLf^RDG`1X*t~ zD_v%P``hC8KfbQn_2Ayshw)3l?^+$*vIbaJC~`Px3juq`Z!`C{DJ(zra+-W}75|je z)!UzUNA8OA-|pkP#5=@l*RJ>%+WWWdH;+FS^h!3iEF>ETRsROF>862vGn$~E6I_#k89+;R^SRzA_ zeB;TnX%(p7-Vg?<3ZJi8X2KM}kYNfos@48lq-^)&h9oiI@hM=pJnSzGJO0RG!3Dx9ZN*?4%piLd zWN>M0xyl6^)nT|c`?!3QkH3HWHqfZfwf2|5yT|04?(C^FHUUocF>J5{GCv!(E77tYKhMA4ueZ0h&W_~)D!LGJ`SRt> zn>XLD|Npmnd8105562{rTYG`qbj$D8et*0D{ymU|8EyId|9;#3ejjl8_C06e2}k;Q z9EE^(Ie!9;E;T%>`k*yqmb^S@z=vTAct{4J~&(jl}2rGtQofb=H41W ze8OJYz=@9TOatxTp%%LwbKuMK&WcZ+b?ja`yS;FYB!nY^PgfD~2OD$dmR(hi3g6?%-SB_j!`f_XUq_z*vJ^LbpR}cuuE+$q%2uvX!Ez<8=aW^?~YnZ)GG(DOyhV{yiBu>9DM(29Qd#`7i$u~@xa8X-MnQpRI3->sx4!##dFcMDQ*%KHYJD?`_HiQ+D1O48TJluJzPAaY5KOAc_ zUQRAqSm<0xZ{tVu{i7iVWWSAx4Vf%y_HtwH^hMJOgfW?HjJy9?dW&2TCx6TFBv^Z> z?qSmy^kAOlMd^Voap12Tk>XE+YIkN+WpK5mSZK|ei!lRI9J#Lac zJxCZxSBIdaY%Q*>srFHD#W1{pdn`6NKEvbmmmoT-EOpIg?yYgH1Cc z;NGNi+i}zzY1kJ8wiS)NFh|x$;gS%UC%|uNCHscmej%D#?Dli=HCWw;sao+k#9&7Z zh_Kt;BI)5F!GR{gWp2p8TzahA_8$aZLzCBCrFBd+T4YoOaU-~|FE6EROxNQgymiY+ z_}xo(_` z>E7v3yBDlir#+6X9GG6;qY4g{*Ag=oo~N>nm6Net;c?r`sM3Y9#>dHJ zJu)QG@yWI3TO8*y%E?_{iIK^{A}FseCy{`dj^+c6_IV$|0r^sF?RMqVzHy^B;fJ9H ztU+AoKBmc@ylXp7`La_$cr_8SpY&AtoX}!GIo7=^>2A)TEdt~U`!+0tUq#!D?}qWB z`%+GcI2zibtdt5zC6&(qsfgBk+Z$YSw%oSz-P@dHAMx*RaUwTvef-6d(!cC|X)`-k zxnkar{T{~w)8@3sSd}Ru344q`x%DIqdH>{}daM$@Q7K@AyheS#F#&myg7Gh7zoh#cClB4wIi|2e3DG7Zsr4D|LaPNG?h_xql{`W@9EDOi@ z!^VSFq%-D|IOFOWuRPvI&#ZU;kS|+>Ewt<>ggM%_#fIh-0*Y@JZsgoKU?T9WXRAEY z)`U=#+_650uJzQXa_=_7qfSGo?wt>f(-61)bLGA)VientNM2^6ZHr0~Be2PPVrzvP zg&bK|#|@`)udIxth?7_tw+=MTeCMpO=d^JVptj`J)vj(VxtBX!yz^AL zmUKe|Y{N1FCR!p|^|yJYE@J$dlrC*7?e9fSmJ(Sw2pQNlnY%KG^>t+s#EZBzSrPGs z9M{QJZVT)v=)Q~4J;l{6RJk76|IM>bzA=jE@Z4F)70Uc*6|ncPqL+)wy|SbqXr`K% zD#kTWshu4WR5?4JjaCq_!**Se1VbUMcz6x3xNjnbDPwo#xzogNGw?zEPD7~LckrKP zY)%1+dGOnk$^ASFsmzIu_yYH2IM9fvZhkE7aSI&S#igYjf)n9rPnOoynFC`d_xvn` z4~kc4fZtVA92r!4ef>m?km_ulNI5T52kjQP3ECHd{XN0*;l|!sm3p z7{m?n%^#s@>WdSk!L_+I(7b3hRUsLwt2!c*p!Uy>+AE z3^2G0C*>N@yHhHAo)a%I-WJ~u(RNKOY9t9jI-=2K=CQak0l`y zH?W9E?V`UBA(q#TFcvl0M|@0858X(?)QKlU9(WytH7SZp-T z$ev5nIT_>%G%2_YOsm`7N=z-Y!Qspq(w-BS=E-dVU^b;^;Q{9$HZQw%8eZSH67FO_ z(vrgbRy)-M(7aFndqVFwOoag2>N-pIiM|aolthM4hsl6rm3p%=s7VG!_%H1NxsxurK^7j*#U&oGFI_w49G|)AA2Y)601&k;JS% zj2L~O_rCZ!zGK9TbaZkCL9z{il!X>@F~ZSjTExXxXL^F=_+jETIkm5}PF^$u3r`Z2uoJ*fJOsN`5lefOu3hO`}a%*_dp?4X; z#d`mlm#3Qbp;G4qw=2RLEyIUq2R}Wj+eqIAI7d~f{ug2yr^6`P+;B|gVLvbAU+-y1 z4>oZPU}^IQ*A?q`nd9v4%E%7&7H2%@)-1`-B{@5HGDCt`tK+wc1tC{X7kca55mH>> z8C0_TXn5`A;vWeS*)}sF26EqACHlsSbwpWC4!4RlcM0Q@$8GUt@mC%RL&N}C+O7Xr zf_}#V$uSft(6seLA!E(Oww~B3T3C#LkxzpKZ=I3lmys4n<}|Jzz54n^>K$`~=&s3z z(ke<(fXa_^kVb^Uvb?E_hTq8 zmT8(D%EF&1>^c}06n5pLqzcS!3q$$D1=}rt>Z;LmQSwZX$_{k4#|nzE@)Wr@VAGa= zr?X{W{C`l4dezu%*nK&#)eq9rJsYO;ugbV3em+TjUe7rAP1Mc)jqk}nCSJcYvdAHS zB3#Rj>$CMsoUH3^D65jOT?tb~$r}9k#8<~3KDm$e;`E84V=?p~3) z5{CzW3M+f)<)XDvCGZ)S3gIXED=jvByQ@WOn}${SxrfCxx{gy4Ja^+z6Xk2*lsFNP zuVobb!c7jy<^4@Oir9J&6N%vXL&&V`S0Wc_&u)tOtz-H>cKL&F;rtEb$z}6w^83>V zBZaRetcYm*{3EHZD7oRB_sj<~*Wum0!ilo{WA@4MBFQ|uNj$)*x`KwSe$UsB>6-oM zsN2k>Awwy%HIdwiA%3VR6HHP+7lB*eiq>b6+FgivqaR3!M8I&QL0NagbjwRqakVn) zQn{@OX?#~d0t7E~TQnMQxh852-Q3u%0dqiC$0bT57v#5zEa+PD&&N~KZ}wN|$1A9| zUl>|OTa;^M=1&kUukPq~H;iXTh)8HeCfaU1+qz(pbX8VyiDrmeWA}t^j$r(&EgDEa z19jHYX7|_qg@mu?TJt@77}KdV_t363iFMX>TzMViA0ize$gc6zzR31S01F(suxLG2 zlJW$ubm7Q23g1Z*zjz3Q+G`@;olC)k{5t>v zb(wpp(9?KnmKE~FCfw6@Jq*o&@vq^ib?7{=d!MX)#$sYJHou&O(&W`vHw1?k z?PydS<41~>(D>8^qXFeoNb>s@*zO%NtlyG1PD{xf?Xj;Aull02TQjI^_h9-8!1Ov$n6qVDBQrBIXV`iFs&0JHi+6Y;9SPN4rsUli z&ezswIi4VpD7065Lu6s&fyGrvCmu_LhDHv{S3O<-dumV&D}G~aQOFZTb@6U!00OH0 zl9a`dn1*2rb?b8fwU+a~!IIY+_iK{Hqq1JPAzE|?S|7nDJl5CaEM1oZI0(yl_)YK$ zjqp**q8pxq^KWdLZ_7lJQqUrzmVfvUM>I)vgHT3gYU|;IMN9=ET$;Hr>F}d<=wOH2 z+JfG-@JigHOYmtU&ZUMKjZx83zGb5?iS*Ldsr`cE=hXyF#IoFMNp;LGRi;*FP|atk zm>w8sd4s63$DW;<$!K{OWef5KSsN8!(^BnfoK$8O?5#0;0t>O9DE#P{%sgOK=Qf*1 zcqQ?(93chk^SY!iL%A4r`{nYL((5I)Om-<^sgk}{gX=={1By)i3thDdqw_J^5{UOJ z`|u4TatBnbQgT#$c21gKX^Ma4)G-4y+Ho!S0yyXIp8#u*T=$gnxOH%F&D?Mm{&ofe ziDbOSQ`5kB2e(vIYc-`=`T9Gy{a3U#uLRpbzmPm8K5MFy5QGx|F_L*%n&K|T=aV777!FH*AXXcd$u{?q~+~4Gg964Eb=eQ=?hXw zxF@Et+|F)%cdfkQ(wA}k;Q6mgbrs&@+-SmP$#6JGc50kbv4rYYFN~B@#Nq4kVJMkY z@M`SJ+1_$Pd7VKDQbm@pl8AymT@*rgR`%gXF%q`cq9jaG4Ci^|(Rf~bFemd+Y zKGd`f0VfvPUB|Ct>#m+Dow-YN&X)TqNokpu^UhbFj7(?h*bPa7lNLoOMaJR1Ew`%V zK1%r#FT~4dcBl5Zf5^_EEhe#p=#3tyw7NCUqlQRZZSR=Uz4wQQFfONxJ%3^q78Rb4 zGr_X-Q}0a~U#;=5nI^%#f0;-5)zIMfK~WVS|&tN!?|X zl2fP7%L+SYRM?@{J5f_qUWXgo>~S7}W54peNpzEX*qu381h>Ga znhg)U#c2_$`KnPcmk2CX|mJ zUibZE`=(6LBp383;Dj5!8~plOUH<&X9^}u6(NRj6cd$&l-W&9TY3`L%{suE(AZJK- z;o&~(Lug5yxJDP7MpV(8L=HmKwy1}4cYL?;97A6B)&yr-UH2}jXgvF&VJTt+k7H$*lTAA>c7Cx>K3tYxgh`pi{ z!3Y&&N}rZ+waTmgLW=sZ=A2(Xv~gCEp0tNpQ~0v_E;N35RXbVyiYn z+w?_g)GasFI)Z2m9uNNx`1qO(e|N{NrPT7yDBT%;HL-Zv)N_$#eWQztXcL8t8ix z!!ya39h2{&l1%Ehnt{X5o0Kqr;$jGPQ!7?z@u*6`CHR<3ru?a-qitHQkPpL5Inxyu z-L)>@Xp1*!-JHle$(X*x{oq#>93^0;O|*GnfzX94W!YcAa<)eNEu5iwFK*XUry75G zyiW7@@)n7p4pt!Y67Y8TOmc{xCii&_Mf>t9SHT==q{hb#Ugx1~GgZbklme0io#E?XqVnPo{zd3V!f zJXmx1#D$qS7XFq8TBko>Q6D8lXskxLnUi-=+_SGg`T-Lok&Fw!nV=KSU{`ma3N zEu~Eb#36qeUo?}1I8P`#0^UfUuK2sU&r_ap9&D^u*HS`S4UAuRpKLQePq?H^5SVt@ zttL%}H?HSQZcH5cRe4FagI{@4cj3hy?T92ni#Phd>$qQ(Yvz)ZiV{p8f$a(98rm*D z=W=UXtac^2<~n<}pv%HwJarGA=)hiZ%1uAV?}6}jDsQj&6GmNd&oWi3$+PaS{N#J@ zPSvO1>wvfH$M-AszaO-0T{!gh1fZbGkp~L;;qqS`TDiaFMC`?2Rzc!UwvM251*#C|UL=6D5`RPy;3QtH|` z)2sG4yriIGB2{~Ien?+UjQJ*cU`SYUemD_UpN$lK*k}2Qgr~G&MM|}YSWjwAfb0QP zomKv;<0W)>|jM zx)*GspN)Fya=^O3(g< z6|o)}Gw+@8h&4j6NAwpdPI$(YzZK+An(K_U2`SzKos+l@)3u7x`S6TU;%|bplwcwx zuMdO?dFMP??SR{bTdb(N9^y!{ zp9tDt;~p;`xBKE!cSBcY$&ct?HNDv87QZW_gD-q+cj4knY^<;ix^B|lJx~Jl&O1{+ zW(p$?4*>Ro>p46i%6q8Wvu`C}TeF+P;p9EZ2-uo+90F;Nw7urAk%awn$5Od2DZ3XL zw98Ai?JpwsTP29~YpF%pnxpgYO=w*Rx>K;z}tt+5P2kN`4FD8~An) zh}0H5E(+T{(sHkHe-FChEPZ!CStemFFZO~+ zltI1D3u&bH^mn%|J=tBMg;3Egt%8~T%{Hno*_-4ZG7cgW@pu^_EBGeDb%ws>R-!ul zqEa2vyQM?9H1TjxIAeE%=@$-3!}bZ*9{J>KNtcYkx#JefScqUe7OtzUfH^`QCyzOrmM5#}? zTW~K$Pr_)9#Xskg3VIxPkgfjS`>GCH>*1{n#x_*Q3hP!V*UuiLvQ&(j?=Kdh()7>i zpl%|&Wqqj8NDE4sx84Z$LN@4VRf6=EudIfY#{(Jf=@zuRc>=C2`|=T#GH|fb(nY@y z@6*}2&O-}g%#hi78H)2>Dq(M;hYdv99p1^1-RGc`T>X1`=^yR?b1La}eP~zb|NR-X z|9e<`dagcHLx#|}&v=MiJxr_+&^kbkl5(Hmcw+?rOs>;ua{c>@ivMa}`rkIArW0Tp zVCw)+YpWjvVW$26yF%*!F+BUR_;hS-ISR8~ls(|qr;PbxOwQNGO}c!&XE4W}PoUt` z?j%Y4`ecnKzG&~zL2AChKc`T^|N8PxE!(*2d`^Hy2@-h|mL4QX6JBbiLellT!ZIWH zedwV-rg@jAYCVZc2h=qcs>kjQ>Qeyr<+rIdZrEni5_%?%pcDq7OSG<HG4x}RI~PRhu{bDr zYo1IW<3iGf_)wT=f6tVM9=dRdd{AUi38eKV%F@371hA)hbQ?~4=ettRn98t7rM+uP z(5U^S(n>+8&J185u2d?GYq=$$Dx@e!r3c=9`mO>4aK0kLZ$6*UGp15)Ka1&Ce3mhpol%UzxiJq{dBkB9C}%($eL=vHAmzO}+3Bv4PierIkln7TV{gy~D%G z$FbIv);+yW{%3(&`AD?bySx)F&%$WwWQ|H7pL~f&vOzD$b^`lBGJYp9cHd3X z)jcOaS6#!=h5JWsc9AblG|&4vks}-09Z%#3<6SMphYdlcH(cGeBh(*1KIJ9~WV|d$ z{LwZyldKTm9+a(-Got$YnKQ_ff~V<^vkYi&3Y;r>nqvjmN7Y@=%q-I=d{kJLSzFup zcm;&wYt9<#ku4}Z-4T7VVN&BsaQU*Q#gWa-#c6`&%FX=sQCz6D^CO#VPm|7e>y(gF z`O$77tzmCeCr)Kp79p6hZ$yN?4Ttn0OP%@$Z-}kf+ZUs+nyq3K;aC3Ru+@ThB@(j2@vm>ZB&?=TWTT$o4 zgBc&HncM)Y`s2>CkT22^vDJ!T`$?lO97!)6kGL2slK6#QAO+3K_WNaZd6_n*L}KS#H{|uDkieLIktD5zI6X$pFtgO*@6k>ILzf3GctjV3|GFAi*Cqp)QSyE_Gud1 zCQ~`D^JK~HQ3AC$1b1}J(-!n1ea~Dpf2Gy${V4DcBHIb^cF{5IE@E$fJG?@_DCxb_ z8KE9jJ61C|WrW$ytbLwe)$fZZe#W4U=z^|3LXg0;&9{7;u|9 zl^*kndZ;LTBgZKJ|4q21Y$t;+D?6xsB-bmxA&b( z)JNV=vtJJpjxtv4yBZc25nDfHV3VzwGDme%%4x!}Iqt`DIk^VfKaJz2pS#Sy$|AMc z@=Po_@^dgz#n`wc?PSX~)9QA?AOf~4RjgB6H@Nd%eOUgEQDK&h#a&pY(qj$3+pvF3 ztE(tk+cc-)HR!Ou^}27=u2hyxvCutNzSYMZ=9(8hg#WH44nT{EoFZbhY$t{T^Ih@V}hr z@Wa6%Od>jM{yy`|#_Spk`C$F8d9h#DZG|mmdM5QA1+8A++9`Hq6v)eKY~RNVm)Qcm z(j^?iGzG-wTw}iB`b6~GLv@I%7vq~yrJkL#d)Jb;pO$14+lZQ*1eqU89tD7z38&mfS_QJq-Np@^J%Qjt1F*-@t7{;1h>;Nioz+%#4-jr>^nF8;=S$Z63U{OKGj-iN-`2K)@# zbK%&(>a6^)y`l8p#rF0P!ol!-99p))@f}{RAiyQO2?itPENN~I-G}g;a)mAnnc0Yq z!^+igs?4wn?Q6MnOV+m($}D79{5B5T_YRu`r5vC>zK<1d#xtsY13WTXGrD(xGk5Uv zKY|YbjlObuGIcxU58$~s1&r$>2%s%iHV2NJ0-nn+DxDU(vr}MJun1sw&qJ>wM?9Xe zZmic}laKj?$x(;SQ!71ombbP_3A(^y`V{&BogaNVG&3`keTZ{o+pZ8!9)@3}Ca0vp zH-5b(*wPva`qCQtv811Z;wRlK={QG#cKRmXJ7J5Aej*+Ub@&hGrPR z3as`!%Y!R)XP*-*hJvtJCfe}>eLCKI+2`^ zkZ|nmA3%qEL>;kR0Ffx>VCv|o{XQ`zg@sC!z0WV^>kDHkMm%ExTc+Cej9MkK&<#0f zI*2ywb$f=sXsZA#-Tr#l?@yG>%w*TxikKbBT{3puuQD!}Y_ zFS@hr`$K@jjqE9uDMH_RX&(P_l_(o)On1N04v1WQ!Zc`+#6gd3IA`i!At1P7{<9EH z(5FMMe^TH2OjiI=%J(d}-+k{>=?{k-jFxa1b8PEA>xbiH5Cb2~8dxNolmBi)O>0z; z*Y@j$(JB;dZXYh=u|>scpoqQ=89&$?%Yy|kjPsZ4*?b)(?%RGM3qnUu(&s%TJ@xv{ z@C63&hls-+J^+?SpinweTxk5bUI7K1R|l$tCEZRaePLg%^2W9@!4=!t0_TQ$r5 zy&N<)l-^o=@1wU1<3W1mjFsjw)!N8}hu7`=_!wt{k4GA;6x4+%54t*t++CwV%yku<)rqX{KXji}|)oLA$$l>yT_G?yrW9=5OEYr(BY< z@jnvXAro_n7Nz_a@uwTeAY+bYtGscov~}*>k=~yYQ1_BQLbd2J4O8}a^LCI5}XZ?*C^Oy|bhTKm;p z1|_>P1g^D2Uz{4ff(h{8Y-ZLqEzyM9sk&9&egBRG&uY1|YzlkrfG+8k6}uR=G8zs2!tErw`o`pJmzNL|jEaZJ5p_RjU79 z7Dmjm!x`5w{vI~|x}!e_WyNc9jG*0TcuNCW+S?14(u&A88gi^a5pg9e*}o{%VMHQ+ z0NQq+1y_Msar`#t);5z^mP~EHtY9bf(QR--lTt4ee8Q|bG#$US-DC+zm2x3$_O>9- zFHCxlk!G^-Sec|(yAcqS!}64`2I@n;=bk-bU=){iBgSy&*N*5Q>ML-$06V*N=K82f z$uE^{crw!4-C(_WVKZ6><-UOU2m(Q1vIc$Bu3STw^_CqhicLlMKZ^kOJM4 zg_u06B^x?91X{LY<>EG`e_L`C zo!k0;1DFMd|Iy8YCeHt)M^R=wddwKB{VpkD7fhPLY9|xv3Y^f^vt7tV@B_r%InVRS96tBXL}p)% z7=b_;ZjNosLg1V*0co#|N7$Uby>;r|^Euq$+}ry?I1q(6zY@hlB{l`iF1lmkU9v{T zbvX3ko-n3KQnq%7u)ws=wD0juco0f#jw($G_C^^K_A%KA)O97w;xGu}QAu3tVrq0C z^)ssGZ$`k<*$BS%Gs!h3t@-CZzaR{O&!J*qnEmZT;R@+o=$>&SNk!NmJh z4-PDqebZQsyi{itOsUgy{+QebR7D(5v+@q${bs()6XOX~xB zc=XdvWT#mm3_?ozg_fMQ@EJKmuAs> z*^uEnPg{gQZ%kv0H%Q7}@Dh#C z*Qk4Z3Nzdr!90!yL0Z`;p%rkUv=-igDx8VLn5+~r8|!Uae?=F!;){z)Fe#Ww1Q8oM zm)b?N1NP5+>Nz4QU1zjs8^2%g-QMSV@d_kS#psP06AYthJYAjK`4@exk7i+bukFW@ zA6spGGrzRT)0s$Iowc9MeYTLV39uiPG_BLL9!?2vYYXnBgim7HRY>ijRa4D0h-Giv zXwzt0FJ*V^gYGEo2Epp1i}uHj>5WB`T4pCm4z>Z2JZ#cY6BjaOke&_ON1)UIz?+y9 zo>(|H;tM{n>$ubq`T##%_9z#`WRd_JQShC7f)1XevGeq~2hAG~)_;*LcNFP&Q^!Or zY{Z&#L?D!%_T@4>T9>-#xSVvtT{%OP`ecyMCaIzw;KeimV)ukE&U7l>P=jG)ES758 z4Q1;pov9sQeHjC`ggWz4rSG+SpfjCG#O;njFb8EFUqKySnLnQB{1=HF?9fNh61Ei3 z%BvBrtB4zUzmH(WDVC4OQZ5c@7IDptZ=WOR7;lqJv8obA2vqli3*- ze5xncsd3mdXXS@HfO{&W2Wke9Jjv`BR;kzi3ubqbi?t3*s@|e+s~5ks(u+}(1d*-y zHw%{Vb>q@Fja26i)LRHOUQn6ZO>`}6qZq;fKKsWZ{v)%sS6{!m%pV1uCG!h+m#@l8Qwh8kb2Z`6Zf`$ z*iGky9(Ra(FJ5&YZ^iV=dM(WK%z(%pcA#rTUo~T&cTPcyK`@Ny1=rNO^DHSEwNVrG zv%h34SgTbW#dgPoqZ>0G_NQ#3;wi%D?&80kPuyoMd|>m6GvCt*>_?B`shxI>-vUt{ z3uanu9((#*rXMt37?HO##+MJpVD;X^Zf{Vq+fKI}PlL^SDNUUN1ELYNJ4wCh+MUhV z6qXB+S<-P$&sICQ(;2XNX)*B^p!C$akgSV`o%)i-F*7^lF zo_{E%0LO>3Z+5bVVOu_iiGIF$U3}_=yI>EnOB?I(vQ^pWsOtT;6Sa!`*0#b3$gum@3 z3A8u~-ZfCAQhQhUnH-dbMs~dBXSq0iN5EwzkOUVvBgYUdm7SnCKbvkNU+rzgbl_S2 zEnsPWMx;4$@pFUc!!Zb$6KNtW;Rj;2i6fJg<*l=B_d~wq49%LzIs*5U?B0DgG9PK# z`F;>AsR8aHA@!89Ss0m`0`Bx&t__n3lD#K_H+Mr1bq6Uhv|1Ck34338nDCFCl2SKVKOihrhgA)gB0=*@PQ%DVI1 zcVx>8WLunu{~duG-Yt3Z9~xIsL-P>0)d>@nBSjV@%{q&iX!8 z??@j|Iy&^v%>AE7h?^~}sG#686Wu%C-?4Mb-;+9~D`~(AySuv!%Bs?-`2UxG#sar$ zjNpfkp7|}EyWU;?Ipv)T@6JMOq(2>EU0MM*_8j){`H3oQY9!0TVXm&O zFxb>%AWI@w{I|4FNfV&%BTs)X+8mG-1}MCpoxacqwm0TcK>%gBLG~C30a@0;%@h$u{=Vs?nHJx^MXfzKUY+O3J zf5&ZJpAIFE_qWPQD1O~|lZkGmv=MQCvqN*gVc!wR^6&}NGjcBNu8sG;dP2pVp*xE@ z-voY$6F3jlL%o3LNPa)=7VPLYdWDWojcO{4;sZq24kY?+!>A;*)95ieXpqVK>ER55 zB9J50O~4l~WCaoG}d-|z2x{G~lW>pKfg8hn!VjNdtdOs5Hr$<$Tg557P!>P5S* z>{ANdRXzm-4I7HIHEItB2KqO39NEJ(?NG%8_FG(V=jcLcL(+Y^0%SOC_BN({OIRYV zNDhgXG*ABQV!!Ow;suFX5`|MHN){kQJX5D7-Q{zC&ONk@&F*UfkXFIvDhyd%_dmJa zJeTodqy7T1C0tr|uRHK%;zoBWyME%9tfeRqu~Ef@9XET_!|=Q|Pxg(MP=|%29}5bG z(g=-&b9DE(Xz`JzYr-=>2Pd32F%3eb| z0}&<5>3OHzbC3&mGp5{vX?NExF_@-MJ9fAtWc)c=a{2`LlB}5IzIH?v@oFEQIF3>^ z%1DcWzu8!0n&N;hxr_TECAh>#zs?Gn386%pwUO}sW21eNyXor58(g?&%$TMnJOn?U zB`KQS0twDJ(UQEfc?&=Bi_oMxv#iZjCead)Knd-qKfCev)Db=r^gb7Q_5n@h=qxG- z^`UVYgE515OU-4nLjEj+q+s7?#4%?vZO1~YZJ40t7@4cVjfH`4<1dw~b&?bG+6r3y^vyin263f?N zs2y?YkzPpjSY??Zo$(1?u6KXxb_~hPT)u?`#kAZKhVsgJlY%`Xm4v9J;6}s1^90Z+wWEL)h2XIKvR=!y{a9?#Wy5*nGZF_ zhs$NnTs8^0l?*TME?rKRM)4`eCPub-Jk^12_9iiMm*x$-R0|=0x~Z^}nh*=-%k~Qu zDD7S!_j`(5e9*aVH4$A|bYIylj!H}p7bps&K7ei4-cgV(5Lyd;=+zJ^Y`vpSCfg0@ zUiZj@L?k&)xMNM`c$RnK=fZdPJ4OZu6Brpm?Yzd7!v(U}^^QLG9w8{cX!8dED}aT1 zgY##}-xR1NDO7O)u~Aqea=FMyw-m$Iq(391WPMX$Q{j|>kzra)YL>-SxX%@2uHN3pBHbfHZ+93&?js?II0AFq2eJaru^Ri;{MdrA5~vs zP3EW=JIFa5ZO~BMFA!v}NCfvJN(Q=UP}{)|z+N~LwL1g%f1BNLKaBr{8mWQEO6-f_ zx2@t%!wOzNU7lsS**u%C1-KO$YK<4<-7JxJl`dRYe$D>$3G;gaX_sAR@7Mm;n@w*Y zcI2&8aZw9-c$fFSl@?yh_P$M3S1ymUcwH8p+-5arJF|>Fm^Jnx6L@v2*3x`dq~@Up z|58^_EQM^f&JoM0w{uADU?PQW3Ti&hpofM zgC4QnJ$CG6TO;@NPm-X#gga6L@0U1+_%8|~Z&!p>CL>GsFoDayZsJX~^Ee{q)9{pf zO(xyDpxkJsEzH^JjTwG5SZgQB8JE=ZTIB5`KjRK~W!hX+IqHzEx>ZO9qWSaWe z1N%8el!JWyV0+zv)t48kjQVEck=h)0{HtwZd@_Y$PjLO|nA^@u4g*GU>%_T_{4)r( z?Od&HdRLyQym)@Tvnl5zh^y{P(P<{TwS2LzmPbN7dX>ilT_7nEX%NcQarezwW^8Cx zX@N-p6Wn+85~0XClQXqjeT>pQ*Im&yiPLAmk9V)SE*^8>n{YbJaO<~t4LOldjgus{ z+^S#d;rYxf9k^8;*6>`+J1_Nwj3?zHp}Pus6Dl|xfwtEmsSe3Em)nreUtS(+}rHVh87VjapNbVz62d{Fntzr^sMu5i&ZWMO#|^80APrHLsUp3 zp;0;ZW>Xo=C^P?_$>KQp(xZX#Er;m!7GsGyy?9IGN4H47V0>Ay_AH1Lu5T2$FvxMJ z%yzV%5$E;(F5fjI1D&^suYl|!pY#Ke)xkNjxx3LF5Oa&1)zeE^zqFI}v)nw99g#4`%u&w6$AkgOtltnSUEh8SiF0MsyF&Gw?&zO&_!qUFGtH;KrM0h)(ha@;twr;U;Q1-9 z>fATku>PQ&Ubg`em(#|s5X-X>$t%{jBUf*Dcm_CpMH_^!3=YyRh;7%W*{kW`mliK- zjZ1cT-;vkX2{V8L$gVV(=MNW-R|T+$7hLO*@sre$G*qs8qo|5<-rX=&Q{p6T8dpuY zJ&zqL4!L5Cy2Cx(0ZiqMQKHle>EwAjzDs{U$oL(7d>Nz%}@H zfHm;}|857|Uq6je{P9=!Ewn3OBmFtBe!mXf-vjpx@U;KY!v_En($xW7=;THLQpW+G zYw!1ZC;{-m|JNO-5l+A$xKNr?`xu};1Ngi15zcfzzI!{bU|KX!5J-zY2Y%8bdmj5A zzE=Ecyj)Z=*4!1?#Z@fnf}N74Ik$4>P=9nGlmU-*>nf6=oK`%t26Fa4rgAl8$)89{ zbaH1=r>f=w%14i46n%`nUf7A5i|2U2k!obKIY;zcHgWL*m`XQ$itLrwwj;SL4F1*t zC{Ag{@f|12Yu4Z{0Hn8;ce|fSA#j&eDqohx( zI*b;Ko$sI}>&6ydxd8yhG3K~XB@MTwxfRbAZ@2c*pjVl{OJ&ZN0sjZ6WQT8Xeb+M$ z4Q&@lA$&M|efHitSx%^kJ6k;mowU0Q;_e#e>S`Ms29Bj)`;xtv_I`Z0C?h;S@(H*b38Zdw8<;La zo~997FD{g^@k?gDbXvPc8-VU!eW(v^i14zLQfI@$BgTB9Ea=gV_j@B(J*&OEvUEq; z-AOUX(gsCA_g9@4r2!n?y{aIqYZKzHd0qkKvt8wA6+fmF7r~Tjof}6^43?)Z5ZA)gx(otRlgbK1WhZLi04=yL)?9zx7+E~ zbU?5CEWo~MA&z_l9?c@mB)&|(T)X2Qz|!1aHvCM%EWG6f^o>{>aEmyxfl-h{+D+l6 zuD5gZ`-8qV4!~rxm%WDNdHb%PE2_Fg+zq|s@5jR9orA5tN-YF_ccU1$iYcx&Up^u^ zqwleM4dfKbkKB-Y)bOa8d;WCs0hP0mqZ8B5zk0-2P#YT?7Y#u-3B2cmc_F(R-H?>z z58#`H1$igu*dXuSRuAg9pX+X2(nDyS9>nv+p3>LT`{Jp)yj=g>$^T+0FA2Doz3y+$v30jQ~@9xz;0Na?(H}BY`E%vNTKreuK@V@v}CAzYICPv z|A4nd_3fXZt)X}DFRdHY%LOyQ3EwjQHf4A%yo)o)0RjF6sOqG%*DBof&4md0aezwbeItBRIG~g)?2MW^% zRhi$>@PGGy(D+~fRWF)x1)l%^3H>TXBH6r=G?ujC z7b1(wAMZrV0-1)hWGVn>FL}E9!|E3iqpC;Qm1)C zMh-fM96-`(pmMowDgamql4Zc-GktClz$<7TO{db*9>DYIT~7J`gc$!{fUpc(*2dk2 zWj>cX{sX`MeFzhL_2lKphE+89`EO#+S2h~Y`k&4!oB*I>i_POV4}Pqr{P+RL-KVgD zSsogYAZn+k(Gx=TX!bnbulEKxm=ggch$?U{2$>n3kLvh?qq05}FoBvm?)F;nv2VYD z@a1PTPGQ*JOd)sb8IL3-$ud*B5={=~Q-aBH=DKjwKx8tulP^$pQbbQt@ffB_!qABt z+tL=LOoP~IGG8(i%m*-c!%MFw9)F;1sMC^-!T%3?Zyi?E*6)wvHc&uN6p@w^1O(|u z1Oe&pl9ui+3y=osmhMG&Dcy*43zAD379DrYh3>u2dEfIs=RN1%=RWs7zx9_cU2~2( z$DCt)zu!-M? za4wHEW@huLyzKL?RALKLQ)^;s=No|>QNH|SfJ#c(*1QDOUwTVO2)M(?ksI}==RAz> ziI0wF3d7KOmrn!&D%vxM{rRNG!SsZlT)xoE*??qXxdv27>cbS^bdW1%5gEq1%!xf7Ncy42VAVJk7z<@byT znYnM=L`=CYf45fsLd#Smlf*mg6_>eb-;7%ndT)z?=*E1PqNx$sALF~K{2Xy3Iynk% z`SuY?YD9%t8;wYRIn{1uVyfO;Z8-UUgM2;3N@!RhV1Cei^nWX z;_`gM$CVbqFh2~hN|cVtDR6pa%D_{7D?Xy)#1Xi=*>c*aJ~yzPUsF#slFsQu3Z(C*Dsf z{8AbLLgAZjvLp1nYZVP|qR!bIL!IV)L2OPg%|4_Uhbl?E-l^Pz3qut!#0l0Sgj*PA z!PtVcLa@thGd9TvYyh7$Xv)T}1(uO{{1MOFq%m0Q2^)@cikKM)<15l@H1LFSHl{%p3y5oyQQV5QTE#&jn-DD&9W7c3fbFmy|*M1#CgiLbW3HXd8M+J)&`4s(Eeo$~6F44`l@ zxsmybDNCh_m3OdA+u*+9S`|-eYCGEU`S#2ASb<{`v5#xNU&yE~{k3$BT4~tlR~rks zg^USF?o+b%0<%cFR6xi6Ve(#nEv3;>q5jA>D$rd|#57OF-I9KxpxP+ax&8KSh~RCZ zFuqCFWg|s9qGfuUxgvlrrjaMp(YQHvDd@w{VXa{K;P(1COx-C!9EKLtX!@P_}9^sZ@?G~JPkLcF_L|lji$MsKcYG`T192k)MaHCU{RHz8#yJP zsgBqR1x5`{C=kth`O?o*;==#HFmfxxw$+;W{;BiT;b-3~_UB@I&}b|`l;;zXEqn+cx}Y$~BDRMbNx0Q2Ymd*xx+jly2|SprZ6yFG z!eOM9YLob!Kb<@`mD%_H3;REo;*6l1_~|{gC_%f#P7>DWp_deW^L@r?&N$v*JB3pt zdYBf6cKiwk!=U^Vg53c|+Fx!a+TU`s6PE>SnsMQA9veTo?jVVM@JpY5<*IL^xlN&q zsA5+qz{bM4>E)PXu896sFuL%c;f!cPxA1i<5lb)wIY_ zFxUQmuuB=nK;N4fk{m$Z^>rz`{Iq#>ZVpjF-V+hY+yxE&^~dezTYE2;a2pOT=N}44pi=j_IQmC z$d?<)$Ha!ue~8PDm?};V_E2rpBjbCOr-}C)nI~(VO)GHbVAY!xhdprOMf#oXv zPt|2Ur7iSxzrHQOlJB`;FT<}Rs7Ct;kkZ<19(=@$D1~&BIayhNK5sTFbJ<7eENd2IkAN-+|KOM%5*Z% zZ20cNjNwvl+$02+xupVumpg=kq*PbJeO@f`2rBgC@NwOV^NY4T{k6n0hDCr_)U+wc zuUW08bulauNtNzK{GmHmodNqX!q>&|48~X`zkMH6{eVe;-Z^S#SLE#ve+S}gLC$K7nd789M54UeN?;^%JAjTYdfmIuBl`!r@ zu>&1*b0h(E!i0F_J~ZXjSid5IxajEJ03J^d;eh>s!HdQC85#Nx2q#aS{A1U}4NH6J z2aOz^W@jHcg@M##@s%V@s4gcoKQ@)QBU*6g^UFlC9N6{IfgdlP**!_o!!9eGkt8yv z0$K?r5G!XqMKk%ih6i$n$@?P+%A(N75HaWOCHs={vkks0A18aPmeLN>C|n?|F-mw0 zl{d8+@--uSvD&Cnr$P~~A~ncO}rWD=_r^w#qX z8K(d2xFh)MJ-$uR(a7VmXT`DAQ*%^N<=;#s-JFW+Q>~7llZzlHx$D@HJBQxoZZBZy zVNfDPHR#P*aybr-y_=~h`$KJCGn&_axgB?^A2@d-dLLT+8h2){=kb=s%awdVr{vcB z^F(Obd>!?-i;VZG0)gt(`6rkv2vh}oL$i#RTz)RJU`PuIXBIGs^|NC-(`wnb`Gg$% z)1cj87+k>YHBhpU#Ij#gmK9PwcG||gHFLuhgCUVniF*UvmRH-3H&4*%O9WCM{zv2A zE)CYG$=jD~&f{?MlG<*w@`rUqMn=Sn_Ylwgi)$9U!>(d4@hlY_f^L?5I4>e`j)|d( z%MI?04i;MnP!AMyrm;P&q&j$yo59R;@6M9)(;^iecvOX!p2Zebc z^>o~(z*?O|n_S2iV}SqMSLs+4=+W`hU@h61y|rzg(~CX&9C!O8y8R_@^7;=9LIau! zpWv?miPfNKg=7?ufcvgg6lweDmwnQ(pc{O%LVQ@Oc9y19ce!h2ssd=6WTPqu_ottb zK)3Ug85EW6=F0hadl&@IDrU!p=RT26yA6vnYUh*)jdQwUcs{?1Sh;a1+~1j#Bclsy zu+2gA6hzvkE8MKpYdNKPGCQC4;v0v}p9DTRs7r2W~Mtl>! z4JdV9X4N^A@RzB~fV^6DKFLZWgmFKT*ULD@A51QhW^+{+ZEROPp8)GPmz0LBW=4_C z+H;Y29xt*qY?W=czs>JR+WWToD6M9Nsi&8du3bsm6jh2lW#%CCd&8prP3X4uvE-K8+8Xh^qyxkw2x@5LGHl50;bacC;eO}uFwp<; zqX~2JL@s<)oTs%f>XU@hnG~g;XMCWCesSe3v{5;DgmPBhy0|_o@>=Q_9Y+n_G51nC zaJ!&d6aSdA?)5&aoyGi>m9CgDbjFLllpP=`7oG%v4+bj%q2fK#=HTyTpx?XuKMODa z(Z%3@xcfsk3DlE-@nEp#+r1+F!#vWUEbu3m`pv(b77kVJzryf}Ma4x>HKG&z?fVC{ zFa9K*flG$!Xpvb}NaWef{ylE_!oot?2^}(;`u4Yfy2A7_3%SD)X5H|iLn0iEY$V!} zK{vn>gQ-={K=9$hK0qO?xfJP!SQ)bzL@U?iZ?&`n*(5qBq|xUzXB?>^6j-aoEk58s zomMgi3j2G5RFC+^9<>gNz@is^?C5Dq`mW`3-iq;C*@8W?*#L(yG_)V2Q9U-o!g zF^?(IYMMMnS$==jxr|e)Utgxk#?&Rtw4w6}@ZJb>gduNjIe>x!AM|YsOa=Ax%x9fh z?haEK_2Fxk22c?9Wph}dcg&XG#)<#6Wr*@EGXtZ7(}1ATxqe%b=7-J}jL65@OcO}W zpC!(Ei9LwNf~f#>x^#-!?jKUJ(n&!pv0YejcS^sV`lK08|C9D8 z|9V7~KsYUuD!WyJ{Jjb{1Y>k5Xn0|-0kokNxaV(7R@rV$*8y7`KN2L8_gU@3xR`

p0H~4aS&BTmP+IO|dG`e%%YK5?&|1*la|NR0 z1K%fl$mh=syDTEB@WQ7@9}}5zHXQhpl|w&%J%>a=ARGfAB>*E?M7~3xoc_!&H5`x! zNq=yWTwY{x|9#(_f823C4_hDaO_gCGbF6>0ef?D(QRk`s0H}H_fFJoD$xYBhXT}}V zQ*|Y?UDV^OVmGLjT-BPWJbV2O$?`*iHpAchs_K?@pHm-5QhJ1MGAKB&DnK`LMO}09zHhPwGDZJntO)IxB=o zjuHtxgA5vI=x7y&_=uTz^zDII;e$1x@u+ZlJSnx1ZM}DcVHgp;m>F_La>3ic!;Cq| zPcF0U9CKEt-zUoImv3o?4LC6E$H7drgRv$9o-o;#p2#UL>*^JIM~~#R^?I z)iyLr&N-D9@isVNn>>B4*p3D;QwK{BTDif@H^Kl>LCfdKrR#}Hzi0`U@|aq~wdb&XGym{$(Am3MG>VRb?~(rH z0nMvE78K>Zhxdatdl5#H9FF{<_*%%EHB=)kSM!T?_@pvQbL#|6K4f!$MxEu)BY?Pl z{+gN%hY=V3J<|8TAl?LPY=V-#*_K+aR}Zi!hF0q*dtpV+b%}OuEEmo}44>FE^W+~F z_M)wvZ!JF_QI&CIR3u3d^%$Lr;@E_;-WQZlU9&taGg_Azv>Y@{k{?p4A=7#?D6L=K z@NANz-~F_M&Nxl{gAkevv)LB-w-^4@t`n{HvK%Ao3=LlE%OnZW(NDCsE0WZ(uTIO^ zS#O<`*heDfH&gCveiWzsdxk7}nqH<^xkRkh-l{lZ-#9I_H$9a}^r%O(aZK`ZHCEs1SDxxkJ_sPb}kch3Qu zgU2k{>8ZVP`*@tAFzX>TT&Aj(q9d&dZ>*~F7#Yszfn4=#Qw;Nlq=bZvaN^Ua0p&XJZ54Sr!YRJ;|F+FMYfNFI~JrF?aTy`qHP&Qk8^Cd*(-a^&q}Zkw{Q zb%qh6Af?QFt{#7;{DEGkG46Wn9xA@j+7w$N zU9z5@Ph-&9M}j#{3fN;sT!KoAqkdIUGR_Vc3C)G`BN~BoWf5BIllh|U)enR?CQl9c zIOzf_yatTeXnKFyy$Q|#LQKZoW`%6TAmA#0{2{jxtNSa7C})#liCM4Q$-OxBg+ENM zGpGp@YDeY@4eFtr^&&E@r0gs{I4+o|=_Up0Z_lc4|ElG?N1yOiAa*%ZKs(&()heX z-rK{iUqG)}{ic9ojfr1uo3w7#pcwm~20_Fr57Lt+67VY7ADv#qU$1<&t@>tKir8;JBa}~)W)|$kw@V{S3T5QX4eFTl zS|a?ZE)7s&V7s+?%?I&z6Z`wfSU>4V-) z(eJVsc5mK3vrm}I$&>st%`@+`_s%UQz3yJ$fRgg zyfH6IJi4+Nb+dU%1XD>ZD3d9xvlo#j#xAY)$xm>pgjC_NaeFJ9rakKPeF5E^A2Hc8_U9d*Wrppzk&0xOj$}!ShJ`Q>$*tFGWp_8CAxdf zhtt-JiWv>4n4zBL3??UQkLfun=D^f*vFhlwvmfm`l9-HBCS3`2n@=v@%m`qnaj1Y- zyhifD#)oEew!$J{y<8>}#|x(HRPzLaw7EF~9k=*NxL$IBXWa>|wNc4b^;9ZPgZ zOwl`w2-@y11MbhV*WkM!K?D?ii!W>*PU%Mm+Ey%1-{q97rx}{w4w{;i;UxRu^<@!l zDTq@$!ld)%vBhm7?E~c&5D>$AN*k@x>?>5vw^3FqbSpDQhR?nhrEhi67fE;E5f+Fk z*0w1Ot#6mOIh(&$fF!P}TYAk-OJ;jeY~hW`K!~(2dYI%GeHXdIzu=iGMmhpI>59vLdpoKy z&mZWrtw*f^@rr1~5cCm;IfWYh zD1MJS+uIS*^=^?Px+NhZpF^yJcLMPJ9Hpc|#4Xo)KsFX+X1KX+u+P`B)W+4_aUEpH zdy*~lL-&K;l~;qJh)qyz2J8+@9?qK)w6}YtH1AHmu2;#oy>V_^C%x*)#blN^Z0+vS zj)PAbWD5}RpZ@+w&i51jKkQO6Pfw)m+VT^d!ad}#@r#1a5Uy1i(33mgcSmsaU4k|! zi3t9xT$IQ*p_^gwz3E;I_dM5*KS*-O%2?*$n8ADdVo z|7Tf+n(`t-8@2ljOZ#Wv{kD1hdr9Trw}Je}a2Dmi?=$&471Y;oc98M33{T29Hfz*j z2t-l>ppjNrAE2iK$rsUI?n@zd=V$J)2I%Y8WZyfmY*%*>elkMa)Qe4 zozcw{bBTNUpe(1Ujh0Je?m45%>Z2LbvLr2{M&JOaorU_kSlB*tGpo)2hQ^9XA~>z zM_P!fC7$n?`Z9Zo9zu8f&4)UNvQm{)_hWugs*BMLJC<{|dkE4c$NLl(k}rOhRJ9n< z^`~8w1^&#obd+`F_js{wY@*zQn`5P{WO0Vi^?qm)k?R`OY8u%iF6xPNvB7U++gKky zvUhfWU=q};5gN9d6mb#@WlAX8zrYZ7M#dF9=d+W5`x|)K5RL6E!7mP58nT_({7ADe zXF&Q7>9x@be7wZydOq&487%^_;gWSYTX3h6rlzGLn<`u4v z$z<+czL`>7+-RHju_i?-S<#pc^mYq38{_l2n)IDaT^+dlVv7<*_KNO^hNimNJQO|4 zs)T_Wzz{42JFn+~uY(5r4?X{P4A^JrO1TPw}7H+ z%+INTA0No=1awfzy%N6b(%LwMG6~3t3>LIONmIVngwr-^OAx(;_?eHE_yip^xoN*y zUN_8~l4i5q|XMVcGzvf?awJQ9W;HW$EOBKQ- z@C>JP2FCFgOZnQz@0`3>DtdxGNW5w##occYNx1~};s0t0A z79N@>bqW*a?x#{6uP4OyVWzDY9kb|8F^$r$nmh(X1VUwnzTNurr4ix+?aH8 zcwir#kV(2TTr<3E!QBNru*iku^qO}ZU%}N31@PodqN$M_rqGGl20-_VogX+$2l~+? zV>&*P=gx;RWd}EovJZe=GTp);a%%OV6$~P7Qb}7>0fiY2Ct~;7)-yv~ki`sgC=caf zzgZ-0`#}Iu(;Av*ipt6tsHrv20Mom0)CXwmh6Wu=Ic%DJ9n{~;LsySyKi%6iOWG;F zUFOmkr}oi?T3J5VIEmLG-kVN+LoKytjjrZnmpM5!qqGiA$$Jy_Dhj&fBv}?OZ(_JF zPd@~|W1Blvlfj*x?oXhlKZcy?Tv2CU$j`Oi*@h|MJ3@YSQ{ZX-u(itIr83Ve5;pxm zoD}o1wf%B_YJKc|s%|uGl3MMu_~*tafCZw~qr*Pb)e`|KTwSmV#`h3|iqQ=Zr_dKy z<7MBbny}fsn7dxUw0+!?J>-{G<8Ij5nv=<|kkMuM)lWf2ce2X5))J$mLzH)oCb1Y)x4QQIGdvaH zjd7?gXown_^jToCRs*U+($-D>zvdvX1{=V>k12yoe=261FWP@=xyW@VXC`!%$|uL>b~M zFe}lEq2xzWg>UBpL~7w9!a>BSO{ghp}8G10+d_RWVH=c*$> z7JOrK86pcJIBA}N?CB@75ANLEJPl%&36n^NHL-1ltPV{o*a|vkar}3L!pWup(Ko6b zh5g&dnuzE6G)2;ItD{Zs%=ILkN9M@deFy=2rgEL-6@P#^4xzg0sJ8^cy(8D}j3{;68G~B!g)hB^a{ntkgO)1D{sMp!xBkS4 zAJjqW;_;b^mwaeUo*-a6JACWMMMFcwy9w|DzJ+U;pqYKPDbwUi z3jih%`qIok#4)V3GRj&`>(6A_bN^&~pr`}qif^*}mQM8HA&2j3X~-5t6CnaU&>(gg zX$9;#R;$2|P&f-TvBYH%OtU*G!dt6bouZWb-8F@ge zP4KZItL5ifu^?lFbV;1iDgm;GDhRIm8xQ5=SB$E zKSe>7PEdZQ&xMfq9(-Q&|9=)0{Xd*pP?!2Inv48Dkkk7!0rwdVfmuLU3Jn7*=q}R- zX$K{>2+fVy;C3A3)`HZH#W(fDRcJZsd@9*7nrn#JK}RZwI$wDGS~IKF_Phmw9ZbQ# z*kpG}?^_}*I-;ldA&pql9|n(4pF)kYWi(F@KHp?+Q~{#!Pr?q@`ze9-NkR~SM|fOd zK#nZp75|XRA)x1Y@4h|X<6QGew@9X6i8sK<_FhuqGSsnzvt9_WQUVm5W^-r_NV#of z!s9@^&&Yi321JD{>uB_M+O;z>e^FTLTK?qg{bHyy2h#}L;$A`u03(+$k`hjQ3UPAA zXDBl%AC@Pn$=xB6u$zVJ;~`Vb*OQ=p2tlIXzh@mdfr$0bi*0A9y#;w~JkHHH{&+~2 zv-jxObPr;abse(Sn56*`Q$ww??FT&21V#7gr(2x_(A!un?f)$564aEm?)8R1X2i-F90MnclgMwXA zX1*j{)T(~WMb@AJUD@t_gANt0%hyA%`Z@K^sB$ z$ZBY&iJ(#z-^a?L=WKGC+S-c83i_jGOuWBQ!!E|u(={94)=M?~b;zb5uPki#j&`$_ zy7oa|;Bln!N)G;rWcq22mS?|Z{gAS{nyexv#8uHB9XgP+Ln4=o`>TgSkE+wkNeAll zGXJF5CdSU@Xd}KNp)>r~lv{&vw%QM1uguIU z=-l7sAby+NDaRck6Zl?Dc(q1i{vByE^-{$O4Th-lr<@3|?IJPVeB?1&7eo8n~f~h zsPjV0w`>O-&1jA0b^ZUGn!m?2py(2w*=%H_MC96h!4u9>)pW$jvMH+{IouWDlpoKT zQJk(W7nR(iz%hAu!sY_y)lVEUp46+)=8c!E=h!Z?XdD+O`Vnd!teG5 z>rn=i{uw*dyL%$L_~*sWHGefC0hcjceJ`MT5a#BzQuY%R&QYy<$~>@+%m3*OYDT zP_rj}c(6X70NwrgF$i_dY{YrZbM?O*I$<*N7I~Z1z^C@ipa~_?%A#mPP~X8B;vhCi zvBVXvcMz8SuToTu0{ip$qs4wfCzE^?fGDU42mMFH5OcrtYe^)29>az3k<9hR)q-s{lW zVnEo8bze*w{l8Ll$qLg@zd-YH9EL1M0=OE)l$8J{1sKF88|4_oxvU?nmQ;VcMrn&Q zjumH7DoRbZ-`w`AbtGqO$gSdOLhpCj)qr3xhYXA3Vpof{YOreNyUR0z_to}hjDw;? z9b`B%whNmMOE|OxM>}a=4~wE^_#O)qyE%CCCr(JzysGLFb$J&a3^m zwcoXH$6xzIm-<(JcAY^+3@stm_J6p9GEP#^F8HI;U)PQbyW~#VG;BEmTl-8PANd}a?(I0 zG<>5H#|O|oq!a|d@xV!T)Ihr0hStM*KJ z0M<;1N+!?9th$;OEvKg>4-x;MrV-tx_9d9JLU=WA&W%}2V`BXXzxvGB!sW`z+IH^R zvQ$=pHOyd43RWisD?M74C=P5+-YSo+y-an%8>^r)a+I*!5GYT)4zA`w$aMy>FY;TW zTU+Ha+qC=X@@o-FS)iTUtgkOH58qQ`%&#Bm-cWT}IgsbxD;M^r$|&fQf~yjs-fO<1 zn9PRB!Qi8u3VN<(TNG`T1OB+#GCYd?2`FpGnU-#7hu~;dmY0iJgjP2t3r>HR8S@Yu zZvF*v#Oxy>4ufP+Thh6D;mp^AG1a5%P(r?FH3-l$DJg0HAN^3=|v@;iiEs0Lar5S}Uso8n^b#_{<*HIS9Dgq8x4HEwlGs{?i zx~J5sIbD}4+Re-9>h3bg+wcB>dH*>yrI&=jlqOc&QnGQ|eN~m}nER$k4>crII@nZY z9V;nqi%6_~o*yfhnsa;Fa+Z=+M>_b2DtbnseBm> zg*Uh6@H$jzVNzl;bk5v#lS)_~MDHfJ$ve zTt{i2I*7fO92zOC*8BmWF#V7D9H=?}(?F{aY;r~yDp@oo9dO0{F9${{f)L4I)Hn@fS{I|hNO<&(_`q2Aa)XmDhEFVtww0hhIS3P%Yxg~i$(i?7K zE7&lf^U$=KAsegs#MXm7AzZBlEvJ>`=3&qG_;vPowhGT^Lw;bdwLydnujlUg(-Yq` zVHlvdh0yD2FsjWwA=w|@8i^}a@l*{DHO&pz9`ils;PziMv$nVY-FRa$`GMaC{XsrY znKg25q1ScYMpPTy@@d!SL1|wqERGc)(aOlgpZQVR4o`9L66#@#zV)*wu__VyN8Ip^ zUaRVqp$avHne9056GIhSr%>~&Ht}`j-!6J-{}khRu+{*h=>9CEb(b@-GoW&|xC32X?61+udW}iPA`@VQq-WWP>#Q4_-pA zp1NDM5gx@xiE>oWF|U%mE&XG0*<9y#*$30h`HtoJ(`=+&N}NV>U5*6;>u@W{ecHqL zR2%hY7LZkWP-IYt?s52 zJFfasJ=-Q2PA(txxwVSR(bRbt`RIRn25wJwOBBA|^t2A~)8%Tf&mC2zG-dHvsWN@+ zR%MR~a{0y?Od58DOyPI15#)F8q?f1#9zXJi^qggV5O10x>)))UR+qUy_&?T zkY0>PE4+^2Aij0boaKibt!FUHlIYXI0cV8Ix+LfRy`+c?hsb%Q9M2dkFY5K7Ds_3E z2TK=g(F5p)WFCC8+<2jov$bMzXw%;O6JKOOoob&gmK!ZzoQgPfltKFvXaCHQjH;?4 zj!ng5@h^UUei+(wT|zdKH@plJ^4aC7lm@Ps}UF?GH zm{`7ai<$64ynn2koF8yQTVsvuXR#6t5Y7IhB>#bXMVU*d4V9swy(GaDx)^;UQ7a1rHxIi0 zXw`&T_f|{X;){m?tb;{2+H+WYY8Y+jmHW+k`<~8ZlKT?+;A)?wt1{gho<L=20$CH6{1qA$v5knR4{C3z+^pcCDjAQ=9^cW_KSuq%dJ7iHHEdlTVo zmwyDkZ2@`3A#XN@8IaY#jTbT#ek=hT{C|u^QvR4(CcTIW3Z!9$_M64-xZ=IDUh%Ts z6_Ch0a553p{aN`yF>NTVwf!a!5SeB7d+SNJ#QuyuHd+`Bk5D2>@Rby@Ynpy6F_wj4 z8h*1Ppm`pnW>74F8KQIWh1@VfC(O^5G($QFu|5TZer*Ga#R2x$8RmYNC(lRVBB2|Q z;7m2$0XZOW>eE$oFNm2b+5Hb1w80WKOu7#@XtG`rT1|^53$Ja2$@9_!LxQ2fAs{XT z`*|tS=9imFQtP9#6R1Sh@hKFkn|)p0Y){iTM5@w8r~04LI2fu_OnG#^rzzTE+fwa& z$^|gQ>J`r> zY@B3$^P|ILC+IPIcS|`4kS%!KF-eiv2Q(Z3*gm+lMPteDdMo)2F*0I@fsZsPWZe`S z|A-GL628eteV~&|L1S%nW%N$^Z9OFI4B95KkGB#jD?#N|ppTQV;X8~*=U%fmS6F0)dka1$?=TOLCdzgo#2tyfI#l_C85+d{;JOv?@jWg* zP7PrNTUN(d zj5-^FU1)&Pt&5B0o+IUBt!!G>nxsOOZ@Q>-y@8#z!UKiJ%Q<eXSpVI_?qE6=%e= z*i`}Ep)XM2niQ`XNT=l_l}9f7*{JU}Mv?}9j~0;FP2~wH2&3?!Q|N0O1BatE{L_&~ zZDT!|V_Cm@(aH|3*D^xu9Y1J@jUsH^gue5_e_rqYV9(w9;30*0@!Vt5SRcal-N0!V zqX~FAIa6JT?L*j?O_}{P1wgu<$Il!W3QeT`Ub1xETY9V@DKT{21uNp|yvxLgC8ZDm z*y?Mfda{wWjUCUkzk`emDeTpuTOEEAtYG0>wNLa`*>$tpRI1l0tZnG?(ad+ApbGIW z&YhcYxVgbOirvnYwN}tbcm5z&A;e?6{Z8h6s^~r8_U-^jr?D-%u(E3{-?p7zweIc2 zQC!cz?y$|&9!BXjQj~P(DfbrFZBjhLNJL1T)Jcw%qT@(5pW+a%ZSu{TV3_{Els!CN zKGS1&MO&i$-ms&`teZBqqt2CT%kU>jsy))*$Hv@L_y1TaovCGPbbp$GPN}`O*C=KF z>cA`E3%(E~qI~ip*JngFY8_Xz#}#B*10Zpu51cQ(PT%Q3-&uX(;W9lQJ(R@LQ@>c1 z*3jqd(#)qa7ul=zu+0$!%##BH6BF~r_IoM0xwJM6sFdO^t%gy%BT5C`bzEPE zCUQ&1qUKu$GJ~hTCCPQvdz;kzxY&#nN4V1rx&5IyaTwOpw;N=W&dbX?X6-ATE^Hbe z4$ODw;-Xpuq!C6YGspT%(=E48AC0G%amP6hcRQN;V-;M`RZ%eUC>T%*6{NLR*F9<~ z=7siFU!1)eoI2j<4%nL*F=DIHzMrU4Yb+J*yt0OR5mC%bRT1 z^+(`gPfvk)2R=Vm+H}F9ym)GS8tV-%JEjWp*@r!m0DOD#xxx>I^!rnGtpmv{L;igb|IdQ}?K(83-yi;b z=sJFX{@ovakEwFB&Kf%%-!4DhIh>oG^bbtzh**+$1_x}r49-biRCD@L4^b!Wu$t7@ zxOX%ebGB}n+W*QSnBK#%V%Q5^+A@B>6(Ug z>e8fI*O_|=q1J;6VtQ$;q-8lAwrZ*FTFZ*Jys}BRmz`%rc*;&RL&=5h1J#7b_?&Cfc+NXx6&IJ zsB33}oV;I`Y%rj5? zvgxXEK@;I#yzL8O@te>3B)-wRzs}=tv-h{4<2m3{v#vqGQ3lruL~-a>$1;j{$T1)W^of z>O%*50yj@Bj!c`=Sr{(r)DuQcmg7=04epVt<+Bykb*loS*R2Ob37JWngeELUy)&f~ z^0~Iq-A%xT>I~<@_dl5a=F4(_23?n2q6W--q59NgXhlY%r0gHKO+Zk?E=4u zZ>a5Pb{Z8NK6je*ci)U0O}+(h0H@2=*elGQsVVjHWS%*1ktG)^j(5AH{ErD(%j|dD z&YvC6eVX!A$wc*O-W%F7%&(cLml+Wb3~)!CesWv$!>KCUG|!B(m?G}SD$Iqdw_)Qm z^oghfCdRLlq|6APOzP*4e7RyXi(ZIDsL?bOI>;n2el9^gaa?WC;1i84TGOc~EsVUK zi~(=59)lO;!Mkf%E5bK+J{0b}D#ReLwmfy1a4|eCM!RqyZE@Bq2R^s0l|_wzNb3k>@~+C zMv)}<&TPAK8sDWdTh4fz?N?omm^7}4zZ{dJSypGC>g4|7Jcctv*z~72_MSk-!uOc5 zpD~qS9h6A2ArP3A_OI};9j7twIE^l@=RcOinW*EnEH#tTOkE4QqHS5wQEsW7h(}cV zES0v#P90UlOU3%ei~d5Cz-!&a0kicqx_KJeCS5#pcJ19-Go5jXB>68YgY|m?5-DsG zF0(~>=$0GYkAeAdNvZHhCg*-#tuAfkL65w7r)YBo%|%k7xbLf4i~>`B*bVoG-36~L z>4Qd7)GVfLA_!O)>BUQ(!vd4A$f)eY=%WHhuHXyb-boXoXk``EoMgY9pyXv~N^-4Q zAO-eE_1le^;!gxUgLwp{S#Q%~Ye;Pb1Zi=MoZtDvN(|DU}pi8&t zLBY6eoXH+lgJgzqt{q%vDCBrcZS1-(__9HktsD(K@L4t*s|B?w)`EN@tLxNCRk|$uXcLQ?B|~pC zttvTn_``^d>sLE`F@j?;TO%?Lr*RGYN6n4y{XvO*1ckfTZB6&2eWoUGy>|=Qt=2C) z?ryy#XRo`l))~CQiT!BjnI54w{M*A4Z{w*1c^o!Wt%RE5G?i$)bz_c=H<_`uI=x9W zgn6aYQHJ+kjISOv^B8A$?cThJ*sJFeM`*;jS1A*zn(d!_L4AKO+{^DRAp!gGpS0SGS0nP>y#_R>k*BkY;;?@!otzC)+vARJKKZ0Ly}nE z7E1YdCv&rX(bYwE>Z~4aUgMo?N}Vp=u%(uc>}11{>>Ktc5xJ(-=7=^_e9g=Z+{o|* zWy7}8*V(2H)jP4PKgQ&#L?Wn0)_F!%n0#WDms<2%$f;YWAdqAzMNo7C1xq2~!iGr1eJN}j=E!iq#fr1&&!65qmzL+?xf z6j&;Hh+(Fv$;)ekgTIW{U#+o=r{TO;iI^y{%!BuqR2{XB%}g^9nCBX|@c5T7J|507 zocSulj*z^1Gbu<7M~(c`y=SUShXFjf)gw9PChH`whnCg$`qXCn^VO@hr*Pi^vA&@| zR1p7gXg}8=3#oB+sjmG}@uAJBd2`n*zWT|RS1J9NCwBuBAI@xLXA^UeKF+h+znwfy zX27sq&OgzwS0|BGdDPAS*8WAFg<0Ms#{?pxvvlLs;+fRc_f>;QjwEHe%PCcyrozOz z5lhbUg*`V0n_qKkwS6Az*VZDB>wJTF_vQ`RbK{6R%cfiSsp~iB$Zh^Owv9SWNb5l?5MZSz;?(Z*r9~4t++@jo%vopa^Tde>7=DnAN!{p8Y%5 z^>1_v8Jr$vqXTN5bp`DYGj|_EXxDzvyV1kc-(B-D@}B0`goK`i`RSdxD>weH?%paY zuBPkvg#f_<1W(We3GVLh8r&Oqm&PRlg1bxOuE8BbaBUnKOK^t-Yb3yF@;=Y`_Wt(G zKI2^MGtRo}F_!eInlD z_ncFUJsMG#vbUtYXR#0(n(I|3rs@@1t@=~1g~gNcSy}63M3qr%vsJAVE@pncneB5e zqj<64rZoW=(^y8^1wiHFJ%P6TI_eYqATtfKP4EPJf8P(<{e@cEgXCWDn=2E4k$Xt% z?6AAg>grjqUaW$72QRAU0El$Wj#;cN)_ScguMr1BGZ_?rZjMK=C1<$rNJLP+GFDqo zG5;cXegIof;8k1Rbl{_<2^+>I2&qt=R?4Um*%-UNLyPoVLr{{e8?Cky(~xiYWZww0 z&)wx|sF+n7_!viVcUm4hjWj+wox)!XNurdy*{JllQW_T4{UGwjcqYYy{;CF&80kt8 z$ELq(Mfz$yMmW*(yYW{W`-*oUj0#R=50x4`e6O{zrt*c7WkDzOX0A`EX77UOO#Tes zp>vfjEpBpsSnIPRczsP{;q!})*62Ot!x{eSCMM+pS&7}Xcx2nmeAR@Q+{^?inE3#(lLaiw?bEz~kM6cUL2A{Q(Lg zM+{vg-Dk}C_@<(wl6Wgic_|>fERf!mLt-RwMC+%jw)Ms(X?B;k@z4+ zXmhzyZ}@p+U34QvE+w2z+e)V7gIRf0V*945R;J(11(iZ)3-2Be8b|k%w}|l12z+hO z+cGWC)6+~3FUyUPU|Hk^dDkP?MczsYRVF(6#6`2Q0B+eEgqPZ=g`wIO-QGxGmfTi7Q)8EK=~>Vm_%a5}e?fzvOnaol@6}Pi*+?hw4b=Kayh=1Ek&W(1 z2+?ZW_C}}NC;^t$Ou~HEaRXL3E@a)fDmh$sg8&t6uhB00n1RBuoS5x&dYTA7k+F-Z zQc;y2FP?3mK2C`Ion}L5{J!Yo8|}9W{U3cS%qCyZ+2q^J$z**gY0BuZ9cS3ZkpjJ% zsS)pMZP@Z1kVl`UmREj_)S7b{-tQ%!rnW}3yiZu)?^8TRmPq(G{fLr#wkIuTL5i+M zCW}k5Ra7ySNNPA2-R^O8ethE$$n`fjpj^S{fc%sUu{NhOrS;GE>F|wdMpW14{D^H& zgvu}eJ-I;e^T}9phw(*s2px^KfrsUk6G@(@hzE#7NZ@RnwN+=NP8m0fe`>HQnjz?s zWkXXGg=>hEqTJS`LlT65K~(#(M%`&_Kqi?YKH-`(HmUm7(6N{?4wmUZ z5CMzRwZhL3w@l_@EAALfG;IoeZPj@QJaTfUv)(64-e4+o@O4M}-XC4;hRFr6R}G{i zK=`hS9)$jC0F8z@RG*4Ad$xwHzBb&w_%w1@h+nTzJh8aNA|*5#=LNgGOL?-XKuCmhU!*vp=ZuDpIPI#&*Mliq3TZ04~(`0*ESO7-L-UJ=aeGxpfLV;ZqdzqT2Q69cHzi7x>y)Z(mh| zRDOW6SoxyKjX0rku62oKSKPiqWe5)AqpdIYpXPVH>vmfus5F`E)5_c!y|Hch%ayyB z4n+t}0>v#&VKG!zRy}8%VA(Px!c`Z`&3)XM-4L~aQ!GeoW!VgiEw}bLS&1w36Xby_gh{1z~BPgSwmm(Qam%rtu?y(%sU)8Rb{X5`BENefS z@lYfam4H4`VQHp&S=X5vEZ$LPYpWHDf= z83p+)MucmAWaap)?6vzIQf(%)Rfe0cUoST}>z4e>G8))xg1Dc146RSuJ7|hk*W7rZ zJJq&5#CIFPAmqU%qZ~Hc@)2^+i<}D_q;=ZE@cDODsmxalCYDK(ag-Jyt)@~l>Z0!0 z z-$;V?%AfNwl0_YF(4)jn9;^Ms#QK4`kpLB#!RJLor7!*P`Vijd>*xq z3VEr6P*9tKjk4yYVs{}6+3+(_1`_PS?T@tN5Nk_gc0n4<8OPq*qKlio^(V z<*aePilODHJecdcfZrRJ@Xl?Mz@^sPN1E)SN-N>=1*K;P_sn+G9%}%~00K zQ}GJV1c>_K;?w7K*%Vk7^CkPQC9dl`IKGnHrVJJFRv#?c&kY8cDU&s!*`bB zS3IDiqV>Utp;T-VlR$$HHiU13)$m=jyO~099U2mogc!NH+JH@bw5Up2J|?em*ne<0!1#M zqwJ}|Chl3go|jUeA&ZTth9uMEBl>zB4c=B0ev=h9YIB2C!kqV;={Q0H0X~vmm6;iX zt;BK;QYCG-C23*zT0jA|ZCQtUZyQBAPS&Qpp02B$5l5;jE7@)hoOK_mlo8=wOTR!E zjol&0KWMeG2g(Ji#dl{92#d-fnhv~Y4)x1eVP>$m{_%H0H4hLS_a}PNu(g0%>^pe> z#*~{rl+>1y7~~fu@;72CI}wmq9MtELF@jY)Q2Rg_Qk{z3Iqmd zlUIx!RCWyIA0Hm6{U+nDN66ToOV7?+Z#8tlkT3sm6EaNk_&wr4?@zR z!9*B90>i064?%yqp=(LryASY&MvTqPj^m&Mo?4Vcel|h2K(jGJ0;gI+-}!p;+x$$D z5H@}@=%WBf;q}ck%odq$IVg5nTja|ROBEEdUmq+%0(ZKJjIAA4b+PfMca>Hj_5a*I z_Gl@qOr*d2{;Pj;V#dI!ge|mEZP#Ar;$$VQH0%UD#a(msy`sXRAgpqo z(t~(QXqhfTaWzZ4U-?IzU7D)kDn|xjo`uvU`uwp;dx1iW=T#^*GbXZ~E?Wm+Il z8wJTDQ7K>MS}BZ(wOsAcFAB%DNrhK`+9#rOa<}x_kyh$pSnnJeWXaSJxUQLDur6C< zwbY+W!W_v-oRNB)=wZtsdM|dVmtvGr*g$CH!w}-wlrSIzYlXD4X(N^5{|O!4l+hm z)oKlsoHV-yNzxHuMe5xxy>}4IRAhFYIzR!-Zw=)GV&>9;ajntLv}Y{9 zza+yy_3&#+_65vk@ha|r7?0FG`u2O5wqIT-309GlxeSS^S=mg+q{>5X$lc=2fB)gm z0aH~1)5DVWth4MlmnjvCs7x=#BkMCk?)w=PcZplL3z^;5-tVp3qaBcEN+OIqdlK^z zygir&sjTbkkCEXI(viv*lAjO&4DJQ}$2VARQw_O zF9?2zp~CVSl9y*HD^^dF<4D4tXhE?3Q00ZrI#GT@{$QO@md~yWXuxVJ&V11sCVRV^ zkm=sztGAb}0XI^rO>iUVQ`ld_MHFFE%zuyncU6nOclm!>>i9o?(O196+rlWqK+n@v z5v|*YEs@8#=Q@(yzik3SgcW=kow{|o+)M%pSzz_3V?^k#kv*qTc8Apyq6{cyM7ofz z&GeCXvl?uV1lr{d(b6OquosS~#e-ZqgoR@u=U=)Ip}=G!jaaY_(@~T+^@Qr*d*Zo$ zeUSLFV2CtvO88R7YQ3$;&Xb0By|NirbDP**DptC;B0lcg7TdCk+?L9UkH@ho_l=ET zSZ>Ra29JkbgZcX$1T*uSc>aBsVuD_%R{s}F-#A`n1XzVX==!+?r4Z^TDK@_?^~3I| z(Of5;RAheMnlo(owD}mDEf!i)eU7?2)bQX3>e^GEMHrgB zvKg(>G3Tt-t47r~b~Y0PY1h7%l1-|K9YRqVWEn#qiEv)%;cca&o}0HJY{MnBYsnuTv{ zJPX+ZJch_Dr_!QB@pB0vo{uFp7me84^X1k;203p}z)XvxcxU6hW?E_CC*2N#mUjV(-|#iA^|=}JPVPp^nRTuYI3d{ zzia&NKbZAFnY~ zxEdCJ-e@BCD=x%WceqJRNQ2v&3JkBL4yD1{kxeVVOV6-m%9f$9Xfr?zfEbeHA9B&P z5H_pvtK81nx4>|wJO^mY4AV`H*Z8bX)3!jv>CoC5=?miL6`dL1+WeILraQ2+^+=9o zyrTr6NJC(SY%6~a=BaRt<&#zw=!m;6p}uZkkJ%v;;HVz^L$IaEt0gqJ{>7ns*naNA zl6`YLaeLt1Cpuy+l`#$2vKot4sY^Bj|8d zXy%%QSu*eU=ZfAAtgu?0BDYs%zqg#M2ZeSE`dWB+c-WZOik=X+TgO4=&;9~gTsLhk z9zO{_YrEwW6Kei+M-qZr2{DXRX!UW#e{z<4=rwr!Jsw+`rV9EYg&8y zx?POM&5J{aw7DZ3{9k^5NS#|U0MHyX-tVl}tQ&cRw*tW=O9J*qZ=bH>y8iI2m6nj+ zPI_MqHIypHRuuk)8OTwHh8jlxSSO%LyGaWluYq+ z+NEib8Y`_7xfTWoGZTG)?l)=5XnF7S{FhH+tCP!&txAFFzzTv8zGz&JZ|i22tCG{} za~o4=n5bxE`uA`2rj3ZvtK&=gc)-v$tFpVIE?C+JsqP?rd4f$x996TE$SJ~4?>2l_ z5Smg{lSAea32Jdx)ROgo?_1Z#n`m`YaF{R-BiK152j1umEoxGU+^nrL<+tA@)zVJh z`S9NEaN*L{Enzg76LY|p%nzb`_3VB4vpbj8y4`N^yIRMTMJ`9j_+qr|x+=E@ank zf@TY;dS@{bWT0*`amtl)ZIF6X-~;H4r$)!y^QJds*D^8e z%|JxKORMDF<}K6rRFx`7XbmZjC}1ZUc8AR$JS<}3ek4OgZQ^o}h{eSM^8jA$4msI0Se3PUILkJS>H z7?=j?lSZx5l~9Sf+$oACXI2%0yO~#x+*qI$v)z`^gWtNqYxRZjv}ilVEJflj_Lm#Z zGU=g&Kf0byS7Eu3@Vyt0iKov@dPRY$l)9{C#>LB)SD-F|mOE?NuOW0xKCOb)JrT3} z{Cqw@;p9G9Ef&(BKBFrti(gK3Q6kFSXQe*;ew!w_m2vrx%MP`m z<>I17lKBf=Bd69c4n?uFH5MLbaHph|NS8XqY~CWqYov9s zek4{wFr<&vgrKyQZ(vqsv389O74S-uTj7oBh#zQBoLkYI&^3)_JMIh<+# z82TF1lho2VYA6hmnYrAvBcJ+O4<{Ri2{QW%r_f9+PS8@da5bX)OYQvl*|g1~v;_Xe z7Nyn~+6ZnvuFZOi!>p_X#lOVyP>x>euNlS>j`3e0@r+QDbyQ_*%ME0}w6fo@pVd5! zASI(EnV2X-_$kAtjakkXP9~HgW&woP@u{U2u zi#Izu4tK@j6?^mE>bb?)dVri}L6gUpM-xLwd3zN$OU6`s)tI>j-k1})SY`cfsLVlf z?b(%wmH&w_&rdnCiWy-Qwo*F!)fFeFlU%?q3ocuXfz3pZ?^DaxDDIzFHws<$G~5$RpED|V!GE9M{j_>;zA>*)(J%zWR6I% zuz{ZWS@Kv~zkd0DFfU~qmg7{vCY7`-ND>vZqmAC=bkY`q-V8fLPv^%iQj^iE+Wk>9 zhy$?L`cw-D__omQD|RxeBHM}2oeygvQXKBgq<8+m7dj7^M6eSzCZ?h`j}76d!Cutr zL`jqo)HLsryiOotBYhUYEBSFxm{En{%;4FWU7*VCaprMFU=4Hej+`K zotyY?11VPlU#8HY%Ruoc?`4Tx!5**E)o?dUMY-y7o2EXwd@B3x?y)lS0Ox*F6sB>0 zF9R(}{}^GuGht|I?s!xs%`z!dV&kVidf5rW=U?UG7o?)5GG+* zM2Mw_l?aRv{La6x59csZ=@U2H5xYR3RB4w`1eLg@B*vCTK882xdQ;@92J?WTqk|Jo zbiY8Q#rb*sHbxp|2OIrvReyJzsxd!}xVZ%3l*3xvD{hq%g(c}Tx72INVXfT?pR>*I z$BOltWzd9x-L695?d{BNG27PL2W(LvjZor@xuwSN$M&sfrQ6K+%ktA-X)lnFQztwH z4c)?Cd~at|fXN*w$VxCjumT5iqyNaMZOo6?wg^V?7{vBF5KX z*>GSqPg9LQY50PUxb2L6W_L*1BG#L+>epPzkMC?SpNJ~tbqOV839i$~;Y53m$gG`c zI2Tgalbw&ny)?HsN--znAX zfd0sMd(y(NK+zQni;Xvz(}88mC22XLxDEYbpfnoT4!;S%63UY-JN*g{I~jaCUR-+j#~vM{}eY z(x|Mz$YxO}4G#sAG3(4nqvy$WsjLR%eQ;gVO=R;o2KnToB~~9bEVwndLhMunCPI$# z(!KY(At#_VyUxo{cJF}i1YFD@-Tb5VL-!wU_jVw0 zqz#UmxSSI2w<}*?*o=Xq_CR-qf&Z=E@8@Pe=vthTztodrZ7j&S&MTF?d4St}k4Qj< zN-XrlLW5I;mHwWW$$rOLXq5nSG_uSoZ?1F?iK5DA>NH)-h8RsApEtCeGmE9uS@k}! zTi%e5sAD8G*^-}_-To40{mxX+6VCsx-Sm;uzVd*7_X6}`#LjbykJfubb<2Xt|=(|R^B_7u2bmSc@k^7GVRM4fN<7s@==Q@W|6$HwPvXVh= zfC|dSIRq=8KQooS>)A1^xYQMFJ-B1y^ye(_HSCZ7d*m&^rbYk$2-16w(ElE`7_jX7 z-=mD{|J+5Qy{AcMEJ91SD}lFnGIoIZz0%8%dUR`5ssH>t=kaH~>lo~;r&GYwHZ|tq zg?jt@z<=J0H|OunZzhdQ1*51#3tcf#m3s>pH~msdal0d zbSjDo1!`&k^9Ww$=bH>D;LcrG{r3|&|F=)<6@L66;_dgea+a&g^y6_yq^rx}L3Z%B zsYU(tv*7iCVc@?jV?P%v9c`Rn{)&LDJ{MDi%W<|+{ZqG<2Wt9EaGqXdB1CWq{Ui<9 zigQFT&Umc?}vwnGbvc7LV6@N+(XO`%WFTa&wtzZMBdavsMik1cz%m*JmhgiE&mt%c_?Wh zeKg)=^uTEWaFcE7jtOUo5^QfLA$~z1L@SjpMnsOzj!Usr0stITHG@wNM6D%as2aYn@)ENlb|P+-vY}niI%Og7v81DHNjKxzk#nfFLO$;02^C9?5*LKNI(Uzr zU*&w2QMKaSkLU_AkiTbLrxQWM+274*s{lN9Iv2+ZQXGi=z`~DXMU5NZX&t;UxsXE6 z;Q4Sfx}eN`=;_0|ulnOyBW-bG&OS1YPq8?rrlw{U@T~XQ=^Ngpyo+juX{70jnXm5| zNk^h2HeQFp!(IQK<92e2{e-4vC3mJnTfzdN-46=HEjCmET8q)HC7;jVf+zZQLxG8e zCnWdwQw}ULqu|KBxw68RKNS)Z$6?w6b}~o1-dszh27R9ICaG{S52;SW-Ln!q`0cgB zOxw*2LwEZ}&O3Jom@6mV}mbVyu&Y zZHv(DX-Am8z#hk^-{f*G8{qKt&>XX79KD zUozRLYgpj|2Bsz?1~n#NqW#7`lw*NFH(&pNP4}9?%X0}ECdpPXLoNxZtGnsgrd( zVKgS(X=c)ewB{NkcCyp|sct!kaNOwE2I>M;mJy#d^tuy!D*Nt7!N=^?PtBq1Pbte) z&U)j1Vk8VC_3I{XS7#TL;fhD;SD#Wh8~+3PdS!ocUAPoTGw?S%%Qz`rv$Uk2s^Ahj z`Qe8%pE*}gMH6THS`%SG9oR}WIo1{`+M||b7vo={F6HA}Siwb1zsD182{2PIk5@be zNYxV-y+o9d*;M52^|6N7@G_^Z=;SBqs9|KY50E>Tf&B6ZUgI5!u7(^=yxVxG@iha@ zRe=Im?Q3D^y`@;A*tW2SRF#aq!H)G)ColAq5ltuO*{W*(R1|WP9__?eAN*+!4<#mt zed*|*lx3Z7@u$~IQ24dBxQk4EEh<_dB>c5fs#3~jwo4m#aZ4I%qTmtE(i(^eJ`DYo z<4{Ho_>1zFN&r)~IBV<7ec?}tGJ5De7;UaV;Fw@}P z_Wa4e3>*>#0i%M=l$3?6BBg_klLQS&n1rOMB+{UbqPFLdtkoqg# zv{UiWIr@ZRV8~LQTjg+MDJy_dy*_2(erEiITo!3=ddrZ%pzq;!*>WdvuXk|fIK75i z|Ln~t35m7R4^;%}2)3KAs>3e*Ghtf7n!4}P)-YID-wfS>Fx*uWP>l%}baZsJwUs-) zCxgux=byNFTISs+C#J8jVRBl_4+ifwNy9>mVP#_dtiV6>#vk$5>J>d=RFtlC2$`x@ zXOLz5l3ZgyS{cjZuP>?IjmKi;wn?_D^^(7O<(`|_oZ7iM=3YH_nWQc;!CY}SI^QG% zGr{psT2)s+;*7|S7K95Uhpi?JhuAKfT2DWHTJQXIN!Mh~Ub&loh1pIQy)4qLW)1o( zJf)TmY5@qj=-pa+Z1sYg5_Mr)(s=dps_|Kz9`Cc%CWJ;jO0}3BsRGuPbP8SjdNgVh z3da^^IP4`nPc_jd+m0!SQuJPv$Sqc70{M;HH+@Q6$b#;k zzri73QF?tNHxgB<(zD9hqPPEJ+v@2`yNlYFt@LSWICtIm&*gz<^?cj~6X0RDlIDld z!{cliU{7CMWM+=CV{Ox|Ytz~BSJ9qs)V&B7@T2Ko+j#*sJ2m>ui>cKg{*Ez^?>@oy zSveUqv%gZEy8BsbOW{FY%XNk}#x*m>)LeGu$n~3Pb9ZVpSjhZY2de_8XB+#H?4DL% z7+rj7s~B|qVTWY-gbDIWT+DX)*q=Nl)2P}jGKKmhcci-OyZOGwes|KbuIQcb6NJmb z3tG~_U$2B86X=d&pg2rBF3`{XEw3lov25kyLhh%_oP`*VCuw;k+X!gv%DtLP^6y*H zhxQZgHs-AtQHa%=`)D&GxR^e=xKE+L_lt*U>cBesB_bA1H`qms`+a$eU16PjN?T6A~ekkyfN#tiGd9}!+Clmu@bpH9exf848aRt!B=#(5Ftx280>A_{r9xLo(w#v3%u-V-NIUD?ctx(YoWUpgdW0<$ImYF9!9`eML2RY)md6u7q932gMR% z{b*cH8~95O*1IzQ~mW}U_(AaI%w{6(S4^QBfqtUjlF>!7bXr`+Tl3fd4YToe2= z+cL_0_X{@(R;Jm6yYl_xP30{Xm?|t>@3t3_sZVwh^Br8K_t|LmV50c^SRS_pRFQ4N zB*9#SayoUq4l9Ws?;Gd(PbE5+N|fW+)L2vozmic{W=Tkaji@Gt&6R{xwPuE&`OlFb zVw5}E5`9#vK4b;D`l_Qn-B?c_Fq?LQmL9LpJkZF+OQzXBo|c?l*Nt~77qzzjrU@5SB2^>d08 z(jUYm5PKCrmYb@aUB4K{r$tqPevXgB%dwQZJ%=X|3r*HCurF4ou-!~=AXFcXbw#8% zB@K^KcuP{Mky*JxnQ@pL?`}e>g!dE2_H`noiLFA!Rk#PbvI+Luk~P@y;ECIp>1Nr_ z#N1qx6h`rXw(^hN!PIj=#`52@Zg;V9PuEezjIp4Xqb4t?4-|QW9jo(Z1LgJh!C&`@ z6mt?L7aS&oi3jKtPN@40LussALa3DDr2TA~Wk%2rScOGn{@;j>siM?9L zZ(~y%MSMk92Lu_7n!^{FBb;Q~6(GzbGp$ba{8s;HPJLQEM+NuZ<6ox9Jf5n}-q)a{ zFwmya+a39EnsgUQ+6>U?oNdu1Gzwdkd?q-%`+Wi<$3-^_X9#JZEmUw~Y1l_KTY$p; zo{rzM@1A}Ybgk;}D^`W3Laxis;d8V(KZ}R#zittfQ*p-_c`e4Ou2Hd6-EsowiX{Ji zw(H$CWoTsv1sy;*h_WnxM*elyAyvVLSUz92;$vDF;{pU17rNlBWcd!;j%c9cW!T+28=TG#$&HtP$% zd;V?DGslIMfr|+ofc(k33ZCueQ;6U*J#)ZGDKYt2Tk(wDQHjtlc{$)MthqK4U6DoRZ1hDLiE0vtN zOU`H}{wh$i#%hj;x4>JMf_)6=fCdWG0Ck;`IThF4*DPn9hxxjl)=F#(?N}ucRXC)I zQ=Kns@I=QYwSTVrhz-l2feY_nTNR+uRev_^15wR?``hkAA`zJV1I4dm)#*>l-oNt( z(Thm_%?c`v(Rf27t3WVQBUC>gi9?qxi_vJ+!OqYZ5KkdiM~m z<7ifJI1`-3>Cnc}?QK#bNIh#R)*6=lK^dAM%h0bJHbVj!Zz3z9%@RDoS8s#!Y0v3G zjoR}4v^YsXPS7GL->xuXKQc2Tw#uW1-Js+es~eNiVR-PahMtf9&v)h818QxQJD+3) z)MWxPrihDi8kavzcJ4uY*a{|HakY}8KKw>C{or3p} zXs>JDBt=tb+WH^vz zUdqMJzWXga_ho4&->BuM^OH4ori27bW*GIW@kR4$w}#LN1YL*SF%1-I(j$6#zNAeK zLid-GlkG}^JHU^SQS}IXUT5b&^n3h23eJn&S> z@#`edm2XP6;v6VcFf-ik(7x-_DRxTB;IWt@?AY(n#Vu_|ei`sOGw~#C>KyB40z~={ z2Av0Hp8fqUx3q14OTVkDf=qx^-p!9~F_qO*h=8c4$ehlkEofn|>d{O4`lFD?@bS$- zf_;qo`HNbRC9u{=i{d@#_eM0ZgxwdWJUF1_a+gmX^iOh~?24ki%d%3i^W;9O$^fTA zG^t7FW@nRHKu_g!8nX&Ds>#ut$qIbSmb_$2>9ujkTGHEk^=B)g)lfPH>=q+efgwf~ z}E<2FSYZJx#Bw+yJ4r3;sQ(#t4`Bdu{1RP~rbK8t+G$RlazAZ??H zf-9V|tUT+LPCT7a@dwwZt_GW}$R1f;!xmNhOcKt)h=^mNNaP5*PD9Tv_{n!4$%Gu0 z%zxppHS9!IugWE2tTz9(208b4%*-aNZDrFO7w=DgEv+?^XED_i#}d8xOx-D2P)Pl9 zL?^hvG%ZobH7XF4E$faRyJzUTaF)}{-(AA`d$Mw(g|+CiYHv)^Nr5kwVf4p}92Z}~ ze7mvnH&lQjw_pm2s#-b3{cJohOpa5kJA-%_FL`rVykoQBLcf;whdE$zVUkzC$5qc( zIG?DrjnVxzU20})j!kwcibJen;;9AvPvd9e8qs|EpT8xX`r3`L6s3$bBN(9P;@LZPc&`IXA}k0sZbDW_#(ZWf>|FgGV1 z@MA$cYKKm@&i4tF@sXh#vLwi?kzl{Hr zK0nsm#LM)zW%JUnu5Wf$QCLv`iVvU$U*E@ZIlHUz`}$&+A4S;>&npfXUoThJ;07-f zmt5`VCETufZ_#heo~>FDN);%vw25yK574E#HcmJT5%B=XA^xZBD?hDvU77k8?os3= ztJ79b8@h7vTTE_Xf=C@{O>PmBlewk`zxkT8f`_BOX#W11b|%@kELqw%yudDAjl(gx zWsOrfw$EPupm6QHw+5S|$o#KClz0jTCC|W?Ls-!wntxlE_^sJjtY7A{OfKK#=m)AM z*8#0Fs)Lt~v&r>^>462$3CtUNve&Q1@oXr5?>Zo*_w zi0%3AXnt^&X?X+#->VR_xmLx1*T_M^NdL(?^KwKg8F<$vwUoiwkI#GA%1e?H^A${G zVMk(ReWp#9$9y5k{lXUEKaS-u^L6fgwkEh(#yfVN4i-4cZyGPY)xG$iZU>7LaBwmy zL(nHEVCseELr)R|V(J|J|t)MxSGG|Czd6{n0i22WkK0 zeLgX@=OL}OOHphsKwhHq@2d5%(@AKa^E20j-qC)x`JZ#&5BH4m-f_mcdkiHzS$maP)|_k3`Rt%qY6>^5(O)AWA-SQXD62_A zLOMx8a!&KgdEz&dtGFA)Kj)k^6<&}O_upM7-dwbLuKJvWq%7?E$=gfB`>XF20nQ{O zH(SsCo$CPRnG?UHaFKiMq6M^caewP%L89PfVd3Cx4RkTqxk7y8%^M}z=h_~|+q2Vp zRPGt4c)a>n)d37mE@8V3Htd5LZ`MuN_8l2X9=lf^i!@$IVq~FL$}r7%Oh>+$S4-Wu z<`%~MfHL(-ra|8wfjdGQx8&q9Wv?=Ryd^8wa^cp;E7z(A)qT`mHwvT%XRmD^3spVV zbxqlv)|oqch5zBFNSxm9%l~7Y->DQp;_v%QvNYs>eSY>f0(RlA&#zvaqyBC}Me}d- z0J;BX^WD8R(j?os0p1Y#&ynT9r((yle*E^TI!=}mHJiYV2W$^Bt%L`vf|a`>8+ng* zY0`_%H**GXF`o7Bzm?ED{WZ2f-w-f8D0OF?*?a|oaL15EXCEJ9SVt6Sq>YL{B{rZP z#-Kl>!LkL3`^|C9#$mLL6aj37B)cykfJx7~x$jNjLVWF?oe(VQP%7~|)f9qfKzi_a zyyR?S=26t$i{_|I1wDnUt0PWKqwZM5hzzwm)v0C$uI>FaVjB*x3Td3gPqOM=V*j5y zeOztiTxzmrcL+MJ&se{u?4seL_k}P2ss}nTlGO?&CeH#^m)Wkf)@D>dn$2w}u7?>r z(40n6W&N)!OzFNUq61rMUL*CZaGt^af;Db(_PksoWwD6a#8&68t{~G&j4)s5?KPV4FEl9TrJpu zt2zJlpoEQ&=QqAXHg8s;mq}{YGK@ARCf+p!BeoHT;w3ps3l~yqntF+;IWDFX)i@MTSPo_gP>-66U9Df;o)ZgK&|g>7bClv3aw zcTg=_8*jy`ec^!6YR@29p}}p;+p=_6Rv?e6xaN(?C=3%LKVh(3TFXeG^*TECE(SH} z1C@2O)=WN-kO2M>-UomNR<;n40vgqawhXFAHkb2B;{>`yd@?Vp%mZ=)xO^d7TvGE_ z7j>MEAN~~f9%lN)(3SmDZP8U3o$v_N@2$zq0{k)OJ^#UGUmnfm&?gvf4*ii{So|V1 zhrsn{{rOOc)jmlQT^(puM^g6m+)uhB&5I;;5C7Jkv*Af=v_{Ou2FbcbT)j~_H=LM3 z*ZiJt0!Tkl3CVa31mP#jbtGWMkY&&eHEh~@_^#`Sal^au+4nKQ9&rxi@||2kHEs19 z803S`*6T0o>5j5mxo>Rd?ie9&2*d9Cd%uKz+d6@><=@o^Cb_To5Bo00AYP9+tQc4( zK5qOL+s}?YeDBxkj5^qqge3`&>+0#10P+%rud2)9=Zkn{ZX{oRzMo2Y%;)P1CR?nj zuFdf9RxgmW7rDla=&BzU(}nk}=KJd9zn3qU)ngn6%BZR@og~qUJ%GMjoAs;Z&S5!P z8^#yhV`!oJ6v=P2a(8-Q-OiLv96Z|s0?DOKh6 zh5EXeC^bjD3`l9~FohgqszT^;QNy@xt?B(Vt5H6Y%{Mfr(l3xnRW_Eat(mEYMb?>@ zN%lhjR5L4rGX zPoq4Ui-h9p>vcF7qhZrZprV2<+P!*{j)KHwCZ?S_rv`$0$1;$=q1P}9F>3=|7s@X> zPg4GunR#}ga&uF!Jgd4dCMZ$F=4h=*Sahy(#K1t1CMsk!UPC^qKs!^YdTpl8hF)?! ziwoh~Hu(e`7>987!cO=dlxBLE&;S#^IL7DBEw3JwjdG7n;5kB|6}Ayul-s|)*40gV z)=!^IZKe*iz1T{?;Z&ssKCxmV#Pd6yBvg&;_NxCc8f$H|)FK-+sF`wl740>Z+t zQm=T#k%U9)CwHL*2Sh2yhzDh#f;7$mN|+Iz+RI(0KDhoC_P_u-eiGCX1)G+Xvb?nT zi56R2BIq2M?Q;B`;lV1(1L(ZXVWipEL)E!(?r(+ShiflieY=x_d)-j@r1_vE$cE&8 z3TmD}cn-gHgCrgI$Gmq&^MaXntn=XW_2X{G2_|P!fBv_H_g6XmLmj$5TSGXz2@Mm| zy)7(*ngb`pS-XFl;l{!^yYXXpRlG<<+@q1u?X`qH=gbI2qEFIbb`yY3`v4@m7~Oh0QCnDA5fTrUw)&=m z*-fv91Vm6+VPT=Pl%qO!fL~OPI?wk0z=>S9$z1#c4EamnmaM`LN5`n)TjL~hi!kHS z&V@_IHkQ%RI$R~i(yqtZH6BXC7aj$r&1n`i-HBM+$V7OBopQ?PU}8*fLRk*8)}@B5 zUf&(2X6+yBR05SYzCGRx7R}cEF+jncqE!YuF54NZCEWFZhs;S?`p9*+Y2o%5H0#Q% z=es{OjQ2YibG#aVmYQ7%>YBNhXiJXHVd+Ej_CIg+}8=d z_@HM`k6vm8O4Hw9quUTHkxtx6QGQJWwI07WNp5bl-`gI~AvshB&6k`Qo}8O>Dm@Tc zaF2LlXC~#hF$49>k7v)7>*e6szhx2#_luniUrZY>HpI1$p^pf87KIJR-3KmGeO-4& z2S_?op@zte z%irWXH$I)@o!jZ15wM!AOiU25e0u!7Xd)K9b0GXBslY`R=sWS2mOnRVjW;fKuscZS z<;M2sxmW0y&iogR%hS8-EU9sQD+zQmVX+%UjA8&yod-+%iHBrdJHYHj7@=?>V~I}9 z^*dW$l+$5<;o?0%1L!Ln2FI3Sd&X}a+Z!Kru5ip^K8@!7Dn0sgC^ixIg$hHi4nP~y z?QH9PmwQxQC8z%0Ij#xmQ_pi42>2c_R+DJ?qoKisQJsw{Q%pmP@Y5`_ z(a*Kb4A3jrx!C(C_qH+7v)m8sEyjc#QWCP~Sk33T34Qui6>-rc8LGK{imgEKy{ALS}IRuyZ zVx@rcsK=t9J4jMoM5rX1RpwVV1H49u=xtn{yPn+Z-rNUb(oBZSu%gqZTh&VF2JY_~ zu&WPh(*{TI+$pOge3B|DA9inD`8=1e-trc6L#toa&jZhlu`f(%FI=15Nr9qmG&$lk z29IRsU0x2yrbjP>QJb^#yO z#jq?b*(3c#fMv9S9BkjP@~97iFwq^7@;Ch>Z@XR%#wZvzedN(?f!7IQ_bflI!z#>C zA17B=Y;tEOs}ygB7THtPPbEV#!EVNDx49>YF1Sf+L81iww&VEVIq+_S&Col<+|2q}jWk0!e+9Jadb zkK3+ig~{kd6=3BH6G!=;Xn?fhc*xZp;}LYPiQ1?x1>3wW$R@Gt z9A!9o8JQh*TR^&ljC57&5W@lZ)Vk=u;3xoPQCa2?imSLav|)O+%?%kb2jXKOU~^|(N7zFG_6p#{y`{zZb^ z(Iyj}A>IDpC!~UtCu~9L0Bd~VdZ|@OfndJvkbw5ec;|YIf3i)wo8R#H{W+!KSpR6D z!3+yGutexei?ZGwCf_}`gSryoWl3$z%Lje=`KbJJD~rtqlKw?m%3qSj9jQ|e+^azj z<8{3vA{MSZ+l>vI+Q~i=$~3&6lL3vnW5tkblV+)rHStUdh0?fb(w|Z%D0%qZkGAyA zVh6n4yD?XhU6R&x{fn+jRrk{;;&Yc&+HE)l`?2i%oRoX`UEf0t`gX+HjC&2!CQXc4 zD}lcd+FM5&R4vxZ+6K-dhq{(ZzHJaw4z?*4MZC@JQ5k4%8c5MR%#%>(u%~)M5WNyLw4NZ!?HfQr&>#Oyk(8`p=2T zHP;cQq3GS{yMaimEl$mYhrM)D`+=j<{I&eAd!9Jf`NpWdr${RwJkryuFz~8k`l)6F zPQ3vl?c`))Y3^lS`brEm%_6n=`tEyv7GOU&Ph`ikvgsD|c0!=LW^#i}k3aI&;ZF}B z6>x>gu!=N1#HB0TXW21Bi*`;_50&z6WUgnLQiU~@1x)**zX&1oHZ)c%Xg9^%M?p<7 zwH?YfqMQ8gTmK+>H)ZBi>}|tu{twOd%(h3~4l~sZ`&zi5!*V?3Wx|kxV_aX|XkACb z4?vM!N-}?F{d8huOk*rNg$*GUn)7tYq% zw}zA9pNLyoyjF^_K*9&QjyiYeS4M0v5L(5z-s7=x$)mY%{1WzgA9_Y0v>Fd3PP*R& zxv%Gb4=8G;dj+M)3I`hS*N%$@@uf>1hS&Ef-ZaIoi?`h~=SU$~O>Ig`@RxEO5cB z1a;!Er*0td7)~kKLb)I}9B6Xa4zI8|{DZsrjPM0dRgTH-9@N2nB85+HLVcCp@~I3( zS}k{2EFgKJ)oD>?Um5E9Hdx+LY^(Ou9CY>SxCqvNUJK4BU%8G9_9X&&TH#JQFIr5IF0gns2Gs!dRLxqdnv0yv`V2WN3;L+-)T|Ky;rlGkbE4zVF1R&XU0s>W zufUbkTSxFqqpqa4?xoLKUVobRV%Who0M*2XU=(SvA-^xM9`yhn<2n~4-di)|dQ(-b z;&NY$_{+g}58n4b?_3B-H+qUVAjL3{Qtl;0yztvtmgLghbKK?W2JM_=wTJ|)3)#kw zv|P5V(q=V0_NG6G(U>D2Sv}c%vc}2s+I>F9NRBS(FfHlIa@sB4NU4*(H=8E5ae6vk zPMJ5qh$1#z-n~>FvwCy7THG$(XR>C&AhbfdsHUXokl8*%Drd&$lf*igX^FzyODDU6 z?WT&a6I!J$?`rwHmlS3bRcA`ne0MED>+6t$fUjC9w6z~eDcIx*RduMc>7%(P$=WghJ=K9?u{>6N<)CIM?)X1mr9dzcjqAk z*EwfLx#rsTn|*5{>7lLzZs^#@n ziSda~xh4Bwv8#t_X^(Y+bnZnV7j2+#sj-#+X~EyjHYIc}l_?~E2- z-GBG;^X6w8`ACaL+w2p1S&=kvk6JgF4#<8Mll3odG7ONJ%;py`w7dfazt}WTjcQY% zg&*_Jj#jNDux_8*>u$OjpZae6*|x83oG(v*1i`%~@%D?&%j~x4a-CAVaSk?ARu+pN zJx?^L)~Q&Lzow#D4%d?Qj5Qu4eRR*j3F>&0By_XUl`HTg9k%O+OYyVP1yFfQ%@k!n zUZ(fO*wihp2VmOd!UR2+9pp`n80{kDl(1XTxFyt-Fx96G@aeOdTKcA?_LWwiiPVR`^7PKm z(%l@1JiZ*C%LhJ;-0Z0S4$m>s($NW#{DW(2bC;&^N5*Wpj7;4QV_FePlo`!e_igMbgvY zyp2}uQYKPA5oREwu0u4|-^rrBd-S-W#m2qW5Awrd*AJw|Uv_tM z>Wv9kvO-nZ5z~hC1uq)gSoFnmo$v_Z`u0fB()rL&r`9)!S&3r(IdE)0ZOKnMU6_LU z-&)s0@Di1V32rfw2Qh7Y@v-Q|G9xf>uUQg1B|x?ZLsG$qd=${Pv1!;-NlOU;+uIH) zmhNC7+JWgN!!(l7AX6W_CrU*YausE|)(TYnau7DYrEpW#^NE=XnrsU{QveThJ5i0} z)F^7`@U6{!>zwT?6qjo~q5eSBzCaAAA%J~>Y5{wXCw0LrIuctRpxlp#Vx_rDO6PFP zP{y~qU&GwMTEVL@`;rprdG+Nl#1Lj*++wHclyH%9b>ZXi0w>eo@jDkOe322EvgdCt zn*r1hOC9Hra!;uA$yS%p{j%vdTN&Q79v9y>HXTRw#j{4#2Y7q9F& zeytfK$MYWYB@7as;$B=+r2_#8ah)#%w!r{ShX;?HC%cNotU_qrc!7MBwb0Y1D4(Zi zfj9rSZqF+Nm}lZ=5wrB#@Ut9WgLywPHY#cAER{(@b?HyDfp<|)4qAK{eh0$Y#QxtW z0EvD4@8k>r8=JF~`e}eoZB+YiNrv!XU%kz}?1B~XVuGy`=g&#Y!=!}s7{)>NS zUHvCF`cuTk5UDzy3sLoe6qrFu6#??<%l$w38xoQy1`#k?RbsA`@2Iq*Y8kYmuP@FN zy7BJZFP6<|tnnjAF`uflk%z0si&sVcKHBu2g~eLfvjDB!H?AgYh@KSKZ`ghNY(9+WgvifgyFKJY7z74hwFWDi%e98@ zTmrE@VAGvLvV}z>amLtl6;qw?SkxRjM0H7h45)jQPx)15v zoEm}z5{h!k2ZtP6X=`(Licpy73fX}sY{n24x~An*qQZs`b`Un^aukp%5#-o`D0kBU zZ6RqpZ&%9NU5CgR$*5r>3k;NSHS*&haF~ru9Q=+MZThuP0yX5#EtXt8NIos&%@+Tx4gZQCV?9^KBLiO1Fe9 zh}vA^Q?0AwbM12p2RYU*9vFf{ zG%;f6jB^^|ZfzQGW*%yQPkDt#^l9GoG@NuYZ0`xx7v0X56yikO#_pHhVAc8(nt{ru zg5s|5P6Md6i<&N(VZ$8aZMk{$kNSh{T^F|A+4m$`pkHPxyKSO#mXz!^S`Zi$X(n?5PrNf=m5Hi^B@+{!8vE&q~3cl4{kch{ULZH>qU3D`Sl z8oD~jwAhQi7we7reJk?!3z?;ys){wucUhKu#`4Z%EM}{z!96cu7AC<35f}Pzlb&=g zfOCih)22DyuK6M6NG_sW;ZdR|82uQmKrqTrpbeUEXQDLQPJ4|}&z1g~ml5mhqK3Uh zSv586x~c0yk+0oDFV?_8U&aZeq`aUo9t}B0l`qwOCi6KBa#hgQ1UT)KAYjcS<>-!+z%{o0OS ziOtOWRyEH3EqL`sYtU+d&Q3H3cwnzf8_eea9m>_^;#N*ozdLB7L0{`Vj@Pa%di>>t zJ$huN$Z>TSxGJCN>^J>B9Wv^!mDCsVOjyCN{UBnZ;KI=WIJERXR`17B?s5BWiS?aZ z(qpkuQc9>$Vg1u|-=-hF4|Fw~irRHX7;C+n5BV~5uA3YOphpCea(wL3jJ37iKT`9B zmOo;#hRTFyG+JI18i46n@3cU-BXEimQ*=(PzY>2`Wh5mtsRkd$67~6HUu{+`J}l+I z(6IZAf#r614y0;DFVd97==f2e<%K$%Q}gF-4BTBWXlaD6?zIe##%LUZf-o3bxv~77 z9R0D0A)zK@8d>A89D%L2AujwwyL}RUk#h!i>#?dCz@Iy5kMh;YKG_WQr$-t3rN5%w zW>;yAt1Dht*;Qv)VJS8n>Q<~b#u^$61^T!ZG(_v38)vwhl$Nb*XwrecSfK!t2?be4 z7D_7>QQ7f}AbWl1jQce#HRUAV;W zcIsq1oF@B(Q-u?ZJhU8X5QQE#G@4-5JKk=#-3rnM%{=yk9B}gn$##$3+m1=gjswt` zB&-E(=2fotWT}IHC?~;y1jqfKnX6%}7#>e4QBmC5x}NmSLwRq&Jpf3)O{f|)|FaJ5 z$LUANEr1VYGc}orVPy^%E3!<|jPmo@Osee%BAmw^Dj8AmpN+I~NQ`&7V~UW25=_4; z9TL(*c(19JBlVTLdWBsY_v1C1vP2zbQFfqs*>&)r*buIFJ3ETh1jXbop3b{ zauM`|f^x;~-M~}|p$fCEVvWYru0;ivkp{KjJD1t_i^qaS8f3k8*fzSfTah2cs;+)h zJ(NtkZr7ZHVCUpwWAnz^CD#u$Ih%ZENL)5PIr-?YOV+uDv%W?l{+kH?m&$}7$Cug0 z67NC>i8?+h>a<8^HMJX3sZR-+0_C$2Fe_POv)O^!JSJMN4LJWT^89G;Q;D5MHm~Bj z@&m?w?9LMT5|YAom^;l&MDK!UwsDzfMd5Ab!>v#xKUdJC*Hj6E_3O8%IcmjL=7><_ zc0hO4?n#^4W1S}Y&#mZO0#(wDrRT5gwP;!fogPCupPP`iDlOB6ZAKay%Qx+aM-OsLK>yJ{e55c@Y8V zZnCSnE7#5;*7Snr85K33?nGy~p;y6f`TGFvjTkE8u4U=jL8FP_~kslY{^#@lio_Xyz=z^q^O!or;}G;wvi@s%`Q1=4s`@z{wdiCBRG$^eKrR`~>OQMH!S8>Gb7;o2sE?AzZc$ z+uziy-NFn({1}&grDu1683#CYKI=ekYL6c)g_b*#{8+y9+l?^YgsYMO(DdsXPYUVc zQ@+Wm><$-q&;A8o{NM;}(Q2Tw*WI_emZ(&yOwaYCnnW)7YxU2%hx+8;-XSg~#Zk6M z{a>VNN4%7dDGfclo%#ZfQR%b~c~75{t91&Y2tG#b2OBFdj2a}Pf?_a)s}mI#N;Aig zKouWAyRlDLTn|;yQ$p?($m5T>hPtoj4^%?pn2{`Pu@b9WahIN!b4c%9;6*J$fSPzW z{W1DsDI+T-{U|P7Zm`A$wInB%BtoaSGLlVmid&(qEI70z{1UMy@Ef&oIh!Ay6xi-; zR}`*5$G!^))CEVfUDy!BtOWW!eJ_d&A$h+1{N`e%=qHwYK}#~3UoIv4mOouMmpK*i za**jze(~#SlGh_C3WITL>8zkhmL#sG)m@0_kYbiy-*eW`u>NVs=YB=&T)us8XPJJ+ z!Mr=!e7yiCPy&ymt>Wi(bp_dioz2vCN)&650cliDc?E8>9DDkxpB&<4r9c}CLxOIl zeN~rArO?2&P2luq!$Qf_r5G81Y%(?q3JZyfQl}+@sM0pP-%z;Kk7yh(!IR3d-I+NN zO1E>>C82pgU4(uvjehn{=LJJqDREu6_05c$jlhVK9VrBl0@~FaMRzrS+oL2h)pkp9 zT*Q?jjys(98-MQ_!Zynr(bY3_UOF5*Y$L`0T+fgG7F|PLbB~I#WG(OIONb|(lb0jF z*XowM13lc^Ch$F^Ho9CqyyM%m*DX(W`!4T2NN@fkrSd4~>Q7{)90k%LU_=Y2#lxBY z9&LD{623~Y5Gk=*6nClCT*o(3o{_HB?N^O+Cc6VwAJeug@S2jqz;C5n8d({{Xl*=b zI;C-EJz_?3<(4h8iRliZsLM$*^1hb6knhjQvoVbsi$Qo&GXrF*+Zw%yxdXBwAlW@r6|ZI`N-83nt)$Yo553JzUd z?Va9N4I|9ZB*L&YOf$O&n;D%Ago7`iTnk~ZQ-y7o1RGZgl{0{FmM4+wBgP=Bhh@C) z(&5|nscSRKOnGAJG^gOU*pc!Y5mXcX{2WDEvWf&nLWPGLVLqlU(J!jiFAm2Z5#NwH zab#io%9q|R5=V$?OOy->RF_3A$u0y+su_rs!Go9>*H(8}zfjH(rCZmzJ#uCMIlgKxltKE;yV^m zsq?tOr3z+yew{FN(0UTFrq94=dV>4VuHK^v!8kuzp;qUH8e-)zC+}TI689SxxVpZV z46`cetniq;Qg1hnpAo|3epP0wm&Y1Y&7yDCx^RAAsx?TBKvNCW2F(~rcDxgD;Yyvo z+VnQO!U&(OuTXOiRkN1`uJLBLfepPiZ}CX%w8m9IAJ{oLbK0$gyfSBZpO@bFVtcIT-SFyb51U%8jo@! z&QG_MJ{1aZiL^?E6t!O3WKDmU(Km- zRZB$zK&Hb-X&w}(`7b9ekZpM*-dURctL{PP63o@r9x;XmJ93Gfa!84JXq`+O&sf=K zxM!$7!Z0u_$D`V|3xlRF?9GKy_`UMGy6e&c01Z^+s;35jJqgSuPgOn9xjAY-`qfXG zFh7X~%4s2`{f^BGDmqlMAxm6{rLCYL*8VF4j}JEZeu#c;o{fT??q(_2uaAzl&a<96 z!xCajn85>zdqNt<6AgMwe31>KT_m}nW4ZCe@)#sn*K^zEA8H&G{nNdJU|AIVq9p`mvCqEMhbI$`R*TZ{PJaHog zGoAZ@XEI-%l57CyLS6*%D#(++&I~`3g!5{#lib&LyNQxOB@IrN8Ga?FcgMx#W!InG z;@Y7U{dnQ8dpjE+-CfJ)oT!)zL0QsM|Hwl5-2fdet<&;Hg_A5Hy)uO*pMO=v1&pk4 zEg@z#g+9hFyLXm5H3$gr<9AZPkQ?oHf{Rg%bIHcLQ2zml?JnT1niUt6=g?D z=zX)$iGbT0B^G(Pxzz zNE;9H6WcvO4TQm;$_txCF9X0s~xOpzO>YIrZ;bJs%Otr z@e22vn|F=OLN+h1Kiu)#%nU;~&%OcMdb+ee-n^ifD#$yx9lwyK+Pa#lr3P<-HC7e|4H=);wHDm7nPiGSSV>V-OZ5 z7T}+d3lMT=VNL>m0J(x5Rd4v8dcJXYZK)Rn07Zktb)-NR_x;&8Op8h*~?}Hj0EI-Z@;%@owvAntMB2t3bQ+6zM(de_VQW zlTQJp?_wb6w&!qk$o!5^F%D)$*Jki>I!~#4Tyh&Wkjy3Jkouaq*Pjx?4qf6-*n)%% z#KE+uvCIbG>f|4L`vn2|wx(seGCt<&ocumfP(SQ(TZvnplczwa`k?MbOO$uusLVPY z-?_&1^X0fSwXiM?Jm93cd{doCB}kodpZvJoWAX-m;FFb%SVS7ccN!nD)43oJ2?~j! z6$WPOf6L-=UC5vhYBX`q!n9X8n~dSze7k1q_^e!zazo-k%ye#Ku&TFt#T{=O-J&_x zQywWdhv}I-{D=5_WQW!sUB9*9hVPgvPuIfC?R_6qQ(l$5?GWDVhmfhfbDW*lbt+}h zYU5G5ZQU=s%=xL?8zmUD$d;)4w)|$0bow?g z&Wz?jZg(z!4XZ*@qJw3X=gPXH#Xg&i*&Eu2xna_y^FiRN~KP8-KObXvPE>g_u zUqBj79frDA&T5jPVkc8zJ;FBHU_NyNRdM8FFtk<#6;N16sEUf2?i(rGou%!|?O#aJ z4Ms>O)1ER)mW(g8Xbe1+X2f!Nt!fHT=6c^AfF&I)VB&YU5dC=8G}oR6L=vp0*uGLr zczTf>Zy{1&fs0~=rbGZv+9rNvCeaj*$Hhi-8y~~qw^3I@=w`h`_6NMT2#2$_m^RZ5 zZr0u#XvOij0^`IOpvCk}@3fEM)Of{rt`(aPA2`q!z3sp8iLuLv^lhKpbh+ozy^5h> zQSkWAu`xm#SG@eumO*GB^iJ*T8qGeXqBp7|K80>?!_vGeJ~Whe{|a>0c^fLb>igQA zFN>cu*lfaf{38o3LA!@yl|%y`^O8gOUZdQyy(OFC)vHed*AjTHUx`!&U^v(f!nNf} zyT*hfm2JQND!naIz&Www`NRiZwQ zG-qzSn3M3p!$Qr}y*L&?FV7lhJ5h00_IQq^l!IfND%@&(cvPCs*x7RtG5Tfh%92-` z0;DP5pxz_YD61$5yLYK)Y*f&Y9OAe7b+x$-MG@9U8?wvQgl$W61I@yxy>_K7_<6E# zEO55~8XPhoAGNGH9Yx!Z8XiZTTxd=bH?RPP|FlG%Lbx2&+q)s`cShv<+@bF6VKH4< zQb}A=wIPW?ZMim68=tRKA5*$7U)UpEHZb_1R;7_S)vPgF(oMmK2I>(vZ0{+sA7Lx~ z?ppVPf_R$MlracS9>yz?Kye`_HH|t7SAnyzH=8Za-PIvhp|`Zby~9omRYTG%Jp9&p z>l5N(CQUO_>O{uUa`i+E@jG1ag9Q2Iv1=EAeNXLa z0)8=^3&m~mIbkSocR0)QJpK+i!3@xV$BP^!rcTq*Nps*liKzRCj0z7uZ&VM#sSmTG zi)tw`;f*M9xY555sAd<*3#0~mrW`YYKQe~#zNb08P8lt&1mbXZ#_Wu>nJ)~@wvmfa zhNV5Ca9ROapxoM!zV4fitzIgHl=dw>*d{fEBG;1(n0f=spj>haX_rU7v6NF_XIG-b z)3dngNS6b?dvZ8C?}5ZEY1uxA(hBQXlx#(P$H~ehslXR0O^$Nl0MJ7MXd_6Uv}e@Z zeXi8%qBzm?O-!E7FlrD7WELG@&0XN{qSYX{N;cK^i2fDxpZL$1|IP%;%4CIcLP%J6 z^Bu{3fxYaP-%E@xoQ3x@wyzsM3R#FyrICLB3%^V0oui&(iR+0}vFea1BzY1QGGlMQ z{LN71CowJwyFN7T*SL(7A$MS!tKu> z)=m#mr7{G%=D7fK)CF;-Hr9oxFxK26nAAP*BOPoeb8A#spu#3Zfj2}|RZR`X%E|=G zJz|XiJiDVpQzDU;d>16)n}udQy;96&EbNsjKMpuKNJSxn@~@`+RF`D*b36KCd$X8l zmCM)EbpNfDEtr^785*8Ce6Ov3orKpI!AK?-k?}cQaT!U=)ch^nk%ozzn_FqR^Vwx0 zHJv?wJ=Y^4v5XEU`Y%umN`B3KOr3%H+Pr{VB3F|Szhkp6x}Z>eFvj|{SGx2yq?F4S z(DQy|ZL}>4b-K>T6f7-1VL6p|TfO_=*hiPzsWva9N9GS|k5_jQLKf*50UI!Yt{O5j z+AqbikdX8me*l0^MHtMP`H1!KGuY}a$??NyeoxG@x)y5gs(qWZ&#wJ8`_eALzMsmB zHWg+tyZin7Dy3Fb>p;%qR0&B@2~qx&rJqsxxQec!{QM8!hvFF94DS8G3IG%;dy5$? z$sIFY2MS)VfnQg&@hX#$#KX>4;GjScJf_C)7!`r^KE{M6JXWPSed)$t;W1?YS75b| ziCs2HAS~4vvltGnjD!C{FvJI3PONFvDlo7lCkDHnm`Y}eDb4Rlhm^^)1X(5Egbeuy zUqDQ8QE`{!GS>gOee>nv?^Mfg@FDSM%RKRlsLqA;2BWRfPm_rMIX9PGu|3&ND>DK} z;T=y6N#Tip@J~Ozx?mN6!@XjHeei|_;*V0SsDGEJAoBqVji5nfmRC5BTrGv?O6N#CWH3LF1&h@>+nbX4Ydw)=Ni;hgvK z1OG{x56OF4lEYS;PEk^5ups}8o^>M zrXRMWe*<($*d7uWpyAJD4CX1aWg5x+ccsAz#Dy>MflYQhuKW1-jQ4L(K9S}il|@XC z=gR+uIV6&VN`Od^PBWTQU87vaVM5n=(MOQ^Ec$1EODPGP<=F_~TnMt?4+)G<;B)Me z(elj1Oc2rM5fbL(8*H$51O$!zMi4(+A(HSR5^yr{s^fzWpXhza#%?(MZ=7$hpyV+E z+^&1CcFcWoD>Pu}wd?GG=TLxnKVq%^@dkgt%;n!aGJiqj;5F>d*aW2goaE&*nTvmS zMD(lyujhVvU8dKSWgfyFVDgMn33$YBKoSZ6ccKhj>RzBlHrSD(XwHP=Nvp@6TMVqk zdJseVM_8VXolPwaaPm>wcx|(OzicC+X3<-Zv+zuK-sG%LHa=RY)DQqV_d()qGFRH? zUCTNnXOHMSf6t0PgE+(?ke6_L4{Z+I%5-+4S3e_?WpbH;g2=jije{*j`tdR6%OZMZ zrNgPqh}kpr5=m$185<#HGPa4(eu^7Iw%< zY@ourz7oK5`RGWirUSG3uF(c?a(&kLuO`jPdcSqQ02#cgq3I1T{|_j8!Zs6ea%`>k zH*VOsLRe$IDO@~z>b@dl1?~)0g~y+jJ%R*?dqV6Ea(ppszuV$W5x&&c*=h(Lt&E}b zwGQUd26Nx!X}2?6Mb92?c3I{F`_&_6(%s-Xoe$0s#o@A`-30_D#)8GkLkX~a)YzYC zp#(S~B3v=>9?q5M0u^Xhk*N+I_8fJ~^W-E}Q?$s%7EC{GN}g=uZA9+$`>g@c2eAy? zDNq}r!lJy8mL5&Xm@2O-S5ft(r>T(zc3He6)cwRB|3WlWD08{0?-LRDxMf8jG78#5#zUL~UqmoUA2;@Es=H4uOq!y3sJzI;dR`KN3BfFhoIg zYCL0N5C8>J1A~2z>?!}H?Hfj)C5bx9mQM9f{Q2)UDcqOdONDhP)HCQ7hKoUt^1el? z^4~Mk9)DoGCWg?cQM@@g@2N=xym15}pkw>r4opD0lDxg=VtgKdtI5O>Ur0cScd(pM zv~!iowSLx7l-S56E+k@>Je3odb6T1H$*Jr>oOgd8i@jS|&g>ziIuMZJMKRub#4dcF z3tU5kT4^_PVj)()CQ$*VJ2Q!_Y#{lN@b}b!XB+BkohXQ7h)A)HO!AvaGX2WUP&jQk z%-f@tAbU#4F4qe{xlu6cMizl-3jS4o;T+zn-^6U zlipFxUH)u=>VHVVZ2%X03Kb#}J78HEarHOmljKl4ovUeY(e1chXw6wwu8&|hC0Juz zoD?Ub^29#Xf_Ab>slQJE$7tD3MACSD6;R>kgx|5DqKp>L_h=Th%<2_xuJ=!uo5-xa ze2&EbMFko=eUZ2#B12EQ&1g(Cob#cld#nXkg#N-6Iw0EfuNw9X#5_oyvdH>FLj{k9o2K5b+9DWBq>&7@+&zQ218CMT)N?j z$kSkQo6L5HX!%QXs2mRJq+I*Vc7R9ohR5)JCBqx9E+SFl9shF9E=6Fuq$0l7*y#X8 zLhL1&FF0V2HR=`Qr0x+xwr4MyNYzD^@g@oTWG5vqC#f?{@G85KjvN>OF5z!Zm@6S2 zB&$)XRUD6TjP?bZUEag>1{f9R&V^PY#Tw5nSua(k#&7?CE&9AUYDdr*3U#gRY8zq{ z107h79JEzib3H~osXwtNJz>xAuq_f`XcPc99_Dl-wttDgpC#hO>PKa^C#_KLMEr?v zraxULwp`bQ_l)=?qU?$^$nIuU`m{SxAG_ndYiRzF$nw2z3}zMC6LvD`(y&>Gxvp$6 zOpI#O9ZqaJ!XJf*#8(?6dAcJdCD{}kY8;)j4ef{s!xdts2|T47z@WFAa%abS!ceq> ztIYJ!%~lXUBv_8CWH|FcnpG&{8z?(|uV(KtIpCz{ZH+S2#Sh9z+{&KZVCQ%LQ>OUL zw->@CB_+m|=n8!OBeg!PSjxs2LbSi(Rh93=9sejNxup>eP-OSv1otoEN>p0=jKKVz zlR9^y*0ib}zc-5<+c682yBjwJI}r*_C^!Ota;w-Oww+{fu(h`CS>ipW3%f$RCwUeQ zm^S|B_6b^0OZ z2EoU4euX@XhT;l!R;U9+FNlWMSKznQ5T7$XbCJJtA=vVZfJ`IIjZ|hep<{M4wf0!p zImz^2P6G?9mw9#&)sAL;Lk4t6NRhDf+HQe0!St9@2<x05+c*I4z}qq`YvijuO76&~(Q z;$y}&PdEbGtE<-DQc^M-1=esIyn5_>L@alNCEYZvit>_-qrPzgn`9Fk)8qKEo2CT6 zu+iDp41>g=U&2l@veCL@q62@fa(ao?93_V)4ci}bwR*SDTsg#IGU8ib0!)B_U%1R*9)$k{ zq-Dr3~UNFADBEA{B~-%6cs(M4WECP0mdLJ1Vt)PMzmKd zElbC;v)jQ4u@|w$-fh@5nNE$O?4G}Ukzlu@dmhf67$M)DY@ue~PkPsXXNBRia;1d^ zH_x@PD%SKXwIQ#N=od)8yI~GJdmbb2(^m%Of^0H2>bg;7e@d1QIH zsZmeVQ^aN<=hH9GgBPLs455Tl;i_uf0H!;4X~^&$nRzej(Px$SjV)~lI6X&?J616I zg`vUk4eoY0D8dV^;lC=Ay({v3+bwLiYQ42yr-}e$g8-EG*v-8xxkOWs{Qb{u^b|{w zzQ+TUB(F^(rm9_h?CxDwDSKR}*Z;yt?CP~(G}m7ARQ`w5CZdekukBWv$XM}?Z#p^d zx2r8SJ!!Rge&(x`(hCOW-Ynh5mS55ZZaOAF&uX^s~%hhB%opdp!IcW#zy;+ z7G|>6HpL`fDs#s$psGsyTJC*^c6s%>#|h+ErK4GSll@gA^ z-KRjGF2&N$8#n#?5iCXcm5xh?Ol z@;sB1<4y@Dp6lJPp;(4C=O2HWl|}6J8q=>>DDu0!T4+!9QoEh!owk221ewq3)Zlp} zT+f#ld6PEHG^y=Z$M7*7BF}oYT*KsI9wdIUx}irK$4AQiT1IZ_ACtqPc%Uu&_F-zY4=bpw2}dcqhp`k+0EdPUm@Vjvpuvu&EbiLGqZ7f*^@D%0b-R(Ecg4t7j1=!@otu4-| zk@Zj&IWOGb`1}P1CRI&*D=@Rl_0?SmJzI!*4ded#@@x29U;`B=1{~a{z!ftySc*@? z>l~H`BoIEosxs-c1PJlX%`By5{zVzayxmnGXo6{_npGqusNJY&w^cufrNC|n{9r)x zkTZ5LJuMuy=cw!Mnhl|^OaX@t=fAF} zzhb)nH#~G$70$c^5vU_@Z@}+NM5^%y0Hbuec$-d%1Sy|a}b|rZYyPsC;Y91??^G70) zQb%2=)0-2Ls5e^`PTjb;9~!K8?%Z3%nkqOWl3_JgDxiJ)_DT2mci-!il7{Hrjd37^ zyZh|ILWKoPaYA_W{g%0A<>lqHYQJ?Sb(4h|Opodf zd?WJ*ixuhL=ESafuR|3QLx6V&hSzzK|Nn2NTB9mCU(CFmCoM)84FEUSSmlei?K+2r z{8|UWbXu->HoI0b{$gCSw6v$)_99%rpuD^Xh7aPow(_RF$cxA=y)uxssfME0N)mnY z+7_#J7EMX=>3Gp$yXbMT4@M$Y`5M;ZvBhD*YYyr2zlqGR<|mAvCx*8!VlWY$Y8aSA@cgfpM1CnAv;Pd!bX0l5nPj6Z%u z^@t>YYL}LuFV{j}9Uwmj!WADp_wlJqV9bC0T5s>K zN^U3n2}FeirVS&wjh%?&iKNel>u!vjeeSOVv=uZvwHq5I*q_NK<;qv__oTwfnfmyt z@0}-Za$xjxLp=z8SWbZ%|EIQs!PW{s(I~nhTZJ69nc>POw`3X@hXI!vrSi98y{t+f z#|HQ2E6vVz`1IS57jc3<#W$Dk^y5keRV*)PkLltfAaJY?j!i4$uiOInd2-zAi@UC5 zlSVph^WQGy7jTBNU^P_OV2;fo+|>)QG}pK21}(56fzMzF)gJuB8+Q6J8rnWAp2SSa zbISJ*<(EIMc^{u5z}|G24G3r31F0o+$^_w9{It%*J7G3D~~P>wb@&* z&ZU8lP8_ow-_7-2FG3#xFSZ-lLPAys=H}+K zw^Ab(=&He<*_t2#>M7O+;T}+x%@SBzXMlx%nv#H@Oz8JTzj4KLS*3O?Q`{BTk6mn> zaXjT{E#dwH4_0f_Sm}Vx2~3FpcvNr2z7S@Ds|Ge`*ej*wAg1#V&V-!FdO64@ zLbxj%Ync2+ZJPVYeK3#xWaQC~iV(6b^bjlfF|Y!+1Y!|B3H>Z5KfZtIhGbX&YV9fF z9LRlqHV)joq_48uo!7k_-?%CXw%#FGuy86u&QeBKz1dpa(%d+{imsg(-vAXjHG~Xo z>nscooNf*cGzj7Zu+mbV#ZlX6E2v~u`T#_|$~de7*%>X4MP_UmT^mR)4!bx}z@PU#Dhl)1!>f|-k=nV@S)RPr^LkczpR z;hVY#eCFDIp>%YZ$pnZXn&YU9QdnVdb zy8EPxcK|95m_F|4JUe$iMa>dQBRZm7GIcQ(-JJ*`U$`><-c)W{G70uf@rs3J1eTZ| z{xGb6)x6wcMcK(A)8eq{Xt#?JcP7Cesk$aaLHU*3cE?YF*OsHJD7H(#Yb4bF93ZOzGP=fllf(pV|N zPZ6l-=q|Ux;1%|)qqsciHmdW4z5jRB{}yZZi-N))dZg5M=BxRf_9)iXp!b)T0o8^! zpu;i1sTROC2Z?A3uFyzy=5OJiCX4fk8Qo1HC|T-^oE`RFyP774Tdm#XvkzEQ_=+2>C= zHA4p-L0yaLX?=5H%FyM9d7>hY^-YmgouF}1mf*Pi{?8(hUUrBcbp9^+NM@^#V-R87 z0S)o40h{aqpOA3)t57o&{kS;f(7fngZT~d6nUHGVV*t_6))xDhv0MB??y;E9bxzBz zMFI~DbCM|2My=M|o5I)j$R!})5_;iEzbj_u%g3%x)?w19<@fJ?(GGi`2S)R`kSmN8 zb6M>5uEU&X(?vpk)4ds1#FMy`4xVc|rB$|%McZYHe-t;=T!OOc1F{~S6DgR+QNv}r zw+|Y})P)}xfDUCNp;t4yU25@PKC;KY7>zGSKqun-lsquuf^&c+ql zDA1r>qb#y(z~=ba@>>*Cyz`UqW3Y+2#r4#MrR4NVdRQ2&X3jv&F0;J+FGWg9p`;`c z1r505huoim2}hQ4(RG&e<}@@cFTLTXT_*VoK1b4HRSZyuHLXkMS3mMllAM7@omv=$ zgR9H+#QS0&fg`U>!l&hSVzKcQJG)#P>ajMSYbpgJms&H>!)uM}6xTK)(t@_^rE%)$4DIpsWY z!%Kl*_)wj;>on?!B$=W{88BUulvp7BVg6K+6qk}y znQ7&QfrH_DhSzcXRZ>`1o^TBuU6KaupUxVax)~-l+d(ky>)6$$1W@&Fo;UyiT*Oo? zp{=dMR?-FvKlKeZ&-`Y@P+-EUi#918Wm5c~vN?k~m||?Rw0c)bdB$iGh`w%U(pfV& zasQ?ouAHtAm7Kq4UsDAWM(S=>0lmCyOkd;$u_S~2$l&z-jr@CFgmpxuVhnx;b-f?klIj6mqc zJ#nnOmz9%~Q&7+@&;cF{b)wSgW>TTrFmVc?>Kf|m>Sxd1v1%j|i3nP?i%2SU=YL`_ z80!qnC&6zoqWJD;90&>w3-oPp*laDzSfj&D6yFm6)`^KXKz#_HIX(q}^F zO*Q{6@~~lp;x3qQEs!tmI`;E=YK!#sj|{PBRRYb~7;g92Z!Amt(G^3p-wH3>3jaUQ CsZ!kl literal 0 HcmV?d00001 diff --git a/2.5/assets/images/manual-guides/mailcow-netfilter_regex.png b/2.5/assets/images/manual-guides/mailcow-netfilter_regex.png new file mode 100644 index 0000000000000000000000000000000000000000..0415ffe5c03c8cfb4f3b0e1ca1072ca9116f2e22 GIT binary patch literal 73545 zcmd?Q2UL?=*e+=2cu+Ztf`WpIf`}mq0@4x{1nIpC5$RoePgE2H1Vp5lD7}YbXaOQ1 zy-6v+k^!JF{lZw-$?JXV-V{{qFa9p8bVsX(*lio9pib2M(N6 zex#st-~h|`fdhwC|2o7>arjj0!~A#9Lr3Ysfs)>fE6guPZ11bzKX9Ndnw4sCl==Pm zvq#1r2M(NS{_%IP%{9-8nRv$Yp^>MqtBt3Rg}e0uC3kCU7Y{pEPjmghm_-<&$_n@O ze9hNr(XslYe%}Moj969ul5nA#j!E8Eed8#~MKUE{ZzzD~%S;AEN@?rCJzrTJ|8k#-$`|~m< z()ahr1LTJQp5LFJL$&`SJLG?FcFUnz*E-tRG>q0CePSh(;lF9=iY?Xs)59@YMMMi@ z+Y#Qd&bA4&9yXUS3R<9p>(&P$lwU%E>?WHr3ci5`Ey4 zXhz3u@b{LUlD zU7$5>31ufa4JD_K!ziZYMj$U~*_F{hZOO^$fIhX?+SIb0v@SZkiBJLuq=#9hi|@!# z>iXufzUyd}cm@HvwckhI&PGuEP8U9@)J4>zM$v(EG?jwgStN#jmkXq0d#86^G1_^K zXY&=C`^}cXY&j%f^qi)a^ek0k$x~Q3ZHKRq7Tf(}YyEhfo_7?tq%20mRtoCrJ&~hP zfmDg57i&7t>1o9RX?~+{(&XkN8VMUzaB*7(PMMS#UL2WCxq5WiSLTXIn4zuj2K3xQ z1#be|b|3DI&$J&yiY9iXB2)oDC%A%1^Zip~mQ##P1~Ci2KDr+6&BseSJl?i34x?$u zZ7|&Wc7~%_t_|_>${^TL>s8SGXb>SEO#W&(WK7#04|1?^JLJECrWIpcNZ4f7Up+p+ z?)=mdKdQO%H@R&CI&F^iU5Q{U^6}QJ&nXqSR|^^$dM$DhtsVrt!8E1}#J-l%$vsoXMoBKVqyW3Pf=6Z$ zT%kMNOL~O>t&}T_nHB#IDhWjpnCr@yR}fVbr(>ybMlPKJ2^55c0V`+PimQ%VK8;nA zlDjJ;_L*vbf4$ra>b?~dO>Z>IrMpcBG|B#M?n$tk8h~!e%P8{uQX}g_t6Y!v(=@)F zy?s`R&^rIRDw)tB!}@oUZVAbK0Vw`psnq#+J7fJwLP`&CokVqA|$HZ+(UeM&uRByAk*G zU&2p(9g06qsC=U4KfpWXF|jx=2tzqKx!W>XpCj-?!@EB=yPqW z&W(v(JYU zT|=e8p+kv_1rBlw*Ru1zg1x8s2aW!%@)~Ari(;55mN_5FR<#~5V*Y3UjbN-sW+PaJ zC->SQf`1Q4nv-YI+Re}<4^2um7>)1SVcjbOps5qNgw$wWzhbU3^8Wscz00tF;-j21 zkfM#Vi-S*F@cyPEi?{?(2^Y@V2Stizj2coQ4Ykr>h|NEy8YmEi5?RbY)`s>RHve

4)8;?#%Fo4uB*jy>QqmxQsI5UvM43Z^0AScmd4hig8UV>wPEIQrA z(K;wD8oFQQ;$dqJTl66B?DEn^D^NYp!Ng@H=+Yc70{kK8icawv#7XU6gP%$CY1nS7 zU84su%+E{*?FQtK$YKkIIvC*_888BgUr~$-u zH~~2;r)B=we)_F>1fwUiiWlPum0A`7krDg+&=-06H$&k`Rcr;MG!z_|J7rYu>xB5w z)1m~UKxqBbd|3D9g40UgkH$@WemGhfOwI(Up;T_Y9}Vm1TOtoKW-P}Y0-cilO`W<4 zJB%9Qr9w2pm2KRluH1hiEI{qx^e$~i zC~auXYtf9*8|M1cT`#xQ(b=9&mj%BcG0TtVd8E7Q@GOk97e^j6T4SI8d20MQUJevh zm=cP_9it7)j7;4xQ9Jt{qtHemFtf&&LengRL|X#8GP6qU5LnShQVFkR|8 z7GA#;CRA9-`#an7lcmR@K0<#Aafh4y+0+MU860fC)9;~M3tAZ1Ke?RvD?!s|;Qx=s z6#si8mj5r*j$CoTZ^|*M*g(XpKC~^cKZQ3aICxqO6v&9PtdC3a&4opQ2Cf0{ASn(fvzLFfDPn5L~Zq@?H*ib+T7;?XB~86dc*FZLxejg z8qXK7uq9)HUHks*bzqxBw%)ElLw&@C(ZH`YmNEv=iWq(PWu_3c`oRs;xrJj(zgye5 zG}fy)Ivaf0w9SMX3Wm{#`dOlR7%1Cx7=C-9E1_X$cP{#3!17wk!{Y5`IBdT^vzEsn zw~DRFI<|Zo=JU8pmOKRyu%2gwkvcD|Xvy~}i*Tk2W|*JZ}SSU1>ruNCGsM z2nk|1DhU7!@w+Aw*l&jeXx+@ALDwl^4yAgZcmtQiHqj6u3MO9#_p7H8>n`~14ppT^ zUo_=~-gT*ee7vyQ-H8pf$A&H)%?!KL5D4)y3yg$T&~e4CaGew)hOxphvV8eDz%3-@ z4lE~#lmd<^{MlWZ9RUknl>x?(WP{soBO;LEZ0|;$Pk}(UVg%B)_-dh2za~Vj2KuAJ z3>DI~=u9>_@@{rj9od@jY9+Ic$B!z5U~JcKrWa(;aK);cm?h0sC1F|et`E!vakJiI zMh|br)@%TSif_tZRsd3)z~|T;^Q@gfO>1X0()5SF+M4J8UEsfH*g&h~d16?6a?3Zn zY;6eg7?cTKHO(*gh}9PG6hcv*Rv8P;FRjEP(n}O!;{Y- zTpC;sVh~tE=Yvq47#HebHbRxrFNRoMWW&PdNVyTVRbz&4dWGDc+`ldACDowl3nD1350lH8ZPJ z*3rFcsnCi~$u($x3r3!(3O^q*8SUV<)Att-IcMki`U1>X4H=lZ(!5R<_Cs7z)!0~O z2j{tH%$j$F1sq0Jp=oj35?PSAWFHXjFM1m{Lo=&cuDaXDl;;7qwsn{8D`fKml`;nPkgG zeOgbT)6OSEy5v+}sx0{%er{n&8A~ZC!RGglLiZ}*%WcC06w+W?b92%6Xup(#uJ z9;{hMWW}S^I%x1-cpwq)ks!>lg5qrx`e6D9Q@um=Z()Q?SJ~a~{knae@KUoN+S^(X zT^xyXM3^;rF23qy4Ed~Yba(6KMx_N#Y&_bhh_{9ta&>9Yo)O?M{NQG4;8tTSmXz-_ z3pc#}@!I}(`RIb68$b{v%Sv|6|=@-V%sShk0cQ-vo!ZCi*y*U{76IEg7Y$ zvLfJ5A%l)}N#u&nVU`y`i~Y-3-|Ks0?)fkfaY!ge_#w=unwV9d_3qY6LUKc-=+y;d zlJX0)JG@eEt9+r17Y?G%dl;>aP?T>m7uf20L$zuQ*jz1+#0?h3i|$JsyiG{iLT;|+ zOcs{kh0nokXU)mIqi}k9)_a-iAs-JDr&x{fGL#+h(n(2~53-YsAF?3D*{eIy+veaj zB}QWA`CqZ{^R!x@_AitGlmvwgoOTjdw*&IoA^^B^w2 z=&2B%eE+eeEZH4#9V~n!TwQdhQK^CEt?y4Bj>y$*5e62w=Erz^c!}7*e9A8?ECC{T z(Mf#jbx60UPvg`_(w8b!158YvOaGH8p-T+7W*d85&(dvgiLqlv_!`;%!cSn@(?8Nj z0d|8Slh5{%fm2!(+++hoH(KC;05q@I`$T#Fb=CeZ$^4aLi${bKQBNV?PR0=Czk;3y ze30+~z}#}VfLOhaO#gv_P(k1^Oe}iT<)rcQG2OI2^i94c%RAHWsg56oFVYGP({-dc z8PEr($^-wYn=^$ir9Y$FC|Q*|sVI{Pw(|>`YD)r_$aeE4iq%Y}=g0FAZBl1=0NCDU ztez>m{c-P><^Dcc<;D6Z1cRLbdi85cP`A6msK-$Q$mQ_8;dgCRk(a8Kvi_1zg@9XIJc&>aB zwK`v7LK>3HW00!t`^5Y~WbWvOjbb2?&b@?oNmq2=9m}^B296yLzqa_!92K(v_vxIf z%Vv?1B5kRK#j_k}aHVgLNT)1nr8npX z9Hy_>r{vghedV*Il_x$z2NFn6C1n>5gJ<3atKHPR8&F|sH6W0j9{pL+nnKM zUt;xYfA*IfxaW!_`bK|f&r)DFxO#5NsGGD!GfeNlewns1XDghox?OfplEXZJp46rZ zU8vqU>nNkJ?TZtgE{n|&%jn3? z&DQaomD#>PG5Q|9JMrE*aSqpqeTU2430v~LyL4=^{qNVAZBg(*>SK~v@M8OlDR0V6 zXBU+i)62s|mQeB|^yxnBSXp(=x%&90b$}67!D*<$wGsr~q@!6^LTUGg_W zo*?pjN>^YeWsn-R*0U!)bt~d!z)U23wcKA^gwVa9dN`Ihz{7{EHc44I-oRlCS!I-sODr|ZO5R=>enuG|d z*&}*|>B;&{Tcg&u0(c6~Fk894{#m`X2_f&3U-_5@q8VG-b!9`gQi;M9Em} zG+^h(Cc7pGMzW2tS=)yf=tRy>CB6&rmtPMsVn$yNX@zWAR|Ow_|CG)NgfEo@-NFFBl6fvb!7nUBV&p#UF zQ_Yf)$~AmP+K-dQw1_!9sTk=9_Tah04yh8nUIo!Gp=(FblR|we^PPU}EQ$QcAjL?= zy+o^glB6UD9q$M^6~ay6`f!BQS>Y(~J zdKyA6_a#fts3j2{vC*>JUu6x@fv=NtzkCH`sSg^}Mx<{RO7J@Rz2eQNtALm&n>Ie)Q1obLykDyRNJ!9-ZtY zT`bSC;>8Pht30%5?->i!s`B?mo>i*HF0F+B9J7jLr0znK`UL+RO;LrhFW{f$zJ9Wj zYvVzedJWUhKAE>sAyvG+W&f3RNTukl5xN-pJm&CD#+|h3e<%%j^cwh$9e-Iwn+?Wr zm>mnlqPUr}e~wncyRW^nc$D#t9T?wtrYyDi4s+(mY78bGdjAMEnmHrU)x}>|*}kSg zilp_#LEZ^W5J1t)^YA=$0-tsjeA#b}*W3WhZ(UQpqA%z{h4eez;d#6kIPf&Z^ZI56 zHU>R@I>{?VXPdGh%OmC0DQ9{?+h%752WF$y|DqzFt>Q8`Ah5;Kpye&scnA^qGs>PI zaeB>Vdqm@OtO#945*RbLF|=4Xb$&Zy3GGcK$~(LQ;Hk?=p}b(9m2F3`>0|1+BQTxe zP#(C?YP|3@NflAQmt1r!yC$^3pT7O$h~A#v(M-Qva46yR74+NPPYj{Q;6RFufTsp5 z*MNf=%oB8@$E_`o-bByOZ>w1L=pxbwLo?qSq?EG75Vr)Dq6)1vKzudriVkeUZi#Fp z&S0-;TlzHh`&AexmuT0I;K4TihHmk;&vcJoJS6^aTt_ZE;j{y|PnNzVX5(M<)()42 ztE5|*1BwTs%hl3RqECFEKtKEl7x=bs7DS6o2hjUNH9+)TpKk5K$Yn_E%5)MNj6S6l zUC_fLL+}!7k2(&o*e#Sq=Wpv=Vgu9P%ANPxq{AS?j+{yJt{>N==~*euHMQk29@ytG zhJ_4wgUObKVPm=ER)e{o7ad=TV87cz!@R(s$Yp!gJsRXsFP@D)ZT)8REX`e-+|CDa zQ^l)n=-V@%-RM)=4_ay)7~B#t^#w(yylwdQcHV4PCfUXNa)pbo3KB{g)YuQ@70qZ@ zjG9|Eg#5*r`o%$h$r*SE0BIT6gQyFda0Z!gku#4cC~uGT03jAA4Bp8jwWKQXLaCEN zo9OLG_w4{6n6~UjDKw1ck)baS0;#&Q!EwyBN$|+En(w!S3?H?lsR~4tI%tb)!<;5L zLU7jnrq6^{U){|0h{k;AX<}?u=6@WvbujPfn2T!-N%WtC3kR9u-rijD$eCT@{Z^(l z328mAV;i($FJrVxNkN>;MleJA_FEpDI3)U}VH(cIoUzcSe_paY;iJm@{M-`M>Xe+h zB6ZmG;fTcdZLsX(krStGy?HNF-zxJyzXd^`M?qkpsjti3Z}p*PV1Jo&fcJ^Yu2sN> zxq32y#_f<66)vsL<3IWdrSZ7wxzvkpTXM+>dxHE zoyZxx_A6Ji(-Qz)sZVw{FDSh-1I~$nZ(j`Jmwo7`eRCy6uxIpkU7*&>%8KPvC@FI~{S;`kRTFDiOa655 zUwv=vvviA&3e@F*&;h4*enUOlO41x>10KWvXH|0Y+Gq1CX84#HZI z5@gihi^1q#G``oTh^l9&8N*hz!+)6Ydu+9V=7HKS-k>$6w6G*Rc5H!@a}jhUGMJ|6 zqqodsm`I8X?ddyr3`R1;Y^OlbjDa}_b2Yg9UG_L4BXnt^bVkva`Gc9!+9)A!EBF6fqVbxnN6Q zg_zM=>nkrpH>CtC8Mw*%_xSG~Yz!mDgHad>-<-2YPXeMp*;1Ql!2N~=jAgL7>EpV+ zXr+jOzb-oPe>Q2XgQWxhVTG8xe9PYpF#k0|DHqRsz*&kLyv7oPL;7y|RMnzu z37lAx=3)gQ+%(L`z(?b@Tj}re&yRn;!qlc3s22tw2XzNp`n}#Z75wX`_~_cq>Z3C7_0keJZH|btdyqAz8HhR7M%<~ z7dVT6h@8ViUl1oW+vT-z#t|Eta|XJ!Ni`oS=U^;BAVuP|4hZ^* z>7S9Y7dD$vf35C+ey;8dH9uB&CU3{~BCD+i6c2W~tsdM*+y5%?bre#sMPKEl*AmSN zumq@2A$>jHaG_BYO&_MXHasJ{@&p*S8lq8z8N+Et3ve0;Lpf+g?5At%%4RJtK^Pvo zOnGuU!gekCW~W1-afD$Z97>p&MZyA!ee3SjjX$bd;-O2!vz%xzyU^mY2!PC~AXQih zbI*-BkMA#Z^|JR%nlM*`!QA?$E3M_Vl&RVNSzh9Px=5xT+!ZlA8#G|b6z&8DKa5s# zLDZ1w5#$}>WXE>J&Y#KX7}f@WiteOvc@}ekiLsg+WGYPRr_0Du4=?3lq+qEy6l}$C z4z>ey1ydy9SY!{q+oG#dlezyi>CLEtZ0hWGM*wI?pw^_px=l_12q}53HZt4Q*O;LB zmDGbk$U3p8iZ^s`%p?dyNjuwO(T(sx#p2ud!99QMp5;ZV^Sx_Mblj;SGOg?5)YaZ8 z3PR_d`<)@@43el(w^KYPfF|I?Da3s&wF{$3e=XPoTkLXu)OGjYW8jNtCI>c*$Zl8A zhI#w?-$O%9(gB}F9A-n)At3Z>>~^)Ub62GqoRMNH<9`eEuX{^$`G19$A65s@TO+wu zRaI|}Sn1T{pKvaDfkYzX;?BvO{cQpMzNV(8&d$z>iDZBy8N_7GT3TAHKj-$Ur=`oa zf$~$v?gOCq_V!RHJvUZmAxHFc&9NaNBfme23;*!I!25iwiSnGyDIcu9rIXhM=R6PH zT-&}f&8eYT{j;Wf>3T_ncYwOT8%%tbFTEtQS!b!*WvBVG4ef~BKhn$-X|0IO<`2WO z=TeCCw^zm=A1-k8@)|b(UG|HDiJ6)DuvC6av}LCQUSd@_4$*=^{QmXHOYMlw!$_j= zzt=-V*7I8SUzh|Y{5y?_-b1sLdw>Sjf9FF@#sMGnkpp}EUnh`r2}uMo`!VopXcpMr za|5N>V2voQ(%2YTzq+gd3AyVnW3}elhIiqFUA^s!_l;Iqi$zQ7tvrVWAURgtI=83 zRUM4H+2UA!3tOR=wSEI<4rPdp-gGZ$JfpkkFNRf^am*yB=479q?TRRG`|xwv%T0Mm zV&mF6#ua{P893aMK9}Gu`C0vO1f-6zm>t4*;MP zz|SVxpAMN&ODt>24Zei@0NX-Uqm<7aXkWrO1zd0472nwXqM|aNb!aw}v*YT(9i2~w z#~d|UgD^(U5VoqOBmydQH;jKYPH^F(oYNT9%Bdz1CZ01XlsU?N5g&acNn#zS z{-dcc0OvXr>h|_*QUGCLjn>z(u)Q6C0D0MMjsR-iL{M`ZmYj$r?X0|IFBwO!v~p@E3|kqKIp1wS3i@@Asn@vRl)@ zSuhR}VpHr6?k2Kwb?x9VYKgc|*vAtuo8^#d24dF9Iz9B5$6z0{Icmb+ zT6bg?M(<(Vl_BoZmVgB^a&AmrIdhyDH|6Up7qlwE{ZJPWvNy^#ZTQFYFQ{A?#RM(Ay z981*l7ch`8t`bXmCM8yj^!K<~q_A62+_GJ+k2`LAO>|I)bRy>4UC|5I$1Z3{w;W95 zXWY$lCLZNFbz|h*XHJ%pYoLDTem)g|OT~Nj2R{7X==HWq6?+I#)QLSxqSv+|xI0;}{nkbTmZZC?aJ@-bsW@hEgVrR%4E4Sl6civAz4)Bw(-d_9fjS$tRVXL!dzKuAl%TWxB`{t zYaChU%qre#g-lEg=ag`O)B~6ppxWeAj$#oV-nzw=JI5%R zt7Q?KjLyK;z|sB$f)VA#eq*BtuF2qwEt*(F)fjWM?e=(z!2MS`F|K`mz{U8AAhILLeJP>A6OkPFeeEf}`6$i$N$kjMWEk^q)8CQ0 zQ7VScR$BF1AApBep4_(=oUnUkW-U!-t%$0~qKlf<-c;atduPG>YS4=FqJlv=%H3oN zxv;7Ld31F+Ak&c}WZYlkd2U1On%;%SMT2z+yYo{PHc|(76GWv?+yqFx4_x<>=^8RT zA;0iYtam9^)6Qw#a^=GGS^H8_4MYggCy=66HwbAox1RgZq&;0TI^;c)Ww8WcYrW!U zC6N#{S-tqI?I+p$rIl$dNKi5@D%N$P#3;=?wy9`ci1(JO!>mkn!Wr;X93JBhWm z#b{TsyS*QN?L~nw+!SN|wC4Kmnmhm6_wQ09g$9S%_jM*ydMjP9f4*mOFe!64PlJer zLs5a&D&k4CdPV86z(XxIRs|2rkP$QfR|Mq6Zn1ZrzHrXo;g)SAfAZ7%eh6mO`H|4X zC9{fuyhCo6ACzruf7~!5(M)mf_-1sbw)t~1NwmKGfz9yZ-H6s&)?$e>>_@b?wmbOm zG#DxR;pK0bc)I#s1w;#gWz+4&+mhtwbFPg#q#k*svE~Wvd?!^IZ(e;nJKppsGxfwQ z(j;P3oY11GW&qxe>z;?7>6?z?sM5eh+v3E=v_DR>;Tv2MTjLl0K$T811lZsqN4}J&=B<`ET_ zXx1rT)ACQ3RR}E+(>C;j5YRxm@>0tDQSia4!94P|Mao`A%f478xoL*KXx@0@*G&!n zuDeL$!a~c^#;B$VQ#4+by1gfLr*)QECri#|ay|HO=XZv@7hbdMMjzOl^h$6ME}Th1 znpprEETnYbVyiSyilRRgCL0^OpY-w6r-^2BIpB4fGvDgJl54)uG3xtNOw_Aj?HT2@ zi54JNxO+5TtK`wxBVDKfUqsPaiIGuZO7JBdPu2BgFVCI_V;5T6k8K^{n|dODy--=n zUHSOjQT@ZiXNNyBOWL?N9n4j4=)N`U)$(-V$Zrz>nsLgA|VByjg)~nMrkNwG- zoxSlF#a)$5P;ni)pOD|{gksce=ZkLN@}&hp>TSPfje5UE5_1;RVj%r}E!y+;;^nop zN6RCpk#cWeBpGGAKxB>Bb~%x<)lNN3U;XFePeoQnSxSVq8Hrw17HINq-mP?11k? zMhI+R9C5SEIH`W~YYT30Bb;`!WZ2a~T*nc073q7uDmCa<5aBH;A$ntI^!~fQk;IjP z7E0U|Q-!~AQlzU|b%(CKNKtt&ydwydlQte}vHb z%z3Ijz@>yr4cI()+9o=_G zQ=n6h)J#v=IkySdM~jlDM%`9}wj_l+n@jH!0!qcf zb?QQo2agv$s20nV5sdHfuAQn?ht!a=hpUXcB-4s!bM>(Koa5@PYC@*ncYP`)2iM;v zB?alT6K)0RYu=P+i*D0c98A<=4|o}NYw*H#zx>w2DOUiea^5KmB;@bkyx>0`V%!TF zt`+rV>cCR6mHCU@@hHoc*W5atX~3VO;Epy4n4!v0s% zvci)_5s<2fOeCezmu?BqYtj94zf9zkPD?ivg=J@7H#Je@#!U{bjC-u<+9HXoqX*H83kz#&YiH-4c<~@!<~57i*;&yE-KCtL#{Ahu^yklaz+lFpa<;qfg^9<9 zap#Ka{;+Ma4)*pPdZNz8gZs>v3kq&m*1nY(s>vU$SQ^W9alqdU2LxyqblWE<2>xpC zfLgU)+D@9!bXoTQbi$Y@(t?RM!_@<~6L+0T4h|!0YaM>A^aBT;TrDms$-$)#&9>dP zM*5}@vN}g+*A0KyEYkRY1%fiS!|!?qqnJA?uf-?q5B2ceezcYYMj9(g>WnXz*_5RY z6>g4eoFAG+eO7kBb1vH0c*6s`%o|f5S!}#?-mUX;_o=P8mdVvRi3@>w6?d&_0d-J( z8&l~~C~HVih+O%!xg#HMbnhGRudXNllQ}ZWQc>lK4)VVI`bARXPh@%L=N>`VSa+sW za!qI@uN8x&A2RDBFr+_FPT#t1jezY8utM~M&|`{kfYwxXI{7DO_~gM`=1nj!HA5^X z6TfXbc^!B37@5Te5b~L>f3n1r5`CSytWzeEEC+DV=8>y>Eq8MT$8sc~mr8O=<-?q+ z)5;D{9^%jCfES#w9gR~qD4d_0be0M$B zeUH90uk&|#=$^||1~*HE%m&CCpKPDt7kt>(Ts8>nLXxG$7YDGx(PZ)k8GjKJ`sru%?4fB(Ao3D=Vw1&xec15w6zteV@B*~L)4+aBer4S{|qo|iht3DtK z(m-Cb=$QLrJe>HSLq;(sWPG+(5v&QNzsLpBwn7tlz{HitC)j*Rr_n^|qLu{lTe=x3 zdAOlc@o$fAyHw{0@1B)#ToaePx}q$$R#@26uAQ~{(A_Lar?b?kRPS3nY_>V|$enbxuj{-iN4yO#N8LviiK5)R!7QHW%*vK*F9mIWklynvpq3#Tj^9qCl+X zFNb8RXSQ?o7n2xwg#sbFeN6$tFZe63;As{6EiKGU;(e-U>>#UTYQzzjD&?Qs>l;$r z5ntlW(mTQS5u+KdYXA5)uchR$gN$n_<1-J+7mw(+?e@78WE_p;_2s=Nn=9;eG;lAX zPsMqE;=<0wi}}y{z@(#s<*K(EZnShAV#cO99AGixZey-_?e-pKXD6a&!3j<`X_zEs z1E&i4dGDf(sL$@hE{vrjeG?kEb(z{gNpM%eMFYJxr-&o&;no{kVk73O2%pXA;+GQ$ zJygoW(kxC1K^=GQlKg9|Y*j{PcZwnnKX)Zw^>vO7uj-qhk#aZ1XP&D&!F9;jD$7QR zGF~`+GyH-HYH!5TpeXGDa@CG}rt33VNyk)IS{yT*{m-onrZ*H7H-sZPYCa;TZE9|v z3A$e~|K0ZV^?Xuh9lw`0K}FM}+nsRF=97UFbvGtQUJ`Kglak7>73OI@WD-cQ-;>d3 zutz=h@>l0MY)R>4=}Ji^_GSW62{w5Yq{zvf5|`CYO!Q+DbJ>881zk%_6l>&iTn?35 zT+J&h0B<*R)_HGOm~u0S#C9k!rJl(mt+Yoa$!Mr;i8-is6y8)@z!`~-0HRhx^vcu@ zCG|R(6ZD5K6(vUC!n33w>s}x0|CV8~I#YLlV5Pg=S(pDIayVZsppnlv zGR}yfsYp+bA6HTr8BlFD6?@Dt#004pKS8R^e-2U)OmXLOpzG?0lQgpOs?<*qvG?g zL-EPsw}ufwq0xup({%a}lMLJ6fTNar)2jMTIg#og0vc}MQD`-i zHj@QoB2{}S-Fd@Z54W>^CXq$yfq!@96t_TR0-j*L5AMSeP@aJoy^i>Y*#PZ$(KLO4 z(2atcPcI)0+cAX16hl@OB|}c%iv6eeVtGDme<`7RHMqc$d0@{-DD+)M#kIfvD9HVV zJ<9Xt3UKPnN~x%5zwO@RR>7C;eDj3YfzFGq9M3RTNhaviy`Fphm(Lrs8kpmNA*}YV zjcd+a=;Wu_lkQ&FICEyy7-9YGN=Ow5{wa$I*YX!Qen#B)_FIcvfIx^$JtW~vgadVU z)%Fy&#?qi*mYlyGuo>_`u`<6!XjC}8+7*!>@q>SDVCSsImHZ!~wa&$&7WDpXzg#em zljNNfY7%G^zT+3X`tU)OZo^)aUM3CE{njB6P~b_7In#7K_{2HMj_31Y-6k*W#>m?< zm*pOak1@_Rr71{=el_5#ED6mz?E5l1b?Z#)x?_rAM@k+`=Td`L@J0-)nE2x>i8!AG zhpw*AR-lFnJ+aZ00;O)VZ|ltuZw<=_FhOg8?@f78KSM~seG|n?Hoi~a-VqQ`eVXK< z4xCKX!M*xvg)g=CW)W@wNLT>OdCoA}eA0Yp+6+|;mt_33)PYD})6+s+^OhZpst?JX z$I!19_DR`d>=o4|iyfDZJCn@BCqAJ#SZ61j@F(ALV z7|!K!|BPTVwb^67@=Q^2#}P~(dPIPU#`6K!N#_#y(X%SGRCAxBt~s^tx}JkVO&r0r zLjQ{}o8rNxy%hwezP2C+dHv+^baR=W=ylaSl3@EpF{i{}>ek}Nh`Z~O*LJu=SE~v4 zZ5D=}O2iIbS>SL{vHu$T%cWh);J}8e8%0zxHX38;p@)libt4c7OPyzup0RMeu6k@=7|t*DEp7evNn8GX zeL#NZN}-8{;PgxUQEIB`H+FV=t6J(D_kRyK1yc;3mRrTu=>FH3(@20R?UWvO#LF=e z23R`WC`GaB4m1*P|ow6?4{40M> z$p)K&wJ}3yDTWKg62(sZh!CDfDgheUn6b42fM@lUNnizjwf4-FyEY9yA)-yHdQfs> z;m_Bfo+~r8rT;2l)R1S~sfG)lc@t8c{YUpdy3Eh@BkbwKpMmO=2fv}Lv**9>Hn+y* zw^&}>yGT(0r2iY~uP`eW_+LqTchklk4V~hM>ra=K3y2EB6>%U2kk*?WneJU@CpkGd zm>|;rKXA)bou7w=MWZ>9i3j83f)yz*(h0I_!kkRAEj}-%cWAoVBuuDU;3GwlZOG_~6d_9+&@+pq@>R-m~|0%Bn z005Fya+nJ0bkM$;c&kA|e~7fCmp^mThSUM(56i4KmE)w;cSQd{?&Aps9t}IaGL@g- z?)}97>`34L5FnZS21v~qU|trc$rGF2BmS}0z|e60ci97KS;ND_dTFsH)Vn!F9Ih4V zdL)xN+8^x9fBs)4a=%b% zZ=tFLcxY$abdwfEjEui~S#rWiCg$EHUUZbPYC*STT+!r*81D>uEE)EuXf>j;!f@1P zsLf~Soy2!d35re)0ew*E((SY zNqo|BWrO_iTj?dgsXZk2Zbgr__xQ7Wme`sNG|Pf7`{_YcM^CtJS$FRoBUsd#fAb+G zaqxyB+qk@_rSifc%||a^(32PVKEzTJrqrC?d#&E?;DIkWq7DG4NC0IIW6MHT^(tE; zT4PQ+Gj+osu$N_Tb4qw`+GloF90RJ%N3>|N?r6BVxVTi2!Gt&l&qK7cGTPA|8Z6Y$ z$5+02eO*R5vxlPW^E7u8se=)blWSP$N!NWqF1De&nDj^@FG-;uoFDa88rU{JW)AZY z9lYTctyHrwk0bN2Wwx!q%|RRXkD0C$>325u6kiE-O4@eGT4`*_RDKb9L(NcAPU-T@03UQa3Z ztgR_I^_Igd3LsIu5@O%{_JYAP##*kmkbkg;z;Nj!6ej1YzQub=ib{UK^F-E$F{4a4Xj*z^@I=|N2#qqdv$<1e7(z*%fVSHV^ z?KyC*K{z)8)JSM>WG?zn-=C6$*gmdnoC1$kC3)_CsyD4#Zf#tPLPekBjgJ36!x7v9 zS<`+{1giQAX0otHj9X8(UJEP@>pM7)jvp@Y>BDy!!sTxHUA$Y!#opBepGKI5*PBb1 zn?VZ3!S7d@x`(5oDZ;6y%)N9MXhqU?R@YziG}mZ{Am&CE4C07uh*x=?muo637fB6 zKAj!UlBoIsct_!-cBGG3&DK9kyz3*ENIe34lKk9{Y_!W)hWfPPRd^lb_Y>dSre6;L z+zmJtRdK?#S4^+SnMJx8r?jH@Ow3zj_@<4&v2-|HPeIB54Mx|?uQh|Jlxx|d^W#TWTuT5`#au59<*67kU3l9ENw*~mtI-&@0Q451YezbpPN&i zyINexjAe7txZy}?J1=PCnT`GsOxUh}*xk-{(wlIZFFi_Cx!$4|FJ19}(=j-hLAv82 zW}lce9_U^dW-d&q?|O8pRuKO5iPs5&TrJByf1xd|Y(~u|q%bw@Z{v=)TN#`|>X_YQ zLq2(a2SYH6BJVAbRvH7J6lD%Op+66u$*an4%E|P9s(M16_uF5C%ym&z=75jb0s9jB zJP%?W0A@P-K=mE7wxiD~+* z8{lFeN0ps29a*Gr&F#gp*3tWb2BM5#BpvnHnE=Wba(&Rbx((cZ7~zTWduUsPIBRCE zXb?=>KRg|0%*SNxrp4^Rk zYRE=hQ5fOTISrPR@(WRq=wtb%tSGrp4TT$F&<=Tpr^Gb8a zU+X>4FNbcsFKk@<3vQyRp;;D0xHqs~taD7zX2Kk;%lf`Rb^h8;YE+d*ZydyyE^;pH zUAC_V^l}CCcAi^`Tg&HKcjt3?oz0N)4^!%&2Q@X{=N0Ry$Ed>8W0kJO9*fbsjSMWh zA|Nw#VmxFAEBai4wKw~6{qWQG?_iJht2jHlmAhge-98~k2x2WAC$*;2xA#}m$nM~y%^4ji~=F=SHbh#`?OfO~Q-X|GuCq+Du=M4#njVDHW-GR3ED&k8`x;~ZCQ@S|@2;ZG&PC|d-Fjz? zVQLLx!J52*IOc4l<-q7f(_Us&ztEKiArI6$Y`>_8Xkp{rO?c7sI0Cl0E(DbG+8Q(k z1reooc9P1xv?3DF;wk8tGO*}TNGs#!I&Er_`g)qiTDRk~^-*kZ-@~>iybkb8u{IdT zZsjC*FVRrIbIj`7*oJ~<#OwK6fc_Q9ltR{;hbk8Ll!arS^Gq%N!@goNZrScom(uZ? zdsMBrd-FPb&F%4bNf}=`hw{gK2}QfeM>g*<%|^+m@{+E(va>~r{a7LycQ2V|T`t1B zOUplc(hHxelcd=G_w-m!M_Fol~>gh}sqj~#nj_-3p7nmD(715>;DI`8On8>sissI%Q9LoW!6gU$B|~$;M=j8!H|eA?&&q9@=vEKYTg?6J|Pr+f3@aP_qK-wylmiS2*an zef~Vg5LESb=&KJ;(0KhF`6s07S$1O}^wt@l#(C)VGib93pPm#Ei49Cyf) zH1a*4ch^?b+O2APGfcI0)=f%)HB|*Q(ruAvS*LSo2V`sLpnO@ z8%|1=T~_vaRt>ZD{V(jDcUV(foA&isQ2`YN0RfRFAiWa-rFWFxLq`Ik_o{**gx(

?)&#_?=>vf zNM1F|>ay{jcVthHl&?UNeGvRMG*W?dvdT5|`;KDv+;v~O@!lXA&dK_b zcg<3X&5wVZzBHi-?j;`d^beN}!V6yQ!)2UkuM%FV>DGL$Yg%W}xk;(mr<-p_L#f_ywuSaTqN9fmaKTh5#Cs zjmirLcjus1M$AsZr-#mFBX%cWUsad6Xv*nvcrojGv7h-ZhO81>l&`QIS3FVzz*C3j z#b=C_NBL)`p<6sl$#Sh=j6l;=QL)z-{K?y2&pgRp8t>xmTz4@yAyBvKt)_;H<*|6` z1(@v#;cQ&%yYkrcCYs~mg$Fc!hB^i}JGP2_KiQ`46T}9PlcvYwwtJ@H-8Yt~^WYE* zt6m3~P7LCH7G{>Y=r*p?gK0$J_J`RVD5y_w5Hle;ZQFnc+^bh2I?prGrTR8DpQfTT zKKX>?K7-QA15XrtW8-XY2ynkvBTJvkj_A2}AdHN*m3O3<&)ltKijc}B>WLLhHp1(d zuldd2iLUwdwfsiB_*HWWxGda10@G&wl&`6804lGyPyK<63(CPHX!psTeOx(+T~)x^ z+7*c~y6)RS>}WrGzy4jt$UEgk8iBf)4$8ZDpX9>CWXGGK3sThC0W&E6fPx|uS6sR) z0!1XT_?WwcY$t>?Cdz9yz!8v>_&-+>Jx~5&6%lYJJ2B}l88Ujdt;OB0BG z0&*BxSdT@R0-~*l@2-`ufFy8ZRBW$o$8j;=yORmSZB^)#DKqC>xO?-)*K}U!TFj@u z;;iFgYtBA|MvCk!eEViV(iF=LENSZP1`d*+S#_CeamSm0s(KAg4(| zP{I5@Awa?Tx^c!n7zf=KQWM-3O}v)xwUNCa7`ro;S3o#bl0d)3cvQ|C@FG`S6;08G z{{|MLS>@E8vXV+@b#}|^%aLf+VM)oMmivL4S|;UEsKEikW%ufvX~<_cP0qW7m?S+_bAS zzdyO}6KJ6XQ_ItNVKb$xL^M_8u;D?+teWJgwrXXa>#39-ripn7NV4VgtA@+jrk%C! z_8B$Zk?}nGOlR$O8MTLfn1v+Ds{M3N@h-id&4I&`ekrEOv)qb<>|!rtX4vgRHeSuZpt&Fs&B#m$PAj@KC_4YNoi43>)*rJ#HaX!?( z998>18OHbaXbsY@spuLYIPrXMZdb8(q#m<~5qgNls( zM?>p>BHKkBKB;r}Rjh{mXKdQyjmWtK^RN!}+u_R87K6_y+dsbwFTD8%V&b98l#}F| z7X8|XywJ^(`ONJzfj&Hi1Zh)rndY9sk{uv0eS%yF&xTBA*1QdU&$$gxJSwVuH<<;z)RY=<5@)f~8SZ1d1d zLRWCwFd2 zxhxt=t6|C`l*y2KUm03!24VR5?YRl)WR0{rO{5#u9`o%FkCzX+?Ui6jv|D&}KV>{q z&8V(z==NEe2JTcQYi;Ao?N^d88T5PHL%tG`yUt28=Oum+eErhw&`M>SC-`+bCZCk@uyz@1(O(gBw1(9XV5@=!+WBx#v;1#txZ_^}Ot>=J0=Sm~ zPO2k??gFBdI1ptxH!_U@A5dTcWq1~$T}Ym8L7IPM0)U%!mkMPRP8kEZO-ru&pB0zt zXsNv#r+b6}jMuB*eJb2wCf%?P{)T;1EV2BRQSz!**{b8aj?&X;%T{mPWq+y~NEuCC zu6dvk$))c@cMn&9>#jTc^82?&{%Kf2N6Iph&lW6>&_Oo;)OTfpOA{#k2ma=#%(i{B zyMoI6d-AAAR%|&6g(@jA0x~2b2>2gbx7X>B0}wZP!GM;n_t4j$1{CUlF-7$OrYJxG zU%htWh@#PFoFZ5NzJXQ%ZmtJdjsBW4nJahMUch3pfF-HAxn%k8`jz5cuVKFY5>GF& zx)2f)s;a6EEt)Ybd0&XdzYD{cUf%k1K>o`RrvIyF|BV&u|3c6HOE~CP7>7#|H!QyYR2;CjFO#AUm_Y#57=tk~8*Vdf1x)X&Jq}y)~dlJh!$3Sd=$A zP^2WkVoE-dY?y)m`81xx{1;K_tI}%|WTV z(KuR~>_OrRmTqQzArGGI8=TzL)+;}{@~gudE($uV6V2H`QJ5vMTn*ek`7=SAnWc6g ztMotUv*K1+_(Mmfy0uxUIZfu3Mu$&FkXP_F_oYT_ z9uk;N=8^r%_%)D1u99ddO);WD=Nq`U)8U44u@5{%b)~ykX$8|C;7C_OG}wW{vLP2x zd<+E0BW?H45{)t410zfRkFri#j1~%HMsn`Sn5R^?00WkBMC;?%1QALmwyx7B<&xj+ zoglV`f@X*A7f;HFGa$R@VDJ)3DPE$J9>nyO83;C8W(_({>iskmaNL{$$MwW+@E;YC zn+yFADrQpQ`UO(xJSyzd`PtbYpS@ya1j>Q-tEPS;By!K)a?F1??d~>4)Bv>VB zNY&m=rH{VD^xtT&#(}jaHpWArt_PKvK2S<-8&dU8dgTab^L!K%jC38ixvch6+JQKTBUaCVIttH&UY|6NP zqo<8-O9dV|H;7G_2A_FfnxX~5Mm=9wyk36}woZm@DyFcNk|B4L!OgdMbaC4Te8<~E zl{Rts4F{h9G9>v@u>Fley4DfbcdYreI*)suM@l@byw2t`ZVR;j6^=S9-<59f)ck6&V%*V2( zyDF}5s@M7vUmCvVtbPgXTh2GiW1gFde0q64b%p>#uCsMD(084)jS5|EKbOu`+>#VO z9;-0cYI-p=b^OGDwTm$q78AVs8jQDxaBW<{c=k{!RMzazX65HN!#_CXawY-47Qc(A z$9L3oE}6b*%0^hVCwDC?H+wFIBYTbCQS+yom!K}m-eVz~*DRKasstmzp6C?+R)F7c zNUDS!%_`=NSdyT;p%Gz)bn971V;PfIh4h4+nqgV^_BW)$yM1KSp+@1k`I&s#c%@yO z{+7xS_9;Hf^-)_ZuHz$$rQH5P+WduYqb-Vt)GVvw>0nW9(uOFGx%uxp&*lU4V=z3C zPu{5*YY?r_rzlTn>Bm7GpO+r4eo>~Epf)+eaDs7Nw%9v~=@ugsV&#|zINe(xV`Nyy z%e=?mMPn$$@hLC1E=vRdR3xX=A`=8RcYGuR&$@n6e`j5S+0Nb=eDZC_{fbSKt`t^7{+-Qkw0 zEq6}%1T0#>pKX8;kLQgf!uZ8v^XVO=oZ!XuuqgO<6FW?`=sy!XOBtaZl4AdvVgjwv ztP)IBSU(Q28$u+-$4#6P+1cTrg&g2BYA)vx)@mhM3eYK3a)XJ|o+x$MFz{H$N%AXk zQ7zlc2p0aP#44GMzjJ+AUIMZk&ED4B=Q!p&w(y!d+^3Hc>vtcNwDP zqh=Cok8QTdIBdsVJ)b1PJ}OZ5E0NWWM*4s4g|w&lU;j!^zkxU{&^RGu25`w0lJ~yL$sHHz6Hhq>Iy% zyX;eqw``vcE`+>39}4^HVl6j}l($(Wm`7PRzTdgefuS!Bwqoxi(Spp)cm3v%oSspU zDNR0WFNrEFLQDtf?oEE2p`Lc9r!K>MOC_&-ZA^SKLz(GJtrUtUL5q3>CNLpN3^z^f zE)YPiv)ZQ`B#Q2SC<)~6{PFeCL_)%Ie;Rx#DVFg_z#S$AvE`=dkHbRSFO2T*f`%#x zLntk3G~K&K{oTZaa>XBhB>CB{O-O_qn+0dwdI3D{s<^k#m9X{C>Y)`+yF^tOXyG|P zRIxoQ(y*9=W8j655Dp`Occ}OyUerKnhlJFv?)LL{2bEM(t$C$vsR38|YL8<)H)%5` zXt-OuQGkf&@@c7OPECYMitDOylyR$$l8vA0bk@+=kL&CT#IC}KgbzX*?2_ctc{~$~ zWUnikqK)E7bw3c=$XaEW4Q`q)mDPVisx|0_ZbRrpsTxW=vDxZvx zkW*#5$7Iza$H4&s(bHX{3}UsmKu*VmNL!UeTSb9OlkbG$;iQljBbtVzu{pkslOGj9 zL^#jv;Wb%DB!h-T)NlFavCdi6Dwmw#BBB0F%{L$|DLzbzvQCcaZ3AxsP`H12Lt& z2K3(^#?t}gnTo}{TZ1;>M@u!e!##Ib<>igtz8FzJ>39L8o3wRwbO0CDa4h%VKhi4Y z>-`O<;>i62smE)cLhnD^ahEPhe)%)6^s@GU^GcUk$^O5}E1ejXv+|@|oTZz;P4bs( zB_Rsm(`8!eTOLww59lv2j{q($-W<&-pMcco#~W0~Vc<)y2CgTmRe7|LZhjfFTo-Vu zGKW&&&?AWIs6h?_^$M58=?q<1X=#GdcWfXt*!Ll_x+5PRU^oTdNEqHhIA-(Lh zpV**IO1ho;4ULcM)W?z{jK(7S>>vNUZajJ{cj2h}Jo@(t8eJN&pS5Qui;gWi8Jm*J|8;~MKkQa<#iBC3B*vbnYtYsH%U@!ID^Gg?3N$>=>%{>j4AoWio--36G`D6`0A7t(n2wE$fr| zf=>C@C!HF6TxP$LRT#HiVQGEFwSGc*TKuk_C^11z4OyyVik~?t(82=t*ejT``JMxj zea_?MT5Cza=epeL=z%nWNsp#tXN>bG93^dop9l)s0GB<{W{m3xzs z2>G_6UkkwEvcBcr&ABC3sUdyPI}wrVx?}BN%;PF^s~cPmNSEua;NhV!n&KT`t!f z>CRqd6RFU^A5nGn)PjTfYWbpRylA#zrl2o#!gc^#u@icy!Qnn- z@=Z;Pg1}{FdT7;|>g6@!g?z%{2)*S&+p#LYvM>pu7WPAW7 z(%l}~^@E-kz!}gb@B`g*swZg6oU&X*$O0aDD)FW`)IdUmn0{o)HnAm0HQ$X_E{v$Ng5*&$Od*>cM^>~-mC{C)Y% zBu&b3aQRE#wDyeng{yBzbaia$rW=A+&j=8n#pM;DTB#4N=X5_wl|b{pQ?5|mdsLL* zc0WeD%%;nt{qQvPtI0L!WTD?NV~Zc@4-<(0^G1^i#pd<|*+yALf+v)pR=8X5TjrAr z^%Gy^@`ima()YX9e6f#~4gY&O1%-jZKZXQB&3OJuaDNIem6FoUwanU?7rOZa+OByL z(nCI03r>9C)q}vGJMZj0j-V(G%*Ozya%ily*qh={!~CfZ`)&E<#^H*@Op5!~@zml$ zK@T+spyAitbt2W;t3;;dXBLwO__sJ3C*zwh=eBL(nc~M?`35O(U3!APM<7p@Q6e$h z(u#tL6Mb6wPhbQ;@;CLja;{o<|cJ~WXXEI znW~#RS1ru3|AneWqBCtrdQMX%VZLCEmtN8u2P)WnQ&FK8{E!Rg?B9%Pulii{MjSRE zkU;Byj|C=5=m2lORuP5A2$T4F{TO(Z#rHG_fHw@EdHh_~58OqDiQu=oRI~~FIA$Tu zu&!qkY6$svzH1*1WS;q(gssSs2mf--WFe|38rJRzDuCfg-ZtY#2HO1AQ6iEXftiFn z<311b5CT65m!%V);pq0XhA>2=+-~a24hc3THjjEPThcj1VnSF%M-;|SN&2)%m}X)$ z(t_JUkzx3r@Wrd?h)ez=6;u}7*ryNH$3RXVFF#>Wbf2F*M5Re}J%%i~-Zy!0kiHv!2BjgdtJ~Y+Mv?#^EqP@3027;c$pDBsS}xazw=YBb}KM#Bxna+#a~ERC0dN&gex!) zBzOn&N=M^{-{x6=0@5qt2HNiOXN&E0iLJ%o zcQ-tC6YoXnVjcqB&!RcRJjH~FB*HQVTd{johm?@bEvh@)#jrx4@6@o`0@X&k$vt|n zNJLmx1jmbnWkUC-cDMZt#AK*b-ub*Gnd|Uz*tUF48lOZwnwf8=zf8dn9AVyY>llTG zEKGh#{c`=I;&J4jbCtF9pyF}+)kh1)N<vI45gpUS3>Y`z*sx`;hFEhXZDJAb_^ zMJ+6CXUo(Nm!dAWp2aJo&)}c`9NuqGT+|W!e0E~``iJPR!R6mP`hz)HmN#;9zcX^^I87tpxaik3s{~T)L zvwG{fcN3GdXe#^wm;3WDm^xL-?8SRv)IKN`rwTk&=uS_V!^>^p%RT!+xqMiT@QIR=Hpnj2 zXuB%5cXmkM?A!jy+7);sX7H+*jsevZw0=6Jcen&ml%(=kqC#85Auy6317EYd&{SNU z>IgnNFp-M@a_2$*B-HCxvc;(9KHJY0I>V(DLaP;i%dX^1>ra|YUxQJ;>pO0D(9$zZ z%TWqdsOtmRmDdDF;kltM$KGpqDL*yI6%r(F7wsDD1b{h8>76 z$%9+P?5P3-J#O^M+u7Fg@6wM+iAF7MB&d#x1KdQ8iw>(|CTm(d%12oZZbi5Ve+7=Oqy7;A-%x}RE)8R zMaJQZ$xAFvDqk=U^=8it{=n^pH63QFoLpR00m!M@VhqgUzs#csnP?v4rN{3TbpS9eM?hFWyO}38=GWP zS>5flU&a09O)9@%F{2gO-xOJ6{wt$t$%G1jgx>1xB_DDO|4jr9F$f@6Yb`q_BP8ad z>C0H2KOe6GdSd=AAk>Lg07d$Sh7Z+s=N0-|>i-t8;f36_|9-I{`|pS6fMlH`;H|j$ zC!6^3<3}KYS6a%YHMHaLqy7dA20Q0x{_;L3p6ekeeSLi=CnpMYQSEZZZ|!h1)e5$L zDc6@S$z}n#6{WTkW4WoyjhgJ{5iI-I>)&ZA0Cyw%8ERDk$(~`RoBsP3vQ8^HbOY(C zmgwl;vxNWZh5?6eKl&nAeY*zK}|M#7LNkv6`mYpJuq6MHBL5Ct3 zz%VrUVg>{Im8<`5)a);%`F{$UqVp>nX2S4q*_y5cGgJKKn3`163n&W8ajrp|MPI^% z2jo<*OC=@`$+Uy;6#X3j;Mo;a8Q?OZDN?Jcn9s~J#>-MYtx!RSD^V%9??jU69e?1x zv_4oeo!?OyxA85}G7e8yh-^Q^XPKA(*blBRpH+J-xV8C1;+&Gsx(poI@lC9zJdamj zPSTujHft>^zW}R8A8w}2!pIIw~wFE6uu7mdbkgn)`z-`5JR;`xgs`qnp zZRQ6WIvWc(A8LbT`I^|e;KVX?PDLsYMe}1R;LoIjs7kwR&@3#ef&qMnYI&|K9$fwO zM)+tyQUN)mV~)zjg@K>T!@bw1n3;C7me&UdbW*kCwtB+HDHIpDj7s@bf#BNIhx@!F zZ#Gg|Ktg?tjEHlX=(`}Ef5U1CDEuGv5c~!288I}Ij}Rz;nqVdyy^hCa)bdV#^udHs zYlg{$LRFe)>CA=nQ(;cFbQqOa@zJZZO;G`S>zW>O4B`yW%bW4Oyh!^=o956jaQ&GZbzLYOBSFWPv%xa)QAs*+cjLB_uG3%hrV!{($kP4u z`?OI1H4ClVYSk_Kl8DpdHlNRgC?|iB8fx*EzIMmQ$9u7HpA8j!N2-yCV(Dk5oC%U5xuJC zsLE9Kvt%-tzNg}tnL3N0Kq8+oL7rvO`Qp9Ha^^|L}7 zd&1HE`e(W~dHRPi%6-RD-JMV+9xP{8!7Ih(hozGFF`pV?2|-v#$aE2XlV>t@q3Clf zDN|Wi3H->1@hCGOQsz75tIGU9nr3Bw;OtRRaWz+zBb->{=z+b0AdVCtzo={YjR#6S zR4+vR&5RX#5Gp=4!8IzH^t8IWa{C=}Z ziK-#G8x%TW>Js+J-GyfI)=s3QTx<2Fc+c|Hd1-rzECqMkzur6sM zof2ABt{r}Rk-g8Tc#Zp9an#cRkVQ^VkoAz~r3p_(ZRy#7!$*}!Rg8-_z`7Y}f_WJW z8rG~Vb-3o7)*S-`N(X($@5NwuRZqIrQjP^aUd78vUR$>njbaSk-vq>5V+Tq%Or9n` zmc13K?dR9fi;F~d9ixJ$rS9e1GT;g|IYDd3!h`7#XY2*U01?C#|ISPXTV7CJ)9@r? z2kAH@aECC)A3fN+-zlb2hjO!d4oYo;pGck|>s}3vy>wVkvj|7VGj~1&cYGbVJSrfH zHltM?W=Cn(D`XCtT~WhT5fpY(g9A|FBg8`AZFmfE(z>ER>D6|d`cyqNBs9LC{+Qk0 zrE}|xt-owh+FY;srfe1FiAdI^!VXGQ-^Wh*BKU*J#K(P;oTF;s9LMXWQ2?RU@U(wh zLOMxxCqvOvLM-f2w-?5OTRNjci%m#Z5xn$`Ux$@18ZnE~B=@1V01 zl{tRfTo^ndaH8yO2mE}SqE`*vqI|(F&z3eGs9KJEew(451^7_UMTua_Wyg5G?~X$) zVS4?*AoSGZI7~+IR0SMg;cf|y@t-FQD()B!IIg$b@^>GkrEw{(K=#G_d{T!7#vZ6d z@)a*0q!CegeNQ|+-r#dzh3B`2aPt?`1E$J04?it0&|{B%QjebJREWC5SG#OM4MuX~ zn%`RsL=7poQ9=oHW|;b|(*CvUw-mR9uh~ra$_k3JV%o)Xow)N9V-i^1sSzS9u;rd*o{Cga8C`#9&Js1g*2Si+L7i!PGn3x+g(Xs+jp)6-XYmfo^ECehXD zjNiCdRA=q7lo6>8s6n+hCr=NFK8&`|XdL)Q!r&xjNf@Q(U!YIGlWJ7Z8VR`_^UNtndgJ*E(_1zi0}o zJv4`{^!MRgy8Bl3b;CYw!A$oGskxpcR6c>&l zjk{--C49AhY~AQF)M;jgx!;w%w6y|sLOalaTc$L>GIvHR9fgW0S=HiMKqCk9Z@;P} z$hx!ftkRoCi7_y9*1E9zs)4yLw7$Eag!^8Ia;Yj{o**geU`XzirUMy$6Yl>(xY#Fe zJH3EgGXC`Zb>_hS?}-daA(j^+L-UJL9hd3Lr&R9*oF>xX9S~;|s2Wr!?cX7p#&-d0 zP-0L1PqJ4BKA*$RdA3g2sFCA^AE)-KWT>k}8`kp^mTYyEnW9tohOannq4>gczvf;G zhDx_~KX;P06|RzLh&|l3bb{AMBkF0_UcZ1m6HGQ9cv4UKm8hFG2jn60I5aFk%gU-U z!oH@>NM^ZQnmUX%nU(T`Udnics?qz*u`Ibb`xvv+yA7?DeS@t7s;kP&@{>q^#kCPB zOeM)k1GDax=bjb#AF*~Ug~BPu0!y7eWY=w0NXf~6J_GVX z_>}G-GB@uv)Ziqs#1u^8U&fAF9Y#vLP+ZB7VH^%?vK_-tSf)P70`U@}2i(>Dmq#;S zElTc-D%^^e%+Gck&-;QenL0Cs!K_o?gpo>CB#C!dSD1 zicG^btNswT^}91VNGS#ssH*~U3?HhDXih(#>)yY%2GBOXq6$gO$vjMUxJSwR) z@bWg_g=+>4jO9r(>9#SMQpkV>40VNwb+T_DEt)l}&hC9YHTy_g+de3$@>Z5q3l_r3 z$JAIo92A_@5`>$jhEH;>O?sfY)bNBYT*^H~pY;&pwS2CRJsuH2AnCBnA6 z`wz9K$}J1-IT>+MZsaK0OhgQXuh0!Fl8ze5Y?iB9h+7Kp+%&k%Zf-JXYT}e^d?S_L zxJ$Kd=xJNr)fQcAh3Bqb(tQ|)Fp|->XZJes`r@u-1@TICY*nz;%7v8?*ULI-^JYMh z3X$3*wm;&C!xBU-We(%su&2>ij>L~%fkaXyEaCRQEln5cVZ5?@o5f=N6P53yM3Sd# z$hLG20^V|KJMnS?%h+?8#%GCK^UX&Mz)_#2Cka#rEm&Nd>S199wq~aQw`lZ=X^KL> zmAN-S`wB82T&hh|s2bfBo8lNY6~Er5DDpM`;8lcGxuHgO{rXD{j2UZTf)vq0fbMdZ z>q*>h+BmcVeA}zwYF36u>zrY#$zpN^s2993sUu@8=^8XvqL&Y#x_T+w2J_d%dKVWH zM}jRKwUjzCfT21xx(y5!=RKi3g(C~zQ-`_4*yXmH#7%_vmrb0WQm5?9sf#;yxod+@ z?}!o~H6)OBkY%?*{7WGsTIRgffkPZLDx-xFC3X$v&|7vE^=p|kn*6VcGaO%byLu*_ zRjegF#Fe;9ts2Ihy9SY)H8dX@^9`8&5nRkXx}5uznA(t9>W))9AL?nAJ!rVgAcNqW zzBil6{8s}pQ+`|9>E^&HJNpN4E3d5cDaj9H+412;7X+~_WRF+hS+);=Kl}=-Z#MH7RNx|+8Pu3A`n3FYCPD#d05l7yFY`|$=!g)G(AD%h`34Rla=-s30Z_8KO zp&TQ&9@e3SNy_{bVX_QFr2)t**lbqoVm+#`uIL14CSR$Id|uWY@Zd}{T0`MUwX3$# z6>)wImJng$#yB+_f-HRNqb%l$%zP}UkP6$?)%kTv{^0~1TO57^p2%p zV@tRjQj;im+8ik(BY_dsrbWJaI+Ea8SuKnsjLV8WZH*?oEamSUbDs06Pk4Y?@ z?G?E54~+Wba1yl3=u>tM$9#MRFS?#jTu_-bVLX#=$L$z0mFXad%%%|8$?@Zjw^VW? z_6EjxU5q&i?N|eXj`LtdU*p@2;EBlVw!$eIwK2ydEJiqY6}a~N<_16hgT3zmE+_!wP5eWja}gmQK#|wO;Uk7?|%NrL7uZaZ|j^Ic!##<$&c-F z(u^u5VshzT-Jn|_rPtdFdGh^$z}H`IC3@y~U}10?iLJWlgPvp&#x zWMBsQN4Kw7ynz`vgMZ|2NP~slm0{=`;zq$P%eE2|Czb@e_|^AZwHxwN{RZT zgUm1C$t@i~;A^2usfZR_aWILiwm|oo_!mrDE4#j<-w}vN&&zk>Qpv}T$*?mHdb$Hc zKMH52ZX+hT2)@(24;3)Gz7Lz+ue-{)kleIKEPTmv+@SUvgEXa7``NnqxT!u zu6j_L|CWGosIH~@;=?$~;z)-|jNBG)OO3`>06Bf{$$rC#Q*lg;h))00qLy{t7mqa0 z2DzdS_7^IuCMyij^lpRW4S&A>rss1Y;7MRy#CBs~@eObZm+F@OURxS<*w0>MCF%yA z7iKTm7-$+#TK6CgtF>G>*C(}fPlj8`x^bsFzHhbaDDp+Ojg_jELs8+z!co;@l8yAo zKOR&)XG7oDA7s{Knq zMpb2aU)KZsZ8BHOepb)1WddM?aICRgS%2?@Wo%%Wk}}RSywlriU?D>Zd=n=M{_Ue= z;;Jg=-G;(Sr`Vo}?DzW!R{cp{8$Zj@&AQv{(m|kq3NqAks~cWG2)0|>IeX;*Z|1-$ zbym_W#9GZ(%QrTMN(ZPUr5!87IryIAx1Q`Z-J~nwDSsxcY&K|+fktL5)ekCTHaML> zj9$wZLEgyRUwr6tZMS669_yIMT>GxzD zP6^J9x^-#P*)hTpxrii=bt_PiNRUvv!_i+cF*>N*iAtIAM9i)-xq*g9@ z@-$y_y%b6~n%)<+Vq4TfvCO0q5{?(1I$N&wz;pe6DXMU$okGL^V^rbbxaNA70o(1i zn%j2r#Ys?W&D|$$vz&B_P@0&ylmt~J`7UZLY1*_Vf-uRZ2XWw_%_GIj;?X$6RfT`$DqW#l3PJ5z3_YMWfXH)030$kD}lT4BQ08ywWt(c7=ocpg8I z`?AUT^w3QXn~aT0T!>3^|FYYUFM-XS*M{`{UE@3pfqlmn1%4uEF`|~h z;GhoaT<8lU9e%t%qS=;5tffF(#-W*{ymH}~v^4v>7#sD;e-2|q@Nlt92R1CkLhnV} z_dY1MsimE)JJZ!^HP`(F;p}0gW;N_E&K_7RStc6idHAsr@p#24t!SU%TUOYsshbj^ zpEh{--mg^q(=-<7YaLrCarlPJE!^!S;jeFw!}WbkP8L03ZX|Bx&d0E7ULHm}YCVd0 z8+652wI_v8!>OfKpz%Vp!3*gap4h`3H5RE_im#_EX?rfj{Q{gDKie6MkK4+eZFBz# zUtyPcWb?Gh!ieU1WA_giaZE^Q>=2Oe|$@m|cXraI4H>wROH ze(q}Cd;Y6we8S?_&4aD4>Q5Fv=`-EBlY@n~(Qp^lXq3fZgZ^W|<7>57zVF zFQ4X3ksz;nmYi~b%WyWI2h_4*pKtW8F@%M*)G?{*JKc9j5*4uED(i9ZU%|(SR^LFx zOJ4mlJ4oS0S2lS2Kavd+6AE-UG3n89T3#q3Nz^zukdQ`mG#z*x4?NkH(dr?43{=Ec zdolD%S)*S|on55t_cEP(HJChaPP?s+R9d2Q_dG#I%%G!%TJkb@vIrAdhi})w1MKKq zOZe9=qnLIp2D8&6hY9G^H#f5YA{`E1ABgfc_jaXZ zLVhY%f%K4boQ8V+TiZ3?M|pmt+??q<4MFs!<1?&9l!i{6387^hQUa^z`PjM#r1^wk z)jSxa>hu%|6l&Hdgq(U1AfQR#$d(&WT7NU+(tFQn)_t`7m6&Kjk3s< zhgoTMKRA4Ns{L3jQI#s2PNo}Yyzr%VIi93e9HX5~-%Ag4|(XmjkWOcgLY zDCtyj$MAqqEzIf@ght@=Ay%pilT*Pt{IonlOa%7M7$$f5TUdY#z;Kc5$ZWi$5E!;F zXC(F9MY8-OsZu+_+Oex-HNJ5715VhhLw6GNMVUp37!Ak+?rS@qI=``GZNl=C_}mwR zHIM--8SNX@8#u(HK$t+g(s`z)I-R)&Xq0p;ubm^fmNzo>UGp?um8ulQs0dTD?HFz8 zQ|pQKI$VSAyhdGN!%=%XG~jnf)J6rZ#F_`T<~(veSb`P2)d+nY;s z>=A}$7%ogIy@Vd!13Imb0QscZwuPZc(;#>3+t5}9T`z$XzYqtrLt@@iysJU!>lL}< zevdXmuPA-RkWe#uXB^GuFx|xpjrCw<`|+bE#kLSOxYW^WpqD{fB!9WPu*)dd?uXr= z0ot#&MG~R>-s#Zuxj3Q?fQ=in_fQ+oTg4-p~M@O7;@6zw353A%&Gd@Nh?;$5RqO#%H#qiWGx+&7$b+q6Cl zR!Y~zXVZNRe$sJOUQP-+a4*4_Qb29UA}UQ0@h%aWpCER6CC5}rXwuef`7QiY2X)k^ z&=BV{!sNmDcumy`x7W_xo7#7~)x~L@v3E#N7jrKH;8ys_9hV>I=7=zP8ihR- zO~r|5P*$l*mP|#O_BI4^ZWYA|ZnA4tJxp^rLG^n*4cSFRolQOl?TBLC)u=pq<}z}p zetz5PI>$tR*7`$}(1wLPH0%3FYQc+~8pvWOL?w#BbXL@~gfki{+mbHh&b=F2fioXX z49R2NioL%@WUkC?OKxsWiLM-G7!S8xyrYVL_esQm2jJ-USjEz{3SQWmv!Yv=vRla# zLWN~w$Bmo~aj@o8;#|4=TnO&l+CI0d+f zOX;nDqmYwTTKb9y}ALagWs*u72k2>o>Zq zoR4ZIwp@;wwD!pby>@pw9C!2__rGMhSN@mFB^OL)%@fj$J>2VVXB|A?imgVO5Q>wX zy2;4RH!v$XE5mi8*H@Pc6Ndox>Vs?tuKBp8Yu$CL!ig<(E6?jL*L4Q8YRFWb+>rV5 zLdp;o_tM>OrE_cDKV8(j!}LXJNPcxb&g<+zO>HDBY{X)L+OP$gH| zp*p>%9S|>RYggdrJS3KL;YyUsY=WatR8N_5&V4{z!NXZSeI8j|agS@bq7T=mF#KPt z+r(5pOJ@^;s^tX4@bl8gJTvMEI+>lxqy=793+1;me)rAA|1@Wz=79f%TL!mdvfvI# zfU*dG!-Th8zv;0lXz(|AL-)~f)fJiHW09aX$mC~zd1S=LOZDaG%2>oB9rNz$*W-dr6+4oBpk4vwDJeUT-4?Xy&eqM~sjns2 zFB9@ss`r}t>eumDWNlwGQSw$Ilj+czOM+f8Yefu%!9XT!O@v(h7o}v4J6u87so80? zbuKb4L6_GHXp%fn3l|$62>N&=zuLH7a+@4cg%>b`bSeJ!Xo1pxs8r7B%|M@4$?(m|Tk(0frpkS<-i z^b$gq-lP+%^d2De1QG&-PB=kd-`{tC-#1RV#$9pmKBWbd7|=3IO4`8;dR`Ml@? zZ1>U&fti2KDInq?vW}n`GTKVy*hsT&@vT$*FK4kNNYBr$gVQ-7VoI2 zTxC^;3Tw{$*jG7Y_YcgSadV|Yc4B=+t3La@uHSZ=8=yeoLFG4yiet=!@oYNz?$;zZ zqRIH;i8cMLx^d(ur0RVu@_N4DPBm#*2Ys*YditIj_bksbkR8#;?St$Yt zxZlxLzx)|s_bFx}7Z?)?dZ?a<6^hu)LrfjRWmfZ7BB(r%vp+}5fuj_gAOnvt<8~n` zg2!Pri^A>oShX+10tZIR4(6HW_n{XNpc;p|(AO|lZo%3ltl>Wzw>xZ%TclzQ|AU_5 zf11(BWTyM?F*Pm%>;qpqq4CC_%a9N-Qr?^;7sf8FP1;k{8^v!JHX3h*t*{XqxLT>VGWtt!js|GAZAqg11AW zP>L78-5B0^BIj&3TUfBnZUQAp)qnqa*-NG_%Q5e_gxJ*rZq8{7>hx8H|5?HRH{`^k z-_HH_=^kvBlGxiLX&N+q#15NFIJ){B?`X)e&^@c-m6rmLKPB|sZr=EA0Y}|(-=l+RPGe4o)m&`K` z;Oz`5^yf-=Rwa$wro~Ia8o&bqCCsNe~q%((+m`72TT)y0L#4@ydfW|$zOT(x zB*YYdMn6%TwceJ7cGF`zLQ<8_2sx|6cGnM`E^>0ZtD41GK8 zHTNY8W|mVC5!fAI%QOlHaIYP-S3qRgW$Dqz3Mb)jZ>@*Fy(=r~MKJyImwX zXvYm~F+0G^&4GNCmtjvEn9!tu%~Qe<7jWSb{`Cb~Q=!a1&x8DAp7Ru5vzXeY8!9-O zPFN7vuMm}MP%=ZSh}>PZ$-@Kv)lfl;ldjuOGpkz>_vQ|jsNYmCtHNR!P46M5PfiwZJlE|z@T+R0ujO_l9U2NI3Yh1|PpuImoPzatz*TJR#~%oQ21A!Z5OvVXGA3oPL|K zS3P>p?R%BtSf@62Pb{#A=?CMl#HM=E#pbKTrhA1Id{rbI_ z(Y4z?wMt3obJN_wQKw?W+^fydhZi~icywL;e#ChQ8IA@q0_@Y?Snf}u9X60-_4&$Q z+0>Y(Vv_y}u@v;sce484Uka2bx0ea09`0Mt2w|?%9+_^h1zbLuXt?VOw=o(R@*z&X zyskTpEI-`3(%7rL`5(!*YiiK+HM1&oaNipep95g%y@&VP_VgVE?pegDdnNDQ|{=HhS*j-?j=#ITFMQ?7u-Sw2>DVO3(2$60SRMY29n8 zhbt55Zp4mz@O=xOe2MUYF*1%N#6=J78NR9}Q%UsaZfvejHdRLE;?hBo^NQqXv(trV zLgUympRVhqJo*CeNAE|wY}Vh8ktk?Y?o^~5NB-yvnD}v~^pz8kRwq%r?Xh%= zJg+-lJlCI;^SC{3|MKz>aa11$A3C}?F|uC}a)u9$?JtS-gZg~AG&e@#m5P3db9I{b z+~}-GU;UzRZVFurvlL+xljUiA2@NTE@YzVJH=wtse8iaL<}Fqt`gb3%2i^|+@%qtB z`|BS&Xaiv56wGj;x%SY0`ZZG9ig_DTG3gFMuytoHlu$MG!RBf%*Nl-VQ6tKWo(3=v zPyg~4IgQ|S_;{j2Ne7@rjU%v1xetD1r0&}z5zW@aYB)H=t*4x<4Qv12(j?xL;c6vA znwh%l8Sp`XWI$9sE-*4BE>yCUT#{jJf^MT>;OU_bSmRB49zl3?5ok5yRd6b(bRi?% zI>#WN!Z*>?&yLqTRw<7AoB56$VEB<^?ByHp@W&5|9fRs63)3;Gq@%oRX=w|Nm?oJH zUV_S(Ucq!j8w>=B_EpND zd{V(SZdHVZW$=zgM@NbM$^usPbqrKB+BGYjP%QOJMONO>K<9jXwI?-G{dx_!9bGlj z1}9n6tM$7OO0O43b(hPTp*=w$5E~1%LA4yt`kordjkx7}3RQ64c6hjSFSuP#w{P&{4?{6Z;rHCKd z$1KcrL^6ahvDG(s4hoP>Eo=>SK;cDlm7BCq=hkTDz=6zwxP_1Ru$luu4(hOK_Zru$ z8fO{9g9cOb)9xJ%ZE9ve=~9<`v7j^`ujgLQZ~t>g%}|ie<<#9>ey1x>kgaok#tW$T z`kmZr!n;FZhPNxDk<)n_q;SMI#~AOgT!fDI6*^5j6-h^_I6nvDphS^42d3LXF}xeq zrE^75>8HE?Tb2WvrH{3HQg9%8M&x%4zuxp&AuZ<74_n1Iw`I4Sag}7Mpb^&QM=?gqP5@f!kx|8)W~O`N z6vaaV`uECf_0kKJL;E6u6|k_wNw6?RrCX_1>jI`?DEvSNQ$RLGZ8`g}>x&=7f?qDY`l zamT0!WK|@H;?sFnFylg4Q z&SxNY+7HuHg!;xxnxEE>kuzRBv_jbGMs5xj||Mz&uBRZx8aLp8kc5sE&Np};=5S(jLxMFXfT*ZFKbE>^X8U#MPq}n z-2RFg(XY`kQyrKBJu8&{ix|iQn1Yk&;SuuN*%(PCLq~+p~z&pv_xYGV$T%hwc2T|~l^^R&2t!7kK6m*bc&C_>| z=;HQX<5;t3vq{0J5!$E8_U%{&nq;Eh5X5MXHS5?|l5`DB@<>m+)bAo4K_+_1Y@$l> zwJU_)=uWTy`I+gpDoqU21MW_yVkU( zW9e;SIuVi5ZVCw{JznrL&3z>$kEk>HCg;M3WX^L*bP{mF`db3RpIn{nt3J+GJR@Hz z(#u{sc=B4uIa%E~vPt5=l{T)3Fy5I|^G)Tl2J%qjEsorV)%xeIsklM*PE8N-&cKL` z0rhuI>_N`@(A;+LKEDoqYxrxGF{2ROk!% z&-dzaag_)1_&Pq_*)O~%4u6a+7Div2Jl~YIc8(9;IIxqqMBQ50;>65Y1_mA^)f9KV z)txF)?Ff~Vdz+!tB%z4yP%&N@#A+Dx=&2k-tjU}2sszpw0RsHH40o#Y??E8@vScmJ zVX&CC&ZY$~xUyYI1uUXNG>&pF{egWrFh+c4?j_$?8 z^m~#Jpacb{&D|L)vP6xQ`?#JQ$z{YgscBV(w6XZ!-r5Iwkx_#pN~|pz#p6P2C=^V& z!B#mGVzCzSwMyLcwU=6xA}QE@k{=GXYcai-r&MY4<$3wNKC!nu6$JX@nf)AlNI~H)Ts-&CUC(HQDZNF-LfGESxive=&2m5;{^1pKRSd zS6|ebv4$Q|R339eYg-kn*D9tU(OL;H)k_mcEkZV(W=B_+lU&&PB5vH0qM-$hfeg}} zSoMpAC;4;52#WGDi(&-?J{u*x96I|aG~E!`!_{WPFYizu=l4LM4i_Y%qT^oW-G zZLl$CO8HD8yU;6x;hRBss;er6qqdR#<%D5!5;pVd=an}y!U z<7-Twe-|g57bl7Tt9@l+hF8_`*4D6FsrmztuieU#N6na~5{+!W((|F&q{H5rYBSWw zVX^tsQQh?LG7py>c|GxnOgF->0EfudBF%o-+&UO~1N)jW-&)~akJipmD^ri`Omrm` z=RI*8R;FjDz6bo zR+CpTtdHE_Sv9uP0ylwsxS~wNs1RRiw-943NY{huM=xZ{IyL*=^NBBvspL+o0G%GwjkdD|#Yz76XPx`IbP zI)Lk})S6ef-$`9wo_SYsrmcgxNRd3&B%FVRGF)~TG2NA7CUH2ty?tYE81Kk3h^Ug^ z#wd7IIe)PuW4eG3#NhXIi-CMl|3r%v58h1T~DWJj_Z{2Lt$Gz(+}`D_LdWLoGEs(Wfn*s63z20JS2!lX$U%Zlbfx@Or|m~ zgq_R!ym0&`JG4f3)#@$tG0Csy=5G*>NdZs_>X#dPsUnVFEjE`Q9-q@eI6iU6OH!wNN)W3M2#@|NJwNG7o( zc}cn`V}`mq8T(0WNMof&bMC)otn{e-)ru1Pr9Ae6vI8QCp{yCK)V~h9_G9!VsSy!( zv^i}!)1M-_avrl!$woe?Pj?ek8;uYD{e&+h7La=94cG*bQCEsBz!TSEc)&E7BC*RK z)kVg5XfO84PVnPd0*f{R(rojm7t>4i2Ja&T_R9fWR^CW3wCrA-4}UU8%kk?ZOKU}J z5!~tge46K#Pp&?L8;FHQXJ_ZBG9&)7ig6ys@XXB2Rxh;mPc7$r*0{_()%o-F&P;WI zgIT{%xc1YhRKMQo;uL*Wm2$7|zJBNJe@t=h39gRF--lgWqy00>Yv1($bx3^pAA?-` z;1u&GdF`4C`#-k3)+hO|7Si<;ab3g1!$!?syzha6x2kWEr0A+6utUPCOF92($i$P$ zg6;j)>US}eF3dRT;=4b{udc2>R%pNpXxmQqWL0-~K>4K$dkt47r#*$Lzvp$+-C>F1 z@6qxAf!bv-`mxTG(qZvS5rOX9{zAz=XPZ_YeUWc(5li(}j!A)i;>CZs_dG34e#oPxPHiSlFoV$CvOi zNKf9k?xU?fSW1P%HkXSWlZR+FHDf4>LEpajtK_AGfwqjZhCIHJ<=76o!henULrCYl zs^iIoMICH@CI}YY7S2nRW5NFr`%l(Bq#UpGnDxDXqO3q>54Qs3X{2_jjyD>=rWGg; zJlgivlrY0m3*}pO_+7;kz_i&V72nk?^j<4$97lL4mS+a^>#cu{njm}-nhE(fdQ_x* z)KbUgch@x89HpMwvVS_OS=MT4Xx-MmC~`So{9`t$#_u?Jrr{C(5R@VJK+=ZUxj$@v zHCIJ(IfnrKJvcvcw7jf~B6~s-oLaz|9GB5A)KB?YNV_Wq*Lz5!a!RyKYave+U)wR) zWrcdnf7a*?bZZR2ASmmoN{}7=t5TS=pk|3*ZvJ@=>xUK;6r37raA>z2wlt+-0YyP`S*fqfr`hR- zz0geCJL+!*%g}2rG3gwj#EmU&k%mKbU}n@&a?VwpTn+G%qY)8BZ)M?QV<~ZWn#YfV z>kDeca%x0SsX0y>4)bl=6PDLO;=VRq9tjh*c9;Ea5Ud-p7HSwr?O}{frQG9$r;6B? z--ax{%`?1hnHfKYY|TH73Zd4M!jcCC$fm<17Oj%^6Wrt}UYFH9y3}V|sU7~9m5+<( zn-vY1wKt|!9weS8&ZPsQN{+cSU9wSDjbu7Tm(=Y+Tzs-tDZ|<1+m!SxouPRhnTOE72)8z*vhvtomYc zsFTk#dEqr%3Cs!D_fF0cI6~QhAIh@RJNJ7PB$hT*9v6Y5`Na$VvW@$M<1IWXGlXe& z#d>5c`HUEV2MjXEoSL1ziVHP?F2?K}6W098{WNysAl>B09&0aV?$gYkt^zc;8L0?6 zJczr>e9*?_9F2ffGZb62Xuj|lY~u*`2DlCyHp8x&7-78D_pQTKc;dY)4>BB@q)h6+ z^+OzFdvP{J;P+@CGQA53&n*jU@`4wDP{0&kuJGah39h}agXfyJW3WAX*(#sLt7;`S zF^{)Uq~g|lW+_|rc#_;QD-SPWe%=bQ_F{g<7oL(4Fc!BrvE;4He}k3XmRL(?|GT=K-9rGe}Fyui=JUIFb%b?)I}T5t?+A^ zspNE7plW&yApq)^{K{b=6+piTgMx|mrb+B9D%5E(92XHMV+kv;xBEZ5;Vd`WaN|Cd zop%ZErI%--w_F|QuWMJ>?^;rIhp0BWd>N}%v_!Fi{4e_;;u&K8eojuzWx`d;7dn{Z zae)8XJBPjgvx0U)vT+*q#1Usyrthg0=XGnYZC1af1g-thPb$u}ut<~rVlDgus53FU zzkY&{B%cPct>>&W-!1&E9hesI&Z5H6b9?3RC`kLdGc(w>u~5Cb_326W!{jk_UMe=X z;9O)=jXM5@fi6;}JyH{&dlm_os#zn^^LY8%p~>a_1wgaF`!q%ou_+?mcCjwg6 z+xGp!WIM*jF%hTV8gYH&%04gtwoet-KB%$nVHdx5ZYNG&lCO2EICS3{T0)gIqvkl! zS%;aQAm5x_<641c?$($6j_jFJwTiXo(wp@QTNYS)<_ptapdAqyrx_kEc8YVo)I7e+ z#yX{>C=py)V5n#XQ_}!C>iGEmSc?YEgHAP}o>O=k5PIK!ffs7fSw5>joWtbH6v+$(ID5}24Sbjte#2Xw-UM(4H|Y! zcRB=lnaG#zmz$dmAv!%p zx6|;Wm?(2i<4#?UrFKv!RgxEK)LDq>gVyr!18HZ!2*kD6*5p4&T(q&=@hb$ zD*t6`<9O|@tg~X4*oH(7r}OH+8&f_(xTSgpjB(`*}a8U z`CqW+n$vh(mogl%`F+%*St&v%L@G5UEk4i4x)(aw&Iy(@Jt*G!nA56CbG_tbBzk=P z8UFCrT;e9b%FlFyl}ukg0U3WQpss(O>mUVhT48R`T1HoY{OrtG>@akJX*oSYF{)fZ zae7PFK`J}EGx?*y$9@}4`dK;0aN8%frj|ibE{l=Ovg?c^Q3eSBf3=Z=HL!>_e)%`m zA~xpX#n>6<5DWY<{-jE_nY311$(`q4^Q2H3@aL2K`7-Mt>@*3OTn%%FP8`Br43o(a zYrRbZ*3#YPKtrpJUlH)Na1A3;8ipwo3P6i^wRu;L%@oLg`J|wws&c}toYxFx(h2ZS zw(d7AYo-A))7i8Ek-n~zpTUT^#35*S!`M^*A0-~_xaBg)^_cVTS5w;{nY7_GUlzA1 zTnHS5DrT&0_X3zw;|3YV_$)0+!opRgYk6m2MScDbvLfkV#@f>PSRY|Z&fo?_V33(0!loW(U+;N)H#IQ?ctja%AyG5K0-KtL)}IN_?RWny0R)K_ssPq}6#ULw6iohC0%F-)bF z&WbpE@%}>_ebP*t1@lhLtvJ$Do1(<*efne|U($Y2c39H`b9A2j`b5l(qlu(uygt?Q zQ9H1`-bMX;W;n3RyQ0`$4K^n2B}G)5ERrR8%tT@>H=M%=T!}E{4!*S>ypK?QyNS~rY^(e>7Rt1?}5_`n!?gN zOX5n$V1tOJl&G*Uw(KGIhA&}0>D0Q&!yNhOsQ7m)bn~+|kMbXS@Lc8|kEyG5(4Thq+;t!VoHfFIDsZp?bQkP}D59XjC z?vU$s_((4+#4G~x1C|v56mc|eCgoRVc)0gLaQ|EI)Bu09_sBRf1g3j6xog*0Z~YFU zbGt22>nEzpL?sZB(oUss| za6sMchU|Lk?%&Nr`YC>g;YBE&CO;m5WG4A{k7)&!Vhf5SupCND{qMzoEs?VFmpIwCNW^$G!B?teq7{09{oTlL=K zZas$L5;Nzx{RTK4ScsyJg(#WdYSMmO^d+#kBO$yTzbA6-+w+BH?<4G&>!09Qgrr?& z$UDMi{a`?k(;Iu?@vp36&-jgFk&OFYWJa5N3ZUm$FqoN|%KgvzC-cqT?)LTwtU~WP zZ(>Tf8ESujAA1@6S!<iExsMXIuV@ZlUAbk46 zAE0vWn%UF;Ex_;}bad?**&l0N``?8+|G$6ntH`%Qo8Yn)2h-Xrv^#aqnvjW0#;#y0 zyBs@VYHbZm1+=_qE&uI~4>$#-teDnj^yT?f?IrTfY`-%1<^64TLH$ZE{YE#oV=7BO zlfS_xp%QlM@N(qDh**_FToEHt-ni-jhCNjHcJk?WGwN$10%oXwc!;q(82eZMAke`N ztbU#szb`8E2iSij|I)=#Mia2W5F)R|^asB3+^9TWL;ro{H-9hd4;C-6m8X7p+>#!% z>!km2z)!qhXwnp68zQ!Y0f@aXe$OZ6y3YCD>CukV-K?@w7Vy{#?2EBj?gIe+(7%=!9q zhIln&bUlZ7KYKWTD6j%LQjp>Ai_BzCO_x`n5JZhEieyFE8l0qS0;zpXHgae58*wta zlnq)$%rS3mk0UjU=MxhX%9;UuCtv=sC%iU$teCTAqlFmkzEgv<9>xJay#**BXrvME z=MC5PJa9iChF*d2JhKw)rtM%qVA0>sT(v#nH+Vpob;Aerb&e!{$Rw8eFxZ!`npR+(SywJoDvS4@& zt&)caMw*beZq!bd_Ld6Q+DE!k^Am2>Mj+3QfgI3k7yBl(vP3?wAZiHgd|9>Mu+iBn zv{!~)Xvzw9Jd#pT9(F||uPJ5lZpbkh^*=$*r-)xbih9t804jg(d3F**fA~ho;PVr4 zEJyJ-#$Smz+{-*{X*e7qu{MSGG5J+4cMKmK7NJ@k8cS@e{LWOH=Nm4Az{^oIm+79{ zhIKCxMu)AZq6>*8M8>rh8%9XVBlfQBFda|^3}8@yI?*!76;v2lq)ce{S^JaGS+TvT z%bBv)jHp~lT!#TX)1R4Q0?T|ve_iv6ZTo&UE0>RZJ7vqy9Cb<@ZCR6%GXLD<9EbxV zzu4};_tMfTIRyu2T(02>x<{FEk=O`HiTiH23hHKNI8vcE{sM6zle8PMm(VOXVCKh2 z(u^G;HV)iB%kLYx$Sx~pPQ1~_d>JyuG@KGYb8*tMIJm`YZEw`rvOy*dny`ZS?{s*E zW&tAn`8cu;7RDB6F3?84-}fWDUU2i|6Q0$Y7GH0!jI`Q01aap~4eQtEU__kJ)c{F5 zSSB%2pU>oCkYhs=;=3N8n*}jLxg%NUn_ZnD^ys4&NLl9C<>aw6_mRE-#o#9tC7J!^ znCmG`MxDdakmzve2(3tMt5#z`_XKWSSE?L#OrGx!@`q5CVvh-LSNgp-q{_eTw9<|? zequuYNj!W2TEHj{IZx}0(epn|G!*guZW`&;4E2UjmKib4SodRD1!YNj5Ri&Pq$~h| zwPm01@&R(zuSS=;-l+c65`M$3wTgIB+@;JP(`XIochA)Jo^ro@I&Dp1Q$hMu2Q^kZ z5OTeu=*Y-hVJB{d+F)dKwwM6B)>eP8SX;suMfYE;6x|#I!QK4wy1De(Kf=EF0e+{MW#@`@aDdn;&3ehvqDY?GBE<>4$IR?SUeLBW%;XS|E>@Zm z*1F$wN%i;;OtUuJMPsprg;&XN9SF(-vfdKfud6p4s_J9{y#m8yI% zzkr~ncy|1xwCtP1leVm(*82`sN2@k0;e-$I#*r8^l-9#ctPk8uRLy_UCV=Z=bM;F3 znuIR^QB><(HJA$)?@N!ztR8hm;3O9gJe- zEDNFlKZk{Y1%*>Bv)r^>zC(AhU89-9m8k%H^fd8GRF+ID`4cyrIShVU(%2hZo~w_z zPv0vzE)+VdUdSn1U>?VATr@3v7l+$Mw}_b$RDV^bC2D7Q7fbeo`kl25;xn6<^mKl# z(3I^L_ z@fjIj5#?vt(lYrDE+T6YL>->^`|qD4nI?emlhIRR8ub^0gvxe;MHw`g!?n>xJB-Aw zqAf=0L>Kfecs0+$qgxs$qQ(a^kqSnOWwT9;Hj~(p1sSSohBAT(7;By(0U5e1(tc-+ zrruFL47h_hq?qGYwEDT^)yiXj&Z{h3D>j!$LrZw{hhXW26e(Z++;7n7%gejkg3jy{ zf0_Vph*fns^{6sY?2)Z{B~N9!(V0JC>1QrC0ue1G&5+G_Z&-_6I9Qh1FE3+@5SQyL z8+IVKv24SitVE&_Ia`TsKHS6XwJ(iQb;xMCcKAhI!b#dz7Acc%!?y{4ua)iT`FEPd zdtY;)NM0sJ`hN1i0xHD57itlM5cDL)oYF9oBG?A-Q(TR)cd64-ZvF+539 zwT#+M=V%L58tTz>a%8ttY_ag5fWRMWG; z#fTP`ObLBojAof#OLTI=WR2jq z{|Y0IE*te+ANwOA?bG?~37QJspcW~#jgHI(WMS(mykDNo{?hWmpy=bX@F^_&QYIfc z`CV0fnZFHkak`(%)QyhiQhh^>@qx#Q7w_ecajXHg(A;~TF{ji1h1-{gDr?6c2PIy- zIz9&rAefCoYm?_j4YE-WiH%pz2hgbD7S*oaQZ^>!LcOc-w8y)1c&c>;#YJ;RO~qc(NX44_J%@Sv(QBdz|~o0L6rZ1AA@`gfKawwzmlK z!Iul57Qq_N%Hsg|BSR0JWGOopn)@;vlSh4|{|c4sE_Hl%_jhR0W())kyQU(k=bY$u zgDw!DROb~yrk6g_Yju2S%kyqC5+dMxVst6nGQ~3l?f9LNaM^UJzfp}lHCT*b9-=;D zttX8<{k|0U&9RE;V&~Ja_-XED{qc?H%l@^oQ@W3H`vr@_=)O7Tp)%}3=O{=&(~YEm z)VrFBv%+gVK3p5s>bVMp*A8slx4vCdw6QpayoBNIFLyT28R?Cw9akN*ig{5B;mH?t zpBegN?p6hO!TXRUzE;sfdxUx!{&Hm;9Q9||oC&M~vM5bzm=)W;?pkxS17{)8gtTBJ`~d%ai;k#6@_xL9^KCiacyj z%3KtALBa0Rx;xP_0q&qU{4ZeNrLliYt>fuF2iZVvGy8l!W~LfJgU=9Uwfg@a@cW-e zsVV@{;o;HK`fIG>>tt8G^RS=YrC%^NPVuk)(Ek9FUCmLKmK&D|pS@13_Gtc#U&YTI z3}|6%1z>*#zPqfHSD66+*VFl1>QM`A1w>XH;)B@KYFT5?IxjRVUD$nqgZ1}cFSQl1 z{KKbQ`}D_A*rfIU|FI$ulSS*xnn57De(w#k0a9ZV=!XWD*|YAAfkeqVkpqjL!Kn40 z=2f0xuj%ezY0lRuHck4W$_N`9n>qKuXT-F3g zK)vhG&l?S!@`(f5-(ckY$u{Q0J+5Y@Yjx+U?z=TWmji7ooGCx4$ZXET>x;3@D;HGO zxeGK2M}`@qHS!mezzuE+Zi57Ts#HF^*^{&9RrOhj9*v-UzgF%?GCj9>IsSf8{7`i# z756uH`DPhTKt0R6liJ`;NZoj_L?q0Vm@Zb?tTyB5BGt+~(iNzO-IjEJ{FsW8lImpa zq;r=h78}z)`Xu;c;Tiu+z-q5C>McGiQ?4KYX#WRdd7f7FMtYwEndopz{D z^&rFJNA0R_k?C^W1!W*R?D%VUyw2>J3gVKXo+jrPr+ZCa$yevRJuj|me}|B(()ry?ag|3x-c-z}0u`c9-he()=XF*@iUgn@*V!m)`|i5?aBq_H zI#K^LAKLGs{>6`8l}kQPj7!gmRdcJ5>(CeHktDoy2l3Bm+1)%|>%DHS2l+=ssrZ9t z%d??vwTsk`#Ds159u{9jP%K<7@js!#Vf0E96&Be&oC{lb#+$aZY<8JX*)31%O9S&G7cUYSdh}l z3<11sz4-X4zjBrVRX6b1z^oAZc|vGQAzOH+aE&~b{v3(HkOJPE))pndUZ3S(D4ab; z6@T2DZd7{naVU!hibE-nFX|6$4hnz$?+=NrQdUE?hWQ?I%VB~eDR`m#5fioiz@m*# zott%GZKFh4kort{o~46`DfvUDL{~b}e4GKte9TZ<@Np`m7%4TaDn1@Gxoix9 zhIoY^vP}LQ^WLdO@B@=YAAJ9s@RY$6;2u`JkF>M4feW$XitFu@x-5(=cppb>pk|=t zeN+;ag(X0Sg|F>FQOW7?It-o(zD#5YHhrNc)3JOi%&q)9X;=8L5qV_mvnQUob8!9{ zSJrs}?(gy!XV>Ri;?xYE6gw<;8qOFmb}}7-JxvBjKh-;rpC3jmFs@5NzU`BRpasIL!+zhN@_jI6I!KSod3v5Jp9~*nrrm%>5^EDhICJgEv zP0SqJj~L;MFq&p)ljuWkQegP8gw$y_ z&wChoWABftwwQ{Fijn0OP(qE|)G}vk?;$`bK2hmiam$-X_ z3@o8Qk=-~q%P%72h|vGJxP(9~SU*iTDYLK`XlLPuvM^mItztT=##z~>el&?&(Zo zUp|FYCPKbY2Pz50hI;A8pESrMQOAO}^j}?IS4PQCk!2t~AGqKahCSeDMK+=S^g`dpOpC5eM%IgCMZ@45}PHh*47^0~Ru$urxD2t?;}&Z2ld**NDB=;FCHzCtpBBPQVPo<^QlNtqw>`AS%s$}$P(V%AbQ z+2B#sm2d=h=f~aE&mF!E79-Kp;5)*LNK187wbLbo`pkd8)50mX+7oa&h%b7$!Fuz% z!yy%m8v86qmg?gjoJR8p$#xyZ9v6e*hts6&zTb)m`@Y1gn=4oFdA|ev%(XY9GEk(@ z1T+~Mt# z-Qc(=yG2*bC6I5bhn)K;u3ugQ)H+}yyAHTd!)ed}sEtVM_)s~D{&=1fd=gHxS>o5< z7T(tHF!0LKTWY){oxAad#r-%s3p}k5XJYAKsbK?k8YjuIN6q5xaswi|2HTHfb&@@L zZ10LI%A~1wJs<0sJFroA)6YFJ$b7s$-sx@e)$whraK48ZH=rzN_hvy_VU&Z-d`Z2j zlw!|Ev!aH?09@;@QN^AG-p9j3so$RA@RQkEIKA`OJz7ta)>MB`Yh1cHjU1>`B>$xS zM8tTwFeT|zz0HPHHc|ZP`tQwgkzCjS^ak#f64g9aY1Al58T}KJH;?Yv#Ja$ISo{GG zNP>>l2|{JsA4v(l=#f3m4oDatBPyz43-iwrlQCHz7py}+Z=%#>!!?Z)kH0b&83*t6 zERiPoS8r=3K(Y5yH+A5+oxQ}XpNx%>09$WsJ zL#PVnhQ11-;a`P(ysoZtJo-2TL7VbDf;&w4g-!W1vhsbLFq`hUv5!yPbJM#gonN!3 zl54fqDz877h*_}pAneK$qGM_J7M#q!xRgH(2HalJ7ii;Cx0pne4jpF~LvbyNESR%N zp)9%L33!_yNen;kYUY{FeLy1Pt)+hN0wt!OR(aT&AZ9xq%5GNZ;jE#4a1P4E2+;cj z)ara3>io)MiRC`o$xstf@q24=j2g`RtoHsHs+<<5*5u7lc`r55k84;t-b7~gQ3kia zxou%xm3rKjB+aE(WOPQl)+an)Te+w3=VX=~`yVIyhYBszGAGP@e@U?k= zkf!^^*kZlk)VoTJz=}V@gr3kbIyF;_pQ~Jv_9RNo(!h?XvBL96?))Ji+l5&MlBGi_ z1^sT^+IRnM^`qBI^RIxSMn~3q)5dLnTTRZp5%x2*xO3h;7PT4iB5lGoL7(b}dxBS; zQ)=XnOcwX2{xLW<*sv?=G0{Ynj){cUO^5=$26P2_8Jg>;WIL`eD0;li^Hm@HVKf>d ztxz&kbJWSSw*(TY1Gb9t&OfyHVnP-^3^f%T?n=e^u;6dK1Q2|zZY~i*ZezBA+}VJx zSm9EJ)z%RcmyH`*At9j2_L(fQb;nZo9~#iq$u~6MSzP72gu4v2jtdnInayMNRU&@byN3hOycvJqOmO#xd(_)-o&G7= zQ*{EcO8Yg*z59!fxcozf3|SpGEa`D-xf=XoJg*$=y;8T{;e}}!QcV&WAjI-*Z8!SZez{nN{+MVBsxxlBdNWaSphHVBuNa} z&>P=$(BdZ1PIuj?8cQyj3=C5aHj_g?WZ-SR@LF4@rskd#K0<0|HTeY?;T!-C(cs#` zU_wL)+uQxb3Ms|PXa{d|_(#;R^nYvbyQ7-gqBnid!czpEfGE;@f*@T)Kst&v=}kH) zRZ0jw^r#3(m)=3?y^~N95b3>_K#KGd2%P|-%vGPWX8!oC>GRLbKdi;d&Aqw%oW0LJ z-~RS@#&^#C@DcSl(*H!`du&9RIWu@H!CEqv0^57uKtn@_g6gsjDC*2*lrCm!`o4I= zgU9}Li>7KVQm!=|+`8rQiJV3_Lo{y;|F*m*Y57udq-C`;L&nREyimS^+0(i_ySyvv zSLtbJO{kXn12u%SZ->N}zH#E#*3lo=;&+XRG zD?_Ag@59-PTk&O71O0t{D(R_@7n7%8)zyNLnEfg&gGdqSUYXdsz&@sQR_{ZQE_-=Y zBXVWNsDF5X#F}kI;uhGyr_sWwrgojm7brh4(K)CZdEdi$T_=J`TXsX}Z)lrgI5I_$ zI-afUz2aVU3Gy)Ru+fMZq2{+guD30cX6W9T_4>-_LtjTO;2D7yFJ6`$7KJB2HokV9 zkk?I~_})KDET+E$MNQnnf`kHyY)SNqczfoj)qK<62T9 z2rArfZXEaJ1kK(&++*F}OzLZ%OJRW;i6q9hlhG`b6wH1(fB^t2G)s(Ou&7b-Cp>0- zB9F$(>7XHrjrvcd>x4Wpl^_|Ghhh?SjrOG1G-?Z*wI6T|ViE$P?v4(gpBs@#)|Jj4 zN1m83AN~kk_-CoEHy94tr;G?!QyEZE3#TMr_ES*4*2jqX;&YpUfk862ied6w+uJ+( zHqAO>kM&U0m#x)sgh|JWls5U7?F=`O5IxoaFyP&tr`QAHjM5>E73ecoda!k^RE zO19f_kVJ@=5+Uno9j8TkO2V5cg^dSEUt|ck(VPz&40l3gaF}T-aLZ64y1_h=Rh0D%YPM!A*1JE6H~tHx$-h$9Lmn(afb+=T7Td zZ`E4Yrs>OxXOZ1fixvW{hPW*|A9o$J{naW*=%){P5u^81>Bq2#YR}1Ohrh`^tt049 zy>g1`J`ehq3WT%_gYB2}VHs<}3k6$oIzN4m#&6kF^>lAw_OeOk3o{$U&+ zNJS~v&g>OuH3}mP+0AJ0iqrwY$)V` z!>LkQUQRdqM45))(J*tm11lvKJP~#nq>ugr3!LYlF8{F?McX$FWwSh?m%PS8)!#?R z{cJk89%K+_O<9ruWMgL=OQ0kj8)n09_J4{I3>u?dFy*D;YqZC%ajdhpOs~-xpl6n1$Y1?AQrM=4&N3Xa z2f=jz>=wR525G$P4Mh}}!l(1T!@qI3 zbtNGN_^hoE26Axu=2CTbyZrWRih-}8>|Ka<@hteuE%qq?Y+b>dJ?jgKV;@eWL~op9 zbUiPRmBS8;+hX(c6>@ECqk9j3`sv$Xx$Ma>GG@A6Gq2_so<{F_gZjAi zdK0~_WBl0=^4(*{v!CwVv>*HVr3(NNN3PFe*ZoqNa;hn#M7UPJh&2E5)sUnp+deLQ zn7I}nm>H_6!oblq#X0w_)`;Q(@7z|FH(08Eo=6HP-~Axy&+M_hQe`@|QzwEY zGZ))^RING z`Yl4qlHxT!y+JP?R>o6^`%7EFq+Thn!^~<(UX#K{;yEEb_C4@6KfO7#%AZC>E9_ft zQ|mqNgK{)7%=|$9fR{w;e-dOiynp4gYWzjMN)0W?j^iGaq$fkz38}3@|3!8;(dyyn znx?VcNOo72&B7X8*a1aUL_|cS?+DN6WH=n@V_>bb2_2KXR%Jd=V=UvEuT z;RA=ynkjp{&batPye@M9 zds%P0pFN6T%i43RmeY2|RUPJeDnEXQXg2>ji27n{rrGTD+PQ+^fdE2fYd_=p>KnrU z_Tr_>)tw%?Ygcci{6iN0SXZDOcv8F5CLs;=Aap089Bm)7E7bs&08f!YXYgiOR*6p1 zo6~apx|{r?*E6hBmnhKJ!6DXPfAPMUDT)7tHA6N}d{U>U8z_5Uz^iS7eHv%R=iqin zGe9V7wK*B2<1-c?22++e5a=13osXRK&=t$geX){c6xa7Y;MW~dl5QRo>ji5LjYBVd zAm<_W6R{zM(`ttS?~{j{`n?O}-NJR#?3y4`MFY8Z7|&NHJq4=*x5L(k{nZ}XU&tq0Ir*`Oew~;o(JBVi7?E2{Bc5(0lA+Zw`QXN3ykgF9~as z-rHF=U!O8?5Ot@y{N|UeWE_WJ8wzvc&H!fWTAOy&Ws}+_QJE4g<-4t-qu~@CWtt|^ zC>NioDsqJPL?TF)Wc_`#YFfO?*6a|BQ8fvTO*HDRtx6gou??~-@A%G88d?Q zgwZFZGt#fDj%|240;g_YYQ77FtStq~E}i}zvl>QdTAc;X)ia_r1!@g*)+lneYJ>t=Z=k8dMI{(N+q5d4*f?7feHq$M*k zW4J{0dx<+y3~tbHf;LMlL*QcQHjSQbn+{C-m)0X_$`)}`8I9xBtVfQ8<_+(6F(Spg zdJbyHpAPmIPKs$SzQlG2-mHJMISU}#q{skPi{$~;f}0NB4Y>3zDSq)H zYoJU`&zPPLSfZie0wC~#H2QT1dpx6rVD?I`FC8C6;T)_#; za9QTFZP=~9Y~G_A+fa)!7svgELDpLF78oGOtyI!(JU*W0KCZf+iTEtMjLDi+@kqk% zKX*h`+T*W`e<@Oc+*Sn*@UD{2&qLhKWQv;EiA&Abuq<}%#aqaoao>q48+C$qI$NH{ zN({ZS=dIM1q|`c_$w&%2*cfLBgJ8mTPz3hY(n)kc<9jptmlwyI$;QnE(^Gxkk8rT( z4@4aE%O0LFFrzV~VXNdj)pSX;_q8oBei;ui&^keuPTI$Ovtx_i(7mQw zFu>C9;2n9Q)L+x?tx?ZqJqC9IAs&C_OnUysvcUVqXu{fK0HO$KHtnP}OA-Bis{WF>dnk>kSFSq9?9^RBn z;>5r~08A*+gNjafexg$&4K1Kn6ss-*BNpD?RN~53c%$2#da#MJiV*bn7Z!L*Xm|6d z_qEU@YSitxQY5O1SXuSo+oapyE2D&G#8R%1<@d|B9>H_c5#-6t=>yA@ISKan#=@tG zF_85~bR>!b*7G;QS|WvGD{5s6umhS_0pcCxo+lR9e2I7s8zv>GpLVdevI|5nb(=3LWOKS1s*P^m*QuNNl#j}4 z@$4BSwI}x;@g~QmMWpo_^p*=5Eqz$VO(jE$ZGuU+j9c7pp59D#4fyG)L+d@=bFG_> zO!RlAN;BBQzda5ao`zgkRWZUd=N!d6y2_Kb#k!q2|5EIpsLH)RV`Q8+uX3`UJDl2x z$VVq-?*=H3k1bU(&^f-fdeU7W%RV*66xy1a6)lz%_x$>rv9#ALrEyV2&mezCYliKr zlxA_7Lj(U*rnC<3(uaMgsrZ-biZ?HZYv=->$Qr_ ziy1C-=xdPMH-&rY7FWLwl=#ynJMNgkTM7DO!gpizr2Oi*Mb z9O6u6OFcz*gU`9<)QgUfd{&OMgQlhcRU#{=N+txi8b{-o&zO8ye4ZLlZe@`^%&ApGQky7zzgr%o=~7ib1y8%(Xj>KdRtL z*9-f4KxK2<=~ksV`++*-!?Vhf8}PrvMDL$FV31K}M-m;qX?*KLX?ttbj2}Ir^4)Pg*E?B&BG8t+Uh1pg3H=Zu~s+lmb@O7~0won2_s$2U{Y+jCiW}O$2cKOjYQANGYjc-l& z@1H&ryr=1#6tzs*Hd8VVGOT)GMvgUrgTL+lks&p@dt+yB75~UlMr~^w4iry+V}UA0 zD=@!oidKLb{@1af;<5KMHs5#!RNBwaoh;s+j(kiD{jbPGxGaKS^$3jH0 zw5ulAY2Wt4Lbo^HSe{cTI!L1b*gFQ4rwD-_udRUSbC*sNR9-xeg^CuR*DiG>InifF zjm@Y2GmCqTlfOK=IJ40w>wa$b3t8@8X)3vuS@V#1G^J5~7PU%f9T;ISoP~xr@;@%N zIkKqhD(mMFNQ1%%QpTyMya_ySS$}-W-{;r6cZ0gEZ<;|vc%*==LG;OR+$f@)-{#Fx zd(wCyyh-S>x8n;v=RWTzVvV4Ra6wlOH#y8O+s`(O! z8Iz>Gj@o!jJ8f91`yIOnk}O}s zyOk#xMKoI5>dA-VjWt8QOGU85!C94PBhH{vqxZrOWWj8cg8HNJe~Qak@r zt15OxD6X!lvGx$I)Z*5iD%unvx5Q|54!!X!QOYJuZcjazflNBn#cB+|HeTt^N$?CHqSA_{FGhtz9l4(@kynl=^~l1VSQO>aljehMK*dNk z{V?pvz8)}ZPcOorJam#o_3(ZlnV5dc~>j&Gs6{aT=9dO%LP4{1B_aGYuox)ykGw3B$LQ%}q%I4AJ? zr?ZUy(%#>DlC}U znxWFjDaZ(eS3$VBg^!PKO-bAgR)jeZRL|<(-R{hdYY<8bc}U0Er5GAIJlsFgG#k?W zeW&PkEyPVHtJ*#c{@4fFqOpJN&VU>U48M|?lhIV7v;J0%fBUn3=IE2(?&3gY&Be3) zz3dhHdMa|QcPTYN2Ftr9+Fl=iPoOpsp3~3}&ub(ss_Aezs zId~v<_-yT24t0KQIX=^m167+F!PaNusKnQ8d@P&5F3*glhZ+KS7klOt#Ik-f`i;$m zO<1wR)QI2{|M?FLFA6rnqoja~4c@_n13j$K6Mu*dTqmZmzPFeb_qn1bKdU;6Dms6c z!Rt|~Fc7RHUj$QbDG(%+ggSc?tueZ!w*y={&a#cF_;?Q@31q@SEbOFT=4TeN5RjZ! zSdJVM@)0I@xDI{|u}@qSeL)jOYt1It-qxQgIjR6tupv28pq3(lacqu(YR)U^y52z> z6&<#Dny)zzx6LQUEYx#<{ymONb*Ei>5!+8)sgmFKIchFi?W%?)c!hcYaMLZ7A8z`O zx%s!}SQ)!U_HHi0PUhx|i)swFk<{v-<0`h`JBot}Jo`ba@Fcs>Jz=XSbHlq|9A%3^ zq^zPZer`{}W_1EmL%GY&t&uo&udtX3G;z~@$3NL%OkxpJd(=+iOR!m@AinW=SPxY? z^iLLBu-#~5?8@R8(4Or!)b6LFU~fFpn7dNBaF(F5BNXc+T1=|7?oHo1VGzeV*5ZgR z5gFwhRBUK+S&_?DR7(1ApR*SE~+VNz>C<#s&vd)K~`0kE6fX zI58O8XP0|T$Zbppb&p#Cw(sBSLKEMCq{1fB9t{2;)mW-}m7Y63ls(JoJ{^wMAlKW+$h8;=cg5S6=qd z>6#0P*_t3vCx{Jz3XKT4*|soha*M}!jDM<&Zs-01Mxluk!sDD*E$Oe7@f!G+-pOqL z0R{1fLVhvJzV1wXM1-174a=oN=L>t~w$Aet?vB==Hh#5HJavn`thjBhX}{UxqzRS0VcxcDclEEq&lv?9h>o2r+9 ziDt~d#wZSPy!R%*IiG~7xMd_}Gcz_mK3v(q$Iqk#V;PQio&8EP+TdiXsLKEo1`0<+ zRwTbYHQiEEnyBCuYGOjv(^~$>MJ+UgVbh-K&h*W28wUrsI(`9eSbY=`22_tOU(8HN z8&c@l_u<}w+=*(x)uGNfRd7!U73Wj@B&VO(2=1ssMg{;pYfcJUZhkoQ|i=MA*%(0X^fJOHP_6Zn!=h2Xmb(0p1kPB{NNo1b9s-RscU6- z+jF3Q3{f9k%Qy9kwK{=Z{&s22VhxxjNr-0GtiLaO{i+(!JEQkziF^O`+fg~f{g-G+ zEcXQ%2F!$;d_D2QDbO!rLyevur=IXgDzRz51G^iN<8k#XAm;R!4CX5(s#5cRqi;Ge+oWqRZ?`Z#%a&4cMTkBZoMC-L(4ST zcDCa2t2g+<5dEU55 zri-Q$`u_;L2r+bZ9Wh>2a>~#u(2N_w4WnWt-TO=sV-r9W+c(qt<$J4udgIvx(b=yD2UL=>0-ovQ+*);aBxFE=rDGf^tNuDc;s%19}PV%r(V~?(7vyuXC4UE=Q%_#iI0sfFD zd@S41HoL3W5p?V$CgQHoElAp_`pEX(<+;Csqk>)imfElQrAs!3smN&_kS~ zPxDL)vU5 znTK#JKVpZ#L{;U}J{u=WBv>z!2?nUgRp)J_oV4eAP(Rz@wQ10C{7ej*w zm9@f7lcr*q!*l{P@AU*v%mx;ENfWJR4m}t`jAnJ0A;~Cf$jFE%vq7jL(Tzrs<>2#% zH$)ZO=P_Zww{R^~(vyE%(3Rz7CkqUco_tO)fW6#!+1P4T3aVPkuu$TgW2CVm751`FUwvefA>y?j(WXNF1nN{C4h= z(kK7c`z4^Nv|8D6>!$tEFF>W)r7N*>uCq#zduQW?Lp1+JcxG569cOea5czwJWSA!P zl)&-U==qYcIB8PTwbFxYTzd&`_BTM-B@B!D&^;_L|2t0h>Z9L*sGmdj>hY(yn>45B z8}A34)+1?kCRbxUz@|t?h5CxX~a8`-ohl&GD67*y=?@d{0N) zztVI1kM5jcO1(AL-rTT6vOk}2S%{%%D1MAi6+_1le16Q0h*@wP6}Kt%NZ)73DQUaM zK#ffnQgP|s$+I*+>tXQ#sl@Zxb)!Pb2sPF>2?ci4X@zm_l2w1I2bUyPxwc)?-#D(~ zx|SoZ>Ug!)Gh}YwUdKt*c*HuO9PC}ZH^+R-tnEEYeK26ubodRq<6ZDB?Br_E>40-6 z1SsI{sx|Pd%174?E@DN_AAUn$Z@E#F)doK{44tmD=7zqJ6DccMV>Lss`KAWA3O&k~ z5}+AS`X(ueGy{*4Ddu)7#Y3#-{uPnnp$8P(`V$VCoSD*AFUN22Kd4c>gST#t>Gz7| z<3NN42+E2qE?J41nIsz}h};)syXTtt_vEiPgRvi(ACq$wr(A;cJ9$x}k`t~!y5JM& z2yY4x{c}|fQ+a7&VM8I3Wom_oDgz34icUbs0`W#Yv@gK>-CatZFE?I})JW5bpw+&k& z?C-=uaWv=DuH`{smuCkmT}lJ@h=gRd?4W6D%1rc>8)mJ;Gyt?=>V+ak?E-^Vj{qzAKZ9F zy(BNK)aiSOt;r|;xNu6nTFSFrCu)M9*xv{(QfG&}!l2Stvy;D5v7N2aLw125L=PWt z88I#_z;_m)5BK>+@>djjaabLo6MRu6r^nXql8jiyUj!(Clow^!wN%1uE;$n*8A?h_bEYN ze}{llYmP-q8eNv{ML1&w@U7pN3IKf#2uFigo5Nt(aW<}n<{C8(I zdlEnFk1YR}@u2)Ptow=(2SUrN&~Cb<20~;;J}IYjs@Sdie9kZ*AZfHf&e$*DU7lc) zfEiw#2QtPb@w?m%Vp^pi?0Qju)&q&Az0=`a`mnUE;lNiGXKa@^Oc=39)H?H!X8lYI z^GNh=2BZ7I`jDd_q@f9@?WV^dZWeBYs7b;Kq`dDARN$*~SOdF=d$zbgnG))$fe*lZEX#1cl0yk=#2ryx>jFJVO^Y22A z!W8-+^rtT{7qb`>`57%}Yv=o34yWFm?@*0IeK^=L>a)d3J%q5+IfhfYB}0aQ{o4IT zr#nJpu)3h{XCH9^CIHGj*fIH4VlGn}{I4Oo+^x62Ui?lTR{2-MQ}r9;#earFh?#Zr)SCj3GexMnO|a>t zsdW+LFdS;)|Lf5_SO44Fy#GjU^nYwO_dlp*`hWE1%yT?v>&?*ST6dGpI4^_znE+|9 z?UCc+;L`nHX1Q=--0nFY)O&Z7mzTF#d@yD5OKY!26Ydf468H(075I+wk_pGN>o>ri88-LA|CBT$uG)GpUR-iO-sO9_JOg zi==b^7R0Yj2SDerqv)E8I$MiQ$j|g4M7LezqaHqYf&?Ud*d%qle<$r>g%}izb_vgP2md5~UU-^ZG2stb4%iH`n z{OX#HH%8NOV34ifTBaBY>qo?hoZIT!_s-*~ytFrcYCdcsdsSHd$5Mnwzx;Gy%O>K&W)Eg4|b2LFY?1+5>;oP z3>EzkR?0K&KqmX65n7XBPe;4sJwDVNpz+PeXGH}(q%L&KBHA4ftzV0V9^TTe*)#Vj zDo+F%e1Ve%9JN#VADIRuz<()gUbyf$s-fC*KRwS|_fVT5)4|pR+Lg2U`gwVQByX`u zCsj=EmCZGLA~5E)i_w`>L87OieFV~*&E%0?cbOljzui^({qDC0C1*q4%VAczo6FvO zm!Sy1J-sNSex-hF;F|^1@%OG4d+Wb;(h&4A{@qJx1%DX-N#cc_*|!n}{F!7i@dS+m?n-P#u$$=;orvp7V)59{?)j%-p?_!9_kT2O=ve$@ zi`ZWyyycCpHrN>x*HMP7^3kK{3r5i@nB%6&w>RCDJqRYl?S`M^W2>{ObOf~CO3kc7s%-pDk8@IEj&57Gt4#u-0gC{#s618D9hyO*>2a{iYRr zo7m={UE~y)X+=a3>RHab17iE$Zwga(Cp*aW623%A? zaIrnrKp4n!e7@(66BAWh9lWqGW41qXcyynG`)W>rpOy92a*M&hyZ`Jia(;kjUk%#C zPTm~Qxz;n9t>ZyaD|{D&z(k(2)kkL1XNuOGIoEoJE0yi9t!3=$kf{}v3F})anKm_< zaaC)%qE0ZlNOtpWT3e}Ot?3G$T~9y%?(P@9vk3Nct*^wVzZMZd=exU@I}ENDNTp=X z{BhUTiy67N?auJi9h)MgO~$8p4v%G5`Cn0VUED3jL0O+@G1b}mEoL?|a7@C180KtX z=ghCF@%t*mO#%kB^2jDjh&&HIsYU${rp)&eV6wiyrs{f7nDDCXj4Vo#er%>%^< zA-BW=S}98*%-qeAqK9}Ee2^i_Q6tOA97GI}A-aRF1>}cVrLlfb%VX!`?!QKwc42Q$ z-lRR)i-KaH?E6DVyN&LMe4W=WmTTOmt}oQ|%ma6;6~y~AuG#!{#)_QrBTVVVdp zZ&j}Uht${pucZ&VdUVpi)J=hd1zgN`w(o2k|L>Mq|38|R{QsN(c9j20*8YFqEQLH$ zhtj|AslohPQ}4os7j7HVLjT3TkHy7FX4XJ6D);ZJhctjjLO{Cld=U@_toPbo0s?No z_3uwL;D81`7U8uEd}yGrf5_i*-aj~qYjDTg|Gs4CF5D55l9_3yuU`ioGH_0XyYfIj TDWd!51xj*i&&!^@djFpQEuA5q literal 0 HcmV?d00001 diff --git a/2.5/assets/images/manual-guides/mailcow-netfilter_settings.png b/2.5/assets/images/manual-guides/mailcow-netfilter_settings.png new file mode 100644 index 0000000000000000000000000000000000000000..e287d0a0c69d4d251598d4d13936e9b565fb693b GIT binary patch literal 52622 zcmeFZ2UJtp_dm+$jEpkM44^1279>g+5TwQd6$K>>Rcb_#4nbO|iH-uI0wMxZBZGi| z5NT2ZM5)r7bO_RWLQhD$?%e=nxkd*Wnx2uNZN0anrfDeth-wKJXXrrd<;F-w!@Uy4qZYog$0immi&ezx6v8 zS5XWP!|o^W`$4bk7Cu~DN9x&sKQtrXIegB+Ahz-(k6)9;2^oU)FuFbVa}(85Izj& z!?}HtFwO^ohYb+Uho_gP2vpDUs*7rB$+fp1)^f4EI4x78ddB8V=II5fkoFXUM631HnnbS)2 zB-n~f0MIl+{ReXg*uRm^MFMyEevmt#%o$%rra0@_jUTJuI(xFOev3{vp2AiK?1YZI zpid1r2Z1+U*73oIjKl^{ii>=TmN(^bt<7pV+Og01elj>x>7PpA3?#AoL}<>&)Ufhd zInSsgmTF>GCiMFVxAzrytZuj%lfwA#bE#kT1n)fC2HyF4NohY9*X`4eNmOXpRMweN z88zqO`A%_`zFt|Sjh14+*W{%KqR`PllX=aRc-~BMTC0Jrbtf`4o~iJ(_&6;-X~0D0 zDwnr8WedrQaDSL~url17eCqgvQmP{;hJLd&Kjx3^_xE_y>MP!wq*&p*{^ZH&Qw3VQ zuaZ4)aEit#BIG*IbVd_b7Q-0kALj)HNg&tZLwsenV}Ulv>jGF)7DTwYS; zlrA*CH1+UY)#8y&HJE2W+4}Nw1r@Cy*MP~0R84sA>f=VS@S5~hn}=BxIv;yr%meB& zS)9dFP=7bNsN~V8xnH7wmQiJJ+e1`eZu>R1N=v%!1drVM`?E>|V^k$%3GyF2rd6~h zA@ds(w@YU6^seYEpLs{dLj9~!px;Dyu5nJZD0;WIe}78bYyr1!?=UK?WpZ3IE1iYN z&O{Ztg4W?^N0bve_WJLVD&sCR&oqYe`p4^K6_$RQ$ z8c^c(XVaj0VdFnV0#^I;_0-{S&s>NEdgXC~N1lE9`=q2azqVg#=u9`tby{YXLwnC} zt~PWUxr~3y@?DXY4@7t68HG+wsOEu&mlPIQ?R8t=?=v^TXcSrRBW01&piO=2)^X<1 z6yy!HDLKD_p^7u36J1%K{j%bNJ7dzu3HG6Wkv7e^$GWtM5YN%3qw8dD$*I?xwwa`3 zmkUyWinT{bcmv_ky8|1lD!(l0J<YipqJnkrr{D8Zs)jj1EXv z|NHC80>~_q#N}!om+`jo{Eu5X!2%6DNOgr{ka%uMeRoJ|j=_uUKRi4WyQJGE!s@5I z{%%=wGIKu<@3v~r_w{JR33976FxOywK@3&puY?P%Tc0}lU24nCL62SR|d1zc=wQDjpCEbyBaX%1$)yY@+^#-^sG=a}OwYU0Q3 z?d?~=D%-kYzoZ2yrZWaUjc|XwGF>l7R7JVpakHLxjh_;VuMNHQ^_)rWg>^WF`r(4C zT;A7jXL@AgRerI(sRIN|#tSQNNeDl86HP=AL%z8x00!V{X>&R@w_0Zxd+G1%aPyeY z<2Ur4>9Xd*l*bg3KP*UNlPh@aH%u}%=V7o*fBI&bLemkC4&pWE=PSz_wAlSA!f1PW ze?||{9o}mZd6y)@AX@K7Q_jn8Z6cz!>g#4bbX}VrHdgqh zrsr9Tu=wLbLQfM~k9Oz@CRcv9U|Er4k^ct^Mqbc0*s;NBNy4Kb!)9s6_ff(T2d&5O z*;gH~9m^$WO&il_?egp7bkfCoyIj2_)!?)=fjq+QWoCX@7umuh?f9|6XOy_PX4Z4tJ;@}?S_l*2}i%R zkJ73PS?j9xCTsSbZX;Eq=5|Gwj5Io1G_W0)PY`m4*U)r}&m!>F1n zuNujQi5AyDp0AC|w_-#6qsFGJaALVuQsqxZ%b~JZ5e6yYq7)%^v5a8k*lFtoofUiK zg*-ielekZ{|M|toET8A}GyQYv)3f~A8OgKQ-A8ic1ZIvPGOL9A7;b=GE@{)kGX)nH z?t*eay_cupR~1#Jdi8cf_sWCDvi1l;*aC&>c7(9kjLJLqAfZR&_`4 zTd$HF+xuQ_w)olrJHj~A#;PE@tKB>Jy8QK-E0hA-dRJFp1PWz-nq2*prS8t~Mek?G znxMCy1=XjU;FK)p8ZY8{&@yH^_hyo6WT?MU=SnF(!&fnoXU0U)^e}T?jG~*@q1oI9 zeXNbC@a*!5gc3?N;3SKW?z^EefNSkk=cTy3w*05BsF;oXX0lbS`|f;g)$V%e81jd4^MM^@ciJLhy4H4(+*He2?-f{dIZ%19dlI z;lfaXidan7lY5j97R#^Yd=YtlRf+)4HNm{Hn4Hi648q6E&Apd-J}hRwK9Nk%ISk4V zwQO$y#-aLc2?b0zu*jQeN_Zvr!=|9m-rab3YR8I+4g7bG9)fFVUvXITj^vD!qDd*PK3(e@EeA8}%1T4( zV*@LnYX$l>L*Pl~GRc8>FWUgG-QwArE+S~KpQD_D6T7rTtMh%YOhFWS?_rs9C5g+O z6nG(I>{mEuE$l4KC+dhI(%g4zm$EgO(CpNpc#Ggmn~7^x^)44@Wz3w1*({d_qtF7V zgi7=XxNrMrU%knwHy_1mGFkcR-e&-~Eabg^brC}mvlj1xq5Q5e-IN3!%t`y!WTW~% zV98oR6W_Ga6*Bp-x$CP!&5GK6yJhU9P?`2Go@W=2PvL-dL|v--Ju&;}H6fx=SLbx* zZU$yEB^WA4vN2y)#dt;ntNC=5i(7Rt_SWJ4My#0Tp0gV#2RlX>DL2wK_^Iyg#bCMY z%zjhJd*KbWtk6ckQ)sY*xWR+S5p19j`6eF_XyQRq{TOU}y#JC+@ZAX?viSfksZwa; zbdKwlZ5oE<9i;m9@zoPwBzGZi6|fKF8h|6S7Y#43YJdL!rs*D@2xryifOkas|MH1tO zdxZK~H82c-vVHy6v*aWkt7Xvk^9RLX>z&t>UQ2RP{mX)ChT7+mkzb>ndusb+BuaGZ_bcf^JZ&$MDlPR>QGwa5w6h;fJ z`&4snv&sapz|$hw#{<9OHns`H?9BM+#)yp%QgV_aH0$4Yv0NrU5J z%$+c97~XwX5E8Oc83$faBDR~09lu%sm-;>8-RPmA$XcRzt_jJO;BjZ+_RQKH09EcW zRt$^6;l##9OeHB=N?w=JRl)t2B=0mIxpnN52tP0ySC7x!s2U&%sa@0vSsLmtEF0I< z9Cl(f!&jbPoBru#)#~lhnxJhJx3e>*C$H>iT5(6G1<%*5O@7ujLv8O|v&wy?>h0xL zX<|FB;=A-U*PcMlp*m`ZK7px@K}27UC_^knWe9d3ym{Wdi3Fg!$|l~60n(KrwG|T9 zXS*~jnZR>g_+j1N%Tn(re$_QK&aom?2Kh}aIXi6E=6^nyfKm`t}u(lMj^dQ9Q z16g3CuM%=i5y33S)XWj(bUpmG;t^Q&;Y*4+E^$6?wJ@>yMFwxVdqRQc(ASX9El8#< zjjSh5ETi#cd2(Bo_injCxzA}W^o%V2P9R5C9hGz>Iy%u=%z1JQi>V$+8pJV_axJ!L zd9TcNxfNt&eQHZx*IjU(X7r=cm&uQK(aOxh-Ig=Bh{Y0lgt;$u&1!(YqC{AEhs3*R zor%kW3Gc%CbQsj+@VT_Yhu&JNQ@qb+`c5-_4?~Xm@i@7vHtMchTRF|;+|9Q+Y{i(C zL$52YUln*tr_C!IwR{dVxXPEacjpHNWw#?S8z#22vzpP2{8P82BZmjX+BLirf3~wB zmW0?vjR=zT@?tesPGA~6u6y!LjxJdneX)3rd!2b2-LV=S)t@+)fF~3=wowdB@nuOO zp?+TUJO|Igr%~!V1WWqwpRD=&C_42!keRqdU%qvSgK381 zgWfLc6gfucPt-E=2{a=|N1wiI{7Y1Nd!t4g(4ng?)m|`G*5XpKGE!jWQdL$@xHfF9 zv^ajA@T{ux<1mzaaKJymvUC)ix(n}VHO?juAH(h}xmO}4f0j;3Obl-yJUUK${4UQ* zT7-2B8@q@ez%(^R*yR=Wc?&r|)rY=HO*1d|s_#@1RGJ@1TF$*q$X9JXFY;yU(#6%4 zx|C7Qew$VE`yP5}H-Up4P0VRj$uOIP~W?K_ zs{LyVbw(1@CTn}7<$jy-#IKQ6k3=5-Wm!60@T?0~yUUVe{xKqmF|??zENvPw7@r!p zdDm)|y^WqN)KcH{yE<>OSYuunG3^sPa1|T0_ODvlC_YU9zQ&#t<)riUlA=hx{@5g5Um zQsicy%!KGK`fhK+A@(p<*Fb*=cjrMWLI%tO&aNW={;DRG`!WYC7MyC_Ub{ z+!jYV$t^P~?Te|ECh4$dD&KaSvlL1Kd|bB6Jo=|pWvmfN1N3-2Z3XlfqGC130Fq{W z!Kw*n&_V0WX5zcE!zIpdo*H`l+k!?t>LKY&D(JH=&lWn%lQmmP?01Pac0B+pna)-+ zlcQvN>1$JveZa&rGk@lM^;ctIRt3#xYYfeOck-EoCr)c}e#gV_qSx{iZ*V4gyJPng zbP&OS_aqL6+luk^BQrMX%#wP-vuG@AZCu7J5BIBc$StnJY;@v}{KeuWD=S}A5k6{v z)!-9<-Re^5+|74rBiq)v^Gfdd>uRmpE+yXFa;a;4e=e~ecjYW>p3;&yj1<7-0Rk>+ zVtpZE9ZEiK^7Z}ov557X5{~q3e#*Vp^p7r&%pfry$+%5e>U+PMA@j52ji%(@8IgJ~ zrI#*!%>169)whuRaA9rZWQ&wAO-4Q7D`8wxWm}Z2pP%p1#__y02;=mViYj2pzmf9U zePZY6@Q5RjzN4sMQ8g*wf9&8zEI05OPj-E!nUX!+KhT_OiwCtx zWowbe(V~vD_7o&NqhRNo@lo%ON_Th=3Y)~Slpke{YbsS>Kf3bO#tcv_Q=XE~NrPa+ z_r2}btPhcZp~+T(j34M>i6YC7&tpT^!o<^#29&K3 zexRE@;piFVSOM-~qscei%-ag3WN|K1mZ2IS?Q1)M87G-GEqaHO+#pkDt!4X>@YG`b z^2sQP5*1XO`o4J4)Hy_y%YXrJw$1O_i@t;Lo|VO*K_r?a=kl&=@gI z+So+R3B<1jM!6?%=1adYf!5xPN!JM6s)Pb7aIMYZE=Of~;Z46u>ws!sav}*qNt@vp zr@elno^l&KF`YE}WL>vsBba1iEBMS{_dMTj;|`SzaG8K-PH&G%ksISI_m+oJeSe&_ zx@$+={9nn<(0V7B;Hr1o%J~$3c67SThzZ%qhw4$T%zKTg1UP>w6%|%q}JDVDPgx&v@&dW zw=3i5Vu;PgU@c1JyT9TaQ}o*kHEf>2gZ(~^;8qSQ=z_aIv(|2ZU(eAb%`;QSMp+Qj zvmL1d51o$D-RF!ICzzE7tF}UgwsaQu>_DEgE43<2*fnYM4~@YAmqIJ!sHM*A0lZqr z{k`y%vKO9~c1L0YwA}NcPW9$(tsM`n1Tj@imYg{9sTC_pZj3O$Ew9SDM~z!1ysV8` zOAjU#Z#!p6`uY52fvCdJV}Gr+Ic^EWx2n%4VCHyhi&=!)*sW5=Xxu~%pg(-Hc2m1v z@y|`9mi-Ymkl3FeB2^X{Y;d`jIXzpr8^CzDwGmnPavMGXV+Kv%^dQZXC(vsfVbn^% zbz!q*Tks=BwcVDLM6Z`AGs`vUej#-4BY~laumxt46gzTz+uH}jHb>(Cax2aR;Vh)Z zD+V(IJ_OK?yM+=2jL}aUJZsix_G5Xk5`D-!UdZCc`JU&BbVwSIyC!#~4BeK%#ITqNPUzv=pQ(OrF2dsTlTp+bX8ZlLs`%4=g*KEf z6K_imrYjNVspwJCo-o~}qBb~XHOro}eB_#oWpz}(Pb;%E{iKf)7%E+5pod2;3gt0% z*K2B=bPS2sn+e$1_1>PG#cjdbII-~36TO`MB|98vRZ*1C0cng?E#o*w6O3}%SpNso zV0uVq(7DX3td$%=sb-f8EdKn@j1Uf8l6)1UAYLj@T;LYX92wIu8c(sEyJXB0IQh7N zP&t2LZl*I0XhGH$$2cpV@u^jFvOk4$CcW?{U67XjTPB0j>qdE-xmum*S?=+JTq+97 z8rk?b(V~YZE$m{qC?6TMqE3%liWhm!=iQ~h9qmXvy$)u&D%Ag(3PDYdGVAye^g3or zUu_TeS@0o()37xiS-UCNiJV~II@f>`{o~!!yLqgTRYgT3UTjrc)dhzyaHYYr4999(&!PK7lD?fQA61 zqUJ{BryGDiIE*y$t8~=At!JlVeQ3*xM@B|rpoDK4Arc5b8oHNR?vudZ;c@KufEuPsevbQ4H_>;@g z>CgM;srHGOorV!Q8b~+%s!701WM`B&zf}Eh8fu2@lmnfYNnaM(oh|canPeLi?cVYHgT z!kh?Z0j!#PZM9mjudw)l9h(yjns+n1uz~BFZ1;L3FfA6wsz7>Be2R;dsX>tsF10o zidkCmN;)iW6kAd4jCi?pk22fK0$#7&xw^eztNO>P!ug!$x6VaHZ4rcc>9yH$!cz$+ zvnR^yNRkzvPK7}^Qgd~uN5dI7WzmVu*1~4n5-{6z!QP}*D2qVd znHNf5C#Y;--qx^IERQDAXUF^fa>keDYZH2IdKCVO=3E##L)iVa^z< z^=y{Ic(|M#VP3z7k4`xvh8KXRd&XDzBW@opFf6dHoM&}0K0g&*f5nWVZ#I$Sd86qgwV7e70 zxDAaQ_Zdbr5<^*|gm+<`8Jo$o%js<~89pDY7|V~!B52J942+_Rz|xHSavg;*Li$*j zoiL6kRWcyIzD+i78IUDCfhBLnLtRzG>zFaVVe)jMOc@t?MR0-@;;}xLN!y6-8k`{h z+)Sdd$n!b}TUfHdM&Y0WUT`qCW`|wz!gWV7Esm;^eEL)&PmE5LrpFX!w$hI>aPOO4 z3x<-2%gX#b)V*{M9BNyUZ|U!wX3Nve5B{D}n;-o=)|NdyrQ9V``sdv&vkLt)4&9hn zJ6d+MDc!1EgXDiMDgDyNSxSP8m8OaQT1oIRiLYd478z4k6=UarmW6wQ%G$sJyo_8o)nL!mAurVrz}HSF?Wzv zCQX1`1GSQ#avaa1eYSCn`vyqims2?2@WG<5{}iMuagmr3r~#Pc38@yPvg4kTXBRti zYIS!{N)LC(-OA2MJK=HB^jWuXyN6X^O7gm7#v$XgtQ*K{hildxltla2dLQJf3%Od> zwnT02N5t%$q!jFx0^Q6l;RjyW=7_d(gQ!SPDXYrarpgAPCqw~erBp?~JU*L)_8~w2 zn4EWY;js6|qfgzCR>mH#*YY1r-i)V0k)(oP-ur1EyvKuo*3M!0slPIvIJ8?Q8bcEV z3qQbr@@bt0j5sA4k8t`WWk$YnL^^c=G+o`L(@*iT*w1x82{db+nId7FMh{)rZa|X& z6cBFYq+xcf7K@%qv7IBGi4afQn)x^@OdlXpkj45=yviJfdw|79gfHIwUYu{Q&x3_p zoX{1V3OTTt>gE(juus)5sB#M5BbrU^y&t*$XT&CVCiwtg5zg={_WwUOvigtWJhJw5 z4n0V3dB-;OX0uNec4*j!C_fZ*iX&{oFOh(alXn0Lo=Y!E%!%5-i49rHBDK6Oitf4J z8_Q1`fZlIaMrM_CVYiPVC?G$RXDcN5$w0Z7$PHcc`}IuTME(2&L_J-rq>$YrlCmJ@ z#y1O~vqbDJlr$UZ>>nLKfdyFUwSCizr#BZ19-3yQL3?9|v?W+)xRn$2Qg+HI-_TDO zcoc6=CTCdEcA(eC30J?0K42g5F+nd&H>Qhj&x)I;yqD~UvUr>sUp{8rc-U<;bb7nY zrf)8uPbyZ^K2t{!J;cLol&-2U{@Ao#`S@#gph*t)#SwhsWT$R9v~6aqIYU z$!N@Tb|I9#5x#Y*60Fq{78}7n&rcH&#^D|Hfu1%Xxljh(%~| zhUbM^UU6b5h7J)fe%N^^!_;XGm#g+64SgD57jIF#gz}psf!4#qLBT3ld9ECZ*bS7c zNjollLY1*;WE6eYX`@(U(;WV?v%sltd1sGV`6n~!Zk-6R%s+r|Y z*4ZBcPg9GRMi4*9kyTkJipRNlWyrg2$gB5NRdORmKJ$P1aewp}L(5yOPL7Xfc~2}l zh}R+vdpq{l>C3OGk(g`U7W1Q@H-V^B1YKZ4SC4Yfe&Qj|* zvO3H*i}oh;#W0#$f?m#$OXpM~T%0_`T>01>qh%e9UB^rgPVb^r9Ea998z|S+ez05R z{`BK`uZ37JYYpb3TQ^tu6X8eDsJ7(zi7#9Ah(zk(J!(s-syJ&qUs*8W216$>P{>ul zO^-3H!u5-mz^W_5^MS|yj?aX>GSvrf6#0RnnYI`|b6PcT&3Iyv@(%A|#C6&PSWDwN zg*F#w#Z&e*vk%^JSprLyb{cEkdUG@4 zQrR^q8Z2AN2gZ~HDVLI`auJFz1TG|y8cbgb(a1FHA=yD9|6JK9Z zBrwxh)6=j~uiMNs)SCV1K_`qHf|**LTY~!kqiqd4sX+TX4H13kYlL z&l!f|L?+7aUo}^7n~r9e74o)q$*vPLRcUtt+S4zA zD?5Ah9+vm^mHjKg{x1RIZ|wO1t8&k%=;&*+9GzWWe;yr8 ztn!oUXmC0!`F1}akfMS_uYKl*psABl!YY4-aw?o3oUXh--4p@-2woYh4ph9=+Q4~z>({W%rwSYJ#SnM$D2Rcr@yhL1i@yoFZdzHDlRB1 z@2odN$`OBX#<3uPMbj3WAs7v1W&i1>C=2LPS}axfUwvyaxB7~TivEPMAQ;AdwY??Z zxD9q8sIiVDpgFyCSF)RdZ59!n@1SlmoDctDq4?i4x{G4cqAGb^ELOi$C7&2>Ur0_W zZ|{}qeh)P^ai{Ru@fQjGV&8+1c0%|{tz7`Q#%;dS<_W9ZE~x%*SGCluDa0}ebKw(d z9IgwDs%^pBTw@ww%`@@Sc;!Ot-Gcq(Y<{D-OxzJq%$s}xDHLu*E5KhmjUOycD8fuX zl~+tJ2f$tD+WXm?99f>`oWkRd^j84QFfApI1uT0sm`5!=f+(D|?$O=*(>#*gLht=1`HnPH28x*2dg^^SHnQCyqJ|uN)o@RWO-m zJ>rhJn(5S8P5j4T-53laH(t+%_lU>@zViG!1atl`BBu8FL9FLdZH1 zOC@W>MvvEO1~Ph#*n4t34BXG5ig(!yz3;rt_d(ud4>DDCla^~-f0!Q;yc(iZV|Q19 z(;-$$ZXL^xA&e*=brkm~$Ebm<3R(@1}q$WPskQ zVRjy}DidE99Ew*VYpN$0bRFETFU{oxM!rwmzu!>ZfMIMEf^|{DE8a0sgVMOJ8h?=HyH6Cw5QWs_Rd;d!l(E9G~ zO*{$~y3jpgngi-MNa<{{ZQ4uG-r|un>s|42R4hpWiq&blp8F$-+Wo=hL_wNAgQ6x@-LRB9%OfL zd0okYGMphqE03mUo|4Je1i7jdFh)9YLbNMprM|r=()a!E|9I979sdb=_5${qCwhuf zboa*18HYR|R7@Y4}Vt^xY#LpSs<>d)L=j zNi>P=V3FYYm*sKJpdK7iP*V$99w_j22v<9~9s~OBzPLT!SK#)BFVK;q(zl+p{Ja77 zQezPk&$)-IQ86)x&i}_L&;#%NAoKqM&iFqHjO6tGeWIG<*eqYykF z>ASbVNUMS{BC&06Z@+PZy#W3E{A4_*VCbz$@A|`$sW*6}wG=!baZEz`H?TFV%Ezg) z)Vpif*Rp?&MC#3pfJ7(UZtx0T`SQ`b9{#Jhgv|Sv&0w?LNsewmz3c(G(avc(*nrIv zdS$l7*H!)me5@3h{cz>tSbFuw)VJuUi3Qo_H0CS3xyOls`%3SX1Mhq3RDLZ9t}y!o z9wEs*uMU5nHEo=n*Bxt*S-)(qQE+$sn_EX*?+j*Tg(WI%{y5M^N*P=QS(dQ@P;-(h z%-(B(?G?1YHv2vTuT3KQ;b&eU1s#>`kc-hAG?5eNWV%G z_Hl*R{V#UQ(Ap>O(bQfKJZDU!sodI;$_?y4>4!Gk6&o$frP^V&!E9^kOE4TdCF!bfi zBr;Ji3kf-L^!SOCckUSQtWD7*h*l2$;yzlzyyJb_fYONip$f$tae*^qYH*O(7T&25 zR?C)yg_P1x28mE3*25bJpTVG7FRO$5+RLJwbC4k7;$ljF+^S!g#QjhkL9LEB?Nuq1 z*j>BLc&p=fyS;gu^Z6=DQ?vSh<(Hab-18eZI;6xYa;@rcabts(=W|ZHde1TifCqMW zfMI3N5YD5$P)n%|u*dW3h_Wx3nNM@R@2@6^J}V)+Q_(Jn)LrsQN+=Q1a?CQ{&b05X zyxnN*%D|N9xq{)~3oP~aLJa)(>M#&?`AR2@cdenSyswVSJj`x@F;4$gT}2K6~=hGg+?WB9i+PRiGh*DX7{I$QBvj-nseNT14B}GovOaL=;UiFUVQJI zEU=HNaihlP=@+8$bq9)~Q`l(6bY|6 zew+bvsj4CO@#v`zIUL$y4GjCWAv>8}u#p#0@FQeWWc^N+fxo4zjk5ubsC53vwRq3% zk}268pJ%Uu2H5Kgf07}P{VRjAQ?_|v&+n*RZU*_lL8YGSB2=7EfYi-={W|bGLZY4( z@4c5RAS`{?))c2QP*!uC61+0ZW9YL?pWDU1t?z%fD zmFK6p96CITBO4O}jRN?Q<0<|nODKgWDr&c;Cf4SN6-L`gQpZ5$AB;y2mV)>FWdldM zb98fAcj*%w*MK-L@pRJsY{`v)S!SsY=hTnuJB&RXjzm%|E^DB`07H)m(N_dMKf5oh z#i>zVS_JMX$mRQGlp}#+0@TuH`BM@5)L8JD75B}zEk676GmU~&ws}Q)!Vi2bm`Eie zU)xMg^!4?X`J103tz90wikV|w9ZIX{%=t@*F@E>@`P|CTWtABwdqEI? zGh7wO`TRBP06&sE!MYrfg&cg!O3Y674W8QIVOqVsJN0L6(f#I!o2R_7_ofJez$nga zslV**bfKWEQ+gkk9ovRl&dP8TYc#bOk7V2=$)Y67A_?NNEkUmD*veq=w@9Easn{Hg zH|&)8Q}wk7WHr@h4{Ibf5bQgUdtv$Ih&U=r`g=rvf)9v3yO*pysqEBM* z{w-|z?*vVf5=0^))D%@IuxMFS1T^-v_;SE1*H@P>qypMLE{_AUS+R>qK~XIQEOi8~Z8DeR8sq%jUyaUnRa{c`18AMlOy zP2Ru3l^s4n{?_-kQxd*{_WvG^YfN)y_fskuA(sgM<9X!fv>n`-kCrIU)Q#_O+8b=p z;sxpj3J>xjw}T52BDOH$@1P+X^;~4gdXGEhBy+jIVTCIEa#)iPOzDd_!nE;gO;W_M zQ9%Fs;l1eFIxv)4eepw{3DMs{TC^tA56Cuh>HlQ)os#{^e%2Z>co0pk-{0R2i==0s z@7Y?p+y9Td+2@Tw5?CKR?|}$(a+s;(0g6#8M~v4OXP%2M*inHIrU(z$!>_c&1Tw>;BZlM_9>R;)K#9@HCSo z3aPs0sdkjD;s@#lATLNA-gxd!Q5kSw#7u5nQKJ|7ZGW2c4qW~m>+5^$nE3j4@cga7 zw=@epG8f;<3lW9uraUfg&8LTR$kDYn6wQ`HpmCY96B;2~!}gIG4?W!QdRZIcpIw47 zas%A%n7V*~#o-6PYf~`qJ3hIkE!9*QI2>0l4t?0{Cx@90-v zgDt9!$AI_3>cs`sKaO(lPbfCH#YoA%WvfagWc6Ygd8?0{;wWvkyP4Z|mZo3sOk1nb z?59?lHxf5z$&7^}(wvAoS`Tjr7O(jy=+D;nEjrII(&PUq8qOis>uj#OZu>n~sapMV z+q#RpYAVlRIq8Z2-NB}#c8-Jltq$0VXcCXVVV@&EV{_UvR3BKEnoQRn>J1Mqv)$B* zMl2CEQ=@gmQKOcnfroz!l;$t?MJ?5;;-T~_vNZ!N6jqG{}GALdFRvp zm9OI`^BAijXUT|y#XF|@Y2Ojobs;UHgWudxWSSTZU(N*AFIaxUwikNrmg`d_%}4Dx!EKVqnR#J*iaO*oTaA zlrdm9ruv6b$4!O^YM(%V@bah0Zqy$@Q~GuPW*u9brQz3wFzT13h2!FOeidZHd>!ky z3bUlAwqtk+{FO#LU0G=bbt&P#j6s^ZiipQ7-b$I3xPlL=KOD6(9%d5quD-~2lR4-b zQFS%VUR5Tx{avm|d4J3m9uwYCtY&E$o|3U;xZM~waAbzsqigm)=Bc_LDUGN8u;Q{J zu(Qdc`rf90N^n-;B(iRMKMg}2pHIEJ>ooqAqs|k!?wTM!q~A_q1up;Xr9JZH1CRAnsW~^wpQLrjmA{B2i}8;v;ph zz|*SyN!%+b8%+5O)zdiM>gl`!Mm}LA!J>FaI@D(hA&FEs8l9UNhPtXUXWG`gei>LT z2?yWKLWGWgVNp3tZQ(NL0tOd@PWGMA`%*4^df^h6 zoMw=Q`0I}Q?yp})8QD+vbCq3I(x?X3dYV2FSodiaj^F~jpK81N`S&>s8kk>W9npRg z)%Vke_OhW_)`ReGYJb>B(MKP7T~=NRR?+%-aik0)ru0O8I~R88)LZhf8nv}-?M_h1 zhYnf*KJS!?r_KCzPyMfMTAq^?13>E=JN&kgQ#6+JOcAI}E9s=4$>596{B`Lz=DHBH z%rBwSL8boCV(Zai9V^UEW44C{+y38__!&$QHhP?{k)IRc!B!Yf1wp z*?e_7;9U^7|J#Xo8sH(pm9p?#{bD)1H!vaQCkwTUeFGA-RD3!{oh3eZ6c{_AS^LT; zBu8}cujcZ^m|qp3_k%QYGs;<4e5N2l(J|^zBI!{8i8U7xa3B&;@=L$_FsS3%<7rER z(YQZUcS1u6d{akjyi3e>(ao&Wr#9v8fk3#vVKxrTToyatqoE(XF^WtbcTQE>Eb&bq zZy$CX&nSS=|6H^L&&`92*&Un`^OCkw^7cr{u$_Na{l@$5z(8B2WWj`M+A~; zX|}pdg>S%BOQ0Ouj0yGj(&giYRp1J-^orA!DBjb^eOUXplLcFHeH`%_<+P0@ z-2*Xc!BEx1={V-g)A7{`r}{2@^?hmez!>6hN=G;@v z7UZ(iG8?L{veT?dV(oFV{W(wO&vf)S+uj!930-Wq3!FW_8{+Z;eV#?ogGsxz+v<;= z+1~DCPs3q&=iv6z%UZ)Sqfe!pGjCC%Q$W7SsT%10Tz|K}{+P@8Ay7gVR$hQdk5{D# zMJcEYxZ%KTZ^9R6+qd@w#L6$bEN57fceZse93vgvTG2wEQ;TxNb$Xl?$zrE8Q}6o0 zqQ4ABHQi8z>5txE2n$^dcFxgb7^})~(7bO&GzeSI_kU2%RSIyrZ>9(#yMK1Cj@!K=qPHs9C`x4|nrh+%Lz6!DtkLC=jjVwLP_eacU+KPeG@ zLak6UhyA904H_qnrzn~}$z1ZDD0IGNPqO`OFgOpoV}I&f7m@FY@$8cNpThV2&%G|} zG%mklx_MeAbL~UG$1>sQyJyKU5E5?;%}D`ZJFKGWLeIKmgDW+!qs=VyEhDp|=5D&q zOM75c`i?G5jHOgFRMRF*=CAq52(Jdw>^X7h8+$+JDXj0R@p31yG@&ID<6xX%!a^6Kgs>6W+vd3#jTYITo?OV5 zv*e)Xi0Caavu_6pr>Si3>|6;p9bIpkWD&hf6Y=3ML&5B9DI@%|YpU4kv3HikT(GaF zjF^+ZXJ+f}z*mCq=z|QL@jNkbek`|sztu9{Q14Lc($4S9BaPX)KF<=~Iopbx*yWwm zI5?0wAXfWpKW2~LFnLsJ1SVnf12NJq3{?8hMZ0qJ%z7JQki64GZzA!Ch&rV+Y%)Nu z>aV6;)4z5F+ETu5NT*GDN?=fwEnidk>+XN@7=Qc}UGtmG1LJb{OU}kybPn5MsF{iRk@pyxO-+B2YY}^}6~|T68W! z=GVVAL7IFyt-QzmPvN8rMqQx;q!oOD%rDiKf-XpAcs9G~KfX#sRHTNAYx-*Sb^G01 zSjg%(W@HePG%L5t)s@YN2390iQxiy^cDkPtNzX+_D6JTF=XC~hXZ^l;y6?)Qy%Tpi zPA^4Wq%pt8?x3RZChNAuCS2$uVR1T}9;OX6CTl5+mWyNlZ+_4;%5o*Aq9%=xt!G%d@N-z>UTc54zDiFA2~|1h*TE+9=a?2 zSJ#C5-sHd)5TyJQe0&EiN!0gO!hAtAvpLtnt3~}*&kL)*KYgvVi!CUZp}30Y7!^!9 z!>HdLfqCrg7Ha!<=;I8%$KG!T&l0k_QSAgbS4a3{c)-UHm6}{}(D% z`Gs7AS{e2)B9H$KvpPjki1?jMi0DuaeQ^O}6~W?U)l}HWDL3XclY5h7_fovui*U(Yls3FfV9*?H4#9%_4N4jC0JX;VL zNofv&uXpfVf~YBn*v-_f6{+NfaVjDtaU@|i|COQ1hXtBhMqQ*yrA@2|Q8WfAdP$^1 zWXVcYregO~zr!AY)raf&V}Ait;NL#m_bh;fLirJ9A3H~h+Z_0m2Qoaym0j}@fhjxY zcNs0uf(K2T*~LAwey|z6rnFGFW-vzU4NFRhE=Veg12|tFO_x_XO)a3(m zVX-CwE13C6aT+h?>*HpYZ~|wZ@3c7ovt9wgugxT-6S>8NE(O{-%%u6~#B3$#Ylh}D zODPKTG2}g-Ho$IvFR_&VH|oeu`vHQ(!^Au;-wr1Q{eu$vlp8Z0rb0dyO zpC*`*RIxV=Odhek)bEVOQp>rH2BJ7`%Hz7Nz*g=hpSkTgXiX(*&as-bSnF;3jsR8* zEa28IV{G!+c$MZ&1V1yA>+$%wavCSn{U89EaErXs76UArfT(Su`p<*q2x7M)v(0lH zA~;N(BA92gmMs|Z(F!z2a$Z8EKN}Gf{u)M_gpSU4^)plSvP}0Q8!;+{s=FKZskp%0__J_(f;25FzyxdCf?hJ6c=hDCVA7!Uij;pIv4Uv@sukeFpb~1W&uwy0E zdCh(9ECEclku68#+ok*p3J|}sjp@NzkhJ>WlTh zO@8-I{m=3zC@9GE(!4&q__TpBfHEt=EAKrs^XC9MRqisTp=SFD&=P$GdeO=YdnNLE zpnwjQ0LYAZQ!6{wX%~U?#ryJm@6lEA@T~&>e!A!E58nUnkN;tb)c<83b*klu6pTZt zm-4F{P;!`x!y?bUGGokhf}wb>6MPRS0vYLIZ-&sSYUTLp@1&FmRBK5|dpzjy2ysZc z`rF7JGb$$08^FI58aSLV0~ht7t!A2dcPx36ALBW#S|2c(k$>$dDxUIJ3SoDhnIC|C zm^vQd(aA`E-O_EuQV#xhS|Zw=$^<)Eh~r>WZ(u?I8qy&d7{gmQeeZ?PHpw-pNo>2b z#Nr}dD`QVbxF_m*^t)%BG(CDMJp^km0)*T7cq(l4!!i@+xt<3KuF=|iHV~e!6Du# zqDZXVa-tOuKUSWmPa0br`%*vgfy?JoRi@)T#&-Pr%mdsoZ_8*}ZU0bw(X|yxXO+Sy zBq8RL`q})`Nnpr@Ca<^ndx#`HNgTt3^imd{RU^kblkdwXzuk=D9Wt!FcVS`r(>)rQ zZAz_7rqAC824j}-MW|)n3CMgi`{eWFCe{zl&T}oUw7;f5MHkEp2HfWH(I}x3)Qu&DtJ*lN*A#Xtp5HN*xyrrkdF=SF+qn>PHZlLlsf7gTkx;h)x zGi;>K_N44*t$_NzM1XxgLSKxx*8@mf-t$h18!#0t1EQLiK>H+1Y(xFx=uir7MXL-3)Smv0!%io{sNH z@qDvg^hqdc6sB-CzPbY1)*5TJA(x!Oe6Tb-9Oe@q;Sd>IlFwRDm3ZRD=_JP&w` zV};)GF$oY@_0+P?d;_&+d&~s`YR)nzn&d+G-KpWLPSyE0AAb}oE<#@Nd?mH1ZVtNC zQU`=J;?`fk37|N9dR$3OvtP>6w!!E!i>NPg2Wafe5RlINhQ#?#7fihV)ClY;np3>J zV^B{X>ULCuXwB^#_4xpClkpTA-e#^#x~pq@wYpq%UPiq9I3_NT@v<>{bGq@1JrUS@ z_n0pcI16f5Zy_|45o@ncFQuouE{-a41V`_V`oHfH)$&im7!{BrqEs)5l41q*Vhh29 zhc#7-`HmlpE+(|ogFUgeZSj|dM}F0ItQvrrFI04j$~nyw$71q%*(`0d7Byjow)&={ zqB`{|!DhT;BWwcY;crkfc-F+8L5f;BKzP3*?ZKnBab%>f>T04oDsOu1D093Rj=5=bxU^F1pH-{ayKA5zHG*ETo!P5HLWZ+YhwUJl^d5IJ zK=(36;SI%yZ0~>;#pB>0`3DTWH+Lw>?_raQw|5i$+5qXH<~sb3Q4isKmvw$V_|CV_ z*X!Ahm_z5OVovl)Mr$IRoqYou4x&pyIjcEW8jpV*xWK3ip_lkFPMvqSz+cDg4^_Th z=o0uHmwA3U@96bi0#8n+Z+9EyUjh7xc1GMq+)u!@558wyFdzhw2nqQprfp2*LGC zpSOxc7VUd?_8+TfP&hHO1>L#rvZJDMyc=KFSRjHK&$R;*bY?@_0DT0vInRu}Ep@g= ze4FD)9iGJ!>53a~Y10xyitQF%-^f%y&LzZf-&-1;xh^C`H!v49bQvvT^qaDfTS|Hz z9JxN=*A_^xs0Aa5qnt0Exo5t(1c;y6Yre)*@eQtw?GBBD6TfFJ*3DGC4%6gHkOP}V z7nb{GS|~%7mmiH{w6aHQ5F^)RH@n7MlBjkiBZaytqvEr&n!RuIguXx3q<(Ds3;1t631 zGx8~9e47acrjmMx?vnNE?%N^7qFiOagBOt#&nvJWlIZW6w3nB&$1K_ss*?AH>+^3d zp-7kIc=c^b_SZG6bc`gS9DMv25Ll!{f6uef-a4jPTK zO_Gm?m_N^Kd$~Fr;;_IMT!ZqAOg*j8n(93l6bhMRYve77(U`&4UM+RDC=w>?aO6}A zoXcH^_^D`vE0gkT@#)8_Zju|#oi));Q(Maimw^klP2IFZZvSp%ANCo!{lLsnp`cTK z?%w6yF9~-Y?z(v$mGiQRdA4rG-UNQ_!-$yX`VIfJMx`FD$ACu_oeZd%Sy>#DoZB@# zmp>eXea0NE2S^ov2-4AC!Oz}0U@tvJ373k9k+^0mom=36Q$RzF&rzrIpu?vUP2fDZ=sUFq? z&24_pAC*4E`$qU6qxwM!N=_@Ie%V`k+kt)HrN%v-t#;ODo3~Kl?-N&DDw3~cOviS_ zIvY&Vr_lHkt|vfVoM)vL%wTVMzM2Dcq%-+Tpf0^q}o$iT^3#1%_+)N)ZRyGL37BIl@)WnG!tlEspc>}KJY1p*&w{_b=U7s zm7gobNPj)#P+hC)F85UHtjd{`QL`6@0E6S5@@YxI&tEr)(oAxOsf84o8u}F6w1L`s zB~3+t$j!}dl)RKF>Xo3;C6=B_VouzdcFRH`u;v+MrI)L_QR}K@B>T%A`p<>7^P<EvB4D-7hB8@&ra1xe^cGE8}-KLD)w)Kc&5ujh{N8RQgS+ARU+br*U0h@4d z?gh@V-w!3KT=G(-2UzwLmLA{2jkUkf>HFyWM?Om#drC(o^#r&4dTOpXpQmzR24gdJ zxiUK4FxvGAggb6eS^K$e>4hE5Bw=NRlvjNVso*9twrB)O7H?RV=RKqKGD4H!W^h4l zm{fO`H4w=!A-vnax3exh$4?(c&w?rJW22?Jrju-^s_>T2c#pA^*-;BwwwXiy(UrTj zN=S$0Bx4`zm0xjExopEhzkOU`)Uup9`G+kz4(KP&VRQE$4CCu3kR;R9xJ_(n?l#}k z?5d(YqA>s8@lX8kD473ws7o00kcn=xoCPM7X=XZZFh(8FAx>c-iRb>0j}^E|`ryB)imWUPED6@b8cRca{{~SAsw0 zq3P=MkY}lR$tPmN499kPo=LYsSS+ACUH~I(q>^Df8`JZ-J1{5BId34`T~u*j=#Me_ z7r5^sn9;U#uOYZ+_d_Q9>R%^xLrPQA{?tU0JCR zEhPQpBTfDds z`@Z*rWbs3VWErs&eg5!n`rqm!9*P=W)EImu&=onw6t%h z*|#W>O#ch#2|=tHP5ojgk(n-id9DGuGKn{grvuVx<$X!jx8DIs^TRA47e531u97?= zQ?LAd!a9TnmPZ64Z{44Sm9IuJ-L;E&-<#um+eTOF-xegobVf7WZgl`ZCA zgZQ>3L-0Huth8oe1tlC?&U^OWKG&>B{F?zoPhrvJv^lljqIh7mPpRz^d;w&ov**xL zod^HWlCM6i-cu~Sm;RgdL675yG0f4UAnkFF7PPnXo6iLi zm#YUjY^u^iM~$>xVgqsmN{r}G1spX!k9INeXuN*{XlJjcjJpglU;JM=O$w;1*lKL4 zUza5CofATUI0QgCpIyCr>kT=}je!TYzWZ+7WZ=2b31*V(dJx~IVEWxr5P%5nIC9zc z=rt~sFbro{(v^4Iw?h()q;1E*F!2a|wf30O<`P%U1mGClz~J zSiMu!IreJNxC?Mo>_Qyp34h7Xq-WRm{(6e?DnR51s28>myY2&boV6ZKHdlm^hy!lO ztNZ3CY4^>E2Mb{OIH;%F zV}AOd|Nq(Q_2yr-C;av#IQ7q3dM1?dfA9uCjb@2O1OT2C)+vr>KZ@e*E5JYCWR}Qw zT^4>iGl&Nb!S(!OiT-CI2nBM%A-H_;!D#xQrSzXoD=XbT*vc5z7A-^gIE;Se@Y0%8jfn8gYft)IO2=Z>|*0S(d#$Y zHY601$2_-b6=u>?OpRrm8GGc%^ylSkCm4Ub_AmbME{Z12&5#TL;dA#?H8CvZ}wCL zYNz6y_U>frtXx=iZ@gR5QfKC-;_FSoAfHpZdP~7Q&cr>G@inj`1F)x{!ym2CQVf9h z(m-H+J%_|G_Pvx<=pfD!2XwJUYpQr0ln!ALwgGDK2rl|y@t=Z%yQ#T?DZ0+!!;Kwifx^TSD5?UxfGFu+s@$Z~@gv>wV=`UyGaMFV44) zR##V0rOuxJ)UI+!8C_HYOxO?a13Aas`%1XW7xT61o0ddQ-H|0Dcly5&?+RUFI)ttP zk=F0dhR!kNz7k*}OGY+#Ocly*Hj-y2yfpl+zN)en(5}E$i7oE6*ny}5uCA|!Qna!6 zhK89hvN3=7uBydaJbVy)sMYWsetlPu$}jCZ)A$8g{J$3Cc6Mz09F8`-vWFGLNY;Wp zFPgUcrv@jlg(N31U7NGj@^s&uos^>xw0+G$Z2mwc@?MXw9teA@El37P(*>duNWRY- zz#e13!6c<;dgnM5yRl2^o|!gXG1(1XxiP#a7|Sah)O?3)<8B760a<`!_#|c^@8N2y zGp4zLgJeo2BxLeb}F?w^Itj)YE&O@7)J+P=I zw8Nl}`SUt;ohQ}|-JYdy7rg@B^B;u{ely3ZX>5#T?geAa;6py3QWau}H*MVgJ*Uy+ zg3yhLoq~vl99~`n{@i?^u_^0MdRR&VEH@*)osq?{FOTNPQ-c`qh7g16`DjdV12T)s?E3#5=yvt)^q|Rhb0@{gmbXzXyE)0dVuHNoExh1^5r=!!UGOD_qv^+O^ zFm?pEqa=%(DmfLlw7d$V1WkiFy1&QzBB>(hb$yy#eA5)qhTO-U^_tdacjc*wObBpq zBbTb(>x1!lt%c!62!ot`X^I~g??sOr>zz>96s%6gf{^FJqM?m>s7P+M-6Hhwt^6wSkcY$^Mbn9jiQTyPiX>IC}lW*Qj(~duyqlB}FK&6R( zkHYLSr?j+R`_8uKV75bmO`20K z=~~uNxtX2EH!b9(L z0$c}1Wp~CTGzkbw^1XoG@dOa?aYEdJpX+-{P8c=AFSr>T&1p{=*_*x}$tuWG3V>cA z;N~scoFD_T-0<@q$8I=^uXL%bfsQOL_&y@$GwrQsD_vI@0j^FPvO~cCdwr4woRdO!0bd)tM?!%Q& z0EW%UKP@Up8e}-4f~eC&3s+@OOO@bL`WyxW;)yc8Gd}aTGyB#*za^8p4l&%$v%1-v z-%3b~v;DcNdh4-iRY=;Ke+wnq)r~Ldkj{8;XF9ZG*W+8d<=9yPQ=hxdcI`7`ul1%n z>+{ET;=Yaz#x%=c^~|`J=#$+F739)1a$M4w>z4{*DP`u4Ph zGW0{A@GoGM8aBNGkrpCctvO_RwXHi1C&U8d|H25`>3JzFFu zJhqcka#L+=KjC zN~r-)Yl^-PE}sNKdBKxMw0_^zv2<+vr%MCa_(W#@%QuCHr7xRLkc^1$N8=l~*Ku}; z4l8S+ZNIh%2ZTFL%tI*}^wZiJLy9-5alI2$vZvT+Pu$0nztGW$`*kB)OPITdZDzbp z^rYRk{uxfDH3UbxWiC4lp3cmGbNX$zkmbO##7^8^zz9krLUeX|w_7AFH(t2syI=&X zbby-7*@^eg$}ugGs;l}C&LaiTJbu5fjYa98DIV=GpDmwyz1q*-2@kTeJ*R#Ook^0s zkyx``YGPWCakG{WFQb0kJ(Xq5H7!>YEH7qZX+Id@bXaSDkLYUzoLdy|5>6!mp+f|7 zxR0>QhQX(a=KEFv^OkbOoqssQxN?c{_vX#3-G5C*o zvSTS+`8Rea9PfuSH|w837;vOM!=n&o3I zue(LEFSjbIcAt;0YV^?PD8pZkWh)u!n9ou+mKG6Lo{^S2K6w&N{~Xd=G2wkDa`vK; z{9`|FzJm1>gWpNMeS{B3U}uVP>a$A61ew}P4I&%Zw8FqLJb+P6}4$P08>OaQ`Fn@%H z&93DJwL$VU-!<<=eLbXDIk01@Ml_F4Sl4sh0a9JK7sFc@78H3SuiIko`tPih=`_dr zcY?8Z3jZ^_T(9(S{0Dlu)d+4(to#rBQdap4-#wD}Em3yM7m;q&PjsN3?{m}yJIgTX z^~U0&)kbN>awQ6#l)K&i{r!_1r+Q-nrfv7OTL);58JhN5uL0VOsTDpxjcrhsYcc7n zOWM}g=WUsujJJW<2vO7MvaP@l%6UK96aV`WKy;GsM(NR;q3GI@I%QNg+upkP@;w-G z67-=i=jz4w7WYJfY^&A!nSP^{CZLs~;v*{*Q5&!Tg*nmgz~sgBf9U`6mEZ7i6kYL! zLMq|Ak-K)ylg-(pKO=U-t|AA-z^#26UMCRaR8z#}FXp1E#4UQ^RGL{w- zzeV?wlb$>&gzV}W5=V7ECTWZ*4?*@fOWiPdPsdrcKrVKj`S?jr->2y zjx$%euhU#ulHA#PZ!PPjS{EyJ`_ilL2cIReh1a#D>@3b~$;hiDzzt*$(Ocde)jiJ~ z^TwucT_(HCq4blCZyj1A1p=h&%&@MiCGX2T>nUUPD*?<`Rn+g1Pe}?;-1O?}7e+W& zEQWQ@rPc2O4j#NRWt+K-+mdu=zV^UuTtg~mfF?kfB<9qzyiayn-kYZsUjNT1Ms76k zZ(-M$aOwNM@VyV9a{p-3AKVs`-gRF-3NT8_;NTz-TAL^B7>Z>3fd|5^oSZcOVTT_U1*RMS!_WU`JO00!!u84R zb#4#Pp2qMm2zugg-`ii1^wwYIIEL^;|Jg4OwnmWBZz9Wn-dT@MT zIKRVR-j8`9w|*OV;IQ;9*0WUW$L#_>KEQiV*R|apIEG1$q?ddB$i~TkjotFDES+sB zS+K{<>W(lE^u*;o9AZ3BNO|{{z_AEWG{ShXQt_Q(w>$vV%d2*=Kcjf|6xp9I>_ee{ za+Rho%^`h}*;GngPf=M%aT(JM4Y+vX+A?}NPcD=WVpC}0qz9FN3FlkU*NH&;vXImNPdK(yH{|c)nonQ*|Ehfbf9?VOx0^f~oovE4!W~8%#D>yw$r3#pL^!JA6fm2-% zQ%E|1`2Nlhv3lu$5vcP&E9)5rm2cnJMGZ?3fDOxK-3SC`~7 zD2;pf!}Y8Yea?@{w3cEj(n*_lFDEOG)rQvw!E()@d|O{q$N|uQFzriv;&dNu|QQg<72mLS$ADjiT4Bt+t`G6_gftr|0awfe$G) z;c%&Tl~eTHIDT$Mz%*>$^3i45yELHw>CO$HSjq|^YcNl>M zEB1YIVVN@?;PuE_JnfALJH*C<$ccxAYVazOw+nc-G&;DWyr*beuE5vDktJvy*NfL1 zKCd#~b(&P2Szk79kA8e6K_z0=l+n364~W+?veHj5u6>X4Cx?LHlF4sG{e>JT&!1Fn zIUlx6T9Hn!S{c!%O(iEL``4Mz z$o%59uQcVb;$DG9H72oO`miNA9`e^^K~xq4?8JSTm$jPia1iQk0@66>a z-_5X%eH-uCWm^L3jrA4kz{MN#OM~H}vlC+ZSHDVUDSm)uG%ZiRS;3MBH1z%y!*!DdzM-@VqeSbi&&Wx<6DPKSXq)2; zNG@(gxDQlHz`%S9_&lDmR8m7USjn}R{w0rcuV2}JCElK$5H6Rr(;VD6K9}!cORynd0Rg2i2%3d-rFlce>_|T7_j>ts`hGc9ddRBk!MZ)A&+`IIT z%1hbIl(6Jf1`Amzl+MB7Y}m85ER?NN+IfH^dqQMKYPGfenvB%V=qIp^0SJ;8WrTyM z^5`zhud!ouOD*xj2H@N;o3U7M6|&H8#a1$?-A_74!}Iz|L7c0qgk#o|Eq$M0`MfyT zWY$rcuVO=<2~8M$VF{YIMIJcWuRCAMm+y8$q(|xe>yHTwH!8fhkU8ma0#(5`c=~WnT#uMF2w9|{d>mbw18XWc2(VC26G+!VcQ<0~4-%#G3&4})5$bFKq zTu!F%QVxOv38mv_`w=jBZ#@?Wyn@~d` z)IW2YnOs#lVTlGrxSpllb9S0FAk>CRkNzwqzp zUPf=IExSy%H{GPb1}-2iovOPIvh`YO+VLFU1b+mpeM(*L8xKsi(f(t4@XnmesKOR5 zpcK=aR5RhK4_2;kV$e0})rftl)b_kH$GJW_tmm}0yxMY#qA%sv*7ow`zI4zIE>+H| zEgdm`zp?e&Bd|1|DXG7jZ zE`v90Hyt@@uVoNEyg4wQt;%@iuahGQ#*7moSyR6=EXE-V)y)^o9pA!NAYO5a55QQS?~4Z_H3dObS8e=$37 zICGKTz;8BQXsXUi@;MZ%qs)j}p!PlC*r3f<7N*)+Dr`^rSjQ??tbn`0sHC=|GoB{6>;r|yjKGQWn60AZpu;ym~C)+LWqEA@&m6Du4-z@ zmztgQgx#sw*GQE_p19WgZTWK1Ihp}A&pfdzY8ryO9nT3fshbNAOj>@$`79W^qYIZ< z70pIoSFgI=!3-?^0lC&W;Y%r0n`n3;k(Gt`9@Ktv+U<5KVm2N`8!w0!pwsQ#suQ=K zFdrhRI%1e?*VxBeafz*gW^u9Z#Z|l3XxA|Ia2>jh(=r*!g<9>!vX5}?#8tnN&f^A^ z*oU`xS?rAF^Yyr*8bhw;-*;Ef8hk#mW4t4jA)>k6a&Id_|D?A{3B%-ZB0Byq_`>?6 z%R)}L%}h*ONp|bUwWmfJM}!^?Aa_$2Y)*1XiEcMvp&{2jJ5aWM^P-7u8ityd4;~f_ zKhh)m*0=`V5t(z{=Jd{c{GdVi-@UT;p#8)}X0rvT3B_Iw(LDJcQ1v$i%Un~WK%%aVsjrxY#9FsKv2 z=!Yw#2-~n%Ql)kGm znv)dP6ZP!ybc-aIyn#G4bCK%ks6)JY;o@fRmB?pTf?pj|2z`C(j2MN*zhr|fRX4ZrJ(CAdv(r&t=aSk%IbJxAlmo0uBtNKkU zZ+9kB3+p0uAr?3%+H7ivhfAg?WhIR0Gc!{l=e%vB*o~s~y~l?PpYI>4QL*BAcxMH@ zYx^xmJC=G+JH|PqwOdq2?zCV(6!)F~L zbbE5n+xHeLR}V?z*rK)4aLyLu;pK?9OR^bimR91Z*qM@|X7I7(&9&)3Tsahp{#5kP z1nOz7YB2L*@u^xaa+Ma?($aFU%MPS?BLz6lnO?OL2(DFDk(Z}$fZ9$KJfLKk!(0fv z_*>WRyKhXz)jO1HE^#_7yYisg7u77-uqzJ4w?-r7bEhe&7-9@#DM^hvL3U>KpE+G{ zPmQ2>2LlfXX+k{N-l!cFzIqOPF+LkOs-`*3jFFbVvJ?E zODz?#`2_LHjL%PlqjSH(n#EIg zybz^y8cZ_e#34|P&F|PD-eK>Jz6N*~2O8$+zura>YePcSC?u2huMk#AOU#$84V0W& z^P@G+T!{eo;2TilSts3%N+;wMpWQ^onkZmH_vkIxn+EKeO%8%-?p-Y{+8gPOX|=}Q zPYG#_>owTIX9c$!hfTLFIm%jF!+*N2mT4vlM%0U7T^gZr6L8Aw&Z7@8T&L?>43*-- zE$5~tX~c4BhLKrBz+Fo*p*&Q%iwIT)F4 z`lVkmwkZ|y{(*;o#A3E-Ue0hSK1Wi&qcm!)`b8v3A1{-9(E$1O>{{8P@9~YT!cW9r z@wX2^B|c&4n_{4=AI;4<2b*ct4)D92V-{DOwVX7fY8y;VMXg!>h_zmVdGY~|&iWmk zjJ|<{h&RMwkT22wzEc0`sCdnpMlp`{yo!>6Ot$89VZE)aGUHRZ#F5o7pZ7Lat1HPQ z0^OSiwYk6Ly)+MRwucpvzx74A@S34hYI%@FvDpE6?3^Jtw&k)R#HV{hsK&BjQ{re? zIl|`twVgrJv0da7lmSt-8_TL&UC3_`?4rOs(9)U4#Q3^=0@ zC>K21=26SR4fX`t&^8f)tHRz3c;#EaY*8m(xi?ISIK_mpUD^D)`YJOlt9w%=m%A$@{}VHx28(J5Yl%JN-8Vuz zGu$$^M4KahtDg%T{OcRt!?-2~2Ncc7>Qq z@GOsI*<-hg^2Ew&Z{TL#ZbVz9o3bpyskB0Sp0cuvs=Kvq@6Qt#>prWTVHC$OUOj_( zGoqt1iZiqV99SRLN~Pj*Pi4|vx_ZrBOrd&vMail>@<{rk#SDR{TY%0paNEkP#kkXc zwRz2ovKNOOms`TE=4{eCpG34Uj**);g}L!%vFOKB#XZF{$;sr0gtTnXLAWKUFX8J9 zsd=OEbmfhyZ;!v};=E*hbe*NSIucR}j36&D&)r-5V~s2H^K&ea-6G<$<;&U`H)alP zeQ*y_QG+hQIPSk|q9+e0zcZ~mB;A`uYr5}fY~<{k3mZ$&;C8*-*DPYR)X*;XsT_IT zqb*`50N7ChY@r_ab3C3DqU9io_N&T+i4kat!wS`WaE)$Y`Mhp)A?SWD9L(Xxoj zZ2!2NuUKlH|D*bgCXd(UEtl5iV%#?RQY{I!DqUcZp90pnFt^+7hWvu3K~h>(QIy+b zYmY?P0;e%!(_Slr^FGp{!8X>>2t;3mnkU2s^Dv+PRG4Y^|BKq;+;6rGMxB?@6#g7Ri#~bc;PsMCP zLkK%|c(~F?84!byU69Qn?+BcfoQ+cDVkt)q+4Tlm_HG7;|9V>H8LNTa&A?z^`$!jRSJ?!%7nKt7SP}g=xi^?BPw1A>p}g z4)oj=VFnAUgX+aYYgbNQWYFIK7Sg=-GoxB~3>9i6j*dM)kc$sO%jm!=9n=yXxpG7} zPGh``j0w5GSvF2_pr>D2``J-D0kcM1nnI`x+@{^8W$x>eip~gW!biI<$Yfg5)>s?# zdDj5#6Tam9GEj#sK6q!$yz=s{^#};bL>yZVsMIqfaxolUs*a2UQ>oF^Fmt=pE+aB8X;(T9J> zr7x+g0eXd(;9$-9*0L?JK(e;5Vbhzq8mn8TAg}hKrxjwW*g#gE2-ii}JoGB2I&L)v z$C9m`Q|SWQCW%?z>&a4-=6>aap9WJq$wUeyz}mn(!)~(Jf2lg(-_tZl)zE8W3dYyA zAtnM9skGWFCz<`5_`Bxyq@thL$x58`Xm%um|4D#jR$Xc(C4enL`?euBUC+>zzmjDn z&?VF2KJk^Ki>lz6wYKIBgQg6>r=BFan#?sM_7}=nf-^60zN@MR@pD0_o|tFtL=L&` z+j?YYlOX!73~TdRmF)PnoYOpsecg29C%Lnkp2+TJ zrbRxNhcv#*s&U(YeQEAR&Y>Rz<3-8KXB*GEMGH1S{QCs29EZn@+!rd%MJpjhUh zx1oIr5p|Mq8jMBO2QN=$tO!4p{g_wUzxBZ;c}el=diukG66#EEELFK`t_w3Y=8mwa ztZ!UvJ}+HZ%w`T@!N~@7FQ-kdhk@kdH~gJtW)`=xNAD|v&z45v`AW9+{VZ!g`m(ct zYMkxBcuVa%!qx(h46B!kSq9CaW3iX7-jJahb?Bvmxrt#{P@0z~)#smP9L+<(?(>~j zFc3;_#0pcpLV=iAe|(2*iN`0yr>Lomr!}|AYgU#tQv^3^JfMR34s^hl6`HmkoIFWI z(GsDf+1{}aRbub2--$KYa(Lx<&d5L3B`*j6@!>;5C*Gx;+r3-K>TrI1f^o&AnDJo$dtuQ}3^dW0q&dk`y8I|PAN(1QDH1W%-Y zcYLSknbZF?--4x=dj?nrJ6Ermj@-}^L^PC+bgz}Mx8+1WPRIqvUv7j zR_^aXc*9=B-=t&N!}HU#RO$CEcgOR&u6`V2E<-N$ZMT6*UlU9iMzg)qGvu>X4Vh0A z5U;+`w+xOaD%9?Tt~4bL9fi-wE8P=2QK}TuK|c#0Z=n{CH4_wd<=-E%ncrC50kx5n zx2EeS#$Vi9iA0OgwiXG?KG5poyYxe1Y+1TmZaW=BtcX?jhiAo#jIH*xykt9_0Nv4= z66H|}s18^XdxxZM@C-8U8@l>eN~MkZC*hm zXc7HUmAtmh0gJWw_6~E~Y+AdVgFAllV^k6m%;psoQk6eiTjTBO+zaZ+Q7JH@UHZ+C zF}vmeCcgwoy7qxL&)N}Kx#JG|E_K#SP0T5q)tS-zAW^3d0x?wh$(n&N?7+PQcItRK zbKkP zhouMK^NbgFT7BP^gMA+l5gr|gh(Ha|OsQ%>r|G*u;w}(){?@Q<;K&v%HdxY|a<6l- zKi4SIdGvP#+jrX3W5b2nTPjg#(#Wd-8y+Nioi`C=TC+`ZngT{GWxZC+ff|WglAXqO zL|P`9TIxYy4yd<;q6r8$*`&m`nS>*7cR9l8l;shZ8(KsehDlV2_Z`@-4kgh?kLV15;On95A8E9xd*XbOI zzCKlybNRRlq*Z-tyq6t(oQtv%*m4j`#urW0#u8IIgR26MS0>INs{@_RJW z#>xy?>*oQ}jtkXVI0FguI#iU6vNJ$QA4TPrep`D3i#twmk9YqZ&U%w0XBe7z?X*#2 z>t;&JDS?Kd%FLwVS|?r6ZP97P0Xqb=#b|@<8zL3nQQG-iV+s8J%#msL>F~F(m)_JL z!?{z+EV?LWu6{dGbqttbMVIpPcpr|Gs+HuBmkd%xuo?CS^t7=wV_b#Z&Nrud%b{1r zszH(X;ukryr3gVaw}OSuu;F4kvw+l%jos!P$MG+hzoV3itfu`izV?F&iuT{9w&vb% zT|EJeNt*;BFeW1hXzM8T)+(Jt&m`r6$!&#_f`X7D^m_6i?ta@g2hHN1+Dyj1-{43I z7{Q%R9P=V4px`Q) z?5e^zdZ+WNmq?~1D!Z;~S56XJ`-#4N@@K6k@ zwzC1t!XvCYjM1luE~9S-WqRY*g)56}cr%AK@dx|+>Xc4p^D158$fv8QB=|Bb?bu42 z{}MLiYeDyNSQeb;K@H30QSoxl=*a_zYb3mv@lZdlvulW!=`R}MKhML)VcTnx7_*Mf zoWX}!f*o29rd)_pQ<{t z!O;eBgjRZuP?IkqxOF}A^1joB2rcxM@G;S{aJX9R1=3+i*i?qhRUy2{MmsEEZtCO~ z8cUpTi92r5$BGFDq_(e$gG@lhs?&`=5_Z?SmQ1tqM6fhrzxeE=AaS)?Ctra4;$RMo z%}?>LINuGT+G8 z9o$K~dhUz$=1bvS#r^EgdALDjp2#7dW2m(G^?{U)L#Urz{DRh;T^L^^35P|I=-llE zK%mfmsD#0VeDtZI0gLOeZV9`qE~EC?_*nyXr_?>wB)~Q{Uzc6|%jfb9Cm*t1YIHs2 z2Jogho=~vsmBz{=39}O#rb*4%W`T)zTZ&ZwHW?fo)&P2Q^%S$^ec9|TEiin%PYwD^ zn7A4`l9+W_<12*Q2wds{xiaF9L*3;3Sq%^0C6% zxZNzTed#Az+qLy`@?eGMlP3#JCnv~~#QwcD_&XchfJxB7F$ihMOsS*s`9--rZpoCn zy61$8M-6KgF6*WYdo@?T_7$}dN$J!Vx27lAbi8N)%b}fz>>+>paw~_B5sX|>4$t77 zE5qb4+SGG`2YE1dSH8Z15n*7|!H=Ljg)%}rt0GKbgd;Bqp<-wI>cBd}s)KsnHoNeq%6}C

kcBG&k zmlm~a=i#T{A_tAoIQnmDwf?Mu;_Tv5UN;v}2U0;}UQ_7@Ydg!cng6Ficw6Z&Vw}Wd zJ|ve5f3*=meI9ZE+^fmU2*LZCbRs;kQ>|y{`y?_XXa4$vYCMHb0%yr}9Tf8O9)zdsu)-PX*c|DY}J7D8iG4lT* zl`eCm+-aeEeSO`t;X}K5o>7H)C#$f9sj2Dn=gnh0J!mtAR{lp{x8dDtXrqHzUY{EY#&Le4(PHU~xB;BRQq4q*uf`NT2^Hn+Pe(Lg=98;wHMq8~4a zBp~xAAz{qqei*agCdKpV?=2zzU0Wk4s_;d!LgKtWXE%2UA8}2H|NHOeA8PM6cc5sc z6g3Lz2PL`NmilK;B}ON6vqFAl(^DQsCU?C-Cv^wG1q@R(^i!ml5xep{B>SBov2u$~ zo~LheOG2f43g?9-p}ISKL?oR5?80m`v%i-6%dQJC%(;>!>ro~Fa)cfeC}qlz(rwzMae!rpK0*}}(umAdtm!n~7hyO7)b)$*wi=)D70CCl`_ z?yCxvuT4*42_2JIoeaEqz?$yDp)dl>b`?oXQZxVqZ|zig=B7xVz}Owmo^7876&~+L zDeqMI$=?*kRryi7Mau1IFzL_Tx~g#Z&CO?FF4ZMpAEY*fRF$~(FDc0p7MB7Zco4U) zBEv21mtw9~XcNj6)lLfRy;ZdKRoae=w9HdPd%CoQ^Q?H9JgQLK*A}zuP^IhSU$|R3 zogrf8L1@3)neL>JQWtYIJ|-nT=4z*Tl!PlPL!mPf$<+;=i*{)#nr_~^il+2wgjMhL zeXy-A-kg`_^M0JNiq;$Y(yhd0r022xqubUj?BKa!9-bPhw*wAWaQ;5k+Z6inQ#YeacnQf=E*`~EI-q?tYaF;NvjuZ04wb`b$nV6ZYwJzTf zMk>d^qhiLDW6(%*_D3;BX0y;68+$?V z4&mCo&1S>RX2+vqz-*Fc<_0l)K|&kvg*KMVW>Ci@Ew~vKYk+IxpPBVFo1JyoAPa4f9X9fC zZCC-3HD2L0ei7EzHqX{}ET1q|-NuGTL>g(+7ai*w9h=B2vc@B_#wW7W+8#7BdvRv= zXrz_4KGJ4P$A-M-P?$PmsB1H(Z=(|(i`KD0m5gNbh){|~DpN)b4Qz66i16atV{z@h zJf!!EB9XCZLmTqrvb}dR=H*_~OQ%9a5bK1cyZ~$O)e+GpjwSSdVL`K7Es1^>ZJ^2( zX0BQ8c^GK6>%nCl@X%UJ9aJh+Ls0K$nVo%_KTM*+E<;%--#A&pOs8_9>7t%zTxyU$HxM(CQmKwpmwv zA@Z;siSl(<)33&13Oe}{J4nM#I=DbN{s9ww9uW~``J2N9PPiON)=P=?U}oVVJ?i}2 zS$U<$DpD(7<{GzN{_`BgQm+?XiJ7JlsMK)9e5aO!FGL8zc^MM0VqA-F;3DneA8_@u zBfa){1LBQqpM|Z4;xP@ZYJ9nx3muFBYlITzM9oJKsOdLfh<5O&z z`4_Fx^CI${C}k;VSDW_=bRGOmU{_I6TdB%wS)0n{3zs4pz%Gl5ZTt#OJp3=NtNaw^^wx<^}sA03pC&Ixmg4M8*(y+M`9eXM|R=l+x4hE62NFI^WtW6OfYkplk z#(@RymSorny?`^ToXBf!-*44!PBMIRvUMd?wo380TP-r(t#)O`e8pj-6W6|l({45{ zJHf&SR$ZI{9_`=^43B)Zrmhz&k%%f~CW@a{#PXtJ<3a(umVMFe65Uv7Z z*Io}*xYB+8J#f9w;VRdV#tqOoG6V;HRV!s&1o8>{3l)}-`Pad77lrbtAWd48 z6CWAje#^*p2Q3P1Zy9F^y7u^BnatM;RlYs~Ob?HFkVx6);zr~*pI}KRLjqU{rj?vR zreN+(*e`5NFzhY~y4e91uKi%1hOX6J4h6DPL*-%Rhpa&jR~_hV(=p1enbYR%E+ zplgM4&^}B;p$C^)Xdh~1=PSCF;;;|nizY$kK9HbMS!9rU z1Z30ui)>y1&2~P@Q0B}Ihz%99HH*k3F_;8*cu$$}@4T$(CFD9r8Jn!}@&N6*=-RXu zfL=KV3?x8@-Dp!>m4X>B1b|R+>!S>=9=K32?7di-qtIsr7@L7pp&}6IE2WM=@7#@t zYULXjD0~Baz|0p6&^WM)TyLGE&vXPh<m`sK! zv4;YwMi`y#!pb-csFR?k8u38K5n#)A`NK~z55z+;Bq$;T>>UCH)QCb&WiJ~76!49D zx-5(n0QZ5VDYP+wOfh0wbC>}#WX^03^OXz%OAljf7?_)fPe(nerR~KU#{g>dfxWdY zAoH`~yy7sxPeNN+9gtcwBpT3TpcZp!kcy`X2z85VU%|FrvyEkW00IscZN9P(tK_aY zuSbGrcR;wj(WwMj9K~qEFlG^{4#p7=cHp5v6BKqXAUV5nJWSnKz<=MV1OgJwk5JDA z&&Y35pK$;@z71Dj$ePJS%en(U&da8Z8LpQ*3BhSsasqD7!4;DsJUK>E0PE6U(TCp4 z@o)m4{?)UmL`*#%ny}FbUnjtny@&uZP85+AaHTlP2XJjlJsHBtimf@$at_3ID%IepyUJ_mWsPzq%l}*cNe0Q z{|XNnQsX!`=$}{T3q+n4LHV%#0M8gZ-#iwKT>qgr1-r5h&-aBSm{sobi<%ZuyEI{VZM)>t2 zbnTT!xVrB}0{A3B8!uodh+vi7eVE*MhGDI8_;4rbo%sB zD$@O7e$y@jALn-=0Y!KyGo%Ub*0O|DXAwpDh>!h_2twxTv0`Nyo~r-ch43H*@px!l z2UwhzQgZcHQGu2I|xz#asv2m0j#;N%`EV+~Bf z(%pPSP_=_Mo2VL$ksWJX&yM9x0i^o0M^!3GTkz8@tk@(zz#zbEMdG2YQ%!K7r-j8( zwH70IXcUeNaj3lCNCge@7ib$v=-S^9tcTmv_kqau8x`nUE>|LE+@%Q~dP@FS5LJm> z0iWI98{t2xE{tIN6s*};HjxdSFaQj76mAEAe*R+$7I*yU-y*xLk>x0BOvHHi06YL4 ze;4Hwc#ec zCj?Lia7S|}Rl$D!abSPI2F0U8EQqv`=drKkxKymEhfx}S>_Xm8!R{KJM2#*y6D$Mt zxDtY#aJdPXUeD;{i3?a6`lo_qaNDEw$~iN@Wl^tfn*fQPw*nl!75oW4%g+Z&qI{GC z!uMhIfN}nLH}x42bM?#=jOa_{f@kW0-h(&JV>yM3elf7LRpFsWNdW!}ox2c8Fu!Sj z%>^uH@v=3NNyeIR8w$=w zfdzG7hmkoE!gxsihzLeVhVLq9aZ*SFw$Ry*+Xjzr8xEgpKW^omZ;mzNG#IQj^qWLu;-YA;ab{50UiF|2Xp!9#MvNMKUhmUqEksd}v!`9K>Pgo)T$!5$o<@sn$eV*JFnPW?vlh1p;*X z1oLZPtw@befWqH`uLHdUv|}nBO4~_A`JX$l&A@aXK-#g!m?_v10xS@)@y_0{j$KGK z8Daux)4ekXFavBjQ0Hkt|8CA*t`9-x4+Ef=4-}K;hSw3W>x=N~c0^jz-myTW3|Cm{ z_5ZXM|7k7$(^~xRZY?6(b|K-vmym+<9N39pZa~@Nfy@J~z6;6tiia`~fZeUdV4C31 z!Tp~SEx?2WSNjfVodj)l3SXbZfa8`j1%fD9;NAgCpab)T0K+694c<2buA8yhbKpb; z_@IfHH&f?i!7^CR$Grb)+K@@s&nuj59fh3ly=mq|OA0b!ltgU9Sql{}5i0;m8bojU_^*azoVBN+bMuMbKC z|B>UZf1m&SO~>ICikqpXkk+uE*6`|yg4VR0v#QpjTyID2^dXwmgM*&J{&y>;H}(#W zsg8rhqHrsn_A{;bNFn<&Ep2fHBO(V@EAh@`A+cC zE7AK}D{_!d)SkCRV<7aVDsBtU))oXB)rtJ(pHdKwx*ZuQ#3uO<&lUatmU zpJ1msM=cM4$*&!x?hg=Pd?y)0N7EpCP?jh>PMw5`5>O&jNuM|*V}Ba%*C+iaeyG|2 zy`iuuQo&5_8;29)zd&`XzR#y7Jcw*!*7kn!xE&W@BV9cYGFZ~%rMqL{0UYy4qR3&T zYA>snFM0fXi%Uug=MDc%vnnwp7y3tem}=bN`sx8drM7F(BU!1###1M7Y85U5)IZ_;e17t5MFHAdLs-r_N!`r zHhS4jb_M^ynVZ?0JRD$JIUycEneA;j6|YZZ;zq2OT12yf4EE1hCB)slNeC-*)NZO3q+DW)4rOJ$>5=p*%k9u@?ii#0`a2VJy4t5{-OdHe^hpZe0gFsR+`=ew?8VtR))qn>}bNl4t<0C*Adf$?X=`LAeO9%JdyLH4*_)_Lp&`!T)+4&M9ixVNJwn!v!icxCK$Q zllOq%E^dC{iKv3&v_ba*p#!(g3z%!+{@*Yk0b98YMK7(vRAzP|(a;s7pws87g@jLv zm-$&DZ|~eH#!5J~lk@AZG(wMZhy?PFy6^XT$uR()d-D&3>jn2gG68ss%*?k?vg1vw z<76m$yDTw})Q$F-4FZm2G-xf43PRb&Na~KxtIv5q97?ww>FIU76WeJX&^ zR8Rh)j9bmJ?BZAsJr6(ckz8Q2BlG^DnEz)tQM=?S^SM_fz$1?5sM%q_xMx7}3Q9W# z8_@!h={T{JvSlItCxDlty)}ng-N~a!=k2>n@2BYYg5@hgm>9B#6#QPnWBtq3bR{~4 zdl+RAvkBX^yxU3!xuupl&LOWIT+Vr? z#rpfpTRy$F6?xRTuNHILDT5`$r}`5Y7Nx+(9=tNMm5F4EoVCf4@j z@>3(qpyA~rHP{A+^||DvIRK(DU$B3gmQch}S32NR6XNVgol7a)7DNn$p0ZJ%SiSTG zBE|80s37%bUN3HY&O0dR#gcx=N%O+NOI=?%F22lB)uo;yj_X9SFOO(M=Gt5=`s8w) zqs0ZK-D_kZPAJ?1XT4u~R)ysbg+ET5F&nwZ*OKosBg~0n1`)%jj#b&E`+3D)DWxrf zi#zlTGk^9*)Mw=^b_VUZy$4U{WanlK_eL`zaV{d-X+6cx&P$)lJ5Iev(yxa1*oa$r zyML|d0_Wy7%^HprdRHu-{8C^rR%D;EbE$6Nmw@gQzRtbsjxW9rs)NBpPTHCwh6?V{ zO<^4f?nHTn&5Na$bO_Grj!x^fqR0n(AOpE0H0r?o76!jNtRI;>eTzXEL@! zf2lG0Fi0pqDbCGp&}WZ4Jho1!n?18|UOh{~&Mr&uRg~to+;re1==jg6Ko6U#75%at zRy~){(Innm`R6_iuC5h*cAsJBibsWYf{dK7Ik}oJrFc!F9d~m;h z6#wr}1w*0VE`1uC7!69My&jp9Hw;&C%y-V|p-jGfVOHL^znD%;-%fJl=hiTxle*;~ zS{f|5o)njT@mpBz{Z7fQ<*^AD=Fm$_Q^^R|V)@|a?B42^tVo9DwXZL>-C=Xu3rq&zC9ExRViVP zEF7+k7WM}xL2^8w5647{Ez032*(Aj@6*ODyahg{d5B{--&3LFz)%W$(1c=DkP9bF$ zM&4^8Pex~YF!#pmu>o{^z{{k2%=>y0yw-_m1`a;@ZpVw8rYk$ZtB_ zMS_IPjJMt&;T94285xaA&S&nMZT&+VkGc9Ki&ng#p*WW{%j}Bw3wE*vY0|;%M`&t( z9VC@xD>*TF=-RM1*sYxake)!Tl=cHrApQs;rFD`kq}^3PS^#)DYp+3Wo{WF0tyd6DB!$aX%|}hLTow$9;_~R9h%9D#GMic)`I0*$cgNN&eB{XX z;%mpwir!~hMuYvUKm3HN*%bU?>5ulJJcM^2D;H(%Od|3EbDz%$P z(B%Ix&LBPrCNHj$8`LQKNTM`(WsO4QD5VTlal^*f4st7QGtpAcqw-|a@elVG_m0Vr z>l51UOWTj;k%;3~Q!vAlCb-@mLY3LJq2%7!%ER*V6gAs%|5@E-o;2^g+$t61pR)9;7HES1Y_j)@T8nZ#VYJ=3oS^}|(_MBW9`(Hw zr8{qX6P(82on(a@e_fJtb)Kd)ZqH};2EpmhPC>SxpBv+wX%4Q=4i2E-6J4@Vk*F$e zihZ_ioKw}BCMWgF+3?%=j_m~?xUX3L<lN>Cyl=}8{$l2jNUr(#R#V8*? z`!!R|pD04j%$dQT%5lM^MRipxjIEYpHX5aUw);J;xFEOd`Xy1N}zvSHbjjbK7wwzzZ_0KkOkfGdL0b|^=mEA(lUpw%Fo?` z^)Ev~HnL!m;xVd59)n9c-IL@<-ihXoHY%OZ4N18El1Lj{-dovGWj&IfU6zx)z*?oV z!AtOPmg?D3xF6|tzS>I*HG24>uZ^bk>X)xBsA|uEj}=mwcyQuYGsp1GmrRuszVOs9 z{40^Q+n!dxG|9bnM2>~l*PkI%Hh#gu&7Oa9?CInLMtic^8QrYykiNp_eI7fjIrfX* zPQ#6=xDL8o0rzL5$0CFn-RWebyL1^lG9)4~P_APT|FZNp1IBPx@^DOAl{Vw__2WBt zd$KcMNTjom%mdd(AsBYd%Cc83u$5jVzAy91!*}I5Oizq@XC*Ub-W#}z;%CR8)y_`u zoX;=3(7w;#oOtVE>&c7O)DFS_6W&l#pwv>cg3RCDo;nT^yWW3x(T0V8D1??JKFSfUjds;H28L&5Pqc2QBf*UuzrXd>?ZV}gkKe}GS`uhp}(4G-;<2c;Fk z@6)!O0-|;{Ey;xe44ZI|-yBif2t9)Jp4SmjP8r0?1S8dlKyN!Z=|A7!Yavb*iot({ zQ=p`Y_yyEgIcb**y2~s8O6#-a?}FdM23V-fpT&JuVPPRZ7|*9 zNb+eOky|B+{^y;ZGGC^m>tEBUdr#{8OZ7HN0{g1OP+hi}-;XtZk|>ULzH2JMiao(9`0@ z-lgQ(um~wstx7n^%6tGztygeRYIpi6p~fItP;>Wh?;ou5{~~|}Z`ZuM2RTIzC&8>V z=8QaU2ktHy3&#G(WAvNU?s0%9ljTfy8e_4pgMV7}Z$tL~uU7mYWd-nRq}lzYb|t3S z;Tsz{5qsvX60t%^wU{)GSyzqOQq5U>#9oe2A-5Sjzi@@d?1tIw?}$C8829|P5u`cU zI%ZJE992baU@FUM8+k(QS^_OgsRunu{ARO*)^~`J(=+)R=qJH2UHa0vejm!41xORhRoLepbLGwl86PvN3 z5n|oUEC;nggHkp^+;rF|l~Qd6J3DCDJP6}k@x(sI3DVXvZAkm3N?8`{IDS#~iB0a8soIvks30QNM@o!!8xiaw&sJep4 z7QBKDT1E=S9F%UURqV38Slmhq;KYw=|0sYzRS|m$jPQ?I6ify?R%Q*kejH3hV=VQL zE2Wr(_5nIY=r&4rP%DtyPC+eV@=QVwi}x&4h`-DJFVwwvRFhrXJ*X(60wU4`1QY}m zgdn{aX$sP$w}2Gsy>|r#5dlE~=~ATk-a=7&ZwV!#cLE6zAV3JrjnDJE-}}xVGxN=? z`K|AlwOA_dT5a$Uh$W!-z%J5V)WLqedlD_LG>h#y zUIZNCF0ifppSDbH-v#s;fLMYb6K8U=cVdD#p=oiqKd<P z5@AR*eP=wX34e3Uma&UCw2|&}L5%1n^#($e2THze znta&<4xp=Oli@A;miv__CfY_`GafC6$_ap^K?r~90sLwQ=&Wz<^h3~bvJ_}^NCFcE zFz+ip074NhKzn8otWV|Mdwsy=8i+>TProDe`sQ&$IVo+BG;Pe+;Z|44f}i6u{%xTydo#rpB}3GgAn6yI~;|C|G^WeVaR ztB2IQnn~7ggz$Z>oKyWoV=a}B7#{agRYAT|G;YYj2cHCgK{`^VJE1*F&&js6yQdo?Cys|=_P)|MlUOpt7Tj@9tSuoR?tGi$$91EWoz0auVsQL)YB zY-;r^wmZpatURVaBgf!aAj?(LZmuj*YGSHNMirrF2zQsmjjXHBEy1org=T&-Fl@lb z^a@dyDy0|ZBmvSZdH_;{k!t6X8md@JzO)6&@ z-TsDlq8l1mU4OhW>1?d6(NQsZ2{VX=YLoh1YhsEbsgh7%vxrH`@x~m$dfgqu()6>g zaAg)?X@KI4pM^DMkZFBd-Hd&M~`o-OC%=<9pU+Weme2QLx6@S)PJGOC|t zD}1ZJ^~#0Iud4oaYOi_B3vBl&aQP?@}lpi7n%qLcJ;V zzh#jY6;AUv?8H^}$kml|GQEA9GVMF$as6|-1dG>q?4yUg6qfXSg!uFPXp~TvyFu40YX1vg!SlW$4t$E zMI*&U?>4B(tVnyP%#<|SbEgme2hO(QCL5Aj@!iu=Q%JFap48l2Io+VE+1LZMO+OV< zy|J0&c-;KG+jJrWTz^T|H<=_WaBlvKH=ocqk&&qYSlW4apM!%0?LlBpWjQYdHVEc( zvdoIZBsz)^m&S5UmoV$rGR9Ke6NT4n`|}k@ee8d?Ss-eKsdnNWwd!9YPV5zaHUw#2mMR={q%NNHy!62RsO{(0E?w2Tk?}=Kem>~+{#+W~`t`f+u6!S8@zwHtWpS!)-ztc#3YIeyYS!G+!O6AOXeij5 zxr_>z4cqLfn5-Y4EB8n}8cuaR{k1F~<5`oBkI|9z$O=h~_9}2lVA@RRgF4HpFbC#3 z%cE7yslva7k$qc4qHg!N^YnV)d^&y{ux?7U6smaR<8#+vuz6Nrz2`SE8 zkt1(Q-w(?!lp4eBuw663gT)z`Jv ze#$=yqI78Q`s&0<#FcyYAeJc~)R)ID5^mt==qF&+jI{l4DrFtjhjM_Gao+Czj^hrj zQ(FWb>6?{0G4A+k&gTWBw4SYZ@~pwVA>S}Q@>D>BBetT$>*e$Q<0E4=Zf#j}bIX|} zW7icBA>X|Z7um|iDL`oyAX_>8f);{K_Z0&VG^H>^Ej#8xWvDC`#lHTMzmGcefObPt zJ#d381W+k9&8G(}ua$f~!?&DF6{mw20by1no;VZGlNceL@?TEWqNw92(MbjNP&?2- zOv$y~6H9%W5rd^>UuZY^F%_D9wfbGEC#N!4r$UU<2sx8h;@42wkymARTrs=4FL{@N zPCPEM(UcLeb4ZTzp<>e)@`zV5e5S8lNNaw?sr_}#7CsRb-di&^`lZS{tZBT+*kht3 zqbD(xNMFltO$)o!)8h-(3=(`JCRkVaH9-X$)>J~9Azs__VPp=lsa&doJrqgJyH-43 zTx4HaU(9k&r5xESVN%%I_x1g&?C=?dw(2h-iO0S<-c=-8J|!lT-{e&d$wWj+d5 zXf%%1UQ$VK-n3nQDH8blPM;M)aW_?&rW{&jiQ~?RqZpz5vyql~_v=diK1|vVZ;Bti zZ#d0!$RH>^+h%1qTYFVT=@au|nP8sciR+CpU#5E4Y(w5g;al@M`##cTx%K7qGlvJ2 z1`#ybc92nbq`v%M z#D@8^e@?7-7%%d1=Yl7d+a~9$0K&~wbdorCx)FW4%7h=aOU+ng*)kr*CbW!JZ|F8` z2K}_dRQ#oVA_Am@g7L`$5hrI8qcH`REJ7gvoYSr#R73Rm>6>0args-ld{sMc7n-YG zZLb;DaMSkZJD6=FidD+BFjN(ywC*RY<>GbXQFu~VFwtA^$`YxsZ;~L&9r3jsrtOX|)^E zVLuK8B(HegxUs45z^?ZOF$H(}l}12ad}Jf|Soi}J>cbAw+G9x<<3 zQam-(Wu<|}6T2E7A@}W1qM!eeECGO}F&#GtK&X#>Qyu?<+z|Oy3ED-SA>t|Ig z>t?;TiMQbI@|ljhDQw`wm{u(^UOr+239J2Jm|aX-Th5XaeM>^Bn!uE}lh~iLaG>L) z1^vnjq5*Y(LdoLM%~jGte5X?0u&g~rP4rgx&jRH21NYXte;sH8PlGwd&JTw0{b~}s z?umea_Lz_>9Uw$zc9ajj!vHN@YRf)RLG;^wA|_Hm$LNR!0Xj-k$45fvO^B*4&~ph) zIdBqQId^{ScpAL!{Z6}hq|my+l_JNMtC^#*s7+65oYVFeR#RU@Qy}|{T9)vZ#dm3F zKy?Yxi>l7h#es=cZP*oM>w@H;&}~?!@xa0eF>}0;Hg)v`7^0~v(w{o9(p*Edoca?W z0S+})%`N!TMa*V;o+P!;=&!}Dss~wNBm@p;W?tC~`WEJF*1cZf2)s}9OWWBb5X`vl zpPkX!d>QP@F;yTIa+1_Uu-fRp`bp2!3bmQVbDqEz1AkOUt)nBH%*J+Q+h`QiUR&|( zkr1UBha!fOJ3^%W%>(&X+{MY*&`H++7c-N2MK-}yxId9_jkIB7zyy)+A-+*}E% zzI510x-E0^ZHb1>jB4L_h&^F@c1+JJ+2d=&;u+7I+@0|0N92UJVS8Acxg1 zKvw&ngPA-*>0UEk@}cZ;^ErD#ST3~tTSCibIs*fmKP+lQS#&ywG`$<)+ zZx(BVsz@d(U8u%(0`(-rH!a26Jx*frj>%;817yvnbTpD&0P)r%q9_1|3b&u_1r>j~ zH|T>l@M`zyvu?Y0UAql(O39?}H4cwhEVK}NO(4+zcD7}jLPI&e@CWxpwr`o%XAYFJ zQK*jP_as{9I0J&VUlhHO*Y|EYXRUnu{C%?i^@j$9cKVZI{+NO2kK!7!dj&r-SqbT! zfb>rLXJM^p8bhp?I(dEy(ar0p*kwc zfZUI(bIEr;y+>SiVfD$BXU_l5dM`NE&-3X0C%Ip3iZ7+gG?oJt1{J=gp0AvHMspSN z$Qku`y_Xsl{eDEabe$J#Ms^UW`n{FL`PM!E{_0rU~E}K&X~U2J}*^G2H6%dwPCu(BmshyCdCQZ(QNV9%FW-K~-0MrsKJD=vIu4DR>?V#n>z>YJ z7ri30j9aK17cD|{%%z*A8Y-Lwp z?i3y;B9R2!Y;DC|R&)}ORb~Yg`$vQ)1Ddvrs%hP%G<+=bLu$t@9uvtOLNBHBo*%i+ z!s{;BBwtxS3!1wQCSU&qqXrwAn z(oL}C>1ZU0I8&Q%npyp^+(pR-uyGSlpTmQEi#a@2f&k1=1#&oduF~OgUUW8Q31s~M z!q7R^BCW$;I5wzzx}0gv3WUlcVqF^eML4Y_veZ$5VaepjOs>hV}xK@B$j zyQMEmohuJy2zcW=ilS*_z)H@Yiy{YcjZ3pU6cy2kSQ7t<4 zE{dzV)7Ip-!V_CdkGKVJIZ13HOZ+f6yDzb17(>pi9K+@b+(P`Hlk(bjzVbSYNB%x7 zUrmD3v6M0u5KqL#fseInKSUhYxo`$3G$)2CedBssx)>3kp7ilRIK0nHSAFUF>`abQ z1RY;cv7TJx{)ys-ZpVu!}Sju>FYy^d815>3$GGhBC&b;g z`A$HLh(KNo@Kv}|*->j6F2dA;{P5`>+dn+RqunK%@44~!8u7V+q1E=tjWc}L`2n9_ z>h7(BH5R~F?dbSAfU!OCUCcTM`UqTISPR_Ctvx&BMIT=WNRpclBI%;p=_I}8H5-31wCR-{4!Yb zbz?o}Y0A#7_Ebl#wOXhUhaJiWr5*8fd`!z~E}shqDIc)yFrl??0Z8!F3x|Ie<3oxC zZ3X?W>SX;)_Qr+9QCNRmL8wIA8r*KEghr~wPW*1*GmAVO2HRUU+pO3Jr<>uZfW0(w z;PxTiMj4lr+(|UA+P90QAQSJE%%QX~tBo=04)cSoP3j6%)n`3>Xff|i7giv1mk*J{ zk$!UU!UwNTDJJChPv9xvF8k$+#Hhteng)FG%(of6(9=acu27!dUkclO9~2CGsuNU}$vZj$vvvT* zBqHgOOgwYrnI@Mc*IMeauWHP*KnddSnAsoR+YA|};D2^mQA3=rNaaay>r#O1Nv@eE zjDSAwAllsuU|;rmhcqmikWrg z0|3WFf5~6zy}QKyh5*w6!k*Av)N_U3g~Zo7QHCl8X)TjDqawJQ%crk>Wfx1qiC!CW znLZ+X4SccMokU#CNdc_t)woksGmeNa^s;}{jNbs+@2l1Pi=uU4`%_cuByIrmnKMD4 zAOau^F{MDY>wTbH$JNcDexl|6_Tit(t8d%_Z`%5yZ~6Ref9XDnFrTImtN2jFcwI`Z zyK#M~Go#Egh5Mi|p`G|mx|@T*#P)@eo2Vm@{ zq5Y(SR<5BJF!HQjwFyFbLJT+OjKL52Z?SJoPepY$ro<3@?wux@CaP+a3W)QjV|03ggKjYrxOPP~BPX#`?T&1=)v7)>nz-Tjrt^PQR zgrEJPHUH5Y|9`mxaJvDt)Bmlc`QI-g^LeZ^$qSk!bQ*d*7f&M=p7=>W;^G5IU;l?Y zlrzLrFp&u^MWnP7+~x&dy8aKZ)N5Sb2E%=RSbi7y>COd>eStIeeny1eRyBJH{OrFL zo^)ftwToU#r~fR8JJwZ0rWcxSrhl$O5P3-Za?COhgL21bJitMZNVi_*qERVF=%)#! zRoP=)_``^v9jeN}r%*t$3nNxR;M_)lo(sjp{GuZ>@2*GC$b4zHqk$_Kx$g(4}!0T~Y`dAP!ar0+_VTKa;BTV+8e+4KrGHj0nlV%5KEy zYIR+PCf~mY@}3S5(YbkDcM%`?^R#|2hcr$>6xg@nfIfD@QM>z)f1)%l{cbg&tL0^I zY%+Dv!@Nrh4G7syr8HY4j5JPc*6~ZSvrCR@F!|DUy>|QQ#U{n|YC5k$xqo`orX+?F zIxd#7fdCigXzQPQ&vgUJxV(HFRYV>@HN{o8aIP#1K`A4rw^M1^bz-F^p#Exc0$IHm zis0?J_9v~?TO+HX9)q}xUO-PmO#~EWFFHamMacqSJFu4WD_PlMA-#n zW4ebMYBbSU$6By{O8Dnn2NJVC1b=q7!XyJ2DrW|Lp@Jx;ZgB=Ckar!(uYam*CUegh z(2Lf{&LOg{FlXT#-6YNOEgl!xZ@VeQJRx%kG3eoXsJrC(;(;%FET034qQgcFlCnP& zKGcF9q{s*`vfvbJd$n zyErpRU!$B`c!0a2FE%;49fXu^^dkvF71Q(*+*c9~Rc{|dkQw}y1C4wscp>Ya! zo&ORy=Tr3q9jx3v)3u8~9}(X5uc@vyfdu*ds1{6ZF74|DsLF_h$hF1*A6DK|>#Wzp z5x$u}2YKkCL){$xMeZj{Lse#Y**jpgTcYE31O4eeQ_aSEC<^wk9hv(z+Z*xv-}R55pRrrHo0u<6H^5jzrtCeRZ>hVmsthMQ zT(Hx7HJX@L z$9BtU6K7t77nFF(LNohZNEi;KFyg4CJg^v-$!dI26j5nJxMGXoPAsG7NrVXq!p2Wk z6z7iZ*~FNmokFR#UKMKE3~&b0GS{%Z6$$&VaOlTVEQoD+c;)h(l#^ur5Ajc#+U5$K@n_NOgbgG!Pe1U`mhmD{kl`#C1w$3(@MKj4+ET(aCZF)n92 zJvim$cT@k8UBw1m zqenMkC5@~2aiVk|g&o(ZN>`Q9l&-mu5%j=TLahYygsxtL#=}w>3Qo1_N*bjX6ZN9? zgsZK5hZe=zNua#nIZai?rk80R0x5x9#7{*Kt6+SHUB0;r;r)igUi!r#xG*<vmi^%9e-3$C!y8X{#I+ZereA9 z@Z{}%!?y)olrg&Ra=b5KYSeKCO_f5mmA{Ddww5x`Iqm|eN85FM;GMeX+n`#5-_jN3 zI`8_L{sJLhevZYrH^!V@$Ok$n1nF;azui`H(ws)A^OR{S+_az=H(-Fyv~G%Klvaa? zp7og$w}5DRk_=8&7uc<;%4LUak5%1YUd~I^C2tCYv<5 zuJ+ng*Z(}YE|XdIuIe0x&wv!rR_tE#O>XTvN}H98R-?$NKchXiDv9)?rrma3BH&fB z3|othmnn$|vLpEJ_iqOn#hjrczH~7bw93)E*(siI!TX)mwg`(=0#Ay}+X6KJa}$Q^ zB$wEVtc^_6cUPLdOU4z2LVl3> zN~N8SKU{uc)^wjg@EzS(sqxLqZZ;FQt~SwH+9&7|Cwn{iG8GTR`uLMRP+tIO(fio8 zbq?RB{^}B9Va?CBQI6daNR-!L>hamoxO8wmr2DW^g0NKVEnO>f!D+Y6$)`_1?aafz z;t|)Ex1{evjDIOpama(4e#{#|eHtx(0Tny>%tXSIvto6n3iLh?Y-oQOQnVueQMP}R z&YDpsOJa}u{PbA{=))r65X4q;#(oxJaLb|$^W(VLCh$CN7cf4U$kmScMO$rj>#pPY zc12e|AYDg^TT2D0-FlAt%vy4hhi?GsK7+lXm2e1~LXuq5{K4R=YyfPJBo%F2kOue% zO-<&h($gD`f5+_E5X^*$E}Nf+`Wa%~NvEUl-nE8XOw#aW(MTT-tIo~5A!SS7u*o;H zyQ>PHJb!XS;6jbwo=ZeD&V`gs)HHSgy~h!M1`%B&6Yxq?&l--n!Dv%33fK_IptI7V z@6*r5sVGA6@V{Y9s|Q_i>1o;GFFw(9N6c0r02TkF9xXlSOTq_E`6)~ZiHUV-4DFV& zGb|#$^gAoi#SBAUWF=&QgFhQm{5bpAy_r^jQ7P#M=*6#zJ=^u0xU4NxHLFqs#p)qg zZC|bkNn|%KM|$*^l9~jmzu?(EIyUuyOev-eTL=Ghg5o?9f7u{#IDcJZMMXoeULmR9 z28~gH`s2|>!ViC+4nA1f`ar5j^NJw@QhU!%dFAYZz3JA!?M>mi&Q0@8O)+gA8&nua zY@f#C`$p+CNt}Zog4^%b_I%KhL_{->qz^wH9O0|}MzLP!`XnM}Ic8y9zlkqq#MNue zcyRAR%)aEu)9lc+4foGMk|SRq?7hZ$khzn9pAK+_Y-7hKYxhb^Y`wEN&5P9#1SHsM zgXn4@juk!(D7>>`jQWlb)O^OBE8Tp~lVfb5IEnuv<&Zcqme6iKwlo=hwAA-5BP~aC zjWdp(4xSR9&>t4&hbLZg{OP}{{`DS(3}kLvh?(yFSD+EbDzGqGzmfIV)_l~c&;J9Z znQIlQz0$a$F|8%UAP;s>h1aq__Z``zs(kO=mNS?E^mC}*F+-wvN$TpcG*4MU7=Nw@>bDGRC^ zXmuox2oo?s-j^TWayFImJu@>8K$j&^?=^lAC{sy}1IAm=Tm>8xv@*SbXyc&s;6_x_ z?OKwNi}mv_!K`#vK=0U0a(}1T*9NM(eBqMiZ9^EjOpulZ(5LRPhD%JuE4C%V4u`kG!DQl2LrI?PfpLOH#M3oBHa}(|JV!KLT1Cr<(IV(tJybp`nwj=Yhd$A(G0| zv$+NqG8Z}Mb0(mM;ElvTy55vP=xKXbNHLa~z5LRDA`~PeIxU5sZyaCV=A)`)yMT{w z|DE3d_iM(1H~)7~qAs8lvi~`5uJ-&2@WvGB3$46)R2MPO^jQi&CN*{8e$LYuUXYqM zfAM_G26#>KXgymMC(&= zasQQGDnG>w7*5?6fDL~v_RJl{2(MoK2TrH7L$bR029r-~aR;l65h=k0bzZ4f%^7 zNdx#e@V({#|KH0s9E4-tR-+|Powc&J+^%d6P;9RSS{Hb2S)4t>P8-&q1PPnlV4PKp zj2*p|=kc$ABK=Pr_PA7=g}$z>iKi7^Ee#vgvVmiD^}EA{hmA|l_F<>HQBU7c{8e3| z-usc}$-jkY1WeruJ9v$dsDe7vO)H&kjDdRQ_Q z#vcZlG&Vn>|4}o9s90#j<2C86gbxl3$GlKMzXMm?^6et5am^MjNzj`SG=NAU@+j8D z?)M>Ax|25tuUhAPG|j_hhl>X4z<@ty0hi5Zl^(3_ZNC%3t_-+2;bxE5GY;J*e1#f8 zCIPz)c8pS55VH5^fTgdf+_98Z|EAWu6_}x&BV>hd?|eTUE#VL(OsI-(7GN05Vek!% z_zw36&d0_0ZO|=vY1a@9=y^B%`JZ+9_LV}DX(muTG53w{X#Q9UxuR^6C-vYwKL}Ut zRg%B+Zs#|me#<22Rg;f?2ld{zr}RSd_S!PiE2^0z@MuD9#g*yod9z@tWs65MH>La0 zIKvtwii8Oq;9$~10rEaS{;E6P6u7?tmo?mCYMwrurm_l_I^jw1Tb*_4#X{9w=X{sw zOO30gd~tgTfpaH4LMyzJPPc-V)`=Ed5Vhd1OaXh#OLHgE0S~S4tD3oEC@e&OIejkh zr3(AgNKUY+&~#;LJv+g2-$znw(fC^e_{*CR3* zanm%T>GhUl38HFbJ++nWSf^t*0k_>%U9h;FK)1=ANMtgTM2y7lQR-r)7?VwdzW>4? z-d6S36uu%d2$R(Xjc}5*oq23pq~G!rB2}34Bl8kzs#EH=zcb|M$?fScd=Ql;2gGT; zq8K(W#SO4v=yTg>pFn?cnrt^S5}i5zsZ!e@ay)+)$Qd%H-nZh(yaRE+&~wvYpe4Zi z2JY9F0H}K=AQHj^p|D;E+AE%rJk>yLBa+wl(0MthVeCT8>(i&;m-0s|FXFq?o8n`nrq0q1M*EF@*sbI*7kRe{wYa)!LAtSlNJ!C1z+wIp zG3xFsJ2x)QH!i5&FkAU1!YE}5pv3(E9jBsct~|lI%K<<5VNWtQy#vK>M?0Pr9hu^1 zCoIx^r#8>Fa<<9Ple_b&LP3Wk6q!%O{ZEiV+(GpV$~dglNS(}?>dS|I_CtqamSm^N zXhe;9*KaXVwVrxCRi^0?=j5YDkTc2Sky)qknhF8MDYLnKAF=(ipMAEn@QN_H>LjXsIDZPX7~Yo;0BzNE_EZW~q_ z)0Z9)7;&oY@mm*;l{z^#Y=N|q&0twM#;#poGt?rN&xr33SFG`+L}un2hi9dtxE zF`5M0qaSgu&@xsO_{!%oCpbWOk1Bu}me7%`qqX>T?pqeeWMoidMj+BncexND7F3K^ z4-nyGw=Ss0oG(*zs%8Y55fRRwp}6*R+0%5}F42O@mgrQOKCP11-*Pf(=tvuf&aNil zWyK%nxO5PUcNW9bb#)Jl-`EaJ6#G#W`4KtJ1Wen$&y{NY?X`XWlc55F`(cZk#xIW< zrqPrZ*&U4ptOgjLai|E zIzGBjyJnHFypQ5;fV9^e^tIja>I%XR;`hKX|F!F1Y*)ZA48lRO->y|#$Kc682;WZFXn$<&~aC*jrNhosjB@2x0{anG{{ z?M+9Zg*lHFh#-xs)RY2ub(?^C(;p=yY0k9A`O>=h42G!`smdhD$r&;7DR#dpI}c2#_tv15Y-^rsD|v_Y)ScWzzH?~ z<@lbc``7@m3RnjCZ;5xw(xu0*`rJS27%JB`K+#V zAH!x}On%WP^3!=*pOM*5G)8`y`Yk@7MG}IhYU9GEoE3K~7!jdH0-MPYeezNeywm2@ zWZ5T)X-8Jj|6(_p-5bZDCtt@fHP@r-4&d4RCEoAstE{w%{IW8}Hib2%~8(V_3$>1ssR;O9!f8+Di9^>e|>2}6yLA(XIZPg2J~ zq+gSM%h7Me5cGgk0Pl+9}O5y z?1J);5xiHNY!EoJ^Qo<#(y>34qu2c_wwtAwrlW-5KwlH*F`IYg=8@8~;j_3-t{PH_lu>nhOy`+Bi)t;VB zMxJ}6RbDf3@6@L}?>cX9W?HDO9cP|$A>9tVS`OP}Bo)%f%60FLE|vDoHI#>D^8=Xi z*fl{$E%R%71LFd4lYP?rJF|W;_26G+5~7)>#U4_>QvJ5yU6asBhHY%3tp=tyYSH~q z0hVt5HR&t@*TR82?t@i8&(BqBt=@AogH219azOU6Qsq}JdlE}k6};Fbzy)5lyYwLs zN6sA2o>?8#r>j<=7FDS6pve0j!y}t5tq2Tk%vED)iEzY+{*Oo4pDpSA5@7smi}{Hb zUn8dexEw(<`IPX0M;^(G3#&g=vb!y(8R=ym{dnDj^k~@-mRrI8i^7xm6c*rfP|eiL z(sirf(oM>refY4XX(vbEfnSp>W+322ej<2vpywrhVym&@4VamezP;iEz!+3EwPS-4l&{? z?yU{wIew9)mu#{e<4Rusxs~8~x7L0-b5?^)SePT$kXVCeZVx_P`TFcO+m zU7Fb!E?$?vYZK5Pf>lLp{5}tO^E)0SU_a^cD|snNtXBL{y7m1t2jOL0xOMB?>6)!i z^Z5O+r~Gtc9R_JrLAfV;p+qa)L2xwS2=?1{Rbw|8JL}tP8LNLt-lfMkpy-hmEi|BFZGP7wvW|T~YRtL}$ zsHUtmm7`{y76HyBd^VRiKq)GA{}t^dYgBIpoQ$hZ){qf1Eyg}~Gy33e3>#2#Sgd!D{k94} z9#U&D6twm(s5bCS<9NMY6DK56i=YR_{j6y$e(+H0fEE2Bj2`9Ji=uJP(UfpkZ?4Dt zoD-gIg_i~n-XumeorMP;59$qR_6NFkUBl^L?HmZ2-8on~yjsbgK8+I3ZmqMF{VgMa z0nEk6)YXLaCeRK}kR#|d^yz|HPtqa~VX0r+x#3hg`@dDMipK1E1+)sV%Qa%K{!?LH| z{7hqdb|J6)>t$j|-v%KoDNCNGkds9*T|YEwlL-6h>VlVKQvpi28**Gj2iBN1BtMyc zNU=+BA#Va6O0>HKG2<#%rCza+x3gmu>nCm^y`_+`=raQJ?5D>-8uPy}%lgl(&P@s| z%@OmEE=>CEe1et&MV;kont}CDZ?d6LxxOC}{PVnN%^^20ci^u;HCqaNxxp@39ZCCc^ ziuXVMIfVcF$GuSL0GJW*Sfyx`5VzU?GrN~A{m2k;X-CRj3pC$Ve=DyZ(pJpp`JV)rRg84^#hvcboNj4ORZQ1JP;Z z8Dc@q63q?Olx-Hv15;9hcm@jV5oB9IR3f|OK~$6l*w5gBNXkH{nHeA9 zr60?AIY+$*WT?pz``iJqq6TnUjjn^(MjGvZUFH}^UUG;44WbX4k>~X#Ct9|6hYC@% zuxs`@R_`3}I=3@gy=7XDA$Dv#g)d-!Y{HsAe2KD6ES2K1XsI%isCS4HR+|l+6oC%7 zH<=ms&{na9j zYEgdkMBB?=%wM%7?Z^^4o>$Ph39&6ASXmZyNisSA>_)A-8yuOu3EUv#LQLx$+akk8PTjDx zB*@x!>BpNPIwtkLyU?Ys^vOqHdJ}Q~CT!hvJk9p^R%qLdolZ7~W5JwD+1k;_6)}`x zdy|ep{nEoIa*%MPoi@|AYCDGZ(2 zKBOV(BIZUFzce<{Z`pp~BPf0<;L+Rc5+-A6^wQm9V$TD7>)D2C)Ytt zaLV3w_C|wtxa8)MPwq?v5v=sNHUdSwOC0{!=+xT)X!H16LQgki4`$~uDJ^zy zy|*`SBYY+ym*zvs_P+-^6f6$$XiO{-7h7(d_>@*U7X7RHzPI=xwcTNJX+ZZE*twwh2<;P~mRi(A#B$rR3c*!Ku% zeDWl#zJH{vU?uLWwip5~oc|HnrEYp$BavciYpQE85KBB6O4f~bq9#4)h0x;J2V$wOWqp$!YJ^WNNf>A( z=`~45npul4q<=f`e?NXQvv!K*k1BW=NezDQd zuc8CaecX=9#O(yF)gG0hOooS+U=&e+-MsS|Hr=!IP^k3IHvWJJ!v2u8i}=r-o$W&b zDocYGr8hCax(OF4)<#03!aIn!hFc3Ffri|t>+fb1Qwl=qob;pKySGUAj@78xIqH#X zqHpNPwZAMiskDJR`lzk$riF-YIu-0ltUq{X!hndZ-~ zrh;Juo2~-gCv!J%mU7I$%6gFVDmi3GB@Gy(I%jVTmrytPR~>|@zY6Z5*Q)c^dkgyc zbqhI>$?045)KUL1YvBp4i2E5{ zX0;V>x3zH1sc6=J=cQ`ZsP47FC0!8XjImQHH*^B%Ic=UA7P3pwc5`3s3N2uC`)3Su zjw${=4t@9^dcHd%`6C*>S7D+Oa~AL3(2S|T+xqtSRFh1C-t?-k&1~!szTob7YxFe` zC$IjZh%LuLHu^zONo79ldG1)}^y+LAp6%wBCXYMV(tIBGyui)qpPHH9iI#7~!b{H7 zAHM;=s6*&Wg^$wv#it`Ix@@MsTA#g?|G-{f6yI(;c-7;GD(CoAnDCRcc)yist)bO! z?`ncbMD#?{O!%j)k5=$}v5xgHl#NZTLL$&Ww)u_EqkAc+;D;64{f(BiZg_J8jpi$lw+#d6QmZ}Gvt!1&nfGhP8*pnp0k3A#(0g8Hhoa|=BW zNmuq{6BJ6OoCa9}$bfWIRB=l;);=tk({N}S6xRl;-be~qyrgsF_`In#P&>9$JER_l z`w|0&iwfJeq)}KL@869R@Divw5W&fi1Fgl3Nfor=A_wPH-^&GC=a)juf5L660PAqU z%^lAEA@6rBnaNX{fW7QSEX zy1|;I+;k;2uhmat?tobmb3Lllyk3K(ZZGOQ6JLyJ!S04&#-TdbLF@NPMHZ-YQz z!zLP{ln)Dio->pt`9fF}z>FiKI_|A5`B{Te_bHp{RsAH=yxSgr&b`JmTeDxN=>v=dAgV;$Zqa3Z0qhGT7lQfCNjEZR=#ZXd zdfLp3guNCu=J$X}U$ts#)g6h`*TA|zPP_Rg{P9%ysX(C%r#F*^;z$mo4`R?{aG$}J zng~^3e0Z7tU7%6YTR>?Y{$|8`u!iEtzYPpW#UpFT4Y>@p3Gs2QQYNPA@6Q&Fxs|Lk ztb$z_qe>aFFbaj}>D5uGkIsYN}h z_3rJ&IUoE=-|>qMo89HY(`wYvMT<(9oEVbi^7r{WZT0R~!%C|i6H6RKHysIU&r;Dd z;Kx!mB7T2ddq}klJH!C3G)&TKVw9}wm%j`gydlaFfxRsXH+dzsU^>GcH@q zd9r+MnyJi*q%bI3%3eZHlF%H)7j*`Hkv)P|IX`ghxNwmQzvnM0vd!d`(P_ttdzDERsPsYl<6r zO~kI*MT9zT?b(0&2LVSsg!^7%iDD5}{y{!qP*iNZ9hX^~)ty99ObYWK-z1aw7<=$-;zslrxpuO@XXhOPdF zT%bYvdea^Y?t69W9S4f@(5SgOmH>xH`jqrp=wzVMw(p3~`nKg2Tng9EEo+D8{|9I9 z6%FU(eGf+x1Q8J}YLw_f^j@O(-pdd@dK%Q~8n<)AgTU2HvKdc>i~3P2 z%WB_wE<18PXB!lre{#*;hHSm0 zU|F-UX?mXHSUaiy}3?V#8}A0FDcAY=4T>GDUe$i2<|lS~=4%IAXzbDMW8BEM`pi@&|1C;0h0XdYnq z=?m2A7LLqsZ3j=`UPjK^7e{Mp#WH*w4ytmM&4WMv!2f09Uod@Z%h ziUz`DXr5*E-%{6R@?94`v^Z?gNhJD09{6=~&Y3#)tW)k*GN4Yt3<2Zl&KtMGZhvuZ zJo2)QlT31R(&_eV)9K{IYC$#sSC$&BLjQo<9wdfLB%ba%_$sXV}foL}SvsWcEK0|3qjUGI>{5?f*Q1;2vdwZ}0z5zH4 zwAa&RwEU|!C<|#$(bran1}5k`bmi-AQJq%634Ya~>Qe3g0VB_GsC+=eADQvAP*Sbu zD2D?HE?gxv$00*x{6^4gssFb(th6f2en)I#A}xmR!lbi5wmkG(3yn0U5?%<{w*s@WMvBmy< ziMyvEN5OEW*Fk?THWE8VUkr~YD}7#$^$hu=AJ;eaKFmBgw=&p7jX;d(oHF69w-1GUx~Qj#7?wP;a5M zzc?Mhldm13{|NIjZf3%CFk|R+4rsFx9@^v`kD*@f`9=MC&>2AcGf;Y3T}V*FSFxw16gR@zb!TnZDepJN{cY=0S$#R)O1n z)H@|>R|dT&74~Dz|{q6v84mdD1hOm_`ydS$8a|OqQ))xFpNY~z}m*zAyv$9hAz2bES8n9D6G68Awi|aoZ|lx1+V~$Td=0(`n9FTWWgmRUItq6NpB7>r$j6{a0uV zD8aNRt6n|<$3-FNm(fNb11EaC64s>k&~)R`RcmBsSjWXP;>>J5j|UE84FmI;qEBxh z7BEMLWdhon{|+wzlC_#uU>mZ$2#)6hx5Liw*Ix-VLESg87AS_#TExyYbXI)82dK1B zr-83to9h?3lqxQ=j<}dkke1~9gp)33X0B}qx{vW)-Ge8khdvHZJ^|6yd`t<`+!C_} zjmJupi2M+3nBHyb$kuXQ{&wy~$jLq9Y>9w}8DE#2-hk4IhIPTY*UM={6c#0nKq!#;LjUWxT-Rr4??2uPz z0C@^umRnu47*z3CgIeKBrY49C{`z0YfMUV zi+on~?)t?17-Svvcu|~w+bRKg|LMjm#Dk-wM_(7`)9bxD#*C$0=_M+0_Xt@Mtd$;9 z7yCQu8ikcKrmmH1`^<{;w>1S?SM|~y-|Nk4GZ=Habwis*4EOI}nJ9+cDvCjLQBwfX z6-JX=wCJZ&nZbc!>JdN0^+tdGRUDaW-@N|j_cV@}h4nM{uqI3Lmu!+34cEK_n|j;2 zyOsYW(cIX8C(IX|wKiJ&4`}&R^cYOvV8G@&u@h)xug?$Hjhjh0k>6;)AgVgsVK&hZf}ac1)^%JG&weKjOCr8yooiV>iF4 zv{%Sr4ej$y7$1N$4hK0~<~P5YM}05Nw+YJ??ut`hy%U?DQ+R!GQN^vV!B@MJIbdUI228i-`;av%3HuSSG zi&dNzKskKUs?gG-hmqLA6&n+S^mY3xBHrF9J9E)>)zc~LCJI$EIorFg8wU~1pu0}% zGr$VB-%g%wzS}U?XPxG{O6sw`P{Rekn$OjwX0PZIPKtPBIs>x27VhbJKX5(q5b3g+ zL0e#;YMX#bWt@7qy4&yBvuJzwzpgKJ)9=QzJzTCdz2ZcBA}#?+xzSMAtjmd*u9BXb z5m%IyBGHz99HD%K6{oAWSXLctzy@-tj>&Sh|24Gats)IdJ9B4G}@e|R7=0W91`{{{jA#(3!m!)a4pzrbJp)7ya z3sgj#&GP3LOP_XBZ&I-AjF-|6)10aDq}?_BURePWao~lB|8-dADCPIL4e%& zl{4DbUEdIIO8}7iQA7)$N!XzB8u(4ZxOse0LU%ADU1Dw|G^Yl;Y0Qo=^Rp7>~dbAI0{t{z=jxPn8~O?j)5__tI)d1K_gqxMa~w9jjjlCoMgL^{`t5R{o= zsJHFUR0ic}Z^fx{MuNt4$vVY9K~j0PoQs`h^<%sK%=4M~b_rZXfos7urdU0T4+Dn3 zCtOpY5iirWk#7-Tl>Mu+OcYq8jZs5kIk_4Yf{x#W76OST>Y^ELks{q7=_6=S=UZg< zSQ*_-S>YxZ8w*dyfxZ1&ZO$5@@hgQTtn=6*tq7IP~qxPY4AXyc_v8matZU<>cC>Km8 zuxNH+Ji;5fc%P)eJKvl3+oKj$h)(zqzL#7of3fiI-WGnj8V<3pK}ri#jgpJ+t?_o` zzj`%>?}I|-y?-dpkfv1M`s_0o$8y9L`?FV8dXFZ@n2MYVXR4Osx9!6H<~On)aF!13 z04IT$#MG+Says};KZ(O ztoe!rJaSxuRQR?Xbl^RK<}836wgt}t^%Q^AI*o)yo2e~V1iqtr8y$_evgWf4X!m7a zM_|0M`0_|dFq!;~@!nFr4b15r-?v!SiCQj1a(9Bl^CC{H^>&M7DFY5Mhl?aT7WlZp zd-q}5sz7P7*785`rLkPn*5a)gnIMSZ8TRgYD?%8j$S2f2q+2yFZuQgWc`Zg<|Z$_K)I7j z?e*PfgRTyYth*GTE^K*J{Onh-Xa$(Fz02QwE%n!%is@)TzO(zJJ8O$#0cZfBq-$+} zAhgy{8u_n^*;Kmn6DqGj(W9FdZhhX=5~anTo8z9dQEdjp6txBUyK&{BMNJC$?T;5H zMd^JvA|kHtF_*nl$r%m(7=IOo1t`srcOB-}@0GKhE_lkM1eZWFUM^cFpv?u}rr{6l zK4Lw^Pb-x#pedOz-#zJyh#o9qLFP;%?&_A06>N18(?Qgf=bd`v;s+1zD0A&K zEc_Y+U7Y%&rVI9LE(2fz)r+mT44@J@XPlAr&j{sBv>E!#fNOe|ray%>T32|1`yYfX zO93#3+zviFr$c=~)rC)P8qQ~%4fD)%{VzL)I|0VM50;TD@a_GhhB*_-IML4|&dtzP z*SC9=9a7I!XUu6!ei;2?Pf=bf5vFs;hB1P?q+^NO6Nx)ckq?e*KK1Crz9Vb$)=V{_ z)p88hWp!m;%J39g#1?Q5)OEgH9TS~uRRRfuE)OW5?pq~^{KZv=nv?;p3?lc{>MA^Y zgUd?q@RE{#`Rq_)0^?RU;kxaHLz z22Hu_bBUj1-@sm>FlGoqUBAjXr?-}9X~*gPh!mkJ9jwe&!cb6Q;tq2I80_rcmukX0l(eSnKr&BW^9W9$qKX3*F8f%BX7RE z!00(BPf+fn{AC@oi`F~uIAFocw%AOgCVYR!*zK(pFU%}F%Z*AWI&R?GHE@u5_D5~& zTP(3wa1+OOU4cNJfJ*uo&H$R5kk`vC9&$)gb5bL+);AR*OTUcC#EpClyT}{iUH~Oc z1;4v=MW9N79+S-^{0(QdKwjrT*Z|SpyTU=PUb}Xc8CloGHek`A7;{zfB|o1bzFBr| zz`_IOzIl&FZp#Om0j07pzWkDKpa7C;YqOHmiw6JyA~s%28Z4bQ6PfvL^Li`h!4%`2sT?5QSD*0BeG)>hsD1N%l-l&q{L1o0$+&lO z{=0hNUj75toiD%Q7R!kK%e%n67L$;O|H|ko91iV$3GJh?s)t&ox&O-Ofy~t&F}i`k z!g1I#cVO}~j*|lL#X0p;U3T#^8D@Y5$VL7Xv8X3wHo`K5keb<%_L+?ZH|^z|Fl~F? zF&%%Ur2R(DGM6ct^+`wYHF8l=FL(+_xz}snjAGN+L@{X%6k6!x&CK9zCpVkDg0`EF z&QFWB-a>(AT~264J3@`lN21Bz4&6J*FX|?`Mhih!Zw9|Nu#HB;zy7=w%_|;#e&Ey4 zG{U@+Fa z=~r2ZzbjFIC+;o6c`@ZTbT{kzcO4vAZ2h`7eUqqdG!h?X zt&d|j;tqzBBbg{OU|JPEv&`A(u}v!T?sg?*uEg8@e&xfLnH^a@n`D-r??lEU(FDw`vF!+e%TfZ=ZR3J+c z_0y#7luRgdhd_+>90D74ATV#3`LLRBn;BADu9C$QaO(}%iw41N)X}3K9FPJeN2>#@ zGVEp(_o@&#P1LE2<*l>jz!6Ott%9up(tBRU({9|`hXzK|wu$!10$#d6xD52#W?2gH z0;fJ00-a_QoMuW%b>8a+DXyH6>P=6v%QU8eAN)lp~ds^DlE#6JKf+o!dfda*+k z(#93|hShgFelDq`*z8?Bn5o9Lw?|B1!16@w;8-|uBepsA@J#Znv%8# zqak}t*&t)jaQTrDywXkCJ4Nd2-*+yfvot`(+!DC(LT+(aJos1F24n>+5)QO&4vmy{-y|tdi z`b$U$LOzP!g2sK>uqvB~n}~L$@tFE@y93WdzcA=|(cz#NX0d2$xo05qVtj9#bQ|16 zASG9Qr`t+@XJLek*NV9^0eZq2j&_p7>kSUy)Q+60PB*{5Re=DekD$f{o6H_5MmJfT zR)kGj?;CF&Hc+)@Ua&@%e^Ap{!_;rCS>@ztuJ6XpZ9x~}<2#zo=Rz}ZJ?9xZjgYBY zEhA42&!b76`-e#XEaZMWUi>hAyfdJLPtsmo177ab)ZY-3-SCalzLCbsMR!JWN;LJL z{FKB#{zBFGoOUhYLzU@G!hTrSa11oXH?c-fqnBD_VaGZuSNJ||s`tSZY!z&gcssGX zwX8Cq5Wf(dR)n%XM=Byk>Ubx%&W3bc&-H9>?FR;HIWB^=<) zP1I<=!*L$n@!pHJpAKNp?qG}LKJAGHU2oB*JSldb#?n7%p@o1|eFbk;7$D|4Z2=$+ zV>*34(k@l~hEfk76zcooXMg7sg829g51Wy z+&Kq##t$@`dm>{mnyPLs`mm}I%bSQVl1sCdE@`@lKDM0E{$c;Ub%d!`kb_)v>{Sja z+=(`?u;0(e^7|@lN*?2rl5|rt9h!Gx>(4@SzNM(nnG}s{%yV9b4*jG1uKl$OV*dEx z5iwR|JjUWb(`VO$Mif0R{2#Np85mw=S}fj$etUM-&P>XW7F5<8TkN!EC(pHms8Yt= zXm$hUgq`Hcd>K)+?|2TQ&iP#VA+x8;utL1Aad@&4RI+>Q+*LyYU*#pVmje`AYMaWj z3rr}b#Wl@xW;#y|bbBr`00*q-&H(bTJ`S_JKNoP+O&G@B53jy=^Q|BK%_VxOw2T3C zFS|Y7XTU^tOo}#qYl-d4fcL`V#B>HW3{`WPsecXdg7S~N&vK7lHb2vp16$LiZcVM? z1)XekdyVv#^_k#43q?-D7>SJHM;ULNraglV5uaBVhNl89Pk<9o#T0nQi{EecJwjAlJ;~LjDT9e<7NXY0qboHkZyTmVj z{P8!Gei|8?pHv2j9CWT~`=C#7svH`}V~KS$Nm%LnkGH@>u|e*+_hxNa2O*h$tpK;28T+6R;YG>qtD z+0RB&@tHXS=p|bJQn*Nb6xk>iuaPv`jthTZ+sCvDgH^eH-r%L98>7tfxcM3Id+l*p zk3K)K^uYyc5Tns{L2)*yQ1x|M_5zljbA2xJ|KG#k&Ebh3(LDu@Xy0ar?c1BNQ!jZm zRXOB$qVER@v@4Ci_ywfl+UAZhPX^>uHZ6+1Z_uczB&G%JW(3t7b~trseJ_wXpYEdf z5H?YEw91$Yzr*%1AYTj^2z-oM@{2mwOd7JR0 zPsn48yTl6yYQpf-&t}-;iF}(;|EV@+u*mYRKwFG$^efRk>`>?06TQ?VvUYB)P2gWl zlq;$KtD{vOQ#X=|0vP4{5poUgqqkViXJ%vDTmRSh~Uj@*CEO^Mr1 zJDw=7tyVR+16=vzsuAc*3}0elfMyduAJ(0{=n~vQ7Xs3GAj>mNUbw)!sCw$3#Gd99 zmy%P`7fq%*X$!)KgA1d@ziP;EZU!_{rX>=56-iU^d(n|0m%`Jq0EbUcH*c_893uO(|l=lw@hzA2= zg)Yhakd0Gf~UVa*$iyN35jq7GuLgGTh|bSOp4!xSHlR0aOG)5 zn8=Bq;!t>Z?60zYe~wJ(`QVj2&rKtAmFv@qR>i97=6V1A`L9#=sLb8nT`oA>%&fMe za;9m${>L|u2A^8}MM4cb&)w@$k3ZMecLImSb?k|byYfq^=|TX_$|p?)-qIbPUugfT z%OprA6374J+H11dX?yP;g23u~F}3oA(*G5s{k$0|nK@(`@)EBb0rKrLuZ?i+ScS`u z$RFfuE4u#0FkbPlG*~oXZiMEQO}&` z>{9xoz!AJ4!Q4asK%JUM9YQnLOv77#XZ)C!J?+|@&0vZ2(M}Zd^Vz$^08>$ZmD*@m zgzc%uFOIbiaJA^JzTmV@HT90hkk6>9Pkg_o*AHUX6vC(H+HZ0OUUGdq9G*5_!)!#r z`QdP578VPs%z}?@fG)g2W=fwimo=r2IyAFW@hz<9k~RWh%kmmaq8AhWdKP#4Uwkn@ ze17dx5sG6jTN1x<}i0|g70H_5mRX9YhXfDC+bmMvT0>z;6iN1jmasLNC%)@Nh{+=E2EC-?@<@k*Xf7MXJWp? z@S%VPHsFuXpR}aA$d;an+X&QHwzS&W;IP$^&~Oc^T}BcZOm~J$Ra7jSXVrQVm8H&) zdIm63OHx)MewXf`W!KzKzu0X*B=wvrvoU>@bEAICf4dbN2kA5)A*(SsB!I;En(I%c zAn3SfQ446{RDU`3G9da%bN09QNuMEabc(jh`eS(N*R$@AzfkBF-71PFzt3RkP>v6# zsI02jPt_vTL-3|V`v{(BoG)nlEIrGdlA{w7am9b46~dOqXY#k)KxQCqk_#gfW^Y2I zaf&$q6DsR5w_YPC{KLTReXVlWr_FC_XCW+tEyvT7uwp&M#Tu?$1zwAh>O{WIQq;zI z(~7q-PxLYYWn3++*_8X0M(2V^O-Hb~(NHhfm%Vs~xucIEKU=a3Bs}Pw54TP!hZ_7} z6qBaG5sfF*%{dgG@D9kBBLKI-K7m@n`Ai@V^1H_LL#!)C4^Hx1nDU>A3atUs0S(6m zR`%v;>TG>GU}=8pM!OZ$C+|Wzr|-1T%o7Kp3#$&34Vl|aoAqu-wnKy$&02c2oJe9X zo8!tMNXulbetJoS)z$-Ch|GlD4=iken8Qy#nglXtv`i@C@#|Zg;Uj>Zyyqru;PqijLOWrOF^7csI#Q059q8r(~xn?i+j#1r1Z~-qiSa>7uWie z43!9IrYkkF4?Vs7&wPE9j>KNJ9+R3mHU(>1VmHV;@-4I&nSV4n_U5`HUK@RTk*zXZ zu6*$GVR%4u9EY2yk$zZbGfe*s-n6_=7=&RBJ)YRxa~C=KWz{u^wR zb>;FzR0;d%Rw$)fAFHR(i=35D-yt<(@JN$FNw!<341salf#`1KtuqdOdjSKw>`Wwn zw=%_^wEIpv5y5^WlhP`bB zrXqVVA+)3>gZAKeP6q-VJM_!?Q)L7|)&}oSjX}|u6wN*FiW)S`1`w)8K=X8i^38~% zG1ZTvv-8cvj9HB3?l(L9@iUAIU#FG;huRKT_ksj+Ae~(OSFnry8ILXhK?Yk{kLcKb z1cgHE`6x4HPNP>QPr_prc?UjFO!P-WQxnJbTyQSN>xWnwO)X28kRI|Mf>x)_FA|HZ z!-m||jyio$RBgbDL27}ozTpVjJg?G!?uT_TR?-_ng2X7Cb#~V`JJ{r&&YVJuYBKKtqa<1rAU!#-d}EU%4Z_91w$QE!XQ9Z{zp_2| zpdaX0Un+M{?QBo8k#}+jcd(&O=EQ|VZsR#};&Yd(GNXH%CkFG8d!L_<)>}_HWEb(` zZ7Bc@NTHN9=Hp>g%8+EFB$(V$W875OXh8oD8J8Q4+5?9j&SLT2ZQq~#CnDSfWmpfx z8JRns@3V?QzZq*Is*Id3X!1}-9?vAqmCR~pFQ9QJ4Bu6L_tvNmrj2>eIzX6fHPwl* z%k`IfiIbm{F@XJv_zw?SG93|G=tPT$Gt4qz6E4cX>ol~J0SOfR!IhN3EMYs)l(&uV z9ko80L_R>eE&o&bT^xxn91fPSHQlS$a8^RzO#V0>Jpq&6+`Rcmw!G5#&YQ(eFZvWFXHK04WPA$Jvn$?MLW57wd=4B4ED<^sa$qT ze}n0L57-tQ8B?|7I%J)UTaa5#oAz@tp7qQm-V&mC=Q^S1mFyAh;Bd4N9PEB3>QJK4 zt{RyvFj5$)V9k`hTah-cDx%TUH#hX85O)|=j6}Yudw1Z#s>%x9Yu`kTnA&Zv{8Z;W zTpxS|T`kPfqo{~V!)vx#|LmL}=RhTNGkE!};+n&@tWA zE_%~gWc{L?*bRR2i_AU;R`gNdUHOw0D!$56SZF0jrd)wQjxjG zotZM@Rqai~vuO;X0M9y@^k01_*hDile=)zt0gT#Y1~2RGjp}Axu&_Mgn!Fx;CMw+z zj8=cSmufKafjc%}Z1ez~1Ss9qg*jF%Z6vz)#(Jf9Kc!kmF2RZBaMac=|1^Kjb>gLS)9ABexc$5ma!JCHiCD$aW=VRW)Nj3}c!V^kNUYkfmQ9&0DL znvlKW?H3y&8Osh|ZPM0Kk+wPLp#5kdP~WWI#*Hc>ciZ_iAl{F8R-S!bSTgjy!qnNh z76h)HNDqkHl8)4NwvfhfP5Rk12lt>Y`3xN2mgje?EpB8iicg0875E{Tv#2OuvAuWm@p`rMYykKZjO7;82GvgD2FO#L8Bh5ykSb+gc8g%ZquU6QMdNO-K#Hp~8 zqhnFwb2eqcE)0e0v#Zu2n0N24om8+_lu+$1Drb^1@|qJ|+*{UPpHDS-g-Y1t(>;+7 zWzHCPf6keklbOe5O2fcUdF%R%;ziCWpVz^lM`6(dy8(9YRcPjPk2mM(6AHJHUM^Oo z*_Xq#c_2?)4VFVm#O$_>$Wt>&pw>EsA-qY%IMqHv!7=Gt;h=6+EH-{Nw3+^-MaVN* zhH%zFc{BykqaML)SF_jP)V;kSJY8fEGQpU2Sn4l}t`Z$1;f_$LTlPzJ9#2t8J{oiw zd#DS))5w{M%Vli}T>0qE>X+8o&z09QW^_LinXK=HNQsPQw)*i1{#W+pqP`T?vo4{h zB#g)lvUH67)Hn{Pk@(Wz=lmLc53yxctGs|)W{Xu;D+Rn%g-pDzq`IfI(!x?}kURR- z?oA1~!~ju24D_(;m1uG{&j;XJb#CF~jD#TjQ7JzI^6p-_p$6jEDR03hGo>qu`QYHX z56)_8_7;FmvHG+L2fvD3N-t-A&f_!oCb;!jM%xIo@XMK7xM|cuVZT-$fJ5vjZ*^P5 zF#6Tv)x>PKLnd~+fVutqgPSp{{rUk%FVCz!bMNwk_Y9El33RE`u%{LDfo0au)EN=& zRNqA(77P5dthH$M$B*d^DV_DbAmXt8A2Z%Hik^qaJGH?2~h?d9TcLL}c1&V-S1s*=jp!jLj}!QzmN0eVq zYeMYMUyCArlV)=Re|kj;*4E+B!M?@H^R~85eT}EJx|=zfy}^7>c%%I{b$wRSh=>1p zo6GsNJFXPz`!|imL6SPglj;>xW8#3Ka@bKH1)a|l67bgBMN!ieY-6~ht$!2NDPlb& zy7e&i#%T|o-MB&~AzaDm*xaVdjdS4td^*RERw5+BT^Zdi4wkJAcgb{8@n%f*f83@n zzfy%^S0b~jHm-*% z)6e$h6>@OYt4wZfG97s2L74-x9Shc&riIrvdJ0UxpQNgUtdo~%YRhORG+h4v^)*Mw z`$7Pd_@-H}l_X)~e25tdc$TWK77pu`xo2!M`t;K$M}mhp7kg8dh4#r)bE>eISBn>9 zsTlh(nF^=IPyy9f9;E1&^V6 zP&UT#WAeKMoRtdckmBkqFGx58f z4QiqBQhBZ~lyRilvWOs0Evjyubu!0AxeuD!dI;%FNXX-bWHUF!Q^m2}o=+uihc6y# z-UT@2wWaTNZvtXB|3b};6=fyy;X?@^StgL{(4PmA8&ad7)J>XH;c|=lXyZ!gc#I8xjeerB_k}1 z5$*?2#)`)G-fw(X!e7@pvW;J8tm6 zB*VuvnXP-6aRQIY4*~F>AHt;p8&tI=eyFTu&mEmx1ADsu&?7E>vDviT7-*+CbHGm` zE3Da32PPj-9I~d>XIeS(M^(BcZiyBiVT@rWkgaVNH_?`NlBonx%>+7GSRb}x%$jv4 z6xcCV)1TtoA{1ruH}j?a!%Y*(+jC%U2P@h)r#N{d=cgEPIi?eWFVLzJo;Mcwr-@Y1 z4thK%7T|K(;?vCoS) zEPzeIc+p{?h;`K6cs}>s5svy*3^xA12oTKH@g7bfEq6*|=g*0zt!}^t+95={N;xv9 z7F)?*a@8fzB`wi>e48@B*x%2fQoo0H$hUcHuQ`m7utR(o*fw*4ssH`+LgyUCsA5Bk zwwLXP+pg``<02*s9^hF&RcRUbIjD*n)jXo{k%6pT_)`@ z$@f5wW+_G1D{|(nhJiE&CIgP$wcpdHVNY~)UH^tBu&q!jvgUv7&maP!s}!hcM(IKmho&1kgy!$NK9FDNJz?G*hiS64T z-Z{VB_sG4;? zha@XwE$B{meJ=TGm0h701LP*8##R@Y)sFPMrB3rvNQ1w4YElFsl9(@^^?tiSzI{nz z$5d}KvTDu{L{ZR^BCX_bc}VBbc;F#5|G9oD^u-&7izw}+`7alkn7O7O2Hf%GT2F{F zljEO2dxBO2DZdJ7$P5!)8nQ1DSH(95h z6mI$=#JX#~`8G3VRMcXYOGocJ2m==1s<4-E6=&6^&Z5pM(Ya3YfM+oC7SXvTDlSK3;kH z?kM$-edw_M+^ytJ_m33BXa-?zYoQyA*WOAD}IS*I}`0J1epjjx6uxx1pgN1U*N6> zrNn*v(iVYqe0W-HR%fPGPM5MR(5^oAqe)v>6#wL&LVj&=>UR*|69RD)@GV1PY*grq z7NqYt#j|esQOg2bZFrZZjHJcMZWkzvs>73(q#1dhps!GLNMV22kv!&4{T-q^gU)6R zY=X+>Zg0%lV3b%~&6z{$ehsDV%{qQ_Y1QwG_C6noQ2N>$;V$#1L9!(x4GW#W;ZO!@ zvkU=t>b*CHq)!WE+du6E4T#2%T!$z8FQJt|=6Il)v>%30mkU9J>z^1e!Y%>&&6y(3 zx`Lyqw_>?Lf!3Le9tK##5KOfph**hvhypBI{n z3fl%nZ%euJ!JYQI@g0TS#-=sB(T(5mX&Oi5v%pyx+T$X_qu^*H=R?WYz1}kOEoZbs zy#>Fm+t?_XjZ@`%gRO?hIYergcDn4xtAU805xMTtYn_5jTTMdJ~MsaV&ps4hAChE4?#T zn~MN;p}^BRy6x1k%BZoGjVoK<^EsclwdNA;phgcvjKp|v^JVHK=CF-Sj4-YjALOFh z1+nZt{}46l`iN;GZn713J&%Vd-6Ph{8R?C*pOT4*<1VO60-WaNkgZ*&%F;+U4r( zc8%CVcgMTj#2?tHfZJ2T4x(=%KZ{@r+E@Yzw6!z-x5h5S#fG9y;@-Z=tbU~&$5FtDv@ zl4I`sKDE1Xo^ITD&4>R`MY%4$t=(8OITE-83-h2&o1RHz4m_ecFyxXH34An1VRor3 zvImr!IYB(?mK{?)JL|W-?sZ~w@6x(-F#j=&B15^9&ucm%G$Iw)PCBekcDGjX_`xC|T!8g}ZoI#?Y{!Q7Gw5ArhaQqZ47g@mL&5ferNc&e@D2|3xfd{rx5XA} zmI;!pK7@bPS;NFIsE#nSZ>G7Cujz@NDL48(BeX34BRJ;T4Ee-WPPTaJwTn1EFDb}E zFNq&e#X37LZ)rgD$(?J#n~{?zc@QZF;WC8qS(^ZKOsZ~QK&gGB1-v(SLO7pvcO&om zA&|l;_CvVeR{hxHhwR96kd6d-IK2e4ik*3l+F|E|+dps|i`v;Nznsnda2%&SyNUQ9 zOo%)5D3mNRzpxiX8O|#u)lb^4QB82gec~$-hQ>xW8XG_I(X}V1L`_V=c>EW&f33WA zfb-FcM|a@>1Vo88n%ESoE>`IK73wp45z|p4u?MKF3Fuani0;+P6*e@wfU7>-0vpQ4 z&?EOU?sMUBw$t6xwV^`&aKqU)Si>}sDb~09u)KKY3H&--V;Vfl>zzjm^#AD(uy-z> z4OC?}Bc{NztG0VKn-^n*ScP+VIaQlK=BfC8{myitXzRd(cTM=0KXC3@*i~tojKHL$ z*pJrZ>1Z#9x*nEd=iM#8e|^)%=arkmVnxQp1HSKxBHILx@pg07$pi2i@6Gc&Wq)wV zhYKoL6+vV`nu!q-%6yU01%KH!n)g=M@I_NDEA993RuTf{JUbs88l|$Xi{Hi=l&he@ z5ni(R0nx@g-)@er(;T<9^`^TyMkLN~ffupuY0=upK7VJfG+s0e*jE38!6Dri8U~aK z{r*kC&O2d;Md##)RtFn{DG{485qAz2AyV!?aMl#<(s+OG;(|?coN?Cj{sAFf8N6}P z6~*n8-AR)@`s68+3kx~@vQI;)W-q+wR7&%+)SdfhNzLES-^}HHy$gnsaINC7*uKrt%sh?9JY8jR;dXr!d-6YjqsQK9 z%0bm=U>p_>bb=_InS1fPiD|eD4T@6p@xEygVy1;JtXAI~QL?Zex}2Kyqpb}U3QT^i zrv=*{Q4rP~Wsm6LFEgbgKWrM09owzT)R(vI&}cZ^O7|NU0qq{;IW*RpapjU=9)}G} z-$4T98O`w5Fhwc(8`$#qXj7jbdh8kmrqi5vol>wAH)t^@AqQdpHRX#q5qR!`(4m)H zpJOhqYTKNU)?&_n@MP;Fb^x7T}U=g=Se{`|aGAH(M_ z8*bcMR+j4PpRW5afL*TGM69L;0KAcb+Pb*(UTa>di(qU zWN8o^Qc#vmw`q;{(HiFFKUabOeYyRUvH#y!&i_={{(Xb~IR5X4KXCrPziJWBGvq54 zalDH0JafZZELx%Qu`X3F-VE0c#uvwY3E8(tq4di$$7v_><7&~V)Az)FpP>ostl!x) zujb|NeZ@NOJ+#%IKAMvs-sv&UoU8+ca5Ju4SAOU57bOd^(AKdf(q;wL0|*jbynFMb z7F~z?7mu#y7ZaM;4;m>zEgKwx2lABfGP(;l~h| zrb@bpb$f&_|DlXgKBG;@=I|J?x20+ zYQ?NzDc8059Q{~W@G!U9;ze#@n_#QVMI^l@I-qfzdDk%KtLoje|F1z{H-L(9)q@&>Zjm~88{1|UWTo47%6#C5A z0ai3(yGja;vr9HGM#@RUzxp4t#^X0e-xKUzW5eU~5=xow)-XpZlAsg8R*fr%30%Vj zPIHKj(EAO`j`ryB*6cS%$Tlu$UQoT@N7QT<0dA+uYxS|`U-qu2DhZlpLv$}}7@fgU z-i-lMg9M4Udk`eFg?n4s|LD7Z&_bZ=d)J6YA`Z){r@^Y8lKl(IwIuE4osuvfORA@i zCH_DipQVlz0ar|#MCc%wM~l#7DZdfb^RFucoIXe!{dlrDOYD2hFCo`yx%)4U)Bf!$ zH?z{n$bJ?!S#C=IioDZL`j~Z4GxHN#^K#jTIL`dj+C$oB{3F()AQfy@abMZ0#;?YM z@n7e2IEZYg<0_)Ydfvk3R+T?g)WOwE6-E=O5v&#UErw+*YiO~;GQ@pIhH*bnA@?2mYVwI1h3AWvCJ z!)}ue$K2{S@v3%r19Vs&t~>J^GpM|z8#yrmUV;O+SKVp#weKRGePnn4$XEBbSZTXf zIUv;mWwk=Q(RZbjS~#ll5Ti_Mks(x92M>Y_HIrJvBZ6JI2uVp5>U`z4LyTO)OyhM2-SiUIY8Cu^9suaY{m?!7N}Ohq!(ew!xt z$!#Bu${t2cZb)-x{I`pohyUJjlQW<{Cq6NH{2ST~E%1AvWQnIVZt4Vs74ySrhCfg#TY-cQ`W^Z%TFajsVbbIsms*IM6Idu{Nr+v`|L>6_SyLCPWG=QZJf zyixBh`Dfx*KmVH1j9#108RC^PQIBEkl!&z`t)AkxZvZQ}=5ENHKaXQK=b)pFMwyyX z{PG!c*`Vf^G|zY~l0VcbpMm_@8!9o+h>!T0J21Ak=0+Z00VJ5u$5ww$B!3XTi6cHEr8L#F+>O zw{lr3XKy3A_wE~7tTrFbLe}D3&PP{w2@KVF=V;mm|Bl!|MiuxL zhkj3P*1v@LTRiX_(VAI!<85)DHG;2`jm9Ox4QJ?uV|aTgrBS|L$q?@2n6>;uP3FFc zH!pq8B1Ma{h+)&Yt=exG=%$WdES>e}($pd*5J|l4YOCY0exVpe>%U~H%(ms3URSvV z#$}WQRF>kK&yP1?pR0O&)%-*~B6XsX;@*1_lutITrY|tA*)wLk(`bxmuQ<3rc@&64 zOEywdAfp?s3XfL!HKJoRL8)sRowwJ?i?iSNTF1;H5!g!OGQ=#S>w>qIlM*VvM`TYd zu;2w(gFvIgt1K(zj|z02S$*FS)Hy-6gO}d7b^Xj6CKyQj9?&<`Jb{dCQXXF z!Rk&ktM&Rcf`Em^e90*b>nyC^G(&fa`?tu#+eR(=%yOc5)Qy>BK@Zq5nR}I4RdAAc zZfTI#Ags3pE(W9%9lC&fR}8!!kK z-bNI&*aX353^JIiVyN>+q<@o6SOp;udDP+{^7hQ{o}|cOg^n{@;oqjEM#KW)3lHH^ zZST7#%`NK6TOzxEvVI%2UjP0VyWqE*#yeg+$|Jf9w#)npk8_VUANfp9-coNFi9q!B zjcro=VH;d%a^l zWBV(vwqqmhv&YLqs`ZySz&i@* z#$3dcX}6G$Xic2w!0#9o)XbM-U3@5UTGJEf>naixOZH~OA>+whOHY1hCM2Kp4Bb&0 zx*ZHj^J35PQy?yhU54rSjgDtWKx2iz>*erfHYHpZmT6fzeV3J_aW+zX`yiACWa3)C zbHVZqJoesu?lif~FpWyk?t9E;_uwv!eOH-W4qMRL%{e@FC{G)ir-{fh6fi(bd>uSP z%+l<*FdW;kl%8(bryZuXSdp)^|5cVk_2X^kmbVnsozCfcT(wd(wIBBghV7y0K9^ll zC2@kRq7o(L<8PTAAHf3?{595YX=FSE<0OxSrnEjh{w`oe8dtN0XQ}OMiJN^4xZizs z|9FX}pEe>ZpRU|msJa=`71{HhO~zR!T&XCl4{y#FJK2KjNmLfc4BP_mq|)u1YwfF% z59@rtv{D*iqW10!9Ur-CUQIo6PM|;E;ziU*_*g$QiL1_kejviG_9?4ydUwJh`8UZ5 z4~?5nb#-ECtW;!X2V`ID<4#~H9^L6YTaaB!E*AnLQrl97>VE$@O>_@Nv*X*6pPKU2 zeJL%X(!WbRjqN6gS!pfHbONwc@Ud}n1g%THccWDog?@(|=tHP7{zYD`Rr#gn`FAmjT5@iEU1;l5qbGiGW%1f35dG?XR-`)zMooJo1 zb^V!+<2OUJSIR#R@hWhU6a%YsIwGUJz`P1${c&fhu(rko;>i;dXOvL}){DB+ho^&H zO1Cu9of_N#FHnN*b;K<33d5%AlDY9dakjGzKG+P4eVYVP<9)iy>Kn22{E+^e+KN|0 zGSzfP>v`*jSNYds4m%tvt3S>c>IglJ$ve)FT%D!p)5IST?H*tm@D%s}2Z@f;15aCX ze$!GgQ5PEUkgUtSb7*7=v|6A|`|_BZMyNt9q+yoQ?Mcpe9}sBii#voQ?q^eJG{=W# zpLf-7G!b~L41;?eea9UGpJMob!6cz^YNv?;cN0kd+GUa`vJrjwp+uAag`&(wx~Xwl zl_om;n?-6p9+bFQy_{&%a3!v!@{yO*Lvs6L!7(Qw62m3>O>W-a@tXP?X*LDi=Yhri zXk4P~hlw}cIuuHH1cn!YcU#MF?kDS~$LY>9fI-sS{J5IpI~u3N=#+O~sA!zBfPKWG z;YsYlc*tj=T8w=+zA(|t%EuO#!WubzuY;%YH!L7}=cd}wN8jrKA25ltOIYrFD*5` z7L|UxJ3(7sl7nm(d|ebXi3dA-FP8+l_|;ZNBINF#1jy~Z$~%_UpUNNQaXUyoWmMUv z_|*QPdyF;c$YlQo`x>avw(%A}bG!*+AMG`4Ex^2NRvYi#0HI%%(|ifsyU^lCqS*0@ zx~J_yt>||jOUlfVgzY#5OB#hNBk&4a1tCI?&pOk^rJ^B)0HSq4IzW` zh+e}jW;<`Lhz+#DX8KN-Y+a#UT5+(QWC^6~W)jtE;>|w-t*mCg{TSz9A=oO`Im6A) zururjRH~!(dyx$?a=ZP0JuYL^s@_qu_Zm61P~VB1Pe%4BK}*EjLBEL1xPH9uzv{;X zc4xC!O)ClPXWO=s1N+(yEU_yE@v&M>{55n3_wGM8t>oDlRyaFQ;TY*jVz8 z*^?q1T&-Lg+dx*^(vrn^!aoY(`snVjJlYLYqYUSqASyk3hjTh%@ZBS1<Fq*BSuv)GXg-4R7Ji+Q0Y8?Ch*E9`jtuIc5Pltc8 z!^y?=XEilGkO#X&EoQJaY+p&q`^koxgq^d#GB|vA!{bIn`B`$(H~?CsFe!GU<>`ji zGm7tC*rl=aKfM*L@B~pl2tzZZ%!{wRrn8rtQ;Io;H#uRSwVTfL*N2#Y92(-0URwMJ zrwt~wK409(^esFf#*Q^9+GGuR^%<342$YQSnX#_S_A1-y--|I2es;CMEBSbM>C5dchNuIRAC$w`)B)S(B$ z@^x@Z??ztYUu3nAlv zEoB#H<7w8qlEPRGpX-Yk;)iWZ(SglMDr=mnR-6cvrriVJk9XF{ zY;GMgA%6ORMnr@qek*qb-HnV{gV)MC4vp*3oIE!c`b)ztpj21q$UW9oTTW4<72&&` z^9)oM$xZJd|5)D1^<#Qf^RH*wly479ZLo-y-LnX9A*Sigt0dJn57cG6-@Q_$CpcgM6$Ez;nfQ`VEZ_-@{A@;>)5lF!COxQ`jeh6Zhs#!@qdW9wFTAnCGRzuDg{OeTRm zPZpjbupJN1v&%fC!cCmwwO|UNu5P;_NS?EW$lz-0{~) zuoP;|!5c%sZQ%vePKA%ZIM z5V>!DE!Rx|GiROthnIfMK-syCS6gOXD-+@x%xBTVX|p3u)eU)yMAFXlh9Ab0a48+1 z{jrG-dyNmQvoCDV)aV87O8q)LpVx#9Hcefcprs|{u+16CXNEqS&}okXM&v6Ks(S2X zwdrEAlM@cJXD8HY=kW6?byrpT#`rY5C5n^u{5e0%sm_3&?DJoJt@0hT(Z@}14s@4r z`fP3WGyasq0+oGR8mr%(Xs*MDIh^~Q`{z9fdm@A~%alhCrdtnL8O9Ud@YuQyP{{v( zV70xX<^Q6A_dlr_JP4cJmg&=<@zQOybC(k9=^i=hAWmPVBi)39cU{x!i0v{+r58}@VB$t> z(Z+Z`X@Vd09Wr5>{uMF)J9ycGhFe#Zgm{CeSP;djr6~ddYe5D1xgJ%@7`<))oaD9N z!fxphhJL9o7^h@2v1{|ZC1*j^)jtx|#|o^H^o?r|05c7;T?amPw&vzM|2=)kzUK$e z;@GzN4*jTIihj^Hp~9S2|o!OywvddYjr|$iUEEV});mtW%1{AuZ37 zg;`fL;<6HNyM_9N8oyncrhs7UOo|BLj<75Qj21}ubN<*a4h{}s_=PK--bTR#X70yi zzH!Jsa?s|3G8VohYIk+vHILqV)A)O4-LK|xnk^m*O^Tv!qs@U}(wq%A8x!6d;Ax+d zOyLp{8O@YF-*~Z)f=!Vo^4XTD2O!w%E9F9deIiKm)Edm);JSxR`Lo?RjQYd?+ry7m_(^v8b zthz{Xq}~))bZ4j5IJHO3Rv@v5UMhdh+7jjhF*>U#RMiOd&6nB@K&jCjZeKM zl~YwM1jn>xys4of32UEo?`wa}r~!}!rg!-K-3;__eTb`WSPYqX zzb9VE@Up#_8pNVChw@tclFxImyQ3{++yPiRfh>C)#bz*(_?;isgg*xLs$aT`g*1=` z|6X(Dm{v{U(|u=1a7zuD_(6LOme?K~Pi7Y&MmiXwdBx;B*j0h{R(cXHPc{&H_X|S4#J~aR7?^UX+NjKMnjhF~4w+w2-HAfNvX}(%<@UnnqZ5fw~|x`^azH+CLaS zfO2uP+x(=BbH|esI8eM2OD%YdtRCz>P_eM93A9!3o~Hze9n}VsdB5M7$C3QoDVNv? ze0^24Am9(b1c~|s6_^z7exW4$+b!oo0tksjGT`QEl55ri0zLMHVu?Nl98rJ$Ee)ja zp>BA*2Yfzn{!SJCejj)>&ExORfjMI41YVU+8U?sEe>F3N!V0Nk7(yWUbw{rFTx#u` zLi3W#n)Qsn&IEag@b{haoB!#lp5W6?2O7O^*t00WoCVa{A_UV4!LkxhPK;d0hcKnt z+~rGTQ4URb_J$W2_2Tr>=|zOh?LQvHE7I!*iVOF*wjk5rb{<3~OjW%c93eNOUuuzzk^Wr@@k0z9=&Vb|ECjFGg7GE9@AP6ohqr1HRR3H*<0ven+ zP;?n_Qdp#E>cB1Br`=kqeNe@h;8xMel#A4MB@2zW*?A$dx107O!}6hSfsZsP_)SZU zgWSXjw|&0+z`^n;^5=yCYAzU^qCzJ9Vsuhuuw9sE9w$oxy9<{Ysd(5Oz3Ni{Bp5q- zG~9lE`8(ExU?*AQX2sjUV!rWMbgzB&y5fFa9N8s>7pp}!8RRAOcXi09WmUC6|*#p8Xg|VbDJquSFrNLQ0(IX$6p zycg{vz7+=%f(pBpM!|=P*HWT`3Aa#Qo0C7ZC2+NLxGXxC6FVu^Dg+~+yXf}%;>&?e z=o_K$@5^*gR>O2t^%X8#y*CetBz2FU2#m)7{GoVZX6l#z8UDHROpOR(w2h4`pZm!9 z1~T((BX0qa1+wu;`uF6&c+~5dTPLn{LH2i2lab_DLzj{(H@12!s$8EnWfh;U=E0F3 zRF|KP3$srMkNq50w)dP2JWpYx0(~1|1St$^seCQROq0i7rpX6?HvmrktNFY-(z8n$ zh{_)!`!nFyJD*k18Y(|ohN36nRy&ms;FXQypq24c_gM#1RkfY-ct288U$mWC#!B(n z=D?b%f{WCQ)rHtaf}nwIl;4g1+!`ySF_%)I`dJ_2sWiGz0+K4U7jauju~e}CFlt|o zRKe_{Q_ZRY56VtRC(34^Gq5de8ja2$eIyLF5_eG>!CZu$x-K^k#fPBt5#RR2d35X0 zh1EHi#(NsTO}ZI{?&#(pa;48*B8+J&q=1s4d|Y+YI&O82Ka=n`)=n+dM(SD*7BWJY zpAu)r`BaRypmJ82H-QtXwGtWv;a>tcSk9)F&M za5Ih3eaGqvPM3&_4h?$o*R9t^hb!HP%ewz051Lg6Hu=TU=s$VF-^0eS>-dzp-8sM8Lz1{o#tbh!t zD%~xSr`{Y)qqHoowN&&+CjgCF6M=1E2Rfm-FZbI&UCv1S_Bbn!U0J&QC0E|vdh=;Q zYxbq#%6DizBvZ3z*)mi+F5UM=L-7PsG2T64nfMmpL3Ql+hytmSy0J5emt~w^2|DQOi*s z&glIgkUOrMma%kT=!-!Ko=xD|;5QfU1a4p4eopulDe`K6`+RjF_%vva^bG(y+=dNpk)oJNAO?$cYOs`OB%7+`m1P2~6LC}6v8*eEQt-j@ zoR{KYc9{qTK0#)@O_0+s@WIM*ip}c5FUfb8d@Ta5Iha9|x5}CKEYwqbF#mTKoPc)w zrz?t)=c0{{S8Rrc-=VVf(B5t!o=N!0wcHYDy*#hIRI9n+an}nfmc&K6vb3`yb0wWH^d>Egu?yyvCnmAS6cc%X}Zsy0+L0jZ!O~` zakhG%o7f!cMh_ZC7atedJHJ_snkF(oy}`pjTR8gU5nK%EK}H3JLf2ONWRi(Jp1ez= ztR|E#^1GqZK}p|y;ri7JtBQaZQsJ^dihe(QspNF>>Y(vv^?F=>n}92)C(4U5t1aJY zHSEhK4X#LR^3y;C+8ALmEgZ7kC4-b&M);;la z&4h`c0Lp$vDMgJ})ga3?X=CSlq*lWTpSE%cS30peo<4Nj-PP2)$n`+F&Jh1wlvesPin0K;RKJpfa+%+Xjh)w=(a4p;V5<_ouXE z5O(*>!EccNJQ2b;*Nv_BL@y1!w^!tfU67_|ONpJvE7}C0%OXn$B*T6!q{(`U)R56= zB?A#}VY73>VivOS%X_XY<;|~spc_Z+Ec_4maGW?5&9Rm50YP;gsx5et?$jG1Bjm)` zoL2)65q#DnFgj*C@$RolXVB(NAVdx$TCa2O`#6Xk`wGg|0W{mLU=@%i4*KqSdR5(L zF2!QGb&YBNMWJXG{u1_odI3pemD5T##NpP-d%UM<$NkR;0l0m&5d;W5;y`J<-wDYk zn}FXca$e)^Nk_6fPIMpvENLrddgfn&p6_WA4FL5`@$RoJW|D0|KpXr%t|;7|J{wQ_ zBAYXhZ^@;jOZ8-SwJz5cJh>&1Yf;tE=clXi))oZf{`FQuOnL7-^168zpcd#E#tw5= zPo~g|Gyt{OMjHJcq*y@&Rs{U4bYW+*HQw(HB|~#h^JQSVHR?@U+$zdzBiZ9mmdG*y zIDL?UP1rbLzxg@cjf-RY`#l+<=n!Drsz8x?A3uIHGkaTuHOi0d#@jf$(pyt+dbF2L zL+k%fv9?8FvedBK$XteJ%FaEqJ?zWlCza`ICmd*njpO8>rsaUyeabaAy2~4YF1cz~ zdfk{M)3-2S(-0u`8~D=(%m6YJ`-Z1#^kA9Q8v>!KZ@~18-A*M5m!CGLUC~Qiu?2gd zQ11j`HPs7et-qrT;){Hs^}_~fS0nxH?U_;!MEa{NJILh-@C_C#0C-$oQyv}`vu-2& zM(lHT%2r=Z0SWkctvT8$o4MIG(Rub0>uC(DF2g(?(yjhCirc2p8Q-A0X^dt|&SkV= zte=pFaPqCj49rAt{WL$trguJvATHqidyF9KiXfDce}lGrxB0z7`Xi8~9iR|G&rc5b zS9-Xk?`cxi4bKnhsuw4~FR0k@K#n1$&3JTEmHd&=?;7nQU&<0{F_ue91B-cKVW+Pb zJP$^l6MofoxQOe-i4QE%a*87LEDE{a0F#+i02Pbz!^`Gpg2=u{+&qUH)rrbx04QB? zfKFp>1?5%c=C@jU(cIUI@+RZe1GK+^zTpL2vv}+z0Hx}(c$yInr3P1~r-4v9AvmIWfIGIsdy^AnG^sM(jm4?$o2)8b{NK%>jRF01=*gUZjT zFCa_uAfTQcQIHPHQjV9=d{m{8h&RDSi@l>m6WtdDo1@aB^SX)q|0@{(Lykl>{&7Cq zVULP&1;G@b*V_m%?#$+k1D*t*>RJIZ{T)f~49HFs2fFpcYgo-M%$r;E6wTe`aL&WC zzR@MRlgvk-g!$u~&-ePez_8==B4-U`{8A_P!&%J1knV+sRBEU(uW$*lv+N8% z5z|^awB>TfD)F|dvhxPzSy*;&!o;e1eYf+CObl1dI9FOIj*Tp~gw7uk7CHG5r4sRq z=za}3CsdhoX3*Q~q{)?@evtBx@c0XMF5Qe>)UxK!_3V`L=Mx7n%@q^*TA;BWgFMr_ z3=Fz;Uxe|D;Wx|lH?5{#)~r&lA+m}agf+vCBZr@Ny1e^BZid?qL!%tc$pN+l+Z_q2s}G{AN;1r9jIvP)I77Kbh<8&A8k`x z#d$&4w+VUpnnEuEF3iP9-ztiyqhIWw?J`7V2x>$rWR}UJZoI<~N-h;iEWzbaH&DZ# z!sIjjlTHaeOp&>z?TD8Y?|~3e&@~GO3UE>klY(b?rfamKaYq=ps#Uc-HVNIf#0L)6 z+ukUgQYsaxFQU&HXWGZ3bpj3r_yFEseV+9A4ga@~-$ahL^A9D$`OhwwVS>KxYJ{@%nB z7xV5u-dxJ7B83Ru`#sk2p|f`vQ2{8~EpOLTfgF#FTY-@AM_#%T~^uI~~MC8gXZnKl)f^*G6AH*4?Gl&C8&6 zUo`j9ynDOH`mmhF4&{gwhOV`LS5oJ+s*)X$gSxTbaZly+5;n0(UT31XaBb@x9-zal zKY?X6;vKv4CA4lCZo?%fQryF0jrVnm{D`-U-ZC=Q0j1}C4QzW7&c=hloAwq#l%s_w zXqIzgI)Zb`q54CiQ}mF(2&bahK(F{1y_h4u?U598q4O_#m@WP}vHX4UrvajMG#S<} zep3Q=3J<t}A1`XZKKLWaN zc?HVLPh3tJhfp#v0?@AO>-#P=?2x~IKauw#P+mL3r(dqSzhi5&I_RIGQg!^K9_0l; zKw%MLlBd^WT*Ig@jY72>)&R>!mz+z?@y~zIZFhD99PPi)^`PMSp`_GE?-X0kf(X@? z06ag#hVdKx+&*_?^|q+Unp5!EH(l7Q-Rp~Scs%=JJTa&G@rA3Di-P@$nfzxKRSSqB z6j@j7hDB)SimK&eBk`y)umKkw)IvtbDMwSVx6wEXH7UM$00NGs2LISvIsCZprWYne zwi=j~h4=7curWKu z)Y>Y>@sWXO{TFnSncW+&kt1LJVOp^1POTx2b|MNpsHt?*;0ivp!=dm|$CapXw zaXJj0OvxZKN)W1q3pfUf)H8HtkA@{xxl$n#_V@-4e4E*VTv2?&r)Sk+Sg_o>N)e~4q_lr%xY?W%Lm(v8{>MD_i|(f z@G>jC12iOX|5+BUz||4FLWlrS%y=}^;6z6pNStBmOino*7UT9-oQ7?wsE1C0hQ}(l zb4nc^`XGp*e~9nk$b?Z;?^NY7;gJxR>+Y3oQlE;qN9$C_I`29dRinI;vf#~rFif@p zqgx@aM#`8MyKbE-W*4oPz^VPpMB&mj+z;zGg_QqfVc8=9OdqVX?Z0akc;L#(YvMjj z4o;M(E-QT^Wwt>C)(Z%t+yp}JL08ZhATyE8(iZ9A9Ow4w$uPV-)7VL(vilHnKIcCK zf?HIyfYtq$q8O=*9s(s{@1VS{q30Dc1&nY-1t^pkSNTJrkaJ@T*tS$`G#ao0UxDC% z&j66MGQOXMFeu*iAriay^ycT9W zKogdckpX-Wk>TVJ^(crtM)Dft{Y_x2adEWlYXBp^FPg`*h?39vz<8q${kH?rX9NKe zfnNxIYfFs4vV5s=^MF1(X6g9xBMKm5AEbqwVg}rudEGcL z0U!@jU>*KEvws`zfxlh=ru)Ai`Ttw5iV~+YQkw;FwB7;HJnqYqN?)?LZiiW@5wGm^ ziS#3c84W+lwm-~DXLUfGi?yauW0Q3#2XH>*Ke1!o8&CnLj%Dggl1yLRaAl&H*XUY< zvOQX1u9N0>=T%lq8K86;;dLFQjnn;Ier=L;qy`#p-dk90J4a5xQi<{{(=y}jqmm#x zsBBf1ceUV#=9iRl7qW>E0;98})4j?Q<-E63p^45oUy<|2{h6DN_lXwOFAsK zl0NYLE<*yOyYnEBI)sjHs$@pYidCnrQNVmHkAjXpRR;*XFEHbMp}YI5He}D-VdAgQ znri7MEy<*<<=4$!5P?VebDHqpSSR~P-CO5KU;G}ttexeS6EuuVybi8^A`yzZgT(fc zLNZ)sePmC`DILa~M6%*IS%C_)(nK0!V2sbW5b+NVEpthL_&a*$@K8Zv z2~Al^PJewmf{B;fN3I{Ta~?j|2|99Dhp;ocmnLn$-6*+rMa3w^6%~MwXs?4b<5;%L zpQf#%A5(t|2AL9)*%_t)s{_IOGCNtuhe^2~hR}&^e7P;R$^rMc?^6-;ld#rRLzm9F z*78W~b7hp1f(gVX+$2Dd$KDstu*yzqFb3p85kI}%k?BcCS8sdgs>6afK#_L<%5^WA zz_QJft%pbXepsb-to4OD!#~GtQ(XwG0|wLRjWfPk?CQ5Dn$3j^7;J{?p?fxtdSEbJ zEki;L1y?ruI>E%0?9qPS@C#;5++3sZr`e+&Yn7ZrJj{$Y*~?9B2^R*R@xSN{R4CoO zT^;wbLt(;rEao9!_rx9lXV>dl$Lk5`X&OpM50%-a&-lj5F3P3Lw*xH#C>s^_oet;T zn0&tUaYiQU+r|sysFTiI+_u>APi#HEZZ6DfBKuT?g&ju?xNHxKDzoI`@iJ&IW|rOeu7{6*HT>a0`lP3oZ{?z=0M?J4RS*gF zM1^%UUr660w^_DySg>W8PLgC&@|GK#I$Ask4v$~Q_fNXJs$Fbi7T9ti;m6bDV4j)4 z)aXB#9CUEKzZKDcuVYYx$_Cg*RovJiZIkC5UC9^zjPX{!^tkJmuyBH6YG1n7e=_H)*Ij-M1?feg@D6qzYToTBogU*z zuXa74xE_^W)s@o8CK3`)RtPc%LbBPj^JsX81gZ-!TjT;Mez5Y;@UTfZ(_mMl?k4En z+qdpLoI0ykLo(Dd{>HZ~8^?BVz&%!49$Y2?X*F&va?z=OjWs2nB4tC01xF;XAGqFh zU{*X`AZ8Y2pl|%~<%X5^x_GnMSSB7rtKa+3+n1s39>fM0PZppe=2~N*q+5>DX zDNK+aaurOEZY4*196~Wy2eVBZ8N7THMEQ&rxD?*jEjUxWkE0|wwYLUTHo12uvEzsD z@VYzKt?GlVCZ-h5In9~?%QUO95H}&+7db@E@on5LqnHRVC04F2*$Tz@R8 z-}0tL(e@i4#}S!qwfd%a&?nPseS5s}Xu?2b`IwJ4&`suG{XD5`qir(a%%0~9Wu5U` zd(*I|82$u*AE>+?KV3)b%ew{PGP-7FnL}%VFo&sA_H)CmE}<$=9p3c_3;3^k=m<@D za1LD2QAdu41V@bk#++z#AK$%xRE@0(cCHfQ1I*HTx%2jV6B4`u2(%>bjHCkws*V0ESRXRt{i<+G5y zm~bpCyKn03A*~o4l$SOa+APzNPj1j+T?DaEQYjsTdB6*U95qs~s~C$Hde8z5N_ zpPrx_$tC=2nu4qH*&uwB20}IvtmGYcdq0KUFK6rlOwMqpq@To;bNW@w8BCCR?ggIHYEC_SnyV5`j^*ct9rR6(P&j#ELF@ z=RN(RQ$+nOKHb8ONPMF8y}c{8zc_CtNcXM_+lbo)qcI`KG8{%@lf+}A$@EsIOUc$;RVs3@x_cl{Yt~0rf3`jS1Y3i&g9%)^i$2j_36N-_kU(+U=24?fE7<4 zk#WD7dj(vGZcnUt(90)XBh-`v%7)Th*4>4+eUl9BU65VO(*Lj%P3NB8pA|+Y_zDap z$uCyeR))ccDWr}bT$uy_giKUqG*x&vkW&4exHDvcrkxgiJCxb20EmitBZWaAtZ7bJ zIhB#o#Y4frv!H$y(X#lwDo!)s2Kc16Kjz8_#(f?-QwwrsjW^4FCXY`?OSHI_*o>E} zByN`ds0WYIg_%e%<4>@K>Jy+oYfd6mjLGq5kG*aED(?{4p6V>a78_kz-bg- zIFS6ibeb#wY`HdR5Q^nOX_ZXAp24&T)B$K8^%zWq)}@#rMbX$JG%3copCgtI7M{mz z;98XZ5e&&9uQ-K>)2nDif|=e|ERnZIX6c88J*8k!z_K{=S{gL+(lwU){oD-@4eKt( ztCOv;U`V3xbf-Qs$Wib=q=ZG%ODP0U^mT3nkPeBqk|5eVXbx=a3ZQtgfa6L7Z4~_s zniOx@sKOY#G~w;Ba!uAPXA3E+IeCcqc58Fh0bt^Y1+yChq(N^{;RbDbGiXg_cG~{X zW+?S8_@SWC`j~OPu`g$1w4xw^FlKgr4^+T?b&@7#6cTnuLbPFQGr&3h3a|~Mvs5!8 z@;fd_QA8GA+&aA*(z)=)d=O>9(-EUa(c!?LmJW+6Zod#s2A@p^#D~V)7T`{23kh=R ztGHI0w@GeTmerlI2Lp<@h2-t_;wZ>tI(?A-0-v>Lh%e_}XR1B8Q-6cZqXLL?q$c zPMNm(F|8FmVf1I`Xu?5u@xU1m$nr0Zq8lJf0YEn8QeJiT*}c-HmV2Zef~UiceXCq} zxFpo3jZY>z8le@6+D4ot5ei>cV}XXnBXfbpBmhX+@Bvh~n{RYrG6LwOhW^Pk@$o`^T?dF}%;}j3;Bh`FKCg7& zoSa$a3d~xoG2ATWjK%l4KmF3t^3q>srl+$jjrsZ43cF>I6240pD1XFTH~6w#UiJn@ zEWgtlq2^FRepf12^k8RRl1&CY4WTspYVE_HVUoeQ!gJ;I+hv7W0Bx%8%uwm&i;r@&w4MzVuEu8i$2zR8SL3ts{aQ7E zN>8U>t4xu23eu}KYP$<`C~&3T&jz~Z^R@73|3b$*0=2OCM;{JNZ1rI!pmChKS3_2w z_LBYH=9}3-MsT$-wRYZ1m_!r@T$ng<88AvRck12>+4bZfO=1rbb=UeekZ$TcDXa!1cSt)g0Nr>ARao<>h7Y06?pHI{!UC-ZAGBGLAn*EWf|b)&Y*=*1Y|)x;M?M(otUmIL%q054iIRWJb`nM2q# z0s;Rs@bUkD&1wQJNq{iDs;@^cK#F7TC$6=Qi~WWe0uZnFzsdfN;~a_&lKgd8m~KYz zTE#r`siIKC4Aw%6vCjEmKyP{y{b`Ka<^TNtfG20yWM(1FDyvvQ9%U z(k;^jXe-ezHcP|*;Pw`Me_QAnc0PjirYLI9MFr6H^f@KHJUJx7BCfI%ml%b;DODN# z+LW!G*aZZ)A-q4QTYi58R1jv=ruqC@Tqm-%x;y}>mkXHKZ*|gAGt3IH>e*JQ3~1V% zGff*A*H{awrdY(J)1S=l*ShfWs~_+E7o!!G&w-!tKBjm9 z&)Lx7%rn1q$uoQ^9M(XgxnXq?lgd$@MvL)+qbJzMsnLC#j|-`8ND^^z|AzB7KKVD- zr@ZF+l7CVW+P#o1SRRMcZXYF5me1{?E)r>JNF0vRDr(MM8KW;OYxC&^j>;=K4a_Td z?z;%FtrR7R5&eVdXYOj5AM5DAH#+kwWPMc*9s24$Rh17jEV#2|nRx6hRwvdVn4_nb zA1$HrwZ`tWr>zePMQJyCd3W`#b0tTn*D8NU*1q67KP1gfk2_r4X?xLWc8d4O%% zVf&ScXwL^nSM`A&*pj_pALV{lzzr*w=Gg? z2;orFs~ZjxO)ij>iyG>hwN{HD7FNU+C?Rxxb53SN1Ejsi{EuCc z+l_ok)JtPmT*g$o+XE^gtC=b>>1OlAfzQY^*~WrXn^k5TNH z*F<4HwH;2n%=eT0eFFRL8fi1yWt_`(*%gS>c|W@)P*O3FZ?*#s`F$JY^FQZID08ef z&$)K>cA^F;r2+lwNf`IczTcyJ$P5dccucHI0f_o${m@&_P+LQt8#LetLd9|wz2~vUy4dQr`BKW>AGwXr#N|Ac>pAsR!6t9aTvMB z(FqH6CIo$bJ9U2cqub>@NR;@09&17iZE>aTWvR+^`OeOJZuX{p^q*%5>G5Zds5QQ7 zK4z}IBOB<{U46u)MSZ#*yHo0Zs${)3vLeFsy1!Y456H5(H_ zT!GYd+&I5cZCDrX$g+}Q#*E81-k@rsgL;#4if8Uvq96YU4gcWee^??2)D-s5z4i|w zph&SOL;!GCGO2&=lz+&NKj#qe;sO$g;$NPsJvvF@q3v55Fz~h}64k__`mj!)V$>Sh-A}gG=ld z2^jj9Qfw~U(h9tl{<7LG{?oyE^`&PcO+ zCl;>5^!=bvgOT`jG)-}!LDAA&SAMUS3-qj^Y@MVDFMn^OC4Zl9%#{^hbtEAi9U=A^ zF4T5e>JLwQe2H+qh@#(%+M%KES`smDpW$2nSsOj`nBwB}OwA7SSoq_IrwKv*2cD+~ zXo$!zRZtoycI}bIlsWugbNh=ycXr{T?p^izU@%!uMku^UN??2?KY`Q)$v`e3M(%hX z>@BxLw;174{j!;2Z+_dy`*{kG5CC1BrAdAdp2u-IB|s@mzo6#lsF^1R{}7g%nQ=H) zzO1VtBrL8txb%O=Chl~jl(GpE8Lp2V%AP4_Cl!}>Ve|1j=V=cU1AIDbh zVm}tcUY3wv>o9hgRB(1cQdX? zh(X@YkIr{DCYTKXdH57{yS7rA*Cvj@#?n{v4*~eU*p{Yms5OWiv_p0J?O*|@)%68H zL^PDvs%+Y3F&lu757}5Dv9C$`M6c*vU~BH zU^XdXoT933H#e@-E}N)VzO1E0)vI;hwEgcRVWMEzq<1X7cwi1}Y7BA$>bl)5HE)N+Lemx%PYP!xE=u`R+%?*X>}X1gx+nZ@q2KEJ+*R&;9_L`TD64X4>s+CITT0%Gchh}0bL9xu!xx@S~` zekwJ3<>4^NS}so$bK7Cn-{p@gFfY1u`p9QD8;twlQ$Al}v8EP`bo&iThg&voQ82sD zOsZzTQU%B~hMf{#>+|<1+kbDI=Rj=8A}v9~tinF(d)YyIx^b**`{)^UyQ*p6y~*|f z<$4B=dyjXTCa3%|{3OG~%`OD%7Im?PB%FjeuEvtoyZwGQf(G9H4nEoyx4Q(l zuefDOn`1QGiJt;r`(ae6=W_48l^4=?Lg|nM6snEg1H3S^@>@xz`g!MSARQLGnJXYe z91~OR9acA?QuxE3e!D22$(cxKuqxLK*I!|KEKoDk+Y zwT}l(T%ZRe#{d5s*fb*8=gAf(g3S+h)^Ol5vdJ(r3tEmxI9-1&m9ftkDj>yedc zK!7j!`?lzl+zS4ag_oxI%3*}m6dzyVHPDfRT&J~p;4Q`SRc`|D;Ysd>FdL1fBu|!a zv*TVuH9=uLrx509{f)F!yq`}YCvWZupYrb_piI?|A@W72Pfh8NGyujncY~#Mt2Y|k z9fgX;Hm-S3&p0-ALMnT^NirP9SHSCUC^~mJ5jc6iTyqe~o= z3@T0!^zaTovm4*AzgQ9?DfA!!IZNM2mlr49dC@_uT#O);*4g@JOrUgb7Ic3d4b^FQ zIXg;$Vg_gL<<F!b|7uJ{Mrad< z)W_n%eF6eG;o>#pV>rr+(HqfxE)jsdSJj-IUCFM>zSfp&xW47vqVF9}aE&BxFuM6^7wpcR0hGo&R zGYaMldICj6BU!03bac?)2+FO{*81+aV+SEpuKBxMKotkmz8~_$Z=^)NyflZ)s`=KU zQUD7oDH0l4|DzE+u%<4$xv&R&(HFNQDb0k&nA!Slr+_RlrMNJJ_WN+%`M|k&=#*O_ zUt5$c0Td_yIjL{&!nx5z_gYM5O!*b@eyRNEGt@r%*S^z>Dt6WS+=q#mf6ZZav(4iZl(j!^!l-egXrnag zXL^?47)$YvaN9PXUcj z)6RyQjgl;TW>^`JLM4519jr*a)3w}XU!dDeaqY9)&t1d$*p3KoIl>NiFh=(ii^ zdc~SL?2eg);<_*R*XmZlO7uhO2Z@kU_*x@vT9l4rw@kF?ZM*h^*}4q2;TfN}hnGO_ z9_+&WQ7FuF#zXIC;Pp*TSutZ*Ztrif?W>~5sFW(x)`kP)3|y}}8ma~qS2y4N6 zN~+9hDqS3dKRhrsCxLCQO*8H#CmAmb5`;x!p|W_n`&OM47}*U7OlozKp#!gqtmvv_ zrDr3r$XM&|kw9l+Dg54{;I;S!O zl)+gQHJYct=INhT@D-jyf85NY;Y65RXZhhkoBT+_J+8POfh@XO|3|jFF5?`vW;0%P z(ZhGHbw@obccr4JBcdd*Eqj!@uasAlo zBUg#1BX(&)hlefaO^RQvKCdEhZAY-^dn(OqJ)uhXpztpLo^s>ibl@*ME>g$??{W_q zybmjZY62dm`Gdl{GxLrT@{CuJ+HHlyE2g&xY09@qgUjp)&Kwi literal 0 HcmV?d00001 diff --git a/2.5/assets/images/manual-guides/mailcow-tagging.png b/2.5/assets/images/manual-guides/mailcow-tagging.png new file mode 100644 index 0000000000000000000000000000000000000000..f6927d132032ead9c191229aba48d6f4a62a928a GIT binary patch literal 55546 zcmdSBbySpH*FR2(D5=sVD&5^_0n!rE-O}BIh=8bobTcB-E!`t2HGp&v-ONzK0K?30 z@Vr5T+4S_FiX0{F|tg{*XgiamdY)kJ&4x{$U zu4FHlk@aktCI0nH`+Wgn|6P7#i-kw>r$HE(-R)2L3ypjz?w`sK76JXAvi(g>$e*&j z&>I~5Kb3TBa`8Xq5u*P!Q~Y>M?$>IH-YKcz{DPgDliK)g`OlP27OzS{(1qr+sdm(9 zJ8HLm%@;x_L@q=nl#cwfL-UgFf_SDCQ)$_WX7Zi*29YRA6jonKKkPQMobi&+CLif#umLGXVh*aZQM#4@S+b0qm9@+jGh9aS z-;Mu^8xQ>4!)~)A%*G#N$-zi6(zwoYGOwg(J{6UL6vD7+3EtxLjeoX%qZ=a+87e{) zeh={@Ws}po;v--Hm|IZ zOyyOrRi_x^PcqZu3|S~$i$Bw0iQaZO2(A}PvLxv8Xs13Rwynt|vl=JpvkdK4kd>QH zREX6QTXVhded_sCMpmz9^1E2BPB{EWw4vB@Smc(DZ&$Fe-VEh6VrY2D?sfVam^xAn0*Z*=X|2jD&dk+j*MdqFkbvPkM zYH+|W>v-zSHz@h-tgT3CwD)UZnk~@yv=Ckc$U0@ zR)_2RD_3jo2|HOpVDFOasw`sfn2+&R4B${R+flIo>(aI#YC5m+^0bj}J9^cIff6(>U(G=awm5syJ>>L!fuI{5CTWYf*O= z`cIdalSq9SsVT39ML69=3SU{5E&ddoz6$CUl6u=IWHt|M7V&l{go5Hmi76r%HRZg0 zj|k8A`}RgcQvxgA^EUC4y9Sfn=hK>1$8AOcTFO?XTzjhPHx5Ds5@b@OeIC5t&#AgA zyjQQ0f>RMozvUNWp(ie1;7x%*e;9@_HuIGepSB^L6nkS3&i+2@HD55jT7EE`T+#T; zgB)k(Xi!h(0(XD)iQx`=IbE(xoFkUigTzY0LMY8%4I1u}V+6RiiiRL4$^i;4M;{-+ z<;D5Nb6Ikrq>OueL9X$P>->$2sW?l=ae`jCrMMxVC7$hqc-+;(U>lOK84c1KfDxH< zNT1V={N{n%;`1<-yKR)`L;8V=U0)~|m+KiEbs%Nn^wvXVSX#^iZvM`Kj(xz-#c#Wm zAJR2jDA19O#6FJBHw8+GLS&W=wg>X zIZJL5HzxLVPAbH0k9*$;^(Dv#wxEX_&EeKYCAsuC7!H45MvA~<8$R(p1( z;;BOF+IQYL*H(MHpCff-s3kaj3LZ4sxjL-3kC!t2^>p^sU z@DH4g5K1Wu>1M0ohxDRJ|enTYw8DNsiF za>5){-|W55m`JYjTK_4;5Ga?uTL1HcSFl?;q(`tV-7I~awzYUtGGbvrxCD8y7M+H8 zT(9Lq!AGH)?~{pqJGbv_g%xL>H~21d-DAnW^=vqQB)6FaxlH()lY?noC;q9VL0P9< zi-gxRgeW00d}`_bx`JidE8z04kTc{#*tna?#Z(N5=h|^!LKti<%)HzAl`d%)&_8r*r^DUqAv>fwJmvPy@)b{$j&Z8TS+}%I9b-J`b7ka$&Pg`sV$D*Pge9)tEH3bv-fY`7i_rith@--8 zlKVZ#tk_IC3yn>j085gNp=8~78*vqrMh~T;^wb`=Eta-2S$;W@V?K=&t8<>CY4IvB zZAW+K9WcygOYlFsF9!q99P{mw*tUP+2uiC5Lbs-?JQX2XIY!l|7kjFi`Hc$eYuFdw zA*l0|rB51%AFF>b40}nt5{XE+&<3@wo{MRip05B}0h`J#yXP^`8%d3A&7>`NZy_H6 zw&7Iu2Qb;bE6-8cfJYr~o4hYTo|BKnl+g!bBsWaIY}cC2qrReG^K%S_!(jo;;O7~o zVMkdpo6Ye;((5mj-?&G|9j(P5r#`@Qax zV9WMkj`K*Gy!JYr$-U^7vvc2yUf0z0L6BGDAdg{cFwZ%w5Q;A1FbyEipz48NGHklN zuxR09Q3Slo+VrJsWE~E2>5ZX+!wFoOrxxJ(R$nhW16s2!4yrTq-kB(H2}(;9os7%x zRt5x;v)H0TaYNdhef>5*O4Yxr2L%r)pdPigTFntEe$&$*F$c(J9SM0`8};r!E$!d! zsSiYTa{YjMNnd(E8|O;X`9tWM9x-aA+XI@7la}iCp+4^;o+~h`G5=W6Qm^Dj^PrEE#uHZqTryIsKyIM5-(}bwGU3D2E5eBP(nosl>y3WQf$7ZMkAWZ zH?DJmhNc@UzX&%MZFyQ?A=y`Uz!}!{62+reKV}I>%R!8$5=WWKXjy`JA;N&ZMfA$N z)a$;0S+|X=O(nLECDcf}T@Yg-zrkInK!r&>RCA*mJ(atIoDZ^)MAtKCpMxM*hPh_r zW4WxpY52x-HMym z>*|Zi7t~P~I{P#}tF3ilKXI-Y5=Rql>UVvi|u<>R z);k>Q9t;R7p|rKQtU1Xx%;~#X74O}@KEf93b}Bv2+YSyhf{1BNbXHzEOIZOD;z3>p zUOlSt()pqg`1~bI(E;bc(2@Z$zt8nFxI%8J${E_L@C?a)?Yc|nVVv5iTHj|xGO4xF*aStGec^O_-pAjjbYLrUMOS*}AC)!6`cvlRhQbGZ zBxR{qx=7AtMGC?Wcjt^+hLpBikX4scvp*!h#m44X8H(0R`u@6~gTOiGOKz?$L@8Cc z^kRloIcb1Lww_DiNTAP|Z;N13tiZG240Db6oK>wQ)$U8RnJ(&MZUKKMF|w68Q$KBW z5g#~V<1uyE6G`Pp&GLyjUIIl=-0pG7x?g(jucNBC+!&?CiqJOB2X&H@13x{dBEGub zNWBvRx3N-|km2UH)f&+UT9_6bQV`Cu3N_~-oSAeNa}$kzsyMGMe)HkJYvU_12_e=D z>!l+};Z&W`qtp1o$&l?@edgO78&paYH7qqv>BkgsP!}L2qm{^m<+yJ^%g$se!*8S6 z^*l;1oF$CbjbkB;cmE`kYoUj_;V+qs({hpjNE<`!up8S#-e5LZ`)F%2(i$76R zW*~XE;3sw)#bEl7($z2r5J+ejiR44C1acAf8*wIb8kti>`}Ol@uF$3 z!2(CC0oL9&5|b))_Pv!+afm9Ghz(RPVhZPzq;12Ahp%79|mX-%rHbvQNbmoSq#od#!X z?@#(ZFWRM}AlH;S&2smW@itvkj`hhyt$-T4ULA3;7VFi9Gp}z2Of0;z1EE;%Gu*|!jBOgQ3MA`|6+Y!3C&4x`|4ES%Z;@&RX^H(x`u_0tzA3I{ z_0vG$OkM8fFDh^Mk2CIxz^tr$PyLKOt~ep0Av4EBZIF=bn}B$bcKEccDq)vU%2j~ zH^eugHIZ&Jg(--o5}9$%0|X6gNU8X@_JXeH7r*f)$7Bqg;*qX5c?ra(5BrmtK3rxC z&Tu$#?kyjw@nMo;mUWi9A*^#yG@ON!uRdXLfo8Wv7zFabNxNXC zvmv^s?aq)_OIlTv^|ue}Fj_`W?PkZIgA$$i82t_Pu~3zb%BV&?q2*DIyRO!K-+5#5 zn^lpos*1mU{K9Tb;n#WlSZQqnB6>P8mR+w847M6?IGx*kzEl-@+LRgY>AGXIDO`P!R^cOk?s}v60rr_9sqramSmB z00n=?H@U3o*~1W5T4J#t{NR8hNG8U7-55gjk^l zjy9@Rn@QvB;FQR)5^ukxNE*TTRYX}~<48o!*#Y7O>K8sB#?rrBY*tM&laZg2lS}SK z3%1^5=q@i0@`s;aCu9J!Fu%y;Ph15zgy_-qwMN%_-tE`&VPGLFP9RLQ^K26(XC(*{ z_B=@GS7)(YrP#cQ{Z5FN!iKXs{5$c7YRM7=&?M&cbs`4pD<#3;ZB^I)(y?OJX;Qs+ zkm7-bDX`VsMqHBF=ZpJ)IRK|Q_}fd|>3c7(ATh1& z>zBLWMaikwOQVqbp?%8rYK>2N35v39%y1=Ov&;$Hca6HiSA7#4e21Z_C#(tGokR+E znJXRbZj6KQ<@OCyw5gqxsjw{(Nn1JHeFg^k_W8`vrhjNyO=4dPOoP)bUY!lQ2nE35 zfV!PD`sUsAX=SskVt-bO5A(T!$r?&9ID5N#NN4H9PrX%ql!$C%*0P9;?bg-8u#a?z zb^lKJa1d={e6v7>|9oKdwTrW^p|84c zZMn~{n1>v!dvj*GHJ9!0qxdv1r(%A26MPCM9{MRWTycW(%b?C_JvxlDPKH_ymoow` z{jG>HZ&$COcl-_-H%rSPh~seQ;X=}+tw?i>?HNIT=_h1te1ZCj9n5#K2^8u9$;8(a zOd1j*xvYZM)RMz}!Eqn8!seAIz1Y~sX9NJE)}OVVmn`OrzM&#<2R+w}aHmbQpN?9* zR0TJXBPL@Fo!8&9g{^%7@032Vf}-Xs5LG)Eco3_S_m2%Q4;Y`Q|0#Q12GaN>MlAv8 z*cXi8)ucegdDah!bz5Y))JzLsgfu_if67XbfY3^L*V{<)XdT2^hf2l z<#?f|k}GIgH>#92A?AUUMSNLp^zmK)=xeLM(D8>y(&2J#q2JwlzdV1LW+%!_=jLM2 zm6H-IvJ#x7yn&*ZdBEK_*U7ZmZ31rK{z*E~Ysb2wLX$Z$V~)YlUjCpSZiC)$lPlr9 zjz;WWL-!aw$GWp>ciOg-qT%qnc4eH?7qNgd+Im_#)AeZGqTNWKxxFl%v%HzZR3!%l z*5>5LgH?j_8v`fAeC~$<)-y^$jM=*$ydQAsI&KCq-H7_3pm%Q6PTbHcV$SnZ)1Mia=;>Md|WniTWf+x14y>8HAF|~9x4%u_Wx8N-96hi zvt9(WS!J~8ou~WxwVSrT;FI%Mi4yg~f7)Ynui7 zPskQ)zZZSgj!wB6IH}O-*zNj2fe9K@-TqheEOmZJ-aS(`480v|(^YT%O>(S}1AYqb zQ&>PH4ju}PT0&o9;>^~Ze_G%8L>583Ge5Qo;-S`4%=&fyG+^zMX#c>#e~fYfqJIU` z&38dM{9_$j6csf81l2(d|CIl?1lXm^2!h~8P(amch|}%^6r9m#AALG9ba^zs(>Q)r zA98%0V{lIVXCwNG*~)kT^sg#cU#Ck{geaxhik%$F9NkQOYjgJsjW}RAPZJ78 zGA_}i0Hc2OUi$i)88*lND+z#JI*9=JtD@c;i3a#;102co>!pP8WEapH4C()*3W$Cx z&<<^%Th0ZQ-QGc8UABw+``4-WDlEopPf7#=e4W>*(ArWkDxV32)Jaj-Qwt!vDCC0A zt~ms`-)=*N96}>dMo+~!*!#@D-q7WT$o;dkGmXLQ;AX4g7X)Fz3-k8Ohv@pH#a48f z`=H~W)xi?MPll0}M!icYMEw(!UE>3kPj7t);ONNg0F1I(@s&eI#<-#{ZQLWgnniB{ zqHeo56V2y?q}s0b7v!Lf?Gh@FPod`-F|LsX=Z)c)t5E$aV@8R(RoD8f=o}E?)e;l| z=lkU~wYQLwB8OUdf9uZQqymc#{%G5e(dvBTkBGc~6fVgL%auX3AkW_N2k++^}Z{wvAC9G1xG2HrcF zNr3KMKp7Z9j$`FCq9nGNi$jp3!i*ssA*%~ZqR&qIF;+m@aY{nqH=GKf&8CjKIujJl z_%w8>-D{6gvhHdXMfz)u_vy(WHmKv&sK%ihw;OJ|+>eQYo>5U!D!0!)EveYQmDcJ) zklFin;iqEvkT-vZeM z8@>S0wj0xDNfWF8no7_)2jrj`Feh+ts+tk~&1%l*;9e$qgU<)@2G(zMIuJ0%QI$gp zG|%RPB*yNh<3Tz(H=rOu1_X97EuFx{lB>TwiPJEiJM%7;7@=& z#yg88d*Og>UudQ@mnC}OG&barlp6OB8_7#Y6ChFRO9xA*q%{r`0u2|&ah3wMft2xH^Gh5v`W-#24OH!nKCqbsW&{a$j zBSH>|2vbQZ^M>T*nC&H3xn2U7mKZ00-Ta$O<^xBF#DEUxV>bfW0|Mvd6OYNdrt)Yp&{%1*-uuz;Oem?_sb#>c6a#C~uNo^Hrx8)&5 zdttyqrt2P`z9YwgD6c=~CI9iE&KxG!qC+-iU_FwQQCXzk;(D?O96K8c35m2nJUOC# zYa&^RS@!Bg8}9Ama&Vmh_3g_X^%syB(eu#i@7$Chfq&Au>}lS;R&nPwZTT4!bagtl zTlhKaddQ~hA;rYb^!~6xS*WISZf@?j*Tt_qm2S&8hWQZ-H+C3tXAa1~KsE^RnS$-_ zu5Z*73+s+IhwTK@22%Kz+Jfl_kVV~Up|17@f5cTETTRbd6GC?rgEYHH2b?GY{%SGz z#2DU;7z4pgv+Pwte!hY?7>o2fKQmibnigI`R`UI zeO}qCCfCIxXtDUqE|L2Jn#0E^X8Kz)eVlj+D^$G3)MDl$c++>1EnZpHSyGY>bAKzu z(S#7={#Ne@Y`jHTrzRZqYlOU=9pVGB&SI_8mRs%p;g7QA+=`o$Qc}2c&3v+-@#n(0 ztbev3zvm2+w2#i51GK+-fP|S#?yBm3FLpm%>Bel~ipH;Vud}qvshhiJ?D|2s0rEc>>oJ#F|=$|;mqdWcVnYGI8s*H$aEloG@}HxsnCSetUkX6oQgGK+~1jJ z$VTq`2&=G#hA@%V-KHx6L1SAercXzCQ2rR9_`IZQy5Z3n6&3XYOg?hg)&l-}Z<3ia z#016|kK*w^w1}igUe6uwXqLpil%;Nb3E&Tul9LEn(cIb#_WzY36(wV;_1cpHA$Gnh zCnJ1Bfo^g6>@}Z~p0qUiK6YC)JX#kLdo&sxiDFl+?<2_6{ean}fODVMh7Fhkf-OW+ zeXp8=Y*h>;8>`W?{9N~1}H^tkAJjch6 z+3eCK{jRv4=nW3Fn0q6%y}aMc79Bp86>5U^Sc$0hx_Buuws89WR%n)_tOT1zW#XQM z_b%!i&1y-npmJ04{WW}&)(aWQ>MQfJnWJybIQ1d2$yvFHFoY9_|B_dP7pSDEXxf5Rqg&26*6AmwBuSQB7-)Z^&bY zOc&JO=UxyCv*{U}TCde;;{XzS?=MGfBNxldN!g%$QDntCljMjnuHLh&lj#}n>@rAH z5eOq{s^?cUZecopvcsj!5kGQ3&KRfj)^#8V3xbakvdWI{L6|JKFG3@y0%Uqe@B6L> zbL7p<#PtB0At0~WHhGAq0$77>;Xov{j{;GiauzY=mBQ{(J-rd9J4#6(KWOTh}+1RTBgM)GF*@tRw1z|FP9>4++ zd;12-V57~Sg7^SFXs&UK_tpq0oPn|RC2xuy!^fVi{A0oQAq0%Zx1l@prw0XM`jfV< zK;m|FHe!s;%gxm^)tO-3cf`D4PY%+OI5aG9e+};`fF3MIck^@f)}q=Pw#mh&=9JY&p%)PXu|aB1k38t{S-8tDuZ7&>&~cAT#w) z-vbGo1;iE(S>?fTCZjb;S^@hY*vdfVdoo!Cb-V{A(a}C?nUsX~B_x|8?dn9{PX40{ ztX7>0PkpO;q=FHXI9DuuBNCqie5^<u`$Er6{!T-UX`jbZeb#kK%rDONmtW*U?vL9k0$7;5Sy3oxpAzrwuZe{!M1|sY zimpFhiJ+FcM_Xl}3>7X8m}eZLua8d~r37Dli7L^R?NSWY^fs8P?d*8^x&L^K#;u}G zuj)Vu@vm6|k>VP3Tgl5b)M(_s`u$k8s{8t&9v5jdtH--IKD5#n2qT) zAu(RB?>1&mRAqq29<*_I*{TUpJzsvev=uMS_t3e%QHvhuv?t(vPcahS+Mx#{wCM^#N&x&;UE^3SITV&rVUl5uG8VN>uu1Rps&YVyLT=%b9sQ#myiikv zh)V^O7K%rT>o5a_1iaI?xvdVh762UXG#2?L{R`dIvNyrjmCi&+b<0@En+NybKNHIW zK1OP73Ep&3oAss16LZTx%2ZY7a8L~mu`1U~*?xJ1NaTP;4Jt;OEk7NR3PAz-9d89h zbC&=^(gp{h*SUy%W|zUAqs)82PY;O`(z63RPIVN1+SBEMaQO}Z+j%m4tuYpuyN3a%0@ zGI)x@9A2-aTN`zt8bRjQ$yWwTjQ#^E(!0B$b56%oclq;Gy;@9Eh|_Jr3vlyL?IDe# z5k4T~+kh&wSDJRoYRdHENL@LI zsqC_yDTMZ7$dNBzFl0GTESCnLV6j3PCw3O30cKb_R`7k@k@Ie%LQ4*vZ}#rI;|z7? z8ZpD5-MJvQVsWeM7P5Ad03y_-qJ$z>7X&zFQ7e8Ys8Kxisa6 zY+t{^h7?I6`IEr_=n%@GDKkxrI^&V%0JG9D(v zWajEa_$o_r+CvUZY(;}@e%$=dinn-(0?vk} zOy}LL-!mA$3Qfod><@{Zp~%pPkJ@^u%mDO)m}$N%U;E*~a;HpD6cX5U2CJ5W?~|2u znoVD#XoPOiAb!DzX>I03wIZQ)|67$J%>)s%tYj(Qez3SsgIr1r&N*t(l zOkd)hRHPY`$rO#aaOv$KV^SJuBz|lg6;WF?x|BaP^+K ztQa&9BCcxa>8r;qFmha-wIPzHabBMAt+kot03ZOXV5$ZZ<1fvs#G``x(InTdei5=G(zaG5K@bM&Fz|`skgwM=rxEMWqiArn7>fBUFe4_2 ziBn+zHd9L(uCF;8oAa%n-bgr2i7&3)^w{b0x6ey&FB8~4)mz}#wa-rkkKQp?skZCh zZELUJ?eg|lU8x8hI#a>41$ZG|g-40`_nU=|U4rBU&D<8U$`bL-%rbE75{G>TQcR#b z7wjQi6C;vt9RWOb1DBvHiiQQR#hVXTim8E&!2RBPA<%3!(dg zs5~jh*9!rtuJ-qO<*ssf`oYQgXGH?(!sVboO!O`R{l=6|HbbHY!!W0#S%U+41i>20@0u3f{p7Q1+gfnY=ZZn{mzG|P!GWu}av3QMl=6Mn?V*{ajJ(0w48kz8PzM!i$E9g+SOMVqh$UD++h>1qiQ#-t`ug zj=+K8D9oi*qjMV@Ez^dWcc#3EU6Qi{zFt%&F#gmaxY6GkiE!|7eQC^*@+n0Ne>l@M=Bber zZ8Da5UUue}j*<6(Gw{SYryy-aA-~^NL0}hcu;Eiw$+I?I4Qw`yhVPyGiLup-I?**& zOBs=*?STljwzTt@kjvFtM?Lkcw~@yhflJ5VC!Jmocr3@-n(Q@E4Dhuw!;!Jv%te}sx3)Cf6JAk>-QQ4+djXS z?^+%c%%6*X$G|XTU!_Rz1Nf+eH1<%n2`Y{p$2iT+F>TdA=-JR6u@C%GQti#hkl{6s zl&onm{)@evraKoR&PqNAJ1Nqm)o}E*hVT2VY4{$|dx6dEhUtmDTHhF-E9Q7B#UO(m zoD^54xxO>eUF5-!P#SLz=&Wh`$U2CH)so+Db!}cIA6kFS^WyfJp#=yxV3+Jt2Dq66 zCifhErKu_pwbnxF6|AKmcfnk{TD$^YOfx1Zwij@~WT2!2VwtU#t9DTI%NCo#qG-B6 zx|t#~_h9g&4_6%LB$xJ?=?JS6y-S~4S7;3>IEuSJa!gDqlx{XPckrg~7=RT>Jd(ZU zmFa^gcY&|f)insS;N`}Zf}eddIsZ1$64yb5-2F*$_=`I~FGNOb1$Vm`bD{S5wML2=+z3FqqsmRW$aU;3_y0l0f zJKyG(=ucLuF*Y#vXn2KgsP+@Nov*2>x6rVJ_u_x6qPxFEjUEdh!$_bzJqC?9OV%FH zv3FkDp|14AT(G)lgKNH}dA_*+ShJWPYl5)J{Z?=7x^t9o#1 zhj9poZ`uz@r=`-JPXYCX7K8tPC>%yQ#5=?_;&5CAjnqRcDF3m){uvh+?*Nb7FYK>K zFyPNwS8}+$68QpZHBYvHWBf~;fAcSY!*&?hf`q(5?%%;A%qS3$ZYbfmgBv|aPYj}f zVVwU8HeI*BarpU>ice5RLPW%Sy`SQh2(^|A4ub`~EsHIet$?lAf5sEZ{diL{GBe3L zA(qVa;&*%g!U)4~>M^k3e}V3BF-{;!YQzo4&>{}3S073N*I20=2Humso?3oKsnYP< zR~&PepF6)XTs92a_xlr%#>~Wcb6ut9cp&A^6QtK)ss8~e2Zx8BzN^41D#X&i{qJz- zbvMjYM)Vgt`d97$Oto?X;m8qEW}IM_E&Cc+?Xo+Tfz++i=P>5cpl%GoenBa zTm1on)F3z34ueo$!s86q&%lXmkM(SYM$P&C)d1C=Jbmf`iq*P@VzUWsg!MvEw`k<3 zmDPiJNSg#@sEO_m>#U2>>GY2Z#3pF)m3S2Qs5QM}_a7ZBMZ$%1>+WUqL{#9{VUMjj z^XhsxvW|a*yT|JC17+@h`jog{Ul7Y$Us!S~5R!a(>R!q3%}ITqx8K#ggB;Q5-%qaKQR6r&pi}dMAjAuA;P+l z<7OtE1*F;}qU0po_G4zQ*p6c9B{)_%YmmNo+lMWGoc%skWXFME;Gv=5H&bJ9o_Yb8 zD&_T*qIQ8|!S3FjM&OHLc|F};eXBk#;~YMMHNS|fZV^hEj6aT6I*`P`&`wT z3M{Nh!AmEKJU%Th1O4e-tXRI+-F>xdg+d@N#tRfR3V!L8e6{z; zmpS;P@V2UShz~@G(d)t2H%L|#g)}ZwzWwxCxPsncx~d|uP0cJ$fHB& z0FS>lkpOw^V>1hR?Fpm>wMr)(_bM*@WfMM)aK|}rFw_=>x>ZWitJoFDRZJdGdRq0d zlT}@%eb{>F*;=OXI9*y=$7@@zT5E*IRy53ih;?0vo4Bv#?pvLyh0)`tQF;RDxYfqO z39jx#FYeOD^_8rb%J4&L+pqdXdMZ=Z+hltLled(@hfeG6;Z3boeQesY-rl2$xB4M{ z79&^M3mHD$IytMB>Dm)Y*GiT=|ET*+>Q%d0!)YTdm@P4hXVw(9PJnXKOH6o}+ zDl^?Z!{$le7o(%a^FnH^4H3hX`B!)a6~VU+pLjf>3-@MsD^vSIYi*k#$6A?9tCXy~ zeQSv7bLgw#GyJfEuGBNjWiRpRkj0IO?&Z&?=Ckd@W{khtAurQbim^RT}~7$y&u8?A7)^k@@K{!E4yXu17%k?fvy_HahRjq^20*({CSFK+Dexz*2s zOlg+Os?r^H>*0^02Awg<;VJKF$Vg}eWmG0giu6h4eldK=0_zP$Uey7Q11yBWDRVxN zU&9)YbaxC5q6(>maPKy@1U=AR+qSO!rXZM<=kcm^Ja6Q_9=Nx&N{-T`*<<}}`=)EZVh6r#1h#WT_eownA66=+h)V-eB-!UOT&zhC0%x=cBD{_!YSzClH!tElt z%v^t51OOC2>>Xo|hNTi&e+tRUH{@OTv`{!$Wx`&SIOhI+SSN2#a)9J=ggB@~J_XG=CbO25n3)Qaht(Z{1t8hLSZ%P$j&BdnTnwn$zz2!Lz+Z zfL3#I%vs+`C2h@IZpRg~0;ROdvis0$ipzvXK^k>FFKn8w*4q?*4P?Hgc^^1ZUfz0M zH8537`zX-y0WG~@z|akknZXAlva%QuY$F>42?z9ln0yye)SNITI2axz*mcUuLoNEO z6xTz-DBWOBnkA9h#AB`vbAh|WzgJf^w9vMV{^iB#b^ufGvgWmdH}pRu_A;75$FqdV z$$oh;)gy#Q7$ADL+1{zs_HtRLrLZa@@?X&J9d71U& zgeW&(VJ0KX4{<=j4?SIZ2+$-Z+V}hN!fi!AYY)$H6AzHoEB-auL_c)%(HlgRqS+4~=8m22%E$W}VB{Dco z!=r`Ar4=s>X$x>%smKm#_2@S$hf;fTa}>pqRk^taoxCnO^6ze&sAy+lq#6c-RXxv2 zOgHlcT<``MQZG|~S~1_-Rz_awV50Pupc2=3^2{M{7I61d?3|SS`}H&*0$53 zOCFL%sI?wg>6tR-u&6MxlXuMa<3++?irc zT;5lg)>g2jB;;svO4MUC^?8C_p8xRC_$0`~V{umBInI{2sYmkEK1cA!Y3kOyqnEo| zcqvCK0o>NaWycb8hoR4uI7sM@b-FBV>R*(3)hdzhQF4XTlvp-$!gdn6w;#XC?{ip{ ztX-UOG05bLf#Y|EjXf#*#Z3`7j)SsaeKzTISa`w|)#YAq=y3eVMOUmB27hWg|6}zl zO9gpv_1OF?6i;^X`T7IpjklZgZM*m(T>H7#tGb;7Cmy?27W7FB{mCONL9_R6!Q z*lPNk%JfbQe{|Exr3P}U-gn$EU_GX*BBN2b~UTs)M4weXB`At*<|F{+J$%@@j zV68TN?QsquA8hkXML@eip|?=sipYjK655#1pt{6S6eAF6=-;#@VxBMmqiIJ#nFy$9 zCx6B7V7hontNBaN-YXX(73Q*^asrZTeh`f7o3@tJS7+NJ=pKsN^NIIo zP3Ewabi=p2K#_*vac;M{KIsd;thekgfkW}h<1v?rDB`AH?C!-bueSqJI##!t$)uIv zd`w9jYpQAb_29l*VXRb9`4)RHui*1WBbHz0PoJ@uVFz11exG>UOAz5PR{D6V@ZE)$ zwrxpC-M%P&LBq}bnMX&>Ve7`T9jpaqbd6xK+A2fnvps_4Y5h^BVXtcYX$>BAw!l=1 zc>fYjW*vgp?w*8O4I;`P82eZ1#Ht5s2TkS10PTdY8P;GyeUzQt&3r;H1D?%6z(R0Q zGAD|Eoo65}n786m<3Y$Q0})VZQ?{b$t?uv3>uIb6?q)T7&HfD_S=6RVZCRW31*eIC zA!oi1mA)e6?L^AglM}oC6K*r48fmyqz}9$i{g>SGVxuX=?QMcY-UkMPlCMOyv`S10 zYDT*Itw@qNC)e|0Ql^6=W1mUjW7{KQ!bMZl@&zQxCT4N+5Sb=(y+OaerLGhf%sc4T zKH~;1KP>EsJss8Bpce0@RyGldHY=g!oxu2lU}-U_h@pA_inMtyud z$U5GerE~UW*V(hhpC$h(m+O1#00VY)UdksQ&zI9hwrD-s>I`cWH&nCA<$s}6Dm(yyvhaTnUcSxTPi>_q~oi~)p+)6e5wG}zKKVy4ADo%Jl*zAeL~ z@Bhwj!4Gf+o$v0RlQrn%B|*kLx1yuLu$Y=#YRy?ViLLVWKpz&LtJ0@0?Wx#J1Oi>`kXoStEz8>TTkJ5@&^?xyqy5# z#o*JNP0?}iKWVI%WkCR6QHHA0r=W&iUs0}4 zw>_b*jOYv+ff&QVHm+T}X46U3cRu!SdDgSh)zQLD*4;U04itC<1C>TyigC`eX-qq* z_CDMxCDvRBW8JBF2lj?^=q!p&j8rqs#snOai006e-6g6b+sUfKorGh9~-irlt&*v+}^yuD?cwCtnNg+^;0d4s zl9uL7ELWw~uIi=qBA+;q~OnU%|pT^H)BHmq)_S zx9VGPMB#OHrZE0FVL{DLwJAvR$42`wODz0fa*V>md`fz3PKY3I6UO~W-4hnAx$J5v zw4V66F=^X$9GTvhknXYwYV)tuJzrk32J+hq5vcesNMMoL8|_!PcNM6Y(4Ha}ym6o# zTM)Rwhbqut>gPBKV?a@c;!97G-Jx(pU__=F&s^6NY5LAAS2}!7(07R2wJ0{s5H;c) z!PleL+8&`Z@vV)btdIQ|ZEQfjJ)%H&g)oyk|K3)*oz}Nw|IXa20lN#JU>dNaEmol| zVjwB0+9xk(TIAv}XT2C0O-!7cF;DKSu~V5FnK9T#QLc#Y=U*6tbz7W)#ghjTf4i?a zuQ=cL0hPvz(0y5C3^hrzBP=0Je!j#w=&HJsoqdg#I+bEsrffaCbLckr*BMu{fuEVG z9x2P}n;^77`-)41EnJRm8Aq1b*Y9qcKmW{=u{Uk2S?QLk7GiO-qdO1k8susEu1rO} zV_t%yRX7B^{b*Oej!VF6e;a~UKbjxe^ke2hBeV4oe_RVds=G@bnNB``6x!(_^U1)w z3@kPM9cjOY?hnlp5G-S-`|X8cC5{VCO1`;(+V-OthD|6bEMzYIO>Kk1dVHhFWjG0E zr=}G1r>sM!=r5E3!h2Y^f$2nrB?v1Inz+KZ8v8@%=kGhX-C}Z#2o0@*Z<;xyByX2m zifO2}jG;fO_?jD+E)mxP@|KMk4{RJ{GN`v>@h$MGo8MRIa%h?!Eb^v{B^g%a)%(rN zfag0A0iE{->6O^AM9Q$j)a1>dKS}AY)!`f*%ESIKUSKo&ZZ6zxL|tUlBc7CxrA+g@ z?nc{v^Cx;53W@nb56s*)A|s&~!^n*5;uZmc{n)&GF0o0OWa!u@ZS{qqZ@V&gSzsFm z0q4g@aO1CTP`fe+__&g#37lk6J|%>zC7d%q=GT<9 zew_9Ip1XBjjM+L-yss)P9+Za~u5$M7KFKW5K#X#v#Zd~73Oxv_`tfbtK|gL0_BP86 zM|BKM>l*eey(1|yDRp4&3jY~@`~*`UvHQ=ZLG%!T;R|O=Tsw%2(+I<33SqR#xi^Kp z?&zMLUxV#k`>LsH<|k^`P9fL!KVMrH?+fu!lJDZYc4jL^aFxwe5~}?2k5}rAZ>2^l znWmxX1kl73Gb|5DQ!2?je|`8Xi2iKxHHz zim6Rk@!paSB&@)tIoZcrln`-;VA73Ww5gda-7G5$wSFD_vc*M{@8-KcV|%LzSZ!cS zN5`Q}_$2#?_tnz1XUb#V)z-Z&W0a>1XVie9pEK4tD9jPR9(6HIroE%~@N3`WtTcyP zOqh5J7E%pQ{BlKly1%`!u$8PK<-G8w$Hx-NiEtqS5?itZ?a@~}V*WWtrG5vsEG zK2coh1C`6XsQ_l~^zjgj>8G^e?s@tn6_5!E=MN>b*b!5i)bH#X4{*X~| zPVMc3ZcACc8BI3EMtXBrEaC;HXj0VPhnjo1JREqiDvRlnVO57^q;G!D10Q})YVP$1 ztd_$5xZ!uY zwgt7ZS?-2ksiX{=HAo5N;8;>Mzt^Cu){fTR)A0+!`>bEz8Xq--Bq&i!rkUqB&cKeD zN%QB0G&3F7@7t7M87P!03MlJIg=Jtu2Q0mZruFSJ6S*xQULBdY_?|#9ky3j=^e!cY z5k4^2tkeMnoCeA)_VT30rerbRmFsnFUNltOGN$l!eWN3wNu-r$T;HbrLZyImZ9}nM z-s$mV?GvwwqbWl!sh{u6t)6di^O$t=Q{x@}I9F)*)he7uyGYlwc{kv>_Urgo0UCm) zl?Tl6OV->=YAPJlH&Pwms#zsFN0${eX9vRf?<s-&r)#MXdtMtDcjJ zJLTqMS=WS+RSs81#|tw?cX2!j*h1yhcP>nIuYn6IR8?5#J2V(kaua$HB#s+LAEJ1G-xqqTI6@iRNP(^L=!snP~jcfyxwvt80uNz7~W4~@}y zbgNflwCFTO5AXu?ISvK+ar5fJ(A5SrxsvPW&h1lRD$R&er))6BEHY^<#=uOe>*aBv9wT5rq zVBDr{eT+B9O?)wG8$-KQ+ct|ThersE>;pHhOtS%(bq5>%OaANM4LDMWT-s?h!ct6B zze(*Yr3wCC42<$j!J!>~x#F&>twQtf>^U^2itUdvghRO}KF#WEd+K#3=Lq%J1ZZI% zRGn2WoI+ug7JjsS{?_=U zd6qXW3b}`kW+*+txs*_>REDg-or24%l`*bluw;Z{Z7`T%dicFB>=?QgL^Kc0f7V21 zZO9@!8ZTfADDPB*I7ImI%~ggrs`j421sqL2pY;}`(qgxw=~FtF20eQYE|M|ieHDaiZL)~ckh`5OSH|PWAFJc;9hj zpBTgB@c*Mt>d}n^|3@I#lgDa4ZI5OtsvvYleEr2?`>WrXSYYK@`?AO|0>;;O=0a_R z?zjGLzOGck5@j}|O_!XsoniDlZV>LJc+Ro9`rRO!vI0lGAX^XTpjEA5G27rwux#*9 z)PV~72+`lIXWgC;f6;w^e=0@({Kaam6Rem=5eBD2IXD4U zO3#`sb9j<#@oUL%9~N-LKB65(>>hw|l8qQ(ZC9EN4?cY~II3q%5p=nrOqWVCWTh5f zM|t*ewYM+-V0taWp1_ed9Jj3_3rZd)t~r}(%&Zq0TB+4qy3IfjLUj{z&sj}-V*8ejAHk*V_e&}_b0&Niwu>rXK@ zVrLg7WcX`8#d!Iw&ZHvRJyvEupA>2r&*N3ddd$C}EPSRcBC|>#jr+bK!JH;-NP$y? z(on!K(K@;eIW+?KYdb9KR6711Q9R2JtDg53VIEp&-T3A6`Fv*JOMABnD^8=rrl1@Y zKsa0@dcLr(2(Vm9;;@^A%UB3bqyYillwuUDRvYqu`AuUZdV(mZcWswb+Rj%IVU!(~ z2hirP{^KNb63m)>6(3LNM~-^uWxI+ZhJn5%5;t&pZ?CR7gBQ{}qZ@(cpMT9R@BjHf zN_9uzi&9NwopRzTKb8^U-)rzx?+=TRhETz^MbX>ZhD&o1jXcYP_3g^*A zsv-7$r&N@9-N-Gbh-lG;Hd~dGoDlRyi;?C+4ObV6vJba}&}Am1yN1ol965Nc^nK!- ziRDx%j8M3slb|ED7y7c+yIc41xkvL&rRGMs<4Z&xD1E28)bESuKHjiA%eoMf%OM9x zj-$ps7;Kz;SMAejvOeD;wNwaZK*k=I6AE*y3%iq7KVS*d>L_JIVxp>Xl52Nv4j4rUc*A1r?V=M_b>M5oORme2E%OAVu&s`yyp1v&fO5 z$j=VMgUuLKTv7cet3%?O7 zKei)u4_O z*Xf3IAVm!*q&U-dqO;}D${O+`wBGFEdit8;YM#EOu0C0y4$ z#ftcH!+f4y;o~Qkk8g5z(?XZNMD`wWhA`DoW#Fde?-lpGkN-~RK*a`*5|*~aHxFl* zD3s?bPcS>mplKru_h*c1NfwZbDh!+KKL)>h%RkjhD^A+ebv7g(rP8Q6EOQb@sGKTl z50gXm#S>$j#%<>24d0DhciU9#n@7tChojNHs<4eF`GBw<$P9elG@}{Y*=^Xs$N@&y z5+N3WsCH|6=j4zc^l^zf9k_u3G7{j6&-T+h9?Ae*A4HbU=bIFv*H4D$Y#)bT`B@a*-ZCD|L&5TeXwO#(ij^b(h zH3^W1K5ny6v>c1RZMdMAB2khOo|*3p_I{`zOf{-u9oz79K2`C}h0btn6wCJI#w<8c z$}4IxKy~B7V>k7@6)purApPW=cr9wf#c05uTLEcgNz~fC%5XL}T3IPYDbv^; zV2YJz5xqM-1?#f04-Y3-FbL`HK|8Z1zp|yeHqdujz__eo20UE$++@kvqOL4diTaw$ z8nvzYk%5eLb8-pmeVqdM?mm(uv0}i(f=_o`k+XP_gg<^!rX+9q2F~1?kjk6sCN;~0 zt9mEr%Yc8o_9nx0TWiu2&8X^ocI!yL&I7!Ea`OAt0_Py(OPB&~K;^g6CgQHR;w!K| zEP%zdlD<=1D8=<<9s5%y9hb#9wq2C;MY4@=GDIYDX_Qh*bo(H3r>b)eRagyAU1Xej zRQfZOA}r(VFytiJKR*s+cq-7ROji-AL|>WIroVie(jc`{^y>b6gHJ{FS;D8pN3Mbp zlf4JYdWD22+f%K#S+Xtcf#m%meXCE-T0fJH%R~N>b8611n8{o-!}gRW<5=mEj^Nn) zbG0=DT&(#l+@Y`JMT^+HH2s1bDw-(BSQv5yux`Dt{ngR5sMLTEINtoALT!U446TrJX_*m?%!8V% zKirwFk`5rMYwcyGy?7f>Gj}mQF_iU@;P$LcG?oh(?o8|GvUy1d^r1cBL?E{g+_dGj z4@(T*R8_bb3zAY$ST`uf)grz&=84fIL+cGV=!qpKvKTfxF@H|Uj_TT^K|sfwKZr>7 zI3bP5PPo}Mj6%P0gwlBjOakb?yL~*kn-kPqZgC9X=QQ9__YM3oGc;3*iebee4-~?R zI?<~np(%SGlp&5j;H&3E+?71_PYH!9MzS*KXp@9w`h;tI-cD)4eL5?bSXiL-=i z5VL;dyfqp&>^_)@Whi)EXB7X`$uJ)!lKuH=1;*oBo?Nq86iSHsLsOuZf^GBpBVhQ7 zp?}wLQYmm+S2f`%RG+e{MIM(Sh@oJ%Qzq__VM9)V8P`B`NRD)28h{9cqHI|d=l_t@ zpOiEO%{ZgwDv!gXh; z>x?{CmrQJ|N4vZrKL(jZh7q&;A%_3j*En&~AHU8V#XlPFyINf%9-i>|CYo&7{H#3p8CxWh#b zEjL}hm#H=-WM0!H5Bn=9Pp^0D>_r7y2W*=WKv05f1^-4;FW2|7$=fVvGOMf8x{ zs;00O5?I`jphXkLNvug6^Lm6~(#}S%W>wi9ELPbb+9T-VnB-Xdf*o5rqt5dVuEiO^ z+Heg+uLh0KB=WCDMcjmu_a-it#ptic)2kMf-2M@=DI)14$Xiy0U0XE zR@lX2Q5s8eK58R(j1e~2sm`76H1w`N)@0)1M}kn)1mT6%>$lF~!Y(dubeJ*fae*NV zxyqMbTuC+Yv6NgJ2MeU6854UqiK7itRY!*R7+fzokyD*U$>+BkRu9vEX@>>{*e$G~2H-j5rfZvy;MX zF0iQ^Ef7Kj`)SK?-q-Ah%wBs^_4u~m} z^}w56T3~Otn1N4&Abo7_ffzNqWT3B(>VDgY+?K_On&tpVk`%~G-GnMdC$jCQ-CY%7 zX~~gTo$11M_U@wo5>H1%K@e9td^>yDZUlEtHd!3K^$Limi-VSBV8DH)r-Fig{=tOIjx61H3ZEX2gC$XYQhaGnTq$l#~MQa_QoS38lE#cd;J~3OE%qg-aOTMR6_O zb<%IOyB|Ykg6nL57aMa;dQIVJ)Ec0%$%x|2Ad)jV*pgqvk3ORywX$k3sIgZ#fKK4< z*=DWIlwnqbkhP@+RWp=BCAuVwr;mM)WseHyHIBZEWwMSnhb^^sj-Cy-Ys=(I+}cYDN^(kucOgtWQQ}wp zGju=$b^iXtvf@o=whOT`f?aoh4tONu8aG8a%cRQ9$~bykJk)bR;F-@#A$!Y&+i-Z} zqJLM1!c3*FPW2=99-;}=55?tloL)V=M#VUHM)1t1fNLNzB-fJ*=cjjfU#V(6&L2y) zRk+CZB?Sea=8J8$e*r2w`Uxux}lrH#fNUH~u zrJ(>W!YE%knkk1|nR&$9F&FNWqzW&MC&|}EP6pS2)trx_>C2f$WFD$c#4*sO1P~)o ze;x8y+`sDQdO4bn@nKu(;z!lda6FX6HiIkap*4x7$Zm1VJ=4Xm{o_{TTtH0LU96R5 z@zu|6S%KR^b4SDb=k|(6QlA{_q6&)h4i`$V6+dE~x~FkSGI27dQYa($dfx)Oq1YD@ zoZI`yIh!v;Sz}53p-HzD`w9E68b`_*)s=*W?^!nM0PVFc!Y622O*ERE2KK(_#xQt# zYb(Q7bS+a~JKKt~?CS?li&xU{b=fr*Fxl2D_MBCZ_SBN!(M~cvxQG@c(3bOjGTdota^L7tFj9gfaiKgMf;YO z`&~Da-+n=5x)E?(f?Ju>xkikq$-lT*gFxfbi$ z`Cct~{i&~fp2scAZl*|Ks6*ncyqF@QTG0TS597_i8F-k3Vka);Ei5ly55jI^`cvvh z>$&Jit;@)&&Dq)1FoS46y{Y*oog*ER&aYTMs5rJUBRWY}XH)!eZ-2AF1T=P|lur>2 z=ph|%q1w5zh2}{dx@MKpxj9_d`pN*v8TDikmH}sM&Fqtj)(xYGrf8Q0jDV}NG)Z=c zT2Cx@_wSw#m&T0MzcOX95fek$Td-732#wN3it*i*J_FHl=$ zDIh$PdE+CCw3sP)gW$ZnbqvHHbe@^D)|cYrueDI(zH0><11D7huX~mM04FEXjn%;lYcrqNcB(q_yaeq! zO?7GLYbx{^dcAu}PUghA)3qM!AgnURg4S0lt7|_=4v#SlW+fSQCi2VV3fq&oexL*! z;aWKpHfl~EiC<>dbty1wUe_=ZK{~c_GMBZ|a58)c&h?Zaem>2162qDpnZ+9$Up(}x zL*8|MErvl_P}*R9+dJJ~4g-mFt6WY2EXtnbzT!D65@km*8N3tQwz(J8E7p3{xS)CP z)3N)?q1*OzWxK8)y}r0sUC6z-I5?-2IjJiX4j!C5^ZN!0?c+_ZKr#YSCn>D8(I$?O zge6>#K#y2Mn^ta(G~bWhSE$nN8p#OK%5#ORTB4sS>Si&eGp)hk-xF6bDL?9(`WMa_ zFA-8SazKe#IxI(btVzDHJzTkdq+W;%1*Nvh(vIN>nJC0ScP{Er> zGbdABN1#mQlRJh7^{drz3T_FO1|YFu3b?NG^YILb_uUUJyt}`X&*TQ%!=Bmp6u$(G zpSi>GoR4pvj@%ow&Z%vH_qsb>74%6OY11J~xW|lg0kq4x*?iduw+-1DOP`ug#k=xO zZbh30vQRi%H&lq$zcDmp8|Oe;W}*%Yk~_hk>w{q^FqP$pGT6^PcK>x@n)y`TDooEB z=-@@Xh?(2z7PC-Nnv);K-+&St2RX7rppw&p51U%i!m`?q__^h;WI0*QrCJCyBRM#2 zlESuPz0*B4soEH?D#t7ZXXb0?D648S-(HH>F8#o4rCuNgXtwYqbEIW=@HWiGdSB=8 za8ocib2P-`(s*i=D1_!bf%AQ6Ul;7}jctmX94olxB_p1W+o2=I$6L8u3%c}N|rtPf={r@+? z-v-DeJDD9H9#L|{3V|_0>Wcs$A%kl4Ks~B{!=AE&=Mq&piEo#&p`xc694ww$_@Q=EMwi;PG1-UY;Kz`;*vpN>5 zRis#u8QkdPn5jb7vKq1?&JLUzKRZ@&jOed7G2AspN6PO%DP8 zFTW3M4gfqiMss5!-tc}JD_7wfa9=jU1y!M?sAkDU>qe3gf{}XBpkOXBD%K!sc;T13p+{MZPh)yc2dRA*efm`9TTvv(>0CNCZcMs;#<@2Y zGjp-3hS>2Qp43KJO!4m;{2pTDwBi{(LblOz`X*3K?{kZJ42I4H~suc zzISHtui?&`psjHh!(Jtr;^4nfHx-jJSA3Xin1wQCRH@uKgy zmp?G|M|akesCqU&$}R!|#Ne(~qe$2i2W5)U(Fu4}UP=kp@37uqU+sz9P?HphT%Hk; z>aMTe?Ez)CFGK8r&M(=?X}YBf1%b+)Ri)IT-%1P2a=}TvFL~7Z&(napA|wQ~tt40! zVndocd9{FAE)3H3m?XlMD%D|nxk{b}@*zt^8KM4=QP6+nT=Y*UqsAM*#nyr5>l4`J znSfY->Ba;TTTjz(A!O4SZ;|xLF@PJ!yrCa0EX{UJ;`>n>3wEi*NtzMh-WW+!ffB%X z6R{&9E)RS1uU6US5wYnJU4#6E?%=oS&#rlF=}8;GR2f-4>=y#)p7fk7BpcL-F%)8B zXSCQ`ydQVk3NGXIgbAZo1#j$TE_?QuHa6~$g0(AY<5-_smv+P{!OHcOp#;|8f#gtG+Nt~+(yQeR>&~qG78Ret$>~BqST5*BKj{3%1 ztK6laY=KAJ^j0)zeAHmXB z_VvyUvd_`U6dgj~u-tYPSnHPtfAUKv)72~QFDDB=2|d}ftg zkR38mcuZl>_z2z2qA3P8DbvQMagiVv!nU%_qJ*VJxq8cJzZYsOpPVwvx}1cL1z{A# zaOZPuuh;zGzR(wtsE1aW&@iII9#sH_x7RRQUh&CC*%7z3Gm&ojD4h=rC z%}j6Tro%BuKJu^vPAmjYAcl+jisZy&FuN18;wvHyU#uE{TwMWhuOY|1i&c$YMbGi; zvy0#-RpQ#`5{F9ZJ2Wt0`r$_^V$=P_RY;rLVk#uPx=8(@QJWG@3sA1>3fg!~$W;m+ z$YWA6s0t;HoX6xe&Kz;u5u;bHo$wbfeu$~WrioM2ejpD>pw*4IY{Y(J#We;) z;AfQs=9gK3QNq7-L?~O~3c-n?A2@H}=PD2adfE=urC?CMC0u3Gm=9uBlI%g|QI?iO zfJM*GK-qGd=%%?QcRI&jc zLl@}yZ9PbE2gJmJMyeu-enMJ#HeWw{85lOaF`EzUCX`L!LYFPq1M#qIA!gp}7pY6? z_kH-V9wQ8-GM!pl>4YNDF95(6Al#l!R$Z^}0 zWuCxyF7?WQJsz0A9)udL2F~GSq`x+eUr0aM_F=19UJcMWaHV(Sz^5~snGRP z;tUTO?WhpCee{w$<)9Eq41Y<)g$!~v=+yiTrnJ^57Ev2{w;BOQL@YV0H_e|FK&IrO zRH2I>aU+#*PYLI2SRhNs4jGBLNn~S#eEv5xi1JQ{t427Gl-<{U`z=Wtj(U@{<|gC` z5c6p0EEr%I#kJF}YzT&b$zDE5rzH_eXs_$vRCOW5JB1qol>5D}hV9GF(=XzXFtb;f z2|8M$?)k9YBexfgIUM?xVj>8od5RWsQa$+}*tWse91et3i zX)@}?-GqANkUHC_vE(D-fUI8ABhWlL(&w_#xfs)NfF*(x#1aL&Y>Pu;s#$<3I+sgZ zMMN_-Gggu;F^ezKGxPj2YETUk37i>^D?p|yO zo9&o={ZRung?57t<%Gp%D=Y_UEh$Dyy|@P+U^cEcC@NE><~#Hzr6}C%vXCrb*Pr}6 zx;OqE!F*q#C|h$n3OLT8p_YO&duTLpA*Kr7WJ#p8Vb2ryR6MWB>Uo6<=&rihGefW2 zJGT6AevVrJC{=-YUa-$yo6!9fiP5L)Y~asnBy%F1$!lx70q(pPsQg7rlNw#mt(&=0 zqVn9mDbeQBm%y^=EjaEU4qP^)}i%O2B#@}N1)#;|X~)Tin_m~2GxL7_6%RWLX* zUmZrMCJ7&(;U&B)c4Ml(5~osdZBR$jm!;_1Yz_97g;I<9G;W~MeR97fb|szUPp`;C$Gf_}d~#J(id}Z@fFD)Fg|ZrJmRae3rx;Bo^DXg6d8~IP!(93=~T3v z)UBUSzhvDWCfC2GJUx`4D>fo`w@6{!KC5u>x`}JmB7l0rzxi{rRtc6mNKYUT3fv<` ztLCoBr*p#2of?!PfdO+7)*+auJYke2F@dLN{Gc@7cvRU&;KLu)IYI&#>6o(#yDJO)YuLGCU!pRN6V# zcL~25FsNS=(cu0b?#>b3lzGb{9llq^?9a+c?Vpv?`qNhrJm+vE+$tJs1pW{mlIJgu zYbMs!!j`xaOP8_}i+gN~oKYc&@5%W6U7Ks49Q53>V8S)V4uR9x=C0}l&0EIbzVqSe z!swYyv`x05u_>Jn%(!cvn40jnHhu*vLAQqD;t$H8UenNXBq9rH7BSt}ojBq+7|X^ycJFQJi77GWKGr-T(ViBi)%$L^`}R-ps?0KUo1)0 zSsh_&dJyb{p+9e@jmz=aNrFPP)5Cgpq_6mEmn3NPh}t8~z49+yVi9;a3GXkIko{sd zHQln7LYFG0z#g9CKk*^7g{gUMZm!id1z`ttW7vkhBN|L_VsD#^>y)KV;lOXZ6eF(x zw#yLtA@>A0>96j2uH3qIo-I&sXhbv-+7U1=YucW%aO?qEg;n?9WL;5yV8EFXU{T4u zm7ej>VmnMyqdi5dV5Nl*EIr~aM;kvw8$8l=9b%C%X6Bq3UaH&=?|oRRR1vBcId9h$ zioA|6YPM20jM9u9TO%sRQtw*%msL{YKe%%R+D0?4fsUPtnw?ni_AwgO%vloXR)xyj zTbntef`XKoa02%WF%jk)_8I<+kd@2p+i=FE(1y(WkCgeLSP}_Dtk{%emrqq?jVI@Y zekjv81qeE{=$$D|M!}8BJDS9(jW?3c+i5@GkJ0Az@vjZ$hutduk4G`omrxr?=819) z@SV4Hxt8%FGKLb0uO2!{!DWY6A#6*VZzGn(#-A3+tb{d+AR|-B4}f!nEo0}cA&FLI z1vHL{6K)+y%PPz5;b3lX?LRyL>VP)NR^XY&v`HBhOv>P9AD}6h!2FHvF8^lJ=Soss zPG*iLB^SpUl@oRiJu1(!4BApSWf(+=AFzKXs#;7n4WF54$p#%zds1>Z>X2LUr`QJ`@=bVFhOU&n3b`X^XhF=?$ywX?ChvYWmiWV3H zg#F_DDE%G6s$pgMoh1n|^i@#kIh?3Cqfd{tuhZDjWY5(tD2t+e&R6OZjhd?+c-Ky#n|QJ`+FFy5ZrA7%3hR zV&o!uQ+xZX$NS5pf5`CO=pSQ-z~2WH92^`Ngd4YAkl{Iu>dcXb{sr#Oi9lpJU=k1n zLR!JJ-|wW@HjNHnZ1jaD&}cNf-!uG#|L0A4iRtM9;5Xs(xU;dc4h&Z-Q?0gpq{B$vL#syljneqN>%T|J zd*@fz))Mpnfe%;qy{KJGkyh>ZhL)C=_~!H{%S}YQK4q^cZB%|YA;^4z-5TSAn}D}D zou(h<`ci`#LyCWCB9LI`Vv_6mBB5gtpW}xp7#|Eqbi5py_T^y=O4Qu!o9&wEpCnRE z@WYwCEy?nNi}oGm{jtfb|NUiO#Sas+x#3V52 zW0MnCxgBj0?bTuDcGdqhw8>ROg`_b+dOBi<+d(D{u$0@pR_hVgVh*c5?KRR0Zv|rA zNhqc%(ETLG`p|K;)fKn-)6@0Hye5___Q%}o?RMZFbrUS`!jySefSYUA9TuD-YLfF7 z@+MLfgE6d59`<6X?pG?#N=Djifksvy*C4+8{=vd`6}g?acpSC6+fFcc4Z{s1w;eZyQ%gb5Gz zh$-tvb>2PE_=$+LGlGOaI}$@6{Wt)3abzpgNPcE@vA&Y#lY!6c<`xfd*0cA+@`t|U z1RA~5&psxQWw8=$U`)e*7ROz)&g=!Zpua79AxVQ#wE$E$V?ZirRnej>%EY#u8@z&h zMu20aA;H-uEHSOg0&PNZU?CdnsF-aFFW;c@#7tSmjO_6gn#o6V3gxeqK&KMJR^JW>8k`(O-qKtZU>Z64 z{mNx%oOmH`?N@WZEsJ62ymQ@6ms6+vNvsx#+UV)dQWx33yHL=dBh4e#ZuG`E4csM} zHG?mf*Hb}g%AQ3!cnmFIZQ*BjqFYA`FKHwX^XT)waVF#0bYM#Knc4X~WZD`xlX~>p zd>R7Ptu4((Ov%YhaTZv+x3mW2Ll_GjO62O0 zC}RGQ${yDJ^_ef-w&2kOL*r&;9`RT6Vcjk5U=Gf}{RgS|@F%EW>|X0@dva&3t&^GV zBsR{ch~#Lu?Lfxwlp~C|<(-^P?M^z1_{N{qBLQURID$FbCzZuLVUD(^9fLG*M<*N) z<6Y&EPagWmY|FA|Rv0_KVlr%8O>9bqc|PpHA8|R~H4uTZ7odeGC+FOf0xS}mL#~%u z(mu13kFt^iaKa0HBApd*Hg{bhx6Q%^Etz2fHM`wQdB_31>Wn&UR6%bo<~)PytrSlB zZp_dhmg{WeBtdhr=a=Vo@GonPk9@4HH!b0F+RzDvggTrZBYi-`sBwV|RB*w^{tQjD zjt|B@gRDO7je2xJJtU`nll zgv0x+#t51mH_!Gk99BVtEjl=R30U`@KP;u+L$|XSl}%|e{jf7_v-4KCSy>t*=~*5! z_l$Fm+sL1fe?>V_!lo^{vbMOm^FH&TgdZO6>q0a2^v)fa*y=Pvan6`#ex$Z)4ZgmR z!6w910kPgS%<*dY=Db|?QfZ&1fxX7jRo*idnu`f_NDrse^;u?)=br+!HX_9D4jP!| z?4-kZJe_vCya*`AruaTBBo4ZrKdIl#>i>%Hjum$*hfieu;e>yLwVN|D*9E35UWd7a zp~C_id3DHX!H8f){AXW!2vrIbA`tvXp1jg*LFhk7QBB#qKSa?=br)06S!7u6bEz_&}2j%2Iio z5hR`r1EzW5ORAHLHB7yCZDBMfnN{!!^>us5yWcSsbHXJ8dA_X|*YTj%*t-voHwlS? zT#y3vz*5?*$2i@+U9U123DSjTw3K_mz7Av;@!~Lr@Fk-Y4e5hsXxudu9Ll7;Flxo#gWaDi(Z;VA&q~`>D7<~bd zVBXpZa<-e1zUlK~L08T%@tP>D$K9N++iyJ?V+p^km4hPMcsa>-JYk+4{6dkU?b3MN zMJOCUk(T-l`)XLV)nB%_ZO({Ks~`S)kLPwg4+Yi1EyzJ@?VQ_Q5cG*qc+7Pu;d7AzH_gt?i1EU$ z+glnA@l0r89R{9zPTw43gZAwY=rM?9W(}&}#^nEOS&c@b!k*W=h~Zs@T^_^Uh9dy9 zXl7Not-(UCg=#g*;kyJHc@3=k^2StO($PAm7j=rYG@U!|C)Oa}v;!TiZ$n496WP!$ zQGTqTiNIeyhS9A4jLQ0=fGrPl3b>yRYU|>4!5ZT2vV?uCSqG`L)@tqRmg7I}LAE?B z3THoRE&ozXP~ZO`D%VVZf5S(QmG07SgsO=msy^rPGL7tg_VHEpMr}l3CvH!TZR2&> z_uUAx_-ob7};#>*ld9g=@eTX2Cj zX;}4;uXuz77Z<=v@%N7~9w-IyBvh70x&cV+iZrjCCPm6w8&mbPc$flMCt!x;c@K7@ z4$0SJ;vO%W?T%r5V{s-&b4C ztYXXCWCYMJW`})cDTiAxUmLHFKKlgFAq2DXI{LMr$F}T&4K|`bNcw(zjbMY6<+G1k z;g=mw$mn2}klDD97t|QQcwY80l3NBz<{(;3yT<>KxEb&3CfYLQH3> zSyumm9`n5Bofg$-y28n=)ig_|YXJx!2JA&s|}bUe1+zs%3Cqhn$7mlc2&p2PVfsj$n_ zl8$lR?_sna72J=c^mf+#lbFMNQkI*he@*22YPxHAohN=Oxe`=$ouH{_zwt!`So-C_ zQS|B3xQ>oax$e{74-vG~qdKenKJhGpNs2!G%XdC(cd8SoW&8v`XV3-)>$nkmZRf}y zpXoAQtudFX>NdSj$)9XrEYlweRYJJ7V=QB)7I{p{G?E=ih~EwXhveO|cl`&qy;M=)GEb zI{(JD7oH65lmC`v+iX)QtPB*k(8`ilG(q3B51*)sO7*Ft=q_|erzxE~^4T{R0`?9q5dYq4UOffOK~&YfRT4cKMlwL8=JErocmx`%$>v z3FFvhoW~L2vP--LlGLO8sP|?XvHhECIbEl4F%&Pm_)m?eX0uboZFB%L0;G*#tGDPQ zo~T5~(OH60@JfRd^Z>#u663Ev6B7}a?o;_@8XCMV`(LVXT@AH)rH)n`5S@bGPVk}@ zn`odlHqp*gY6yE#vmTj(1!Jk_Ak@V*p}9)P3|g%_R?VYYU~1wS0k|9`WF?+lXr0$@ z>`v0WRN7exzQLvFaGp=`B+#q=GSfEHKLHZMDka7%3U?yHT`tYK+p9ilgt6;##-^%e zQA|S^DU^B`tD8GauAM-qMDeR$?YxYoFs0-2!p~w<54& z*O>obt51l}moMWL^yFz(1R|_*UlqzXAr%5I=8jOuh-V|i#+rwfc<$@mB~anknKvyI zSZ0~t^uCXK3f^B9)~E=^Bnv4II-e#F?MG$n8OCUHHdhurx@2LXOs%7^HY|+FQD2AA zWaoNp$$1paaTWKx5YCnM5j*ThW1C6!q`j354Tfd2Q9i*P=ORuyu%bO- z(UdUi5%V#7P5ZbzIF)fe@6D);+VR{=h5?9t%^2HIaUCY%!M{{2c1yO)6Kf0ZYMWpuYU*j9XduOT=?1)9Aw$U=LGh{BO1pesO@ZhMF zEUoP|NP9^`@kRu@H<>PHuHT~c8 z0ElFm|KgYaKI5{t!yaG;<4gae-_UJi{8FtKHEQrbjtcm5zkAq0d~PB7&w?H-Ic%P+ zv{bu+6$>-{e}8}Omt(B&)*;LR|JwU9$%6kT;r~b$FVDRV!FAg&PhS3*{!mYUKmYF~ zmEUgx{}M6&ajt)FCjYk$tbT}&8tScdX*;w(aw*U32yOpaloeId4LF3tU{uk(;{8J_gx;RIGleE(kN$3 zYOp%e4;o$3&65UP*FNX~u7#oC(ev?yjFL7$ z2S3~-R!uQAC$xSi($G!j9Xn8O#E;zYDoLfNkk&G87K)w9`GDRS|LmBiz4*_J(H3m< zS&3!lrc&5nOwtOhIg-L8NEU(}V>4Hskip5CvP7AnS1_Da|91Pjn)nhf;X+=o;p~@Q z;aBddv;p_*g+nI0_^v5Hqd+s-GXd>rTOQe`FZY$V)2fP`o);C~NefN-<0NuI=M@6R z$+l8OlVJH|1yzjb&tNHpzgKiEfI}qREWa3x{dS>~T67t3X>$qsE8f zV{FX9`F3@6Y!wMSAxBO%=#yBlSsyJLJ!xFqvNOfmuLM^n>kLw#;_t#hGI zr&=^)Ufp=FOtjr`R643>lt>%dpqVZ*u0|O&ClWzG=ne=-xwutmb%v!qWyM%ws~BST zko@H!K`ODOk}nQFk3h-SNE*ISQ~og?_Qe-<9O!I@rI^g*^H>@K=nxKkUQRC0IMO13 z!X$zsy9zOm#XP7chOH3})5vTo>nqWt$)dowwFN&&Cwoc_e+(2jLFYt)XXe(XRpBcw z)4kb1Xyn1>O`$G#ImN8poa9lvoJWg3;z9nIB#54Ycskf;Ah^C_VwTY*MHQz%9xrv` zO6=R~r$NnRWjNeGox~0WcO#rQ?sCE(gX5Mlq7RnJTU_re&u>!W5==3TX=Y4bX6@na zIB^UrPa*HeuPf6{2&W6h>-O^xbwt}EBHr$#0K*dZU!~K|1ECug{J4JZCO#Xp8GmXE zix4*OWUmyupEc{=JEoPkDIY$KdHy211tUOjm z>OKUQnaF}xY$68M6Q7^RC z4JluoZGb{rw@p6DBqf?@_;dnK_xF!fDEVP^yYP=6@4UR3Hj#GE>G%NSq|bzzxln4L ztw(NkQ?%*TW6|-C*t+Qr$qyRc5nj3AqrCD*PK0gZRD0N7Hu&X5!zLpgkDh*F-U%im z-n{JEqBtr_gF6Zv)`(!G+&oTJT%z@~li_GE-KntI?`0!-ufSV|Qn_Q*^F|BLrEu=Z z%gS6epeGRexA_KZ@5rPuubgiSt?EJIoih1w(tL-z>dNIk^4%O+P~d}IeLrL@c0CFq zWGjIQSZ)>K#&Mn%R%n?U{k20Fhxn4G{$?bR?j&mo1ae+N2d+FVP=_d0@Bjzw_e z^BJP9s3ZdfR27LxO_s$1KCbiRNay)xNaJP=G1^EPQ8>nkdUfdm{01M#z?4kM&v2Tn zrKvT=m_SXh5qOKM8C))1g0a{0B0c}HRW*$eZqOq?aLWX>JEtwBel6gql#R1u?Y?t4 zxqtz{?V)CzrWq`Wr1xG0vjrGXh#W2VtIh(=f!~x-;*z`_E#E01lrSL4mepCHz) z3KvcTqXvF zxY%6e!@fn+1Pg2C*!TM>s)tpc1gpF~@xuz~->k-R$06mAY)P!{w|CI>mcFC@QK zh?#k+Xl&>#XZA}xV%mpWS~S$<+YDoclL?m#IXA04Qr~gJb`pWpMvSFn2pU?{CJdY! zkJ?RfQMN>=+y@dltv>#ua{7OnBB{6cI_^-T{7T&VH z#O-He@;+|-cIu*5i;%FiGuL{AaZ9EKJR|uvU zezK>HnGa#-R?Un0o`(20_qG+E8)L*VYDuNLBGNOfvVV{zr54CMJuV#dLxFPA?GTGO|FR0Ff_28$mDh5UD=-&!RJwYYhft!slw>S5c{3b^VE-T{ZX`j(DzYiUoSPL8J&r_2KH(7_P3|okzgafZetO zF{9+&t`sR)PPs@(_12p?{Y9uvv0Tm5H)H?%NrYOr+FzHwsxY3a&3k|nC#K%##p1=6dklGPyH$#z=f`-}< z%J)J?nJ7rw4d-hJaM6@7zb`cUIt6upi50U{`-=Gt5O~=W9G5YgQiGjgIsx6>Y^~-% zO4v{Lp_BxcJ83URfOgY||Bih$b^Y;OrFx0+#AqEp>^4+yeV7l?R>?Xx3pNmWMqSHIbdi2iD64qZ)$XMRFknRs$@zi3WctMicwu*o+vNHmN|C`Kn|;!&lS_;!e^ z9?FPyh}voNZJa(^9Uwi41a&dBuJ#n<7yN9B>SHLTC#8>*dxPP;M9A|M>u!FqJ z(2?l97S)-yRA3Xk(+uCFK}t;tME@?8AYGHziO$qt&J*LHb!I=eJxOQ(%ZN!6x?SW|tsFSJDa zF$4lY4{P#lvD?l{VMFFIbn6YMy8Mzcqo;Oz3J1|mjC!`J>d~qf2prn%A*)L2uI|N` z!*lR{RUY>Y-?5yJ%_ek`dDc&*a*p~&^@Kxo zQ6TNJRjk5_A0bX3;M~?A)pN4TP+2dW#sVd!#ben*38)WnfH(t%wW%4?Mjz8($J^Be zWUzAdF)`w)2XZ?D;F-1qMmxZj=6R_5Ts$kV_^KK8)Ks^jyV_~-yaDJrEL!z9bUf3#y7eQ{RQ zdm06FVmKy5OsDN2Rk!m$gN>zH!MVf{z}H;x+V=c_`KsyDF3+(v__CGUdA4?CxA?C3 zrx<*dgFP`y4(a(J4#Qj!4U=;LrdY;Ravxh7AhFqgwI?sc6nnf^YEdN+^Q1zBee;I) z6$N|a!oVF9BxVA`As|P?sjIzv+cLq{)UMA?%lGr;gSpWQ)Z|LLK1JdHx2Sr0n-;UzF7K$fWj5cU5eHUD3rn*aXE{|g$VF1K@;pXcJIWmNSwy!e;djtc_^ z2W=~B(r~EGe}hQ~(pYCUp+TwMwJge_7F*KT-5B+G&LpZ5u`Ht(PIP4bdvJD3q? z1WU85zF}%!F1u7FP%!VY-UHkyHl){$*M7YjAJrJ_+O~1-5b2CF4r3+*m+RXeRiF5@ zBfyJw3Q0LsEY>Ylj;o*X9iDD8JNjokraKM#8Izfa1-FDnl{rm)CP+0$Fggw7q#UQW z{XZj2(%tIR6xlz+7iYGefg_dR^J~?tc{;O0!y=_hhO{H_GZv(tG6*p2SQ!_W3k3S`a|D{Btl9kz~{KUd2JQ)~x*S z#)S6YZTPuyj&JF+%$egs8|$p=8@W)7lfgCdEG%Ay&;S~&a=pfau>#OkppFLnB;mMd zQ0(^n(j2M$T8lhR@hFW$KvbP;uS(aLCdC$Q%k6P%4mQRR$7%P2?A2FvFtAIDchS zEy5|zRuhhVP!>$xiYIt*i|8h;?2J@!NXr^#`R0b;)&k_61;o+~NIs^1;7i8Bbl zn{epiO7$u6mOBVgGSQdHe_;;>w^qTiGySHdG;oRYD_}ob=)8b&Qqya&@uV=)l51B} zG}$Yojx%ST)}fc1j}lq0 zk2&)+sE=cOW09y%{Kym|wq0bS59kXFSgZhp=?fKhXx$OgkRXYVqvwD-bS>W4xp)u4nh>pLc{nVRKdZG>e|35 zV&NSC2`xOi(99LPV0AWmrbiQ0Epac@kTDF2zo@@dQa3y2~5NK8`Pq(AV9xT3P2B*@yClr8Kvh#6ZU_b` z)kBBR8onDq9}Vc+R8&z4*u^rJ{ezjBn$%vi&{Brb`==)6L&QMSmrYJve8%f)QfQQ9 zZ5dcbf_tJe#Sz8I&?giE_WP{JHSBzD&BV#Z2liffwh@Xnii)%l*$R3g5vy!Ji5+n! z`szm43)fiGMyT(K_(&T58RP_jk(dfhab*saaUEBE=8fqnoXk${glR;(<~~%ECtb<0 z0onkT{uO@D6&XiJlu4x*UjlT$DAn`ar!RLou)b5y{mDL%-lzR{;?3O9SGc+LVGd*+n z^W1275Nhj<=)%+}mC>Dzp^p!Eo*rQ&G--y4rprAUO?Q~NAJmh02B^`^GcFT? zMQkH72VB^}kW0tu0jVr{RKh+*Okqe;jR5o;{dfN`cdX38#y+=ch;x+lh2iFlGA8#Gkf+*Vu17hdJ6e`{x-;D;8O|f-nhK*jchJx z$jH`B9t8m|np>t$kzMTovHK(Hw4uMHj=G;Me!4=3uurqlBqZHFUACL*PgqfsWVu+E z`_ln2^vb->3^fad^fO23Y=61QYQ@>a*Q+547qfvK$18?DJJ1O~(py2NDBl&2d=av! z12(cBHc~;#8avl7MFJ~@rf*2~R#pmyyv;{?Dk-fTLTn0@uz}Yu`}_5^YxoeW+bjNf z%bO&x)Q1*XH`H=DHr0==9mIvf!Tt-uJ29?BddGp`Yd0P=aW%2d&f%7B^(gW&XRuEx zrNvxQj(!)NRWmL%9*-gxEvr{R7*287c=_gq{1vd)sMds_%2+~Z|cvd5*D#IQ|kjccyM1pSGLTQ-R(nBI+euR z`hc+;zLmmtgk&mcxyVYVyc02YGl*K#RPB2mpKbXc&j}R?YY!~h@z8sQ_kshK2+2p* zT^)iTOw926z9tWGZN6*yjY^aQTk~c@8|pw`ojh|17jv%eTb- zR9k8PxSTUhL>=tVhdf9X*Oz7YmQvbh{XD_=fR$GQ^~MG6b!5YWRe0Fe`{_;{#*{hz zS9B`OHD@xmPDwUZ@lYnotCv-#@x`kp)uD)KO4boAtxBnJWVy|p<}dO`x*I-x-v<9C zr9q_);hUf(62)>yu4T7cS?F%tEXjTPhNX<3N2|12>9)z~rm&Y~KV-bAL9A0EjyOe- zITE{t0j8W*HFb(Gqt9+PM}mJVT9r}@4yJ6wGx-ZPMsT`71 zMbD@E9N=NCJ1=%7>87pF>mWj67fl<6tj1i-d9(Q8UtJSAN^dyfX1lE%WQ5?BxbqKU zMzY|v!>9vI+x{Mhrc0gBK)0C9I?_s#%%@_?HxG7CA`qUhCY|U5A#B_rI{Mn4iG6Zu zoY4}DN;_x&&Hm(aeJvSe-xe-~kUu$HPNmG1Z+_(dn-kkBG$IudiSn`?^q%eKXpVN8 z7fFL6=+i1kf9VzkI<`I?57@0=O%M3&;Znichzj^ZGL#Nkck&8Ij<#_(Z5bF}(uYdL2-e;cuKd5Mj~SD7F}y6t}$ zu1BhvKAdP_5+-&n5+SS`@G97~88hj{=Vtd2vm}5oJnV<$|1~!OA>}=7co(`II2;=B z;dn|43(_)Zp3OaN)3*E5(Vw&D*cb)YBC#9^t3Svf_E=dm)!beqHSc>eZ39xwq}A;HN|;G0CIp;Rua4 zZIb}s`OTmDJRO*p3tA^C154@b8y=pSU@nU6ZVQzZzd#On(}#YZ;W$;j&_bt|y-G58 zO4<2*N4?v_u3vp09J!{wvb1;1pnJKCtOf?u-u=EAQw>mDl{*$#xT@zy#OXyzBr!mp zhC+fKiL)gfl`bzSSZx0J`b_oq+u8RpmLjI6jiBX4dfuqK%a;TsE0*(oJK{EAu&rr4|_onip-3gPNVGyTJ1cLp@Z+P>NcSpY<-B zG^{6T*yr+A^vRgul$0l1A?@a2QCT==;VR@2FqI8Uv^Nt@l*^iY9=N8qw+mXviHm=0 z)qJ~B4^!9Gi$2IE6Knmc!|Eh729Z{AHLF04D~f8Z*L{+d`n~6+-}dwB3O1L$G36OX zeTk-`a%2=9DCV_+$ zqWd*$2US@mIKGnZ>x-TvEN_0?vkZagX5pk=>uqn(1eZ*`iuazDGV z@BSGri9Zg^m^lMt`O{eBp~$=a2)tailHl5VY}m0{teihbfDDbq4s8>Nj-iWMw>G=@ zB_80c)g4whjeAXYuR1F2$XbQfQ2QaC{2E&}tPv1%xyP=1<6CO*=uP_QhT0whwAIU+ zA4=ZA32p0T4HA)Iyu`Vv@>fZOnc@2&yt$P1j_Q<818t~qfL(Ad2+7oG1P zk0V4AaG)x|b|J9+Ewg%PK3agGda0Su{C9}K7jY%!5@b%cXs1hE0=VR5uoXQ2 z&=ADxd01vSX{h1YPdBrd&d%55Bw+pbO>p%5Fn0%vfuKW2Ej6l@~FkJ9w@0-Q~(Jx(0b-51-pw>|)cN3N+{X=CVS334tEGT4U3SLd8T2{ z1hc`qcJPPMwFR?I^91<(;zRcN^(c3XZoLcXzdnXXe>_(+Vpd7 zT!=X6SvJv|GaGxVN|Q>^_DJ)Z88{;w%)0Ujb8nxLD0QjA@k%j`Z84_mEY86FhFW5< zGI--Ff~AA}a^!Kq3GMB7&PvmSS9hZ=r-V{U53@8SZ{`CdyN1LS7(NwBV`5++*!rK3 z^Ur3!IqS9O+D)7S{o&u5o-sY|N_6&}22F{1FO4o}ChiqX`R}$Ct$bva^*_%?obKH- zrF;|*X9m(p(sT@8#Wv+W|A%O zi4&iOhl1#}0)hBhXP3R4ry8!Q9wS~{OuPEMcs1;nmZ<{e-VEA_m4_^&btf{E^x0S# zq5k~R?RJ?g34X<-sTZE>AxH*9Mwy@8k9N-cUkitPKwT%~30@_0`NuUPy)RB!8tiER zj68sdfDFx28!l{~gu?UDw%}qT(&~q*e5hPHkkM7xQw<;76J`D*+pFmc4L5yj@rP`~m=sxB=xF$EP7i4RIqFY4xTp@LjF%P2VZsAU6N^FQocx*p;AYqRcJoE!qD8qe zngqbD7d^!Dc&Cc3P1thTVmve23l7x0jbh(mGdsEV_Y@dsg&zhzfH5l zZbYBO=S}P$D_5W!OshhmR*CtCUym9x-fqC0YTnJ^dgkrH0KZ?Ny>HQNwB|dP$=Fxa ztgx2+FrzI^l`4UcsJoHJ3{*jg2#R$o4AqEgf z>|Leh)X*?40x656?zpK(;w3(QykeSx5_>r}=dh9%H3T)|u0hDmtuFtXE^{HyFzp|F zbo54V!DRM#OHStRsC%($K`u$k-JbEHE~rxiT8)}*zYCWYnnS>MiD7bI%j4BS$zP;% zL}ZerT;Exc`KKCSjU1vHTh?vo#DIzEms200=~-2fweHIOI1C7pyRr>{>{L5lC7J6E zlVmJOX9})(YCWBjsc1>`1G(*CuC5E<%(#Phe#J7nU>7!k+QvhdMe9X2s^HN-YKldZ zwl62^sR6l|&c>5WLsPnyROJ}D5N$V)7a^OFmQ5{=kG*26nE%n|B*9UJiWFQ1@xL_6 zcbm2_%PDIkzI{;VI#u~-VT=7^n!#czohcCPpGDfFcMJMw8uK;Hl+e=@mq`=yL7+8;cn5Q?l*oOsCrK5(Fc%l^KI4a>{WvS%UgkKK~ZN zP37c2F~J|mMA_+qewi;6P^TkJ1|o7p@ooE>1{Y!&$O z-6>W`Mv z7ODl49FeyzDT+rRPRYQMlTmp*{4)bmWKGI)YvIQ}lG^4gt@tB}MtOsV*ZetilB8fu zu9C>w{FIoh@Br;NH}6~@{IHA_F#;H+*DJ>8s8Z|bw|)^Vm3oq{_$GTOO#4%@C zw4bH-U<0JIUU6+V+r=0n53VX7i%C5{ZQ0sV;3K3Bp%1_56cU*^qL(FA-w+E@VFFb< zutqiSGaV0Fg?0-D2}b24@u3;7Dl*^TVUeS0T7TOLHny|%hx(P4P*UasI8G|MDcW`5 zBrK?T!+`#8s%bW@qTZxJU&LG>gOuybrQ|-{wGIn4PR;OAR^&DqE9lBEvy(WbURYft zVMoj3e`L32_k;`~Fy><$(ny9YSnxOMg1gieItX90T+cG{RZ5W=Yr{f=pQxwB9*Z_z zx%D)c2qbh!dka^Fy4>?8NvOL)1;2|FxBM2vyE~^iFDa|jV61BSJq2H?&ijo4EnLOnblcPSMZ}JUY(WgQZ(>`gddmjxrDe7{7Zj zNwXp9-sN^Rvll7w#0{KPO&3f)d1)+S<~;;#f|~kHc9cAe#H^}syjr$Y<(lmdPH2a8 zJ^&!6Ld6&Ozn306h6>SFaGm4n&&MISR4J;AgE9pz#I4aJHzI6T41jZiw>Ozz>P_=;BOOxnFwuoSRBaZ zAtsKRP4V`5k*Kx7`o(Cg7+*v^RLbc7wDB0rr!?m5N*b}0 zC=T4ndxbu6lsCp)Cok7mQD!$&xnIWatZITwNNJHrSlq$hWMx|PZgSwYSz&`lhA!!6 zbA;p*0C}T?G$75PR!}0Y~@?X6ugc1j9(pOf{R> zgnG%ciSxN%@2Su9yWH}uJ7*o5J{5;na2CYi*JM{H)m9QS7i>~thHZdu$}`rR>8SAs zKT)Lu%geLF?5l&0a_z%B%=Qi76ZJY&0xxtA7TH@X!%3!_Ij4ft6f@g#w%v54iEXGN zqQVlFe`PAtG@$JLx+3Mzy&g@}yuCLDOH1%T>?)fmDkP}+9&sJvt3zCFrX5yrz|GEu zsHRv^v-$lswbHV_G`=LHqCVAT8=)HkOYKu!Bczcfw;WpFjwY))74;2wZO z?_)NCqEkf=T8tkzAAP%}#Oh;aO{!g07o7;qx)2r%oNmlXn|LN+NZ+Cdf3FP)pwGZ&mOoM?sRbY{ghHKE4;XpmhN;bsKdZb@I7_+?$i_HXBI2SCnYy5|h+*)t-k z^TMGtGZ=T!exTy;=5lL{^w+tLL=ix*;zaxQHPnmK-2-baX4R<$x~l3 zHbfJO zk1Bd&Lb}8|iA?$y(ZRil+%p;>7G+|+JoxIJ39Zz5$w$qN6dc=LNduDWzL5b>q5AA} zBx&mZY*jOV+He5Br;WU%>elr+97oHnu54&EFNI{|{NSP&)V$V#7WRkK>!)Yk0$Jk^ zAOnyoS|@K3KDGLFobDP*<3$3@p0M!wKfiod)BEJbQ!Z$5b}y+bT|TOM=KCz}Z6W8{ zRY&S-2UTRrd%v3y@eOmXzb-g8Z3N)lEF+Qb+%VL!sE>|Sq8nPG)Dm-1Zk)XbBBe15 zB#dSq+Gzdf4a?mZ%HMgZ{Sv?SHaj$~(GIxhE?ZTN1_bG1S>W46PyQX+a00jqR60Y1hP*Gwr(vLf=sgR5@yK5()0h#$mgshgQDgLzl ziD*rS!?`rUDN)>ZBQFn~Tb+Kxdrl1AAAdq9kX4hHg9K znx^agJLhNuoi?S4jtvk%Z*xUW-&7L~C6_L78A30F&oIu7PDy0A6@FNjwc6p7Kf?E& z$jRlB90n5yMv2sO`||aVEh#3(T3C27kPPI$5jok8+;9oSoob+qcC-|Wo5)|mWrepmQm&NM_b0Tlbc^P z)T~02ciTENHz!*x#fA)!$vfrutmh*kA8{qpflPyX>$?@hwOMad@GB;l)Zs>9BTM=G z*ZTBGZ&JO5|K;!Bw;6r@*{teW)im9|E0)X|JT3#bK_#RUSHuyAw06fLRIGaMDPix2 zI4{eXE0N8JLQGfbAA}B0Mv^(*ATJmx0#C$g6@Lz zCV@~qa#kyWoaa&b898oG10y@A(euh(V!O90=l#<+WdM)Cuu)`BVXvX+=BIt@QW0YLe0`=i4PpSj~9Oi z+G_O(ov0L$lq*vrndZGENfMSJ*)i4%W0+XQbrNPgrx8?k8EwHQ3I}fmIl1=7U=PC1 z5OmEO@?rW>x${}@v^KP||9Ed3kk21_59BqqOUz%kx#Ctf#3XTRSCnKW9+}kZ-B4%? z`>e(y#mMrT;?PCf!T&ujVNCBYFxPdFKTmo-bkg4`K~ZRE6!RHI+-&L695U}5>1ifeu@}by;l+ZC#h z8;o&D*$3}RjBD;$eZ(1c&kB-`5f{}=k9vmrxV@JpM7|egDgas+uFw5pGy7=eVMXZs zlyWFuLQ%aZCUAB%w2Ea5lJY1-PwrN-<=yrA;w-PUB40ylo(_XyE>f7GK2VVBN;(`C z`^f1x$Qlq^H(T1hDRs?al@Jy@R(}Gw<=s5S!aq3`CB~Cb>Yfs|w8~Ui;=29?LjgN) zoGa1?MzEZeO;^;lg%)O<6NBHJ)`9!!B8>-0#5;mO4LZF}Vwv9S1%3K?YWZ9$8a?3y zuJW|tY8A-Ggb90hE{w`ea!V8<*ggo(goNV{tL1<7g>w0oaF%Yqx2}OQL2>rsP6i*Bi?WZ7oDl8pWu)MMPAId;=QT$m(p1`(5Vn6*Myx1W(A%<9J9*OIZY zLDoW&c#cjcSkcoIC5QDY#QAE=Mw<$Fqj)~q)${qS)fEANve(hLVx7t|=E%a){cpKB z()dsba)v;9lCYByxv$_XxSAZF{ys4GL}%i+rv2m72X+!H52qGk7o!!Dc1-_eaxIBV zwqm963B{f{|83la@AV&jyBSn>?vo(!R(qcbG8<>oWM`IHopJAPZXud z?2VPO(z9rI0Gjsery@ePCFKH05Qq*6&`LcN-xcU539R-TL;OxiiDa(uVPn+|5ImgRKColBJqPDo^-IF2pv*+~oV?60A9T>{{-s_aX?XaDT zL^^s+=L2_-IDj{JM(_$xKG}Wq{%fN8w^e;e^jJujc(<|HFlb&1x({k; zxVQBth@bByY?xtT_|JYY7D*~<|77GlP5!^-Bm3_iB6t@C3_Rhh)v~@tpNUvK6mn zpLZje4`)o-H+qQRuZ3_I5VX%SZ{O|eR70;CfGisXd=^Z15VaA*p=??1EQ`GE+}O@m za?lr>-tpAd-5gN>o^`-;d-wX>j_6xMponS)Xo_E$)%dgS=h5$;j(#H(Ax+^-B)v~b9wC<`N^4Q8zNd_ChEl4}WIX_G|Hg&q^`STonO%?-z+lXvW=l4+-ennjQ8I)6?Qd~zH*<=WdHrHCcx`9T&`ht^ZaI@G_@W>xMHt$ij-J+ zj(&xd6oYRso&z21I+5U&@N4c5sGw=^+;np4{H0f7H}E>_;i9U+cw623U@`F+RGFxiUvW+0Z#uj5xc^qYghm;MK5m6C_0_mkslCkdmgoAODfo za0M%10$VWvkb+MxzwIa6k#cMH-i;>Q#Qf}-)2~&J~J6p+(?9?ao zjaaD$w@P@-`&l9s+-L??P5Mdc@BnDge8QOzaT2L)7wuxurb11ZQY}JuusLS!?UT zi0No!%gpDlic-!JErUcQ)%;SV$bAs@k|4{cXgE2ksW`h*o5DqBy%aUGMpR(+WHW}0 zRPeI*4yaXUCa)!n=j#$Oem@&`C?`F8cAla5CKa@oGe(Tmx&-lns3Y)sXeyhW_!62*&ntfa-quaWN^#t&rE@a~HDG?9tCS)al#0d1D8KsEB!ZH(@CxE(V;^8IL8tY8OM@pA8doS&A`x1X$|Q|H{p~ z3WnJVmOv>dyjR>Te$jt>vP1&C%q=iOaiypN7G9PARTQGUUv>0Sk?bkE{3SsopYykU zmf9sJ`JuZUwbYK7-f!A6UtJu}{>Tey zQ`#J$IbCm^i3c}?r^p|E>&|8V!e9YShXY5!9%=KM| z#s_I9)EQmJk~(f#0ZKK^IIf7K?j!9zQZ^290z6U;(_~I+>hub6@v=XPpsDO+d%sv^ zCMc~Tifhto?sTp^g7LxMrSD@Kr>d)&aTSU#;6m;UqPi4j7*e6OuBWH^3t!;*j67!< z&?(N0KDi5s<{&p|=QkgO@m;{L#Dwf4ueqYI$F({ z5LDmk`4ZqsCRnBq8fK`?>yIdt?>)M6H(IbCx@GwiqcjM|^5z?*WKfz%;buiK6%HSk zSZ8Q+FA7&EhCRH~fI!=7WVTu6OH($cO3$9-1@US0QnpbQd*_d^SC-`cVxs@IEr!Fr zo;$4SwWLi@i)i_2j@Q{%^XF;((5h#fMcD$;#JmSvNuQ)}9Y^ADh9faQMEgGUj}0B^ zgfy68K1}BI5(H{qx|m4WO-Sg&ei`9UI=iz>58L{7g7qATk5RPqvr$lr3dj2x5iGIs zlV*G{Yh-HWck7*Ny%;aFiHs^%>?Ca=zOf|{pbTLj>PwQ=tu(eWPsX{}{*w+-H6EC< z5Cb~U0`xq+XdEZSg${JtEEF#dMYcS&EI&xtx4Wk0W_$#%sK3hq_Z^cK>{~Y%o*@$6 zxCndet|Dl4{gsL8mz1RU>d1<7Mnh`WHWQY zod(a57OtZVkDO?a##XGxCoUHRrk%XYrQ@6LqdOvsniv@uagL5>*O}k7BHeX#2bo** zhjWekD%OuT_7AYj$Z~~Dh!mq8obMnO-pBbmJ^u2VJ($8OT+M3hhqNd1*+i+8Gvw5- ze(mXS3Mgg1bkV5@nP(!|aI#$v-8#Mb4Z^!{(vH*A2@P1)&VgKc%VpO_yTtZBZ2v^nnv5G~L8|_ltxE3=r^Ca2g8~vIib;MNkv1`cZ)nW}ea+tb0RXomTkVpKy8_`*f z+s}~6?onQVUZ-gW(9iqQ4Gs4HK;p4R-?6(EWAq&DE8hK#E~ut!@MRJ`v}bZD4B?aO zg>2o&c}HfAAU5lHCVwRvoqq3_pqwK;Y#W`*x7xJU4x`so{`5U|Lk6On6c;o0Hx?r? zdeQ@L3O2b&bxm<@mDbJ9;x8s#6FOlyMcK0Jnpu_L3Xct^si1K8p#UoK%VKMu8&^Es zhM;Yd2h>{R!YaMRwB=t~%92gHxBf%c2Iy*sd{O^)(08vpXxtf;sT@dG!IiDWWLg}4 zkBsj$!Kl=aP}z})19rAe1O8cp)HKDI!loY6jgsde)b)C2-?4NO=l351r;JJOC)*q6 zTAaR?L)X6?C%T1x!=<{j(pW^{I7qnUYD%e|Twbf8qxGfS+$rd07nR>UwZ}YDA?LK- z^r|t56Y}Fhe%Zl`iaK8O7G$j|-ZV>f+svj{Gou}IP5_TT`CX-^7q9a( zIe6>M#aB;P<`!#h-!|>kq&v!;o9{QS2!6TsLbF@++RJwPtonBsb<0yB()+%-em`z-%|; z?rPR_t%6xmcY0sVnYBR5%xX{lrTu$T?!Qbq|K#cm^Ud6wwl{9uy}c};|K29on=h9n zR65AaTe)=kRgJ>vr^}AKx_jl#!q`>UterB}2~M*+8TVq7h4SX?FTkK%Xx&%L)@JNo zT;5_HHC<_UuF6_`o_He_~CiR5A1=b zU%bkHw|T=G->Uha-iqwlv$Lk@PC@jp@?_S3i|m)LJ@?aL>$^AXd2eUvCKsu(PyT#e zqw!{)&rg?#7kk@_SEmQEdK$QDhiAB3J$HNYDiZ4FT)$c8Slzh%?GMrsCWYI z<(xQnkLgwV#T7Q|cE>C{`GmddPPIU6D(^}*>$D1~Qa!gl517_}6}V7VYkxRh9;odA zs48V}Fw5G!+6#Cw+kYLQ(rflvEon~0JA>-4$|fHAP-jpref4Qk`KxPR)QaS+fqFg& yLykEDG8q`~_q4!D7#MD_64ja8x14GJ{{QkX&dBtTRIq)C&0MFcL=OTd_fASEhQ1umjA;evD( z5+D$YB1$hxfB*rJ8bUxiAuz#r%{%YA)~xw3-)7E-JZG((=bXLI-sk^2J9%VfaZP|% zoEHE92wXRT*#H3SFjn6i$i@1U`4Xc90EkOmhZ)*NzNAg)RS`P#IaeRlFl04~|GH~q zez8Z>R@l%%PT-1)|o>lO#fTFKOCpYAWd7!dEA?&doC4 z9cFJn!`0xy>ii$nyB>}NX(s*EC~m z0MXy8qf-T66phx2_bM`1f8Ke^e$D{b_3qY;l`WW9S&Z-#YuFFduD!w&bucj8`lp^h z1WAW(B$1CSvrbVHfCYpwf9Oo8$P|7;#Ampl!X`c)N$^Y!qO|T!$I54iS0y-ui3o_~R>{lLb zfzuXmBK(Eu64nKs)j)k8dD(PB;asjKJy6?OJq6!t2)dynuBBn^`gX6Pc6Rvz+2KUl z4gS9HX-9S{mkEOFqu*=Ly~`u*;iCE49MxUnN+7#-L7PACd^;~0cfGIZ+N@9--AIYY zUs-gGxVd39Dwq>@q9Dhg@BKTJV4WD2`!<2B*g?9|46z)QDOHf%1e(wSve`< zM4_drZ;%f;514$b5Hwl=bPSqzCT1CTAY2m+qE}Tl3BZsvt+nv7CP4IQPA#eTYIa$2 zKP45;=U1fId5mFvIuFJJrwOWw_CfpdopM(qC!2?#I5C129Q^_)j(W1J0PYFqh++k^ z0iCK#%_&qdhG#M_G(*|R@U#Z6)>vLibZK|B-tnm=sI6B}`p42>p2_FXJFf*)t47pR zp1)sFL8N-AcfJ8XsW5sP=se32eMYk%)gSd}A{=pMd{)ql^LZ36eGVbv=|$FC3WzV! zNqzP10j+9jv@9+o2wyy3_PyptF(xohGwP>#`|Ce|k?J5jlV@T^CX&4((x-UTEG+uw zxc>_M%(=pD?M_fx7c*+uq?X`*cLr}6zE*{iS zo1?!bvw2Z6Io)3Y)a146>*Em<%CzHFcmtvj_BQN<(0PoFDY7RD4y=M2>KC?fdaC3sDqtz@}YsFxp=U_va0}L!3hq}%Epx7 zUx8T3i~P+pTUK#h7?T0)%MF`nT-5iQiaeH4CT0X&?&9^DGcL^w%_2SxGUD?RF|YQ& zyzL`nlx_sH?&BEGnCLULjpC=#QvF>x7zH^ue4QNQf(Wsx0p3{ZSdOCm7Rr=jhs%d< zWXu-x@%`rFeWueh<}+M2z4i91uzT$%#rIJC{$hLUl(Q7u=|RzFEl>t|uU=zaHa4Ex zu$kg1(6*tgG+Is|M(_bf$1pq=nRrgq+vMPSmn=^B@7H=*6Eo}UUnMowKL{-8eu!E4 z`yVcGTkZ=A1tm)PcptajT{NSOhOdU7Dtu)iOV5?H(SqGd4=RE^Xe64NVRkT3+q-7K zd_>nuZkMP}l9hyTi>r*{mQbONt0I1-{)5Z>xdX5zqq6u@nCv(yDr!X8JiTZBU^4v2-J{= z)~}iPT4gXMt=vVFfWA&CNxh(?<-S&^rp?`70C7HSy&`mu_FSx_q9pKLrIX&WR}F?{*ubyU77n4i^dXslxiiULQFX>E@Jx0*~9_EKZ z-saTG!yGPWyC3-Bm-=xGDWrsfI2W(oY6ggB=R` zgJ3mJ=-##7PC838|9yPl7jb_%^N`>D?6!wY!#LI>xc>aLsE=*%{K8lpaksig6j~`n zM&fr}W7<|t3GnuhjLF$x?!G@AsV%|Ck8gjE%&dRQ)QR{qZk2V4r3YA_0HQLe=|$BJ zS|f0?(~A*;KQ^y%lY_sHUx1^a%63l4M8tp~24l6atVHE(3K=E3IDFn6ig<8$L7vU} zQBmlt_Fw!XeSmJnxYgftUr9rE?-^kfEcH#^OsVLqW}P|0W99`i6b1nb5ij#IKbn2} zwX_(!P!kS)u#dCaxCuN1fe<#1*4g+jcJwXFG~EB#S*T^sxVKcH4|i^ez# zm)w1SwFok;>Hutwr!w|89jZ;`MsDnSze{P%V9mO4@d9YTj}eRRZqVX2GX1=sf)lhS zhuH)Z(K2jLd&Cn8_Et%PUv6_-Jb17ja%6{eI}}z$8vtx%L(F+u2!8eL^N>^_Xe51x zouR`~;B9jH1N6vn%hscD|1GE_H9JqsQR3`*$F#BAB+?|;(_g&x#a(y)$Y2Ac?ubVW zRTOy2l`6ptBR(A|(u*8!8~e6^%lj`NgI9*9l^%UN8$aI=RE`N}FHD*m zQS38m@;|P}k;CUFoG2j&QJb5(r64O)7-Pdb9R*p=X!X5i`hm}32X!Hp<&WF3qkX^j z0krBNQ<{4ALTsw`OYViVwAJrFHtwOK)5J%2>&eg%myQu|s4d{#onx{pfV^%`;Nmcg z6&DMC>U9m_6Dv29IOY5+4L$EU%f0q^E%2DPq?4Zz3SyB)Yi#P>XXc=h4z>4Z;lNHE>(M_!31NXfOv~Wb{H(7oT+$ktQ+hLT%GIegR~H33l(AjR7%~s_m8JjZ`QQQzOJ?KTnd*6pe_I9REu6(m#QX+0Z3u)~MLMjR%#64$o?V zE|MJ5^?b{vVJ4?g+1K5R1*`M2D;pZn01>}!%62%YO7>g%@!zAJl_VHgX z+0}J}9=pg~<^lZpH^TH~KKJtDK0Cs$?fMi?tKV(u*N_%~ z^~}fPinIM>5j?>AGu75BQLG|0j3~ zj?U8hU32qky<*%6w(RxryT5c8uU&ybrsoEHN_FMl>rsEW1UxU$8A6dT_>{4h13mIw zsM$BZq&ov-L}}W}zi(_Q<0M7sdQluy1P%LvXRU)>m^sRNKQ6f`@yCD1=0Cb*XOb!S z+;te8aJ9`@e%`EBQSvy+jKC&ORb#%^hXSq9-sdP)WDKz7ll5vQ4qgqxB@XZD9t14$ znmr^J$iHkCy~3H-`PP+A&zMo-Avop|y>0IRlVXx84gcO9%MVZDEYQ^KUzyvt$or+u zbTuKxN2!=2TMT~X-`%?1p{+Mq>tw`L%QIbXyrZbf}diBiQ|I^pHp}$fk}81y5-~HT&i*9hhFhv`yJ(i zNH|{7{d(luiR6J)(+^L+50?+pT<7+NFN$JILynUaOx}Rb=#=h9e}?Dx!n4+2Q&RRT#%zfv(B@{d&hIJ4LB&Sixl$ax+Y#?R32_0jai7nVBMVmT>xLK?O0zpx|0mR zJANs^zv`csrP7CM9!GUk0X>=ZZZ?o29go@zR&j-u9z}p2dGeSL2nlh+JcNO`%Zv8{e=tN zA`IZ;+A2A-UlK*`vi0_Rr9WY#u{zs@`0^5=6Q2E&ZKmsNTexfB01gs2S)-_oI+0X4maAeD}6 z$b>$>YVaJSK72d4QBXP}=W3)vC7RG6?egO~Kgr3_Z_yPg=0aReGS%IXIArKqr)X54K*4r z&p(Bh0tjA!zVK8#n8b z1ticmx4vO)rEz6I!>QK4{K)lHj1{e5>ie++S@qSYk^rkYGweFxly;ALz~evjCK+3X z+qi9#!{N+m0H+^+c{oV*CE?i|c`U@8A?`+TycM5;c>A?9y#8gN5deBmbrV%O)T0qi zb@Z9psA<}w8;2X%t}r&)+glR|U4f=3r;fW(P6;^aE#H`y?P;eZ86vK%BY7g9Mx$g# zoiIX30H9gzRuOj1#nk-)%Gni0;&4OY*pFdr?2Gv`^K;tE%Y2nxhs~7aO{6Qcbp!dT z+(FeqfExEfM;wgYIn{!Wx&9@ZEbx8$s~sE zIWxBUK0;w?^oaO{t(z|t-HpFxh6?w0>Og{{pNeLprm90c+CqK)I)N<}HhrOM{`}UX zuGuqGrmsipCqeVSEF9erLuW5UM?CBL^inroF;2_+vWc#;a?I6^5FVIK{m4D|YI-b) zjWfD*#0YrIi>;ib#Nu!`0HA&L%P!I&g5XMpp&goy$)PGdu^`9gCk?#~T@x$%DG8oT z6uq%`k~z}9Nj(2>?Yh_U1f|ETYj0PP0xg|FH9ZWMsn*K{y-Py)>-mt7-q{PQxBQ#+ zulDyYzAKn%liLWBim9pDChG@-!vYvB2MZKSamMARVC=k?{QSIX=3^7t z`)XN!!*q`<=S^AX@L|`LY{L*cnbFF(SR-v4kEj&@VapQ{?n=+r5Cf~t>>Lo?ak>fp zbD=k>dEGG$Gywi#EkkQy{`WBhD`<{;v!-bKg;>HDD-l11;$7Fw%7#TU_XOFX2BHgw z)NJ3RgwLhmy~1!uVNfx1M>MD24?fJs{d zbv!U`dKPBE3Cx@gK((c}e&bpTNGT|+dk?OXxh+WD=dN(k?qL)kzLU5kfhRs+In8eEfE0kBq?S>RGE2Vh#?)-v z49pfPKP=MWAUiG$*R+xqQ%NB#J!lkkmRHcK*bb{WO|D^2BT9mgg9%Ks9!~AahZCK( z>eI}m-=z6qODjxcX2^Fx<##6@6${N@ruy9Lqy6M&5Z4i7%+`-k4v!ge4#Vh{oA+B;UARXPG?sf9#l_ZzCbPNgu&$g^o;(p3ZB|8uXYpmndzY;Yx#yA!$l z^-X7{)!oo2b~zOZ_K(TT$Xi1#j2F2+6XSUhPL}iBNpuBGHr?>!97anlA^3OYdD@a@D+qBb4UsszlYawZsR~W&RRqwNk6&wh`k3MOZ?Vc zZyXkENZX%x=dLXqXOE>EmpsYd@h9nB$95OHXKWg(-T-Z(8 z_6K1y;^m=%;8CvnVt^wI@s$Q-TkkV5iy6Meo=4Nn!33OYjLgTgYkJ&q#o51!Id;UI zRJKkI`)o|5A}Y1-P1URFlj6elm$NU~Rf`V44I0lAaf@dY0!YG@wCBQZa#FcAFOmVN z^o)K}Bj6*uNon;vWT2BoPJ<9Fcaf5WQfY`52_K-SmC??|+fquLb>AVuiItmhMT|o%$=!b#TQjHJ4 zEq49rsxG5lq$2jpTc7LRGd+pR+4afr8|1eRl-j7xpQh2snTwqmiQHlLS!WX(p34e9 zpK_oz@EcZrTuslW4Yn9df~z%G(WwU4%qb+y)9PgQj^L>}>5S}~r?NX1`y-fGq|Z&p zTE5o?xXiUnnxdAHBox0lJ4Y0UM0EU$3SFldGLFyW_9^N+jGqcs2Mt`ZZn?SVdiWvQ ztyPKMabP&;pz}%49{zC9q4M_^1)ZKFvq%M`JaMhV9Y$Z(=?D%6{^3Bv+0BtZCGiu- z))`iNe?oe9A7QYl$kDUW7rDAzN#$%z1vfOrVEc~StRKfE{5=#?_w}2M%5TR+ynMS$y9EMS#J9x?v`E+4_N literal 0 HcmV?d00001 diff --git a/2.5/assets/javascripts/bundle.d6c3db9e.min.js b/2.5/assets/javascripts/bundle.d6c3db9e.min.js new file mode 100644 index 000000000..a2ce00edb --- /dev/null +++ b/2.5/assets/javascripts/bundle.d6c3db9e.min.js @@ -0,0 +1,29 @@ +"use strict";(()=>{var aa=Object.create;var wr=Object.defineProperty;var sa=Object.getOwnPropertyDescriptor;var ca=Object.getOwnPropertyNames,kt=Object.getOwnPropertySymbols,fa=Object.getPrototypeOf,Er=Object.prototype.hasOwnProperty,fn=Object.prototype.propertyIsEnumerable;var cn=(e,t,r)=>t in e?wr(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,H=(e,t)=>{for(var r in t||(t={}))Er.call(t,r)&&cn(e,r,t[r]);if(kt)for(var r of kt(t))fn.call(t,r)&&cn(e,r,t[r]);return e};var un=(e,t)=>{var r={};for(var n in e)Er.call(e,n)&&t.indexOf(n)<0&&(r[n]=e[n]);if(e!=null&&kt)for(var n of kt(e))t.indexOf(n)<0&&fn.call(e,n)&&(r[n]=e[n]);return r};var yt=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var ua=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of ca(t))!Er.call(e,o)&&o!==r&&wr(e,o,{get:()=>t[o],enumerable:!(n=sa(t,o))||n.enumerable});return e};var Ye=(e,t,r)=>(r=e!=null?aa(fa(e)):{},ua(t||!e||!e.__esModule?wr(r,"default",{value:e,enumerable:!0}):r,e));var ln=yt((Sr,pn)=>{(function(e,t){typeof Sr=="object"&&typeof pn!="undefined"?t():typeof define=="function"&&define.amd?define(t):t()})(Sr,function(){"use strict";function e(r){var n=!0,o=!1,i=null,s={text:!0,search:!0,url:!0,tel:!0,email:!0,password:!0,number:!0,date:!0,month:!0,week:!0,time:!0,datetime:!0,"datetime-local":!0};function a(_){return!!(_&&_!==document&&_.nodeName!=="HTML"&&_.nodeName!=="BODY"&&"classList"in _&&"contains"in _.classList)}function c(_){var We=_.type,Fe=_.tagName;return!!(Fe==="INPUT"&&s[We]&&!_.readOnly||Fe==="TEXTAREA"&&!_.readOnly||_.isContentEditable)}function f(_){_.classList.contains("focus-visible")||(_.classList.add("focus-visible"),_.setAttribute("data-focus-visible-added",""))}function u(_){!_.hasAttribute("data-focus-visible-added")||(_.classList.remove("focus-visible"),_.removeAttribute("data-focus-visible-added"))}function p(_){_.metaKey||_.altKey||_.ctrlKey||(a(r.activeElement)&&f(r.activeElement),n=!0)}function l(_){n=!1}function d(_){!a(_.target)||(n||c(_.target))&&f(_.target)}function h(_){!a(_.target)||(_.target.classList.contains("focus-visible")||_.target.hasAttribute("data-focus-visible-added"))&&(o=!0,window.clearTimeout(i),i=window.setTimeout(function(){o=!1},100),u(_.target))}function b(_){document.visibilityState==="hidden"&&(o&&(n=!0),U())}function U(){document.addEventListener("mousemove",W),document.addEventListener("mousedown",W),document.addEventListener("mouseup",W),document.addEventListener("pointermove",W),document.addEventListener("pointerdown",W),document.addEventListener("pointerup",W),document.addEventListener("touchmove",W),document.addEventListener("touchstart",W),document.addEventListener("touchend",W)}function G(){document.removeEventListener("mousemove",W),document.removeEventListener("mousedown",W),document.removeEventListener("mouseup",W),document.removeEventListener("pointermove",W),document.removeEventListener("pointerdown",W),document.removeEventListener("pointerup",W),document.removeEventListener("touchmove",W),document.removeEventListener("touchstart",W),document.removeEventListener("touchend",W)}function W(_){_.target.nodeName&&_.target.nodeName.toLowerCase()==="html"||(n=!1,G())}document.addEventListener("keydown",p,!0),document.addEventListener("mousedown",l,!0),document.addEventListener("pointerdown",l,!0),document.addEventListener("touchstart",l,!0),document.addEventListener("visibilitychange",b,!0),U(),r.addEventListener("focus",d,!0),r.addEventListener("blur",h,!0),r.nodeType===Node.DOCUMENT_FRAGMENT_NODE&&r.host?r.host.setAttribute("data-js-focus-visible",""):r.nodeType===Node.DOCUMENT_NODE&&(document.documentElement.classList.add("js-focus-visible"),document.documentElement.setAttribute("data-js-focus-visible",""))}if(typeof window!="undefined"&&typeof document!="undefined"){window.applyFocusVisiblePolyfill=e;var t;try{t=new CustomEvent("focus-visible-polyfill-ready")}catch(r){t=document.createEvent("CustomEvent"),t.initCustomEvent("focus-visible-polyfill-ready",!1,!1,{})}window.dispatchEvent(t)}typeof document!="undefined"&&e(document)})});var mn=yt(Or=>{(function(e){var t=function(){try{return!!Symbol.iterator}catch(f){return!1}},r=t(),n=function(f){var u={next:function(){var p=f.shift();return{done:p===void 0,value:p}}};return r&&(u[Symbol.iterator]=function(){return u}),u},o=function(f){return encodeURIComponent(f).replace(/%20/g,"+")},i=function(f){return decodeURIComponent(String(f).replace(/\+/g," "))},s=function(){var f=function(p){Object.defineProperty(this,"_entries",{writable:!0,value:{}});var l=typeof p;if(l!=="undefined")if(l==="string")p!==""&&this._fromString(p);else if(p instanceof f){var d=this;p.forEach(function(G,W){d.append(W,G)})}else if(p!==null&&l==="object")if(Object.prototype.toString.call(p)==="[object Array]")for(var h=0;hd[0]?1:0}),f._entries&&(f._entries={});for(var p=0;p1?i(d[1]):"")}})})(typeof global!="undefined"?global:typeof window!="undefined"?window:typeof self!="undefined"?self:Or);(function(e){var t=function(){try{var o=new e.URL("b","http://a");return o.pathname="c d",o.href==="http://a/c%20d"&&o.searchParams}catch(i){return!1}},r=function(){var o=e.URL,i=function(c,f){typeof c!="string"&&(c=String(c)),f&&typeof f!="string"&&(f=String(f));var u=document,p;if(f&&(e.location===void 0||f!==e.location.href)){f=f.toLowerCase(),u=document.implementation.createHTMLDocument(""),p=u.createElement("base"),p.href=f,u.head.appendChild(p);try{if(p.href.indexOf(f)!==0)throw new Error(p.href)}catch(_){throw new Error("URL unable to set base "+f+" due to "+_)}}var l=u.createElement("a");l.href=c,p&&(u.body.appendChild(l),l.href=l.href);var d=u.createElement("input");if(d.type="url",d.value=c,l.protocol===":"||!/:/.test(l.href)||!d.checkValidity()&&!f)throw new TypeError("Invalid URL");Object.defineProperty(this,"_anchorElement",{value:l});var h=new e.URLSearchParams(this.search),b=!0,U=!0,G=this;["append","delete","set"].forEach(function(_){var We=h[_];h[_]=function(){We.apply(h,arguments),b&&(U=!1,G.search=h.toString(),U=!0)}}),Object.defineProperty(this,"searchParams",{value:h,enumerable:!0});var W=void 0;Object.defineProperty(this,"_updateSearchParams",{enumerable:!1,configurable:!1,writable:!1,value:function(){this.search!==W&&(W=this.search,U&&(b=!1,this.searchParams._fromString(this.search),b=!0))}})},s=i.prototype,a=function(c){Object.defineProperty(s,c,{get:function(){return this._anchorElement[c]},set:function(f){this._anchorElement[c]=f},enumerable:!0})};["hash","host","hostname","port","protocol"].forEach(function(c){a(c)}),Object.defineProperty(s,"search",{get:function(){return this._anchorElement.search},set:function(c){this._anchorElement.search=c,this._updateSearchParams()},enumerable:!0}),Object.defineProperties(s,{toString:{get:function(){var c=this;return function(){return c.href}}},href:{get:function(){return this._anchorElement.href.replace(/\?$/,"")},set:function(c){this._anchorElement.href=c,this._updateSearchParams()},enumerable:!0},pathname:{get:function(){return this._anchorElement.pathname.replace(/(^\/?)/,"/")},set:function(c){this._anchorElement.pathname=c},enumerable:!0},origin:{get:function(){var c={"http:":80,"https:":443,"ftp:":21}[this._anchorElement.protocol],f=this._anchorElement.port!=c&&this._anchorElement.port!=="";return this._anchorElement.protocol+"//"+this._anchorElement.hostname+(f?":"+this._anchorElement.port:"")},enumerable:!0},password:{get:function(){return""},set:function(c){},enumerable:!0},username:{get:function(){return""},set:function(c){},enumerable:!0}}),i.createObjectURL=function(c){return o.createObjectURL.apply(o,arguments)},i.revokeObjectURL=function(c){return o.revokeObjectURL.apply(o,arguments)},e.URL=i};if(t()||r(),e.location!==void 0&&!("origin"in e.location)){var n=function(){return e.location.protocol+"//"+e.location.hostname+(e.location.port?":"+e.location.port:"")};try{Object.defineProperty(e.location,"origin",{get:n,enumerable:!0})}catch(o){setInterval(function(){e.location.origin=n()},100)}}})(typeof global!="undefined"?global:typeof window!="undefined"?window:typeof self!="undefined"?self:Or)});var Pn=yt((Ks,$t)=>{/*! ***************************************************************************** +Copyright (c) Microsoft Corporation. + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. +***************************************************************************** */var dn,hn,bn,vn,gn,yn,xn,wn,En,Ht,_r,Sn,On,_n,rt,Tn,Mn,Ln,An,Cn,Rn,kn,Hn,Pt;(function(e){var t=typeof global=="object"?global:typeof self=="object"?self:typeof this=="object"?this:{};typeof define=="function"&&define.amd?define("tslib",["exports"],function(n){e(r(t,r(n)))}):typeof $t=="object"&&typeof $t.exports=="object"?e(r(t,r($t.exports))):e(r(t));function r(n,o){return n!==t&&(typeof Object.create=="function"?Object.defineProperty(n,"__esModule",{value:!0}):n.__esModule=!0),function(i,s){return n[i]=o?o(i,s):s}}})(function(e){var t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(n,o){n.__proto__=o}||function(n,o){for(var i in o)Object.prototype.hasOwnProperty.call(o,i)&&(n[i]=o[i])};dn=function(n,o){if(typeof o!="function"&&o!==null)throw new TypeError("Class extends value "+String(o)+" is not a constructor or null");t(n,o);function i(){this.constructor=n}n.prototype=o===null?Object.create(o):(i.prototype=o.prototype,new i)},hn=Object.assign||function(n){for(var o,i=1,s=arguments.length;i=0;u--)(f=n[u])&&(c=(a<3?f(c):a>3?f(o,i,c):f(o,i))||c);return a>3&&c&&Object.defineProperty(o,i,c),c},gn=function(n,o){return function(i,s){o(i,s,n)}},yn=function(n,o){if(typeof Reflect=="object"&&typeof Reflect.metadata=="function")return Reflect.metadata(n,o)},xn=function(n,o,i,s){function a(c){return c instanceof i?c:new i(function(f){f(c)})}return new(i||(i=Promise))(function(c,f){function u(d){try{l(s.next(d))}catch(h){f(h)}}function p(d){try{l(s.throw(d))}catch(h){f(h)}}function l(d){d.done?c(d.value):a(d.value).then(u,p)}l((s=s.apply(n,o||[])).next())})},wn=function(n,o){var i={label:0,sent:function(){if(c[0]&1)throw c[1];return c[1]},trys:[],ops:[]},s,a,c,f;return f={next:u(0),throw:u(1),return:u(2)},typeof Symbol=="function"&&(f[Symbol.iterator]=function(){return this}),f;function u(l){return function(d){return p([l,d])}}function p(l){if(s)throw new TypeError("Generator is already executing.");for(;i;)try{if(s=1,a&&(c=l[0]&2?a.return:l[0]?a.throw||((c=a.return)&&c.call(a),0):a.next)&&!(c=c.call(a,l[1])).done)return c;switch(a=0,c&&(l=[l[0]&2,c.value]),l[0]){case 0:case 1:c=l;break;case 4:return i.label++,{value:l[1],done:!1};case 5:i.label++,a=l[1],l=[0];continue;case 7:l=i.ops.pop(),i.trys.pop();continue;default:if(c=i.trys,!(c=c.length>0&&c[c.length-1])&&(l[0]===6||l[0]===2)){i=0;continue}if(l[0]===3&&(!c||l[1]>c[0]&&l[1]=n.length&&(n=void 0),{value:n&&n[s++],done:!n}}};throw new TypeError(o?"Object is not iterable.":"Symbol.iterator is not defined.")},_r=function(n,o){var i=typeof Symbol=="function"&&n[Symbol.iterator];if(!i)return n;var s=i.call(n),a,c=[],f;try{for(;(o===void 0||o-- >0)&&!(a=s.next()).done;)c.push(a.value)}catch(u){f={error:u}}finally{try{a&&!a.done&&(i=s.return)&&i.call(s)}finally{if(f)throw f.error}}return c},Sn=function(){for(var n=[],o=0;o1||u(b,U)})})}function u(b,U){try{p(s[b](U))}catch(G){h(c[0][3],G)}}function p(b){b.value instanceof rt?Promise.resolve(b.value.v).then(l,d):h(c[0][2],b)}function l(b){u("next",b)}function d(b){u("throw",b)}function h(b,U){b(U),c.shift(),c.length&&u(c[0][0],c[0][1])}},Mn=function(n){var o,i;return o={},s("next"),s("throw",function(a){throw a}),s("return"),o[Symbol.iterator]=function(){return this},o;function s(a,c){o[a]=n[a]?function(f){return(i=!i)?{value:rt(n[a](f)),done:a==="return"}:c?c(f):f}:c}},Ln=function(n){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var o=n[Symbol.asyncIterator],i;return o?o.call(n):(n=typeof Ht=="function"?Ht(n):n[Symbol.iterator](),i={},s("next"),s("throw"),s("return"),i[Symbol.asyncIterator]=function(){return this},i);function s(c){i[c]=n[c]&&function(f){return new Promise(function(u,p){f=n[c](f),a(u,p,f.done,f.value)})}}function a(c,f,u,p){Promise.resolve(p).then(function(l){c({value:l,done:u})},f)}},An=function(n,o){return Object.defineProperty?Object.defineProperty(n,"raw",{value:o}):n.raw=o,n};var r=Object.create?function(n,o){Object.defineProperty(n,"default",{enumerable:!0,value:o})}:function(n,o){n.default=o};Cn=function(n){if(n&&n.__esModule)return n;var o={};if(n!=null)for(var i in n)i!=="default"&&Object.prototype.hasOwnProperty.call(n,i)&&Pt(o,n,i);return r(o,n),o},Rn=function(n){return n&&n.__esModule?n:{default:n}},kn=function(n,o,i,s){if(i==="a"&&!s)throw new TypeError("Private accessor was defined without a getter");if(typeof o=="function"?n!==o||!s:!o.has(n))throw new TypeError("Cannot read private member from an object whose class did not declare it");return i==="m"?s:i==="a"?s.call(n):s?s.value:o.get(n)},Hn=function(n,o,i,s,a){if(s==="m")throw new TypeError("Private method is not writable");if(s==="a"&&!a)throw new TypeError("Private accessor was defined without a setter");if(typeof o=="function"?n!==o||!a:!o.has(n))throw new TypeError("Cannot write private member to an object whose class did not declare it");return s==="a"?a.call(n,i):a?a.value=i:o.set(n,i),i},e("__extends",dn),e("__assign",hn),e("__rest",bn),e("__decorate",vn),e("__param",gn),e("__metadata",yn),e("__awaiter",xn),e("__generator",wn),e("__exportStar",En),e("__createBinding",Pt),e("__values",Ht),e("__read",_r),e("__spread",Sn),e("__spreadArrays",On),e("__spreadArray",_n),e("__await",rt),e("__asyncGenerator",Tn),e("__asyncDelegator",Mn),e("__asyncValues",Ln),e("__makeTemplateObject",An),e("__importStar",Cn),e("__importDefault",Rn),e("__classPrivateFieldGet",kn),e("__classPrivateFieldSet",Hn)})});var Br=yt((At,Yr)=>{/*! + * clipboard.js v2.0.11 + * https://clipboardjs.com/ + * + * Licensed MIT © Zeno Rocha + */(function(t,r){typeof At=="object"&&typeof Yr=="object"?Yr.exports=r():typeof define=="function"&&define.amd?define([],r):typeof At=="object"?At.ClipboardJS=r():t.ClipboardJS=r()})(At,function(){return function(){var e={686:function(n,o,i){"use strict";i.d(o,{default:function(){return ia}});var s=i(279),a=i.n(s),c=i(370),f=i.n(c),u=i(817),p=i.n(u);function l(j){try{return document.execCommand(j)}catch(T){return!1}}var d=function(T){var O=p()(T);return l("cut"),O},h=d;function b(j){var T=document.documentElement.getAttribute("dir")==="rtl",O=document.createElement("textarea");O.style.fontSize="12pt",O.style.border="0",O.style.padding="0",O.style.margin="0",O.style.position="absolute",O.style[T?"right":"left"]="-9999px";var k=window.pageYOffset||document.documentElement.scrollTop;return O.style.top="".concat(k,"px"),O.setAttribute("readonly",""),O.value=j,O}var U=function(T,O){var k=b(T);O.container.appendChild(k);var $=p()(k);return l("copy"),k.remove(),$},G=function(T){var O=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body},k="";return typeof T=="string"?k=U(T,O):T instanceof HTMLInputElement&&!["text","search","url","tel","password"].includes(T==null?void 0:T.type)?k=U(T.value,O):(k=p()(T),l("copy")),k},W=G;function _(j){return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?_=function(O){return typeof O}:_=function(O){return O&&typeof Symbol=="function"&&O.constructor===Symbol&&O!==Symbol.prototype?"symbol":typeof O},_(j)}var We=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},O=T.action,k=O===void 0?"copy":O,$=T.container,q=T.target,Te=T.text;if(k!=="copy"&&k!=="cut")throw new Error('Invalid "action" value, use either "copy" or "cut"');if(q!==void 0)if(q&&_(q)==="object"&&q.nodeType===1){if(k==="copy"&&q.hasAttribute("disabled"))throw new Error('Invalid "target" attribute. Please use "readonly" instead of "disabled" attribute');if(k==="cut"&&(q.hasAttribute("readonly")||q.hasAttribute("disabled")))throw new Error(`Invalid "target" attribute. You can't cut text from elements with "readonly" or "disabled" attributes`)}else throw new Error('Invalid "target" value, use a valid Element');if(Te)return W(Te,{container:$});if(q)return k==="cut"?h(q):W(q,{container:$})},Fe=We;function Pe(j){return typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?Pe=function(O){return typeof O}:Pe=function(O){return O&&typeof Symbol=="function"&&O.constructor===Symbol&&O!==Symbol.prototype?"symbol":typeof O},Pe(j)}function Ji(j,T){if(!(j instanceof T))throw new TypeError("Cannot call a class as a function")}function sn(j,T){for(var O=0;O0&&arguments[0]!==void 0?arguments[0]:{};this.action=typeof $.action=="function"?$.action:this.defaultAction,this.target=typeof $.target=="function"?$.target:this.defaultTarget,this.text=typeof $.text=="function"?$.text:this.defaultText,this.container=Pe($.container)==="object"?$.container:document.body}},{key:"listenClick",value:function($){var q=this;this.listener=f()($,"click",function(Te){return q.onClick(Te)})}},{key:"onClick",value:function($){var q=$.delegateTarget||$.currentTarget,Te=this.action(q)||"copy",Rt=Fe({action:Te,container:this.container,target:this.target(q),text:this.text(q)});this.emit(Rt?"success":"error",{action:Te,text:Rt,trigger:q,clearSelection:function(){q&&q.focus(),window.getSelection().removeAllRanges()}})}},{key:"defaultAction",value:function($){return xr("action",$)}},{key:"defaultTarget",value:function($){var q=xr("target",$);if(q)return document.querySelector(q)}},{key:"defaultText",value:function($){return xr("text",$)}},{key:"destroy",value:function(){this.listener.destroy()}}],[{key:"copy",value:function($){var q=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{container:document.body};return W($,q)}},{key:"cut",value:function($){return h($)}},{key:"isSupported",value:function(){var $=arguments.length>0&&arguments[0]!==void 0?arguments[0]:["copy","cut"],q=typeof $=="string"?[$]:$,Te=!!document.queryCommandSupported;return q.forEach(function(Rt){Te=Te&&!!document.queryCommandSupported(Rt)}),Te}}]),O}(a()),ia=oa},828:function(n){var o=9;if(typeof Element!="undefined"&&!Element.prototype.matches){var i=Element.prototype;i.matches=i.matchesSelector||i.mozMatchesSelector||i.msMatchesSelector||i.oMatchesSelector||i.webkitMatchesSelector}function s(a,c){for(;a&&a.nodeType!==o;){if(typeof a.matches=="function"&&a.matches(c))return a;a=a.parentNode}}n.exports=s},438:function(n,o,i){var s=i(828);function a(u,p,l,d,h){var b=f.apply(this,arguments);return u.addEventListener(l,b,h),{destroy:function(){u.removeEventListener(l,b,h)}}}function c(u,p,l,d,h){return typeof u.addEventListener=="function"?a.apply(null,arguments):typeof l=="function"?a.bind(null,document).apply(null,arguments):(typeof u=="string"&&(u=document.querySelectorAll(u)),Array.prototype.map.call(u,function(b){return a(b,p,l,d,h)}))}function f(u,p,l,d){return function(h){h.delegateTarget=s(h.target,p),h.delegateTarget&&d.call(u,h)}}n.exports=c},879:function(n,o){o.node=function(i){return i!==void 0&&i instanceof HTMLElement&&i.nodeType===1},o.nodeList=function(i){var s=Object.prototype.toString.call(i);return i!==void 0&&(s==="[object NodeList]"||s==="[object HTMLCollection]")&&"length"in i&&(i.length===0||o.node(i[0]))},o.string=function(i){return typeof i=="string"||i instanceof String},o.fn=function(i){var s=Object.prototype.toString.call(i);return s==="[object Function]"}},370:function(n,o,i){var s=i(879),a=i(438);function c(l,d,h){if(!l&&!d&&!h)throw new Error("Missing required arguments");if(!s.string(d))throw new TypeError("Second argument must be a String");if(!s.fn(h))throw new TypeError("Third argument must be a Function");if(s.node(l))return f(l,d,h);if(s.nodeList(l))return u(l,d,h);if(s.string(l))return p(l,d,h);throw new TypeError("First argument must be a String, HTMLElement, HTMLCollection, or NodeList")}function f(l,d,h){return l.addEventListener(d,h),{destroy:function(){l.removeEventListener(d,h)}}}function u(l,d,h){return Array.prototype.forEach.call(l,function(b){b.addEventListener(d,h)}),{destroy:function(){Array.prototype.forEach.call(l,function(b){b.removeEventListener(d,h)})}}}function p(l,d,h){return a(document.body,l,d,h)}n.exports=c},817:function(n){function o(i){var s;if(i.nodeName==="SELECT")i.focus(),s=i.value;else if(i.nodeName==="INPUT"||i.nodeName==="TEXTAREA"){var a=i.hasAttribute("readonly");a||i.setAttribute("readonly",""),i.select(),i.setSelectionRange(0,i.value.length),a||i.removeAttribute("readonly"),s=i.value}else{i.hasAttribute("contenteditable")&&i.focus();var c=window.getSelection(),f=document.createRange();f.selectNodeContents(i),c.removeAllRanges(),c.addRange(f),s=c.toString()}return s}n.exports=o},279:function(n){function o(){}o.prototype={on:function(i,s,a){var c=this.e||(this.e={});return(c[i]||(c[i]=[])).push({fn:s,ctx:a}),this},once:function(i,s,a){var c=this;function f(){c.off(i,f),s.apply(a,arguments)}return f._=s,this.on(i,f,a)},emit:function(i){var s=[].slice.call(arguments,1),a=((this.e||(this.e={}))[i]||[]).slice(),c=0,f=a.length;for(c;c{"use strict";/*! + * escape-html + * Copyright(c) 2012-2013 TJ Holowaychuk + * Copyright(c) 2015 Andreas Lubbe + * Copyright(c) 2015 Tiancheng "Timothy" Gu + * MIT Licensed + */var Ms=/["'&<>]/;Si.exports=Ls;function Ls(e){var t=""+e,r=Ms.exec(t);if(!r)return t;var n,o="",i=0,s=0;for(i=r.index;i0},enumerable:!1,configurable:!0}),t.prototype._trySubscribe=function(r){return this._throwIfClosed(),e.prototype._trySubscribe.call(this,r)},t.prototype._subscribe=function(r){return this._throwIfClosed(),this._checkFinalizedStatuses(r),this._innerSubscribe(r)},t.prototype._innerSubscribe=function(r){var n=this,o=this,i=o.hasError,s=o.isStopped,a=o.observers;return i||s?Tr:(this.currentObservers=null,a.push(r),new $e(function(){n.currentObservers=null,Ue(a,r)}))},t.prototype._checkFinalizedStatuses=function(r){var n=this,o=n.hasError,i=n.thrownError,s=n.isStopped;o?r.error(i):s&&r.complete()},t.prototype.asObservable=function(){var r=new F;return r.source=this,r},t.create=function(r,n){return new Qn(r,n)},t}(F);var Qn=function(e){ne(t,e);function t(r,n){var o=e.call(this)||this;return o.destination=r,o.source=n,o}return t.prototype.next=function(r){var n,o;(o=(n=this.destination)===null||n===void 0?void 0:n.next)===null||o===void 0||o.call(n,r)},t.prototype.error=function(r){var n,o;(o=(n=this.destination)===null||n===void 0?void 0:n.error)===null||o===void 0||o.call(n,r)},t.prototype.complete=function(){var r,n;(n=(r=this.destination)===null||r===void 0?void 0:r.complete)===null||n===void 0||n.call(r)},t.prototype._subscribe=function(r){var n,o;return(o=(n=this.source)===null||n===void 0?void 0:n.subscribe(r))!==null&&o!==void 0?o:Tr},t}(E);var wt={now:function(){return(wt.delegate||Date).now()},delegate:void 0};var Et=function(e){ne(t,e);function t(r,n,o){r===void 0&&(r=1/0),n===void 0&&(n=1/0),o===void 0&&(o=wt);var i=e.call(this)||this;return i._bufferSize=r,i._windowTime=n,i._timestampProvider=o,i._buffer=[],i._infiniteTimeWindow=!0,i._infiniteTimeWindow=n===1/0,i._bufferSize=Math.max(1,r),i._windowTime=Math.max(1,n),i}return t.prototype.next=function(r){var n=this,o=n.isStopped,i=n._buffer,s=n._infiniteTimeWindow,a=n._timestampProvider,c=n._windowTime;o||(i.push(r),!s&&i.push(a.now()+c)),this._trimBuffer(),e.prototype.next.call(this,r)},t.prototype._subscribe=function(r){this._throwIfClosed(),this._trimBuffer();for(var n=this._innerSubscribe(r),o=this,i=o._infiniteTimeWindow,s=o._buffer,a=s.slice(),c=0;c0?e.prototype.requestAsyncId.call(this,r,n,o):(r.actions.push(this),r._scheduled||(r._scheduled=at.requestAnimationFrame(function(){return r.flush(void 0)})))},t.prototype.recycleAsyncId=function(r,n,o){var i;if(o===void 0&&(o=0),o!=null?o>0:this.delay>0)return e.prototype.recycleAsyncId.call(this,r,n,o);var s=r.actions;n!=null&&((i=s[s.length-1])===null||i===void 0?void 0:i.id)!==n&&(at.cancelAnimationFrame(n),r._scheduled=void 0)},t}(zt);var Gn=function(e){ne(t,e);function t(){return e!==null&&e.apply(this,arguments)||this}return t.prototype.flush=function(r){this._active=!0;var n=this._scheduled;this._scheduled=void 0;var o=this.actions,i;r=r||o.shift();do if(i=r.execute(r.state,r.delay))break;while((r=o[0])&&r.id===n&&o.shift());if(this._active=!1,i){for(;(r=o[0])&&r.id===n&&o.shift();)r.unsubscribe();throw i}},t}(Nt);var xe=new Gn(Bn);var R=new F(function(e){return e.complete()});function qt(e){return e&&L(e.schedule)}function Hr(e){return e[e.length-1]}function Ve(e){return L(Hr(e))?e.pop():void 0}function Ee(e){return qt(Hr(e))?e.pop():void 0}function Kt(e,t){return typeof Hr(e)=="number"?e.pop():t}var st=function(e){return e&&typeof e.length=="number"&&typeof e!="function"};function Qt(e){return L(e==null?void 0:e.then)}function Yt(e){return L(e[it])}function Bt(e){return Symbol.asyncIterator&&L(e==null?void 0:e[Symbol.asyncIterator])}function Gt(e){return new TypeError("You provided "+(e!==null&&typeof e=="object"?"an invalid object":"'"+e+"'")+" where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.")}function ya(){return typeof Symbol!="function"||!Symbol.iterator?"@@iterator":Symbol.iterator}var Jt=ya();function Xt(e){return L(e==null?void 0:e[Jt])}function Zt(e){return jn(this,arguments,function(){var r,n,o,i;return It(this,function(s){switch(s.label){case 0:r=e.getReader(),s.label=1;case 1:s.trys.push([1,,9,10]),s.label=2;case 2:return[4,jt(r.read())];case 3:return n=s.sent(),o=n.value,i=n.done,i?[4,jt(void 0)]:[3,5];case 4:return[2,s.sent()];case 5:return[4,jt(o)];case 6:return[4,s.sent()];case 7:return s.sent(),[3,2];case 8:return[3,10];case 9:return r.releaseLock(),[7];case 10:return[2]}})})}function er(e){return L(e==null?void 0:e.getReader)}function z(e){if(e instanceof F)return e;if(e!=null){if(Yt(e))return xa(e);if(st(e))return wa(e);if(Qt(e))return Ea(e);if(Bt(e))return Jn(e);if(Xt(e))return Sa(e);if(er(e))return Oa(e)}throw Gt(e)}function xa(e){return new F(function(t){var r=e[it]();if(L(r.subscribe))return r.subscribe(t);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}function wa(e){return new F(function(t){for(var r=0;r=2,!0))}function ie(e){e===void 0&&(e={});var t=e.connector,r=t===void 0?function(){return new E}:t,n=e.resetOnError,o=n===void 0?!0:n,i=e.resetOnComplete,s=i===void 0?!0:i,a=e.resetOnRefCountZero,c=a===void 0?!0:a;return function(f){var u,p,l,d=0,h=!1,b=!1,U=function(){p==null||p.unsubscribe(),p=void 0},G=function(){U(),u=l=void 0,h=b=!1},W=function(){var _=u;G(),_==null||_.unsubscribe()};return g(function(_,We){d++,!b&&!h&&U();var Fe=l=l!=null?l:r();We.add(function(){d--,d===0&&!b&&!h&&(p=Dr(W,c))}),Fe.subscribe(We),!u&&d>0&&(u=new Ge({next:function(Pe){return Fe.next(Pe)},error:function(Pe){b=!0,U(),p=Dr(G,o,Pe),Fe.error(Pe)},complete:function(){h=!0,U(),p=Dr(G,s),Fe.complete()}}),z(_).subscribe(u))})(f)}}function Dr(e,t){for(var r=[],n=2;ne.next(document)),e}function Q(e,t=document){return Array.from(t.querySelectorAll(e))}function K(e,t=document){let r=pe(e,t);if(typeof r=="undefined")throw new ReferenceError(`Missing element: expected "${e}" to be present`);return r}function pe(e,t=document){return t.querySelector(e)||void 0}function Ie(){return document.activeElement instanceof HTMLElement&&document.activeElement||void 0}function nr(e){return A(v(document.body,"focusin"),v(document.body,"focusout")).pipe(Re(1),m(()=>{let t=Ie();return typeof t!="undefined"?e.contains(t):!1}),N(e===Ie()),B())}function qe(e){return{x:e.offsetLeft,y:e.offsetTop}}function yo(e){return A(v(window,"load"),v(window,"resize")).pipe(Ae(0,xe),m(()=>qe(e)),N(qe(e)))}function or(e){return{x:e.scrollLeft,y:e.scrollTop}}function pt(e){return A(v(e,"scroll"),v(window,"resize")).pipe(Ae(0,xe),m(()=>or(e)),N(or(e)))}var wo=function(){if(typeof Map!="undefined")return Map;function e(t,r){var n=-1;return t.some(function(o,i){return o[0]===r?(n=i,!0):!1}),n}return function(){function t(){this.__entries__=[]}return Object.defineProperty(t.prototype,"size",{get:function(){return this.__entries__.length},enumerable:!0,configurable:!0}),t.prototype.get=function(r){var n=e(this.__entries__,r),o=this.__entries__[n];return o&&o[1]},t.prototype.set=function(r,n){var o=e(this.__entries__,r);~o?this.__entries__[o][1]=n:this.__entries__.push([r,n])},t.prototype.delete=function(r){var n=this.__entries__,o=e(n,r);~o&&n.splice(o,1)},t.prototype.has=function(r){return!!~e(this.__entries__,r)},t.prototype.clear=function(){this.__entries__.splice(0)},t.prototype.forEach=function(r,n){n===void 0&&(n=null);for(var o=0,i=this.__entries__;o0},e.prototype.connect_=function(){!qr||this.connected_||(document.addEventListener("transitionend",this.onTransitionEnd_),window.addEventListener("resize",this.refresh),Ka?(this.mutationsObserver_=new MutationObserver(this.refresh),this.mutationsObserver_.observe(document,{attributes:!0,childList:!0,characterData:!0,subtree:!0})):(document.addEventListener("DOMSubtreeModified",this.refresh),this.mutationEventsAdded_=!0),this.connected_=!0)},e.prototype.disconnect_=function(){!qr||!this.connected_||(document.removeEventListener("transitionend",this.onTransitionEnd_),window.removeEventListener("resize",this.refresh),this.mutationsObserver_&&this.mutationsObserver_.disconnect(),this.mutationEventsAdded_&&document.removeEventListener("DOMSubtreeModified",this.refresh),this.mutationsObserver_=null,this.mutationEventsAdded_=!1,this.connected_=!1)},e.prototype.onTransitionEnd_=function(t){var r=t.propertyName,n=r===void 0?"":r,o=qa.some(function(i){return!!~n.indexOf(i)});o&&this.refresh()},e.getInstance=function(){return this.instance_||(this.instance_=new e),this.instance_},e.instance_=null,e}(),Eo=function(e,t){for(var r=0,n=Object.keys(t);r0},e}(),Oo=typeof WeakMap!="undefined"?new WeakMap:new wo,_o=function(){function e(t){if(!(this instanceof e))throw new TypeError("Cannot call a class as a function.");if(!arguments.length)throw new TypeError("1 argument required, but only 0 present.");var r=Qa.getInstance(),n=new ns(t,r,this);Oo.set(this,n)}return e}();["observe","unobserve","disconnect"].forEach(function(e){_o.prototype[e]=function(){var t;return(t=Oo.get(this))[e].apply(t,arguments)}});var os=function(){return typeof ir.ResizeObserver!="undefined"?ir.ResizeObserver:_o}(),To=os;var Mo=new E,is=P(()=>I(new To(e=>{for(let t of e)Mo.next(t)}))).pipe(S(e=>A(Se,I(e)).pipe(C(()=>e.disconnect()))),X(1));function he(e){return{width:e.offsetWidth,height:e.offsetHeight}}function ve(e){return is.pipe(w(t=>t.observe(e)),S(t=>Mo.pipe(x(({target:r})=>r===e),C(()=>t.unobserve(e)),m(()=>he(e)))),N(he(e)))}function mt(e){return{width:e.scrollWidth,height:e.scrollHeight}}function cr(e){let t=e.parentElement;for(;t&&(e.scrollWidth<=t.scrollWidth&&e.scrollHeight<=t.scrollHeight);)t=(e=t).parentElement;return t?e:void 0}var Lo=new E,as=P(()=>I(new IntersectionObserver(e=>{for(let t of e)Lo.next(t)},{threshold:0}))).pipe(S(e=>A(Se,I(e)).pipe(C(()=>e.disconnect()))),X(1));function fr(e){return as.pipe(w(t=>t.observe(e)),S(t=>Lo.pipe(x(({target:r})=>r===e),C(()=>t.unobserve(e)),m(({isIntersecting:r})=>r))))}function Ao(e,t=16){return pt(e).pipe(m(({y:r})=>{let n=he(e),o=mt(e);return r>=o.height-n.height-t}),B())}var ur={drawer:K("[data-md-toggle=drawer]"),search:K("[data-md-toggle=search]")};function Co(e){return ur[e].checked}function Ke(e,t){ur[e].checked!==t&&ur[e].click()}function dt(e){let t=ur[e];return v(t,"change").pipe(m(()=>t.checked),N(t.checked))}function ss(e,t){switch(e.constructor){case HTMLInputElement:return e.type==="radio"?/^Arrow/.test(t):!0;case HTMLSelectElement:case HTMLTextAreaElement:return!0;default:return e.isContentEditable}}function Ro(){return v(window,"keydown").pipe(x(e=>!(e.metaKey||e.ctrlKey)),m(e=>({mode:Co("search")?"search":"global",type:e.key,claim(){e.preventDefault(),e.stopPropagation()}})),x(({mode:e,type:t})=>{if(e==="global"){let r=Ie();if(typeof r!="undefined")return!ss(r,t)}return!0}),ie())}function Oe(){return new URL(location.href)}function pr(e){location.href=e.href}function ko(){return new E}function Ho(e,t){if(typeof t=="string"||typeof t=="number")e.innerHTML+=t.toString();else if(t instanceof Node)e.appendChild(t);else if(Array.isArray(t))for(let r of t)Ho(e,r)}function M(e,t,...r){let n=document.createElement(e);if(t)for(let o of Object.keys(t))typeof t[o]!="undefined"&&(typeof t[o]!="boolean"?n.setAttribute(o,t[o]):n.setAttribute(o,""));for(let o of r)Ho(n,o);return n}function Po(e,t){let r=t;if(e.length>r){for(;e[r]!==" "&&--r>0;);return`${e.substring(0,r)}...`}return e}function lr(e){if(e>999){let t=+((e-950)%1e3>99);return`${((e+1e-6)/1e3).toFixed(t)}k`}else return e.toString()}function $o(){return location.hash.substring(1)}function Io(e){let t=M("a",{href:e});t.addEventListener("click",r=>r.stopPropagation()),t.click()}function cs(){return v(window,"hashchange").pipe(m($o),N($o()),x(e=>e.length>0),X(1))}function jo(){return cs().pipe(m(e=>pe(`[id="${e}"]`)),x(e=>typeof e!="undefined"))}function Kr(e){let t=matchMedia(e);return rr(r=>t.addListener(()=>r(t.matches))).pipe(N(t.matches))}function Fo(){let e=matchMedia("print");return A(v(window,"beforeprint").pipe(m(()=>!0)),v(window,"afterprint").pipe(m(()=>!1))).pipe(N(e.matches))}function Qr(e,t){return e.pipe(S(r=>r?t():R))}function mr(e,t={credentials:"same-origin"}){return ue(fetch(`${e}`,t)).pipe(ce(()=>R),S(r=>r.status!==200?Ot(()=>new Error(r.statusText)):I(r)))}function je(e,t){return mr(e,t).pipe(S(r=>r.json()),X(1))}function Uo(e,t){let r=new DOMParser;return mr(e,t).pipe(S(n=>n.text()),m(n=>r.parseFromString(n,"text/xml")),X(1))}function Do(e){let t=M("script",{src:e});return P(()=>(document.head.appendChild(t),A(v(t,"load"),v(t,"error").pipe(S(()=>Ot(()=>new ReferenceError(`Invalid script: ${e}`))))).pipe(m(()=>{}),C(()=>document.head.removeChild(t)),oe(1))))}function Wo(){return{x:Math.max(0,scrollX),y:Math.max(0,scrollY)}}function Vo(){return A(v(window,"scroll",{passive:!0}),v(window,"resize",{passive:!0})).pipe(m(Wo),N(Wo()))}function zo(){return{width:innerWidth,height:innerHeight}}function No(){return v(window,"resize",{passive:!0}).pipe(m(zo),N(zo()))}function qo(){return Y([Vo(),No()]).pipe(m(([e,t])=>({offset:e,size:t})),X(1))}function dr(e,{viewport$:t,header$:r}){let n=t.pipe(J("size")),o=Y([n,r]).pipe(m(()=>qe(e)));return Y([r,t,o]).pipe(m(([{height:i},{offset:s,size:a},{x:c,y:f}])=>({offset:{x:s.x-c,y:s.y-f+i},size:a})))}function Ko(e,{tx$:t}){let r=v(e,"message").pipe(m(({data:n})=>n));return t.pipe(Lt(()=>r,{leading:!0,trailing:!0}),w(n=>e.postMessage(n)),S(()=>r),ie())}var fs=K("#__config"),ht=JSON.parse(fs.textContent);ht.base=`${new URL(ht.base,Oe())}`;function le(){return ht}function Z(e){return ht.features.includes(e)}function re(e,t){return typeof t!="undefined"?ht.translations[e].replace("#",t.toString()):ht.translations[e]}function _e(e,t=document){return K(`[data-md-component=${e}]`,t)}function te(e,t=document){return Q(`[data-md-component=${e}]`,t)}function us(e){let t=K(".md-typeset > :first-child",e);return v(t,"click",{once:!0}).pipe(m(()=>K(".md-typeset",e)),m(r=>({hash:__md_hash(r.innerHTML)})))}function Qo(e){return!Z("announce.dismiss")||!e.childElementCount?R:P(()=>{let t=new E;return t.pipe(N({hash:__md_get("__announce")})).subscribe(({hash:r})=>{var n;r&&r===((n=__md_get("__announce"))!=null?n:r)&&(e.hidden=!0,__md_set("__announce",r))}),us(e).pipe(w(r=>t.next(r)),C(()=>t.complete()),m(r=>H({ref:e},r)))})}function ps(e,{target$:t}){return t.pipe(m(r=>({hidden:r!==e})))}function Yo(e,t){let r=new E;return r.subscribe(({hidden:n})=>{e.hidden=n}),ps(e,t).pipe(w(n=>r.next(n)),C(()=>r.complete()),m(n=>H({ref:e},n)))}var ii=Ye(Br());function Gr(e){return M("div",{class:"md-tooltip",id:e},M("div",{class:"md-tooltip__inner md-typeset"}))}function Bo(e,t){if(t=t?`${t}_annotation_${e}`:void 0,t){let r=t?`#${t}`:void 0;return M("aside",{class:"md-annotation",tabIndex:0},Gr(t),M("a",{href:r,class:"md-annotation__index",tabIndex:-1},M("span",{"data-md-annotation-id":e})))}else return M("aside",{class:"md-annotation",tabIndex:0},Gr(t),M("span",{class:"md-annotation__index",tabIndex:-1},M("span",{"data-md-annotation-id":e})))}function Go(e){return M("button",{class:"md-clipboard md-icon",title:re("clipboard.copy"),"data-clipboard-target":`#${e} > code`})}function Jr(e,t){let r=t&2,n=t&1,o=Object.keys(e.terms).filter(a=>!e.terms[a]).reduce((a,c)=>[...a,M("del",null,c)," "],[]).slice(0,-1),i=new URL(e.location);Z("search.highlight")&&i.searchParams.set("h",Object.entries(e.terms).filter(([,a])=>a).reduce((a,[c])=>`${a} ${c}`.trim(),""));let{tags:s}=le();return M("a",{href:`${i}`,class:"md-search-result__link",tabIndex:-1},M("article",{class:["md-search-result__article",...r?["md-search-result__article--document"]:[]].join(" "),"data-md-score":e.score.toFixed(2)},r>0&&M("div",{class:"md-search-result__icon md-icon"}),M("h1",{class:"md-search-result__title"},e.title),n>0&&e.text.length>0&&M("p",{class:"md-search-result__teaser"},Po(e.text,320)),e.tags&&M("div",{class:"md-typeset"},e.tags.map(a=>{let c=a.replace(/<[^>]+>/g,""),f=s?c in s?`md-tag-icon md-tag-icon--${s[c]}`:"md-tag-icon":"";return M("span",{class:`md-tag ${f}`},a)})),n>0&&o.length>0&&M("p",{class:"md-search-result__terms"},re("search.result.term.missing"),": ",...o)))}function Jo(e){let t=e[0].score,r=[...e],n=r.findIndex(f=>!f.location.includes("#")),[o]=r.splice(n,1),i=r.findIndex(f=>f.scoreJr(f,1)),...a.length?[M("details",{class:"md-search-result__more"},M("summary",{tabIndex:-1},a.length>0&&a.length===1?re("search.result.more.one"):re("search.result.more.other",a.length)),...a.map(f=>Jr(f,1)))]:[]];return M("li",{class:"md-search-result__item"},c)}function Xo(e){return M("ul",{class:"md-source__facts"},Object.entries(e).map(([t,r])=>M("li",{class:`md-source__fact md-source__fact--${t}`},typeof r=="number"?lr(r):r)))}function Xr(e){let t=`tabbed-control tabbed-control--${e}`;return M("div",{class:t,hidden:!0},M("button",{class:"tabbed-button",tabIndex:-1}))}function Zo(e){return M("div",{class:"md-typeset__scrollwrap"},M("div",{class:"md-typeset__table"},e))}function ls(e){let t=le(),r=new URL(`../${e.version}/`,t.base);return M("li",{class:"md-version__item"},M("a",{href:`${r}`,class:"md-version__link"},e.title))}function ei(e,t){return M("div",{class:"md-version"},M("button",{class:"md-version__current","aria-label":re("select.version.title")},t.title),M("ul",{class:"md-version__list"},e.map(ls)))}function ms(e,t){let r=P(()=>Y([yo(e),pt(t)])).pipe(m(([{x:n,y:o},i])=>{let{width:s,height:a}=he(e);return{x:n-i.x+s/2,y:o-i.y+a/2}}));return nr(e).pipe(S(n=>r.pipe(m(o=>({active:n,offset:o})),oe(+!n||1/0))))}function ti(e,t,{target$:r}){let[n,o]=Array.from(e.children);return P(()=>{let i=new E,s=i.pipe(de(1));return i.subscribe({next({offset:a}){e.style.setProperty("--md-tooltip-x",`${a.x}px`),e.style.setProperty("--md-tooltip-y",`${a.y}px`)},complete(){e.style.removeProperty("--md-tooltip-x"),e.style.removeProperty("--md-tooltip-y")}}),fr(e).pipe(ee(s)).subscribe(a=>{e.toggleAttribute("data-md-visible",a)}),A(i.pipe(x(({active:a})=>a)),i.pipe(Re(250),x(({active:a})=>!a))).subscribe({next({active:a}){a?e.prepend(n):n.remove()},complete(){e.prepend(n)}}),i.pipe(Ae(16,xe)).subscribe(({active:a})=>{n.classList.toggle("md-tooltip--active",a)}),i.pipe(zr(125,xe),x(()=>!!e.offsetParent),m(()=>e.offsetParent.getBoundingClientRect()),m(({x:a})=>a)).subscribe({next(a){a?e.style.setProperty("--md-tooltip-0",`${-a}px`):e.style.removeProperty("--md-tooltip-0")},complete(){e.style.removeProperty("--md-tooltip-0")}}),v(o,"click").pipe(ee(s),x(a=>!(a.metaKey||a.ctrlKey))).subscribe(a=>a.preventDefault()),v(o,"mousedown").pipe(ee(s),ae(i)).subscribe(([a,{active:c}])=>{var f;if(a.button!==0||a.metaKey||a.ctrlKey)a.preventDefault();else if(c){a.preventDefault();let u=e.parentElement.closest(".md-annotation");u instanceof HTMLElement?u.focus():(f=Ie())==null||f.blur()}}),r.pipe(ee(s),x(a=>a===n),ke(125)).subscribe(()=>e.focus()),ms(e,t).pipe(w(a=>i.next(a)),C(()=>i.complete()),m(a=>H({ref:e},a)))})}function ds(e){let t=[];for(let r of Q(".c, .c1, .cm",e)){let n=[],o=document.createNodeIterator(r,NodeFilter.SHOW_TEXT);for(let i=o.nextNode();i;i=o.nextNode())n.push(i);for(let i of n){let s;for(;s=/(\(\d+\))(!)?/.exec(i.textContent);){let[,a,c]=s;if(typeof c=="undefined"){let f=i.splitText(s.index);i=f.splitText(a.length),t.push(f)}else{i.textContent=a,t.push(i);break}}}}return t}function ri(e,t){t.append(...Array.from(e.childNodes))}function ni(e,t,{target$:r,print$:n}){let o=t.closest("[id]"),i=o==null?void 0:o.id,s=new Map;for(let a of ds(t)){let[,c]=a.textContent.match(/\((\d+)\)/);pe(`li:nth-child(${c})`,e)&&(s.set(c,Bo(c,i)),a.replaceWith(s.get(c)))}return s.size===0?R:P(()=>{let a=new E,c=[];for(let[f,u]of s)c.push([K(".md-typeset",u),K(`li:nth-child(${f})`,e)]);return n.pipe(ee(a.pipe(de(1)))).subscribe(f=>{e.hidden=!f;for(let[u,p]of c)f?ri(u,p):ri(p,u)}),A(...[...s].map(([,f])=>ti(f,t,{target$:r}))).pipe(C(()=>a.complete()),ie())})}var hs=0;function ai(e){if(e.nextElementSibling){let t=e.nextElementSibling;if(t.tagName==="OL")return t;if(t.tagName==="P"&&!t.children.length)return ai(t)}}function oi(e){return ve(e).pipe(m(({width:t})=>({scrollable:mt(e).width>t})),J("scrollable"))}function si(e,t){let{matches:r}=matchMedia("(hover)"),n=P(()=>{let o=new E;if(o.subscribe(({scrollable:s})=>{s&&r?e.setAttribute("tabindex","0"):e.removeAttribute("tabindex")}),ii.default.isSupported()){let s=e.closest("pre");s.id=`__code_${++hs}`,s.insertBefore(Go(s.id),e)}let i=e.closest(".highlight");if(i instanceof HTMLElement){let s=ai(i);if(typeof s!="undefined"&&(i.classList.contains("annotate")||Z("content.code.annotate"))){let a=ni(s,e,t);return oi(e).pipe(w(c=>o.next(c)),C(()=>o.complete()),m(c=>H({ref:e},c)),et(ve(i).pipe(m(({width:c,height:f})=>c&&f),B(),S(c=>c?a:R))))}}return oi(e).pipe(w(s=>o.next(s)),C(()=>o.complete()),m(s=>H({ref:e},s)))});return Z("content.lazy")?fr(e).pipe(x(o=>o),oe(1),S(()=>n)):n}var ci=".node circle,.node ellipse,.node path,.node polygon,.node rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}marker{fill:var(--md-mermaid-edge-color)!important}.edgeLabel .label rect{fill:transparent}.label{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.label foreignObject{line-height:normal;overflow:visible}.label div .edgeLabel{color:var(--md-mermaid-label-fg-color)}.edgeLabel,.edgeLabel rect,.label div .edgeLabel{background-color:var(--md-mermaid-label-bg-color)}.edgeLabel,.edgeLabel rect{fill:var(--md-mermaid-label-bg-color);color:var(--md-mermaid-edge-color)}.edgePath .path,.flowchart-link{stroke:var(--md-mermaid-edge-color)}.edgePath .arrowheadPath{fill:var(--md-mermaid-edge-color);stroke:none}.cluster rect{fill:var(--md-default-fg-color--lightest);stroke:var(--md-default-fg-color--lighter)}.cluster span{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}defs #flowchart-circleEnd,defs #flowchart-circleStart,defs #flowchart-crossEnd,defs #flowchart-crossStart,defs #flowchart-pointEnd,defs #flowchart-pointStart{stroke:none}g.classGroup line,g.classGroup rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}g.classGroup text{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.classLabel .box{fill:var(--md-mermaid-label-bg-color);background-color:var(--md-mermaid-label-bg-color);opacity:1}.classLabel .label{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.node .divider{stroke:var(--md-mermaid-node-fg-color)}.relation{stroke:var(--md-mermaid-edge-color)}.cardinality{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.cardinality text{fill:inherit!important}defs #classDiagram-compositionEnd,defs #classDiagram-compositionStart,defs #classDiagram-dependencyEnd,defs #classDiagram-dependencyStart,defs #classDiagram-extensionEnd,defs #classDiagram-extensionStart{fill:var(--md-mermaid-edge-color)!important;stroke:var(--md-mermaid-edge-color)!important}defs #classDiagram-aggregationEnd,defs #classDiagram-aggregationStart{fill:var(--md-mermaid-label-bg-color)!important;stroke:var(--md-mermaid-edge-color)!important}g.stateGroup rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}g.stateGroup .state-title{fill:var(--md-mermaid-label-fg-color)!important;font-family:var(--md-mermaid-font-family)}g.stateGroup .composit{fill:var(--md-mermaid-label-bg-color)}.nodeLabel{color:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.node circle.state-end,.node circle.state-start,.start-state{fill:var(--md-mermaid-edge-color);stroke:none}.end-state-inner,.end-state-outer{fill:var(--md-mermaid-edge-color)}.end-state-inner,.node circle.state-end{stroke:var(--md-mermaid-label-bg-color)}.transition{stroke:var(--md-mermaid-edge-color)}[id^=state-fork] rect,[id^=state-join] rect{fill:var(--md-mermaid-edge-color)!important;stroke:none!important}.statediagram-cluster.statediagram-cluster .inner{fill:var(--md-default-bg-color)}.statediagram-cluster rect{fill:var(--md-mermaid-node-bg-color);stroke:var(--md-mermaid-node-fg-color)}.statediagram-state rect.divider{fill:var(--md-default-fg-color--lightest);stroke:var(--md-default-fg-color--lighter)}defs #statediagram-barbEnd{stroke:var(--md-mermaid-edge-color)}.entityBox{fill:var(--md-mermaid-label-bg-color);stroke:var(--md-mermaid-node-fg-color)}.entityLabel{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}.relationshipLabelBox{fill:var(--md-mermaid-label-bg-color);fill-opacity:1;background-color:var(--md-mermaid-label-bg-color);opacity:1}.relationshipLabel{fill:var(--md-mermaid-label-fg-color)}.relationshipLine{stroke:var(--md-mermaid-edge-color)}defs #ONE_OR_MORE_END *,defs #ONE_OR_MORE_START *,defs #ONLY_ONE_END *,defs #ONLY_ONE_START *,defs #ZERO_OR_MORE_END *,defs #ZERO_OR_MORE_START *,defs #ZERO_OR_ONE_END *,defs #ZERO_OR_ONE_START *{stroke:var(--md-mermaid-edge-color)!important}.actor,defs #ZERO_OR_MORE_END circle,defs #ZERO_OR_MORE_START circle{fill:var(--md-mermaid-label-bg-color)}.actor{stroke:var(--md-mermaid-node-fg-color)}text.actor>tspan{fill:var(--md-mermaid-label-fg-color);font-family:var(--md-mermaid-font-family)}line{stroke:var(--md-default-fg-color--lighter)}.messageLine0,.messageLine1{stroke:var(--md-mermaid-edge-color)}.loopText>tspan,.messageText,.noteText>tspan{fill:var(--md-mermaid-edge-color);stroke:none;font-family:var(--md-mermaid-font-family)!important}.noteText>tspan{fill:#000}#arrowhead path{fill:var(--md-mermaid-edge-color);stroke:none}.loopLine{stroke:var(--md-mermaid-node-fg-color)}.labelBox,.loopLine{fill:var(--md-mermaid-node-bg-color)}.labelBox{stroke:none}.labelText,.labelText>span{fill:var(--md-mermaid-node-fg-color);font-family:var(--md-mermaid-font-family)}";var Zr,vs=0;function gs(){return typeof mermaid=="undefined"||mermaid instanceof Element?Do("https://unpkg.com/mermaid@9.1.7/dist/mermaid.min.js"):I(void 0)}function fi(e){return e.classList.remove("mermaid"),Zr||(Zr=gs().pipe(w(()=>mermaid.initialize({startOnLoad:!1,themeCSS:ci,sequence:{actorFontSize:"16px",messageFontSize:"16px",noteFontSize:"16px"}})),m(()=>{}),X(1))),Zr.subscribe(()=>{e.classList.add("mermaid");let t=`__mermaid_${vs++}`,r=M("div",{class:"mermaid"});mermaid.mermaidAPI.render(t,e.textContent,n=>{let o=r.attachShadow({mode:"closed"});o.innerHTML=n,e.replaceWith(r)})}),Zr.pipe(m(()=>({ref:e})))}function ys(e,{target$:t,print$:r}){let n=!0;return A(t.pipe(m(o=>o.closest("details:not([open])")),x(o=>e===o),m(()=>({action:"open",reveal:!0}))),r.pipe(x(o=>o||!n),w(()=>n=e.open),m(o=>({action:o?"open":"close"}))))}function ui(e,t){return P(()=>{let r=new E;return r.subscribe(({action:n,reveal:o})=>{e.toggleAttribute("open",n==="open"),o&&e.scrollIntoView()}),ys(e,t).pipe(w(n=>r.next(n)),C(()=>r.complete()),m(n=>H({ref:e},n)))})}var pi=M("table");function li(e){return e.replaceWith(pi),pi.replaceWith(Zo(e)),I({ref:e})}function xs(e){let t=Q(":scope > input",e),r=t.find(n=>n.checked)||t[0];return A(...t.map(n=>v(n,"change").pipe(m(()=>K(`label[for="${n.id}"]`))))).pipe(N(K(`label[for="${r.id}"]`)),m(n=>({active:n})))}function mi(e,{viewport$:t}){let r=Xr("prev");e.append(r);let n=Xr("next");e.append(n);let o=K(".tabbed-labels",e);return P(()=>{let i=new E,s=i.pipe(de(1));return Y([i,ve(e)]).pipe(Ae(1,xe),ee(s)).subscribe({next([{active:a},c]){let f=qe(a),{width:u}=he(a);e.style.setProperty("--md-indicator-x",`${f.x}px`),e.style.setProperty("--md-indicator-width",`${u}px`);let p=or(o);(f.xp.x+c.width)&&o.scrollTo({left:Math.max(0,f.x-16),behavior:"smooth"})},complete(){e.style.removeProperty("--md-indicator-x"),e.style.removeProperty("--md-indicator-width")}}),Y([pt(o),ve(o)]).pipe(ee(s)).subscribe(([a,c])=>{let f=mt(o);r.hidden=a.x<16,n.hidden=a.x>f.width-c.width-16}),A(v(r,"click").pipe(m(()=>-1)),v(n,"click").pipe(m(()=>1))).pipe(ee(s)).subscribe(a=>{let{width:c}=he(o);o.scrollBy({left:c*a,behavior:"smooth"})}),Z("content.tabs.link")&&i.pipe(He(1),ae(t)).subscribe(([{active:a},{offset:c}])=>{let f=a.innerText.trim();if(a.hasAttribute("data-md-switching"))a.removeAttribute("data-md-switching");else{let u=e.offsetTop-c.y;for(let l of Q("[data-tabs]"))for(let d of Q(":scope > input",l)){let h=K(`label[for="${d.id}"]`);if(h!==a&&h.innerText.trim()===f){h.setAttribute("data-md-switching",""),d.click();break}}window.scrollTo({top:e.offsetTop-u});let p=__md_get("__tabs")||[];__md_set("__tabs",[...new Set([f,...p])])}}),xs(e).pipe(w(a=>i.next(a)),C(()=>i.complete()),m(a=>H({ref:e},a)))}).pipe(Je(fe))}function di(e,{viewport$:t,target$:r,print$:n}){return A(...Q("pre:not(.mermaid) > code",e).map(o=>si(o,{target$:r,print$:n})),...Q("pre.mermaid",e).map(o=>fi(o)),...Q("table:not([class])",e).map(o=>li(o)),...Q("details",e).map(o=>ui(o,{target$:r,print$:n})),...Q("[data-tabs]",e).map(o=>mi(o,{viewport$:t})))}function ws(e,{alert$:t}){return t.pipe(S(r=>A(I(!0),I(!1).pipe(ke(2e3))).pipe(m(n=>({message:r,active:n})))))}function hi(e,t){let r=K(".md-typeset",e);return P(()=>{let n=new E;return n.subscribe(({message:o,active:i})=>{e.classList.toggle("md-dialog--active",i),r.textContent=o}),ws(e,t).pipe(w(o=>n.next(o)),C(()=>n.complete()),m(o=>H({ref:e},o)))})}function Es({viewport$:e}){if(!Z("header.autohide"))return I(!1);let t=e.pipe(m(({offset:{y:o}})=>o),Ce(2,1),m(([o,i])=>[oMath.abs(i-o.y)>100),m(([,[o]])=>o),B()),n=dt("search");return Y([e,n]).pipe(m(([{offset:o},i])=>o.y>400&&!i),B(),S(o=>o?r:I(!1)),N(!1))}function bi(e,t){return P(()=>Y([ve(e),Es(t)])).pipe(m(([{height:r},n])=>({height:r,hidden:n})),B((r,n)=>r.height===n.height&&r.hidden===n.hidden),X(1))}function vi(e,{header$:t,main$:r}){return P(()=>{let n=new E,o=n.pipe(de(1));return n.pipe(J("active"),Ze(t)).subscribe(([{active:i},{hidden:s}])=>{e.classList.toggle("md-header--shadow",i&&!s),e.hidden=s}),r.subscribe(n),t.pipe(ee(o),m(i=>H({ref:e},i)))})}function Ss(e,{viewport$:t,header$:r}){return dr(e,{viewport$:t,header$:r}).pipe(m(({offset:{y:n}})=>{let{height:o}=he(e);return{active:n>=o}}),J("active"))}function gi(e,t){return P(()=>{let r=new E;r.subscribe(({active:o})=>{e.classList.toggle("md-header__title--active",o)});let n=pe("article h1");return typeof n=="undefined"?R:Ss(n,t).pipe(w(o=>r.next(o)),C(()=>r.complete()),m(o=>H({ref:e},o)))})}function yi(e,{viewport$:t,header$:r}){let n=r.pipe(m(({height:i})=>i),B()),o=n.pipe(S(()=>ve(e).pipe(m(({height:i})=>({top:e.offsetTop,bottom:e.offsetTop+i})),J("bottom"))));return Y([n,o,t]).pipe(m(([i,{top:s,bottom:a},{offset:{y:c},size:{height:f}}])=>(f=Math.max(0,f-Math.max(0,s-c,i)-Math.max(0,f+c-a)),{offset:s-i,height:f,active:s-i<=c})),B((i,s)=>i.offset===s.offset&&i.height===s.height&&i.active===s.active))}function Os(e){let t=__md_get("__palette")||{index:e.findIndex(r=>matchMedia(r.getAttribute("data-md-color-media")).matches)};return I(...e).pipe(se(r=>v(r,"change").pipe(m(()=>r))),N(e[Math.max(0,t.index)]),m(r=>({index:e.indexOf(r),color:{scheme:r.getAttribute("data-md-color-scheme"),primary:r.getAttribute("data-md-color-primary"),accent:r.getAttribute("data-md-color-accent")}})),X(1))}function xi(e){return P(()=>{let t=new E;t.subscribe(n=>{document.body.setAttribute("data-md-color-switching","");for(let[o,i]of Object.entries(n.color))document.body.setAttribute(`data-md-color-${o}`,i);for(let o=0;o{document.body.removeAttribute("data-md-color-switching")});let r=Q("input",e);return Os(r).pipe(w(n=>t.next(n)),C(()=>t.complete()),m(n=>H({ref:e},n)))})}var en=Ye(Br());function _s(e){e.setAttribute("data-md-copying","");let t=e.innerText;return e.removeAttribute("data-md-copying"),t}function wi({alert$:e}){en.default.isSupported()&&new F(t=>{new en.default("[data-clipboard-target], [data-clipboard-text]",{text:r=>r.getAttribute("data-clipboard-text")||_s(K(r.getAttribute("data-clipboard-target")))}).on("success",r=>t.next(r))}).pipe(w(t=>{t.trigger.focus()}),m(()=>re("clipboard.copied"))).subscribe(e)}function Ts(e){if(e.length<2)return[""];let[t,r]=[...e].sort((o,i)=>o.length-i.length).map(o=>o.replace(/[^/]+$/,"")),n=0;if(t===r)n=t.length;else for(;t.charCodeAt(n)===r.charCodeAt(n);)n++;return e.map(o=>o.replace(t.slice(0,n),""))}function hr(e){let t=__md_get("__sitemap",sessionStorage,e);if(t)return I(t);{let r=le();return Uo(new URL("sitemap.xml",e||r.base)).pipe(m(n=>Ts(Q("loc",n).map(o=>o.textContent))),ce(()=>R),De([]),w(n=>__md_set("__sitemap",n,sessionStorage,e)))}}function Ei({document$:e,location$:t,viewport$:r}){let n=le();if(location.protocol==="file:")return;"scrollRestoration"in history&&(history.scrollRestoration="manual",v(window,"beforeunload").subscribe(()=>{history.scrollRestoration="auto"}));let o=pe("link[rel=icon]");typeof o!="undefined"&&(o.href=o.href);let i=hr().pipe(m(f=>f.map(u=>`${new URL(u,n.base)}`)),S(f=>v(document.body,"click").pipe(x(u=>!u.metaKey&&!u.ctrlKey),S(u=>{if(u.target instanceof Element){let p=u.target.closest("a");if(p&&!p.target){let l=new URL(p.href);if(l.search="",l.hash="",l.pathname!==location.pathname&&f.includes(l.toString()))return u.preventDefault(),I({url:new URL(p.href)})}}return Se}))),ie()),s=v(window,"popstate").pipe(x(f=>f.state!==null),m(f=>({url:new URL(location.href),offset:f.state})),ie());A(i,s).pipe(B((f,u)=>f.url.href===u.url.href),m(({url:f})=>f)).subscribe(t);let a=t.pipe(J("pathname"),S(f=>mr(f.href).pipe(ce(()=>(pr(f),Se)))),ie());i.pipe(ut(a)).subscribe(({url:f})=>{history.pushState({},"",`${f}`)});let c=new DOMParser;a.pipe(S(f=>f.text()),m(f=>c.parseFromString(f,"text/html"))).subscribe(e),e.pipe(He(1)).subscribe(f=>{for(let u of["title","link[rel=canonical]","meta[name=author]","meta[name=description]","[data-md-component=announce]","[data-md-component=container]","[data-md-component=header-topic]","[data-md-component=outdated]","[data-md-component=logo]","[data-md-component=skip]",...Z("navigation.tabs.sticky")?["[data-md-component=tabs]"]:[]]){let p=pe(u),l=pe(u,f);typeof p!="undefined"&&typeof l!="undefined"&&p.replaceWith(l)}}),e.pipe(He(1),m(()=>_e("container")),S(f=>Q("script",f)),Ir(f=>{let u=M("script");if(f.src){for(let p of f.getAttributeNames())u.setAttribute(p,f.getAttribute(p));return f.replaceWith(u),new F(p=>{u.onload=()=>p.complete()})}else return u.textContent=f.textContent,f.replaceWith(u),R})).subscribe(),A(i,s).pipe(ut(e)).subscribe(({url:f,offset:u})=>{f.hash&&!u?Io(f.hash):window.scrollTo(0,(u==null?void 0:u.y)||0)}),r.pipe(Mt(i),Re(250),J("offset")).subscribe(({offset:f})=>{history.replaceState(f,"")}),A(i,s).pipe(Ce(2,1),x(([f,u])=>f.url.pathname===u.url.pathname),m(([,f])=>f)).subscribe(({offset:f})=>{window.scrollTo(0,(f==null?void 0:f.y)||0)})}var As=Ye(tn());var Oi=Ye(tn());function rn(e,t){let r=new RegExp(e.separator,"img"),n=(o,i,s)=>`${i}${s}`;return o=>{o=o.replace(/[\s*+\-:~^]+/g," ").trim();let i=new RegExp(`(^|${e.separator})(${o.replace(/[|\\{}()[\]^$+*?.-]/g,"\\$&").replace(r,"|")})`,"img");return s=>(t?(0,Oi.default)(s):s).replace(i,n).replace(/<\/mark>(\s+)]*>/img,"$1")}}function _i(e){return e.split(/"([^"]+)"/g).map((t,r)=>r&1?t.replace(/^\b|^(?![^\x00-\x7F]|$)|\s+/g," +"):t).join("").replace(/"|(?:^|\s+)[*+\-:^~]+(?=\s+|$)/g,"").trim()}function bt(e){return e.type===1}function Ti(e){return e.type===2}function vt(e){return e.type===3}function Rs({config:e,docs:t}){e.lang.length===1&&e.lang[0]==="en"&&(e.lang=[re("search.config.lang")]),e.separator==="[\\s\\-]+"&&(e.separator=re("search.config.separator"));let n={pipeline:re("search.config.pipeline").split(/\s*,\s*/).filter(Boolean),suggestions:Z("search.suggest")};return{config:e,docs:t,options:n}}function Mi(e,t){let r=le(),n=new Worker(e),o=new E,i=Ko(n,{tx$:o}).pipe(m(s=>{if(vt(s))for(let a of s.data.items)for(let c of a)c.location=`${new URL(c.location,r.base)}`;return s}),ie());return ue(t).pipe(m(s=>({type:0,data:Rs(s)}))).subscribe(o.next.bind(o)),{tx$:o,rx$:i}}function Li({document$:e}){let t=le(),r=je(new URL("../versions.json",t.base)).pipe(ce(()=>R)),n=r.pipe(m(o=>{let[,i]=t.base.match(/([^/]+)\/?$/);return o.find(({version:s,aliases:a})=>s===i||a.includes(i))||o[0]}));r.pipe(m(o=>new Map(o.map(i=>[`${new URL(`../${i.version}/`,t.base)}`,i]))),S(o=>v(document.body,"click").pipe(x(i=>!i.metaKey&&!i.ctrlKey),ae(n),S(([i,s])=>{if(i.target instanceof Element){let a=i.target.closest("a");if(a&&!a.target&&o.has(a.href)){let c=a.href;return!i.target.closest(".md-version")&&o.get(c)===s?R:(i.preventDefault(),I(c))}}return R}),S(i=>{let{version:s}=o.get(i);return hr(new URL(i)).pipe(m(a=>{let f=Oe().href.replace(t.base,"");return a.includes(f.split("#")[0])?new URL(`../${s}/${f}`,t.base):new URL(i)}))})))).subscribe(o=>pr(o)),Y([r,n]).subscribe(([o,i])=>{K(".md-header__topic").appendChild(ei(o,i))}),e.pipe(S(()=>n)).subscribe(o=>{var s;let i=__md_get("__outdated",sessionStorage);if(i===null){let a=((s=t.version)==null?void 0:s.default)||"latest";i=!o.aliases.includes(a),__md_set("__outdated",i,sessionStorage)}if(i)for(let a of te("outdated"))a.hidden=!1})}function ks(e,{rx$:t}){let r=(__search==null?void 0:__search.transform)||_i,{searchParams:n}=Oe();n.has("q")&&Ke("search",!0);let o=t.pipe(x(bt),oe(1),m(()=>n.get("q")||""));dt("search").pipe(x(a=>!a),oe(1)).subscribe(()=>{let a=new URL(location.href);a.searchParams.delete("q"),history.replaceState({},"",`${a}`)}),o.subscribe(a=>{a&&(e.value=a,e.focus())});let i=nr(e),s=A(v(e,"keyup"),v(e,"focus").pipe(ke(1)),o).pipe(m(()=>r(e.value)),N(""),B());return Y([s,i]).pipe(m(([a,c])=>({value:a,focus:c})),X(1))}function Ai(e,{tx$:t,rx$:r}){let n=new E,o=n.pipe(de(1));return n.pipe(J("value"),m(({value:i})=>({type:2,data:i}))).subscribe(t.next.bind(t)),n.pipe(J("focus")).subscribe(({focus:i})=>{i?(Ke("search",i),e.placeholder=""):e.placeholder=re("search.placeholder")}),v(e.form,"reset").pipe(ee(o)).subscribe(()=>e.focus()),ks(e,{tx$:t,rx$:r}).pipe(w(i=>n.next(i)),C(()=>n.complete()),m(i=>H({ref:e},i)),ie())}function Ci(e,{rx$:t},{query$:r}){let n=new E,o=Ao(e.parentElement).pipe(x(Boolean)),i=K(":scope > :first-child",e),s=K(":scope > :last-child",e),a=t.pipe(x(bt),oe(1));return n.pipe(ae(r),Mt(a)).subscribe(([{items:f},{value:u}])=>{if(u)switch(f.length){case 0:i.textContent=re("search.result.none");break;case 1:i.textContent=re("search.result.one");break;default:i.textContent=re("search.result.other",lr(f.length))}else i.textContent=re("search.result.placeholder")}),n.pipe(w(()=>s.innerHTML=""),S(({items:f})=>A(I(...f.slice(0,10)),I(...f.slice(10)).pipe(Ce(4),Nr(o),S(([u])=>u))))).subscribe(f=>s.appendChild(Jo(f))),t.pipe(x(vt),m(({data:f})=>f)).pipe(w(f=>n.next(f)),C(()=>n.complete()),m(f=>H({ref:e},f)))}function Hs(e,{query$:t}){return t.pipe(m(({value:r})=>{let n=Oe();return n.hash="",n.searchParams.delete("h"),n.searchParams.set("q",r),{url:n}}))}function Ri(e,t){let r=new E;return r.subscribe(({url:n})=>{e.setAttribute("data-clipboard-text",e.href),e.href=`${n}`}),v(e,"click").subscribe(n=>n.preventDefault()),Hs(e,t).pipe(w(n=>r.next(n)),C(()=>r.complete()),m(n=>H({ref:e},n)))}function ki(e,{rx$:t},{keyboard$:r}){let n=new E,o=_e("search-query"),i=A(v(o,"keydown"),v(o,"focus")).pipe(Le(fe),m(()=>o.value),B());return n.pipe(Ze(i),m(([{suggestions:a},c])=>{let f=c.split(/([\s-]+)/);if((a==null?void 0:a.length)&&f[f.length-1]){let u=a[a.length-1];u.startsWith(f[f.length-1])&&(f[f.length-1]=u)}else f.length=0;return f})).subscribe(a=>e.innerHTML=a.join("").replace(/\s/g," ")),r.pipe(x(({mode:a})=>a==="search")).subscribe(a=>{switch(a.type){case"ArrowRight":e.innerText.length&&o.selectionStart===o.value.length&&(o.value=e.innerText);break}}),t.pipe(x(vt),m(({data:a})=>a)).pipe(w(a=>n.next(a)),C(()=>n.complete()),m(()=>({ref:e})))}function Hi(e,{index$:t,keyboard$:r}){let n=le();try{let o=(__search==null?void 0:__search.worker)||n.search,i=Mi(o,t),s=_e("search-query",e),a=_e("search-result",e),{tx$:c,rx$:f}=i;c.pipe(x(Ti),ut(f.pipe(x(bt))),oe(1)).subscribe(c.next.bind(c)),r.pipe(x(({mode:l})=>l==="search")).subscribe(l=>{let d=Ie();switch(l.type){case"Enter":if(d===s){let h=new Map;for(let b of Q(":first-child [href]",a)){let U=b.firstElementChild;h.set(b,parseFloat(U.getAttribute("data-md-score")))}if(h.size){let[[b]]=[...h].sort(([,U],[,G])=>G-U);b.click()}l.claim()}break;case"Escape":case"Tab":Ke("search",!1),s.blur();break;case"ArrowUp":case"ArrowDown":if(typeof d=="undefined")s.focus();else{let h=[s,...Q(":not(details) > [href], summary, details[open] [href]",a)],b=Math.max(0,(Math.max(0,h.indexOf(d))+h.length+(l.type==="ArrowUp"?-1:1))%h.length);h[b].focus()}l.claim();break;default:s!==Ie()&&s.focus()}}),r.pipe(x(({mode:l})=>l==="global")).subscribe(l=>{switch(l.type){case"f":case"s":case"/":s.focus(),s.select(),l.claim();break}});let u=Ai(s,i),p=Ci(a,i,{query$:u});return A(u,p).pipe(et(...te("search-share",e).map(l=>Ri(l,{query$:u})),...te("search-suggest",e).map(l=>ki(l,i,{keyboard$:r}))))}catch(o){return e.hidden=!0,Se}}function Pi(e,{index$:t,location$:r}){return Y([t,r.pipe(N(Oe()),x(n=>!!n.searchParams.get("h")))]).pipe(m(([n,o])=>rn(n.config,!0)(o.searchParams.get("h"))),m(n=>{var s;let o=new Map,i=document.createNodeIterator(e,NodeFilter.SHOW_TEXT);for(let a=i.nextNode();a;a=i.nextNode())if((s=a.parentElement)!=null&&s.offsetHeight){let c=a.textContent,f=n(c);f.length>c.length&&o.set(a,f)}for(let[a,c]of o){let{childNodes:f}=M("span",null,c);a.replaceWith(...Array.from(f))}return{ref:e,nodes:o}}))}function Ps(e,{viewport$:t,main$:r}){let n=e.parentElement,o=n.offsetTop-n.parentElement.offsetTop;return Y([r,t]).pipe(m(([{offset:i,height:s},{offset:{y:a}}])=>(s=s+Math.min(o,Math.max(0,a-i))-o,{height:s,locked:a>=i+o})),B((i,s)=>i.height===s.height&&i.locked===s.locked))}function nn(e,n){var o=n,{header$:t}=o,r=un(o,["header$"]);let i=K(".md-sidebar__scrollwrap",e),{y:s}=qe(i);return P(()=>{let a=new E;return a.pipe(Ae(0,xe),ae(t)).subscribe({next([{height:c},{height:f}]){i.style.height=`${c-2*s}px`,e.style.top=`${f}px`},complete(){i.style.height="",e.style.top=""}}),a.pipe(Le(xe),oe(1)).subscribe(()=>{for(let c of Q(".md-nav__link--active[href]",e)){let f=cr(c);if(typeof f!="undefined"){let u=c.offsetTop-f.offsetTop,{height:p}=he(f);f.scrollTo({top:u-p/2})}}}),Ps(e,r).pipe(w(c=>a.next(c)),C(()=>a.complete()),m(c=>H({ref:e},c)))})}function $i(e,t){if(typeof t!="undefined"){let r=`https://api.github.com/repos/${e}/${t}`;return _t(je(`${r}/releases/latest`).pipe(ce(()=>R),m(n=>({version:n.tag_name})),De({})),je(r).pipe(ce(()=>R),m(n=>({stars:n.stargazers_count,forks:n.forks_count})),De({}))).pipe(m(([n,o])=>H(H({},n),o)))}else{let r=`https://api.github.com/users/${e}`;return je(r).pipe(m(n=>({repositories:n.public_repos})),De({}))}}function Ii(e,t){let r=`https://${e}/api/v4/projects/${encodeURIComponent(t)}`;return je(r).pipe(ce(()=>R),m(({star_count:n,forks_count:o})=>({stars:n,forks:o})),De({}))}function ji(e){let t=e.match(/^.+github\.com\/([^/]+)\/?([^/]+)?/i);if(t){let[,r,n]=t;return $i(r,n)}if(t=e.match(/^.+?([^/]*gitlab[^/]+)\/(.+?)\/?$/i),t){let[,r,n]=t;return Ii(r,n)}return R}var $s;function Is(e){return $s||($s=P(()=>{let t=__md_get("__source",sessionStorage);if(t)return I(t);if(te("consent").length){let n=__md_get("__consent");if(!(n&&n.github))return R}return ji(e.href).pipe(w(n=>__md_set("__source",n,sessionStorage)))}).pipe(ce(()=>R),x(t=>Object.keys(t).length>0),m(t=>({facts:t})),X(1)))}function Fi(e){let t=K(":scope > :last-child",e);return P(()=>{let r=new E;return r.subscribe(({facts:n})=>{t.appendChild(Xo(n)),t.classList.add("md-source__repository--active")}),Is(e).pipe(w(n=>r.next(n)),C(()=>r.complete()),m(n=>H({ref:e},n)))})}function js(e,{viewport$:t,header$:r}){return ve(document.body).pipe(S(()=>dr(e,{header$:r,viewport$:t})),m(({offset:{y:n}})=>({hidden:n>=10})),J("hidden"))}function Ui(e,t){return P(()=>{let r=new E;return r.subscribe({next({hidden:n}){e.hidden=n},complete(){e.hidden=!1}}),(Z("navigation.tabs.sticky")?I({hidden:!1}):js(e,t)).pipe(w(n=>r.next(n)),C(()=>r.complete()),m(n=>H({ref:e},n)))})}function Fs(e,{viewport$:t,header$:r}){let n=new Map,o=Q("[href^=\\#]",e);for(let a of o){let c=decodeURIComponent(a.hash.substring(1)),f=pe(`[id="${c}"]`);typeof f!="undefined"&&n.set(a,f)}let i=r.pipe(J("height"),m(({height:a})=>{let c=_e("main"),f=K(":scope > :first-child",c);return a+.8*(f.offsetTop-c.offsetTop)}),ie());return ve(document.body).pipe(J("height"),S(a=>P(()=>{let c=[];return I([...n].reduce((f,[u,p])=>{for(;c.length&&n.get(c[c.length-1]).tagName>=p.tagName;)c.pop();let l=p.offsetTop;for(;!l&&p.parentElement;)p=p.parentElement,l=p.offsetTop;return f.set([...c=[...c,u]].reverse(),l)},new Map))}).pipe(m(c=>new Map([...c].sort(([,f],[,u])=>f-u))),Ze(i),S(([c,f])=>t.pipe(Ur(([u,p],{offset:{y:l},size:d})=>{let h=l+d.height>=Math.floor(a.height);for(;p.length;){let[,b]=p[0];if(b-f=l&&!h)p=[u.pop(),...p];else break}return[u,p]},[[],[...c]]),B((u,p)=>u[0]===p[0]&&u[1]===p[1])))))).pipe(m(([a,c])=>({prev:a.map(([f])=>f),next:c.map(([f])=>f)})),N({prev:[],next:[]}),Ce(2,1),m(([a,c])=>a.prev.length{let o=new E,i=o.pipe(de(1));if(o.subscribe(({prev:s,next:a})=>{for(let[c]of a)c.classList.remove("md-nav__link--passed"),c.classList.remove("md-nav__link--active");for(let[c,[f]]of s.entries())f.classList.add("md-nav__link--passed"),f.classList.toggle("md-nav__link--active",c===s.length-1)}),Z("toc.follow")){let s=A(t.pipe(Re(1),m(()=>{})),t.pipe(Re(250),m(()=>"smooth")));o.pipe(x(({prev:a})=>a.length>0),ae(s)).subscribe(([{prev:a},c])=>{let[f]=a[a.length-1];if(f.offsetHeight){let u=cr(f);if(typeof u!="undefined"){let p=f.offsetTop-u.offsetTop,{height:l}=he(u);u.scrollTo({top:p-l/2,behavior:c})}}})}return Z("navigation.tracking")&&t.pipe(ee(i),J("offset"),Re(250),He(1),ee(n.pipe(He(1))),Tt({delay:250}),ae(o)).subscribe(([,{prev:s}])=>{let a=Oe(),c=s[s.length-1];if(c&&c.length){let[f]=c,{hash:u}=new URL(f.href);a.hash!==u&&(a.hash=u,history.replaceState({},"",`${a}`))}else a.hash="",history.replaceState({},"",`${a}`)}),Fs(e,{viewport$:t,header$:r}).pipe(w(s=>o.next(s)),C(()=>o.complete()),m(s=>H({ref:e},s)))})}function Us(e,{viewport$:t,main$:r,target$:n}){let o=t.pipe(m(({offset:{y:s}})=>s),Ce(2,1),m(([s,a])=>s>a&&a>0),B()),i=r.pipe(m(({active:s})=>s));return Y([i,o]).pipe(m(([s,a])=>!(s&&a)),B(),ee(n.pipe(He(1))),Fr(!0),Tt({delay:250}),m(s=>({hidden:s})))}function Wi(e,{viewport$:t,header$:r,main$:n,target$:o}){let i=new E,s=i.pipe(de(1));return i.subscribe({next({hidden:a}){e.hidden=a,a?(e.setAttribute("tabindex","-1"),e.blur()):e.removeAttribute("tabindex")},complete(){e.style.top="",e.hidden=!0,e.removeAttribute("tabindex")}}),r.pipe(ee(s),J("height")).subscribe(({height:a})=>{e.style.top=`${a+16}px`}),Us(e,{viewport$:t,main$:n,target$:o}).pipe(w(a=>i.next(a)),C(()=>i.complete()),m(a=>H({ref:e},a)))}function Vi({document$:e,tablet$:t}){e.pipe(S(()=>Q(".md-toggle--indeterminate, [data-md-state=indeterminate]")),w(r=>{r.indeterminate=!0,r.checked=!1}),se(r=>v(r,"change").pipe(Wr(()=>r.classList.contains("md-toggle--indeterminate")),m(()=>r))),ae(t)).subscribe(([r,n])=>{r.classList.remove("md-toggle--indeterminate"),n&&(r.checked=!1)})}function Ds(){return/(iPad|iPhone|iPod)/.test(navigator.userAgent)}function zi({document$:e}){e.pipe(S(()=>Q("[data-md-scrollfix]")),w(t=>t.removeAttribute("data-md-scrollfix")),x(Ds),se(t=>v(t,"touchstart").pipe(m(()=>t)))).subscribe(t=>{let r=t.scrollTop;r===0?t.scrollTop=1:r+t.offsetHeight===t.scrollHeight&&(t.scrollTop=r-1)})}function Ni({viewport$:e,tablet$:t}){Y([dt("search"),t]).pipe(m(([r,n])=>r&&!n),S(r=>I(r).pipe(ke(r?400:100))),ae(e)).subscribe(([r,{offset:{y:n}}])=>{if(r)document.body.setAttribute("data-md-scrolllock",""),document.body.style.top=`-${n}px`;else{let o=-1*parseInt(document.body.style.top,10);document.body.removeAttribute("data-md-scrolllock"),document.body.style.top="",o&&window.scrollTo(0,o)}})}Object.entries||(Object.entries=function(e){let t=[];for(let r of Object.keys(e))t.push([r,e[r]]);return t});Object.values||(Object.values=function(e){let t=[];for(let r of Object.keys(e))t.push(e[r]);return t});typeof Element!="undefined"&&(Element.prototype.scrollTo||(Element.prototype.scrollTo=function(e,t){typeof e=="object"?(this.scrollLeft=e.left,this.scrollTop=e.top):(this.scrollLeft=e,this.scrollTop=t)}),Element.prototype.replaceWith||(Element.prototype.replaceWith=function(...e){let t=this.parentNode;if(t){e.length===0&&t.removeChild(this);for(let r=e.length-1;r>=0;r--){let n=e[r];typeof n=="string"?n=document.createTextNode(n):n.parentNode&&n.parentNode.removeChild(n),r?t.insertBefore(this.previousSibling,n):t.replaceChild(n,this)}}}));document.documentElement.classList.remove("no-js");document.documentElement.classList.add("js");var tt=go(),vr=ko(),gt=jo(),on=Ro(),we=qo(),gr=Kr("(min-width: 960px)"),Ki=Kr("(min-width: 1220px)"),Qi=Fo(),Yi=le(),Bi=document.forms.namedItem("search")?(__search==null?void 0:__search.index)||je(new URL("search/search_index.json",Yi.base)):Se,an=new E;wi({alert$:an});Z("navigation.instant")&&Ei({document$:tt,location$:vr,viewport$:we});var qi;((qi=Yi.version)==null?void 0:qi.provider)==="mike"&&Li({document$:tt});A(vr,gt).pipe(ke(125)).subscribe(()=>{Ke("drawer",!1),Ke("search",!1)});on.pipe(x(({mode:e})=>e==="global")).subscribe(e=>{switch(e.type){case"p":case",":let t=pe("[href][rel=prev]");typeof t!="undefined"&&t.click();break;case"n":case".":let r=pe("[href][rel=next]");typeof r!="undefined"&&r.click();break}});Vi({document$:tt,tablet$:gr});zi({document$:tt});Ni({viewport$:we,tablet$:gr});var Qe=bi(_e("header"),{viewport$:we}),br=tt.pipe(m(()=>_e("main")),S(e=>yi(e,{viewport$:we,header$:Qe})),X(1)),Ws=A(...te("consent").map(e=>Yo(e,{target$:gt})),...te("dialog").map(e=>hi(e,{alert$:an})),...te("header").map(e=>vi(e,{viewport$:we,header$:Qe,main$:br})),...te("palette").map(e=>xi(e)),...te("search").map(e=>Hi(e,{index$:Bi,keyboard$:on})),...te("source").map(e=>Fi(e))),Vs=P(()=>A(...te("announce").map(e=>Qo(e)),...te("content").map(e=>di(e,{viewport$:we,target$:gt,print$:Qi})),...te("content").map(e=>Z("search.highlight")?Pi(e,{index$:Bi,location$:vr}):R),...te("header-title").map(e=>gi(e,{viewport$:we,header$:Qe})),...te("sidebar").map(e=>e.getAttribute("data-md-type")==="navigation"?Qr(Ki,()=>nn(e,{viewport$:we,header$:Qe,main$:br})):Qr(gr,()=>nn(e,{viewport$:we,header$:Qe,main$:br}))),...te("tabs").map(e=>Ui(e,{viewport$:we,header$:Qe})),...te("toc").map(e=>Di(e,{viewport$:we,header$:Qe,target$:gt})),...te("top").map(e=>Wi(e,{viewport$:we,header$:Qe,main$:br,target$:gt})))),Gi=tt.pipe(S(()=>Vs),et(Ws),X(1));Gi.subscribe();window.document$=tt;window.location$=vr;window.target$=gt;window.keyboard$=on;window.viewport$=we;window.tablet$=gr;window.screen$=Ki;window.print$=Qi;window.alert$=an;window.component$=Gi;})(); +//# sourceMappingURL=bundle.d6c3db9e.min.js.map + diff --git a/2.5/assets/javascripts/bundle.d6c3db9e.min.js.map b/2.5/assets/javascripts/bundle.d6c3db9e.min.js.map new file mode 100644 index 000000000..d7449516c --- /dev/null +++ b/2.5/assets/javascripts/bundle.d6c3db9e.min.js.map @@ -0,0 +1,8 @@ +{ + "version": 3, + "sources": ["node_modules/focus-visible/dist/focus-visible.js", "node_modules/url-polyfill/url-polyfill.js", "node_modules/rxjs/node_modules/tslib/tslib.js", "node_modules/clipboard/dist/clipboard.js", "node_modules/escape-html/index.js", "node_modules/array-flat-polyfill/index.mjs", "src/assets/javascripts/bundle.ts", "node_modules/unfetch/polyfill/index.js", "node_modules/rxjs/node_modules/tslib/modules/index.js", "node_modules/rxjs/src/internal/util/isFunction.ts", "node_modules/rxjs/src/internal/util/createErrorClass.ts", "node_modules/rxjs/src/internal/util/UnsubscriptionError.ts", "node_modules/rxjs/src/internal/util/arrRemove.ts", "node_modules/rxjs/src/internal/Subscription.ts", "node_modules/rxjs/src/internal/config.ts", "node_modules/rxjs/src/internal/scheduler/timeoutProvider.ts", "node_modules/rxjs/src/internal/util/reportUnhandledError.ts", "node_modules/rxjs/src/internal/util/noop.ts", "node_modules/rxjs/src/internal/NotificationFactories.ts", "node_modules/rxjs/src/internal/util/errorContext.ts", "node_modules/rxjs/src/internal/Subscriber.ts", "node_modules/rxjs/src/internal/symbol/observable.ts", "node_modules/rxjs/src/internal/util/identity.ts", "node_modules/rxjs/src/internal/util/pipe.ts", "node_modules/rxjs/src/internal/Observable.ts", "node_modules/rxjs/src/internal/util/lift.ts", "node_modules/rxjs/src/internal/operators/OperatorSubscriber.ts", "node_modules/rxjs/src/internal/scheduler/animationFrameProvider.ts", "node_modules/rxjs/src/internal/util/ObjectUnsubscribedError.ts", "node_modules/rxjs/src/internal/Subject.ts", "node_modules/rxjs/src/internal/scheduler/dateTimestampProvider.ts", "node_modules/rxjs/src/internal/ReplaySubject.ts", "node_modules/rxjs/src/internal/scheduler/Action.ts", "node_modules/rxjs/src/internal/scheduler/intervalProvider.ts", "node_modules/rxjs/src/internal/scheduler/AsyncAction.ts", "node_modules/rxjs/src/internal/Scheduler.ts", "node_modules/rxjs/src/internal/scheduler/AsyncScheduler.ts", "node_modules/rxjs/src/internal/scheduler/async.ts", "node_modules/rxjs/src/internal/scheduler/AnimationFrameAction.ts", "node_modules/rxjs/src/internal/scheduler/AnimationFrameScheduler.ts", "node_modules/rxjs/src/internal/scheduler/animationFrame.ts", "node_modules/rxjs/src/internal/observable/empty.ts", "node_modules/rxjs/src/internal/util/isScheduler.ts", "node_modules/rxjs/src/internal/util/args.ts", "node_modules/rxjs/src/internal/util/isArrayLike.ts", "node_modules/rxjs/src/internal/util/isPromise.ts", "node_modules/rxjs/src/internal/util/isInteropObservable.ts", "node_modules/rxjs/src/internal/util/isAsyncIterable.ts", "node_modules/rxjs/src/internal/util/throwUnobservableError.ts", "node_modules/rxjs/src/internal/symbol/iterator.ts", "node_modules/rxjs/src/internal/util/isIterable.ts", "node_modules/rxjs/src/internal/util/isReadableStreamLike.ts", "node_modules/rxjs/src/internal/observable/innerFrom.ts", "node_modules/rxjs/src/internal/util/executeSchedule.ts", "node_modules/rxjs/src/internal/operators/observeOn.ts", "node_modules/rxjs/src/internal/operators/subscribeOn.ts", "node_modules/rxjs/src/internal/scheduled/scheduleObservable.ts", "node_modules/rxjs/src/internal/scheduled/schedulePromise.ts", "node_modules/rxjs/src/internal/scheduled/scheduleArray.ts", "node_modules/rxjs/src/internal/scheduled/scheduleIterable.ts", "node_modules/rxjs/src/internal/scheduled/scheduleAsyncIterable.ts", "node_modules/rxjs/src/internal/scheduled/scheduleReadableStreamLike.ts", "node_modules/rxjs/src/internal/scheduled/scheduled.ts", "node_modules/rxjs/src/internal/observable/from.ts", "node_modules/rxjs/src/internal/observable/of.ts", "node_modules/rxjs/src/internal/observable/throwError.ts", "node_modules/rxjs/src/internal/util/isDate.ts", "node_modules/rxjs/src/internal/operators/map.ts", "node_modules/rxjs/src/internal/util/mapOneOrManyArgs.ts", "node_modules/rxjs/src/internal/util/argsArgArrayOrObject.ts", "node_modules/rxjs/src/internal/util/createObject.ts", "node_modules/rxjs/src/internal/observable/combineLatest.ts", "node_modules/rxjs/src/internal/operators/mergeInternals.ts", "node_modules/rxjs/src/internal/operators/mergeMap.ts", "node_modules/rxjs/src/internal/operators/mergeAll.ts", "node_modules/rxjs/src/internal/operators/concatAll.ts", "node_modules/rxjs/src/internal/observable/concat.ts", "node_modules/rxjs/src/internal/observable/defer.ts", "node_modules/rxjs/src/internal/observable/fromEvent.ts", "node_modules/rxjs/src/internal/observable/fromEventPattern.ts", "node_modules/rxjs/src/internal/observable/timer.ts", "node_modules/rxjs/src/internal/observable/merge.ts", "node_modules/rxjs/src/internal/observable/never.ts", "node_modules/rxjs/src/internal/util/argsOrArgArray.ts", "node_modules/rxjs/src/internal/operators/filter.ts", "node_modules/rxjs/src/internal/observable/zip.ts", "node_modules/rxjs/src/internal/operators/audit.ts", "node_modules/rxjs/src/internal/operators/auditTime.ts", "node_modules/rxjs/src/internal/operators/bufferCount.ts", "node_modules/rxjs/src/internal/operators/catchError.ts", "node_modules/rxjs/src/internal/operators/scanInternals.ts", "node_modules/rxjs/src/internal/operators/combineLatest.ts", "node_modules/rxjs/src/internal/operators/combineLatestWith.ts", "node_modules/rxjs/src/internal/operators/concatMap.ts", "node_modules/rxjs/src/internal/operators/debounceTime.ts", "node_modules/rxjs/src/internal/operators/defaultIfEmpty.ts", "node_modules/rxjs/src/internal/operators/take.ts", "node_modules/rxjs/src/internal/operators/ignoreElements.ts", "node_modules/rxjs/src/internal/operators/mapTo.ts", "node_modules/rxjs/src/internal/operators/delayWhen.ts", "node_modules/rxjs/src/internal/operators/delay.ts", "node_modules/rxjs/src/internal/operators/distinctUntilChanged.ts", "node_modules/rxjs/src/internal/operators/distinctUntilKeyChanged.ts", "node_modules/rxjs/src/internal/operators/endWith.ts", "node_modules/rxjs/src/internal/operators/finalize.ts", "node_modules/rxjs/src/internal/operators/takeLast.ts", "node_modules/rxjs/src/internal/operators/merge.ts", "node_modules/rxjs/src/internal/operators/mergeWith.ts", "node_modules/rxjs/src/internal/operators/repeat.ts", "node_modules/rxjs/src/internal/operators/sample.ts", "node_modules/rxjs/src/internal/operators/scan.ts", "node_modules/rxjs/src/internal/operators/share.ts", "node_modules/rxjs/src/internal/operators/shareReplay.ts", "node_modules/rxjs/src/internal/operators/skip.ts", "node_modules/rxjs/src/internal/operators/skipUntil.ts", "node_modules/rxjs/src/internal/operators/startWith.ts", "node_modules/rxjs/src/internal/operators/switchMap.ts", "node_modules/rxjs/src/internal/operators/takeUntil.ts", "node_modules/rxjs/src/internal/operators/takeWhile.ts", "node_modules/rxjs/src/internal/operators/tap.ts", "node_modules/rxjs/src/internal/operators/throttle.ts", "node_modules/rxjs/src/internal/operators/throttleTime.ts", "node_modules/rxjs/src/internal/operators/withLatestFrom.ts", "node_modules/rxjs/src/internal/operators/zip.ts", "node_modules/rxjs/src/internal/operators/zipWith.ts", "src/assets/javascripts/browser/document/index.ts", "src/assets/javascripts/browser/element/_/index.ts", "src/assets/javascripts/browser/element/focus/index.ts", "src/assets/javascripts/browser/element/offset/_/index.ts", "src/assets/javascripts/browser/element/offset/content/index.ts", "node_modules/resize-observer-polyfill/dist/ResizeObserver.es.js", "src/assets/javascripts/browser/element/size/_/index.ts", "src/assets/javascripts/browser/element/size/content/index.ts", "src/assets/javascripts/browser/element/visibility/index.ts", "src/assets/javascripts/browser/toggle/index.ts", "src/assets/javascripts/browser/keyboard/index.ts", "src/assets/javascripts/browser/location/_/index.ts", "src/assets/javascripts/utilities/h/index.ts", "src/assets/javascripts/utilities/string/index.ts", "src/assets/javascripts/browser/location/hash/index.ts", "src/assets/javascripts/browser/media/index.ts", "src/assets/javascripts/browser/request/index.ts", "src/assets/javascripts/browser/script/index.ts", "src/assets/javascripts/browser/viewport/offset/index.ts", "src/assets/javascripts/browser/viewport/size/index.ts", "src/assets/javascripts/browser/viewport/_/index.ts", "src/assets/javascripts/browser/viewport/at/index.ts", "src/assets/javascripts/browser/worker/index.ts", "src/assets/javascripts/_/index.ts", "src/assets/javascripts/components/_/index.ts", "src/assets/javascripts/components/announce/index.ts", "src/assets/javascripts/components/consent/index.ts", "src/assets/javascripts/components/content/code/_/index.ts", "src/assets/javascripts/templates/tooltip/index.tsx", "src/assets/javascripts/templates/annotation/index.tsx", "src/assets/javascripts/templates/clipboard/index.tsx", "src/assets/javascripts/templates/search/index.tsx", "src/assets/javascripts/templates/source/index.tsx", "src/assets/javascripts/templates/tabbed/index.tsx", "src/assets/javascripts/templates/table/index.tsx", "src/assets/javascripts/templates/version/index.tsx", "src/assets/javascripts/components/content/annotation/_/index.ts", "src/assets/javascripts/components/content/annotation/list/index.ts", "src/assets/javascripts/components/content/code/mermaid/index.ts", "src/assets/javascripts/components/content/details/index.ts", "src/assets/javascripts/components/content/table/index.ts", "src/assets/javascripts/components/content/tabs/index.ts", "src/assets/javascripts/components/content/_/index.ts", "src/assets/javascripts/components/dialog/index.ts", "src/assets/javascripts/components/header/_/index.ts", "src/assets/javascripts/components/header/title/index.ts", "src/assets/javascripts/components/main/index.ts", "src/assets/javascripts/components/palette/index.ts", "src/assets/javascripts/integrations/clipboard/index.ts", "src/assets/javascripts/integrations/sitemap/index.ts", "src/assets/javascripts/integrations/instant/index.ts", "src/assets/javascripts/integrations/search/document/index.ts", "src/assets/javascripts/integrations/search/highlighter/index.ts", "src/assets/javascripts/integrations/search/query/transform/index.ts", "src/assets/javascripts/integrations/search/worker/message/index.ts", "src/assets/javascripts/integrations/search/worker/_/index.ts", "src/assets/javascripts/integrations/version/index.ts", "src/assets/javascripts/components/search/query/index.ts", "src/assets/javascripts/components/search/result/index.ts", "src/assets/javascripts/components/search/share/index.ts", "src/assets/javascripts/components/search/suggest/index.ts", "src/assets/javascripts/components/search/_/index.ts", "src/assets/javascripts/components/search/highlight/index.ts", "src/assets/javascripts/components/sidebar/index.ts", "src/assets/javascripts/components/source/facts/github/index.ts", "src/assets/javascripts/components/source/facts/gitlab/index.ts", "src/assets/javascripts/components/source/facts/_/index.ts", "src/assets/javascripts/components/source/_/index.ts", "src/assets/javascripts/components/tabs/index.ts", "src/assets/javascripts/components/toc/index.ts", "src/assets/javascripts/components/top/index.ts", "src/assets/javascripts/patches/indeterminate/index.ts", "src/assets/javascripts/patches/scrollfix/index.ts", "src/assets/javascripts/patches/scrolllock/index.ts", "src/assets/javascripts/polyfills/index.ts"], + "sourceRoot": "../../../..", + "sourcesContent": ["(function (global, factory) {\n typeof exports === 'object' && typeof module !== 'undefined' ? factory() :\n typeof define === 'function' && define.amd ? define(factory) :\n (factory());\n}(this, (function () { 'use strict';\n\n /**\n * Applies the :focus-visible polyfill at the given scope.\n * A scope in this case is either the top-level Document or a Shadow Root.\n *\n * @param {(Document|ShadowRoot)} scope\n * @see https://github.com/WICG/focus-visible\n */\n function applyFocusVisiblePolyfill(scope) {\n var hadKeyboardEvent = true;\n var hadFocusVisibleRecently = false;\n var hadFocusVisibleRecentlyTimeout = null;\n\n var inputTypesAllowlist = {\n text: true,\n search: true,\n url: true,\n tel: true,\n email: true,\n password: true,\n number: true,\n date: true,\n month: true,\n week: true,\n time: true,\n datetime: true,\n 'datetime-local': true\n };\n\n /**\n * Helper function for legacy browsers and iframes which sometimes focus\n * elements like document, body, and non-interactive SVG.\n * @param {Element} el\n */\n function isValidFocusTarget(el) {\n if (\n el &&\n el !== document &&\n el.nodeName !== 'HTML' &&\n el.nodeName !== 'BODY' &&\n 'classList' in el &&\n 'contains' in el.classList\n ) {\n return true;\n }\n return false;\n }\n\n /**\n * Computes whether the given element should automatically trigger the\n * `focus-visible` class being added, i.e. whether it should always match\n * `:focus-visible` when focused.\n * @param {Element} el\n * @return {boolean}\n */\n function focusTriggersKeyboardModality(el) {\n var type = el.type;\n var tagName = el.tagName;\n\n if (tagName === 'INPUT' && inputTypesAllowlist[type] && !el.readOnly) {\n return true;\n }\n\n if (tagName === 'TEXTAREA' && !el.readOnly) {\n return true;\n }\n\n if (el.isContentEditable) {\n return true;\n }\n\n return false;\n }\n\n /**\n * Add the `focus-visible` class to the given element if it was not added by\n * the author.\n * @param {Element} el\n */\n function addFocusVisibleClass(el) {\n if (el.classList.contains('focus-visible')) {\n return;\n }\n el.classList.add('focus-visible');\n el.setAttribute('data-focus-visible-added', '');\n }\n\n /**\n * Remove the `focus-visible` class from the given element if it was not\n * originally added by the author.\n * @param {Element} el\n */\n function removeFocusVisibleClass(el) {\n if (!el.hasAttribute('data-focus-visible-added')) {\n return;\n }\n el.classList.remove('focus-visible');\n el.removeAttribute('data-focus-visible-added');\n }\n\n /**\n * If the most recent user interaction was via the keyboard;\n * and the key press did not include a meta, alt/option, or control key;\n * then the modality is keyboard. Otherwise, the modality is not keyboard.\n * Apply `focus-visible` to any current active element and keep track\n * of our keyboard modality state with `hadKeyboardEvent`.\n * @param {KeyboardEvent} e\n */\n function onKeyDown(e) {\n if (e.metaKey || e.altKey || e.ctrlKey) {\n return;\n }\n\n if (isValidFocusTarget(scope.activeElement)) {\n addFocusVisibleClass(scope.activeElement);\n }\n\n hadKeyboardEvent = true;\n }\n\n /**\n * If at any point a user clicks with a pointing device, ensure that we change\n * the modality away from keyboard.\n * This avoids the situation where a user presses a key on an already focused\n * element, and then clicks on a different element, focusing it with a\n * pointing device, while we still think we're in keyboard modality.\n * @param {Event} e\n */\n function onPointerDown(e) {\n hadKeyboardEvent = false;\n }\n\n /**\n * On `focus`, add the `focus-visible` class to the target if:\n * - the target received focus as a result of keyboard navigation, or\n * - the event target is an element that will likely require interaction\n * via the keyboard (e.g. a text box)\n * @param {Event} e\n */\n function onFocus(e) {\n // Prevent IE from focusing the document or HTML element.\n if (!isValidFocusTarget(e.target)) {\n return;\n }\n\n if (hadKeyboardEvent || focusTriggersKeyboardModality(e.target)) {\n addFocusVisibleClass(e.target);\n }\n }\n\n /**\n * On `blur`, remove the `focus-visible` class from the target.\n * @param {Event} e\n */\n function onBlur(e) {\n if (!isValidFocusTarget(e.target)) {\n return;\n }\n\n if (\n e.target.classList.contains('focus-visible') ||\n e.target.hasAttribute('data-focus-visible-added')\n ) {\n // To detect a tab/window switch, we look for a blur event followed\n // rapidly by a visibility change.\n // If we don't see a visibility change within 100ms, it's probably a\n // regular focus change.\n hadFocusVisibleRecently = true;\n window.clearTimeout(hadFocusVisibleRecentlyTimeout);\n hadFocusVisibleRecentlyTimeout = window.setTimeout(function() {\n hadFocusVisibleRecently = false;\n }, 100);\n removeFocusVisibleClass(e.target);\n }\n }\n\n /**\n * If the user changes tabs, keep track of whether or not the previously\n * focused element had .focus-visible.\n * @param {Event} e\n */\n function onVisibilityChange(e) {\n if (document.visibilityState === 'hidden') {\n // If the tab becomes active again, the browser will handle calling focus\n // on the element (Safari actually calls it twice).\n // If this tab change caused a blur on an element with focus-visible,\n // re-apply the class when the user switches back to the tab.\n if (hadFocusVisibleRecently) {\n hadKeyboardEvent = true;\n }\n addInitialPointerMoveListeners();\n }\n }\n\n /**\n * Add a group of listeners to detect usage of any pointing devices.\n * These listeners will be added when the polyfill first loads, and anytime\n * the window is blurred, so that they are active when the window regains\n * focus.\n */\n function addInitialPointerMoveListeners() {\n document.addEventListener('mousemove', onInitialPointerMove);\n document.addEventListener('mousedown', onInitialPointerMove);\n document.addEventListener('mouseup', onInitialPointerMove);\n document.addEventListener('pointermove', onInitialPointerMove);\n document.addEventListener('pointerdown', onInitialPointerMove);\n document.addEventListener('pointerup', onInitialPointerMove);\n document.addEventListener('touchmove', onInitialPointerMove);\n document.addEventListener('touchstart', onInitialPointerMove);\n document.addEventListener('touchend', onInitialPointerMove);\n }\n\n function removeInitialPointerMoveListeners() {\n document.removeEventListener('mousemove', onInitialPointerMove);\n document.removeEventListener('mousedown', onInitialPointerMove);\n document.removeEventListener('mouseup', onInitialPointerMove);\n document.removeEventListener('pointermove', onInitialPointerMove);\n document.removeEventListener('pointerdown', onInitialPointerMove);\n document.removeEventListener('pointerup', onInitialPointerMove);\n document.removeEventListener('touchmove', onInitialPointerMove);\n document.removeEventListener('touchstart', onInitialPointerMove);\n document.removeEventListener('touchend', onInitialPointerMove);\n }\n\n /**\n * When the polfyill first loads, assume the user is in keyboard modality.\n * If any event is received from a pointing device (e.g. mouse, pointer,\n * touch), turn off keyboard modality.\n * This accounts for situations where focus enters the page from the URL bar.\n * @param {Event} e\n */\n function onInitialPointerMove(e) {\n // Work around a Safari quirk that fires a mousemove on whenever the\n // window blurs, even if you're tabbing out of the page. \u00AF\\_(\u30C4)_/\u00AF\n if (e.target.nodeName && e.target.nodeName.toLowerCase() === 'html') {\n return;\n }\n\n hadKeyboardEvent = false;\n removeInitialPointerMoveListeners();\n }\n\n // For some kinds of state, we are interested in changes at the global scope\n // only. For example, global pointer input, global key presses and global\n // visibility change should affect the state at every scope:\n document.addEventListener('keydown', onKeyDown, true);\n document.addEventListener('mousedown', onPointerDown, true);\n document.addEventListener('pointerdown', onPointerDown, true);\n document.addEventListener('touchstart', onPointerDown, true);\n document.addEventListener('visibilitychange', onVisibilityChange, true);\n\n addInitialPointerMoveListeners();\n\n // For focus and blur, we specifically care about state changes in the local\n // scope. This is because focus / blur events that originate from within a\n // shadow root are not re-dispatched from the host element if it was already\n // the active element in its own scope:\n scope.addEventListener('focus', onFocus, true);\n scope.addEventListener('blur', onBlur, true);\n\n // We detect that a node is a ShadowRoot by ensuring that it is a\n // DocumentFragment and also has a host property. This check covers native\n // implementation and polyfill implementation transparently. If we only cared\n // about the native implementation, we could just check if the scope was\n // an instance of a ShadowRoot.\n if (scope.nodeType === Node.DOCUMENT_FRAGMENT_NODE && scope.host) {\n // Since a ShadowRoot is a special kind of DocumentFragment, it does not\n // have a root element to add a class to. So, we add this attribute to the\n // host element instead:\n scope.host.setAttribute('data-js-focus-visible', '');\n } else if (scope.nodeType === Node.DOCUMENT_NODE) {\n document.documentElement.classList.add('js-focus-visible');\n document.documentElement.setAttribute('data-js-focus-visible', '');\n }\n }\n\n // It is important to wrap all references to global window and document in\n // these checks to support server-side rendering use cases\n // @see https://github.com/WICG/focus-visible/issues/199\n if (typeof window !== 'undefined' && typeof document !== 'undefined') {\n // Make the polyfill helper globally available. This can be used as a signal\n // to interested libraries that wish to coordinate with the polyfill for e.g.,\n // applying the polyfill to a shadow root:\n window.applyFocusVisiblePolyfill = applyFocusVisiblePolyfill;\n\n // Notify interested libraries of the polyfill's presence, in case the\n // polyfill was loaded lazily:\n var event;\n\n try {\n event = new CustomEvent('focus-visible-polyfill-ready');\n } catch (error) {\n // IE11 does not support using CustomEvent as a constructor directly:\n event = document.createEvent('CustomEvent');\n event.initCustomEvent('focus-visible-polyfill-ready', false, false, {});\n }\n\n window.dispatchEvent(event);\n }\n\n if (typeof document !== 'undefined') {\n // Apply the polyfill to the global document, so that no JavaScript\n // coordination is required to use the polyfill in the top-level document:\n applyFocusVisiblePolyfill(document);\n }\n\n})));\n", "(function(global) {\r\n /**\r\n * Polyfill URLSearchParams\r\n *\r\n * Inspired from : https://github.com/WebReflection/url-search-params/blob/master/src/url-search-params.js\r\n */\r\n\r\n var checkIfIteratorIsSupported = function() {\r\n try {\r\n return !!Symbol.iterator;\r\n } catch (error) {\r\n return false;\r\n }\r\n };\r\n\r\n\r\n var iteratorSupported = checkIfIteratorIsSupported();\r\n\r\n var createIterator = function(items) {\r\n var iterator = {\r\n next: function() {\r\n var value = items.shift();\r\n return { done: value === void 0, value: value };\r\n }\r\n };\r\n\r\n if (iteratorSupported) {\r\n iterator[Symbol.iterator] = function() {\r\n return iterator;\r\n };\r\n }\r\n\r\n return iterator;\r\n };\r\n\r\n /**\r\n * Search param name and values should be encoded according to https://url.spec.whatwg.org/#urlencoded-serializing\r\n * encodeURIComponent() produces the same result except encoding spaces as `%20` instead of `+`.\r\n */\r\n var serializeParam = function(value) {\r\n return encodeURIComponent(value).replace(/%20/g, '+');\r\n };\r\n\r\n var deserializeParam = function(value) {\r\n return decodeURIComponent(String(value).replace(/\\+/g, ' '));\r\n };\r\n\r\n var polyfillURLSearchParams = function() {\r\n\r\n var URLSearchParams = function(searchString) {\r\n Object.defineProperty(this, '_entries', { writable: true, value: {} });\r\n var typeofSearchString = typeof searchString;\r\n\r\n if (typeofSearchString === 'undefined') {\r\n // do nothing\r\n } else if (typeofSearchString === 'string') {\r\n if (searchString !== '') {\r\n this._fromString(searchString);\r\n }\r\n } else if (searchString instanceof URLSearchParams) {\r\n var _this = this;\r\n searchString.forEach(function(value, name) {\r\n _this.append(name, value);\r\n });\r\n } else if ((searchString !== null) && (typeofSearchString === 'object')) {\r\n if (Object.prototype.toString.call(searchString) === '[object Array]') {\r\n for (var i = 0; i < searchString.length; i++) {\r\n var entry = searchString[i];\r\n if ((Object.prototype.toString.call(entry) === '[object Array]') || (entry.length !== 2)) {\r\n this.append(entry[0], entry[1]);\r\n } else {\r\n throw new TypeError('Expected [string, any] as entry at index ' + i + ' of URLSearchParams\\'s input');\r\n }\r\n }\r\n } else {\r\n for (var key in searchString) {\r\n if (searchString.hasOwnProperty(key)) {\r\n this.append(key, searchString[key]);\r\n }\r\n }\r\n }\r\n } else {\r\n throw new TypeError('Unsupported input\\'s type for URLSearchParams');\r\n }\r\n };\r\n\r\n var proto = URLSearchParams.prototype;\r\n\r\n proto.append = function(name, value) {\r\n if (name in this._entries) {\r\n this._entries[name].push(String(value));\r\n } else {\r\n this._entries[name] = [String(value)];\r\n }\r\n };\r\n\r\n proto.delete = function(name) {\r\n delete this._entries[name];\r\n };\r\n\r\n proto.get = function(name) {\r\n return (name in this._entries) ? this._entries[name][0] : null;\r\n };\r\n\r\n proto.getAll = function(name) {\r\n return (name in this._entries) ? this._entries[name].slice(0) : [];\r\n };\r\n\r\n proto.has = function(name) {\r\n return (name in this._entries);\r\n };\r\n\r\n proto.set = function(name, value) {\r\n this._entries[name] = [String(value)];\r\n };\r\n\r\n proto.forEach = function(callback, thisArg) {\r\n var entries;\r\n for (var name in this._entries) {\r\n if (this._entries.hasOwnProperty(name)) {\r\n entries = this._entries[name];\r\n for (var i = 0; i < entries.length; i++) {\r\n callback.call(thisArg, entries[i], name, this);\r\n }\r\n }\r\n }\r\n };\r\n\r\n proto.keys = function() {\r\n var items = [];\r\n this.forEach(function(value, name) {\r\n items.push(name);\r\n });\r\n return createIterator(items);\r\n };\r\n\r\n proto.values = function() {\r\n var items = [];\r\n this.forEach(function(value) {\r\n items.push(value);\r\n });\r\n return createIterator(items);\r\n };\r\n\r\n proto.entries = function() {\r\n var items = [];\r\n this.forEach(function(value, name) {\r\n items.push([name, value]);\r\n });\r\n return createIterator(items);\r\n };\r\n\r\n if (iteratorSupported) {\r\n proto[Symbol.iterator] = proto.entries;\r\n }\r\n\r\n proto.toString = function() {\r\n var searchArray = [];\r\n this.forEach(function(value, name) {\r\n searchArray.push(serializeParam(name) + '=' + serializeParam(value));\r\n });\r\n return searchArray.join('&');\r\n };\r\n\r\n\r\n global.URLSearchParams = URLSearchParams;\r\n };\r\n\r\n var checkIfURLSearchParamsSupported = function() {\r\n try {\r\n var URLSearchParams = global.URLSearchParams;\r\n\r\n return (\r\n (new URLSearchParams('?a=1').toString() === 'a=1') &&\r\n (typeof URLSearchParams.prototype.set === 'function') &&\r\n (typeof URLSearchParams.prototype.entries === 'function')\r\n );\r\n } catch (e) {\r\n return false;\r\n }\r\n };\r\n\r\n if (!checkIfURLSearchParamsSupported()) {\r\n polyfillURLSearchParams();\r\n }\r\n\r\n var proto = global.URLSearchParams.prototype;\r\n\r\n if (typeof proto.sort !== 'function') {\r\n proto.sort = function() {\r\n var _this = this;\r\n var items = [];\r\n this.forEach(function(value, name) {\r\n items.push([name, value]);\r\n if (!_this._entries) {\r\n _this.delete(name);\r\n }\r\n });\r\n items.sort(function(a, b) {\r\n if (a[0] < b[0]) {\r\n return -1;\r\n } else if (a[0] > b[0]) {\r\n return +1;\r\n } else {\r\n return 0;\r\n }\r\n });\r\n if (_this._entries) { // force reset because IE keeps keys index\r\n _this._entries = {};\r\n }\r\n for (var i = 0; i < items.length; i++) {\r\n this.append(items[i][0], items[i][1]);\r\n }\r\n };\r\n }\r\n\r\n if (typeof proto._fromString !== 'function') {\r\n Object.defineProperty(proto, '_fromString', {\r\n enumerable: false,\r\n configurable: false,\r\n writable: false,\r\n value: function(searchString) {\r\n if (this._entries) {\r\n this._entries = {};\r\n } else {\r\n var keys = [];\r\n this.forEach(function(value, name) {\r\n keys.push(name);\r\n });\r\n for (var i = 0; i < keys.length; i++) {\r\n this.delete(keys[i]);\r\n }\r\n }\r\n\r\n searchString = searchString.replace(/^\\?/, '');\r\n var attributes = searchString.split('&');\r\n var attribute;\r\n for (var i = 0; i < attributes.length; i++) {\r\n attribute = attributes[i].split('=');\r\n this.append(\r\n deserializeParam(attribute[0]),\r\n (attribute.length > 1) ? deserializeParam(attribute[1]) : ''\r\n );\r\n }\r\n }\r\n });\r\n }\r\n\r\n // HTMLAnchorElement\r\n\r\n})(\r\n (typeof global !== 'undefined') ? global\r\n : ((typeof window !== 'undefined') ? window\r\n : ((typeof self !== 'undefined') ? self : this))\r\n);\r\n\r\n(function(global) {\r\n /**\r\n * Polyfill URL\r\n *\r\n * Inspired from : https://github.com/arv/DOM-URL-Polyfill/blob/master/src/url.js\r\n */\r\n\r\n var checkIfURLIsSupported = function() {\r\n try {\r\n var u = new global.URL('b', 'http://a');\r\n u.pathname = 'c d';\r\n return (u.href === 'http://a/c%20d') && u.searchParams;\r\n } catch (e) {\r\n return false;\r\n }\r\n };\r\n\r\n\r\n var polyfillURL = function() {\r\n var _URL = global.URL;\r\n\r\n var URL = function(url, base) {\r\n if (typeof url !== 'string') url = String(url);\r\n if (base && typeof base !== 'string') base = String(base);\r\n\r\n // Only create another document if the base is different from current location.\r\n var doc = document, baseElement;\r\n if (base && (global.location === void 0 || base !== global.location.href)) {\r\n base = base.toLowerCase();\r\n doc = document.implementation.createHTMLDocument('');\r\n baseElement = doc.createElement('base');\r\n baseElement.href = base;\r\n doc.head.appendChild(baseElement);\r\n try {\r\n if (baseElement.href.indexOf(base) !== 0) throw new Error(baseElement.href);\r\n } catch (err) {\r\n throw new Error('URL unable to set base ' + base + ' due to ' + err);\r\n }\r\n }\r\n\r\n var anchorElement = doc.createElement('a');\r\n anchorElement.href = url;\r\n if (baseElement) {\r\n doc.body.appendChild(anchorElement);\r\n anchorElement.href = anchorElement.href; // force href to refresh\r\n }\r\n\r\n var inputElement = doc.createElement('input');\r\n inputElement.type = 'url';\r\n inputElement.value = url;\r\n\r\n if (anchorElement.protocol === ':' || !/:/.test(anchorElement.href) || (!inputElement.checkValidity() && !base)) {\r\n throw new TypeError('Invalid URL');\r\n }\r\n\r\n Object.defineProperty(this, '_anchorElement', {\r\n value: anchorElement\r\n });\r\n\r\n\r\n // create a linked searchParams which reflect its changes on URL\r\n var searchParams = new global.URLSearchParams(this.search);\r\n var enableSearchUpdate = true;\r\n var enableSearchParamsUpdate = true;\r\n var _this = this;\r\n ['append', 'delete', 'set'].forEach(function(methodName) {\r\n var method = searchParams[methodName];\r\n searchParams[methodName] = function() {\r\n method.apply(searchParams, arguments);\r\n if (enableSearchUpdate) {\r\n enableSearchParamsUpdate = false;\r\n _this.search = searchParams.toString();\r\n enableSearchParamsUpdate = true;\r\n }\r\n };\r\n });\r\n\r\n Object.defineProperty(this, 'searchParams', {\r\n value: searchParams,\r\n enumerable: true\r\n });\r\n\r\n var search = void 0;\r\n Object.defineProperty(this, '_updateSearchParams', {\r\n enumerable: false,\r\n configurable: false,\r\n writable: false,\r\n value: function() {\r\n if (this.search !== search) {\r\n search = this.search;\r\n if (enableSearchParamsUpdate) {\r\n enableSearchUpdate = false;\r\n this.searchParams._fromString(this.search);\r\n enableSearchUpdate = true;\r\n }\r\n }\r\n }\r\n });\r\n };\r\n\r\n var proto = URL.prototype;\r\n\r\n var linkURLWithAnchorAttribute = function(attributeName) {\r\n Object.defineProperty(proto, attributeName, {\r\n get: function() {\r\n return this._anchorElement[attributeName];\r\n },\r\n set: function(value) {\r\n this._anchorElement[attributeName] = value;\r\n },\r\n enumerable: true\r\n });\r\n };\r\n\r\n ['hash', 'host', 'hostname', 'port', 'protocol']\r\n .forEach(function(attributeName) {\r\n linkURLWithAnchorAttribute(attributeName);\r\n });\r\n\r\n Object.defineProperty(proto, 'search', {\r\n get: function() {\r\n return this._anchorElement['search'];\r\n },\r\n set: function(value) {\r\n this._anchorElement['search'] = value;\r\n this._updateSearchParams();\r\n },\r\n enumerable: true\r\n });\r\n\r\n Object.defineProperties(proto, {\r\n\r\n 'toString': {\r\n get: function() {\r\n var _this = this;\r\n return function() {\r\n return _this.href;\r\n };\r\n }\r\n },\r\n\r\n 'href': {\r\n get: function() {\r\n return this._anchorElement.href.replace(/\\?$/, '');\r\n },\r\n set: function(value) {\r\n this._anchorElement.href = value;\r\n this._updateSearchParams();\r\n },\r\n enumerable: true\r\n },\r\n\r\n 'pathname': {\r\n get: function() {\r\n return this._anchorElement.pathname.replace(/(^\\/?)/, '/');\r\n },\r\n set: function(value) {\r\n this._anchorElement.pathname = value;\r\n },\r\n enumerable: true\r\n },\r\n\r\n 'origin': {\r\n get: function() {\r\n // get expected port from protocol\r\n var expectedPort = { 'http:': 80, 'https:': 443, 'ftp:': 21 }[this._anchorElement.protocol];\r\n // add port to origin if, expected port is different than actual port\r\n // and it is not empty f.e http://foo:8080\r\n // 8080 != 80 && 8080 != ''\r\n var addPortToOrigin = this._anchorElement.port != expectedPort &&\r\n this._anchorElement.port !== '';\r\n\r\n return this._anchorElement.protocol +\r\n '//' +\r\n this._anchorElement.hostname +\r\n (addPortToOrigin ? (':' + this._anchorElement.port) : '');\r\n },\r\n enumerable: true\r\n },\r\n\r\n 'password': { // TODO\r\n get: function() {\r\n return '';\r\n },\r\n set: function(value) {\r\n },\r\n enumerable: true\r\n },\r\n\r\n 'username': { // TODO\r\n get: function() {\r\n return '';\r\n },\r\n set: function(value) {\r\n },\r\n enumerable: true\r\n },\r\n });\r\n\r\n URL.createObjectURL = function(blob) {\r\n return _URL.createObjectURL.apply(_URL, arguments);\r\n };\r\n\r\n URL.revokeObjectURL = function(url) {\r\n return _URL.revokeObjectURL.apply(_URL, arguments);\r\n };\r\n\r\n global.URL = URL;\r\n\r\n };\r\n\r\n if (!checkIfURLIsSupported()) {\r\n polyfillURL();\r\n }\r\n\r\n if ((global.location !== void 0) && !('origin' in global.location)) {\r\n var getOrigin = function() {\r\n return global.location.protocol + '//' + global.location.hostname + (global.location.port ? (':' + global.location.port) : '');\r\n };\r\n\r\n try {\r\n Object.defineProperty(global.location, 'origin', {\r\n get: getOrigin,\r\n enumerable: true\r\n });\r\n } catch (e) {\r\n setInterval(function() {\r\n global.location.origin = getOrigin();\r\n }, 100);\r\n }\r\n }\r\n\r\n})(\r\n (typeof global !== 'undefined') ? global\r\n : ((typeof window !== 'undefined') ? window\r\n : ((typeof self !== 'undefined') ? self : this))\r\n);\r\n", "/*! *****************************************************************************\r\nCopyright (c) Microsoft Corporation.\r\n\r\nPermission to use, copy, modify, and/or distribute this software for any\r\npurpose with or without fee is hereby granted.\r\n\r\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH\r\nREGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\r\nAND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,\r\nINDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\r\nLOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR\r\nOTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\r\nPERFORMANCE OF THIS SOFTWARE.\r\n***************************************************************************** */\r\n/* global global, define, System, Reflect, Promise */\r\nvar __extends;\r\nvar __assign;\r\nvar __rest;\r\nvar __decorate;\r\nvar __param;\r\nvar __metadata;\r\nvar __awaiter;\r\nvar __generator;\r\nvar __exportStar;\r\nvar __values;\r\nvar __read;\r\nvar __spread;\r\nvar __spreadArrays;\r\nvar __spreadArray;\r\nvar __await;\r\nvar __asyncGenerator;\r\nvar __asyncDelegator;\r\nvar __asyncValues;\r\nvar __makeTemplateObject;\r\nvar __importStar;\r\nvar __importDefault;\r\nvar __classPrivateFieldGet;\r\nvar __classPrivateFieldSet;\r\nvar __createBinding;\r\n(function (factory) {\r\n var root = typeof global === \"object\" ? global : typeof self === \"object\" ? self : typeof this === \"object\" ? this : {};\r\n if (typeof define === \"function\" && define.amd) {\r\n define(\"tslib\", [\"exports\"], function (exports) { factory(createExporter(root, createExporter(exports))); });\r\n }\r\n else if (typeof module === \"object\" && typeof module.exports === \"object\") {\r\n factory(createExporter(root, createExporter(module.exports)));\r\n }\r\n else {\r\n factory(createExporter(root));\r\n }\r\n function createExporter(exports, previous) {\r\n if (exports !== root) {\r\n if (typeof Object.create === \"function\") {\r\n Object.defineProperty(exports, \"__esModule\", { value: true });\r\n }\r\n else {\r\n exports.__esModule = true;\r\n }\r\n }\r\n return function (id, v) { return exports[id] = previous ? previous(id, v) : v; };\r\n }\r\n})\r\n(function (exporter) {\r\n var extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };\r\n\r\n __extends = function (d, b) {\r\n if (typeof b !== \"function\" && b !== null)\r\n throw new TypeError(\"Class extends value \" + String(b) + \" is not a constructor or null\");\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n };\r\n\r\n __assign = Object.assign || function (t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n };\r\n\r\n __rest = function (s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {\r\n if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))\r\n t[p[i]] = s[p[i]];\r\n }\r\n return t;\r\n };\r\n\r\n __decorate = function (decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n };\r\n\r\n __param = function (paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n };\r\n\r\n __metadata = function (metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n };\r\n\r\n __awaiter = function (thisArg, _arguments, P, generator) {\r\n function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n };\r\n\r\n __generator = function (thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n };\r\n\r\n __exportStar = function(m, o) {\r\n for (var p in m) if (p !== \"default\" && !Object.prototype.hasOwnProperty.call(o, p)) __createBinding(o, m, p);\r\n };\r\n\r\n __createBinding = Object.create ? (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });\r\n }) : (function(o, m, k, k2) {\r\n if (k2 === undefined) k2 = k;\r\n o[k2] = m[k];\r\n });\r\n\r\n __values = function (o) {\r\n var s = typeof Symbol === \"function\" && Symbol.iterator, m = s && o[s], i = 0;\r\n if (m) return m.call(o);\r\n if (o && typeof o.length === \"number\") return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n throw new TypeError(s ? \"Object is not iterable.\" : \"Symbol.iterator is not defined.\");\r\n };\r\n\r\n __read = function (o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n };\r\n\r\n /** @deprecated */\r\n __spread = function () {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n };\r\n\r\n /** @deprecated */\r\n __spreadArrays = function () {\r\n for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length;\r\n for (var r = Array(s), k = 0, i = 0; i < il; i++)\r\n for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)\r\n r[k] = a[j];\r\n return r;\r\n };\r\n\r\n __spreadArray = function (to, from, pack) {\r\n if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {\r\n if (ar || !(i in from)) {\r\n if (!ar) ar = Array.prototype.slice.call(from, 0, i);\r\n ar[i] = from[i];\r\n }\r\n }\r\n return to.concat(ar || Array.prototype.slice.call(from));\r\n };\r\n\r\n __await = function (v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n };\r\n\r\n __asyncGenerator = function (thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n };\r\n\r\n __asyncDelegator = function (o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n };\r\n\r\n __asyncValues = function (o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n };\r\n\r\n __makeTemplateObject = function (cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n };\r\n\r\n var __setModuleDefault = Object.create ? (function(o, v) {\r\n Object.defineProperty(o, \"default\", { enumerable: true, value: v });\r\n }) : function(o, v) {\r\n o[\"default\"] = v;\r\n };\r\n\r\n __importStar = function (mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (k !== \"default\" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);\r\n __setModuleDefault(result, mod);\r\n return result;\r\n };\r\n\r\n __importDefault = function (mod) {\r\n return (mod && mod.__esModule) ? mod : { \"default\": mod };\r\n };\r\n\r\n __classPrivateFieldGet = function (receiver, state, kind, f) {\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a getter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot read private member from an object whose class did not declare it\");\r\n return kind === \"m\" ? f : kind === \"a\" ? f.call(receiver) : f ? f.value : state.get(receiver);\r\n };\r\n\r\n __classPrivateFieldSet = function (receiver, state, value, kind, f) {\r\n if (kind === \"m\") throw new TypeError(\"Private method is not writable\");\r\n if (kind === \"a\" && !f) throw new TypeError(\"Private accessor was defined without a setter\");\r\n if (typeof state === \"function\" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError(\"Cannot write private member to an object whose class did not declare it\");\r\n return (kind === \"a\" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;\r\n };\r\n\r\n exporter(\"__extends\", __extends);\r\n exporter(\"__assign\", __assign);\r\n exporter(\"__rest\", __rest);\r\n exporter(\"__decorate\", __decorate);\r\n exporter(\"__param\", __param);\r\n exporter(\"__metadata\", __metadata);\r\n exporter(\"__awaiter\", __awaiter);\r\n exporter(\"__generator\", __generator);\r\n exporter(\"__exportStar\", __exportStar);\r\n exporter(\"__createBinding\", __createBinding);\r\n exporter(\"__values\", __values);\r\n exporter(\"__read\", __read);\r\n exporter(\"__spread\", __spread);\r\n exporter(\"__spreadArrays\", __spreadArrays);\r\n exporter(\"__spreadArray\", __spreadArray);\r\n exporter(\"__await\", __await);\r\n exporter(\"__asyncGenerator\", __asyncGenerator);\r\n exporter(\"__asyncDelegator\", __asyncDelegator);\r\n exporter(\"__asyncValues\", __asyncValues);\r\n exporter(\"__makeTemplateObject\", __makeTemplateObject);\r\n exporter(\"__importStar\", __importStar);\r\n exporter(\"__importDefault\", __importDefault);\r\n exporter(\"__classPrivateFieldGet\", __classPrivateFieldGet);\r\n exporter(\"__classPrivateFieldSet\", __classPrivateFieldSet);\r\n});\r\n", "/*!\n * clipboard.js v2.0.11\n * https://clipboardjs.com/\n *\n * Licensed MIT \u00A9 Zeno Rocha\n */\n(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory();\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine([], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"ClipboardJS\"] = factory();\n\telse\n\t\troot[\"ClipboardJS\"] = factory();\n})(this, function() {\nreturn /******/ (function() { // webpackBootstrap\n/******/ \tvar __webpack_modules__ = ({\n\n/***/ 686:\n/***/ (function(__unused_webpack_module, __webpack_exports__, __webpack_require__) {\n\n\"use strict\";\n\n// EXPORTS\n__webpack_require__.d(__webpack_exports__, {\n \"default\": function() { return /* binding */ clipboard; }\n});\n\n// EXTERNAL MODULE: ./node_modules/tiny-emitter/index.js\nvar tiny_emitter = __webpack_require__(279);\nvar tiny_emitter_default = /*#__PURE__*/__webpack_require__.n(tiny_emitter);\n// EXTERNAL MODULE: ./node_modules/good-listener/src/listen.js\nvar listen = __webpack_require__(370);\nvar listen_default = /*#__PURE__*/__webpack_require__.n(listen);\n// EXTERNAL MODULE: ./node_modules/select/src/select.js\nvar src_select = __webpack_require__(817);\nvar select_default = /*#__PURE__*/__webpack_require__.n(src_select);\n;// CONCATENATED MODULE: ./src/common/command.js\n/**\n * Executes a given operation type.\n * @param {String} type\n * @return {Boolean}\n */\nfunction command(type) {\n try {\n return document.execCommand(type);\n } catch (err) {\n return false;\n }\n}\n;// CONCATENATED MODULE: ./src/actions/cut.js\n\n\n/**\n * Cut action wrapper.\n * @param {String|HTMLElement} target\n * @return {String}\n */\n\nvar ClipboardActionCut = function ClipboardActionCut(target) {\n var selectedText = select_default()(target);\n command('cut');\n return selectedText;\n};\n\n/* harmony default export */ var actions_cut = (ClipboardActionCut);\n;// CONCATENATED MODULE: ./src/common/create-fake-element.js\n/**\n * Creates a fake textarea element with a value.\n * @param {String} value\n * @return {HTMLElement}\n */\nfunction createFakeElement(value) {\n var isRTL = document.documentElement.getAttribute('dir') === 'rtl';\n var fakeElement = document.createElement('textarea'); // Prevent zooming on iOS\n\n fakeElement.style.fontSize = '12pt'; // Reset box model\n\n fakeElement.style.border = '0';\n fakeElement.style.padding = '0';\n fakeElement.style.margin = '0'; // Move element out of screen horizontally\n\n fakeElement.style.position = 'absolute';\n fakeElement.style[isRTL ? 'right' : 'left'] = '-9999px'; // Move element to the same position vertically\n\n var yPosition = window.pageYOffset || document.documentElement.scrollTop;\n fakeElement.style.top = \"\".concat(yPosition, \"px\");\n fakeElement.setAttribute('readonly', '');\n fakeElement.value = value;\n return fakeElement;\n}\n;// CONCATENATED MODULE: ./src/actions/copy.js\n\n\n\n/**\n * Create fake copy action wrapper using a fake element.\n * @param {String} target\n * @param {Object} options\n * @return {String}\n */\n\nvar fakeCopyAction = function fakeCopyAction(value, options) {\n var fakeElement = createFakeElement(value);\n options.container.appendChild(fakeElement);\n var selectedText = select_default()(fakeElement);\n command('copy');\n fakeElement.remove();\n return selectedText;\n};\n/**\n * Copy action wrapper.\n * @param {String|HTMLElement} target\n * @param {Object} options\n * @return {String}\n */\n\n\nvar ClipboardActionCopy = function ClipboardActionCopy(target) {\n var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {\n container: document.body\n };\n var selectedText = '';\n\n if (typeof target === 'string') {\n selectedText = fakeCopyAction(target, options);\n } else if (target instanceof HTMLInputElement && !['text', 'search', 'url', 'tel', 'password'].includes(target === null || target === void 0 ? void 0 : target.type)) {\n // If input type doesn't support `setSelectionRange`. Simulate it. https://developer.mozilla.org/en-US/docs/Web/API/HTMLInputElement/setSelectionRange\n selectedText = fakeCopyAction(target.value, options);\n } else {\n selectedText = select_default()(target);\n command('copy');\n }\n\n return selectedText;\n};\n\n/* harmony default export */ var actions_copy = (ClipboardActionCopy);\n;// CONCATENATED MODULE: ./src/actions/default.js\nfunction _typeof(obj) { \"@babel/helpers - typeof\"; if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") { _typeof = function _typeof(obj) { return typeof obj; }; } else { _typeof = function _typeof(obj) { return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj; }; } return _typeof(obj); }\n\n\n\n/**\n * Inner function which performs selection from either `text` or `target`\n * properties and then executes copy or cut operations.\n * @param {Object} options\n */\n\nvar ClipboardActionDefault = function ClipboardActionDefault() {\n var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n // Defines base properties passed from constructor.\n var _options$action = options.action,\n action = _options$action === void 0 ? 'copy' : _options$action,\n container = options.container,\n target = options.target,\n text = options.text; // Sets the `action` to be performed which can be either 'copy' or 'cut'.\n\n if (action !== 'copy' && action !== 'cut') {\n throw new Error('Invalid \"action\" value, use either \"copy\" or \"cut\"');\n } // Sets the `target` property using an element that will be have its content copied.\n\n\n if (target !== undefined) {\n if (target && _typeof(target) === 'object' && target.nodeType === 1) {\n if (action === 'copy' && target.hasAttribute('disabled')) {\n throw new Error('Invalid \"target\" attribute. Please use \"readonly\" instead of \"disabled\" attribute');\n }\n\n if (action === 'cut' && (target.hasAttribute('readonly') || target.hasAttribute('disabled'))) {\n throw new Error('Invalid \"target\" attribute. You can\\'t cut text from elements with \"readonly\" or \"disabled\" attributes');\n }\n } else {\n throw new Error('Invalid \"target\" value, use a valid Element');\n }\n } // Define selection strategy based on `text` property.\n\n\n if (text) {\n return actions_copy(text, {\n container: container\n });\n } // Defines which selection strategy based on `target` property.\n\n\n if (target) {\n return action === 'cut' ? actions_cut(target) : actions_copy(target, {\n container: container\n });\n }\n};\n\n/* harmony default export */ var actions_default = (ClipboardActionDefault);\n;// CONCATENATED MODULE: ./src/clipboard.js\nfunction clipboard_typeof(obj) { \"@babel/helpers - typeof\"; if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") { clipboard_typeof = function _typeof(obj) { return typeof obj; }; } else { clipboard_typeof = function _typeof(obj) { return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj; }; } return clipboard_typeof(obj); }\n\nfunction _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError(\"Cannot call a class as a function\"); } }\n\nfunction _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if (\"value\" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } }\n\nfunction _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); return Constructor; }\n\nfunction _inherits(subClass, superClass) { if (typeof superClass !== \"function\" && superClass !== null) { throw new TypeError(\"Super expression must either be null or a function\"); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, writable: true, configurable: true } }); if (superClass) _setPrototypeOf(subClass, superClass); }\n\nfunction _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf || function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); }\n\nfunction _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }\n\nfunction _possibleConstructorReturn(self, call) { if (call && (clipboard_typeof(call) === \"object\" || typeof call === \"function\")) { return call; } return _assertThisInitialized(self); }\n\nfunction _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError(\"this hasn't been initialised - super() hasn't been called\"); } return self; }\n\nfunction _isNativeReflectConstruct() { if (typeof Reflect === \"undefined\" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === \"function\") return true; try { Date.prototype.toString.call(Reflect.construct(Date, [], function () {})); return true; } catch (e) { return false; } }\n\nfunction _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }\n\n\n\n\n\n\n/**\n * Helper function to retrieve attribute value.\n * @param {String} suffix\n * @param {Element} element\n */\n\nfunction getAttributeValue(suffix, element) {\n var attribute = \"data-clipboard-\".concat(suffix);\n\n if (!element.hasAttribute(attribute)) {\n return;\n }\n\n return element.getAttribute(attribute);\n}\n/**\n * Base class which takes one or more elements, adds event listeners to them,\n * and instantiates a new `ClipboardAction` on each click.\n */\n\n\nvar Clipboard = /*#__PURE__*/function (_Emitter) {\n _inherits(Clipboard, _Emitter);\n\n var _super = _createSuper(Clipboard);\n\n /**\n * @param {String|HTMLElement|HTMLCollection|NodeList} trigger\n * @param {Object} options\n */\n function Clipboard(trigger, options) {\n var _this;\n\n _classCallCheck(this, Clipboard);\n\n _this = _super.call(this);\n\n _this.resolveOptions(options);\n\n _this.listenClick(trigger);\n\n return _this;\n }\n /**\n * Defines if attributes would be resolved using internal setter functions\n * or custom functions that were passed in the constructor.\n * @param {Object} options\n */\n\n\n _createClass(Clipboard, [{\n key: \"resolveOptions\",\n value: function resolveOptions() {\n var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};\n this.action = typeof options.action === 'function' ? options.action : this.defaultAction;\n this.target = typeof options.target === 'function' ? options.target : this.defaultTarget;\n this.text = typeof options.text === 'function' ? options.text : this.defaultText;\n this.container = clipboard_typeof(options.container) === 'object' ? options.container : document.body;\n }\n /**\n * Adds a click event listener to the passed trigger.\n * @param {String|HTMLElement|HTMLCollection|NodeList} trigger\n */\n\n }, {\n key: \"listenClick\",\n value: function listenClick(trigger) {\n var _this2 = this;\n\n this.listener = listen_default()(trigger, 'click', function (e) {\n return _this2.onClick(e);\n });\n }\n /**\n * Defines a new `ClipboardAction` on each click event.\n * @param {Event} e\n */\n\n }, {\n key: \"onClick\",\n value: function onClick(e) {\n var trigger = e.delegateTarget || e.currentTarget;\n var action = this.action(trigger) || 'copy';\n var text = actions_default({\n action: action,\n container: this.container,\n target: this.target(trigger),\n text: this.text(trigger)\n }); // Fires an event based on the copy operation result.\n\n this.emit(text ? 'success' : 'error', {\n action: action,\n text: text,\n trigger: trigger,\n clearSelection: function clearSelection() {\n if (trigger) {\n trigger.focus();\n }\n\n window.getSelection().removeAllRanges();\n }\n });\n }\n /**\n * Default `action` lookup function.\n * @param {Element} trigger\n */\n\n }, {\n key: \"defaultAction\",\n value: function defaultAction(trigger) {\n return getAttributeValue('action', trigger);\n }\n /**\n * Default `target` lookup function.\n * @param {Element} trigger\n */\n\n }, {\n key: \"defaultTarget\",\n value: function defaultTarget(trigger) {\n var selector = getAttributeValue('target', trigger);\n\n if (selector) {\n return document.querySelector(selector);\n }\n }\n /**\n * Allow fire programmatically a copy action\n * @param {String|HTMLElement} target\n * @param {Object} options\n * @returns Text copied.\n */\n\n }, {\n key: \"defaultText\",\n\n /**\n * Default `text` lookup function.\n * @param {Element} trigger\n */\n value: function defaultText(trigger) {\n return getAttributeValue('text', trigger);\n }\n /**\n * Destroy lifecycle.\n */\n\n }, {\n key: \"destroy\",\n value: function destroy() {\n this.listener.destroy();\n }\n }], [{\n key: \"copy\",\n value: function copy(target) {\n var options = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {\n container: document.body\n };\n return actions_copy(target, options);\n }\n /**\n * Allow fire programmatically a cut action\n * @param {String|HTMLElement} target\n * @returns Text cutted.\n */\n\n }, {\n key: \"cut\",\n value: function cut(target) {\n return actions_cut(target);\n }\n /**\n * Returns the support of the given action, or all actions if no action is\n * given.\n * @param {String} [action]\n */\n\n }, {\n key: \"isSupported\",\n value: function isSupported() {\n var action = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : ['copy', 'cut'];\n var actions = typeof action === 'string' ? [action] : action;\n var support = !!document.queryCommandSupported;\n actions.forEach(function (action) {\n support = support && !!document.queryCommandSupported(action);\n });\n return support;\n }\n }]);\n\n return Clipboard;\n}((tiny_emitter_default()));\n\n/* harmony default export */ var clipboard = (Clipboard);\n\n/***/ }),\n\n/***/ 828:\n/***/ (function(module) {\n\nvar DOCUMENT_NODE_TYPE = 9;\n\n/**\n * A polyfill for Element.matches()\n */\nif (typeof Element !== 'undefined' && !Element.prototype.matches) {\n var proto = Element.prototype;\n\n proto.matches = proto.matchesSelector ||\n proto.mozMatchesSelector ||\n proto.msMatchesSelector ||\n proto.oMatchesSelector ||\n proto.webkitMatchesSelector;\n}\n\n/**\n * Finds the closest parent that matches a selector.\n *\n * @param {Element} element\n * @param {String} selector\n * @return {Function}\n */\nfunction closest (element, selector) {\n while (element && element.nodeType !== DOCUMENT_NODE_TYPE) {\n if (typeof element.matches === 'function' &&\n element.matches(selector)) {\n return element;\n }\n element = element.parentNode;\n }\n}\n\nmodule.exports = closest;\n\n\n/***/ }),\n\n/***/ 438:\n/***/ (function(module, __unused_webpack_exports, __webpack_require__) {\n\nvar closest = __webpack_require__(828);\n\n/**\n * Delegates event to a selector.\n *\n * @param {Element} element\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @param {Boolean} useCapture\n * @return {Object}\n */\nfunction _delegate(element, selector, type, callback, useCapture) {\n var listenerFn = listener.apply(this, arguments);\n\n element.addEventListener(type, listenerFn, useCapture);\n\n return {\n destroy: function() {\n element.removeEventListener(type, listenerFn, useCapture);\n }\n }\n}\n\n/**\n * Delegates event to a selector.\n *\n * @param {Element|String|Array} [elements]\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @param {Boolean} useCapture\n * @return {Object}\n */\nfunction delegate(elements, selector, type, callback, useCapture) {\n // Handle the regular Element usage\n if (typeof elements.addEventListener === 'function') {\n return _delegate.apply(null, arguments);\n }\n\n // Handle Element-less usage, it defaults to global delegation\n if (typeof type === 'function') {\n // Use `document` as the first parameter, then apply arguments\n // This is a short way to .unshift `arguments` without running into deoptimizations\n return _delegate.bind(null, document).apply(null, arguments);\n }\n\n // Handle Selector-based usage\n if (typeof elements === 'string') {\n elements = document.querySelectorAll(elements);\n }\n\n // Handle Array-like based usage\n return Array.prototype.map.call(elements, function (element) {\n return _delegate(element, selector, type, callback, useCapture);\n });\n}\n\n/**\n * Finds closest match and invokes callback.\n *\n * @param {Element} element\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @return {Function}\n */\nfunction listener(element, selector, type, callback) {\n return function(e) {\n e.delegateTarget = closest(e.target, selector);\n\n if (e.delegateTarget) {\n callback.call(element, e);\n }\n }\n}\n\nmodule.exports = delegate;\n\n\n/***/ }),\n\n/***/ 879:\n/***/ (function(__unused_webpack_module, exports) {\n\n/**\n * Check if argument is a HTML element.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.node = function(value) {\n return value !== undefined\n && value instanceof HTMLElement\n && value.nodeType === 1;\n};\n\n/**\n * Check if argument is a list of HTML elements.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.nodeList = function(value) {\n var type = Object.prototype.toString.call(value);\n\n return value !== undefined\n && (type === '[object NodeList]' || type === '[object HTMLCollection]')\n && ('length' in value)\n && (value.length === 0 || exports.node(value[0]));\n};\n\n/**\n * Check if argument is a string.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.string = function(value) {\n return typeof value === 'string'\n || value instanceof String;\n};\n\n/**\n * Check if argument is a function.\n *\n * @param {Object} value\n * @return {Boolean}\n */\nexports.fn = function(value) {\n var type = Object.prototype.toString.call(value);\n\n return type === '[object Function]';\n};\n\n\n/***/ }),\n\n/***/ 370:\n/***/ (function(module, __unused_webpack_exports, __webpack_require__) {\n\nvar is = __webpack_require__(879);\nvar delegate = __webpack_require__(438);\n\n/**\n * Validates all params and calls the right\n * listener function based on its target type.\n *\n * @param {String|HTMLElement|HTMLCollection|NodeList} target\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listen(target, type, callback) {\n if (!target && !type && !callback) {\n throw new Error('Missing required arguments');\n }\n\n if (!is.string(type)) {\n throw new TypeError('Second argument must be a String');\n }\n\n if (!is.fn(callback)) {\n throw new TypeError('Third argument must be a Function');\n }\n\n if (is.node(target)) {\n return listenNode(target, type, callback);\n }\n else if (is.nodeList(target)) {\n return listenNodeList(target, type, callback);\n }\n else if (is.string(target)) {\n return listenSelector(target, type, callback);\n }\n else {\n throw new TypeError('First argument must be a String, HTMLElement, HTMLCollection, or NodeList');\n }\n}\n\n/**\n * Adds an event listener to a HTML element\n * and returns a remove listener function.\n *\n * @param {HTMLElement} node\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenNode(node, type, callback) {\n node.addEventListener(type, callback);\n\n return {\n destroy: function() {\n node.removeEventListener(type, callback);\n }\n }\n}\n\n/**\n * Add an event listener to a list of HTML elements\n * and returns a remove listener function.\n *\n * @param {NodeList|HTMLCollection} nodeList\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenNodeList(nodeList, type, callback) {\n Array.prototype.forEach.call(nodeList, function(node) {\n node.addEventListener(type, callback);\n });\n\n return {\n destroy: function() {\n Array.prototype.forEach.call(nodeList, function(node) {\n node.removeEventListener(type, callback);\n });\n }\n }\n}\n\n/**\n * Add an event listener to a selector\n * and returns a remove listener function.\n *\n * @param {String} selector\n * @param {String} type\n * @param {Function} callback\n * @return {Object}\n */\nfunction listenSelector(selector, type, callback) {\n return delegate(document.body, selector, type, callback);\n}\n\nmodule.exports = listen;\n\n\n/***/ }),\n\n/***/ 817:\n/***/ (function(module) {\n\nfunction select(element) {\n var selectedText;\n\n if (element.nodeName === 'SELECT') {\n element.focus();\n\n selectedText = element.value;\n }\n else if (element.nodeName === 'INPUT' || element.nodeName === 'TEXTAREA') {\n var isReadOnly = element.hasAttribute('readonly');\n\n if (!isReadOnly) {\n element.setAttribute('readonly', '');\n }\n\n element.select();\n element.setSelectionRange(0, element.value.length);\n\n if (!isReadOnly) {\n element.removeAttribute('readonly');\n }\n\n selectedText = element.value;\n }\n else {\n if (element.hasAttribute('contenteditable')) {\n element.focus();\n }\n\n var selection = window.getSelection();\n var range = document.createRange();\n\n range.selectNodeContents(element);\n selection.removeAllRanges();\n selection.addRange(range);\n\n selectedText = selection.toString();\n }\n\n return selectedText;\n}\n\nmodule.exports = select;\n\n\n/***/ }),\n\n/***/ 279:\n/***/ (function(module) {\n\nfunction E () {\n // Keep this empty so it's easier to inherit from\n // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n on: function (name, callback, ctx) {\n var e = this.e || (this.e = {});\n\n (e[name] || (e[name] = [])).push({\n fn: callback,\n ctx: ctx\n });\n\n return this;\n },\n\n once: function (name, callback, ctx) {\n var self = this;\n function listener () {\n self.off(name, listener);\n callback.apply(ctx, arguments);\n };\n\n listener._ = callback\n return this.on(name, listener, ctx);\n },\n\n emit: function (name) {\n var data = [].slice.call(arguments, 1);\n var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n var i = 0;\n var len = evtArr.length;\n\n for (i; i < len; i++) {\n evtArr[i].fn.apply(evtArr[i].ctx, data);\n }\n\n return this;\n },\n\n off: function (name, callback) {\n var e = this.e || (this.e = {});\n var evts = e[name];\n var liveEvents = [];\n\n if (evts && callback) {\n for (var i = 0, len = evts.length; i < len; i++) {\n if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n liveEvents.push(evts[i]);\n }\n }\n\n // Remove event from queue to prevent memory leak\n // Suggested by https://github.com/lazd\n // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n (liveEvents.length)\n ? e[name] = liveEvents\n : delete e[name];\n\n return this;\n }\n};\n\nmodule.exports = E;\nmodule.exports.TinyEmitter = E;\n\n\n/***/ })\n\n/******/ \t});\n/************************************************************************/\n/******/ \t// The module cache\n/******/ \tvar __webpack_module_cache__ = {};\n/******/ \t\n/******/ \t// The require function\n/******/ \tfunction __webpack_require__(moduleId) {\n/******/ \t\t// Check if module is in cache\n/******/ \t\tif(__webpack_module_cache__[moduleId]) {\n/******/ \t\t\treturn __webpack_module_cache__[moduleId].exports;\n/******/ \t\t}\n/******/ \t\t// Create a new module (and put it into the cache)\n/******/ \t\tvar module = __webpack_module_cache__[moduleId] = {\n/******/ \t\t\t// no module.id needed\n/******/ \t\t\t// no module.loaded needed\n/******/ \t\t\texports: {}\n/******/ \t\t};\n/******/ \t\n/******/ \t\t// Execute the module function\n/******/ \t\t__webpack_modules__[moduleId](module, module.exports, __webpack_require__);\n/******/ \t\n/******/ \t\t// Return the exports of the module\n/******/ \t\treturn module.exports;\n/******/ \t}\n/******/ \t\n/************************************************************************/\n/******/ \t/* webpack/runtime/compat get default export */\n/******/ \t!function() {\n/******/ \t\t// getDefaultExport function for compatibility with non-harmony modules\n/******/ \t\t__webpack_require__.n = function(module) {\n/******/ \t\t\tvar getter = module && module.__esModule ?\n/******/ \t\t\t\tfunction() { return module['default']; } :\n/******/ \t\t\t\tfunction() { return module; };\n/******/ \t\t\t__webpack_require__.d(getter, { a: getter });\n/******/ \t\t\treturn getter;\n/******/ \t\t};\n/******/ \t}();\n/******/ \t\n/******/ \t/* webpack/runtime/define property getters */\n/******/ \t!function() {\n/******/ \t\t// define getter functions for harmony exports\n/******/ \t\t__webpack_require__.d = function(exports, definition) {\n/******/ \t\t\tfor(var key in definition) {\n/******/ \t\t\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n/******/ \t\t\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n/******/ \t\t\t\t}\n/******/ \t\t\t}\n/******/ \t\t};\n/******/ \t}();\n/******/ \t\n/******/ \t/* webpack/runtime/hasOwnProperty shorthand */\n/******/ \t!function() {\n/******/ \t\t__webpack_require__.o = function(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); }\n/******/ \t}();\n/******/ \t\n/************************************************************************/\n/******/ \t// module exports must be returned from runtime so entry inlining is disabled\n/******/ \t// startup\n/******/ \t// Load entry module and return exports\n/******/ \treturn __webpack_require__(686);\n/******/ })()\n.default;\n});", "/*!\n * escape-html\n * Copyright(c) 2012-2013 TJ Holowaychuk\n * Copyright(c) 2015 Andreas Lubbe\n * Copyright(c) 2015 Tiancheng \"Timothy\" Gu\n * MIT Licensed\n */\n\n'use strict';\n\n/**\n * Module variables.\n * @private\n */\n\nvar matchHtmlRegExp = /[\"'&<>]/;\n\n/**\n * Module exports.\n * @public\n */\n\nmodule.exports = escapeHtml;\n\n/**\n * Escape special characters in the given string of html.\n *\n * @param {string} string The string to escape for inserting into HTML\n * @return {string}\n * @public\n */\n\nfunction escapeHtml(string) {\n var str = '' + string;\n var match = matchHtmlRegExp.exec(str);\n\n if (!match) {\n return str;\n }\n\n var escape;\n var html = '';\n var index = 0;\n var lastIndex = 0;\n\n for (index = match.index; index < str.length; index++) {\n switch (str.charCodeAt(index)) {\n case 34: // \"\n escape = '"';\n break;\n case 38: // &\n escape = '&';\n break;\n case 39: // '\n escape = ''';\n break;\n case 60: // <\n escape = '<';\n break;\n case 62: // >\n escape = '>';\n break;\n default:\n continue;\n }\n\n if (lastIndex !== index) {\n html += str.substring(lastIndex, index);\n }\n\n lastIndex = index + 1;\n html += escape;\n }\n\n return lastIndex !== index\n ? html + str.substring(lastIndex, index)\n : html;\n}\n", "Array.prototype.flat||Object.defineProperty(Array.prototype,\"flat\",{configurable:!0,value:function r(){var t=isNaN(arguments[0])?1:Number(arguments[0]);return t?Array.prototype.reduce.call(this,function(a,e){return Array.isArray(e)?a.push.apply(a,r.call(e,t-1)):a.push(e),a},[]):Array.prototype.slice.call(this)},writable:!0}),Array.prototype.flatMap||Object.defineProperty(Array.prototype,\"flatMap\",{configurable:!0,value:function(r){return Array.prototype.map.apply(this,arguments).flat()},writable:!0})\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport \"array-flat-polyfill\"\nimport \"focus-visible\"\nimport \"unfetch/polyfill\"\nimport \"url-polyfill\"\n\nimport {\n EMPTY,\n NEVER,\n Subject,\n defer,\n delay,\n filter,\n map,\n merge,\n mergeWith,\n shareReplay,\n switchMap\n} from \"rxjs\"\n\nimport { configuration, feature } from \"./_\"\nimport {\n at,\n getOptionalElement,\n requestJSON,\n setToggle,\n watchDocument,\n watchKeyboard,\n watchLocation,\n watchLocationTarget,\n watchMedia,\n watchPrint,\n watchViewport\n} from \"./browser\"\nimport {\n getComponentElement,\n getComponentElements,\n mountAnnounce,\n mountBackToTop,\n mountConsent,\n mountContent,\n mountDialog,\n mountHeader,\n mountHeaderTitle,\n mountPalette,\n mountSearch,\n mountSearchHiglight,\n mountSidebar,\n mountSource,\n mountTableOfContents,\n mountTabs,\n watchHeader,\n watchMain\n} from \"./components\"\nimport {\n SearchIndex,\n setupClipboardJS,\n setupInstantLoading,\n setupVersionSelector\n} from \"./integrations\"\nimport {\n patchIndeterminate,\n patchScrollfix,\n patchScrolllock\n} from \"./patches\"\nimport \"./polyfills\"\n\n/* ----------------------------------------------------------------------------\n * Application\n * ------------------------------------------------------------------------- */\n\n/* Yay, JavaScript is available */\ndocument.documentElement.classList.remove(\"no-js\")\ndocument.documentElement.classList.add(\"js\")\n\n/* Set up navigation observables and subjects */\nconst document$ = watchDocument()\nconst location$ = watchLocation()\nconst target$ = watchLocationTarget()\nconst keyboard$ = watchKeyboard()\n\n/* Set up media observables */\nconst viewport$ = watchViewport()\nconst tablet$ = watchMedia(\"(min-width: 960px)\")\nconst screen$ = watchMedia(\"(min-width: 1220px)\")\nconst print$ = watchPrint()\n\n/* Retrieve search index, if search is enabled */\nconst config = configuration()\nconst index$ = document.forms.namedItem(\"search\")\n ? __search?.index || requestJSON(\n new URL(\"search/search_index.json\", config.base)\n )\n : NEVER\n\n/* Set up Clipboard.js integration */\nconst alert$ = new Subject()\nsetupClipboardJS({ alert$ })\n\n/* Set up instant loading, if enabled */\nif (feature(\"navigation.instant\"))\n setupInstantLoading({ document$, location$, viewport$ })\n\n/* Set up version selector */\nif (config.version?.provider === \"mike\")\n setupVersionSelector({ document$ })\n\n/* Always close drawer and search on navigation */\nmerge(location$, target$)\n .pipe(\n delay(125)\n )\n .subscribe(() => {\n setToggle(\"drawer\", false)\n setToggle(\"search\", false)\n })\n\n/* Set up global keyboard handlers */\nkeyboard$\n .pipe(\n filter(({ mode }) => mode === \"global\")\n )\n .subscribe(key => {\n switch (key.type) {\n\n /* Go to previous page */\n case \"p\":\n case \",\":\n const prev = getOptionalElement(\"[href][rel=prev]\")\n if (typeof prev !== \"undefined\")\n prev.click()\n break\n\n /* Go to next page */\n case \"n\":\n case \".\":\n const next = getOptionalElement(\"[href][rel=next]\")\n if (typeof next !== \"undefined\")\n next.click()\n break\n }\n })\n\n/* Set up patches */\npatchIndeterminate({ document$, tablet$ })\npatchScrollfix({ document$ })\npatchScrolllock({ viewport$, tablet$ })\n\n/* Set up header and main area observable */\nconst header$ = watchHeader(getComponentElement(\"header\"), { viewport$ })\nconst main$ = document$\n .pipe(\n map(() => getComponentElement(\"main\")),\n switchMap(el => watchMain(el, { viewport$, header$ })),\n shareReplay(1)\n )\n\n/* Set up control component observables */\nconst control$ = merge(\n\n /* Consent */\n ...getComponentElements(\"consent\")\n .map(el => mountConsent(el, { target$ })),\n\n /* Dialog */\n ...getComponentElements(\"dialog\")\n .map(el => mountDialog(el, { alert$ })),\n\n /* Header */\n ...getComponentElements(\"header\")\n .map(el => mountHeader(el, { viewport$, header$, main$ })),\n\n /* Color palette */\n ...getComponentElements(\"palette\")\n .map(el => mountPalette(el)),\n\n /* Search */\n ...getComponentElements(\"search\")\n .map(el => mountSearch(el, { index$, keyboard$ })),\n\n /* Repository information */\n ...getComponentElements(\"source\")\n .map(el => mountSource(el))\n)\n\n/* Set up content component observables */\nconst content$ = defer(() => merge(\n\n /* Announcement bar */\n ...getComponentElements(\"announce\")\n .map(el => mountAnnounce(el)),\n\n /* Content */\n ...getComponentElements(\"content\")\n .map(el => mountContent(el, { viewport$, target$, print$ })),\n\n /* Search highlighting */\n ...getComponentElements(\"content\")\n .map(el => feature(\"search.highlight\")\n ? mountSearchHiglight(el, { index$, location$ })\n : EMPTY\n ),\n\n /* Header title */\n ...getComponentElements(\"header-title\")\n .map(el => mountHeaderTitle(el, { viewport$, header$ })),\n\n /* Sidebar */\n ...getComponentElements(\"sidebar\")\n .map(el => el.getAttribute(\"data-md-type\") === \"navigation\"\n ? at(screen$, () => mountSidebar(el, { viewport$, header$, main$ }))\n : at(tablet$, () => mountSidebar(el, { viewport$, header$, main$ }))\n ),\n\n /* Navigation tabs */\n ...getComponentElements(\"tabs\")\n .map(el => mountTabs(el, { viewport$, header$ })),\n\n /* Table of contents */\n ...getComponentElements(\"toc\")\n .map(el => mountTableOfContents(el, { viewport$, header$, target$ })),\n\n /* Back-to-top button */\n ...getComponentElements(\"top\")\n .map(el => mountBackToTop(el, { viewport$, header$, main$, target$ }))\n))\n\n/* Set up component observables */\nconst component$ = document$\n .pipe(\n switchMap(() => content$),\n mergeWith(control$),\n shareReplay(1)\n )\n\n/* Subscribe to all components */\ncomponent$.subscribe()\n\n/* ----------------------------------------------------------------------------\n * Exports\n * ------------------------------------------------------------------------- */\n\nwindow.document$ = document$ /* Document observable */\nwindow.location$ = location$ /* Location subject */\nwindow.target$ = target$ /* Location target observable */\nwindow.keyboard$ = keyboard$ /* Keyboard observable */\nwindow.viewport$ = viewport$ /* Viewport observable */\nwindow.tablet$ = tablet$ /* Media tablet observable */\nwindow.screen$ = screen$ /* Media screen observable */\nwindow.print$ = print$ /* Media print observable */\nwindow.alert$ = alert$ /* Alert subject */\nwindow.component$ = component$ /* Component observable */\n", "self.fetch||(self.fetch=function(e,n){return n=n||{},new Promise(function(t,s){var r=new XMLHttpRequest,o=[],u=[],i={},a=function(){return{ok:2==(r.status/100|0),statusText:r.statusText,status:r.status,url:r.responseURL,text:function(){return Promise.resolve(r.responseText)},json:function(){return Promise.resolve(r.responseText).then(JSON.parse)},blob:function(){return Promise.resolve(new Blob([r.response]))},clone:a,headers:{keys:function(){return o},entries:function(){return u},get:function(e){return i[e.toLowerCase()]},has:function(e){return e.toLowerCase()in i}}}};for(var c in r.open(n.method||\"get\",e,!0),r.onload=function(){r.getAllResponseHeaders().replace(/^(.*?):[^\\S\\n]*([\\s\\S]*?)$/gm,function(e,n,t){o.push(n=n.toLowerCase()),u.push([n,t]),i[n]=i[n]?i[n]+\",\"+t:t}),t(a())},r.onerror=s,r.withCredentials=\"include\"==n.credentials,n.headers)r.setRequestHeader(c,n.headers[c]);r.send(n.body||null)})});\n", "import tslib from '../tslib.js';\r\nconst {\r\n __extends,\r\n __assign,\r\n __rest,\r\n __decorate,\r\n __param,\r\n __metadata,\r\n __awaiter,\r\n __generator,\r\n __exportStar,\r\n __createBinding,\r\n __values,\r\n __read,\r\n __spread,\r\n __spreadArrays,\r\n __spreadArray,\r\n __await,\r\n __asyncGenerator,\r\n __asyncDelegator,\r\n __asyncValues,\r\n __makeTemplateObject,\r\n __importStar,\r\n __importDefault,\r\n __classPrivateFieldGet,\r\n __classPrivateFieldSet,\r\n} = tslib;\r\nexport {\r\n __extends,\r\n __assign,\r\n __rest,\r\n __decorate,\r\n __param,\r\n __metadata,\r\n __awaiter,\r\n __generator,\r\n __exportStar,\r\n __createBinding,\r\n __values,\r\n __read,\r\n __spread,\r\n __spreadArrays,\r\n __spreadArray,\r\n __await,\r\n __asyncGenerator,\r\n __asyncDelegator,\r\n __asyncValues,\r\n __makeTemplateObject,\r\n __importStar,\r\n __importDefault,\r\n __classPrivateFieldGet,\r\n __classPrivateFieldSet,\r\n};\r\n", null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n ReplaySubject,\n Subject,\n fromEvent\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch document\n *\n * Documents are implemented as subjects, so all downstream observables are\n * automatically updated when a new document is emitted.\n *\n * @returns Document subject\n */\nexport function watchDocument(): Subject {\n const document$ = new ReplaySubject(1)\n fromEvent(document, \"DOMContentLoaded\", { once: true })\n .subscribe(() => document$.next(document))\n\n /* Return document */\n return document$\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve all elements matching the query selector\n *\n * @template T - Element type\n *\n * @param selector - Query selector\n * @param node - Node of reference\n *\n * @returns Elements\n */\nexport function getElements(\n selector: T, node?: ParentNode\n): HTMLElementTagNameMap[T][]\n\nexport function getElements(\n selector: string, node?: ParentNode\n): T[]\n\nexport function getElements(\n selector: string, node: ParentNode = document\n): T[] {\n return Array.from(node.querySelectorAll(selector))\n}\n\n/**\n * Retrieve an element matching a query selector or throw a reference error\n *\n * Note that this function assumes that the element is present. If unsure if an\n * element is existent, use the `getOptionalElement` function instead.\n *\n * @template T - Element type\n *\n * @param selector - Query selector\n * @param node - Node of reference\n *\n * @returns Element\n */\nexport function getElement(\n selector: T, node?: ParentNode\n): HTMLElementTagNameMap[T]\n\nexport function getElement(\n selector: string, node?: ParentNode\n): T\n\nexport function getElement(\n selector: string, node: ParentNode = document\n): T {\n const el = getOptionalElement(selector, node)\n if (typeof el === \"undefined\")\n throw new ReferenceError(\n `Missing element: expected \"${selector}\" to be present`\n )\n\n /* Return element */\n return el\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Retrieve an optional element matching the query selector\n *\n * @template T - Element type\n *\n * @param selector - Query selector\n * @param node - Node of reference\n *\n * @returns Element or nothing\n */\nexport function getOptionalElement(\n selector: T, node?: ParentNode\n): HTMLElementTagNameMap[T] | undefined\n\nexport function getOptionalElement(\n selector: string, node?: ParentNode\n): T | undefined\n\nexport function getOptionalElement(\n selector: string, node: ParentNode = document\n): T | undefined {\n return node.querySelector(selector) || undefined\n}\n\n/**\n * Retrieve the currently active element\n *\n * @returns Element or nothing\n */\nexport function getActiveElement(): HTMLElement | undefined {\n return document.activeElement instanceof HTMLElement\n ? document.activeElement || undefined\n : undefined\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n debounceTime,\n distinctUntilChanged,\n fromEvent,\n map,\n merge,\n startWith\n} from \"rxjs\"\n\nimport { getActiveElement } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch element focus\n *\n * Previously, this function used `focus` and `blur` events to determine whether\n * an element is focused, but this doesn't work if there are focusable elements\n * within the elements itself. A better solutions are `focusin` and `focusout`\n * events, which bubble up the tree and allow for more fine-grained control.\n *\n * `debounceTime` is necessary, because when a focus change happens inside an\n * element, the observable would first emit `false` and then `true` again.\n *\n * @param el - Element\n *\n * @returns Element focus observable\n */\nexport function watchElementFocus(\n el: HTMLElement\n): Observable {\n return merge(\n fromEvent(document.body, \"focusin\"),\n fromEvent(document.body, \"focusout\")\n )\n .pipe(\n debounceTime(1),\n map(() => {\n const active = getActiveElement()\n return typeof active !== \"undefined\"\n ? el.contains(active)\n : false\n }),\n startWith(el === getActiveElement()),\n distinctUntilChanged()\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n animationFrameScheduler,\n auditTime,\n fromEvent,\n map,\n merge,\n startWith\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Element offset\n */\nexport interface ElementOffset {\n x: number /* Horizontal offset */\n y: number /* Vertical offset */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve element offset\n *\n * @param el - Element\n *\n * @returns Element offset\n */\nexport function getElementOffset(\n el: HTMLElement\n): ElementOffset {\n return {\n x: el.offsetLeft,\n y: el.offsetTop\n }\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch element offset\n *\n * @param el - Element\n *\n * @returns Element offset observable\n */\nexport function watchElementOffset(\n el: HTMLElement\n): Observable {\n return merge(\n fromEvent(window, \"load\"),\n fromEvent(window, \"resize\")\n )\n .pipe(\n auditTime(0, animationFrameScheduler),\n map(() => getElementOffset(el)),\n startWith(getElementOffset(el))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n animationFrameScheduler,\n auditTime,\n fromEvent,\n map,\n merge,\n startWith\n} from \"rxjs\"\n\nimport { ElementOffset } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve element content offset (= scroll offset)\n *\n * @param el - Element\n *\n * @returns Element content offset\n */\nexport function getElementContentOffset(\n el: HTMLElement\n): ElementOffset {\n return {\n x: el.scrollLeft,\n y: el.scrollTop\n }\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch element content offset\n *\n * @param el - Element\n *\n * @returns Element content offset observable\n */\nexport function watchElementContentOffset(\n el: HTMLElement\n): Observable {\n return merge(\n fromEvent(el, \"scroll\"),\n fromEvent(window, \"resize\")\n )\n .pipe(\n auditTime(0, animationFrameScheduler),\n map(() => getElementContentOffset(el)),\n startWith(getElementContentOffset(el))\n )\n}\n", "/**\r\n * A collection of shims that provide minimal functionality of the ES6 collections.\r\n *\r\n * These implementations are not meant to be used outside of the ResizeObserver\r\n * modules as they cover only a limited range of use cases.\r\n */\r\n/* eslint-disable require-jsdoc, valid-jsdoc */\r\nvar MapShim = (function () {\r\n if (typeof Map !== 'undefined') {\r\n return Map;\r\n }\r\n /**\r\n * Returns index in provided array that matches the specified key.\r\n *\r\n * @param {Array} arr\r\n * @param {*} key\r\n * @returns {number}\r\n */\r\n function getIndex(arr, key) {\r\n var result = -1;\r\n arr.some(function (entry, index) {\r\n if (entry[0] === key) {\r\n result = index;\r\n return true;\r\n }\r\n return false;\r\n });\r\n return result;\r\n }\r\n return /** @class */ (function () {\r\n function class_1() {\r\n this.__entries__ = [];\r\n }\r\n Object.defineProperty(class_1.prototype, \"size\", {\r\n /**\r\n * @returns {boolean}\r\n */\r\n get: function () {\r\n return this.__entries__.length;\r\n },\r\n enumerable: true,\r\n configurable: true\r\n });\r\n /**\r\n * @param {*} key\r\n * @returns {*}\r\n */\r\n class_1.prototype.get = function (key) {\r\n var index = getIndex(this.__entries__, key);\r\n var entry = this.__entries__[index];\r\n return entry && entry[1];\r\n };\r\n /**\r\n * @param {*} key\r\n * @param {*} value\r\n * @returns {void}\r\n */\r\n class_1.prototype.set = function (key, value) {\r\n var index = getIndex(this.__entries__, key);\r\n if (~index) {\r\n this.__entries__[index][1] = value;\r\n }\r\n else {\r\n this.__entries__.push([key, value]);\r\n }\r\n };\r\n /**\r\n * @param {*} key\r\n * @returns {void}\r\n */\r\n class_1.prototype.delete = function (key) {\r\n var entries = this.__entries__;\r\n var index = getIndex(entries, key);\r\n if (~index) {\r\n entries.splice(index, 1);\r\n }\r\n };\r\n /**\r\n * @param {*} key\r\n * @returns {void}\r\n */\r\n class_1.prototype.has = function (key) {\r\n return !!~getIndex(this.__entries__, key);\r\n };\r\n /**\r\n * @returns {void}\r\n */\r\n class_1.prototype.clear = function () {\r\n this.__entries__.splice(0);\r\n };\r\n /**\r\n * @param {Function} callback\r\n * @param {*} [ctx=null]\r\n * @returns {void}\r\n */\r\n class_1.prototype.forEach = function (callback, ctx) {\r\n if (ctx === void 0) { ctx = null; }\r\n for (var _i = 0, _a = this.__entries__; _i < _a.length; _i++) {\r\n var entry = _a[_i];\r\n callback.call(ctx, entry[1], entry[0]);\r\n }\r\n };\r\n return class_1;\r\n }());\r\n})();\n\n/**\r\n * Detects whether window and document objects are available in current environment.\r\n */\r\nvar isBrowser = typeof window !== 'undefined' && typeof document !== 'undefined' && window.document === document;\n\n// Returns global object of a current environment.\r\nvar global$1 = (function () {\r\n if (typeof global !== 'undefined' && global.Math === Math) {\r\n return global;\r\n }\r\n if (typeof self !== 'undefined' && self.Math === Math) {\r\n return self;\r\n }\r\n if (typeof window !== 'undefined' && window.Math === Math) {\r\n return window;\r\n }\r\n // eslint-disable-next-line no-new-func\r\n return Function('return this')();\r\n})();\n\n/**\r\n * A shim for the requestAnimationFrame which falls back to the setTimeout if\r\n * first one is not supported.\r\n *\r\n * @returns {number} Requests' identifier.\r\n */\r\nvar requestAnimationFrame$1 = (function () {\r\n if (typeof requestAnimationFrame === 'function') {\r\n // It's required to use a bounded function because IE sometimes throws\r\n // an \"Invalid calling object\" error if rAF is invoked without the global\r\n // object on the left hand side.\r\n return requestAnimationFrame.bind(global$1);\r\n }\r\n return function (callback) { return setTimeout(function () { return callback(Date.now()); }, 1000 / 60); };\r\n})();\n\n// Defines minimum timeout before adding a trailing call.\r\nvar trailingTimeout = 2;\r\n/**\r\n * Creates a wrapper function which ensures that provided callback will be\r\n * invoked only once during the specified delay period.\r\n *\r\n * @param {Function} callback - Function to be invoked after the delay period.\r\n * @param {number} delay - Delay after which to invoke callback.\r\n * @returns {Function}\r\n */\r\nfunction throttle (callback, delay) {\r\n var leadingCall = false, trailingCall = false, lastCallTime = 0;\r\n /**\r\n * Invokes the original callback function and schedules new invocation if\r\n * the \"proxy\" was called during current request.\r\n *\r\n * @returns {void}\r\n */\r\n function resolvePending() {\r\n if (leadingCall) {\r\n leadingCall = false;\r\n callback();\r\n }\r\n if (trailingCall) {\r\n proxy();\r\n }\r\n }\r\n /**\r\n * Callback invoked after the specified delay. It will further postpone\r\n * invocation of the original function delegating it to the\r\n * requestAnimationFrame.\r\n *\r\n * @returns {void}\r\n */\r\n function timeoutCallback() {\r\n requestAnimationFrame$1(resolvePending);\r\n }\r\n /**\r\n * Schedules invocation of the original function.\r\n *\r\n * @returns {void}\r\n */\r\n function proxy() {\r\n var timeStamp = Date.now();\r\n if (leadingCall) {\r\n // Reject immediately following calls.\r\n if (timeStamp - lastCallTime < trailingTimeout) {\r\n return;\r\n }\r\n // Schedule new call to be in invoked when the pending one is resolved.\r\n // This is important for \"transitions\" which never actually start\r\n // immediately so there is a chance that we might miss one if change\r\n // happens amids the pending invocation.\r\n trailingCall = true;\r\n }\r\n else {\r\n leadingCall = true;\r\n trailingCall = false;\r\n setTimeout(timeoutCallback, delay);\r\n }\r\n lastCallTime = timeStamp;\r\n }\r\n return proxy;\r\n}\n\n// Minimum delay before invoking the update of observers.\r\nvar REFRESH_DELAY = 20;\r\n// A list of substrings of CSS properties used to find transition events that\r\n// might affect dimensions of observed elements.\r\nvar transitionKeys = ['top', 'right', 'bottom', 'left', 'width', 'height', 'size', 'weight'];\r\n// Check if MutationObserver is available.\r\nvar mutationObserverSupported = typeof MutationObserver !== 'undefined';\r\n/**\r\n * Singleton controller class which handles updates of ResizeObserver instances.\r\n */\r\nvar ResizeObserverController = /** @class */ (function () {\r\n /**\r\n * Creates a new instance of ResizeObserverController.\r\n *\r\n * @private\r\n */\r\n function ResizeObserverController() {\r\n /**\r\n * Indicates whether DOM listeners have been added.\r\n *\r\n * @private {boolean}\r\n */\r\n this.connected_ = false;\r\n /**\r\n * Tells that controller has subscribed for Mutation Events.\r\n *\r\n * @private {boolean}\r\n */\r\n this.mutationEventsAdded_ = false;\r\n /**\r\n * Keeps reference to the instance of MutationObserver.\r\n *\r\n * @private {MutationObserver}\r\n */\r\n this.mutationsObserver_ = null;\r\n /**\r\n * A list of connected observers.\r\n *\r\n * @private {Array}\r\n */\r\n this.observers_ = [];\r\n this.onTransitionEnd_ = this.onTransitionEnd_.bind(this);\r\n this.refresh = throttle(this.refresh.bind(this), REFRESH_DELAY);\r\n }\r\n /**\r\n * Adds observer to observers list.\r\n *\r\n * @param {ResizeObserverSPI} observer - Observer to be added.\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.addObserver = function (observer) {\r\n if (!~this.observers_.indexOf(observer)) {\r\n this.observers_.push(observer);\r\n }\r\n // Add listeners if they haven't been added yet.\r\n if (!this.connected_) {\r\n this.connect_();\r\n }\r\n };\r\n /**\r\n * Removes observer from observers list.\r\n *\r\n * @param {ResizeObserverSPI} observer - Observer to be removed.\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.removeObserver = function (observer) {\r\n var observers = this.observers_;\r\n var index = observers.indexOf(observer);\r\n // Remove observer if it's present in registry.\r\n if (~index) {\r\n observers.splice(index, 1);\r\n }\r\n // Remove listeners if controller has no connected observers.\r\n if (!observers.length && this.connected_) {\r\n this.disconnect_();\r\n }\r\n };\r\n /**\r\n * Invokes the update of observers. It will continue running updates insofar\r\n * it detects changes.\r\n *\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.refresh = function () {\r\n var changesDetected = this.updateObservers_();\r\n // Continue running updates if changes have been detected as there might\r\n // be future ones caused by CSS transitions.\r\n if (changesDetected) {\r\n this.refresh();\r\n }\r\n };\r\n /**\r\n * Updates every observer from observers list and notifies them of queued\r\n * entries.\r\n *\r\n * @private\r\n * @returns {boolean} Returns \"true\" if any observer has detected changes in\r\n * dimensions of it's elements.\r\n */\r\n ResizeObserverController.prototype.updateObservers_ = function () {\r\n // Collect observers that have active observations.\r\n var activeObservers = this.observers_.filter(function (observer) {\r\n return observer.gatherActive(), observer.hasActive();\r\n });\r\n // Deliver notifications in a separate cycle in order to avoid any\r\n // collisions between observers, e.g. when multiple instances of\r\n // ResizeObserver are tracking the same element and the callback of one\r\n // of them changes content dimensions of the observed target. Sometimes\r\n // this may result in notifications being blocked for the rest of observers.\r\n activeObservers.forEach(function (observer) { return observer.broadcastActive(); });\r\n return activeObservers.length > 0;\r\n };\r\n /**\r\n * Initializes DOM listeners.\r\n *\r\n * @private\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.connect_ = function () {\r\n // Do nothing if running in a non-browser environment or if listeners\r\n // have been already added.\r\n if (!isBrowser || this.connected_) {\r\n return;\r\n }\r\n // Subscription to the \"Transitionend\" event is used as a workaround for\r\n // delayed transitions. This way it's possible to capture at least the\r\n // final state of an element.\r\n document.addEventListener('transitionend', this.onTransitionEnd_);\r\n window.addEventListener('resize', this.refresh);\r\n if (mutationObserverSupported) {\r\n this.mutationsObserver_ = new MutationObserver(this.refresh);\r\n this.mutationsObserver_.observe(document, {\r\n attributes: true,\r\n childList: true,\r\n characterData: true,\r\n subtree: true\r\n });\r\n }\r\n else {\r\n document.addEventListener('DOMSubtreeModified', this.refresh);\r\n this.mutationEventsAdded_ = true;\r\n }\r\n this.connected_ = true;\r\n };\r\n /**\r\n * Removes DOM listeners.\r\n *\r\n * @private\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.disconnect_ = function () {\r\n // Do nothing if running in a non-browser environment or if listeners\r\n // have been already removed.\r\n if (!isBrowser || !this.connected_) {\r\n return;\r\n }\r\n document.removeEventListener('transitionend', this.onTransitionEnd_);\r\n window.removeEventListener('resize', this.refresh);\r\n if (this.mutationsObserver_) {\r\n this.mutationsObserver_.disconnect();\r\n }\r\n if (this.mutationEventsAdded_) {\r\n document.removeEventListener('DOMSubtreeModified', this.refresh);\r\n }\r\n this.mutationsObserver_ = null;\r\n this.mutationEventsAdded_ = false;\r\n this.connected_ = false;\r\n };\r\n /**\r\n * \"Transitionend\" event handler.\r\n *\r\n * @private\r\n * @param {TransitionEvent} event\r\n * @returns {void}\r\n */\r\n ResizeObserverController.prototype.onTransitionEnd_ = function (_a) {\r\n var _b = _a.propertyName, propertyName = _b === void 0 ? '' : _b;\r\n // Detect whether transition may affect dimensions of an element.\r\n var isReflowProperty = transitionKeys.some(function (key) {\r\n return !!~propertyName.indexOf(key);\r\n });\r\n if (isReflowProperty) {\r\n this.refresh();\r\n }\r\n };\r\n /**\r\n * Returns instance of the ResizeObserverController.\r\n *\r\n * @returns {ResizeObserverController}\r\n */\r\n ResizeObserverController.getInstance = function () {\r\n if (!this.instance_) {\r\n this.instance_ = new ResizeObserverController();\r\n }\r\n return this.instance_;\r\n };\r\n /**\r\n * Holds reference to the controller's instance.\r\n *\r\n * @private {ResizeObserverController}\r\n */\r\n ResizeObserverController.instance_ = null;\r\n return ResizeObserverController;\r\n}());\n\n/**\r\n * Defines non-writable/enumerable properties of the provided target object.\r\n *\r\n * @param {Object} target - Object for which to define properties.\r\n * @param {Object} props - Properties to be defined.\r\n * @returns {Object} Target object.\r\n */\r\nvar defineConfigurable = (function (target, props) {\r\n for (var _i = 0, _a = Object.keys(props); _i < _a.length; _i++) {\r\n var key = _a[_i];\r\n Object.defineProperty(target, key, {\r\n value: props[key],\r\n enumerable: false,\r\n writable: false,\r\n configurable: true\r\n });\r\n }\r\n return target;\r\n});\n\n/**\r\n * Returns the global object associated with provided element.\r\n *\r\n * @param {Object} target\r\n * @returns {Object}\r\n */\r\nvar getWindowOf = (function (target) {\r\n // Assume that the element is an instance of Node, which means that it\r\n // has the \"ownerDocument\" property from which we can retrieve a\r\n // corresponding global object.\r\n var ownerGlobal = target && target.ownerDocument && target.ownerDocument.defaultView;\r\n // Return the local global object if it's not possible extract one from\r\n // provided element.\r\n return ownerGlobal || global$1;\r\n});\n\n// Placeholder of an empty content rectangle.\r\nvar emptyRect = createRectInit(0, 0, 0, 0);\r\n/**\r\n * Converts provided string to a number.\r\n *\r\n * @param {number|string} value\r\n * @returns {number}\r\n */\r\nfunction toFloat(value) {\r\n return parseFloat(value) || 0;\r\n}\r\n/**\r\n * Extracts borders size from provided styles.\r\n *\r\n * @param {CSSStyleDeclaration} styles\r\n * @param {...string} positions - Borders positions (top, right, ...)\r\n * @returns {number}\r\n */\r\nfunction getBordersSize(styles) {\r\n var positions = [];\r\n for (var _i = 1; _i < arguments.length; _i++) {\r\n positions[_i - 1] = arguments[_i];\r\n }\r\n return positions.reduce(function (size, position) {\r\n var value = styles['border-' + position + '-width'];\r\n return size + toFloat(value);\r\n }, 0);\r\n}\r\n/**\r\n * Extracts paddings sizes from provided styles.\r\n *\r\n * @param {CSSStyleDeclaration} styles\r\n * @returns {Object} Paddings box.\r\n */\r\nfunction getPaddings(styles) {\r\n var positions = ['top', 'right', 'bottom', 'left'];\r\n var paddings = {};\r\n for (var _i = 0, positions_1 = positions; _i < positions_1.length; _i++) {\r\n var position = positions_1[_i];\r\n var value = styles['padding-' + position];\r\n paddings[position] = toFloat(value);\r\n }\r\n return paddings;\r\n}\r\n/**\r\n * Calculates content rectangle of provided SVG element.\r\n *\r\n * @param {SVGGraphicsElement} target - Element content rectangle of which needs\r\n * to be calculated.\r\n * @returns {DOMRectInit}\r\n */\r\nfunction getSVGContentRect(target) {\r\n var bbox = target.getBBox();\r\n return createRectInit(0, 0, bbox.width, bbox.height);\r\n}\r\n/**\r\n * Calculates content rectangle of provided HTMLElement.\r\n *\r\n * @param {HTMLElement} target - Element for which to calculate the content rectangle.\r\n * @returns {DOMRectInit}\r\n */\r\nfunction getHTMLElementContentRect(target) {\r\n // Client width & height properties can't be\r\n // used exclusively as they provide rounded values.\r\n var clientWidth = target.clientWidth, clientHeight = target.clientHeight;\r\n // By this condition we can catch all non-replaced inline, hidden and\r\n // detached elements. Though elements with width & height properties less\r\n // than 0.5 will be discarded as well.\r\n //\r\n // Without it we would need to implement separate methods for each of\r\n // those cases and it's not possible to perform a precise and performance\r\n // effective test for hidden elements. E.g. even jQuery's ':visible' filter\r\n // gives wrong results for elements with width & height less than 0.5.\r\n if (!clientWidth && !clientHeight) {\r\n return emptyRect;\r\n }\r\n var styles = getWindowOf(target).getComputedStyle(target);\r\n var paddings = getPaddings(styles);\r\n var horizPad = paddings.left + paddings.right;\r\n var vertPad = paddings.top + paddings.bottom;\r\n // Computed styles of width & height are being used because they are the\r\n // only dimensions available to JS that contain non-rounded values. It could\r\n // be possible to utilize the getBoundingClientRect if only it's data wasn't\r\n // affected by CSS transformations let alone paddings, borders and scroll bars.\r\n var width = toFloat(styles.width), height = toFloat(styles.height);\r\n // Width & height include paddings and borders when the 'border-box' box\r\n // model is applied (except for IE).\r\n if (styles.boxSizing === 'border-box') {\r\n // Following conditions are required to handle Internet Explorer which\r\n // doesn't include paddings and borders to computed CSS dimensions.\r\n //\r\n // We can say that if CSS dimensions + paddings are equal to the \"client\"\r\n // properties then it's either IE, and thus we don't need to subtract\r\n // anything, or an element merely doesn't have paddings/borders styles.\r\n if (Math.round(width + horizPad) !== clientWidth) {\r\n width -= getBordersSize(styles, 'left', 'right') + horizPad;\r\n }\r\n if (Math.round(height + vertPad) !== clientHeight) {\r\n height -= getBordersSize(styles, 'top', 'bottom') + vertPad;\r\n }\r\n }\r\n // Following steps can't be applied to the document's root element as its\r\n // client[Width/Height] properties represent viewport area of the window.\r\n // Besides, it's as well not necessary as the itself neither has\r\n // rendered scroll bars nor it can be clipped.\r\n if (!isDocumentElement(target)) {\r\n // In some browsers (only in Firefox, actually) CSS width & height\r\n // include scroll bars size which can be removed at this step as scroll\r\n // bars are the only difference between rounded dimensions + paddings\r\n // and \"client\" properties, though that is not always true in Chrome.\r\n var vertScrollbar = Math.round(width + horizPad) - clientWidth;\r\n var horizScrollbar = Math.round(height + vertPad) - clientHeight;\r\n // Chrome has a rather weird rounding of \"client\" properties.\r\n // E.g. for an element with content width of 314.2px it sometimes gives\r\n // the client width of 315px and for the width of 314.7px it may give\r\n // 314px. And it doesn't happen all the time. So just ignore this delta\r\n // as a non-relevant.\r\n if (Math.abs(vertScrollbar) !== 1) {\r\n width -= vertScrollbar;\r\n }\r\n if (Math.abs(horizScrollbar) !== 1) {\r\n height -= horizScrollbar;\r\n }\r\n }\r\n return createRectInit(paddings.left, paddings.top, width, height);\r\n}\r\n/**\r\n * Checks whether provided element is an instance of the SVGGraphicsElement.\r\n *\r\n * @param {Element} target - Element to be checked.\r\n * @returns {boolean}\r\n */\r\nvar isSVGGraphicsElement = (function () {\r\n // Some browsers, namely IE and Edge, don't have the SVGGraphicsElement\r\n // interface.\r\n if (typeof SVGGraphicsElement !== 'undefined') {\r\n return function (target) { return target instanceof getWindowOf(target).SVGGraphicsElement; };\r\n }\r\n // If it's so, then check that element is at least an instance of the\r\n // SVGElement and that it has the \"getBBox\" method.\r\n // eslint-disable-next-line no-extra-parens\r\n return function (target) { return (target instanceof getWindowOf(target).SVGElement &&\r\n typeof target.getBBox === 'function'); };\r\n})();\r\n/**\r\n * Checks whether provided element is a document element ().\r\n *\r\n * @param {Element} target - Element to be checked.\r\n * @returns {boolean}\r\n */\r\nfunction isDocumentElement(target) {\r\n return target === getWindowOf(target).document.documentElement;\r\n}\r\n/**\r\n * Calculates an appropriate content rectangle for provided html or svg element.\r\n *\r\n * @param {Element} target - Element content rectangle of which needs to be calculated.\r\n * @returns {DOMRectInit}\r\n */\r\nfunction getContentRect(target) {\r\n if (!isBrowser) {\r\n return emptyRect;\r\n }\r\n if (isSVGGraphicsElement(target)) {\r\n return getSVGContentRect(target);\r\n }\r\n return getHTMLElementContentRect(target);\r\n}\r\n/**\r\n * Creates rectangle with an interface of the DOMRectReadOnly.\r\n * Spec: https://drafts.fxtf.org/geometry/#domrectreadonly\r\n *\r\n * @param {DOMRectInit} rectInit - Object with rectangle's x/y coordinates and dimensions.\r\n * @returns {DOMRectReadOnly}\r\n */\r\nfunction createReadOnlyRect(_a) {\r\n var x = _a.x, y = _a.y, width = _a.width, height = _a.height;\r\n // If DOMRectReadOnly is available use it as a prototype for the rectangle.\r\n var Constr = typeof DOMRectReadOnly !== 'undefined' ? DOMRectReadOnly : Object;\r\n var rect = Object.create(Constr.prototype);\r\n // Rectangle's properties are not writable and non-enumerable.\r\n defineConfigurable(rect, {\r\n x: x, y: y, width: width, height: height,\r\n top: y,\r\n right: x + width,\r\n bottom: height + y,\r\n left: x\r\n });\r\n return rect;\r\n}\r\n/**\r\n * Creates DOMRectInit object based on the provided dimensions and the x/y coordinates.\r\n * Spec: https://drafts.fxtf.org/geometry/#dictdef-domrectinit\r\n *\r\n * @param {number} x - X coordinate.\r\n * @param {number} y - Y coordinate.\r\n * @param {number} width - Rectangle's width.\r\n * @param {number} height - Rectangle's height.\r\n * @returns {DOMRectInit}\r\n */\r\nfunction createRectInit(x, y, width, height) {\r\n return { x: x, y: y, width: width, height: height };\r\n}\n\n/**\r\n * Class that is responsible for computations of the content rectangle of\r\n * provided DOM element and for keeping track of it's changes.\r\n */\r\nvar ResizeObservation = /** @class */ (function () {\r\n /**\r\n * Creates an instance of ResizeObservation.\r\n *\r\n * @param {Element} target - Element to be observed.\r\n */\r\n function ResizeObservation(target) {\r\n /**\r\n * Broadcasted width of content rectangle.\r\n *\r\n * @type {number}\r\n */\r\n this.broadcastWidth = 0;\r\n /**\r\n * Broadcasted height of content rectangle.\r\n *\r\n * @type {number}\r\n */\r\n this.broadcastHeight = 0;\r\n /**\r\n * Reference to the last observed content rectangle.\r\n *\r\n * @private {DOMRectInit}\r\n */\r\n this.contentRect_ = createRectInit(0, 0, 0, 0);\r\n this.target = target;\r\n }\r\n /**\r\n * Updates content rectangle and tells whether it's width or height properties\r\n * have changed since the last broadcast.\r\n *\r\n * @returns {boolean}\r\n */\r\n ResizeObservation.prototype.isActive = function () {\r\n var rect = getContentRect(this.target);\r\n this.contentRect_ = rect;\r\n return (rect.width !== this.broadcastWidth ||\r\n rect.height !== this.broadcastHeight);\r\n };\r\n /**\r\n * Updates 'broadcastWidth' and 'broadcastHeight' properties with a data\r\n * from the corresponding properties of the last observed content rectangle.\r\n *\r\n * @returns {DOMRectInit} Last observed content rectangle.\r\n */\r\n ResizeObservation.prototype.broadcastRect = function () {\r\n var rect = this.contentRect_;\r\n this.broadcastWidth = rect.width;\r\n this.broadcastHeight = rect.height;\r\n return rect;\r\n };\r\n return ResizeObservation;\r\n}());\n\nvar ResizeObserverEntry = /** @class */ (function () {\r\n /**\r\n * Creates an instance of ResizeObserverEntry.\r\n *\r\n * @param {Element} target - Element that is being observed.\r\n * @param {DOMRectInit} rectInit - Data of the element's content rectangle.\r\n */\r\n function ResizeObserverEntry(target, rectInit) {\r\n var contentRect = createReadOnlyRect(rectInit);\r\n // According to the specification following properties are not writable\r\n // and are also not enumerable in the native implementation.\r\n //\r\n // Property accessors are not being used as they'd require to define a\r\n // private WeakMap storage which may cause memory leaks in browsers that\r\n // don't support this type of collections.\r\n defineConfigurable(this, { target: target, contentRect: contentRect });\r\n }\r\n return ResizeObserverEntry;\r\n}());\n\nvar ResizeObserverSPI = /** @class */ (function () {\r\n /**\r\n * Creates a new instance of ResizeObserver.\r\n *\r\n * @param {ResizeObserverCallback} callback - Callback function that is invoked\r\n * when one of the observed elements changes it's content dimensions.\r\n * @param {ResizeObserverController} controller - Controller instance which\r\n * is responsible for the updates of observer.\r\n * @param {ResizeObserver} callbackCtx - Reference to the public\r\n * ResizeObserver instance which will be passed to callback function.\r\n */\r\n function ResizeObserverSPI(callback, controller, callbackCtx) {\r\n /**\r\n * Collection of resize observations that have detected changes in dimensions\r\n * of elements.\r\n *\r\n * @private {Array}\r\n */\r\n this.activeObservations_ = [];\r\n /**\r\n * Registry of the ResizeObservation instances.\r\n *\r\n * @private {Map}\r\n */\r\n this.observations_ = new MapShim();\r\n if (typeof callback !== 'function') {\r\n throw new TypeError('The callback provided as parameter 1 is not a function.');\r\n }\r\n this.callback_ = callback;\r\n this.controller_ = controller;\r\n this.callbackCtx_ = callbackCtx;\r\n }\r\n /**\r\n * Starts observing provided element.\r\n *\r\n * @param {Element} target - Element to be observed.\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.observe = function (target) {\r\n if (!arguments.length) {\r\n throw new TypeError('1 argument required, but only 0 present.');\r\n }\r\n // Do nothing if current environment doesn't have the Element interface.\r\n if (typeof Element === 'undefined' || !(Element instanceof Object)) {\r\n return;\r\n }\r\n if (!(target instanceof getWindowOf(target).Element)) {\r\n throw new TypeError('parameter 1 is not of type \"Element\".');\r\n }\r\n var observations = this.observations_;\r\n // Do nothing if element is already being observed.\r\n if (observations.has(target)) {\r\n return;\r\n }\r\n observations.set(target, new ResizeObservation(target));\r\n this.controller_.addObserver(this);\r\n // Force the update of observations.\r\n this.controller_.refresh();\r\n };\r\n /**\r\n * Stops observing provided element.\r\n *\r\n * @param {Element} target - Element to stop observing.\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.unobserve = function (target) {\r\n if (!arguments.length) {\r\n throw new TypeError('1 argument required, but only 0 present.');\r\n }\r\n // Do nothing if current environment doesn't have the Element interface.\r\n if (typeof Element === 'undefined' || !(Element instanceof Object)) {\r\n return;\r\n }\r\n if (!(target instanceof getWindowOf(target).Element)) {\r\n throw new TypeError('parameter 1 is not of type \"Element\".');\r\n }\r\n var observations = this.observations_;\r\n // Do nothing if element is not being observed.\r\n if (!observations.has(target)) {\r\n return;\r\n }\r\n observations.delete(target);\r\n if (!observations.size) {\r\n this.controller_.removeObserver(this);\r\n }\r\n };\r\n /**\r\n * Stops observing all elements.\r\n *\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.disconnect = function () {\r\n this.clearActive();\r\n this.observations_.clear();\r\n this.controller_.removeObserver(this);\r\n };\r\n /**\r\n * Collects observation instances the associated element of which has changed\r\n * it's content rectangle.\r\n *\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.gatherActive = function () {\r\n var _this = this;\r\n this.clearActive();\r\n this.observations_.forEach(function (observation) {\r\n if (observation.isActive()) {\r\n _this.activeObservations_.push(observation);\r\n }\r\n });\r\n };\r\n /**\r\n * Invokes initial callback function with a list of ResizeObserverEntry\r\n * instances collected from active resize observations.\r\n *\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.broadcastActive = function () {\r\n // Do nothing if observer doesn't have active observations.\r\n if (!this.hasActive()) {\r\n return;\r\n }\r\n var ctx = this.callbackCtx_;\r\n // Create ResizeObserverEntry instance for every active observation.\r\n var entries = this.activeObservations_.map(function (observation) {\r\n return new ResizeObserverEntry(observation.target, observation.broadcastRect());\r\n });\r\n this.callback_.call(ctx, entries, ctx);\r\n this.clearActive();\r\n };\r\n /**\r\n * Clears the collection of active observations.\r\n *\r\n * @returns {void}\r\n */\r\n ResizeObserverSPI.prototype.clearActive = function () {\r\n this.activeObservations_.splice(0);\r\n };\r\n /**\r\n * Tells whether observer has active observations.\r\n *\r\n * @returns {boolean}\r\n */\r\n ResizeObserverSPI.prototype.hasActive = function () {\r\n return this.activeObservations_.length > 0;\r\n };\r\n return ResizeObserverSPI;\r\n}());\n\n// Registry of internal observers. If WeakMap is not available use current shim\r\n// for the Map collection as it has all required methods and because WeakMap\r\n// can't be fully polyfilled anyway.\r\nvar observers = typeof WeakMap !== 'undefined' ? new WeakMap() : new MapShim();\r\n/**\r\n * ResizeObserver API. Encapsulates the ResizeObserver SPI implementation\r\n * exposing only those methods and properties that are defined in the spec.\r\n */\r\nvar ResizeObserver = /** @class */ (function () {\r\n /**\r\n * Creates a new instance of ResizeObserver.\r\n *\r\n * @param {ResizeObserverCallback} callback - Callback that is invoked when\r\n * dimensions of the observed elements change.\r\n */\r\n function ResizeObserver(callback) {\r\n if (!(this instanceof ResizeObserver)) {\r\n throw new TypeError('Cannot call a class as a function.');\r\n }\r\n if (!arguments.length) {\r\n throw new TypeError('1 argument required, but only 0 present.');\r\n }\r\n var controller = ResizeObserverController.getInstance();\r\n var observer = new ResizeObserverSPI(callback, controller, this);\r\n observers.set(this, observer);\r\n }\r\n return ResizeObserver;\r\n}());\r\n// Expose public methods of ResizeObserver.\r\n[\r\n 'observe',\r\n 'unobserve',\r\n 'disconnect'\r\n].forEach(function (method) {\r\n ResizeObserver.prototype[method] = function () {\r\n var _a;\r\n return (_a = observers.get(this))[method].apply(_a, arguments);\r\n };\r\n});\n\nvar index = (function () {\r\n // Export existing implementation if available.\r\n if (typeof global$1.ResizeObserver !== 'undefined') {\r\n return global$1.ResizeObserver;\r\n }\r\n return ResizeObserver;\r\n})();\n\nexport default index;\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport ResizeObserver from \"resize-observer-polyfill\"\nimport {\n NEVER,\n Observable,\n Subject,\n defer,\n filter,\n finalize,\n map,\n merge,\n of,\n shareReplay,\n startWith,\n switchMap,\n tap\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Element offset\n */\nexport interface ElementSize {\n width: number /* Element width */\n height: number /* Element height */\n}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Resize observer entry subject\n */\nconst entry$ = new Subject()\n\n/**\n * Resize observer observable\n *\n * This observable will create a `ResizeObserver` on the first subscription\n * and will automatically terminate it when there are no more subscribers.\n * It's quite important to centralize observation in a single `ResizeObserver`,\n * as the performance difference can be quite dramatic, as the link shows.\n *\n * @see https://bit.ly/3iIYfEm - Google Groups on performance\n */\nconst observer$ = defer(() => of(\n new ResizeObserver(entries => {\n for (const entry of entries)\n entry$.next(entry)\n })\n))\n .pipe(\n switchMap(observer => merge(NEVER, of(observer))\n .pipe(\n finalize(() => observer.disconnect())\n )\n ),\n shareReplay(1)\n )\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve element size\n *\n * @param el - Element\n *\n * @returns Element size\n */\nexport function getElementSize(\n el: HTMLElement\n): ElementSize {\n return {\n width: el.offsetWidth,\n height: el.offsetHeight\n }\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch element size\n *\n * This function returns an observable that subscribes to a single internal\n * instance of `ResizeObserver` upon subscription, and emit resize events until\n * termination. Note that this function should not be called with the same\n * element twice, as the first unsubscription will terminate observation.\n *\n * Sadly, we can't use the `DOMRect` objects returned by the observer, because\n * we need the emitted values to be consistent with `getElementSize`, which will\n * return the used values (rounded) and not actual values (unrounded). Thus, we\n * use the `offset*` properties. See the linked GitHub issue.\n *\n * @see https://bit.ly/3m0k3he - GitHub issue\n *\n * @param el - Element\n *\n * @returns Element size observable\n */\nexport function watchElementSize(\n el: HTMLElement\n): Observable {\n return observer$\n .pipe(\n tap(observer => observer.observe(el)),\n switchMap(observer => entry$\n .pipe(\n filter(({ target }) => target === el),\n finalize(() => observer.unobserve(el)),\n map(() => getElementSize(el))\n )\n ),\n startWith(getElementSize(el))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { ElementSize } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve element content size (= scroll width and height)\n *\n * @param el - Element\n *\n * @returns Element content size\n */\nexport function getElementContentSize(\n el: HTMLElement\n): ElementSize {\n return {\n width: el.scrollWidth,\n height: el.scrollHeight\n }\n}\n\n/**\n * Retrieve the overflowing container of an element, if any\n *\n * @param el - Element\n *\n * @returns Overflowing container or nothing\n */\nexport function getElementContainer(\n el: HTMLElement\n): HTMLElement | undefined {\n let parent = el.parentElement\n while (parent)\n if (\n el.scrollWidth <= parent.scrollWidth &&\n el.scrollHeight <= parent.scrollHeight\n )\n parent = (el = parent).parentElement\n else\n break\n\n /* Return overflowing container */\n return parent ? el : undefined\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n NEVER,\n Observable,\n Subject,\n defer,\n distinctUntilChanged,\n filter,\n finalize,\n map,\n merge,\n of,\n shareReplay,\n switchMap,\n tap\n} from \"rxjs\"\n\nimport {\n getElementContentSize,\n getElementSize,\n watchElementContentOffset\n} from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Intersection observer entry subject\n */\nconst entry$ = new Subject()\n\n/**\n * Intersection observer observable\n *\n * This observable will create an `IntersectionObserver` on first subscription\n * and will automatically terminate it when there are no more subscribers.\n *\n * @see https://bit.ly/3iIYfEm - Google Groups on performance\n */\nconst observer$ = defer(() => of(\n new IntersectionObserver(entries => {\n for (const entry of entries)\n entry$.next(entry)\n }, {\n threshold: 0\n })\n))\n .pipe(\n switchMap(observer => merge(NEVER, of(observer))\n .pipe(\n finalize(() => observer.disconnect())\n )\n ),\n shareReplay(1)\n )\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch element visibility\n *\n * @param el - Element\n *\n * @returns Element visibility observable\n */\nexport function watchElementVisibility(\n el: HTMLElement\n): Observable {\n return observer$\n .pipe(\n tap(observer => observer.observe(el)),\n switchMap(observer => entry$\n .pipe(\n filter(({ target }) => target === el),\n finalize(() => observer.unobserve(el)),\n map(({ isIntersecting }) => isIntersecting)\n )\n )\n )\n}\n\n/**\n * Watch element boundary\n *\n * This function returns an observable which emits whether the bottom content\n * boundary (= scroll offset) of an element is within a certain threshold.\n *\n * @param el - Element\n * @param threshold - Threshold\n *\n * @returns Element boundary observable\n */\nexport function watchElementBoundary(\n el: HTMLElement, threshold = 16\n): Observable {\n return watchElementContentOffset(el)\n .pipe(\n map(({ y }) => {\n const visible = getElementSize(el)\n const content = getElementContentSize(el)\n return y >= (\n content.height - visible.height - threshold\n )\n }),\n distinctUntilChanged()\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n fromEvent,\n map,\n startWith\n} from \"rxjs\"\n\nimport { getElement } from \"../element\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Toggle\n */\nexport type Toggle =\n | \"drawer\" /* Toggle for drawer */\n | \"search\" /* Toggle for search */\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Toggle map\n */\nconst toggles: Record = {\n drawer: getElement(\"[data-md-toggle=drawer]\"),\n search: getElement(\"[data-md-toggle=search]\")\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve the value of a toggle\n *\n * @param name - Toggle\n *\n * @returns Toggle value\n */\nexport function getToggle(name: Toggle): boolean {\n return toggles[name].checked\n}\n\n/**\n * Set toggle\n *\n * Simulating a click event seems to be the most cross-browser compatible way\n * of changing the value while also emitting a `change` event. Before, Material\n * used `CustomEvent` to programmatically change the value of a toggle, but this\n * is a much simpler and cleaner solution which doesn't require a polyfill.\n *\n * @param name - Toggle\n * @param value - Toggle value\n */\nexport function setToggle(name: Toggle, value: boolean): void {\n if (toggles[name].checked !== value)\n toggles[name].click()\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch toggle\n *\n * @param name - Toggle\n *\n * @returns Toggle value observable\n */\nexport function watchToggle(name: Toggle): Observable {\n const el = toggles[name]\n return fromEvent(el, \"change\")\n .pipe(\n map(() => el.checked),\n startWith(el.checked)\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n filter,\n fromEvent,\n map,\n share\n} from \"rxjs\"\n\nimport { getActiveElement } from \"../element\"\nimport { getToggle } from \"../toggle\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Keyboard mode\n */\nexport type KeyboardMode =\n | \"global\" /* Global */\n | \"search\" /* Search is open */\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Keyboard\n */\nexport interface Keyboard {\n mode: KeyboardMode /* Keyboard mode */\n type: string /* Key type */\n claim(): void /* Key claim */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Check whether an element may receive keyboard input\n *\n * @param el - Element\n * @param type - Key type\n *\n * @returns Test result\n */\nfunction isSusceptibleToKeyboard(\n el: HTMLElement, type: string\n): boolean {\n switch (el.constructor) {\n\n /* Input elements */\n case HTMLInputElement:\n /* @ts-expect-error - omit unnecessary type cast */\n if (el.type === \"radio\")\n return /^Arrow/.test(type)\n else\n return true\n\n /* Select element and textarea */\n case HTMLSelectElement:\n case HTMLTextAreaElement:\n return true\n\n /* Everything else */\n default:\n return el.isContentEditable\n }\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch keyboard\n *\n * @returns Keyboard observable\n */\nexport function watchKeyboard(): Observable {\n return fromEvent(window, \"keydown\")\n .pipe(\n filter(ev => !(ev.metaKey || ev.ctrlKey)),\n map(ev => ({\n mode: getToggle(\"search\") ? \"search\" : \"global\",\n type: ev.key,\n claim() {\n ev.preventDefault()\n ev.stopPropagation()\n }\n } as Keyboard)),\n filter(({ mode, type }) => {\n if (mode === \"global\") {\n const active = getActiveElement()\n if (typeof active !== \"undefined\")\n return !isSusceptibleToKeyboard(active, type)\n }\n return true\n }),\n share()\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { Subject } from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve location\n *\n * This function returns a `URL` object (and not `Location`) to normalize the\n * typings across the application. Furthermore, locations need to be tracked\n * without setting them and `Location` is a singleton which represents the\n * current location.\n *\n * @returns URL\n */\nexport function getLocation(): URL {\n return new URL(location.href)\n}\n\n/**\n * Set location\n *\n * @param url - URL to change to\n */\nexport function setLocation(url: URL): void {\n location.href = url.href\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch location\n *\n * @returns Location subject\n */\nexport function watchLocation(): Subject {\n return new Subject()\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { JSX as JSXInternal } from \"preact\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * HTML attributes\n */\ntype Attributes =\n & JSXInternal.HTMLAttributes\n & JSXInternal.SVGAttributes\n & Record\n\n/**\n * Child element\n */\ntype Child =\n | HTMLElement\n | Text\n | string\n | number\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Append a child node to an element\n *\n * @param el - Element\n * @param child - Child node(s)\n */\nfunction appendChild(el: HTMLElement, child: Child | Child[]): void {\n\n /* Handle primitive types (including raw HTML) */\n if (typeof child === \"string\" || typeof child === \"number\") {\n el.innerHTML += child.toString()\n\n /* Handle nodes */\n } else if (child instanceof Node) {\n el.appendChild(child)\n\n /* Handle nested children */\n } else if (Array.isArray(child)) {\n for (const node of child)\n appendChild(el, node)\n }\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * JSX factory\n *\n * @template T - Element type\n *\n * @param tag - HTML tag\n * @param attributes - HTML attributes\n * @param children - Child elements\n *\n * @returns Element\n */\nexport function h(\n tag: T, attributes?: Attributes | null, ...children: Child[]\n): HTMLElementTagNameMap[T]\n\nexport function h(\n tag: string, attributes?: Attributes | null, ...children: Child[]\n): T\n\nexport function h(\n tag: string, attributes?: Attributes | null, ...children: Child[]\n): T {\n const el = document.createElement(tag)\n\n /* Set attributes, if any */\n if (attributes)\n for (const attr of Object.keys(attributes)) {\n if (typeof attributes[attr] === \"undefined\")\n continue\n\n /* Set default attribute or boolean */\n if (typeof attributes[attr] !== \"boolean\")\n el.setAttribute(attr, attributes[attr])\n else\n el.setAttribute(attr, \"\")\n }\n\n /* Append child nodes */\n for (const child of children)\n appendChild(el, child)\n\n /* Return element */\n return el as T\n}\n\n/* ----------------------------------------------------------------------------\n * Namespace\n * ------------------------------------------------------------------------- */\n\nexport declare namespace h {\n namespace JSX {\n type Element = HTMLElement\n type IntrinsicElements = JSXInternal.IntrinsicElements\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Truncate a string after the given number of characters\n *\n * This is not a very reasonable approach, since the summaries kind of suck.\n * It would be better to create something more intelligent, highlighting the\n * search occurrences and making a better summary out of it, but this note was\n * written three years ago, so who knows if we'll ever fix it.\n *\n * @param value - Value to be truncated\n * @param n - Number of characters\n *\n * @returns Truncated value\n */\nexport function truncate(value: string, n: number): string {\n let i = n\n if (value.length > i) {\n while (value[i] !== \" \" && --i > 0) { /* keep eating */ }\n return `${value.substring(0, i)}...`\n }\n return value\n}\n\n/**\n * Round a number for display with repository facts\n *\n * This is a reverse-engineered version of GitHub's weird rounding algorithm\n * for stars, forks and all other numbers. While all numbers below `1,000` are\n * returned as-is, bigger numbers are converted to fixed numbers:\n *\n * - `1,049` => `1k`\n * - `1,050` => `1.1k`\n * - `1,949` => `1.9k`\n * - `1,950` => `2k`\n *\n * @param value - Original value\n *\n * @returns Rounded value\n */\nexport function round(value: number): string {\n if (value > 999) {\n const digits = +((value - 950) % 1000 > 99)\n return `${((value + 0.000001) / 1000).toFixed(digits)}k`\n } else {\n return value.toString()\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n filter,\n fromEvent,\n map,\n shareReplay,\n startWith\n} from \"rxjs\"\n\nimport { getOptionalElement } from \"~/browser\"\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve location hash\n *\n * @returns Location hash\n */\nexport function getLocationHash(): string {\n return location.hash.substring(1)\n}\n\n/**\n * Set location hash\n *\n * Setting a new fragment identifier via `location.hash` will have no effect\n * if the value doesn't change. When a new fragment identifier is set, we want\n * the browser to target the respective element at all times, which is why we\n * use this dirty little trick.\n *\n * @param hash - Location hash\n */\nexport function setLocationHash(hash: string): void {\n const el = h(\"a\", { href: hash })\n el.addEventListener(\"click\", ev => ev.stopPropagation())\n el.click()\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch location hash\n *\n * @returns Location hash observable\n */\nexport function watchLocationHash(): Observable {\n return fromEvent(window, \"hashchange\")\n .pipe(\n map(getLocationHash),\n startWith(getLocationHash()),\n filter(hash => hash.length > 0),\n shareReplay(1)\n )\n}\n\n/**\n * Watch location target\n *\n * @returns Location target observable\n */\nexport function watchLocationTarget(): Observable {\n return watchLocationHash()\n .pipe(\n map(id => getOptionalElement(`[id=\"${id}\"]`)!),\n filter(el => typeof el !== \"undefined\")\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n fromEvent,\n fromEventPattern,\n map,\n merge,\n startWith,\n switchMap\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch media query\n *\n * Note that although `MediaQueryList.addListener` is deprecated we have to\n * use it, because it's the only way to ensure proper downward compatibility.\n *\n * @see https://bit.ly/3dUBH2m - GitHub issue\n *\n * @param query - Media query\n *\n * @returns Media observable\n */\nexport function watchMedia(query: string): Observable {\n const media = matchMedia(query)\n return fromEventPattern(next => (\n media.addListener(() => next(media.matches))\n ))\n .pipe(\n startWith(media.matches)\n )\n}\n\n/**\n * Watch print mode\n *\n * @returns Print observable\n */\nexport function watchPrint(): Observable {\n const media = matchMedia(\"print\")\n return merge(\n fromEvent(window, \"beforeprint\").pipe(map(() => true)),\n fromEvent(window, \"afterprint\").pipe(map(() => false))\n )\n .pipe(\n startWith(media.matches)\n )\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Toggle an observable with a media observable\n *\n * @template T - Data type\n *\n * @param query$ - Media observable\n * @param factory - Observable factory\n *\n * @returns Toggled observable\n */\nexport function at(\n query$: Observable, factory: () => Observable\n): Observable {\n return query$\n .pipe(\n switchMap(active => active ? factory() : EMPTY)\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n catchError,\n from,\n map,\n of,\n shareReplay,\n switchMap,\n throwError\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch the given URL\n *\n * If the request fails (e.g. when dispatched from `file://` locations), the\n * observable will complete without emitting a value.\n *\n * @param url - Request URL\n * @param options - Options\n *\n * @returns Response observable\n */\nexport function request(\n url: URL | string, options: RequestInit = { credentials: \"same-origin\" }\n): Observable {\n return from(fetch(`${url}`, options))\n .pipe(\n catchError(() => EMPTY),\n switchMap(res => res.status !== 200\n ? throwError(() => new Error(res.statusText))\n : of(res)\n )\n )\n}\n\n/**\n * Fetch JSON from the given URL\n *\n * @template T - Data type\n *\n * @param url - Request URL\n * @param options - Options\n *\n * @returns Data observable\n */\nexport function requestJSON(\n url: URL | string, options?: RequestInit\n): Observable {\n return request(url, options)\n .pipe(\n switchMap(res => res.json()),\n shareReplay(1)\n )\n}\n\n/**\n * Fetch XML from the given URL\n *\n * @param url - Request URL\n * @param options - Options\n *\n * @returns Data observable\n */\nexport function requestXML(\n url: URL | string, options?: RequestInit\n): Observable {\n const dom = new DOMParser()\n return request(url, options)\n .pipe(\n switchMap(res => res.text()),\n map(res => dom.parseFromString(res, \"text/xml\")),\n shareReplay(1)\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n defer,\n finalize,\n fromEvent,\n map,\n merge,\n switchMap,\n take,\n throwError\n} from \"rxjs\"\n\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Create and load a `script` element\n *\n * This function returns an observable that will emit when the script was\n * successfully loaded, or throw an error if it didn't.\n *\n * @param src - Script URL\n *\n * @returns Script observable\n */\nexport function watchScript(src: string): Observable {\n const script = h(\"script\", { src })\n return defer(() => {\n document.head.appendChild(script)\n return merge(\n fromEvent(script, \"load\"),\n fromEvent(script, \"error\")\n .pipe(\n switchMap(() => (\n throwError(() => new ReferenceError(`Invalid script: ${src}`))\n ))\n )\n )\n .pipe(\n map(() => undefined),\n finalize(() => document.head.removeChild(script)),\n take(1)\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n fromEvent,\n map,\n merge,\n startWith\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Viewport offset\n */\nexport interface ViewportOffset {\n x: number /* Horizontal offset */\n y: number /* Vertical offset */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve viewport offset\n *\n * On iOS Safari, viewport offset can be negative due to overflow scrolling.\n * As this may induce strange behaviors downstream, we'll just limit it to 0.\n *\n * @returns Viewport offset\n */\nexport function getViewportOffset(): ViewportOffset {\n return {\n x: Math.max(0, scrollX),\n y: Math.max(0, scrollY)\n }\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch viewport offset\n *\n * @returns Viewport offset observable\n */\nexport function watchViewportOffset(): Observable {\n return merge(\n fromEvent(window, \"scroll\", { passive: true }),\n fromEvent(window, \"resize\", { passive: true })\n )\n .pipe(\n map(getViewportOffset),\n startWith(getViewportOffset())\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n fromEvent,\n map,\n startWith\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Viewport size\n */\nexport interface ViewportSize {\n width: number /* Viewport width */\n height: number /* Viewport height */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve viewport size\n *\n * @returns Viewport size\n */\nexport function getViewportSize(): ViewportSize {\n return {\n width: innerWidth,\n height: innerHeight\n }\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Watch viewport size\n *\n * @returns Viewport size observable\n */\nexport function watchViewportSize(): Observable {\n return fromEvent(window, \"resize\", { passive: true })\n .pipe(\n map(getViewportSize),\n startWith(getViewportSize())\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n combineLatest,\n map,\n shareReplay\n} from \"rxjs\"\n\nimport {\n ViewportOffset,\n watchViewportOffset\n} from \"../offset\"\nimport {\n ViewportSize,\n watchViewportSize\n} from \"../size\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Viewport\n */\nexport interface Viewport {\n offset: ViewportOffset /* Viewport offset */\n size: ViewportSize /* Viewport size */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch viewport\n *\n * @returns Viewport observable\n */\nexport function watchViewport(): Observable {\n return combineLatest([\n watchViewportOffset(),\n watchViewportSize()\n ])\n .pipe(\n map(([offset, size]) => ({ offset, size })),\n shareReplay(1)\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n combineLatest,\n distinctUntilKeyChanged,\n map\n} from \"rxjs\"\n\nimport { Header } from \"~/components\"\n\nimport { getElementOffset } from \"../../element\"\nimport { Viewport } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable

/* Header observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch viewport relative to element\n *\n * @param el - Element\n * @param options - Options\n *\n * @returns Viewport observable\n */\nexport function watchViewportAt(\n el: HTMLElement, { viewport$, header$ }: WatchOptions\n): Observable {\n const size$ = viewport$\n .pipe(\n distinctUntilKeyChanged(\"size\")\n )\n\n /* Compute element offset */\n const offset$ = combineLatest([size$, header$])\n .pipe(\n map(() => getElementOffset(el))\n )\n\n /* Compute relative viewport, return hot observable */\n return combineLatest([header$, viewport$, offset$])\n .pipe(\n map(([{ height }, { offset, size }, { x, y }]) => ({\n offset: {\n x: offset.x - x,\n y: offset.y - y + height\n },\n size\n }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n fromEvent,\n map,\n share,\n switchMap,\n tap,\n throttle\n} from \"rxjs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Worker message\n */\nexport interface WorkerMessage {\n type: unknown /* Message type */\n data?: unknown /* Message data */\n}\n\n/**\n * Worker handler\n *\n * @template T - Message type\n */\nexport interface WorkerHandler<\n T extends WorkerMessage\n> {\n tx$: Subject /* Message transmission subject */\n rx$: Observable /* Message receive observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n *\n * @template T - Worker message type\n */\ninterface WatchOptions {\n tx$: Observable /* Message transmission observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch a web worker\n *\n * This function returns an observable that sends all values emitted by the\n * message observable to the web worker. Web worker communication is expected\n * to be bidirectional (request-response) and synchronous. Messages that are\n * emitted during a pending request are throttled, the last one is emitted.\n *\n * @param worker - Web worker\n * @param options - Options\n *\n * @returns Worker message observable\n */\nexport function watchWorker(\n worker: Worker, { tx$ }: WatchOptions\n): Observable {\n\n /* Intercept messages from worker-like objects */\n const rx$ = fromEvent(worker, \"message\")\n .pipe(\n map(({ data }) => data as T)\n )\n\n /* Send and receive messages, return hot observable */\n return tx$\n .pipe(\n throttle(() => rx$, { leading: true, trailing: true }),\n tap(message => worker.postMessage(message)),\n switchMap(() => rx$),\n share()\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { getElement, getLocation } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Feature flag\n */\nexport type Flag =\n | \"announce.dismiss\" /* Dismissable announcement bar */\n | \"content.code.annotate\" /* Code annotations */\n | \"content.lazy\" /* Lazy content elements */\n | \"content.tabs.link\" /* Link content tabs */\n | \"header.autohide\" /* Hide header */\n | \"navigation.expand\" /* Automatic expansion */\n | \"navigation.indexes\" /* Section pages */\n | \"navigation.instant\" /* Instant loading */\n | \"navigation.sections\" /* Section navigation */\n | \"navigation.tabs\" /* Tabs navigation */\n | \"navigation.tabs.sticky\" /* Tabs navigation (sticky) */\n | \"navigation.top\" /* Back-to-top button */\n | \"navigation.tracking\" /* Anchor tracking */\n | \"search.highlight\" /* Search highlighting */\n | \"search.share\" /* Search sharing */\n | \"search.suggest\" /* Search suggestions */\n | \"toc.follow\" /* Following table of contents */\n | \"toc.integrate\" /* Integrated table of contents */\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Translation\n */\nexport type Translation =\n | \"clipboard.copy\" /* Copy to clipboard */\n | \"clipboard.copied\" /* Copied to clipboard */\n | \"search.config.lang\" /* Search language */\n | \"search.config.pipeline\" /* Search pipeline */\n | \"search.config.separator\" /* Search separator */\n | \"search.placeholder\" /* Search */\n | \"search.result.placeholder\" /* Type to start searching */\n | \"search.result.none\" /* No matching documents */\n | \"search.result.one\" /* 1 matching document */\n | \"search.result.other\" /* # matching documents */\n | \"search.result.more.one\" /* 1 more on this page */\n | \"search.result.more.other\" /* # more on this page */\n | \"search.result.term.missing\" /* Missing */\n | \"select.version.title\" /* Version selector */\n\n/**\n * Translations\n */\nexport type Translations = Record\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Versioning\n */\nexport interface Versioning {\n provider: \"mike\" /* Version provider */\n default?: string /* Default version */\n}\n\n/**\n * Configuration\n */\nexport interface Config {\n base: string /* Base URL */\n features: Flag[] /* Feature flags */\n translations: Translations /* Translations */\n search: string /* Search worker URL */\n tags?: Record /* Tags mapping */\n version?: Versioning /* Versioning */\n}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve global configuration and make base URL absolute\n */\nconst script = getElement(\"#__config\")\nconst config: Config = JSON.parse(script.textContent!)\nconfig.base = `${new URL(config.base, getLocation())}`\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve global configuration\n *\n * @returns Global configuration\n */\nexport function configuration(): Config {\n return config\n}\n\n/**\n * Check whether a feature flag is enabled\n *\n * @param flag - Feature flag\n *\n * @returns Test result\n */\nexport function feature(flag: Flag): boolean {\n return config.features.includes(flag)\n}\n\n/**\n * Retrieve the translation for the given key\n *\n * @param key - Key to be translated\n * @param value - Positional value, if any\n *\n * @returns Translation\n */\nexport function translation(\n key: Translation, value?: string | number\n): string {\n return typeof value !== \"undefined\"\n ? config.translations[key].replace(\"#\", value.toString())\n : config.translations[key]\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { getElement, getElements } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Component type\n */\nexport type ComponentType =\n | \"announce\" /* Announcement bar */\n | \"container\" /* Container */\n | \"consent\" /* Consent */\n | \"content\" /* Content */\n | \"dialog\" /* Dialog */\n | \"header\" /* Header */\n | \"header-title\" /* Header title */\n | \"header-topic\" /* Header topic */\n | \"main\" /* Main area */\n | \"outdated\" /* Version warning */\n | \"palette\" /* Color palette */\n | \"search\" /* Search */\n | \"search-query\" /* Search input */\n | \"search-result\" /* Search results */\n | \"search-share\" /* Search sharing */\n | \"search-suggest\" /* Search suggestions */\n | \"sidebar\" /* Sidebar */\n | \"skip\" /* Skip link */\n | \"source\" /* Repository information */\n | \"tabs\" /* Navigation tabs */\n | \"toc\" /* Table of contents */\n | \"top\" /* Back-to-top button */\n\n/**\n * Component\n *\n * @template T - Component type\n * @template U - Reference type\n */\nexport type Component<\n T extends {} = {},\n U extends HTMLElement = HTMLElement\n> =\n T & {\n ref: U /* Component reference */\n }\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Component type map\n */\ninterface ComponentTypeMap {\n \"announce\": HTMLElement /* Announcement bar */\n \"container\": HTMLElement /* Container */\n \"consent\": HTMLElement /* Consent */\n \"content\": HTMLElement /* Content */\n \"dialog\": HTMLElement /* Dialog */\n \"header\": HTMLElement /* Header */\n \"header-title\": HTMLElement /* Header title */\n \"header-topic\": HTMLElement /* Header topic */\n \"main\": HTMLElement /* Main area */\n \"outdated\": HTMLElement /* Version warning */\n \"palette\": HTMLElement /* Color palette */\n \"search\": HTMLElement /* Search */\n \"search-query\": HTMLInputElement /* Search input */\n \"search-result\": HTMLElement /* Search results */\n \"search-share\": HTMLAnchorElement /* Search sharing */\n \"search-suggest\": HTMLElement /* Search suggestions */\n \"sidebar\": HTMLElement /* Sidebar */\n \"skip\": HTMLAnchorElement /* Skip link */\n \"source\": HTMLAnchorElement /* Repository information */\n \"tabs\": HTMLElement /* Navigation tabs */\n \"toc\": HTMLElement /* Table of contents */\n \"top\": HTMLAnchorElement /* Back-to-top button */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Retrieve the element for a given component or throw a reference error\n *\n * @template T - Component type\n *\n * @param type - Component type\n * @param node - Node of reference\n *\n * @returns Element\n */\nexport function getComponentElement(\n type: T, node: ParentNode = document\n): ComponentTypeMap[T] {\n return getElement(`[data-md-component=${type}]`, node)\n}\n\n/**\n * Retrieve all elements for a given component\n *\n * @template T - Component type\n *\n * @param type - Component type\n * @param node - Node of reference\n *\n * @returns Elements\n */\nexport function getComponentElements(\n type: T, node: ParentNode = document\n): ComponentTypeMap[T][] {\n return getElements(`[data-md-component=${type}]`, node)\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n Subject,\n defer,\n finalize,\n fromEvent,\n map,\n startWith,\n tap\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport { getElement } from \"~/browser\"\n\nimport { Component } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Announcement bar\n */\nexport interface Announce {\n hash: number /* Content hash */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch announcement bar\n *\n * @param el - Announcement bar element\n *\n * @returns Announcement bar observable\n */\nexport function watchAnnounce(\n el: HTMLElement\n): Observable {\n const button = getElement(\".md-typeset > :first-child\", el)\n return fromEvent(button, \"click\", { once: true })\n .pipe(\n map(() => getElement(\".md-typeset\", el)),\n map(content => ({ hash: __md_hash(content.innerHTML) }))\n )\n}\n\n/**\n * Mount announcement bar\n *\n * @param el - Announcement bar element\n *\n * @returns Announcement bar component observable\n */\nexport function mountAnnounce(\n el: HTMLElement\n): Observable> {\n if (!feature(\"announce.dismiss\") || !el.childElementCount)\n return EMPTY\n\n /* Mount component on subscription */\n return defer(() => {\n const push$ = new Subject()\n push$\n .pipe(\n startWith({ hash: __md_get(\"__announce\") })\n )\n .subscribe(({ hash }) => {\n if (hash && hash === (__md_get(\"__announce\") ?? hash)) {\n el.hidden = true\n\n /* Persist preference in local storage */\n __md_set(\"__announce\", hash)\n }\n })\n\n /* Create and return component */\n return watchAnnounce(el)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n finalize,\n map,\n tap\n} from \"rxjs\"\n\nimport { Component } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Consent\n */\nexport interface Consent {\n hidden: boolean /* Consent is hidden */\n}\n\n/**\n * Consent defaults\n */\nexport interface ConsentDefaults {\n analytics?: boolean /* Consent for Analytics */\n github?: boolean /* Consent for GitHub */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n target$: Observable /* Target observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n target$: Observable /* Target observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch consent\n *\n * @param el - Consent element\n * @param options - Options\n *\n * @returns Consent observable\n */\nexport function watchConsent(\n el: HTMLElement, { target$ }: WatchOptions\n): Observable {\n return target$\n .pipe(\n map(target => ({ hidden: target !== el }))\n )\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Mount consent\n *\n * @param el - Consent element\n * @param options - Options\n *\n * @returns Consent component observable\n */\nexport function mountConsent(\n el: HTMLElement, options: MountOptions\n): Observable> {\n const internal$ = new Subject()\n internal$.subscribe(({ hidden }) => {\n el.hidden = hidden\n })\n\n /* Create and return component */\n return watchConsent(el, options)\n .pipe(\n tap(state => internal$.next(state)),\n finalize(() => internal$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport ClipboardJS from \"clipboard\"\nimport {\n EMPTY,\n Observable,\n Subject,\n defer,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n filter,\n finalize,\n map,\n mergeWith,\n switchMap,\n take,\n tap\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport {\n getElementContentSize,\n watchElementSize,\n watchElementVisibility\n} from \"~/browser\"\nimport { renderClipboardButton } from \"~/templates\"\n\nimport { Component } from \"../../../_\"\nimport {\n Annotation,\n mountAnnotationList\n} from \"../../annotation\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Code block\n */\nexport interface CodeBlock {\n scrollable: boolean /* Code block overflows */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n target$: Observable /* Location target observable */\n print$: Observable /* Media print observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Global sequence number for code blocks\n */\nlet sequence = 0\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Find candidate list element directly following a code block\n *\n * @param el - Code block element\n *\n * @returns List element or nothing\n */\nfunction findCandidateList(el: HTMLElement): HTMLElement | undefined {\n if (el.nextElementSibling) {\n const sibling = el.nextElementSibling as HTMLElement\n if (sibling.tagName === \"OL\")\n return sibling\n\n /* Skip empty paragraphs - see https://bit.ly/3r4ZJ2O */\n else if (sibling.tagName === \"P\" && !sibling.children.length)\n return findCandidateList(sibling)\n }\n\n /* Everything else */\n return undefined\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch code block\n *\n * This function monitors size changes of the viewport, as well as switches of\n * content tabs with embedded code blocks, as both may trigger overflow.\n *\n * @param el - Code block element\n *\n * @returns Code block observable\n */\nexport function watchCodeBlock(\n el: HTMLElement\n): Observable {\n return watchElementSize(el)\n .pipe(\n map(({ width }) => {\n const content = getElementContentSize(el)\n return {\n scrollable: content.width > width\n }\n }),\n distinctUntilKeyChanged(\"scrollable\")\n )\n}\n\n/**\n * Mount code block\n *\n * This function ensures that an overflowing code block is focusable through\n * keyboard, so it can be scrolled without a mouse to improve on accessibility.\n * Furthermore, if code annotations are enabled, they are mounted if and only\n * if the code block is currently visible, e.g., not in a hidden content tab.\n *\n * Note that code blocks may be mounted eagerly or lazily. If they're mounted\n * lazily (on first visibility), code annotation anchor links will not work,\n * as they are evaluated on initial page load, and code annotations in general\n * might feel a little bumpier.\n *\n * @param el - Code block element\n * @param options - Options\n *\n * @returns Code block and annotation component observable\n */\nexport function mountCodeBlock(\n el: HTMLElement, options: MountOptions\n): Observable> {\n const { matches: hover } = matchMedia(\"(hover)\")\n\n /* Defer mounting of code block - see https://bit.ly/3vHVoVD */\n const factory$ = defer(() => {\n const push$ = new Subject()\n push$.subscribe(({ scrollable }) => {\n if (scrollable && hover)\n el.setAttribute(\"tabindex\", \"0\")\n else\n el.removeAttribute(\"tabindex\")\n })\n\n /* Render button for Clipboard.js integration */\n if (ClipboardJS.isSupported()) {\n const parent = el.closest(\"pre\")!\n parent.id = `__code_${++sequence}`\n parent.insertBefore(\n renderClipboardButton(parent.id),\n el\n )\n }\n\n /* Handle code annotations */\n const container = el.closest(\".highlight\")\n if (container instanceof HTMLElement) {\n const list = findCandidateList(container)\n\n /* Mount code annotations, if enabled */\n if (typeof list !== \"undefined\" && (\n container.classList.contains(\"annotate\") ||\n feature(\"content.code.annotate\")\n )) {\n const annotations$ = mountAnnotationList(list, el, options)\n\n /* Create and return component */\n return watchCodeBlock(el)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state })),\n mergeWith(\n watchElementSize(container)\n .pipe(\n map(({ width, height }) => width && height),\n distinctUntilChanged(),\n switchMap(active => active ? annotations$ : EMPTY)\n )\n )\n )\n }\n }\n\n /* Create and return component */\n return watchCodeBlock(el)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n\n /* Mount code block lazily */\n if (feature(\"content.lazy\"))\n return watchElementVisibility(el)\n .pipe(\n filter(visible => visible),\n take(1),\n switchMap(() => factory$)\n )\n\n /* Mount code block */\n return factory$\n}\n", "/*\n * Copyright (c) 2016-2021 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a tooltip\n *\n * @param id - Tooltip identifier\n *\n * @returns Element\n */\nexport function renderTooltip(id?: string): HTMLElement {\n return (\n
\n
\n
\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { h } from \"~/utilities\"\n\nimport { renderTooltip } from \"../tooltip\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render an annotation\n *\n * @param id - Annotation identifier\n * @param prefix - Tooltip identifier prefix\n *\n * @returns Element\n */\nexport function renderAnnotation(\n id: string | number, prefix?: string\n): HTMLElement {\n prefix = prefix ? `${prefix}_annotation_${id}` : undefined\n\n /* Render tooltip with anchor, if given */\n if (prefix) {\n const anchor = prefix ? `#${prefix}` : undefined\n return (\n
\n )\n } else {\n return (\n \n )\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { translation } from \"~/_\"\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a 'copy-to-clipboard' button\n *\n * @param id - Unique identifier\n *\n * @returns Element\n */\nexport function renderClipboardButton(id: string): HTMLElement {\n return (\n code`}\n >\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { ComponentChild } from \"preact\"\n\nimport { configuration, feature, translation } from \"~/_\"\nimport {\n SearchDocument,\n SearchMetadata,\n SearchResultItem\n} from \"~/integrations/search\"\nimport { h, truncate } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Render flag\n */\nconst enum Flag {\n TEASER = 1, /* Render teaser */\n PARENT = 2 /* Render as parent */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper function\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a search document\n *\n * @param document - Search document\n * @param flag - Render flags\n *\n * @returns Element\n */\nfunction renderSearchDocument(\n document: SearchDocument & SearchMetadata, flag: Flag\n): HTMLElement {\n const parent = flag & Flag.PARENT\n const teaser = flag & Flag.TEASER\n\n /* Render missing query terms */\n const missing = Object.keys(document.terms)\n .filter(key => !document.terms[key])\n .reduce((list, key) => [\n ...list, {key}, \" \"\n ], [])\n .slice(0, -1)\n\n /* Assemble query string for highlighting */\n const url = new URL(document.location)\n if (feature(\"search.highlight\"))\n url.searchParams.set(\"h\", Object.entries(document.terms)\n .filter(([, match]) => match)\n .reduce((highlight, [value]) => `${highlight} ${value}`.trim(), \"\")\n )\n\n /* Render article or section, depending on flags */\n const { tags } = configuration()\n return (\n \n \n {parent > 0 &&
}\n

{document.title}

\n {teaser > 0 && document.text.length > 0 &&\n

\n {truncate(document.text, 320)}\n

\n }\n {document.tags && (\n
\n {document.tags.map(tag => {\n const id = tag.replace(/<[^>]+>/g, \"\")\n const type = tags\n ? id in tags\n ? `md-tag-icon md-tag-icon--${tags[id]}`\n : \"md-tag-icon\"\n : \"\"\n return (\n {tag}\n )\n })}\n
\n )}\n {teaser > 0 && missing.length > 0 &&\n

\n {translation(\"search.result.term.missing\")}: {...missing}\n

\n }\n \n
\n )\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a search result\n *\n * @param result - Search result\n *\n * @returns Element\n */\nexport function renderSearchResultItem(\n result: SearchResultItem\n): HTMLElement {\n const threshold = result[0].score\n const docs = [...result]\n\n /* Find and extract parent article */\n const parent = docs.findIndex(doc => !doc.location.includes(\"#\"))\n const [article] = docs.splice(parent, 1)\n\n /* Determine last index above threshold */\n let index = docs.findIndex(doc => doc.score < threshold)\n if (index === -1)\n index = docs.length\n\n /* Partition sections */\n const best = docs.slice(0, index)\n const more = docs.slice(index)\n\n /* Render children */\n const children = [\n renderSearchDocument(article, Flag.PARENT | +(!parent && index === 0)),\n ...best.map(section => renderSearchDocument(section, Flag.TEASER)),\n ...more.length ? [\n
\n \n {more.length > 0 && more.length === 1\n ? translation(\"search.result.more.one\")\n : translation(\"search.result.more.other\", more.length)\n }\n \n {...more.map(section => renderSearchDocument(section, Flag.TEASER))}\n
\n ] : []\n ]\n\n /* Render search result */\n return (\n
  • \n {children}\n
  • \n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { SourceFacts } from \"~/components\"\nimport { h, round } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render repository facts\n *\n * @param facts - Repository facts\n *\n * @returns Element\n */\nexport function renderSourceFacts(facts: SourceFacts): HTMLElement {\n return (\n
      \n {Object.entries(facts).map(([key, value]) => (\n
    • \n {typeof value === \"number\" ? round(value) : value}\n
    • \n ))}\n
    \n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Tabbed control type\n */\ntype TabbedControlType =\n | \"prev\"\n | \"next\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render control for content tabs\n *\n * @param type - Control type\n *\n * @returns Element\n */\nexport function renderTabbedControl(\n type: TabbedControlType\n): HTMLElement {\n const classes = `tabbed-control tabbed-control--${type}`\n return (\n \n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a table inside a wrapper to improve scrolling on mobile\n *\n * @param table - Table element\n *\n * @returns Element\n */\nexport function renderTable(table: HTMLElement): HTMLElement {\n return (\n
    \n
    \n {table}\n
    \n
    \n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { configuration, translation } from \"~/_\"\nimport { h } from \"~/utilities\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Version\n */\nexport interface Version {\n version: string /* Version identifier */\n title: string /* Version title */\n aliases: string[] /* Version aliases */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a version\n *\n * @param version - Version\n *\n * @returns Element\n */\nfunction renderVersion(version: Version): HTMLElement {\n const config = configuration()\n\n /* Ensure trailing slash - see https://bit.ly/3rL5u3f */\n const url = new URL(`../${version.version}/`, config.base)\n return (\n
  • \n \n {version.title}\n \n
  • \n )\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Render a version selector\n *\n * @param versions - Versions\n * @param active - Active version\n *\n * @returns Element\n */\nexport function renderVersionSelector(\n versions: Version[], active: Version\n): HTMLElement {\n return (\n
    \n \n {active.title}\n \n
      \n {versions.map(renderVersion)}\n
    \n
    \n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n animationFrameScheduler,\n auditTime,\n combineLatest,\n debounceTime,\n defer,\n delay,\n filter,\n finalize,\n fromEvent,\n map,\n merge,\n switchMap,\n take,\n takeLast,\n takeUntil,\n tap,\n throttleTime,\n withLatestFrom\n} from \"rxjs\"\n\nimport {\n ElementOffset,\n getActiveElement,\n getElementSize,\n watchElementContentOffset,\n watchElementFocus,\n watchElementOffset,\n watchElementVisibility\n} from \"~/browser\"\n\nimport { Component } from \"../../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Annotation\n */\nexport interface Annotation {\n active: boolean /* Annotation is active */\n offset: ElementOffset /* Annotation offset */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n target$: Observable /* Location target observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch annotation\n *\n * @param el - Annotation element\n * @param container - Containing element\n *\n * @returns Annotation observable\n */\nexport function watchAnnotation(\n el: HTMLElement, container: HTMLElement\n): Observable {\n const offset$ = defer(() => combineLatest([\n watchElementOffset(el),\n watchElementContentOffset(container)\n ]))\n .pipe(\n map(([{ x, y }, scroll]): ElementOffset => {\n const { width, height } = getElementSize(el)\n return ({\n x: x - scroll.x + width / 2,\n y: y - scroll.y + height / 2\n })\n })\n )\n\n /* Actively watch annotation on focus */\n return watchElementFocus(el)\n .pipe(\n switchMap(active => offset$\n .pipe(\n map(offset => ({ active, offset })),\n take(+!active || Infinity)\n )\n )\n )\n}\n\n/**\n * Mount annotation\n *\n * @param el - Annotation element\n * @param container - Containing element\n * @param options - Options\n *\n * @returns Annotation component observable\n */\nexport function mountAnnotation(\n el: HTMLElement, container: HTMLElement, { target$ }: MountOptions\n): Observable> {\n const [tooltip, index] = Array.from(el.children)\n\n /* Mount component on subscription */\n return defer(() => {\n const push$ = new Subject()\n const done$ = push$.pipe(takeLast(1))\n push$.subscribe({\n\n /* Handle emission */\n next({ offset }) {\n el.style.setProperty(\"--md-tooltip-x\", `${offset.x}px`)\n el.style.setProperty(\"--md-tooltip-y\", `${offset.y}px`)\n },\n\n /* Handle complete */\n complete() {\n el.style.removeProperty(\"--md-tooltip-x\")\n el.style.removeProperty(\"--md-tooltip-y\")\n }\n })\n\n /* Start animation only when annotation is visible */\n watchElementVisibility(el)\n .pipe(\n takeUntil(done$)\n )\n .subscribe(visible => {\n el.toggleAttribute(\"data-md-visible\", visible)\n })\n\n /* Toggle tooltip presence to mitigate empty lines when copying */\n merge(\n push$.pipe(filter(({ active }) => active)),\n push$.pipe(debounceTime(250), filter(({ active }) => !active))\n )\n .subscribe({\n\n /* Handle emission */\n next({ active }) {\n if (active)\n el.prepend(tooltip)\n else\n tooltip.remove()\n },\n\n /* Handle complete */\n complete() {\n el.prepend(tooltip)\n }\n })\n\n /* Toggle tooltip visibility */\n push$\n .pipe(\n auditTime(16, animationFrameScheduler)\n )\n .subscribe(({ active }) => {\n tooltip.classList.toggle(\"md-tooltip--active\", active)\n })\n\n /* Track relative origin of tooltip */\n push$\n .pipe(\n throttleTime(125, animationFrameScheduler),\n filter(() => !!el.offsetParent),\n map(() => el.offsetParent!.getBoundingClientRect()),\n map(({ x }) => x)\n )\n .subscribe({\n\n /* Handle emission */\n next(origin) {\n if (origin)\n el.style.setProperty(\"--md-tooltip-0\", `${-origin}px`)\n else\n el.style.removeProperty(\"--md-tooltip-0\")\n },\n\n /* Handle complete */\n complete() {\n el.style.removeProperty(\"--md-tooltip-0\")\n }\n })\n\n /* Allow to copy link without scrolling to anchor */\n fromEvent(index, \"click\")\n .pipe(\n takeUntil(done$),\n filter(ev => !(ev.metaKey || ev.ctrlKey))\n )\n .subscribe(ev => ev.preventDefault())\n\n /* Allow to open link in new tab or blur on close */\n fromEvent(index, \"mousedown\")\n .pipe(\n takeUntil(done$),\n withLatestFrom(push$)\n )\n .subscribe(([ev, { active }]) => {\n\n /* Open in new tab */\n if (ev.button !== 0 || ev.metaKey || ev.ctrlKey) {\n ev.preventDefault()\n\n /* Close annotation */\n } else if (active) {\n ev.preventDefault()\n\n /* Focus parent annotation, if any */\n const parent = el.parentElement!.closest(\".md-annotation\")\n if (parent instanceof HTMLElement)\n parent.focus()\n else\n getActiveElement()?.blur()\n }\n })\n\n /* Open and focus annotation on location target */\n target$\n .pipe(\n takeUntil(done$),\n filter(target => target === tooltip),\n delay(125)\n )\n .subscribe(() => el.focus())\n\n /* Create and return component */\n return watchAnnotation(el, container)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n Subject,\n defer,\n finalize,\n merge,\n share,\n takeLast,\n takeUntil\n} from \"rxjs\"\n\nimport {\n getElement,\n getElements,\n getOptionalElement\n} from \"~/browser\"\nimport { renderAnnotation } from \"~/templates\"\n\nimport { Component } from \"../../../_\"\nimport {\n Annotation,\n mountAnnotation\n} from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n target$: Observable /* Location target observable */\n print$: Observable /* Media print observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Find all annotation markers in the given code block\n *\n * @param container - Containing element\n *\n * @returns Annotation markers\n */\nfunction findAnnotationMarkers(container: HTMLElement): Text[] {\n const markers: Text[] = []\n for (const el of getElements(\".c, .c1, .cm\", container)) {\n const nodes: Text[] = []\n\n /* Find all text nodes in current element */\n const it = document.createNodeIterator(el, NodeFilter.SHOW_TEXT)\n for (let node = it.nextNode(); node; node = it.nextNode())\n nodes.push(node as Text)\n\n /* Find all markers in each text node */\n for (let text of nodes) {\n let match: RegExpExecArray | null\n\n /* Split text at marker and add to list */\n while ((match = /(\\(\\d+\\))(!)?/.exec(text.textContent!))) {\n const [, id, force] = match\n if (typeof force === \"undefined\") {\n const marker = text.splitText(match.index)\n text = marker.splitText(id.length)\n markers.push(marker)\n\n /* Replace entire text with marker */\n } else {\n text.textContent = id\n markers.push(text)\n break\n }\n }\n }\n }\n return markers\n}\n\n/**\n * Swap the child nodes of two elements\n *\n * @param source - Source element\n * @param target - Target element\n */\nfunction swap(source: HTMLElement, target: HTMLElement): void {\n target.append(...Array.from(source.childNodes))\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount annotation list\n *\n * This function analyzes the containing code block and checks for markers\n * referring to elements in the given annotation list. If no markers are found,\n * the list is left untouched. Otherwise, list elements are rendered as\n * annotations inside the code block.\n *\n * @param el - Annotation list element\n * @param container - Containing element\n * @param options - Options\n *\n * @returns Annotation component observable\n */\nexport function mountAnnotationList(\n el: HTMLElement, container: HTMLElement, { target$, print$ }: MountOptions\n): Observable> {\n\n /* Compute prefix for tooltip anchors */\n const parent = container.closest(\"[id]\")\n const prefix = parent?.id\n\n /* Find and replace all markers with empty annotations */\n const annotations = new Map()\n for (const marker of findAnnotationMarkers(container)) {\n const [, id] = marker.textContent!.match(/\\((\\d+)\\)/)!\n if (getOptionalElement(`li:nth-child(${id})`, el)) {\n annotations.set(id, renderAnnotation(id, prefix))\n marker.replaceWith(annotations.get(id)!)\n }\n }\n\n /* Keep list if there are no annotations to render */\n if (annotations.size === 0)\n return EMPTY\n\n /* Mount component on subscription */\n return defer(() => {\n const done$ = new Subject()\n\n /* Retrieve container pairs for swapping */\n const pairs: [HTMLElement, HTMLElement][] = []\n for (const [id, annotation] of annotations)\n pairs.push([\n getElement(\".md-typeset\", annotation),\n getElement(`li:nth-child(${id})`, el)\n ])\n\n /* Handle print mode - see https://bit.ly/3rgPdpt */\n print$\n .pipe(\n takeUntil(done$.pipe(takeLast(1)))\n )\n .subscribe(active => {\n el.hidden = !active\n\n /* Show annotations in code block or list (print) */\n for (const [inner, child] of pairs)\n if (!active)\n swap(child, inner)\n else\n swap(inner, child)\n })\n\n /* Create and return component */\n return merge(...[...annotations]\n .map(([, annotation]) => (\n mountAnnotation(annotation, container, { target$ })\n ))\n )\n .pipe(\n finalize(() => done$.complete()),\n share()\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n map,\n of,\n shareReplay,\n tap\n} from \"rxjs\"\n\nimport { watchScript } from \"~/browser\"\nimport { h } from \"~/utilities\"\n\nimport { Component } from \"../../../_\"\n\nimport themeCSS from \"./index.css\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mermaid diagram\n */\nexport interface Mermaid {}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Mermaid instance observable\n */\nlet mermaid$: Observable\n\n/**\n * Global sequence number for diagrams\n */\nlet sequence = 0\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch Mermaid script\n *\n * @returns Mermaid scripts observable\n */\nfunction fetchScripts(): Observable {\n return typeof mermaid === \"undefined\" || mermaid instanceof Element\n ? watchScript(\"https://unpkg.com/mermaid@9.1.7/dist/mermaid.min.js\")\n : of(undefined)\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount Mermaid diagram\n *\n * @param el - Code block element\n *\n * @returns Mermaid diagram component observable\n */\nexport function mountMermaid(\n el: HTMLElement\n): Observable> {\n el.classList.remove(\"mermaid\") // Hack: mitigate https://bit.ly/3CiN6Du\n mermaid$ ||= fetchScripts()\n .pipe(\n tap(() => mermaid.initialize({\n startOnLoad: false,\n themeCSS,\n sequence: {\n actorFontSize: \"16px\", // Hack: mitigate https://bit.ly/3y0NEi3\n messageFontSize: \"16px\",\n noteFontSize: \"16px\"\n }\n })),\n map(() => undefined),\n shareReplay(1)\n )\n\n /* Render diagram */\n mermaid$.subscribe(() => {\n el.classList.add(\"mermaid\") // Hack: mitigate https://bit.ly/3CiN6Du\n const id = `__mermaid_${sequence++}`\n const host = h(\"div\", { class: \"mermaid\" })\n mermaid.mermaidAPI.render(id, el.textContent, (svg: string) => {\n\n /* Create a shadow root and inject diagram */\n const shadow = host.attachShadow({ mode: \"closed\" })\n shadow.innerHTML = svg\n\n /* Replace code block with diagram */\n el.replaceWith(host)\n })\n })\n\n /* Create and return component */\n return mermaid$\n .pipe(\n map(() => ({ ref: el }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n defer,\n filter,\n finalize,\n map,\n merge,\n tap\n} from \"rxjs\"\n\nimport { Component } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Details\n */\nexport interface Details {\n action: \"open\" | \"close\" /* Details state */\n reveal?: boolean /* Details is revealed */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n target$: Observable /* Location target observable */\n print$: Observable /* Media print observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n target$: Observable /* Location target observable */\n print$: Observable /* Media print observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch details\n *\n * @param el - Details element\n * @param options - Options\n *\n * @returns Details observable\n */\nexport function watchDetails(\n el: HTMLDetailsElement, { target$, print$ }: WatchOptions\n): Observable
    {\n let open = true\n return merge(\n\n /* Open and focus details on location target */\n target$\n .pipe(\n map(target => target.closest(\"details:not([open])\")!),\n filter(details => el === details),\n map(() => ({\n action: \"open\", reveal: true\n }) as Details)\n ),\n\n /* Open details on print and close afterwards */\n print$\n .pipe(\n filter(active => active || !open),\n tap(() => open = el.open),\n map(active => ({\n action: active ? \"open\" : \"close\"\n }) as Details)\n )\n )\n}\n\n/**\n * Mount details\n *\n * This function ensures that `details` tags are opened on anchor jumps and\n * prior to printing, so the whole content of the page is visible.\n *\n * @param el - Details element\n * @param options - Options\n *\n * @returns Details component observable\n */\nexport function mountDetails(\n el: HTMLDetailsElement, options: MountOptions\n): Observable> {\n return defer(() => {\n const push$ = new Subject
    ()\n push$.subscribe(({ action, reveal }) => {\n el.toggleAttribute(\"open\", action === \"open\")\n if (reveal)\n el.scrollIntoView()\n })\n\n /* Create and return component */\n return watchDetails(el, options)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { Observable, of } from \"rxjs\"\n\nimport { renderTable } from \"~/templates\"\nimport { h } from \"~/utilities\"\n\nimport { Component } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Data table\n */\nexport interface DataTable {}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Sentinel for replacement\n */\nconst sentinel = h(\"table\")\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount data table\n *\n * This function wraps a data table in another scrollable container, so it can\n * be smoothly scrolled on smaller screen sizes and won't break the layout.\n *\n * @param el - Data table element\n *\n * @returns Data table component observable\n */\nexport function mountDataTable(\n el: HTMLElement\n): Observable> {\n el.replaceWith(sentinel)\n sentinel.replaceWith(renderTable(el))\n\n /* Create and return component */\n return of({ ref: el })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n animationFrameScheduler,\n asyncScheduler,\n auditTime,\n combineLatest,\n defer,\n finalize,\n fromEvent,\n map,\n merge,\n skip,\n startWith,\n subscribeOn,\n takeLast,\n takeUntil,\n tap,\n withLatestFrom\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport {\n Viewport,\n getElement,\n getElementContentOffset,\n getElementContentSize,\n getElementOffset,\n getElementSize,\n getElements,\n watchElementContentOffset,\n watchElementSize\n} from \"~/browser\"\nimport { renderTabbedControl } from \"~/templates\"\n\nimport { Component } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Content tabs\n */\nexport interface ContentTabs {\n active: HTMLLabelElement /* Active tab label */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch content tabs\n *\n * @param el - Content tabs element\n *\n * @returns Content tabs observable\n */\nexport function watchContentTabs(\n el: HTMLElement\n): Observable {\n const inputs = getElements(\":scope > input\", el)\n const initial = inputs.find(input => input.checked) || inputs[0]\n return merge(...inputs.map(input => fromEvent(input, \"change\")\n .pipe(\n map(() => getElement(`label[for=\"${input.id}\"]`))\n )\n ))\n .pipe(\n startWith(getElement(`label[for=\"${initial.id}\"]`)),\n map(active => ({ active }))\n )\n}\n\n/**\n * Mount content tabs\n *\n * This function scrolls the active tab into view. While this functionality is\n * provided by browsers as part of `scrollInfoView`, browsers will always also\n * scroll the vertical axis, which we do not want. Thus, we decided to provide\n * this functionality ourselves.\n *\n * @param el - Content tabs element\n * @param options - Options\n *\n * @returns Content tabs component observable\n */\nexport function mountContentTabs(\n el: HTMLElement, { viewport$ }: MountOptions\n): Observable> {\n\n /* Render content tab previous button for pagination */\n const prev = renderTabbedControl(\"prev\")\n el.append(prev)\n\n /* Render content tab next button for pagination */\n const next = renderTabbedControl(\"next\")\n el.append(next)\n\n /* Mount component on subscription */\n const container = getElement(\".tabbed-labels\", el)\n return defer(() => {\n const push$ = new Subject()\n const done$ = push$.pipe(takeLast(1))\n combineLatest([push$, watchElementSize(el)])\n .pipe(\n auditTime(1, animationFrameScheduler),\n takeUntil(done$)\n )\n .subscribe({\n\n /* Handle emission */\n next([{ active }, size]) {\n const offset = getElementOffset(active)\n const { width } = getElementSize(active)\n\n /* Set tab indicator offset and width */\n el.style.setProperty(\"--md-indicator-x\", `${offset.x}px`)\n el.style.setProperty(\"--md-indicator-width\", `${width}px`)\n\n /* Scroll container to active content tab */\n const content = getElementContentOffset(container)\n if (\n offset.x < content.x ||\n offset.x + width > content.x + size.width\n )\n container.scrollTo({\n left: Math.max(0, offset.x - 16),\n behavior: \"smooth\"\n })\n },\n\n /* Handle complete */\n complete() {\n el.style.removeProperty(\"--md-indicator-x\")\n el.style.removeProperty(\"--md-indicator-width\")\n }\n })\n\n /* Hide content tab buttons on borders */\n combineLatest([\n watchElementContentOffset(container),\n watchElementSize(container)\n ])\n .pipe(\n takeUntil(done$)\n )\n .subscribe(([offset, size]) => {\n const content = getElementContentSize(container)\n prev.hidden = offset.x < 16\n next.hidden = offset.x > content.width - size.width - 16\n })\n\n /* Paginate content tab container on click */\n merge(\n fromEvent(prev, \"click\").pipe(map(() => -1)),\n fromEvent(next, \"click\").pipe(map(() => +1))\n )\n .pipe(\n takeUntil(done$)\n )\n .subscribe(direction => {\n const { width } = getElementSize(container)\n container.scrollBy({\n left: width * direction,\n behavior: \"smooth\"\n })\n })\n\n /* Set up linking of content tabs, if enabled */\n if (feature(\"content.tabs.link\"))\n push$.pipe(\n skip(1),\n withLatestFrom(viewport$)\n )\n .subscribe(([{ active }, { offset }]) => {\n const tab = active.innerText.trim()\n if (active.hasAttribute(\"data-md-switching\")) {\n active.removeAttribute(\"data-md-switching\")\n\n /* Determine viewport offset of active tab */\n } else {\n const y = el.offsetTop - offset.y\n\n /* Passively activate other tabs */\n for (const set of getElements(\"[data-tabs]\"))\n for (const input of getElements(\n \":scope > input\", set\n )) {\n const label = getElement(`label[for=\"${input.id}\"]`)\n if (\n label !== active &&\n label.innerText.trim() === tab\n ) {\n label.setAttribute(\"data-md-switching\", \"\")\n input.click()\n break\n }\n }\n\n /* Bring active tab into view */\n window.scrollTo({\n top: el.offsetTop - y\n })\n\n /* Persist active tabs in local storage */\n const tabs = __md_get(\"__tabs\") || []\n __md_set(\"__tabs\", [...new Set([tab, ...tabs])])\n }\n })\n\n /* Create and return component */\n return watchContentTabs(el)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n .pipe(\n subscribeOn(asyncScheduler)\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { Observable, merge } from \"rxjs\"\n\nimport { Viewport, getElements } from \"~/browser\"\n\nimport { Component } from \"../../_\"\nimport { Annotation } from \"../annotation\"\nimport {\n CodeBlock,\n Mermaid,\n mountCodeBlock,\n mountMermaid\n} from \"../code\"\nimport {\n Details,\n mountDetails\n} from \"../details\"\nimport {\n DataTable,\n mountDataTable\n} from \"../table\"\nimport {\n ContentTabs,\n mountContentTabs\n} from \"../tabs\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Content\n */\nexport type Content =\n | Annotation\n | ContentTabs\n | CodeBlock\n | Mermaid\n | DataTable\n | Details\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n target$: Observable /* Location target observable */\n print$: Observable /* Media print observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount content\n *\n * This function mounts all components that are found in the content of the\n * actual article, including code blocks, data tables and details.\n *\n * @param el - Content element\n * @param options - Options\n *\n * @returns Content component observable\n */\nexport function mountContent(\n el: HTMLElement, { viewport$, target$, print$ }: MountOptions\n): Observable> {\n return merge(\n\n /* Code blocks */\n ...getElements(\"pre:not(.mermaid) > code\", el)\n .map(child => mountCodeBlock(child, { target$, print$ })),\n\n /* Mermaid diagrams */\n ...getElements(\"pre.mermaid\", el)\n .map(child => mountMermaid(child)),\n\n /* Data tables */\n ...getElements(\"table:not([class])\", el)\n .map(child => mountDataTable(child)),\n\n /* Details */\n ...getElements(\"details\", el)\n .map(child => mountDetails(child, { target$, print$ })),\n\n /* Content tabs */\n ...getElements(\"[data-tabs]\", el)\n .map(child => mountContentTabs(child, { viewport$ }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n defer,\n delay,\n finalize,\n map,\n merge,\n of,\n switchMap,\n tap\n} from \"rxjs\"\n\nimport { getElement } from \"~/browser\"\n\nimport { Component } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Dialog\n */\nexport interface Dialog {\n message: string /* Dialog message */\n active: boolean /* Dialog is active */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n alert$: Subject /* Alert subject */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n alert$: Subject /* Alert subject */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch dialog\n *\n * @param _el - Dialog element\n * @param options - Options\n *\n * @returns Dialog observable\n */\nexport function watchDialog(\n _el: HTMLElement, { alert$ }: WatchOptions\n): Observable {\n return alert$\n .pipe(\n switchMap(message => merge(\n of(true),\n of(false).pipe(delay(2000))\n )\n .pipe(\n map(active => ({ message, active }))\n )\n )\n )\n}\n\n/**\n * Mount dialog\n *\n * This function reveals the dialog in the right corner when a new alert is\n * emitted through the subject that is passed as part of the options.\n *\n * @param el - Dialog element\n * @param options - Options\n *\n * @returns Dialog component observable\n */\nexport function mountDialog(\n el: HTMLElement, options: MountOptions\n): Observable> {\n const inner = getElement(\".md-typeset\", el)\n return defer(() => {\n const push$ = new Subject()\n push$.subscribe(({ message, active }) => {\n el.classList.toggle(\"md-dialog--active\", active)\n inner.textContent = message\n })\n\n /* Create and return component */\n return watchDialog(el, options)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n bufferCount,\n combineLatest,\n combineLatestWith,\n defer,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n filter,\n map,\n of,\n shareReplay,\n startWith,\n switchMap,\n takeLast,\n takeUntil\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport {\n Viewport,\n watchElementSize,\n watchToggle\n} from \"~/browser\"\n\nimport { Component } from \"../../_\"\nimport { Main } from \"../../main\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Header\n */\nexport interface Header {\n height: number /* Header visible height */\n hidden: boolean /* Header is hidden */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n main$: Observable
    /* Main area observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Compute whether the header is hidden\n *\n * If the user scrolls past a certain threshold, the header can be hidden when\n * scrolling down, and shown when scrolling up.\n *\n * @param options - Options\n *\n * @returns Toggle observable\n */\nfunction isHidden({ viewport$ }: WatchOptions): Observable {\n if (!feature(\"header.autohide\"))\n return of(false)\n\n /* Compute direction and turning point */\n const direction$ = viewport$\n .pipe(\n map(({ offset: { y } }) => y),\n bufferCount(2, 1),\n map(([a, b]) => [a < b, b] as const),\n distinctUntilKeyChanged(0)\n )\n\n /* Compute whether header should be hidden */\n const hidden$ = combineLatest([viewport$, direction$])\n .pipe(\n filter(([{ offset }, [, y]]) => Math.abs(y - offset.y) > 100),\n map(([, [direction]]) => direction),\n distinctUntilChanged()\n )\n\n /* Compute threshold for hiding */\n const search$ = watchToggle(\"search\")\n return combineLatest([viewport$, search$])\n .pipe(\n map(([{ offset }, search]) => offset.y > 400 && !search),\n distinctUntilChanged(),\n switchMap(active => active ? hidden$ : of(false)),\n startWith(false)\n )\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch header\n *\n * @param el - Header element\n * @param options - Options\n *\n * @returns Header observable\n */\nexport function watchHeader(\n el: HTMLElement, options: WatchOptions\n): Observable
    {\n return defer(() => combineLatest([\n watchElementSize(el),\n isHidden(options)\n ]))\n .pipe(\n map(([{ height }, hidden]) => ({\n height,\n hidden\n })),\n distinctUntilChanged((a, b) => (\n a.height === b.height &&\n a.hidden === b.hidden\n )),\n shareReplay(1)\n )\n}\n\n/**\n * Mount header\n *\n * This function manages the different states of the header, i.e. whether it's\n * hidden or rendered with a shadow. This depends heavily on the main area.\n *\n * @param el - Header element\n * @param options - Options\n *\n * @returns Header component observable\n */\nexport function mountHeader(\n el: HTMLElement, { header$, main$ }: MountOptions\n): Observable> {\n return defer(() => {\n const push$ = new Subject
    ()\n const done$ = push$.pipe(takeLast(1))\n push$\n .pipe(\n distinctUntilKeyChanged(\"active\"),\n combineLatestWith(header$)\n )\n .subscribe(([{ active }, { hidden }]) => {\n el.classList.toggle(\"md-header--shadow\", active && !hidden)\n el.hidden = hidden\n })\n\n /* Link to main area */\n main$.subscribe(push$)\n\n /* Create and return component */\n return header$\n .pipe(\n takeUntil(done$),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n Subject,\n defer,\n distinctUntilKeyChanged,\n finalize,\n map,\n tap\n} from \"rxjs\"\n\nimport {\n Viewport,\n getElementSize,\n getOptionalElement,\n watchViewportAt\n} from \"~/browser\"\n\nimport { Component } from \"../../_\"\nimport { Header } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Header\n */\nexport interface HeaderTitle {\n active: boolean /* Header title is active */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch header title\n *\n * @param el - Heading element\n * @param options - Options\n *\n * @returns Header title observable\n */\nexport function watchHeaderTitle(\n el: HTMLElement, { viewport$, header$ }: WatchOptions\n): Observable {\n return watchViewportAt(el, { viewport$, header$ })\n .pipe(\n map(({ offset: { y } }) => {\n const { height } = getElementSize(el)\n return {\n active: y >= height\n }\n }),\n distinctUntilKeyChanged(\"active\")\n )\n}\n\n/**\n * Mount header title\n *\n * This function swaps the header title from the site title to the title of the\n * current page when the user scrolls past the first headline.\n *\n * @param el - Header title element\n * @param options - Options\n *\n * @returns Header title component observable\n */\nexport function mountHeaderTitle(\n el: HTMLElement, options: MountOptions\n): Observable> {\n return defer(() => {\n const push$ = new Subject()\n push$.subscribe(({ active }) => {\n el.classList.toggle(\"md-header__title--active\", active)\n })\n\n /* Obtain headline, if any */\n const heading = getOptionalElement(\"article h1\")\n if (typeof heading === \"undefined\")\n return EMPTY\n\n /* Create and return component */\n return watchHeaderTitle(heading, options)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n combineLatest,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n map,\n switchMap\n} from \"rxjs\"\n\nimport {\n Viewport,\n watchElementSize\n} from \"~/browser\"\n\nimport { Header } from \"../header\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Main area\n */\nexport interface Main {\n offset: number /* Main area top offset */\n height: number /* Main area visible height */\n active: boolean /* Main area is active */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch main area\n *\n * This function returns an observable that computes the visual parameters of\n * the main area which depends on the viewport vertical offset and height, as\n * well as the height of the header element, if the header is fixed.\n *\n * @param el - Main area element\n * @param options - Options\n *\n * @returns Main area observable\n */\nexport function watchMain(\n el: HTMLElement, { viewport$, header$ }: WatchOptions\n): Observable
    {\n\n /* Compute necessary adjustment for header */\n const adjust$ = header$\n .pipe(\n map(({ height }) => height),\n distinctUntilChanged()\n )\n\n /* Compute the main area's top and bottom borders */\n const border$ = adjust$\n .pipe(\n switchMap(() => watchElementSize(el)\n .pipe(\n map(({ height }) => ({\n top: el.offsetTop,\n bottom: el.offsetTop + height\n })),\n distinctUntilKeyChanged(\"bottom\")\n )\n )\n )\n\n /* Compute the main area's offset, visible height and if we scrolled past */\n return combineLatest([adjust$, border$, viewport$])\n .pipe(\n map(([header, { top, bottom }, { offset: { y }, size: { height } }]) => {\n height = Math.max(0, height\n - Math.max(0, top - y, header)\n - Math.max(0, height + y - bottom)\n )\n return {\n offset: top - header,\n height,\n active: top - header <= y\n }\n }),\n distinctUntilChanged((a, b) => (\n a.offset === b.offset &&\n a.height === b.height &&\n a.active === b.active\n ))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n asyncScheduler,\n defer,\n finalize,\n fromEvent,\n map,\n mergeMap,\n observeOn,\n of,\n shareReplay,\n startWith,\n tap\n} from \"rxjs\"\n\nimport { getElements } from \"~/browser\"\n\nimport { Component } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Palette colors\n */\nexport interface PaletteColor {\n scheme?: string /* Color scheme */\n primary?: string /* Primary color */\n accent?: string /* Accent color */\n}\n\n/**\n * Palette\n */\nexport interface Palette {\n index: number /* Palette index */\n color: PaletteColor /* Palette colors */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch color palette\n *\n * @param inputs - Color palette element\n *\n * @returns Color palette observable\n */\nexport function watchPalette(\n inputs: HTMLInputElement[]\n): Observable {\n const current = __md_get(\"__palette\") || {\n index: inputs.findIndex(input => matchMedia(\n input.getAttribute(\"data-md-color-media\")!\n ).matches)\n }\n\n /* Emit changes in color palette */\n return of(...inputs)\n .pipe(\n mergeMap(input => fromEvent(input, \"change\")\n .pipe(\n map(() => input)\n )\n ),\n startWith(inputs[Math.max(0, current.index)]),\n map(input => ({\n index: inputs.indexOf(input),\n color: {\n scheme: input.getAttribute(\"data-md-color-scheme\"),\n primary: input.getAttribute(\"data-md-color-primary\"),\n accent: input.getAttribute(\"data-md-color-accent\")\n }\n } as Palette)),\n shareReplay(1)\n )\n}\n\n/**\n * Mount color palette\n *\n * @param el - Color palette element\n *\n * @returns Color palette component observable\n */\nexport function mountPalette(\n el: HTMLElement\n): Observable> {\n return defer(() => {\n const push$ = new Subject()\n push$.subscribe(palette => {\n document.body.setAttribute(\"data-md-color-switching\", \"\")\n\n /* Set color palette */\n for (const [key, value] of Object.entries(palette.color))\n document.body.setAttribute(`data-md-color-${key}`, value)\n\n /* Toggle visibility */\n for (let index = 0; index < inputs.length; index++) {\n const label = inputs[index].nextElementSibling\n if (label instanceof HTMLElement)\n label.hidden = palette.index !== index\n }\n\n /* Persist preference in local storage */\n __md_set(\"__palette\", palette)\n })\n\n /* Revert transition durations after color switch */\n push$.pipe(observeOn(asyncScheduler))\n .subscribe(() => {\n document.body.removeAttribute(\"data-md-color-switching\")\n })\n\n /* Create and return component */\n const inputs = getElements(\"input\", el)\n return watchPalette(inputs)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport ClipboardJS from \"clipboard\"\nimport {\n Observable,\n Subject,\n map,\n tap\n} from \"rxjs\"\n\nimport { translation } from \"~/_\"\nimport { getElement } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Setup options\n */\ninterface SetupOptions {\n alert$: Subject /* Alert subject */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Extract text to copy\n *\n * @param el - HTML element\n *\n * @returns Extracted text\n */\nfunction extract(el: HTMLElement): string {\n el.setAttribute(\"data-md-copying\", \"\")\n const text = el.innerText\n el.removeAttribute(\"data-md-copying\")\n return text\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Set up Clipboard.js integration\n *\n * @param options - Options\n */\nexport function setupClipboardJS(\n { alert$ }: SetupOptions\n): void {\n if (ClipboardJS.isSupported()) {\n new Observable(subscriber => {\n new ClipboardJS(\"[data-clipboard-target], [data-clipboard-text]\", {\n text: el => (\n el.getAttribute(\"data-clipboard-text\")! ||\n extract(getElement(\n el.getAttribute(\"data-clipboard-target\")!\n ))\n )\n })\n .on(\"success\", ev => subscriber.next(ev))\n })\n .pipe(\n tap(ev => {\n const trigger = ev.trigger as HTMLElement\n trigger.focus()\n }),\n map(() => translation(\"clipboard.copied\"))\n )\n .subscribe(alert$)\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n catchError,\n defaultIfEmpty,\n map,\n of,\n tap\n} from \"rxjs\"\n\nimport { configuration } from \"~/_\"\nimport { getElements, requestXML } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Sitemap, i.e. a list of URLs\n */\nexport type Sitemap = string[]\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Preprocess a list of URLs\n *\n * This function replaces the `site_url` in the sitemap with the actual base\n * URL, to allow instant loading to work in occasions like Netlify previews.\n *\n * @param urls - URLs\n *\n * @returns URL path parts\n */\nfunction preprocess(urls: Sitemap): Sitemap {\n if (urls.length < 2)\n return [\"\"]\n\n /* Take the first two URLs and remove everything after the last slash */\n const [root, next] = [...urls]\n .sort((a, b) => a.length - b.length)\n .map(url => url.replace(/[^/]+$/, \"\"))\n\n /* Compute common prefix */\n let index = 0\n if (root === next)\n index = root.length\n else\n while (root.charCodeAt(index) === next.charCodeAt(index))\n index++\n\n /* Remove common prefix and return in original order */\n return urls.map(url => url.replace(root.slice(0, index), \"\"))\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch the sitemap for the given base URL\n *\n * @param base - Base URL\n *\n * @returns Sitemap observable\n */\nexport function fetchSitemap(base?: URL): Observable {\n const cached = __md_get(\"__sitemap\", sessionStorage, base)\n if (cached) {\n return of(cached)\n } else {\n const config = configuration()\n return requestXML(new URL(\"sitemap.xml\", base || config.base))\n .pipe(\n map(sitemap => preprocess(getElements(\"loc\", sitemap)\n .map(node => node.textContent!)\n )),\n catchError(() => EMPTY), // @todo refactor instant loading\n defaultIfEmpty([]),\n tap(sitemap => __md_set(\"__sitemap\", sitemap, sessionStorage, base))\n )\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n NEVER,\n Observable,\n Subject,\n bufferCount,\n catchError,\n concatMap,\n debounceTime,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n filter,\n fromEvent,\n map,\n merge,\n of,\n sample,\n share,\n skip,\n skipUntil,\n switchMap\n} from \"rxjs\"\n\nimport { configuration, feature } from \"~/_\"\nimport {\n Viewport,\n ViewportOffset,\n getElements,\n getOptionalElement,\n request,\n setLocation,\n setLocationHash\n} from \"~/browser\"\nimport { getComponentElement } from \"~/components\"\nimport { h } from \"~/utilities\"\n\nimport { fetchSitemap } from \"../sitemap\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * History state\n */\nexport interface HistoryState {\n url: URL /* State URL */\n offset?: ViewportOffset /* State viewport offset */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Setup options\n */\ninterface SetupOptions {\n document$: Subject /* Document subject */\n location$: Subject /* Location subject */\n viewport$: Observable /* Viewport observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Set up instant loading\n *\n * When fetching, theoretically, we could use `responseType: \"document\"`, but\n * since all MkDocs links are relative, we need to make sure that the current\n * location matches the document we just loaded. Otherwise any relative links\n * in the document could use the old location.\n *\n * This is the reason why we need to synchronize history events and the process\n * of fetching the document for navigation changes (except `popstate` events):\n *\n * 1. Fetch document via `XMLHTTPRequest`\n * 2. Set new location via `history.pushState`\n * 3. Parse and emit fetched document\n *\n * For `popstate` events, we must not use `history.pushState`, or the forward\n * history will be irreversibly overwritten. In case the request fails, the\n * location change is dispatched regularly.\n *\n * @param options - Options\n */\nexport function setupInstantLoading(\n { document$, location$, viewport$ }: SetupOptions\n): void {\n const config = configuration()\n if (location.protocol === \"file:\")\n return\n\n /* Disable automatic scroll restoration */\n if (\"scrollRestoration\" in history) {\n history.scrollRestoration = \"manual\"\n\n /* Hack: ensure that reloads restore viewport offset */\n fromEvent(window, \"beforeunload\")\n .subscribe(() => {\n history.scrollRestoration = \"auto\"\n })\n }\n\n /* Hack: ensure absolute favicon link to omit 404s when switching */\n const favicon = getOptionalElement(\"link[rel=icon]\")\n if (typeof favicon !== \"undefined\")\n favicon.href = favicon.href\n\n /* Intercept internal navigation */\n const push$ = fetchSitemap()\n .pipe(\n map(paths => paths.map(path => `${new URL(path, config.base)}`)),\n switchMap(urls => fromEvent(document.body, \"click\")\n .pipe(\n filter(ev => !ev.metaKey && !ev.ctrlKey),\n switchMap(ev => {\n if (ev.target instanceof Element) {\n const el = ev.target.closest(\"a\")\n if (el && !el.target) {\n const url = new URL(el.href)\n\n /* Canonicalize URL */\n url.search = \"\"\n url.hash = \"\"\n\n /* Check if URL should be intercepted */\n if (\n url.pathname !== location.pathname &&\n urls.includes(url.toString())\n ) {\n ev.preventDefault()\n return of({\n url: new URL(el.href)\n })\n }\n }\n }\n return NEVER\n })\n )\n ),\n share()\n )\n\n /* Intercept history back and forward */\n const pop$ = fromEvent(window, \"popstate\")\n .pipe(\n filter(ev => ev.state !== null),\n map(ev => ({\n url: new URL(location.href),\n offset: ev.state\n })),\n share()\n )\n\n /* Emit location change */\n merge(push$, pop$)\n .pipe(\n distinctUntilChanged((a, b) => a.url.href === b.url.href),\n map(({ url }) => url)\n )\n .subscribe(location$)\n\n /* Fetch document via `XMLHTTPRequest` */\n const response$ = location$\n .pipe(\n distinctUntilKeyChanged(\"pathname\"),\n switchMap(url => request(url.href)\n .pipe(\n catchError(() => {\n setLocation(url)\n return NEVER\n })\n )\n ),\n share()\n )\n\n /* Set new location via `history.pushState` */\n push$\n .pipe(\n sample(response$)\n )\n .subscribe(({ url }) => {\n history.pushState({}, \"\", `${url}`)\n })\n\n /* Parse and emit fetched document */\n const dom = new DOMParser()\n response$\n .pipe(\n switchMap(res => res.text()),\n map(res => dom.parseFromString(res, \"text/html\"))\n )\n .subscribe(document$)\n\n /* Replace meta tags and components */\n document$\n .pipe(\n skip(1)\n )\n .subscribe(replacement => {\n for (const selector of [\n\n /* Meta tags */\n \"title\",\n \"link[rel=canonical]\",\n \"meta[name=author]\",\n \"meta[name=description]\",\n\n /* Components */\n \"[data-md-component=announce]\",\n \"[data-md-component=container]\",\n \"[data-md-component=header-topic]\",\n \"[data-md-component=outdated]\",\n \"[data-md-component=logo]\",\n \"[data-md-component=skip]\",\n ...feature(\"navigation.tabs.sticky\")\n ? [\"[data-md-component=tabs]\"]\n : []\n ]) {\n const source = getOptionalElement(selector)\n const target = getOptionalElement(selector, replacement)\n if (\n typeof source !== \"undefined\" &&\n typeof target !== \"undefined\"\n ) {\n source.replaceWith(target)\n }\n }\n })\n\n /* Re-evaluate scripts */\n document$\n .pipe(\n skip(1),\n map(() => getComponentElement(\"container\")),\n switchMap(el => getElements(\"script\", el)),\n concatMap(el => {\n const script = h(\"script\")\n if (el.src) {\n for (const name of el.getAttributeNames())\n script.setAttribute(name, el.getAttribute(name)!)\n el.replaceWith(script)\n\n /* Complete when script is loaded */\n return new Observable(observer => {\n script.onload = () => observer.complete()\n })\n\n /* Complete immediately */\n } else {\n script.textContent = el.textContent\n el.replaceWith(script)\n return EMPTY\n }\n })\n )\n .subscribe()\n\n /* Emit history state change */\n merge(push$, pop$)\n .pipe(\n sample(document$)\n )\n .subscribe(({ url, offset }) => {\n if (url.hash && !offset) {\n setLocationHash(url.hash)\n } else {\n window.scrollTo(0, offset?.y || 0)\n }\n })\n\n /* Debounce update of viewport offset */\n viewport$\n .pipe(\n skipUntil(push$),\n debounceTime(250),\n distinctUntilKeyChanged(\"offset\")\n )\n .subscribe(({ offset }) => {\n history.replaceState(offset, \"\")\n })\n\n /* Set viewport offset from history */\n merge(push$, pop$)\n .pipe(\n bufferCount(2, 1),\n filter(([a, b]) => a.url.pathname === b.url.pathname),\n map(([, state]) => state)\n )\n .subscribe(({ offset }) => {\n window.scrollTo(0, offset?.y || 0)\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport escapeHTML from \"escape-html\"\n\nimport { SearchIndexDocument } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search document\n */\nexport interface SearchDocument extends SearchIndexDocument {\n parent?: SearchIndexDocument /* Parent article */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search document mapping\n */\nexport type SearchDocumentMap = Map\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Create a search document mapping\n *\n * @param docs - Search index documents\n *\n * @returns Search document map\n */\nexport function setupSearchDocumentMap(\n docs: SearchIndexDocument[]\n): SearchDocumentMap {\n const documents = new Map()\n const parents = new Set()\n for (const doc of docs) {\n const [path, hash] = doc.location.split(\"#\")\n\n /* Extract location, title and tags */\n const location = doc.location\n const title = doc.title\n const tags = doc.tags\n\n /* Escape and cleanup text */\n const text = escapeHTML(doc.text)\n .replace(/\\s+(?=[,.:;!?])/g, \"\")\n .replace(/\\s+/g, \" \")\n\n /* Handle section */\n if (hash) {\n const parent = documents.get(path)!\n\n /* Ignore first section, override article */\n if (!parents.has(parent)) {\n parent.title = doc.title\n parent.text = text\n\n /* Remember that we processed the article */\n parents.add(parent)\n\n /* Add subsequent section */\n } else {\n documents.set(location, {\n location,\n title,\n text,\n parent\n })\n }\n\n /* Add article */\n } else {\n documents.set(location, {\n location,\n title,\n text,\n ...tags && { tags }\n })\n }\n }\n return documents\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport escapeHTML from \"escape-html\"\n\nimport { SearchIndexConfig } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search highlight function\n *\n * @param value - Value\n *\n * @returns Highlighted value\n */\nexport type SearchHighlightFn = (value: string) => string\n\n/**\n * Search highlight factory function\n *\n * @param query - Query value\n *\n * @returns Search highlight function\n */\nexport type SearchHighlightFactoryFn = (query: string) => SearchHighlightFn\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Create a search highlighter\n *\n * @param config - Search index configuration\n * @param escape - Whether to escape HTML\n *\n * @returns Search highlight factory function\n */\nexport function setupSearchHighlighter(\n config: SearchIndexConfig, escape: boolean\n): SearchHighlightFactoryFn {\n const separator = new RegExp(config.separator, \"img\")\n const highlight = (_: unknown, data: string, term: string) => {\n return `${data}${term}`\n }\n\n /* Return factory function */\n return (query: string) => {\n query = query\n .replace(/[\\s*+\\-:~^]+/g, \" \")\n .trim()\n\n /* Create search term match expression */\n const match = new RegExp(`(^|${config.separator})(${\n query\n .replace(/[|\\\\{}()[\\]^$+*?.-]/g, \"\\\\$&\")\n .replace(separator, \"|\")\n })`, \"img\")\n\n /* Highlight string value */\n return value => (\n escape\n ? escapeHTML(value)\n : value\n )\n .replace(match, highlight)\n .replace(/<\\/mark>(\\s+)]*>/img, \"$1\")\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search transformation function\n *\n * @param value - Query value\n *\n * @returns Transformed query value\n */\nexport type SearchTransformFn = (value: string) => string\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Default transformation function\n *\n * 1. Search for terms in quotation marks and prepend a `+` modifier to denote\n * that the resulting document must contain all terms, converting the query\n * to an `AND` query (as opposed to the default `OR` behavior). While users\n * may expect terms enclosed in quotation marks to map to span queries, i.e.\n * for which order is important, Lunr.js doesn't support them, so the best\n * we can do is to convert the terms to an `AND` query.\n *\n * 2. Replace control characters which are not located at the beginning of the\n * query or preceded by white space, or are not followed by a non-whitespace\n * character or are at the end of the query string. Furthermore, filter\n * unmatched quotation marks.\n *\n * 3. Trim excess whitespace from left and right.\n *\n * @param query - Query value\n *\n * @returns Transformed query value\n */\nexport function defaultTransform(query: string): string {\n return query\n .split(/\"([^\"]+)\"/g) /* => 1 */\n .map((terms, index) => index & 1\n ? terms.replace(/^\\b|^(?![^\\x00-\\x7F]|$)|\\s+/g, \" +\")\n : terms\n )\n .join(\"\")\n .replace(/\"|(?:^|\\s+)[*+\\-:^~]+(?=\\s+|$)/g, \"\") /* => 2 */\n .trim() /* => 3 */\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A RTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { SearchIndex, SearchResult } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search message type\n */\nexport const enum SearchMessageType {\n SETUP, /* Search index setup */\n READY, /* Search index ready */\n QUERY, /* Search query */\n RESULT /* Search results */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Message containing the data necessary to setup the search index\n */\nexport interface SearchSetupMessage {\n type: SearchMessageType.SETUP /* Message type */\n data: SearchIndex /* Message data */\n}\n\n/**\n * Message indicating the search index is ready\n */\nexport interface SearchReadyMessage {\n type: SearchMessageType.READY /* Message type */\n}\n\n/**\n * Message containing a search query\n */\nexport interface SearchQueryMessage {\n type: SearchMessageType.QUERY /* Message type */\n data: string /* Message data */\n}\n\n/**\n * Message containing results for a search query\n */\nexport interface SearchResultMessage {\n type: SearchMessageType.RESULT /* Message type */\n data: SearchResult /* Message data */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Message exchanged with the search worker\n */\nexport type SearchMessage =\n | SearchSetupMessage\n | SearchReadyMessage\n | SearchQueryMessage\n | SearchResultMessage\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Type guard for search setup messages\n *\n * @param message - Search worker message\n *\n * @returns Test result\n */\nexport function isSearchSetupMessage(\n message: SearchMessage\n): message is SearchSetupMessage {\n return message.type === SearchMessageType.SETUP\n}\n\n/**\n * Type guard for search ready messages\n *\n * @param message - Search worker message\n *\n * @returns Test result\n */\nexport function isSearchReadyMessage(\n message: SearchMessage\n): message is SearchReadyMessage {\n return message.type === SearchMessageType.READY\n}\n\n/**\n * Type guard for search query messages\n *\n * @param message - Search worker message\n *\n * @returns Test result\n */\nexport function isSearchQueryMessage(\n message: SearchMessage\n): message is SearchQueryMessage {\n return message.type === SearchMessageType.QUERY\n}\n\n/**\n * Type guard for search result messages\n *\n * @param message - Search worker message\n *\n * @returns Test result\n */\nexport function isSearchResultMessage(\n message: SearchMessage\n): message is SearchResultMessage {\n return message.type === SearchMessageType.RESULT\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A RTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n ObservableInput,\n Subject,\n from,\n map,\n share\n} from \"rxjs\"\n\nimport { configuration, feature, translation } from \"~/_\"\nimport { WorkerHandler, watchWorker } from \"~/browser\"\n\nimport { SearchIndex } from \"../../_\"\nimport {\n SearchOptions,\n SearchPipeline\n} from \"../../options\"\nimport {\n SearchMessage,\n SearchMessageType,\n SearchSetupMessage,\n isSearchResultMessage\n} from \"../message\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search worker\n */\nexport type SearchWorker = WorkerHandler\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Set up search index\n *\n * @param data - Search index\n *\n * @returns Search index\n */\nfunction setupSearchIndex({ config, docs }: SearchIndex): SearchIndex {\n\n /* Override default language with value from translation */\n if (config.lang.length === 1 && config.lang[0] === \"en\")\n config.lang = [\n translation(\"search.config.lang\")\n ]\n\n /* Override default separator with value from translation */\n if (config.separator === \"[\\\\s\\\\-]+\")\n config.separator = translation(\"search.config.separator\")\n\n /* Set pipeline from translation */\n const pipeline = translation(\"search.config.pipeline\")\n .split(/\\s*,\\s*/)\n .filter(Boolean) as SearchPipeline\n\n /* Determine search options */\n const options: SearchOptions = {\n pipeline,\n suggestions: feature(\"search.suggest\")\n }\n\n /* Return search index after defaulting */\n return { config, docs, options }\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Set up search worker\n *\n * This function creates a web worker to set up and query the search index,\n * which is done using Lunr.js. The index must be passed as an observable to\n * enable hacks like _localsearch_ via search index embedding as JSON.\n *\n * @param url - Worker URL\n * @param index - Search index observable input\n *\n * @returns Search worker\n */\nexport function setupSearchWorker(\n url: string, index: ObservableInput\n): SearchWorker {\n const config = configuration()\n const worker = new Worker(url)\n\n /* Create communication channels and resolve relative links */\n const tx$ = new Subject()\n const rx$ = watchWorker(worker, { tx$ })\n .pipe(\n map(message => {\n if (isSearchResultMessage(message)) {\n for (const result of message.data.items)\n for (const document of result)\n document.location = `${new URL(document.location, config.base)}`\n }\n return message\n }),\n share()\n )\n\n /* Set up search index */\n from(index)\n .pipe(\n map(data => ({\n type: SearchMessageType.SETUP,\n data: setupSearchIndex(data)\n } as SearchSetupMessage))\n )\n .subscribe(tx$.next.bind(tx$))\n\n /* Return search worker */\n return { tx$, rx$ }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Subject,\n catchError,\n combineLatest,\n filter,\n fromEvent,\n map,\n of,\n switchMap,\n withLatestFrom\n} from \"rxjs\"\n\nimport { configuration } from \"~/_\"\nimport {\n getElement,\n getLocation,\n requestJSON,\n setLocation\n} from \"~/browser\"\nimport { getComponentElements } from \"~/components\"\nimport {\n Version,\n renderVersionSelector\n} from \"~/templates\"\n\nimport { fetchSitemap } from \"../sitemap\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Setup options\n */\ninterface SetupOptions {\n document$: Subject /* Document subject */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Set up version selector\n *\n * @param options - Options\n */\nexport function setupVersionSelector(\n { document$ }: SetupOptions\n): void {\n const config = configuration()\n const versions$ = requestJSON(\n new URL(\"../versions.json\", config.base)\n )\n .pipe(\n catchError(() => EMPTY) // @todo refactor instant loading\n )\n\n /* Determine current version */\n const current$ = versions$\n .pipe(\n map(versions => {\n const [, current] = config.base.match(/([^/]+)\\/?$/)!\n return versions.find(({ version, aliases }) => (\n version === current || aliases.includes(current)\n )) || versions[0]\n })\n )\n\n /* Intercept inter-version navigation */\n versions$\n .pipe(\n map(versions => new Map(versions.map(version => [\n `${new URL(`../${version.version}/`, config.base)}`,\n version\n ]))),\n switchMap(urls => fromEvent(document.body, \"click\")\n .pipe(\n filter(ev => !ev.metaKey && !ev.ctrlKey),\n withLatestFrom(current$),\n switchMap(([ev, current]) => {\n if (ev.target instanceof Element) {\n const el = ev.target.closest(\"a\")\n if (el && !el.target && urls.has(el.href)) {\n const url = el.href\n // This is a temporary hack to detect if a version inside the\n // version selector or on another part of the site was clicked.\n // If we're inside the version selector, we definitely want to\n // find the same page, as we might have different deployments\n // due to aliases. However, if we're outside the version\n // selector, we must abort here, because we might otherwise\n // interfere with instant loading. We need to refactor this\n // at some point together with instant loading.\n //\n // See https://github.com/squidfunk/mkdocs-material/issues/4012\n if (!ev.target.closest(\".md-version\")) {\n const version = urls.get(url)!\n if (version === current)\n return EMPTY\n }\n ev.preventDefault()\n return of(url)\n }\n }\n return EMPTY\n }),\n switchMap(url => {\n const { version } = urls.get(url)!\n return fetchSitemap(new URL(url))\n .pipe(\n map(sitemap => {\n const location = getLocation()\n const path = location.href.replace(config.base, \"\")\n return sitemap.includes(path.split(\"#\")[0])\n ? new URL(`../${version}/${path}`, config.base)\n : new URL(url)\n })\n )\n })\n )\n )\n )\n .subscribe(url => setLocation(url))\n\n /* Render version selector and warning */\n combineLatest([versions$, current$])\n .subscribe(([versions, current]) => {\n const topic = getElement(\".md-header__topic\")\n topic.appendChild(renderVersionSelector(versions, current))\n })\n\n /* Integrate outdated version banner with instant loading */\n document$.pipe(switchMap(() => current$))\n .subscribe(current => {\n\n /* Check if version state was already determined */\n let outdated = __md_get(\"__outdated\", sessionStorage)\n if (outdated === null) {\n const latest = config.version?.default || \"latest\"\n outdated = !current.aliases.includes(latest)\n\n /* Persist version state in session storage */\n __md_set(\"__outdated\", outdated, sessionStorage)\n }\n\n /* Unhide outdated version banner */\n if (outdated)\n for (const warning of getComponentElements(\"outdated\"))\n warning.hidden = false\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n combineLatest,\n delay,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n filter,\n finalize,\n fromEvent,\n map,\n merge,\n share,\n shareReplay,\n startWith,\n take,\n takeLast,\n takeUntil,\n tap\n} from \"rxjs\"\n\nimport { translation } from \"~/_\"\nimport {\n getLocation,\n setToggle,\n watchElementFocus,\n watchToggle\n} from \"~/browser\"\nimport {\n SearchMessageType,\n SearchQueryMessage,\n SearchWorker,\n defaultTransform,\n isSearchReadyMessage\n} from \"~/integrations\"\n\nimport { Component } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search query\n */\nexport interface SearchQuery {\n value: string /* Query value */\n focus: boolean /* Query focus */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch search query\n *\n * Note that the focus event which triggers re-reading the current query value\n * is delayed by `1ms` so the input's empty state is allowed to propagate.\n *\n * @param el - Search query element\n * @param worker - Search worker\n *\n * @returns Search query observable\n */\nexport function watchSearchQuery(\n el: HTMLInputElement, { rx$ }: SearchWorker\n): Observable {\n const fn = __search?.transform || defaultTransform\n\n /* Immediately show search dialog */\n const { searchParams } = getLocation()\n if (searchParams.has(\"q\"))\n setToggle(\"search\", true)\n\n /* Intercept query parameter (deep link) */\n const param$ = rx$\n .pipe(\n filter(isSearchReadyMessage),\n take(1),\n map(() => searchParams.get(\"q\") || \"\")\n )\n\n /* Remove query parameter when search is closed */\n watchToggle(\"search\")\n .pipe(\n filter(active => !active),\n take(1)\n )\n .subscribe(() => {\n const url = new URL(location.href)\n url.searchParams.delete(\"q\")\n history.replaceState({}, \"\", `${url}`)\n })\n\n /* Set query from parameter */\n param$.subscribe(value => { // TODO: not ideal - find a better way\n if (value) {\n el.value = value\n el.focus()\n }\n })\n\n /* Intercept focus and input events */\n const focus$ = watchElementFocus(el)\n const value$ = merge(\n fromEvent(el, \"keyup\"),\n fromEvent(el, \"focus\").pipe(delay(1)),\n param$\n )\n .pipe(\n map(() => fn(el.value)),\n startWith(\"\"),\n distinctUntilChanged(),\n )\n\n /* Combine into single observable */\n return combineLatest([value$, focus$])\n .pipe(\n map(([value, focus]) => ({ value, focus })),\n shareReplay(1)\n )\n}\n\n/**\n * Mount search query\n *\n * @param el - Search query element\n * @param worker - Search worker\n *\n * @returns Search query component observable\n */\nexport function mountSearchQuery(\n el: HTMLInputElement, { tx$, rx$ }: SearchWorker\n): Observable> {\n const push$ = new Subject()\n const done$ = push$.pipe(takeLast(1))\n\n /* Handle value changes */\n push$\n .pipe(\n distinctUntilKeyChanged(\"value\"),\n map(({ value }): SearchQueryMessage => ({\n type: SearchMessageType.QUERY,\n data: value\n }))\n )\n .subscribe(tx$.next.bind(tx$))\n\n /* Handle focus changes */\n push$\n .pipe(\n distinctUntilKeyChanged(\"focus\")\n )\n .subscribe(({ focus }) => {\n if (focus) {\n setToggle(\"search\", focus)\n el.placeholder = \"\"\n } else {\n el.placeholder = translation(\"search.placeholder\")\n }\n })\n\n /* Handle reset */\n fromEvent(el.form!, \"reset\")\n .pipe(\n takeUntil(done$)\n )\n .subscribe(() => el.focus())\n\n /* Create and return component */\n return watchSearchQuery(el, { tx$, rx$ })\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state })),\n share()\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n bufferCount,\n filter,\n finalize,\n map,\n merge,\n of,\n skipUntil,\n switchMap,\n take,\n tap,\n withLatestFrom,\n zipWith\n} from \"rxjs\"\n\nimport { translation } from \"~/_\"\nimport {\n getElement,\n watchElementBoundary\n} from \"~/browser\"\nimport {\n SearchResult,\n SearchWorker,\n isSearchReadyMessage,\n isSearchResultMessage\n} from \"~/integrations\"\nimport { renderSearchResultItem } from \"~/templates\"\nimport { round } from \"~/utilities\"\n\nimport { Component } from \"../../_\"\nimport { SearchQuery } from \"../query\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n query$: Observable /* Search query observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount search result list\n *\n * This function performs a lazy rendering of the search results, depending on\n * the vertical offset of the search result container.\n *\n * @param el - Search result list element\n * @param worker - Search worker\n * @param options - Options\n *\n * @returns Search result list component observable\n */\nexport function mountSearchResult(\n el: HTMLElement, { rx$ }: SearchWorker, { query$ }: MountOptions\n): Observable> {\n const push$ = new Subject()\n const boundary$ = watchElementBoundary(el.parentElement!)\n .pipe(\n filter(Boolean)\n )\n\n /* Retrieve nested components */\n const meta = getElement(\":scope > :first-child\", el)\n const list = getElement(\":scope > :last-child\", el)\n\n /* Wait until search is ready */\n const ready$ = rx$\n .pipe(\n filter(isSearchReadyMessage),\n take(1)\n )\n\n /* Update search result metadata */\n push$\n .pipe(\n withLatestFrom(query$),\n skipUntil(ready$)\n )\n .subscribe(([{ items }, { value }]) => {\n if (value) {\n switch (items.length) {\n\n /* No results */\n case 0:\n meta.textContent = translation(\"search.result.none\")\n break\n\n /* One result */\n case 1:\n meta.textContent = translation(\"search.result.one\")\n break\n\n /* Multiple result */\n default:\n meta.textContent = translation(\n \"search.result.other\",\n round(items.length)\n )\n }\n } else {\n meta.textContent = translation(\"search.result.placeholder\")\n }\n })\n\n /* Update search result list */\n push$\n .pipe(\n tap(() => list.innerHTML = \"\"),\n switchMap(({ items }) => merge(\n of(...items.slice(0, 10)),\n of(...items.slice(10))\n .pipe(\n bufferCount(4),\n zipWith(boundary$),\n switchMap(([chunk]) => chunk)\n )\n ))\n )\n .subscribe(result => list.appendChild(\n renderSearchResultItem(result)\n ))\n\n /* Filter search result message */\n const result$ = rx$\n .pipe(\n filter(isSearchResultMessage),\n map(({ data }) => data)\n )\n\n /* Create and return component */\n return result$\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n finalize,\n fromEvent,\n map,\n tap\n} from \"rxjs\"\n\nimport { getLocation } from \"~/browser\"\n\nimport { Component } from \"../../_\"\nimport { SearchQuery } from \"../query\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search sharing\n */\nexport interface SearchShare {\n url: URL /* Deep link for sharing */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n query$: Observable /* Search query observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n query$: Observable /* Search query observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount search sharing\n *\n * @param _el - Search sharing element\n * @param options - Options\n *\n * @returns Search sharing observable\n */\nexport function watchSearchShare(\n _el: HTMLElement, { query$ }: WatchOptions\n): Observable {\n return query$\n .pipe(\n map(({ value }) => {\n const url = getLocation()\n url.hash = \"\"\n url.searchParams.delete(\"h\")\n url.searchParams.set(\"q\", value)\n return { url }\n })\n )\n}\n\n/**\n * Mount search sharing\n *\n * @param el - Search sharing element\n * @param options - Options\n *\n * @returns Search sharing component observable\n */\nexport function mountSearchShare(\n el: HTMLAnchorElement, options: MountOptions\n): Observable> {\n const push$ = new Subject()\n push$.subscribe(({ url }) => {\n el.setAttribute(\"data-clipboard-text\", el.href)\n el.href = `${url}`\n })\n\n /* Prevent following of link */\n fromEvent(el, \"click\")\n .subscribe(ev => ev.preventDefault())\n\n /* Create and return component */\n return watchSearchShare(el, options)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n asyncScheduler,\n combineLatestWith,\n distinctUntilChanged,\n filter,\n finalize,\n fromEvent,\n map,\n merge,\n observeOn,\n tap\n} from \"rxjs\"\n\nimport { Keyboard } from \"~/browser\"\nimport {\n SearchResult,\n SearchWorker,\n isSearchResultMessage\n} from \"~/integrations\"\n\nimport { Component, getComponentElement } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search suggestions\n */\nexport interface SearchSuggest {}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n keyboard$: Observable /* Keyboard observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount search suggestions\n *\n * This function will perform a lazy rendering of the search results, depending\n * on the vertical offset of the search result container.\n *\n * @param el - Search result list element\n * @param worker - Search worker\n * @param options - Options\n *\n * @returns Search result list component observable\n */\nexport function mountSearchSuggest(\n el: HTMLElement, { rx$ }: SearchWorker, { keyboard$ }: MountOptions\n): Observable> {\n const push$ = new Subject()\n\n /* Retrieve query component and track all changes */\n const query = getComponentElement(\"search-query\")\n const query$ = merge(\n fromEvent(query, \"keydown\"),\n fromEvent(query, \"focus\")\n )\n .pipe(\n observeOn(asyncScheduler),\n map(() => query.value),\n distinctUntilChanged(),\n )\n\n /* Update search suggestions */\n push$\n .pipe(\n combineLatestWith(query$),\n map(([{ suggestions }, value]) => {\n const words = value.split(/([\\s-]+)/)\n if (suggestions?.length && words[words.length - 1]) {\n const last = suggestions[suggestions.length - 1]\n if (last.startsWith(words[words.length - 1]))\n words[words.length - 1] = last\n } else {\n words.length = 0\n }\n return words\n })\n )\n .subscribe(words => el.innerHTML = words\n .join(\"\")\n .replace(/\\s/g, \" \")\n )\n\n /* Set up search keyboard handlers */\n keyboard$\n .pipe(\n filter(({ mode }) => mode === \"search\")\n )\n .subscribe(key => {\n switch (key.type) {\n\n /* Right arrow: accept current suggestion */\n case \"ArrowRight\":\n if (\n el.innerText.length &&\n query.selectionStart === query.value.length\n )\n query.value = el.innerText\n break\n }\n })\n\n /* Filter search result message */\n const result$ = rx$\n .pipe(\n filter(isSearchResultMessage),\n map(({ data }) => data)\n )\n\n /* Create and return component */\n return result$\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(() => ({ ref: el }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n NEVER,\n Observable,\n ObservableInput,\n filter,\n merge,\n mergeWith,\n sample,\n take\n} from \"rxjs\"\n\nimport { configuration } from \"~/_\"\nimport {\n Keyboard,\n getActiveElement,\n getElements,\n setToggle\n} from \"~/browser\"\nimport {\n SearchIndex,\n SearchResult,\n isSearchQueryMessage,\n isSearchReadyMessage,\n setupSearchWorker\n} from \"~/integrations\"\n\nimport {\n Component,\n getComponentElement,\n getComponentElements\n} from \"../../_\"\nimport {\n SearchQuery,\n mountSearchQuery\n} from \"../query\"\nimport { mountSearchResult } from \"../result\"\nimport {\n SearchShare,\n mountSearchShare\n} from \"../share\"\nimport {\n SearchSuggest,\n mountSearchSuggest\n} from \"../suggest\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search\n */\nexport type Search =\n | SearchQuery\n | SearchResult\n | SearchShare\n | SearchSuggest\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n index$: ObservableInput /* Search index observable */\n keyboard$: Observable /* Keyboard observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount search\n *\n * This function sets up the search functionality, including the underlying\n * web worker and all keyboard bindings.\n *\n * @param el - Search element\n * @param options - Options\n *\n * @returns Search component observable\n */\nexport function mountSearch(\n el: HTMLElement, { index$, keyboard$ }: MountOptions\n): Observable> {\n const config = configuration()\n try {\n const url = __search?.worker || config.search\n const worker = setupSearchWorker(url, index$)\n\n /* Retrieve query and result components */\n const query = getComponentElement(\"search-query\", el)\n const result = getComponentElement(\"search-result\", el)\n\n /* Re-emit query when search is ready */\n const { tx$, rx$ } = worker\n tx$\n .pipe(\n filter(isSearchQueryMessage),\n sample(rx$.pipe(filter(isSearchReadyMessage))),\n take(1)\n )\n .subscribe(tx$.next.bind(tx$))\n\n /* Set up search keyboard handlers */\n keyboard$\n .pipe(\n filter(({ mode }) => mode === \"search\")\n )\n .subscribe(key => {\n const active = getActiveElement()\n switch (key.type) {\n\n /* Enter: go to first (best) result */\n case \"Enter\":\n if (active === query) {\n const anchors = new Map()\n for (const anchor of getElements(\n \":first-child [href]\", result\n )) {\n const article = anchor.firstElementChild!\n anchors.set(anchor, parseFloat(\n article.getAttribute(\"data-md-score\")!\n ))\n }\n\n /* Go to result with highest score, if any */\n if (anchors.size) {\n const [[best]] = [...anchors].sort(([, a], [, b]) => b - a)\n best.click()\n }\n\n /* Otherwise omit form submission */\n key.claim()\n }\n break\n\n /* Escape or Tab: close search */\n case \"Escape\":\n case \"Tab\":\n setToggle(\"search\", false)\n query.blur()\n break\n\n /* Vertical arrows: select previous or next search result */\n case \"ArrowUp\":\n case \"ArrowDown\":\n if (typeof active === \"undefined\") {\n query.focus()\n } else {\n const els = [query, ...getElements(\n \":not(details) > [href], summary, details[open] [href]\",\n result\n )]\n const i = Math.max(0, (\n Math.max(0, els.indexOf(active)) + els.length + (\n key.type === \"ArrowUp\" ? -1 : +1\n )\n ) % els.length)\n els[i].focus()\n }\n\n /* Prevent scrolling of page */\n key.claim()\n break\n\n /* All other keys: hand to search query */\n default:\n if (query !== getActiveElement())\n query.focus()\n }\n })\n\n /* Set up global keyboard handlers */\n keyboard$\n .pipe(\n filter(({ mode }) => mode === \"global\"),\n )\n .subscribe(key => {\n switch (key.type) {\n\n /* Open search and select query */\n case \"f\":\n case \"s\":\n case \"/\":\n query.focus()\n query.select()\n\n /* Prevent scrolling of page */\n key.claim()\n break\n }\n })\n\n /* Create and return component */\n const query$ = mountSearchQuery(query, worker)\n const result$ = mountSearchResult(result, worker, { query$ })\n return merge(query$, result$)\n .pipe(\n mergeWith(\n\n /* Search sharing */\n ...getComponentElements(\"search-share\", el)\n .map(child => mountSearchShare(child, { query$ })),\n\n /* Search suggestions */\n ...getComponentElements(\"search-suggest\", el)\n .map(child => mountSearchSuggest(child, worker, { keyboard$ }))\n )\n )\n\n /* Gracefully handle broken search */\n } catch (err) {\n el.hidden = true\n return NEVER\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n ObservableInput,\n combineLatest,\n filter,\n map,\n startWith\n} from \"rxjs\"\n\nimport { getLocation } from \"~/browser\"\nimport {\n SearchIndex,\n setupSearchHighlighter\n} from \"~/integrations\"\nimport { h } from \"~/utilities\"\n\nimport { Component } from \"../../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search highlighting\n */\nexport interface SearchHighlight {\n nodes: Map /* Map of replacements */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount options\n */\ninterface MountOptions {\n index$: ObservableInput /* Search index observable */\n location$: Observable /* Location observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Mount search highlighting\n *\n * @param el - Content element\n * @param options - Options\n *\n * @returns Search highlighting component observable\n */\nexport function mountSearchHiglight(\n el: HTMLElement, { index$, location$ }: MountOptions\n): Observable> {\n return combineLatest([\n index$,\n location$\n .pipe(\n startWith(getLocation()),\n filter(url => !!url.searchParams.get(\"h\"))\n )\n ])\n .pipe(\n map(([index, url]) => setupSearchHighlighter(index.config, true)(\n url.searchParams.get(\"h\")!\n )),\n map(fn => {\n const nodes = new Map()\n\n /* Traverse text nodes and collect matches */\n const it = document.createNodeIterator(el, NodeFilter.SHOW_TEXT)\n for (let node = it.nextNode(); node; node = it.nextNode()) {\n if (node.parentElement?.offsetHeight) {\n const original = node.textContent!\n const replaced = fn(original)\n if (replaced.length > original.length)\n nodes.set(node as ChildNode, replaced)\n }\n }\n\n /* Replace original nodes with matches */\n for (const [node, text] of nodes) {\n const { childNodes } = h(\"span\", null, text)\n node.replaceWith(...Array.from(childNodes))\n }\n\n /* Return component */\n return { ref: el, nodes }\n })\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n animationFrameScheduler,\n auditTime,\n combineLatest,\n defer,\n distinctUntilChanged,\n finalize,\n map,\n observeOn,\n take,\n tap,\n withLatestFrom\n} from \"rxjs\"\n\nimport {\n Viewport,\n getElement,\n getElementContainer,\n getElementOffset,\n getElementSize,\n getElements\n} from \"~/browser\"\n\nimport { Component } from \"../_\"\nimport { Header } from \"../header\"\nimport { Main } from \"../main\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Sidebar\n */\nexport interface Sidebar {\n height: number /* Sidebar height */\n locked: boolean /* Sidebar is locked */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n main$: Observable
    /* Main area observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n main$: Observable
    /* Main area observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch sidebar\n *\n * This function returns an observable that computes the visual parameters of\n * the sidebar which depends on the vertical viewport offset, as well as the\n * height of the main area. When the page is scrolled beyond the header, the\n * sidebar is locked and fills the remaining space.\n *\n * @param el - Sidebar element\n * @param options - Options\n *\n * @returns Sidebar observable\n */\nexport function watchSidebar(\n el: HTMLElement, { viewport$, main$ }: WatchOptions\n): Observable {\n const parent = el.parentElement!\n const adjust =\n parent.offsetTop -\n parent.parentElement!.offsetTop\n\n /* Compute the sidebar's available height and if it should be locked */\n return combineLatest([main$, viewport$])\n .pipe(\n map(([{ offset, height }, { offset: { y } }]) => {\n height = height\n + Math.min(adjust, Math.max(0, y - offset))\n - adjust\n return {\n height,\n locked: y >= offset + adjust\n }\n }),\n distinctUntilChanged((a, b) => (\n a.height === b.height &&\n a.locked === b.locked\n ))\n )\n}\n\n/**\n * Mount sidebar\n *\n * This function doesn't set the height of the actual sidebar, but of its first\n * child \u2013 the `.md-sidebar__scrollwrap` element in order to mitigiate jittery\n * sidebars when the footer is scrolled into view. At some point we switched\n * from `absolute` / `fixed` positioning to `sticky` positioning, significantly\n * reducing jitter in some browsers (respectively Firefox and Safari) when\n * scrolling from the top. However, top-aligned sticky positioning means that\n * the sidebar snaps to the bottom when the end of the container is reached.\n * This is what leads to the mentioned jitter, as the sidebar's height may be\n * updated too slowly.\n *\n * This behaviour can be mitigiated by setting the height of the sidebar to `0`\n * while preserving the padding, and the height on its first element.\n *\n * @param el - Sidebar element\n * @param options - Options\n *\n * @returns Sidebar component observable\n */\nexport function mountSidebar(\n el: HTMLElement, { header$, ...options }: MountOptions\n): Observable> {\n const inner = getElement(\".md-sidebar__scrollwrap\", el)\n const { y } = getElementOffset(inner)\n return defer(() => {\n const push$ = new Subject()\n push$\n .pipe(\n auditTime(0, animationFrameScheduler),\n withLatestFrom(header$)\n )\n .subscribe({\n\n /* Handle emission */\n next([{ height }, { height: offset }]) {\n inner.style.height = `${height - 2 * y}px`\n el.style.top = `${offset}px`\n },\n\n /* Handle complete */\n complete() {\n inner.style.height = \"\"\n el.style.top = \"\"\n }\n })\n\n /* Bring active item into view on initial load */\n push$\n .pipe(\n observeOn(animationFrameScheduler),\n take(1)\n )\n .subscribe(() => {\n for (const item of getElements(\".md-nav__link--active[href]\", el)) {\n const container = getElementContainer(item)\n if (typeof container !== \"undefined\") {\n const offset = item.offsetTop - container.offsetTop\n const { height } = getElementSize(container)\n container.scrollTo({\n top: offset - height / 2\n })\n }\n }\n })\n\n /* Create and return component */\n return watchSidebar(el, options)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { Repo, User } from \"github-types\"\nimport {\n EMPTY,\n Observable,\n catchError,\n defaultIfEmpty,\n map,\n zip\n} from \"rxjs\"\n\nimport { requestJSON } from \"~/browser\"\n\nimport { SourceFacts } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * GitHub release (partial)\n */\ninterface Release {\n tag_name: string /* Tag name */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch GitHub repository facts\n *\n * @param user - GitHub user or organization\n * @param repo - GitHub repository\n *\n * @returns Repository facts observable\n */\nexport function fetchSourceFactsFromGitHub(\n user: string, repo?: string\n): Observable {\n if (typeof repo !== \"undefined\") {\n const url = `https://api.github.com/repos/${user}/${repo}`\n return zip(\n\n /* Fetch version */\n requestJSON(`${url}/releases/latest`)\n .pipe(\n catchError(() => EMPTY), // @todo refactor instant loading\n map(release => ({\n version: release.tag_name\n })),\n defaultIfEmpty({})\n ),\n\n /* Fetch stars and forks */\n requestJSON(url)\n .pipe(\n catchError(() => EMPTY), // @todo refactor instant loading\n map(info => ({\n stars: info.stargazers_count,\n forks: info.forks_count\n })),\n defaultIfEmpty({})\n )\n )\n .pipe(\n map(([release, info]) => ({ ...release, ...info }))\n )\n\n /* User or organization */\n } else {\n const url = `https://api.github.com/users/${user}`\n return requestJSON(url)\n .pipe(\n map(info => ({\n repositories: info.public_repos\n })),\n defaultIfEmpty({})\n )\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { ProjectSchema } from \"gitlab\"\nimport {\n EMPTY,\n Observable,\n catchError,\n defaultIfEmpty,\n map\n} from \"rxjs\"\n\nimport { requestJSON } from \"~/browser\"\n\nimport { SourceFacts } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch GitLab repository facts\n *\n * @param base - GitLab base\n * @param project - GitLab project\n *\n * @returns Repository facts observable\n */\nexport function fetchSourceFactsFromGitLab(\n base: string, project: string\n): Observable {\n const url = `https://${base}/api/v4/projects/${encodeURIComponent(project)}`\n return requestJSON(url)\n .pipe(\n catchError(() => EMPTY), // @todo refactor instant loading\n map(({ star_count, forks_count }) => ({\n stars: star_count,\n forks: forks_count\n })),\n defaultIfEmpty({})\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport { EMPTY, Observable } from \"rxjs\"\n\nimport { fetchSourceFactsFromGitHub } from \"../github\"\nimport { fetchSourceFactsFromGitLab } from \"../gitlab\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Repository facts for repositories\n */\nexport interface RepositoryFacts {\n stars?: number /* Number of stars */\n forks?: number /* Number of forks */\n version?: string /* Latest version */\n}\n\n/**\n * Repository facts for organizations\n */\nexport interface OrganizationFacts {\n repositories?: number /* Number of repositories */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Repository facts\n */\nexport type SourceFacts =\n | RepositoryFacts\n | OrganizationFacts\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch repository facts\n *\n * @param url - Repository URL\n *\n * @returns Repository facts observable\n */\nexport function fetchSourceFacts(\n url: string\n): Observable {\n\n /* Try to match GitHub repository */\n let match = url.match(/^.+github\\.com\\/([^/]+)\\/?([^/]+)?/i)\n if (match) {\n const [, user, repo] = match\n return fetchSourceFactsFromGitHub(user, repo)\n }\n\n /* Try to match GitLab repository */\n match = url.match(/^.+?([^/]*gitlab[^/]+)\\/(.+?)\\/?$/i)\n if (match) {\n const [, base, slug] = match\n return fetchSourceFactsFromGitLab(base, slug)\n }\n\n /* Fallback */\n return EMPTY\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n EMPTY,\n Observable,\n Subject,\n catchError,\n defer,\n filter,\n finalize,\n map,\n of,\n shareReplay,\n tap\n} from \"rxjs\"\n\nimport { getElement } from \"~/browser\"\nimport { ConsentDefaults } from \"~/components/consent\"\nimport { renderSourceFacts } from \"~/templates\"\n\nimport {\n Component,\n getComponentElements\n} from \"../../_\"\nimport {\n SourceFacts,\n fetchSourceFacts\n} from \"../facts\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Repository information\n */\nexport interface Source {\n facts: SourceFacts /* Repository facts */\n}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Repository information observable\n */\nlet fetch$: Observable\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch repository information\n *\n * This function tries to read the repository facts from session storage, and\n * if unsuccessful, fetches them from the underlying provider.\n *\n * @param el - Repository information element\n *\n * @returns Repository information observable\n */\nexport function watchSource(\n el: HTMLAnchorElement\n): Observable {\n return fetch$ ||= defer(() => {\n const cached = __md_get(\"__source\", sessionStorage)\n if (cached) {\n return of(cached)\n } else {\n\n /* Check if consent is configured and was given */\n const els = getComponentElements(\"consent\")\n if (els.length) {\n const consent = __md_get(\"__consent\")\n if (!(consent && consent.github))\n return EMPTY\n }\n\n /* Fetch repository facts */\n return fetchSourceFacts(el.href)\n .pipe(\n tap(facts => __md_set(\"__source\", facts, sessionStorage))\n )\n }\n })\n .pipe(\n catchError(() => EMPTY),\n filter(facts => Object.keys(facts).length > 0),\n map(facts => ({ facts })),\n shareReplay(1)\n )\n}\n\n/**\n * Mount repository information\n *\n * @param el - Repository information element\n *\n * @returns Repository information component observable\n */\nexport function mountSource(\n el: HTMLAnchorElement\n): Observable> {\n const inner = getElement(\":scope > :last-child\", el)\n return defer(() => {\n const push$ = new Subject()\n push$.subscribe(({ facts }) => {\n inner.appendChild(renderSourceFacts(facts))\n inner.classList.add(\"md-source__repository--active\")\n })\n\n /* Create and return component */\n return watchSource(el)\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n defer,\n distinctUntilKeyChanged,\n finalize,\n map,\n of,\n switchMap,\n tap\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport {\n Viewport,\n watchElementSize,\n watchViewportAt\n} from \"~/browser\"\n\nimport { Component } from \"../_\"\nimport { Header } from \"../header\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Navigation tabs\n */\nexport interface Tabs {\n hidden: boolean /* Navigation tabs are hidden */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch navigation tabs\n *\n * @param el - Navigation tabs element\n * @param options - Options\n *\n * @returns Navigation tabs observable\n */\nexport function watchTabs(\n el: HTMLElement, { viewport$, header$ }: WatchOptions\n): Observable {\n return watchElementSize(document.body)\n .pipe(\n switchMap(() => watchViewportAt(el, { header$, viewport$ })),\n map(({ offset: { y } }) => {\n return {\n hidden: y >= 10\n }\n }),\n distinctUntilKeyChanged(\"hidden\")\n )\n}\n\n/**\n * Mount navigation tabs\n *\n * This function hides the navigation tabs when scrolling past the threshold\n * and makes them reappear in a nice CSS animation when scrolling back up.\n *\n * @param el - Navigation tabs element\n * @param options - Options\n *\n * @returns Navigation tabs component observable\n */\nexport function mountTabs(\n el: HTMLElement, options: MountOptions\n): Observable> {\n return defer(() => {\n const push$ = new Subject()\n push$.subscribe({\n\n /* Handle emission */\n next({ hidden }) {\n el.hidden = hidden\n },\n\n /* Handle complete */\n complete() {\n el.hidden = false\n }\n })\n\n /* Create and return component */\n return (\n feature(\"navigation.tabs.sticky\")\n ? of({ hidden: false })\n : watchTabs(el, options)\n )\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n bufferCount,\n combineLatestWith,\n debounceTime,\n defer,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n filter,\n finalize,\n map,\n merge,\n of,\n repeat,\n scan,\n share,\n skip,\n startWith,\n switchMap,\n takeLast,\n takeUntil,\n tap,\n withLatestFrom\n} from \"rxjs\"\n\nimport { feature } from \"~/_\"\nimport {\n Viewport,\n getElement,\n getElementContainer,\n getElementSize,\n getElements,\n getLocation,\n getOptionalElement,\n watchElementSize\n} from \"~/browser\"\n\nimport {\n Component,\n getComponentElement\n} from \"../_\"\nimport { Header } from \"../header\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Table of contents\n */\nexport interface TableOfContents {\n prev: HTMLAnchorElement[][] /* Anchors (previous) */\n next: HTMLAnchorElement[][] /* Anchors (next) */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n target$: Observable /* Location target observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch table of contents\n *\n * This is effectively a scroll spy implementation which will account for the\n * fixed header and automatically re-calculate anchor offsets when the viewport\n * is resized. The returned observable will only emit if the table of contents\n * needs to be repainted.\n *\n * This implementation tracks an anchor element's entire path starting from its\n * level up to the top-most anchor element, e.g. `[h3, h2, h1]`. Although the\n * Material theme currently doesn't make use of this information, it enables\n * the styling of the entire hierarchy through customization.\n *\n * Note that the current anchor is the last item of the `prev` anchor list.\n *\n * @param el - Table of contents element\n * @param options - Options\n *\n * @returns Table of contents observable\n */\nexport function watchTableOfContents(\n el: HTMLElement, { viewport$, header$ }: WatchOptions\n): Observable {\n const table = new Map()\n\n /* Compute anchor-to-target mapping */\n const anchors = getElements(\"[href^=\\\\#]\", el)\n for (const anchor of anchors) {\n const id = decodeURIComponent(anchor.hash.substring(1))\n const target = getOptionalElement(`[id=\"${id}\"]`)\n if (typeof target !== \"undefined\")\n table.set(anchor, target)\n }\n\n /* Compute necessary adjustment for header */\n const adjust$ = header$\n .pipe(\n distinctUntilKeyChanged(\"height\"),\n map(({ height }) => {\n const main = getComponentElement(\"main\")\n const grid = getElement(\":scope > :first-child\", main)\n return height + 0.8 * (\n grid.offsetTop -\n main.offsetTop\n )\n }),\n share()\n )\n\n /* Compute partition of previous and next anchors */\n const partition$ = watchElementSize(document.body)\n .pipe(\n distinctUntilKeyChanged(\"height\"),\n\n /* Build index to map anchor paths to vertical offsets */\n switchMap(body => defer(() => {\n let path: HTMLAnchorElement[] = []\n return of([...table].reduce((index, [anchor, target]) => {\n while (path.length) {\n const last = table.get(path[path.length - 1])!\n if (last.tagName >= target.tagName) {\n path.pop()\n } else {\n break\n }\n }\n\n /* If the current anchor is hidden, continue with its parent */\n let offset = target.offsetTop\n while (!offset && target.parentElement) {\n target = target.parentElement\n offset = target.offsetTop\n }\n\n /* Map reversed anchor path to vertical offset */\n return index.set(\n [...path = [...path, anchor]].reverse(),\n offset\n )\n }, new Map()))\n })\n .pipe(\n\n /* Sort index by vertical offset (see https://bit.ly/30z6QSO) */\n map(index => new Map([...index].sort(([, a], [, b]) => a - b))),\n combineLatestWith(adjust$),\n\n /* Re-compute partition when viewport offset changes */\n switchMap(([index, adjust]) => viewport$\n .pipe(\n scan(([prev, next], { offset: { y }, size }) => {\n const last = y + size.height >= Math.floor(body.height)\n\n /* Look forward */\n while (next.length) {\n const [, offset] = next[0]\n if (offset - adjust < y || last) {\n prev = [...prev, next.shift()!]\n } else {\n break\n }\n }\n\n /* Look backward */\n while (prev.length) {\n const [, offset] = prev[prev.length - 1]\n if (offset - adjust >= y && !last) {\n next = [prev.pop()!, ...next]\n } else {\n break\n }\n }\n\n /* Return partition */\n return [prev, next]\n }, [[], [...index]]),\n distinctUntilChanged((a, b) => (\n a[0] === b[0] &&\n a[1] === b[1]\n ))\n )\n )\n )\n )\n )\n\n /* Compute and return anchor list migrations */\n return partition$\n .pipe(\n map(([prev, next]) => ({\n prev: prev.map(([path]) => path),\n next: next.map(([path]) => path)\n })),\n\n /* Extract anchor list migrations */\n startWith({ prev: [], next: [] }),\n bufferCount(2, 1),\n map(([a, b]) => {\n\n /* Moving down */\n if (a.prev.length < b.prev.length) {\n return {\n prev: b.prev.slice(Math.max(0, a.prev.length - 1), b.prev.length),\n next: []\n }\n\n /* Moving up */\n } else {\n return {\n prev: b.prev.slice(-1),\n next: b.next.slice(0, b.next.length - a.next.length)\n }\n }\n })\n )\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Mount table of contents\n *\n * @param el - Table of contents element\n * @param options - Options\n *\n * @returns Table of contents component observable\n */\nexport function mountTableOfContents(\n el: HTMLElement, { viewport$, header$, target$ }: MountOptions\n): Observable> {\n return defer(() => {\n const push$ = new Subject()\n const done$ = push$.pipe(takeLast(1))\n push$.subscribe(({ prev, next }) => {\n\n /* Look forward */\n for (const [anchor] of next) {\n anchor.classList.remove(\"md-nav__link--passed\")\n anchor.classList.remove(\"md-nav__link--active\")\n }\n\n /* Look backward */\n for (const [index, [anchor]] of prev.entries()) {\n anchor.classList.add(\"md-nav__link--passed\")\n anchor.classList.toggle(\n \"md-nav__link--active\",\n index === prev.length - 1\n )\n }\n })\n\n /* Set up following, if enabled */\n if (feature(\"toc.follow\")) {\n\n /* Toggle smooth scrolling only for anchor clicks */\n const smooth$ = merge(\n viewport$.pipe(debounceTime(1), map(() => undefined)),\n viewport$.pipe(debounceTime(250), map(() => \"smooth\" as const))\n )\n\n /* Bring active anchor into view */\n push$\n .pipe(\n filter(({ prev }) => prev.length > 0),\n withLatestFrom(smooth$)\n )\n .subscribe(([{ prev }, behavior]) => {\n const [anchor] = prev[prev.length - 1]\n if (anchor.offsetHeight) {\n\n /* Retrieve overflowing container and scroll */\n const container = getElementContainer(anchor)\n if (typeof container !== \"undefined\") {\n const offset = anchor.offsetTop - container.offsetTop\n const { height } = getElementSize(container)\n container.scrollTo({\n top: offset - height / 2,\n behavior\n })\n }\n }\n })\n }\n\n /* Set up anchor tracking, if enabled */\n if (feature(\"navigation.tracking\"))\n viewport$\n .pipe(\n takeUntil(done$),\n distinctUntilKeyChanged(\"offset\"),\n debounceTime(250),\n skip(1),\n takeUntil(target$.pipe(skip(1))),\n repeat({ delay: 250 }),\n withLatestFrom(push$)\n )\n .subscribe(([, { prev }]) => {\n const url = getLocation()\n\n /* Set hash fragment to active anchor */\n const anchor = prev[prev.length - 1]\n if (anchor && anchor.length) {\n const [active] = anchor\n const { hash } = new URL(active.href)\n if (url.hash !== hash) {\n url.hash = hash\n history.replaceState({}, \"\", `${url}`)\n }\n\n /* Reset anchor when at the top */\n } else {\n url.hash = \"\"\n history.replaceState({}, \"\", `${url}`)\n }\n })\n\n /* Create and return component */\n return watchTableOfContents(el, { viewport$, header$ })\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n Subject,\n bufferCount,\n combineLatest,\n distinctUntilChanged,\n distinctUntilKeyChanged,\n endWith,\n finalize,\n map,\n repeat,\n skip,\n takeLast,\n takeUntil,\n tap\n} from \"rxjs\"\n\nimport { Viewport } from \"~/browser\"\n\nimport { Component } from \"../_\"\nimport { Header } from \"../header\"\nimport { Main } from \"../main\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Back-to-top button\n */\nexport interface BackToTop {\n hidden: boolean /* Back-to-top button is hidden */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch options\n */\ninterface WatchOptions {\n viewport$: Observable /* Viewport observable */\n main$: Observable
    /* Main area observable */\n target$: Observable /* Location target observable */\n}\n\n/**\n * Mount options\n */\ninterface MountOptions {\n viewport$: Observable /* Viewport observable */\n header$: Observable
    /* Header observable */\n main$: Observable
    /* Main area observable */\n target$: Observable /* Location target observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Watch back-to-top\n *\n * @param _el - Back-to-top element\n * @param options - Options\n *\n * @returns Back-to-top observable\n */\nexport function watchBackToTop(\n _el: HTMLElement, { viewport$, main$, target$ }: WatchOptions\n): Observable {\n\n /* Compute direction */\n const direction$ = viewport$\n .pipe(\n map(({ offset: { y } }) => y),\n bufferCount(2, 1),\n map(([a, b]) => a > b && b > 0),\n distinctUntilChanged()\n )\n\n /* Compute whether main area is active */\n const active$ = main$\n .pipe(\n map(({ active }) => active)\n )\n\n /* Compute threshold for hiding */\n return combineLatest([active$, direction$])\n .pipe(\n map(([active, direction]) => !(active && direction)),\n distinctUntilChanged(),\n takeUntil(target$.pipe(skip(1))),\n endWith(true),\n repeat({ delay: 250 }),\n map(hidden => ({ hidden }))\n )\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Mount back-to-top\n *\n * @param el - Back-to-top element\n * @param options - Options\n *\n * @returns Back-to-top component observable\n */\nexport function mountBackToTop(\n el: HTMLElement, { viewport$, header$, main$, target$ }: MountOptions\n): Observable> {\n const push$ = new Subject()\n const done$ = push$.pipe(takeLast(1))\n push$.subscribe({\n\n /* Handle emission */\n next({ hidden }) {\n el.hidden = hidden\n if (hidden) {\n el.setAttribute(\"tabindex\", \"-1\")\n el.blur()\n } else {\n el.removeAttribute(\"tabindex\")\n }\n },\n\n /* Handle complete */\n complete() {\n el.style.top = \"\"\n el.hidden = true\n el.removeAttribute(\"tabindex\")\n }\n })\n\n /* Watch header height */\n header$\n .pipe(\n takeUntil(done$),\n distinctUntilKeyChanged(\"height\")\n )\n .subscribe(({ height }) => {\n el.style.top = `${height + 16}px`\n })\n\n /* Create and return component */\n return watchBackToTop(el, { viewport$, main$, target$ })\n .pipe(\n tap(state => push$.next(state)),\n finalize(() => push$.complete()),\n map(state => ({ ref: el, ...state }))\n )\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n fromEvent,\n map,\n mergeMap,\n switchMap,\n takeWhile,\n tap,\n withLatestFrom\n} from \"rxjs\"\n\nimport { getElements } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch options\n */\ninterface PatchOptions {\n document$: Observable /* Document observable */\n tablet$: Observable /* Media tablet observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch indeterminate checkboxes\n *\n * This function replaces the indeterminate \"pseudo state\" with the actual\n * indeterminate state, which is used to keep navigation always expanded.\n *\n * @param options - Options\n */\nexport function patchIndeterminate(\n { document$, tablet$ }: PatchOptions\n): void {\n document$\n .pipe(\n switchMap(() => getElements(\n // @todo `data-md-state` is deprecated and removed in v9\n \".md-toggle--indeterminate, [data-md-state=indeterminate]\"\n )),\n tap(el => {\n el.indeterminate = true\n el.checked = false\n }),\n mergeMap(el => fromEvent(el, \"change\")\n .pipe(\n takeWhile(() => el.classList.contains(\"md-toggle--indeterminate\")),\n map(() => el)\n )\n ),\n withLatestFrom(tablet$)\n )\n .subscribe(([el, tablet]) => {\n el.classList.remove(\"md-toggle--indeterminate\")\n if (tablet)\n el.checked = false\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n filter,\n fromEvent,\n map,\n mergeMap,\n switchMap,\n tap\n} from \"rxjs\"\n\nimport { getElements } from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch options\n */\ninterface PatchOptions {\n document$: Observable /* Document observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Check whether the given device is an Apple device\n *\n * @returns Test result\n */\nfunction isAppleDevice(): boolean {\n return /(iPad|iPhone|iPod)/.test(navigator.userAgent)\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch all elements with `data-md-scrollfix` attributes\n *\n * This is a year-old patch which ensures that overflow scrolling works at the\n * top and bottom of containers on iOS by ensuring a `1px` scroll offset upon\n * the start of a touch event.\n *\n * @see https://bit.ly/2SCtAOO - Original source\n *\n * @param options - Options\n */\nexport function patchScrollfix(\n { document$ }: PatchOptions\n): void {\n document$\n .pipe(\n switchMap(() => getElements(\"[data-md-scrollfix]\")),\n tap(el => el.removeAttribute(\"data-md-scrollfix\")),\n filter(isAppleDevice),\n mergeMap(el => fromEvent(el, \"touchstart\")\n .pipe(\n map(() => el)\n )\n )\n )\n .subscribe(el => {\n const top = el.scrollTop\n\n /* We're at the top of the container */\n if (top === 0) {\n el.scrollTop = 1\n\n /* We're at the bottom of the container */\n } else if (top + el.offsetHeight === el.scrollHeight) {\n el.scrollTop = top - 1\n }\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n Observable,\n combineLatest,\n delay,\n map,\n of,\n switchMap,\n withLatestFrom\n} from \"rxjs\"\n\nimport {\n Viewport,\n watchToggle\n} from \"~/browser\"\n\n/* ----------------------------------------------------------------------------\n * Helper types\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch options\n */\ninterface PatchOptions {\n viewport$: Observable /* Viewport observable */\n tablet$: Observable /* Media tablet observable */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Patch the document body to lock when search is open\n *\n * For mobile and tablet viewports, the search is rendered full screen, which\n * leads to scroll leaking when at the top or bottom of the search result. This\n * function locks the body when the search is in full screen mode, and restores\n * the scroll position when leaving.\n *\n * @param options - Options\n */\nexport function patchScrolllock(\n { viewport$, tablet$ }: PatchOptions\n): void {\n combineLatest([watchToggle(\"search\"), tablet$])\n .pipe(\n map(([active, tablet]) => active && !tablet),\n switchMap(active => of(active)\n .pipe(\n delay(active ? 400 : 100)\n )\n ),\n withLatestFrom(viewport$)\n )\n .subscribe(([active, { offset: { y }}]) => {\n if (active) {\n document.body.setAttribute(\"data-md-scrolllock\", \"\")\n document.body.style.top = `-${y}px`\n } else {\n const value = -1 * parseInt(document.body.style.top, 10)\n document.body.removeAttribute(\"data-md-scrolllock\")\n document.body.style.top = \"\"\n if (value)\n window.scrollTo(0, value)\n }\n })\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Polyfills\n * ------------------------------------------------------------------------- */\n\n/* Polyfill `Object.entries` */\nif (!Object.entries)\n Object.entries = function (obj: object) {\n const data: [string, string][] = []\n for (const key of Object.keys(obj))\n // @ts-expect-error - ignore property access warning\n data.push([key, obj[key]])\n\n /* Return entries */\n return data\n }\n\n/* Polyfill `Object.values` */\nif (!Object.values)\n Object.values = function (obj: object) {\n const data: string[] = []\n for (const key of Object.keys(obj))\n // @ts-expect-error - ignore property access warning\n data.push(obj[key])\n\n /* Return values */\n return data\n }\n\n/* ------------------------------------------------------------------------- */\n\n/* Polyfills for `Element` */\nif (typeof Element !== \"undefined\") {\n\n /* Polyfill `Element.scrollTo` */\n if (!Element.prototype.scrollTo)\n Element.prototype.scrollTo = function (\n x?: ScrollToOptions | number, y?: number\n ): void {\n if (typeof x === \"object\") {\n this.scrollLeft = x.left!\n this.scrollTop = x.top!\n } else {\n this.scrollLeft = x!\n this.scrollTop = y!\n }\n }\n\n /* Polyfill `Element.replaceWith` */\n if (!Element.prototype.replaceWith)\n Element.prototype.replaceWith = function (\n ...nodes: Array\n ): void {\n const parent = this.parentNode\n if (parent) {\n if (nodes.length === 0)\n parent.removeChild(this)\n\n /* Replace children and create text nodes */\n for (let i = nodes.length - 1; i >= 0; i--) {\n let node = nodes[i]\n if (typeof node === \"string\")\n node = document.createTextNode(node)\n else if (node.parentNode)\n node.parentNode.removeChild(node)\n\n /* Replace child or insert before previous sibling */\n if (!i)\n parent.replaceChild(node, this)\n else\n parent.insertBefore(this.previousSibling!, node)\n }\n }\n }\n}\n"], + "mappings": "6+BAAA,IAAAA,GAAAC,GAAA,CAAAC,GAAAC,KAAA,EAAC,SAAUC,EAAQC,EAAS,CAC1B,OAAOH,IAAY,UAAY,OAAOC,IAAW,YAAcE,EAAQ,EACvE,OAAO,QAAW,YAAc,OAAO,IAAM,OAAOA,CAAO,EAC1DA,EAAQ,CACX,GAAEH,GAAO,UAAY,CAAE,aASrB,SAASI,EAA0BC,EAAO,CACxC,IAAIC,EAAmB,GACnBC,EAA0B,GAC1BC,EAAiC,KAEjCC,EAAsB,CACxB,KAAM,GACN,OAAQ,GACR,IAAK,GACL,IAAK,GACL,MAAO,GACP,SAAU,GACV,OAAQ,GACR,KAAM,GACN,MAAO,GACP,KAAM,GACN,KAAM,GACN,SAAU,GACV,iBAAkB,EACpB,EAOA,SAASC,EAAmBC,EAAI,CAC9B,MACE,GAAAA,GACAA,IAAO,UACPA,EAAG,WAAa,QAChBA,EAAG,WAAa,QAChB,cAAeA,GACf,aAAcA,EAAG,UAKrB,CASA,SAASC,EAA8BD,EAAI,CACzC,IAAIE,GAAOF,EAAG,KACVG,GAAUH,EAAG,QAUjB,MARI,GAAAG,KAAY,SAAWL,EAAoBI,KAAS,CAACF,EAAG,UAIxDG,KAAY,YAAc,CAACH,EAAG,UAI9BA,EAAG,kBAKT,CAOA,SAASI,EAAqBJ,EAAI,CAC5BA,EAAG,UAAU,SAAS,eAAe,IAGzCA,EAAG,UAAU,IAAI,eAAe,EAChCA,EAAG,aAAa,2BAA4B,EAAE,EAChD,CAOA,SAASK,EAAwBL,EAAI,CAC/B,CAACA,EAAG,aAAa,0BAA0B,IAG/CA,EAAG,UAAU,OAAO,eAAe,EACnCA,EAAG,gBAAgB,0BAA0B,EAC/C,CAUA,SAASM,EAAUC,EAAG,CAChBA,EAAE,SAAWA,EAAE,QAAUA,EAAE,UAI3BR,EAAmBL,EAAM,aAAa,GACxCU,EAAqBV,EAAM,aAAa,EAG1CC,EAAmB,GACrB,CAUA,SAASa,EAAcD,EAAG,CACxBZ,EAAmB,EACrB,CASA,SAASc,EAAQF,EAAG,CAEd,CAACR,EAAmBQ,EAAE,MAAM,IAI5BZ,GAAoBM,EAA8BM,EAAE,MAAM,IAC5DH,EAAqBG,EAAE,MAAM,CAEjC,CAMA,SAASG,EAAOH,EAAG,CACb,CAACR,EAAmBQ,EAAE,MAAM,IAK9BA,EAAE,OAAO,UAAU,SAAS,eAAe,GAC3CA,EAAE,OAAO,aAAa,0BAA0B,KAMhDX,EAA0B,GAC1B,OAAO,aAAaC,CAA8B,EAClDA,EAAiC,OAAO,WAAW,UAAW,CAC5DD,EAA0B,EAC5B,EAAG,GAAG,EACNS,EAAwBE,EAAE,MAAM,EAEpC,CAOA,SAASI,EAAmBJ,EAAG,CACzB,SAAS,kBAAoB,WAK3BX,IACFD,EAAmB,IAErBiB,EAA+B,EAEnC,CAQA,SAASA,GAAiC,CACxC,SAAS,iBAAiB,YAAaC,CAAoB,EAC3D,SAAS,iBAAiB,YAAaA,CAAoB,EAC3D,SAAS,iBAAiB,UAAWA,CAAoB,EACzD,SAAS,iBAAiB,cAAeA,CAAoB,EAC7D,SAAS,iBAAiB,cAAeA,CAAoB,EAC7D,SAAS,iBAAiB,YAAaA,CAAoB,EAC3D,SAAS,iBAAiB,YAAaA,CAAoB,EAC3D,SAAS,iBAAiB,aAAcA,CAAoB,EAC5D,SAAS,iBAAiB,WAAYA,CAAoB,CAC5D,CAEA,SAASC,GAAoC,CAC3C,SAAS,oBAAoB,YAAaD,CAAoB,EAC9D,SAAS,oBAAoB,YAAaA,CAAoB,EAC9D,SAAS,oBAAoB,UAAWA,CAAoB,EAC5D,SAAS,oBAAoB,cAAeA,CAAoB,EAChE,SAAS,oBAAoB,cAAeA,CAAoB,EAChE,SAAS,oBAAoB,YAAaA,CAAoB,EAC9D,SAAS,oBAAoB,YAAaA,CAAoB,EAC9D,SAAS,oBAAoB,aAAcA,CAAoB,EAC/D,SAAS,oBAAoB,WAAYA,CAAoB,CAC/D,CASA,SAASA,EAAqBN,EAAG,CAG3BA,EAAE,OAAO,UAAYA,EAAE,OAAO,SAAS,YAAY,IAAM,SAI7DZ,EAAmB,GACnBmB,EAAkC,EACpC,CAKA,SAAS,iBAAiB,UAAWR,EAAW,EAAI,EACpD,SAAS,iBAAiB,YAAaE,EAAe,EAAI,EAC1D,SAAS,iBAAiB,cAAeA,EAAe,EAAI,EAC5D,SAAS,iBAAiB,aAAcA,EAAe,EAAI,EAC3D,SAAS,iBAAiB,mBAAoBG,EAAoB,EAAI,EAEtEC,EAA+B,EAM/BlB,EAAM,iBAAiB,QAASe,EAAS,EAAI,EAC7Cf,EAAM,iBAAiB,OAAQgB,EAAQ,EAAI,EAOvChB,EAAM,WAAa,KAAK,wBAA0BA,EAAM,KAI1DA,EAAM,KAAK,aAAa,wBAAyB,EAAE,EAC1CA,EAAM,WAAa,KAAK,gBACjC,SAAS,gBAAgB,UAAU,IAAI,kBAAkB,EACzD,SAAS,gBAAgB,aAAa,wBAAyB,EAAE,EAErE,CAKA,GAAI,OAAO,QAAW,aAAe,OAAO,UAAa,YAAa,CAIpE,OAAO,0BAA4BD,EAInC,IAAIsB,EAEJ,GAAI,CACFA,EAAQ,IAAI,YAAY,8BAA8B,CACxD,OAASC,EAAP,CAEAD,EAAQ,SAAS,YAAY,aAAa,EAC1CA,EAAM,gBAAgB,+BAAgC,GAAO,GAAO,CAAC,CAAC,CACxE,CAEA,OAAO,cAAcA,CAAK,CAC5B,CAEI,OAAO,UAAa,aAGtBtB,EAA0B,QAAQ,CAGtC,CAAE,ICvTF,IAAAwB,GAAAC,GAAAC,IAAA,EAAC,SAASC,EAAQ,CAOhB,IAAIC,EAA6B,UAAW,CAC1C,GAAI,CACF,MAAO,CAAC,CAAC,OAAO,QAClB,OAASC,EAAP,CACA,MAAO,EACT,CACF,EAGIC,EAAoBF,EAA2B,EAE/CG,EAAiB,SAASC,EAAO,CACnC,IAAIC,EAAW,CACb,KAAM,UAAW,CACf,IAAIC,EAAQF,EAAM,MAAM,EACxB,MAAO,CAAE,KAAME,IAAU,OAAQ,MAAOA,CAAM,CAChD,CACF,EAEA,OAAIJ,IACFG,EAAS,OAAO,UAAY,UAAW,CACrC,OAAOA,CACT,GAGKA,CACT,EAMIE,EAAiB,SAASD,EAAO,CACnC,OAAO,mBAAmBA,CAAK,EAAE,QAAQ,OAAQ,GAAG,CACtD,EAEIE,EAAmB,SAASF,EAAO,CACrC,OAAO,mBAAmB,OAAOA,CAAK,EAAE,QAAQ,MAAO,GAAG,CAAC,CAC7D,EAEIG,EAA0B,UAAW,CAEvC,IAAIC,EAAkB,SAASC,EAAc,CAC3C,OAAO,eAAe,KAAM,WAAY,CAAE,SAAU,GAAM,MAAO,CAAC,CAAE,CAAC,EACrE,IAAIC,EAAqB,OAAOD,EAEhC,GAAIC,IAAuB,YAEpB,GAAIA,IAAuB,SAC5BD,IAAiB,IACnB,KAAK,YAAYA,CAAY,UAEtBA,aAAwBD,EAAiB,CAClD,IAAIG,EAAQ,KACZF,EAAa,QAAQ,SAASL,EAAOQ,EAAM,CACzCD,EAAM,OAAOC,EAAMR,CAAK,CAC1B,CAAC,CACH,SAAYK,IAAiB,MAAUC,IAAuB,SAC5D,GAAI,OAAO,UAAU,SAAS,KAAKD,CAAY,IAAM,iBACnD,QAASI,EAAI,EAAGA,EAAIJ,EAAa,OAAQI,IAAK,CAC5C,IAAIC,EAAQL,EAAaI,GACzB,GAAK,OAAO,UAAU,SAAS,KAAKC,CAAK,IAAM,kBAAsBA,EAAM,SAAW,EACpF,KAAK,OAAOA,EAAM,GAAIA,EAAM,EAAE,MAE9B,OAAM,IAAI,UAAU,4CAA8CD,EAAI,6BAA8B,CAExG,KAEA,SAASE,KAAON,EACVA,EAAa,eAAeM,CAAG,GACjC,KAAK,OAAOA,EAAKN,EAAaM,EAAI,MAKxC,OAAM,IAAI,UAAU,8CAA+C,CAEvE,EAEIC,EAAQR,EAAgB,UAE5BQ,EAAM,OAAS,SAASJ,EAAMR,EAAO,CAC/BQ,KAAQ,KAAK,SACf,KAAK,SAASA,GAAM,KAAK,OAAOR,CAAK,CAAC,EAEtC,KAAK,SAASQ,GAAQ,CAAC,OAAOR,CAAK,CAAC,CAExC,EAEAY,EAAM,OAAS,SAASJ,EAAM,CAC5B,OAAO,KAAK,SAASA,EACvB,EAEAI,EAAM,IAAM,SAASJ,EAAM,CACzB,OAAQA,KAAQ,KAAK,SAAY,KAAK,SAASA,GAAM,GAAK,IAC5D,EAEAI,EAAM,OAAS,SAASJ,EAAM,CAC5B,OAAQA,KAAQ,KAAK,SAAY,KAAK,SAASA,GAAM,MAAM,CAAC,EAAI,CAAC,CACnE,EAEAI,EAAM,IAAM,SAASJ,EAAM,CACzB,OAAQA,KAAQ,KAAK,QACvB,EAEAI,EAAM,IAAM,SAASJ,EAAMR,EAAO,CAChC,KAAK,SAASQ,GAAQ,CAAC,OAAOR,CAAK,CAAC,CACtC,EAEAY,EAAM,QAAU,SAASC,EAAUC,EAAS,CAC1C,IAAIC,EACJ,QAASP,KAAQ,KAAK,SACpB,GAAI,KAAK,SAAS,eAAeA,CAAI,EAAG,CACtCO,EAAU,KAAK,SAASP,GACxB,QAASC,EAAI,EAAGA,EAAIM,EAAQ,OAAQN,IAClCI,EAAS,KAAKC,EAASC,EAAQN,GAAID,EAAM,IAAI,CAEjD,CAEJ,EAEAI,EAAM,KAAO,UAAW,CACtB,IAAId,EAAQ,CAAC,EACb,YAAK,QAAQ,SAASE,EAAOQ,EAAM,CACjCV,EAAM,KAAKU,CAAI,CACjB,CAAC,EACMX,EAAeC,CAAK,CAC7B,EAEAc,EAAM,OAAS,UAAW,CACxB,IAAId,EAAQ,CAAC,EACb,YAAK,QAAQ,SAASE,EAAO,CAC3BF,EAAM,KAAKE,CAAK,CAClB,CAAC,EACMH,EAAeC,CAAK,CAC7B,EAEAc,EAAM,QAAU,UAAW,CACzB,IAAId,EAAQ,CAAC,EACb,YAAK,QAAQ,SAASE,EAAOQ,EAAM,CACjCV,EAAM,KAAK,CAACU,EAAMR,CAAK,CAAC,CAC1B,CAAC,EACMH,EAAeC,CAAK,CAC7B,EAEIF,IACFgB,EAAM,OAAO,UAAYA,EAAM,SAGjCA,EAAM,SAAW,UAAW,CAC1B,IAAII,EAAc,CAAC,EACnB,YAAK,QAAQ,SAAShB,EAAOQ,EAAM,CACjCQ,EAAY,KAAKf,EAAeO,CAAI,EAAI,IAAMP,EAAeD,CAAK,CAAC,CACrE,CAAC,EACMgB,EAAY,KAAK,GAAG,CAC7B,EAGAvB,EAAO,gBAAkBW,CAC3B,EAEIa,EAAkC,UAAW,CAC/C,GAAI,CACF,IAAIb,EAAkBX,EAAO,gBAE7B,OACG,IAAIW,EAAgB,MAAM,EAAE,SAAS,IAAM,OAC3C,OAAOA,EAAgB,UAAU,KAAQ,YACzC,OAAOA,EAAgB,UAAU,SAAY,UAElD,OAASc,EAAP,CACA,MAAO,EACT,CACF,EAEKD,EAAgC,GACnCd,EAAwB,EAG1B,IAAIS,EAAQnB,EAAO,gBAAgB,UAE/B,OAAOmB,EAAM,MAAS,aACxBA,EAAM,KAAO,UAAW,CACtB,IAAIL,EAAQ,KACRT,EAAQ,CAAC,EACb,KAAK,QAAQ,SAASE,EAAOQ,EAAM,CACjCV,EAAM,KAAK,CAACU,EAAMR,CAAK,CAAC,EACnBO,EAAM,UACTA,EAAM,OAAOC,CAAI,CAErB,CAAC,EACDV,EAAM,KAAK,SAASqB,EAAGC,EAAG,CACxB,OAAID,EAAE,GAAKC,EAAE,GACJ,GACED,EAAE,GAAKC,EAAE,GACX,EAEA,CAEX,CAAC,EACGb,EAAM,WACRA,EAAM,SAAW,CAAC,GAEpB,QAASE,EAAI,EAAGA,EAAIX,EAAM,OAAQW,IAChC,KAAK,OAAOX,EAAMW,GAAG,GAAIX,EAAMW,GAAG,EAAE,CAExC,GAGE,OAAOG,EAAM,aAAgB,YAC/B,OAAO,eAAeA,EAAO,cAAe,CAC1C,WAAY,GACZ,aAAc,GACd,SAAU,GACV,MAAO,SAASP,EAAc,CAC5B,GAAI,KAAK,SACP,KAAK,SAAW,CAAC,MACZ,CACL,IAAIgB,EAAO,CAAC,EACZ,KAAK,QAAQ,SAASrB,EAAOQ,EAAM,CACjCa,EAAK,KAAKb,CAAI,CAChB,CAAC,EACD,QAASC,EAAI,EAAGA,EAAIY,EAAK,OAAQZ,IAC/B,KAAK,OAAOY,EAAKZ,EAAE,CAEvB,CAEAJ,EAAeA,EAAa,QAAQ,MAAO,EAAE,EAG7C,QAFIiB,EAAajB,EAAa,MAAM,GAAG,EACnCkB,EACKd,EAAI,EAAGA,EAAIa,EAAW,OAAQb,IACrCc,EAAYD,EAAWb,GAAG,MAAM,GAAG,EACnC,KAAK,OACHP,EAAiBqB,EAAU,EAAE,EAC5BA,EAAU,OAAS,EAAKrB,EAAiBqB,EAAU,EAAE,EAAI,EAC5D,CAEJ,CACF,CAAC,CAKL,GACG,OAAO,QAAW,YAAe,OAC5B,OAAO,QAAW,YAAe,OACjC,OAAO,MAAS,YAAe,KAAO/B,EAC9C,GAEC,SAASC,EAAQ,CAOhB,IAAI+B,EAAwB,UAAW,CACrC,GAAI,CACF,IAAIC,EAAI,IAAIhC,EAAO,IAAI,IAAK,UAAU,EACtC,OAAAgC,EAAE,SAAW,MACLA,EAAE,OAAS,kBAAqBA,EAAE,YAC5C,OAASP,EAAP,CACA,MAAO,EACT,CACF,EAGIQ,EAAc,UAAW,CAC3B,IAAIC,EAAOlC,EAAO,IAEdmC,EAAM,SAASC,EAAKC,EAAM,CACxB,OAAOD,GAAQ,WAAUA,EAAM,OAAOA,CAAG,GACzCC,GAAQ,OAAOA,GAAS,WAAUA,EAAO,OAAOA,CAAI,GAGxD,IAAIC,EAAM,SAAUC,EACpB,GAAIF,IAASrC,EAAO,WAAa,QAAUqC,IAASrC,EAAO,SAAS,MAAO,CACzEqC,EAAOA,EAAK,YAAY,EACxBC,EAAM,SAAS,eAAe,mBAAmB,EAAE,EACnDC,EAAcD,EAAI,cAAc,MAAM,EACtCC,EAAY,KAAOF,EACnBC,EAAI,KAAK,YAAYC,CAAW,EAChC,GAAI,CACF,GAAIA,EAAY,KAAK,QAAQF,CAAI,IAAM,EAAG,MAAM,IAAI,MAAME,EAAY,IAAI,CAC5E,OAASC,EAAP,CACA,MAAM,IAAI,MAAM,0BAA4BH,EAAO,WAAaG,CAAG,CACrE,CACF,CAEA,IAAIC,EAAgBH,EAAI,cAAc,GAAG,EACzCG,EAAc,KAAOL,EACjBG,IACFD,EAAI,KAAK,YAAYG,CAAa,EAClCA,EAAc,KAAOA,EAAc,MAGrC,IAAIC,EAAeJ,EAAI,cAAc,OAAO,EAI5C,GAHAI,EAAa,KAAO,MACpBA,EAAa,MAAQN,EAEjBK,EAAc,WAAa,KAAO,CAAC,IAAI,KAAKA,EAAc,IAAI,GAAM,CAACC,EAAa,cAAc,GAAK,CAACL,EACxG,MAAM,IAAI,UAAU,aAAa,EAGnC,OAAO,eAAe,KAAM,iBAAkB,CAC5C,MAAOI,CACT,CAAC,EAID,IAAIE,EAAe,IAAI3C,EAAO,gBAAgB,KAAK,MAAM,EACrD4C,EAAqB,GACrBC,EAA2B,GAC3B/B,EAAQ,KACZ,CAAC,SAAU,SAAU,KAAK,EAAE,QAAQ,SAASgC,EAAY,CACvD,IAAIC,GAASJ,EAAaG,GAC1BH,EAAaG,GAAc,UAAW,CACpCC,GAAO,MAAMJ,EAAc,SAAS,EAChCC,IACFC,EAA2B,GAC3B/B,EAAM,OAAS6B,EAAa,SAAS,EACrCE,EAA2B,GAE/B,CACF,CAAC,EAED,OAAO,eAAe,KAAM,eAAgB,CAC1C,MAAOF,EACP,WAAY,EACd,CAAC,EAED,IAAIK,EAAS,OACb,OAAO,eAAe,KAAM,sBAAuB,CACjD,WAAY,GACZ,aAAc,GACd,SAAU,GACV,MAAO,UAAW,CACZ,KAAK,SAAWA,IAClBA,EAAS,KAAK,OACVH,IACFD,EAAqB,GACrB,KAAK,aAAa,YAAY,KAAK,MAAM,EACzCA,EAAqB,IAG3B,CACF,CAAC,CACH,EAEIzB,EAAQgB,EAAI,UAEZc,EAA6B,SAASC,EAAe,CACvD,OAAO,eAAe/B,EAAO+B,EAAe,CAC1C,IAAK,UAAW,CACd,OAAO,KAAK,eAAeA,EAC7B,EACA,IAAK,SAAS3C,EAAO,CACnB,KAAK,eAAe2C,GAAiB3C,CACvC,EACA,WAAY,EACd,CAAC,CACH,EAEA,CAAC,OAAQ,OAAQ,WAAY,OAAQ,UAAU,EAC5C,QAAQ,SAAS2C,EAAe,CAC/BD,EAA2BC,CAAa,CAC1C,CAAC,EAEH,OAAO,eAAe/B,EAAO,SAAU,CACrC,IAAK,UAAW,CACd,OAAO,KAAK,eAAe,MAC7B,EACA,IAAK,SAASZ,EAAO,CACnB,KAAK,eAAe,OAAYA,EAChC,KAAK,oBAAoB,CAC3B,EACA,WAAY,EACd,CAAC,EAED,OAAO,iBAAiBY,EAAO,CAE7B,SAAY,CACV,IAAK,UAAW,CACd,IAAIL,EAAQ,KACZ,OAAO,UAAW,CAChB,OAAOA,EAAM,IACf,CACF,CACF,EAEA,KAAQ,CACN,IAAK,UAAW,CACd,OAAO,KAAK,eAAe,KAAK,QAAQ,MAAO,EAAE,CACnD,EACA,IAAK,SAASP,EAAO,CACnB,KAAK,eAAe,KAAOA,EAC3B,KAAK,oBAAoB,CAC3B,EACA,WAAY,EACd,EAEA,SAAY,CACV,IAAK,UAAW,CACd,OAAO,KAAK,eAAe,SAAS,QAAQ,SAAU,GAAG,CAC3D,EACA,IAAK,SAASA,EAAO,CACnB,KAAK,eAAe,SAAWA,CACjC,EACA,WAAY,EACd,EAEA,OAAU,CACR,IAAK,UAAW,CAEd,IAAI4C,EAAe,CAAE,QAAS,GAAI,SAAU,IAAK,OAAQ,EAAG,EAAE,KAAK,eAAe,UAI9EC,EAAkB,KAAK,eAAe,MAAQD,GAChD,KAAK,eAAe,OAAS,GAE/B,OAAO,KAAK,eAAe,SACzB,KACA,KAAK,eAAe,UACnBC,EAAmB,IAAM,KAAK,eAAe,KAAQ,GAC1D,EACA,WAAY,EACd,EAEA,SAAY,CACV,IAAK,UAAW,CACd,MAAO,EACT,EACA,IAAK,SAAS7C,EAAO,CACrB,EACA,WAAY,EACd,EAEA,SAAY,CACV,IAAK,UAAW,CACd,MAAO,EACT,EACA,IAAK,SAASA,EAAO,CACrB,EACA,WAAY,EACd,CACF,CAAC,EAED4B,EAAI,gBAAkB,SAASkB,EAAM,CACnC,OAAOnB,EAAK,gBAAgB,MAAMA,EAAM,SAAS,CACnD,EAEAC,EAAI,gBAAkB,SAASC,EAAK,CAClC,OAAOF,EAAK,gBAAgB,MAAMA,EAAM,SAAS,CACnD,EAEAlC,EAAO,IAAMmC,CAEf,EAMA,GAJKJ,EAAsB,GACzBE,EAAY,EAGTjC,EAAO,WAAa,QAAW,EAAE,WAAYA,EAAO,UAAW,CAClE,IAAIsD,EAAY,UAAW,CACzB,OAAOtD,EAAO,SAAS,SAAW,KAAOA,EAAO,SAAS,UAAYA,EAAO,SAAS,KAAQ,IAAMA,EAAO,SAAS,KAAQ,GAC7H,EAEA,GAAI,CACF,OAAO,eAAeA,EAAO,SAAU,SAAU,CAC/C,IAAKsD,EACL,WAAY,EACd,CAAC,CACH,OAAS7B,EAAP,CACA,YAAY,UAAW,CACrBzB,EAAO,SAAS,OAASsD,EAAU,CACrC,EAAG,GAAG,CACR,CACF,CAEF,GACG,OAAO,QAAW,YAAe,OAC5B,OAAO,QAAW,YAAe,OACjC,OAAO,MAAS,YAAe,KAAOvD,EAC9C,IC5eA,IAAAwD,GAAAC,GAAA,CAAAC,GAAAC,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gFAeA,IAAIC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,GACAC,IACH,SAAUC,EAAS,CAChB,IAAIC,EAAO,OAAO,QAAW,SAAW,OAAS,OAAO,MAAS,SAAW,KAAO,OAAO,MAAS,SAAW,KAAO,CAAC,EAClH,OAAO,QAAW,YAAc,OAAO,IACvC,OAAO,QAAS,CAAC,SAAS,EAAG,SAAU3B,EAAS,CAAE0B,EAAQE,EAAeD,EAAMC,EAAe5B,CAAO,CAAC,CAAC,CAAG,CAAC,EAEtG,OAAOC,IAAW,UAAY,OAAOA,GAAO,SAAY,SAC7DyB,EAAQE,EAAeD,EAAMC,EAAe3B,GAAO,OAAO,CAAC,CAAC,EAG5DyB,EAAQE,EAAeD,CAAI,CAAC,EAEhC,SAASC,EAAe5B,EAAS6B,EAAU,CACvC,OAAI7B,IAAY2B,IACR,OAAO,OAAO,QAAW,WACzB,OAAO,eAAe3B,EAAS,aAAc,CAAE,MAAO,EAAK,CAAC,EAG5DA,EAAQ,WAAa,IAGtB,SAAU8B,EAAIC,EAAG,CAAE,OAAO/B,EAAQ8B,GAAMD,EAAWA,EAASC,EAAIC,CAAC,EAAIA,CAAG,CACnF,CACJ,GACC,SAAUC,EAAU,CACjB,IAAIC,EAAgB,OAAO,gBACtB,CAAE,UAAW,CAAC,CAAE,YAAa,OAAS,SAAUC,EAAGC,EAAG,CAAED,EAAE,UAAYC,CAAG,GAC1E,SAAUD,EAAGC,EAAG,CAAE,QAASC,KAAKD,EAAO,OAAO,UAAU,eAAe,KAAKA,EAAGC,CAAC,IAAGF,EAAEE,GAAKD,EAAEC,GAAI,EAEpGlC,GAAY,SAAUgC,EAAGC,EAAG,CACxB,GAAI,OAAOA,GAAM,YAAcA,IAAM,KACjC,MAAM,IAAI,UAAU,uBAAyB,OAAOA,CAAC,EAAI,+BAA+B,EAC5FF,EAAcC,EAAGC,CAAC,EAClB,SAASE,GAAK,CAAE,KAAK,YAAcH,CAAG,CACtCA,EAAE,UAAYC,IAAM,KAAO,OAAO,OAAOA,CAAC,GAAKE,EAAG,UAAYF,EAAE,UAAW,IAAIE,EACnF,EAEAlC,GAAW,OAAO,QAAU,SAAUmC,EAAG,CACrC,QAASC,EAAG,EAAI,EAAGC,EAAI,UAAU,OAAQ,EAAIA,EAAG,IAAK,CACjDD,EAAI,UAAU,GACd,QAASH,KAAKG,EAAO,OAAO,UAAU,eAAe,KAAKA,EAAGH,CAAC,IAAGE,EAAEF,GAAKG,EAAEH,GAC9E,CACA,OAAOE,CACX,EAEAlC,GAAS,SAAUmC,EAAGE,EAAG,CACrB,IAAIH,EAAI,CAAC,EACT,QAASF,KAAKG,EAAO,OAAO,UAAU,eAAe,KAAKA,EAAGH,CAAC,GAAKK,EAAE,QAAQL,CAAC,EAAI,IAC9EE,EAAEF,GAAKG,EAAEH,IACb,GAAIG,GAAK,MAAQ,OAAO,OAAO,uBAA0B,WACrD,QAASG,EAAI,EAAGN,EAAI,OAAO,sBAAsBG,CAAC,EAAGG,EAAIN,EAAE,OAAQM,IAC3DD,EAAE,QAAQL,EAAEM,EAAE,EAAI,GAAK,OAAO,UAAU,qBAAqB,KAAKH,EAAGH,EAAEM,EAAE,IACzEJ,EAAEF,EAAEM,IAAMH,EAAEH,EAAEM,KAE1B,OAAOJ,CACX,EAEAjC,GAAa,SAAUsC,EAAYC,EAAQC,EAAKC,EAAM,CAClD,IAAIC,EAAI,UAAU,OAAQC,EAAID,EAAI,EAAIH,EAASE,IAAS,KAAOA,EAAO,OAAO,yBAAyBF,EAAQC,CAAG,EAAIC,EAAMZ,EAC3H,GAAI,OAAO,SAAY,UAAY,OAAO,QAAQ,UAAa,WAAYc,EAAI,QAAQ,SAASL,EAAYC,EAAQC,EAAKC,CAAI,MACxH,SAASJ,EAAIC,EAAW,OAAS,EAAGD,GAAK,EAAGA,KAASR,EAAIS,EAAWD,MAAIM,GAAKD,EAAI,EAAIb,EAAEc,CAAC,EAAID,EAAI,EAAIb,EAAEU,EAAQC,EAAKG,CAAC,EAAId,EAAEU,EAAQC,CAAG,IAAMG,GAChJ,OAAOD,EAAI,GAAKC,GAAK,OAAO,eAAeJ,EAAQC,EAAKG,CAAC,EAAGA,CAChE,EAEA1C,GAAU,SAAU2C,EAAYC,EAAW,CACvC,OAAO,SAAUN,EAAQC,EAAK,CAAEK,EAAUN,EAAQC,EAAKI,CAAU,CAAG,CACxE,EAEA1C,GAAa,SAAU4C,EAAaC,EAAe,CAC/C,GAAI,OAAO,SAAY,UAAY,OAAO,QAAQ,UAAa,WAAY,OAAO,QAAQ,SAASD,EAAaC,CAAa,CACjI,EAEA5C,GAAY,SAAU6C,EAASC,EAAYC,EAAGC,EAAW,CACrD,SAASC,EAAMC,EAAO,CAAE,OAAOA,aAAiBH,EAAIG,EAAQ,IAAIH,EAAE,SAAUI,EAAS,CAAEA,EAAQD,CAAK,CAAG,CAAC,CAAG,CAC3G,OAAO,IAAKH,IAAMA,EAAI,UAAU,SAAUI,EAASC,EAAQ,CACvD,SAASC,EAAUH,EAAO,CAAE,GAAI,CAAEI,EAAKN,EAAU,KAAKE,CAAK,CAAC,CAAG,OAASjB,EAAP,CAAYmB,EAAOnB,CAAC,CAAG,CAAE,CAC1F,SAASsB,EAASL,EAAO,CAAE,GAAI,CAAEI,EAAKN,EAAU,MAASE,CAAK,CAAC,CAAG,OAASjB,EAAP,CAAYmB,EAAOnB,CAAC,CAAG,CAAE,CAC7F,SAASqB,EAAKE,EAAQ,CAAEA,EAAO,KAAOL,EAAQK,EAAO,KAAK,EAAIP,EAAMO,EAAO,KAAK,EAAE,KAAKH,EAAWE,CAAQ,CAAG,CAC7GD,GAAMN,EAAYA,EAAU,MAAMH,EAASC,GAAc,CAAC,CAAC,GAAG,KAAK,CAAC,CACxE,CAAC,CACL,EAEA7C,GAAc,SAAU4C,EAASY,EAAM,CACnC,IAAIC,EAAI,CAAE,MAAO,EAAG,KAAM,UAAW,CAAE,GAAI5B,EAAE,GAAK,EAAG,MAAMA,EAAE,GAAI,OAAOA,EAAE,EAAI,EAAG,KAAM,CAAC,EAAG,IAAK,CAAC,CAAE,EAAG6B,EAAGC,EAAG9B,EAAG+B,EAC/G,OAAOA,EAAI,CAAE,KAAMC,EAAK,CAAC,EAAG,MAASA,EAAK,CAAC,EAAG,OAAUA,EAAK,CAAC,CAAE,EAAG,OAAO,QAAW,aAAeD,EAAE,OAAO,UAAY,UAAW,CAAE,OAAO,IAAM,GAAIA,EACvJ,SAASC,EAAK9B,EAAG,CAAE,OAAO,SAAUT,EAAG,CAAE,OAAO+B,EAAK,CAACtB,EAAGT,CAAC,CAAC,CAAG,CAAG,CACjE,SAAS+B,EAAKS,EAAI,CACd,GAAIJ,EAAG,MAAM,IAAI,UAAU,iCAAiC,EAC5D,KAAOD,GAAG,GAAI,CACV,GAAIC,EAAI,EAAGC,IAAM9B,EAAIiC,EAAG,GAAK,EAAIH,EAAE,OAAYG,EAAG,GAAKH,EAAE,SAAc9B,EAAI8B,EAAE,SAAc9B,EAAE,KAAK8B,CAAC,EAAG,GAAKA,EAAE,OAAS,EAAE9B,EAAIA,EAAE,KAAK8B,EAAGG,EAAG,EAAE,GAAG,KAAM,OAAOjC,EAE3J,OADI8B,EAAI,EAAG9B,IAAGiC,EAAK,CAACA,EAAG,GAAK,EAAGjC,EAAE,KAAK,GAC9BiC,EAAG,GAAI,CACX,IAAK,GAAG,IAAK,GAAGjC,EAAIiC,EAAI,MACxB,IAAK,GAAG,OAAAL,EAAE,QAAgB,CAAE,MAAOK,EAAG,GAAI,KAAM,EAAM,EACtD,IAAK,GAAGL,EAAE,QAASE,EAAIG,EAAG,GAAIA,EAAK,CAAC,CAAC,EAAG,SACxC,IAAK,GAAGA,EAAKL,EAAE,IAAI,IAAI,EAAGA,EAAE,KAAK,IAAI,EAAG,SACxC,QACI,GAAM5B,EAAI4B,EAAE,KAAM,EAAA5B,EAAIA,EAAE,OAAS,GAAKA,EAAEA,EAAE,OAAS,MAAQiC,EAAG,KAAO,GAAKA,EAAG,KAAO,GAAI,CAAEL,EAAI,EAAG,QAAU,CAC3G,GAAIK,EAAG,KAAO,IAAM,CAACjC,GAAMiC,EAAG,GAAKjC,EAAE,IAAMiC,EAAG,GAAKjC,EAAE,IAAM,CAAE4B,EAAE,MAAQK,EAAG,GAAI,KAAO,CACrF,GAAIA,EAAG,KAAO,GAAKL,EAAE,MAAQ5B,EAAE,GAAI,CAAE4B,EAAE,MAAQ5B,EAAE,GAAIA,EAAIiC,EAAI,KAAO,CACpE,GAAIjC,GAAK4B,EAAE,MAAQ5B,EAAE,GAAI,CAAE4B,EAAE,MAAQ5B,EAAE,GAAI4B,EAAE,IAAI,KAAKK,CAAE,EAAG,KAAO,CAC9DjC,EAAE,IAAI4B,EAAE,IAAI,IAAI,EACpBA,EAAE,KAAK,IAAI,EAAG,QACtB,CACAK,EAAKN,EAAK,KAAKZ,EAASa,CAAC,CAC7B,OAASzB,EAAP,CAAY8B,EAAK,CAAC,EAAG9B,CAAC,EAAG2B,EAAI,CAAG,QAAE,CAAUD,EAAI7B,EAAI,CAAG,CACzD,GAAIiC,EAAG,GAAK,EAAG,MAAMA,EAAG,GAAI,MAAO,CAAE,MAAOA,EAAG,GAAKA,EAAG,GAAK,OAAQ,KAAM,EAAK,CACnF,CACJ,EAEA7D,GAAe,SAAS8D,EAAG,EAAG,CAC1B,QAASpC,KAAKoC,EAAOpC,IAAM,WAAa,CAAC,OAAO,UAAU,eAAe,KAAK,EAAGA,CAAC,GAAGX,GAAgB,EAAG+C,EAAGpC,CAAC,CAChH,EAEAX,GAAkB,OAAO,OAAU,SAASgD,EAAGD,EAAGE,EAAGC,EAAI,CACjDA,IAAO,SAAWA,EAAKD,GAC3B,OAAO,eAAeD,EAAGE,EAAI,CAAE,WAAY,GAAM,IAAK,UAAW,CAAE,OAAOH,EAAEE,EAAI,CAAE,CAAC,CACvF,EAAM,SAASD,EAAGD,EAAGE,EAAGC,EAAI,CACpBA,IAAO,SAAWA,EAAKD,GAC3BD,EAAEE,GAAMH,EAAEE,EACd,EAEA/D,GAAW,SAAU8D,EAAG,CACpB,IAAIlC,EAAI,OAAO,QAAW,YAAc,OAAO,SAAUiC,EAAIjC,GAAKkC,EAAElC,GAAIG,EAAI,EAC5E,GAAI8B,EAAG,OAAOA,EAAE,KAAKC,CAAC,EACtB,GAAIA,GAAK,OAAOA,EAAE,QAAW,SAAU,MAAO,CAC1C,KAAM,UAAY,CACd,OAAIA,GAAK/B,GAAK+B,EAAE,SAAQA,EAAI,QACrB,CAAE,MAAOA,GAAKA,EAAE/B,KAAM,KAAM,CAAC+B,CAAE,CAC1C,CACJ,EACA,MAAM,IAAI,UAAUlC,EAAI,0BAA4B,iCAAiC,CACzF,EAEA3B,GAAS,SAAU6D,EAAGjC,EAAG,CACrB,IAAIgC,EAAI,OAAO,QAAW,YAAcC,EAAE,OAAO,UACjD,GAAI,CAACD,EAAG,OAAOC,EACf,IAAI/B,EAAI8B,EAAE,KAAKC,CAAC,EAAGzB,EAAG4B,EAAK,CAAC,EAAGnC,EAC/B,GAAI,CACA,MAAQD,IAAM,QAAUA,KAAM,IAAM,EAAEQ,EAAIN,EAAE,KAAK,GAAG,MAAMkC,EAAG,KAAK5B,EAAE,KAAK,CAC7E,OACO6B,EAAP,CAAgBpC,EAAI,CAAE,MAAOoC,CAAM,CAAG,QACtC,CACI,GAAI,CACI7B,GAAK,CAACA,EAAE,OAASwB,EAAI9B,EAAE,SAAY8B,EAAE,KAAK9B,CAAC,CACnD,QACA,CAAU,GAAID,EAAG,MAAMA,EAAE,KAAO,CACpC,CACA,OAAOmC,CACX,EAGA/D,GAAW,UAAY,CACnB,QAAS+D,EAAK,CAAC,EAAGlC,EAAI,EAAGA,EAAI,UAAU,OAAQA,IAC3CkC,EAAKA,EAAG,OAAOhE,GAAO,UAAU8B,EAAE,CAAC,EACvC,OAAOkC,CACX,EAGA9D,GAAiB,UAAY,CACzB,QAASyB,EAAI,EAAGG,EAAI,EAAGoC,EAAK,UAAU,OAAQpC,EAAIoC,EAAIpC,IAAKH,GAAK,UAAUG,GAAG,OAC7E,QAASM,EAAI,MAAMT,CAAC,EAAGmC,EAAI,EAAGhC,EAAI,EAAGA,EAAIoC,EAAIpC,IACzC,QAASqC,EAAI,UAAUrC,GAAIsC,EAAI,EAAGC,EAAKF,EAAE,OAAQC,EAAIC,EAAID,IAAKN,IAC1D1B,EAAE0B,GAAKK,EAAEC,GACjB,OAAOhC,CACX,EAEAjC,GAAgB,SAAUmE,EAAIC,EAAMC,EAAM,CACtC,GAAIA,GAAQ,UAAU,SAAW,EAAG,QAAS1C,EAAI,EAAG2C,EAAIF,EAAK,OAAQP,EAAIlC,EAAI2C,EAAG3C,KACxEkC,GAAM,EAAElC,KAAKyC,MACRP,IAAIA,EAAK,MAAM,UAAU,MAAM,KAAKO,EAAM,EAAGzC,CAAC,GACnDkC,EAAGlC,GAAKyC,EAAKzC,IAGrB,OAAOwC,EAAG,OAAON,GAAM,MAAM,UAAU,MAAM,KAAKO,CAAI,CAAC,CAC3D,EAEAnE,GAAU,SAAUe,EAAG,CACnB,OAAO,gBAAgBf,IAAW,KAAK,EAAIe,EAAG,MAAQ,IAAIf,GAAQe,CAAC,CACvE,EAEAd,GAAmB,SAAUoC,EAASC,EAAYE,EAAW,CACzD,GAAI,CAAC,OAAO,cAAe,MAAM,IAAI,UAAU,sCAAsC,EACrF,IAAIa,EAAIb,EAAU,MAAMH,EAASC,GAAc,CAAC,CAAC,EAAGZ,EAAG4C,EAAI,CAAC,EAC5D,OAAO5C,EAAI,CAAC,EAAG4B,EAAK,MAAM,EAAGA,EAAK,OAAO,EAAGA,EAAK,QAAQ,EAAG5B,EAAE,OAAO,eAAiB,UAAY,CAAE,OAAO,IAAM,EAAGA,EACpH,SAAS4B,EAAK9B,EAAG,CAAM6B,EAAE7B,KAAIE,EAAEF,GAAK,SAAUT,EAAG,CAAE,OAAO,IAAI,QAAQ,SAAUgD,EAAG5C,EAAG,CAAEmD,EAAE,KAAK,CAAC9C,EAAGT,EAAGgD,EAAG5C,CAAC,CAAC,EAAI,GAAKoD,EAAO/C,EAAGT,CAAC,CAAG,CAAC,CAAG,EAAG,CACzI,SAASwD,EAAO/C,EAAGT,EAAG,CAAE,GAAI,CAAE+B,EAAKO,EAAE7B,GAAGT,CAAC,CAAC,CAAG,OAASU,EAAP,CAAY+C,EAAOF,EAAE,GAAG,GAAI7C,CAAC,CAAG,CAAE,CACjF,SAASqB,EAAKd,EAAG,CAAEA,EAAE,iBAAiBhC,GAAU,QAAQ,QAAQgC,EAAE,MAAM,CAAC,EAAE,KAAKyC,EAAS7B,CAAM,EAAI4B,EAAOF,EAAE,GAAG,GAAItC,CAAC,CAAI,CACxH,SAASyC,EAAQ/B,EAAO,CAAE6B,EAAO,OAAQ7B,CAAK,CAAG,CACjD,SAASE,EAAOF,EAAO,CAAE6B,EAAO,QAAS7B,CAAK,CAAG,CACjD,SAAS8B,EAAOrB,EAAGpC,EAAG,CAAMoC,EAAEpC,CAAC,EAAGuD,EAAE,MAAM,EAAGA,EAAE,QAAQC,EAAOD,EAAE,GAAG,GAAIA,EAAE,GAAG,EAAE,CAAG,CACrF,EAEApE,GAAmB,SAAUuD,EAAG,CAC5B,IAAI/B,EAAGN,EACP,OAAOM,EAAI,CAAC,EAAG4B,EAAK,MAAM,EAAGA,EAAK,QAAS,SAAU7B,EAAG,CAAE,MAAMA,CAAG,CAAC,EAAG6B,EAAK,QAAQ,EAAG5B,EAAE,OAAO,UAAY,UAAY,CAAE,OAAO,IAAM,EAAGA,EAC1I,SAAS4B,EAAK9B,EAAG2B,EAAG,CAAEzB,EAAEF,GAAKiC,EAAEjC,GAAK,SAAUT,EAAG,CAAE,OAAQK,EAAI,CAACA,GAAK,CAAE,MAAOpB,GAAQyD,EAAEjC,GAAGT,CAAC,CAAC,EAAG,KAAMS,IAAM,QAAS,EAAI2B,EAAIA,EAAEpC,CAAC,EAAIA,CAAG,EAAIoC,CAAG,CAClJ,EAEAhD,GAAgB,SAAUsD,EAAG,CACzB,GAAI,CAAC,OAAO,cAAe,MAAM,IAAI,UAAU,sCAAsC,EACrF,IAAID,EAAIC,EAAE,OAAO,eAAgB,EACjC,OAAOD,EAAIA,EAAE,KAAKC,CAAC,GAAKA,EAAI,OAAO9D,IAAa,WAAaA,GAAS8D,CAAC,EAAIA,EAAE,OAAO,UAAU,EAAG,EAAI,CAAC,EAAGH,EAAK,MAAM,EAAGA,EAAK,OAAO,EAAGA,EAAK,QAAQ,EAAG,EAAE,OAAO,eAAiB,UAAY,CAAE,OAAO,IAAM,EAAG,GAC9M,SAASA,EAAK9B,EAAG,CAAE,EAAEA,GAAKiC,EAAEjC,IAAM,SAAUT,EAAG,CAAE,OAAO,IAAI,QAAQ,SAAU4B,EAASC,EAAQ,CAAE7B,EAAI0C,EAAEjC,GAAGT,CAAC,EAAGyD,EAAO7B,EAASC,EAAQ7B,EAAE,KAAMA,EAAE,KAAK,CAAG,CAAC,CAAG,CAAG,CAC/J,SAASyD,EAAO7B,EAASC,EAAQ1B,EAAGH,EAAG,CAAE,QAAQ,QAAQA,CAAC,EAAE,KAAK,SAASA,EAAG,CAAE4B,EAAQ,CAAE,MAAO5B,EAAG,KAAMG,CAAE,CAAC,CAAG,EAAG0B,CAAM,CAAG,CAC/H,EAEAxC,GAAuB,SAAUsE,EAAQC,EAAK,CAC1C,OAAI,OAAO,eAAkB,OAAO,eAAeD,EAAQ,MAAO,CAAE,MAAOC,CAAI,CAAC,EAAYD,EAAO,IAAMC,EAClGD,CACX,EAEA,IAAIE,EAAqB,OAAO,OAAU,SAASnB,EAAG1C,EAAG,CACrD,OAAO,eAAe0C,EAAG,UAAW,CAAE,WAAY,GAAM,MAAO1C,CAAE,CAAC,CACtE,EAAK,SAAS0C,EAAG1C,EAAG,CAChB0C,EAAE,QAAa1C,CACnB,EAEAV,GAAe,SAAUwE,EAAK,CAC1B,GAAIA,GAAOA,EAAI,WAAY,OAAOA,EAClC,IAAI7B,EAAS,CAAC,EACd,GAAI6B,GAAO,KAAM,QAASnB,KAAKmB,EAASnB,IAAM,WAAa,OAAO,UAAU,eAAe,KAAKmB,EAAKnB,CAAC,GAAGjD,GAAgBuC,EAAQ6B,EAAKnB,CAAC,EACvI,OAAAkB,EAAmB5B,EAAQ6B,CAAG,EACvB7B,CACX,EAEA1C,GAAkB,SAAUuE,EAAK,CAC7B,OAAQA,GAAOA,EAAI,WAAcA,EAAM,CAAE,QAAWA,CAAI,CAC5D,EAEAtE,GAAyB,SAAUuE,EAAUC,EAAOC,EAAM7B,EAAG,CACzD,GAAI6B,IAAS,KAAO,CAAC7B,EAAG,MAAM,IAAI,UAAU,+CAA+C,EAC3F,GAAI,OAAO4B,GAAU,WAAaD,IAAaC,GAAS,CAAC5B,EAAI,CAAC4B,EAAM,IAAID,CAAQ,EAAG,MAAM,IAAI,UAAU,0EAA0E,EACjL,OAAOE,IAAS,IAAM7B,EAAI6B,IAAS,IAAM7B,EAAE,KAAK2B,CAAQ,EAAI3B,EAAIA,EAAE,MAAQ4B,EAAM,IAAID,CAAQ,CAChG,EAEAtE,GAAyB,SAAUsE,EAAUC,EAAOrC,EAAOsC,EAAM7B,EAAG,CAChE,GAAI6B,IAAS,IAAK,MAAM,IAAI,UAAU,gCAAgC,EACtE,GAAIA,IAAS,KAAO,CAAC7B,EAAG,MAAM,IAAI,UAAU,+CAA+C,EAC3F,GAAI,OAAO4B,GAAU,WAAaD,IAAaC,GAAS,CAAC5B,EAAI,CAAC4B,EAAM,IAAID,CAAQ,EAAG,MAAM,IAAI,UAAU,yEAAyE,EAChL,OAAQE,IAAS,IAAM7B,EAAE,KAAK2B,EAAUpC,CAAK,EAAIS,EAAIA,EAAE,MAAQT,EAAQqC,EAAM,IAAID,EAAUpC,CAAK,EAAIA,CACxG,EAEA1B,EAAS,YAAa9B,EAAS,EAC/B8B,EAAS,WAAY7B,EAAQ,EAC7B6B,EAAS,SAAU5B,EAAM,EACzB4B,EAAS,aAAc3B,EAAU,EACjC2B,EAAS,UAAW1B,EAAO,EAC3B0B,EAAS,aAAczB,EAAU,EACjCyB,EAAS,YAAaxB,EAAS,EAC/BwB,EAAS,cAAevB,EAAW,EACnCuB,EAAS,eAAgBtB,EAAY,EACrCsB,EAAS,kBAAmBP,EAAe,EAC3CO,EAAS,WAAYrB,EAAQ,EAC7BqB,EAAS,SAAUpB,EAAM,EACzBoB,EAAS,WAAYnB,EAAQ,EAC7BmB,EAAS,iBAAkBlB,EAAc,EACzCkB,EAAS,gBAAiBjB,EAAa,EACvCiB,EAAS,UAAWhB,EAAO,EAC3BgB,EAAS,mBAAoBf,EAAgB,EAC7Ce,EAAS,mBAAoBd,EAAgB,EAC7Cc,EAAS,gBAAiBb,EAAa,EACvCa,EAAS,uBAAwBZ,EAAoB,EACrDY,EAAS,eAAgBX,EAAY,EACrCW,EAAS,kBAAmBV,EAAe,EAC3CU,EAAS,yBAA0BT,EAAsB,EACzDS,EAAS,yBAA0BR,EAAsB,CAC7D,CAAC,ICjTD,IAAAyE,GAAAC,GAAA,CAAAC,GAAAC,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMC,SAA0CC,EAAMC,EAAS,CACtD,OAAOH,IAAY,UAAY,OAAOC,IAAW,SACnDA,GAAO,QAAUE,EAAQ,EAClB,OAAO,QAAW,YAAc,OAAO,IAC9C,OAAO,CAAC,EAAGA,CAAO,EACX,OAAOH,IAAY,SAC1BA,GAAQ,YAAiBG,EAAQ,EAEjCD,EAAK,YAAiBC,EAAQ,CAChC,GAAGH,GAAM,UAAW,CACpB,OAAiB,UAAW,CAClB,IAAII,EAAuB,CAE/B,IACC,SAASC,EAAyBC,EAAqBC,EAAqB,CAEnF,aAGAA,EAAoB,EAAED,EAAqB,CACzC,QAAW,UAAW,CAAE,OAAqBE,EAAW,CAC1D,CAAC,EAGD,IAAIC,EAAeF,EAAoB,GAAG,EACtCG,EAAoCH,EAAoB,EAAEE,CAAY,EAEtEE,EAASJ,EAAoB,GAAG,EAChCK,EAA8BL,EAAoB,EAAEI,CAAM,EAE1DE,EAAaN,EAAoB,GAAG,EACpCO,EAA8BP,EAAoB,EAAEM,CAAU,EAOlE,SAASE,EAAQC,EAAM,CACrB,GAAI,CACF,OAAO,SAAS,YAAYA,CAAI,CAClC,OAASC,EAAP,CACA,MAAO,EACT,CACF,CAUA,IAAIC,EAAqB,SAA4BC,EAAQ,CAC3D,IAAIC,EAAeN,EAAe,EAAEK,CAAM,EAC1C,OAAAJ,EAAQ,KAAK,EACNK,CACT,EAEiCC,EAAeH,EAOhD,SAASI,EAAkBC,EAAO,CAChC,IAAIC,EAAQ,SAAS,gBAAgB,aAAa,KAAK,IAAM,MACzDC,EAAc,SAAS,cAAc,UAAU,EAEnDA,EAAY,MAAM,SAAW,OAE7BA,EAAY,MAAM,OAAS,IAC3BA,EAAY,MAAM,QAAU,IAC5BA,EAAY,MAAM,OAAS,IAE3BA,EAAY,MAAM,SAAW,WAC7BA,EAAY,MAAMD,EAAQ,QAAU,QAAU,UAE9C,IAAIE,EAAY,OAAO,aAAe,SAAS,gBAAgB,UAC/D,OAAAD,EAAY,MAAM,IAAM,GAAG,OAAOC,EAAW,IAAI,EACjDD,EAAY,aAAa,WAAY,EAAE,EACvCA,EAAY,MAAQF,EACbE,CACT,CAYA,IAAIE,EAAiB,SAAwBJ,EAAOK,EAAS,CAC3D,IAAIH,EAAcH,EAAkBC,CAAK,EACzCK,EAAQ,UAAU,YAAYH,CAAW,EACzC,IAAIL,EAAeN,EAAe,EAAEW,CAAW,EAC/C,OAAAV,EAAQ,MAAM,EACdU,EAAY,OAAO,EACZL,CACT,EASIS,EAAsB,SAA6BV,EAAQ,CAC7D,IAAIS,EAAU,UAAU,OAAS,GAAK,UAAU,KAAO,OAAY,UAAU,GAAK,CAChF,UAAW,SAAS,IACtB,EACIR,EAAe,GAEnB,OAAI,OAAOD,GAAW,SACpBC,EAAeO,EAAeR,EAAQS,CAAO,EACpCT,aAAkB,kBAAoB,CAAC,CAAC,OAAQ,SAAU,MAAO,MAAO,UAAU,EAAE,SAASA,GAAW,KAA4B,OAASA,EAAO,IAAI,EAEjKC,EAAeO,EAAeR,EAAO,MAAOS,CAAO,GAEnDR,EAAeN,EAAe,EAAEK,CAAM,EACtCJ,EAAQ,MAAM,GAGTK,CACT,EAEiCU,EAAgBD,EAEjD,SAASE,EAAQC,EAAK,CAA6B,OAAI,OAAO,QAAW,YAAc,OAAO,OAAO,UAAa,SAAYD,EAAU,SAAiBC,EAAK,CAAE,OAAO,OAAOA,CAAK,EAAYD,EAAU,SAAiBC,EAAK,CAAE,OAAOA,GAAO,OAAO,QAAW,YAAcA,EAAI,cAAgB,QAAUA,IAAQ,OAAO,UAAY,SAAW,OAAOA,CAAK,EAAYD,EAAQC,CAAG,CAAG,CAUzX,IAAIC,GAAyB,UAAkC,CAC7D,IAAIL,EAAU,UAAU,OAAS,GAAK,UAAU,KAAO,OAAY,UAAU,GAAK,CAAC,EAE/EM,EAAkBN,EAAQ,OAC1BO,EAASD,IAAoB,OAAS,OAASA,EAC/CE,EAAYR,EAAQ,UACpBT,EAASS,EAAQ,OACjBS,GAAOT,EAAQ,KAEnB,GAAIO,IAAW,QAAUA,IAAW,MAClC,MAAM,IAAI,MAAM,oDAAoD,EAItE,GAAIhB,IAAW,OACb,GAAIA,GAAUY,EAAQZ,CAAM,IAAM,UAAYA,EAAO,WAAa,EAAG,CACnE,GAAIgB,IAAW,QAAUhB,EAAO,aAAa,UAAU,EACrD,MAAM,IAAI,MAAM,mFAAmF,EAGrG,GAAIgB,IAAW,QAAUhB,EAAO,aAAa,UAAU,GAAKA,EAAO,aAAa,UAAU,GACxF,MAAM,IAAI,MAAM,uGAAwG,CAE5H,KACE,OAAM,IAAI,MAAM,6CAA6C,EAKjE,GAAIkB,GACF,OAAOP,EAAaO,GAAM,CACxB,UAAWD,CACb,CAAC,EAIH,GAAIjB,EACF,OAAOgB,IAAW,MAAQd,EAAYF,CAAM,EAAIW,EAAaX,EAAQ,CACnE,UAAWiB,CACb,CAAC,CAEL,EAEiCE,GAAmBL,GAEpD,SAASM,GAAiBP,EAAK,CAA6B,OAAI,OAAO,QAAW,YAAc,OAAO,OAAO,UAAa,SAAYO,GAAmB,SAAiBP,EAAK,CAAE,OAAO,OAAOA,CAAK,EAAYO,GAAmB,SAAiBP,EAAK,CAAE,OAAOA,GAAO,OAAO,QAAW,YAAcA,EAAI,cAAgB,QAAUA,IAAQ,OAAO,UAAY,SAAW,OAAOA,CAAK,EAAYO,GAAiBP,CAAG,CAAG,CAE7Z,SAASQ,GAAgBC,EAAUC,EAAa,CAAE,GAAI,EAAED,aAAoBC,GAAgB,MAAM,IAAI,UAAU,mCAAmC,CAAK,CAExJ,SAASC,GAAkBxB,EAAQyB,EAAO,CAAE,QAASC,EAAI,EAAGA,EAAID,EAAM,OAAQC,IAAK,CAAE,IAAIC,EAAaF,EAAMC,GAAIC,EAAW,WAAaA,EAAW,YAAc,GAAOA,EAAW,aAAe,GAAU,UAAWA,IAAYA,EAAW,SAAW,IAAM,OAAO,eAAe3B,EAAQ2B,EAAW,IAAKA,CAAU,CAAG,CAAE,CAE5T,SAASC,GAAaL,EAAaM,EAAYC,EAAa,CAAE,OAAID,GAAYL,GAAkBD,EAAY,UAAWM,CAAU,EAAOC,GAAaN,GAAkBD,EAAaO,CAAW,EAAUP,CAAa,CAEtN,SAASQ,GAAUC,EAAUC,EAAY,CAAE,GAAI,OAAOA,GAAe,YAAcA,IAAe,KAAQ,MAAM,IAAI,UAAU,oDAAoD,EAAKD,EAAS,UAAY,OAAO,OAAOC,GAAcA,EAAW,UAAW,CAAE,YAAa,CAAE,MAAOD,EAAU,SAAU,GAAM,aAAc,EAAK,CAAE,CAAC,EAAOC,GAAYC,GAAgBF,EAAUC,CAAU,CAAG,CAEhY,SAASC,GAAgBC,EAAGC,EAAG,CAAE,OAAAF,GAAkB,OAAO,gBAAkB,SAAyBC,EAAGC,EAAG,CAAE,OAAAD,EAAE,UAAYC,EAAUD,CAAG,EAAUD,GAAgBC,EAAGC,CAAC,CAAG,CAEzK,SAASC,GAAaC,EAAS,CAAE,IAAIC,EAA4BC,GAA0B,EAAG,OAAO,UAAgC,CAAE,IAAIC,EAAQC,GAAgBJ,CAAO,EAAGK,EAAQ,GAAIJ,EAA2B,CAAE,IAAIK,EAAYF,GAAgB,IAAI,EAAE,YAAaC,EAAS,QAAQ,UAAUF,EAAO,UAAWG,CAAS,CAAG,MAASD,EAASF,EAAM,MAAM,KAAM,SAAS,EAAK,OAAOI,GAA2B,KAAMF,CAAM,CAAG,CAAG,CAExa,SAASE,GAA2BC,EAAMC,EAAM,CAAE,OAAIA,IAAS3B,GAAiB2B,CAAI,IAAM,UAAY,OAAOA,GAAS,YAAsBA,EAAeC,GAAuBF,CAAI,CAAG,CAEzL,SAASE,GAAuBF,EAAM,CAAE,GAAIA,IAAS,OAAU,MAAM,IAAI,eAAe,2DAA2D,EAAK,OAAOA,CAAM,CAErK,SAASN,IAA4B,CAA0E,GAApE,OAAO,SAAY,aAAe,CAAC,QAAQ,WAA6B,QAAQ,UAAU,KAAM,MAAO,GAAO,GAAI,OAAO,OAAU,WAAY,MAAO,GAAM,GAAI,CAAE,YAAK,UAAU,SAAS,KAAK,QAAQ,UAAU,KAAM,CAAC,EAAG,UAAY,CAAC,CAAC,CAAC,EAAU,EAAM,OAASS,EAAP,CAAY,MAAO,EAAO,CAAE,CAEnU,SAASP,GAAgBP,EAAG,CAAE,OAAAO,GAAkB,OAAO,eAAiB,OAAO,eAAiB,SAAyBP,EAAG,CAAE,OAAOA,EAAE,WAAa,OAAO,eAAeA,CAAC,CAAG,EAAUO,GAAgBP,CAAC,CAAG,CAa5M,SAASe,GAAkBC,EAAQC,EAAS,CAC1C,IAAIC,EAAY,kBAAkB,OAAOF,CAAM,EAE/C,GAAI,EAACC,EAAQ,aAAaC,CAAS,EAInC,OAAOD,EAAQ,aAAaC,CAAS,CACvC,CAOA,IAAIC,GAAyB,SAAUC,EAAU,CAC/CxB,GAAUuB,EAAWC,CAAQ,EAE7B,IAAIC,EAASnB,GAAaiB,CAAS,EAMnC,SAASA,EAAUG,EAAShD,EAAS,CACnC,IAAIiD,EAEJ,OAAArC,GAAgB,KAAMiC,CAAS,EAE/BI,EAAQF,EAAO,KAAK,IAAI,EAExBE,EAAM,eAAejD,CAAO,EAE5BiD,EAAM,YAAYD,CAAO,EAElBC,CACT,CAQA,OAAA9B,GAAa0B,EAAW,CAAC,CACvB,IAAK,iBACL,MAAO,UAA0B,CAC/B,IAAI7C,EAAU,UAAU,OAAS,GAAK,UAAU,KAAO,OAAY,UAAU,GAAK,CAAC,EACnF,KAAK,OAAS,OAAOA,EAAQ,QAAW,WAAaA,EAAQ,OAAS,KAAK,cAC3E,KAAK,OAAS,OAAOA,EAAQ,QAAW,WAAaA,EAAQ,OAAS,KAAK,cAC3E,KAAK,KAAO,OAAOA,EAAQ,MAAS,WAAaA,EAAQ,KAAO,KAAK,YACrE,KAAK,UAAYW,GAAiBX,EAAQ,SAAS,IAAM,SAAWA,EAAQ,UAAY,SAAS,IACnG,CAMF,EAAG,CACD,IAAK,cACL,MAAO,SAAqBgD,EAAS,CACnC,IAAIE,EAAS,KAEb,KAAK,SAAWlE,EAAe,EAAEgE,EAAS,QAAS,SAAUR,GAAG,CAC9D,OAAOU,EAAO,QAAQV,EAAC,CACzB,CAAC,CACH,CAMF,EAAG,CACD,IAAK,UACL,MAAO,SAAiBA,EAAG,CACzB,IAAIQ,EAAUR,EAAE,gBAAkBA,EAAE,cAChCjC,GAAS,KAAK,OAAOyC,CAAO,GAAK,OACjCvC,GAAOC,GAAgB,CACzB,OAAQH,GACR,UAAW,KAAK,UAChB,OAAQ,KAAK,OAAOyC,CAAO,EAC3B,KAAM,KAAK,KAAKA,CAAO,CACzB,CAAC,EAED,KAAK,KAAKvC,GAAO,UAAY,QAAS,CACpC,OAAQF,GACR,KAAME,GACN,QAASuC,EACT,eAAgB,UAA0B,CACpCA,GACFA,EAAQ,MAAM,EAGhB,OAAO,aAAa,EAAE,gBAAgB,CACxC,CACF,CAAC,CACH,CAMF,EAAG,CACD,IAAK,gBACL,MAAO,SAAuBA,EAAS,CACrC,OAAOP,GAAkB,SAAUO,CAAO,CAC5C,CAMF,EAAG,CACD,IAAK,gBACL,MAAO,SAAuBA,EAAS,CACrC,IAAIG,EAAWV,GAAkB,SAAUO,CAAO,EAElD,GAAIG,EACF,OAAO,SAAS,cAAcA,CAAQ,CAE1C,CAQF,EAAG,CACD,IAAK,cAML,MAAO,SAAqBH,EAAS,CACnC,OAAOP,GAAkB,OAAQO,CAAO,CAC1C,CAKF,EAAG,CACD,IAAK,UACL,MAAO,UAAmB,CACxB,KAAK,SAAS,QAAQ,CACxB,CACF,CAAC,EAAG,CAAC,CACH,IAAK,OACL,MAAO,SAAczD,EAAQ,CAC3B,IAAIS,EAAU,UAAU,OAAS,GAAK,UAAU,KAAO,OAAY,UAAU,GAAK,CAChF,UAAW,SAAS,IACtB,EACA,OAAOE,EAAaX,EAAQS,CAAO,CACrC,CAOF,EAAG,CACD,IAAK,MACL,MAAO,SAAaT,EAAQ,CAC1B,OAAOE,EAAYF,CAAM,CAC3B,CAOF,EAAG,CACD,IAAK,cACL,MAAO,UAAuB,CAC5B,IAAIgB,EAAS,UAAU,OAAS,GAAK,UAAU,KAAO,OAAY,UAAU,GAAK,CAAC,OAAQ,KAAK,EAC3F6C,EAAU,OAAO7C,GAAW,SAAW,CAACA,CAAM,EAAIA,EAClD8C,GAAU,CAAC,CAAC,SAAS,sBACzB,OAAAD,EAAQ,QAAQ,SAAU7C,GAAQ,CAChC8C,GAAUA,IAAW,CAAC,CAAC,SAAS,sBAAsB9C,EAAM,CAC9D,CAAC,EACM8C,EACT,CACF,CAAC,CAAC,EAEKR,CACT,EAAG/D,EAAqB,CAAE,EAEOF,GAAaiE,EAExC,EAEA,IACC,SAASxE,EAAQ,CAExB,IAAIiF,EAAqB,EAKzB,GAAI,OAAO,SAAY,aAAe,CAAC,QAAQ,UAAU,QAAS,CAC9D,IAAIC,EAAQ,QAAQ,UAEpBA,EAAM,QAAUA,EAAM,iBACNA,EAAM,oBACNA,EAAM,mBACNA,EAAM,kBACNA,EAAM,qBAC1B,CASA,SAASC,EAASb,EAASQ,EAAU,CACjC,KAAOR,GAAWA,EAAQ,WAAaW,GAAoB,CACvD,GAAI,OAAOX,EAAQ,SAAY,YAC3BA,EAAQ,QAAQQ,CAAQ,EAC1B,OAAOR,EAETA,EAAUA,EAAQ,UACtB,CACJ,CAEAtE,EAAO,QAAUmF,CAGX,EAEA,IACC,SAASnF,EAAQoF,EAA0B9E,EAAqB,CAEvE,IAAI6E,EAAU7E,EAAoB,GAAG,EAYrC,SAAS+E,EAAUf,EAASQ,EAAU/D,EAAMuE,EAAUC,EAAY,CAC9D,IAAIC,EAAaC,EAAS,MAAM,KAAM,SAAS,EAE/C,OAAAnB,EAAQ,iBAAiBvD,EAAMyE,EAAYD,CAAU,EAE9C,CACH,QAAS,UAAW,CAChBjB,EAAQ,oBAAoBvD,EAAMyE,EAAYD,CAAU,CAC5D,CACJ,CACJ,CAYA,SAASG,EAASC,EAAUb,EAAU/D,EAAMuE,EAAUC,EAAY,CAE9D,OAAI,OAAOI,EAAS,kBAAqB,WAC9BN,EAAU,MAAM,KAAM,SAAS,EAItC,OAAOtE,GAAS,WAGTsE,EAAU,KAAK,KAAM,QAAQ,EAAE,MAAM,KAAM,SAAS,GAI3D,OAAOM,GAAa,WACpBA,EAAW,SAAS,iBAAiBA,CAAQ,GAI1C,MAAM,UAAU,IAAI,KAAKA,EAAU,SAAUrB,EAAS,CACzD,OAAOe,EAAUf,EAASQ,EAAU/D,EAAMuE,EAAUC,CAAU,CAClE,CAAC,EACL,CAWA,SAASE,EAASnB,EAASQ,EAAU/D,EAAMuE,EAAU,CACjD,OAAO,SAASnB,EAAG,CACfA,EAAE,eAAiBgB,EAAQhB,EAAE,OAAQW,CAAQ,EAEzCX,EAAE,gBACFmB,EAAS,KAAKhB,EAASH,CAAC,CAEhC,CACJ,CAEAnE,EAAO,QAAU0F,CAGX,EAEA,IACC,SAAStF,EAAyBL,EAAS,CAQlDA,EAAQ,KAAO,SAASuB,EAAO,CAC3B,OAAOA,IAAU,QACVA,aAAiB,aACjBA,EAAM,WAAa,CAC9B,EAQAvB,EAAQ,SAAW,SAASuB,EAAO,CAC/B,IAAIP,EAAO,OAAO,UAAU,SAAS,KAAKO,CAAK,EAE/C,OAAOA,IAAU,SACTP,IAAS,qBAAuBA,IAAS,4BACzC,WAAYO,IACZA,EAAM,SAAW,GAAKvB,EAAQ,KAAKuB,EAAM,EAAE,EACvD,EAQAvB,EAAQ,OAAS,SAASuB,EAAO,CAC7B,OAAO,OAAOA,GAAU,UACjBA,aAAiB,MAC5B,EAQAvB,EAAQ,GAAK,SAASuB,EAAO,CACzB,IAAIP,EAAO,OAAO,UAAU,SAAS,KAAKO,CAAK,EAE/C,OAAOP,IAAS,mBACpB,CAGM,EAEA,IACC,SAASf,EAAQoF,EAA0B9E,EAAqB,CAEvE,IAAIsF,EAAKtF,EAAoB,GAAG,EAC5BoF,EAAWpF,EAAoB,GAAG,EAWtC,SAASI,EAAOQ,EAAQH,EAAMuE,EAAU,CACpC,GAAI,CAACpE,GAAU,CAACH,GAAQ,CAACuE,EACrB,MAAM,IAAI,MAAM,4BAA4B,EAGhD,GAAI,CAACM,EAAG,OAAO7E,CAAI,EACf,MAAM,IAAI,UAAU,kCAAkC,EAG1D,GAAI,CAAC6E,EAAG,GAAGN,CAAQ,EACf,MAAM,IAAI,UAAU,mCAAmC,EAG3D,GAAIM,EAAG,KAAK1E,CAAM,EACd,OAAO2E,EAAW3E,EAAQH,EAAMuE,CAAQ,EAEvC,GAAIM,EAAG,SAAS1E,CAAM,EACvB,OAAO4E,EAAe5E,EAAQH,EAAMuE,CAAQ,EAE3C,GAAIM,EAAG,OAAO1E,CAAM,EACrB,OAAO6E,EAAe7E,EAAQH,EAAMuE,CAAQ,EAG5C,MAAM,IAAI,UAAU,2EAA2E,CAEvG,CAWA,SAASO,EAAWG,EAAMjF,EAAMuE,EAAU,CACtC,OAAAU,EAAK,iBAAiBjF,EAAMuE,CAAQ,EAE7B,CACH,QAAS,UAAW,CAChBU,EAAK,oBAAoBjF,EAAMuE,CAAQ,CAC3C,CACJ,CACJ,CAWA,SAASQ,EAAeG,EAAUlF,EAAMuE,EAAU,CAC9C,aAAM,UAAU,QAAQ,KAAKW,EAAU,SAASD,EAAM,CAClDA,EAAK,iBAAiBjF,EAAMuE,CAAQ,CACxC,CAAC,EAEM,CACH,QAAS,UAAW,CAChB,MAAM,UAAU,QAAQ,KAAKW,EAAU,SAASD,EAAM,CAClDA,EAAK,oBAAoBjF,EAAMuE,CAAQ,CAC3C,CAAC,CACL,CACJ,CACJ,CAWA,SAASS,EAAejB,EAAU/D,EAAMuE,EAAU,CAC9C,OAAOI,EAAS,SAAS,KAAMZ,EAAU/D,EAAMuE,CAAQ,CAC3D,CAEAtF,EAAO,QAAUU,CAGX,EAEA,IACC,SAASV,EAAQ,CAExB,SAASkG,EAAO5B,EAAS,CACrB,IAAInD,EAEJ,GAAImD,EAAQ,WAAa,SACrBA,EAAQ,MAAM,EAEdnD,EAAemD,EAAQ,cAElBA,EAAQ,WAAa,SAAWA,EAAQ,WAAa,WAAY,CACtE,IAAI6B,EAAa7B,EAAQ,aAAa,UAAU,EAE3C6B,GACD7B,EAAQ,aAAa,WAAY,EAAE,EAGvCA,EAAQ,OAAO,EACfA,EAAQ,kBAAkB,EAAGA,EAAQ,MAAM,MAAM,EAE5C6B,GACD7B,EAAQ,gBAAgB,UAAU,EAGtCnD,EAAemD,EAAQ,KAC3B,KACK,CACGA,EAAQ,aAAa,iBAAiB,GACtCA,EAAQ,MAAM,EAGlB,IAAI8B,EAAY,OAAO,aAAa,EAChCC,EAAQ,SAAS,YAAY,EAEjCA,EAAM,mBAAmB/B,CAAO,EAChC8B,EAAU,gBAAgB,EAC1BA,EAAU,SAASC,CAAK,EAExBlF,EAAeiF,EAAU,SAAS,CACtC,CAEA,OAAOjF,CACX,CAEAnB,EAAO,QAAUkG,CAGX,EAEA,IACC,SAASlG,EAAQ,CAExB,SAASsG,GAAK,CAGd,CAEAA,EAAE,UAAY,CACZ,GAAI,SAAUC,EAAMjB,EAAUkB,EAAK,CACjC,IAAIrC,EAAI,KAAK,IAAM,KAAK,EAAI,CAAC,GAE7B,OAACA,EAAEoC,KAAUpC,EAAEoC,GAAQ,CAAC,IAAI,KAAK,CAC/B,GAAIjB,EACJ,IAAKkB,CACP,CAAC,EAEM,IACT,EAEA,KAAM,SAAUD,EAAMjB,EAAUkB,EAAK,CACnC,IAAIxC,EAAO,KACX,SAASyB,GAAY,CACnBzB,EAAK,IAAIuC,EAAMd,CAAQ,EACvBH,EAAS,MAAMkB,EAAK,SAAS,CAC/B,CAEA,OAAAf,EAAS,EAAIH,EACN,KAAK,GAAGiB,EAAMd,EAAUe,CAAG,CACpC,EAEA,KAAM,SAAUD,EAAM,CACpB,IAAIE,EAAO,CAAC,EAAE,MAAM,KAAK,UAAW,CAAC,EACjCC,IAAW,KAAK,IAAM,KAAK,EAAI,CAAC,IAAIH,IAAS,CAAC,GAAG,MAAM,EACvD3D,EAAI,EACJ+D,EAAMD,EAAO,OAEjB,IAAK9D,EAAGA,EAAI+D,EAAK/D,IACf8D,EAAO9D,GAAG,GAAG,MAAM8D,EAAO9D,GAAG,IAAK6D,CAAI,EAGxC,OAAO,IACT,EAEA,IAAK,SAAUF,EAAMjB,EAAU,CAC7B,IAAInB,EAAI,KAAK,IAAM,KAAK,EAAI,CAAC,GACzByC,EAAOzC,EAAEoC,GACTM,EAAa,CAAC,EAElB,GAAID,GAAQtB,EACV,QAAS1C,EAAI,EAAG+D,EAAMC,EAAK,OAAQhE,EAAI+D,EAAK/D,IACtCgE,EAAKhE,GAAG,KAAO0C,GAAYsB,EAAKhE,GAAG,GAAG,IAAM0C,GAC9CuB,EAAW,KAAKD,EAAKhE,EAAE,EAQ7B,OAACiE,EAAW,OACR1C,EAAEoC,GAAQM,EACV,OAAO1C,EAAEoC,GAEN,IACT,CACF,EAEAvG,EAAO,QAAUsG,EACjBtG,EAAO,QAAQ,YAAcsG,CAGvB,CAEI,EAGIQ,EAA2B,CAAC,EAGhC,SAASxG,EAAoByG,EAAU,CAEtC,GAAGD,EAAyBC,GAC3B,OAAOD,EAAyBC,GAAU,QAG3C,IAAI/G,EAAS8G,EAAyBC,GAAY,CAGjD,QAAS,CAAC,CACX,EAGA,OAAA5G,EAAoB4G,GAAU/G,EAAQA,EAAO,QAASM,CAAmB,EAGlEN,EAAO,OACf,CAIA,OAAC,UAAW,CAEXM,EAAoB,EAAI,SAASN,EAAQ,CACxC,IAAIgH,EAAShH,GAAUA,EAAO,WAC7B,UAAW,CAAE,OAAOA,EAAO,OAAY,EACvC,UAAW,CAAE,OAAOA,CAAQ,EAC7B,OAAAM,EAAoB,EAAE0G,EAAQ,CAAE,EAAGA,CAAO,CAAC,EACpCA,CACR,CACD,EAAE,EAGD,UAAW,CAEX1G,EAAoB,EAAI,SAASP,EAASkH,EAAY,CACrD,QAAQC,KAAOD,EACX3G,EAAoB,EAAE2G,EAAYC,CAAG,GAAK,CAAC5G,EAAoB,EAAEP,EAASmH,CAAG,GAC/E,OAAO,eAAenH,EAASmH,EAAK,CAAE,WAAY,GAAM,IAAKD,EAAWC,EAAK,CAAC,CAGjF,CACD,EAAE,EAGD,UAAW,CACX5G,EAAoB,EAAI,SAASyB,EAAKoF,EAAM,CAAE,OAAO,OAAO,UAAU,eAAe,KAAKpF,EAAKoF,CAAI,CAAG,CACvG,EAAE,EAMK7G,EAAoB,GAAG,CAC/B,EAAG,EACX,OACD,CAAC,ICz3BD,IAAA8G,GAAAC,GAAA,CAAAC,GAAAC,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAeA,IAAIC,GAAkB,UAOtBD,GAAO,QAAUE,GAUjB,SAASA,GAAWC,EAAQ,CAC1B,IAAIC,EAAM,GAAKD,EACXE,EAAQJ,GAAgB,KAAKG,CAAG,EAEpC,GAAI,CAACC,EACH,OAAOD,EAGT,IAAIE,EACAC,EAAO,GACPC,EAAQ,EACRC,EAAY,EAEhB,IAAKD,EAAQH,EAAM,MAAOG,EAAQJ,EAAI,OAAQI,IAAS,CACrD,OAAQJ,EAAI,WAAWI,CAAK,EAAG,CAC7B,IAAK,IACHF,EAAS,SACT,MACF,IAAK,IACHA,EAAS,QACT,MACF,IAAK,IACHA,EAAS,QACT,MACF,IAAK,IACHA,EAAS,OACT,MACF,IAAK,IACHA,EAAS,OACT,MACF,QACE,QACJ,CAEIG,IAAcD,IAChBD,GAAQH,EAAI,UAAUK,EAAWD,CAAK,GAGxCC,EAAYD,EAAQ,EACpBD,GAAQD,CACV,CAEA,OAAOG,IAAcD,EACjBD,EAAOH,EAAI,UAAUK,EAAWD,CAAK,EACrCD,CACN,IC7EA,MAAM,UAAU,MAAM,OAAO,eAAe,MAAM,UAAU,OAAO,CAAC,aAAa,GAAG,MAAM,SAASG,GAAG,CAAC,IAAI,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,OAAO,UAAU,EAAE,EAAE,OAAO,EAAE,MAAM,UAAU,OAAO,KAAK,KAAK,SAASC,EAAEC,EAAE,CAAC,OAAO,MAAM,QAAQA,CAAC,EAAED,EAAE,KAAK,MAAMA,EAAED,EAAE,KAAKE,EAAE,EAAE,CAAC,CAAC,EAAED,EAAE,KAAKC,CAAC,EAAED,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,UAAU,MAAM,KAAK,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,UAAU,SAAS,OAAO,eAAe,MAAM,UAAU,UAAU,CAAC,aAAa,GAAG,MAAM,SAASD,EAAE,CAAC,OAAO,MAAM,UAAU,IAAI,MAAM,KAAK,SAAS,EAAE,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC,ECuBxf,IAAAG,GAAO,SCvBP,KAAK,QAAQ,KAAK,MAAM,SAAS,EAAEC,EAAE,CAAC,OAAOA,EAAEA,GAAG,CAAC,EAAE,IAAI,QAAQ,SAASC,EAAEC,EAAE,CAAC,IAAIC,EAAE,IAAI,eAAeC,EAAE,CAAC,EAAEC,EAAE,CAAC,EAAEC,EAAE,CAAC,EAAEC,EAAE,UAAU,CAAC,MAAM,CAAC,IAAOJ,EAAE,OAAO,IAAI,IAAjB,EAAoB,WAAWA,EAAE,WAAW,OAAOA,EAAE,OAAO,IAAIA,EAAE,YAAY,KAAK,UAAU,CAAC,OAAO,QAAQ,QAAQA,EAAE,YAAY,CAAC,EAAE,KAAK,UAAU,CAAC,OAAO,QAAQ,QAAQA,EAAE,YAAY,EAAE,KAAK,KAAK,KAAK,CAAC,EAAE,KAAK,UAAU,CAAC,OAAO,QAAQ,QAAQ,IAAI,KAAK,CAACA,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAMI,EAAE,QAAQ,CAAC,KAAK,UAAU,CAAC,OAAOH,CAAC,EAAE,QAAQ,UAAU,CAAC,OAAOC,CAAC,EAAE,IAAI,SAASG,EAAE,CAAC,OAAOF,EAAEE,EAAE,YAAY,EAAE,EAAE,IAAI,SAASA,EAAE,CAAC,OAAOA,EAAE,YAAY,IAAIF,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQG,KAAKN,EAAE,KAAKH,EAAE,QAAQ,MAAM,EAAE,EAAE,EAAEG,EAAE,OAAO,UAAU,CAACA,EAAE,sBAAsB,EAAE,QAAQ,+BAA+B,SAASK,EAAER,EAAEC,EAAE,CAACG,EAAE,KAAKJ,EAAEA,EAAE,YAAY,CAAC,EAAEK,EAAE,KAAK,CAACL,EAAEC,CAAC,CAAC,EAAEK,EAAEN,GAAGM,EAAEN,GAAGM,EAAEN,GAAG,IAAIC,EAAEA,CAAC,CAAC,EAAEA,EAAEM,EAAE,CAAC,CAAC,EAAEJ,EAAE,QAAQD,EAAEC,EAAE,gBAA2BH,EAAE,aAAb,UAAyBA,EAAE,QAAQG,EAAE,iBAAiBM,EAAET,EAAE,QAAQS,EAAE,EAAEN,EAAE,KAAKH,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,GDyBj5B,IAAAU,GAAO,SEzBP,IAAAC,GAAkB,WACZ,CACF,UAAAC,GACA,SAAAC,GACA,OAAAC,GACA,WAAAC,GACA,QAAAC,GACA,WAAAC,GACA,UAAAC,GACA,YAAAC,GACA,aAAAC,GACA,gBAAAC,GACA,SAAAC,GACA,OAAAC,EACA,SAAAC,GACA,eAAAC,GACA,cAAAC,EACA,QAAAC,GACA,iBAAAC,GACA,iBAAAC,GACA,cAAAC,GACA,qBAAAC,GACA,aAAAC,GACA,gBAAAC,GACA,uBAAAC,GACA,uBAAAC,EACJ,EAAI,GAAAC,QCtBE,SAAUC,EAAWC,EAAU,CACnC,OAAO,OAAOA,GAAU,UAC1B,CCGM,SAAUC,GAAoBC,EAAgC,CAClE,IAAMC,EAAS,SAACC,EAAa,CAC3B,MAAM,KAAKA,CAAQ,EACnBA,EAAS,MAAQ,IAAI,MAAK,EAAG,KAC/B,EAEMC,EAAWH,EAAWC,CAAM,EAClC,OAAAE,EAAS,UAAY,OAAO,OAAO,MAAM,SAAS,EAClDA,EAAS,UAAU,YAAcA,EAC1BA,CACT,CCDO,IAAMC,GAA+CC,GAC1D,SAACC,EAAM,CACL,OAAA,SAA4CC,EAA0B,CACpED,EAAO,IAAI,EACX,KAAK,QAAUC,EACRA,EAAO,OAAM;EACxBA,EAAO,IAAI,SAACC,EAAKC,EAAC,CAAK,OAAGA,EAAI,EAAC,KAAKD,EAAI,SAAQ,CAAzB,CAA6B,EAAE,KAAK;GAAM,EACzD,GACJ,KAAK,KAAO,sBACZ,KAAK,OAASD,CAChB,CARA,CAQC,ECvBC,SAAUG,GAAaC,EAA6BC,EAAO,CAC/D,GAAID,EAAK,CACP,IAAME,EAAQF,EAAI,QAAQC,CAAI,EAC9B,GAAKC,GAASF,EAAI,OAAOE,EAAO,CAAC,EAErC,CCOA,IAAAC,GAAA,UAAA,CAyBE,SAAAA,EAAoBC,EAA4B,CAA5B,KAAA,gBAAAA,EAdb,KAAA,OAAS,GAER,KAAA,WAAmD,KAMnD,KAAA,YAAqD,IAMV,CAQnD,OAAAD,EAAA,UAAA,YAAA,UAAA,aACME,EAEJ,GAAI,CAAC,KAAK,OAAQ,CAChB,KAAK,OAAS,GAGN,IAAAC,EAAe,KAAI,WAC3B,GAAIA,EAEF,GADA,KAAK,WAAa,KACd,MAAM,QAAQA,CAAU,MAC1B,QAAqBC,EAAAC,GAAAF,CAAU,EAAAG,EAAAF,EAAA,KAAA,EAAA,CAAAE,EAAA,KAAAA,EAAAF,EAAA,KAAA,EAAE,CAA5B,IAAMG,EAAMD,EAAA,MACfC,EAAO,OAAO,IAAI,yGAGpBJ,EAAW,OAAO,IAAI,EAIlB,IAAiBK,EAAqB,KAAI,gBAClD,GAAIC,EAAWD,CAAgB,EAC7B,GAAI,CACFA,EAAgB,QACTE,EAAP,CACAR,EAASQ,aAAaC,GAAsBD,EAAE,OAAS,CAACA,CAAC,EAIrD,IAAAE,EAAgB,KAAI,YAC5B,GAAIA,EAAa,CACf,KAAK,YAAc,SACnB,QAAwBC,EAAAR,GAAAO,CAAW,EAAAE,EAAAD,EAAA,KAAA,EAAA,CAAAC,EAAA,KAAAA,EAAAD,EAAA,KAAA,EAAE,CAAhC,IAAME,EAASD,EAAA,MAClB,GAAI,CACFE,GAAcD,CAAS,QAChBE,EAAP,CACAf,EAASA,GAAM,KAANA,EAAU,CAAA,EACfe,aAAeN,GACjBT,EAAMgB,EAAAA,EAAA,CAAA,EAAAC,EAAOjB,CAAM,CAAA,EAAAiB,EAAKF,EAAI,MAAM,CAAA,EAElCf,EAAO,KAAKe,CAAG,sGAMvB,GAAIf,EACF,MAAM,IAAIS,GAAoBT,CAAM,EAG1C,EAoBAF,EAAA,UAAA,IAAA,SAAIoB,EAAuB,OAGzB,GAAIA,GAAYA,IAAa,KAC3B,GAAI,KAAK,OAGPJ,GAAcI,CAAQ,MACjB,CACL,GAAIA,aAAoBpB,EAAc,CAGpC,GAAIoB,EAAS,QAAUA,EAAS,WAAW,IAAI,EAC7C,OAEFA,EAAS,WAAW,IAAI,GAEzB,KAAK,aAAcC,EAAA,KAAK,eAAW,MAAAA,IAAA,OAAAA,EAAI,CAAA,GAAI,KAAKD,CAAQ,EAG/D,EAOQpB,EAAA,UAAA,WAAR,SAAmBsB,EAAoB,CAC7B,IAAAnB,EAAe,KAAI,WAC3B,OAAOA,IAAemB,GAAW,MAAM,QAAQnB,CAAU,GAAKA,EAAW,SAASmB,CAAM,CAC1F,EASQtB,EAAA,UAAA,WAAR,SAAmBsB,EAAoB,CAC7B,IAAAnB,EAAe,KAAI,WAC3B,KAAK,WAAa,MAAM,QAAQA,CAAU,GAAKA,EAAW,KAAKmB,CAAM,EAAGnB,GAAcA,EAAa,CAACA,EAAYmB,CAAM,EAAIA,CAC5H,EAMQtB,EAAA,UAAA,cAAR,SAAsBsB,EAAoB,CAChC,IAAAnB,EAAe,KAAI,WACvBA,IAAemB,EACjB,KAAK,WAAa,KACT,MAAM,QAAQnB,CAAU,GACjCoB,GAAUpB,EAAYmB,CAAM,CAEhC,EAgBAtB,EAAA,UAAA,OAAA,SAAOoB,EAAsC,CACnC,IAAAR,EAAgB,KAAI,YAC5BA,GAAeW,GAAUX,EAAaQ,CAAQ,EAE1CA,aAAoBpB,GACtBoB,EAAS,cAAc,IAAI,CAE/B,EAlLcpB,EAAA,MAAS,UAAA,CACrB,IAAMwB,EAAQ,IAAIxB,EAClB,OAAAwB,EAAM,OAAS,GACRA,CACT,EAAE,EA+KJxB,GArLA,EAuLO,IAAMyB,GAAqBC,GAAa,MAEzC,SAAUC,GAAeC,EAAU,CACvC,OACEA,aAAiBF,IAChBE,GAAS,WAAYA,GAASC,EAAWD,EAAM,MAAM,GAAKC,EAAWD,EAAM,GAAG,GAAKC,EAAWD,EAAM,WAAW,CAEpH,CAEA,SAASE,GAAcC,EAAwC,CACzDF,EAAWE,CAAS,EACtBA,EAAS,EAETA,EAAU,YAAW,CAEzB,CChNO,IAAMC,GAAuB,CAClC,iBAAkB,KAClB,sBAAuB,KACvB,QAAS,OACT,sCAAuC,GACvC,yBAA0B,ICGrB,IAAMC,GAAmC,CAG9C,WAAA,SAAWC,EAAqBC,EAAgB,SAAEC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,EAAA,GAAA,UAAAA,GACxC,IAAAC,EAAaL,GAAe,SACpC,OAAIK,GAAQ,MAARA,EAAU,WACLA,EAAS,WAAU,MAAnBA,EAAQC,EAAA,CAAYL,EAASC,CAAO,EAAAK,EAAKJ,CAAI,CAAA,CAAA,EAE/C,WAAU,MAAA,OAAAG,EAAA,CAACL,EAASC,CAAO,EAAAK,EAAKJ,CAAI,CAAA,CAAA,CAC7C,EACA,aAAA,SAAaK,EAAM,CACT,IAAAH,EAAaL,GAAe,SACpC,QAAQK,GAAQ,KAAA,OAARA,EAAU,eAAgB,cAAcG,CAAa,CAC/D,EACA,SAAU,QCjBN,SAAUC,GAAqBC,EAAQ,CAC3CC,GAAgB,WAAW,UAAA,CACjB,IAAAC,EAAqBC,GAAM,iBACnC,GAAID,EAEFA,EAAiBF,CAAG,MAGpB,OAAMA,CAEV,CAAC,CACH,CCtBM,SAAUI,IAAI,CAAK,CCMlB,IAAMC,GAAyB,UAAA,CAAM,OAAAC,GAAmB,IAAK,OAAW,MAAS,CAA5C,EAAsE,EAO5G,SAAUC,GAAkBC,EAAU,CAC1C,OAAOF,GAAmB,IAAK,OAAWE,CAAK,CACjD,CAOM,SAAUC,GAAoBC,EAAQ,CAC1C,OAAOJ,GAAmB,IAAKI,EAAO,MAAS,CACjD,CAQM,SAAUJ,GAAmBK,EAAuBD,EAAYF,EAAU,CAC9E,MAAO,CACL,KAAIG,EACJ,MAAKD,EACL,MAAKF,EAET,CCrCA,IAAII,GAAuD,KASrD,SAAUC,GAAaC,EAAc,CACzC,GAAIC,GAAO,sCAAuC,CAChD,IAAMC,EAAS,CAACJ,GAKhB,GAJII,IACFJ,GAAU,CAAE,YAAa,GAAO,MAAO,IAAI,GAE7CE,EAAE,EACEE,EAAQ,CACJ,IAAAC,EAAyBL,GAAvBM,EAAWD,EAAA,YAAEE,EAAKF,EAAA,MAE1B,GADAL,GAAU,KACNM,EACF,MAAMC,QAMVL,EAAE,CAEN,CAMM,SAAUM,GAAaC,EAAQ,CAC/BN,GAAO,uCAAyCH,KAClDA,GAAQ,YAAc,GACtBA,GAAQ,MAAQS,EAEpB,CCrBA,IAAAC,GAAA,SAAAC,EAAA,CAAmCC,GAAAF,EAAAC,CAAA,EA6BjC,SAAAD,EAAYG,EAA6C,CAAzD,IAAAC,EACEH,EAAA,KAAA,IAAA,GAAO,KATC,OAAAG,EAAA,UAAqB,GAUzBD,GACFC,EAAK,YAAcD,EAGfE,GAAeF,CAAW,GAC5BA,EAAY,IAAIC,CAAI,GAGtBA,EAAK,YAAcE,IAEvB,CAzBO,OAAAN,EAAA,OAAP,SAAiBO,EAAwBC,EAA2BC,EAAqB,CACvF,OAAO,IAAIC,GAAeH,EAAMC,EAAOC,CAAQ,CACjD,EAgCAT,EAAA,UAAA,KAAA,SAAKW,EAAS,CACR,KAAK,UACPC,GAA0BC,GAAiBF,CAAK,EAAG,IAAI,EAEvD,KAAK,MAAMA,CAAM,CAErB,EASAX,EAAA,UAAA,MAAA,SAAMc,EAAS,CACT,KAAK,UACPF,GAA0BG,GAAkBD,CAAG,EAAG,IAAI,GAEtD,KAAK,UAAY,GACjB,KAAK,OAAOA,CAAG,EAEnB,EAQAd,EAAA,UAAA,SAAA,UAAA,CACM,KAAK,UACPY,GAA0BI,GAAuB,IAAI,GAErD,KAAK,UAAY,GACjB,KAAK,UAAS,EAElB,EAEAhB,EAAA,UAAA,YAAA,UAAA,CACO,KAAK,SACR,KAAK,UAAY,GACjBC,EAAA,UAAM,YAAW,KAAA,IAAA,EACjB,KAAK,YAAc,KAEvB,EAEUD,EAAA,UAAA,MAAV,SAAgBW,EAAQ,CACtB,KAAK,YAAY,KAAKA,CAAK,CAC7B,EAEUX,EAAA,UAAA,OAAV,SAAiBc,EAAQ,CACvB,GAAI,CACF,KAAK,YAAY,MAAMA,CAAG,UAE1B,KAAK,YAAW,EAEpB,EAEUd,EAAA,UAAA,UAAV,UAAA,CACE,GAAI,CACF,KAAK,YAAY,SAAQ,UAEzB,KAAK,YAAW,EAEpB,EACFA,CAAA,EApHmCiB,EAAY,EA2H/C,IAAMC,GAAQ,SAAS,UAAU,KAEjC,SAASC,GAAyCC,EAAQC,EAAY,CACpE,OAAOH,GAAM,KAAKE,EAAIC,CAAO,CAC/B,CAMA,IAAAC,GAAA,UAAA,CACE,SAAAA,EAAoBC,EAAqC,CAArC,KAAA,gBAAAA,CAAwC,CAE5D,OAAAD,EAAA,UAAA,KAAA,SAAKE,EAAQ,CACH,IAAAD,EAAoB,KAAI,gBAChC,GAAIA,EAAgB,KAClB,GAAI,CACFA,EAAgB,KAAKC,CAAK,QACnBC,EAAP,CACAC,GAAqBD,CAAK,EAGhC,EAEAH,EAAA,UAAA,MAAA,SAAMK,EAAQ,CACJ,IAAAJ,EAAoB,KAAI,gBAChC,GAAIA,EAAgB,MAClB,GAAI,CACFA,EAAgB,MAAMI,CAAG,QAClBF,EAAP,CACAC,GAAqBD,CAAK,OAG5BC,GAAqBC,CAAG,CAE5B,EAEAL,EAAA,UAAA,SAAA,UAAA,CACU,IAAAC,EAAoB,KAAI,gBAChC,GAAIA,EAAgB,SAClB,GAAI,CACFA,EAAgB,SAAQ,QACjBE,EAAP,CACAC,GAAqBD,CAAK,EAGhC,EACFH,CAAA,EArCA,EAuCAM,GAAA,SAAAC,EAAA,CAAuCC,GAAAF,EAAAC,CAAA,EACrC,SAAAD,EACEG,EACAN,EACAO,EAA8B,CAHhC,IAAAC,EAKEJ,EAAA,KAAA,IAAA,GAAO,KAEHN,EACJ,GAAIW,EAAWH,CAAc,GAAK,CAACA,EAGjCR,EAAkB,CAChB,KAAOQ,GAAc,KAAdA,EAAkB,OACzB,MAAON,GAAK,KAALA,EAAS,OAChB,SAAUO,GAAQ,KAARA,EAAY,YAEnB,CAEL,IAAIG,EACAF,GAAQG,GAAO,0BAIjBD,EAAU,OAAO,OAAOJ,CAAc,EACtCI,EAAQ,YAAc,UAAA,CAAM,OAAAF,EAAK,YAAW,CAAhB,EAC5BV,EAAkB,CAChB,KAAMQ,EAAe,MAAQZ,GAAKY,EAAe,KAAMI,CAAO,EAC9D,MAAOJ,EAAe,OAASZ,GAAKY,EAAe,MAAOI,CAAO,EACjE,SAAUJ,EAAe,UAAYZ,GAAKY,EAAe,SAAUI,CAAO,IAI5EZ,EAAkBQ,EAMtB,OAAAE,EAAK,YAAc,IAAIX,GAAiBC,CAAe,GACzD,CACF,OAAAK,CAAA,EAzCuCS,EAAU,EA2CjD,SAASC,GAAqBC,EAAU,CAClCC,GAAO,sCACTC,GAAaF,CAAK,EAIlBG,GAAqBH,CAAK,CAE9B,CAQA,SAASI,GAAoBC,EAAQ,CACnC,MAAMA,CACR,CAOA,SAASC,GAA0BC,EAA2CC,EAA2B,CAC/F,IAAAC,EAA0BR,GAAM,sBACxCQ,GAAyBC,GAAgB,WAAW,UAAA,CAAM,OAAAD,EAAsBF,EAAcC,CAAU,CAA9C,CAA+C,CAC3G,CAOO,IAAMG,GAA6D,CACxE,OAAQ,GACR,KAAMC,GACN,MAAOR,GACP,SAAUQ,ICjRL,IAAMC,GAA+B,UAAA,CAAM,OAAC,OAAO,QAAW,YAAc,OAAO,YAAe,cAAvD,EAAsE,ECyClH,SAAUC,GAAYC,EAAI,CAC9B,OAAOA,CACT,CCiCM,SAAUC,IAAI,SAACC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACnB,OAAOC,GAAcF,CAAG,CAC1B,CAGM,SAAUE,GAAoBF,EAA+B,CACjE,OAAIA,EAAI,SAAW,EACVG,GAGLH,EAAI,SAAW,EACVA,EAAI,GAGN,SAAeI,EAAQ,CAC5B,OAAOJ,EAAI,OAAO,SAACK,EAAWC,EAAuB,CAAK,OAAAA,EAAGD,CAAI,CAAP,EAAUD,CAAY,CAClF,CACF,CC9EA,IAAAG,EAAA,UAAA,CAkBE,SAAAA,EAAYC,EAA6E,CACnFA,IACF,KAAK,WAAaA,EAEtB,CA4BA,OAAAD,EAAA,UAAA,KAAA,SAAQE,EAAyB,CAC/B,IAAMC,EAAa,IAAIH,EACvB,OAAAG,EAAW,OAAS,KACpBA,EAAW,SAAWD,EACfC,CACT,EA8IAH,EAAA,UAAA,UAAA,SACEI,EACAC,EACAC,EAA8B,CAHhC,IAAAC,EAAA,KAKQC,EAAaC,GAAaL,CAAc,EAAIA,EAAiB,IAAIM,GAAeN,EAAgBC,EAAOC,CAAQ,EAErH,OAAAK,GAAa,UAAA,CACL,IAAAC,EAAuBL,EAArBL,EAAQU,EAAA,SAAEC,EAAMD,EAAA,OACxBJ,EAAW,IACTN,EAGIA,EAAS,KAAKM,EAAYK,CAAM,EAChCA,EAIAN,EAAK,WAAWC,CAAU,EAG1BD,EAAK,cAAcC,CAAU,CAAC,CAEtC,CAAC,EAEMA,CACT,EAGUR,EAAA,UAAA,cAAV,SAAwBc,EAAmB,CACzC,GAAI,CACF,OAAO,KAAK,WAAWA,CAAI,QACpBC,EAAP,CAIAD,EAAK,MAAMC,CAAG,EAElB,EA6DAf,EAAA,UAAA,QAAA,SAAQgB,EAA0BC,EAAoC,CAAtE,IAAAV,EAAA,KACE,OAAAU,EAAcC,GAAeD,CAAW,EAEjC,IAAIA,EAAkB,SAACE,EAASC,EAAM,CAC3C,IAAMZ,EAAa,IAAIE,GAAkB,CACvC,KAAM,SAACW,EAAK,CACV,GAAI,CACFL,EAAKK,CAAK,QACHN,EAAP,CACAK,EAAOL,CAAG,EACVP,EAAW,YAAW,EAE1B,EACA,MAAOY,EACP,SAAUD,EACX,EACDZ,EAAK,UAAUC,CAAU,CAC3B,CAAC,CACH,EAGUR,EAAA,UAAA,WAAV,SAAqBQ,EAA2B,OAC9C,OAAOI,EAAA,KAAK,UAAM,MAAAA,IAAA,OAAA,OAAAA,EAAE,UAAUJ,CAAU,CAC1C,EAOAR,EAAA,UAACG,IAAD,UAAA,CACE,OAAO,IACT,EA4FAH,EAAA,UAAA,KAAA,UAAA,SAAKsB,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACH,OAAOC,GAAcF,CAAU,EAAE,IAAI,CACvC,EA6BAtB,EAAA,UAAA,UAAA,SAAUiB,EAAoC,CAA9C,IAAAV,EAAA,KACE,OAAAU,EAAcC,GAAeD,CAAW,EAEjC,IAAIA,EAAY,SAACE,EAASC,EAAM,CACrC,IAAIC,EACJd,EAAK,UACH,SAACkB,EAAI,CAAK,OAACJ,EAAQI,CAAT,EACV,SAACV,EAAQ,CAAK,OAAAK,EAAOL,CAAG,CAAV,EACd,UAAA,CAAM,OAAAI,EAAQE,CAAK,CAAb,CAAc,CAExB,CAAC,CACH,EA3aOrB,EAAA,OAAkC,SAAIC,EAAwD,CACnG,OAAO,IAAID,EAAcC,CAAS,CACpC,EA0aFD,GA/cA,EAwdA,SAAS0B,GAAeC,EAA+C,OACrE,OAAOC,EAAAD,GAAW,KAAXA,EAAeE,GAAO,WAAO,MAAAD,IAAA,OAAAA,EAAI,OAC1C,CAEA,SAASE,GAAcC,EAAU,CAC/B,OAAOA,GAASC,EAAWD,EAAM,IAAI,GAAKC,EAAWD,EAAM,KAAK,GAAKC,EAAWD,EAAM,QAAQ,CAChG,CAEA,SAASE,GAAgBF,EAAU,CACjC,OAAQA,GAASA,aAAiBG,IAAgBJ,GAAWC,CAAK,GAAKI,GAAeJ,CAAK,CAC7F,CC1eM,SAAUK,GAAQC,EAAW,CACjC,OAAOC,EAAWD,GAAM,KAAA,OAANA,EAAQ,IAAI,CAChC,CAMM,SAAUE,EACdC,EAAqF,CAErF,OAAO,SAACH,EAAqB,CAC3B,GAAID,GAAQC,CAAM,EAChB,OAAOA,EAAO,KAAK,SAA+BI,EAA2B,CAC3E,GAAI,CACF,OAAOD,EAAKC,EAAc,IAAI,QACvBC,EAAP,CACA,KAAK,MAAMA,CAAG,EAElB,CAAC,EAEH,MAAM,IAAI,UAAU,wCAAwC,CAC9D,CACF,CCjBM,SAAUC,EACdC,EACAC,EACAC,EACAC,EACAC,EAAuB,CAEvB,OAAO,IAAIC,GAAmBL,EAAaC,EAAQC,EAAYC,EAASC,CAAU,CACpF,CAMA,IAAAC,GAAA,SAAAC,EAAA,CAA2CC,GAAAF,EAAAC,CAAA,EAiBzC,SAAAD,EACEL,EACAC,EACAC,EACAC,EACQC,EACAI,EAAiC,CAN3C,IAAAC,EAoBEH,EAAA,KAAA,KAAMN,CAAW,GAAC,KAfV,OAAAS,EAAA,WAAAL,EACAK,EAAA,kBAAAD,EAeRC,EAAK,MAAQR,EACT,SAAuCS,EAAQ,CAC7C,GAAI,CACFT,EAAOS,CAAK,QACLC,EAAP,CACAX,EAAY,MAAMW,CAAG,EAEzB,EACAL,EAAA,UAAM,MACVG,EAAK,OAASN,EACV,SAAuCQ,EAAQ,CAC7C,GAAI,CACFR,EAAQQ,CAAG,QACJA,EAAP,CAEAX,EAAY,MAAMW,CAAG,UAGrB,KAAK,YAAW,EAEpB,EACAL,EAAA,UAAM,OACVG,EAAK,UAAYP,EACb,UAAA,CACE,GAAI,CACFA,EAAU,QACHS,EAAP,CAEAX,EAAY,MAAMW,CAAG,UAGrB,KAAK,YAAW,EAEpB,EACAL,EAAA,UAAM,WACZ,CAEA,OAAAD,EAAA,UAAA,YAAA,UAAA,OACE,GAAI,CAAC,KAAK,mBAAqB,KAAK,kBAAiB,EAAI,CAC/C,IAAAO,EAAW,KAAI,OACvBN,EAAA,UAAM,YAAW,KAAA,IAAA,EAEjB,CAACM,KAAUC,EAAA,KAAK,cAAU,MAAAA,IAAA,QAAAA,EAAA,KAAf,IAAI,GAEnB,EACFR,CAAA,EAnF2CS,EAAU,ECd9C,IAAMC,GAAiD,CAG5D,SAAA,SAASC,EAAQ,CACf,IAAIC,EAAU,sBACVC,EAAkD,qBAC9CC,EAAaJ,GAAsB,SACvCI,IACFF,EAAUE,EAAS,sBACnBD,EAASC,EAAS,sBAEpB,IAAMC,EAASH,EAAQ,SAACI,EAAS,CAI/BH,EAAS,OACTF,EAASK,CAAS,CACpB,CAAC,EACD,OAAO,IAAIC,GAAa,UAAA,CAAM,OAAAJ,GAAM,KAAA,OAANA,EAASE,CAAM,CAAf,CAAgB,CAChD,EACA,sBAAqB,UAAA,SAACG,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACZ,IAAAL,EAAaJ,GAAsB,SAC3C,QAAQI,GAAQ,KAAA,OAARA,EAAU,wBAAyB,uBAAsB,MAAA,OAAAM,EAAA,CAAA,EAAAC,EAAIH,CAAI,CAAA,CAAA,CAC3E,EACA,qBAAoB,UAAA,SAACA,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACX,IAAAL,EAAaJ,GAAsB,SAC3C,QAAQI,GAAQ,KAAA,OAARA,EAAU,uBAAwB,sBAAqB,MAAA,OAAAM,EAAA,CAAA,EAAAC,EAAIH,CAAI,CAAA,CAAA,CACzE,EACA,SAAU,QCrBL,IAAMI,GAAuDC,GAClE,SAACC,EAAM,CACL,OAAA,UAAoC,CAClCA,EAAO,IAAI,EACX,KAAK,KAAO,0BACZ,KAAK,QAAU,qBACjB,CAJA,CAIC,ECXL,IAAAC,EAAA,SAAAC,EAAA,CAAgCC,GAAAF,EAAAC,CAAA,EAwB9B,SAAAD,GAAA,CAAA,IAAAG,EAEEF,EAAA,KAAA,IAAA,GAAO,KAzBT,OAAAE,EAAA,OAAS,GAEDA,EAAA,iBAAyC,KAGjDA,EAAA,UAA2B,CAAA,EAE3BA,EAAA,UAAY,GAEZA,EAAA,SAAW,GAEXA,EAAA,YAAmB,MAenB,CAGA,OAAAH,EAAA,UAAA,KAAA,SAAQI,EAAwB,CAC9B,IAAMC,EAAU,IAAIC,GAAiB,KAAM,IAAI,EAC/C,OAAAD,EAAQ,SAAWD,EACZC,CACT,EAGUL,EAAA,UAAA,eAAV,UAAA,CACE,GAAI,KAAK,OACP,MAAM,IAAIO,EAEd,EAEAP,EAAA,UAAA,KAAA,SAAKQ,EAAQ,CAAb,IAAAL,EAAA,KACEM,GAAa,UAAA,SAEX,GADAN,EAAK,eAAc,EACf,CAACA,EAAK,UAAW,CACdA,EAAK,mBACRA,EAAK,iBAAmB,MAAM,KAAKA,EAAK,SAAS,OAEnD,QAAuBO,EAAAC,GAAAR,EAAK,gBAAgB,EAAAS,EAAAF,EAAA,KAAA,EAAA,CAAAE,EAAA,KAAAA,EAAAF,EAAA,KAAA,EAAE,CAAzC,IAAMG,EAAQD,EAAA,MACjBC,EAAS,KAAKL,CAAK,qGAGzB,CAAC,CACH,EAEAR,EAAA,UAAA,MAAA,SAAMc,EAAQ,CAAd,IAAAX,EAAA,KACEM,GAAa,UAAA,CAEX,GADAN,EAAK,eAAc,EACf,CAACA,EAAK,UAAW,CACnBA,EAAK,SAAWA,EAAK,UAAY,GACjCA,EAAK,YAAcW,EAEnB,QADQC,EAAcZ,EAAI,UACnBY,EAAU,QACfA,EAAU,MAAK,EAAI,MAAMD,CAAG,EAGlC,CAAC,CACH,EAEAd,EAAA,UAAA,SAAA,UAAA,CAAA,IAAAG,EAAA,KACEM,GAAa,UAAA,CAEX,GADAN,EAAK,eAAc,EACf,CAACA,EAAK,UAAW,CACnBA,EAAK,UAAY,GAEjB,QADQY,EAAcZ,EAAI,UACnBY,EAAU,QACfA,EAAU,MAAK,EAAI,SAAQ,EAGjC,CAAC,CACH,EAEAf,EAAA,UAAA,YAAA,UAAA,CACE,KAAK,UAAY,KAAK,OAAS,GAC/B,KAAK,UAAY,KAAK,iBAAmB,IAC3C,EAEA,OAAA,eAAIA,EAAA,UAAA,WAAQ,KAAZ,UAAA,OACE,QAAOgB,EAAA,KAAK,aAAS,MAAAA,IAAA,OAAA,OAAAA,EAAE,QAAS,CAClC,kCAGUhB,EAAA,UAAA,cAAV,SAAwBiB,EAAyB,CAC/C,YAAK,eAAc,EACZhB,EAAA,UAAM,cAAa,KAAA,KAACgB,CAAU,CACvC,EAGUjB,EAAA,UAAA,WAAV,SAAqBiB,EAAyB,CAC5C,YAAK,eAAc,EACnB,KAAK,wBAAwBA,CAAU,EAChC,KAAK,gBAAgBA,CAAU,CACxC,EAGUjB,EAAA,UAAA,gBAAV,SAA0BiB,EAA2B,CAArD,IAAAd,EAAA,KACQa,EAAqC,KAAnCE,EAAQF,EAAA,SAAEG,EAASH,EAAA,UAAED,EAASC,EAAA,UACtC,OAAIE,GAAYC,EACPC,IAET,KAAK,iBAAmB,KACxBL,EAAU,KAAKE,CAAU,EAClB,IAAII,GAAa,UAAA,CACtBlB,EAAK,iBAAmB,KACxBmB,GAAUP,EAAWE,CAAU,CACjC,CAAC,EACH,EAGUjB,EAAA,UAAA,wBAAV,SAAkCiB,EAA2B,CACrD,IAAAD,EAAuC,KAArCE,EAAQF,EAAA,SAAEO,EAAWP,EAAA,YAAEG,EAASH,EAAA,UACpCE,EACFD,EAAW,MAAMM,CAAW,EACnBJ,GACTF,EAAW,SAAQ,CAEvB,EAQAjB,EAAA,UAAA,aAAA,UAAA,CACE,IAAMwB,EAAkB,IAAIC,EAC5B,OAAAD,EAAW,OAAS,KACbA,CACT,EAxHOxB,EAAA,OAAkC,SAAI0B,EAA0BC,EAAqB,CAC1F,OAAO,IAAIrB,GAAoBoB,EAAaC,CAAM,CACpD,EAuHF3B,GA7IgCyB,CAAU,EAkJ1C,IAAAG,GAAA,SAAAC,EAAA,CAAyCC,GAAAF,EAAAC,CAAA,EACvC,SAAAD,EAESG,EACPC,EAAsB,CAHxB,IAAAC,EAKEJ,EAAA,KAAA,IAAA,GAAO,KAHA,OAAAI,EAAA,YAAAF,EAIPE,EAAK,OAASD,GAChB,CAEA,OAAAJ,EAAA,UAAA,KAAA,SAAKM,EAAQ,UACXC,GAAAC,EAAA,KAAK,eAAW,MAAAA,IAAA,OAAA,OAAAA,EAAE,QAAI,MAAAD,IAAA,QAAAA,EAAA,KAAAC,EAAGF,CAAK,CAChC,EAEAN,EAAA,UAAA,MAAA,SAAMS,EAAQ,UACZF,GAAAC,EAAA,KAAK,eAAW,MAAAA,IAAA,OAAA,OAAAA,EAAE,SAAK,MAAAD,IAAA,QAAAA,EAAA,KAAAC,EAAGC,CAAG,CAC/B,EAEAT,EAAA,UAAA,SAAA,UAAA,UACEO,GAAAC,EAAA,KAAK,eAAW,MAAAA,IAAA,OAAA,OAAAA,EAAE,YAAQ,MAAAD,IAAA,QAAAA,EAAA,KAAAC,CAAA,CAC5B,EAGUR,EAAA,UAAA,WAAV,SAAqBU,EAAyB,SAC5C,OAAOH,GAAAC,EAAA,KAAK,UAAM,MAAAA,IAAA,OAAA,OAAAA,EAAE,UAAUE,CAAU,KAAC,MAAAH,IAAA,OAAAA,EAAII,EAC/C,EACFX,CAAA,EA1ByCY,CAAO,EC5JzC,IAAMC,GAA+C,CAC1D,IAAG,UAAA,CAGD,OAAQA,GAAsB,UAAY,MAAM,IAAG,CACrD,EACA,SAAU,QCwBZ,IAAAC,GAAA,SAAAC,EAAA,CAAsCC,GAAAF,EAAAC,CAAA,EAUpC,SAAAD,EACUG,EACAC,EACAC,EAA6D,CAF7DF,IAAA,SAAAA,EAAA,KACAC,IAAA,SAAAA,EAAA,KACAC,IAAA,SAAAA,EAAAC,IAHV,IAAAC,EAKEN,EAAA,KAAA,IAAA,GAAO,KAJC,OAAAM,EAAA,YAAAJ,EACAI,EAAA,YAAAH,EACAG,EAAA,mBAAAF,EAZFE,EAAA,QAA0B,CAAA,EAC1BA,EAAA,oBAAsB,GAc5BA,EAAK,oBAAsBH,IAAgB,IAC3CG,EAAK,YAAc,KAAK,IAAI,EAAGJ,CAAW,EAC1CI,EAAK,YAAc,KAAK,IAAI,EAAGH,CAAW,GAC5C,CAEA,OAAAJ,EAAA,UAAA,KAAA,SAAKQ,EAAQ,CACL,IAAAC,EAA+E,KAA7EC,EAASD,EAAA,UAAEE,EAAOF,EAAA,QAAEG,EAAmBH,EAAA,oBAAEJ,EAAkBI,EAAA,mBAAEL,EAAWK,EAAA,YAC3EC,IACHC,EAAQ,KAAKH,CAAK,EAClB,CAACI,GAAuBD,EAAQ,KAAKN,EAAmB,IAAG,EAAKD,CAAW,GAE7E,KAAK,YAAW,EAChBH,EAAA,UAAM,KAAI,KAAA,KAACO,CAAK,CAClB,EAGUR,EAAA,UAAA,WAAV,SAAqBa,EAAyB,CAC5C,KAAK,eAAc,EACnB,KAAK,YAAW,EAQhB,QANMC,EAAe,KAAK,gBAAgBD,CAAU,EAE9CJ,EAAmC,KAAjCG,EAAmBH,EAAA,oBAAEE,EAAOF,EAAA,QAG9BM,EAAOJ,EAAQ,MAAK,EACjBK,EAAI,EAAGA,EAAID,EAAK,QAAU,CAACF,EAAW,OAAQG,GAAKJ,EAAsB,EAAI,EACpFC,EAAW,KAAKE,EAAKC,EAAO,EAG9B,YAAK,wBAAwBH,CAAU,EAEhCC,CACT,EAEQd,EAAA,UAAA,YAAR,UAAA,CACQ,IAAAS,EAAoE,KAAlEN,EAAWM,EAAA,YAAEJ,EAAkBI,EAAA,mBAAEE,EAAOF,EAAA,QAAEG,EAAmBH,EAAA,oBAK/DQ,GAAsBL,EAAsB,EAAI,GAAKT,EAK3D,GAJAA,EAAc,KAAYc,EAAqBN,EAAQ,QAAUA,EAAQ,OAAO,EAAGA,EAAQ,OAASM,CAAkB,EAIlH,CAACL,EAAqB,CAKxB,QAJMM,EAAMb,EAAmB,IAAG,EAC9Bc,EAAO,EAGFH,EAAI,EAAGA,EAAIL,EAAQ,QAAWA,EAAQK,IAAiBE,EAAKF,GAAK,EACxEG,EAAOH,EAETG,GAAQR,EAAQ,OAAO,EAAGQ,EAAO,CAAC,EAEtC,EACFnB,CAAA,EAzEsCoB,CAAO,EClB7C,IAAAC,GAAA,SAAAC,EAAA,CAA+BC,GAAAF,EAAAC,CAAA,EAC7B,SAAAD,EAAYG,EAAsBC,EAAmD,QACnFH,EAAA,KAAA,IAAA,GAAO,IACT,CAWO,OAAAD,EAAA,UAAA,SAAP,SAAgBK,EAAWC,EAAiB,CAAjB,OAAAA,IAAA,SAAAA,EAAA,GAClB,IACT,EACFN,CAAA,EAjB+BO,EAAY,ECHpC,IAAMC,GAAqC,CAGhD,YAAA,SAAYC,EAAqBC,EAAgB,SAAEC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,EAAA,GAAA,UAAAA,GACzC,IAAAC,EAAaL,GAAgB,SACrC,OAAIK,GAAQ,MAARA,EAAU,YACLA,EAAS,YAAW,MAApBA,EAAQC,EAAA,CAAaL,EAASC,CAAO,EAAAK,EAAKJ,CAAI,CAAA,CAAA,EAEhD,YAAW,MAAA,OAAAG,EAAA,CAACL,EAASC,CAAO,EAAAK,EAAKJ,CAAI,CAAA,CAAA,CAC9C,EACA,cAAA,SAAcK,EAAM,CACV,IAAAH,EAAaL,GAAgB,SACrC,QAAQK,GAAQ,KAAA,OAARA,EAAU,gBAAiB,eAAeG,CAAa,CACjE,EACA,SAAU,QCrBZ,IAAAC,GAAA,SAAAC,EAAA,CAAoCC,GAAAF,EAAAC,CAAA,EAOlC,SAAAD,EAAsBG,EAAqCC,EAAmD,CAA9G,IAAAC,EACEJ,EAAA,KAAA,KAAME,EAAWC,CAAI,GAAC,KADF,OAAAC,EAAA,UAAAF,EAAqCE,EAAA,KAAAD,EAFjDC,EAAA,QAAmB,IAI7B,CAEO,OAAAL,EAAA,UAAA,SAAP,SAAgBM,EAAWC,EAAiB,OAC1C,GADyBA,IAAA,SAAAA,EAAA,GACrB,KAAK,OACP,OAAO,KAIT,KAAK,MAAQD,EAEb,IAAME,EAAK,KAAK,GACVL,EAAY,KAAK,UAuBvB,OAAIK,GAAM,OACR,KAAK,GAAK,KAAK,eAAeL,EAAWK,EAAID,CAAK,GAKpD,KAAK,QAAU,GAEf,KAAK,MAAQA,EAEb,KAAK,IAAKE,EAAA,KAAK,MAAE,MAAAA,IAAA,OAAAA,EAAI,KAAK,eAAeN,EAAW,KAAK,GAAII,CAAK,EAE3D,IACT,EAEUP,EAAA,UAAA,eAAV,SAAyBG,EAA2BO,EAAmBH,EAAiB,CAAjB,OAAAA,IAAA,SAAAA,EAAA,GAC9DI,GAAiB,YAAYR,EAAU,MAAM,KAAKA,EAAW,IAAI,EAAGI,CAAK,CAClF,EAEUP,EAAA,UAAA,eAAV,SAAyBY,EAA4BJ,EAAkBD,EAAwB,CAE7F,GAFqEA,IAAA,SAAAA,EAAA,GAEjEA,GAAS,MAAQ,KAAK,QAAUA,GAAS,KAAK,UAAY,GAC5D,OAAOC,EAILA,GAAM,MACRG,GAAiB,cAAcH,CAAE,CAIrC,EAMOR,EAAA,UAAA,QAAP,SAAeM,EAAUC,EAAa,CACpC,GAAI,KAAK,OACP,OAAO,IAAI,MAAM,8BAA8B,EAGjD,KAAK,QAAU,GACf,IAAMM,EAAQ,KAAK,SAASP,EAAOC,CAAK,EACxC,GAAIM,EACF,OAAOA,EACE,KAAK,UAAY,IAAS,KAAK,IAAM,OAc9C,KAAK,GAAK,KAAK,eAAe,KAAK,UAAW,KAAK,GAAI,IAAI,EAE/D,EAEUb,EAAA,UAAA,SAAV,SAAmBM,EAAUQ,EAAc,CACzC,IAAIC,EAAmB,GACnBC,EACJ,GAAI,CACF,KAAK,KAAKV,CAAK,QACRW,EAAP,CACAF,EAAU,GAIVC,EAAaC,GAAQ,IAAI,MAAM,oCAAoC,EAErE,GAAIF,EACF,YAAK,YAAW,EACTC,CAEX,EAEAhB,EAAA,UAAA,YAAA,UAAA,CACE,GAAI,CAAC,KAAK,OAAQ,CACV,IAAAS,EAAoB,KAAlBD,EAAEC,EAAA,GAAEN,EAASM,EAAA,UACbS,EAAYf,EAAS,QAE7B,KAAK,KAAO,KAAK,MAAQ,KAAK,UAAY,KAC1C,KAAK,QAAU,GAEfgB,GAAUD,EAAS,IAAI,EACnBV,GAAM,OACR,KAAK,GAAK,KAAK,eAAeL,EAAWK,EAAI,IAAI,GAGnD,KAAK,MAAQ,KACbP,EAAA,UAAM,YAAW,KAAA,IAAA,EAErB,EACFD,CAAA,EA9IoCoB,EAAM,ECgB1C,IAAAC,GAAA,UAAA,CAGE,SAAAA,EAAoBC,EAAoCC,EAAiC,CAAjCA,IAAA,SAAAA,EAAoBF,EAAU,KAAlE,KAAA,oBAAAC,EAClB,KAAK,IAAMC,CACb,CA6BO,OAAAF,EAAA,UAAA,SAAP,SAAmBG,EAAqDC,EAAmBC,EAAS,CAA5B,OAAAD,IAAA,SAAAA,EAAA,GAC/D,IAAI,KAAK,oBAAuB,KAAMD,CAAI,EAAE,SAASE,EAAOD,CAAK,CAC1E,EAnCcJ,EAAA,IAAoBM,GAAsB,IAoC1DN,GArCA,ECnBA,IAAAO,GAAA,SAAAC,EAAA,CAAoCC,GAAAF,EAAAC,CAAA,EAkBlC,SAAAD,EAAYG,EAAgCC,EAAiC,CAAjCA,IAAA,SAAAA,EAAoBC,GAAU,KAA1E,IAAAC,EACEL,EAAA,KAAA,KAAME,EAAiBC,CAAG,GAAC,KAlBtB,OAAAE,EAAA,QAAmC,CAAA,EAOnCA,EAAA,QAAmB,IAY1B,CAEO,OAAAN,EAAA,UAAA,MAAP,SAAaO,EAAwB,CAC3B,IAAAC,EAAY,KAAI,QAExB,GAAI,KAAK,QAAS,CAChBA,EAAQ,KAAKD,CAAM,EACnB,OAGF,IAAIE,EACJ,KAAK,QAAU,GAEf,EACE,IAAKA,EAAQF,EAAO,QAAQA,EAAO,MAAOA,EAAO,KAAK,EACpD,YAEMA,EAASC,EAAQ,MAAK,GAIhC,GAFA,KAAK,QAAU,GAEXC,EAAO,CACT,KAAQF,EAASC,EAAQ,MAAK,GAC5BD,EAAO,YAAW,EAEpB,MAAME,EAEV,EACFT,CAAA,EAhDoCK,EAAS,EC6CtC,IAAMK,GAAiB,IAAIC,GAAeC,EAAW,EAK/CC,GAAQH,GCjDrB,IAAAI,GAAA,SAAAC,EAAA,CAA6CC,GAAAF,EAAAC,CAAA,EAC3C,SAAAD,EAAsBG,EAA8CC,EAAmD,CAAvH,IAAAC,EACEJ,EAAA,KAAA,KAAME,EAAWC,CAAI,GAAC,KADF,OAAAC,EAAA,UAAAF,EAA8CE,EAAA,KAAAD,GAEpE,CAEU,OAAAJ,EAAA,UAAA,eAAV,SAAyBG,EAAoCG,EAAkBC,EAAiB,CAE9F,OAF6EA,IAAA,SAAAA,EAAA,GAEzEA,IAAU,MAAQA,EAAQ,EACrBN,EAAA,UAAM,eAAc,KAAA,KAACE,EAAWG,EAAIC,CAAK,GAGlDJ,EAAU,QAAQ,KAAK,IAAI,EAIpBA,EAAU,aAAeA,EAAU,WAAaK,GAAuB,sBAAsB,UAAA,CAAM,OAAAL,EAAU,MAAM,MAAS,CAAzB,CAA0B,GACtI,EAEUH,EAAA,UAAA,eAAV,SAAyBG,EAAoCG,EAAkBC,EAAiB,OAI9F,GAJ6EA,IAAA,SAAAA,EAAA,GAIzEA,GAAS,KAAOA,EAAQ,EAAI,KAAK,MAAQ,EAC3C,OAAON,EAAA,UAAM,eAAc,KAAA,KAACE,EAAWG,EAAIC,CAAK,EAK1C,IAAAE,EAAYN,EAAS,QACzBG,GAAM,QAAQI,EAAAD,EAAQA,EAAQ,OAAS,MAAE,MAAAC,IAAA,OAAA,OAAAA,EAAE,MAAOJ,IACpDE,GAAuB,qBAAqBF,CAAY,EACxDH,EAAU,WAAa,OAI3B,EACFH,CAAA,EApC6CW,EAAW,ECHxD,IAAAC,GAAA,SAAAC,EAAA,CAA6CC,GAAAF,EAAAC,CAAA,EAA7C,SAAAD,GAAA,+CAkCA,CAjCS,OAAAA,EAAA,UAAA,MAAP,SAAaG,EAAyB,CACpC,KAAK,QAAU,GAUf,IAAMC,EAAU,KAAK,WACrB,KAAK,WAAa,OAEV,IAAAC,EAAY,KAAI,QACpBC,EACJH,EAASA,GAAUE,EAAQ,MAAK,EAEhC,EACE,IAAKC,EAAQH,EAAO,QAAQA,EAAO,MAAOA,EAAO,KAAK,EACpD,aAEMA,EAASE,EAAQ,KAAOF,EAAO,KAAOC,GAAWC,EAAQ,MAAK,GAIxE,GAFA,KAAK,QAAU,GAEXC,EAAO,CACT,MAAQH,EAASE,EAAQ,KAAOF,EAAO,KAAOC,GAAWC,EAAQ,MAAK,GACpEF,EAAO,YAAW,EAEpB,MAAMG,EAEV,EACFN,CAAA,EAlC6CO,EAAc,ECgCpD,IAAMC,GAA0B,IAAIC,GAAwBC,EAAoB,EC8BhF,IAAMC,EAAQ,IAAIC,EAAkB,SAACC,EAAU,CAAK,OAAAA,EAAW,SAAQ,CAAnB,CAAqB,EC9D1E,SAAUC,GAAYC,EAAU,CACpC,OAAOA,GAASC,EAAWD,EAAM,QAAQ,CAC3C,CCDA,SAASE,GAAQC,EAAQ,CACvB,OAAOA,EAAIA,EAAI,OAAS,EAC1B,CAEM,SAAUC,GAAkBC,EAAW,CAC3C,OAAOC,EAAWJ,GAAKG,CAAI,CAAC,EAAIA,EAAK,IAAG,EAAK,MAC/C,CAEM,SAAUE,GAAaF,EAAW,CACtC,OAAOG,GAAYN,GAAKG,CAAI,CAAC,EAAIA,EAAK,IAAG,EAAK,MAChD,CAEM,SAAUI,GAAUJ,EAAaK,EAAoB,CACzD,OAAO,OAAOR,GAAKG,CAAI,GAAM,SAAWA,EAAK,IAAG,EAAMK,CACxD,CClBO,IAAMC,GAAe,SAAIC,EAAM,CAAwB,OAAAA,GAAK,OAAOA,EAAE,QAAW,UAAY,OAAOA,GAAM,UAAlD,ECMxD,SAAUC,GAAUC,EAAU,CAClC,OAAOC,EAAWD,GAAK,KAAA,OAALA,EAAO,IAAI,CAC/B,CCHM,SAAUE,GAAoBC,EAAU,CAC5C,OAAOC,EAAWD,EAAME,GAAkB,CAC5C,CCLM,SAAUC,GAAmBC,EAAQ,CACzC,OAAO,OAAO,eAAiBC,EAAWD,GAAG,KAAA,OAAHA,EAAM,OAAO,cAAc,CACvE,CCAM,SAAUE,GAAiCC,EAAU,CAEzD,OAAO,IAAI,UACT,iBACEA,IAAU,MAAQ,OAAOA,GAAU,SAAW,oBAAsB,IAAIA,EAAK,KAAG,0HACwC,CAE9H,CCXM,SAAUC,IAAiB,CAC/B,OAAI,OAAO,QAAW,YAAc,CAAC,OAAO,SACnC,aAGF,OAAO,QAChB,CAEO,IAAMC,GAAWD,GAAiB,ECJnC,SAAUE,GAAWC,EAAU,CACnC,OAAOC,EAAWD,GAAK,KAAA,OAALA,EAAQE,GAAgB,CAC5C,CCHM,SAAiBC,GAAsCC,EAAqC,mGAC1FC,EAASD,EAAe,UAAS,2DAGX,MAAA,CAAA,EAAAE,GAAMD,EAAO,KAAI,CAAE,CAAA,gBAArCE,EAAkBC,EAAA,KAAA,EAAhBC,EAAKF,EAAA,MAAEG,EAAIH,EAAA,KACfG,iBAAA,CAAA,EAAA,CAAA,SACF,MAAA,CAAA,EAAAF,EAAA,KAAA,CAAA,qBAEIC,CAAM,CAAA,SAAZ,MAAA,CAAA,EAAAD,EAAA,KAAA,CAAA,SAAA,OAAAA,EAAA,KAAA,mCAGF,OAAAH,EAAO,YAAW,6BAIhB,SAAUM,GAAwBC,EAAQ,CAG9C,OAAOC,EAAWD,GAAG,KAAA,OAAHA,EAAK,SAAS,CAClC,CCPM,SAAUE,EAAaC,EAAyB,CACpD,GAAIA,aAAiBC,EACnB,OAAOD,EAET,GAAIA,GAAS,KAAM,CACjB,GAAIE,GAAoBF,CAAK,EAC3B,OAAOG,GAAsBH,CAAK,EAEpC,GAAII,GAAYJ,CAAK,EACnB,OAAOK,GAAcL,CAAK,EAE5B,GAAIM,GAAUN,CAAK,EACjB,OAAOO,GAAYP,CAAK,EAE1B,GAAIQ,GAAgBR,CAAK,EACvB,OAAOS,GAAkBT,CAAK,EAEhC,GAAIU,GAAWV,CAAK,EAClB,OAAOW,GAAaX,CAAK,EAE3B,GAAIY,GAAqBZ,CAAK,EAC5B,OAAOa,GAAuBb,CAAK,EAIvC,MAAMc,GAAiCd,CAAK,CAC9C,CAMM,SAAUG,GAAyBY,EAAQ,CAC/C,OAAO,IAAId,EAAW,SAACe,EAAyB,CAC9C,IAAMC,EAAMF,EAAIG,IAAkB,EAClC,GAAIC,EAAWF,EAAI,SAAS,EAC1B,OAAOA,EAAI,UAAUD,CAAU,EAGjC,MAAM,IAAI,UAAU,gEAAgE,CACtF,CAAC,CACH,CASM,SAAUX,GAAiBe,EAAmB,CAClD,OAAO,IAAInB,EAAW,SAACe,EAAyB,CAU9C,QAASK,EAAI,EAAGA,EAAID,EAAM,QAAU,CAACJ,EAAW,OAAQK,IACtDL,EAAW,KAAKI,EAAMC,EAAE,EAE1BL,EAAW,SAAQ,CACrB,CAAC,CACH,CAEM,SAAUT,GAAee,EAAuB,CACpD,OAAO,IAAIrB,EAAW,SAACe,EAAyB,CAC9CM,EACG,KACC,SAACC,EAAK,CACCP,EAAW,SACdA,EAAW,KAAKO,CAAK,EACrBP,EAAW,SAAQ,EAEvB,EACA,SAACQ,EAAQ,CAAK,OAAAR,EAAW,MAAMQ,CAAG,CAApB,CAAqB,EAEpC,KAAK,KAAMC,EAAoB,CACpC,CAAC,CACH,CAEM,SAAUd,GAAgBe,EAAqB,CACnD,OAAO,IAAIzB,EAAW,SAACe,EAAyB,aAC9C,QAAoBW,EAAAC,GAAAF,CAAQ,EAAAG,EAAAF,EAAA,KAAA,EAAA,CAAAE,EAAA,KAAAA,EAAAF,EAAA,KAAA,EAAE,CAAzB,IAAMJ,EAAKM,EAAA,MAEd,GADAb,EAAW,KAAKO,CAAK,EACjBP,EAAW,OACb,yGAGJA,EAAW,SAAQ,CACrB,CAAC,CACH,CAEM,SAAUP,GAAqBqB,EAA+B,CAClE,OAAO,IAAI7B,EAAW,SAACe,EAAyB,CAC9Ce,GAAQD,EAAed,CAAU,EAAE,MAAM,SAACQ,EAAG,CAAK,OAAAR,EAAW,MAAMQ,CAAG,CAApB,CAAqB,CACzE,CAAC,CACH,CAEM,SAAUX,GAA0BmB,EAAqC,CAC7E,OAAOvB,GAAkBwB,GAAmCD,CAAc,CAAC,CAC7E,CAEA,SAAeD,GAAWD,EAAiCd,EAAyB,uIACxDkB,EAAAC,GAAAL,CAAa,gFAIrC,GAJeP,EAAKa,EAAA,MACpBpB,EAAW,KAAKO,CAAK,EAGjBP,EAAW,OACb,MAAA,CAAA,CAAA,6RAGJ,OAAAA,EAAW,SAAQ,WChHf,SAAUqB,GACdC,EACAC,EACAC,EACAC,EACAC,EAAc,CADdD,IAAA,SAAAA,EAAA,GACAC,IAAA,SAAAA,EAAA,IAEA,IAAMC,EAAuBJ,EAAU,SAAS,UAAA,CAC9CC,EAAI,EACAE,EACFJ,EAAmB,IAAI,KAAK,SAAS,KAAMG,CAAK,CAAC,EAEjD,KAAK,YAAW,CAEpB,EAAGA,CAAK,EAIR,GAFAH,EAAmB,IAAIK,CAAoB,EAEvC,CAACD,EAKH,OAAOC,CAEX,CCeM,SAAUC,GAAaC,EAA0BC,EAAS,CAAT,OAAAA,IAAA,SAAAA,EAAA,GAC9CC,EAAQ,SAACC,EAAQC,EAAU,CAChCD,EAAO,UACLE,EACED,EACA,SAACE,EAAK,CAAK,OAAAC,GAAgBH,EAAYJ,EAAW,UAAA,CAAM,OAAAI,EAAW,KAAKE,CAAK,CAArB,EAAwBL,CAAK,CAA1E,EACX,UAAA,CAAM,OAAAM,GAAgBH,EAAYJ,EAAW,UAAA,CAAM,OAAAI,EAAW,SAAQ,CAAnB,EAAuBH,CAAK,CAAzE,EACN,SAACO,EAAG,CAAK,OAAAD,GAAgBH,EAAYJ,EAAW,UAAA,CAAM,OAAAI,EAAW,MAAMI,CAAG,CAApB,EAAuBP,CAAK,CAAzE,CAA0E,CACpF,CAEL,CAAC,CACH,CCPM,SAAUQ,GAAeC,EAA0BC,EAAiB,CAAjB,OAAAA,IAAA,SAAAA,EAAA,GAChDC,EAAQ,SAACC,EAAQC,EAAU,CAChCA,EAAW,IAAIJ,EAAU,SAAS,UAAA,CAAM,OAAAG,EAAO,UAAUC,CAAU,CAA3B,EAA8BH,CAAK,CAAC,CAC9E,CAAC,CACH,CC7DM,SAAUI,GAAsBC,EAA6BC,EAAwB,CACzF,OAAOC,EAAUF,CAAK,EAAE,KAAKG,GAAYF,CAAS,EAAGG,GAAUH,CAAS,CAAC,CAC3E,CCFM,SAAUI,GAAmBC,EAAuBC,EAAwB,CAChF,OAAOC,EAAUF,CAAK,EAAE,KAAKG,GAAYF,CAAS,EAAGG,GAAUH,CAAS,CAAC,CAC3E,CCJM,SAAUI,GAAiBC,EAAqBC,EAAwB,CAC5E,OAAO,IAAIC,EAAc,SAACC,EAAU,CAElC,IAAIC,EAAI,EAER,OAAOH,EAAU,SAAS,UAAA,CACpBG,IAAMJ,EAAM,OAGdG,EAAW,SAAQ,GAInBA,EAAW,KAAKH,EAAMI,IAAI,EAIrBD,EAAW,QACd,KAAK,SAAQ,EAGnB,CAAC,CACH,CAAC,CACH,CCfM,SAAUE,GAAoBC,EAAoBC,EAAwB,CAC9E,OAAO,IAAIC,EAAc,SAACC,EAAU,CAClC,IAAIC,EAKJ,OAAAC,GAAgBF,EAAYF,EAAW,UAAA,CAErCG,EAAYJ,EAAcI,IAAgB,EAE1CC,GACEF,EACAF,EACA,UAAA,OACMK,EACAC,EACJ,GAAI,CAEDC,EAAkBJ,EAAS,KAAI,EAA7BE,EAAKE,EAAA,MAAED,EAAIC,EAAA,WACPC,EAAP,CAEAN,EAAW,MAAMM,CAAG,EACpB,OAGEF,EAKFJ,EAAW,SAAQ,EAGnBA,EAAW,KAAKG,CAAK,CAEzB,EACA,EACA,EAAI,CAER,CAAC,EAMM,UAAA,CAAM,OAAAI,EAAWN,GAAQ,KAAA,OAARA,EAAU,MAAM,GAAKA,EAAS,OAAM,CAA/C,CACf,CAAC,CACH,CCvDM,SAAUO,GAAyBC,EAAyBC,EAAwB,CACxF,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,yBAAyB,EAE3C,OAAO,IAAIE,EAAc,SAACC,EAAU,CAClCC,GAAgBD,EAAYF,EAAW,UAAA,CACrC,IAAMI,EAAWL,EAAM,OAAO,eAAc,EAC5CI,GACED,EACAF,EACA,UAAA,CACEI,EAAS,KAAI,EAAG,KAAK,SAACC,EAAM,CACtBA,EAAO,KAGTH,EAAW,SAAQ,EAEnBA,EAAW,KAAKG,EAAO,KAAK,CAEhC,CAAC,CACH,EACA,EACA,EAAI,CAER,CAAC,CACH,CAAC,CACH,CCzBM,SAAUC,GAA8BC,EAA8BC,EAAwB,CAClG,OAAOC,GAAsBC,GAAmCH,CAAK,EAAGC,CAAS,CACnF,CCoBM,SAAUG,GAAaC,EAA2BC,EAAwB,CAC9E,GAAID,GAAS,KAAM,CACjB,GAAIE,GAAoBF,CAAK,EAC3B,OAAOG,GAAmBH,EAAOC,CAAS,EAE5C,GAAIG,GAAYJ,CAAK,EACnB,OAAOK,GAAcL,EAAOC,CAAS,EAEvC,GAAIK,GAAUN,CAAK,EACjB,OAAOO,GAAgBP,EAAOC,CAAS,EAEzC,GAAIO,GAAgBR,CAAK,EACvB,OAAOS,GAAsBT,EAAOC,CAAS,EAE/C,GAAIS,GAAWV,CAAK,EAClB,OAAOW,GAAiBX,EAAOC,CAAS,EAE1C,GAAIW,GAAqBZ,CAAK,EAC5B,OAAOa,GAA2Bb,EAAOC,CAAS,EAGtD,MAAMa,GAAiCd,CAAK,CAC9C,CCoDM,SAAUe,GAAQC,EAA2BC,EAAyB,CAC1E,OAAOA,EAAYC,GAAUF,EAAOC,CAAS,EAAIE,EAAUH,CAAK,CAClE,CCxBM,SAAUI,GAAE,SAAIC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACpB,IAAMC,EAAYC,GAAaH,CAAI,EACnC,OAAOI,GAAKJ,EAAaE,CAAS,CACpC,CCsCM,SAAUG,GAAWC,EAA0BC,EAAyB,CAC5E,IAAMC,EAAeC,EAAWH,CAAmB,EAAIA,EAAsB,UAAA,CAAM,OAAAA,CAAA,EAC7EI,EAAO,SAACC,EAA6B,CAAK,OAAAA,EAAW,MAAMH,EAAY,CAAE,CAA/B,EAChD,OAAO,IAAII,EAAWL,EAAY,SAACI,EAAU,CAAK,OAAAJ,EAAU,SAASG,EAAa,EAAGC,CAAU,CAA7C,EAAiDD,CAAI,CACzG,CCrHM,SAAUG,GAAYC,EAAU,CACpC,OAAOA,aAAiB,MAAQ,CAAC,MAAMA,CAAY,CACrD,CCsCM,SAAUC,EAAUC,EAAyCC,EAAa,CAC9E,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAEhC,IAAIC,EAAQ,EAGZF,EAAO,UACLG,EAAyBF,EAAY,SAACG,EAAQ,CAG5CH,EAAW,KAAKJ,EAAQ,KAAKC,EAASM,EAAOF,GAAO,CAAC,CACvD,CAAC,CAAC,CAEN,CAAC,CACH,CC1DQ,IAAAG,GAAY,MAAK,QAEzB,SAASC,GAAkBC,EAA6BC,EAAW,CAC/D,OAAOH,GAAQG,CAAI,EAAID,EAAE,MAAA,OAAAE,EAAA,CAAA,EAAAC,EAAIF,CAAI,CAAA,CAAA,EAAID,EAAGC,CAAI,CAChD,CAMM,SAAUG,GAAuBJ,EAA2B,CAC9D,OAAOK,EAAI,SAAAJ,EAAI,CAAI,OAAAF,GAAYC,EAAIC,CAAI,CAApB,CAAqB,CAC5C,CCfQ,IAAAK,GAAY,MAAK,QACjBC,GAA0D,OAAM,eAArCC,GAA+B,OAAM,UAAlBC,GAAY,OAAM,KAQlE,SAAUC,GAAqDC,EAAuB,CAC1F,GAAIA,EAAK,SAAW,EAAG,CACrB,IAAMC,EAAQD,EAAK,GACnB,GAAIL,GAAQM,CAAK,EACf,MAAO,CAAE,KAAMA,EAAO,KAAM,IAAI,EAElC,GAAIC,GAAOD,CAAK,EAAG,CACjB,IAAME,EAAOL,GAAQG,CAAK,EAC1B,MAAO,CACL,KAAME,EAAK,IAAI,SAACC,EAAG,CAAK,OAAAH,EAAMG,EAAN,CAAU,EAClC,KAAID,IAKV,MAAO,CAAE,KAAMH,EAAa,KAAM,IAAI,CACxC,CAEA,SAASE,GAAOG,EAAQ,CACtB,OAAOA,GAAO,OAAOA,GAAQ,UAAYT,GAAeS,CAAG,IAAMR,EACnE,CC7BM,SAAUS,GAAaC,EAAgBC,EAAa,CACxD,OAAOD,EAAK,OAAO,SAACE,EAAQC,EAAKC,EAAC,CAAK,OAAEF,EAAOC,GAAOF,EAAOG,GAAKF,CAA5B,EAAqC,CAAA,CAAS,CACvF,CCsMM,SAAUG,GAAa,SAAoCC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAC/D,IAAMC,EAAYC,GAAaH,CAAI,EAC7BI,EAAiBC,GAAkBL,CAAI,EAEvCM,EAA8BC,GAAqBP,CAAI,EAA/CQ,EAAWF,EAAA,KAAEG,EAAIH,EAAA,KAE/B,GAAIE,EAAY,SAAW,EAIzB,OAAOE,GAAK,CAAA,EAAIR,CAAgB,EAGlC,IAAMS,EAAS,IAAIC,EACjBC,GACEL,EACAN,EACAO,EAEI,SAACK,EAAM,CAAK,OAAAC,GAAaN,EAAMK,CAAM,CAAzB,EAEZE,EAAQ,CACb,EAGH,OAAOZ,EAAkBO,EAAO,KAAKM,GAAiBb,CAAc,CAAC,EAAsBO,CAC7F,CAEM,SAAUE,GACdL,EACAN,EACAgB,EAAiD,CAAjD,OAAAA,IAAA,SAAAA,EAAAF,IAEO,SAACG,EAA2B,CAGjCC,GACElB,EACA,UAAA,CAaE,QAZQmB,EAAWb,EAAW,OAExBM,EAAS,IAAI,MAAMO,CAAM,EAG3BC,EAASD,EAITE,EAAuBF,aAGlBG,EAAC,CACRJ,GACElB,EACA,UAAA,CACE,IAAMuB,EAASf,GAAKF,EAAYgB,GAAItB,CAAgB,EAChDwB,EAAgB,GACpBD,EAAO,UACLE,EACER,EACA,SAACS,EAAK,CAEJd,EAAOU,GAAKI,EACPF,IAEHA,EAAgB,GAChBH,KAEGA,GAGHJ,EAAW,KAAKD,EAAeJ,EAAO,MAAK,CAAE,CAAC,CAElD,EACA,UAAA,CACO,EAAEQ,GAGLH,EAAW,SAAQ,CAEvB,CAAC,CACF,CAEL,EACAA,CAAU,GAjCLK,EAAI,EAAGA,EAAIH,EAAQG,MAAnBA,CAAC,CAoCZ,EACAL,CAAU,CAEd,CACF,CAMA,SAASC,GAAclB,EAAsC2B,EAAqBC,EAA0B,CACtG5B,EACF6B,GAAgBD,EAAc5B,EAAW2B,CAAO,EAEhDA,EAAO,CAEX,CC3RM,SAAUG,GACdC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EAAgC,CAGhC,IAAMC,EAAc,CAAA,EAEhBC,EAAS,EAETC,EAAQ,EAERC,EAAa,GAKXC,EAAgB,UAAA,CAIhBD,GAAc,CAACH,EAAO,QAAU,CAACC,GACnCR,EAAW,SAAQ,CAEvB,EAGMY,EAAY,SAACC,EAAQ,CAAK,OAACL,EAASN,EAAaY,EAAWD,CAAK,EAAIN,EAAO,KAAKM,CAAK,CAA5D,EAE1BC,EAAa,SAACD,EAAQ,CAI1BT,GAAUJ,EAAW,KAAKa,CAAY,EAItCL,IAKA,IAAIO,EAAgB,GAGpBC,EAAUf,EAAQY,EAAOJ,GAAO,CAAC,EAAE,UACjCQ,EACEjB,EACA,SAACkB,EAAU,CAGTf,GAAY,MAAZA,EAAee,CAAU,EAErBd,EAGFQ,EAAUM,CAAiB,EAG3BlB,EAAW,KAAKkB,CAAU,CAE9B,EACA,UAAA,CAGEH,EAAgB,EAClB,EAEA,OACA,UAAA,CAIE,GAAIA,EAKF,GAAI,CAIFP,IAKA,qBACE,IAAMW,EAAgBZ,EAAO,MAAK,EAI9BF,EACFe,GAAgBpB,EAAYK,EAAmB,UAAA,CAAM,OAAAS,EAAWK,CAAa,CAAxB,CAAyB,EAE9EL,EAAWK,CAAa,GARrBZ,EAAO,QAAUC,EAASN,OAYjCS,EAAa,QACNU,EAAP,CACArB,EAAW,MAAMqB,CAAG,EAG1B,CAAC,CACF,CAEL,EAGA,OAAAtB,EAAO,UACLkB,EAAyBjB,EAAYY,EAAW,UAAA,CAE9CF,EAAa,GACbC,EAAa,CACf,CAAC,CAAC,EAKG,UAAA,CACLL,GAAmB,MAAnBA,EAAmB,CACrB,CACF,CClEM,SAAUgB,GACdC,EACAC,EACAC,EAA6B,CAE7B,OAFAA,IAAA,SAAAA,EAAA,KAEIC,EAAWF,CAAc,EAEpBF,GAAS,SAACK,EAAGC,EAAC,CAAK,OAAAC,EAAI,SAACC,EAAQC,EAAU,CAAK,OAAAP,EAAeG,EAAGG,EAAGF,EAAGG,CAAE,CAA1B,CAA2B,EAAEC,EAAUT,EAAQI,EAAGC,CAAC,CAAC,CAAC,CAAjF,EAAoFH,CAAU,GAC/G,OAAOD,GAAmB,WACnCC,EAAaD,GAGRS,EAAQ,SAACC,EAAQC,EAAU,CAAK,OAAAC,GAAeF,EAAQC,EAAYZ,EAASE,CAAU,CAAtD,CAAuD,EAChG,CChCM,SAAUY,GAAyCC,EAA6B,CAA7B,OAAAA,IAAA,SAAAA,EAAA,KAChDC,GAASC,GAAUF,CAAU,CACtC,CCNM,SAAUG,IAAS,CACvB,OAAOC,GAAS,CAAC,CACnB,CCmDM,SAAUC,IAAM,SAACC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACrB,OAAOC,GAAS,EAAGC,GAAKH,EAAMI,GAAaJ,CAAI,CAAC,CAAC,CACnD,CC9DM,SAAUK,EAAsCC,EAA0B,CAC9E,OAAO,IAAIC,EAA+B,SAACC,EAAU,CACnDC,EAAUH,EAAiB,CAAE,EAAE,UAAUE,CAAU,CACrD,CAAC,CACH,CChDA,IAAME,GAA0B,CAAC,cAAe,gBAAgB,EAC1DC,GAAqB,CAAC,mBAAoB,qBAAqB,EAC/DC,GAAgB,CAAC,KAAM,KAAK,EA8N5B,SAAUC,EACdC,EACAC,EACAC,EACAC,EAAsC,CAMtC,GAJIC,EAAWF,CAAO,IACpBC,EAAiBD,EACjBA,EAAU,QAERC,EACF,OAAOJ,EAAaC,EAAQC,EAAWC,CAA+B,EAAE,KAAKG,GAAiBF,CAAc,CAAC,EAUzG,IAAAG,EAAAC,EAEJC,GAAcR,CAAM,EAChBH,GAAmB,IAAI,SAACY,EAAU,CAAK,OAAA,SAACC,EAAY,CAAK,OAAAV,EAAOS,GAAYR,EAAWS,EAASR,CAA+B,CAAtE,CAAlB,CAAyF,EAElIS,GAAwBX,CAAM,EAC5BJ,GAAwB,IAAIgB,GAAwBZ,EAAQC,CAAS,CAAC,EACtEY,GAA0Bb,CAAM,EAChCF,GAAc,IAAIc,GAAwBZ,EAAQC,CAAS,CAAC,EAC5D,CAAA,EAAE,CAAA,EATDa,EAAGR,EAAA,GAAES,EAAMT,EAAA,GAgBlB,GAAI,CAACQ,GACCE,GAAYhB,CAAM,EACpB,OAAOiB,GAAS,SAACC,EAAc,CAAK,OAAAnB,EAAUmB,EAAWjB,EAAWC,CAA+B,CAA/D,CAAgE,EAClGiB,EAAUnB,CAAM,CAAC,EAOvB,GAAI,CAACc,EACH,MAAM,IAAI,UAAU,sBAAsB,EAG5C,OAAO,IAAIM,EAAc,SAACC,EAAU,CAIlC,IAAMX,EAAU,UAAA,SAACY,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAAmB,OAAAF,EAAW,KAAK,EAAIC,EAAK,OAASA,EAAOA,EAAK,EAAE,CAAhD,EAEpC,OAAAR,EAAIJ,CAAO,EAEJ,UAAA,CAAM,OAAAK,EAAQL,CAAO,CAAf,CACf,CAAC,CACH,CASA,SAASE,GAAwBZ,EAAaC,EAAiB,CAC7D,OAAO,SAACQ,EAAkB,CAAK,OAAA,SAACC,EAAY,CAAK,OAAAV,EAAOS,GAAYR,EAAWS,CAAO,CAArC,CAAlB,CACjC,CAOA,SAASC,GAAwBX,EAAW,CAC1C,OAAOI,EAAWJ,EAAO,WAAW,GAAKI,EAAWJ,EAAO,cAAc,CAC3E,CAOA,SAASa,GAA0Bb,EAAW,CAC5C,OAAOI,EAAWJ,EAAO,EAAE,GAAKI,EAAWJ,EAAO,GAAG,CACvD,CAOA,SAASQ,GAAcR,EAAW,CAChC,OAAOI,EAAWJ,EAAO,gBAAgB,GAAKI,EAAWJ,EAAO,mBAAmB,CACrF,CC/LM,SAAUwB,GACdC,EACAC,EACAC,EAAsC,CAEtC,OAAIA,EACKH,GAAoBC,EAAYC,CAAa,EAAE,KAAKE,GAAiBD,CAAc,CAAC,EAGtF,IAAIE,EAAoB,SAACC,EAAU,CACxC,IAAMC,EAAU,UAAA,SAACC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAAc,OAAAH,EAAW,KAAKE,EAAE,SAAW,EAAIA,EAAE,GAAKA,CAAC,CAAzC,EACzBE,EAAWT,EAAWM,CAAO,EACnC,OAAOI,EAAWT,CAAa,EAAI,UAAA,CAAM,OAAAA,EAAcK,EAASG,CAAQ,CAA/B,EAAmC,MAC9E,CAAC,CACH,CCtBM,SAAUE,GACdC,EACAC,EACAC,EAAyC,CAFzCF,IAAA,SAAAA,EAAA,GAEAE,IAAA,SAAAA,EAAAC,IAIA,IAAIC,EAAmB,GAEvB,OAAIH,GAAuB,OAIrBI,GAAYJ,CAAmB,EACjCC,EAAYD,EAIZG,EAAmBH,GAIhB,IAAIK,EAAW,SAACC,EAAU,CAI/B,IAAIC,EAAMC,GAAYT,CAAO,EAAI,CAACA,EAAUE,EAAW,IAAG,EAAKF,EAE3DQ,EAAM,IAERA,EAAM,GAIR,IAAIE,EAAI,EAGR,OAAOR,EAAU,SAAS,UAAA,CACnBK,EAAW,SAEdA,EAAW,KAAKG,GAAG,EAEf,GAAKN,EAGP,KAAK,SAAS,OAAWA,CAAgB,EAGzCG,EAAW,SAAQ,EAGzB,EAAGC,CAAG,CACR,CAAC,CACH,CChGM,SAAUG,GAAK,SAACC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACpB,IAAMC,EAAYC,GAAaH,CAAI,EAC7BI,EAAaC,GAAUL,EAAM,GAAQ,EACrCM,EAAUN,EAChB,OAAQM,EAAQ,OAGZA,EAAQ,SAAW,EAEnBC,EAAUD,EAAQ,EAAE,EAEpBE,GAASJ,CAAU,EAAEK,GAAKH,EAASJ,CAAS,CAAC,EAL7CQ,CAMN,CCjEO,IAAMC,GAAQ,IAAIC,EAAkBC,EAAI,ECpCvC,IAAAC,GAAY,MAAK,QAMnB,SAAUC,GAAkBC,EAAiB,CACjD,OAAOA,EAAK,SAAW,GAAKF,GAAQE,EAAK,EAAE,EAAIA,EAAK,GAAMA,CAC5D,CCoDM,SAAUC,EAAUC,EAAiDC,EAAa,CACtF,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAEhC,IAAIC,EAAQ,EAIZF,EAAO,UAILG,EAAyBF,EAAY,SAACG,EAAK,CAAK,OAAAP,EAAU,KAAKC,EAASM,EAAOF,GAAO,GAAKD,EAAW,KAAKG,CAAK,CAAhE,CAAiE,CAAC,CAEtH,CAAC,CACH,CCxBM,SAAUC,IAAG,SAACC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAClB,IAAMC,EAAiBC,GAAkBH,CAAI,EAEvCI,EAAUC,GAAeL,CAAI,EAEnC,OAAOI,EAAQ,OACX,IAAIE,EAAsB,SAACC,EAAU,CAGnC,IAAIC,EAAuBJ,EAAQ,IAAI,UAAA,CAAM,MAAA,CAAA,CAAA,CAAE,EAK3CK,EAAYL,EAAQ,IAAI,UAAA,CAAM,MAAA,EAAA,CAAK,EAGvCG,EAAW,IAAI,UAAA,CACbC,EAAUC,EAAY,IACxB,CAAC,EAKD,mBAASC,EAAW,CAClBC,EAAUP,EAAQM,EAAY,EAAE,UAC9BE,EACEL,EACA,SAACM,EAAK,CAKJ,GAJAL,EAAQE,GAAa,KAAKG,CAAK,EAI3BL,EAAQ,MAAM,SAACM,EAAM,CAAK,OAAAA,EAAO,MAAP,CAAa,EAAG,CAC5C,IAAMC,EAAcP,EAAQ,IAAI,SAACM,EAAM,CAAK,OAAAA,EAAO,MAAK,CAAZ,CAAe,EAE3DP,EAAW,KAAKL,EAAiBA,EAAc,MAAA,OAAAc,EAAA,CAAA,EAAAC,EAAIF,CAAM,CAAA,CAAA,EAAIA,CAAM,EAI/DP,EAAQ,KAAK,SAACM,EAAQI,EAAC,CAAK,MAAA,CAACJ,EAAO,QAAUL,EAAUS,EAA5B,CAA8B,GAC5DX,EAAW,SAAQ,EAGzB,EACA,UAAA,CAGEE,EAAUC,GAAe,GAIzB,CAACF,EAAQE,GAAa,QAAUH,EAAW,SAAQ,CACrD,CAAC,CACF,GA9BIG,EAAc,EAAG,CAACH,EAAW,QAAUG,EAAcN,EAAQ,OAAQM,MAArEA,CAAW,EAmCpB,OAAO,UAAA,CACLF,EAAUC,EAAY,IACxB,CACF,CAAC,EACDU,CACN,CC9DM,SAAUC,GAASC,EAAoD,CAC3E,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAW,GACXC,EAAsB,KACtBC,EAA6C,KAC7CC,EAAa,GAEXC,EAAc,UAAA,CAGlB,GAFAF,GAAkB,MAAlBA,EAAoB,YAAW,EAC/BA,EAAqB,KACjBF,EAAU,CACZA,EAAW,GACX,IAAMK,EAAQJ,EACdA,EAAY,KACZF,EAAW,KAAKM,CAAK,EAEvBF,GAAcJ,EAAW,SAAQ,CACnC,EAEMO,EAAkB,UAAA,CACtBJ,EAAqB,KACrBC,GAAcJ,EAAW,SAAQ,CACnC,EAEAD,EAAO,UACLS,EACER,EACA,SAACM,EAAK,CACJL,EAAW,GACXC,EAAYI,EACPH,GACHM,EAAUZ,EAAiBS,CAAK,CAAC,EAAE,UAChCH,EAAqBK,EAAyBR,EAAYK,EAAaE,CAAe,CAAE,CAG/F,EACA,UAAA,CACEH,EAAa,IACZ,CAACH,GAAY,CAACE,GAAsBA,EAAmB,SAAWH,EAAW,SAAQ,CACxF,CAAC,CACF,CAEL,CAAC,CACH,CC3CM,SAAUU,GAAaC,EAAkBC,EAAyC,CAAzC,OAAAA,IAAA,SAAAA,EAAAC,IACtCC,GAAM,UAAA,CAAM,OAAAC,GAAMJ,EAAUC,CAAS,CAAzB,CAA0B,CAC/C,CCEM,SAAUI,GAAeC,EAAoBC,EAAsC,CAAtC,OAAAA,IAAA,SAAAA,EAAA,MAGjDA,EAAmBA,GAAgB,KAAhBA,EAAoBD,EAEhCE,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAiB,CAAA,EACjBC,EAAQ,EAEZH,EAAO,UACLI,EACEH,EACA,SAACI,EAAK,aACAC,EAAuB,KAKvBH,IAAUL,IAAsB,GAClCI,EAAQ,KAAK,CAAA,CAAE,MAIjB,QAAqBK,EAAAC,GAAAN,CAAO,EAAAO,EAAAF,EAAA,KAAA,EAAA,CAAAE,EAAA,KAAAA,EAAAF,EAAA,KAAA,EAAE,CAAzB,IAAMG,EAAMD,EAAA,MACfC,EAAO,KAAKL,CAAK,EAMbR,GAAca,EAAO,SACvBJ,EAASA,GAAM,KAANA,EAAU,CAAA,EACnBA,EAAO,KAAKI,CAAM,qGAItB,GAAIJ,MAIF,QAAqBK,EAAAH,GAAAF,CAAM,EAAAM,EAAAD,EAAA,KAAA,EAAA,CAAAC,EAAA,KAAAA,EAAAD,EAAA,KAAA,EAAE,CAAxB,IAAMD,EAAME,EAAA,MACfC,GAAUX,EAASQ,CAAM,EACzBT,EAAW,KAAKS,CAAM,oGAG5B,EACA,UAAA,aAGE,QAAqBI,EAAAN,GAAAN,CAAO,EAAAa,EAAAD,EAAA,KAAA,EAAA,CAAAC,EAAA,KAAAA,EAAAD,EAAA,KAAA,EAAE,CAAzB,IAAMJ,EAAMK,EAAA,MACfd,EAAW,KAAKS,CAAM,oGAExBT,EAAW,SAAQ,CACrB,EAEA,OACA,UAAA,CAEEC,EAAU,IACZ,CAAC,CACF,CAEL,CAAC,CACH,CCbM,SAAUc,GACdC,EAAgD,CAEhD,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAgC,KAChCC,EAAY,GACZC,EAEJF,EAAWF,EAAO,UAChBK,EAAyBJ,EAAY,OAAW,OAAW,SAACK,EAAG,CAC7DF,EAAgBG,EAAUT,EAASQ,EAAKT,GAAWC,CAAQ,EAAEE,CAAM,CAAC,CAAC,EACjEE,GACFA,EAAS,YAAW,EACpBA,EAAW,KACXE,EAAc,UAAUH,CAAU,GAIlCE,EAAY,EAEhB,CAAC,CAAC,EAGAA,IAMFD,EAAS,YAAW,EACpBA,EAAW,KACXE,EAAe,UAAUH,CAAU,EAEvC,CAAC,CACH,CC/HM,SAAUO,GACdC,EACAC,EACAC,EACAC,EACAC,EAAqC,CAErC,OAAO,SAACC,EAAuBC,EAA2B,CAIxD,IAAIC,EAAWL,EAIXM,EAAaP,EAEbQ,EAAQ,EAGZJ,EAAO,UACLK,EACEJ,EACA,SAACK,EAAK,CAEJ,IAAMC,EAAIH,IAEVD,EAAQD,EAEJP,EAAYQ,EAAOG,EAAOC,CAAC,GAIzBL,EAAW,GAAOI,GAGxBR,GAAcG,EAAW,KAAKE,CAAK,CACrC,EAGAJ,GACG,UAAA,CACCG,GAAYD,EAAW,KAAKE,CAAK,EACjCF,EAAW,SAAQ,CACrB,CAAE,CACL,CAEL,CACF,CCnCM,SAAUO,IAAa,SAAOC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAClC,IAAMC,EAAiBC,GAAkBH,CAAI,EAC7C,OAAOE,EACHE,GAAKL,GAAa,MAAA,OAAAM,EAAA,CAAA,EAAAC,EAAKN,CAAoC,CAAA,CAAA,EAAGO,GAAiBL,CAAc,CAAC,EAC9FM,EAAQ,SAACC,EAAQC,EAAU,CACzBC,GAAiBN,EAAA,CAAEI,CAAM,EAAAH,EAAKM,GAAeZ,CAAI,CAAC,CAAA,CAAA,EAAGU,CAAU,CACjE,CAAC,CACP,CCUM,SAAUG,IAAiB,SAC/BC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAEA,OAAOC,GAAa,MAAA,OAAAC,EAAA,CAAA,EAAAC,EAAIJ,CAAY,CAAA,CAAA,CACtC,CC+BM,SAAUK,GACdC,EACAC,EAA6G,CAE7G,OAAOC,EAAWD,CAAc,EAAIE,GAASH,EAASC,EAAgB,CAAC,EAAIE,GAASH,EAAS,CAAC,CAChG,CCpBM,SAAUI,GAAgBC,EAAiBC,EAAyC,CAAzC,OAAAA,IAAA,SAAAA,EAAAC,IACxCC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAkC,KAClCC,EAAsB,KACtBC,EAA0B,KAExBC,EAAO,UAAA,CACX,GAAIH,EAAY,CAEdA,EAAW,YAAW,EACtBA,EAAa,KACb,IAAMI,EAAQH,EACdA,EAAY,KACZF,EAAW,KAAKK,CAAK,EAEzB,EACA,SAASC,GAAY,CAInB,IAAMC,EAAaJ,EAAYR,EACzBa,EAAMZ,EAAU,IAAG,EACzB,GAAIY,EAAMD,EAAY,CAEpBN,EAAa,KAAK,SAAS,OAAWM,EAAaC,CAAG,EACtDR,EAAW,IAAIC,CAAU,EACzB,OAGFG,EAAI,CACN,CAEAL,EAAO,UACLU,EACET,EACA,SAACK,EAAQ,CACPH,EAAYG,EACZF,EAAWP,EAAU,IAAG,EAGnBK,IACHA,EAAaL,EAAU,SAASU,EAAcX,CAAO,EACrDK,EAAW,IAAIC,CAAU,EAE7B,EACA,UAAA,CAGEG,EAAI,EACJJ,EAAW,SAAQ,CACrB,EAEA,OACA,UAAA,CAEEE,EAAYD,EAAa,IAC3B,CAAC,CACF,CAEL,CAAC,CACH,CCpFM,SAAUS,GAAqBC,EAAe,CAClD,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAW,GACfF,EAAO,UACLG,EACEF,EACA,SAACG,EAAK,CACJF,EAAW,GACXD,EAAW,KAAKG,CAAK,CACvB,EACA,UAAA,CACOF,GACHD,EAAW,KAAKH,CAAa,EAE/BG,EAAW,SAAQ,CACrB,CAAC,CACF,CAEL,CAAC,CACH,CCXM,SAAUI,GAAQC,EAAa,CACnC,OAAOA,GAAS,EAEZ,UAAA,CAAM,OAAAC,CAAA,EACNC,EAAQ,SAACC,EAAQC,EAAU,CACzB,IAAIC,EAAO,EACXF,EAAO,UACLG,EAAyBF,EAAY,SAACG,EAAK,CAIrC,EAAEF,GAAQL,IACZI,EAAW,KAAKG,CAAK,EAIjBP,GAASK,GACXD,EAAW,SAAQ,EAGzB,CAAC,CAAC,CAEN,CAAC,CACP,CC9BM,SAAUI,IAAc,CAC5B,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChCD,EAAO,UAAUE,EAAyBD,EAAYE,EAAI,CAAC,CAC7D,CAAC,CACH,CCCM,SAAUC,GAASC,EAAQ,CAC/B,OAAOC,EAAI,UAAA,CAAM,OAAAD,CAAA,CAAK,CACxB,CCyCM,SAAUE,GACdC,EACAC,EAAmC,CAEnC,OAAIA,EAEK,SAACC,EAAqB,CAC3B,OAAAC,GAAOF,EAAkB,KAAKG,GAAK,CAAC,EAAGC,GAAc,CAAE,EAAGH,EAAO,KAAKH,GAAUC,CAAqB,CAAC,CAAC,CAAvG,EAGGM,GAAS,SAACC,EAAOC,EAAK,CAAK,OAAAR,EAAsBO,EAAOC,CAAK,EAAE,KAAKJ,GAAK,CAAC,EAAGK,GAAMF,CAAK,CAAC,CAA9D,CAA+D,CACnG,CCtCM,SAAUG,GAASC,EAAoBC,EAAyC,CAAzCA,IAAA,SAAAA,EAAAC,IAC3C,IAAMC,EAAWC,GAAMJ,EAAKC,CAAS,EACrC,OAAOI,GAAU,UAAA,CAAM,OAAAF,CAAA,CAAQ,CACjC,CC0EM,SAAUG,EACdC,EACAC,EAA0D,CAA1D,OAAAA,IAAA,SAAAA,EAA+BC,IAK/BF,EAAaA,GAAU,KAAVA,EAAcG,GAEpBC,EAAQ,SAACC,EAAQC,EAAU,CAGhC,IAAIC,EAEAC,EAAQ,GAEZH,EAAO,UACLI,EAAyBH,EAAY,SAACI,EAAK,CAEzC,IAAMC,EAAaV,EAAYS,CAAK,GAKhCF,GAAS,CAACR,EAAYO,EAAaI,CAAU,KAM/CH,EAAQ,GACRD,EAAcI,EAGdL,EAAW,KAAKI,CAAK,EAEzB,CAAC,CAAC,CAEN,CAAC,CACH,CAEA,SAASP,GAAeS,EAAQC,EAAM,CACpC,OAAOD,IAAMC,CACf,CCjHM,SAAUC,EAA8CC,EAAQC,EAAuC,CAC3G,OAAOC,EAAqB,SAACC,EAAMC,EAAI,CAAK,OAAAH,EAAUA,EAAQE,EAAEH,GAAMI,EAAEJ,EAAI,EAAIG,EAAEH,KAASI,EAAEJ,EAAjD,CAAqD,CACnG,CCLM,SAAUK,IAAO,SAAIC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACzB,OAAO,SAACC,EAAqB,CAAK,OAAAC,GAAOD,EAAQE,EAAE,MAAA,OAAAC,EAAA,CAAA,EAAAC,EAAIN,CAAM,CAAA,CAAA,CAAA,CAA3B,CACpC,CCHM,SAAUO,EAAYC,EAAoB,CAC9C,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAGhC,GAAI,CACFD,EAAO,UAAUC,CAAU,UAE3BA,EAAW,IAAIH,CAAQ,EAE3B,CAAC,CACH,CC9BM,SAAUI,GAAYC,EAAa,CACvC,OAAOA,GAAS,EACZ,UAAA,CAAM,OAAAC,CAAA,EACNC,EAAQ,SAACC,EAAQC,EAAU,CAKzB,IAAIC,EAAc,CAAA,EAClBF,EAAO,UACLG,EACEF,EACA,SAACG,EAAK,CAEJF,EAAO,KAAKE,CAAK,EAGjBP,EAAQK,EAAO,QAAUA,EAAO,MAAK,CACvC,EACA,UAAA,aAGE,QAAoBG,EAAAC,GAAAJ,CAAM,EAAAK,EAAAF,EAAA,KAAA,EAAA,CAAAE,EAAA,KAAAA,EAAAF,EAAA,KAAA,EAAE,CAAvB,IAAMD,EAAKG,EAAA,MACdN,EAAW,KAAKG,CAAK,oGAEvBH,EAAW,SAAQ,CACrB,EAEA,OACA,UAAA,CAEEC,EAAS,IACX,CAAC,CACF,CAEL,CAAC,CACP,CC1DM,SAAUM,IAAK,SAAIC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACvB,IAAMC,EAAYC,GAAaH,CAAI,EAC7BI,EAAaC,GAAUL,EAAM,GAAQ,EAC3C,OAAAA,EAAOM,GAAeN,CAAI,EAEnBO,EAAQ,SAACC,EAAQC,EAAU,CAChCC,GAASN,CAAU,EAAEO,GAAIC,EAAA,CAAEJ,CAAM,EAAAK,EAAMb,CAA6B,CAAA,EAAGE,CAAS,CAAC,EAAE,UAAUO,CAAU,CACzG,CAAC,CACH,CCcM,SAAUK,IAAS,SACvBC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAEA,OAAOC,GAAK,MAAA,OAAAC,EAAA,CAAA,EAAAC,EAAIJ,CAAY,CAAA,CAAA,CAC9B,CCmEM,SAAUK,GAAUC,EAAqC,OACzDC,EAAQ,IACRC,EAEJ,OAAIF,GAAiB,OACf,OAAOA,GAAkB,UACxBG,EAA4BH,EAAa,MAAzCC,EAAKE,IAAA,OAAG,IAAQA,EAAED,EAAUF,EAAa,OAE5CC,EAAQD,GAILC,GAAS,EACZ,UAAA,CAAM,OAAAG,CAAA,EACNC,EAAQ,SAACC,EAAQC,EAAU,CACzB,IAAIC,EAAQ,EACRC,EAEEC,EAAc,UAAA,CAGlB,GAFAD,GAAS,MAATA,EAAW,YAAW,EACtBA,EAAY,KACRP,GAAS,KAAM,CACjB,IAAMS,EAAW,OAAOT,GAAU,SAAWU,GAAMV,CAAK,EAAIW,EAAUX,EAAMM,CAAK,CAAC,EAC5EM,EAAqBC,EAAyBR,EAAY,UAAA,CAC9DO,EAAmB,YAAW,EAC9BE,EAAiB,CACnB,CAAC,EACDL,EAAS,UAAUG,CAAkB,OAErCE,EAAiB,CAErB,EAEMA,EAAoB,UAAA,CACxB,IAAIC,EAAY,GAChBR,EAAYH,EAAO,UACjBS,EAAyBR,EAAY,OAAW,UAAA,CAC1C,EAAEC,EAAQP,EACRQ,EACFC,EAAW,EAEXO,EAAY,GAGdV,EAAW,SAAQ,CAEvB,CAAC,CAAC,EAGAU,GACFP,EAAW,CAEf,EAEAM,EAAiB,CACnB,CAAC,CACP,CC7HM,SAAUE,GAAUC,EAAyB,CACjD,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAW,GACXC,EAAsB,KAC1BH,EAAO,UACLI,EAAyBH,EAAY,SAACI,EAAK,CACzCH,EAAW,GACXC,EAAYE,CACd,CAAC,CAAC,EAEJP,EAAS,UACPM,EACEH,EACA,UAAA,CACE,GAAIC,EAAU,CACZA,EAAW,GACX,IAAMG,EAAQF,EACdA,EAAY,KACZF,EAAW,KAAKI,CAAK,EAEzB,EACAC,EAAI,CACL,CAEL,CAAC,CACH,CCgBM,SAAUC,GAAcC,EAA6DC,EAAQ,CAMjG,OAAOC,EAAQC,GAAcH,EAAaC,EAAW,UAAU,QAAU,EAAG,EAAI,CAAC,CACnF,CCgDM,SAAUG,GAASC,EAA4B,CAA5BA,IAAA,SAAAA,EAAA,CAAA,GACf,IAAAC,EAAgHD,EAAO,UAAvHE,EAASD,IAAA,OAAG,UAAA,CAAM,OAAA,IAAIE,CAAJ,EAAgBF,EAAEG,EAA4EJ,EAAO,aAAnFK,EAAYD,IAAA,OAAG,GAAIA,EAAEE,EAAuDN,EAAO,gBAA9DO,EAAeD,IAAA,OAAG,GAAIA,EAAEE,EAA+BR,EAAO,oBAAtCS,EAAmBD,IAAA,OAAG,GAAIA,EAUnH,OAAO,SAACE,EAAa,CACnB,IAAIC,EACAC,EACAC,EACAC,EAAW,EACXC,EAAe,GACfC,EAAa,GAEXC,EAAc,UAAA,CAClBL,GAAe,MAAfA,EAAiB,YAAW,EAC5BA,EAAkB,MACpB,EAGMM,EAAQ,UAAA,CACZD,EAAW,EACXN,EAAaE,EAAU,OACvBE,EAAeC,EAAa,EAC9B,EACMG,EAAsB,UAAA,CAG1B,IAAMC,EAAOT,EACbO,EAAK,EACLE,GAAI,MAAJA,EAAM,YAAW,CACnB,EAEA,OAAOC,EAAc,SAACC,EAAQC,GAAU,CACtCT,IACI,CAACE,GAAc,CAACD,GAClBE,EAAW,EAOb,IAAMO,GAAQX,EAAUA,GAAO,KAAPA,EAAWX,EAAS,EAO5CqB,GAAW,IAAI,UAAA,CACbT,IAKIA,IAAa,GAAK,CAACE,GAAc,CAACD,IACpCH,EAAkBa,GAAYN,EAAqBV,CAAmB,EAE1E,CAAC,EAIDe,GAAK,UAAUD,EAAU,EAGvB,CAACZ,GAIDG,EAAW,IAOXH,EAAa,IAAIe,GAAe,CAC9B,KAAM,SAACC,GAAK,CAAK,OAAAH,GAAK,KAAKG,EAAK,CAAf,EACjB,MAAO,SAACC,GAAG,CACTZ,EAAa,GACbC,EAAW,EACXL,EAAkBa,GAAYP,EAAOb,EAAcuB,EAAG,EACtDJ,GAAK,MAAMI,EAAG,CAChB,EACA,SAAU,UAAA,CACRb,EAAe,GACfE,EAAW,EACXL,EAAkBa,GAAYP,EAAOX,CAAe,EACpDiB,GAAK,SAAQ,CACf,EACD,EACDK,EAAUP,CAAM,EAAE,UAAUX,CAAU,EAE1C,CAAC,EAAED,CAAa,CAClB,CACF,CAEA,SAASe,GACPP,EACAY,EAA+C,SAC/CC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,EAAA,GAAA,UAAAA,GAEA,GAAIF,IAAO,GAAM,CACfZ,EAAK,EACL,OAGF,GAAIY,IAAO,GAIX,KAAMG,EAAe,IAAIP,GAAe,CACtC,KAAM,UAAA,CACJO,EAAa,YAAW,EACxBf,EAAK,CACP,EACD,EAED,OAAOY,EAAE,MAAA,OAAAI,EAAA,CAAA,EAAAC,EAAIJ,CAAI,CAAA,CAAA,EAAE,UAAUE,CAAY,EAC3C,CCjHM,SAAUG,EACdC,EACAC,EACAC,EAAyB,WAErBC,EACAC,EAAW,GACf,OAAIJ,GAAsB,OAAOA,GAAuB,UACnDK,EAA8EL,EAAkB,WAAhGG,EAAUE,IAAA,OAAG,IAAQA,EAAEC,EAAuDN,EAAkB,WAAzEC,EAAUK,IAAA,OAAG,IAAQA,EAAEC,EAAgCP,EAAkB,SAAlDI,EAAQG,IAAA,OAAG,GAAKA,EAAEL,EAAcF,EAAkB,WAEnGG,EAAcH,GAAkB,KAAlBA,EAAsB,IAE/BQ,GAAS,CACd,UAAW,UAAA,CAAM,OAAA,IAAIC,GAAcN,EAAYF,EAAYC,CAAS,CAAnD,EACjB,aAAc,GACd,gBAAiB,GACjB,oBAAqBE,EACtB,CACH,CCxIM,SAAUM,GAAQC,EAAa,CACnC,OAAOC,EAAO,SAACC,EAAGC,EAAK,CAAK,OAAAH,GAASG,CAAT,CAAc,CAC5C,CCWM,SAAUC,GAAaC,EAAyB,CACpD,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAS,GAEPC,EAAiBC,EACrBH,EACA,UAAA,CACEE,GAAc,MAAdA,EAAgB,YAAW,EAC3BD,EAAS,EACX,EACAG,EAAI,EAGNC,EAAUR,CAAQ,EAAE,UAAUK,CAAc,EAE5CH,EAAO,UAAUI,EAAyBH,EAAY,SAACM,EAAK,CAAK,OAAAL,GAAUD,EAAW,KAAKM,CAAK,CAA/B,CAAgC,CAAC,CACpG,CAAC,CACH,CCRM,SAAUC,GAAS,SAAOC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GAC9B,IAAMC,EAAYC,GAAaH,CAAM,EACrC,OAAOI,EAAQ,SAACC,EAAQC,EAAU,EAI/BJ,EAAYK,GAAOP,EAAQK,EAAQH,CAAS,EAAIK,GAAOP,EAAQK,CAAM,GAAG,UAAUC,CAAU,CAC/F,CAAC,CACH,CCmBM,SAAUE,EACdC,EACAC,EAA6G,CAE7G,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAyD,KACzDC,EAAQ,EAERC,EAAa,GAIXC,EAAgB,UAAA,CAAM,OAAAD,GAAc,CAACF,GAAmBD,EAAW,SAAQ,CAArD,EAE5BD,EAAO,UACLM,EACEL,EACA,SAACM,EAAK,CAEJL,GAAe,MAAfA,EAAiB,YAAW,EAC5B,IAAIM,EAAa,EACXC,EAAaN,IAEnBO,EAAUb,EAAQU,EAAOE,CAAU,CAAC,EAAE,UACnCP,EAAkBI,EACjBL,EAIA,SAACU,EAAU,CAAK,OAAAV,EAAW,KAAKH,EAAiBA,EAAeS,EAAOI,EAAYF,EAAYD,GAAY,EAAIG,CAAU,CAAzG,EAChB,UAAA,CAIET,EAAkB,KAClBG,EAAa,CACf,CAAC,CACD,CAEN,EACA,UAAA,CACED,EAAa,GACbC,EAAa,CACf,CAAC,CACF,CAEL,CAAC,CACH,CCvFM,SAAUO,GAAaC,EAA8B,CACzD,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChCC,EAAUJ,CAAQ,EAAE,UAAUK,EAAyBF,EAAY,UAAA,CAAM,OAAAA,EAAW,SAAQ,CAAnB,EAAuBG,EAAI,CAAC,EACrG,CAACH,EAAW,QAAUD,EAAO,UAAUC,CAAU,CACnD,CAAC,CACH,CCIM,SAAUI,GAAaC,EAAiDC,EAAiB,CAAjB,OAAAA,IAAA,SAAAA,EAAA,IACrEC,EAAQ,SAACC,EAAQC,EAAU,CAChC,IAAIC,EAAQ,EACZF,EAAO,UACLG,EAAyBF,EAAY,SAACG,EAAK,CACzC,IAAMC,EAASR,EAAUO,EAAOF,GAAO,GACtCG,GAAUP,IAAcG,EAAW,KAAKG,CAAK,EAC9C,CAACC,GAAUJ,EAAW,SAAQ,CAChC,CAAC,CAAC,CAEN,CAAC,CACH,CCyCM,SAAUK,EACdC,EACAC,EACAC,EAA8B,CAK9B,IAAMC,EACJC,EAAWJ,CAAc,GAAKC,GAASC,EAElC,CAAE,KAAMF,EAA2E,MAAKC,EAAE,SAAQC,CAAA,EACnGF,EAEN,OAAOG,EACHE,EAAQ,SAACC,EAAQC,EAAU,QACzBC,EAAAL,EAAY,aAAS,MAAAK,IAAA,QAAAA,EAAA,KAArBL,CAAW,EACX,IAAIM,EAAU,GACdH,EAAO,UACLI,EACEH,EACA,SAACI,EAAK,QACJH,EAAAL,EAAY,QAAI,MAAAK,IAAA,QAAAA,EAAA,KAAhBL,EAAmBQ,CAAK,EACxBJ,EAAW,KAAKI,CAAK,CACvB,EACA,UAAA,OACEF,EAAU,IACVD,EAAAL,EAAY,YAAQ,MAAAK,IAAA,QAAAA,EAAA,KAApBL,CAAW,EACXI,EAAW,SAAQ,CACrB,EACA,SAACK,EAAG,OACFH,EAAU,IACVD,EAAAL,EAAY,SAAK,MAAAK,IAAA,QAAAA,EAAA,KAAjBL,EAAoBS,CAAG,EACvBL,EAAW,MAAMK,CAAG,CACtB,EACA,UAAA,SACMH,KACFD,EAAAL,EAAY,eAAW,MAAAK,IAAA,QAAAA,EAAA,KAAvBL,CAAW,IAEbU,EAAAV,EAAY,YAAQ,MAAAU,IAAA,QAAAA,EAAA,KAApBV,CAAW,CACb,CAAC,CACF,CAEL,CAAC,EAIDW,EACN,CC9IO,IAAMC,GAAwC,CACnD,QAAS,GACT,SAAU,IAiDN,SAAUC,GACdC,EACAC,EAA8C,CAA9C,OAAAA,IAAA,SAAAA,EAAAH,IAEOI,EAAQ,SAACC,EAAQC,EAAU,CACxB,IAAAC,EAAsBJ,EAAM,QAAnBK,EAAaL,EAAM,SAChCM,EAAW,GACXC,EAAsB,KACtBC,EAAiC,KACjCC,EAAa,GAEXC,EAAgB,UAAA,CACpBF,GAAS,MAATA,EAAW,YAAW,EACtBA,EAAY,KACRH,IACFM,EAAI,EACJF,GAAcN,EAAW,SAAQ,EAErC,EAEMS,EAAoB,UAAA,CACxBJ,EAAY,KACZC,GAAcN,EAAW,SAAQ,CACnC,EAEMU,EAAgB,SAACC,EAAQ,CAC7B,OAACN,EAAYO,EAAUhB,EAAiBe,CAAK,CAAC,EAAE,UAAUE,EAAyBb,EAAYO,EAAeE,CAAiB,CAAC,CAAhI,EAEID,EAAO,UAAA,CACX,GAAIL,EAAU,CAIZA,EAAW,GACX,IAAMQ,EAAQP,EACdA,EAAY,KAEZJ,EAAW,KAAKW,CAAK,EACrB,CAACL,GAAcI,EAAcC,CAAK,EAEtC,EAEAZ,EAAO,UACLc,EACEb,EAMA,SAACW,EAAK,CACJR,EAAW,GACXC,EAAYO,EACZ,EAAEN,GAAa,CAACA,EAAU,UAAYJ,EAAUO,EAAI,EAAKE,EAAcC,CAAK,EAC9E,EACA,UAAA,CACEL,EAAa,GACb,EAAEJ,GAAYC,GAAYE,GAAa,CAACA,EAAU,SAAWL,EAAW,SAAQ,CAClF,CAAC,CACF,CAEL,CAAC,CACH,CCvEM,SAAUc,GACdC,EACAC,EACAC,EAA8B,CAD9BD,IAAA,SAAAA,EAAAE,IACAD,IAAA,SAAAA,EAAAE,IAEA,IAAMC,EAAYC,GAAMN,EAAUC,CAAS,EAC3C,OAAOM,GAAS,UAAA,CAAM,OAAAF,CAAA,EAAWH,CAAM,CACzC,CCJM,SAAUM,IAAc,SAAOC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACnC,IAAMC,EAAUC,GAAkBH,CAAM,EAExC,OAAOI,EAAQ,SAACC,EAAQC,EAAU,CAehC,QAdMC,EAAMP,EAAO,OACbQ,EAAc,IAAI,MAAMD,CAAG,EAI7BE,EAAWT,EAAO,IAAI,UAAA,CAAM,MAAA,EAAA,CAAK,EAGjCU,EAAQ,cAMHC,EAAC,CACRC,EAAUZ,EAAOW,EAAE,EAAE,UACnBE,EACEP,EACA,SAACQ,EAAK,CACJN,EAAYG,GAAKG,EACb,CAACJ,GAAS,CAACD,EAASE,KAEtBF,EAASE,GAAK,IAKbD,EAAQD,EAAS,MAAMM,EAAQ,KAAON,EAAW,MAEtD,EAGAO,EAAI,CACL,GAnBIL,EAAI,EAAGA,EAAIJ,EAAKI,MAAhBA,CAAC,EAwBVN,EAAO,UACLQ,EAAyBP,EAAY,SAACQ,EAAK,CACzC,GAAIJ,EAAO,CAET,IAAMO,EAAMC,EAAA,CAAIJ,CAAK,EAAAK,EAAKX,CAAW,CAAA,EACrCF,EAAW,KAAKJ,EAAUA,EAAO,MAAA,OAAAgB,EAAA,CAAA,EAAAC,EAAIF,CAAM,CAAA,CAAA,EAAIA,CAAM,EAEzD,CAAC,CAAC,CAEN,CAAC,CACH,CCxFM,SAAUG,IAAG,SAAOC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACxB,OAAOC,EAAQ,SAACC,EAAQC,EAAU,CAChCL,GAAS,MAAA,OAAAM,EAAA,CAACF,CAA8B,EAAAG,EAAMN,CAAuC,CAAA,CAAA,EAAE,UAAUI,CAAU,CAC7G,CAAC,CACH,CCCM,SAAUG,IAAO,SAAkCC,EAAA,CAAA,EAAAC,EAAA,EAAAA,EAAA,UAAA,OAAAA,IAAAD,EAAAC,GAAA,UAAAA,GACvD,OAAOC,GAAG,MAAA,OAAAC,EAAA,CAAA,EAAAC,EAAIJ,CAAW,CAAA,CAAA,CAC3B,CCYO,SAASK,IAAmC,CACjD,IAAMC,EAAY,IAAIC,GAAwB,CAAC,EAC/C,OAAAC,EAAU,SAAU,mBAAoB,CAAE,KAAM,EAAK,CAAC,EACnD,UAAU,IAAMF,EAAU,KAAK,QAAQ,CAAC,EAGpCA,CACT,CCHO,SAASG,EACdC,EAAkBC,EAAmB,SAChC,CACL,OAAO,MAAM,KAAKA,EAAK,iBAAoBD,CAAQ,CAAC,CACtD,CAuBO,SAASE,EACdF,EAAkBC,EAAmB,SAClC,CACH,IAAME,EAAKC,GAAsBJ,EAAUC,CAAI,EAC/C,GAAI,OAAOE,GAAO,YAChB,MAAM,IAAI,eACR,8BAA8BH,kBAChC,EAGF,OAAOG,CACT,CAsBO,SAASC,GACdJ,EAAkBC,EAAmB,SACtB,CACf,OAAOA,EAAK,cAAiBD,CAAQ,GAAK,MAC5C,CAOO,SAASK,IAA4C,CAC1D,OAAO,SAAS,yBAAyB,aACrC,SAAS,eAAiB,MAEhC,CClEO,SAASC,GACdC,EACqB,CACrB,OAAOC,EACLC,EAAU,SAAS,KAAM,SAAS,EAClCA,EAAU,SAAS,KAAM,UAAU,CACrC,EACG,KACCC,GAAa,CAAC,EACdC,EAAI,IAAM,CACR,IAAMC,EAASC,GAAiB,EAChC,OAAO,OAAOD,GAAW,YACrBL,EAAG,SAASK,CAAM,EAClB,EACN,CAAC,EACDE,EAAUP,IAAOM,GAAiB,CAAC,EACnCE,EAAqB,CACvB,CACJ,CChBO,SAASC,GACdC,EACe,CACf,MAAO,CACL,EAAGA,EAAG,WACN,EAAGA,EAAG,SACR,CACF,CAWO,SAASC,GACdD,EAC2B,CAC3B,OAAOE,EACLC,EAAU,OAAQ,MAAM,EACxBA,EAAU,OAAQ,QAAQ,CAC5B,EACG,KACCC,GAAU,EAAGC,EAAuB,EACpCC,EAAI,IAAMP,GAAiBC,CAAE,CAAC,EAC9BO,EAAUR,GAAiBC,CAAE,CAAC,CAChC,CACJ,CCxCO,SAASQ,GACdC,EACe,CACf,MAAO,CACL,EAAGA,EAAG,WACN,EAAGA,EAAG,SACR,CACF,CAWO,SAASC,GACdD,EAC2B,CAC3B,OAAOE,EACLC,EAAUH,EAAI,QAAQ,EACtBG,EAAU,OAAQ,QAAQ,CAC5B,EACG,KACCC,GAAU,EAAGC,EAAuB,EACpCC,EAAI,IAAMP,GAAwBC,CAAE,CAAC,EACrCO,EAAUR,GAAwBC,CAAE,CAAC,CACvC,CACJ,CCpEA,IAAIQ,GAAW,UAAY,CACvB,GAAI,OAAO,KAAQ,YACf,OAAO,IASX,SAASC,EAASC,EAAKC,EAAK,CACxB,IAAIC,EAAS,GACb,OAAAF,EAAI,KAAK,SAAUG,EAAOC,EAAO,CAC7B,OAAID,EAAM,KAAOF,GACbC,EAASE,EACF,IAEJ,EACX,CAAC,EACMF,CACX,CACA,OAAsB,UAAY,CAC9B,SAASG,GAAU,CACf,KAAK,YAAc,CAAC,CACxB,CACA,cAAO,eAAeA,EAAQ,UAAW,OAAQ,CAI7C,IAAK,UAAY,CACb,OAAO,KAAK,YAAY,MAC5B,EACA,WAAY,GACZ,aAAc,EAClB,CAAC,EAKDA,EAAQ,UAAU,IAAM,SAAUJ,EAAK,CACnC,IAAIG,EAAQL,EAAS,KAAK,YAAaE,CAAG,EACtCE,EAAQ,KAAK,YAAYC,GAC7B,OAAOD,GAASA,EAAM,EAC1B,EAMAE,EAAQ,UAAU,IAAM,SAAUJ,EAAKK,EAAO,CAC1C,IAAIF,EAAQL,EAAS,KAAK,YAAaE,CAAG,EACtC,CAACG,EACD,KAAK,YAAYA,GAAO,GAAKE,EAG7B,KAAK,YAAY,KAAK,CAACL,EAAKK,CAAK,CAAC,CAE1C,EAKAD,EAAQ,UAAU,OAAS,SAAUJ,EAAK,CACtC,IAAIM,EAAU,KAAK,YACfH,EAAQL,EAASQ,EAASN,CAAG,EAC7B,CAACG,GACDG,EAAQ,OAAOH,EAAO,CAAC,CAE/B,EAKAC,EAAQ,UAAU,IAAM,SAAUJ,EAAK,CACnC,MAAO,CAAC,CAAC,CAACF,EAAS,KAAK,YAAaE,CAAG,CAC5C,EAIAI,EAAQ,UAAU,MAAQ,UAAY,CAClC,KAAK,YAAY,OAAO,CAAC,CAC7B,EAMAA,EAAQ,UAAU,QAAU,SAAUG,EAAUC,EAAK,CAC7CA,IAAQ,SAAUA,EAAM,MAC5B,QAASC,EAAK,EAAGC,EAAK,KAAK,YAAaD,EAAKC,EAAG,OAAQD,IAAM,CAC1D,IAAIP,EAAQQ,EAAGD,GACfF,EAAS,KAAKC,EAAKN,EAAM,GAAIA,EAAM,EAAE,CACzC,CACJ,EACOE,CACX,EAAE,CACN,EAAG,EAKCO,GAAY,OAAO,QAAW,aAAe,OAAO,UAAa,aAAe,OAAO,WAAa,SAGpGC,GAAY,UAAY,CACxB,OAAI,OAAO,QAAW,aAAe,OAAO,OAAS,KAC1C,OAEP,OAAO,MAAS,aAAe,KAAK,OAAS,KACtC,KAEP,OAAO,QAAW,aAAe,OAAO,OAAS,KAC1C,OAGJ,SAAS,aAAa,EAAE,CACnC,EAAG,EAQCC,GAA2B,UAAY,CACvC,OAAI,OAAO,uBAA0B,WAI1B,sBAAsB,KAAKD,EAAQ,EAEvC,SAAUL,EAAU,CAAE,OAAO,WAAW,UAAY,CAAE,OAAOA,EAAS,KAAK,IAAI,CAAC,CAAG,EAAG,IAAO,EAAE,CAAG,CAC7G,EAAG,EAGCO,GAAkB,EAStB,SAASC,GAAUR,EAAUS,EAAO,CAChC,IAAIC,EAAc,GAAOC,EAAe,GAAOC,EAAe,EAO9D,SAASC,GAAiB,CAClBH,IACAA,EAAc,GACdV,EAAS,GAETW,GACAG,EAAM,CAEd,CAQA,SAASC,GAAkB,CACvBT,GAAwBO,CAAc,CAC1C,CAMA,SAASC,GAAQ,CACb,IAAIE,EAAY,KAAK,IAAI,EACzB,GAAIN,EAAa,CAEb,GAAIM,EAAYJ,EAAeL,GAC3B,OAMJI,EAAe,EACnB,MAEID,EAAc,GACdC,EAAe,GACf,WAAWI,EAAiBN,CAAK,EAErCG,EAAeI,CACnB,CACA,OAAOF,CACX,CAGA,IAAIG,GAAgB,GAGhBC,GAAiB,CAAC,MAAO,QAAS,SAAU,OAAQ,QAAS,SAAU,OAAQ,QAAQ,EAEvFC,GAA4B,OAAO,kBAAqB,YAIxDC,GAA0C,UAAY,CAMtD,SAASA,GAA2B,CAMhC,KAAK,WAAa,GAMlB,KAAK,qBAAuB,GAM5B,KAAK,mBAAqB,KAM1B,KAAK,WAAa,CAAC,EACnB,KAAK,iBAAmB,KAAK,iBAAiB,KAAK,IAAI,EACvD,KAAK,QAAUZ,GAAS,KAAK,QAAQ,KAAK,IAAI,EAAGS,EAAa,CAClE,CAOA,OAAAG,EAAyB,UAAU,YAAc,SAAUC,EAAU,CAC5D,CAAC,KAAK,WAAW,QAAQA,CAAQ,GAClC,KAAK,WAAW,KAAKA,CAAQ,EAG5B,KAAK,YACN,KAAK,SAAS,CAEtB,EAOAD,EAAyB,UAAU,eAAiB,SAAUC,EAAU,CACpE,IAAIC,EAAY,KAAK,WACjB1B,EAAQ0B,EAAU,QAAQD,CAAQ,EAElC,CAACzB,GACD0B,EAAU,OAAO1B,EAAO,CAAC,EAGzB,CAAC0B,EAAU,QAAU,KAAK,YAC1B,KAAK,YAAY,CAEzB,EAOAF,EAAyB,UAAU,QAAU,UAAY,CACrD,IAAIG,EAAkB,KAAK,iBAAiB,EAGxCA,GACA,KAAK,QAAQ,CAErB,EASAH,EAAyB,UAAU,iBAAmB,UAAY,CAE9D,IAAII,EAAkB,KAAK,WAAW,OAAO,SAAUH,EAAU,CAC7D,OAAOA,EAAS,aAAa,EAAGA,EAAS,UAAU,CACvD,CAAC,EAMD,OAAAG,EAAgB,QAAQ,SAAUH,EAAU,CAAE,OAAOA,EAAS,gBAAgB,CAAG,CAAC,EAC3EG,EAAgB,OAAS,CACpC,EAOAJ,EAAyB,UAAU,SAAW,UAAY,CAGlD,CAAChB,IAAa,KAAK,aAMvB,SAAS,iBAAiB,gBAAiB,KAAK,gBAAgB,EAChE,OAAO,iBAAiB,SAAU,KAAK,OAAO,EAC1Ce,IACA,KAAK,mBAAqB,IAAI,iBAAiB,KAAK,OAAO,EAC3D,KAAK,mBAAmB,QAAQ,SAAU,CACtC,WAAY,GACZ,UAAW,GACX,cAAe,GACf,QAAS,EACb,CAAC,IAGD,SAAS,iBAAiB,qBAAsB,KAAK,OAAO,EAC5D,KAAK,qBAAuB,IAEhC,KAAK,WAAa,GACtB,EAOAC,EAAyB,UAAU,YAAc,UAAY,CAGrD,CAAChB,IAAa,CAAC,KAAK,aAGxB,SAAS,oBAAoB,gBAAiB,KAAK,gBAAgB,EACnE,OAAO,oBAAoB,SAAU,KAAK,OAAO,EAC7C,KAAK,oBACL,KAAK,mBAAmB,WAAW,EAEnC,KAAK,sBACL,SAAS,oBAAoB,qBAAsB,KAAK,OAAO,EAEnE,KAAK,mBAAqB,KAC1B,KAAK,qBAAuB,GAC5B,KAAK,WAAa,GACtB,EAQAgB,EAAyB,UAAU,iBAAmB,SAAUjB,EAAI,CAChE,IAAIsB,EAAKtB,EAAG,aAAcuB,EAAeD,IAAO,OAAS,GAAKA,EAE1DE,EAAmBT,GAAe,KAAK,SAAUzB,EAAK,CACtD,MAAO,CAAC,CAAC,CAACiC,EAAa,QAAQjC,CAAG,CACtC,CAAC,EACGkC,GACA,KAAK,QAAQ,CAErB,EAMAP,EAAyB,YAAc,UAAY,CAC/C,OAAK,KAAK,YACN,KAAK,UAAY,IAAIA,GAElB,KAAK,SAChB,EAMAA,EAAyB,UAAY,KAC9BA,CACX,EAAE,EASEQ,GAAsB,SAAUC,EAAQC,EAAO,CAC/C,QAAS5B,EAAK,EAAGC,EAAK,OAAO,KAAK2B,CAAK,EAAG5B,EAAKC,EAAG,OAAQD,IAAM,CAC5D,IAAIT,EAAMU,EAAGD,GACb,OAAO,eAAe2B,EAAQpC,EAAK,CAC/B,MAAOqC,EAAMrC,GACb,WAAY,GACZ,SAAU,GACV,aAAc,EAClB,CAAC,CACL,CACA,OAAOoC,CACX,EAQIE,GAAe,SAAUF,EAAQ,CAIjC,IAAIG,EAAcH,GAAUA,EAAO,eAAiBA,EAAO,cAAc,YAGzE,OAAOG,GAAe3B,EAC1B,EAGI4B,GAAYC,GAAe,EAAG,EAAG,EAAG,CAAC,EAOzC,SAASC,GAAQrC,EAAO,CACpB,OAAO,WAAWA,CAAK,GAAK,CAChC,CAQA,SAASsC,GAAeC,EAAQ,CAE5B,QADIC,EAAY,CAAC,EACRpC,EAAK,EAAGA,EAAK,UAAU,OAAQA,IACpCoC,EAAUpC,EAAK,GAAK,UAAUA,GAElC,OAAOoC,EAAU,OAAO,SAAUC,EAAMC,EAAU,CAC9C,IAAI1C,EAAQuC,EAAO,UAAYG,EAAW,UAC1C,OAAOD,EAAOJ,GAAQrC,CAAK,CAC/B,EAAG,CAAC,CACR,CAOA,SAAS2C,GAAYJ,EAAQ,CAGzB,QAFIC,EAAY,CAAC,MAAO,QAAS,SAAU,MAAM,EAC7CI,EAAW,CAAC,EACPxC,EAAK,EAAGyC,EAAcL,EAAWpC,EAAKyC,EAAY,OAAQzC,IAAM,CACrE,IAAIsC,EAAWG,EAAYzC,GACvBJ,EAAQuC,EAAO,WAAaG,GAChCE,EAASF,GAAYL,GAAQrC,CAAK,CACtC,CACA,OAAO4C,CACX,CAQA,SAASE,GAAkBf,EAAQ,CAC/B,IAAIgB,EAAOhB,EAAO,QAAQ,EAC1B,OAAOK,GAAe,EAAG,EAAGW,EAAK,MAAOA,EAAK,MAAM,CACvD,CAOA,SAASC,GAA0BjB,EAAQ,CAGvC,IAAIkB,EAAclB,EAAO,YAAamB,EAAenB,EAAO,aAS5D,GAAI,CAACkB,GAAe,CAACC,EACjB,OAAOf,GAEX,IAAII,EAASN,GAAYF,CAAM,EAAE,iBAAiBA,CAAM,EACpDa,EAAWD,GAAYJ,CAAM,EAC7BY,EAAWP,EAAS,KAAOA,EAAS,MACpCQ,EAAUR,EAAS,IAAMA,EAAS,OAKlCS,EAAQhB,GAAQE,EAAO,KAAK,EAAGe,EAASjB,GAAQE,EAAO,MAAM,EAqBjE,GAlBIA,EAAO,YAAc,eAOjB,KAAK,MAAMc,EAAQF,CAAQ,IAAMF,IACjCI,GAASf,GAAeC,EAAQ,OAAQ,OAAO,EAAIY,GAEnD,KAAK,MAAMG,EAASF,CAAO,IAAMF,IACjCI,GAAUhB,GAAeC,EAAQ,MAAO,QAAQ,EAAIa,IAOxD,CAACG,GAAkBxB,CAAM,EAAG,CAK5B,IAAIyB,EAAgB,KAAK,MAAMH,EAAQF,CAAQ,EAAIF,EAC/CQ,EAAiB,KAAK,MAAMH,EAASF,CAAO,EAAIF,EAMhD,KAAK,IAAIM,CAAa,IAAM,IAC5BH,GAASG,GAET,KAAK,IAAIC,CAAc,IAAM,IAC7BH,GAAUG,EAElB,CACA,OAAOrB,GAAeQ,EAAS,KAAMA,EAAS,IAAKS,EAAOC,CAAM,CACpE,CAOA,IAAII,GAAwB,UAAY,CAGpC,OAAI,OAAO,oBAAuB,YACvB,SAAU3B,EAAQ,CAAE,OAAOA,aAAkBE,GAAYF,CAAM,EAAE,kBAAoB,EAKzF,SAAUA,EAAQ,CAAE,OAAQA,aAAkBE,GAAYF,CAAM,EAAE,YACrE,OAAOA,EAAO,SAAY,UAAa,CAC/C,EAAG,EAOH,SAASwB,GAAkBxB,EAAQ,CAC/B,OAAOA,IAAWE,GAAYF,CAAM,EAAE,SAAS,eACnD,CAOA,SAAS4B,GAAe5B,EAAQ,CAC5B,OAAKzB,GAGDoD,GAAqB3B,CAAM,EACpBe,GAAkBf,CAAM,EAE5BiB,GAA0BjB,CAAM,EAL5BI,EAMf,CAQA,SAASyB,GAAmBvD,EAAI,CAC5B,IAAIwD,EAAIxD,EAAG,EAAGyD,EAAIzD,EAAG,EAAGgD,EAAQhD,EAAG,MAAOiD,EAASjD,EAAG,OAElD0D,EAAS,OAAO,iBAAoB,YAAc,gBAAkB,OACpEC,EAAO,OAAO,OAAOD,EAAO,SAAS,EAEzC,OAAAjC,GAAmBkC,EAAM,CACrB,EAAGH,EAAG,EAAGC,EAAG,MAAOT,EAAO,OAAQC,EAClC,IAAKQ,EACL,MAAOD,EAAIR,EACX,OAAQC,EAASQ,EACjB,KAAMD,CACV,CAAC,EACMG,CACX,CAWA,SAAS5B,GAAeyB,EAAGC,EAAGT,EAAOC,EAAQ,CACzC,MAAO,CAAE,EAAGO,EAAG,EAAGC,EAAG,MAAOT,EAAO,OAAQC,CAAO,CACtD,CAMA,IAAIW,GAAmC,UAAY,CAM/C,SAASA,EAAkBlC,EAAQ,CAM/B,KAAK,eAAiB,EAMtB,KAAK,gBAAkB,EAMvB,KAAK,aAAeK,GAAe,EAAG,EAAG,EAAG,CAAC,EAC7C,KAAK,OAASL,CAClB,CAOA,OAAAkC,EAAkB,UAAU,SAAW,UAAY,CAC/C,IAAID,EAAOL,GAAe,KAAK,MAAM,EACrC,YAAK,aAAeK,EACZA,EAAK,QAAU,KAAK,gBACxBA,EAAK,SAAW,KAAK,eAC7B,EAOAC,EAAkB,UAAU,cAAgB,UAAY,CACpD,IAAID,EAAO,KAAK,aAChB,YAAK,eAAiBA,EAAK,MAC3B,KAAK,gBAAkBA,EAAK,OACrBA,CACX,EACOC,CACX,EAAE,EAEEC,GAAqC,UAAY,CAOjD,SAASA,EAAoBnC,EAAQoC,EAAU,CAC3C,IAAIC,EAAcR,GAAmBO,CAAQ,EAO7CrC,GAAmB,KAAM,CAAE,OAAQC,EAAQ,YAAaqC,CAAY,CAAC,CACzE,CACA,OAAOF,CACX,EAAE,EAEEG,GAAmC,UAAY,CAW/C,SAASA,EAAkBnE,EAAUoE,EAAYC,EAAa,CAc1D,GAPA,KAAK,oBAAsB,CAAC,EAM5B,KAAK,cAAgB,IAAI/E,GACrB,OAAOU,GAAa,WACpB,MAAM,IAAI,UAAU,yDAAyD,EAEjF,KAAK,UAAYA,EACjB,KAAK,YAAcoE,EACnB,KAAK,aAAeC,CACxB,CAOA,OAAAF,EAAkB,UAAU,QAAU,SAAUtC,EAAQ,CACpD,GAAI,CAAC,UAAU,OACX,MAAM,IAAI,UAAU,0CAA0C,EAGlE,GAAI,SAAO,SAAY,aAAe,EAAE,mBAAmB,SAG3D,IAAI,EAAEA,aAAkBE,GAAYF,CAAM,EAAE,SACxC,MAAM,IAAI,UAAU,uCAAuC,EAE/D,IAAIyC,EAAe,KAAK,cAEpBA,EAAa,IAAIzC,CAAM,IAG3ByC,EAAa,IAAIzC,EAAQ,IAAIkC,GAAkBlC,CAAM,CAAC,EACtD,KAAK,YAAY,YAAY,IAAI,EAEjC,KAAK,YAAY,QAAQ,GAC7B,EAOAsC,EAAkB,UAAU,UAAY,SAAUtC,EAAQ,CACtD,GAAI,CAAC,UAAU,OACX,MAAM,IAAI,UAAU,0CAA0C,EAGlE,GAAI,SAAO,SAAY,aAAe,EAAE,mBAAmB,SAG3D,IAAI,EAAEA,aAAkBE,GAAYF,CAAM,EAAE,SACxC,MAAM,IAAI,UAAU,uCAAuC,EAE/D,IAAIyC,EAAe,KAAK,cAEpB,CAACA,EAAa,IAAIzC,CAAM,IAG5ByC,EAAa,OAAOzC,CAAM,EACrByC,EAAa,MACd,KAAK,YAAY,eAAe,IAAI,GAE5C,EAMAH,EAAkB,UAAU,WAAa,UAAY,CACjD,KAAK,YAAY,EACjB,KAAK,cAAc,MAAM,EACzB,KAAK,YAAY,eAAe,IAAI,CACxC,EAOAA,EAAkB,UAAU,aAAe,UAAY,CACnD,IAAII,EAAQ,KACZ,KAAK,YAAY,EACjB,KAAK,cAAc,QAAQ,SAAUC,EAAa,CAC1CA,EAAY,SAAS,GACrBD,EAAM,oBAAoB,KAAKC,CAAW,CAElD,CAAC,CACL,EAOAL,EAAkB,UAAU,gBAAkB,UAAY,CAEtD,GAAI,EAAC,KAAK,UAAU,EAGpB,KAAIlE,EAAM,KAAK,aAEXF,EAAU,KAAK,oBAAoB,IAAI,SAAUyE,EAAa,CAC9D,OAAO,IAAIR,GAAoBQ,EAAY,OAAQA,EAAY,cAAc,CAAC,CAClF,CAAC,EACD,KAAK,UAAU,KAAKvE,EAAKF,EAASE,CAAG,EACrC,KAAK,YAAY,EACrB,EAMAkE,EAAkB,UAAU,YAAc,UAAY,CAClD,KAAK,oBAAoB,OAAO,CAAC,CACrC,EAMAA,EAAkB,UAAU,UAAY,UAAY,CAChD,OAAO,KAAK,oBAAoB,OAAS,CAC7C,EACOA,CACX,EAAE,EAKE7C,GAAY,OAAO,SAAY,YAAc,IAAI,QAAY,IAAIhC,GAKjEmF,GAAgC,UAAY,CAO5C,SAASA,EAAezE,EAAU,CAC9B,GAAI,EAAE,gBAAgByE,GAClB,MAAM,IAAI,UAAU,oCAAoC,EAE5D,GAAI,CAAC,UAAU,OACX,MAAM,IAAI,UAAU,0CAA0C,EAElE,IAAIL,EAAahD,GAAyB,YAAY,EAClDC,EAAW,IAAI8C,GAAkBnE,EAAUoE,EAAY,IAAI,EAC/D9C,GAAU,IAAI,KAAMD,CAAQ,CAChC,CACA,OAAOoD,CACX,EAAE,EAEF,CACI,UACA,YACA,YACJ,EAAE,QAAQ,SAAUC,EAAQ,CACxBD,GAAe,UAAUC,GAAU,UAAY,CAC3C,IAAIvE,EACJ,OAAQA,EAAKmB,GAAU,IAAI,IAAI,GAAGoD,GAAQ,MAAMvE,EAAI,SAAS,CACjE,CACJ,CAAC,EAED,IAAIP,GAAS,UAAY,CAErB,OAAI,OAAOS,GAAS,gBAAmB,YAC5BA,GAAS,eAEboE,EACX,EAAG,EAEIE,GAAQ/E,GCr2Bf,IAAMgF,GAAS,IAAIC,EAYbC,GAAYC,EAAM,IAAMC,EAC5B,IAAIC,GAAeC,GAAW,CAC5B,QAAWC,KAASD,EAClBN,GAAO,KAAKO,CAAK,CACrB,CAAC,CACH,CAAC,EACE,KACCC,EAAUC,GAAYC,EAAMC,GAAOP,EAAGK,CAAQ,CAAC,EAC5C,KACCG,EAAS,IAAMH,EAAS,WAAW,CAAC,CACtC,CACF,EACAI,EAAY,CAAC,CACf,EAaK,SAASC,GACdC,EACa,CACb,MAAO,CACL,MAAQA,EAAG,YACX,OAAQA,EAAG,YACb,CACF,CAuBO,SAASC,GACdD,EACyB,CACzB,OAAOb,GACJ,KACCe,EAAIR,GAAYA,EAAS,QAAQM,CAAE,CAAC,EACpCP,EAAUC,GAAYT,GACnB,KACCkB,EAAO,CAAC,CAAE,OAAAC,CAAO,IAAMA,IAAWJ,CAAE,EACpCH,EAAS,IAAMH,EAAS,UAAUM,CAAE,CAAC,EACrCK,EAAI,IAAMN,GAAeC,CAAE,CAAC,CAC9B,CACF,EACAM,EAAUP,GAAeC,CAAE,CAAC,CAC9B,CACJ,CC1GO,SAASO,GACdC,EACa,CACb,MAAO,CACL,MAAQA,EAAG,YACX,OAAQA,EAAG,YACb,CACF,CASO,SAASC,GACdD,EACyB,CACzB,IAAIE,EAASF,EAAG,cAChB,KAAOE,IAEHF,EAAG,aAAeE,EAAO,aACzBF,EAAG,cAAgBE,EAAO,eAE1BA,GAAUF,EAAKE,GAAQ,cAK3B,OAAOA,EAASF,EAAK,MACvB,CCfA,IAAMG,GAAS,IAAIC,EAUbC,GAAYC,EAAM,IAAMC,EAC5B,IAAI,qBAAqBC,GAAW,CAClC,QAAWC,KAASD,EAClBL,GAAO,KAAKM,CAAK,CACrB,EAAG,CACD,UAAW,CACb,CAAC,CACH,CAAC,EACE,KACCC,EAAUC,GAAYC,EAAMC,GAAON,EAAGI,CAAQ,CAAC,EAC5C,KACCG,EAAS,IAAMH,EAAS,WAAW,CAAC,CACtC,CACF,EACAI,EAAY,CAAC,CACf,EAaK,SAASC,GACdC,EACqB,CACrB,OAAOZ,GACJ,KACCa,EAAIP,GAAYA,EAAS,QAAQM,CAAE,CAAC,EACpCP,EAAUC,GAAYR,GACnB,KACCgB,EAAO,CAAC,CAAE,OAAAC,CAAO,IAAMA,IAAWH,CAAE,EACpCH,EAAS,IAAMH,EAAS,UAAUM,CAAE,CAAC,EACrCI,EAAI,CAAC,CAAE,eAAAC,CAAe,IAAMA,CAAc,CAC5C,CACF,CACF,CACJ,CAaO,SAASC,GACdN,EAAiBO,EAAY,GACR,CACrB,OAAOC,GAA0BR,CAAE,EAChC,KACCI,EAAI,CAAC,CAAE,EAAAK,CAAE,IAAM,CACb,IAAMC,EAAUC,GAAeX,CAAE,EAC3BY,EAAUC,GAAsBb,CAAE,EACxC,OAAOS,GACLG,EAAQ,OAASF,EAAQ,OAASH,CAEtC,CAAC,EACDO,EAAqB,CACvB,CACJ,CCjFA,IAAMC,GAA4C,CAChD,OAAQC,EAAW,yBAAyB,EAC5C,OAAQA,EAAW,yBAAyB,CAC9C,EAaO,SAASC,GAAUC,EAAuB,CAC/C,OAAOH,GAAQG,GAAM,OACvB,CAaO,SAASC,GAAUD,EAAcE,EAAsB,CACxDL,GAAQG,GAAM,UAAYE,GAC5BL,GAAQG,GAAM,MAAM,CACxB,CAWO,SAASG,GAAYH,EAAmC,CAC7D,IAAMI,EAAKP,GAAQG,GACnB,OAAOK,EAAUD,EAAI,QAAQ,EAC1B,KACCE,EAAI,IAAMF,EAAG,OAAO,EACpBG,EAAUH,EAAG,OAAO,CACtB,CACJ,CClCA,SAASI,GACPC,EAAiBC,EACR,CACT,OAAQD,EAAG,YAAa,CAGtB,KAAK,iBAEH,OAAIA,EAAG,OAAS,QACP,SAAS,KAAKC,CAAI,EAElB,GAGX,KAAK,kBACL,KAAK,oBACH,MAAO,GAGT,QACE,OAAOD,EAAG,iBACd,CACF,CAWO,SAASE,IAAsC,CACpD,OAAOC,EAAyB,OAAQ,SAAS,EAC9C,KACCC,EAAOC,GAAM,EAAEA,EAAG,SAAWA,EAAG,QAAQ,EACxCC,EAAID,IAAO,CACT,KAAME,GAAU,QAAQ,EAAI,SAAW,SACvC,KAAMF,EAAG,IACT,OAAQ,CACNA,EAAG,eAAe,EAClBA,EAAG,gBAAgB,CACrB,CACF,EAAc,EACdD,EAAO,CAAC,CAAE,KAAAI,EAAM,KAAAP,CAAK,IAAM,CACzB,GAAIO,IAAS,SAAU,CACrB,IAAMC,EAASC,GAAiB,EAChC,GAAI,OAAOD,GAAW,YACpB,MAAO,CAACV,GAAwBU,EAAQR,CAAI,CAChD,CACA,MAAO,EACT,CAAC,EACDU,GAAM,CACR,CACJ,CCpFO,SAASC,IAAmB,CACjC,OAAO,IAAI,IAAI,SAAS,IAAI,CAC9B,CAOO,SAASC,GAAYC,EAAgB,CAC1C,SAAS,KAAOA,EAAI,IACtB,CASO,SAASC,IAA8B,CAC5C,OAAO,IAAIC,CACb,CCLA,SAASC,GAAYC,EAAiBC,EAA8B,CAGlE,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAChDD,EAAG,WAAaC,EAAM,SAAS,UAGtBA,aAAiB,KAC1BD,EAAG,YAAYC,CAAK,UAGX,MAAM,QAAQA,CAAK,EAC5B,QAAWC,KAAQD,EACjBF,GAAYC,EAAIE,CAAI,CAE1B,CAyBO,SAASC,EACdC,EAAaC,KAAmCC,EAC7C,CACH,IAAMN,EAAK,SAAS,cAAcI,CAAG,EAGrC,GAAIC,EACF,QAAWE,KAAQ,OAAO,KAAKF,CAAU,EACnC,OAAOA,EAAWE,IAAU,cAI5B,OAAOF,EAAWE,IAAU,UAC9BP,EAAG,aAAaO,EAAMF,EAAWE,EAAK,EAEtCP,EAAG,aAAaO,EAAM,EAAE,GAI9B,QAAWN,KAASK,EAClBP,GAAYC,EAAIC,CAAK,EAGvB,OAAOD,CACT,CChFO,SAASQ,GAASC,EAAeC,EAAmB,CACzD,IAAIC,EAAID,EACR,GAAID,EAAM,OAASE,EAAG,CACpB,KAAOF,EAAME,KAAO,KAAO,EAAEA,EAAI,GAAG,CACpC,MAAO,GAAGF,EAAM,UAAU,EAAGE,CAAC,MAChC,CACA,OAAOF,CACT,CAkBO,SAASG,GAAMH,EAAuB,CAC3C,GAAIA,EAAQ,IAAK,CACf,IAAMI,EAAS,GAAGJ,EAAQ,KAAO,IAAO,IACxC,MAAO,KAAKA,EAAQ,MAAY,KAAM,QAAQI,CAAM,IACtD,KACE,QAAOJ,EAAM,SAAS,CAE1B,CC5BO,SAASK,IAA0B,CACxC,OAAO,SAAS,KAAK,UAAU,CAAC,CAClC,CAYO,SAASC,GAAgBC,EAAoB,CAClD,IAAMC,EAAKC,EAAE,IAAK,CAAE,KAAMF,CAAK,CAAC,EAChCC,EAAG,iBAAiB,QAASE,GAAMA,EAAG,gBAAgB,CAAC,EACvDF,EAAG,MAAM,CACX,CASO,SAASG,IAAwC,CACtD,OAAOC,EAA2B,OAAQ,YAAY,EACnD,KACCC,EAAIR,EAAe,EACnBS,EAAUT,GAAgB,CAAC,EAC3BU,EAAOR,GAAQA,EAAK,OAAS,CAAC,EAC9BS,EAAY,CAAC,CACf,CACJ,CAOO,SAASC,IAA+C,CAC7D,OAAON,GAAkB,EACtB,KACCE,EAAIK,GAAMC,GAAmB,QAAQD,KAAM,CAAE,EAC7CH,EAAOP,GAAM,OAAOA,GAAO,WAAW,CACxC,CACJ,CC1CO,SAASY,GAAWC,EAAoC,CAC7D,IAAMC,EAAQ,WAAWD,CAAK,EAC9B,OAAOE,GAA0BC,GAC/BF,EAAM,YAAY,IAAME,EAAKF,EAAM,OAAO,CAAC,CAC5C,EACE,KACCG,EAAUH,EAAM,OAAO,CACzB,CACJ,CAOO,SAASI,IAAkC,CAChD,IAAMJ,EAAQ,WAAW,OAAO,EAChC,OAAOK,EACLC,EAAU,OAAQ,aAAa,EAAE,KAAKC,EAAI,IAAM,EAAI,CAAC,EACrDD,EAAU,OAAQ,YAAY,EAAE,KAAKC,EAAI,IAAM,EAAK,CAAC,CACvD,EACG,KACCJ,EAAUH,EAAM,OAAO,CACzB,CACJ,CAcO,SAASQ,GACdC,EAA6BC,EACd,CACf,OAAOD,EACJ,KACCE,EAAUC,GAAUA,EAASF,EAAQ,EAAIG,CAAK,CAChD,CACJ,CC7CO,SAASC,GACdC,EAAmBC,EAAuB,CAAE,YAAa,aAAc,EACjD,CACtB,OAAOC,GAAK,MAAM,GAAGF,IAAOC,CAAO,CAAC,EACjC,KACCE,GAAW,IAAMC,CAAK,EACtBC,EAAUC,GAAOA,EAAI,SAAW,IAC5BC,GAAW,IAAM,IAAI,MAAMD,EAAI,UAAU,CAAC,EAC1CE,EAAGF,CAAG,CACV,CACF,CACJ,CAYO,SAASG,GACdT,EAAmBC,EACJ,CACf,OAAOF,GAAQC,EAAKC,CAAO,EACxB,KACCI,EAAUC,GAAOA,EAAI,KAAK,CAAC,EAC3BI,EAAY,CAAC,CACf,CACJ,CAUO,SAASC,GACdX,EAAmBC,EACG,CACtB,IAAMW,EAAM,IAAI,UAChB,OAAOb,GAAQC,EAAKC,CAAO,EACxB,KACCI,EAAUC,GAAOA,EAAI,KAAK,CAAC,EAC3BO,EAAIP,GAAOM,EAAI,gBAAgBN,EAAK,UAAU,CAAC,EAC/CI,EAAY,CAAC,CACf,CACJ,CClDO,SAASI,GAAYC,EAA+B,CACzD,IAAMC,EAASC,EAAE,SAAU,CAAE,IAAAF,CAAI,CAAC,EAClC,OAAOG,EAAM,KACX,SAAS,KAAK,YAAYF,CAAM,EACzBG,EACLC,EAAUJ,EAAQ,MAAM,EACxBI,EAAUJ,EAAQ,OAAO,EACtB,KACCK,EAAU,IACRC,GAAW,IAAM,IAAI,eAAe,mBAAmBP,GAAK,CAAC,CAC9D,CACH,CACJ,EACG,KACCQ,EAAI,IAAG,EAAY,EACnBC,EAAS,IAAM,SAAS,KAAK,YAAYR,CAAM,CAAC,EAChDS,GAAK,CAAC,CACR,EACH,CACH,CCfO,SAASC,IAAoC,CAClD,MAAO,CACL,EAAG,KAAK,IAAI,EAAG,OAAO,EACtB,EAAG,KAAK,IAAI,EAAG,OAAO,CACxB,CACF,CASO,SAASC,IAAkD,CAChE,OAAOC,EACLC,EAAU,OAAQ,SAAU,CAAE,QAAS,EAAK,CAAC,EAC7CA,EAAU,OAAQ,SAAU,CAAE,QAAS,EAAK,CAAC,CAC/C,EACG,KACCC,EAAIJ,EAAiB,EACrBK,EAAUL,GAAkB,CAAC,CAC/B,CACJ,CC3BO,SAASM,IAAgC,CAC9C,MAAO,CACL,MAAQ,WACR,OAAQ,WACV,CACF,CASO,SAASC,IAA8C,CAC5D,OAAOC,EAAU,OAAQ,SAAU,CAAE,QAAS,EAAK,CAAC,EACjD,KACCC,EAAIH,EAAe,EACnBI,EAAUJ,GAAgB,CAAC,CAC7B,CACJ,CCXO,SAASK,IAAsC,CACpD,OAAOC,EAAc,CACnBC,GAAoB,EACpBC,GAAkB,CACpB,CAAC,EACE,KACCC,EAAI,CAAC,CAACC,EAAQC,CAAI,KAAO,CAAE,OAAAD,EAAQ,KAAAC,CAAK,EAAE,EAC1CC,EAAY,CAAC,CACf,CACJ,CCVO,SAASC,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EAChB,CACtB,IAAMC,EAAQF,EACX,KACCG,EAAwB,MAAM,CAChC,EAGIC,EAAUC,EAAc,CAACH,EAAOD,CAAO,CAAC,EAC3C,KACCK,EAAI,IAAMC,GAAiBR,CAAE,CAAC,CAChC,EAGF,OAAOM,EAAc,CAACJ,EAASD,EAAWI,CAAO,CAAC,EAC/C,KACCE,EAAI,CAAC,CAAC,CAAE,OAAAE,CAAO,EAAG,CAAE,OAAAC,EAAQ,KAAAC,CAAK,EAAG,CAAE,EAAAC,EAAG,EAAAC,CAAE,CAAC,KAAO,CACjD,OAAQ,CACN,EAAGH,EAAO,EAAIE,EACd,EAAGF,EAAO,EAAIG,EAAIJ,CACpB,EACA,KAAAE,CACF,EAAE,CACJ,CACJ,CCIO,SAASG,GACdC,EAAgB,CAAE,IAAAC,CAAI,EACP,CAGf,IAAMC,EAAMC,EAAwBH,EAAQ,SAAS,EAClD,KACCI,EAAI,CAAC,CAAE,KAAAC,CAAK,IAAMA,CAAS,CAC7B,EAGF,OAAOJ,EACJ,KACCK,GAAS,IAAMJ,EAAK,CAAE,QAAS,GAAM,SAAU,EAAK,CAAC,EACrDK,EAAIC,GAAWR,EAAO,YAAYQ,CAAO,CAAC,EAC1CC,EAAU,IAAMP,CAAG,EACnBQ,GAAM,CACR,CACJ,CCCA,IAAMC,GAASC,EAAW,WAAW,EAC/BC,GAAiB,KAAK,MAAMF,GAAO,WAAY,EACrDE,GAAO,KAAO,GAAG,IAAI,IAAIA,GAAO,KAAMC,GAAY,CAAC,IAW5C,SAASC,IAAwB,CACtC,OAAOF,EACT,CASO,SAASG,EAAQC,EAAqB,CAC3C,OAAOJ,GAAO,SAAS,SAASI,CAAI,CACtC,CAUO,SAASC,GACdC,EAAkBC,EACV,CACR,OAAO,OAAOA,GAAU,YACpBP,GAAO,aAAaM,GAAK,QAAQ,IAAKC,EAAM,SAAS,CAAC,EACtDP,GAAO,aAAaM,EAC1B,CCjCO,SAASE,GACdC,EAASC,EAAmB,SACP,CACrB,OAAOC,EAAW,sBAAsBF,KAASC,CAAI,CACvD,CAYO,SAASE,GACdH,EAASC,EAAmB,SACL,CACvB,OAAOG,EAAY,sBAAsBJ,KAASC,CAAI,CACxD,CC1EO,SAASI,GACdC,EACsB,CACtB,IAAMC,EAASC,EAAW,6BAA8BF,CAAE,EAC1D,OAAOG,EAAUF,EAAQ,QAAS,CAAE,KAAM,EAAK,CAAC,EAC7C,KACCG,EAAI,IAAMF,EAAW,cAAeF,CAAE,CAAC,EACvCI,EAAIC,IAAY,CAAE,KAAM,UAAUA,EAAQ,SAAS,CAAE,EAAE,CACzD,CACJ,CASO,SAASC,GACdN,EACiC,CACjC,MAAI,CAACO,EAAQ,kBAAkB,GAAK,CAACP,EAAG,kBAC/BQ,EAGFC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EACG,KACCE,EAAU,CAAE,KAAM,SAAiB,YAAY,CAAE,CAAC,CACpD,EACG,UAAU,CAAC,CAAE,KAAAC,CAAK,IAAM,CA5FjC,IAAAC,EA6FcD,GAAQA,MAAUC,EAAA,SAAiB,YAAY,IAA7B,KAAAA,EAAkCD,KACtDb,EAAG,OAAS,GAGZ,SAAiB,aAAca,CAAI,EAEvC,CAAC,EAGEd,GAAcC,CAAE,EACpB,KACCe,EAAIC,GAASN,EAAM,KAAKM,CAAK,CAAC,EAC9BC,EAAS,IAAMP,EAAM,SAAS,CAAC,EAC/BN,EAAIY,GAAUE,EAAA,CAAE,IAAKlB,GAAOgB,EAAQ,CACtC,CACJ,CAAC,CACH,CC5BO,SAASG,GACdC,EAAiB,CAAE,QAAAC,CAAQ,EACN,CACrB,OAAOA,EACJ,KACCC,EAAIC,IAAW,CAAE,OAAQA,IAAWH,CAAG,EAAE,CAC3C,CACJ,CAYO,SAASI,GACdJ,EAAiBK,EACe,CAChC,IAAMC,EAAY,IAAIC,EACtB,OAAAD,EAAU,UAAU,CAAC,CAAE,OAAAE,CAAO,IAAM,CAClCR,EAAG,OAASQ,CACd,CAAC,EAGMT,GAAaC,EAAIK,CAAO,EAC5B,KACCI,EAAIC,GAASJ,EAAU,KAAKI,CAAK,CAAC,EAClCC,EAAS,IAAML,EAAU,SAAS,CAAC,EACnCJ,EAAIQ,GAAUE,EAAA,CAAE,IAAKZ,GAAOU,EAAQ,CACtC,CACJ,CC7FA,IAAAG,GAAwB,SCajB,SAASC,GAAcC,EAA0B,CACtD,OACEC,EAAC,OAAI,MAAM,aAAa,GAAID,GAC1BC,EAAC,OAAI,MAAM,+BAA+B,CAC5C,CAEJ,CCHO,SAASC,GACdC,EAAqBC,EACR,CAIb,GAHAA,EAASA,EAAS,GAAGA,gBAAqBD,IAAO,OAG7CC,EAAQ,CACV,IAAMC,EAASD,EAAS,IAAIA,IAAW,OACvC,OACEE,EAAC,SAAM,MAAM,gBAAgB,SAAU,GACpCC,GAAcH,CAAM,EACrBE,EAAC,KAAE,KAAMD,EAAQ,MAAM,uBAAuB,SAAU,IACtDC,EAAC,QAAK,wBAAuBH,EAAI,CACnC,CACF,CAEJ,KACE,QACEG,EAAC,SAAM,MAAM,gBAAgB,SAAU,GACpCC,GAAcH,CAAM,EACrBE,EAAC,QAAK,MAAM,uBAAuB,SAAU,IAC3CA,EAAC,QAAK,wBAAuBH,EAAI,CACnC,CACF,CAGN,CC5BO,SAASK,GAAsBC,EAAyB,CAC7D,OACEC,EAAC,UACC,MAAM,uBACN,MAAOC,GAAY,gBAAgB,EACnC,wBAAuB,IAAIF,WAC5B,CAEL,CCYA,SAASG,GACPC,EAA2CC,EAC9B,CACb,IAAMC,EAASD,EAAO,EAChBE,EAASF,EAAO,EAGhBG,EAAU,OAAO,KAAKJ,EAAS,KAAK,EACvC,OAAOK,GAAO,CAACL,EAAS,MAAMK,EAAI,EAClC,OAAyB,CAACC,EAAMD,IAAQ,CACvC,GAAGC,EAAMC,EAAC,WAAKF,CAAI,EAAQ,GAC7B,EAAG,CAAC,CAAC,EACJ,MAAM,EAAG,EAAE,EAGRG,EAAM,IAAI,IAAIR,EAAS,QAAQ,EACjCS,EAAQ,kBAAkB,GAC5BD,EAAI,aAAa,IAAI,IAAK,OAAO,QAAQR,EAAS,KAAK,EACpD,OAAO,CAAC,CAAC,CAAEU,CAAK,IAAMA,CAAK,EAC3B,OAAO,CAACC,EAAW,CAACC,CAAK,IAAM,GAAGD,KAAaC,IAAQ,KAAK,EAAG,EAAE,CACpE,EAGF,GAAM,CAAE,KAAAC,CAAK,EAAIC,GAAc,EAC/B,OACEP,EAAC,KAAE,KAAM,GAAGC,IAAO,MAAM,yBAAyB,SAAU,IAC1DD,EAAC,WACC,MAAO,CAAC,4BAA6B,GAAGL,EACpC,CAAC,qCAAqC,EACtC,CAAC,CACL,EAAE,KAAK,GAAG,EACV,gBAAeF,EAAS,MAAM,QAAQ,CAAC,GAEtCE,EAAS,GAAKK,EAAC,OAAI,MAAM,iCAAiC,EAC3DA,EAAC,MAAG,MAAM,2BAA2BP,EAAS,KAAM,EACnDG,EAAS,GAAKH,EAAS,KAAK,OAAS,GACpCO,EAAC,KAAE,MAAM,4BACNQ,GAASf,EAAS,KAAM,GAAG,CAC9B,EAEDA,EAAS,MACRO,EAAC,OAAI,MAAM,cACRP,EAAS,KAAK,IAAIgB,GAAO,CACxB,IAAMC,EAAKD,EAAI,QAAQ,WAAY,EAAE,EAC/BE,EAAOL,EACTI,KAAMJ,EACJ,4BAA4BA,EAAKI,KACjC,cACF,GACJ,OACEV,EAAC,QAAK,MAAO,UAAUW,KAASF,CAAI,CAExC,CAAC,CACH,EAEDb,EAAS,GAAKC,EAAQ,OAAS,GAC9BG,EAAC,KAAE,MAAM,2BACNY,GAAY,4BAA4B,EAAE,KAAG,GAAGf,CACnD,CAEJ,CACF,CAEJ,CAaO,SAASgB,GACdC,EACa,CACb,IAAMC,EAAYD,EAAO,GAAG,MACtBE,EAAO,CAAC,GAAGF,CAAM,EAGjBnB,EAASqB,EAAK,UAAUC,GAAO,CAACA,EAAI,SAAS,SAAS,GAAG,CAAC,EAC1D,CAACC,CAAO,EAAIF,EAAK,OAAOrB,EAAQ,CAAC,EAGnCwB,EAAQH,EAAK,UAAUC,GAAOA,EAAI,MAAQF,CAAS,EACnDI,IAAU,KACZA,EAAQH,EAAK,QAGf,IAAMI,EAAOJ,EAAK,MAAM,EAAGG,CAAK,EAC1BE,EAAOL,EAAK,MAAMG,CAAK,EAGvBG,EAAW,CACf9B,GAAqB0B,EAAS,EAAc,EAAE,CAACvB,GAAUwB,IAAU,EAAE,EACrE,GAAGC,EAAK,IAAIG,GAAW/B,GAAqB+B,EAAS,CAAW,CAAC,EACjE,GAAGF,EAAK,OAAS,CACfrB,EAAC,WAAQ,MAAM,0BACbA,EAAC,WAAQ,SAAU,IAChBqB,EAAK,OAAS,GAAKA,EAAK,SAAW,EAChCT,GAAY,wBAAwB,EACpCA,GAAY,2BAA4BS,EAAK,MAAM,CAEzD,EACC,GAAGA,EAAK,IAAIE,GAAW/B,GAAqB+B,EAAS,CAAW,CAAC,CACpE,CACF,EAAI,CAAC,CACP,EAGA,OACEvB,EAAC,MAAG,MAAM,0BACPsB,CACH,CAEJ,CC1IO,SAASE,GAAkBC,EAAiC,CACjE,OACEC,EAAC,MAAG,MAAM,oBACP,OAAO,QAAQD,CAAK,EAAE,IAAI,CAAC,CAACE,EAAKC,CAAK,IACrCF,EAAC,MAAG,MAAO,oCAAoCC,KAC5C,OAAOC,GAAU,SAAWC,GAAMD,CAAK,EAAIA,CAC9C,CACD,CACH,CAEJ,CCAO,SAASE,GACdC,EACa,CACb,IAAMC,EAAU,kCAAkCD,IAClD,OACEE,EAAC,OAAI,MAAOD,EAAS,OAAM,IACzBC,EAAC,UAAO,MAAM,gBAAgB,SAAU,GAAI,CAC9C,CAEJ,CCpBO,SAASC,GAAYC,EAAiC,CAC3D,OACEC,EAAC,OAAI,MAAM,0BACTA,EAAC,OAAI,MAAM,qBACRD,CACH,CACF,CAEJ,CCMA,SAASE,GAAcC,EAA+B,CACpD,IAAMC,EAASC,GAAc,EAGvBC,EAAM,IAAI,IAAI,MAAMH,EAAQ,WAAYC,EAAO,IAAI,EACzD,OACEG,EAAC,MAAG,MAAM,oBACRA,EAAC,KAAE,KAAM,GAAGD,IAAO,MAAM,oBACtBH,EAAQ,KACX,CACF,CAEJ,CAcO,SAASK,GACdC,EAAqBC,EACR,CACb,OACEH,EAAC,OAAI,MAAM,cACTA,EAAC,UACC,MAAM,sBACN,aAAYI,GAAY,sBAAsB,GAE7CD,EAAO,KACV,EACAH,EAAC,MAAG,MAAM,oBACPE,EAAS,IAAIP,EAAa,CAC7B,CACF,CAEJ,CCCO,SAASU,GACdC,EAAiBC,EACO,CACxB,IAAMC,EAAUC,EAAM,IAAMC,EAAc,CACxCC,GAAmBL,CAAE,EACrBM,GAA0BL,CAAS,CACrC,CAAC,CAAC,EACC,KACCM,EAAI,CAAC,CAAC,CAAE,EAAAC,EAAG,EAAAC,CAAE,EAAGC,CAAM,IAAqB,CACzC,GAAM,CAAE,MAAAC,EAAO,OAAAC,CAAO,EAAIC,GAAeb,CAAE,EAC3C,MAAQ,CACN,EAAGQ,EAAIE,EAAO,EAAIC,EAAQ,EAC1B,EAAGF,EAAIC,EAAO,EAAIE,EAAS,CAC7B,CACF,CAAC,CACH,EAGF,OAAOE,GAAkBd,CAAE,EACxB,KACCe,EAAUC,GAAUd,EACjB,KACCK,EAAIU,IAAW,CAAE,OAAAD,EAAQ,OAAAC,CAAO,EAAE,EAClCC,GAAK,CAAC,CAACF,GAAU,GAAQ,CAC3B,CACF,CACF,CACJ,CAWO,SAASG,GACdnB,EAAiBC,EAAwB,CAAE,QAAAmB,CAAQ,EAChB,CACnC,GAAM,CAACC,EAASC,CAAK,EAAI,MAAM,KAAKtB,EAAG,QAAQ,EAG/C,OAAOG,EAAM,IAAM,CACjB,IAAMoB,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EACpC,OAAAH,EAAM,UAAU,CAGd,KAAK,CAAE,OAAAN,CAAO,EAAG,CACfjB,EAAG,MAAM,YAAY,iBAAkB,GAAGiB,EAAO,KAAK,EACtDjB,EAAG,MAAM,YAAY,iBAAkB,GAAGiB,EAAO,KAAK,CACxD,EAGA,UAAW,CACTjB,EAAG,MAAM,eAAe,gBAAgB,EACxCA,EAAG,MAAM,eAAe,gBAAgB,CAC1C,CACF,CAAC,EAGD2B,GAAuB3B,CAAE,EACtB,KACC4B,GAAUH,CAAK,CACjB,EACG,UAAUI,GAAW,CACpB7B,EAAG,gBAAgB,kBAAmB6B,CAAO,CAC/C,CAAC,EAGLC,EACEP,EAAM,KAAKQ,EAAO,CAAC,CAAE,OAAAf,CAAO,IAAMA,CAAM,CAAC,EACzCO,EAAM,KAAKS,GAAa,GAAG,EAAGD,EAAO,CAAC,CAAE,OAAAf,CAAO,IAAM,CAACA,CAAM,CAAC,CAC/D,EACG,UAAU,CAGT,KAAK,CAAE,OAAAA,CAAO,EAAG,CACXA,EACFhB,EAAG,QAAQqB,CAAO,EAElBA,EAAQ,OAAO,CACnB,EAGA,UAAW,CACTrB,EAAG,QAAQqB,CAAO,CACpB,CACF,CAAC,EAGHE,EACG,KACCU,GAAU,GAAIC,EAAuB,CACvC,EACG,UAAU,CAAC,CAAE,OAAAlB,CAAO,IAAM,CACzBK,EAAQ,UAAU,OAAO,qBAAsBL,CAAM,CACvD,CAAC,EAGLO,EACG,KACCY,GAAa,IAAKD,EAAuB,EACzCH,EAAO,IAAM,CAAC,CAAC/B,EAAG,YAAY,EAC9BO,EAAI,IAAMP,EAAG,aAAc,sBAAsB,CAAC,EAClDO,EAAI,CAAC,CAAE,EAAAC,CAAE,IAAMA,CAAC,CAClB,EACG,UAAU,CAGT,KAAK4B,EAAQ,CACPA,EACFpC,EAAG,MAAM,YAAY,iBAAkB,GAAG,CAACoC,KAAU,EAErDpC,EAAG,MAAM,eAAe,gBAAgB,CAC5C,EAGA,UAAW,CACTA,EAAG,MAAM,eAAe,gBAAgB,CAC1C,CACF,CAAC,EAGLqC,EAAsBf,EAAO,OAAO,EACjC,KACCM,GAAUH,CAAK,EACfM,EAAOO,GAAM,EAAEA,EAAG,SAAWA,EAAG,QAAQ,CAC1C,EACG,UAAUA,GAAMA,EAAG,eAAe,CAAC,EAGxCD,EAAsBf,EAAO,WAAW,EACrC,KACCM,GAAUH,CAAK,EACfc,GAAehB,CAAK,CACtB,EACG,UAAU,CAAC,CAACe,EAAI,CAAE,OAAAtB,CAAO,CAAC,IAAM,CAvOzC,IAAAwB,EA0OU,GAAIF,EAAG,SAAW,GAAKA,EAAG,SAAWA,EAAG,QACtCA,EAAG,eAAe,UAGTtB,EAAQ,CACjBsB,EAAG,eAAe,EAGlB,IAAMG,EAASzC,EAAG,cAAe,QAAQ,gBAAgB,EACrDyC,aAAkB,YACpBA,EAAO,MAAM,GAEbD,EAAAE,GAAiB,IAAjB,MAAAF,EAAoB,MACxB,CACF,CAAC,EAGLpB,EACG,KACCQ,GAAUH,CAAK,EACfM,EAAOY,GAAUA,IAAWtB,CAAO,EACnCuB,GAAM,GAAG,CACX,EACG,UAAU,IAAM5C,EAAG,MAAM,CAAC,EAGxBD,GAAgBC,EAAIC,CAAS,EACjC,KACC4C,EAAIC,GAASvB,EAAM,KAAKuB,CAAK,CAAC,EAC9BC,EAAS,IAAMxB,EAAM,SAAS,CAAC,EAC/BhB,EAAIuC,GAAUE,EAAA,CAAE,IAAKhD,GAAO8C,EAAQ,CACtC,CACJ,CAAC,CACH,CCrMA,SAASG,GAAsBC,EAAgC,CAC7D,IAAMC,EAAkB,CAAC,EACzB,QAAWC,KAAMC,EAAY,eAAgBH,CAAS,EAAG,CACvD,IAAMI,EAAgB,CAAC,EAGjBC,EAAK,SAAS,mBAAmBH,EAAI,WAAW,SAAS,EAC/D,QAASI,EAAOD,EAAG,SAAS,EAAGC,EAAMA,EAAOD,EAAG,SAAS,EACtDD,EAAM,KAAKE,CAAY,EAGzB,QAASC,KAAQH,EAAO,CACtB,IAAII,EAGJ,KAAQA,EAAQ,gBAAgB,KAAKD,EAAK,WAAY,GAAI,CACxD,GAAM,CAAC,CAAEE,EAAIC,CAAK,EAAIF,EACtB,GAAI,OAAOE,GAAU,YAAa,CAChC,IAAMC,EAASJ,EAAK,UAAUC,EAAM,KAAK,EACzCD,EAAOI,EAAO,UAAUF,EAAG,MAAM,EACjCR,EAAQ,KAAKU,CAAM,CAGrB,KAAO,CACLJ,EAAK,YAAcE,EACnBR,EAAQ,KAAKM,CAAI,EACjB,KACF,CACF,CACF,CACF,CACA,OAAON,CACT,CAQA,SAASW,GAAKC,EAAqBC,EAA2B,CAC5DA,EAAO,OAAO,GAAG,MAAM,KAAKD,EAAO,UAAU,CAAC,CAChD,CAoBO,SAASE,GACdb,EAAiBF,EAAwB,CAAE,QAAAgB,EAAS,OAAAC,CAAO,EACxB,CAGnC,IAAMC,EAASlB,EAAU,QAAQ,MAAM,EACjCmB,EAASD,GAAA,YAAAA,EAAQ,GAGjBE,EAAc,IAAI,IACxB,QAAWT,KAAUZ,GAAsBC,CAAS,EAAG,CACrD,GAAM,CAAC,CAAES,CAAE,EAAIE,EAAO,YAAa,MAAM,WAAW,EAChDU,GAAmB,gBAAgBZ,KAAOP,CAAE,IAC9CkB,EAAY,IAAIX,EAAIa,GAAiBb,EAAIU,CAAM,CAAC,EAChDR,EAAO,YAAYS,EAAY,IAAIX,CAAE,CAAE,EAE3C,CAGA,OAAIW,EAAY,OAAS,EAChBG,EAGFC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAGZC,EAAsC,CAAC,EAC7C,OAAW,CAAClB,EAAImB,CAAU,IAAKR,EAC7BO,EAAM,KAAK,CACTE,EAAW,cAAeD,CAAU,EACpCC,EAAW,gBAAgBpB,KAAOP,CAAE,CACtC,CAAC,EAGH,OAAAe,EACG,KACCa,GAAUL,EAAM,KAAKM,GAAS,CAAC,CAAC,CAAC,CACnC,EACG,UAAUC,GAAU,CACnB9B,EAAG,OAAS,CAAC8B,EAGb,OAAW,CAACC,EAAOC,CAAK,IAAKP,EACtBK,EAGHpB,GAAKqB,EAAOC,CAAK,EAFjBtB,GAAKsB,EAAOD,CAAK,CAGvB,CAAC,EAGEE,EAAM,GAAG,CAAC,GAAGf,CAAW,EAC5B,IAAI,CAAC,CAAC,CAAEQ,CAAU,IACjBQ,GAAgBR,EAAY5B,EAAW,CAAE,QAAAgB,CAAQ,CAAC,CACnD,CACH,EACG,KACCqB,EAAS,IAAMZ,EAAM,SAAS,CAAC,EAC/Ba,GAAM,CACR,CACJ,CAAC,CACH,CV9GA,IAAIC,GAAW,EAaf,SAASC,GAAkBC,EAA0C,CACnE,GAAIA,EAAG,mBAAoB,CACzB,IAAMC,EAAUD,EAAG,mBACnB,GAAIC,EAAQ,UAAY,KACtB,OAAOA,EAGJ,GAAIA,EAAQ,UAAY,KAAO,CAACA,EAAQ,SAAS,OACpD,OAAOF,GAAkBE,CAAO,CACpC,CAIF,CAgBO,SAASC,GACdF,EACuB,CACvB,OAAOG,GAAiBH,CAAE,EACvB,KACCI,EAAI,CAAC,CAAE,MAAAC,CAAM,KAEJ,CACL,WAFcC,GAAsBN,CAAE,EAElB,MAAQK,CAC9B,EACD,EACDE,EAAwB,YAAY,CACtC,CACJ,CAoBO,SAASC,GACdR,EAAiBS,EAC8B,CAC/C,GAAM,CAAE,QAASC,CAAM,EAAI,WAAW,SAAS,EAGzCC,EAAWC,EAAM,IAAM,CAC3B,IAAMC,EAAQ,IAAIC,EASlB,GARAD,EAAM,UAAU,CAAC,CAAE,WAAAE,CAAW,IAAM,CAC9BA,GAAcL,EAChBV,EAAG,aAAa,WAAY,GAAG,EAE/BA,EAAG,gBAAgB,UAAU,CACjC,CAAC,EAGG,GAAAgB,QAAY,YAAY,EAAG,CAC7B,IAAMC,EAASjB,EAAG,QAAQ,KAAK,EAC/BiB,EAAO,GAAK,UAAU,EAAEnB,KACxBmB,EAAO,aACLC,GAAsBD,EAAO,EAAE,EAC/BjB,CACF,CACF,CAGA,IAAMmB,EAAYnB,EAAG,QAAQ,YAAY,EACzC,GAAImB,aAAqB,YAAa,CACpC,IAAMC,EAAOrB,GAAkBoB,CAAS,EAGxC,GAAI,OAAOC,GAAS,cAClBD,EAAU,UAAU,SAAS,UAAU,GACvCE,EAAQ,uBAAuB,GAC9B,CACD,IAAMC,EAAeC,GAAoBH,EAAMpB,EAAIS,CAAO,EAG1D,OAAOP,GAAeF,CAAE,EACrB,KACCwB,EAAIC,GAASZ,EAAM,KAAKY,CAAK,CAAC,EAC9BC,EAAS,IAAMb,EAAM,SAAS,CAAC,EAC/BT,EAAIqB,GAAUE,EAAA,CAAE,IAAK3B,GAAOyB,EAAQ,EACpCG,GACEzB,GAAiBgB,CAAS,EACvB,KACCf,EAAI,CAAC,CAAE,MAAAC,EAAO,OAAAwB,CAAO,IAAMxB,GAASwB,CAAM,EAC1CC,EAAqB,EACrBC,EAAUC,GAAUA,EAASV,EAAeW,CAAK,CACnD,CACJ,CACF,CACJ,CACF,CAGA,OAAO/B,GAAeF,CAAE,EACrB,KACCwB,EAAIC,GAASZ,EAAM,KAAKY,CAAK,CAAC,EAC9BC,EAAS,IAAMb,EAAM,SAAS,CAAC,EAC/BT,EAAIqB,GAAUE,EAAA,CAAE,IAAK3B,GAAOyB,EAAQ,CACtC,CACJ,CAAC,EAGD,OAAIJ,EAAQ,cAAc,EACjBa,GAAuBlC,CAAE,EAC7B,KACCmC,EAAOC,GAAWA,CAAO,EACzBC,GAAK,CAAC,EACNN,EAAU,IAAMpB,CAAQ,CAC1B,EAGGA,CACT,uyJWpLA,IAAI2B,GAKAC,GAAW,EAWf,SAASC,IAAiC,CACxC,OAAO,OAAO,SAAY,aAAe,mBAAmB,QACxDC,GAAY,qDAAqD,EACjEC,EAAG,MAAS,CAClB,CAaO,SAASC,GACdC,EACgC,CAChC,OAAAA,EAAG,UAAU,OAAO,SAAS,EAC7BN,QAAaE,GAAa,EACvB,KACCK,EAAI,IAAM,QAAQ,WAAW,CAC3B,YAAa,GACb,SAAAC,GACA,SAAU,CACR,cAAe,OACf,gBAAiB,OACjB,aAAc,MAChB,CACF,CAAC,CAAC,EACFC,EAAI,IAAG,EAAY,EACnBC,EAAY,CAAC,CACf,GAGFV,GAAS,UAAU,IAAM,CACvBM,EAAG,UAAU,IAAI,SAAS,EAC1B,IAAMK,EAAK,aAAaV,OAClBW,EAAOC,EAAE,MAAO,CAAE,MAAO,SAAU,CAAC,EAC1C,QAAQ,WAAW,OAAOF,EAAIL,EAAG,YAAcQ,GAAgB,CAG7D,IAAMC,EAASH,EAAK,aAAa,CAAE,KAAM,QAAS,CAAC,EACnDG,EAAO,UAAYD,EAGnBR,EAAG,YAAYM,CAAI,CACrB,CAAC,CACH,CAAC,EAGMZ,GACJ,KACCS,EAAI,KAAO,CAAE,IAAKH,CAAG,EAAE,CACzB,CACJ,CC/CO,SAASU,GACdC,EAAwB,CAAE,QAAAC,EAAS,OAAAC,CAAO,EACrB,CACrB,IAAIC,EAAO,GACX,OAAOC,EAGLH,EACG,KACCI,EAAIC,GAAUA,EAAO,QAAQ,qBAAqB,CAAE,EACpDC,EAAOC,GAAWR,IAAOQ,CAAO,EAChCH,EAAI,KAAO,CACT,OAAQ,OAAQ,OAAQ,EAC1B,EAAa,CACf,EAGFH,EACG,KACCK,EAAOE,GAAUA,GAAU,CAACN,CAAI,EAChCO,EAAI,IAAMP,EAAOH,EAAG,IAAI,EACxBK,EAAII,IAAW,CACb,OAAQA,EAAS,OAAS,OAC5B,EAAa,CACf,CACJ,CACF,CAaO,SAASE,GACdX,EAAwBY,EACQ,CAChC,OAAOC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EAAM,UAAU,CAAC,CAAE,OAAAE,EAAQ,OAAAC,CAAO,IAAM,CACtCjB,EAAG,gBAAgB,OAAQgB,IAAW,MAAM,EACxCC,GACFjB,EAAG,eAAe,CACtB,CAAC,EAGMD,GAAaC,EAAIY,CAAO,EAC5B,KACCF,EAAIQ,GAASJ,EAAM,KAAKI,CAAK,CAAC,EAC9BC,EAAS,IAAML,EAAM,SAAS,CAAC,EAC/BT,EAAIa,GAAUE,EAAA,CAAE,IAAKpB,GAAOkB,EAAQ,CACtC,CACJ,CAAC,CACH,CC5FA,IAAMG,GAAWC,EAAE,OAAO,EAgBnB,SAASC,GACdC,EACkC,CAClC,OAAAA,EAAG,YAAYH,EAAQ,EACvBA,GAAS,YAAYI,GAAYD,CAAE,CAAC,EAG7BE,EAAG,CAAE,IAAKF,CAAG,CAAC,CACvB,CCuBO,SAASG,GACdC,EACyB,CACzB,IAAMC,EAASC,EAA8B,iBAAkBF,CAAE,EAC3DG,EAAUF,EAAO,KAAKG,GAASA,EAAM,OAAO,GAAKH,EAAO,GAC9D,OAAOI,EAAM,GAAGJ,EAAO,IAAIG,GAASE,EAAUF,EAAO,QAAQ,EAC1D,KACCG,EAAI,IAAMC,EAA6B,cAAcJ,EAAM,MAAM,CAAC,CACpE,CACF,CAAC,EACE,KACCK,EAAUD,EAA6B,cAAcL,EAAQ,MAAM,CAAC,EACpEI,EAAIG,IAAW,CAAE,OAAAA,CAAO,EAAE,CAC5B,CACJ,CAeO,SAASC,GACdX,EAAiB,CAAE,UAAAY,CAAU,EACO,CAGpC,IAAMC,EAAOC,GAAoB,MAAM,EACvCd,EAAG,OAAOa,CAAI,EAGd,IAAME,EAAOD,GAAoB,MAAM,EACvCd,EAAG,OAAOe,CAAI,EAGd,IAAMC,EAAYR,EAAW,iBAAkBR,CAAE,EACjD,OAAOiB,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EACpC,OAAAC,EAAc,CAACJ,EAAOK,GAAiBvB,CAAE,CAAC,CAAC,EACxC,KACCwB,GAAU,EAAGC,EAAuB,EACpCC,GAAUN,CAAK,CACjB,EACG,UAAU,CAGT,KAAK,CAAC,CAAE,OAAAV,CAAO,EAAGiB,CAAI,EAAG,CACvB,IAAMC,EAASC,GAAiBnB,CAAM,EAChC,CAAE,MAAAoB,CAAM,EAAIC,GAAerB,CAAM,EAGvCV,EAAG,MAAM,YAAY,mBAAoB,GAAG4B,EAAO,KAAK,EACxD5B,EAAG,MAAM,YAAY,uBAAwB,GAAG8B,KAAS,EAGzD,IAAME,EAAUC,GAAwBjB,CAAS,GAE/CY,EAAO,EAAYI,EAAQ,GAC3BJ,EAAO,EAAIE,EAAQE,EAAQ,EAAIL,EAAK,QAEpCX,EAAU,SAAS,CACjB,KAAM,KAAK,IAAI,EAAGY,EAAO,EAAI,EAAE,EAC/B,SAAU,QACZ,CAAC,CACL,EAGA,UAAW,CACT5B,EAAG,MAAM,eAAe,kBAAkB,EAC1CA,EAAG,MAAM,eAAe,sBAAsB,CAChD,CACF,CAAC,EAGLsB,EAAc,CACZY,GAA0BlB,CAAS,EACnCO,GAAiBP,CAAS,CAC5B,CAAC,EACE,KACCU,GAAUN,CAAK,CACjB,EACG,UAAU,CAAC,CAACQ,EAAQD,CAAI,IAAM,CAC7B,IAAMK,EAAUG,GAAsBnB,CAAS,EAC/CH,EAAK,OAASe,EAAO,EAAI,GACzBb,EAAK,OAASa,EAAO,EAAII,EAAQ,MAAQL,EAAK,MAAQ,EACxD,CAAC,EAGLtB,EACEC,EAAUO,EAAM,OAAO,EAAE,KAAKN,EAAI,IAAM,EAAE,CAAC,EAC3CD,EAAUS,EAAM,OAAO,EAAE,KAAKR,EAAI,IAAM,CAAE,CAAC,CAC7C,EACG,KACCmB,GAAUN,CAAK,CACjB,EACG,UAAUgB,GAAa,CACtB,GAAM,CAAE,MAAAN,CAAM,EAAIC,GAAef,CAAS,EAC1CA,EAAU,SAAS,CACjB,KAAMc,EAAQM,EACd,SAAU,QACZ,CAAC,CACH,CAAC,EAGDC,EAAQ,mBAAmB,GAC7BnB,EAAM,KACJoB,GAAK,CAAC,EACNC,GAAe3B,CAAS,CAC1B,EACG,UAAU,CAAC,CAAC,CAAE,OAAAF,CAAO,EAAG,CAAE,OAAAkB,CAAO,CAAC,IAAM,CACvC,IAAMY,EAAM9B,EAAO,UAAU,KAAK,EAClC,GAAIA,EAAO,aAAa,mBAAmB,EACzCA,EAAO,gBAAgB,mBAAmB,MAGrC,CACL,IAAM+B,EAAIzC,EAAG,UAAY4B,EAAO,EAGhC,QAAWc,KAAOxC,EAAY,aAAa,EACzC,QAAWE,KAASF,EAClB,iBAAkBwC,CACpB,EAAG,CACD,IAAMC,EAAQnC,EAAW,cAAcJ,EAAM,MAAM,EACnD,GACEuC,IAAUjC,GACViC,EAAM,UAAU,KAAK,IAAMH,EAC3B,CACAG,EAAM,aAAa,oBAAqB,EAAE,EAC1CvC,EAAM,MAAM,EACZ,KACF,CACF,CAGF,OAAO,SAAS,CACd,IAAKJ,EAAG,UAAYyC,CACtB,CAAC,EAGD,IAAMG,EAAO,SAAmB,QAAQ,GAAK,CAAC,EAC9C,SAAS,SAAU,CAAC,GAAG,IAAI,IAAI,CAACJ,EAAK,GAAGI,CAAI,CAAC,CAAC,CAAC,CACjD,CACF,CAAC,EAGE7C,GAAiBC,CAAE,EACvB,KACC6C,EAAIC,GAAS5B,EAAM,KAAK4B,CAAK,CAAC,EAC9BC,EAAS,IAAM7B,EAAM,SAAS,CAAC,EAC/BX,EAAIuC,GAAUE,EAAA,CAAE,IAAKhD,GAAO8C,EAAQ,CACtC,CACJ,CAAC,EACE,KACCG,GAAYC,EAAc,CAC5B,CACJ,CCtKO,SAASC,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,EAAS,OAAAC,CAAO,EACd,CAChC,OAAOC,EAGL,GAAGC,EAAY,2BAA4BL,CAAE,EAC1C,IAAIM,GAASC,GAAeD,EAAO,CAAE,QAAAJ,EAAS,OAAAC,CAAO,CAAC,CAAC,EAG1D,GAAGE,EAAY,cAAeL,CAAE,EAC7B,IAAIM,GAASE,GAAaF,CAAK,CAAC,EAGnC,GAAGD,EAAY,qBAAsBL,CAAE,EACpC,IAAIM,GAASG,GAAeH,CAAK,CAAC,EAGrC,GAAGD,EAAY,UAAWL,CAAE,EACzB,IAAIM,GAASI,GAAaJ,EAAO,CAAE,QAAAJ,EAAS,OAAAC,CAAO,CAAC,CAAC,EAGxD,GAAGE,EAAY,cAAeL,CAAE,EAC7B,IAAIM,GAASK,GAAiBL,EAAO,CAAE,UAAAL,CAAU,CAAC,CAAC,CACxD,CACF,CClCO,SAASW,GACdC,EAAkB,CAAE,OAAAC,CAAO,EACP,CACpB,OAAOA,EACJ,KACCC,EAAUC,GAAWC,EACnBC,EAAG,EAAI,EACPA,EAAG,EAAK,EAAE,KAAKC,GAAM,GAAI,CAAC,CAC5B,EACG,KACCC,EAAIC,IAAW,CAAE,QAAAL,EAAS,OAAAK,CAAO,EAAE,CACrC,CACF,CACF,CACJ,CAaO,SAASC,GACdC,EAAiBC,EACc,CAC/B,IAAMC,EAAQC,EAAW,cAAeH,CAAE,EAC1C,OAAOI,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EAAM,UAAU,CAAC,CAAE,QAAAZ,EAAS,OAAAK,CAAO,IAAM,CACvCE,EAAG,UAAU,OAAO,oBAAqBF,CAAM,EAC/CI,EAAM,YAAcT,CACtB,CAAC,EAGMJ,GAAYW,EAAIC,CAAO,EAC3B,KACCM,EAAIC,GAASH,EAAM,KAAKG,CAAK,CAAC,EAC9BC,EAAS,IAAMJ,EAAM,SAAS,CAAC,EAC/BR,EAAIW,GAAUE,EAAA,CAAE,IAAKV,GAAOQ,EAAQ,CACtC,CACJ,CAAC,CACH,CC9BA,SAASG,GAAS,CAAE,UAAAC,CAAU,EAAsC,CAClE,GAAI,CAACC,EAAQ,iBAAiB,EAC5B,OAAOC,EAAG,EAAK,EAGjB,IAAMC,EAAaH,EAChB,KACCI,EAAI,CAAC,CAAE,OAAQ,CAAE,EAAAC,CAAE,CAAE,IAAMA,CAAC,EAC5BC,GAAY,EAAG,CAAC,EAChBF,EAAI,CAAC,CAACG,EAAGC,CAAC,IAAM,CAACD,EAAIC,EAAGA,CAAC,CAAU,EACnCC,EAAwB,CAAC,CAC3B,EAGIC,EAAUC,EAAc,CAACX,EAAWG,CAAU,CAAC,EAClD,KACCS,EAAO,CAAC,CAAC,CAAE,OAAAC,CAAO,EAAG,CAAC,CAAER,CAAC,CAAC,IAAM,KAAK,IAAIA,EAAIQ,EAAO,CAAC,EAAI,GAAG,EAC5DT,EAAI,CAAC,CAAC,CAAE,CAACU,CAAS,CAAC,IAAMA,CAAS,EAClCC,EAAqB,CACvB,EAGIC,EAAUC,GAAY,QAAQ,EACpC,OAAON,EAAc,CAACX,EAAWgB,CAAO,CAAC,EACtC,KACCZ,EAAI,CAAC,CAAC,CAAE,OAAAS,CAAO,EAAGK,CAAM,IAAML,EAAO,EAAI,KAAO,CAACK,CAAM,EACvDH,EAAqB,EACrBI,EAAUC,GAAUA,EAASV,EAAUR,EAAG,EAAK,CAAC,EAChDmB,EAAU,EAAK,CACjB,CACJ,CAcO,SAASC,GACdC,EAAiBC,EACG,CACpB,OAAOC,EAAM,IAAMd,EAAc,CAC/Be,GAAiBH,CAAE,EACnBxB,GAASyB,CAAO,CAClB,CAAC,CAAC,EACC,KACCpB,EAAI,CAAC,CAAC,CAAE,OAAAuB,CAAO,EAAGC,CAAM,KAAO,CAC7B,OAAAD,EACA,OAAAC,CACF,EAAE,EACFb,EAAqB,CAACR,EAAGC,IACvBD,EAAE,SAAWC,EAAE,QACfD,EAAE,SAAWC,EAAE,MAChB,EACDqB,EAAY,CAAC,CACf,CACJ,CAaO,SAASC,GACdP,EAAiB,CAAE,QAAAQ,EAAS,MAAAC,CAAM,EACH,CAC/B,OAAOP,EAAM,IAAM,CACjB,IAAMQ,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EACpC,OAAAH,EACG,KACCxB,EAAwB,QAAQ,EAChC4B,GAAkBN,CAAO,CAC3B,EACG,UAAU,CAAC,CAAC,CAAE,OAAAX,CAAO,EAAG,CAAE,OAAAQ,CAAO,CAAC,IAAM,CACvCL,EAAG,UAAU,OAAO,oBAAqBH,GAAU,CAACQ,CAAM,EAC1DL,EAAG,OAASK,CACd,CAAC,EAGLI,EAAM,UAAUC,CAAK,EAGdF,EACJ,KACCO,GAAUH,CAAK,EACf/B,EAAImC,GAAUC,EAAA,CAAE,IAAKjB,GAAOgB,EAAQ,CACtC,CACJ,CAAC,CACH,CChHO,SAASE,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACb,CACzB,OAAOC,GAAgBH,EAAI,CAAE,UAAAC,EAAW,QAAAC,CAAQ,CAAC,EAC9C,KACCE,EAAI,CAAC,CAAE,OAAQ,CAAE,EAAAC,CAAE,CAAE,IAAM,CACzB,GAAM,CAAE,OAAAC,CAAO,EAAIC,GAAeP,CAAE,EACpC,MAAO,CACL,OAAQK,GAAKC,CACf,CACF,CAAC,EACDE,EAAwB,QAAQ,CAClC,CACJ,CAaO,SAASC,GACdT,EAAiBU,EACmB,CACpC,OAAOC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClBD,EAAM,UAAU,CAAC,CAAE,OAAAE,CAAO,IAAM,CAC9Bd,EAAG,UAAU,OAAO,2BAA4Bc,CAAM,CACxD,CAAC,EAGD,IAAMC,EAAUC,GAAmB,YAAY,EAC/C,OAAI,OAAOD,GAAY,YACdE,EAGFlB,GAAiBgB,EAASL,CAAO,EACrC,KACCQ,EAAIC,GAASP,EAAM,KAAKO,CAAK,CAAC,EAC9BC,EAAS,IAAMR,EAAM,SAAS,CAAC,EAC/BR,EAAIe,GAAUE,EAAA,CAAE,IAAKrB,GAAOmB,EAAQ,CACtC,CACJ,CAAC,CACH,CCvDO,SAASG,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACpB,CAGlB,IAAMC,EAAUD,EACb,KACCE,EAAI,CAAC,CAAE,OAAAC,CAAO,IAAMA,CAAM,EAC1BC,EAAqB,CACvB,EAGIC,EAAUJ,EACb,KACCK,EAAU,IAAMC,GAAiBT,CAAE,EAChC,KACCI,EAAI,CAAC,CAAE,OAAAC,CAAO,KAAO,CACnB,IAAQL,EAAG,UACX,OAAQA,EAAG,UAAYK,CACzB,EAAE,EACFK,EAAwB,QAAQ,CAClC,CACF,CACF,EAGF,OAAOC,EAAc,CAACR,EAASI,EAASN,CAAS,CAAC,EAC/C,KACCG,EAAI,CAAC,CAACQ,EAAQ,CAAE,IAAAC,EAAK,OAAAC,CAAO,EAAG,CAAE,OAAQ,CAAE,EAAAC,CAAE,EAAG,KAAM,CAAE,OAAAV,CAAO,CAAE,CAAC,KAChEA,EAAS,KAAK,IAAI,EAAGA,EACjB,KAAK,IAAI,EAAGQ,EAASE,EAAIH,CAAM,EAC/B,KAAK,IAAI,EAAGP,EAASU,EAAID,CAAM,CACnC,EACO,CACL,OAAQD,EAAMD,EACd,OAAAP,EACA,OAAQQ,EAAMD,GAAUG,CAC1B,EACD,EACDT,EAAqB,CAACU,EAAGC,IACvBD,EAAE,SAAWC,EAAE,QACfD,EAAE,SAAWC,EAAE,QACfD,EAAE,SAAWC,EAAE,MAChB,CACH,CACJ,CClDO,SAASC,GACdC,EACqB,CACrB,IAAMC,EAAU,SAAkB,WAAW,GAAK,CAChD,MAAOD,EAAO,UAAUE,GAAS,WAC/BA,EAAM,aAAa,qBAAqB,CAC1C,EAAE,OAAO,CACX,EAGA,OAAOC,EAAG,GAAGH,CAAM,EAChB,KACCI,GAASF,GAASG,EAAUH,EAAO,QAAQ,EACxC,KACCI,EAAI,IAAMJ,CAAK,CACjB,CACF,EACAK,EAAUP,EAAO,KAAK,IAAI,EAAGC,EAAQ,KAAK,EAAE,EAC5CK,EAAIJ,IAAU,CACZ,MAAOF,EAAO,QAAQE,CAAK,EAC3B,MAAO,CACL,OAASA,EAAM,aAAa,sBAAsB,EAClD,QAASA,EAAM,aAAa,uBAAuB,EACnD,OAASA,EAAM,aAAa,sBAAsB,CACpD,CACF,EAAa,EACbM,EAAY,CAAC,CACf,CACJ,CASO,SAASC,GACdC,EACgC,CAChC,OAAOC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClBD,EAAM,UAAUE,GAAW,CACzB,SAAS,KAAK,aAAa,0BAA2B,EAAE,EAGxD,OAAW,CAACC,EAAKC,CAAK,IAAK,OAAO,QAAQF,EAAQ,KAAK,EACrD,SAAS,KAAK,aAAa,iBAAiBC,IAAOC,CAAK,EAG1D,QAASC,EAAQ,EAAGA,EAAQjB,EAAO,OAAQiB,IAAS,CAClD,IAAMC,EAAQlB,EAAOiB,GAAO,mBACxBC,aAAiB,cACnBA,EAAM,OAASJ,EAAQ,QAAUG,EACrC,CAGA,SAAS,YAAaH,CAAO,CAC/B,CAAC,EAGDF,EAAM,KAAKO,GAAUC,EAAc,CAAC,EACjC,UAAU,IAAM,CACf,SAAS,KAAK,gBAAgB,yBAAyB,CACzD,CAAC,EAGH,IAAMpB,EAASqB,EAA8B,QAASX,CAAE,EACxD,OAAOX,GAAaC,CAAM,EACvB,KACCsB,EAAIC,GAASX,EAAM,KAAKW,CAAK,CAAC,EAC9BC,EAAS,IAAMZ,EAAM,SAAS,CAAC,EAC/BN,EAAIiB,GAAUE,EAAA,CAAE,IAAKf,GAAOa,EAAQ,CACtC,CACJ,CAAC,CACH,CC/HA,IAAAG,GAAwB,SAiCxB,SAASC,GAAQC,EAAyB,CACxCA,EAAG,aAAa,kBAAmB,EAAE,EACrC,IAAMC,EAAOD,EAAG,UAChB,OAAAA,EAAG,gBAAgB,iBAAiB,EAC7BC,CACT,CAWO,SAASC,GACd,CAAE,OAAAC,CAAO,EACH,CACF,GAAAC,QAAY,YAAY,GAC1B,IAAIC,EAA8BC,GAAc,CAC9C,IAAI,GAAAF,QAAY,iDAAkD,CAChE,KAAMJ,GACJA,EAAG,aAAa,qBAAqB,GACrCD,GAAQQ,EACNP,EAAG,aAAa,uBAAuB,CACzC,CAAC,CAEL,CAAC,EACE,GAAG,UAAWQ,GAAMF,EAAW,KAAKE,CAAE,CAAC,CAC5C,CAAC,EACE,KACCC,EAAID,GAAM,CACQA,EAAG,QACX,MAAM,CAChB,CAAC,EACDE,EAAI,IAAMC,GAAY,kBAAkB,CAAC,CAC3C,EACG,UAAUR,CAAM,CAEzB,CCrCA,SAASS,GAAWC,EAAwB,CAC1C,GAAIA,EAAK,OAAS,EAChB,MAAO,CAAC,EAAE,EAGZ,GAAM,CAACC,EAAMC,CAAI,EAAI,CAAC,GAAGF,CAAI,EAC1B,KAAK,CAACG,EAAGC,IAAMD,EAAE,OAASC,EAAE,MAAM,EAClC,IAAIC,GAAOA,EAAI,QAAQ,SAAU,EAAE,CAAC,EAGnCC,EAAQ,EACZ,GAAIL,IAASC,EACXI,EAAQL,EAAK,WAEb,MAAOA,EAAK,WAAWK,CAAK,IAAMJ,EAAK,WAAWI,CAAK,GACrDA,IAGJ,OAAON,EAAK,IAAIK,GAAOA,EAAI,QAAQJ,EAAK,MAAM,EAAGK,CAAK,EAAG,EAAE,CAAC,CAC9D,CAaO,SAASC,GAAaC,EAAiC,CAC5D,IAAMC,EAAS,SAAkB,YAAa,eAAgBD,CAAI,EAClE,GAAIC,EACF,OAAOC,EAAGD,CAAM,EACX,CACL,IAAME,EAASC,GAAc,EAC7B,OAAOC,GAAW,IAAI,IAAI,cAAeL,GAAQG,EAAO,IAAI,CAAC,EAC1D,KACCG,EAAIC,GAAWhB,GAAWiB,EAAY,MAAOD,CAAO,EACjD,IAAIE,GAAQA,EAAK,WAAY,CAChC,CAAC,EACDC,GAAW,IAAMC,CAAK,EACtBC,GAAe,CAAC,CAAC,EACjBC,EAAIN,GAAW,SAAS,YAAaA,EAAS,eAAgBP,CAAI,CAAC,CACrE,CACJ,CACF,CCIO,SAASc,GACd,CAAE,UAAAC,EAAW,UAAAC,EAAW,UAAAC,CAAU,EAC5B,CACN,IAAMC,EAASC,GAAc,EAC7B,GAAI,SAAS,WAAa,QACxB,OAGE,sBAAuB,UACzB,QAAQ,kBAAoB,SAG5BC,EAAU,OAAQ,cAAc,EAC7B,UAAU,IAAM,CACf,QAAQ,kBAAoB,MAC9B,CAAC,GAIL,IAAMC,EAAUC,GAAoC,gBAAgB,EAChE,OAAOD,GAAY,cACrBA,EAAQ,KAAOA,EAAQ,MAGzB,IAAME,EAAQC,GAAa,EACxB,KACCC,EAAIC,GAASA,EAAM,IAAIC,GAAQ,GAAG,IAAI,IAAIA,EAAMT,EAAO,IAAI,GAAG,CAAC,EAC/DU,EAAUC,GAAQT,EAAsB,SAAS,KAAM,OAAO,EAC3D,KACCU,EAAOC,GAAM,CAACA,EAAG,SAAW,CAACA,EAAG,OAAO,EACvCH,EAAUG,GAAM,CACd,GAAIA,EAAG,kBAAkB,QAAS,CAChC,IAAMC,EAAKD,EAAG,OAAO,QAAQ,GAAG,EAChC,GAAIC,GAAM,CAACA,EAAG,OAAQ,CACpB,IAAMC,EAAM,IAAI,IAAID,EAAG,IAAI,EAO3B,GAJAC,EAAI,OAAS,GACbA,EAAI,KAAO,GAITA,EAAI,WAAa,SAAS,UAC1BJ,EAAK,SAASI,EAAI,SAAS,CAAC,EAE5B,OAAAF,EAAG,eAAe,EACXG,EAAG,CACR,IAAK,IAAI,IAAIF,EAAG,IAAI,CACtB,CAAC,CAEL,CACF,CACA,OAAOG,EACT,CAAC,CACH,CACF,EACAC,GAAoB,CACtB,EAGIC,EAAOjB,EAAyB,OAAQ,UAAU,EACrD,KACCU,EAAOC,GAAMA,EAAG,QAAU,IAAI,EAC9BN,EAAIM,IAAO,CACT,IAAK,IAAI,IAAI,SAAS,IAAI,EAC1B,OAAQA,EAAG,KACb,EAAE,EACFK,GAAoB,CACtB,EAGFE,EAAMf,EAAOc,CAAI,EACd,KACCE,EAAqB,CAACC,EAAGC,IAAMD,EAAE,IAAI,OAASC,EAAE,IAAI,IAAI,EACxDhB,EAAI,CAAC,CAAE,IAAAQ,CAAI,IAAMA,CAAG,CACtB,EACG,UAAUjB,CAAS,EAGxB,IAAM0B,EAAY1B,EACf,KACC2B,EAAwB,UAAU,EAClCf,EAAUK,GAAOW,GAAQX,EAAI,IAAI,EAC9B,KACCY,GAAW,KACTC,GAAYb,CAAG,EACRE,GACR,CACH,CACF,EACAC,GAAM,CACR,EAGFb,EACG,KACCwB,GAAOL,CAAS,CAClB,EACG,UAAU,CAAC,CAAE,IAAAT,CAAI,IAAM,CACtB,QAAQ,UAAU,CAAC,EAAG,GAAI,GAAGA,GAAK,CACpC,CAAC,EAGL,IAAMe,EAAM,IAAI,UAChBN,EACG,KACCd,EAAUqB,GAAOA,EAAI,KAAK,CAAC,EAC3BxB,EAAIwB,GAAOD,EAAI,gBAAgBC,EAAK,WAAW,CAAC,CAClD,EACG,UAAUlC,CAAS,EAGxBA,EACG,KACCmC,GAAK,CAAC,CACR,EACG,UAAUC,GAAe,CACxB,QAAWC,IAAY,CAGrB,QACA,sBACA,oBACA,yBAGA,+BACA,gCACA,mCACA,+BACA,2BACA,2BACA,GAAGC,EAAQ,wBAAwB,EAC/B,CAAC,0BAA0B,EAC3B,CAAC,CACP,EAAG,CACD,IAAMC,EAAShC,GAAmB8B,CAAQ,EACpCG,EAASjC,GAAmB8B,EAAUD,CAAW,EAErD,OAAOG,GAAW,aAClB,OAAOC,GAAW,aAElBD,EAAO,YAAYC,CAAM,CAE7B,CACF,CAAC,EAGLxC,EACG,KACCmC,GAAK,CAAC,EACNzB,EAAI,IAAM+B,GAAoB,WAAW,CAAC,EAC1C5B,EAAUI,GAAMyB,EAAY,SAAUzB,CAAE,CAAC,EACzC0B,GAAU1B,GAAM,CACd,IAAM2B,EAASC,EAAE,QAAQ,EACzB,GAAI5B,EAAG,IAAK,CACV,QAAW6B,KAAQ7B,EAAG,kBAAkB,EACtC2B,EAAO,aAAaE,EAAM7B,EAAG,aAAa6B,CAAI,CAAE,EAClD,OAAA7B,EAAG,YAAY2B,CAAM,EAGd,IAAIG,EAAWC,GAAY,CAChCJ,EAAO,OAAS,IAAMI,EAAS,SAAS,CAC1C,CAAC,CAGH,KACE,QAAAJ,EAAO,YAAc3B,EAAG,YACxBA,EAAG,YAAY2B,CAAM,EACdK,CAEX,CAAC,CACH,EACG,UAAU,EAGf1B,EAAMf,EAAOc,CAAI,EACd,KACCU,GAAOhC,CAAS,CAClB,EACG,UAAU,CAAC,CAAE,IAAAkB,EAAK,OAAAgC,CAAO,IAAM,CAC1BhC,EAAI,MAAQ,CAACgC,EACfC,GAAgBjC,EAAI,IAAI,EAExB,OAAO,SAAS,GAAGgC,GAAA,YAAAA,EAAQ,IAAK,CAAC,CAErC,CAAC,EAGLhD,EACG,KACCkD,GAAU5C,CAAK,EACf6C,GAAa,GAAG,EAChBzB,EAAwB,QAAQ,CAClC,EACG,UAAU,CAAC,CAAE,OAAAsB,CAAO,IAAM,CACzB,QAAQ,aAAaA,EAAQ,EAAE,CACjC,CAAC,EAGL3B,EAAMf,EAAOc,CAAI,EACd,KACCgC,GAAY,EAAG,CAAC,EAChBvC,EAAO,CAAC,CAACU,EAAGC,CAAC,IAAMD,EAAE,IAAI,WAAaC,EAAE,IAAI,QAAQ,EACpDhB,EAAI,CAAC,CAAC,CAAE6C,CAAK,IAAMA,CAAK,CAC1B,EACG,UAAU,CAAC,CAAE,OAAAL,CAAO,IAAM,CACzB,OAAO,SAAS,GAAGA,GAAA,YAAAA,EAAQ,IAAK,CAAC,CACnC,CAAC,CACP,CCzSA,IAAAM,GAAuB,SCAvB,IAAAC,GAAuB,SAsChB,SAASC,GACdC,EAA2BC,EACD,CAC1B,IAAMC,EAAY,IAAI,OAAOF,EAAO,UAAW,KAAK,EAC9CG,EAAY,CAACC,EAAYC,EAAcC,IACpC,GAAGD,4BAA+BC,WAI3C,OAAQC,GAAkB,CACxBA,EAAQA,EACL,QAAQ,gBAAiB,GAAG,EAC5B,KAAK,EAGR,IAAMC,EAAQ,IAAI,OAAO,MAAMR,EAAO,cACpCO,EACG,QAAQ,uBAAwB,MAAM,EACtC,QAAQL,EAAW,GAAG,KACtB,KAAK,EAGV,OAAOO,IACLR,KACI,GAAAS,SAAWD,CAAK,EAChBA,GAED,QAAQD,EAAOL,CAAS,EACxB,QAAQ,8BAA+B,IAAI,CAClD,CACF,CC9BO,SAASQ,GAAiBC,EAAuB,CACtD,OAAOA,EACJ,MAAM,YAAY,EAChB,IAAI,CAACC,EAAOC,IAAUA,EAAQ,EAC3BD,EAAM,QAAQ,+BAAgC,IAAI,EAClDA,CACJ,EACC,KAAK,EAAE,EACT,QAAQ,kCAAmC,EAAE,EAC7C,KAAK,CACV,CCoCO,SAASE,GACdC,EAC+B,CAC/B,OAAOA,EAAQ,OAAS,CAC1B,CASO,SAASC,GACdD,EAC+B,CAC/B,OAAOA,EAAQ,OAAS,CAC1B,CASO,SAASE,GACdF,EACgC,CAChC,OAAOA,EAAQ,OAAS,CAC1B,CCvEA,SAASG,GAAiB,CAAE,OAAAC,EAAQ,KAAAC,CAAK,EAA6B,CAGhED,EAAO,KAAK,SAAW,GAAKA,EAAO,KAAK,KAAO,OACjDA,EAAO,KAAO,CACZE,GAAY,oBAAoB,CAClC,GAGEF,EAAO,YAAc,cACvBA,EAAO,UAAYE,GAAY,yBAAyB,GAQ1D,IAAMC,EAAyB,CAC7B,SANeD,GAAY,wBAAwB,EAClD,MAAM,SAAS,EACf,OAAO,OAAO,EAKf,YAAaE,EAAQ,gBAAgB,CACvC,EAGA,MAAO,CAAE,OAAAJ,EAAQ,KAAAC,EAAM,QAAAE,CAAQ,CACjC,CAkBO,SAASE,GACdC,EAAaC,EACC,CACd,IAAMP,EAASQ,GAAc,EACvBC,EAAS,IAAI,OAAOH,CAAG,EAGvBI,EAAM,IAAIC,EACVC,EAAMC,GAAYJ,EAAQ,CAAE,IAAAC,CAAI,CAAC,EACpC,KACCI,EAAIC,GAAW,CACb,GAAIC,GAAsBD,CAAO,EAC/B,QAAWE,KAAUF,EAAQ,KAAK,MAChC,QAAWG,KAAYD,EACrBC,EAAS,SAAW,GAAG,IAAI,IAAIA,EAAS,SAAUlB,EAAO,IAAI,IAEnE,OAAOe,CACT,CAAC,EACDI,GAAM,CACR,EAGF,OAAAC,GAAKb,CAAK,EACP,KACCO,EAAIO,IAAS,CACX,OACA,KAAMtB,GAAiBsB,CAAI,CAC7B,EAAwB,CAC1B,EACG,UAAUX,EAAI,KAAK,KAAKA,CAAG,CAAC,EAG1B,CAAE,IAAAA,EAAK,IAAAE,CAAI,CACpB,CCvEO,SAASU,GACd,CAAE,UAAAC,CAAU,EACN,CACN,IAAMC,EAASC,GAAc,EACvBC,EAAYC,GAChB,IAAI,IAAI,mBAAoBH,EAAO,IAAI,CACzC,EACG,KACCI,GAAW,IAAMC,CAAK,CACxB,EAGIC,EAAWJ,EACd,KACCK,EAAIC,GAAY,CACd,GAAM,CAAC,CAAEC,CAAO,EAAIT,EAAO,KAAK,MAAM,aAAa,EACnD,OAAOQ,EAAS,KAAK,CAAC,CAAE,QAAAE,EAAS,QAAAC,CAAQ,IACvCD,IAAYD,GAAWE,EAAQ,SAASF,CAAO,CAChD,GAAKD,EAAS,EACjB,CAAC,CACH,EAGFN,EACG,KACCK,EAAIC,GAAY,IAAI,IAAIA,EAAS,IAAIE,GAAW,CAC9C,GAAG,IAAI,IAAI,MAAMA,EAAQ,WAAYV,EAAO,IAAI,IAChDU,CACF,CAAC,CAAC,CAAC,EACHE,EAAUC,GAAQC,EAAsB,SAAS,KAAM,OAAO,EAC3D,KACCC,EAAOC,GAAM,CAACA,EAAG,SAAW,CAACA,EAAG,OAAO,EACvCC,GAAeX,CAAQ,EACvBM,EAAU,CAAC,CAACI,EAAIP,CAAO,IAAM,CAC3B,GAAIO,EAAG,kBAAkB,QAAS,CAChC,IAAME,EAAKF,EAAG,OAAO,QAAQ,GAAG,EAChC,GAAIE,GAAM,CAACA,EAAG,QAAUL,EAAK,IAAIK,EAAG,IAAI,EAAG,CACzC,IAAMC,EAAMD,EAAG,KAWf,MAAI,CAACF,EAAG,OAAO,QAAQ,aAAa,GAClBH,EAAK,IAAIM,CAAG,IACZV,EACPJ,GAEXW,EAAG,eAAe,EACXI,EAAGD,CAAG,EACf,CACF,CACA,OAAOd,CACT,CAAC,EACDO,EAAUO,GAAO,CACf,GAAM,CAAE,QAAAT,CAAQ,EAAIG,EAAK,IAAIM,CAAG,EAChC,OAAOE,GAAa,IAAI,IAAIF,CAAG,CAAC,EAC7B,KACCZ,EAAIe,GAAW,CAEb,IAAMC,EADWC,GAAY,EACP,KAAK,QAAQxB,EAAO,KAAM,EAAE,EAClD,OAAOsB,EAAQ,SAASC,EAAK,MAAM,GAAG,EAAE,EAAE,EACtC,IAAI,IAAI,MAAMb,KAAWa,IAAQvB,EAAO,IAAI,EAC5C,IAAI,IAAImB,CAAG,CACjB,CAAC,CACH,CACJ,CAAC,CACH,CACF,CACF,EACG,UAAUA,GAAOM,GAAYN,CAAG,CAAC,EAGtCO,EAAc,CAACxB,EAAWI,CAAQ,CAAC,EAChC,UAAU,CAAC,CAACE,EAAUC,CAAO,IAAM,CACpBkB,EAAW,mBAAmB,EACtC,YAAYC,GAAsBpB,EAAUC,CAAO,CAAC,CAC5D,CAAC,EAGHV,EAAU,KAAKa,EAAU,IAAMN,CAAQ,CAAC,EACrC,UAAUG,GAAW,CA5J1B,IAAAoB,EA+JM,IAAIC,EAAW,SAAS,aAAc,cAAc,EACpD,GAAIA,IAAa,KAAM,CACrB,IAAMC,IAASF,EAAA7B,EAAO,UAAP,YAAA6B,EAAgB,UAAW,SAC1CC,EAAW,CAACrB,EAAQ,QAAQ,SAASsB,CAAM,EAG3C,SAAS,aAAcD,EAAU,cAAc,CACjD,CAGA,GAAIA,EACF,QAAWE,KAAWC,GAAqB,UAAU,EACnDD,EAAQ,OAAS,EACvB,CAAC,CACL,CCtFO,SAASE,GACdC,EAAsB,CAAE,IAAAC,CAAI,EACH,CACzB,IAAMC,GAAK,+BAAU,YAAaC,GAG5B,CAAE,aAAAC,CAAa,EAAIC,GAAY,EACjCD,EAAa,IAAI,GAAG,GACtBE,GAAU,SAAU,EAAI,EAG1B,IAAMC,EAASN,EACZ,KACCO,EAAOC,EAAoB,EAC3BC,GAAK,CAAC,EACNC,EAAI,IAAMP,EAAa,IAAI,GAAG,GAAK,EAAE,CACvC,EAGFQ,GAAY,QAAQ,EACjB,KACCJ,EAAOK,GAAU,CAACA,CAAM,EACxBH,GAAK,CAAC,CACR,EACG,UAAU,IAAM,CACf,IAAMI,EAAM,IAAI,IAAI,SAAS,IAAI,EACjCA,EAAI,aAAa,OAAO,GAAG,EAC3B,QAAQ,aAAa,CAAC,EAAG,GAAI,GAAGA,GAAK,CACvC,CAAC,EAGLP,EAAO,UAAUQ,GAAS,CACpBA,IACFf,EAAG,MAAQe,EACXf,EAAG,MAAM,EAEb,CAAC,EAGD,IAAMgB,EAASC,GAAkBjB,CAAE,EAC7BkB,EAASC,EACbC,EAAUpB,EAAI,OAAO,EACrBoB,EAAUpB,EAAI,OAAO,EAAE,KAAKqB,GAAM,CAAC,CAAC,EACpCd,CACF,EACG,KACCI,EAAI,IAAMT,EAAGF,EAAG,KAAK,CAAC,EACtBsB,EAAU,EAAE,EACZC,EAAqB,CACvB,EAGF,OAAOC,EAAc,CAACN,EAAQF,CAAM,CAAC,EAClC,KACCL,EAAI,CAAC,CAACI,EAAOU,CAAK,KAAO,CAAE,MAAAV,EAAO,MAAAU,CAAM,EAAE,EAC1CC,EAAY,CAAC,CACf,CACJ,CAUO,SAASC,GACd3B,EAAsB,CAAE,IAAA4B,EAAK,IAAA3B,CAAI,EACqB,CACtD,IAAM4B,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EAGpC,OAAAH,EACG,KACCI,EAAwB,OAAO,EAC/BtB,EAAI,CAAC,CAAE,MAAAI,CAAM,KAA2B,CACtC,OACA,KAAMA,CACR,EAAE,CACJ,EACG,UAAUa,EAAI,KAAK,KAAKA,CAAG,CAAC,EAGjCC,EACG,KACCI,EAAwB,OAAO,CACjC,EACG,UAAU,CAAC,CAAE,MAAAR,CAAM,IAAM,CACpBA,GACFnB,GAAU,SAAUmB,CAAK,EACzBzB,EAAG,YAAc,IAEjBA,EAAG,YAAckC,GAAY,oBAAoB,CAErD,CAAC,EAGLd,EAAUpB,EAAG,KAAO,OAAO,EACxB,KACCmC,GAAUJ,CAAK,CACjB,EACG,UAAU,IAAM/B,EAAG,MAAM,CAAC,EAGxBD,GAAiBC,EAAI,CAAE,IAAA4B,EAAK,IAAA3B,CAAI,CAAC,EACrC,KACCmC,EAAIC,GAASR,EAAM,KAAKQ,CAAK,CAAC,EAC9BC,EAAS,IAAMT,EAAM,SAAS,CAAC,EAC/BlB,EAAI0B,GAAUE,EAAA,CAAE,IAAKvC,GAAOqC,EAAQ,EACpCG,GAAM,CACR,CACJ,CCrHO,SAASC,GACdC,EAAiB,CAAE,IAAAC,CAAI,EAAiB,CAAE,OAAAC,CAAO,EACZ,CACrC,IAAMC,EAAQ,IAAIC,EACZC,EAAYC,GAAqBN,EAAG,aAAc,EACrD,KACCO,EAAO,OAAO,CAChB,EAGIC,EAAOC,EAAW,wBAAyBT,CAAE,EAC7CU,EAAOD,EAAW,uBAAwBT,CAAE,EAG5CW,EAASV,EACZ,KACCM,EAAOK,EAAoB,EAC3BC,GAAK,CAAC,CACR,EAGF,OAAAV,EACG,KACCW,GAAeZ,CAAM,EACrBa,GAAUJ,CAAM,CAClB,EACG,UAAU,CAAC,CAAC,CAAE,MAAAK,CAAM,EAAG,CAAE,MAAAC,CAAM,CAAC,IAAM,CACrC,GAAIA,EACF,OAAQD,EAAM,OAAQ,CAGpB,IAAK,GACHR,EAAK,YAAcU,GAAY,oBAAoB,EACnD,MAGF,IAAK,GACHV,EAAK,YAAcU,GAAY,mBAAmB,EAClD,MAGF,QACEV,EAAK,YAAcU,GACjB,sBACAC,GAAMH,EAAM,MAAM,CACpB,CACJ,MAEAR,EAAK,YAAcU,GAAY,2BAA2B,CAE9D,CAAC,EAGLf,EACG,KACCiB,EAAI,IAAMV,EAAK,UAAY,EAAE,EAC7BW,EAAU,CAAC,CAAE,MAAAL,CAAM,IAAMM,EACvBC,EAAG,GAAGP,EAAM,MAAM,EAAG,EAAE,CAAC,EACxBO,EAAG,GAAGP,EAAM,MAAM,EAAE,CAAC,EAClB,KACCQ,GAAY,CAAC,EACbC,GAAQpB,CAAS,EACjBgB,EAAU,CAAC,CAACK,CAAK,IAAMA,CAAK,CAC9B,CACJ,CAAC,CACH,EACG,UAAUC,GAAUjB,EAAK,YACxBkB,GAAuBD,CAAM,CAC/B,CAAC,EAGW1B,EACb,KACCM,EAAOsB,EAAqB,EAC5BC,EAAI,CAAC,CAAE,KAAAC,CAAK,IAAMA,CAAI,CACxB,EAIC,KACCX,EAAIY,GAAS7B,EAAM,KAAK6B,CAAK,CAAC,EAC9BC,EAAS,IAAM9B,EAAM,SAAS,CAAC,EAC/B2B,EAAIE,GAAUE,EAAA,CAAE,IAAKlC,GAAOgC,EAAQ,CACtC,CACJ,CC1FO,SAASG,GACdC,EAAkB,CAAE,OAAAC,CAAO,EACF,CACzB,OAAOA,EACJ,KACCC,EAAI,CAAC,CAAE,MAAAC,CAAM,IAAM,CACjB,IAAMC,EAAMC,GAAY,EACxB,OAAAD,EAAI,KAAO,GACXA,EAAI,aAAa,OAAO,GAAG,EAC3BA,EAAI,aAAa,IAAI,IAAKD,CAAK,EACxB,CAAE,IAAAC,CAAI,CACf,CAAC,CACH,CACJ,CAUO,SAASE,GACdC,EAAuBC,EACa,CACpC,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EAAM,UAAU,CAAC,CAAE,IAAAL,CAAI,IAAM,CAC3BG,EAAG,aAAa,sBAAuBA,EAAG,IAAI,EAC9CA,EAAG,KAAO,GAAGH,GACf,CAAC,EAGDO,EAAUJ,EAAI,OAAO,EAClB,UAAUK,GAAMA,EAAG,eAAe,CAAC,EAG/Bb,GAAiBQ,EAAIC,CAAO,EAChC,KACCK,EAAIC,GAASL,EAAM,KAAKK,CAAK,CAAC,EAC9BC,EAAS,IAAMN,EAAM,SAAS,CAAC,EAC/BP,EAAIY,GAAUE,EAAA,CAAE,IAAKT,GAAOO,EAAQ,CACtC,CACJ,CCtCO,SAASG,GACdC,EAAiB,CAAE,IAAAC,CAAI,EAAiB,CAAE,UAAAC,CAAU,EACd,CACtC,IAAMC,EAAQ,IAAIC,EAGZC,EAASC,GAAoB,cAAc,EAC3CC,EAASC,EACbC,EAAUJ,EAAO,SAAS,EAC1BI,EAAUJ,EAAO,OAAO,CAC1B,EACG,KACCK,GAAUC,EAAc,EACxBC,EAAI,IAAMP,EAAM,KAAK,EACrBQ,EAAqB,CACvB,EAGF,OAAAV,EACG,KACCW,GAAkBP,CAAM,EACxBK,EAAI,CAAC,CAAC,CAAE,YAAAG,CAAY,EAAGC,CAAK,IAAM,CAChC,IAAMC,EAAQD,EAAM,MAAM,UAAU,EACpC,IAAID,GAAA,YAAAA,EAAa,SAAUE,EAAMA,EAAM,OAAS,GAAI,CAClD,IAAMC,EAAOH,EAAYA,EAAY,OAAS,GAC1CG,EAAK,WAAWD,EAAMA,EAAM,OAAS,EAAE,IACzCA,EAAMA,EAAM,OAAS,GAAKC,EAC9B,MACED,EAAM,OAAS,EAEjB,OAAOA,CACT,CAAC,CACH,EACG,UAAUA,GAASjB,EAAG,UAAYiB,EAChC,KAAK,EAAE,EACP,QAAQ,MAAO,QAAQ,CAC1B,EAGJf,EACG,KACCiB,EAAO,CAAC,CAAE,KAAAC,CAAK,IAAMA,IAAS,QAAQ,CACxC,EACG,UAAUC,GAAO,CAChB,OAAQA,EAAI,KAAM,CAGhB,IAAK,aAEDrB,EAAG,UAAU,QACbK,EAAM,iBAAmBA,EAAM,MAAM,SAErCA,EAAM,MAAQL,EAAG,WACnB,KACJ,CACF,CAAC,EAGWC,EACb,KACCkB,EAAOG,EAAqB,EAC5BV,EAAI,CAAC,CAAE,KAAAW,CAAK,IAAMA,CAAI,CACxB,EAIC,KACCC,EAAIC,GAAStB,EAAM,KAAKsB,CAAK,CAAC,EAC9BC,EAAS,IAAMvB,EAAM,SAAS,CAAC,EAC/BS,EAAI,KAAO,CAAE,IAAKZ,CAAG,EAAE,CACzB,CACJ,CC9CO,SAAS2B,GACdC,EAAiB,CAAE,OAAAC,EAAQ,UAAAC,CAAU,EACN,CAC/B,IAAMC,EAASC,GAAc,EAC7B,GAAI,CACF,IAAMC,GAAM,+BAAU,SAAUF,EAAO,OACjCG,EAASC,GAAkBF,EAAKJ,CAAM,EAGtCO,EAASC,GAAoB,eAAgBT,CAAE,EAC/CU,EAASD,GAAoB,gBAAiBT,CAAE,EAGhD,CAAE,IAAAW,EAAK,IAAAC,CAAI,EAAIN,EACrBK,EACG,KACCE,EAAOC,EAAoB,EAC3BC,GAAOH,EAAI,KAAKC,EAAOG,EAAoB,CAAC,CAAC,EAC7CC,GAAK,CAAC,CACR,EACG,UAAUN,EAAI,KAAK,KAAKA,CAAG,CAAC,EAGjCT,EACG,KACCW,EAAO,CAAC,CAAE,KAAAK,CAAK,IAAMA,IAAS,QAAQ,CACxC,EACG,UAAUC,GAAO,CAChB,IAAMC,EAASC,GAAiB,EAChC,OAAQF,EAAI,KAAM,CAGhB,IAAK,QACH,GAAIC,IAAWZ,EAAO,CACpB,IAAMc,EAAU,IAAI,IACpB,QAAWC,KAAUC,EACnB,sBAAuBd,CACzB,EAAG,CACD,IAAMe,EAAUF,EAAO,kBACvBD,EAAQ,IAAIC,EAAQ,WAClBE,EAAQ,aAAa,eAAe,CACtC,CAAC,CACH,CAGA,GAAIH,EAAQ,KAAM,CAChB,GAAM,CAAC,CAACI,CAAI,CAAC,EAAI,CAAC,GAAGJ,CAAO,EAAE,KAAK,CAAC,CAAC,CAAEK,CAAC,EAAG,CAAC,CAAEC,CAAC,IAAMA,EAAID,CAAC,EAC1DD,EAAK,MAAM,CACb,CAGAP,EAAI,MAAM,CACZ,CACA,MAGF,IAAK,SACL,IAAK,MACHU,GAAU,SAAU,EAAK,EACzBrB,EAAM,KAAK,EACX,MAGF,IAAK,UACL,IAAK,YACH,GAAI,OAAOY,GAAW,YACpBZ,EAAM,MAAM,MACP,CACL,IAAMsB,EAAM,CAACtB,EAAO,GAAGgB,EACrB,wDACAd,CACF,CAAC,EACKqB,EAAI,KAAK,IAAI,GACjB,KAAK,IAAI,EAAGD,EAAI,QAAQV,CAAM,CAAC,EAAIU,EAAI,QACrCX,EAAI,OAAS,UAAY,GAAK,IAE9BW,EAAI,MAAM,EACdA,EAAIC,GAAG,MAAM,CACf,CAGAZ,EAAI,MAAM,EACV,MAGF,QACMX,IAAUa,GAAiB,GAC7Bb,EAAM,MAAM,CAClB,CACF,CAAC,EAGLN,EACG,KACCW,EAAO,CAAC,CAAE,KAAAK,CAAK,IAAMA,IAAS,QAAQ,CACxC,EACG,UAAUC,GAAO,CAChB,OAAQA,EAAI,KAAM,CAGhB,IAAK,IACL,IAAK,IACL,IAAK,IACHX,EAAM,MAAM,EACZA,EAAM,OAAO,EAGbW,EAAI,MAAM,EACV,KACJ,CACF,CAAC,EAGL,IAAMa,EAAUC,GAAiBzB,EAAOF,CAAM,EACxC4B,EAAUC,GAAkBzB,EAAQJ,EAAQ,CAAE,OAAA0B,CAAO,CAAC,EAC5D,OAAOI,EAAMJ,EAAQE,CAAO,EACzB,KACCG,GAGE,GAAGC,GAAqB,eAAgBtC,CAAE,EACvC,IAAIuC,GAASC,GAAiBD,EAAO,CAAE,OAAAP,CAAO,CAAC,CAAC,EAGnD,GAAGM,GAAqB,iBAAkBtC,CAAE,EACzC,IAAIuC,GAASE,GAAmBF,EAAOjC,EAAQ,CAAE,UAAAJ,CAAU,CAAC,CAAC,CAClE,CACF,CAGJ,OAASwC,EAAP,CACA,OAAA1C,EAAG,OAAS,GACL2C,EACT,CACF,CCtKO,SAASC,GACdC,EAAiB,CAAE,OAAAC,EAAQ,UAAAC,CAAU,EACG,CACxC,OAAOC,EAAc,CACnBF,EACAC,EACG,KACCE,EAAUC,GAAY,CAAC,EACvBC,EAAOC,GAAO,CAAC,CAACA,EAAI,aAAa,IAAI,GAAG,CAAC,CAC3C,CACJ,CAAC,EACE,KACCC,EAAI,CAAC,CAACC,EAAOF,CAAG,IAAMG,GAAuBD,EAAM,OAAQ,EAAI,EAC7DF,EAAI,aAAa,IAAI,GAAG,CAC1B,CAAC,EACDC,EAAIG,GAAM,CA1FhB,IAAAC,EA2FQ,IAAMC,EAAQ,IAAI,IAGZC,EAAK,SAAS,mBAAmBd,EAAI,WAAW,SAAS,EAC/D,QAASe,EAAOD,EAAG,SAAS,EAAGC,EAAMA,EAAOD,EAAG,SAAS,EACtD,IAAIF,EAAAG,EAAK,gBAAL,MAAAH,EAAoB,aAAc,CACpC,IAAMI,EAAWD,EAAK,YAChBE,EAAWN,EAAGK,CAAQ,EACxBC,EAAS,OAASD,EAAS,QAC7BH,EAAM,IAAIE,EAAmBE,CAAQ,CACzC,CAIF,OAAW,CAACF,EAAMG,CAAI,IAAKL,EAAO,CAChC,GAAM,CAAE,WAAAM,CAAW,EAAIC,EAAE,OAAQ,KAAMF,CAAI,EAC3CH,EAAK,YAAY,GAAG,MAAM,KAAKI,CAAU,CAAC,CAC5C,CAGA,MAAO,CAAE,IAAKnB,EAAI,MAAAa,CAAM,CAC1B,CAAC,CACH,CACJ,CCbO,SAASQ,GACdC,EAAiB,CAAE,UAAAC,EAAW,MAAAC,CAAM,EACf,CACrB,IAAMC,EAASH,EAAG,cACZI,EACJD,EAAO,UACPA,EAAO,cAAe,UAGxB,OAAOE,EAAc,CAACH,EAAOD,CAAS,CAAC,EACpC,KACCK,EAAI,CAAC,CAAC,CAAE,OAAAC,EAAQ,OAAAC,CAAO,EAAG,CAAE,OAAQ,CAAE,EAAAC,CAAE,CAAE,CAAC,KACzCD,EAASA,EACL,KAAK,IAAIJ,EAAQ,KAAK,IAAI,EAAGK,EAAIF,CAAM,CAAC,EACxCH,EACG,CACL,OAAAI,EACA,OAAQC,GAAKF,EAASH,CACxB,EACD,EACDM,EAAqB,CAACC,EAAGC,IACvBD,EAAE,SAAWC,EAAE,QACfD,EAAE,SAAWC,EAAE,MAChB,CACH,CACJ,CAuBO,SAASC,GACdb,EAAiBc,EACe,CADf,IAAAC,EAAAD,EAAE,SAAAE,CAtJrB,EAsJmBD,EAAcE,EAAAC,GAAdH,EAAc,CAAZ,YAEnB,IAAMI,EAAQC,EAAW,0BAA2BpB,CAAE,EAChD,CAAE,EAAAS,CAAE,EAAIY,GAAiBF,CAAK,EACpC,OAAOG,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EACG,KACCE,GAAU,EAAGC,EAAuB,EACpCC,GAAeX,CAAO,CACxB,EACG,UAAU,CAGT,KAAK,CAAC,CAAE,OAAAR,CAAO,EAAG,CAAE,OAAQD,CAAO,CAAC,EAAG,CACrCY,EAAM,MAAM,OAAS,GAAGX,EAAS,EAAIC,MACrCT,EAAG,MAAM,IAAY,GAAGO,KAC1B,EAGA,UAAW,CACTY,EAAM,MAAM,OAAS,GACrBnB,EAAG,MAAM,IAAY,EACvB,CACF,CAAC,EAGLuB,EACG,KACCK,GAAUF,EAAuB,EACjCG,GAAK,CAAC,CACR,EACG,UAAU,IAAM,CACf,QAAWC,KAAQC,EAAY,8BAA+B/B,CAAE,EAAG,CACjE,IAAMgC,EAAYC,GAAoBH,CAAI,EAC1C,GAAI,OAAOE,GAAc,YAAa,CACpC,IAAMzB,EAASuB,EAAK,UAAYE,EAAU,UACpC,CAAE,OAAAxB,CAAO,EAAI0B,GAAeF,CAAS,EAC3CA,EAAU,SAAS,CACjB,IAAKzB,EAASC,EAAS,CACzB,CAAC,CACH,CACF,CACF,CAAC,EAGET,GAAaC,EAAIiB,CAAO,EAC5B,KACCkB,EAAIC,GAASb,EAAM,KAAKa,CAAK,CAAC,EAC9BC,EAAS,IAAMd,EAAM,SAAS,CAAC,EAC/BjB,EAAI8B,GAAUE,EAAA,CAAE,IAAKtC,GAAOoC,EAAQ,CACtC,CACJ,CAAC,CACH,CChJO,SAASG,GACdC,EAAcC,EACW,CACzB,GAAI,OAAOA,GAAS,YAAa,CAC/B,IAAMC,EAAM,gCAAgCF,KAAQC,IACpD,OAAOE,GAGLC,GAAqB,GAAGF,mBAAqB,EAC1C,KACCG,GAAW,IAAMC,CAAK,EACtBC,EAAIC,IAAY,CACd,QAASA,EAAQ,QACnB,EAAE,EACFC,GAAe,CAAC,CAAC,CACnB,EAGFL,GAAkBF,CAAG,EAClB,KACCG,GAAW,IAAMC,CAAK,EACtBC,EAAIG,IAAS,CACX,MAAOA,EAAK,iBACZ,MAAOA,EAAK,WACd,EAAE,EACFD,GAAe,CAAC,CAAC,CACnB,CACJ,EACG,KACCF,EAAI,CAAC,CAACC,EAASE,CAAI,IAAOC,IAAA,GAAKH,GAAYE,EAAO,CACpD,CAGJ,KAAO,CACL,IAAMR,EAAM,gCAAgCF,IAC5C,OAAOI,GAAkBF,CAAG,EACzB,KACCK,EAAIG,IAAS,CACX,aAAcA,EAAK,YACrB,EAAE,EACFD,GAAe,CAAC,CAAC,CACnB,CACJ,CACF,CCvDO,SAASG,GACdC,EAAcC,EACW,CACzB,IAAMC,EAAM,WAAWF,qBAAwB,mBAAmBC,CAAO,IACzE,OAAOE,GAA2BD,CAAG,EAClC,KACCE,GAAW,IAAMC,CAAK,EACtBC,EAAI,CAAC,CAAE,WAAAC,EAAY,YAAAC,CAAY,KAAO,CACpC,MAAOD,EACP,MAAOC,CACT,EAAE,EACFC,GAAe,CAAC,CAAC,CACnB,CACJ,CCOO,SAASC,GACdC,EACyB,CAGzB,IAAIC,EAAQD,EAAI,MAAM,qCAAqC,EAC3D,GAAIC,EAAO,CACT,GAAM,CAAC,CAAEC,EAAMC,CAAI,EAAIF,EACvB,OAAOG,GAA2BF,EAAMC,CAAI,CAC9C,CAIA,GADAF,EAAQD,EAAI,MAAM,oCAAoC,EAClDC,EAAO,CACT,GAAM,CAAC,CAAEI,EAAMC,CAAI,EAAIL,EACvB,OAAOM,GAA2BF,EAAMC,CAAI,CAC9C,CAGA,OAAOE,CACT,CCpBA,IAAIC,GAgBG,SAASC,GACdC,EACoB,CACpB,OAAOF,QAAWG,EAAM,IAAM,CAC5B,IAAMC,EAAS,SAAsB,WAAY,cAAc,EAC/D,GAAIA,EACF,OAAOC,EAAGD,CAAM,EAKhB,GADYE,GAAqB,SAAS,EAClC,OAAQ,CACd,IAAMC,EAAU,SAA0B,WAAW,EACrD,GAAI,EAAEA,GAAWA,EAAQ,QACvB,OAAOC,CACX,CAGA,OAAOC,GAAiBP,EAAG,IAAI,EAC5B,KACCQ,EAAIC,GAAS,SAAS,WAAYA,EAAO,cAAc,CAAC,CAC1D,CAEN,CAAC,EACE,KACCC,GAAW,IAAMJ,CAAK,EACtBK,EAAOF,GAAS,OAAO,KAAKA,CAAK,EAAE,OAAS,CAAC,EAC7CG,EAAIH,IAAU,CAAE,MAAAA,CAAM,EAAE,EACxBI,EAAY,CAAC,CACf,EACJ,CASO,SAASC,GACdd,EAC+B,CAC/B,IAAMe,EAAQC,EAAW,uBAAwBhB,CAAE,EACnD,OAAOC,EAAM,IAAM,CACjB,IAAMgB,EAAQ,IAAIC,EAClB,OAAAD,EAAM,UAAU,CAAC,CAAE,MAAAR,CAAM,IAAM,CAC7BM,EAAM,YAAYI,GAAkBV,CAAK,CAAC,EAC1CM,EAAM,UAAU,IAAI,+BAA+B,CACrD,CAAC,EAGMhB,GAAYC,CAAE,EAClB,KACCQ,EAAIY,GAASH,EAAM,KAAKG,CAAK,CAAC,EAC9BC,EAAS,IAAMJ,EAAM,SAAS,CAAC,EAC/BL,EAAIQ,GAAUE,EAAA,CAAE,IAAKtB,GAAOoB,EAAQ,CACtC,CACJ,CAAC,CACH,CCtDO,SAASG,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACpB,CAClB,OAAOC,GAAiB,SAAS,IAAI,EAClC,KACCC,EAAU,IAAMC,GAAgBL,EAAI,CAAE,QAAAE,EAAS,UAAAD,CAAU,CAAC,CAAC,EAC3DK,EAAI,CAAC,CAAE,OAAQ,CAAE,EAAAC,CAAE,CAAE,KACZ,CACL,OAAQA,GAAK,EACf,EACD,EACDC,EAAwB,QAAQ,CAClC,CACJ,CAaO,SAASC,GACdT,EAAiBU,EACY,CAC7B,OAAOC,EAAM,IAAM,CACjB,IAAMC,EAAQ,IAAIC,EAClB,OAAAD,EAAM,UAAU,CAGd,KAAK,CAAE,OAAAE,CAAO,EAAG,CACfd,EAAG,OAASc,CACd,EAGA,UAAW,CACTd,EAAG,OAAS,EACd,CACF,CAAC,GAICe,EAAQ,wBAAwB,EAC5BC,EAAG,CAAE,OAAQ,EAAM,CAAC,EACpBjB,GAAUC,EAAIU,CAAO,GAExB,KACCO,EAAIC,GAASN,EAAM,KAAKM,CAAK,CAAC,EAC9BC,EAAS,IAAMP,EAAM,SAAS,CAAC,EAC/BN,EAAIY,GAAUE,EAAA,CAAE,IAAKpB,GAAOkB,EAAQ,CACtC,CACJ,CAAC,CACH,CCpBO,SAASG,GACdC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACT,CAC7B,IAAMC,EAAQ,IAAI,IAGZC,EAAUC,EAA+B,cAAeL,CAAE,EAChE,QAAWM,KAAUF,EAAS,CAC5B,IAAMG,EAAK,mBAAmBD,EAAO,KAAK,UAAU,CAAC,CAAC,EAChDE,EAASC,GAAmB,QAAQF,KAAM,EAC5C,OAAOC,GAAW,aACpBL,EAAM,IAAIG,EAAQE,CAAM,CAC5B,CAGA,IAAME,EAAUR,EACb,KACCS,EAAwB,QAAQ,EAChCC,EAAI,CAAC,CAAE,OAAAC,CAAO,IAAM,CAClB,IAAMC,EAAOC,GAAoB,MAAM,EACjCC,EAAOC,EAAW,wBAAyBH,CAAI,EACrD,OAAOD,EAAS,IACdG,EAAK,UACLF,EAAK,UAET,CAAC,EACDI,GAAM,CACR,EAgFF,OA7EmBC,GAAiB,SAAS,IAAI,EAC9C,KACCR,EAAwB,QAAQ,EAGhCS,EAAUC,GAAQC,EAAM,IAAM,CAC5B,IAAIC,EAA4B,CAAC,EACjC,OAAOC,EAAG,CAAC,GAAGrB,CAAK,EAAE,OAAO,CAACsB,EAAO,CAACnB,EAAQE,CAAM,IAAM,CACvD,KAAOe,EAAK,QACGpB,EAAM,IAAIoB,EAAKA,EAAK,OAAS,EAAE,EACnC,SAAWf,EAAO,SACzBe,EAAK,IAAI,EAOb,IAAIG,EAASlB,EAAO,UACpB,KAAO,CAACkB,GAAUlB,EAAO,eACvBA,EAASA,EAAO,cAChBkB,EAASlB,EAAO,UAIlB,OAAOiB,EAAM,IACX,CAAC,GAAGF,EAAO,CAAC,GAAGA,EAAMjB,CAAM,CAAC,EAAE,QAAQ,EACtCoB,CACF,CACF,EAAG,IAAI,GAAkC,CAAC,CAC5C,CAAC,EACE,KAGCd,EAAIa,GAAS,IAAI,IAAI,CAAC,GAAGA,CAAK,EAAE,KAAK,CAAC,CAAC,CAAEE,CAAC,EAAG,CAAC,CAAEC,CAAC,IAAMD,EAAIC,CAAC,CAAC,CAAC,EAC9DC,GAAkBnB,CAAO,EAGzBU,EAAU,CAAC,CAACK,EAAOK,CAAM,IAAM7B,EAC5B,KACC8B,GAAK,CAAC,CAACC,EAAMC,CAAI,EAAG,CAAE,OAAQ,CAAE,EAAAC,CAAE,EAAG,KAAAC,CAAK,IAAM,CAC9C,IAAMC,EAAOF,EAAIC,EAAK,QAAU,KAAK,MAAMd,EAAK,MAAM,EAGtD,KAAOY,EAAK,QAAQ,CAClB,GAAM,CAAC,CAAEP,CAAM,EAAIO,EAAK,GACxB,GAAIP,EAASI,EAASI,GAAKE,EACzBJ,EAAO,CAAC,GAAGA,EAAMC,EAAK,MAAM,CAAE,MAE9B,MAEJ,CAGA,KAAOD,EAAK,QAAQ,CAClB,GAAM,CAAC,CAAEN,CAAM,EAAIM,EAAKA,EAAK,OAAS,GACtC,GAAIN,EAASI,GAAUI,GAAK,CAACE,EAC3BH,EAAO,CAACD,EAAK,IAAI,EAAI,GAAGC,CAAI,MAE5B,MAEJ,CAGA,MAAO,CAACD,EAAMC,CAAI,CACpB,EAAG,CAAC,CAAC,EAAG,CAAC,GAAGR,CAAK,CAAC,CAAC,EACnBY,EAAqB,CAACV,EAAGC,IACvBD,EAAE,KAAOC,EAAE,IACXD,EAAE,KAAOC,EAAE,EACZ,CACH,CACF,CACF,CACF,CACF,EAIC,KACChB,EAAI,CAAC,CAACoB,EAAMC,CAAI,KAAO,CACrB,KAAMD,EAAK,IAAI,CAAC,CAACT,CAAI,IAAMA,CAAI,EAC/B,KAAMU,EAAK,IAAI,CAAC,CAACV,CAAI,IAAMA,CAAI,CACjC,EAAE,EAGFe,EAAU,CAAE,KAAM,CAAC,EAAG,KAAM,CAAC,CAAE,CAAC,EAChCC,GAAY,EAAG,CAAC,EAChB3B,EAAI,CAAC,CAAC,EAAGgB,CAAC,IAGJ,EAAE,KAAK,OAASA,EAAE,KAAK,OAClB,CACL,KAAMA,EAAE,KAAK,MAAM,KAAK,IAAI,EAAG,EAAE,KAAK,OAAS,CAAC,EAAGA,EAAE,KAAK,MAAM,EAChE,KAAM,CAAC,CACT,EAIO,CACL,KAAMA,EAAE,KAAK,MAAM,EAAE,EACrB,KAAMA,EAAE,KAAK,MAAM,EAAGA,EAAE,KAAK,OAAS,EAAE,KAAK,MAAM,CACrD,CAEH,CACH,CACJ,CAYO,SAASY,GACdxC,EAAiB,CAAE,UAAAC,EAAW,QAAAC,EAAS,QAAAuC,CAAQ,EACP,CACxC,OAAOnB,EAAM,IAAM,CACjB,IAAMoB,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EAoBpC,GAnBAH,EAAM,UAAU,CAAC,CAAE,KAAAV,EAAM,KAAAC,CAAK,IAAM,CAGlC,OAAW,CAAC3B,CAAM,IAAK2B,EACrB3B,EAAO,UAAU,OAAO,sBAAsB,EAC9CA,EAAO,UAAU,OAAO,sBAAsB,EAIhD,OAAW,CAACmB,EAAO,CAACnB,CAAM,CAAC,IAAK0B,EAAK,QAAQ,EAC3C1B,EAAO,UAAU,IAAI,sBAAsB,EAC3CA,EAAO,UAAU,OACf,uBACAmB,IAAUO,EAAK,OAAS,CAC1B,CAEJ,CAAC,EAGGc,EAAQ,YAAY,EAAG,CAGzB,IAAMC,EAAUC,EACd/C,EAAU,KAAKgD,GAAa,CAAC,EAAGrC,EAAI,IAAG,EAAY,CAAC,EACpDX,EAAU,KAAKgD,GAAa,GAAG,EAAGrC,EAAI,IAAM,QAAiB,CAAC,CAChE,EAGA8B,EACG,KACCQ,EAAO,CAAC,CAAE,KAAAlB,CAAK,IAAMA,EAAK,OAAS,CAAC,EACpCmB,GAAeJ,CAAO,CACxB,EACG,UAAU,CAAC,CAAC,CAAE,KAAAf,CAAK,EAAGoB,CAAQ,IAAM,CACnC,GAAM,CAAC9C,CAAM,EAAI0B,EAAKA,EAAK,OAAS,GACpC,GAAI1B,EAAO,aAAc,CAGvB,IAAM+C,EAAYC,GAAoBhD,CAAM,EAC5C,GAAI,OAAO+C,GAAc,YAAa,CACpC,IAAM3B,EAASpB,EAAO,UAAY+C,EAAU,UACtC,CAAE,OAAAxC,CAAO,EAAI0C,GAAeF,CAAS,EAC3CA,EAAU,SAAS,CACjB,IAAK3B,EAASb,EAAS,EACvB,SAAAuC,CACF,CAAC,CACH,CACF,CACF,CAAC,CACP,CAGA,OAAIN,EAAQ,qBAAqB,GAC/B7C,EACG,KACCuD,GAAUZ,CAAK,EACfjC,EAAwB,QAAQ,EAChCsC,GAAa,GAAG,EAChBQ,GAAK,CAAC,EACND,GAAUf,EAAQ,KAAKgB,GAAK,CAAC,CAAC,CAAC,EAC/BC,GAAO,CAAE,MAAO,GAAI,CAAC,EACrBP,GAAeT,CAAK,CACtB,EACG,UAAU,CAAC,CAAC,CAAE,CAAE,KAAAV,CAAK,CAAC,IAAM,CAC3B,IAAM2B,EAAMC,GAAY,EAGlBtD,EAAS0B,EAAKA,EAAK,OAAS,GAClC,GAAI1B,GAAUA,EAAO,OAAQ,CAC3B,GAAM,CAACuD,CAAM,EAAIvD,EACX,CAAE,KAAAwD,CAAK,EAAI,IAAI,IAAID,EAAO,IAAI,EAChCF,EAAI,OAASG,IACfH,EAAI,KAAOG,EACX,QAAQ,aAAa,CAAC,EAAG,GAAI,GAAGH,GAAK,EAIzC,MACEA,EAAI,KAAO,GACX,QAAQ,aAAa,CAAC,EAAG,GAAI,GAAGA,GAAK,CAEzC,CAAC,EAGA5D,GAAqBC,EAAI,CAAE,UAAAC,EAAW,QAAAC,CAAQ,CAAC,EACnD,KACC6D,EAAIC,GAAStB,EAAM,KAAKsB,CAAK,CAAC,EAC9BC,EAAS,IAAMvB,EAAM,SAAS,CAAC,EAC/B9B,EAAIoD,GAAUE,EAAA,CAAE,IAAKlE,GAAOgE,EAAQ,CACtC,CACJ,CAAC,CACH,CCpRO,SAASG,GACdC,EAAkB,CAAE,UAAAC,EAAW,MAAAC,EAAO,QAAAC,CAAQ,EACvB,CAGvB,IAAMC,EAAaH,EAChB,KACCI,EAAI,CAAC,CAAE,OAAQ,CAAE,EAAAC,CAAE,CAAE,IAAMA,CAAC,EAC5BC,GAAY,EAAG,CAAC,EAChBF,EAAI,CAAC,CAACG,EAAGC,CAAC,IAAMD,EAAIC,GAAKA,EAAI,CAAC,EAC9BC,EAAqB,CACvB,EAGIC,EAAUT,EACb,KACCG,EAAI,CAAC,CAAE,OAAAO,CAAO,IAAMA,CAAM,CAC5B,EAGF,OAAOC,EAAc,CAACF,EAASP,CAAU,CAAC,EACvC,KACCC,EAAI,CAAC,CAACO,EAAQE,CAAS,IAAM,EAAEF,GAAUE,EAAU,EACnDJ,EAAqB,EACrBK,GAAUZ,EAAQ,KAAKa,GAAK,CAAC,CAAC,CAAC,EAC/BC,GAAQ,EAAI,EACZC,GAAO,CAAE,MAAO,GAAI,CAAC,EACrBb,EAAIc,IAAW,CAAE,OAAAA,CAAO,EAAE,CAC5B,CACJ,CAYO,SAASC,GACdC,EAAiB,CAAE,UAAApB,EAAW,QAAAqB,EAAS,MAAApB,EAAO,QAAAC,CAAQ,EACpB,CAClC,IAAMoB,EAAQ,IAAIC,EACZC,EAAQF,EAAM,KAAKG,GAAS,CAAC,CAAC,EACpC,OAAAH,EAAM,UAAU,CAGd,KAAK,CAAE,OAAAJ,CAAO,EAAG,CACfE,EAAG,OAASF,EACRA,GACFE,EAAG,aAAa,WAAY,IAAI,EAChCA,EAAG,KAAK,GAERA,EAAG,gBAAgB,UAAU,CAEjC,EAGA,UAAW,CACTA,EAAG,MAAM,IAAM,GACfA,EAAG,OAAS,GACZA,EAAG,gBAAgB,UAAU,CAC/B,CACF,CAAC,EAGDC,EACG,KACCP,GAAUU,CAAK,EACfE,EAAwB,QAAQ,CAClC,EACG,UAAU,CAAC,CAAE,OAAAC,CAAO,IAAM,CACzBP,EAAG,MAAM,IAAM,GAAGO,EAAS,MAC7B,CAAC,EAGE7B,GAAesB,EAAI,CAAE,UAAApB,EAAW,MAAAC,EAAO,QAAAC,CAAQ,CAAC,EACpD,KACC0B,EAAIC,GAASP,EAAM,KAAKO,CAAK,CAAC,EAC9BC,EAAS,IAAMR,EAAM,SAAS,CAAC,EAC/BlB,EAAIyB,GAAUE,EAAA,CAAE,IAAKX,GAAOS,EAAQ,CACtC,CACJ,CCpHO,SAASG,GACd,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACf,CACND,EACG,KACCE,EAAU,IAAMC,EAEd,0DACF,CAAC,EACDC,EAAIC,GAAM,CACRA,EAAG,cAAgB,GACnBA,EAAG,QAAU,EACf,CAAC,EACDC,GAASD,GAAME,EAAUF,EAAI,QAAQ,EAClC,KACCG,GAAU,IAAMH,EAAG,UAAU,SAAS,0BAA0B,CAAC,EACjEI,EAAI,IAAMJ,CAAE,CACd,CACF,EACAK,GAAeT,CAAO,CACxB,EACG,UAAU,CAAC,CAACI,EAAIM,CAAM,IAAM,CAC3BN,EAAG,UAAU,OAAO,0BAA0B,EAC1CM,IACFN,EAAG,QAAU,GACjB,CAAC,CACP,CC/BA,SAASO,IAAyB,CAChC,MAAO,qBAAqB,KAAK,UAAU,SAAS,CACtD,CAiBO,SAASC,GACd,CAAE,UAAAC,CAAU,EACN,CACNA,EACG,KACCC,EAAU,IAAMC,EAAY,qBAAqB,CAAC,EAClDC,EAAIC,GAAMA,EAAG,gBAAgB,mBAAmB,CAAC,EACjDC,EAAOP,EAAa,EACpBQ,GAASF,GAAMG,EAAUH,EAAI,YAAY,EACtC,KACCI,EAAI,IAAMJ,CAAE,CACd,CACF,CACF,EACG,UAAUA,GAAM,CACf,IAAMK,EAAML,EAAG,UAGXK,IAAQ,EACVL,EAAG,UAAY,EAGNK,EAAML,EAAG,eAAiBA,EAAG,eACtCA,EAAG,UAAYK,EAAM,EAEzB,CAAC,CACP,CCpCO,SAASC,GACd,CAAE,UAAAC,EAAW,QAAAC,CAAQ,EACf,CACNC,EAAc,CAACC,GAAY,QAAQ,EAAGF,CAAO,CAAC,EAC3C,KACCG,EAAI,CAAC,CAACC,EAAQC,CAAM,IAAMD,GAAU,CAACC,CAAM,EAC3CC,EAAUF,GAAUG,EAAGH,CAAM,EAC1B,KACCI,GAAMJ,EAAS,IAAM,GAAG,CAC1B,CACF,EACAK,GAAeV,CAAS,CAC1B,EACG,UAAU,CAAC,CAACK,EAAQ,CAAE,OAAQ,CAAE,EAAAM,CAAE,CAAC,CAAC,IAAM,CACzC,GAAIN,EACF,SAAS,KAAK,aAAa,qBAAsB,EAAE,EACnD,SAAS,KAAK,MAAM,IAAM,IAAIM,UACzB,CACL,IAAMC,EAAQ,GAAK,SAAS,SAAS,KAAK,MAAM,IAAK,EAAE,EACvD,SAAS,KAAK,gBAAgB,oBAAoB,EAClD,SAAS,KAAK,MAAM,IAAM,GACtBA,GACF,OAAO,SAAS,EAAGA,CAAK,CAC5B,CACF,CAAC,CACP,CC7DK,OAAO,UACV,OAAO,QAAU,SAAUC,EAAa,CACtC,IAAMC,EAA2B,CAAC,EAClC,QAAWC,KAAO,OAAO,KAAKF,CAAG,EAE/BC,EAAK,KAAK,CAACC,EAAKF,EAAIE,EAAI,CAAC,EAG3B,OAAOD,CACT,GAGG,OAAO,SACV,OAAO,OAAS,SAAUD,EAAa,CACrC,IAAMC,EAAiB,CAAC,EACxB,QAAWC,KAAO,OAAO,KAAKF,CAAG,EAE/BC,EAAK,KAAKD,EAAIE,EAAI,EAGpB,OAAOD,CACT,GAKE,OAAO,SAAY,cAGhB,QAAQ,UAAU,WACrB,QAAQ,UAAU,SAAW,SAC3BE,EAA8BC,EACxB,CACF,OAAOD,GAAM,UACf,KAAK,WAAaA,EAAE,KACpB,KAAK,UAAYA,EAAE,MAEnB,KAAK,WAAaA,EAClB,KAAK,UAAYC,EAErB,GAGG,QAAQ,UAAU,cACrB,QAAQ,UAAU,YAAc,YAC3BC,EACG,CACN,IAAMC,EAAS,KAAK,WACpB,GAAIA,EAAQ,CACND,EAAM,SAAW,GACnBC,EAAO,YAAY,IAAI,EAGzB,QAASC,EAAIF,EAAM,OAAS,EAAGE,GAAK,EAAGA,IAAK,CAC1C,IAAIC,EAAOH,EAAME,GACb,OAAOC,GAAS,SAClBA,EAAO,SAAS,eAAeA,CAAI,EAC5BA,EAAK,YACZA,EAAK,WAAW,YAAYA,CAAI,EAG7BD,EAGHD,EAAO,aAAa,KAAK,gBAAkBE,CAAI,EAF/CF,EAAO,aAAaE,EAAM,IAAI,CAGlC,CACF,CACF,IjMDJ,SAAS,gBAAgB,UAAU,OAAO,OAAO,EACjD,SAAS,gBAAgB,UAAU,IAAI,IAAI,EAG3C,IAAMC,GAAYC,GAAc,EAC1BC,GAAYC,GAAc,EAC1BC,GAAYC,GAAoB,EAChCC,GAAYC,GAAc,EAG1BC,GAAYC,GAAc,EAC1BC,GAAYC,GAAW,oBAAoB,EAC3CC,GAAYD,GAAW,qBAAqB,EAC5CE,GAAYC,GAAW,EAGvBC,GAASC,GAAc,EACvBC,GAAS,SAAS,MAAM,UAAU,QAAQ,GAC5C,+BAAU,QAASC,GACnB,IAAI,IAAI,2BAA4BH,GAAO,IAAI,CACjD,EACEI,GAGEC,GAAS,IAAIC,EACnBC,GAAiB,CAAE,OAAAF,EAAO,CAAC,EAGvBG,EAAQ,oBAAoB,GAC9BC,GAAoB,CAAE,UAAAxB,GAAW,UAAAE,GAAW,UAAAM,EAAU,CAAC,EA1HzD,IAAAiB,KA6HIA,GAAAV,GAAO,UAAP,YAAAU,GAAgB,YAAa,QAC/BC,GAAqB,CAAE,UAAA1B,EAAU,CAAC,EAGpC2B,EAAMzB,GAAWE,EAAO,EACrB,KACCwB,GAAM,GAAG,CACX,EACG,UAAU,IAAM,CACfC,GAAU,SAAU,EAAK,EACzBA,GAAU,SAAU,EAAK,CAC3B,CAAC,EAGLvB,GACG,KACCwB,EAAO,CAAC,CAAE,KAAAC,CAAK,IAAMA,IAAS,QAAQ,CACxC,EACG,UAAUC,GAAO,CAChB,OAAQA,EAAI,KAAM,CAGhB,IAAK,IACL,IAAK,IACH,IAAMC,EAAOC,GAAmB,kBAAkB,EAC9C,OAAOD,GAAS,aAClBA,EAAK,MAAM,EACb,MAGF,IAAK,IACL,IAAK,IACH,IAAME,EAAOD,GAAmB,kBAAkB,EAC9C,OAAOC,GAAS,aAClBA,EAAK,MAAM,EACb,KACJ,CACF,CAAC,EAGLC,GAAmB,CAAE,UAAApC,GAAW,QAAAU,EAAQ,CAAC,EACzC2B,GAAe,CAAE,UAAArC,EAAU,CAAC,EAC5BsC,GAAgB,CAAE,UAAA9B,GAAW,QAAAE,EAAQ,CAAC,EAGtC,IAAM6B,GAAUC,GAAYC,GAAoB,QAAQ,EAAG,CAAE,UAAAjC,EAAU,CAAC,EAClEkC,GAAQ1C,GACX,KACC2C,EAAI,IAAMF,GAAoB,MAAM,CAAC,EACrCG,EAAUC,GAAMC,GAAUD,EAAI,CAAE,UAAArC,GAAW,QAAA+B,EAAQ,CAAC,CAAC,EACrDQ,EAAY,CAAC,CACf,EAGIC,GAAWrB,EAGf,GAAGsB,GAAqB,SAAS,EAC9B,IAAIJ,GAAMK,GAAaL,EAAI,CAAE,QAAAzC,EAAQ,CAAC,CAAC,EAG1C,GAAG6C,GAAqB,QAAQ,EAC7B,IAAIJ,GAAMM,GAAYN,EAAI,CAAE,OAAAzB,EAAO,CAAC,CAAC,EAGxC,GAAG6B,GAAqB,QAAQ,EAC7B,IAAIJ,GAAMO,GAAYP,EAAI,CAAE,UAAArC,GAAW,QAAA+B,GAAS,MAAAG,EAAM,CAAC,CAAC,EAG3D,GAAGO,GAAqB,SAAS,EAC9B,IAAIJ,GAAMQ,GAAaR,CAAE,CAAC,EAG7B,GAAGI,GAAqB,QAAQ,EAC7B,IAAIJ,GAAMS,GAAYT,EAAI,CAAE,OAAA5B,GAAQ,UAAAX,EAAU,CAAC,CAAC,EAGnD,GAAG2C,GAAqB,QAAQ,EAC7B,IAAIJ,GAAMU,GAAYV,CAAE,CAAC,CAC9B,EAGMW,GAAWC,EAAM,IAAM9B,EAG3B,GAAGsB,GAAqB,UAAU,EAC/B,IAAIJ,GAAMa,GAAcb,CAAE,CAAC,EAG9B,GAAGI,GAAqB,SAAS,EAC9B,IAAIJ,GAAMc,GAAad,EAAI,CAAE,UAAArC,GAAW,QAAAJ,GAAS,OAAAS,EAAO,CAAC,CAAC,EAG7D,GAAGoC,GAAqB,SAAS,EAC9B,IAAIJ,GAAMtB,EAAQ,kBAAkB,EACjCqC,GAAoBf,EAAI,CAAE,OAAA5B,GAAQ,UAAAf,EAAU,CAAC,EAC7C2D,CACJ,EAGF,GAAGZ,GAAqB,cAAc,EACnC,IAAIJ,GAAMiB,GAAiBjB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,EAAQ,CAAC,CAAC,EAGzD,GAAGU,GAAqB,SAAS,EAC9B,IAAIJ,GAAMA,EAAG,aAAa,cAAc,IAAM,aAC3CkB,GAAGnD,GAAS,IAAMoD,GAAanB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,GAAS,MAAAG,EAAM,CAAC,CAAC,EACjEqB,GAAGrD,GAAS,IAAMsD,GAAanB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,GAAS,MAAAG,EAAM,CAAC,CAAC,CACrE,EAGF,GAAGO,GAAqB,MAAM,EAC3B,IAAIJ,GAAMoB,GAAUpB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,EAAQ,CAAC,CAAC,EAGlD,GAAGU,GAAqB,KAAK,EAC1B,IAAIJ,GAAMqB,GAAqBrB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,GAAS,QAAAnC,EAAQ,CAAC,CAAC,EAGtE,GAAG6C,GAAqB,KAAK,EAC1B,IAAIJ,GAAMsB,GAAetB,EAAI,CAAE,UAAArC,GAAW,QAAA+B,GAAS,MAAAG,GAAO,QAAAtC,EAAQ,CAAC,CAAC,CACzE,CAAC,EAGKgE,GAAapE,GAChB,KACC4C,EAAU,IAAMY,EAAQ,EACxBa,GAAUrB,EAAQ,EAClBD,EAAY,CAAC,CACf,EAGFqB,GAAW,UAAU,EAMrB,OAAO,UAAapE,GACpB,OAAO,UAAaE,GACpB,OAAO,QAAaE,GACpB,OAAO,UAAaE,GACpB,OAAO,UAAaE,GACpB,OAAO,QAAaE,GACpB,OAAO,QAAaE,GACpB,OAAO,OAAaC,GACpB,OAAO,OAAaO,GACpB,OAAO,WAAagD", + "names": ["require_focus_visible", "__commonJSMin", "exports", "module", "global", "factory", "applyFocusVisiblePolyfill", "scope", "hadKeyboardEvent", "hadFocusVisibleRecently", "hadFocusVisibleRecentlyTimeout", "inputTypesAllowlist", "isValidFocusTarget", "el", "focusTriggersKeyboardModality", "type", "tagName", "addFocusVisibleClass", "removeFocusVisibleClass", "onKeyDown", "e", "onPointerDown", "onFocus", "onBlur", "onVisibilityChange", "addInitialPointerMoveListeners", "onInitialPointerMove", "removeInitialPointerMoveListeners", "event", "error", "require_url_polyfill", "__commonJSMin", "exports", "global", "checkIfIteratorIsSupported", "error", "iteratorSupported", "createIterator", "items", "iterator", "value", "serializeParam", "deserializeParam", "polyfillURLSearchParams", "URLSearchParams", "searchString", "typeofSearchString", "_this", "name", "i", "entry", "key", "proto", "callback", "thisArg", "entries", "searchArray", "checkIfURLSearchParamsSupported", "e", "a", "b", "keys", "attributes", "attribute", "checkIfURLIsSupported", "u", "polyfillURL", "_URL", "URL", "url", "base", "doc", "baseElement", "err", "anchorElement", "inputElement", "searchParams", "enableSearchUpdate", "enableSearchParamsUpdate", "methodName", "method", "search", "linkURLWithAnchorAttribute", "attributeName", "expectedPort", "addPortToOrigin", "blob", "getOrigin", "require_tslib", "__commonJSMin", "exports", "module", "__extends", "__assign", "__rest", "__decorate", "__param", "__metadata", "__awaiter", "__generator", "__exportStar", "__values", "__read", "__spread", "__spreadArrays", "__spreadArray", "__await", "__asyncGenerator", "__asyncDelegator", "__asyncValues", "__makeTemplateObject", "__importStar", "__importDefault", "__classPrivateFieldGet", "__classPrivateFieldSet", "__createBinding", "factory", "root", "createExporter", "previous", "id", "v", "exporter", "extendStatics", "d", "b", "p", "__", "t", "s", "n", "e", "i", "decorators", "target", "key", "desc", "c", "r", "paramIndex", "decorator", "metadataKey", "metadataValue", "thisArg", "_arguments", "P", "generator", "adopt", "value", "resolve", "reject", "fulfilled", "step", "rejected", "result", "body", "_", "f", "y", "g", "verb", "op", "m", "o", "k", "k2", "ar", "error", "il", "a", "j", "jl", "to", "from", "pack", "l", "q", "resume", "settle", "fulfill", "cooked", "raw", "__setModuleDefault", "mod", "receiver", "state", "kind", "require_clipboard", "__commonJSMin", "exports", "module", "root", "factory", "__webpack_modules__", "__unused_webpack_module", "__webpack_exports__", "__webpack_require__", "clipboard", "tiny_emitter", "tiny_emitter_default", "listen", "listen_default", "src_select", "select_default", "command", "type", "err", "ClipboardActionCut", "target", "selectedText", "actions_cut", "createFakeElement", "value", "isRTL", "fakeElement", "yPosition", "fakeCopyAction", "options", "ClipboardActionCopy", "actions_copy", "_typeof", "obj", "ClipboardActionDefault", "_options$action", "action", "container", "text", "actions_default", "clipboard_typeof", "_classCallCheck", "instance", "Constructor", "_defineProperties", "props", "i", "descriptor", "_createClass", "protoProps", "staticProps", "_inherits", "subClass", "superClass", "_setPrototypeOf", "o", "p", "_createSuper", "Derived", "hasNativeReflectConstruct", "_isNativeReflectConstruct", "Super", "_getPrototypeOf", "result", "NewTarget", "_possibleConstructorReturn", "self", "call", "_assertThisInitialized", "e", "getAttributeValue", "suffix", "element", "attribute", "Clipboard", "_Emitter", "_super", "trigger", "_this", "_this2", "selector", "actions", "support", "DOCUMENT_NODE_TYPE", "proto", "closest", "__unused_webpack_exports", "_delegate", "callback", "useCapture", "listenerFn", "listener", "delegate", "elements", "is", "listenNode", "listenNodeList", "listenSelector", "node", "nodeList", "select", "isReadOnly", "selection", "range", "E", "name", "ctx", "data", "evtArr", "len", "evts", "liveEvents", "__webpack_module_cache__", "moduleId", "getter", "definition", "key", "prop", "require_escape_html", "__commonJSMin", "exports", "module", "matchHtmlRegExp", "escapeHtml", "string", "str", "match", "escape", "html", "index", "lastIndex", "r", "a", "e", "import_focus_visible", "n", "t", "s", "r", "o", "u", "i", "a", "e", "c", "import_url_polyfill", "import_tslib", "__extends", "__assign", "__rest", "__decorate", "__param", "__metadata", "__awaiter", "__generator", "__exportStar", "__createBinding", "__values", "__read", "__spread", "__spreadArrays", "__spreadArray", "__await", "__asyncGenerator", "__asyncDelegator", "__asyncValues", "__makeTemplateObject", "__importStar", "__importDefault", "__classPrivateFieldGet", "__classPrivateFieldSet", "tslib", "isFunction", "value", "createErrorClass", "createImpl", "_super", "instance", "ctorFunc", "UnsubscriptionError", "createErrorClass", "_super", "errors", "err", "i", "arrRemove", "arr", "item", "index", "Subscription", "initialTeardown", "errors", "_parentage", "_parentage_1", "__values", "_parentage_1_1", "parent_1", "initialFinalizer", "isFunction", "e", "UnsubscriptionError", "_finalizers", "_finalizers_1", "_finalizers_1_1", "finalizer", "execFinalizer", "err", "__spreadArray", "__read", "teardown", "_a", "parent", "arrRemove", "empty", "EMPTY_SUBSCRIPTION", "Subscription", "isSubscription", "value", "isFunction", "execFinalizer", "finalizer", "config", "timeoutProvider", "handler", "timeout", "args", "_i", "delegate", "__spreadArray", "__read", "handle", "reportUnhandledError", "err", "timeoutProvider", "onUnhandledError", "config", "noop", "COMPLETE_NOTIFICATION", "createNotification", "errorNotification", "error", "nextNotification", "value", "kind", "context", "errorContext", "cb", "config", "isRoot", "_a", "errorThrown", "error", "captureError", "err", "Subscriber", "_super", "__extends", "destination", "_this", "isSubscription", "EMPTY_OBSERVER", "next", "error", "complete", "SafeSubscriber", "value", "handleStoppedNotification", "nextNotification", "err", "errorNotification", "COMPLETE_NOTIFICATION", "Subscription", "_bind", "bind", "fn", "thisArg", "ConsumerObserver", "partialObserver", "value", "error", "handleUnhandledError", "err", "SafeSubscriber", "_super", "__extends", "observerOrNext", "complete", "_this", "isFunction", "context_1", "config", "Subscriber", "handleUnhandledError", "error", "config", "captureError", "reportUnhandledError", "defaultErrorHandler", "err", "handleStoppedNotification", "notification", "subscriber", "onStoppedNotification", "timeoutProvider", "EMPTY_OBSERVER", "noop", "observable", "identity", "x", "pipe", "fns", "_i", "pipeFromArray", "identity", "input", "prev", "fn", "Observable", "subscribe", "operator", "observable", "observerOrNext", "error", "complete", "_this", "subscriber", "isSubscriber", "SafeSubscriber", "errorContext", "_a", "source", "sink", "err", "next", "promiseCtor", "getPromiseCtor", "resolve", "reject", "value", "operations", "_i", "pipeFromArray", "x", "getPromiseCtor", "promiseCtor", "_a", "config", "isObserver", "value", "isFunction", "isSubscriber", "Subscriber", "isSubscription", "hasLift", "source", "isFunction", "operate", "init", "liftedSource", "err", "createOperatorSubscriber", "destination", "onNext", "onComplete", "onError", "onFinalize", "OperatorSubscriber", "_super", "__extends", "shouldUnsubscribe", "_this", "value", "err", "closed_1", "_a", "Subscriber", "animationFrameProvider", "callback", "request", "cancel", "delegate", "handle", "timestamp", "Subscription", "args", "_i", "__spreadArray", "__read", "ObjectUnsubscribedError", "createErrorClass", "_super", "Subject", "_super", "__extends", "_this", "operator", "subject", "AnonymousSubject", "ObjectUnsubscribedError", "value", "errorContext", "_b", "__values", "_c", "observer", "err", "observers", "_a", "subscriber", "hasError", "isStopped", "EMPTY_SUBSCRIPTION", "Subscription", "arrRemove", "thrownError", "observable", "Observable", "destination", "source", "AnonymousSubject", "_super", "__extends", "destination", "source", "_this", "value", "_b", "_a", "err", "subscriber", "EMPTY_SUBSCRIPTION", "Subject", "dateTimestampProvider", "ReplaySubject", "_super", "__extends", "_bufferSize", "_windowTime", "_timestampProvider", "dateTimestampProvider", "_this", "value", "_a", "isStopped", "_buffer", "_infiniteTimeWindow", "subscriber", "subscription", "copy", "i", "adjustedBufferSize", "now", "last", "Subject", "Action", "_super", "__extends", "scheduler", "work", "state", "delay", "Subscription", "intervalProvider", "handler", "timeout", "args", "_i", "delegate", "__spreadArray", "__read", "handle", "AsyncAction", "_super", "__extends", "scheduler", "work", "_this", "state", "delay", "id", "_a", "_id", "intervalProvider", "_scheduler", "error", "_delay", "errored", "errorValue", "e", "actions", "arrRemove", "Action", "Scheduler", "schedulerActionCtor", "now", "work", "delay", "state", "dateTimestampProvider", "AsyncScheduler", "_super", "__extends", "SchedulerAction", "now", "Scheduler", "_this", "action", "actions", "error", "asyncScheduler", "AsyncScheduler", "AsyncAction", "async", "AnimationFrameAction", "_super", "__extends", "scheduler", "work", "_this", "id", "delay", "animationFrameProvider", "actions", "_a", "AsyncAction", "AnimationFrameScheduler", "_super", "__extends", "action", "flushId", "actions", "error", "AsyncScheduler", "animationFrameScheduler", "AnimationFrameScheduler", "AnimationFrameAction", "EMPTY", "Observable", "subscriber", "isScheduler", "value", "isFunction", "last", "arr", "popResultSelector", "args", "isFunction", "popScheduler", "isScheduler", "popNumber", "defaultValue", "isArrayLike", "x", "isPromise", "value", "isFunction", "isInteropObservable", "input", "isFunction", "observable", "isAsyncIterable", "obj", "isFunction", "createInvalidObservableTypeError", "input", "getSymbolIterator", "iterator", "isIterable", "input", "isFunction", "iterator", "readableStreamLikeToAsyncGenerator", "readableStream", "reader", "__await", "_a", "_b", "value", "done", "isReadableStreamLike", "obj", "isFunction", "innerFrom", "input", "Observable", "isInteropObservable", "fromInteropObservable", "isArrayLike", "fromArrayLike", "isPromise", "fromPromise", "isAsyncIterable", "fromAsyncIterable", "isIterable", "fromIterable", "isReadableStreamLike", "fromReadableStreamLike", "createInvalidObservableTypeError", "obj", "subscriber", "obs", "observable", "isFunction", "array", "i", "promise", "value", "err", "reportUnhandledError", "iterable", "iterable_1", "__values", "iterable_1_1", "asyncIterable", "process", "readableStream", "readableStreamLikeToAsyncGenerator", "asyncIterable_1", "__asyncValues", "asyncIterable_1_1", "executeSchedule", "parentSubscription", "scheduler", "work", "delay", "repeat", "scheduleSubscription", "observeOn", "scheduler", "delay", "operate", "source", "subscriber", "createOperatorSubscriber", "value", "executeSchedule", "err", "subscribeOn", "scheduler", "delay", "operate", "source", "subscriber", "scheduleObservable", "input", "scheduler", "innerFrom", "subscribeOn", "observeOn", "schedulePromise", "input", "scheduler", "innerFrom", "subscribeOn", "observeOn", "scheduleArray", "input", "scheduler", "Observable", "subscriber", "i", "scheduleIterable", "input", "scheduler", "Observable", "subscriber", "iterator", "executeSchedule", "value", "done", "_a", "err", "isFunction", "scheduleAsyncIterable", "input", "scheduler", "Observable", "subscriber", "executeSchedule", "iterator", "result", "scheduleReadableStreamLike", "input", "scheduler", "scheduleAsyncIterable", "readableStreamLikeToAsyncGenerator", "scheduled", "input", "scheduler", "isInteropObservable", "scheduleObservable", "isArrayLike", "scheduleArray", "isPromise", "schedulePromise", "isAsyncIterable", "scheduleAsyncIterable", "isIterable", "scheduleIterable", "isReadableStreamLike", "scheduleReadableStreamLike", "createInvalidObservableTypeError", "from", "input", "scheduler", "scheduled", "innerFrom", "of", "args", "_i", "scheduler", "popScheduler", "from", "throwError", "errorOrErrorFactory", "scheduler", "errorFactory", "isFunction", "init", "subscriber", "Observable", "isValidDate", "value", "map", "project", "thisArg", "operate", "source", "subscriber", "index", "createOperatorSubscriber", "value", "isArray", "callOrApply", "fn", "args", "__spreadArray", "__read", "mapOneOrManyArgs", "map", "isArray", "getPrototypeOf", "objectProto", "getKeys", "argsArgArrayOrObject", "args", "first_1", "isPOJO", "keys", "key", "obj", "createObject", "keys", "values", "result", "key", "i", "combineLatest", "args", "_i", "scheduler", "popScheduler", "resultSelector", "popResultSelector", "_a", "argsArgArrayOrObject", "observables", "keys", "from", "result", "Observable", "combineLatestInit", "values", "createObject", "identity", "mapOneOrManyArgs", "valueTransform", "subscriber", "maybeSchedule", "length", "active", "remainingFirstValues", "i", "source", "hasFirstValue", "createOperatorSubscriber", "value", "execute", "subscription", "executeSchedule", "mergeInternals", "source", "subscriber", "project", "concurrent", "onBeforeNext", "expand", "innerSubScheduler", "additionalFinalizer", "buffer", "active", "index", "isComplete", "checkComplete", "outerNext", "value", "doInnerSub", "innerComplete", "innerFrom", "createOperatorSubscriber", "innerValue", "bufferedValue", "executeSchedule", "err", "mergeMap", "project", "resultSelector", "concurrent", "isFunction", "a", "i", "map", "b", "ii", "innerFrom", "operate", "source", "subscriber", "mergeInternals", "mergeAll", "concurrent", "mergeMap", "identity", "concatAll", "mergeAll", "concat", "args", "_i", "concatAll", "from", "popScheduler", "defer", "observableFactory", "Observable", "subscriber", "innerFrom", "nodeEventEmitterMethods", "eventTargetMethods", "jqueryMethods", "fromEvent", "target", "eventName", "options", "resultSelector", "isFunction", "mapOneOrManyArgs", "_a", "__read", "isEventTarget", "methodName", "handler", "isNodeStyleEventEmitter", "toCommonHandlerRegistry", "isJQueryStyleEventEmitter", "add", "remove", "isArrayLike", "mergeMap", "subTarget", "innerFrom", "Observable", "subscriber", "args", "_i", "fromEventPattern", "addHandler", "removeHandler", "resultSelector", "mapOneOrManyArgs", "Observable", "subscriber", "handler", "e", "_i", "retValue", "isFunction", "timer", "dueTime", "intervalOrScheduler", "scheduler", "async", "intervalDuration", "isScheduler", "Observable", "subscriber", "due", "isValidDate", "n", "merge", "args", "_i", "scheduler", "popScheduler", "concurrent", "popNumber", "sources", "innerFrom", "mergeAll", "from", "EMPTY", "NEVER", "Observable", "noop", "isArray", "argsOrArgArray", "args", "filter", "predicate", "thisArg", "operate", "source", "subscriber", "index", "createOperatorSubscriber", "value", "zip", "args", "_i", "resultSelector", "popResultSelector", "sources", "argsOrArgArray", "Observable", "subscriber", "buffers", "completed", "sourceIndex", "innerFrom", "createOperatorSubscriber", "value", "buffer", "result", "__spreadArray", "__read", "i", "EMPTY", "audit", "durationSelector", "operate", "source", "subscriber", "hasValue", "lastValue", "durationSubscriber", "isComplete", "endDuration", "value", "cleanupDuration", "createOperatorSubscriber", "innerFrom", "auditTime", "duration", "scheduler", "asyncScheduler", "audit", "timer", "bufferCount", "bufferSize", "startBufferEvery", "operate", "source", "subscriber", "buffers", "count", "createOperatorSubscriber", "value", "toEmit", "buffers_1", "__values", "buffers_1_1", "buffer", "toEmit_1", "toEmit_1_1", "arrRemove", "buffers_2", "buffers_2_1", "catchError", "selector", "operate", "source", "subscriber", "innerSub", "syncUnsub", "handledResult", "createOperatorSubscriber", "err", "innerFrom", "scanInternals", "accumulator", "seed", "hasSeed", "emitOnNext", "emitBeforeComplete", "source", "subscriber", "hasState", "state", "index", "createOperatorSubscriber", "value", "i", "combineLatest", "args", "_i", "resultSelector", "popResultSelector", "pipe", "__spreadArray", "__read", "mapOneOrManyArgs", "operate", "source", "subscriber", "combineLatestInit", "argsOrArgArray", "combineLatestWith", "otherSources", "_i", "combineLatest", "__spreadArray", "__read", "concatMap", "project", "resultSelector", "isFunction", "mergeMap", "debounceTime", "dueTime", "scheduler", "asyncScheduler", "operate", "source", "subscriber", "activeTask", "lastValue", "lastTime", "emit", "value", "emitWhenIdle", "targetTime", "now", "createOperatorSubscriber", "defaultIfEmpty", "defaultValue", "operate", "source", "subscriber", "hasValue", "createOperatorSubscriber", "value", "take", "count", "EMPTY", "operate", "source", "subscriber", "seen", "createOperatorSubscriber", "value", "ignoreElements", "operate", "source", "subscriber", "createOperatorSubscriber", "noop", "mapTo", "value", "map", "delayWhen", "delayDurationSelector", "subscriptionDelay", "source", "concat", "take", "ignoreElements", "mergeMap", "value", "index", "mapTo", "delay", "due", "scheduler", "asyncScheduler", "duration", "timer", "delayWhen", "distinctUntilChanged", "comparator", "keySelector", "identity", "defaultCompare", "operate", "source", "subscriber", "previousKey", "first", "createOperatorSubscriber", "value", "currentKey", "a", "b", "distinctUntilKeyChanged", "key", "compare", "distinctUntilChanged", "x", "y", "endWith", "values", "_i", "source", "concat", "of", "__spreadArray", "__read", "finalize", "callback", "operate", "source", "subscriber", "takeLast", "count", "EMPTY", "operate", "source", "subscriber", "buffer", "createOperatorSubscriber", "value", "buffer_1", "__values", "buffer_1_1", "merge", "args", "_i", "scheduler", "popScheduler", "concurrent", "popNumber", "argsOrArgArray", "operate", "source", "subscriber", "mergeAll", "from", "__spreadArray", "__read", "mergeWith", "otherSources", "_i", "merge", "__spreadArray", "__read", "repeat", "countOrConfig", "count", "delay", "_a", "EMPTY", "operate", "source", "subscriber", "soFar", "sourceSub", "resubscribe", "notifier", "timer", "innerFrom", "notifierSubscriber_1", "createOperatorSubscriber", "subscribeToSource", "syncUnsub", "sample", "notifier", "operate", "source", "subscriber", "hasValue", "lastValue", "createOperatorSubscriber", "value", "noop", "scan", "accumulator", "seed", "operate", "scanInternals", "share", "options", "_a", "connector", "Subject", "_b", "resetOnError", "_c", "resetOnComplete", "_d", "resetOnRefCountZero", "wrapperSource", "connection", "resetConnection", "subject", "refCount", "hasCompleted", "hasErrored", "cancelReset", "reset", "resetAndUnsubscribe", "conn", "operate", "source", "subscriber", "dest", "handleReset", "SafeSubscriber", "value", "err", "innerFrom", "on", "args", "_i", "onSubscriber", "__spreadArray", "__read", "shareReplay", "configOrBufferSize", "windowTime", "scheduler", "bufferSize", "refCount", "_a", "_b", "_c", "share", "ReplaySubject", "skip", "count", "filter", "_", "index", "skipUntil", "notifier", "operate", "source", "subscriber", "taking", "skipSubscriber", "createOperatorSubscriber", "noop", "innerFrom", "value", "startWith", "values", "_i", "scheduler", "popScheduler", "operate", "source", "subscriber", "concat", "switchMap", "project", "resultSelector", "operate", "source", "subscriber", "innerSubscriber", "index", "isComplete", "checkComplete", "createOperatorSubscriber", "value", "innerIndex", "outerIndex", "innerFrom", "innerValue", "takeUntil", "notifier", "operate", "source", "subscriber", "innerFrom", "createOperatorSubscriber", "noop", "takeWhile", "predicate", "inclusive", "operate", "source", "subscriber", "index", "createOperatorSubscriber", "value", "result", "tap", "observerOrNext", "error", "complete", "tapObserver", "isFunction", "operate", "source", "subscriber", "_a", "isUnsub", "createOperatorSubscriber", "value", "err", "_b", "identity", "defaultThrottleConfig", "throttle", "durationSelector", "config", "operate", "source", "subscriber", "leading", "trailing", "hasValue", "sendValue", "throttled", "isComplete", "endThrottling", "send", "cleanupThrottling", "startThrottle", "value", "innerFrom", "createOperatorSubscriber", "throttleTime", "duration", "scheduler", "config", "asyncScheduler", "defaultThrottleConfig", "duration$", "timer", "throttle", "withLatestFrom", "inputs", "_i", "project", "popResultSelector", "operate", "source", "subscriber", "len", "otherValues", "hasValue", "ready", "i", "innerFrom", "createOperatorSubscriber", "value", "identity", "noop", "values", "__spreadArray", "__read", "zip", "sources", "_i", "operate", "source", "subscriber", "__spreadArray", "__read", "zipWith", "otherInputs", "_i", "zip", "__spreadArray", "__read", "watchDocument", "document$", "ReplaySubject", "fromEvent", "getElements", "selector", "node", "getElement", "el", "getOptionalElement", "getActiveElement", "watchElementFocus", "el", "merge", "fromEvent", "debounceTime", "map", "active", "getActiveElement", "startWith", "distinctUntilChanged", "getElementOffset", "el", "watchElementOffset", "merge", "fromEvent", "auditTime", "animationFrameScheduler", "map", "startWith", "getElementContentOffset", "el", "watchElementContentOffset", "merge", "fromEvent", "auditTime", "animationFrameScheduler", "map", "startWith", "MapShim", "getIndex", "arr", "key", "result", "entry", "index", "class_1", "value", "entries", "callback", "ctx", "_i", "_a", "isBrowser", "global$1", "requestAnimationFrame$1", "trailingTimeout", "throttle", "delay", "leadingCall", "trailingCall", "lastCallTime", "resolvePending", "proxy", "timeoutCallback", "timeStamp", "REFRESH_DELAY", "transitionKeys", "mutationObserverSupported", "ResizeObserverController", "observer", "observers", "changesDetected", "activeObservers", "_b", "propertyName", "isReflowProperty", "defineConfigurable", "target", "props", "getWindowOf", "ownerGlobal", "emptyRect", "createRectInit", "toFloat", "getBordersSize", "styles", "positions", "size", "position", "getPaddings", "paddings", "positions_1", "getSVGContentRect", "bbox", "getHTMLElementContentRect", "clientWidth", "clientHeight", "horizPad", "vertPad", "width", "height", "isDocumentElement", "vertScrollbar", "horizScrollbar", "isSVGGraphicsElement", "getContentRect", "createReadOnlyRect", "x", "y", "Constr", "rect", "ResizeObservation", "ResizeObserverEntry", "rectInit", "contentRect", "ResizeObserverSPI", "controller", "callbackCtx", "observations", "_this", "observation", "ResizeObserver", "method", "ResizeObserver_es_default", "entry$", "Subject", "observer$", "defer", "of", "ResizeObserver_es_default", "entries", "entry", "switchMap", "observer", "merge", "NEVER", "finalize", "shareReplay", "getElementSize", "el", "watchElementSize", "tap", "filter", "target", "map", "startWith", "getElementContentSize", "el", "getElementContainer", "parent", "entry$", "Subject", "observer$", "defer", "of", "entries", "entry", "switchMap", "observer", "merge", "NEVER", "finalize", "shareReplay", "watchElementVisibility", "el", "tap", "filter", "target", "map", "isIntersecting", "watchElementBoundary", "threshold", "watchElementContentOffset", "y", "visible", "getElementSize", "content", "getElementContentSize", "distinctUntilChanged", "toggles", "getElement", "getToggle", "name", "setToggle", "value", "watchToggle", "el", "fromEvent", "map", "startWith", "isSusceptibleToKeyboard", "el", "type", "watchKeyboard", "fromEvent", "filter", "ev", "map", "getToggle", "mode", "active", "getActiveElement", "share", "getLocation", "setLocation", "url", "watchLocation", "Subject", "appendChild", "el", "child", "node", "h", "tag", "attributes", "children", "attr", "truncate", "value", "n", "i", "round", "digits", "getLocationHash", "setLocationHash", "hash", "el", "h", "ev", "watchLocationHash", "fromEvent", "map", "startWith", "filter", "shareReplay", "watchLocationTarget", "id", "getOptionalElement", "watchMedia", "query", "media", "fromEventPattern", "next", "startWith", "watchPrint", "merge", "fromEvent", "map", "at", "query$", "factory", "switchMap", "active", "EMPTY", "request", "url", "options", "from", "catchError", "EMPTY", "switchMap", "res", "throwError", "of", "requestJSON", "shareReplay", "requestXML", "dom", "map", "watchScript", "src", "script", "h", "defer", "merge", "fromEvent", "switchMap", "throwError", "map", "finalize", "take", "getViewportOffset", "watchViewportOffset", "merge", "fromEvent", "map", "startWith", "getViewportSize", "watchViewportSize", "fromEvent", "map", "startWith", "watchViewport", "combineLatest", "watchViewportOffset", "watchViewportSize", "map", "offset", "size", "shareReplay", "watchViewportAt", "el", "viewport$", "header$", "size$", "distinctUntilKeyChanged", "offset$", "combineLatest", "map", "getElementOffset", "height", "offset", "size", "x", "y", "watchWorker", "worker", "tx$", "rx$", "fromEvent", "map", "data", "throttle", "tap", "message", "switchMap", "share", "script", "getElement", "config", "getLocation", "configuration", "feature", "flag", "translation", "key", "value", "getComponentElement", "type", "node", "getElement", "getComponentElements", "getElements", "watchAnnounce", "el", "button", "getElement", "fromEvent", "map", "content", "mountAnnounce", "feature", "EMPTY", "defer", "push$", "Subject", "startWith", "hash", "_a", "tap", "state", "finalize", "__spreadValues", "watchConsent", "el", "target$", "map", "target", "mountConsent", "options", "internal$", "Subject", "hidden", "tap", "state", "finalize", "__spreadValues", "import_clipboard", "renderTooltip", "id", "h", "renderAnnotation", "id", "prefix", "anchor", "h", "renderTooltip", "renderClipboardButton", "id", "h", "translation", "renderSearchDocument", "document", "flag", "parent", "teaser", "missing", "key", "list", "h", "url", "feature", "match", "highlight", "value", "tags", "configuration", "truncate", "tag", "id", "type", "translation", "renderSearchResultItem", "result", "threshold", "docs", "doc", "article", "index", "best", "more", "children", "section", "renderSourceFacts", "facts", "h", "key", "value", "round", "renderTabbedControl", "type", "classes", "h", "renderTable", "table", "h", "renderVersion", "version", "config", "configuration", "url", "h", "renderVersionSelector", "versions", "active", "translation", "watchAnnotation", "el", "container", "offset$", "defer", "combineLatest", "watchElementOffset", "watchElementContentOffset", "map", "x", "y", "scroll", "width", "height", "getElementSize", "watchElementFocus", "switchMap", "active", "offset", "take", "mountAnnotation", "target$", "tooltip", "index", "push$", "Subject", "done$", "takeLast", "watchElementVisibility", "takeUntil", "visible", "merge", "filter", "debounceTime", "auditTime", "animationFrameScheduler", "throttleTime", "origin", "fromEvent", "ev", "withLatestFrom", "_a", "parent", "getActiveElement", "target", "delay", "tap", "state", "finalize", "__spreadValues", "findAnnotationMarkers", "container", "markers", "el", "getElements", "nodes", "it", "node", "text", "match", "id", "force", "marker", "swap", "source", "target", "mountAnnotationList", "target$", "print$", "parent", "prefix", "annotations", "getOptionalElement", "renderAnnotation", "EMPTY", "defer", "done$", "Subject", "pairs", "annotation", "getElement", "takeUntil", "takeLast", "active", "inner", "child", "merge", "mountAnnotation", "finalize", "share", "sequence", "findCandidateList", "el", "sibling", "watchCodeBlock", "watchElementSize", "map", "width", "getElementContentSize", "distinctUntilKeyChanged", "mountCodeBlock", "options", "hover", "factory$", "defer", "push$", "Subject", "scrollable", "ClipboardJS", "parent", "renderClipboardButton", "container", "list", "feature", "annotations$", "mountAnnotationList", "tap", "state", "finalize", "__spreadValues", "mergeWith", "height", "distinctUntilChanged", "switchMap", "active", "EMPTY", "watchElementVisibility", "filter", "visible", "take", "mermaid$", "sequence", "fetchScripts", "watchScript", "of", "mountMermaid", "el", "tap", "mermaid_default", "map", "shareReplay", "id", "host", "h", "svg", "shadow", "watchDetails", "el", "target$", "print$", "open", "merge", "map", "target", "filter", "details", "active", "tap", "mountDetails", "options", "defer", "push$", "Subject", "action", "reveal", "state", "finalize", "__spreadValues", "sentinel", "h", "mountDataTable", "el", "renderTable", "of", "watchContentTabs", "el", "inputs", "getElements", "initial", "input", "merge", "fromEvent", "map", "getElement", "startWith", "active", "mountContentTabs", "viewport$", "prev", "renderTabbedControl", "next", "container", "defer", "push$", "Subject", "done$", "takeLast", "combineLatest", "watchElementSize", "auditTime", "animationFrameScheduler", "takeUntil", "size", "offset", "getElementOffset", "width", "getElementSize", "content", "getElementContentOffset", "watchElementContentOffset", "getElementContentSize", "direction", "feature", "skip", "withLatestFrom", "tab", "y", "set", "label", "tabs", "tap", "state", "finalize", "__spreadValues", "subscribeOn", "asyncScheduler", "mountContent", "el", "viewport$", "target$", "print$", "merge", "getElements", "child", "mountCodeBlock", "mountMermaid", "mountDataTable", "mountDetails", "mountContentTabs", "watchDialog", "_el", "alert$", "switchMap", "message", "merge", "of", "delay", "map", "active", "mountDialog", "el", "options", "inner", "getElement", "defer", "push$", "Subject", "tap", "state", "finalize", "__spreadValues", "isHidden", "viewport$", "feature", "of", "direction$", "map", "y", "bufferCount", "a", "b", "distinctUntilKeyChanged", "hidden$", "combineLatest", "filter", "offset", "direction", "distinctUntilChanged", "search$", "watchToggle", "search", "switchMap", "active", "startWith", "watchHeader", "el", "options", "defer", "watchElementSize", "height", "hidden", "shareReplay", "mountHeader", "header$", "main$", "push$", "Subject", "done$", "takeLast", "combineLatestWith", "takeUntil", "state", "__spreadValues", "watchHeaderTitle", "el", "viewport$", "header$", "watchViewportAt", "map", "y", "height", "getElementSize", "distinctUntilKeyChanged", "mountHeaderTitle", "options", "defer", "push$", "Subject", "active", "heading", "getOptionalElement", "EMPTY", "tap", "state", "finalize", "__spreadValues", "watchMain", "el", "viewport$", "header$", "adjust$", "map", "height", "distinctUntilChanged", "border$", "switchMap", "watchElementSize", "distinctUntilKeyChanged", "combineLatest", "header", "top", "bottom", "y", "a", "b", "watchPalette", "inputs", "current", "input", "of", "mergeMap", "fromEvent", "map", "startWith", "shareReplay", "mountPalette", "el", "defer", "push$", "Subject", "palette", "key", "value", "index", "label", "observeOn", "asyncScheduler", "getElements", "tap", "state", "finalize", "__spreadValues", "import_clipboard", "extract", "el", "text", "setupClipboardJS", "alert$", "ClipboardJS", "Observable", "subscriber", "getElement", "ev", "tap", "map", "translation", "preprocess", "urls", "root", "next", "a", "b", "url", "index", "fetchSitemap", "base", "cached", "of", "config", "configuration", "requestXML", "map", "sitemap", "getElements", "node", "catchError", "EMPTY", "defaultIfEmpty", "tap", "setupInstantLoading", "document$", "location$", "viewport$", "config", "configuration", "fromEvent", "favicon", "getOptionalElement", "push$", "fetchSitemap", "map", "paths", "path", "switchMap", "urls", "filter", "ev", "el", "url", "of", "NEVER", "share", "pop$", "merge", "distinctUntilChanged", "a", "b", "response$", "distinctUntilKeyChanged", "request", "catchError", "setLocation", "sample", "dom", "res", "skip", "replacement", "selector", "feature", "source", "target", "getComponentElement", "getElements", "concatMap", "script", "h", "name", "Observable", "observer", "EMPTY", "offset", "setLocationHash", "skipUntil", "debounceTime", "bufferCount", "state", "import_escape_html", "import_escape_html", "setupSearchHighlighter", "config", "escape", "separator", "highlight", "_", "data", "term", "query", "match", "value", "escapeHTML", "defaultTransform", "query", "terms", "index", "isSearchReadyMessage", "message", "isSearchQueryMessage", "isSearchResultMessage", "setupSearchIndex", "config", "docs", "translation", "options", "feature", "setupSearchWorker", "url", "index", "configuration", "worker", "tx$", "Subject", "rx$", "watchWorker", "map", "message", "isSearchResultMessage", "result", "document", "share", "from", "data", "setupVersionSelector", "document$", "config", "configuration", "versions$", "requestJSON", "catchError", "EMPTY", "current$", "map", "versions", "current", "version", "aliases", "switchMap", "urls", "fromEvent", "filter", "ev", "withLatestFrom", "el", "url", "of", "fetchSitemap", "sitemap", "path", "getLocation", "setLocation", "combineLatest", "getElement", "renderVersionSelector", "_a", "outdated", "latest", "warning", "getComponentElements", "watchSearchQuery", "el", "rx$", "fn", "defaultTransform", "searchParams", "getLocation", "setToggle", "param$", "filter", "isSearchReadyMessage", "take", "map", "watchToggle", "active", "url", "value", "focus$", "watchElementFocus", "value$", "merge", "fromEvent", "delay", "startWith", "distinctUntilChanged", "combineLatest", "focus", "shareReplay", "mountSearchQuery", "tx$", "push$", "Subject", "done$", "takeLast", "distinctUntilKeyChanged", "translation", "takeUntil", "tap", "state", "finalize", "__spreadValues", "share", "mountSearchResult", "el", "rx$", "query$", "push$", "Subject", "boundary$", "watchElementBoundary", "filter", "meta", "getElement", "list", "ready$", "isSearchReadyMessage", "take", "withLatestFrom", "skipUntil", "items", "value", "translation", "round", "tap", "switchMap", "merge", "of", "bufferCount", "zipWith", "chunk", "result", "renderSearchResultItem", "isSearchResultMessage", "map", "data", "state", "finalize", "__spreadValues", "watchSearchShare", "_el", "query$", "map", "value", "url", "getLocation", "mountSearchShare", "el", "options", "push$", "Subject", "fromEvent", "ev", "tap", "state", "finalize", "__spreadValues", "mountSearchSuggest", "el", "rx$", "keyboard$", "push$", "Subject", "query", "getComponentElement", "query$", "merge", "fromEvent", "observeOn", "asyncScheduler", "map", "distinctUntilChanged", "combineLatestWith", "suggestions", "value", "words", "last", "filter", "mode", "key", "isSearchResultMessage", "data", "tap", "state", "finalize", "mountSearch", "el", "index$", "keyboard$", "config", "configuration", "url", "worker", "setupSearchWorker", "query", "getComponentElement", "result", "tx$", "rx$", "filter", "isSearchQueryMessage", "sample", "isSearchReadyMessage", "take", "mode", "key", "active", "getActiveElement", "anchors", "anchor", "getElements", "article", "best", "a", "b", "setToggle", "els", "i", "query$", "mountSearchQuery", "result$", "mountSearchResult", "merge", "mergeWith", "getComponentElements", "child", "mountSearchShare", "mountSearchSuggest", "err", "NEVER", "mountSearchHiglight", "el", "index$", "location$", "combineLatest", "startWith", "getLocation", "filter", "url", "map", "index", "setupSearchHighlighter", "fn", "_a", "nodes", "it", "node", "original", "replaced", "text", "childNodes", "h", "watchSidebar", "el", "viewport$", "main$", "parent", "adjust", "combineLatest", "map", "offset", "height", "y", "distinctUntilChanged", "a", "b", "mountSidebar", "_a", "_b", "header$", "options", "__objRest", "inner", "getElement", "getElementOffset", "defer", "push$", "Subject", "auditTime", "animationFrameScheduler", "withLatestFrom", "observeOn", "take", "item", "getElements", "container", "getElementContainer", "getElementSize", "tap", "state", "finalize", "__spreadValues", "fetchSourceFactsFromGitHub", "user", "repo", "url", "zip", "requestJSON", "catchError", "EMPTY", "map", "release", "defaultIfEmpty", "info", "__spreadValues", "fetchSourceFactsFromGitLab", "base", "project", "url", "requestJSON", "catchError", "EMPTY", "map", "star_count", "forks_count", "defaultIfEmpty", "fetchSourceFacts", "url", "match", "user", "repo", "fetchSourceFactsFromGitHub", "base", "slug", "fetchSourceFactsFromGitLab", "EMPTY", "fetch$", "watchSource", "el", "defer", "cached", "of", "getComponentElements", "consent", "EMPTY", "fetchSourceFacts", "tap", "facts", "catchError", "filter", "map", "shareReplay", "mountSource", "inner", "getElement", "push$", "Subject", "renderSourceFacts", "state", "finalize", "__spreadValues", "watchTabs", "el", "viewport$", "header$", "watchElementSize", "switchMap", "watchViewportAt", "map", "y", "distinctUntilKeyChanged", "mountTabs", "options", "defer", "push$", "Subject", "hidden", "feature", "of", "tap", "state", "finalize", "__spreadValues", "watchTableOfContents", "el", "viewport$", "header$", "table", "anchors", "getElements", "anchor", "id", "target", "getOptionalElement", "adjust$", "distinctUntilKeyChanged", "map", "height", "main", "getComponentElement", "grid", "getElement", "share", "watchElementSize", "switchMap", "body", "defer", "path", "of", "index", "offset", "a", "b", "combineLatestWith", "adjust", "scan", "prev", "next", "y", "size", "last", "distinctUntilChanged", "startWith", "bufferCount", "mountTableOfContents", "target$", "push$", "Subject", "done$", "takeLast", "feature", "smooth$", "merge", "debounceTime", "filter", "withLatestFrom", "behavior", "container", "getElementContainer", "getElementSize", "takeUntil", "skip", "repeat", "url", "getLocation", "active", "hash", "tap", "state", "finalize", "__spreadValues", "watchBackToTop", "_el", "viewport$", "main$", "target$", "direction$", "map", "y", "bufferCount", "a", "b", "distinctUntilChanged", "active$", "active", "combineLatest", "direction", "takeUntil", "skip", "endWith", "repeat", "hidden", "mountBackToTop", "el", "header$", "push$", "Subject", "done$", "takeLast", "distinctUntilKeyChanged", "height", "tap", "state", "finalize", "__spreadValues", "patchIndeterminate", "document$", "tablet$", "switchMap", "getElements", "tap", "el", "mergeMap", "fromEvent", "takeWhile", "map", "withLatestFrom", "tablet", "isAppleDevice", "patchScrollfix", "document$", "switchMap", "getElements", "tap", "el", "filter", "mergeMap", "fromEvent", "map", "top", "patchScrolllock", "viewport$", "tablet$", "combineLatest", "watchToggle", "map", "active", "tablet", "switchMap", "of", "delay", "withLatestFrom", "y", "value", "obj", "data", "key", "x", "y", "nodes", "parent", "i", "node", "document$", "watchDocument", "location$", "watchLocation", "target$", "watchLocationTarget", "keyboard$", "watchKeyboard", "viewport$", "watchViewport", "tablet$", "watchMedia", "screen$", "print$", "watchPrint", "config", "configuration", "index$", "requestJSON", "NEVER", "alert$", "Subject", "setupClipboardJS", "feature", "setupInstantLoading", "_a", "setupVersionSelector", "merge", "delay", "setToggle", "filter", "mode", "key", "prev", "getOptionalElement", "next", "patchIndeterminate", "patchScrollfix", "patchScrolllock", "header$", "watchHeader", "getComponentElement", "main$", "map", "switchMap", "el", "watchMain", "shareReplay", "control$", "getComponentElements", "mountConsent", "mountDialog", "mountHeader", "mountPalette", "mountSearch", "mountSource", "content$", "defer", "mountAnnounce", "mountContent", "mountSearchHiglight", "EMPTY", "mountHeaderTitle", "at", "mountSidebar", "mountTabs", "mountTableOfContents", "mountBackToTop", "component$", "mergeWith"] +} diff --git a/2.5/assets/javascripts/client.js b/2.5/assets/javascripts/client.js new file mode 100644 index 000000000..e8fdf1cf4 --- /dev/null +++ b/2.5/assets/javascripts/client.js @@ -0,0 +1,112 @@ +if (window.location.href.indexOf('/client/') >= 0) { + window.window.addEventListener('load', function () { + function setCookie(name, value) { + sessionStorage.setItem(name, value); + } + + function getParameterByName(name) { + var match = RegExp('[?#&]' + name + '=([^&]*)').exec(window.location.hash); + return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); + } + + /* Store URL variables in cookies */ + if (getParameterByName('host')) { + setCookie("host", getParameterByName('host')); + } + if (getParameterByName('email')) { + var email = getParameterByName('email'); + setCookie("email", email); + setCookie("domain", email.substring(email.indexOf('@') + 1)); + } + if (getParameterByName('name')) { + setCookie("name", getParameterByName('name')); + } + if (getParameterByName('ui')) { + setCookie("ui", getParameterByName('ui')); + } + if (getParameterByName('port')) { + setCookie("port", getParameterByName('port')); + } + if (getParameterByName('connector')) { + setCookie("connector", getParameterByName('connector')); + } + if (getParameterByName('outlookEAS')) { + setCookie("outlookEAS", getParameterByName('outlookEAS')); + } + }); +} + +if (window.location.href.indexOf('/client') >= 0) { + window.window.addEventListener('load', function () { + function getCookie(cn) { + return sessionStorage.getItem(cn); + } + + /* Hide variable fields if no values are available */ + if (!getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_available'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_unavailable'), function(el) { + el.style.display = 'none'; + }); + } + + /* Hide the TOC, which might contain hidden content */ + Array.prototype.forEach.call(document.getElementsByClassName('md-sidebar--secondary'), function(el) { + el.style.display = 'none'; + }); + + /* Substitute variables */ + Array.prototype.forEach.call(document.getElementsByClassName('client_var_host'), function(el) { + el.innerText = getCookie('host'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_link'), function(el) { + if (!getCookie('ui') && !getCookie('host')) { + el.href = '#'; + } else { + var ui_domain = getCookie('ui') ? getCookie('ui') : getCookie('host'); + if (getCookie('port') != '443') { + el.href = 'https://' + ui_domain + ':' + getCookie('port') + '/' + el.getAttribute("href"); + } else { + el.href = 'https://' + ui_domain + '/' + el.getAttribute("href"); + } + } + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_email'), function(el) { + el.innerText = getCookie('email'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_name'), function(el) { + el.innerText = getCookie('name'); + }); + if (getCookie('port') != '443') { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_port'), function(el) { + el.innerText = ':' + getCookie('port'); + }); + } + + /* Hide those sections that are not applicable because useOutlookForEAS is disabled or SOGo Connector is not available */ + if (getCookie('connector')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_connector_link'), function(el) { + el.href = el.href.replace('__DOMAIN__', getCookie('domain')).replace('__VERSION__', getCookie('connector')); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_disabled'), function(el) { + el.style.display = 'none'; + }); + } else if (getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_enabled'), function(el) { + el.style.display = 'none'; + }); + } + if (getCookie('outlookEAS') || !getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_disabled'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_enabled'), function(el) { + el.style.display = 'none'; + }); + } + }); +} \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.ar.min.js b/2.5/assets/javascripts/lunr/min/lunr.ar.min.js new file mode 100644 index 000000000..9b06c26c1 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.ar.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ar=function(){this.pipeline.reset(),this.pipeline.add(e.ar.trimmer,e.ar.stopWordFilter,e.ar.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ar.stemmer))},e.ar.wordCharacters="ء-ٛٱـ",e.ar.trimmer=e.trimmerSupport.generateTrimmer(e.ar.wordCharacters),e.Pipeline.registerFunction(e.ar.trimmer,"trimmer-ar"),e.ar.stemmer=function(){var e=this;return e.result=!1,e.preRemoved=!1,e.sufRemoved=!1,e.pre={pre1:"ف ك ب و س ل ن ا ي ت",pre2:"ال لل",pre3:"بال وال فال تال كال ولل",pre4:"فبال كبال وبال وكال"},e.suf={suf1:"ه ك ت ن ا ي",suf2:"نك نه ها وك يا اه ون ين تن تم نا وا ان كم كن ني نن ما هم هن تك ته ات يه",suf3:"تين كهم نيه نهم ونه وها يهم ونا ونك وني وهم تكم تنا تها تني تهم كما كها ناه نكم هنا تان يها",suf4:"كموه ناها ونني ونهم تكما تموه تكاه كماه ناكم ناهم نيها وننا"},e.patterns=JSON.parse('{"pt43":[{"pt":[{"c":"ا","l":1}]},{"pt":[{"c":"ا,ت,ن,ي","l":0}],"mPt":[{"c":"ف","l":0,"m":1},{"c":"ع","l":1,"m":2},{"c":"ل","l":2,"m":3}]},{"pt":[{"c":"و","l":2}],"mPt":[{"c":"ف","l":0,"m":0},{"c":"ع","l":1,"m":1},{"c":"ل","l":2,"m":3}]},{"pt":[{"c":"ا","l":2}]},{"pt":[{"c":"ي","l":2}],"mPt":[{"c":"ف","l":0,"m":0},{"c":"ع","l":1,"m":1},{"c":"ا","l":2},{"c":"ل","l":3,"m":3}]},{"pt":[{"c":"م","l":0}]}],"pt53":[{"pt":[{"c":"ت","l":0},{"c":"ا","l":2}]},{"pt":[{"c":"ا,ن,ت,ي","l":0},{"c":"ت","l":2}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ت","l":2},{"c":"ع","l":3,"m":3},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"ا","l":0},{"c":"ا","l":2}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ع","l":2,"m":3},{"c":"ل","l":3,"m":4},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"ا","l":0},{"c":"ا","l":3}],"mPt":[{"c":"ف","l":0,"m":1},{"c":"ع","l":1,"m":2},{"c":"ل","l":2,"m":4}]},{"pt":[{"c":"ا","l":3},{"c":"ن","l":4}]},{"pt":[{"c":"ت","l":0},{"c":"ي","l":3}]},{"pt":[{"c":"م","l":0},{"c":"و","l":3}]},{"pt":[{"c":"ا","l":1},{"c":"و","l":3}]},{"pt":[{"c":"و","l":1},{"c":"ا","l":2}]},{"pt":[{"c":"م","l":0},{"c":"ا","l":3}]},{"pt":[{"c":"م","l":0},{"c":"ي","l":3}]},{"pt":[{"c":"ا","l":2},{"c":"ن","l":3}]},{"pt":[{"c":"م","l":0},{"c":"ن","l":1}],"mPt":[{"c":"ا","l":0},{"c":"ن","l":1},{"c":"ف","l":2,"m":2},{"c":"ع","l":3,"m":3},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"م","l":0},{"c":"ت","l":2}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ت","l":2},{"c":"ع","l":3,"m":3},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"م","l":0},{"c":"ا","l":2}]},{"pt":[{"c":"م","l":1},{"c":"ا","l":3}]},{"pt":[{"c":"ي,ت,ا,ن","l":0},{"c":"ت","l":1}],"mPt":[{"c":"ف","l":0,"m":2},{"c":"ع","l":1,"m":3},{"c":"ا","l":2},{"c":"ل","l":3,"m":4}]},{"pt":[{"c":"ت,ي,ا,ن","l":0},{"c":"ت","l":2}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ت","l":2},{"c":"ع","l":3,"m":3},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"ا","l":2},{"c":"ي","l":3}]},{"pt":[{"c":"ا,ي,ت,ن","l":0},{"c":"ن","l":1}],"mPt":[{"c":"ا","l":0},{"c":"ن","l":1},{"c":"ف","l":2,"m":2},{"c":"ع","l":3,"m":3},{"c":"ا","l":4},{"c":"ل","l":5,"m":4}]},{"pt":[{"c":"ا","l":3},{"c":"ء","l":4}]}],"pt63":[{"pt":[{"c":"ا","l":0},{"c":"ت","l":2},{"c":"ا","l":4}]},{"pt":[{"c":"ا,ت,ن,ي","l":0},{"c":"س","l":1},{"c":"ت","l":2}],"mPt":[{"c":"ا","l":0},{"c":"س","l":1},{"c":"ت","l":2},{"c":"ف","l":3,"m":3},{"c":"ع","l":4,"m":4},{"c":"ا","l":5},{"c":"ل","l":6,"m":5}]},{"pt":[{"c":"ا,ن,ت,ي","l":0},{"c":"و","l":3}]},{"pt":[{"c":"م","l":0},{"c":"س","l":1},{"c":"ت","l":2}],"mPt":[{"c":"ا","l":0},{"c":"س","l":1},{"c":"ت","l":2},{"c":"ف","l":3,"m":3},{"c":"ع","l":4,"m":4},{"c":"ا","l":5},{"c":"ل","l":6,"m":5}]},{"pt":[{"c":"ي","l":1},{"c":"ي","l":3},{"c":"ا","l":4},{"c":"ء","l":5}]},{"pt":[{"c":"ا","l":0},{"c":"ن","l":1},{"c":"ا","l":4}]}],"pt54":[{"pt":[{"c":"ت","l":0}]},{"pt":[{"c":"ا,ي,ت,ن","l":0}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ع","l":2,"m":2},{"c":"ل","l":3,"m":3},{"c":"ر","l":4,"m":4},{"c":"ا","l":5},{"c":"ر","l":6,"m":4}]},{"pt":[{"c":"م","l":0}],"mPt":[{"c":"ا","l":0},{"c":"ف","l":1,"m":1},{"c":"ع","l":2,"m":2},{"c":"ل","l":3,"m":3},{"c":"ر","l":4,"m":4},{"c":"ا","l":5},{"c":"ر","l":6,"m":4}]},{"pt":[{"c":"ا","l":2}]},{"pt":[{"c":"ا","l":0},{"c":"ن","l":2}]}],"pt64":[{"pt":[{"c":"ا","l":0},{"c":"ا","l":4}]},{"pt":[{"c":"م","l":0},{"c":"ت","l":1}]}],"pt73":[{"pt":[{"c":"ا","l":0},{"c":"س","l":1},{"c":"ت","l":2},{"c":"ا","l":5}]}],"pt75":[{"pt":[{"c":"ا","l":0},{"c":"ا","l":5}]}]}'),e.execArray=["cleanWord","removeDiacritics","cleanAlef","removeStopWords","normalizeHamzaAndAlef","removeStartWaw","removePre432","removeEndTaa","wordCheck"],e.stem=function(){var r=0;for(e.result=!1,e.preRemoved=!1,e.sufRemoved=!1;r=0)return!0},e.normalizeHamzaAndAlef=function(){return e.word=e.word.replace("ؤ","ء"),e.word=e.word.replace("ئ","ء"),e.word=e.word.replace(/([\u0627])\1+/gi,"ا"),!1},e.removeEndTaa=function(){return!(e.word.length>2)||(e.word=e.word.replace(/[\u0627]$/,""),e.word=e.word.replace("ة",""),!1)},e.removeStartWaw=function(){return e.word.length>3&&"و"==e.word[0]&&"و"==e.word[1]&&(e.word=e.word.slice(1)),!1},e.removePre432=function(){var r=e.word;if(e.word.length>=7){var t=new RegExp("^("+e.pre.pre4.split(" ").join("|")+")");e.word=e.word.replace(t,"")}if(e.word==r&&e.word.length>=6){var c=new RegExp("^("+e.pre.pre3.split(" ").join("|")+")");e.word=e.word.replace(c,"")}if(e.word==r&&e.word.length>=5){var l=new RegExp("^("+e.pre.pre2.split(" ").join("|")+")");e.word=e.word.replace(l,"")}return r!=e.word&&(e.preRemoved=!0),!1},e.patternCheck=function(r){for(var t=0;t3){var t=new RegExp("^("+e.pre.pre1.split(" ").join("|")+")");e.word=e.word.replace(t,"")}return r!=e.word&&(e.preRemoved=!0),!1},e.removeSuf1=function(){var r=e.word;if(0==e.sufRemoved&&e.word.length>3){var t=new RegExp("("+e.suf.suf1.split(" ").join("|")+")$");e.word=e.word.replace(t,"")}return r!=e.word&&(e.sufRemoved=!0),!1},e.removeSuf432=function(){var r=e.word;if(e.word.length>=6){var t=new RegExp("("+e.suf.suf4.split(" ").join("|")+")$");e.word=e.word.replace(t,"")}if(e.word==r&&e.word.length>=5){var c=new RegExp("("+e.suf.suf3.split(" ").join("|")+")$");e.word=e.word.replace(c,"")}if(e.word==r&&e.word.length>=4){var l=new RegExp("("+e.suf.suf2.split(" ").join("|")+")$");e.word=e.word.replace(l,"")}return r!=e.word&&(e.sufRemoved=!0),!1},e.wordCheck=function(){for(var r=(e.word,[e.removeSuf432,e.removeSuf1,e.removePre1]),t=0,c=!1;e.word.length>=7&&!e.result&&t=f.limit)return;f.cursor++}for(;!f.out_grouping(w,97,248);){if(f.cursor>=f.limit)return;f.cursor++}d=f.cursor,d=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(c,32),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del();break;case 2:f.in_grouping_b(p,97,229)&&f.slice_del()}}function t(){var e,r=f.limit-f.cursor;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.find_among_b(l,4)?(f.bra=f.cursor,f.limit_backward=e,f.cursor=f.limit-r,f.cursor>f.limit_backward&&(f.cursor--,f.bra=f.cursor,f.slice_del())):f.limit_backward=e)}function s(){var e,r,i,n=f.limit-f.cursor;if(f.ket=f.cursor,f.eq_s_b(2,"st")&&(f.bra=f.cursor,f.eq_s_b(2,"ig")&&f.slice_del()),f.cursor=f.limit-n,f.cursor>=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(m,5),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del(),i=f.limit-f.cursor,t(),f.cursor=f.limit-i;break;case 2:f.slice_from("løs")}}function o(){var e;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.out_grouping_b(w,97,248)?(f.bra=f.cursor,u=f.slice_to(u),f.limit_backward=e,f.eq_v_b(u)&&f.slice_del()):f.limit_backward=e)}var a,d,u,c=[new r("hed",-1,1),new r("ethed",0,1),new r("ered",-1,1),new r("e",-1,1),new r("erede",3,1),new r("ende",3,1),new r("erende",5,1),new r("ene",3,1),new r("erne",3,1),new r("ere",3,1),new r("en",-1,1),new r("heden",10,1),new r("eren",10,1),new r("er",-1,1),new r("heder",13,1),new r("erer",13,1),new r("s",-1,2),new r("heds",16,1),new r("es",16,1),new r("endes",18,1),new r("erendes",19,1),new r("enes",18,1),new r("ernes",18,1),new r("eres",18,1),new r("ens",16,1),new r("hedens",24,1),new r("erens",24,1),new r("ers",16,1),new r("ets",16,1),new r("erets",28,1),new r("et",-1,1),new r("eret",30,1)],l=[new r("gd",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("elig",1,1),new r("els",-1,1),new r("løst",-1,2)],w=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],p=[239,254,42,3,0,0,0,0,0,0,0,0,0,0,0,0,16],f=new i;this.setCurrent=function(e){f.setCurrent(e)},this.getCurrent=function(){return f.getCurrent()},this.stem=function(){var r=f.cursor;return e(),f.limit_backward=r,f.cursor=f.limit,n(),f.cursor=f.limit,t(),f.cursor=f.limit,s(),f.cursor=f.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.da.stemmer,"stemmer-da"),e.da.stopWordFilter=e.generateStopWordFilter("ad af alle alt anden at blev blive bliver da de dem den denne der deres det dette dig din disse dog du efter eller en end er et for fra ham han hans har havde have hende hendes her hos hun hvad hvis hvor i ikke ind jeg jer jo kunne man mange med meget men mig min mine mit mod ned noget nogle nu når og også om op os over på selv sig sin sine sit skal skulle som sådan thi til ud under var vi vil ville vor være været".split(" ")),e.Pipeline.registerFunction(e.da.stopWordFilter,"stopWordFilter-da")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.de.min.js b/2.5/assets/javascripts/lunr/min/lunr.de.min.js new file mode 100644 index 000000000..f3b5c108c --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.de.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `German` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.de=function(){this.pipeline.reset(),this.pipeline.add(e.de.trimmer,e.de.stopWordFilter,e.de.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.de.stemmer))},e.de.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.de.trimmer=e.trimmerSupport.generateTrimmer(e.de.wordCharacters),e.Pipeline.registerFunction(e.de.trimmer,"trimmer-de"),e.de.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){function e(e,r,n){return!(!v.eq_s(1,e)||(v.ket=v.cursor,!v.in_grouping(p,97,252)))&&(v.slice_from(r),v.cursor=n,!0)}function i(){for(var r,n,i,s,t=v.cursor;;)if(r=v.cursor,v.bra=r,v.eq_s(1,"ß"))v.ket=v.cursor,v.slice_from("ss");else{if(r>=v.limit)break;v.cursor=r+1}for(v.cursor=t;;)for(n=v.cursor;;){if(i=v.cursor,v.in_grouping(p,97,252)){if(s=v.cursor,v.bra=s,e("u","U",i))break;if(v.cursor=s,e("y","Y",i))break}if(i>=v.limit)return void(v.cursor=n);v.cursor=i+1}}function s(){for(;!v.in_grouping(p,97,252);){if(v.cursor>=v.limit)return!0;v.cursor++}for(;!v.out_grouping(p,97,252);){if(v.cursor>=v.limit)return!0;v.cursor++}return!1}function t(){m=v.limit,l=m;var e=v.cursor+3;0<=e&&e<=v.limit&&(d=e,s()||(m=v.cursor,m=v.limit)return;v.cursor++}}}function c(){return m<=v.cursor}function u(){return l<=v.cursor}function a(){var e,r,n,i,s=v.limit-v.cursor;if(v.ket=v.cursor,(e=v.find_among_b(w,7))&&(v.bra=v.cursor,c()))switch(e){case 1:v.slice_del();break;case 2:v.slice_del(),v.ket=v.cursor,v.eq_s_b(1,"s")&&(v.bra=v.cursor,v.eq_s_b(3,"nis")&&v.slice_del());break;case 3:v.in_grouping_b(g,98,116)&&v.slice_del()}if(v.cursor=v.limit-s,v.ket=v.cursor,(e=v.find_among_b(f,4))&&(v.bra=v.cursor,c()))switch(e){case 1:v.slice_del();break;case 2:if(v.in_grouping_b(k,98,116)){var t=v.cursor-3;v.limit_backward<=t&&t<=v.limit&&(v.cursor=t,v.slice_del())}}if(v.cursor=v.limit-s,v.ket=v.cursor,(e=v.find_among_b(_,8))&&(v.bra=v.cursor,u()))switch(e){case 1:v.slice_del(),v.ket=v.cursor,v.eq_s_b(2,"ig")&&(v.bra=v.cursor,r=v.limit-v.cursor,v.eq_s_b(1,"e")||(v.cursor=v.limit-r,u()&&v.slice_del()));break;case 2:n=v.limit-v.cursor,v.eq_s_b(1,"e")||(v.cursor=v.limit-n,v.slice_del());break;case 3:if(v.slice_del(),v.ket=v.cursor,i=v.limit-v.cursor,!v.eq_s_b(2,"er")&&(v.cursor=v.limit-i,!v.eq_s_b(2,"en")))break;v.bra=v.cursor,c()&&v.slice_del();break;case 4:v.slice_del(),v.ket=v.cursor,e=v.find_among_b(b,2),e&&(v.bra=v.cursor,u()&&1==e&&v.slice_del())}}var d,l,m,h=[new r("",-1,6),new r("U",0,2),new r("Y",0,1),new r("ä",0,3),new r("ö",0,4),new r("ü",0,5)],w=[new r("e",-1,2),new r("em",-1,1),new r("en",-1,2),new r("ern",-1,1),new r("er",-1,1),new r("s",-1,3),new r("es",5,2)],f=[new r("en",-1,1),new r("er",-1,1),new r("st",-1,2),new r("est",2,1)],b=[new r("ig",-1,1),new r("lich",-1,1)],_=[new r("end",-1,1),new r("ig",-1,2),new r("ung",-1,1),new r("lich",-1,3),new r("isch",-1,2),new r("ik",-1,2),new r("heit",-1,3),new r("keit",-1,4)],p=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,32,8],g=[117,30,5],k=[117,30,4],v=new n;this.setCurrent=function(e){v.setCurrent(e)},this.getCurrent=function(){return v.getCurrent()},this.stem=function(){var e=v.cursor;return i(),v.cursor=e,t(),v.limit_backward=e,v.cursor=v.limit,a(),v.cursor=v.limit_backward,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.de.stemmer,"stemmer-de"),e.de.stopWordFilter=e.generateStopWordFilter("aber alle allem allen aller alles als also am an ander andere anderem anderen anderer anderes anderm andern anderr anders auch auf aus bei bin bis bist da damit dann das dasselbe dazu daß dein deine deinem deinen deiner deines dem demselben den denn denselben der derer derselbe derselben des desselben dessen dich die dies diese dieselbe dieselben diesem diesen dieser dieses dir doch dort du durch ein eine einem einen einer eines einig einige einigem einigen einiger einiges einmal er es etwas euch euer eure eurem euren eurer eures für gegen gewesen hab habe haben hat hatte hatten hier hin hinter ich ihm ihn ihnen ihr ihre ihrem ihren ihrer ihres im in indem ins ist jede jedem jeden jeder jedes jene jenem jenen jener jenes jetzt kann kein keine keinem keinen keiner keines können könnte machen man manche manchem manchen mancher manches mein meine meinem meinen meiner meines mich mir mit muss musste nach nicht nichts noch nun nur ob oder ohne sehr sein seine seinem seinen seiner seines selbst sich sie sind so solche solchem solchen solcher solches soll sollte sondern sonst um und uns unse unsem unsen unser unses unter viel vom von vor war waren warst was weg weil weiter welche welchem welchen welcher welches wenn werde werden wie wieder will wir wird wirst wo wollen wollte während würde würden zu zum zur zwar zwischen über".split(" ")),e.Pipeline.registerFunction(e.de.stopWordFilter,"stopWordFilter-de")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.du.min.js b/2.5/assets/javascripts/lunr/min/lunr.du.min.js new file mode 100644 index 000000000..49a0f3f0a --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.du.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Dutch` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");console.warn('[Lunr Languages] Please use the "nl" instead of the "du". The "nl" code is the standard code for Dutch language, and "du" will be removed in the next major versions.'),e.du=function(){this.pipeline.reset(),this.pipeline.add(e.du.trimmer,e.du.stopWordFilter,e.du.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.du.stemmer))},e.du.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.du.trimmer=e.trimmerSupport.generateTrimmer(e.du.wordCharacters),e.Pipeline.registerFunction(e.du.trimmer,"trimmer-du"),e.du.stemmer=function(){var r=e.stemmerSupport.Among,i=e.stemmerSupport.SnowballProgram,n=new function(){function e(){for(var e,r,i,o=C.cursor;;){if(C.bra=C.cursor,e=C.find_among(b,11))switch(C.ket=C.cursor,e){case 1:C.slice_from("a");continue;case 2:C.slice_from("e");continue;case 3:C.slice_from("i");continue;case 4:C.slice_from("o");continue;case 5:C.slice_from("u");continue;case 6:if(C.cursor>=C.limit)break;C.cursor++;continue}break}for(C.cursor=o,C.bra=o,C.eq_s(1,"y")?(C.ket=C.cursor,C.slice_from("Y")):C.cursor=o;;)if(r=C.cursor,C.in_grouping(q,97,232)){if(i=C.cursor,C.bra=i,C.eq_s(1,"i"))C.ket=C.cursor,C.in_grouping(q,97,232)&&(C.slice_from("I"),C.cursor=r);else if(C.cursor=i,C.eq_s(1,"y"))C.ket=C.cursor,C.slice_from("Y"),C.cursor=r;else if(n(r))break}else if(n(r))break}function n(e){return C.cursor=e,e>=C.limit||(C.cursor++,!1)}function o(){_=C.limit,f=_,t()||(_=C.cursor,_<3&&(_=3),t()||(f=C.cursor))}function t(){for(;!C.in_grouping(q,97,232);){if(C.cursor>=C.limit)return!0;C.cursor++}for(;!C.out_grouping(q,97,232);){if(C.cursor>=C.limit)return!0;C.cursor++}return!1}function s(){for(var e;;)if(C.bra=C.cursor,e=C.find_among(p,3))switch(C.ket=C.cursor,e){case 1:C.slice_from("y");break;case 2:C.slice_from("i");break;case 3:if(C.cursor>=C.limit)return;C.cursor++}}function u(){return _<=C.cursor}function c(){return f<=C.cursor}function a(){var e=C.limit-C.cursor;C.find_among_b(g,3)&&(C.cursor=C.limit-e,C.ket=C.cursor,C.cursor>C.limit_backward&&(C.cursor--,C.bra=C.cursor,C.slice_del()))}function l(){var e;w=!1,C.ket=C.cursor,C.eq_s_b(1,"e")&&(C.bra=C.cursor,u()&&(e=C.limit-C.cursor,C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-e,C.slice_del(),w=!0,a())))}function m(){var e;u()&&(e=C.limit-C.cursor,C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-e,C.eq_s_b(3,"gem")||(C.cursor=C.limit-e,C.slice_del(),a())))}function d(){var e,r,i,n,o,t,s=C.limit-C.cursor;if(C.ket=C.cursor,e=C.find_among_b(h,5))switch(C.bra=C.cursor,e){case 1:u()&&C.slice_from("heid");break;case 2:m();break;case 3:u()&&C.out_grouping_b(z,97,232)&&C.slice_del()}if(C.cursor=C.limit-s,l(),C.cursor=C.limit-s,C.ket=C.cursor,C.eq_s_b(4,"heid")&&(C.bra=C.cursor,c()&&(r=C.limit-C.cursor,C.eq_s_b(1,"c")||(C.cursor=C.limit-r,C.slice_del(),C.ket=C.cursor,C.eq_s_b(2,"en")&&(C.bra=C.cursor,m())))),C.cursor=C.limit-s,C.ket=C.cursor,e=C.find_among_b(k,6))switch(C.bra=C.cursor,e){case 1:if(c()){if(C.slice_del(),i=C.limit-C.cursor,C.ket=C.cursor,C.eq_s_b(2,"ig")&&(C.bra=C.cursor,c()&&(n=C.limit-C.cursor,!C.eq_s_b(1,"e")))){C.cursor=C.limit-n,C.slice_del();break}C.cursor=C.limit-i,a()}break;case 2:c()&&(o=C.limit-C.cursor,C.eq_s_b(1,"e")||(C.cursor=C.limit-o,C.slice_del()));break;case 3:c()&&(C.slice_del(),l());break;case 4:c()&&C.slice_del();break;case 5:c()&&w&&C.slice_del()}C.cursor=C.limit-s,C.out_grouping_b(j,73,232)&&(t=C.limit-C.cursor,C.find_among_b(v,4)&&C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-t,C.ket=C.cursor,C.cursor>C.limit_backward&&(C.cursor--,C.bra=C.cursor,C.slice_del())))}var f,_,w,b=[new r("",-1,6),new r("á",0,1),new r("ä",0,1),new r("é",0,2),new r("ë",0,2),new r("í",0,3),new r("ï",0,3),new r("ó",0,4),new r("ö",0,4),new r("ú",0,5),new r("ü",0,5)],p=[new r("",-1,3),new r("I",0,2),new r("Y",0,1)],g=[new r("dd",-1,-1),new r("kk",-1,-1),new r("tt",-1,-1)],h=[new r("ene",-1,2),new r("se",-1,3),new r("en",-1,2),new r("heden",2,1),new r("s",-1,3)],k=[new r("end",-1,1),new r("ig",-1,2),new r("ing",-1,1),new r("lijk",-1,3),new r("baar",-1,4),new r("bar",-1,5)],v=[new r("aa",-1,-1),new r("ee",-1,-1),new r("oo",-1,-1),new r("uu",-1,-1)],q=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],j=[1,0,0,17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],z=[17,67,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],C=new i;this.setCurrent=function(e){C.setCurrent(e)},this.getCurrent=function(){return C.getCurrent()},this.stem=function(){var r=C.cursor;return e(),C.cursor=r,o(),C.limit_backward=r,C.cursor=C.limit,d(),C.cursor=C.limit_backward,s(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.du.stemmer,"stemmer-du"),e.du.stopWordFilter=e.generateStopWordFilter(" aan al alles als altijd andere ben bij daar dan dat de der deze die dit doch doen door dus een eens en er ge geen geweest haar had heb hebben heeft hem het hier hij hoe hun iemand iets ik in is ja je kan kon kunnen maar me meer men met mij mijn moet na naar niet niets nog nu of om omdat onder ons ook op over reeds te tegen toch toen tot u uit uw van veel voor want waren was wat werd wezen wie wil worden wordt zal ze zelf zich zij zijn zo zonder zou".split(" ")),e.Pipeline.registerFunction(e.du.stopWordFilter,"stopWordFilter-du")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.es.min.js b/2.5/assets/javascripts/lunr/min/lunr.es.min.js new file mode 100644 index 000000000..2989d3426 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.es.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Spanish` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,s){"function"==typeof define&&define.amd?define(s):"object"==typeof exports?module.exports=s():s()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.es=function(){this.pipeline.reset(),this.pipeline.add(e.es.trimmer,e.es.stopWordFilter,e.es.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.es.stemmer))},e.es.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.es.trimmer=e.trimmerSupport.generateTrimmer(e.es.wordCharacters),e.Pipeline.registerFunction(e.es.trimmer,"trimmer-es"),e.es.stemmer=function(){var s=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,n=new function(){function e(){if(A.out_grouping(x,97,252)){for(;!A.in_grouping(x,97,252);){if(A.cursor>=A.limit)return!0;A.cursor++}return!1}return!0}function n(){if(A.in_grouping(x,97,252)){var s=A.cursor;if(e()){if(A.cursor=s,!A.in_grouping(x,97,252))return!0;for(;!A.out_grouping(x,97,252);){if(A.cursor>=A.limit)return!0;A.cursor++}}return!1}return!0}function i(){var s,r=A.cursor;if(n()){if(A.cursor=r,!A.out_grouping(x,97,252))return;if(s=A.cursor,e()){if(A.cursor=s,!A.in_grouping(x,97,252)||A.cursor>=A.limit)return;A.cursor++}}g=A.cursor}function a(){for(;!A.in_grouping(x,97,252);){if(A.cursor>=A.limit)return!1;A.cursor++}for(;!A.out_grouping(x,97,252);){if(A.cursor>=A.limit)return!1;A.cursor++}return!0}function t(){var e=A.cursor;g=A.limit,p=g,v=g,i(),A.cursor=e,a()&&(p=A.cursor,a()&&(v=A.cursor))}function o(){for(var e;;){if(A.bra=A.cursor,e=A.find_among(k,6))switch(A.ket=A.cursor,e){case 1:A.slice_from("a");continue;case 2:A.slice_from("e");continue;case 3:A.slice_from("i");continue;case 4:A.slice_from("o");continue;case 5:A.slice_from("u");continue;case 6:if(A.cursor>=A.limit)break;A.cursor++;continue}break}}function u(){return g<=A.cursor}function w(){return p<=A.cursor}function c(){return v<=A.cursor}function m(){var e;if(A.ket=A.cursor,A.find_among_b(y,13)&&(A.bra=A.cursor,(e=A.find_among_b(q,11))&&u()))switch(e){case 1:A.bra=A.cursor,A.slice_from("iendo");break;case 2:A.bra=A.cursor,A.slice_from("ando");break;case 3:A.bra=A.cursor,A.slice_from("ar");break;case 4:A.bra=A.cursor,A.slice_from("er");break;case 5:A.bra=A.cursor,A.slice_from("ir");break;case 6:A.slice_del();break;case 7:A.eq_s_b(1,"u")&&A.slice_del()}}function l(e,s){if(!c())return!0;A.slice_del(),A.ket=A.cursor;var r=A.find_among_b(e,s);return r&&(A.bra=A.cursor,1==r&&c()&&A.slice_del()),!1}function d(e){return!c()||(A.slice_del(),A.ket=A.cursor,A.eq_s_b(2,e)&&(A.bra=A.cursor,c()&&A.slice_del()),!1)}function b(){var e;if(A.ket=A.cursor,e=A.find_among_b(S,46)){switch(A.bra=A.cursor,e){case 1:if(!c())return!1;A.slice_del();break;case 2:if(d("ic"))return!1;break;case 3:if(!c())return!1;A.slice_from("log");break;case 4:if(!c())return!1;A.slice_from("u");break;case 5:if(!c())return!1;A.slice_from("ente");break;case 6:if(!w())return!1;A.slice_del(),A.ket=A.cursor,e=A.find_among_b(C,4),e&&(A.bra=A.cursor,c()&&(A.slice_del(),1==e&&(A.ket=A.cursor,A.eq_s_b(2,"at")&&(A.bra=A.cursor,c()&&A.slice_del()))));break;case 7:if(l(P,3))return!1;break;case 8:if(l(F,3))return!1;break;case 9:if(d("at"))return!1}return!0}return!1}function f(){var e,s;if(A.cursor>=g&&(s=A.limit_backward,A.limit_backward=g,A.ket=A.cursor,e=A.find_among_b(W,12),A.limit_backward=s,e)){if(A.bra=A.cursor,1==e){if(!A.eq_s_b(1,"u"))return!1;A.slice_del()}return!0}return!1}function _(){var e,s,r,n;if(A.cursor>=g&&(s=A.limit_backward,A.limit_backward=g,A.ket=A.cursor,e=A.find_among_b(L,96),A.limit_backward=s,e))switch(A.bra=A.cursor,e){case 1:r=A.limit-A.cursor,A.eq_s_b(1,"u")?(n=A.limit-A.cursor,A.eq_s_b(1,"g")?A.cursor=A.limit-n:A.cursor=A.limit-r):A.cursor=A.limit-r,A.bra=A.cursor;case 2:A.slice_del()}}function h(){var e,s;if(A.ket=A.cursor,e=A.find_among_b(z,8))switch(A.bra=A.cursor,e){case 1:u()&&A.slice_del();break;case 2:u()&&(A.slice_del(),A.ket=A.cursor,A.eq_s_b(1,"u")&&(A.bra=A.cursor,s=A.limit-A.cursor,A.eq_s_b(1,"g")&&(A.cursor=A.limit-s,u()&&A.slice_del())))}}var v,p,g,k=[new s("",-1,6),new s("á",0,1),new s("é",0,2),new s("í",0,3),new s("ó",0,4),new s("ú",0,5)],y=[new s("la",-1,-1),new s("sela",0,-1),new s("le",-1,-1),new s("me",-1,-1),new s("se",-1,-1),new s("lo",-1,-1),new s("selo",5,-1),new s("las",-1,-1),new s("selas",7,-1),new s("les",-1,-1),new s("los",-1,-1),new s("selos",10,-1),new s("nos",-1,-1)],q=[new s("ando",-1,6),new s("iendo",-1,6),new s("yendo",-1,7),new s("ándo",-1,2),new s("iéndo",-1,1),new s("ar",-1,6),new s("er",-1,6),new s("ir",-1,6),new s("ár",-1,3),new s("ér",-1,4),new s("ír",-1,5)],C=[new s("ic",-1,-1),new s("ad",-1,-1),new s("os",-1,-1),new s("iv",-1,1)],P=[new s("able",-1,1),new s("ible",-1,1),new s("ante",-1,1)],F=[new s("ic",-1,1),new s("abil",-1,1),new s("iv",-1,1)],S=[new s("ica",-1,1),new s("ancia",-1,2),new s("encia",-1,5),new s("adora",-1,2),new s("osa",-1,1),new s("ista",-1,1),new s("iva",-1,9),new s("anza",-1,1),new s("logía",-1,3),new s("idad",-1,8),new s("able",-1,1),new s("ible",-1,1),new s("ante",-1,2),new s("mente",-1,7),new s("amente",13,6),new s("ación",-1,2),new s("ución",-1,4),new s("ico",-1,1),new s("ismo",-1,1),new s("oso",-1,1),new s("amiento",-1,1),new s("imiento",-1,1),new s("ivo",-1,9),new s("ador",-1,2),new s("icas",-1,1),new s("ancias",-1,2),new s("encias",-1,5),new s("adoras",-1,2),new s("osas",-1,1),new s("istas",-1,1),new s("ivas",-1,9),new s("anzas",-1,1),new s("logías",-1,3),new s("idades",-1,8),new s("ables",-1,1),new s("ibles",-1,1),new s("aciones",-1,2),new s("uciones",-1,4),new s("adores",-1,2),new s("antes",-1,2),new s("icos",-1,1),new s("ismos",-1,1),new s("osos",-1,1),new s("amientos",-1,1),new s("imientos",-1,1),new s("ivos",-1,9)],W=[new s("ya",-1,1),new s("ye",-1,1),new s("yan",-1,1),new s("yen",-1,1),new s("yeron",-1,1),new s("yendo",-1,1),new s("yo",-1,1),new s("yas",-1,1),new s("yes",-1,1),new s("yais",-1,1),new s("yamos",-1,1),new s("yó",-1,1)],L=[new s("aba",-1,2),new s("ada",-1,2),new s("ida",-1,2),new s("ara",-1,2),new s("iera",-1,2),new s("ía",-1,2),new s("aría",5,2),new s("ería",5,2),new s("iría",5,2),new s("ad",-1,2),new s("ed",-1,2),new s("id",-1,2),new s("ase",-1,2),new s("iese",-1,2),new s("aste",-1,2),new s("iste",-1,2),new s("an",-1,2),new s("aban",16,2),new s("aran",16,2),new s("ieran",16,2),new s("ían",16,2),new s("arían",20,2),new s("erían",20,2),new s("irían",20,2),new s("en",-1,1),new s("asen",24,2),new s("iesen",24,2),new s("aron",-1,2),new s("ieron",-1,2),new s("arán",-1,2),new s("erán",-1,2),new s("irán",-1,2),new s("ado",-1,2),new s("ido",-1,2),new s("ando",-1,2),new s("iendo",-1,2),new s("ar",-1,2),new s("er",-1,2),new s("ir",-1,2),new s("as",-1,2),new s("abas",39,2),new s("adas",39,2),new s("idas",39,2),new s("aras",39,2),new s("ieras",39,2),new s("ías",39,2),new s("arías",45,2),new s("erías",45,2),new s("irías",45,2),new s("es",-1,1),new s("ases",49,2),new s("ieses",49,2),new s("abais",-1,2),new s("arais",-1,2),new s("ierais",-1,2),new s("íais",-1,2),new s("aríais",55,2),new s("eríais",55,2),new s("iríais",55,2),new s("aseis",-1,2),new s("ieseis",-1,2),new s("asteis",-1,2),new s("isteis",-1,2),new s("áis",-1,2),new s("éis",-1,1),new s("aréis",64,2),new s("eréis",64,2),new s("iréis",64,2),new s("ados",-1,2),new s("idos",-1,2),new s("amos",-1,2),new s("ábamos",70,2),new s("áramos",70,2),new s("iéramos",70,2),new s("íamos",70,2),new s("aríamos",74,2),new s("eríamos",74,2),new s("iríamos",74,2),new s("emos",-1,1),new s("aremos",78,2),new s("eremos",78,2),new s("iremos",78,2),new s("ásemos",78,2),new s("iésemos",78,2),new s("imos",-1,2),new s("arás",-1,2),new s("erás",-1,2),new s("irás",-1,2),new s("ís",-1,2),new s("ará",-1,2),new s("erá",-1,2),new s("irá",-1,2),new s("aré",-1,2),new s("eré",-1,2),new s("iré",-1,2),new s("ió",-1,2)],z=[new s("a",-1,1),new s("e",-1,2),new s("o",-1,1),new s("os",-1,1),new s("á",-1,1),new s("é",-1,2),new s("í",-1,1),new s("ó",-1,1)],x=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,4,10],A=new r;this.setCurrent=function(e){A.setCurrent(e)},this.getCurrent=function(){return A.getCurrent()},this.stem=function(){var e=A.cursor;return t(),A.limit_backward=e,A.cursor=A.limit,m(),A.cursor=A.limit,b()||(A.cursor=A.limit,f()||(A.cursor=A.limit,_())),A.cursor=A.limit,h(),A.cursor=A.limit_backward,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.es.stemmer,"stemmer-es"),e.es.stopWordFilter=e.generateStopWordFilter("a al algo algunas algunos ante antes como con contra cual cuando de del desde donde durante e el ella ellas ellos en entre era erais eran eras eres es esa esas ese eso esos esta estaba estabais estaban estabas estad estada estadas estado estados estamos estando estar estaremos estará estarán estarás estaré estaréis estaría estaríais estaríamos estarían estarías estas este estemos esto estos estoy estuve estuviera estuvierais estuvieran estuvieras estuvieron estuviese estuvieseis estuviesen estuvieses estuvimos estuviste estuvisteis estuviéramos estuviésemos estuvo está estábamos estáis están estás esté estéis estén estés fue fuera fuerais fueran fueras fueron fuese fueseis fuesen fueses fui fuimos fuiste fuisteis fuéramos fuésemos ha habida habidas habido habidos habiendo habremos habrá habrán habrás habré habréis habría habríais habríamos habrían habrías habéis había habíais habíamos habían habías han has hasta hay haya hayamos hayan hayas hayáis he hemos hube hubiera hubierais hubieran hubieras hubieron hubiese hubieseis hubiesen hubieses hubimos hubiste hubisteis hubiéramos hubiésemos hubo la las le les lo los me mi mis mucho muchos muy más mí mía mías mío míos nada ni no nos nosotras nosotros nuestra nuestras nuestro nuestros o os otra otras otro otros para pero poco por porque que quien quienes qué se sea seamos sean seas seremos será serán serás seré seréis sería seríais seríamos serían serías seáis sido siendo sin sobre sois somos son soy su sus suya suyas suyo suyos sí también tanto te tendremos tendrá tendrán tendrás tendré tendréis tendría tendríais tendríamos tendrían tendrías tened tenemos tenga tengamos tengan tengas tengo tengáis tenida tenidas tenido tenidos teniendo tenéis tenía teníais teníamos tenían tenías ti tiene tienen tienes todo todos tu tus tuve tuviera tuvierais tuvieran tuvieras tuvieron tuviese tuvieseis tuviesen tuvieses tuvimos tuviste tuvisteis tuviéramos tuviésemos tuvo tuya tuyas tuyo tuyos tú un una uno unos vosotras vosotros vuestra vuestras vuestro vuestros y ya yo él éramos".split(" ")),e.Pipeline.registerFunction(e.es.stopWordFilter,"stopWordFilter-es")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.fi.min.js b/2.5/assets/javascripts/lunr/min/lunr.fi.min.js new file mode 100644 index 000000000..29f5dfcea --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.fi.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Finnish` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(i,e){"function"==typeof define&&define.amd?define(e):"object"==typeof exports?module.exports=e():e()(i.lunr)}(this,function(){return function(i){if(void 0===i)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===i.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");i.fi=function(){this.pipeline.reset(),this.pipeline.add(i.fi.trimmer,i.fi.stopWordFilter,i.fi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(i.fi.stemmer))},i.fi.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",i.fi.trimmer=i.trimmerSupport.generateTrimmer(i.fi.wordCharacters),i.Pipeline.registerFunction(i.fi.trimmer,"trimmer-fi"),i.fi.stemmer=function(){var e=i.stemmerSupport.Among,r=i.stemmerSupport.SnowballProgram,n=new function(){function i(){f=A.limit,d=f,n()||(f=A.cursor,n()||(d=A.cursor))}function n(){for(var i;;){if(i=A.cursor,A.in_grouping(W,97,246))break;if(A.cursor=i,i>=A.limit)return!0;A.cursor++}for(A.cursor=i;!A.out_grouping(W,97,246);){if(A.cursor>=A.limit)return!0;A.cursor++}return!1}function t(){return d<=A.cursor}function s(){var i,e;if(A.cursor>=f)if(e=A.limit_backward,A.limit_backward=f,A.ket=A.cursor,i=A.find_among_b(h,10)){switch(A.bra=A.cursor,A.limit_backward=e,i){case 1:if(!A.in_grouping_b(x,97,246))return;break;case 2:if(!t())return}A.slice_del()}else A.limit_backward=e}function o(){var i,e,r;if(A.cursor>=f)if(e=A.limit_backward,A.limit_backward=f,A.ket=A.cursor,i=A.find_among_b(v,9))switch(A.bra=A.cursor,A.limit_backward=e,i){case 1:r=A.limit-A.cursor,A.eq_s_b(1,"k")||(A.cursor=A.limit-r,A.slice_del());break;case 2:A.slice_del(),A.ket=A.cursor,A.eq_s_b(3,"kse")&&(A.bra=A.cursor,A.slice_from("ksi"));break;case 3:A.slice_del();break;case 4:A.find_among_b(p,6)&&A.slice_del();break;case 5:A.find_among_b(g,6)&&A.slice_del();break;case 6:A.find_among_b(j,2)&&A.slice_del()}else A.limit_backward=e}function l(){return A.find_among_b(q,7)}function a(){return A.eq_s_b(1,"i")&&A.in_grouping_b(L,97,246)}function u(){var i,e,r;if(A.cursor>=f)if(e=A.limit_backward,A.limit_backward=f,A.ket=A.cursor,i=A.find_among_b(C,30)){switch(A.bra=A.cursor,A.limit_backward=e,i){case 1:if(!A.eq_s_b(1,"a"))return;break;case 2:case 9:if(!A.eq_s_b(1,"e"))return;break;case 3:if(!A.eq_s_b(1,"i"))return;break;case 4:if(!A.eq_s_b(1,"o"))return;break;case 5:if(!A.eq_s_b(1,"ä"))return;break;case 6:if(!A.eq_s_b(1,"ö"))return;break;case 7:if(r=A.limit-A.cursor,!l()&&(A.cursor=A.limit-r,!A.eq_s_b(2,"ie"))){A.cursor=A.limit-r;break}if(A.cursor=A.limit-r,A.cursor<=A.limit_backward){A.cursor=A.limit-r;break}A.cursor--,A.bra=A.cursor;break;case 8:if(!A.in_grouping_b(W,97,246)||!A.out_grouping_b(W,97,246))return}A.slice_del(),k=!0}else A.limit_backward=e}function c(){var i,e,r;if(A.cursor>=d)if(e=A.limit_backward,A.limit_backward=d,A.ket=A.cursor,i=A.find_among_b(P,14)){if(A.bra=A.cursor,A.limit_backward=e,1==i){if(r=A.limit-A.cursor,A.eq_s_b(2,"po"))return;A.cursor=A.limit-r}A.slice_del()}else A.limit_backward=e}function m(){var i;A.cursor>=f&&(i=A.limit_backward,A.limit_backward=f,A.ket=A.cursor,A.find_among_b(F,2)?(A.bra=A.cursor,A.limit_backward=i,A.slice_del()):A.limit_backward=i)}function w(){var i,e,r,n,t,s;if(A.cursor>=f){if(e=A.limit_backward,A.limit_backward=f,A.ket=A.cursor,A.eq_s_b(1,"t")&&(A.bra=A.cursor,r=A.limit-A.cursor,A.in_grouping_b(W,97,246)&&(A.cursor=A.limit-r,A.slice_del(),A.limit_backward=e,n=A.limit-A.cursor,A.cursor>=d&&(A.cursor=d,t=A.limit_backward,A.limit_backward=A.cursor,A.cursor=A.limit-n,A.ket=A.cursor,i=A.find_among_b(S,2))))){if(A.bra=A.cursor,A.limit_backward=t,1==i){if(s=A.limit-A.cursor,A.eq_s_b(2,"po"))return;A.cursor=A.limit-s}return void A.slice_del()}A.limit_backward=e}}function _(){var i,e,r,n;if(A.cursor>=f){for(i=A.limit_backward,A.limit_backward=f,e=A.limit-A.cursor,l()&&(A.cursor=A.limit-e,A.ket=A.cursor,A.cursor>A.limit_backward&&(A.cursor--,A.bra=A.cursor,A.slice_del())),A.cursor=A.limit-e,A.ket=A.cursor,A.in_grouping_b(y,97,228)&&(A.bra=A.cursor,A.out_grouping_b(W,97,246)&&A.slice_del()),A.cursor=A.limit-e,A.ket=A.cursor,A.eq_s_b(1,"j")&&(A.bra=A.cursor,r=A.limit-A.cursor,A.eq_s_b(1,"o")?A.slice_del():(A.cursor=A.limit-r,A.eq_s_b(1,"u")&&A.slice_del())),A.cursor=A.limit-e,A.ket=A.cursor,A.eq_s_b(1,"o")&&(A.bra=A.cursor,A.eq_s_b(1,"j")&&A.slice_del()),A.cursor=A.limit-e,A.limit_backward=i;;){if(n=A.limit-A.cursor,A.out_grouping_b(W,97,246)){A.cursor=A.limit-n;break}if(A.cursor=A.limit-n,A.cursor<=A.limit_backward)return;A.cursor--}A.ket=A.cursor,A.cursor>A.limit_backward&&(A.cursor--,A.bra=A.cursor,b=A.slice_to(),A.eq_v_b(b)&&A.slice_del())}}var k,b,d,f,h=[new e("pa",-1,1),new e("sti",-1,2),new e("kaan",-1,1),new e("han",-1,1),new e("kin",-1,1),new e("hän",-1,1),new e("kään",-1,1),new e("ko",-1,1),new e("pä",-1,1),new e("kö",-1,1)],p=[new e("lla",-1,-1),new e("na",-1,-1),new e("ssa",-1,-1),new e("ta",-1,-1),new e("lta",3,-1),new e("sta",3,-1)],g=[new e("llä",-1,-1),new e("nä",-1,-1),new e("ssä",-1,-1),new e("tä",-1,-1),new e("ltä",3,-1),new e("stä",3,-1)],j=[new e("lle",-1,-1),new e("ine",-1,-1)],v=[new e("nsa",-1,3),new e("mme",-1,3),new e("nne",-1,3),new e("ni",-1,2),new e("si",-1,1),new e("an",-1,4),new e("en",-1,6),new e("än",-1,5),new e("nsä",-1,3)],q=[new e("aa",-1,-1),new e("ee",-1,-1),new e("ii",-1,-1),new e("oo",-1,-1),new e("uu",-1,-1),new e("ää",-1,-1),new e("öö",-1,-1)],C=[new e("a",-1,8),new e("lla",0,-1),new e("na",0,-1),new e("ssa",0,-1),new e("ta",0,-1),new e("lta",4,-1),new e("sta",4,-1),new e("tta",4,9),new e("lle",-1,-1),new e("ine",-1,-1),new e("ksi",-1,-1),new e("n",-1,7),new e("han",11,1),new e("den",11,-1,a),new e("seen",11,-1,l),new e("hen",11,2),new e("tten",11,-1,a),new e("hin",11,3),new e("siin",11,-1,a),new e("hon",11,4),new e("hän",11,5),new e("hön",11,6),new e("ä",-1,8),new e("llä",22,-1),new e("nä",22,-1),new e("ssä",22,-1),new e("tä",22,-1),new e("ltä",26,-1),new e("stä",26,-1),new e("ttä",26,9)],P=[new e("eja",-1,-1),new e("mma",-1,1),new e("imma",1,-1),new e("mpa",-1,1),new e("impa",3,-1),new e("mmi",-1,1),new e("immi",5,-1),new e("mpi",-1,1),new e("impi",7,-1),new e("ejä",-1,-1),new e("mmä",-1,1),new e("immä",10,-1),new e("mpä",-1,1),new e("impä",12,-1)],F=[new e("i",-1,-1),new e("j",-1,-1)],S=[new e("mma",-1,1),new e("imma",0,-1)],y=[17,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8],W=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,32],L=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,32],x=[17,97,24,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,32],A=new r;this.setCurrent=function(i){A.setCurrent(i)},this.getCurrent=function(){return A.getCurrent()},this.stem=function(){var e=A.cursor;return i(),k=!1,A.limit_backward=e,A.cursor=A.limit,s(),A.cursor=A.limit,o(),A.cursor=A.limit,u(),A.cursor=A.limit,c(),A.cursor=A.limit,k?(m(),A.cursor=A.limit):(A.cursor=A.limit,w(),A.cursor=A.limit),_(),!0}};return function(i){return"function"==typeof i.update?i.update(function(i){return n.setCurrent(i),n.stem(),n.getCurrent()}):(n.setCurrent(i),n.stem(),n.getCurrent())}}(),i.Pipeline.registerFunction(i.fi.stemmer,"stemmer-fi"),i.fi.stopWordFilter=i.generateStopWordFilter("ei eivät emme en et ette että he heidän heidät heihin heille heillä heiltä heissä heistä heitä hän häneen hänelle hänellä häneltä hänen hänessä hänestä hänet häntä itse ja johon joiden joihin joiksi joilla joille joilta joina joissa joista joita joka joksi jolla jolle jolta jona jonka jos jossa josta jota jotka kanssa keiden keihin keiksi keille keillä keiltä keinä keissä keistä keitä keneen keneksi kenelle kenellä keneltä kenen kenenä kenessä kenestä kenet ketkä ketkä ketä koska kuin kuka kun me meidän meidät meihin meille meillä meiltä meissä meistä meitä mihin miksi mikä mille millä miltä minkä minkä minua minulla minulle minulta minun minussa minusta minut minuun minä minä missä mistä mitkä mitä mukaan mutta ne niiden niihin niiksi niille niillä niiltä niin niin niinä niissä niistä niitä noiden noihin noiksi noilla noille noilta noin noina noissa noista noita nuo nyt näiden näihin näiksi näille näillä näiltä näinä näissä näistä näitä nämä ole olemme olen olet olette oli olimme olin olisi olisimme olisin olisit olisitte olisivat olit olitte olivat olla olleet ollut on ovat poikki se sekä sen siihen siinä siitä siksi sille sillä sillä siltä sinua sinulla sinulle sinulta sinun sinussa sinusta sinut sinuun sinä sinä sitä tai te teidän teidät teihin teille teillä teiltä teissä teistä teitä tuo tuohon tuoksi tuolla tuolle tuolta tuon tuona tuossa tuosta tuota tähän täksi tälle tällä tältä tämä tämän tänä tässä tästä tätä vaan vai vaikka yli".split(" ")),i.Pipeline.registerFunction(i.fi.stopWordFilter,"stopWordFilter-fi")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.fr.min.js b/2.5/assets/javascripts/lunr/min/lunr.fr.min.js new file mode 100644 index 000000000..68cd0094a --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.fr.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `French` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.fr=function(){this.pipeline.reset(),this.pipeline.add(e.fr.trimmer,e.fr.stopWordFilter,e.fr.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.fr.stemmer))},e.fr.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.fr.trimmer=e.trimmerSupport.generateTrimmer(e.fr.wordCharacters),e.Pipeline.registerFunction(e.fr.trimmer,"trimmer-fr"),e.fr.stemmer=function(){var r=e.stemmerSupport.Among,s=e.stemmerSupport.SnowballProgram,i=new function(){function e(e,r,s){return!(!W.eq_s(1,e)||(W.ket=W.cursor,!W.in_grouping(F,97,251)))&&(W.slice_from(r),W.cursor=s,!0)}function i(e,r,s){return!!W.eq_s(1,e)&&(W.ket=W.cursor,W.slice_from(r),W.cursor=s,!0)}function n(){for(var r,s;;){if(r=W.cursor,W.in_grouping(F,97,251)){if(W.bra=W.cursor,s=W.cursor,e("u","U",r))continue;if(W.cursor=s,e("i","I",r))continue;if(W.cursor=s,i("y","Y",r))continue}if(W.cursor=r,W.bra=r,!e("y","Y",r)){if(W.cursor=r,W.eq_s(1,"q")&&(W.bra=W.cursor,i("u","U",r)))continue;if(W.cursor=r,r>=W.limit)return;W.cursor++}}}function t(){for(;!W.in_grouping(F,97,251);){if(W.cursor>=W.limit)return!0;W.cursor++}for(;!W.out_grouping(F,97,251);){if(W.cursor>=W.limit)return!0;W.cursor++}return!1}function u(){var e=W.cursor;if(q=W.limit,g=q,p=q,W.in_grouping(F,97,251)&&W.in_grouping(F,97,251)&&W.cursor=W.limit){W.cursor=q;break}W.cursor++}while(!W.in_grouping(F,97,251))}q=W.cursor,W.cursor=e,t()||(g=W.cursor,t()||(p=W.cursor))}function o(){for(var e,r;;){if(r=W.cursor,W.bra=r,!(e=W.find_among(h,4)))break;switch(W.ket=W.cursor,e){case 1:W.slice_from("i");break;case 2:W.slice_from("u");break;case 3:W.slice_from("y");break;case 4:if(W.cursor>=W.limit)return;W.cursor++}}}function c(){return q<=W.cursor}function a(){return g<=W.cursor}function l(){return p<=W.cursor}function w(){var e,r;if(W.ket=W.cursor,e=W.find_among_b(C,43)){switch(W.bra=W.cursor,e){case 1:if(!l())return!1;W.slice_del();break;case 2:if(!l())return!1;W.slice_del(),W.ket=W.cursor,W.eq_s_b(2,"ic")&&(W.bra=W.cursor,l()?W.slice_del():W.slice_from("iqU"));break;case 3:if(!l())return!1;W.slice_from("log");break;case 4:if(!l())return!1;W.slice_from("u");break;case 5:if(!l())return!1;W.slice_from("ent");break;case 6:if(!c())return!1;if(W.slice_del(),W.ket=W.cursor,e=W.find_among_b(z,6))switch(W.bra=W.cursor,e){case 1:l()&&(W.slice_del(),W.ket=W.cursor,W.eq_s_b(2,"at")&&(W.bra=W.cursor,l()&&W.slice_del()));break;case 2:l()?W.slice_del():a()&&W.slice_from("eux");break;case 3:l()&&W.slice_del();break;case 4:c()&&W.slice_from("i")}break;case 7:if(!l())return!1;if(W.slice_del(),W.ket=W.cursor,e=W.find_among_b(y,3))switch(W.bra=W.cursor,e){case 1:l()?W.slice_del():W.slice_from("abl");break;case 2:l()?W.slice_del():W.slice_from("iqU");break;case 3:l()&&W.slice_del()}break;case 8:if(!l())return!1;if(W.slice_del(),W.ket=W.cursor,W.eq_s_b(2,"at")&&(W.bra=W.cursor,l()&&(W.slice_del(),W.ket=W.cursor,W.eq_s_b(2,"ic")))){W.bra=W.cursor,l()?W.slice_del():W.slice_from("iqU");break}break;case 9:W.slice_from("eau");break;case 10:if(!a())return!1;W.slice_from("al");break;case 11:if(l())W.slice_del();else{if(!a())return!1;W.slice_from("eux")}break;case 12:if(!a()||!W.out_grouping_b(F,97,251))return!1;W.slice_del();break;case 13:return c()&&W.slice_from("ant"),!1;case 14:return c()&&W.slice_from("ent"),!1;case 15:return r=W.limit-W.cursor,W.in_grouping_b(F,97,251)&&c()&&(W.cursor=W.limit-r,W.slice_del()),!1}return!0}return!1}function f(){var e,r;if(W.cursor=q){if(s=W.limit_backward,W.limit_backward=q,W.ket=W.cursor,e=W.find_among_b(P,7))switch(W.bra=W.cursor,e){case 1:if(l()){if(i=W.limit-W.cursor,!W.eq_s_b(1,"s")&&(W.cursor=W.limit-i,!W.eq_s_b(1,"t")))break;W.slice_del()}break;case 2:W.slice_from("i");break;case 3:W.slice_del();break;case 4:W.eq_s_b(2,"gu")&&W.slice_del()}W.limit_backward=s}}function b(){var e=W.limit-W.cursor;W.find_among_b(U,5)&&(W.cursor=W.limit-e,W.ket=W.cursor,W.cursor>W.limit_backward&&(W.cursor--,W.bra=W.cursor,W.slice_del()))}function d(){for(var e,r=1;W.out_grouping_b(F,97,251);)r--;if(r<=0){if(W.ket=W.cursor,e=W.limit-W.cursor,!W.eq_s_b(1,"é")&&(W.cursor=W.limit-e,!W.eq_s_b(1,"è")))return;W.bra=W.cursor,W.slice_from("e")}}function k(){if(!w()&&(W.cursor=W.limit,!f()&&(W.cursor=W.limit,!m())))return W.cursor=W.limit,void _();W.cursor=W.limit,W.ket=W.cursor,W.eq_s_b(1,"Y")?(W.bra=W.cursor,W.slice_from("i")):(W.cursor=W.limit,W.eq_s_b(1,"ç")&&(W.bra=W.cursor,W.slice_from("c")))}var p,g,q,v=[new r("col",-1,-1),new r("par",-1,-1),new r("tap",-1,-1)],h=[new r("",-1,4),new r("I",0,1),new r("U",0,2),new r("Y",0,3)],z=[new r("iqU",-1,3),new r("abl",-1,3),new r("Ièr",-1,4),new r("ièr",-1,4),new r("eus",-1,2),new r("iv",-1,1)],y=[new r("ic",-1,2),new r("abil",-1,1),new r("iv",-1,3)],C=[new r("iqUe",-1,1),new r("atrice",-1,2),new r("ance",-1,1),new r("ence",-1,5),new r("logie",-1,3),new r("able",-1,1),new r("isme",-1,1),new r("euse",-1,11),new r("iste",-1,1),new r("ive",-1,8),new r("if",-1,8),new r("usion",-1,4),new r("ation",-1,2),new r("ution",-1,4),new r("ateur",-1,2),new r("iqUes",-1,1),new r("atrices",-1,2),new r("ances",-1,1),new r("ences",-1,5),new r("logies",-1,3),new r("ables",-1,1),new r("ismes",-1,1),new r("euses",-1,11),new r("istes",-1,1),new r("ives",-1,8),new r("ifs",-1,8),new r("usions",-1,4),new r("ations",-1,2),new r("utions",-1,4),new r("ateurs",-1,2),new r("ments",-1,15),new r("ements",30,6),new r("issements",31,12),new r("ités",-1,7),new r("ment",-1,15),new r("ement",34,6),new r("issement",35,12),new r("amment",34,13),new r("emment",34,14),new r("aux",-1,10),new r("eaux",39,9),new r("eux",-1,1),new r("ité",-1,7)],x=[new r("ira",-1,1),new r("ie",-1,1),new r("isse",-1,1),new r("issante",-1,1),new r("i",-1,1),new r("irai",4,1),new r("ir",-1,1),new r("iras",-1,1),new r("ies",-1,1),new r("îmes",-1,1),new r("isses",-1,1),new r("issantes",-1,1),new r("îtes",-1,1),new r("is",-1,1),new r("irais",13,1),new r("issais",13,1),new r("irions",-1,1),new r("issions",-1,1),new r("irons",-1,1),new r("issons",-1,1),new r("issants",-1,1),new r("it",-1,1),new r("irait",21,1),new r("issait",21,1),new r("issant",-1,1),new r("iraIent",-1,1),new r("issaIent",-1,1),new r("irent",-1,1),new r("issent",-1,1),new r("iront",-1,1),new r("ît",-1,1),new r("iriez",-1,1),new r("issiez",-1,1),new r("irez",-1,1),new r("issez",-1,1)],I=[new r("a",-1,3),new r("era",0,2),new r("asse",-1,3),new r("ante",-1,3),new r("ée",-1,2),new r("ai",-1,3),new r("erai",5,2),new r("er",-1,2),new r("as",-1,3),new r("eras",8,2),new r("âmes",-1,3),new r("asses",-1,3),new r("antes",-1,3),new r("âtes",-1,3),new r("ées",-1,2),new r("ais",-1,3),new r("erais",15,2),new r("ions",-1,1),new r("erions",17,2),new r("assions",17,3),new r("erons",-1,2),new r("ants",-1,3),new r("és",-1,2),new r("ait",-1,3),new r("erait",23,2),new r("ant",-1,3),new r("aIent",-1,3),new r("eraIent",26,2),new r("èrent",-1,2),new r("assent",-1,3),new r("eront",-1,2),new r("ât",-1,3),new r("ez",-1,2),new r("iez",32,2),new r("eriez",33,2),new r("assiez",33,3),new r("erez",32,2),new r("é",-1,2)],P=[new r("e",-1,3),new r("Ière",0,2),new r("ière",0,2),new r("ion",-1,1),new r("Ier",-1,2),new r("ier",-1,2),new r("ë",-1,4)],U=[new r("ell",-1,-1),new r("eill",-1,-1),new r("enn",-1,-1),new r("onn",-1,-1),new r("ett",-1,-1)],F=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,128,130,103,8,5],S=[1,65,20,0,0,0,0,0,0,0,0,0,0,0,0,0,128],W=new s;this.setCurrent=function(e){W.setCurrent(e)},this.getCurrent=function(){return W.getCurrent()},this.stem=function(){var e=W.cursor;return n(),W.cursor=e,u(),W.limit_backward=e,W.cursor=W.limit,k(),W.cursor=W.limit,b(),W.cursor=W.limit,d(),W.cursor=W.limit_backward,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.fr.stemmer,"stemmer-fr"),e.fr.stopWordFilter=e.generateStopWordFilter("ai aie aient aies ait as au aura aurai auraient aurais aurait auras aurez auriez aurions aurons auront aux avaient avais avait avec avez aviez avions avons ayant ayez ayons c ce ceci celà ces cet cette d dans de des du elle en es est et eu eue eues eurent eus eusse eussent eusses eussiez eussions eut eux eûmes eût eûtes furent fus fusse fussent fusses fussiez fussions fut fûmes fût fûtes ici il ils j je l la le les leur leurs lui m ma mais me mes moi mon même n ne nos notre nous on ont ou par pas pour qu que quel quelle quelles quels qui s sa sans se sera serai seraient serais serait seras serez seriez serions serons seront ses soi soient sois soit sommes son sont soyez soyons suis sur t ta te tes toi ton tu un une vos votre vous y à étaient étais était étant étiez étions été étée étées étés êtes".split(" ")),e.Pipeline.registerFunction(e.fr.stopWordFilter,"stopWordFilter-fr")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.hi.min.js b/2.5/assets/javascripts/lunr/min/lunr.hi.min.js new file mode 100644 index 000000000..7dbc41402 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.hi.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Za-zA-Z0-90-9",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.hu.min.js b/2.5/assets/javascripts/lunr/min/lunr.hu.min.js new file mode 100644 index 000000000..ed9d909f7 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.hu.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Hungarian` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,n){"function"==typeof define&&define.amd?define(n):"object"==typeof exports?module.exports=n():n()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hu=function(){this.pipeline.reset(),this.pipeline.add(e.hu.trimmer,e.hu.stopWordFilter,e.hu.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hu.stemmer))},e.hu.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.hu.trimmer=e.trimmerSupport.generateTrimmer(e.hu.wordCharacters),e.Pipeline.registerFunction(e.hu.trimmer,"trimmer-hu"),e.hu.stemmer=function(){var n=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,i=new function(){function e(){var e,n=L.cursor;if(d=L.limit,L.in_grouping(W,97,252))for(;;){if(e=L.cursor,L.out_grouping(W,97,252))return L.cursor=e,L.find_among(g,8)||(L.cursor=e,e=L.limit)return void(d=e);L.cursor++}if(L.cursor=n,L.out_grouping(W,97,252)){for(;!L.in_grouping(W,97,252);){if(L.cursor>=L.limit)return;L.cursor++}d=L.cursor}}function i(){return d<=L.cursor}function a(){var e;if(L.ket=L.cursor,(e=L.find_among_b(h,2))&&(L.bra=L.cursor,i()))switch(e){case 1:L.slice_from("a");break;case 2:L.slice_from("e")}}function t(){var e=L.limit-L.cursor;return!!L.find_among_b(p,23)&&(L.cursor=L.limit-e,!0)}function s(){if(L.cursor>L.limit_backward){L.cursor--,L.ket=L.cursor;var e=L.cursor-1;L.limit_backward<=e&&e<=L.limit&&(L.cursor=e,L.bra=e,L.slice_del())}}function c(){var e;if(L.ket=L.cursor,(e=L.find_among_b(_,2))&&(L.bra=L.cursor,i())){if((1==e||2==e)&&!t())return;L.slice_del(),s()}}function o(){L.ket=L.cursor,L.find_among_b(v,44)&&(L.bra=L.cursor,i()&&(L.slice_del(),a()))}function w(){var e;if(L.ket=L.cursor,(e=L.find_among_b(z,3))&&(L.bra=L.cursor,i()))switch(e){case 1:L.slice_from("e");break;case 2:case 3:L.slice_from("a")}}function l(){var e;if(L.ket=L.cursor,(e=L.find_among_b(y,6))&&(L.bra=L.cursor,i()))switch(e){case 1:case 2:L.slice_del();break;case 3:L.slice_from("a");break;case 4:L.slice_from("e")}}function u(){var e;if(L.ket=L.cursor,(e=L.find_among_b(j,2))&&(L.bra=L.cursor,i())){if((1==e||2==e)&&!t())return;L.slice_del(),s()}}function m(){var e;if(L.ket=L.cursor,(e=L.find_among_b(C,7))&&(L.bra=L.cursor,i()))switch(e){case 1:L.slice_from("a");break;case 2:L.slice_from("e");break;case 3:case 4:case 5:case 6:case 7:L.slice_del()}}function k(){var e;if(L.ket=L.cursor,(e=L.find_among_b(P,12))&&(L.bra=L.cursor,i()))switch(e){case 1:case 4:case 7:case 9:L.slice_del();break;case 2:case 5:case 8:L.slice_from("e");break;case 3:case 6:L.slice_from("a")}}function f(){var e;if(L.ket=L.cursor,(e=L.find_among_b(F,31))&&(L.bra=L.cursor,i()))switch(e){case 1:case 4:case 7:case 8:case 9:case 12:case 13:case 16:case 17:case 18:L.slice_del();break;case 2:case 5:case 10:case 14:case 19:L.slice_from("a");break;case 3:case 6:case 11:case 15:case 20:L.slice_from("e")}}function b(){var e;if(L.ket=L.cursor,(e=L.find_among_b(S,42))&&(L.bra=L.cursor,i()))switch(e){case 1:case 4:case 5:case 6:case 9:case 10:case 11:case 14:case 15:case 16:case 17:case 20:case 21:case 24:case 25:case 26:case 29:L.slice_del();break;case 2:case 7:case 12:case 18:case 22:case 27:L.slice_from("a");break;case 3:case 8:case 13:case 19:case 23:case 28:L.slice_from("e")}}var d,g=[new n("cs",-1,-1),new n("dzs",-1,-1),new n("gy",-1,-1),new n("ly",-1,-1),new n("ny",-1,-1),new n("sz",-1,-1),new n("ty",-1,-1),new n("zs",-1,-1)],h=[new n("á",-1,1),new n("é",-1,2)],p=[new n("bb",-1,-1),new n("cc",-1,-1),new n("dd",-1,-1),new n("ff",-1,-1),new n("gg",-1,-1),new n("jj",-1,-1),new n("kk",-1,-1),new n("ll",-1,-1),new n("mm",-1,-1),new n("nn",-1,-1),new n("pp",-1,-1),new n("rr",-1,-1),new n("ccs",-1,-1),new n("ss",-1,-1),new n("zzs",-1,-1),new n("tt",-1,-1),new n("vv",-1,-1),new n("ggy",-1,-1),new n("lly",-1,-1),new n("nny",-1,-1),new n("tty",-1,-1),new n("ssz",-1,-1),new n("zz",-1,-1)],_=[new n("al",-1,1),new n("el",-1,2)],v=[new n("ba",-1,-1),new n("ra",-1,-1),new n("be",-1,-1),new n("re",-1,-1),new n("ig",-1,-1),new n("nak",-1,-1),new n("nek",-1,-1),new n("val",-1,-1),new n("vel",-1,-1),new n("ul",-1,-1),new n("nál",-1,-1),new n("nél",-1,-1),new n("ból",-1,-1),new n("ról",-1,-1),new n("tól",-1,-1),new n("bõl",-1,-1),new n("rõl",-1,-1),new n("tõl",-1,-1),new n("ül",-1,-1),new n("n",-1,-1),new n("an",19,-1),new n("ban",20,-1),new n("en",19,-1),new n("ben",22,-1),new n("képpen",22,-1),new n("on",19,-1),new n("ön",19,-1),new n("képp",-1,-1),new n("kor",-1,-1),new n("t",-1,-1),new n("at",29,-1),new n("et",29,-1),new n("ként",29,-1),new n("anként",32,-1),new n("enként",32,-1),new n("onként",32,-1),new n("ot",29,-1),new n("ért",29,-1),new n("öt",29,-1),new n("hez",-1,-1),new n("hoz",-1,-1),new n("höz",-1,-1),new n("vá",-1,-1),new n("vé",-1,-1)],z=[new n("án",-1,2),new n("én",-1,1),new n("ánként",-1,3)],y=[new n("stul",-1,2),new n("astul",0,1),new n("ástul",0,3),new n("stül",-1,2),new n("estül",3,1),new n("éstül",3,4)],j=[new n("á",-1,1),new n("é",-1,2)],C=[new n("k",-1,7),new n("ak",0,4),new n("ek",0,6),new n("ok",0,5),new n("ák",0,1),new n("ék",0,2),new n("ök",0,3)],P=[new n("éi",-1,7),new n("áéi",0,6),new n("ééi",0,5),new n("é",-1,9),new n("ké",3,4),new n("aké",4,1),new n("eké",4,1),new n("oké",4,1),new n("áké",4,3),new n("éké",4,2),new n("öké",4,1),new n("éé",3,8)],F=[new n("a",-1,18),new n("ja",0,17),new n("d",-1,16),new n("ad",2,13),new n("ed",2,13),new n("od",2,13),new n("ád",2,14),new n("éd",2,15),new n("öd",2,13),new n("e",-1,18),new n("je",9,17),new n("nk",-1,4),new n("unk",11,1),new n("ánk",11,2),new n("énk",11,3),new n("ünk",11,1),new n("uk",-1,8),new n("juk",16,7),new n("ájuk",17,5),new n("ük",-1,8),new n("jük",19,7),new n("éjük",20,6),new n("m",-1,12),new n("am",22,9),new n("em",22,9),new n("om",22,9),new n("ám",22,10),new n("ém",22,11),new n("o",-1,18),new n("á",-1,19),new n("é",-1,20)],S=[new n("id",-1,10),new n("aid",0,9),new n("jaid",1,6),new n("eid",0,9),new n("jeid",3,6),new n("áid",0,7),new n("éid",0,8),new n("i",-1,15),new n("ai",7,14),new n("jai",8,11),new n("ei",7,14),new n("jei",10,11),new n("ái",7,12),new n("éi",7,13),new n("itek",-1,24),new n("eitek",14,21),new n("jeitek",15,20),new n("éitek",14,23),new n("ik",-1,29),new n("aik",18,26),new n("jaik",19,25),new n("eik",18,26),new n("jeik",21,25),new n("áik",18,27),new n("éik",18,28),new n("ink",-1,20),new n("aink",25,17),new n("jaink",26,16),new n("eink",25,17),new n("jeink",28,16),new n("áink",25,18),new n("éink",25,19),new n("aitok",-1,21),new n("jaitok",32,20),new n("áitok",-1,22),new n("im",-1,5),new n("aim",35,4),new n("jaim",36,1),new n("eim",35,4),new n("jeim",38,1),new n("áim",35,2),new n("éim",35,3)],W=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,52,14],L=new r;this.setCurrent=function(e){L.setCurrent(e)},this.getCurrent=function(){return L.getCurrent()},this.stem=function(){var n=L.cursor;return e(),L.limit_backward=n,L.cursor=L.limit,c(),L.cursor=L.limit,o(),L.cursor=L.limit,w(),L.cursor=L.limit,l(),L.cursor=L.limit,u(),L.cursor=L.limit,k(),L.cursor=L.limit,f(),L.cursor=L.limit,b(),L.cursor=L.limit,m(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.hu.stemmer,"stemmer-hu"),e.hu.stopWordFilter=e.generateStopWordFilter("a abban ahhoz ahogy ahol aki akik akkor alatt amely amelyek amelyekben amelyeket amelyet amelynek ami amikor amit amolyan amíg annak arra arról az azok azon azonban azt aztán azután azzal azért be belül benne bár cikk cikkek cikkeket csak de e ebben eddig egy egyes egyetlen egyik egyre egyéb egész ehhez ekkor el ellen elsõ elég elõ elõször elõtt emilyen ennek erre ez ezek ezen ezt ezzel ezért fel felé hanem hiszen hogy hogyan igen ill ill. illetve ilyen ilyenkor ismét ison itt jobban jó jól kell kellett keressünk keresztül ki kívül között közül legalább legyen lehet lehetett lenne lenni lesz lett maga magát majd majd meg mellett mely melyek mert mi mikor milyen minden mindenki mindent mindig mint mintha mit mivel miért most már más másik még míg nagy nagyobb nagyon ne nekem neki nem nincs néha néhány nélkül olyan ott pedig persze rá s saját sem semmi sok sokat sokkal szemben szerint szinte számára talán tehát teljes tovább továbbá több ugyanis utolsó után utána vagy vagyis vagyok valaki valami valamint való van vannak vele vissza viszont volna volt voltak voltam voltunk által általában át én éppen és így õ õk õket össze úgy új újabb újra".split(" ")),e.Pipeline.registerFunction(e.hu.stopWordFilter,"stopWordFilter-hu")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.it.min.js b/2.5/assets/javascripts/lunr/min/lunr.it.min.js new file mode 100644 index 000000000..344b6a3c0 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.it.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Italian` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.it=function(){this.pipeline.reset(),this.pipeline.add(e.it.trimmer,e.it.stopWordFilter,e.it.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.it.stemmer))},e.it.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.it.trimmer=e.trimmerSupport.generateTrimmer(e.it.wordCharacters),e.Pipeline.registerFunction(e.it.trimmer,"trimmer-it"),e.it.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){function e(e,r,n){return!(!x.eq_s(1,e)||(x.ket=x.cursor,!x.in_grouping(L,97,249)))&&(x.slice_from(r),x.cursor=n,!0)}function i(){for(var r,n,i,o,t=x.cursor;;){if(x.bra=x.cursor,r=x.find_among(h,7))switch(x.ket=x.cursor,r){case 1:x.slice_from("à");continue;case 2:x.slice_from("è");continue;case 3:x.slice_from("ì");continue;case 4:x.slice_from("ò");continue;case 5:x.slice_from("ù");continue;case 6:x.slice_from("qU");continue;case 7:if(x.cursor>=x.limit)break;x.cursor++;continue}break}for(x.cursor=t;;)for(n=x.cursor;;){if(i=x.cursor,x.in_grouping(L,97,249)){if(x.bra=x.cursor,o=x.cursor,e("u","U",i))break;if(x.cursor=o,e("i","I",i))break}if(x.cursor=i,x.cursor>=x.limit)return void(x.cursor=n);x.cursor++}}function o(e){if(x.cursor=e,!x.in_grouping(L,97,249))return!1;for(;!x.out_grouping(L,97,249);){if(x.cursor>=x.limit)return!1;x.cursor++}return!0}function t(){if(x.in_grouping(L,97,249)){var e=x.cursor;if(x.out_grouping(L,97,249)){for(;!x.in_grouping(L,97,249);){if(x.cursor>=x.limit)return o(e);x.cursor++}return!0}return o(e)}return!1}function s(){var e,r=x.cursor;if(!t()){if(x.cursor=r,!x.out_grouping(L,97,249))return;if(e=x.cursor,x.out_grouping(L,97,249)){for(;!x.in_grouping(L,97,249);){if(x.cursor>=x.limit)return x.cursor=e,void(x.in_grouping(L,97,249)&&x.cursor=x.limit)return;x.cursor++}k=x.cursor}function a(){for(;!x.in_grouping(L,97,249);){if(x.cursor>=x.limit)return!1;x.cursor++}for(;!x.out_grouping(L,97,249);){if(x.cursor>=x.limit)return!1;x.cursor++}return!0}function u(){var e=x.cursor;k=x.limit,p=k,g=k,s(),x.cursor=e,a()&&(p=x.cursor,a()&&(g=x.cursor))}function c(){for(var e;;){if(x.bra=x.cursor,!(e=x.find_among(q,3)))break;switch(x.ket=x.cursor,e){case 1:x.slice_from("i");break;case 2:x.slice_from("u");break;case 3:if(x.cursor>=x.limit)return;x.cursor++}}}function w(){return k<=x.cursor}function l(){return p<=x.cursor}function m(){return g<=x.cursor}function f(){var e;if(x.ket=x.cursor,x.find_among_b(C,37)&&(x.bra=x.cursor,(e=x.find_among_b(z,5))&&w()))switch(e){case 1:x.slice_del();break;case 2:x.slice_from("e")}}function v(){var e;if(x.ket=x.cursor,!(e=x.find_among_b(S,51)))return!1;switch(x.bra=x.cursor,e){case 1:if(!m())return!1;x.slice_del();break;case 2:if(!m())return!1;x.slice_del(),x.ket=x.cursor,x.eq_s_b(2,"ic")&&(x.bra=x.cursor,m()&&x.slice_del());break;case 3:if(!m())return!1;x.slice_from("log");break;case 4:if(!m())return!1;x.slice_from("u");break;case 5:if(!m())return!1;x.slice_from("ente");break;case 6:if(!w())return!1;x.slice_del();break;case 7:if(!l())return!1;x.slice_del(),x.ket=x.cursor,e=x.find_among_b(P,4),e&&(x.bra=x.cursor,m()&&(x.slice_del(),1==e&&(x.ket=x.cursor,x.eq_s_b(2,"at")&&(x.bra=x.cursor,m()&&x.slice_del()))));break;case 8:if(!m())return!1;x.slice_del(),x.ket=x.cursor,e=x.find_among_b(F,3),e&&(x.bra=x.cursor,1==e&&m()&&x.slice_del());break;case 9:if(!m())return!1;x.slice_del(),x.ket=x.cursor,x.eq_s_b(2,"at")&&(x.bra=x.cursor,m()&&(x.slice_del(),x.ket=x.cursor,x.eq_s_b(2,"ic")&&(x.bra=x.cursor,m()&&x.slice_del())))}return!0}function b(){var e,r;x.cursor>=k&&(r=x.limit_backward,x.limit_backward=k,x.ket=x.cursor,e=x.find_among_b(W,87),e&&(x.bra=x.cursor,1==e&&x.slice_del()),x.limit_backward=r)}function d(){var e=x.limit-x.cursor;if(x.ket=x.cursor,x.in_grouping_b(y,97,242)&&(x.bra=x.cursor,w()&&(x.slice_del(),x.ket=x.cursor,x.eq_s_b(1,"i")&&(x.bra=x.cursor,w()))))return void x.slice_del();x.cursor=x.limit-e}function _(){d(),x.ket=x.cursor,x.eq_s_b(1,"h")&&(x.bra=x.cursor,x.in_grouping_b(U,99,103)&&w()&&x.slice_del())}var g,p,k,h=[new r("",-1,7),new r("qu",0,6),new r("á",0,1),new r("é",0,2),new r("í",0,3),new r("ó",0,4),new r("ú",0,5)],q=[new r("",-1,3),new r("I",0,1),new r("U",0,2)],C=[new r("la",-1,-1),new r("cela",0,-1),new r("gliela",0,-1),new r("mela",0,-1),new r("tela",0,-1),new r("vela",0,-1),new r("le",-1,-1),new r("cele",6,-1),new r("gliele",6,-1),new r("mele",6,-1),new r("tele",6,-1),new r("vele",6,-1),new r("ne",-1,-1),new r("cene",12,-1),new r("gliene",12,-1),new r("mene",12,-1),new r("sene",12,-1),new r("tene",12,-1),new r("vene",12,-1),new r("ci",-1,-1),new r("li",-1,-1),new r("celi",20,-1),new r("glieli",20,-1),new r("meli",20,-1),new r("teli",20,-1),new r("veli",20,-1),new r("gli",20,-1),new r("mi",-1,-1),new r("si",-1,-1),new r("ti",-1,-1),new r("vi",-1,-1),new r("lo",-1,-1),new r("celo",31,-1),new r("glielo",31,-1),new r("melo",31,-1),new r("telo",31,-1),new r("velo",31,-1)],z=[new r("ando",-1,1),new r("endo",-1,1),new r("ar",-1,2),new r("er",-1,2),new r("ir",-1,2)],P=[new r("ic",-1,-1),new r("abil",-1,-1),new r("os",-1,-1),new r("iv",-1,1)],F=[new r("ic",-1,1),new r("abil",-1,1),new r("iv",-1,1)],S=[new r("ica",-1,1),new r("logia",-1,3),new r("osa",-1,1),new r("ista",-1,1),new r("iva",-1,9),new r("anza",-1,1),new r("enza",-1,5),new r("ice",-1,1),new r("atrice",7,1),new r("iche",-1,1),new r("logie",-1,3),new r("abile",-1,1),new r("ibile",-1,1),new r("usione",-1,4),new r("azione",-1,2),new r("uzione",-1,4),new r("atore",-1,2),new r("ose",-1,1),new r("ante",-1,1),new r("mente",-1,1),new r("amente",19,7),new r("iste",-1,1),new r("ive",-1,9),new r("anze",-1,1),new r("enze",-1,5),new r("ici",-1,1),new r("atrici",25,1),new r("ichi",-1,1),new r("abili",-1,1),new r("ibili",-1,1),new r("ismi",-1,1),new r("usioni",-1,4),new r("azioni",-1,2),new r("uzioni",-1,4),new r("atori",-1,2),new r("osi",-1,1),new r("anti",-1,1),new r("amenti",-1,6),new r("imenti",-1,6),new r("isti",-1,1),new r("ivi",-1,9),new r("ico",-1,1),new r("ismo",-1,1),new r("oso",-1,1),new r("amento",-1,6),new r("imento",-1,6),new r("ivo",-1,9),new r("ità",-1,8),new r("istà",-1,1),new r("istè",-1,1),new r("istì",-1,1)],W=[new r("isca",-1,1),new r("enda",-1,1),new r("ata",-1,1),new r("ita",-1,1),new r("uta",-1,1),new r("ava",-1,1),new r("eva",-1,1),new r("iva",-1,1),new r("erebbe",-1,1),new r("irebbe",-1,1),new r("isce",-1,1),new r("ende",-1,1),new r("are",-1,1),new r("ere",-1,1),new r("ire",-1,1),new r("asse",-1,1),new r("ate",-1,1),new r("avate",16,1),new r("evate",16,1),new r("ivate",16,1),new r("ete",-1,1),new r("erete",20,1),new r("irete",20,1),new r("ite",-1,1),new r("ereste",-1,1),new r("ireste",-1,1),new r("ute",-1,1),new r("erai",-1,1),new r("irai",-1,1),new r("isci",-1,1),new r("endi",-1,1),new r("erei",-1,1),new r("irei",-1,1),new r("assi",-1,1),new r("ati",-1,1),new r("iti",-1,1),new r("eresti",-1,1),new r("iresti",-1,1),new r("uti",-1,1),new r("avi",-1,1),new r("evi",-1,1),new r("ivi",-1,1),new r("isco",-1,1),new r("ando",-1,1),new r("endo",-1,1),new r("Yamo",-1,1),new r("iamo",-1,1),new r("avamo",-1,1),new r("evamo",-1,1),new r("ivamo",-1,1),new r("eremo",-1,1),new r("iremo",-1,1),new r("assimo",-1,1),new r("ammo",-1,1),new r("emmo",-1,1),new r("eremmo",54,1),new r("iremmo",54,1),new r("immo",-1,1),new r("ano",-1,1),new r("iscano",58,1),new r("avano",58,1),new r("evano",58,1),new r("ivano",58,1),new r("eranno",-1,1),new r("iranno",-1,1),new r("ono",-1,1),new r("iscono",65,1),new r("arono",65,1),new r("erono",65,1),new r("irono",65,1),new r("erebbero",-1,1),new r("irebbero",-1,1),new r("assero",-1,1),new r("essero",-1,1),new r("issero",-1,1),new r("ato",-1,1),new r("ito",-1,1),new r("uto",-1,1),new r("avo",-1,1),new r("evo",-1,1),new r("ivo",-1,1),new r("ar",-1,1),new r("ir",-1,1),new r("erà",-1,1),new r("irà",-1,1),new r("erò",-1,1),new r("irò",-1,1)],L=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,128,128,8,2,1],y=[17,65,0,0,0,0,0,0,0,0,0,0,0,0,0,128,128,8,2],U=[17],x=new n;this.setCurrent=function(e){x.setCurrent(e)},this.getCurrent=function(){return x.getCurrent()},this.stem=function(){var e=x.cursor;return i(),x.cursor=e,u(),x.limit_backward=e,x.cursor=x.limit,f(),x.cursor=x.limit,v()||(x.cursor=x.limit,b()),x.cursor=x.limit,_(),x.cursor=x.limit_backward,c(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.it.stemmer,"stemmer-it"),e.it.stopWordFilter=e.generateStopWordFilter("a abbia abbiamo abbiano abbiate ad agl agli ai al all alla alle allo anche avemmo avendo avesse avessero avessi avessimo aveste avesti avete aveva avevamo avevano avevate avevi avevo avrai avranno avrebbe avrebbero avrei avremmo avremo avreste avresti avrete avrà avrò avuta avute avuti avuto c che chi ci coi col come con contro cui da dagl dagli dai dal dall dalla dalle dallo degl degli dei del dell della delle dello di dov dove e ebbe ebbero ebbi ed era erano eravamo eravate eri ero essendo faccia facciamo facciano facciate faccio facemmo facendo facesse facessero facessi facessimo faceste facesti faceva facevamo facevano facevate facevi facevo fai fanno farai faranno farebbe farebbero farei faremmo faremo fareste faresti farete farà farò fece fecero feci fosse fossero fossi fossimo foste fosti fu fui fummo furono gli ha hai hanno ho i il in io l la le lei li lo loro lui ma mi mia mie miei mio ne negl negli nei nel nell nella nelle nello noi non nostra nostre nostri nostro o per perché più quale quanta quante quanti quanto quella quelle quelli quello questa queste questi questo sarai saranno sarebbe sarebbero sarei saremmo saremo sareste saresti sarete sarà sarò se sei si sia siamo siano siate siete sono sta stai stando stanno starai staranno starebbe starebbero starei staremmo staremo stareste staresti starete starà starò stava stavamo stavano stavate stavi stavo stemmo stesse stessero stessi stessimo steste stesti stette stettero stetti stia stiamo stiano stiate sto su sua sue sugl sugli sui sul sull sulla sulle sullo suo suoi ti tra tu tua tue tuo tuoi tutti tutto un una uno vi voi vostra vostre vostri vostro è".split(" ")),e.Pipeline.registerFunction(e.it.stopWordFilter,"stopWordFilter-it")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.ja.min.js b/2.5/assets/javascripts/lunr/min/lunr.ja.min.js new file mode 100644 index 000000000..5f254ebe9 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.ja.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.ja=function(){this.pipeline.reset(),this.pipeline.add(e.ja.trimmer,e.ja.stopWordFilter,e.ja.stemmer),r?this.tokenizer=e.ja.tokenizer:(e.tokenizer&&(e.tokenizer=e.ja.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.ja.tokenizer))};var t=new e.TinySegmenter;e.ja.tokenizer=function(i){var n,o,s,p,a,u,m,l,c,f;if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t.toLowerCase()):t.toLowerCase()});for(o=i.toString().toLowerCase().replace(/^\s+/,""),n=o.length-1;n>=0;n--)if(/\S/.test(o.charAt(n))){o=o.substring(0,n+1);break}for(a=[],s=o.length,c=0,l=0;c<=s;c++)if(u=o.charAt(c),m=c-l,u.match(/\s/)||c==s){if(m>0)for(p=t.segment(o.slice(l,c)).filter(function(e){return!!e}),f=l,n=0;n=C.limit)break;C.cursor++;continue}break}for(C.cursor=o,C.bra=o,C.eq_s(1,"y")?(C.ket=C.cursor,C.slice_from("Y")):C.cursor=o;;)if(e=C.cursor,C.in_grouping(q,97,232)){if(i=C.cursor,C.bra=i,C.eq_s(1,"i"))C.ket=C.cursor,C.in_grouping(q,97,232)&&(C.slice_from("I"),C.cursor=e);else if(C.cursor=i,C.eq_s(1,"y"))C.ket=C.cursor,C.slice_from("Y"),C.cursor=e;else if(n(e))break}else if(n(e))break}function n(r){return C.cursor=r,r>=C.limit||(C.cursor++,!1)}function o(){_=C.limit,d=_,t()||(_=C.cursor,_<3&&(_=3),t()||(d=C.cursor))}function t(){for(;!C.in_grouping(q,97,232);){if(C.cursor>=C.limit)return!0;C.cursor++}for(;!C.out_grouping(q,97,232);){if(C.cursor>=C.limit)return!0;C.cursor++}return!1}function s(){for(var r;;)if(C.bra=C.cursor,r=C.find_among(p,3))switch(C.ket=C.cursor,r){case 1:C.slice_from("y");break;case 2:C.slice_from("i");break;case 3:if(C.cursor>=C.limit)return;C.cursor++}}function u(){return _<=C.cursor}function c(){return d<=C.cursor}function a(){var r=C.limit-C.cursor;C.find_among_b(g,3)&&(C.cursor=C.limit-r,C.ket=C.cursor,C.cursor>C.limit_backward&&(C.cursor--,C.bra=C.cursor,C.slice_del()))}function l(){var r;w=!1,C.ket=C.cursor,C.eq_s_b(1,"e")&&(C.bra=C.cursor,u()&&(r=C.limit-C.cursor,C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-r,C.slice_del(),w=!0,a())))}function m(){var r;u()&&(r=C.limit-C.cursor,C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-r,C.eq_s_b(3,"gem")||(C.cursor=C.limit-r,C.slice_del(),a())))}function f(){var r,e,i,n,o,t,s=C.limit-C.cursor;if(C.ket=C.cursor,r=C.find_among_b(h,5))switch(C.bra=C.cursor,r){case 1:u()&&C.slice_from("heid");break;case 2:m();break;case 3:u()&&C.out_grouping_b(j,97,232)&&C.slice_del()}if(C.cursor=C.limit-s,l(),C.cursor=C.limit-s,C.ket=C.cursor,C.eq_s_b(4,"heid")&&(C.bra=C.cursor,c()&&(e=C.limit-C.cursor,C.eq_s_b(1,"c")||(C.cursor=C.limit-e,C.slice_del(),C.ket=C.cursor,C.eq_s_b(2,"en")&&(C.bra=C.cursor,m())))),C.cursor=C.limit-s,C.ket=C.cursor,r=C.find_among_b(k,6))switch(C.bra=C.cursor,r){case 1:if(c()){if(C.slice_del(),i=C.limit-C.cursor,C.ket=C.cursor,C.eq_s_b(2,"ig")&&(C.bra=C.cursor,c()&&(n=C.limit-C.cursor,!C.eq_s_b(1,"e")))){C.cursor=C.limit-n,C.slice_del();break}C.cursor=C.limit-i,a()}break;case 2:c()&&(o=C.limit-C.cursor,C.eq_s_b(1,"e")||(C.cursor=C.limit-o,C.slice_del()));break;case 3:c()&&(C.slice_del(),l());break;case 4:c()&&C.slice_del();break;case 5:c()&&w&&C.slice_del()}C.cursor=C.limit-s,C.out_grouping_b(z,73,232)&&(t=C.limit-C.cursor,C.find_among_b(v,4)&&C.out_grouping_b(q,97,232)&&(C.cursor=C.limit-t,C.ket=C.cursor,C.cursor>C.limit_backward&&(C.cursor--,C.bra=C.cursor,C.slice_del())))}var d,_,w,b=[new e("",-1,6),new e("á",0,1),new e("ä",0,1),new e("é",0,2),new e("ë",0,2),new e("í",0,3),new e("ï",0,3),new e("ó",0,4),new e("ö",0,4),new e("ú",0,5),new e("ü",0,5)],p=[new e("",-1,3),new e("I",0,2),new e("Y",0,1)],g=[new e("dd",-1,-1),new e("kk",-1,-1),new e("tt",-1,-1)],h=[new e("ene",-1,2),new e("se",-1,3),new e("en",-1,2),new e("heden",2,1),new e("s",-1,3)],k=[new e("end",-1,1),new e("ig",-1,2),new e("ing",-1,1),new e("lijk",-1,3),new e("baar",-1,4),new e("bar",-1,5)],v=[new e("aa",-1,-1),new e("ee",-1,-1),new e("oo",-1,-1),new e("uu",-1,-1)],q=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],z=[1,0,0,17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],j=[17,67,16,1,0,0,0,0,0,0,0,0,0,0,0,0,128],C=new i;this.setCurrent=function(r){C.setCurrent(r)},this.getCurrent=function(){return C.getCurrent()},this.stem=function(){var e=C.cursor;return r(),C.cursor=e,o(),C.limit_backward=e,C.cursor=C.limit,f(),C.cursor=C.limit_backward,s(),!0}};return function(r){return"function"==typeof r.update?r.update(function(r){return n.setCurrent(r),n.stem(),n.getCurrent()}):(n.setCurrent(r),n.stem(),n.getCurrent())}}(),r.Pipeline.registerFunction(r.nl.stemmer,"stemmer-nl"),r.nl.stopWordFilter=r.generateStopWordFilter(" aan al alles als altijd andere ben bij daar dan dat de der deze die dit doch doen door dus een eens en er ge geen geweest haar had heb hebben heeft hem het hier hij hoe hun iemand iets ik in is ja je kan kon kunnen maar me meer men met mij mijn moet na naar niet niets nog nu of om omdat onder ons ook op over reeds te tegen toch toen tot u uit uw van veel voor want waren was wat werd wezen wie wil worden wordt zal ze zelf zich zij zijn zo zonder zou".split(" ")),r.Pipeline.registerFunction(r.nl.stopWordFilter,"stopWordFilter-nl")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.no.min.js b/2.5/assets/javascripts/lunr/min/lunr.no.min.js new file mode 100644 index 000000000..92bc7e4e8 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.no.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Norwegian` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.no=function(){this.pipeline.reset(),this.pipeline.add(e.no.trimmer,e.no.stopWordFilter,e.no.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.no.stemmer))},e.no.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.no.trimmer=e.trimmerSupport.generateTrimmer(e.no.wordCharacters),e.Pipeline.registerFunction(e.no.trimmer,"trimmer-no"),e.no.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){function e(){var e,r=w.cursor+3;if(a=w.limit,0<=r||r<=w.limit){for(s=r;;){if(e=w.cursor,w.in_grouping(d,97,248)){w.cursor=e;break}if(e>=w.limit)return;w.cursor=e+1}for(;!w.out_grouping(d,97,248);){if(w.cursor>=w.limit)return;w.cursor++}a=w.cursor,a=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(m,29),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:n=w.limit-w.cursor,w.in_grouping_b(c,98,122)?w.slice_del():(w.cursor=w.limit-n,w.eq_s_b(1,"k")&&w.out_grouping_b(d,97,248)&&w.slice_del());break;case 3:w.slice_from("er")}}function t(){var e,r=w.limit-w.cursor;w.cursor>=a&&(e=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,w.find_among_b(u,2)?(w.bra=w.cursor,w.limit_backward=e,w.cursor=w.limit-r,w.cursor>w.limit_backward&&(w.cursor--,w.bra=w.cursor,w.slice_del())):w.limit_backward=e)}function o(){var e,r;w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(l,11),e?(w.bra=w.cursor,w.limit_backward=r,1==e&&w.slice_del()):w.limit_backward=r)}var s,a,m=[new r("a",-1,1),new r("e",-1,1),new r("ede",1,1),new r("ande",1,1),new r("ende",1,1),new r("ane",1,1),new r("ene",1,1),new r("hetene",6,1),new r("erte",1,3),new r("en",-1,1),new r("heten",9,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",12,1),new r("s",-1,2),new r("as",14,1),new r("es",14,1),new r("edes",16,1),new r("endes",16,1),new r("enes",16,1),new r("hetenes",19,1),new r("ens",14,1),new r("hetens",21,1),new r("ers",14,1),new r("ets",14,1),new r("et",-1,1),new r("het",25,1),new r("ert",-1,3),new r("ast",-1,1)],u=[new r("dt",-1,-1),new r("vt",-1,-1)],l=[new r("leg",-1,1),new r("eleg",0,1),new r("ig",-1,1),new r("eig",2,1),new r("lig",2,1),new r("elig",4,1),new r("els",-1,1),new r("lov",-1,1),new r("elov",7,1),new r("slov",7,1),new r("hetslov",9,1)],d=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],c=[119,125,149,1],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,i(),w.cursor=w.limit,t(),w.cursor=w.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.no.stemmer,"stemmer-no"),e.no.stopWordFilter=e.generateStopWordFilter("alle at av bare begge ble blei bli blir blitt både båe da de deg dei deim deira deires dem den denne der dere deres det dette di din disse ditt du dykk dykkar då eg ein eit eitt eller elles en enn er et ett etter for fordi fra før ha hadde han hans har hennar henne hennes her hjå ho hoe honom hoss hossen hun hva hvem hver hvilke hvilken hvis hvor hvordan hvorfor i ikke ikkje ikkje ingen ingi inkje inn inni ja jeg kan kom korleis korso kun kunne kva kvar kvarhelst kven kvi kvifor man mange me med medan meg meget mellom men mi min mine mitt mot mykje ned no noe noen noka noko nokon nokor nokre nå når og også om opp oss over på samme seg selv si si sia sidan siden sin sine sitt sjøl skal skulle slik so som som somme somt så sånn til um upp ut uten var vart varte ved vere verte vi vil ville vore vors vort vår være være vært å".split(" ")),e.Pipeline.registerFunction(e.no.stopWordFilter,"stopWordFilter-no")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.pt.min.js b/2.5/assets/javascripts/lunr/min/lunr.pt.min.js new file mode 100644 index 000000000..6c16996d6 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.pt.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Portuguese` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.pt=function(){this.pipeline.reset(),this.pipeline.add(e.pt.trimmer,e.pt.stopWordFilter,e.pt.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.pt.stemmer))},e.pt.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.pt.trimmer=e.trimmerSupport.generateTrimmer(e.pt.wordCharacters),e.Pipeline.registerFunction(e.pt.trimmer,"trimmer-pt"),e.pt.stemmer=function(){var r=e.stemmerSupport.Among,s=e.stemmerSupport.SnowballProgram,n=new function(){function e(){for(var e;;){if(z.bra=z.cursor,e=z.find_among(k,3))switch(z.ket=z.cursor,e){case 1:z.slice_from("a~");continue;case 2:z.slice_from("o~");continue;case 3:if(z.cursor>=z.limit)break;z.cursor++;continue}break}}function n(){if(z.out_grouping(y,97,250)){for(;!z.in_grouping(y,97,250);){if(z.cursor>=z.limit)return!0;z.cursor++}return!1}return!0}function i(){if(z.in_grouping(y,97,250))for(;!z.out_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}return g=z.cursor,!0}function o(){var e,r,s=z.cursor;if(z.in_grouping(y,97,250))if(e=z.cursor,n()){if(z.cursor=e,i())return}else g=z.cursor;if(z.cursor=s,z.out_grouping(y,97,250)){if(r=z.cursor,n()){if(z.cursor=r,!z.in_grouping(y,97,250)||z.cursor>=z.limit)return;z.cursor++}g=z.cursor}}function t(){for(;!z.in_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}for(;!z.out_grouping(y,97,250);){if(z.cursor>=z.limit)return!1;z.cursor++}return!0}function a(){var e=z.cursor;g=z.limit,b=g,h=g,o(),z.cursor=e,t()&&(b=z.cursor,t()&&(h=z.cursor))}function u(){for(var e;;){if(z.bra=z.cursor,e=z.find_among(q,3))switch(z.ket=z.cursor,e){case 1:z.slice_from("ã");continue;case 2:z.slice_from("õ");continue;case 3:if(z.cursor>=z.limit)break;z.cursor++;continue}break}}function w(){return g<=z.cursor}function m(){return b<=z.cursor}function c(){return h<=z.cursor}function l(){var e;if(z.ket=z.cursor,!(e=z.find_among_b(F,45)))return!1;switch(z.bra=z.cursor,e){case 1:if(!c())return!1;z.slice_del();break;case 2:if(!c())return!1;z.slice_from("log");break;case 3:if(!c())return!1;z.slice_from("u");break;case 4:if(!c())return!1;z.slice_from("ente");break;case 5:if(!m())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(j,4),e&&(z.bra=z.cursor,c()&&(z.slice_del(),1==e&&(z.ket=z.cursor,z.eq_s_b(2,"at")&&(z.bra=z.cursor,c()&&z.slice_del()))));break;case 6:if(!c())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(C,3),e&&(z.bra=z.cursor,1==e&&c()&&z.slice_del());break;case 7:if(!c())return!1;z.slice_del(),z.ket=z.cursor,e=z.find_among_b(P,3),e&&(z.bra=z.cursor,1==e&&c()&&z.slice_del());break;case 8:if(!c())return!1;z.slice_del(),z.ket=z.cursor,z.eq_s_b(2,"at")&&(z.bra=z.cursor,c()&&z.slice_del());break;case 9:if(!w()||!z.eq_s_b(1,"e"))return!1;z.slice_from("ir")}return!0}function f(){var e,r;if(z.cursor>=g){if(r=z.limit_backward,z.limit_backward=g,z.ket=z.cursor,e=z.find_among_b(S,120))return z.bra=z.cursor,1==e&&z.slice_del(),z.limit_backward=r,!0;z.limit_backward=r}return!1}function d(){var e;z.ket=z.cursor,(e=z.find_among_b(W,7))&&(z.bra=z.cursor,1==e&&w()&&z.slice_del())}function v(e,r){if(z.eq_s_b(1,e)){z.bra=z.cursor;var s=z.limit-z.cursor;if(z.eq_s_b(1,r))return z.cursor=z.limit-s,w()&&z.slice_del(),!1}return!0}function p(){var e;if(z.ket=z.cursor,e=z.find_among_b(L,4))switch(z.bra=z.cursor,e){case 1:w()&&(z.slice_del(),z.ket=z.cursor,z.limit-z.cursor,v("u","g")&&v("i","c"));break;case 2:z.slice_from("c")}}function _(){if(!l()&&(z.cursor=z.limit,!f()))return z.cursor=z.limit,void d();z.cursor=z.limit,z.ket=z.cursor,z.eq_s_b(1,"i")&&(z.bra=z.cursor,z.eq_s_b(1,"c")&&(z.cursor=z.limit,w()&&z.slice_del()))}var h,b,g,k=[new r("",-1,3),new r("ã",0,1),new r("õ",0,2)],q=[new r("",-1,3),new r("a~",0,1),new r("o~",0,2)],j=[new r("ic",-1,-1),new r("ad",-1,-1),new r("os",-1,-1),new r("iv",-1,1)],C=[new r("ante",-1,1),new r("avel",-1,1),new r("ível",-1,1)],P=[new r("ic",-1,1),new r("abil",-1,1),new r("iv",-1,1)],F=[new r("ica",-1,1),new r("ância",-1,1),new r("ência",-1,4),new r("ira",-1,9),new r("adora",-1,1),new r("osa",-1,1),new r("ista",-1,1),new r("iva",-1,8),new r("eza",-1,1),new r("logía",-1,2),new r("idade",-1,7),new r("ante",-1,1),new r("mente",-1,6),new r("amente",12,5),new r("ável",-1,1),new r("ível",-1,1),new r("ución",-1,3),new r("ico",-1,1),new r("ismo",-1,1),new r("oso",-1,1),new r("amento",-1,1),new r("imento",-1,1),new r("ivo",-1,8),new r("aça~o",-1,1),new r("ador",-1,1),new r("icas",-1,1),new r("ências",-1,4),new r("iras",-1,9),new r("adoras",-1,1),new r("osas",-1,1),new r("istas",-1,1),new r("ivas",-1,8),new r("ezas",-1,1),new r("logías",-1,2),new r("idades",-1,7),new r("uciones",-1,3),new r("adores",-1,1),new r("antes",-1,1),new r("aço~es",-1,1),new r("icos",-1,1),new r("ismos",-1,1),new r("osos",-1,1),new r("amentos",-1,1),new r("imentos",-1,1),new r("ivos",-1,8)],S=[new r("ada",-1,1),new r("ida",-1,1),new r("ia",-1,1),new r("aria",2,1),new r("eria",2,1),new r("iria",2,1),new r("ara",-1,1),new r("era",-1,1),new r("ira",-1,1),new r("ava",-1,1),new r("asse",-1,1),new r("esse",-1,1),new r("isse",-1,1),new r("aste",-1,1),new r("este",-1,1),new r("iste",-1,1),new r("ei",-1,1),new r("arei",16,1),new r("erei",16,1),new r("irei",16,1),new r("am",-1,1),new r("iam",20,1),new r("ariam",21,1),new r("eriam",21,1),new r("iriam",21,1),new r("aram",20,1),new r("eram",20,1),new r("iram",20,1),new r("avam",20,1),new r("em",-1,1),new r("arem",29,1),new r("erem",29,1),new r("irem",29,1),new r("assem",29,1),new r("essem",29,1),new r("issem",29,1),new r("ado",-1,1),new r("ido",-1,1),new r("ando",-1,1),new r("endo",-1,1),new r("indo",-1,1),new r("ara~o",-1,1),new r("era~o",-1,1),new r("ira~o",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("ir",-1,1),new r("as",-1,1),new r("adas",47,1),new r("idas",47,1),new r("ias",47,1),new r("arias",50,1),new r("erias",50,1),new r("irias",50,1),new r("aras",47,1),new r("eras",47,1),new r("iras",47,1),new r("avas",47,1),new r("es",-1,1),new r("ardes",58,1),new r("erdes",58,1),new r("irdes",58,1),new r("ares",58,1),new r("eres",58,1),new r("ires",58,1),new r("asses",58,1),new r("esses",58,1),new r("isses",58,1),new r("astes",58,1),new r("estes",58,1),new r("istes",58,1),new r("is",-1,1),new r("ais",71,1),new r("eis",71,1),new r("areis",73,1),new r("ereis",73,1),new r("ireis",73,1),new r("áreis",73,1),new r("éreis",73,1),new r("íreis",73,1),new r("ásseis",73,1),new r("ésseis",73,1),new r("ísseis",73,1),new r("áveis",73,1),new r("íeis",73,1),new r("aríeis",84,1),new r("eríeis",84,1),new r("iríeis",84,1),new r("ados",-1,1),new r("idos",-1,1),new r("amos",-1,1),new r("áramos",90,1),new r("éramos",90,1),new r("íramos",90,1),new r("ávamos",90,1),new r("íamos",90,1),new r("aríamos",95,1),new r("eríamos",95,1),new r("iríamos",95,1),new r("emos",-1,1),new r("aremos",99,1),new r("eremos",99,1),new r("iremos",99,1),new r("ássemos",99,1),new r("êssemos",99,1),new r("íssemos",99,1),new r("imos",-1,1),new r("armos",-1,1),new r("ermos",-1,1),new r("irmos",-1,1),new r("ámos",-1,1),new r("arás",-1,1),new r("erás",-1,1),new r("irás",-1,1),new r("eu",-1,1),new r("iu",-1,1),new r("ou",-1,1),new r("ará",-1,1),new r("erá",-1,1),new r("irá",-1,1)],W=[new r("a",-1,1),new r("i",-1,1),new r("o",-1,1),new r("os",-1,1),new r("á",-1,1),new r("í",-1,1),new r("ó",-1,1)],L=[new r("e",-1,1),new r("ç",-1,2),new r("é",-1,1),new r("ê",-1,1)],y=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,3,19,12,2],z=new s;this.setCurrent=function(e){z.setCurrent(e)},this.getCurrent=function(){return z.getCurrent()},this.stem=function(){var r=z.cursor;return e(),z.cursor=r,a(),z.limit_backward=r,z.cursor=z.limit,_(),z.cursor=z.limit,p(),z.cursor=z.limit_backward,u(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.pt.stemmer,"stemmer-pt"),e.pt.stopWordFilter=e.generateStopWordFilter("a ao aos aquela aquelas aquele aqueles aquilo as até com como da das de dela delas dele deles depois do dos e ela elas ele eles em entre era eram essa essas esse esses esta estamos estas estava estavam este esteja estejam estejamos estes esteve estive estivemos estiver estivera estiveram estiverem estivermos estivesse estivessem estivéramos estivéssemos estou está estávamos estão eu foi fomos for fora foram forem formos fosse fossem fui fôramos fôssemos haja hajam hajamos havemos hei houve houvemos houver houvera houveram houverei houverem houveremos houveria houveriam houvermos houverá houverão houveríamos houvesse houvessem houvéramos houvéssemos há hão isso isto já lhe lhes mais mas me mesmo meu meus minha minhas muito na nas nem no nos nossa nossas nosso nossos num numa não nós o os ou para pela pelas pelo pelos por qual quando que quem se seja sejam sejamos sem serei seremos seria seriam será serão seríamos seu seus somos sou sua suas são só também te tem temos tenha tenham tenhamos tenho terei teremos teria teriam terá terão teríamos teu teus teve tinha tinham tive tivemos tiver tivera tiveram tiverem tivermos tivesse tivessem tivéramos tivéssemos tu tua tuas tém tínhamos um uma você vocês vos à às éramos".split(" ")),e.Pipeline.registerFunction(e.pt.stopWordFilter,"stopWordFilter-pt")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.ro.min.js b/2.5/assets/javascripts/lunr/min/lunr.ro.min.js new file mode 100644 index 000000000..727714018 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.ro.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Romanian` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,i){"function"==typeof define&&define.amd?define(i):"object"==typeof exports?module.exports=i():i()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ro=function(){this.pipeline.reset(),this.pipeline.add(e.ro.trimmer,e.ro.stopWordFilter,e.ro.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ro.stemmer))},e.ro.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.ro.trimmer=e.trimmerSupport.generateTrimmer(e.ro.wordCharacters),e.Pipeline.registerFunction(e.ro.trimmer,"trimmer-ro"),e.ro.stemmer=function(){var i=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,n=new function(){function e(e,i){L.eq_s(1,e)&&(L.ket=L.cursor,L.in_grouping(W,97,259)&&L.slice_from(i))}function n(){for(var i,r;;){if(i=L.cursor,L.in_grouping(W,97,259)&&(r=L.cursor,L.bra=r,e("u","U"),L.cursor=r,e("i","I")),L.cursor=i,L.cursor>=L.limit)break;L.cursor++}}function t(){if(L.out_grouping(W,97,259)){for(;!L.in_grouping(W,97,259);){if(L.cursor>=L.limit)return!0;L.cursor++}return!1}return!0}function a(){if(L.in_grouping(W,97,259))for(;!L.out_grouping(W,97,259);){if(L.cursor>=L.limit)return!0;L.cursor++}return!1}function o(){var e,i,r=L.cursor;if(L.in_grouping(W,97,259)){if(e=L.cursor,!t())return void(h=L.cursor);if(L.cursor=e,!a())return void(h=L.cursor)}L.cursor=r,L.out_grouping(W,97,259)&&(i=L.cursor,t()&&(L.cursor=i,L.in_grouping(W,97,259)&&L.cursor=L.limit)return!1;L.cursor++}for(;!L.out_grouping(W,97,259);){if(L.cursor>=L.limit)return!1;L.cursor++}return!0}function c(){var e=L.cursor;h=L.limit,k=h,g=h,o(),L.cursor=e,u()&&(k=L.cursor,u()&&(g=L.cursor))}function s(){for(var e;;){if(L.bra=L.cursor,e=L.find_among(z,3))switch(L.ket=L.cursor,e){case 1:L.slice_from("i");continue;case 2:L.slice_from("u");continue;case 3:if(L.cursor>=L.limit)break;L.cursor++;continue}break}}function w(){return h<=L.cursor}function m(){return k<=L.cursor}function l(){return g<=L.cursor}function f(){var e,i;if(L.ket=L.cursor,(e=L.find_among_b(C,16))&&(L.bra=L.cursor,m()))switch(e){case 1:L.slice_del();break;case 2:L.slice_from("a");break;case 3:L.slice_from("e");break;case 4:L.slice_from("i");break;case 5:i=L.limit-L.cursor,L.eq_s_b(2,"ab")||(L.cursor=L.limit-i,L.slice_from("i"));break;case 6:L.slice_from("at");break;case 7:L.slice_from("aţi")}}function p(){var e,i=L.limit-L.cursor;if(L.ket=L.cursor,(e=L.find_among_b(P,46))&&(L.bra=L.cursor,m())){switch(e){case 1:L.slice_from("abil");break;case 2:L.slice_from("ibil");break;case 3:L.slice_from("iv");break;case 4:L.slice_from("ic");break;case 5:L.slice_from("at");break;case 6:L.slice_from("it")}return _=!0,L.cursor=L.limit-i,!0}return!1}function d(){var e,i;for(_=!1;;)if(i=L.limit-L.cursor,!p()){L.cursor=L.limit-i;break}if(L.ket=L.cursor,(e=L.find_among_b(F,62))&&(L.bra=L.cursor,l())){switch(e){case 1:L.slice_del();break;case 2:L.eq_s_b(1,"ţ")&&(L.bra=L.cursor,L.slice_from("t"));break;case 3:L.slice_from("ist")}_=!0}}function b(){var e,i,r;if(L.cursor>=h){if(i=L.limit_backward,L.limit_backward=h,L.ket=L.cursor,e=L.find_among_b(q,94))switch(L.bra=L.cursor,e){case 1:if(r=L.limit-L.cursor,!L.out_grouping_b(W,97,259)&&(L.cursor=L.limit-r,!L.eq_s_b(1,"u")))break;case 2:L.slice_del()}L.limit_backward=i}}function v(){var e;L.ket=L.cursor,(e=L.find_among_b(S,5))&&(L.bra=L.cursor,w()&&1==e&&L.slice_del())}var _,g,k,h,z=[new i("",-1,3),new i("I",0,1),new i("U",0,2)],C=[new i("ea",-1,3),new i("aţia",-1,7),new i("aua",-1,2),new i("iua",-1,4),new i("aţie",-1,7),new i("ele",-1,3),new i("ile",-1,5),new i("iile",6,4),new i("iei",-1,4),new i("atei",-1,6),new i("ii",-1,4),new i("ului",-1,1),new i("ul",-1,1),new i("elor",-1,3),new i("ilor",-1,4),new i("iilor",14,4)],P=[new i("icala",-1,4),new i("iciva",-1,4),new i("ativa",-1,5),new i("itiva",-1,6),new i("icale",-1,4),new i("aţiune",-1,5),new i("iţiune",-1,6),new i("atoare",-1,5),new i("itoare",-1,6),new i("ătoare",-1,5),new i("icitate",-1,4),new i("abilitate",-1,1),new i("ibilitate",-1,2),new i("ivitate",-1,3),new i("icive",-1,4),new i("ative",-1,5),new i("itive",-1,6),new i("icali",-1,4),new i("atori",-1,5),new i("icatori",18,4),new i("itori",-1,6),new i("ători",-1,5),new i("icitati",-1,4),new i("abilitati",-1,1),new i("ivitati",-1,3),new i("icivi",-1,4),new i("ativi",-1,5),new i("itivi",-1,6),new i("icităi",-1,4),new i("abilităi",-1,1),new i("ivităi",-1,3),new i("icităţi",-1,4),new i("abilităţi",-1,1),new i("ivităţi",-1,3),new i("ical",-1,4),new i("ator",-1,5),new i("icator",35,4),new i("itor",-1,6),new i("ător",-1,5),new i("iciv",-1,4),new i("ativ",-1,5),new i("itiv",-1,6),new i("icală",-1,4),new i("icivă",-1,4),new i("ativă",-1,5),new i("itivă",-1,6)],F=[new i("ica",-1,1),new i("abila",-1,1),new i("ibila",-1,1),new i("oasa",-1,1),new i("ata",-1,1),new i("ita",-1,1),new i("anta",-1,1),new i("ista",-1,3),new i("uta",-1,1),new i("iva",-1,1),new i("ic",-1,1),new i("ice",-1,1),new i("abile",-1,1),new i("ibile",-1,1),new i("isme",-1,3),new i("iune",-1,2),new i("oase",-1,1),new i("ate",-1,1),new i("itate",17,1),new i("ite",-1,1),new i("ante",-1,1),new i("iste",-1,3),new i("ute",-1,1),new i("ive",-1,1),new i("ici",-1,1),new i("abili",-1,1),new i("ibili",-1,1),new i("iuni",-1,2),new i("atori",-1,1),new i("osi",-1,1),new i("ati",-1,1),new i("itati",30,1),new i("iti",-1,1),new i("anti",-1,1),new i("isti",-1,3),new i("uti",-1,1),new i("işti",-1,3),new i("ivi",-1,1),new i("ităi",-1,1),new i("oşi",-1,1),new i("ităţi",-1,1),new i("abil",-1,1),new i("ibil",-1,1),new i("ism",-1,3),new i("ator",-1,1),new i("os",-1,1),new i("at",-1,1),new i("it",-1,1),new i("ant",-1,1),new i("ist",-1,3),new i("ut",-1,1),new i("iv",-1,1),new i("ică",-1,1),new i("abilă",-1,1),new i("ibilă",-1,1),new i("oasă",-1,1),new i("ată",-1,1),new i("ită",-1,1),new i("antă",-1,1),new i("istă",-1,3),new i("ută",-1,1),new i("ivă",-1,1)],q=[new i("ea",-1,1),new i("ia",-1,1),new i("esc",-1,1),new i("ăsc",-1,1),new i("ind",-1,1),new i("ând",-1,1),new i("are",-1,1),new i("ere",-1,1),new i("ire",-1,1),new i("âre",-1,1),new i("se",-1,2),new i("ase",10,1),new i("sese",10,2),new i("ise",10,1),new i("use",10,1),new i("âse",10,1),new i("eşte",-1,1),new i("ăşte",-1,1),new i("eze",-1,1),new i("ai",-1,1),new i("eai",19,1),new i("iai",19,1),new i("sei",-1,2),new i("eşti",-1,1),new i("ăşti",-1,1),new i("ui",-1,1),new i("ezi",-1,1),new i("âi",-1,1),new i("aşi",-1,1),new i("seşi",-1,2),new i("aseşi",29,1),new i("seseşi",29,2),new i("iseşi",29,1),new i("useşi",29,1),new i("âseşi",29,1),new i("işi",-1,1),new i("uşi",-1,1),new i("âşi",-1,1),new i("aţi",-1,2),new i("eaţi",38,1),new i("iaţi",38,1),new i("eţi",-1,2),new i("iţi",-1,2),new i("âţi",-1,2),new i("arăţi",-1,1),new i("serăţi",-1,2),new i("aserăţi",45,1),new i("seserăţi",45,2),new i("iserăţi",45,1),new i("userăţi",45,1),new i("âserăţi",45,1),new i("irăţi",-1,1),new i("urăţi",-1,1),new i("ârăţi",-1,1),new i("am",-1,1),new i("eam",54,1),new i("iam",54,1),new i("em",-1,2),new i("asem",57,1),new i("sesem",57,2),new i("isem",57,1),new i("usem",57,1),new i("âsem",57,1),new i("im",-1,2),new i("âm",-1,2),new i("ăm",-1,2),new i("arăm",65,1),new i("serăm",65,2),new i("aserăm",67,1),new i("seserăm",67,2),new i("iserăm",67,1),new i("userăm",67,1),new i("âserăm",67,1),new i("irăm",65,1),new i("urăm",65,1),new i("ârăm",65,1),new i("au",-1,1),new i("eau",76,1),new i("iau",76,1),new i("indu",-1,1),new i("ându",-1,1),new i("ez",-1,1),new i("ească",-1,1),new i("ară",-1,1),new i("seră",-1,2),new i("aseră",84,1),new i("seseră",84,2),new i("iseră",84,1),new i("useră",84,1),new i("âseră",84,1),new i("iră",-1,1),new i("ură",-1,1),new i("âră",-1,1),new i("ează",-1,1)],S=[new i("a",-1,1),new i("e",-1,1),new i("ie",1,1),new i("i",-1,1),new i("ă",-1,1)],W=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,2,32,0,0,4],L=new r;this.setCurrent=function(e){L.setCurrent(e)},this.getCurrent=function(){return L.getCurrent()},this.stem=function(){var e=L.cursor;return n(),L.cursor=e,c(),L.limit_backward=e,L.cursor=L.limit,f(),L.cursor=L.limit,d(),L.cursor=L.limit,_||(L.cursor=L.limit,b(),L.cursor=L.limit),v(),L.cursor=L.limit_backward,s(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.ro.stemmer,"stemmer-ro"),e.ro.stopWordFilter=e.generateStopWordFilter("acea aceasta această aceea acei aceia acel acela acele acelea acest acesta aceste acestea aceşti aceştia acolo acord acum ai aia aibă aici al ale alea altceva altcineva am ar are asemenea asta astea astăzi asupra au avea avem aveţi azi aş aşadar aţi bine bucur bună ca care caut ce cel ceva chiar cinci cine cineva contra cu cum cumva curând curînd când cât câte câtva câţi cînd cît cîte cîtva cîţi că căci cărei căror cărui către da dacă dar datorită dată dau de deci deja deoarece departe deşi din dinaintea dintr- dintre doi doilea două drept după dă ea ei el ele eram este eu eşti face fata fi fie fiecare fii fim fiu fiţi frumos fără graţie halbă iar ieri la le li lor lui lângă lîngă mai mea mei mele mereu meu mi mie mine mult multă mulţi mulţumesc mâine mîine mă ne nevoie nici nicăieri nimeni nimeri nimic nişte noastre noastră noi noroc nostru nouă noştri nu opt ori oricare orice oricine oricum oricând oricât oricînd oricît oriunde patra patru patrulea pe pentru peste pic poate pot prea prima primul prin puţin puţina puţină până pînă rog sa sale sau se spate spre sub sunt suntem sunteţi sută sînt sîntem sînteţi să săi său ta tale te timp tine toate toată tot totuşi toţi trei treia treilea tu tăi tău un una unde undeva unei uneia unele uneori unii unor unora unu unui unuia unul vi voastre voastră voi vostru vouă voştri vreme vreo vreun vă zece zero zi zice îi îl îmi împotriva în înainte înaintea încotro încât încît între întrucât întrucît îţi ăla ălea ăsta ăstea ăştia şapte şase şi ştiu ţi ţie".split(" ")),e.Pipeline.registerFunction(e.ro.stopWordFilter,"stopWordFilter-ro")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.ru.min.js b/2.5/assets/javascripts/lunr/min/lunr.ru.min.js new file mode 100644 index 000000000..186cc485c --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.ru.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Russian` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,n){"function"==typeof define&&define.amd?define(n):"object"==typeof exports?module.exports=n():n()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ru=function(){this.pipeline.reset(),this.pipeline.add(e.ru.trimmer,e.ru.stopWordFilter,e.ru.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ru.stemmer))},e.ru.wordCharacters="Ѐ-҄҇-ԯᴫᵸⷠ-ⷿꙀ-ꚟ︮︯",e.ru.trimmer=e.trimmerSupport.generateTrimmer(e.ru.wordCharacters),e.Pipeline.registerFunction(e.ru.trimmer,"trimmer-ru"),e.ru.stemmer=function(){var n=e.stemmerSupport.Among,r=e.stemmerSupport.SnowballProgram,t=new function(){function e(){for(;!W.in_grouping(S,1072,1103);){if(W.cursor>=W.limit)return!1;W.cursor++}return!0}function t(){for(;!W.out_grouping(S,1072,1103);){if(W.cursor>=W.limit)return!1;W.cursor++}return!0}function w(){b=W.limit,_=b,e()&&(b=W.cursor,t()&&e()&&t()&&(_=W.cursor))}function i(){return _<=W.cursor}function u(e,n){var r,t;if(W.ket=W.cursor,r=W.find_among_b(e,n)){switch(W.bra=W.cursor,r){case 1:if(t=W.limit-W.cursor,!W.eq_s_b(1,"а")&&(W.cursor=W.limit-t,!W.eq_s_b(1,"я")))return!1;case 2:W.slice_del()}return!0}return!1}function o(){return u(h,9)}function s(e,n){var r;return W.ket=W.cursor,!!(r=W.find_among_b(e,n))&&(W.bra=W.cursor,1==r&&W.slice_del(),!0)}function c(){return s(g,26)}function m(){return!!c()&&(u(C,8),!0)}function f(){return s(k,2)}function l(){return u(P,46)}function a(){s(v,36)}function p(){var e;W.ket=W.cursor,(e=W.find_among_b(F,2))&&(W.bra=W.cursor,i()&&1==e&&W.slice_del())}function d(){var e;if(W.ket=W.cursor,e=W.find_among_b(q,4))switch(W.bra=W.cursor,e){case 1:if(W.slice_del(),W.ket=W.cursor,!W.eq_s_b(1,"н"))break;W.bra=W.cursor;case 2:if(!W.eq_s_b(1,"н"))break;case 3:W.slice_del()}}var _,b,h=[new n("в",-1,1),new n("ив",0,2),new n("ыв",0,2),new n("вши",-1,1),new n("ивши",3,2),new n("ывши",3,2),new n("вшись",-1,1),new n("ившись",6,2),new n("ывшись",6,2)],g=[new n("ее",-1,1),new n("ие",-1,1),new n("ое",-1,1),new n("ые",-1,1),new n("ими",-1,1),new n("ыми",-1,1),new n("ей",-1,1),new n("ий",-1,1),new n("ой",-1,1),new n("ый",-1,1),new n("ем",-1,1),new n("им",-1,1),new n("ом",-1,1),new n("ым",-1,1),new n("его",-1,1),new n("ого",-1,1),new n("ему",-1,1),new n("ому",-1,1),new n("их",-1,1),new n("ых",-1,1),new n("ею",-1,1),new n("ою",-1,1),new n("ую",-1,1),new n("юю",-1,1),new n("ая",-1,1),new n("яя",-1,1)],C=[new n("ем",-1,1),new n("нн",-1,1),new n("вш",-1,1),new n("ивш",2,2),new n("ывш",2,2),new n("щ",-1,1),new n("ющ",5,1),new n("ующ",6,2)],k=[new n("сь",-1,1),new n("ся",-1,1)],P=[new n("ла",-1,1),new n("ила",0,2),new n("ыла",0,2),new n("на",-1,1),new n("ена",3,2),new n("ете",-1,1),new n("ите",-1,2),new n("йте",-1,1),new n("ейте",7,2),new n("уйте",7,2),new n("ли",-1,1),new n("или",10,2),new n("ыли",10,2),new n("й",-1,1),new n("ей",13,2),new n("уй",13,2),new n("л",-1,1),new n("ил",16,2),new n("ыл",16,2),new n("ем",-1,1),new n("им",-1,2),new n("ым",-1,2),new n("н",-1,1),new n("ен",22,2),new n("ло",-1,1),new n("ило",24,2),new n("ыло",24,2),new n("но",-1,1),new n("ено",27,2),new n("нно",27,1),new n("ет",-1,1),new n("ует",30,2),new n("ит",-1,2),new n("ыт",-1,2),new n("ют",-1,1),new n("уют",34,2),new n("ят",-1,2),new n("ны",-1,1),new n("ены",37,2),new n("ть",-1,1),new n("ить",39,2),new n("ыть",39,2),new n("ешь",-1,1),new n("ишь",-1,2),new n("ю",-1,2),new n("ую",44,2)],v=[new n("а",-1,1),new n("ев",-1,1),new n("ов",-1,1),new n("е",-1,1),new n("ие",3,1),new n("ье",3,1),new n("и",-1,1),new n("еи",6,1),new n("ии",6,1),new n("ами",6,1),new n("ями",6,1),new n("иями",10,1),new n("й",-1,1),new n("ей",12,1),new n("ией",13,1),new n("ий",12,1),new n("ой",12,1),new n("ам",-1,1),new n("ем",-1,1),new n("ием",18,1),new n("ом",-1,1),new n("ям",-1,1),new n("иям",21,1),new n("о",-1,1),new n("у",-1,1),new n("ах",-1,1),new n("ях",-1,1),new n("иях",26,1),new n("ы",-1,1),new n("ь",-1,1),new n("ю",-1,1),new n("ию",30,1),new n("ью",30,1),new n("я",-1,1),new n("ия",33,1),new n("ья",33,1)],F=[new n("ост",-1,1),new n("ость",-1,1)],q=[new n("ейше",-1,1),new n("н",-1,2),new n("ейш",-1,1),new n("ь",-1,3)],S=[33,65,8,232],W=new r;this.setCurrent=function(e){W.setCurrent(e)},this.getCurrent=function(){return W.getCurrent()},this.stem=function(){return w(),W.cursor=W.limit,!(W.cursor=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursors||e>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s||e>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor>1),f=0,l=o0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o=0;m--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n-_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n-_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0||this.bra>this.ket||this.ket>this.limit||this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.sv.min.js b/2.5/assets/javascripts/lunr/min/lunr.sv.min.js new file mode 100644 index 000000000..3e5eb6400 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.sv.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Swedish` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.sv=function(){this.pipeline.reset(),this.pipeline.add(e.sv.trimmer,e.sv.stopWordFilter,e.sv.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sv.stemmer))},e.sv.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",e.sv.trimmer=e.trimmerSupport.generateTrimmer(e.sv.wordCharacters),e.Pipeline.registerFunction(e.sv.trimmer,"trimmer-sv"),e.sv.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,t=new function(){function e(){var e,r=w.cursor+3;if(o=w.limit,0<=r||r<=w.limit){for(a=r;;){if(e=w.cursor,w.in_grouping(l,97,246)){w.cursor=e;break}if(w.cursor=e,w.cursor>=w.limit)return;w.cursor++}for(;!w.out_grouping(l,97,246);){if(w.cursor>=w.limit)return;w.cursor++}o=w.cursor,o=o&&(w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(u,37),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.in_grouping_b(d,98,121)&&w.slice_del()}}function i(){var e=w.limit_backward;w.cursor>=o&&(w.limit_backward=o,w.cursor=w.limit,w.find_among_b(c,7)&&(w.cursor=w.limit,w.ket=w.cursor,w.cursor>w.limit_backward&&(w.bra=--w.cursor,w.slice_del())),w.limit_backward=e)}function s(){var e,r;if(w.cursor>=o){if(r=w.limit_backward,w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(m,5))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.slice_from("lös");break;case 3:w.slice_from("full")}w.limit_backward=r}}var a,o,u=[new r("a",-1,1),new r("arna",0,1),new r("erna",0,1),new r("heterna",2,1),new r("orna",0,1),new r("ad",-1,1),new r("e",-1,1),new r("ade",6,1),new r("ande",6,1),new r("arne",6,1),new r("are",6,1),new r("aste",6,1),new r("en",-1,1),new r("anden",12,1),new r("aren",12,1),new r("heten",12,1),new r("ern",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",18,1),new r("or",-1,1),new r("s",-1,2),new r("as",21,1),new r("arnas",22,1),new r("ernas",22,1),new r("ornas",22,1),new r("es",21,1),new r("ades",26,1),new r("andes",26,1),new r("ens",21,1),new r("arens",29,1),new r("hetens",29,1),new r("erns",21,1),new r("at",-1,1),new r("andet",-1,1),new r("het",-1,1),new r("ast",-1,1)],c=[new r("dd",-1,-1),new r("gd",-1,-1),new r("nn",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1),new r("tt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("els",-1,1),new r("fullt",-1,3),new r("löst",-1,2)],l=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,24,0,32],d=[119,127,149],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,t(),w.cursor=w.limit,i(),w.cursor=w.limit,s(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return t.setCurrent(e),t.stem(),t.getCurrent()}):(t.setCurrent(e),t.stem(),t.getCurrent())}}(),e.Pipeline.registerFunction(e.sv.stemmer,"stemmer-sv"),e.sv.stopWordFilter=e.generateStopWordFilter("alla allt att av blev bli blir blivit de dem den denna deras dess dessa det detta dig din dina ditt du där då efter ej eller en er era ert ett från för ha hade han hans har henne hennes hon honom hur här i icke ingen inom inte jag ju kan kunde man med mellan men mig min mina mitt mot mycket ni nu när någon något några och om oss på samma sedan sig sin sina sitta själv skulle som så sådan sådana sådant till under upp ut utan vad var vara varför varit varje vars vart vem vi vid vilka vilkas vilken vilket vår våra vårt än är åt över".split(" ")),e.Pipeline.registerFunction(e.sv.stopWordFilter,"stopWordFilter-sv")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.ta.min.js b/2.5/assets/javascripts/lunr/min/lunr.ta.min.js new file mode 100644 index 000000000..a644bed22 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.ta.min.js @@ -0,0 +1 @@ +!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ta=function(){this.pipeline.reset(),this.pipeline.add(e.ta.trimmer,e.ta.stopWordFilter,e.ta.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ta.stemmer))},e.ta.wordCharacters="஀-உஊ-ஏஐ-ஙச-ட஠-னப-யர-ஹ஺-ிீ-௉ொ-௏ௐ-௙௚-௟௠-௩௪-௯௰-௹௺-௿a-zA-Za-zA-Z0-90-9",e.ta.trimmer=e.trimmerSupport.generateTrimmer(e.ta.wordCharacters),e.Pipeline.registerFunction(e.ta.trimmer,"trimmer-ta"),e.ta.stopWordFilter=e.generateStopWordFilter("அங்கு அங்கே அது அதை அந்த அவர் அவர்கள் அவள் அவன் அவை ஆக ஆகவே ஆகையால் ஆதலால் ஆதலினால் ஆனாலும் ஆனால் இங்கு இங்கே இது இதை இந்த இப்படி இவர் இவர்கள் இவள் இவன் இவை இவ்வளவு உனக்கு உனது உன் உன்னால் எங்கு எங்கே எது எதை எந்த எப்படி எவர் எவர்கள் எவள் எவன் எவை எவ்வளவு எனக்கு எனது எனவே என் என்ன என்னால் ஏது ஏன் தனது தன்னால் தானே தான் நாங்கள் நாம் நான் நீ நீங்கள்".split(" ")),e.ta.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var t=e.wordcut;t.init(),e.ta.tokenizer=function(r){if(!arguments.length||null==r||void 0==r)return[];if(Array.isArray(r))return r.map(function(t){return isLunr2?new e.Token(t.toLowerCase()):t.toLowerCase()});var i=r.toString().toLowerCase().replace(/^\s+/,"");return t.cut(i).split("|")},e.Pipeline.registerFunction(e.ta.stemmer,"stemmer-ta"),e.Pipeline.registerFunction(e.ta.stopWordFilter,"stopWordFilter-ta")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.th.min.js b/2.5/assets/javascripts/lunr/min/lunr.th.min.js new file mode 100644 index 000000000..dee3aac6e --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.th.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.th=function(){this.pipeline.reset(),this.pipeline.add(e.th.trimmer),r?this.tokenizer=e.th.tokenizer:(e.tokenizer&&(e.tokenizer=e.th.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.th.tokenizer))},e.th.wordCharacters="[฀-๿]",e.th.trimmer=e.trimmerSupport.generateTrimmer(e.th.wordCharacters),e.Pipeline.registerFunction(e.th.trimmer,"trimmer-th");var t=e.wordcut;t.init(),e.th.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t):t});var n=i.toString().replace(/^\s+/,"");return t.cut(n).split("|")}}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.tr.min.js b/2.5/assets/javascripts/lunr/min/lunr.tr.min.js new file mode 100644 index 000000000..563f6ec1f --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.tr.min.js @@ -0,0 +1,18 @@ +/*! + * Lunr languages, `Turkish` language + * https://github.com/MihaiValentin/lunr-languages + * + * Copyright 2014, Mihai Valentin + * http://www.mozilla.org/MPL/ + */ +/*! + * based on + * Snowball JavaScript Library v0.3 + * http://code.google.com/p/urim/ + * http://snowball.tartarus.org/ + * + * Copyright 2010, Oleg Mazko + * http://www.mozilla.org/MPL/ + */ + +!function(r,i){"function"==typeof define&&define.amd?define(i):"object"==typeof exports?module.exports=i():i()(r.lunr)}(this,function(){return function(r){if(void 0===r)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===r.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");r.tr=function(){this.pipeline.reset(),this.pipeline.add(r.tr.trimmer,r.tr.stopWordFilter,r.tr.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(r.tr.stemmer))},r.tr.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤff-stA-Za-z",r.tr.trimmer=r.trimmerSupport.generateTrimmer(r.tr.wordCharacters),r.Pipeline.registerFunction(r.tr.trimmer,"trimmer-tr"),r.tr.stemmer=function(){var i=r.stemmerSupport.Among,e=r.stemmerSupport.SnowballProgram,n=new function(){function r(r,i,e){for(;;){var n=Dr.limit-Dr.cursor;if(Dr.in_grouping_b(r,i,e)){Dr.cursor=Dr.limit-n;break}if(Dr.cursor=Dr.limit-n,Dr.cursor<=Dr.limit_backward)return!1;Dr.cursor--}return!0}function n(){var i,e;i=Dr.limit-Dr.cursor,r(Wr,97,305);for(var n=0;nDr.limit_backward&&(Dr.cursor--,e=Dr.limit-Dr.cursor,i()))?(Dr.cursor=Dr.limit-e,!0):(Dr.cursor=Dr.limit-n,r()?(Dr.cursor=Dr.limit-n,!1):(Dr.cursor=Dr.limit-n,!(Dr.cursor<=Dr.limit_backward)&&(Dr.cursor--,!!i()&&(Dr.cursor=Dr.limit-n,!0))))}function u(r){return t(r,function(){return Dr.in_grouping_b(Wr,97,305)})}function o(){return u(function(){return Dr.eq_s_b(1,"n")})}function s(){return u(function(){return Dr.eq_s_b(1,"s")})}function c(){return u(function(){return Dr.eq_s_b(1,"y")})}function l(){return t(function(){return Dr.in_grouping_b(Lr,105,305)},function(){return Dr.out_grouping_b(Wr,97,305)})}function a(){return Dr.find_among_b(ur,10)&&l()}function m(){return n()&&Dr.in_grouping_b(Lr,105,305)&&s()}function d(){return Dr.find_among_b(or,2)}function f(){return n()&&Dr.in_grouping_b(Lr,105,305)&&c()}function b(){return n()&&Dr.find_among_b(sr,4)}function w(){return n()&&Dr.find_among_b(cr,4)&&o()}function _(){return n()&&Dr.find_among_b(lr,2)&&c()}function k(){return n()&&Dr.find_among_b(ar,2)}function p(){return n()&&Dr.find_among_b(mr,4)}function g(){return n()&&Dr.find_among_b(dr,2)}function y(){return n()&&Dr.find_among_b(fr,4)}function z(){return n()&&Dr.find_among_b(br,2)}function v(){return n()&&Dr.find_among_b(wr,2)&&c()}function h(){return Dr.eq_s_b(2,"ki")}function q(){return n()&&Dr.find_among_b(_r,2)&&o()}function C(){return n()&&Dr.find_among_b(kr,4)&&c()}function P(){return n()&&Dr.find_among_b(pr,4)}function F(){return n()&&Dr.find_among_b(gr,4)&&c()}function S(){return Dr.find_among_b(yr,4)}function W(){return n()&&Dr.find_among_b(zr,2)}function L(){return n()&&Dr.find_among_b(vr,4)}function x(){return n()&&Dr.find_among_b(hr,8)}function A(){return Dr.find_among_b(qr,2)}function E(){return n()&&Dr.find_among_b(Cr,32)&&c()}function j(){return Dr.find_among_b(Pr,8)&&c()}function T(){return n()&&Dr.find_among_b(Fr,4)&&c()}function Z(){return Dr.eq_s_b(3,"ken")&&c()}function B(){var r=Dr.limit-Dr.cursor;return!(T()||(Dr.cursor=Dr.limit-r,E()||(Dr.cursor=Dr.limit-r,j()||(Dr.cursor=Dr.limit-r,Z()))))}function D(){if(A()){var r=Dr.limit-Dr.cursor;if(S()||(Dr.cursor=Dr.limit-r,W()||(Dr.cursor=Dr.limit-r,C()||(Dr.cursor=Dr.limit-r,P()||(Dr.cursor=Dr.limit-r,F()||(Dr.cursor=Dr.limit-r))))),T())return!1}return!0}function G(){if(W()){Dr.bra=Dr.cursor,Dr.slice_del();var r=Dr.limit-Dr.cursor;return Dr.ket=Dr.cursor,x()||(Dr.cursor=Dr.limit-r,E()||(Dr.cursor=Dr.limit-r,j()||(Dr.cursor=Dr.limit-r,T()||(Dr.cursor=Dr.limit-r)))),nr=!1,!1}return!0}function H(){if(!L())return!0;var r=Dr.limit-Dr.cursor;return!E()&&(Dr.cursor=Dr.limit-r,!j())}function I(){var r,i=Dr.limit-Dr.cursor;return!(S()||(Dr.cursor=Dr.limit-i,F()||(Dr.cursor=Dr.limit-i,P()||(Dr.cursor=Dr.limit-i,C()))))||(Dr.bra=Dr.cursor,Dr.slice_del(),r=Dr.limit-Dr.cursor,Dr.ket=Dr.cursor,T()||(Dr.cursor=Dr.limit-r),!1)}function J(){var r,i=Dr.limit-Dr.cursor;if(Dr.ket=Dr.cursor,nr=!0,B()&&(Dr.cursor=Dr.limit-i,D()&&(Dr.cursor=Dr.limit-i,G()&&(Dr.cursor=Dr.limit-i,H()&&(Dr.cursor=Dr.limit-i,I()))))){if(Dr.cursor=Dr.limit-i,!x())return;Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,r=Dr.limit-Dr.cursor,S()||(Dr.cursor=Dr.limit-r,W()||(Dr.cursor=Dr.limit-r,C()||(Dr.cursor=Dr.limit-r,P()||(Dr.cursor=Dr.limit-r,F()||(Dr.cursor=Dr.limit-r))))),T()||(Dr.cursor=Dr.limit-r)}Dr.bra=Dr.cursor,Dr.slice_del()}function K(){var r,i,e,n;if(Dr.ket=Dr.cursor,h()){if(r=Dr.limit-Dr.cursor,p())return Dr.bra=Dr.cursor,Dr.slice_del(),i=Dr.limit-Dr.cursor,Dr.ket=Dr.cursor,W()?(Dr.bra=Dr.cursor,Dr.slice_del(),K()):(Dr.cursor=Dr.limit-i,a()&&(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K()))),!0;if(Dr.cursor=Dr.limit-r,w()){if(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,e=Dr.limit-Dr.cursor,d())Dr.bra=Dr.cursor,Dr.slice_del();else{if(Dr.cursor=Dr.limit-e,Dr.ket=Dr.cursor,!a()&&(Dr.cursor=Dr.limit-e,!m()&&(Dr.cursor=Dr.limit-e,!K())))return!0;Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K())}return!0}if(Dr.cursor=Dr.limit-r,g()){if(n=Dr.limit-Dr.cursor,d())Dr.bra=Dr.cursor,Dr.slice_del();else if(Dr.cursor=Dr.limit-n,m())Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K());else if(Dr.cursor=Dr.limit-n,!K())return!1;return!0}}return!1}function M(r){if(Dr.ket=Dr.cursor,!g()&&(Dr.cursor=Dr.limit-r,!k()))return!1;var i=Dr.limit-Dr.cursor;if(d())Dr.bra=Dr.cursor,Dr.slice_del();else if(Dr.cursor=Dr.limit-i,m())Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K());else if(Dr.cursor=Dr.limit-i,!K())return!1;return!0}function N(r){if(Dr.ket=Dr.cursor,!z()&&(Dr.cursor=Dr.limit-r,!b()))return!1;var i=Dr.limit-Dr.cursor;return!(!m()&&(Dr.cursor=Dr.limit-i,!d()))&&(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K()),!0)}function O(){var r,i=Dr.limit-Dr.cursor;return Dr.ket=Dr.cursor,!(!w()&&(Dr.cursor=Dr.limit-i,!v()))&&(Dr.bra=Dr.cursor,Dr.slice_del(),r=Dr.limit-Dr.cursor,Dr.ket=Dr.cursor,!(!W()||(Dr.bra=Dr.cursor,Dr.slice_del(),!K()))||(Dr.cursor=Dr.limit-r,Dr.ket=Dr.cursor,!(a()||(Dr.cursor=Dr.limit-r,m()||(Dr.cursor=Dr.limit-r,K())))||(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K()),!0)))}function Q(){var r,i,e=Dr.limit-Dr.cursor;if(Dr.ket=Dr.cursor,!p()&&(Dr.cursor=Dr.limit-e,!f()&&(Dr.cursor=Dr.limit-e,!_())))return!1;if(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,r=Dr.limit-Dr.cursor,a())Dr.bra=Dr.cursor,Dr.slice_del(),i=Dr.limit-Dr.cursor,Dr.ket=Dr.cursor,W()||(Dr.cursor=Dr.limit-i);else if(Dr.cursor=Dr.limit-r,!W())return!0;return Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,K(),!0}function R(){var r,i,e=Dr.limit-Dr.cursor;if(Dr.ket=Dr.cursor,W())return Dr.bra=Dr.cursor,Dr.slice_del(),void K();if(Dr.cursor=Dr.limit-e,Dr.ket=Dr.cursor,q())if(Dr.bra=Dr.cursor,Dr.slice_del(),r=Dr.limit-Dr.cursor,Dr.ket=Dr.cursor,d())Dr.bra=Dr.cursor,Dr.slice_del();else{if(Dr.cursor=Dr.limit-r,Dr.ket=Dr.cursor,!a()&&(Dr.cursor=Dr.limit-r,!m())){if(Dr.cursor=Dr.limit-r,Dr.ket=Dr.cursor,!W())return;if(Dr.bra=Dr.cursor,Dr.slice_del(),!K())return}Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K())}else if(Dr.cursor=Dr.limit-e,!M(e)&&(Dr.cursor=Dr.limit-e,!N(e))){if(Dr.cursor=Dr.limit-e,Dr.ket=Dr.cursor,y())return Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,i=Dr.limit-Dr.cursor,void(a()?(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K())):(Dr.cursor=Dr.limit-i,W()?(Dr.bra=Dr.cursor,Dr.slice_del(),K()):(Dr.cursor=Dr.limit-i,K())));if(Dr.cursor=Dr.limit-e,!O()){if(Dr.cursor=Dr.limit-e,d())return Dr.bra=Dr.cursor,void Dr.slice_del();Dr.cursor=Dr.limit-e,K()||(Dr.cursor=Dr.limit-e,Q()||(Dr.cursor=Dr.limit-e,Dr.ket=Dr.cursor,(a()||(Dr.cursor=Dr.limit-e,m()))&&(Dr.bra=Dr.cursor,Dr.slice_del(),Dr.ket=Dr.cursor,W()&&(Dr.bra=Dr.cursor,Dr.slice_del(),K()))))}}}function U(){var r;if(Dr.ket=Dr.cursor,r=Dr.find_among_b(Sr,4))switch(Dr.bra=Dr.cursor,r){case 1:Dr.slice_from("p");break;case 2:Dr.slice_from("ç");break;case 3:Dr.slice_from("t");break;case 4:Dr.slice_from("k")}}function V(){for(;;){var r=Dr.limit-Dr.cursor;if(Dr.in_grouping_b(Wr,97,305)){Dr.cursor=Dr.limit-r;break}if(Dr.cursor=Dr.limit-r,Dr.cursor<=Dr.limit_backward)return!1;Dr.cursor--}return!0}function X(r,i,e){if(Dr.cursor=Dr.limit-r,V()){var n=Dr.limit-Dr.cursor;if(!Dr.eq_s_b(1,i)&&(Dr.cursor=Dr.limit-n,!Dr.eq_s_b(1,e)))return!0;Dr.cursor=Dr.limit-r;var t=Dr.cursor;return Dr.insert(Dr.cursor,Dr.cursor,e),Dr.cursor=t,!1}return!0}function Y(){var r=Dr.limit-Dr.cursor;(Dr.eq_s_b(1,"d")||(Dr.cursor=Dr.limit-r,Dr.eq_s_b(1,"g")))&&X(r,"a","ı")&&X(r,"e","i")&&X(r,"o","u")&&X(r,"ö","ü")}function $(){for(var r,i=Dr.cursor,e=2;;){for(r=Dr.cursor;!Dr.in_grouping(Wr,97,305);){if(Dr.cursor>=Dr.limit)return Dr.cursor=r,!(e>0)&&(Dr.cursor=i,!0);Dr.cursor++}e--}}function rr(r,i,e){for(;!Dr.eq_s(i,e);){if(Dr.cursor>=Dr.limit)return!0;Dr.cursor++}return(tr=i)!=Dr.limit||(Dr.cursor=r,!1)}function ir(){var r=Dr.cursor;return!rr(r,2,"ad")||(Dr.cursor=r,!rr(r,5,"soyad"))}function er(){var r=Dr.cursor;return!ir()&&(Dr.limit_backward=r,Dr.cursor=Dr.limit,Y(),Dr.cursor=Dr.limit,U(),!0)}var nr,tr,ur=[new i("m",-1,-1),new i("n",-1,-1),new i("miz",-1,-1),new i("niz",-1,-1),new i("muz",-1,-1),new i("nuz",-1,-1),new i("müz",-1,-1),new i("nüz",-1,-1),new i("mız",-1,-1),new i("nız",-1,-1)],or=[new i("leri",-1,-1),new i("ları",-1,-1)],sr=[new i("ni",-1,-1),new i("nu",-1,-1),new i("nü",-1,-1),new i("nı",-1,-1)],cr=[new i("in",-1,-1),new i("un",-1,-1),new i("ün",-1,-1),new i("ın",-1,-1)],lr=[new i("a",-1,-1),new i("e",-1,-1)],ar=[new i("na",-1,-1),new i("ne",-1,-1)],mr=[new i("da",-1,-1),new i("ta",-1,-1),new i("de",-1,-1),new i("te",-1,-1)],dr=[new i("nda",-1,-1),new i("nde",-1,-1)],fr=[new i("dan",-1,-1),new i("tan",-1,-1),new i("den",-1,-1),new i("ten",-1,-1)],br=[new i("ndan",-1,-1),new i("nden",-1,-1)],wr=[new i("la",-1,-1),new i("le",-1,-1)],_r=[new i("ca",-1,-1),new i("ce",-1,-1)],kr=[new i("im",-1,-1),new i("um",-1,-1),new i("üm",-1,-1),new i("ım",-1,-1)],pr=[new i("sin",-1,-1),new i("sun",-1,-1),new i("sün",-1,-1),new i("sın",-1,-1)],gr=[new i("iz",-1,-1),new i("uz",-1,-1),new i("üz",-1,-1),new i("ız",-1,-1)],yr=[new i("siniz",-1,-1),new i("sunuz",-1,-1),new i("sünüz",-1,-1),new i("sınız",-1,-1)],zr=[new i("lar",-1,-1),new i("ler",-1,-1)],vr=[new i("niz",-1,-1),new i("nuz",-1,-1),new i("nüz",-1,-1),new i("nız",-1,-1)],hr=[new i("dir",-1,-1),new i("tir",-1,-1),new i("dur",-1,-1),new i("tur",-1,-1),new i("dür",-1,-1),new i("tür",-1,-1),new i("dır",-1,-1),new i("tır",-1,-1)],qr=[new i("casına",-1,-1),new i("cesine",-1,-1)],Cr=[new i("di",-1,-1),new i("ti",-1,-1),new i("dik",-1,-1),new i("tik",-1,-1),new i("duk",-1,-1),new i("tuk",-1,-1),new i("dük",-1,-1),new i("tük",-1,-1),new i("dık",-1,-1),new i("tık",-1,-1),new i("dim",-1,-1),new i("tim",-1,-1),new i("dum",-1,-1),new i("tum",-1,-1),new i("düm",-1,-1),new i("tüm",-1,-1),new i("dım",-1,-1),new i("tım",-1,-1),new i("din",-1,-1),new i("tin",-1,-1),new i("dun",-1,-1),new i("tun",-1,-1),new i("dün",-1,-1),new i("tün",-1,-1),new i("dın",-1,-1),new i("tın",-1,-1),new i("du",-1,-1),new i("tu",-1,-1),new i("dü",-1,-1),new i("tü",-1,-1),new i("dı",-1,-1),new i("tı",-1,-1)],Pr=[new i("sa",-1,-1),new i("se",-1,-1),new i("sak",-1,-1),new i("sek",-1,-1),new i("sam",-1,-1),new i("sem",-1,-1),new i("san",-1,-1),new i("sen",-1,-1)],Fr=[new i("miş",-1,-1),new i("muş",-1,-1),new i("müş",-1,-1),new i("mış",-1,-1)],Sr=[new i("b",-1,1),new i("c",-1,2),new i("d",-1,3),new i("ğ",-1,4)],Wr=[17,65,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,32,8,0,0,0,0,0,0,1],Lr=[1,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,1],xr=[1,64,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],Ar=[17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,130],Er=[1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],jr=[17],Tr=[65],Zr=[65],Br=[["a",xr,97,305],["e",Ar,101,252],["ı",Er,97,305],["i",jr,101,105],["o",Tr,111,117],["ö",Zr,246,252],["u",Tr,111,117]],Dr=new e;this.setCurrent=function(r){Dr.setCurrent(r)},this.getCurrent=function(){return Dr.getCurrent()},this.stem=function(){return!!($()&&(Dr.limit_backward=Dr.cursor,Dr.cursor=Dr.limit,J(),Dr.cursor=Dr.limit,nr&&(R(),Dr.cursor=Dr.limit_backward,er())))}};return function(r){return"function"==typeof r.update?r.update(function(r){return n.setCurrent(r),n.stem(),n.getCurrent()}):(n.setCurrent(r),n.stem(),n.getCurrent())}}(),r.Pipeline.registerFunction(r.tr.stemmer,"stemmer-tr"),r.tr.stopWordFilter=r.generateStopWordFilter("acaba altmış altı ama ancak arada aslında ayrıca bana bazı belki ben benden beni benim beri beş bile bin bir biri birkaç birkez birçok birşey birşeyi biz bizden bize bizi bizim bu buna bunda bundan bunlar bunları bunların bunu bunun burada böyle böylece da daha dahi de defa değil diye diğer doksan dokuz dolayı dolayısıyla dört edecek eden ederek edilecek ediliyor edilmesi ediyor elli en etmesi etti ettiği ettiğini eğer gibi göre halen hangi hatta hem henüz hep hepsi her herhangi herkesin hiç hiçbir iki ile ilgili ise itibaren itibariyle için işte kadar karşın katrilyon kendi kendilerine kendini kendisi kendisine kendisini kez ki kim kimden kime kimi kimse kırk milyar milyon mu mü mı nasıl ne neden nedenle nerde nerede nereye niye niçin o olan olarak oldu olduklarını olduğu olduğunu olmadı olmadığı olmak olması olmayan olmaz olsa olsun olup olur olursa oluyor on ona ondan onlar onlardan onları onların onu onun otuz oysa pek rağmen sadece sanki sekiz seksen sen senden seni senin siz sizden sizi sizin tarafından trilyon tüm var vardı ve veya ya yani yapacak yapmak yaptı yaptıkları yaptığı yaptığını yapılan yapılması yapıyor yedi yerine yetmiş yine yirmi yoksa yüz zaten çok çünkü öyle üzere üç şey şeyden şeyi şeyler şu şuna şunda şundan şunları şunu şöyle".split(" ")),r.Pipeline.registerFunction(r.tr.stopWordFilter,"stopWordFilter-tr")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.vi.min.js b/2.5/assets/javascripts/lunr/min/lunr.vi.min.js new file mode 100644 index 000000000..22aed28c4 --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.vi.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.vi=function(){this.pipeline.reset(),this.pipeline.add(e.vi.stopWordFilter,e.vi.trimmer)},e.vi.wordCharacters="[A-Za-ẓ̀͐́͑̉̃̓ÂâÊêÔôĂ-ăĐ-đƠ-ơƯ-ư]",e.vi.trimmer=e.trimmerSupport.generateTrimmer(e.vi.wordCharacters),e.Pipeline.registerFunction(e.vi.trimmer,"trimmer-vi"),e.vi.stopWordFilter=e.generateStopWordFilter("là cái nhưng mà".split(" "))}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/min/lunr.zh.min.js b/2.5/assets/javascripts/lunr/min/lunr.zh.min.js new file mode 100644 index 000000000..9838ef96d --- /dev/null +++ b/2.5/assets/javascripts/lunr/min/lunr.zh.min.js @@ -0,0 +1 @@ +!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r(require("@node-rs/jieba")):r()(e.lunr)}(this,function(e){return function(r,t){if(void 0===r)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===r.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var i="2"==r.version[0];r.zh=function(){this.pipeline.reset(),this.pipeline.add(r.zh.trimmer,r.zh.stopWordFilter,r.zh.stemmer),i?this.tokenizer=r.zh.tokenizer:(r.tokenizer&&(r.tokenizer=r.zh.tokenizer),this.tokenizerFn&&(this.tokenizerFn=r.zh.tokenizer))},r.zh.tokenizer=function(n){if(!arguments.length||null==n||void 0==n)return[];if(Array.isArray(n))return n.map(function(e){return i?new r.Token(e.toLowerCase()):e.toLowerCase()});t&&e.load(t);var o=n.toString().trim().toLowerCase(),s=[];e.cut(o,!0).forEach(function(e){s=s.concat(e.split(" "))}),s=s.filter(function(e){return!!e});var u=0;return s.map(function(e,t){if(i){var n=o.indexOf(e,u),s={};return s.position=[n,e.length],s.index=t,u=n,new r.Token(e,s)}return e})},r.zh.wordCharacters="\\w一-龥",r.zh.trimmer=r.trimmerSupport.generateTrimmer(r.zh.wordCharacters),r.Pipeline.registerFunction(r.zh.trimmer,"trimmer-zh"),r.zh.stemmer=function(){return function(e){return e}}(),r.Pipeline.registerFunction(r.zh.stemmer,"stemmer-zh"),r.zh.stopWordFilter=r.generateStopWordFilter("的 一 不 在 人 有 是 为 以 于 上 他 而 后 之 来 及 了 因 下 可 到 由 这 与 也 此 但 并 个 其 已 无 小 我 们 起 最 再 今 去 好 只 又 或 很 亦 某 把 那 你 乃 它 吧 被 比 别 趁 当 从 到 得 打 凡 儿 尔 该 各 给 跟 和 何 还 即 几 既 看 据 距 靠 啦 了 另 么 每 们 嘛 拿 哪 那 您 凭 且 却 让 仍 啥 如 若 使 谁 虽 随 同 所 她 哇 嗡 往 哪 些 向 沿 哟 用 于 咱 则 怎 曾 至 致 着 诸 自".split(" ")),r.Pipeline.registerFunction(r.zh.stopWordFilter,"stopWordFilter-zh")}}); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/tinyseg.js b/2.5/assets/javascripts/lunr/tinyseg.js new file mode 100644 index 000000000..167fa6dd6 --- /dev/null +++ b/2.5/assets/javascripts/lunr/tinyseg.js @@ -0,0 +1,206 @@ +/** + * export the module via AMD, CommonJS or as a browser global + * Export code from https://github.com/umdjs/umd/blob/master/returnExports.js + */ +;(function (root, factory) { + if (typeof define === 'function' && define.amd) { + // AMD. Register as an anonymous module. + define(factory) + } else if (typeof exports === 'object') { + /** + * Node. Does not work with strict CommonJS, but + * only CommonJS-like environments that support module.exports, + * like Node. + */ + module.exports = factory() + } else { + // Browser globals (root is window) + factory()(root.lunr); + } +}(this, function () { + /** + * Just return a value to define the module export. + * This example returns an object, but the module + * can return a function as the exported value. + */ + + return function(lunr) { + // TinySegmenter 0.1 -- Super compact Japanese tokenizer in Javascript + // (c) 2008 Taku Kudo + // TinySegmenter is freely distributable under the terms of a new BSD licence. + // For details, see http://chasen.org/~taku/software/TinySegmenter/LICENCE.txt + + function TinySegmenter() { + var patterns = { + "[一二三四五六七八九十百千万億兆]":"M", + "[一-龠々〆ヵヶ]":"H", + "[ぁ-ん]":"I", + "[ァ-ヴーア-ン゙ー]":"K", + "[a-zA-Za-zA-Z]":"A", + "[0-90-9]":"N" + } + this.chartype_ = []; + for (var i in patterns) { + var regexp = new RegExp(i); + this.chartype_.push([regexp, patterns[i]]); + } + + this.BIAS__ = -332 + this.BC1__ = {"HH":6,"II":2461,"KH":406,"OH":-1378}; + this.BC2__ = {"AA":-3267,"AI":2744,"AN":-878,"HH":-4070,"HM":-1711,"HN":4012,"HO":3761,"IA":1327,"IH":-1184,"II":-1332,"IK":1721,"IO":5492,"KI":3831,"KK":-8741,"MH":-3132,"MK":3334,"OO":-2920}; + this.BC3__ = {"HH":996,"HI":626,"HK":-721,"HN":-1307,"HO":-836,"IH":-301,"KK":2762,"MK":1079,"MM":4034,"OA":-1652,"OH":266}; + this.BP1__ = {"BB":295,"OB":304,"OO":-125,"UB":352}; + this.BP2__ = {"BO":60,"OO":-1762}; + this.BQ1__ = {"BHH":1150,"BHM":1521,"BII":-1158,"BIM":886,"BMH":1208,"BNH":449,"BOH":-91,"BOO":-2597,"OHI":451,"OIH":-296,"OKA":1851,"OKH":-1020,"OKK":904,"OOO":2965}; + this.BQ2__ = {"BHH":118,"BHI":-1159,"BHM":466,"BIH":-919,"BKK":-1720,"BKO":864,"OHH":-1139,"OHM":-181,"OIH":153,"UHI":-1146}; + this.BQ3__ = {"BHH":-792,"BHI":2664,"BII":-299,"BKI":419,"BMH":937,"BMM":8335,"BNN":998,"BOH":775,"OHH":2174,"OHM":439,"OII":280,"OKH":1798,"OKI":-793,"OKO":-2242,"OMH":-2402,"OOO":11699}; + this.BQ4__ = {"BHH":-3895,"BIH":3761,"BII":-4654,"BIK":1348,"BKK":-1806,"BMI":-3385,"BOO":-12396,"OAH":926,"OHH":266,"OHK":-2036,"ONN":-973}; + this.BW1__ = {",と":660,",同":727,"B1あ":1404,"B1同":542,"、と":660,"、同":727,"」と":1682,"あっ":1505,"いう":1743,"いっ":-2055,"いる":672,"うし":-4817,"うん":665,"から":3472,"がら":600,"こう":-790,"こと":2083,"こん":-1262,"さら":-4143,"さん":4573,"した":2641,"して":1104,"すで":-3399,"そこ":1977,"それ":-871,"たち":1122,"ため":601,"った":3463,"つい":-802,"てい":805,"てき":1249,"でき":1127,"です":3445,"では":844,"とい":-4915,"とみ":1922,"どこ":3887,"ない":5713,"なっ":3015,"など":7379,"なん":-1113,"にし":2468,"には":1498,"にも":1671,"に対":-912,"の一":-501,"の中":741,"ませ":2448,"まで":1711,"まま":2600,"まる":-2155,"やむ":-1947,"よっ":-2565,"れた":2369,"れで":-913,"をし":1860,"を見":731,"亡く":-1886,"京都":2558,"取り":-2784,"大き":-2604,"大阪":1497,"平方":-2314,"引き":-1336,"日本":-195,"本当":-2423,"毎日":-2113,"目指":-724,"B1あ":1404,"B1同":542,"」と":1682}; + this.BW2__ = {"..":-11822,"11":-669,"――":-5730,"−−":-13175,"いう":-1609,"うか":2490,"かし":-1350,"かも":-602,"から":-7194,"かれ":4612,"がい":853,"がら":-3198,"きた":1941,"くな":-1597,"こと":-8392,"この":-4193,"させ":4533,"され":13168,"さん":-3977,"しい":-1819,"しか":-545,"した":5078,"して":972,"しな":939,"その":-3744,"たい":-1253,"たた":-662,"ただ":-3857,"たち":-786,"たと":1224,"たは":-939,"った":4589,"って":1647,"っと":-2094,"てい":6144,"てき":3640,"てく":2551,"ては":-3110,"ても":-3065,"でい":2666,"でき":-1528,"でし":-3828,"です":-4761,"でも":-4203,"とい":1890,"とこ":-1746,"とと":-2279,"との":720,"とみ":5168,"とも":-3941,"ない":-2488,"なが":-1313,"など":-6509,"なの":2614,"なん":3099,"にお":-1615,"にし":2748,"にな":2454,"によ":-7236,"に対":-14943,"に従":-4688,"に関":-11388,"のか":2093,"ので":-7059,"のに":-6041,"のの":-6125,"はい":1073,"はが":-1033,"はず":-2532,"ばれ":1813,"まし":-1316,"まで":-6621,"まれ":5409,"めて":-3153,"もい":2230,"もの":-10713,"らか":-944,"らし":-1611,"らに":-1897,"りし":651,"りま":1620,"れた":4270,"れて":849,"れば":4114,"ろう":6067,"われ":7901,"を通":-11877,"んだ":728,"んな":-4115,"一人":602,"一方":-1375,"一日":970,"一部":-1051,"上が":-4479,"会社":-1116,"出て":2163,"分の":-7758,"同党":970,"同日":-913,"大阪":-2471,"委員":-1250,"少な":-1050,"年度":-8669,"年間":-1626,"府県":-2363,"手権":-1982,"新聞":-4066,"日新":-722,"日本":-7068,"日米":3372,"曜日":-601,"朝鮮":-2355,"本人":-2697,"東京":-1543,"然と":-1384,"社会":-1276,"立て":-990,"第に":-1612,"米国":-4268,"11":-669}; + this.BW3__ = {"あた":-2194,"あり":719,"ある":3846,"い.":-1185,"い。":-1185,"いい":5308,"いえ":2079,"いく":3029,"いた":2056,"いっ":1883,"いる":5600,"いわ":1527,"うち":1117,"うと":4798,"えと":1454,"か.":2857,"か。":2857,"かけ":-743,"かっ":-4098,"かに":-669,"から":6520,"かり":-2670,"が,":1816,"が、":1816,"がき":-4855,"がけ":-1127,"がっ":-913,"がら":-4977,"がり":-2064,"きた":1645,"けど":1374,"こと":7397,"この":1542,"ころ":-2757,"さい":-714,"さを":976,"し,":1557,"し、":1557,"しい":-3714,"した":3562,"して":1449,"しな":2608,"しま":1200,"す.":-1310,"す。":-1310,"する":6521,"ず,":3426,"ず、":3426,"ずに":841,"そう":428,"た.":8875,"た。":8875,"たい":-594,"たの":812,"たり":-1183,"たる":-853,"だ.":4098,"だ。":4098,"だっ":1004,"った":-4748,"って":300,"てい":6240,"てお":855,"ても":302,"です":1437,"でに":-1482,"では":2295,"とう":-1387,"とし":2266,"との":541,"とも":-3543,"どう":4664,"ない":1796,"なく":-903,"など":2135,"に,":-1021,"に、":-1021,"にし":1771,"にな":1906,"には":2644,"の,":-724,"の、":-724,"の子":-1000,"は,":1337,"は、":1337,"べき":2181,"まし":1113,"ます":6943,"まっ":-1549,"まで":6154,"まれ":-793,"らし":1479,"られ":6820,"るる":3818,"れ,":854,"れ、":854,"れた":1850,"れて":1375,"れば":-3246,"れる":1091,"われ":-605,"んだ":606,"んで":798,"カ月":990,"会議":860,"入り":1232,"大会":2217,"始め":1681,"市":965,"新聞":-5055,"日,":974,"日、":974,"社会":2024,"カ月":990}; + this.TC1__ = {"AAA":1093,"HHH":1029,"HHM":580,"HII":998,"HOH":-390,"HOM":-331,"IHI":1169,"IOH":-142,"IOI":-1015,"IOM":467,"MMH":187,"OOI":-1832}; + this.TC2__ = {"HHO":2088,"HII":-1023,"HMM":-1154,"IHI":-1965,"KKH":703,"OII":-2649}; + this.TC3__ = {"AAA":-294,"HHH":346,"HHI":-341,"HII":-1088,"HIK":731,"HOH":-1486,"IHH":128,"IHI":-3041,"IHO":-1935,"IIH":-825,"IIM":-1035,"IOI":-542,"KHH":-1216,"KKA":491,"KKH":-1217,"KOK":-1009,"MHH":-2694,"MHM":-457,"MHO":123,"MMH":-471,"NNH":-1689,"NNO":662,"OHO":-3393}; + this.TC4__ = {"HHH":-203,"HHI":1344,"HHK":365,"HHM":-122,"HHN":182,"HHO":669,"HIH":804,"HII":679,"HOH":446,"IHH":695,"IHO":-2324,"IIH":321,"III":1497,"IIO":656,"IOO":54,"KAK":4845,"KKA":3386,"KKK":3065,"MHH":-405,"MHI":201,"MMH":-241,"MMM":661,"MOM":841}; + this.TQ1__ = {"BHHH":-227,"BHHI":316,"BHIH":-132,"BIHH":60,"BIII":1595,"BNHH":-744,"BOHH":225,"BOOO":-908,"OAKK":482,"OHHH":281,"OHIH":249,"OIHI":200,"OIIH":-68}; + this.TQ2__ = {"BIHH":-1401,"BIII":-1033,"BKAK":-543,"BOOO":-5591}; + this.TQ3__ = {"BHHH":478,"BHHM":-1073,"BHIH":222,"BHII":-504,"BIIH":-116,"BIII":-105,"BMHI":-863,"BMHM":-464,"BOMH":620,"OHHH":346,"OHHI":1729,"OHII":997,"OHMH":481,"OIHH":623,"OIIH":1344,"OKAK":2792,"OKHH":587,"OKKA":679,"OOHH":110,"OOII":-685}; + this.TQ4__ = {"BHHH":-721,"BHHM":-3604,"BHII":-966,"BIIH":-607,"BIII":-2181,"OAAA":-2763,"OAKK":180,"OHHH":-294,"OHHI":2446,"OHHO":480,"OHIH":-1573,"OIHH":1935,"OIHI":-493,"OIIH":626,"OIII":-4007,"OKAK":-8156}; + this.TW1__ = {"につい":-4681,"東京都":2026}; + this.TW2__ = {"ある程":-2049,"いった":-1256,"ころが":-2434,"しょう":3873,"その後":-4430,"だって":-1049,"ていた":1833,"として":-4657,"ともに":-4517,"もので":1882,"一気に":-792,"初めて":-1512,"同時に":-8097,"大きな":-1255,"対して":-2721,"社会党":-3216}; + this.TW3__ = {"いただ":-1734,"してい":1314,"として":-4314,"につい":-5483,"にとっ":-5989,"に当た":-6247,"ので,":-727,"ので、":-727,"のもの":-600,"れから":-3752,"十二月":-2287}; + this.TW4__ = {"いう.":8576,"いう。":8576,"からな":-2348,"してい":2958,"たが,":1516,"たが、":1516,"ている":1538,"という":1349,"ました":5543,"ません":1097,"ようと":-4258,"よると":5865}; + this.UC1__ = {"A":484,"K":93,"M":645,"O":-505}; + this.UC2__ = {"A":819,"H":1059,"I":409,"M":3987,"N":5775,"O":646}; + this.UC3__ = {"A":-1370,"I":2311}; + this.UC4__ = {"A":-2643,"H":1809,"I":-1032,"K":-3450,"M":3565,"N":3876,"O":6646}; + this.UC5__ = {"H":313,"I":-1238,"K":-799,"M":539,"O":-831}; + this.UC6__ = {"H":-506,"I":-253,"K":87,"M":247,"O":-387}; + this.UP1__ = {"O":-214}; + this.UP2__ = {"B":69,"O":935}; + this.UP3__ = {"B":189}; + this.UQ1__ = {"BH":21,"BI":-12,"BK":-99,"BN":142,"BO":-56,"OH":-95,"OI":477,"OK":410,"OO":-2422}; + this.UQ2__ = {"BH":216,"BI":113,"OK":1759}; + this.UQ3__ = {"BA":-479,"BH":42,"BI":1913,"BK":-7198,"BM":3160,"BN":6427,"BO":14761,"OI":-827,"ON":-3212}; + this.UW1__ = {",":156,"、":156,"「":-463,"あ":-941,"う":-127,"が":-553,"き":121,"こ":505,"で":-201,"と":-547,"ど":-123,"に":-789,"の":-185,"は":-847,"も":-466,"や":-470,"よ":182,"ら":-292,"り":208,"れ":169,"を":-446,"ん":-137,"・":-135,"主":-402,"京":-268,"区":-912,"午":871,"国":-460,"大":561,"委":729,"市":-411,"日":-141,"理":361,"生":-408,"県":-386,"都":-718,"「":-463,"・":-135}; + this.UW2__ = {",":-829,"、":-829,"〇":892,"「":-645,"」":3145,"あ":-538,"い":505,"う":134,"お":-502,"か":1454,"が":-856,"く":-412,"こ":1141,"さ":878,"ざ":540,"し":1529,"す":-675,"せ":300,"そ":-1011,"た":188,"だ":1837,"つ":-949,"て":-291,"で":-268,"と":-981,"ど":1273,"な":1063,"に":-1764,"の":130,"は":-409,"ひ":-1273,"べ":1261,"ま":600,"も":-1263,"や":-402,"よ":1639,"り":-579,"る":-694,"れ":571,"を":-2516,"ん":2095,"ア":-587,"カ":306,"キ":568,"ッ":831,"三":-758,"不":-2150,"世":-302,"中":-968,"主":-861,"事":492,"人":-123,"会":978,"保":362,"入":548,"初":-3025,"副":-1566,"北":-3414,"区":-422,"大":-1769,"天":-865,"太":-483,"子":-1519,"学":760,"実":1023,"小":-2009,"市":-813,"年":-1060,"強":1067,"手":-1519,"揺":-1033,"政":1522,"文":-1355,"新":-1682,"日":-1815,"明":-1462,"最":-630,"朝":-1843,"本":-1650,"東":-931,"果":-665,"次":-2378,"民":-180,"気":-1740,"理":752,"発":529,"目":-1584,"相":-242,"県":-1165,"立":-763,"第":810,"米":509,"自":-1353,"行":838,"西":-744,"見":-3874,"調":1010,"議":1198,"込":3041,"開":1758,"間":-1257,"「":-645,"」":3145,"ッ":831,"ア":-587,"カ":306,"キ":568}; + this.UW3__ = {",":4889,"1":-800,"−":-1723,"、":4889,"々":-2311,"〇":5827,"」":2670,"〓":-3573,"あ":-2696,"い":1006,"う":2342,"え":1983,"お":-4864,"か":-1163,"が":3271,"く":1004,"け":388,"げ":401,"こ":-3552,"ご":-3116,"さ":-1058,"し":-395,"す":584,"せ":3685,"そ":-5228,"た":842,"ち":-521,"っ":-1444,"つ":-1081,"て":6167,"で":2318,"と":1691,"ど":-899,"な":-2788,"に":2745,"の":4056,"は":4555,"ひ":-2171,"ふ":-1798,"へ":1199,"ほ":-5516,"ま":-4384,"み":-120,"め":1205,"も":2323,"や":-788,"よ":-202,"ら":727,"り":649,"る":5905,"れ":2773,"わ":-1207,"を":6620,"ん":-518,"ア":551,"グ":1319,"ス":874,"ッ":-1350,"ト":521,"ム":1109,"ル":1591,"ロ":2201,"ン":278,"・":-3794,"一":-1619,"下":-1759,"世":-2087,"両":3815,"中":653,"主":-758,"予":-1193,"二":974,"人":2742,"今":792,"他":1889,"以":-1368,"低":811,"何":4265,"作":-361,"保":-2439,"元":4858,"党":3593,"全":1574,"公":-3030,"六":755,"共":-1880,"円":5807,"再":3095,"分":457,"初":2475,"別":1129,"前":2286,"副":4437,"力":365,"動":-949,"務":-1872,"化":1327,"北":-1038,"区":4646,"千":-2309,"午":-783,"協":-1006,"口":483,"右":1233,"各":3588,"合":-241,"同":3906,"和":-837,"員":4513,"国":642,"型":1389,"場":1219,"外":-241,"妻":2016,"学":-1356,"安":-423,"実":-1008,"家":1078,"小":-513,"少":-3102,"州":1155,"市":3197,"平":-1804,"年":2416,"広":-1030,"府":1605,"度":1452,"建":-2352,"当":-3885,"得":1905,"思":-1291,"性":1822,"戸":-488,"指":-3973,"政":-2013,"教":-1479,"数":3222,"文":-1489,"新":1764,"日":2099,"旧":5792,"昨":-661,"時":-1248,"曜":-951,"最":-937,"月":4125,"期":360,"李":3094,"村":364,"東":-805,"核":5156,"森":2438,"業":484,"氏":2613,"民":-1694,"決":-1073,"法":1868,"海":-495,"無":979,"物":461,"特":-3850,"生":-273,"用":914,"町":1215,"的":7313,"直":-1835,"省":792,"県":6293,"知":-1528,"私":4231,"税":401,"立":-960,"第":1201,"米":7767,"系":3066,"約":3663,"級":1384,"統":-4229,"総":1163,"線":1255,"者":6457,"能":725,"自":-2869,"英":785,"見":1044,"調":-562,"財":-733,"費":1777,"車":1835,"軍":1375,"込":-1504,"通":-1136,"選":-681,"郎":1026,"郡":4404,"部":1200,"金":2163,"長":421,"開":-1432,"間":1302,"関":-1282,"雨":2009,"電":-1045,"非":2066,"駅":1620,"1":-800,"」":2670,"・":-3794,"ッ":-1350,"ア":551,"グ":1319,"ス":874,"ト":521,"ム":1109,"ル":1591,"ロ":2201,"ン":278}; + this.UW4__ = {",":3930,".":3508,"―":-4841,"、":3930,"。":3508,"〇":4999,"「":1895,"」":3798,"〓":-5156,"あ":4752,"い":-3435,"う":-640,"え":-2514,"お":2405,"か":530,"が":6006,"き":-4482,"ぎ":-3821,"く":-3788,"け":-4376,"げ":-4734,"こ":2255,"ご":1979,"さ":2864,"し":-843,"じ":-2506,"す":-731,"ず":1251,"せ":181,"そ":4091,"た":5034,"だ":5408,"ち":-3654,"っ":-5882,"つ":-1659,"て":3994,"で":7410,"と":4547,"な":5433,"に":6499,"ぬ":1853,"ね":1413,"の":7396,"は":8578,"ば":1940,"ひ":4249,"び":-4134,"ふ":1345,"へ":6665,"べ":-744,"ほ":1464,"ま":1051,"み":-2082,"む":-882,"め":-5046,"も":4169,"ゃ":-2666,"や":2795,"ょ":-1544,"よ":3351,"ら":-2922,"り":-9726,"る":-14896,"れ":-2613,"ろ":-4570,"わ":-1783,"を":13150,"ん":-2352,"カ":2145,"コ":1789,"セ":1287,"ッ":-724,"ト":-403,"メ":-1635,"ラ":-881,"リ":-541,"ル":-856,"ン":-3637,"・":-4371,"ー":-11870,"一":-2069,"中":2210,"予":782,"事":-190,"井":-1768,"人":1036,"以":544,"会":950,"体":-1286,"作":530,"側":4292,"先":601,"党":-2006,"共":-1212,"内":584,"円":788,"初":1347,"前":1623,"副":3879,"力":-302,"動":-740,"務":-2715,"化":776,"区":4517,"協":1013,"参":1555,"合":-1834,"和":-681,"員":-910,"器":-851,"回":1500,"国":-619,"園":-1200,"地":866,"場":-1410,"塁":-2094,"士":-1413,"多":1067,"大":571,"子":-4802,"学":-1397,"定":-1057,"寺":-809,"小":1910,"屋":-1328,"山":-1500,"島":-2056,"川":-2667,"市":2771,"年":374,"庁":-4556,"後":456,"性":553,"感":916,"所":-1566,"支":856,"改":787,"政":2182,"教":704,"文":522,"方":-856,"日":1798,"時":1829,"最":845,"月":-9066,"木":-485,"来":-442,"校":-360,"業":-1043,"氏":5388,"民":-2716,"気":-910,"沢":-939,"済":-543,"物":-735,"率":672,"球":-1267,"生":-1286,"産":-1101,"田":-2900,"町":1826,"的":2586,"目":922,"省":-3485,"県":2997,"空":-867,"立":-2112,"第":788,"米":2937,"系":786,"約":2171,"経":1146,"統":-1169,"総":940,"線":-994,"署":749,"者":2145,"能":-730,"般":-852,"行":-792,"規":792,"警":-1184,"議":-244,"谷":-1000,"賞":730,"車":-1481,"軍":1158,"輪":-1433,"込":-3370,"近":929,"道":-1291,"選":2596,"郎":-4866,"都":1192,"野":-1100,"銀":-2213,"長":357,"間":-2344,"院":-2297,"際":-2604,"電":-878,"領":-1659,"題":-792,"館":-1984,"首":1749,"高":2120,"「":1895,"」":3798,"・":-4371,"ッ":-724,"ー":-11870,"カ":2145,"コ":1789,"セ":1287,"ト":-403,"メ":-1635,"ラ":-881,"リ":-541,"ル":-856,"ン":-3637}; + this.UW5__ = {",":465,".":-299,"1":-514,"E2":-32768,"]":-2762,"、":465,"。":-299,"「":363,"あ":1655,"い":331,"う":-503,"え":1199,"お":527,"か":647,"が":-421,"き":1624,"ぎ":1971,"く":312,"げ":-983,"さ":-1537,"し":-1371,"す":-852,"だ":-1186,"ち":1093,"っ":52,"つ":921,"て":-18,"で":-850,"と":-127,"ど":1682,"な":-787,"に":-1224,"の":-635,"は":-578,"べ":1001,"み":502,"め":865,"ゃ":3350,"ょ":854,"り":-208,"る":429,"れ":504,"わ":419,"を":-1264,"ん":327,"イ":241,"ル":451,"ン":-343,"中":-871,"京":722,"会":-1153,"党":-654,"務":3519,"区":-901,"告":848,"員":2104,"大":-1296,"学":-548,"定":1785,"嵐":-1304,"市":-2991,"席":921,"年":1763,"思":872,"所":-814,"挙":1618,"新":-1682,"日":218,"月":-4353,"査":932,"格":1356,"機":-1508,"氏":-1347,"田":240,"町":-3912,"的":-3149,"相":1319,"省":-1052,"県":-4003,"研":-997,"社":-278,"空":-813,"統":1955,"者":-2233,"表":663,"語":-1073,"議":1219,"選":-1018,"郎":-368,"長":786,"間":1191,"題":2368,"館":-689,"1":-514,"E2":-32768,"「":363,"イ":241,"ル":451,"ン":-343}; + this.UW6__ = {",":227,".":808,"1":-270,"E1":306,"、":227,"。":808,"あ":-307,"う":189,"か":241,"が":-73,"く":-121,"こ":-200,"じ":1782,"す":383,"た":-428,"っ":573,"て":-1014,"で":101,"と":-105,"な":-253,"に":-149,"の":-417,"は":-236,"も":-206,"り":187,"る":-135,"を":195,"ル":-673,"ン":-496,"一":-277,"中":201,"件":-800,"会":624,"前":302,"区":1792,"員":-1212,"委":798,"学":-960,"市":887,"広":-695,"後":535,"業":-697,"相":753,"社":-507,"福":974,"空":-822,"者":1811,"連":463,"郎":1082,"1":-270,"E1":306,"ル":-673,"ン":-496}; + + return this; + } + TinySegmenter.prototype.ctype_ = function(str) { + for (var i in this.chartype_) { + if (str.match(this.chartype_[i][0])) { + return this.chartype_[i][1]; + } + } + return "O"; + } + + TinySegmenter.prototype.ts_ = function(v) { + if (v) { return v; } + return 0; + } + + TinySegmenter.prototype.segment = function(input) { + if (input == null || input == undefined || input == "") { + return []; + } + var result = []; + var seg = ["B3","B2","B1"]; + var ctype = ["O","O","O"]; + var o = input.split(""); + for (i = 0; i < o.length; ++i) { + seg.push(o[i]); + ctype.push(this.ctype_(o[i])) + } + seg.push("E1"); + seg.push("E2"); + seg.push("E3"); + ctype.push("O"); + ctype.push("O"); + ctype.push("O"); + var word = seg[3]; + var p1 = "U"; + var p2 = "U"; + var p3 = "U"; + for (var i = 4; i < seg.length - 3; ++i) { + var score = this.BIAS__; + var w1 = seg[i-3]; + var w2 = seg[i-2]; + var w3 = seg[i-1]; + var w4 = seg[i]; + var w5 = seg[i+1]; + var w6 = seg[i+2]; + var c1 = ctype[i-3]; + var c2 = ctype[i-2]; + var c3 = ctype[i-1]; + var c4 = ctype[i]; + var c5 = ctype[i+1]; + var c6 = ctype[i+2]; + score += this.ts_(this.UP1__[p1]); + score += this.ts_(this.UP2__[p2]); + score += this.ts_(this.UP3__[p3]); + score += this.ts_(this.BP1__[p1 + p2]); + score += this.ts_(this.BP2__[p2 + p3]); + score += this.ts_(this.UW1__[w1]); + score += this.ts_(this.UW2__[w2]); + score += this.ts_(this.UW3__[w3]); + score += this.ts_(this.UW4__[w4]); + score += this.ts_(this.UW5__[w5]); + score += this.ts_(this.UW6__[w6]); + score += this.ts_(this.BW1__[w2 + w3]); + score += this.ts_(this.BW2__[w3 + w4]); + score += this.ts_(this.BW3__[w4 + w5]); + score += this.ts_(this.TW1__[w1 + w2 + w3]); + score += this.ts_(this.TW2__[w2 + w3 + w4]); + score += this.ts_(this.TW3__[w3 + w4 + w5]); + score += this.ts_(this.TW4__[w4 + w5 + w6]); + score += this.ts_(this.UC1__[c1]); + score += this.ts_(this.UC2__[c2]); + score += this.ts_(this.UC3__[c3]); + score += this.ts_(this.UC4__[c4]); + score += this.ts_(this.UC5__[c5]); + score += this.ts_(this.UC6__[c6]); + score += this.ts_(this.BC1__[c2 + c3]); + score += this.ts_(this.BC2__[c3 + c4]); + score += this.ts_(this.BC3__[c4 + c5]); + score += this.ts_(this.TC1__[c1 + c2 + c3]); + score += this.ts_(this.TC2__[c2 + c3 + c4]); + score += this.ts_(this.TC3__[c3 + c4 + c5]); + score += this.ts_(this.TC4__[c4 + c5 + c6]); + // score += this.ts_(this.TC5__[c4 + c5 + c6]); + score += this.ts_(this.UQ1__[p1 + c1]); + score += this.ts_(this.UQ2__[p2 + c2]); + score += this.ts_(this.UQ3__[p3 + c3]); + score += this.ts_(this.BQ1__[p2 + c2 + c3]); + score += this.ts_(this.BQ2__[p2 + c3 + c4]); + score += this.ts_(this.BQ3__[p3 + c2 + c3]); + score += this.ts_(this.BQ4__[p3 + c3 + c4]); + score += this.ts_(this.TQ1__[p2 + c1 + c2 + c3]); + score += this.ts_(this.TQ2__[p2 + c2 + c3 + c4]); + score += this.ts_(this.TQ3__[p3 + c1 + c2 + c3]); + score += this.ts_(this.TQ4__[p3 + c2 + c3 + c4]); + var p = "O"; + if (score > 0) { + result.push(word); + word = ""; + p = "B"; + } + p1 = p2; + p2 = p3; + p3 = p; + word += seg[i]; + } + result.push(word); + + return result; + } + + lunr.TinySegmenter = TinySegmenter; + }; + +})); \ No newline at end of file diff --git a/2.5/assets/javascripts/lunr/wordcut.js b/2.5/assets/javascripts/lunr/wordcut.js new file mode 100644 index 000000000..146f4b44b --- /dev/null +++ b/2.5/assets/javascripts/lunr/wordcut.js @@ -0,0 +1,6708 @@ +(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}(g.lunr || (g.lunr = {})).wordcut = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o 1; + }) + this.addWords(words, false) + } + if(finalize){ + this.finalizeDict(); + } + }, + + dictSeek: function (l, r, ch, strOffset, pos) { + var ans = null; + while (l <= r) { + var m = Math.floor((l + r) / 2), + dict_item = this.dict[m], + len = dict_item.length; + if (len <= strOffset) { + l = m + 1; + } else { + var ch_ = dict_item[strOffset]; + if (ch_ < ch) { + l = m + 1; + } else if (ch_ > ch) { + r = m - 1; + } else { + ans = m; + if (pos == LEFT) { + r = m - 1; + } else { + l = m + 1; + } + } + } + } + return ans; + }, + + isFinal: function (acceptor) { + return this.dict[acceptor.l].length == acceptor.strOffset; + }, + + createAcceptor: function () { + return { + l: 0, + r: this.dict.length - 1, + strOffset: 0, + isFinal: false, + dict: this, + transit: function (ch) { + return this.dict.transit(this, ch); + }, + isError: false, + tag: "DICT", + w: 1, + type: "DICT" + }; + }, + + transit: function (acceptor, ch) { + var l = this.dictSeek(acceptor.l, + acceptor.r, + ch, + acceptor.strOffset, + LEFT); + if (l !== null) { + var r = this.dictSeek(l, + acceptor.r, + ch, + acceptor.strOffset, + RIGHT); + acceptor.l = l; + acceptor.r = r; + acceptor.strOffset++; + acceptor.isFinal = this.isFinal(acceptor); + } else { + acceptor.isError = true; + } + return acceptor; + }, + + sortuniq: function(a){ + return a.sort().filter(function(item, pos, arr){ + return !pos || item != arr[pos - 1]; + }) + }, + + flatten: function(a){ + //[[1,2],[3]] -> [1,2,3] + return [].concat.apply([], a); + } +}; +module.exports = WordcutDict; + +}).call(this,"/dist/tmp") +},{"glob":16,"path":22}],3:[function(require,module,exports){ +var WordRule = { + createAcceptor: function(tag) { + if (tag["WORD_RULE"]) + return null; + + return {strOffset: 0, + isFinal: false, + transit: function(ch) { + var lch = ch.toLowerCase(); + if (lch >= "a" && lch <= "z") { + this.isFinal = true; + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: "WORD_RULE", + type: "WORD_RULE", + w: 1}; + } +}; + +var NumberRule = { + createAcceptor: function(tag) { + if (tag["NUMBER_RULE"]) + return null; + + return {strOffset: 0, + isFinal: false, + transit: function(ch) { + if (ch >= "0" && ch <= "9") { + this.isFinal = true; + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: "NUMBER_RULE", + type: "NUMBER_RULE", + w: 1}; + } +}; + +var SpaceRule = { + tag: "SPACE_RULE", + createAcceptor: function(tag) { + + if (tag["SPACE_RULE"]) + return null; + + return {strOffset: 0, + isFinal: false, + transit: function(ch) { + if (ch == " " || ch == "\t" || ch == "\r" || ch == "\n" || + ch == "\u00A0" || ch=="\u2003"//nbsp and emsp + ) { + this.isFinal = true; + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: SpaceRule.tag, + w: 1, + type: "SPACE_RULE"}; + } +} + +var SingleSymbolRule = { + tag: "SINSYM", + createAcceptor: function(tag) { + return {strOffset: 0, + isFinal: false, + transit: function(ch) { + if (this.strOffset == 0 && ch.match(/^[\@\(\)\/\,\-\."`]$/)) { + this.isFinal = true; + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: "SINSYM", + w: 1, + type: "SINSYM"}; + } +} + + +var LatinRules = [WordRule, SpaceRule, SingleSymbolRule, NumberRule]; + +module.exports = LatinRules; + +},{}],4:[function(require,module,exports){ +var _ = require("underscore") + , WordcutCore = require("./wordcut_core"); +var PathInfoBuilder = { + + /* + buildByPartAcceptors: function(path, acceptors, i) { + var + var genInfos = partAcceptors.reduce(function(genInfos, acceptor) { + + }, []); + + return genInfos; + } + */ + + buildByAcceptors: function(path, finalAcceptors, i) { + var self = this; + var infos = finalAcceptors.map(function(acceptor) { + var p = i - acceptor.strOffset + 1 + , _info = path[p]; + + var info = {p: p, + mw: _info.mw + (acceptor.mw === undefined ? 0 : acceptor.mw), + w: acceptor.w + _info.w, + unk: (acceptor.unk ? acceptor.unk : 0) + _info.unk, + type: acceptor.type}; + + if (acceptor.type == "PART") { + for(var j = p + 1; j <= i; j++) { + path[j].merge = p; + } + info.merge = p; + } + + return info; + }); + return infos.filter(function(info) { return info; }); + }, + + fallback: function(path, leftBoundary, text, i) { + var _info = path[leftBoundary]; + if (text[i].match(/[\u0E48-\u0E4E]/)) { + if (leftBoundary != 0) + leftBoundary = path[leftBoundary].p; + return {p: leftBoundary, + mw: 0, + w: 1 + _info.w, + unk: 1 + _info.unk, + type: "UNK"}; +/* } else if(leftBoundary > 0 && path[leftBoundary].type !== "UNK") { + leftBoundary = path[leftBoundary].p; + return {p: leftBoundary, + w: 1 + _info.w, + unk: 1 + _info.unk, + type: "UNK"}; */ + } else { + return {p: leftBoundary, + mw: _info.mw, + w: 1 + _info.w, + unk: 1 + _info.unk, + type: "UNK"}; + } + }, + + build: function(path, finalAcceptors, i, leftBoundary, text) { + var basicPathInfos = this.buildByAcceptors(path, finalAcceptors, i); + if (basicPathInfos.length > 0) { + return basicPathInfos; + } else { + return [this.fallback(path, leftBoundary, text, i)]; + } + } +}; + +module.exports = function() { + return _.clone(PathInfoBuilder); +} + +},{"./wordcut_core":8,"underscore":25}],5:[function(require,module,exports){ +var _ = require("underscore"); + + +var PathSelector = { + selectPath: function(paths) { + var path = paths.reduce(function(selectedPath, path) { + if (selectedPath == null) { + return path; + } else { + if (path.unk < selectedPath.unk) + return path; + if (path.unk == selectedPath.unk) { + if (path.mw < selectedPath.mw) + return path + if (path.mw == selectedPath.mw) { + if (path.w < selectedPath.w) + return path; + } + } + return selectedPath; + } + }, null); + return path; + }, + + createPath: function() { + return [{p:null, w:0, unk:0, type: "INIT", mw:0}]; + } +}; + +module.exports = function() { + return _.clone(PathSelector); +}; + +},{"underscore":25}],6:[function(require,module,exports){ +function isMatch(pat, offset, ch) { + if (pat.length <= offset) + return false; + var _ch = pat[offset]; + return _ch == ch || + (_ch.match(/[กข]/) && ch.match(/[ก-ฮ]/)) || + (_ch.match(/[มบ]/) && ch.match(/[ก-ฮ]/)) || + (_ch.match(/\u0E49/) && ch.match(/[\u0E48-\u0E4B]/)); +} + +var Rule0 = { + pat: "เหก็ม", + createAcceptor: function(tag) { + return {strOffset: 0, + isFinal: false, + transit: function(ch) { + if (isMatch(Rule0.pat, this.strOffset,ch)) { + this.isFinal = (this.strOffset + 1 == Rule0.pat.length); + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: "THAI_RULE", + type: "THAI_RULE", + w: 1}; + } +}; + +var PartRule = { + createAcceptor: function(tag) { + return {strOffset: 0, + patterns: [ + "แก", "เก", "ก้", "กก์", "กา", "กี", "กิ", "กืก" + ], + isFinal: false, + transit: function(ch) { + var offset = this.strOffset; + this.patterns = this.patterns.filter(function(pat) { + return isMatch(pat, offset, ch); + }); + + if (this.patterns.length > 0) { + var len = 1 + offset; + this.isFinal = this.patterns.some(function(pat) { + return pat.length == len; + }); + this.strOffset++; + } else { + this.isError = true; + } + return this; + }, + isError: false, + tag: "PART", + type: "PART", + unk: 1, + w: 1}; + } +}; + +var ThaiRules = [Rule0, PartRule]; + +module.exports = ThaiRules; + +},{}],7:[function(require,module,exports){ +var sys = require("sys") + , WordcutDict = require("./dict") + , WordcutCore = require("./wordcut_core") + , PathInfoBuilder = require("./path_info_builder") + , PathSelector = require("./path_selector") + , Acceptors = require("./acceptors") + , latinRules = require("./latin_rules") + , thaiRules = require("./thai_rules") + , _ = require("underscore"); + + +var Wordcut = Object.create(WordcutCore); +Wordcut.defaultPathInfoBuilder = PathInfoBuilder; +Wordcut.defaultPathSelector = PathSelector; +Wordcut.defaultAcceptors = Acceptors; +Wordcut.defaultLatinRules = latinRules; +Wordcut.defaultThaiRules = thaiRules; +Wordcut.defaultDict = WordcutDict; + + +Wordcut.initNoDict = function(dict_path) { + var self = this; + self.pathInfoBuilder = new self.defaultPathInfoBuilder; + self.pathSelector = new self.defaultPathSelector; + self.acceptors = new self.defaultAcceptors; + self.defaultLatinRules.forEach(function(rule) { + self.acceptors.creators.push(rule); + }); + self.defaultThaiRules.forEach(function(rule) { + self.acceptors.creators.push(rule); + }); +}; + +Wordcut.init = function(dict_path, withDefault, additionalWords) { + withDefault = withDefault || false; + this.initNoDict(); + var dict = _.clone(this.defaultDict); + dict.init(dict_path, withDefault, additionalWords); + this.acceptors.creators.push(dict); +}; + +module.exports = Wordcut; + +},{"./acceptors":1,"./dict":2,"./latin_rules":3,"./path_info_builder":4,"./path_selector":5,"./thai_rules":6,"./wordcut_core":8,"sys":28,"underscore":25}],8:[function(require,module,exports){ +var WordcutCore = { + + buildPath: function(text) { + var self = this + , path = self.pathSelector.createPath() + , leftBoundary = 0; + self.acceptors.reset(); + for (var i = 0; i < text.length; i++) { + var ch = text[i]; + self.acceptors.transit(ch); + + var possiblePathInfos = self + .pathInfoBuilder + .build(path, + self.acceptors.getFinalAcceptors(), + i, + leftBoundary, + text); + var selectedPath = self.pathSelector.selectPath(possiblePathInfos) + + path.push(selectedPath); + if (selectedPath.type !== "UNK") { + leftBoundary = i; + } + } + return path; + }, + + pathToRanges: function(path) { + var e = path.length - 1 + , ranges = []; + + while (e > 0) { + var info = path[e] + , s = info.p; + + if (info.merge !== undefined && ranges.length > 0) { + var r = ranges[ranges.length - 1]; + r.s = info.merge; + s = r.s; + } else { + ranges.push({s:s, e:e}); + } + e = s; + } + return ranges.reverse(); + }, + + rangesToText: function(text, ranges, delimiter) { + return ranges.map(function(r) { + return text.substring(r.s, r.e); + }).join(delimiter); + }, + + cut: function(text, delimiter) { + var path = this.buildPath(text) + , ranges = this.pathToRanges(path); + return this + .rangesToText(text, ranges, + (delimiter === undefined ? "|" : delimiter)); + }, + + cutIntoRanges: function(text, noText) { + var path = this.buildPath(text) + , ranges = this.pathToRanges(path); + + if (!noText) { + ranges.forEach(function(r) { + r.text = text.substring(r.s, r.e); + }); + } + return ranges; + }, + + cutIntoArray: function(text) { + var path = this.buildPath(text) + , ranges = this.pathToRanges(path); + + return ranges.map(function(r) { + return text.substring(r.s, r.e) + }); + } +}; + +module.exports = WordcutCore; + +},{}],9:[function(require,module,exports){ +// http://wiki.commonjs.org/wiki/Unit_Testing/1.0 +// +// THIS IS NOT TESTED NOR LIKELY TO WORK OUTSIDE V8! +// +// Originally from narwhal.js (http://narwhaljs.org) +// Copyright (c) 2009 Thomas Robinson <280north.com> +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the 'Software'), to +// deal in the Software without restriction, including without limitation the +// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +// sell copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +// when used in node, this will actually load the util module we depend on +// versus loading the builtin util module as happens otherwise +// this is a bug in node module loading as far as I am concerned +var util = require('util/'); + +var pSlice = Array.prototype.slice; +var hasOwn = Object.prototype.hasOwnProperty; + +// 1. The assert module provides functions that throw +// AssertionError's when particular conditions are not met. The +// assert module must conform to the following interface. + +var assert = module.exports = ok; + +// 2. The AssertionError is defined in assert. +// new assert.AssertionError({ message: message, +// actual: actual, +// expected: expected }) + +assert.AssertionError = function AssertionError(options) { + this.name = 'AssertionError'; + this.actual = options.actual; + this.expected = options.expected; + this.operator = options.operator; + if (options.message) { + this.message = options.message; + this.generatedMessage = false; + } else { + this.message = getMessage(this); + this.generatedMessage = true; + } + var stackStartFunction = options.stackStartFunction || fail; + + if (Error.captureStackTrace) { + Error.captureStackTrace(this, stackStartFunction); + } + else { + // non v8 browsers so we can have a stacktrace + var err = new Error(); + if (err.stack) { + var out = err.stack; + + // try to strip useless frames + var fn_name = stackStartFunction.name; + var idx = out.indexOf('\n' + fn_name); + if (idx >= 0) { + // once we have located the function frame + // we need to strip out everything before it (and its line) + var next_line = out.indexOf('\n', idx + 1); + out = out.substring(next_line + 1); + } + + this.stack = out; + } + } +}; + +// assert.AssertionError instanceof Error +util.inherits(assert.AssertionError, Error); + +function replacer(key, value) { + if (util.isUndefined(value)) { + return '' + value; + } + if (util.isNumber(value) && !isFinite(value)) { + return value.toString(); + } + if (util.isFunction(value) || util.isRegExp(value)) { + return value.toString(); + } + return value; +} + +function truncate(s, n) { + if (util.isString(s)) { + return s.length < n ? s : s.slice(0, n); + } else { + return s; + } +} + +function getMessage(self) { + return truncate(JSON.stringify(self.actual, replacer), 128) + ' ' + + self.operator + ' ' + + truncate(JSON.stringify(self.expected, replacer), 128); +} + +// At present only the three keys mentioned above are used and +// understood by the spec. Implementations or sub modules can pass +// other keys to the AssertionError's constructor - they will be +// ignored. + +// 3. All of the following functions must throw an AssertionError +// when a corresponding condition is not met, with a message that +// may be undefined if not provided. All assertion methods provide +// both the actual and expected values to the assertion error for +// display purposes. + +function fail(actual, expected, message, operator, stackStartFunction) { + throw new assert.AssertionError({ + message: message, + actual: actual, + expected: expected, + operator: operator, + stackStartFunction: stackStartFunction + }); +} + +// EXTENSION! allows for well behaved errors defined elsewhere. +assert.fail = fail; + +// 4. Pure assertion tests whether a value is truthy, as determined +// by !!guard. +// assert.ok(guard, message_opt); +// This statement is equivalent to assert.equal(true, !!guard, +// message_opt);. To test strictly for the value true, use +// assert.strictEqual(true, guard, message_opt);. + +function ok(value, message) { + if (!value) fail(value, true, message, '==', assert.ok); +} +assert.ok = ok; + +// 5. The equality assertion tests shallow, coercive equality with +// ==. +// assert.equal(actual, expected, message_opt); + +assert.equal = function equal(actual, expected, message) { + if (actual != expected) fail(actual, expected, message, '==', assert.equal); +}; + +// 6. The non-equality assertion tests for whether two objects are not equal +// with != assert.notEqual(actual, expected, message_opt); + +assert.notEqual = function notEqual(actual, expected, message) { + if (actual == expected) { + fail(actual, expected, message, '!=', assert.notEqual); + } +}; + +// 7. The equivalence assertion tests a deep equality relation. +// assert.deepEqual(actual, expected, message_opt); + +assert.deepEqual = function deepEqual(actual, expected, message) { + if (!_deepEqual(actual, expected)) { + fail(actual, expected, message, 'deepEqual', assert.deepEqual); + } +}; + +function _deepEqual(actual, expected) { + // 7.1. All identical values are equivalent, as determined by ===. + if (actual === expected) { + return true; + + } else if (util.isBuffer(actual) && util.isBuffer(expected)) { + if (actual.length != expected.length) return false; + + for (var i = 0; i < actual.length; i++) { + if (actual[i] !== expected[i]) return false; + } + + return true; + + // 7.2. If the expected value is a Date object, the actual value is + // equivalent if it is also a Date object that refers to the same time. + } else if (util.isDate(actual) && util.isDate(expected)) { + return actual.getTime() === expected.getTime(); + + // 7.3 If the expected value is a RegExp object, the actual value is + // equivalent if it is also a RegExp object with the same source and + // properties (`global`, `multiline`, `lastIndex`, `ignoreCase`). + } else if (util.isRegExp(actual) && util.isRegExp(expected)) { + return actual.source === expected.source && + actual.global === expected.global && + actual.multiline === expected.multiline && + actual.lastIndex === expected.lastIndex && + actual.ignoreCase === expected.ignoreCase; + + // 7.4. Other pairs that do not both pass typeof value == 'object', + // equivalence is determined by ==. + } else if (!util.isObject(actual) && !util.isObject(expected)) { + return actual == expected; + + // 7.5 For all other Object pairs, including Array objects, equivalence is + // determined by having the same number of owned properties (as verified + // with Object.prototype.hasOwnProperty.call), the same set of keys + // (although not necessarily the same order), equivalent values for every + // corresponding key, and an identical 'prototype' property. Note: this + // accounts for both named and indexed properties on Arrays. + } else { + return objEquiv(actual, expected); + } +} + +function isArguments(object) { + return Object.prototype.toString.call(object) == '[object Arguments]'; +} + +function objEquiv(a, b) { + if (util.isNullOrUndefined(a) || util.isNullOrUndefined(b)) + return false; + // an identical 'prototype' property. + if (a.prototype !== b.prototype) return false; + // if one is a primitive, the other must be same + if (util.isPrimitive(a) || util.isPrimitive(b)) { + return a === b; + } + var aIsArgs = isArguments(a), + bIsArgs = isArguments(b); + if ((aIsArgs && !bIsArgs) || (!aIsArgs && bIsArgs)) + return false; + if (aIsArgs) { + a = pSlice.call(a); + b = pSlice.call(b); + return _deepEqual(a, b); + } + var ka = objectKeys(a), + kb = objectKeys(b), + key, i; + // having the same number of owned properties (keys incorporates + // hasOwnProperty) + if (ka.length != kb.length) + return false; + //the same set of keys (although not necessarily the same order), + ka.sort(); + kb.sort(); + //~~~cheap key test + for (i = ka.length - 1; i >= 0; i--) { + if (ka[i] != kb[i]) + return false; + } + //equivalent values for every corresponding key, and + //~~~possibly expensive deep test + for (i = ka.length - 1; i >= 0; i--) { + key = ka[i]; + if (!_deepEqual(a[key], b[key])) return false; + } + return true; +} + +// 8. The non-equivalence assertion tests for any deep inequality. +// assert.notDeepEqual(actual, expected, message_opt); + +assert.notDeepEqual = function notDeepEqual(actual, expected, message) { + if (_deepEqual(actual, expected)) { + fail(actual, expected, message, 'notDeepEqual', assert.notDeepEqual); + } +}; + +// 9. The strict equality assertion tests strict equality, as determined by ===. +// assert.strictEqual(actual, expected, message_opt); + +assert.strictEqual = function strictEqual(actual, expected, message) { + if (actual !== expected) { + fail(actual, expected, message, '===', assert.strictEqual); + } +}; + +// 10. The strict non-equality assertion tests for strict inequality, as +// determined by !==. assert.notStrictEqual(actual, expected, message_opt); + +assert.notStrictEqual = function notStrictEqual(actual, expected, message) { + if (actual === expected) { + fail(actual, expected, message, '!==', assert.notStrictEqual); + } +}; + +function expectedException(actual, expected) { + if (!actual || !expected) { + return false; + } + + if (Object.prototype.toString.call(expected) == '[object RegExp]') { + return expected.test(actual); + } else if (actual instanceof expected) { + return true; + } else if (expected.call({}, actual) === true) { + return true; + } + + return false; +} + +function _throws(shouldThrow, block, expected, message) { + var actual; + + if (util.isString(expected)) { + message = expected; + expected = null; + } + + try { + block(); + } catch (e) { + actual = e; + } + + message = (expected && expected.name ? ' (' + expected.name + ').' : '.') + + (message ? ' ' + message : '.'); + + if (shouldThrow && !actual) { + fail(actual, expected, 'Missing expected exception' + message); + } + + if (!shouldThrow && expectedException(actual, expected)) { + fail(actual, expected, 'Got unwanted exception' + message); + } + + if ((shouldThrow && actual && expected && + !expectedException(actual, expected)) || (!shouldThrow && actual)) { + throw actual; + } +} + +// 11. Expected to throw an error: +// assert.throws(block, Error_opt, message_opt); + +assert.throws = function(block, /*optional*/error, /*optional*/message) { + _throws.apply(this, [true].concat(pSlice.call(arguments))); +}; + +// EXTENSION! This is annoying to write outside this module. +assert.doesNotThrow = function(block, /*optional*/message) { + _throws.apply(this, [false].concat(pSlice.call(arguments))); +}; + +assert.ifError = function(err) { if (err) {throw err;}}; + +var objectKeys = Object.keys || function (obj) { + var keys = []; + for (var key in obj) { + if (hasOwn.call(obj, key)) keys.push(key); + } + return keys; +}; + +},{"util/":28}],10:[function(require,module,exports){ +'use strict'; +module.exports = balanced; +function balanced(a, b, str) { + if (a instanceof RegExp) a = maybeMatch(a, str); + if (b instanceof RegExp) b = maybeMatch(b, str); + + var r = range(a, b, str); + + return r && { + start: r[0], + end: r[1], + pre: str.slice(0, r[0]), + body: str.slice(r[0] + a.length, r[1]), + post: str.slice(r[1] + b.length) + }; +} + +function maybeMatch(reg, str) { + var m = str.match(reg); + return m ? m[0] : null; +} + +balanced.range = range; +function range(a, b, str) { + var begs, beg, left, right, result; + var ai = str.indexOf(a); + var bi = str.indexOf(b, ai + 1); + var i = ai; + + if (ai >= 0 && bi > 0) { + begs = []; + left = str.length; + + while (i >= 0 && !result) { + if (i == ai) { + begs.push(i); + ai = str.indexOf(a, i + 1); + } else if (begs.length == 1) { + result = [ begs.pop(), bi ]; + } else { + beg = begs.pop(); + if (beg < left) { + left = beg; + right = bi; + } + + bi = str.indexOf(b, i + 1); + } + + i = ai < bi && ai >= 0 ? ai : bi; + } + + if (begs.length) { + result = [ left, right ]; + } + } + + return result; +} + +},{}],11:[function(require,module,exports){ +var concatMap = require('concat-map'); +var balanced = require('balanced-match'); + +module.exports = expandTop; + +var escSlash = '\0SLASH'+Math.random()+'\0'; +var escOpen = '\0OPEN'+Math.random()+'\0'; +var escClose = '\0CLOSE'+Math.random()+'\0'; +var escComma = '\0COMMA'+Math.random()+'\0'; +var escPeriod = '\0PERIOD'+Math.random()+'\0'; + +function numeric(str) { + return parseInt(str, 10) == str + ? parseInt(str, 10) + : str.charCodeAt(0); +} + +function escapeBraces(str) { + return str.split('\\\\').join(escSlash) + .split('\\{').join(escOpen) + .split('\\}').join(escClose) + .split('\\,').join(escComma) + .split('\\.').join(escPeriod); +} + +function unescapeBraces(str) { + return str.split(escSlash).join('\\') + .split(escOpen).join('{') + .split(escClose).join('}') + .split(escComma).join(',') + .split(escPeriod).join('.'); +} + + +// Basically just str.split(","), but handling cases +// where we have nested braced sections, which should be +// treated as individual members, like {a,{b,c},d} +function parseCommaParts(str) { + if (!str) + return ['']; + + var parts = []; + var m = balanced('{', '}', str); + + if (!m) + return str.split(','); + + var pre = m.pre; + var body = m.body; + var post = m.post; + var p = pre.split(','); + + p[p.length-1] += '{' + body + '}'; + var postParts = parseCommaParts(post); + if (post.length) { + p[p.length-1] += postParts.shift(); + p.push.apply(p, postParts); + } + + parts.push.apply(parts, p); + + return parts; +} + +function expandTop(str) { + if (!str) + return []; + + // I don't know why Bash 4.3 does this, but it does. + // Anything starting with {} will have the first two bytes preserved + // but *only* at the top level, so {},a}b will not expand to anything, + // but a{},b}c will be expanded to [a}c,abc]. + // One could argue that this is a bug in Bash, but since the goal of + // this module is to match Bash's rules, we escape a leading {} + if (str.substr(0, 2) === '{}') { + str = '\\{\\}' + str.substr(2); + } + + return expand(escapeBraces(str), true).map(unescapeBraces); +} + +function identity(e) { + return e; +} + +function embrace(str) { + return '{' + str + '}'; +} +function isPadded(el) { + return /^-?0\d/.test(el); +} + +function lte(i, y) { + return i <= y; +} +function gte(i, y) { + return i >= y; +} + +function expand(str, isTop) { + var expansions = []; + + var m = balanced('{', '}', str); + if (!m || /\$$/.test(m.pre)) return [str]; + + var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body); + var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body); + var isSequence = isNumericSequence || isAlphaSequence; + var isOptions = m.body.indexOf(',') >= 0; + if (!isSequence && !isOptions) { + // {a},b} + if (m.post.match(/,.*\}/)) { + str = m.pre + '{' + m.body + escClose + m.post; + return expand(str); + } + return [str]; + } + + var n; + if (isSequence) { + n = m.body.split(/\.\./); + } else { + n = parseCommaParts(m.body); + if (n.length === 1) { + // x{{a,b}}y ==> x{a}y x{b}y + n = expand(n[0], false).map(embrace); + if (n.length === 1) { + var post = m.post.length + ? expand(m.post, false) + : ['']; + return post.map(function(p) { + return m.pre + n[0] + p; + }); + } + } + } + + // at this point, n is the parts, and we know it's not a comma set + // with a single entry. + + // no need to expand pre, since it is guaranteed to be free of brace-sets + var pre = m.pre; + var post = m.post.length + ? expand(m.post, false) + : ['']; + + var N; + + if (isSequence) { + var x = numeric(n[0]); + var y = numeric(n[1]); + var width = Math.max(n[0].length, n[1].length) + var incr = n.length == 3 + ? Math.abs(numeric(n[2])) + : 1; + var test = lte; + var reverse = y < x; + if (reverse) { + incr *= -1; + test = gte; + } + var pad = n.some(isPadded); + + N = []; + + for (var i = x; test(i, y); i += incr) { + var c; + if (isAlphaSequence) { + c = String.fromCharCode(i); + if (c === '\\') + c = ''; + } else { + c = String(i); + if (pad) { + var need = width - c.length; + if (need > 0) { + var z = new Array(need + 1).join('0'); + if (i < 0) + c = '-' + z + c.slice(1); + else + c = z + c; + } + } + } + N.push(c); + } + } else { + N = concatMap(n, function(el) { return expand(el, false) }); + } + + for (var j = 0; j < N.length; j++) { + for (var k = 0; k < post.length; k++) { + var expansion = pre + N[j] + post[k]; + if (!isTop || isSequence || expansion) + expansions.push(expansion); + } + } + + return expansions; +} + + +},{"balanced-match":10,"concat-map":13}],12:[function(require,module,exports){ + +},{}],13:[function(require,module,exports){ +module.exports = function (xs, fn) { + var res = []; + for (var i = 0; i < xs.length; i++) { + var x = fn(xs[i], i); + if (isArray(x)) res.push.apply(res, x); + else res.push(x); + } + return res; +}; + +var isArray = Array.isArray || function (xs) { + return Object.prototype.toString.call(xs) === '[object Array]'; +}; + +},{}],14:[function(require,module,exports){ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +function EventEmitter() { + this._events = this._events || {}; + this._maxListeners = this._maxListeners || undefined; +} +module.exports = EventEmitter; + +// Backwards-compat with node 0.10.x +EventEmitter.EventEmitter = EventEmitter; + +EventEmitter.prototype._events = undefined; +EventEmitter.prototype._maxListeners = undefined; + +// By default EventEmitters will print a warning if more than 10 listeners are +// added to it. This is a useful default which helps finding memory leaks. +EventEmitter.defaultMaxListeners = 10; + +// Obviously not all Emitters should be limited to 10. This function allows +// that to be increased. Set to zero for unlimited. +EventEmitter.prototype.setMaxListeners = function(n) { + if (!isNumber(n) || n < 0 || isNaN(n)) + throw TypeError('n must be a positive number'); + this._maxListeners = n; + return this; +}; + +EventEmitter.prototype.emit = function(type) { + var er, handler, len, args, i, listeners; + + if (!this._events) + this._events = {}; + + // If there is no 'error' event listener then throw. + if (type === 'error') { + if (!this._events.error || + (isObject(this._events.error) && !this._events.error.length)) { + er = arguments[1]; + if (er instanceof Error) { + throw er; // Unhandled 'error' event + } + throw TypeError('Uncaught, unspecified "error" event.'); + } + } + + handler = this._events[type]; + + if (isUndefined(handler)) + return false; + + if (isFunction(handler)) { + switch (arguments.length) { + // fast cases + case 1: + handler.call(this); + break; + case 2: + handler.call(this, arguments[1]); + break; + case 3: + handler.call(this, arguments[1], arguments[2]); + break; + // slower + default: + len = arguments.length; + args = new Array(len - 1); + for (i = 1; i < len; i++) + args[i - 1] = arguments[i]; + handler.apply(this, args); + } + } else if (isObject(handler)) { + len = arguments.length; + args = new Array(len - 1); + for (i = 1; i < len; i++) + args[i - 1] = arguments[i]; + + listeners = handler.slice(); + len = listeners.length; + for (i = 0; i < len; i++) + listeners[i].apply(this, args); + } + + return true; +}; + +EventEmitter.prototype.addListener = function(type, listener) { + var m; + + if (!isFunction(listener)) + throw TypeError('listener must be a function'); + + if (!this._events) + this._events = {}; + + // To avoid recursion in the case that type === "newListener"! Before + // adding it to the listeners, first emit "newListener". + if (this._events.newListener) + this.emit('newListener', type, + isFunction(listener.listener) ? + listener.listener : listener); + + if (!this._events[type]) + // Optimize the case of one listener. Don't need the extra array object. + this._events[type] = listener; + else if (isObject(this._events[type])) + // If we've already got an array, just append. + this._events[type].push(listener); + else + // Adding the second element, need to change to array. + this._events[type] = [this._events[type], listener]; + + // Check for listener leak + if (isObject(this._events[type]) && !this._events[type].warned) { + var m; + if (!isUndefined(this._maxListeners)) { + m = this._maxListeners; + } else { + m = EventEmitter.defaultMaxListeners; + } + + if (m && m > 0 && this._events[type].length > m) { + this._events[type].warned = true; + console.error('(node) warning: possible EventEmitter memory ' + + 'leak detected. %d listeners added. ' + + 'Use emitter.setMaxListeners() to increase limit.', + this._events[type].length); + if (typeof console.trace === 'function') { + // not supported in IE 10 + console.trace(); + } + } + } + + return this; +}; + +EventEmitter.prototype.on = EventEmitter.prototype.addListener; + +EventEmitter.prototype.once = function(type, listener) { + if (!isFunction(listener)) + throw TypeError('listener must be a function'); + + var fired = false; + + function g() { + this.removeListener(type, g); + + if (!fired) { + fired = true; + listener.apply(this, arguments); + } + } + + g.listener = listener; + this.on(type, g); + + return this; +}; + +// emits a 'removeListener' event iff the listener was removed +EventEmitter.prototype.removeListener = function(type, listener) { + var list, position, length, i; + + if (!isFunction(listener)) + throw TypeError('listener must be a function'); + + if (!this._events || !this._events[type]) + return this; + + list = this._events[type]; + length = list.length; + position = -1; + + if (list === listener || + (isFunction(list.listener) && list.listener === listener)) { + delete this._events[type]; + if (this._events.removeListener) + this.emit('removeListener', type, listener); + + } else if (isObject(list)) { + for (i = length; i-- > 0;) { + if (list[i] === listener || + (list[i].listener && list[i].listener === listener)) { + position = i; + break; + } + } + + if (position < 0) + return this; + + if (list.length === 1) { + list.length = 0; + delete this._events[type]; + } else { + list.splice(position, 1); + } + + if (this._events.removeListener) + this.emit('removeListener', type, listener); + } + + return this; +}; + +EventEmitter.prototype.removeAllListeners = function(type) { + var key, listeners; + + if (!this._events) + return this; + + // not listening for removeListener, no need to emit + if (!this._events.removeListener) { + if (arguments.length === 0) + this._events = {}; + else if (this._events[type]) + delete this._events[type]; + return this; + } + + // emit removeListener for all listeners on all events + if (arguments.length === 0) { + for (key in this._events) { + if (key === 'removeListener') continue; + this.removeAllListeners(key); + } + this.removeAllListeners('removeListener'); + this._events = {}; + return this; + } + + listeners = this._events[type]; + + if (isFunction(listeners)) { + this.removeListener(type, listeners); + } else { + // LIFO order + while (listeners.length) + this.removeListener(type, listeners[listeners.length - 1]); + } + delete this._events[type]; + + return this; +}; + +EventEmitter.prototype.listeners = function(type) { + var ret; + if (!this._events || !this._events[type]) + ret = []; + else if (isFunction(this._events[type])) + ret = [this._events[type]]; + else + ret = this._events[type].slice(); + return ret; +}; + +EventEmitter.listenerCount = function(emitter, type) { + var ret; + if (!emitter._events || !emitter._events[type]) + ret = 0; + else if (isFunction(emitter._events[type])) + ret = 1; + else + ret = emitter._events[type].length; + return ret; +}; + +function isFunction(arg) { + return typeof arg === 'function'; +} + +function isNumber(arg) { + return typeof arg === 'number'; +} + +function isObject(arg) { + return typeof arg === 'object' && arg !== null; +} + +function isUndefined(arg) { + return arg === void 0; +} + +},{}],15:[function(require,module,exports){ +(function (process){ +exports.alphasort = alphasort +exports.alphasorti = alphasorti +exports.setopts = setopts +exports.ownProp = ownProp +exports.makeAbs = makeAbs +exports.finish = finish +exports.mark = mark +exports.isIgnored = isIgnored +exports.childrenIgnored = childrenIgnored + +function ownProp (obj, field) { + return Object.prototype.hasOwnProperty.call(obj, field) +} + +var path = require("path") +var minimatch = require("minimatch") +var isAbsolute = require("path-is-absolute") +var Minimatch = minimatch.Minimatch + +function alphasorti (a, b) { + return a.toLowerCase().localeCompare(b.toLowerCase()) +} + +function alphasort (a, b) { + return a.localeCompare(b) +} + +function setupIgnores (self, options) { + self.ignore = options.ignore || [] + + if (!Array.isArray(self.ignore)) + self.ignore = [self.ignore] + + if (self.ignore.length) { + self.ignore = self.ignore.map(ignoreMap) + } +} + +function ignoreMap (pattern) { + var gmatcher = null + if (pattern.slice(-3) === '/**') { + var gpattern = pattern.replace(/(\/\*\*)+$/, '') + gmatcher = new Minimatch(gpattern) + } + + return { + matcher: new Minimatch(pattern), + gmatcher: gmatcher + } +} + +function setopts (self, pattern, options) { + if (!options) + options = {} + + // base-matching: just use globstar for that. + if (options.matchBase && -1 === pattern.indexOf("/")) { + if (options.noglobstar) { + throw new Error("base matching requires globstar") + } + pattern = "**/" + pattern + } + + self.silent = !!options.silent + self.pattern = pattern + self.strict = options.strict !== false + self.realpath = !!options.realpath + self.realpathCache = options.realpathCache || Object.create(null) + self.follow = !!options.follow + self.dot = !!options.dot + self.mark = !!options.mark + self.nodir = !!options.nodir + if (self.nodir) + self.mark = true + self.sync = !!options.sync + self.nounique = !!options.nounique + self.nonull = !!options.nonull + self.nosort = !!options.nosort + self.nocase = !!options.nocase + self.stat = !!options.stat + self.noprocess = !!options.noprocess + + self.maxLength = options.maxLength || Infinity + self.cache = options.cache || Object.create(null) + self.statCache = options.statCache || Object.create(null) + self.symlinks = options.symlinks || Object.create(null) + + setupIgnores(self, options) + + self.changedCwd = false + var cwd = process.cwd() + if (!ownProp(options, "cwd")) + self.cwd = cwd + else { + self.cwd = options.cwd + self.changedCwd = path.resolve(options.cwd) !== cwd + } + + self.root = options.root || path.resolve(self.cwd, "/") + self.root = path.resolve(self.root) + if (process.platform === "win32") + self.root = self.root.replace(/\\/g, "/") + + self.nomount = !!options.nomount + + // disable comments and negation unless the user explicitly + // passes in false as the option. + options.nonegate = options.nonegate === false ? false : true + options.nocomment = options.nocomment === false ? false : true + deprecationWarning(options) + + self.minimatch = new Minimatch(pattern, options) + self.options = self.minimatch.options +} + +// TODO(isaacs): remove entirely in v6 +// exported to reset in tests +exports.deprecationWarned +function deprecationWarning(options) { + if (!options.nonegate || !options.nocomment) { + if (process.noDeprecation !== true && !exports.deprecationWarned) { + var msg = 'glob WARNING: comments and negation will be disabled in v6' + if (process.throwDeprecation) + throw new Error(msg) + else if (process.traceDeprecation) + console.trace(msg) + else + console.error(msg) + + exports.deprecationWarned = true + } + } +} + +function finish (self) { + var nou = self.nounique + var all = nou ? [] : Object.create(null) + + for (var i = 0, l = self.matches.length; i < l; i ++) { + var matches = self.matches[i] + if (!matches || Object.keys(matches).length === 0) { + if (self.nonull) { + // do like the shell, and spit out the literal glob + var literal = self.minimatch.globSet[i] + if (nou) + all.push(literal) + else + all[literal] = true + } + } else { + // had matches + var m = Object.keys(matches) + if (nou) + all.push.apply(all, m) + else + m.forEach(function (m) { + all[m] = true + }) + } + } + + if (!nou) + all = Object.keys(all) + + if (!self.nosort) + all = all.sort(self.nocase ? alphasorti : alphasort) + + // at *some* point we statted all of these + if (self.mark) { + for (var i = 0; i < all.length; i++) { + all[i] = self._mark(all[i]) + } + if (self.nodir) { + all = all.filter(function (e) { + return !(/\/$/.test(e)) + }) + } + } + + if (self.ignore.length) + all = all.filter(function(m) { + return !isIgnored(self, m) + }) + + self.found = all +} + +function mark (self, p) { + var abs = makeAbs(self, p) + var c = self.cache[abs] + var m = p + if (c) { + var isDir = c === 'DIR' || Array.isArray(c) + var slash = p.slice(-1) === '/' + + if (isDir && !slash) + m += '/' + else if (!isDir && slash) + m = m.slice(0, -1) + + if (m !== p) { + var mabs = makeAbs(self, m) + self.statCache[mabs] = self.statCache[abs] + self.cache[mabs] = self.cache[abs] + } + } + + return m +} + +// lotta situps... +function makeAbs (self, f) { + var abs = f + if (f.charAt(0) === '/') { + abs = path.join(self.root, f) + } else if (isAbsolute(f) || f === '') { + abs = f + } else if (self.changedCwd) { + abs = path.resolve(self.cwd, f) + } else { + abs = path.resolve(f) + } + return abs +} + + +// Return true, if pattern ends with globstar '**', for the accompanying parent directory. +// Ex:- If node_modules/** is the pattern, add 'node_modules' to ignore list along with it's contents +function isIgnored (self, path) { + if (!self.ignore.length) + return false + + return self.ignore.some(function(item) { + return item.matcher.match(path) || !!(item.gmatcher && item.gmatcher.match(path)) + }) +} + +function childrenIgnored (self, path) { + if (!self.ignore.length) + return false + + return self.ignore.some(function(item) { + return !!(item.gmatcher && item.gmatcher.match(path)) + }) +} + +}).call(this,require('_process')) +},{"_process":24,"minimatch":20,"path":22,"path-is-absolute":23}],16:[function(require,module,exports){ +(function (process){ +// Approach: +// +// 1. Get the minimatch set +// 2. For each pattern in the set, PROCESS(pattern, false) +// 3. Store matches per-set, then uniq them +// +// PROCESS(pattern, inGlobStar) +// Get the first [n] items from pattern that are all strings +// Join these together. This is PREFIX. +// If there is no more remaining, then stat(PREFIX) and +// add to matches if it succeeds. END. +// +// If inGlobStar and PREFIX is symlink and points to dir +// set ENTRIES = [] +// else readdir(PREFIX) as ENTRIES +// If fail, END +// +// with ENTRIES +// If pattern[n] is GLOBSTAR +// // handle the case where the globstar match is empty +// // by pruning it out, and testing the resulting pattern +// PROCESS(pattern[0..n] + pattern[n+1 .. $], false) +// // handle other cases. +// for ENTRY in ENTRIES (not dotfiles) +// // attach globstar + tail onto the entry +// // Mark that this entry is a globstar match +// PROCESS(pattern[0..n] + ENTRY + pattern[n .. $], true) +// +// else // not globstar +// for ENTRY in ENTRIES (not dotfiles, unless pattern[n] is dot) +// Test ENTRY against pattern[n] +// If fails, continue +// If passes, PROCESS(pattern[0..n] + item + pattern[n+1 .. $]) +// +// Caveat: +// Cache all stats and readdirs results to minimize syscall. Since all +// we ever care about is existence and directory-ness, we can just keep +// `true` for files, and [children,...] for directories, or `false` for +// things that don't exist. + +module.exports = glob + +var fs = require('fs') +var minimatch = require('minimatch') +var Minimatch = minimatch.Minimatch +var inherits = require('inherits') +var EE = require('events').EventEmitter +var path = require('path') +var assert = require('assert') +var isAbsolute = require('path-is-absolute') +var globSync = require('./sync.js') +var common = require('./common.js') +var alphasort = common.alphasort +var alphasorti = common.alphasorti +var setopts = common.setopts +var ownProp = common.ownProp +var inflight = require('inflight') +var util = require('util') +var childrenIgnored = common.childrenIgnored +var isIgnored = common.isIgnored + +var once = require('once') + +function glob (pattern, options, cb) { + if (typeof options === 'function') cb = options, options = {} + if (!options) options = {} + + if (options.sync) { + if (cb) + throw new TypeError('callback provided to sync glob') + return globSync(pattern, options) + } + + return new Glob(pattern, options, cb) +} + +glob.sync = globSync +var GlobSync = glob.GlobSync = globSync.GlobSync + +// old api surface +glob.glob = glob + +glob.hasMagic = function (pattern, options_) { + var options = util._extend({}, options_) + options.noprocess = true + + var g = new Glob(pattern, options) + var set = g.minimatch.set + if (set.length > 1) + return true + + for (var j = 0; j < set[0].length; j++) { + if (typeof set[0][j] !== 'string') + return true + } + + return false +} + +glob.Glob = Glob +inherits(Glob, EE) +function Glob (pattern, options, cb) { + if (typeof options === 'function') { + cb = options + options = null + } + + if (options && options.sync) { + if (cb) + throw new TypeError('callback provided to sync glob') + return new GlobSync(pattern, options) + } + + if (!(this instanceof Glob)) + return new Glob(pattern, options, cb) + + setopts(this, pattern, options) + this._didRealPath = false + + // process each pattern in the minimatch set + var n = this.minimatch.set.length + + // The matches are stored as {: true,...} so that + // duplicates are automagically pruned. + // Later, we do an Object.keys() on these. + // Keep them as a list so we can fill in when nonull is set. + this.matches = new Array(n) + + if (typeof cb === 'function') { + cb = once(cb) + this.on('error', cb) + this.on('end', function (matches) { + cb(null, matches) + }) + } + + var self = this + var n = this.minimatch.set.length + this._processing = 0 + this.matches = new Array(n) + + this._emitQueue = [] + this._processQueue = [] + this.paused = false + + if (this.noprocess) + return this + + if (n === 0) + return done() + + for (var i = 0; i < n; i ++) { + this._process(this.minimatch.set[i], i, false, done) + } + + function done () { + --self._processing + if (self._processing <= 0) + self._finish() + } +} + +Glob.prototype._finish = function () { + assert(this instanceof Glob) + if (this.aborted) + return + + if (this.realpath && !this._didRealpath) + return this._realpath() + + common.finish(this) + this.emit('end', this.found) +} + +Glob.prototype._realpath = function () { + if (this._didRealpath) + return + + this._didRealpath = true + + var n = this.matches.length + if (n === 0) + return this._finish() + + var self = this + for (var i = 0; i < this.matches.length; i++) + this._realpathSet(i, next) + + function next () { + if (--n === 0) + self._finish() + } +} + +Glob.prototype._realpathSet = function (index, cb) { + var matchset = this.matches[index] + if (!matchset) + return cb() + + var found = Object.keys(matchset) + var self = this + var n = found.length + + if (n === 0) + return cb() + + var set = this.matches[index] = Object.create(null) + found.forEach(function (p, i) { + // If there's a problem with the stat, then it means that + // one or more of the links in the realpath couldn't be + // resolved. just return the abs value in that case. + p = self._makeAbs(p) + fs.realpath(p, self.realpathCache, function (er, real) { + if (!er) + set[real] = true + else if (er.syscall === 'stat') + set[p] = true + else + self.emit('error', er) // srsly wtf right here + + if (--n === 0) { + self.matches[index] = set + cb() + } + }) + }) +} + +Glob.prototype._mark = function (p) { + return common.mark(this, p) +} + +Glob.prototype._makeAbs = function (f) { + return common.makeAbs(this, f) +} + +Glob.prototype.abort = function () { + this.aborted = true + this.emit('abort') +} + +Glob.prototype.pause = function () { + if (!this.paused) { + this.paused = true + this.emit('pause') + } +} + +Glob.prototype.resume = function () { + if (this.paused) { + this.emit('resume') + this.paused = false + if (this._emitQueue.length) { + var eq = this._emitQueue.slice(0) + this._emitQueue.length = 0 + for (var i = 0; i < eq.length; i ++) { + var e = eq[i] + this._emitMatch(e[0], e[1]) + } + } + if (this._processQueue.length) { + var pq = this._processQueue.slice(0) + this._processQueue.length = 0 + for (var i = 0; i < pq.length; i ++) { + var p = pq[i] + this._processing-- + this._process(p[0], p[1], p[2], p[3]) + } + } + } +} + +Glob.prototype._process = function (pattern, index, inGlobStar, cb) { + assert(this instanceof Glob) + assert(typeof cb === 'function') + + if (this.aborted) + return + + this._processing++ + if (this.paused) { + this._processQueue.push([pattern, index, inGlobStar, cb]) + return + } + + //console.error('PROCESS %d', this._processing, pattern) + + // Get the first [n] parts of pattern that are all strings. + var n = 0 + while (typeof pattern[n] === 'string') { + n ++ + } + // now n is the index of the first one that is *not* a string. + + // see if there's anything else + var prefix + switch (n) { + // if not, then this is rather simple + case pattern.length: + this._processSimple(pattern.join('/'), index, cb) + return + + case 0: + // pattern *starts* with some non-trivial item. + // going to readdir(cwd), but not include the prefix in matches. + prefix = null + break + + default: + // pattern has some string bits in the front. + // whatever it starts with, whether that's 'absolute' like /foo/bar, + // or 'relative' like '../baz' + prefix = pattern.slice(0, n).join('/') + break + } + + var remain = pattern.slice(n) + + // get the list of entries. + var read + if (prefix === null) + read = '.' + else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) { + if (!prefix || !isAbsolute(prefix)) + prefix = '/' + prefix + read = prefix + } else + read = prefix + + var abs = this._makeAbs(read) + + //if ignored, skip _processing + if (childrenIgnored(this, read)) + return cb() + + var isGlobStar = remain[0] === minimatch.GLOBSTAR + if (isGlobStar) + this._processGlobStar(prefix, read, abs, remain, index, inGlobStar, cb) + else + this._processReaddir(prefix, read, abs, remain, index, inGlobStar, cb) +} + +Glob.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar, cb) { + var self = this + this._readdir(abs, inGlobStar, function (er, entries) { + return self._processReaddir2(prefix, read, abs, remain, index, inGlobStar, entries, cb) + }) +} + +Glob.prototype._processReaddir2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) { + + // if the abs isn't a dir, then nothing can match! + if (!entries) + return cb() + + // It will only match dot entries if it starts with a dot, or if + // dot is set. Stuff like @(.foo|.bar) isn't allowed. + var pn = remain[0] + var negate = !!this.minimatch.negate + var rawGlob = pn._glob + var dotOk = this.dot || rawGlob.charAt(0) === '.' + + var matchedEntries = [] + for (var i = 0; i < entries.length; i++) { + var e = entries[i] + if (e.charAt(0) !== '.' || dotOk) { + var m + if (negate && !prefix) { + m = !e.match(pn) + } else { + m = e.match(pn) + } + if (m) + matchedEntries.push(e) + } + } + + //console.error('prd2', prefix, entries, remain[0]._glob, matchedEntries) + + var len = matchedEntries.length + // If there are no matched entries, then nothing matches. + if (len === 0) + return cb() + + // if this is the last remaining pattern bit, then no need for + // an additional stat *unless* the user has specified mark or + // stat explicitly. We know they exist, since readdir returned + // them. + + if (remain.length === 1 && !this.mark && !this.stat) { + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + if (prefix) { + if (prefix !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + + if (e.charAt(0) === '/' && !this.nomount) { + e = path.join(this.root, e) + } + this._emitMatch(index, e) + } + // This was the last one, and no stats were needed + return cb() + } + + // now test all matched entries as stand-ins for that part + // of the pattern. + remain.shift() + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + var newPattern + if (prefix) { + if (prefix !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + this._process([e].concat(remain), index, inGlobStar, cb) + } + cb() +} + +Glob.prototype._emitMatch = function (index, e) { + if (this.aborted) + return + + if (this.matches[index][e]) + return + + if (isIgnored(this, e)) + return + + if (this.paused) { + this._emitQueue.push([index, e]) + return + } + + var abs = this._makeAbs(e) + + if (this.nodir) { + var c = this.cache[abs] + if (c === 'DIR' || Array.isArray(c)) + return + } + + if (this.mark) + e = this._mark(e) + + this.matches[index][e] = true + + var st = this.statCache[abs] + if (st) + this.emit('stat', e, st) + + this.emit('match', e) +} + +Glob.prototype._readdirInGlobStar = function (abs, cb) { + if (this.aborted) + return + + // follow all symlinked directories forever + // just proceed as if this is a non-globstar situation + if (this.follow) + return this._readdir(abs, false, cb) + + var lstatkey = 'lstat\0' + abs + var self = this + var lstatcb = inflight(lstatkey, lstatcb_) + + if (lstatcb) + fs.lstat(abs, lstatcb) + + function lstatcb_ (er, lstat) { + if (er) + return cb() + + var isSym = lstat.isSymbolicLink() + self.symlinks[abs] = isSym + + // If it's not a symlink or a dir, then it's definitely a regular file. + // don't bother doing a readdir in that case. + if (!isSym && !lstat.isDirectory()) { + self.cache[abs] = 'FILE' + cb() + } else + self._readdir(abs, false, cb) + } +} + +Glob.prototype._readdir = function (abs, inGlobStar, cb) { + if (this.aborted) + return + + cb = inflight('readdir\0'+abs+'\0'+inGlobStar, cb) + if (!cb) + return + + //console.error('RD %j %j', +inGlobStar, abs) + if (inGlobStar && !ownProp(this.symlinks, abs)) + return this._readdirInGlobStar(abs, cb) + + if (ownProp(this.cache, abs)) { + var c = this.cache[abs] + if (!c || c === 'FILE') + return cb() + + if (Array.isArray(c)) + return cb(null, c) + } + + var self = this + fs.readdir(abs, readdirCb(this, abs, cb)) +} + +function readdirCb (self, abs, cb) { + return function (er, entries) { + if (er) + self._readdirError(abs, er, cb) + else + self._readdirEntries(abs, entries, cb) + } +} + +Glob.prototype._readdirEntries = function (abs, entries, cb) { + if (this.aborted) + return + + // if we haven't asked to stat everything, then just + // assume that everything in there exists, so we can avoid + // having to stat it a second time. + if (!this.mark && !this.stat) { + for (var i = 0; i < entries.length; i ++) { + var e = entries[i] + if (abs === '/') + e = abs + e + else + e = abs + '/' + e + this.cache[e] = true + } + } + + this.cache[abs] = entries + return cb(null, entries) +} + +Glob.prototype._readdirError = function (f, er, cb) { + if (this.aborted) + return + + // handle errors, and cache the information + switch (er.code) { + case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205 + case 'ENOTDIR': // totally normal. means it *does* exist. + this.cache[this._makeAbs(f)] = 'FILE' + break + + case 'ENOENT': // not terribly unusual + case 'ELOOP': + case 'ENAMETOOLONG': + case 'UNKNOWN': + this.cache[this._makeAbs(f)] = false + break + + default: // some unusual error. Treat as failure. + this.cache[this._makeAbs(f)] = false + if (this.strict) { + this.emit('error', er) + // If the error is handled, then we abort + // if not, we threw out of here + this.abort() + } + if (!this.silent) + console.error('glob error', er) + break + } + + return cb() +} + +Glob.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar, cb) { + var self = this + this._readdir(abs, inGlobStar, function (er, entries) { + self._processGlobStar2(prefix, read, abs, remain, index, inGlobStar, entries, cb) + }) +} + + +Glob.prototype._processGlobStar2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) { + //console.error('pgs2', prefix, remain[0], entries) + + // no entries means not a dir, so it can never have matches + // foo.txt/** doesn't match foo.txt + if (!entries) + return cb() + + // test without the globstar, and with every child both below + // and replacing the globstar. + var remainWithoutGlobStar = remain.slice(1) + var gspref = prefix ? [ prefix ] : [] + var noGlobStar = gspref.concat(remainWithoutGlobStar) + + // the noGlobStar pattern exits the inGlobStar state + this._process(noGlobStar, index, false, cb) + + var isSym = this.symlinks[abs] + var len = entries.length + + // If it's a symlink, and we're in a globstar, then stop + if (isSym && inGlobStar) + return cb() + + for (var i = 0; i < len; i++) { + var e = entries[i] + if (e.charAt(0) === '.' && !this.dot) + continue + + // these two cases enter the inGlobStar state + var instead = gspref.concat(entries[i], remainWithoutGlobStar) + this._process(instead, index, true, cb) + + var below = gspref.concat(entries[i], remain) + this._process(below, index, true, cb) + } + + cb() +} + +Glob.prototype._processSimple = function (prefix, index, cb) { + // XXX review this. Shouldn't it be doing the mounting etc + // before doing stat? kinda weird? + var self = this + this._stat(prefix, function (er, exists) { + self._processSimple2(prefix, index, er, exists, cb) + }) +} +Glob.prototype._processSimple2 = function (prefix, index, er, exists, cb) { + + //console.error('ps2', prefix, exists) + + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + // If it doesn't exist, then just mark the lack of results + if (!exists) + return cb() + + if (prefix && isAbsolute(prefix) && !this.nomount) { + var trail = /[\/\\]$/.test(prefix) + if (prefix.charAt(0) === '/') { + prefix = path.join(this.root, prefix) + } else { + prefix = path.resolve(this.root, prefix) + if (trail) + prefix += '/' + } + } + + if (process.platform === 'win32') + prefix = prefix.replace(/\\/g, '/') + + // Mark this as a match + this._emitMatch(index, prefix) + cb() +} + +// Returns either 'DIR', 'FILE', or false +Glob.prototype._stat = function (f, cb) { + var abs = this._makeAbs(f) + var needDir = f.slice(-1) === '/' + + if (f.length > this.maxLength) + return cb() + + if (!this.stat && ownProp(this.cache, abs)) { + var c = this.cache[abs] + + if (Array.isArray(c)) + c = 'DIR' + + // It exists, but maybe not how we need it + if (!needDir || c === 'DIR') + return cb(null, c) + + if (needDir && c === 'FILE') + return cb() + + // otherwise we have to stat, because maybe c=true + // if we know it exists, but not what it is. + } + + var exists + var stat = this.statCache[abs] + if (stat !== undefined) { + if (stat === false) + return cb(null, stat) + else { + var type = stat.isDirectory() ? 'DIR' : 'FILE' + if (needDir && type === 'FILE') + return cb() + else + return cb(null, type, stat) + } + } + + var self = this + var statcb = inflight('stat\0' + abs, lstatcb_) + if (statcb) + fs.lstat(abs, statcb) + + function lstatcb_ (er, lstat) { + if (lstat && lstat.isSymbolicLink()) { + // If it's a symlink, then treat it as the target, unless + // the target does not exist, then treat it as a file. + return fs.stat(abs, function (er, stat) { + if (er) + self._stat2(f, abs, null, lstat, cb) + else + self._stat2(f, abs, er, stat, cb) + }) + } else { + self._stat2(f, abs, er, lstat, cb) + } + } +} + +Glob.prototype._stat2 = function (f, abs, er, stat, cb) { + if (er) { + this.statCache[abs] = false + return cb() + } + + var needDir = f.slice(-1) === '/' + this.statCache[abs] = stat + + if (abs.slice(-1) === '/' && !stat.isDirectory()) + return cb(null, false, stat) + + var c = stat.isDirectory() ? 'DIR' : 'FILE' + this.cache[abs] = this.cache[abs] || c + + if (needDir && c !== 'DIR') + return cb() + + return cb(null, c, stat) +} + +}).call(this,require('_process')) +},{"./common.js":15,"./sync.js":17,"_process":24,"assert":9,"events":14,"fs":12,"inflight":18,"inherits":19,"minimatch":20,"once":21,"path":22,"path-is-absolute":23,"util":28}],17:[function(require,module,exports){ +(function (process){ +module.exports = globSync +globSync.GlobSync = GlobSync + +var fs = require('fs') +var minimatch = require('minimatch') +var Minimatch = minimatch.Minimatch +var Glob = require('./glob.js').Glob +var util = require('util') +var path = require('path') +var assert = require('assert') +var isAbsolute = require('path-is-absolute') +var common = require('./common.js') +var alphasort = common.alphasort +var alphasorti = common.alphasorti +var setopts = common.setopts +var ownProp = common.ownProp +var childrenIgnored = common.childrenIgnored + +function globSync (pattern, options) { + if (typeof options === 'function' || arguments.length === 3) + throw new TypeError('callback provided to sync glob\n'+ + 'See: https://github.com/isaacs/node-glob/issues/167') + + return new GlobSync(pattern, options).found +} + +function GlobSync (pattern, options) { + if (!pattern) + throw new Error('must provide pattern') + + if (typeof options === 'function' || arguments.length === 3) + throw new TypeError('callback provided to sync glob\n'+ + 'See: https://github.com/isaacs/node-glob/issues/167') + + if (!(this instanceof GlobSync)) + return new GlobSync(pattern, options) + + setopts(this, pattern, options) + + if (this.noprocess) + return this + + var n = this.minimatch.set.length + this.matches = new Array(n) + for (var i = 0; i < n; i ++) { + this._process(this.minimatch.set[i], i, false) + } + this._finish() +} + +GlobSync.prototype._finish = function () { + assert(this instanceof GlobSync) + if (this.realpath) { + var self = this + this.matches.forEach(function (matchset, index) { + var set = self.matches[index] = Object.create(null) + for (var p in matchset) { + try { + p = self._makeAbs(p) + var real = fs.realpathSync(p, self.realpathCache) + set[real] = true + } catch (er) { + if (er.syscall === 'stat') + set[self._makeAbs(p)] = true + else + throw er + } + } + }) + } + common.finish(this) +} + + +GlobSync.prototype._process = function (pattern, index, inGlobStar) { + assert(this instanceof GlobSync) + + // Get the first [n] parts of pattern that are all strings. + var n = 0 + while (typeof pattern[n] === 'string') { + n ++ + } + // now n is the index of the first one that is *not* a string. + + // See if there's anything else + var prefix + switch (n) { + // if not, then this is rather simple + case pattern.length: + this._processSimple(pattern.join('/'), index) + return + + case 0: + // pattern *starts* with some non-trivial item. + // going to readdir(cwd), but not include the prefix in matches. + prefix = null + break + + default: + // pattern has some string bits in the front. + // whatever it starts with, whether that's 'absolute' like /foo/bar, + // or 'relative' like '../baz' + prefix = pattern.slice(0, n).join('/') + break + } + + var remain = pattern.slice(n) + + // get the list of entries. + var read + if (prefix === null) + read = '.' + else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) { + if (!prefix || !isAbsolute(prefix)) + prefix = '/' + prefix + read = prefix + } else + read = prefix + + var abs = this._makeAbs(read) + + //if ignored, skip processing + if (childrenIgnored(this, read)) + return + + var isGlobStar = remain[0] === minimatch.GLOBSTAR + if (isGlobStar) + this._processGlobStar(prefix, read, abs, remain, index, inGlobStar) + else + this._processReaddir(prefix, read, abs, remain, index, inGlobStar) +} + + +GlobSync.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar) { + var entries = this._readdir(abs, inGlobStar) + + // if the abs isn't a dir, then nothing can match! + if (!entries) + return + + // It will only match dot entries if it starts with a dot, or if + // dot is set. Stuff like @(.foo|.bar) isn't allowed. + var pn = remain[0] + var negate = !!this.minimatch.negate + var rawGlob = pn._glob + var dotOk = this.dot || rawGlob.charAt(0) === '.' + + var matchedEntries = [] + for (var i = 0; i < entries.length; i++) { + var e = entries[i] + if (e.charAt(0) !== '.' || dotOk) { + var m + if (negate && !prefix) { + m = !e.match(pn) + } else { + m = e.match(pn) + } + if (m) + matchedEntries.push(e) + } + } + + var len = matchedEntries.length + // If there are no matched entries, then nothing matches. + if (len === 0) + return + + // if this is the last remaining pattern bit, then no need for + // an additional stat *unless* the user has specified mark or + // stat explicitly. We know they exist, since readdir returned + // them. + + if (remain.length === 1 && !this.mark && !this.stat) { + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + if (prefix) { + if (prefix.slice(-1) !== '/') + e = prefix + '/' + e + else + e = prefix + e + } + + if (e.charAt(0) === '/' && !this.nomount) { + e = path.join(this.root, e) + } + this.matches[index][e] = true + } + // This was the last one, and no stats were needed + return + } + + // now test all matched entries as stand-ins for that part + // of the pattern. + remain.shift() + for (var i = 0; i < len; i ++) { + var e = matchedEntries[i] + var newPattern + if (prefix) + newPattern = [prefix, e] + else + newPattern = [e] + this._process(newPattern.concat(remain), index, inGlobStar) + } +} + + +GlobSync.prototype._emitMatch = function (index, e) { + var abs = this._makeAbs(e) + if (this.mark) + e = this._mark(e) + + if (this.matches[index][e]) + return + + if (this.nodir) { + var c = this.cache[this._makeAbs(e)] + if (c === 'DIR' || Array.isArray(c)) + return + } + + this.matches[index][e] = true + if (this.stat) + this._stat(e) +} + + +GlobSync.prototype._readdirInGlobStar = function (abs) { + // follow all symlinked directories forever + // just proceed as if this is a non-globstar situation + if (this.follow) + return this._readdir(abs, false) + + var entries + var lstat + var stat + try { + lstat = fs.lstatSync(abs) + } catch (er) { + // lstat failed, doesn't exist + return null + } + + var isSym = lstat.isSymbolicLink() + this.symlinks[abs] = isSym + + // If it's not a symlink or a dir, then it's definitely a regular file. + // don't bother doing a readdir in that case. + if (!isSym && !lstat.isDirectory()) + this.cache[abs] = 'FILE' + else + entries = this._readdir(abs, false) + + return entries +} + +GlobSync.prototype._readdir = function (abs, inGlobStar) { + var entries + + if (inGlobStar && !ownProp(this.symlinks, abs)) + return this._readdirInGlobStar(abs) + + if (ownProp(this.cache, abs)) { + var c = this.cache[abs] + if (!c || c === 'FILE') + return null + + if (Array.isArray(c)) + return c + } + + try { + return this._readdirEntries(abs, fs.readdirSync(abs)) + } catch (er) { + this._readdirError(abs, er) + return null + } +} + +GlobSync.prototype._readdirEntries = function (abs, entries) { + // if we haven't asked to stat everything, then just + // assume that everything in there exists, so we can avoid + // having to stat it a second time. + if (!this.mark && !this.stat) { + for (var i = 0; i < entries.length; i ++) { + var e = entries[i] + if (abs === '/') + e = abs + e + else + e = abs + '/' + e + this.cache[e] = true + } + } + + this.cache[abs] = entries + + // mark and cache dir-ness + return entries +} + +GlobSync.prototype._readdirError = function (f, er) { + // handle errors, and cache the information + switch (er.code) { + case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205 + case 'ENOTDIR': // totally normal. means it *does* exist. + this.cache[this._makeAbs(f)] = 'FILE' + break + + case 'ENOENT': // not terribly unusual + case 'ELOOP': + case 'ENAMETOOLONG': + case 'UNKNOWN': + this.cache[this._makeAbs(f)] = false + break + + default: // some unusual error. Treat as failure. + this.cache[this._makeAbs(f)] = false + if (this.strict) + throw er + if (!this.silent) + console.error('glob error', er) + break + } +} + +GlobSync.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar) { + + var entries = this._readdir(abs, inGlobStar) + + // no entries means not a dir, so it can never have matches + // foo.txt/** doesn't match foo.txt + if (!entries) + return + + // test without the globstar, and with every child both below + // and replacing the globstar. + var remainWithoutGlobStar = remain.slice(1) + var gspref = prefix ? [ prefix ] : [] + var noGlobStar = gspref.concat(remainWithoutGlobStar) + + // the noGlobStar pattern exits the inGlobStar state + this._process(noGlobStar, index, false) + + var len = entries.length + var isSym = this.symlinks[abs] + + // If it's a symlink, and we're in a globstar, then stop + if (isSym && inGlobStar) + return + + for (var i = 0; i < len; i++) { + var e = entries[i] + if (e.charAt(0) === '.' && !this.dot) + continue + + // these two cases enter the inGlobStar state + var instead = gspref.concat(entries[i], remainWithoutGlobStar) + this._process(instead, index, true) + + var below = gspref.concat(entries[i], remain) + this._process(below, index, true) + } +} + +GlobSync.prototype._processSimple = function (prefix, index) { + // XXX review this. Shouldn't it be doing the mounting etc + // before doing stat? kinda weird? + var exists = this._stat(prefix) + + if (!this.matches[index]) + this.matches[index] = Object.create(null) + + // If it doesn't exist, then just mark the lack of results + if (!exists) + return + + if (prefix && isAbsolute(prefix) && !this.nomount) { + var trail = /[\/\\]$/.test(prefix) + if (prefix.charAt(0) === '/') { + prefix = path.join(this.root, prefix) + } else { + prefix = path.resolve(this.root, prefix) + if (trail) + prefix += '/' + } + } + + if (process.platform === 'win32') + prefix = prefix.replace(/\\/g, '/') + + // Mark this as a match + this.matches[index][prefix] = true +} + +// Returns either 'DIR', 'FILE', or false +GlobSync.prototype._stat = function (f) { + var abs = this._makeAbs(f) + var needDir = f.slice(-1) === '/' + + if (f.length > this.maxLength) + return false + + if (!this.stat && ownProp(this.cache, abs)) { + var c = this.cache[abs] + + if (Array.isArray(c)) + c = 'DIR' + + // It exists, but maybe not how we need it + if (!needDir || c === 'DIR') + return c + + if (needDir && c === 'FILE') + return false + + // otherwise we have to stat, because maybe c=true + // if we know it exists, but not what it is. + } + + var exists + var stat = this.statCache[abs] + if (!stat) { + var lstat + try { + lstat = fs.lstatSync(abs) + } catch (er) { + return false + } + + if (lstat.isSymbolicLink()) { + try { + stat = fs.statSync(abs) + } catch (er) { + stat = lstat + } + } else { + stat = lstat + } + } + + this.statCache[abs] = stat + + var c = stat.isDirectory() ? 'DIR' : 'FILE' + this.cache[abs] = this.cache[abs] || c + + if (needDir && c !== 'DIR') + return false + + return c +} + +GlobSync.prototype._mark = function (p) { + return common.mark(this, p) +} + +GlobSync.prototype._makeAbs = function (f) { + return common.makeAbs(this, f) +} + +}).call(this,require('_process')) +},{"./common.js":15,"./glob.js":16,"_process":24,"assert":9,"fs":12,"minimatch":20,"path":22,"path-is-absolute":23,"util":28}],18:[function(require,module,exports){ +(function (process){ +var wrappy = require('wrappy') +var reqs = Object.create(null) +var once = require('once') + +module.exports = wrappy(inflight) + +function inflight (key, cb) { + if (reqs[key]) { + reqs[key].push(cb) + return null + } else { + reqs[key] = [cb] + return makeres(key) + } +} + +function makeres (key) { + return once(function RES () { + var cbs = reqs[key] + var len = cbs.length + var args = slice(arguments) + + // XXX It's somewhat ambiguous whether a new callback added in this + // pass should be queued for later execution if something in the + // list of callbacks throws, or if it should just be discarded. + // However, it's such an edge case that it hardly matters, and either + // choice is likely as surprising as the other. + // As it happens, we do go ahead and schedule it for later execution. + try { + for (var i = 0; i < len; i++) { + cbs[i].apply(null, args) + } + } finally { + if (cbs.length > len) { + // added more in the interim. + // de-zalgo, just in case, but don't call again. + cbs.splice(0, len) + process.nextTick(function () { + RES.apply(null, args) + }) + } else { + delete reqs[key] + } + } + }) +} + +function slice (args) { + var length = args.length + var array = [] + + for (var i = 0; i < length; i++) array[i] = args[i] + return array +} + +}).call(this,require('_process')) +},{"_process":24,"once":21,"wrappy":29}],19:[function(require,module,exports){ +if (typeof Object.create === 'function') { + // implementation from standard node.js 'util' module + module.exports = function inherits(ctor, superCtor) { + ctor.super_ = superCtor + ctor.prototype = Object.create(superCtor.prototype, { + constructor: { + value: ctor, + enumerable: false, + writable: true, + configurable: true + } + }); + }; +} else { + // old school shim for old browsers + module.exports = function inherits(ctor, superCtor) { + ctor.super_ = superCtor + var TempCtor = function () {} + TempCtor.prototype = superCtor.prototype + ctor.prototype = new TempCtor() + ctor.prototype.constructor = ctor + } +} + +},{}],20:[function(require,module,exports){ +module.exports = minimatch +minimatch.Minimatch = Minimatch + +var path = { sep: '/' } +try { + path = require('path') +} catch (er) {} + +var GLOBSTAR = minimatch.GLOBSTAR = Minimatch.GLOBSTAR = {} +var expand = require('brace-expansion') + +var plTypes = { + '!': { open: '(?:(?!(?:', close: '))[^/]*?)'}, + '?': { open: '(?:', close: ')?' }, + '+': { open: '(?:', close: ')+' }, + '*': { open: '(?:', close: ')*' }, + '@': { open: '(?:', close: ')' } +} + +// any single thing other than / +// don't need to escape / when using new RegExp() +var qmark = '[^/]' + +// * => any number of characters +var star = qmark + '*?' + +// ** when dots are allowed. Anything goes, except .. and . +// not (^ or / followed by one or two dots followed by $ or /), +// followed by anything, any number of times. +var twoStarDot = '(?:(?!(?:\\\/|^)(?:\\.{1,2})($|\\\/)).)*?' + +// not a ^ or / followed by a dot, +// followed by anything, any number of times. +var twoStarNoDot = '(?:(?!(?:\\\/|^)\\.).)*?' + +// characters that need to be escaped in RegExp. +var reSpecials = charSet('().*{}+?[]^$\\!') + +// "abc" -> { a:true, b:true, c:true } +function charSet (s) { + return s.split('').reduce(function (set, c) { + set[c] = true + return set + }, {}) +} + +// normalizes slashes. +var slashSplit = /\/+/ + +minimatch.filter = filter +function filter (pattern, options) { + options = options || {} + return function (p, i, list) { + return minimatch(p, pattern, options) + } +} + +function ext (a, b) { + a = a || {} + b = b || {} + var t = {} + Object.keys(b).forEach(function (k) { + t[k] = b[k] + }) + Object.keys(a).forEach(function (k) { + t[k] = a[k] + }) + return t +} + +minimatch.defaults = function (def) { + if (!def || !Object.keys(def).length) return minimatch + + var orig = minimatch + + var m = function minimatch (p, pattern, options) { + return orig.minimatch(p, pattern, ext(def, options)) + } + + m.Minimatch = function Minimatch (pattern, options) { + return new orig.Minimatch(pattern, ext(def, options)) + } + + return m +} + +Minimatch.defaults = function (def) { + if (!def || !Object.keys(def).length) return Minimatch + return minimatch.defaults(def).Minimatch +} + +function minimatch (p, pattern, options) { + if (typeof pattern !== 'string') { + throw new TypeError('glob pattern string required') + } + + if (!options) options = {} + + // shortcut: comments match nothing. + if (!options.nocomment && pattern.charAt(0) === '#') { + return false + } + + // "" only matches "" + if (pattern.trim() === '') return p === '' + + return new Minimatch(pattern, options).match(p) +} + +function Minimatch (pattern, options) { + if (!(this instanceof Minimatch)) { + return new Minimatch(pattern, options) + } + + if (typeof pattern !== 'string') { + throw new TypeError('glob pattern string required') + } + + if (!options) options = {} + pattern = pattern.trim() + + // windows support: need to use /, not \ + if (path.sep !== '/') { + pattern = pattern.split(path.sep).join('/') + } + + this.options = options + this.set = [] + this.pattern = pattern + this.regexp = null + this.negate = false + this.comment = false + this.empty = false + + // make the set of regexps etc. + this.make() +} + +Minimatch.prototype.debug = function () {} + +Minimatch.prototype.make = make +function make () { + // don't do it more than once. + if (this._made) return + + var pattern = this.pattern + var options = this.options + + // empty patterns and comments match nothing. + if (!options.nocomment && pattern.charAt(0) === '#') { + this.comment = true + return + } + if (!pattern) { + this.empty = true + return + } + + // step 1: figure out negation, etc. + this.parseNegate() + + // step 2: expand braces + var set = this.globSet = this.braceExpand() + + if (options.debug) this.debug = console.error + + this.debug(this.pattern, set) + + // step 3: now we have a set, so turn each one into a series of path-portion + // matching patterns. + // These will be regexps, except in the case of "**", which is + // set to the GLOBSTAR object for globstar behavior, + // and will not contain any / characters + set = this.globParts = set.map(function (s) { + return s.split(slashSplit) + }) + + this.debug(this.pattern, set) + + // glob --> regexps + set = set.map(function (s, si, set) { + return s.map(this.parse, this) + }, this) + + this.debug(this.pattern, set) + + // filter out everything that didn't compile properly. + set = set.filter(function (s) { + return s.indexOf(false) === -1 + }) + + this.debug(this.pattern, set) + + this.set = set +} + +Minimatch.prototype.parseNegate = parseNegate +function parseNegate () { + var pattern = this.pattern + var negate = false + var options = this.options + var negateOffset = 0 + + if (options.nonegate) return + + for (var i = 0, l = pattern.length + ; i < l && pattern.charAt(i) === '!' + ; i++) { + negate = !negate + negateOffset++ + } + + if (negateOffset) this.pattern = pattern.substr(negateOffset) + this.negate = negate +} + +// Brace expansion: +// a{b,c}d -> abd acd +// a{b,}c -> abc ac +// a{0..3}d -> a0d a1d a2d a3d +// a{b,c{d,e}f}g -> abg acdfg acefg +// a{b,c}d{e,f}g -> abdeg acdeg abdeg abdfg +// +// Invalid sets are not expanded. +// a{2..}b -> a{2..}b +// a{b}c -> a{b}c +minimatch.braceExpand = function (pattern, options) { + return braceExpand(pattern, options) +} + +Minimatch.prototype.braceExpand = braceExpand + +function braceExpand (pattern, options) { + if (!options) { + if (this instanceof Minimatch) { + options = this.options + } else { + options = {} + } + } + + pattern = typeof pattern === 'undefined' + ? this.pattern : pattern + + if (typeof pattern === 'undefined') { + throw new TypeError('undefined pattern') + } + + if (options.nobrace || + !pattern.match(/\{.*\}/)) { + // shortcut. no need to expand. + return [pattern] + } + + return expand(pattern) +} + +// parse a component of the expanded set. +// At this point, no pattern may contain "/" in it +// so we're going to return a 2d array, where each entry is the full +// pattern, split on '/', and then turned into a regular expression. +// A regexp is made at the end which joins each array with an +// escaped /, and another full one which joins each regexp with |. +// +// Following the lead of Bash 4.1, note that "**" only has special meaning +// when it is the *only* thing in a path portion. Otherwise, any series +// of * is equivalent to a single *. Globstar behavior is enabled by +// default, and can be disabled by setting options.noglobstar. +Minimatch.prototype.parse = parse +var SUBPARSE = {} +function parse (pattern, isSub) { + if (pattern.length > 1024 * 64) { + throw new TypeError('pattern is too long') + } + + var options = this.options + + // shortcuts + if (!options.noglobstar && pattern === '**') return GLOBSTAR + if (pattern === '') return '' + + var re = '' + var hasMagic = !!options.nocase + var escaping = false + // ? => one single character + var patternListStack = [] + var negativeLists = [] + var stateChar + var inClass = false + var reClassStart = -1 + var classStart = -1 + // . and .. never match anything that doesn't start with ., + // even when options.dot is set. + var patternStart = pattern.charAt(0) === '.' ? '' // anything + // not (start or / followed by . or .. followed by / or end) + : options.dot ? '(?!(?:^|\\\/)\\.{1,2}(?:$|\\\/))' + : '(?!\\.)' + var self = this + + function clearStateChar () { + if (stateChar) { + // we had some state-tracking character + // that wasn't consumed by this pass. + switch (stateChar) { + case '*': + re += star + hasMagic = true + break + case '?': + re += qmark + hasMagic = true + break + default: + re += '\\' + stateChar + break + } + self.debug('clearStateChar %j %j', stateChar, re) + stateChar = false + } + } + + for (var i = 0, len = pattern.length, c + ; (i < len) && (c = pattern.charAt(i)) + ; i++) { + this.debug('%s\t%s %s %j', pattern, i, re, c) + + // skip over any that are escaped. + if (escaping && reSpecials[c]) { + re += '\\' + c + escaping = false + continue + } + + switch (c) { + case '/': + // completely not allowed, even escaped. + // Should already be path-split by now. + return false + + case '\\': + clearStateChar() + escaping = true + continue + + // the various stateChar values + // for the "extglob" stuff. + case '?': + case '*': + case '+': + case '@': + case '!': + this.debug('%s\t%s %s %j <-- stateChar', pattern, i, re, c) + + // all of those are literals inside a class, except that + // the glob [!a] means [^a] in regexp + if (inClass) { + this.debug(' in class') + if (c === '!' && i === classStart + 1) c = '^' + re += c + continue + } + + // if we already have a stateChar, then it means + // that there was something like ** or +? in there. + // Handle the stateChar, then proceed with this one. + self.debug('call clearStateChar %j', stateChar) + clearStateChar() + stateChar = c + // if extglob is disabled, then +(asdf|foo) isn't a thing. + // just clear the statechar *now*, rather than even diving into + // the patternList stuff. + if (options.noext) clearStateChar() + continue + + case '(': + if (inClass) { + re += '(' + continue + } + + if (!stateChar) { + re += '\\(' + continue + } + + patternListStack.push({ + type: stateChar, + start: i - 1, + reStart: re.length, + open: plTypes[stateChar].open, + close: plTypes[stateChar].close + }) + // negation is (?:(?!js)[^/]*) + re += stateChar === '!' ? '(?:(?!(?:' : '(?:' + this.debug('plType %j %j', stateChar, re) + stateChar = false + continue + + case ')': + if (inClass || !patternListStack.length) { + re += '\\)' + continue + } + + clearStateChar() + hasMagic = true + var pl = patternListStack.pop() + // negation is (?:(?!js)[^/]*) + // The others are (?:) + re += pl.close + if (pl.type === '!') { + negativeLists.push(pl) + } + pl.reEnd = re.length + continue + + case '|': + if (inClass || !patternListStack.length || escaping) { + re += '\\|' + escaping = false + continue + } + + clearStateChar() + re += '|' + continue + + // these are mostly the same in regexp and glob + case '[': + // swallow any state-tracking char before the [ + clearStateChar() + + if (inClass) { + re += '\\' + c + continue + } + + inClass = true + classStart = i + reClassStart = re.length + re += c + continue + + case ']': + // a right bracket shall lose its special + // meaning and represent itself in + // a bracket expression if it occurs + // first in the list. -- POSIX.2 2.8.3.2 + if (i === classStart + 1 || !inClass) { + re += '\\' + c + escaping = false + continue + } + + // handle the case where we left a class open. + // "[z-a]" is valid, equivalent to "\[z-a\]" + if (inClass) { + // split where the last [ was, make sure we don't have + // an invalid re. if so, re-walk the contents of the + // would-be class to re-translate any characters that + // were passed through as-is + // TODO: It would probably be faster to determine this + // without a try/catch and a new RegExp, but it's tricky + // to do safely. For now, this is safe and works. + var cs = pattern.substring(classStart + 1, i) + try { + RegExp('[' + cs + ']') + } catch (er) { + // not a valid class! + var sp = this.parse(cs, SUBPARSE) + re = re.substr(0, reClassStart) + '\\[' + sp[0] + '\\]' + hasMagic = hasMagic || sp[1] + inClass = false + continue + } + } + + // finish up the class. + hasMagic = true + inClass = false + re += c + continue + + default: + // swallow any state char that wasn't consumed + clearStateChar() + + if (escaping) { + // no need + escaping = false + } else if (reSpecials[c] + && !(c === '^' && inClass)) { + re += '\\' + } + + re += c + + } // switch + } // for + + // handle the case where we left a class open. + // "[abc" is valid, equivalent to "\[abc" + if (inClass) { + // split where the last [ was, and escape it + // this is a huge pita. We now have to re-walk + // the contents of the would-be class to re-translate + // any characters that were passed through as-is + cs = pattern.substr(classStart + 1) + sp = this.parse(cs, SUBPARSE) + re = re.substr(0, reClassStart) + '\\[' + sp[0] + hasMagic = hasMagic || sp[1] + } + + // handle the case where we had a +( thing at the *end* + // of the pattern. + // each pattern list stack adds 3 chars, and we need to go through + // and escape any | chars that were passed through as-is for the regexp. + // Go through and escape them, taking care not to double-escape any + // | chars that were already escaped. + for (pl = patternListStack.pop(); pl; pl = patternListStack.pop()) { + var tail = re.slice(pl.reStart + pl.open.length) + this.debug('setting tail', re, pl) + // maybe some even number of \, then maybe 1 \, followed by a | + tail = tail.replace(/((?:\\{2}){0,64})(\\?)\|/g, function (_, $1, $2) { + if (!$2) { + // the | isn't already escaped, so escape it. + $2 = '\\' + } + + // need to escape all those slashes *again*, without escaping the + // one that we need for escaping the | character. As it works out, + // escaping an even number of slashes can be done by simply repeating + // it exactly after itself. That's why this trick works. + // + // I am sorry that you have to see this. + return $1 + $1 + $2 + '|' + }) + + this.debug('tail=%j\n %s', tail, tail, pl, re) + var t = pl.type === '*' ? star + : pl.type === '?' ? qmark + : '\\' + pl.type + + hasMagic = true + re = re.slice(0, pl.reStart) + t + '\\(' + tail + } + + // handle trailing things that only matter at the very end. + clearStateChar() + if (escaping) { + // trailing \\ + re += '\\\\' + } + + // only need to apply the nodot start if the re starts with + // something that could conceivably capture a dot + var addPatternStart = false + switch (re.charAt(0)) { + case '.': + case '[': + case '(': addPatternStart = true + } + + // Hack to work around lack of negative lookbehind in JS + // A pattern like: *.!(x).!(y|z) needs to ensure that a name + // like 'a.xyz.yz' doesn't match. So, the first negative + // lookahead, has to look ALL the way ahead, to the end of + // the pattern. + for (var n = negativeLists.length - 1; n > -1; n--) { + var nl = negativeLists[n] + + var nlBefore = re.slice(0, nl.reStart) + var nlFirst = re.slice(nl.reStart, nl.reEnd - 8) + var nlLast = re.slice(nl.reEnd - 8, nl.reEnd) + var nlAfter = re.slice(nl.reEnd) + + nlLast += nlAfter + + // Handle nested stuff like *(*.js|!(*.json)), where open parens + // mean that we should *not* include the ) in the bit that is considered + // "after" the negated section. + var openParensBefore = nlBefore.split('(').length - 1 + var cleanAfter = nlAfter + for (i = 0; i < openParensBefore; i++) { + cleanAfter = cleanAfter.replace(/\)[+*?]?/, '') + } + nlAfter = cleanAfter + + var dollar = '' + if (nlAfter === '' && isSub !== SUBPARSE) { + dollar = '$' + } + var newRe = nlBefore + nlFirst + nlAfter + dollar + nlLast + re = newRe + } + + // if the re is not "" at this point, then we need to make sure + // it doesn't match against an empty path part. + // Otherwise a/* will match a/, which it should not. + if (re !== '' && hasMagic) { + re = '(?=.)' + re + } + + if (addPatternStart) { + re = patternStart + re + } + + // parsing just a piece of a larger pattern. + if (isSub === SUBPARSE) { + return [re, hasMagic] + } + + // skip the regexp for non-magical patterns + // unescape anything in it, though, so that it'll be + // an exact match against a file etc. + if (!hasMagic) { + return globUnescape(pattern) + } + + var flags = options.nocase ? 'i' : '' + try { + var regExp = new RegExp('^' + re + '$', flags) + } catch (er) { + // If it was an invalid regular expression, then it can't match + // anything. This trick looks for a character after the end of + // the string, which is of course impossible, except in multi-line + // mode, but it's not a /m regex. + return new RegExp('$.') + } + + regExp._glob = pattern + regExp._src = re + + return regExp +} + +minimatch.makeRe = function (pattern, options) { + return new Minimatch(pattern, options || {}).makeRe() +} + +Minimatch.prototype.makeRe = makeRe +function makeRe () { + if (this.regexp || this.regexp === false) return this.regexp + + // at this point, this.set is a 2d array of partial + // pattern strings, or "**". + // + // It's better to use .match(). This function shouldn't + // be used, really, but it's pretty convenient sometimes, + // when you just want to work with a regex. + var set = this.set + + if (!set.length) { + this.regexp = false + return this.regexp + } + var options = this.options + + var twoStar = options.noglobstar ? star + : options.dot ? twoStarDot + : twoStarNoDot + var flags = options.nocase ? 'i' : '' + + var re = set.map(function (pattern) { + return pattern.map(function (p) { + return (p === GLOBSTAR) ? twoStar + : (typeof p === 'string') ? regExpEscape(p) + : p._src + }).join('\\\/') + }).join('|') + + // must match entire pattern + // ending in a * or ** will make it less strict. + re = '^(?:' + re + ')$' + + // can match anything, as long as it's not this. + if (this.negate) re = '^(?!' + re + ').*$' + + try { + this.regexp = new RegExp(re, flags) + } catch (ex) { + this.regexp = false + } + return this.regexp +} + +minimatch.match = function (list, pattern, options) { + options = options || {} + var mm = new Minimatch(pattern, options) + list = list.filter(function (f) { + return mm.match(f) + }) + if (mm.options.nonull && !list.length) { + list.push(pattern) + } + return list +} + +Minimatch.prototype.match = match +function match (f, partial) { + this.debug('match', f, this.pattern) + // short-circuit in the case of busted things. + // comments, etc. + if (this.comment) return false + if (this.empty) return f === '' + + if (f === '/' && partial) return true + + var options = this.options + + // windows: need to use /, not \ + if (path.sep !== '/') { + f = f.split(path.sep).join('/') + } + + // treat the test path as a set of pathparts. + f = f.split(slashSplit) + this.debug(this.pattern, 'split', f) + + // just ONE of the pattern sets in this.set needs to match + // in order for it to be valid. If negating, then just one + // match means that we have failed. + // Either way, return on the first hit. + + var set = this.set + this.debug(this.pattern, 'set', set) + + // Find the basename of the path by looking for the last non-empty segment + var filename + var i + for (i = f.length - 1; i >= 0; i--) { + filename = f[i] + if (filename) break + } + + for (i = 0; i < set.length; i++) { + var pattern = set[i] + var file = f + if (options.matchBase && pattern.length === 1) { + file = [filename] + } + var hit = this.matchOne(file, pattern, partial) + if (hit) { + if (options.flipNegate) return true + return !this.negate + } + } + + // didn't get any hits. this is success if it's a negative + // pattern, failure otherwise. + if (options.flipNegate) return false + return this.negate +} + +// set partial to true to test if, for example, +// "/a/b" matches the start of "/*/b/*/d" +// Partial means, if you run out of file before you run +// out of pattern, then that's fine, as long as all +// the parts match. +Minimatch.prototype.matchOne = function (file, pattern, partial) { + var options = this.options + + this.debug('matchOne', + { 'this': this, file: file, pattern: pattern }) + + this.debug('matchOne', file.length, pattern.length) + + for (var fi = 0, + pi = 0, + fl = file.length, + pl = pattern.length + ; (fi < fl) && (pi < pl) + ; fi++, pi++) { + this.debug('matchOne loop') + var p = pattern[pi] + var f = file[fi] + + this.debug(pattern, p, f) + + // should be impossible. + // some invalid regexp stuff in the set. + if (p === false) return false + + if (p === GLOBSTAR) { + this.debug('GLOBSTAR', [pattern, p, f]) + + // "**" + // a/**/b/**/c would match the following: + // a/b/x/y/z/c + // a/x/y/z/b/c + // a/b/x/b/x/c + // a/b/c + // To do this, take the rest of the pattern after + // the **, and see if it would match the file remainder. + // If so, return success. + // If not, the ** "swallows" a segment, and try again. + // This is recursively awful. + // + // a/**/b/**/c matching a/b/x/y/z/c + // - a matches a + // - doublestar + // - matchOne(b/x/y/z/c, b/**/c) + // - b matches b + // - doublestar + // - matchOne(x/y/z/c, c) -> no + // - matchOne(y/z/c, c) -> no + // - matchOne(z/c, c) -> no + // - matchOne(c, c) yes, hit + var fr = fi + var pr = pi + 1 + if (pr === pl) { + this.debug('** at the end') + // a ** at the end will just swallow the rest. + // We have found a match. + // however, it will not swallow /.x, unless + // options.dot is set. + // . and .. are *never* matched by **, for explosively + // exponential reasons. + for (; fi < fl; fi++) { + if (file[fi] === '.' || file[fi] === '..' || + (!options.dot && file[fi].charAt(0) === '.')) return false + } + return true + } + + // ok, let's see if we can swallow whatever we can. + while (fr < fl) { + var swallowee = file[fr] + + this.debug('\nglobstar while', file, fr, pattern, pr, swallowee) + + // XXX remove this slice. Just pass the start index. + if (this.matchOne(file.slice(fr), pattern.slice(pr), partial)) { + this.debug('globstar found match!', fr, fl, swallowee) + // found a match. + return true + } else { + // can't swallow "." or ".." ever. + // can only swallow ".foo" when explicitly asked. + if (swallowee === '.' || swallowee === '..' || + (!options.dot && swallowee.charAt(0) === '.')) { + this.debug('dot detected!', file, fr, pattern, pr) + break + } + + // ** swallows a segment, and continue. + this.debug('globstar swallow a segment, and continue') + fr++ + } + } + + // no match was found. + // However, in partial mode, we can't say this is necessarily over. + // If there's more *pattern* left, then + if (partial) { + // ran out of file + this.debug('\n>>> no match, partial?', file, fr, pattern, pr) + if (fr === fl) return true + } + return false + } + + // something other than ** + // non-magic patterns just have to match exactly + // patterns with magic have been turned into regexps. + var hit + if (typeof p === 'string') { + if (options.nocase) { + hit = f.toLowerCase() === p.toLowerCase() + } else { + hit = f === p + } + this.debug('string match', p, f, hit) + } else { + hit = f.match(p) + this.debug('pattern match', p, f, hit) + } + + if (!hit) return false + } + + // Note: ending in / means that we'll get a final "" + // at the end of the pattern. This can only match a + // corresponding "" at the end of the file. + // If the file ends in /, then it can only match a + // a pattern that ends in /, unless the pattern just + // doesn't have any more for it. But, a/b/ should *not* + // match "a/b/*", even though "" matches against the + // [^/]*? pattern, except in partial mode, where it might + // simply not be reached yet. + // However, a/b/ should still satisfy a/* + + // now either we fell off the end of the pattern, or we're done. + if (fi === fl && pi === pl) { + // ran out of pattern and filename at the same time. + // an exact hit! + return true + } else if (fi === fl) { + // ran out of file, but still had pattern left. + // this is ok if we're doing the match as part of + // a glob fs traversal. + return partial + } else if (pi === pl) { + // ran out of pattern, still have file left. + // this is only acceptable if we're on the very last + // empty segment of a file with a trailing slash. + // a/* should match a/b/ + var emptyFileEnd = (fi === fl - 1) && (file[fi] === '') + return emptyFileEnd + } + + // should be unreachable. + throw new Error('wtf?') +} + +// replace stuff like \* with * +function globUnescape (s) { + return s.replace(/\\(.)/g, '$1') +} + +function regExpEscape (s) { + return s.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&') +} + +},{"brace-expansion":11,"path":22}],21:[function(require,module,exports){ +var wrappy = require('wrappy') +module.exports = wrappy(once) +module.exports.strict = wrappy(onceStrict) + +once.proto = once(function () { + Object.defineProperty(Function.prototype, 'once', { + value: function () { + return once(this) + }, + configurable: true + }) + + Object.defineProperty(Function.prototype, 'onceStrict', { + value: function () { + return onceStrict(this) + }, + configurable: true + }) +}) + +function once (fn) { + var f = function () { + if (f.called) return f.value + f.called = true + return f.value = fn.apply(this, arguments) + } + f.called = false + return f +} + +function onceStrict (fn) { + var f = function () { + if (f.called) + throw new Error(f.onceError) + f.called = true + return f.value = fn.apply(this, arguments) + } + var name = fn.name || 'Function wrapped with `once`' + f.onceError = name + " shouldn't be called more than once" + f.called = false + return f +} + +},{"wrappy":29}],22:[function(require,module,exports){ +(function (process){ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +// resolves . and .. elements in a path array with directory names there +// must be no slashes, empty elements, or device names (c:\) in the array +// (so also no leading and trailing slashes - it does not distinguish +// relative and absolute paths) +function normalizeArray(parts, allowAboveRoot) { + // if the path tries to go above the root, `up` ends up > 0 + var up = 0; + for (var i = parts.length - 1; i >= 0; i--) { + var last = parts[i]; + if (last === '.') { + parts.splice(i, 1); + } else if (last === '..') { + parts.splice(i, 1); + up++; + } else if (up) { + parts.splice(i, 1); + up--; + } + } + + // if the path is allowed to go above the root, restore leading ..s + if (allowAboveRoot) { + for (; up--; up) { + parts.unshift('..'); + } + } + + return parts; +} + +// Split a filename into [root, dir, basename, ext], unix version +// 'root' is just a slash, or nothing. +var splitPathRe = + /^(\/?|)([\s\S]*?)((?:\.{1,2}|[^\/]+?|)(\.[^.\/]*|))(?:[\/]*)$/; +var splitPath = function(filename) { + return splitPathRe.exec(filename).slice(1); +}; + +// path.resolve([from ...], to) +// posix version +exports.resolve = function() { + var resolvedPath = '', + resolvedAbsolute = false; + + for (var i = arguments.length - 1; i >= -1 && !resolvedAbsolute; i--) { + var path = (i >= 0) ? arguments[i] : process.cwd(); + + // Skip empty and invalid entries + if (typeof path !== 'string') { + throw new TypeError('Arguments to path.resolve must be strings'); + } else if (!path) { + continue; + } + + resolvedPath = path + '/' + resolvedPath; + resolvedAbsolute = path.charAt(0) === '/'; + } + + // At this point the path should be resolved to a full absolute path, but + // handle relative paths to be safe (might happen when process.cwd() fails) + + // Normalize the path + resolvedPath = normalizeArray(filter(resolvedPath.split('/'), function(p) { + return !!p; + }), !resolvedAbsolute).join('/'); + + return ((resolvedAbsolute ? '/' : '') + resolvedPath) || '.'; +}; + +// path.normalize(path) +// posix version +exports.normalize = function(path) { + var isAbsolute = exports.isAbsolute(path), + trailingSlash = substr(path, -1) === '/'; + + // Normalize the path + path = normalizeArray(filter(path.split('/'), function(p) { + return !!p; + }), !isAbsolute).join('/'); + + if (!path && !isAbsolute) { + path = '.'; + } + if (path && trailingSlash) { + path += '/'; + } + + return (isAbsolute ? '/' : '') + path; +}; + +// posix version +exports.isAbsolute = function(path) { + return path.charAt(0) === '/'; +}; + +// posix version +exports.join = function() { + var paths = Array.prototype.slice.call(arguments, 0); + return exports.normalize(filter(paths, function(p, index) { + if (typeof p !== 'string') { + throw new TypeError('Arguments to path.join must be strings'); + } + return p; + }).join('/')); +}; + + +// path.relative(from, to) +// posix version +exports.relative = function(from, to) { + from = exports.resolve(from).substr(1); + to = exports.resolve(to).substr(1); + + function trim(arr) { + var start = 0; + for (; start < arr.length; start++) { + if (arr[start] !== '') break; + } + + var end = arr.length - 1; + for (; end >= 0; end--) { + if (arr[end] !== '') break; + } + + if (start > end) return []; + return arr.slice(start, end - start + 1); + } + + var fromParts = trim(from.split('/')); + var toParts = trim(to.split('/')); + + var length = Math.min(fromParts.length, toParts.length); + var samePartsLength = length; + for (var i = 0; i < length; i++) { + if (fromParts[i] !== toParts[i]) { + samePartsLength = i; + break; + } + } + + var outputParts = []; + for (var i = samePartsLength; i < fromParts.length; i++) { + outputParts.push('..'); + } + + outputParts = outputParts.concat(toParts.slice(samePartsLength)); + + return outputParts.join('/'); +}; + +exports.sep = '/'; +exports.delimiter = ':'; + +exports.dirname = function(path) { + var result = splitPath(path), + root = result[0], + dir = result[1]; + + if (!root && !dir) { + // No dirname whatsoever + return '.'; + } + + if (dir) { + // It has a dirname, strip trailing slash + dir = dir.substr(0, dir.length - 1); + } + + return root + dir; +}; + + +exports.basename = function(path, ext) { + var f = splitPath(path)[2]; + // TODO: make this comparison case-insensitive on windows? + if (ext && f.substr(-1 * ext.length) === ext) { + f = f.substr(0, f.length - ext.length); + } + return f; +}; + + +exports.extname = function(path) { + return splitPath(path)[3]; +}; + +function filter (xs, f) { + if (xs.filter) return xs.filter(f); + var res = []; + for (var i = 0; i < xs.length; i++) { + if (f(xs[i], i, xs)) res.push(xs[i]); + } + return res; +} + +// String.prototype.substr - negative index don't work in IE8 +var substr = 'ab'.substr(-1) === 'b' + ? function (str, start, len) { return str.substr(start, len) } + : function (str, start, len) { + if (start < 0) start = str.length + start; + return str.substr(start, len); + } +; + +}).call(this,require('_process')) +},{"_process":24}],23:[function(require,module,exports){ +(function (process){ +'use strict'; + +function posix(path) { + return path.charAt(0) === '/'; +} + +function win32(path) { + // https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56 + var splitDeviceRe = /^([a-zA-Z]:|[\\\/]{2}[^\\\/]+[\\\/]+[^\\\/]+)?([\\\/])?([\s\S]*?)$/; + var result = splitDeviceRe.exec(path); + var device = result[1] || ''; + var isUnc = Boolean(device && device.charAt(1) !== ':'); + + // UNC paths are always absolute + return Boolean(result[2] || isUnc); +} + +module.exports = process.platform === 'win32' ? win32 : posix; +module.exports.posix = posix; +module.exports.win32 = win32; + +}).call(this,require('_process')) +},{"_process":24}],24:[function(require,module,exports){ +// shim for using process in browser +var process = module.exports = {}; + +// cached from whatever global is present so that test runners that stub it +// don't break things. But we need to wrap it in a try catch in case it is +// wrapped in strict mode code which doesn't define any globals. It's inside a +// function because try/catches deoptimize in certain engines. + +var cachedSetTimeout; +var cachedClearTimeout; + +function defaultSetTimout() { + throw new Error('setTimeout has not been defined'); +} +function defaultClearTimeout () { + throw new Error('clearTimeout has not been defined'); +} +(function () { + try { + if (typeof setTimeout === 'function') { + cachedSetTimeout = setTimeout; + } else { + cachedSetTimeout = defaultSetTimout; + } + } catch (e) { + cachedSetTimeout = defaultSetTimout; + } + try { + if (typeof clearTimeout === 'function') { + cachedClearTimeout = clearTimeout; + } else { + cachedClearTimeout = defaultClearTimeout; + } + } catch (e) { + cachedClearTimeout = defaultClearTimeout; + } +} ()) +function runTimeout(fun) { + if (cachedSetTimeout === setTimeout) { + //normal enviroments in sane situations + return setTimeout(fun, 0); + } + // if setTimeout wasn't available but was latter defined + if ((cachedSetTimeout === defaultSetTimout || !cachedSetTimeout) && setTimeout) { + cachedSetTimeout = setTimeout; + return setTimeout(fun, 0); + } + try { + // when when somebody has screwed with setTimeout but no I.E. maddness + return cachedSetTimeout(fun, 0); + } catch(e){ + try { + // When we are in I.E. but the script has been evaled so I.E. doesn't trust the global object when called normally + return cachedSetTimeout.call(null, fun, 0); + } catch(e){ + // same as above but when it's a version of I.E. that must have the global object for 'this', hopfully our context correct otherwise it will throw a global error + return cachedSetTimeout.call(this, fun, 0); + } + } + + +} +function runClearTimeout(marker) { + if (cachedClearTimeout === clearTimeout) { + //normal enviroments in sane situations + return clearTimeout(marker); + } + // if clearTimeout wasn't available but was latter defined + if ((cachedClearTimeout === defaultClearTimeout || !cachedClearTimeout) && clearTimeout) { + cachedClearTimeout = clearTimeout; + return clearTimeout(marker); + } + try { + // when when somebody has screwed with setTimeout but no I.E. maddness + return cachedClearTimeout(marker); + } catch (e){ + try { + // When we are in I.E. but the script has been evaled so I.E. doesn't trust the global object when called normally + return cachedClearTimeout.call(null, marker); + } catch (e){ + // same as above but when it's a version of I.E. that must have the global object for 'this', hopfully our context correct otherwise it will throw a global error. + // Some versions of I.E. have different rules for clearTimeout vs setTimeout + return cachedClearTimeout.call(this, marker); + } + } + + + +} +var queue = []; +var draining = false; +var currentQueue; +var queueIndex = -1; + +function cleanUpNextTick() { + if (!draining || !currentQueue) { + return; + } + draining = false; + if (currentQueue.length) { + queue = currentQueue.concat(queue); + } else { + queueIndex = -1; + } + if (queue.length) { + drainQueue(); + } +} + +function drainQueue() { + if (draining) { + return; + } + var timeout = runTimeout(cleanUpNextTick); + draining = true; + + var len = queue.length; + while(len) { + currentQueue = queue; + queue = []; + while (++queueIndex < len) { + if (currentQueue) { + currentQueue[queueIndex].run(); + } + } + queueIndex = -1; + len = queue.length; + } + currentQueue = null; + draining = false; + runClearTimeout(timeout); +} + +process.nextTick = function (fun) { + var args = new Array(arguments.length - 1); + if (arguments.length > 1) { + for (var i = 1; i < arguments.length; i++) { + args[i - 1] = arguments[i]; + } + } + queue.push(new Item(fun, args)); + if (queue.length === 1 && !draining) { + runTimeout(drainQueue); + } +}; + +// v8 likes predictible objects +function Item(fun, array) { + this.fun = fun; + this.array = array; +} +Item.prototype.run = function () { + this.fun.apply(null, this.array); +}; +process.title = 'browser'; +process.browser = true; +process.env = {}; +process.argv = []; +process.version = ''; // empty string to avoid regexp issues +process.versions = {}; + +function noop() {} + +process.on = noop; +process.addListener = noop; +process.once = noop; +process.off = noop; +process.removeListener = noop; +process.removeAllListeners = noop; +process.emit = noop; +process.prependListener = noop; +process.prependOnceListener = noop; + +process.listeners = function (name) { return [] } + +process.binding = function (name) { + throw new Error('process.binding is not supported'); +}; + +process.cwd = function () { return '/' }; +process.chdir = function (dir) { + throw new Error('process.chdir is not supported'); +}; +process.umask = function() { return 0; }; + +},{}],25:[function(require,module,exports){ +// Underscore.js 1.8.3 +// http://underscorejs.org +// (c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors +// Underscore may be freely distributed under the MIT license. + +(function() { + + // Baseline setup + // -------------- + + // Establish the root object, `window` in the browser, or `exports` on the server. + var root = this; + + // Save the previous value of the `_` variable. + var previousUnderscore = root._; + + // Save bytes in the minified (but not gzipped) version: + var ArrayProto = Array.prototype, ObjProto = Object.prototype, FuncProto = Function.prototype; + + // Create quick reference variables for speed access to core prototypes. + var + push = ArrayProto.push, + slice = ArrayProto.slice, + toString = ObjProto.toString, + hasOwnProperty = ObjProto.hasOwnProperty; + + // All **ECMAScript 5** native function implementations that we hope to use + // are declared here. + var + nativeIsArray = Array.isArray, + nativeKeys = Object.keys, + nativeBind = FuncProto.bind, + nativeCreate = Object.create; + + // Naked function reference for surrogate-prototype-swapping. + var Ctor = function(){}; + + // Create a safe reference to the Underscore object for use below. + var _ = function(obj) { + if (obj instanceof _) return obj; + if (!(this instanceof _)) return new _(obj); + this._wrapped = obj; + }; + + // Export the Underscore object for **Node.js**, with + // backwards-compatibility for the old `require()` API. If we're in + // the browser, add `_` as a global object. + if (typeof exports !== 'undefined') { + if (typeof module !== 'undefined' && module.exports) { + exports = module.exports = _; + } + exports._ = _; + } else { + root._ = _; + } + + // Current version. + _.VERSION = '1.8.3'; + + // Internal function that returns an efficient (for current engines) version + // of the passed-in callback, to be repeatedly applied in other Underscore + // functions. + var optimizeCb = function(func, context, argCount) { + if (context === void 0) return func; + switch (argCount == null ? 3 : argCount) { + case 1: return function(value) { + return func.call(context, value); + }; + case 2: return function(value, other) { + return func.call(context, value, other); + }; + case 3: return function(value, index, collection) { + return func.call(context, value, index, collection); + }; + case 4: return function(accumulator, value, index, collection) { + return func.call(context, accumulator, value, index, collection); + }; + } + return function() { + return func.apply(context, arguments); + }; + }; + + // A mostly-internal function to generate callbacks that can be applied + // to each element in a collection, returning the desired result — either + // identity, an arbitrary callback, a property matcher, or a property accessor. + var cb = function(value, context, argCount) { + if (value == null) return _.identity; + if (_.isFunction(value)) return optimizeCb(value, context, argCount); + if (_.isObject(value)) return _.matcher(value); + return _.property(value); + }; + _.iteratee = function(value, context) { + return cb(value, context, Infinity); + }; + + // An internal function for creating assigner functions. + var createAssigner = function(keysFunc, undefinedOnly) { + return function(obj) { + var length = arguments.length; + if (length < 2 || obj == null) return obj; + for (var index = 1; index < length; index++) { + var source = arguments[index], + keys = keysFunc(source), + l = keys.length; + for (var i = 0; i < l; i++) { + var key = keys[i]; + if (!undefinedOnly || obj[key] === void 0) obj[key] = source[key]; + } + } + return obj; + }; + }; + + // An internal function for creating a new object that inherits from another. + var baseCreate = function(prototype) { + if (!_.isObject(prototype)) return {}; + if (nativeCreate) return nativeCreate(prototype); + Ctor.prototype = prototype; + var result = new Ctor; + Ctor.prototype = null; + return result; + }; + + var property = function(key) { + return function(obj) { + return obj == null ? void 0 : obj[key]; + }; + }; + + // Helper for collection methods to determine whether a collection + // should be iterated as an array or as an object + // Related: http://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength + // Avoids a very nasty iOS 8 JIT bug on ARM-64. #2094 + var MAX_ARRAY_INDEX = Math.pow(2, 53) - 1; + var getLength = property('length'); + var isArrayLike = function(collection) { + var length = getLength(collection); + return typeof length == 'number' && length >= 0 && length <= MAX_ARRAY_INDEX; + }; + + // Collection Functions + // -------------------- + + // The cornerstone, an `each` implementation, aka `forEach`. + // Handles raw objects in addition to array-likes. Treats all + // sparse array-likes as if they were dense. + _.each = _.forEach = function(obj, iteratee, context) { + iteratee = optimizeCb(iteratee, context); + var i, length; + if (isArrayLike(obj)) { + for (i = 0, length = obj.length; i < length; i++) { + iteratee(obj[i], i, obj); + } + } else { + var keys = _.keys(obj); + for (i = 0, length = keys.length; i < length; i++) { + iteratee(obj[keys[i]], keys[i], obj); + } + } + return obj; + }; + + // Return the results of applying the iteratee to each element. + _.map = _.collect = function(obj, iteratee, context) { + iteratee = cb(iteratee, context); + var keys = !isArrayLike(obj) && _.keys(obj), + length = (keys || obj).length, + results = Array(length); + for (var index = 0; index < length; index++) { + var currentKey = keys ? keys[index] : index; + results[index] = iteratee(obj[currentKey], currentKey, obj); + } + return results; + }; + + // Create a reducing function iterating left or right. + function createReduce(dir) { + // Optimized iterator function as using arguments.length + // in the main function will deoptimize the, see #1991. + function iterator(obj, iteratee, memo, keys, index, length) { + for (; index >= 0 && index < length; index += dir) { + var currentKey = keys ? keys[index] : index; + memo = iteratee(memo, obj[currentKey], currentKey, obj); + } + return memo; + } + + return function(obj, iteratee, memo, context) { + iteratee = optimizeCb(iteratee, context, 4); + var keys = !isArrayLike(obj) && _.keys(obj), + length = (keys || obj).length, + index = dir > 0 ? 0 : length - 1; + // Determine the initial value if none is provided. + if (arguments.length < 3) { + memo = obj[keys ? keys[index] : index]; + index += dir; + } + return iterator(obj, iteratee, memo, keys, index, length); + }; + } + + // **Reduce** builds up a single result from a list of values, aka `inject`, + // or `foldl`. + _.reduce = _.foldl = _.inject = createReduce(1); + + // The right-associative version of reduce, also known as `foldr`. + _.reduceRight = _.foldr = createReduce(-1); + + // Return the first value which passes a truth test. Aliased as `detect`. + _.find = _.detect = function(obj, predicate, context) { + var key; + if (isArrayLike(obj)) { + key = _.findIndex(obj, predicate, context); + } else { + key = _.findKey(obj, predicate, context); + } + if (key !== void 0 && key !== -1) return obj[key]; + }; + + // Return all the elements that pass a truth test. + // Aliased as `select`. + _.filter = _.select = function(obj, predicate, context) { + var results = []; + predicate = cb(predicate, context); + _.each(obj, function(value, index, list) { + if (predicate(value, index, list)) results.push(value); + }); + return results; + }; + + // Return all the elements for which a truth test fails. + _.reject = function(obj, predicate, context) { + return _.filter(obj, _.negate(cb(predicate)), context); + }; + + // Determine whether all of the elements match a truth test. + // Aliased as `all`. + _.every = _.all = function(obj, predicate, context) { + predicate = cb(predicate, context); + var keys = !isArrayLike(obj) && _.keys(obj), + length = (keys || obj).length; + for (var index = 0; index < length; index++) { + var currentKey = keys ? keys[index] : index; + if (!predicate(obj[currentKey], currentKey, obj)) return false; + } + return true; + }; + + // Determine if at least one element in the object matches a truth test. + // Aliased as `any`. + _.some = _.any = function(obj, predicate, context) { + predicate = cb(predicate, context); + var keys = !isArrayLike(obj) && _.keys(obj), + length = (keys || obj).length; + for (var index = 0; index < length; index++) { + var currentKey = keys ? keys[index] : index; + if (predicate(obj[currentKey], currentKey, obj)) return true; + } + return false; + }; + + // Determine if the array or object contains a given item (using `===`). + // Aliased as `includes` and `include`. + _.contains = _.includes = _.include = function(obj, item, fromIndex, guard) { + if (!isArrayLike(obj)) obj = _.values(obj); + if (typeof fromIndex != 'number' || guard) fromIndex = 0; + return _.indexOf(obj, item, fromIndex) >= 0; + }; + + // Invoke a method (with arguments) on every item in a collection. + _.invoke = function(obj, method) { + var args = slice.call(arguments, 2); + var isFunc = _.isFunction(method); + return _.map(obj, function(value) { + var func = isFunc ? method : value[method]; + return func == null ? func : func.apply(value, args); + }); + }; + + // Convenience version of a common use case of `map`: fetching a property. + _.pluck = function(obj, key) { + return _.map(obj, _.property(key)); + }; + + // Convenience version of a common use case of `filter`: selecting only objects + // containing specific `key:value` pairs. + _.where = function(obj, attrs) { + return _.filter(obj, _.matcher(attrs)); + }; + + // Convenience version of a common use case of `find`: getting the first object + // containing specific `key:value` pairs. + _.findWhere = function(obj, attrs) { + return _.find(obj, _.matcher(attrs)); + }; + + // Return the maximum element (or element-based computation). + _.max = function(obj, iteratee, context) { + var result = -Infinity, lastComputed = -Infinity, + value, computed; + if (iteratee == null && obj != null) { + obj = isArrayLike(obj) ? obj : _.values(obj); + for (var i = 0, length = obj.length; i < length; i++) { + value = obj[i]; + if (value > result) { + result = value; + } + } + } else { + iteratee = cb(iteratee, context); + _.each(obj, function(value, index, list) { + computed = iteratee(value, index, list); + if (computed > lastComputed || computed === -Infinity && result === -Infinity) { + result = value; + lastComputed = computed; + } + }); + } + return result; + }; + + // Return the minimum element (or element-based computation). + _.min = function(obj, iteratee, context) { + var result = Infinity, lastComputed = Infinity, + value, computed; + if (iteratee == null && obj != null) { + obj = isArrayLike(obj) ? obj : _.values(obj); + for (var i = 0, length = obj.length; i < length; i++) { + value = obj[i]; + if (value < result) { + result = value; + } + } + } else { + iteratee = cb(iteratee, context); + _.each(obj, function(value, index, list) { + computed = iteratee(value, index, list); + if (computed < lastComputed || computed === Infinity && result === Infinity) { + result = value; + lastComputed = computed; + } + }); + } + return result; + }; + + // Shuffle a collection, using the modern version of the + // [Fisher-Yates shuffle](http://en.wikipedia.org/wiki/Fisher–Yates_shuffle). + _.shuffle = function(obj) { + var set = isArrayLike(obj) ? obj : _.values(obj); + var length = set.length; + var shuffled = Array(length); + for (var index = 0, rand; index < length; index++) { + rand = _.random(0, index); + if (rand !== index) shuffled[index] = shuffled[rand]; + shuffled[rand] = set[index]; + } + return shuffled; + }; + + // Sample **n** random values from a collection. + // If **n** is not specified, returns a single random element. + // The internal `guard` argument allows it to work with `map`. + _.sample = function(obj, n, guard) { + if (n == null || guard) { + if (!isArrayLike(obj)) obj = _.values(obj); + return obj[_.random(obj.length - 1)]; + } + return _.shuffle(obj).slice(0, Math.max(0, n)); + }; + + // Sort the object's values by a criterion produced by an iteratee. + _.sortBy = function(obj, iteratee, context) { + iteratee = cb(iteratee, context); + return _.pluck(_.map(obj, function(value, index, list) { + return { + value: value, + index: index, + criteria: iteratee(value, index, list) + }; + }).sort(function(left, right) { + var a = left.criteria; + var b = right.criteria; + if (a !== b) { + if (a > b || a === void 0) return 1; + if (a < b || b === void 0) return -1; + } + return left.index - right.index; + }), 'value'); + }; + + // An internal function used for aggregate "group by" operations. + var group = function(behavior) { + return function(obj, iteratee, context) { + var result = {}; + iteratee = cb(iteratee, context); + _.each(obj, function(value, index) { + var key = iteratee(value, index, obj); + behavior(result, value, key); + }); + return result; + }; + }; + + // Groups the object's values by a criterion. Pass either a string attribute + // to group by, or a function that returns the criterion. + _.groupBy = group(function(result, value, key) { + if (_.has(result, key)) result[key].push(value); else result[key] = [value]; + }); + + // Indexes the object's values by a criterion, similar to `groupBy`, but for + // when you know that your index values will be unique. + _.indexBy = group(function(result, value, key) { + result[key] = value; + }); + + // Counts instances of an object that group by a certain criterion. Pass + // either a string attribute to count by, or a function that returns the + // criterion. + _.countBy = group(function(result, value, key) { + if (_.has(result, key)) result[key]++; else result[key] = 1; + }); + + // Safely create a real, live array from anything iterable. + _.toArray = function(obj) { + if (!obj) return []; + if (_.isArray(obj)) return slice.call(obj); + if (isArrayLike(obj)) return _.map(obj, _.identity); + return _.values(obj); + }; + + // Return the number of elements in an object. + _.size = function(obj) { + if (obj == null) return 0; + return isArrayLike(obj) ? obj.length : _.keys(obj).length; + }; + + // Split a collection into two arrays: one whose elements all satisfy the given + // predicate, and one whose elements all do not satisfy the predicate. + _.partition = function(obj, predicate, context) { + predicate = cb(predicate, context); + var pass = [], fail = []; + _.each(obj, function(value, key, obj) { + (predicate(value, key, obj) ? pass : fail).push(value); + }); + return [pass, fail]; + }; + + // Array Functions + // --------------- + + // Get the first element of an array. Passing **n** will return the first N + // values in the array. Aliased as `head` and `take`. The **guard** check + // allows it to work with `_.map`. + _.first = _.head = _.take = function(array, n, guard) { + if (array == null) return void 0; + if (n == null || guard) return array[0]; + return _.initial(array, array.length - n); + }; + + // Returns everything but the last entry of the array. Especially useful on + // the arguments object. Passing **n** will return all the values in + // the array, excluding the last N. + _.initial = function(array, n, guard) { + return slice.call(array, 0, Math.max(0, array.length - (n == null || guard ? 1 : n))); + }; + + // Get the last element of an array. Passing **n** will return the last N + // values in the array. + _.last = function(array, n, guard) { + if (array == null) return void 0; + if (n == null || guard) return array[array.length - 1]; + return _.rest(array, Math.max(0, array.length - n)); + }; + + // Returns everything but the first entry of the array. Aliased as `tail` and `drop`. + // Especially useful on the arguments object. Passing an **n** will return + // the rest N values in the array. + _.rest = _.tail = _.drop = function(array, n, guard) { + return slice.call(array, n == null || guard ? 1 : n); + }; + + // Trim out all falsy values from an array. + _.compact = function(array) { + return _.filter(array, _.identity); + }; + + // Internal implementation of a recursive `flatten` function. + var flatten = function(input, shallow, strict, startIndex) { + var output = [], idx = 0; + for (var i = startIndex || 0, length = getLength(input); i < length; i++) { + var value = input[i]; + if (isArrayLike(value) && (_.isArray(value) || _.isArguments(value))) { + //flatten current level of array or arguments object + if (!shallow) value = flatten(value, shallow, strict); + var j = 0, len = value.length; + output.length += len; + while (j < len) { + output[idx++] = value[j++]; + } + } else if (!strict) { + output[idx++] = value; + } + } + return output; + }; + + // Flatten out an array, either recursively (by default), or just one level. + _.flatten = function(array, shallow) { + return flatten(array, shallow, false); + }; + + // Return a version of the array that does not contain the specified value(s). + _.without = function(array) { + return _.difference(array, slice.call(arguments, 1)); + }; + + // Produce a duplicate-free version of the array. If the array has already + // been sorted, you have the option of using a faster algorithm. + // Aliased as `unique`. + _.uniq = _.unique = function(array, isSorted, iteratee, context) { + if (!_.isBoolean(isSorted)) { + context = iteratee; + iteratee = isSorted; + isSorted = false; + } + if (iteratee != null) iteratee = cb(iteratee, context); + var result = []; + var seen = []; + for (var i = 0, length = getLength(array); i < length; i++) { + var value = array[i], + computed = iteratee ? iteratee(value, i, array) : value; + if (isSorted) { + if (!i || seen !== computed) result.push(value); + seen = computed; + } else if (iteratee) { + if (!_.contains(seen, computed)) { + seen.push(computed); + result.push(value); + } + } else if (!_.contains(result, value)) { + result.push(value); + } + } + return result; + }; + + // Produce an array that contains the union: each distinct element from all of + // the passed-in arrays. + _.union = function() { + return _.uniq(flatten(arguments, true, true)); + }; + + // Produce an array that contains every item shared between all the + // passed-in arrays. + _.intersection = function(array) { + var result = []; + var argsLength = arguments.length; + for (var i = 0, length = getLength(array); i < length; i++) { + var item = array[i]; + if (_.contains(result, item)) continue; + for (var j = 1; j < argsLength; j++) { + if (!_.contains(arguments[j], item)) break; + } + if (j === argsLength) result.push(item); + } + return result; + }; + + // Take the difference between one array and a number of other arrays. + // Only the elements present in just the first array will remain. + _.difference = function(array) { + var rest = flatten(arguments, true, true, 1); + return _.filter(array, function(value){ + return !_.contains(rest, value); + }); + }; + + // Zip together multiple lists into a single array -- elements that share + // an index go together. + _.zip = function() { + return _.unzip(arguments); + }; + + // Complement of _.zip. Unzip accepts an array of arrays and groups + // each array's elements on shared indices + _.unzip = function(array) { + var length = array && _.max(array, getLength).length || 0; + var result = Array(length); + + for (var index = 0; index < length; index++) { + result[index] = _.pluck(array, index); + } + return result; + }; + + // Converts lists into objects. Pass either a single array of `[key, value]` + // pairs, or two parallel arrays of the same length -- one of keys, and one of + // the corresponding values. + _.object = function(list, values) { + var result = {}; + for (var i = 0, length = getLength(list); i < length; i++) { + if (values) { + result[list[i]] = values[i]; + } else { + result[list[i][0]] = list[i][1]; + } + } + return result; + }; + + // Generator function to create the findIndex and findLastIndex functions + function createPredicateIndexFinder(dir) { + return function(array, predicate, context) { + predicate = cb(predicate, context); + var length = getLength(array); + var index = dir > 0 ? 0 : length - 1; + for (; index >= 0 && index < length; index += dir) { + if (predicate(array[index], index, array)) return index; + } + return -1; + }; + } + + // Returns the first index on an array-like that passes a predicate test + _.findIndex = createPredicateIndexFinder(1); + _.findLastIndex = createPredicateIndexFinder(-1); + + // Use a comparator function to figure out the smallest index at which + // an object should be inserted so as to maintain order. Uses binary search. + _.sortedIndex = function(array, obj, iteratee, context) { + iteratee = cb(iteratee, context, 1); + var value = iteratee(obj); + var low = 0, high = getLength(array); + while (low < high) { + var mid = Math.floor((low + high) / 2); + if (iteratee(array[mid]) < value) low = mid + 1; else high = mid; + } + return low; + }; + + // Generator function to create the indexOf and lastIndexOf functions + function createIndexFinder(dir, predicateFind, sortedIndex) { + return function(array, item, idx) { + var i = 0, length = getLength(array); + if (typeof idx == 'number') { + if (dir > 0) { + i = idx >= 0 ? idx : Math.max(idx + length, i); + } else { + length = idx >= 0 ? Math.min(idx + 1, length) : idx + length + 1; + } + } else if (sortedIndex && idx && length) { + idx = sortedIndex(array, item); + return array[idx] === item ? idx : -1; + } + if (item !== item) { + idx = predicateFind(slice.call(array, i, length), _.isNaN); + return idx >= 0 ? idx + i : -1; + } + for (idx = dir > 0 ? i : length - 1; idx >= 0 && idx < length; idx += dir) { + if (array[idx] === item) return idx; + } + return -1; + }; + } + + // Return the position of the first occurrence of an item in an array, + // or -1 if the item is not included in the array. + // If the array is large and already in sort order, pass `true` + // for **isSorted** to use binary search. + _.indexOf = createIndexFinder(1, _.findIndex, _.sortedIndex); + _.lastIndexOf = createIndexFinder(-1, _.findLastIndex); + + // Generate an integer Array containing an arithmetic progression. A port of + // the native Python `range()` function. See + // [the Python documentation](http://docs.python.org/library/functions.html#range). + _.range = function(start, stop, step) { + if (stop == null) { + stop = start || 0; + start = 0; + } + step = step || 1; + + var length = Math.max(Math.ceil((stop - start) / step), 0); + var range = Array(length); + + for (var idx = 0; idx < length; idx++, start += step) { + range[idx] = start; + } + + return range; + }; + + // Function (ahem) Functions + // ------------------ + + // Determines whether to execute a function as a constructor + // or a normal function with the provided arguments + var executeBound = function(sourceFunc, boundFunc, context, callingContext, args) { + if (!(callingContext instanceof boundFunc)) return sourceFunc.apply(context, args); + var self = baseCreate(sourceFunc.prototype); + var result = sourceFunc.apply(self, args); + if (_.isObject(result)) return result; + return self; + }; + + // Create a function bound to a given object (assigning `this`, and arguments, + // optionally). Delegates to **ECMAScript 5**'s native `Function.bind` if + // available. + _.bind = function(func, context) { + if (nativeBind && func.bind === nativeBind) return nativeBind.apply(func, slice.call(arguments, 1)); + if (!_.isFunction(func)) throw new TypeError('Bind must be called on a function'); + var args = slice.call(arguments, 2); + var bound = function() { + return executeBound(func, bound, context, this, args.concat(slice.call(arguments))); + }; + return bound; + }; + + // Partially apply a function by creating a version that has had some of its + // arguments pre-filled, without changing its dynamic `this` context. _ acts + // as a placeholder, allowing any combination of arguments to be pre-filled. + _.partial = function(func) { + var boundArgs = slice.call(arguments, 1); + var bound = function() { + var position = 0, length = boundArgs.length; + var args = Array(length); + for (var i = 0; i < length; i++) { + args[i] = boundArgs[i] === _ ? arguments[position++] : boundArgs[i]; + } + while (position < arguments.length) args.push(arguments[position++]); + return executeBound(func, bound, this, this, args); + }; + return bound; + }; + + // Bind a number of an object's methods to that object. Remaining arguments + // are the method names to be bound. Useful for ensuring that all callbacks + // defined on an object belong to it. + _.bindAll = function(obj) { + var i, length = arguments.length, key; + if (length <= 1) throw new Error('bindAll must be passed function names'); + for (i = 1; i < length; i++) { + key = arguments[i]; + obj[key] = _.bind(obj[key], obj); + } + return obj; + }; + + // Memoize an expensive function by storing its results. + _.memoize = function(func, hasher) { + var memoize = function(key) { + var cache = memoize.cache; + var address = '' + (hasher ? hasher.apply(this, arguments) : key); + if (!_.has(cache, address)) cache[address] = func.apply(this, arguments); + return cache[address]; + }; + memoize.cache = {}; + return memoize; + }; + + // Delays a function for the given number of milliseconds, and then calls + // it with the arguments supplied. + _.delay = function(func, wait) { + var args = slice.call(arguments, 2); + return setTimeout(function(){ + return func.apply(null, args); + }, wait); + }; + + // Defers a function, scheduling it to run after the current call stack has + // cleared. + _.defer = _.partial(_.delay, _, 1); + + // Returns a function, that, when invoked, will only be triggered at most once + // during a given window of time. Normally, the throttled function will run + // as much as it can, without ever going more than once per `wait` duration; + // but if you'd like to disable the execution on the leading edge, pass + // `{leading: false}`. To disable execution on the trailing edge, ditto. + _.throttle = function(func, wait, options) { + var context, args, result; + var timeout = null; + var previous = 0; + if (!options) options = {}; + var later = function() { + previous = options.leading === false ? 0 : _.now(); + timeout = null; + result = func.apply(context, args); + if (!timeout) context = args = null; + }; + return function() { + var now = _.now(); + if (!previous && options.leading === false) previous = now; + var remaining = wait - (now - previous); + context = this; + args = arguments; + if (remaining <= 0 || remaining > wait) { + if (timeout) { + clearTimeout(timeout); + timeout = null; + } + previous = now; + result = func.apply(context, args); + if (!timeout) context = args = null; + } else if (!timeout && options.trailing !== false) { + timeout = setTimeout(later, remaining); + } + return result; + }; + }; + + // Returns a function, that, as long as it continues to be invoked, will not + // be triggered. The function will be called after it stops being called for + // N milliseconds. If `immediate` is passed, trigger the function on the + // leading edge, instead of the trailing. + _.debounce = function(func, wait, immediate) { + var timeout, args, context, timestamp, result; + + var later = function() { + var last = _.now() - timestamp; + + if (last < wait && last >= 0) { + timeout = setTimeout(later, wait - last); + } else { + timeout = null; + if (!immediate) { + result = func.apply(context, args); + if (!timeout) context = args = null; + } + } + }; + + return function() { + context = this; + args = arguments; + timestamp = _.now(); + var callNow = immediate && !timeout; + if (!timeout) timeout = setTimeout(later, wait); + if (callNow) { + result = func.apply(context, args); + context = args = null; + } + + return result; + }; + }; + + // Returns the first function passed as an argument to the second, + // allowing you to adjust arguments, run code before and after, and + // conditionally execute the original function. + _.wrap = function(func, wrapper) { + return _.partial(wrapper, func); + }; + + // Returns a negated version of the passed-in predicate. + _.negate = function(predicate) { + return function() { + return !predicate.apply(this, arguments); + }; + }; + + // Returns a function that is the composition of a list of functions, each + // consuming the return value of the function that follows. + _.compose = function() { + var args = arguments; + var start = args.length - 1; + return function() { + var i = start; + var result = args[start].apply(this, arguments); + while (i--) result = args[i].call(this, result); + return result; + }; + }; + + // Returns a function that will only be executed on and after the Nth call. + _.after = function(times, func) { + return function() { + if (--times < 1) { + return func.apply(this, arguments); + } + }; + }; + + // Returns a function that will only be executed up to (but not including) the Nth call. + _.before = function(times, func) { + var memo; + return function() { + if (--times > 0) { + memo = func.apply(this, arguments); + } + if (times <= 1) func = null; + return memo; + }; + }; + + // Returns a function that will be executed at most one time, no matter how + // often you call it. Useful for lazy initialization. + _.once = _.partial(_.before, 2); + + // Object Functions + // ---------------- + + // Keys in IE < 9 that won't be iterated by `for key in ...` and thus missed. + var hasEnumBug = !{toString: null}.propertyIsEnumerable('toString'); + var nonEnumerableProps = ['valueOf', 'isPrototypeOf', 'toString', + 'propertyIsEnumerable', 'hasOwnProperty', 'toLocaleString']; + + function collectNonEnumProps(obj, keys) { + var nonEnumIdx = nonEnumerableProps.length; + var constructor = obj.constructor; + var proto = (_.isFunction(constructor) && constructor.prototype) || ObjProto; + + // Constructor is a special case. + var prop = 'constructor'; + if (_.has(obj, prop) && !_.contains(keys, prop)) keys.push(prop); + + while (nonEnumIdx--) { + prop = nonEnumerableProps[nonEnumIdx]; + if (prop in obj && obj[prop] !== proto[prop] && !_.contains(keys, prop)) { + keys.push(prop); + } + } + } + + // Retrieve the names of an object's own properties. + // Delegates to **ECMAScript 5**'s native `Object.keys` + _.keys = function(obj) { + if (!_.isObject(obj)) return []; + if (nativeKeys) return nativeKeys(obj); + var keys = []; + for (var key in obj) if (_.has(obj, key)) keys.push(key); + // Ahem, IE < 9. + if (hasEnumBug) collectNonEnumProps(obj, keys); + return keys; + }; + + // Retrieve all the property names of an object. + _.allKeys = function(obj) { + if (!_.isObject(obj)) return []; + var keys = []; + for (var key in obj) keys.push(key); + // Ahem, IE < 9. + if (hasEnumBug) collectNonEnumProps(obj, keys); + return keys; + }; + + // Retrieve the values of an object's properties. + _.values = function(obj) { + var keys = _.keys(obj); + var length = keys.length; + var values = Array(length); + for (var i = 0; i < length; i++) { + values[i] = obj[keys[i]]; + } + return values; + }; + + // Returns the results of applying the iteratee to each element of the object + // In contrast to _.map it returns an object + _.mapObject = function(obj, iteratee, context) { + iteratee = cb(iteratee, context); + var keys = _.keys(obj), + length = keys.length, + results = {}, + currentKey; + for (var index = 0; index < length; index++) { + currentKey = keys[index]; + results[currentKey] = iteratee(obj[currentKey], currentKey, obj); + } + return results; + }; + + // Convert an object into a list of `[key, value]` pairs. + _.pairs = function(obj) { + var keys = _.keys(obj); + var length = keys.length; + var pairs = Array(length); + for (var i = 0; i < length; i++) { + pairs[i] = [keys[i], obj[keys[i]]]; + } + return pairs; + }; + + // Invert the keys and values of an object. The values must be serializable. + _.invert = function(obj) { + var result = {}; + var keys = _.keys(obj); + for (var i = 0, length = keys.length; i < length; i++) { + result[obj[keys[i]]] = keys[i]; + } + return result; + }; + + // Return a sorted list of the function names available on the object. + // Aliased as `methods` + _.functions = _.methods = function(obj) { + var names = []; + for (var key in obj) { + if (_.isFunction(obj[key])) names.push(key); + } + return names.sort(); + }; + + // Extend a given object with all the properties in passed-in object(s). + _.extend = createAssigner(_.allKeys); + + // Assigns a given object with all the own properties in the passed-in object(s) + // (https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign) + _.extendOwn = _.assign = createAssigner(_.keys); + + // Returns the first key on an object that passes a predicate test + _.findKey = function(obj, predicate, context) { + predicate = cb(predicate, context); + var keys = _.keys(obj), key; + for (var i = 0, length = keys.length; i < length; i++) { + key = keys[i]; + if (predicate(obj[key], key, obj)) return key; + } + }; + + // Return a copy of the object only containing the whitelisted properties. + _.pick = function(object, oiteratee, context) { + var result = {}, obj = object, iteratee, keys; + if (obj == null) return result; + if (_.isFunction(oiteratee)) { + keys = _.allKeys(obj); + iteratee = optimizeCb(oiteratee, context); + } else { + keys = flatten(arguments, false, false, 1); + iteratee = function(value, key, obj) { return key in obj; }; + obj = Object(obj); + } + for (var i = 0, length = keys.length; i < length; i++) { + var key = keys[i]; + var value = obj[key]; + if (iteratee(value, key, obj)) result[key] = value; + } + return result; + }; + + // Return a copy of the object without the blacklisted properties. + _.omit = function(obj, iteratee, context) { + if (_.isFunction(iteratee)) { + iteratee = _.negate(iteratee); + } else { + var keys = _.map(flatten(arguments, false, false, 1), String); + iteratee = function(value, key) { + return !_.contains(keys, key); + }; + } + return _.pick(obj, iteratee, context); + }; + + // Fill in a given object with default properties. + _.defaults = createAssigner(_.allKeys, true); + + // Creates an object that inherits from the given prototype object. + // If additional properties are provided then they will be added to the + // created object. + _.create = function(prototype, props) { + var result = baseCreate(prototype); + if (props) _.extendOwn(result, props); + return result; + }; + + // Create a (shallow-cloned) duplicate of an object. + _.clone = function(obj) { + if (!_.isObject(obj)) return obj; + return _.isArray(obj) ? obj.slice() : _.extend({}, obj); + }; + + // Invokes interceptor with the obj, and then returns obj. + // The primary purpose of this method is to "tap into" a method chain, in + // order to perform operations on intermediate results within the chain. + _.tap = function(obj, interceptor) { + interceptor(obj); + return obj; + }; + + // Returns whether an object has a given set of `key:value` pairs. + _.isMatch = function(object, attrs) { + var keys = _.keys(attrs), length = keys.length; + if (object == null) return !length; + var obj = Object(object); + for (var i = 0; i < length; i++) { + var key = keys[i]; + if (attrs[key] !== obj[key] || !(key in obj)) return false; + } + return true; + }; + + + // Internal recursive comparison function for `isEqual`. + var eq = function(a, b, aStack, bStack) { + // Identical objects are equal. `0 === -0`, but they aren't identical. + // See the [Harmony `egal` proposal](http://wiki.ecmascript.org/doku.php?id=harmony:egal). + if (a === b) return a !== 0 || 1 / a === 1 / b; + // A strict comparison is necessary because `null == undefined`. + if (a == null || b == null) return a === b; + // Unwrap any wrapped objects. + if (a instanceof _) a = a._wrapped; + if (b instanceof _) b = b._wrapped; + // Compare `[[Class]]` names. + var className = toString.call(a); + if (className !== toString.call(b)) return false; + switch (className) { + // Strings, numbers, regular expressions, dates, and booleans are compared by value. + case '[object RegExp]': + // RegExps are coerced to strings for comparison (Note: '' + /a/i === '/a/i') + case '[object String]': + // Primitives and their corresponding object wrappers are equivalent; thus, `"5"` is + // equivalent to `new String("5")`. + return '' + a === '' + b; + case '[object Number]': + // `NaN`s are equivalent, but non-reflexive. + // Object(NaN) is equivalent to NaN + if (+a !== +a) return +b !== +b; + // An `egal` comparison is performed for other numeric values. + return +a === 0 ? 1 / +a === 1 / b : +a === +b; + case '[object Date]': + case '[object Boolean]': + // Coerce dates and booleans to numeric primitive values. Dates are compared by their + // millisecond representations. Note that invalid dates with millisecond representations + // of `NaN` are not equivalent. + return +a === +b; + } + + var areArrays = className === '[object Array]'; + if (!areArrays) { + if (typeof a != 'object' || typeof b != 'object') return false; + + // Objects with different constructors are not equivalent, but `Object`s or `Array`s + // from different frames are. + var aCtor = a.constructor, bCtor = b.constructor; + if (aCtor !== bCtor && !(_.isFunction(aCtor) && aCtor instanceof aCtor && + _.isFunction(bCtor) && bCtor instanceof bCtor) + && ('constructor' in a && 'constructor' in b)) { + return false; + } + } + // Assume equality for cyclic structures. The algorithm for detecting cyclic + // structures is adapted from ES 5.1 section 15.12.3, abstract operation `JO`. + + // Initializing stack of traversed objects. + // It's done here since we only need them for objects and arrays comparison. + aStack = aStack || []; + bStack = bStack || []; + var length = aStack.length; + while (length--) { + // Linear search. Performance is inversely proportional to the number of + // unique nested structures. + if (aStack[length] === a) return bStack[length] === b; + } + + // Add the first object to the stack of traversed objects. + aStack.push(a); + bStack.push(b); + + // Recursively compare objects and arrays. + if (areArrays) { + // Compare array lengths to determine if a deep comparison is necessary. + length = a.length; + if (length !== b.length) return false; + // Deep compare the contents, ignoring non-numeric properties. + while (length--) { + if (!eq(a[length], b[length], aStack, bStack)) return false; + } + } else { + // Deep compare objects. + var keys = _.keys(a), key; + length = keys.length; + // Ensure that both objects contain the same number of properties before comparing deep equality. + if (_.keys(b).length !== length) return false; + while (length--) { + // Deep compare each member + key = keys[length]; + if (!(_.has(b, key) && eq(a[key], b[key], aStack, bStack))) return false; + } + } + // Remove the first object from the stack of traversed objects. + aStack.pop(); + bStack.pop(); + return true; + }; + + // Perform a deep comparison to check if two objects are equal. + _.isEqual = function(a, b) { + return eq(a, b); + }; + + // Is a given array, string, or object empty? + // An "empty" object has no enumerable own-properties. + _.isEmpty = function(obj) { + if (obj == null) return true; + if (isArrayLike(obj) && (_.isArray(obj) || _.isString(obj) || _.isArguments(obj))) return obj.length === 0; + return _.keys(obj).length === 0; + }; + + // Is a given value a DOM element? + _.isElement = function(obj) { + return !!(obj && obj.nodeType === 1); + }; + + // Is a given value an array? + // Delegates to ECMA5's native Array.isArray + _.isArray = nativeIsArray || function(obj) { + return toString.call(obj) === '[object Array]'; + }; + + // Is a given variable an object? + _.isObject = function(obj) { + var type = typeof obj; + return type === 'function' || type === 'object' && !!obj; + }; + + // Add some isType methods: isArguments, isFunction, isString, isNumber, isDate, isRegExp, isError. + _.each(['Arguments', 'Function', 'String', 'Number', 'Date', 'RegExp', 'Error'], function(name) { + _['is' + name] = function(obj) { + return toString.call(obj) === '[object ' + name + ']'; + }; + }); + + // Define a fallback version of the method in browsers (ahem, IE < 9), where + // there isn't any inspectable "Arguments" type. + if (!_.isArguments(arguments)) { + _.isArguments = function(obj) { + return _.has(obj, 'callee'); + }; + } + + // Optimize `isFunction` if appropriate. Work around some typeof bugs in old v8, + // IE 11 (#1621), and in Safari 8 (#1929). + if (typeof /./ != 'function' && typeof Int8Array != 'object') { + _.isFunction = function(obj) { + return typeof obj == 'function' || false; + }; + } + + // Is a given object a finite number? + _.isFinite = function(obj) { + return isFinite(obj) && !isNaN(parseFloat(obj)); + }; + + // Is the given value `NaN`? (NaN is the only number which does not equal itself). + _.isNaN = function(obj) { + return _.isNumber(obj) && obj !== +obj; + }; + + // Is a given value a boolean? + _.isBoolean = function(obj) { + return obj === true || obj === false || toString.call(obj) === '[object Boolean]'; + }; + + // Is a given value equal to null? + _.isNull = function(obj) { + return obj === null; + }; + + // Is a given variable undefined? + _.isUndefined = function(obj) { + return obj === void 0; + }; + + // Shortcut function for checking if an object has a given property directly + // on itself (in other words, not on a prototype). + _.has = function(obj, key) { + return obj != null && hasOwnProperty.call(obj, key); + }; + + // Utility Functions + // ----------------- + + // Run Underscore.js in *noConflict* mode, returning the `_` variable to its + // previous owner. Returns a reference to the Underscore object. + _.noConflict = function() { + root._ = previousUnderscore; + return this; + }; + + // Keep the identity function around for default iteratees. + _.identity = function(value) { + return value; + }; + + // Predicate-generating functions. Often useful outside of Underscore. + _.constant = function(value) { + return function() { + return value; + }; + }; + + _.noop = function(){}; + + _.property = property; + + // Generates a function for a given object that returns a given property. + _.propertyOf = function(obj) { + return obj == null ? function(){} : function(key) { + return obj[key]; + }; + }; + + // Returns a predicate for checking whether an object has a given set of + // `key:value` pairs. + _.matcher = _.matches = function(attrs) { + attrs = _.extendOwn({}, attrs); + return function(obj) { + return _.isMatch(obj, attrs); + }; + }; + + // Run a function **n** times. + _.times = function(n, iteratee, context) { + var accum = Array(Math.max(0, n)); + iteratee = optimizeCb(iteratee, context, 1); + for (var i = 0; i < n; i++) accum[i] = iteratee(i); + return accum; + }; + + // Return a random integer between min and max (inclusive). + _.random = function(min, max) { + if (max == null) { + max = min; + min = 0; + } + return min + Math.floor(Math.random() * (max - min + 1)); + }; + + // A (possibly faster) way to get the current timestamp as an integer. + _.now = Date.now || function() { + return new Date().getTime(); + }; + + // List of HTML entities for escaping. + var escapeMap = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '`': '`' + }; + var unescapeMap = _.invert(escapeMap); + + // Functions for escaping and unescaping strings to/from HTML interpolation. + var createEscaper = function(map) { + var escaper = function(match) { + return map[match]; + }; + // Regexes for identifying a key that needs to be escaped + var source = '(?:' + _.keys(map).join('|') + ')'; + var testRegexp = RegExp(source); + var replaceRegexp = RegExp(source, 'g'); + return function(string) { + string = string == null ? '' : '' + string; + return testRegexp.test(string) ? string.replace(replaceRegexp, escaper) : string; + }; + }; + _.escape = createEscaper(escapeMap); + _.unescape = createEscaper(unescapeMap); + + // If the value of the named `property` is a function then invoke it with the + // `object` as context; otherwise, return it. + _.result = function(object, property, fallback) { + var value = object == null ? void 0 : object[property]; + if (value === void 0) { + value = fallback; + } + return _.isFunction(value) ? value.call(object) : value; + }; + + // Generate a unique integer id (unique within the entire client session). + // Useful for temporary DOM ids. + var idCounter = 0; + _.uniqueId = function(prefix) { + var id = ++idCounter + ''; + return prefix ? prefix + id : id; + }; + + // By default, Underscore uses ERB-style template delimiters, change the + // following template settings to use alternative delimiters. + _.templateSettings = { + evaluate : /<%([\s\S]+?)%>/g, + interpolate : /<%=([\s\S]+?)%>/g, + escape : /<%-([\s\S]+?)%>/g + }; + + // When customizing `templateSettings`, if you don't want to define an + // interpolation, evaluation or escaping regex, we need one that is + // guaranteed not to match. + var noMatch = /(.)^/; + + // Certain characters need to be escaped so that they can be put into a + // string literal. + var escapes = { + "'": "'", + '\\': '\\', + '\r': 'r', + '\n': 'n', + '\u2028': 'u2028', + '\u2029': 'u2029' + }; + + var escaper = /\\|'|\r|\n|\u2028|\u2029/g; + + var escapeChar = function(match) { + return '\\' + escapes[match]; + }; + + // JavaScript micro-templating, similar to John Resig's implementation. + // Underscore templating handles arbitrary delimiters, preserves whitespace, + // and correctly escapes quotes within interpolated code. + // NB: `oldSettings` only exists for backwards compatibility. + _.template = function(text, settings, oldSettings) { + if (!settings && oldSettings) settings = oldSettings; + settings = _.defaults({}, settings, _.templateSettings); + + // Combine delimiters into one regular expression via alternation. + var matcher = RegExp([ + (settings.escape || noMatch).source, + (settings.interpolate || noMatch).source, + (settings.evaluate || noMatch).source + ].join('|') + '|$', 'g'); + + // Compile the template source, escaping string literals appropriately. + var index = 0; + var source = "__p+='"; + text.replace(matcher, function(match, escape, interpolate, evaluate, offset) { + source += text.slice(index, offset).replace(escaper, escapeChar); + index = offset + match.length; + + if (escape) { + source += "'+\n((__t=(" + escape + "))==null?'':_.escape(__t))+\n'"; + } else if (interpolate) { + source += "'+\n((__t=(" + interpolate + "))==null?'':__t)+\n'"; + } else if (evaluate) { + source += "';\n" + evaluate + "\n__p+='"; + } + + // Adobe VMs need the match returned to produce the correct offest. + return match; + }); + source += "';\n"; + + // If a variable is not specified, place data values in local scope. + if (!settings.variable) source = 'with(obj||{}){\n' + source + '}\n'; + + source = "var __t,__p='',__j=Array.prototype.join," + + "print=function(){__p+=__j.call(arguments,'');};\n" + + source + 'return __p;\n'; + + try { + var render = new Function(settings.variable || 'obj', '_', source); + } catch (e) { + e.source = source; + throw e; + } + + var template = function(data) { + return render.call(this, data, _); + }; + + // Provide the compiled source as a convenience for precompilation. + var argument = settings.variable || 'obj'; + template.source = 'function(' + argument + '){\n' + source + '}'; + + return template; + }; + + // Add a "chain" function. Start chaining a wrapped Underscore object. + _.chain = function(obj) { + var instance = _(obj); + instance._chain = true; + return instance; + }; + + // OOP + // --------------- + // If Underscore is called as a function, it returns a wrapped object that + // can be used OO-style. This wrapper holds altered versions of all the + // underscore functions. Wrapped objects may be chained. + + // Helper function to continue chaining intermediate results. + var result = function(instance, obj) { + return instance._chain ? _(obj).chain() : obj; + }; + + // Add your own custom functions to the Underscore object. + _.mixin = function(obj) { + _.each(_.functions(obj), function(name) { + var func = _[name] = obj[name]; + _.prototype[name] = function() { + var args = [this._wrapped]; + push.apply(args, arguments); + return result(this, func.apply(_, args)); + }; + }); + }; + + // Add all of the Underscore functions to the wrapper object. + _.mixin(_); + + // Add all mutator Array functions to the wrapper. + _.each(['pop', 'push', 'reverse', 'shift', 'sort', 'splice', 'unshift'], function(name) { + var method = ArrayProto[name]; + _.prototype[name] = function() { + var obj = this._wrapped; + method.apply(obj, arguments); + if ((name === 'shift' || name === 'splice') && obj.length === 0) delete obj[0]; + return result(this, obj); + }; + }); + + // Add all accessor Array functions to the wrapper. + _.each(['concat', 'join', 'slice'], function(name) { + var method = ArrayProto[name]; + _.prototype[name] = function() { + return result(this, method.apply(this._wrapped, arguments)); + }; + }); + + // Extracts the result from a wrapped and chained object. + _.prototype.value = function() { + return this._wrapped; + }; + + // Provide unwrapping proxy for some methods used in engine operations + // such as arithmetic and JSON stringification. + _.prototype.valueOf = _.prototype.toJSON = _.prototype.value; + + _.prototype.toString = function() { + return '' + this._wrapped; + }; + + // AMD registration happens at the end for compatibility with AMD loaders + // that may not enforce next-turn semantics on modules. Even though general + // practice for AMD registration is to be anonymous, underscore registers + // as a named module because, like jQuery, it is a base library that is + // popular enough to be bundled in a third party lib, but not be part of + // an AMD load request. Those cases could generate an error when an + // anonymous define() is called outside of a loader request. + if (typeof define === 'function' && define.amd) { + define('underscore', [], function() { + return _; + }); + } +}.call(this)); + +},{}],26:[function(require,module,exports){ +arguments[4][19][0].apply(exports,arguments) +},{"dup":19}],27:[function(require,module,exports){ +module.exports = function isBuffer(arg) { + return arg && typeof arg === 'object' + && typeof arg.copy === 'function' + && typeof arg.fill === 'function' + && typeof arg.readUInt8 === 'function'; +} +},{}],28:[function(require,module,exports){ +(function (process,global){ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var formatRegExp = /%[sdj%]/g; +exports.format = function(f) { + if (!isString(f)) { + var objects = []; + for (var i = 0; i < arguments.length; i++) { + objects.push(inspect(arguments[i])); + } + return objects.join(' '); + } + + var i = 1; + var args = arguments; + var len = args.length; + var str = String(f).replace(formatRegExp, function(x) { + if (x === '%%') return '%'; + if (i >= len) return x; + switch (x) { + case '%s': return String(args[i++]); + case '%d': return Number(args[i++]); + case '%j': + try { + return JSON.stringify(args[i++]); + } catch (_) { + return '[Circular]'; + } + default: + return x; + } + }); + for (var x = args[i]; i < len; x = args[++i]) { + if (isNull(x) || !isObject(x)) { + str += ' ' + x; + } else { + str += ' ' + inspect(x); + } + } + return str; +}; + + +// Mark that a method should not be used. +// Returns a modified function which warns once by default. +// If --no-deprecation is set, then it is a no-op. +exports.deprecate = function(fn, msg) { + // Allow for deprecating things in the process of starting up. + if (isUndefined(global.process)) { + return function() { + return exports.deprecate(fn, msg).apply(this, arguments); + }; + } + + if (process.noDeprecation === true) { + return fn; + } + + var warned = false; + function deprecated() { + if (!warned) { + if (process.throwDeprecation) { + throw new Error(msg); + } else if (process.traceDeprecation) { + console.trace(msg); + } else { + console.error(msg); + } + warned = true; + } + return fn.apply(this, arguments); + } + + return deprecated; +}; + + +var debugs = {}; +var debugEnviron; +exports.debuglog = function(set) { + if (isUndefined(debugEnviron)) + debugEnviron = process.env.NODE_DEBUG || ''; + set = set.toUpperCase(); + if (!debugs[set]) { + if (new RegExp('\\b' + set + '\\b', 'i').test(debugEnviron)) { + var pid = process.pid; + debugs[set] = function() { + var msg = exports.format.apply(exports, arguments); + console.error('%s %d: %s', set, pid, msg); + }; + } else { + debugs[set] = function() {}; + } + } + return debugs[set]; +}; + + +/** + * Echos the value of a value. Trys to print the value out + * in the best way possible given the different types. + * + * @param {Object} obj The object to print out. + * @param {Object} opts Optional options object that alters the output. + */ +/* legacy: obj, showHidden, depth, colors*/ +function inspect(obj, opts) { + // default options + var ctx = { + seen: [], + stylize: stylizeNoColor + }; + // legacy... + if (arguments.length >= 3) ctx.depth = arguments[2]; + if (arguments.length >= 4) ctx.colors = arguments[3]; + if (isBoolean(opts)) { + // legacy... + ctx.showHidden = opts; + } else if (opts) { + // got an "options" object + exports._extend(ctx, opts); + } + // set default options + if (isUndefined(ctx.showHidden)) ctx.showHidden = false; + if (isUndefined(ctx.depth)) ctx.depth = 2; + if (isUndefined(ctx.colors)) ctx.colors = false; + if (isUndefined(ctx.customInspect)) ctx.customInspect = true; + if (ctx.colors) ctx.stylize = stylizeWithColor; + return formatValue(ctx, obj, ctx.depth); +} +exports.inspect = inspect; + + +// http://en.wikipedia.org/wiki/ANSI_escape_code#graphics +inspect.colors = { + 'bold' : [1, 22], + 'italic' : [3, 23], + 'underline' : [4, 24], + 'inverse' : [7, 27], + 'white' : [37, 39], + 'grey' : [90, 39], + 'black' : [30, 39], + 'blue' : [34, 39], + 'cyan' : [36, 39], + 'green' : [32, 39], + 'magenta' : [35, 39], + 'red' : [31, 39], + 'yellow' : [33, 39] +}; + +// Don't use 'blue' not visible on cmd.exe +inspect.styles = { + 'special': 'cyan', + 'number': 'yellow', + 'boolean': 'yellow', + 'undefined': 'grey', + 'null': 'bold', + 'string': 'green', + 'date': 'magenta', + // "name": intentionally not styling + 'regexp': 'red' +}; + + +function stylizeWithColor(str, styleType) { + var style = inspect.styles[styleType]; + + if (style) { + return '\u001b[' + inspect.colors[style][0] + 'm' + str + + '\u001b[' + inspect.colors[style][1] + 'm'; + } else { + return str; + } +} + + +function stylizeNoColor(str, styleType) { + return str; +} + + +function arrayToHash(array) { + var hash = {}; + + array.forEach(function(val, idx) { + hash[val] = true; + }); + + return hash; +} + + +function formatValue(ctx, value, recurseTimes) { + // Provide a hook for user-specified inspect functions. + // Check that value is an object with an inspect function on it + if (ctx.customInspect && + value && + isFunction(value.inspect) && + // Filter out the util module, it's inspect function is special + value.inspect !== exports.inspect && + // Also filter out any prototype objects using the circular check. + !(value.constructor && value.constructor.prototype === value)) { + var ret = value.inspect(recurseTimes, ctx); + if (!isString(ret)) { + ret = formatValue(ctx, ret, recurseTimes); + } + return ret; + } + + // Primitive types cannot have properties + var primitive = formatPrimitive(ctx, value); + if (primitive) { + return primitive; + } + + // Look up the keys of the object. + var keys = Object.keys(value); + var visibleKeys = arrayToHash(keys); + + if (ctx.showHidden) { + keys = Object.getOwnPropertyNames(value); + } + + // IE doesn't make error fields non-enumerable + // http://msdn.microsoft.com/en-us/library/ie/dww52sbt(v=vs.94).aspx + if (isError(value) + && (keys.indexOf('message') >= 0 || keys.indexOf('description') >= 0)) { + return formatError(value); + } + + // Some type of object without properties can be shortcutted. + if (keys.length === 0) { + if (isFunction(value)) { + var name = value.name ? ': ' + value.name : ''; + return ctx.stylize('[Function' + name + ']', 'special'); + } + if (isRegExp(value)) { + return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp'); + } + if (isDate(value)) { + return ctx.stylize(Date.prototype.toString.call(value), 'date'); + } + if (isError(value)) { + return formatError(value); + } + } + + var base = '', array = false, braces = ['{', '}']; + + // Make Array say that they are Array + if (isArray(value)) { + array = true; + braces = ['[', ']']; + } + + // Make functions say that they are functions + if (isFunction(value)) { + var n = value.name ? ': ' + value.name : ''; + base = ' [Function' + n + ']'; + } + + // Make RegExps say that they are RegExps + if (isRegExp(value)) { + base = ' ' + RegExp.prototype.toString.call(value); + } + + // Make dates with properties first say the date + if (isDate(value)) { + base = ' ' + Date.prototype.toUTCString.call(value); + } + + // Make error with message first say the error + if (isError(value)) { + base = ' ' + formatError(value); + } + + if (keys.length === 0 && (!array || value.length == 0)) { + return braces[0] + base + braces[1]; + } + + if (recurseTimes < 0) { + if (isRegExp(value)) { + return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp'); + } else { + return ctx.stylize('[Object]', 'special'); + } + } + + ctx.seen.push(value); + + var output; + if (array) { + output = formatArray(ctx, value, recurseTimes, visibleKeys, keys); + } else { + output = keys.map(function(key) { + return formatProperty(ctx, value, recurseTimes, visibleKeys, key, array); + }); + } + + ctx.seen.pop(); + + return reduceToSingleString(output, base, braces); +} + + +function formatPrimitive(ctx, value) { + if (isUndefined(value)) + return ctx.stylize('undefined', 'undefined'); + if (isString(value)) { + var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '') + .replace(/'/g, "\\'") + .replace(/\\"/g, '"') + '\''; + return ctx.stylize(simple, 'string'); + } + if (isNumber(value)) + return ctx.stylize('' + value, 'number'); + if (isBoolean(value)) + return ctx.stylize('' + value, 'boolean'); + // For some reason typeof null is "object", so special case here. + if (isNull(value)) + return ctx.stylize('null', 'null'); +} + + +function formatError(value) { + return '[' + Error.prototype.toString.call(value) + ']'; +} + + +function formatArray(ctx, value, recurseTimes, visibleKeys, keys) { + var output = []; + for (var i = 0, l = value.length; i < l; ++i) { + if (hasOwnProperty(value, String(i))) { + output.push(formatProperty(ctx, value, recurseTimes, visibleKeys, + String(i), true)); + } else { + output.push(''); + } + } + keys.forEach(function(key) { + if (!key.match(/^\d+$/)) { + output.push(formatProperty(ctx, value, recurseTimes, visibleKeys, + key, true)); + } + }); + return output; +} + + +function formatProperty(ctx, value, recurseTimes, visibleKeys, key, array) { + var name, str, desc; + desc = Object.getOwnPropertyDescriptor(value, key) || { value: value[key] }; + if (desc.get) { + if (desc.set) { + str = ctx.stylize('[Getter/Setter]', 'special'); + } else { + str = ctx.stylize('[Getter]', 'special'); + } + } else { + if (desc.set) { + str = ctx.stylize('[Setter]', 'special'); + } + } + if (!hasOwnProperty(visibleKeys, key)) { + name = '[' + key + ']'; + } + if (!str) { + if (ctx.seen.indexOf(desc.value) < 0) { + if (isNull(recurseTimes)) { + str = formatValue(ctx, desc.value, null); + } else { + str = formatValue(ctx, desc.value, recurseTimes - 1); + } + if (str.indexOf('\n') > -1) { + if (array) { + str = str.split('\n').map(function(line) { + return ' ' + line; + }).join('\n').substr(2); + } else { + str = '\n' + str.split('\n').map(function(line) { + return ' ' + line; + }).join('\n'); + } + } + } else { + str = ctx.stylize('[Circular]', 'special'); + } + } + if (isUndefined(name)) { + if (array && key.match(/^\d+$/)) { + return str; + } + name = JSON.stringify('' + key); + if (name.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)) { + name = name.substr(1, name.length - 2); + name = ctx.stylize(name, 'name'); + } else { + name = name.replace(/'/g, "\\'") + .replace(/\\"/g, '"') + .replace(/(^"|"$)/g, "'"); + name = ctx.stylize(name, 'string'); + } + } + + return name + ': ' + str; +} + + +function reduceToSingleString(output, base, braces) { + var numLinesEst = 0; + var length = output.reduce(function(prev, cur) { + numLinesEst++; + if (cur.indexOf('\n') >= 0) numLinesEst++; + return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1; + }, 0); + + if (length > 60) { + return braces[0] + + (base === '' ? '' : base + '\n ') + + ' ' + + output.join(',\n ') + + ' ' + + braces[1]; + } + + return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1]; +} + + +// NOTE: These type checking functions intentionally don't use `instanceof` +// because it is fragile and can be easily faked with `Object.create()`. +function isArray(ar) { + return Array.isArray(ar); +} +exports.isArray = isArray; + +function isBoolean(arg) { + return typeof arg === 'boolean'; +} +exports.isBoolean = isBoolean; + +function isNull(arg) { + return arg === null; +} +exports.isNull = isNull; + +function isNullOrUndefined(arg) { + return arg == null; +} +exports.isNullOrUndefined = isNullOrUndefined; + +function isNumber(arg) { + return typeof arg === 'number'; +} +exports.isNumber = isNumber; + +function isString(arg) { + return typeof arg === 'string'; +} +exports.isString = isString; + +function isSymbol(arg) { + return typeof arg === 'symbol'; +} +exports.isSymbol = isSymbol; + +function isUndefined(arg) { + return arg === void 0; +} +exports.isUndefined = isUndefined; + +function isRegExp(re) { + return isObject(re) && objectToString(re) === '[object RegExp]'; +} +exports.isRegExp = isRegExp; + +function isObject(arg) { + return typeof arg === 'object' && arg !== null; +} +exports.isObject = isObject; + +function isDate(d) { + return isObject(d) && objectToString(d) === '[object Date]'; +} +exports.isDate = isDate; + +function isError(e) { + return isObject(e) && + (objectToString(e) === '[object Error]' || e instanceof Error); +} +exports.isError = isError; + +function isFunction(arg) { + return typeof arg === 'function'; +} +exports.isFunction = isFunction; + +function isPrimitive(arg) { + return arg === null || + typeof arg === 'boolean' || + typeof arg === 'number' || + typeof arg === 'string' || + typeof arg === 'symbol' || // ES6 symbol + typeof arg === 'undefined'; +} +exports.isPrimitive = isPrimitive; + +exports.isBuffer = require('./support/isBuffer'); + +function objectToString(o) { + return Object.prototype.toString.call(o); +} + + +function pad(n) { + return n < 10 ? '0' + n.toString(10) : n.toString(10); +} + + +var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', + 'Oct', 'Nov', 'Dec']; + +// 26 Feb 16:19:34 +function timestamp() { + var d = new Date(); + var time = [pad(d.getHours()), + pad(d.getMinutes()), + pad(d.getSeconds())].join(':'); + return [d.getDate(), months[d.getMonth()], time].join(' '); +} + + +// log is just a thin wrapper to console.log that prepends a timestamp +exports.log = function() { + console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments)); +}; + + +/** + * Inherit the prototype methods from one constructor into another. + * + * The Function.prototype.inherits from lang.js rewritten as a standalone + * function (not on Function.prototype). NOTE: If this file is to be loaded + * during bootstrapping this function needs to be rewritten using some native + * functions as prototype setup using normal JavaScript does not work as + * expected during bootstrapping (see mirror.js in r114903). + * + * @param {function} ctor Constructor function which needs to inherit the + * prototype. + * @param {function} superCtor Constructor function to inherit prototype from. + */ +exports.inherits = require('inherits'); + +exports._extend = function(origin, add) { + // Don't do anything if add isn't an object + if (!add || !isObject(add)) return origin; + + var keys = Object.keys(add); + var i = keys.length; + while (i--) { + origin[keys[i]] = add[keys[i]]; + } + return origin; +}; + +function hasOwnProperty(obj, prop) { + return Object.prototype.hasOwnProperty.call(obj, prop); +} + +}).call(this,require('_process'),typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {}) +},{"./support/isBuffer":27,"_process":24,"inherits":26}],29:[function(require,module,exports){ +// Returns a wrapper function that returns a wrapped callback +// The wrapper function should do some stuff, and return a +// presumably different callback function. +// This makes sure that own properties are retained, so that +// decorations and such are not lost along the way. +module.exports = wrappy +function wrappy (fn, cb) { + if (fn && cb) return wrappy(fn)(cb) + + if (typeof fn !== 'function') + throw new TypeError('need wrapper function') + + Object.keys(fn).forEach(function (k) { + wrapper[k] = fn[k] + }) + + return wrapper + + function wrapper() { + var args = new Array(arguments.length) + for (var i = 0; i < args.length; i++) { + args[i] = arguments[i] + } + var ret = fn.apply(this, args) + var cb = args[args.length-1] + if (typeof ret === 'function' && ret !== cb) { + Object.keys(cb).forEach(function (k) { + ret[k] = cb[k] + }) + } + return ret + } +} + +},{}]},{},[7])(7) +}); \ No newline at end of file diff --git a/2.5/assets/javascripts/workers/search.16e2a7d4.min.js b/2.5/assets/javascripts/workers/search.16e2a7d4.min.js new file mode 100644 index 000000000..e0dc159e8 --- /dev/null +++ b/2.5/assets/javascripts/workers/search.16e2a7d4.min.js @@ -0,0 +1,48 @@ +"use strict";(()=>{var ge=Object.create;var W=Object.defineProperty,ye=Object.defineProperties,me=Object.getOwnPropertyDescriptor,ve=Object.getOwnPropertyDescriptors,xe=Object.getOwnPropertyNames,G=Object.getOwnPropertySymbols,Se=Object.getPrototypeOf,X=Object.prototype.hasOwnProperty,Qe=Object.prototype.propertyIsEnumerable;var J=(t,e,r)=>e in t?W(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,M=(t,e)=>{for(var r in e||(e={}))X.call(e,r)&&J(t,r,e[r]);if(G)for(var r of G(e))Qe.call(e,r)&&J(t,r,e[r]);return t},Z=(t,e)=>ye(t,ve(e));var K=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var be=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of xe(e))!X.call(t,i)&&i!==r&&W(t,i,{get:()=>e[i],enumerable:!(n=me(e,i))||n.enumerable});return t};var H=(t,e,r)=>(r=t!=null?ge(Se(t)):{},be(e||!t||!t.__esModule?W(r,"default",{value:t,enumerable:!0}):r,t));var z=(t,e,r)=>new Promise((n,i)=>{var s=u=>{try{a(r.next(u))}catch(c){i(c)}},o=u=>{try{a(r.throw(u))}catch(c){i(c)}},a=u=>u.done?n(u.value):Promise.resolve(u.value).then(s,o);a((r=r.apply(t,e)).next())});var re=K((ee,te)=>{/** + * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as bright - 2.3.9 + * Copyright (C) 2020 Oliver Nightingale + * @license MIT + */(function(){var t=function(e){var r=new t.Builder;return r.pipeline.add(t.trimmer,t.stopWordFilter,t.stemmer),r.searchPipeline.add(t.stemmer),e.call(r,r),r.build()};t.version="2.3.9";/*! + * lunr.utils + * Copyright (C) 2020 Oliver Nightingale + */t.utils={},t.utils.warn=function(e){return function(r){e.console&&console.warn&&console.warn(r)}}(this),t.utils.asString=function(e){return e==null?"":e.toString()},t.utils.clone=function(e){if(e==null)return e;for(var r=Object.create(null),n=Object.keys(e),i=0;i0){var h=t.utils.clone(r)||{};h.position=[a,c],h.index=s.length,s.push(new t.Token(n.slice(a,o),h))}a=o+1}}return s},t.tokenizer.separator=/[\s\-]+/;/*! + * lunr.Pipeline + * Copyright (C) 2020 Oliver Nightingale + */t.Pipeline=function(){this._stack=[]},t.Pipeline.registeredFunctions=Object.create(null),t.Pipeline.registerFunction=function(e,r){r in this.registeredFunctions&&t.utils.warn("Overwriting existing registered function: "+r),e.label=r,t.Pipeline.registeredFunctions[e.label]=e},t.Pipeline.warnIfFunctionNotRegistered=function(e){var r=e.label&&e.label in this.registeredFunctions;r||t.utils.warn(`Function is not registered with pipeline. This may cause problems when serialising the index. +`,e)},t.Pipeline.load=function(e){var r=new t.Pipeline;return e.forEach(function(n){var i=t.Pipeline.registeredFunctions[n];if(i)r.add(i);else throw new Error("Cannot load unregistered function: "+n)}),r},t.Pipeline.prototype.add=function(){var e=Array.prototype.slice.call(arguments);e.forEach(function(r){t.Pipeline.warnIfFunctionNotRegistered(r),this._stack.push(r)},this)},t.Pipeline.prototype.after=function(e,r){t.Pipeline.warnIfFunctionNotRegistered(r);var n=this._stack.indexOf(e);if(n==-1)throw new Error("Cannot find existingFn");n=n+1,this._stack.splice(n,0,r)},t.Pipeline.prototype.before=function(e,r){t.Pipeline.warnIfFunctionNotRegistered(r);var n=this._stack.indexOf(e);if(n==-1)throw new Error("Cannot find existingFn");this._stack.splice(n,0,r)},t.Pipeline.prototype.remove=function(e){var r=this._stack.indexOf(e);r!=-1&&this._stack.splice(r,1)},t.Pipeline.prototype.run=function(e){for(var r=this._stack.length,n=0;n1&&(oe&&(n=s),o!=e);)i=n-r,s=r+Math.floor(i/2),o=this.elements[s*2];if(o==e||o>e)return s*2;if(ou?h+=2:a==u&&(r+=n[c+1]*i[h+1],c+=2,h+=2);return r},t.Vector.prototype.similarity=function(e){return this.dot(e)/this.magnitude()||0},t.Vector.prototype.toArray=function(){for(var e=new Array(this.elements.length/2),r=1,n=0;r0){var o=s.str.charAt(0),a;o in s.node.edges?a=s.node.edges[o]:(a=new t.TokenSet,s.node.edges[o]=a),s.str.length==1&&(a.final=!0),i.push({node:a,editsRemaining:s.editsRemaining,str:s.str.slice(1)})}if(s.editsRemaining!=0){if("*"in s.node.edges)var u=s.node.edges["*"];else{var u=new t.TokenSet;s.node.edges["*"]=u}if(s.str.length==0&&(u.final=!0),i.push({node:u,editsRemaining:s.editsRemaining-1,str:s.str}),s.str.length>1&&i.push({node:s.node,editsRemaining:s.editsRemaining-1,str:s.str.slice(1)}),s.str.length==1&&(s.node.final=!0),s.str.length>=1){if("*"in s.node.edges)var c=s.node.edges["*"];else{var c=new t.TokenSet;s.node.edges["*"]=c}s.str.length==1&&(c.final=!0),i.push({node:c,editsRemaining:s.editsRemaining-1,str:s.str.slice(1)})}if(s.str.length>1){var h=s.str.charAt(0),y=s.str.charAt(1),g;y in s.node.edges?g=s.node.edges[y]:(g=new t.TokenSet,s.node.edges[y]=g),s.str.length==1&&(g.final=!0),i.push({node:g,editsRemaining:s.editsRemaining-1,str:h+s.str.slice(2)})}}}return n},t.TokenSet.fromString=function(e){for(var r=new t.TokenSet,n=r,i=0,s=e.length;i=e;r--){var n=this.uncheckedNodes[r],i=n.child.toString();i in this.minimizedNodes?n.parent.edges[n.char]=this.minimizedNodes[i]:(n.child._str=i,this.minimizedNodes[i]=n.child),this.uncheckedNodes.pop()}};/*! + * lunr.Index + * Copyright (C) 2020 Oliver Nightingale + */t.Index=function(e){this.invertedIndex=e.invertedIndex,this.fieldVectors=e.fieldVectors,this.tokenSet=e.tokenSet,this.fields=e.fields,this.pipeline=e.pipeline},t.Index.prototype.search=function(e){return this.query(function(r){var n=new t.QueryParser(e,r);n.parse()})},t.Index.prototype.query=function(e){for(var r=new t.Query(this.fields),n=Object.create(null),i=Object.create(null),s=Object.create(null),o=Object.create(null),a=Object.create(null),u=0;u1?this._b=1:this._b=e},t.Builder.prototype.k1=function(e){this._k1=e},t.Builder.prototype.add=function(e,r){var n=e[this._ref],i=Object.keys(this._fields);this._documents[n]=r||{},this.documentCount+=1;for(var s=0;s=this.length)return t.QueryLexer.EOS;var e=this.str.charAt(this.pos);return this.pos+=1,e},t.QueryLexer.prototype.width=function(){return this.pos-this.start},t.QueryLexer.prototype.ignore=function(){this.start==this.pos&&(this.pos+=1),this.start=this.pos},t.QueryLexer.prototype.backup=function(){this.pos-=1},t.QueryLexer.prototype.acceptDigitRun=function(){var e,r;do e=this.next(),r=e.charCodeAt(0);while(r>47&&r<58);e!=t.QueryLexer.EOS&&this.backup()},t.QueryLexer.prototype.more=function(){return this.pos1&&(e.backup(),e.emit(t.QueryLexer.TERM)),e.ignore(),e.more())return t.QueryLexer.lexText},t.QueryLexer.lexEditDistance=function(e){return e.ignore(),e.acceptDigitRun(),e.emit(t.QueryLexer.EDIT_DISTANCE),t.QueryLexer.lexText},t.QueryLexer.lexBoost=function(e){return e.ignore(),e.acceptDigitRun(),e.emit(t.QueryLexer.BOOST),t.QueryLexer.lexText},t.QueryLexer.lexEOS=function(e){e.width()>0&&e.emit(t.QueryLexer.TERM)},t.QueryLexer.termSeparator=t.tokenizer.separator,t.QueryLexer.lexText=function(e){for(;;){var r=e.next();if(r==t.QueryLexer.EOS)return t.QueryLexer.lexEOS;if(r.charCodeAt(0)==92){e.escapeCharacter();continue}if(r==":")return t.QueryLexer.lexField;if(r=="~")return e.backup(),e.width()>0&&e.emit(t.QueryLexer.TERM),t.QueryLexer.lexEditDistance;if(r=="^")return e.backup(),e.width()>0&&e.emit(t.QueryLexer.TERM),t.QueryLexer.lexBoost;if(r=="+"&&e.width()===1||r=="-"&&e.width()===1)return e.emit(t.QueryLexer.PRESENCE),t.QueryLexer.lexText;if(r.match(t.QueryLexer.termSeparator))return t.QueryLexer.lexTerm}},t.QueryParser=function(e,r){this.lexer=new t.QueryLexer(e),this.query=r,this.currentClause={},this.lexemeIdx=0},t.QueryParser.prototype.parse=function(){this.lexer.run(),this.lexemes=this.lexer.lexemes;for(var e=t.QueryParser.parseClause;e;)e=e(this);return this.query},t.QueryParser.prototype.peekLexeme=function(){return this.lexemes[this.lexemeIdx]},t.QueryParser.prototype.consumeLexeme=function(){var e=this.peekLexeme();return this.lexemeIdx+=1,e},t.QueryParser.prototype.nextClause=function(){var e=this.currentClause;this.query.clause(e),this.currentClause={}},t.QueryParser.parseClause=function(e){var r=e.peekLexeme();if(r!=null)switch(r.type){case t.QueryLexer.PRESENCE:return t.QueryParser.parsePresence;case t.QueryLexer.FIELD:return t.QueryParser.parseField;case t.QueryLexer.TERM:return t.QueryParser.parseTerm;default:var n="expected either a field or a term, found "+r.type;throw r.str.length>=1&&(n+=" with value '"+r.str+"'"),new t.QueryParseError(n,r.start,r.end)}},t.QueryParser.parsePresence=function(e){var r=e.consumeLexeme();if(r!=null){switch(r.str){case"-":e.currentClause.presence=t.Query.presence.PROHIBITED;break;case"+":e.currentClause.presence=t.Query.presence.REQUIRED;break;default:var n="unrecognised presence operator'"+r.str+"'";throw new t.QueryParseError(n,r.start,r.end)}var i=e.peekLexeme();if(i==null){var n="expecting term or field, found nothing";throw new t.QueryParseError(n,r.start,r.end)}switch(i.type){case t.QueryLexer.FIELD:return t.QueryParser.parseField;case t.QueryLexer.TERM:return t.QueryParser.parseTerm;default:var n="expecting term or field, found '"+i.type+"'";throw new t.QueryParseError(n,i.start,i.end)}}},t.QueryParser.parseField=function(e){var r=e.consumeLexeme();if(r!=null){if(e.query.allFields.indexOf(r.str)==-1){var n=e.query.allFields.map(function(o){return"'"+o+"'"}).join(", "),i="unrecognised field '"+r.str+"', possible fields: "+n;throw new t.QueryParseError(i,r.start,r.end)}e.currentClause.fields=[r.str];var s=e.peekLexeme();if(s==null){var i="expecting term, found nothing";throw new t.QueryParseError(i,r.start,r.end)}switch(s.type){case t.QueryLexer.TERM:return t.QueryParser.parseTerm;default:var i="expecting term, found '"+s.type+"'";throw new t.QueryParseError(i,s.start,s.end)}}},t.QueryParser.parseTerm=function(e){var r=e.consumeLexeme();if(r!=null){e.currentClause.term=r.str.toLowerCase(),r.str.indexOf("*")!=-1&&(e.currentClause.usePipeline=!1);var n=e.peekLexeme();if(n==null){e.nextClause();return}switch(n.type){case t.QueryLexer.TERM:return e.nextClause(),t.QueryParser.parseTerm;case t.QueryLexer.FIELD:return e.nextClause(),t.QueryParser.parseField;case t.QueryLexer.EDIT_DISTANCE:return t.QueryParser.parseEditDistance;case t.QueryLexer.BOOST:return t.QueryParser.parseBoost;case t.QueryLexer.PRESENCE:return e.nextClause(),t.QueryParser.parsePresence;default:var i="Unexpected lexeme type '"+n.type+"'";throw new t.QueryParseError(i,n.start,n.end)}}},t.QueryParser.parseEditDistance=function(e){var r=e.consumeLexeme();if(r!=null){var n=parseInt(r.str,10);if(isNaN(n)){var i="edit distance must be numeric";throw new t.QueryParseError(i,r.start,r.end)}e.currentClause.editDistance=n;var s=e.peekLexeme();if(s==null){e.nextClause();return}switch(s.type){case t.QueryLexer.TERM:return e.nextClause(),t.QueryParser.parseTerm;case t.QueryLexer.FIELD:return e.nextClause(),t.QueryParser.parseField;case t.QueryLexer.EDIT_DISTANCE:return t.QueryParser.parseEditDistance;case t.QueryLexer.BOOST:return t.QueryParser.parseBoost;case t.QueryLexer.PRESENCE:return e.nextClause(),t.QueryParser.parsePresence;default:var i="Unexpected lexeme type '"+s.type+"'";throw new t.QueryParseError(i,s.start,s.end)}}},t.QueryParser.parseBoost=function(e){var r=e.consumeLexeme();if(r!=null){var n=parseInt(r.str,10);if(isNaN(n)){var i="boost must be numeric";throw new t.QueryParseError(i,r.start,r.end)}e.currentClause.boost=n;var s=e.peekLexeme();if(s==null){e.nextClause();return}switch(s.type){case t.QueryLexer.TERM:return e.nextClause(),t.QueryParser.parseTerm;case t.QueryLexer.FIELD:return e.nextClause(),t.QueryParser.parseField;case t.QueryLexer.EDIT_DISTANCE:return t.QueryParser.parseEditDistance;case t.QueryLexer.BOOST:return t.QueryParser.parseBoost;case t.QueryLexer.PRESENCE:return e.nextClause(),t.QueryParser.parsePresence;default:var i="Unexpected lexeme type '"+s.type+"'";throw new t.QueryParseError(i,s.start,s.end)}}},function(e,r){typeof define=="function"&&define.amd?define(r):typeof ee=="object"?te.exports=r():e.lunr=r()}(this,function(){return t})})()});var q=K((Re,ne)=>{"use strict";/*! + * escape-html + * Copyright(c) 2012-2013 TJ Holowaychuk + * Copyright(c) 2015 Andreas Lubbe + * Copyright(c) 2015 Tiancheng "Timothy" Gu + * MIT Licensed + */var Le=/["'&<>]/;ne.exports=we;function we(t){var e=""+t,r=Le.exec(e);if(!r)return e;var n,i="",s=0,o=0;for(s=r.index;s=0;r--){let n=t[r];typeof n=="string"?n=document.createTextNode(n):n.parentNode&&n.parentNode.removeChild(n),r?e.insertBefore(this.previousSibling,n):e.replaceChild(n,this)}}}));var ie=H(q());function se(t){let e=new Map,r=new Set;for(let n of t){let[i,s]=n.location.split("#"),o=n.location,a=n.title,u=n.tags,c=(0,ie.default)(n.text).replace(/\s+(?=[,.:;!?])/g,"").replace(/\s+/g," ");if(s){let h=e.get(i);r.has(h)?e.set(o,{location:o,title:a,text:c,parent:h}):(h.title=n.title,h.text=c,r.add(h))}else e.set(o,M({location:o,title:a,text:c},u&&{tags:u}))}return e}var oe=H(q());function ae(t,e){let r=new RegExp(t.separator,"img"),n=(i,s,o)=>`${s}${o}`;return i=>{i=i.replace(/[\s*+\-:~^]+/g," ").trim();let s=new RegExp(`(^|${t.separator})(${i.replace(/[|\\{}()[\]^$+*?.-]/g,"\\$&").replace(r,"|")})`,"img");return o=>(e?(0,oe.default)(o):o).replace(s,n).replace(/<\/mark>(\s+)]*>/img,"$1")}}function ue(t){let e=new lunr.Query(["title","text"]);return new lunr.QueryParser(t,e).parse(),e.clauses}function ce(t,e){var i;let r=new Set(t),n={};for(let s=0;s!n.has(i)))]}var U=class{constructor({config:e,docs:r,options:n}){this.options=n,this.documents=se(r),this.highlight=ae(e,!1),lunr.tokenizer.separator=new RegExp(e.separator),this.index=lunr(function(){e.lang.length===1&&e.lang[0]!=="en"?this.use(lunr[e.lang[0]]):e.lang.length>1&&this.use(lunr.multiLanguage(...e.lang));let i=Ee(["trimmer","stopWordFilter","stemmer"],n.pipeline);for(let s of e.lang.map(o=>o==="en"?lunr:lunr[o]))for(let o of i)this.pipeline.remove(s[o]),this.searchPipeline.remove(s[o]);this.ref("location"),this.field("title",{boost:1e3}),this.field("text"),this.field("tags",{boost:1e6,extractor:s=>{let{tags:o=[]}=s;return o.reduce((a,u)=>[...a,...lunr.tokenizer(u)],[])}});for(let s of r)this.add(s,{boost:s.boost})})}search(e){if(e)try{let r=this.highlight(e),n=ue(e).filter(o=>o.presence!==lunr.Query.presence.PROHIBITED),i=this.index.search(`${e}*`).reduce((o,{ref:a,score:u,matchData:c})=>{let h=this.documents.get(a);if(typeof h!="undefined"){let{location:y,title:g,text:b,tags:m,parent:Q}=h,p=ce(n,Object.keys(c.metadata)),d=+!Q+ +Object.values(p).every(w=>w);o.push(Z(M({location:y,title:r(g),text:r(b)},m&&{tags:m.map(r)}),{score:u*(1+d),terms:p}))}return o},[]).sort((o,a)=>a.score-o.score).reduce((o,a)=>{let u=this.documents.get(a.location);if(typeof u!="undefined"){let c="parent"in u?u.parent.location:u.location;o.set(c,[...o.get(c)||[],a])}return o},new Map),s;if(this.options.suggestions){let o=this.index.query(a=>{for(let u of n)a.term(u.term,{fields:["title"],presence:lunr.Query.presence.REQUIRED,wildcard:lunr.Query.wildcard.TRAILING})});s=o.length?Object.keys(o[0].matchData.metadata):[]}return M({items:[...i.values()]},typeof s!="undefined"&&{suggestions:s})}catch(r){console.warn(`Invalid query: ${e} \u2013 see https://bit.ly/2s3ChXG`)}return{items:[]}}};var Y;function ke(t){return z(this,null,function*(){let e="../lunr";if(typeof parent!="undefined"&&"IFrameWorker"in parent){let n=document.querySelector("script[src]"),[i]=n.src.split("/worker");e=e.replace("..",i)}let r=[];for(let n of t.lang){switch(n){case"ja":r.push(`${e}/tinyseg.js`);break;case"hi":case"th":r.push(`${e}/wordcut.js`);break}n!=="en"&&r.push(`${e}/min/lunr.${n}.min.js`)}t.lang.length>1&&r.push(`${e}/min/lunr.multi.min.js`),r.length&&(yield importScripts(`${e}/min/lunr.stemmer.support.min.js`,...r))})}function Te(t){return z(this,null,function*(){switch(t.type){case 0:return yield ke(t.data.config),Y=new U(t.data),{type:1};case 2:return{type:3,data:Y?Y.search(t.data):{items:[]}};default:throw new TypeError("Invalid message type")}})}self.lunr=le.default;addEventListener("message",t=>z(void 0,null,function*(){postMessage(yield Te(t.data))}));})(); +//# sourceMappingURL=search.16e2a7d4.min.js.map + diff --git a/2.5/assets/javascripts/workers/search.16e2a7d4.min.js.map b/2.5/assets/javascripts/workers/search.16e2a7d4.min.js.map new file mode 100644 index 000000000..fa01f3742 --- /dev/null +++ b/2.5/assets/javascripts/workers/search.16e2a7d4.min.js.map @@ -0,0 +1,8 @@ +{ + "version": 3, + "sources": ["node_modules/lunr/lunr.js", "node_modules/escape-html/index.js", "src/assets/javascripts/integrations/search/worker/main/index.ts", "src/assets/javascripts/polyfills/index.ts", "src/assets/javascripts/integrations/search/document/index.ts", "src/assets/javascripts/integrations/search/highlighter/index.ts", "src/assets/javascripts/integrations/search/query/_/index.ts", "src/assets/javascripts/integrations/search/_/index.ts"], + "sourceRoot": "../../../..", + "sourcesContent": ["/**\n * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as bright - 2.3.9\n * Copyright (C) 2020 Oliver Nightingale\n * @license MIT\n */\n\n;(function(){\n\n/**\n * A convenience function for configuring and constructing\n * a new lunr Index.\n *\n * A lunr.Builder instance is created and the pipeline setup\n * with a trimmer, stop word filter and stemmer.\n *\n * This builder object is yielded to the configuration function\n * that is passed as a parameter, allowing the list of fields\n * and other builder parameters to be customised.\n *\n * All documents _must_ be added within the passed config function.\n *\n * @example\n * var idx = lunr(function () {\n * this.field('title')\n * this.field('body')\n * this.ref('id')\n *\n * documents.forEach(function (doc) {\n * this.add(doc)\n * }, this)\n * })\n *\n * @see {@link lunr.Builder}\n * @see {@link lunr.Pipeline}\n * @see {@link lunr.trimmer}\n * @see {@link lunr.stopWordFilter}\n * @see {@link lunr.stemmer}\n * @namespace {function} lunr\n */\nvar lunr = function (config) {\n var builder = new lunr.Builder\n\n builder.pipeline.add(\n lunr.trimmer,\n lunr.stopWordFilter,\n lunr.stemmer\n )\n\n builder.searchPipeline.add(\n lunr.stemmer\n )\n\n config.call(builder, builder)\n return builder.build()\n}\n\nlunr.version = \"2.3.9\"\n/*!\n * lunr.utils\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * A namespace containing utils for the rest of the lunr library\n * @namespace lunr.utils\n */\nlunr.utils = {}\n\n/**\n * Print a warning message to the console.\n *\n * @param {String} message The message to be printed.\n * @memberOf lunr.utils\n * @function\n */\nlunr.utils.warn = (function (global) {\n /* eslint-disable no-console */\n return function (message) {\n if (global.console && console.warn) {\n console.warn(message)\n }\n }\n /* eslint-enable no-console */\n})(this)\n\n/**\n * Convert an object to a string.\n *\n * In the case of `null` and `undefined` the function returns\n * the empty string, in all other cases the result of calling\n * `toString` on the passed object is returned.\n *\n * @param {Any} obj The object to convert to a string.\n * @return {String} string representation of the passed object.\n * @memberOf lunr.utils\n */\nlunr.utils.asString = function (obj) {\n if (obj === void 0 || obj === null) {\n return \"\"\n } else {\n return obj.toString()\n }\n}\n\n/**\n * Clones an object.\n *\n * Will create a copy of an existing object such that any mutations\n * on the copy cannot affect the original.\n *\n * Only shallow objects are supported, passing a nested object to this\n * function will cause a TypeError.\n *\n * Objects with primitives, and arrays of primitives are supported.\n *\n * @param {Object} obj The object to clone.\n * @return {Object} a clone of the passed object.\n * @throws {TypeError} when a nested object is passed.\n * @memberOf Utils\n */\nlunr.utils.clone = function (obj) {\n if (obj === null || obj === undefined) {\n return obj\n }\n\n var clone = Object.create(null),\n keys = Object.keys(obj)\n\n for (var i = 0; i < keys.length; i++) {\n var key = keys[i],\n val = obj[key]\n\n if (Array.isArray(val)) {\n clone[key] = val.slice()\n continue\n }\n\n if (typeof val === 'string' ||\n typeof val === 'number' ||\n typeof val === 'boolean') {\n clone[key] = val\n continue\n }\n\n throw new TypeError(\"clone is not deep and does not support nested objects\")\n }\n\n return clone\n}\nlunr.FieldRef = function (docRef, fieldName, stringValue) {\n this.docRef = docRef\n this.fieldName = fieldName\n this._stringValue = stringValue\n}\n\nlunr.FieldRef.joiner = \"/\"\n\nlunr.FieldRef.fromString = function (s) {\n var n = s.indexOf(lunr.FieldRef.joiner)\n\n if (n === -1) {\n throw \"malformed field ref string\"\n }\n\n var fieldRef = s.slice(0, n),\n docRef = s.slice(n + 1)\n\n return new lunr.FieldRef (docRef, fieldRef, s)\n}\n\nlunr.FieldRef.prototype.toString = function () {\n if (this._stringValue == undefined) {\n this._stringValue = this.fieldName + lunr.FieldRef.joiner + this.docRef\n }\n\n return this._stringValue\n}\n/*!\n * lunr.Set\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * A lunr set.\n *\n * @constructor\n */\nlunr.Set = function (elements) {\n this.elements = Object.create(null)\n\n if (elements) {\n this.length = elements.length\n\n for (var i = 0; i < this.length; i++) {\n this.elements[elements[i]] = true\n }\n } else {\n this.length = 0\n }\n}\n\n/**\n * A complete set that contains all elements.\n *\n * @static\n * @readonly\n * @type {lunr.Set}\n */\nlunr.Set.complete = {\n intersect: function (other) {\n return other\n },\n\n union: function () {\n return this\n },\n\n contains: function () {\n return true\n }\n}\n\n/**\n * An empty set that contains no elements.\n *\n * @static\n * @readonly\n * @type {lunr.Set}\n */\nlunr.Set.empty = {\n intersect: function () {\n return this\n },\n\n union: function (other) {\n return other\n },\n\n contains: function () {\n return false\n }\n}\n\n/**\n * Returns true if this set contains the specified object.\n *\n * @param {object} object - Object whose presence in this set is to be tested.\n * @returns {boolean} - True if this set contains the specified object.\n */\nlunr.Set.prototype.contains = function (object) {\n return !!this.elements[object]\n}\n\n/**\n * Returns a new set containing only the elements that are present in both\n * this set and the specified set.\n *\n * @param {lunr.Set} other - set to intersect with this set.\n * @returns {lunr.Set} a new set that is the intersection of this and the specified set.\n */\n\nlunr.Set.prototype.intersect = function (other) {\n var a, b, elements, intersection = []\n\n if (other === lunr.Set.complete) {\n return this\n }\n\n if (other === lunr.Set.empty) {\n return other\n }\n\n if (this.length < other.length) {\n a = this\n b = other\n } else {\n a = other\n b = this\n }\n\n elements = Object.keys(a.elements)\n\n for (var i = 0; i < elements.length; i++) {\n var element = elements[i]\n if (element in b.elements) {\n intersection.push(element)\n }\n }\n\n return new lunr.Set (intersection)\n}\n\n/**\n * Returns a new set combining the elements of this and the specified set.\n *\n * @param {lunr.Set} other - set to union with this set.\n * @return {lunr.Set} a new set that is the union of this and the specified set.\n */\n\nlunr.Set.prototype.union = function (other) {\n if (other === lunr.Set.complete) {\n return lunr.Set.complete\n }\n\n if (other === lunr.Set.empty) {\n return this\n }\n\n return new lunr.Set(Object.keys(this.elements).concat(Object.keys(other.elements)))\n}\n/**\n * A function to calculate the inverse document frequency for\n * a posting. This is shared between the builder and the index\n *\n * @private\n * @param {object} posting - The posting for a given term\n * @param {number} documentCount - The total number of documents.\n */\nlunr.idf = function (posting, documentCount) {\n var documentsWithTerm = 0\n\n for (var fieldName in posting) {\n if (fieldName == '_index') continue // Ignore the term index, its not a field\n documentsWithTerm += Object.keys(posting[fieldName]).length\n }\n\n var x = (documentCount - documentsWithTerm + 0.5) / (documentsWithTerm + 0.5)\n\n return Math.log(1 + Math.abs(x))\n}\n\n/**\n * A token wraps a string representation of a token\n * as it is passed through the text processing pipeline.\n *\n * @constructor\n * @param {string} [str=''] - The string token being wrapped.\n * @param {object} [metadata={}] - Metadata associated with this token.\n */\nlunr.Token = function (str, metadata) {\n this.str = str || \"\"\n this.metadata = metadata || {}\n}\n\n/**\n * Returns the token string that is being wrapped by this object.\n *\n * @returns {string}\n */\nlunr.Token.prototype.toString = function () {\n return this.str\n}\n\n/**\n * A token update function is used when updating or optionally\n * when cloning a token.\n *\n * @callback lunr.Token~updateFunction\n * @param {string} str - The string representation of the token.\n * @param {Object} metadata - All metadata associated with this token.\n */\n\n/**\n * Applies the given function to the wrapped string token.\n *\n * @example\n * token.update(function (str, metadata) {\n * return str.toUpperCase()\n * })\n *\n * @param {lunr.Token~updateFunction} fn - A function to apply to the token string.\n * @returns {lunr.Token}\n */\nlunr.Token.prototype.update = function (fn) {\n this.str = fn(this.str, this.metadata)\n return this\n}\n\n/**\n * Creates a clone of this token. Optionally a function can be\n * applied to the cloned token.\n *\n * @param {lunr.Token~updateFunction} [fn] - An optional function to apply to the cloned token.\n * @returns {lunr.Token}\n */\nlunr.Token.prototype.clone = function (fn) {\n fn = fn || function (s) { return s }\n return new lunr.Token (fn(this.str, this.metadata), this.metadata)\n}\n/*!\n * lunr.tokenizer\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * A function for splitting a string into tokens ready to be inserted into\n * the search index. Uses `lunr.tokenizer.separator` to split strings, change\n * the value of this property to change how strings are split into tokens.\n *\n * This tokenizer will convert its parameter to a string by calling `toString` and\n * then will split this string on the character in `lunr.tokenizer.separator`.\n * Arrays will have their elements converted to strings and wrapped in a lunr.Token.\n *\n * Optional metadata can be passed to the tokenizer, this metadata will be cloned and\n * added as metadata to every token that is created from the object to be tokenized.\n *\n * @static\n * @param {?(string|object|object[])} obj - The object to convert into tokens\n * @param {?object} metadata - Optional metadata to associate with every token\n * @returns {lunr.Token[]}\n * @see {@link lunr.Pipeline}\n */\nlunr.tokenizer = function (obj, metadata) {\n if (obj == null || obj == undefined) {\n return []\n }\n\n if (Array.isArray(obj)) {\n return obj.map(function (t) {\n return new lunr.Token(\n lunr.utils.asString(t).toLowerCase(),\n lunr.utils.clone(metadata)\n )\n })\n }\n\n var str = obj.toString().toLowerCase(),\n len = str.length,\n tokens = []\n\n for (var sliceEnd = 0, sliceStart = 0; sliceEnd <= len; sliceEnd++) {\n var char = str.charAt(sliceEnd),\n sliceLength = sliceEnd - sliceStart\n\n if ((char.match(lunr.tokenizer.separator) || sliceEnd == len)) {\n\n if (sliceLength > 0) {\n var tokenMetadata = lunr.utils.clone(metadata) || {}\n tokenMetadata[\"position\"] = [sliceStart, sliceLength]\n tokenMetadata[\"index\"] = tokens.length\n\n tokens.push(\n new lunr.Token (\n str.slice(sliceStart, sliceEnd),\n tokenMetadata\n )\n )\n }\n\n sliceStart = sliceEnd + 1\n }\n\n }\n\n return tokens\n}\n\n/**\n * The separator used to split a string into tokens. Override this property to change the behaviour of\n * `lunr.tokenizer` behaviour when tokenizing strings. By default this splits on whitespace and hyphens.\n *\n * @static\n * @see lunr.tokenizer\n */\nlunr.tokenizer.separator = /[\\s\\-]+/\n/*!\n * lunr.Pipeline\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * lunr.Pipelines maintain an ordered list of functions to be applied to all\n * tokens in documents entering the search index and queries being ran against\n * the index.\n *\n * An instance of lunr.Index created with the lunr shortcut will contain a\n * pipeline with a stop word filter and an English language stemmer. Extra\n * functions can be added before or after either of these functions or these\n * default functions can be removed.\n *\n * When run the pipeline will call each function in turn, passing a token, the\n * index of that token in the original list of all tokens and finally a list of\n * all the original tokens.\n *\n * The output of functions in the pipeline will be passed to the next function\n * in the pipeline. To exclude a token from entering the index the function\n * should return undefined, the rest of the pipeline will not be called with\n * this token.\n *\n * For serialisation of pipelines to work, all functions used in an instance of\n * a pipeline should be registered with lunr.Pipeline. Registered functions can\n * then be loaded. If trying to load a serialised pipeline that uses functions\n * that are not registered an error will be thrown.\n *\n * If not planning on serialising the pipeline then registering pipeline functions\n * is not necessary.\n *\n * @constructor\n */\nlunr.Pipeline = function () {\n this._stack = []\n}\n\nlunr.Pipeline.registeredFunctions = Object.create(null)\n\n/**\n * A pipeline function maps lunr.Token to lunr.Token. A lunr.Token contains the token\n * string as well as all known metadata. A pipeline function can mutate the token string\n * or mutate (or add) metadata for a given token.\n *\n * A pipeline function can indicate that the passed token should be discarded by returning\n * null, undefined or an empty string. This token will not be passed to any downstream pipeline\n * functions and will not be added to the index.\n *\n * Multiple tokens can be returned by returning an array of tokens. Each token will be passed\n * to any downstream pipeline functions and all will returned tokens will be added to the index.\n *\n * Any number of pipeline functions may be chained together using a lunr.Pipeline.\n *\n * @interface lunr.PipelineFunction\n * @param {lunr.Token} token - A token from the document being processed.\n * @param {number} i - The index of this token in the complete list of tokens for this document/field.\n * @param {lunr.Token[]} tokens - All tokens for this document/field.\n * @returns {(?lunr.Token|lunr.Token[])}\n */\n\n/**\n * Register a function with the pipeline.\n *\n * Functions that are used in the pipeline should be registered if the pipeline\n * needs to be serialised, or a serialised pipeline needs to be loaded.\n *\n * Registering a function does not add it to a pipeline, functions must still be\n * added to instances of the pipeline for them to be used when running a pipeline.\n *\n * @param {lunr.PipelineFunction} fn - The function to check for.\n * @param {String} label - The label to register this function with\n */\nlunr.Pipeline.registerFunction = function (fn, label) {\n if (label in this.registeredFunctions) {\n lunr.utils.warn('Overwriting existing registered function: ' + label)\n }\n\n fn.label = label\n lunr.Pipeline.registeredFunctions[fn.label] = fn\n}\n\n/**\n * Warns if the function is not registered as a Pipeline function.\n *\n * @param {lunr.PipelineFunction} fn - The function to check for.\n * @private\n */\nlunr.Pipeline.warnIfFunctionNotRegistered = function (fn) {\n var isRegistered = fn.label && (fn.label in this.registeredFunctions)\n\n if (!isRegistered) {\n lunr.utils.warn('Function is not registered with pipeline. This may cause problems when serialising the index.\\n', fn)\n }\n}\n\n/**\n * Loads a previously serialised pipeline.\n *\n * All functions to be loaded must already be registered with lunr.Pipeline.\n * If any function from the serialised data has not been registered then an\n * error will be thrown.\n *\n * @param {Object} serialised - The serialised pipeline to load.\n * @returns {lunr.Pipeline}\n */\nlunr.Pipeline.load = function (serialised) {\n var pipeline = new lunr.Pipeline\n\n serialised.forEach(function (fnName) {\n var fn = lunr.Pipeline.registeredFunctions[fnName]\n\n if (fn) {\n pipeline.add(fn)\n } else {\n throw new Error('Cannot load unregistered function: ' + fnName)\n }\n })\n\n return pipeline\n}\n\n/**\n * Adds new functions to the end of the pipeline.\n *\n * Logs a warning if the function has not been registered.\n *\n * @param {lunr.PipelineFunction[]} functions - Any number of functions to add to the pipeline.\n */\nlunr.Pipeline.prototype.add = function () {\n var fns = Array.prototype.slice.call(arguments)\n\n fns.forEach(function (fn) {\n lunr.Pipeline.warnIfFunctionNotRegistered(fn)\n this._stack.push(fn)\n }, this)\n}\n\n/**\n * Adds a single function after a function that already exists in the\n * pipeline.\n *\n * Logs a warning if the function has not been registered.\n *\n * @param {lunr.PipelineFunction} existingFn - A function that already exists in the pipeline.\n * @param {lunr.PipelineFunction} newFn - The new function to add to the pipeline.\n */\nlunr.Pipeline.prototype.after = function (existingFn, newFn) {\n lunr.Pipeline.warnIfFunctionNotRegistered(newFn)\n\n var pos = this._stack.indexOf(existingFn)\n if (pos == -1) {\n throw new Error('Cannot find existingFn')\n }\n\n pos = pos + 1\n this._stack.splice(pos, 0, newFn)\n}\n\n/**\n * Adds a single function before a function that already exists in the\n * pipeline.\n *\n * Logs a warning if the function has not been registered.\n *\n * @param {lunr.PipelineFunction} existingFn - A function that already exists in the pipeline.\n * @param {lunr.PipelineFunction} newFn - The new function to add to the pipeline.\n */\nlunr.Pipeline.prototype.before = function (existingFn, newFn) {\n lunr.Pipeline.warnIfFunctionNotRegistered(newFn)\n\n var pos = this._stack.indexOf(existingFn)\n if (pos == -1) {\n throw new Error('Cannot find existingFn')\n }\n\n this._stack.splice(pos, 0, newFn)\n}\n\n/**\n * Removes a function from the pipeline.\n *\n * @param {lunr.PipelineFunction} fn The function to remove from the pipeline.\n */\nlunr.Pipeline.prototype.remove = function (fn) {\n var pos = this._stack.indexOf(fn)\n if (pos == -1) {\n return\n }\n\n this._stack.splice(pos, 1)\n}\n\n/**\n * Runs the current list of functions that make up the pipeline against the\n * passed tokens.\n *\n * @param {Array} tokens The tokens to run through the pipeline.\n * @returns {Array}\n */\nlunr.Pipeline.prototype.run = function (tokens) {\n var stackLength = this._stack.length\n\n for (var i = 0; i < stackLength; i++) {\n var fn = this._stack[i]\n var memo = []\n\n for (var j = 0; j < tokens.length; j++) {\n var result = fn(tokens[j], j, tokens)\n\n if (result === null || result === void 0 || result === '') continue\n\n if (Array.isArray(result)) {\n for (var k = 0; k < result.length; k++) {\n memo.push(result[k])\n }\n } else {\n memo.push(result)\n }\n }\n\n tokens = memo\n }\n\n return tokens\n}\n\n/**\n * Convenience method for passing a string through a pipeline and getting\n * strings out. This method takes care of wrapping the passed string in a\n * token and mapping the resulting tokens back to strings.\n *\n * @param {string} str - The string to pass through the pipeline.\n * @param {?object} metadata - Optional metadata to associate with the token\n * passed to the pipeline.\n * @returns {string[]}\n */\nlunr.Pipeline.prototype.runString = function (str, metadata) {\n var token = new lunr.Token (str, metadata)\n\n return this.run([token]).map(function (t) {\n return t.toString()\n })\n}\n\n/**\n * Resets the pipeline by removing any existing processors.\n *\n */\nlunr.Pipeline.prototype.reset = function () {\n this._stack = []\n}\n\n/**\n * Returns a representation of the pipeline ready for serialisation.\n *\n * Logs a warning if the function has not been registered.\n *\n * @returns {Array}\n */\nlunr.Pipeline.prototype.toJSON = function () {\n return this._stack.map(function (fn) {\n lunr.Pipeline.warnIfFunctionNotRegistered(fn)\n\n return fn.label\n })\n}\n/*!\n * lunr.Vector\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * A vector is used to construct the vector space of documents and queries. These\n * vectors support operations to determine the similarity between two documents or\n * a document and a query.\n *\n * Normally no parameters are required for initializing a vector, but in the case of\n * loading a previously dumped vector the raw elements can be provided to the constructor.\n *\n * For performance reasons vectors are implemented with a flat array, where an elements\n * index is immediately followed by its value. E.g. [index, value, index, value]. This\n * allows the underlying array to be as sparse as possible and still offer decent\n * performance when being used for vector calculations.\n *\n * @constructor\n * @param {Number[]} [elements] - The flat list of element index and element value pairs.\n */\nlunr.Vector = function (elements) {\n this._magnitude = 0\n this.elements = elements || []\n}\n\n\n/**\n * Calculates the position within the vector to insert a given index.\n *\n * This is used internally by insert and upsert. If there are duplicate indexes then\n * the position is returned as if the value for that index were to be updated, but it\n * is the callers responsibility to check whether there is a duplicate at that index\n *\n * @param {Number} insertIdx - The index at which the element should be inserted.\n * @returns {Number}\n */\nlunr.Vector.prototype.positionForIndex = function (index) {\n // For an empty vector the tuple can be inserted at the beginning\n if (this.elements.length == 0) {\n return 0\n }\n\n var start = 0,\n end = this.elements.length / 2,\n sliceLength = end - start,\n pivotPoint = Math.floor(sliceLength / 2),\n pivotIndex = this.elements[pivotPoint * 2]\n\n while (sliceLength > 1) {\n if (pivotIndex < index) {\n start = pivotPoint\n }\n\n if (pivotIndex > index) {\n end = pivotPoint\n }\n\n if (pivotIndex == index) {\n break\n }\n\n sliceLength = end - start\n pivotPoint = start + Math.floor(sliceLength / 2)\n pivotIndex = this.elements[pivotPoint * 2]\n }\n\n if (pivotIndex == index) {\n return pivotPoint * 2\n }\n\n if (pivotIndex > index) {\n return pivotPoint * 2\n }\n\n if (pivotIndex < index) {\n return (pivotPoint + 1) * 2\n }\n}\n\n/**\n * Inserts an element at an index within the vector.\n *\n * Does not allow duplicates, will throw an error if there is already an entry\n * for this index.\n *\n * @param {Number} insertIdx - The index at which the element should be inserted.\n * @param {Number} val - The value to be inserted into the vector.\n */\nlunr.Vector.prototype.insert = function (insertIdx, val) {\n this.upsert(insertIdx, val, function () {\n throw \"duplicate index\"\n })\n}\n\n/**\n * Inserts or updates an existing index within the vector.\n *\n * @param {Number} insertIdx - The index at which the element should be inserted.\n * @param {Number} val - The value to be inserted into the vector.\n * @param {function} fn - A function that is called for updates, the existing value and the\n * requested value are passed as arguments\n */\nlunr.Vector.prototype.upsert = function (insertIdx, val, fn) {\n this._magnitude = 0\n var position = this.positionForIndex(insertIdx)\n\n if (this.elements[position] == insertIdx) {\n this.elements[position + 1] = fn(this.elements[position + 1], val)\n } else {\n this.elements.splice(position, 0, insertIdx, val)\n }\n}\n\n/**\n * Calculates the magnitude of this vector.\n *\n * @returns {Number}\n */\nlunr.Vector.prototype.magnitude = function () {\n if (this._magnitude) return this._magnitude\n\n var sumOfSquares = 0,\n elementsLength = this.elements.length\n\n for (var i = 1; i < elementsLength; i += 2) {\n var val = this.elements[i]\n sumOfSquares += val * val\n }\n\n return this._magnitude = Math.sqrt(sumOfSquares)\n}\n\n/**\n * Calculates the dot product of this vector and another vector.\n *\n * @param {lunr.Vector} otherVector - The vector to compute the dot product with.\n * @returns {Number}\n */\nlunr.Vector.prototype.dot = function (otherVector) {\n var dotProduct = 0,\n a = this.elements, b = otherVector.elements,\n aLen = a.length, bLen = b.length,\n aVal = 0, bVal = 0,\n i = 0, j = 0\n\n while (i < aLen && j < bLen) {\n aVal = a[i], bVal = b[j]\n if (aVal < bVal) {\n i += 2\n } else if (aVal > bVal) {\n j += 2\n } else if (aVal == bVal) {\n dotProduct += a[i + 1] * b[j + 1]\n i += 2\n j += 2\n }\n }\n\n return dotProduct\n}\n\n/**\n * Calculates the similarity between this vector and another vector.\n *\n * @param {lunr.Vector} otherVector - The other vector to calculate the\n * similarity with.\n * @returns {Number}\n */\nlunr.Vector.prototype.similarity = function (otherVector) {\n return this.dot(otherVector) / this.magnitude() || 0\n}\n\n/**\n * Converts the vector to an array of the elements within the vector.\n *\n * @returns {Number[]}\n */\nlunr.Vector.prototype.toArray = function () {\n var output = new Array (this.elements.length / 2)\n\n for (var i = 1, j = 0; i < this.elements.length; i += 2, j++) {\n output[j] = this.elements[i]\n }\n\n return output\n}\n\n/**\n * A JSON serializable representation of the vector.\n *\n * @returns {Number[]}\n */\nlunr.Vector.prototype.toJSON = function () {\n return this.elements\n}\n/* eslint-disable */\n/*!\n * lunr.stemmer\n * Copyright (C) 2020 Oliver Nightingale\n * Includes code from - http://tartarus.org/~martin/PorterStemmer/js.txt\n */\n\n/**\n * lunr.stemmer is an english language stemmer, this is a JavaScript\n * implementation of the PorterStemmer taken from http://tartarus.org/~martin\n *\n * @static\n * @implements {lunr.PipelineFunction}\n * @param {lunr.Token} token - The string to stem\n * @returns {lunr.Token}\n * @see {@link lunr.Pipeline}\n * @function\n */\nlunr.stemmer = (function(){\n var step2list = {\n \"ational\" : \"ate\",\n \"tional\" : \"tion\",\n \"enci\" : \"ence\",\n \"anci\" : \"ance\",\n \"izer\" : \"ize\",\n \"bli\" : \"ble\",\n \"alli\" : \"al\",\n \"entli\" : \"ent\",\n \"eli\" : \"e\",\n \"ousli\" : \"ous\",\n \"ization\" : \"ize\",\n \"ation\" : \"ate\",\n \"ator\" : \"ate\",\n \"alism\" : \"al\",\n \"iveness\" : \"ive\",\n \"fulness\" : \"ful\",\n \"ousness\" : \"ous\",\n \"aliti\" : \"al\",\n \"iviti\" : \"ive\",\n \"biliti\" : \"ble\",\n \"logi\" : \"log\"\n },\n\n step3list = {\n \"icate\" : \"ic\",\n \"ative\" : \"\",\n \"alize\" : \"al\",\n \"iciti\" : \"ic\",\n \"ical\" : \"ic\",\n \"ful\" : \"\",\n \"ness\" : \"\"\n },\n\n c = \"[^aeiou]\", // consonant\n v = \"[aeiouy]\", // vowel\n C = c + \"[^aeiouy]*\", // consonant sequence\n V = v + \"[aeiou]*\", // vowel sequence\n\n mgr0 = \"^(\" + C + \")?\" + V + C, // [C]VC... is m>0\n meq1 = \"^(\" + C + \")?\" + V + C + \"(\" + V + \")?$\", // [C]VC[V] is m=1\n mgr1 = \"^(\" + C + \")?\" + V + C + V + C, // [C]VCVC... is m>1\n s_v = \"^(\" + C + \")?\" + v; // vowel in stem\n\n var re_mgr0 = new RegExp(mgr0);\n var re_mgr1 = new RegExp(mgr1);\n var re_meq1 = new RegExp(meq1);\n var re_s_v = new RegExp(s_v);\n\n var re_1a = /^(.+?)(ss|i)es$/;\n var re2_1a = /^(.+?)([^s])s$/;\n var re_1b = /^(.+?)eed$/;\n var re2_1b = /^(.+?)(ed|ing)$/;\n var re_1b_2 = /.$/;\n var re2_1b_2 = /(at|bl|iz)$/;\n var re3_1b_2 = new RegExp(\"([^aeiouylsz])\\\\1$\");\n var re4_1b_2 = new RegExp(\"^\" + C + v + \"[^aeiouwxy]$\");\n\n var re_1c = /^(.+?[^aeiou])y$/;\n var re_2 = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;\n\n var re_3 = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;\n\n var re_4 = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;\n var re2_4 = /^(.+?)(s|t)(ion)$/;\n\n var re_5 = /^(.+?)e$/;\n var re_5_1 = /ll$/;\n var re3_5 = new RegExp(\"^\" + C + v + \"[^aeiouwxy]$\");\n\n var porterStemmer = function porterStemmer(w) {\n var stem,\n suffix,\n firstch,\n re,\n re2,\n re3,\n re4;\n\n if (w.length < 3) { return w; }\n\n firstch = w.substr(0,1);\n if (firstch == \"y\") {\n w = firstch.toUpperCase() + w.substr(1);\n }\n\n // Step 1a\n re = re_1a\n re2 = re2_1a;\n\n if (re.test(w)) { w = w.replace(re,\"$1$2\"); }\n else if (re2.test(w)) { w = w.replace(re2,\"$1$2\"); }\n\n // Step 1b\n re = re_1b;\n re2 = re2_1b;\n if (re.test(w)) {\n var fp = re.exec(w);\n re = re_mgr0;\n if (re.test(fp[1])) {\n re = re_1b_2;\n w = w.replace(re,\"\");\n }\n } else if (re2.test(w)) {\n var fp = re2.exec(w);\n stem = fp[1];\n re2 = re_s_v;\n if (re2.test(stem)) {\n w = stem;\n re2 = re2_1b_2;\n re3 = re3_1b_2;\n re4 = re4_1b_2;\n if (re2.test(w)) { w = w + \"e\"; }\n else if (re3.test(w)) { re = re_1b_2; w = w.replace(re,\"\"); }\n else if (re4.test(w)) { w = w + \"e\"; }\n }\n }\n\n // Step 1c - replace suffix y or Y by i if preceded by a non-vowel which is not the first letter of the word (so cry -> cri, by -> by, say -> say)\n re = re_1c;\n if (re.test(w)) {\n var fp = re.exec(w);\n stem = fp[1];\n w = stem + \"i\";\n }\n\n // Step 2\n re = re_2;\n if (re.test(w)) {\n var fp = re.exec(w);\n stem = fp[1];\n suffix = fp[2];\n re = re_mgr0;\n if (re.test(stem)) {\n w = stem + step2list[suffix];\n }\n }\n\n // Step 3\n re = re_3;\n if (re.test(w)) {\n var fp = re.exec(w);\n stem = fp[1];\n suffix = fp[2];\n re = re_mgr0;\n if (re.test(stem)) {\n w = stem + step3list[suffix];\n }\n }\n\n // Step 4\n re = re_4;\n re2 = re2_4;\n if (re.test(w)) {\n var fp = re.exec(w);\n stem = fp[1];\n re = re_mgr1;\n if (re.test(stem)) {\n w = stem;\n }\n } else if (re2.test(w)) {\n var fp = re2.exec(w);\n stem = fp[1] + fp[2];\n re2 = re_mgr1;\n if (re2.test(stem)) {\n w = stem;\n }\n }\n\n // Step 5\n re = re_5;\n if (re.test(w)) {\n var fp = re.exec(w);\n stem = fp[1];\n re = re_mgr1;\n re2 = re_meq1;\n re3 = re3_5;\n if (re.test(stem) || (re2.test(stem) && !(re3.test(stem)))) {\n w = stem;\n }\n }\n\n re = re_5_1;\n re2 = re_mgr1;\n if (re.test(w) && re2.test(w)) {\n re = re_1b_2;\n w = w.replace(re,\"\");\n }\n\n // and turn initial Y back to y\n\n if (firstch == \"y\") {\n w = firstch.toLowerCase() + w.substr(1);\n }\n\n return w;\n };\n\n return function (token) {\n return token.update(porterStemmer);\n }\n})();\n\nlunr.Pipeline.registerFunction(lunr.stemmer, 'stemmer')\n/*!\n * lunr.stopWordFilter\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * lunr.generateStopWordFilter builds a stopWordFilter function from the provided\n * list of stop words.\n *\n * The built in lunr.stopWordFilter is built using this generator and can be used\n * to generate custom stopWordFilters for applications or non English languages.\n *\n * @function\n * @param {Array} token The token to pass through the filter\n * @returns {lunr.PipelineFunction}\n * @see lunr.Pipeline\n * @see lunr.stopWordFilter\n */\nlunr.generateStopWordFilter = function (stopWords) {\n var words = stopWords.reduce(function (memo, stopWord) {\n memo[stopWord] = stopWord\n return memo\n }, {})\n\n return function (token) {\n if (token && words[token.toString()] !== token.toString()) return token\n }\n}\n\n/**\n * lunr.stopWordFilter is an English language stop word list filter, any words\n * contained in the list will not be passed through the filter.\n *\n * This is intended to be used in the Pipeline. If the token does not pass the\n * filter then undefined will be returned.\n *\n * @function\n * @implements {lunr.PipelineFunction}\n * @params {lunr.Token} token - A token to check for being a stop word.\n * @returns {lunr.Token}\n * @see {@link lunr.Pipeline}\n */\nlunr.stopWordFilter = lunr.generateStopWordFilter([\n 'a',\n 'able',\n 'about',\n 'across',\n 'after',\n 'all',\n 'almost',\n 'also',\n 'am',\n 'among',\n 'an',\n 'and',\n 'any',\n 'are',\n 'as',\n 'at',\n 'be',\n 'because',\n 'been',\n 'but',\n 'by',\n 'can',\n 'cannot',\n 'could',\n 'dear',\n 'did',\n 'do',\n 'does',\n 'either',\n 'else',\n 'ever',\n 'every',\n 'for',\n 'from',\n 'get',\n 'got',\n 'had',\n 'has',\n 'have',\n 'he',\n 'her',\n 'hers',\n 'him',\n 'his',\n 'how',\n 'however',\n 'i',\n 'if',\n 'in',\n 'into',\n 'is',\n 'it',\n 'its',\n 'just',\n 'least',\n 'let',\n 'like',\n 'likely',\n 'may',\n 'me',\n 'might',\n 'most',\n 'must',\n 'my',\n 'neither',\n 'no',\n 'nor',\n 'not',\n 'of',\n 'off',\n 'often',\n 'on',\n 'only',\n 'or',\n 'other',\n 'our',\n 'own',\n 'rather',\n 'said',\n 'say',\n 'says',\n 'she',\n 'should',\n 'since',\n 'so',\n 'some',\n 'than',\n 'that',\n 'the',\n 'their',\n 'them',\n 'then',\n 'there',\n 'these',\n 'they',\n 'this',\n 'tis',\n 'to',\n 'too',\n 'twas',\n 'us',\n 'wants',\n 'was',\n 'we',\n 'were',\n 'what',\n 'when',\n 'where',\n 'which',\n 'while',\n 'who',\n 'whom',\n 'why',\n 'will',\n 'with',\n 'would',\n 'yet',\n 'you',\n 'your'\n])\n\nlunr.Pipeline.registerFunction(lunr.stopWordFilter, 'stopWordFilter')\n/*!\n * lunr.trimmer\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * lunr.trimmer is a pipeline function for trimming non word\n * characters from the beginning and end of tokens before they\n * enter the index.\n *\n * This implementation may not work correctly for non latin\n * characters and should either be removed or adapted for use\n * with languages with non-latin characters.\n *\n * @static\n * @implements {lunr.PipelineFunction}\n * @param {lunr.Token} token The token to pass through the filter\n * @returns {lunr.Token}\n * @see lunr.Pipeline\n */\nlunr.trimmer = function (token) {\n return token.update(function (s) {\n return s.replace(/^\\W+/, '').replace(/\\W+$/, '')\n })\n}\n\nlunr.Pipeline.registerFunction(lunr.trimmer, 'trimmer')\n/*!\n * lunr.TokenSet\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * A token set is used to store the unique list of all tokens\n * within an index. Token sets are also used to represent an\n * incoming query to the index, this query token set and index\n * token set are then intersected to find which tokens to look\n * up in the inverted index.\n *\n * A token set can hold multiple tokens, as in the case of the\n * index token set, or it can hold a single token as in the\n * case of a simple query token set.\n *\n * Additionally token sets are used to perform wildcard matching.\n * Leading, contained and trailing wildcards are supported, and\n * from this edit distance matching can also be provided.\n *\n * Token sets are implemented as a minimal finite state automata,\n * where both common prefixes and suffixes are shared between tokens.\n * This helps to reduce the space used for storing the token set.\n *\n * @constructor\n */\nlunr.TokenSet = function () {\n this.final = false\n this.edges = {}\n this.id = lunr.TokenSet._nextId\n lunr.TokenSet._nextId += 1\n}\n\n/**\n * Keeps track of the next, auto increment, identifier to assign\n * to a new tokenSet.\n *\n * TokenSets require a unique identifier to be correctly minimised.\n *\n * @private\n */\nlunr.TokenSet._nextId = 1\n\n/**\n * Creates a TokenSet instance from the given sorted array of words.\n *\n * @param {String[]} arr - A sorted array of strings to create the set from.\n * @returns {lunr.TokenSet}\n * @throws Will throw an error if the input array is not sorted.\n */\nlunr.TokenSet.fromArray = function (arr) {\n var builder = new lunr.TokenSet.Builder\n\n for (var i = 0, len = arr.length; i < len; i++) {\n builder.insert(arr[i])\n }\n\n builder.finish()\n return builder.root\n}\n\n/**\n * Creates a token set from a query clause.\n *\n * @private\n * @param {Object} clause - A single clause from lunr.Query.\n * @param {string} clause.term - The query clause term.\n * @param {number} [clause.editDistance] - The optional edit distance for the term.\n * @returns {lunr.TokenSet}\n */\nlunr.TokenSet.fromClause = function (clause) {\n if ('editDistance' in clause) {\n return lunr.TokenSet.fromFuzzyString(clause.term, clause.editDistance)\n } else {\n return lunr.TokenSet.fromString(clause.term)\n }\n}\n\n/**\n * Creates a token set representing a single string with a specified\n * edit distance.\n *\n * Insertions, deletions, substitutions and transpositions are each\n * treated as an edit distance of 1.\n *\n * Increasing the allowed edit distance will have a dramatic impact\n * on the performance of both creating and intersecting these TokenSets.\n * It is advised to keep the edit distance less than 3.\n *\n * @param {string} str - The string to create the token set from.\n * @param {number} editDistance - The allowed edit distance to match.\n * @returns {lunr.Vector}\n */\nlunr.TokenSet.fromFuzzyString = function (str, editDistance) {\n var root = new lunr.TokenSet\n\n var stack = [{\n node: root,\n editsRemaining: editDistance,\n str: str\n }]\n\n while (stack.length) {\n var frame = stack.pop()\n\n // no edit\n if (frame.str.length > 0) {\n var char = frame.str.charAt(0),\n noEditNode\n\n if (char in frame.node.edges) {\n noEditNode = frame.node.edges[char]\n } else {\n noEditNode = new lunr.TokenSet\n frame.node.edges[char] = noEditNode\n }\n\n if (frame.str.length == 1) {\n noEditNode.final = true\n }\n\n stack.push({\n node: noEditNode,\n editsRemaining: frame.editsRemaining,\n str: frame.str.slice(1)\n })\n }\n\n if (frame.editsRemaining == 0) {\n continue\n }\n\n // insertion\n if (\"*\" in frame.node.edges) {\n var insertionNode = frame.node.edges[\"*\"]\n } else {\n var insertionNode = new lunr.TokenSet\n frame.node.edges[\"*\"] = insertionNode\n }\n\n if (frame.str.length == 0) {\n insertionNode.final = true\n }\n\n stack.push({\n node: insertionNode,\n editsRemaining: frame.editsRemaining - 1,\n str: frame.str\n })\n\n // deletion\n // can only do a deletion if we have enough edits remaining\n // and if there are characters left to delete in the string\n if (frame.str.length > 1) {\n stack.push({\n node: frame.node,\n editsRemaining: frame.editsRemaining - 1,\n str: frame.str.slice(1)\n })\n }\n\n // deletion\n // just removing the last character from the str\n if (frame.str.length == 1) {\n frame.node.final = true\n }\n\n // substitution\n // can only do a substitution if we have enough edits remaining\n // and if there are characters left to substitute\n if (frame.str.length >= 1) {\n if (\"*\" in frame.node.edges) {\n var substitutionNode = frame.node.edges[\"*\"]\n } else {\n var substitutionNode = new lunr.TokenSet\n frame.node.edges[\"*\"] = substitutionNode\n }\n\n if (frame.str.length == 1) {\n substitutionNode.final = true\n }\n\n stack.push({\n node: substitutionNode,\n editsRemaining: frame.editsRemaining - 1,\n str: frame.str.slice(1)\n })\n }\n\n // transposition\n // can only do a transposition if there are edits remaining\n // and there are enough characters to transpose\n if (frame.str.length > 1) {\n var charA = frame.str.charAt(0),\n charB = frame.str.charAt(1),\n transposeNode\n\n if (charB in frame.node.edges) {\n transposeNode = frame.node.edges[charB]\n } else {\n transposeNode = new lunr.TokenSet\n frame.node.edges[charB] = transposeNode\n }\n\n if (frame.str.length == 1) {\n transposeNode.final = true\n }\n\n stack.push({\n node: transposeNode,\n editsRemaining: frame.editsRemaining - 1,\n str: charA + frame.str.slice(2)\n })\n }\n }\n\n return root\n}\n\n/**\n * Creates a TokenSet from a string.\n *\n * The string may contain one or more wildcard characters (*)\n * that will allow wildcard matching when intersecting with\n * another TokenSet.\n *\n * @param {string} str - The string to create a TokenSet from.\n * @returns {lunr.TokenSet}\n */\nlunr.TokenSet.fromString = function (str) {\n var node = new lunr.TokenSet,\n root = node\n\n /*\n * Iterates through all characters within the passed string\n * appending a node for each character.\n *\n * When a wildcard character is found then a self\n * referencing edge is introduced to continually match\n * any number of any characters.\n */\n for (var i = 0, len = str.length; i < len; i++) {\n var char = str[i],\n final = (i == len - 1)\n\n if (char == \"*\") {\n node.edges[char] = node\n node.final = final\n\n } else {\n var next = new lunr.TokenSet\n next.final = final\n\n node.edges[char] = next\n node = next\n }\n }\n\n return root\n}\n\n/**\n * Converts this TokenSet into an array of strings\n * contained within the TokenSet.\n *\n * This is not intended to be used on a TokenSet that\n * contains wildcards, in these cases the results are\n * undefined and are likely to cause an infinite loop.\n *\n * @returns {string[]}\n */\nlunr.TokenSet.prototype.toArray = function () {\n var words = []\n\n var stack = [{\n prefix: \"\",\n node: this\n }]\n\n while (stack.length) {\n var frame = stack.pop(),\n edges = Object.keys(frame.node.edges),\n len = edges.length\n\n if (frame.node.final) {\n /* In Safari, at this point the prefix is sometimes corrupted, see:\n * https://github.com/olivernn/lunr.js/issues/279 Calling any\n * String.prototype method forces Safari to \"cast\" this string to what\n * it's supposed to be, fixing the bug. */\n frame.prefix.charAt(0)\n words.push(frame.prefix)\n }\n\n for (var i = 0; i < len; i++) {\n var edge = edges[i]\n\n stack.push({\n prefix: frame.prefix.concat(edge),\n node: frame.node.edges[edge]\n })\n }\n }\n\n return words\n}\n\n/**\n * Generates a string representation of a TokenSet.\n *\n * This is intended to allow TokenSets to be used as keys\n * in objects, largely to aid the construction and minimisation\n * of a TokenSet. As such it is not designed to be a human\n * friendly representation of the TokenSet.\n *\n * @returns {string}\n */\nlunr.TokenSet.prototype.toString = function () {\n // NOTE: Using Object.keys here as this.edges is very likely\n // to enter 'hash-mode' with many keys being added\n //\n // avoiding a for-in loop here as it leads to the function\n // being de-optimised (at least in V8). From some simple\n // benchmarks the performance is comparable, but allowing\n // V8 to optimize may mean easy performance wins in the future.\n\n if (this._str) {\n return this._str\n }\n\n var str = this.final ? '1' : '0',\n labels = Object.keys(this.edges).sort(),\n len = labels.length\n\n for (var i = 0; i < len; i++) {\n var label = labels[i],\n node = this.edges[label]\n\n str = str + label + node.id\n }\n\n return str\n}\n\n/**\n * Returns a new TokenSet that is the intersection of\n * this TokenSet and the passed TokenSet.\n *\n * This intersection will take into account any wildcards\n * contained within the TokenSet.\n *\n * @param {lunr.TokenSet} b - An other TokenSet to intersect with.\n * @returns {lunr.TokenSet}\n */\nlunr.TokenSet.prototype.intersect = function (b) {\n var output = new lunr.TokenSet,\n frame = undefined\n\n var stack = [{\n qNode: b,\n output: output,\n node: this\n }]\n\n while (stack.length) {\n frame = stack.pop()\n\n // NOTE: As with the #toString method, we are using\n // Object.keys and a for loop instead of a for-in loop\n // as both of these objects enter 'hash' mode, causing\n // the function to be de-optimised in V8\n var qEdges = Object.keys(frame.qNode.edges),\n qLen = qEdges.length,\n nEdges = Object.keys(frame.node.edges),\n nLen = nEdges.length\n\n for (var q = 0; q < qLen; q++) {\n var qEdge = qEdges[q]\n\n for (var n = 0; n < nLen; n++) {\n var nEdge = nEdges[n]\n\n if (nEdge == qEdge || qEdge == '*') {\n var node = frame.node.edges[nEdge],\n qNode = frame.qNode.edges[qEdge],\n final = node.final && qNode.final,\n next = undefined\n\n if (nEdge in frame.output.edges) {\n // an edge already exists for this character\n // no need to create a new node, just set the finality\n // bit unless this node is already final\n next = frame.output.edges[nEdge]\n next.final = next.final || final\n\n } else {\n // no edge exists yet, must create one\n // set the finality bit and insert it\n // into the output\n next = new lunr.TokenSet\n next.final = final\n frame.output.edges[nEdge] = next\n }\n\n stack.push({\n qNode: qNode,\n output: next,\n node: node\n })\n }\n }\n }\n }\n\n return output\n}\nlunr.TokenSet.Builder = function () {\n this.previousWord = \"\"\n this.root = new lunr.TokenSet\n this.uncheckedNodes = []\n this.minimizedNodes = {}\n}\n\nlunr.TokenSet.Builder.prototype.insert = function (word) {\n var node,\n commonPrefix = 0\n\n if (word < this.previousWord) {\n throw new Error (\"Out of order word insertion\")\n }\n\n for (var i = 0; i < word.length && i < this.previousWord.length; i++) {\n if (word[i] != this.previousWord[i]) break\n commonPrefix++\n }\n\n this.minimize(commonPrefix)\n\n if (this.uncheckedNodes.length == 0) {\n node = this.root\n } else {\n node = this.uncheckedNodes[this.uncheckedNodes.length - 1].child\n }\n\n for (var i = commonPrefix; i < word.length; i++) {\n var nextNode = new lunr.TokenSet,\n char = word[i]\n\n node.edges[char] = nextNode\n\n this.uncheckedNodes.push({\n parent: node,\n char: char,\n child: nextNode\n })\n\n node = nextNode\n }\n\n node.final = true\n this.previousWord = word\n}\n\nlunr.TokenSet.Builder.prototype.finish = function () {\n this.minimize(0)\n}\n\nlunr.TokenSet.Builder.prototype.minimize = function (downTo) {\n for (var i = this.uncheckedNodes.length - 1; i >= downTo; i--) {\n var node = this.uncheckedNodes[i],\n childKey = node.child.toString()\n\n if (childKey in this.minimizedNodes) {\n node.parent.edges[node.char] = this.minimizedNodes[childKey]\n } else {\n // Cache the key for this node since\n // we know it can't change anymore\n node.child._str = childKey\n\n this.minimizedNodes[childKey] = node.child\n }\n\n this.uncheckedNodes.pop()\n }\n}\n/*!\n * lunr.Index\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * An index contains the built index of all documents and provides a query interface\n * to the index.\n *\n * Usually instances of lunr.Index will not be created using this constructor, instead\n * lunr.Builder should be used to construct new indexes, or lunr.Index.load should be\n * used to load previously built and serialized indexes.\n *\n * @constructor\n * @param {Object} attrs - The attributes of the built search index.\n * @param {Object} attrs.invertedIndex - An index of term/field to document reference.\n * @param {Object} attrs.fieldVectors - Field vectors\n * @param {lunr.TokenSet} attrs.tokenSet - An set of all corpus tokens.\n * @param {string[]} attrs.fields - The names of indexed document fields.\n * @param {lunr.Pipeline} attrs.pipeline - The pipeline to use for search terms.\n */\nlunr.Index = function (attrs) {\n this.invertedIndex = attrs.invertedIndex\n this.fieldVectors = attrs.fieldVectors\n this.tokenSet = attrs.tokenSet\n this.fields = attrs.fields\n this.pipeline = attrs.pipeline\n}\n\n/**\n * A result contains details of a document matching a search query.\n * @typedef {Object} lunr.Index~Result\n * @property {string} ref - The reference of the document this result represents.\n * @property {number} score - A number between 0 and 1 representing how similar this document is to the query.\n * @property {lunr.MatchData} matchData - Contains metadata about this match including which term(s) caused the match.\n */\n\n/**\n * Although lunr provides the ability to create queries using lunr.Query, it also provides a simple\n * query language which itself is parsed into an instance of lunr.Query.\n *\n * For programmatically building queries it is advised to directly use lunr.Query, the query language\n * is best used for human entered text rather than program generated text.\n *\n * At its simplest queries can just be a single term, e.g. `hello`, multiple terms are also supported\n * and will be combined with OR, e.g `hello world` will match documents that contain either 'hello'\n * or 'world', though those that contain both will rank higher in the results.\n *\n * Wildcards can be included in terms to match one or more unspecified characters, these wildcards can\n * be inserted anywhere within the term, and more than one wildcard can exist in a single term. Adding\n * wildcards will increase the number of documents that will be found but can also have a negative\n * impact on query performance, especially with wildcards at the beginning of a term.\n *\n * Terms can be restricted to specific fields, e.g. `title:hello`, only documents with the term\n * hello in the title field will match this query. Using a field not present in the index will lead\n * to an error being thrown.\n *\n * Modifiers can also be added to terms, lunr supports edit distance and boost modifiers on terms. A term\n * boost will make documents matching that term score higher, e.g. `foo^5`. Edit distance is also supported\n * to provide fuzzy matching, e.g. 'hello~2' will match documents with hello with an edit distance of 2.\n * Avoid large values for edit distance to improve query performance.\n *\n * Each term also supports a presence modifier. By default a term's presence in document is optional, however\n * this can be changed to either required or prohibited. For a term's presence to be required in a document the\n * term should be prefixed with a '+', e.g. `+foo bar` is a search for documents that must contain 'foo' and\n * optionally contain 'bar'. Conversely a leading '-' sets the terms presence to prohibited, i.e. it must not\n * appear in a document, e.g. `-foo bar` is a search for documents that do not contain 'foo' but may contain 'bar'.\n *\n * To escape special characters the backslash character '\\' can be used, this allows searches to include\n * characters that would normally be considered modifiers, e.g. `foo\\~2` will search for a term \"foo~2\" instead\n * of attempting to apply a boost of 2 to the search term \"foo\".\n *\n * @typedef {string} lunr.Index~QueryString\n * @example Simple single term query\n * hello\n * @example Multiple term query\n * hello world\n * @example term scoped to a field\n * title:hello\n * @example term with a boost of 10\n * hello^10\n * @example term with an edit distance of 2\n * hello~2\n * @example terms with presence modifiers\n * -foo +bar baz\n */\n\n/**\n * Performs a search against the index using lunr query syntax.\n *\n * Results will be returned sorted by their score, the most relevant results\n * will be returned first. For details on how the score is calculated, please see\n * the {@link https://lunrjs.com/guides/searching.html#scoring|guide}.\n *\n * For more programmatic querying use lunr.Index#query.\n *\n * @param {lunr.Index~QueryString} queryString - A string containing a lunr query.\n * @throws {lunr.QueryParseError} If the passed query string cannot be parsed.\n * @returns {lunr.Index~Result[]}\n */\nlunr.Index.prototype.search = function (queryString) {\n return this.query(function (query) {\n var parser = new lunr.QueryParser(queryString, query)\n parser.parse()\n })\n}\n\n/**\n * A query builder callback provides a query object to be used to express\n * the query to perform on the index.\n *\n * @callback lunr.Index~queryBuilder\n * @param {lunr.Query} query - The query object to build up.\n * @this lunr.Query\n */\n\n/**\n * Performs a query against the index using the yielded lunr.Query object.\n *\n * If performing programmatic queries against the index, this method is preferred\n * over lunr.Index#search so as to avoid the additional query parsing overhead.\n *\n * A query object is yielded to the supplied function which should be used to\n * express the query to be run against the index.\n *\n * Note that although this function takes a callback parameter it is _not_ an\n * asynchronous operation, the callback is just yielded a query object to be\n * customized.\n *\n * @param {lunr.Index~queryBuilder} fn - A function that is used to build the query.\n * @returns {lunr.Index~Result[]}\n */\nlunr.Index.prototype.query = function (fn) {\n // for each query clause\n // * process terms\n // * expand terms from token set\n // * find matching documents and metadata\n // * get document vectors\n // * score documents\n\n var query = new lunr.Query(this.fields),\n matchingFields = Object.create(null),\n queryVectors = Object.create(null),\n termFieldCache = Object.create(null),\n requiredMatches = Object.create(null),\n prohibitedMatches = Object.create(null)\n\n /*\n * To support field level boosts a query vector is created per\n * field. An empty vector is eagerly created to support negated\n * queries.\n */\n for (var i = 0; i < this.fields.length; i++) {\n queryVectors[this.fields[i]] = new lunr.Vector\n }\n\n fn.call(query, query)\n\n for (var i = 0; i < query.clauses.length; i++) {\n /*\n * Unless the pipeline has been disabled for this term, which is\n * the case for terms with wildcards, we need to pass the clause\n * term through the search pipeline. A pipeline returns an array\n * of processed terms. Pipeline functions may expand the passed\n * term, which means we may end up performing multiple index lookups\n * for a single query term.\n */\n var clause = query.clauses[i],\n terms = null,\n clauseMatches = lunr.Set.empty\n\n if (clause.usePipeline) {\n terms = this.pipeline.runString(clause.term, {\n fields: clause.fields\n })\n } else {\n terms = [clause.term]\n }\n\n for (var m = 0; m < terms.length; m++) {\n var term = terms[m]\n\n /*\n * Each term returned from the pipeline needs to use the same query\n * clause object, e.g. the same boost and or edit distance. The\n * simplest way to do this is to re-use the clause object but mutate\n * its term property.\n */\n clause.term = term\n\n /*\n * From the term in the clause we create a token set which will then\n * be used to intersect the indexes token set to get a list of terms\n * to lookup in the inverted index\n */\n var termTokenSet = lunr.TokenSet.fromClause(clause),\n expandedTerms = this.tokenSet.intersect(termTokenSet).toArray()\n\n /*\n * If a term marked as required does not exist in the tokenSet it is\n * impossible for the search to return any matches. We set all the field\n * scoped required matches set to empty and stop examining any further\n * clauses.\n */\n if (expandedTerms.length === 0 && clause.presence === lunr.Query.presence.REQUIRED) {\n for (var k = 0; k < clause.fields.length; k++) {\n var field = clause.fields[k]\n requiredMatches[field] = lunr.Set.empty\n }\n\n break\n }\n\n for (var j = 0; j < expandedTerms.length; j++) {\n /*\n * For each term get the posting and termIndex, this is required for\n * building the query vector.\n */\n var expandedTerm = expandedTerms[j],\n posting = this.invertedIndex[expandedTerm],\n termIndex = posting._index\n\n for (var k = 0; k < clause.fields.length; k++) {\n /*\n * For each field that this query term is scoped by (by default\n * all fields are in scope) we need to get all the document refs\n * that have this term in that field.\n *\n * The posting is the entry in the invertedIndex for the matching\n * term from above.\n */\n var field = clause.fields[k],\n fieldPosting = posting[field],\n matchingDocumentRefs = Object.keys(fieldPosting),\n termField = expandedTerm + \"/\" + field,\n matchingDocumentsSet = new lunr.Set(matchingDocumentRefs)\n\n /*\n * if the presence of this term is required ensure that the matching\n * documents are added to the set of required matches for this clause.\n *\n */\n if (clause.presence == lunr.Query.presence.REQUIRED) {\n clauseMatches = clauseMatches.union(matchingDocumentsSet)\n\n if (requiredMatches[field] === undefined) {\n requiredMatches[field] = lunr.Set.complete\n }\n }\n\n /*\n * if the presence of this term is prohibited ensure that the matching\n * documents are added to the set of prohibited matches for this field,\n * creating that set if it does not yet exist.\n */\n if (clause.presence == lunr.Query.presence.PROHIBITED) {\n if (prohibitedMatches[field] === undefined) {\n prohibitedMatches[field] = lunr.Set.empty\n }\n\n prohibitedMatches[field] = prohibitedMatches[field].union(matchingDocumentsSet)\n\n /*\n * Prohibited matches should not be part of the query vector used for\n * similarity scoring and no metadata should be extracted so we continue\n * to the next field\n */\n continue\n }\n\n /*\n * The query field vector is populated using the termIndex found for\n * the term and a unit value with the appropriate boost applied.\n * Using upsert because there could already be an entry in the vector\n * for the term we are working with. In that case we just add the scores\n * together.\n */\n queryVectors[field].upsert(termIndex, clause.boost, function (a, b) { return a + b })\n\n /**\n * If we've already seen this term, field combo then we've already collected\n * the matching documents and metadata, no need to go through all that again\n */\n if (termFieldCache[termField]) {\n continue\n }\n\n for (var l = 0; l < matchingDocumentRefs.length; l++) {\n /*\n * All metadata for this term/field/document triple\n * are then extracted and collected into an instance\n * of lunr.MatchData ready to be returned in the query\n * results\n */\n var matchingDocumentRef = matchingDocumentRefs[l],\n matchingFieldRef = new lunr.FieldRef (matchingDocumentRef, field),\n metadata = fieldPosting[matchingDocumentRef],\n fieldMatch\n\n if ((fieldMatch = matchingFields[matchingFieldRef]) === undefined) {\n matchingFields[matchingFieldRef] = new lunr.MatchData (expandedTerm, field, metadata)\n } else {\n fieldMatch.add(expandedTerm, field, metadata)\n }\n\n }\n\n termFieldCache[termField] = true\n }\n }\n }\n\n /**\n * If the presence was required we need to update the requiredMatches field sets.\n * We do this after all fields for the term have collected their matches because\n * the clause terms presence is required in _any_ of the fields not _all_ of the\n * fields.\n */\n if (clause.presence === lunr.Query.presence.REQUIRED) {\n for (var k = 0; k < clause.fields.length; k++) {\n var field = clause.fields[k]\n requiredMatches[field] = requiredMatches[field].intersect(clauseMatches)\n }\n }\n }\n\n /**\n * Need to combine the field scoped required and prohibited\n * matching documents into a global set of required and prohibited\n * matches\n */\n var allRequiredMatches = lunr.Set.complete,\n allProhibitedMatches = lunr.Set.empty\n\n for (var i = 0; i < this.fields.length; i++) {\n var field = this.fields[i]\n\n if (requiredMatches[field]) {\n allRequiredMatches = allRequiredMatches.intersect(requiredMatches[field])\n }\n\n if (prohibitedMatches[field]) {\n allProhibitedMatches = allProhibitedMatches.union(prohibitedMatches[field])\n }\n }\n\n var matchingFieldRefs = Object.keys(matchingFields),\n results = [],\n matches = Object.create(null)\n\n /*\n * If the query is negated (contains only prohibited terms)\n * we need to get _all_ fieldRefs currently existing in the\n * index. This is only done when we know that the query is\n * entirely prohibited terms to avoid any cost of getting all\n * fieldRefs unnecessarily.\n *\n * Additionally, blank MatchData must be created to correctly\n * populate the results.\n */\n if (query.isNegated()) {\n matchingFieldRefs = Object.keys(this.fieldVectors)\n\n for (var i = 0; i < matchingFieldRefs.length; i++) {\n var matchingFieldRef = matchingFieldRefs[i]\n var fieldRef = lunr.FieldRef.fromString(matchingFieldRef)\n matchingFields[matchingFieldRef] = new lunr.MatchData\n }\n }\n\n for (var i = 0; i < matchingFieldRefs.length; i++) {\n /*\n * Currently we have document fields that match the query, but we\n * need to return documents. The matchData and scores are combined\n * from multiple fields belonging to the same document.\n *\n * Scores are calculated by field, using the query vectors created\n * above, and combined into a final document score using addition.\n */\n var fieldRef = lunr.FieldRef.fromString(matchingFieldRefs[i]),\n docRef = fieldRef.docRef\n\n if (!allRequiredMatches.contains(docRef)) {\n continue\n }\n\n if (allProhibitedMatches.contains(docRef)) {\n continue\n }\n\n var fieldVector = this.fieldVectors[fieldRef],\n score = queryVectors[fieldRef.fieldName].similarity(fieldVector),\n docMatch\n\n if ((docMatch = matches[docRef]) !== undefined) {\n docMatch.score += score\n docMatch.matchData.combine(matchingFields[fieldRef])\n } else {\n var match = {\n ref: docRef,\n score: score,\n matchData: matchingFields[fieldRef]\n }\n matches[docRef] = match\n results.push(match)\n }\n }\n\n /*\n * Sort the results objects by score, highest first.\n */\n return results.sort(function (a, b) {\n return b.score - a.score\n })\n}\n\n/**\n * Prepares the index for JSON serialization.\n *\n * The schema for this JSON blob will be described in a\n * separate JSON schema file.\n *\n * @returns {Object}\n */\nlunr.Index.prototype.toJSON = function () {\n var invertedIndex = Object.keys(this.invertedIndex)\n .sort()\n .map(function (term) {\n return [term, this.invertedIndex[term]]\n }, this)\n\n var fieldVectors = Object.keys(this.fieldVectors)\n .map(function (ref) {\n return [ref, this.fieldVectors[ref].toJSON()]\n }, this)\n\n return {\n version: lunr.version,\n fields: this.fields,\n fieldVectors: fieldVectors,\n invertedIndex: invertedIndex,\n pipeline: this.pipeline.toJSON()\n }\n}\n\n/**\n * Loads a previously serialized lunr.Index\n *\n * @param {Object} serializedIndex - A previously serialized lunr.Index\n * @returns {lunr.Index}\n */\nlunr.Index.load = function (serializedIndex) {\n var attrs = {},\n fieldVectors = {},\n serializedVectors = serializedIndex.fieldVectors,\n invertedIndex = Object.create(null),\n serializedInvertedIndex = serializedIndex.invertedIndex,\n tokenSetBuilder = new lunr.TokenSet.Builder,\n pipeline = lunr.Pipeline.load(serializedIndex.pipeline)\n\n if (serializedIndex.version != lunr.version) {\n lunr.utils.warn(\"Version mismatch when loading serialised index. Current version of lunr '\" + lunr.version + \"' does not match serialized index '\" + serializedIndex.version + \"'\")\n }\n\n for (var i = 0; i < serializedVectors.length; i++) {\n var tuple = serializedVectors[i],\n ref = tuple[0],\n elements = tuple[1]\n\n fieldVectors[ref] = new lunr.Vector(elements)\n }\n\n for (var i = 0; i < serializedInvertedIndex.length; i++) {\n var tuple = serializedInvertedIndex[i],\n term = tuple[0],\n posting = tuple[1]\n\n tokenSetBuilder.insert(term)\n invertedIndex[term] = posting\n }\n\n tokenSetBuilder.finish()\n\n attrs.fields = serializedIndex.fields\n\n attrs.fieldVectors = fieldVectors\n attrs.invertedIndex = invertedIndex\n attrs.tokenSet = tokenSetBuilder.root\n attrs.pipeline = pipeline\n\n return new lunr.Index(attrs)\n}\n/*!\n * lunr.Builder\n * Copyright (C) 2020 Oliver Nightingale\n */\n\n/**\n * lunr.Builder performs indexing on a set of documents and\n * returns instances of lunr.Index ready for querying.\n *\n * All configuration of the index is done via the builder, the\n * fields to index, the document reference, the text processing\n * pipeline and document scoring parameters are all set on the\n * builder before indexing.\n *\n * @constructor\n * @property {string} _ref - Internal reference to the document reference field.\n * @property {string[]} _fields - Internal reference to the document fields to index.\n * @property {object} invertedIndex - The inverted index maps terms to document fields.\n * @property {object} documentTermFrequencies - Keeps track of document term frequencies.\n * @property {object} documentLengths - Keeps track of the length of documents added to the index.\n * @property {lunr.tokenizer} tokenizer - Function for splitting strings into tokens for indexing.\n * @property {lunr.Pipeline} pipeline - The pipeline performs text processing on tokens before indexing.\n * @property {lunr.Pipeline} searchPipeline - A pipeline for processing search terms before querying the index.\n * @property {number} documentCount - Keeps track of the total number of documents indexed.\n * @property {number} _b - A parameter to control field length normalization, setting this to 0 disabled normalization, 1 fully normalizes field lengths, the default value is 0.75.\n * @property {number} _k1 - A parameter to control how quickly an increase in term frequency results in term frequency saturation, the default value is 1.2.\n * @property {number} termIndex - A counter incremented for each unique term, used to identify a terms position in the vector space.\n * @property {array} metadataWhitelist - A list of metadata keys that have been whitelisted for entry in the index.\n */\nlunr.Builder = function () {\n this._ref = \"id\"\n this._fields = Object.create(null)\n this._documents = Object.create(null)\n this.invertedIndex = Object.create(null)\n this.fieldTermFrequencies = {}\n this.fieldLengths = {}\n this.tokenizer = lunr.tokenizer\n this.pipeline = new lunr.Pipeline\n this.searchPipeline = new lunr.Pipeline\n this.documentCount = 0\n this._b = 0.75\n this._k1 = 1.2\n this.termIndex = 0\n this.metadataWhitelist = []\n}\n\n/**\n * Sets the document field used as the document reference. Every document must have this field.\n * The type of this field in the document should be a string, if it is not a string it will be\n * coerced into a string by calling toString.\n *\n * The default ref is 'id'.\n *\n * The ref should _not_ be changed during indexing, it should be set before any documents are\n * added to the index. Changing it during indexing can lead to inconsistent results.\n *\n * @param {string} ref - The name of the reference field in the document.\n */\nlunr.Builder.prototype.ref = function (ref) {\n this._ref = ref\n}\n\n/**\n * A function that is used to extract a field from a document.\n *\n * Lunr expects a field to be at the top level of a document, if however the field\n * is deeply nested within a document an extractor function can be used to extract\n * the right field for indexing.\n *\n * @callback fieldExtractor\n * @param {object} doc - The document being added to the index.\n * @returns {?(string|object|object[])} obj - The object that will be indexed for this field.\n * @example Extracting a nested field\n * function (doc) { return doc.nested.field }\n */\n\n/**\n * Adds a field to the list of document fields that will be indexed. Every document being\n * indexed should have this field. Null values for this field in indexed documents will\n * not cause errors but will limit the chance of that document being retrieved by searches.\n *\n * All fields should be added before adding documents to the index. Adding fields after\n * a document has been indexed will have no effect on already indexed documents.\n *\n * Fields can be boosted at build time. This allows terms within that field to have more\n * importance when ranking search results. Use a field boost to specify that matches within\n * one field are more important than other fields.\n *\n * @param {string} fieldName - The name of a field to index in all documents.\n * @param {object} attributes - Optional attributes associated with this field.\n * @param {number} [attributes.boost=1] - Boost applied to all terms within this field.\n * @param {fieldExtractor} [attributes.extractor] - Function to extract a field from a document.\n * @throws {RangeError} fieldName cannot contain unsupported characters '/'\n */\nlunr.Builder.prototype.field = function (fieldName, attributes) {\n if (/\\//.test(fieldName)) {\n throw new RangeError (\"Field '\" + fieldName + \"' contains illegal character '/'\")\n }\n\n this._fields[fieldName] = attributes || {}\n}\n\n/**\n * A parameter to tune the amount of field length normalisation that is applied when\n * calculating relevance scores. A value of 0 will completely disable any normalisation\n * and a value of 1 will fully normalise field lengths. The default is 0.75. Values of b\n * will be clamped to the range 0 - 1.\n *\n * @param {number} number - The value to set for this tuning parameter.\n */\nlunr.Builder.prototype.b = function (number) {\n if (number < 0) {\n this._b = 0\n } else if (number > 1) {\n this._b = 1\n } else {\n this._b = number\n }\n}\n\n/**\n * A parameter that controls the speed at which a rise in term frequency results in term\n * frequency saturation. The default value is 1.2. Setting this to a higher value will give\n * slower saturation levels, a lower value will result in quicker saturation.\n *\n * @param {number} number - The value to set for this tuning parameter.\n */\nlunr.Builder.prototype.k1 = function (number) {\n this._k1 = number\n}\n\n/**\n * Adds a document to the index.\n *\n * Before adding fields to the index the index should have been fully setup, with the document\n * ref and all fields to index already having been specified.\n *\n * The document must have a field name as specified by the ref (by default this is 'id') and\n * it should have all fields defined for indexing, though null or undefined values will not\n * cause errors.\n *\n * Entire documents can be boosted at build time. Applying a boost to a document indicates that\n * this document should rank higher in search results than other documents.\n *\n * @param {object} doc - The document to add to the index.\n * @param {object} attributes - Optional attributes associated with this document.\n * @param {number} [attributes.boost=1] - Boost applied to all terms within this document.\n */\nlunr.Builder.prototype.add = function (doc, attributes) {\n var docRef = doc[this._ref],\n fields = Object.keys(this._fields)\n\n this._documents[docRef] = attributes || {}\n this.documentCount += 1\n\n for (var i = 0; i < fields.length; i++) {\n var fieldName = fields[i],\n extractor = this._fields[fieldName].extractor,\n field = extractor ? extractor(doc) : doc[fieldName],\n tokens = this.tokenizer(field, {\n fields: [fieldName]\n }),\n terms = this.pipeline.run(tokens),\n fieldRef = new lunr.FieldRef (docRef, fieldName),\n fieldTerms = Object.create(null)\n\n this.fieldTermFrequencies[fieldRef] = fieldTerms\n this.fieldLengths[fieldRef] = 0\n\n // store the length of this field for this document\n this.fieldLengths[fieldRef] += terms.length\n\n // calculate term frequencies for this field\n for (var j = 0; j < terms.length; j++) {\n var term = terms[j]\n\n if (fieldTerms[term] == undefined) {\n fieldTerms[term] = 0\n }\n\n fieldTerms[term] += 1\n\n // add to inverted index\n // create an initial posting if one doesn't exist\n if (this.invertedIndex[term] == undefined) {\n var posting = Object.create(null)\n posting[\"_index\"] = this.termIndex\n this.termIndex += 1\n\n for (var k = 0; k < fields.length; k++) {\n posting[fields[k]] = Object.create(null)\n }\n\n this.invertedIndex[term] = posting\n }\n\n // add an entry for this term/fieldName/docRef to the invertedIndex\n if (this.invertedIndex[term][fieldName][docRef] == undefined) {\n this.invertedIndex[term][fieldName][docRef] = Object.create(null)\n }\n\n // store all whitelisted metadata about this token in the\n // inverted index\n for (var l = 0; l < this.metadataWhitelist.length; l++) {\n var metadataKey = this.metadataWhitelist[l],\n metadata = term.metadata[metadataKey]\n\n if (this.invertedIndex[term][fieldName][docRef][metadataKey] == undefined) {\n this.invertedIndex[term][fieldName][docRef][metadataKey] = []\n }\n\n this.invertedIndex[term][fieldName][docRef][metadataKey].push(metadata)\n }\n }\n\n }\n}\n\n/**\n * Calculates the average document length for this index\n *\n * @private\n */\nlunr.Builder.prototype.calculateAverageFieldLengths = function () {\n\n var fieldRefs = Object.keys(this.fieldLengths),\n numberOfFields = fieldRefs.length,\n accumulator = {},\n documentsWithField = {}\n\n for (var i = 0; i < numberOfFields; i++) {\n var fieldRef = lunr.FieldRef.fromString(fieldRefs[i]),\n field = fieldRef.fieldName\n\n documentsWithField[field] || (documentsWithField[field] = 0)\n documentsWithField[field] += 1\n\n accumulator[field] || (accumulator[field] = 0)\n accumulator[field] += this.fieldLengths[fieldRef]\n }\n\n var fields = Object.keys(this._fields)\n\n for (var i = 0; i < fields.length; i++) {\n var fieldName = fields[i]\n accumulator[fieldName] = accumulator[fieldName] / documentsWithField[fieldName]\n }\n\n this.averageFieldLength = accumulator\n}\n\n/**\n * Builds a vector space model of every document using lunr.Vector\n *\n * @private\n */\nlunr.Builder.prototype.createFieldVectors = function () {\n var fieldVectors = {},\n fieldRefs = Object.keys(this.fieldTermFrequencies),\n fieldRefsLength = fieldRefs.length,\n termIdfCache = Object.create(null)\n\n for (var i = 0; i < fieldRefsLength; i++) {\n var fieldRef = lunr.FieldRef.fromString(fieldRefs[i]),\n fieldName = fieldRef.fieldName,\n fieldLength = this.fieldLengths[fieldRef],\n fieldVector = new lunr.Vector,\n termFrequencies = this.fieldTermFrequencies[fieldRef],\n terms = Object.keys(termFrequencies),\n termsLength = terms.length\n\n\n var fieldBoost = this._fields[fieldName].boost || 1,\n docBoost = this._documents[fieldRef.docRef].boost || 1\n\n for (var j = 0; j < termsLength; j++) {\n var term = terms[j],\n tf = termFrequencies[term],\n termIndex = this.invertedIndex[term]._index,\n idf, score, scoreWithPrecision\n\n if (termIdfCache[term] === undefined) {\n idf = lunr.idf(this.invertedIndex[term], this.documentCount)\n termIdfCache[term] = idf\n } else {\n idf = termIdfCache[term]\n }\n\n score = idf * ((this._k1 + 1) * tf) / (this._k1 * (1 - this._b + this._b * (fieldLength / this.averageFieldLength[fieldName])) + tf)\n score *= fieldBoost\n score *= docBoost\n scoreWithPrecision = Math.round(score * 1000) / 1000\n // Converts 1.23456789 to 1.234.\n // Reducing the precision so that the vectors take up less\n // space when serialised. Doing it now so that they behave\n // the same before and after serialisation. Also, this is\n // the fastest approach to reducing a number's precision in\n // JavaScript.\n\n fieldVector.insert(termIndex, scoreWithPrecision)\n }\n\n fieldVectors[fieldRef] = fieldVector\n }\n\n this.fieldVectors = fieldVectors\n}\n\n/**\n * Creates a token set of all tokens in the index using lunr.TokenSet\n *\n * @private\n */\nlunr.Builder.prototype.createTokenSet = function () {\n this.tokenSet = lunr.TokenSet.fromArray(\n Object.keys(this.invertedIndex).sort()\n )\n}\n\n/**\n * Builds the index, creating an instance of lunr.Index.\n *\n * This completes the indexing process and should only be called\n * once all documents have been added to the index.\n *\n * @returns {lunr.Index}\n */\nlunr.Builder.prototype.build = function () {\n this.calculateAverageFieldLengths()\n this.createFieldVectors()\n this.createTokenSet()\n\n return new lunr.Index({\n invertedIndex: this.invertedIndex,\n fieldVectors: this.fieldVectors,\n tokenSet: this.tokenSet,\n fields: Object.keys(this._fields),\n pipeline: this.searchPipeline\n })\n}\n\n/**\n * Applies a plugin to the index builder.\n *\n * A plugin is a function that is called with the index builder as its context.\n * Plugins can be used to customise or extend the behaviour of the index\n * in some way. A plugin is just a function, that encapsulated the custom\n * behaviour that should be applied when building the index.\n *\n * The plugin function will be called with the index builder as its argument, additional\n * arguments can also be passed when calling use. The function will be called\n * with the index builder as its context.\n *\n * @param {Function} plugin The plugin to apply.\n */\nlunr.Builder.prototype.use = function (fn) {\n var args = Array.prototype.slice.call(arguments, 1)\n args.unshift(this)\n fn.apply(this, args)\n}\n/**\n * Contains and collects metadata about a matching document.\n * A single instance of lunr.MatchData is returned as part of every\n * lunr.Index~Result.\n *\n * @constructor\n * @param {string} term - The term this match data is associated with\n * @param {string} field - The field in which the term was found\n * @param {object} metadata - The metadata recorded about this term in this field\n * @property {object} metadata - A cloned collection of metadata associated with this document.\n * @see {@link lunr.Index~Result}\n */\nlunr.MatchData = function (term, field, metadata) {\n var clonedMetadata = Object.create(null),\n metadataKeys = Object.keys(metadata || {})\n\n // Cloning the metadata to prevent the original\n // being mutated during match data combination.\n // Metadata is kept in an array within the inverted\n // index so cloning the data can be done with\n // Array#slice\n for (var i = 0; i < metadataKeys.length; i++) {\n var key = metadataKeys[i]\n clonedMetadata[key] = metadata[key].slice()\n }\n\n this.metadata = Object.create(null)\n\n if (term !== undefined) {\n this.metadata[term] = Object.create(null)\n this.metadata[term][field] = clonedMetadata\n }\n}\n\n/**\n * An instance of lunr.MatchData will be created for every term that matches a\n * document. However only one instance is required in a lunr.Index~Result. This\n * method combines metadata from another instance of lunr.MatchData with this\n * objects metadata.\n *\n * @param {lunr.MatchData} otherMatchData - Another instance of match data to merge with this one.\n * @see {@link lunr.Index~Result}\n */\nlunr.MatchData.prototype.combine = function (otherMatchData) {\n var terms = Object.keys(otherMatchData.metadata)\n\n for (var i = 0; i < terms.length; i++) {\n var term = terms[i],\n fields = Object.keys(otherMatchData.metadata[term])\n\n if (this.metadata[term] == undefined) {\n this.metadata[term] = Object.create(null)\n }\n\n for (var j = 0; j < fields.length; j++) {\n var field = fields[j],\n keys = Object.keys(otherMatchData.metadata[term][field])\n\n if (this.metadata[term][field] == undefined) {\n this.metadata[term][field] = Object.create(null)\n }\n\n for (var k = 0; k < keys.length; k++) {\n var key = keys[k]\n\n if (this.metadata[term][field][key] == undefined) {\n this.metadata[term][field][key] = otherMatchData.metadata[term][field][key]\n } else {\n this.metadata[term][field][key] = this.metadata[term][field][key].concat(otherMatchData.metadata[term][field][key])\n }\n\n }\n }\n }\n}\n\n/**\n * Add metadata for a term/field pair to this instance of match data.\n *\n * @param {string} term - The term this match data is associated with\n * @param {string} field - The field in which the term was found\n * @param {object} metadata - The metadata recorded about this term in this field\n */\nlunr.MatchData.prototype.add = function (term, field, metadata) {\n if (!(term in this.metadata)) {\n this.metadata[term] = Object.create(null)\n this.metadata[term][field] = metadata\n return\n }\n\n if (!(field in this.metadata[term])) {\n this.metadata[term][field] = metadata\n return\n }\n\n var metadataKeys = Object.keys(metadata)\n\n for (var i = 0; i < metadataKeys.length; i++) {\n var key = metadataKeys[i]\n\n if (key in this.metadata[term][field]) {\n this.metadata[term][field][key] = this.metadata[term][field][key].concat(metadata[key])\n } else {\n this.metadata[term][field][key] = metadata[key]\n }\n }\n}\n/**\n * A lunr.Query provides a programmatic way of defining queries to be performed\n * against a {@link lunr.Index}.\n *\n * Prefer constructing a lunr.Query using the {@link lunr.Index#query} method\n * so the query object is pre-initialized with the right index fields.\n *\n * @constructor\n * @property {lunr.Query~Clause[]} clauses - An array of query clauses.\n * @property {string[]} allFields - An array of all available fields in a lunr.Index.\n */\nlunr.Query = function (allFields) {\n this.clauses = []\n this.allFields = allFields\n}\n\n/**\n * Constants for indicating what kind of automatic wildcard insertion will be used when constructing a query clause.\n *\n * This allows wildcards to be added to the beginning and end of a term without having to manually do any string\n * concatenation.\n *\n * The wildcard constants can be bitwise combined to select both leading and trailing wildcards.\n *\n * @constant\n * @default\n * @property {number} wildcard.NONE - The term will have no wildcards inserted, this is the default behaviour\n * @property {number} wildcard.LEADING - Prepend the term with a wildcard, unless a leading wildcard already exists\n * @property {number} wildcard.TRAILING - Append a wildcard to the term, unless a trailing wildcard already exists\n * @see lunr.Query~Clause\n * @see lunr.Query#clause\n * @see lunr.Query#term\n * @example query term with trailing wildcard\n * query.term('foo', { wildcard: lunr.Query.wildcard.TRAILING })\n * @example query term with leading and trailing wildcard\n * query.term('foo', {\n * wildcard: lunr.Query.wildcard.LEADING | lunr.Query.wildcard.TRAILING\n * })\n */\n\nlunr.Query.wildcard = new String (\"*\")\nlunr.Query.wildcard.NONE = 0\nlunr.Query.wildcard.LEADING = 1\nlunr.Query.wildcard.TRAILING = 2\n\n/**\n * Constants for indicating what kind of presence a term must have in matching documents.\n *\n * @constant\n * @enum {number}\n * @see lunr.Query~Clause\n * @see lunr.Query#clause\n * @see lunr.Query#term\n * @example query term with required presence\n * query.term('foo', { presence: lunr.Query.presence.REQUIRED })\n */\nlunr.Query.presence = {\n /**\n * Term's presence in a document is optional, this is the default value.\n */\n OPTIONAL: 1,\n\n /**\n * Term's presence in a document is required, documents that do not contain\n * this term will not be returned.\n */\n REQUIRED: 2,\n\n /**\n * Term's presence in a document is prohibited, documents that do contain\n * this term will not be returned.\n */\n PROHIBITED: 3\n}\n\n/**\n * A single clause in a {@link lunr.Query} contains a term and details on how to\n * match that term against a {@link lunr.Index}.\n *\n * @typedef {Object} lunr.Query~Clause\n * @property {string[]} fields - The fields in an index this clause should be matched against.\n * @property {number} [boost=1] - Any boost that should be applied when matching this clause.\n * @property {number} [editDistance] - Whether the term should have fuzzy matching applied, and how fuzzy the match should be.\n * @property {boolean} [usePipeline] - Whether the term should be passed through the search pipeline.\n * @property {number} [wildcard=lunr.Query.wildcard.NONE] - Whether the term should have wildcards appended or prepended.\n * @property {number} [presence=lunr.Query.presence.OPTIONAL] - The terms presence in any matching documents.\n */\n\n/**\n * Adds a {@link lunr.Query~Clause} to this query.\n *\n * Unless the clause contains the fields to be matched all fields will be matched. In addition\n * a default boost of 1 is applied to the clause.\n *\n * @param {lunr.Query~Clause} clause - The clause to add to this query.\n * @see lunr.Query~Clause\n * @returns {lunr.Query}\n */\nlunr.Query.prototype.clause = function (clause) {\n if (!('fields' in clause)) {\n clause.fields = this.allFields\n }\n\n if (!('boost' in clause)) {\n clause.boost = 1\n }\n\n if (!('usePipeline' in clause)) {\n clause.usePipeline = true\n }\n\n if (!('wildcard' in clause)) {\n clause.wildcard = lunr.Query.wildcard.NONE\n }\n\n if ((clause.wildcard & lunr.Query.wildcard.LEADING) && (clause.term.charAt(0) != lunr.Query.wildcard)) {\n clause.term = \"*\" + clause.term\n }\n\n if ((clause.wildcard & lunr.Query.wildcard.TRAILING) && (clause.term.slice(-1) != lunr.Query.wildcard)) {\n clause.term = \"\" + clause.term + \"*\"\n }\n\n if (!('presence' in clause)) {\n clause.presence = lunr.Query.presence.OPTIONAL\n }\n\n this.clauses.push(clause)\n\n return this\n}\n\n/**\n * A negated query is one in which every clause has a presence of\n * prohibited. These queries require some special processing to return\n * the expected results.\n *\n * @returns boolean\n */\nlunr.Query.prototype.isNegated = function () {\n for (var i = 0; i < this.clauses.length; i++) {\n if (this.clauses[i].presence != lunr.Query.presence.PROHIBITED) {\n return false\n }\n }\n\n return true\n}\n\n/**\n * Adds a term to the current query, under the covers this will create a {@link lunr.Query~Clause}\n * to the list of clauses that make up this query.\n *\n * The term is used as is, i.e. no tokenization will be performed by this method. Instead conversion\n * to a token or token-like string should be done before calling this method.\n *\n * The term will be converted to a string by calling `toString`. Multiple terms can be passed as an\n * array, each term in the array will share the same options.\n *\n * @param {object|object[]} term - The term(s) to add to the query.\n * @param {object} [options] - Any additional properties to add to the query clause.\n * @returns {lunr.Query}\n * @see lunr.Query#clause\n * @see lunr.Query~Clause\n * @example adding a single term to a query\n * query.term(\"foo\")\n * @example adding a single term to a query and specifying search fields, term boost and automatic trailing wildcard\n * query.term(\"foo\", {\n * fields: [\"title\"],\n * boost: 10,\n * wildcard: lunr.Query.wildcard.TRAILING\n * })\n * @example using lunr.tokenizer to convert a string to tokens before using them as terms\n * query.term(lunr.tokenizer(\"foo bar\"))\n */\nlunr.Query.prototype.term = function (term, options) {\n if (Array.isArray(term)) {\n term.forEach(function (t) { this.term(t, lunr.utils.clone(options)) }, this)\n return this\n }\n\n var clause = options || {}\n clause.term = term.toString()\n\n this.clause(clause)\n\n return this\n}\nlunr.QueryParseError = function (message, start, end) {\n this.name = \"QueryParseError\"\n this.message = message\n this.start = start\n this.end = end\n}\n\nlunr.QueryParseError.prototype = new Error\nlunr.QueryLexer = function (str) {\n this.lexemes = []\n this.str = str\n this.length = str.length\n this.pos = 0\n this.start = 0\n this.escapeCharPositions = []\n}\n\nlunr.QueryLexer.prototype.run = function () {\n var state = lunr.QueryLexer.lexText\n\n while (state) {\n state = state(this)\n }\n}\n\nlunr.QueryLexer.prototype.sliceString = function () {\n var subSlices = [],\n sliceStart = this.start,\n sliceEnd = this.pos\n\n for (var i = 0; i < this.escapeCharPositions.length; i++) {\n sliceEnd = this.escapeCharPositions[i]\n subSlices.push(this.str.slice(sliceStart, sliceEnd))\n sliceStart = sliceEnd + 1\n }\n\n subSlices.push(this.str.slice(sliceStart, this.pos))\n this.escapeCharPositions.length = 0\n\n return subSlices.join('')\n}\n\nlunr.QueryLexer.prototype.emit = function (type) {\n this.lexemes.push({\n type: type,\n str: this.sliceString(),\n start: this.start,\n end: this.pos\n })\n\n this.start = this.pos\n}\n\nlunr.QueryLexer.prototype.escapeCharacter = function () {\n this.escapeCharPositions.push(this.pos - 1)\n this.pos += 1\n}\n\nlunr.QueryLexer.prototype.next = function () {\n if (this.pos >= this.length) {\n return lunr.QueryLexer.EOS\n }\n\n var char = this.str.charAt(this.pos)\n this.pos += 1\n return char\n}\n\nlunr.QueryLexer.prototype.width = function () {\n return this.pos - this.start\n}\n\nlunr.QueryLexer.prototype.ignore = function () {\n if (this.start == this.pos) {\n this.pos += 1\n }\n\n this.start = this.pos\n}\n\nlunr.QueryLexer.prototype.backup = function () {\n this.pos -= 1\n}\n\nlunr.QueryLexer.prototype.acceptDigitRun = function () {\n var char, charCode\n\n do {\n char = this.next()\n charCode = char.charCodeAt(0)\n } while (charCode > 47 && charCode < 58)\n\n if (char != lunr.QueryLexer.EOS) {\n this.backup()\n }\n}\n\nlunr.QueryLexer.prototype.more = function () {\n return this.pos < this.length\n}\n\nlunr.QueryLexer.EOS = 'EOS'\nlunr.QueryLexer.FIELD = 'FIELD'\nlunr.QueryLexer.TERM = 'TERM'\nlunr.QueryLexer.EDIT_DISTANCE = 'EDIT_DISTANCE'\nlunr.QueryLexer.BOOST = 'BOOST'\nlunr.QueryLexer.PRESENCE = 'PRESENCE'\n\nlunr.QueryLexer.lexField = function (lexer) {\n lexer.backup()\n lexer.emit(lunr.QueryLexer.FIELD)\n lexer.ignore()\n return lunr.QueryLexer.lexText\n}\n\nlunr.QueryLexer.lexTerm = function (lexer) {\n if (lexer.width() > 1) {\n lexer.backup()\n lexer.emit(lunr.QueryLexer.TERM)\n }\n\n lexer.ignore()\n\n if (lexer.more()) {\n return lunr.QueryLexer.lexText\n }\n}\n\nlunr.QueryLexer.lexEditDistance = function (lexer) {\n lexer.ignore()\n lexer.acceptDigitRun()\n lexer.emit(lunr.QueryLexer.EDIT_DISTANCE)\n return lunr.QueryLexer.lexText\n}\n\nlunr.QueryLexer.lexBoost = function (lexer) {\n lexer.ignore()\n lexer.acceptDigitRun()\n lexer.emit(lunr.QueryLexer.BOOST)\n return lunr.QueryLexer.lexText\n}\n\nlunr.QueryLexer.lexEOS = function (lexer) {\n if (lexer.width() > 0) {\n lexer.emit(lunr.QueryLexer.TERM)\n }\n}\n\n// This matches the separator used when tokenising fields\n// within a document. These should match otherwise it is\n// not possible to search for some tokens within a document.\n//\n// It is possible for the user to change the separator on the\n// tokenizer so it _might_ clash with any other of the special\n// characters already used within the search string, e.g. :.\n//\n// This means that it is possible to change the separator in\n// such a way that makes some words unsearchable using a search\n// string.\nlunr.QueryLexer.termSeparator = lunr.tokenizer.separator\n\nlunr.QueryLexer.lexText = function (lexer) {\n while (true) {\n var char = lexer.next()\n\n if (char == lunr.QueryLexer.EOS) {\n return lunr.QueryLexer.lexEOS\n }\n\n // Escape character is '\\'\n if (char.charCodeAt(0) == 92) {\n lexer.escapeCharacter()\n continue\n }\n\n if (char == \":\") {\n return lunr.QueryLexer.lexField\n }\n\n if (char == \"~\") {\n lexer.backup()\n if (lexer.width() > 0) {\n lexer.emit(lunr.QueryLexer.TERM)\n }\n return lunr.QueryLexer.lexEditDistance\n }\n\n if (char == \"^\") {\n lexer.backup()\n if (lexer.width() > 0) {\n lexer.emit(lunr.QueryLexer.TERM)\n }\n return lunr.QueryLexer.lexBoost\n }\n\n // \"+\" indicates term presence is required\n // checking for length to ensure that only\n // leading \"+\" are considered\n if (char == \"+\" && lexer.width() === 1) {\n lexer.emit(lunr.QueryLexer.PRESENCE)\n return lunr.QueryLexer.lexText\n }\n\n // \"-\" indicates term presence is prohibited\n // checking for length to ensure that only\n // leading \"-\" are considered\n if (char == \"-\" && lexer.width() === 1) {\n lexer.emit(lunr.QueryLexer.PRESENCE)\n return lunr.QueryLexer.lexText\n }\n\n if (char.match(lunr.QueryLexer.termSeparator)) {\n return lunr.QueryLexer.lexTerm\n }\n }\n}\n\nlunr.QueryParser = function (str, query) {\n this.lexer = new lunr.QueryLexer (str)\n this.query = query\n this.currentClause = {}\n this.lexemeIdx = 0\n}\n\nlunr.QueryParser.prototype.parse = function () {\n this.lexer.run()\n this.lexemes = this.lexer.lexemes\n\n var state = lunr.QueryParser.parseClause\n\n while (state) {\n state = state(this)\n }\n\n return this.query\n}\n\nlunr.QueryParser.prototype.peekLexeme = function () {\n return this.lexemes[this.lexemeIdx]\n}\n\nlunr.QueryParser.prototype.consumeLexeme = function () {\n var lexeme = this.peekLexeme()\n this.lexemeIdx += 1\n return lexeme\n}\n\nlunr.QueryParser.prototype.nextClause = function () {\n var completedClause = this.currentClause\n this.query.clause(completedClause)\n this.currentClause = {}\n}\n\nlunr.QueryParser.parseClause = function (parser) {\n var lexeme = parser.peekLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n switch (lexeme.type) {\n case lunr.QueryLexer.PRESENCE:\n return lunr.QueryParser.parsePresence\n case lunr.QueryLexer.FIELD:\n return lunr.QueryParser.parseField\n case lunr.QueryLexer.TERM:\n return lunr.QueryParser.parseTerm\n default:\n var errorMessage = \"expected either a field or a term, found \" + lexeme.type\n\n if (lexeme.str.length >= 1) {\n errorMessage += \" with value '\" + lexeme.str + \"'\"\n }\n\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n}\n\nlunr.QueryParser.parsePresence = function (parser) {\n var lexeme = parser.consumeLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n switch (lexeme.str) {\n case \"-\":\n parser.currentClause.presence = lunr.Query.presence.PROHIBITED\n break\n case \"+\":\n parser.currentClause.presence = lunr.Query.presence.REQUIRED\n break\n default:\n var errorMessage = \"unrecognised presence operator'\" + lexeme.str + \"'\"\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n var nextLexeme = parser.peekLexeme()\n\n if (nextLexeme == undefined) {\n var errorMessage = \"expecting term or field, found nothing\"\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n switch (nextLexeme.type) {\n case lunr.QueryLexer.FIELD:\n return lunr.QueryParser.parseField\n case lunr.QueryLexer.TERM:\n return lunr.QueryParser.parseTerm\n default:\n var errorMessage = \"expecting term or field, found '\" + nextLexeme.type + \"'\"\n throw new lunr.QueryParseError (errorMessage, nextLexeme.start, nextLexeme.end)\n }\n}\n\nlunr.QueryParser.parseField = function (parser) {\n var lexeme = parser.consumeLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n if (parser.query.allFields.indexOf(lexeme.str) == -1) {\n var possibleFields = parser.query.allFields.map(function (f) { return \"'\" + f + \"'\" }).join(', '),\n errorMessage = \"unrecognised field '\" + lexeme.str + \"', possible fields: \" + possibleFields\n\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n parser.currentClause.fields = [lexeme.str]\n\n var nextLexeme = parser.peekLexeme()\n\n if (nextLexeme == undefined) {\n var errorMessage = \"expecting term, found nothing\"\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n switch (nextLexeme.type) {\n case lunr.QueryLexer.TERM:\n return lunr.QueryParser.parseTerm\n default:\n var errorMessage = \"expecting term, found '\" + nextLexeme.type + \"'\"\n throw new lunr.QueryParseError (errorMessage, nextLexeme.start, nextLexeme.end)\n }\n}\n\nlunr.QueryParser.parseTerm = function (parser) {\n var lexeme = parser.consumeLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n parser.currentClause.term = lexeme.str.toLowerCase()\n\n if (lexeme.str.indexOf(\"*\") != -1) {\n parser.currentClause.usePipeline = false\n }\n\n var nextLexeme = parser.peekLexeme()\n\n if (nextLexeme == undefined) {\n parser.nextClause()\n return\n }\n\n switch (nextLexeme.type) {\n case lunr.QueryLexer.TERM:\n parser.nextClause()\n return lunr.QueryParser.parseTerm\n case lunr.QueryLexer.FIELD:\n parser.nextClause()\n return lunr.QueryParser.parseField\n case lunr.QueryLexer.EDIT_DISTANCE:\n return lunr.QueryParser.parseEditDistance\n case lunr.QueryLexer.BOOST:\n return lunr.QueryParser.parseBoost\n case lunr.QueryLexer.PRESENCE:\n parser.nextClause()\n return lunr.QueryParser.parsePresence\n default:\n var errorMessage = \"Unexpected lexeme type '\" + nextLexeme.type + \"'\"\n throw new lunr.QueryParseError (errorMessage, nextLexeme.start, nextLexeme.end)\n }\n}\n\nlunr.QueryParser.parseEditDistance = function (parser) {\n var lexeme = parser.consumeLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n var editDistance = parseInt(lexeme.str, 10)\n\n if (isNaN(editDistance)) {\n var errorMessage = \"edit distance must be numeric\"\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n parser.currentClause.editDistance = editDistance\n\n var nextLexeme = parser.peekLexeme()\n\n if (nextLexeme == undefined) {\n parser.nextClause()\n return\n }\n\n switch (nextLexeme.type) {\n case lunr.QueryLexer.TERM:\n parser.nextClause()\n return lunr.QueryParser.parseTerm\n case lunr.QueryLexer.FIELD:\n parser.nextClause()\n return lunr.QueryParser.parseField\n case lunr.QueryLexer.EDIT_DISTANCE:\n return lunr.QueryParser.parseEditDistance\n case lunr.QueryLexer.BOOST:\n return lunr.QueryParser.parseBoost\n case lunr.QueryLexer.PRESENCE:\n parser.nextClause()\n return lunr.QueryParser.parsePresence\n default:\n var errorMessage = \"Unexpected lexeme type '\" + nextLexeme.type + \"'\"\n throw new lunr.QueryParseError (errorMessage, nextLexeme.start, nextLexeme.end)\n }\n}\n\nlunr.QueryParser.parseBoost = function (parser) {\n var lexeme = parser.consumeLexeme()\n\n if (lexeme == undefined) {\n return\n }\n\n var boost = parseInt(lexeme.str, 10)\n\n if (isNaN(boost)) {\n var errorMessage = \"boost must be numeric\"\n throw new lunr.QueryParseError (errorMessage, lexeme.start, lexeme.end)\n }\n\n parser.currentClause.boost = boost\n\n var nextLexeme = parser.peekLexeme()\n\n if (nextLexeme == undefined) {\n parser.nextClause()\n return\n }\n\n switch (nextLexeme.type) {\n case lunr.QueryLexer.TERM:\n parser.nextClause()\n return lunr.QueryParser.parseTerm\n case lunr.QueryLexer.FIELD:\n parser.nextClause()\n return lunr.QueryParser.parseField\n case lunr.QueryLexer.EDIT_DISTANCE:\n return lunr.QueryParser.parseEditDistance\n case lunr.QueryLexer.BOOST:\n return lunr.QueryParser.parseBoost\n case lunr.QueryLexer.PRESENCE:\n parser.nextClause()\n return lunr.QueryParser.parsePresence\n default:\n var errorMessage = \"Unexpected lexeme type '\" + nextLexeme.type + \"'\"\n throw new lunr.QueryParseError (errorMessage, nextLexeme.start, nextLexeme.end)\n }\n}\n\n /**\n * export the module via AMD, CommonJS or as a browser global\n * Export code from https://github.com/umdjs/umd/blob/master/returnExports.js\n */\n ;(function (root, factory) {\n if (typeof define === 'function' && define.amd) {\n // AMD. Register as an anonymous module.\n define(factory)\n } else if (typeof exports === 'object') {\n /**\n * Node. Does not work with strict CommonJS, but\n * only CommonJS-like enviroments that support module.exports,\n * like Node.\n */\n module.exports = factory()\n } else {\n // Browser globals (root is window)\n root.lunr = factory()\n }\n }(this, function () {\n /**\n * Just return a value to define the module export.\n * This example returns an object, but the module\n * can return a function as the exported value.\n */\n return lunr\n }))\n})();\n", "/*!\n * escape-html\n * Copyright(c) 2012-2013 TJ Holowaychuk\n * Copyright(c) 2015 Andreas Lubbe\n * Copyright(c) 2015 Tiancheng \"Timothy\" Gu\n * MIT Licensed\n */\n\n'use strict';\n\n/**\n * Module variables.\n * @private\n */\n\nvar matchHtmlRegExp = /[\"'&<>]/;\n\n/**\n * Module exports.\n * @public\n */\n\nmodule.exports = escapeHtml;\n\n/**\n * Escape special characters in the given string of html.\n *\n * @param {string} string The string to escape for inserting into HTML\n * @return {string}\n * @public\n */\n\nfunction escapeHtml(string) {\n var str = '' + string;\n var match = matchHtmlRegExp.exec(str);\n\n if (!match) {\n return str;\n }\n\n var escape;\n var html = '';\n var index = 0;\n var lastIndex = 0;\n\n for (index = match.index; index < str.length; index++) {\n switch (str.charCodeAt(index)) {\n case 34: // \"\n escape = '"';\n break;\n case 38: // &\n escape = '&';\n break;\n case 39: // '\n escape = ''';\n break;\n case 60: // <\n escape = '<';\n break;\n case 62: // >\n escape = '>';\n break;\n default:\n continue;\n }\n\n if (lastIndex !== index) {\n html += str.substring(lastIndex, index);\n }\n\n lastIndex = index + 1;\n html += escape;\n }\n\n return lastIndex !== index\n ? html + str.substring(lastIndex, index)\n : html;\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A RTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport lunr from \"lunr\"\n\nimport \"~/polyfills\"\n\nimport { Search, SearchIndexConfig } from \"../../_\"\nimport {\n SearchMessage,\n SearchMessageType\n} from \"../message\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Add support for usage with `iframe-worker` polyfill\n *\n * While `importScripts` is synchronous when executed inside of a web worker,\n * it's not possible to provide a synchronous polyfilled implementation. The\n * cool thing is that awaiting a non-Promise is a noop, so extending the type\n * definition to return a `Promise` shouldn't break anything.\n *\n * @see https://bit.ly/2PjDnXi - GitHub comment\n */\ndeclare global {\n function importScripts(...urls: string[]): Promise | void\n}\n\n/* ----------------------------------------------------------------------------\n * Data\n * ------------------------------------------------------------------------- */\n\n/**\n * Search index\n */\nlet index: Search\n\n/* ----------------------------------------------------------------------------\n * Helper functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Fetch (= import) multi-language support through `lunr-languages`\n *\n * This function automatically imports the stemmers necessary to process the\n * languages, which are defined through the search index configuration.\n *\n * If the worker runs inside of an `iframe` (when using `iframe-worker` as\n * a shim), the base URL for the stemmers to be loaded must be determined by\n * searching for the first `script` element with a `src` attribute, which will\n * contain the contents of this script.\n *\n * @param config - Search index configuration\n *\n * @returns Promise resolving with no result\n */\nasync function setupSearchLanguages(\n config: SearchIndexConfig\n): Promise {\n let base = \"../lunr\"\n\n /* Detect `iframe-worker` and fix base URL */\n if (typeof parent !== \"undefined\" && \"IFrameWorker\" in parent) {\n const worker = document.querySelector(\"script[src]\")!\n const [path] = worker.src.split(\"/worker\")\n\n /* Prefix base with path */\n base = base.replace(\"..\", path)\n }\n\n /* Add scripts for languages */\n const scripts = []\n for (const lang of config.lang) {\n switch (lang) {\n\n /* Add segmenter for Japanese */\n case \"ja\":\n scripts.push(`${base}/tinyseg.js`)\n break\n\n /* Add segmenter for Hindi and Thai */\n case \"hi\":\n case \"th\":\n scripts.push(`${base}/wordcut.js`)\n break\n }\n\n /* Add language support */\n if (lang !== \"en\")\n scripts.push(`${base}/min/lunr.${lang}.min.js`)\n }\n\n /* Add multi-language support */\n if (config.lang.length > 1)\n scripts.push(`${base}/min/lunr.multi.min.js`)\n\n /* Load scripts synchronously */\n if (scripts.length)\n await importScripts(\n `${base}/min/lunr.stemmer.support.min.js`,\n ...scripts\n )\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Message handler\n *\n * @param message - Source message\n *\n * @returns Target message\n */\nexport async function handler(\n message: SearchMessage\n): Promise {\n switch (message.type) {\n\n /* Search setup message */\n case SearchMessageType.SETUP:\n await setupSearchLanguages(message.data.config)\n index = new Search(message.data)\n return {\n type: SearchMessageType.READY\n }\n\n /* Search query message */\n case SearchMessageType.QUERY:\n return {\n type: SearchMessageType.RESULT,\n data: index ? index.search(message.data) : { items: [] }\n }\n\n /* All other messages */\n default:\n throw new TypeError(\"Invalid message type\")\n }\n}\n\n/* ----------------------------------------------------------------------------\n * Worker\n * ------------------------------------------------------------------------- */\n\n/* @ts-expect-error - expose Lunr.js in global scope, or stemmers won't work */\nself.lunr = lunr\n\n/* Handle messages */\naddEventListener(\"message\", async ev => {\n postMessage(await handler(ev.data))\n})\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Polyfills\n * ------------------------------------------------------------------------- */\n\n/* Polyfill `Object.entries` */\nif (!Object.entries)\n Object.entries = function (obj: object) {\n const data: [string, string][] = []\n for (const key of Object.keys(obj))\n // @ts-expect-error - ignore property access warning\n data.push([key, obj[key]])\n\n /* Return entries */\n return data\n }\n\n/* Polyfill `Object.values` */\nif (!Object.values)\n Object.values = function (obj: object) {\n const data: string[] = []\n for (const key of Object.keys(obj))\n // @ts-expect-error - ignore property access warning\n data.push(obj[key])\n\n /* Return values */\n return data\n }\n\n/* ------------------------------------------------------------------------- */\n\n/* Polyfills for `Element` */\nif (typeof Element !== \"undefined\") {\n\n /* Polyfill `Element.scrollTo` */\n if (!Element.prototype.scrollTo)\n Element.prototype.scrollTo = function (\n x?: ScrollToOptions | number, y?: number\n ): void {\n if (typeof x === \"object\") {\n this.scrollLeft = x.left!\n this.scrollTop = x.top!\n } else {\n this.scrollLeft = x!\n this.scrollTop = y!\n }\n }\n\n /* Polyfill `Element.replaceWith` */\n if (!Element.prototype.replaceWith)\n Element.prototype.replaceWith = function (\n ...nodes: Array\n ): void {\n const parent = this.parentNode\n if (parent) {\n if (nodes.length === 0)\n parent.removeChild(this)\n\n /* Replace children and create text nodes */\n for (let i = nodes.length - 1; i >= 0; i--) {\n let node = nodes[i]\n if (typeof node === \"string\")\n node = document.createTextNode(node)\n else if (node.parentNode)\n node.parentNode.removeChild(node)\n\n /* Replace child or insert before previous sibling */\n if (!i)\n parent.replaceChild(node, this)\n else\n parent.insertBefore(this.previousSibling!, node)\n }\n }\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport escapeHTML from \"escape-html\"\n\nimport { SearchIndexDocument } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search document\n */\nexport interface SearchDocument extends SearchIndexDocument {\n parent?: SearchIndexDocument /* Parent article */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search document mapping\n */\nexport type SearchDocumentMap = Map\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Create a search document mapping\n *\n * @param docs - Search index documents\n *\n * @returns Search document map\n */\nexport function setupSearchDocumentMap(\n docs: SearchIndexDocument[]\n): SearchDocumentMap {\n const documents = new Map()\n const parents = new Set()\n for (const doc of docs) {\n const [path, hash] = doc.location.split(\"#\")\n\n /* Extract location, title and tags */\n const location = doc.location\n const title = doc.title\n const tags = doc.tags\n\n /* Escape and cleanup text */\n const text = escapeHTML(doc.text)\n .replace(/\\s+(?=[,.:;!?])/g, \"\")\n .replace(/\\s+/g, \" \")\n\n /* Handle section */\n if (hash) {\n const parent = documents.get(path)!\n\n /* Ignore first section, override article */\n if (!parents.has(parent)) {\n parent.title = doc.title\n parent.text = text\n\n /* Remember that we processed the article */\n parents.add(parent)\n\n /* Add subsequent section */\n } else {\n documents.set(location, {\n location,\n title,\n text,\n parent\n })\n }\n\n /* Add article */\n } else {\n documents.set(location, {\n location,\n title,\n text,\n ...tags && { tags }\n })\n }\n }\n return documents\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport escapeHTML from \"escape-html\"\n\nimport { SearchIndexConfig } from \"../_\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search highlight function\n *\n * @param value - Value\n *\n * @returns Highlighted value\n */\nexport type SearchHighlightFn = (value: string) => string\n\n/**\n * Search highlight factory function\n *\n * @param query - Query value\n *\n * @returns Search highlight function\n */\nexport type SearchHighlightFactoryFn = (query: string) => SearchHighlightFn\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Create a search highlighter\n *\n * @param config - Search index configuration\n * @param escape - Whether to escape HTML\n *\n * @returns Search highlight factory function\n */\nexport function setupSearchHighlighter(\n config: SearchIndexConfig, escape: boolean\n): SearchHighlightFactoryFn {\n const separator = new RegExp(config.separator, \"img\")\n const highlight = (_: unknown, data: string, term: string) => {\n return `${data}${term}`\n }\n\n /* Return factory function */\n return (query: string) => {\n query = query\n .replace(/[\\s*+\\-:~^]+/g, \" \")\n .trim()\n\n /* Create search term match expression */\n const match = new RegExp(`(^|${config.separator})(${\n query\n .replace(/[|\\\\{}()[\\]^$+*?.-]/g, \"\\\\$&\")\n .replace(separator, \"|\")\n })`, \"img\")\n\n /* Highlight string value */\n return value => (\n escape\n ? escapeHTML(value)\n : value\n )\n .replace(match, highlight)\n .replace(/<\\/mark>(\\s+)]*>/img, \"$1\")\n }\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search query clause\n */\nexport interface SearchQueryClause {\n presence: lunr.Query.presence /* Clause presence */\n term: string /* Clause term */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search query terms\n */\nexport type SearchQueryTerms = Record\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Parse a search query for analysis\n *\n * @param value - Query value\n *\n * @returns Search query clauses\n */\nexport function parseSearchQuery(\n value: string\n): SearchQueryClause[] {\n const query = new (lunr as any).Query([\"title\", \"text\"])\n const parser = new (lunr as any).QueryParser(value, query)\n\n /* Parse and return query clauses */\n parser.parse()\n return query.clauses\n}\n\n/**\n * Analyze the search query clauses in regard to the search terms found\n *\n * @param query - Search query clauses\n * @param terms - Search terms\n *\n * @returns Search query terms\n */\nexport function getSearchQueryTerms(\n query: SearchQueryClause[], terms: string[]\n): SearchQueryTerms {\n const clauses = new Set(query)\n\n /* Match query clauses against terms */\n const result: SearchQueryTerms = {}\n for (let t = 0; t < terms.length; t++)\n for (const clause of clauses)\n if (terms[t].startsWith(clause.term)) {\n result[clause.term] = true\n clauses.delete(clause)\n }\n\n /* Annotate unmatched non-stopword query clauses */\n for (const clause of clauses)\n if (lunr.stopWordFilter?.(clause.term as any))\n result[clause.term] = false\n\n /* Return query terms */\n return result\n}\n", "/*\n * Copyright (c) 2016-2022 Martin Donath \n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\nimport {\n SearchDocument,\n SearchDocumentMap,\n setupSearchDocumentMap\n} from \"../document\"\nimport {\n SearchHighlightFactoryFn,\n setupSearchHighlighter\n} from \"../highlighter\"\nimport { SearchOptions } from \"../options\"\nimport {\n SearchQueryTerms,\n getSearchQueryTerms,\n parseSearchQuery\n} from \"../query\"\n\n/* ----------------------------------------------------------------------------\n * Types\n * ------------------------------------------------------------------------- */\n\n/**\n * Search index configuration\n */\nexport interface SearchIndexConfig {\n lang: string[] /* Search languages */\n separator: string /* Search separator */\n}\n\n/**\n * Search index document\n */\nexport interface SearchIndexDocument {\n location: string /* Document location */\n title: string /* Document title */\n text: string /* Document text */\n tags?: string[] /* Document tags */\n boost?: number /* Document boost */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search index\n *\n * This interfaces describes the format of the `search_index.json` file which\n * is automatically built by the MkDocs search plugin.\n */\nexport interface SearchIndex {\n config: SearchIndexConfig /* Search index configuration */\n docs: SearchIndexDocument[] /* Search index documents */\n options: SearchOptions /* Search options */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search metadata\n */\nexport interface SearchMetadata {\n score: number /* Score (relevance) */\n terms: SearchQueryTerms /* Search query terms */\n}\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search result document\n */\nexport type SearchResultDocument = SearchDocument & SearchMetadata\n\n/**\n * Search result item\n */\nexport type SearchResultItem = SearchResultDocument[]\n\n/* ------------------------------------------------------------------------- */\n\n/**\n * Search result\n */\nexport interface SearchResult {\n items: SearchResultItem[] /* Search result items */\n suggestions?: string[] /* Search suggestions */\n}\n\n/* ----------------------------------------------------------------------------\n * Functions\n * ------------------------------------------------------------------------- */\n\n/**\n * Compute the difference of two lists of strings\n *\n * @param a - 1st list of strings\n * @param b - 2nd list of strings\n *\n * @returns Difference\n */\nfunction difference(a: string[], b: string[]): string[] {\n const [x, y] = [new Set(a), new Set(b)]\n return [\n ...new Set([...x].filter(value => !y.has(value)))\n ]\n}\n\n/* ----------------------------------------------------------------------------\n * Class\n * ------------------------------------------------------------------------- */\n\n/**\n * Search index\n */\nexport class Search {\n\n /**\n * Search document mapping\n *\n * A mapping of URLs (including hash fragments) to the actual articles and\n * sections of the documentation. The search document mapping must be created\n * regardless of whether the index was prebuilt or not, as Lunr.js itself\n * only stores the actual index.\n */\n protected documents: SearchDocumentMap\n\n /**\n * Search highlight factory function\n */\n protected highlight: SearchHighlightFactoryFn\n\n /**\n * The underlying Lunr.js search index\n */\n protected index: lunr.Index\n\n /**\n * Search options\n */\n protected options: SearchOptions\n\n /**\n * Create the search integration\n *\n * @param data - Search index\n */\n public constructor({ config, docs, options }: SearchIndex) {\n this.options = options\n\n /* Set up document map and highlighter factory */\n this.documents = setupSearchDocumentMap(docs)\n this.highlight = setupSearchHighlighter(config, false)\n\n /* Set separator for tokenizer */\n lunr.tokenizer.separator = new RegExp(config.separator)\n\n /* Create search index */\n this.index = lunr(function () {\n\n /* Set up multi-language support */\n if (config.lang.length === 1 && config.lang[0] !== \"en\") {\n this.use((lunr as any)[config.lang[0]])\n } else if (config.lang.length > 1) {\n this.use((lunr as any).multiLanguage(...config.lang))\n }\n\n /* Compute functions to be removed from the pipeline */\n const fns = difference([\n \"trimmer\", \"stopWordFilter\", \"stemmer\"\n ], options.pipeline)\n\n /* Remove functions from the pipeline for registered languages */\n for (const lang of config.lang.map(language => (\n language === \"en\" ? lunr : (lunr as any)[language]\n ))) {\n for (const fn of fns) {\n this.pipeline.remove(lang[fn])\n this.searchPipeline.remove(lang[fn])\n }\n }\n\n /* Set up reference */\n this.ref(\"location\")\n\n /* Set up fields */\n this.field(\"title\", { boost: 1e3 })\n this.field(\"text\")\n this.field(\"tags\", { boost: 1e6, extractor: doc => {\n const { tags = [] } = doc as SearchDocument\n return tags.reduce((list, tag) => [\n ...list,\n ...lunr.tokenizer(tag)\n ], [] as lunr.Token[])\n } })\n\n /* Index documents */\n for (const doc of docs)\n this.add(doc, { boost: doc.boost })\n })\n }\n\n /**\n * Search for matching documents\n *\n * The search index which MkDocs provides is divided up into articles, which\n * contain the whole content of the individual pages, and sections, which only\n * contain the contents of the subsections obtained by breaking the individual\n * pages up at `h1` ... `h6`. As there may be many sections on different pages\n * with identical titles (for example within this very project, e.g. \"Usage\"\n * or \"Installation\"), they need to be put into the context of the containing\n * page. For this reason, section results are grouped within their respective\n * articles which are the top-level results that are returned.\n *\n * @param query - Query value\n *\n * @returns Search results\n */\n public search(query: string): SearchResult {\n if (query) {\n try {\n const highlight = this.highlight(query)\n\n /* Parse query to extract clauses for analysis */\n const clauses = parseSearchQuery(query)\n .filter(clause => (\n clause.presence !== lunr.Query.presence.PROHIBITED\n ))\n\n /* Perform search and post-process results */\n const groups = this.index.search(`${query}*`)\n\n /* Apply post-query boosts based on title and search query terms */\n .reduce((item, { ref, score, matchData }) => {\n const document = this.documents.get(ref)\n if (typeof document !== \"undefined\") {\n const { location, title, text, tags, parent } = document\n\n /* Compute and analyze search query terms */\n const terms = getSearchQueryTerms(\n clauses,\n Object.keys(matchData.metadata)\n )\n\n /* Highlight title and text and apply post-query boosts */\n const boost = +!parent + +Object.values(terms).every(t => t)\n item.push({\n location,\n title: highlight(title),\n text: highlight(text),\n ...tags && { tags: tags.map(highlight) },\n score: score * (1 + boost),\n terms\n })\n }\n return item\n }, [])\n\n /* Sort search results again after applying boosts */\n .sort((a, b) => b.score - a.score)\n\n /* Group search results by page */\n .reduce((items, result) => {\n const document = this.documents.get(result.location)\n if (typeof document !== \"undefined\") {\n const ref = \"parent\" in document\n ? document.parent!.location\n : document.location\n items.set(ref, [...items.get(ref) || [], result])\n }\n return items\n }, new Map())\n\n /* Generate search suggestions, if desired */\n let suggestions: string[] | undefined\n if (this.options.suggestions) {\n const titles = this.index.query(builder => {\n for (const clause of clauses)\n builder.term(clause.term, {\n fields: [\"title\"],\n presence: lunr.Query.presence.REQUIRED,\n wildcard: lunr.Query.wildcard.TRAILING\n })\n })\n\n /* Retrieve suggestions for best match */\n suggestions = titles.length\n ? Object.keys(titles[0].matchData.metadata)\n : []\n }\n\n /* Return items and suggestions */\n return {\n items: [...groups.values()],\n ...typeof suggestions !== \"undefined\" && { suggestions }\n }\n\n /* Log errors to console (for now) */\n } catch {\n console.warn(`Invalid query: ${query} \u2013 see https://bit.ly/2s3ChXG`)\n }\n }\n\n /* Return nothing in case of error or empty query */\n return { items: [] }\n }\n}\n"], + "mappings": "glCAAA,IAAAA,GAAAC,EAAA,CAAAC,GAAAC,KAAA;AAAA;AAAA;AAAA;AAAA,IAME,UAAU,CAiCZ,IAAIC,EAAO,SAAUC,EAAQ,CAC3B,IAAIC,EAAU,IAAIF,EAAK,QAEvB,OAAAE,EAAQ,SAAS,IACfF,EAAK,QACLA,EAAK,eACLA,EAAK,OACP,EAEAE,EAAQ,eAAe,IACrBF,EAAK,OACP,EAEAC,EAAO,KAAKC,EAASA,CAAO,EACrBA,EAAQ,MAAM,CACvB,EAEAF,EAAK,QAAU,QACf;AAAA;AAAA;AAAA,GASAA,EAAK,MAAQ,CAAC,EASdA,EAAK,MAAM,KAAQ,SAAUG,EAAQ,CAEnC,OAAO,SAAUC,EAAS,CACpBD,EAAO,SAAW,QAAQ,MAC5B,QAAQ,KAAKC,CAAO,CAExB,CAEF,EAAG,IAAI,EAaPJ,EAAK,MAAM,SAAW,SAAUK,EAAK,CACnC,OAAsBA,GAAQ,KACrB,GAEAA,EAAI,SAAS,CAExB,EAkBAL,EAAK,MAAM,MAAQ,SAAUK,EAAK,CAChC,GAAIA,GAAQ,KACV,OAAOA,EAMT,QAHIC,EAAQ,OAAO,OAAO,IAAI,EAC1BC,EAAO,OAAO,KAAKF,CAAG,EAEjB,EAAI,EAAG,EAAIE,EAAK,OAAQ,IAAK,CACpC,IAAIC,EAAMD,EAAK,GACXE,EAAMJ,EAAIG,GAEd,GAAI,MAAM,QAAQC,CAAG,EAAG,CACtBH,EAAME,GAAOC,EAAI,MAAM,EACvB,QACF,CAEA,GAAI,OAAOA,GAAQ,UACf,OAAOA,GAAQ,UACf,OAAOA,GAAQ,UAAW,CAC5BH,EAAME,GAAOC,EACb,QACF,CAEA,MAAM,IAAI,UAAU,uDAAuD,CAC7E,CAEA,OAAOH,CACT,EACAN,EAAK,SAAW,SAAUU,EAAQC,EAAWC,EAAa,CACxD,KAAK,OAASF,EACd,KAAK,UAAYC,EACjB,KAAK,aAAeC,CACtB,EAEAZ,EAAK,SAAS,OAAS,IAEvBA,EAAK,SAAS,WAAa,SAAUa,EAAG,CACtC,IAAIC,EAAID,EAAE,QAAQb,EAAK,SAAS,MAAM,EAEtC,GAAIc,IAAM,GACR,KAAM,6BAGR,IAAIC,EAAWF,EAAE,MAAM,EAAGC,CAAC,EACvBJ,EAASG,EAAE,MAAMC,EAAI,CAAC,EAE1B,OAAO,IAAId,EAAK,SAAUU,EAAQK,EAAUF,CAAC,CAC/C,EAEAb,EAAK,SAAS,UAAU,SAAW,UAAY,CAC7C,OAAI,KAAK,cAAgB,OACvB,KAAK,aAAe,KAAK,UAAYA,EAAK,SAAS,OAAS,KAAK,QAG5D,KAAK,YACd,EACA;AAAA;AAAA;AAAA,GAUAA,EAAK,IAAM,SAAUgB,EAAU,CAG7B,GAFA,KAAK,SAAW,OAAO,OAAO,IAAI,EAE9BA,EAAU,CACZ,KAAK,OAASA,EAAS,OAEvB,QAASC,EAAI,EAAGA,EAAI,KAAK,OAAQA,IAC/B,KAAK,SAASD,EAASC,IAAM,EAEjC,MACE,KAAK,OAAS,CAElB,EASAjB,EAAK,IAAI,SAAW,CAClB,UAAW,SAAUkB,EAAO,CAC1B,OAAOA,CACT,EAEA,MAAO,UAAY,CACjB,OAAO,IACT,EAEA,SAAU,UAAY,CACpB,MAAO,EACT,CACF,EASAlB,EAAK,IAAI,MAAQ,CACf,UAAW,UAAY,CACrB,OAAO,IACT,EAEA,MAAO,SAAUkB,EAAO,CACtB,OAAOA,CACT,EAEA,SAAU,UAAY,CACpB,MAAO,EACT,CACF,EAQAlB,EAAK,IAAI,UAAU,SAAW,SAAUmB,EAAQ,CAC9C,MAAO,CAAC,CAAC,KAAK,SAASA,EACzB,EAUAnB,EAAK,IAAI,UAAU,UAAY,SAAUkB,EAAO,CAC9C,IAAIE,EAAGC,EAAGL,EAAUM,EAAe,CAAC,EAEpC,GAAIJ,IAAUlB,EAAK,IAAI,SACrB,OAAO,KAGT,GAAIkB,IAAUlB,EAAK,IAAI,MACrB,OAAOkB,EAGL,KAAK,OAASA,EAAM,QACtBE,EAAI,KACJC,EAAIH,IAEJE,EAAIF,EACJG,EAAI,MAGNL,EAAW,OAAO,KAAKI,EAAE,QAAQ,EAEjC,QAASH,EAAI,EAAGA,EAAID,EAAS,OAAQC,IAAK,CACxC,IAAIM,EAAUP,EAASC,GACnBM,KAAWF,EAAE,UACfC,EAAa,KAAKC,CAAO,CAE7B,CAEA,OAAO,IAAIvB,EAAK,IAAKsB,CAAY,CACnC,EASAtB,EAAK,IAAI,UAAU,MAAQ,SAAUkB,EAAO,CAC1C,OAAIA,IAAUlB,EAAK,IAAI,SACdA,EAAK,IAAI,SAGdkB,IAAUlB,EAAK,IAAI,MACd,KAGF,IAAIA,EAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,OAAO,OAAO,KAAKkB,EAAM,QAAQ,CAAC,CAAC,CACpF,EASAlB,EAAK,IAAM,SAAUwB,EAASC,EAAe,CAC3C,IAAIC,EAAoB,EAExB,QAASf,KAAaa,EAChBb,GAAa,WACjBe,GAAqB,OAAO,KAAKF,EAAQb,EAAU,EAAE,QAGvD,IAAIgB,GAAKF,EAAgBC,EAAoB,KAAQA,EAAoB,IAEzE,OAAO,KAAK,IAAI,EAAI,KAAK,IAAIC,CAAC,CAAC,CACjC,EAUA3B,EAAK,MAAQ,SAAU4B,EAAKC,EAAU,CACpC,KAAK,IAAMD,GAAO,GAClB,KAAK,SAAWC,GAAY,CAAC,CAC/B,EAOA7B,EAAK,MAAM,UAAU,SAAW,UAAY,CAC1C,OAAO,KAAK,GACd,EAsBAA,EAAK,MAAM,UAAU,OAAS,SAAU8B,EAAI,CAC1C,YAAK,IAAMA,EAAG,KAAK,IAAK,KAAK,QAAQ,EAC9B,IACT,EASA9B,EAAK,MAAM,UAAU,MAAQ,SAAU8B,EAAI,CACzC,OAAAA,EAAKA,GAAM,SAAUjB,EAAG,CAAE,OAAOA,CAAE,EAC5B,IAAIb,EAAK,MAAO8B,EAAG,KAAK,IAAK,KAAK,QAAQ,EAAG,KAAK,QAAQ,CACnE,EACA;AAAA;AAAA;AAAA,GAuBA9B,EAAK,UAAY,SAAUK,EAAKwB,EAAU,CACxC,GAAIxB,GAAO,MAAQA,GAAO,KACxB,MAAO,CAAC,EAGV,GAAI,MAAM,QAAQA,CAAG,EACnB,OAAOA,EAAI,IAAI,SAAU0B,EAAG,CAC1B,OAAO,IAAI/B,EAAK,MACdA,EAAK,MAAM,SAAS+B,CAAC,EAAE,YAAY,EACnC/B,EAAK,MAAM,MAAM6B,CAAQ,CAC3B,CACF,CAAC,EAOH,QAJID,EAAMvB,EAAI,SAAS,EAAE,YAAY,EACjC2B,EAAMJ,EAAI,OACVK,EAAS,CAAC,EAELC,EAAW,EAAGC,EAAa,EAAGD,GAAYF,EAAKE,IAAY,CAClE,IAAIE,EAAOR,EAAI,OAAOM,CAAQ,EAC1BG,EAAcH,EAAWC,EAE7B,GAAKC,EAAK,MAAMpC,EAAK,UAAU,SAAS,GAAKkC,GAAYF,EAAM,CAE7D,GAAIK,EAAc,EAAG,CACnB,IAAIC,EAAgBtC,EAAK,MAAM,MAAM6B,CAAQ,GAAK,CAAC,EACnDS,EAAc,SAAc,CAACH,EAAYE,CAAW,EACpDC,EAAc,MAAWL,EAAO,OAEhCA,EAAO,KACL,IAAIjC,EAAK,MACP4B,EAAI,MAAMO,EAAYD,CAAQ,EAC9BI,CACF,CACF,CACF,CAEAH,EAAaD,EAAW,CAC1B,CAEF,CAEA,OAAOD,CACT,EASAjC,EAAK,UAAU,UAAY,UAC3B;AAAA;AAAA;AAAA,GAkCAA,EAAK,SAAW,UAAY,CAC1B,KAAK,OAAS,CAAC,CACjB,EAEAA,EAAK,SAAS,oBAAsB,OAAO,OAAO,IAAI,EAmCtDA,EAAK,SAAS,iBAAmB,SAAU8B,EAAIS,EAAO,CAChDA,KAAS,KAAK,qBAChBvC,EAAK,MAAM,KAAK,6CAA+CuC,CAAK,EAGtET,EAAG,MAAQS,EACXvC,EAAK,SAAS,oBAAoB8B,EAAG,OAASA,CAChD,EAQA9B,EAAK,SAAS,4BAA8B,SAAU8B,EAAI,CACxD,IAAIU,EAAeV,EAAG,OAAUA,EAAG,SAAS,KAAK,oBAE5CU,GACHxC,EAAK,MAAM,KAAK;AAAA,EAAmG8B,CAAE,CAEzH,EAYA9B,EAAK,SAAS,KAAO,SAAUyC,EAAY,CACzC,IAAIC,EAAW,IAAI1C,EAAK,SAExB,OAAAyC,EAAW,QAAQ,SAAUE,EAAQ,CACnC,IAAIb,EAAK9B,EAAK,SAAS,oBAAoB2C,GAE3C,GAAIb,EACFY,EAAS,IAAIZ,CAAE,MAEf,OAAM,IAAI,MAAM,sCAAwCa,CAAM,CAElE,CAAC,EAEMD,CACT,EASA1C,EAAK,SAAS,UAAU,IAAM,UAAY,CACxC,IAAI4C,EAAM,MAAM,UAAU,MAAM,KAAK,SAAS,EAE9CA,EAAI,QAAQ,SAAUd,EAAI,CACxB9B,EAAK,SAAS,4BAA4B8B,CAAE,EAC5C,KAAK,OAAO,KAAKA,CAAE,CACrB,EAAG,IAAI,CACT,EAWA9B,EAAK,SAAS,UAAU,MAAQ,SAAU6C,EAAYC,EAAO,CAC3D9C,EAAK,SAAS,4BAA4B8C,CAAK,EAE/C,IAAIC,EAAM,KAAK,OAAO,QAAQF,CAAU,EACxC,GAAIE,GAAO,GACT,MAAM,IAAI,MAAM,wBAAwB,EAG1CA,EAAMA,EAAM,EACZ,KAAK,OAAO,OAAOA,EAAK,EAAGD,CAAK,CAClC,EAWA9C,EAAK,SAAS,UAAU,OAAS,SAAU6C,EAAYC,EAAO,CAC5D9C,EAAK,SAAS,4BAA4B8C,CAAK,EAE/C,IAAIC,EAAM,KAAK,OAAO,QAAQF,CAAU,EACxC,GAAIE,GAAO,GACT,MAAM,IAAI,MAAM,wBAAwB,EAG1C,KAAK,OAAO,OAAOA,EAAK,EAAGD,CAAK,CAClC,EAOA9C,EAAK,SAAS,UAAU,OAAS,SAAU8B,EAAI,CAC7C,IAAIiB,EAAM,KAAK,OAAO,QAAQjB,CAAE,EAC5BiB,GAAO,IAIX,KAAK,OAAO,OAAOA,EAAK,CAAC,CAC3B,EASA/C,EAAK,SAAS,UAAU,IAAM,SAAUiC,EAAQ,CAG9C,QAFIe,EAAc,KAAK,OAAO,OAErB/B,EAAI,EAAGA,EAAI+B,EAAa/B,IAAK,CAIpC,QAHIa,EAAK,KAAK,OAAOb,GACjBgC,EAAO,CAAC,EAEHC,EAAI,EAAGA,EAAIjB,EAAO,OAAQiB,IAAK,CACtC,IAAIC,EAASrB,EAAGG,EAAOiB,GAAIA,EAAGjB,CAAM,EAEpC,GAAI,EAAAkB,GAAW,MAA6BA,IAAW,IAEvD,GAAI,MAAM,QAAQA,CAAM,EACtB,QAASC,EAAI,EAAGA,EAAID,EAAO,OAAQC,IACjCH,EAAK,KAAKE,EAAOC,EAAE,OAGrBH,EAAK,KAAKE,CAAM,CAEpB,CAEAlB,EAASgB,CACX,CAEA,OAAOhB,CACT,EAYAjC,EAAK,SAAS,UAAU,UAAY,SAAU4B,EAAKC,EAAU,CAC3D,IAAIwB,EAAQ,IAAIrD,EAAK,MAAO4B,EAAKC,CAAQ,EAEzC,OAAO,KAAK,IAAI,CAACwB,CAAK,CAAC,EAAE,IAAI,SAAUtB,EAAG,CACxC,OAAOA,EAAE,SAAS,CACpB,CAAC,CACH,EAMA/B,EAAK,SAAS,UAAU,MAAQ,UAAY,CAC1C,KAAK,OAAS,CAAC,CACjB,EASAA,EAAK,SAAS,UAAU,OAAS,UAAY,CAC3C,OAAO,KAAK,OAAO,IAAI,SAAU8B,EAAI,CACnC,OAAA9B,EAAK,SAAS,4BAA4B8B,CAAE,EAErCA,EAAG,KACZ,CAAC,CACH,EACA;AAAA;AAAA;AAAA,GAqBA9B,EAAK,OAAS,SAAUgB,EAAU,CAChC,KAAK,WAAa,EAClB,KAAK,SAAWA,GAAY,CAAC,CAC/B,EAaAhB,EAAK,OAAO,UAAU,iBAAmB,SAAUsD,EAAO,CAExD,GAAI,KAAK,SAAS,QAAU,EAC1B,MAAO,GAST,QANIC,EAAQ,EACRC,EAAM,KAAK,SAAS,OAAS,EAC7BnB,EAAcmB,EAAMD,EACpBE,EAAa,KAAK,MAAMpB,EAAc,CAAC,EACvCqB,EAAa,KAAK,SAASD,EAAa,GAErCpB,EAAc,IACfqB,EAAaJ,IACfC,EAAQE,GAGNC,EAAaJ,IACfE,EAAMC,GAGJC,GAAcJ,IAIlBjB,EAAcmB,EAAMD,EACpBE,EAAaF,EAAQ,KAAK,MAAMlB,EAAc,CAAC,EAC/CqB,EAAa,KAAK,SAASD,EAAa,GAO1C,GAJIC,GAAcJ,GAIdI,EAAaJ,EACf,OAAOG,EAAa,EAGtB,GAAIC,EAAaJ,EACf,OAAQG,EAAa,GAAK,CAE9B,EAWAzD,EAAK,OAAO,UAAU,OAAS,SAAU2D,EAAWlD,EAAK,CACvD,KAAK,OAAOkD,EAAWlD,EAAK,UAAY,CACtC,KAAM,iBACR,CAAC,CACH,EAUAT,EAAK,OAAO,UAAU,OAAS,SAAU2D,EAAWlD,EAAKqB,EAAI,CAC3D,KAAK,WAAa,EAClB,IAAI8B,EAAW,KAAK,iBAAiBD,CAAS,EAE1C,KAAK,SAASC,IAAaD,EAC7B,KAAK,SAASC,EAAW,GAAK9B,EAAG,KAAK,SAAS8B,EAAW,GAAInD,CAAG,EAEjE,KAAK,SAAS,OAAOmD,EAAU,EAAGD,EAAWlD,CAAG,CAEpD,EAOAT,EAAK,OAAO,UAAU,UAAY,UAAY,CAC5C,GAAI,KAAK,WAAY,OAAO,KAAK,WAKjC,QAHI6D,EAAe,EACfC,EAAiB,KAAK,SAAS,OAE1B7C,EAAI,EAAGA,EAAI6C,EAAgB7C,GAAK,EAAG,CAC1C,IAAIR,EAAM,KAAK,SAASQ,GACxB4C,GAAgBpD,EAAMA,CACxB,CAEA,OAAO,KAAK,WAAa,KAAK,KAAKoD,CAAY,CACjD,EAQA7D,EAAK,OAAO,UAAU,IAAM,SAAU+D,EAAa,CAOjD,QANIC,EAAa,EACb5C,EAAI,KAAK,SAAUC,EAAI0C,EAAY,SACnCE,EAAO7C,EAAE,OAAQ8C,EAAO7C,EAAE,OAC1B8C,EAAO,EAAGC,EAAO,EACjBnD,EAAI,EAAGiC,EAAI,EAERjC,EAAIgD,GAAQf,EAAIgB,GACrBC,EAAO/C,EAAEH,GAAImD,EAAO/C,EAAE6B,GAClBiB,EAAOC,EACTnD,GAAK,EACIkD,EAAOC,EAChBlB,GAAK,EACIiB,GAAQC,IACjBJ,GAAc5C,EAAEH,EAAI,GAAKI,EAAE6B,EAAI,GAC/BjC,GAAK,EACLiC,GAAK,GAIT,OAAOc,CACT,EASAhE,EAAK,OAAO,UAAU,WAAa,SAAU+D,EAAa,CACxD,OAAO,KAAK,IAAIA,CAAW,EAAI,KAAK,UAAU,GAAK,CACrD,EAOA/D,EAAK,OAAO,UAAU,QAAU,UAAY,CAG1C,QAFIqE,EAAS,IAAI,MAAO,KAAK,SAAS,OAAS,CAAC,EAEvCpD,EAAI,EAAGiC,EAAI,EAAGjC,EAAI,KAAK,SAAS,OAAQA,GAAK,EAAGiC,IACvDmB,EAAOnB,GAAK,KAAK,SAASjC,GAG5B,OAAOoD,CACT,EAOArE,EAAK,OAAO,UAAU,OAAS,UAAY,CACzC,OAAO,KAAK,QACd,EAEA;AAAA;AAAA;AAAA;AAAA,GAiBAA,EAAK,QAAW,UAAU,CACxB,IAAIsE,EAAY,CACZ,QAAY,MACZ,OAAW,OACX,KAAS,OACT,KAAS,OACT,KAAS,MACT,IAAQ,MACR,KAAS,KACT,MAAU,MACV,IAAQ,IACR,MAAU,MACV,QAAY,MACZ,MAAU,MACV,KAAS,MACT,MAAU,KACV,QAAY,MACZ,QAAY,MACZ,QAAY,MACZ,MAAU,KACV,MAAU,MACV,OAAW,MACX,KAAS,KACX,EAEAC,EAAY,CACV,MAAU,KACV,MAAU,GACV,MAAU,KACV,MAAU,KACV,KAAS,KACT,IAAQ,GACR,KAAS,EACX,EAEAC,EAAI,WACJC,EAAI,WACJC,EAAIF,EAAI,aACRG,EAAIF,EAAI,WAERG,EAAO,KAAOF,EAAI,KAAOC,EAAID,EAC7BG,EAAO,KAAOH,EAAI,KAAOC,EAAID,EAAI,IAAMC,EAAI,MAC3CG,EAAO,KAAOJ,EAAI,KAAOC,EAAID,EAAIC,EAAID,EACrCK,EAAM,KAAOL,EAAI,KAAOD,EAEtBO,EAAU,IAAI,OAAOJ,CAAI,EACzBK,EAAU,IAAI,OAAOH,CAAI,EACzBI,EAAU,IAAI,OAAOL,CAAI,EACzBM,EAAS,IAAI,OAAOJ,CAAG,EAEvBK,EAAQ,kBACRC,EAAS,iBACTC,EAAQ,aACRC,EAAS,kBACTC,EAAU,KACVC,EAAW,cACXC,EAAW,IAAI,OAAO,oBAAoB,EAC1CC,EAAW,IAAI,OAAO,IAAMjB,EAAID,EAAI,cAAc,EAElDmB,EAAQ,mBACRC,EAAO,2IAEPC,EAAO,iDAEPC,EAAO,sFACPC,EAAQ,oBAERC,EAAO,WACPC,EAAS,MACTC,EAAQ,IAAI,OAAO,IAAMzB,EAAID,EAAI,cAAc,EAE/C2B,EAAgB,SAAuBC,EAAG,CAC5C,IAAIC,EACFC,EACAC,EACAC,EACAC,EACAC,EACAC,EAEF,GAAIP,EAAE,OAAS,EAAK,OAAOA,EAiB3B,GAfAG,EAAUH,EAAE,OAAO,EAAE,CAAC,EAClBG,GAAW,MACbH,EAAIG,EAAQ,YAAY,EAAIH,EAAE,OAAO,CAAC,GAIxCI,EAAKrB,EACLsB,EAAMrB,EAEFoB,EAAG,KAAKJ,CAAC,EAAKA,EAAIA,EAAE,QAAQI,EAAG,MAAM,EAChCC,EAAI,KAAKL,CAAC,IAAKA,EAAIA,EAAE,QAAQK,EAAI,MAAM,GAGhDD,EAAKnB,EACLoB,EAAMnB,EACFkB,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBI,EAAKzB,EACDyB,EAAG,KAAKI,EAAG,EAAE,IACfJ,EAAKjB,EACLa,EAAIA,EAAE,QAAQI,EAAG,EAAE,EAEvB,SAAWC,EAAI,KAAKL,CAAC,EAAG,CACtB,IAAIQ,EAAKH,EAAI,KAAKL,CAAC,EACnBC,EAAOO,EAAG,GACVH,EAAMvB,EACFuB,EAAI,KAAKJ,CAAI,IACfD,EAAIC,EACJI,EAAMjB,EACNkB,EAAMjB,EACNkB,EAAMjB,EACFe,EAAI,KAAKL,CAAC,EAAKA,EAAIA,EAAI,IAClBM,EAAI,KAAKN,CAAC,GAAKI,EAAKjB,EAASa,EAAIA,EAAE,QAAQI,EAAG,EAAE,GAChDG,EAAI,KAAKP,CAAC,IAAKA,EAAIA,EAAI,KAEpC,CAIA,GADAI,EAAKb,EACDa,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBC,EAAOO,EAAG,GACVR,EAAIC,EAAO,GACb,CAIA,GADAG,EAAKZ,EACDY,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBC,EAAOO,EAAG,GACVN,EAASM,EAAG,GACZJ,EAAKzB,EACDyB,EAAG,KAAKH,CAAI,IACdD,EAAIC,EAAOhC,EAAUiC,GAEzB,CAIA,GADAE,EAAKX,EACDW,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBC,EAAOO,EAAG,GACVN,EAASM,EAAG,GACZJ,EAAKzB,EACDyB,EAAG,KAAKH,CAAI,IACdD,EAAIC,EAAO/B,EAAUgC,GAEzB,CAKA,GAFAE,EAAKV,EACLW,EAAMV,EACFS,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBC,EAAOO,EAAG,GACVJ,EAAKxB,EACDwB,EAAG,KAAKH,CAAI,IACdD,EAAIC,EAER,SAAWI,EAAI,KAAKL,CAAC,EAAG,CACtB,IAAIQ,EAAKH,EAAI,KAAKL,CAAC,EACnBC,EAAOO,EAAG,GAAKA,EAAG,GAClBH,EAAMzB,EACFyB,EAAI,KAAKJ,CAAI,IACfD,EAAIC,EAER,CAIA,GADAG,EAAKR,EACDQ,EAAG,KAAKJ,CAAC,EAAG,CACd,IAAIQ,EAAKJ,EAAG,KAAKJ,CAAC,EAClBC,EAAOO,EAAG,GACVJ,EAAKxB,EACLyB,EAAMxB,EACNyB,EAAMR,GACFM,EAAG,KAAKH,CAAI,GAAMI,EAAI,KAAKJ,CAAI,GAAK,CAAEK,EAAI,KAAKL,CAAI,KACrDD,EAAIC,EAER,CAEA,OAAAG,EAAKP,EACLQ,EAAMzB,EACFwB,EAAG,KAAKJ,CAAC,GAAKK,EAAI,KAAKL,CAAC,IAC1BI,EAAKjB,EACLa,EAAIA,EAAE,QAAQI,EAAG,EAAE,GAKjBD,GAAW,MACbH,EAAIG,EAAQ,YAAY,EAAIH,EAAE,OAAO,CAAC,GAGjCA,CACT,EAEA,OAAO,SAAUhD,EAAO,CACtB,OAAOA,EAAM,OAAO+C,CAAa,CACnC,CACF,EAAG,EAEHpG,EAAK,SAAS,iBAAiBA,EAAK,QAAS,SAAS,EACtD;AAAA;AAAA;AAAA,GAkBAA,EAAK,uBAAyB,SAAU8G,EAAW,CACjD,IAAIC,EAAQD,EAAU,OAAO,SAAU7D,EAAM+D,EAAU,CACrD,OAAA/D,EAAK+D,GAAYA,EACV/D,CACT,EAAG,CAAC,CAAC,EAEL,OAAO,SAAUI,EAAO,CACtB,GAAIA,GAAS0D,EAAM1D,EAAM,SAAS,KAAOA,EAAM,SAAS,EAAG,OAAOA,CACpE,CACF,EAeArD,EAAK,eAAiBA,EAAK,uBAAuB,CAChD,IACA,OACA,QACA,SACA,QACA,MACA,SACA,OACA,KACA,QACA,KACA,MACA,MACA,MACA,KACA,KACA,KACA,UACA,OACA,MACA,KACA,MACA,SACA,QACA,OACA,MACA,KACA,OACA,SACA,OACA,OACA,QACA,MACA,OACA,MACA,MACA,MACA,MACA,OACA,KACA,MACA,OACA,MACA,MACA,MACA,UACA,IACA,KACA,KACA,OACA,KACA,KACA,MACA,OACA,QACA,MACA,OACA,SACA,MACA,KACA,QACA,OACA,OACA,KACA,UACA,KACA,MACA,MACA,KACA,MACA,QACA,KACA,OACA,KACA,QACA,MACA,MACA,SACA,OACA,MACA,OACA,MACA,SACA,QACA,KACA,OACA,OACA,OACA,MACA,QACA,OACA,OACA,QACA,QACA,OACA,OACA,MACA,KACA,MACA,OACA,KACA,QACA,MACA,KACA,OACA,OACA,OACA,QACA,QACA,QACA,MACA,OACA,MACA,OACA,OACA,QACA,MACA,MACA,MACF,CAAC,EAEDA,EAAK,SAAS,iBAAiBA,EAAK,eAAgB,gBAAgB,EACpE;AAAA;AAAA;AAAA,GAoBAA,EAAK,QAAU,SAAUqD,EAAO,CAC9B,OAAOA,EAAM,OAAO,SAAUxC,EAAG,CAC/B,OAAOA,EAAE,QAAQ,OAAQ,EAAE,EAAE,QAAQ,OAAQ,EAAE,CACjD,CAAC,CACH,EAEAb,EAAK,SAAS,iBAAiBA,EAAK,QAAS,SAAS,EACtD;AAAA;AAAA;AAAA,GA0BAA,EAAK,SAAW,UAAY,CAC1B,KAAK,MAAQ,GACb,KAAK,MAAQ,CAAC,EACd,KAAK,GAAKA,EAAK,SAAS,QACxBA,EAAK,SAAS,SAAW,CAC3B,EAUAA,EAAK,SAAS,QAAU,EASxBA,EAAK,SAAS,UAAY,SAAUiH,EAAK,CAGvC,QAFI/G,EAAU,IAAIF,EAAK,SAAS,QAEvBiB,EAAI,EAAGe,EAAMiF,EAAI,OAAQhG,EAAIe,EAAKf,IACzCf,EAAQ,OAAO+G,EAAIhG,EAAE,EAGvB,OAAAf,EAAQ,OAAO,EACRA,EAAQ,IACjB,EAWAF,EAAK,SAAS,WAAa,SAAUkH,EAAQ,CAC3C,MAAI,iBAAkBA,EACblH,EAAK,SAAS,gBAAgBkH,EAAO,KAAMA,EAAO,YAAY,EAE9DlH,EAAK,SAAS,WAAWkH,EAAO,IAAI,CAE/C,EAiBAlH,EAAK,SAAS,gBAAkB,SAAU4B,EAAKuF,EAAc,CAS3D,QARIC,EAAO,IAAIpH,EAAK,SAEhBqH,EAAQ,CAAC,CACX,KAAMD,EACN,eAAgBD,EAChB,IAAKvF,CACP,CAAC,EAEMyF,EAAM,QAAQ,CACnB,IAAIC,EAAQD,EAAM,IAAI,EAGtB,GAAIC,EAAM,IAAI,OAAS,EAAG,CACxB,IAAIlF,EAAOkF,EAAM,IAAI,OAAO,CAAC,EACzBC,EAEAnF,KAAQkF,EAAM,KAAK,MACrBC,EAAaD,EAAM,KAAK,MAAMlF,IAE9BmF,EAAa,IAAIvH,EAAK,SACtBsH,EAAM,KAAK,MAAMlF,GAAQmF,GAGvBD,EAAM,IAAI,QAAU,IACtBC,EAAW,MAAQ,IAGrBF,EAAM,KAAK,CACT,KAAME,EACN,eAAgBD,EAAM,eACtB,IAAKA,EAAM,IAAI,MAAM,CAAC,CACxB,CAAC,CACH,CAEA,GAAIA,EAAM,gBAAkB,EAK5B,IAAI,MAAOA,EAAM,KAAK,MACpB,IAAIE,EAAgBF,EAAM,KAAK,MAAM,SAChC,CACL,IAAIE,EAAgB,IAAIxH,EAAK,SAC7BsH,EAAM,KAAK,MAAM,KAAOE,CAC1B,CAgCA,GA9BIF,EAAM,IAAI,QAAU,IACtBE,EAAc,MAAQ,IAGxBH,EAAM,KAAK,CACT,KAAMG,EACN,eAAgBF,EAAM,eAAiB,EACvC,IAAKA,EAAM,GACb,CAAC,EAKGA,EAAM,IAAI,OAAS,GACrBD,EAAM,KAAK,CACT,KAAMC,EAAM,KACZ,eAAgBA,EAAM,eAAiB,EACvC,IAAKA,EAAM,IAAI,MAAM,CAAC,CACxB,CAAC,EAKCA,EAAM,IAAI,QAAU,IACtBA,EAAM,KAAK,MAAQ,IAMjBA,EAAM,IAAI,QAAU,EAAG,CACzB,GAAI,MAAOA,EAAM,KAAK,MACpB,IAAIG,EAAmBH,EAAM,KAAK,MAAM,SACnC,CACL,IAAIG,EAAmB,IAAIzH,EAAK,SAChCsH,EAAM,KAAK,MAAM,KAAOG,CAC1B,CAEIH,EAAM,IAAI,QAAU,IACtBG,EAAiB,MAAQ,IAG3BJ,EAAM,KAAK,CACT,KAAMI,EACN,eAAgBH,EAAM,eAAiB,EACvC,IAAKA,EAAM,IAAI,MAAM,CAAC,CACxB,CAAC,CACH,CAKA,GAAIA,EAAM,IAAI,OAAS,EAAG,CACxB,IAAII,EAAQJ,EAAM,IAAI,OAAO,CAAC,EAC1BK,EAAQL,EAAM,IAAI,OAAO,CAAC,EAC1BM,EAEAD,KAASL,EAAM,KAAK,MACtBM,EAAgBN,EAAM,KAAK,MAAMK,IAEjCC,EAAgB,IAAI5H,EAAK,SACzBsH,EAAM,KAAK,MAAMK,GAASC,GAGxBN,EAAM,IAAI,QAAU,IACtBM,EAAc,MAAQ,IAGxBP,EAAM,KAAK,CACT,KAAMO,EACN,eAAgBN,EAAM,eAAiB,EACvC,IAAKI,EAAQJ,EAAM,IAAI,MAAM,CAAC,CAChC,CAAC,CACH,EACF,CAEA,OAAOF,CACT,EAYApH,EAAK,SAAS,WAAa,SAAU4B,EAAK,CAYxC,QAXIiG,EAAO,IAAI7H,EAAK,SAChBoH,EAAOS,EAUF,EAAI,EAAG7F,EAAMJ,EAAI,OAAQ,EAAII,EAAK,IAAK,CAC9C,IAAII,EAAOR,EAAI,GACXkG,EAAS,GAAK9F,EAAM,EAExB,GAAII,GAAQ,IACVyF,EAAK,MAAMzF,GAAQyF,EACnBA,EAAK,MAAQC,MAER,CACL,IAAIC,EAAO,IAAI/H,EAAK,SACpB+H,EAAK,MAAQD,EAEbD,EAAK,MAAMzF,GAAQ2F,EACnBF,EAAOE,CACT,CACF,CAEA,OAAOX,CACT,EAYApH,EAAK,SAAS,UAAU,QAAU,UAAY,CAQ5C,QAPI+G,EAAQ,CAAC,EAETM,EAAQ,CAAC,CACX,OAAQ,GACR,KAAM,IACR,CAAC,EAEMA,EAAM,QAAQ,CACnB,IAAIC,EAAQD,EAAM,IAAI,EAClBW,EAAQ,OAAO,KAAKV,EAAM,KAAK,KAAK,EACpCtF,EAAMgG,EAAM,OAEZV,EAAM,KAAK,QAKbA,EAAM,OAAO,OAAO,CAAC,EACrBP,EAAM,KAAKO,EAAM,MAAM,GAGzB,QAASrG,EAAI,EAAGA,EAAIe,EAAKf,IAAK,CAC5B,IAAIgH,EAAOD,EAAM/G,GAEjBoG,EAAM,KAAK,CACT,OAAQC,EAAM,OAAO,OAAOW,CAAI,EAChC,KAAMX,EAAM,KAAK,MAAMW,EACzB,CAAC,CACH,CACF,CAEA,OAAOlB,CACT,EAYA/G,EAAK,SAAS,UAAU,SAAW,UAAY,CAS7C,GAAI,KAAK,KACP,OAAO,KAAK,KAOd,QAJI4B,EAAM,KAAK,MAAQ,IAAM,IACzBsG,EAAS,OAAO,KAAK,KAAK,KAAK,EAAE,KAAK,EACtClG,EAAMkG,EAAO,OAER,EAAI,EAAG,EAAIlG,EAAK,IAAK,CAC5B,IAAIO,EAAQ2F,EAAO,GACfL,EAAO,KAAK,MAAMtF,GAEtBX,EAAMA,EAAMW,EAAQsF,EAAK,EAC3B,CAEA,OAAOjG,CACT,EAYA5B,EAAK,SAAS,UAAU,UAAY,SAAUqB,EAAG,CAU/C,QATIgD,EAAS,IAAIrE,EAAK,SAClBsH,EAAQ,OAERD,EAAQ,CAAC,CACX,MAAOhG,EACP,OAAQgD,EACR,KAAM,IACR,CAAC,EAEMgD,EAAM,QAAQ,CACnBC,EAAQD,EAAM,IAAI,EAWlB,QALIc,EAAS,OAAO,KAAKb,EAAM,MAAM,KAAK,EACtCc,EAAOD,EAAO,OACdE,EAAS,OAAO,KAAKf,EAAM,KAAK,KAAK,EACrCgB,EAAOD,EAAO,OAETE,EAAI,EAAGA,EAAIH,EAAMG,IAGxB,QAFIC,EAAQL,EAAOI,GAEVzH,EAAI,EAAGA,EAAIwH,EAAMxH,IAAK,CAC7B,IAAI2H,EAAQJ,EAAOvH,GAEnB,GAAI2H,GAASD,GAASA,GAAS,IAAK,CAClC,IAAIX,EAAOP,EAAM,KAAK,MAAMmB,GACxBC,EAAQpB,EAAM,MAAM,MAAMkB,GAC1BV,EAAQD,EAAK,OAASa,EAAM,MAC5BX,EAAO,OAEPU,KAASnB,EAAM,OAAO,OAIxBS,EAAOT,EAAM,OAAO,MAAMmB,GAC1BV,EAAK,MAAQA,EAAK,OAASD,IAM3BC,EAAO,IAAI/H,EAAK,SAChB+H,EAAK,MAAQD,EACbR,EAAM,OAAO,MAAMmB,GAASV,GAG9BV,EAAM,KAAK,CACT,MAAOqB,EACP,OAAQX,EACR,KAAMF,CACR,CAAC,CACH,CACF,CAEJ,CAEA,OAAOxD,CACT,EACArE,EAAK,SAAS,QAAU,UAAY,CAClC,KAAK,aAAe,GACpB,KAAK,KAAO,IAAIA,EAAK,SACrB,KAAK,eAAiB,CAAC,EACvB,KAAK,eAAiB,CAAC,CACzB,EAEAA,EAAK,SAAS,QAAQ,UAAU,OAAS,SAAU2I,EAAM,CACvD,IAAId,EACAe,EAAe,EAEnB,GAAID,EAAO,KAAK,aACd,MAAM,IAAI,MAAO,6BAA6B,EAGhD,QAAS,EAAI,EAAG,EAAIA,EAAK,QAAU,EAAI,KAAK,aAAa,QACnDA,EAAK,IAAM,KAAK,aAAa,GAD8B,IAE/DC,IAGF,KAAK,SAASA,CAAY,EAEtB,KAAK,eAAe,QAAU,EAChCf,EAAO,KAAK,KAEZA,EAAO,KAAK,eAAe,KAAK,eAAe,OAAS,GAAG,MAG7D,QAAS,EAAIe,EAAc,EAAID,EAAK,OAAQ,IAAK,CAC/C,IAAIE,EAAW,IAAI7I,EAAK,SACpBoC,EAAOuG,EAAK,GAEhBd,EAAK,MAAMzF,GAAQyG,EAEnB,KAAK,eAAe,KAAK,CACvB,OAAQhB,EACR,KAAMzF,EACN,MAAOyG,CACT,CAAC,EAEDhB,EAAOgB,CACT,CAEAhB,EAAK,MAAQ,GACb,KAAK,aAAec,CACtB,EAEA3I,EAAK,SAAS,QAAQ,UAAU,OAAS,UAAY,CACnD,KAAK,SAAS,CAAC,CACjB,EAEAA,EAAK,SAAS,QAAQ,UAAU,SAAW,SAAU8I,EAAQ,CAC3D,QAAS7H,EAAI,KAAK,eAAe,OAAS,EAAGA,GAAK6H,EAAQ7H,IAAK,CAC7D,IAAI4G,EAAO,KAAK,eAAe5G,GAC3B8H,EAAWlB,EAAK,MAAM,SAAS,EAE/BkB,KAAY,KAAK,eACnBlB,EAAK,OAAO,MAAMA,EAAK,MAAQ,KAAK,eAAekB,IAInDlB,EAAK,MAAM,KAAOkB,EAElB,KAAK,eAAeA,GAAYlB,EAAK,OAGvC,KAAK,eAAe,IAAI,CAC1B,CACF,EACA;AAAA;AAAA;AAAA,GAqBA7H,EAAK,MAAQ,SAAUgJ,EAAO,CAC5B,KAAK,cAAgBA,EAAM,cAC3B,KAAK,aAAeA,EAAM,aAC1B,KAAK,SAAWA,EAAM,SACtB,KAAK,OAASA,EAAM,OACpB,KAAK,SAAWA,EAAM,QACxB,EAyEAhJ,EAAK,MAAM,UAAU,OAAS,SAAUiJ,EAAa,CACnD,OAAO,KAAK,MAAM,SAAUC,EAAO,CACjC,IAAIC,EAAS,IAAInJ,EAAK,YAAYiJ,EAAaC,CAAK,EACpDC,EAAO,MAAM,CACf,CAAC,CACH,EA2BAnJ,EAAK,MAAM,UAAU,MAAQ,SAAU8B,EAAI,CAoBzC,QAZIoH,EAAQ,IAAIlJ,EAAK,MAAM,KAAK,MAAM,EAClCoJ,EAAiB,OAAO,OAAO,IAAI,EACnCC,EAAe,OAAO,OAAO,IAAI,EACjCC,EAAiB,OAAO,OAAO,IAAI,EACnCC,EAAkB,OAAO,OAAO,IAAI,EACpCC,EAAoB,OAAO,OAAO,IAAI,EAOjCvI,EAAI,EAAGA,EAAI,KAAK,OAAO,OAAQA,IACtCoI,EAAa,KAAK,OAAOpI,IAAM,IAAIjB,EAAK,OAG1C8B,EAAG,KAAKoH,EAAOA,CAAK,EAEpB,QAASjI,EAAI,EAAGA,EAAIiI,EAAM,QAAQ,OAAQjI,IAAK,CAS7C,IAAIiG,EAASgC,EAAM,QAAQjI,GACvBwI,EAAQ,KACRC,EAAgB1J,EAAK,IAAI,MAEzBkH,EAAO,YACTuC,EAAQ,KAAK,SAAS,UAAUvC,EAAO,KAAM,CAC3C,OAAQA,EAAO,MACjB,CAAC,EAEDuC,EAAQ,CAACvC,EAAO,IAAI,EAGtB,QAASyC,EAAI,EAAGA,EAAIF,EAAM,OAAQE,IAAK,CACrC,IAAIC,EAAOH,EAAME,GAQjBzC,EAAO,KAAO0C,EAOd,IAAIC,EAAe7J,EAAK,SAAS,WAAWkH,CAAM,EAC9C4C,EAAgB,KAAK,SAAS,UAAUD,CAAY,EAAE,QAAQ,EAQlE,GAAIC,EAAc,SAAW,GAAK5C,EAAO,WAAalH,EAAK,MAAM,SAAS,SAAU,CAClF,QAASoD,EAAI,EAAGA,EAAI8D,EAAO,OAAO,OAAQ9D,IAAK,CAC7C,IAAI2G,EAAQ7C,EAAO,OAAO9D,GAC1BmG,EAAgBQ,GAAS/J,EAAK,IAAI,KACpC,CAEA,KACF,CAEA,QAASkD,EAAI,EAAGA,EAAI4G,EAAc,OAAQ5G,IASxC,QAJI8G,EAAeF,EAAc5G,GAC7B1B,EAAU,KAAK,cAAcwI,GAC7BC,EAAYzI,EAAQ,OAEf4B,EAAI,EAAGA,EAAI8D,EAAO,OAAO,OAAQ9D,IAAK,CAS7C,IAAI2G,EAAQ7C,EAAO,OAAO9D,GACtB8G,EAAe1I,EAAQuI,GACvBI,EAAuB,OAAO,KAAKD,CAAY,EAC/CE,EAAYJ,EAAe,IAAMD,EACjCM,EAAuB,IAAIrK,EAAK,IAAImK,CAAoB,EAoB5D,GAbIjD,EAAO,UAAYlH,EAAK,MAAM,SAAS,WACzC0J,EAAgBA,EAAc,MAAMW,CAAoB,EAEpDd,EAAgBQ,KAAW,SAC7BR,EAAgBQ,GAAS/J,EAAK,IAAI,WASlCkH,EAAO,UAAYlH,EAAK,MAAM,SAAS,WAAY,CACjDwJ,EAAkBO,KAAW,SAC/BP,EAAkBO,GAAS/J,EAAK,IAAI,OAGtCwJ,EAAkBO,GAASP,EAAkBO,GAAO,MAAMM,CAAoB,EAO9E,QACF,CAeA,GANAhB,EAAaU,GAAO,OAAOE,EAAW/C,EAAO,MAAO,SAAU9F,GAAGC,GAAG,CAAE,OAAOD,GAAIC,EAAE,CAAC,EAMhF,CAAAiI,EAAec,GAInB,SAASE,EAAI,EAAGA,EAAIH,EAAqB,OAAQG,IAAK,CAOpD,IAAIC,EAAsBJ,EAAqBG,GAC3CE,EAAmB,IAAIxK,EAAK,SAAUuK,EAAqBR,CAAK,EAChElI,EAAWqI,EAAaK,GACxBE,GAECA,EAAarB,EAAeoB,MAAuB,OACtDpB,EAAeoB,GAAoB,IAAIxK,EAAK,UAAWgK,EAAcD,EAAOlI,CAAQ,EAEpF4I,EAAW,IAAIT,EAAcD,EAAOlI,CAAQ,CAGhD,CAEAyH,EAAec,GAAa,GAC9B,CAEJ,CAQA,GAAIlD,EAAO,WAAalH,EAAK,MAAM,SAAS,SAC1C,QAASoD,EAAI,EAAGA,EAAI8D,EAAO,OAAO,OAAQ9D,IAAK,CAC7C,IAAI2G,EAAQ7C,EAAO,OAAO9D,GAC1BmG,EAAgBQ,GAASR,EAAgBQ,GAAO,UAAUL,CAAa,CACzE,CAEJ,CAUA,QAHIgB,EAAqB1K,EAAK,IAAI,SAC9B2K,EAAuB3K,EAAK,IAAI,MAE3BiB,EAAI,EAAGA,EAAI,KAAK,OAAO,OAAQA,IAAK,CAC3C,IAAI8I,EAAQ,KAAK,OAAO9I,GAEpBsI,EAAgBQ,KAClBW,EAAqBA,EAAmB,UAAUnB,EAAgBQ,EAAM,GAGtEP,EAAkBO,KACpBY,EAAuBA,EAAqB,MAAMnB,EAAkBO,EAAM,EAE9E,CAEA,IAAIa,EAAoB,OAAO,KAAKxB,CAAc,EAC9CyB,EAAU,CAAC,EACXC,EAAU,OAAO,OAAO,IAAI,EAYhC,GAAI5B,EAAM,UAAU,EAAG,CACrB0B,EAAoB,OAAO,KAAK,KAAK,YAAY,EAEjD,QAAS3J,EAAI,EAAGA,EAAI2J,EAAkB,OAAQ3J,IAAK,CACjD,IAAIuJ,EAAmBI,EAAkB3J,GACrCF,EAAWf,EAAK,SAAS,WAAWwK,CAAgB,EACxDpB,EAAeoB,GAAoB,IAAIxK,EAAK,SAC9C,CACF,CAEA,QAASiB,EAAI,EAAGA,EAAI2J,EAAkB,OAAQ3J,IAAK,CASjD,IAAIF,EAAWf,EAAK,SAAS,WAAW4K,EAAkB3J,EAAE,EACxDP,EAASK,EAAS,OAEtB,GAAI,EAAC2J,EAAmB,SAAShK,CAAM,GAInC,CAAAiK,EAAqB,SAASjK,CAAM,EAIxC,KAAIqK,EAAc,KAAK,aAAahK,GAChCiK,EAAQ3B,EAAatI,EAAS,WAAW,WAAWgK,CAAW,EAC/DE,EAEJ,IAAKA,EAAWH,EAAQpK,MAAa,OACnCuK,EAAS,OAASD,EAClBC,EAAS,UAAU,QAAQ7B,EAAerI,EAAS,MAC9C,CACL,IAAImK,EAAQ,CACV,IAAKxK,EACL,MAAOsK,EACP,UAAW5B,EAAerI,EAC5B,EACA+J,EAAQpK,GAAUwK,EAClBL,EAAQ,KAAKK,CAAK,CACpB,EACF,CAKA,OAAOL,EAAQ,KAAK,SAAUzJ,GAAGC,GAAG,CAClC,OAAOA,GAAE,MAAQD,GAAE,KACrB,CAAC,CACH,EAUApB,EAAK,MAAM,UAAU,OAAS,UAAY,CACxC,IAAImL,EAAgB,OAAO,KAAK,KAAK,aAAa,EAC/C,KAAK,EACL,IAAI,SAAUvB,EAAM,CACnB,MAAO,CAACA,EAAM,KAAK,cAAcA,EAAK,CACxC,EAAG,IAAI,EAELwB,EAAe,OAAO,KAAK,KAAK,YAAY,EAC7C,IAAI,SAAUC,EAAK,CAClB,MAAO,CAACA,EAAK,KAAK,aAAaA,GAAK,OAAO,CAAC,CAC9C,EAAG,IAAI,EAET,MAAO,CACL,QAASrL,EAAK,QACd,OAAQ,KAAK,OACb,aAAcoL,EACd,cAAeD,EACf,SAAU,KAAK,SAAS,OAAO,CACjC,CACF,EAQAnL,EAAK,MAAM,KAAO,SAAUsL,EAAiB,CAC3C,IAAItC,EAAQ,CAAC,EACToC,EAAe,CAAC,EAChBG,EAAoBD,EAAgB,aACpCH,EAAgB,OAAO,OAAO,IAAI,EAClCK,EAA0BF,EAAgB,cAC1CG,EAAkB,IAAIzL,EAAK,SAAS,QACpC0C,EAAW1C,EAAK,SAAS,KAAKsL,EAAgB,QAAQ,EAEtDA,EAAgB,SAAWtL,EAAK,SAClCA,EAAK,MAAM,KAAK,4EAA8EA,EAAK,QAAU,sCAAwCsL,EAAgB,QAAU,GAAG,EAGpL,QAASrK,EAAI,EAAGA,EAAIsK,EAAkB,OAAQtK,IAAK,CACjD,IAAIyK,EAAQH,EAAkBtK,GAC1BoK,EAAMK,EAAM,GACZ1K,EAAW0K,EAAM,GAErBN,EAAaC,GAAO,IAAIrL,EAAK,OAAOgB,CAAQ,CAC9C,CAEA,QAASC,EAAI,EAAGA,EAAIuK,EAAwB,OAAQvK,IAAK,CACvD,IAAIyK,EAAQF,EAAwBvK,GAChC2I,EAAO8B,EAAM,GACblK,EAAUkK,EAAM,GAEpBD,EAAgB,OAAO7B,CAAI,EAC3BuB,EAAcvB,GAAQpI,CACxB,CAEA,OAAAiK,EAAgB,OAAO,EAEvBzC,EAAM,OAASsC,EAAgB,OAE/BtC,EAAM,aAAeoC,EACrBpC,EAAM,cAAgBmC,EACtBnC,EAAM,SAAWyC,EAAgB,KACjCzC,EAAM,SAAWtG,EAEV,IAAI1C,EAAK,MAAMgJ,CAAK,CAC7B,EACA;AAAA;AAAA;AAAA,GA6BAhJ,EAAK,QAAU,UAAY,CACzB,KAAK,KAAO,KACZ,KAAK,QAAU,OAAO,OAAO,IAAI,EACjC,KAAK,WAAa,OAAO,OAAO,IAAI,EACpC,KAAK,cAAgB,OAAO,OAAO,IAAI,EACvC,KAAK,qBAAuB,CAAC,EAC7B,KAAK,aAAe,CAAC,EACrB,KAAK,UAAYA,EAAK,UACtB,KAAK,SAAW,IAAIA,EAAK,SACzB,KAAK,eAAiB,IAAIA,EAAK,SAC/B,KAAK,cAAgB,EACrB,KAAK,GAAK,IACV,KAAK,IAAM,IACX,KAAK,UAAY,EACjB,KAAK,kBAAoB,CAAC,CAC5B,EAcAA,EAAK,QAAQ,UAAU,IAAM,SAAUqL,EAAK,CAC1C,KAAK,KAAOA,CACd,EAkCArL,EAAK,QAAQ,UAAU,MAAQ,SAAUW,EAAWgL,EAAY,CAC9D,GAAI,KAAK,KAAKhL,CAAS,EACrB,MAAM,IAAI,WAAY,UAAYA,EAAY,kCAAkC,EAGlF,KAAK,QAAQA,GAAagL,GAAc,CAAC,CAC3C,EAUA3L,EAAK,QAAQ,UAAU,EAAI,SAAU4L,EAAQ,CACvCA,EAAS,EACX,KAAK,GAAK,EACDA,EAAS,EAClB,KAAK,GAAK,EAEV,KAAK,GAAKA,CAEd,EASA5L,EAAK,QAAQ,UAAU,GAAK,SAAU4L,EAAQ,CAC5C,KAAK,IAAMA,CACb,EAmBA5L,EAAK,QAAQ,UAAU,IAAM,SAAU6L,EAAKF,EAAY,CACtD,IAAIjL,EAASmL,EAAI,KAAK,MAClBC,EAAS,OAAO,KAAK,KAAK,OAAO,EAErC,KAAK,WAAWpL,GAAUiL,GAAc,CAAC,EACzC,KAAK,eAAiB,EAEtB,QAAS1K,EAAI,EAAGA,EAAI6K,EAAO,OAAQ7K,IAAK,CACtC,IAAIN,EAAYmL,EAAO7K,GACnB8K,EAAY,KAAK,QAAQpL,GAAW,UACpCoJ,EAAQgC,EAAYA,EAAUF,CAAG,EAAIA,EAAIlL,GACzCsB,EAAS,KAAK,UAAU8H,EAAO,CAC7B,OAAQ,CAACpJ,CAAS,CACpB,CAAC,EACD8I,EAAQ,KAAK,SAAS,IAAIxH,CAAM,EAChClB,EAAW,IAAIf,EAAK,SAAUU,EAAQC,CAAS,EAC/CqL,EAAa,OAAO,OAAO,IAAI,EAEnC,KAAK,qBAAqBjL,GAAYiL,EACtC,KAAK,aAAajL,GAAY,EAG9B,KAAK,aAAaA,IAAa0I,EAAM,OAGrC,QAASvG,EAAI,EAAGA,EAAIuG,EAAM,OAAQvG,IAAK,CACrC,IAAI0G,EAAOH,EAAMvG,GAUjB,GARI8I,EAAWpC,IAAS,OACtBoC,EAAWpC,GAAQ,GAGrBoC,EAAWpC,IAAS,EAIhB,KAAK,cAAcA,IAAS,KAAW,CACzC,IAAIpI,EAAU,OAAO,OAAO,IAAI,EAChCA,EAAQ,OAAY,KAAK,UACzB,KAAK,WAAa,EAElB,QAAS4B,EAAI,EAAGA,EAAI0I,EAAO,OAAQ1I,IACjC5B,EAAQsK,EAAO1I,IAAM,OAAO,OAAO,IAAI,EAGzC,KAAK,cAAcwG,GAAQpI,CAC7B,CAGI,KAAK,cAAcoI,GAAMjJ,GAAWD,IAAW,OACjD,KAAK,cAAckJ,GAAMjJ,GAAWD,GAAU,OAAO,OAAO,IAAI,GAKlE,QAAS4J,EAAI,EAAGA,EAAI,KAAK,kBAAkB,OAAQA,IAAK,CACtD,IAAI2B,EAAc,KAAK,kBAAkB3B,GACrCzI,EAAW+H,EAAK,SAASqC,GAEzB,KAAK,cAAcrC,GAAMjJ,GAAWD,GAAQuL,IAAgB,OAC9D,KAAK,cAAcrC,GAAMjJ,GAAWD,GAAQuL,GAAe,CAAC,GAG9D,KAAK,cAAcrC,GAAMjJ,GAAWD,GAAQuL,GAAa,KAAKpK,CAAQ,CACxE,CACF,CAEF,CACF,EAOA7B,EAAK,QAAQ,UAAU,6BAA+B,UAAY,CAOhE,QALIkM,EAAY,OAAO,KAAK,KAAK,YAAY,EACzCC,EAAiBD,EAAU,OAC3BE,EAAc,CAAC,EACfC,EAAqB,CAAC,EAEjBpL,EAAI,EAAGA,EAAIkL,EAAgBlL,IAAK,CACvC,IAAIF,EAAWf,EAAK,SAAS,WAAWkM,EAAUjL,EAAE,EAChD8I,EAAQhJ,EAAS,UAErBsL,EAAmBtC,KAAWsC,EAAmBtC,GAAS,GAC1DsC,EAAmBtC,IAAU,EAE7BqC,EAAYrC,KAAWqC,EAAYrC,GAAS,GAC5CqC,EAAYrC,IAAU,KAAK,aAAahJ,EAC1C,CAIA,QAFI+K,EAAS,OAAO,KAAK,KAAK,OAAO,EAE5B7K,EAAI,EAAGA,EAAI6K,EAAO,OAAQ7K,IAAK,CACtC,IAAIN,EAAYmL,EAAO7K,GACvBmL,EAAYzL,GAAayL,EAAYzL,GAAa0L,EAAmB1L,EACvE,CAEA,KAAK,mBAAqByL,CAC5B,EAOApM,EAAK,QAAQ,UAAU,mBAAqB,UAAY,CAMtD,QALIoL,EAAe,CAAC,EAChBc,EAAY,OAAO,KAAK,KAAK,oBAAoB,EACjDI,EAAkBJ,EAAU,OAC5BK,EAAe,OAAO,OAAO,IAAI,EAE5BtL,EAAI,EAAGA,EAAIqL,EAAiBrL,IAAK,CAaxC,QAZIF,EAAWf,EAAK,SAAS,WAAWkM,EAAUjL,EAAE,EAChDN,EAAYI,EAAS,UACrByL,EAAc,KAAK,aAAazL,GAChCgK,EAAc,IAAI/K,EAAK,OACvByM,EAAkB,KAAK,qBAAqB1L,GAC5C0I,EAAQ,OAAO,KAAKgD,CAAe,EACnCC,EAAcjD,EAAM,OAGpBkD,EAAa,KAAK,QAAQhM,GAAW,OAAS,EAC9CiM,EAAW,KAAK,WAAW7L,EAAS,QAAQ,OAAS,EAEhDmC,EAAI,EAAGA,EAAIwJ,EAAaxJ,IAAK,CACpC,IAAI0G,EAAOH,EAAMvG,GACb2J,EAAKJ,EAAgB7C,GACrBK,EAAY,KAAK,cAAcL,GAAM,OACrCkD,EAAK9B,EAAO+B,EAEZR,EAAa3C,KAAU,QACzBkD,EAAM9M,EAAK,IAAI,KAAK,cAAc4J,GAAO,KAAK,aAAa,EAC3D2C,EAAa3C,GAAQkD,GAErBA,EAAMP,EAAa3C,GAGrBoB,EAAQ8B,IAAQ,KAAK,IAAM,GAAKD,IAAO,KAAK,KAAO,EAAI,KAAK,GAAK,KAAK,IAAML,EAAc,KAAK,mBAAmB7L,KAAekM,GACjI7B,GAAS2B,EACT3B,GAAS4B,EACTG,EAAqB,KAAK,MAAM/B,EAAQ,GAAI,EAAI,IAQhDD,EAAY,OAAOd,EAAW8C,CAAkB,CAClD,CAEA3B,EAAarK,GAAYgK,CAC3B,CAEA,KAAK,aAAeK,CACtB,EAOApL,EAAK,QAAQ,UAAU,eAAiB,UAAY,CAClD,KAAK,SAAWA,EAAK,SAAS,UAC5B,OAAO,KAAK,KAAK,aAAa,EAAE,KAAK,CACvC,CACF,EAUAA,EAAK,QAAQ,UAAU,MAAQ,UAAY,CACzC,YAAK,6BAA6B,EAClC,KAAK,mBAAmB,EACxB,KAAK,eAAe,EAEb,IAAIA,EAAK,MAAM,CACpB,cAAe,KAAK,cACpB,aAAc,KAAK,aACnB,SAAU,KAAK,SACf,OAAQ,OAAO,KAAK,KAAK,OAAO,EAChC,SAAU,KAAK,cACjB,CAAC,CACH,EAgBAA,EAAK,QAAQ,UAAU,IAAM,SAAU8B,EAAI,CACzC,IAAIkL,EAAO,MAAM,UAAU,MAAM,KAAK,UAAW,CAAC,EAClDA,EAAK,QAAQ,IAAI,EACjBlL,EAAG,MAAM,KAAMkL,CAAI,CACrB,EAaAhN,EAAK,UAAY,SAAU4J,EAAMG,EAAOlI,EAAU,CAShD,QARIoL,EAAiB,OAAO,OAAO,IAAI,EACnCC,EAAe,OAAO,KAAKrL,GAAY,CAAC,CAAC,EAOpCZ,EAAI,EAAGA,EAAIiM,EAAa,OAAQjM,IAAK,CAC5C,IAAIT,EAAM0M,EAAajM,GACvBgM,EAAezM,GAAOqB,EAASrB,GAAK,MAAM,CAC5C,CAEA,KAAK,SAAW,OAAO,OAAO,IAAI,EAE9BoJ,IAAS,SACX,KAAK,SAASA,GAAQ,OAAO,OAAO,IAAI,EACxC,KAAK,SAASA,GAAMG,GAASkD,EAEjC,EAWAjN,EAAK,UAAU,UAAU,QAAU,SAAUmN,EAAgB,CAG3D,QAFI1D,EAAQ,OAAO,KAAK0D,EAAe,QAAQ,EAEtClM,EAAI,EAAGA,EAAIwI,EAAM,OAAQxI,IAAK,CACrC,IAAI2I,EAAOH,EAAMxI,GACb6K,EAAS,OAAO,KAAKqB,EAAe,SAASvD,EAAK,EAElD,KAAK,SAASA,IAAS,OACzB,KAAK,SAASA,GAAQ,OAAO,OAAO,IAAI,GAG1C,QAAS1G,EAAI,EAAGA,EAAI4I,EAAO,OAAQ5I,IAAK,CACtC,IAAI6G,EAAQ+B,EAAO5I,GACf3C,EAAO,OAAO,KAAK4M,EAAe,SAASvD,GAAMG,EAAM,EAEvD,KAAK,SAASH,GAAMG,IAAU,OAChC,KAAK,SAASH,GAAMG,GAAS,OAAO,OAAO,IAAI,GAGjD,QAAS3G,EAAI,EAAGA,EAAI7C,EAAK,OAAQ6C,IAAK,CACpC,IAAI5C,EAAMD,EAAK6C,GAEX,KAAK,SAASwG,GAAMG,GAAOvJ,IAAQ,KACrC,KAAK,SAASoJ,GAAMG,GAAOvJ,GAAO2M,EAAe,SAASvD,GAAMG,GAAOvJ,GAEvE,KAAK,SAASoJ,GAAMG,GAAOvJ,GAAO,KAAK,SAASoJ,GAAMG,GAAOvJ,GAAK,OAAO2M,EAAe,SAASvD,GAAMG,GAAOvJ,EAAI,CAGtH,CACF,CACF,CACF,EASAR,EAAK,UAAU,UAAU,IAAM,SAAU4J,EAAMG,EAAOlI,EAAU,CAC9D,GAAI,EAAE+H,KAAQ,KAAK,UAAW,CAC5B,KAAK,SAASA,GAAQ,OAAO,OAAO,IAAI,EACxC,KAAK,SAASA,GAAMG,GAASlI,EAC7B,MACF,CAEA,GAAI,EAAEkI,KAAS,KAAK,SAASH,IAAQ,CACnC,KAAK,SAASA,GAAMG,GAASlI,EAC7B,MACF,CAIA,QAFIqL,EAAe,OAAO,KAAKrL,CAAQ,EAE9BZ,EAAI,EAAGA,EAAIiM,EAAa,OAAQjM,IAAK,CAC5C,IAAIT,EAAM0M,EAAajM,GAEnBT,KAAO,KAAK,SAASoJ,GAAMG,GAC7B,KAAK,SAASH,GAAMG,GAAOvJ,GAAO,KAAK,SAASoJ,GAAMG,GAAOvJ,GAAK,OAAOqB,EAASrB,EAAI,EAEtF,KAAK,SAASoJ,GAAMG,GAAOvJ,GAAOqB,EAASrB,EAE/C,CACF,EAYAR,EAAK,MAAQ,SAAUoN,EAAW,CAChC,KAAK,QAAU,CAAC,EAChB,KAAK,UAAYA,CACnB,EA0BApN,EAAK,MAAM,SAAW,IAAI,OAAQ,GAAG,EACrCA,EAAK,MAAM,SAAS,KAAO,EAC3BA,EAAK,MAAM,SAAS,QAAU,EAC9BA,EAAK,MAAM,SAAS,SAAW,EAa/BA,EAAK,MAAM,SAAW,CAIpB,SAAU,EAMV,SAAU,EAMV,WAAY,CACd,EAyBAA,EAAK,MAAM,UAAU,OAAS,SAAUkH,EAAQ,CAC9C,MAAM,WAAYA,IAChBA,EAAO,OAAS,KAAK,WAGjB,UAAWA,IACfA,EAAO,MAAQ,GAGX,gBAAiBA,IACrBA,EAAO,YAAc,IAGjB,aAAcA,IAClBA,EAAO,SAAWlH,EAAK,MAAM,SAAS,MAGnCkH,EAAO,SAAWlH,EAAK,MAAM,SAAS,SAAakH,EAAO,KAAK,OAAO,CAAC,GAAKlH,EAAK,MAAM,WAC1FkH,EAAO,KAAO,IAAMA,EAAO,MAGxBA,EAAO,SAAWlH,EAAK,MAAM,SAAS,UAAckH,EAAO,KAAK,MAAM,EAAE,GAAKlH,EAAK,MAAM,WAC3FkH,EAAO,KAAO,GAAKA,EAAO,KAAO,KAG7B,aAAcA,IAClBA,EAAO,SAAWlH,EAAK,MAAM,SAAS,UAGxC,KAAK,QAAQ,KAAKkH,CAAM,EAEjB,IACT,EASAlH,EAAK,MAAM,UAAU,UAAY,UAAY,CAC3C,QAASiB,EAAI,EAAGA,EAAI,KAAK,QAAQ,OAAQA,IACvC,GAAI,KAAK,QAAQA,GAAG,UAAYjB,EAAK,MAAM,SAAS,WAClD,MAAO,GAIX,MAAO,EACT,EA4BAA,EAAK,MAAM,UAAU,KAAO,SAAU4J,EAAMyD,EAAS,CACnD,GAAI,MAAM,QAAQzD,CAAI,EACpB,OAAAA,EAAK,QAAQ,SAAU7H,EAAG,CAAE,KAAK,KAAKA,EAAG/B,EAAK,MAAM,MAAMqN,CAAO,CAAC,CAAE,EAAG,IAAI,EACpE,KAGT,IAAInG,EAASmG,GAAW,CAAC,EACzB,OAAAnG,EAAO,KAAO0C,EAAK,SAAS,EAE5B,KAAK,OAAO1C,CAAM,EAEX,IACT,EACAlH,EAAK,gBAAkB,SAAUI,EAASmD,EAAOC,EAAK,CACpD,KAAK,KAAO,kBACZ,KAAK,QAAUpD,EACf,KAAK,MAAQmD,EACb,KAAK,IAAMC,CACb,EAEAxD,EAAK,gBAAgB,UAAY,IAAI,MACrCA,EAAK,WAAa,SAAU4B,EAAK,CAC/B,KAAK,QAAU,CAAC,EAChB,KAAK,IAAMA,EACX,KAAK,OAASA,EAAI,OAClB,KAAK,IAAM,EACX,KAAK,MAAQ,EACb,KAAK,oBAAsB,CAAC,CAC9B,EAEA5B,EAAK,WAAW,UAAU,IAAM,UAAY,CAG1C,QAFIsN,EAAQtN,EAAK,WAAW,QAErBsN,GACLA,EAAQA,EAAM,IAAI,CAEtB,EAEAtN,EAAK,WAAW,UAAU,YAAc,UAAY,CAKlD,QAJIuN,EAAY,CAAC,EACbpL,EAAa,KAAK,MAClBD,EAAW,KAAK,IAEX,EAAI,EAAG,EAAI,KAAK,oBAAoB,OAAQ,IACnDA,EAAW,KAAK,oBAAoB,GACpCqL,EAAU,KAAK,KAAK,IAAI,MAAMpL,EAAYD,CAAQ,CAAC,EACnDC,EAAaD,EAAW,EAG1B,OAAAqL,EAAU,KAAK,KAAK,IAAI,MAAMpL,EAAY,KAAK,GAAG,CAAC,EACnD,KAAK,oBAAoB,OAAS,EAE3BoL,EAAU,KAAK,EAAE,CAC1B,EAEAvN,EAAK,WAAW,UAAU,KAAO,SAAUwN,EAAM,CAC/C,KAAK,QAAQ,KAAK,CAChB,KAAMA,EACN,IAAK,KAAK,YAAY,EACtB,MAAO,KAAK,MACZ,IAAK,KAAK,GACZ,CAAC,EAED,KAAK,MAAQ,KAAK,GACpB,EAEAxN,EAAK,WAAW,UAAU,gBAAkB,UAAY,CACtD,KAAK,oBAAoB,KAAK,KAAK,IAAM,CAAC,EAC1C,KAAK,KAAO,CACd,EAEAA,EAAK,WAAW,UAAU,KAAO,UAAY,CAC3C,GAAI,KAAK,KAAO,KAAK,OACnB,OAAOA,EAAK,WAAW,IAGzB,IAAIoC,EAAO,KAAK,IAAI,OAAO,KAAK,GAAG,EACnC,YAAK,KAAO,EACLA,CACT,EAEApC,EAAK,WAAW,UAAU,MAAQ,UAAY,CAC5C,OAAO,KAAK,IAAM,KAAK,KACzB,EAEAA,EAAK,WAAW,UAAU,OAAS,UAAY,CACzC,KAAK,OAAS,KAAK,MACrB,KAAK,KAAO,GAGd,KAAK,MAAQ,KAAK,GACpB,EAEAA,EAAK,WAAW,UAAU,OAAS,UAAY,CAC7C,KAAK,KAAO,CACd,EAEAA,EAAK,WAAW,UAAU,eAAiB,UAAY,CACrD,IAAIoC,EAAMqL,EAEV,GACErL,EAAO,KAAK,KAAK,EACjBqL,EAAWrL,EAAK,WAAW,CAAC,QACrBqL,EAAW,IAAMA,EAAW,IAEjCrL,GAAQpC,EAAK,WAAW,KAC1B,KAAK,OAAO,CAEhB,EAEAA,EAAK,WAAW,UAAU,KAAO,UAAY,CAC3C,OAAO,KAAK,IAAM,KAAK,MACzB,EAEAA,EAAK,WAAW,IAAM,MACtBA,EAAK,WAAW,MAAQ,QACxBA,EAAK,WAAW,KAAO,OACvBA,EAAK,WAAW,cAAgB,gBAChCA,EAAK,WAAW,MAAQ,QACxBA,EAAK,WAAW,SAAW,WAE3BA,EAAK,WAAW,SAAW,SAAU0N,EAAO,CAC1C,OAAAA,EAAM,OAAO,EACbA,EAAM,KAAK1N,EAAK,WAAW,KAAK,EAChC0N,EAAM,OAAO,EACN1N,EAAK,WAAW,OACzB,EAEAA,EAAK,WAAW,QAAU,SAAU0N,EAAO,CAQzC,GAPIA,EAAM,MAAM,EAAI,IAClBA,EAAM,OAAO,EACbA,EAAM,KAAK1N,EAAK,WAAW,IAAI,GAGjC0N,EAAM,OAAO,EAETA,EAAM,KAAK,EACb,OAAO1N,EAAK,WAAW,OAE3B,EAEAA,EAAK,WAAW,gBAAkB,SAAU0N,EAAO,CACjD,OAAAA,EAAM,OAAO,EACbA,EAAM,eAAe,EACrBA,EAAM,KAAK1N,EAAK,WAAW,aAAa,EACjCA,EAAK,WAAW,OACzB,EAEAA,EAAK,WAAW,SAAW,SAAU0N,EAAO,CAC1C,OAAAA,EAAM,OAAO,EACbA,EAAM,eAAe,EACrBA,EAAM,KAAK1N,EAAK,WAAW,KAAK,EACzBA,EAAK,WAAW,OACzB,EAEAA,EAAK,WAAW,OAAS,SAAU0N,EAAO,CACpCA,EAAM,MAAM,EAAI,GAClBA,EAAM,KAAK1N,EAAK,WAAW,IAAI,CAEnC,EAaAA,EAAK,WAAW,cAAgBA,EAAK,UAAU,UAE/CA,EAAK,WAAW,QAAU,SAAU0N,EAAO,CACzC,OAAa,CACX,IAAItL,EAAOsL,EAAM,KAAK,EAEtB,GAAItL,GAAQpC,EAAK,WAAW,IAC1B,OAAOA,EAAK,WAAW,OAIzB,GAAIoC,EAAK,WAAW,CAAC,GAAK,GAAI,CAC5BsL,EAAM,gBAAgB,EACtB,QACF,CAEA,GAAItL,GAAQ,IACV,OAAOpC,EAAK,WAAW,SAGzB,GAAIoC,GAAQ,IACV,OAAAsL,EAAM,OAAO,EACTA,EAAM,MAAM,EAAI,GAClBA,EAAM,KAAK1N,EAAK,WAAW,IAAI,EAE1BA,EAAK,WAAW,gBAGzB,GAAIoC,GAAQ,IACV,OAAAsL,EAAM,OAAO,EACTA,EAAM,MAAM,EAAI,GAClBA,EAAM,KAAK1N,EAAK,WAAW,IAAI,EAE1BA,EAAK,WAAW,SAczB,GARIoC,GAAQ,KAAOsL,EAAM,MAAM,IAAM,GAQjCtL,GAAQ,KAAOsL,EAAM,MAAM,IAAM,EACnC,OAAAA,EAAM,KAAK1N,EAAK,WAAW,QAAQ,EAC5BA,EAAK,WAAW,QAGzB,GAAIoC,EAAK,MAAMpC,EAAK,WAAW,aAAa,EAC1C,OAAOA,EAAK,WAAW,OAE3B,CACF,EAEAA,EAAK,YAAc,SAAU4B,EAAKsH,EAAO,CACvC,KAAK,MAAQ,IAAIlJ,EAAK,WAAY4B,CAAG,EACrC,KAAK,MAAQsH,EACb,KAAK,cAAgB,CAAC,EACtB,KAAK,UAAY,CACnB,EAEAlJ,EAAK,YAAY,UAAU,MAAQ,UAAY,CAC7C,KAAK,MAAM,IAAI,EACf,KAAK,QAAU,KAAK,MAAM,QAI1B,QAFIsN,EAAQtN,EAAK,YAAY,YAEtBsN,GACLA,EAAQA,EAAM,IAAI,EAGpB,OAAO,KAAK,KACd,EAEAtN,EAAK,YAAY,UAAU,WAAa,UAAY,CAClD,OAAO,KAAK,QAAQ,KAAK,UAC3B,EAEAA,EAAK,YAAY,UAAU,cAAgB,UAAY,CACrD,IAAI2N,EAAS,KAAK,WAAW,EAC7B,YAAK,WAAa,EACXA,CACT,EAEA3N,EAAK,YAAY,UAAU,WAAa,UAAY,CAClD,IAAI4N,EAAkB,KAAK,cAC3B,KAAK,MAAM,OAAOA,CAAe,EACjC,KAAK,cAAgB,CAAC,CACxB,EAEA5N,EAAK,YAAY,YAAc,SAAUmJ,EAAQ,CAC/C,IAAIwE,EAASxE,EAAO,WAAW,EAE/B,GAAIwE,GAAU,KAId,OAAQA,EAAO,KAAM,CACnB,KAAK3N,EAAK,WAAW,SACnB,OAAOA,EAAK,YAAY,cAC1B,KAAKA,EAAK,WAAW,MACnB,OAAOA,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,KACnB,OAAOA,EAAK,YAAY,UAC1B,QACE,IAAI6N,EAAe,4CAA8CF,EAAO,KAExE,MAAIA,EAAO,IAAI,QAAU,IACvBE,GAAgB,gBAAkBF,EAAO,IAAM,KAG3C,IAAI3N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CAC1E,CACF,EAEA3N,EAAK,YAAY,cAAgB,SAAUmJ,EAAQ,CACjD,IAAIwE,EAASxE,EAAO,cAAc,EAElC,GAAIwE,GAAU,KAId,QAAQA,EAAO,IAAK,CAClB,IAAK,IACHxE,EAAO,cAAc,SAAWnJ,EAAK,MAAM,SAAS,WACpD,MACF,IAAK,IACHmJ,EAAO,cAAc,SAAWnJ,EAAK,MAAM,SAAS,SACpD,MACF,QACE,IAAI6N,EAAe,kCAAoCF,EAAO,IAAM,IACpE,MAAM,IAAI3N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CAC1E,CAEA,IAAIG,EAAa3E,EAAO,WAAW,EAEnC,GAAI2E,GAAc,KAAW,CAC3B,IAAID,EAAe,yCACnB,MAAM,IAAI7N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CACxE,CAEA,OAAQG,EAAW,KAAM,CACvB,KAAK9N,EAAK,WAAW,MACnB,OAAOA,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,KACnB,OAAOA,EAAK,YAAY,UAC1B,QACE,IAAI6N,EAAe,mCAAqCC,EAAW,KAAO,IAC1E,MAAM,IAAI9N,EAAK,gBAAiB6N,EAAcC,EAAW,MAAOA,EAAW,GAAG,CAClF,EACF,EAEA9N,EAAK,YAAY,WAAa,SAAUmJ,EAAQ,CAC9C,IAAIwE,EAASxE,EAAO,cAAc,EAElC,GAAIwE,GAAU,KAId,IAAIxE,EAAO,MAAM,UAAU,QAAQwE,EAAO,GAAG,GAAK,GAAI,CACpD,IAAII,EAAiB5E,EAAO,MAAM,UAAU,IAAI,SAAU6E,EAAG,CAAE,MAAO,IAAMA,EAAI,GAAI,CAAC,EAAE,KAAK,IAAI,EAC5FH,EAAe,uBAAyBF,EAAO,IAAM,uBAAyBI,EAElF,MAAM,IAAI/N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CACxE,CAEAxE,EAAO,cAAc,OAAS,CAACwE,EAAO,GAAG,EAEzC,IAAIG,EAAa3E,EAAO,WAAW,EAEnC,GAAI2E,GAAc,KAAW,CAC3B,IAAID,EAAe,gCACnB,MAAM,IAAI7N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CACxE,CAEA,OAAQG,EAAW,KAAM,CACvB,KAAK9N,EAAK,WAAW,KACnB,OAAOA,EAAK,YAAY,UAC1B,QACE,IAAI6N,EAAe,0BAA4BC,EAAW,KAAO,IACjE,MAAM,IAAI9N,EAAK,gBAAiB6N,EAAcC,EAAW,MAAOA,EAAW,GAAG,CAClF,EACF,EAEA9N,EAAK,YAAY,UAAY,SAAUmJ,EAAQ,CAC7C,IAAIwE,EAASxE,EAAO,cAAc,EAElC,GAAIwE,GAAU,KAId,CAAAxE,EAAO,cAAc,KAAOwE,EAAO,IAAI,YAAY,EAE/CA,EAAO,IAAI,QAAQ,GAAG,GAAK,KAC7BxE,EAAO,cAAc,YAAc,IAGrC,IAAI2E,EAAa3E,EAAO,WAAW,EAEnC,GAAI2E,GAAc,KAAW,CAC3B3E,EAAO,WAAW,EAClB,MACF,CAEA,OAAQ2E,EAAW,KAAM,CACvB,KAAK9N,EAAK,WAAW,KACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,UAC1B,KAAKA,EAAK,WAAW,MACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,cACnB,OAAOA,EAAK,YAAY,kBAC1B,KAAKA,EAAK,WAAW,MACnB,OAAOA,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,SACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,cAC1B,QACE,IAAI6N,EAAe,2BAA6BC,EAAW,KAAO,IAClE,MAAM,IAAI9N,EAAK,gBAAiB6N,EAAcC,EAAW,MAAOA,EAAW,GAAG,CAClF,EACF,EAEA9N,EAAK,YAAY,kBAAoB,SAAUmJ,EAAQ,CACrD,IAAIwE,EAASxE,EAAO,cAAc,EAElC,GAAIwE,GAAU,KAId,KAAIxG,EAAe,SAASwG,EAAO,IAAK,EAAE,EAE1C,GAAI,MAAMxG,CAAY,EAAG,CACvB,IAAI0G,EAAe,gCACnB,MAAM,IAAI7N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CACxE,CAEAxE,EAAO,cAAc,aAAehC,EAEpC,IAAI2G,EAAa3E,EAAO,WAAW,EAEnC,GAAI2E,GAAc,KAAW,CAC3B3E,EAAO,WAAW,EAClB,MACF,CAEA,OAAQ2E,EAAW,KAAM,CACvB,KAAK9N,EAAK,WAAW,KACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,UAC1B,KAAKA,EAAK,WAAW,MACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,cACnB,OAAOA,EAAK,YAAY,kBAC1B,KAAKA,EAAK,WAAW,MACnB,OAAOA,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,SACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,cAC1B,QACE,IAAI6N,EAAe,2BAA6BC,EAAW,KAAO,IAClE,MAAM,IAAI9N,EAAK,gBAAiB6N,EAAcC,EAAW,MAAOA,EAAW,GAAG,CAClF,EACF,EAEA9N,EAAK,YAAY,WAAa,SAAUmJ,EAAQ,CAC9C,IAAIwE,EAASxE,EAAO,cAAc,EAElC,GAAIwE,GAAU,KAId,KAAIM,EAAQ,SAASN,EAAO,IAAK,EAAE,EAEnC,GAAI,MAAMM,CAAK,EAAG,CAChB,IAAIJ,EAAe,wBACnB,MAAM,IAAI7N,EAAK,gBAAiB6N,EAAcF,EAAO,MAAOA,EAAO,GAAG,CACxE,CAEAxE,EAAO,cAAc,MAAQ8E,EAE7B,IAAIH,EAAa3E,EAAO,WAAW,EAEnC,GAAI2E,GAAc,KAAW,CAC3B3E,EAAO,WAAW,EAClB,MACF,CAEA,OAAQ2E,EAAW,KAAM,CACvB,KAAK9N,EAAK,WAAW,KACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,UAC1B,KAAKA,EAAK,WAAW,MACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,cACnB,OAAOA,EAAK,YAAY,kBAC1B,KAAKA,EAAK,WAAW,MACnB,OAAOA,EAAK,YAAY,WAC1B,KAAKA,EAAK,WAAW,SACnB,OAAAmJ,EAAO,WAAW,EACXnJ,EAAK,YAAY,cAC1B,QACE,IAAI6N,EAAe,2BAA6BC,EAAW,KAAO,IAClE,MAAM,IAAI9N,EAAK,gBAAiB6N,EAAcC,EAAW,MAAOA,EAAW,GAAG,CAClF,EACF,EAMI,SAAU1G,EAAM8G,EAAS,CACrB,OAAO,QAAW,YAAc,OAAO,IAEzC,OAAOA,CAAO,EACL,OAAOpO,IAAY,SAM5BC,GAAO,QAAUmO,EAAQ,EAGzB9G,EAAK,KAAO8G,EAAQ,CAExB,EAAE,KAAM,UAAY,CAMlB,OAAOlO,CACT,CAAC,CACH,GAAG,ICl5GH,IAAAmO,EAAAC,EAAA,CAAAC,GAAAC,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAeA,IAAIC,GAAkB,UAOtBD,GAAO,QAAUE,GAUjB,SAASA,GAAWC,EAAQ,CAC1B,IAAIC,EAAM,GAAKD,EACXE,EAAQJ,GAAgB,KAAKG,CAAG,EAEpC,GAAI,CAACC,EACH,OAAOD,EAGT,IAAIE,EACAC,EAAO,GACPC,EAAQ,EACRC,EAAY,EAEhB,IAAKD,EAAQH,EAAM,MAAOG,EAAQJ,EAAI,OAAQI,IAAS,CACrD,OAAQJ,EAAI,WAAWI,CAAK,EAAG,CAC7B,IAAK,IACHF,EAAS,SACT,MACF,IAAK,IACHA,EAAS,QACT,MACF,IAAK,IACHA,EAAS,QACT,MACF,IAAK,IACHA,EAAS,OACT,MACF,IAAK,IACHA,EAAS,OACT,MACF,QACE,QACJ,CAEIG,IAAcD,IAChBD,GAAQH,EAAI,UAAUK,EAAWD,CAAK,GAGxCC,EAAYD,EAAQ,EACpBD,GAAQD,CACV,CAEA,OAAOG,IAAcD,EACjBD,EAAOH,EAAI,UAAUK,EAAWD,CAAK,EACrCD,CACN,ICvDA,IAAAG,GAAiB,QCKZ,OAAO,UACV,OAAO,QAAU,SAAUC,EAAa,CACtC,IAAMC,EAA2B,CAAC,EAClC,QAAWC,KAAO,OAAO,KAAKF,CAAG,EAE/BC,EAAK,KAAK,CAACC,EAAKF,EAAIE,EAAI,CAAC,EAG3B,OAAOD,CACT,GAGG,OAAO,SACV,OAAO,OAAS,SAAUD,EAAa,CACrC,IAAMC,EAAiB,CAAC,EACxB,QAAWC,KAAO,OAAO,KAAKF,CAAG,EAE/BC,EAAK,KAAKD,EAAIE,EAAI,EAGpB,OAAOD,CACT,GAKE,OAAO,SAAY,cAGhB,QAAQ,UAAU,WACrB,QAAQ,UAAU,SAAW,SAC3BE,EAA8BC,EACxB,CACF,OAAOD,GAAM,UACf,KAAK,WAAaA,EAAE,KACpB,KAAK,UAAYA,EAAE,MAEnB,KAAK,WAAaA,EAClB,KAAK,UAAYC,EAErB,GAGG,QAAQ,UAAU,cACrB,QAAQ,UAAU,YAAc,YAC3BC,EACG,CACN,IAAMC,EAAS,KAAK,WACpB,GAAIA,EAAQ,CACND,EAAM,SAAW,GACnBC,EAAO,YAAY,IAAI,EAGzB,QAASC,EAAIF,EAAM,OAAS,EAAGE,GAAK,EAAGA,IAAK,CAC1C,IAAIC,EAAOH,EAAME,GACb,OAAOC,GAAS,SAClBA,EAAO,SAAS,eAAeA,CAAI,EAC5BA,EAAK,YACZA,EAAK,WAAW,YAAYA,CAAI,EAG7BD,EAGHD,EAAO,aAAa,KAAK,gBAAkBE,CAAI,EAF/CF,EAAO,aAAaE,EAAM,IAAI,CAGlC,CACF,CACF,ICxEJ,IAAAC,GAAuB,OAiChB,SAASC,GACdC,EACmB,CACnB,IAAMC,EAAY,IAAI,IAChBC,EAAY,IAAI,IACtB,QAAWC,KAAOH,EAAM,CACtB,GAAM,CAACI,EAAMC,CAAI,EAAIF,EAAI,SAAS,MAAM,GAAG,EAGrCG,EAAWH,EAAI,SACfI,EAAWJ,EAAI,MACfK,EAAWL,EAAI,KAGfM,KAAO,GAAAC,SAAWP,EAAI,IAAI,EAC7B,QAAQ,mBAAoB,EAAE,EAC9B,QAAQ,OAAQ,GAAG,EAGtB,GAAIE,EAAM,CACR,IAAMM,EAASV,EAAU,IAAIG,CAAI,EAG5BF,EAAQ,IAAIS,CAAM,EASrBV,EAAU,IAAIK,EAAU,CACtB,SAAAA,EACA,MAAAC,EACA,KAAAE,EACA,OAAAE,CACF,CAAC,GAbDA,EAAO,MAAQR,EAAI,MACnBQ,EAAO,KAAQF,EAGfP,EAAQ,IAAIS,CAAM,EAatB,MACEV,EAAU,IAAIK,EAAUM,EAAA,CACtB,SAAAN,EACA,MAAAC,EACA,KAAAE,GACGD,GAAQ,CAAE,KAAAA,CAAK,EACnB,CAEL,CACA,OAAOP,CACT,CCpFA,IAAAY,GAAuB,OAsChB,SAASC,GACdC,EAA2BC,EACD,CAC1B,IAAMC,EAAY,IAAI,OAAOF,EAAO,UAAW,KAAK,EAC9CG,EAAY,CAACC,EAAYC,EAAcC,IACpC,GAAGD,4BAA+BC,WAI3C,OAAQC,GAAkB,CACxBA,EAAQA,EACL,QAAQ,gBAAiB,GAAG,EAC5B,KAAK,EAGR,IAAMC,EAAQ,IAAI,OAAO,MAAMR,EAAO,cACpCO,EACG,QAAQ,uBAAwB,MAAM,EACtC,QAAQL,EAAW,GAAG,KACtB,KAAK,EAGV,OAAOO,IACLR,KACI,GAAAS,SAAWD,CAAK,EAChBA,GAED,QAAQD,EAAOL,CAAS,EACxB,QAAQ,8BAA+B,IAAI,CAClD,CACF,CCtCO,SAASQ,GACdC,EACqB,CACrB,IAAMC,EAAS,IAAK,KAAa,MAAM,CAAC,QAAS,MAAM,CAAC,EAIxD,OAHe,IAAK,KAAa,YAAYD,EAAOC,CAAK,EAGlD,MAAM,EACNA,EAAM,OACf,CAUO,SAASC,GACdD,EAA4BE,EACV,CAzEpB,IAAAC,EA0EE,IAAMC,EAAU,IAAI,IAAuBJ,CAAK,EAG1CK,EAA2B,CAAC,EAClC,QAASC,EAAI,EAAGA,EAAIJ,EAAM,OAAQI,IAChC,QAAWC,KAAUH,EACfF,EAAMI,GAAG,WAAWC,EAAO,IAAI,IACjCF,EAAOE,EAAO,MAAQ,GACtBH,EAAQ,OAAOG,CAAM,GAI3B,QAAWA,KAAUH,GACfD,EAAA,KAAK,iBAAL,MAAAA,EAAA,UAAsBI,EAAO,QAC/BF,EAAOE,EAAO,MAAQ,IAG1B,OAAOF,CACT,CC2BA,SAASG,GAAWC,EAAaC,EAAuB,CACtD,GAAM,CAACC,EAAGC,CAAC,EAAI,CAAC,IAAI,IAAIH,CAAC,EAAG,IAAI,IAAIC,CAAC,CAAC,EACtC,MAAO,CACL,GAAG,IAAI,IAAI,CAAC,GAAGC,CAAC,EAAE,OAAOE,GAAS,CAACD,EAAE,IAAIC,CAAK,CAAC,CAAC,CAClD,CACF,CASO,IAAMC,EAAN,KAAa,CAgCX,YAAY,CAAE,OAAAC,EAAQ,KAAAC,EAAM,QAAAC,CAAQ,EAAgB,CACzD,KAAK,QAAUA,EAGf,KAAK,UAAYC,GAAuBF,CAAI,EAC5C,KAAK,UAAYG,GAAuBJ,EAAQ,EAAK,EAGrD,KAAK,UAAU,UAAY,IAAI,OAAOA,EAAO,SAAS,EAGtD,KAAK,MAAQ,KAAK,UAAY,CAGxBA,EAAO,KAAK,SAAW,GAAKA,EAAO,KAAK,KAAO,KACjD,KAAK,IAAK,KAAaA,EAAO,KAAK,GAAG,EAC7BA,EAAO,KAAK,OAAS,GAC9B,KAAK,IAAK,KAAa,cAAc,GAAGA,EAAO,IAAI,CAAC,EAItD,IAAMK,EAAMZ,GAAW,CACrB,UAAW,iBAAkB,SAC/B,EAAGS,EAAQ,QAAQ,EAGnB,QAAWI,KAAQN,EAAO,KAAK,IAAIO,GACjCA,IAAa,KAAO,KAAQ,KAAaA,EAC1C,EACC,QAAWC,KAAMH,EACf,KAAK,SAAS,OAAOC,EAAKE,EAAG,EAC7B,KAAK,eAAe,OAAOF,EAAKE,EAAG,EAKvC,KAAK,IAAI,UAAU,EAGnB,KAAK,MAAM,QAAS,CAAE,MAAO,GAAI,CAAC,EAClC,KAAK,MAAM,MAAM,EACjB,KAAK,MAAM,OAAQ,CAAE,MAAO,IAAK,UAAWC,GAAO,CACjD,GAAM,CAAE,KAAAC,EAAO,CAAC,CAAE,EAAID,EACtB,OAAOC,EAAK,OAAO,CAACC,EAAMC,IAAQ,CAChC,GAAGD,EACH,GAAG,KAAK,UAAUC,CAAG,CACvB,EAAG,CAAC,CAAiB,CACvB,CAAE,CAAC,EAGH,QAAWH,KAAOR,EAChB,KAAK,IAAIQ,EAAK,CAAE,MAAOA,EAAI,KAAM,CAAC,CACtC,CAAC,CACH,CAkBO,OAAOI,EAA6B,CACzC,GAAIA,EACF,GAAI,CACF,IAAMC,EAAY,KAAK,UAAUD,CAAK,EAGhCE,EAAUC,GAAiBH,CAAK,EACnC,OAAOI,GACNA,EAAO,WAAa,KAAK,MAAM,SAAS,UACzC,EAGGC,EAAS,KAAK,MAAM,OAAO,GAAGL,IAAQ,EAGzC,OAAyB,CAACM,EAAM,CAAE,IAAAC,EAAK,MAAAC,EAAO,UAAAC,CAAU,IAAM,CAC7D,IAAMC,EAAW,KAAK,UAAU,IAAIH,CAAG,EACvC,GAAI,OAAOG,GAAa,YAAa,CACnC,GAAM,CAAE,SAAAC,EAAU,MAAAC,EAAO,KAAAC,EAAM,KAAAhB,EAAM,OAAAiB,CAAO,EAAIJ,EAG1CK,EAAQC,GACZd,EACA,OAAO,KAAKO,EAAU,QAAQ,CAChC,EAGMQ,EAAQ,CAAC,CAACH,GAAS,CAAC,OAAO,OAAOC,CAAK,EAAE,MAAMG,GAAKA,CAAC,EAC3DZ,EAAK,KAAKa,EAAAC,EAAA,CACR,SAAAT,EACA,MAAOV,EAAUW,CAAK,EACtB,KAAOX,EAAUY,CAAI,GAClBhB,GAAQ,CAAE,KAAMA,EAAK,IAAII,CAAS,CAAE,GAJ/B,CAKR,MAAOO,GAAS,EAAIS,GACpB,MAAAF,CACF,EAAC,CACH,CACA,OAAOT,CACT,EAAG,CAAC,CAAC,EAGJ,KAAK,CAACzB,EAAGC,IAAMA,EAAE,MAAQD,EAAE,KAAK,EAGhC,OAAO,CAACwC,EAAOC,IAAW,CACzB,IAAMZ,EAAW,KAAK,UAAU,IAAIY,EAAO,QAAQ,EACnD,GAAI,OAAOZ,GAAa,YAAa,CACnC,IAAMH,EAAM,WAAYG,EACpBA,EAAS,OAAQ,SACjBA,EAAS,SACbW,EAAM,IAAId,EAAK,CAAC,GAAGc,EAAM,IAAId,CAAG,GAAK,CAAC,EAAGe,CAAM,CAAC,CAClD,CACA,OAAOD,CACT,EAAG,IAAI,GAA+B,EAGpCE,EACJ,GAAI,KAAK,QAAQ,YAAa,CAC5B,IAAMC,EAAS,KAAK,MAAM,MAAMC,GAAW,CACzC,QAAWrB,KAAUF,EACnBuB,EAAQ,KAAKrB,EAAO,KAAM,CACxB,OAAQ,CAAC,OAAO,EAChB,SAAU,KAAK,MAAM,SAAS,SAC9B,SAAU,KAAK,MAAM,SAAS,QAChC,CAAC,CACL,CAAC,EAGDmB,EAAcC,EAAO,OACjB,OAAO,KAAKA,EAAO,GAAG,UAAU,QAAQ,EACxC,CAAC,CACP,CAGA,OAAOJ,EAAA,CACL,MAAO,CAAC,GAAGf,EAAO,OAAO,CAAC,GACvB,OAAOkB,GAAgB,aAAe,CAAE,YAAAA,CAAY,EAI3D,OAAQG,EAAN,CACA,QAAQ,KAAK,kBAAkB1B,qCAAoC,CACrE,CAIF,MAAO,CAAE,MAAO,CAAC,CAAE,CACrB,CACF,EL3QA,IAAI2B,EAqBJ,SAAeC,GACbC,EACe,QAAAC,EAAA,sBACf,IAAIC,EAAO,UAGX,GAAI,OAAO,QAAW,aAAe,iBAAkB,OAAQ,CAC7D,IAAMC,EAAS,SAAS,cAAiC,aAAa,EAChE,CAACC,CAAI,EAAID,EAAO,IAAI,MAAM,SAAS,EAGzCD,EAAOA,EAAK,QAAQ,KAAME,CAAI,CAChC,CAGA,IAAMC,EAAU,CAAC,EACjB,QAAWC,KAAQN,EAAO,KAAM,CAC9B,OAAQM,EAAM,CAGZ,IAAK,KACHD,EAAQ,KAAK,GAAGH,cAAiB,EACjC,MAGF,IAAK,KACL,IAAK,KACHG,EAAQ,KAAK,GAAGH,cAAiB,EACjC,KACJ,CAGII,IAAS,MACXD,EAAQ,KAAK,GAAGH,cAAiBI,UAAa,CAClD,CAGIN,EAAO,KAAK,OAAS,GACvBK,EAAQ,KAAK,GAAGH,yBAA4B,EAG1CG,EAAQ,SACV,MAAM,cACJ,GAAGH,oCACH,GAAGG,CACL,EACJ,GAaA,SAAsBE,GACpBC,EACwB,QAAAP,EAAA,sBACxB,OAAQO,EAAQ,KAAM,CAGpB,OACE,aAAMT,GAAqBS,EAAQ,KAAK,MAAM,EAC9CV,EAAQ,IAAIW,EAAOD,EAAQ,IAAI,EACxB,CACL,MACF,EAGF,OACE,MAAO,CACL,OACA,KAAMV,EAAQA,EAAM,OAAOU,EAAQ,IAAI,EAAI,CAAE,MAAO,CAAC,CAAE,CACzD,EAGF,QACE,MAAM,IAAI,UAAU,sBAAsB,CAC9C,CACF,GAOA,KAAK,KAAO,GAAAE,QAGZ,iBAAiB,UAAiBC,GAAMV,EAAA,wBACtC,YAAY,MAAMM,GAAQI,EAAG,IAAI,CAAC,CACpC,EAAC", + "names": ["require_lunr", "__commonJSMin", "exports", "module", "lunr", "config", "builder", "global", "message", "obj", "clone", "keys", "key", "val", "docRef", "fieldName", "stringValue", "s", "n", "fieldRef", "elements", "i", "other", "object", "a", "b", "intersection", "element", "posting", "documentCount", "documentsWithTerm", "x", "str", "metadata", "fn", "t", "len", "tokens", "sliceEnd", "sliceStart", "char", "sliceLength", "tokenMetadata", "label", "isRegistered", "serialised", "pipeline", "fnName", "fns", "existingFn", "newFn", "pos", "stackLength", "memo", "j", "result", "k", "token", "index", "start", "end", "pivotPoint", "pivotIndex", "insertIdx", "position", "sumOfSquares", "elementsLength", "otherVector", "dotProduct", "aLen", "bLen", "aVal", "bVal", "output", "step2list", "step3list", "c", "v", "C", "V", "mgr0", "meq1", "mgr1", "s_v", "re_mgr0", "re_mgr1", "re_meq1", "re_s_v", "re_1a", "re2_1a", "re_1b", "re2_1b", "re_1b_2", "re2_1b_2", "re3_1b_2", "re4_1b_2", "re_1c", "re_2", "re_3", "re_4", "re2_4", "re_5", "re_5_1", "re3_5", "porterStemmer", "w", "stem", "suffix", "firstch", "re", "re2", "re3", "re4", "fp", "stopWords", "words", "stopWord", "arr", "clause", "editDistance", "root", "stack", "frame", "noEditNode", "insertionNode", "substitutionNode", "charA", "charB", "transposeNode", "node", "final", "next", "edges", "edge", "labels", "qEdges", "qLen", "nEdges", "nLen", "q", "qEdge", "nEdge", "qNode", "word", "commonPrefix", "nextNode", "downTo", "childKey", "attrs", "queryString", "query", "parser", "matchingFields", "queryVectors", "termFieldCache", "requiredMatches", "prohibitedMatches", "terms", "clauseMatches", "m", "term", "termTokenSet", "expandedTerms", "field", "expandedTerm", "termIndex", "fieldPosting", "matchingDocumentRefs", "termField", "matchingDocumentsSet", "l", "matchingDocumentRef", "matchingFieldRef", "fieldMatch", "allRequiredMatches", "allProhibitedMatches", "matchingFieldRefs", "results", "matches", "fieldVector", "score", "docMatch", "match", "invertedIndex", "fieldVectors", "ref", "serializedIndex", "serializedVectors", "serializedInvertedIndex", "tokenSetBuilder", "tuple", "attributes", "number", "doc", "fields", "extractor", "fieldTerms", "metadataKey", "fieldRefs", "numberOfFields", "accumulator", "documentsWithField", "fieldRefsLength", "termIdfCache", "fieldLength", "termFrequencies", "termsLength", "fieldBoost", "docBoost", "tf", "idf", "scoreWithPrecision", "args", "clonedMetadata", "metadataKeys", "otherMatchData", "allFields", "options", "state", "subSlices", "type", "charCode", "lexer", "lexeme", "completedClause", "errorMessage", "nextLexeme", "possibleFields", "f", "boost", "factory", "require_escape_html", "__commonJSMin", "exports", "module", "matchHtmlRegExp", "escapeHtml", "string", "str", "match", "escape", "html", "index", "lastIndex", "import_lunr", "obj", "data", "key", "x", "y", "nodes", "parent", "i", "node", "import_escape_html", "setupSearchDocumentMap", "docs", "documents", "parents", "doc", "path", "hash", "location", "title", "tags", "text", "escapeHTML", "parent", "__spreadValues", "import_escape_html", "setupSearchHighlighter", "config", "escape", "separator", "highlight", "_", "data", "term", "query", "match", "value", "escapeHTML", "parseSearchQuery", "value", "query", "getSearchQueryTerms", "terms", "_a", "clauses", "result", "t", "clause", "difference", "a", "b", "x", "y", "value", "Search", "config", "docs", "options", "setupSearchDocumentMap", "setupSearchHighlighter", "fns", "lang", "language", "fn", "doc", "tags", "list", "tag", "query", "highlight", "clauses", "parseSearchQuery", "clause", "groups", "item", "ref", "score", "matchData", "document", "location", "title", "text", "parent", "terms", "getSearchQueryTerms", "boost", "t", "__spreadProps", "__spreadValues", "items", "result", "suggestions", "titles", "builder", "e", "index", "setupSearchLanguages", "config", "__async", "base", "worker", "path", "scripts", "lang", "handler", "message", "Search", "lunr", "ev"] +} diff --git a/2.5/assets/stylesheets/extra.css b/2.5/assets/stylesheets/extra.css new file mode 100644 index 000000000..cf96f95f3 --- /dev/null +++ b/2.5/assets/stylesheets/extra.css @@ -0,0 +1,67 @@ +/* source-code-pro-regular - latin */ +@font-face { + font-family: 'Source Code Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-code-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-code-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-code-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-code-pro-v21-latin-regular.svg#SourceCodePro') format('svg'); /* Legacy iOS */ +} + +/* source-sans-pro-regular - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} +/* source-sans-pro-700 - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 700; + src: url('../fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} + +.md-nav { + font-size: 14px; + line-height: 1.4; +} +.md-typeset { + font-size: 14px; + line-height: 1.5; +} + +code { + display: inline-block; + white-space: pre-wrap; +} + +:root { + --md-text-font: "Source Sans Pro"; + } + + :root { + --md-code-font: "Source Code Pro"; + } + +[data-md-color-scheme="slate"] { + + --md-typeset-a-color: #6390e5; +} \ No newline at end of file diff --git a/2.5/assets/stylesheets/main.472b142f.min.css b/2.5/assets/stylesheets/main.472b142f.min.css new file mode 100644 index 000000000..ef52c0852 --- /dev/null +++ b/2.5/assets/stylesheets/main.472b142f.min.css @@ -0,0 +1 @@ +@charset "UTF-8";html{-webkit-text-size-adjust:none;-moz-text-size-adjust:none;-ms-text-size-adjust:none;text-size-adjust:none;box-sizing:border-box}*,:after,:before{box-sizing:inherit}@media (prefers-reduced-motion){*,:after,:before{transition:none!important}}body{margin:0}a,button,input,label{-webkit-tap-highlight-color:transparent}a{color:inherit;text-decoration:none}hr{border:0;box-sizing:initial;display:block;height:.05rem;overflow:visible;padding:0}small{font-size:80%}sub,sup{line-height:1em}img{border-style:none}table{border-collapse:initial;border-spacing:0}td,th{font-weight:400;vertical-align:top}button{background:transparent;border:0;font-family:inherit;font-size:inherit;margin:0;padding:0}input{border:0;outline:none}:root{--md-primary-fg-color:#4051b5;--md-primary-fg-color--light:#5d6cc0;--md-primary-fg-color--dark:#303fa1;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7);--md-accent-fg-color:#526cfe;--md-accent-fg-color--transparent:rgba(82,108,254,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}:root,[data-md-color-scheme=default]{--md-default-fg-color:rgba(0,0,0,.87);--md-default-fg-color--light:rgba(0,0,0,.54);--md-default-fg-color--lighter:rgba(0,0,0,.32);--md-default-fg-color--lightest:rgba(0,0,0,.07);--md-default-bg-color:#fff;--md-default-bg-color--light:hsla(0,0%,100%,.7);--md-default-bg-color--lighter:hsla(0,0%,100%,.3);--md-default-bg-color--lightest:hsla(0,0%,100%,.12);--md-code-fg-color:#36464e;--md-code-bg-color:#f5f5f5;--md-code-hl-color:rgba(255,255,0,.5);--md-code-hl-number-color:#d52a2a;--md-code-hl-special-color:#db1457;--md-code-hl-function-color:#a846b9;--md-code-hl-constant-color:#6e59d9;--md-code-hl-keyword-color:#3f6ec6;--md-code-hl-string-color:#1c7d4d;--md-code-hl-name-color:var(--md-code-fg-color);--md-code-hl-operator-color:var(--md-default-fg-color--light);--md-code-hl-punctuation-color:var(--md-default-fg-color--light);--md-code-hl-comment-color:var(--md-default-fg-color--light);--md-code-hl-generic-color:var(--md-default-fg-color--light);--md-code-hl-variable-color:var(--md-default-fg-color--light);--md-typeset-color:var(--md-default-fg-color);--md-typeset-a-color:var(--md-primary-fg-color);--md-typeset-mark-color:rgba(255,255,0,.5);--md-typeset-del-color:rgba(245,80,61,.15);--md-typeset-ins-color:rgba(11,213,112,.15);--md-typeset-kbd-color:#fafafa;--md-typeset-kbd-accent-color:#fff;--md-typeset-kbd-border-color:#b8b8b8;--md-typeset-table-color:rgba(0,0,0,.12);--md-admonition-fg-color:var(--md-default-fg-color);--md-admonition-bg-color:var(--md-default-bg-color);--md-footer-fg-color:#fff;--md-footer-fg-color--light:hsla(0,0%,100%,.7);--md-footer-fg-color--lighter:hsla(0,0%,100%,.3);--md-footer-bg-color:rgba(0,0,0,.87);--md-footer-bg-color--dark:rgba(0,0,0,.32);--md-shadow-z1:0 0.2rem 0.5rem rgba(0,0,0,.05),0 0 0.05rem rgba(0,0,0,.1);--md-shadow-z2:0 0.2rem 0.5rem rgba(0,0,0,.1),0 0 0.05rem rgba(0,0,0,.25);--md-shadow-z3:0 0.2rem 0.5rem rgba(0,0,0,.2),0 0 0.05rem rgba(0,0,0,.35)}.md-icon svg{fill:currentcolor;display:block;height:1.2rem;width:1.2rem}body{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;--md-text-font-family:var(--md-text-font,_),-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif;--md-code-font-family:var(--md-code-font,_),SFMono-Regular,Consolas,Menlo,monospace}body,input{font-feature-settings:"kern","liga";font-family:var(--md-text-font-family)}body,code,input,kbd,pre{color:var(--md-typeset-color)}code,kbd,pre{font-feature-settings:"kern";font-family:var(--md-code-font-family)}:root{--md-typeset-table-sort-icon:url('data:image/svg+xml;charset=utf-8,');--md-typeset-table-sort-icon--asc:url('data:image/svg+xml;charset=utf-8,');--md-typeset-table-sort-icon--desc:url('data:image/svg+xml;charset=utf-8,')}.md-typeset{-webkit-print-color-adjust:exact;color-adjust:exact;font-size:.8rem;line-height:1.6}@media print{.md-typeset{font-size:.68rem}}.md-typeset blockquote,.md-typeset dl,.md-typeset figure,.md-typeset ol,.md-typeset pre,.md-typeset ul{margin-bottom:1em;margin-top:1em}.md-typeset h1{color:var(--md-default-fg-color--light);font-size:2em;line-height:1.3;margin:0 0 1.25em}.md-typeset h1,.md-typeset h2{font-weight:300;letter-spacing:-.01em}.md-typeset h2{font-size:1.5625em;line-height:1.4;margin:1.6em 0 .64em}.md-typeset h3{font-size:1.25em;font-weight:400;letter-spacing:-.01em;line-height:1.5;margin:1.6em 0 .8em}.md-typeset h2+h3{margin-top:.8em}.md-typeset h4{font-weight:700;letter-spacing:-.01em;margin:1em 0}.md-typeset h5,.md-typeset h6{color:var(--md-default-fg-color--light);font-size:.8em;font-weight:700;letter-spacing:-.01em;margin:1.25em 0}.md-typeset h5{text-transform:uppercase}.md-typeset hr{border-bottom:.05rem solid var(--md-default-fg-color--lightest);display:flow-root;margin:1.5em 0}.md-typeset a{color:var(--md-typeset-a-color);word-break:break-word}.md-typeset a,.md-typeset a:before{transition:color 125ms}.md-typeset a:focus,.md-typeset a:hover{color:var(--md-accent-fg-color)}.md-typeset a:focus code,.md-typeset a:hover code{background-color:var(--md-accent-fg-color--transparent)}.md-typeset a code{color:currentcolor;transition:background-color 125ms}.md-typeset a.focus-visible{outline-color:var(--md-accent-fg-color);outline-offset:.2rem}.md-typeset code,.md-typeset kbd,.md-typeset pre{color:var(--md-code-fg-color);direction:ltr;font-variant-ligatures:none}@media print{.md-typeset code,.md-typeset kbd,.md-typeset pre{white-space:pre-wrap}}.md-typeset code{background-color:var(--md-code-bg-color);border-radius:.1rem;-webkit-box-decoration-break:clone;box-decoration-break:clone;font-size:.85em;padding:0 .2941176471em;word-break:break-word}.md-typeset code:not(.focus-visible){-webkit-tap-highlight-color:transparent;outline:none}.md-typeset pre{display:flow-root;line-height:1.4;position:relative}.md-typeset pre>code{-webkit-box-decoration-break:slice;box-decoration-break:slice;box-shadow:none;display:block;margin:0;outline-color:var(--md-accent-fg-color);overflow:auto;padding:.7720588235em 1.1764705882em;scrollbar-color:var(--md-default-fg-color--lighter) transparent;scrollbar-width:thin;touch-action:auto;word-break:normal}.md-typeset pre>code:hover{scrollbar-color:var(--md-accent-fg-color) transparent}.md-typeset pre>code::-webkit-scrollbar{height:.2rem;width:.2rem}.md-typeset pre>code::-webkit-scrollbar-thumb{background-color:var(--md-default-fg-color--lighter)}.md-typeset pre>code::-webkit-scrollbar-thumb:hover{background-color:var(--md-accent-fg-color)}.md-typeset kbd{background-color:var(--md-typeset-kbd-color);border-radius:.1rem;box-shadow:0 .1rem 0 .05rem var(--md-typeset-kbd-border-color),0 .1rem 0 var(--md-typeset-kbd-border-color),0 -.1rem .2rem var(--md-typeset-kbd-accent-color) inset;color:var(--md-default-fg-color);display:inline-block;font-size:.75em;padding:0 .6666666667em;vertical-align:text-top;word-break:break-word}.md-typeset mark{background-color:var(--md-typeset-mark-color);-webkit-box-decoration-break:clone;box-decoration-break:clone;color:inherit;word-break:break-word}.md-typeset abbr{border-bottom:.05rem dotted var(--md-default-fg-color--light);cursor:help;text-decoration:none}@media (hover:none){.md-typeset abbr{position:relative}.md-typeset abbr[title]:-webkit-any(:focus,:hover):after{background-color:var(--md-default-fg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z3);color:var(--md-default-bg-color);content:attr(title);display:inline-block;font-size:.7rem;margin-top:2em;max-width:80%;min-width:-webkit-max-content;min-width:max-content;padding:.2rem .3rem;position:absolute;width:auto}.md-typeset abbr[title]:-moz-any(:focus,:hover):after{background-color:var(--md-default-fg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z3);color:var(--md-default-bg-color);content:attr(title);display:inline-block;font-size:.7rem;margin-top:2em;max-width:80%;min-width:-moz-max-content;min-width:max-content;padding:.2rem .3rem;position:absolute;width:auto}[dir=ltr] .md-typeset abbr[title]:-webkit-any(:focus,:hover):after{left:0}[dir=ltr] .md-typeset abbr[title]:-moz-any(:focus,:hover):after{left:0}[dir=ltr] .md-typeset abbr[title]:is(:focus,:hover):after{left:0}[dir=rtl] .md-typeset abbr[title]:-webkit-any(:focus,:hover):after{right:0}[dir=rtl] .md-typeset abbr[title]:-moz-any(:focus,:hover):after{right:0}[dir=rtl] .md-typeset abbr[title]:is(:focus,:hover):after{right:0}.md-typeset abbr[title]:is(:focus,:hover):after{background-color:var(--md-default-fg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z3);color:var(--md-default-bg-color);content:attr(title);display:inline-block;font-size:.7rem;margin-top:2em;max-width:80%;min-width:-webkit-max-content;min-width:-moz-max-content;min-width:max-content;padding:.2rem .3rem;position:absolute;width:auto}}.md-typeset small{opacity:.75}[dir=ltr] .md-typeset sub,[dir=ltr] .md-typeset sup{margin-left:.078125em}[dir=rtl] .md-typeset sub,[dir=rtl] .md-typeset sup{margin-right:.078125em}[dir=ltr] .md-typeset blockquote{padding-left:.6rem}[dir=rtl] .md-typeset blockquote{padding-right:.6rem}[dir=ltr] .md-typeset blockquote{border-left:.2rem solid var(--md-default-fg-color--lighter)}[dir=rtl] .md-typeset blockquote{border-right:.2rem solid var(--md-default-fg-color--lighter)}.md-typeset blockquote{color:var(--md-default-fg-color--light);margin-left:0;margin-right:0}.md-typeset ul{list-style-type:disc}[dir=ltr] .md-typeset ol,[dir=ltr] .md-typeset ul{margin-left:.625em}[dir=rtl] .md-typeset ol,[dir=rtl] .md-typeset ul{margin-right:.625em}.md-typeset ol,.md-typeset ul{padding:0}.md-typeset ol:not([hidden]),.md-typeset ul:not([hidden]){display:flow-root}.md-typeset ol ol,.md-typeset ul ol{list-style-type:lower-alpha}.md-typeset ol ol ol,.md-typeset ul ol ol{list-style-type:lower-roman}[dir=ltr] .md-typeset ol li,[dir=ltr] .md-typeset ul li{margin-left:1.25em}[dir=rtl] .md-typeset ol li,[dir=rtl] .md-typeset ul li{margin-right:1.25em}.md-typeset ol li,.md-typeset ul li{margin-bottom:.5em}.md-typeset ol li blockquote,.md-typeset ol li p,.md-typeset ul li blockquote,.md-typeset ul li p{margin:.5em 0}.md-typeset ol li:last-child,.md-typeset ul li:last-child{margin-bottom:0}.md-typeset ol li :-webkit-any(ul,ol),.md-typeset ul li :-webkit-any(ul,ol){margin-bottom:.5em;margin-top:.5em}.md-typeset ol li :-moz-any(ul,ol),.md-typeset ul li :-moz-any(ul,ol){margin-bottom:.5em;margin-top:.5em}[dir=ltr] .md-typeset ol li :-webkit-any(ul,ol),[dir=ltr] .md-typeset ul li :-webkit-any(ul,ol){margin-left:.625em}[dir=ltr] .md-typeset ol li :-moz-any(ul,ol),[dir=ltr] .md-typeset ul li :-moz-any(ul,ol){margin-left:.625em}[dir=ltr] .md-typeset ol li :is(ul,ol),[dir=ltr] .md-typeset ul li :is(ul,ol){margin-left:.625em}[dir=rtl] .md-typeset ol li :-webkit-any(ul,ol),[dir=rtl] .md-typeset ul li :-webkit-any(ul,ol){margin-right:.625em}[dir=rtl] .md-typeset ol li :-moz-any(ul,ol),[dir=rtl] .md-typeset ul li :-moz-any(ul,ol){margin-right:.625em}[dir=rtl] .md-typeset ol li :is(ul,ol),[dir=rtl] .md-typeset ul li :is(ul,ol){margin-right:.625em}.md-typeset ol li :is(ul,ol),.md-typeset ul li :is(ul,ol){margin-bottom:.5em;margin-top:.5em}[dir=ltr] .md-typeset dd{margin-left:1.875em}[dir=rtl] .md-typeset dd{margin-right:1.875em}.md-typeset dd{margin-bottom:1.5em;margin-top:1em}.md-typeset img,.md-typeset svg,.md-typeset video{height:auto;max-width:100%}.md-typeset img[align=left]{margin:1em 1em 1em 0}.md-typeset img[align=right]{margin:1em 0 1em 1em}.md-typeset img[align]:only-child{margin-top:0}.md-typeset img[src$="#gh-dark-mode-only"],.md-typeset img[src$="#only-dark"]{display:none}.md-typeset figure{display:flow-root;margin:1em auto;max-width:100%;text-align:center;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content}.md-typeset figure img{display:block}.md-typeset figcaption{font-style:italic;margin:1em auto;max-width:24rem}.md-typeset iframe{max-width:100%}.md-typeset table:not([class]){background-color:var(--md-default-bg-color);border:.05rem solid var(--md-typeset-table-color);border-radius:.1rem;display:inline-block;font-size:.64rem;max-width:100%;overflow:auto;touch-action:auto}@media print{.md-typeset table:not([class]){display:table}}.md-typeset table:not([class])+*{margin-top:1.5em}.md-typeset table:not([class]) :-webkit-any(th,td)>:first-child{margin-top:0}.md-typeset table:not([class]) :-moz-any(th,td)>:first-child{margin-top:0}.md-typeset table:not([class]) :is(th,td)>:first-child{margin-top:0}.md-typeset table:not([class]) :-webkit-any(th,td)>:last-child{margin-bottom:0}.md-typeset table:not([class]) :-moz-any(th,td)>:last-child{margin-bottom:0}.md-typeset table:not([class]) :is(th,td)>:last-child{margin-bottom:0}.md-typeset table:not([class]) :-webkit-any(th,td):not([align]){text-align:left}.md-typeset table:not([class]) :-moz-any(th,td):not([align]){text-align:left}.md-typeset table:not([class]) :is(th,td):not([align]){text-align:left}[dir=rtl] .md-typeset table:not([class]) :-webkit-any(th,td):not([align]){text-align:right}[dir=rtl] .md-typeset table:not([class]) :-moz-any(th,td):not([align]){text-align:right}[dir=rtl] .md-typeset table:not([class]) :is(th,td):not([align]){text-align:right}.md-typeset table:not([class]) th{font-weight:700;min-width:5rem;padding:.9375em 1.25em;vertical-align:top}.md-typeset table:not([class]) td{border-top:.05rem solid var(--md-typeset-table-color);padding:.9375em 1.25em;vertical-align:top}.md-typeset table:not([class]) tbody tr{transition:background-color 125ms}.md-typeset table:not([class]) tbody tr:hover{background-color:rgba(0,0,0,.035);box-shadow:0 .05rem 0 var(--md-default-bg-color) inset}.md-typeset table:not([class]) a{word-break:normal}.md-typeset table th[role=columnheader]{cursor:pointer}[dir=ltr] .md-typeset table th[role=columnheader]:after{margin-left:.5em}[dir=rtl] .md-typeset table th[role=columnheader]:after{margin-right:.5em}.md-typeset table th[role=columnheader]:after{content:"";display:inline-block;height:1.2em;-webkit-mask-image:var(--md-typeset-table-sort-icon);mask-image:var(--md-typeset-table-sort-icon);-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;transition:background-color 125ms;vertical-align:text-bottom;width:1.2em}.md-typeset table th[role=columnheader]:hover:after{background-color:var(--md-default-fg-color--lighter)}.md-typeset table th[role=columnheader][aria-sort=ascending]:after{background-color:var(--md-default-fg-color--light);-webkit-mask-image:var(--md-typeset-table-sort-icon--asc);mask-image:var(--md-typeset-table-sort-icon--asc)}.md-typeset table th[role=columnheader][aria-sort=descending]:after{background-color:var(--md-default-fg-color--light);-webkit-mask-image:var(--md-typeset-table-sort-icon--desc);mask-image:var(--md-typeset-table-sort-icon--desc)}.md-typeset__scrollwrap{margin:1em -.8rem;overflow-x:auto;touch-action:auto}.md-typeset__table{display:inline-block;margin-bottom:.5em;padding:0 .8rem}@media print{.md-typeset__table{display:block}}html .md-typeset__table table{display:table;margin:0;overflow:hidden;width:100%}@media screen and (max-width:44.9375em){.md-content__inner>pre{margin:1em -.8rem}.md-content__inner>pre code{border-radius:0}}.md-banner{background-color:var(--md-footer-bg-color);color:var(--md-footer-fg-color);overflow:auto}@media print{.md-banner{display:none}}.md-banner--warning{background:var(--md-typeset-mark-color);color:var(--md-default-fg-color)}.md-banner__inner{font-size:.7rem;margin:.6rem auto;padding:0 .8rem}[dir=ltr] .md-banner__button{float:right}[dir=rtl] .md-banner__button{float:left}.md-banner__button{color:inherit;cursor:pointer;transition:opacity .25s}.md-banner__button:hover{opacity:.7}html{font-size:125%;height:100%;overflow-x:hidden}@media screen and (min-width:100em){html{font-size:137.5%}}@media screen and (min-width:125em){html{font-size:150%}}body{background-color:var(--md-default-bg-color);display:flex;flex-direction:column;font-size:.5rem;min-height:100%;position:relative;width:100%}@media print{body{display:block}}@media screen and (max-width:59.9375em){body[data-md-scrolllock]{position:fixed}}.md-grid{margin-left:auto;margin-right:auto;max-width:61rem}.md-container{display:flex;flex-direction:column;flex-grow:1}@media print{.md-container{display:block}}.md-main{flex-grow:1}.md-main__inner{display:flex;height:100%;margin-top:1.5rem}.md-ellipsis{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.md-toggle{display:none}.md-option{height:0;opacity:0;position:absolute;width:0}.md-option:checked+label:not([hidden]){display:block}.md-option.focus-visible+label{outline-color:var(--md-accent-fg-color);outline-style:auto}.md-skip{background-color:var(--md-default-fg-color);border-radius:.1rem;color:var(--md-default-bg-color);font-size:.64rem;margin:.5rem;opacity:0;outline-color:var(--md-accent-fg-color);padding:.3rem .5rem;position:fixed;transform:translateY(.4rem);z-index:-1}.md-skip:focus{opacity:1;transform:translateY(0);transition:transform .25s cubic-bezier(.4,0,.2,1),opacity 175ms 75ms;z-index:10}@page{margin:25mm}:root{--md-clipboard-icon:url('data:image/svg+xml;charset=utf-8,')}.md-clipboard{border-radius:.1rem;color:var(--md-default-fg-color--lightest);cursor:pointer;height:1.5em;outline-color:var(--md-accent-fg-color);outline-offset:.1rem;position:absolute;right:.5em;top:.5em;transition:color .25s;width:1.5em;z-index:1}@media print{.md-clipboard{display:none}}.md-clipboard:not(.focus-visible){-webkit-tap-highlight-color:transparent;outline:none}:hover>.md-clipboard{color:var(--md-default-fg-color--light)}.md-clipboard:-webkit-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-clipboard:-moz-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-clipboard:is(:focus,:hover){color:var(--md-accent-fg-color)}.md-clipboard:after{background-color:currentcolor;content:"";display:block;height:1.125em;margin:0 auto;-webkit-mask-image:var(--md-clipboard-icon);mask-image:var(--md-clipboard-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:1.125em}.md-clipboard--inline{cursor:pointer}.md-clipboard--inline code{transition:color .25s,background-color .25s}.md-clipboard--inline:-webkit-any(:focus,:hover) code{background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-clipboard--inline:-moz-any(:focus,:hover) code{background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-clipboard--inline:is(:focus,:hover) code{background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}@keyframes consent{0%{opacity:0;transform:translateY(100%)}to{opacity:1;transform:translateY(0)}}@keyframes overlay{0%{opacity:0}to{opacity:1}}.md-consent__overlay{animation:overlay .25s both;-webkit-backdrop-filter:blur(.1rem);backdrop-filter:blur(.1rem);background-color:rgba(0,0,0,.54);height:100%;opacity:1;position:fixed;top:0;width:100%;z-index:5}.md-consent__inner{animation:consent .5s cubic-bezier(.1,.7,.1,1) both;background-color:var(--md-default-bg-color);border:0;border-radius:.1rem;bottom:0;box-shadow:0 0 .2rem rgba(0,0,0,.1),0 .2rem .4rem rgba(0,0,0,.2);max-height:100%;overflow:auto;padding:0;position:fixed;width:100%;z-index:5}.md-consent__form{padding:.8rem}.md-consent__settings{display:none;margin:1em 0}input:checked+.md-consent__settings{display:block}.md-consent__controls{margin-bottom:.8rem}.md-typeset .md-consent__controls .md-button{display:inline}@media screen and (max-width:44.9375em){.md-typeset .md-consent__controls .md-button{display:block;margin-top:.4rem;text-align:center;width:100%}}.md-consent label{cursor:pointer}.md-content{flex-grow:1;min-width:0}.md-content__inner{margin:0 .8rem 1.2rem;padding-top:.6rem}@media screen and (min-width:76.25em){[dir=ltr] .md-sidebar--primary:not([hidden])~.md-content>.md-content__inner{margin-left:1.2rem}[dir=ltr] .md-sidebar--secondary:not([hidden])~.md-content>.md-content__inner,[dir=rtl] .md-sidebar--primary:not([hidden])~.md-content>.md-content__inner{margin-right:1.2rem}[dir=rtl] .md-sidebar--secondary:not([hidden])~.md-content>.md-content__inner{margin-left:1.2rem}}.md-content__inner:before{content:"";display:block;height:.4rem}.md-content__inner>:last-child{margin-bottom:0}[dir=ltr] .md-content__button{float:right}[dir=rtl] .md-content__button{float:left}[dir=ltr] .md-content__button{margin-left:.4rem}[dir=rtl] .md-content__button{margin-right:.4rem}.md-content__button{margin:.4rem 0;padding:0}@media print{.md-content__button{display:none}}.md-typeset .md-content__button{color:var(--md-default-fg-color--lighter)}.md-content__button svg{display:inline;vertical-align:top}[dir=rtl] .md-content__button svg{transform:scaleX(-1)}[dir=ltr] .md-dialog{right:.8rem}[dir=rtl] .md-dialog{left:.8rem}.md-dialog{background-color:var(--md-default-fg-color);border-radius:.1rem;bottom:.8rem;box-shadow:var(--md-shadow-z3);min-width:11.1rem;opacity:0;padding:.4rem .6rem;pointer-events:none;position:fixed;transform:translateY(100%);transition:transform 0ms .4s,opacity .4s;z-index:4}@media print{.md-dialog{display:none}}.md-dialog--active{opacity:1;pointer-events:auto;transform:translateY(0);transition:transform .4s cubic-bezier(.075,.85,.175,1),opacity .4s}.md-dialog__inner{color:var(--md-default-bg-color);font-size:.7rem}.md-feedback{margin:2em 0 1em;text-align:center}.md-feedback fieldset{border:none;margin:0;padding:0}.md-feedback__title{font-weight:700;margin:1em auto}.md-feedback__inner{position:relative}.md-feedback__list{align-content:baseline;display:flex;flex-wrap:wrap;justify-content:center;position:relative}.md-feedback__list:hover .md-icon:not(:disabled){color:var(--md-default-fg-color--lighter)}:disabled .md-feedback__list{min-height:1.8rem}.md-feedback__icon{color:var(--md-default-fg-color--light);cursor:pointer;flex-shrink:0;margin:0 .1rem;transition:color 125ms}.md-feedback__icon:not(:disabled).md-icon:hover{color:var(--md-accent-fg-color)}.md-feedback__icon:disabled{color:var(--md-default-fg-color--lightest);pointer-events:none}.md-feedback__note{opacity:0;position:relative;transform:translateY(.4rem);transition:transform .4s cubic-bezier(.1,.7,.1,1),opacity .15s}.md-feedback__note>*{margin:0 auto;max-width:16rem}:disabled .md-feedback__note{opacity:1;transform:translateY(0)}.md-footer{background-color:var(--md-footer-bg-color);color:var(--md-footer-fg-color)}@media print{.md-footer{display:none}}.md-footer__inner{justify-content:space-between;overflow:auto;padding:.2rem}.md-footer__inner:not([hidden]){display:flex}.md-footer__link{display:flex;flex-grow:0.01;outline-color:var(--md-accent-fg-color);overflow:hidden;padding-bottom:.4rem;padding-top:1.4rem;transition:opacity .25s}.md-footer__link:-webkit-any(:focus,:hover){opacity:.7}.md-footer__link:-moz-any(:focus,:hover){opacity:.7}.md-footer__link:is(:focus,:hover){opacity:.7}[dir=rtl] .md-footer__link svg{transform:scaleX(-1)}@media screen and (max-width:44.9375em){.md-footer__link--prev .md-footer__title{display:none}}[dir=ltr] .md-footer__link--next{margin-left:auto}[dir=rtl] .md-footer__link--next{margin-right:auto}.md-footer__link--next{text-align:right}[dir=rtl] .md-footer__link--next{text-align:left}.md-footer__title{flex-grow:1;font-size:.9rem;line-height:2.4rem;max-width:calc(100% - 2.4rem);padding:0 1rem;position:relative;white-space:nowrap}.md-footer__button{margin:.2rem;padding:.4rem}.md-footer__direction{font-size:.64rem;left:0;margin-top:-1rem;opacity:.7;padding:0 1rem;position:absolute;right:0}.md-footer-meta{background-color:var(--md-footer-bg-color--dark)}.md-footer-meta__inner{display:flex;flex-wrap:wrap;justify-content:space-between;padding:.2rem}html .md-footer-meta.md-typeset a{color:var(--md-footer-fg-color--light)}html .md-footer-meta.md-typeset a:-webkit-any(:focus,:hover){color:var(--md-footer-fg-color)}html .md-footer-meta.md-typeset a:-moz-any(:focus,:hover){color:var(--md-footer-fg-color)}html .md-footer-meta.md-typeset a:is(:focus,:hover){color:var(--md-footer-fg-color)}.md-copyright{color:var(--md-footer-fg-color--lighter);font-size:.64rem;margin:auto .6rem;padding:.4rem 0;width:100%}@media screen and (min-width:45em){.md-copyright{width:auto}}.md-copyright__highlight{color:var(--md-footer-fg-color--light)}.md-social{margin:0 .4rem;padding:.2rem 0 .6rem}@media screen and (min-width:45em){.md-social{padding:.6rem 0}}.md-social__link{display:inline-block;height:1.6rem;text-align:center;width:1.6rem}.md-social__link:before{line-height:1.9}.md-social__link svg{fill:currentcolor;max-height:.8rem;vertical-align:-25%}.md-typeset .md-button{border:.1rem solid;border-radius:.1rem;color:var(--md-primary-fg-color);cursor:pointer;display:inline-block;font-weight:700;padding:.625em 2em;transition:color 125ms,background-color 125ms,border-color 125ms}.md-typeset .md-button--primary{background-color:var(--md-primary-fg-color);border-color:var(--md-primary-fg-color);color:var(--md-primary-bg-color)}.md-typeset .md-button:-webkit-any(:focus,:hover){background-color:var(--md-accent-fg-color);border-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}.md-typeset .md-button:-moz-any(:focus,:hover){background-color:var(--md-accent-fg-color);border-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}.md-typeset .md-button:is(:focus,:hover){background-color:var(--md-accent-fg-color);border-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}[dir=ltr] .md-typeset .md-input{border-top-left-radius:.1rem}[dir=ltr] .md-typeset .md-input,[dir=rtl] .md-typeset .md-input{border-top-right-radius:.1rem}[dir=rtl] .md-typeset .md-input{border-top-left-radius:.1rem}.md-typeset .md-input{border-bottom:.1rem solid var(--md-default-fg-color--lighter);box-shadow:var(--md-shadow-z1);font-size:.8rem;height:1.8rem;padding:0 .6rem;transition:border .25s,box-shadow .25s}.md-typeset .md-input:-webkit-any(:focus,:hover){border-bottom-color:var(--md-accent-fg-color);box-shadow:var(--md-shadow-z2)}.md-typeset .md-input:-moz-any(:focus,:hover){border-bottom-color:var(--md-accent-fg-color);box-shadow:var(--md-shadow-z2)}.md-typeset .md-input:is(:focus,:hover){border-bottom-color:var(--md-accent-fg-color);box-shadow:var(--md-shadow-z2)}.md-typeset .md-input--stretch{width:100%}.md-header{background-color:var(--md-primary-fg-color);box-shadow:0 0 .2rem transparent,0 .2rem .4rem transparent;color:var(--md-primary-bg-color);display:block;left:0;position:-webkit-sticky;position:sticky;right:0;top:0;z-index:4}@media print{.md-header{display:none}}.md-header[hidden]{transform:translateY(-100%);transition:transform .25s cubic-bezier(.8,0,.6,1),box-shadow .25s}.md-header--shadow{box-shadow:0 0 .2rem rgba(0,0,0,.1),0 .2rem .4rem rgba(0,0,0,.2);transition:transform .25s cubic-bezier(.1,.7,.1,1),box-shadow .25s}.md-header__inner{align-items:center;display:flex;padding:0 .2rem}.md-header__button{color:currentcolor;cursor:pointer;margin:.2rem;outline-color:var(--md-accent-fg-color);padding:.4rem;position:relative;transition:opacity .25s;vertical-align:middle;z-index:1}.md-header__button:hover{opacity:.7}.md-header__button:not([hidden]){display:inline-block}.md-header__button:not(.focus-visible){-webkit-tap-highlight-color:transparent;outline:none}.md-header__button.md-logo{margin:.2rem;padding:.4rem}@media screen and (max-width:76.1875em){.md-header__button.md-logo{display:none}}.md-header__button.md-logo :-webkit-any(img,svg){fill:currentcolor;display:block;height:1.2rem;width:auto}.md-header__button.md-logo :-moz-any(img,svg){fill:currentcolor;display:block;height:1.2rem;width:auto}.md-header__button.md-logo :is(img,svg){fill:currentcolor;display:block;height:1.2rem;width:auto}@media screen and (min-width:60em){.md-header__button[for=__search]{display:none}}.no-js .md-header__button[for=__search]{display:none}[dir=rtl] .md-header__button[for=__search] svg{transform:scaleX(-1)}@media screen and (min-width:76.25em){.md-header__button[for=__drawer]{display:none}}.md-header__topic{display:flex;max-width:100%;position:absolute;transition:transform .4s cubic-bezier(.1,.7,.1,1),opacity .15s;white-space:nowrap}.md-header__topic+.md-header__topic{opacity:0;pointer-events:none;transform:translateX(1.25rem);transition:transform .4s cubic-bezier(1,.7,.1,.1),opacity .15s;z-index:-1}[dir=rtl] .md-header__topic+.md-header__topic{transform:translateX(-1.25rem)}.md-header__topic:first-child{font-weight:700}[dir=ltr] .md-header__title{margin-right:.4rem}[dir=rtl] .md-header__title{margin-left:.4rem}[dir=ltr] .md-header__title{margin-left:1rem}[dir=rtl] .md-header__title{margin-right:1rem}.md-header__title{flex-grow:1;font-size:.9rem;height:2.4rem;line-height:2.4rem}.md-header__title--active .md-header__topic{opacity:0;pointer-events:none;transform:translateX(-1.25rem);transition:transform .4s cubic-bezier(1,.7,.1,.1),opacity .15s;z-index:-1}[dir=rtl] .md-header__title--active .md-header__topic{transform:translateX(1.25rem)}.md-header__title--active .md-header__topic+.md-header__topic{opacity:1;pointer-events:auto;transform:translateX(0);transition:transform .4s cubic-bezier(.1,.7,.1,1),opacity .15s;z-index:0}.md-header__title>.md-header__ellipsis{height:100%;position:relative;width:100%}.md-header__option{display:flex;flex-shrink:0;max-width:100%;transition:max-width 0ms .25s,opacity .25s .25s;white-space:nowrap}[data-md-toggle=search]:checked~.md-header .md-header__option{max-width:0;opacity:0;transition:max-width 0ms,opacity 0ms}.md-header__source{display:none}@media screen and (min-width:60em){[dir=ltr] .md-header__source{margin-left:1rem}[dir=rtl] .md-header__source{margin-right:1rem}.md-header__source{display:block;max-width:11.7rem;width:11.7rem}}@media screen and (min-width:76.25em){[dir=ltr] .md-header__source{margin-left:1.4rem}[dir=rtl] .md-header__source{margin-right:1.4rem}}:root{--md-nav-icon--prev:url('data:image/svg+xml;charset=utf-8,');--md-nav-icon--next:url('data:image/svg+xml;charset=utf-8,');--md-toc-icon:url('data:image/svg+xml;charset=utf-8,')}.md-nav{font-size:.7rem;line-height:1.3}.md-nav__title{display:block;font-weight:700;overflow:hidden;padding:0 .6rem;text-overflow:ellipsis}.md-nav__title .md-nav__button{display:none}.md-nav__title .md-nav__button img{height:100%;width:auto}.md-nav__title .md-nav__button.md-logo :-webkit-any(img,svg){fill:currentcolor;display:block;height:2.4rem;max-width:100%;object-fit:contain;width:auto}.md-nav__title .md-nav__button.md-logo :-moz-any(img,svg){fill:currentcolor;display:block;height:2.4rem;max-width:100%;object-fit:contain;width:auto}.md-nav__title .md-nav__button.md-logo :is(img,svg){fill:currentcolor;display:block;height:2.4rem;max-width:100%;object-fit:contain;width:auto}.md-nav__list{list-style:none;margin:0;padding:0}.md-nav__item{padding:0 .6rem}[dir=ltr] .md-nav__item .md-nav__item{padding-right:0}[dir=rtl] .md-nav__item .md-nav__item{padding-left:0}.md-nav__link{align-items:center;cursor:pointer;display:flex;justify-content:space-between;margin-top:.625em;overflow:hidden;scroll-snap-align:start;text-overflow:ellipsis;transition:color 125ms}.md-nav__link--passed{color:var(--md-default-fg-color--light)}.md-nav__item .md-nav__link--active{color:var(--md-typeset-a-color)}.md-nav__item .md-nav__link--index [href]{width:100%}.md-nav__link:-webkit-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav__link:-moz-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav__link:is(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav__link.focus-visible{outline-color:var(--md-accent-fg-color);outline-offset:.2rem}.md-nav--primary .md-nav__link[for=__toc]{display:none}.md-nav--primary .md-nav__link[for=__toc] .md-icon:after{background-color:currentcolor;display:block;height:100%;-webkit-mask-image:var(--md-toc-icon);mask-image:var(--md-toc-icon);width:100%}.md-nav--primary .md-nav__link[for=__toc]~.md-nav{display:none}.md-nav__link>*{cursor:pointer;display:flex}.md-nav__icon{flex-shrink:0}.md-nav__source{display:none}@media screen and (max-width:76.1875em){.md-nav--primary,.md-nav--primary .md-nav{background-color:var(--md-default-bg-color);display:flex;flex-direction:column;height:100%;left:0;position:absolute;right:0;top:0;z-index:1}.md-nav--primary :-webkit-any(.md-nav__title,.md-nav__item){font-size:.8rem;line-height:1.5}.md-nav--primary :-moz-any(.md-nav__title,.md-nav__item){font-size:.8rem;line-height:1.5}.md-nav--primary :is(.md-nav__title,.md-nav__item){font-size:.8rem;line-height:1.5}.md-nav--primary .md-nav__title{background-color:var(--md-default-fg-color--lightest);color:var(--md-default-fg-color--light);cursor:pointer;height:5.6rem;line-height:2.4rem;padding:3rem .8rem .2rem;position:relative;white-space:nowrap}[dir=ltr] .md-nav--primary .md-nav__title .md-nav__icon{left:.4rem}[dir=rtl] .md-nav--primary .md-nav__title .md-nav__icon{right:.4rem}.md-nav--primary .md-nav__title .md-nav__icon{display:block;height:1.2rem;margin:.2rem;position:absolute;top:.4rem;width:1.2rem}.md-nav--primary .md-nav__title .md-nav__icon:after{background-color:currentcolor;content:"";display:block;height:100%;-webkit-mask-image:var(--md-nav-icon--prev);mask-image:var(--md-nav-icon--prev);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:100%}.md-nav--primary .md-nav__title~.md-nav__list{background-color:var(--md-default-bg-color);box-shadow:0 .05rem 0 var(--md-default-fg-color--lightest) inset;overflow-y:auto;-ms-scroll-snap-type:y mandatory;scroll-snap-type:y mandatory;touch-action:pan-y}.md-nav--primary .md-nav__title~.md-nav__list>:first-child{border-top:0}.md-nav--primary .md-nav__title[for=__drawer]{background-color:var(--md-primary-fg-color);color:var(--md-primary-bg-color);font-weight:700}.md-nav--primary .md-nav__title .md-logo{display:block;left:.2rem;margin:.2rem;padding:.4rem;position:absolute;right:.2rem;top:.2rem}.md-nav--primary .md-nav__list{flex:1}.md-nav--primary .md-nav__item{border-top:.05rem solid var(--md-default-fg-color--lightest);padding:0}.md-nav--primary .md-nav__item--active>.md-nav__link{color:var(--md-typeset-a-color)}.md-nav--primary .md-nav__item--active>.md-nav__link:-webkit-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav--primary .md-nav__item--active>.md-nav__link:-moz-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav--primary .md-nav__item--active>.md-nav__link:is(:focus,:hover){color:var(--md-accent-fg-color)}.md-nav--primary .md-nav__link{margin-top:0;padding:.6rem .8rem}[dir=ltr] .md-nav--primary .md-nav__link .md-nav__icon{margin-right:-.2rem}[dir=rtl] .md-nav--primary .md-nav__link .md-nav__icon{margin-left:-.2rem}.md-nav--primary .md-nav__link .md-nav__icon{font-size:1.2rem;height:1.2rem;width:1.2rem}.md-nav--primary .md-nav__link .md-nav__icon:after{background-color:currentcolor;content:"";display:block;height:100%;-webkit-mask-image:var(--md-nav-icon--next);mask-image:var(--md-nav-icon--next);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:100%}[dir=rtl] .md-nav--primary .md-nav__icon:after{transform:scale(-1)}.md-nav--primary .md-nav--secondary .md-nav{background-color:initial;position:static}[dir=ltr] .md-nav--primary .md-nav--secondary .md-nav .md-nav__link{padding-left:1.4rem}[dir=rtl] .md-nav--primary .md-nav--secondary .md-nav .md-nav__link{padding-right:1.4rem}[dir=ltr] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav__link{padding-left:2rem}[dir=rtl] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav__link{padding-right:2rem}[dir=ltr] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav .md-nav__link{padding-left:2.6rem}[dir=rtl] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav .md-nav__link{padding-right:2.6rem}[dir=ltr] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav .md-nav .md-nav__link{padding-left:3.2rem}[dir=rtl] .md-nav--primary .md-nav--secondary .md-nav .md-nav .md-nav .md-nav .md-nav__link{padding-right:3.2rem}.md-nav--secondary{background-color:initial}.md-nav__toggle~.md-nav{display:flex;opacity:0;transform:translateX(100%);transition:transform .25s cubic-bezier(.8,0,.6,1),opacity 125ms 50ms}[dir=rtl] .md-nav__toggle~.md-nav{transform:translateX(-100%)}.md-nav__toggle:checked~.md-nav{opacity:1;transform:translateX(0);transition:transform .25s cubic-bezier(.4,0,.2,1),opacity 125ms 125ms}.md-nav__toggle:checked~.md-nav>.md-nav__list{-webkit-backface-visibility:hidden;backface-visibility:hidden}}@media screen and (max-width:59.9375em){.md-nav--primary .md-nav__link[for=__toc]{display:flex}.md-nav--primary .md-nav__link[for=__toc] .md-icon:after{content:""}.md-nav--primary .md-nav__link[for=__toc]+.md-nav__link{display:none}.md-nav--primary .md-nav__link[for=__toc]~.md-nav{display:flex}.md-nav__source{background-color:var(--md-primary-fg-color--dark);color:var(--md-primary-bg-color);display:block;padding:0 .2rem}}@media screen and (min-width:60em) and (max-width:76.1875em){.md-nav--integrated .md-nav__link[for=__toc]{display:flex}.md-nav--integrated .md-nav__link[for=__toc] .md-icon:after{content:""}.md-nav--integrated .md-nav__link[for=__toc]+.md-nav__link{display:none}.md-nav--integrated .md-nav__link[for=__toc]~.md-nav{display:flex}}@media screen and (min-width:60em){.md-nav--secondary .md-nav__title{background:var(--md-default-bg-color);box-shadow:0 0 .4rem .4rem var(--md-default-bg-color);position:-webkit-sticky;position:sticky;top:0;z-index:1}.md-nav--secondary .md-nav__title[for=__toc]{scroll-snap-align:start}.md-nav--secondary .md-nav__title .md-nav__icon{display:none}}@media screen and (min-width:76.25em){.md-nav{transition:max-height .25s cubic-bezier(.86,0,.07,1)}.md-nav--primary .md-nav__title{background:var(--md-default-bg-color);box-shadow:0 0 .4rem .4rem var(--md-default-bg-color);position:-webkit-sticky;position:sticky;top:0;z-index:1}.md-nav--primary .md-nav__title[for=__drawer]{scroll-snap-align:start}.md-nav--primary .md-nav__title .md-nav__icon,.md-nav__toggle~.md-nav{display:none}.md-nav__toggle:-webkit-any(:checked,:indeterminate)~.md-nav{display:block}.md-nav__toggle:-moz-any(:checked,:indeterminate)~.md-nav{display:block}.md-nav__toggle:is(:checked,:indeterminate)~.md-nav{display:block}.md-nav__item--nested>.md-nav>.md-nav__title{display:none}.md-nav__item--section{display:block;margin:1.25em 0}.md-nav__item--section:last-child{margin-bottom:0}.md-nav__item--section>.md-nav__link{font-weight:700;pointer-events:none}.md-nav__item--section>.md-nav__link--index [href]{pointer-events:auto}.md-nav__item--section>.md-nav__link .md-nav__icon{display:none}.md-nav__item--section>.md-nav{display:block}.md-nav__item--section>.md-nav>.md-nav__list>.md-nav__item{padding:0}.md-nav__icon{border-radius:100%;height:.9rem;transition:background-color .25s,transform .25s;width:.9rem}[dir=rtl] .md-nav__icon{transform:rotate(180deg)}.md-nav__icon:hover{background-color:var(--md-accent-fg-color--transparent)}.md-nav__icon:after{background-color:currentcolor;content:"";display:inline-block;height:100%;-webkit-mask-image:var(--md-nav-icon--next);mask-image:var(--md-nav-icon--next);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;vertical-align:-.1rem;width:100%}.md-nav__item--nested .md-nav__toggle:checked~.md-nav__link .md-nav__icon,.md-nav__item--nested .md-nav__toggle:indeterminate~.md-nav__link .md-nav__icon{transform:rotate(90deg)}.md-nav--lifted>.md-nav__list>.md-nav__item,.md-nav--lifted>.md-nav__list>.md-nav__item--nested,.md-nav--lifted>.md-nav__title{display:none}.md-nav--lifted>.md-nav__list>.md-nav__item--active{display:block;padding:0}.md-nav--lifted>.md-nav__list>.md-nav__item--active>.md-nav__link{background:var(--md-default-bg-color);box-shadow:0 0 .4rem .4rem var(--md-default-bg-color);font-weight:700;margin-top:0;padding:0 .6rem;position:-webkit-sticky;position:sticky;top:0;z-index:1}.md-nav--lifted>.md-nav__list>.md-nav__item--active>.md-nav__link:not(.md-nav__link--index){pointer-events:none}.md-nav--lifted>.md-nav__list>.md-nav__item--active>.md-nav__link .md-nav__icon{display:none}.md-nav--lifted .md-nav[data-md-level="1"]{display:block}[dir=ltr] .md-nav--lifted .md-nav[data-md-level="1"]>.md-nav__list>.md-nav__item{padding-right:.6rem}[dir=rtl] .md-nav--lifted .md-nav[data-md-level="1"]>.md-nav__list>.md-nav__item{padding-left:.6rem}.md-nav--integrated>.md-nav__list>.md-nav__item--active:not(.md-nav__item--nested){padding:0 .6rem}.md-nav--integrated>.md-nav__list>.md-nav__item--active:not(.md-nav__item--nested)>.md-nav__link{padding:0}[dir=ltr] .md-nav--integrated>.md-nav__list>.md-nav__item--active .md-nav--secondary{border-left:.05rem solid var(--md-primary-fg-color)}[dir=rtl] .md-nav--integrated>.md-nav__list>.md-nav__item--active .md-nav--secondary{border-right:.05rem solid var(--md-primary-fg-color)}.md-nav--integrated>.md-nav__list>.md-nav__item--active .md-nav--secondary{display:block;margin-bottom:1.25em}.md-nav--integrated>.md-nav__list>.md-nav__item--active .md-nav--secondary>.md-nav__title{display:none}}:root{--md-search-result-icon:url('data:image/svg+xml;charset=utf-8,')}.md-search{position:relative}@media screen and (min-width:60em){.md-search{padding:.2rem 0}}.no-js .md-search{display:none}.md-search__overlay{opacity:0;z-index:1}@media screen and (max-width:59.9375em){[dir=ltr] .md-search__overlay{left:-2.2rem}[dir=rtl] .md-search__overlay{right:-2.2rem}.md-search__overlay{background-color:var(--md-default-bg-color);border-radius:1rem;height:2rem;overflow:hidden;pointer-events:none;position:absolute;top:-1rem;transform-origin:center;transition:transform .3s .1s,opacity .2s .2s;width:2rem}[data-md-toggle=search]:checked~.md-header .md-search__overlay{opacity:1;transition:transform .4s,opacity .1s}}@media screen and (min-width:60em){[dir=ltr] .md-search__overlay{left:0}[dir=rtl] .md-search__overlay{right:0}.md-search__overlay{background-color:rgba(0,0,0,.54);cursor:pointer;height:0;position:fixed;top:0;transition:width 0ms .25s,height 0ms .25s,opacity .25s;width:0}[data-md-toggle=search]:checked~.md-header .md-search__overlay{height:200vh;opacity:1;transition:width 0ms,height 0ms,opacity .25s;width:100%}}@media screen and (max-width:29.9375em){[data-md-toggle=search]:checked~.md-header .md-search__overlay{transform:scale(45)}}@media screen and (min-width:30em) and (max-width:44.9375em){[data-md-toggle=search]:checked~.md-header .md-search__overlay{transform:scale(60)}}@media screen and (min-width:45em) and (max-width:59.9375em){[data-md-toggle=search]:checked~.md-header .md-search__overlay{transform:scale(75)}}.md-search__inner{-webkit-backface-visibility:hidden;backface-visibility:hidden}@media screen and (max-width:59.9375em){[dir=ltr] .md-search__inner{left:0}[dir=rtl] .md-search__inner{right:0}.md-search__inner{height:0;opacity:0;overflow:hidden;position:fixed;top:0;transform:translateX(5%);transition:width 0ms .3s,height 0ms .3s,transform .15s cubic-bezier(.4,0,.2,1) .15s,opacity .15s .15s;width:0;z-index:2}[dir=rtl] .md-search__inner{transform:translateX(-5%)}[data-md-toggle=search]:checked~.md-header .md-search__inner{height:100%;opacity:1;transform:translateX(0);transition:width 0ms 0ms,height 0ms 0ms,transform .15s cubic-bezier(.1,.7,.1,1) .15s,opacity .15s .15s;width:100%}}@media screen and (min-width:60em){[dir=ltr] .md-search__inner{float:right}[dir=rtl] .md-search__inner{float:left}.md-search__inner{padding:.1rem 0;position:relative;transition:width .25s cubic-bezier(.1,.7,.1,1);width:11.7rem}}@media screen and (min-width:60em) and (max-width:76.1875em){[data-md-toggle=search]:checked~.md-header .md-search__inner{width:23.4rem}}@media screen and (min-width:76.25em){[data-md-toggle=search]:checked~.md-header .md-search__inner{width:34.4rem}}.md-search__form{background-color:var(--md-default-bg-color);box-shadow:0 0 .6rem transparent;height:2.4rem;position:relative;transition:color .25s,background-color .25s;z-index:2}@media screen and (min-width:60em){.md-search__form{background-color:rgba(0,0,0,.26);border-radius:.1rem;height:1.8rem}.md-search__form:hover{background-color:hsla(0,0%,100%,.12)}}[data-md-toggle=search]:checked~.md-header .md-search__form{background-color:var(--md-default-bg-color);border-radius:.1rem .1rem 0 0;box-shadow:0 0 .6rem rgba(0,0,0,.07);color:var(--md-default-fg-color)}[dir=ltr] .md-search__input{padding-left:3.6rem;padding-right:2.2rem}[dir=rtl] .md-search__input{padding-left:2.2rem;padding-right:3.6rem}.md-search__input{background:transparent;font-size:.9rem;height:100%;position:relative;text-overflow:ellipsis;width:100%;z-index:2}.md-search__input::-ms-input-placeholder{-ms-transition:color .25s;transition:color .25s}.md-search__input::placeholder{transition:color .25s}.md-search__input::-ms-input-placeholder{color:var(--md-default-fg-color--light)}.md-search__input::placeholder,.md-search__input~.md-search__icon{color:var(--md-default-fg-color--light)}.md-search__input::-ms-clear{display:none}@media screen and (max-width:59.9375em){.md-search__input{font-size:.9rem;height:2.4rem;width:100%}}@media screen and (min-width:60em){[dir=ltr] .md-search__input{padding-left:2.2rem}[dir=rtl] .md-search__input{padding-right:2.2rem}.md-search__input{color:inherit;font-size:.8rem}.md-search__input::-ms-input-placeholder{color:var(--md-primary-bg-color--light)}.md-search__input::placeholder{color:var(--md-primary-bg-color--light)}.md-search__input+.md-search__icon{color:var(--md-primary-bg-color)}[data-md-toggle=search]:checked~.md-header .md-search__input{text-overflow:clip}[data-md-toggle=search]:checked~.md-header .md-search__input::-ms-input-placeholder{color:var(--md-default-fg-color--light)}[data-md-toggle=search]:checked~.md-header .md-search__input+.md-search__icon,[data-md-toggle=search]:checked~.md-header .md-search__input::placeholder{color:var(--md-default-fg-color--light)}}.md-search__icon{cursor:pointer;display:inline-block;height:1.2rem;transition:color .25s,opacity .25s;width:1.2rem}.md-search__icon:hover{opacity:.7}[dir=ltr] .md-search__icon[for=__search]{left:.5rem}[dir=rtl] .md-search__icon[for=__search]{right:.5rem}.md-search__icon[for=__search]{position:absolute;top:.3rem;z-index:2}[dir=rtl] .md-search__icon[for=__search] svg{transform:scaleX(-1)}@media screen and (max-width:59.9375em){[dir=ltr] .md-search__icon[for=__search]{left:.8rem}[dir=rtl] .md-search__icon[for=__search]{right:.8rem}.md-search__icon[for=__search]{top:.6rem}.md-search__icon[for=__search] svg:first-child{display:none}}@media screen and (min-width:60em){.md-search__icon[for=__search]{pointer-events:none}.md-search__icon[for=__search] svg:last-child{display:none}}[dir=ltr] .md-search__options{right:.5rem}[dir=rtl] .md-search__options{left:.5rem}.md-search__options{pointer-events:none;position:absolute;top:.3rem;z-index:2}@media screen and (max-width:59.9375em){[dir=ltr] .md-search__options{right:.8rem}[dir=rtl] .md-search__options{left:.8rem}.md-search__options{top:.6rem}}[dir=ltr] .md-search__options>*{margin-left:.2rem}[dir=rtl] .md-search__options>*{margin-right:.2rem}.md-search__options>*{color:var(--md-default-fg-color--light);opacity:0;transform:scale(.75);transition:transform .15s cubic-bezier(.1,.7,.1,1),opacity .15s}.md-search__options>:not(.focus-visible){-webkit-tap-highlight-color:transparent;outline:none}[data-md-toggle=search]:checked~.md-header .md-search__input:valid~.md-search__options>*{opacity:1;pointer-events:auto;transform:scale(1)}[data-md-toggle=search]:checked~.md-header .md-search__input:valid~.md-search__options>:hover{opacity:.7}[dir=ltr] .md-search__suggest{padding-left:3.6rem;padding-right:2.2rem}[dir=rtl] .md-search__suggest{padding-left:2.2rem;padding-right:3.6rem}.md-search__suggest{align-items:center;color:var(--md-default-fg-color--lighter);display:flex;font-size:.9rem;height:100%;opacity:0;position:absolute;top:0;transition:opacity 50ms;white-space:nowrap;width:100%}@media screen and (min-width:60em){[dir=ltr] .md-search__suggest{padding-left:2.2rem}[dir=rtl] .md-search__suggest{padding-right:2.2rem}.md-search__suggest{font-size:.8rem}}[data-md-toggle=search]:checked~.md-header .md-search__suggest{opacity:1;transition:opacity .3s .1s}[dir=ltr] .md-search__output{border-bottom-left-radius:.1rem}[dir=ltr] .md-search__output,[dir=rtl] .md-search__output{border-bottom-right-radius:.1rem}[dir=rtl] .md-search__output{border-bottom-left-radius:.1rem}.md-search__output{overflow:hidden;position:absolute;width:100%;z-index:1}@media screen and (max-width:59.9375em){.md-search__output{bottom:0;top:2.4rem}}@media screen and (min-width:60em){.md-search__output{opacity:0;top:1.9rem;transition:opacity .4s}[data-md-toggle=search]:checked~.md-header .md-search__output{box-shadow:var(--md-shadow-z3);opacity:1}}.md-search__scrollwrap{-webkit-backface-visibility:hidden;backface-visibility:hidden;background-color:var(--md-default-bg-color);height:100%;overflow-y:auto;touch-action:pan-y}@media (-webkit-max-device-pixel-ratio:1),(max-resolution:1dppx){.md-search__scrollwrap{transform:translateZ(0)}}@media screen and (min-width:60em) and (max-width:76.1875em){.md-search__scrollwrap{width:23.4rem}}@media screen and (min-width:76.25em){.md-search__scrollwrap{width:34.4rem}}@media screen and (min-width:60em){.md-search__scrollwrap{max-height:0;scrollbar-color:var(--md-default-fg-color--lighter) transparent;scrollbar-width:thin}[data-md-toggle=search]:checked~.md-header .md-search__scrollwrap{max-height:75vh}.md-search__scrollwrap:hover{scrollbar-color:var(--md-accent-fg-color) transparent}.md-search__scrollwrap::-webkit-scrollbar{height:.2rem;width:.2rem}.md-search__scrollwrap::-webkit-scrollbar-thumb{background-color:var(--md-default-fg-color--lighter)}.md-search__scrollwrap::-webkit-scrollbar-thumb:hover{background-color:var(--md-accent-fg-color)}}.md-search-result{color:var(--md-default-fg-color);word-break:break-word}.md-search-result__meta{background-color:var(--md-default-fg-color--lightest);color:var(--md-default-fg-color--light);font-size:.64rem;line-height:1.8rem;padding:0 .8rem;scroll-snap-align:start}@media screen and (min-width:60em){[dir=ltr] .md-search-result__meta{padding-left:2.2rem}[dir=rtl] .md-search-result__meta{padding-right:2.2rem}}.md-search-result__list{list-style:none;margin:0;padding:0;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.md-search-result__item{box-shadow:0 -.05rem var(--md-default-fg-color--lightest)}.md-search-result__item:first-child{box-shadow:none}.md-search-result__link{display:block;outline:none;scroll-snap-align:start;transition:background-color .25s}.md-search-result__link:-webkit-any(:focus,:hover){background-color:var(--md-accent-fg-color--transparent)}.md-search-result__link:-moz-any(:focus,:hover){background-color:var(--md-accent-fg-color--transparent)}.md-search-result__link:is(:focus,:hover){background-color:var(--md-accent-fg-color--transparent)}.md-search-result__link:last-child p:last-child{margin-bottom:.6rem}.md-search-result__more summary{color:var(--md-typeset-a-color);cursor:pointer;display:block;font-size:.64rem;outline:none;padding:.75em .8rem;scroll-snap-align:start;transition:color .25s,background-color .25s}@media screen and (min-width:60em){[dir=ltr] .md-search-result__more summary{padding-left:2.2rem}[dir=rtl] .md-search-result__more summary{padding-right:2.2rem}}.md-search-result__more summary:-webkit-any(:focus,:hover){background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-search-result__more summary:-moz-any(:focus,:hover){background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-search-result__more summary:is(:focus,:hover){background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-search-result__more summary::marker{display:none}.md-search-result__more summary::-webkit-details-marker{display:none}.md-search-result__more summary~*>*{opacity:.65}.md-search-result__article{overflow:hidden;padding:0 .8rem;position:relative}@media screen and (min-width:60em){[dir=ltr] .md-search-result__article{padding-left:2.2rem}[dir=rtl] .md-search-result__article{padding-right:2.2rem}}.md-search-result__article--document .md-search-result__title{font-size:.8rem;font-weight:400;line-height:1.4;margin:.55rem 0}[dir=ltr] .md-search-result__icon{left:0}[dir=rtl] .md-search-result__icon{right:0}.md-search-result__icon{color:var(--md-default-fg-color--light);height:1.2rem;margin:.5rem;position:absolute;width:1.2rem}@media screen and (max-width:59.9375em){.md-search-result__icon{display:none}}.md-search-result__icon:after{background-color:currentcolor;content:"";display:inline-block;height:100%;-webkit-mask-image:var(--md-search-result-icon);mask-image:var(--md-search-result-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:100%}[dir=rtl] .md-search-result__icon:after{transform:scaleX(-1)}.md-search-result__title{font-size:.64rem;font-weight:700;line-height:1.6;margin:.5em 0}.md-search-result__teaser{-webkit-box-orient:vertical;-webkit-line-clamp:2;color:var(--md-default-fg-color--light);display:-webkit-box;font-size:.64rem;line-height:1.6;margin:.5em 0;max-height:2rem;overflow:hidden;text-overflow:ellipsis}@media screen and (max-width:44.9375em){.md-search-result__teaser{-webkit-line-clamp:3;max-height:3rem}}@media screen and (min-width:60em) and (max-width:76.1875em){.md-search-result__teaser{-webkit-line-clamp:3;max-height:3rem}}.md-search-result__teaser mark{background-color:initial;text-decoration:underline}.md-search-result__terms{font-size:.64rem;font-style:italic;margin:.5em 0}.md-search-result mark{background-color:initial;color:var(--md-accent-fg-color)}.md-select{position:relative;z-index:1}.md-select__inner{background-color:var(--md-default-bg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z2);color:var(--md-default-fg-color);left:50%;margin-top:.2rem;max-height:0;opacity:0;position:absolute;top:calc(100% - .2rem);transform:translate3d(-50%,.3rem,0);transition:transform .25s 375ms,opacity .25s .25s,max-height 0ms .5s}.md-select:-webkit-any(:focus-within,:hover) .md-select__inner{max-height:10rem;opacity:1;transform:translate3d(-50%,0,0);-webkit-transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,max-height 0ms;transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,max-height 0ms}.md-select:-moz-any(:focus-within,:hover) .md-select__inner{max-height:10rem;opacity:1;transform:translate3d(-50%,0,0);-moz-transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,max-height 0ms;transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,max-height 0ms}.md-select:is(:focus-within,:hover) .md-select__inner{max-height:10rem;opacity:1;transform:translate3d(-50%,0,0);transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,max-height 0ms}.md-select__inner:after{border-bottom:.2rem solid transparent;border-bottom-color:var(--md-default-bg-color);border-left:.2rem solid transparent;border-right:.2rem solid transparent;border-top:0;content:"";height:0;left:50%;margin-left:-.2rem;margin-top:-.2rem;position:absolute;top:0;width:0}.md-select__list{border-radius:.1rem;font-size:.8rem;list-style-type:none;margin:0;max-height:inherit;overflow:auto;padding:0}.md-select__item{line-height:1.8rem}[dir=ltr] .md-select__link{padding-left:.6rem;padding-right:1.2rem}[dir=rtl] .md-select__link{padding-left:1.2rem;padding-right:.6rem}.md-select__link{cursor:pointer;display:block;outline:none;scroll-snap-align:start;transition:background-color .25s,color .25s;width:100%}.md-select__link:-webkit-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-select__link:-moz-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-select__link:is(:focus,:hover){color:var(--md-accent-fg-color)}.md-select__link:focus{background-color:var(--md-default-fg-color--lightest)}.md-sidebar{align-self:flex-start;flex-shrink:0;padding:1.2rem 0;position:-webkit-sticky;position:sticky;top:2.4rem;width:12.1rem}@media print{.md-sidebar{display:none}}@media screen and (max-width:76.1875em){[dir=ltr] .md-sidebar--primary{left:-12.1rem}[dir=rtl] .md-sidebar--primary{right:-12.1rem}.md-sidebar--primary{background-color:var(--md-default-bg-color);display:block;height:100%;position:fixed;top:0;transform:translateX(0);transition:transform .25s cubic-bezier(.4,0,.2,1),box-shadow .25s;width:12.1rem;z-index:5}[data-md-toggle=drawer]:checked~.md-container .md-sidebar--primary{box-shadow:var(--md-shadow-z3);transform:translateX(12.1rem)}[dir=rtl] [data-md-toggle=drawer]:checked~.md-container .md-sidebar--primary{transform:translateX(-12.1rem)}.md-sidebar--primary .md-sidebar__scrollwrap{bottom:0;left:0;margin:0;overflow:hidden;position:absolute;right:0;-ms-scroll-snap-type:none;scroll-snap-type:none;top:0}}@media screen and (min-width:76.25em){.md-sidebar{height:0}.no-js .md-sidebar{height:auto}.md-header--lifted~.md-container .md-sidebar{top:4.8rem}}.md-sidebar--secondary{display:none;order:2}@media screen and (min-width:60em){.md-sidebar--secondary{height:0}.no-js .md-sidebar--secondary{height:auto}.md-sidebar--secondary:not([hidden]){display:block}.md-sidebar--secondary .md-sidebar__scrollwrap{touch-action:pan-y}}.md-sidebar__scrollwrap{scrollbar-gutter:stable;-webkit-backface-visibility:hidden;backface-visibility:hidden;margin:0 .2rem;overflow-y:auto;scrollbar-color:var(--md-default-fg-color--lighter) transparent;scrollbar-width:thin}.md-sidebar__scrollwrap:hover{scrollbar-color:var(--md-accent-fg-color) transparent}.md-sidebar__scrollwrap::-webkit-scrollbar{height:.2rem;width:.2rem}.md-sidebar__scrollwrap::-webkit-scrollbar-thumb{background-color:var(--md-default-fg-color--lighter)}.md-sidebar__scrollwrap::-webkit-scrollbar-thumb:hover{background-color:var(--md-accent-fg-color)}@supports selector(::-webkit-scrollbar){.md-sidebar__scrollwrap{scrollbar-gutter:auto}[dir=ltr] .md-sidebar__inner{padding-right:calc(100% - 11.5rem)}[dir=rtl] .md-sidebar__inner{padding-left:calc(100% - 11.5rem)}}@media screen and (max-width:76.1875em){.md-overlay{background-color:rgba(0,0,0,.54);height:0;opacity:0;position:fixed;top:0;transition:width 0ms .25s,height 0ms .25s,opacity .25s;width:0;z-index:5}[data-md-toggle=drawer]:checked~.md-overlay{height:100%;opacity:1;transition:width 0ms,height 0ms,opacity .25s;width:100%}}@keyframes facts{0%{height:0}to{height:.65rem}}@keyframes fact{0%{opacity:0;transform:translateY(100%)}50%{opacity:0}to{opacity:1;transform:translateY(0)}}:root{--md-source-forks-icon:url('data:image/svg+xml;charset=utf-8,');--md-source-repositories-icon:url('data:image/svg+xml;charset=utf-8,');--md-source-stars-icon:url('data:image/svg+xml;charset=utf-8,');--md-source-version-icon:url('data:image/svg+xml;charset=utf-8,')}.md-source{-webkit-backface-visibility:hidden;backface-visibility:hidden;display:block;font-size:.65rem;line-height:1.2;outline-color:var(--md-accent-fg-color);transition:opacity .25s;white-space:nowrap}.md-source:hover{opacity:.7}.md-source__icon{display:inline-block;height:2.4rem;vertical-align:middle;width:2rem}[dir=ltr] .md-source__icon svg{margin-left:.6rem}[dir=rtl] .md-source__icon svg{margin-right:.6rem}.md-source__icon svg{margin-top:.6rem}[dir=ltr] .md-source__icon+.md-source__repository{margin-left:-2rem}[dir=rtl] .md-source__icon+.md-source__repository{margin-right:-2rem}[dir=ltr] .md-source__icon+.md-source__repository{padding-left:2rem}[dir=rtl] .md-source__icon+.md-source__repository{padding-right:2rem}[dir=ltr] .md-source__repository{margin-left:.6rem}[dir=rtl] .md-source__repository{margin-right:.6rem}.md-source__repository{display:inline-block;max-width:calc(100% - 1.2rem);overflow:hidden;text-overflow:ellipsis;vertical-align:middle}.md-source__facts{display:flex;font-size:.55rem;gap:.4rem;list-style-type:none;margin:.1rem 0 0;opacity:.75;overflow:hidden;padding:0;width:100%}.md-source__repository--active .md-source__facts{animation:facts .25s ease-in}.md-source__fact{overflow:hidden;text-overflow:ellipsis}.md-source__repository--active .md-source__fact{animation:fact .4s ease-out}[dir=ltr] .md-source__fact:before{margin-right:.1rem}[dir=rtl] .md-source__fact:before{margin-left:.1rem}.md-source__fact:before{background-color:currentcolor;content:"";display:inline-block;height:.6rem;-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;vertical-align:text-top;width:.6rem}.md-source__fact:nth-child(1n+2){flex-shrink:0}.md-source__fact--version:before{-webkit-mask-image:var(--md-source-version-icon);mask-image:var(--md-source-version-icon)}.md-source__fact--stars:before{-webkit-mask-image:var(--md-source-stars-icon);mask-image:var(--md-source-stars-icon)}.md-source__fact--forks:before{-webkit-mask-image:var(--md-source-forks-icon);mask-image:var(--md-source-forks-icon)}.md-source__fact--repositories:before{-webkit-mask-image:var(--md-source-repositories-icon);mask-image:var(--md-source-repositories-icon)}.md-tabs{background-color:var(--md-primary-fg-color);color:var(--md-primary-bg-color);display:block;line-height:1.3;overflow:auto;width:100%;z-index:3}@media print{.md-tabs{display:none}}@media screen and (max-width:76.1875em){.md-tabs{display:none}}.md-tabs[hidden]{pointer-events:none}[dir=ltr] .md-tabs__list{margin-left:.2rem}[dir=rtl] .md-tabs__list{margin-right:.2rem}.md-tabs__list{contain:content;list-style:none;margin:0;padding:0;white-space:nowrap}.md-tabs__item{display:inline-block;height:2.4rem;padding-left:.6rem;padding-right:.6rem}.md-tabs__link{-webkit-backface-visibility:hidden;backface-visibility:hidden;display:block;font-size:.7rem;margin-top:.8rem;opacity:.7;outline-color:var(--md-accent-fg-color);outline-offset:.2rem;transition:transform .4s cubic-bezier(.1,.7,.1,1),opacity .25s}.md-tabs__link--active,.md-tabs__link:-webkit-any(:focus,:hover){color:inherit;opacity:1}.md-tabs__link--active,.md-tabs__link:-moz-any(:focus,:hover){color:inherit;opacity:1}.md-tabs__link--active,.md-tabs__link:is(:focus,:hover){color:inherit;opacity:1}.md-tabs__item:nth-child(2) .md-tabs__link{transition-delay:20ms}.md-tabs__item:nth-child(3) .md-tabs__link{transition-delay:40ms}.md-tabs__item:nth-child(4) .md-tabs__link{transition-delay:60ms}.md-tabs__item:nth-child(5) .md-tabs__link{transition-delay:80ms}.md-tabs__item:nth-child(6) .md-tabs__link{transition-delay:.1s}.md-tabs__item:nth-child(7) .md-tabs__link{transition-delay:.12s}.md-tabs__item:nth-child(8) .md-tabs__link{transition-delay:.14s}.md-tabs__item:nth-child(9) .md-tabs__link{transition-delay:.16s}.md-tabs__item:nth-child(10) .md-tabs__link{transition-delay:.18s}.md-tabs__item:nth-child(11) .md-tabs__link{transition-delay:.2s}.md-tabs__item:nth-child(12) .md-tabs__link{transition-delay:.22s}.md-tabs__item:nth-child(13) .md-tabs__link{transition-delay:.24s}.md-tabs__item:nth-child(14) .md-tabs__link{transition-delay:.26s}.md-tabs__item:nth-child(15) .md-tabs__link{transition-delay:.28s}.md-tabs__item:nth-child(16) .md-tabs__link{transition-delay:.3s}.md-tabs[hidden] .md-tabs__link{opacity:0;transform:translateY(50%);transition:transform 0ms .1s,opacity .1s}:root{--md-tag-icon:url('data:image/svg+xml;charset=utf-8,')}.md-typeset .md-tags{margin-bottom:.75em;margin-top:-.125em}[dir=ltr] .md-typeset .md-tag{margin-right:.5em}[dir=rtl] .md-typeset .md-tag{margin-left:.5em}.md-typeset .md-tag{background:var(--md-default-fg-color--lightest);border-radius:2.4rem;display:inline-block;font-size:.64rem;font-weight:700;letter-spacing:normal;line-height:1.6;margin-bottom:.5em;padding:.3125em .9375em;vertical-align:middle}.md-typeset .md-tag[href]{-webkit-tap-highlight-color:transparent;color:inherit;outline:none;transition:color 125ms,background-color 125ms}.md-typeset .md-tag[href]:focus,.md-typeset .md-tag[href]:hover{background-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}[id]>.md-typeset .md-tag{vertical-align:text-top}.md-typeset .md-tag-icon:before{background-color:var(--md-default-fg-color--lighter);content:"";display:inline-block;height:1.2em;margin-right:.4em;-webkit-mask-image:var(--md-tag-icon);mask-image:var(--md-tag-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;transition:background-color 125ms;vertical-align:text-bottom;width:1.2em}.md-typeset .md-tag-icon:-webkit-any(a:focus,a:hover):before{background-color:var(--md-accent-bg-color)}.md-typeset .md-tag-icon:-moz-any(a:focus,a:hover):before{background-color:var(--md-accent-bg-color)}.md-typeset .md-tag-icon:is(a:focus,a:hover):before{background-color:var(--md-accent-bg-color)}@keyframes pulse{0%{box-shadow:0 0 0 0 var(--md-default-fg-color--lightest);transform:scale(.95)}75%{box-shadow:0 0 0 .625em transparent;transform:scale(1)}to{box-shadow:0 0 0 0 transparent;transform:scale(.95)}}:root{--md-tooltip-width:20rem}.md-tooltip{-webkit-backface-visibility:hidden;backface-visibility:hidden;background-color:var(--md-default-bg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z2);color:var(--md-default-fg-color);font-family:var(--md-text-font-family);left:clamp(var(--md-tooltip-0,0rem) + .8rem,var(--md-tooltip-x),100vw + var(--md-tooltip-0,0rem) + .8rem - var(--md-tooltip-width) - 2 * .8rem);max-width:calc(100vw - 1.6rem);opacity:0;position:absolute;top:var(--md-tooltip-y);transform:translateY(-.4rem);transition:transform 0ms .25s,opacity .25s,z-index .25s;width:var(--md-tooltip-width);z-index:0}.md-tooltip--active{opacity:1;transform:translateY(0);transition:transform .25s cubic-bezier(.1,.7,.1,1),opacity .25s,z-index 0ms;z-index:2}:-webkit-any(.focus-visible>.md-tooltip,.md-tooltip:target){outline:var(--md-accent-fg-color) auto}:-moz-any(.focus-visible>.md-tooltip,.md-tooltip:target){outline:var(--md-accent-fg-color) auto}:is(.focus-visible>.md-tooltip,.md-tooltip:target){outline:var(--md-accent-fg-color) auto}.md-tooltip__inner{font-size:.64rem;padding:.8rem}.md-tooltip__inner.md-typeset>:first-child{margin-top:0}.md-tooltip__inner.md-typeset>:last-child{margin-bottom:0}.md-annotation{font-weight:400;outline:none;white-space:normal}[dir=rtl] .md-annotation{direction:rtl}.md-annotation:not([hidden]){display:inline-block;line-height:1.325}.md-annotation__index{cursor:pointer;font-family:var(--md-code-font-family);font-size:.85em;margin:0 1ch;outline:none;position:relative;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;z-index:0}.md-annotation .md-annotation__index{color:#fff;transition:z-index .25s}.md-annotation .md-annotation__index:-webkit-any(:focus,:hover){color:#fff}.md-annotation .md-annotation__index:-moz-any(:focus,:hover){color:#fff}.md-annotation .md-annotation__index:is(:focus,:hover){color:#fff}.md-annotation__index:after{background-color:var(--md-default-fg-color--lighter);border-radius:2ch;content:"";height:2.2ch;left:-.125em;margin:0 -.4ch;padding:0 .4ch;position:absolute;top:0;transition:color .25s,background-color .25s;width:calc(100% + 1.2ch);width:max(2.2ch,100% + 1.2ch);z-index:-1}@media not all and (prefers-reduced-motion){[data-md-visible]>.md-annotation__index:after{animation:pulse 2s infinite}}.md-tooltip--active+.md-annotation__index:after{animation:none;transition:color .25s,background-color .25s}code .md-annotation__index{font-family:var(--md-code-font-family);font-size:inherit}:-webkit-any(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index){color:var(--md-accent-bg-color)}:-moz-any(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index){color:var(--md-accent-bg-color)}:is(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index){color:var(--md-accent-bg-color)}:-webkit-any(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index):after{background-color:var(--md-accent-fg-color)}:-moz-any(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index):after{background-color:var(--md-accent-fg-color)}:is(.md-tooltip--active+.md-annotation__index,:hover>.md-annotation__index):after{background-color:var(--md-accent-fg-color)}.md-tooltip--active+.md-annotation__index{animation:none;transition:none;z-index:2}.md-annotation__index [data-md-annotation-id]{display:inline-block;line-height:90%}.md-annotation__index [data-md-annotation-id]:before{content:attr(data-md-annotation-id);display:inline-block;padding-bottom:.1em;transform:scale(1.15);transition:transform .4s cubic-bezier(.1,.7,.1,1);vertical-align:.065em}@media not print{.md-annotation__index [data-md-annotation-id]:before{content:"+"}:focus-within>.md-annotation__index [data-md-annotation-id]:before{transform:scale(1.25) rotate(45deg)}}[dir=ltr] .md-top{margin-left:50%}[dir=rtl] .md-top{margin-right:50%}.md-top{background-color:var(--md-default-bg-color);border-radius:1.6rem;box-shadow:var(--md-shadow-z2);color:var(--md-default-fg-color--light);display:block;font-size:.7rem;outline:none;padding:.4rem .8rem;position:fixed;top:3.2rem;transform:translate(-50%);transition:color 125ms,background-color 125ms,transform 125ms cubic-bezier(.4,0,.2,1),opacity 125ms;z-index:2}@media print{.md-top{display:none}}[dir=rtl] .md-top{transform:translate(50%)}.md-top[hidden]{opacity:0;pointer-events:none;transform:translate(-50%,.2rem);transition-duration:0ms}[dir=rtl] .md-top[hidden]{transform:translate(50%,.2rem)}.md-top:-webkit-any(:focus,:hover){background-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}.md-top:-moz-any(:focus,:hover){background-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}.md-top:is(:focus,:hover){background-color:var(--md-accent-fg-color);color:var(--md-accent-bg-color)}.md-top svg{display:inline-block;vertical-align:-.5em}@keyframes hoverfix{0%{pointer-events:none}}:root{--md-version-icon:url('data:image/svg+xml;charset=utf-8,')}.md-version{flex-shrink:0;font-size:.8rem;height:2.4rem}[dir=ltr] .md-version__current{margin-left:1.4rem;margin-right:.4rem}[dir=rtl] .md-version__current{margin-left:.4rem;margin-right:1.4rem}.md-version__current{color:inherit;cursor:pointer;outline:none;position:relative;top:.05rem}[dir=ltr] .md-version__current:after{margin-left:.4rem}[dir=rtl] .md-version__current:after{margin-right:.4rem}.md-version__current:after{background-color:currentcolor;content:"";display:inline-block;height:.6rem;-webkit-mask-image:var(--md-version-icon);mask-image:var(--md-version-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:.4rem}.md-version__list{background-color:var(--md-default-bg-color);border-radius:.1rem;box-shadow:var(--md-shadow-z2);color:var(--md-default-fg-color);list-style-type:none;margin:.2rem .8rem;max-height:0;opacity:0;overflow:auto;padding:0;position:absolute;-ms-scroll-snap-type:y mandatory;scroll-snap-type:y mandatory;top:.15rem;transition:max-height 0ms .5s,opacity .25s .25s;z-index:3}.md-version:-webkit-any(:focus-within,:hover) .md-version__list{max-height:10rem;opacity:1;-webkit-transition:max-height 0ms,opacity .25s;transition:max-height 0ms,opacity .25s}.md-version:-moz-any(:focus-within,:hover) .md-version__list{max-height:10rem;opacity:1;-moz-transition:max-height 0ms,opacity .25s;transition:max-height 0ms,opacity .25s}.md-version:is(:focus-within,:hover) .md-version__list{max-height:10rem;opacity:1;transition:max-height 0ms,opacity .25s}@media (pointer:coarse){.md-version:hover .md-version__list{animation:hoverfix .25s forwards}.md-version:focus-within .md-version__list{animation:none}}.md-version__item{line-height:1.8rem}[dir=ltr] .md-version__link{padding-left:.6rem;padding-right:1.2rem}[dir=rtl] .md-version__link{padding-left:1.2rem;padding-right:.6rem}.md-version__link{cursor:pointer;display:block;outline:none;scroll-snap-align:start;transition:color .25s,background-color .25s;white-space:nowrap;width:100%}.md-version__link:-webkit-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-version__link:-moz-any(:focus,:hover){color:var(--md-accent-fg-color)}.md-version__link:is(:focus,:hover){color:var(--md-accent-fg-color)}.md-version__link:focus{background-color:var(--md-default-fg-color--lightest)}:root{--md-admonition-icon--note:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--abstract:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--info:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--tip:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--success:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--question:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--warning:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--failure:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--danger:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--bug:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--example:url('data:image/svg+xml;charset=utf-8,');--md-admonition-icon--quote:url('data:image/svg+xml;charset=utf-8,')}.md-typeset .admonition,.md-typeset details{background-color:var(--md-admonition-bg-color);border:.05rem solid #448aff;border-radius:.2rem;box-shadow:var(--md-shadow-z1);color:var(--md-admonition-fg-color);display:flow-root;font-size:.64rem;margin:1.5625em 0;padding:0 .6rem;page-break-inside:avoid}@media print{.md-typeset .admonition,.md-typeset details{box-shadow:none}}.md-typeset .admonition>*,.md-typeset details>*{box-sizing:border-box}.md-typeset .admonition :-webkit-any(.admonition,details),.md-typeset details :-webkit-any(.admonition,details){margin-bottom:1em;margin-top:1em}.md-typeset .admonition :-moz-any(.admonition,details),.md-typeset details :-moz-any(.admonition,details){margin-bottom:1em;margin-top:1em}.md-typeset .admonition :is(.admonition,details),.md-typeset details :is(.admonition,details){margin-bottom:1em;margin-top:1em}.md-typeset .admonition .md-typeset__scrollwrap,.md-typeset details .md-typeset__scrollwrap{margin:1em -.6rem}.md-typeset .admonition .md-typeset__table,.md-typeset details .md-typeset__table{padding:0 .6rem}.md-typeset .admonition>.tabbed-set:only-child,.md-typeset details>.tabbed-set:only-child{margin-top:0}html .md-typeset .admonition>:last-child,html .md-typeset details>:last-child{margin-bottom:.6rem}[dir=ltr] .md-typeset .admonition-title,[dir=ltr] .md-typeset summary{padding-left:2rem;padding-right:.6rem}[dir=rtl] .md-typeset .admonition-title,[dir=rtl] .md-typeset summary{padding-left:.6rem;padding-right:2rem}[dir=ltr] .md-typeset .admonition-title,[dir=ltr] .md-typeset summary{border-left-width:.2rem}[dir=rtl] .md-typeset .admonition-title,[dir=rtl] .md-typeset summary{border-right-width:.2rem}[dir=ltr] .md-typeset .admonition-title,[dir=ltr] .md-typeset summary{border-top-left-radius:.1rem}[dir=ltr] .md-typeset .admonition-title,[dir=ltr] .md-typeset summary,[dir=rtl] .md-typeset .admonition-title,[dir=rtl] .md-typeset summary{border-top-right-radius:.1rem}[dir=rtl] .md-typeset .admonition-title,[dir=rtl] .md-typeset summary{border-top-left-radius:.1rem}.md-typeset .admonition-title,.md-typeset summary{background-color:rgba(68,138,255,.1);border:none;font-weight:700;margin:0 -.6rem;padding-bottom:.4rem;padding-top:.4rem;position:relative}html .md-typeset .admonition-title:last-child,html .md-typeset summary:last-child{margin-bottom:0}[dir=ltr] .md-typeset .admonition-title:before,[dir=ltr] .md-typeset summary:before{left:.6rem}[dir=rtl] .md-typeset .admonition-title:before,[dir=rtl] .md-typeset summary:before{right:.6rem}.md-typeset .admonition-title:before,.md-typeset summary:before{background-color:#448aff;content:"";height:1rem;-webkit-mask-image:var(--md-admonition-icon--note);mask-image:var(--md-admonition-icon--note);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;position:absolute;top:.625em;width:1rem}.md-typeset .admonition-title code,.md-typeset summary code{box-shadow:0 0 0 .05rem var(--md-default-fg-color--lightest)}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.note){border-color:#448aff}.md-typeset :-moz-any(.admonition,details):-moz-any(.note){border-color:#448aff}.md-typeset :is(.admonition,details):is(.note){border-color:#448aff}.md-typeset :-webkit-any(.note)>:-webkit-any(.admonition-title,summary){background-color:rgba(68,138,255,.1)}.md-typeset :-moz-any(.note)>:-moz-any(.admonition-title,summary){background-color:rgba(68,138,255,.1)}.md-typeset :is(.note)>:is(.admonition-title,summary){background-color:rgba(68,138,255,.1)}.md-typeset :-webkit-any(.note)>:-webkit-any(.admonition-title,summary):before{background-color:#448aff;-webkit-mask-image:var(--md-admonition-icon--note);mask-image:var(--md-admonition-icon--note)}.md-typeset :-moz-any(.note)>:-moz-any(.admonition-title,summary):before{background-color:#448aff;mask-image:var(--md-admonition-icon--note)}.md-typeset :is(.note)>:is(.admonition-title,summary):before{background-color:#448aff;-webkit-mask-image:var(--md-admonition-icon--note);mask-image:var(--md-admonition-icon--note)}.md-typeset :-webkit-any(.note)>:-webkit-any(.admonition-title,summary):after{color:#448aff}.md-typeset :-moz-any(.note)>:-moz-any(.admonition-title,summary):after{color:#448aff}.md-typeset :is(.note)>:is(.admonition-title,summary):after{color:#448aff}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.abstract,.summary,.tldr){border-color:#00b0ff}.md-typeset :-moz-any(.admonition,details):-moz-any(.abstract,.summary,.tldr){border-color:#00b0ff}.md-typeset :is(.admonition,details):is(.abstract,.summary,.tldr){border-color:#00b0ff}.md-typeset :-webkit-any(.abstract,.summary,.tldr)>:-webkit-any(.admonition-title,summary){background-color:rgba(0,176,255,.1)}.md-typeset :-moz-any(.abstract,.summary,.tldr)>:-moz-any(.admonition-title,summary){background-color:rgba(0,176,255,.1)}.md-typeset :is(.abstract,.summary,.tldr)>:is(.admonition-title,summary){background-color:rgba(0,176,255,.1)}.md-typeset :-webkit-any(.abstract,.summary,.tldr)>:-webkit-any(.admonition-title,summary):before{background-color:#00b0ff;-webkit-mask-image:var(--md-admonition-icon--abstract);mask-image:var(--md-admonition-icon--abstract)}.md-typeset :-moz-any(.abstract,.summary,.tldr)>:-moz-any(.admonition-title,summary):before{background-color:#00b0ff;mask-image:var(--md-admonition-icon--abstract)}.md-typeset :is(.abstract,.summary,.tldr)>:is(.admonition-title,summary):before{background-color:#00b0ff;-webkit-mask-image:var(--md-admonition-icon--abstract);mask-image:var(--md-admonition-icon--abstract)}.md-typeset :-webkit-any(.abstract,.summary,.tldr)>:-webkit-any(.admonition-title,summary):after{color:#00b0ff}.md-typeset :-moz-any(.abstract,.summary,.tldr)>:-moz-any(.admonition-title,summary):after{color:#00b0ff}.md-typeset :is(.abstract,.summary,.tldr)>:is(.admonition-title,summary):after{color:#00b0ff}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.info,.todo){border-color:#00b8d4}.md-typeset :-moz-any(.admonition,details):-moz-any(.info,.todo){border-color:#00b8d4}.md-typeset :is(.admonition,details):is(.info,.todo){border-color:#00b8d4}.md-typeset :-webkit-any(.info,.todo)>:-webkit-any(.admonition-title,summary){background-color:rgba(0,184,212,.1)}.md-typeset :-moz-any(.info,.todo)>:-moz-any(.admonition-title,summary){background-color:rgba(0,184,212,.1)}.md-typeset :is(.info,.todo)>:is(.admonition-title,summary){background-color:rgba(0,184,212,.1)}.md-typeset :-webkit-any(.info,.todo)>:-webkit-any(.admonition-title,summary):before{background-color:#00b8d4;-webkit-mask-image:var(--md-admonition-icon--info);mask-image:var(--md-admonition-icon--info)}.md-typeset :-moz-any(.info,.todo)>:-moz-any(.admonition-title,summary):before{background-color:#00b8d4;mask-image:var(--md-admonition-icon--info)}.md-typeset :is(.info,.todo)>:is(.admonition-title,summary):before{background-color:#00b8d4;-webkit-mask-image:var(--md-admonition-icon--info);mask-image:var(--md-admonition-icon--info)}.md-typeset :-webkit-any(.info,.todo)>:-webkit-any(.admonition-title,summary):after{color:#00b8d4}.md-typeset :-moz-any(.info,.todo)>:-moz-any(.admonition-title,summary):after{color:#00b8d4}.md-typeset :is(.info,.todo)>:is(.admonition-title,summary):after{color:#00b8d4}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.tip,.hint,.important){border-color:#00bfa5}.md-typeset :-moz-any(.admonition,details):-moz-any(.tip,.hint,.important){border-color:#00bfa5}.md-typeset :is(.admonition,details):is(.tip,.hint,.important){border-color:#00bfa5}.md-typeset :-webkit-any(.tip,.hint,.important)>:-webkit-any(.admonition-title,summary){background-color:rgba(0,191,165,.1)}.md-typeset :-moz-any(.tip,.hint,.important)>:-moz-any(.admonition-title,summary){background-color:rgba(0,191,165,.1)}.md-typeset :is(.tip,.hint,.important)>:is(.admonition-title,summary){background-color:rgba(0,191,165,.1)}.md-typeset :-webkit-any(.tip,.hint,.important)>:-webkit-any(.admonition-title,summary):before{background-color:#00bfa5;-webkit-mask-image:var(--md-admonition-icon--tip);mask-image:var(--md-admonition-icon--tip)}.md-typeset :-moz-any(.tip,.hint,.important)>:-moz-any(.admonition-title,summary):before{background-color:#00bfa5;mask-image:var(--md-admonition-icon--tip)}.md-typeset :is(.tip,.hint,.important)>:is(.admonition-title,summary):before{background-color:#00bfa5;-webkit-mask-image:var(--md-admonition-icon--tip);mask-image:var(--md-admonition-icon--tip)}.md-typeset :-webkit-any(.tip,.hint,.important)>:-webkit-any(.admonition-title,summary):after{color:#00bfa5}.md-typeset :-moz-any(.tip,.hint,.important)>:-moz-any(.admonition-title,summary):after{color:#00bfa5}.md-typeset :is(.tip,.hint,.important)>:is(.admonition-title,summary):after{color:#00bfa5}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.success,.check,.done){border-color:#00c853}.md-typeset :-moz-any(.admonition,details):-moz-any(.success,.check,.done){border-color:#00c853}.md-typeset :is(.admonition,details):is(.success,.check,.done){border-color:#00c853}.md-typeset :-webkit-any(.success,.check,.done)>:-webkit-any(.admonition-title,summary){background-color:rgba(0,200,83,.1)}.md-typeset :-moz-any(.success,.check,.done)>:-moz-any(.admonition-title,summary){background-color:rgba(0,200,83,.1)}.md-typeset :is(.success,.check,.done)>:is(.admonition-title,summary){background-color:rgba(0,200,83,.1)}.md-typeset :-webkit-any(.success,.check,.done)>:-webkit-any(.admonition-title,summary):before{background-color:#00c853;-webkit-mask-image:var(--md-admonition-icon--success);mask-image:var(--md-admonition-icon--success)}.md-typeset :-moz-any(.success,.check,.done)>:-moz-any(.admonition-title,summary):before{background-color:#00c853;mask-image:var(--md-admonition-icon--success)}.md-typeset :is(.success,.check,.done)>:is(.admonition-title,summary):before{background-color:#00c853;-webkit-mask-image:var(--md-admonition-icon--success);mask-image:var(--md-admonition-icon--success)}.md-typeset :-webkit-any(.success,.check,.done)>:-webkit-any(.admonition-title,summary):after{color:#00c853}.md-typeset :-moz-any(.success,.check,.done)>:-moz-any(.admonition-title,summary):after{color:#00c853}.md-typeset :is(.success,.check,.done)>:is(.admonition-title,summary):after{color:#00c853}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.question,.help,.faq){border-color:#64dd17}.md-typeset :-moz-any(.admonition,details):-moz-any(.question,.help,.faq){border-color:#64dd17}.md-typeset :is(.admonition,details):is(.question,.help,.faq){border-color:#64dd17}.md-typeset :-webkit-any(.question,.help,.faq)>:-webkit-any(.admonition-title,summary){background-color:rgba(100,221,23,.1)}.md-typeset :-moz-any(.question,.help,.faq)>:-moz-any(.admonition-title,summary){background-color:rgba(100,221,23,.1)}.md-typeset :is(.question,.help,.faq)>:is(.admonition-title,summary){background-color:rgba(100,221,23,.1)}.md-typeset :-webkit-any(.question,.help,.faq)>:-webkit-any(.admonition-title,summary):before{background-color:#64dd17;-webkit-mask-image:var(--md-admonition-icon--question);mask-image:var(--md-admonition-icon--question)}.md-typeset :-moz-any(.question,.help,.faq)>:-moz-any(.admonition-title,summary):before{background-color:#64dd17;mask-image:var(--md-admonition-icon--question)}.md-typeset :is(.question,.help,.faq)>:is(.admonition-title,summary):before{background-color:#64dd17;-webkit-mask-image:var(--md-admonition-icon--question);mask-image:var(--md-admonition-icon--question)}.md-typeset :-webkit-any(.question,.help,.faq)>:-webkit-any(.admonition-title,summary):after{color:#64dd17}.md-typeset :-moz-any(.question,.help,.faq)>:-moz-any(.admonition-title,summary):after{color:#64dd17}.md-typeset :is(.question,.help,.faq)>:is(.admonition-title,summary):after{color:#64dd17}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.warning,.caution,.attention){border-color:#ff9100}.md-typeset :-moz-any(.admonition,details):-moz-any(.warning,.caution,.attention){border-color:#ff9100}.md-typeset :is(.admonition,details):is(.warning,.caution,.attention){border-color:#ff9100}.md-typeset :-webkit-any(.warning,.caution,.attention)>:-webkit-any(.admonition-title,summary){background-color:rgba(255,145,0,.1)}.md-typeset :-moz-any(.warning,.caution,.attention)>:-moz-any(.admonition-title,summary){background-color:rgba(255,145,0,.1)}.md-typeset :is(.warning,.caution,.attention)>:is(.admonition-title,summary){background-color:rgba(255,145,0,.1)}.md-typeset :-webkit-any(.warning,.caution,.attention)>:-webkit-any(.admonition-title,summary):before{background-color:#ff9100;-webkit-mask-image:var(--md-admonition-icon--warning);mask-image:var(--md-admonition-icon--warning)}.md-typeset :-moz-any(.warning,.caution,.attention)>:-moz-any(.admonition-title,summary):before{background-color:#ff9100;mask-image:var(--md-admonition-icon--warning)}.md-typeset :is(.warning,.caution,.attention)>:is(.admonition-title,summary):before{background-color:#ff9100;-webkit-mask-image:var(--md-admonition-icon--warning);mask-image:var(--md-admonition-icon--warning)}.md-typeset :-webkit-any(.warning,.caution,.attention)>:-webkit-any(.admonition-title,summary):after{color:#ff9100}.md-typeset :-moz-any(.warning,.caution,.attention)>:-moz-any(.admonition-title,summary):after{color:#ff9100}.md-typeset :is(.warning,.caution,.attention)>:is(.admonition-title,summary):after{color:#ff9100}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.failure,.fail,.missing){border-color:#ff5252}.md-typeset :-moz-any(.admonition,details):-moz-any(.failure,.fail,.missing){border-color:#ff5252}.md-typeset :is(.admonition,details):is(.failure,.fail,.missing){border-color:#ff5252}.md-typeset :-webkit-any(.failure,.fail,.missing)>:-webkit-any(.admonition-title,summary){background-color:rgba(255,82,82,.1)}.md-typeset :-moz-any(.failure,.fail,.missing)>:-moz-any(.admonition-title,summary){background-color:rgba(255,82,82,.1)}.md-typeset :is(.failure,.fail,.missing)>:is(.admonition-title,summary){background-color:rgba(255,82,82,.1)}.md-typeset :-webkit-any(.failure,.fail,.missing)>:-webkit-any(.admonition-title,summary):before{background-color:#ff5252;-webkit-mask-image:var(--md-admonition-icon--failure);mask-image:var(--md-admonition-icon--failure)}.md-typeset :-moz-any(.failure,.fail,.missing)>:-moz-any(.admonition-title,summary):before{background-color:#ff5252;mask-image:var(--md-admonition-icon--failure)}.md-typeset :is(.failure,.fail,.missing)>:is(.admonition-title,summary):before{background-color:#ff5252;-webkit-mask-image:var(--md-admonition-icon--failure);mask-image:var(--md-admonition-icon--failure)}.md-typeset :-webkit-any(.failure,.fail,.missing)>:-webkit-any(.admonition-title,summary):after{color:#ff5252}.md-typeset :-moz-any(.failure,.fail,.missing)>:-moz-any(.admonition-title,summary):after{color:#ff5252}.md-typeset :is(.failure,.fail,.missing)>:is(.admonition-title,summary):after{color:#ff5252}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.danger,.error){border-color:#ff1744}.md-typeset :-moz-any(.admonition,details):-moz-any(.danger,.error){border-color:#ff1744}.md-typeset :is(.admonition,details):is(.danger,.error){border-color:#ff1744}.md-typeset :-webkit-any(.danger,.error)>:-webkit-any(.admonition-title,summary){background-color:rgba(255,23,68,.1)}.md-typeset :-moz-any(.danger,.error)>:-moz-any(.admonition-title,summary){background-color:rgba(255,23,68,.1)}.md-typeset :is(.danger,.error)>:is(.admonition-title,summary){background-color:rgba(255,23,68,.1)}.md-typeset :-webkit-any(.danger,.error)>:-webkit-any(.admonition-title,summary):before{background-color:#ff1744;-webkit-mask-image:var(--md-admonition-icon--danger);mask-image:var(--md-admonition-icon--danger)}.md-typeset :-moz-any(.danger,.error)>:-moz-any(.admonition-title,summary):before{background-color:#ff1744;mask-image:var(--md-admonition-icon--danger)}.md-typeset :is(.danger,.error)>:is(.admonition-title,summary):before{background-color:#ff1744;-webkit-mask-image:var(--md-admonition-icon--danger);mask-image:var(--md-admonition-icon--danger)}.md-typeset :-webkit-any(.danger,.error)>:-webkit-any(.admonition-title,summary):after{color:#ff1744}.md-typeset :-moz-any(.danger,.error)>:-moz-any(.admonition-title,summary):after{color:#ff1744}.md-typeset :is(.danger,.error)>:is(.admonition-title,summary):after{color:#ff1744}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.bug){border-color:#f50057}.md-typeset :-moz-any(.admonition,details):-moz-any(.bug){border-color:#f50057}.md-typeset :is(.admonition,details):is(.bug){border-color:#f50057}.md-typeset :-webkit-any(.bug)>:-webkit-any(.admonition-title,summary){background-color:rgba(245,0,87,.1)}.md-typeset :-moz-any(.bug)>:-moz-any(.admonition-title,summary){background-color:rgba(245,0,87,.1)}.md-typeset :is(.bug)>:is(.admonition-title,summary){background-color:rgba(245,0,87,.1)}.md-typeset :-webkit-any(.bug)>:-webkit-any(.admonition-title,summary):before{background-color:#f50057;-webkit-mask-image:var(--md-admonition-icon--bug);mask-image:var(--md-admonition-icon--bug)}.md-typeset :-moz-any(.bug)>:-moz-any(.admonition-title,summary):before{background-color:#f50057;mask-image:var(--md-admonition-icon--bug)}.md-typeset :is(.bug)>:is(.admonition-title,summary):before{background-color:#f50057;-webkit-mask-image:var(--md-admonition-icon--bug);mask-image:var(--md-admonition-icon--bug)}.md-typeset :-webkit-any(.bug)>:-webkit-any(.admonition-title,summary):after{color:#f50057}.md-typeset :-moz-any(.bug)>:-moz-any(.admonition-title,summary):after{color:#f50057}.md-typeset :is(.bug)>:is(.admonition-title,summary):after{color:#f50057}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.example){border-color:#7c4dff}.md-typeset :-moz-any(.admonition,details):-moz-any(.example){border-color:#7c4dff}.md-typeset :is(.admonition,details):is(.example){border-color:#7c4dff}.md-typeset :-webkit-any(.example)>:-webkit-any(.admonition-title,summary){background-color:rgba(124,77,255,.1)}.md-typeset :-moz-any(.example)>:-moz-any(.admonition-title,summary){background-color:rgba(124,77,255,.1)}.md-typeset :is(.example)>:is(.admonition-title,summary){background-color:rgba(124,77,255,.1)}.md-typeset :-webkit-any(.example)>:-webkit-any(.admonition-title,summary):before{background-color:#7c4dff;-webkit-mask-image:var(--md-admonition-icon--example);mask-image:var(--md-admonition-icon--example)}.md-typeset :-moz-any(.example)>:-moz-any(.admonition-title,summary):before{background-color:#7c4dff;mask-image:var(--md-admonition-icon--example)}.md-typeset :is(.example)>:is(.admonition-title,summary):before{background-color:#7c4dff;-webkit-mask-image:var(--md-admonition-icon--example);mask-image:var(--md-admonition-icon--example)}.md-typeset :-webkit-any(.example)>:-webkit-any(.admonition-title,summary):after{color:#7c4dff}.md-typeset :-moz-any(.example)>:-moz-any(.admonition-title,summary):after{color:#7c4dff}.md-typeset :is(.example)>:is(.admonition-title,summary):after{color:#7c4dff}.md-typeset :-webkit-any(.admonition,details):-webkit-any(.quote,.cite){border-color:#9e9e9e}.md-typeset :-moz-any(.admonition,details):-moz-any(.quote,.cite){border-color:#9e9e9e}.md-typeset :is(.admonition,details):is(.quote,.cite){border-color:#9e9e9e}.md-typeset :-webkit-any(.quote,.cite)>:-webkit-any(.admonition-title,summary){background-color:hsla(0,0%,62%,.1)}.md-typeset :-moz-any(.quote,.cite)>:-moz-any(.admonition-title,summary){background-color:hsla(0,0%,62%,.1)}.md-typeset :is(.quote,.cite)>:is(.admonition-title,summary){background-color:hsla(0,0%,62%,.1)}.md-typeset :-webkit-any(.quote,.cite)>:-webkit-any(.admonition-title,summary):before{background-color:#9e9e9e;-webkit-mask-image:var(--md-admonition-icon--quote);mask-image:var(--md-admonition-icon--quote)}.md-typeset :-moz-any(.quote,.cite)>:-moz-any(.admonition-title,summary):before{background-color:#9e9e9e;mask-image:var(--md-admonition-icon--quote)}.md-typeset :is(.quote,.cite)>:is(.admonition-title,summary):before{background-color:#9e9e9e;-webkit-mask-image:var(--md-admonition-icon--quote);mask-image:var(--md-admonition-icon--quote)}.md-typeset :-webkit-any(.quote,.cite)>:-webkit-any(.admonition-title,summary):after{color:#9e9e9e}.md-typeset :-moz-any(.quote,.cite)>:-moz-any(.admonition-title,summary):after{color:#9e9e9e}.md-typeset :is(.quote,.cite)>:is(.admonition-title,summary):after{color:#9e9e9e}:root{--md-footnotes-icon:url('data:image/svg+xml;charset=utf-8,')}.md-typeset .footnote{color:var(--md-default-fg-color--light);font-size:.64rem}[dir=ltr] .md-typeset .footnote>ol{margin-left:0}[dir=rtl] .md-typeset .footnote>ol{margin-right:0}.md-typeset .footnote>ol>li{transition:color 125ms}.md-typeset .footnote>ol>li:target{color:var(--md-default-fg-color)}.md-typeset .footnote>ol>li:focus-within .footnote-backref{opacity:1;transform:translateX(0);transition:none}.md-typeset .footnote>ol>li:-webkit-any(:hover,:target) .footnote-backref{opacity:1;transform:translateX(0)}.md-typeset .footnote>ol>li:-moz-any(:hover,:target) .footnote-backref{opacity:1;transform:translateX(0)}.md-typeset .footnote>ol>li:is(:hover,:target) .footnote-backref{opacity:1;transform:translateX(0)}.md-typeset .footnote>ol>li>:first-child{margin-top:0}.md-typeset .footnote-ref{font-size:.75em;font-weight:700}html .md-typeset .footnote-ref{outline-offset:.1rem}.md-typeset [id^="fnref:"]:target>.footnote-ref{outline:auto}.md-typeset .footnote-backref{color:var(--md-typeset-a-color);display:inline-block;font-size:0;opacity:0;transform:translateX(.25rem);transition:color .25s,transform .25s .25s,opacity 125ms .25s;vertical-align:text-bottom}@media print{.md-typeset .footnote-backref{color:var(--md-typeset-a-color);opacity:1;transform:translateX(0)}}[dir=rtl] .md-typeset .footnote-backref{transform:translateX(-.25rem)}.md-typeset .footnote-backref:hover{color:var(--md-accent-fg-color)}.md-typeset .footnote-backref:before{background-color:currentcolor;content:"";display:inline-block;height:.8rem;-webkit-mask-image:var(--md-footnotes-icon);mask-image:var(--md-footnotes-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;width:.8rem}[dir=rtl] .md-typeset .footnote-backref:before svg{transform:scaleX(-1)}[dir=ltr] .md-typeset .headerlink{margin-left:.5rem}[dir=rtl] .md-typeset .headerlink{margin-right:.5rem}.md-typeset .headerlink{color:var(--md-default-fg-color--lighter);display:inline-block;opacity:0;transition:color .25s,opacity 125ms}@media print{.md-typeset .headerlink{display:none}}.md-typeset .headerlink:focus,.md-typeset :-webkit-any(:hover,:target)>.headerlink{opacity:1;-webkit-transition:color .25s,opacity 125ms;transition:color .25s,opacity 125ms}.md-typeset .headerlink:focus,.md-typeset :-moz-any(:hover,:target)>.headerlink{opacity:1;-moz-transition:color .25s,opacity 125ms;transition:color .25s,opacity 125ms}.md-typeset .headerlink:focus,.md-typeset :is(:hover,:target)>.headerlink{opacity:1;transition:color .25s,opacity 125ms}.md-typeset .headerlink:-webkit-any(:focus,:hover),.md-typeset :target>.headerlink{color:var(--md-accent-fg-color)}.md-typeset .headerlink:-moz-any(:focus,:hover),.md-typeset :target>.headerlink{color:var(--md-accent-fg-color)}.md-typeset .headerlink:is(:focus,:hover),.md-typeset :target>.headerlink{color:var(--md-accent-fg-color)}.md-typeset :target{--md-scroll-margin:3.6rem;--md-scroll-offset:0rem;scroll-margin-top:calc(var(--md-scroll-margin) - var(--md-scroll-offset))}@media screen and (min-width:76.25em){.md-header--lifted~.md-container .md-typeset :target{--md-scroll-margin:6rem}}.md-typeset :-webkit-any(h1,h2,h3):target{--md-scroll-offset:0.2rem}.md-typeset :-moz-any(h1,h2,h3):target{--md-scroll-offset:0.2rem}.md-typeset :is(h1,h2,h3):target{--md-scroll-offset:0.2rem}.md-typeset h4:target{--md-scroll-offset:0.15rem}.md-typeset div.arithmatex{overflow:auto}@media screen and (max-width:44.9375em){.md-typeset div.arithmatex{margin:0 -.8rem}}.md-typeset div.arithmatex>*{margin-left:auto!important;margin-right:auto!important;padding:0 .8rem;touch-action:auto;width:-webkit-min-content;width:-moz-min-content;width:min-content}.md-typeset div.arithmatex>* mjx-container{margin:0!important}.md-typeset :-webkit-any(del,ins,.comment).critic{-webkit-box-decoration-break:clone;box-decoration-break:clone}.md-typeset :-moz-any(del,ins,.comment).critic{box-decoration-break:clone}.md-typeset :is(del,ins,.comment).critic{-webkit-box-decoration-break:clone;box-decoration-break:clone}.md-typeset del.critic{background-color:var(--md-typeset-del-color)}.md-typeset ins.critic{background-color:var(--md-typeset-ins-color)}.md-typeset .critic.comment{color:var(--md-code-hl-comment-color)}.md-typeset .critic.comment:before{content:"/* "}.md-typeset .critic.comment:after{content:" */"}.md-typeset .critic.block{box-shadow:none;display:block;margin:1em 0;overflow:auto;padding-left:.8rem;padding-right:.8rem}.md-typeset .critic.block>:first-child{margin-top:.5em}.md-typeset .critic.block>:last-child{margin-bottom:.5em}:root{--md-details-icon:url('data:image/svg+xml;charset=utf-8,')}.md-typeset details{display:flow-root;overflow:visible;padding-top:0}.md-typeset details[open]>summary:after{transform:rotate(90deg)}.md-typeset details:not([open]){box-shadow:none;padding-bottom:0}.md-typeset details:not([open])>summary{border-radius:.1rem}[dir=ltr] .md-typeset summary{padding-right:1.8rem}[dir=rtl] .md-typeset summary{padding-left:1.8rem}[dir=ltr] .md-typeset summary{border-top-left-radius:.1rem}[dir=ltr] .md-typeset summary,[dir=rtl] .md-typeset summary{border-top-right-radius:.1rem}[dir=rtl] .md-typeset summary{border-top-left-radius:.1rem}.md-typeset summary{cursor:pointer;display:block;min-height:1rem}.md-typeset summary.focus-visible{outline-color:var(--md-accent-fg-color);outline-offset:.2rem}.md-typeset summary:not(.focus-visible){-webkit-tap-highlight-color:transparent;outline:none}[dir=ltr] .md-typeset summary:after{right:.4rem}[dir=rtl] .md-typeset summary:after{left:.4rem}.md-typeset summary:after{background-color:currentcolor;content:"";height:1rem;-webkit-mask-image:var(--md-details-icon);mask-image:var(--md-details-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;position:absolute;top:.625em;transform:rotate(0deg);transition:transform .25s;width:1rem}[dir=rtl] .md-typeset summary:after{transform:rotate(180deg)}.md-typeset summary::marker{display:none}.md-typeset summary::-webkit-details-marker{display:none}.md-typeset :-webkit-any(.emojione,.twemoji,.gemoji){display:inline-flex;height:1.125em;vertical-align:text-top}.md-typeset :-moz-any(.emojione,.twemoji,.gemoji){display:inline-flex;height:1.125em;vertical-align:text-top}.md-typeset :is(.emojione,.twemoji,.gemoji){display:inline-flex;height:1.125em;vertical-align:text-top}.md-typeset :-webkit-any(.emojione,.twemoji,.gemoji) svg{fill:currentcolor;max-height:100%;width:1.125em}.md-typeset :-moz-any(.emojione,.twemoji,.gemoji) svg{fill:currentcolor;max-height:100%;width:1.125em}.md-typeset :is(.emojione,.twemoji,.gemoji) svg{fill:currentcolor;max-height:100%;width:1.125em}.highlight :-webkit-any(.o,.ow){color:var(--md-code-hl-operator-color)}.highlight :-moz-any(.o,.ow){color:var(--md-code-hl-operator-color)}.highlight :is(.o,.ow){color:var(--md-code-hl-operator-color)}.highlight .p{color:var(--md-code-hl-punctuation-color)}.highlight :-webkit-any(.cpf,.l,.s,.sb,.sc,.s2,.si,.s1,.ss){color:var(--md-code-hl-string-color)}.highlight :-moz-any(.cpf,.l,.s,.sb,.sc,.s2,.si,.s1,.ss){color:var(--md-code-hl-string-color)}.highlight :is(.cpf,.l,.s,.sb,.sc,.s2,.si,.s1,.ss){color:var(--md-code-hl-string-color)}.highlight :-webkit-any(.cp,.se,.sh,.sr,.sx){color:var(--md-code-hl-special-color)}.highlight :-moz-any(.cp,.se,.sh,.sr,.sx){color:var(--md-code-hl-special-color)}.highlight :is(.cp,.se,.sh,.sr,.sx){color:var(--md-code-hl-special-color)}.highlight :-webkit-any(.m,.mb,.mf,.mh,.mi,.il,.mo){color:var(--md-code-hl-number-color)}.highlight :-moz-any(.m,.mb,.mf,.mh,.mi,.il,.mo){color:var(--md-code-hl-number-color)}.highlight :is(.m,.mb,.mf,.mh,.mi,.il,.mo){color:var(--md-code-hl-number-color)}.highlight :-webkit-any(.k,.kd,.kn,.kp,.kr,.kt){color:var(--md-code-hl-keyword-color)}.highlight :-moz-any(.k,.kd,.kn,.kp,.kr,.kt){color:var(--md-code-hl-keyword-color)}.highlight :is(.k,.kd,.kn,.kp,.kr,.kt){color:var(--md-code-hl-keyword-color)}.highlight :-webkit-any(.kc,.n){color:var(--md-code-hl-name-color)}.highlight :-moz-any(.kc,.n){color:var(--md-code-hl-name-color)}.highlight :is(.kc,.n){color:var(--md-code-hl-name-color)}.highlight :-webkit-any(.no,.nb,.bp){color:var(--md-code-hl-constant-color)}.highlight :-moz-any(.no,.nb,.bp){color:var(--md-code-hl-constant-color)}.highlight :is(.no,.nb,.bp){color:var(--md-code-hl-constant-color)}.highlight :-webkit-any(.nc,.ne,.nf,.nn){color:var(--md-code-hl-function-color)}.highlight :-moz-any(.nc,.ne,.nf,.nn){color:var(--md-code-hl-function-color)}.highlight :is(.nc,.ne,.nf,.nn){color:var(--md-code-hl-function-color)}.highlight :-webkit-any(.nd,.ni,.nl,.nt){color:var(--md-code-hl-keyword-color)}.highlight :-moz-any(.nd,.ni,.nl,.nt){color:var(--md-code-hl-keyword-color)}.highlight :is(.nd,.ni,.nl,.nt){color:var(--md-code-hl-keyword-color)}.highlight :-webkit-any(.c,.cm,.c1,.ch,.cs,.sd){color:var(--md-code-hl-comment-color)}.highlight :-moz-any(.c,.cm,.c1,.ch,.cs,.sd){color:var(--md-code-hl-comment-color)}.highlight :is(.c,.cm,.c1,.ch,.cs,.sd){color:var(--md-code-hl-comment-color)}.highlight :-webkit-any(.na,.nv,.vc,.vg,.vi){color:var(--md-code-hl-variable-color)}.highlight :-moz-any(.na,.nv,.vc,.vg,.vi){color:var(--md-code-hl-variable-color)}.highlight :is(.na,.nv,.vc,.vg,.vi){color:var(--md-code-hl-variable-color)}.highlight :-webkit-any(.ge,.gr,.gh,.go,.gp,.gs,.gu,.gt){color:var(--md-code-hl-generic-color)}.highlight :-moz-any(.ge,.gr,.gh,.go,.gp,.gs,.gu,.gt){color:var(--md-code-hl-generic-color)}.highlight :is(.ge,.gr,.gh,.go,.gp,.gs,.gu,.gt){color:var(--md-code-hl-generic-color)}.highlight :-webkit-any(.gd,.gi){border-radius:.1rem;margin:0 -.125em;padding:0 .125em}.highlight :-moz-any(.gd,.gi){border-radius:.1rem;margin:0 -.125em;padding:0 .125em}.highlight :is(.gd,.gi){border-radius:.1rem;margin:0 -.125em;padding:0 .125em}.highlight .gd{background-color:var(--md-typeset-del-color)}.highlight .gi{background-color:var(--md-typeset-ins-color)}.highlight .hll{background-color:var(--md-code-hl-color);display:block;margin:0 -1.1764705882em;padding:0 1.1764705882em}.highlight span.filename{background-color:var(--md-code-bg-color);border-bottom:.05rem solid var(--md-default-fg-color--lightest);border-top-left-radius:.1rem;border-top-right-radius:.1rem;display:flow-root;font-size:.85em;font-weight:700;margin-top:1em;padding:.6617647059em 1.1764705882em;position:relative}.highlight span.filename+pre{margin-top:0}.highlight span.filename+pre>code{border-top-left-radius:0;border-top-right-radius:0}.highlight [data-linenos]:before{background-color:var(--md-code-bg-color);box-shadow:-.05rem 0 var(--md-default-fg-color--lightest) inset;color:var(--md-default-fg-color--light);content:attr(data-linenos);float:left;left:-1.1764705882em;margin-left:-1.1764705882em;margin-right:1.1764705882em;padding-left:1.1764705882em;position:-webkit-sticky;position:sticky;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;z-index:3}.highlight code a[id]{position:absolute;visibility:hidden}.highlight code[data-md-copying] .hll{display:contents}.highlight code[data-md-copying] .md-annotation{display:none}.highlighttable{display:flow-root}.highlighttable :-webkit-any(tbody,td){display:block;padding:0}.highlighttable :-moz-any(tbody,td){display:block;padding:0}.highlighttable :is(tbody,td){display:block;padding:0}.highlighttable tr{display:flex}.highlighttable pre{margin:0}.highlighttable th.filename{flex-grow:1;padding:0;text-align:left}.highlighttable th.filename span.filename{margin-top:0}.highlighttable .linenos{background-color:var(--md-code-bg-color);border-bottom-left-radius:.1rem;border-top-left-radius:.1rem;font-size:.85em;padding:.7720588235em 0 .7720588235em 1.1764705882em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.highlighttable .linenodiv{box-shadow:-.05rem 0 var(--md-default-fg-color--lightest) inset;padding-right:.5882352941em}.highlighttable .linenodiv pre{color:var(--md-default-fg-color--light);text-align:right}.highlighttable .code{flex:1;min-width:0}.linenodiv a{color:inherit}.md-typeset .highlighttable{direction:ltr;margin:1em 0}.md-typeset .highlighttable>tbody>tr>.code>div>pre>code{border-bottom-left-radius:0;border-top-left-radius:0}.md-typeset .highlight+.result{border:.05rem solid var(--md-code-bg-color);border-bottom-left-radius:.1rem;border-bottom-right-radius:.1rem;border-top-width:.1rem;margin-top:-1.125em;overflow:visible;padding:0 1em}.md-typeset .highlight+.result:after{clear:both;content:"";display:block}@media screen and (max-width:44.9375em){.md-content__inner>.highlight{margin:1em -.8rem}.md-content__inner>.highlight>.filename,.md-content__inner>.highlight>.highlighttable>tbody>tr>.code>div>pre>code,.md-content__inner>.highlight>.highlighttable>tbody>tr>.filename span.filename,.md-content__inner>.highlight>.highlighttable>tbody>tr>.linenos,.md-content__inner>.highlight>pre>code{border-radius:0}.md-content__inner>.highlight+.result{border-left-width:0;border-radius:0;border-right-width:0;margin-left:-.8rem;margin-right:-.8rem}}.md-typeset .keys kbd:-webkit-any(:before,:after){-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;color:inherit;margin:0;position:relative}.md-typeset .keys kbd:-moz-any(:before,:after){-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;color:inherit;margin:0;position:relative}.md-typeset .keys kbd:is(:before,:after){-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;color:inherit;margin:0;position:relative}.md-typeset .keys span{color:var(--md-default-fg-color--light);padding:0 .2em}.md-typeset .keys .key-alt:before,.md-typeset .keys .key-left-alt:before,.md-typeset .keys .key-right-alt:before{content:"⎇";padding-right:.4em}.md-typeset .keys .key-command:before,.md-typeset .keys .key-left-command:before,.md-typeset .keys .key-right-command:before{content:"⌘";padding-right:.4em}.md-typeset .keys .key-control:before,.md-typeset .keys .key-left-control:before,.md-typeset .keys .key-right-control:before{content:"⌃";padding-right:.4em}.md-typeset .keys .key-left-meta:before,.md-typeset .keys .key-meta:before,.md-typeset .keys .key-right-meta:before{content:"◆";padding-right:.4em}.md-typeset .keys .key-left-option:before,.md-typeset .keys .key-option:before,.md-typeset .keys .key-right-option:before{content:"⌥";padding-right:.4em}.md-typeset .keys .key-left-shift:before,.md-typeset .keys .key-right-shift:before,.md-typeset .keys .key-shift:before{content:"⇧";padding-right:.4em}.md-typeset .keys .key-left-super:before,.md-typeset .keys .key-right-super:before,.md-typeset .keys .key-super:before{content:"❖";padding-right:.4em}.md-typeset .keys .key-left-windows:before,.md-typeset .keys .key-right-windows:before,.md-typeset .keys .key-windows:before{content:"⊞";padding-right:.4em}.md-typeset .keys .key-arrow-down:before{content:"↓";padding-right:.4em}.md-typeset .keys .key-arrow-left:before{content:"←";padding-right:.4em}.md-typeset .keys .key-arrow-right:before{content:"→";padding-right:.4em}.md-typeset .keys .key-arrow-up:before{content:"↑";padding-right:.4em}.md-typeset .keys .key-backspace:before{content:"⌫";padding-right:.4em}.md-typeset .keys .key-backtab:before{content:"⇤";padding-right:.4em}.md-typeset .keys .key-caps-lock:before{content:"⇪";padding-right:.4em}.md-typeset .keys .key-clear:before{content:"⌧";padding-right:.4em}.md-typeset .keys .key-context-menu:before{content:"☰";padding-right:.4em}.md-typeset .keys .key-delete:before{content:"⌦";padding-right:.4em}.md-typeset .keys .key-eject:before{content:"⏏";padding-right:.4em}.md-typeset .keys .key-end:before{content:"⤓";padding-right:.4em}.md-typeset .keys .key-escape:before{content:"⎋";padding-right:.4em}.md-typeset .keys .key-home:before{content:"⤒";padding-right:.4em}.md-typeset .keys .key-insert:before{content:"⎀";padding-right:.4em}.md-typeset .keys .key-page-down:before{content:"⇟";padding-right:.4em}.md-typeset .keys .key-page-up:before{content:"⇞";padding-right:.4em}.md-typeset .keys .key-print-screen:before{content:"⎙";padding-right:.4em}.md-typeset .keys .key-tab:after{content:"⇥";padding-left:.4em}.md-typeset .keys .key-num-enter:after{content:"⌤";padding-left:.4em}.md-typeset .keys .key-enter:after{content:"⏎";padding-left:.4em}:root{--md-tabbed-icon--prev:url('data:image/svg+xml;charset=utf-8,');--md-tabbed-icon--next:url('data:image/svg+xml;charset=utf-8,')}.md-typeset .tabbed-set{border-radius:.1rem;display:flex;flex-flow:column wrap;margin:1em 0;position:relative}.md-typeset .tabbed-set>input{height:0;opacity:0;position:absolute;width:0}.md-typeset .tabbed-set>input:target{--md-scroll-offset:0.625em}.md-typeset .tabbed-labels{-ms-overflow-style:none;box-shadow:0 -.05rem var(--md-default-fg-color--lightest) inset;display:flex;max-width:100%;overflow:auto;scrollbar-width:none}@media print{.md-typeset .tabbed-labels{display:contents}}@media screen{.js .md-typeset .tabbed-labels{position:relative}.js .md-typeset .tabbed-labels:before{background:var(--md-accent-fg-color);bottom:0;content:"";display:block;height:2px;left:0;position:absolute;transform:translateX(var(--md-indicator-x));transition:width 225ms,transform .25s;transition-timing-function:cubic-bezier(.4,0,.2,1);width:var(--md-indicator-width)}}.md-typeset .tabbed-labels::-webkit-scrollbar{display:none}.md-typeset .tabbed-labels>label{border-bottom:.1rem solid transparent;border-radius:.1rem .1rem 0 0;color:var(--md-default-fg-color--light);cursor:pointer;flex-shrink:0;font-size:.64rem;font-weight:700;padding:.78125em 1.25em .625em;scroll-margin-inline-start:1rem;transition:background-color .25s,color .25s;white-space:nowrap;width:auto}@media print{.md-typeset .tabbed-labels>label:first-child{order:1}.md-typeset .tabbed-labels>label:nth-child(2){order:2}.md-typeset .tabbed-labels>label:nth-child(3){order:3}.md-typeset .tabbed-labels>label:nth-child(4){order:4}.md-typeset .tabbed-labels>label:nth-child(5){order:5}.md-typeset .tabbed-labels>label:nth-child(6){order:6}.md-typeset .tabbed-labels>label:nth-child(7){order:7}.md-typeset .tabbed-labels>label:nth-child(8){order:8}.md-typeset .tabbed-labels>label:nth-child(9){order:9}.md-typeset .tabbed-labels>label:nth-child(10){order:10}.md-typeset .tabbed-labels>label:nth-child(11){order:11}.md-typeset .tabbed-labels>label:nth-child(12){order:12}.md-typeset .tabbed-labels>label:nth-child(13){order:13}.md-typeset .tabbed-labels>label:nth-child(14){order:14}.md-typeset .tabbed-labels>label:nth-child(15){order:15}.md-typeset .tabbed-labels>label:nth-child(16){order:16}.md-typeset .tabbed-labels>label:nth-child(17){order:17}.md-typeset .tabbed-labels>label:nth-child(18){order:18}.md-typeset .tabbed-labels>label:nth-child(19){order:19}.md-typeset .tabbed-labels>label:nth-child(20){order:20}}.md-typeset .tabbed-labels>label:hover{color:var(--md-accent-fg-color)}.md-typeset .tabbed-content{width:100%}@media print{.md-typeset .tabbed-content{display:contents}}.md-typeset .tabbed-block{display:none}@media print{.md-typeset .tabbed-block{display:block}.md-typeset .tabbed-block:first-child{order:1}.md-typeset .tabbed-block:nth-child(2){order:2}.md-typeset .tabbed-block:nth-child(3){order:3}.md-typeset .tabbed-block:nth-child(4){order:4}.md-typeset .tabbed-block:nth-child(5){order:5}.md-typeset .tabbed-block:nth-child(6){order:6}.md-typeset .tabbed-block:nth-child(7){order:7}.md-typeset .tabbed-block:nth-child(8){order:8}.md-typeset .tabbed-block:nth-child(9){order:9}.md-typeset .tabbed-block:nth-child(10){order:10}.md-typeset .tabbed-block:nth-child(11){order:11}.md-typeset .tabbed-block:nth-child(12){order:12}.md-typeset .tabbed-block:nth-child(13){order:13}.md-typeset .tabbed-block:nth-child(14){order:14}.md-typeset .tabbed-block:nth-child(15){order:15}.md-typeset .tabbed-block:nth-child(16){order:16}.md-typeset .tabbed-block:nth-child(17){order:17}.md-typeset .tabbed-block:nth-child(18){order:18}.md-typeset .tabbed-block:nth-child(19){order:19}.md-typeset .tabbed-block:nth-child(20){order:20}}.md-typeset .tabbed-block>.highlight:first-child>pre,.md-typeset .tabbed-block>pre:first-child{margin:0}.md-typeset .tabbed-block>.highlight:first-child>pre>code,.md-typeset .tabbed-block>pre:first-child>code{border-top-left-radius:0;border-top-right-radius:0}.md-typeset .tabbed-block>.highlight:first-child>.filename{border-top-left-radius:0;border-top-right-radius:0;margin:0}.md-typeset .tabbed-block>.highlight:first-child>.highlighttable{margin:0}.md-typeset .tabbed-block>.highlight:first-child>.highlighttable>tbody>tr>.filename span.filename,.md-typeset .tabbed-block>.highlight:first-child>.highlighttable>tbody>tr>.linenos{border-top-left-radius:0;border-top-right-radius:0;margin:0}.md-typeset .tabbed-block>.highlight:first-child>.highlighttable>tbody>tr>.code>div>pre>code{border-top-left-radius:0;border-top-right-radius:0}.md-typeset .tabbed-block>.highlight:first-child+.result{margin-top:-.125em}.md-typeset .tabbed-block>.tabbed-set{margin:0}.md-typeset .tabbed-button{align-self:center;border-radius:100%;color:var(--md-default-fg-color--light);cursor:pointer;display:block;height:.9rem;margin-top:.1rem;pointer-events:auto;transition:background-color .25s;width:.9rem}.md-typeset .tabbed-button:hover{background-color:var(--md-accent-fg-color--transparent);color:var(--md-accent-fg-color)}.md-typeset .tabbed-button:after{background-color:currentcolor;content:"";display:block;height:100%;-webkit-mask-image:var(--md-tabbed-icon--prev);mask-image:var(--md-tabbed-icon--prev);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;transition:background-color .25s,transform .25s;width:100%}.md-typeset .tabbed-control{background:linear-gradient(to right,var(--md-default-bg-color) 60%,transparent);display:flex;height:1.9rem;justify-content:start;pointer-events:none;position:absolute;transition:opacity 125ms;width:1.2rem}[dir=rtl] .md-typeset .tabbed-control{transform:rotate(180deg)}.md-typeset .tabbed-control[hidden]{opacity:0}.md-typeset .tabbed-control--next{background:linear-gradient(to left,var(--md-default-bg-color) 60%,transparent);justify-content:end;right:0}.md-typeset .tabbed-control--next .tabbed-button:after{-webkit-mask-image:var(--md-tabbed-icon--next);mask-image:var(--md-tabbed-icon--next)}@media screen and (max-width:44.9375em){[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels{padding-left:.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels{padding-right:.8rem}.md-content__inner>.tabbed-set .tabbed-labels{margin:0 -.8rem;max-width:100vw;scroll-padding-inline-start:.8rem}[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels:after{padding-right:.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels:after{padding-left:.8rem}.md-content__inner>.tabbed-set .tabbed-labels:after{content:""}[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--prev{margin-left:-.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--prev{margin-right:-.8rem}[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--prev{padding-left:.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--prev{padding-right:.8rem}.md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--prev{width:2rem}[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--next{margin-right:-.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--next{margin-left:-.8rem}[dir=ltr] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--next{padding-right:.8rem}[dir=rtl] .md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--next{padding-left:.8rem}.md-content__inner>.tabbed-set .tabbed-labels~.tabbed-control--next{width:2rem}}@media screen{.md-typeset .tabbed-set>input:first-child:checked~.tabbed-labels>:first-child,.md-typeset .tabbed-set>input:nth-child(10):checked~.tabbed-labels>:nth-child(10),.md-typeset .tabbed-set>input:nth-child(11):checked~.tabbed-labels>:nth-child(11),.md-typeset .tabbed-set>input:nth-child(12):checked~.tabbed-labels>:nth-child(12),.md-typeset .tabbed-set>input:nth-child(13):checked~.tabbed-labels>:nth-child(13),.md-typeset .tabbed-set>input:nth-child(14):checked~.tabbed-labels>:nth-child(14),.md-typeset .tabbed-set>input:nth-child(15):checked~.tabbed-labels>:nth-child(15),.md-typeset .tabbed-set>input:nth-child(16):checked~.tabbed-labels>:nth-child(16),.md-typeset .tabbed-set>input:nth-child(17):checked~.tabbed-labels>:nth-child(17),.md-typeset .tabbed-set>input:nth-child(18):checked~.tabbed-labels>:nth-child(18),.md-typeset .tabbed-set>input:nth-child(19):checked~.tabbed-labels>:nth-child(19),.md-typeset .tabbed-set>input:nth-child(2):checked~.tabbed-labels>:nth-child(2),.md-typeset .tabbed-set>input:nth-child(20):checked~.tabbed-labels>:nth-child(20),.md-typeset .tabbed-set>input:nth-child(3):checked~.tabbed-labels>:nth-child(3),.md-typeset .tabbed-set>input:nth-child(4):checked~.tabbed-labels>:nth-child(4),.md-typeset .tabbed-set>input:nth-child(5):checked~.tabbed-labels>:nth-child(5),.md-typeset .tabbed-set>input:nth-child(6):checked~.tabbed-labels>:nth-child(6),.md-typeset .tabbed-set>input:nth-child(7):checked~.tabbed-labels>:nth-child(7),.md-typeset .tabbed-set>input:nth-child(8):checked~.tabbed-labels>:nth-child(8),.md-typeset .tabbed-set>input:nth-child(9):checked~.tabbed-labels>:nth-child(9){color:var(--md-accent-fg-color)}.md-typeset .no-js .tabbed-set>input:first-child:checked~.tabbed-labels>:first-child,.md-typeset .no-js .tabbed-set>input:nth-child(10):checked~.tabbed-labels>:nth-child(10),.md-typeset .no-js .tabbed-set>input:nth-child(11):checked~.tabbed-labels>:nth-child(11),.md-typeset .no-js .tabbed-set>input:nth-child(12):checked~.tabbed-labels>:nth-child(12),.md-typeset .no-js .tabbed-set>input:nth-child(13):checked~.tabbed-labels>:nth-child(13),.md-typeset .no-js .tabbed-set>input:nth-child(14):checked~.tabbed-labels>:nth-child(14),.md-typeset .no-js .tabbed-set>input:nth-child(15):checked~.tabbed-labels>:nth-child(15),.md-typeset .no-js .tabbed-set>input:nth-child(16):checked~.tabbed-labels>:nth-child(16),.md-typeset .no-js .tabbed-set>input:nth-child(17):checked~.tabbed-labels>:nth-child(17),.md-typeset .no-js .tabbed-set>input:nth-child(18):checked~.tabbed-labels>:nth-child(18),.md-typeset .no-js .tabbed-set>input:nth-child(19):checked~.tabbed-labels>:nth-child(19),.md-typeset .no-js .tabbed-set>input:nth-child(2):checked~.tabbed-labels>:nth-child(2),.md-typeset .no-js .tabbed-set>input:nth-child(20):checked~.tabbed-labels>:nth-child(20),.md-typeset .no-js .tabbed-set>input:nth-child(3):checked~.tabbed-labels>:nth-child(3),.md-typeset .no-js .tabbed-set>input:nth-child(4):checked~.tabbed-labels>:nth-child(4),.md-typeset .no-js .tabbed-set>input:nth-child(5):checked~.tabbed-labels>:nth-child(5),.md-typeset .no-js .tabbed-set>input:nth-child(6):checked~.tabbed-labels>:nth-child(6),.md-typeset .no-js .tabbed-set>input:nth-child(7):checked~.tabbed-labels>:nth-child(7),.md-typeset .no-js .tabbed-set>input:nth-child(8):checked~.tabbed-labels>:nth-child(8),.md-typeset .no-js .tabbed-set>input:nth-child(9):checked~.tabbed-labels>:nth-child(9),.no-js .md-typeset .tabbed-set>input:first-child:checked~.tabbed-labels>:first-child,.no-js .md-typeset .tabbed-set>input:nth-child(10):checked~.tabbed-labels>:nth-child(10),.no-js .md-typeset .tabbed-set>input:nth-child(11):checked~.tabbed-labels>:nth-child(11),.no-js .md-typeset .tabbed-set>input:nth-child(12):checked~.tabbed-labels>:nth-child(12),.no-js .md-typeset .tabbed-set>input:nth-child(13):checked~.tabbed-labels>:nth-child(13),.no-js .md-typeset .tabbed-set>input:nth-child(14):checked~.tabbed-labels>:nth-child(14),.no-js .md-typeset .tabbed-set>input:nth-child(15):checked~.tabbed-labels>:nth-child(15),.no-js .md-typeset .tabbed-set>input:nth-child(16):checked~.tabbed-labels>:nth-child(16),.no-js .md-typeset .tabbed-set>input:nth-child(17):checked~.tabbed-labels>:nth-child(17),.no-js .md-typeset .tabbed-set>input:nth-child(18):checked~.tabbed-labels>:nth-child(18),.no-js .md-typeset .tabbed-set>input:nth-child(19):checked~.tabbed-labels>:nth-child(19),.no-js .md-typeset .tabbed-set>input:nth-child(2):checked~.tabbed-labels>:nth-child(2),.no-js .md-typeset .tabbed-set>input:nth-child(20):checked~.tabbed-labels>:nth-child(20),.no-js .md-typeset .tabbed-set>input:nth-child(3):checked~.tabbed-labels>:nth-child(3),.no-js .md-typeset .tabbed-set>input:nth-child(4):checked~.tabbed-labels>:nth-child(4),.no-js .md-typeset .tabbed-set>input:nth-child(5):checked~.tabbed-labels>:nth-child(5),.no-js .md-typeset .tabbed-set>input:nth-child(6):checked~.tabbed-labels>:nth-child(6),.no-js .md-typeset .tabbed-set>input:nth-child(7):checked~.tabbed-labels>:nth-child(7),.no-js .md-typeset .tabbed-set>input:nth-child(8):checked~.tabbed-labels>:nth-child(8),.no-js .md-typeset .tabbed-set>input:nth-child(9):checked~.tabbed-labels>:nth-child(9){border-color:var(--md-accent-fg-color)}}.md-typeset .tabbed-set>input:first-child.focus-visible~.tabbed-labels>:first-child,.md-typeset .tabbed-set>input:nth-child(10).focus-visible~.tabbed-labels>:nth-child(10),.md-typeset .tabbed-set>input:nth-child(11).focus-visible~.tabbed-labels>:nth-child(11),.md-typeset .tabbed-set>input:nth-child(12).focus-visible~.tabbed-labels>:nth-child(12),.md-typeset .tabbed-set>input:nth-child(13).focus-visible~.tabbed-labels>:nth-child(13),.md-typeset .tabbed-set>input:nth-child(14).focus-visible~.tabbed-labels>:nth-child(14),.md-typeset .tabbed-set>input:nth-child(15).focus-visible~.tabbed-labels>:nth-child(15),.md-typeset .tabbed-set>input:nth-child(16).focus-visible~.tabbed-labels>:nth-child(16),.md-typeset .tabbed-set>input:nth-child(17).focus-visible~.tabbed-labels>:nth-child(17),.md-typeset .tabbed-set>input:nth-child(18).focus-visible~.tabbed-labels>:nth-child(18),.md-typeset .tabbed-set>input:nth-child(19).focus-visible~.tabbed-labels>:nth-child(19),.md-typeset .tabbed-set>input:nth-child(2).focus-visible~.tabbed-labels>:nth-child(2),.md-typeset .tabbed-set>input:nth-child(20).focus-visible~.tabbed-labels>:nth-child(20),.md-typeset .tabbed-set>input:nth-child(3).focus-visible~.tabbed-labels>:nth-child(3),.md-typeset .tabbed-set>input:nth-child(4).focus-visible~.tabbed-labels>:nth-child(4),.md-typeset .tabbed-set>input:nth-child(5).focus-visible~.tabbed-labels>:nth-child(5),.md-typeset .tabbed-set>input:nth-child(6).focus-visible~.tabbed-labels>:nth-child(6),.md-typeset .tabbed-set>input:nth-child(7).focus-visible~.tabbed-labels>:nth-child(7),.md-typeset .tabbed-set>input:nth-child(8).focus-visible~.tabbed-labels>:nth-child(8),.md-typeset .tabbed-set>input:nth-child(9).focus-visible~.tabbed-labels>:nth-child(9){background-color:var(--md-accent-fg-color--transparent)}.md-typeset .tabbed-set>input:first-child:checked~.tabbed-content>:first-child,.md-typeset .tabbed-set>input:nth-child(10):checked~.tabbed-content>:nth-child(10),.md-typeset .tabbed-set>input:nth-child(11):checked~.tabbed-content>:nth-child(11),.md-typeset .tabbed-set>input:nth-child(12):checked~.tabbed-content>:nth-child(12),.md-typeset .tabbed-set>input:nth-child(13):checked~.tabbed-content>:nth-child(13),.md-typeset .tabbed-set>input:nth-child(14):checked~.tabbed-content>:nth-child(14),.md-typeset .tabbed-set>input:nth-child(15):checked~.tabbed-content>:nth-child(15),.md-typeset .tabbed-set>input:nth-child(16):checked~.tabbed-content>:nth-child(16),.md-typeset .tabbed-set>input:nth-child(17):checked~.tabbed-content>:nth-child(17),.md-typeset .tabbed-set>input:nth-child(18):checked~.tabbed-content>:nth-child(18),.md-typeset .tabbed-set>input:nth-child(19):checked~.tabbed-content>:nth-child(19),.md-typeset .tabbed-set>input:nth-child(2):checked~.tabbed-content>:nth-child(2),.md-typeset .tabbed-set>input:nth-child(20):checked~.tabbed-content>:nth-child(20),.md-typeset .tabbed-set>input:nth-child(3):checked~.tabbed-content>:nth-child(3),.md-typeset .tabbed-set>input:nth-child(4):checked~.tabbed-content>:nth-child(4),.md-typeset .tabbed-set>input:nth-child(5):checked~.tabbed-content>:nth-child(5),.md-typeset .tabbed-set>input:nth-child(6):checked~.tabbed-content>:nth-child(6),.md-typeset .tabbed-set>input:nth-child(7):checked~.tabbed-content>:nth-child(7),.md-typeset .tabbed-set>input:nth-child(8):checked~.tabbed-content>:nth-child(8),.md-typeset .tabbed-set>input:nth-child(9):checked~.tabbed-content>:nth-child(9){display:block}:root{--md-tasklist-icon:url('data:image/svg+xml;charset=utf-8,');--md-tasklist-icon--checked:url('data:image/svg+xml;charset=utf-8,')}.md-typeset .task-list-item{list-style-type:none;position:relative}[dir=ltr] .md-typeset .task-list-item [type=checkbox]{left:-2em}[dir=rtl] .md-typeset .task-list-item [type=checkbox]{right:-2em}.md-typeset .task-list-item [type=checkbox]{position:absolute;top:.45em}.md-typeset .task-list-control [type=checkbox]{opacity:0;z-index:-1}[dir=ltr] .md-typeset .task-list-indicator:before{left:-1.5em}[dir=rtl] .md-typeset .task-list-indicator:before{right:-1.5em}.md-typeset .task-list-indicator:before{background-color:var(--md-default-fg-color--lightest);content:"";height:1.25em;-webkit-mask-image:var(--md-tasklist-icon);mask-image:var(--md-tasklist-icon);-webkit-mask-position:center;mask-position:center;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-size:contain;mask-size:contain;position:absolute;top:.15em;width:1.25em}.md-typeset [type=checkbox]:checked+.task-list-indicator:before{background-color:#00e676;-webkit-mask-image:var(--md-tasklist-icon--checked);mask-image:var(--md-tasklist-icon--checked)}:root>*{--md-mermaid-font-family:var(--md-text-font-family),sans-serif;--md-mermaid-edge-color:var(--md-code-fg-color);--md-mermaid-node-bg-color:var(--md-accent-fg-color--transparent);--md-mermaid-node-fg-color:var(--md-accent-fg-color);--md-mermaid-label-bg-color:var(--md-default-bg-color);--md-mermaid-label-fg-color:var(--md-code-fg-color)}.mermaid{line-height:normal;margin:1em 0}@media screen and (min-width:45em){[dir=ltr] .md-typeset .inline{float:left}[dir=rtl] .md-typeset .inline{float:right}[dir=ltr] .md-typeset .inline{margin-right:.8rem}[dir=rtl] .md-typeset .inline{margin-left:.8rem}.md-typeset .inline{margin-bottom:.8rem;margin-top:0;width:11.7rem}[dir=ltr] .md-typeset .inline.end{float:right}[dir=rtl] .md-typeset .inline.end{float:left}[dir=ltr] .md-typeset .inline.end{margin-left:.8rem;margin-right:0}[dir=rtl] .md-typeset .inline.end{margin-left:0;margin-right:.8rem}} \ No newline at end of file diff --git a/2.5/assets/stylesheets/main.472b142f.min.css.map b/2.5/assets/stylesheets/main.472b142f.min.css.map new file mode 100644 index 000000000..ebe03d9c2 --- /dev/null +++ b/2.5/assets/stylesheets/main.472b142f.min.css.map @@ -0,0 +1 @@ +{"version":3,"sources":["src/assets/stylesheets/main/extensions/pymdownx/_keys.scss","../../../src/assets/stylesheets/main.scss","src/assets/stylesheets/main/_resets.scss","src/assets/stylesheets/main/_colors.scss","src/assets/stylesheets/main/_icons.scss","src/assets/stylesheets/main/_typeset.scss","src/assets/stylesheets/utilities/_break.scss","src/assets/stylesheets/main/layout/_banner.scss","src/assets/stylesheets/main/layout/_base.scss","src/assets/stylesheets/main/layout/_clipboard.scss","src/assets/stylesheets/main/layout/_consent.scss","src/assets/stylesheets/main/layout/_content.scss","src/assets/stylesheets/main/layout/_dialog.scss","src/assets/stylesheets/main/layout/_feedback.scss","src/assets/stylesheets/main/layout/_footer.scss","src/assets/stylesheets/main/layout/_form.scss","src/assets/stylesheets/main/layout/_header.scss","src/assets/stylesheets/main/layout/_nav.scss","src/assets/stylesheets/main/layout/_search.scss","src/assets/stylesheets/main/layout/_select.scss","src/assets/stylesheets/main/layout/_sidebar.scss","src/assets/stylesheets/main/layout/_source.scss","src/assets/stylesheets/main/layout/_tabs.scss","src/assets/stylesheets/main/layout/_tag.scss","src/assets/stylesheets/main/layout/_tooltip.scss","src/assets/stylesheets/main/layout/_top.scss","src/assets/stylesheets/main/layout/_version.scss","src/assets/stylesheets/main/extensions/markdown/_admonition.scss","node_modules/material-design-color/material-color.scss","src/assets/stylesheets/main/extensions/markdown/_footnotes.scss","src/assets/stylesheets/main/extensions/markdown/_toc.scss","src/assets/stylesheets/main/extensions/pymdownx/_arithmatex.scss","src/assets/stylesheets/main/extensions/pymdownx/_critic.scss","src/assets/stylesheets/main/extensions/pymdownx/_details.scss","src/assets/stylesheets/main/extensions/pymdownx/_emoji.scss","src/assets/stylesheets/main/extensions/pymdownx/_highlight.scss","src/assets/stylesheets/main/extensions/pymdownx/_tabbed.scss","src/assets/stylesheets/main/extensions/pymdownx/_tasklist.scss","src/assets/stylesheets/main/integrations/_mermaid.scss","src/assets/stylesheets/main/_modifiers.scss"],"names":[],"mappings":"AAgGM,gBCo+GN,CCxiHA,KAEE,6BAAA,CAAA,0BAAA,CAAA,yBAAA,CAAA,qBAAA,CADA,qBDzBF,CC8BA,iBAGE,kBD3BF,CC8BE,gCANF,iBAOI,yBDzBF,CACF,CC6BA,KACE,QD1BF,CC8BA,qBAIE,uCD3BF,CC+BA,EACE,aAAA,CACA,oBD5BF,CCgCA,GAME,QAAA,CAJA,kBAAA,CADA,aAAA,CAEA,aAAA,CAEA,gBAAA,CADA,SD3BF,CCiCA,MACE,aD9BF,CCkCA,QAEE,eD/BF,CCmCA,IACE,iBDhCF,CCoCA,MACE,uBAAA,CACA,gBDjCF,CCqCA,MAEE,eAAA,CACA,kBDlCF,CCsCA,OAKE,sBAAA,CACA,QAAA,CAFA,mBAAA,CADA,iBAAA,CAFA,QAAA,CACA,SD/BF,CCuCA,MACE,QAAA,CACA,YDpCF,CErDA,MAIE,6BAAA,CACA,oCAAA,CACA,mCAAA,CACA,0BAAA,CACA,+CAAA,CAGA,4BAAA,CACA,qDAAA,CACA,yBAAA,CACA,8CFmDF,CEpCA,qCAGE,qCAAA,CACA,4CAAA,CACA,8CAAA,CACA,+CAAA,CACA,0BAAA,CACA,+CAAA,CACA,iDAAA,CACA,mDAAA,CAGA,0BAAA,CACA,0BAAA,CAGA,qCAAA,CACA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,0CAAA,CAGA,0CAAA,CACA,2CAAA,CAGA,8BAAA,CACA,kCAAA,CACA,qCAAA,CAGA,wCAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,yBAAA,CACA,8CAAA,CACA,gDAAA,CACA,oCAAA,CACA,0CAAA,CAGA,yEAAA,CAKA,yEAAA,CAKA,yEFaF,CGjHE,aAIE,iBAAA,CAHA,aAAA,CAEA,aAAA,CADA,YHsHJ,CI3HA,KACE,kCAAA,CACA,iCAAA,CAGA,uGAAA,CAKA,mFJ4HF,CItHA,WAGE,mCAAA,CACA,sCJyHF,CIrHA,wBANE,6BJmIF,CI7HA,aAIE,4BAAA,CACA,sCJwHF,CIhHA,MACE,0NAAA,CACA,mNAAA,CACA,oNJmHF,CI5GA,YAGE,gCAAA,CAAA,kBAAA,CAFA,eAAA,CACA,eJgHF,CI3GE,aAPF,YAQI,gBJ8GF,CACF,CI3GE,uGAME,iBAAA,CAAA,cJ6GJ,CIzGE,eAEE,uCAAA,CAEA,aAAA,CACA,eAAA,CAJA,iBJgHJ,CIvGE,8BAPE,eAAA,CAGA,qBJkHJ,CI9GE,eAGE,kBAAA,CACA,eAAA,CAHA,oBJ6GJ,CIrGE,eAGE,gBAAA,CADA,eAAA,CAGA,qBAAA,CADA,eAAA,CAHA,mBJ2GJ,CInGE,kBACE,eJqGJ,CIjGE,eAEE,eAAA,CACA,qBAAA,CAFA,YJqGJ,CI/FE,8BAGE,uCAAA,CAEA,cAAA,CADA,eAAA,CAEA,qBAAA,CAJA,eJqGJ,CI7FE,eACE,wBJ+FJ,CI3FE,eAGE,+DAAA,CAFA,iBAAA,CACA,cJ8FJ,CIzFE,cACE,+BAAA,CACA,qBJ2FJ,CIxFI,mCAEE,sBJyFN,CIrFI,wCAEE,+BJsFN,CInFM,kDACE,uDJqFR,CIhFI,mBACE,kBAAA,CACA,iCJkFN,CI9EI,4BACE,uCAAA,CACA,oBJgFN,CI3EE,iDAGE,6BAAA,CACA,aAAA,CACA,2BJ6EJ,CI1EI,aARF,iDASI,oBJ+EJ,CACF,CI3EE,iBAIE,wCAAA,CACA,mBAAA,CACA,kCAAA,CAAA,0BAAA,CAJA,eAAA,CADA,uBAAA,CAEA,qBJgFJ,CI1EI,qCAEE,uCAAA,CADA,YJ6EN,CIvEE,gBAEE,iBAAA,CACA,eAAA,CAFA,iBJ2EJ,CItEI,qBAQE,kCAAA,CAAA,0BAAA,CADA,eAAA,CANA,aAAA,CACA,QAAA,CAIA,uCAAA,CAFA,aAAA,CADA,oCAAA,CAQA,+DAAA,CADA,oBAAA,CADA,iBAAA,CAJA,iBJ8EN,CIrEM,2BACE,qDJuER,CInEM,wCAEE,YAAA,CADA,WJsER,CIjEM,8CACE,oDJmER,CIhEQ,oDACE,0CJkEV,CI3DE,gBAOE,4CAAA,CACA,mBAAA,CACA,mKACE,CAPF,gCAAA,CAFA,oBAAA,CAGA,eAAA,CAFA,uBAAA,CAGA,uBAAA,CACA,qBJgEJ,CItDE,iBAGE,6CAAA,CACA,kCAAA,CAAA,0BAAA,CAHA,aAAA,CACA,qBJ0DJ,CIpDE,iBAEE,6DAAA,CACA,WAAA,CAFA,oBJwDJ,CInDI,oBANF,iBAOI,iBJsDJ,CInDI,yDAWE,2CAAA,CACA,mBAAA,CACA,8BAAA,CAJA,gCAAA,CAKA,mBAAA,CAXA,oBAAA,CAOA,eAAA,CAHA,cAAA,CADA,aAAA,CADA,6BAAA,CAAA,qBAAA,CAGA,mBAAA,CAPA,iBAAA,CAGA,UJ+DN,CInEI,sDAWE,2CAAA,CACA,mBAAA,CACA,8BAAA,CAJA,gCAAA,CAKA,mBAAA,CAXA,oBAAA,CAOA,eAAA,CAHA,cAAA,CADA,aAAA,CADA,0BAAA,CAAA,qBAAA,CAGA,mBAAA,CAPA,iBAAA,CAGA,UJ+DN,CInEI,mEAEE,MJiEN,CInEI,gEAEE,MJiEN,CInEI,0DAEE,MJiEN,CInEI,mEAEE,OJiEN,CInEI,gEAEE,OJiEN,CInEI,0DAEE,OJiEN,CInEI,gDAWE,2CAAA,CACA,mBAAA,CACA,8BAAA,CAJA,gCAAA,CAKA,mBAAA,CAXA,oBAAA,CAOA,eAAA,CAHA,cAAA,CADA,aAAA,CADA,6BAAA,CAAA,0BAAA,CAAA,qBAAA,CAGA,mBAAA,CAPA,iBAAA,CAGA,UJ+DN,CACF,CIhDE,kBACE,WJkDJ,CI9CE,oDAEE,qBJgDJ,CIlDE,oDAEE,sBJgDJ,CI5CE,iCACE,kBJiDJ,CIlDE,iCACE,mBJiDJ,CIlDE,iCAIE,2DJ8CJ,CIlDE,iCAIE,4DJ8CJ,CIlDE,uBAGE,uCAAA,CADA,aAAA,CAAA,cJgDJ,CI1CE,eACE,oBJ4CJ,CIxCE,kDAEE,kBJ2CJ,CI7CE,kDAEE,mBJ2CJ,CI7CE,8BAGE,SJ0CJ,CIvCI,0DACE,iBJ0CN,CItCI,oCACE,2BJyCN,CItCM,0CACE,2BJyCR,CIpCI,wDAEE,kBJuCN,CIzCI,wDAEE,mBJuCN,CIzCI,oCACE,kBJwCN,CIpCM,kGAEE,aJwCR,CIpCM,0DACE,eJuCR,CInCM,4EACE,kBAAA,CAAA,eJuCR,CIxCM,sEACE,kBAAA,CAAA,eJuCR,CIxCM,gGAEE,kBJsCR,CIxCM,0FAEE,kBJsCR,CIxCM,8EAEE,kBJsCR,CIxCM,gGAEE,mBJsCR,CIxCM,0FAEE,mBJsCR,CIxCM,8EAEE,mBJsCR,CIxCM,0DACE,kBAAA,CAAA,eJuCR,CIhCE,yBAEE,mBJkCJ,CIpCE,yBAEE,oBJkCJ,CIpCE,eACE,mBAAA,CAAA,cJmCJ,CI9BE,kDAIE,WAAA,CADA,cJiCJ,CIzBI,4BAEE,oBJ2BN,CIvBI,6BAEE,oBJyBN,CIrBI,kCACE,YJuBN,CInBI,8EAEE,YJoBN,CIfE,mBACE,iBAAA,CAGA,eAAA,CADA,cAAA,CAEA,iBAAA,CAHA,yBAAA,CAAA,sBAAA,CAAA,iBJoBJ,CIdI,uBACE,aJgBN,CIXE,uBAGE,iBAAA,CADA,eAAA,CADA,eJeJ,CITE,mBACE,cJWJ,CIPE,+BAKE,2CAAA,CACA,iDAAA,CACA,mBAAA,CANA,oBAAA,CAGA,gBAAA,CAFA,cAAA,CACA,aAAA,CAKA,iBJSJ,CINI,aAXF,+BAYI,aJSJ,CACF,CIJI,iCACE,gBJMN,CICM,gEACE,YJCR,CIFM,6DACE,YJCR,CIFM,uDACE,YJCR,CIGM,+DACE,eJDR,CIAM,4DACE,eJDR,CIAM,sDACE,eJDR,CIMI,gEACE,eJJN,CIGI,6DACE,eJJN,CIGI,uDACE,eJJN,CIOM,0EACE,gBJLR,CIIM,uEACE,gBJLR,CIIM,iEACE,gBJLR,CIUI,kCAGE,eAAA,CAFA,cAAA,CACA,sBAAA,CAEA,kBJRN,CIYI,kCAGE,qDAAA,CAFA,sBAAA,CACA,kBJTN,CIcI,wCACE,iCJZN,CIeM,8CACE,iCAAA,CACA,sDJbR,CIkBI,iCACE,iBJhBN,CIqBE,wCACE,cJnBJ,CIsBI,wDAIE,gBJdN,CIUI,wDAIE,iBJdN,CIUI,8CAUE,UAAA,CATA,oBAAA,CAEA,YAAA,CAGA,oDAAA,CAAA,4CAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CACA,iCAAA,CAJA,0BAAA,CAHA,WJZN,CIwBI,oDACE,oDJtBN,CI0BI,mEACE,kDAAA,CACA,yDAAA,CAAA,iDJxBN,CI4BI,oEACE,kDAAA,CACA,0DAAA,CAAA,kDJ1BN,CI+BE,wBACE,iBAAA,CACA,eAAA,CACA,iBJ7BJ,CIiCE,mBACE,oBAAA,CACA,kBAAA,CACA,eJ/BJ,CIkCI,aANF,mBAOI,aJ/BJ,CACF,CIkCI,8BACE,aAAA,CAEA,QAAA,CACA,eAAA,CAFA,UJ9BN,CK7VI,wCD0YF,uBACE,iBJzCF,CI4CE,4BACE,eJ1CJ,CACF,CM/hBA,WAGE,0CAAA,CADA,+BAAA,CADA,aNmiBF,CM9hBE,aANF,WAOI,YNiiBF,CACF,CM9hBE,oBAEE,uCAAA,CADA,gCNiiBJ,CM5hBE,kBAGE,eAAA,CAFA,iBAAA,CACA,eN+hBJ,CM1hBE,6BACE,WN+hBJ,CMhiBE,6BACE,UN+hBJ,CMhiBE,mBAEE,aAAA,CACA,cAAA,CACA,uBN4hBJ,CMzhBI,yBACE,UN2hBN,CO3jBA,KASE,cAAA,CARA,WAAA,CACA,iBP+jBF,CK3ZI,oCEtKJ,KAaI,gBPwjBF,CACF,CKhaI,oCEtKJ,KAkBI,cPwjBF,CACF,COnjBA,KASE,2CAAA,CAPA,YAAA,CACA,qBAAA,CAKA,eAAA,CAHA,eAAA,CAJA,iBAAA,CAGA,UPyjBF,COjjBE,aAZF,KAaI,aPojBF,CACF,CKjaI,wCEhJF,yBAII,cPijBJ,CACF,COxiBA,SAEE,gBAAA,CAAA,iBAAA,CADA,eP4iBF,COviBA,cACE,YAAA,CACA,qBAAA,CACA,WP0iBF,COviBE,aANF,cAOI,aP0iBF,CACF,COtiBA,SACE,WPyiBF,COtiBE,gBACE,YAAA,CACA,WAAA,CACA,iBPwiBJ,COniBA,aACE,eAAA,CAEA,sBAAA,CADA,kBPuiBF,CO7hBA,WACE,YPgiBF,CO3hBA,WAGE,QAAA,CACA,SAAA,CAHA,iBAAA,CACA,OPgiBF,CO3hBE,uCACE,aP6hBJ,COzhBE,+BAEE,uCAAA,CADA,kBP4hBJ,COthBA,SASE,2CAAA,CACA,mBAAA,CAHA,gCAAA,CACA,gBAAA,CAHA,YAAA,CAQA,SAAA,CAFA,uCAAA,CALA,mBAAA,CALA,cAAA,CAWA,2BAAA,CARA,UPgiBF,COphBE,eAGE,SAAA,CADA,uBAAA,CAEA,oEACE,CAJF,UPyhBJ,CO3gBA,MACE,WP8gBF,CQxqBA,MACE,+PR0qBF,CQpqBA,cAQE,mBAAA,CADA,0CAAA,CAIA,cAAA,CALA,YAAA,CAGA,uCAAA,CACA,oBAAA,CATA,iBAAA,CAEA,UAAA,CADA,QAAA,CAUA,qBAAA,CAPA,WAAA,CADA,SR+qBF,CQpqBE,aAfF,cAgBI,YRuqBF,CACF,CQpqBE,kCAEE,uCAAA,CADA,YRuqBJ,CQlqBE,qBACE,uCRoqBJ,CQhqBE,yCACE,+BRkqBJ,CQnqBE,sCACE,+BRkqBJ,CQnqBE,gCACE,+BRkqBJ,CQ7pBE,oBAKE,6BAAA,CAKA,UAAA,CATA,aAAA,CAEA,cAAA,CACA,aAAA,CAEA,2CAAA,CAAA,mCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CAPA,aRuqBJ,CQ3pBE,sBACE,cR6pBJ,CQ1pBI,2BACE,2CR4pBN,CQtpBI,sDAEE,uDAAA,CADA,+BRypBN,CQ1pBI,mDAEE,uDAAA,CADA,+BRypBN,CQ1pBI,6CAEE,uDAAA,CADA,+BRypBN,CS/tBA,mBACE,GAEE,SAAA,CADA,0BTmuBF,CS/tBA,GAEE,SAAA,CADA,uBTkuBF,CACF,CS7tBA,mBACE,GACE,ST+tBF,CS5tBA,GACE,ST8tBF,CACF,CSntBE,qBASE,2BAAA,CADA,mCAAA,CAAA,2BAAA,CAFA,gCAAA,CADA,WAAA,CAEA,SAAA,CANA,cAAA,CACA,KAAA,CAEA,UAAA,CADA,ST2tBJ,CSjtBE,mBAcE,mDAAA,CANA,2CAAA,CACA,QAAA,CACA,mBAAA,CARA,QAAA,CASA,gEACE,CAPF,eAAA,CAEA,aAAA,CADA,SAAA,CALA,cAAA,CAGA,UAAA,CADA,ST4tBJ,CS7sBE,kBACE,aT+sBJ,CS3sBE,sBACE,YAAA,CACA,YT6sBJ,CS1sBI,oCACE,aT4sBN,CSvsBE,sBACE,mBTysBJ,CStsBI,6CACE,cTwsBN,CKlmBI,wCIvGA,6CAKI,aAAA,CAEA,gBAAA,CACA,iBAAA,CAFA,UT0sBN,CACF,CSnsBE,kBACE,cTqsBJ,CUtyBA,YACE,WAAA,CAIA,WVsyBF,CUnyBE,mBACE,qBAAA,CACA,iBVqyBJ,CKzoBI,sCKtJE,4EACE,kBVkyBN,CU9xBI,0JACE,mBVgyBN,CUjyBI,8EACE,kBVgyBN,CACF,CU3xBI,0BAGE,UAAA,CAFA,aAAA,CACA,YV8xBN,CUzxBI,+BACE,eV2xBN,CUrxBE,8BACE,WV0xBJ,CU3xBE,8BACE,UV0xBJ,CU3xBE,8BAGE,iBVwxBJ,CU3xBE,8BAGE,kBVwxBJ,CU3xBE,oBAEE,cAAA,CAEA,SVuxBJ,CUpxBI,aAPF,oBAQI,YVuxBJ,CACF,CUpxBI,gCACE,yCVsxBN,CUlxBI,wBACE,cAAA,CACA,kBVoxBN,CUjxBM,kCACE,oBVmxBR,CWp1BA,qBAEE,WXk2BF,CWp2BA,qBAEE,UXk2BF,CWp2BA,WAOE,2CAAA,CACA,mBAAA,CALA,YAAA,CAMA,8BAAA,CAJA,iBAAA,CAMA,SAAA,CALA,mBAAA,CASA,mBAAA,CAdA,cAAA,CASA,0BAAA,CAEA,wCACE,CATF,SXg2BF,CWl1BE,aAlBF,WAmBI,YXq1BF,CACF,CWl1BE,mBAEE,SAAA,CAIA,mBAAA,CALA,uBAAA,CAEA,kEXq1BJ,CW90BE,kBACE,gCAAA,CACA,eXg1BJ,CYn3BA,aACE,gBAAA,CACA,iBZs3BF,CYn3BE,sBAGE,WAAA,CAFA,QAAA,CACA,SZs3BJ,CYj3BE,oBAEE,eAAA,CADA,eZo3BJ,CY/2BE,oBACE,iBZi3BJ,CY72BE,mBAIE,sBAAA,CAFA,YAAA,CACA,cAAA,CAEA,sBAAA,CAJA,iBZm3BJ,CY52BI,iDACE,yCZ82BN,CY12BI,6BACE,iBZ42BN,CYv2BE,mBAGE,uCAAA,CACA,cAAA,CAHA,aAAA,CACA,cAAA,CAGA,sBZy2BJ,CYt2BI,gDACE,+BZw2BN,CYp2BI,4BACE,0CAAA,CACA,mBZs2BN,CYj2BE,mBAGE,SAAA,CAFA,iBAAA,CACA,2BAAA,CAEA,8DZm2BJ,CY91BI,qBAEE,aAAA,CADA,eZi2BN,CY51BI,6BAEE,SAAA,CADA,uBZ+1BN,Ca76BA,WAEE,0CAAA,CADA,+Bbi7BF,Ca76BE,aALF,WAMI,Ybg7BF,CACF,Ca76BE,kBACE,6BAAA,CAEA,aAAA,CADA,abg7BJ,Ca56BI,gCACE,Yb86BN,Caz6BE,iBACE,YAAA,CAKA,cAAA,CAIA,uCAAA,CADA,eAAA,CADA,oBAAA,CADA,kBAAA,CAIA,uBbu6BJ,Cap6BI,4CACE,Ubs6BN,Cav6BI,yCACE,Ubs6BN,Cav6BI,mCACE,Ubs6BN,Cal6BI,+BACE,oBbo6BN,CKrxBI,wCQrII,yCACE,Yb65BR,CACF,Cax5BI,iCACE,gBb25BN,Ca55BI,iCACE,iBb25BN,Ca55BI,uBAEE,gBb05BN,Cav5BM,iCACE,eby5BR,Can5BE,kBAEE,WAAA,CAGA,eAAA,CACA,kBAAA,CAHA,6BAAA,CACA,cAAA,CAHA,iBAAA,CAMA,kBbq5BJ,Caj5BE,mBACE,YAAA,CACA,abm5BJ,Ca/4BE,sBAKE,gBAAA,CAHA,MAAA,CACA,gBAAA,CAGA,UAAA,CAFA,cAAA,CAHA,iBAAA,CACA,Obq5BJ,Ca54BA,gBACE,gDb+4BF,Ca54BE,uBACE,YAAA,CACA,cAAA,CACA,6BAAA,CACA,ab84BJ,Ca14BE,kCACE,sCb44BJ,Caz4BI,6DACE,+Bb24BN,Ca54BI,0DACE,+Bb24BN,Ca54BI,oDACE,+Bb24BN,Can4BA,cAIE,wCAAA,CACA,gBAAA,CAHA,iBAAA,CACA,eAAA,CAFA,Ub04BF,CKj2BI,mCQ1CJ,cASI,Ubs4BF,CACF,Cal4BE,yBACE,sCbo4BJ,Ca73BA,WACE,cAAA,CACA,qBbg4BF,CK92BI,mCQpBJ,WAMI,ebg4BF,CACF,Ca73BE,iBACE,oBAAA,CAEA,aAAA,CACA,iBAAA,CAFA,Ybi4BJ,Ca53BI,wBACE,eb83BN,Ca13BI,qBAGE,iBAAA,CAFA,gBAAA,CACA,mBb63BN,CcpiCE,uBAKE,kBAAA,CACA,mBAAA,CAHA,gCAAA,CAIA,cAAA,CANA,oBAAA,CAGA,eAAA,CAFA,kBAAA,CAMA,gEduiCJ,CcjiCI,gCAEE,2CAAA,CACA,uCAAA,CAFA,gCdqiCN,Cc/hCI,kDAEE,0CAAA,CACA,sCAAA,CAFA,+BdmiCN,CcpiCI,+CAEE,0CAAA,CACA,sCAAA,CAFA,+BdmiCN,CcpiCI,yCAEE,0CAAA,CACA,sCAAA,CAFA,+BdmiCN,Cc5hCE,gCAKE,4BdiiCJ,CctiCE,gEAME,6BdgiCJ,CctiCE,gCAME,4BdgiCJ,CctiCE,sBAIE,6DAAA,CAGA,8BAAA,CAJA,eAAA,CAFA,aAAA,CACA,eAAA,CAMA,sCd8hCJ,CczhCI,iDACE,6CAAA,CACA,8Bd2hCN,Cc7hCI,8CACE,6CAAA,CACA,8Bd2hCN,Cc7hCI,wCACE,6CAAA,CACA,8Bd2hCN,CcvhCI,+BACE,UdyhCN,Ce5kCA,WAOE,2CAAA,CAGA,0DACE,CALF,gCAAA,CADA,aAAA,CAFA,MAAA,CAFA,uBAAA,CAAA,eAAA,CAEA,OAAA,CADA,KAAA,CAEA,SfmlCF,CexkCE,aAfF,WAgBI,Yf2kCF,CACF,CexkCE,mBACE,2BAAA,CACA,iEf0kCJ,CepkCE,mBACE,gEACE,CAEF,kEfokCJ,Ce9jCE,kBAEE,kBAAA,CADA,YAAA,CAEA,efgkCJ,Ce5jCE,mBAKE,kBAAA,CAGA,cAAA,CALA,YAAA,CAIA,uCAAA,CAHA,aAAA,CAHA,iBAAA,CAQA,uBAAA,CAHA,qBAAA,CAJA,SfqkCJ,Ce3jCI,yBACE,Uf6jCN,CezjCI,iCACE,oBf2jCN,CevjCI,uCAEE,uCAAA,CADA,Yf0jCN,CerjCI,2BACE,YAAA,CACA,afujCN,CK18BI,wCU/GA,2BAMI,YfujCN,CACF,CepjCM,iDAIE,iBAAA,CAHA,aAAA,CAEA,aAAA,CADA,UfwjCR,Ce1jCM,8CAIE,iBAAA,CAHA,aAAA,CAEA,aAAA,CADA,UfwjCR,Ce1jCM,wCAIE,iBAAA,CAHA,aAAA,CAEA,aAAA,CADA,UfwjCR,CKx+BI,mCUzEA,iCAII,YfijCN,CACF,Ce9iCM,wCACE,YfgjCR,Ce5iCM,+CACE,oBf8iCR,CKn/BI,sCUtDA,iCAII,YfyiCN,CACF,CepiCE,kBAEE,YAAA,CACA,cAAA,CAFA,iBAAA,CAIA,8DACE,CAFF,kBfuiCJ,CejiCI,oCAGE,SAAA,CAIA,mBAAA,CALA,6BAAA,CAEA,8DACE,CAJF,UfuiCN,Ce9hCM,8CACE,8BfgiCR,Ce3hCI,8BACE,ef6hCN,CexhCE,4BAGE,kBf6hCJ,CehiCE,4BAGE,iBf6hCJ,CehiCE,4BAIE,gBf4hCJ,CehiCE,4BAIE,iBf4hCJ,CehiCE,kBACE,WAAA,CAIA,eAAA,CAHA,aAAA,CAIA,kBf0hCJ,CevhCI,4CAGE,SAAA,CAIA,mBAAA,CALA,8BAAA,CAEA,8DACE,CAJF,Uf6hCN,CephCM,sDACE,6BfshCR,CelhCM,8DAGE,SAAA,CAIA,mBAAA,CALA,uBAAA,CAEA,8DACE,CAJF,SfwhCR,Ce7gCI,uCAGE,WAAA,CAFA,iBAAA,CACA,UfghCN,Ce1gCE,mBACE,YAAA,CACA,aAAA,CACA,cAAA,CAEA,+CACE,CAFF,kBf6gCJ,CevgCI,8DACE,WAAA,CACA,SAAA,CACA,oCfygCN,CelgCE,mBACE,YfogCJ,CKzjCI,mCUoDF,6BAQI,gBfogCJ,Ce5gCA,6BAQI,iBfogCJ,Ce5gCA,mBAKI,aAAA,CAEA,iBAAA,CADA,afsgCJ,CACF,CKjkCI,sCUoDF,6BAaI,kBfogCJ,CejhCA,6BAaI,mBfogCJ,CACF,CgB5uCA,MACE,0MAAA,CACA,gMAAA,CACA,yNhB+uCF,CgBzuCA,QACE,eAAA,CACA,ehB4uCF,CgBzuCE,eACE,aAAA,CAGA,eAAA,CADA,eAAA,CADA,eAAA,CAGA,sBhB2uCJ,CgBxuCI,+BACE,YhB0uCN,CgBvuCM,mCAEE,WAAA,CADA,UhB0uCR,CgBluCQ,6DAME,iBAAA,CALA,aAAA,CAGA,aAAA,CADA,cAAA,CAEA,kBAAA,CAHA,UhBwuCV,CgB1uCQ,0DAME,iBAAA,CALA,aAAA,CAGA,aAAA,CADA,cAAA,CAEA,kBAAA,CAHA,UhBwuCV,CgB1uCQ,oDAME,iBAAA,CALA,aAAA,CAGA,aAAA,CADA,cAAA,CAEA,kBAAA,CAHA,UhBwuCV,CgB7tCE,cAGE,eAAA,CAFA,QAAA,CACA,ShBguCJ,CgB3tCE,cACE,ehB6tCJ,CgB1tCI,sCACE,ehB4tCN,CgB7tCI,sCACE,chB4tCN,CgBvtCE,cAEE,kBAAA,CAKA,cAAA,CANA,YAAA,CAEA,6BAAA,CACA,iBAAA,CACA,eAAA,CAIA,uBAAA,CAHA,sBAAA,CAEA,sBhB0tCJ,CgBttCI,sBACE,uChBwtCN,CgBptCI,oCACE,+BhBstCN,CgBltCI,0CACE,UhBotCN,CgBhtCI,yCACE,+BhBktCN,CgBntCI,sCACE,+BhBktCN,CgBntCI,gCACE,+BhBktCN,CgB9sCI,4BACE,uCAAA,CACA,oBhBgtCN,CgB5sCI,0CACE,YhB8sCN,CgB3sCM,yDAKE,6BAAA,CAJA,aAAA,CAEA,WAAA,CACA,qCAAA,CAAA,6BAAA,CAFA,UhBgtCR,CgBzsCM,kDACE,YhB2sCR,CgBtsCI,gBAEE,cAAA,CADA,YhBysCN,CgBnsCE,cACE,ahBqsCJ,CgBjsCE,gBACE,YhBmsCJ,CKjpCI,wCW3CA,0CASE,2CAAA,CAHA,YAAA,CACA,qBAAA,CACA,WAAA,CAJA,MAAA,CAFA,iBAAA,CAEA,OAAA,CADA,KAAA,CAEA,ShBksCJ,CgBvrCI,4DACE,eAAA,CACA,ehByrCN,CgB3rCI,yDACE,eAAA,CACA,ehByrCN,CgB3rCI,mDACE,eAAA,CACA,ehByrCN,CgBrrCI,gCAOE,qDAAA,CAHA,uCAAA,CAIA,cAAA,CANA,aAAA,CAGA,kBAAA,CAFA,wBAAA,CAFA,iBAAA,CAKA,kBhByrCN,CgBprCM,wDAGE,UhB0rCR,CgB7rCM,wDAGE,WhB0rCR,CgB7rCM,8CAIE,aAAA,CAEA,aAAA,CACA,YAAA,CANA,iBAAA,CACA,SAAA,CAGA,YhBwrCR,CgBnrCQ,oDAIE,6BAAA,CAKA,UAAA,CARA,aAAA,CAEA,WAAA,CAEA,2CAAA,CAAA,mCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CANA,UhB4rCV,CgBhrCM,8CAEE,2CAAA,CACA,gEACE,CAHF,eAAA,CAIA,gCAAA,CAAA,4BAAA,CACA,kBhBirCR,CgB9qCQ,2DACE,YhBgrCV,CgB3qCM,8CAGE,2CAAA,CAFA,gCAAA,CACA,ehB8qCR,CgBzqCM,yCAIE,aAAA,CADA,UAAA,CAEA,YAAA,CACA,aAAA,CALA,iBAAA,CAEA,WAAA,CADA,ShB+qCR,CgBtqCI,+BACE,MhBwqCN,CgBpqCI,+BAEE,4DAAA,CADA,ShBuqCN,CgBnqCM,qDACE,+BhBqqCR,CgBlqCQ,gFACE,+BhBoqCV,CgBrqCQ,6EACE,+BhBoqCV,CgBrqCQ,uEACE,+BhBoqCV,CgB9pCI,+BACE,YAAA,CACA,mBhBgqCN,CgB7pCM,uDAGE,mBhBgqCR,CgBnqCM,uDAGE,kBhBgqCR,CgBnqCM,6CAIE,gBAAA,CAFA,aAAA,CADA,YhBkqCR,CgB5pCQ,mDAIE,6BAAA,CAKA,UAAA,CARA,aAAA,CAEA,WAAA,CAEA,2CAAA,CAAA,mCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CANA,UhBqqCV,CgBrpCM,+CACE,mBhBupCR,CgB/oCM,4CAEE,wBAAA,CADA,ehBkpCR,CgB9oCQ,oEACE,mBhBgpCV,CgBjpCQ,oEACE,oBhBgpCV,CgB5oCQ,4EACE,iBhB8oCV,CgB/oCQ,4EACE,kBhB8oCV,CgB1oCQ,oFACE,mBhB4oCV,CgB7oCQ,oFACE,oBhB4oCV,CgBxoCQ,4FACE,mBhB0oCV,CgB3oCQ,4FACE,oBhB0oCV,CgBnoCE,mBACE,wBhBqoCJ,CgBjoCE,wBACE,YAAA,CAEA,SAAA,CADA,0BAAA,CAEA,oEhBmoCJ,CgB9nCI,kCACE,2BhBgoCN,CgB3nCE,gCAEE,SAAA,CADA,uBAAA,CAEA,qEhB6nCJ,CgBxnCI,8CAEE,kCAAA,CAAA,0BhBynCN,CACF,CK/xCI,wCW8KA,0CACE,YhBonCJ,CgBjnCI,yDACE,UhBmnCN,CgB/mCI,wDACE,YhBinCN,CgB7mCI,kDACE,YhB+mCN,CgB1mCE,gBAIE,iDAAA,CADA,gCAAA,CAFA,aAAA,CACA,ehB8mCJ,CACF,CK51CM,6DWuPF,6CACE,YhBwmCJ,CgBrmCI,4DACE,UhBumCN,CgBnmCI,2DACE,YhBqmCN,CgBjmCI,qDACE,YhBmmCN,CACF,CKp1CI,mCWyPA,kCAME,qCAAA,CACA,qDAAA,CANA,uBAAA,CAAA,eAAA,CACA,KAAA,CAGA,ShB8lCJ,CgBzlCI,6CACE,uBhB2lCN,CgBvlCI,gDACE,YhBylCN,CACF,CKn2CI,sCW7JJ,QA6aI,oDhBulCF,CgBplCE,gCAME,qCAAA,CACA,qDAAA,CANA,uBAAA,CAAA,eAAA,CACA,KAAA,CAGA,ShBslCJ,CgBjlCI,8CACE,uBhBmlCN,CgBzkCE,sEACE,YhB8kCJ,CgB1kCE,6DACE,ahB4kCJ,CgB7kCE,0DACE,ahB4kCJ,CgB7kCE,oDACE,ahB4kCJ,CgBxkCE,6CACE,YhB0kCJ,CgBtkCE,uBACE,aAAA,CACA,ehBwkCJ,CgBrkCI,kCACE,ehBukCN,CgBnkCI,qCACE,eAAA,CACA,mBhBqkCN,CgBlkCM,mDACE,mBhBokCR,CgBhkCM,mDACE,YhBkkCR,CgB7jCI,+BACE,ahB+jCN,CgB5jCM,2DACE,ShB8jCR,CgBxjCE,cAGE,kBAAA,CADA,YAAA,CAEA,+CACE,CAJF,WhB6jCJ,CgBrjCI,wBACE,wBhBujCN,CgBnjCI,oBACE,uDhBqjCN,CgBjjCI,oBAKE,6BAAA,CAKA,UAAA,CATA,oBAAA,CAEA,WAAA,CAGA,2CAAA,CAAA,mCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CALA,qBAAA,CAFA,UhB2jCN,CgB/iCI,0JAEE,uBhBgjCN,CgBliCI,+HACE,YhBwiCN,CgBriCM,oDACE,aAAA,CACA,ShBuiCR,CgBpiCQ,kEAOE,qCAAA,CACA,qDAAA,CAFA,eAAA,CAFA,YAAA,CACA,eAAA,CAJA,uBAAA,CAAA,eAAA,CACA,KAAA,CACA,ShB2iCV,CgBniCU,4FACE,mBhBqiCZ,CgBjiCU,gFACE,YhBmiCZ,CgB3hCI,2CACE,ahB6hCN,CgB1hCM,iFACE,mBhB4hCR,CgB7hCM,iFACE,kBhB4hCR,CgBnhCI,mFACE,ehBqhCN,CgBlhCM,iGACE,ShBohCR,CgB/gCI,qFAGE,mDhBihCN,CgBphCI,qFAGE,oDhBihCN,CgBphCI,2EACE,aAAA,CACA,oBhBkhCN,CgB9gCM,0FACE,YhBghCR,CACF,CiBroDA,MACE,igBjBwoDF,CiBloDA,WACE,iBjBqoDF,CKv+CI,mCY/JJ,WAKI,ejBqoDF,CACF,CiBloDE,kBACE,YjBooDJ,CiBhoDE,oBAEE,SAAA,CADA,SjBmoDJ,CKh+CI,wCYpKF,8BAQI,YjB0oDJ,CiBlpDA,8BAQI,ajB0oDJ,CiBlpDA,oBAYI,2CAAA,CACA,kBAAA,CAHA,WAAA,CACA,eAAA,CAOA,mBAAA,CAZA,iBAAA,CACA,SAAA,CAOA,uBAAA,CACA,4CACE,CAPF,UjByoDJ,CiB7nDI,+DACE,SAAA,CACA,oCjB+nDN,CACF,CKtgDI,mCYjJF,8BAiCI,MjBioDJ,CiBlqDA,8BAiCI,OjBioDJ,CiBlqDA,oBAoCI,gCAAA,CACA,cAAA,CAFA,QAAA,CAJA,cAAA,CACA,KAAA,CAMA,sDACE,CALF,OjBgoDJ,CiBtnDI,+DAME,YAAA,CACA,SAAA,CACA,4CACE,CARF,UjB2nDN,CACF,CKrgDI,wCYxGA,+DAII,mBjB6mDN,CACF,CKnjDM,6DY/DF,+DASI,mBjB6mDN,CACF,CKxjDM,6DY/DF,+DAcI,mBjB6mDN,CACF,CiBxmDE,kBAEE,kCAAA,CAAA,0BjBymDJ,CKvhDI,wCYpFF,4BAQI,MjBgnDJ,CiBxnDA,4BAQI,OjBgnDJ,CiBxnDA,kBAWI,QAAA,CAGA,SAAA,CAFA,eAAA,CANA,cAAA,CACA,KAAA,CAMA,wBAAA,CAEA,qGACE,CANF,OAAA,CADA,SjB+mDJ,CiBlmDI,4BACE,yBjBomDN,CiBhmDI,6DAEE,WAAA,CAEA,SAAA,CADA,uBAAA,CAEA,sGACE,CALF,UjBsmDN,CACF,CKlkDI,mCYjEF,4BA2CI,WjBgmDJ,CiB3oDA,4BA2CI,UjBgmDJ,CiB3oDA,kBA6CI,eAAA,CAHA,iBAAA,CAIA,8CAAA,CAFA,ajB+lDJ,CACF,CKjmDM,6DYOF,6DAII,ajB0lDN,CACF,CKhlDI,sCYfA,6DASI,ajB0lDN,CACF,CiBrlDE,iBAIE,2CAAA,CACA,gCAAA,CAFA,aAAA,CAFA,iBAAA,CAKA,2CACE,CALF,SjB2lDJ,CK7lDI,mCYAF,iBAaI,gCAAA,CACA,mBAAA,CAFA,ajBulDJ,CiBllDI,uBACE,oCjBolDN,CACF,CiBhlDI,4DAEE,2CAAA,CACA,6BAAA,CACA,oCAAA,CAHA,gCjBqlDN,CiB7kDE,4BAKE,mBAAA,CAAA,oBjBklDJ,CiBvlDE,4BAKE,mBAAA,CAAA,oBjBklDJ,CiBvlDE,kBAQE,sBAAA,CAFA,eAAA,CAFA,WAAA,CAHA,iBAAA,CAMA,sBAAA,CAJA,UAAA,CADA,SjBqlDJ,CiB5kDI,yCACE,yBAAA,CAAA,qBjB8kDN,CiB/kDI,+BACE,qBjB8kDN,CiB1kDI,yCAEE,uCjB2kDN,CiB7kDI,kEAEE,uCjB2kDN,CiBvkDI,6BACE,YjBykDN,CK7mDI,wCYaF,kBA8BI,eAAA,CADA,aAAA,CADA,UjB0kDJ,CACF,CKvoDI,mCYgCF,4BAmCI,mBjB0kDJ,CiB7mDA,4BAmCI,oBjB0kDJ,CiB7mDA,kBAoCI,aAAA,CACA,ejBwkDJ,CiBrkDI,yCACE,uCjBukDN,CiBxkDI,+BACE,uCjBukDN,CiBnkDI,mCACE,gCjBqkDN,CiBjkDI,6DACE,kBjBmkDN,CiBhkDM,oFAEE,uCjBikDR,CiBnkDM,wJAEE,uCjBikDR,CACF,CiB3jDE,iBAIE,cAAA,CAHA,oBAAA,CAEA,aAAA,CAEA,kCACE,CAJF,YjBgkDJ,CiBxjDI,uBACE,UjB0jDN,CiBtjDI,yCAGE,UjByjDN,CiB5jDI,yCAGE,WjByjDN,CiB5jDI,+BACE,iBAAA,CACA,SAAA,CAEA,SjBwjDN,CiBrjDM,6CACE,oBjBujDR,CK1pDI,wCY2FA,yCAcI,UjBsjDN,CiBpkDE,yCAcI,WjBsjDN,CiBpkDE,+BAaI,SjBujDN,CiBnjDM,+CACE,YjBqjDR,CACF,CKtrDI,mCY8GA,+BAwBI,mBjBojDN,CiBjjDM,8CACE,YjBmjDR,CACF,CiB7iDE,8BAGE,WjBijDJ,CiBpjDE,8BAGE,UjBijDJ,CiBpjDE,oBAKE,mBAAA,CAJA,iBAAA,CACA,SAAA,CAEA,SjBgjDJ,CKlrDI,wCY8HF,8BAUI,WjB+iDJ,CiBzjDA,8BAUI,UjB+iDJ,CiBzjDA,oBASI,SjBgjDJ,CACF,CiB5iDI,gCACE,iBjBkjDN,CiBnjDI,gCACE,kBjBkjDN,CiBnjDI,sBAEE,uCAAA,CAEA,SAAA,CADA,oBAAA,CAEA,+DjB8iDN,CiBziDM,yCAEE,uCAAA,CADA,YjB4iDR,CiBviDM,yFAGE,SAAA,CACA,mBAAA,CAFA,kBjB0iDR,CiBriDQ,8FACE,UjBuiDV,CiBhiDE,8BAOE,mBAAA,CAAA,oBjBuiDJ,CiB9iDE,8BAOE,mBAAA,CAAA,oBjBuiDJ,CiB9iDE,oBAIE,kBAAA,CAIA,yCAAA,CALA,YAAA,CAMA,eAAA,CAHA,WAAA,CAKA,SAAA,CAVA,iBAAA,CACA,KAAA,CAUA,uBAAA,CAFA,kBAAA,CALA,UjByiDJ,CK5uDI,mCY8LF,8BAgBI,mBjBmiDJ,CiBnjDA,8BAgBI,oBjBmiDJ,CiBnjDA,oBAiBI,ejBkiDJ,CACF,CiB/hDI,+DACE,SAAA,CACA,0BjBiiDN,CiB5hDE,6BAKE,+BjB+hDJ,CiBpiDE,0DAME,gCjB8hDJ,CiBpiDE,6BAME,+BjB8hDJ,CiBpiDE,mBAIE,eAAA,CAHA,iBAAA,CAEA,UAAA,CADA,SjBkiDJ,CK3uDI,wCYuMF,mBAWI,QAAA,CADA,UjB+hDJ,CACF,CKpwDI,mCY0NF,mBAiBI,SAAA,CADA,UAAA,CAEA,sBjB8hDJ,CiB3hDI,8DACE,8BAAA,CACA,SjB6hDN,CACF,CiBxhDE,uBAKE,kCAAA,CAAA,0BAAA,CAFA,2CAAA,CAFA,WAAA,CACA,eAAA,CAOA,kBjBshDJ,CiBnhDI,iEAZF,uBAaI,uBjBshDJ,CACF,CKjzDM,6DY6QJ,uBAkBI,ajBshDJ,CACF,CKhyDI,sCYuPF,uBAuBI,ajBshDJ,CACF,CKryDI,mCYuPF,uBA4BI,YAAA,CAEA,+DAAA,CADA,oBjBuhDJ,CiBnhDI,kEACE,ejBqhDN,CiBjhDI,6BACE,qDjBmhDN,CiB/gDI,0CAEE,YAAA,CADA,WjBkhDN,CiB7gDI,gDACE,oDjB+gDN,CiB5gDM,sDACE,0CjB8gDR,CACF,CiBvgDA,kBACE,gCAAA,CACA,qBjB0gDF,CiBvgDE,wBAKE,qDAAA,CAHA,uCAAA,CACA,gBAAA,CACA,kBAAA,CAHA,eAAA,CAKA,uBjBygDJ,CKz0DI,mCY0TF,kCAUI,mBjBygDJ,CiBnhDA,kCAUI,oBjBygDJ,CACF,CiBrgDE,wBAGE,eAAA,CAFA,QAAA,CACA,SAAA,CAGA,wBAAA,CAAA,qBAAA,CAAA,oBAAA,CAAA,gBjBsgDJ,CiBlgDE,wBACE,yDjBogDJ,CiBjgDI,oCACE,ejBmgDN,CiB9/CE,wBACE,aAAA,CACA,YAAA,CAEA,uBAAA,CADA,gCjBigDJ,CiB7/CI,mDACE,uDjB+/CN,CiBhgDI,gDACE,uDjB+/CN,CiBhgDI,0CACE,uDjB+/CN,CiB3/CI,gDACE,mBjB6/CN,CiBx/CE,gCAGE,+BAAA,CAGA,cAAA,CALA,aAAA,CAGA,gBAAA,CACA,YAAA,CAHA,mBAAA,CAQA,uBAAA,CAHA,2CjB2/CJ,CKh3DI,mCY8WF,0CAcI,mBjBw/CJ,CiBtgDA,0CAcI,oBjBw/CJ,CACF,CiBr/CI,2DAEE,uDAAA,CADA,+BjBw/CN,CiBz/CI,wDAEE,uDAAA,CADA,+BjBw/CN,CiBz/CI,kDAEE,uDAAA,CADA,+BjBw/CN,CiBn/CI,wCACE,YjBq/CN,CiBh/CI,wDACE,YjBk/CN,CiB9+CI,oCACE,WjBg/CN,CiB3+CE,2BAGE,eAAA,CADA,eAAA,CADA,iBjB++CJ,CKv4DI,mCYuZF,qCAOI,mBjB6+CJ,CiBp/CA,qCAOI,oBjB6+CJ,CACF,CiBv+CM,8DAGE,eAAA,CADA,eAAA,CAEA,eAAA,CAHA,ejB4+CR,CiBn+CE,kCAEE,MjBy+CJ,CiB3+CE,kCAEE,OjBy+CJ,CiB3+CE,wBAME,uCAAA,CAFA,aAAA,CACA,YAAA,CAJA,iBAAA,CAEA,YjBw+CJ,CKv4DI,wCY4ZF,wBAUI,YjBq+CJ,CACF,CiBl+CI,8BAIE,6BAAA,CAKA,UAAA,CARA,oBAAA,CAEA,WAAA,CAEA,+CAAA,CAAA,uCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CANA,UjB2+CN,CiBj+CM,wCACE,oBjBm+CR,CiB79CE,yBAGE,gBAAA,CADA,eAAA,CAEA,eAAA,CAHA,ajBk+CJ,CiB39CE,0BASE,2BAAA,CACA,oBAAA,CALA,uCAAA,CAJA,mBAAA,CAKA,gBAAA,CACA,eAAA,CAJA,aAAA,CADA,eAAA,CAEA,eAAA,CAIA,sBjB+9CJ,CK56DI,wCYqcF,0BAeI,oBAAA,CADA,ejB89CJ,CACF,CK39DM,6DY8eJ,0BAqBI,oBAAA,CADA,ejB89CJ,CACF,CiB19CI,+BAEE,wBAAA,CADA,yBjB69CN,CiBv9CE,yBAEE,gBAAA,CACA,iBAAA,CAFA,ajB29CJ,CiBr9CE,uBAEE,wBAAA,CADA,+BjBw9CJ,CkB9nEA,WACE,iBAAA,CACA,SlBioEF,CkB9nEE,kBAOE,2CAAA,CACA,mBAAA,CACA,8BAAA,CAHA,gCAAA,CAHA,QAAA,CAEA,gBAAA,CADA,YAAA,CAOA,SAAA,CAVA,iBAAA,CACA,sBAAA,CAQA,mCAAA,CAEA,oElBgoEJ,CkB1nEI,+DACE,gBAAA,CAEA,SAAA,CADA,+BAAA,CAEA,sFACE,CADF,8ElB4nEN,CkBhoEI,4DACE,gBAAA,CAEA,SAAA,CADA,+BAAA,CAEA,mFACE,CADF,8ElB4nEN,CkBhoEI,sDACE,gBAAA,CAEA,SAAA,CADA,+BAAA,CAEA,8ElB4nEN,CkBrnEI,wBAUE,qCAAA,CAAA,8CAAA,CAFA,mCAAA,CAAA,oCAAA,CACA,YAAA,CAEA,UAAA,CANA,QAAA,CAFA,QAAA,CAIA,kBAAA,CADA,iBAAA,CALA,iBAAA,CACA,KAAA,CAEA,OlB8nEN,CkBlnEE,iBAOE,mBAAA,CAFA,eAAA,CACA,oBAAA,CAJA,QAAA,CADA,kBAAA,CAGA,aAAA,CADA,SlBwnEJ,CkBhnEE,iBACE,kBlBknEJ,CkB9mEE,2BAGE,kBAAA,CAAA,oBlBonEJ,CkBvnEE,2BAGE,mBAAA,CAAA,mBlBonEJ,CkBvnEE,iBAKE,cAAA,CAJA,aAAA,CAGA,YAAA,CAKA,uBAAA,CAHA,2CACE,CALF,UlBqnEJ,CkB3mEI,4CACE,+BlB6mEN,CkB9mEI,yCACE,+BlB6mEN,CkB9mEI,mCACE,+BlB6mEN,CkBzmEI,uBACE,qDlB2mEN,CmB/rEA,YAIE,qBAAA,CADA,aAAA,CAGA,gBAAA,CALA,uBAAA,CAAA,eAAA,CACA,UAAA,CAGA,anBmsEF,CmB/rEE,aATF,YAUI,YnBksEF,CACF,CKphEI,wCc3KF,+BAMI,anBssEJ,CmB5sEA,+BAMI,cnBssEJ,CmB5sEA,qBAWI,2CAAA,CAHA,aAAA,CAEA,WAAA,CANA,cAAA,CACA,KAAA,CAOA,uBAAA,CACA,iEACE,CALF,aAAA,CAFA,SnBqsEJ,CmB1rEI,mEACE,8BAAA,CACA,6BnB4rEN,CmBzrEM,6EACE,8BnB2rER,CmBtrEI,6CAEE,QAAA,CAAA,MAAA,CACA,QAAA,CAEA,eAAA,CAJA,iBAAA,CACA,OAAA,CAEA,yBAAA,CAAA,qBAAA,CAFA,KnB2rEN,CACF,CKnkEI,sCctKJ,YAuDI,QnBsrEF,CmBnrEE,mBACE,WnBqrEJ,CmBjrEE,6CACE,UnBmrEJ,CACF,CmB/qEE,uBACE,YAAA,CACA,OnBirEJ,CKllEI,mCcjGF,uBAMI,QnBirEJ,CmB9qEI,8BACE,WnBgrEN,CmB5qEI,qCACE,anB8qEN,CmB1qEI,+CACE,kBnB4qEN,CACF,CmBvqEE,wBAUE,uBAAA,CANA,kCAAA,CAAA,0BAAA,CAHA,cAAA,CACA,eAAA,CASA,+DAAA,CAFA,oBnBsqEJ,CmBjqEI,8BACE,qDnBmqEN,CmB/pEI,2CAEE,YAAA,CADA,WnBkqEN,CmB7pEI,iDACE,oDnB+pEN,CmB5pEM,uDACE,0CnB8pER,CmBhpEE,wCAGE,wBACE,qBnBgpEJ,CmB5oEE,6BACE,kCnB8oEJ,CmB/oEE,6BACE,iCnB8oEJ,CACF,CK1mEI,wCc5BF,YAME,gCAAA,CADA,QAAA,CAEA,SAAA,CANA,cAAA,CACA,KAAA,CAMA,sDACE,CALF,OAAA,CADA,SnB+oEF,CmBpoEE,4CAEE,WAAA,CACA,SAAA,CACA,4CACE,CAJF,UnByoEJ,CACF,CoBtzEA,iBACE,GACE,QpBwzEF,CoBrzEA,GACE,apBuzEF,CACF,CoBnzEA,gBACE,GAEE,SAAA,CADA,0BpBszEF,CoBlzEA,IACE,SpBozEF,CoBjzEA,GAEE,SAAA,CADA,uBpBozEF,CACF,CoB3yEA,MACE,mgBAAA,CACA,oiBAAA,CACA,0nBAAA,CACA,mhBpB6yEF,CoBvyEA,WAOE,kCAAA,CAAA,0BAAA,CANA,aAAA,CACA,gBAAA,CACA,eAAA,CAEA,uCAAA,CAGA,uBAAA,CAJA,kBpB6yEF,CoBtyEE,iBACE,UpBwyEJ,CoBpyEE,iBACE,oBAAA,CAEA,aAAA,CACA,qBAAA,CAFA,UpBwyEJ,CoBnyEI,+BAEE,iBpBqyEN,CoBvyEI,+BAEE,kBpBqyEN,CoBvyEI,qBACE,gBpBsyEN,CoBjyEI,kDACE,iBpBoyEN,CoBryEI,kDACE,kBpBoyEN,CoBryEI,kDAEE,iBpBmyEN,CoBryEI,kDAEE,kBpBmyEN,CoB9xEE,iCAGE,iBpBmyEJ,CoBtyEE,iCAGE,kBpBmyEJ,CoBtyEE,uBACE,oBAAA,CACA,6BAAA,CAEA,eAAA,CACA,sBAAA,CACA,qBpBgyEJ,CoB5xEE,kBACE,YAAA,CAMA,gBAAA,CALA,SAAA,CAMA,oBAAA,CAJA,gBAAA,CAKA,WAAA,CAHA,eAAA,CADA,SAAA,CAFA,UpBoyEJ,CoB3xEI,iDACE,4BpB6xEN,CoBxxEE,iBACE,eAAA,CACA,sBpB0xEJ,CoBvxEI,gDACE,2BpByxEN,CoBrxEI,kCAIE,kBpB6xEN,CoBjyEI,kCAIE,iBpB6xEN,CoBjyEI,wBAME,6BAAA,CAIA,UAAA,CATA,oBAAA,CAEA,YAAA,CAIA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CAJA,uBAAA,CAHA,WpB+xEN,CoBnxEI,iCACE,apBqxEN,CoBjxEI,iCACE,gDAAA,CAAA,wCpBmxEN,CoB/wEI,+BACE,8CAAA,CAAA,sCpBixEN,CoB7wEI,+BACE,8CAAA,CAAA,sCpB+wEN,CoB3wEI,sCACE,qDAAA,CAAA,6CpB6wEN,CqBp6EA,SASE,2CAAA,CAFA,gCAAA,CAHA,aAAA,CAIA,eAAA,CAFA,aAAA,CADA,UAAA,CAFA,SrB26EF,CqBl6EE,aAZF,SAaI,YrBq6EF,CACF,CK1vEI,wCgBzLJ,SAkBI,YrBq6EF,CACF,CqBl6EE,iBACE,mBrBo6EJ,CqBh6EE,yBAEE,iBrBs6EJ,CqBx6EE,yBAEE,kBrBs6EJ,CqBx6EE,eAME,eAAA,CADA,eAAA,CAJA,QAAA,CAEA,SAAA,CACA,kBrBo6EJ,CqB95EE,eACE,oBAAA,CACA,aAAA,CACA,kBAAA,CAAA,mBrBg6EJ,CqB35EE,eAOE,kCAAA,CAAA,0BAAA,CANA,aAAA,CAEA,eAAA,CADA,gBAAA,CAMA,UAAA,CAJA,uCAAA,CACA,oBAAA,CAIA,8DrB45EJ,CqBv5EI,iEAEE,aAAA,CACA,SrBw5EN,CqB35EI,8DAEE,aAAA,CACA,SrBw5EN,CqB35EI,wDAEE,aAAA,CACA,SrBw5EN,CqBn5EM,2CACE,qBrBq5ER,CqBt5EM,2CACE,qBrBw5ER,CqBz5EM,2CACE,qBrB25ER,CqB55EM,2CACE,qBrB85ER,CqB/5EM,2CACE,oBrBi6ER,CqBl6EM,2CACE,qBrBo6ER,CqBr6EM,2CACE,qBrBu6ER,CqBx6EM,2CACE,qBrB06ER,CqB36EM,4CACE,qBrB66ER,CqB96EM,4CACE,oBrBg7ER,CqBj7EM,4CACE,qBrBm7ER,CqBp7EM,4CACE,qBrBs7ER,CqBv7EM,4CACE,qBrBy7ER,CqB17EM,4CACE,qBrB47ER,CqB77EM,4CACE,oBrB+7ER,CqBz7EI,gCAEE,SAAA,CADA,yBAAA,CAEA,wCrB27EN,CsBxgFA,MACE,wStB2gFF,CsBlgFE,qBAEE,mBAAA,CADA,kBtBsgFJ,CsBjgFE,8BAEE,iBtB4gFJ,CsB9gFE,8BAEE,gBtB4gFJ,CsB9gFE,oBAUE,+CAAA,CACA,oBAAA,CAVA,oBAAA,CAKA,gBAAA,CADA,eAAA,CAGA,qBAAA,CADA,eAAA,CAJA,kBAAA,CACA,uBAAA,CAKA,qBtBqgFJ,CsBhgFI,0BAGE,uCAAA,CAFA,aAAA,CACA,YAAA,CAEA,6CtBkgFN,CsB7/EM,gEAGE,0CAAA,CADA,+BtB+/ER,CsBz/EI,yBACE,uBtB2/EN,CsBn/EI,gCAME,oDAAA,CAMA,UAAA,CAXA,oBAAA,CAEA,YAAA,CACA,iBAAA,CAGA,qCAAA,CAAA,6BAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CACA,iCAAA,CANA,0BAAA,CAHA,WtB+/EN,CsBj/EI,6DACE,0CtBm/EN,CsBp/EI,0DACE,0CtBm/EN,CsBp/EI,oDACE,0CtBm/EN,CuB5jFA,iBACE,GACE,uDAAA,CACA,oBvB+jFF,CuB5jFA,IACE,mCAAA,CACA,kBvB8jFF,CuB3jFA,GACE,8BAAA,CACA,oBvB6jFF,CACF,CuBrjFA,MACE,wBvBujFF,CuBjjFA,YAwBE,kCAAA,CAAA,0BAAA,CALA,2CAAA,CACA,mBAAA,CACA,8BAAA,CAJA,gCAAA,CACA,sCAAA,CAfA,+IACE,CAYF,8BAAA,CASA,SAAA,CAxBA,iBAAA,CACA,uBAAA,CAoBA,4BAAA,CAIA,uDACE,CAZF,6BAAA,CADA,SvB4jFF,CuB1iFE,oBAGE,SAAA,CADA,uBAAA,CAEA,2EACE,CAJF,SvB+iFJ,CuBriFE,4DACE,sCvBuiFJ,CuBxiFE,yDACE,sCvBuiFJ,CuBxiFE,mDACE,sCvBuiFJ,CuBniFE,mBAEE,gBAAA,CADA,avBsiFJ,CuBliFI,2CACE,YvBoiFN,CuBhiFI,0CACE,evBkiFN,CuB1hFA,eACE,eAAA,CAEA,YAAA,CADA,kBvB8hFF,CuB1hFE,yBACE,avB4hFJ,CuBxhFE,6BACE,oBAAA,CAGA,iBvBwhFJ,CuBphFE,sBAOE,cAAA,CAFA,sCAAA,CADA,eAAA,CADA,YAAA,CAGA,YAAA,CALA,iBAAA,CAOA,wBAAA,CAAA,qBAAA,CAAA,oBAAA,CAAA,gBAAA,CANA,SvB4hFJ,CuBnhFI,qCACE,UAAA,CACA,uBvBqhFN,CuBlhFM,gEACE,UvBohFR,CuBrhFM,6DACE,UvBohFR,CuBrhFM,uDACE,UvBohFR,CuB5gFI,4BAYE,oDAAA,CACA,iBAAA,CAIA,UAAA,CARA,YAAA,CANA,YAAA,CAOA,cAAA,CACA,cAAA,CAVA,iBAAA,CACA,KAAA,CAYA,2CACE,CARF,wBAAA,CACA,6BAAA,CAJA,UvBuhFN,CuBvgFM,4CAGE,8CACE,2BvBugFR,CACF,CuBngFM,gDAIE,cAAA,CAHA,2CvBsgFR,CuB9/EI,2BAEE,sCAAA,CADA,iBvBigFN,CuB5/EI,qFACE,+BvB8/EN,CuB//EI,kFACE,+BvB8/EN,CuB//EI,4EACE,+BvB8/EN,CuB3/EM,2FACE,0CvB6/ER,CuB9/EM,wFACE,0CvB6/ER,CuB9/EM,kFACE,0CvB6/ER,CuBx/EI,0CAGE,cAAA,CADA,eAAA,CADA,SvB4/EN,CuBt/EI,8CACE,oBAAA,CACA,evBw/EN,CuBr/EM,qDAME,mCAAA,CALA,oBAAA,CACA,mBAAA,CAEA,qBAAA,CACA,iDAAA,CAFA,qBvB0/ER,CuBn/EQ,iBAVF,qDAWI,WvBs/ER,CuBn/EQ,mEACE,mCvBq/EV,CACF,CwBntFA,kBAKE,exB+tFF,CwBpuFA,kBAKE,gBxB+tFF,CwBpuFA,QASE,2CAAA,CACA,oBAAA,CAEA,8BAAA,CALA,uCAAA,CAHA,aAAA,CAIA,eAAA,CAGA,YAAA,CALA,mBAAA,CALA,cAAA,CACA,UAAA,CAWA,yBAAA,CACA,mGACE,CAZF,SxBiuFF,CwB/sFE,aArBF,QAsBI,YxBktFF,CACF,CwB/sFE,kBACE,wBxBitFJ,CwB7sFE,gBAEE,SAAA,CAEA,mBAAA,CAHA,+BAAA,CAEA,uBxBgtFJ,CwB5sFI,0BACE,8BxB8sFN,CwBzsFE,mCAEE,0CAAA,CADA,+BxB4sFJ,CwB7sFE,gCAEE,0CAAA,CADA,+BxB4sFJ,CwB7sFE,0BAEE,0CAAA,CADA,+BxB4sFJ,CwBvsFE,YACE,oBAAA,CACA,oBxBysFJ,CyB7vFA,oBACE,GACE,mBzBgwFF,CACF,CyBxvFA,MACE,wfzB0vFF,CyBpvFA,YACE,aAAA,CAEA,eAAA,CADA,azBwvFF,CyBpvFE,+BAOE,kBAAA,CAAA,kBzBqvFJ,CyB5vFE,+BAOE,iBAAA,CAAA,mBzBqvFJ,CyB5vFE,qBAQE,aAAA,CAEA,cAAA,CADA,YAAA,CARA,iBAAA,CAKA,UzBsvFJ,CyB/uFI,qCAIE,iBzBuvFN,CyB3vFI,qCAIE,kBzBuvFN,CyB3vFI,2BAKE,6BAAA,CAKA,UAAA,CATA,oBAAA,CAEA,YAAA,CAGA,yCAAA,CAAA,iCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CAPA,WzByvFN,CyB5uFE,kBAUE,2CAAA,CACA,mBAAA,CACA,8BAAA,CAJA,gCAAA,CACA,oBAAA,CAJA,kBAAA,CADA,YAAA,CASA,SAAA,CANA,aAAA,CADA,SAAA,CALA,iBAAA,CAgBA,gCAAA,CAAA,4BAAA,CAfA,UAAA,CAYA,+CACE,CAZF,SzB0vFJ,CyBzuFI,gEACE,gBAAA,CACA,SAAA,CACA,8CACE,CADF,sCzB2uFN,CyB9uFI,6DACE,gBAAA,CACA,SAAA,CACA,2CACE,CADF,sCzB2uFN,CyB9uFI,uDACE,gBAAA,CACA,SAAA,CACA,sCzB2uFN,CyBruFI,wBAGE,oCACE,gCzBquFN,CyBjuFI,2CACE,czBmuFN,CACF,CyB9tFE,kBACE,kBzBguFJ,CyB5tFE,4BAGE,kBAAA,CAAA,oBzBmuFJ,CyBtuFE,4BAGE,mBAAA,CAAA,mBzBmuFJ,CyBtuFE,kBAME,cAAA,CALA,aAAA,CAIA,YAAA,CAKA,uBAAA,CAHA,2CACE,CAJF,kBAAA,CAFA,UzBouFJ,CyBztFI,6CACE,+BzB2tFN,CyB5tFI,0CACE,+BzB2tFN,CyB5tFI,oCACE,+BzB2tFN,CyBvtFI,wBACE,qDzBytFN,C0B1zFA,MAEI,uWAAA,CAAA,8WAAA,CAAA,sPAAA,CAAA,8xBAAA,CAAA,0MAAA,CAAA,gbAAA,CAAA,gMAAA,CAAA,iQAAA,CAAA,0VAAA,CAAA,6aAAA,CAAA,8SAAA,CAAA,gM1Bm1FJ,C0Bv0FE,4CAQE,8CAAA,CACA,2BAAA,CACA,mBAAA,CACA,8BAAA,CANA,mCAAA,CAHA,iBAAA,CAIA,gBAAA,CAHA,iBAAA,CACA,eAAA,CAGA,uB1B80FJ,C0Bv0FI,aAdF,4CAeI,e1B20FJ,CACF,C0Bv0FI,gDACE,qB1B00FN,C0Bt0FI,gHAEE,iBAAA,CADA,c1B00FN,C0B30FI,0GAEE,iBAAA,CADA,c1B00FN,C0B30FI,8FAEE,iBAAA,CADA,c1B00FN,C0Br0FI,4FACE,iB1Bw0FN,C0Bp0FI,kFACE,e1Bu0FN,C0Bn0FI,0FACE,Y1Bs0FN,C0Bl0FI,8EACE,mB1Bq0FN,C0Bh0FE,sEAME,iBAAA,CAAA,mB1Bw0FJ,C0B90FE,sEAME,kBAAA,CAAA,kB1Bw0FJ,C0B90FE,sEAUE,uB1Bo0FJ,C0B90FE,sEAUE,wB1Bo0FJ,C0B90FE,sEAWE,4B1Bm0FJ,C0B90FE,4IAYE,6B1Bk0FJ,C0B90FE,sEAYE,4B1Bk0FJ,C0B90FE,kDAQE,oCAAA,CACA,WAAA,CAFA,eAAA,CAHA,eAAA,CACA,oBAAA,CAAA,iBAAA,CAHA,iB1B40FJ,C0B/zFI,kFACE,e1Bk0FN,C0B9zFI,oFAGE,U1By0FN,C0B50FI,oFAGE,W1By0FN,C0B50FI,gEAME,wBCsIU,CDjIV,UAAA,CANA,WAAA,CAEA,kDAAA,CAAA,0CAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CATA,iBAAA,CACA,UAAA,CAEA,U1Bw0FN,C0B7zFI,4DACE,4D1Bg0FN,C0B3yFE,iEACE,oB1B8yFJ,C0B/yFE,2DACE,oB1B8yFJ,C0B/yFE,+CACE,oB1B8yFJ,C0B1yFE,wEACE,oC1B6yFJ,C0B9yFE,kEACE,oC1B6yFJ,C0B9yFE,sDACE,oC1B6yFJ,C0B1yFI,+EACE,wBAnBG,CAoBH,kDAAA,CAAA,0C1B4yFN,C0B9yFI,yEACE,wBAnBG,CAoBH,0C1B4yFN,C0B9yFI,6DACE,wBAnBG,CAoBH,kDAAA,CAAA,0C1B4yFN,C0BxyFI,8EACE,a1B0yFN,C0B3yFI,wEACE,a1B0yFN,C0B3yFI,4DACE,a1B0yFN,C0B1zFE,oFACE,oB1B6zFJ,C0B9zFE,8EACE,oB1B6zFJ,C0B9zFE,kEACE,oB1B6zFJ,C0BzzFE,2FACE,mC1B4zFJ,C0B7zFE,qFACE,mC1B4zFJ,C0B7zFE,yEACE,mC1B4zFJ,C0BzzFI,kGACE,wBAnBG,CAoBH,sDAAA,CAAA,8C1B2zFN,C0B7zFI,4FACE,wBAnBG,CAoBH,8C1B2zFN,C0B7zFI,gFACE,wBAnBG,CAoBH,sDAAA,CAAA,8C1B2zFN,C0BvzFI,iGACE,a1ByzFN,C0B1zFI,2FACE,a1ByzFN,C0B1zFI,+EACE,a1ByzFN,C0Bz0FE,uEACE,oB1B40FJ,C0B70FE,iEACE,oB1B40FJ,C0B70FE,qDACE,oB1B40FJ,C0Bx0FE,8EACE,mC1B20FJ,C0B50FE,wEACE,mC1B20FJ,C0B50FE,4DACE,mC1B20FJ,C0Bx0FI,qFACE,wBAnBG,CAoBH,kDAAA,CAAA,0C1B00FN,C0B50FI,+EACE,wBAnBG,CAoBH,0C1B00FN,C0B50FI,mEACE,wBAnBG,CAoBH,kDAAA,CAAA,0C1B00FN,C0Bt0FI,oFACE,a1Bw0FN,C0Bz0FI,8EACE,a1Bw0FN,C0Bz0FI,kEACE,a1Bw0FN,C0Bx1FE,iFACE,oB1B21FJ,C0B51FE,2EACE,oB1B21FJ,C0B51FE,+DACE,oB1B21FJ,C0Bv1FE,wFACE,mC1B01FJ,C0B31FE,kFACE,mC1B01FJ,C0B31FE,sEACE,mC1B01FJ,C0Bv1FI,+FACE,wBAnBG,CAoBH,iDAAA,CAAA,yC1By1FN,C0B31FI,yFACE,wBAnBG,CAoBH,yC1By1FN,C0B31FI,6EACE,wBAnBG,CAoBH,iDAAA,CAAA,yC1By1FN,C0Br1FI,8FACE,a1Bu1FN,C0Bx1FI,wFACE,a1Bu1FN,C0Bx1FI,4EACE,a1Bu1FN,C0Bv2FE,iFACE,oB1B02FJ,C0B32FE,2EACE,oB1B02FJ,C0B32FE,+DACE,oB1B02FJ,C0Bt2FE,wFACE,kC1By2FJ,C0B12FE,kFACE,kC1By2FJ,C0B12FE,sEACE,kC1By2FJ,C0Bt2FI,+FACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bw2FN,C0B12FI,yFACE,wBAnBG,CAoBH,6C1Bw2FN,C0B12FI,6EACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bw2FN,C0Bp2FI,8FACE,a1Bs2FN,C0Bv2FI,wFACE,a1Bs2FN,C0Bv2FI,4EACE,a1Bs2FN,C0Bt3FE,gFACE,oB1By3FJ,C0B13FE,0EACE,oB1By3FJ,C0B13FE,8DACE,oB1By3FJ,C0Br3FE,uFACE,oC1Bw3FJ,C0Bz3FE,iFACE,oC1Bw3FJ,C0Bz3FE,qEACE,oC1Bw3FJ,C0Br3FI,8FACE,wBAnBG,CAoBH,sDAAA,CAAA,8C1Bu3FN,C0Bz3FI,wFACE,wBAnBG,CAoBH,8C1Bu3FN,C0Bz3FI,4EACE,wBAnBG,CAoBH,sDAAA,CAAA,8C1Bu3FN,C0Bn3FI,6FACE,a1Bq3FN,C0Bt3FI,uFACE,a1Bq3FN,C0Bt3FI,2EACE,a1Bq3FN,C0Br4FE,wFACE,oB1Bw4FJ,C0Bz4FE,kFACE,oB1Bw4FJ,C0Bz4FE,sEACE,oB1Bw4FJ,C0Bp4FE,+FACE,mC1Bu4FJ,C0Bx4FE,yFACE,mC1Bu4FJ,C0Bx4FE,6EACE,mC1Bu4FJ,C0Bp4FI,sGACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bs4FN,C0Bx4FI,gGACE,wBAnBG,CAoBH,6C1Bs4FN,C0Bx4FI,oFACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bs4FN,C0Bl4FI,qGACE,a1Bo4FN,C0Br4FI,+FACE,a1Bo4FN,C0Br4FI,mFACE,a1Bo4FN,C0Bp5FE,mFACE,oB1Bu5FJ,C0Bx5FE,6EACE,oB1Bu5FJ,C0Bx5FE,iEACE,oB1Bu5FJ,C0Bn5FE,0FACE,mC1Bs5FJ,C0Bv5FE,oFACE,mC1Bs5FJ,C0Bv5FE,wEACE,mC1Bs5FJ,C0Bn5FI,iGACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bq5FN,C0Bv5FI,2FACE,wBAnBG,CAoBH,6C1Bq5FN,C0Bv5FI,+EACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bq5FN,C0Bj5FI,gGACE,a1Bm5FN,C0Bp5FI,0FACE,a1Bm5FN,C0Bp5FI,8EACE,a1Bm5FN,C0Bn6FE,0EACE,oB1Bs6FJ,C0Bv6FE,oEACE,oB1Bs6FJ,C0Bv6FE,wDACE,oB1Bs6FJ,C0Bl6FE,iFACE,mC1Bq6FJ,C0Bt6FE,2EACE,mC1Bq6FJ,C0Bt6FE,+DACE,mC1Bq6FJ,C0Bl6FI,wFACE,wBAnBG,CAoBH,oDAAA,CAAA,4C1Bo6FN,C0Bt6FI,kFACE,wBAnBG,CAoBH,4C1Bo6FN,C0Bt6FI,sEACE,wBAnBG,CAoBH,oDAAA,CAAA,4C1Bo6FN,C0Bh6FI,uFACE,a1Bk6FN,C0Bn6FI,iFACE,a1Bk6FN,C0Bn6FI,qEACE,a1Bk6FN,C0Bl7FE,gEACE,oB1Bq7FJ,C0Bt7FE,0DACE,oB1Bq7FJ,C0Bt7FE,8CACE,oB1Bq7FJ,C0Bj7FE,uEACE,kC1Bo7FJ,C0Br7FE,iEACE,kC1Bo7FJ,C0Br7FE,qDACE,kC1Bo7FJ,C0Bj7FI,8EACE,wBAnBG,CAoBH,iDAAA,CAAA,yC1Bm7FN,C0Br7FI,wEACE,wBAnBG,CAoBH,yC1Bm7FN,C0Br7FI,4DACE,wBAnBG,CAoBH,iDAAA,CAAA,yC1Bm7FN,C0B/6FI,6EACE,a1Bi7FN,C0Bl7FI,uEACE,a1Bi7FN,C0Bl7FI,2DACE,a1Bi7FN,C0Bj8FE,oEACE,oB1Bo8FJ,C0Br8FE,8DACE,oB1Bo8FJ,C0Br8FE,kDACE,oB1Bo8FJ,C0Bh8FE,2EACE,oC1Bm8FJ,C0Bp8FE,qEACE,oC1Bm8FJ,C0Bp8FE,yDACE,oC1Bm8FJ,C0Bh8FI,kFACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bk8FN,C0Bp8FI,4EACE,wBAnBG,CAoBH,6C1Bk8FN,C0Bp8FI,gEACE,wBAnBG,CAoBH,qDAAA,CAAA,6C1Bk8FN,C0B97FI,iFACE,a1Bg8FN,C0Bj8FI,2EACE,a1Bg8FN,C0Bj8FI,+DACE,a1Bg8FN,C0Bh9FE,wEACE,oB1Bm9FJ,C0Bp9FE,kEACE,oB1Bm9FJ,C0Bp9FE,sDACE,oB1Bm9FJ,C0B/8FE,+EACE,kC1Bk9FJ,C0Bn9FE,yEACE,kC1Bk9FJ,C0Bn9FE,6DACE,kC1Bk9FJ,C0B/8FI,sFACE,wBAnBG,CAoBH,mDAAA,CAAA,2C1Bi9FN,C0Bn9FI,gFACE,wBAnBG,CAoBH,2C1Bi9FN,C0Bn9FI,oEACE,wBAnBG,CAoBH,mDAAA,CAAA,2C1Bi9FN,C0B78FI,qFACE,a1B+8FN,C0Bh9FI,+EACE,a1B+8FN,C0Bh9FI,mEACE,a1B+8FN,C4BjnGA,MACE,wM5BonGF,C4B3mGE,sBACE,uCAAA,CACA,gB5B8mGJ,C4B3mGI,mCACE,a5B6mGN,C4B9mGI,mCACE,c5B6mGN,C4BzmGM,4BACE,sB5B2mGR,C4BxmGQ,mCACE,gC5B0mGV,C4BtmGQ,2DAEE,SAAA,CADA,uBAAA,CAEA,e5BwmGV,C4BpmGQ,0EAEE,SAAA,CADA,uB5BumGV,C4BxmGQ,uEAEE,SAAA,CADA,uB5BumGV,C4BxmGQ,iEAEE,SAAA,CADA,uB5BumGV,C4BlmGQ,yCACE,Y5BomGV,C4B7lGE,0BAEE,eAAA,CADA,e5BgmGJ,C4B5lGI,+BACE,oB5B8lGN,C4BzlGE,gDACE,Y5B2lGJ,C4BvlGE,8BAEE,+BAAA,CADA,oBAAA,CAGA,WAAA,CAGA,SAAA,CADA,4BAAA,CAEA,4DACE,CAJF,0B5B2lGJ,C4BllGI,aAdF,8BAeI,+BAAA,CAEA,SAAA,CADA,uB5BslGJ,CACF,C4BllGI,wCACE,6B5BolGN,C4BhlGI,oCACE,+B5BklGN,C4B9kGI,qCAIE,6BAAA,CAKA,UAAA,CARA,oBAAA,CAEA,YAAA,CAEA,2CAAA,CAAA,mCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CANA,W5BulGN,C4B1kGQ,mDACE,oB5B4kGV,C6B1rGE,kCAEE,iB7BgsGJ,C6BlsGE,kCAEE,kB7BgsGJ,C6BlsGE,wBAGE,yCAAA,CAFA,oBAAA,CAGA,SAAA,CACA,mC7B6rGJ,C6BxrGI,aAVF,wBAWI,Y7B2rGJ,CACF,C6BvrGE,mFAEE,SAAA,CACA,2CACE,CADF,mC7ByrGJ,C6B5rGE,gFAEE,SAAA,CACA,wCACE,CADF,mC7ByrGJ,C6B5rGE,0EAEE,SAAA,CACA,mC7ByrGJ,C6BnrGE,mFAEE,+B7BqrGJ,C6BvrGE,gFAEE,+B7BqrGJ,C6BvrGE,0EAEE,+B7BqrGJ,C6BjrGE,oBACE,yBAAA,CACA,uBAAA,CAGA,yE7BirGJ,CKljGI,sCwBrHE,qDACE,uB7B0qGN,CACF,C6BrqGE,0CACE,yB7BuqGJ,C6BxqGE,uCACE,yB7BuqGJ,C6BxqGE,iCACE,yB7BuqGJ,C6BnqGE,sBACE,0B7BqqGJ,C8BhuGE,2BACE,a9BmuGJ,CK9iGI,wCyBtLF,2BAKI,e9BmuGJ,CACF,C8BhuGI,6BAEE,0BAAA,CAAA,2BAAA,CACA,eAAA,CACA,iBAAA,CAHA,yBAAA,CAAA,sBAAA,CAAA,iB9BquGN,C8B/tGM,2CACE,kB9BiuGR,C+BlvGE,kDACE,kCAAA,CAAA,0B/BqvGJ,C+BtvGE,+CACE,0B/BqvGJ,C+BtvGE,yCACE,kCAAA,CAAA,0B/BqvGJ,C+BjvGE,uBACE,4C/BmvGJ,C+B/uGE,uBACE,4C/BivGJ,C+B7uGE,4BACE,qC/B+uGJ,C+B5uGI,mCACE,a/B8uGN,C+B1uGI,kCACE,a/B4uGN,C+BvuGE,0BAKE,eAAA,CAJA,aAAA,CACA,YAAA,CAEA,aAAA,CADA,kBAAA,CAAA,mB/B2uGJ,C+BtuGI,uCACE,e/BwuGN,C+BpuGI,sCACE,kB/BsuGN,CgCrxGA,MACE,8LhCwxGF,CgC/wGE,oBACE,iBAAA,CAEA,gBAAA,CADA,ahCmxGJ,CgC/wGI,wCACE,uBhCixGN,CgC7wGI,gCAEE,eAAA,CADA,gBhCgxGN,CgCzwGM,wCACE,mBhC2wGR,CgCrwGE,8BAGE,oBhC0wGJ,CgC7wGE,8BAGE,mBhC0wGJ,CgC7wGE,8BAIE,4BhCywGJ,CgC7wGE,4DAKE,6BhCwwGJ,CgC7wGE,8BAKE,4BhCwwGJ,CgC7wGE,oBAME,cAAA,CALA,aAAA,CACA,ehC2wGJ,CgCpwGI,kCACE,uCAAA,CACA,oBhCswGN,CgClwGI,wCAEE,uCAAA,CADA,YhCqwGN,CgChwGI,oCAGE,WhC4wGN,CgC/wGI,oCAGE,UhC4wGN,CgC/wGI,0BAME,6BAAA,CAOA,UAAA,CARA,WAAA,CAEA,yCAAA,CAAA,iCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CATA,iBAAA,CACA,UAAA,CASA,sBAAA,CACA,yBAAA,CARA,UhC2wGN,CgC/vGM,oCACE,wBhCiwGR,CgC5vGI,4BACE,YhC8vGN,CgCzvGI,4CACE,YhC2vGN,CiC90GE,qDACE,mBAAA,CACA,cAAA,CACA,uBjCi1GJ,CiCp1GE,kDACE,mBAAA,CACA,cAAA,CACA,uBjCi1GJ,CiCp1GE,4CACE,mBAAA,CACA,cAAA,CACA,uBjCi1GJ,CiC90GI,yDAGE,iBAAA,CADA,eAAA,CADA,ajCk1GN,CiCn1GI,sDAGE,iBAAA,CADA,eAAA,CADA,ajCk1GN,CiCn1GI,gDAGE,iBAAA,CADA,eAAA,CADA,ajCk1GN,CkCx1GE,gCACE,sClC21GJ,CkC51GE,6BACE,sClC21GJ,CkC51GE,uBACE,sClC21GJ,CkCx1GE,cACE,yClC01GJ,CkC90GE,4DACE,oClCg1GJ,CkCj1GE,yDACE,oClCg1GJ,CkCj1GE,mDACE,oClCg1GJ,CkCx0GE,6CACE,qClC00GJ,CkC30GE,0CACE,qClC00GJ,CkC30GE,oCACE,qClC00GJ,CkCh0GE,oDACE,oClCk0GJ,CkCn0GE,iDACE,oClCk0GJ,CkCn0GE,2CACE,oClCk0GJ,CkCzzGE,gDACE,qClC2zGJ,CkC5zGE,6CACE,qClC2zGJ,CkC5zGE,uCACE,qClC2zGJ,CkCtzGE,gCACE,kClCwzGJ,CkCzzGE,6BACE,kClCwzGJ,CkCzzGE,uBACE,kClCwzGJ,CkClzGE,qCACE,sClCozGJ,CkCrzGE,kCACE,sClCozGJ,CkCrzGE,4BACE,sClCozGJ,CkC7yGE,yCACE,sClC+yGJ,CkChzGE,sCACE,sClC+yGJ,CkChzGE,gCACE,sClC+yGJ,CkCxyGE,yCACE,qClC0yGJ,CkC3yGE,sCACE,qClC0yGJ,CkC3yGE,gCACE,qClC0yGJ,CkCjyGE,gDACE,qClCmyGJ,CkCpyGE,6CACE,qClCmyGJ,CkCpyGE,uCACE,qClCmyGJ,CkC3xGE,6CACE,sClC6xGJ,CkC9xGE,0CACE,sClC6xGJ,CkC9xGE,oCACE,sClC6xGJ,CkClxGE,yDACE,qClCoxGJ,CkCrxGE,sDACE,qClCoxGJ,CkCrxGE,gDACE,qClCoxGJ,CkC/wGE,iCAGE,mBAAA,CAFA,gBAAA,CACA,gBlCkxGJ,CkCpxGE,8BAGE,mBAAA,CAFA,gBAAA,CACA,gBlCkxGJ,CkCpxGE,wBAGE,mBAAA,CAFA,gBAAA,CACA,gBlCkxGJ,CkC9wGE,eACE,4ClCgxGJ,CkC7wGE,eACE,4ClC+wGJ,CkC3wGE,gBAIE,wCAAA,CAHA,aAAA,CACA,wBAAA,CACA,wBlC8wGJ,CkCzwGE,yBAOE,wCAAA,CACA,+DAAA,CACA,4BAAA,CACA,6BAAA,CARA,iBAAA,CAIA,eAAA,CADA,eAAA,CAFA,cAAA,CACA,oCAAA,CAHA,iBlCoxGJ,CkCxwGI,6BACE,YlC0wGN,CkCvwGM,kCACE,wBAAA,CACA,yBlCywGR,CkCnwGE,iCAWE,wCAAA,CACA,+DAAA,CAFA,uCAAA,CAGA,0BAAA,CAPA,UAAA,CAJA,oBAAA,CAMA,2BAAA,CADA,2BAAA,CAEA,2BAAA,CARA,uBAAA,CAAA,eAAA,CAaA,wBAAA,CAAA,qBAAA,CAAA,oBAAA,CAAA,gBAAA,CATA,SlC4wGJ,CkC1vGE,sBACE,iBAAA,CACA,iBlC4vGJ,CkCpvGI,sCACE,gBlCsvGN,CkClvGI,gDACE,YlCovGN,CkC1uGA,gBACE,iBlC6uGF,CkCzuGE,uCACE,aAAA,CACA,SlC2uGJ,CkC7uGE,oCACE,aAAA,CACA,SlC2uGJ,CkC7uGE,8BACE,aAAA,CACA,SlC2uGJ,CkCtuGE,mBACE,YlCwuGJ,CkCnuGE,oBACE,QlCquGJ,CkCjuGE,4BACE,WAAA,CACA,SAAA,CACA,elCmuGJ,CkChuGI,0CACE,YlCkuGN,CkC5tGE,yBAIE,wCAAA,CAEA,+BAAA,CADA,4BAAA,CAFA,eAAA,CADA,oDAAA,CAKA,wBAAA,CAAA,qBAAA,CAAA,oBAAA,CAAA,gBlC8tGJ,CkC1tGE,2BAEE,+DAAA,CADA,2BlC6tGJ,CkCztGI,+BACE,uCAAA,CACA,gBlC2tGN,CkCttGE,sBACE,MAAA,CACA,WlCwtGJ,CkCntGA,aACE,alCstGF,CkC5sGE,4BAEE,aAAA,CADA,YlCgtGJ,CkC5sGI,wDAEE,2BAAA,CADA,wBlC+sGN,CkCzsGE,+BAKE,2CAAA,CAEA,+BAAA,CADA,gCAAA,CADA,sBAAA,CAJA,mBAAA,CAEA,gBAAA,CADA,alCgtGJ,CkCxsGI,qCAEE,UAAA,CACA,UAAA,CAFA,alC4sGN,CK70GI,wC6BgJF,8BACE,iBlCisGF,CkCvrGE,wSAGE,elC6rGJ,CkCzrGE,sCAEE,mBAAA,CACA,eAAA,CADA,oBAAA,CADA,kBAAA,CAAA,mBlC6rGJ,CACF,CDphHI,kDAIE,+BAAA,CACA,8BAAA,CAFA,aAAA,CADA,QAAA,CADA,iBC0hHN,CD3hHI,+CAIE,+BAAA,CACA,8BAAA,CAFA,aAAA,CADA,QAAA,CADA,iBC0hHN,CD3hHI,yCAIE,+BAAA,CACA,8BAAA,CAFA,aAAA,CADA,QAAA,CADA,iBC0hHN,CDlhHI,uBAEE,uCAAA,CADA,cCqhHN,CDh+GM,iHAEE,WAlDkB,CAiDlB,kBC2+GR,CD5+GM,6HAEE,WAlDkB,CAiDlB,kBCu/GR,CDx/GM,6HAEE,WAlDkB,CAiDlB,kBCmgHR,CDpgHM,oHAEE,WAlDkB,CAiDlB,kBC+gHR,CDhhHM,0HAEE,WAlDkB,CAiDlB,kBC2hHR,CD5hHM,uHAEE,WAlDkB,CAiDlB,kBCuiHR,CDxiHM,uHAEE,WAlDkB,CAiDlB,kBCmjHR,CDpjHM,6HAEE,WAlDkB,CAiDlB,kBC+jHR,CDhkHM,yCAEE,WAlDkB,CAiDlB,kBCmkHR,CDpkHM,yCAEE,WAlDkB,CAiDlB,kBCukHR,CDxkHM,0CAEE,WAlDkB,CAiDlB,kBC2kHR,CD5kHM,uCAEE,WAlDkB,CAiDlB,kBC+kHR,CDhlHM,wCAEE,WAlDkB,CAiDlB,kBCmlHR,CDplHM,sCAEE,WAlDkB,CAiDlB,kBCulHR,CDxlHM,wCAEE,WAlDkB,CAiDlB,kBC2lHR,CD5lHM,oCAEE,WAlDkB,CAiDlB,kBC+lHR,CDhmHM,2CAEE,WAlDkB,CAiDlB,kBCmmHR,CDpmHM,qCAEE,WAlDkB,CAiDlB,kBCumHR,CDxmHM,oCAEE,WAlDkB,CAiDlB,kBC2mHR,CD5mHM,kCAEE,WAlDkB,CAiDlB,kBC+mHR,CDhnHM,qCAEE,WAlDkB,CAiDlB,kBCmnHR,CDpnHM,mCAEE,WAlDkB,CAiDlB,kBCunHR,CDxnHM,qCAEE,WAlDkB,CAiDlB,kBC2nHR,CD5nHM,wCAEE,WAlDkB,CAiDlB,kBC+nHR,CDhoHM,sCAEE,WAlDkB,CAiDlB,kBCmoHR,CDpoHM,2CAEE,WAlDkB,CAiDlB,kBCuoHR,CD5nHM,iCAEE,WAPkB,CAMlB,iBC+nHR,CDhoHM,uCAEE,WAPkB,CAMlB,iBCmoHR,CDpoHM,mCAEE,WAPkB,CAMlB,iBCuoHR,CmCztHA,MACE,qMAAA,CACA,mMnC4tHF,CmCntHE,wBAKE,mBAAA,CAHA,YAAA,CACA,qBAAA,CACA,YAAA,CAHA,iBnC0tHJ,CmChtHI,8BAGE,QAAA,CACA,SAAA,CAHA,iBAAA,CACA,OnCotHN,CmC/sHM,qCACE,0BnCitHR,CmClrHE,2BAKE,uBAAA,CADA,+DAAA,CAHA,YAAA,CACA,cAAA,CACA,aAAA,CAGA,oBnCorHJ,CmCjrHI,aATF,2BAUI,gBnCorHJ,CACF,CmCjrHI,cAGE,+BACE,iBnCirHN,CmC9qHM,sCAOE,oCAAA,CALA,QAAA,CAWA,UAAA,CATA,aAAA,CAEA,UAAA,CAHA,MAAA,CAFA,iBAAA,CAOA,2CAAA,CACA,qCACE,CAEF,kDAAA,CAPA,+BnCsrHR,CACF,CmCzqHI,8CACE,YnC2qHN,CmCvqHI,iCAQE,qCAAA,CACA,6BAAA,CALA,uCAAA,CAMA,cAAA,CATA,aAAA,CAKA,gBAAA,CADA,eAAA,CAFA,8BAAA,CAWA,+BAAA,CAHA,2CACE,CALF,kBAAA,CALA,UnCmrHN,CmCpqHM,aAII,6CACE,OnCmqHV,CmCpqHQ,8CACE,OnCsqHV,CmCvqHQ,8CACE,OnCyqHV,CmC1qHQ,8CACE,OnC4qHV,CmC7qHQ,8CACE,OnC+qHV,CmChrHQ,8CACE,OnCkrHV,CmCnrHQ,8CACE,OnCqrHV,CmCtrHQ,8CACE,OnCwrHV,CmCzrHQ,8CACE,OnC2rHV,CmC5rHQ,+CACE,QnC8rHV,CmC/rHQ,+CACE,QnCisHV,CmClsHQ,+CACE,QnCosHV,CmCrsHQ,+CACE,QnCusHV,CmCxsHQ,+CACE,QnC0sHV,CmC3sHQ,+CACE,QnC6sHV,CmC9sHQ,+CACE,QnCgtHV,CmCjtHQ,+CACE,QnCmtHV,CmCptHQ,+CACE,QnCstHV,CmCvtHQ,+CACE,QnCytHV,CmC1tHQ,+CACE,QnC4tHV,CACF,CmCvtHM,uCACE,+BnCytHR,CmCntHE,4BACE,UnCqtHJ,CmCltHI,aAJF,4BAKI,gBnCqtHJ,CACF,CmCjtHE,0BACE,YnCmtHJ,CmChtHI,aAJF,0BAKI,anCmtHJ,CmC/sHM,sCACE,OnCitHR,CmCltHM,uCACE,OnCotHR,CmCrtHM,uCACE,OnCutHR,CmCxtHM,uCACE,OnC0tHR,CmC3tHM,uCACE,OnC6tHR,CmC9tHM,uCACE,OnCguHR,CmCjuHM,uCACE,OnCmuHR,CmCpuHM,uCACE,OnCsuHR,CmCvuHM,uCACE,OnCyuHR,CmC1uHM,wCACE,QnC4uHR,CmC7uHM,wCACE,QnC+uHR,CmChvHM,wCACE,QnCkvHR,CmCnvHM,wCACE,QnCqvHR,CmCtvHM,wCACE,QnCwvHR,CmCzvHM,wCACE,QnC2vHR,CmC5vHM,wCACE,QnC8vHR,CmC/vHM,wCACE,QnCiwHR,CmClwHM,wCACE,QnCowHR,CmCrwHM,wCACE,QnCuwHR,CmCxwHM,wCACE,QnC0wHR,CACF,CmCpwHI,+FAEE,QnCswHN,CmCnwHM,yGACE,wBAAA,CACA,yBnCswHR,CmC7vHM,2DAEE,wBAAA,CACA,yBAAA,CAFA,QnCiwHR,CmC1vHM,iEACE,QnC4vHR,CmCzvHQ,qLAGE,wBAAA,CACA,yBAAA,CAFA,QnC6vHV,CmCvvHQ,6FACE,wBAAA,CACA,yBnCyvHV,CmCpvHM,yDACE,kBnCsvHR,CmCjvHI,sCACE,QnCmvHN,CmC9uHE,2BAEE,iBAAA,CAKA,kBAAA,CADA,uCAAA,CAEA,cAAA,CAPA,aAAA,CAGA,YAAA,CACA,gBAAA,CAKA,mBAAA,CADA,gCAAA,CANA,WnCuvHJ,CmC7uHI,iCAEE,uDAAA,CADA,+BnCgvHN,CmC3uHI,iCAIE,6BAAA,CAQA,UAAA,CAXA,aAAA,CAEA,WAAA,CAKA,8CAAA,CAAA,sCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CANA,+CACE,CAJF,UnCqvHN,CmCtuHE,4BAME,+EACE,CALF,YAAA,CAGA,aAAA,CAFA,qBAAA,CAUA,mBAAA,CAZA,iBAAA,CAWA,wBAAA,CARA,YnC4uHJ,CmChuHI,sCACE,wBnCkuHN,CmC9tHI,oCACE,SnCguHN,CmC5tHI,kCAGE,8EACE,CAFF,mBAAA,CADA,OnCguHN,CmCttHM,uDACE,8CAAA,CAAA,sCnCwtHR,CKx0HI,wC8B8HF,wDAGE,kBnC+sHF,CmCltHA,wDAGE,mBnC+sHF,CmCltHA,8CAEE,eAAA,CADA,eAAA,CAGA,iCnC8sHF,CmC1sHE,8DACE,mBnC6sHJ,CmC9sHE,8DACE,kBnC6sHJ,CmC9sHE,oDAEE,UnC4sHJ,CmCxsHE,8EAEE,kBnC2sHJ,CmC7sHE,8EAEE,mBnC2sHJ,CmC7sHE,8EAGE,kBnC0sHJ,CmC7sHE,8EAGE,mBnC0sHJ,CmC7sHE,oEACE,UnC4sHJ,CmCtsHE,8EAEE,mBnCysHJ,CmC3sHE,8EAEE,kBnCysHJ,CmC3sHE,8EAGE,mBnCwsHJ,CmC3sHE,8EAGE,kBnCwsHJ,CmC3sHE,oEACE,UnC0sHJ,CACF,CmC5rHE,cAHF,olDAII,+BnC+rHF,CmC5rHE,g8GACE,sCnC8rHJ,CACF,CmCzrHA,4sDACE,uDnC4rHF,CmCxrHA,wmDACE,anC2rHF,CoCxiIA,MACE,mVAAA,CAEA,4VpC4iIF,CoCliIE,4BAEE,oBAAA,CADA,iBpCsiIJ,CoCjiII,sDAGE,SpCmiIN,CoCtiII,sDAGE,UpCmiIN,CoCtiII,4CACE,iBAAA,CACA,SpCoiIN,CoC9hIE,+CAEE,SAAA,CADA,UpCiiIJ,CoC5hIE,kDAGE,WpCsiIJ,CoCziIE,kDAGE,YpCsiIJ,CoCziIE,wCAME,qDAAA,CAKA,UAAA,CANA,aAAA,CAEA,0CAAA,CAAA,kCAAA,CACA,4BAAA,CAAA,oBAAA,CACA,6BAAA,CAAA,qBAAA,CACA,yBAAA,CAAA,iBAAA,CATA,iBAAA,CACA,SAAA,CAEA,YpCqiIJ,CoC1hIE,gEACE,wBTyWa,CSxWb,mDAAA,CAAA,2CpC4hIJ,CqC9kIA,QACE,8DAAA,CAGA,+CAAA,CACA,iEAAA,CACA,oDAAA,CACA,sDAAA,CACA,mDrC+kIF,CqC3kIA,SAEE,kBAAA,CADA,YrC+kIF,CKt7HI,mCiChKA,8BACE,UtC8lIJ,CsC/lIE,8BACE,WtC8lIJ,CsC/lIE,8BAIE,kBtC2lIJ,CsC/lIE,8BAIE,iBtC2lIJ,CsC/lIE,oBAKE,mBAAA,CAFA,YAAA,CADA,atC6lIJ,CsCvlII,kCACE,WtC0lIN,CsC3lII,kCACE,UtC0lIN,CsC3lII,kCAEE,iBAAA,CAAA,ctCylIN,CsC3lII,kCAEE,aAAA,CAAA,kBtCylIN,CACF","file":"main.css"} \ No newline at end of file diff --git a/2.5/assets/stylesheets/palette.08040f6c.min.css b/2.5/assets/stylesheets/palette.08040f6c.min.css new file mode 100644 index 000000000..9ba9032fd --- /dev/null +++ b/2.5/assets/stylesheets/palette.08040f6c.min.css @@ -0,0 +1 @@ +@media screen{[data-md-color-scheme=slate]{--md-hue:232;--md-default-fg-color:hsla(var(--md-hue),75%,95%,1);--md-default-fg-color--light:hsla(var(--md-hue),75%,90%,0.62);--md-default-fg-color--lighter:hsla(var(--md-hue),75%,90%,0.32);--md-default-fg-color--lightest:hsla(var(--md-hue),75%,90%,0.12);--md-default-bg-color:hsla(var(--md-hue),15%,21%,1);--md-default-bg-color--light:hsla(var(--md-hue),15%,21%,0.54);--md-default-bg-color--lighter:hsla(var(--md-hue),15%,21%,0.26);--md-default-bg-color--lightest:hsla(var(--md-hue),15%,21%,0.07);--md-code-fg-color:hsla(var(--md-hue),18%,86%,1);--md-code-bg-color:hsla(var(--md-hue),15%,15%,1);--md-code-hl-color:rgba(66,135,255,.15);--md-code-hl-number-color:#e6695b;--md-code-hl-special-color:#f06090;--md-code-hl-function-color:#c973d9;--md-code-hl-constant-color:#9383e2;--md-code-hl-keyword-color:#6791e0;--md-code-hl-string-color:#2fb170;--md-code-hl-name-color:var(--md-code-fg-color);--md-code-hl-operator-color:var(--md-default-fg-color--light);--md-code-hl-punctuation-color:var(--md-default-fg-color--light);--md-code-hl-comment-color:var(--md-default-fg-color--light);--md-code-hl-generic-color:var(--md-default-fg-color--light);--md-code-hl-variable-color:var(--md-default-fg-color--light);--md-typeset-color:var(--md-default-fg-color);--md-typeset-a-color:var(--md-primary-fg-color);--md-typeset-mark-color:rgba(66,135,255,.3);--md-typeset-kbd-color:hsla(var(--md-hue),15%,94%,0.12);--md-typeset-kbd-accent-color:hsla(var(--md-hue),15%,94%,0.2);--md-typeset-kbd-border-color:hsla(var(--md-hue),15%,14%,1);--md-typeset-table-color:hsla(var(--md-hue),75%,95%,0.12);--md-admonition-fg-color:var(--md-default-fg-color);--md-admonition-bg-color:var(--md-default-bg-color);--md-footer-bg-color:hsla(var(--md-hue),15%,12%,0.87);--md-footer-bg-color--dark:hsla(var(--md-hue),15%,10%,1);--md-shadow-z1:0 0.2rem 0.5rem rgba(0,0,0,.2),0 0 0.05rem rgba(0,0,0,.1);--md-shadow-z2:0 0.2rem 0.5rem rgba(0,0,0,.3),0 0 0.05rem rgba(0,0,0,.25);--md-shadow-z3:0 0.2rem 0.5rem rgba(0,0,0,.4),0 0 0.05rem rgba(0,0,0,.35)}[data-md-color-scheme=slate] img[src$="#gh-light-mode-only"],[data-md-color-scheme=slate] img[src$="#only-light"]{display:none}[data-md-color-scheme=slate] img[src$="#gh-dark-mode-only"],[data-md-color-scheme=slate] img[src$="#only-dark"]{display:initial}[data-md-color-scheme=slate][data-md-color-primary=pink]{--md-typeset-a-color:#ed5487}[data-md-color-scheme=slate][data-md-color-primary=purple]{--md-typeset-a-color:#bd78c9}[data-md-color-scheme=slate][data-md-color-primary=deep-purple]{--md-typeset-a-color:#a682e3}[data-md-color-scheme=slate][data-md-color-primary=indigo]{--md-typeset-a-color:#6c91d5}[data-md-color-scheme=slate][data-md-color-primary=teal]{--md-typeset-a-color:#00ccb8}[data-md-color-scheme=slate][data-md-color-primary=green]{--md-typeset-a-color:#71c174}[data-md-color-scheme=slate][data-md-color-primary=deep-orange]{--md-typeset-a-color:#ff9575}[data-md-color-scheme=slate][data-md-color-primary=brown]{--md-typeset-a-color:#c7846b}[data-md-color-scheme=slate][data-md-color-primary=black],[data-md-color-scheme=slate][data-md-color-primary=blue-grey],[data-md-color-scheme=slate][data-md-color-primary=grey],[data-md-color-scheme=slate][data-md-color-primary=white]{--md-typeset-a-color:#6c91d5}[data-md-color-switching] *,[data-md-color-switching] :after,[data-md-color-switching] :before{transition-duration:0ms!important}}[data-md-color-accent=red]{--md-accent-fg-color:#ff1947;--md-accent-fg-color--transparent:rgba(255,25,71,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=pink]{--md-accent-fg-color:#f50056;--md-accent-fg-color--transparent:rgba(245,0,86,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=purple]{--md-accent-fg-color:#df41fb;--md-accent-fg-color--transparent:rgba(223,65,251,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=deep-purple]{--md-accent-fg-color:#7c4dff;--md-accent-fg-color--transparent:rgba(124,77,255,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=indigo]{--md-accent-fg-color:#526cfe;--md-accent-fg-color--transparent:rgba(82,108,254,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=blue]{--md-accent-fg-color:#4287ff;--md-accent-fg-color--transparent:rgba(66,135,255,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=light-blue]{--md-accent-fg-color:#0091eb;--md-accent-fg-color--transparent:rgba(0,145,235,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=cyan]{--md-accent-fg-color:#00bad6;--md-accent-fg-color--transparent:rgba(0,186,214,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=teal]{--md-accent-fg-color:#00bda4;--md-accent-fg-color--transparent:rgba(0,189,164,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=green]{--md-accent-fg-color:#00c753;--md-accent-fg-color--transparent:rgba(0,199,83,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=light-green]{--md-accent-fg-color:#63de17;--md-accent-fg-color--transparent:rgba(99,222,23,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-accent=lime]{--md-accent-fg-color:#b0eb00;--md-accent-fg-color--transparent:rgba(176,235,0,.1);--md-accent-bg-color:rgba(0,0,0,.87);--md-accent-bg-color--light:rgba(0,0,0,.54)}[data-md-color-accent=yellow]{--md-accent-fg-color:#ffd500;--md-accent-fg-color--transparent:rgba(255,213,0,.1);--md-accent-bg-color:rgba(0,0,0,.87);--md-accent-bg-color--light:rgba(0,0,0,.54)}[data-md-color-accent=amber]{--md-accent-fg-color:#fa0;--md-accent-fg-color--transparent:rgba(255,170,0,.1);--md-accent-bg-color:rgba(0,0,0,.87);--md-accent-bg-color--light:rgba(0,0,0,.54)}[data-md-color-accent=orange]{--md-accent-fg-color:#ff9100;--md-accent-fg-color--transparent:rgba(255,145,0,.1);--md-accent-bg-color:rgba(0,0,0,.87);--md-accent-bg-color--light:rgba(0,0,0,.54)}[data-md-color-accent=deep-orange]{--md-accent-fg-color:#ff6e42;--md-accent-fg-color--transparent:rgba(255,110,66,.1);--md-accent-bg-color:#fff;--md-accent-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=red]{--md-primary-fg-color:#ef5552;--md-primary-fg-color--light:#e57171;--md-primary-fg-color--dark:#e53734;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=pink]{--md-primary-fg-color:#e92063;--md-primary-fg-color--light:#ec417a;--md-primary-fg-color--dark:#c3185d;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=purple]{--md-primary-fg-color:#ab47bd;--md-primary-fg-color--light:#bb69c9;--md-primary-fg-color--dark:#8c24a8;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=deep-purple]{--md-primary-fg-color:#7e56c2;--md-primary-fg-color--light:#9574cd;--md-primary-fg-color--dark:#673ab6;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=indigo]{--md-primary-fg-color:#4051b5;--md-primary-fg-color--light:#5d6cc0;--md-primary-fg-color--dark:#303fa1;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=blue]{--md-primary-fg-color:#2094f3;--md-primary-fg-color--light:#42a5f5;--md-primary-fg-color--dark:#1975d2;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=light-blue]{--md-primary-fg-color:#02a6f2;--md-primary-fg-color--light:#28b5f6;--md-primary-fg-color--dark:#0287cf;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=cyan]{--md-primary-fg-color:#00bdd6;--md-primary-fg-color--light:#25c5da;--md-primary-fg-color--dark:#0097a8;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=teal]{--md-primary-fg-color:#009485;--md-primary-fg-color--light:#26a699;--md-primary-fg-color--dark:#007a6c;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=green]{--md-primary-fg-color:#4cae4f;--md-primary-fg-color--light:#68bb6c;--md-primary-fg-color--dark:#398e3d;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=light-green]{--md-primary-fg-color:#8bc34b;--md-primary-fg-color--light:#9ccc66;--md-primary-fg-color--dark:#689f38;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=lime]{--md-primary-fg-color:#cbdc38;--md-primary-fg-color--light:#d3e156;--md-primary-fg-color--dark:#b0b52c;--md-primary-bg-color:rgba(0,0,0,.87);--md-primary-bg-color--light:rgba(0,0,0,.54)}[data-md-color-primary=yellow]{--md-primary-fg-color:#ffec3d;--md-primary-fg-color--light:#ffee57;--md-primary-fg-color--dark:#fbc02d;--md-primary-bg-color:rgba(0,0,0,.87);--md-primary-bg-color--light:rgba(0,0,0,.54)}[data-md-color-primary=amber]{--md-primary-fg-color:#ffc105;--md-primary-fg-color--light:#ffc929;--md-primary-fg-color--dark:#ffa200;--md-primary-bg-color:rgba(0,0,0,.87);--md-primary-bg-color--light:rgba(0,0,0,.54)}[data-md-color-primary=orange]{--md-primary-fg-color:#ffa724;--md-primary-fg-color--light:#ffa724;--md-primary-fg-color--dark:#fa8900;--md-primary-bg-color:rgba(0,0,0,.87);--md-primary-bg-color--light:rgba(0,0,0,.54)}[data-md-color-primary=deep-orange]{--md-primary-fg-color:#ff6e42;--md-primary-fg-color--light:#ff8a66;--md-primary-fg-color--dark:#f4511f;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=brown]{--md-primary-fg-color:#795649;--md-primary-fg-color--light:#8d6e62;--md-primary-fg-color--dark:#5d4037;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7)}[data-md-color-primary=grey]{--md-primary-fg-color:#757575;--md-primary-fg-color--light:#9e9e9e;--md-primary-fg-color--dark:#616161;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7);--md-typeset-a-color:#4051b5}[data-md-color-primary=blue-grey]{--md-primary-fg-color:#546d78;--md-primary-fg-color--light:#607c8a;--md-primary-fg-color--dark:#455a63;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7);--md-typeset-a-color:#4051b5}[data-md-color-primary=light-green]:not([data-md-color-scheme=slate]){--md-typeset-a-color:#72ad2e}[data-md-color-primary=lime]:not([data-md-color-scheme=slate]){--md-typeset-a-color:#8b990a}[data-md-color-primary=yellow]:not([data-md-color-scheme=slate]){--md-typeset-a-color:#b8a500}[data-md-color-primary=amber]:not([data-md-color-scheme=slate]){--md-typeset-a-color:#d19d00}[data-md-color-primary=orange]:not([data-md-color-scheme=slate]){--md-typeset-a-color:#e68a00}[data-md-color-primary=white]{--md-primary-fg-color:#fff;--md-primary-fg-color--light:hsla(0,0%,100%,.7);--md-primary-fg-color--dark:rgba(0,0,0,.07);--md-primary-bg-color:rgba(0,0,0,.87);--md-primary-bg-color--light:rgba(0,0,0,.54);--md-typeset-a-color:#4051b5}[data-md-color-primary=white] .md-button{color:var(--md-typeset-a-color)}[data-md-color-primary=white] .md-button--primary{background-color:var(--md-typeset-a-color);border-color:var(--md-typeset-a-color);color:#fff}@media screen and (min-width:60em){[data-md-color-primary=white] .md-search__form{background-color:rgba(0,0,0,.07)}[data-md-color-primary=white] .md-search__form:hover{background-color:rgba(0,0,0,.32)}[data-md-color-primary=white] .md-search__input+.md-search__icon{color:rgba(0,0,0,.87)}}@media screen and (min-width:76.25em){[data-md-color-primary=white] .md-tabs{border-bottom:.05rem solid rgba(0,0,0,.07)}}[data-md-color-primary=black]{--md-primary-fg-color:#000;--md-primary-fg-color--light:rgba(0,0,0,.54);--md-primary-fg-color--dark:#000;--md-primary-bg-color:#fff;--md-primary-bg-color--light:hsla(0,0%,100%,.7);--md-typeset-a-color:#4051b5}[data-md-color-primary=black] .md-button{color:var(--md-typeset-a-color)}[data-md-color-primary=black] .md-button--primary{background-color:var(--md-typeset-a-color);border-color:var(--md-typeset-a-color);color:#fff}[data-md-color-primary=black] .md-header{background-color:#000}@media screen and (max-width:59.9375em){[data-md-color-primary=black] .md-nav__source{background-color:rgba(0,0,0,.87)}}@media screen and (min-width:60em){[data-md-color-primary=black] .md-search__form{background-color:hsla(0,0%,100%,.12)}[data-md-color-primary=black] .md-search__form:hover{background-color:hsla(0,0%,100%,.3)}}@media screen and (max-width:76.1875em){html [data-md-color-primary=black] .md-nav--primary .md-nav__title[for=__drawer]{background-color:#000}}@media screen and (min-width:76.25em){[data-md-color-primary=black] .md-tabs{background-color:#000}} \ No newline at end of file diff --git a/2.5/assets/stylesheets/palette.08040f6c.min.css.map b/2.5/assets/stylesheets/palette.08040f6c.min.css.map new file mode 100644 index 000000000..0fd566624 --- /dev/null +++ b/2.5/assets/stylesheets/palette.08040f6c.min.css.map @@ -0,0 +1 @@ +{"version":3,"sources":["src/assets/stylesheets/palette/_scheme.scss","../../../src/assets/stylesheets/palette.scss","src/assets/stylesheets/palette/_accent.scss","src/assets/stylesheets/palette/_primary.scss","src/assets/stylesheets/utilities/_break.scss"],"names":[],"mappings":"AA2BA,cAGE,6BAKE,YAAA,CAGA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CACA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CAGA,gDAAA,CACA,gDAAA,CAGA,uCAAA,CACA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,2CAAA,CAGA,uDAAA,CACA,6DAAA,CACA,2DAAA,CAGA,yDAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,qDAAA,CACA,wDAAA,CAGA,wEAAA,CAKA,yEAAA,CAKA,yECxDF,CD6DE,kHAEE,YC3DJ,CD+DE,gHAEE,eC7DJ,CDoFE,yDACE,4BClFJ,CDiFE,2DACE,4BC/EJ,CD8EE,gEACE,4BC5EJ,CD2EE,2DACE,4BCzEJ,CDwEE,yDACE,4BCtEJ,CDqEE,0DACE,4BCnEJ,CDkEE,gEACE,4BChEJ,CD+DE,0DACE,4BC7DJ,CD4DE,2OACE,4BCjDJ,CDwDA,+FAGE,iCCtDF,CACF,CCjDE,2BACE,4BAAA,CACA,oDAAA,CAOE,yBAAA,CACA,8CD6CN,CCvDE,4BACE,4BAAA,CACA,mDAAA,CAOE,yBAAA,CACA,8CDoDN,CC9DE,8BACE,4BAAA,CACA,qDAAA,CAOE,yBAAA,CACA,8CD2DN,CCrEE,mCACE,4BAAA,CACA,qDAAA,CAOE,yBAAA,CACA,8CDkEN,CC5EE,8BACE,4BAAA,CACA,qDAAA,CAOE,yBAAA,CACA,8CDyEN,CCnFE,4BACE,4BAAA,CACA,qDAAA,CAOE,yBAAA,CACA,8CDgFN,CC1FE,kCACE,4BAAA,CACA,oDAAA,CAOE,yBAAA,CACA,8CDuFN,CCjGE,4BACE,4BAAA,CACA,oDAAA,CAOE,yBAAA,CACA,8CD8FN,CCxGE,4BACE,4BAAA,CACA,oDAAA,CAOE,yBAAA,CACA,8CDqGN,CC/GE,6BACE,4BAAA,CACA,mDAAA,CAOE,yBAAA,CACA,8CD4GN,CCtHE,mCACE,4BAAA,CACA,oDAAA,CAOE,yBAAA,CACA,8CDmHN,CC7HE,4BACE,4BAAA,CACA,oDAAA,CAIE,oCAAA,CACA,2CD6HN,CCpIE,8BACE,4BAAA,CACA,oDAAA,CAIE,oCAAA,CACA,2CDoIN,CC3IE,6BACE,yBAAA,CACA,oDAAA,CAIE,oCAAA,CACA,2CD2IN,CClJE,8BACE,4BAAA,CACA,oDAAA,CAIE,oCAAA,CACA,2CDkJN,CCzJE,mCACE,4BAAA,CACA,qDAAA,CAOE,yBAAA,CACA,8CDsJN,CE3JE,4BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwJN,CEnKE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgKN,CE3KE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwKN,CEnLE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgLN,CE3LE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwLN,CEnME,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgMN,CE3ME,mCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwMN,CEnNE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgNN,CE3NE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwNN,CEnOE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgON,CE3OE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwON,CEnPE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,qCAAA,CACA,4CFmPN,CE3PE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,qCAAA,CACA,4CF2PN,CEnQE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,qCAAA,CACA,4CFmQN,CE3QE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,qCAAA,CACA,4CF2QN,CEnRE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFgRN,CE3RE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CFwRN,CEnSE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CAAA,CAKA,4BF4RN,CE5SE,kCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,+CAAA,CAKA,4BFqSN,CEtRE,sEACE,4BFyRJ,CE1RE,+DACE,4BF6RJ,CE9RE,iEACE,4BFiSJ,CElSE,gEACE,4BFqSJ,CEtSE,iEACE,4BFySJ,CEhSA,8BACE,0BAAA,CACA,+CAAA,CACA,2CAAA,CACA,qCAAA,CACA,4CAAA,CAGA,4BFiSF,CE9RE,yCACE,+BFgSJ,CE7RI,kDAEE,0CAAA,CACA,sCAAA,CAFA,UFiSN,CG7MI,mCD1EA,+CACE,gCF0RJ,CEvRI,qDACE,gCFyRN,CEpRE,iEACE,qBFsRJ,CACF,CGxNI,sCDvDA,uCACE,0CFkRJ,CACF,CEzQA,8BACE,0BAAA,CACA,4CAAA,CACA,gCAAA,CACA,0BAAA,CACA,+CAAA,CAGA,4BF0QF,CEvQE,yCACE,+BFyQJ,CEtQI,kDAEE,0CAAA,CACA,sCAAA,CAFA,UF0QN,CEnQE,yCACE,qBFqQJ,CG9NI,wCDhCA,8CACE,gCFiQJ,CACF,CGtPI,mCDJA,+CACE,oCF6PJ,CE1PI,qDACE,mCF4PN,CACF,CG3OI,wCDTA,iFACE,qBFuPJ,CACF,CGnQI,sCDmBA,uCACE,qBFmPJ,CACF","file":"palette.css"} \ No newline at end of file diff --git a/2.5/b_n_r-accidental_deletion/index.html b/2.5/b_n_r-accidental_deletion/index.html new file mode 100644 index 000000000..73c399639 --- /dev/null +++ b/2.5/b_n_r-accidental_deletion/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r-backup/index.html b/2.5/b_n_r-backup/index.html new file mode 100644 index 000000000..8de3351c6 --- /dev/null +++ b/2.5/b_n_r-backup/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r-backup_restore-maildir/index.html b/2.5/b_n_r-backup_restore-maildir/index.html new file mode 100644 index 000000000..1aeed514a --- /dev/null +++ b/2.5/b_n_r-backup_restore-maildir/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r-backup_restore-mysql/index.html b/2.5/b_n_r-backup_restore-mysql/index.html new file mode 100644 index 000000000..48625cbb3 --- /dev/null +++ b/2.5/b_n_r-backup_restore-mysql/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r-coldstandby/index.html b/2.5/b_n_r-coldstandby/index.html new file mode 100644 index 000000000..056d59a71 --- /dev/null +++ b/2.5/b_n_r-coldstandby/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r-restore/index.html b/2.5/b_n_r-restore/index.html new file mode 100644 index 000000000..d8b113bcb --- /dev/null +++ b/2.5/b_n_r-restore/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r_accidental_deletion/index.html b/2.5/b_n_r_accidental_deletion/index.html new file mode 100644 index 000000000..73c399639 --- /dev/null +++ b/2.5/b_n_r_accidental_deletion/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/b_n_r_backup/index.html b/2.5/b_n_r_backup/index.html new file mode 100644 index 000000000..8de3351c6 --- /dev/null +++ b/2.5/b_n_r_backup/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/backup_restore/b_n_r-accidental_deletion/index.html b/2.5/backup_restore/b_n_r-accidental_deletion/index.html new file mode 100644 index 000000000..c245a91a4 --- /dev/null +++ b/2.5/backup_restore/b_n_r-accidental_deletion/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Recover accidentally deleted data - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Recover accidentally deleted data

    + +

    So you deleted a mailbox and have no backups, he?

    +

    If you noticed your mistake within a few hours, you can probably recover the users data.

    +

    SOGo

    +

    We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/.

    +

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    +

    Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo.

    +

    1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo

    +

    2. Run docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org

    +

    Run sogo-tool without parameters to check for possible restore options.

    +

    3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo

    +

    4. Restart SOGo and Memcached: docker compose restart sogo-mailcow memcached-mailcow

    +

    Mail

    +

    In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf.

    +

    A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage.

    +

    The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized], for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708.

    +

    To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

    +

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    +

    Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

    +
    docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
    +docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/backup_restore/b_n_r-backup/index.html b/2.5/backup_restore/b_n_r-backup/index.html new file mode 100644 index 000000000..93e737d88 --- /dev/null +++ b/2.5/backup_restore/b_n_r-backup/index.html @@ -0,0 +1,2773 @@ + + + + + + + + + + + + + + + + + + Backup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Backup

    +

    Manual

    +

    You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically.

    +

    Please do not copy this script to another location.

    +

    To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. +You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
    +
    +# Backup all, delete backups older than 3 days
    +./helper-scripts/backup_and_restore.sh backup all --delete-days 3
    +
    +# Backup vmail, crypt and mysql data, delete backups older than 30 days
    +./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
    +
    +# Backup vmail
    +./helper-scripts/backup_and_restore.sh backup vmail
    +
    +

    Variables for backup/restore script

    +
    Multithreading
    +

    With the 2022-10 update it is possible to run the script with multithreading support. This can be used for backups as well as for restores.

    +

    To start the backup/restore with multithreading you have to add THREADS as an environment variable in front of the command to execute the script.

    +

    THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +The number after the = character indicates the number of threads. Please keep your core count -2 to leave enough CPU power for mailcow itself.

    +
    Backup path
    +

    The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". +You should not rename those folders to not break the restore process.

    +

    To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

    +
    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +
    +

    Tip

    Both variables mentioned above can also be combined! Ex: +

    MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +

    +

    +
    +

    Cronjob

    +

    You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +
    +

    Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

    +

    This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

    +
    #!/bin/sh
    +
    +# Backup mailcow data
    +# https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
    +
    +set -e
    +
    +OUT="$(mktemp)"
    +export MAILCOW_BACKUP_LOCATION="/opt/backup"
    +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
    +PARAMETERS="backup all"
    +OPTIONS="--delete-days 30"
    +
    +# run command
    +set +e
    +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
    +RESULT=$?
    +
    +if [ $RESULT -ne 0 ]
    +    then
    +            echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:"
    +            echo "RESULT=$RESULT"
    +            echo "STDOUT / STDERR:"
    +            cat "$OUT"
    +fi
    +
    +

    Backup strategy with rsync and mailcow backup script

    +

    Create the destination directory for mailcows helper script: +

    mkdir -p /external_share/backups/backup_script
    +

    +

    Create cronjobs: +

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
    +40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
    +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
    +

    +

    On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. +Do not rsync to a Samba share, you need to keep the correct permissions!

    +

    To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker compose pull and docker compose up -d.

    +

    If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). +In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!

    + +
    +
    + + + Last update: + 2022-10-25 14:46:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/backup_restore/b_n_r-backup_restore-maildir/index.html b/2.5/backup_restore/b_n_r-backup_restore-maildir/index.html new file mode 100644 index 000000000..56d17b362 --- /dev/null +++ b/2.5/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -0,0 +1,2606 @@ + + + + + + + + + + + + + + + + + + Maildir - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Maildir

    + +

    Backup

    +

    This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: +

    cd /path/to/mailcow-dockerized
    +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
    +

    +

    You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. +Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

    +

    Restore

    +
    cd /path/to/mailcow-dockerized
    +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/backup_restore/b_n_r-backup_restore-mysql/index.html b/2.5/backup_restore/b_n_r-backup_restore-mysql/index.html new file mode 100644 index 000000000..79ee68ee5 --- /dev/null +++ b/2.5/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -0,0 +1,2610 @@ + + + + + + + + + + + + + + + + + + MySQL (mysqldump) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    MySQL (mysqldump)

    + +

    Backup

    +
    cd /path/to/mailcow-dockerized
    +source mailcow.conf
    +DATE=$(date +"%Y%m%d_%H%M%S")
    +docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
    +
    +

    Restore

    +
    +

    Warning

    +

    You should redirect the SQL dump without docker compose to prevent parsing errors.

    +
    +
    cd /path/to/mailcow-dockerized
    +source mailcow.conf
    +docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/backup_restore/b_n_r-coldstandby/index.html b/2.5/backup_restore/b_n_r-coldstandby/index.html new file mode 100644 index 000000000..aff39b259 --- /dev/null +++ b/2.5/backup_restore/b_n_r-coldstandby/index.html @@ -0,0 +1,2677 @@ + + + + + + + + + + + + + + + + + + Cold-standby (rolling backup) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Cold-standby backup

    +

    mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime.

    +

    This may also be used to transfer your mailcow to a new server.

    +

    You should know

    +

    The provided script will work on default installations.

    +

    It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes.

    +

    The script will use the same paths as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints.

    +

    To find the paths of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in an override file. Local bind mounts may or may not work.

    +

    The script uses rsync with the --delete flag. The destination will be an exact copy of the source.

    +

    mariabackup is used to create a consistent copy of the SQL data directory.

    +

    After rsync'ing the data we will run docker compose pull and remove old image tags from the destination.

    +

    Your source will not be changed at any time.

    +

    You may want to make sure to use the same /etc/docker/daemon.json on the remote target.

    +

    You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run.

    +

    Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that.

    +

    Prepare

    +

    You will need an SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

    +

    In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

    +

    Edit this file and change the exported variables:

    +
    export REMOTE_SSH_KEY=/path/to/keyfile
    +export REMOTE_SSH_PORT=22
    +export REMOTE_SSH_HOST=mailcow-backup.host.name
    +
    +

    The key must be owned and readable by root only.

    +

    Both the source and destination require rsync >= v3.1.0. +The destination must have Docker and docker compose v2 available.

    +

    The script will detect errors automatically and exit.

    +

    You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

    +

    Backup and refresh the cold-standby

    +

    Run the first backup, this may take a while depending on the connection:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    That was easy, wasn't it?

    +

    Updating your cold-standby is just as easy:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    It's the same command.

    +

    Automated backups with cron

    +

    First make sure that the cron service is enabled and running:

    +
    systemctl enable cron.service && systemctl start cron.service
    +
    +

    To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

    +
    crontab -e
    +
    +

    Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +
    +0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
    +
    +

    If saved correctly, the cron job should be shown by typing:

    +
    crontab -l
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/backup_restore/b_n_r-restore/index.html b/2.5/backup_restore/b_n_r-restore/index.html new file mode 100644 index 000000000..16ce59dd4 --- /dev/null +++ b/2.5/backup_restore/b_n_r-restore/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Restore - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Restore

    + +

    Restore

    +

    Please do not copy this script to another location.

    +

    To run a restore, start mailcow, use the script with "restore" as first parameter.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh restore
    +
    +

    The script will ask you for a backup location containing the mailcow_DATE folders.

    + +
    +
    + + + Last update: + 2022-01-30 16:17:22 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client-android/index.html b/2.5/client-android/index.html new file mode 100644 index 000000000..934e63488 --- /dev/null +++ b/2.5/client-android/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-apple/index.html b/2.5/client-apple/index.html new file mode 100644 index 000000000..62d280d4a --- /dev/null +++ b/2.5/client-apple/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-emclient/index.html b/2.5/client-emclient/index.html new file mode 100644 index 000000000..643c0cf66 --- /dev/null +++ b/2.5/client-emclient/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-kontact/index.html b/2.5/client-kontact/index.html new file mode 100644 index 000000000..6e7102bc1 --- /dev/null +++ b/2.5/client-kontact/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-manual/index.html b/2.5/client-manual/index.html new file mode 100644 index 000000000..c1bc64855 --- /dev/null +++ b/2.5/client-manual/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-outlook/index.html b/2.5/client-outlook/index.html new file mode 100644 index 000000000..87bad5918 --- /dev/null +++ b/2.5/client-outlook/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-thunderbird/index.html b/2.5/client-thunderbird/index.html new file mode 100644 index 000000000..f728e4e90 --- /dev/null +++ b/2.5/client-thunderbird/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client-windows/index.html b/2.5/client-windows/index.html new file mode 100644 index 000000000..046995d5d --- /dev/null +++ b/2.5/client-windows/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/client/client-android/index.html b/2.5/client/client-android/index.html new file mode 100644 index 000000000..e9b480992 --- /dev/null +++ b/2.5/client/client-android/index.html @@ -0,0 +1,2537 @@ + + + + + + + + + + + + + + + + + + Android - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Android

    + +
      +
    1. Open the Email app.
    2. +
    3. If this is your first email account, tap Add Account; if not, tap More and Settings and then Add account.
    4. +
    5. Select Microsoft Exchange ActiveSync.
    6. +
    7. Enter your email address () and password.
    8. +
    9. Tap Sign in.
    10. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-apple/index.html b/2.5/client/client-apple/index.html new file mode 100644 index 000000000..f894546f3 --- /dev/null +++ b/2.5/client/client-apple/index.html @@ -0,0 +1,2645 @@ + + + + + + + + + + + + + + + + + + Apple macOS / iOS - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Apple macOS / iOS

    + +

    Method 1 via Mobileconfig

    +

    Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first.

    +

    Method 1.1: IMAP, SMTP and Cal/CardDAV

    +

    This method configures IMAP, CardDAV and CalDAV.

    +
      +
    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.phpmailcow.mobileconfig.
    2. +
    3. Enter the unlock code (iPhone) or computer password (Mac).
    4. +
    5. Enter your email password three times when prompted.
    6. +
    +

    Method 1.2: IMAP, SMTP (no DAV)

    +

    This method configures IMAP and SMTP only.

    +
      +
    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_emailmailcow.mobileconfig.
    2. +
    3. Enter the unlock code (iPhone) or computer password (Mac).
    4. +
    5. Enter your email password when prompted.
    6. +
    +

    Method 2 (Exchange ActiveSync emulation)

    +

    On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead.

    +
      +
    1. Open the Settings app, tap Mail, tap Accounts, tap Add Acccount, select Exchange.
    2. +
    3. Enter your email address () and tap Next.
    4. +
    5. Enter your password, tap Next again.
    6. +
    7. Finally, tap Save.
    8. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-emclient/index.html b/2.5/client/client-emclient/index.html new file mode 100644 index 000000000..d3652ec84 --- /dev/null +++ b/2.5/client/client-emclient/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + eM Client - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    eM Client

    + +
      +
    1. Launch eM Client.
    2. +
    3. If this is the first time you launched eM Client, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to Menu at the top, select Tools and Accounts.
    6. +
    7. Enter your email address () and click Start Now.
    8. +
    9. Enter your password and click Continue.
    10. +
    11. Enter your name () and click Next.
    12. +
    13. Click Finish.
    14. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-kontact/index.html b/2.5/client/client-kontact/index.html new file mode 100644 index 000000000..f3a0ccf83 --- /dev/null +++ b/2.5/client/client-kontact/index.html @@ -0,0 +1,2547 @@ + + + + + + + + + + + + + + + + + + KDE Kontact - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    KDE Kontact

    + +
      +
    1. Launch Kontact.
    2. +
    3. If this is the first time you launched Kontact or KMail, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to Mail in the sidebar. Go to the Tools menu and select Account Wizard.
    6. +
    7. Enter your name (), email address () and your password. Click Next.
    8. +
    9. Click Create Account. If prompted, re-enter your password and click OK.
    10. +
    11. Close the window by clicking Finish.
    12. +
    13. Go to Calendar in the sidebar.
    14. +
    15. Go to the Settings menu and select Configure KOrganizer.
    16. +
    17. Go to the Calendars tab and click the Add button.
    18. +
    19. Choose DAV groupware resource and click OK.
    20. +
    21. Enter your email address () and your password. Click Next.
    22. +
    23. Select ScalableOGo from the dropdown menu and click Next.
    24. +
    25. Enter your mailcow hostname into the Host field and click Next.
    26. +
    27. Click Test Connection and then Finish. Finally, click OK twice.
    28. +
    +

    Once you have set up Kontact, you can also use KMail, KOrganizer and KAddressBook individually.

    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-manual/index.html b/2.5/client/client-manual/index.html new file mode 100644 index 000000000..9b5c0573d --- /dev/null +++ b/2.5/client/client-manual/index.html @@ -0,0 +1,2651 @@ + + + + + + + + + + + + + + + + + + Manual configuration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manual configuration

    + +

    These instructions are valid for unchanged port bindings only!

    +

    Email

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ServiceEncryptionHostPort
    IMAPSTARTTLS mailcow hostname143
    IMAPSSSL mailcow hostname993
    POP3STARTTLS mailcow hostname110
    POP3SSSL mailcow hostname995
    SMTPSTARTTLS mailcow hostname587
    SMTPSSSL mailcow hostname465
    +

    Please use the "plain" password setting as the authentication mechanism. Contrary to what the name implies, the password will not be transferred to the server in plain text as no authentication is allowed to take place without TLS.

    +

    Contacts and calendars

    +

    SOGos default calendar (CalDAV) and contacts (CardDAV) URLs:

    +
      +
    1. CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/
    2. +
    3. CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/
    4. +
    +

    Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.

    + +
    +
    + + + Last update: + 2022-08-08 17:51:53 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-outlook/index.html b/2.5/client/client-outlook/index.html new file mode 100644 index 000000000..888edf0b9 --- /dev/null +++ b/2.5/client/client-outlook/index.html @@ -0,0 +1,2677 @@ + + + + + + + + + + + + + + + + + + Microsoft Outlook - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Microsoft Outlook

    + +
    +

    Outlook 2016 or higher from Office 365 on Windows

    +
    +

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    +
    +

    Outlook 2016 has an issue with autodiscover. Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher.

    +

    For EAS you must use the old assistant by launching C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE. If this application opens, you can go to step 4 of the guide for Outlook 2013 below.

    +

    If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below.

    +

    Outlook 2007 or 2010 on Windows

    +
    +
    +

    Outlook 2007 or higher on Windows (Calender/Contacts via CalDav Synchronizer)

    +
    +
      +
    1. Download and install Outlook CalDav Synchronizer.
    2. +
    3. Launch Outlook.
    4. +
    5. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5.
    6. +
    7. Go to the File menu and click Add Account.
    8. +
    9. Enter your name (), email address () and your password. Click Next.
    10. +
    11. Click Finish.
    12. +
    13. Go to the CalDav Synchronizer ribbon and click Synchronization Profiles.
    14. +
    15. Click the second button at top (Add multiple profiles), select Sogo, click Ok.
    16. +
    17. Click the Get IMAP/POP3 account settings button.
    18. +
    19. Click Discover resources and assign to Outlook folders.
    20. +
    21. In the Select Resource window that pops up, select your main calendar (usually Personal Calendar), click the ... button, assign it to Calendar, and click OK. Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists!
    22. +
    23. Close all windows with the OK buttons.
    24. +
    + +
    +

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    +
    +
      +
    1. Launch Outlook.
    2. +
    3. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to the File menu and click Add Account.
    6. +
    7. Enter your name (), email address () and your password. Click Next.
    8. +
    9. When prompted, enter your password again, check Remember my credentials and click OK.
    10. +
    11. Click the Allow button.
    12. +
    13. Click Finish.
    14. +
    +

    Outlook 2011 or higher on macOS

    +

    The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.

    + +
    +
    + + + Last update: + 2022-02-16 15:23:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-thunderbird/index.html b/2.5/client/client-thunderbird/index.html new file mode 100644 index 000000000..6dbb93233 --- /dev/null +++ b/2.5/client/client-thunderbird/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Mozilla Thunderbird - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mozilla Thunderbird

    + +
      +
    1. + Launch Thunderbird. +
    2. +
    3. + If this is the first time you launched Thunderbird, it asks you whether you would like a new email address. Click Skip this and use my existing email and proceed to step 4. +
    4. +
    5. + Go to the File menu and select New, Existing Mail Account.... +
    6. +
    7. + Enter your name (), email address () and your password. Make sure the Remember password checkbox is selected and click Continue. +
    8. +
    9. + Once the configuration has been automatically detected, make sure IMAP is selected and click Done. +
    10. +
    11. + To use your contacts from the server, click on the arrow next to "Address Books" and click the Connect button on each address book you would like to use. +
    12. +
    13. + To use your calendars from the server, click on the arrow next to "Calendars" and click the Connect button on each calendar you would like to use. +
    14. +
    15. + Click Finish to close the Account Setup window. +
    16. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client-windows/index.html b/2.5/client/client-windows/index.html new file mode 100644 index 000000000..462f428a7 --- /dev/null +++ b/2.5/client/client-windows/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Windows Mail - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Windows Mail

    + +

    Windows 8 and higher support email, contacts and calendar via Exchange ActiveSync.

    +
      +
    1. Open the Mail app.
    2. +
    3. If you have not previously used Mail, you can click Add Account in the main window. Proceed to step 4.
    4. +
    5. Click Accounts in the sidebar on the left, then click Add Account on the far right.
    6. +
    7. Select Exchange.
    8. +
    9. Enter your email address () and click Next.
    10. +
    11. Enter your password and click Log in.
    12. +
    +

    Once you have set up the Mail app, you can also use the People and Calendar apps.

    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/client/index.html b/2.5/client/client/index.html new file mode 100644 index 000000000..5d5e2f880 --- /dev/null +++ b/2.5/client/client/index.html @@ -0,0 +1,2554 @@ + + + + + + + + + + + + + + + + + + Overview - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Overview

    + +

    mailcow supports a variety of email clients, both on desktop computers and on smartphones. +Below, you can find a number of configuration guides that explain how to configure your mailcow account.

    +
    +
    +

    Tip

    +If you access this page by logging into your mailcow server and clicking the "Show configuration guides for email clients and smartphones" link, all of the guides will be personalized with your email address and server name. +
    +
    +
    +
    +

    Success

    +Since you accessed this page after logging into your mailcow server, all of the guides have been personalized with your email address and server name. +
    +
    + + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/client/index.html b/2.5/client/index.html new file mode 100644 index 000000000..ccf0f594e --- /dev/null +++ b/2.5/client/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.eot b/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..732a1d88ae47d157d4d7565adb61fdbc917054f8 GIT binary patch literal 11260 zcmbVyWlWtx*X=pDySux)b8s#0?(SCH-QC^YiaQ*jxECu>+@ZJ>S}yOKFE?Lu|J`RY zd#_n*ubs*KdouIR2ms_V000o50}Ak&5h39rp&%h3pn!m6;3ol4RH6NhkpF@I^A!OB zCjWuko)C!tL;bJB1yBb#13Uq40CRvPfD9ndDqjCr zWBF9s0X(0&<7XH9Pyc_atUj~%=OhDge0JdeoIIbA=fAxG0LlNa9h3b(`vm~R)n!!v z*HQczLIU(=01T-BhD-pd6~^pY?Cg(d>{dPT!=2rINur!B9VVt5>m+Aoa43}TtWgUA zu$>5wCiO$g%#P(76N7s@#mZm}UVZsVL920Mc6^>cg9g9icPg;Zjhew*_fh)1tf`N@ zx2I-XuDHQhc{*W7Q8J07#$`OhqU z4PGQa;T#+@h-gqwaZr0XOfHC8fUuQ&A5+$dFQ>kNaF7fYBAxTb1RhugHUxj)3n%NCWTg-I}= z%6M$>>pc%crQe00Lx+)3DJxWjY$Vt6o4nG(Q7KB6jw*G41VAikr)-s)C6%H1_dUTC zOO)gi%oQFr|E$JjAi7G$uAO|VnwFFqL_#E$^pYml3KYuQ_;C7z03y^sjhkCC0X7`# zJ<{?{fY*dmcY5ruKJT0r8p~!nc1;k+#Lyo&hrMbM}wt;)%WEDjcW&Ya|(BA_=fhQt^+P z!@xqIx7iwkOUD3=J2)&RM>8ZUxe9s(HRm5XIZFiN3Y1LvU#EWk1SadXI~uVsN$d)7 zg-pO3o`^w(&Nv5pM@k*aBW^Lz@eNv$tTGzA4`3`}p%ecwD$FrhK(2;3-josM62T%t z67&wbbe{0Bk&UdWB$~OnBS6=`Mst94Lu{kR&ETO8MuC#W1T}|MQ?A8=Acsb))gYDO z0(NndU|gXgGo01SBu)s%DYUTVR&r5@{Hka(kbFZn3{|dV(pcrha^a)qT#C(7YG!3m zmE>}&n+47s9`9#GLN-xuCl^)|J>q11q?ZQLbKw#zGn&hUFHcQ88mx0xM)HTwB;*O! zcGvF`BTh8!QjzVfXpy??r)xaroSEsH1i%^58LJsp?q&!p4XM^7mWP4b5Dt%{JBj19 zjb_YW)x6U15J_tP@VHT5upyl|<+;`s3ruI=M%X%1%2X)5m-?PL>O8@%r{pY_B-jK+ z!iZ=~M|br5zzxaTj9v44#_v(>!TtH$#26nS;LPI|5weK)rlxgY56dTt)vrFyOq(!CPZd@)Jai)u6jT?F&S zwz=EzQ$-sQh&PDw!@H)+9`)c!-|o4Y)F;EGb%FQ@ouvXgY<9+b94}4)iaT+^&l(_S zKqW01Pc(T!i{q*M76U{#DFSXqHB-A#&-lv;%5GnuCf2;z5jd25b0ymCN2%ObGhs1& zY*R85ddbLUGB-ULfC+4;2{AF7j)SjEV}({Eu-(oJJ6OusryUXA{!9gm&^tXG8emx3 zw9bZIpAm7bdyMZ=Dk+J52Rk;}vf&X)GeE5H$drMmBx&)Fs~0o#;f`f~C5vf~Hx?2o zYuZ5hC{0V%0$SkRQv0&%tTJoHp1Rl7>M6t*vRZQh9OFZzA&cFcg@$u&i6voAFMA?* zjE1Ll(1MD*Qe#rcqm3oNm6_NF-uQ}B%0;_ixVyy_8v>NT=#SCbXth-;J2J)BF$Y9p z7_wlF)<}5BFE<}XIcF&%_mnZ1B&s@$blrk@Y3qnDBhYBeAiANXibk{Hc%&I`e+h!G zm_{<_X+BuC2-AJi`uR{5NL|P3b*C*)f5=qw=969N1TPLJVfjzO?ApllAHlGcqQ%?N z^tomp$Pn`Ru?5PphKv3>wnU>NP&N=8X%M!@si8moASHltFg!UpwQRlMM#terZKLgw-XoBTVMEwyY6z zvyu{~QODKs<_9DtOtR;9XBWavr!QILs$H9#aHmIlq(Fh`Hwfr7@Cm>s-l9S11bm%* z*@NIw^@npAkOaQ$kUUzhlA~3SEcG9}3Rp8HVX2?Wb5SvUsTfSZwph?W(uI8~rlUYt z9^KWRgN|(JGZTIht`eSa>{?VHU;IWj7VhZoD))Ng)TXsnkEPr3v*>UkAbX>Ny9O zil|6h=|DHf=b+;s&I9AsAmj=s=Cnf%S>f0i$T_=gH@S0sROsTKolR>Ag5?}_*Ix(* z{_2rON?f&dJsRk2xCXesG~?WGp7% zkzfn+6sv_xY--1omsoe@4tpRHJTb2Gt7t_zvE6uF-yx}?U(T=u=zQs$ocs30Lyd%Tf zj8coyT0BSi!epJ~aQYb-ESNzH5837)lS!p0Z-LV^8C2BoSiw5dtY}32?!}=dN$`DT2X0 zVRnH@hrtUnwjw0CK!oAn+8O%Pgk}xEE?CMgvqFR)bR}fa&iNX%pzB?H{SzPo8?0*X zpSNB4WgR!~$4T5fay0r#j@~0%#n*83e|pyt6DE419C-dey}Wy<>}du4Uu)?80*mtS z6REMOi4k_B(Aj(3GhT|axP;Qhlo8!K5H*C{QxG+579~jTwwuZ6S^I}Xz>S-)a`LA3y7=e>XB@mZ#?wJHvS&I27PdL2~z)a=5bYK(cTs@0Ra);!cM|n5i z@1bpVJRC=%o|A}kdGu8=>?aa=AeB0a;63edOe3(I2hj z`|jm0LFvPOVseP?EM9RK%(HS}B>#QMNMijrtU>w950pHV!o^ax4+FBbZB1TgF}{(>xkTVDFMh6+Vc-T_ndZm4Lb zo{Z`JLgNpombb76T!p79817!LLfJ_^wFfNHm~sv{({w8&0}$89otuG76Bk=&O^BF7hlc zQ%+Y+QF;I+q(iYK8k|kGUDrMaBzis$1o@V7_L|f}5}xdL|3f-7mA&4~Gc%EXgr%CMA%*G-ljjyPK1? z5CYKxZsyX<<`P%=q5=1=_#6cThx6SD_gtZ>P@ctJ|FYxl4>$P;JrMg)-+In&kXmNq zy$mha3g=bAxBI&g+VLo*>wc%*gmBNzPJN}a1GhmpCMThNGREku#;;NQ<26^J46HeO z`d`MKdXBzA^oLFEH0KT~i!EVI-4a25e`e$4|Kf2K%@V zQl<8F!cJvW6(wPaIt6X#prE3}9&V@AgIBn4$=l9gE0!f5)1Nim%?La2YXNgeeiH-XO^r^EDm#u6NHc4q-i*G0N1Q6V^n8o5l$mScH&v%{8KL?Ho*7vHYwj zK#S}?lVWE`=Mg0ZNu!HA<+3W}q`#m24mg7mDTa6o=&1s6!xH)9!?(0Q9Kt8;&N3%V zaDu{gg{T8OJpgBVYv^w@I)~cN!vZn}wbTGR8w>WB8E<|79G}2KoK3VLlCATrVy{)1 zV?z?-L%g~siRq*)^4+V|x9V@z>@$!t4#WNoJCAtU*0^^ap+~5&(ot69G(^7+1rBB_ z^^?lYplp{wVvhXU1B--t>vWVrB2!|75pf|%BaFmwG@mYg?+F3)wo>#eeJ3{GgjnzP zSQU<9=5^vkN2s#2FfNnRj*Ez|=FwMF8IpR!`*S!+rZaYXk1lv8qY2YVr&iKO+$_8a zcpKK8&FBMevW16^1gxyE^Y4HhVyYhXwhQ)Pg^K=pg!lkn&jg zNFqRkJZYOF?CnMB!CNe|2?d|l#WX73<&=0GvF9-mPr$dCKB63RyC3xf`zOQ4Ll!Ql zKWSEr2Urp>Hd^fLjOa`F=d#-A{-_AD>#;CZjUl8{eTWQ@sR=s2GYfU?%~9w5_KI#T zvKqst_^Oc)lCS>;v^q)9K=Z^WEpfD;pGvz6snKM2sSPSmu(VW;Dbq5jVpdkKS<*)J z*bJKhlVfX;=w$5=In#RGr~di;COyGKT5==fYV zz6b9&Azh~Sq0Xbc(*Gc$&;!4^y{pv%qhnLO;jF@bnG{I_ct&Av!>4!;Oc8ad$^+aG zC&WB_WCmXpAc9d%z#xc9#<8|v{y$Wa09X*0G|cwsp*Fwj;#%)G%w?C<4NvY95|;f) zw{m_4zr)ZrgT%y0lA;YAnBLCxzhSXcQ1g}_RY!QS$d^)d`{>_hNsq`JeisCyUWR5Q z>fut`mP22sW20fAYr^JEK_p`7{SbDzgnBLS2=6>nB+SmTP{w#++H4F~2_Tp5ipNvn zQo^(|BmY;1g?<&V+_#w9i>}{)4;Wc(VY<&~x5cK}H<(!}j}z)5RIGdW-t^t=+eXV5 z(BPhYOeavsMjt{Z2@7V2l8m|O3U9hx`?qGqD|H{YLNgFxt6xb)Ila!x7#$`Mkzt3f;2s)b0 zGzC{N{Y|%!$QQ)ro^+WNh=tIJYKxmhm)q-T>Y-ry=bmD(Fjq;uprPe{8Q%^SWXu?! z$ult6ca@q;0-l|Zfn;TpOG-nkoUS)&1(kQnJSJ87V|7N;5b8DKer$sId6?I|ete*` zSb0%eIy8ATHy-IWomTOd_O$VKe09o5Tlw*1yxXn3_yKx;EH2USdKh~)h-2F^Hq7)3 zP+wGi+-HKD7MOW1yr3Ts>K`)B&mf zRPW(y!#nvuNHyLG5_K|ZU`2hI{{m$wQ)&0Fj*@IjygTXN(HubzR#vqRcCeYGi3_O9 z7&$8aEFL=5T`ztt$JOCqI14acL^*BhobnnoCg%$Ndn7ir)rpK>M6#CWqmb9$oPfLt zSDakGNczy=S&-dCTYAWO%?5U(n|3SBtjSYUg~BZc^qsFbSSUkemhkWKX0 z2|C6)$nHRuP(PQjOq=Q4FsU&ZcmDQ@ac#3#q7(3N#sP8sol1?pQHsEX$5y^MhGZCp z=JCJ&Je$DLN;C^nJ!#%ZvyL^D8#Fp}H_Sv>!pdCMZQ)dO$YFuaMLQ18vIW)PAy&%s zrf&Pbzz?L2ZoNe5%+ivGWo)pxjo+|I5bmsYA^it3v({m=%OZ^_|8844c zQFC#MWy84>u)ECM_h^dU07tGbP0P>WlTE>*ER(I zD~It5S9y$coc!+aL1y#Q7!)Y-0WBJ!kNVM!gu8rmktO@?=k@~W`yO}ZV}hTKgr+^1 zY-#7`)sLrG!fJW!i}T=RuGAV_eL*B2Z<@-en9@r0-J@_JnB)N+$2?UDA7v9}c2Q28 zdS8`hU|)`}OhU*Ax31twGBcAD553=63c;j!;UqrJpHMJll*!}3V4r5<7$Tr-1Rt&7 zTsTSs$NP0_Sz80nADh#_2qSv#uja#x$tc{Z7IhZAOfz)&iIku2jyBMOjNYp`q5Vc5 ztDm3MxBH)%(bm$DBKK#FQRRGd@%Pa(RX9Lj)nh8egE|h^K=guzTki1TUP=XqNCx4^ztO`FjLV zkV8lfQa6bn6p~?5<@~I6%?WjjMol|7ljo(faFKjxW?s=DC^jOvz&zu^ z|H8N4$uo^H57EkAkp86#`>f`w%mr<3b3`k+An2@!2#oLR3fLk|gcacrzAvy0&9`|y z2Y%1hwdYLyYSKB8jSnQyys2!N$^Eolhn!b`)ZUql%5kWW~;rC=nwxDje2Egb#Xv>Qk<=ud73P7xv$~ zMoUJ~kZoCFm1%+Q0o%MR>aXfKzI1tu!?rflNmWalAk)CJwAs#SWM$#1jA1UsD|?); zbCJ4RvE0FhWHo2uxM6g@GVeuVlyep!qC2sIxML`L9O1K=CE^*oU4z`oE6O|ZVlfKH z4(gSx;$XDiRr5=uXM;a!s6+NUh6Q4l6b~EhZM4&lBqsm{HL_kGHUyK4V<9rvL)#{ zghw)SFUPU0aU?-H5RC^XN8W{KEI{j#q51HnMXghepDQzYb(dzAUIUnotXMxDwk6o~ z))4HF($v-dr1kY=vs`nDk-5qh{DrQV0{)?N=C7TclWHj@NI^vdhsd;cLZ&FW$^F^M z_UD$9tt6EyC!BoGzeQ7F&7H8SWz9v692W^05A?PFYR~_DC&e$am3Jla(8=d5=`e$0 zDC^f<#>C#~YlmTUdRhx>n{uo*p@tj+hV_O-w1o=;X9zPLXXgrBiGCs5wR1F`#71bz z>8#MPeJvzlJL^F}5kE6b0>pvN-*C%L5v8S)Ziy}^~|UmmVpA>!}BpXZK@hevW$kc z6{B?tZVvv59J9Q3ab6iL)6z0&a{7gzkGJUt^I;WjMOXc}n`3;ABi&}r(n_`zN-YiJ zRi35|a3PY7zG}l9nQNSWZ^8_2MGfdG~=e**YwWNTd_bQ~tJYpU(_GCQH$soStELyw2}!Mpry6uX$ohgtCbf z3;`pA0kgt2%3(l+W=pB39$HoirIJH@F8sdH0NkkcpU9hw4=FfwEDq6?*CsBqZoXO> zh+f;XUW9NcL(GLmg|_5Ovwv)EZU~L+YJO;?Oyaf`n=Q95qjV?8j?$HDUWZHTk!o$~cQ&uX+d&k=r3&LF!j5ta3406$tnKBLKnyjM;pRle)aqf9{Jp@P z{t-*&rG}BE9T=)OOYci@rf`n+YmCo>o&>rGq)NC8$-Q|iX-}9;+Fs6I zRwH=tbx6IvM9oDxkeXYC|I*@TJ&btsEdi5oX}T?eGdm;-mAd!^en1GyxADAG<1fyV zybghFRvt6fN7Hz{;_M{0FKY$4EGSB(4ZF;D?ZY5Tm&RK;Z2_Gg)4iR3M#p~YW}w!{C`MNQF`(3!V09ULKrVp@a0 z3L0EH2CFXK^}Qr}y+ynIf))d^GL2QV%@o31`dp)<@76t_8&?}_pW+(C{NfsM$~M!N zc^_Z4^7g%D_xL(-X{H4m2Kt*4?c1NRi)Kq~XtJckz>fHO3YqwV{~cx+Fmd0Nj-<|& zg?g^a(k)kE#=xRaT|I)$#$Z!BXUZsm)UjXIc9NO;P>)gg#=28T05cg!D0W6~qY`=s zaun4-@bXItS`wil8FGzpvM2!K|5*k${k>ZJeem(k&N+aApX~s6fLt3;tYnYC!i^0D zVNQg(cG4NPyVz-ES$`?*V-LM!uJhtUl^7n&j+RO(Mqd+XQ5(yz2U5aqh;_oYCE7OG zDN&^#=`_XEewM0nNl~><)=V~^^jIwQLTPB2)fML2$AzZIa0}vmRAj4>r5g`YRV9X) zm%Z>|2*)J$sD>t=O*M~!gYNgt()`;6F`x0|OOxliXOlofZxkBBW*Q199718ZAWN`` z*L}v|!!{&2SY5n#&*QEEmv*ZG9`Frc^_0&Sl7L#jHJ9j6>!O@6l94>mD6!|)l~Ia0 zCB3ABK6M!o9rKii4Z!JBE1R+QcervEuU%A}uPh?*QrhC`E?yRg5Ih<5mm3D&d~t;r zgJ0OEv;gLwLD9Cij4eDSOLOB9vP2|kCf%1Be&cM8J}KQMkt``$G>gA%*^VuGd%rUu zxB@X~DThVgP*awAYHVjxn_Cv+ZDE_6V)B@QX!QzEr7m%9azP_huwyQdt(QNNR&I7U z?tJiLH_tF&k`6IJE%aaSii?RemDEr$#B9%`P3qAn_TTso@qpOR%pRM2$|{g znz8X50of*RJ$tnEGUZxwDR$6Cx&gwIgM1RvD*$Z*pS}F~pW3PdbDHm8@PUpO9`V}! z2}D)k5NrWd+OD0unnJLVxaOEKPNPS&x5>%3q2trUk8420>|qzqBI5TRpzr!5`a zX2A|auZ00-%-xsCMM~QvGj+#V07*kS>Bm}fsiCL{uJ(s zu<(fqUmEQdC2_Ov7=pDT!@A|r6o!qH@4 z>p#XflPQ&>m2WYGsf7g2cK-nQpcvkmsCs0?do@UJQJ5Dom5l@KQc=Ah@l#mPknVVZ z;6_t{?wt0yojHF~Dw&C?T~)(z6zJ{KR;}1qw%IK;{S2+|#3hg9lj-L6twh-8TiMdQ z321b#xCj2+l=q<# z%b}Pzx`U)G#T5Mb+wbdN!z5v37oCgTdnE04@fK4l3u|I_cKQg|7?`u%@bRd&GUX^` zOp$i(Y^|G-2sqjXC6+X;j75Zkyn*R+==5&#hcO&%L1O&-1Yi7@nBv_eMO=}U(;>~R z>T)HwH%*Rw42qcVI`Aa}(7EVtqj+&0UhvIC zu)M)xe8jQ5gu%^t0zkQ<>Jl7?d{xJH8kJf$wGk&A5sAhP$&D^AH948ILk~-gXh=%> zUlz&YbBN5kQ*`Brt5d2{__j$){Z>oep(q>!1LpL=7 zPxn1WXkrkEPD4Q6~0S@lvOGg_p*Y`wT`cnqGrxg%hUDUNkD%ez|&+x>| z2(1wY5#Oyrh|^1E#;thL6@;eHmdmdQr6EfYy&4Z06OlY@s~RF&&qxj?E!N!+*kQx| zWK;v!#_7BOg-lQO!#prSP;W@Zwqo9r)M)&-v`Bbg%yzM&G2M~Pq58wOj7@lUqGyt>YRs!QAb6m zSQVc=%wpMdoHK4q<0-O|T52O0t8T4I{cj#uE#}3RN6Y~n_radf3nRw0)kb@tX8@b! z_gpMHjx_yz0hRjwo*ScIRPk}IF8zRmnR{IX)t)v$w{UorMtCVXtlHn1zCON#yq2xU zI^|#a%w-@(PTXOZ45mw3Z*oXYxG%cT_mH|pqitGXrSwN|8C%L+6V42Dn`mEK`8>L` z?_-}MN2)MXZPqDr`_A#ZZU*SWMh9!i9S^pjUT-=>z!YEM%IU-qhl=v%Eo9ecQjjFn zcIS-t1aq8il68>Y%e_ApEN+K94gijgtf6#-QE1C)WcXV=th@W!hLH>AvT&Z783MjE zC#O@$TFCXrC^fXY(i~w^r99HHwJXPpGVx}p6+;5R(NN#k%>|I+S{rB|F6_~4 zCsJDoRLgL7&0~b{O!(c$$Dam>(R!oSZ|$-EF;Zj-ajcr5*uEzQwQZ?}g37X*%rr0O5>85C9rM@@L04#m4Z`8W`j5mZ&BuFgP zcH`4&yc>ABfQD}>E~cg_Z|hlmKmab@;H9FuYBsPrsNrobO$>Mp!J8vYexJ_94(yn5 z_{#%xb+*a{Q%iEqa+++MkgW7US&5D~Ncq6;rjW(VX9=B4X16Iy%=qT&RJZLtvD1g& z1Evf~mDS-uoCp@}S()OXN)K=Q?ofjfHoaRlo4a6hMTlu* z;CZez5@oQRO6>5z(%Vbx1r;DLwzrF;U0YrM7n=>J6;>;$hH)&NPKDYB8D_VUfKU`URq0cMpp?Xrmj={Rt~GqYupukgRxJK@upocQ z9!g<0H3TTMY3{{AeuHAE>x2rjR}CosK}{vSgS+_fASBVmpd$SCz8Q25?w!1DQynS_ zmK)&;q?P36mb?^eSe!#s`eie_O!Uj(>y07=z!b5G6q0mK-Ca|($$LN9dufpE73;|u zwrVm4sK7c?Sj?cH;HMJjMa4LvTrJv+)Jevmiq|Pop3`*EqDX@k3{Q!S#uiQjEg|8= zZ;>L37&e?O%1Y{1*UsM>s>^oRH_}2$9SD56`1$Sjn-gDDAoT;(Y2~)>(9wgg=mA4t zH`6W*S$+Idtn|aM+G1)3tGqc*D*aD4)J*Y580d7qVoH?`Y% z`PFmR3n%ItWE)P_EBuJ8zce}PPHmg^T? ztlrj8yR0NkOkzF8Od=)=hd{vul4`f9v7q?f0wgW&fofhn z3`BBaYi=qD$@xOgA>^^^c++3`Z>`N=eqDqz5CmcjA4+m~KIMQ7|Iebxhs5w& z!ci;iq0z2fim_YL{*XPMlh{ryP%fqw`b>rlN6U0L)!yUTI~?=H_QQ{rS|rht3a+*HpwjifJ1S}6u9SXTuj0vQbJr1$t%Sv>`}5(2 uz%q*&>jqga$^};-0i9*=vq697z}1AORNG%v%(7nk7#TJAzt2)X!~X%67Hy#b literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.svg b/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.svg new file mode 100644 index 000000000..38ac0fa0e --- /dev/null +++ b/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.svg @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.ttf b/2.5/de/assets/fonts/source-code-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..918694a4d177e31985d6279e52203e470d4fab9a GIT binary patch literal 19720 zcmbV!34mNhwRY9*p6*$CmfolLecz_{o}QVWec!ia5|T;6B$>$`CLs%I;ISy6Ac+wO zB8wn9LR1JCKtx0kL1ghEf<#c@Ap#FUP)N`J)xABFNkrfKU+&!7_nupI>YP)jPMveA zZU`lWRN*2fq_eHPL-erduY~ke0Xoq+G&s8PnxR8@p273^oulI|<16Z(!t*d~?0u{WQ3a-5L9hw9yZ+8Uoq=~$Mo4bO%(^ve4fdC8gfu^Z_o*2GBysXh)c4}qIkRQwp4^QY2i|`O ze6h{jrq;BMCEg>X@j~{zWzC-Lw2#|}XGX7e>zXa=w!U~#Eg>C`5+bs1-?n4t+KQ;@|B5Mxvf%MWtH!+&=7ao@$Gb5dP{BXmUMpqFt0Yo2|08jT;;~dR;dVIiM!1>!QR}+eOkLMdZd=c;WnaZGDJ~mmYg*!`UreQw!Q-FRwKgOPCCzgma(?b=VkV@>9_EsX zR0?frrEa&wE|I8J8VwpqYb6r8s$pgz(0Bflx)sKVuEp25GLcx>80xY_+-qgwrDqRq zI5ZNqB#qYQT_dA=THKC!C4negXYP{wK5|{{hPVz9at<$|b?M8k|G_itKLpzu-LSNXF&het6`Zp5F7u znc&XJig?ZPCVNhC-ZPeUvf(Q?Z9Fs_HzoCUfqAv!_V)Zc)*xCL1T`h|lr!Cm z%N@85j#0(fSpHq^vix7D5(<#aKZ(+-FgE^PD2;X<&=>Tudesd#(5r5^p_3DJbR0k4 zi9%#}?nC+)Za;LEQSV9f{gjm3k~X;tQ;s|#sMICmX+&= zL`6kZjLpRJw}SH;^t=~6Ur8({^*tM563@I| z7Sx{xduE%OW_yHdtk>u3jqz96$f3;}uNWG-V&mpRBi+q=$3}NGHtrf7+uIBh$$DHY zpi_2=-aF(ABX<2`-CG(Ows!5d;@oxYpkn%St$P*?P_W7Ov8kM(v@7GKxz1Y zrd7){!OYE%*pn&m@%wvXF?M}(*|zE>rM`M+rM|eT%5@SW?agN`9ogO3xO-&jS_ zahExU+gg?c@_(kw8k?Gu`B#JaThO1a=nEY<44tIMunQi~sn&=YBdylVv0kFluDzj{ zYbw*$Yf0KCZOy^->ABpDGiV)%*LFBk#udI6cVjdkV z;%_TB8mbwtw~aX)J>Ev=u&r)LW@=d5L9fiOZyR9m ziYviaJe9&o5qe(3iF#Z_2`imE6S^@ z#N`^<@`)plu9zw}Rf#L~<)_n8+Hi{|Xfg#gx8#4EKYX}4ZZ^lO4+FCsm}9_P3CSl< z!mOs;%M(*dr%J4HD_1Rf`E7dBPhEXpZ=d^-{PMS%HDE){0C_N5pQJE;YHCwA)2;dM z(|hv!>CPCZ>xdnH3zmsv7Lyav4=~fAuQ5`X#ZQMhHqA*rISd+RKOAhLh6zX~E1+i@ z&EGA2mzP;@|U+Ae{YWA6%Jeeht@OUQFYj%03Wc9N{BeV5>Ol{`KcqTm- zaq5yzFSx14{PQWeQ4u?je}4Lmd)U0SAjJhYf>y5D*|@GY&}k8gN7|$!)2PYWX0tU~ z{q4R!*#&zCcjRp5TGu?&2ejU_T@{do~x`|7A>#LRg|>V z9etHX3OMhEqf;{Y_M7IXNmi2M}q0h zDz&T1ZX7;ltq+)LHR3Y2MH^L$l}&-H}>7 zsO=7KdhP1`v((Yv8Vu&|By)3QIZ$20{gQLD*^@|Uc@2Z6=R5`Io_Q#GX(L+9p~Zjp zUN(-1sbn&LC3Qa(dy9KKZ>A)F&G}T6%s&oFnHA8X9(;3*iX==uGvo6!=H>k(H+_-_ zsDlQzEh}5Lgud2#{DovqnJgzm1xm7LHH;pGqJU3kw9!#o{>n28Rg|7!I@==Ulrg_E zT&j-y5_4mJAWNr;t#Oj1$m+!)#7#*i?dBC zcApR@ePh&@I!T(s2<42x@xSzPnzppIZfO#(kq)=JBNA!%c-jjVpni5_XtusBGM3Ja zM+8d%QNX6f`8If)rd^Q8f-*a_>VnF$QOa!EN{oH`vQW#iaBgj#ZO|qXpBrdfFlkS5 zKge1A4cq!gcEKF1xRFX0+cai%;`CEqF3jpA(=gT;3JbO;9hYOoumM)E3G`O6$TSj~ zWTq$B#cb*CPFS6%4llO^1j}Pf9q*@-MP>(meE%^A*q47D^*fV&K`~RD6H(T@Ta)ViV$khh z-VlACU|^1vQM#;;8Q8&Jo8&Un^^S?>$W_;>hR~wr*K` zdHox?qN}fNeKSyRmX+2Ey5A3r|9AQZ(@D&pg8Re94fDR4z5mC{)~=k??MG-yIB&bfdCevj=WzlV~iMz>cQ%EjgSitU3>&^Pk$IJ+E< zE+@(q)>ht=y^j+a_m;NoZ*M#=8Xpi|jY0pA4>9|yTqMfGuZ$GWS z+*~0pHk! zZRzw$qNw1`t8$dfOSNV3CPn4zqq{3CmEv-PY~#Rh6sf^qOT^70ab3ts-^~Bj+U<07 z+i3am4{G{@OiIkrQ3C%-{!l0F&%a2oflstFNO!je^B1);yJ|(*jA#nhmgDUz;lU3cqdvx_to(b4obC2{#DePeC+Rp4;e!ha zlen7FV%qrNH@@*${#}vEuihVe4Ke&vo$qyW1Idl4{8xV5+6p|)b7q#u0DdvgjWWhs zodtdc&!a@((eimv=^`lOQ7Buo2+Ft-pp`t7kJEX)rHf>DDpZi20A+ZEvV!acD8nm2 z1u5~-t%yk!&zJ$rN*TR;yvn!6@^lg^^wgGPR<@R@%RD2ur}oX5vh|2kae*r#$nI3AAUgrdWG9prWG6tGlmw{IQ*KZkmt97)840cK+s|jea=S)HXX~HO z0q;8CwPBo8u;`O{SPNJk>LiRXp9)+zwyTRJ6gqcpS~501zKOeRE6XS>4_^LKb4O>2 z^=%vQ_<^Sg{*QnOxJ3L63XJeLl`IdWZtFYGWDA856Gqzm&gFAEv?}EB1OgsUDE~eW zfNc4QN>l>L7QSRv|Ohg=!W0o7o zEUPBSJh6ER{(4%?2X6(Zj#nopAUGf%!C`YOgj`ZvGXBpY#Qt=5de^GnF`Lh3X*U=> z6I4_`7Oe4_8?+YlU?A2~rPhvy<1JPM7_a}O(jPL$ZKjORSfe!Snq{30@!p!!WQjd$ zad?70e>~ef+Z!EdsIJPWtPP!=4amP$n97?}<72MT_Uw3AS)NhoAh{vfFhp$N5ZPGh zlp@UJ$;Usul&yl4t3D4ZIRWLRER-!?1ZDCRpcOondD~a>c-ISfYZzVzeSHyBvH<;< z$19XAUV#3UV|WEv137YN>*?ifEEE z@~y&K0_U*dp97Vgfbz5mW#Jjjm*p5<0Sc?S0A&;k&G7H|Km7zvbEK@Gr{$y( zHuXeU2VV?YyWqlpo@Sy*L6za_x;=4;V81t0q@X@|tLEiT7hL zQ8EFV6NrRiI!^Ln#Yv=dg%QQaB=e(*jXJZKPtWc5cUW!4geed-g%e?u!D$HkQ%xf^ zr{$8}ZakU7@vzC;Evr^%RmzCPCjWb<-`0m3rzJ^QF36 z!JbgE!|v_d+~#iIvm%k*^kXv}Fw1H;bhWL^B*U4Q&)*$JzB#@uJ8|BcUR%OCy8WAL zhW576e+G|NMCbb3J;sKpwcBOy zd`k4qCzi6L5{ts@rc zMMHUorQS#HY0X!Jdebm(qPb6?U7Ptx+(aUUnBt^pT)B8&ViCtlZ{KKY-E^*gc#z!UL%u{0;GpvHw6?2ikPJ^zO3`q*4M@0ojf844)@7TYYINm$lJ zh&Vkg6+Jc*OX_N3x=||Phw;T`D-0%%g*S*2Jz-HH$W^Ns_vtIbaW* z(c1mxOehNr%3@nNcQN8P6SLz53o5t}|FnVv?@@?%F$!p~bA9Fu8#kSmp6(2_c|2{Q zAhV@Goy(=uJDsw@gB!2E<(BI=9vp0`-F@1Mo$2(>6{qd4{gu;VaX2g%C*-vTO0VGd z@wsz;jSLxZ=CrK2@9XYtjjG}1Hu{@nQH8wh_+xN)5C@}tDQJa{5>L+Ct%4`Oj}a;C zS6tn_`I`f6ouPh9Brw(1v@+gv!BTU*>DlP2{X3KCjv&(G$;eo3{aIfb5{Wt)-de~& z0=$KFnT27%)-;oXfj{ALu!f}S!rFx;y`;I?Z(ZIHZ1;xOkM*tab=HN3EkW;eL;b2u zf1STO&^RO0d#h9Cuqo+q*IFB`NqZ#aG$kA%cUL0YqY{?{T7tF1Y=zMS{%nv(6`OCN z5-f0%VudtG<8r#4ifB=#z3NVSZC*kfC+L0p2E8_-eW@i)uQ+}#<0At;N>RTs6BZVb zc$boSOiG|)5-PZ{)LgryvD&AOxA;RnfhC>Zj6JBP8}i5GhP1O`ZMJo@Oy||4P|MjI zYUxoajWpi*psd2bti62=>=k8}n$yh7jji$Ux%Wl6kb>o0ek5I{X6)X0aH#%2jr##-|z|IIZ>J|9#n{=uZi`sffN?|pT=yZ6`gkZ1^Ze%<6Y-p zcxaOO&!Ali+Ra$Osaw!{KI617J{S5~B&=_B?8(&tt z61R?8TXKE%kh#{MXbbhz&VEa(+i!^(J>9aVps@~9`QLOOSha>%A zI+N|N#4WX9cg&H0EEltdEcyz$H)eIDt>BQYt;yykJ-GDtX+oM=TytdV()39T^=32(|k!p$8E5?&eSJK@4HC?_SqL+0p9 zIR*=_z)f1z;X zb;#mO?ixMgsJ;~SSy6BmR zcvuWaim+&?)Gm(TsF*9wlycqzhWjSzME;gZuFB_h`q&8?wt$9Lx!bU}#0_86ox|L6 z@?fhFX%`dqfz%LV|IExwG!5ORb)9T8t$ERyw{ zAetk4=j!R7K{MZ?Fk9rnyQTu3(YzL(#6*0)k#4^2Ov=+_h}u@h3r#-CTB(nsl|WNG z9JBb+7CqYLj0;>+@)2E4r?|UV96~*ivy@ipxUER(uKvT;t$$#;a4t&x1|{6&>zBZj zBwydbwDs3?l75jp%DfxO_YB+pqGrk{r~?gn;{C0LSW1~Lx5+IYADwK<^zCxgn3mQK zv{Wd)Ry&q=Dfun%oG;)}F4E)$_5a8iORLi5R=LINw|e4zbdtx=TA}b-9D%0V-rbDG zRlxEdu(-*7p2qz<7<3xYk9p_;9(sU>{&vnx&nI8tq%3!R{9#rOkdMh1Fh?AiyX5%8 zSlvEAcHkG|j3np<^ih`8a(R+ztyD`V4;}KHeRkryq3ayqy@_$~9Ljt{D3kW!(5nA| z0-i$&`%T|wFHALF5!xL^>aHp%jWIKtTnH!?N z=U!%>Mv<^)$20)}8$CR;ckfJS?dsKQ?;d%5|NcJ?`^SEq4OxZ^070 z<;DDeGhZRJVb7ks{o_yU+xLqx|L`C8?`LZTf0&!0f8!oyyAQN-Vb9MWsQS6*t`x0^ z9Osx_JRK!=7fJ{_gXE___Z(GU8R7Dg&u&DCJp~-mc`GYe`hqLM8&IU3ge)5GjqrIX zHaEfhq4!UoCN9!8*3~s?i^Qi*HYDOnmBf=scqFQ1JaJ{F-<4~ysT|sb)~U2KHaYq; z5v9i#I4x3>C=r(=YGUJIt5?Y=odO-lKq=_ZvfLCS14>_5_QV6Wd;!jP3*WlBkl6!K zj;VM8?Ya{QH`-0a8zz^ZplbQ#l@W}t@OZ4yX5_Sh&7+KD`W;P;7NrxkIaIcWoU1>> z`eABrHT{TtjPF(KY?`87J^A~t6RrR3D!irAIqd1;-eqr#kn^I_o_~nm`mFlodPS&5 zZ_nS?L%W2E+@gBuD^^n^)b8o|2fZ)f#nrGYu#AyyoR|wT??M$ zZZ4@Qxw+~)oBeyXnZMf+PCxiyI^6MH^R=+fr_DV~k8^imjj@C8Nl#&KS0aqKAjKP_ zLX@56155^Grm5gT&4=JpYDulM#`Fz-Z7S5iEM@#JjK#Q|r59<+kGL#%37?x;stA1Z>T#M?hQJlN_&-A9jZ+Q4elzlCRsLe`TFUDgM$aB*Iz#3?>>L&#D8>k z{l~=8^SdV_%W_E68C0Iis@}SmepQ8EWxz_qcG^ha;-28C4Y524W{i1yK9^qXj^H() zts*T--O^xUNi4P`5nmF=ANF{7V69kqWa+a;)beoH;nSGt{9)!Xo-(WNj;M>{&!%jJ~{tgd`Yw{mUVjj$>PLX<3gX1fWoO3SvjBBPG= zQz^*Ms!v<}+3HI=Lk6)v*qN4!JN;c^Dcy=qKdCuFQ?o-uv-w|KwBhK{4HuzrqjTG_ zuJ{GyPO?lt7j|jQ@19{vD%K@weyH08hqvHq@~gAF4W;9C8;2r;7mOf39g~VRogPP> zqhZ&$r8yZIX>vAfXb!cSjGj@IF=L#W2woOjdvNtRw=cse($Li{;voUC}XpNjqQ)ZDT0+R!b!V^l7sK# zTt=_X57Dc+i;wSOCq0zSK2=-GW|_O_SLw?lIc6DbKji8GIRMB*A`>9@7a*6?v+098 zK6e@EQ9A{_P@Vsf{(H;@|$^hWMG?5Z8gncYFF&SCdA zHM&~6LJZrbbFK72V1r=be=XP)K2$vkHB(!uFxaRsKCJaCYi-U%Q)_)D=+s3NZe4r8 z)!_1Y195NbgMPcsXm;8h4zJH_wCgo?i(OY^b%ZO6V{T{C2)+-3i>J}9h^=!md+ACl zwIH1?&(4vnBIkc}n3m@MHe;hDy4S-fe?5HDBeVf??);iV>8zDegTWDr`n-CR!dq!p=IoI=z1ilrre!9bN1@Z` zbb7Z@tI{f}+$vqrYjl=LJrMXIG4KWy_ z$)Y!!Wo4>wr8;Es8f(M=?019zJ3)z{YxDN7Fh3RI&XaTwa-g-IoYUJLGKUoUa;wrD z)J07Oi_xNXsX1lT7*90ITy2rsL7$?+S5|JR3&um{YOPtJ_AAs$f1rVJbp)5&z!lri z%=Q~Y1{Iw2xJcu--uhR6NFhp$_W6>|@aWPcq;wakycJaHkT+fMnF?M?!AJ|c?V0ml zNXTilybfZQ7O#V~ZC;(m+7^yA+m(7(r(G#G8Fc1QsotmaXd@n3(qVPU#1$5UD-v-T zZDryzm(3M_P^Pa`RBPp$>O(q}Qe7!gyD^!7{yPg4ois*Iw0$C4hk2c!5NV}3sMJ?j zROUc+#LP>~t>#paSiCs~kzxmrvcg+hZid9dW}Vg~SNoK_!~}7&cHf!%Aw7?N^>h5( z@mM+?3x~YkP+xRgZ}0Y~Ei_e^okGfsk{3{GbD@?XB4$-sSBm%=VbtxjhNrT1Qz2V) zdvEVHR_oKbkLXIQ5&csxKy5Utah4ghTBA{`WqS1C+*j!|$|4dgLJOWkEHR$9;RT3_-pb?oNda;RzRXVx zkh@UkR=&)m1<0KXke?MG?~v!|dED)w@Ua5q1wc0Qke?SIpHdB7NzX!=#|w}T$?bHS zhdfb$+<<<4hGiZg?XiRH$`aW-SV^YlN>gD=K^*DCxoEP&avL$M}N>vf4(swrg)U7l`)ymOg zmr0KWXO0voz--J^{-3?2g^@;s{;puK%P(95(P#iCJ!~ z33#()lrwY9SmCVUJ#HahL(Gbi!W?g2GnxC%(n+303vg^CYt{$H6bglWG`KXHYltlk zj>(lu`B-p5TWfBt*=9{!ENQDXg}>3zxVFyjsM9V9EqA$=hn8sT9QHcxcxahY>DJoo zz217eaD{~#pF6-2?j5W>hOq~fq)&3>*$6(xWoMp~5=Kh|13d0=t<2Qr!d=5%;n=d; zmT`N~-WZG50ni;zt!nfRwSTuB|IVm2_@Zu$-(vRG1tRUPpsmJW4!I3(qs7+{uIct_ zobK8yjq@E)tDPI*J$gI z<*QUzIi0jCpPig|b6i@1}T65^y0sH~3YvlXCambI5v0~&$-#K#R$Tc<15!!USt<~XZwcVb7 zIMQ5m4T}}B$l0a9jY;4KbM5EMHJXCi-#soP};J%ycYbld`yHMf=A3mMtwc9o1fSjS0Ejr9FhIs2wpS-q znm~VIVA7~enCazjzYJj{vgO9{-P7ePo4RgA*que0}J_IGI7_HOOqgi`N5THzF;&_uiI!@16N+?x*-;<%CQT z_$5j>$m8^TG?2@|T#)r-ANEJ68HPes&4<(nf>&KN|F`_JYKKP`Ved)Cc<&FvE(n%Cd z7O6MU5DJ}H!%7Su2frNJAO(rBoYo?lNg2I@+&-b-JNt0%p@(vZ&jw+XY@v3l-2#sCg zu*(rfPKVO((;4pjYzH7!vVjNzOOJ+WiI|pzkLu`=C;aTAL;n-`?o-OsG#23HX)UGx z{Kw&=ZAZiTk9Ab;e}dkd?|H(Xe-G^y^2=y%KR;>;d15>xYm4_cav8cA`w-@L!Mua# zAM(!<{{4PD{~UW7B(#`+KAUT%zs1fM2}Oj3`Ukl_`Y3iRNGNhIc)poiMh|lb@C?5g z&ku36^eXP}ct)xQ&rcyod=@Fjvx4Wp&^{Y|6n2I-e>;0AmpPQV1-u^S?x$NsQw#69 zuZ-M=G!4&D{$TzIDqT$<%FzFXJ~@MqM!c~QMe=Oq#De*ZaaPjG=BHe!^BJupQ( ze(0DTnRVM zDYp!{2E2J2J-3znC9`gVFD8T`G-!0YjX1eJhsoq%CmThDe&#J3S-e+b@fy{W)fP)N z&f5yVT%S#=wJkn@=^E}y`Xf=zzsK}zjmf0Z7>(DdO(r#5bnZ$1QBwfp7nlmVC16_2 z!^yFGysj>u$YvAOHd}SI&CbX609q#ehyhU1# zN+Vg_Rcy5cf~-&e?==anrk}v~+X_p=RxwWe6S2O>8$ayte~`oEdCVPo8l_$E=l9X8 z5S9KG-&TdN5O@Xm6H$>!BdQloh`uR$M08B_H*re5Rs3!7vqhyvk)j)meqQu!(JMuN zmsCsoBwHodNnVszNW;>t(#xgyNna=~FU}Ot6z?m(sQ6&@t=y{FaESd zQX(%gmUv2HB@HEAC8H&iB^ye1mYiL3amk}4|6TG~skBs4YAW@Xj+O2yy|(nW(tAoD zE`74}H>H0l>ns~7TUjkim)62hA{!m3xMN7ri6)#nMfF1IuSDst>qsn|$b=9`2A5=Y2^_Qx@ z%Zuc-^5ya`$bTq*S3ajGRfHA8iWQ1!#dgJ)6kk_dr?_2lui_!aV~S@LzgN7e6e%l} zer20-T)AF(oAO=daeNJ-Q-xGLsykFqsIBU4>Z{c6Y2+Hc#-Rynl9~a{nVQ3zCo~^u zi?jjldhHjrw`ZWzu zb$fK@=gIs=;CyHB1|}8Fm}KVz|O^v*C#0NyCeV|2CS9K4XJ%$hgsX zj`4QmQRAD&k4>DZ)MPhhO)aJ#(}-!g>2%XZ)2!(%)48ULO;?(3GX2o>i0K8>TV@45 zx9l`en$I)eVt(5Ep+#;9&mYhjrbSeIbs2Z&E2}E&KO!R0TTH25Htx8Q{l0RA`MSBj zd{!hA!*D_CI0l8Om>_T_;G<6Ad&#BP6Mq3b@N+;S`I54|3 zqdnnRg%;VtTAM$d*!ewJINZqFtV2t~iw-$jZz~+j(YkQ3c268-WCHCAM-&t=y3%u> zUl;{AaR`NTneX`R^UdOS8>?I$ObIGsCZ$aBMuG4t;9H?9kKV}^5 z6O_IJSf7D^@CQh259BySrTjTYPJ>*`Wc%EwXn85Q3-Y*>99;Ol9<}a7W{w?qBR_Q) zp58$g_*3#B`FHPb02X#;K|w!yD@)FRch3$3f3@(mt>>?M;7g8^ZLlTd@T@4g1)SS( zFph3SYx~LBpy+1u5P1sEhXMIBU{?bA1wh}%yKC_7NxXfEX-nZBMS%5U{ynBWbA5At zA{noJ^KaQNC1R}0^8XJ2cQJH~kY3@JPLdckqh^_?1Ya9-9Q-l#0E^fP|C-xc1`!ol z^K(KQVkdoUHKEtC*I02qh#xConrSerrNR{y;a5!mf!_}3S`jong1&8nR;)(f>?1!W zzap=a_sAS<=_ov)$GDfcm#r$R-fFhmt!``FnzgoBcUteT*%3N@!>+Ka^K;Nq)*4&Q zXhv_YfmE&oZO@Qn3?kX!_Oe}S|vA>W5y z+(y1j{u?^^8M%qv3cdJ%s>s)%@4qK6L#DTrJ0bqN$cy9<`761a+zmbZki1XsA@`Ew z4`FnVu+>qr3nOiYY=Ax4 z1YY04NZbxBpCvoM^=@(|^nNS!^Z=r&Z$L*cC*(dlcfs9agqj3C0bA9fV)*DRLsqz_ zB!MRZ&SB;8ABB4n8H2AZz{RAEt|;6Wk+t-?!o7s#pr=Ba3hZBK5$>sr$hcjF`&Qha zTexo{rQD^Elogqs8jSrK+=U8H3}S^gtp%5-!=_mwi@iKw>%ip>Ja>b)DZHHp&+NJe zJg-A}EAc`mJ8^7>K1Oit=8rH+%wr4lHMiiMj|5R;H)OaIwXBfqI$&Q1e7g$RI)HsE z-dZ91HE0{OSgS$JHpq7tc-C2U$W1MJM#)yZUCTX8bZ8nMRKfVodd6o>{lh58Wua24yy&<_O9$s<-kZ0vFhydsya?x1Id+ z!i5qF%U8+2L0riHW8W`v;0rsvaj>tQ>v3(wK{0~+aUI1$(f(3gmy;E^vKgJ_W!B@m z87))DayPCN7)#N19}%~8^oi$_JsV7*TMxaeIm5%X^-)$&m0$!z^! z(7xBpbIa@^IkIwWeVMf{25kbBC7`+kJ$D;s)7Qvn zbbt=<911kEh^7>K^f7B%oMCP<1YwqC|`d` zp}Z7u4%A^q0#f-SC>7yZ1uuqKYoQI+rvg6K)&rnifEQ?-`v5f<4gbl*1qzrizBR5+ngkmQ#6D z(RJHZL0lXN80hC2a9UDJW~oP49q}4pq&5t{lHMSqM=wtRY>)Ri~F(p zejs@~HKAq#FtYpMW`F#C|BQiv>llb`ZshpGf&b?V^?!h5ZtZUN!wCWbQOf`NNI=*n~eIgJ1zlwg5P}{ctBgF@EL)!pvX9Nos9t z^3#u=@yEvcj}uX4y#^S${lsOI{PFvl3lI^oEQqCz5#T2;#-BLA20wX{*!&CUva@w` z`l;XGPall``hB+ovDi8M{_$nn_^~1Xg9SuXu-h8^fIqk&5E^)|C$L4fXaO(^R6G9}a0J0GX$ZZWT92mln5lejA zj9i3>QBdLp4jOJ2+>F{f*kJZ_1#Wx96A@e!gV${HBPKG}bc0-?|L}&N6HbuILNH$e zI{p?RAuS`{o9dU5gJpm;WCTvZ(7|vLB*n-S4HBq86>a~&c(PM0 z0h&r^5Iff!&&KP`+0=ToU~-Bh%}eH(buCCH)+>Q}QG5${A82V7wV8LIp)py1Z#EJ; zR_HpNp8MHgYjfLt7lgT-TqlqdWPPqSqSrBUdfd-L4l%EDxXdr7AUUqq!hwj1F`3)y zpo{`m5!x;*bG4lY>o_SSuo$Y6WLY&vvywAcfaqJ8u+~L*ZO|ZC{~H)lStidz;-@P9~hZqS>+<}R$0=%^3dDibN^ zU5u3fswVQ&lubz@nwBJAL7f$Ws0ex>%RHe5KbpqflJ4r{M>GR`TZS~HKC+IHPeJ9$<$ z40#Y%J*`7z0v?z~O*0^`+DI)cFM)YB|Nf(#xPSr4?P}Qu_VsEQ7$+L$=b*b?WSNLT(z&g&3*cP-Bd2EwrqDw4u2NcuKRF>UMK(@Fw0 z5=U14)EVgK9r^tYgy^=G?FnhPKD;D=P$UT-figr+A4en^;OXxvMaEV}r?eo`yx)b- zQ@8(M^`zglNqa2Q@a&SBXy)`R)Be15DIn*X*}Pitbqy3zf>t^~A-EUX(Q>uf@r-~p zCwKrAu$ah!LQ)VOhm0STLBt7O{da+OLbBLiePU=oDqZzpHkL*L87C~v6jKsCoS92p-bPDHLsPfS>2hZ)GnWJjI`8sX&CJ%{ zjisK$(O;Apu^yOPQkV@&Ajq#nJ&87VE&(KA5S6)6;>Jun#mU@wQEDVgm8>|1NGsB0 z7TzxJW#%vS=?~f_f*N+t)sdph&acu(ekKi*0-n1sF{p=eT$YUoh{=>QG@Mw|m=IQz z0TlGJMd^wwr^H5@M3LZ-W9HYZPQMMV(QzpuL)e1{GD9Fn3q?j+u3POJOV2mP?zsNM z-2o|{0#Va_yp*MW5ejl>=nGyZ_v9JfS!`>(e=i~e7($z~XPe7ws`nfo`o>G+JMX9) z-~SjKhR)K%WK;?{;#ghTb%q`(QH)awzK7q51&XA~A0J2gPuB>#&|&Is0;ZgG-<wp?Se1MBc{Mu0EW&Av? zGdyCu+V(E$PULH9d8eqcl0Q~X>JH*&9h``LkW_u+DXx@Rr_;mumojrxhr89p%)!zF z(tVL%?M&~mvNKRRcEk1Ivlm8HfR9WVT{zKrAdbMZ&i z`Y+e9%~wOW$>WA0S=M6~o=0Z$j#{KB*-#+_j*}zE%_1-%jbnV09)*Y=1%&>rcg~zK zBC4FRHOnHfT2y1vsBbFDcm~e+{8DSZs)h-6q0*7xB^O8hPFBCIW`d^J=K^git*_U! z*nsH}?e1@_!1}^D$xnucj2Tr#uf0rc%tP}pfHM%>;C;V4`e;6c3AO));*_I-=Z@p{azSKO6EP9E7KbgUi^VvSkPoPH zNt@*IG`Rq*%sX1uNOkyJ&m65dnljdg9K6r9EKq(E&b!G`)E?!JQ_@f>xHzBfDJ$4$Nj7lB<-KLM9ZSPw6m1Y26_?vj6 z%`sYssUOd6jfc*SP>;-V87Z$|>bn&aX6%MZMa))$1&?UcOcu4~4mwJVA4zVdqQj{N z4cQyW8~b`raa?p=a}~*eO|G^s&#&@aQB8Y9D91ap9MX3*6Cx-PV`twdm9C$FRWpvF zUN&-fQtQ0h^zAWlR$;Pf31fgRAbhL<`;xwrOyXzmoJXOJxKOzczeZ_zECMqBMid3t zON!2Tz*K&&PLaFDvzZA$_+_7_G96*P?wKD|PhWKBkBPMDe_K;<@0#G%W;_~Z+V7YH zdCPq}c@NkdKi?`vii>G7ed4&sL_0XES22kI&Sy^75*{8h#r7OxRZTNkS3NA+C-$zK;V0+? zm|YkpR4Q}zB%Lz7yIgR~kkVu)Z9w=u1QGd8j65|y68rsRNUxR6?RM-8wpU-f<&+Yt ztc7@%OvJXs1b9*JpB9n;*|d&!#utL@ZA}_AwpYv3lWwK;dMX6j+{=H4eCpxl!SB{Z zJCNE^Ly3Za;gl}bdYDBt>x)a-r+A%>a1imWrs$(v0w%^XJ?3G3g`bab>@YO68{?Sb zcxBPT#xfpmEj}@kRvau#a3uO@-1ImN!-3}_fNIfd(zQhnF1GQU>!ewJFEY((P5<^e z1ralMFclLUM8kGqXKTVj7dIh0#)Z#I9ELJEl%<#+7mZ4`iq^+ppu(WhvkXO?8E`gi zz}RYmzG_scyzQUiX)xAn6Ee+}nNFIBk18Djweg(A-tNr5lN)@%=-L|JAKW9U!;#z+ z@=15vSxSt{TP70UkF-YTtBu%GT7xddv-5I&s&AkbPk0@#9=#QQLBAV<2@V^_PbF4r zyeo*~i03{jMe0=dU*J)ja<(C$61Wi`EPTRQbdqkig!rs)y~(!tE0&T-^*4vAQ@S@y z+dW5HNbd5_Z+AT_=~5VFWo(!Ak15OPDe?(q{A!$K9H%FQ2ZxrWOP7Z3c>i&43$wMW zvW;M~4T2B72Fe?yrTcOY^H|jjPJsNwT@g+5WJW(6d9>jE_M}7mGg_o)d$42P%XtfeY#!Ex55RbV;V}0Og`a*d=pqwNo7nIC{a8}aOd7ilT}R_a5=OQA;gid z0^&TSGwYHU3)Z(ijNu4T%mgOdh5x|`2NJ~DSF$i1 z&3eN%W~zZYT5WEHy?mJPqJm`x<=E^nUGVip^}XIbAv9Mpak zwVXibg-7_T;X~r!{aZv}CA!W}J>&~}89(@97pZJjW7rmWLh)$3gVYH(l4dWeIAMAg zKjA{)JAI3SHs>$>lQk`Za6wyIL}zR-qGM8$WqE-VNiH|Pc=MDE9WF}}LJ9$=-+Y8k zVe5U2zl(cH^QQ4Y-qTa$3;yB^DnNHL@G75GJt1ARw&2yC>+UoqNkfj=lA#T0M)*Bw zISR5i1W;Xn;ptf~cB)(=Sc>WSGU-{XRrhS-^o6B^ki;m%=?!7a4I4>K7navwn{K4e zXrj|~l~}K(K%AHY?5PJ@AD_7L7@KUzh24|bubGSVlz&Vy8=62^EVkcR+6_il2chDV z&l;p4J{HE0KhNREp-y?s?H05+I3w>>{8b=c1G7&)*tZ0=r%=@neOj6=;daUkX zL2yE=VBeC?;9jp5Eq1mrfCp5F1Y%X=QgvJIQk|s!@*}9X45r0=5+K^ku^)l8V&h>A zdhU9oKYs2KCjR%#?SWQ|g0jfv6}A02j-Qdm8~5shaAE`8&Z?k6W2(tk5yjoE>Ta9P zt=f+Z^BL+gB`c?JO%i)G!~;{=#qrI!y+Sx(vJUFB@v#+MAPsF1UbXZH1x4*%Wd5Rz zdU-#`dH^(#dgIAcwmDKyfH?6+?Yj&77uY~4Jfjyvd<()D-5x^K0f*dIPXzaT)^>6B zi2I=phq_i|yDI;Z+S(pGZ@~*f8D*K=E~^zMqD5PIq(enjGE374+5Aif>S~jGuIwPlE;i;tLb9`Ae6oD1b zpvZ0r0!O(s1m9;?r_9&QQyYw?B^Nq5OMJ{=Wp?;~GPgAtZ?-+AvPM6FNS!rU%1^*~ z<1Wz=!?iluX56HvMg-|C6`R3+Gsh8{^5g1Ol@7*4$_a6B? zf&Q*1YeUM4p)?EVOBeOx<~$U)ZLP~~R{d;DJ_$(E-tRs3Vf!+Fnp~)v6qHFxl+0mq z=jP!nK^k!vDdhjQ2s>AyMk9?k z+QfI;HBO%*$S!nuGTq9)yn>}2Jt4Z9?r&#g2p;L>KmU|q4w{Rs2QcDKP+S?TCPQdJ zU97$}L^--xt(;-h(v}+QVMJOjIfy7K)6>&H1?>-y-Dio`{QrUr+TgiSM*nJtSR#kAO%$~egfT6fn&%AqZnTugKr4TBtIYNYXS9IsPJO#n0^ z#tZipyvyhSg4^?ajj23d^|WWiqU8&9{9|MV0YrmrXQQ&eAD-zL%2=*)rEtxazfG!t zbN!b8l8??@QB!nBp?UPH_2!m!U;Oz5SC!Q8oWg2hgpu0xgiSp7_?#dWIs!RXBIVJY z?Rs+zQ{5CFbM8{t`7Bpf>9(3Q7woMht4Yhquh=C=7yF%vAO^9pmo;@EebBi{(N;?q zKiFI*pW*XiWcT+LimevMmDgLqXE#C0<*mCt?c>>nOZJvoV)SO~{Z%MIyXSGVN$|lg zo7GJC$c$FUk=>mYdqcX>q#5o%E7EV;8;~76Z}Ak;ea=6tFAtD-<$2WahKO%AjY2gR zS}($g29P4}W^qeUm-(0VvVN%=FalhUy;qsyo^RfyM}Foi3eVg&H+NdpCU0gIpLLD} zxBLv&5fY#(W0S8MF_EI5X*MXnwy%`d>vB^(QUjGo!+_34k{@r|Cn3r%_@t}esBdZ@-Z6H@497IDH>Ws!%Ee~BpvQrjn% z?#Riz2_aw{hZx4XbZ!O6+$2*~mlTGnpe(Y5<}8~(uK7KM26MLm z-bJaB0C}(o`I<~1KpR^MuLV<{Ul5m!>por$yu;N( zgpAGn))fN~-^R&<=4=Y^1|P|iInX7PuSF>37{?=plwjB8Iy9BbT1N8xuBqF!FPYFg zaSpzl_H(7r)x+&`c<|p;&Et^urKgP8H`bz0_)@Myj2)(ynA0$7nvYoC@OlLw@~LrJ zRiiwDM$VO@5^{;SK|0OYUb#G6j%_HjiCzh-@D%7b0Y6~4l;rNHnkH+ZZbR^4mf~)2 za?Fx$C*|u#UKB8nfp48MBIO~vj}Gl}H|Wq5Kth0TUq*Z#j@m!Lo zD2VZw2Lw2j4+tR8b0V~Y{2l3<&_oM0p?+BT_*U1Krh?B^#4C zB|g5NzvBizH8rC_@Yb+%WPY}0jen1*TpiyTpA>ZgwKPI;3k*}YOBb-G?;CcX0e7>e?%xoALGKI2` z5SQb{iNxH2Vip*C+u#kX!Hp+bR~k$aP8x~*;2DSQST&u2cTy7{Det+5Dht)>*3RYo?;;}eu{V=-xlwdbU>2e=+zVxeI1HReMyVraL*{HY z#NcA{9rgk?RWR~e7#8x@{~Y=z2oY~^>kXbY_AAsYMX?W@0R=-oI=hZKGxShABE(J> z+qM|pY&rO-19c!YE$n`~ZT)%`(6%r|4meuZ15n2}369W6)H zkvoi-d+5TXTYI8N=&LtL-ko{g9#PCKGXYQ79Kf%8x^Tq(fiw2YFkUzn`I@xY?b>5k zr4^s37WJA`bMIyE5jL0PCOhy3{yr)!Z({B^kHN^i(7swV@<<`ekfD>&VdX_{@)OYz zz8f6C|En>);l`lS2NvfqCCM`6mH8FU@pC1~3B1KFkOjHU~G1HL0JWw!!52`n*)4N~OD+`=|PG7u$DF6zy%oddj(TQ~{j2cHKt zszdX76zwfxJkeZn%A2ipZ!x*h&glZ&GsrKmS^XOiSeIS6Pv*$uxZxplCP+HF(Y#!P zm2JeA70i)2g)zc?*}^`hd$3>sX2&iiVyvG5TYru2RSpgCd7jRppBFJ1T6c>7RE@mO zo>OmB;`EVl-Wd}U9PqrjWVvpsT%D%Ux9&u$T!kAD@`U7~e;C{Ictn5T5f81F-b~Lh z#J%Zkx2rX>{}tS8b;D@n)CCZCVi$3q>ud|3>42J&-%NYY?sZZ}E3%E#D~K@yX~iJD zoa>VZ!ou&Iq`$K5K>#$kH;VyCwdphBt!2{v;v`j~=!YaN6yg_cwAIFq$klRxuFlNF zQGm&1JeR=&;wkJ^$gpyrbh4yrPbuQ|j|1?C%6q$>Ivd)7Avn$G?KEJSjr>*z#r$eX zQS5=Xp;EIAytONq?pq)XU0zEE)N=gU2r|?lP)KE6Q?>qpu418QPpwLzfH90fJRsh| zew2|Q0ECPC#ur?}o4XxxH^k<}pfiZRgRa>HyJL$2ZNv55OC8;NAWlLFs(Jasq=hBw zYjRajs8Bo*5xRqOYLZ5Y`1d^m{z*hgF%TPM@Yu^onx`jymU%w&T_UoBXA)TVn76!l zdM|!@f4$t#jC^`OtGJ?&)tTL@SonKI{YCMnIlsz)g;8_irO11XEwkb%9>vo!hdytx zDJ5Kim=+Fme%W~S@0?Jxe0gHiOl&o$nc39B7Urw>~L6lFoQ|!hF^m5EmSgk{@RuP(6f~p zUhCD6PhTyx6;E0`ACJ7NyOAJiO?7unyzRFlaL^Q-wCo~%DKp#&A;D7|-kfB+)qXi# zSBKjI=xVzlXtj2^+EYH=Yg?UwI0CJ7_^V{DSO>TiIqeUVzEa1AVyYu_&es@Cb^GJ( zmJ9X?>%LlXyk9EmtkW`zn+_dnPO!|t0;u29wU(@622kE;}|m?tuFBpu2x7elWP!NW+6YqzIW zd<|5xi?9pI>Vx+%qWB75^TwwqI2D-)_paBVmgeD5;3GQ!k_Da-P?OYDBVTS>bgMTl ziYZe>xy*YdgSPdQ&G=_@IdK=|-?CUOGw!h=9NVqC1rp{C9iG(NGT56bjfv;>920^2 zLeB^9l&+i16-zG<6sE;fn2kdpQHex@A04I2cQ`&Z%{SMWyQM*PVMOB`z5desb9Ftv zbugRy*b*&?E3|n1klgXo-sI_nm6M4l+7Bl2AnNI*{@M_6`+l87%)ocD=xxAyVL8X~ z3aatA`BNJ12U<~nOF6oDA_5fMq@A_1K+TY#&>OKLEXP$#YO+ErvP&9aJ#0oZxENE_TMSNU2g?RdrF?H=79T!6h zh$meYq!;I)Y6WvZ2tC6Sr4?a5MW7^n1RDEgW7v%9m89v50X=MQ$%d-pap zfFf(w0ZzT7xr!CdDRsTs{+D%}0R){zD35I@Z7=kfh%hr^{k1}Ay094aQjG9*kkrq8 zGRvCI=4^4fc7xaa&&{~Z9APa@KIiK#jWX$o&5`qq`sm;Fh0XLn*CTt+6aS2CoIE^| zaLoqBoG36RiW0%}hjts0gM075@T=GGwI&*6@O@S{XXz`w;9ETK8k!Wu zq+J@M4&xd!qUcfz_aD^Q%_+*5GMc2dX9k5K=%vN{mre2pyagjaHJWQ!nnu^CClc(A?}HhkjtJY`?QW%N|PrDc{$zcBs_(xxKDphGYcZZG1vYpaKd z?6+cH1(=a9nW^*o0ve|ArstrAC>pjT$FxW*C3&L+wO5Gg#fxTA|l2&Z+DJv@8V${Depl4`ZC=j+yhXd;<0I%H`% za4-D*HYHoabS@gRJ@rd$&rcSqS+gmfsEga>3S7$IIuX^$9crpp&QqJT;gy`T*vBgu zC#I;!7qIi(BDofeU}%RA2Mm?n0wt(i*;|winFNX#GSDnj6I#*?nb2s{0 zSP))4KJ5w2avMK(JcBHX7vjWV1gcxHS~mTQ{pxn3TY~_ofk3+a1`j5~M+?M(gTIW% zM=NGkoO9Gl-$Z+sA^QucFu&a54;ykNMducq7NPY)0Q(Dc=WHs3JH|{jqY*y>?CxiK zFO2RE=dn3Lnp;JT@cqvRWs}j z{pyAO3VI80qI&&BWKc%34Q$F0`(c3Yj{9ep+liluK|Q_)HMRi2d#8-vhB^HBvooP+ z@)<{TBMrV{a8T1Q8*R0dkmTgYjHe?ZH<@{!3-c3VI z;fx*3Kg*?8pD#0TC0QW_P%A&kaq;$DF~^q{k*vZLKrF-urA_33Dy`R-4x^ylTAQNr=%5)n`w3Lzo`b_ z-g&_7K*BYMPXRp2J3Bf3qUdVK*JbBD&sP4G96@!R#V+Lx{;aiU=D1-T-e*3~Q7xyF z-sm#ivSwp&nK@U2ZKcg~sZ*@V-MAdJkX{F49>%y3IU*JC0lG`^A&OPBNBJNiwQ7G< z6qH9E0K_}Bwn9G7<@=}L0I^mYqoi8jN+V4MlyN7v`r0Apc`Mi7*PIf*CT`$@U1hqF za@H!8j}7$D5erYef#w_$fs>8>;ke^k|ApsUeg`V+=Bqf_@RpmBH_s!Lk&N)&g026$ zJ?6+ELSD?&Tf-&-#&Y5B#7c=x%c^2|!deKK(S8V6vQ)9$SpAF%v{S|%GIh?VCh4b{ zy#TY=AT$WF($09Ve5I78KbIG+=UirG_lf^#toMb9s{l)vy3r+)t0vEKih%u0xk~93 z)DdXeyHfioquATrcqz#14t}e;WM7URTqBc__t&A$v}QVlmvCsv4An!H!O>A!9R0pz zD&N&@P^lpd*Rp!eiC8Fg7oUYJgj#QN=CHR@ui+^_uRcG6tx0DN!_xf?!X(qKDUOOp9)KxGg-S|u!D~u-Ygrr zN2k6h+mt)qHOskzgRFJgXz}`Z@0Xo~cKu~7ULX6xvA$mK=8n0+i2f-qA$H(3L16AU zeEz&`cqM<6TYn;cE*Gd0c?AV zDTqp&wiqu&waeDa%lN(^!wh@0f%7iP$vUY%-q5Cf?;3-pg5$P<=spq`BxH8o(AWJ) zLJtxSJOor7e3lv#<2i0qr@DGE*l#UFYaXjwCP$6O7qhUU<>JAGyp| zJWAY3)Io#!ARApp4t*-A24856_!JmY*zMu7MiV#wJvgty=7JxcZIftDb!Y5_`Q#OZ ze^r26EjZ403xeWumd7rmngu96PA(#shOvihfhT15IRyFj+K~BxL3Opr?C63BLfLL_ zea(Ni3*i!rs$Z;|+Be-;@cC@yx&9>$B^cvVu_O(<^lVSRK!bhrM>QuBQVa^Jg>!ht zn-xsK5Y@f9@ERlb%_#JFL*B-Q-gF-b95HHp-@!HZRvbvp4WXZ~Bj7qK5YVoxW0HGckO?wRwbp}#^L{7(LGJH8`x zHJ7vnWd61%40N`t{3~ZnrkJ@9{gnhaz>$t1WJ_ zkT7nWD0R!dEgnximozufip%$ts0}8YEOwwNs>jD)wqSjfW4ArK=WCoKc$yMtw>@yB zXPj_`e=vah6|vZc2$d2Av9BxffW;!#LgjL+x7z=F%p75ufh3N|Tu-3-I0P--jxR{V zZ(F1X^8Br7wFdF$t;Z07Y9U3)i<+e9+3RG+KaTf{&=4VfEa~bgyH-}`|(HN(RS~Ej9X$xTNcKR08;`7(Zo(u79R&b zoME(cy5jzy=rk>;Kxfpy_$H%_Yf^z&9}*m*MrT$lm7rYW&}ezsrToQ6l!COG6Oe=# z4$h(DCGqGb68S?mh+W);%9s&lCr>1{#L5IIuVYt62hTBv{gaTC!(s8z0VqhW$uwCw z{u|ng7?v1o!Bf5*CGYYD>#Lys_%jYJS*s?ePvE30qMjgrVwf*S>FwDxS)AxOx70OL zWswMZpYWbVRihV*QS$9Qs-^S4#_Eozte8^8B-yN+t5P~+rv0Z8BYM+8n-vQSjr!)` z+6Dp0J^GE`26GN0`!*URyUOWP)bL{QGa=bEcK;6H)}uVK$BGtkp&JkOMRhiFcqtEp zw*Oq*>F`ab<=D%9&#&e!m9Zwk7mG)(?vsDL=X?`p`S<=OEdJ5e{QxWr7Q}he0Fn0* z2o&^3rwatMf#+ECU%Qz~koPV7#SIDvM)qSu0D=6+{%<{|si9%_?KK}LsLG&k?l=D= zuOPB&FBDK(2>8U0UekL9w2Z(I4QQ4{r)~8=Eo3z#uDw~>B^_P&OTTppF}(fOezniw z%Il;jtimEb+tl0ySmovXG!#n|^STXa^z!^ind9T!KPb7RWqt3iDCQ|iy~n0r!3Ejn zzCF!LYwap==UJdnxCL=3zNQGRsm4y;t}6Moc%+`={Rc@e z9CFyG@G=(YB=q=qUpSR@z-FhVi4fd4B|Y75ZVW1_Y~BbHRreDv3SDdi0T!5}4;vON z(XgbqTTFUwmwjxsvn*7?1o+0l3IuM_J6hfe`n{2 zz3!etq(fJ$+J@E@({r}M5avPU?dI#)2gw)8x0obF5*h_mhp1NLV3o0$eO9YZCslXq zyv$VbpZP!7V^jxicfhZWUUFYWoYG3gZOkfdWg&|PmX6My?Mi%*0Ys!0Q0;+2hO}wG z7=g})l&z5Z0St=%+z*BzX*gzq;6~V*`0N1yBScQDtKixljUti&Ea|ZEf*1=3?WpDa z>=P*NSesptR@Ryj+&%VI9)h5eJ#06ot)S;U)EDONP=h@Ne6q@AZYyq`@+oOV19{HKAYfv$nffo(PktNiLYgg-Nl3hh88+H3eAb12dr)K1Xu;g>?pYI(GKF?CUv(PFJ>f(8Do?EN6Pn# zWM)NTrVa%}* zlP%)3Ss~;kRpusH5$U8S=FS>{0a85kIZmium~zOMSbC^kyTf)9t?(NdHju7VCn420o*W`Eg?&Mv=`UyQNn(ZuH7dw%zx2tyhJOC!N7I2N$e8_ z7M+cbDdT~U&0*B3fuzuRNLr%jD}2u5aN_@HNm=9Y{^&kOEzaHOERGjb1{XpDyT|(L z$+Lma-r7;q)A4>OrK^F2&!+cCO(DUZW}d=@F55*>yiOt)O@{pm531exi2l42MoqO& z;oOzh5HF5{Qn9SbaHo+K)CKGa*NLuDU4VshkAOcajokn*fHA` zHaN~`?m6}rHI8z(sJof25A_pK02OCvA zGov+C@g^yXazQ#A(SMy_j$yM7+FMxkSTZI{TpFOQm$?&OrVA;Ww)lg16-nLk_Vfr# zhOI}lNpjQh(0>X(FjONXndN!<{rkgbdCRF;S5x7kye3uXmM3jOK+z$Z#TK^svqX5{L6 zRW2&s-SRfq?RMMka^a$`V&O+?zqz}&v!Y+zGbxFMOz4zCB!mtR|38kp?+?`MI%kp? zsuHnq+tZc7wk2(en;oL`4(HOT$tgLF);@EA;7f2xN&s*vrzHgrq`H8V5+ywb&rDz` z3;6ilar3pmCE#TW{GZOUow0WI0Ox?J^GlAnXaZDnm)GZ|%1iZUBr6(?eb&mmdA4+D zhrABRJ~HK=w0qznR=HG&|wINN_}|*e<^vLcnT_ zmLVH1PGo?I#?a72dYa2k^95+J5G_+Cs)5F70-zmQXs6N79)XoYxS&^$x`H5ge{9Dn zkbB%w+XQkiB3&&Y7aEvmDv zfob1$0bmC z9sj+xjxrcR3Z!IEqRKd*IOdukz40MVm_Yk`w%_)=cnaozW?wck!=K2j7mj}x5jbT{p6PjW+-wEvS?%wYBN6d^1OkfhlXOV*i{IYEm1U7 zittMmsOyZ8SB5_1t&%q_i{q>~X#=VnVDKwX$%5k5Xl`CKY?^!;)&)1>iU#+qDS6FC^gD^YYKD0`nSravel5&O;*v^rjq;?H z(j#!m%BGFpal30O03<6mu3pWK>lYR~i*SCd(TKIOE3clSV_oPSO4CCe_;he}2ZBBB z}N{Xl0))Vlp5I`D{!(K0SsZBCJ^QlzC7y zo*cc$i4^%;`I93wWn~4L%;ta3-rN@!rYN>-CQ3}^$-q*j^BK2)UlD1b0h(*+g07`} zjW2`dRi2ZyO{du-SozqC0_Vt7hjjN+C28Oonjo#tBu4&B1s4ZIx(qRy>0|RtH<>Kf zIhh+KL)iVL8gQOIfP0GQmIrY>$}>>L_4^6Bb{YGuN$&EEIu$)VbU9Cp#13SD*8TNv)pPcKC`lQIhgR&W0Kq8SZ3GcefoNcr<(x_S&<|gHZ1bvEy*s|2Rf_akHH37l?enLhFKjWeT734^NO)4x`pF?CBb%>Eix9ed zUlrwIkWeWG2AVg>oc>)>D}yj>nd?b(j$V><44T&uK7z7%jO1L;%{4aq=SizpDIDIQdRcc%td7)(g~LWZ%5E z+}bGYuA0c0Wjvi{o{~4YP~DV#T8Fz;lxH-BvgXQozuEV3`IiM(#hYt8c&gFaZWF~p_~dvFz_o6gT7@#j$S%G2K3Z4_2pQ?h-1RD5D#_?` zZ{A0_Iru;0{$PYz5-)h?E~THH`wi?ktFsQBGpOHA)isF1YrOU3UX_2oP#Z#Jo0_$> z{a>=T*9GYZhSt(pE2_&UG8N>=YAR0@L5S(oPQPx(!zvJc6FG1>|{nsE{HJ2-d zOO5c9+M!W=cod6@W10M5U$)Ov8h~@sEZ2g4nsnDP1~Rf`Izi_PcxW^rmwC#JYCkTc z^EE!&X;o(Ms|L}jvANc>`KmAs=oZ}+Zreuy#?3R(Gix%lO zaP`jtCha~8zv5c)y>s7&PH6K<`$4tWM#JH7O?1leb(ze+Xi$dDmbG@SLStODUzV43 z%x7d5zG`a^|XR&a0DKx9Y!AG!UqQWwV~r-MPM zp-$8~4dEBdLOQ0*+|itdonE!vD9sXmtvX9h6R?~YpP2y$kO#KKYDl=Jm9T~J^;yYy zxtyNrqFVcO{WmS*Xt`sFENn)tPJI%qsS?#w=)xVRAB=vYAw!)qif1}KjU^bD#PV+j z(&q+kvY((~-Z6?Q4dm$SaM+4coZFXX^TlEDRF>(O`^+%}bFKPPuLNgbl4R{dxH@@_ za*i?gfQG=A+AZEcLWN@%I}RAOwWT87-uB6MMb;iD2QJY%ESm2!=Xd9^nOvv8ZC|xr zojWL4ZH?EuDK?+*;jf>dkzq=#WU^+BVx$EqWEI5--)sEQJ!VZ zK;?XW(6o;vE2r-|qCT|qggY>`l`~O`0jNbc(Jgf2`qw>E2+*a@!!$o|3JK?yrbiaS z1owR{k8)tAbPK*)(5j5HO%T_irFC82Pal8!WZOZspxoH=;_8x+3hzg5JDEI6_BO|n>t{;%jg&nNU!qE)^VoG{Z<_>B|h_Zht^Ly3DBOBD4n& z%A!IL>RlI|?6AzOZ!piFUy1 z$(lq5K8*iUpM7ytqhrYzzCvS2)c|UDxZg<#5qP2O35Fv^-8z8b|vyKEr`B za&v6J-&=NLxo%2)%CJUB(D!ZQQisLFApl_h=ZsyoJ(YA&nztMsOWQ7g<7G)OM4Xm*t zKdZ;y07J6;Aqm?5*ciND+)|cpE=*WGV;?nnVP~@GPXyHTUWV)PRX(#xRanP{$7U8c zyL~!?!6$Jy$4Ex#T&NNVFt#z0OIUL?M`3m-d6Z{Pd^t1Gz=8|{k<1g}=yWlTc;8z$ zNvyPpxI{+r;ZnvNBZp=bNaVqo5X3v~TG7_K4#2?(e7Js6)Vd_N%uMk;WH296eCA~Z zORS{m4lfS8y*?-05W(iwV9~7Hn&I`4!fSItOSHFwzntyT0hDjm@)G^;KJD*~%V+!0 zDLgfsyP~ABw_ZQA`D-`Iz4T-KP#`)ev-F#;JTlD49eZ`x@`wgc&W!1aSoqUJ> ze%`srZV>E_iNh-xDN6TqWTE&T?`x~DFqo_H@W8Eie$?ihHpBS!_bOiFR4<1ee zQ`-2%<+N`h{d$zU4Qb6$^?nt}$wJyU%ZLAE$O` zidf%Gy!VcwDCF^i3OP3r;K>w>re ztzH-?WXm|#9Q18@85#VRtY(J`1u)e-lE?j?Nir&7b=v)Px>@L47%+ZBqC_WzpIVD% zKPF~h{|fyDACgMkMQkza#Rd2i(217_9YKaPeTyPjor-e`nk!1gIEXX^IrNk7Knegvv2Q%qD4k$nGKZ))@At9Nvs32O!^HVHhlLmsJ z?E%nu-v0nS^~GLe2HKI4fTEX24A!bJ}@!T&%~J(PK9yBpIBRD-70crunvy|>iL zVT%anjlwICqZblKqEUqc6;kLN^+U}@UP43H9E+N z2T}|&o_nNlWi18PT_GfGe!K@;kzN7I)U}=(MU1NG8XCyuvE#kzL{q*!$(K^Z8bV_V z4V4Tq4TBVj@{2Wt({wY?BbJ+2yn)|5flAByl<`aRFt!x%CnlsE6xex@Ny|2~KPm7J z!U;jNJtPC*#p6J0`omo0B>E&4x%GPEyyqW-j)up6B{nj`AVQmx4DIUw1^vH0^}lHS z!weB6))jl)D1TCnLCVqP7^GPG1Q-tfzwKG6tMTN$0rcsMr)>419lw12M@g{tQQ{xy zNB0N4t>BC6DYR25hIvtp_&?mk2ZMp0kv|e_578%cZMz#rdTu8Yr7jNy5RR*d39sU~ zdqOaX8#+gCJ#u9}GXKq4B+Y}8uo^7AV>n0Q2QU!d+TM9<`?d5n`2}S9d)(Uj4fXoD zJSYb|>Uu$KZ?L7u7UmB^aWjPUEc&*oC}6N6L1|$VF!#Fb6A)Z7`7(oXkxYKR zr(T+qwck&_KtL}>ZnJ8|GDkPRVz|^XEI^86;KwZ7Z=7#FH{<}#`UkLN z&=&?X^38mD(4rTnK75{q&%g-6BIgF~?fm;5I4sBS%Dyhn4(!4UMRkP%UKj)m-D*y| z&(CegwFt!)dzvdX#pSX~1aHxF#Tf1{oEd;P@`{Q|xLlI^MObX)Jcas(Yh0I>=CVqC z=wVy3{}{eUgoln2@n^qP{cts(vPRuUr0r(Q^iIeB{-IiaS&2v|wJ~TgleST{H8Mo4gi5eYyA{hXqI9>;7n5h7~`kLO;n`=47#dnXGd2uy-XE<%Om8H zYxE*uk2f;FD~u}46BJ1KOypmi@RunR{5EoaEsF=$+3JeRZfZ>Q3t6z*%b9DBG)mEyd(Yw`nIG7*(SL5C*CB$mch%9k;o$ zY3$~;jk5W59;=ZHE9gC?W%N#1#^so0^v<$UdXHHFUB$vgq6wQTA`-gBOjis8y9#iNOO@33j1yqWfd1sSUX*)*}TI_*1f$#Fqmu z##YZ!ctsqB;Uy70R$&tfMfNaLSzce^0IUwtU)<_3|2dwvlP2T$RF4=UMnHm67nQ2*;;MbgHeL z+VDl#8~ft9LL#e2#(2MVWPBM{l*ikfT$%GzTyx6}?gs&|%Ncxy%hhel@54!plxc36 z@k)FuF-FRt4*n=VhLdS1y{qZUuPYx-q%0#b_)4d<2b7DKtoC7X^(PxX*$Dm>M>;r& z>PH&~yx-Uk+Q3~~*an~uriscjaySgBmPzhBP|rYqLcs36SizVFbLWnE81r3-1}ZOn z@=4|SXb^1bi!@kyo~ajIsP~P2ShA+k55P~0%QE@5-rwSb$l~gilUW81F0Lq%yJ=b% zIiq?|Em03f(}^BE#a$w=(DEf>lZ*@vDd7vE3bZ0B5Df|PNOF@{!Uxrh`C^GlPT~y- ziUa|3O9KM_kP?V2GfBjJZAG!%P0@RZ=~14eRcDZ0TAI5!A5^c-m{8~7X9NlVK6N|= z+v?eaj)QjouoAGRWo6TbwU&3AWW)Le0VdCu)qFkxtyRQOZDPXHR>9#eoUtcxM@$9UXs zhGfO+BxoyhvEUk;d_pKJ|EvaqVFI$kAp$zsj&iPz2ZePiZqUKyP)AU*-v5}%RXEfp zsf&{rcy}-00FX{nC=`a&Dq$EciI_d2uu3foK@pX0V$f}TK1^p~ve__`JhZ`#mzP|m z7qm2Y0@u&Wx3H{rxfyM#$>eMtC}{>&vbVA-FiVDT+H<{VtQTrWWb$bV^=RuMHgX7^ zP(KX>=cpTm-Y9Q=)n}e<6AS&8VlC8UW{DcmrB)V$(#K|sHE=g8I6O%}@EZ71ZUIa0 zr+gG>(k!ZX8@Z;eGyM&ITsj%ocJz~2Qb@|98~`@&G^uCWFXcaT;U%gSs=mw06-vO` zEoop)HdIL_AC_@tVC`;+Nm1(koSCLhL4{p;spd3iJ}_L-2*8lRo92%pye<~HSSK7TtCH~-s&A|n3Z zTHv{@y#1}6*mmny)!u7tz`?LCZ}}_kAQA7$#c7G@_n$vZS$0G=W4L7oQFK#4N*V_g z7{&kv<|`QPHm#>?+b)hW)8j*P@JNs~E=HcmOdI${Z%DPV- zY29i0b6DE#tn7Q~d3R_Wi3N=Of^&l{X;8KeL*Muvhl@5(U+u&)jXJCTlvEo3#UYUU zs3Q;@ics;nG5~$SM(B`JDuWydgUv>mESXe-=A92EOQgxr?v+ZCL9M^PVr5ym`IOuQ ze_?-7F<@*jzaZ%UY{?=;UND(2A|z75|4iop1t8c~?P^cT-Ze!CZnMq(F zkM4y3#0%|grc2@}DtAzp`^AYqvb%Pdco%RHNA5qI*t7tkXuD3euoXC@!nu+ECL z+N3nXv-8U&<;a3{2-bo~!SUFsQMz4m0NO#G&7w0{bIAE~SPVLAHa>qPg|;%Eypl#) z3BX3?hk~Ric{v!KbKubVd&82^!;e)In88?-p_Q?6|GyJ!O@w?m5;P4@3eOpnpk;>*WH0U(s*8h4wHLHYD zJ+y2cB`*wnl$KSR79CQy9`u~Xb^U)kEqyM(lO;89ag+W#^J@#RG6UEYR*p~t$cgjg z@qXO%xZt8Q=cnxKpK@xqkwxJ8#jML&S(gYMZnpk4nNXS8KLJP~-ppie5=$1bn2RMj zaoAi?vx8i0sxcg5N5%-7)xNh+$atasg_jvw-(hp_gMpt%Kf05Zk-3pkDZ?U+N+J}5 z(yw?rr~?4bIP*u+-{c|4(%ROM5~#`<4l%H_CSpR6r8SXQ){sJwrL`@Qx`m}R@!9S} z_k}8$t!x}f^sBsQ7)WL-0$+in*^0obOqq3n%vLr8j)8x(6@hCoS{TxL%;Y0S5~_RI zjb7|A=OJOu-e4~C%2^aumioJDilI;RpAFRT4o($=QE-pR$AvPPI_O6aIv zXUQ=+A*bl9UHZv6xgeM1id>T$a!c;WJ$WFHjCVu4apZ>r5=Pdw_UXBIU!M;2`n26H<0D!YVUiLD1GV(J=0y;UO#7gW$ zu&6f1B$VA1I`GaKM-+(l>$Un-oTZo8N2P)u2!&?Gk1qjoD zPT+z&L7|32r}#(Y2I*hazkEq(UVdW+ky{>&I`xt4SDScFJR+aP58xoa04mRGL;MYz za)E(5XBE2n&;6h6+rI`&jyMQQ$r|nTe|&h^pLapUSAnn;sTR z`0p|AWj_;*7sG##?k9x&urZls!*#ymRkX2+*F zA{Iz|b=7MlBL`aHdXN&S-%b#lKLh+5xli#ZhrcMbozYy!@luPRAVRLO%gKi-}@QUudD@ z1r;}7OMI1SbzcdlrHl-^5f%AJO^oowF*g)NMvdX%1MkK2Z;o?)J zMGOf1Ov&n|2@!x(f-gpl*C-uen<%4@4wFcERVq+zG8;dEIs!FdY+jHNBG4HXDCeVL z7GqPcgj}NnD&;iqpT|513pcT0k_aJ4*$DZ;lMYhZ+fOinip+b~bR#t~D;SW<$K0lb zeXbt{V3crUA;-0+^87~-8zRC&i9x~5$_#ejnfDaQLwxRb(5cQY$FOc^9gRMn^Ly0kDVU>w=d8!-^-~~VqAYsl9U?%?qgn}40 zK#>+@15_Gf%>XH(pbs|*E2a_RXhxPE43jSwWj3PBwiStpuy7&?w^T%>Mm1VhtHmJ$ z#_H51no~ZBU5lvcc4#YPq!2YB#Z-S3U1LgxzbT_9^F+8w9;0ZsvMd~=IA((`^+^1p zlP7lQ;TE=P)dCduh-l7|`g1@)72QQBxnQ6h#A68jfEBLy`hGZQa0Up-T^*0U?&!n{XyWu#mdDZ}m5poS}waEkiT?GkN? z_vDhdh=t6awpm1z+FqhA$uYu(2(gsPNZEVMM=4t}cB)fUqYc{ND0#@;QFt!0;utU3e!|WoQUWp;<=2Wj(*ot?dh>lh2M$2t!}u_X$1DKbLigJM literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.eot b/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.eot new file mode 100644 index 0000000000000000000000000000000000000000..86925676449bd5d0fe2f11bcae5311bca7c00dc2 GIT binary patch literal 14950 zcmaibRa6|oy7df$yA1B`1h)Xe-Q6v?yCuLdxVzinPO#u1xVyW%LkIyv!p%ABu7BOP zzk7AXxWa>(dS3k!#^CAYKPVE~^3bBR^i8J&f>Y&Rq~)WZW^)=!(DvI(~qUsh^1t`$y3wu*rWuJobPdB{*CKnU9LwO^z%`|o~Jb~tFNoWG#D-|Ws2V=Wm z(k(hxW#2l;HO9RuuHm@HDm^43IX}`6sT@0*uhxczG@wNx|6ZP*{5BubTyj{iSavtN zfY+D;LRf9Ec0n9QUo5X~1JB_t;R@oPvlvR4qgm0j#WYEyWTT6SShNEw&V$~b3bPJ< zfaO68V;F{6RJ-3GkxW=BZ7FuGI$>pdfmENusBc}XO(pFotYcvcX^LZSE`N}v<_O?% zp+9*H0CFNpN-B~;@IC>^mZ_CDU@h2#QXqKJTe3n)g2|jKM<4D`FODlG;ql8?7mj`u zmK@0vR_t;Djq*=+evS#g6nmo3R0%M@7b+)dusSN~mu3HOgQEZ}ZO4BcVS$ImPV7(v2ZgNPKE ztII|DGx{!T`zHIP%3^7NkGoU#Gr(%B&Vinmq;q534}MC|=0al0&4mh$dg0;WdgJG)>H ztg)Q%!8NXXwSv@*XB?RpeC29fjlL{H!&4dO^}Hm?d8h`1I<`0YiV{1lRW~Zpit=j2 zInCgs3QiHm&1!tzq99ra&auK=4a18N+E=oDoIGy~&u`*E#?=jP;8!{9_rjEhE|$+ zjUeK~{*9lxiMsTr{L;Lmskuwg{6c)y5JiJo%RU&nGP;`otfSMaEy3G1=W+Kb$_kT# zx`DZ<(jMLSh>=1Xv?<0o)(i-qiXiB-B#kKOTnL%S_krfCxyOo{JZKM;LNRc-+^Ula z(Yk_t(_tD)7_iPmvOeILNTS}p6bEn@&|Rf<-^wbs{F!b5*r!q{n8dw;rTWy5t@=pd zARx}zdDuk#m2C`3&|On~D2hIAMBrGHlJ_=6!Tgt6%{$R~jzweJ_4|r2L9=+s3tYAv zpS6O99+R-r!r!FkQW${egQynaSJ^N@SlyZ8G!j>a7oeD`YM$)$>X#%z#qZFLWbKOT zT0u@5dJP^Np2fM~glTR}T5&#mY5)-A7LP1AgqM}ekKJ1Z z$!p)IXA9$H>@~t+AtN+Q0K!Cgl8}{(F6`#Gbd*WNE*_hV#Q7D^~T>A4Q*zP9GvLt>3s& zp9A-7TFvK1iwZ+A^h2j?Ptfi@pLeq+*C^~(#{p?ux3sIZJ4h7Hzm!b-Q?ExZ1p-7| zkgaE-QmaFuycX-`>WPSm9>#YI{yB?=An!&*Gaw1`DrTB_&qVf8VOp!U-m zM*=eB5oIP!vcl(-esugw#Ow(5`ywX_g7Iu7Cwqk6?8PF2X4A^A`#upE$qV^X;M@yY+721KPp*5{0+dCXL zY`v_x*dWq%2XtZz%GKQjb@OsV5JCuyQ&T(w4a;Y+t&AF-ND^Q^nutzJd7I4IgUhHi zPEFiLGtfY1JUw4`JS0Fmw3s|7K~_ZL%FCo+(jR)F8n3!9Uuw~4G4PQk*HSyzGIXl3 zr+m~;6InuEW-3S_9RTa?E`joD1kp&B8dg`N)szX$xRg@Y(qPe}q0C|*-m>_j$s_ud zhkNu^XEErBm1o_e;=*&fw|Ls^D#4=~-!gB*ek3iU6-gn@f4G&HYr~zUCjw;7FluU0 z=~57a4g9}8l-XTZ9c_O44NHQcp7vb`Kj~ojA!58MkD$0z;M%PLqtG|b{0zu5)fuip z>8X-sEh^fph^sRK#&k^}P7naAEsAlsMNxQVBKv8Q`rj5+E@)hc)=ErMu{p&{6gd;? z5*AV|5H{LNwqvVhYyRjj3;pelAOwJc*mF_xNmcH|47;9NS;94gs>5l+io){zAlZ;P zh4jU*+*TO4_((HmXm2dZ@@2nd-=TyXq9`5a%EeXK5iqAO9_S(Q8ak@5} zkMqo&{+gi73m#H&4+}YxIEZ+7quQDJ8cc)FK|avIzpcKz{J~5%8?pf_Lu(I)VVp`c zD2Cl1j&ma{B);2K9z5Ks#!aF3T3)2Cv%EDx+vHU1!sEe$U?kj*N!VG|K@h=to< zFtbK1rK+MR-_?c;C;J;WJk4`5>A9B_ne?+D<1@|P4pGjDs&Ufq1;!aIMt;O(xF?zdYDa)1C|zQ+?K10 z7TuYlu6|NEd1)V@rzPFgofRR7bEIE7z>X;Y`_n=yf?I*wVKx# z-GGNfLcS9fb$*%Pe856 zfN&=WogYRFqc{J%gbk;IP@_Mwp;ImZniQq&FiT6vDP|yf=bNJhIGG7aNbycB=)Ij6&*FV-!mKLt;oZ;`nybS6}tJOx=nD>P@2>oZ(dPr@=L|!suDm zccmjcVj8?pqPp7?LX>74I$mr*KMl0<`j@gf$QhSg zZ!fhf@Ee4^pmncaGovO($`(#0HwH+KIOKLymzPclC}=kcoj31wl+1Wy2IR1)Y{8@gP19PaZbus=z$* zRi?b&dz#Mg1iA+TVZ#RQc_~9e{b>;%Ca6tM~a{ z?X>d6=v&FYOd^!VN>*%l!+md?RDU~w21+7*7ei-Ve~ZSZ(7vfWQ_7k2E8}n|EsL>r zByYj7vQQZrtjUG@n2?N^o7>EFIB#)}A;11y%j=jQnqD0O?%nNR8s6++xYj~HlUAm z)(bu?|9H*>t~p90vjNE6)>E*Sry5`=MFi)BkV+Sm?HMSe19_kVG1UbN8y%b7$D&2} zSYiM5`6i(a-625$2e^Z!n~>Q1>T3Y z^u4x=CGMYYw{c#3x1aR#%)-rV3IZ=0@SNWnMPg~q2J{X!vU835T4tP>vnF&XuEPiw zex>Y+1DIuWDV!PL$q-q%g%*4lcBe$!bVr+NqHFg|8D=yA2glCP(Az1K|hN1qpX)qrJ%o7|p;Dn)f%=}o@O2$j}N}9waVcxOk?4Pr9 z`Rs|C&r@W-Bj+5Z$@^JpV%gU&9IvTX(3f68Ujxt8vp7$zrA_LbX3%eeN9QtSRbCkK zU5#0f+_E$;10S>Wx4v1*!5K%qEc2|YU>7%eJWPR1s;}-SrCp^xhGu+mxnlp$6G3np zOJG+N-$94eYNM#&IBQZNE=&G7S8$Y*h${k-lcSz=&Sr7&JDW&~rEnVlh(?a@Hfrv% zlYBa~k54FX(7;T(b!p**tSnuAgKL5=hIp?~4z-05O;B3-YMmf_?E_Exd$~CQH4yw1 zn*Ho_H{{Vh-tJ|3vTG|u2~gs zu+FCy6s{TkbpN-niM~mPOHEZwe3ELWyeboD`J$95LnZgl`-MG4#(-IY!bJ~W&#|iH z`VyL)H^+v;cD0YQXPJ~5?V*hwazEyh%hm;?wAU0jH&SO~Cwmxh3;pDHB?NJ!kGjM) z>2~uP76lY^AGppJCCq{OWf857@7|@kIgL*ZDjd`e(0Gs8R$(#RbiXpTZ zDR?2Egyn78>0%PRRiu#T4@#>ie^w;O(J*q0;J`&@HH>~uw*%ZpUq=_|R>H+ugSN&! z@Y@{0D$5YV)&ly!DhSJ&I;kyB?h?3#!%e;5a5_14hn~v%lgcOq?Jx}L(<4k)d&Z0 zSvqa`Xwn-uoYi|Q6cY}wU|4N6Z1cB3Q5qYXLBx*wR`l1k2j{Eh}6eGFeTD_5}w}*nZs^vGkH3w zc@??+bC6Z+1Z&pKeK7? z+ib%hM6-#$P1r=ir}?Q8KVhsW)2ZmFtlB^t<8ogAh|Ci2OjOzGW}-?uAU^gyd^CQK z0XCx<1XkSB;Xo_ZdSsuL8BV6wbAXDOwx>Ph`cf9@RRN!QuE4nu_tE}-A7su9*QGhc zS-{vtF}XJ+E`ORrJ2GZ#J&bC;#fQ%<=wr`LW^*2FmI_ljh|-3eO`nIs8vyYv!24~z z4OsH5I{oQHcYSxtda_h^3HL+dXUB2-G#v=b&HAMYGQ~f<5%auoHc&3BTTMy-qFL?W zM^IO0(cyk01;+ z9umv^d!5t4G&;$=jsTspr0qWcJ$?H;-j{R{gP@o2d$O!<&C+R6L|QiHMu-b7-Z0nU z`{6C^W&xkN9VG_Ij>hP(ch5lgUeiZ8PxRXs!GscLj2t(dAKv>vTu`u{;Wk&}Y{WMb^p6=li@3dgWQW=>fi$VY8BYN;yl2gDhB0t z0qGc?jyxLu;0c+|pPh+Ihm`&bx*!BOl+~SxV8_97P%gpIOOcn{sKHj$E*xr=>4K~P z7MNN=&HYrQEByxC35RwvRji?PgXL|%HRXr0O9qIk3*(n+Vx-<@YWiWi#I50c zmP%mdm=Z3YV_Eg)MC`I)(y+zVzsy1{skcwtqn<42Yq5L2>9=L%SpOpW*`zX= z1J6-2Yf8h{L|WEcksxK3#VU8OXK7BCD-??807vbD+#!h9#6vM zg)q&?ZQQdrY~c++;ub*Y&qY5YRR3XXzR-q7B*|qJR*N!SqVY~3n6wf3N>RKWx3njU)64# zTaUlAXK4F|{2n{PKg5Xf`GD8OKeXS__@rDzT0r&RpXL@dN-rX`KmH;H|C@@lHw6ypa6^<;_OF)wr;%?aGY`C>HZRp zAW83(?tYiy`5Mst!dR=YJ4wq?kS?z7%APxpA0`V)w}r&;q5#CFcsSFjLL%VYQVT6& zw0~+>oKt+OSK3|k^0vUcAat)sT1No#qofX)QnxaVo>N$PNqtP%ll9A+-`3}(?u3y0 zGdZH!<(M2A22Zj{C`nk(O>lRJLxC9q2F!YngYC{DFsfu#XGk;+M|;w7>#9|!=RnS) z9$#e*go*dW-?%hqwDFaP5keCIhQBa$uX!m)9~0J{v0G-p0!{v7d0^9?B5J5QOjZNc z7c9>&1TRv>Rn1V(?uPS0sZ9F7i2b%xI*(Px2(759r=|VE4OOZy{hdN&NGRV z4~axVhdU=pXJ{=UEZ(gpHjR;2Il@<6w+kUN`?+#DdlMDDo5Z=mXAvB5;{ZHTR zGt7Vl*1?rbzRbZ7pbK3@#gR8L!SCDI&Ud>-z@w+2?9UoW*2_b04)Qzal5@LZwq(7Irz&4|Z7jB0yrt#) zZHp~*lZa4+NYL|xL(cWq4JD7dKKlf=(Cl*{wCvY%7C7_UzdpEt*WUgN_*xP7ow&{i z9>IGX87Wq^Mef?o?kGYr&?0z86$^-4QnAyLZn*2NhYC{~VFaftlPq0jk{>q_&iBLM zy~Jy|*fSyB7{tS^EB$;5m*i)x5+BXc8ylSHL``&lljwn++KO7|nd@VR1?i3y23}&` zcgvZVQ4L4TV>HVhn?x5mvlz^{6OnC2$GeQm5`0l3@6vVC;>Cd;?1|+)Gn5-4C+toc ziJPvd^6-MZGgFR?p$kz~qM3uv1u6EA+c@_Y#FMVizDp4RlE6nl;jE3mI_b zJN1PptD9UUXTA23Hb|Vq<+YsO@ERh>Cnrlyam-#~t7rJ5rJEczG1Eo+{>Z#VO~UYjOj_+Mtji;yTMTBF;0V+@sl|nLq z!g~OUfjIe9!o>H~llNEJMHS$M=K^@HnMa9c(F%?unyGwDLc{xE|9!h^t znc2ku(&D+eoL)~(LALQDP#eg zCb~3~XNTg(yWz?1?1~lweL7AFE-esgwUnrs&C0OZx9^o1vPiwOjdhx%zsrdOLGKzj zP1!szZ42;(^LBqfz;$DqSYgK_N`MA$CQjk;clER)9|Y0K#Y_cbX3{+we~<@?OBMIC z!4AH@LT=opyH~x0^10($r#~o6w=}WQJX8~!oO#AYs?pXbDYRemS@Lr9atC2JGbY;7 zeRA6CB^7k&$-*(gvUs+D%wg`v-H|R|P=WX=2+vB&JkA?F!LJ5@U;7pif#RH%L;~9JQm+z$nT0P}$y_=Gs>byDrH^gM+Ouhgvmw zgO_@>k&&?sW&SYw&)*n=N5Yd7%AVrd-xO}LsJC@}bQn!~PG{Bx!?+FOU{SQFk%>=( z-BGn4KC8uryjT5go&{%%(w9dD0HsNh zGn%wDFapTR{TbQcxZJD104m!JRGUcLkwj0@EVamC>dCjVadT$u4wgn#T%dV8{JpnJ zC6g$chu2Z%#8h5B*RU#B?*&TsQd0%iw`gGZEdS42cNbpW42%d757wFFLToQEDGr^H`wsoU7%EXxy&WimGJkQZ%+p>Z7KOj__6|J?@hn&D{uU9j|X^oPuzfb z_L`Im7!_N!;cJu!M7py90# zjb#n8ev;KwxRN2Ba13MJCWi2b4`tp4J|i(Wvs=%7tAj6k;AEc$)PeDqRnN2k5*|f+ zoKVpYh38s!GF@7;dvSV3nL%@;blf!D3{EzG*EsiXHo-F<+x#7pl?hMS31jjeQ)M^3 z{cF67I-BtO-U>qqg)cu>HQ8i~`mwXEv(Io)p_}KGMmmnE-pzZgvk2A_bDeOVbQvXR z2Nv=4I-WZ!pb1AB{jXsbtsGoa&v!@WSi6!{qhk8r~fxQcN5EJHl+YOAFfbI;6!AeTB)8srtb zemFSQAn^|S`a3z?F)bP_Rct%BP_0W85vvcs-vEm?`pg+KiilSnbW{L^?B7G$oUVjd z`UHqmA#6t#hyK!}pIMY3Fu#wtvvvk4D6<^T2?$v;Gl}=E5D~N={$#0Z$0$4TR*9N)D@Udy0L>k`E5w1Q*sa3*mRJ*}H`tbo zsFp9z=fWx_2_*#Rqo4X0R22gD2O1uy^x)r4%~9^Kef#<}^Yc|VW9jIc*i+-JB~y}V zt71`fwqmLl#brhz2ZAW5vh;^Y)8^FZ&4kcrvUj6|6C>{;Wdx@LowCRu)edIlL*LUY z*8)e7fuv;LzT+{Mp3t+g(asIXywq*xcAnIl4I&RxheoFuR1Tr?9?nkf;5C_`B^OmD zs*1~n7MlR(@Z{w|t1y*wwxh3%ZNg!>gaPEXZQRVCt8EqHg})!dNrUdNN}Vp(7!MaV zk>Nm1`IS_tNFtWJ#BJzwOgWV2aR=Uv88L`ShkD%}dYw{;b%rXeT>q>lqO0pv1-$8TqwYCSm|XFvmGRTfC2^e95k~2wAFax|Zp!Ttn&cjLT9R4>`k0?gdk%_{?j9ugpdjmAA zRpy1v&Am8QFU5336q5I*H$S;c>xf!@cK%^*6NEJB)=y5#(+58(CcV!k%Aqq|YI!$l zaU2OVUKaqpA~Dd>8Q_kh#^!zL%VL_~N86MPF?)ta_@}N8wg+WY=?Q=W*j$Hb4vI7f zdER>yedP51smUp5`;OtGi*>^y2vxUfgSf*eQ|@!3dQ=qV)TqQh#?#HD`$Wt{!lASz z&9%gQIKWFO>?q{V^CSaBAT<>txy1K_PPv0*;+`W^qKbCATJJZ^n>uE#QrRVmU-jV} zRXwN(8g>7^WuT?Olm(N{9@1@1R^rZK8JVyf3s#FdL){@H%Dci9;`2RJp3FuUHoxi? z5bWMc=qAc8JQ2`!tSGGR4UnWeYPCy`Ae*EdV-W8WcDq9;J$1$DsP{*uuUZn0<_QKk zk|AV#L<6cdh%}zFFYamW@<|sDLljgWYDfWvO%bIpB^Oy^gu1SXNBU}j6a6C9?Wy(Z z#$}Y}C-E4u$>}}8a3Zy;Jp(o2cAkanuLi5E1gC}CHC*6cAd;lgR<(m5xn2gGx?_>Z z`!g~_u#!+7Mmm?hb7ymHpoXHr?!epdy5be#AMt?;6=L5Iv1$JPVRu0hE6x`$d0U9a zL$8TLEEL~V2TBUm3H)5%cb?2zQ;>M^*(N(Q6$k6?raYuiy*H4cNj>9mlqbfyVeft_ zGP#;=2)`s8Ez*mL8K8d8I#VK)qar~RNrY8}V zI5hnZbnDCzj$$`JJedPaN~n^e@WHLo`cqT8D^4qFWdp;+k@c7nK9mCZAPZEpMcVsu z3p}lpgvBF+=TPv(0mYf3Aup1CdmFtEig!pY2VpE;tiDGoLhV-KfDW?#7fZt!Z`cm%}?lTLsjT zDD|W!!HPFaYe6UT!GikB5-_ zfv+LZk6HT)30L>$mrV%imDE{6iG^zMc%b40v3)S9R^U4;%??Imp4M!h zS<1%&+Yj?V9L(HduX-Wh2yswLaL?*_aP06D;zDp7_e3iYSB08Wy)@qr=TTO0vyJaW zVp-Q0+_etnR3Z+QvXyzC$adg`V7Hu=m{HOw{dgCrY%MKeW()BYHmTqUC&MYK6zV-+ zg?vaoJp6b);(KCB?<=@fc!Ghb{a_Z9d3D-2lQIiSvuYk!c!tOKl_C3#k5Ki_{)|l& z{V5Iy&LdnBW1CGX28wL3p*;1M@Un;ygg)L~g7YMydS^h?B_Z?VqI%notU@#=qWFfl zj5Rw46mcm`)&&8IGDSF8;e~B+!~5^;q{2hz7qA@rkq|q#(JnrD<-(}h_kDeWxIyyh zQDurNxc7C~OX}5|yv|W7z01*^mE+~Y60-BrJjE$Br6{LGd>rpvy{HDy$OqY<6^o$k zd@%FE+#VhugPy z!z;Q+8>uR*<5&>eLKq5=d?yCU78-kwYF#k6QxQ3kn+oIalv#ra_ha;h-5?9D`(Sp- zvPWButtL4xOYfp1VR||cxrA%O8xr;x=Y~_++8{|K77_B%OuF>&I7`G!H}tS)_D44T zo2(MYMh9xqzuFwc`pb;bb;-9Y5$d18+@Zi-qHh)g7E7M+=m+Qf1E>;ro)DsHeo5yU z7nk4>nr7?IZ!&>FLXM&>SE8X?*)y?l8a-!5YW94TE;4j*v?^(&V*P(}`z6-J-PG2d zc@6cX;H<~3JNHNhqZ;O(Jdv}eOiwAaw_i79S;H>SSVl5vw|h!~@l?3hrPU1Jv81cb zBiYM?Hp#%T5a|L0RY9uvcIOp!ogSzyU&rqe+l4R+^cfYO)O*bV$w*me`&0uxb7>pjqKiA{DWg~C@O0+41hTZ&;wg~INENM%?9VC``_)f>wR{#w@=h=W0`+kCJB9^d; z`C}E3dXTB*q4E4|Hvctu*?nj!-nB^tU(-6o%xLBjgU3=Qe1~VrJO-O;|RPXHW4`E)_o8d~?PO>*9KjoxS3( zjzO4n7I18{phS<5lo%@B@i-*z&5|$Za_O-6^2JH=aqClH>V!3^znGX%2=>c9eLBUh zPtzeV=(Bcrhk0PT48|O#cbSuyT?NH>h*K;j2GZ920$6rhx(qFtnf;VEr`PE8T^05g zGBptDmvLq~m8BGxXTUAL$R@UYn43UCTEwf6P12^uIN>kl)eRul0jfoyUL-uK76E1Q zDK+Tu`bu8MqWq(mriE!kWDpCQuC*(^GIQiHYE%^6Mw-r{k&u?;&Am-vv60rbp@Ss` zCQO?Q|CVmQ0>y}&%$&OuIiuM)<8huOntXE@ajSxmvCRyo(blwMmy`Gtf08>N#wllB ztify9D9O=cmi>_O)&KaZUr@k1w&WUq3fbCg#Ycw5Ce4(AlXItNvoSYXkn?yBc@OfT zcsTx?NCViZJuwhsZ&GtLrj3xvhK;X8@@*SYpXP98KnGblmDfU_wQAa|^Qygsz2G~T zB%o6#oL!H#B9@y%-$H#VIQH>K@W03M91z&9w?VIEV9Pw+AfE1yQ2DSY{}3Bpla>lY+AwY0y_aXFV{B-~Zd2uFQNNf9Y-u#`!0=_x=CJf25m z-BOLN8i!iV-fqf!;5#U5??!{WL2pPIL*)v)|tx?8# zQMk^T&V)Q3N#jM8D^s%_*8QN0Ux+KVLCnbyJTNzN!O~+!9Yv7rFHEMiQ8Huwt9`Oh z$jG&0$QkH8`U7Ej6EsR37Vl36z_LFlvY0B(&Z=_St?OE}8#TqKE~8G)V2QR`n(Ww? zKEWaG$VnEuz*|h}tZPJ`3`l%H;OvX)=Pm^)!Vn#i?k1WZnTOmSuL_a)C@Wk+MA{$% z5d=UVP_D_dLD-)z-|2&?e5K3jZ~Q+58_h3?(aVxlT)R>1g8`_$1Gi$Rx`a-K!r~4= zAMZ|9b9@)o2vd)xuCsVjqTd@zYoBmVLS!Wl)sExxB!fz44Hi>RjJF0XaQ4a0-4UoC zKP%qZ7U2#sVOhZm6kuckaSm}kZ1|CrB883)DQw5KnfH&vJaFo53LtQNmJx%PE&&Nd z+Gv?9bm!r*ZN=~0urs)6SJR#dR`FIzPu70T`7Vy+jHH+(J_5)J;e{y9f3)Gm5FPpk z%%*TFI9Vt!Y~lM4#$8X9{Q-E3O70yVUFV}`iiDHe%`r=9FWO?;Y&hZ=M68>vV5_`y zvM%mUw~YkhDw!KR-l%-6w1GEdv|z$#w>FF^E;B+cb6{wLXV-akUs2WSGfIiTM$lNb z2p@ke0m+vs#CtDdY;#VJS0-7wvmj8AbxFa+XvPNZD}sob+L=NF!M^0X-mi&SP-p3ty+6F^7)q&zECWx75ScV(hE|xci&!-aZ zYrWF$O8tkK&HD6%z+nN=+ZBWu!Th7C83c!F-^LlNTB<@ftVo*hAB}PZT3I8k>RX6qgV#f@!d9v*;kXH4B+S$qATdNq@ z%8(nyvD(U^{5C`zP1CWEA66{#`^;R|9p{I<&MGjg*OPwD-9^;;v?(7#1^L-Yq?%79 zlhUi!LlEZD&{BTzLE!|RdR64XoGiI7thJv9w4v1}alvp6=_bl)7%1ZRHT}0qx?@kK zd#*C_A>Pr#{$u0pjwz3OAb8^8mVaz!INeseDRpq;xX|EHM0Pt7hFzdez2M&x$;=-7 zoAeu?*M;-19eivHs@!qN(66~)d>uy5Sp6)jwu}rO$5{m}_tsQ>>n?Db>NL4azp-OP zOn5J$-e_>me<+xqk5I>hkF=7Ff)|x&zl^hSXqct(^g`iqtJhI4s~r4j)eWS{Mt*WO z=^O>yiP|yc*GUU)WTRGn!8a8ZV_BEMfe)wVRF}}cf8gqGyW7&V6&z$+saDR3*n*9^mqPxw?Xo2BjN*}c&&W6KkZ5|zs7GWi1@?_rGh$rgBJ2aD* z>sV0ji<*t4cc~X_;s0^vE3wthj#K8Jr5d$Fk`*I@QkIdklUNGxC+gc;84b^k3mjtg zc2e$5@Z5LSEOkNj_{KtbyLHq@I%X{=Vxa*oYy!MiM7A8;HwmwYVBJbm=JAvd6yJmL z**w}5D5vsDvUJW2&M-^XI3($m94Y2ySKkq17ObgH=7FL>wpoRBu_9YVO~_r6r*&=} zSTkqWT2m{R7zPwY{qFA^gzs=g3WBTFm(u)VCOW%cuhJ2=(gwbVu5aK7biF-zimSl? z#uNASB3Mp9E8k24vgyyc+?a}3TN4Oi0jVM37GxO$06Q_V`QD%VsUE(eGOhriVbperbJmW>)W)IKPp{9%K|78?>w zbK?Q(DZlqnb_c)9&sbSx&$F%#CZ8&IPx-P$FuW$~8nqM%Z&@j~@F_P2N5+Pr{T5!s zenwtUYrq^JgnKby!yTN~KCD)Doq7^fh4HmhjebSp%(BK+iPY+j(y367)atRHTDE|W zBR-=bE=7l5;TR#iyeGr75LW?3qn%!5H_x6a+xxHbq6ZyEc5=G~@eFh}$2F`EHKM eTY?kcbHDXBOk_*czu5f5KC-Kh`}zO=q5L1w8#G-2 literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.svg b/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.svg new file mode 100644 index 000000000..5f9e7277a --- /dev/null +++ b/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.ttf b/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.ttf new file mode 100644 index 0000000000000000000000000000000000000000..2dbb3d137a928cb4b9938a242044b4a173f4edf8 GIT binary patch literal 29848 zcmeHwd0<<`@&E3VEcuWRS+{J-vQEo~Y)iJ}_`aPuzG5eF4(Gm{#5tNc2ZR7$AY2U) zNVv;U3Y5E?iNvc6N4l zW_GPG&KS#Nr!oZ_=xXoilpd7+#2B9kXmi&<|Inu=esC3IhJ%b1Hg*loX}u<86eUt$ zVob56f2ce-(z5*y$OSmQu<}k2ucgK?K`p+3xyiZtOUv%vmbpPY(@-WIi zk-9q4BIt-{IK7^AwkvF*6-WG5oGLMoOX zVJRqlt~3vLX3BTIm<73?NKz{lN`)jT@y&;%h}Xqh+FSdXgE^ux=}1gPE#z7U8zYh!_xw`6!e_Te$IZ)-eMoK7_a0*(j(GS z((k1=9BGaWhu&dz*d0!X*Aa5mI@%rMj@t^Ig%=j?cjh_`(O4`7oDNpOYFP_fyo~K) z*RsdhOY9&!3S5KI!%4Vw4znX);0ijX{S#chjKzL|^f2(U*mk6CNL7p-dplYmEsgr# z&VD=VAhnYnJp16LgU=sad+^4CeFy8`y8Ny6Z>@Xt;G4gbs9(F0VKvfbq@8FXV-F$y z4(U^*%=uL+m|vAG@C`*@NKr_3R(O@DNX7@3Jq! zvtMuy?mfV6=4$lEL3RT>f*v`_E@wlmlXbD_YzA62ll>JE*2ntU0Gq`I*=)8ElC_$x zVWVs`fZXEKsf&GA8g`T;ZUBiATT3E_Tf#Y=0`dd)-6))yZ zd?sJZPv;l$C-|QvtrV0tN(ZD@q(3PXiUP%a#hHp9DIQcDRTe6HlqW0iQofebn6flw zEM;fPzLeWi-c&JFscJ-Zf$Ar!57gP}N_CI=boEcvZ>m34M^n>Njj7JmKx%F3^3;u~ zC#Ig6dQs}tskfy5H1+Y+7gK+qdN}pd)M#3InlWu&+Mcuv)2>RpIqkl*U!?sdJv%)w z-IpFpZ%Ut;KAiqQ`V;9drN5E>e)?w_EJKrF&TwZ`WYlL&&zPODG-E7dXU2n?OwAn4 zGR+3f37S2c3pH114rdxOt1`zk@6JlkYR>v$)(csOvU9R~v%i;pUH04AU*$~CIXmZp zoab^r%lTTX)M~VPZJD-O+n^oNZqc5sJy&~$_95*ba`m}=xr=kx<(`}S9TZIomUss)#-+HD|EYcm+EfPJ*fLqAJKQ{2lY$!*nFq?LG$D0 z=ghB||7bpJ{@DDbgR#J#T*A zy1ZR^d-JZ%yFKrzyifCv}!g<)55?e*TU5Kg)kH|M&Ut=6{s`d4ANUw&mC? zHm9w^)@bXoEwF8{ooc($_MGi?+Y!6YUSnTmKh1uP{gK2eWG5B!2Cbq@!`oAQApXpm zod@I3(22Y_{;YuX9*RFJSrNvFTsDQRWb@+BD&}TY@#ic&F-Y?`&dty(HB^ zZ-nLw0!syItY&qna})5d5MQ?ATc!9Gz`X+6vJRtY8OGNtk!v;XJCS4z)yNqJj%wr! zPocvxL5U+yi(`V8mg!L1~3(iv#>1y6LS3 zPc7ifCbnF(W{8~t?u_Gk1MUv!oQ;AbTflqb_A>EpCB76L*GD@TodM)XU<-(n8_+*~ zXd4HR-`S^PpgpMf&QcZ7{^l|Fl+$S;V>uj!eIe!4#`MokMLhHWqW7O zY8&u97oataj%poxb6$NWZ&rHnD zJaI@0=5Zaq+aQ5*9wp0Qxy-=wnM*)YAeZS(%kr3$(R@s~QZT=!u^iM^m;~dn1hSb0 zZJ5l*V4GwyGb>=;l^Zv0;Hlr`x_Zm96)gH)u48N0EMs4Or|YH_W9(B{T@%-h+cs=r zAAOhWW@KWAzsnWu;bhm~N_|C%uCP>SbR!XGIJlR}5AfNTb&QxbPeq^SioC=@2|ba` zt?ZZV3HBs=iapJqVb8K(vFF(H>;?8BER~m#M?!wW{u}lt?lRU?Jh_olQI8&6PlYT? zkiMO`7Q)U^;98FF9Cw*IDxpH}61Ls!OyH9#9l_YpAio4j(c@cKP)&VFIe!UCL<>PB zwTkSG+$lMTDzd>OGrK(pN~ABi)AYv*Y(w zxR){)k_F#pNTspAE6P}w6k!=sX6#D|qfp9b#Zm)n;VZd#a7d^tjcNGv%q!YM zZ8|O~dSjo8Hd6bN5-*E=h&J}%egx^=iMCPurlumr8o;Q1$%)!`fLW!rz)NlXmZZpK z<)YnaGqpRBxIXqA+KslyUPgMAo+sK&?LICk!hr2W9%_4XLffhRQbnA{#K#N4mphqR z@e%HWD03zHCWm>DI+5&1MkF1Q3CWLCid2l`l-gM}zXE-f#R~Cm1YRm14-6iD0^zXcy>vsohjn)&&!Suwu#NEX0L(Z8jv3(paxuK05oce6^QFh7X< zLEL*-3GO8d2kwM_J}cs%p>OB0=|~kw!$<+70&yQ=nOwu>@*$Ql?$1I7sGTQ){v)i6 zzsMZYEljC6i&awFgq-aJJv&)mJh^bUA{`H-?{1_Zk{8JZ{7pzMj7vXK0bu{Va%-54 zZ)0YjxNiWhIZTg4_X;Epk^!lnEsf1dB#a5G!p{PVKBOS}mHJ9fR3`D9d=CO{6W`VX zHxhU{2>uU3wuX^jM_Ph34`~_FX-F3#-H7?H1!)NBain{ZW+2T)YDKC=8bi7rX=Xf~ zg!}nO7l^bH`i+irrxcS7TivJc_${RRHmTDBh6%ouE&YhmGh z4^|XepW9&RY==Gc8l!l?3Gn-N!?*k)yv1|aDezWLW&eR0;~~r&N4UflTnR7nQdk^1 z%ti)SD<;e%7FZv7kYyED^HiS3(|HEh@Jyb?vtg}d!=kaXTQM{K2zJYL(D5noTJMK< zdY_nAe+D1(W_Al~n7iSn{*s*qI}%!wHL_;57*T;-wuCjY_hB!c$v)t$KU%$ZYMV{{i%mKTp5FU05Y{Kh#m`8XGpT^qQ zd15|0U!Ku;EwAJCyn#2uhi&F9yp^}{cHY4|c^99~XYg)#wmrO8y=~*#ieM$c5XQwcjg#Ie((j9okla>z&&1;hgtpoe$? zdXx*uPehK$N92fnGCAT=CP!oxMl`Z^e_tWMuLwruNYfJ|xivMpOS?bx&&q98x&}3C1D82}mdo2~9w%;-w?;drdq?%|wotIHV;3 z2}Wc{Fd{>O6&2H{H14hGTQ@ITu}W?VK%E_(ox);Ehu#{G`$LVw9|{V8$Q$>E$TlXQ zC1HKb&k{640xsLnG92O9^{ckPkNV~n*<}k;2~7k`*?wc5-a1`-n^FaBK~^k6txS?Y z3l#KY(mv#J0_Ki=5&K2#2eCiJo`~HW`(y0)v5#W=VyDM8#ZHaQi@g*3E%JPaBlbZI zR%q;K>?2&iK*CHjc>w3(*pb*9^!2}X#K@NaFC3@^G3(fuvBS6?#{E~v7X~dyj)zTs zkG-GV7PRU9?2JUd*xQMxZ@OnwYw7b8|H!K1tkkSo|t!cPwZB4M^fzz}k($Em{{YCsMn z&J@h0Cd@--oN35q!51se49u;0_@0l`jG5E{9ECWokZC8rcyMxIeK=r$6ys|NP6zCe zQaqQ52ulDKNj_|na@Z@CI90Grf*2zqoO)O&RhX42W>g4Er4BXI`hf`+$t+Mch%*EB z$U@XUg85j2-LV?@*T9;PU_p$dEZGiL%+6AW%5Jh|0&LFwCNJ?hsH8_@u@gf;0`4^$bY9K`>hjW zKK%!PG0mwN3^kUaj}Flo`9C>GO1}{2A;{5lkjbNzm@;-NM*n-UgQNqHKKZX}0-0Xm zJ_@{tW1k~Ir=Y&)0s9irmtwESonN}A;%$s6B;jZ zfEypl`XiaoRR6y_1dX4|xxl+8f&DPJ`qxA`(Sv^n6nZCdfcqbbR(=`#8a<2kLDE#{ z2edr-NY=$fGkWKvWITWfod-@#P&)ZUm=Zb{G$qX>v6Et3(8r_+KScTz=?HqAW}^3# z^I;q^_$^|7N~TL-2Asa24_=u37P~2SKOi)pO;CjAFPR!pK|u^FqM*uwYoecMEYj#C ztp&XuZxcyD5)LW_zQv)kCI|1R4K%+9T%hI)8rdQjT7{>HexSF+0X$PMC*a8cQCv1; zZl%)~jKcS1=wv=X{|ScVJjj)3Bk2&i{YQx3(A?qx=FdR&SMj%r-17VX>>B$|D*sK& zWvm$cZ+{zp;uyGq)(L3?MZ|aHR6@!=1B_O)kwf&=w;`afUyD4)aVWMoc4q9c*kky9 zFUe)>cWC_)Kt4ixCZS-ufn+3ln;bP<;FLSUSUnfe@`y|r|*`QG_@>6jk zV|maE6H+`?>f}-rIpZ~gyN_WmA>4lv-`=6S80jB@Z+`-eW}Rc0wQI$=7xNEG7kwV@ zGm%S3ufQXyLz&w#(vTxgv#doAk>xmf2nsWx*GOi>F_q>C=oBtOgZ~E7CFCZNgX$4= zeIaT9%{VNGlKhinvc}{LLPN;Cau_lt>r0AFlYA$}FoI6z<8Ce^WM4_Gnx)2^}cs zgWV=`MZ8XJe}b3CLHEIPxi|I%XnQvH0YRxnMJUVS(pje?<@M`aby5MX4~9s`7A*F^5F)(?)dX}yOGC`DSDt31++-yO*z1MO7t}w zJwho%SPkxI@J970fhh-^)8b4;4Y_#M;Y=4& zuMr+#w(tP8f}1+QF#~$Yf_LJV1w5ydWJM)pB?W!q1*JZm3gP>ufLkT_N?u=%@cPo= z^99hi=_tOjC&nSF9v+(__Lh{tY>(dIa&w^F&Ay7LTXC`EE6)>#E znF8N$40X{ee2(w{%|bd=LOQdAblQY;<_qb}7t%>_@&1n*#b z%lG)(!T6mtJ;gQ-#a>DN{@tHrx52}JWt%7=TS3q-M*t=LcqDck%YxoPtQVfvQL_7C`mJQe1@IO0bGZm@4m$MBufTwG+P5oIic(R0?3z>r6!+Zv|@`R zo>SzHLtyC(n$a404wB(`OT0DXtvL$0sjCw(Gjcj~1$ zy)pQ6|Ni(U=ctUJ;^j$P2|NkhiFf2UBF1o$;M8LRZWOaRX^vv(?_v>~5RxNg0HXnS z(#y0PX1XZB&?Z5(=mq3RK7md}fl{~5>gAbh}k2_hef5h+_#6VSNK0mq%|Kosnud;MGN1b ztcB!I;Gs4rwL4zl5oopVaL`C0JaT03n+0UMlq|A+jqb3hWaB=s@veNkYZ z%EtUaku>%(w|Fh3<)( zM4^cb#dIgngcT%54=DCKdCGOumF9Cg<(enqWOvYvPbXOc@e|UvZU0| zK(v32#+MSaGVL!?0ICM}(?pWvswr{QnYha-15b9OgzZxRjYWqK7z&VR2N79z6bYwO zu8lAg-c(Ra7F;IkPDd|Le`f-p9VN)7O93_q%8*5tivE`+z>R#w3zCC6;HT)c8n$o) z@Hb*bRt+n-1DHB-W(p}$BU-%>ct&t4uy(!_&$Jsb3v#mo&l_=4)OsgsA?e8y(j#mW zNEONBV`A46^;QlwZ}JctYbuO*wM(RC$kcZ~s2r^Yki|(cG~#h4D4OhnM9+}lKzrro zgXVZS5v5s32^q)%-)U_uZfEh=sV$08{yy@1@nymvJsf-Je~5|jJc5LoB6d?UE-||v!rb;o?BFCk_G9GxW9-&R$dsqD*tPJL zZ$dil_*pCVV|ecmPsx4U%m1t`uv93jkg(LI;-=n@AF}l!&&dRu@YB^4Bga9z;?BpK z%H`NMaX0o+$X*|fN|FaU!w825;|=?eaFSQ2 zh$k~7&w?7&(3a#g(r8VbiJIco#BcJ*Ph834q0=Cwd{QIQ)1(hbW1UX9=1I5$)Q~4c zC+QE_2a~na)LQ@b8)+TVoU~pnYd#ulw9kYReI+eJN%pn=HMZohPH-+ota>TMN*5O^ zT?+Kg&G>RR&XkD}$zk15Kj@__{xv_s4ML-Td)>bVoUU3Oys z3rAn6!IeVzYdf(w=4|ZCITyQN_G0JB`RoGh1iBl44{{iPIYDFmZ1DLU^v=0R--iV4 z#r-^3K?-&b#{0QQ`|y^|&cf5#h^L$bYR*OaK1SDG+|Psccs|NqfN%Sd2N>~1E_;;i zgs&p5q$YVU`_Dm1LXKj(EojmKgx9;-p_|+EmQY<^vv0)hgwe9 zh{nUBtrFIMbMTiqIf6&^;88tzRF9m?(3i_`UxE33C89MFp0e@efJCIQ0W2Rc$G%Jj zWHDQe7Z%bMYCR#J&!vupA`zEK5%F=YdO*sJ-f+Fouk`zs#g5AgPF%8t_b!$W92;BM zyL|Z-D)*Duphja{=?=obP96=4C21 zmam?_>-irPJzd1R>+35whN?D1_egt>jbC{s#cFzir5;$c&;U*b%0fY-(V$nU4dSM9 zDMG<;b(PoU!WVJxeXD(}xvVJI*1n}{Nk_OcSk*anLVd%KwAa?zR5FyU%$(WMHrvn7 zDt37t(RuSqVB~NXhvcI*DudpLY9b~TUo?2`(46xI zn^qR~St72|86|V47d4st1~okwZy39LR>-;7WD72CUAft98CeQW6a77)KOK5#l6sZP z2Yf^~2=9GhePbvz zgbXfRd--M2f4uo7&zAO{bo#DKPKxJzUvNDsXD`1p`sF+CAlIcQ9ZR&f9j!$)>zl2O zH@4bU9nz{)e8c<;=M3)~?pp2WwbT^%EFD>>_iDzDIKLNfa#i7CqkZ%8m7CMkH}8zT zQb>QJK&_sWpf_X)0h0@7@BX(B9C%yW`;UJd8|OLEqjFAm5IGfsJIFy@4|q=OGky=? zuy{;PuPr*QT$z_Dpq}LRr0N)}kt< zGF6Q_-^_2c+Z*$_^Vs;uj{bpyEC2rYD+>nt9rzPXnQD?0Sh!S&DFi7bzA1bzh`OQo z(p#F9%B;O~OUVSXNA^{nT6-9b>^MJsQtf+?HIm_z(W}|VNimHVl}{cfPLgFlcix_v zGxyAsuWfyOZAhBI%h#>HxWE6Bb?Yu4JY{_O@{JppFCPah1wShUKjE=}HhBc9TrR`J zm^(OqTW9BZ$E@i)o9o-9y}ptDp5^6#{d(GzJ znT}?kw`^MR?7Gg{jhc$UD!bQdE3oCdv&uWm!}F?2ix*k)3i9oCtU)s~Nly8V$cl{-dQ+!Gap=>6wE0QE!@v|p?(3fq>R%V&AdM|kba`#g8>Tq~< zHLnok6kdSBfpUe%m75$R3YS9G{A$HnCtO;l%2FxQb?KeEJ8@O2Gu371jX&6&nwg?h zWu`U&|F1)9s;bt6cxCk0m7~?wYl6HILSE$Ub-R1L(bv&VXhEqIb%G-yogxHQi{Tid zVIH4l)as1;Zn=J1hAC5-VMwpK>gIc|Z_${tlo`g12Hwvbb{VS*3aX5|qK`x$*kcXZ z?IG(PZ~-wG$pFmoi$c{?FdH6y^6J_wYo;T6+ z*C+`)FI3G7(LKD-;O36#Klnq@gWNTr-+$8l=nQBR3F~B^@mKiQpdXepv>T)+BIX&j zPs}<7E#y*^|eb@?@U(~bfsE6y1x1X&2UrSyzD}s z*|5y!-nb=tD3tHoV$uz#m)OiE)Yby2FiMZY29UKq=3dN|2DPYaQZ=}oG^O&6!Zw>y zvvt4H*6ysIS6;tlo;N(V)UPkn6gsMYSK4Rov3Csb%{1_CQyDhs#mj)Kp;(=xRN4H4WPahsGQ1rX{wXmgZhV_EHBX zVTt*G^=r_rBRfUrl9-Zxq!cIkBlw0&J{{Rqx1`EnV^Qq~bF7_`*_W#;(YwOsn(v=5 zYg=Q!x##9%ZIxEnPQ3+Gw{^|vKpjN++o0Th+)OAmQ6Z@!(nN|7>BiM&#ls^#!^xWz4ooq)5#uk#>yl$ zC@x1tqFe9<;uEPBIy8O*mrOtzw~w4Y(Fai4Gz%z_bgwS1|Den$%cr%AYr1rK4ztx? zySTcv@VVOpXY_)B8w?{7wy=Mz>58&^s?l| zIuW87TnoP%P%kr2%XYD3Ef%B!xuAoj_7ZCJ1R&5{zeh>h^2XQq-zkjYqR^rsO*Inkkp_4Jq_%3}~Ce zhMpqLs11>ZB7-t9z(oty@s^^YG@>C;ExN+)%7K|^ucv}8<@{)KL0L(Wvog`_is)U` zdfXEHLml$G9Iqppe?aT#onRn8+GHMw#Z)$4V*xtUesVopE z3zU_`M{mRU(BQU)9lgyhJv4}^TU%n&B_n9l!53tv2@a4Hx*&2UgOER2?NIY=Gkgn1 z>z9Nb_12VrD4mjGebEEbO&GH0Y@M^SDbLb>A$KQ~4)FV8)8We!eh2hUbwr>|46RTk zq=l^0h>(>KU#qgTI%Or%NE+_Ygo1eB(jIexP!cvr<*|9(J*go?FY*ge3nFq!y(qf{ za<}F6cn$gK=1faYeuJJL9S&Beq@1Eu`h(Gf=ph57=Ngpv3F(=%8oaXAFyUj6%>esR zuX?$1jknd=R8VNQ1+4bEqP26T4HvXptE|(ec^wV@QH{4?#FA&yX^pycjeDBEW3JCU zPjB>@Em;|^X@RyyB;#7tx=|V@tA{KBnDUVb%y2jj6SB+MNPl~e_QV}KTsDm*-K2|X z*3Er(gX)Ykwmx0#Q7PA}FhCIV1g0`__x$)kGg$#?y7ZRwuH#2P@bvn8y`B%EIVc5f zDIG;A8b8TXaZ>ro+5W&u7geazRj?=0BB#`(Wvi9yGMSbibUlUIV8`&!P@AwRd`UKi+B8{9)@2u5U7Bu8SElBsIxpLI z`PCH~lSY}QPxEo<$bg~5fPVwAPX-O8crp$W|1_~iehhdqrGbC({*OeG8>GmRb{Y$_ zt?JxVPf@!1=Lfnn;6bEn)9TN=%~aF>xJtR1r?_oa{_d;JPLHe0^=dSuaSqH-PS!NP z7ubc>p(CSE5i)pRdXR5^>9u|y*xDEU%~sNd!WUPZ3>`@kS~dPw3hMV;;2BfkZ4>!3 zr@&`Vz_X{or%%9jQ{a>J8VHWqz^BlS7FbIv#NrrNLzZCg!(ej79oxccmztLs?^f!4 z(VyV2p5FWF<(IiKy7sPizH$*aRxFNwFYfYQd@;=dftZ%OchpZ&E;artYcaKtJQx14 zXtyffZp0A21)jl^;nZ$9f94c8wNHlYWH{}RV}}I(bQwSP-4p&E)Z38+&yeAW)-c|x zApCOv%sBjAz(q41=Yv-11>3|DYJy^H6Xk80@&)&2_ ziSy`elWE#;W#w?!MVmKY&@MtIJNVU}dHww(K5$j|PlBtEO2Jk1IS8~D|`$4dzS}x9UTq% z(RSghC~DCbFdsCha?AwZ0#8qdOYcwQ*Gz%GI|0v{0)J)#o|_C;C@0{0fMeY9n`PmNH^(u0? zea#!%^@V9wL4D2=tG&coOpaKA%OG5_UzF8U66f48EqP058LgbC@i(N90s)6FA~@}c za~kvJx4_eR5?pXv&aasQCyvVSTp2D_on8_6Wji@lwv&mAd`1#HJ#If^#|du{_~rbX zIQ&(>n^aBnXpL(8Fx7GOT+-Zq+NorAVv4E#? zNU7Z3De&}UxS&VQubBcT{4zXi3Y_Sa;kg6{b?(@Ek{Z8Yn?|T`?f5yA@AbSve^X%{Z;-zz+Y5W#?`XO%FcGc?+;9o)quaGbi#Un zgd~-E6k~0X^fXq0;t?;nJ=IkKMRippB3{Cbv9Qc+HxsaUmd0#Y>CQ8l3i6!6B3rT7pJ(&6)kcf?do8PKD|$-Y zL61|X&&%`F1zTIhP+enpuf~{R$*qmPQa3hZ z`l_(b)LYZlLeZ%Cxy6?0Ee-WQ+B|UbbWkLGE)g@4eXfK@{jEONex?KW9@%z zFE;0@HmK8v`qHu@b1|G0%z}P7N30E0;rAAxk10qZtC#p7nlLg&2n%K=GDJcu6+J;v zFrE7ZS>o~SjC5Cp(PVLIyOvdURp<;Q1L5wuMUBqvuO33O=i@C^b zF4Ej`-E}wIaNTvcZ1F4}9v*QzM}~(Ndq`?JarwQpOGK(D=vht8h8fp+?vASI&aoXk z_@;&F`TApDBfy2K@Wt{bT` z*Beir-Mf2jS$U<;+8+!B7dBLH+7wo#AX?3t5v_X*crkk?jd^MntSPyl5^?LvW!b;> zZg92RI*ZC{^1D0cHWzuF5qo#(^4jGmU`4sBWxXa?v?$;0bLabwqvhU0kKMY!Te5Jd zveT%{>20hVDk1%fl`#G#+Mh#7T@vGhjKjBC$K;Yy7)D;WLD`}fY6 z!Bf{1%(7dPy~&)W=lj58Bja1eM9|DMtUbc@=jgXf^8{t`U;Ti=+s)z)5A zSzA+@@3FP!^3gwM6nY~IYg*Q6syvIVo?vA~Fe|s1x16*iyLh<0b7d7M^`nN5gap8% z;6N)cS5|oyNz;I=(^PWcT}+cYOGuwyQ&?DDZg1GwF=Ja>(}=w{Cz9`~btx<}Y=a2( zbC1nAb6RCMSRDOz%l9|!xNJsQ!Mxl&&v3WHwPaQ6k}9+h8jT-D`!dnqc zYgEq8`slm-p-7u2N4f5%D~3*5(6)WozC{>wG;_T#WW~oY2oWO^R42yQjG&urWL*Si5vuBQcoY9V{07 zjA{aQnT-YR;^DT|rJJoJoksHwLt`Ykl2m>v5@D-<3yW zIxo*}H2O9D7mr?bOYcRaqZjw@@GKgdy};>QFneebt>q&U$ScuX*i$qyrmx-+no+oc z9~Q%T56NsHE`I5F>e$7|Ba9 zkVCnT2tB^5hWST#^FSkK&rh{k{9l64gyCHQ`t_+E>CI0gz->~t(B%2M|F zH>B)hRbhKw^b>wtxYad9%7C#77(Nvk_M}q{LA-w<-p_;q!C3=#wtS4=7lJi~aXFzi zFY$)3_8kgos(nS()kVH)${Ro&jUg}MuqIzP>~lJ4dQK?X9(zqKmz0t#9QFpQMjr3e zw|Gj5yn*hP!JSmIsEL0f`SAMyjJKmrxC1V*PJv$};61R=FGg)%b|C^UD8(0&MaV9c zZWNZ^EVM)+U5(uWU`<5f3#k?AByvtPq#Q^wRK(ly9uMx>6MgZo6U~v>tk@ua)97ot zya^i#bS7wuiRLU#F)THtbjQozv4;nvFYe)=5HAP`=|<8xH{jR0tP}%`cpG7q(=;=w z@3R!9WRk8>8GXezk3GLcKg+ee7GuI*T5MIec!NRW^?Ux7>ar4Jfy1ir_6OZPb)IPz zx>&Bd`!ej{iWHKM;jZX;T5%!0`;1}PRqk{j`Uc&?~JajK}=Yon^&O9Js$J>>4K z^VC#SL|jyLu}M^26ynDwTZvzi=F71=WwyV*2b4Vy=TwU=s$etFW|cu zzwbc(a|M2JililiIN6`1TS;1=HE7}hafUFaHq!DJ2P!(JJIcx=mEIev3(Df>ctknCI?q^+7PokZ`fK}m(mQC8v%RPd$Erg|#oE$wLBM-qja z`EOCP7r!(?6#alG0vs6myTIthZ%+{XssubXj9+`YQz8gE_BYBI8|Lp~AD)+8D{@{N zZxi{7NBCnDfsFX75pFZxf99EyO`B@=jqWSG>@rXtMvlKGazuO)lVJnCN6xIl=hA(n zzzrPy7Ub~a_ppeH>+oB&L>)@Tk`p)j*h00NH7?=XU&^uobl!w@3Pm{uX}Ad%2c3CPP`2DGTeN)Xb_OS zBQ?Qb%?L`~<6ZvRy7jLu^NO-4GaMV`#nKbt9a+X$xD6SGUtYE9GQ~*WvF1LaFn}C9 zoX$F;lOF5)`g+Py5XS*gll7jc8rB`ziX>*hD^|`yN_-ZkAr>-x*xHzq z;;F3kq@*;qHt7nCO1IbRRvHU*mo?0CSBDC$<$SIbusVWa*Q|ymUoHJryp)tw3VotOIfW>@bSZu*?WfW1 zV=wZjqV!9mUcQL`NP31=dUQS-9gz@u<0iH5KttV_X*{zxbE|o*u3>;LDjltyZr;Ab zGQD!NbUtZYPwX~W_;+LcG>SfhoXD{dC9zKKw8U;f1VNP4aYB+5db?y2{pwR4jjVOf zsjM%sdF$Kiy(ON^oW-+i7Z$XcYOG;jV@IQ}#FwF2e!C-7Z*x}n`&_gAB{M^2gg~qX zB`xLNc4Lm;+CIl`9?|Ffa`W;WWzA(Jt>zrBscj*@!CYvyW*fW?pF@vDKUy8VQ^H0< z@DlA!A+97wSxC#z+5gwBZJizC9i;=(8^_$-P&L{!d$~V~z?_1W#r`HeCS3sQ+eQ9Z zij%fCHA0O*lT6 z$*^#kXAYk><})fy-VO6Il+)U4lo@>8yTilp^4b-xtt+BWE!}#<4O^E|pH{|ZE9Od9 z;jd0GkSF_v+Lt9^hJr^fPgK-f*b{}F4JwGK5I>hwIPVh^HH>Nz_Joe)x6M3zeM8so zAB~J%Gwg4h(?kqOt6~8gJbXH{guAZvp=geMy zTC*uO@Tkz3B5ojQhLTYLQw4q2YFinRKbB*0|vicVq zX6r|h`WI%-USgVKTw`*s$r^ol@y5kB;K1$Shacvajbcv5oI^WA=x@yFy@&6>j*erP zjh;ZgI{?W8q)(9s$deP0^?a6qJQatykY}?f^)x|1wG}ql5`GcvR}48>lgpYjS=Juu z92x2C8X4)bxLg(_4R%$IjbV4?U`=OdINaGud;5BTF_)h?#V5F7zCU1@%Pp-cy*7Fx zGLS6sKGa7$iRIZsw)o^q!K1R7OYM0&m$spPeoKFoe|v4?5|7PcG1d%pG?fnr77z~5 zJPSBrHG<-V9{YwXPeVr5V5)~ggVq*Tg{g3nyTpp+jI0JnYrx&;wddLW#T^>IH&kIU zh8j&41UR%|m&01=EGWs*l)Kzvbf!cxB)%DKOCf725+czz(S`(hKf;*>t@p@q`0s!292TtwrGqG!Pn6QcEYDTgFycd5`0O;aLFU8j!Yw+V#o}<83-SWm zk1kbZT2iZK&e8OTEGC!PW-~b+Ul>*>+UsgDY~(#(v%vxJ+k6pc!d0Izmg8DX!~}p| z^$UA`irb*eFYX^+GF)7vEzWZ2ONvw6a27G;Ymq%gC;&bhg#_ znjmQOHy8MyX3zqx*N|UMS|CeOZ&RAfoOf_S<0L$PoVWHvsGu%=NL?n*mNdimdR)U?8S8<@M4XTY_0S)wn1L+Lq!Lq&~lVi|F%DRv|K zGk^P=mfIC26%{4@P85R{rFAf#;w;zFLyq7-SHL>{cq0?#vXh#RG5i&D?VAwiUyC-VF%4)IQ4el8Ai zO_X{*4r#(~Cj42#su+GlJzhH?F9^tsafqKq*^l`t$n)zsqyWEJdzXN`6o=UOCf+PP z3qAX`(6eT|kBIkopn)a)lC$`ZJvPwyalcH+RU&?95L=2S_Pw4Kh|FIunauit*;6>f z*W5LfuFMUnvQ3$lKEA2GsJb@IVA5u`>&@LWA9d!M`?EBW6q^=d8wtM{E$SBb0M+$R zZGnf1y90sl;*uGGz>E@Ge!k6?m&Z5xd&805;^N*&xYs`zEb@m!{vr%#*j4;|J{=yX z*e&<3@ZMk4;`6l>`RVGndpvfV*UQiMv=kS&c;suRztG|LI|>ozk`Un>!kTasb^zcN z)+y*E8x`YAEE$nHhNVjLyH8$`lr5P>Ga8(Q^)osu!d1ZzJm=;#%;+>#S;OV4+`*t5 zX{fs~(9#rW?C!K!I=dUonhPVQ#_leS#@tt3RvHeMmWlX^FLn`sMfx+v5>0Rg7eaL@AAx7T|IJC{{Vw{_uaxb5rzwUDHUg z*f(G>1S)dfxeL{qsqU&gCH=(=v@;?{yTslL%u69kQ?_TJMp}n5{Ot0}FF$err6G+a zQ<-Vb3?A5j;uTk1vA;9Y$vt}tTOIhfC;A7x?gv)v`@>dc8_v0I*>CcZ*Td_Y>__;<3Z6wN5@lQk&rAMoAKAJC}K_@ra;cP@%Tk>iQjJ6t7ltQ0w( z=66lxa2=Opj>z#Oe^u5^z~L7;o{AldJ2;N;lc}{>nJ_raf#W8J|eFvuRKa5qnwasK%;F1SEk zH+NsKuX`WYRxuS-$|^gk1s^03VLR1H$Y1;ELa=-WN)o z&Js#|H1PzE;rGu$_@^NnIVNt{bTYh><4 z5Ao-(K6~`0n?}#R8mxk)1nc)r#8W|uPW*i!{zyR`ymI@MCj`orWdVHM8y!FOtg}u< zUK{>jwZHP~X>XMWzA4#*G@|VAdE~*fsG!{AHuwsAJUt%qXmI89cxE0o*-f=|HRZV3 z^KqZ(WAt4LaA8%cP|Ht?Udx|H??w;OcVFzV)GBF-E|XU6gD|Uo+ON*&=NU?_893d_ zS6|Y>jnNM}E{Tc=MpFJ19-*bvh>0V5`+5Hv+fE;derDyy&P({J=#`grMn3@lL4F4N z60?bt+HF#+2X*^R<@lT2Vt(?iBqOB~m3~qwgb6VyDbJsR26vU9ks8F11XW#-Bq>L=6thkkh0Aev5QFAUSc!MN$>N zLZJjiABWtC9ZcInGwof1=YtVX{})FiYR4GBJ{nW{eJiez>aSY%Q~EX}-Nbqn^7x={ z_xIf@-LzxLUi$Vp%Kcm}hnS2hefkwEr26SUT}I#TMY-GMasp@Tt$or>-FuhNw;56; zyPw*I`VhuZLtO43yJW0pw{o|%>h#mAMn)*tT(sjBMVrV4pMkQiYhG~eg62`Bbh~fU zCf{tz)r$Wwe>0b7fVm5hbWE;rt84XxtTsXU2m2Pd8Ua>^kRpqYm0X=7n5XV(7q^)m zz%(WeumhlA~Jwiz(Hx&5&1rDF@p@O2K0!LAiG|gXN_xtSxmhS@7BkVrK^nZk)*1IlG6J6(vpTqp3#^`37F1D zJbeo!V6H8q8T&CNlr#iB)$9t@Y2Racjlg(GInx+cBe44z&P)8c=7P(tf6(k2KL oL0)A4cXdWxX+fZ3Zob#M=Hohr-jHojEpJJ4IzpJ*|Jx=1A1bG;VE_OC literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.woff b/2.5/de/assets/fonts/source-sans-pro-v21-latin-700.woff new file mode 100644 index 0000000000000000000000000000000000000000..a6786d1f4a52561fd9a03e17378c4c10914d1ffe GIT binary patch literal 16104 zcmYj&18}at6Ykgc)IIH~+f&=NZQHhOpW3!<+qP}nwr+p_xp(Gfva{J|Ht%NMY%)n^ z*F{EH7ytzLDcmQ3-~VyPlppzj$bZuRUql3jgaH5`+8>PRhj@Wofe%GwWfXoeQvd*J z006+_zH>jz6j4y(2LNCwfAACl0K`5U)D%cYfrcIc`2C{;Q2HTVO+M!;11mjS000*A zN6!HO0LJE0DM&D}bTbA3;9>v(;&=dn%M}ii^UKso&kz7$Cj9Bg{2yWXU@w^dfIm&m z9~t+D2%&ty)=jM(U4JmopKp-?0KaU18Q}f1v@!V6V=ei?e)NFZDUvW(tn^%e?6Qyi z^!u?5zy)FiJX`Bo8U0`fKVzZ!(eso)vfi?_ac~3xIFWwj1pok)QWry}(RJ;2Z!J8p z>>tn`FI30|0tH~?5Tk$yxzBE`UKrB&x{$_UV^opo`r$*AXcbRyCV;akX!eg0*R{(O zP+N>qgrM$3$L;-|b4o%f< zuL^T4M>Re+O%+{=JSn~Bc#UcsHLosW#;g#x|FNu>@}CrqCL*d+t1Xi{x!Oc(PiQB) zqlaa-K&}ZJ3kN#WFTENbQgo*zm%$}+PESe5zTA+ieRL^*M*0n)V|b}^w8?W!|e?f8d-h;v2Kl#2y%V5#MLx9PW4`UE07LU8lL&*=%xPG zt>zaU50Lj1jpBP^$m{QK{Ngo%kq|!dymV~3U~Tw$68nd6V352-zS;2@QaZ{vG!+iAMSy*C8Lr<5NM7YVQ$#B1cRFIVOKp#u9qK0UeScO2TjoSH1a0k1e2%xNO@56 zKjb5BE$CDnZZ+6nGEMiN^D=otn7>HZUJ-qizxRbmVvTKK(Q&~WLO4NHd?{-!kRU9& zUO4nk-{m3QG=Gn6*9eUB)PT zf@+pEsWobw?K|gwTq%3ycPLuZLWW>QP_2dOo}&?=h?inv!U@?IF1o~r*=+w z6LuN4Tk_X#7t~@IonLS!^3+GK#_BG9x~Du$L-F0XBy+xqOHOb4O;kIA@1R_Aes|0? z!4GuzW{wEB2i!5AA7XpeBkH!tmQ@O0?5(9#mK`&*blo556}e3`afMQHRZXvoSo%}y zxrjHn9il(RbUN~k=_a#eg4=*kuaC=De%B!`zGfdi?@k_eldJob(L;GL`fLWZKH}PNS|-8yOp-j_5_*Xqc7#y zYAnCj*O4Eq3ZA`4oef6Pi}d#=pV`-s>USI}>cXZu{;UU7ITAzOGt|IMd!$XqcujZd znXIMi4zD@aoHMPI`Du5u`)5O1y;{vlY`t1mDNGleE&Ee$KNoTee$aOsYIP);mvLr8aF@ zZ3j*Vh#{@0)8(I*Dy3rpv73ygvSVp@SXskS6 zth2X^uQnFzMT!Z5h5(@%j&?mo3fE4KHp|OZD73KjSq8gxD;SMB2gk-vY$OG_&dr{C z*L0{gH5$jU%m*lSZd5ectxHE=%14()4|tRmd7NsQZny3p{}b~}D7Aw{yteviDmFWh zzHk|fcIc(98#i>yJOVy^2~d}*2|qMqDP!n?Di3Q%5=g9h-_chAa@TGXW7qB;@%29r&OI{hN|^m8`gqMWxl5 z$X{nd$V|}U$iUWA%{bxL1)>E1F{=> zliI|IwRQS<9J<*OBO}5W6I7e6YO^X6Qm^k&vQ1bShJKS$%f&4bFTcI*no|IABp2X? zwVsi79L7yzIp!RI-s2oPscl_D)zx0S*Oup88d1>CzrO!o;Hq~RID+I51TZvP9Uh(B=-t<*jDbY}i{l%tQhTaa9A zm|YvW%hTE3#}l;@**hinM8koS<1AEW5?`Nop$xR~MYKUxTaFHyp9MjX0i`{6T);}| zbgnlE^qTVY7-*GO`qFC1V>0`$_CBT2P2^d+e2Q< zYRZE}sTYH{9h^KWgX?OU(DfG#coXojP{XQc_MgW|0O$7wY8OX>B>x);2d41F{}T?Q zw*1dDcah27zGWuM6cSA$)9Z*H&U1>sZ7L+BVm%z|`DmodG+(Jf0V&f_bR8X0?I;ZM zUNGx5FA&rfECd!MnA4RKJ{l1en?^sYC*J83DT`WS`p;z+5vVrBU5B)x8<)-8W4ap# zR)@~Pt1qehQ-kZ1V@!sWD;k|GakQKUi)_`l0LB{rt=clltP_h&9ufR3B$BUl>>F5| z4e>EjFHyEBj3aLxh!H(6eUfPgTHSS6(MUbvqX!_pYFoh)TBdH^GF*#-E8c_RYM8n) zEOVk0g+qxQ?^ETIhBqAv(OIJGF?;UO8Di3?@pF{A$w#bPzS-hbjAL0^568ZGXz%-2 z!i7aA_4l`(49TM%KMn`|fm9aGjfD3kALeB3?j#G?06?tu&(A`4IL%9Ed!UWhKAIoa zuZyxgaR)L&3HOfu&CVOer!z?Km2O7~I>0EdDd3WmJQdWe&#cGy^WSSydU?ZnokB9& z2`cp!8-QhDEGh-lEy`y!hMZQ|Y}I&!FnRvabtA!dqo~0mphuy!8VU(>2B4jcItqH^ znKP1gvbQn5Njx;3aLwN5F~M8vXN0rG+1!wA@e0C$zNJnJD18%e@2z_VU*BEHRkd%n@eH{XY&V*972mxxOC;H>!)(WXi8kVIFDy1&w!aOXVU%A7{IK>! zoRe0Zv#sa_5fm$Y&i2%6F(2LLvnltwj#Q(L#KsP(zvbJGCn`$WV)o{#g4mr;1gG6j z#e~!GEhdlOQ4j4;;H#U2)6J#F&Td^&oyCjq{7`3Va?@oRpIPf^Gn--S)dK{uW`>T7rR8qlAQ25aZ?0>RGYtJndT3xf`|gQW z>zaEBm+Ey^7!nzE=Wqu{MV1;G*5>Ar(=o4`EfWekIf!<0MGDE<{uemyu2YN{#8c=z zi~r2>k0)j2XilF5*j1LB_I>#l7jYPKOq`5fAH<}k;R_QLlrm|OD*D99%EQ)lDA5BG z6ori%MJd(HKoe!fq|m!ob61!gFSQJY~I#9z@o|9dpN+f69|RFILc%i#hl%GMeJPP`2KiGcv#W5S<2LJ{stC zIea(Qe0{rNZeg1LcW3dMVDQy~MgpC2+HSVmOub%dx+HG0DwalHZ?a<1L)_mCwX#?k zU^BVaq8_+`?ULFAY`e2O(UFrLap8=Uck7>-7DNLvuTfm39pHM%GBi;)5jYb%Q+|+s z5PmR!uzhez!hAzI1cCO+>owbI^XvER1muS5ka#~cvazA(TK-IQ)zDj-VZ0aqvO?wG z+QwlHDEEM;&)6;G-9YQbc-~Oh$3v_G9 zjZwyeN_qUZv$svR%p`e;;QHNAioDQ{{4^jnVBog%;Vw%;HtjtS29+*D$e$5()1DL? zv;#2yRCEipE}M4Kr00}16Z~)!zf}!O2eF|d9DCJ@GwV0TcC^X|rS3;yEdD)b*l!c3 z`}69QPr!25$QibkSG8IYi5XWWsOoFs{tm6WBOnU@s$U#XjxCN8a+o;NwOpB2U}<|D-ynT<_!KILre&uN{0V?A(_J9Jw(crIHUe0OX{;uo?xHax7m zG29y>Fx{}Qw>eU;`+s30fl2*?$F1H z?w#`4pDk9)4~$otc~MzuIMCws62jJ6i#R@s6W9f?*=x>^ix7@ypwy2& zLZJ~OVvOO!j_j4f#LIW!=mep{2)AhCw6?)KPhD%w+eig&`eDb_NIBKoPjnUBBw z7xW~EFLA13lBle#v2OQh-qDt_w7NE~g(321_O455oiJ1XklWW;awduT5~@$tMJN!@ zn>*qXi;dqL%q#~bYcVEhU!E`!rt&8HG|a~@J^v$T=4k-hPWOxEp zt@*+Ag|d?fF)N)UaTX$Nmjl@Eob6m{RYzua?GOQu4{K|)4(@D2-_E*}nr6b6d*f_S zg5bea{eBh!883 zIKaI}cF12`GaZ^zSm$nfhFhun8rP|6`u(uZ1BT8fBL_`?LK*>Gn;u}`$gb;os3j$D z_Nr%3N)BQit@HO?{|t-P@O?0ptJDR4F#7CRPmuzuL-m0*N)pk|_4ee>Um_V>llnsA z{Y_m@0Y_h?7Xb&g0Ar*mIJB z81q^2=F?#Jepu@C=PC^fLW23{;ihv;nE81gjI)<|W}8B^-|y=rkpnlAo0lO13=#z` zmz~PXNVNiCk=FGGT~C-RS9hU%LT-8~b6dH7uz6u?pte_iTU3jv>P7dVm_Y5l2gHY6;TaMr)IqqkwkJ09mF)k13Ov1m; zenFp}6@-89;twY(dcAa59T^iPmvlOG>@H9^6S?T;=NbH2jBVNu(fY!DfUe|BHNZBA z+_0%%ui}>R~15S+w}ZNQ%7-BLMSXPZRQk`j=`jEp4y`hJJcI@PYUkycH0sdAx4SBLMI+uFme zpW8pyt?J-O=0PC?Qo&+MlLXD=6yqcvq!Wl}KBu&r7n0_T=H#u!F4j1@y(H@YQ70#z ziDTIESg%xuuUgV=UR~_32E+Z$SGHJi{ZnycvQq&%h1|oY-J|wC5WieF7HKqR@1V9B zO0wPGjOox^Z`uB?>b%D_GaC5kOEIF|?!tGs7q$|5z20Xq+E}N50_tNX3wgDQ%aHj6 zx9Jnp2kMQ%(-Gua>@JGn*p+3D9DOdB5VG&1{%v&rXO+1u%%r9R`%qAL=tM~3@e7IuE&tpnG%bCHXoJ1nSA z899kp@E0f0CtcPj9X+>hVLs`{lq<+i6Pk5H1Js5S=k8SF!v%lVqOw z?PI3@I>zK%7KcouGDa%aUl7yHwb{ieQtkU?K8H@z^naoUxC|Ml)S-8~Q0wf}re>Md z=P4C&@~g=b^ozHGOdL*o8k#++vW(Uke>ak(ZA=x~!x80%q4JT7J8sG8X&!6Vg}Id!%z<3D>YZ=_WqhS4w6e52?vh0>4R>y*N!0JM3Nca3kkt4wK2749|%kh;u3*J zmdj$DfwkYTBQgLKZUG%;x@2HxB*W1_BLvBD9V_K1`#3GXY?z zGrisHEZyex71%mK5X;w|95q;{fYVv#23qsMg8LS37!0Ixwg{;1S0rP_OUov8wy)(Z zNuA8i+qH<0*&EBMnAp+!rr$a;miKSp>O?fb+T`(PF(y#-Q;q3o23P_)`MlRY6FZ{p zjqc%F-OLPY&O-*RpH6x|mC-&hi0h~IMEVSJ>fv$*g%SiIK4~5q!h|e#B%=~fEFf+M zk5SKO%Q?Gn_kw55Qk7%e*f~UnNAG#7thxl zK%G$hq6r{oOZF}*z6z;p5v5ij+X%ZYL~=MYQV+Zx!f(YD(f5nBzp+0lp*;fSN;r<1 zG!*t1U@FJjTm+HG?Y^R2Roac0YRcK(ui)Oiw0#1)wO#YZ6^N%H*!J#O+Dd1@e=1-5LW839i1FU4OyVt5wNX zkJ4&|z*9xj0hU(;%_lXPURhq~H=iVWqZcS_<@1+`5-JN1>%vWRCs!wxfJE->_)dnX)u$=Kyd*6s$7%6kt6Ki# zYmyI1TM#onB(+T3{+gKoI>{REuR}mTKpY&USwK=5DZJBnTU0^0f*c#)=}^S(A=$Qb zsk3CchxNH|?2fPW3>$UjL_Z?Ki|*|PH}jP4J%o&%Hz`QK={{)V4XqMv6KouC`q*_8Z)WF$1wJ!r(8s4v&06x?wtuPxj_z?z_`D~ufX4B&unw*hhCK9`Lz zkVROmqv873-0@(~18a3T{?%Ri2Rcw)^Uf_K5D5o5ycRSQnue-J!@*Szh&!&I0_tW8 zv+4`uqtO?n;YA}P5^N;NP!yai#-GMdKws2sux|<8e#8Qnz&bv1!iLBte`F}XE5BYngY6qtDQ6>%8V9EvSC zY>g23-76`DPl&U}7HX{_(>@3Uy0KQ3ggt`0Ygr~hko*}5eKwtqj&NuZgCn6^1rw7FO8-%)8$o9%y^0O=fSZ*BAR@>RdSg*InNH;_l{ zv)#-AcQ6GfBkyFgX;SU*JN4evg?Was$Q^{K_p6km&qC%(ttMpa(Qwnf8TnwDVX!DbIfK0i+dIcH~tyXVq) zR^p5KO&Mz+6RG;ou-(LYX1LP?|I9XvgR2|Rmn5tT@=fxQ?eCodkn*0U?xE~|s0Fh1 zDc@O2+_Ru$9WO2W^_ps!)H%Axodjftk329B`{&dJN@a;|F~pA_U5{HKR{nws-N%#r!5D6@*v z7?s||(MbBt!sE&MJP=EY@mZ}Xi3RHaveaI)PJ5t#VVc8lw}>u9nuG0CFF$$AcOdYUj?i=QtrpYO;&Zl zcNQgMOac0Zv?sDf5#@Pl#zn?PvrO`&;v(Hah(q!g(vk=8VF*q}-I+eHMedFLb>jj= zBV=z#Kqpz58$SR?=tGc16ext2l4ipjLln}A z=()Lv*VCfkr!T&%>`0bs(wa|By+-*Liny%$^^e0HxiQO#F#2rQb^2}CckTk9U4QT1 zKw2+8?erR4!4=-cN;71ze<&krW6WWRJ5mT z7D4_^ONrP=a2C;$xqNFr``hk;+$Qf&p7`mu>8Wy@7LayTd1^{rE=QrrEnwmx@Hwdg z#=Y&e}HQPGS!M;UsVY2c`-#m zMRj3Y&XvnZ7V+2reyToMyzYI}9uf;HG+~SdWfT*}ic*su@2)q!8vNC-yAjI4IdI@6 zaekG8f#oP!vMThed`i1ylp-f52YB|M<*1MU#ZmY2vyXCaw@tJI*~{~!LsQ?!#C5Uz zt(dnLef0rFv8&N9E!LoCvYXQ*0_F7Ha_+G30(U8+!n(Nn>C?h1=0q*OLLoR=7Gs^r zS4!%Ql()G+?oRP0Ic?4j70oQn$XHWTU%OZGZ)@D3If&SeSVK;?cu|;%Jc4nj09oGz~2^uXKW{r$916&bX1q>awy%ns54hFf3}D$n(fDttVxLElUkNJhst9JzR0|s47jO zzZ1-kxC(gQ9|aVc!tIv(Z*@X>cA8Y{(#A*~N{sqYy|-^gN~RO-mzL4FG)FVLshZ5K zVWmh-UP%haV@+Zp!A}>g4z^BcZ)zf++iFBosC~cKIti0hURYINJjK71f!+E9eWAuL zf;%O+0+aPG+KFgNUG$jRuqp-=LK(ObzMnsLZ7v2TSJeMjkAzfkp1);!xnB)$!X)9! z$pxWgBr|epA@yT-P_dS1dLMHf}By3OwGTajF@;O*?uFOYxXHiBb$E zI3&lh-l~_~#jqH!i1I7aj=Aya0C(lZt>L2Lzgu+~HQ}dM#>h*H`x~5JHnvt%+G*io z;oi5Vk;=$GCaix_2h%Ih7*jQyltoNIz6@o?V`gTO860f&b6h&ibTMz z(c-O1n-Ev85}}6YGj#WGrpSH*J4}2wv?PL=Ta?CRJau08a)x|WQ@@qZRE*^JWm={| z!{j22@Y!|xB^xYlej*_P#{Y8PTf=c;@8EYq!wQ$8UK*w0siZ4Ga`FUgBXPsp_{Tj! z#N7G<;X_|%SNsr5FBz|lT8#a2H|U|Dv6^1bd9jU@)<9p4kV#=(6egk@{r2{0f}CHu zH-b6YrlQe^cQ0o3b7fU~n@$$B%8vl9lpq@i@Wq;}?1 z`AN6_)mpndO?G;Fo=-0q8)x0zsU{me=c#Z?#jibcv`Qj~!=nc$=vnGv;SX4zOgMyW zr=F{BKIr|^RZZH-fmTe+mD#2VwQ?MY>}BT0R%4-G#&^cv#M3>3QNqkpA@?bUbbFjd zh9}`6ngSuY;=FL^Z*gIo;q||+uJ^BtcixapaRuHJMIY*PyoScBV%XNs>biTM3Dr}8 zX+U7j`X53UKh&;X-}~?adhVRQw*@ zfoSPz1axN%d+fM*fr=W;8X-gUYH>=_^EjeAVPwDl=9eK{a4LcDGmAr@CQlx@Usx@q zVplKt9scQxDgui=(RI_V=_2}$N7AWcb}4GP8OPGBxU6Z9}HB!(Ot8?-; zN5`ZdgK2Xsq`Y`a3!_TB?at|m%J{}Ahar}9X)|)hL96vZGAM34^cf+)17;M}ZMGsX z#91nMK%49AtkPjQpkFK~ z?-1nG{_!q%xOB{|-)A+vS@M9uiPf3)9+i0>LUjf+JUnANKGKxqnm?bo@Txx$XM)*D zib2%IVc5K8er?><113Josz~bX^Jdw4(KT4B0rv8n|1B(Qi^Rj6M^&(=y()W3g`?m$F#SzvO1kMvx zw&sMm592BNUY!u|4HmsEX}bafi}`t?cG0sa3XHigSNR=1Jv9mW0{z0lin{|_iQ{t_ zSV{&|{1p?dzyp*q!SjGJ(QQGN!q@XmDC<6BtrD#VtiRgUjdleSC96yOSB-xgyXRHU=a5#N>dJv>X5c9U! zqyUHQsEg8iybF4yndVQYZ74-rxAoLLj_ZI5CNam4O@lOjrE-2ce8kY!9=x;4om|<& ze3Ii4w$JU-*Tr~WO=B7+Li8$5dwUTDMN%!mRl~5%ZM5)l?udT#-Y#zb1C>5PKsv<5 z=a|8BV-4mxde3}K27~JBy)vh&cu-a4jEc07y+wNxCSo;2&M6)k z@g({W-SVW~m8&y%&9t_GRUPB()}4y&(_HA(j$2~X?OmMlatc((ExDazRLj?GCI>AVNRpQVgE&tzw?yGw+(y}tQ`^8b>V_BJQ zPhg{KGBPn9`Qh{rxR3A~`{hxysWODuUS%XM6EoxlO>u&Y*B^#QB>EKO)yS%vzb^?r z*Hh6o{c$Fov)zGs5~YCPP-OPfOHE|iWN+&U&`p9`BuggSgVu zs%(~a+xE_=aiOaEy}*29kKA-a-WS6&j%Yx~h8>FargN4jz+l=ih7O6(>d!gSyLCCJ zIdx9Oz`b+Wogm=XiY7F02x(Cmy<{DjQXbC{uh+G#>e7HExY~$C6 zQX@u^->O7^R2g^_d1-j)`o3i=P*+4wK1NKq*Ed3(_=o%Cb;)S`TL|GZivtQIt=mD2 zR3)n$a&U%9pq#LU=6O{$RZ9sOCP7i(K@0D#eeaVz>bt56lr+{;n^YyN#YZq-AfdQS zD-#_su`TUCI@+6Ax$5fD8voZjtJUe%KFt5ysy#T!xvA+2^Y7Yb6JtkSmvuwfEDLF3 zq@QVLTb`7Oki6lrm?zDn!WUH&_z-02_f)#2^o{MEd9)5B>c-dR!Pu_~B|;TK1d6y* zKR-uzTiM2ckaSz_T(#>_vUEYm#4Gq8*G=t}* z1PfFM>*!sd2CGT}ls zK?3ra0-n=z)t06wD<1a)ACCrGOMFw?4FPjat7mN$qt@MiRQY4W0&B_^bEzA2>kSr4 zmpi@O)+5GnmF6W4rH{zW<=I^%j83x?uP)c-=-s;?PfnN8(c^pAmT-|qo(-eVJo$dT zhR0V~D;Fvv#?MT%i6CHqmrY@GngY}-Dho`c18@~S{?gy-s1m2P)Ce7Z6dAol0_B(P z4wY1SsJVT&I14g>Yka$|jxcsgHb*&EQDl2qn$Is(-hc-WV|&10FdzEh;R{gXwf94- z3T5UUoDAc-0R2J4^@`Ky&6>c&xWSF)B*KT8vE0?*lKL~V2En$%*oAqg(njk)`P?|n zfQXnH6&eZ)(vPOA(4&%ge}Ch2C@V!AFKS57L^ur;MebRWL)_vN$YO{#7=)54oVp46 zYarPcXJj52dFFtgn~!vbw8e4AT%KVp=nZ-D)9gC1bjYlE(0XPOrlGieh@S!yZpQ78 zYYnK~1w$d{v}_7%v~Y05q-2V-WZQ?Zx)p^@O>=-|WW}Q4(LYz-1nbin&@LjjjG@TBuf^3;^~5Ys>4kh2cp2Qo z1Dn2WIq_l}77O17uC;C;RC7{XwdTlB(eFp?zlO2!Jyzi=j_{L}t)3pErJ`TW6T0l% zhps8?l@=RX=AP5NsQuZ#UXn&ft%kyu=EBmNaD#=lmfj4pNj%@N8Ga zaoh@Cs5tc`-vib=vZ8%^^OXYC)yy$lBqmG$J&mX9Y8t z|Aeu+jZ(yTC=>5A2%S1>WUUN4ieXU3Q+ln8U0VxblclbVXceH!K8ZB1ERvVtv6h=} zvtKK1jG-HEj#WpD%+T^98H`X}u<%KkMQwF7uOH2xKqu9l2VPz8If0=LoXes!%m#-} zRJ=pEV{8i<4N05}Z_a(bJ+)Q#Z3AT-d32SFYFqx9Yh0dUS5Mzc6>0I4#?p3e2t;E&rUhh@UY#41vPymZYr~oV<8&Ur{+Hd1y?YSv$Kve zEFLpL3TC-Zyw0?Evv{OHM(#Q9{)M>8p=?HV14hE}^##CZKsfK>LR4>zHw3w$?Vg;t zr_OfW|8;x&SEmiWkMwvfvUPbZqIf^I(IjZnNzA%SiC#N9+DT#c6Ui%yD)S{PIk-A> zl4OxD&5hMDM|OFfB1$KAb!)~_){#~UCXuEefcWsBx-KkZK{>sDXywW#Z|gH_P!c0< zU0g~LdU$nh8Rji>AlsnkM<-u&DmSm2>#2Fxwyz#r zI77cjEbBeHU&7Mtmh<($D3C`|j*P3=^q@X9yfDYvlBAa12-C}q8LIft%WW@WOAp{* z+E$fWo{Y`V8RVHqQXts%GH-06nM()%ZD#-zC~Bu$IS`$T+{A(k?4rSjAw=-Q)iHAj zPww}4d6x541g&759Q>7>;N7O_Oj6XmmJCv!Lfo{;G_usZSTB&Ov@0#qOs4Nr%Q>^% zZsr7U!ZU4Y#nN^;#mm0ZS?0O<*R6+HpH?-~J$Mn@9M+{uVJcP}CRQnhhQQ})bSRc& zfQ^29Be~MPQUC*%S+}E2ikL>a%De*I8J1M7vsj#(>y0R)(VY@~8D`+n=x!E2QYAAh zL^7=Q1f3m+A>*zJSm?h)i zO5y%ziewfzX|F_UN!<+70vc^B%tpAXIxzU2V@^Cag|O}ymf z(Y3Iqi@Tanb1wrc7df-o4*o92RC){#V7)z!$8ef`7rcBHd~j0&>boPbLHvj z6Byv9XG*Aj9HV^Hl@^U@4OL<64(<2kEc^Cu#p6#l7bzBGYD{E}GZc?;7hr!SkNQ>hS>G zT`!R^qNyj0yx##AxmeZu>Z0vsuS$Y?_gSNjrnTW+{zYrfi_F$Gk205baj$t7fIyelxf{fffDWrOZH@%(7yBU%^PJFqRvR^|SiC&u95Ze$TvyORMa z0ZhR5+17a-wfp0c2DlP5bD+Dw85hg+H`AYeq%3UZvxkG!2BlUl^{LtYE4%w*^`g4r z&IdxPLIo!#CEJ>`-4qN1w08U*IvzRUdc_oX?l_jl4Zh_hhw=vD@}USb30vA{TaS!ChC{ zD>82PPAmd^YEhY<)k9|ojZu=q?*ojA4jV&dxyF~`1qR;|K|>rS-|M_9&;ofu>SFzu z070k_VL@vR#XV?vKF1Vc!yy)h#}fF0e#{u(>}1d54n)Pz#&T@J=b%y!*=WHOoP#X^ zFBb(DN=Y2zXK#qhE|Im+XLgwkkwq8omavU?=7#p<21K`}jZKlwSufYLjq|*+S%Cr@ zTN?Dj!yRh4Nu2cRRfku>j2qC z+21Gay2w~3J@4@s5d!c&=CkcqU_ycN^n6T(FAm`_(xqUHa#jsUkJNz%2(SSvVQ$`17Et7m;^vE@wf}#PqD0Z zXs2iHV>h~SGPe&4EV^4MS1&`=xE`=^MRgIJe!OQeud_~ptv?SCJhlv*KOWfhn86_n zfD_95#oyT|PEJ-fqe45K6IUhFbQV>Z{6h12_+^?Zb-ZXGIkh z1kGqk_42XBe)-?J(x!->?UqVdFuK>A5`~L1Mivn2kIF0~%H@7(X{e*t1oq_{Cuu#~ zWeVn3&WstShi5*SGQB-(eEGOw!L9wIMEwK<0z(J#rIS?Yz;QkTfIv=u5WtF7PQZVB z)0l?&i{)zo!V2W}M;8PD{2%&X&Xa+zp{{P%?KKw&$Z&+u(f0(Ky&pcQuN)X4UlPpZ zC)RBaq(YMq5V-4bywvn*xo}lqxhAZ--UPqs+#mGYoS~v`&D!RhdMvVSG?_t#!GYK! zicH0XaDMgG@QrkwkYY{}?^6zPzICgJk^)#qX%gm88{M;y7<0!hmn1l5_fEhot1#8} zI3FvQyr_~qZEOmBUiGV}j9q|K~Yx+sr)^)RKsM%hiNj+%64aTuIq-0kp8w0nDI+D&p; z@(vx_z5Vr%B^<%&Gx%F-qq(l|4HlMHtp(}WV*5mPh5D46`*7^CUHt9zRM(2tNGNCV zJI=`!!X>xCGF#Q2W>iVmXTZd9I#roX85v;I^dEakXd46{EB|aCVOe9N8edUZTKiTw z%J!{x1$&Bo2WpOTghA!cyK4cbS^} z;w6#NXV*w>t6U2`u)7)c@a677+<@&E?t#2o3(kM7y{Sj(Zx9NQS2;Ls1^{CNCTB5e zOek9@l9(X<`t}MAXffv>Hql>OfSfvgP+{Po;I^F#!k(! z4y&IaRG6)%|JZ+Z<&c$n^BcL@bRg9~R0yylCo3y}gi@IA7d3dwBSHZGY`1*axw#XT(pD z9HYj?_;Ds+8;QKiDJ=j!@)69yG=OY6ay9>3@3GpAvQ2Ko*zCNbdyacw`TPfJxeF-n zQM1+7L}VH4yjARgu^Ha($k4W{4qF~MKajf79^$PqvlP0ZC*xm>zcK`%ixJ1J9spV; zyM`DB#|PU7RfgddM4@Nd8xXPhlINTpIkzY@J*QKmL40*(Q*aBP@o!2^!=P&1RiQ zIuf{}b%t?^_@s)v{MGoew9~#9#dNhzES9X9Q|iXvS}NwsO%z0F)uJ z@c-{#lc1N<)6*X_(F1#c2Z91-48ULkqWXzjj}?*!r9%>;xstSVamn7f;y!3^rwQev zH724AP$=C|uZ`a*-i#wZR0<6fFW(u?Qy3RAr%7wltQgDF8z)*@ia(V9eb#HAy3y9C zS*1OxUKLE(Jr~iE#MCP~T37(QF@Mt{Z=1p}R1WtUfEnDjleIfY1a~2e)UI$v7ipHs zB{^i#P;eWa>tdcp8gG~}55;CM;DSyR&TQ0RHzh`uD-wdE>>Jwc;A@x+`8N_`VRRJO0puGqZAT1+U)EL0tSuv6C1? zFys+UN`0TXZ|s6L8A<^V>`@vjphkbB4`4EKzYuc%4~?>o*o6 zUY~`D$^Ls5dphG63<Ce7x*ejq&1OWWRlTSB!tX3skEw40L?MGauPX6$9?PxVC z3!gSrM1ZMh1bkXN5G_#xZC@yE9BE!CUJ~n`7;Y?K1YtZsxmiIxAF-NYyZ|*(g1j&r zvZA~Y6Vt-nzodpdCM#13jsZLv9(@5dv%m zUsTRRbP==>@~FGC5dUAGd%^ogkxtG-NCExS?RS+2X0a9wDIcoJ%(>dbYCnHPt+A{llA za6YiQL$Lo=qkbP{9Kn#V4N6(trBYlN@JM4G|6)<)g>PDk6#?Qp354bvJ%)aoFu{{h zosj3RiHXlR#8+t@)xy3@NbWc!&_O>S@c|{3<%3cV;YTjA6(W_F3sa8JM=o|HB8`=@ zRE~?7*hNU1FzAd+9TzGjMW#3_%?ASaz7MYdg~0pAg0z5zBeBTQh%{b5={CuQ@|Y|8 zrGnCkLZo#}p$kf}1RuFvu#jA#m0YouT&Y~RQHm=T)OvvSkI;CfLYo*8Db)C~s+w9c z9|wJc^!CeiMe>&h+zAoe?>3sUx38MbhVx~d>ekym8MSyC_6ZYV3gB-klGN*pJcijc z-PAXlD~C@wT!%9WGyX*%XKYf(X=u3j4TE;*@bGn@1}xEazL`~XkW7dfpc%j)5Zn{N zf3UtzzB54l;Es)=W3!kf5oN3)(4{NGJ(XP|1ri*@ykQ^ zo%E#z>4Qm_DCsdSjh*Z<1mlctaUub;d%&&;oo*`|Tc41cb8@pVav-l{+SY>~seD~B zB|i(Rk5XF@!ehM;k`eDsl_vio^B=Niy=KGtWpd_30RR9100000000000000000000 z0000QKpVn79ENfRU;u<33j9#x4hw`j00A}vBm;3d!@ddJ2_$}BK(7M`P$}^1Aw%Lq=q1;EjmA~_J4kV zyyx5p;Zqu{xMVfJrLCmhXZOw~o_Xp1cO+F_93qruT2&Gbh-_$s%6S_>?(QFg1Tu;& zsI3HIOsL`cZT5h#Q*q8fN|6eo6%cp``ROObHL)??*fLeqFP+h=(X5p%NJ)4MG-cG(sgaeLH6Q3gG{Lb>=YLwH=o( zLwOjx@dO0pA%WtPgR%=5T@;-2BSb*Hs*^7t`C;)I7zWUqTtld}o0@X|qaa;CQ zgFJ=)Z%$j=ygkpLi7bPfa;@ELf$4Ig!r)S%e~JIS&DVC%ym=qO*XB~;A6BTB108S$ z0F}P(O8QsND;a3NOtfY>_>Bt&fhj;#VMPi7Oz-K_ao2>W&-6)Kr0!Gq{C{g@_E#9^ zMFG2g5h_Z@sOqX7s+!66*32XWfq@Xz0`&%ZCqV2rQHjf2)ewf+AUI@qcaDr9VFaPP zcTm|GpKSc|Qquujl@qDa0oJro(R2y8r0Yas6;6_yeM;*}L|TMJd5jc5$WW7$7{5F) zCG?9IAvEi-v<_?7e(tVq_C+U#7`2#dS;(>wV($lG)fSyu6WoH>z@670@ng7UFeB>= zmX{#@FD?Nf4*&@9h&rfMD>P~hTCoCcwi()GH+0w$=$I1-1Z2%Rgznu|CukpCEe)W0 zwp7)F{NrtH1R)xLf_ep_0jR+Och9!G6LH-aU?B5Hb^&19rb#!{8?`|em=FP^k!%GT zL@(zPWCJG1(#18cD@U4*@YlERef7@tBVm-B8%kcdF+n4VmQcogQ7(I*c8n5cLb?D zG1+VuhlA#FF+3iQ&nE~39HEdT5^=?1zEmb6OO{Z!Y>_;9P@y83iWMVDl*m-76j7#3 zrgG(C6)I4wRAE)C#;Z}oR;!k%PMs|ES_E3P@{F6pm^Mu^XN7N-b%@Qj$h6gN#6gFM zjyWN8-g&wUE-+knMdG^a5;xtHy6v_Mcig4A=N{R8_bDEDK=#l>ibozxeDa9~-C!Yr z6d;Yq;;=XXL}(NmLTGoYEBx8Z-yvYA46s5X6Ih{!4xVV<)|~gG4zoL-oeToB`JCqn zY(;Oo9I27&mz}HV(D5LB6V zpDjVCu1Ge#THsfJ%1SnJ=Cm|R+OAr&{A31w`{66M$=PR>74#}yD`?BY1-5ZeDd$LD36si`ZUfm7dSm(yo0Udr=prw2v*KN#x1`{( z@){6hVT%h*+}?Q+QX89GAUf8-nOt#pX?b4GEIW}X%OHNX#%T3U`!ro89MMAqa8SAB zdclQ1NirT*%XS?@=*nDt$7~4~+z*VwZFEFm$s0naC6`<=x&EstBia)Ac2D;j__iK$ z(k`~=UhH6Z8bXwam$QU;r(!E_f9WX6W~qsK;<;86zT({%g&VE70cM*odvr zMn3cSt=`gpw6+!fzVkkhgC|{X4zFdCn{*&%FBZT!uBy+Ddvhg`9z=?v+u&%>j3?OKjSM?u}W2mid9?|e}G0M477B=b%7zG zlM*&1*wmT%wE*1qZIX4uuUhX!|ZSkI-aU; z6xMNyu}5_(lAcs0e_4Q$myc)L*FjVV`g!Oqp-UB(K)BO9ae|}vd_J(ZHy30r><7;S z$rM@jrqT9$Kyb1nsf$L29upB6rt$WOeLoc&$6H%`kO#Y;>P}W6y0_Z|%<&c)3s(i( z*DR{41=Aep)_5*fZmn!pV{S)T@2B8o~=#3BY{*UyzlSFfLGEP6TSY-*J5 zwnwdFP`zJH!`y=s-L$tt3{La(!V(&v&JZ)@umRK6ICDhjxgy!%%*(Av&Ri4p5F|E+$ zwBga(b=A^teKh@$VvIN|#9HN1R$E8udYhSKWPjy8vsRrB@xz&Qk?g7u%AOcq-v zM;2G!hhAJhIZrm-Wa34K@{@gxz`!Q{aIrjf2MrjIXtbI700$6&MoMSHOQgEy3BYe0 zm;!+3I>@(r|D*xX_ndg%`w+J^X>E83opGA zY=&qvC730_?16p>=1fDFIWlWx{Wv-{6 zWJglX`X&S~mI?xuBG8Bi!M-a5T|^ud$$aE>(?yytT(xP?Jh1AT=O7J*w7{Ty#;74k zgNUXd2VBX*C|bS*1du)n)}Tp2%2lHhpdrY}B2E`d2*WaxKsg36x(hbU10ey8tUf#3 zLXieV$^!)yP?UP1l!Gqdx;pS*jCm*$7+}z`ocqQJwMxy>?H`pDV)Ju73CN%1I7xu@ zEXP6uXrO%63N{)FMgscc1qm0^8%98bA_Qr`VmvB5RRbYRlsFU+;7=GXR3tpI2NPn9 zl#}4w4Rj)45iwpjHu+&8*Z%*`aVLZSkM*~;HD2)Nfto5Bz?WnBeVe}pypxaaT!R;| zF+d1XFa;1?sJ@lur3JW<7>qNVpe-?xU3Bh869SHAOyK?Kgp*D=?ToX|Iq!mtesam> z*(n|dxa1+2U1q^}iy@#yy!PaD5=S1Sl|4 zz)=TY{Luv;g9RSqM)6>xlT63}g2}P1UIx7OPDCOWFb9^6y8%aXu=0J9T&z{Zni7LW z@nwOMn zASlCrdG}BW5=J1EN|7?%#{1SKk9_nMCQ5FP^;GZn{=HDrCDLu*^+TWdnLqnW|4eEn z?T9JyXFQNZCyoEFB^DBrQ*-kgXN~V%_SmP0lGCF&>)i5f-`_JQf8p&1%J-?|Q2?bK zZQn7HfPeq|SKwkk=I5)AzXCk`{IKcqg~zpzH$AjJRy=iYdtu*h=9J@;OZWet6xgFahmlLhvDsxkg|zxl%w$Nq{mY`4E` z4*(bJx7Xib7JKc5XI?tsP#`ekkq!Q_$&mzsr~dSv?*jwl9JV#1z_%XT=!1_wSt^%- zk%?I*i(gpTIb_L}!>Li5YBhXn)v5QZ22Glc)gqu>D;vKRR$60~)z$*UEI_UT`~b!u z17_X;&@2V2695`OLV$sT9W*>LmcC9EN?F75dkHHqu;*ntlPa0Q3Q0s|R|&_2{1EoI zfY<@f3^FbR&3ERLArSGs$}kLP?XS@c4k*Ybl18Lpk!yH!s=)IzTy1$sDeEG_aA&Xm z?(itoZ7>31s&ZR+Y6e|`TAr5OfHNjlF5E8bap+ikHtG5(kDjPKk99B5wXS!L!`@Sq zspc38cdR1u1DW{X+dr<;x30R@y5D|VoDAW!v)U4~GBd}#hD-`N2@y@C)M@2R+J8_f z%=bIxT;ERCjcLGzyMIgxkp3arOh-O8%lJhJt+52uW{%r+{+?vQMHH$M)j@Ksxs??2 zpnu~IH!8xKN}|gU+(iR1D@>%l_-L+aDw49Sq{|x6`q3*LTePD^Z2*;Y^2XG{9jzX- zjGYB+p_?466o&%UeJM|q#$^O7KmAA)7`&}o0xRz0Z#?!Hu+d&n4T!=kBS!rq^`5Tc z=P*Y01gA0~Xp>wr)!J+{*&bJsjW(EiqJ&GE3<>pyG?gw{ab3A_Fc-w~LO8ueZrd>| zP8D}KNNq@sH=I%!=5CrUCn->%q=jtVSKk#Qmtjr$ou7C3jlS9coL~A7ze<0E1)EPZ zy$x|cXe3>%FCGrmLS&Zfz1$VDY88+=BQ~%rBwUbOc%AZ9rht0KKPMe%oTO=3uVy5s zXJ?EZOPa@&WLW`;btW}oqOee#Usir7ACe{6fHFL?-=j1MtJM^HqHL&fK_dlO<&<6> z6OjK}$Mzi>x;P!TfNJ3azWxDX)Fxj@7zEPGg||x`hqSenv%~Y0t=@4s$EvVs^=h2t zd0BYBHN36-OqNnfIX$(tv-xkFq=CKl=Ox-C;b`f9ylM_3NkCPT8vO0!1$HjYT*%>V zKj7aQ9s1@fNtu;18i=mcRc4ffPCz)o>qv)ksw(>~MER5{3A&i?O-rJhn}M!PK*32G zlw2!glY_-?#v%#R=;`H(o_{6(a82)K{kd62AP9F)wY;XBZyK|BW3ad|!ds9{K%K9d zi-kxq+;#$?JQD5F{OP+s5TPWb_*wS3?w!&SqWDuBSJm0hEo~gOgd;#8N}dt{c2J-Z zQcZC|Qe3WlR!33wBjdG*coP&kN})_sHI#~b?OF<$n)6^nr9@lbW(o??a)dG{B-K8&>1TR1@w$U?nG*;Y(uf~RuLlSO7Yhk&T z(dVc#8FZl`C#+HkGvJ{W6kUfeYat)dq4>)Q3obY`GoD6VAsYHJvM9$RUPptrYCdpB zUujp)$%MGhw|L1L11xJDDI-9I|-Z6rGYxy!O#Xko;dN8QZZfpSb`gz++ zt8zeHVesK2+}Hn>!tIFvuBpd4HaiflizoeQr4XIGS)>+Zz117cXnD;9NhW-*pM|)Y z5_}ezpB1ABH@_tN-dX>0#M+S#CFv7j0oRE+d*nIn4-)pBq-ja-3O*K@;|MoeFu?{C z((Iq~PwhoocUeur9%wyFvb3z!KLA;FZ1ICfO7Vr{B!AWC;<6={7*QlLj9*fv*5FJxV2RzR{<^6$uMlKz>@4;z`oJy+_gOQrhV-oxw#=WVGiuQ8e| zu12jI+Orx_2B0tevzuIfAzkL)^Se_`ht~ChT}DE~nq$2>rruv~Gqd7ObDq*^`-_X6 zq?f4OHihf!{ba0!n+vuPMfI6f`=OGiJ5*CRmS!B5;NKrdK7^l{mNt=5SS+m3B1N7hr&rB&f!0SQmo3WsHIAXp*i3rj25=k{9d(W}jCgZz0I zW$N`c>#^2dr~bib5ZaneK7uVtXhIX3P<{94f4+j4QzvhYJ&yFjAa>bM6ioQdJEX8q z<&110uxq-RVZrBcU=AgImt#UPc3(gQGT{&v7b8cgnT&LkC8(36FbaZ5&Ocv&kA*ZL z5g`%!5=JXg5O%n0%;wd3b7*stCKCQMbbgZ=(O@1SErA+Iy5GkIfKwG4R?S`4YxrlNs$8S;=@kjy;GrzJ}vOU&LHs8Qx|J?CFUDifw%o2?jK!%`}ki%K8#scuKk@fWlta2lP%+XVa5TqbQS@vyw?Oa>r<5S#1=8ZmPs zlg$WrLR6n6XZxE>Bjbtg2i#Ql5TM=*Xsh?SVLN4&%CoUTd`Ju_XM5z&5@t2@^(2>q znelO(=^dzcjrjS*$$~$kIw(LMvJ1{#H%6gJ%^yu* zFYcF(Mf;3-hnjItIZf9>)xoHTiUY^d@vOb3S%cAoMMWDJR+bmqt`qAwi0%1%$(t^( z=dfqQ+7c)k0ng3<%zpbF-v0x%AKUO(_xag-jcWyS+38mj*!myo>f@DqWg<6cJQT0V zRBN@lV_8PeG`%#G${;2gw&ZpdBo3$Nf?{OOOiRw7zrnerKPyLBA%@vXrZrHxCK0DZ zQ<>LfVm=LrtR+)>Io8sq@=AA;8&x>c+|c=f z8`;cz!)D;0pZ^)`AB_AtlGE-7KO-}%rNnE zO<%hz+ETH*Uqr%Jn$ubzc{yPvv~u+FYVw-?X&*_!_7DdjN?KO@XZ9vZmO&Y#98y5~ z_?qS7ty<+gNHThY{6+unq;<+UkUo5z{3Xak7W8FjE~%@}9PG0f*s=D^p}M*SUrqAI zYi)t@a+_aUkUz%&u=PJSwKDW>hgI(l@b%dba!j2*$zKW`$gA%UZuRMWzWPZxa?QL- zilrvDXXmV?{z;tDw9SL}+6nAf!!=wTb_cNaztxYWY4h!-jAFw8w6W(+_S-V6{5zrW zq}&Q(kgD+lLT)85kIv$MPatyFI;o?-q3Z=wdA?7gOKD16npynk-v`D|@dMDFkTyJvqSupuW*9opa-^p~YtWU@3%nSZWl!{j0G&57A7Y=UR#s^`!R zOx1O(V9}4W!Sv4Ai@Cy_(bc)oKy>v&y|7m=oF82?2vvqxd%40nf!QNUW?Q&b3+0Ae z+Z0TI9JX&&Y)I+eSn(6IOFJa#Ub#iP-?%~5H&Xrp+L^Oe(FcydId2^tO@AJ~DgoYlrt6#41=W@}zrrza!7gORMaPIGbl z&x?8i7O8Jks9JM!je$0Wj&C3w)Oon1BXYtEMY-m31MmKes(37;sHgy8owHfOQz;IBwAwHZ}|EXgW++P83~1f!d~$CPhNuS z;3^DEh`X5>_jv-efTc}Tq}ofE$z0@tdPm(PRI0?BPn8i~C!k}Z*jdG8a;-$0HI8RK zL#SmleFQ=ci(SiV5dVV1G|?qE_`c1!_zOUNd|*d#!Qo7fINMZLk~Bb;o+ib2wmX3O z_`HSCiW6&goHr%93uV@2MKuf?fcjJCYUqQWD@s;zm@uu}t+zR&oyW7P)I1B1 z&$XykTq{r=+R`~6I%}dZi)v;B^3pmy8B)@bC6IlAof<8}W{E5I>^rnL$TD4>Kq;eI z+`k0v32b>vts3IcI}z%F)>?#&*x^CU_#dZ4#-9<9z*VHEn(k4%v2Tdvn=w%*uP(i} zzLTx@<>jTi7%$cN1IhSQCU!>2-#^UYYio+ZS1Y#Hy3XqSmY~Qf-F+Q_j?)|(A$;lp zx{h8CZXmPUB>DEgkiufqz^BeI9pafe5$xaeaZvesFxt8Znig#xRK1?F_9GY^_i>@% zxii$52UUfeCrh7CkUj5@Ir&WUN;rd~yPd=5A4LZI@2R+3#m7zlDffcpiJQ*}xUmK+#gjymE zlhdxx+5W3v=Crc`!*Pi>5@@zx;@=7Yeg(U@7Y!*HC0TQmXTR+Ed&;$O*A_uNi--1V z2SI>kN!8_@BaPL|m2EjP`-jthR zaiFbaz>v3~x!E;$k=DDt=Z`6u$6a0o>)GCpS%pb;(S-R9htTa}fNGvqV}Y>2CB3%S z*emhB5*2P^3qx1ru<5-4p58s~Q%phF3<2?4c;7ay}*5BwhOCoLT^|3K1 zxjaeE=dm-h62b1LX&2d?B(p6X9aaFtCw7%3X87dFdb26DvN$=3&|<(@H_tK9Re{v> zv;E2fvYs6>*GN}&D7IVHHD{&t)*6B8P}{(EgkjNN6i+=X2S)P^ABBni* zT(e7ie`nUe>BmF0XYBwv=?)RsPt6z%h0Y<`IM}hM$loFxe)o}lm>h^^(?$PzJQy*j z1&`lHZyuoiN5;4@ICNy3u}my#^jb^^u!+Ug=`HXrndOJp2`xm)8Y@CWA#4Q{|s^~gW|tqE97ucqCwTP%U}0erZ|`q31}ERHJF5b&r{cC&A-dJaqFYx)~gLQU8dt58JIM<0T92*xmDYnp= z8(Z85R=wzOvrTab|2V*NI;&F#mTb9g2vdEVRTau7z(N- zZPqT8=ZxvuQIxDvw^7pjtr$WwXiOH3!Jx62G+_CjU<;(GAUI8Oidc*ihFD@&=eRpS z*9(*g>KlamP$Iz>C2CQ+bC8uy2$?@coDttSu=GVitg3RwIW*Cc5WiKDWoCIra;cLl zvZT>(f4gdtMD>M%VzN-nNWL7A=FMO&cI(^KizpN4>v0xCEG6t9^N4x>E;-}(#-G|2 z{HQw^%;pR9=|+9Mk@EHA4mUCwo_UHwKL)Bxzs_xQNx_FGV>_i^QI|0v9F$F+=i8$7 zjf-spG{_qM`tvxzIph01ce&`9<$-fKZ||lL^O-FEemY}6pT*=41LW-7`?=u!zKm+! zgT6kGwSt>2Efd|WuVbv#3uf=zH<5Xp)YWUUvJcNRPX=%;F1}{3`mV|jc#G}T-&NbM z6@xd6HTSb=It>wT2QHWmPg3it+4nU{dknFd%|clDsp0~tK%B})SlH}hV$6Ke7?O2| zPq^JpV}eYYu2vS?N~)Vub3dD^SCjBIm=YO%J};On93uyuAgBFM#9?*OfS(@*>ttjk{tTUdoKFyQ?GKZ{j6#)HS;gV6@(%9UHKp z*dsro7$k$8Sit}@9QOzAe?b{rCHfkxQ|Aq^^xV^+Jw(&abGwqd?e?TDx3itA(X?~j zd6F)hUDEA#we!@9%r>pQJ10lq*`~=fw`=sBHP`NTtur&lB@h)T(vtHE_+tLmj)qU4 zx&i`M634;G!35d^Dgt;Rl@&^oi_+2(F2iK90)vstl#U#OL1Ri~7MNdr%*jIPBMP0w zvMTNo6qT`K9wU+e$Hao7+Nb&Xqx18hPL?+?%45|KT1_wa%L~fFTA-8-I@ty&>_8dV zzTGmNS68CwFRL|d>*-pjE^b&=kOCzS4vh;j{OR6`s6LGF{ z@H=kaJyf1Hp`M&2GfBHUEaj>$NtrighO<0tQlHY!%tn7CI&PPt6|%^uEX=fb#Dtw_ zb%GYSVvl5c@<#g|9ye-(GiHO&R}K}z{Z3CQ`bb{SS0hm}wq`N+ful%++h1Ppt~VHy zQq25@Y#h^IpyP0K{pZRA8*zo2sn;gDrU9NjGriP9Cp?OaVFjH|a}=uWI;9}PHK)A@ zj36c1tRaOWgD*^80u0#d$wW4oS+?rpcW)@ZIi& zqh?8L%;ETC_ECqcsiedc$meuLur+u8MJ33vV^NoTXj+5`!&Di}mgBh#pr~6x_A&nRGN>Uc0gN@xl68gJF_#>Ah@xm&O#S_uW4bzDn4PFD#{_G)XS z4+z~qDjdn9!r4tOEfli3X6B?})~TL7Y2rDfr5ll?|nO_}i}|%_`9B1fGaC!?D6f{(y%4RXT+^s)mTx~vf1r(UtPQj+-VSg91#?MB)+goW0|2A zxzWO>cg13P|F~Q;`CwAX;WFO^68I}vJ!QzQ3yX!2jzc$js2YfHXm1^mtN4Q=0{g1P)f#PhPaS0zGc1 zZ&17A_rk_CXZU+fE(E3mt9d;+e2h@)hG3)0OnG;h;Bw9m81_@c6;Tn%98WM}#Gp;0 z{cDXZ9C=u;0|Sl{RtZR@-=R|P&}%YiNFmN3CTIncFM;SgLhP*237rm|pz$cNCLy7Q zDD!@c8AwuV6p36-np&MSZX#7w(&$-e^sH!O0!AdydAw&5@vp|@H+0l=6lz*j)HL%A zF&$KW*tTwe?3iaa1YTF1svw&rsTK~ghciGG063TdW`Q1bI_L-90w$KMShE!e=z1^@ z!7X66B`dKAYXM$MR$|SVZDe{P*SzP&k`-&QK(~OSmaN1Yyb6~1FON1BEnBr2n}l(f z9@3VvXgMZT%>x!K#~k)H(lnekZ&xf@wi***^O#t)9FwFLQNldIaK08e+T(iesAU=e z&eV(GZ`ySLUts|d+vo*AjjV-Dmb=#gxb}@3tLxuQsaZznW!|e5dWBkvl?1YL!N31e zYn(Nc)w*Oh$BbHUt!MS@3jiM*3}|>KfH+e0NqtJ6#*a>`(XDP(YopKTv-+GquP^9} z`X_x!UG{>(&wy7?^qZl;ifz~;V0x2YK=H@?JgV!7JyDgrcRG7jUgwj!(e>2+bGo%= z)pU*#m_1|k3Q~>eN zguNQ|1z%w$;9jro;uId4qxLtDThDl{)y}+W(xc$-N`+m*2E>PBm}qTsG?oKAooEGO zJI%wkExipb1H}H6+(+&^PW-8kC(LMV1~M_j5rWp1nx=uA!Qxy+t{*w8_mzI?oS`EG zXuFc*`IjW}^Jq|3@2i>4>^xvu6V*WMrg_J)&3&~SvXPn9K!QKf_Uov517>yjEB$n> zGZcOErv^!4(~1{fHsrq+OY2e4QvXq>qXRhz9|waxR>i1ktHWryPYv*dD;#t9V<>n@SjbNfUhYQGu_?paKi_bEjCB5BVY|eR_3=51=uuMCr$m2KT=VUx1#Kw#6Zq#XnX$f2o^PYgXT z9i#X!1crD8aP!rg0PejJNdIL{^#1et=zjuq1l7&IAA$Z{$C6zbOz}C#Z1>4>2FUd* zwuG$){EjO^O9+?oM{8Z*@bLZ<+3KqVgTJv#sdEj@~LG)mK29Z_UKZ@09%#RTe8NL@w$CTeqPec#M&ztN*& zGeJ~SD2fE(RS3Wq4k9uXgvSL8TcRpsj%|T`ik78Ec*`}hHV+FKyCRs(IyLyV`C(=r zgl{dIeUUQeL=)ItC72#TZ98Rm-yLI}`s|IQ=}1SnliCDG!8pRhn>vIY7r=H8?0JXe zP`Vthk?08qBmj*VV88|!oCl^;#mwEpHB~FKj7sjq;3OM(~0cj@0i=knsgkfHSmMn01aZpzzqjVjZt03UOvQm zPG5tNHdr&GAG48A!a#^{#7;n8T)ppr|KmU)vrb|VroKA|MZ z()f^8pBgFcL5YN49#|+<8b7akRSKy_I+H!OB;!gYD^deH3I&pPNWPI2sC)OT>1a5l zF|c#R5eoYAg{Ww@k~BgdBS?5Vq=@>>VNJ?Qq{~ZdHGWq#YZRl{qWRi*<5KCXvD#xg z4kP%yNQPe|{s(HGT=EqtRK%@V ziJi_mZI^Nt=BspGl{3z{bSCzp+O_b1yJEK*3+!>zbvO9D_1b%NYSr^=&}fY&V>N3L z(56+p4!3mb)@7VtJ=WT5rU}NIXp(o1c;m`2p`vP8EL04XSZEknICyd5BUm>~%XVDP zmndTpB-jqJ9>qFgf*f?numet5HRoGfZ4+sq{eJY322!{TDjsE`l~Q`8$}}^~HcLOM z;QXRQi-8gg4Fd}YFHSsy1Vkic6jU^H3`{I+9ErGi_ymMmX;nnTnc}!nrdkw9`W#D= z-j=!F@pKg0u-lk0#YHF)6G%GtA{2(Q;a3dAqEr-%Q*kUw mC6gp#*(7CRnle#KqRz!KMA#jQ94k%OZCcn3>wg;b1_J=`%zc*t literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.eot b/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..e4aed0bbd4487746ea16785032b5025722fa8b3c GIT binary patch literal 15027 zcmajGWmFtZ)Ga&=?t{Aw?hNiQxVyW%Yw+MMgS)!~*8suYHE14!dmuPOzP$Ilcdh&H zRB|023P{z0N(#RjenT?KP47G>mOtP zPvi2B^ZJL_0QCMLUjI~%{}gWjwA=s=00h7b-~)&N9R6WG|Dyd5kIX58yGuoj*^QUjgZsu-0@lJR{>$$B##0CGiy(i%DQ1C!*WBG_G_~!gW$h>Bm~l zWYo?rM{k5r{peuf5VqoWbvO#-Q)I5NsXC{#w2dD=&Co|3uOWc#K3~A)jOZSN=Q+enjMJ7 zH?6~WK=Qp4!*X>(7j>r$I$X-S?r@MJj!`k`$FvqXrdT7n}c3!lVz54x?smsPYf!5|dNyBCS5FdH3z3>KZhe=FDM=G<*H_vaS=P;v; z>*K96i8YC{gi(5y=Dj^-18}b)u+*O-7CRQcWk3He%+EiYGj@rf+UyLgBC2J`yYwg@ zf+tf~4eZG%N6KsnuL87+Fsj9&hvmoq-3-;}aeCu3k9HWiE*ScH!M{`MXGYB{e8W=Q zRh)=+yjI(5+PiX>ACn^1`cvNDz8?aiMk`d;F`;LDlo&(#{?;^&xW_@Y@}P+WN}d9` zlD-nq3{~$MKE^k--4C)V=Ak<+3FxsZiTD)_+U!{HF)5FMDXnII)B}Dwjlln=`fQ@# zyWOcJjl-CTQor|DiyXgJWZR*`W$9vBr#baV-?fJZ{@c!^Camr);t)Op?}15hWh!F5 z^{$JEmN-|e9NV9|BNoa$qfT~baup5ObE_E5>n<%mFHc6p{c9*yQ0|emVVd$Ew};E+ z^mY#@im?=cjvePeCusqLZuv!^e|5^+hxDhHB#6bBYpn$!RiIZ+Cq?&MnVN@DY4F<| zP+UTP2vm8~7;cR*VI$A=k+6cy<`~+i*SzWWSqg~*4%-YoO&sQckE0@(P!ZFa28_=Q zrVUzZ7^Etan!K2@;p3Z7WKV}x4Vn8Jyo?utPz~tCT;^lW+|eiAbK`V*xk^{d^Dov& z!xk5r7`ru|StEE_BhK&>6@P$IWpnKlI&j4Za!~7VO zvpj!`7wT3T{|I1-;H9DP?+Mc;)sHyH+WXQ|nu;jrHXik34@~e0I?50Y1!{`s{WLvG zatsScO}%9}z+=g~0bIrE*FYXn0^VOEw$o~*n&M_(ToY(OG@zm zasFT$ikguiE=^nH6tB&>Qodo>Tukfl;;q3$63^2NDi^VV*{6Hh;#-g)2r=H+@E`|B z8!;xR!6ebboKTsy*<04~v!O{6jqBlvss+gf5q!AF>Y5WV*|^~APSRmQ$($P5{@P{_ zJQJdvUEjHa1i3$fGPWst%e#IFd$s;iDlw!1M!_4fFY4X}sUg?vSnQv0$Vz~SVK|!m z3HYUD6imQj2#x{h7ibXuz3(I^z4_Rh+DS@Ha@zOii2U~J2kNs3kzQn~g@=9+OGFAw z<;p9=$4skjXFk-{o8(quS{l$h=Z5ycw4C(*ZP-sL9klf<7K0U9R#Jox6t{Z`Gb@XKT6t=s3>Qr&ZoNytPo7QDb8o9u<;}9d z>!U`&v18ubwIbqa!1ET&7Z7mA{9^jOJG<^rvY6yX=Ao;L4uz8%|9^4BFVS-%_Y2EK zyE}0>XE>jccDrJj+~LlamDG{YbcZ8aZY`tBm#Sy zXBwcyT!=+zN$Z?zN+#E!`Qt$WwUW1I2<-@->?ry(@}hsvT}K;Fb`Hg&E2?-uo(^i` zLSAID!Y!Tjy@kjG1EP65o~R-8*Lz57>|*$p0>yw>@57HFAycOFU#QNMD|#kwnSi+T zt%Hwntj^BHm^gm*wx4;>!8V(*)O-&pNEQ~Qh&+$AYpa?}(b_1Z1ZS6LE^5w3U zcHCJcn_v# z_i)5oBI5x64hG8mm0~__8dAaJTWu)&pHB4=iEj^Vh7>tYY;{~IOqMtjnX!8&nxr?EcU%axxlP0*bP%!q=Rs-bf0 z#VukSj}*cSe##qCbkGifNSczBlFV?o=aNIq5NZjZ^3h^~iEZ*;JU`3^>ki@6*sS$> z`mVdUlb^7+^KM+F6Rp6hW~AYvJYpKQGw&j_Fk-Gyb0Hf9H{cn7WN8duH9U%x0^hAl zo<}hDDOf+;#rKE{AiZ0C&chdctin%MdGfwA4zI}ItEjI3-Do=0;?+Up$D*L1o5e2v zl14(f)Gqjn>s3U_#3C2-qGLfp&CZ-EyriR{n)CVNhXpF7zD@u8z|yR6a+2=yrW&d4 z>oI+^LTNH%PmFJA9Dg0~x{HTtR?ew(s{iax_d{GG;4~*Nx9E?Or)5ZnA03glVsyUq zqT*2k6rCz~A#x-{(39BK^yW^jMqOmT+Flzk z$>6&jwK=YzsFb>Uz18!$lqhXR$6e7vACKsNWO6&b2PRDx?@hC2UQSrnL~t!7b@Vv% zE*v=x(i*_=E)<0q(xUEoDfWl~Mv+i7oWK1<*q~$5b+k4v;x#X&)8OW?WN@A+&D2&! zM_J+891BG8pXY*84xlM*u`4O!+0@@6&qf@VucE}E27xMl$BbkZndu`o=_SSG+5k_? zP^!{yP(L*21fquV^>;Efy!35%loEqx6m#w$C>qmxw+RFas|(3K zMVqJe(c_;bMis4^!fyqA-8@K=yt$QOD}t_y5~odTvCMOYE0K;aGJQfNR1LMTkyV<$ zUcpw$uix+Tpu=~eBge}td%rd-0#=X;F$tC0CYvtJ=y~bC5r5nE|IS&w`nW>ur19le z_@jE->d_Cg>+ro=$KMi9Tbo|3f`Tu9DcryMC;g>;3vyqN{eU9DuM?=g9!stwnp^vQ zk_1gO61iKKoqo@xp&4VACc_fCMH7YeE6Z4}5@||7F7{_qNKuu*m{EokUj<>tgnibR zXx|xKX7Vb=C?GJTW6jW<1{up zjRs2>7V!`hUyI1`F2;0h0uVBU@H{*{SqhCV^#a&A5_EPnEHzY99;EMSq?)u3yz5vI z4_k@#O;oEjGC4;MW!{RkeQ2K&A}9A~Ewow&%GWNM6L54+t`evaYK$8RTZ=k-W6+oP zCd>)<4-|MP2VLi06;&AcsZ{$F@QZDE>vB#_HOI*Ze9fM0sRq@|37ajXBvD*%DR8&J zMcJS=rk_o5d`|jC86=8VKkU1CXTjd~lXel~LBC`owPu}<-w=d0GmApiKNpNB9jzcE z0!EJE{5E(~!_PNV&+pwTp2nLF3VBxiY78adZ&!(Q%VEaOovzGsoGv~IQbeY=7j?AR z1bUt)R)Hf}Q<$3e@@~Sut?;|MDHC-oz)wbypf$S;A+r{5muHjFd=Wfc=xkYX?W=_& zc`n|+BJrJhtZ)xG@g`;Z4dsha9b50T1SI*qD9B0y5a9h?z!;c9ux+RlygWI+S=D_E zcb*d&3K=>xfYjdrMgoA*-zXOdQ)v92 zcgS^NqzT7DN+I-cZt}n#vJD$L~6s)JX)n<=ZL4*?zN3`dT?eexnk zqi0}l-CwU3M71WYH(-K@T1~2QWrHOnr6h&F>%jQ;Q_DLPNl@J#4&|?@TdFsydNA<9 zl8GgH;F84mS$v4Z2dD8E06utsGYp$`L$OawxH)MaR>qD&DxZSXEQP=9Xi#uYY* zPI6Hx9$?$T+SwpNuc;20U7p74m3VTj47DCD^BWTnx?4};cgvU8Bp56F%^xP zsew;4I*5V0^`c2*1Iq_>^A{T)whZH2}}MNGQe!#`^&m5SIta_2{1!q!cg zR-)(0lQr18$Lv>etySpPD)*}}h1KwS344=FF|xn!ZOddBZ>;B{+AP9pT)RGP zg6W%=V#D_7v|WCQv#pPVYwn_6N>0gWYCiJsZY{kXuuacuVweac?EHu5bTW(}Ja?#h zdL<;1s1+okf^vrrsvTD(@=UjRS^FiMqH6LO->7JXbcVmH$ou+Xi;I9V2ngoI>AYmn z$@r>v>r!pC%NJ3UV*M6F&8qQIL(_ssuU z-sz6JURK@mF}Wm*V!e@rqPZ{>S~j%D=!RAog3czW@VU6zH0lWoV+3#|Z_t5hp~uDS zS1>;lCw|~3uV`*Vam16>Nl#D~5eM~8_wS$Pc+M^1_vTU$?UC7rlauhIL~VhX$37CWstZ| z-icI*u?nyHlf*VDLQN6YRrm|>tjZ`8ho&4e{A5WB$&J_TVKzMW9e%LuS`BFjz}`Er z9Xqe>M@Csq$8TxwxUO2w6m_m?byX+RS zOF>;DO!Mx*Z52${eGs^x4*LCWgk#3`6^Eo_)N|(d3R@lQo$6z*0p+$ z#_A%8I|qo#hSMR=hbu>!d9c95-7(pIhyFc?LD@KSgirf6pVvCRrjQc83$$b&D0;o^ z5o?Yp!xK%?VqDVhJY0d{3-{_oq#UCze(n630amX?SMwv5cd0-xU)Pm0z4`#Uq*mVu zJc@=F#?LPLtFOZ=w<WZ=75hqo|BnojW$W*A^GWLxr>nv4B1Ox_eE^R`?xc{dL)RT z>6{1x-8?v%PuU5cY* z3-6O6Zc)KE%rNbVA=cfTn1j!M-OpmP)0wo(FCZFA@W1d(k+q)@ zcAZHefLpa)X*4F5i-iGn(MBU;n+&JCv=JqMB}M9x4r1a5>3v56+tRUbea&CBC>uy= z@}{Fbh{H#ZkdtDPgc@cLquGQh-!`xdbQa|Yguk$A-T-e$OKFl!)~gO+*q^xsqr<(M zD|rcc(dRV%zOB4x77I8BUqbf*?q-1e4FnvEn5hODnfm}}PPx)2ijWSbOS=n8sz5<5 z?Ql5gR~>Tw;jGHgRRK-%blU=QB6Mo)m}aXc>B>?T zWonHr%8!^AgQJ@aq+r=nllFz=f#(~#;o~Q`Iy%}a;>4Gy0V$CUXTKpC-_8M2gvqDl zbo;6Dl9Zs~?AnyE7o>G;R6ex8W9hM0$PNr;X9=Pac(K!dw!+Zw{ke8sRm4qR*d1i{ zyWyAr0GwQwbTcX#M$HoXJp~j^8U3P@a6KU;@oAHeZf3PFJjN9owq0PA4Xc%4{`KdP zt)R9JS zZs3rIwwhs5Yr@2#W5PDkRKynGUYClin<34Fg!>tnq*5^nd6^{82roEPyGMr_LJXs= z=y!~|s||ln`?J*)q3OU^GQGrMr0Dlc_WkEN2iki_3v$B_%|Z)tY9<$fC1AiWD3^99q5$pjJL3t z`OtIQAR{xVu&)o>;@>VY^U4`fTq&=Q)FI)TCJSnJzasKfDkO;u7zxf&Y*W~6RU3)F zM#w7(Gs?ToB|+qN8cSUMqKxeBq<+xipXOe!)F z3ba{Zq!}*9WF}!5lYx5d>R?F&N#t-gbt_2uC|!OEjpkTZ(c04S$VFt~51(k!-1^en zrJuvp%L;EM50^5i6e4Bf$}4=oyAo);(bJS6AY!G-o$_FP7jv7M;XeQ5==wDj+%?3!Wv)%`ogo}VvW%><2gX{$g1Q-=RY$^Ob7wZT zTMMGNAZMPgksBIG2%!mzCU8h5nh&2s3#B{|FsO6NG$(zV@|-wg#e9P0HCH#011#G_ zKP*p%%fYo$#2z|N@E*#Pc?;9NKC_15m{v)O7>@pQB0>qj5(H*Ql=sUNTJSptqrsoi zBiJY|rA?BRvydul0<=kqAbFV39=N@^_hfcllpPjk26P#+d!g?}d9jD57=^>c+JI;| z0dYKnQna~IA&wYohXtzi3Y<1tvrC)Y|3={k@ijqwNWbC%2#B#Fp49USA=I{r7Z?8O z+(cGs9%BIr**18uc9J9q?H$EM+#z+yaq&Ms$wImQpr-Ruz|tZ@=9Q)M+cgAxB7M3K zog10H9lal@HE}rwEzqL!q!>{$?u{dV|82u}<7i^Ai`LRzV_??fu0=zFi~Q(2uTH-S z{rSQ<{4R>UXl60_%kKy#Hqxj!0K`DFFJ1TbT3P_0>wnmR%3({DO8732v8g@I(x3jB zN>-0vCSzSH}PH(ux8`ent(#3M0~znGUNs zN#``EsOO88IFM1&u|K(yTJo_?yh7InF%GA5A{ zV!bT7)#a|2b@AbUM^m_ofvL8Hrqsg?egoJ&_s)*^=1G(Yi@32BE4BJl*i4)sJCM%R z5e*}7l^0qCFOzvoWum(ql+HB$sC?HE;r&BqxpXj({KID>Q!U{Wcgl*J6gE~4Z&paR z<-T1bz9`mNGy-S>rq#+YrEGa<-w{66Cd{JFYI=kM&?c8?*0eA^=8zrU1p%HYFhEn zUHl#U!^$5An(;iqiJyA&^1X$xCHTYW|AW{5xXGye1A(ItTy4Hwkg6v!GGs|Bs)M6d z*$n-k=N3B8)ic2oP$e>_~A|SV_Fs3psUxD^c26>AI1W}XqCKm2sV#+ zQzoemBEY-lvVYc7#4IjnU}k6TE8fxoGPaa`&x-esyXd9bvD{(&+_>EL`a)>nj(@A* zaI#&m)m^FL=WRC3j(XSa^jU@9ZX1-g5!MOlvq)(8xsgl2I%`M*bo>_rwhHCM&*B zDJZuOi%lI?tX(Q|7Eh;ApmA}!GPeL%pJP2FkjCFf3}$a6F>(dH3OyG@o-1(hP-)K$ z0s(XKJ=~R5rpYC6ygH3~ZKO`pKPD;8epePuj!H=?1s3a9<^`t(j`l&c>)e4h78MJu z1L!N3{Ti9EsnRI(0ZCIytYHt~(68P5O1!rH>YBNyDus5{aF2t^2?V~U18mf{`o=aF z$MYDCrHdzB8!C0KHnN7Yv{u}I6BikxzfR@iZFSr6rh}6$L|p2Kid1S?pmb(K&0)pg z>|5B8^HE#G8kLjjtE&YE?I2i3iK~CdZg+O!2K$-kz}wTr<dO1n4#>=3fI#n@ZigWC5xrL%vr*OwM`N|as{&LHMyJd5kJM<1 z8~DVUf*lAZ9KP!8xW#)Lg~;mk$&xz$%rz`y^c!NK-Die6C?K$iSl?6A;MbBLc#dpR zLfyjzEe^xLfC;46f>3=Vgx?<1LYj^rH18v-(@3%#|LhZ-kizxmBV|5!MvJ?FIO{K+ zw#BnrBxx-`*2z^zs-ljVq^Qwdtq{kM$6XN`xQWeUu=YXEW-DlaSjj%8}y69-vCIFvUrup#?aq z-tl(ZKdAn7ZTif%iA1>1`7wIMS*^QsBV7`? z3WLl7>~;1RFwXM!5QMb2Ru^W0TpNKYmAPQ=)C&Ui&2*%A=BTM z(tdJl&v%*N=lnddm);c;Ev6Cka`8z9ttn0x>1Anqm^_(7eo@PKt>exIbK0&S1uSnb zdF%j-DQuCcHDlKBSXsm-XqPQ`DQNcSu(Q9WRpv)A0_Z%e8Em4H_Ag(vCm-WF`5^C0 zqH9L)yOl-SnNmFUjZ;3$-s%=MFbq-J&7=TYA&&vYX5>*F0)@#!>9SS9p;^(kLL}hp zG@HD!6=c5R9TyE;W#)rqzPD&Iy9_+ENey%OwU)d# z`$VyDebli{U(vFD0Y*o&cuxT`8H$RT6Nna$$|QF%aV=>cgzD_rmltQF`jr#&!jh{G z<&%_Jq63h^j1T&Pur^`Hht}dPVD?|E3EO?-;p3IXga93Mv6n;08d1Cie|)>*K@2#e zFSM=4`Rkw`mj6n;GcAM4xOD;c3q{ODRwo*KH-DU6O<9%hl1N#_OF|bO;BE}#fhHU@ za#=SMA6EDqF;u=|6{pn}KW-Xj&El5VqJn}p)J^c!wuWw0K-z;@3Sj|x?3*msoi(!( zOY}S4$=(4}Yz-xtRNl+=8*^2@Tgt2zHe?Ou6R*AlriPrpvc=&a5y zoE9Qo*0&c&-GQV$L+i z^tXy-s-U6UHew@ON6dQM?{sNCN ze*d^t+y5vI()Z={GKfz&El*_Czm7)1EbXWCt3cK=84RSviOUt#F$psEg)BdXz@632 zOYxRYlCwDIqd_Zw@)*mO-~9nv{8gAl&}@OzgPPatl%(M{MzxRQ?Sd`Xgjf-Byyacf zu;{Wn+CBubk4iYTMg$@P?1`@; zb-RWeoMoY9e5?nynV6Og>UQ!k%SK!@$tKK*A1J_}DAKrR`%j>qB$VEJpT4l@Eh=dY zC)@f37LHLry-_^;k%0NB^)MZ1Cb7f%m|QdlwHo(4e*Y2qN5t z*nX0HV8N5hg+^1Ik--dQ?QIW1AxnCXqQe+N;iZK|=J1wYL}NNsacV~f?^Cy-jowey z?zT^D+|foYfJQlRMZIKAwSo#`1B8qougBPD(-w(23Syx^;TQ)D7^Fl^qC$X!p@B$n zV@0J5{iC2XBJqH|5K3X&$g|ZSEgiXlacPv0r*Vezxu`64u05Yy=bzYpOgKEC-YnuL ze$|q!sb9hT>fRtwqTrUp;NlIugP-*4ZNKMldhdF~cuiC(3hWF0YQ74QyvR?Ff z)vVGUlO4Bm&Koi2I!rMd2L`#hQt+e!C7C7fYW6GFkH$B$iHrzS$1`*!kBr;dBlIZ1 z8*$Uw50s~juH{q8(utVr<+LVU6Zz9v9Jjc<=R1}!CCAl8wR;g^+paRGeVlzesP=Kv zCt4ia!wrciLq+zvk7Fv3OB%{iq1NXtM^082})cK#GDJM8Kc$(AY`Wgo>$&cjP?O*Dpj z1u{1u_|xk85_PP{NSJLblv)E$=krkS58Wtz#gi<5p`GP=Yn(5$tpG2$RZbq)F)uPZ zquN!R;E&$^(@>i$$7V|NE@nx$fBd}q5)~o;6lgSi_#}Z6W#jkygs}4azE-Y*m-Y0aa-Iu3i~8)6cC}B;;OWS zj`2d+@Qoqavt*JsHYP!*%|Bd@2mQJ!?-Y9uGBnCnN!zaFEggsw|7Ed5;iD$*OgCb%tc!j}lYZ_b3?iRsZ{)DdF>v(yN z9E~yyn@oebi@FnQx`A=t={trzZY{@+F{?9p^wwY#R3XWWua8%&qn}VZ5x|-(Cm_ie z6z9*$+mg3AFtmqaRAF1eOkl8McyfUA-}&;?A&oWVAY%+nevyu%Xa*IyAE?C-P5*61 ziY62L-#O4iA&R8I!c~UlR_Keg*B{54f|S_YJGNvNoBZ1$GW>}CL1iPSzQ}>hAKWJ8 zud{v93LjAekG|dA!6+4n(-P;JNePAkZ`@?Dr8VxsC>JsEqbw6Qlp2XK0%E8FvPI;S z?N8`gjwr^T1k*&MI9PunPO^h&PS+l|w9rpbI5E>f(zfW$GW`Bm0FoM=5Njt<4}F9b zQ{{;{1qbog=X-xzfe$isj)jp{slFENoy=10w|oz~quGm9JddF|8;n(As3Q0}^dN#@ zqs$!v$t$?!{wD}C6b=DS*>}Yl6y7jxPAMu#ZLu;JfJK+way~jbhB9_$D;hf|+&DAi zh$7Tc8g0A;&DoxmHQENItT#;6{LS1i#W#;fTZHY>2+CBT(#F4p6QQ10Mk5up{;^2A zm`R99-N^GLNy6Vz7)~Qr$Za4@Ae4biO~WpG*KeZ>oQaW#92Vfy7qv(Fs&Bv-rk-Jy zul&T|G4&(^xjF?PZf>piy9Z$yUQ7M^BWXXa(zjlrHqAPbiSoDh8n|G=NPF4snH`DbhGkT-o@5+lR|W$+m2^n=p(9=@GHh z%I9nLdsIm82Xc#}CLaunsPxbjN_Osu2=RJuBB;KZli!0YwOQT+n;hl`9A8#8I0ioU zbdAM*-r^Un1?v(*=(&LzbvRbuU^7P{;g-5hTh6mM^p#HXKQxyfE8#dhYz2OJ1Hhc* z_|Em4dQi%&hQCTtm|NfnI<{rLoKZ<(MD2UNcpG-I@;ogE`%`%Zk46Xe0u^L_R+qvA zKup@wglS`=w*1fH72Ak1Ic6>GWmX0Znjoo!lTHIQ=K{v9PnA56R3jBDN#f_le6m|| z;f06F@*EeXTKC5?^Ns&LZI{~I9Ci3C#`vb=xiJksxYFFj)8;L*GgoPg>J?F30N6$` zCQuG)Uk%s=$2Bot;9hOFBxeI2KKEhxH~m;gp2Ar|9h4zo-M!`k&DP)Gm;WPZL+Lc4 z-ZWG5NE24;hU-3LcRqu)3I@;oRA4g?=z>L{NaG8`kPW*a-XcEpm|uWkKbTLKGm$&vVWw$R213r@!{Tq_d5WVi{mokS)B^ z%N+M}nEa-1>bvk*lObMi?q%8@>MC>VQNK|c@RUtxCcUS{EsEUyxu@^Tz)b96R1bse z=;v?ldGA$Qtf*Z#GK_TF=bDUotzWHgapsIb5UN_JtC#Qm8f=f#@2VaH+0#wPx#_M@ z{2KnRj`X>=;n2F5AS@ID7FNIAFW2OWW&Ma_9ObTf?e|}ZlC@*xeVl(9_uc0L*qSbi z+BRI`2;DiwLJI(gu}=nRAPfyG`C)H}&R^qe#4jhtvP{flJ6-4M2^v~pb_$CXX@s64 zjTg1#uqvAm*#ID$`0E(Dgm83i}TQ{~D1*WhdRg`QA)~3bQQ7f2k}@G7#1@ zGlg3I+RGqFZH8El0h|io(v55)N@TQz*}kH_=BFbS!f-5_&`?Zl`o=H!jXjt7r{%t7 zS?mK5!9mz_FaQqNL1<4Qf@_}^tP*xpN}UB?1=Q(A5P!Q@ANeu$Z5 zq?%@a9p%5eG!tQ2smrNQHoRB@nwVDnnWkB$nXMMo%r1#`ju}X-vb{tQ)1nf_6v(_a z)JQJCR`aKv#VR?oPcN&))i+01731uREb@jnix1J`)JoAlM!J{Wvr#<`TZG9mVKk-q zLMDO^7ZN7IMCeQBoUe)nd+`yCvC)+KUUn^dpK+RW6A2pyeG-j7t3*@PgIBcZ_z8R3 z;)QNy$o{f7Jc#F$t!g!6Mo3(_%cc#GEEqZdJKFLOUxT=Z0mlgAHC^fpuvT~`&qCs z(Eh73gyeltm(t!iy|J`MhHu6Upraq=HZYiq8rH!!bpDF!c;8QSM2b`#1gGxvA4a!mWjA-RSo+~;gG zZhkdk!~ACZl6tnPO)5h(mM4H1_GtMvQr7VWM*y1_uTX)Ctv zYwtm)KiWP?)98**-VxIw*^VQP8%93FFRpUgkzB6|%X2eAx|%Y)9A?R~%(JqIXr)sS zl4J|36ztvf0GWj8RcTomH+k5Cdf3E*cZJv@agj`2^iVVaH{|Ttj6U7|#pvOivO1k; z0V)wL+&+8i?LyOzvR6Bs(=oyiWfDKx>%gZs+- z^+VEai-lbJB4t;T4;zV%*oqGL+tZfw0DWxt%Ug&Zsj_GO3leH$URit_&dTQ6LzRYw zY|DzOIBG7MYv)E*<094{)r0U~a}QA@iK=4spK_7iq__I)CFzJ#@kFw%tTjd6*;+7{ za=}h(V&xFOnMn!*@LHUm@(r9`GONE49pqGmkFVry&jZyqV!VhYC)t7pFZU@yiZwwK zkpEj78d5$p68fBrgYKpNK9x{t5PYd*BO!TAGKtf$J!l8>O+oHaZ;3e8sG1R~!yy=Z z1$d;jz)uDj(*Kh7qIWH23y((+{;1>YU~nObMoD-EZC~nckW<15l^-vil4J}a=M?T& zWyI-PoHKghB!A%KQkG5Q;TSQo-OjCov;M>MhEd-WytClOi68fS1fJZmnj{fzOChB- zA4T~A&AD6{7f3{zM0oxN=gaSwV)SJft(%5)5OmcK$S7jSDn7((O$3lV3BGTc_A?hNTy|2D(Luud#^d z0?NW`3532xj4C-_a}5Qoz(0`Y$ZI4+`jW=k(kctt^KjJ}0>~4ULybNWzcP1JB4fES z!V+!dB6_8G@IO%hTLlGAZi~*;FxNvITzFzilrKkHWZdd?22^&gu65@g2so~2-{0q> z8UD6F683`d?li9HNHz5R>f4W2S?D;=!)C}`eh%?(fyzrUpp5GM(n&5vi;!)hf>&Ub zDeOfIUNgAR(4cZqaVYDY;V3)!HO?1F>UH1unQNT0o`;4qr{rC0f#BBM=MUf;7*&&Q zmcq!k1f|6H{6+RB4{ajGW%KRF5n*P_``M)7C(ek}AE#z|sFHIdvnixv6B&&ej!T;@ z|AA&aq)_OXSU=LOP<*M?c0scH-UUY6u^?Uwa*JJn;;{$_+Og;$e*JY^5)Q?_Pjg59 zF3pZIo7*`W8^arX?Bv+0GznCLSo<<}pu3f>q4Vk8SY%2YoERv8pD}}KaijKeEvab@ zTTK>6Cz!Dv=)C4=>};&a=wa0h)t>u=6lqK)(ryR_tD1Nt>$25abOW)eMT1>S{ zRRGQy63wu=ejQO7ub#YVv_l02_rChh&n4QtA*5Q!Ft^i@%V^#7GljKjK^MJ{v6x|q za+!SOOn+vBY0lkyw;<0BUE6%HX3d#NJ`dd-H_CbX#;_cYQdfK(c(Vc77q@J(j%F+! zm)R5v5UCS%Cl=C1tKWk9p^XeESCr?8d+;|X>ij&oj{qA?WM#L@vGQ;nz-d=~$PP=RtQJjLilL*jrd zh-}plF8W!&(c#7x5fuLk`MrtnoqtsXYlUxyOtB(>L8cvNS{b4u+ed;u9rJY?Zx-GG zRcmS{$zdYRuNblH75fQ#<8{D-6Xe zWWx=YA&9&EnYE&T5@|)}ic70K6u#nKnS)eufbns#D~g=;9qSid-OoULpj-dk$$kY| zP@OAi8=T^DXUXU$4tYz2ENIZO>RzUijJO7D-oX zp5*l1UPOIST>0uF_m5_XU023#qI3Xyqyr;B?RtmX;Rw}x56gGoR}?% zYMBr^4Kbk6l8*F`y;w|ExRmZq1}7kjbqY(gLq~s+SjpOSn8q=T@jnH6mV8Q_S7Iq) z5O1aJmve+g2$#<~RgsAP)!CTMNlGiTE35jq8XL6u;tIx&265`U3 zQZmC2@-3B~S>fq(Bj4}K*6d^PNTM=k+o*NQPVrPAb*{KgZ z2CicstU5Jta=#xDI%h*t-JUs)@#>xoekHh7wRzC(GvbxmVM3jG+Cs}chNe4~iL@K@ zDiHVa{Lj{NfP)vZ0TJ0#6HYh>2oxu@b*;P4dHhp~3{S0(EXI6?AYfkDIqq5@vGN@- zcH;b(e`wUDGCq0}jycsb2H=*Y`EZ%Uolom(K#$|vy@d(!2iXvKwxz>`XLhLZQ3Ft&2%@Ne9T zAGB`WeOchTO2iUpaR{!T9%#Mgq`tKrm-~-fMIw3G`jZOx-`ajwp(XCCJSmPBlAlY9 z+M?u!PBTJL6di{G(m9RuX!%l@1w1vg63Yu4lv4@lS;@7mmTUdSCsM=fq=o6EJj_d& z==H6~*g$-7@AKb)t(n$H8PXjLKDBYbV^xokbMvTStBku*#B+)Y)?`fv4L`>Pilbkx zI7>9=le{kj-UGha7p|Cj&A&59w6)<~#&Uf_0BXUY$c^@Kl$SLG{dgGW(Eqb3 G^Zx_ixl0oO literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.svg b/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.svg new file mode 100644 index 000000000..23df74af9 --- /dev/null +++ b/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.ttf b/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..16649b9dc6af65a34882e3db42793d440f1b43db GIT binary patch literal 29856 zcmeIbd0<<`)i*qIC0pKYS(0VRlB~tn;zg1rOY**NiS5|2ojoyGoDH%OlCTD72@t~4 zlmboJw-zW+ww9%|g|dXTY;A#3mH=&fNcuBld_JIUy~9JJpYK2X0%L~f8FRGsj?U@0 zE^Q5ZWc-3L)#jnmKxk3^mYdLi585wXv3}X6=6N??hVP#{|7RzC* z`LZ=DmrazMYkLRx?Pwoe13=b}^tVy}3Z-n#`YosIUsth$v78`d>P_o5u2>da<@hD) z#lY9Fe%UFTcrE)3ZQn$(Z& z16|)*6^NqmA2T+pp2k-dlL(4~`eD}MkXQ!b5x|;oayGyQ@wo^mXDe}XwvMgG=T^22 zpQo_X&{`#B^4%;AgYS}PHTsn+A7>%%B9hWnDz!?I)VSwCQHhc8(caZD#M+oWE=wQD z=`=&GwKIMl-RJuytPZn_)=6%Y`58+cDFrjZ?JdSx7hD+I33@0e9u|vG{j|D22MK* zvIf?U882g}v+LQT>?O939RjWq>ERSyI(xC*B5;N5_5TLfAY<~cQ62_fCT~O8ic-ti zk$2-w@v6Az-TZg+_R&1qzMcCv?t6aU+I>ITH)~(hJ3n~mgm;dAd*9oyO0=#s(O?zI zCX`b!L&koN@+!(I!LDMzWPfIVV`s1{*&Xaoc0c<&yOjNieV5(K zzQ-vb)$9>~=8yZgwBLhkXfZzR&*3_Om~+zp$UN2e_I&1a9BV z{sjy_=V|PH_BnX=YtF&F2ia|0gZ0?Qe#kz;iX37;V56*u^|C%T1GDO9|A2(eVnb}0 z&1NHPjBS8qtzxU$8n%`l&rV>UK;AZD-Y2rn>?FwC7Rcjzb~U>OD|0Qoj@=+;SjDP< zV+SaF2{ZegSMYW|$k+07_@(@D{%1)qMWk)gHPXA%VO5bTq*|x?f$DzM^J=v^re3N3 zzWQ19hiP-uPDwi_?UJ-x(jHIyG~JlqnZ7Okw)Cep8cmgEmgacP&6*cAa)v&`o>7%i zm(i6moUu6LoQ&^eT$OQ4#(f!&WIUJgTE_bsA7}h4Q9I1z9VzPRx2C>y51aS%{Z#D zv(L=lmHk{!NzT%obvdWx?8w=jb9K(GIseFY=XT_tntNZKDz7Q;`n)Ie-po(W@5*13 ze^ve)`Tr>BD>%R4&Vok^J}5X`@TFGLW@%m8N^Mv>L%T-1MSHe(xAt!B%Y~VR?S-=o zmlU2+cxB;_3hym^xbUgM*9-qz_^FQTa&;zMxz4Za(hcj5*X__7Z7w>!Xh+e-MOPF(T=YWGKa5qzKI6&8yNpj2=NI=C zFE2i$_|oFLiyta}toXU&-xa@AyubM4;?GUolx5PHET(dk-xM{qn6{X%H$7v{GWVNz zn(s4zSyEflS<+uJS~5|xwdA~#@0Z+O@?go!B}Xh77Mmq(8MLghTxhwP&pw%Nr7P&TP=A3S44&JTFmKL0%tA)YU0%(%1wWPr%bz1*=We^H5`u<}Elk zL9YaGp2Su_n%Cm{7S#PHYa!)+$oXbSegKl(gHcBDeJdaG#Pcnv%>st?fZFZFseG}UfLpP#S?m}5 zS*Gsl85m>Nt~hn`I<{-|=9MR~ZR?h8*}%+Lb5;AoZaZt}92o->_pPif0a3GTR>%y@!eDjLD-AN3#k8!1IT_hr1tzgfR)EnQDKHMJ zpU+H~#Z)^6KO~P8vr^`s*syUu&-f;vt2QrN!Q$WKbKTn2%h>1N=yT(Wb?h)atjW&} zTi0)92fxYZCNyIEzsaXqBls||Z(Mxh12uRhw3AVYGaTMd2EUAt!NL^5LY|FPFHE#2 zzp0Gnb2EFKJ;9!2d)ZU$Y4!|zmOaOwXTM=Dz${X!$aGh5eTOj{P1U&TH&-_6Lmc7U=pTd}(-_iTQpPK1-JHUveh< z)96>?8*!6K7qbOe0VctRlm^&Bsgc!6t8vX|3;9R5uEqC@P}iXBW2I6juKNLh4dr~4 zJ-8oDT8^jXI2{O_y^WeBAV#f+jwF`)!e=$;S7E16l0pNRP6Q&x`eW=X@G zxSFI~*33U-Rk+4bYT^5~qXd#y)lbq;Q2!*a5LrsmmK`|yuGn*?fNETHcbE$G!tICUF5o<#0LM4>A zCch`IO@Px{JEaq_KT*Kb5%8b()!8Vop=?1}j^J{&SUeT@fIR- zUCfpsu6qU+=qK=xRB_A=tT)rkD=hOQ-zyM}#;=p2NN=N9-rCqpk&?0+g^yzPi1Z-A^^z|KNsdN%tOEXL1a zH$LJLS8+8W!tcZ5(7_rR;H?;8M@;ZON}%J?xrS%(OrFKFc@EFzdDtadmJg4{#%_mY zya|5Gjgb8`tknaEM1Lmi>aP$_-o}0mALd@fdylj8;ZtVA=CvRLFwU03o*jq1cL4s< zd2A=UknKWN#l_Nj0oU?EuH$-c;6>cXi@AxLc?q|0E4T4dZs!i}|#dt>=MPI@dn<=n|L#C;jO$4F>43!MwdLjN*KAQ5ZdjW@s9NjaBCwydb<;^1gq{L~- zi<%&ZoJ7$R*w7)FdD^laNpX5}JgB6OiyEq&Cqz zmblg>TGUOpXiq@elaNqMfrMfTBoqwRQ*T^5vQFBxY{g1tDggC#_w>L+W7yea&?ZVe z)FR@ckcfxeiFk;7V~Sal-nUYhgwL$h75`bOBlUX1%FT$QzWxa`iifF&CW5DI`%#JB z+^4-moeph5UM$k8Op-tg6!fFgZnSa&W|lvdUy-ko56W-JkH{a$Z=-gze22V8zFyuY zzb8{>_ZuAYe)(n0;|q8~O#TezSE-$V^JDq2{Ac-KD)gJw<$d3z)l?gd@;XNUN=6nL zV}2$7aq6B@11(4A6OU>lzazhb-e1Tc;`1|HVI8Lq@Z>%D0LJ-f3ii!vgzuXl@;j4l zb5Wy0>pFSJKcjibU!dGB|6YC?6ukp#@06b-i>@5<-em3ASNSIdPvCe&-YXxHe=ENz zpCO?CkoSx0`}Fzm5BUbM-dJ-w6kdVH7c1ZKNwQ3F3}crgFDoIU+yls!>{i%33Elw3 zVJ28NitF__b+DlZv?#)v23u-`9V*6|iB=}uG2_gJZ7sol3(jI#Qaf-saGD|0PTVQS z$%Xe}hyPK5yOlWY@I$IluNFBLKRgl(e3AhCl^UGspe2Mo62_^Ahf<5ZOPL`D;>$*i zOwS68@JMEZsu7&o@JAM5^u@5p68w%;z`q*agd}n_S;BWP!#eMT6~6?hR&c=zE?f@l z|9zY`WQu4bEI-eXm9RI-I%iOm0B?`*G%DPFH|Gw3jK0&%l`u z?ogqF;&&=a+&a1Ev#th=<(!?(Fk&^<=m71J|4$A`DP)k&kK_-bQ4VAGdm462f z@u~a?K0ieHZ|i|1wZQxZ zZ;|gto5S+W|JC5~0fF<-R6B6vpco;A&ougfeFz%CRXV`sr^M$g@|XCUE?~5Rf1z6P z0Pp`M=J*w8eLtZyNGoC9(~nfCBbvn;q2<&eXx=|Xsi20&7KhNdpaOKI%nRRl%Nw8p z-$RYCDwrV!sJ}DSQvMv@UqCqqA7nhE#NMEtac}B<`6>Asz{sAZ^uo+cfGRW;;vP6Z zX;VzVq(d=5Z$N9)jNrB7AStD5@_@X4CHO|zNsftURNjR|ixof*x<~S(tO)ISu?k5X z7=>(I3T=~jLm+1aNX1c7`>ujEDVfPZpzB{J zN);(j(0o|zMaXob4@pL5Qa;f3pUFFP6@6fx2nT&84|t^yKsS;v_IH9|ci>7o2zuv3 z@;Avh0@f(Fuh^b{vMj=##7~|n>^SxPoBRnrmEFMP*T{C@yV#kDopOLY$Eib5n>EFQ zBu=FT=@jHSlKXSA8+7<1;PpQy0iu!^>oel5@aKeF$zKZXI=v~A$?NhEaQa=LA(VCb z7*Zu9N$42RFu5oHiW$OJROW@N;M=qTh~^Y7CuKl^K_(7CCKc^NJLb>8P1i2~dmSE_ zO4wg94*@?!cLc46;E{ao__}NW-xmpf3mur~f^|$DQyeFVpbxS!9g6Qil&_Y5DL;YQ zYx19f^=+}gUY7rYJ^76MM{tYy@Cx(O3^1$D1iivSC?m;uTSaJU27T}v+NO9$@?VMf zV%3CA5^Ex~z0w!=K25A6(U{Qg$*X7s{rvR|_70Dh>w)=nm3O_P=D4H|*4YV9(Q>O0xhnfW6I8FGn+2AC{ zw-WfOR-6UMXSv`ryRmZ%@h-&xbnq<1(q4Gl>)^A~6W7aCRc!cQ>+%ynlt{lo$nxu=qQz?e@nm~aSqh@3Gk)@)ilIfs?W?m^M zWg?=W=igMkurQg3J1mG6Z1CABYDu2H$q~_c@}P)j>ZF*4PB`Z{RMSpnZ2F|=g-(iP zrl3@#s8Bg=^MG;`W;GdhtX^8#SVJvzMUmzmD zVj-RBLOSz=bXtXUT7-03gmlugNs>ckX411r#x$>{&&5d4b#zSM-(yQng>))ZTNmHwF{T!D5Zu$9S-|1IifDTGp z*r|KKbO3lLMmXA&QLHxI5gHUaPiV)fzEn$MOlZm!p9Po|zmBweicLc&+8<<(XqV9Y zbmBn!Y0=>1+{KI({E3!-R(y1_xd{lYGWwG(!AN2@G-4Jj7W2c*|9?8*lPVM>$4k;E z=pZ|{AJ!y=OK1l@D_S9n5Nm`e3g>i=CD9$@IwdVf-xQR#SH)^6b7+>@zfcKdb&?(UPDDJ|?vgIA6j}As-=eBzI);Itfo$fAk~ig~W+b z_RDW2TO9i;JV|cQcmC}MW+--<{3nbu zN%7a3XFvo0-{b!j2P9!7$={%NUsRBYd}uMsbdrbRg!Q7Qs|CnP_P}lp;&dSsIRWT; zJjbj>-tiRN`xVZZur9w8mUz1FQ#Ludr0-LXQOv-q#TbRK{iH3)l6qi;5iJONN}b4- zdJ?4=w2>XQzy_DX){@muo>Sfy^-3O7eh<|slS^lzxJ{OS>Qu(2PjBK>MxKIGbd>a- zN-@52D8AQ!M}9T1=42@}@D)gxD;k5|!J$HTGvHxSQSz#kg`tC@6{V2xmg@UB6W*5> z7)nv-4I=XFC=*VnG8$nfytLcMgUiL(Sy%;H?_8{c4LxXHX;=+A`cQs5L+DVFfHJhB zEH}wPBk)spS_5CW8Tec9L{=l-Ld=JZ^Z*-4i3Zu~MZmKdrwY%`m!eMZ1Li?))}y`w zCuOZq!6+m>dBB?RO(0bykB^GCo@lj@RY^VMKYtBIygFT!HptXBKd2u)3m}hE8HfDE z)D=js48;xfUc7RUjaLd$O1d#A0|jChlXKy((_B<*_yM#h$xg(7(1>IWX+jBuY{W86=mN-Q2>_ho?$?r#9 z8|B+5gNAa;(e_Gy4AJ|mN41~!RsQ+3um8<2u*dI$>(icWO`=GNo)g&uVUy|pWSnlI zEIAH(EAA3JQ~3ejo46P6Q7BO#MMNYIbST%UxQM<}DTRC%BKFW@ml?3fima;c<7`khfT(ditd_<0m)yY zQyF;*t^z$t%}4q}iNh4_G&SOXT_deS@sq-R+DWw6=sgoEbeFUY6(!dCuQ4WDIKjCz z@zhH#o^)~Xq)Uahxea&j#hE5nh$0`3*o)RdFXi#C_(%LtD6jD6`Hg%BKOS#}_&L3y z`8wX}xf^f0oPzgXIMzx7t~d~{oq~5`cH+I9U3d%TBD{HW3HuJ-1iBZ0A+aBSyFq(= zC+2biR%aK=h1ee#;d(K=9~HX*lD7+GH@;=D^HJLgkLvsffirj?mM{iAuuk3ty%%?JAtA`yMu{#htcK$=DZW1G$MW5jq+D` zZP^(4Kw{*BxO)&I-w3?>G4gw8c?cuFht>zt`en>}Co+^5px-W(iv+IyxO+(8qPt1j zl6PsO!?^o}pgc*@XJT$NFS<+pKAWUf!Fm{XJ`-4zyxETyhXnl>V*gRAi}C#u8y~*oa2De*kNKDaN=Ag?Q8i9yNhSO=!6cYq=a!w*v9@1ZzXf6_7~sW+-A= zfXBxX=`!@n#7?38!opgIw%pB2e}Fh5uN zWND$jK%H-Yua7U3b|2aF^wX59SqLm;z@mi)fL;k}!=a)g zgFanj5SMh9DjbSNYTYgu?kJUok9V%DuL(5vw{Dtw=CZMwgM%wK&lz7bceAwH-qTPs zl&{X7)zvn)f}h$Dst+Fdq_v~D9$c-JKaonLtHBwT=5)Iwwb3ZXGHTpzmoq)xpf4)I z05M~FIv*MNR{y|`(Wb?gYI8?L%aU+tQA=QEso%3aXZD^Gj^8secU-Of$3(q*?T+oG{{B87v z2ZVJoI1FKf3!e-5Y4JaN@ddAucK5u{`%!PAD=IREqtTd-W>p)Fxil)5%Hx7SY8OtNnPbdR=NNL%SUD?0rLH|Ac1EpQ zrNMYNI=h|t$Hy`6wN)onULL=Lk6m7QLRI|x37V@h0&;saf-wvU1Raxj=l-o1Xolu~ z)T>q#wuzmg6KeS=a9wkL&6?Uc>3ovll~`GN^D$M1X}_dy=RS# zp4r!T=4j)*;PLb4A0M2bGj`?LwcnpT`}=FxUO6_S^VE^kF1h5ikyAUtP{Gw~P?!yE zLNqG-5c_Uw<2^icL(6&V)-9hqI&bc{w7YCh-|C6@SG=#ir#B|(TO^$X`f?G+u<~j2 zV8?mbCUE#2oCHLmn*K)Er1UQm65o&NYq0UAK&1d-8_Ck&(d-(r(x6 zu7M@m_Q#xMS?2C*yHcq&zZ8Q9_PDjYR#NAvLoydt)HI!F32Ay6@o-eneBN!U0t}csO z9ko@ZK6AFWpt`-Lc1{R%SU}8Im=z)hNKC|GaB1J$%lGY-X7=0#5+4rXc_f&S621-hFgx$iJq~Re=ELyXp!5!Xo#N^KWpt7QQ*NLselI_ zd{~vT4^*$bvS4jtiB4T;(XO5I66EvRhLsKY$Crzp3~ozMLGUJ~_nX>D*g=YY(5P;_ zaBg>|K2x1toV{pZQBHA=Iip=~BwWcs*8Sq~fIX)7>4phP`m1 zdxjhT;#)y0v<5$nG2!8cb*iv2v1wyr73@!9EKU9+_by(LYs^>Y8FJ>$zweR7OLI#K z)OqHd(dfd-+?yj1j_-X_yU9Jh@;_L1}?n z>&zdU_hg)3`cPReVtm+M?sLwtt27-Wl4Hnw-15fbdYXnByGz?#_SPJSH6%U# z*nF$!yc0*awREpuIK0AXmn{$ij;Dm5@VhW8$n3GLY|_XUwykMuKcOYqZK^N?tX18f z(N1SWQJG^nr)l%>$mS-eF{&#L%&8k)ZPmxD5G*_c0q#E}XP|IQm~anlS%Ouu$fP;{ ze9?x+WwDADyLuFSvJ9Bono8?!o>q5H&bg-!oz!A8k3M{)uHNG7?u=WEfzi5oD=-Gp z|19XIzh_IG0l6fONtLB?2u5*Z`|&NU6R{;LxfFjeZC;P7vBX+B^c+{W)`w^3G;ban z-rRD=np{)n;9`R|s<(0X%)udW2{9FKm42uAVy;LGYp?hsE~kO)zjkRyNB0b4ML}VS zrEB$Sep5@@;LLfMn%120!Or*+Skh|Q&JTjl8e}U5C*=pTCoxhk0ws_o94V(q2vHaV zk(N>^-jpyGx`by1B`w-~wqTRnQD}1NianvR8hu&rZ4+8!a5&^~<`$OMjL(_Vv|*s4 zxv8?UsX5v+77mQ%ISS0h{rkFFOY4i&*Rds-urrlv@wHNLai?KG>^x(b8G55A0mFRx*R6$_M>? zSl(C;A)IgomMw`t&wX7j?(+Ec^oDOYl-PaJ{gNBcm5|Ti+A{z}T<&4_3h2oS6fbxx zYzlV#z^}+FHiynA_^g4P7pGBB(ebR5d z&F>q@%T#ML*%?JS^$}^+k;`;i&Rf*Lg?v?CB$ z`#@z~YrcC{RsW2UDu1+Vq$&{Y;`@7Cfto5`ZF186@#|^sxForUF%<44#()-?hbIyqYTiNgqSe5HNQ*~g)RjsY7npy`3TU%z$O6=XH z%_GB`o4Qtyj;&cUHoBVj?uZ=b{{mj2eTQGA@5f7|6G|V~Z4Ic?QEY+(J4w9k=NZf@_p|}(;*N(e<_O8lc z&=D?ic2q1Fs-9)>nxb}pr7c+E>ZiVFP`DGZSXii>Njd&-R&(D#R`)sQI4W{&IR*Ma&cZ&P+mg0( zXJ`Cybxo$aMMJs8eqee5e+LO^6PU>5AmvV8E!nMogMFiwL3g8*7SlP9vup{kjlb5_ z;;Do^G!J-#z=3_op8}4r`5O=4HD__QFMP^=xS3`Fk-8uK zzLCFi-T7mE8F?CYMnPu(@Ia7DiMiJr{-OhB`+t>S-ynBgBcrPRzk&DB+2 z-tCHig)xy2<#%ID@;73h6n{fwobosFuKV7C_Uz(Zb#_s9^%3#;otx{BV@(+cR;n`k&yEUkEE2d zKk)(l!9+$CKe@9ienBVnrikZNE1)+iW39p8TS3Pi1D-t%-ZR-gcN%=gBs_l_ym}I@ zn+D%B2{#ZNG$1FZN`o(zMplw*AXVucv?t?ZN5rM!&gMJRk@($wKEEpd!GQzZ9>3^? z75tQKeBgvQauXtOe&i9FMXhY3=pUm{o=k(k>zXHKC!%jLYs!4ntewY%XHSFEtd;h; z)8I5a1+G)z@)2PDxxi1kLEy(K32o>(%~VvHFP^C=47qtX`{IVm})eF|GWylAPvr__nSZ%to|zuWFa z*t(`yr!C<2@WA}zA47H_=D2RlkmJ0_&w5Hlkmc6@Q)|qdV)jd8W8<{2#Z>YzlCj8 ztkKc2RKnBJr}*&Xc2L#?0_suXt5{gLna?zjeCPWGm0oY3)!|$kjrQbQM`{)-Dx+*`f|l znJ!{6iFj;Z|L_<%=9g_0En!CVltqKTH^uH2a6}=3!}bJ+p$(4#&*CX?!C|F+&NMi2 zQh^sLaPh|PPX&I(N6sK08SnX#PNH>HpjpCmeiu-qz^y=Y1oQ(y^TZk{(84nSATJkx z#k!wt31kcIIxMRhm=(XCR@x`#lgB-i^Eo6&gsu>hq}Uva!cyT`30ooHf)=HH&NMjT zSK#y)!byG|5>zViLSb7};QL?sA$|llhJNRT#q>rUDWi1Nzfo5)+8G{I(OJe<%j;1;6g@}_DLC0;ItPMxR3?l7ao|v4|@R_%))Pt z(YOLGWJiG)5*!*d0@?ht^akuL@Whlf8(A=sc+jOhS%6;AK%U6MpR#@DxZB)aop5A2 zoSidv)vaibEopG~nsV#h7Z;yZ+vG0mv0qaBt)_wKvbRJ1z76y9EV)&-#qpQx*Y|?yudJrg>G2g8QS=Y7zp=Zfyj3N|XfG+t+>_HebE#q=;R@aUl&P4QMoYnl3X$hFr zIEW%6gPGc{ZL(w&MvQJig=;isUYt^bLhu2=5RrVxWm?crJ%z zlt+mvMg5oByy{M?qr9rJaZ#we!KpX8yQ`bKsyfT<^Zm9!{-Cbj<7_D@at?aS$M5Zr zI$JHl1ukb$l1dtEw)RSEW%S51fssg6SJdbmEJG%|uc5N5t|WAv$G5Dm?c`dcJ)gu|? zbMCzUhFfpF;rcr}&bsKL(@($XqO%|)LoksKNN0*{6QwL8G+S)dp-Z<^wVPXabn#as z8ODMmd&v+}R+vA5aS<7YBT1#3ObsJ#LW$e3!MpUlo~CARmnGm`)Usez=hgvpo#~;P zrQh8ej`dXA167gLbDB;+e@If(6GSuS@+;tkHB8yRly#0wKCYP>BKZvV;J_+-g>_b4 z!%WYDfvzEEW7ykittwwwH@dE^wqdyLxSW_PYV)^6-1YWWd(;t#mRW0E)pG_LX6n_s zqaAf4^cTa(mhj(W_L-D1h|z|RLEJRDh$F&@3ogT&r`24YW6lf5-{soH^X46X$lPbb z?*ztc?~d|4@hu&96JJc2!>@tIe$*VGM>HNC9*z)W6sI=*gMkT$*E&$wID2M`16gJR zZ~dp%=(oleM4OlAL>*B}^-yQWOuf#+!@a-E$*Y{--MuVCT0V$To)N1K|9}Iv@^rG+ ztxD1GiD$>kfE3yAw9-CXMsIVVt+BRcqM>_ZYi)mtUsq?Vo*9sA!=BL+dk?`m;i&t+A*~3e;c2`5Bs?pb#R@WUI^1H)BIn~3ViuRfUwW%*u zGt;+prlT>CuP&%+t_;ko=4-5Nu0Tg!z#VeM_qNvfYTbpVo~lSUan=h;A5C%=T7eW% z(sq)q#P?_{HE}1D!`8+|dv9q*U$eh`et6LA*T-y>Nwy7pN5Io?>qLF`2L8*I8Q$t8 z%Lb2p?y=MwEw!hta#snKcI{jZKGWzijQ+kD9lIHxjbe9>+RZ$7V)Nz+Dvf=8jVL*H zUvus4w_khB-Cbwx+I8A#yLO#Lk_bUzUtpEsgHP_}Teenpm|G>Y*vQ|eR?xU&zW;e2 zS1#SrUEkvEE(umFYF;qWv1KOq@jX-f*dLzU$M8)O`&de6XA55iISc#_?wQCvd`nBd zOJa}UK1jg#X3Y9k%sQQ&1CdhX>!Gj7*DdMg11<5F_{DWSUR|nu0R!<(!EkOKVZ^g& zJWnT#=j9N_cI3q$#NTZoB7Vh$^{{ zQ*4fCZL!;}O4mDV{Ek3n(|nu9RA0f(CKEkg!|$uz#eR)7rrwaU2zfS>t1{Q^7s-8RK`kP4$)BTx_-ls+#73B8<$}VPrRcPl71AnkWJsIQeGabmJE$2!2fxE^lPN zW~bxV;Q&AKD7BO~^38aA*UhdMEw4|^sT%JT|AF5Rsbw)w1Sv7&&vx!C+qSLas+Oy4 zS6>UdqiFG7vPH}jGa44Swrz7=&|$guYTH#UzzrPyWVCSOSFebQ8}UmQL>+qavjzMn z0l$gh!02OtL|%}7$&tk(VS{h~A6t<{6QPd8YIx**c^0_>xu`-r}n*Jv}YqhWh%3yH~!oW5?SQ#mBw1dGlMx zp^sZ0W^X0>(ApyWg5`h~Um)6t(ev&^>*9&GckFlzea7WATq`{Revt=^XRKkv_OgZO2zpd~y%Hdq&^sPT`5 zYr>i8%-Udh%wJQHq>Sf+G8#9LrlakkJm)2Cf!Dc2Mv(Ys5bOgDu2QqFB(215$A`~c z)l{EZ77CSR);H}@h6&bU7z`$cAyUE?L5ej*q|kh`M?D?FOPvl8?hQ~IT$AD*gw+Q_q&j#5fLtc4CeRibx8 z1AbNQxp?Hr`~0OiJsoP`H}f@!Y4PMm=b@bt3sWF%)OdDz>zC!P%B;y;oxiNk)5~wR zj(h#4bte@2z2nxoq*JTqN8vr+fgEs`SSykbC553T&Iv&S%Z!Q(hwO!#7EQ@dtMmwf zXi@zVLXd-z1*IWVgV$T_ZS86G)|BUK2m1p<7H@IXQBm$~?QQi2+<67Q89(y0^p;vn zJuN+@7Dt=gQC)2D(a%iVd@cT}Hba5eTszBYjOfkf<`O_FTKs{gB0xPYW&CPKrQKSX z=XN-&a4n#}dhp42bG&H-?qdFF#HFO?8P@VM#%}N1+|jzeyJ}e4cf`&^{-ymxOMLMW zio9y%Po)R&tEM_+m$1>(ob+I^1<53G{_>>6n_^^Q#4|?hT#{bWtCQ?V+5x_$ee1$- zc;VLeMPso`?=#0b+oSeikojj0YC9G|cfkiamNme`Cj>Nmo%!zcFmYZ`icXKG(>7rD>$QHr z%V(}EG+KCTXhB2c{7`6qW5a?_xpzh&FvI7gPjB;c*0RFV^wFN4RnGiEtb~ehkd{g} zLvz4~(;;r7H?R=07>!{(Jf#c+UZwH4jD}S!xN73E83Bvh;_r)T)H4Dz)Ed44Iz5Vq zZP6{WW^IW-d%@br9$R|>$!J(!sj^7tu{L@dq`WOdtE31atd&Oz$Cb4!!eC)dI(f&K zCl-%#ZbGKXD#C}4DPA-!DgWN`>&H8`UNN@vd&4b@{oaN&$<*cucb9~EtIWP!DLdw| zjoF)ht*0;Q+&-;(X5ob~5aXkjV$(m==d+JNQSB+f1W#vs2*e3be21a;8LP@dHHYQAC}M) z$Z!n$NtCdLW&u4ZiVKX>;l@JK@Vvq~i;WTExy6y<*;F@0ig%doI|_F^Uw>J{12`Hk ztAGCa=Xu&?Wa+wL*XSLObc&MkeICD%9aL#ynV!J77Xsqt7xFfh6_6(r5Enm-w+hJK z1f&9OhDEQZ2triD6C320{^wZ#!OoG9PAcwT(CrBZbJk5P$4ikD>%v2`W(^L`nniE; z;OQbe$j_S=8{9F+QKhftwH4{Q{P<}Yl5)@ZJ;zHavk+FyNUGn5cr9$GT{P}>nJTny zW2d*V*WF(6!}5{URqiTBvCCP})>7WxS4mcsC~pNO_jGM10(;sQDeh!K&HXgcZ>%f~ zmD>Gn^`SbCy~wNem|MJ|nQogSJd#uCaFmpmIh`(_*Jg2+=$%$qEaVL4Wz=}0P%0AT z5cn`=m_|jB2F=&m<@s;iquIr9_NwwayrAeS4b;^Ioc=tuw#F4`|4{4J znQf)THs@0wOR+_lZLcxYZ@PIB^ay?(I~tFrE1q+LVaq*bMqiP-ro7Z!>#Ww6fLT?o z>dII{o3pX3XJk3gcUB9Y#UE3+)$i+xxf@-?KH^xrd=J};-)a7uzxRX6>gvjBx5MEc zYCe0;*jdd*4QF#$=WO(; z#NP#)_=}f$6f00fIz3jXDX=+JX6t?NE;>FbPCAR2}m`1^@v{2Bp@O5QrbM5(ncBUxdg<6UJB&-1f-ok z%=Suefx_QRwt1M{As{a#AeCHV=kaA|^I`(xU{|o+0`gJhXC=4O`}PvlJ9o~Bqxqt=IVJ(Yva zrTm<5Wuz|4?la_8=9l!eK2cs+QsbSI;jx(TcptxGuZ#`n3`8US-f(+uq`f^-i?lWTFn%X@Nq0hCF-!ulB1+RT zz&~=-yZS?+epj8-QBmPQ;dhocxEp(V8r==0@H@)={&JU}Fq+wFyyaL84G0|yzZPB& zdAHbKlh29B$)y~aM?85X-3Y>as@lrR+N!#Otu4W>s&=hjuWhgDGB#M-0vm%pJ;9ou zp4E71ytAvOqnh4IuI?~4x}1&1_Udk(&TX98)HIU{baRNbf5f5k$~tN^y=6 zBPt1aF|6Vl8{Q5sw7czt{<@gAt+&lP+};%IEUB_YeEz5ajP-69>^5!+S(et}fmyBE-cmYeMWsDpw6)ikHreZP zE%~**rAUEeWY}8%26A6W28HR*V5m%c$r}UG>lB6;Z@lrwi*K4cE8hxrYR#WDcJn1S z-E`Bn!S(=eyWP?0a&nzT)@brFvUHijIZMl(Rh2ME67qfT@V$rt=zsKJX^Gc?DfUl1 zSkWTIig7gtdJl*G4k&%WrpV&D+Nw6AS6^+m*XqlxeV*G}>tbz=HQA>f-#yWkar|n@ zSyWqSztpnev+{wS5;kgC4F9b zX7zQ~R$q5r^|jYkUk?mUwiIKAQB!mm@J)IvuyKg{pf?qjgK=Ip+U-VTX{j-BrE#CL z6&r0fW3i2|N!Gv*Cwmk${ti#P592r5)A4z^nBh4X%|LGimX}A$4H}KXXyh-(NBNz< zJ@35Vo^xx*t-Z5C>d>s|ZDWyGEaLG*(hN>&#_v2wY1Mmc2T2^{EWx*Y=(H5hX)qgw zd;jEjo^?;luYT2X&shqmn(&+IKSSmfl<34?4dPD{G);SE?CEQ-QHR=b_uKI^?>_h3 zyFp1A=lnPPdt&z@o}DxylkZ6IVOzlKF%-GA{*n%RN*&n;r^#w}1S`bV8Gy=3tTWax z4P3wzD2J9`9KW33i4~5^biYFWi_|XV6K!c)jRyj)@o2g3VL#7Q^Q^$bCjP)P6}%vR zsN$LUjHBA~7(HT*895Kf|LK3Y>)}BBGZWWVJj3sg&wQo=|2rSDUi{bWA>=&Om^*SB znvtT}`A+`WA-?ExtQ_w0<3&a^E~GP_$TOZTHS=CoZpxc7uK{wcfF$34*do>OA4`8i zo8+4h%cXYy3kiSsDt7FvaiRV+GOX2C0H?mp%qW zpMcztx0O~vO6ff%ypxGNf1=dP>M%O(0$8xTYZ@+=ntu?xh3=gyJ;b6aYA^0-_XIAH z9y%#@Hr;y~{l260!z(w&yo!q(q-NhOF}n9G`kk-zqkG!&O9IkE6=#ckE2TPi70nH< zG?GCY2+UQRM>e~*skcefQ`gr6&zmgVV0A@4&S~-2jh+%cn~V*tu8> za88BYb1u)479cT;JI_cn@&Aq7Pr5~$q7{luON&vYnO0M=%~ouJX_Mp)Qa`&CYb>5y zr|OV!O3$T57E6)AV!0i~fV$LgH5ja^1(?=I&#^tK>i>*swZKqP@?cR(31O6;145;m zxB}CqQU%)pnG!Um&LH(!dZ?)>M5Wl_C`OSg>MASh>MAPh%AFRA!(p-DFXQFwu*S<& zoBlJVidd||S6AoLmzL^_Y&PlPkk=Oq`MjYri`i_U0-oL=+mL@D-OK2S3*1D=jFJhQ km(l8XR#ru)QbUaO^*N zjsUV?BEQ-Cs>v{2A;<~S1 zVp>=Lrv61R)8K|)CdzXxKC@3)3%>zOi;y1ddPxC*2<=!td z*9~WjIgh628J7a@SUDG1(WFmMBK(wf7FHA2^{Qt=z=q*~jty@}OwPO81mN-?{je@s z;>rEW8`!ONw_w0cI11mcYoT~;SP+FgorW1|f*CU9x^OyNT#@1-ML27_5YJYA7T%mV zJ}?OeiZ)ERP4Qnp%t<3Zb)r5ihF+XFy=n}->{I=2v3fZpHIj2R8Vz-#dm7Y0ngb(= zOd?JcuXkA{a zk9Xd4HEJKRM0`lFA8IJC;byxf`Moo*99@~jSdg!931R^ATp6R$b|4b*Hc%PnlLtN` zP+0tmP~PK!s8y&h1}eWRR}t%uDrFfJs~lyDRc+QvSx@IJTIvVD(Sv z_R5yLroL#=XyZyZhM4?&}Y+~mY7M_$?KU$xj)xT|1X13D#3&*UVi z3D(VP%d6_m)76UZA)m`Kz)uINID)Ld^bCa*n8$Sl+c+IY&~=r_X@%c3dbagL{b2lJ zcD?Vu*5I&T99lf+ajGZ|Sh`gQH!cm8@+7v8^*8V>rw9esC}Qu>hVDnYO>F0&S|Qz| zxGgvPmM^fz;R3cCUfEaI_;Y3=naXoEnq0cB-~ORt&&5XtWovTZ%TH1OC3NC|K%FCU zgWO1R6OE7CZ-o=tB+as}lf4`>K`x=W%K~GTD+|oTaM%C6fzbIC3tsEJui_VeETT+z z_l3MgDRAmJ`8@R1q9TqLdkKZVF)*%zV_z~6V9gd&ck{8D8Y4ItVy*NNGVqF{?ygtL zD)Wr{9+YKy5}<8RkgHy=@HO3Bf4z-&%;|zDXt5Pm1)_O_c}?nP@=8&~E5Ww9wC;c7 zrx9$wt;BRz=S}yZPIt&g7xA%i)vIu8dr69A-LcZ> zDrAiZ`QSm$UpeK@!{?O&|7*db!1iMCoMA(eX~M_=h5|qj;xY;+PrLym1s=xNB*9F} zwY2=?W*syKci_`Aj-%hx-#WxH)wO6Od)k)YoMP?U$Y|ZPrK93x3u;Z`{r%(<#3Uix zUs+Zl($uzh5`YNM1%^}(yGbA1U~6%at<&9zxish)A90B2tbTZN?$|2faPO*W{yVY< zcf4kkx8T>}T39}U4jj1qKHYW4BVo^t61`rl%eHda@J@kXYu_1FG>~&SkTBuWvu#UE z1!U_@@l>XqCjY!JmCDGI7 z7GY9cmxzWpk$|yJ$sK{&na;+L({fLn{D5aqb#nsD9b|j|8*eygkoYyijie-86ft(! zVBH_iuT%;!w_}sFD4(C9Q!GE@6wg1LCIyu$jrH@SBd^2MAD-ria(gq+>I_M7mMV)z zDv0p_#xT;t)(CYRVMc==A+-{+!YL3y5$VCrz`%s~e%tt)6^>P%HU?N)7zyrir-M{e zHu{gy^m)w_Nd}6^AyB3ZC7Z~LMvO9wADW}WHinC=3pa?GBW2}B#h>O%nq_9{aYdN?*ArW9&?FojtVm%gWBeoSDuyHLWo z;|?`B7P$Io?n0<~F_gvoE()kL2<1$(Y?%Xs+)h$z`f?tQ? znzGrqyH`XTwbTSAtYCQG1ipNW0;r-n*#>q1|fSW9)uYf z11!AHqIc2;e%W6NO6h-7T`^#V3Eg0|YS;v6W}MzNGCn8M2`RwWVqUC;!-YOFzW(sn z)D|o$7i-x;X|3;c0SgTvT)S7Ba&gckWLhKw_`CFJQeHihnB<+TugQNDrz8seP4%e@ ziDg7dAec=ej8#@Z&aDq4KZ8;{KgftD2rY}2;Lchzzs2@|mVC=w7b!V-e|x#0;`p4V z@B;~AZRR;C{NFIMP*SezX<*$sza|kE1TP9t-|gVL9+@JVso0|%WL3qW0aXmeqLUDJ z>4yB2g}S>Iu4M5&>T!tbCcy3lq(~%N_4(16n!AO4%3+n+uWP1ZW4jEJv$6spBwM=U zck4KBsIZ4Z{+(uzceJzQ@!K`bz(fPNrG^kQ0C^*eRB&=+yT79jWe=B>NLkWq0#L1y2@qyL^@B#5me-*B zfj003?g8X;9*DCT|7gO>5yM2tt`6@&koXr<^gt=ax@j>82bck1_HQ<7 zVLibQZtn%w&Dh2#_j*T9t6n8k3RAY5N9jB9k}g;PAk6N5*Eimt6PRfz)oxw_ zP=ureNMWi*pLBD5q$-%%VS+0u(zDUfo;79$Wv4JBv#dhOH=66bXxe|}eke^6LuQcX z1&C%bagi8MKSq}-LQx>sqe5UumX~?_ivw`aB{(;?n}DohwAq@zvkU_(~G!_-Ywom?<)yl1CfO~2Ca=k-Rw2@3VHdglBj15 z13(3w4)72U@`w<1B4lbze^&p}$VFmA+T7CCwZpn>aqnOvr&*tq3EUB}#utK-0yW0OKv25<4OFj;Ezt9B*rlyUB z1>{WZ+g9tOVs0+7y?n7^ica7qeuvvMGd9^YCf`zkdBMq)oIKsxvmmGHO7nr=pQR;y z=3G-}$)_U!HG&D#!X^0>gJ$Ha^ljM-Kz>v6xI1y ze5(RJLrQX=;Mi{{$~r90BU7myJohKTGO0`+l`-yl3uLl5SKisDlXVN7?{U+qeBRM5 z?s*MJ$L=~50%(K?1c$L`V>1MWhcQ(Q6j&naTvhX;;{LI^64pcc`HC`J2bGS~9lQCG zv>p59merD^Y#=snR7Ty0A?rxARgL+Ox->;;!jM(^;Z6b>ka4%K$#IHu5^6TEx@5S; zZT*n4W#x^tNd8{oq?rzwg!%c6a_SUkBVk5VB#N9zoI0KrrHyjiF?EE4DUqSC_T|k2 z>|emNT_~T#RFFhSMm}McWu@3Q?MKaA*X<|W;CLSUWukbJ;=XIH2~$v%WHxk@)3MLgsG1(3wQ)1KEgARs7~al10YxE;KkHCC1GU|c*X|MbH_1tH{xc;}F@t$Pz(}qR? zops)6vEE9%S#7=|Yql4>kkhsu%P<)VluzqlS@JPXYLpp|l_ABVO*y#uu z^zR1ch3k_0yfAZcVCGr<-014zf9XaE-b5>kRakXRGwM4*d?7u>njHNfwzX6Vog7V; zgl(c09VM*jvhmqy9_eRiJ>t3~-gvNqW_pVZ>!?l9CPK>j0(WzF&3CNi`N-e~Jy1&g z&`tt$z_noDb_)@%%fhxDy%2^~uEVIGkqk3l)SL8!FoC}r7U^BL>}M!0Xlf?~;3r|# zjLL@apdy|6)Jw7&Hph3hD~6;WMqw-iUNRka$T9-?bt@*}cx&a2+AFHtY#P(YDJnAW zsY*|iCCW?7)6XqRivq7T%*v9M*Uc`PT{zDR8))0l^D@TQu}wS0$x_W6pkmCU<$i3Q zo6*`LV}(tM5&?PvO7V10dNDwso`G%m|;AMTEr_T$y(!M>p()#DlVz^=;z z*;N9ccVrvrJcmrlbMdUxvQphwU8* zB6~%A@)qYJg~FxNMol99a}>Av!Yb5;2i2)57#cX;l zG${&}^!f@e?s?jDp7r&UdOl~y(5Hp>z%ymEImcli5pn?MP~WXxwtRiL;^e}i?_9r2 zl*b;U6_ONzhC2a)8SpPva16rfL|ESq(XYtgsx z)>}d^5O*D7|NGrpPN=P945s{|MS0U&lk%A~7d##>*Jqse2aO%$Rg1$PI3eMZYf=As zMa|>V2uFX1B1Qzh*9?daOC;_HT&w4i+zWBn8e)!2Gg8wJ0>;ny`!-WZ0@0LcPkf@) zEn;EVDD+l!jo*uR*m0(p+dfSPB2-90gdn~q6G3n6L$gQc;hr{j*Pis9FLQiW4PjxKOCVj(Io?B(itdPf$XI_7Zu)AWw~U zyTQKk4*|?g_!T5HDABHKN7)L9uN&Uu_Wt&9dvX`Ptj@*yu}ROM<1GN(JPjDPUL(95 zwSA%I8ko^=q2~-43bH8}I&h=k?U&h>(;q#@)Gl!O&2gKcB5(1Og0G{L|4fGxR&3Yqi%_Y%8;vKP5`fCr%mERGbx9*}|7I&u~^R6~lWMwC%W)wrG6h9-NFH2haG%q9U@2m1kqITE zxCyGJB$X$qIlFg4sPFar${U)zHx!M>kTW74m4x&y%x$4vj%LzG`em{czQ44(&7aGg zjCqdXXTr6wIrU||iE9FZoXmuslHdlp%9q@zdpJ0BS}nhhnOve1C5XAo1}6XZ-(o?& z8`7BihMzFZZ(DDvf%|(plaKxQF10|zaJ9;{H2vx- z+lqi26@-JCV6r4PDeQDmD6;m#*9+zQmV!l%2G286j1xF}FBs8bn{JeBzfgNymOW=D zIos~BeN%YE&7*?7-4yzZsKeDNX{p@;24C;Rb`2Sn^A?{J!1=pZT&@Wo}Htbn}e0B5eRpphlXFD^Y|PeC`$H<;&s(q$m(kGc{JLF9HXTTm@37b=@m zyd%8#Vy0px(9XO8xARDHUpgGL!9*;HM|3@mY)jR)=n_)a2~0J$ujS-Z!VyJgKJi;) zL{i+K-`O#$vaFgWjp@JX&rJ|N#fWwB|4eD!ID`qODb ztkX@0NFfyZ#Cz$`n{+NUt@~i%6W2J4SW?(Xjt8J|y^R8Wg=r1TphLiGca-70(-=nD zP$SXGmn+CvrqhKzxxbGb)%FvZ>JRJ6|FCt<|o#BXEm>0{IiE z<%b#G#V-=bQ56lxbiCmWN5i7l37*a)8ZNn=Ubcz(O7ur3ok=+#q^jV`L6gx&FI~2({sjeQShse>I>Qk4+XpVu` zcQls$Se3&zi1LgThlo%`d^MYx+GvlZu!E5G$fs)S$%}60*BF=cUq2d#WyCL(kY#Zr zT+MO1+*JhM$@ZDB5r)RTIY)QGAD6J~^as@-)qfG2Qb?J$6f;5Bv0yU{@yfF)8pT^w z`CP)%OgaUtgmt*aMBT{TtZn97;i&&k5i;hq!o|S^ratRc!aNrwp}RT7px>(m5jxt` z_O_;7;o|4o;95-Y-zVxO)@Ea5U!WKdI}yFV#3JF(CI$XN9mV9|GArEYL$q8%7exxY z3r`$VY3A!$57@oCr8y!l7}LOeNNG!`8ip$pUpI%A0W&&I_CzCT^yM~VYI0Kh^`NL& zmNhVaoj8$n9*ssW*gd9V*ir6y8X6qgElFtAZ27p2mRGs^HIqf-&m-{l7xx%=S zcKHhPc~6uvPK*jQ+-McLqlzp^j>37|TBlYL^70;5P5&BB=}y`K{rE#cfeJD;ZdXiq z?5c(2_ihlh$WA-UWyY$!nC9=xDu`zrI)PK_MZ-i?>!1b?nl<3ldA1a*Q+YU^g2?PZ zHy?bUo+Bv%2}Z~aF&zy;H`66t+3HR&)F-Nnfm70F&z@BeS{Skp2ybK)I}T`kGxw6# zkqe3@Rw&{8W3b>>Y5{9bmnfwGdkqR2$9y073*$rfxxD-H#Z&TfuasVW*nw)d;wjE^ zJS>W~t~r6Rs|d7PQQ={9JFfl-3HZ8}d)F)ImU5fR3-IeDL(VwaR**Al1* zH!6k1O5q!G4(85}gz;D-S`P@W`^BB%oPp51m<Tt+BBISfHGNeMCPra4H)4`Bc%br#sE2;({ zwkPhpL}m3%;dZFR)bF?&?bEp?SOa?@@$JlqZ?k50Ms^#W6S&O4*)q?&&3LNY@wK+*{OL`knjl413;=PDXD#oFN9`C#go{}q0>Zh`P_nQbiI{Z7&IQgfcRMnp>V;}u# zl(9&ez)`f}^L?TX)uMHs?}`Xb^TrNcTG2&_R>2@b-BhnlZDSkD!kKS9MJH`-rV?Om zB+YaXBk9$3vjp9sq&;sqjNjn9_>vL%3AX8Q3IC-Jf5*z>r3LgjfeEQNE%u1-fyg4ZGq9 z`s5^=SgT)>Q{fXBop2<0m=y zVw?*>wd@k^f`sas`ZTw#=>svoIOZ)Y#KjgEXwcLRLXw}K{-P*ls&UBKhHug}0cASj ztb#vZrBQh$hk0#0J-SSjoByYJx)yPu6$1O~tT%9dEStrFEnwCjygrEJBg<-~$#usO zWT)SA7OUs`(Q(@Swix?nZ?lA-1!uG4#UP(a)!4pS@s@Qe4|#8j#jP%&W${0Q|2M_J zf`WbTeYQ;*`u-7ul^ePHxBZiUl0qd3Bg5q#QY$(U4YY);N*>ZXPj{&GnH9GvM>rJ< zClka;zufm9{jat{n{&FoJq#QyxSZWejO%?LLN2;toqZZRpI;IGK#!K~9a;gz=OAy3 zEi(U^gQBbM$;#a*-!7-$!7JZJV|}!sYJsuewSlZYq}Yi%=dq7xwkGGlSrt%)p44k& zX9`}@uBg@_r1*6%Yq#%9UeR`R=~^;ZMTtaMuPf-;RQY)e(`T9NTV(l=tZL6&VbMon zW2fIzUI6!eOETi&R95xw^Xhutm`IP@T4>CZE(}dpIIuP_=gT`ht-^;6lm8*UiH}y2 z%#Dj)5cAJqmu{m9YAEz?u^WKA`x&rW>c|kws~~D;!H<7n`Fw)s4V;X^dXAp{3Kv&4 zL;jQE141Ef_E4HC=nG^-p-1wH3~%as8MiVP~ogWK7F+q_W;u(^y5cbHg4j zqchWtyf3}P9vA#y%buv6O<=yI0j>x*kbrLvqqY$_;MJjMIVlmzwnDjEx_;%zOPCD) zx}2|e((6(6&E!%A=&>6&Ml&+g3T^iD)!MBd7{BW27wLx)uX3<5?2M)G?Tj!)xK}%;IV$)IL*c?k`VpzJw~OIL_I* zpP(xa%sKDC!*RGwH(O|Iwl7_JYHR+3#y$X3^oTO%_%i24k(_2SM6^pJkRMhDE8?2jfR6TS+`$76$q-}vh^IxL!Q$R3n3u_3BraB+^7@g ziPOPh#n|$ru(sK)Lx1rCXK>XsC9)j* zFi0KS?Ky2vvz zVsc2L8RWBC$PKO-jbP*p=q#2)FlQFU4CKhH(ng0QZG?Wj;tR`cM~oAUp&r+u&?s3X z5>cwMca*J%YEYoAoMrF}LQ-XB@?%e2xhLLb!RmF7g10|A-7|Gn7?QIS-~_|Md7Cd8 zU z0J1c5Jf5Z3{q!EQ=oJ}$mRj0_lCD-#H_`Y<&@5`OmxSoLus{y|<|)R#DvzPgl>2lN zY(04VOHXgM&Sf_Bu?ccxYm0WL6x??CnZ8?V(-fBRa!#rjvDt+p;#!QZt`e8T+h?s_ z!N>PO-d}ghO!^=?;iJ)LezwH+^yb;bRFIgehNhS}%V?{$3xpNc7_HsIb>DOz*kvZ& znRw*OWFg30`gKxTh0S!nKR80qw4VoT)3?4e1(2@@TJaUp-qR)lJ}@ z9rMpRO*?Jno;HN8=LDArqR}^owx#tkDapw%49YRnM-HgSXNG|!Pp1(`_Zd6HcAwnW z9&8_9oTG9vaE%1pJ=q_bzFW$+m@*AF`xE=Z9gXWfegc&Odmqb38kf@7FN6$vslnZ^ z$YyL7)lqStNiYSMMi>kQ%Z!mKQ?Yg3MdnT@!!EsQwSiUJgG$n46Iwn}ONv>M>gKg5 zH&2pGE|p8APx`VmoV%0u{X2P9rxFCspd@~_y&UB%ugW;Q@UF*-ei^9RWx^2E`&T46 zf~pF#_HUagvz`g)&Z5*(Kb~`my#eAJH3z$*_`^og+mZs*3a$i$h|I0d;PQ35wD3#gh-PS(DmFFx*{1$jns z722Py&D?^fVho?r@=FJO(|b-1R|){HXI-D(49Ya zxu^U)eb#EhAp8tS@m#$BWXKeUef{u9vWzz=Tz4mYXP1^z2 z1ss~%oyzh&%@Ondee(7o$JF09Z+-P1u#ZLnVn6byYV%b(lDP$*%^^dMlA;)7CX2^w z(pIctz}OwA=0(B}p8{+0!5Q|EHe+Q)df@=x9+M+jq_Bc{7fjgpb5v*C?0-1ga7sGq zJj%w+<>u4SnVIN4RfcoUTG#V~4;{}sw_pYjJRYuIjAO+1#aIO}MZ+SJ7VZhnfrV29 z*)Gg$bOvyaS7E}%h3NeKe5eYL&e4&ruGT3RU6Jqcuh5dN>&6t>>BKY5qOK(%-fs)<#DgHe4i zl_m!XyklwS2LqK$j4ZN>{S-NV{A1j2^Rmh`6v?A!o)8K1Hq87yT{>r8XZnxPC8w!r zi{aK-vt71kX=7fvYk1X=#eJHKuc`8Y(9JG)&4^z6{8@xT`zymz?H$ zq%Cth%zCs+#oS@YjSH9Au9^o%&qNms_`enZV5&4zv49t;?Uf#`l(o4Fyb>R`Nx#7D zCP70>94pAa*WUS@vXQchSQG{d!Fn7z;dR!$+-RaItS{-ham$#x8I#7P8uQF_9&2NY z#{0(0`-#Ujc@hOSr$Vc5%!2` zkI8)os)$;mUfl0LqAqkCvG)RJoglvY51B3}H?G`Em~0!4oCm;ar1qZ};gTu>mv^P? zXyYsD0ekb`PHZmF~6QawM?JLbl5l? zEFGLJ>3HTxD?DQecAe|xXdap6r5mzt73OWkahNLm+z1#v22k3L720JfC3+^Ut7J_s z7q#rjwLdLJxn`!PwYm&UVp3)ZTVhkJN`jJCHTHOD=t;W_b$^`>PnfP~FV@6^DM`>Q zpW5aX&B<5nh&vI7Z-Z+sSCG$0ra`#+fo&3+wgv(Xi0}1F9KA}7ELw01Y1G)9tmFp0~G06;o^un}aU#vFSigfZb)Hck; z8RQAfR#uhXhKb@5DTB%y9!|q~SWf(s5o^h#VQi57k~2#DHh;(0==VG^+20756jOjme;7dZ>Fl^3n}` zMp@!QOenZn%A&0Sw+_=(;{{i@i=|`5A0$i-`D9wXI!`W*vyubyB{nq1GD6yG;3uM% z0F&7AavStC3&C!)wc#1cOQ)B<*z@Uwwv(=uUN4QB3jjj7z*O@`M?6ovtL-rul-Q^`X>g=CNkc8iN6GX z$?&S#)4sqhcDE>RIM*pBoigj@B|MC@hjw8V)zM-2llhIYny8FcS`?8|u)4A6I4_b; zxBtF#$s5dj89LxiXi=tsr0>3@BULGrD7jfo>$X^MvM8Ji@f(MHuD`ptd*-xf!K)}A z`cwPF%5)_M0gTqgV|6dKs7K=}a{8ClLrUDSt`V;#jXQH{6@6kE%K^o3nM80>wHgKA zpYtkk=EU>+_})zmuVT&&_k!2e!ojzNsE#gWCnJD^HPw-iuY_zT<2mk*H*|!lSnO)* zz%x0I+&xns3%X*?6?8-EK{l|ek^euEJ-U*f%1@wD8c?r!3kqH9_re$Ng!9- z6lqbM8LLbInR990YDKS2tGY3Dt1D~}b#Nc?TqKN$4ycTb7Krk`gs zRn;wMa{T|ebj9!?$DuOb9YEpGq-&V?&*or^dzXb&+6p$eK?Q;By%-u#aJ0e>@L|;v zgWu*1q3uH$wBjj(4)`b+w}H?~-T=-$ZH!uOw37n90L~X8dZ_cQXX5*(VRiFyO<+p~ z6^qssb@lzYXGSKx)@gK=_8^rAYQo&OjwTfv3Z!u#T83qzW(<6gR-9WxAEB*%Q&~h> z%5U6rKkxFsVtFb^x@_0CDV8(eyW@4k=={KsC(f)cxX_ssyVuWGKW_>o+~&2Af;d7? z3hZd3hB&+AS?67FdO;pQcS+?eXnju6KVw65CKMPr2K$7$GvuW~!P8zg6Xb1;SAWrZ?HU>7k)v&HpQdr45W(HXitwNVuJE z4*hZ#>>b1ei@y`Hosw*4LbNIW5YN`;9e0qmVcYXr&s8kC(TE_^WL=Qps^c?)>$-V4 z^UrR^dzgFRFzTgl=Dq$a<0qcBpa;bJ^`s~_f&~XM)X+{LOML)#ON}mJ!YETCiH57e zp{9^L+`eAaL9feH2{jfRw(Slr*_h$$c|}8{bUS7o@O1B1&l$)Ce}Sy-BR4khMSvS&&%7vN(0Nn0V>8XW zb;;`YR(5dz%)Se4NLX?pLT|O*EHk@gq_(`R(1-@^mBV0q_{m?T>wo$GGT9iHN9p$U zcXiZ`Ou4o6iaC;9tZ74}qx0^MQ5%YSrRpwY+`q}eoEwR91LYfwqVEfnZ9^1INq$At zJv85pX@$bK9=?&YsV?Yq7v;!$J2s3l#`m;(kUUG-jlmApe#Pw!Hlq&q?1l^oqRyf< z1$n=9Ow26cFIVX{%5vSY3w#f`7(01-=Wf}&Y&$}mnQC#f0fi!KL~{#?^^4KwuW8>Q zFXaU1)h&SqOJBY)|H`=a7F-d(aB?bvv(@1}Xz!m1jKo(^c?55ST^cxP$_xSb%gF3R zG^-P$aflO>S$M^D`NenJmnVpi)5_)Qx??7Xfm4Nx9WiKtnDJYIoGniO)gSms-rMyA zAwMkV&c(8#DU-tBu%7W!2D z)E(-Ns~v*8cwPQfknRVrj`P*eR_ zTq&oz3cF|fO*-l%=eFaz4vjXg=x>A4$MlfZXXdL&~#rNJN~_(Ims2gs93Jup=3E)3P}}#2dJ1O z*n#9J*R@`{Ac0E%E8kta4&{v*9FVD~Zb!mKEEe6{GD0F1320(CM|}*_15nEFMb+#fWR$j5(>ffn zSRf3Qj)+;sDG3M5baf-cS;$pfE}n5FX#|xPWi2AKLoKIP7*`mIm7aT52^7eWvZTN7 z#tv|>6edkHErH9eOLh52LvVky6bVNMXnca;1Q9)jh)n0)@9>{djfcAg$l528eCKz= z6)XI4aKehpvXh%`oxqIY(zcHfFJQo8!9td62VHi{+CBVEk7q)2LyL=Dm0;1;$u})fXXQRS?(41 z=frXsBnTr`LUV!vhRF66ve*UCDm$PekD-4+bcB2DAN%ftv@e#QOsP z*W}J z+&?ARW(0Teg&cW1;}tNrK32r*5qU6Yndwkin4k#-Q3p~!)M`wDk}HzafkHuVVUbo5 zsehfm*q@WY2^A;nr`aAL$w%lv82boOdHvh|TC9zJ!@fK#0Xiokq5$E>qu5izbh8si zm5)kwn?1ab^mnwOlps1kl^1OTvHWE$$|28hF7A_2pYIBui`B5ZWW{{TL0@qy?J^~8 z&K9fR*qb*3*RepNzvRW_gyvS+b70#!750mwP-N zBCZM{KZMD;vxK~V5S&Eb@o&C_Qan{W>5~@s(3pf>L|kn+UD$F>!W&|qE_nnIg$`l( z85y`wE?L@w0r;xsJ-Hb=IFD7WesH`EZf z+qV7y_PeytNi$)F#V7&F{!tr>Ao$aM8k0k?=_ha!N$CBbsFNX;>VY!34_6nw7?71T zjOb?+(YQoCqwA6QvE=kRw}EWi)b}{Cy>D+_(di4hph8o_!ICd{aE>ysa)Nbp+yx4F zB4v3cRePnOS8{VJk7FW!c@#o$;y)uC)aldvQei;(9f+x~7!<59%KrHq3g%}6LwmO9BNQ;#SqOBW@}YnDbVHk|A3`nwUJ zj)Fn?JLIBaKnw?@=~1piJO?D~Qn^8F2js{F(?&uo_E*-jX~C=vY~8YV!rTy}l8UCu z`zT>4i$=+NI)QER%g%y7f)nHP-PuWGf}-~t+re&vxb}MALU<`aH+g7KS7oq@VV6wJ zC!6Cxk$3=gb#%`mL}?9kAJp1UC`}5OFgX^x4}6%RHiT$YRCzB$Uj#l4pjjD_H!7}U zUhTUubtG)f;F;Dm%y7+)-6XnNaCK#3P9vEHHY{+QYdL0f!-~-{`d1Qfi~%{sYZ0}KA>Su^LB9e(ZTJHR|D+R0#*&|+OhQMG$W25w^ zMb-7%JlLVbAimG%6tIpDEXbGeQ_Xm959OCK&MUklH^|rf*h36(^RMp`|LWc$q|8{m z4t+nB7WVf+cIT{E&9Dh{otiAX3OdF;Z53_u@H3u7*S7fgi}@y3CPPJJbQR zCTb#1v%INy7pBqh29WpCSOrVbse&!Xo`0krnHeiXaVs#Pd3hTJp*Af(H91_Nn1(^Z zXCpHh3K7S{J(M|I`7g;7kDKDSje8FgQ#Td7=BdEAo`fkZNwIVcQ_QND6~nE4OdX|X zF{SU%Z1b&i`NWN5WNk_nCE;REO5fp!3CJ&DaZuLCoHb%%(3cKp%zq{LdK8sJCa6<53o2?HbuhOP|@(rCBb!$uCc64NbnO7uYdIAtV zX(D}pI6*u`emG$=`@T3q97!Zef&i6yVZt9Wb)y79TGB)X5e`%(1z{GJ#rc5b#(WlQ zGfA%X1^;NLd?xKv3AT2}Fwf0BdhgQ-iGO!~Uz%!6|_0SsL`rNzk zB*_?)(k9pZSgKq1qQSG>_M+gsF^mW$)yFhg>yxrBj|fCF?FZp~;q->#0@k8ok28;9 z$T^0jZS2#iFAe!*a85wj)c6sbSK~y1cus?%dB#qlpC?TTCDkSs1ZrawGLMK<+s3r< z?h{iwkBD_K56OK&Ddhe@se}oj7TXC^D9Ha+i8MehaU-ROleSWckDS~?N}e?Aicgym zE}}rCJ})Z(0{3|cZ2&>yN3f(QWaCOIb~2_&Fi5^jcBMJt$$71$F{T!68&~XxQYs}v ztq>}rQf#AADx*@a5NVR;i37D6q(=~*s8VbfN1=e4SW#0~FZsj8m?*RJI#ZeQrTO#D z;ec(YEC2UZyVZEHf?v~iw=b)nK*u?0DnkA1TbexWrZS&tE?qC}AKkU%Cp>}Uxum(k zlCKLMh0_c){QIV12XsWl22dle*v6mPH4ES@h*_Xn00J<|vKiI+--c-QMPWkrhY(qb zzBC!CA6WdrhW&;EAH?+B4K1@H;ataVUR)U^CX+5r)2P6X^6vED^WXrVDqq|2{{b0} BX_){3 literal 0 HcmV?d00001 diff --git a/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.woff2 b/2.5/de/assets/fonts/source-sans-pro-v21-latin-regular.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..e49928e8297a96a91c41824c0362e354e6a5c867 GIT binary patch literal 13036 zcmV3W(SHa8*XJK%(Lzcls90u z^`CW0uA`!yir!;HO3qi=|9?%8W5i%zH&E3tMPL$@D3>TCZQ-!O+R~&Vk2D2(NgfQz zgVMcbf?Z+d@ag-G%YDy@9_-&5vF4mBjcO`&*xBt0Leimd@y*-)q!Jj(Y&F>@s~rMvI|KqD10z+2AsU))x@igKXm;J< z`MLFApBycWZ46eh$Y#wpBEq0-un^A13KZcKqtLUe?#^n=^Aw){U;E!a_m00m^UV~O zs@jNz;?|(jG_g9-R8Il?@2ArrwzX5o^3(}%BH)i0hKrI@Y*n?DoZnIZaIj`y!kHzS z#tEi)q(}6roIfbsRF*0IZ+H9ZZ6auUyQe)a5t)V|NRS{RVcz-MWlZg(_wRfw zXM#jX44w_5W;1(4)EHveOVLK`R~HZf1^@s6Q(>zh8*PLfbO>_61xQN^GG!VvV-_-R z5rzQhP8uM~?t>>`^S02Ng2vHnO+xl=4muD*0Kg}ONIzDLSBxBpu2yfP&TSlkfy$rQ zH2}1YhdpSE>noDLhF}0H90x#v^qNjINdO_$`a_rE?3azXc=O@etGkwF#JyGh&tx`l zDbVM_p|P7+%Y_KH{%OJ9$`eesD=xK87xO5mW_z3;YNMadl;-asrH8=fLUrJ(qnSbQ z-Nu*ZuvEBe;Wes(9*q8$=gXr%_lKT*p~rDJjGY#t-(9K&Ea>EV6J@>dg^hnfGPencVT+B-^#l7;H z>5Vs-x8CC3d53xLJ??{#qJHrU3-XK`1|S1asVL>LQ~&@8F~|qwPWcUg``D8LF%=*% zg$clj7%D}lp2bwt*D~=)wThQT)9r`fm zm>)O-X7ly-aG?S40Nra*Yi;bNa_Zvcc~LOG)`WA>1Yhn?lPNN;Srx;+ijo67HqD5K zo!U9NM3^J>dd^cks7h*kCjLl})GJdq6iw%)z4hzw?Ii_)tU{j@Ss=@AizRl=@fQ#lA$|5y|CLtpFXXD+ei9Dkx}dHtn7L8%ADr0TS+)l)u;5UHvf3OHc; z;G4&TLZ3U(&?NSL6%G4e=LewgRPFA?wLK-Wx;e3voe`7Mq5I><&ku(B$G&B0+-pJ4 z*FN^>vRy)n!bVePEkul0d-RU$Gxa-@H#zS<7*?}t6jtW38;4qv4HxPgC5)&Pp!zGA3+^C94@*)#*57c1-VL zQk*>Cd{sD!X-f&Y?CRwf{9*F4S;aI5uD&kVivcUEGB|O7?XBV<6TsoOE`Iu{kEKeU z8?A@?zxMg}=|+O7A#KcNK}jPtizi!ocxj5SCzh}fc+NvwmshOy`LeIadS(ib7HnEv z@U62R!gydFln?(&&LA2ap_MN|!ND3lf*klw&J`DOtW}luS^siSpGHiO$p8!-B7_l9 zQ9??JOV%p3Jq}7b?4-PwDK%XKYs{Lp$$~|jJ@&*_U-`;*-}uH3-}%l?2=*Hv06zdo z7sKFJzPz*mRZv(|mLW$1K)p#dO(k*!P=uxK^XDlvArZP5#s?c+;0NvfI!Fd+FSSu! zLa{v^1fU_NK&4hK00Mt{qzu3Xz~P9qVW|jW5ypf89uQ{0CP&D+vvHaiN+npWzmbAH z2;)QuQn*NElfq3p4>4Y{_{haiZUOQNl3!>*P#967QY6a~k~7k=4|1`DDuaXyX{uzX zk*RJ3C|h}yPX$a!bw)YxDOVJ9f=O|bxE2YcBJ=U5P+dLZ@Mi+bR8*NNsv;`V5ILYx z(qT!;?`43i&S>wisCt<45w-a&_<`N}^qZ-zImY9Z4Z~^1y8OZXXNX^$DJ>52ZN7d_ z|9b2Nct&_+OTnP6X<~R`a~4)$o{aUUn!v#=APsS%Hwo})m>?YjkW<^NomQj&)ls$Q zmFC5iw-%W1e1OD}g4TW)D7K8uSB@WZ5W=OYIRRsrTLHHN4^WxM`XD&}3dcoLOf_@W zJ?6({OvAqBk26IMoy%=A9?Nj9DHDG~o5KSjcZz(n7?4+xGHfoy0p<#pNV<7k zk=OMUY>y4WmfHXTJZ(9hN4b4&5I_)d14wWsG=aTA@g>2}NSF zZF~84yI6LExI?74K-9&eZyI5m22q`YuAKR(4W=z2E2Y7o+#t52RQuM?{wyKL z(&ftB%4I^yU|5Up5*!yl=!%g~R(B!2STYwa!++J5y8e+m2z&IiW&nA=TT*8tF2s?~vgpfoLQCZaJz&9H}VG4-L?w#&5Qg4<2 zo#SeT|F`w2_E;1C+fa9S3jW=eJ2TUT(1X|Voh~pug{1(3pdtkbh4!^9uS{Tw$bo#( zLRe%xry%D_OP(Nqn?syZ90d_CrGP)y zM)F73XfSlKx3~!Xs$(IZ|{L+`QYj6T7o}hHxP`I4%~4#wFnhI1-MJli>`wCfo)*0Y4i*mk>jU`vsogzYi*K z$Y|v%Hb%EYu6gEL+&tS$Gvc$NprT~mbX5!8j~?9c$M7Q%U^T#cfDKv!&H`KqK8u@}=RSBk zq1{sZJ@HwwB^`aZ9X^<2wb`~l)|mdqXJ0L{@Bc`D+3dUZ0i3W+zaRYQ@WLCfytQU$ z5L+G^^`F)D6u?XW9CDN&MRr+R5CJXK0`FCP^n6_ z8np)08ETk%4H^yC#9^>yx^!D^g_QtE2>@mQ;0KWL4aofsxCMaS0RS$*z#$lP(yU%C zxMc=K?^XG_M2(8;-t-(^(W9zSs8`)0cP{WhYVisAFJP7-hZh)F;#>ZVG+Rf{~7Dcxqp;VG|)z-9_d`nDEFd{gO zd4$O{Giqs7)n_I{LJ#X69`*2`;%hMBq0E(N@YHxSXO2xz)XgWR;>Ij1G8XbkNjDNKYC4=}tn*sLWNykHQYc4lTTuuv%7|&IYPn2iuvQ6T zctk{qHt}pTOUS^8K#m%57UW3fplLEYqzU$_h_h-b)`%#CeF&JY=Rglo;_^SiK|A12 zdi=D6Fl0`yai1{8kP;Rloe{InRe@r2ffte=nE~!2r;@{*V>1BF(7c~>ntaX)9Op!# zFg#@WtRv>SMpSg3;AAoFu$dIqb=|@MX)w0uNqx!O?)Rr(cCz$j+(V zRL65UL~g|4Vo2MMpHB}JW-dEp_^FpSu*#CJKydHUo88UUvQOj%x!8CK=q=;fh71>4 zCz=m%{EOtHw0~U-sH@B*DlF>`Ee93L$Z==ek9>cMApXp0z2xuVQF3EVh6A7Vc6}wg%+d$=9hePN1LKwm zda%(0ZEdTN@x&dnC~v%JU(y;3q z)YGqL=vEly5EUj3F8st3J@Ux9!%4utB*LUvLx<;k6_Kz@D2Es)rpMIb50v(P=_iFZXLIQ+~d#|6H!z`VEX}0Kgk2uOKJEqx592>h^@;-OG zMs|>JFjx~XE48iRr#Zb;uoW73!~9UmzGF1FKn zOhW)MkQT}@ONa8_4&L9+_oGpuo>MgyC5w6=)yH~{GtQN}N-s*U@CTC`BIvOK`sM2- zm)U)Q74fqt?A`vcD(C)}7aU4`W${~QoL*j@4BZ0zWZW+EX1%Z0jm(FN8B$s@Koe^l zT_%$e&du}k{6Cbp!|GqD_Y|fX140in9&AwT()8~Zwh1CgUrSSR28gHLC8sEzNVHfunhWg6*jbSG@##!VaQoEr?;YxR@!c0ObnJQNcC<7bF6!SdAhvIe zpwW>Lsjq3zYtGfH+zJJXD zo>H~)=DVKjtU_wk`vShM`cnpVGFDS=~3R7e`g(#qXze;pW$ue{0R_~uvoz-WGqwuotda-w*9FGZt))ZZ z$+s~+RqNq`Ef62 z{+uPtFq)8Q8AOIP9c9HY;Zb39F%!~%^B?+C{$%Jc{xfjd>D5vY6O*TfW4c!9c7tW} z=YO`^9PwFZdht9yWwc2oA@LcpveG{3$?mlOu3d4|%)UnDp~6s@Lq1L|Zc?eBf(pI2 zXLMmFB(B@TibM~EPF_{Ms^-`rXp(pIlbqj(RnsZfWLg14rVs^g-;K8NI87B{hfqiz zH#Mw{ah~ibO45M!&+=p??|YkGCgx`JuC^%Na1DMgUnM&f<`e(gEUcdHV08zOLShEL z-J}FVr;s<7QX@hM3JcDTCgx-5K$xR1Yn%accbptYh2qOo1OfvsK|(IoWPps;Glxqm z#TI|-zgi~ElJfo4@Qx|FVzRV)Ds!$4b@ykt@~U>GKQJ8jbld|X>e8`?u(Z45 z_rKOC2J$pXM~{|CC+Su|kAB%5A`0XZhFsB zAgHKrNlMK4$)xpN=eM|#q&gl4v2vX-$2w$hr90^26>bE^=B-zILliFR|JdcNG=bM- znJHj=*>;l(@^>T*8*$zpSjh`C={VIYhh6aqPwW3Hh!_Zl8 zoEQbJhaoay0hV4iLF%)|bwA$15Q4zJwo4icX{qzyuj)F6X85`Ff9XDg+QJ*fq>3IM za9ETQlkT>KI$_>!tAequ|MHuR4C4qW1zHP=pfNZEdL)$w0cYt?aH=*~dIu{i%3I|2 z_5TsVzJo?Ef}S(vs?-KvmoRI%KCSyl=>C-adZw;^Vcl*>^~dg2 z1D2jSK~`Jy)j^fY>Enr+_vJoVwG;DJNXO03IK3Y|2;0AH|I6<3n1``v%^7yz$xpGf z-uT{BP6Y*|SXR-eJ5!#v3aiVceo$OscE2>tyEkvB)Xy@BUjYd#gvTIGzIOPl=ireI ztxsB?WuCv#@(i3Al2m#;2Hr9OqkT zoz-E`sM3d0tt}&qeW_BO)XsL4hc%?wgU6R@ z@ibMQhS%)za7X57RqRyqXtT~R+C;wa z-TeJ6*Zk^Rc<{sYg9LKn8I#?%g|#(~g&k>`hCJT>>r=Euo~~FUX!eX9)>%y)z^|WX zyczqbiZ)W=9mE~v>+}h^!r`TMf~)W`(yHAV4MZVdV>{`)C`rzDi9Ub7R9KXy;N17u z^Yf4ThP7RK&#}KMC~L{@M;Q8{{@9;^WAe*8oz;w>8XCl(H^wVYcVD%S`PMC$LhG32bmrtJk!+y4tj$)$Q@NxXlaVVDsV@ug4_rZ=a|{$$(c3;PRdi>{e# zD06qrDl3^fIl|Hml}BIxYb}}zA`f`_6?s{G$7^3h_iWoU`m(la4mk4)x18+xAG$wh zXTcV5?ANi`*}h$$l8gfogg5@<-IaN4_Ag+`%Zitodbru~`DSn!u5??p?wP(NQP`j! z3N00T^jlmBMV9TV%cU8rVF_+(oR)Z*)iE-nNY19l0t%d9!Tp34>rQ!&_+^GUNtD9k z$@N}YbAi%mP&g}c+_DlQ_5=I(e+opyHI;ICz1yRyuaT=b27LQ`-Lpi7fkpC3yq*d@ zVVPGH=E8xmatF7Ka>*Kslw#Wb?=a6^?K)|)t z3T3^^t*S3oiu23HRD}m4Es#AU*F^lY`}jZ3#4{<7Rb`j*-A+){t5azqht-gg8o%gE z(t3=cz)`8M>;<3C9;#PkvjQM=2L_wSfEr19x{&MeQn|6BV{6rAk!4r`+vcM1$Wdp| zvGERWLAp<*WXf%WS+*^-3qs*uI(@HDctJSApOn>fdk< zCZF2~%RFl((<J=s!z`pGR!5q*@guQ1?hFaI1Q+C!=i^>Lt zbQu4bq@NVQ1hnv5+x{251P|d3b5Xv)OEqldkXEC!jsCsaVDUCK*t_XTdhVcJgt-Um zL73;}4oX}91gvO(;xi-b!*#__eWY%J73sDiCq(J$q5242u?gv%@TANLO^ndDK~0f{ zIeHj~SpNT51k-s~P(O~#z}T?5&sVaJzVgN}{fp&bUYFGU^S7OANhgiv!{ z_a1qgUJ|wmXGUF2y^cUk7U^l41i_)9{x&i&tIH~9^gkPnm5=XL5=J0%vnoK zhzrln&)?$AO$RTO8~}xhSB*KZ@XeM~cG@blO6k60$oheAGV|sv-YSzOCXN&3`5hmm z*u_8Gkw)?TW8J@!n&UzJ{JxD{%hs$}v_k72x<}6m<_sS_sikG~6fjKdqB~)@h9|l= zpFN-b-*?FH)Y@c)*HSgPq;B|vJ9RAF?-i!kfm3j08ehNy_^MFM-+gdgAw?uIir-#H z6LYf*$5vtRa(`QTu8KIk`_@19M4mEDw5>eHq9wRUu!ebXR6|6uoK1z^Km1~oxg@;Q zm`Ax%(E3?F_`1JYLe;X8y>z`@sF{UH7h*Vauf!yF;yK+wdtu;;(`gB1Eu+zosy9w^a@*r*JrC#P*Caf z?n%`BA2ua{bq-F1Qw``RAu)dQVJDmy z=lP~vMz(6i2faKaTi*z`aAc7lq@A1ZISjntZON3PQc6Ayq81YjJeQ5V zg)korpV$q&MOYTM|4iYQJqbK8|TNfZ4K!#{L!Xw zi(p38F)N;ahq0+w?dD7WZ=SYwv4^UmYT5WJ33e|ihR$Wh@}j~&Z=AOymby&i-(_G@ z54(7m#*uc)xD zZ)JDgh61fb-#UG|ezZhl7(IQup%u6cb8a*VcWMwT)Uq}Mpl}NdCwCf~_+q(HNzpS7 zz8#YzP-T}_q$_lzo7!#8*^Q{(X7CDbFBg5Bf8N2A$WqlpQdJh#t~NNaad`GBK1D}7 zw@sJLka%l-4w*WY4=rN){!uaBuylw?EwGX{Tp^84Vy5y~!~M#xxoBi>NlA&4pX=j;{(upr1NJql z43&8)Ut%`5k=q9?hUJ0p6!{F1i$^19iXK7~p_#{Jr>0T(-l9S)eow0kx|r~j&gMDt z7*Ul!*+jNfD`fPsNfY!0NGdU?xYSS1l*?H>BSYvkfTn#anMIB>kzWVpnTwPxjXg7n zZznCiDymIl+W4#yp!~XvPVrcD!F+Y8UeZxH-mrAA353DR>Nj^SuU}VIruOo#9qp3b z+&Xotd6c|JqdwbK(1&go?$jbys9OP@TUa=$)6m2hON=UtfwB2lR}N2^U0RW@(2j0w zPYoCJ3;O~_BpzXb zB&bk0JyT;W0*%K*NBQM@{qjRcC0x$xR_y%9r9TuXbQBSj@agB8fFXhv$A`q5*B}3k zqXcvCn`&Nu^0CDBoOCPs*R$PdZ7TjUDkdQ@28Ghlym52`sPWWXKjteJ-&OPDqhiy< zTJt5FB3Jw8W<62v^@)QK>yskr3Sp*lcvcn-7Z@9YLfr@Ho655+bX-8(cO?3Ld}0zq zA<6)MX*-svP*yfCZSDeDT6)ISX8!S>1C%@Jr)s+Ifpn%6E(jLRWa_jckxs`HNp~Y! z0B;fB6NBrUm1V|zZEeQ;%2KklKyt64K@rD-tj#NoY@^rkKgoL_e_`G>cJr@hHb`2? zZu-^4-kJygStwuV5C>=S64^Kbj*a05XNn!| z=JEL_ctY(%zm%tSjKb_0VlF50QaQFfQnQ~c;C<$mfGTFjr>#&YOqnRWC>60Yi zJ8Q??OO8iMN_%9r>Swi%2z(edQ1)av#o2U$Q z`zilEG3jJtlMi=@lBZ2mwTw3B>cGo$CG%kmIAgs>;aXM~$3Teqco2l$J9wk-!(sI4xyft_%DT5Va0 zn);%Yl*Kw8iS4|vVB1M#YS6!PC)glJrv+?P3EF`mB_}Pvf8=P&W6?LPNu(+!P!bd5UHzEmBj6;lu6)(F&;iZargu?qlII<{B1?uJx zHNom2uABR{YAe3?r{%qjC948E-~tP+sGIhSKs=N}xt|=5|Nm+9-s_U?(1PpVqJ>ty zTH&^W1IG~!m8sv8adkvuF7~o9ttxLwagBv=_`hYh!(-_xGnCpVma7bsl!P8I38qI4 z=2kSH7Dp$);tz>yfa$?@xYDL!q})6RjSt4MO=6zVEM^m0lu%R=k?qtFU%G{Z(D?}{ zCo(A-egby`gWP*%T_G2}78FMi>XPFpW=ca+uw(g3!eRJ^+u^Ycl^JGTBbKR+ViLM1 z*>p1(4i-5#Fvg|(7_A$QXX9FQdfeDtknVhv3tO+NgX|~MP1~35&J~aq6uUSMu{bt% z3Lkxa1)MHHKnM5P)?RGUahwHnCt3YJD7)H*7atq}@@VATfv zOe#rkHS%~Wl9Q;diTEyJN*7)(FooC!j1~LT8jjw;QET_!-Qm!Z+ z&`~#R+2f$Hyo}`54<`IivQcFA=9xmufrv*J6-pxHj52`^7PBH8n_f}k720Skev$qs zh$I>T_SLKvk~tW9qyTGr0HMs_;_@C&kG6+Bqeq?LSoa8{`w01CbdMbCe7)+K>|Sjz zr*}C}!E?q=h-%W%dxK*_f};cFjDe`;iESlJ2ct70H43M5m4v1L;`#?h1cwd^zQeg5 z=5rJ(Q<^5gL%m!OfUC+19XhJUC@9U9kEjt;_J1gE2mFqI}s?4#j zI&~&k4X^H#RQG|Kl}C4|b{y5JSpc4<+Nc8gE&G-%U(ywo#mkkhCH~?S+vDqJ;{Qj^ zZyO)~CLZ|)QMr@@7bb4#)1l6M#W9%+;p-THpD3pJUtAjVVF1>;jDVa4H6o z7hQ^aUtm3kX?uMwX3%VQBSolX7A}qwq-~@MHJ~j^8Y%@=Acg7<9Fc^SDf^eaJ zU@xthLM^6I>#3CbNwKfc=vT3byFu_1cR|ME5&zym#Kx_n=Lj)6av_%Pqi^|A3}>MQ zP~=)(taHm!!w(A5kOdVR=CAm>t;4>$3txRkd9MTq*^zNz2}Uk9*bF@8TMJQjU2_hiY#T_ z%w}xrR;`=GW@Xjk6LzOC{-Q9!B~08VaiC8&y|uI6sDRa*4ahpwCLju@IYC|Y1Zc-q z2gjeVy)CnZ0p0r5GTp1X&_}@d5%~89)olk4tDbn+a#6h)$#nCz6Y0hn2u{iNqEG8H z`YcXtq@yDpsmMp4)93XCeNkW1m-Q8WRb4B3Jcp!S=nvCCy$#F9*vlFK;*(DA8g%Sl zs@%0ZTbD8qINk0+Cr<4IU9%xYiyzer%<1!y`~vX9{=DK%bfnXCqO){{&Y`^G-g+Pn z{^LIV`|#iQe*mNY%3tyU_E6c4k5|)g044#P-j2I>^|pqc1O`m$E7c~Qs+mtTjNp=% zuw`-px!+q0Z7OHp{{Uw#IP)na?|r_&OWtdzeruC%~+`!61Ewm{IF=c{P18q7Y z^L``uOs}Q>7tVb9w`WqJ`R0+jT*SyT=uq-wxPQ1qOPYlY%eY8hB~asMF#0ix<<5v z2;+~c4aQ~@^3H?EY?{}PXcY94<|QIFE_DzZi`yzE`junLdYsVYI-O9LSfF;v33b7U zzJMtv0x!1;jU`LE)?O!epD{M{Zk|826~kMgGo+_9DcY{la-4^{c{kv{ksJxc z1@;EtLFo6h&kl95Ya%;b&9)jpW#$*o-GJqvyzEI@w|^x~+rC{^GFvOR+0Z*#01 zt(LvBep;1+K>(B5_)Bij6s9Zw2gB@3fSd1Q0RZlO+FSq2-VKJnQ-Fm5K!CmZ^A!X~ z97lFZesudRC7U7JDKHgaW~Q9U306s|NTPZx)wMG{Sy1s2?dc&;ExD=akVT#qDM&vq z1lo`=n=ErMV6()}4{5o3x&+L=5sb>yDORIn_a3WcNxU#~xF_(1(bv1xJCS~K;-O5A zXp(e|M?as-$Ep`54naIzejnZe5#4ee)|a}2>9$X>e=0IyXhHgag3zSC4`2IL zhZ(%*BJiyW=CG~sGt2R>u5`a>GM~?-_YC#r-Xs{3_t<$^;cs0M&)hu?kKa`=8FZUU z!Z>*`>}6U>^GJF_i||lh4A%z?g$v0*BN`~n*$wJLQ-&t49|tfk+|hU8JyTTu>yIky9HBHXa~G?GX|W=bf|H zI4BJWlXf0}gaTjYlT$PyAZI>>PZnK+I!%H&iBr0-~j< zx|?8H9!0V@d^u&TAN{Psn;bn`N`oaymkl*7Ab`-ut3{PEF1wc}L44tOKZ+VmdgK6a zr3g?Uc@e^D(GKT3PwVm*#^WZMP=Xej3am`+0JI*Xa0+KojyibZ!Wf*!5L96fR;ZN| z%XH`8L_|JQiRr>f69hrI0|x}A13Qru0?s8{j3TtcjABShGKyzl2mReh4v&(JxIBs~ zS}EpS1Q<7Xq^?`9R^B(Pr(Mfnr>cHmrc`zHjHx+dw}VbVW+WQcqVlGWzN7R~yDE-r z88c%_Q_pEFy)(S@t`0{-RozOfY%s2CV0fp@iW-t?dHA|@Hkj5lsih&Kka_iuWfh{; zRx#F9o$rCQ%}(1LvB5syK#oX@T|2AIL#JY$iuv3UQ@3?bM`Zh; zZ5Z#<@i^|eJ~GYSGLl;5Q^L&k_N;22$yAMG+AbE9Ig;KsFwSw@^doI&&t!H-6@wXv zHBH-bj*j%_@I45suV`C|u+l24t+CcR>us>n zCOhrA`*O_(9g-9Bex7pL8D~K&TaH|L@@;h5S@TMi>Qv^eRHs~U^sa9*SIzx0Ds@^aS8Z~P&+z2=28*P*^T8y<)zbVFPHQofTZF}iU z{$j-umkuGwixmeU9uf*#0!)G8OCX^{l9DuuC6RPwMWQLmdJrQBdW0g#x}E;A-7%-_ zJ7}$SqHMLzQFV0SNZ>`IK#>@Q)Si>1)*q&sYC57o$tb#*1{GUeh~h(r3SB~&5=#mj zE_{TDC6^K@a+IjiqQ{6CD|Q@RmdA}}lKq0Hu^_%S`w}D+%x?p}h~TSlcEQ2In@g+M zpNSGDNlI^qTkflO$74^DB~OtuRq8Zp)1}XlF;nI&rDn~Rz3)Gy%yioI244&ty)vqa zft-wTX3aEsx(e=7qoANDHyEbF{C5cNQysjltguIi z@v#u!H22R4v-?(gFFRm(ngQd(Er#n1!>|s+_;7<^D&XZxSY_ds56>siX4pDtNDJf# zTfB6Bs78Y;4DC-f`{UIYK}=PeJu5$VXtassrorUFST{InQ%FQB}D~bCCJqo;`bL zZpq(J-?N7jvS$yu>wYTmOGLcx^*wvo_uRT6qxtaeJeoRQ%dBeW%jh1*FX6E>dC{>S z4~2<+6%i0m-$qmLS~h(+u8cJu;S;2zJIb4263a}nf1FaT(COVW)&8_b<-%tP5v7qG z6y{Vy+^t6i%P)O|6MH|}uY44+S*Th|tg={}D)d}+T$?XWT)nnfyk~Up`iOWL)%FMRYIZuiujSs^$Lu zL%NKsWWF6w#itH2{{4mhkaDWO4VO+j`7_0S2p29=!1%B8p<`#9V*blKL1R8okFhi6 zlxci=bOijt;N!x3jan{Cx~5Ljhmw3h`=dQS|B?1TFv-n`wwb-WQRiYL|3$(X^NJsO zYjLT(%6xQAL*y=wg_z=HHm`2=>Fn3LviAE4OLF-WWertVXB8zwqZ*)H$I15}_mMV4 zzbaV5ZSWh9T@cR^@%SjWKFmR!3;9TRfvYYrk>x{0Bp3_MDTcA`nyOFuiAF^}q|8jX z=eD76tGIGN+dM~%)K`HG$m&5Rct6K-3lb?Tk2cNtm{p^&?J||h|6u;CI}I1nxM;HN z@Ln)Em17r+jl2C%GcJ5JyUsW0Agi}qBnryxi?y?FUd|2rCx~;2w1t&IcCK$%q5Q2p zC$2GVM~N<{vtR3Z;PM5%!vm{3S*$i4FRWx<)qb{frR&(Ku#Fk7%d3OWWZ1<8uR_zF zb|6gF3In!W(a1h^@qGLVGKzv@^2|ZGIq>s6OOKK}yK-*08L?b(jLgo3pC0ZV%(W)U zcD%l%)12~wHemF&&J{7QSsl|s7oGHw8SQA)X6_wgk?s&q7z$58s%J8y-Gk|Z%-6l| z+3Z^J|keDFbgm3kq_P_92p;A_z~{NtP_htbI(Rv(3~r_to^{G)?tPG(*R6a{<{Dh=n{`P6!tU{Ye)bm0u?m9GXf> z1Qh}E<(cVrIddrP5NiY_LOi`*Utg^!9r`GfK9!B|rO>e_`D1N{b`Vx9gTV{y?Jbu9 z-+M`FY$`=&kIyoFvR>8Nxci)3^{L#4@L=D8E_s%W`mS&X|OdLN|0%>{ZxWi(MyP0$?Wr0( zxWic{(=+=(tw(AprCZsKmv1JXyLPtr{`kCIR$e%-X1P|5$m6c13Fzc|%Ex=ir?|t; zF)E|#Glrro(lSOeniA(?5v{d5pP|*0`(6!DA#luy?P^ybg9DJ3O~cmN-BZVtyB~n8 z(s>+vokg{9?FD5JfmMW&^#nzFNshQy)k5s6qf{@L3s7!ey(P%kD!C7rEHcH1c#Sq* zoD})0IKH-X$3^iC&Jy1mQ_m}^z!N%fdvkKF3o;(!Lw$gZqFMiKjZr{Oi}BPYTk&xKpSc zHN5eg2Kd#K&(=Y@py|Gd-d!8>=l>^D05h#PcCJHim(u>()c=&u6*R}DidQ)Xolpt4 zef&22rV2#|um2q7H(^}7?{jz`BCxNgDcs+!McK(dCbP>TKsMo;LuC*XEF}KgXJ_~7 z>WO=PrzTRaAf|k&8x)+5m~;w(eQOA|XQzbQ#=K~)rKFG*^-uATdbkMn3EvOt%e%uJ zdf7;hPj9&IXq9a8Yf2zD0)8rIg#zJ@czt@8_>yNS#kd)Zo7ImwWZlYn*L{~o3d4Wr z>)X#unC8@HsU>OWw@|P0)p!!Ga%8LaB;y}XQ2CF#WofOJk0w@0-tSj^DY`HyylEX5 zdKoU5{UF$y%dqCz_I#%d1)cn5X};JO$ZU~wjNEfwEn~Zu)kl~-fgwn*XJ*z|tdcTD z_O_^OY+T%s(uX9^iFv*yXFrY7`_9I5-7p%#P*#3T?INml*uF!D_LepL#p;8EB_G{#L!uuI7I>@&E4E(ptbB=`i5&yLa;MM(2_AQJ_=K zDcJh`T{LDK(tLW_=@GR*g|(}l|A)U0D>Zih+Md@~G?%L~t`zH-dRcGFcqD)Rs=xK9 znAb!$ljBx?gZvKa?22T-IT~~EPbie^)Vq$E7Jrk5mN&glYL6E9UA)@XxEvMgUu)@9B3>u~TtrQvmyC;&PcR0b{ki$SE!^Ze z)i7g0`_>b=z3l9<0-Z&DwP3?f3`^S6w#oO}@>>T!LLO42D&>OrA`Z!9U?{ihrp%*``nnF&?TWzE*L3oID zk{-3NVPRJ9S;B4dU{^kjtl#2Gf5&Cag!i5$hT$U6brR zxI+C&Tt6V*OF_?l$X;6YKptHBOVUujOZ?iMjHH`cb4K#THpJdGW>^_LLKw;t<34Lq zDKXzq7#5mEVz-V~X<~$Ts|)EMD1;ozz?RT~^2x39@ zkka9_nK|AS@7Wn`MO0U#P1K)t%gzbbgUd zv31xEUmkMD@1J9SV-w-Md-`aMCJxz(?p=2oGTKb173wSz(!3OCJ$kK@*D~cgrJ$Fs z-j2do$>K2k4@je8cWBoHcRveovz9`y;heuH)nf?dz;{yCX0t1$O(|45K5MfKUcURF5)_w_C02Ew^ra z`zyGe9pfQFR3tMYRsWd)u1w9wUa#F4hEMO@%&TZ9-lKi{zUFMKRh23Ygxf2h`ZOnF z@uNQ4`z}e&wHb?JxSjR_vnO>ExhQ#29`Xc^l1Ew1gDTc6r5@~2?qqXliz?rPa~vShf9i+d7&_+xL)KC?J4|+H+r2l z`C-MZ^seS&xt@c>v93h@c1%bMx~+a})JviC%X)AHlX|DIVD5Fztd9i;Al#4J5B9Rm zj41Hwl`p~}xC4{G08>^9MV({pdDO*u1I=>-{aU`R;YrNhQvt;cv3k-rB7&VWP!5~n zC(6u0s2&{iJ07EQP6Ku6(3yZ3F;~Np_f;KZ#SMs#4SAJyI{0dB|PU%a*Q8!u*w*G$e=<96Dv`uRCP_+uBci~xM$)mfExtko~r3D-$?JZ zAUVWI=2-E(KlBTGn7vOWz$ZQCsLUahWMUPxN5%o{Q;E@}05%;7tEgLgO_hL*U#s#vq?{O0gx2q~@R;=Q$UJpDLe64t>T=jPr_Z+=EdP&`#; zk24muMpahl*$r;KtC&egUM1S0FU@-EGL_b6=nb&lnI~E&S>eQzUMit4&6m{ZQ(7lA zl$399$cC5Vom+-gJW=fKq_f{-b#f~W4@+zrd6*>y-$@OS_h%Y+|04@bJA ztj2N1g3|4QXgg6Pq0?xz8|pYob)eUL*x3~((PfC~3a*87ccHV;lILk4U1-sf)xIm{ zo;n`B9R{P<=XF%b0b~<{x;>#;=UEV2xMs+Q+$8-sxXJrsAw+ANcPu5Cx+<=!p^_aGx}O`Di^s8fG-G1#U;bnDKX3snRrD}Wmmsl{ z^L&nw&vGh@YcPZU@r!XGnwn7wL%s>7|HsIPd@Y#jc6`&+Z&JNn-zckKKD3ZljbK zB;Qj+SwXZN?6I>@s?vs5ue!bzgPCia6u~Yi@dVx0PPk|CS7C5!vh&u?j=Q)N zn2w_zyN08aA53+AP}kQu3!KKwOxhsQBdX09Ahvx%0GQ=u<5Ky%*@L~kz43XU=!&P5f_3YuAGRE5ew0d;L(lTu^u{X#4WfRr2V^r zrC;u!xO7e#$fo+)6!fAIx5|kgxGBzQ>3(>g(+-IsoZX_6Ze-b`xGZEPS;|$1)a4fjFc$ zowZD+)Ln^ONoOM|#vCM)Gc$GH)9Hh0XaCyeBs)-Y-60Dq)TPGlN#W2TJxVK0KIBmL z!>?p_N+< zJ}RwjC?7I!V?2vhAaJFL=dazehe?wxD+~UPE=C7RAU>sr2pMPR?QthDXOY*tjYc(PwJYLas0oy?+5$G;#>V-F*WJ`bi z^0Vo0?Ik}TsmH=pv%hKtx{K;SJ)V)c;=DUV_EW|G-`)AQ9IVrLZ2Ethy>#+d5G{SS z7~g*Ozli4zFrGd>Rv?7*H}O8b4UFU0PX{Fah+O_FJ|A*YAe-^U^xv2M|77RaeIg`X zs;}WEb1Zk8cW`8-$-pG3A1OqTp5x!qoK@UaUMtF5WCc-Peh1|;cRsIj3t725)AxRGd3_ks zHp0J=wZma^7p`#1ds*0hE}?HwXha#+#AH;dB&jBFb+*p69G^~sc-gi`|IZ1#Q?Z_B11 zP9u?It$V&DY2%6Q!$te?bytk;6@$$mT!3B;2n~T&bUwK)t>iQ#cOxcE?ay^R$6ISj zN*~WAR!sJ~yEPZREHuT0QvxH&4Km1&zopID>8_?MUg5{SSS&8=&!5=q{yFu-@?6h4 zWmJmB>&5E8^pb&*%7je3fyAE@JuaWjUTdjo#C@%}FCg@q26oQqP!h=3LYP5%hfj-* zFo>Unvj;2lw!Fxns9Ut^N4CY}=rU=iq399bLk#U$Z%oMCngH^?V4tg9%@h|~!~_-m z(zT$WbVZ(17Z7dYTrOXmWLy^Bk!$ub%*MXDL(zPfeSm_nc1Vm~3Y)K=Ct} zIBPt6hY;IyyXC1?%|SnXYBBEl;xE?y;**malj9%O6>A1#A6zC30@tO*u5?E*JGWS} zT*hI!t05Z1s}GXzNX~BZFO9Wbz+rn^7hAY&L>fzShNjZ9YN8)X3I9jJ#AlMET!~l( z5wD`Ku6I(@OgZYEG{QNbo5|lFNe>O*E(Ru8?EYj1pRu!FhqH}eJ*$W{OuZ(-c5v0t zXlEn1(7f?W!>O+Gj6HFvH{H_9)KT0=E*43@>SdJJ8slvgp)!mr+uV8R6tT4$HOt7BX;x4%FAVlkuMBJ*hw%(5$HFtW&US!*)x_yvCBi)97e~-$F=KOmefD8)BO`<6wjjeH z)g$;Hqr4clZrn|?eOVLFB?8+lGuEtYijA!vpC+ZuGiO*c=at+(iFZPQHTP!gq^vMN zfHfhIYt*b-Uj3)^?oN8;mqDq*Q*^bKy{7YjA~xwW-~8UPnSHOkA6Vwib${(y<$VmI z56rJ{t%}2#jcq}%((o?y&KqNzHo(`Q&vhYykcV9_qcZS?^-Q{1{YtXt9+RFp@1ryE z9`TvA1$#;Q5R^dqST{e$nXJO~cJu8*1+)7Km<&=ZlQqj(C6>YAZ zux^?x{zOq>;P-^nUER@GZ|>!0n;h2h?TE+pANj*Z_!N;A-GOAb749Uf+5~w!jkSrt z2egpWlCFOmb9QYIk$eVbK)0Xb=@rJFgM=MDqR=PWKgYfQI4L{0Cqs~w0C*vNlM~`5 zXdknayCe3$)!yvVe9c1tu_XUj=UIVa{@-SpGsMc^hE8OIski=A@&8)#WJ{0>dA8Qw ze&z2kT#N)=yfU={w3@%#ez0OimbYnG|Bl;yu7k7=gF>|H5$WWMl+|11HBIyuRhM=O zbktl!RZjoMT3i6HyB-w`1XPXBbPw;}m3U?85P#6)&qR!L49NbvUXt2(bC1s_23=1h zm<3z-#D6w-1iZ#De(Mz}%}1hqy&LG{|8p;;o&&&A!QxppNG}BfS%@pi@BPzYMfw9F z+=+)!fq~ot??fo%v;Nr*pj3bq!236^_?-reFXeoR;EC|3z5J;nku_a)A$@KMIGm0h zFFN=M@A9A2n++M!*^b6r(h6VS<8z&akMv%weaA<$UOsK!hLcS*awWw4seay^6QW+a zEq!olSEqxN9bfVVDjmK8ppl^e9y9w%q9^1eT*oBUltk;R($c^V% z-r9SHZETOPUjd)^j8IK1B*dlAt<5Xzc*K9zNJAEHE}){@DP z;!x@&n6KjYasEBu*MIOpJj}nbEqeaYIW}DmN8$o^91Yv>QFA?AF|6tHB!jNySgM!L zw4YupM%lfv8bZlr_$M+Hp~kZ)Ur`_o;=fBaGFn>3x8ou?_3ee?h@0^|ZGEM~ta^Lj z|KUXwH1}uT%aSxg*~;m@#A*i-?DVCx>{7*ZN86f?HMG3wn0Z~jaLVLE9j$!L;NX(b z!d$*=K=V0!&-F5f!$WI+ehY;dMJq!Hp24RR1ZcPuoaAnQ7qUEOvdpa2gd8s662Gmg z;@C!deS)VAo%PVL0D|LkPlE-d*ehpz_Oy&vCS@A1Q8hJo2zo>bKt-Jb^{(G1aXgU3 zl45-t5Jz}WC&Q9rq$ajrKj8Sz!S6Njy?ZWAm*h$G5ih?kLTaGR-%Yl>7VWR4g`k^1 zj^}6)gt`q%b6+WQWU-1M!+RDdxSgP3ryJN<0*auIY(P&{Ri}DNhVp#wYT2Qxk2j>s z@X}qp4R-MIwY;E%q@$QzK)J=Pk={EL>6UY{Cv(MtK8ZQ98t>S0{2`pPTK@_m2au1v zRim&vLEcg??(S6e!VW;VHpNWw-$tK$f#fCU1vuB;q!#7AQRH%6Xx8A3r2}J-_1LV6 zXx|zG?^pjr5>tmTeR;x%WLM`vdRw^G5+!tVB7~(_GIMCBjAKtqTIbvsQt$kjVl}K6F9w4RJZ*T_diyHw#RCHB2c#gcS87NRt z`D)N;qmA*MW78@O9|%66B z;AXDt_}A|T^fIH?Hoj6)`)DQ7MpT>aM$vcEC({MS&d32PK?=~GvL#_f+;G4O$`lz@-M|KYK-Uk3oK zg`A9nQ(>$nX*15ip*QX^XtDP{TU-Ekqnz_^nBo5?i#h}A)_)Ano1LIn$6tMm)p!uKj@kIuo?R|FP_DKbh>aVw+OG=2>=){#i*}_^qk2`TF ztT+!hxWPL1&#tAGz5tMfEC1EN?_lihiFQ@|iN0)1xODg8Gpg4X1~ONhwZN(U_0beB z06*I^FOGcMoX5-G2064fhrziLRd|S1jqmRyg-w6P9F^D|8(iigA)Oy&2bTw(kz8gS zpZBed+yk))kjOZ#s^gY%xze-x5F_J96W3D&;t%FI=8a;^i9d(nsq|`t9T8SaI$)_`|@)l&CYeKiUr% zl-eC`7NgB%*k}^s9_@mu487C}7!|i3`vjX`^|UBC*^p?zX)?5;zFs`<*AcR{nY6HR zF(fMk#tY`K%o>D(C#$Rno-Bn&)Q3i3vDJ3(7Bc#H552QT20mMTiZJ@MjI2j4%JX5} z8ohN($GSNcitbzJ+N5GgWDl+Lg!Y30Q8M(+AU;7aSxUs)*l=Oi2(mTB6Q!wb#hlke z(`9lc?|Kq>3(Q&=M6YBdw;Pe;UDm&{)|wjumf&3Xt@3E;iKKT=$-@9Yh;m&9w$ItC~Y4u;0K5tHiU($KpR@~et(mT_8*WiQY z@E2zzVyPnAnthbGz!}bNMK|2m$^;d{VxMd~94ITwcrnPNeIW>)~?9nyZ8p=$lWlO=HRPUEva0-5EQ&jQWkE)QBK4?s9BP>`xIKCcB z#S`H-W_E9m{}QfR+nqt{&U9!ijd==Z?{Ia4J4Tq{vED@s8LMtdH8PEEO@ebn*Oy*R zwvzP)fb+FUM+0aC`!k7mmv>1mvoeoF;TgTvtg_-x| z+`Ua`Ur!=>LKmghh1O4+ip8u6geZ%bt{3|UdK=+k;dqHf-qG=rC`{E67gjSQs;4jA zXva^uYlgUTY!$WB5cx4F!}d1^QQB%hsGeEnx;|{}4`}t2NbfM?n*K6+HiF{K&V^M$ z%Qy``n4WdM?~IB|%=UHT)7jeh`mf?+cDz9t%tb!ehB~^QLz?%9v@~S_;E0UL?u}RE zsk)Z&&g;t7+2@-tpIhnW*sir8M+l3VTH;qnb7ttKmBAUR*C_Jrcv5jSZIC< z;3T%@wazPXD9z`h#@_3EcCs~VY|t8htsuyP&GfdW$GUsk6~au5R0vCuURY*r8e7oX z;b;_b;`;N@bvt*vuVc~4nl-%`yc>lgOrJ8tGf3@1X_9r`f_{6f4WHO&yxP5}j9dY0 z8J9F6_levMCHTb$4Tz{_oX1;&!Db3A%^IFIhY+YmJS*qo(!zEePe@>_yp6^}Jr^%z z8mx}4^hS@y*p94t^I1>4ktEnzcqEyEK|i`P{pm)c;*m~0}p|5rq0D9tdKo=pl=62`Pjtm&uxH~O)$kkOK z4Zzfz&z=6YVB>Dyp`1-g_Ry^RRG4>YTbTxV!=$xCoUGJ$LJ`F$BoY>+wD~U|pZRmrlb~fALUxnm_9{1e5>8qCWvAaRGCAydz z5^;Csy=6X8$a1taRI4B@P9X{N&~=5QN|N8-3S)p6 zF}Y2|-@$Y_&2Z^8W!9#n`I$vfvEJXf~yKPovJTh7QT~X zJpaq4Pn{(>LZVw%j@!yFhWi#mmi-SyR!>+EDc|C*+BdA)KONHv!agh_e|;t6QGQ%l zWZNZ+bHGbbVehhdiLD*9gEQqbN&^uUL{AAFz zzRbd`v4+0Q(+RUE2Q~Uq+-UV>8v5#PZrXO|u>r=x&Gz@h&1Td)F0E=+=eOcG%ut`^ zaVu)Imer#xYuisf+ip@4)Z9`_ugEc>W*XLt+xAwx(j1g0A`1$2dn%B5PtfKART!Vc=zHd4b{KC`29&W95`nj?t`;}zjyg7Tlhb_ z^Y6^3@OjaMKcoG?SNOIbj>iF4|40b>$Kw22Cel-~GbsSMKHTB-{cSPBWX@~%qXhTu zJoC_`%)2$8l`vv>cy|`(Jy=~whkqp`eTIxif}1V}+oA8_J!_1~pW8XGPBiX{TizDW zYYd?+DT1Vb8MjLD%RjP9zN*H+xhLP-b?y7FQ|!jCEY~G>ZmuzZbs2EkL72u=*_bv& z2ahkIR!1~O;1z1ZRbL`)b%~<|ur7U>pjgq9tV{W=j^mlZjvv*|z&u>4yQg!`gi3Na zPQZi;rlTYiM#(~U4czcNV4<1ePkt{;_UWX1^Qf@xrWD8KNtfrgUSCcPEPxD|_?-78 zwCBQ+!}l9{-ONJ0jiT4@x*M!ro7ddf)DUT!?%N3yKG~y+ubyMBI7hcSCB!b_a&X+z z%HTQv=r7UwY=Owabi;FPAmR6v+B}Ari-m+1ARX=f7ySYcMb*t=O~3dW$*(rh^7hNG zGAc5RaFgg!{a2b_jhBmjiUzc%#&`P|+#X(a9kGw~tWZjjEUa7Lu#*lIpP6=FsBdTL zyVEH-=*rC%K-Ck^Ml70N-^iNG%R1i_Vz<~-om8Q|U0@qOFS_*c!L#61shH4{BKjj= zTeUi?W^e^N$(hUb6FaBlc2dSI6LK+fgcVR}NY+P5PY&l6?bP2P%wtwryx@v5*L-3qZCC6wR? z)*Hv>N+*e}@R&qTuXEQNhDM0b@cnj4$-d5P1IyEeDVxr7<>{4cE%r@o+$?A6I%cN( z(vfmf0t%*Ijh`?oN^Vk(~dF5ys0N7sgq6KLVs>jT?uB4!gw zIGO|NY}bTdaKZ~KYhGP?A)H5#IKyI8#-;02q_?&)Svr-+bs=zcv;Easzc+ZJNw(V~ z$3;`U7hvLfHTH%bj;@09-<-gMJX$bs*QMC%BpwNovXFo$!veCVlaJYhTzr+OrO=D3 z*RJ2FQ-xW!BV{m)-scOxc0|v316~--Rj@B$NlQY%9sVg$ji&d>A}0UzBk5l9m%bfw z_El%&9dquD%Z*Bk#GB`Z>Q4`o2nvCD%86Gc_opGv@ct%eLl?EF^~4*f77p2hdNaLJ z_#v9IExMj}ymM~D)y(IG1%*=yxiaa+sR_zjEE#S==2d@9y9HYN=vpU3x2*6TxQ z>xMJ7^;H4lae(PWWIVXDIha?HS7r{?Wf6*|_H`OBol3G9ZIq~a>8oaFei}Ep1mm_0 zIq2NV0i?W^z_+oi`698^g=yV9Gu-f`rJhv-4(jsb3NQKPsL@!&fpl z{E~+Ykatk)+i$$yY_Qe3`Ht1Nd%jt$uC0bsZ;jf!?H6I}F2qF_+FXs^qmd=M zP_7-aZ3R=D%Bb$0JI4JgUHcKXjuv8cu%w5shXztiz8Y4|Jp?=l;+Mw5zi;ORu$>1I z)Tuz_G3ybqod*G{uQ);bk@c(v{R_f1YYBB5DP)SE;a3Ks^CE9P7Ufmsl%$Sl>jUJM zOF&gr?dZkZhaUuG`~u6$olKZ*;63fQck6~f+=SfnwWKj6I@~mrRolMR%h)HgbWjl4UYsXwq+i<#k(bVB_XuO{RMWezrW%b_Ab- zpRINaOInM>Nw~(?=^N3OY?M`2eCaE2nQK`%3?dE;rq=Z7z(Ch%T8tuCIdTX_qNoHymGO+XZ$?|rI z@lzO|ns-bh+w+=jcWb(Ta2#x+#+8+&7$!`QKn5Q=Uv7J?&;5DelAoHs1wJe`LBz1r z1+w~T)T!>Hl89z!$uzIk0Z?7B#{3rRCj=2laR0qFAh{C2m6pvdelbu)uFl?P+-=x$ z#qePU+QILd$nhc}$OKXnfus}25w*56D+C4jaQNky_0zz~p>k0hPp3ivuO!r#3*y3N zDAFy`wRkg!KKAu>5l}ukn9CB0)yp#BxyqZ}ugo7M*(?Qqbx;(3UGXUe6olrsWRyNd zM|tN}-QG{$hBobzN{XpkXX1pr+j*32RBtA5#R*HWc~{Nlx-3t#aJwlJa;HZYH733M8_qa%f-NnP4WEN`E}uVnvDmHFO7`yY8`) z;_Q~XZvXMP5KIbp{DbKGRX7?I5bvutr_miw31v&U+gII?Luoy+yu<3WnI}@->GWKX zu}4^luCL<5g>o*K0VuTwbtcgIHg}AislbO#=Pb%= zY2^uv7+FI{IJK%I&n<87t1Z#@weyrOz3aJ8#Khz5vZFiHy9#er?xvx3O?cmWsM!7E zZmGOaBV;c8I`nk26r^hgTrZfe$JD$Y&)DuvtI4=<00KJ(iX_Suu2KM3KT6u*tG>3M zDWCh1{Wwv!t=fV+l3SV7W}BY&jrAuMsfW-z{Y=ZD7wjYLSeQ-QPy%&}cG)$G9ymiT zHc9ODjk%`>#@E-b;RP|(bKc9L>C+V4#YIz+=E@l{5t4B+xznl71HCUeemUgZQEA-y zdu0R%JE_2rGaJvPnB&{PY1yriWjR014mAs@Hm|iI-6&C$k@=M4!QI(2z$}L8kgXSL zvxH=&e4LZ9%ATaO<%9vMRTG&}wQOu@)iF&tG;CyZ+i0MA%5I<3n%iEI3%xndjrPD@%9HrYJy7i;JE=(^V;j1>ZrG=LTnnMc?SYMCzO$l` z6fR|d=!b9cO`zci0PDV(uKS(RPI+!|ng;vA;rHGjGVJW#j<}YxN!n(7jCZxeQk{dU zT6bMpC@WzjlP-AXlksP#eFHSy`d<>`shh*r2eKmYOK3CpV<-(mcBm+(7=f1F}K{B6r? z#sX4jfRC(stQ*-=gqsepO`|sDEbQB@Dq~rYY1V#j7F@rERSS`wj{DiX>D)ggL7V4 zZeGFF-;x>e-nJ-!t&E=S zqt7`fP`@jI^nqKo-MG7Vy~tP)s!#!PGiw7XsX*z$bj7m;^oCEIuKJdXx=2H|PNkqF z;i1?@3sdr#N7?sp&DjA9zP`3&Szx!Lz?2&XTX+FgVZ)bG}Ww95J z3Ggtwqz}#=Xwn2s{aFISLBtvv8PR<8yAUo$KFSqE=BL90-Nh5BQjTs~zw(f)_-%cF zpS|{t2r0YS)kj>tj^xA~v1LMdjrjTSdePoVq>3W>)iaq~{qys(Mpn?r{5K`6yH zuUFhQ(?!r(IhoL7(3@4>GIZYixc=jEt_+gjdr)%Y5Gxsl>%p?x+4#8WX5dexj8<5F zoP7{%BJ!f}ZP!|fP-ui^ke(R==ehh(SKUN^9W2M=?OVPwCs_%bQK&(BEeR~^gwSxF zLx=HNNjcL@UqQ4Tpk?bjk@KcIQ2z?Eh1^7!F3Y9rampk42ysHxjKzLjL^O~*T-y%4W4DVe2_3xIi2|Nb!~<+ zS81~n^$DR!TT5Go)elwU38yYtZ=vip`!OM0$XJ0cxfhvOZKIld1Q)xswoPJJA9_jG zsPuto*B5snt>4$=$7K!t`~U}Be|uem=3|k9W*?K`m!-Y@+u<#Pj}z3C_2llOj0H8` zrrQ{!Y@D!83(q7k_gAC}y(!B4%v^N$8n_nH+r$ss9$W{}w;t2f-z-iE9E1U?A*c0Uml+GQsso z;v)}N?4E-uua=m*Si7bHGLUT%3_&hOZ6>5zG*+BhtgdB$H1#x+%^0vww@xwA^o`t43h|5p8Xyy6i^oyEq9MOBrTi!PvE;b@-o+p)Nu<)FrY z?q$>xS!fH&>}zf<9T_R;wS2RNc|rY2(Z5iw1n2BHG*WZAlcWox^0%Gwq*74ju0Bpx zn66OP>LqkpxWTbozG^No(+xzXi!K7EuvqiS5EC(5xGNUOt~vr>?G((L32+3@9e)5~ z^8htY&!3kk6npl$!kIlZGh)EqMXQWBLb{#|b`(U6|ADeCkV2%hq$)7C_4HDkeqDWy zE^{y8C`srR0i|6CBDHo-C*0jWx^^Lyz6Vbs=sP1J_e3I>m2DN^!*d6Cj|u<5!n}AE z9A$p7mxoA2lk%Kn+L7ncfeXKHQ_=~$cmcfSC>9s=?X8R8A{M%*t$)1KOyYUk-sax> zM-M;ZseoOnmP@ni1pGX_|6jN5AqlK&Ps|zr=<&y&;PxwZ{XA{#AbL1; z{lBQ`-|yV}`NhwH0TOYf&9A?9J#qdIyj+k}2l?Z!x*Hdi%hegUz4;d3xyD~Fswvri z=}N5n&SS_v96V8fM*ujBp$CTK`xfKO+agI75-!#7qN0 zkk|jq6L31!0xBF7O}ado9G5TU+v&crYT(ycX!DmD8#tMtPKg*Sk<5mz_5~*T0nID5 z7Qe40WS6!65lWAIL?Vl3IOw-q`0w?>=Wt%$AV26f12KT*AXe#`uyUI5X73ZtiOL zTeOH_4R>R&3D&*+QBMw}*y(dXo!U(H*>Q&hl{(*0@NWV8Z$p!2IzTGCq>T$WB}5#e z-Od(sB$b3jg#q5Do2-n;eB4Q;wmwh`(oL?MlYMe`A&5g%HV7*j)W0$TXvU-I!-Of` z-NN7J4GT{_WtuCoymod>#we0h{9pb0)pD~|jRGa2)hAZJgJo(gM55~|dd1LMtJVxZ zVs`OwLSv-^dj+d=4(0PwOHyyiV(zhZdpVzOU^k7hU2~bg_gNJ-4x)`s9iL{p|2oJ4 z9Scg+cM`;vIm~&P$0{VXTovPD%*n;EXm?>JzMAY))ZnWc;e_12wq3SlGdk+>paG|Y z1i5Q)QPF_UVFSPUU6}C4fTYu@K_2vGk~6Z;Sj+XP~Uu^?tG!Mn#%`mcIM zj8wRxxjCWZK!}P~^D*sK4iGfW$;7ZgbLqo8+#c2}fLjFx?wFy-)N&^t_^B-{b|({x zIcI|^64S+d&;*P&R4+BVdOB|}(k2L7K&E#INeig8oI_<#J1zz~(<5G%v`se8{g~a4 z?fIRM8Asv**I0Ma(h-HYh?#>9QPDX3*14{?F2Nmj*u%;>=^NkbIC_UIjz=2T8ZuC*smqt>k8~qb`4RZHhnST&?9% z*_s+$YfMpWZ}C(83xds~QYE>xbJ``?xovgITiFk@{^S^b+xx27B>4QyUjxvL2k`Dgf+JPX-(LW{ z(*LNZ`2Mx31Hei2Zp}=5zlGj^8#$OL4e3oE>7LES@!#eNIy!gMa>T6k#?Sy{tNJ

    H7DOnRyV&8IsV%h zs_g%MK<<)c4p=Xw>wx)5oAe}^x9Yg#?;yqJ9C`T`F04iJ7U7*R2(iQgDMF$1fG=#u z`IeT`%;P>2!*617XK0*q3p7}3aw@d~cdnfTaEoUjP=oBBWse-+r4HE>qsygZD|fj5%xlRSlKO#xK^7SDh|+=}d{0_Uyq zayzIVSJ%?w05=7400))@$LId}A(H?herXO%wl`H&R^Z3|gpZqIntbJ+eSjyHpYR`j zM-cSxG%Hy0`N04E{sui!_xG4(FBq(s^$jtnN{MFn3oo;P9?$+D0e5rjXCNF1gaztU zzRxvR#}@b!10Ydpj`&alWWGj{`C9r5GQfzxaKMspu)q8GDZ8bxSL1LU9>bH{rQixe zH9&-nGA<%EX>_^J%pHJ;V^Gt4AiO-*Aducfw$Dq@7G$3u>g9r9=oUfI=xb$A)vWK* z+<+7GdBdq47wnS5=EuY4xug5QQ+k!)Lb=CHoly70OOcFA|Bu_Ll%iki6Fq z$mY%3$%SAA^`)r-!2T~fXvycXlH>N6J_Y87RfT0673x7_Jw3lll-|cji;6UcO@z{v zT3Omgn)tD6WwC*Mi_*$~x*$u;dSYDFhdGs~trm0#MPRx$TYVEMwjku^X}IYMidWv5 z|1Zwo0xGKZZ5NkTQV@`kP`bNQkpb!Ml92B16ch%LmX4vjJ4Hf}?(Qz>7~;PNU%%h` zo$svwI_J38nmsO^{nY*3aoyK*?=b@)O3tUgW!rMG(cfI)6{s$~));C6GE`am*46?% zBo{ycg^bt86e6kR-P;KuSt%^(@0a{hUVKFrFQINYQwIkcPCcPuP;R@5}X=>$dk~W@l$=a*n&2DTQh&IBlks z_`_lh?bO(9n%8kcOkj<5_qo`6Uq;35gCdTEzC+CVz34tSkj*zr6mPq{qUrT_(=TUD zYBz+89mlD+N1H5nS`Ss58RoNqIq}}wwF(of*T=fpJA?fHO{xZ~$9Mbgp3Y~vL5s~m zl;1vfEinstyDPe<`;HxDg8{!Xa+6;U7VD+35jfY{Vn!jPxY%YukfP3kf>7pH_@JF~ zD}4--ZhZ&Moq93@P|6&@o=rIrZgMVY7CBo;)qcFwasaIxJ-rQ86p=ZXtrrCV@H!;U z)3NTu)Jw8@w><(v0Usp-wH!1;YqHi%jsqw@zXf#h$;_mL4pi&x>c{ zdtYxsl=Mvtd}KXh*Nz*-n4y&W5smXmzG*K@&opRuJ%mYg#QI;GnDLmGSi}`<6pZ=0 zs_cKIzt#W!pIKztyMCKgi`#C-oW{Bb6v{GT7}6BUi(w*vhz_-o7zv7t^I;5upvCcm zq2R6@7l81!L8v#EnCY`+y8L0xBl|p2wa{W#t=wWf@meP$TQz=0-rMYcqQp|NNzM$Y zKvq2C1YN%1un1RN>@M|k&K+qS&piNgL9mKe3UlyUw|Otq#@Hq5*;@|I^A8oKO`Fo zu59tIE^IFlu6i}mGVnnrp)2{1WaX17mg?V4%pcF{g{_5?$_AytJ&9NrIJx03Ux(GsbmR}EAtG;l7|bp#5gJ#t1^uUOcZx|H}oyqkt`= z3OX$U03wFsl^L7@hk(A*0cAeu&S)_CT4Y%*l)I}dM&Go-0yd$A;ve87sYB#o?(oIy zocok3h-C-rh}FdU*y_x6&ff|)TI%E1?=5q$mA7vV#?z!0yK<}dfm&`N2TrQhc%Js` zc8H-eZN)ZKe&&p?qC-Hkf)TYT`2iih_Ut}73EI2yongS?rR!UTD8Uc_iGcxipuvj-Gs zeV_qnokku(wqZ=@@GEF{!~tO7?E!BJf73lf9gr#yc;GQr&W+`f#6B~pt{BI_5jb&P zlMx$*wbExq&tnQg1)S%a*&FJ@pI;IS zs&~L&x!y&CL#zQCe1bSq+)3zql3hpqN>hWVmNZwSz==n{H@jjaP3n*t>1&Ch3WNCB zhN2o28- zu!9iH2iry}8gU**z^c(63#PFp#hIxglaw&r{bbW!zAu?~ljevPaY8So7kh{pE4e0^0x4 zv({gI{nL-)$pl;Z$o&ej)Wb7g*iL~}2CpG|3FEWIG7b>}Tcd)-=wD}w(sdC3_>vW8 z*8_{2l421ez1O;G&%ihj*9R!}_j5q5e!{051xist*=wpY2WQui4ec3fUUq&ARVPePqLEg;kA&nKx zKN>rxnWhl)Kz}lMKPeoRI`VgTwgo0r>Foy}{o9HC{EufkJ#{`aEb-xX-<91nf^FG` zXlwhvfy-6;qvsXsRm<7@sPURO%?}sbuBo)%P^8u;5zya-CvVeO^e=atP{O74n{~TV z-HMAmTj*@zHs(|(d+r5~ljn{)JaH~+7njG`q04ptkx(<9cw{8~_~ITjDn`2>*rpradgs z?^wQ&ct%xK?G3BPuF+(V|Lr*ifpu|7zxt!JLxVJ+KA}8r4NS#7qdmo<$3y9by^-T@ zTuH0^k4tQIi8*~^ezoKI%w)NQ2UnNX<1pF8VMe?=H<*L@v7-L*o3Z)`Jtma1MUlCU z!QF+g!`(VB1p-1Rokphs>yBowTf4n_5VMZvlTwf@4FV~k1R7fNj1MJ?F+xB7jWOw%$W-;vQ~&abL)nz%bQ6Or>DWQgO{yX)HVsS_JsTNjfh zHmDblP=!wxt6m`~)2FcVjQ?lD7d{z$?{GTtvLbWP*V&>j7T{$FIE{15D zV4}jeo*?Vy&>0YPnbTfF4X&^EMVbWAubc|*OyvaM31>THo6AX75;ettnTmo{*ei z9#vbD!-BYf_g!Xt?nkd$;cEnUrpF}oUl z-WU%Ia!+`FhLKS9&W6ASr|nr|J0GTCr-q!E+~jIU%oCgP(c7;=veo*XzLctnkcgsj1D_%U8YPf#-nmrOL+mL zhl=#607Y-%V*#4ptqFR04CZS6TBMhIhjGFTB3H}Jnn;j~UwVlR*m1H(uJPzYUtOlZ zch44M%*HA&?CY#GVj)7Ny)w&~fLDkli)Q#L08x{~vK>g!$8h7yA70<4HOl^%- z_iR#eXx}moe(`b>t3fc2z*5<{*0q1aSkT!hhxVZt|9agjbSmK1h zEKNSaKH1zypOJ{cNXLkJ#ywk!1F1#4_B_5VTyI@sRkGFOYBlQ_A)uJ~38t|&pm+h2 zD{L||+`jOx*tuV=s~dL&hwoz!JI3p-Wkm-EE$X*;WjEEDD_=U#U7(FiSh^l!9WvP7 zulBzo%b}fFgmyrYjJzSV*GgM*dw9u{7Lw83O5(hh4rmOhuQp7bt1%>+Zo<=*+Dry{2~N$)kUu1uM>y+gY)StU;aW zsp9p`{Q=b4DB#?6pUO3?<|=_a7CjSJ5xN>PMj<_r1;ejfsM$eTzRuyE7X5G5jb<+KB(2sm^F zQT~n$v{+{;<;D%j+?p{i5_gs2pUYTic8wNpJY=?QRlW1CMP|~jwTkOcTG%hsF6Sw` zhZ{fc0*WOPGsi#!2eXd_J7OL5fXNu#t&I^0bbNqhD)>$u7v0o0_KrxVnaN^QSS@(; zNAeHV{LOj9iHKF$O3>)}qGhscdx0ufDbIj+l#uLnr{K;x-`1b)+q8@w{=OevaDODJ zm}PxA|KbC}9((}eyVTA6++5d%1ibdP`HW9J8LgUc+1@{LZ1aOd5=VO7nd}Hs0q5qL z^5Sv4{@I7j-94SsTHxW4lk56Me(?0**T8IY?X!m6LXX0RoSp5`7NSrAz1A0-Xad7- z;Kb$kf)vc;Bf_U-PM-It$xPaWljLy^J` z0~`BEPETCpTAv>>x=698QrlK6F&3`&=l5aQDJ`r=xqfapPK}XZcnZxn!;}7UqMWTa zjY1>g3FeOfIfpWvATU+mRghD1Zul$T4aF5dg+h?3x-hEKNF_kgeak?erBY|%ZZvdU zabL<-hm>VB(q14tBxkN_E5-D_n6uuaT;q*zU5%Fx>9uRa2b#fTT0<|=Q298Yz+Jh< z(ONjAy1I-bWQYS*SWsdh$Odv;r?;oT;u^=Z`P!x}t6M2{z0NMRCO`H7gBTqw^~pl# zO(`d@yw%QWQ%%0IdJTyOSgX0iofIz}UL_q3*Ulk*nfZ*=*7(Fk}nNV?}UVK3XwO7%K5oDOlw2x3`` z8AlA#b~g!6cIatCEhlOtrPX+fK3gWrQLBxOJQq+u2;2CDeAPozzkg-+(+t$WnmC>s zRs&Wmx1vHIBq977v9bPa3-gEtLh-C5YGF#Nl5l#TZzYlXOt(ZpUt0P_y^Z?jq%g6p z#g%+b*)l%&$PZ=RgdCb?F$~<9&I$taN~UJjseJ|a$g8Lc6VfCO6GlyQmZ)&2*j7)`Mtek+Zb~wXl6Xoi`-X?_?Q#6O%3(&UtX*#QAdC#v4-#=a`%a6CqQp!E zslV2@ba+6-=5{8y6hbs47#P)h#QT{qMuMj(MQ@yQ8^s4^BgbF%4QK99bZ4pZ5?2g3 zsx;!*3yJepyycr2ofQ|#>Z{Gvdpj>p{HE~N`5vv6n{%I;%2~#=8NLN7@hcJ&F#?71 zoFFE13YONVW@qUw&0U6kU~Xf+V-?-rhDi5V^WI5|bcWfovgwSfUNv`YS-JH>%{4_e zrzubISh3pSSIS&dJqr8k)S1&y_ocRIxnlRFDu=TU)aOB^dbh($<9<0#OjdpqT|pR; z^2IMIbU%CQjTIIdX<|A+j1h z3f5Aj$3Br-SJt0+hgSqE!;w~5q-ns(``Bczg{M z75`sk7y}6u!FNr&SG9U*f96~nd)3F1>ObCk7kYkv4s52QF^-f9&9Oqx63s&%1KJv^ zYpxP={)8!a%L8nKJk;0(Vm!p3`*s;rvVrW=q;MP~P0^V0HLk1p{+%OpJ-COJCnpMv zRjSD}>DhH4e?@z5M~~*v&BRGXa#5M)-j+M99OAj)MtK;zq1{sy2sh&6&sE*JO(SA*1BI<&;BDlN3fcca|C(4&67#`P!_-h;2A&wVxa*(Z_eiEb@S7u0J&xhN?3_B)m))K|Wg8{1rlG=H?3A zbFcPgj^ro8+Exo*WLRx!IhQyBD_(^9C?$6oYxIsu`8O z_Bj1e@R(+eQGaj|N`mVXxpnB?o?upOHe^^i*MIo&Sw`*Z5I3dHFQt9;yJ&9Xh6-V0 zccb!`CyZxbuX8=wW92HWmaQe{b$3V^?an}+DYGablO*nVF-vuL+9azUPsMh1RkE4D zz!$?j8ugnd`st5KdqRq&n}s=val(7~v9ajh3Pks9RIyuNVeZY?t)IQoHVUH;@%WT( zC7H}3_41(Gj{BGOr2b|F8OOQqvCr6!s=xiPx;gh+2Su^(*ufR1^P<*xsCU^_ZIHK} z>qYzUou0ERS<%_aUSPPldYuPP4LGDq1d8G@D<>fYQ^0@te| z?xi^3&_!AA6Dm6F*Cmdm-+tz>wC9bJe%w@qqyHL(%FCxd?$Y@VaeF@b>coT!ShE*TGhd5U|kq`z!J1t4X%%ya}?gE)`4{jWst&jD4QCv4p#- zcT|#J7d$KsUy{cimyLoDdJ+0BYqJgwRMd*jQgYLy4?UQeo(QbHeEA8Vg_fVVS6WpU zvQG64BSHTvJephT8uQIZTFV=&Et8ScVdt>w7xZjtYQwWV0|OFra>6^i^f%7MldW-z z`=p`m!L7{IH-w|7q1X@%U3sR`468asMyJNvp}EXrAci|UO zP1Z4|gr9bL*{eLO!s)A0mA@=q7!|FTIShtWDr)f~s^aa!&&K8-hK>ifHU}M$ z8CA9mPu*yL7uHDnU5WKYVi9j@FxP@iC$%1KT{E*3Y&Qk7&(uo7r-y_2O~i%ltzC(G zwvPe)LzVdP^Jn8t4BiFFz*{}4C6?V){7|#9;N>t?l5xk-L5rH#r~`tVUN<*=QaY~v zc$c%OzKVL8_qQw3I_~{v^bC`F-hAiRyQwXMr8sG>oj$*QB7HmC_L~&&AP5&f-l+*N6jC+V@HmWT2zL0hcdxn2IwngGyG3fP>6Lc3Afc; zUX#dr`E3vO<$i5-%LM`ox*)oepz~oZ-?v+jRNG77)zW z&g2Bn4mE>S`H%1CT&&WJ~_Mu-SdBAc1!AtVx&3kT=>G z5kir4(RSnt6Hv1OF9A6xE zd0NjV<#Z&%N4J?JI7T@nRiq-CvXvyb9)14g&9T8N2e3j&0+)90h@Dw6X`-L22NfySi-eUqEmEfSa>+%u~InXVKuiU3VOX zCaK#jnC6+Q?G+0?ZYoU^NE^0?U{^}o)F?dQ!U-t@Dbvkeu7tL{x%rcg(ArM&6CK!$ z_gJZL@=pLQCWfc>L`C7HJq0K?^P}e&;f!FGH zmiv_jmeLr!sq##@?JKHf1+BNl;FDjxgLgFqM6`*`O1D^W^;c2YKXMW$eSoEhE2gmX zITJGM7%F^wNpq#}dY7V_d5Xd(Tu}0&NBH$@ezHKEa)^oz)|}VRD?Sk>1wf<1jF0MiPc47P^E*xW148mY8h}<|{Gie%>x>HM`#Wn~hs0u5 zDjwkPyZ*+A8$N!oBNTnTWEku}8Xc9aZ%EI1y*rmkMA7&S9rjqnyL=>b(tvT1{vERl zy-IP!l)QkUZ|Go{y8$fEr-TM3RTUy(mS=0}(F8pOB&>Al@xm~$(t}s#{-_H6lmM}C z?5bCqnsuhtnKviQ*?9oc^bQ3|Ly!K@Ys&{}c8E~pUl5JGHj9W<0k!p#Id=meat zh5zsg!$CXNblQ9C4FG)ja}CJvJUluTAfD!(I48*%IN9|b+Jp9s-F`VE{DbVm(A~TZ zwihOXYTNA+5yPUkyKPj16RWp`D@NOIU(5lnXPv2sAIc2YtTFHtZ@plHqxsE z!C#xC<4(+^PmjctMt1(rSxVa2A4yYxkTmXuwym-_U3;bdakpNskcXv%Eg$R}Yy71d zrn!0Xsk(wN4%-YHY>~9oL!t5sGro|Az$k_dltPy9@GO1=$ypm{N>yqC3M@n-{|J;h zcWyb3egeKL*=G4RWrwZT)0*<%o*iSrNj^{})Mklsjt%Z2V&JNd8xar*0QT6BBk=3} zdgs0!M46Dw7;YIyVah6NT!y6%`49LZDSiy>pxTh zvS?lJ&mVw(kaPj~J}IT`#_*6vF4CakaGIsFo6f(>@b5cZpoxGZiohhV$Qz&|UmF17 z&as)VTmv46sOX1)x0xgkbVG#aMX+~Lml5E~{`<#&zuUt>1|sSnmevgSw{d+N0c4oA z%MsA?TjdYCr5e~R7bPM%jkVye`#DQ4F61cH7V@Kq7T+ zkpkxRK;ISpZs?lF>+1#jzeMFvI^aQQPDYWm(&6Vb0m4RYj~oOT0%hWZ>XHP8FkIbj zROk8JD+UVx|M2S$OL=kM3s$d0DAE7JukFW8AydksEDmwl|LE2~hWYO&zld%+AO%do zxLv~bIHdrykqHzg*zpRdd`6I>;4NGsbalyZ%J+ZK^v}nji_1|PT3W_7nl!J_iJF@9 zsDs7}y`7T?;XBGDs6v{6CJV4CG`7u%`vBn}@)rAl|Mci*NI9}d4T^wp+2E$-z-;#m zq$mvVK*KS+m52l4M2UU`iBGK%HHoJo4e#~dvxxMjOn3|oSps3J$6pdpeWiXQoov2j zk{uPMpm?U7n}Q(!Tm>dm&ua9-8%~LCV$SIPH!Yj}GEf=daRWr)s|KoDg$_A^Y!Ux^ z8<_2*Mv8g@KBr^qOe$^mYd#myXde>T>~9x1^!9tM@6nmNK<08IMA~Hg@_cTS{A~J| zN5A7&UrA6d1c7HT_2X~|S%$Fh?fRzO?Vk4UBVS=>ohx9Q2eMB>YiM7FJg7~EO*#<^gE8#Z>Bm^(-#)}o_Z$Fr-uM6 z%3xj-h9!sZ_fpNpzasMA@BG5r>A>cwh6zmZLKO%Qm;i>aRtBeAM-qlRnw#{hG_uKl ziYTN@o-87}1AgRFMFqyjKqdCEnLnNV7RBs6bo3Ht;c0cshbqzn1oC4@xT2%(yT>n z{X>kQ_`_%rk|%dX<#A+6QeZ;^y;zE+xkX5;^;GqH8zX<~(p{@Mo#r9treR|3T}VNM z!iAJzA2t@TRDG~(K}F`65v z8LOms1{}KQY-WSmx;Ot2&o8`2z6XSH$q!H{n4fwnVf#Q2Dat(E@SH%%=9tn-Al=um zJMZ+>{8@y+YE)mTTI?&Ms1luKxhN~KgUWS-rB#usSk|H}oKoXHx*dLHU= zA$B&wjuZ=DqGhR%PdEepb``JZx&XRacRXr4{i2%7f z|4_GC97nMO9Ztk3PK&PlJ|J{htEe-lALAUBuZwi9TRt;1t6F!*_JJ7xTH?IDV$qn) z>H-%3)-BGbE~2P^h|gfRC8<%1`AG6%<^dcZ_wyR(rbUx9k>l)rho2kK@|pGKh{EvJS~rREo~pWj-ExZ9ewpI;`$3ReB?w z@MXL74TmuCwPh=Yx%_JbmgE{EF%w>7;_2zDo}WJ@ymdc{+5A24YkqcX2ic zbeoBl5;K*eHV_>b&)U^{ggt#>ZDx~ykz!ip=;+-OZ9I>d`fMQ>ulSVv1ESzj%|8yB z7b)b3PU5#G)r3P&18S2x|6;`Qf4RE+5pE(NQ!!ihiqhBj3uft9XIqdAnYz_j&tXAVL?;@F|0TtNMBZu|g`1qZ_gvE=(<)2F;EFy_Tt66e*cn8 zZX3(CL!_tr+Ah?f3PtWzgOdK~8=#-u7%;fr@3p@%0)&0n^TwP97Z-miT3%Q+6>`jL zaPNI|wW*((p~&cu7lN31e7V<}1|4AYxf||IbJ7%$%;}FWVe%!kU7L?cbh4h#M=o$8 zm$aqw03%;ifibiIkG5s93OcZ3tTrh^qyTeyiNa_+D9zqQD2hR&cs`($p20ky33bIE z8`bhaT^MBqqD=Vt5}4ni4#xqD`d-m}1siZio>oT11IC5N)*WqdV^CbogR4C+;Jc30 z;5$B=bzLqxEF`!3m{hD>f`OoAnbVLeki7A<=?@z8Pgk$)EQFI^5md7mZ1Sn3n*wKl zW;k{tvth2L9H8~P-u1BlggFO|>j;874fy@$ugH0XfT*e-Tsi99_O9N;F#XIerD@6V zMC}y;#wOJ-0?0!k1U`8|S7K!aKuv+e^Te3#k1kkGcczfFM|tuW6BqVpGwF>W*Y32~ zrM112E48_<-H%jq`}&1B6vl>8!ndn?c6vbg4&(K&w0LJmv?CW4gJztpA+H@9Z1Ds? zF=<++q&*&j$77{sO?O5FalLr%2n|1PaVxs0hC2f|&L7?(0XCBr7|f2Bqa-z}hx)Xs zh7PYXIvEfZ;@xNbSJ1S(U<79CC4i)G&!SyFZNH}WgnuDUt=c=n#pjhMno3)`pH52ct6d7Xd*Hnu`T`f7qs=x{fSSpIshJ=p zSR_;v34|+()Ay{czZu!S;WlQB8Ud~WDddy@4-2KiLaD^V$XuQjxm1NYdsE5dpAW1B zk=_tCt$4!g*Cpd_pKS2s#B@j$|nV&e`ZNbLU#49d2KTKXX|qnnOd3R_o>O{xR2+tO;d$D$XEg|0B>z z`k^yGcKJ))EBuBTkBq!8;s)7j&7{8eqZ2HCIof~tNDjBn74u@j9_HUn$HL|htg|Ck z%+3~5P%STser^H0sVsC7FMh<4PAGl^#ZyC))k5#1^54kTzOaN@I7yPq6%14rB8W9= zII(EklBE*USHhca-3a}Nnki=(AoYeE1 zrC;c{$*g<~`nYM5&O;*v+THyVu~5LF|AlvMGvw-Gi4Y+v-HW;yfWwv)$ROPfp{|^} z`UzXR4AJ|ESc$x%pMq! zy~{YeTv|w;S37L87A3;*v>B2860R$}UQ*GLVi5w#=e44qc&3DhPZuVqp#vN3DJt0P z?%7@GfrH>`L%2ZVpS)cePJV<)()?R!(+ED#E>`&b2tq>f2T#^VtSr(}- z?afMrFwL`7Enn(w+I+5z0hTkXdkQ3;Kj}NP+WD{pTSJugcXtL#twIdI_QN~!8dqy7p9z;QOD8)_YYhvU`9 zw47Wv7RHZ6SPPQaZi;~K*IRdQjQ#NQ{1gn*t|^Xk`G=sI z{wItI&5rBBP_Da*B0CokZI}56p0IfFUOU0oiHm?_oRjdr&z+16PjK^}R+fflqFH-x z1-zo5sQ+rEj9uYf)(y3h9xx=E$qEj+!g|t(&nDt2t`h6)a?Go1un#8}!rYz3>=1x{ zTX4Hxa{309WC(e>S#2lF^DMNL${PhzVQ4)yl?-ZQ&_{tU>ftt?e+t%u%5v7M+7TZ~ z3aua7lwBKu6@xjp=}T`_w53|rPejUII^xCQGrjBDMmk9jLVckM&^!dMF6n`I&kSdR ztWpNBCs=>L7+HK)en7L{sd}<4*v-qcTD)J;hwW@czsFn&<2)FO-?|?$k0H{~?mcOl zW1b6|4#gm0wpU_ajzXS&!-VBp@6oYuBjzaGd?*O%CI`ZO&2>p4LOw+NRgHj>Tzx#- z>jf!n-@+{ReO>y+$1Qygb(01Gz)geTO;r~@j%(^K*Zw+u@}GA6V*RCFt@99`L;-EZ zcipnp9C0?SH6;BLvyE+X&8qhCIs=Fk z*Tqq?Nl(>1pO2Ex%Z*vvrXUmB)(~x*q~~mfBP~Y+*NrI%3({@Z$0zcynEIhZAg@M? zGm95qQ*~wL0{NOh-Z&pUsqEA5W^hMSjMjV2I@38b`r=^^7s0C`)5oxKBLO0RSABOl zRk)s}k$4XrDf-uyHt_hY=LSli%z%eoDXs%2!Wu&y88>m)8TtFQAVKFvCKg@b2uBu-<*L=iU1{{LN#c zKJLs(t1^#$1c_!*^ZdyHOA~sr8E{evzS;aij~QqJzFwcwv@n}y+g8ijvoh_z*KPv$ z*nf5K-@Emm80*fhY!$Lwv8Zvt@Bs=$v!{LAxpt|@`n*c8s}>$aCCcgX4f*6aCN+^l z0<7SYt-fxyteTI|rI5hp3EpvMOSL^$hho|s7m}x0 zJwNr{5R7U&U3f9-p4SX|P88(vJB6!Oa*23{p?%Ohs3c=ttoUWya#m96bJ~#L-tPX* zr3+U-PR!r7&;->*kAK9@cDlB%SaM1+4Aq!6iW9Ge(qOf#?zBE-^j7#j+Rthmo!q){ z-!*jX+>nl^6o_>Itl=ZfUZ^Vr_9AeHS`0bUm*t-B@1Xy4&k$|MXJPf|*NSL=K@b6) zuz|Mc6?LOo9&~Ka-e8lUDv1jh`6(uZ9=xM_zubc@hR~Laxp}(2i_=Tu(bFCmmrVS! z(EUk6mGjm&Md4X~g0YiVi-XN3+`)%S7sucabj^w>2K+q^KgB|dhac%PBo^zO6=E$c zI8N?Q`K&#l5S#!h1@~YL?ov3@ZI;X-CH0yd9FMC}LD}7TY&iwWKV zbo0xsEw5$w=6k0!mh)9hDu3Hkm9^<@+#-o<09QwQh^&APZ|F6A98l54VEQspWb);?(0?M{q1+l>N1DO z$;oZle&fFKxgf_71ftH76QD6nKXEfl1=i!+4q?x4^}nF>zwbgsVD4NVBiVt; zxDaT0z_8tKb|q>cOPNE_OpAq|#JwF7Th&iK2E4s{6tkL6k#=?@Oj++_-*xdLqnHBWUZyJ&7kzM2FHOPQb8P&}#j|8k8uIC$yQRjVLu;&7e(Lwg%#% zH#;u8XgXOyaXZRZ_fopG-%PRV3!hvr^Cis|Zrl#mbUUlgHnRZU$69H6wKCUqckEc_ zbIx>mDU!y|>va%nal}sz&mr#J&a0Sb{7vZig(vHqX+N-^QLiT9F{mUIKN1z%mn4m;&;e}`pf4al zdtb^_L{U zCyjeID8{BAjMjSIyR9AN{{H32VleXK2?3uMuT7o%7ygU6%7M2gs(7THD|8Z0T-1rc z>aG>+DyAs>X6u?2#c&YYoBx9X zJ(pu}$AKEO=D1u-71aM{3AE7|_iAHP=G7vY{JPG4~dbp!PGH@2K? zFS6cequHH-KEa#%V=kX~(u{88d_+zHPFVNBbZ#fb>%!?~_!K%i zDvlmqZn?vIQe-xC&8cLN4;dp99cVq4#)%G)LP-OaR0h|25x^q1WG3~Q)cXhV+3TE5 zZ|!e~4La!45QK-M%LKxril_2OMd&Ik<}7hllmtQ^H<2x5Hctd3NZdr*u&&1Fa+iwo zbB$KYY0_I-Nacka5TEP2a3N!n2I)12mTxUk(W4y;avA(?;n`pS{=`|iG}PQLVNW&L zsOpS5y((9(nG34;RjrY5^6?uj+G9i(M4VEAA0kIG%D2&J1y3TlZ?Sl#q);+59h&Rj zJc2)ym(d!tJfs{-Dru6e&1kK$pkSRZsm_Siy^H@6HDawu*Gm-PK)}T{^Ef+6wK%Ir z>7`?{xDkbfOmC&5gQB`RUe&+(0S{3^OL!{LdlZ2qv<=MWdt$pc)T5QJrsv6F>!z;7i_eDGm7fmj5Yu7`&T?0b4 zRRG!Kv1%-_*TtK%I}SBskNOUvr2SNx$6zH^&7G%75!QM8jI99Fzz)qxaR2*^sHqR0GoTc<`F41fOdY$QC18|92( zzp+1kio;SeWAM@Pc!jz5!}PDJ>jgTyix{QsN+7*Ur$!-yk9Ct3IGyBIP!d*KI2={b znZx4Z(r(%$DjlXK!U_3CL!u=$lFCIq;|_v)wA^qTFH~1@dLC6~xEKDs!N1rE+u5n$ zo&IXVYLP$vNuJNidvCg@w^!_g3wI)sMc`Or>IW-s{#rI8y~Y8Mk5BornuWD>g$kKg ze#bn+c`x>!-V<*TkWq(kDK7qnxLChh6;RG}fA%+bxSuEQrI76)Yy(b}ezV5??2})U zGdJWDeyd?XmXm^8e^@apqP5-lJyxub7z&UOy3VJaZy~L>(@>`J5nvTCxeh|d2D@_s zkbgd?Kxdgt3*YCL1wc7nPdtE!FgUgb06eqjk-qtU6sR)A$zd1?4CVCNyy@&BF<(4m@7nT*9)?JNNInc>^VpTGJX&OFX_G3)9zClp z`M$hbH3b2)&D1*#lxhSWcCueDR`@I_d7w$V0+`)NlqvISOy7P73*LBLQVXTv<%sUb z*18zI-K>?eUn$bt)vQn3X8_=XSd0_s$ONb^MpzZPG^Qhkb(46)lsHPfDrouML4{nw zKa8HV?Y?5MGq@-X2+(-{1ZX*;?EZ@RDRcIE2cTAu{!+Nc5s}+VF~grXu^K14T8vF6 zF1WaBMjc(UJIVI~N1W9R&EU%Dgvgia77VW0SR+qO)dYhED;K|a73ssU5JICdw8sRC z%tVqn-Z%0LCzxL^8zy%<$8!W0;Wz@vX`yN2sQkxJh9dj`ms z>p@Rv;=OSn@Q4)dmQkOkDtn(GJfhhXce02E8&M+>=2Dn*fuXYI;Z2|YSl*t#)c0(vL)z~G~%ud4CSCHI#)r-ISP_im9CeP@R8npY0EC^jn`Ui z>pE3W&1ZqeG!`Za4U2WCd+d)|wtinMIpxlo&zkxA<9pPyf?oa|H{rez*-R3L-7yUC zN~|+*vh4a0V{(t*Ka{$uZdRuiNN?|s z6qdc*e7;G8SoO6672RSQ&UAdBLktPP`IKw$%9a56qpW%exa0xn3q}fiz3gr#Z3*)? z{$ADlS5mC>L*)ldFCaWLMqu`?ykUl^S+6~PN| z?tlJ_@qAfx(i#y$H;bxa2dEDmEg-DjETjQ~TJI!v1DhjUr%%2B!3e_b_PBN}76!Uf zO?%o&tX=MZD)KOT6210bgOpKUqJgZV^PZ83B%mPFIb{SqffmIEx-DZ-@`lNp16{Mb zQI=?%_J6QYW)|UADnv-TkC^eE>AtD>#5>cWg{TEE7oWa>$jkJPF{%a^!D6fh+xl+f z)t?MFO|;?ARea7)sl4B(*86bqwV}Osw5sB-0Km#Cv=FP1&5}?^9&)~HrHIdFs1&|x74#HfI z$tVb9r`6g5fV9)sp$Di^=;tF)Wv9*OlRgo}Mk*Yz#Zl8M_qW(!P-42~d<;eZQbJ$2 z2zY@}O%V49h(Zit-{qjVy(64eE&CSNkn6>mBspyK0L25*oPChBNz1Tq<49l4wb(-L zfc#^#mnL`w+K&9!wYDJ-!M5I-b7gfAKZ0V!Oyy=RgJfna}>`)Rz5H~Iy>9)PC;c`=6Su|g>M z7zhIqk|Ahsm=v@7=qE$VM7>rM8BF2si}tm}!bKjs3vfRMg=6`A?+}g;15}Yy(x=vD z>_aixw~Mxtyb;5h=fYF@&bCE;H}Cw0x!2rv%s>!7_3fV5%risug178H8qs6*P-ezk z8I2+0$=ldzYp=*;%`sN0QLa+qIkU`-9>=@Q)9Qsu(8}<1I`bA?AvUF*F#7age=*=Z z9!oFAB^Ug&XCUGSG8ZW`1w8M6pZO1=?OKZ$6>j-vK;V0 zSbcb$jb>NA=R|%hvMm{N_CW6<$AcxL1 zkN@QY0Q)|aD)IwXr(NHfb2{ZqamL2_kQ#sz_`pturKX&H#^lgc$hm;$%Z7V=paYa@ zSsnn^if0(|G7+|I9VXrdygTDKl4&pgtK(sJHn@d6*GTR?kS$jUV@JZ<0AsagzFXKX zQ@P;%f;;nlpi9#K?7tX=_8|nW)8(%th6#dqn_^J2VgNNtr#jEb2v`(Yq98m=VQ&$T ztoeLh;OD3tf6r6@0elKl+6CT94;el|nPn4JGD9dNZVRf6Oi77IPWBp`eAwHO z25yFd!&4GtGB9$Y8~xHx2Y)uuYCi2~CXf>~f1uy(05f(l;r0~MTo9Y35&u76(w}c{ z+z%~mvS##;gy%39GvHW^z*2dI@ABa;R8D}2s**(mw!)MmkO}%?(G(0cLJGVqH19+; z5#8W)5F_M$Yt9q54rj9e0ruoQ{~#5yELvu6njirDe+nCbgr-8S1*{@O6}$;3xgm;& z-f02b{Xo~3@@~%IaooDde<0$&P%)5acKZ6OKJdg51$cyRHjqzNr;`-`dIcD!7jwM& zFg1Ars8NC1gTVExi2pu^e@DwNA`2sv6$47frSOImrqMGWdXSJ^HPb<5D}WFNJ=@DSc@+uZ2JnlGB(o(GV2Or^fZr^t=u3iIJm?zl{F;g)UDwx#qR1yBm9jUrLk9LZ{ zYQRaEPX|cwC)jn5J>JXcR8Y$ zy^(%iDloP=V;RBy{`{_$jfKh^IkUpBxq<#Sk*^jBy>5T77t^Se@_EtpQw}aX_?O8T z32}l9cihILCRZFojit1fS2I9dNfoud18|uPSwd8_l%<_`}f8yBms z3p)V-V}RsXaLlE0FW#Chf-a%MK76P6Pp?w3Od(l=Pp$B7m43V6kr8_|qE0@9nUS|$_w5iS~z2>l^A&Lm2 zsNXoT-6?4J%S(zVhW{M9Je#gJP5E3rKJKqE(xHizqr<@v_9cOQ8I7 z>n~B~bNnLuYb~mjji0!rMhAYAsMPN4KjMj|R7%Gwxpcj#?@$jDSM;*;@~2k>^(nIHfiUN|-CEeXQ0s%_V^PKbhK7YLO zhs0;@z3&}s?RBkdUE9p+JI8QsPfVU`OzpU}lZ9GY$lLxI{)yi_n_0D;;yOA{Ca0#& zocT^CYgCH9PkzZ3nK#eO%VU3NQP`G=OAwrh9Fo+;W)5h025|Vw2qr!lUm2`AT8%$v z+76hsz&OI3RMA6_782;Dk>_{^w|%w>00>RqapUNE6E(yL)x`(eqb4oKs&7o*n7p>? zBrfsh=o-?*9|^N@fcb0%q6jmYyLRk7B zhM4eroxbkEf#u#*{@Dol@}tUy7+@F=USLOBe=F0wd|y#jslQY(67Mz~K`vzDJNd=D zFNAOQ=)_gOB}cYVlaoCzu7242YzAd!W6_@KJt6jDuoH-X3rAbmgMKhN@-T67_pAC2 z{Q6Vnn$Jv zII)weD0@t_Cs@ral3eB>dM~&upv~p9RIiM1Kb^(#rt{v8|5AQ$PmO)6N3bgq5ky!TgPYDV!Ye&CkTaATqRT|AOut$?K}T zvIyXyvA$RKu)@Yfx9ObFHJ)k(QW)^yDE)Ju+Va1DpEonv@U^ z^wNIf%1&*r)=bv&2@qlBX|~IP9tyx8Gc4_Kl2)DNPIu6jh`>j$T%XBn#kl=8PZ z>Rc}(_$$`1KExbSSGgiXV-j@d{B>OUMHRmJf5Ri+prf2vPv))2VC@b0fKfs@v_AZ- zj!iz@ZRVqld@Mh+dq3qm9CypkP+<+*e&W&icf>WLYzYc*wQrE#2F`YQ`_^;=O+axJ zW>EEqkSV;}PZOK|-Tc5-N6&e7huKqd^a2WAx3~B7hW-RHkrA$re=#_?fJ12Be#^ex z1HybT@jW@uc$Bb<&4ilU?Owt#=WmM3k9&le^;Z^vNrLxAfzaY3-s@{}*t5u0Afg>julaGRBdl&m z%CM9i?TD^^tNv5{M*1mtOaywgR*7KMIm@RubkbZBK94=2Q#JJtQ7ldGe@P1x!yjY=&B(f{h;d;fLq;%H;t>UXLdhM{NHO@K5P zo>widv%2b;A4#Y1Rp~vF@eeYvR$sEuznC0o6(0thK{(74~ zo%(aqSAknF-AklK{5}|?p=9NM&1{1fV}#+`G@ok^&_T89BdzAo_0~CTz_PmG3*SD?Yn65rqc2o_*(kVq zGbBs`bv=m~nM&)n&6V^~KX@D+dopxkOU4Zmu-E^))AhX6AH^u;n+i`*|BQjeaqkO3 z#_k25qQP5Dly6o?o^z3JHS-yK`(9&?AbE<~(GzOMng_CL&UjDTh9LbX6XN~ldc{O4 z&5x5FXv|DMr|1)EoWq;ecET84Ilu4d57#*&re=#@vg`*C29vi5Xn+-r=CrI>@(nbt zrXG5Cz*(7(>o3XQjf;gjkXfA=LCJ+A?74QafmZ;{aYPbm0jemCTsD6-T$ScT}V6~HIgw0GXI zqjD+4!GoEP*jl2QCmczw1aSb?;;o_%n%X80T*xwf@=(qRhbvn|YtHrFDzhg&(O(C5wW>>d!Xqxgo!S3|H z3S_+Yi!sTodIwnr8}E{Id}zu=>HbHoF3Wh$XbZmA9k1)iy5}F3iR8$Fc@_m$`fKpn8xG1&FUQinHZM{!x zqB1!a#)r@hV{=b(I)PSS0|B`Ri^zv^u>VNSaAoHQ9=VY~IPCiQ=3P91opdzX- zN!zGAGxp%+H^s?V>O_CGaFf4|`9oB5{_z);?+eL;@{YVzvIT##o(BAWSe|=Hm*Fz@ zivA>p(g$RSdxV{1>(1P|&>DuIirdG}f;~UgJO)C^MS3E~@&<;K$AFu;r#uf!FZ$>} zS0UXuW%|L$Ck=<^I9+syiI9F0Z*a{KaC_@$L{6X3$^2LH3QzC%u9GSAsPC8z{ld38 zk{$EdL)HTN+xrp45mS|g+>6Cq07q3&d-`mzlJM8a8*L{Y*irhpbSnk46lqVqAvBHK zG+Dl&r<^ZXxVqdiVn&?SEFN}Bu~5Q!=~$c zm`b+!pX1ksUc_AYI!HqEQ+)vc+}IUE$(o&i=43Y2M?ME9aE(nho`@s`F_BOn)u*T+ z%7CJmn;!|=%rHa_jaQZdN}UchK&d01%L6zw`q_Um>LS^Dui13pmfm=a$~24-6-uvd zc?2hdrJW@O%MoIYr*4Kb7x9p7F}JgmFl8FZ5_H9&q~-EUshFHtK!=}LJ2LFfHb1dp zHOWV{4b9TknT?$TZRy=U$E)@xlA|X7>a_PDd@B~hPyo_UWp{E=E+=51X5T{>iH(#F!3v$oWrpE}Mr&4>} zRl3&MFetN?8p8i!P?~P6;U_)!IKh+B3mId_3rK*78@Fld>d=}SlO4Tbk`VrA@bs@Z zS7p@wLl-f)qC#=SqrU16E3UYh*y1}>gO}(ecEjZ1+*yn|z{~kd<74{CS@Ej%YlP@S z>nu)kaQ3=~Rd4w2k!S>N!1ZJ>uifDNCF}Mzy1tT&oc-nSuS^>X|kUJlD#qRUT^^(sAWlAN<5O9gCNT?!NK; z*0kqwtRH|?<3qW%!3Qs^jw@s!+4~I}+c#mUpMVTMY8~G^qEeEcL)*jS`;y|I$=r(j z{@B>+`%|`0EFAze7SL4Lb_zXzPff{dyw^71US-gb+vF#p zV6yWlCNqS*K>&U7D8d9T%c%D|b7UsdGaikjgSfHbEEh$OgW+vpYCkZpM4E!KoC=6= zMMIW;gT?8|p?f;SQA*JYY$>8AkzdJ$%S26N6OjAAbt}$q;S)=5EZI-F6EVpvIy(*A za|b49d8K*s3}l?7{b}E_LQCyL%lmpU$K*J>BJ>DGHYvT%~8jALdWa!Evfo3 z!13M(KlwcboXggEG-dFi@7vGUb~&BowX_4?)xGhpb`g4|BY~}`@xP&JEafz2Q5vEd znB;|Bj%ilr%uJ}EJU@1kwRO#Mp!9Av?D9>@6+j1RRT+Cv(;^>ws2T-K%XZlna2~<0 zNcaDTsRMK*dgJKW9dkSKM#68rm$D^Hdl9Cvv9Maqzu(XW*>OICJnz15&j6(cXwKrI zC>OWFRsC*_FF532r=FJ>(i=q&iK?P?bPBni04{?=JF_}Bq88W)oHOP9!mN7vu)e_1 zc#y#AGvz@Sevn|v0iCYruk3?8x8-7Ex7p=f;vPe%MK&?}j*Yklq(SZZJgT^3$hGl_ zLAcj2qswXxDup$64p}fLB;QJLVcfR}y1kcRO>Nt5(s`w-s#5{!l-Ka?>1Q z&^qXy?fW{{ob3xUtRz7q-kTi}bP~_WndTP05Vv6dG^>fvOy9f(!PC2y+0KC1zVElB zGU_YPUQqg-)1qNJ%$7Z)dg(V5 z2)4UyzeJvs#@QD%s#JND^QrI5g$FA5Vd(DzImc9gmn2;rH&CCa)wqAZ;O=)~# zL=_?52P+R_aonG?9%>oQAWzW5F^(5gjWA)#QlTI{E|<(jP15QZl| zQblpK+*&MEKwriCyhp=};)FV`QvXb*1mFPtTa`_!ov$kM`Z1h+lf#^>jF{ zG2VghZ(AwsG3rWwZ1^vMRf`kEdP*lOr9kX#nAjaTOUedCc0|2Tv)28n2|e(}{Ws-Rq(f z1`^~E?r?mmUS{9J1{TN}^b4g4j+T@yT$xFIW>uf=5EOaJw4@e9sp7dQG$&uPLr5&| z6h5y0_7SJoDixe+y`K_->2>N-iA3#1Cq#jElf`z@vJqdX)>jHi$C?a+yR^5FcR3_; z!(@T%{pSNsfGN^sqog_pY#40-pS;!cVqmk@oK5>Vi0R437h<~MwL;Yr1%iQO7jEjz zIc0*_P*RWuTatTiqgUp{E;-N2SPeb`-{-IW;FGmS9s~a-5hglF=I4&4)H=^%G@_Q* zlfC-5cP}paPjx#C8+K@c#7)q)c7|M%;L`m=HE*PmlB5wxb9Or^u%ClOvP#Pnyh}mmkbQtGo8NpHS;5Kjdn^j7AoH zy3fs?&BqoNXD%tpL^ZhkDAomu}@L_!tXl&mE&>V{%4LyoB5@QaG2A=9{%54fI%-zg<4}V z;izCOO=!~T0&qQed->GNT#|5SYj3K+G6s~K(*s;TZ1+m*2)J)hq2%81u=48$kq4A_ zMfV&4k#u*bN%8dOmPP($p9c#pyPj-F$h-$rWO(?pkA)t%tBMnHIy(HGRyWOa%q|`! z9En^Rw~F6Tw3OGjrDN~Up1)UJ!Q&qE0AKD+qv%1^nD!EoTJvwCH@jP!C?xFg`%$CJ zj2dAC$Kg-fDoA5q4bgf*VZ%ivAQ)m&t@Ma)zfYTQYExOcdf|)fobo#W}lrF z|AKw}I*w!8I}_Y>PB31Vvux2Ic{N_dJ$3msr(GY`&BQ#Pp1EWaTXKunI7&vut( z<9j&xi(0p$*An%OLF{slAC%}iiA?$8yTldQVSJ*bw{O{p$a5~9IH262A5>kk`D_V| zr$2QyM2ifvSygEfvS;07EPg>tq}-#zWwfIwd~xh|JmrN`SW=wkOy8)z3r_V|uKlQF zTj%vas`cKPV~*~Z*iqHP8H}^7ptTjbmgBD-1*m@T$@2#+jYLQm@BZBf;lHRer>a6* zDR>-rUpEn;apAl`4rcpY8s!`xAzDWXBcN2elyyNlg(Gf|nW82dzS;(epbem5{3ax6 zuSCe4%sEVZ&HzMN$<#mn(ScZrYf%3>Hzs-VWenvxb!%b1h{)h=6Dh{yw>gODfsZ@_ zh}Q1=L#5wd)STYNxess&1-^LBJ|lj{`n4(V{P2te$#q8xTa-T93vlvN0^4(BiE)Fd zo%u31Gz~*?(MJlTK-QC1=n}76Yr*r3+WBdFXwo-cgG9##f*Q|D?c;sjqo1sNJcHsJBH#k!PC=^8m^io^76hb(~AJY!Shg* z=+BRr7rPzWE`;yqg4i3IrHD7$(fK4pZrh=1xQ7JBNHPCCir~w1d-h;kexiP|p1<)I z743{$K(TR=m^4fkD|4W&0-uyQMsJvgIR>4UL86OBu`|8RrYRR5_BD4G*9-b6P-JpE zKthY-O%J#!=ho>Gz%Mf~GGU8exYg>4wkx-@0py2@$DII;{A9i;^BFMu9{>7QW<6hU zdy{O(oXQyZZ;}F5W@E_DjNRp@{T?=hJeAJiOg>un%GV+R%D($v|XrTYcCO zx+i88QrDFtic;4UNFiWybq*yA`eVgPS*~9G6UZS=;!y2Z18C8XoAYktdcgyd-33M4 z z$*y%?^*w#0Yf|;%n3F*@^t0N;C&Wcu|ytadHwn zBSj6md^yrigAJPXN1kAPQ~iR5XXxGF08!dX1I7K|;=m?I|3osXXPEA~y+aMrbT-Gr zB0NI$*s}__69Z$P52#Y*?enDk0^pzC`}k%wf!9pLznL-DdU2%T!Mfj-sg5bZoII=M zy|=Cd@4Rxu!%i)BiTW=qHMD1$-}Ibh@!^oZUQ`OKxCMO&e!#gInnwJWESMoA(TF`J0PC^3*-yAsi}#J3)GQeCC%|UFDQC!Xky!{ z0a@CLgLl2;`CMCdK9oK7Y1?`OgVOe_zS*g%IA5;){fW`_+KN1OzwkKS90JRNov| zvlvjnc^rc1FR4*;3-bCxkO0HN&ZIQlfd}cbDKTVA9!B8lRnR(Oc9oA#6dYVnXJix^ zTIiJNdOC-I>69-@4Cy+MJ!V|t`hPp%t1v*4<32cIYjFO}SWof>0L6D8R9WAvT(ZD> zA&S8Pd_Z%?!1~eX#q8f_zWZl@d&hlyCkm~3g8p}V{RPQkJQ|2ESB-zq=0E=@5aO>w zi?)XB(>e7v7iqzpqKXB~WD0Td#Jhp_+9=>Wcq()~ux6g8s^7a$I#nw_|7&0$M*t{s zHX&dzbks|+bWLGF1RDRjkK~_tF@O_8b2p`@RotirX9@Ad3k`thGdd;|vq)r}N@9a1 z!*v2G1rQUF;Qzf+n7h*2&uaU>(K@pJACenz<4PAG+91#Sz~YJu8 z0TGS7bbI^Ytw4tbY@YYrKCe$2uN7q_e-)%K$SJNpvd^ zWGxBVqpVHvQ9>h1udYR9C8@G(eC&T2um)JnHJ*Nfi@UgpI5_Mn=&H??I6^O%bX%TL z9q}&hjMc^_n-NbR)6p+Xty!z21)svTYF1j>ZeFvh@k+n?lxla5DTv^g-m?Y0zcR~4 z;#vR2qWD2G-8$KS=3PF46Y#JE>ymeBg8VDTU&#ms&F3z0^L1TnKfbM=hwD{5fl|Yk zzJK8~PPLK1U`DUm;SiVeNE9NE9zPebg2N7bH-WRD;@j(75ZVehup$?T#}3V;N`M6R zy+}JCu~@qao-dEGoBgDL*_vOyi_>IQBZyA2EwwQ2i^(4~or;-Vq?<0{49?vs8BtFJ z%Ep?CDYPIDCx7F)YEteAvvFsQ6sBRs<=*HuCje?ApWK;P=gRHd*q{yuPqxqcG&B49 z4s1<(zfgeC3>z!ENMF`T$8DEU=8N2<0iC8iu5h7RT}%3Y!BCYRK| zUNz^hu`}1^JJ;uX5%X2^N}ixk-TVTKd;z?(il@KR3HTYqkk^j~LTpDj3bfc!Q9vA; z{;UQ82(~u?g6#|JR{-6rtLplxf9uaE17aU@&DKjavwa!nSed-@1cO>%;ZkUKXoA#i zCqL{64&@Qy1dCT@r~mPhePJVjKw%bIR4`w4frTBg>-yK!PM@btWQE0O42w1E40p2J9!df`#u1nmhXB zIz#vH9%-=65HA*)jW+GgK3%zMK>?=8k3k&bo}L(n!5$5zsuz06fMNp?j{*E?$D<4} z1h)1`O47U#S9=~}BbGYz-uW&t3gBdihrmG0=b#57L*XNbc&0+o3R(m=^SbvQB&5NF z<`cw9mMgOZzJF<*;EK!M@J(V*aD9nhbd{KH&hlmpEuZavgxROAaZGAc&H{*G3XS!( z8m7zr*=1=L*f?_zL{@kdeVK45sj>qyvi^?kodIRvKE8 z;D=z57E!zOu|{;pwXk&tP+J|~MbohLB!DdeXIh= zsHRWNbxKgTdSwzSke+UrjoA%GbL|2p+o5W9z%+Re%ZQ~NT^@5IdH(H*iR+#uQZ3N= z^8(y(Hk)VH^;n@qUFK*lo*TgOnRpEB{%2}lIw6W9`WOpEa0F{m&RLV`xxLiku?AZcaaclKm_~W6d zudx*-rB*+vYN^Q{4z3TcU{kf_$(Ja^VMACM9g*I5{YoC$$<@0{zr-@1ci8i&WzZUe z8@o^V{*NQhBVRCQ;isD8bsp*~C5liY4$kqV6X%m%F^k1}UG%Z<20%NH4J88>)^8HP z?SkrLVP5gxs8=-P);2axVqwCg`I;pqA5?C%tJVxWdyy@DSf54=pKKM0CUOFzW2-UjK^9FMQ|lYb=wzH>s1bBtkSm3>3ET; z5$Tf+xnfD=kR+2<2P`=AC8ri?&-)dTsVB&eaVts4x{h-Gh0yGA}4vu7O4do$2MeS>BKX9~HJS-Y}zsWVa51fY{YV&uAal8mc~Y`QI8TAFb2 z7TuvS>AKE3D%?-X1q|}tY`_F5;I$6{9&vR7FRSat5}M|_ZvKZFPI`LWLNpuEk@ge7 z!w)y{OxCWq31GW`=|)!;CEx#XeL+BSS+^1Jr`tf#@jM9|*hzrG*^2^vmr%L$!eJ>opNT~Se02LAI1^tSu+JiV6~*MtZ4UwHEAzyr`K;Jp3|#=u_> zWUv*@zYTgPdGVivtkpc$80%`Sr2D@s#|Hk@lfNFr|LxD5!+D}0D`FRpr z^c(2U4ICyb!aq#`UH|I?>Iy%v$3u0m*%A2N4|D|vc*czs_y|}TgHYMStgTG_-yeG1 zhxbRTzi-0C0r(R+;5>~TuipY|?LMQ_0p5G(6MDDB0S0vO!f;#tb{!x#pVqlhH^H}1 zc;!jLIk2`O15~~m(=M+$t|xP3O3Wp5$xB#UQx!w!OwJn|j1MRrb^^VF!S6SJZnqB_ z+n#*iJXryQoL1lIQUotU4w>4Gxl9eJwOyMFOJHA5T-lX%yZhN;ZqHmU3};seO~C6} zB@LSf!l&a=jUF+$Sj@20AKy`T`oNT!r?!6Cwot$N?M56RS%elrD6ZX8yiZDM(3Ek8 zSrH_tM5z4(VBE?Gp?p6M_ihQsn>(JxJbdpwK`%+7H79OyMo3C;RkmEkw6Wa0-`@mC z*X(q9i?lQdA;q1YWnVnRte$zGrXz?cRz>LxVCxUUgpWR*>Uerh$lz0O^3U#XKUV`K z0YE+J)!8ZK`AYd!L5WzU{6ZzpCXBsL&=3#!w=>^eVzBE;bX;6Hnd>ZZ(u-Pe#a-ZV z9~?j{J|=B|{Y_ILPmHP}i->p;g&j0}6eMASuReWZ>|m|#Yv~#(6pA^l>5Q_QUNrpS zbs^qUcPVZ)UZapgvcA8aCsy7olAT@iYFc-QyF@GyZQ-Y)!w2TXuIM+v538u<&PWKsKqKRN_>7s80z$-Uo-1~I+r~?is^B`)WEpSAz=K+kk6a4g zdjnU$-e}h+ahHoJsF32@oQ#Ps9mp|sr$V-9N;^jpN0y?7l~*GB$1R+0$J%mJmWZ_T z^*avRqIHtS#@WKBY4$nDG$!d-n;BH~o284>b%?EOgr)6yb;IGPkoc!s%|N`MEF{mE zcmnEtD6E@AJ}mC5_+}$2HG=cJxPIx74{;B5VxNhO6p{#a=?j>v+3|H;s=K^cROH%C z<#sPHyZW$l_*U*}*lTS&ZB&QUG?jB!C%VFNGL>%{2rhBgx>~B8kyr^7|}!_64=!9P?!MYU%o&n`fbVIpi>j@^jZZ`T1|C;o^2FN*v5?hVa^6>oAg_+q=B{bu}eL9>Oy! zf*Lm5%W_|vqe^Odr-mfAvK|DsCA%nlx7znF2i7R^^NJJM5e~PLJyMR2S-1X}N^R6* z$AHJ~7WF!7UeGN*?g$b!Z6;$4n3VmJ%U+L*n345SqEm^g=D2QMy3hA6?NkRX`QyrR zWfPSyLQ2W5^;}uF-A&0(8InW>(2z&qKMApoGuB}XhOHyN+X0xuOpqo!_ z_&7cL=_fU!g$&iYqEF(riKHVGRW4qg=qDDJznuEId?g78 z_mX;!^m91;xM6(hi=;|7IFAbJ3Qo}Ntae=CkNR|{Pe|e+@AMN+jKP4*rWWyEQ%Jdz zI(x>x^uxN@>GBYqjrSdxs{RALH(Pny8&M%+8&|X>DO_?Ji|@6edZwPIjpuW#hQ^19 zJbkav3z*rWP=ySivs}sYCyL8lqn)7roMpO@#&vr89jn*s1 zWJQlXfzkkHVU188gO--|g##0=QftWhTe*>8KO^lnLHF4v31Gf+~PiLSdnwz%><%D?I&<7x~((49iD^Lpwstoi|W48l`IX4cN8 zPJcI^_HUd~+LjV!oECVjH0&-9p`bW z=cq#jX}oggv)L#RT==EnEj+k;`e8ObfJ$H49|v|haZvy_*@M<jl!%@g~^yPLYPK5>i{&K&o7tKg!t=Gk=33lh!V7jM} zz&R>FTv&Q!!4=_o6zSOOT?8tC)#{&Hha5J13$c?$z{|SXU{Rvf?yp~yABHx;OI15& z-mVm%K!P0I|U+WY)@pgAh?tQ#Tj{lDfo&AYhWmnT*VZQchuu427s zNV1`AkuP4MH>2mxDveuxf(qdvb? zedEz!`CvKn#!#{DSM=se`EpfeqPU$zl4y%Yf_fLC zw9TWRSHNvEEg8$Av0f2nO$75QYA?6}=wb=y(i|Tm+&sOt)Ob~OD_!!xa4v5Xb6#8! zB`+;h5s{IScJ4G)3*C&8tJ+c}yC^x!b%e`VZJk63zJdI(4)U04EJ!ty7d=a+3$7z_ zy&7ianBKA&%KvqgOx(!6SQ6L}a@4oVO0iVcGA83bAkhyT#7Zm0AKt2LgUQc9fL)QDk9 z93Tu)GsXwM^c?~z98Ho=)%AzLu>otJ)7#`G?&s!$O4F-8%G;>V<|o zKVDY94S=}>KTMM66|SlTJ+#CZnLA$Sxl@yAv^PAKZQIXG2cy|-pDm8lrDxUp?21pw z>3TcTGzszD+~ntoG>yaSimRpG2+y$#1t~tB@T*NbvBVMDiypAo61_t>vAC_RlZ{je z^2Z+SgmnviPj$eplQ%VEoxlQq|6z$jxoylYEe}KTM!rOT>JZZTQE<#r_qwNhEK0r+HIeDqrE=k}8??RyH?sw6PC@63Qc-vYHj!)30rl9K zX0wLV`i(-8jI)l=$ovx68cVIJJ#9~OUgZopp=xFNVp3aT>d|9v%)hw+-YT0TmwIQm z@%{>yFkM|0dxO^BFHJhH6n8y76#NLcY0fJuOam2M>^E}I8BbE$3S0~!-!&~oTm|!J zVNTP@hk3JYcc;!~npilV&J>;@tJC&rb0A?NT3<~{Pk*?6xDy2wZt0AOG;9>tcNr2P z7|2}Ko~3z<(B0&x@>k%2!y&47%Si|8w(I-hd$XP>$s|H=E=VC8ynyR)+dhW)+vW2W zN(E(IUXPCIAGb3{?aqYe9*7?rhfv44)V{uSF~BkRZthg@MbMda2l%unodi*E88>Yv zq?3sQ_Q|@Nq4$VtCYaCm?OXe3ki`(>%;#)LS>0a&#-Wb#^*m^TWDjYqP?R8AGCnET z;*4?}&*8MkgC{yZdHtDahDsQDg6?FIv`$1^V0%|!a++~}AZFIYXFnsOmhA-HUF-KP zLuv=HV!*Yb7$NeK`SiIZt8^zZ*n9SKM!+OSW&?KV#!V3{w|BU3*6Ev(Yz!jlE%wAj zO~fW)z4_vw?ARH+mi$e#8a0+RRds9{L|yFIK6Hc&W#{F+lak)({8ituzV*eQF*FVdO1*Rg{%4y^-ym-$B@)ME#y>Qq(8Rcxte z`ggp_W#DWvY8c`uA>lr^%GH4)OH)Q&E$YPVgQ{W`VsTxsOY@21VV0%c1BCO&sGui8 zZrizY_CDR+0DVR%BI|vBKG~31JLVRUtafTxY6!slS^_<{Y7KhpclyZXS5u#&2iO)0 z7#R>tHVP2@5ZFp%N(S%z&g3{t^H9G;rJpS(QrZN%C3KQqa+F@2jhpY+XMO^#T@8Z|T zt22DBq3ceJ(6a_MUD2hAamkV4c>#e|M!&vXmnORp8p=;$kV#D|Gq^qgp750*3@t7~pT^j?#LM>i`A z&O8grDySh8Va*eWK6~N2hkSfJu%hiaCDUY=g7=n3uXHL_O*?ygqh?%YG(>nX7WzOK z@tgX8Sr)8v=hiuIVIZ38m_-i_rJs=QIZ^FFWKa)Yl(C|fDlIoRjI|`m`h5dNyc51E zhV##mt3ZKUXJ9p(!vz&-2Hzek-^Kjwb)z2RZO!vk;de+)4a-<%WKDYhx&2nBgXMxX zEQ8+gMn~SSH{CX|V!RbG%!yX;!DlKRz|S0KpV=Zy@Zb{UvZTsgJ~yx)-wnD!#ME^5 zS&O`~DUPjXRZ+t>qq?52)0I8DTFntMz4mEq;A)z|G}+N-)8c3fPiu$1Qh-8#7#gjE z`I3cqATl7y3;~~&KKelJ$8N42MJ&FhcuM*#yt$BFgpNcfiKQQUTsG7IdnivoQzGxj zeh51fH>L0x_hp~(iVp^@S5NoPcw6se-(g={z75yE)0pLa=n)+1Jx_cB$HJk6AiN*l zUou|myNucv`QELO#yh3aAgDjD+7!2W@&j9Uu&xG-J;EjZ=93zO%w&Q0q)TsaFR`b& zW1Kt3{v}QlCh6K`1|_eJ9nc;Jt5s861F8VeA`I*V!@cJk^uhAz^{5!?g=&A3QM+C* zq>k9cWx_r89k%XXy_!7N%P)QWMVSls)n_*KUE>3E!K>!2vgJg%+EOKu6`d&o=@IsHx!{OCU@37?dfDvwN`Q zYz3Cx+z>n@R$Vgy;4BA1Co3>pTy0=v2bhD`JWyjIJ{B7OsjQsb5m2w_RQ~c zY>VUJ2H#kUm)0efrT^EeYJ{T4Ok@Z6R(*%&Ou$9Liq5!&6+HIPQCDcx<=G_MOL`56 z6A#;V+m#MdYYah6am|Cxa}{E7@?l!%{`ibr2C*8pkz2gHu}WRV;e|;RM7d2AMk-;t z;@ubpE|cgHnePr}icQWaBR z1P=Tra9h@ls8YjE%$lUSipKY~g1s?B2Kx`fYC)4hC9uZNy z(u_Lsy`R!`nX)D$`MGRP@@|7;<<#S{eWRE|IzEIUXXAt3f?~45Sw*g06^FVz*I+hOt7&ir+;Z z9dV39N(xq17)`tfjA1NMFIyyD3maMQ&>!XqA(P8xl~F^B0W@BbNj8nF^ZE}rKFofW z)E6g^87`6U|00p%A?E@+S6usD9Kv#JlfIuMWD0M{o0Sd&pMNaJ$vyjh;j=FTw=Cw( z$j6mB>N`L!@-AS1XSZ#3Snb9o?LI&?hq6LL9v8sEh7e~jJ|~a`F>ONp*fq{(tf`I= zs>prcBEKpWRrQ5*A2&OFMZZUf9;}pibo^1Qi*s0$P0}<*%fSc1u%_!{{ikf%p{7ue zXH2Ko-8wM?haQ4w^2;g@If`QF{E&Gj@zJx5a$d-w<1oI@%b?tN^<8&PyR$osE9WPS^}lA@l$O3m z`jjz21c2Z?Pw_5#9g_o1rCa`^8Q|N_ySLHjIR*+X$?}93`;`H|1PY6za;0xcd>W8e zBZ%0bOl5&BvtcL^+#@evRnmxtzMy8gi0ffJ=QdV*Sij0eq2S?f1#0G1SX25OtyPVLWQuwg4M#jl{mdja*x&4>vi&mhpGxh%VT2K+^W_Q8{Q zi!VP3DP1BrV!`I02KpEGefbu*JdzgJlu^GON_3B+gITv0HetaXX3k$DX@CiOar35d z-tRZ)7yZvj`WW5DN)W>8j0$GWnvj`2j*0t)N0E=VDom*y2>O{L;!a_MXKBM9IOYcZo12U}NSJ@LCzyuXRH|TI8Q?VBF67_~LE^ zmt^Ywcumtle#bYu3(phjbjeHJY;c^$?UfsuT-NWItdTf>7PD4!LhR9H53N&kGN6?5 zdnTXCTZulWe>U!rmd}T;&rScD5evQ6nxA|Acg>;SMiRs4F|BF1Fe9k4@4o$RnUInB z(W?{QtA#HhkHtw6WBa~W?&d<}NVCWej3Uj>V2$!f8QHQHH5zt_60pkhvKLzj-_|qK zmYuWIw{ZuC=;@&UU+%{Wu1^Qe3})f4Aec|UCS15EEo#@<^ln?v&mA(%=* z%mHDcV%A-T(TOhhg#z*Y_cPJX*!S+=n^@m!dvtvwTdaILWHcMDk2_>Jx!jv5u%?s5 ztx~7sWvon1s;*0ZRbymq{HCuzg-?FciJwt_VjGJ}UgYg(f;yF>Y0E37rNW}tj^gwB z&B{v@Cp*${qGbL#1w2n$ip{#)GxHc1ILzM7zKfo8+}lQ7es}}~|5yPSw})AL{@`p? z4@TIv+hAmAp0rZmoZ>W-npZ=lQ)Bbrgmtq|h>Cw2c(6eflfugzV=rVyI2*MpsS3zI zTYOTACKbEb%l|f!?x|Hfd^@M}y-=*RKAE_@&VY7Ri4}|Eeq%WAl4-YWh`jVCfqbNO zEzSK#Ur^$Gj(b3qbT{vrkIaX6`Oof^iT!IzMgD9AT%mK|G+y5^O}3=JezaF{m~_6r zKbYa}xRU9iQpKYa^R@MLNyq910V2jQcP#AH(a$9kqh3P-W68`rDSHj@VjHb{?jI+8 zFV?>=QI8cnNAu+c=8`;<3w7&P&1S8%Ir?!vO`Yil&x4*4gzxrS9}OSkReKccmK0{y z>RYwFznI<{?2Fh)c3RiiYwJN2Cw+&mu)$t3m34)HPHWFSdvC1GEV6f+ge3LF3T4j9 z{%f%3{qRBv|25cIsV~B7#lnU2tA#7+pV0-clNROW`f3L)L&R~v=-5g#b3VH#0d3Cn zqV`x4<8(jQ3hh`WSSXIB6MFQVh$o(bk5}Za+(g+^Xud{dF>U@~Yem{fpAlFbdjDc? zO#r;alHg`!Va)pIX^#a2P90ZP$Gmj1qWNG&*wuMLDW? zbQ;6(4 zBc$dr0t#m;_3pdki35a+qb#lBQ0R^7xTjnTc71fqo2qx<=Q2~>rW7Z^j;Ccd5 z-Xw}A!yc1;S0jPPc8>@etCp8)qS+# zdc29nx%-lSv!|5kKYk6^JZqAFJi(9h{9-`WDLhI``CtKfOILMR(EI9h4hpr&|F66E zj;Fef|Hm5=N8_xtPn$M^p0+&$jj*LA(F*L=R7*Y#F0H1KeQY9@qMyW2IM^Dx#Bs~Xp+kM|BR0+F3W`LtsMQDSQH!D(ecDiakD|1!P zXHHJsgfNH=|EgiPQ_kd;G@i{bVp<|9ge!Y(dBN9Su(E~%<=oKL-Ff}vhs$whNF}m= z96VS~hRsh)DoE0(P8TF<$=~Qnv>NlKF?Q()6bo4wEUeW`)#%Fm4N~THMP91(3ERba-HDY| z-XJkVx#~$;WQhD)@L&!2cJFmLpfkBEzGHN%CKc%%Hf`f0^h(YFMzxJ{Cv2se>mNGH zWa3X51~BUyeAZ^!&9tqx#$v1Av%F?cIJjhVCx+J{X{Kx4q-zRL^M~l=&!aUzn)+o3 z9+Mm-`OcqqK!p7xgsMwb+K70%2B|VnulSXW zNnl_6Wu7=8BZ@EImc3_rxmG4_!f|TM?D1wfk$dl|Ow5z7F-VP5C-V5><{m6|8(i1f z-@t8}Co-@XsbX<7^Q_l+ZyS@_m17~-I3+Vs-;qD{j3>=%)zY>R7k9qKysT^4tFiku zjojR4*eg-}yIl3rSI32Y#kY?6hA};6N z9gfw*bM<5g8wKVlHcsSE0@$q$QIr{-(m5mE8x^j#4PM@LD3ZNliRJ;@y{1E5(zD4c z_?7lY-`8&=rA*N^YlB4@mW zo~NuLH6ay*U?l0r@3Vg@rt#NiXw)NZ4kMULWBa=(=385^^`uyg(hY9U5c}#g^nJK8 z8H+>RGeSwTR9dH;#zcB+Ywft^8||1?gG`b0_c#T}A@VvMJ6ccgV13Jo#<&yxrFr~I7Uz6KBNn-mMIsvA{Ial1?(AIwgpc!snDy<8at9vj$tHZJ$Q;5amRugKVI zs9vIQ5EsUw%bIQW9AxP)UjZ}$eB|}Q9~&=5f~!Zh+&qu(+5FA?K)}7Jj6)Fqg}dOR zAvs^=z;qh8Jf23#-pXdQ`3AnU-^Vju&81`AlDhx#;ub3t>FnRs=||vb9lq>fa2(p8 zEv&0K&$2}%eRIAydOJnKm|JLlT>zwmtwJ(QcRgrnV5jVkrN>G2Rl2T1&QetB4i1n% zWJC?4w~)m7!(p5==CSj6G@prQu5WEr@KJY_8OGLqB(1r`hL=2M?bzFf*my}dcEw!z zv;*JRMQ-}R0UavOW@vrZ9G>jt_k!uBah0xY=T)@V=R6sRXZlYKdtQJyPtx1M z873NYdyk#Z!u$Xy>kN_1!0dE0xN{BmCa0sneA^skuo4^m_{I<^RU)86yV`>7u|gt+ z`hk7_XcCzI`H(-I$2rv%iNVWAN2|O1XWN;u(lY$flc2sf&l#L_2xBFzY}lW#s?o0={sP<=+2RAG+9Y+IIIqWhI<5sLx#B zEJo^JCI~%!^N+J53(a(JInUv)7aVo;&>$9;@432r$V+$JkRA%#ItnOjHFF!EPJRiiKi?npKXq%qL0z1(W0{Pu@&LfG39#xCj)^4%zoZV+m0qZDy7l zN5rB7b9gYuLUQTv82}M~#{XHIyAa{M7B`5;jg=akL97Mf&4pSR-E6j;SDi0|@P5TF zQi;tPPP;=WPdO?do1*tUu^7RI=ThLYKm)^kAWx58QYZcwaXJCz?0}#6!jDCY88BQo z+xU{O6bR~7uY#Atoe9-CwmdcPSjcb;uTBx&ghxA(M!aN`)}pb(k?lVF_LI&Jfm7nB z^F8q?WCeQl+dB(;Ee!KV4Q1Xzee~q0Sc_Fu!lrX`)PjI0gSlfd&bs>PW%c3npGJ&r z!z6ty4X3Zp@g6mq)^E%m1aHq34fXCD_+_tDE`Y9(I`At;;YwyRp|lGfleKEbO;`H; zPP#M%lD{ZmJ8~1CXPi&zPmRYvR8LcT`=5;hVsg0y)^YugieSZi3#{xb=i~eH6cmgZ zFsL6g1MMjQjKm++?yv2&R{5D7Rb7_4M19@l0#?>-hg*uz&SBW31D9Uio5Bpfn)0{4 zQB(Ykg)tF!Z%8k!JOHlJKo>^{kR5by1F}QOqeYs(p9Oy=3;l`QWQ*KoI_H0#5CnuL zbC1ZtT#nFl@mbWz|L5I*Wy9h-kHPZ3(mYJmqCx9L&iS-^XjL4vz93HNfaKv|!uwq- z1m&OBN>JE)6sAUjdV;$`r{D&7y~YLMNk|;Y%I~6i$dAq8o}av~T*4i5uEolthPfIj zK%wl@;AEx?v;w~bf}TI}?)k-Qu2o+P+@uM_NP0e6LS@ zLd~P>57amXsuu(`k@q|cNEwQp*$+tzdA}KF^&cnd;Vgt#tPf zYWBfMoU9e`+l|F*mVv8tqXgg_Hab?=x|YmV zdMZYH$W(62(z&m;iT#uXo9AnMB5X&-cTcRNnu@g4RG}LUn>2=_)4hKIB)le>)14 z$Ii{3CbnaQ3@Txhnrw~SKz^LR8psxUtXHNSNtnk5~UjZs(pw3aeiGM z#|<&LYSfdLwa*s60yS%q%HS%Kye{23M6V5euN^H~!)u}n^of5cLx12?B5{q$mA)gg z4&+w}2j@UaxHg%J_5j^?q(~m3>1=pQF_F`DShEEr$U`~#K5&*1cuOjgs|o8=Bm=CS zncYB`b&4k0KG^t~Bk%0!sM6%r>=DnTqMBe-iI>7+6gpGv9pE;J{ivV)-2?NeKQT}(_a5V>{0S2 z7qPbY7@DqgUa`0S(tvhLe$Oh=a6nBkyurmjQj$MMZ*m(am9K1CuS)`tNHuw*(X-hQ zZkcx^xZzesndLTPl+30%0X1UzV58#L*pOBjf;32IR+;BSHlZ3&IZbaqv)IYVJI9cW6?{Ts=ym%d_yLBQcY-_91A0^4=mpVW_g8F_;w*fbPL3wFf z{y}fiD@Qz^zDMwoZ~LyzwmPpT7yEd&#_#JG53j!#=leN#JNpj%8_mqRArJo-y;J4^s6x6(W(Oti|0O+7XJ%mxrafl2I`9$C);=%}b z_k7F}*^2an(G$$t9SqNP)eqhu2vl_!+Fj!o6TCITX2aOHm!k1{&_U)4vDg&lJ6~vp zrWT3PAf>A~$sXa<&@+e;%iA`#`Uc%iMtcSFluj=nWLgE2x0jTX(k4(@+aojZlSH68}?8px~b28IW304EUuoH@ZuSv2|$ z+$qhYARZ#CV*Z#=AvY%~+g=ss*x^`?!nkjk+Gn@I5f_3}k|5Ua?pgA@ms44d%x2zdR%&u|==QTXbdKaB1v zM^d?xLK{dLsL_e#gK*(L;?-|2f0BFsd$We6Y@^bI!V_~J#(Wku6;i%0*Q_Tq+KD-9a&*9@>G@KX@9y}`BZe8deI+4|y){-5 zurZLS&FM?TW~Bs8Akgxu?Pl`jcNm}3G`xG6)Y#==){ak5pL2o{dnC_y{uZkTvv-9Iu^FSL{~&yjrkHnfi4TY12k!))Vu2B&gdy- zbyG~8B2PS@!;1alymf`?9L8g`ToRs*z~lXRH|CjPZaRG0?dzWzkV5hO!P%{kFhP(1 z+J*O&5T@`g9kua{D4ucin+4kS$`zIT&6gBh?8YIC2SJxAb~~udhqiO*4;CwaNSHAP5PUnU^pb#;T5eJ8Z90HF1D8F@V$jny3H=1 zz0w4CqzF0x`b>fmb8xY!<{_{395ZZRU+@#l)FzBWJ}(Ho`g)kyo6AIjs$L*fL%W%u z2_};4uOfp?3zRGf*YGlk)&n4qkLPiU^(_(xFU9XY_&{fmb!v$W? z29Gz2#b@bnAJ?&vTLt#<_1kx}dMh;ecB(r$&kf*9b7zIAUICCLJ%C-*2qBDr=v|`B z&-AyORwf*I;XJMjq^!c<8*=Zx7D*2mG{UglCVSV$1s1zh91&s$cRl(T&YTvXaHSoP z?A_a?Mx0kj1Rk}jO52HyVt9M?nt8ZKRbZ6V@nO|Fw z^Ljsn87dqqw<%p>?)oXTq(6eIZ@qrg;~vOqT{vxkqZ!2TSM+(P!vVEW`jV;mOTK7P zo3Z%k0+PI?e_6=YH@@MJ#W+a8srWWz<-(okVzO9P8CmI0i=C6lk)}9VOC`02(nFiK zMQ?ORSnu67x1SHt;O|WE+(e90cy*Lat%otlJ~1!A*XxaL^SqMPZ*x75lm3PJQflU= zZ2)`F?_`&*He}U5hxE0Ej z$F)aM4*0-ae60Np&=j&hd3yM_R->aD{!c|C7<-Spjz#Ogs+f_*kCPsoQ#%8I02P*1 z8bYPP!``sGw&DQHCxUhc(9SsT1NXTBlUxL!7Af57c{d`Bac&hirYv+iQocw$1(U@O za>#RVrNxRw=qewGtY4`?HFR(MJo9h*O?}<%FZY{zabNshd;4j_i?UJvdwCfO!4)B&qQ(H^Y|! zy}h&u`8qiEtV=ucJ}@R6Ed#{bKV$OGZTIK+%bj#zMdfqXtCr>0tK*%8#S7cV`|fQ#m57Sl+s!FsPEH3z z{pKAP&0}aw9ema*92{4goLKd{>TVo8~_I=w){I-j+uAn&aMkvuM(U=OR zc}JrYXr2in!7i^%@9M2aOhK}@E}WsZiFBEw=uCad7_xiNrEU1DsJB$NuoevUvv6s%+r*cv|eK7)ztBGIu%4!X2(Ko#fFpK zGiNjF>BuH)JSJP#j<^$v#d%-)JtlZeFxfFT)6^6C7Xy^!`!P?1b|pw~Co%#=fC+nG znYBC%rBWi2zC5y7w@}W;w|Sqr1EmCGO@-l-yA+uk{w&Ip8w2kJ5Pt65 zNrSfe3Xnz$tmCKD^XCzfRlvxId*|%C^YNYZ>rLmTFOKIbDJ2))Yf%-sFo8UMlW8^g z95-jk_vm9Vl^+c_4nZ4-jjm4eymr;ng-DGdZDR1?g7k#E30tR)2G9PQRypj=n`IsO z)olg}n~ke`ZmtuvHD5vHPHSQ=Y@=(qW1*DF`OYAo>L!JHospYdwnNfl&{iZuE-#H} z%d6UY{M8|YVAbjV8`#twj8#K=_cyc#Pc90RtZg1b^%O}4<3S-ASJRQcM!n;!T!UI|9sJmblGgsvmFM_; zy*ipT*#&LuE%NV_6^HJpe&L-udio|QiP)_G{!-aw4m)e>m91~8*#PB`qr*Zm3;3LG zs(FR4{VWmZE`O6{`gv6aXo-hEhwcfV+}=rFH%zNj7+NRQ_w1S--KOH1Sl38tc;Ukz zt?r?`SK|cH_|ki!`=@<3v00Ng86Cd%)_WVYy`3AcR=ykI6{K3`Ug%?OTxM@{%Tu&| zv!{?H2fjnvxU`4rWrZDLr?_pH9T^n!l(&<+BRto4$t`z%SA6!Wqi)7C1-essPq%o4tdQ$*JfBQsBz+!5}$vKPL#I3*nrjJ>`y}kJ6 zI0H77xU2Dwq4&QjO*kwZ^t-g42W-_PCs`@-%7o=0)fJu>1A>(wP7BsAA5C|l5w5uI z(U;@(A^m926bKWe7ta5FTd5itVJ7q-SQ*RZK|;5lvTeHFohf2bv1&#bCXs=J8}!jN zv?~jKO3}RjYLfxSpULxr;O(KC&v)iLVC|+GC*iL}qAfR-R($ySY5;_gRI<-Cc(cVs zxOB}oaJqNj{4QnI`-zst;*g^(tr^>eu*5BRVnwD^)^nkc?=Nq#Z#JR)W8=!=FegS5 z7MOh}W;lLOmXI-u_Sm35>cHM+*2dT9E=V(PI|hf3)Bn)>*@9irpy={q!0H!E*DZE(9Iwp40~d zX$3%=k1!X>_KVqXO6aFnHU)Zn8@L9e5pejUE%GBno4WTvTE#3*fzjB*#RZ?+>s`HZ zO~{n1M(f8@4Z2Ynkbn~+7V!9?L&#Y zU3Xkco=q`-99Bv=UjDjIvR4E*$jn+}S8L5`A3_ndcd>I@=q zU3hZ9wZS?p#yl!GIXi_y*+&sF-`zgVhEH@pBK)wzM);v19A8(I`4yAn2>E96e#*i~ z=ksD$t`V#(%aU5%L!PmQsSpt_)Xl*Zr;--R6Do=G226H-EslQMGy z`v6ZjmY6k(T(zpUaQHCp3W|%}oQ|Y$mXb<5$^G-phK+Nq6Op`IT`wm>ZP4RMpSxXZ zK~}{Vl%7-|ewdI{%u&eey2)9{j=A_Lxmn}OjljOay^!%b(c-(~Z^SPO?7qBsOBI5; zp`q$h7T;r5chKN)awyyOlP*WmIT#y@1CEWj=Z9(lRxNKc5#&Vpj{Sj~POa}SD|hkI zV?a?s3Cu)_E3xIMXp&UxseG9Gx=#?kl(R~?bo^o2V}00bXsqAmc5i^{{aP(c-?)aV*eeeb#iWtCQHMxJYj7GJ*?5 z*zRpc%8yK7Wl`N|U~-JRPXvTq#pF(H4Jr&6!%J*DCXmb%w&b%p_ep?mp{(oX!_5kO z_|5#&SIDnZ;PU}Xq=L)DGbj9wF^=%3R^Tpb+d%nhaegr>PZWtjQ|qERiJPZhv2rqC zW)pL-@7a0Qc$ei{Q}Ngd>N&dWY`nY1XOIb>BlX)+6$dGmJ=UApCW|Ddv~R6yhe^g8 zth{46yVKs~4Y~Nz>LU&X4WcHjIq=NoYZH#_!4zH@_)?-=nO2F%4tewyo72!va9D=}CtQPD~TIE4~N);@YQ7m0XUnX|z z%ODm= z8*ia?xzC^j1yYeznjd1u)dXV3BmmbPtxj9TgpcI9C%!$2a=jcR8^>Y8z+R@5M9&m~ zG#1f1*}u4xeEeZ&b{8iPILztGc;w&`UoEmx9p+j0JTq`MSnh-ea=6!%x1r*Owb#j%pfXWo6YCi-?<#4CNS`bc z_#Oq=G@_{>V*v_Br6cDbH1bSsk-2>0@LD^;rVu*r(yU(t-)0w)S^u7`_smn|{<<5c z8-iP}SzECP$?3JRO|F!Y#miOsg*9*4qb1+V^Hlp=iQ|&XaMWelHjw#=7M5$FpK$}|l*Erz&q#eRo1<`K zpz&=3KzBJtsg`4u_fRB5!M9OrUMTVb4~3N}Jct{%56Zy+9_m3_W~=+PU#G=!|EgM< zdVO<5W6gb@6%;VmYCF{8f&-qGV`C#t@eG&G{u1J)f1r(6#br3D(>ExD7W)TM$H3Xe5VEVj!xRkBpae@EBP-ACeb=?i@HU3 z5K51joiWYa^j_Cndu==3RlcxvPdo(zz9{p(wz!9FM+w?78?vpxWl%w5S+1kj-14Gi zMzVj5T3KS%J)S)*Pi6s}_sEr!1HFYoQqW2!N~L53A)1V&v#DJ3TqlN6ze`dtp!b(eGkFwZ z2|1p62e1z%_63IiY7xFLD8|m!p-z&`?n&l5*$ETsCCYBa3pW zT*?>u>0ob0j3(X(2s4scL*2S@V@aSD03om7I^SRnu+p9%UHwDD)8(Pm`7f>|N<4?) zIIoNNdlp87&PuWy;Abo}^%t3!Y(WfS8v9?A7)kZVy`omWn4lc5nxjPn%dL3Lcm+g% z;R}g}8JUz>os=PgeP#$bl*@F^?usGR+HZZl(WIxCx`NB^G`CNK)9*n;`K%`&?oU`! zRi;e8$RJu>aMz0;Xf~Bp+b7AnY>smt{!Bq>aOFpF)56egm_EaBLz=m}|2rTE940-P z?7Cu(!aeGmkm|kHvfOf9X0EZZUD9tszT&#p%WbB8!dB6_CSJ!^KM5u++0U!nT(oO+ z`exF|5#YBH;4jyu_>dkQyUJ3 z>nplELgV9OKT<{9>&C9Ca+?w?Fw#|t_^>9`N^5qp_C(vP2AOey$>s0^ENpY|umw{RwaKnu{(x$jC(l zOq}$eRi%a(PsHX}b4E6sSiE{iVs{j;=WQ1caTR^Bmmx8TJxe_{q4@-jq!`|$8DaHP z+$eFcriFR64f}LOzEm!Pc2?54)4+xyS?X-SjgkVyqZ8(qP5ifHKwX#*y2a=t$Ac~+ zcd0HE+<9q`NIOUD!zKY=wZrIA3JFrB^#B)uN>^e`L#?joQ8_oq)gGjS?TT)o>ONzi zWSS~n-H&%*4(_6*;|FKq<;#u8%d4Ffg7xnfx_QZ$%xcQxEo)3=*nJl3m&aW5h(qwrp`J+IgKxETlkgnCeZDx7Y;L8 z{$v-4QIlSX^Q7y%6P7JbQbNE+karuvnl9nkE-pqZywW67Yn7z#jE(rhOGLg77wGK` z-8Sz}qP@z=(3;Mn>3g_dj?mjRZEHQZ(gqXZ2PGVWd0*54Wos#W{ZYWZ^@`UyitOI_ z#yq%3H|YOlSO1Xz%k$_qd^eGUWO-TWK%-lh0|Io^;wznsoOoXh#I#8O z?2;W2k&!7z3r7L$aCvud*xTt_9bY@`E})qSHa~hEYw76bjeMIKd_yb#W8NioeCd_u z-}m@ePvnu_bup4D;=x)Adjf!M<&|u(&aEbzugl?NUD;`l*QiCnxtyy2PNib)2yns@ zT3Gy2Z0B)6FI;}aci~dS#PbuF%(64!T!^10;Fs?;EbzZH4Pit2tA3fxJshP7>{*^+j3;CbQ*?{oIkae&60`Fa z(J7p-jG!X{D)DfcF;IbBQ`)wpiu5iy?tg{R!iNBm}fD zV9zTJ-Y~gh@Ld+P0dy@YIo+QY6Mdu}i_iCB;Nzi|WMH2Xz0=7EeLy4Xp8J7o1z(YV zQ@0;KAj8G-&%7uJOUZ7GpSBIS*LYiW;S=c07^tfg{BE|tFf!RR;E}eAWfRjdBJ@0? z)|!kRJ@b~wvV;2QJg=C`P2;H&4O1(hz%iawP-eB;Lz}nAu^bv#$dB`eP+;$o?%@e-{SOmfB!_aT0=+QkR*B?E+y+ zzoD!MRvCX(d7L6DT4+W7VFjP?10xMAskw=hGK)NXDgS7>)}^?++fUE8`-G1M#@2b# z_oC!Vs@X+QKIX||B9e-Y08yBidgeb=7Hz9fIdnm5fLjsclb&x@tYt|&`;}=R*%MyN zf@AG(_7L8E#6%fY(w|1ebZppwh zhE=l?=M^{G-nfFGGoo-Dqgr$R&n%r>;}-F>x}m2fXY~s^4y&lB!(=i!o&B=hK&MX5 zGo}hAv$IgqM93J|5C+HsLB~ex^vym-rM_?J)^YLUuDdTER0{i6rx*+yZLqBye=2h> zEk8QcR5P*DOK$9{-N3dLLfj?%fNfk=<8^rieMS{n*`F3b31sGijTIPn4t&1Pvy2CIt=t6j+zAcNHh%<3}#V<_|=)d+y6?58nE z&iUU(kBs#n&rm{?CQ@>!P*w%F9}e|B%p+N3OGh+5Ru``8kk{KNy5nY?0tUWb;GhVsA%c zpVpl_ccnm1QXB&2{Jcoy4d%bi_2&-dUjhSGpG#EubGv?f`Bxf1h$!8E_y2%k{_hCG zta^0wOPB83YYG1jJ-?)UoeYTmwKdMw|FDC<_8F~A_EC$1ziq`IKgF!j%gJTr_=6Pq z`y=_R=)ILnTKzTZzpV20ZLqgVx$k})2mAd`f6Y9j2CekO)}?5I=|7tO+t0w~V4hY< z7bN~yr5^_hq^p-*`vdj-uebazj25v+Yb`1p_X`Iy3mDf>Fn`oVsBGqHJvii_$%kgnoVexJ|&X zi_|Ycr?N?2n}Kz8yVM{%nUQu_Reev^>K2-0@D>9?LNT48_ds4GeulLZCrglC_~=6x zmnV{3buNIyNVi7t&ey#)67vBsQ3jTb=L8=rTGM6_gRCz+guk|JIrY9hB0P=APLil_ z>rFcd0ldD>Nza{})*0pSO!CcoG8@cLbRYfqod7DJMgtoUnIDCo(LQ@V#VGh1O_;jF zJ%;zlIozz=^|M?lWk+&Isq$hqo0pXjKnPvc)`-MxK3L&^cd037@CEfDVQ~e-7|#N_ z?-&n)lNMV}z5~p&Xc@_~|4A&QpR27ngkL>Ho8x48gS$&^0X7FlUoVps#pIqnvg4v-xWs$8C zS!DL9q4txT| zt?DRO6>Hc$GIOcE@ZITYfqmSfQSs((8|mdgl@jzb!o<1)Rm&1$pwTuAlMX6(P}w7_ zSmTY$#otG_x}CGlcNQZ&G6;K#dy=I|E-ffE*vq(h4{m}6R7m{L>Z_`e(_rb0Rm*BAJm&fEaT-PB_dF;|vrWS;H2J1v z$i7BtA%G-=;>3+wALVXkxI%Rc4MO%ws#i_|RpD=o%{>tjBS)Yk;G0&ZSv54nP?k`l z_Zio*tb^+htvGkVH3q%-u-?$9!!exK)8=3JO7`Y=38i_%m6P(6p#yTIhAGI`bNg5t z`2DL3^A6H*){UKz2HlgofOHO|k|hF{2G(8_+}ck#39eHfpe%LW+0PtakwveO2wY#K zYVLmw{|>D1-3so7Y|nKCdO&fN(jgKlvAPEh%PYjGKD;0;%D~+Y z(I9bUPuIeX$yE&ZK-C)^-@WJ~zHn{UvT?`0xqr7D+0KGFr&GC}aKIuZub1@|L;B$_`xkSn`#gw<8>pb^*rYRGEG#+Vrpd|wi za3Ve>^Gyxl+YPC!!|}?~V{WhQeI69v!jP;lZUBS02@x6Srdt8dVTDq=n`4q>OMb3p zWFNKJkCP0)8>lzhIUcSnEltG?G>+scIf{6gU}tSC988;kcToMDI^%^`fXXGJC}zlW zw{EN#m~6>kB=?@^$rQiu!nlIHKG88{I;iJx-FOh(rDa&K;g$ceNDq6|3nC?nYn0GR zgB6%8rgSB1|FjyaR(GjKdp0k^&+CK2>P^{BFYoqoQwX98>J!0jnmc2d)marETI4la z@?h7I`HfBD{u|Tk+#NQ#NO(uSR&iDO2??^g!JLjzvTGcDPfBUB5yXoqo)wX+Y(>Y(t1C_ujK2{lq46jkTOyA55cR%&!Mqzu; z@&=ZvmV9Nap%}R!)y7hH6;)P*9u=y|b7LWGBV9a!sI+GF$WRkU3IApaF4q(tZ~l<($FU z+;*dIcTHDzZv^+kXzTAnPg1R>i>(JKyM0***4vPj!KPBFaK+tAuTG^$AE`NLZZ#F* zsQ3Ru5`Tp@u^s~1L=N3b3pGLDTKvavXS7&V$c#)~<9zZ_Aev5$I@3%p>e|0T(ld10 z^Kg+2t+@TMPjRQSr=xsjD#XKi*jucU+%9yZ53T(g1N?mX8jV_18H4Ee`#=Bo#Pwuw zK|mv*Tl^XPem$M@rDtJ?e8$+3Gp)pPZDkWa)!P0sjXK(2u$R literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/checkmk/no_updates_available.png b/2.5/de/assets/images/checkmk/no_updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..b32aa619b9080fb9a7cb7e593c094ca0db6a5e1b GIT binary patch literal 3256 zcmZwJc{CK<-vIDw>?ShSGL~#(E!oB|#!wLo+2Scn_H~eb8(X35$!<)tWG##sGh#A? z3fc(4gj2uG1R?g8D_s?7n6EdpAYfwXJah;XK0$zuiPo0D%n?=$7T%2 zV*JA}Ca)33tcsG)xuT%2jlA5|9tv1!Q$o$5<#0{X8H7Q^4Fg#L#PvfRQX5CkKWFTR@fyBc;s-@vV*YPxG5vLBHuCKf(#`kjTW6|AxluM6kNV z8y|hqtXinq0ILDnQqUHl->;rUnvYY&ak3KU+Q)1 zd?V{P7)>24nGYp=qy+3wPgb9!WLqz zclB#xgqK%q?ta8URgK0pTih`*x<$R6$0*Heks zxM6Kdv50v^VGaEky_UYPP%t_+cDr8;NsZa_IKyg7VwIFbrbn%WYiu57o-G=DPkvA1ZG>_gv@P|2^z%DVQ2>!^wwIsTu_g+(51WH?YcPb=ed3Jp5?N_jb z=kb7=D)#$afwCbRP=CnT7BaXCrMd@)WS z#t@W;x;mF{1B2_eM0qiHV<(#AIW$v9=Y166`j8f6M)wN5MU5#C?cye{7No)|XY|CL=LXWCF2COVvs8#?)IrH0TWL`o}!%?YUZ9>g=kILQ# zbW7JBJ_JEN(agoDk93;gwn-m~RBu`bM2Y$ka~AHz1hFzkMdi`QV!j$Hw*OXXJ;^KSEor{t6;g+3Lc-Xqs7*mZb!;5; zBrKZrzL>|Fw$=})h2-Dok5>Bd@Y9!-pu;rI`zO231qaP{>W046CS_?O?Fh*sTJNMK zO&)xxSXNxIysO6byEtkL?xh`}YEds^e5@m+drnns;cB3^C?a$W6X-#oJ!oeibIZeJ zP0Zm4Gmql>VOFCk`qMO;)Y0>t#$OpP9FRu}uI}|N6SF=#9C{tiw<3qCuq6IbPC*NG z7z`Oj`u&BT9@zA2_$O^hmv0mdv5)JonS>&3oh`?T<4>N>RMNEvSUT?&-a!6QAOuD9 z7uUzkDi!)4Ug-2M0`cD8=$o@3_~<0rN? z^9Yn}PUNx6e#TXiy$hsC>EtNas2OQ-q%zR$%6$o8>Z8RUo;=E(3m6BRRLBpeYS~+1Mj;^>A@X+e&|E;2t)p|gF}=*Q zzqOfR^0FthSs;eM_i8!0e+7ABaVJ{d+rO?iIr<5)k+@2za}Ms_gl{_CYy zHOGJ>qNzrnd*>#&XzT4{S4%?bh!Y%bmCgYYsPB)DK_znaz&NByv6XGQ6)p-9#9fl?zxLw)w1=uWw%RFoFa{E?8v~ z)tTbQ^|R2kTX%oBm^^3o@^D^X-LA%w2W(q*hrGq(*Js2 zfd^fek@ykM_a}0~2m8dhD&w`#26rC!B8~oXStM;wGKkFFpt2j!0pd*>raiUL%oah- z8gX9$FRCPsGwDw9RdVLB6WYMYzJkbJoR+^~8xN#3KFza|uyS|!c5jzGBb6KG{cHU8 zs_@Zq!%+(9{pXO@W%%7O%aN*)X4S^J#GC1LC1zzeO?}pO3V0TmX8g8Y#tU;BGCwYW z4$iqf-}3=+1YVQqk@~KEpH@Dv?Nmuy*_4Mo>2r}ykqumTLGY+Mb#1qPof~q!Z9q0u z#v0Rj$)fvFjj;}nU5Cy7n>$Y)V)}iH86S_gdHJ~5^$jWO2Fm+cu9 zDc`fY^H&P+ozNOBi>2`Z<9L;gq~Uyq5nfmkutNa!fQKb-3gO5TEck^F`(2p9#?l@? zjeC=y(a&v|DQ7hx!yc1q8Jv5gBG{z^+GXQ^CwF}kUS43 zcvuRFe+4_w-A!j8OJ?X0mCVrj(X$}M1hYcW;`CtuuxdhDx*O|y_aGMB$@|?r`PiAg zK*n*dFnhbkeqW|&E&^)ei>cQ#6v-9ptty|ioi6a^@}leyICM6r)tCO{uM0IU#oZ89 zroRh7;!UFc6o~3Eiiol0OBX48UiY>-p25YkCgu%-Ez{Hd>QczqbvExK-!OZZb!Z@Z z)zZ@P-UGYSfAx}Yxe9Rx%T@-H524~S7%R)7xr@@to40Pz8f2BjcKxEr*Kj_i(Y?^q zTbWG!Pd??Dde$V0i_OgcYTvUKHpsZWN*4|8P>3#U+?Qu_YxUh6eF9(9;F|~K9qcEp z-e!rDvUu_8#fdFt;-zYW@lwm84l#?VJ?|NKI?BmdisB$T#N+9*z>YRvg7H1Z}g0(3~qu=B{%my}U#G zAyc+($C-R#aK#O%3PQKx?LPaY^GvLV+3WPX^0e1YF@;kOg&`BU*xJ`kknO0_PN-jn z{2B@0S<&GpH|sAvQvH;(gvW%DO2!gmHdL5OUSv1OetZfSO+5LN%{Dp1U)5=Z`otVr z0eds^1inajNz6UZS9tC!^XWQbU^MaAexD@D5c zB=sK;>%4U0`pAmje-mmtcsJN}4BJn7e>c#JL~MKuVg6UdeGIz;I#FUAa zVyJY+SuaN5f0a(=JO#L{X20W=f3^f*Jj-~@Vie_IP|hXr6L8uL^-Of@t~)&XAM~0Y A^Z)<= literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/checkmk/updates_available.png b/2.5/de/assets/images/checkmk/updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..d948cd1d7d70abe1f6e00acee3b891305d4dbdf9 GIT binary patch literal 4034 zcmY+HcQhN``^V9$y+_oDRjSlpH4-aUW7e!yRch}lf*37g6s1MAgqW=wRikEVm7X?YpU?OFexGlD|J>)EbDw+P@8_I*p7Xqt%uMtdXt`<0$jBHB4Ip>O$S7bJ zdp_zb7b~czvyY67DajC`Wf|tQ>FAwm^@GESz9zP@N6Cv+EF}M+Gp_IjKf_qb(hn~h z0rr%K)70#A6p|F2H?;F;OC@P5$m1_(l#C!)!{ccYCdOtX;^t1z6Y0}AM=9RwnBT7$ zB1Rt8ZN0zy5rhBU9JeD?$KXPNyz{?yVp!VM z$$c*jR9jtEZTv$UWgQ_{8&TEPDtuyG+A*g;A}oOptUOoBjD{<2a^~yUJE=`BYpyQ_K&su*;eRCnqywKB&EuC38oFd(P-mmfnFKT!Gd!P7^iJl<9#X zM@=6l*@b7H@6ezMx<~UT(Mc8dIYcxxf^C1xq&~uzq&$HSw(nL9ckGt&7snPapCZqe zy->}j%J6a@;e~R)hy$FKz0&()DaUq37$sU6O%Qq+g1;LkJWHSCw9xn}8{Cws<9UB)odp^yh5J-@gSEWmZ%YNpH%#+n;NbW@R&4*qWgDL4|Oxx!rLy7UKV#7u8^oIPkkhvc8Hf zQ%0QEik}^UE{(3xmuwxdKn|G%VQ@GJh?x2^F?!9MRa-PBbJCM_O(-i~k65p&%UALH zN3C0dkKwBSE8vX%vOs`-FB!~vaoHI7w({i7JjwY|d-Jx)yWbi)10C}c7Hi4+SF)yC z6j1=Mo%vco7&P8oxVq|_2zI9F!1-Y-rxwdW(oWW)i7;%I&UuIsdF`aT>7D_Vkr`ms z8dF|}>5(sXcm6OI^O63=&RIwbB7w=^#AOUkbkd1}?8B_ST!#%mPbLryAlr8PQ5VIJ zK>T}l?$@s*QQojs30TSV4BAx*{-WUDHsBGbKi;g+q7fx-WofCvV|pf0!6td=89pKxVaQx8!b%_lTBMnoR8*xt}qi#mLlHq>rs)VLt*m*n5_D zP&xJXW!>*|IAD;gq(`c^(fg|qvu}6fy4snL)jjde72l~21HPHikr{I0y-t8Ik33WX_^l?mt55Qp$dT7%7)xUvyr$em~>`>F3; zdO3CJwE%e#=az_BY4wv2PY|-tyZqS=wH*hTt&W#mHMzqTJN4`b6J91Lqy`9ley|XG z>FRQdyT3&bpzdpYEWA8Td;r?SUSYL7*<0;iaraK}^3pzSdDM?OzEX+DYQ zY%Mi5XS1!+vY4a9Z|)juvF_NKME6rw9XZWYXP(L^AITLOVHkY5`>eeb1s#|VM1JCL zNtb#p(sZj~Kay!yBj{+BFm3+G*Q1&<7& zC}G$q&Ul;_zggh|7xc240+xE@SO7KQv#_?lQj)}^bOc@kh@8i7;p2#Ucyrqq+=n^p z%`sQzq7?nVduyhrcciO`0TPQ6Wi_{M^~`P^CN`5e3)OgG|2ukXxY}#Ew4JWChLgoEM*1qzJN4DPaI zK<_u+pO2{`WiIX8-VaFwZWYDI1U(Pg+O^hv(0-5@G4n-Imw2mffDl^}&jNBP-SCyp zA+%$1%vKE%hQqNnMzd^^*Z)m6CDf<_~C@xP7SEJI@=9dS*|g?jCGgtaDiTzH0av(pL=oyZLN2k)2`&XO$tlkCSo0{@){XUGJi=^w%S?*pQ;E)ev@CbZ+M1ImX=XAQyZcPJjr6!?AHE?1tc~_ ze3h~fVBgHaKL zh#DFcSYykU|LuPL(KU--d?)vBZgNZ4IfjQwsXcRVxD>jo9o&)zM9TDzL(=z%i-15g z^I!Gd{)8fJMxXxEM{Q8QUV@gvU7Pv7Mrl;EoI#w@Pi9bwL}6QtuRa?JP_k#JPps`n z;7{skygcp!*s+7<7cCmbRs7}`Zi(`Z1X<}wx!bX;Byzw__u!o24`3s+bLqsuLL{{ zo7|OszPz?iPUGV!;KQG-Ar?$L73G}oO&U|pTpZ9%9ighsQl~HkehCYjef?H!K0a^o zE=}Gw?6PabE4C-ciIkZ`p7BL1kq*X|aY01XBsrQFbXMRKOeA*6z2$8e=n_4t+JsC7 zSNE1VIMg}1r~#hJ@^kH^;Nn4pB*DG9;uYLFxRu?J4YZCwau)0`h!voTd^P)S^&qT| zuGL0$jnOsji2!Mba;?!FN}QYss8YiYg?5= zY-arMSOsm-)ad(~B0W7l{s3HWr_-iSn0-;lvRXrHi`h=pxGpsHQn zASuMZIU#{$CY!>L;QrOOGld;HE*Vt+3t+46FkrO&UGfLU3ysw<$U0V6P#mQqK7S?uKScn29=G+xXzV;f2ut0G3JgGq(X zxdm>^__$v#tR3H9zFXZ$gfcl|21bcVaD8blz9CNwb77bY2g-nZf~HSbs4?jkB}MZ9 zmS-U%igQFkJyQXjB4jkFRVn6c%cr9$WLCj%bfx)O@W!4UpVeLngD?+lqmk>yVv05~ zclG3%;fsn_H=<=d9?8jZ3So5$#@{^!*RWEF2*U!0>srj2#l|#Z6Fe*@%RixrHIw+< z8hMn>Z&e=x4~1lcX0Q+}WZ%YP|76{w!kRwTMW4*opHShov5+ViEh3DJ>U!+^1Bi0N z53cv$I8kdl?&-*#cVlUH;g-z$!7N60ITgq8Ss<7CKi~*~d`37y3g74b7b3YRdJ`@{ z%!NlbYvONuLr`;JQ>b59$^VUqlNa=7<0Jf#!2K@~#t1UA#L{DD+6e-V(T+Xkv=!6M z+}lqEmLu3RAfm~C3&qD?04PKA-py}UgUc%Vfd=!ZipnG7j>_y;@zsCRo literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/favicon.png b/2.5/de/assets/images/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..fe6156078be3bb14a2035117bdbc5d116c0cf470 GIT binary patch literal 10281 zcmY*fRa9I}kjCA0(4d3EFgOJF;4VQ17~CbeySuvucM0xp0TP0Ha0n7K=<=U^*?s8h z(|vCB?UH-Dy6THkRhGp>BSnLOfx(oQlTv^0GyiKSNbeLdNJahL!Mdu;O2E{8CqI54 zAXthkiNnA&CZIo?Aij@Lo#gaf-p4n?JywR>Mjb4xMSzOIrZ^$sl55W$JQSVgy|I-4Nx7RI|E$|t_ z0|*WpxK-UA-+6zCmZkgCgl0Qz7@aW*Rxt3M5bg3avnUST- z;5m>K#RI$OX-~53s@YmN9rSO=_uJP=wGC?gYL;cW4`frT(&n+G47}h*!2!|`zJOoK zn#R9u5R8}X;kNkf5WfWc!4PfzgV^WR8noyqE7tW|g1?68bmPD`*P)-I_RiH$iV_yq z=iYQx6BppOh12`EWBE`guJF((&1bb}4{AB)Lt9cTHBwxFX792N!nQ9#E3L~={V+Geq z3XccqL}6>yYawRo5;n+48Y?)n+CJV`tN!IB%HQmI*Xe84bNpgq-!F$ib6_LaX^+EJ zH-fpBv(w(i(4Ge?%uJcqg9X&oe25g2A$VexTYBnlgNox;U`cKqprZ2EM_;2$-ls~9 zkkjEng3+IBXupe_kEr{A71(Dmcv1qj1u8 zB*Rl?=Z*0Jet!0XbWix^>dSYAl3qt@*jVP%nepMtK%P|Ql<}YKUOwXrPYXU*BRaRyKOr-|X)lr|3*s zvX&0f7Op_zmN$;LN(8(_PII~Z_6B+7jcQhnk4yDHFiWD^6E()L661#P@3xs2tQUg2 zwaG}uuPG%fkm!zW4zc*M0xP=zN`35-HmZhC1A@V7*t#WFoqwq>AHNvr7QZ!6tJ`5$f|T1H zv!ikcDoIkZXOCgf<%`yNe~$h3uZYvj_}79Bf|3w+C~p4GogZHdqZxY)Kv>~RcyY#h zM>JsYyt;1KDKqUXp5e!ph|C$d9KWlAH^H7Afk?s(XavDbIf0zkXqnuK=MJ!lXbX^!{0x-=HtyNPCV3U$KsDVJN&Hck>n(?>P^mK{WCtpVP$%rQG zi^3KV`s8N0#BrC@->k9*?(x-Mi-brCE{Mdyn+dZG$RYw?rsxDF5$M3XW1z*^0kk=U zNuIX>!Fe*`yYo8{!B8qs8<$c*(cj4*hjGo-J4cE*6c~hC5{F!WwyanxWMZPx@YU&K zqLbOAB~z5}$4e!&kkGplVq{@4*ZV4JE~iI=j8<{;`;GRKi1}A~MK`b9$Qjf+Dz0cU z9Gp1&RAotnf$sx^7GUZ>xxbNurjEUNM@jBpUeMP~erfV$f=1);EiK(u+#Qv4OcSGQ zOh~YCh^5%e(>n*@_{gl5s(6@yX46?hId&~g-JZZIC?m_{4r$KYu=ThAxxkwwYih|fuQpI+43q$t`2x`dXw(%byY78}x&#!_nXe6- z4W&4rw#pm3dxJf!Ibd~ushZ*i_r!FOo!%19-4!+J za-P$kaPitlC5+Ht#gZy07=p7=RgqbAc4Ac~wYbl?klvAkd&DrO%Llz99-EI0bxHAc zPNqzT4BlK5UX0JH8%WnCYNZ8=spwO3pPffzyqjh%ap~xQ*1($F zT)S~ag|L=Voy2S$c&4kQMDlw)btCD7ux9xC|M9%Eq~+T(-*oc6Kx+44!YM8g4Qp9|{?$tl zEYtW%#mMvuV>0ksb$a={>WtI$2fIDM^R}F~(;LSKp_x~(gT&#F;qZw^@Ls2ydkB9J z&+!6s_7^gkzB@pvjix*>JH#ADHZDrMhI4atgER6tl4&A7xH}XX$7>(vx!Es$H@dUY zLtxLmcSiz4vjjjZ#DZ@m8#eHBd&tTBiClaB$EVaO#QQ~SF*T$$(_wYsAN`TaZ?0jNO;T|QI z1d*3VS2+BlL zQ;UHZ%X_x-c_%>ya?zM>|7`qG!@m8?^VTb3`Dt9DZWZ;-e`d0(gS#CglqxnM!HV3Y zeQ);~YhLWU$ru~L-=e0w4bWCNE(Vf#rpGSBTS6I|lEVsrzA`_<8f=K@Bohm((l;d3 zKqZ8_okhB%{l(Lz+49`aAPgPfNhdlG1AdD4D*NIS!C?FGCq ztVlzEfzz+)+a}wTe+7UbvUg>VfYju_HIe_QMsHgc&y~kGR|_j<9QTtn?+gx&lriFe6<;N$0#wqs$a6ago}h@uy&_WohgHSvU3XxZM@h=6OG` z8U}tUlsLCOzzRVG|BQ}g1oC0DyKI`5BH3Pjn-AT_}rNK!V#(2H5FQn0|c&f{1P+xh)K!=|MpK^ z!^`U@foFl;$83Y-43v(J(L8U~ny=Rx`YzB{D|LW=lk0LcZpEX|oCt%|rtH&%*uioBhtPDY1N+>U-Zq0hTF-tOPtW{ zzHr8EB)UN3auz|@V&S;aNH^W-2swZOAIWSg`Wo|u0)ADqC;Yh;rwOd|G++S|@RNF9 zlLp)+zur%ox3d7&kw2(+$ini9!p1~<6q)rTXB0UT;rm0~tD+U+xLsqaEI^M|yYd`C zOV^h!oXiEYg^c6>3H^sabENQ+z~DyzKmAx1^?P-=r^Hq9aVbh5WyyhBESu{ie1?Lw zyK@h5sc_$5)T!jAEjR?FZb;A=k(0f{F4syDO#<7UBOir?4C}X@#kMEV~L|||5*Jnw2eTsB<5VAz>^(*0@VT<*&XG-bu39|6=SJ{d| z1b&k`i=vX{4+;q}iNn|&4tem-^CyapxUt#t;G~EsnJdaFwwyMEtt>1gM2UQ3QAu+Q zm!{_J^ew@O`&!Jmj=NHv8-$EE)h`xULwpNU2-O@Pw@-RoFZU+!Q7{9r^j6B?*U>w20K%$WCDm)NQ*W3(}G6!2iib)}XjtCA($l($k3+a5eK;tl?w)dRGT#S|(vY2Lj zr#1af@yK8|Im#wKp#vgCc=@cvjPNcxqeP9H z{$7}&!AbPbqzj6OlDwt7lL%%vC#8^^ht!agGihH6EUr<2`#fn z@!^y%s9&~Z`w0#GZJZQjXWFd_mm`Rd(&7>s8$WV{?Ec%?GX4*)((g>Y(>61(TCR{> z>goQ~`} zUOb0Oa2%x{|AqGsijQCp)l~ zSS0)AZ}z>IVNHqJmbC|dUMk?{`m`ZA9yTOIcgupjo)q~;*Q=b2ayBw0_g63s5KD&{ z8U}hdWpK^UcEWDu^g3-nf=BX449nMKnI}V&3wj6cy}J>v8bE;vG2GqYvV-XHZi0O# zq?dSTbE?RmLSBTHa^qj-(BIj43Xy4p#bD`p;qfPw748|MwB`g3uImqO&m(ZZX`a$^ zIhACd|mH$(Wzr~tlX=r|h6^#c?^CWU!gYt|H0W}x1+Hw>y;iP(vy{T?17~|$YJ2{^DitWjx!y<~ zfrz5SKW=$UH(M`Aj{x51FZa8#E;HumRu(C|F@HHIj8ho#B4Jvf-Lqp-shY_aApbTk z)9zw-K1aMO4vJ(tSo5I0ptTtLh^;lCR+Kdy<zDYPAuEu_DU6Z1Mek3dkrAOl!Uw0?CAxVUIn|3oWl1^nf-tJ;Yki$XJ zA$K^NBLDMIgj#$r4tG{_xI0}v-{?#Ajb^Su=u}lDArXI`lpzED3j(jt0Qe**_bm+W z6g;eT9fF`O^k%Vu;MHK#w^f6?_eDRX%!TJvi;i+CgHogxhd7u)TQ#l(5n!@p`>Mt+RJNLAibK1!1Rg2SkQLWX zkN#DMv57r&Ox@T&NXxo9rT8Ie$1BE~0=pMI(mmf|3_xAsbIvMU+S}ix=EDnav6_!~mDrI0Get7yYXTq#n8r^7acBe^66` zaJnv}y*s;88R-$lZd}eAab#gc1PP7|q+SqM&g0@1RB}$!<*eP=Aco~B1AHq&NKdZv zo*b{~*OdNi_>n<@GThzwY}yN zk`Xq`Y|~U9Quh->iO$sa?H~W6sWSVQc{i4dDOe%;TXtf9djL}d!Y??ko?^lx1Spmn z@Q3T7OH_a7vP~O%jbL!f@3o%R71Ed24#{Ni40H~VuedBLXj97KkP*GT*gq8TJTQb% z@=!~2A$pL4o!jUZA_d6<2p#(7Td0q}>d~^T3g9AR;quL<+_EDZL6S;S>c1mPzMybE zghZgqII~XMKNI{7Qs8@~#|1Pw{Ur{f4tPHVZ-4*#XZ~QJarSc!+A|gOE>xMEI&m2Y zMU4t6;1V>z7$3G0=kk>jMd&3y3C`7{87pY#F8OfL(`BvRc=ZT#$^Coy=iZq15~PdA z`faSc?$b6nhl|e`OCB>JEIH-k4YN|`b1JpGETgE86dHDf7oy=7LMO=g#3?+io}cYhw{+>upW)98_#srqq zq;}eN(aCM|>+($<_2=R?N79jhywveG;{Jyp==?Gh$;_(ZALt4 z8PqeS?5awd5L~+dPBHx0-Hk8))@yOOXa1Mmu>=6T!krUsvs`1Ycp(kWgGZC|K$MSP zGVtQG_ZUQjhLOv6uCC$?66E$L2!a$0r+m01R87CvTxpyzCr)36&o{$=Y;R4_C{GVfBPRpgF-ZYa8QSO}qJ=B4ah?o>bsht+9~e|?dx z=8wp>={}K?cPF@~6=>6copAAV|FKVT%_eAeSbQurLyP zN&LiDVhP}1(EPYabtH1hpcGO+-!=hLL*?&1bPVhzZ?b?4yTa`Lh-uT@)t2K78Zv`_C5a%&5#ADxo26UO-D`W4mHEX`y%J^LBg3b3SZ;0WkVGS z2Bk{I6?q@N=FJP2eK+U?;_5PRt)UvM2_Q%RpdAmdmQsX_T{ zOhm-WB$bidpWS!a21DQZ^SPTu{cZFGG2E`wBkkgn=og6j6oa2j$K2q3kqSG8Q9VrZ z)`h;M)qL)_d?ju*59EAXK}auHi380uqIC+k$CrSI8c*k(qx!oe=@+ah)${WiSYBO= zsd!SKik!bR+0;mX7Y?qk-uVWL8|tOm7@dYuherLLBlwSf@u{PAJ_9LPeM?NVTpkH- zhJ)!B;h|xI6!k!aKgNPqbV;L}Z?xz{f@0$P! zXB{T{xuaiwU-<)mKWsZWtJ!BMP-E-^W}Ae~XXI})WbhYTy0ek^d3O=SFD7;zLmOqz zDh<+g@KkIESY8w=)(#l!n|%c8yR2)7*?bB0czASh8jV9O@`w2m?-`(CwY@WsXZt|4 z2wWXQjO*tiF=*GJAKr3ve=SrRUEp@fr7kEG69|o4a?y}%4tBw2^u zY}}0NOlP==lm5)?y!}iob6E-BXvDxoDV*(g?lmrD2HIK2L!SV&uPI;d<1m|%AJ%Vj zFZ0>uFENOo**^<6C42o?;n?iZfNyFHT}NG2Ffz^}u;_+y%yEalhLZoyk~T_6J?IHu zH`rfGj}dp?k&tL?AIulk>HK&|^c5QoJP%OhkM`y?d(xuPEj(6O)Ipiv|6Rt|4$Z29 zQtQOq0m!}@Zqww?O3;Bm`uWH1d2x5`h#e<7wSTv@Vflrn>gK7&g8=dyPq8_;j7xtq0__}Wi3Kg8uN?J{ck|NC$GI(4|MILFhdYhQ5vIk1B zK5e6_xfJvrz5KI(e;eW$2nVsp=o&Da8aMfHger2so3q%+E)$;1%S}eWi3vM<^4xu& zg(bNl6I&^Fvo-iVew`AINLbqc;Rzh-D|(63+`G z{jSXK-)n(ZSU_^=YQuViE^+fzc%}Vh%zd9o`@BD}0?uW!nsR3)kOoIH?GQPz z1b6tM;dJrJl_g4@W6>#BH#3`d4yZ)RCH*uzo*0R)Lsic5S%BJhkMVu4$oO%^?SNiq zXcgHgO5b&A7|1I(qK3x^uw!&+ufj`^p!2q<3Zd6fWbj}OO9DQF$QvSmdxUwN5aXi_ zY@QB9U{5DyJQ{HhC&gHR$nNnZfs;X~vhHqg##?-$J;;iEyOdANxa4Chd}MFCUKx0k zSz?nx`P_wUbfHGn_0?!|ZL7_0cpW;uwo5WjZ_ltH7XjlMJztU$ZhAln)I=F*TT^xm z`N8ki5BvnXh!6KpO5Dx#s#e1a<8l~06?PiF5KNEL8%kXs6M!Pw4^*Pgn?ssCMv;>z zEmSPtLC4%cQA>VT+EIZ!;ejnnqS7%yog>SHLg>1|EsItd9Hfcz7(U$bzd1<0YM^>&YOU=z}SaLUl(yrmhFlp&^baGSY9k6v+PBx><*}M0A zf(#}JhuwV113K;A2vor!`Nq@y)Hhgm-4UrabvAKKf0R)(P->zG#2c6T3c4CM`W}L8 zvE#rlC63{lkuxIQP&ry*O<-$9gv%ZGU_8mq>~@Av5>4Sl4J}rG&r-!PU(KKFxB#OWhYr2z5PcwqO z9%`~m!Qe9EYN{$6cB`HrV}fNV zYN(=l8-}P@A5o-C;)3B}+!8BCTY#4ls+l>(9kd*Kj=;K$lQ)UQT23eT{Vwmmz>+5f z{_PL_d9C?LS>`v0`mKpk`u%7{a!{o;w~(>fqdx_TK^FKKEvj*!(+V4+bycb}1oi}c zZxDPx*E7BUsvkPzM;jOkglu$CJxu79*|)6>HUi>Z}#uzw&qu|)Gy zH6Uv{>o2u> zoqJBAi0jfcCPr#cnz6ziWvE}Jn1}Pb&lxpHFl|!$6>eDZ z)VD10Ut-n*YdaIal)`QJvU5U<^C3G@VLS?k2N@J1-nnbD(N)jc7)Ub2wYn@Uqx31C z@ZV#Y6HFp?O{->Kt!mumuGo}Typl4fr%m{yA5-Bq*lC(o@9Jp;L&CJUYllPDB>!w4 zmfx6%*^Hbn$>-A6b9>sr)mSRg-ndZXv!H8R5oGPYJR~{zAq`36JI3qCIw^!1`nJsIuS>o7^MYU zjgd>IV+Zzn#3Vs15B_dTx;RJn(UZcb<{h?>XxDO|^!Y$BQ>H{`LBE9XZ<0))GX< z#Z~{nLB6YMH}Lws*w=1f%bmT8YsS-)jsu?8hY*&n^5Lsjo1h=f&k||ZZ(+1uY#we_ z&1*OGe7q7%K>aJt~sf$!VgXpt3#BrLfSR`&UvmXU_wwr>3F| zO6>&A!E=FbE3GPxf>NJ=i?jef*Vt}K2A(J=czyrdPzPPht)3T&yyW%0v|Mexd@Vez zQ4~F_tzA6rT)j+nu%3@l;JlNQ*7h?!$yIfuR`eMZDx*o3RSQ_#p((vilpTRd3}I$$ zSEjOKy0WppY#`Nf$cSI4TC8`#uTQD0Zr~@)PI9K8$EHf|jtKvnXikM?k@yOI2wjmx zN;4d*m%t*Kj6*5>7F8*cKAIkW_Yq@;Pa-T-j^N1YsWJwAx7fC{?CHWZc&zW{5G}Mo z77Kxm{!(^GoqnG}27)F%NB}3s68(~xFEz;%jzs?)&#=Qn;Prw599r=4zqjfj)(kr( zf}MG?AN_6juuT|?&8EXoR36Tm9|E6_2KMmkn;U)YigreH4sHM?KCEq?C40kS6aH-t z_rvnH9ga6M-kIfn6@$SE>I&~Zv)>JCeb-|17l%-DZL3xPiIjV&)z-97HRJRCLp zfo%A6%wC2*)ulUOBnn_EnC(v8h*LkcoFziQZ?4nlX`jwm_#gHKU>CLbxb43~-GvTY zmR9RuJvc;^Ey7yEd#{Qm3X8X?FC7)_xxls8A-6E}sl2u;vFnQk?vAJY#K(u4;>N~C ze4GkQA#gyQj=q_hdf7~7=9EgmAiFACb`NIzUg+D_w)>O=OnT_h8kzGgU!zcCiIQ4w z_ls#xVUl87r;xqMb!(-29sk9S!}_JpC|<;TEZ)fJ`4@hoPv3=R=ZO6e!uBhcINMiq zt}dfeh!urdGfRy^9M9=}4g7BaseC1}ui3rY$>=#tFRX_W4W+jd1!qra~M17U2?iO&`i}fI(A^bn@9Sj^IkRuR_98xU$WHo^BK& z)Y}h*wd+xjqXw)=FX=LcXNg5=*{9N&oqpUZ*r?SX+$tuf$-(rD=;-7`pki6+>Hkt) zYu<^77~#UJCf+Oh%W^M$HxFd;^?lu1r|G0V)2{+?I7#9MrxYDoAwmz$`EGIZ4{*{| zm@lrubU~*Xu3-knnqnSSPEN6J&bAZ4%`B|EVljvxEPYP z`589p6vn@O6F8{6dLWPsvn2;W8_WyM#ttbcuPHDzbavWy`_xyVYD|Inwu0*58giq# zqc<84DzHU$q)lvY%8lw>(k27cGA!tS`6wB^om885+tEIxw;O*Me&;&rdWG3K@JAls z$W671?_5@bSh7e`H`=fc8E@8=LY?6IL_XdIhD6o^%XU1Ps#ruJ2@qIao)&UiPcj8D|_uJXHw8<_H<&_dGR-Y1#;~> zeA`hZnk*HkdJnFETTSGODgI`WZEaNWCvmXo`y;ePK8%x;F8MHpP_?^H8vn|K4DclP zD$``k5I%qqFQD_cINqG%MfPmTZH$uMR&$`bdhQLL>L0l?z~3)80xx?G)P>OPn4w4} zjj(ajR88CpZI5X&D^EO;W;nHv*aSM`qB#Q-&?0o4a-?TuO}QfVvPaJ>+1M3GnmKX@ zd!5*(s43R2ACzZ5D>aUhWc5;*9i$H-x>$tdJZSK!&ZRweO%|r;1)irNfQMPMF>W>U z3X`;=J1R3;-Bgcm^PBIYVZJ}P1O48LeR2Vb#)BJL zRq-y)s73AMW`XBzdwF5_004l#O=#V3TMv4tbH9T*uTmq#^k8u_yz!Jk5QxI3)S|7e z+yyrXrrefCt4G?ysril&U)3a}0J*$bAOh zk=B1*{qPFBBXzCt5yXB;fE{*}Rn*yAMs^Tg=>@b7@Eo5>s3BM^f6PR9e-h$=)+X#~ zlgD`eORIa?bs|Q2D4H=k_;;;j7A@|hJn&OW~aPnw#UL&K=NImVfy<1^T|j~Tpw4NM!sGx9peJ|zm`A!9@MZCv5VrV43ZW7(W{#; z@#wC_e|YV|6jH}Bf8GzFrU&Tr41xZ^-8jHKDiD-6XH^k%YbK1>?;jJ3BqkaB3QJzv z5hkt%Km)U5xumkr^H}>|Gs1}UIEP(j;dmlFj-SH~U;AJpj%j$EfMj%Y+&fLfo{iVG zp+tn#jDLgK=3RqftBuK8s&ztx8v z(!SI{ZIEeFPg}W?S*4o@EWx`*Qbp)=Y({rC0XuE!Ogl-Cdy<@5qSjYK!WfKW%JsjD}^>>uR_+t4J!>(sI zl#IzisdRpgAMsXo$KpVX#)Jb2&1#b6cJ>l>DJ$B{iPC7QEG*M?1K4u#Vmy}g#DUQM zarsvP;v~bOo%(umRPAGP_HL8r zjz&0Aa&**}+~)sr&Nb-zF?RBeCT-v&=WR@ydQ;4DX7^Qd4bR0f_Yumj3uRjk-Ylk%no3K@~_r>;6yl2^J(1 zJnWBEnrWz28)0*HO!QbRky7e2SI$zqoaCWxxnA=xhh5s+=oL#SIcFjaYQ-N%Tlp)C z4-o(ET2;QgVyHvtrK~mx0uc;Gm}Jwtc*+MbV}EI!9CzW|8hxloFK*n)45~eAuIUh2 z0mR*>C;7{`c(T6&%|GCrO|8b-YB%k&0+*yGNk^BYy=leLGiALEvD(F8ksiGK@f+w-L)}EYCK{@RevzEt`M+0H+LiWkI{E^7~uEpniU-BNu zLppz9oI9Y4I(>$-x;KN4*Uff(NAE|PM;wE9Yp}n!PEBnoylUZnW?lBbe`y6paG#|d z40gv0V{37DPsDhB$~}vJ-{8dBB%UUCJyGFDVvoDhk4yRckFC@#zywW=>{6J83vz^z z*Q1-#@9V%n38jRo9D%-nU$0hK#nv)j`gJ=AF$1JToqqkz)Z=Q?eLPfnGQVYNcfH*& z8~(Jd=g;BYnJ8j?K8oG0q);PutCB$#k`+u$E|6So|JU+82&(H2s|^0Tam~dC$E`lL zZz_Ay(+Vh&Y6b;Tot&^B-kal7A1;$8B9Gy2`7$*)6Si|h5!E{NSB_ybsEK2sgtb^q zXEC14T{z$m-%bL>xFhNusPihJM_q05bR31amHf6tauRCWS_mZ%JmK@lF`tn#*|>4G zZ?}N37503|Hw(g&w9P)Im2E@gl$czfNZ7ES+FNy1S~;z@n*Dgmzxjcn3V?TY7eM@e zwgZV*5`&BED&K`W;+h5NB$!AC23Rq}k7kDVITCu8x3)!hoTFZ2NGGk&#b16$`p zrrn=(8&Gp<`d~4&`uP$pQvaRN{xi-Ybw}03T=gSu4C|!M)+~czk)}UwDBS!Nn6>0b zwKC5;q;37u0$0=#CnQ=H+_`X9-=AD^nVaBdO~K>B6d4+>4KGvgfnUFY*6M4k@g8ba zX}(Qj;?h((e+U`@bMM>A@jGdy^s>}nvBDUkig`n5k+iUIzRGI3pt2fyt5qeSxZ2*Q zwUYYW4zC{h1l~<-+ZTHy$H{2ve=vb;+R*kFFuGI#8J-^+Ys#?w0I)V%u$Ot1heaoq z*8)FUNd7P^b)#?;)wtyn{nGYVcE(PIq7$CF@MzbmRdP+9;Ls03R8~Tezlp|QpPSVB zaEfInXz%P>QBW{PsG5^#$b^HRa^{taCE2Ifb~Pk&I2uJi$-Ba37gvj|dP_)zYua;i zy-@!3CbEdf)d~@w7a3C(4hnyx`KrJr2F}#yB1u1QQc3Yx`Sy9nBM&5(0xw)*mr1jt z%Ek9b{jn4<{C$j~OZ84K^DIEcM-Rn>K5uU6>v4ZW3P>tfY&*MO9+fE;4OI-_VL;-J zND1^JpRm;3gk6>}Pe{Gpj2Jr(O^3C{7Vk*evtMm-1YI6;75+LDryk%TKhP1{9duEq zUA*OwANrQl-Q1Tloh1xj1foMqd4Ab~VxasoQg zWO!9k+N|J3>s&yQ&|q4DdD_aS<~CVW@>G-ne-(VWB5+CSs`C;EoRhxS5Bmz_*TZ#N8|a5Ado& z3dRW3{VEr>^FSQR(M z()UXtllc$s41lLc55?H!%bXg1_9q6~Z*r2^OG`v-FMd3l3!1C|Xs-`F#m3&JKv@tS17L`^_151P&v?*gL9-?`y6OPP8c5dZ7&)H% z#WpD)g57LC>o^(tLqYl$SH$ijp?z-8tR1H{o|FH$l%3qgV|xsT23(gVmgkSyio_!R z8Rv(e74uu0JPB}M*6*8EQI)D7{#UnwsYx2bF&VD9L;WYLES*kBo3C9^b=WY3icI8; zR+03UUlw-CiSdN^P09qkn_n9xPvqfu@nD=}j}xMU58|x)^3jh)|7g<1-Q@w#En6NcJ~PkxJ5hd-p}FW*r%7_sga4TbzF_CPNl!AYaB9Af`Isk(q}J#A^Y z*-x$cREIuV>Saos-ra|S_bC;v8I3cm!jM69Ed9{8`_A4~kc*`ad&&TzL-v8xH=^Ot zFq+ST+UZWSwgjLNpq9WBFhcUzEkf;7r!=FXi5VQkP*dn{<4-?5T<$QCIN~cAdcA7u zY-N2JMuw#AwN0YyG8p+$P2eXGi+>t9Sa}1ZQ<4F@+RU~^@Nl}JTuB}FiMmVgjp-5@ zA2;cx7yUvSTHtKx+@Y5gz-LK3wksT%jM4##bla~yb|M45XOARMS7st|6HCq22Sh3x z3HFhTIp?fX5D}>-6752vvM=9WVwwEhtzWi$%j>draf*enCg1bNyEHmQcQw`ijT>cS zRwUQBoOmfPeiCo%TTup`kElLr;pVFHlei|>L7Bh0^~FDgRURu7Kfki5UY2du_Xqgv zmy8Vw@xZ=RF_&qd7*izes?;&8BpP3UZADP7HLeX*#Qx$ z?0m!b>G!i@6@F!P3aXrl+mB7a_M0_*y=j|D$1_}cE*gkWHO@J6Hb=U;zD?VnGa0QI zw5@`h6B6mn>5F>=D{G=o8wqhNTm^GGCiv=A%*~NtgDPF~I3opz)aNcTzXHXFwq5z7 z-M~bvHgLZ9@|ZFAWg%<@3pkM5D8gJ5K+90`oaX1C(Tc*Lfa{%FzLXU9A;TEDi?ONluT9jc3- z5$ZIQ16vp)_0hEHp>dRtW^gAs{a!vt&hIK-qOv2TBz2V zIn?9Ya`+Hjc-USMn>HUJ!s;q)Tn@6xx>qpUvTTF%l*it)_N_gNoe48g_a{StPf0s9 z?bq6(##gAnM#=e(?>RW*rg&4QChAMXi;+@7RprDH=Dz+qW&K0k+^miK*zp$75-O}7 z5aWx^122)!ZSJK&H9H$k4zw!*2`nsIH01*UwKRGAbBFdMel5?q23P|We)N{};S7L@ zT$v)B5ox#&TMF$ic6@Z4Bf0yyFu+rC6T`+!zg)cEr&r80bmz_$SNnG(&$iQD9iQu@ zOqBmnfwx0dxA7sE2^_llE8;)B)_>YExz5Mn8t{0HgiVym^Pd6AJ9#y^S{d`t{{!gn BH*Np` literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/logo.svg b/2.5/de/assets/images/logo.svg new file mode 100644 index 000000000..ea3b2796b --- /dev/null +++ b/2.5/de/assets/images/logo.svg @@ -0,0 +1,179 @@ + + + +image/svg+xml \ No newline at end of file diff --git a/2.5/de/assets/images/manual-guides/mailcow-bl_wl.png b/2.5/de/assets/images/manual-guides/mailcow-bl_wl.png new file mode 100644 index 0000000000000000000000000000000000000000..d4ce7eb13271d6b27df03b6b6d2547cadd51a7de GIT binary patch literal 72166 zcmeFY1yEdFw>C%u2^uWHLL-4BI33*GJ%QlvAvldY!QFxd3+`^g8h3YhY23B3Y4U!r z+&kZ$sk$@sPu;5j6m-{--m>IbYp?yBz>l(GFHl~iz`?=2kPsJ^hl6`o1PAvt2mv!mAD-2({FWp^0raZhpEPF;{5 zL{q$5H-b_9OYvg2_U?s)xuzrL&K z;iiet>BPX!PO*b__GblqfTL)^L=?u~El+FSukqclX+NB6caTuqL<%Fqx_-F7?Ca}O z!TRelPvVuOhr6Yz$;sHbxVd@yOmFsXk9&y6{Y6ca;?R@7y4-r={&2JO0K0lO^l&SO z(-e?Z!QKr?^(ZF(OAK(s@MdOauJ_lFe+WS5p~8zD>92O6J}>?$MGCWjijh|r{-1J0 zCj3V`Kjo(XDM`21=c}ZDwYv3^6%+BV!Sbh;mdUM>dOSdzoB1~zmvY1He{3jtSS=HF zaMA35$eNshxh^RlBP3%JtV#( zL~WOCENhx)2FPdFk z#d%;Cc=)yU&qh7bXSNpDyZIJeH>BXcBYO<-(=T8@SdCxqrdB-qhy9vb_- zyx&PfrD4=NY_oc9%(@Lk?WhOjt@8COZM<@Y;rwl zLCY9pO9UP@uJyME7+TkU;wu;rx0`%_NMx35F@F#s-8 z>eepbLcvCC=}bG?vFMyDMKWKF5`bDG%xJdfqp{D=&{H5Z2SR0^br0z*UC+QktPK+u<0- z@0q6`#q?rmr?;kJrDv=zT`!%q#%PB$S$Re~U6#;nTz+OOd1#E23Gzm3xP`f;|LSY% zV3&br)aZww^nclGwSOpasQ2v;#D$U>V{goX#F7A1#>0FGB<^vNt5JvE+2^=49&)3*BSwtOdv@`z78J`g(peYp(@=Due#IgwA$N;s zIr8p43C}w24fV9OQ?$xj4<%5RKP|brx^yJNI)dxjk2hA6B)0y`D`y@zWj_R)^-thi zcAd5k#8CPpxy9tcSn=MZZ8XNzC($H`*Gq>+U;}BK$Vw7KiS9XIkO%h%Obvu~?NRI~ zq^ELmwRdYZf-OEpJ^bo0tu~lT`GKXIZkjeIihltc-MhXUY=m50-~dGbggqVgnQ1xe zh@+Hbqs(SN&ncb#yvcijs(8~)FjvV~$aDS8fXq8~ao0ryq_(j4K1;WE^}fnuOGmO; z@4s0`OhLxQQek~@Sz|hd5;-_wDJQW-c4g5?{AHDi`ucoD!P{i$tLB!vw;(p?@>Vm6 z$DQe`Xaao4m9Es2n%C-th)&!7X-NSd!Q5hc=lADvCYRW?hoTz~jZ3#VMjV#hnjHd_ znwmK3QC{e)q(B)2`DKrXpBH2Tf5nsL;9VbTnEZ9b>Fd%l<^@{`l5 zsl#{$!D?1?y@cMCa+@2j^aihFVR*SESHRo%@B-V&WNV})%IRN2{{~f9b0Y=T5f+03 zFU-A;G5GE+M{c}tH#yy$ubum2UpX5HnA1A@$)($w@S#UVuxTM0%*?iR;I1vZ$vqiU?2)tK!8sqU_sP|%-t+q_E)OF7s9>?&hr~!O;} zvbeUtULa{W30;}ez+1f6wW#;YrrWUj9stL~QmVVZq2YeP^0}F6BDdr_(gri=zTF>HT8!TW z7N=(Mqk)#g!N;Qx_vMAvW?8wz^-E62;p`b6N9SpW4L8B>hq}Kop_gByO=mhB*7c6U zq6^{LJ&-J6O53JD`t}Sa@4dMHXe+SzTa7&@PW&fkz`3>kr)UqQLT{zWysaTgBy{=9 z>waoaZ~3!#-zC00ytlhvU~=v4pJNbf`|G|AU&ROp40AF@Pv`w>GH_?l|2A^C|CEA0{b$~U_s_Jc z$@8yl0XEcU|IE|=d)e;);;uZCmwTcqnr;>j-EZcWP}bn8;oqpg(S2k5&iW70c)nQS zCWoc%(^^W(%5iaV5044*Wz$0=6vd21uv)NHa8Ph|hvtum`H>z4FxMANA=kd#AR`3N z+H>gf;PS@2ALWm@ON#Qx1BdRH^$%C!4jZZMx zhdyrz?Xzh;a-RQYMum`p4h#my85kM^LaEzBI#neAMZXB2A4;h<`7@ zdyl*Bu?GrdW{<}wJ&7~%)<_>Ee6)ydh9el)5EuQih)4*JYn7BMoF0_RGp&2JiShX8 zu=klBVEuTlYX=Bd{mrO?>cR8t{@avkEW{Zn+XSKgmcccaf3%6u;#Jf!MwvS)`?Tzk ztgio!N9ig5?(c^BkhGs!W0npbGo$2JMf2~~2hfAMN%pvhIUjGIF}5nhLgF5XJMOqPPsnB6rw z%zHol+nKAsyO?Zs zTUAa!?HWM_#RDGbl&)JLT4Scq0cH)-&Md3MXyspjRYs@ z)hg*v60gZe2lyF>1x8sV)k$45dG*AQp|&kZ4^pw%(!H0|4esx6Q@Rt?jR#td*7of5cKTfmte9CBwV&k$XPtN$ik}vkn z>}{fKZ_i+_iZD_T5rCM8CyK+RQNB^VXz>St=ey*K(5aMM)Jb0YY&l#hP!)8obF}FA zQ=|$wT@QoN%$hNggGCefa*-}PoIP*+Xyz~+JtcnKlDfh&Qz7qcou|&VXyWTaDuGNE z3aDr@|BAmQA%Go8Q=^Hxm?*jSP`lwcla=?oO;}QLa=`>{!3J`#?1d1{o3uJX(*s9EiRaq-J5?NI`9@+1k}hUnTvv`2w0*5^SPD zGTHj!+vIKh8c$fXWEOC;4&B2M<{h&zOj3KqBu_2TE9wAmPq(m~Palht4QM(Rzka4S zG|3aE-ax~Xyu9Oo(uE$RsDFv6B^g~Zoq>$H=5F?_4L9NPJnucraRpOaiI_>O*2V^P zluU;JI~6EYZr7eS=5?|mvbB8eiP9ci!T(urqhqw%e5@a=_I}(gT-cXdS?K8e#H_+t zPig<{qUGm$+S;b`$%7=;@_Du^`Z#nSS}}vFt{Kev!X`vFzP@o_Ca+o731JW50Qszv zZnCN4Bc`<%bt9M?ZewdcqTWAX#W1x)Ahv`EXU#DbNCM#GV7cU9Vz-(R~lBZ=RcgMP%woyDJ1H8HE4U@k!$$0}!1m1ZO@x6kYG?IWwb| z-}Y32fLz*6emD;aCG5b|`iq`&Xc2`@-@{S~k37k{a<1;@W+flG;o%2k5O>y6{06@H z<^CX_In~Xm1VdG~T`#&@j5iFmdAAx|H+zSwUQ0Lp6srC;@jHr`QMD@1gj+`lK`aKB zYTF(xzz+0Wlp6K$veqkkbw)YcOYGfaT*fIgJ^gdX%wNZfIZz=nRC#I+7TR17`5+yg zWt}vc31?eFtL1r$9if~(6~Ow43(%s+=V#GNmk8)aB_42jT0nPk0Vn2os)JVMMYg>0 zISwNY$=9;LDKb3p*;l~&wqWGh?M%zw^)5*86jCgg%u)VA)DEqn6Dy9CUCl+iHxF&ZAaxa?o;P^#ITD*YbY_-whWgh5l_HOr_##=oDPMyL&`h0V*AaC5- z&J(Q*z28lqFBxF#jdfc9cIlS9W;q^^?GzYaB*C7gU}51t{pf}^oM?@SvW5;|x348e za^kL|4%zY2=UXUOeUr$7Cv_N*?YL>|&g!(-)!j`455JT=#`r*>dD+OdGe+EHgqt$B z;gihiAeMgz%`gQL;X7`2IJgsFjf*$@r1_^(xBb}zbk4Jn{8BkUT@L=KlTr}T6o_i` zkn2WAw1PvW3ognYCveFLVwgffOMi7x1;rzCx=i#k*5-CH6gVYJ=by^g~x#t}^_A^wOldOF`=9|FVBJ}N3i;?a*6DTyj7DIQ|(PRj*Aqb2nZ z#;T_2FW)sf8qeIsjKTz@nOWfs@c?%#|8k5u5xFzc6-L>afru@RWNRttVrb@#J?mOW zyKR29uwpWvtqD?(*m?;a47L!?YsuKn7p8~Ie@^!`!G4MO#_s&(*{lAN7N#i^%w0F8 zBf|{YyEzgquJ?)^S-ZKRI>GH)gnUUop)zrs`L47F(klr27>wYbPf1>Ju_wurl&2=v zUs$(DaAdsP$P%pptEBM8$ddH1bKxM){Nj`GKL9hRYZfXVPMW;#c6KuohWUMyM)v$- zQEUlrxl>h)gj}Zp`_~VSSr(t9So4P(PZMqf=iK>qr3aX2c?n`koMwp)=~H;?csA%J zF(;Sj_qS9ophVT0i`*C~m&c<6&ql0l`yQ521_&dWgePGFO(nd3FY{ApEuk^J<0<87 zdRYly9hLbZ6GTJ++x*o6&X%WZ0p*vr`x4+%EoD|_dFAbxezk09=?`BqW&id#wk!n5 z&@dO=xh-lSo^4llDBW+DV1>B^Z=m;ZpXiEGodtBvx3$H~%bOh5G#-1>&7_x?ahOwZ zUr!v5?cOw-Ha7*ttLf6*`rIpe>Hb1F*|JG&X`U+C<2b(!(NMX)0K&4CI=~7S6+Tv=`}MF$kn} zWpsEaCdd0AwQ@dhEie$Siklja+jJH znW?|dz>*wEHN3M;bF^9}h-z!4K$S!XO2o|_U8NQmyW6Y&S`$)^g=P4#KMt=PR7ffb z`_X`m(n<6>JGPr!C zl6O#(^_UG^eR!~OWcR3=RLfg;fW@7%kzb1Vn|G?oXO*L?=SJr?T1J88E^n0^79uFR zVac^m#&aPorftX84p6?+dsulzh5hojx%rg5_dt`cYt~)nIm-T~-r7hEIWWo&I+3w~ z=#Xh0T>ZRYL)mu$oUY_p1Wa-7&1k#2811&CAbF<$orfRH}f-@g0$#Iy6!*p02%4&W|J$!p6o#f`EvCgaUYJkRr{R}wQkpTG{w9euN# z7~1{GSZjzZuOT5khu|ojZo3yH^Oc*yOE2r3j1D!z?>|)UX}&kfyN%wueN*XaT)}ra zSaRjPa;)xZJL@7yXhNB@ybzUVX$+n-)EC&d*{bCz|L`IdR#`Ou%r^zao{ za^4omFK4nNRk@`#*Hx)HLw;sIFuX2C8oWYkrTTRd8r#!7@KIuJq24hn0FMT_+0BQ5 z1nuBH`b)-EaVEQX(j8=iCk6Q(aameeu=kf6?{1l3Ft?3DPXbr_@tAB4h zc*?-s8XV~TWiS^D-D+g*_1+UgFXZhELdzW!G|cU))AO%zq=$AT27J>hCE&8-)9%cx z#Wc^jo$%u8WMfk4qZuEo%!Q7XCuiIh{3-SL_@AvVz{d0`Q+|j^BuoZviCFn;oygXh z#Y7c*x6Vp95hWN&Ye!qN9!qLS@&41DOrI_ApYOVuDNz}wmTxz^o2HtnEr?|4_kt@-n3 zQ-Vt0@EU~gSi|>3P-I38zFu`9fz@ocbJGK^cplq{^+%0 zQrJ7rV@)-oOz;vWDqYX_Xh5rbx^q^RszpPM4o2${8TN&w^QryuzQJ@ZawbJS?>Pxi zVtv?=C@h4~Q_Xy3USC&w<$OxCAK-X6aAKGO-)Jm1(qk1pUwLEr?So9=4^oB+77cG) zf>AmPCW*R6scP9hYf^MQk+|#Z^(9e2X5%%fQse3jK{2r!i|ci?DMSvP<0~qL==;`i zd+VyWwN~zP??EFQih+?1M1vzi)bE(P1?O|hgAIG^HcNm`CT*kok8fuw8x5&its^`E z%r};9x$k7+tlU$0lejJi;Ngc-)k(*`<8Q(oQL4J?UnwE>Z%6cj5CPa9q@Z&+i>3NyRME*u^XV??lvOc;l^d9^`Olb^al9rNIULaP@3PXoh)5nOjCHuONo>Y-kR% zQ}d$SRUvbui%SDllrRihK^JRz!a)ToUdm(RxSQaJlo)bN*cXial5rNBH9f%02o(0NQz=ExiVsL{)0dapL$j-f$^_gA$@3#tLQNKR#0*YoCQJiEBgENi&$y1F*5 zrd9DTIYEFAMTFR%CRyqA84m#QO|p}<&az02J@z;$08s)nJ5YulMM1L-r8;$uv^j|W zbfCwB3DRK|{4syxx(;89eDgL7yk)s^%Y@w9la{bowQDSmI>dT9k;vARbB^Bdva80@ zG&?MVLY)MWq54+5^kM$Rvvh3HN=nZK+AoQ^J$P`7*%Z3iz%BI3--z*8HQ9!3^+HeP zcPrmDInW0hrj7#-l3s%Ixr8xXn)fVz@Rl7moCuv4ZB9BJEo)iU8R!Na>GJjl;l(h?l49GZ^2m`G!+c(E9ZDBya{p};+rB56J%SY>o z)IJR9h7U4kt)JdLW29vq7c-5WYcjUL9K(TS*uxAkSfKJ?kj)lKrXL&W;|wn*9>Z{n z5)DsehyF7C z2hBMnmT_WbsqaezodT3+CJ2nY_2RV_Oz32Nxt85@FWkkfF+Z_X4qb8^f2)DZxhsXw zDROzMHH`D+{4qy*EQgentdaT;E_^=CvedfPx)7Oty*3khiN<$dLBauBmk`zAyIB-( zKdGoUfwuoR?WMnOv21ei56j6KPq70#4c9N)Dn{SxyaZn^w?G;TwXQGN20$R?%|RsK zMW4_~z!KLfXeww14=4|ngA4_D^#*q&rt)YMd)R<>HoOs=s3iA!DLK&vA)C&|g<1e- zrFDMwyH6hBvYK{U$?}5qnjEL{N*fdrn|D+{rc&x{AkoiQ9NZe+eTC`db~etIxIlY~ zRldfn_!(S(1hhOZ4$1FKM{5&0`c=2)YT35;n-r+1r>Nm7KdoDtbyvP13UzxlWg1k& z7Ncr|BYIw^?>MJbHp*#WaP?E)Ho;QuUJfs))dG#1E1m}!8Ztae-bxLyVy^f(9)jVu zX_{TWWUF->i$7kUUv)q8y;M`1*tyHzf*y+*ud=JF`E&`)sIBdOMWFd$*o9S1-}1V9 znLIVVpeGsV&7_u!V@XTjLezKuvdxX305{jNiOd z;L8P~s`#7EA@_3vLRZL7N;?gJFdHgciEA8f^_yuiHnCqXU60qD>|R4%AVbNn$3$B1 zBw?E6_>Y=>J;Zw$@~W6l1u^#YFr<6`IOV!Gm?G!k%arYF#2FQBFvwc?Km@vXN)EB$ zTdf_2MF_hCZuFC{PIh)Hy*+qNy934;U{?$Jqg9LZio|E_i3=SH1CwJ-_x+>6$R|yJooMHsk_sxt^ zf-oWEGU+@A=Xk6`)yP2dXNi9VnA55M_hC+RsJ0H zSz3cvmCw_#{CFmol*J}{QC6Ovr^U2|qbT2HIt38=_%2;y^?ei1fnPY}=BzQtLQ3%u zzZ9|XPt$VW+6`6a5)*~n1)OpJhOYly@O9nYXu98;m4b00&{M8w7GEbG$~bypdZtp#aI-*NAnY{i}F6szpbW{UT6x(ajgFr#os^1fqwm8RNN5smPBB+@_QY~ zzb(0XO*>#|ZbtA;|NBDj|L*z`&i`Yz{l6h_Nnj^zALz#K;l|^k1KBvVv5^_k)G0HpQXFBuYQp~2)oTw&mK#+PSM7RrVu&WXChEMQUsc%wJ;304_EX*Nv|LSZ8&Zb=?+P%5B?|xmK-_^>tb#DE>VH6PW3_1&0t3vy~?g6^drE)?RwA!QgYjn zG0qzOyOM$s(Rk`r;yPxHUi$!c_5{Clby|PVg%On!QmbMg7pc`io&QFlPQ;OUQF zPJOGSnx%Qa84{$Pd&xp0UNJ+(4ZW6#BMqul4rQy<+vFGMAYomTpnb44c&XKm+b+Nw_s3)c0=$u8 z9Xa!=UF|Hp1SaDw!Gb1#&_dgXqpc%yKn-x6^JG4oPUvW^hhb<=2n`4+)ak5M^B?;ZB**jj$Yl-8jL2-M(X zJCWI-16<`Z*`C~1$!&d`kXz)~q`Nq_(#Cq6dvgZG8Yv;Hkb$jv2|A?B8+y8p@-b7W zj<(YbtCl0+aH%_3j2;ZyBiJTO;sVa&Z3DPHECl9Wv|Bk4#}45Qr8)(UIv->)ty75-X4e1i(u%uF{5lDdFd+=;?1o|33#O)pb_eNd3$|m=#OsAZ*U~3`8F!z zxA<)Z3}E{*w**1L>#jMi*oaQfkbb7sdSeXYo|Kn&<-2eIT3USdI=;I14d|TY=Pv0#dEDoL+TiKpVWQOG|xE?Cr%31kxLPU<^o<fvgiFED-0gb#PXv#8<5!+u zC6!YqabsjT*?25x_sC4Xo4h6scdsSQv7-e40u8!8sVIZh9EXA}pN4gfZQ$6c{{(qJ zdpMkF^uUS8TyQP*j%`;EFyzokklXD{yxyBFu}0YSvGL_c=3=OJN)DVi+qO{gcWZK@ zR2ihhwdMq;jpyPu&2s=@(mOvdAqD0hK{0xG_w8)Rhe{$uCtJght~@p%5jQ37hLiNG zS&Wvq9RlkNbxZZ+e5!%nk4?kX30(~8ChchtPUz$Ii@y9NO+R~X>A(SM4{1Vb zMdx28y#C}O_3HU=jx=e4R;YI_o#5a?q!-#E#{?gJ9G|lnMlDBoLh7@e&nkm+7{&4? zT$z0RW_faw;0@tL)&khWeOtN>(uTkgr?-S`jqVSkQ6Ow{PngaJ zrdO-XHP6HE-7$4L-!*EbH{qL$n=6Di6LY)!AEEsxAsKAL+-_U{ z>QJpUtR*8g%qq@pnP#asg+^Ah-VHK%n@q)-0wbRX2J?0g-YuV=C#S|*Oc?2`acMy;@SQ%$93p7bvj6X z7G{f(3`d}Sbuj;QKjF1TB;hujEfHcQq=EY~46i8QXEb|&!QBXsjp{8~JIC*J+gAK9 z_JH}>wq1L8m{R>9F0borGOH4v`$-az!uEP=zMhM1D#+Xj#zujuj33YlK#W{?01Y843z-Lg zZ7xQBfG)vScp^71%-aRl1qrQXbXE>_mJCc@?=p22(A*hj@2~w;~f<)0>aEAFKy! zr%^zukW%hXxDidzT{p6rAWd;ZQ1qn7S2{?=ALBLNpf#dpI~8}j#{w+tDRqS;$7Q*^ zb?Vjal51ilWwA7E5fbTj4z>dt98G8{BmlxbFM*;iu^;^HwjGsaV zhX7BmW0HZ10oln_{6cs8{d&gL4G7pm%Zu*sz;)XPD+NBjV&QBdgQ;aDDHI6v{9{F!+ z{r;#%{~t$o{B!XCf3AhPEk+w6WwOe%x^~tkkAA(yCer?xdO>(oZ_70(X~!66FaJ$w zds}WIF3SAVAiBxDxvaq;2cxP>IylfkH%ao1jcZ08ct%3)e02JV6nT_@TT|=P(t-L{ zJcT@EsroltNYk{AigGhjp;POKa8Q&AIx{R5T`h;M$^(Soec0HYd_SX3I+KeXf9ygw zxoS2G?Ha8l=2F$};u~M}O?&Pnan>Bxz{QRb#l9`cFLhY%0b?Y+lfhV?=$&m$n9oai z$H1&sGL-Ta5a6)is;QoTc1$ zy}7are4}mlhf9=!`myUZZiDygDLtVB{T_>XPc5-RXI4H_-*uYVl_@0`u&OOkL0DUH zm4-!G?U~S92gV49niLD@lxR{9m=OD6 z`F4dh3Mr->8>Y+dS5qYr(VVYDuQw2K-UY}LcP%QEOm)`!e;NBhz&Tls3ga($H3U@? zkBC`EG*0WNU-pTx@Je&|GiBsZNTnVqF@qUgxMN;(a=Fwf)vM?6YV68#)OVQr-O!;g zX7N=o7HSP*kl5c1WYo4!TpO*bXA!^4RomI+k*Qg$+CLxSGRX<>o}T%^-aVpsZBdnf zS5Vv5F*&c=#i6c>1D2|C?B?K_ih_x-OF%1e}ntpzc(&q)!rV#;7N7S&@P}|07B1> zQTYdPpSJq&wL9J)k*rpRT07$5$zm~|iF>Igj z{!m-U!1WOhAdR#nT}H05AniSYP;ble3~K|7>FXQ^V^^wCjs>>%)1}$OjLMKJSD7K)ZK%5)#X zlrN(57X{7jbo*}GH%x}|R?5{UBb7NhnBuitjJ8=vn4eW}ppRD1tF8pC;U$lcBt&$T zGCQ%e+#2bsD>`i`$r|WDZQk4cdhv47yndE&Z-4aI)5#1x_G^K)We3lsNqWOkdsl=(#~6;+zjik!WdjW zzU@yp4h#{i$?2sHbf9->Jcu)p=*TF?qYm{;Nf0+F{Jbzh@JOzZ@K`x`c#b=*K9?ihS0NITGAd>q_=M&)r{3@iO2a- zE37zaNd*(fFrsVY6DakYvxbj#hXq&!Vv*y{8MLVfK4|X})m}fZR68ep#$l)Ms@AGa zS+u(JX;Ek)Xx}k(SG?G&N_1kgQ=qeeWwfP6Bs4sLVcsmasiCSRm zuhP;+9+KLG47;`-QHHxvan|r zr8J6h9#;RD&ZfrJww$2vTQ!!FKb>NUM2}`EK;hV$35c7Xb`1{h4@cVx3{-rIGC+^K zKp%T9+;71(&d`NhYr1O?>W$RhdIh=^ObD!K)VVo&p@x)CZdx(QLcRFI4hNCSO|m6m zxxgjpV?Y>KQu(S_Hc5iPwvY!eHY>8EkQGKMeh&0inl;@$@|PPL7seY7V@|L47SG5@ zK(|)d{9I-`)I?LB^^t&y2_sL_cq7T9LX#pwrS788e~7aY165}K%?yl8HYf5f0Z1P< zg+Wb|c^RUb@$z^jCq&fGBI)R@3@V(~Io=fgaJ z>^oDPcJP4=nF}R}g`bZz8DDa8v1pd#=)^l!QMU@@ZCZ&;;2Ws#xv0oFYB6DngKt`j zp!$jQl-x~IzQ%~ukBM1kzH!zM5;jN7r#RbLrll05`EqV(%ja%Cy1sB0Tf-A1YW3j0 zHq+RFei*saahyH@6@2Z0e2^DbN<1yiqzw$tGB)0S;aXBqLotf)KxQxel5}uW3SP@X zSUL5cHcRS^Ovyv3(2IpD(h>Gn(SoSy=zbzwal&9d@6U%q`*!f%-VnR^#j4|^wJ7jA zwFAwmTFs7L$R+m5nQyv3&+`-`AheeM)R9qJ+Blevx(aciv+?9AAll{xX971wERiGJ zlg+w&2{-E}8p6%2OEmL48-t{rH6=;QP);Ee^T;sG*8>3UuL|RZZ#s zngk~=_45QpUpx;-HvwjXfmh~e^yL-Aah5V!JDky9Y;bUJg!KiCL@jdB7J)sZ5t~I7 znePgm%GZ1~Bn_dDGtoQM$P=H4JAYqS-_etc`l~c=&3GsbEsA>^mr8E8pQsjW-SG90 zFqhq%JcEGx=|CR6c6#O5%X`W5&hwF#v9WZN*WtSpyT()*2Uax|Aw?xsO6unY8R_FO z6R}tIB0~WmW$S+NGDS&-_K)8M&nThHB*oJ%;XEzr2Mf#)II!)$S-aY~x{~PP_(VIP zNJDZBulB6w^{2)J@>Nlyrpe5g8RY`ZeI*2<3P1BlL%lQopXT+@IvqrY9qiS$e~rxg zDCfgZ-MWC^s7BFK*t^PRB!>nO5t%n-Ci$FY@V!;6hTI~?=L4dr@cCbq4%@TU@KeRP#7@R)d{8FXePbk3#y`%t zIFCyRgPZfmqI(^Qv+C#^ z5R*mPs#*~3TF)M-u_vR1QP<&%wJ$lg`>GhpFl%@2z$6z*b=vBy6Eh5C)266MP)G+| z77qXB=0|aNut}z{*1vVg=@l)qNMC&<{0oZc!1HoYi+cVTP`&vT&r8*=Qov_H+w;_U zv$icHusGk&!;dqOqp2WBUe=`vcP>%*>?7v|yZBd1q57O1G>DC0hAnrh%r*A5^ifBT zRT#BwR{>TPUqN6TD5jvL=Do=F+ezFXTgwuU{*4$x*sNK&b2!S)-m>y(f$!DEL>yJe z3j>wX@rv*u)b@Rx!6FcJZ>B9JJE6`1dk#a*k4|YKs7JRlfXoctsdl|PYq7ADd`b-! zHMELtcx`uwZkKW}SsZ@^A)w;=mUbo3*NX66u;)VbsF8X$bhi0bPnVOn6 zNJ?MB?c(@zBaO%jb;?&JaG+@$OjnMRXhQS_l#VW z&dObL_QU;8)lZMEU6m@e&<&8TMv~hFay{&F2BZ1}53Q~c^|Ef&bkOY!ps~Le`$A-1 ze>We~Uw%%$BxxPXO~Fr|9b#afd~2@l&b{zSMso#0p$+;rKxxBlz7i??LK1=!Z7RlA z*YLfqI!Zj)S-i3v=@Kx5!TfAZlc~X{ts@N*L@bLMVU6!TyjeahueC#mfxN4POa;Ib zql{NlmQrZd6aFfGPWL8N;(D2$5jTGqe*=w8!oKOuDm-a%6M8oKAg*0#lEt7KsyAwE zNz06cD zaf9Z2z^b}N1Fp!cpmifV(^tC_=@Ip2)+74?*x~qM33gaMXEQGE`rbUWjvI7(Uf?rWRVO90E+%}bQWM0c7k(wxY z>Yhszv0pCBV2x=J??--M^nUW7U9brPaEZ?@6n=>5wIyl8!}8#{8-T zXhkR;89x;&j>t&zcl9UDt%w%Qk`DRW-o5;$8Marr*}}s2(+Ha;bo$YcMB*60Syr%J z{0OCu7w-NgyrQF8+q31w&(+3-T8$DGLN5B_J^?O-&<;i3rceB8fn?3UNt5xOLCrdH zXVw6WJw4T-l@wzCa=@9OX+ZmVilLXlBI>v?u+g6pR;M4?}S3Wds3B4f&NVgT-GskXZ}A3^qA6A0o@Eo9NP7(!Ik8 zzAj`%E2PP?*SNzc3D5c(X1Wu%?cjhE`}Sf#2Uh(O$V4usWT5demR8N)M2*FCm5C6q zSj~~^T><8OSs0{YiW}xV=O$FN*qnbZr*))#@w$(VtWNYRt(KA5s0t>0RHg z3>`?6BELn|e%>r8^7w0R#)kZs?z1YaHp=kitEuL-9~I>0TW*P23frZF@fAXO-{dpu zx-yn!`y5m&V;KEjE~l%5q^vcZ@VofXb4{l4NqZOMjYS|BdYGT>Q+p#m%As^7{ zL-(aaY|0(a)1HRcz_*E@f50g)qn}~lT%CPm?00k?ZO)cvv%$$gO~~EwYC6i!4X+3< z2Y_u+T`T-89yji%2$nBdt;ks+wycs7Z5@&Ie2}2viqn*lCIUltll<;rY;2xL0j>2V zm1)pepk=-Q-qL2T)s3ROxtQMOOAbCIYY|CLB2Rvu5u}|mdM6VYH_X25#iT?twXyl8 z^YgQ&TKlKrr{=(ErC-I~;>l^8l40KMYD_bj--Hui%Q;O)K)HU7S*iJntQG|s$v@>Z z+MEx%w-I6H`T<@i)V=Rk5OH<%#G(kjdbHv^cv8tr!KhG6Dvi$OwO@z!zL*k;S*Cr? z@m8wbQn_+m<}gZMN7^h~oGd;Iappv>hE2{YhQD!9f$U7jdjyP8X=Tg$Zv3Tm^$z?E zgX10Zw`puEyXFFvBqap-6enZP?llW3d>~J3G%=~?ih(OlLV7RWG&GbsNLsZlFtb=H zERYd>04jSEnFBgDCKNyQP>)L0l$EoqTip%pW#!`ut|Gu6Fv!V)$boOrg4@5b{P62d z1ItTHy-S7}DzO1UyYFWjpVYQ5SR!+P>-qTNrC6_s+5mfsC^6<^{1*dCZfeW@P}*5w zr}Bv~e8El~oibl%mww)l&>vF!RH9MSHL1j5-qYGeS3w79gaH=@uiaiKHw8;7NTseh z?XGH#_QgXk020PoYfa|U(jj~_ zD*Uo(H?0C}Uy0{s{9;<(neDmXnB|Oo`lZN;^)Z9phRHAYo% zgMpl@2szD$Rs9KCi&F(}hnfLYUZM&$P_;cPAi}fp3PAR`x4&*ZE03@8l&r=$8KKao z+GubwGxEuKO@Y^&r`}ejFG`QRAsyY9kRQDD!ls`Q-k@%;y(SaQ%A*S3@!XQTSAPNb zZQyNZCjQJAjD{xC*~l;Yt}-SKuzR+dX%&pV(-cV%%p6q*TZ+_ZBy$Tqv++BPuDON# zA}GaRD%M)lJ{9@1V)S^4)$GEn?UzM&yjJm6^dRR4ZRygB7~GDztn;eQg>CL04$UhS zRk_5Sa<3CxyQ)vMYTZNwxkN9K*lIKlLM%s$^fGPK-nLcg3%&mmm+3V%`IKdAX(K~061oxBAK%i@}7(0A6z>I7{%|GuJMg0dc z11nz|G%6+L<1^^~ZOx1Gv(oqC5_NJl5)&Uo-j-SN!RV}I^{?t&ak2#~$;Y-#QWY z*eNw?XDV@>cJM>`E){&(43%_~wa=9`YK=#0IQhw#YmFeOk5!&SF=ksPD%ysvdktD9ns5- ze!pGmUj;^Jt>9pX#zb@a$mZ{X0)N=;XiA?{uTyYBmS007FQNRE6_Z!18R)3+C z)(@x<7tqG#H?o>;-fC?aNW8Y@VY>bGb`G`LKVCF*yF#i`R0Oj;g4c9FqzR-Id6??^rZL7q2&o%0dutM&*zAkgO5u|yXK7glh5NI+-Uo@2yeq(uVo?p-* z(4OI2&-wd(M#B-_Nv#R{NCvP-O;BX7NhI2otgR*Xn2#nqlaH47(+7Il_Nz`1@#pF` zFoN;im8g+o^D~Fk)y!}s#?2;^*W?Hw!z_J7;H*@5I!o7mc9YFpN@+TDY`%Y*DVQ;v zOejx<#$=R}fJ2tp(K?!i7CWC)Vcg_Zm7+E_sjEO(Q?Z-?1_PcO$zc`URK|F_G7lk#BrzrF zyw=+)wB^2|<&L3888S?}WOaWsr;ewOOJTNa=O*r{%(5%g+kDI5p@~*Pz`^-{(Ds%= zaYs$tXF@^<8YBb@?(S~E-QC^Y9RdV*m%*KZ8Qk67-GjTkW+%DtXLsMN{jjxFFW>ky zRsXuWPoL9Q|C-k5F@E_YtWZ+NH6&9uzlJM}%O@m8px2FwK`ln+!#Pv(UR#;v~WU!6pb?lwP(U%=r4x{pr>_1iSC z(1L}>*lLx*u%#vT-V$2cCVSRj`7EdZXcr!}mP+ojlk*NIU?(ZJ#HLb$DV$-&6Xw>M zQ*Ekcp;VjfnfGx&zRX1ge_U>8(=Q9N5LOm@?-%&&PzI6PcI_fVV#ppj7lsum#-fL@ z0c0^oG6Yc?^NQf-Ceb#AGH!IYk!{Bv=}heRgYS=+M4|U(9_p>=v!IX%QYd@B1u??jM21@cXS9(={vV&3RX7 zIKqARNL+6_37we8PHp%pyf_l8CH zk+MjZr67HIl|e=O0RNU+7e?3*SP>|{KaN4glh}C39>8eS8>oCKQB_3pF%&LX$tc

    6aT1D~omYG#I(F#UFc1bTZ;)=Whd%xZJ0(;c7iJ zS$2tj`lttBN@+(u>+BG@j3D`wHvD>Jed9e=Ie(6i&jPVNfGTv5QQctNCcyE#0-8(W zHF+OT8YELHU|N`e(gV@NUhmsz$=pxhU9_1cj>j^5YcZA8ZvaW>xEJl8&2jSdda3O9 zIZ=cj*_~pA30~K{?+rhtC9gShcB_BBp4b;QO#QGzdg{jPsv*B&mFL4WE%tDhae=3~ z&(a_u$l4qK4&R{cPt*5ibH_$~oJxJ9giGxh-seAMwO$-UF^h@B=>G?>zPeQ;2vWzV7l=uUho*V$ zoOjw`R8rl#v9;y_>^oryfmc2EMCRyfUfxR^dzG@qbR7yXi~6#PY?ONL^QKu4olcGW z_&0U#SRX~Z$s>sgSIVJi$DEs-pFC3Z?iBa z-=J;V+qf@R(=svn?Z{p^+G4F0bT#`2xt1S(ERpC<8~G0j#=z8qXv7~yg7t}1`>OOD zhvh#uo_5b4tRGv|gWo*9{z$2op6T2V^;Q*tnIE_?1#Yh|GjGR>LQB=Gue~dDJMo*^ z&9<2)|J*`aKrZgz8J^v4+IE>jW|m*qAyO?dC!3|Nj$7yf2Y%pa{%asYHZeC>A;g?N z0ca=scvQ{a;HS;fPw@TBu=ADJ!jqSTLsk+8^~KI|5TIrck$CEc6de)vL(-S>+gmS+ zL)`9s{7fLd*>n~g&&V+X`p!F8$=b$LoD3RjzW;_`){EU^KT%syTJ`avPp115jC@9O zCkECDdn&nj*_J`DZHt{0C|<0iYRWrz#W!_Pi250BeW(V|i0O6Qf|T8Ez!HL)%B!hs zFDTpFMZSOo7V}xW-eN)eC1B4Qskdmo9E{)3-)%O^FXAgJ?l!oJkQzpM@RL&TI=kld z8|3#}jy~(fuZr`|@W>~5?4Ri?`%F0A&gfnquAZx8>kNF$Mxdlr3fFGb${kG(Gb9vR_SX%7gQt^*=q20bZ+iP z#B$nUZ+M)%zmmh{`!YzG<2R$`S1tND`z(MHiz~gT3!^0gl z<@7#M|7g5G$a+&2A}&XBhV6fqDZ9S$*^plAO(BjFw~L~0ObeZKH;BV$b?5nH*s7nYE^^*D?ydukN$2q5jxyXYi*$e1}ixVM_UJ6{Y!a-~& z&ytsI0@?ArKku6}N1SZ|(?W4Eb{Y{Eyo{*WFThR==XR38#w;;5F>g;ZgU(j%;r62A zY|~0n$6-ZPb`lEurnG^AUd7*P0+tZ5(yQou9#uU@p~ARXVKwy?X{bwLj`IDLN{j0HlR2Y>Kbqa@TwVj2 z`V*1WS{@yXkgFEPa?>7g_1pBQ0&D7W^|7z7;umr&#PdHvco}RCmb*h#LG*Kui`^=O zhz{b7@fRdTjhpk6`!)#*?c`Kdeb@bI&$R{yND`K>k4fp;MggInkY=RtZr)7B2aE8) z1ek9~aJ;zEkP2}Wu4h#Pw%%Zqid;KHRyMLPam3S1POHMEKzGG)wWlhbd#Pvm2-Z|Q zmSGKj4n)NR>yw<@dAOyW2JAu!@;{;95pTt#_q01bM&{!F)Fln~3sJ&BQ2$Gn4+;zi zoBEjJsVYlFUr8Ufx68}8G3e`i_kW|p^7{D=Z@gId6&g+9cdj6N`y4R`-swH|z5)mz zj***+pzPCA0`YTI+1GS8;1C&@?9(NzvitdTcJe8KF~_+O>#gR|&sO5jjt<~tOlPIo zRX+TA(KO!g=m1Fj3+Ytc9H78@@L%d>dxnsk{A=gxmVezlm$LmWGGWupwL?I{Rr13z z@KC36nv0$~=x>$EKiX>8v~ul?&A?gZUh6M~G$Sr<%rgeM?@d@`mTQxv+0NWrI;Oh+ zLOi9GYqw-eU!uk*4CYH_vm~!Nht3I!T~uDt z_4eJ$_m@*$)beMwk6VYZ*#2Vz+_To`#)3eAb0?6PKAfpP38jhFVZb>m?)u}Krp_w3 z&u?Nr$wl*rOog3yD%7~vvV2K{isoY@Qu3h5A5e_{V8iuF2G~>VvNT&qd8B`8h|pn3 z&`*u@IyXTiDKOAw*6mIV#uEP@^EIR{gF}Y-_hd(^w zReOUcEkBme%?*m;{#-Bi7@>`Ea(!QuBmlcLdb<7U+F_An4(``q%K@R%FToXnn6lxS zhxL|M-!kI2(YXx>s{v{x%;NA?XZG!nIOAWI<6)@`?q(RkSpULRG(IXUFw494n|xZG zV6z1FD2Z4<%8-+%N7pf`sau+=2U?MOiO9;?P@`#h>os zV-;vFRmbNVF93%CuAbQQlzu3WGSS{T@UJ>C@2UJ;5xky@WU@77Co8=#(Q%g z%=-(Fu=K${3e}Jo69R!t^DleQm6(|fyUnp8Cy!M>d_rs#6>@Vt1DkLO;1VnGJtFu) zxg;0kB$vp=KmKtGD%>~!XXuR25By)2EB^waqob^E3eKKHz$Wms& z{>EVLPcrhZtZ%Z>-Pzw>!ImQ)0XkCLPDU?ppYMZ2WvvRIaam7x;&7eDdK_P_DRXk> z(VgHnGQx5vIAP~oGATee<8=}pbDCz)k3Km(<8;a;IsO8{WmA|3q_rFogsZXwo->IY zxnv>l{gq`q4%)do_qBziodU6`D#Ph-l(cUgm@Fd5yZZ}(m6;8&t58W;%(i?gj+woO z`mj$ICv^N^D^Cf2vKwFxjq7S6e_?i%@{WJF>xI)NFr8d@+0wUOu$<0A#WjJOQ>8Y# z82KTX!LJ41qvwin7alAqg|fg61FQf;p|~kiye+^N)0ZDFolD}1jL~-W_ruRY1DiH& zFL)jz<Z>gtTL;hm^(94iIx!)k6jB;0%h^aV0XiDmla82eU?eCzwTn+} z19lpEZV6E1yl(q|L?0^Zx&iDIkiuaR106;z0j630Kw;fvW+2)&&1QRI+)pe}e7dHm5egqs9`-sB>wL~L- zNPtxSoa&0|GBLEt}s$1%ETjrz{n+6^q z1#M64q^$Rz>9`Gr)p2Z`q%4u8$6(FAVw3eNtsn5Ctw%@cg(@;aO90Ns++$vD-6TV&aUo1hwSP5RL`aLRo(jnOyPJ3*W1wSJkA7l zeDU5=hM^vo&(V|BHnZ31-{FRJHch}8QpD}KyLh%9UOd~1@}8IE+{n7zh^TNnxK1nP zyrFV1$psAW{Mg7a&%H1sldGv%O$V5G#D&MZ zzNA12P%Y1!3F~}Q(6=$q9o}x5vvAArM`UzL+C)ue4!R5fGqATC=vL+2*f?wduxrV7 z5pSlF%IYqS_DNFu)NkRkJX4QYYt~9z!kU_j_kROPwA$VyaM+FRb+ycqJjiZNwf)TE z=M6s^-(}GGepc))RCGYPtzxzXoP>d_R@5P zk?t~{Gn-nQCPc);=KBoeW5uVWO{%d@vbRUR3^vlJ6#>AlJ|~NpmY2|zZ;6*hP{k*u zJZA_m;Ts%UNN?fyq3oF z%>s6#l^H_nC?AV;uRYjvzrG|l*$a0&1p-YFDt9M?zTn7cXG*M+c>jPkD^K~ z+ug-9fz)*%{lx%l8}DRX5cPwRCDeBTqL;pxYugLQuv8bRG#4Zz9eDHm*C%;TaoX9p z#!qngUf?!H(uw4-ek`WaP0#bF-Sb!mW%ba#%XWZULQ$@(kgo!LI)@SFIfPk7L3ND7D<>z!*PiH-Esp7MeY1`C%W{5J*B+mSC0zBy%~@(h z05#!6I1UnbEEAvEOyDpdTuJ)QVLOetB%0MBpQ)R5aT6 zD?XFT3sO*|#Pv^3Ql`hAty)zKf0QpGZdvps)+=j2!&ffUx<&@%{g9{LAlBh>hB|f0 zYFVcw( zzBnZYjGx6keQ*4^FiFRE|4e6nOwW%S6dSb531(AduWya_0mIqNa{uinopA5`yy(c> zdyW{X1iXC=&oTHU)jNsq&2lFus`1s`p?t|QU>0UsOZIdtMNM~zozdTEv?VgCMZO`j81eIMddptuV=d$#{RWXF zdX?@cgHDZegze8|XJ=vDaT|MDyowd#?Ag%V6c#_3v@_2%E*ZNsbBVOVeS1|vUHg#7 zT9}`*X(7HMzR0nzy|RcOj!zhwQ6hRvHQO%qk2ETrkwlvhJc+)dHJW=ck+J%jvwJJ| zM(Fv3j*VH%=N7zvRR<35Ws|1!fJTvw_+e4KN)IM4618NLFRLeug)t)ExF_yi|Kkzz zNw0rI&N?!TjKW{?E4iSnBMV@@iw`>fO8L0Vq4{1Ad&(r`s3A|$+z{8OuWZi z02kIn$P@e9%*O+0D<^)ZDlmK8;ptbvDglw3AnNDUHtP*RWf|d8Rc8FkN zn0}v4r7J{IrI?koqcHV5Z`bAY>{-RzKN@bh`Q0w2i^e_go@5|rP!+go61|)kXalj! zvkFFBj*XZO6xpVY=PF7{?kqfki5xK0jyj;10?l}=Z>+z%Jnhl)p&9t%oU;IC8VGCR zJji*)3c&iY{5wKUqOb<*QGVJe=snllgMFA26*nrSf`}z|_9>>Z*Mk5BkZevUL^n0& zv)G+=G!C!2o70Qeg6|yKVF6Jj5jsgsmE(0^c_y4>myQcc$f@nW7Xt;eCCyWCj?2mD zXiZtbC_{Fra%pEPi^jeE5uclgbh)YVM45c?iO@)(L}zuK?ATLh%gsN!M@w( zE5;3qTPGiYUZzNl3gDgNOB$Mf_=WfYDqta@R&p(^q6zg#4p=`BI3_7?<;FdHwiu)T zln@sMT9BmhTTBL)5)2z{O3H70_ zh>Hul2S5e?A~~l_+@IP9?N(L3Fj)b6qv@Cn$5uJ@SkWd%S|}MXonxUqEW(F{!seycAH!I{w_!s6V&oJy*jy?9zWW?$E~bUAQ$h(ptnkPv5;f92S$#d6{Tz z{j0%IW5xQU8YXPz&dg1-rW&(+*4>uZpHwQH<9$xpZT-wV&|e2X6HrJ799V7T0!v<< zm*ltyS6YjOasCsyU*go+hCeXpk8U%E(YohXkl=D?#;D`9Z!zhIsZZLoNn?W|Zpo+Q za?*)aXDCgUVqOd3{Ip+R|7X!aS!-rax(RL)u^KZs*Q|#s53sr!rAeN+nNSjO{~yPZ z%qfK`e>Y2|aoCgpSE9ZLY2vptQJ;780O-bmql*0&OA@rE*gi+R);7(t^YgM=zs$%P z21LI63h8OTM&`ZibZ7-&O|!iUhE{H_>RI)Gfl7!rvG(L7ayI(Shqb;UfMvq&5CAY~ z_kaTY71JZ0OF}%Pa~er8lowxTnI^t#mjSdn@e>9o`zb&&+2@{Hz+4U}(`buIPY0eK zo(uojuKa`W4@g&jnovWmE6r@W3XDrQesPfW_TR}og|pqIr$0lTaA^#0pX2gxu)f%H zW@WaRdCa5QTFYt057$=vyq;U@yPPK*) z#hiWq8x;JCD-%R><7c@(>>&;12w*QGfu7jCwj!ag&`G$`5%9v@F~wasxgr+R->4J+ zTd_BxU?}Iy(+Nb{{1|JS2&Lwi>?DvlM>0!u|8uya;;+=MFMrq26+*JbrwNeMGif1S z>Wlxs`43MS$o&Pj+s2&~cKo_1pZ}hb^V(tq8e6jn0BNoCWw1}Sj4x@``qPTAU!1}Dsl0=f#-l5q%Zxy1VzPN?f>nIBGm<< z#-S&xpM7Lk2WnDhDd4uy3e3unP^axE^5a7P(^F)ZC2YB{lHKUH zM31>P=Mi#VwH8Ke)>?St^or(TKzJ{xdHh=dI9bSdu$=@z(eEsfBhy zZ9_GxD8|N3>+(+)@MZ&gj*wZ8s=cP)MQLrC?YBx6t54>_U(t6DHM)fCbY3Zc&w+R8 ztty}_$i;*^%N=7N&E6#~y%tDL|E;@Us-dm}jeeNZQyXZMp8`TIdy z*9ct3Y%p842VRa)*RZo?ApIUSiLp04-qCekDdgQk_pCL!uD4BY(r5KVp7tUL45uGE z$cn_)%v+uGaHe2-Y|mB*nq`=Kf;VT5-N=tGZ5Klvc@`XQpX{g)cRhcC-5gq-Ta5Az5V#f@q1;yn$mNF zpZBd*o9>3Ftw7RTxb_ZhT{3mkF795R9^xj)LUGNR)OdfBo!w8)L;uFi)Q1>o$tI?m zuS%2Vho{C|iul8}(W_02mHuPd_U1W+jX>UKF|kt z=Xkf~qqz8(O~pBz;(K9n%VT;qe}0V(4BEND%A^-m6z*-MsHW(Ugy|DR*dp(ZSL=4BBJg{BdiKT?fT?w&E5CdbNtW2JOUf z*VnyC&?kGE@nkGXsPCBOMzmLTy3kKaOsBB(X1w-cQzPd#WF~)xUw*W~V?)>(Kj@hg zPscmMkA`vAnL2V~+wRG|_(AzwsMN@vh(9Q~J{(mB&V`H4RWvDZ0gx z9^y8oozv5urRJ&%uV9mXs3t#tq*QmGb>eto!_v3$Y0tQ%oWrHqHM>if=J$Y`e|b$jpP&_LeJJMY zwCEp-fJ`r_EJ2GVhjs{FAW9mtp<`fjn%N3#xCm@(rLawvnicw9h%En=`b0lDC%t|Z zf|EXJ27T0h60MWkjDIzThTN5NuGs;8a5zUW3m-3EIV|L~rjul%j#CD#YH?~BsAv7{ z7zwGJsq(cIyckoAs9Fkl(2`I?dWQ|UPejygm9e^8)l9%q^y+@{s`ybzxg*h6Cy3g# zrIfy2&1);Gl~!3WX1$3vYj`jg8X0PZoO)W-IQr0IhudJ=wf=M-`MWh9uI1Isk587~a4fe3~ zc1tM=PTZ_K1w(NZ(O=E#p^cKvJG())(Jyoe15Xciw96I2z}Jwl-na5?zlA;wlF~2_ zY!j*64fxpBq=c$A(Ca7>)qmeYHERx0WBd1tSkX!oFs3Xis>d{rRWQ znAOyd`D&99@LFr@CWs~L^_$x95Bc}aP7rahq(j9*Rf~bV@VPCX2Vt9EOGGH*TXePO zf>IrkDrq_I`)ZOq)odowHOZTu%Fk)d+iQJ6{ppKYa^a$<^U>^^>Y*jyp?^+-je2AF zSyPP_n>^$t5;&I2Irl3KWrn&@kW!cVHL_XE45IHhGU6<9-50#Z5CPVvy&xTEdumgS z2=sI^JrpA9u~UX9)vI&9uSw09!*3@*TGM#gQmX;M~iL^*F{G=lg_>eddFE|0|)mrM*q2b_w15lQx%I2Ekf4LZbgF1GkO zUF2QsbkH{#UQh2iN}QBkO)TO)73R`IGk0zSi^p&!+If@3`AGQi6->iI+X8ZRUc`G z`lHW+)X}`6Xk8Fl-AcG?Saegho9B4_3gUM(20fFgs_A_2%MgwB`Ivv(4;o84uO8-drMi zlwVlDH_&lQYK&@gFl7y$o}v-IJgrzn$}?NBgwuC7ZKg?blIry>h$15Zcmu)NGlO2> ztf}nKbSi2XAG#-V0x9SMhkt~Yu}trVdg0B@QHFos_PU=hA}{nj@T`L<+}4}>pxCv> z`w_Tkti>%`+|-7je8{Vl2Gf%oQ=$Vg?qs#4pE#7vFF}XBV2mD*8Le^eopK9oeMyOU z!cI#cO&&GAwP$lpsx2|GB3b+T^yj5yM)vr=Z-d(4{f_iSM% zv#1iIGs`*ZOE9qoqmF>AIyleir@LVOMFzdmA4f*zPbde(i{I-i{_| zcOQg`?CQ-p&W5~mHvJ5_tbDz-&)U8(_dqR#^$_$VAZ)}btVJ!g>uJ_}0*r8HfWfSe zHL&^JW5oA|S}`iXtLMir4#$&2Omff4XY;rExxr|u!u_^nr@g2<@30gpQV+ia@ufr# zdL5cbRC~4u4{1`hPE!U7H+Z!iAWk)?c7J=#3U={kd;A@&Ryb;|P(N%by9asjps9gI zGP^clqH+3VbA}450P<|u(DN|@Pphnytw^J?Vz^joIE2o*NkDhZ+`Ea<}4y7*t;-(>Wg=rezw|bY^hGMxdGnZ4X|_GR!{| z+nHJOfLw>!ga8nLfS4b?^a*>Nx4i#J48FPHn)=4kG<@Q;-#I5@*x9gtn8w&1p7P4n zly5eX{lS?*u#cWcy_4{QftIr2NMTpJB@ET2~>aDvl^_{9~tEJG% zL_X@_%e+-EOivM=`9;diu--&&rgC3hF-zN*m1?3_0Fo%b-d2)8p}!Ck8F6SkVFz~A z%I9Hl=hNM+TpDR}^!XlOZ_wY95B+8{l{U%|V4BsunBVlJQBBmQ##)bCRIO>ll`Yej zU}?(}(K{jFrD$$btlcpvLTu{esP=n8w_B8@B~`=Byrk^f{CZI%p8@Rs%8Kh)-XT3f z0k68gwI*BR31vk8&nVN=*MBHoH?(+)IyOXv&Q4}MP15{MT&AJt9>%R3ne#ww3@S!U zaFtG6!b2JTjAkeZQ@h=KvY~%gk$oPh6pLR3mpghZYAhTO zQkP%;vbR+2w5n-5kGC^Xs+z@E1$T*D#m*=&zZlMaHi!mcv869w}^A zR=R1AtCt`v-Hrp34L6lLndj!pP|ZV6#>ak$U6v@&zqa-?>3H3LBvjaUT_uW=T7NG! zUP`|!VIZC0xhwXNN+qw(7GEe6OI=@=@`)=V5*=E{Z1 zl-l+?Q(SNQ+ic}|T#7Be<0gv3zFl;6=C){5vyu)+`Pjk25_j@oU$b$<$Jw&g&+0D+ zTS~*j(h&=-1)kMP2udBco$Z>GGuMFQEhtB8J*X1@(xpC%H1VO+f-jjz>_Qw{CogGz zAVo~q>^o}rL9Wtkt_zZ=o#p6<6XNDdkIpnnyyMTb`(34sP^TCnDkTSZx^fbbGRiV< zYEqyl5|c+t5zEX+9i@Fc2Lp2Cwcm6hBV0E*!B;We%@tm{ofE1qYJW%O&I&kZziO;v zL(5ExPY-E3TBERSg_JIyYX4b?`f&XFq1Gt8*~hJO?kAo;DFJM}ICodAYV3m-e45k2bC?j#?Mrs;%&l4`aXy~(Hc?x-o5Xa<>(z3i2i#SJp9 z#g}EhWsakx!#oyehpvUq_DanpJsaR_gqyNd-LEwQd9qo;ELjSZ?)ee!VgfNPLUUYP z=KMUgf=JVNHAddvjM8#hG5f4~&kS?yDEpyDd%Jt1;%eHXs+DN##mE!KY=z@Xw`XE1 zYhj@=wl`x;A);1FnWSYosKwo{#B*h`J9C%i3%B+&WI=ee&c3AJrfM6u3baR=nuP*Q z%NKOYL%n=&v*kr*-Rz{5KeBYk%{vGPZv{Pd1cjKyyv(m^kg|?E-WW~EPLBGMxnN{Y zr;2y!gXzma?K7ogw{;a2f=X?twA?%=Hgfn&?e@zLl!dMZ$G&VQ51v&N$`s^X`}Vf`M~>`ojMPUS zdaobJSXOc`P$c*ZR)jk1HV(1;9ex z6IiGtYL>m5lhi0Wpf;91;eO)@H8xrx7EUvrhi9Xjq#jQFG3ZwJW}})Sor<~>W&`MM zB*T4v7f_Rijb>z}=X~i(zU+fe{NdbOTYjTVg|lw66C;k(D$=v{YtWA1y;rdQ#-B=} z{O)SH1k|%t3*YQ!6UltME0oP6Pg;g*N?weA2o0u-0_)|vJW?AmHK0!93;kxbt)*JU zI|)q#-f6ex6svKvTk=)n!36gx)L#(oW}Oy(J zJ&mu0{KjQce~QF{67oTay^bDxv5tlWfyd@X%ni)=J?NJ*1etv()9fzZe)dqkVQ5}3 znsM8o>&8^ws-kO{fSjZg(;C&)Y#yTa$Uc0L0%A*@EZfl{Z67A}jR$XGp>`*2f=sk`Sn^_gL=XHxZ#)%!jFLH!b5!$@k8(XlBH;H*2N77VBHTJ6F6@peb z^YY5);OD$S?Xlxq50G%SDN6kUipk6ekZK!*L(vtOIdpEHhjAmhtypg1%JVDj#xHDi z5d$fnibFGf>G!iNK%uN-Y~K6P-sFFvn2@8Ev^yz$H$rCz8|fud87xRbw$0UxpHpmD zcdOK}s6D`wM_FcB zhRu*cll@C06c0QPb# za^K9Z%GiD15xwXnoi!jY<_YfX051uvtqJjX^~eWA%}l_LUe_77uYBtn%4)$Q(k`C! zyM4K>z+EOIU37LUi1cyU$j=(BxQ{QPAA=p)3|Ak@6p`*lnT}S~4i*`)j*EO^r?o@H zIsLg}XNcf$$(xF=p@+Ft5ABIpg)C?`zq7WQ;<;K;XQ?_mwmf7UJ5&kI`cx^ubFvhZ zY)k)vjMjZyJ{ebK<%Y+t_2^h+(vhP1Qwd7hoq#lv5Y|cofq=0&;U^32s~ZK+_ibom z)k9b*#s=Qc)z=%hVaQ@TID0rFp%X{JwUST?GYwmoBI>cYgj%t3-CNB9bIFbmBL_z59GPkE{!#-TQA3&VGnES#qMv8@e)U`9_AB*f>%&fAP zJ;&2WJ8Ff|7D4`|9X8tb;NA_)hM+P7kqSM-i_l>F`o6(?=lI<$0Vxhgx=xAHg zakUa8&+)#mI-RC+y``J??EX|j`*7I`O2Nt6lU-Y{1c(hKko79DQ7z;$7;4CzaB<7! znr#~4sf1)`@OdUB_E3(s1;1WtS{iQbYMa;vFRmnQ_dqYXClks((97R`?+wo@)*VuC zkbN|DI%k7yR21e^S1rgIOIU;rXdb9#=ptcw?a}YV$w7sjvwcp<@Ob>J8$~uq)W2U{ z`vuk{dX{tb=J4ExJ1OhhklPXoL3zz_g2=(d1&<VF6`BeC&nYNXGVo2 zn~>8qk*t_#DPA%?xLm@ujRta-4gS(K^R;=aCPB>h0Z~8+rntNDy>~MA}f= zOO0|cDvxRV%+CK+M)kE~-p$6ZTt=eA>J|<6(bm)T=Bfi+T%%=$#RC<`m6G{+D_GG7r3%FY6wuS?juFwsm-LrRkzG*-C&TDgv33v#@fFCV zfdXCLH&8WfmO32Luv=kf>S;ZpNBo+#0J1+K1=^NZh9t9QQ&?tc0ZCj!X=`_2Qqp42 z^A%LMT-JOcXVu(u5o=@JA`hsh;)7;?I7x{Fh$`w-XrzG-+F4O=$>c-c7l^O}Ph!rx zy$ElyDZhx)_4T27xW{w?kpLvO$(r8KYFB8eYfRVJ_MCjShIbg0W3<)K%r#K$w@Y79cU4|2?&O?$ z3l?#FY@Utrt|Dx)?A7KkqE#htD|x7vtumbKik7kTgMRIarDFHN2o&Onx`FvEhopifb1MSB;yiiN~v8Vsy&dL zBb-yY9%Q?Sen$VxI=X*QwcpTw{MjTQ>Xgus!%Bx z6|PD44xhaVrjI2SKAJBdqULG)lXbjAUsIHdg^|~;ldl16#0`p;Z%#&3_1PTnYoy+? z-&Hdi3L-(zO_XIhwnq%fN4_pA6j3jk51nubmc=0R6|4X@ZM z4xyhiDcZ|ouK8pr6&k@nd3;Pvb;3Yx6WE8^qQ0&%DZ2jIltIUWAw9_ANdN7Xa z0tHLM#IEG(lU)#{LWS#UMLD)2WO6&NO#PBjPUAk=l05$S=FG+|v-)BmsXaZmzD|Q` zgzLFe8We#cu99Fj;iWctR#x|3tLVt-#I#fxEoi6_=`dJd-Y5FdW~9M!HW?+_Um(x} zU`p`fYI|P_^krOX00u_pQTfJFBqMf#}tLMdhgF~v;#M5)MBbFLt^7|!&j%#EQM`#$_GPS!z z@pBKS>J5t3=DO8iHJ(hyk}wvQPaxM=X5T(hWVEzd7?H*;vy(Rf+zyd3w;-)gmU z-%UZLTih6Jeej`&wM2#JT>yC$1#|RcQBP4BrH`S3pINS+h9OZcbH`vpA-@1*_FVnD zP*`;Tu~YF#L`aoMdsMT-Brsar=N1jvy{)9rbI?p(;}-mIC3en0+Cs6aw>7|ZokYe+ zoyhAltq)x}|J;Y(!X|LeY~SvuPR9AM6>2ckiSI=BRii`U@|?uCq?XPWd3wJ$XSf)= zq1}9gUuApGiHTykQ>XELAJQ!NPB! zeac?w>W8jVM)qAdQ%wyP3UE%-RyOZRuT0ewaWBVWFPm;c8jxM1~(rfFa23zG~L5sFz@#!t!;4ncgd@rJ{{CBoB z$8)*#)KB3g8|J+OOQuvAvz43`3oPEzR40Rjj%LnUF@gEqdoFqBOU>XoVZ0US)}>2F zzXR3Y$2mrZ;;ghcMD$o6!>e)2g3UsO!Ah5riuqw;m*QsTSr&Gkk8VqS#6zU+t4Gw~ z#Z;Wz>3r3|YqP4Gti6$ZY&PBzjZkwns+k=JyRR5L>55mTZ>%%!-BJ3pXGarq+9)qE zY{5QV%TjdXrG|a~R1Q?y2dpNQt(kh`!7AO9s>+VZ-Wf~x%WuC%`xC z$Q(Nsc@BP<$qS+oGD?x;{Sg&YGo$>`<0xXXgMz8Nx&Gzzz~HNdTNLHv-LLO{5*JtfkhYzb)D1zv;=RDyH zE_hPVsh)DV6_DT#5;%+xr1CcrCD~!> zxikrq%9&{PxhE^~)zfOlv(;;6!l;~)xUEz4U~#XzH7ZA0Ck_-MpH0fGn%%X>IS^Cw zX_Q;(a(MkVgdg*VcN$ObxBV$iy4@4*Ya~jZo$5u<-IptY4z5KhSEGsQr-9qO zf}Dap;A4D1EHl()_`21Db-nGk=W=>ylvSRdvwaO;H~OoQoHB2yJ2X2R4s+&wT&#so zmUg$sL-#v+EjKE;^ntoP1vX620f(&B_Loy7jC~y9&>Nh6HF?}0-E{qC6mifS4T@mg zIPc8Lc{%_As0R^*MOZW$OTDUzZK8tFnd*rWndx|JdHO7GnKZmpaJ^;+jiU_0R(B>| zdjfU`chxg#$LXCG-SqJ6k%H;gZd{%*dAaBmMwOlKEg*C;V>4K7ePie$b)eq7(l_@UGhhXE=n>rRn z$aI8!U5K_koqGCeh)EseQoVovI5n56^&aFin?L&P(){mOrDKz*o?i1w3UA^b`u_gh z@o!f*ba=A!!Ks$Fzaju;`U=+A?CIrsw7beXYuOzLP9G^2C%R1Ivj#&JbcAd+2U_+X z>U7c_JDgm)WcTjETX(7GLhJHY?U%`$^_RxuVkgE+1HblvGW)e7N9C^sc&%R{S^rB9 zv%n_ez4ZP2_t5aQ{=O=aCH2scI=oHHJ|2BC@M+Jz_aUanvh?xJh#_lKfzyvIn^PU} zVUzh!IFU!()iiNYU!N6P$X<@Lr~PsQFW&B2*E`>^;vIejuT_;YFy-mF_XUo%~Sk#DSh{VlrL^KO$6q5VC{ z)tPcH7N0c6gT)>}3247Mx61nT2B*C%_Rqg9xtAusnpO5{6ZKSv`0=QEc(K0lx#>4X+YXdxjv4>;qz=lnX?cU|AP-XFt1c6OfZvYxfq zy7%7q9o0-O;pKns#U7b{Lo24$BEo4k%fFXJUey;YYQu#rkBE2N;3mhZ9Z76$gya)> zNWbxCt6x-{Fwo=`PYS~8qCw5W+sF6X!5O;mH{<#xB_sRbgiLWobO9ER+ic+q~s!v`0L3-IKGCiih3?U#(|XrynD@IW9*CgY$Hm&mJq;RaYUSAM8>s98f=Q z`6VF7A5K>HUUj*X`86>$b)X`ITHiWW-`O7z1rL*PLb4V)k7eK(oCH>JaPHME)uGL~ zI>kLINe30glT_%Ctse7Ila(X3v4bY6V0P z8Mm`@{7L2KwCbto=U+A!+6q)X0dX2~@fH88S0~Rl(_FrS%bT^lWKwI~!QBs{C@NZDmz8KK)3#Z_B9 zLAjR)w>)cA>&l7*Ig@S5gX_xNOCDCa(w1#h`9L3f5Q^J}G`IZZwb8TQ=lO&%ey_8$ z8d3s%ck2aegN^&1D?ljBNmgQBDxs8MsUCF&PvGAEHq-cqK>R(c8&LZ}X zaKp0W3WSxX6KB0n7iLU$)r7{pH^#LE)^KjRrq$X~zH@HlzDc&fpBnt^2;-0uq*ta5 zS%mc~=m+g^6%4_PZ+4+MEJ`dzg~&GsH)WRX`!9NB&E{9p}RHAsrPI% zLaTC{_Xq?Yz~<$kw84YCStRZ3Aj;wL=@Pg@za>TJ?Sp(9timlJZ<3vQ{Hft0Nt(HN zGH+}-YJ-rRB|!c9Uh{4ycg!Pjss-$uR_51$UKVBA z4^(Izv`LROlF@sO_Z5G=@a+)Hv%s9i?DcgHZhyN3Tg_pJ-pJqTGw*?2eJU=wRSD~~ z%psiGCM7Wh)T8>2P`k4`w!LlIac7n&zg$z$^}Rw*`ECSJe4X&Y*J9i3c(KkbaCi>E zulLG~VPHh#eaVS4x3qSq<}IJYn7Z3|00y`EVbzISS=lih<+K)SDa4zbe(7t`nXBhA zEzgEb7tN?ETneM@v)(=rTlwZUem`Fxjn8|QgsDX3Xq+NxqIu3REKPYYmY;<0nb2}? zw3?81WmQ&cltDd2F=bq`j~Ux4UY^~b?^kY0&b`!O3$LoH`bBxo%q~Yn?)6M0*YlNS zPsQ6~XDsktl>Kl3`&|e*e8VJX-=`3clE3!5mPw(pKiKRzpZN@L?o2=ZS%@v+x?X{S zC@r^J(9%VSS*q(WXiv&dJ}T6Au!UF1@@WobJj-}Nnnn5BuXwVLE?mj-uYsdr#V$AItdD!}-xaDuvlT~!sByi9M; z;{*vOUM>>O3ERj{oO#++8hF#o$Lmg8?ab__V<#ZT@-3ijZ!TxGAXoL~=?TsA7q21m z)vDfU>i=kcfn+8lekj4ywo2uu?ad*}H)jb~u3B|mgvqYl(pNv@+5N42(LTL)urk~f z^0o4&NP}OV%qn61V^@I#LLw7~Oq^*0*q_ zW?z*$gdlRgc?vWuFhn+QDU@vnG`=HcAyH9gm^n7upSt&*Yc}pJ3{ySy-L~f9*Tp1* zP?mtVk0xuQ4P3plpX%*@#ptE3^!!U@M7_?H4Zfr>>Nf+X&Qg}dEfu&tUI-HnAb963 z#js*Z<2OvvX}`BeW7^$~s`E?D<_i-}XIqD@dQr$0kaOd7eSUMk4vw_D(fQY5tq0v^ zw~wO=0vdRh34y6$J-6a}v%MMu7N>7nIxoomPxEX*#P{3EaHYZ+FF8#Zhiw2h*u7S9?|xTd zxc9pkPZ+bR!+x!ET>-&=@J&*X40ab}`@L_$X3MDuE`UX8&Yj=V#6J8UYqh#&X_v}B zl;;ibj|S;U)m_`wt#U?bP0HNrDbJszhEz{WZ(va%nR|b>Vy|)8 z4eFATC3r-`I?kvLx0EhlGdEd!1(+(^-Z52Zxes;5$OejBBMVkwY|2j$nN%jMhKIY} z{+@EBRmCaRBQyi97OIQRjHV>41oy(dA*n(>4R9FLm#DLxSC#%bFdHINt%<0raWq9C zcAvh&L*evi(xwEDKYc2ma$6=bx1dGC*pL~blci%+3L;R2 z(>dc5Ib~ef7tY8}Bt-A(IAq8Lz2i@yD$Rgmb{^ z1aG{S`UkKLhpCG;tmwWo*A+2*=6PD?pyk<`Vog)4*wnjk%Hg{U<+in%?(+hQs%jC& zhAP7~+qWtzPy8PQ{JMRBQnrk=bny=kj_>t~=g<4H*O!pS>_SKMUj7G?`p-o)gBKS^ z8X^vewmklETR`Cy@Q(&^eX;K0o@f#ER~^qx(oH4Q!r8$pf9a?zcx+V(Ui@yA4yfzx zE%wz!uKNg?Zb$Z&_p_Lb$Z%xRBc4m;^BH;((lRn8X`1T(4%@--j;U5EDQBxdT|H#_ zYeq?$nV{^y`pf&({!~$~e4nZv7V77BGj}mW4;>?8GHJ5?-0$^)^zrK%^;7%#oxS${ zC~6&Brjmf%Kv;I1yS)hC=lxqn9ms|L%%y+XpFw@QqCxXs8r`IBwx!7opATXz2Z&at$A zdjNi6;1tjCzpCEHmeoDc4F!ZsAA1=6U5HhAqPx1jJ{DaP`?Cx9Y(VVs%)vu{{pz|# zlGoc8KO4P1ka+v;x%0lK5mJLU{_5QKStsi!^?;;nh0h3~(u|?LmtR_1+Bik+rOx)s zav%Euy6NUBW7d=w$A?}njX7;-C}Lf?2<;*P+7u>+hM#`THp)GOOgsGJ5-nqtnv+gF z#go`5hA50V?bwT@e65PE|KQNrMVjOC@$mtI7SRQU$)*zU@utI5a@#J$=NALYdmX>= zYaHapBOW_frINqaRz^s>*|lQbKbM@3KL7FX-H+w?e+edf&L0PWrSbeFEhediz8)nh zDXFTRrc))jMr4b!QTl=?J@4nAo&wcTUI`|4e znry2UVFhWa2`!fE_Il`_Am949zdCLyB2yAbM6GH86-=YqG-D#o3Nin{z3(xXz?~At z*jBnFrQUd`9NLz&#t_8m9)z7do_Gn`W}4w$K=?%7?hhWAmFp?^+T{(3cS{kZJQ%Vb z#7&Vh5s@!i%HrkMbw2mr%;fBG(c`sCOU5ckv-m z%_m!fo1=po<|<4xI^!K_+mjDf&_%yHb0GnFw-bOpSCUDO*n&c`rOH*|OVi(@vK3n? zx7}vg%*@&kx~!S4@SJUMJ`uHr+I?j5{>1Fo{eS~yQRW-fv`RlmM-G{)@~<-G>{TuG z@P-ElqqRI&ufm{spZ*xKfs~UpfX3acBbL;6y|fa9R=KRq_D7ceMrm%0{~{`ys#C6L z_{Fjni?LGh2w0Wk^{Qm`KZG6dz)_2rZ(@eob|_n0kJpdrNt1c4vFHh_OItCwk+9$< z=(>}~u$DF|z;SgYx%GqY>HMzeH%TzNn(vcstkDzmz^3k=E`GP@w%n?vr8`zthxPkF z?E+u$P6&=>34mmhN#~Q?_a(7ZTyh?5)&MBtXxvc%LrfzKIee@9ECY<;$XYP_V@*Gk@j;VxOUQ_*lxz zmsXUvIPZZ{SMqv?0B7~dxfq+Y#nh+%bbl|TX8LVR92DZ;LB2=4(prpz42c=o0M`l3 zVcE}(MS>S}Fe1mR=sIcOLxv*r?E-sbq)P<*?E38P(LXIV(<+fmucZ91PC;q|R z#3}qxkX%c`K$!k&x|iUEjNGmhS|1$So2G}v9gQfsKy#riCLCspEVXa5kTzTsYJPhN z=M-67J5YP#Hu1f06p%0JpuF-mz_RwPSr4TlblG9fNd+<9Oob^LZ)wvjiQxnB#$sNXC&925f}b<|z*E6x+5I{w4FNk$ znS$|q!Q{`3Lvfmi1yd43*`GUK5((?XEV9MO$0YZsH}>>>8>%n{hX&oKXFN%7 zfkUk1doe{DJ}YbG*($iXO?lt&ZDti<#PZVC&Q~!v`okhl3&2;3m?PGH?zatL$-|N# zG>eTq6)XnC9tkEzm-=+I7vI`69@&166;1i9uQTFno@g1R+Y8{M{felpmDI#F zzd+xzg)_S^rEm%K=j0LYgmpoe>NL3jV$HCbn8YW;djLSG_tmuYE@Oo_Dxs{hCSRKA zoAU{GL+0|oGKSkdRa)%(cW(8qT)teBc4f|SevsoE!Z?&Qy3tbMs(EBAQGAJbEa@5K z!+1u8+f=1v=xY1@%tKq9S>FHzA0|TR)1Ss?53+;3s5jLBZz3I}_1JQ;dSZ;Hg`;sP@;N9&LeAqw6l>igXjY4_dx^%EzI;{v9~DDy;MF^CX@qtvdg@ zGBhT8ZN=J-@zb4z%U%IDu4WVDq;L{VPQ+{ z-Whq91d`T9Z`_h_SE1KbzF|}wX78?8OP8b^1xuBhPs4%s`_B0>zZsav&e(q-Ix$=8 zr8bgr$Cj`1B;L8V9*5d{sHpO+xj%>F{*AaJ25$lzgAn%YC8Lq1xEmsPtvy zbL984p>LFyfP06`)GYFBYd0}*z-K8XK<|4C|8jx+G#G{)P1R9om+io2l7{ArO-)14 zk3(kET5W59K4b@WZQjS?9M&dp2Kp`wd0#xF9Qfh<&89~ZsbQ_FizdEWZ@1L zx^AH#cLQ$@9xMe3b7_iwqwzQjXt@D62N{*~JeYTUK&2{s^ez2?M7&OZLQ?Rms+HhV z>1BDHd@=M^vp@Dlm`b=Nd8ci8wbAK=s;gfpjmP`wu`6SCLEyp0FZaGjB`E?s138W}e2i5+fYbN{oFKxP)Cc=r!nHNG*2Ot)`N{0fCWI^igk_5@1v)REG^8O|q{wLYGpc;CI5{#j*Uf)ki z)q)x4-OmRmeda;lyg|v%5}WDhhUtIN5`TYsP6GmaAAluJ<{X$rnv|3wc4noAT6$IQ8>`*;hd8(J+t=h3}zdLj` zT%P^Oy#P~t_O{~eXx1QI&_I^ad%a?QB(2&&l{UzScY<2_enz|&8h&1_G8|@xhOl#?CV&Jltt|^vziws)FJdcR8-r%SgE-i_=4!s z=r#4PyPvz8C|~lNat!2`a*Qzi)^-p5<9$fm)gL^R0zV;Akmay3y~@vvJqwoyKL2Wjt)|78HZ^@i=Z`2V`8k9#hzqYcPx z#r`057EA-EdV!>7%6}9lC3iXZkchh9`1iVp05`XGz_h7K;r6fjNT>%)e+96;gJPP& z<4rG-&RaQ49e@dz_#XYCZ{~9k3{(MtzK#tfK+panY7D4Oy1(s`Kkho)7BR&bBb@>e zKF@=q8cG0SM;~ua6yDyR*r5hBPS*|t3V=Vohy$rB&v2#^P33K$%~H01{v&!GK<8p& zVzvRg6wQzesO{(O5X1ne9uL2^ckVfVz3r+ypkg^D=>oFIVN(h2wwC1%+v%SvCosZ) za02L<#TK`$?VXcTJ|`0cN) zju-BRN4rQKc|T#zy8D+UCVu((oqZ<%_5di{^9cIcUsXT$4Sc^Wp=C!1*DKHdyU;TE zvIGLjUTW-b`S}#6IiQ94de6^RB1Mh<9c4t$8_Jm_B&fZvedQ_jSLYU2E)-oJ0SE?d z07z~qmnrgy2f)~5j8mF^P$7P_tiy(v0jQm$Nh^RN4qQJfEqy@Vb{#~e{@BH`|Ai!N zu~)le?~m0fWNDey5pV?k1;8(RuOGcI+vhz!q(AcQg9FudmHT6TY`g^^elGy}u|F6; z_O^h{DerIM>VBtC+F`nAj8c-7`nCh{8DVNpojzqH@#pGtSM5(?rT@4?cRx|PLz+u< zeB6$QTpC4d9Tgg!f^8hGMd&>8KLt*qo2YJeODzXj?zt2a0@-zAB{s^%BbfR z9@g3HZ`^}o!m*yL^<@}~yXw8duZjQsKbnJoV>%Mscpz36ttUQo2U<7g&i?Pe@LevD znTbNIUv^=%BHXZu*Wwhbuz;B_i6)R>|5BLQ+6NbI-MQB>go4^|h#0irbcC!Qu1&Kk zxq2Z}u+0X)K>-1f;$|a1c&s?J!tS_$ZH0vPSfu37fqMWtYjLcfQiIjGloAo->zn4I`)2ucYVEt#c2-CJC=H>Z@Er8m8O+ zRNvXM=afv-d+qZv=_%@)?Md1>Cv5Sw+CmJUIA>M3I!)u%CM{;aC4c1T+$s!2*aVG5 z=%^iDCBkHk=R{DPWM;VucXT9LC#eOZz1g|2iCV|HLTh#OQwBw0xPq1Wp4lzan9gh?5pPFBIIWx22P1}^iZ;f* zBWTu(F4h*&5POF9^ZjayfiqvLX%W?qf|*MZ6hoylPoI$-Xr*VX2}kijQ{5(a6@HMj zFyT?gm+T!L$XGCO0F9nrF-iy(Bkku88V(_Of}bk>iW?@gxpqPQ1aJ4}{5OAHY(R0> zTI&hKqaj)r-?*dcUNb{dBgLrN`Q~8b26thv4P#`H5BYIeG>3IdkQga0mGOtgm9lBI zmw4~Nr|9_Cw-tKT7kkGlHfNpk609gma1zdLqR?SkMtF@@$$(BdE5n5oJ|$sl=9^`_ zBO^xGA&yW!(ib@yR()r!n6|l*Q9;jc zJjwMXwpWO4gowPERZ)5du`Pj0Myz@r``eABM4FByN3NlKX1>UPXlEvuXQOF_T5-1m zN2|ybcJ&_AhGRkyXBMR$4>Bql%rQmxAWub|G$zENChje^w~wgYlU;@CSf%i?PHdD=$a6iaoFn8 zOA|f%(&Vtu&MBl)K3dRI*n0hmiE-91*ULVcju;+`%QM%1K2E(hK>o15L5#%1e_)P6 zp?N$ycu>=iMATV#@Kt{MR0$Oh%#JXI7n;<8{oMkXY0Nr6iLX5ij`XVWHEY>te{JcD zmTEYyYp%JeDT`8lzH%y&jKY`E2Z~U`cFAu+XrBI-NGx!}9ygs&yvKUK8o^TGjE~M` zbsBJ}1H#x%NQyQH^W}AUTSq}tH(@m0O-NKUYR&%|A45`*ynIb4A)K5WvA1W6DSFc0 zUjW_AF@^ZI>aZ8dJ&{)(7J=K3e*M^rh+QEs1)(CixaJnGW3?W&oG6j5>XE-a$2ous zwLQ?=7RuVaF{gz^`c0N>vQXV?CploTy)npiEpGC<=UVb8{|kBuV_|MJ*}XhMecF32 zWWpj?Y-)o`|H@h9@_}lYYxgE{ED6Wqx04jOJsE1XnY zyvt!TW$Yf^q`U(q3@nB{bq*cY87RDZOAj3omDWDDQUK?e2XBz{8)8aB0)q$~>(Jpt zvH|IVQw&A{PZXP!iv66kN37~hH>X3c;awPhwTVa}%)g8u4xLI3D>!Nk2L5JM16{ql{z4T9b!#!lO=;h zQj0B0yI?pG4Kj%rEE!Zjqu4|kC zotMny2HP~W@$FVHR_yV$W_>IV*#EAT6E?{3t=DL?6jWp?yGqx*{Ngiwk+#D3OX&Nq{on0>St!x2sQT#H8PceD& znmT7yUc)ce*6tMUFA1vcY4~xnYb$cOi;LH}ai+d8LJzYT6|X|mv1>k-B*x$>684%I zCA||<>!aAKaGUfG4zIM6$&Ce!`Xtwec0g^cTkZxNewru!iSs_$lGWg4y6`YU+Ro)P zqZu$@bAg++=~}D;WZAIk2zIa~7S9mpu3D5^>oGPS^E})DmoBzTDxalf^gCqhqWjXU ztApm{xk^XcuLO@1*BF+q8|h6ioU<8EW=4gsaoMEg`thJ7Y`Y9@3c{)`jKc)9>vfa{ zJ1>sIA-4EZxSKXbBh9k2jLP&`%AP5&%~!saesJchXLVSC;H@-NC6~Czn`IWRmFW?1 z`*FA4!hKi*^{R zvA+oCw5Mp`)d?75LZiR%Xb2B=RGoSrCu_UoOnQKrQgtd6o?B_IOA3s5>b}|7n8}rc zM8WRnE>g`^(YsNM?1#RS)d{2NR~5_8A|%o*&y^nc)I+zgJQriLXk7W{x7|XttJ3>e zQRI$BCYwGH{ZyLR$o<1IB)^SC5uly1!?8PS#5JL~9N>hpwIDt@ryf)#2H-BsuhC%I?cYt0`KR}E4Rhc#{5(54}YqLAMIMGmg>s&nnu6upv*~+hK9zVdG@;Z$ZAsvN{+#y1aI~SyuDUq z=I=7Ncs3_+ggC|vP!RV-3UyrlMi?tkUYJv5q&R0+la`6fFCN(AH3%V#O+d(M6EIdr zsU95^j1sUJKYXz!aIpfkaUFS{zhAxt7%|@6U1v9%rnh3zH5*2Q1~V$Df%q6NxDX|R zk$&yXuF^&SLcUg^aN7F3-0;4tZwlS&vo@BFMpeF@@X^31Is&v-s!7Q5uW9!4O`kNL zU&+3*KU4K?;hr_GKa;rau<%yy3oU%r_cmpR4mhECcp*^5lHoIS^rXSP4r$D$6E6^!FMjuriPC zK;q!73+WtY@G3q#>evdB2x1XiOKVt zM1xc;06EN^9auI;D&7{+SKh~<^`e6BQlOmW7*wST=jme``BSdWI87s{Eip$E8g{o2 zmyV(pk8bD)h9QQdIWIshGwi-9UrgBY+txU*{h+Lq)lRo%2(xt`tE1VP>G#uDiim5( zWFgf0LJXYa0`Y}CIG2f<%^aE0Pgk@!_BG0*&M1#RQ_yZDv!}y*Z_c52^FiE@=9+UQ z=_*xo2pwoV#Ui6(BKD@2_1dW3h!`mZn2uBXGy4cH8$wl|{hc7T1AWoZ3Eyx`@xU4v zc6`iK7pmGJ4g{$W;P676>u`nh1f>dSO^9mIKqrF!EA+o*jitdz21x0>Q_#7bmvK;SnKFi@p&UbQ`rU2b1^`UXqf(Y ziyraFi&3mr@6}lO2F#Q+(2R!|oAPCW&fg_0?o;^y3bh?O{y(I#|H~YEk@A^a9nr`P zn?w7{as#$D0q*A*5OuaUhSO@B_4eY~4GzzktU=Kz_ znsvxqJ@}q-MD|~OnpL?f4YMOlyL9M@ch&U&9W2n7(ZK~U_{*+C4n~9MFFXF#p#BPl v+rk_^s!MHWvpaVDA6zz66qZdxF)%NRGj4xw!?>_i1t$>2? literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-spamalias.png b/2.5/de/assets/images/manual-guides/mailcow-spamalias.png new file mode 100644 index 0000000000000000000000000000000000000000..e6bfc773cede1d1bb371e6e2a74d75070e635fcb GIT binary patch literal 24593 zcmeFY2T)U8*D#8rVgpnJ9;qr#x^y8F6_DP$H0ixV0tASNfb=GvfQYovLz6BdC4?fK z00HSO5UGIx$&JtRe*gE*eeXYWXYN0D?!9x*%$bwyv-jC+ueDd%t3+vQDpB5KxJgDv zMyaB#pi4$}^?;1*lG^plq?QZ*&&^OR~x#rcKhHD-JI-UXYR1B-}c;x=Q+g z!&BMBhm7o=@1Oh9ygjQwsqvn#qOq@@hrKVz%G-`i$=lA(-N(_x*TUdBX^7h~}&2xSbpq8OC9&RsQ6yF=}RgQbr4R zXvQA*YHRTVR(#XG$f4+LQz`g#;J}v{IZFbQbba7VX8!xf+mgqqOaC;%h)=2hX>8Pdd*Vb$6{{`c*T9t+|`^62|_}x*2(;=s@R>?%MS3reuY7j zG3~oDdgi)*NJzLL{JD&rzT>s-N9e#SWS@TTXJY1--RH*GJXsx+neWTAB-L7RfB7~U z(Vs^Zs!CU~9(iZ*)3Yy?N@QgA3bH9s((=<-vx=fhjIm0O{uuzlp+T<3HxctQ)dqQ- zK#p6Y`;mH|9{gUX(+NGgPWCOf&jBv-?3p7W(&_2br=N)O@UYJg5~P)due-UGoNq20 z{DG;C1XHI)0vXxBhagS>JJnc!nZ?!v#bNgq(Ub2sE_!65-q%ILmcBKUlMOsehW7o2 zr3bzmsb!R;Z2vtybDu1Z=`sn>>RmE2k$77!;nuCfT%AMAE6p%L=?3wu&)FiMi#(w! z2av#FLq*-L3M_T_v)Hj;w-PEeF8%C#^z(K!`8E~V(`9AgZ#K6osRIV7A9GZB0TW&p zGU>hFUUC2+bL$hy0>L*9yc5-dOubQ(RhG(e=`3dDKGt@2c4MS{)uPSSz7SO*{g=e> zS7qQ+rvTKj$*)t(DZT%;*s{(WJ{(074lA(i=30BDn&55+Z&z#!= zSA1%cM8t&FkD8@~6a^6RmhmoJUaeAeF4G6|@agZ+Hk&n-xDn%wx>gUj#OVK6(^^^X zm@Nfca4#b)z2t?$L7F~xL)kx|^NpH;E2=%4Em&#GP~aoYGc_0p$i8CQ>Of~GRu=$O zvQ^auxwDVd=s`Z!dfE*VcJEq}Sp`G&8uqooQV|2U-sN;n@RQrHp|J*nnOsFB&Pi4A zKW2}|&ow)ghQf~Gc!s9uWMt_)g5B&gGroHj#O24!Ky-&cR0UL4t_C*G^QNc(U(0$_ z#CO9I&H%^kKT_-fa@a&Yf5edS=QCw_zox9al3ZeEmHs|UXIpd0(9pDr8sovtr0laa z1Xg(1x!qQ&vW3aPMtY>Ccun#mxn#aS3ny@UgP_b7T;Z`r`)Hxg)m$DahBe>J9{e&L zmqV$xxEkydrvD!tBw=~Pl*TN*G2g(x#s@z7mAT7{X6|j&mlAT&h(VD1N>vv*qnc$Z zykm8@({6fkcI;1d=%-z{7YD8lk&d46@VY>-D$4d zKnj64UyrmgqmC&a3Yq$P(GS$Vu-9{|dOpUDcC+`2TkVJU;^UXmJl~^O@#ubry)>7- zPy!WE0`|=2D2?BRX&pq#@5byfbkvV|G0=4KMluDBHX2ZOZ@L%gm#e}72qSHCx|oZa ziFn`=g%K=7be}vWslV+Or5cPOK4){6^@F7z?Z$YHkVm#ZoJOurn66BcgHEU&oB8WQ zwK_r*kMj4li*dY^I;(JWd}O}qh_*Dk$O^IhWEV$c%428;vV>F_n*fOVZNvKD9(xgP zAe%#%u7AM7%tPA$5H^EGGLg0v!rY$DnjGZONk03kLPa7UR4J^7cVfV3A$|BSMhai- zOLIQMhB6}=ZJlsE&?6MHZ7XOhc_kgzXe4HG<8AX~Y`R~Gr2c~!5mXOtm?;q+<6f^^ z5o_+-fC;gP^w%PibPG7MrysmZ1E?$NLbWpljae6%jSb7e4K%w z0IlzTddVwGB{G=E+e^%B zF4Ot&bB^6LS8QSZEA}Xv869T7sEGzC6BZ6{>>G_tE4R8?qMPlI19tD&aRv)UXKCia zF-SgW{F^O-z)P`AiL_t=l-m|vyg?Tsxas~|2$l93K`>Y@>o~M`$H#Bi*VZ5;q zHQ+RlHQ;(6dw*MYZC_CAJ9YqDv2$zFO*P;+hxvG6K;UxVF`nw`8Rk7ZAoc7lNbO61 zm~SxfC0i7j9F5pB*=1g;uvI!5(~*f?f%diSiU4U#)h3>$QYuN|uT4nDnmH=BXUU>e z4hwHns?`y6)S=EK`Mbp*3j1BrGEkcz%YmOc9{-4Z>wppmJ7%|fg&?!{1667QCh*b9 zCRu+(SkM+_$j0|dm|{Y|XyKQYB(9w3bjDftxU8w0E{ESEMw3UcQVyC!&3B3eBkolg z_^4V+yW=ZpNp{EFn3<6f&H;A3F1_{9Xo3~92O7_om8Zz%<_=hUu6Y(~tqgoMD-msP zk)gOT3UHOLK$+8fmv1^rjO*6dRceUWhE7tJiPzCNLp5K@W`|0C5LSgO@|o9`$*>|> z!V8M(;w&%Bxe(^h&1+jI_a&B_5rWpag!h-oGFnk-n2%{g+}!Bt+`!4gp${y?I)-~|z` zCUD%J!@&pF*Dck%_lnEJfW07Zy3EZ`^YM^eGHnJ4xf~v?w7lS*#MBdCU#124=AFglak>yerLdQdgXB5GP__!JogZIH*aqF3g4Gx9$9@q%2#L-4CiI zCWPRnZ4pC`XAzR#tj)hJOxH4-W9N=TOz+m@HJqlZX zvjs6weC>8~h*X$qoE^tv2aiT=kT`iNM!&USvM>C24JW~OVWJXce9nXm*;M>h!X3P9 z1ewxwi>XX&Ag44KVye*z9KqD~yaLagzSf1;)qqsJAR&Ka{~ZbYd{q@RXTK=jI%P1P z+gr(_ag5@|mjplM8Q}$0Qbe03HU^-BjVfN!6D+K*{bk@-N;pagNgtgoHTyV^_s_5M8--)^u2_G5zR zT_^RGSS0jSvoW@rlyaFr5NZm=+KuFvfv7BE8gUiSRexQjKbP8l=Akf&O>qg>0pmnzG`49(~xp$>icvP)ipn_zm{ zNBw#_oCM6;14IVzP8T&xR$_2!yM>cCeX&=~^*S=?Q(zDM9`!|_~Ig5fgY zj*145G`rZ(cE8j>Y>pCrxf5m|viOs0{&$?xS|!Y_eK+^7d8z6kO@tZl?epZ0=JbJz z?W|orrK-RKKeD@7%!fPapmGbt0<6pYh*yv$I*UPMkYw(`3)OP!Kr*b@V2?~D`Z~5Q z^I>uy$I4~!hVH`iR@^{RM1KG>jejr)^TE$IUsGMA3clF)V4`hR9T}gM3V5f-&0}$6 zp0SK=XRziR5x=Xt+_6<_py>QDO|PcVV7{uY<*03oLoGdO6~y}#XRBlmki^VeY%Kw5 zntkB!#y9~F9Bh6$YD{GFI|v;0L@u}Cdydr_eUT+4;C0mi?CCDy(q5$qg{App!wH?* zEfKM7l^Vv=j|}IIvk}SndZ!S`$Bnl&Z6NzI5}||2YjLsCtQk|&xZ!qkK|z20cv{-o z=!zX{k(8jK!x0CUS>J@>>x!&v($WXiM1{|V`wQ)ZZm5#YxV&2}-($19nkoxlFUXDfv zB)xtcdM@N>QX2xcIhspOZZbt%^x~iYV7fw5c0TI_*B3jT;uCRZOqr=4rFF1&B7rA8 z@8nn=Q-VR+po-)?vsot#!>T|_(Yfa4x|OJzO2}5^SRcv0APIRS)ir^g(tsheoN1G< z<@iAnFPUmbZ^TgLZm1fdY$7!f8qT{Ne;9W%OxJ2;qlxO5+u5vM;|ijRlmb?Yco@Sg z7uC(s8$6`L{cT)*yGfgEZcuj6GS>OnH@rxU$3i7(!2R-N(!Lj4woo$JGZ^VRN|Q2g z^tQtJQF9HA`&X^yVEWuukLy$1cusZmwPtL&mR+U40!!9FyMC$b{G}hOwj?Oc{A&YI zFE66?3@y+<*S5c;H2iH)6;J*$F#fIJ*3$N3uY|wro#HJP{)L%xsV#~2l@A@k+wA;f zuU_R*^Fby{@6hz|t6W_6+SNH;iqVp3_N@(E(_fD9p8c%(rsq{8O_v*^nrf~yM&))4 zF(I03j050povD)Q>Pn-R6%`)3w(6tGlH@ZxF@Y*tFDB@mwP7rGST$tIWazaKhl?Z8wty33_7i1HaWG>7%JUgQU@iX1?rcw z7%eN^8XDzaJtQ#$EJe(Ia;lWPK1Nk-jn60y$X@?)eJJ?xv(VF(kxD$5sw(}2gyqKO zHa2-V!O-n`l#x$b$E(VcnKCI(XRX}&YuCie+UDO~?EqQ?Sz?bG`n{wOZMm+}34*VG zo#VS-NjlcF1sv#lU6yNn)Fnvw2r=}#26pd3DvY9Fr(TPX9)PMOIR$9v54)G~@ALg^Q`GQf;=V@c@5eijNdG3Vl@VDxGs5bksvivme=;kT@r|v;xv_ zn6y9hM^6tO-zNI_pL{%bne|j9R8Vpq;$nef1N@n6F6tJvY8QU#%_eUNNc2x_IZ(X& z=RxyQc|)I+Vf#DDm_EXgyP};6Nx>xdihBo~odu4U6h?#8fom5sS;uSy7KmGgHV!Lv zSfX-NWb)H-YS^>P^@)_{aGl02Qxkmn+t@fczOQ>6NOl0(+oh-5m9=`rQrQR93FIqH znG67CZ?j}kPVk|>+!BKP-ED-X%4S6EWTmCwpcqZx$P7mU5hW}9b1&}fY;?MUe1Ahv zmPv-!UM%3ga7F7@+|Z@>f-o{~2Z?=d@sp9EKtF@>UKywP$dCB1qFsgw7vg;m((3&^3!BhyW7f~`_; zfuKFZHVUtxQVKBS@C)DSWom--W{RgpqGvQE?qDWE3)kiV@)||xZk#Jv8f7Vu*0kzctB6m3 zym|hzYQxpV#6VG1Vs>0zAw;t@(@Jq?7fpB=IA(SARZ7~hePZ+d#+9IE(=Ulz_40AQ zCK1AW9ZK6Jh#{~0sbpI=tpl@lqP)C{Ydv`kbFm@1yz{@@f|P+|WZhN`9DuD)3e1fh zf?-@>lkKp#b&1MA#NLph1TL+u!tdjSsbcq_YqIsQb2=Nl0~aH*b5E zrE+0#P|-M_Ou=ULL(Tqk)B#LFisBACAcMUnX+6J_+E1(EpM_DRa}41al4MKbJFN>Lqhy~{gXy!~+3~p5D znGXJf=kZT_R`)V57eqL*yL91fT3|PcPX%bpGMjJCsz&Z{0AQv{zj>Y>2Yh;+uSUMU zwF61Bb{GzA~Ka9vN*CD*PtX()c`Bl4D$Dwd*M_ij(~K z%U~srRPS54Ge0=rCeW4KyII?$4QT>K0Gvo_%9(qP_X)DB8>tOI6;HpuDgYSQ9@(0s zPl4pCq?~~3#J}*gs{pIvJq~uLqCyjsODKkpdF^c8CwWrU+jc0{ibE86<6L(guhr;& zP3aY~H>&n_@B&Ea2*ntlIGHed?1j)?55|`WAH|@1w?O(X8b^?FcBGG2JI_U<= zurDrym?_N(a9(}JAeQt11x&#H1Y5+(DZ zPLrY4!{h6DYXvXm48t$4nHNk^_q})`%sThezjNWL)6)KQ-%&{;C4H-iN9v3*y#%6l z>XwJ}7J~uoyMb8q+!}0t>1I>s@wDecX%A%?Q?FU0;(k`(Ocs;#0uQ#vU|-q9AUK9r zs6=0pI_0AS!Fi;4OLed&^!&7!{g%m;_r?{HMUcf8TUq#1qxZ{7&4Z0X&s16bcAC`ni;hl85xSaTS<*P*mOFZSEjA8CQLnjo0rGm25InVu&O)z_dQ_!Tr$;mLya=ng8Uez;-n;W-TK4ah- zb?AkZC-S3`4weBJJ(-E%so?9^-vjhw{jO967Wk08fQPBT83S?|&#V1vGk%WMuG~;b zi&O7wu*RoA3$aHVyx3_)=wHR^a#zP1>o>s;FZS1i>jS1brjcWQE)TV)4W(u?Z9iZT z@eF@i%kmuB?AR(X?s|;fHQ21$F7^(uKNs_!xbav4E^o5dX5qiA!U-s7l$}67x7`$G zb`x%t@axWzyyZ;YfTJuil$u+skkx9=VrrZ4`=qIKn|5&Rig|@9N>Cp7^QYUZRWUeM zyqVJO_5N}fN#A#(h@l8^B5M|3psc(Eb4qfD{T=xI5JbmAE#++bdWbg1FOCHLAX{g- z@=^GO%#4x-%ruUr7beiM4D3R{HPmY1L2wB|d3H=rBUk21u-*-_ZwiBxB$q(HK*e@) zN6!H2SNwcKyxL*k4hW;!x_{g=A6kTc`*7tDu~0R=o1WX{SU#e)y`J{bu)YqNc_>ht z@%|Y_9hD@1q=3rBu+*eoN@0B-5y-Fxs(jSpu~kAt&@*sVK&Onzc7;}pQ?kc zi@aQXf~U;NUfQOsORCG~o^UArx>oj5&7DZjxN^uT#DJ7*)$C<;r_i1C#8!^?h&&2# zS%J~~SQcdc{hi(6A*Co%qUEmsO2vcgG+My% zpT*VMHm)T{c6-TABAG-MA4z9#fOXl!9v7#7wk3aLj~1Mq%wKt6##V{)G`BYBROHx= zs+{eHpV?~5^B#kMCz(EQktE(H6au$PvD^97A66Bg>;N{ev=wGh=q(!vQrvkG2xJ@f z2_rgycb0bz6-lTv(oW-I!Q+UojF~Ul0gwj4;Lid^iyZ?M9Lt%`9lj>-iRmda!l z8*L9-l>02S#Oxb)N_%L&zJs^&xJ8ViV|O&LgK|O%S0?n>P~#V)6JMeyS{F2BD+KvX z+WkyZZ(bJ-SX>#6s5tT|zrr*7n#$$%Baw2s-l@M_2_18#eMTaQa1MZQM#BLhI6O<# z#Y9mA>9^x>3LXd?XWxjQcIdXOl=0>{5a%E4hp&vDsE{-rbrdQavyo@Lk{=3Qy}FR} z9$ebpb1PV00z5-CDR7dxES*F$qp^XxyM(Icu3pQaFJHz3N`)|$>s#@#$%lNBe7vj@ zeSM^u6V*d)QrJkg@S2?Gr=_Su1BkmmuE*U2U@Ta5uyxT1UrNV%MG(LNlfg}JfQ_7BVp=fLLGM;UPcLlvx!f6#2lS{0BhlW zK{7bbpN&8uHcGvPxMSf`;aw|us@ zoAvwnZeZ?;1zXeURz*Ica;=efO?L5_&)h_M17}M^n!%2<6LyRB9@ZI5R9v9ua`rXe z%+bZJ`M#rCzARHAT(w$V#6g^~7#EpCP55=5*B`YB+7GnUwwKiPP!1b5#XX8f#6JtX z>(&j++*hLKOP0)-xAk+gc!>QqkCG7mImN+1q(KNEOo%KZEMiXkg269PmjykAgx$tQ z%gevyFhJ6N*}K+Z+X^{2)EL1#sI2PJN&p#Ikt-b+0B@AOQswgwtNhZ!*=xc~@_xrk zQd61ptUD~EyNLs^|MR!KX+_A{zZ?>*47YJC)78qBA_gJ;K2-q$b+v}^U2s6jHURb- zXOhABKV%6vNj2uKrSrDBd`%;KFD(K5T!qGy%uEAhMQ#`)T}ift%)UbR z$@ws-Jyq#2VdywiV9+}!L5UNcG8jlT>b%2}X=+hlrsokaoa>~e-QFNB@339g4^>(> z_5t(w%dw-g*`983kqFyyLC+duWt56iO_yyhfk~dUwB1n$zR$m9%IgbGG!0o$gsk2) zM@vc1O?e;)l5y{zx%?r;{;rJe7N4M~SnaY3xML;bcL*)|4-M3bWT&;qi8q ztBfk7rnRBaL;vXgXm)viZ9VO7;nKwSh5#k8rgNDhfb)I{L5$;(P1UIT*k~mmTVqe2 z5K3ooS|ogDU4M#{WuPaXoy=^zVjy@F`$wWXx&A%{$nXk>&&~ANa{U$wX)giuXxV)m zujA2XGlJ(la)@zy8hjIV`)TmM1uAui{|LFfo@-k0lvj%l;;>&Zs6+uz`vTVqla;Xflj-)IZqW#%yl7x|AQAH}Gji zWaUkDIj4DC*dABT{h$28<_wQunGSyAGbKgk@TjcVSjF==vqz}R`u}67i#zFAOtUY4 zN|OKd;6BA9GufM-B#c6YQQNpkbngE=GW-v|ycvQPYwEel{v&+)&$4o^S^B%W-F*8W zQP6)7_Ww`)zXIWAxhc%|zu^`j9?ncpbU!C$ul=1UbNWV8JX%LK<)2I%vitWC|K!g+ z*H6Oyog6}@K>Po-CIeC`2=<@F*|VmY-Dku9e|D+=Z=l`%*SNI|-3j3mmWAzklieTI znn#ut<2GbuPi@oGTZZAAhqfTMcOoa=^(P47|UR zK%-09U^q-;S?#(`E0*_Myz^D6salU{b8yk(;N;h~fJ=`(KH1gJ*ST(r53fW(U*{%b z)MMtE?V8PdbDD1v$Xk95`BfLH%GCr|LrD2^Z!Y(+-1e;(EjMjYV0xjdX%b*J7@xNL z=%D$&T%B&azK^|sD>$2t3yvFVf>Jvq*bDa)fSSmHAApHH?%&O9s7!PBya2z_a)^Tl z@+}pp2miX!4R!Bz{INGY2E{&tSE@g~lMA>nq2-*S0i1rkdIK>e`qwtPNxM<2bT`K% zEXVtY_$Vl7IL+-$3d5#GMwY0=)&>sYO3AuU%D9k7QH~O+8WKUf=}$325@yB=hQah( zKZ+~e_n70T{4lc(cEfw^cMtrn;amWlsQ3%hhSpgrgy8cRt8%C)){lG3X#xjN=}{@r zpJ}n1qhTDUYb*>8<2X)D6 z@Pl99x2;W=7dmV7kTl6qr=RtT%+iKa<0TN6q3H_Iv%8FBWPJrSp=n~y2~07Pt771I z5RNkb_8}-wa#XvX^LL8PEAI6!Qlxfexiy!XD}m+&QT*4}Vkz1)e1y`gR^ihWzk>s- zkQC^qBjP&f?0dTpIc%7a<{t2Jb`(%*mHjRDuVXxfyHHuR)jFO98DruTTAK$}6b0&e zsZVb>@P(`m^3<;b)5>SZWSHdi^NX%;e_d=3R_oR79rD|H^NqV~W+bU~Nvq%K^jo2f zSVt`tqs1(Ub4V+%RzbN%b+l|hGk9-r?_{qz^;Wl(ew0OXSX*a2w6oFyVb7V}>4WFj zMEQt;rS7eT50G*`(wIJ;l1-S>mDR_fra^WJgohmkuM^(+l9Ge!>@kalDa;4Y1K&_U zntvKm)W)MeNoKd4$r^JK8$F9@cfN1}*wESOB@St>n+y+{=J#Q(t>qdTnQ*<7Yk=eP z(ot85mC2r&ip;U~=38vm2ZfC})>)~3N-W2ka_oT9qL$hoYozRlmQvetygwf5;taRB zc6!zqrgQOm>)m#v_hY$dm&tx>2Y4>ln*q~l)Pb$&Mt*6O%JE;qX#yjW%@0zb9BSjK z&!pAFLD@Ej#23}+rY1SfF*)~#?n$x(YPO&)u({MH!#<1F&i8t=&Vej}uAfyOrBiQEpK@+v0#2a>2_`*F1-d1m!Pg+9A&iy&-u4v>6<8 zac^6v`|6=vaQN|uHPZXhmNH#8DyI6zeT({VQkq#MMjidRJI!4P{GxWkJ1v!>fgce! z-xX!cH9SXNE?ht6ZTg$lw9SzV3>P7M!s)9iL6$<9fPhh}WKAN4A=7C37~~GtUGlpJ zD;e1rngv|!j2}MawK}c$wOnpg(#!eBS3rk(+g+AkRIODYPg~n+P#)uq%Dg#qPu~m&$9RaQ zft%}XeR@9xA8yR|vgyIu!W&oaKcLdCu=9c)n=}6PfW?#RPTF{Vceh9zYX%uo?%i_! zeP!U=C!X>SVk~y$rk0Q|u93KPjJt}yoI(w`LDjZ#uO|+++n{{QJ!vU2S1$n_r?Rjo zRojG`BMuZ^f#$czG>N(+0sB?J^LY4^k#C$XUrg1E>R4r+}v4_Y8(h_!5a`11N} zctVE7bD`q>!AXmIBvS&uA%3QVE1y8R+^!{3N;VCu!D*(P}-Tk@07I%6ro?OiWzK9%aq7zJ!J z1lXS+KRWtYyBZzzvDmg(@F~}B*NRhaW~4Eu{#KFse9NaQy~N{BxJ8mnYr_k|Da3d) zn15x(sj7`*b9?4PW1gj^X}L$cNM;r&Dv$zfh^3lsV3-h zGV@9#2=iC}?F8ywGjc@y?8g*(b6{Q#XfgR&EO_etv(1qKDT!G&YI(xhZQoJ zZ9W*Y!{_Bs;2kNe5=98x9~0UMy*+PDr2@5sNcyh54zhhV4|d8!xn!rPW9eSo`4#`T z!nUVos-E}0ZoP6>P)c(mKcuFYbt48D4DwXUYkjw$-=0K4{c6dS}w(u2UPG1jRL*-Q;A<0NrkBJVZ3DDc{eT;jx|cvXr z+|B-d*essO8PoY3qJ(_mgI;w-X!@%iBfQ@-H1M$l9$ZO=)+j6##>cA#-w51(1M~*j z+RaKO&(j*`dd_zpd;W#1is`~yalG^0we<>DHKav*3`g(S>_iPy{WsE z>$_8^uiK}XyMZffmH2T{g?|5P3A&TjInmlnK8y@O;v6SlT!^2o~d=I3&fyr(ToHnZxkj ziTHyT*v_neZ_sqTUIQt=m6u-i3faT5#gj~&GY@)Osy}!`Bvs5~*JVeGz>=~tZBoIN z(fB1$N$I;xj3#(jDs5w0r%l29SI?hV{0He%s@;w7r1rEaLm0G?4TqVMk5`q!@7MtX zS$_#~(f-HXZ;J7Z?KRS2OP%r$ z4}7b8u=ULMOM%DFwuQmzZ<$lR)m?9#N%Du46qqF=8|z^N?$Cdw=Ogv}^7jE$JsZ3y z0w_loZKy4p!7DjQot}#Q-Iw%BN0H=p{&U?i_`jkitaRaFy%{Y(ZLi_`d;on|Vlt zdYtVMFFckL&eQiG7gZl`q!X7RXCtQ&7PB4k`pgIwf#|#cI@pVB_7b;~NWCF9uF-v* zLlPy|dx>WbMdD*m{~OphoN+`X%1DM6C`rLKk!wlKY# z-TA2HHu|(jz;dD4jb0B>iKUSTN_w4tHIGn=*zp!2$YHEy|5QkQQy|Ike9|3WTH*9_ zd|cn$Jot2fm2or5s9W?sVDolEB`7D3D`KE)Q;ZEUgzlVAX_+!g8wOb?i*y9J1&^(M z4KR3wdW5?4`)Rc0+=X}dQh+_SdTA9+A7(1sMAP)u&F$1ff<+@3F$t+VHfhWAqN_rq zGnP`}!1uWZL+c{-~;xa~CDMGrT81_I}Gl1Y)xpBvt zv4e+n(qF3V_^O;|W|og~%LzXL5s&}I=+6h6b9GPG^e1;^fO|`)G4u&;^eqw7df8GP z5>;yQ&{-qNmuUxeoiy9fj9TY0ojpk|xw(^%CpkMt<+be!>&G`QggSKJI_^Ol z@53?cnOzH%fMMvyAf#g=--=YsWLzFpC41|lU1MPG z+|6Pk?nn33dM{nGLq3S&0xQk4fN}&vNOK9^5Nq7+wNLgMqL|%6G8ebD@2ni3qK+}b z-5(|_Z_8K>wVGXeKtINo62IUv!#=d`0Lp{DSV(ZbV3lQzxd2wRJPmWJD#ObJTc3T8 zy_MW_nX5YM-h~84dL#OLzN2naE+UrSthIJwx6Ruw`vf*44ozHZ=znRObr5x~5eIbl zwx*@{&V?Y&l1VqlR`B^WdmhGtdJ&TJ-$LO|sx4QDfBl>(S71VW&CK@R=Jr}3sQRFK zihC-Ph{3lZENfo@7Lox|?=ilxKtw;wGC24`(E}vjR?{%I-Qm{3({T-m-1K70ZLL_|cqDCIUHP0AH`h8l0v;Yw@1=3+E;4iYm&LSO0qjuQ!CEqg_7uGa~eUf19vver>Km@i*X0@XQ%*G3%A3wBuh!#>BB>Gqk0J}}aI zb*wr(`kh>u&}M7Oq?L9pt;Vk1%!075gHt(;bBezvB53s4$5b(36==yNt2S-j?`0hS z%sTx*9Ud0cFNTr~K;~S;qZz7H0{rm(Tex20E+-p=$bPcL$4xRdt(;vL6u41Q6&4rY zgDfHA(@QJ4Cua@#?y_y_yp2{mYzGWnRw=j0DJP6FG1k$ssBD=jI{u4Q(zN3w9AA_I zZQCR8HWQE4c3TW2GHJ_r){NXGWLz&~LN36ZO~mXD)sTru*zEC$+fo;XbRd9c)Auq- zazUZc(%|mk@h70M-lOxVqAA{-V!Bzm)(=&5*h+u&IAXURwvDv|QD?gitx}t%@=kX6 z94<`|PU>Tt*Q<>R_lt)daL3!@o9^dJ4J$u4_UkpIE^T@6O?4=>wfJNUNK{(Dk)ao? zsMQTixdvpCJjIUp=0P@4s5Ex_9Mv&XxZ0=ElH&w$NC!1~z>)P;?$fIqNqRshclR2# zS(JE75U>y_5SdUny;{Y3)}N{8fcebBy?KbB0ZJ0~gj$%+zIF>lQnS<{7qIa&SIO-2 zPeRA_#JHC;VV{6dK#NT@%^J*}h3-|sPNQ2=;tRTmmO%6a`!%xUm?QL#1eiimSA+eb{F zWw!Off+{mQh2tio-b(!$YIEVtv}#y0o_{Wp!l)E#Qm4)@5~uFNGAX?JTfVb`=IH6* ztcYMb2E%57E3{7=@BS!1oHHYy@+t}QFmIF#(7{A}?7}W2MIZ?3%^OP)s1Lk#ecog- zsh#?pwFSHSp6_m)6wm5%W-y1_atW%tX@n_r0Pxyfsn2SJy4nYcwfS>{KXPWqCPU+H zYK;0RN3kYi#al${!?f&~lAG(Yr#(s?&MC^b$X;U8%$&~~056D2fHy(oW=_0xhDOCHc#g#q-1x5T2Y5|ATAE&yup*C4&n z7P2!lgA?pQGrve%RXxn}hj{eaRiu9G)|Zpb?22$?2YA<;ZMXWn;_%+R?dN$MYVZ`7 zu8cSE0)ZA0$e0~1W@YAkDt7hA@%v*QZe*TrNfajlE{~gUv*_>_I~cO|*;$EBZ{%u; zbTF;#94czFO0Q4TrPm9}T4pIr!8}|bk;v+j25hLgj#MKSD?mX$_C5{0Y_q&<$$VRu zEr+i$Hz)YtC=)8Q1H0uoV_rX(1O_nH&r;piHtHz+az=}sFDSV%eDk&j|KR8O&BX;I zjQqot;1)$sT-&Pqz!%PAB9(}*b#VW>+LlA+H^E1+;p!GJ)i$O3u<@j%mKAGH)KxEt zS~5C0C9H&|!a4+PbJs*?pZG7dZ?)=VS=Q9-DRiK5ovEw7qKD_&?Hr!-*+Q%;k7PTO z3Ze(P5^4O2`7cK`ydpMJTNW+;aE#!Wbt>;_55re8|WZs;)6*_{{FAN6?*SjeJIx2)Te z$Lg)fSIz&ZOqcy*gFFP5?eS{tzmhJ?cF%HiGkGK8HntJK&wzw~-$fw|K+{W*N9C#Cr(ENrziCp53$0rG| zlPG1bE=h&lEz~6G9^^;NhtWA~!s}LV&!AShRTcA5lH52Y>_J=}5L>dIZ;&2wfd)ZI zySX-p2~{)D9CZdm?oq+s1tL2ta|3&^Tp#!><7`olvB#r~T`>gQ<8j|^vuCf}>Y&Z0 zYZ=-ycp#;N@8w#?1`CH6bx1k4W$BVa8Q;ezMW3YED(xshNp>v#Ahe0b?bt$64bFC~ zzJxB@${xb?bb}Qoc^BN;1x#g^@*2&Op))jiQ%tf{mee75BE@Q9yV)6i=@BxgOmnKH z+hsvAP?5TpVJj8vB6G0cw$`=!BzQadJ=B9k=?o{42Jka;Ak~AC-6vkWB~hWAy=nXQ z?JBBSuk}E>tgo%5b6z|^vzp1bq)T|~bJyny=FV4hDrq)GNs3^&hQRK;|;KzONIfm!Mi z{}Qq7Q5PUI3dv2f4qVPxvi7o;m-m*JiOu%XAug?)k+xhak;0P)HU)5rMBpCBX{E>o zr+gDYbbd;19%L4xxR4m=92BH2eNfu!?W5NbC@n=WAf9|8d@x-utDwfo8UhaxCvi&# z%((OAN&f}@6s*}q`o7oM%^RPiTP1e2+Da06{$+dISAiES#l~?}prOt4*^Ne%0nr|f zZgD-$aQXIGmUO$Fx^V)hT}P^&sNt_qhT+`yqG{*cUClDK*YfERdcEHExSUzX@;aZ& zSD~pLV=fkn$x6}AFXl#!w`QJ~Q6F+f+}lIW8u8`G$u;1+T%vx|QyT%+qLJ&GA?0dk zs1#t+G(n;zr|qYE`f!T?ii5Btx3e$NQ8{!AxQW5ksNqt}fSX@^I|b6EWNXxZw;5GU zcN106>q9wkwe8JX;N}*lE{0fPgg?XYjP4<>wunlw)*>f(&4Eqhd!^>Paeo^Jg}-UK ztD#>tD65Wlq*m+atp!C-acND^aM)emN5K*+nq!a|L28yc8EE3n#N!G+s~6F&TmYUI zVkV2lWWM}t!qLiETT#x$`?PrC3&n#%peb_xyB;``L*tWO1Ofyvc(uAM zx6VZLPWi7Pj~{|0IRMZu_$~DdE;wUMtXf3xwvRF}x$CQY95MUod}kRpH6YmAp-bH+ z`ywf)u;2)+hK=SwhYdAq_;-938W%C zW^2jN>CG~Sm&wp?v>zK0Rl+oVAKAzL+DuZg{t=W!s=)(G+A0QrYyoSwy@T&Q-frVK z$SE@lHd@s2TVlEB+Y&RhBO>I5|z&jj=WDMTWRN0g;jtg|Ir)KM<8|0 zeiL6uxXljs)fukp_l}f7@n0USD>vnC)ywt9`3Z0)17y=@oMz4}o75)4RIlJxPOYc? z-o10j(6;PHtuQ|r&Kt||PqSJK)&*D#r{V zxs_fijU?vf48@Af)dOgOkb@M7?ULzPHUeu>Po#+lLkjfwi1FmXl1(_N;BdE#>@+mr zGK++MV%Xu!tL;?pI0{+v4DN2--!D#9k`rb|o>o@=V>L*nHyWMWVMjDY5}SzL zdKWxRDTqxe0O10?@hj>`({(SRhG4D+_CP5cuT?Th~K{@Kl{NWaU zCsHe8ab<6wW@%cB>0red3jGm9x&PA@ln{`Ue>vr)VG7n~CDr-|RSjLC~$tmIZ zatS)@uG{Nv*u*)XX_s2Mz^O;^=~P1$r9&}+SP(S*-^#i2u%x!G-*6kf>CLjP*VJ1M zs5#`6DNdErcQb=!$P3G7K$64BMpFvn+14}kh*=u7GyK%U;Mc; zItDdkKQ#HMaqiMs!K%|y)6@d)td(fYk(RKBez@jrX!g!@F8l;-a~rU~pm&XdRhRn} zm}${cFm+YKH65@?QfVchJF#<@z6G<+-X+m+drQNE^PeX(_IJe4TRM9y$b)&feWFCm zT|URVW-zgsD={k{q8k zjI!KzG%Ks(^AW)AodquO8vYn-8P`^*i6i(qYcV$h+t^oi(g$AT-(;1CdiZZPKe50L=}ty3Z_mJ(`1(*WwRb*c2Q$oeL1m8@2Rx zn*{3z*-0Stl$Gl&KTAt;Kd`Hx&`PJ)8&Rs*-D0=A* z1jGG{+k%ugXw62MS)f#Q@|1 zpF3_yjny07ku#x_)YMNbFP7A|4-X5d!<>Yc&PM^c8cO=i@Icva-t-+u0HqCY9L!u9 zJwBSrwTQQoVMGh%SBHty8uI=bKE&a!ycZGQ+Mg)Vof$CN5iVWVk1VW@oB*~ET`wSdU-+oyW z-JiZ9-8TzfTE=#;?KJW@3AkfQu53m|3z zIUkmy=F65@cj35)5Z^;B3g7-2Nr8iuzN_tTWw;XZ{|cfReQS_zjw9G^29Wh#kC*C> z0R^oN{1qkscI`-qllJ2grvHIU=%*h#r0e5(zT`A6`Ha(dtmm2MdhN}bR267mXwFFC zuRmCdyD~7BFsf_y0r;U%@!)@Sh`snY?_!97b8o@J{r~Kiup{K}Coj8||8Jm(9zwTK z@4ydO>0Sr^@3H>3I{iOmUH&(zh|k)m1iZKlGC?>{5f4D!ei}7rHe%&60vOe{)7vV7 zWg*{Bmz6fiImB%u{ltCv$D^=Zc|S~@@GE$010!B~-r zi#s-QoQ(gn2e_T^kQzb~2>W4qo5aA`GzS#nX7`^uT^yv;YGUr+O`v}QHD~DB>D)tl zcl3rJjB}JF8FBh9pSoAzH})kt0T|NKfXRUR&<1BXlJ?(sDg@LW@O$S>$^a-SZodOF z*m3w9h?p?GgGp8S>yh71sN*F-;%>o1lwFZ}nXa3^N%8MZu1JLQkBMoo|AzJb;;#*E z+`+^H6=~M%C?|e{D{mSDI{FURa|Kl~Q8{VfHz{-4`b~ZOb9xmWI6}CDn6^$B!YHa2 z&O8@LYRX)o7Nf<2?vqG32PV?@z@Ma)7aBjEu|@UYa%+V*sc{CWpSb4<~<-BMz&E?u+2C@(~o@n zRn+|lv?SB{hPsKPi{I#fojU`!JZnG?K4mz}T&Comr zZV}j-)?~^O4bZ_ax>CD)U&7d4bIb8gBteE&+TF`X>|>6}$&SUI^wP+XXYMv=DjkAF z%uO6sPsU8Q{w6eQ-omNd8bKMRU$!9-ln{rGl0CMw?us1wkU+=k9`%TsE;!L7x%cSYtkW*^g)3<2ylK3!TrF{Ieo6L0SF7wt{E^xfWWEwyT`b?shURAGFCOyw%msiSBNHv4!}NbeNcSJv59 zJ@R|?{qR!uiTZJ?NrFOU_7SNqxuznVy|YVL(cMBKn-i~+*XMCU75%0ozi2l?AX}cV@K(Fn*eoazjW#1Nj{c4aqas?X^N)a`O?Z&jog>O^S z7?PHs$9;Spnx_4koV|-^_Iq)RbbI@L@RJR%4mK2-PB9!OY~o!!zYd4+^3fGho{Kzs z8DuaUZNAC#UU{4BV?V1wz6Z@|M)^$KvYC0bz&gFj`{t@N6w6bUZ(-CW94MD5z$);Y zof0+MW^yoYJ`2LUy8hJ+wNd3&TR~mfte7B%53wxKyJ{RBgiyt{IM^<}OAclVDXcw) z4hLHeSb1p6gN=`PO=m&#@+V(*s#K5WaN!ZBC@fL4I4!+$gZT~3d}#wTOyy^#)de(ud@6S8C)S&;(Sa;^z(cF&Va ze0_#Z;>9Mo#}(7O<8-_c0?)-=0DVu{;#!{#c*WGH-+@o_3*EO&Y{V_!;?{jGgDWU_PX$vk@U*mBx;; zX+IUEgBZV7ONt`rKT>$u`G_GANq(P#9NelHAvX5In$USdz?lmRG4> zi<89_RKMa7xgfPjT#lX}y%Pp{@=$gz_w8tpuIe9)d#{7o@m6ok*Vx7A9{|!el~B0W z(B5#if2;?_Q+UUMjoVRL+!e&~f_;>)QLQm74|PMji}#VwroEmqN}gW7S<)^uVVtb~ za)M=lsL(V%_<96k6$wkls7#F6~k{| zzV<=~e1EtWZF)oR7%2li4u;4W&huu*Acvl8Jy|8p9$?Znh7Dbxf|a%XnoYZ$D$M-Y z=A(3EhnB{%4U-AME;IW9&PQJ<>+G52w^NQjlj*OnnZRlRYlzsz6j7{rtFOV#)*;UNo5c5(EAIdsQH}9=d%NAv?fodt}LRVMzgr^ z^QVUSY2eW?hHAd#07?=2G)mSb?DmWOa55=CG;hK>1YH=>n7a8dp`+=5trTk_^Gn%> z2*-vvlf)EjwWC`%?;KiJya~UI!|pEIYOW2|m96dg>b$(s(BD|_WZaDzrMIObw9dTP zkecdHxsf)@C_kCuYf;}j#3y&%h#d--^j_O5L=L%b>G(KwAFf5wzi8_e9*TJHuSTx?siXH<9^{ShPAqBwwM`p1x-3QDp{JT6!@VE zJr_M%U!N*i_qP7DeW%*c2&|v!esQ@}=WAHs>M^65q-V2gSEGJCvBD0eyZP@0@l1Vv zi&zCHp8`zL=+^_FIk>bjuir~^5GH>BKA_*5t}&hYqRas#c>sqX`?xmoVmK*(iYgp~ zGP8{vVlvu^m?ANEAlaG<=ZK^;-g}=r>1s25=RTYcFM|-dxYk=}Ay8Bl`BM$YE4425 zP>wx#`*7{0cN_+bNos^fH^C_z6g2+aqaq)_xENvM$R|W|w3v+!2yyKqy1~!K?%0ZY zpbVTT0qULe9>eA=jMdXpPsIM_pj#BPx z9@1Wv@>h6obXTJ6!c-m4TiQ%{@5;me(bcTMc>9B zc3HJ*8$ESB>WnGyMt1CY=8-QqX|w5pb*{%rfd>Nd9<;Oj zSFTiT>oSq_jP8!;CZmMS(NjAod#t*#q7gKz$q!OXJCiV zI#PTAw*EE1G#&$z))Rr)OyqHtcdSK@AS`NP3+kE&ur~6qJ#|!VaBwd!?s;}SZ!*9& z*4;dz!;j^x5)qv#-A)=E6wj9GK+s?li4=k_s-C%?L+J-Y|le`oe02!+nL4^`rH zSFOb3)B&>VDM%7HD7uYUNu=<=!yi6 z0`%egPn3X^W~~&=wl<99uF}W^q6y9^h0OUcoFK+ksKt>>UfU%SqC;Gf7;%ON4^tBH z%E%u6spy%tsJjL|%d`_7zSYv*P=HTachiShm9VP zhVff{7)P%$GAk}%vRW3p(%Mln4P-ZO!nYbE@dEMujNccN&nq;l;*FmtXmLy!qZ8+^ zTH%sK?OzEzWG0nkt_z-CRqlgVa?=+#BixaQh*LkT`ro~&^b~{X;yhjGK_rG&z@<%} zG0P6M0}+$FE4x$-#j6D{c2>3wA06Y#&cL8&UnD=z4)*`2JGbjG9CT~6&MXFdVgA0V z?Pan+A>xmlS!evK4MzztrIJ7^#fl3~oAgVvZ*OVYCaeVb*T6UYFON?Pp^`CB^5{v{DJ)fVPY{_j4zTI{j z`pBcsc#GD!P_0#gt zis!D>FFi_O>1OPv{(rmwEj+c%ar^)2+*XU*X>$4N)3p!I&gItvZ@$dU*~_VV->EKv}&6;ohtOX~WbN18sv!AkeBFyd@ z?)_8hPaz?py|-`OxGyBM^RkeT@Z~>#1Ma9i_V@r?cKF{nye5S0l$izo`Q7!Z$yFht z(pb?ghn>LxyPw{&_7@U57$ErFL3=Fs47hnPz~EuP1E0qMa0fpZAwxeG7jOS3J^^+X ze*i=H;kR#GHGgI|#|;XWp*qmH%-AMVbe<`wx-u|z(k-nbdg8T}P+|8gZh^02lh+`) z-YcuX`i1$AD>oXxME%k7a`w;rzeUI&JD7O3S^h@b2bZ^TU*5jGfmLZs{{6<)L!?8$ z-#>ZAy}+#PywTN{B)dp?;lPlY^y;~kVMpK59gBhF=~FvK8s^$l)YN8(uAS{r$sGX6 zLRZ@NQ@207&R`k~ZV2sHtA}oXa15{7C-`t>?%%H*8waEW{FGh?iwLgAVXv8jt5E$u z-(!O7^MSvx!pX_OdZ^i+oXF%u_X4tn=CghWo@5=M?lAtc$s+T)EEJ!`TVT!6FI>&~ zd1J>L#|o4HnmmBzy%M@BGT)8=^6dVGTXNdK-8(0+!e^*CMoB-d&=Ofk3>=2Yz+E8+ z0C6jHaok{2!T4y{ZUA$S;Euu9^qYrH|9hC^ZhxtJ$-sYSyoSa(O>(I8t{KCdH)$w7 zvU`ug?yT20u11U>40|kzzIIez@0v%!IvfC(QgVKf+g880JoHT?Ixm0zH=$&cUU6!} zN3cx4p`l?3xZ05~e&^uMQ*Vq8r3OiS+H*j&&PGw{X}?(VWfCw{;qQqVT)3B%X`NuG z3ovwfqvq0wVe$vhtnW9vt@R(gdaXc8JV?!pvrC@i#eew+lLC?`B=mT2rJfxZcc7M^ z`TM;mSwD-=XRp`C+ZjbLdvAe^Vf@=a)&u7q(i-DyAwojso``V{AWyAcleKgVD1s9F7NG7-_S zLnz@Ixa555>DT)1v&P>=<6maTxKD5M?zvAW|Ij!hto!2CEr>8K;NmEyZ0Od>gN+1Q z6xXNqk*j?7yBcS{M%p&9=^h^*e-()AKMpgwu6#_%c@?i&@a3GmKX=p%!X3n{dZ>Zu z_`&lwnH`6g!sc@BEt@AfcrKJ@${T~xZMh#G%Re5-U96uLdVc3Gtkn?{@p}4uk6Fsc zW9;48)yqGgYM|TFZ{@*o(3RLBQ0H$cE!sU!t3J~?=EI|q>q(TZ%&HLRBj%g|d|Q*Q zt?J^XfED~tGRg%TgiY~#e(!m^f(>auiPtEIn}V9y#;3gGX1UpQ$TFTl9^_#^YBE^! zcVY)Xd%R39>Sdgbx#i<-nyH+8Vip_3oMI_4ZQ*+lJHru`J{}(2I~!|n?o1$Vz)^a` zz2?ET@};A9*TTwMR-x`YEH!YfuKd6|jyoo$TprB3*J+E)qd@3wyHlG=jTiuINjyzh zNHMI+&f%iTe$)eOj+Kb4#z7_9AcL&cIA0Pr#Khkfbvg+&*?Ce^^JG+|-rBW|u^HmK z(7|i9W>pvaDDQ8Lpv&wIx@mQr(QD3X1>df@I8t7BtH|5iuD7R{mOk%OVtOQPbE*l_ zA*mXaDju<_cOgD_tgw0bqc7yG=){(%R<8v*pI(C+fK+lazV$2l?O5>fupJ$NKE0II zFOH&g2bR$l`sJzqBhmbxFu4MnS`Z5C-2R4r7$3qCg*cdO#qpDW))Rc$d{TjtF;b=z7V@_^ra%kFg{lt!tRuw+@h}Cb-7e)mrVV!psy58pDj#z z9lP$;TOCl8sWs;a(323uEWB-Hfpdp{j(7Kb+NQcOw7$1CPMDcgJP>Hf)uE3Qq9Vt} z3FB6GS;K>;^;co4trkgR|_T+K3vIR?JVoR0(#DZqc zVK2hoN-K-eQfhVhl?p8hYKaUoztVkUB5#zbmz#D@Gil_$?Y{JkSK0JQuvXF#*YRd> z&F1xBV`Lhl>km!r!``xG+@g|a#luGSGSSMyqS%xJTfIuUYPPB6gxq}59^0ohUg5&` zx0r{BoW3XXfYu-+6n`kZ%FdQpeBtnVblJ#@MDI+f6y&3nb>08qYY^=<>qZg%PZCGC6%d9@~NwXe<9*+hO{esSUG`qC%z``1ojebV&| zi!J(ZZB?|-%!or=_O>`b zJl<#V4qw;;1JhCIR1x?1)q$_FyNCh}0J2hbtYmj;S9(@ww+>8|cuQj}b!)F%;v*6s z9rfj|tWM$P3xwC!YvWUmhCMj$1t!z3*+;0-xDH=71$LtQ6N1K#MfE;di)w%(2ezIt zcz>5dkIxado&k%ea2bRAn6IIYZ2_c#l~hU?Dy>=ln61`FnFHZVdt*T*HnkHKT#qOh z*wOO9PpKS@z3B&*L>3AQ2~D-~?&IU|qQrzeSX-os&6d4xTU9L#T?x;8kDK$|RI2%c z5x>v?*&}q`t@JfB$W->By-xO-vJxlC!Vc3=5GvTUE%h+tC3Yyyd$@{9dUswis|_u^ zx(`hwIV5ahTr`Ujk4lgZ$)`{VmN3TqUD62V=ssK5WhJgy-y0ZZXC9o>>S3E08J0e2 z)iaTd=&e7{|LKg~8QY*z#Hhq%|?yX`{}kI3dha-NH}= z?)~I5cC?r~QW(8C!aP5<6!{|#xcnXOTgHc!=|X zloKWMo~3ub5xy>0DKh0;_EiigU2nt4$=#~9fI9zJWNWr5gEy;jv0}z$38w+~67%UY z9;UDvuDYbMkg`(S5&g=+enCaN%%NxxNv(ze8POeGqOmr>x#aRdoJ0E)uw1vj%p8^fQ*qMlSL!7RH&Oj_{RVuy`yuI@^Us5v zf5~+D3E$Ux z3>@o4V{{822RHfN9;k zQ{}-8%6lzaz?Uj~4J;^y!~YEx4${;u`rATlL8+N7rIy| zr9Y-8XjVq}5m^OwqGf-J!1368LSWixeG|kOn2-o`VTJiiP7=fAlGNyM8_$)v_#l?}uu_qldzLTK*&L~BUc<1k zB(qy;eDw0r!GLW$x+-@-Q^L4?505+-BlHv_IS)3k9bSGxAuWl za;P)+a*=CwB&yiQdsx#GA|n@Bh4qd!3u=?F5Wl$O9;e7<*jwX^g>&I>S*_}z;(?5e z&C~g#8;!5#3ppA3$m3c^iY_4LWPH|QFK^wn9EwPF@2F_jHDcc{l=bO)_T#>xe)X^l zdGN_kvxWq1l2uV{P}JUEO>Cvm@%Hh@#jne4Z(I$N{c{pN!jL}NQ2TI*dt;swH`CvG zB9v1V=g%GX7MB~_^Ei=7tewhCld6=vgydbDez|qAdeSA+`YSIuE4S7}*!6elbL16d z!e1B{b8u{7B5kiO;v@erc z=#TUOHhyQwYVg`QZPU5Prr+{;y z;g$vX+9~Vfh_PqVDA}b@_xZ3mOg2&>$EV~=rBctETOs{On~jH)bSYEDv2zk${z`dx zkQlki?r3gF;;!c8c_L*b_@m_Xq$unYs!bVJ81LUkoAAC4*7%9@EmoxrLrweTP2VLY zT^?@I#c3xEIh<04#gI1*WkRwQ=l?b_>gc<3B^O*gaz~Ea=Z#@KU>sr2&!2lY^*9zn ze#-eyQ^r#)M{8WZleLu^zWLm^nsDjR09qw}ED`A_UQwmlP=u4P)j#lXGSSbkwon#R zgZUB5Jk@#50i}2E0X>&-%R3q(*CM0;dHHS}HiJ1a*@}oA@JlIn3Npu;OWTk&?jVmn zPD<|2|J-b9U+H3&ZcMQ{+0g3mjdviI*B6)|6K8ae9M>Nmv}0t74&lG3z8!X=cA*#O zc!LmP--4YyP=^52uHp;12+~yX@4QmRyrQmZ9@@n-l;eKFkd+y(Z3Fjw31yrku_2TV z!st|W@~_tJ5|t8C!^6MyPVM)78G-b(h6q;Lk9U`CvhQd}c@M$NHLQzfzrNVpDgE22 z6VlF{?|P(XE*_1;wbh^TS1%rTHNUhn`Ze$2=l;C+QV*4q2F0mlggMtU&MT4~q}sVO zv)m+?ly=?zpn*raRy?KuXot+POYSD2g=oXt2e>wiJiPloYsoW(P^;zLu}quzPTS)R z=o0X=Z@i*x;iJTpBwfamcELDxFW_l>w4*I=Fc5EtY;9n&tv^G5bGEmpMDLvsDu!0H zd?mXLUnwZRpHr zZKAfp&jlItDCX20??5>H*Bx!&UNbeME~CLX=lvy4*nFiQn^JcY)vqfxfH~9F;V@c8 zy!7;oq4w4*N%Q)TAJ$2s>7kdxTfciBuG*6NdiiVH6r5#lZ5m#q>6~;`)bQL`r_}r_#znyq>N_AMI@wNNWk?%_*&Xjr4AgL`l?QG&_4xv9{ z%8xlX;oMV{nW&RhoL@` z>ojG!)GL|qF1~jOoZ+mH%IZAK=jW3iDSKJqzw|y)q-T#I9MJ)ml7cC{PQB%GOyaP# zf9AVI_2xe5^sGNL9**jZopmTyms>4NkscYYrG0Mt+bFYY!T!~L-qAPYs5gUtEnfY3 zhvFkRh+FKS<`_dIzh~2GiCr>7gJq4MZ=O`_G(x;MgtBb&DW?})9uFSrlt3a$Oj+w2 zjs-VkLNEp~Xz=3-9rd4;-JLIn#;oRo_Z>>Aw0m(q zv68bSlE$5Bc(+?T5EiMJ|NZ)l-mnGl2Pr*ME#@kP63xh_9bN|4>@1A1#krO4QXZ6l z`QZ~?f4m$Crk#4<1`hUr=q93BQPg5Nx^J+^rXz_iI*b%*;C3Ufo0;b>@&eWk;EU7jlLR?(ZOJL3K08tt<3EGnO*yyP0$Pdd?6Mx#LoH)dC{ zv5>VEb^0vrk!aBX`J^eIwxAA$ zAkEio7QPI*;4qhCF5BKyDep!6aq&SblPP{jy|d;`%MEN92k~Tmaq6zEVOm#0UCdz% zO*(#U@-aog!Iu0ZN_@W>w8-rw`%1C@;n3RJp{|@a%@<$|ve%hG=9~HI z2uodYy-#9ZO9GF&pPDeM_>fERR>;91j%4UZYB$^nqACzJJ;Leoq@KGY?>%xksp~J^ zOI`Ff%|n~7376Y}pev#>Wfe5`hqvIFGfS&{g*rzZhpdJej9X~`Zjy%X;sh#SyXte<* z#TQAE)$11T-)F=keMC0~)ef1+5qXZ0@V}F#=4UGd){2WEwNpQ1Z}d8QP5$w1_B=Z` z;>6Qbyrss)&$Bt7q9m!91#NRr+vX#W48iKVO!@uSad+o-UH$Q(=vDW#1j5qCXw}mom((MCogJZ5gFgoZww}DqWTQ7=@#jXzsHr?zFlzyK>k^`K<%@N19huIiffe)e&-s8NWxjj5{vFD z(G=L9)?x}5VaSnDea0{57!bOoxp$avSjwfUSUZUnT{xE$6XK4CRQHDD<33o@)y{#% zk5P>>M*|M*%sKYwq=efu_caMqFqpTFuWb454RZa_e4J_}M_k}Psh;Fms`x%W>#K8a z*c@MAkz>>Vok@37FM;nXHOe@WKMsnC~FIe~L8FCkU&AcdQ945Vgzc`NYnpYl!zmkkj0E{2Yx9ltasEf|B(P-0@tynmuOsioucD;Yi z>~Ht58eE&`u)j1&UMm=1?gJP4P9G!cN!35gygs3tI)xSHgKmf|JhWx5 zkXy9B5#jTd-qr8Zoe}6-n>X^L^9t6VedfG37z@I}c@!F)^JVpwG-d_!!dczUclpg1 zQm>A>CH*W`hJJr!VzRi96WZM?uH7`q&E7|jOMqqNK2)P9*S=|K{WyB9q_5j_p%T~T zT@mS#1%E}offnRiTV}^wu&k-JB+1Pn%D}V>4nec*iaK9;GJ9bUOaDWQRGH`eLi|$a z45RXRw`=0h35Si`DwCb_w`AWBo@IPQZo&g;_Be3*t|CoCi?$!tw?*y^>*wpPuRRZmg?nW3X0Vvxg^lUW^f}Mc-pzmX z3`@l~YT8Wvl{D%+GOP3JHt3W~O;v3UA52!yGS$mlvu(K7`!%8blx)r1#-T+!ZZ|HL ztRX*CkTXt5-*}cUljj7_bJuJT6ftO8a0x?Kadbn5x)r0e`x zJEQVC$nfGsqZ$%-$N(thl|Az3+Adt|J78Sp+aNV_eA>*)|97CV&a=${J;sv9Q4)Y z%t_oc8w>xWq z4z7NBIbOQuq$c){eXH2?qa`WzY-`Pl;Y0CX|JA4%ka?22pE^VO7s9;iMzUC#e`rot4)}QiRb%bXe+bFdC{>YjWZ2zZ)hUFLHPLB57$rt7Tu0s6Rr~ zQrG?ipimDvl-EHg^O<-58>E8nh}?g9H|U;`>r1=jLvxd6Y9+d!z0Vx|g|6i6rz%C| z?jDb|xh%f&_0uDT@YL-#*Zf zpylIZyP*H20rdY97L9GeB2POu>%>AHv6hon?z%2A7*l}j;=ylfrNt;;k{(n8G|GS3u|2-usomF}Rc2gEXy~=x) zj|GVs&S?sO3O)BT4g%X#dP=?0biLfF=W}fqecJjLNRP-0u)BJ-HSTR6xT4!{mY$#Y z9hF0Z=4_P?26-9kh%YAaMCyBhuDRgxqUwb2X!|@wiMJ6$%2XO(&J(LBv0ps8c+Fyd z#u69I{Mnq${@P5_E-Xy+I$D8Bz}D2%R(0 z#D(9;-fLmYA~xP}`tEaKR!Uj4l6bWO8)6sa&DF)AZ<(Ug%|8}IEJrJhdE97CP0x{} zYDaS21r5IdBFR&eRuf{R>hCg_5B@M-w9Ub<b-=$M{=g z-aa7z{k-|&m9#-4Z=5Eo_y{9YyS3=RzB}969bRNc;(f{In!*b0c~!c-@6_I#_t45% zK;&;3)B||%d`V4P;?C? ze#uZmDP2AaNI47^W5;!eS7jOW&En|2=mML?2Atz5AbkOTo}W>Zrk1431%v;lbQS5F zMb&Qf>EbNf@G{&uF7f<3&jS&aQwE0%s!Um%~*47)pV+Q2b-#Gl{ODcrT>v?7BUnUrwBW>!wd{{M!*s$Wv@SZ$v>sSK) z8+)%T6=_*Cf9cVhwe3~|ZQAcVNCd)aC~wORV@bBVo6?%`j#unSEq9pPAWAI;cpluPF|p+9nE zwK_+9T75?~Pt*DMG1l&O!6q3Yq1Y5TVu%9^(29koe#j6b%1K_4PD~KiZ5LaS z+#$%+PVKv~{@QDP-FPh63ncWsDT?mCa5Kf&%2UfOih6e?Ayx@b z-}u5gj4n`wC8td%Bu&K+xhDaANq5rplIpXKSj4NO#tes*h8g*k$Rhio;Y3n+j4Y6% zd{Cz=8EU>UEg+PRy%-hQRZsQ-nj%AAzV)=dVNL@@c)!6pYwIo`h`}>X|FdWuAF61A zmTVVU%K0^k6lJFqhGa?^!(aZaktS{Adr#@wN_3rhD#ZVx~hx>A0W` z)Z$sfW7NLiOpMFcrg+U$$R+f5IvH}>iqooNRVrI&{6CCxU%!gpRJA%n+};dy#_jUN z<<^{WL|bIet6^aQ`_pRUh@F%1Oam|##M|B%bj1*ic5rgEU&)Yctawv|W^AO00S&Bx30ZRh}L?alVMFOk3-Sm*o4l=muG+C!kI{2>Rafuzt9i^e@8W3xon_laWUp`-QfI6cfkn)wS1JoCR(N%i-+YWi$ z2iSSD|9SOn2Aq~MRTZ){d3&?`o|X@Z-G8o$t>)S}fZqG)ZfP0<*oKl^S>?_D{n6cz zaAZgp{MZ$(CqH&vaWSz4^Cx*sl!Xa;2*oWq_O_SpZu9g9C#;1jDO(kCZ;8|3Zj+Up z(`9d;lgpSXDLK$9N~Qn$%H~^|phLzuHtJlWWC?%Gox_$av0r_cEU^`ygq7^&vvPK7 zw$5_+$poI}ebM@rls>j2rz2F97oUzL&;EGX^=7t2VkO<4BCi=kj*GO63{yUv{m5wu1RD z6S$(hnKsde0A`zLy*b=@Oi@euA=0_d%TVIYtXS;1^>0=Z{p7M=q9y0HPN=KzIadQQ z@z^Dy@n)71#y2v7*ASi-r}EY*VJ3!CD+cPtL0)6%{Mk;b1lH<7d2)<$4Rhctk+PEG zB+A;zOqRd}`+Q8U-69!C_e5$0`;1xji1OixZjztPK&ss{`l5j&fxrHBGZw_@rAl&B zQits9SDvTJ9_sy(6&)HWd%rig&LEBcw%3ZXGUIb@NcCi1@%6|d%8I(WZm?rFl~OTZ zpJjNrwP0d0%aF1X9Um#DU46@Vm<}E}n`aP9u71)~(BR0KE--LJjQ5TEw7A`)&NgUM zR=m`8wQAP2-5IiWHO#1V7-kmKc`oFRi76RZWoQ!ASFu*4JFiWwTALepr6u;3`+!33 znru=6j+b9bv3}QnE<~?z`&&rZ_M1wJsAOv)rw-7wArsT@lL)>_G=8aCdjAz;-f>Gj!o+rr#aGk!+& z7GlXxW|cR#&yVDr9b;^n_u|);yh8%noIjbBCTegS)mgmpv0UEEBYfav!)~wsy(P zR}C+0*DP$WQ(R^%E>Mrk5#?%Z7B!ycS9{&=?JLu?D(8W36BoMCp6rr3dlS zv+&{>;Hrs3BNkpTt2BCn2D(Ut4Dnhh(jXRg_*kTwny1l=G~niG8SV&UlUU2NW0dI= zl<7+MWhQ0%8)ceW*s<#F?}4k%8QNNQU&g3UPrLg+h~6;6RhKpfe;5k>(709ZzTD;B zzKQABbZ_r>U#3YdqpZ^G3odB(CEH^!*t)j|xwnHT$#7~ioRZw3KFyI@?v(P+NKNgl zsBEmsZrrk0f9w=po!eMLYV^#%z|U{ox)yD1@5FP64z!J~CNzRAocbxr`2J)i%8Gtp zfKl{@i25{(n#?CP8uvwoY{o@2vLEE#jqpOQ&RH`>n68_+#pWvB70ia5&m%|2RHI&9 zCgAJLta~M>E|&UFxp{q)U5u8U@|d$W&)b{feg>A9wOi zcCo`80gxJx4mqk;oICa1=zaK=3%(~D|v8Ovkn8$(&_ zCJA-SEY>MY(Niw2{M~(#%*4DEu)eDML6m$W0_0EJME?~%| z&w8aJ>nk>*8|)L}6DX3Ax1FI!six<6sRAmupcgX0HS_i3UJ8=%OTF0&lBkJ}hS-9Z zPDY-DK30I^WI4x8Yg=N!#(gliyBMP|OM6FGHa_t+0O~L`X-ynq)M z)tUpGk`oVGBWKqp0YG6njtK78cT~{1V>O>wqRDZ+-|6RcKjy}}-?xU`RmJd&(>wET zyFj%_UassMOH0&DPY=1aVxp4UFhv?j`m zt~$xmOSV|UzSz>2WYfq_GH@)>*t`M!5sRp|D?S*6yE7+`#oVrkUYPYISv9apiddGf zcu@46Id#QSDqyV6(NRoo4|8zIJzr8|Fu0yAyAlR`%z(>LsVJ5R5KY*d&KLKZcormMw9EdlaqAZS^6f!&D0vA$_G@Wt@;UP>h8R60y)?zGfaAQV%7kiPFHSs0jRnZ6k6?ZzF-u;tu^247nZ|Z1^MDw`BkS$vAoy|4R}jkQqc~O4CIZ67 zg4|8os$^3KTv&wHOqUhxuI#SPmGiU~M5x z$1-An1`Uew;DUh50je;GX*5S;w>v77ZX&1|^&y?WMngEV<*z)r?n$g68(>HFC&UWE z1VFuJdb0pP07`}p9zn%b@$d~*3$qX_U)>rw^2S|xY!U+kCjc}cC}K*(M3o6bKT#zY z*yq;F07kxMS}0;YNK6ou#B}#7C(J=g_OT$;3E-(C;*QA_Ai63$FK;-4+OYCE`GzGR zPy@>n4gBjOfC7{m8*A$eafS-q)@e;l(oYDe5lR8T^K)|j5LA91fUk_ec$7q9%44bf zsVT|Hje>yB%uTJ2So;H^1tDL7786O#LXS~~fFV$G%dCz4FCWU}EChA?E*YEKOoLKz zvVcmph;Zb`WWebF?k$YpF$>`zBf=rDVhjzcrA1I%|q}4p%c>0sf2Wd1r_1U;%E)x>;N#^9K$S=s9!)hKspe6#w?`E2GF^{h-ZuD zY^+F3KPhtvlSgAmj*$SOx>~SM44jlqVbj=ag#e@=OUn`fbJ9O#mBG2fgLU43G5}lR zIOHIxUEIpRN*gxT3PWQve$k*Q1DKAAUO+Kc6mwvjBn*twpch)I?6Mo!QWT<{cn?tp z@B?!;fTG+vkE0ool9U`88#MZ%fh}zgCSPq}19BVo`HlbrHO{NWASz#*#56WGb}r$9V0HVAn5i1D2m0w zU4)U$S)6B1R9zC&q7XhRMf7%Izb<83g5gbATN2YH1_I26QQ!uE9JphhQ7WMKLgu#h z9hM`igqHxXS&9%*a~z|IXb5PK=G62O3NB~?0(@Ee|{2H-xM^W3{93^_&@0Qbr zan+G?fHn~krOZqk`*RT%L2Z&Is)QmY2LwI^0ELGm|8$~KkkdL&fX@+7*%hq`8yzOf zhFsVx0%WCq9yZ!b1U6{kgQzYdL4fsOqXhISsltGH0P+{$)3bG=HcYZ0v9f?}h$V1R zR4H=>t9Ic+f*OzqedtltfQ`=Eh#e)Wi~~X>$kgfqGP49r#t-B421}Xpr9>yH0eCG2 zf~p=M+DTr9jglxM710n$Uw}V=`y_Q3q=DTMD{v0QG$_k!%s?Q!NVl7f*kK6M2cQ_3 zU4TD~f!N>gAArtS`Y#Nyo2!7iXy-o1xt|9gy)(Bu04%eS0Dn>1u+iId@v=lc_gILe zwE)F9A_w3OOa)wrxeVY31o}Npolu2AoZ0yTQcHdgu)73QT9(|yr#j7D78ieTR2(Rt zD0*=aR536gBO+1nJO{WUMJynU=&5o;?f(7Tu^Vvgg6vJ_jvf;Ku+PFYe3K69L2H7!8GHfynvq^rn+WcenntAaj^ z3rvlLYUN;SC+gHMXx9KVg`#jC26@c(2$>Vil~QJxjT6-Vhun64Zt9$Va0HW z@zfgDHUeNagt}M!C=q+QQJ^3b7Ldh0zZ2Os0L=@{n8BL14L~!u?Og|sl<5Ubf9@Eu z)1P{j*jZnH2onJmXA&$IOPT!*zW{q|X6V3yL6YSHdEo`)yMSl%*yRy{b!KjliT`Iz zX(>|&KDq#zsb)?Aij5z|0Z_9M)W8KqL!)4TufXL_Pi~Ww_K^mRR#CuvASD1H`3eYg znY-Kt0ri?s2ri=nng9>&sJd-m;}>9pSD62i_VS+pPPh5&f2UgqP6A9HfE@~eSzE;d zh8wuRc@H2V0rVk%dkxIIW$*39+QM^=FpQH0Y@nV!J^A{* zfPeIV-+Zrplo-M;z=|j?FeAXdH_|KaJi5(`A@_0>gp^_Bp{J?+?UqTT(a9JOOxHf%ZGukck<;Qgx8-@gbyZ%xgt;?;@B z4d?@8{7AhbEGDEFDPZdP{)@kaK9m896B7F4>i^+wMH#Ayp}o%?I!{^z6LJFg1J84> zLupq$Y8VT{uYiiQ%RciG!lFx5w#K`|;KyuNrdF~xV?cJgFp8eI317z-?8hpSc*OdP=+(TbhxS`&o?X*_$QfJn z2r+gP7|I_&$;{mH)CA&N>2Q(``3JrB^P?0XEM_6-*RltQwLc>bB?p0cRwRg;1Vpp= zB$+cnz-!`~)JkKMaY0mi5Sbw&XAa?oP@42@JWz@N8?9FWf7V*)47N`P6HW$_<{+p= z4*eEHu7{}i0|?Z<%tQ36e*%IsSi^!!5!7;E(cLuCmnoLotjn7>1?sd{jtb_SbwU)A z4Ew=(OJjdSusF_5SP@|D3^8;0k5~f0z(NSb21@%tRXKD`81i1V6O|r)gs2ik1&-p4 z-7h;8_cNWgDb!xC({^zn&>$JGmt%sJLrH_g6fpqXU&?Tzf)a*_ncDrmAwEtS zac`ptjX}dfb{!C${hlQ4o(vs}@2KRgkMoRPubZQ({W09@)fYA`X19;DwGERK3>tpa z>yk1z{!q<^0cXsNzyF=he!>XJ4zX(FDfb;3=ll|XRa)S)B>m{1FY+YCy$_DYq0*ik z366=)+f))tp&qR7e^&wrBFke09^Rs*idVn|BA)dD_D+{*h$)KkqL}>4(4MoATf$A7 zp)CRXKAmGB_Lo;fb5`>hjeaeg(SLUjR4OIt#Vb#ie`~t0Yip|^CxxT$$9~7Ry!o&o z_Tbb6hm&bsYqq~P#~6V!TyFilG}ph`BrEB@7aYD9Qi)QEJWLh8*|w~;X@9OzwWm#sbd9yS4AaIn z_=U|qCFl<>KI;0+@;D?UJ|JU^U?|6HhM=4Msgfa6 zVkN`{6tBlFXpU1ttDYmIhKCf7lrlGJHR33%NsRTwX9*jF=_w{S%@$0u3nPB8NBY;w zic&~zwu0I?c-6B{-D}>z!~nDhrcNKFNlNUyK2C76L*hnnT^yvJUVrJL7e6xeN#%!T zYUOFQk4YA`kqF-^qk3MkaD!5#t}oYp)y$A7<#FcuJ(Q0XqCVv6nRJuN5`Q}a(RS6b zEwCS&GnJ=}>d~F+v}q4S`gos9E3+F_(L0$`)5NLMC=JYz6AZ-O?dtbL2QV!&{?cDI+ z{Bq0J_Sv25@xyXQsSS#K^D?p~a9qBDI>VOOGnAy1eSK6+1JiKp2qtZ4&2?_jL#~)t zgq@05`T6j#ax&?5XH&i{HS|q9rybl}&$}b@Y`LiBX zz6B04t~48c$iPeimJlIB3H-|GIB^kcYk#KV*!>+QVu?4=J0h4js~ z-fw>UHo(&l%UDsk+UtH^Z9gHB5jO3|1MhK(T0_*wN0{2Z))(-e2*dI*mA7D7U93o= zPQW>2CH}0#MZNo53yr6&K7OnXe876UX&u4As;y$Ce_mNru>fyeo8HhUJx07+fP(9D zl1E^Jyj9MPEH|Y8#J95>(?;KPrK4_KU%MF9DUY{3% z<^_qSg=}Q9Hkz=gra)kByEbJz#c0IVypUU-xK%d343(f6!Lsx3mXuBORzB?Cw?h+g2i#rw?LqK3xR$md0(9}-<1Ho72U z_0SZi%qqF<46c?MpA|ZL&y;MFU)gNByJajy{0(!dLmE+DCOw$?iXinB%b-eHtV(EK zwXuIBx0X{H5WW^9k|t}Z%%k`$;I#9VZNTUeozR`w?pEcbkw+&jHQKZpL3$1&RkW1a zWX}tX;n;!Ejh7?t(2QBf-81*aE_-|gdCi^@lWN;5H|K48;z7`|%4XrlkK8WZ;d7yQ zZrWXmTv;kRHgVal_wuUIe_+*nj(}L;ur=xYa{inouP%=_nZ(#M(t~sR@)m5^Vj)Xt z{sf&Didui5zbO`7!e=PC=)*^AkJw2UA}w6X+cO_)`i6b_`RLE38H+B=gE!0*s_zCj zDlfSnejfVU1OXYD8dTeGtD^Z_G3eLBzlQ0fFnG55Wt)4TouT=s)>)^l=ypSozEcu1 z^We(CI#U{!%`$UlC%!~a8*Y}t^p~rAfo+L(`+*MVj^@E#)^eW&e8wgsEj>jyU%vj4 zyA~W5;C5!?iAOfle@B5in997;;wLQh0SN2`zIz25lu6`y@LlFjx9UM#B-C;kYEj?r z%;E^!fWIlGzZg&61l4XN$`EV$VSHA({$@lMlFRW!6S2RUGV2^~mH%`&d(uGU{#(K< z+}SSU4p>fiKvCkm>>X@}7WYb8J&6CTP5Z%IZZ4TDkI&2*oDRL=Cu)Ts8!6B9A(mEPV*+kwodybmPlec z@?LeT^XB# z^tzlWh*q+&2lX@KRG03SIF&op#W$$#g5YlkXv2Slzdt}_zJdRyRcC@U`$KOqF{kug@wyQs?%Bv`kfQ?o4&dIP>+$_*W_~> zi8E807yJ$%Ov7OY%1O+Fjo+4-M*!n0A_G~Q&|}f<$Z8*nc?wPBwU%(lsJuZopTS>m zLGjhlsK#L;Z;8CcX7X4TUFQaU=to0ZBDF(S31}_~{Z8^*5_<%?;km4S)6wO@Ft+b| zHTW<4=FHo9vR(n=Ru84x1AwFLdv%wva~pHtYdbnH%s0E0-&(P&^oGdRu(4OC&TL#| z2B|XKgRA!thoqwaF0E}_j=Bi%WOV*&n0@T`3MC6~~9%HxITQvdQ= z00!FP!qHB%l73aL!dURQxx8;vWdXS<;_Tx;E0B~A7~Q91akCgzWg0_~!v&>48ungP z{f<*oKj(v0nbzqe)jb6&Uhv=hR|yvx{M;+{kJukJIrG;Uy6#1&P-Hm&Yfk(3x`p>p zIc=ny5vcm{GgI59Omj{YA#yXtoI1J`B+rbWR6KIi>1W2+)ciPONUXr6c^})`UDfg+ zu)C;S@GTz+hl!=k16>gN?<4F;Oy+7dgm3;0Rkfginvs;#%U#%`|EmpZRAT#VO(8Y` zC?jbk8nN6xDrKq4N1)O0ib|C0mp=y_d`B;WRtHV@CBZiq+A>*QF`XC$xNGj zncpJ$zzdT^xQ_S>;F{8>5f)A=T6;QM8s?-mqeTr4gLwsaiN+};!c)LDSq!OLB;Lgo?x zS3*L6{Xf4A?85*u)-URf-i#eWiZ5t_Z@&5a!wV6i1VH*g&iIGaGazRKr2GHuHt+=w zD9tA!sN%rV{$PA-a9(RLu~p}ROJ<>}sd-9?RSNx|UbuN0*JApkyPAbd?L#lwd{v;u zy=IXXRM~jOmDR_qW9j+IjH;an%Jw!Jiwqdfk_6rIwY{9~(sn z!lSEe8^KmiJm2WShfW%O$!zs$hSYMu)bg_Wv|L|ugw*nydpo_hZfg|f~mo64MU!^Qjb|wqW6vS*QW@&_gMY2}8lfLo)lf+kc_J zGX+e?OnMd199NBL3@#g*E8K4ERctr$iW^7nJ9!tz`TjTZ-ZQGH?QQ$DyA>4`1r?F4 z2q*|BRl0?uA|N20fHaXBDIroqwjv@OL3)XR)R52#1QJA~HxWpH5TbMl2{oaFgtK7( zpZ9&v8E2gL(|g7^9=wd**wF8FSF-+Al|;j z_{s0ko}nP=<>T_oVx{dL9PZnAEB8$56TJOP0BpPeOS#xs9i6|<8U^Tz?ST_Xcs!F& zVW(Y6V7Nl|E0iq-XbyPuXi!7oOi3Q+)v_aOVT(r0_ux3pLxY4F6t$GC62w#X3{@&f z&40lk5OF@!het+gMjk!d#T`u5gSALzgh8GVx|8|rlL7G!SljETOxhpO6ZS?njU3di zTK2Wf>lT>|sc5UV$N7z6FEc+qM;cII1dhb$q@{XJAuDPNbdiN|_9^PTEx$fRqhvn? z#Ktm#{BuMur+6B5e&Lc8Wt6F5<6D3HGS}1qPt5Q~s(01xPCj#IC%4{IEw4XK!Vvkc;3sT^yX6eowW5dvT1 zSC`5|1kf9f0-)Jz!JocqB4jID4atu_>9iWMkmBQ_AJBd}12;gZ_kQ)jwlSP~tcg;ZJXjOtS3sp#Kc7p~og?&4y=Ast!zoo( z)Y5W)O~HUfqaSG||AWUwNQc!}xA4M2FWsKR9EQ@QxJBrn{M9>Injr zQBQXK&b(cUJ&}#0hTyB0dq(3JP_q2|u z` zIclldcw#n9h(x+hpg;d|KQW2wDq+=6aA>LRAygQMEQ>x^c3<(L(s@i#2}Puoo&_+5 z*LonEZdCLUAW6(eCp8f<*PO0o-kwq+otjGby9A+*#5+Y8+xe8%(L9`xvr=IR*j*^* zcB!sBDi84rWx9IC5?-)o+&UMn@j!f11_TMynCPdk+YvfW1NOW8}{)WZV~T2>-2c1uo3d)GEeHlYWmd5 zKW0A&!7hkPowbbmT|Q^Myp*Hy$E~Aw#U{#8d9thWE>GF!B?ZCH!cs^(OR))h^SGJk zBMMMW_JpS0Joq{7i%^EZZ0Wl8j$ehwRUm`xOzX+~Yn$qx@_U!TI3WDi$^=pxJhoHx zFSv67^12PoWi`J9>ApQMnOW!23UOc9`UD5&z$%2;dMysy1i|FmrI+j%W% z)0Xkr!{gCFL}XT51wQ`9WbcQ*8X!Ha@LAi;2Te;c0}4b7_Y!vV?~%tsgc9shbkg^$ z%SYV_e?Mg#J-HPLxKXADvuKd8!3_FfmY0b~grD2pO%1ObNXhSl3ocLYMqOW?>BW3B z9e=K}R}XfBj)qnYyXggHXMW0_zG zU_ilifv%3`yZu5s-R4405)axF$%G@_PI2zp)k8W|kJQPF zW$#U3Xjf~>(279qVH(QD|3;AYfPWL{_n!<11lYg||Hc;)c{aVhEiLUQ5bJrpjxy%8 zpF@P~1{aiUPH)=cY(I9L!S+U<@>whoN5}eE7e{V!G=HjHt1G$L_j4@22zFIDeMJ3q zx`B^vQPdC+?pA0@yF0uV{nA|_M)GOxJ{O9jh^upT15WMJD+|i##_Nue8+#lP+V*Do zn0rW@ss&-cd9kbf`jt+H-a@-UG1O4si5y`+1J1&5#g9t@E;1*a%3>h${B&b=+tpiT zt>&7h(&(cuc$wp{Tcip}+v3HioyMIf7b&ART<$4)s=jeM#vgBkeU~8lw#|{5{LG5` zvOSr`U)vry>3Fv#I(FPZ8I(0uqi}R0l1G;n?gz3qa71iqu{0V<{2}>;%V3#Mr`72HUb(j)A2d+F#1;W4&W&P?iGvh@fmbHXG(o@xEo=q z@^%L8O56BL+L@o5yQWcZF*#x8g=kP4f`QlYYZak!uMTI)`15q12f$ro3iDpAGdIk--lC1Dz`oA;G4`6{Xd<2qjVLUM zPv0^ZLr3WMEVx$rLnc*o!&B~e_tzReG$cKsL~E8G9KCs`)^JPVQu)WT>-oh;D!$+i z#9;T!w_nW!Pa>cTe3m~rXP~ch5TPdSqhAd zV7lvkH&bw{e_)9Rq6a#j=2WPvcRpk0x6sU&(4n?eDP;KAQKY1rm^fPdilyvIPLBA{ z8{yNnKt07dqEJj(Us{*wc=|PGslt`z%kiziqL})}JP2$&dc1E+am@S|)aB=iMW0Ti zSXPLtV6FBmeh@daG3WhuQcLU_(tj~n5XJkL5;5iB$fxt0|B#&bjBD$?tFK&@Jg#a4 zj_<+*fFJ`71m-BCD-piMug+c%0yp<=x9G#i6@qq>#-1LbpJ)j1+=A~sacL^~Y7rz{ z0e*j+sU^?2mRN-m61(&>tvQhG{|k z%miE_=Vg^lDy(&QJPo)s?^3FeSZyG(DmthAKqj-=P`>=@oy?mw$4B(A!^Pt4{c<8mL3R4)!MA zfjq_$)Dovo1GcWLscST$Vp5x2HDo=*TL%0-_WPO#RM<;_$Yo@s4cxmahqlrnMnlI} zgcfM%`ENr0Wh3z9|IqPS%`D>!wa+0Lt)m@QZMexG<bKmk4=`x)og3>d8*t5HMU5+{piRvY;||n#Z{TIkoQ!V-6#dR@~Mvnbu9a1 z7p@c4d$a={_n>M`7ZKc7a7S(^!(&d&@qQQftgDg$^LQ8$;gVA)-Zqmtlr>(9As*8&hH0AClP?#kslIv`sN zdLyuOtPRJMuQQO2o#%G;vv%FGG7%lAQ0+F6(X2Z0u9!D6=+vq77~^1}Y+=+futg!W zfZ1FxHxtK|vnv18*l0R)Y&1DFfrRgJV)<6dQEX5485JkJlQ^r>p6BqIp}H88>QpH5 z1uPL*?><$QemS-{&X|;Wm38T5?LJ#UmosT&rD=20N?5_?R@WJ4?$19|r7HhXUzQ9s zSfV&GUUyjS)P5~{;9pliVj=hLp_-1(#^{Uki7~C2Gaud=*>QA*W+n;?R!&YBgY&t_ z^=Q|srvJbby#N<&$JI!l6c%)Mx5{aW7GshEWokduO%7&7$<50j&GkDj z^EH!N=jUL1gzx|uCpT73`a3I&RG!af&Xy{D;gs$Q3iZ&cfw5Z@9tR2iA(b4$gXNNP zC(t`@aRT#2N&vwkpD&41aW-goM2MIiFbF94cj?A9er>xZm!KZ%F71AGFnub??hjuR zasvfAu}C&+g!d&$EV-1a4B8zvhhHe)R4K<%7aqRF$`*P*62MK_9Cj9*k(w!cF#QE` z@IcOHAHG;QzBK04b{#l^b^Jc*XQL@OB*pCNA!Osi9$;v8U%)a(0piEzK-7sFk7e8` z7sp10;x;Li?PLrTSHH*SkN{2r_N(Jjz&@&%v#QVuqhpnLT=|klM!jD@qUd}A&UN*P zyq|SwbSWgU=P_s*T7((u5Eo2?%mSc)_)1uB8}@M6~2BM9fJgXo-T81 zv^aP#S!Gkc?;cW~FsWt(bVP{Mu?;Ic9DyM<82go}DshnoEDK&v9;Jccw z79>)q(ePJf(ftX+KRfLJRZ3x1*KBXuZ;vs;&Oi8asq5MvJymH%OD&iOk>ix%gWH)f zr#CX2C6`KAKM-ote`e63(V%q(I-eIdjb&So}NYHlf- zaTYG#rvcv7$Kdv14Vkt_1CUcL-5xBXClZm8L$?LS%n`RoND7LyPM++-Vw+=ya;m5^ zkz2`HyVvCx#c>#XKt)G(KMIj!;da&C(ekA!PBk?4LsHV^;UTrxMfrF7EVjRES$_R^ zW;)IZCdv`@8hkLuYjsm~UmK!xvs^2VD(O|e@wj_6njWeA^d89M%Mqt&5rsD;PKgI zIpc)>)Zh4F3u$uCvk=4Zkc*?;j+8GJ^>HB=&Gsn@0)cP}v$?bzaPiMWIjZW);og!b z+~m$u{fkdM?oG?_P`nz_ZG_gGydr99-oT;AXsFy(Kuxn+(a8Oi{pX2;+S(?iVF~}> zG4pG?rx$iN*eUQ$X*QNbYA1-iuw;}FpTcZPywfqwJ4sgq!DX%%7-B~eO;c(ad zca&=Wkr8sh!{cX~dU9Xf^gF+$Knlro(R(fORx^&j`6l`sZ_@ce8DE$;+*7k^|2&V_ zAvTW_|DI6rau0Yr(RW&j>@IzXuhb_THIz>kvm$7HH$}{8I)m=N%5}(3)(!K(+TP?RP452T>U>;_qs_1zkXMf+pZ+^~ z;P4F<9l8CemPApv)`f5+1TB z*R`*I!9M-qzceXPILIbBHqVkMX(pKU_2R|roUdP6NF;FQsddq#4r%2+`(jHj@%s;` z&S>MJzV{6vzv&|A-*ai#=*k z;MU)xm8pvhM)Zt7X{P%2R)YEObiW?z2&2xkG;(sa$re_Gcm|~T(dFVDI{?0$1X9Fc8Z(e`bPK@)dTHa(VpdSP5ts>_zztAmh@FJmRj-{Zuw8yw^wf0;AiV z^#PSw5Oj)H9ixH}S8KrFtLpCFs{V<2yq)8%@5VhGCmzTBj!suzbPnF^Su^0u;c`#r z{Uwl1Gj{t()z2U!+67$tQ!~9Te_=(g<Swej|8j9nt}2jdU!DLQSPK=IAh!XiE6w81{1U$UW!;I%iI6I%!<~Nei~N#m zdgkyS&_=(rHOW&r(A=j#=)s=w4F%mVF!Rx^a`g`H9hr=$eVL|%30)(_YyM}8?Vm8e ztiGb=Rc9K7tO;dFfEX9NjTZsD0$uTL<;@f=NsYG^jN97C+G4;KE|AQzc?*? zT&C38OKs~zBKW5c>CRi!GrO2m1o55pskm|H zKyj<4jawz|lv!Qg9`C$oN3}4Qbl$Ffnr!MqxnECm|D9d!Hj&_@=+u6LaHp}qOe!*} zLpiR1c8xcGdF&MJSjLzkR%O&1oKqDtS@Ba)*KyRaFS;fBv{Fnv-`<#mMrf-;K^p6B zHp{itx^&Cj8;*SMc6gljT=(K0_QVM22Zf`^ZXd=}u#OhDX&QTQI_q1;pUwa}cGF32 z8YY(q5aX(PnQcM6?OJNZ%LSLKUtI-~o&S`%D780YGF=l&Y^NN!zdaP(f9mlvO&yi!sS5CSptADifnLy2w5QA!;uIVCPQkTa>kQGL8d+PB zGMf8z{*OO!zkcSoN3uJZXksFuunyLF03L(%F^1tD-u1PD0%>03Sil>!KFXkMK?0oL z`q@qg5N80zwL?A?Yh%spE?Xtqt7Tn&s!MurO`tj9Z|lAW$U1wf)L5NbVHwreN~!{? zde@h&qs#ntVD*3}ObGyPUCw*|8?a=R-CqsnueT?nX3$B*I_t4L%Q_!ouN(pl8&TQ( zfU5+w%GG1LUmK8}K^t}VS6Qyz5mkUYAJOGa6us+92AuJWoB;2KJm!GN+VvmpxOG?K z{BicA%D#eIz{lIS@4=oMde?lh@9#tZyZ>AaxVtGkob~4YySgv&1mMr!tDgS?{eMRX z1`hInNzW!g2voa5S6y0HS`c|VMxl#&UF~^br5W(K_8t0H6}v>#e9r00XW#Ts6fN6# z-51dD_WkFSZjp64OIDvA-vR;#_SNrAqUWQi=WCCs-3fXHQiwpz*5uw%snf?jf%pNXLdTxUGfp@(y_-@Q}@FdtXVe*2s6`1(bA2sH|MhuP-RrZ%-8)_#s^#P7V9^tH;BtcUL;A@bQe2={0PAb92xa zO8n`_!n_6;hG^ew#M8H=JmKG)K)swCqfV(ZN6l6idgXG@w08>6+yJ^dnq$Cfu62Fl z$)5k&GhLk|QtAl=-j`&~e&+YmcDZZWmcjodVxlQ$_j`HEp=|_)l;)a*UPtX=pYG)v z{Dh;C216&`@$UK$2F#0dbkwFbE$~28PhT)9OvCabJAF7)xx*b*R72PO+rD=42q31( zscdEjUL-1j-4)IpUca>OX8(gSRnz)Mg9WZ5sa2LdZg*^$HTWZOTq-F%?z}&U$K>CCz_E?RY(h%V8!&#W*cz^;{ ziharcyM|^5&_AvN3Q)vpool2pWwNK5lVgL zPnCxe2KnHK2O^9DW07O_5PK>CUu=G1$i+sz_&Q5a*Ym!_>nrZQC% zp0sf@REEA<7r6RWN(DSkjE6g&5&paSQvjne1&!6nUY;vvBSEbnP=e{gp8%xQ{XLA% zyIHHZoH&}=vD?I8dFh{^?nk~hMs`)~DT|Fe_kW7T;gs~hYDXO8buh>u)g-k2iioBP zizVZI;k6~km-WImueS+31rcvDyggfGRXT4~*KEv|xpi1fzc_M5U_PjHczAK(fZ2|u zX?5-T0wAwVx-oEh4g%3;H+Po5{=g=wJk?z2aSAA2C%s&ERr{N>H(@OUB@*^(jMU96 zXY1M*^qY#)qnW^+h~%1m)5XJ^a(iqtr&V5)fhM7>A)j2>)3ArbfmyKv^W^7lZ;yPJjDqmqW4qtE*kJ=y z47)&~a1l|d@4eSa^P_FH)>r1;9$kP!85y00)Kw$r%`-&;qd$l0bELc<2l-Q)7{}K8 zr_$3%BbWGh>J?y;Y3&_whHQ!Go!%FB=EJWt=f5?5D9ds(>&c1*g!3zxs((HI`^J2> z&ffR{u~Vn@kYCDSG&_mW{hJ~C{q{HIecgKHDx&3?(CY&PM#9auZRtG`ge~k#@5QpG%=Ds?Tuk1>D~DA2Os!Aa(u#7Uk9lY+C7!R6B~h#q zk7R*3_`ti4?jcwF?(0HdzhDoVHb1zCVucr06*wGTEhfKuB3a2`Ag)QNoUt_7mX#kh zE;cBVt|2noB*sPvCd6$G7ogLQ^*}?;Gp(aos5$?x95irVbf+^xE;51HF#>5q+2vAS zPd@RB5fvulCT+$1p@}6fl!*O5_wI<}fp@l_c=vWnhwdz;Zw`F;hTJ-Li73ZsBeS@Z zF^+6(*RCE5Z=9R2{p@ybB&YFUhTFAhwC}@5k9xW?&P2UoIe|2+h}j|d3(`yl1{U`^ zyAY=YbnzJyH?{g_p!+AIHe^U`=prZh>u zZEjd$a)T+J-`!hRazsRMu)2Q$>?>7!*@*A=70vymcF4hZw^C$qfZ{QgMpf!B zpXpEaDms5$-GMqn^GpFU@G+fiJ+{PpP8yUuNb;7;u;MVlEs5 z2<2of=3uFYm6UOu#oK_O>bBl0jOpv#$w&492~*#J&7?mcYEHuxhx_J*66GTXBktB4 zQ6HbWk*+T)=+0}~YgSR)i}$lF?HY6=eW(8^F}>h^=bWM->%i#<6KU)+(9-H~n<{Cc z9ds>0RS;WIfVV@Qo;(ooMRMX5>1yqR^1ub-esvx8_Q!lYFoPwFD%&mzjQOs!A7(0@4o+7>KO zdp|9J9AF*&kW}1=(>fnrrTK*L=d5_Hpni+x`o~M>%U}2dR_tT{Z2nu9!m8nH%1v|S zPlYTCT7SgXs9qrA`qBL>6HiV!t{b>3vwD`CuxV!*8D2GzWnujash_E9xJ$y<(4Cec z!?=4RPVF&&9e;c-^YAm`ETKIg>qp9|ZFFeGMMX6?{xYC}IuDT=3BN`<7|eYg32)iq00Q1^xSEc}91^7uSe$1!5#ujNG(KCI;>>HQr~Z_F&N<;^3` zZ;$?N&`3mK?~%jt97)IC5B;WBmx>z9Ci&OKPs*4)0w?kHb)HnTKD>&GSa9IwLg96P zj+gm6#WFA)i7T)7%=QzP-_15}iozc7cx_|}V5(@Bn@ukI{$q8o?NMOV|pNs;@@5iY+&(E9G z5pTrSWVh$J+)9jqYrJ^x*}yVYv4F29tnc+73Bp!*O1t((4|d0WPMU^qM0E8ZmU&2zX64=ELYJ6G72mf z>fDiy@mtT_2j4*-JSzQj<>qxX((=xE?|1kME`Po1^<#M7eA|}qah6h9g&X#W*(JMD zNeS$DUn675xHETp>bHGMfq8aRMTgJ+dE$*Vci-v1`TiCQ|9s;y4D^ngTeV0_5R3kv zkdu^QY$B9`3*Hp)LNPkqjKS_}7Ot)qD?B;|@K+MmVyntn8G3=UF=X)3wBhbC^-=?* zMRpO`Pk*I+9J}QMTfi!AYk+38%~9Gvddlfhk}k`FMD8!A-#Ty{YE+qBITF-OB@wASg8J=O&hQV;!bHj747YPxA)vfs#LwL z8p(F7!tj(G1>d`kcjhcrg++siB;TT}xzTFfvDBegwT}7% zZ(w%Nyy79n`A+&6qzX_K2Qs=2!UaKbTi8QH9WVvyH@kke1Soh!yL|Kx1rmLp+IS(b z0(j?_zG0@thmArS@Omvj3#tf4@$2*{7ssX+)0qD>U>X3m%FMx5GUxpt@WO%bxM5iJ zU2tqN5TKVKoNl{MB$lJ%Ob-KsE-4Wo`&{O5xYVQW3;816{2cg=l__W$Nu3YJExWw0 zHQOFvm)mkWtPZV5%?YjK_YF)&#$pog0#}5gpC?SV3Wp1TQ({M5y;AIPX~YXH9~^p) zw|_c+%Z+x(Pyc?7Gbm?<#FHO87=4pBpau*F`)lAPDdW~F9q+Krhc4@%#7Pdt0~1&* z&>m`k0Ntu1z-c26a@W6P`Le!9Dc!LZ!iajvZi0EOMvV|p>?{3u=>kXAdgZ;aQWq`B zhJpgS>sw*oLz6siq&bW`Pq*HBV*}pl78f6D1f_k72<@~Us30?rEy8Lqi=pcxv2rLt zv|X64X$CexIddR)!o#9w68|FY!e7q%p+6wrw}|4G%A0@Bs2s3R3#<`Wy_ULS(I0r7 z%-+S9gh}AT-tO}|j<*{)U-4t`PrhYF8Nm*uWJvGtZ1I8-l+eYC)mpr>*-s2@l77(w zuBLejaxOCu%{_0$5oEfWuiuuF(~ef#ETpuOqSP^hAQGuVZycqcXJ zYkiI6WGEJO;BzlXa2FN|jboq0WP+Z86icMCIOdJL#!ozSrTiY(Vv@|nHb)`)nqpGG zc6W?Oa3g+sUxqDXgjEK;{#fwhjH?q&K#12OAUo}O+t({q3b6&xySbUCEXAiN<7)F+ z%Y>IGFwpBVJOyZc(5LuSRi?q&RSYTE58QkUa4k@kn*rp`XsTUiezE8vKZKiC&~M+p zy*fM)zo)7l)+u<{*R)U%0!@8v$`yk24?drK3J6{yYP?kZa!tfKbbpupE}0?72@pFG z|0rsm9M3RgilBu|L=67xF%!*+E!_rsO!xVeA9nlhDC}0>wnpCifuEX>XTjSmkF89w5u!V>A;d$E)a^?7XZ~2b10Z3)#hklM$Ph>MFe} z*Lm;#pRv%pj~!42hd!hGVp$!1R+c~!H*)gF1?P1S*J4;R6yKQi5c5|ZtQG6sjso||BJKr|H@0sUr zk_GVBecya`E$_h3|8u_Q?lb-u9f)_I@&Cg&k#YBA`veVffOg2h&(m(8mv9r`R?tjy zntJVyzerx;)0tkx&c0-QNf34|N08m776)W#>`MjCaFsrLt3+kh6+hejL$)uhCVF$4 zy-sO({pTI*`fkRpEN~jtH{IcMAVu(phE=P|8oh3DL>p+Fz3-k3Frbne7~=R*;I(1E zYyBQQ4`4mo%?*A9CjNuq7g+iK z_9op?HF(H%aO$S%m|M`Fa_6A!t>|z3$>^y6_D&TSiD38&%Ma+(1d|oXTi|*)FBro} zXAeE!vD2T9Sq0<0>(;sRmE1o&Q)IbR@o)qdp(yb_WDN=)eODAda7JUSWVu4-4#cz#ZAvQWV@8vdo=-3#x zWKz^DVwoYtEb%@L0O5W6vR>XnBQCeWeQKInF#gx z>Hsegb0bq1?sjz3a;Jt-)}WGDWm6c7;Z|o(kp@<-N0Q{-{G}lxqC1 z#PF(clNp9Jx%r$l!-G-1^J>Stz&V`S5Bd&Fal4Yhz^xXB!qJttmp6PGRaod58@1Yo znT5gqJF`B^m~s1{Tk7KKXEWr5M8^GV`!559zuMJdcUgW9w_9&Wea)ErH0(pRIaEHR z+-{N*8D+`u(SS4fFlpIf(1%|CWFG^&|5ATKzDxzv2|j~g=~7+^iKlp^kG;6OTBCLb z7>oJ1_nmvGH1`T>&k!*|f3pY_oX-YmxuJ}R8QH)ih~=L8Ut32vif<}9VtEVV(TqW4*8QPeH$Iv5WWT+V*CCq?kT6R+?9|( zwkgA#lYqgmPM_ZdPsgbHum2(j5iN=qIm0r3487$TA&TN!*2c}9j-@8Ou@s+yJQ_*R_h<%I@V>m!1-_VQR~i8^d_vx(bg^w0Jm zZNV#J1%%v5B`gIR$n5bxxEOxmxf*t5x<6RYYNziH-*Kkbbi+=D)KKR$k6LpXMHZSZ z^)5M#G3}YZGT|>-_4vmS392TvnoxEV(#KgBvN8Qr)_Tf{UgDGqt^>XFN)!EJ@pv)o z^ZYkn=gkagI-Vgzfw=|GPs*F1$OAIT0tP!b?BT8}0)Ec8H}0MG{FD5nUtYmtVu$|b zVYa0-QHEZVW~QhZ&T^h=D{8YS_SVbSO0{#RmI>~hkDH0d`=Tgn&TOT)fSEvgaD?c( z%B=apP1D88z*IsV*yaiArBwgn52YCB6cE~mnB}J3Xd#aAHy;^ z;7$dunWO7NLPC?5Pc<;^n;j$BIGr;`n%h+bIrp~bQ0jGH={M4y#-5i%?v}{z&Og`C za9YiYu| zcai7{wEdmHT|U29(R=wkJlhZxxAU`oGRdaC-x?~H5n#lbXkE1t_4fAYf zxZ&G<0fKlZQQs=bTw-51wZV_B8&F$Pzdkk?vmkZ9xJL5hJ$hip5}h(CPgh}hab>gz zz)82pROrurt$K6uVrM`7^+xbADG2#UD=ocP;5<>EPN`<-tc-73HdI1LLZmp+Vq$_l zAmy4=(W||aBv{$oTHjv1V!!OoY{dtrz3ChQN#94-c#Mwyy`wqA{4OI_0#+W^a7-C= zfWMJv#HKgWP?XXB)uAK9ws>Dm7g&sV5ko;^e@282K-3D+BQ|xkI*UVUaEJB8x&g1T zD#j;w(v`;@nxEK9m@!7|2E^4hc-zeN7;3@gFC=|r?WfY_gYT~btkD?^xzG&=jg2BG zoO#EdYVK?G;92C8*|9)|qYQKcyw(Lf5kI;t7cq;6Pk*F}#(Q0Du5`|@dNqM=xRvs4 z@BoGIB7e$re5gT)nU3 zm%8Ijmq`EK4UJQ3ICbE_=6Mgu#1{C<&Xdkgg7QI6b{AEes|a2%Bg$%5zr_CF-yTg} z1R1XDDQ{(m&u*IPS=%@{c9s#9C-Vb+Ti1<~KO;QY?b@vrL+@&iMt!&LZ}lGh3#fm< zO6{U4%PHUn$6cyT(nn@z3<2|M$Y@7>WVPE%6?woe65;*F%LMUe`O}0uVtjMth;et{ z`Jh#S!5mJah50Hie-OZLTcj9D(DccG;QVkjc$PnR8BY*ab8%8 zBD)nudG5{XUM$kbsLi$#i2LT$a=Ccs25Ud2HSc5^{CD3Chkx0xz<~MBgd<3L&k(` zk`z%8I6*I2Pt=dDsTfRxc3d>;TP1|XIW1fPH#CZ(A|(P|K^yECUdo^3<_&30mQ#Xe z5Tb(ZayUVfQD6UL9&B zO0z-_Pv3YNldCGTEHBnS|>BTz!f4~#H+1Kc(Z zhWe*@>q&E=jLD{({~bQ_@A=S9_|A9v&BOmNGH1K7f6N(=O+wDB`di{kuK&B_F&06C z>(?>^1Gk{G8ctgNsRjk+*i}gLo7-qhzux&yAZf9o?U|T$xwHc(!HA%Y+7PQK%eV?( zdaueOey>Ac%Gc4=LB5*vWAoZQJ?7Kw39NGXSU7&3I4)g~lrHSU*RI2gUyu5XV#tl>RV@>41V|k! zp$anx3Rqb5`L~_G-_LU;KkO7g^1N2oup+cd{?xPxyLAntY(e59BHr|0tUwvT`kHUM z?PLY!rq^VuvoO7?@sNCQ<5F}hN!k)E2 z{Yl;s+#)yI6St<67)iZ~RC((akr}r7VYaZo#)I*aWsXaYkEZ^5cpn;uFVURW(sFpZ(=tw@QZ8)_|&fb7ZDPB9rO2wk8T>iTcs z*b1tnNqkYAoxdeM9UE=G$j&}x0jp9=tCVRs;uL!VDI@+1SQBIIMe&bkJ6sAx$jT~OAzR?5LYK5@u z-mvT#fJQN0XTFm|4lY~8uMdoaf(*#6-F|WD7KbTmRW%+qC%`tt9^6?;5e_ydq)fW! zHKp_%e=rt<2=j%UNobl)%`F>~JEX0Li_J?b2N+(2KKwroZ|-a(G3}O9nj*AgpGiPD zCv?DU`MsxQPQ52Ky_oI@VXXOPI40t7Mf}$Uwn<3Ww>0X3F(r|loMyZ=2sfOX6~LvWe7f4ab~D4t zxG<83NQ?MG2PjI6y#35cP?z8d1-MW2}4Ta%O&kBH68^c6*qbB zilMdf!vU%du||%L-S-Ffv+!FzKr~1gpH{jq(!_)iSLe$*Dzu?9bWwCC#9cc*;9?@q ze6Mj#a#6>a3%!D03eR~bii~(1Lq)(=j?Nz(4f48Uz7FDf%dGq4iF<>rMGjXash0;; zo}J(ugITgUeE}hu-f2qEdWZI6VZp_-%BVZ5<0!!}Od;Zs9MA5Nr;obOTfI0;@?x>( zSsmAIja!BsT1CkEih8xQ-$hT*q2Dp9i{T9&mh0IS9_=7Y zK}{FyN9v96+`wFnruuq$2S5+A#@wVY)nW`S*MAaBSavI(<5peg)_xuZcY5NS~nY4P~DU6AEw{I!}kaqe1 zyc)_qRegSq15>(&3)F-Z5A)j|h6+YRQm!w0)XIf(Dj~+H+@CusAlu2n?!F#%h;1#GqAu)wr!FOD2h_jIc^*#uMW(Up<@q`}t zMJHZlt=KX&u+rmODf?N+T)ww%R`4klN_tYcD@v@&`J@qWx>_9-pAI><=y|0}gtOel z=a`c8WW+Iv)CJ7&=M>pZ@~o9N=d);`Z-Exu%q-R5P{-pE0z~gtUp~PX)h_N-o}P)H z8uKdK-6k_{Z87q0Zx+sPp1=Pia3OQs664zICg?Y_#B=TVh)fL`2q3QUWTOTMQpi>m z7ox$viI{oO2cL4c!bUY%w`-vqRk$kXQ04T2rWmB5*6#su#tx^~rpWZ#KrE^3J|ixC zYRoG@(>F^Sm{Qf=C|4Q7&Rj|x+u0Y^rz8j(j+3B+6PV~ zH3xmmG>fR>7M{`$n0Wzelx&!OW8eGXNZl<>56V_{MY6f#0tI$t49h~40TyH7ZLBd- zmf(_D^Y(+S67`!U_S5{`(T(O9C)Ofq5iV^ymun#Y$X1uz{(Q zevMcZoaw3boW#YT3p&ZG;0EMYwtC0988 z4xGC?)5;uHN_Wc?!MZs1qhw>{BJR$ zf`&;$;AZ*%_C{h+QBf63Yr&>zinX)WGGci} zu-Wja@vMp0|JB z>ac7x<4c~QaKm6Ul~2o>H0(vv ztr|}%;x`?wo%&|ZCi&oMV+BY1zTi1hE9q(8+E5QONWb*v;=eura=P0n3x5ShAk;HP z%Q?KRcLp5a(gO5j!ueWQ&wwNO`DcwsYVb<2m5RZKAB;~E0T}mJX3G~h@kNdbsFBju zSHA=AN|#nRMh%)u>E)f2&_88CnK|0O5dw2{MY<5_<@yA?!t2x{`?{R^p~zbAx~aqT zX0xEF*@soeC934gU8UF0p9b?SJPLArGgIVfT!pE0BN5?iKgZnHFN{~1 zRMue%_(jn`SG??^BHuv-UG49eX`?vWTZXt=1?L~Pqo22SzhnARO;9d8=k6eR!dika zlFH{xG$xx7%cpMo$*U|$KsxY#X}*AaDOg}-QoN_xGTn6{isrle4LZ`@Afmil)xUQ4 z-|=Ogg0Jz&OvI#l+t*&|wr2e_@GN>hGh$rVYbo{78}$ZZ5IHV}HkGifTYtyq{`HuG zqaNrE`KdG8s;3@QarpuKKED{;zwT~To#{kUG&Pu{k=8_Ga;J_$SirE0Q91}@j3#{Q zdK+r;+>id_3XmWI%UpF(yZOM2R;{pL)BUG)%5NR1y*frBn634rA%EE6gwH_)=9KsD z7}|8ZG=Wtdk__mk{qdN$US?J;7fp~AVb(*e|AV-RzmS>9Me5B zVy)oLnNle?@S;MWHiq_iP#+Aq)JXAQ)pM@5MHDaK_)c+@m)+!TQh4TC8g266-urG^ z#9dY1x#MY|W4yJWxjA`(fH}94H|;;&TxQh8Nd7mbVG5g2sL1Ox#^h+!D7$BwlY{M& z@D?aON>Ui3^IfTC^8uc@jDW6dL$eKAP6~Xno`X@%oo#>Z<#2ufz*aI|_l2MDNKu^O z;bS_gkDcM%rgTf7)c;ogXj7F8W*qQ9=y$-)UXhpR_*{{2Rdt|7wB8B8rqYUxu}Ufb zuMH>kKufpL<)G$_Qfv=%hy|6*y#LT*DzM<|XlYk<;OV4Uh8VO=VaABa1pLi- zvc>7(yF}rrA>DZ+*2T3pg{ToPla0TR3@_rXGGyFNYT<5ft9zQ0&56)+j~hqux-M?E zsdyP-?7?sBzjLj?tk|*zPrZY7`Sof?D1XZR&(r?+ow+=M<4azjP3K@p}#yXc0sJ)nk)OIpz{JWfuCW-{Bz}!}j+IwX}U2fch3ZhecG34ak zf_}P3sZQf-D=^rXjH3cC9c1QmIdcD01Y&&Ml2(AJ8_um8iv)c>)JsJ0m*C(0U4S`< zm`a?5GlcWD<-AqU^+Oh~A=DRQND4=7x}at_+J(D>#eD%Sx>&-}AFGX9s{c5AAOGJK zx8LL>TCFYaB~+n~S|Q#{1x63_cnGIf>)lm8l*8X!0R0l2C>I_XO#dbFaY?{tC`6l| z9c=6QXYT%rl(P}kY)Dm*>cIA{-I2X<(kJU3DH;>uhk19NZ?$0fsSHMNIOeFJ{|hHF zg1_Q&XYuw+K6cjZ^kHflu~(((x?qecnM2BXPy*cA3(##^57=t|;}~tMcEXtjROM^X(6nt448ihDop^ReqKDJaBfjptgxO@>20jnJ;nfV$ajtf z%D+$-u&Q}Ox{Hs=+)si4jz)ptwBo~5Vq6M8I3)b`?@N1$dcH-Y>geS(a}^RGiXP<}CidHyDt5 z_O~65xr+YIaAB?wyO>FezdwXg{_6((zdfF%#dQSG?JI2TE)`k-rAoZ63ry{Dy)rDS zRIUOAE4$h!#L3e|!lHF?&cqd)*F?j+&t|IdbOG+XwAja$761Dr#&9pO=3>^o6+u!fPuliTQ!E6 z!P9VoBfSG2Dyk;nom5=rhd}`gTye8k>6aDjtmR+Q_Z$`J4Dh38J7k+lR$(SOM_K~u z4yL+{F_n4dll+aMV=1^g(PRlT+L#e+<-gk1>#`WL_rGioBx_PQDj#0n_TyDC)hMRV zf9}W^nQX%y>__8k*Lq`%mkMxMDCOpBuHM@j+StRmrnlYFidjA!Ew<_~R$=f*o*}U5 z{Y-0?nydKj?}DsrG$~w?y1v21c(rY>jnUkg-gt4x z>~3{l!YF$V6Du0eNu?oknN`vH)x?*4`f?Z@PuBsRjmxY^KDZ=}i0gnCx#ZR7Ku!!J zOKGyQinSP;_D@GX7JYx6=MzTUdq8k0n|yOPkiFNVt-^fkKY{L6THXxywNczce9uPF zS$?pK8dZE+wnrI!J-4c5PUGxi*tcG2X+l7F%zqcSKdffm`u0=W>=**ArMtjGCA(fV z7T19Pa$*Z3TptmzBz~~s- zpIyBCsItuX>_XLLT$ShX@g?F*C@#o}-GcErBYaREZ#@fI-P1&M0%>rNB@e$;Y1?*d zmh==@$lmp?vGKlyn`nUvL z>I9G}e)W}`kv9gd7iE3*17ZsTtbM5Us_X6Ff%DH7OF*R^IV~)(<9k zzKzd-0C`7t2V`3N9V!b;cG-ujJWj4mcNPBZz3A_nDW6BW8yl_C%5C5v1m-~F zsCPiWs8+_0ZB5Uny~~YSh5Ae8ekFN=?Hzd9$}1J3c2z1WoC9k5VDBnE@gdAi-&tc= zu8!hsem;|aYdW^nui_p$PXfWveJYO4%X|mZJ}fjTYx?ZjbE_=&tUvzinytrvR+?A0 z%AJ9|Nrh_^Ww8rWiF%IwTi`$^j01p*^*m~+p1#q<5%gA6NT+|-S+~c0veF(9427+& z$aH%gX)KH`uf%R&BCFhM^R50#rWHF(VVH$NJz8h+FI7+L1xc5c%!z!@@Xl?uUrm>_ zjV!3-@vR65gVP-In)!tdu1`Gn{8jObfl@d<8wa+qIek@qu#ibop;d>Yhwi18S2+uo zg@;lffp%;jpV(Lh`=@R^js4?0?Ij(QBZ)nl_I%_}h#D4@v1i9JiZoT*mLm+W?D1iW z#t)aafP=1dp@loJ3eKyOo|_&`Mk#*jaAT9O?@1*QQ2-lhZTARR>5ZCgCc90FF7Jij z5gaW#+1RM+4{~2VQZ{jQsP8CKoYlN5oPU2#YjA4SyBlHqd2o;S0^;fI|HOiRU^%Gr zSo-5#x|YCXvfh;N?^J-kjUzOJK0zuRa;9fy3rH7o4|}L9XUfMuHB(kkQ2yE^igt9? z`Y+LUMtj|A(SN@$6fP&cs@Jl^8;I25WfZ9b({s8Y`Q$=j)DE75I+bAbffc7hzy4eT zD}ygG8RreML)BOb%H5oaGnk zZjTEM!zGzJn6M({{fdcX<0mR*GkhzNWqSHcFncDoMn?jhxB73)X>b@}2oXb{s~`j| z44Jg#1jny8bcXyX57lnSvMBW!u3zLEy?}M!A1SxYZ~V*onQJ(5BG~JdQgIY5ewOD_ zn609iSgE;OxRq~etUFu!+!bsuC$7$hp*PK|R3J`=RWV>yBc5pic9VvD=r{cw4IL2PhnM>w-?XFmy%u&4}wqsnjz57qgGBEqt3^U zfubm7J|L8DzN=HO!N&Nf-csr)$+L_3!`qRlkP>lv9Z-Gs$fw0@l>=M8NIn$I5d?Iw zJxI7SVX_R>yuw~PHlniSk4!EObvu6B^`9$(wo}|mZCL<@zB76od0qZj!_EBqy~E=p z2~5l!SXSD99(8yuIH8?gveatIq46JsC!l!oGTxFI6vEPf@UrKr-gNH#IEXIUOBoNg>RC^FVu>z)K-Wc1Hr`u4lZf7;2^H@m!E(0EU~^wWKG$D4slQc>^dkiy^h==S7F zX<3vXo06*z3T;n*`yIm6HY5ihG$eNG0t_ihNcDQl?H|_>8TvUbHD_F(->Rz5v%}|5 zc?Y>!Z5}&AtA#s}#R|D$bx^NQ&NsRq@K0y?7Otstc#n4oth+2%eFh+&(*94(_(kP3 zEAy;82XE!nC8QM{LK+H14Fp$s#sbIIkla=~C zt>WVpI&b7zMk(XprTA+e$uOFP*&b(MU&GX)s+?9gM;)dt!oITeW1IZ zJtwX|AIH`u+%pTFLZwkTK%`py*BVLl(GtblzjX*zChPMU;A9osqhT6&zF`6lceC+XOA|&Lapu_%L@okVwJ{BsLcn!6!&1sTxjto^ zq+r6aXgcV~;EMZ*jleKb!IRM|U%=NJ)ofQBb2%2T4d*f%CzBn6u-ap1!pAcH3 zQSMh%t{T{Z8G#?G2i$U`(0KbK%gnwS4~fo-fqI;dJ_0p|oin|lV{JRvVvmNHt!utO zRR>~I3-qzpC1x!0E&BoT+v>kmA9CV*z@93yH@A_DBfeDD9W+i4$J;L59ib;(50^m7TEEhbwu)M_aXB5Ax&V~F=`Fq21tBDUDEn~NeC3dsAp55$ z=wh$nwizjAA4rzFmz$McYzAt5%a^AE7e$+v6GpVsv7B04e0Mq9uTb|@`E(xVu{hJc z`Z_G4FZS)ti{iM0M1%&F5-RIcUEa0(MW%0fkkq8UA-iFBG-slKeGKk^zg~Ir4vuN@ zcu0k-C2#T&k*ivKiltP#^jg6kSJW&*n33YIEJ>Zzaq=mJ3})@HUQbgsXa}HkKDc^2yG) zvJVKzbPT3430MXA(q78Y=@}YPZ9d)<$!j+!nVdQuH5X{S3Wv!gDlOfIW^$Cp`$j!? zuTY=!mcr;Ov+w=xtyBFp3w0*HBlu8FQJ1`P9-pW!y8A+FMY-Ua^zZ~^#t+d|tcUs; zbI*0}r|Jr@Ar6=2=0~|epRz)L+T;c7^nT?d{}?sHZZ~3$+5sAHzuP0V#zXf(o7Org zzuf8E1L{4&%hHE+Vu$+C0G9}v|HU+M;kDO+i+*+B@#cofd9?KXI-yG^-r@}*AC62h zYZWP-;ZOKE$LZ|8ngg;Bv`UR1FYwB4D8Hlf&&m3H?2Z2Rso>R%-#1PsSr6wU(tR5Q zUE~0@$>ID%1p0C1Y$zRL8(33x^JLH&Oz&LD-T}4mCZ?;tDyhrowM#unTy9@_p=a0! z$=@-g`Fc=iCV}?^KRL$ZrLT_vjkO9RY)4A9H%lYlHw9`KT`1ftoTYZX^&@@=j_4D9 z#QL2Bvriq^nlMMVMx|#Cefydu;lx$TyN4Nk8D?ytTcmB-bVlbVrG=kB)PS_n5J<_) zvwemHcJ_fwBS9No!*t}`@oFG*C8KPQ_saAN)H%eyd89`Mr zCM6qfH!ftVGCq4;^F>PYRNqh>sN$f2DQ9k;Y+UG%bYJMl5<@K~Sba(w(kef~N5tA- z%rbiqz6yW%;dbj`;_)#3rp#BE=L%P+d4QdP2fDYltEHL#?0jcr)VzsuV|BdT+@%;? zvS#LLqp{$)lb+g=3C?&(F;r%aB%1*k-V0oaJ#mq(XKvrK(sTw35S2avbvOP+xZG_x zdgt5h9@0V7z7l8m*fl+5cQkp0E7I))tHctmqC;FP?S~^A@X=61lb7<&Ry`v+xKkdcE6#8qVhdsM4QOvT!eVJ zHe}|i_0oE(@4^Rug5i3Wvn^4tjV^1z45KLCBkR#kF)gnWEMg~f2wW_8hsvZtr5A}+ zm&^5;g9HHuzlP+9DxUA4M9UNXgd6Tg+EY>0gDIzl@y<-z!T$;6JsG`ptrl<#6)K-8 zjH6KYoS&Q4d#$!M{5K4X*7@EdHEY^a`%Qx?3Mp-D)FH$XZaAXQazrA8P;z4fly1%$ zFKP%E31Wa<`wS?JU0K^^rbv3l#zTK@OM1Z_>-YwVVy;Oa2yWnA#N#CY+%*+6B&6cLbBv_AHSKTjo~#ko-!ed#q#e=-V?oo5v!;3NbzU zN$thTnziHdpZSkyjedl|XuQ(O9OdcH)0Y*_498PBVR?tHz*15EtJ58hAOpG1g{`a; z=gIP0ab2aAR>2Pe_0I2qCJONSo=3+jnn*V2I$5Bua$@Vo8{|{v?$M~VTvIG)07>y? zVnlE(!pl643ti_hSfaI;|Co|8H>R(D7g65RkkZ+rp4gAi(lKVp_ANHWFPrKm(;T5Q z&ZsG8#E;qSp1eCh_R#Cz3rEh*>FTIB^p!O4`9Z9 z1>Fqje~DL3%9T4mg27*Q5V08T5N-0H41at~(d`bFYKY~i%PAMMuSq^INK?1>j)5H( zP5LS7-aP3%*k1Q<{<=?S7z1Y%v!GICg)pIks`}2EWX-?D-$n_{ z>>KZc=59X`8(bMf6w?%D18*T@`DDwI1zn%-w)2&n6?C+hs|;rkclP=PpS*QUU4?vQiU)IC;G1&t7UuUmT7dWjCK*3lE%^hui>x_oMUf(|Nk;KM;@bW+W^sSX2w#M;)DrZ~=ubL`+RSfhwvbQJ zz3i)s!7GOM6CSmysQ0XoBD0D`-?4eGWdA-!`DSN;PTNaaksy3W?6}8N9t}04h9hlP zLi2pdyAlQqh&HJZPc;6h{OB(sN~5@c8{R-2`nBax)rhZ?csoBYaLy{hF&E4A~|Xu zRx_Xvr9=_O0!e%VbFSqsfAkGAPS?cPtWC_tvLGRENi8zICegc%WIz$J7@^dFq711& z`of2Q_)*mi5W4mS32{xpSq0^M7*#u@!QaOtMFQc5i6dj1?#wIjN_HoVu{9QqbyU>e z4@{tSJoy?r(VWyu2dbS5DVXmqt2oU)*crq_bsL-!e0Va+aVOiDI2$aQKDS&-RS3-N z^WO91o$KcuwVZ*`5(SqSs_U(p&t+?0e%9d$$e(iKexQv&ki=!L<0ZstJ$4goYpu&X z9phA6xAgxMA$j{6jh->$J8?1A*4Z?Po5}T0PuEQut}?;oTo`k0)B6`7Px-4KTCFmz zI+X~$d0!afxWt#anlG|uL9B*RKnoXVhJC?@ZSjqcev8VfcR8CgYnpA1v#VZHBAL*1 zrp8h)?!kdP6~t-!`_OBL>c;j$3bL))LMQCEx1z#-U8~v)!5J9HnF@@LdCM7c36Q9d z06O{{+VtXn9mk!2=S}mP<{uc&+E&`1$gayHD756^U06P~)0@n0+>e0uRoD!OQW(TK zKheqkUok)=B_swt*kbM^Z*ZQT>fb)K9T*N8GGe{<5wdUOxWU1T+s1Lw=f^7 z78}h}IQ^e0TOzZ3hk8GO7s%t?-;b^W{OvL?_Dh@i(Hz(th}a8ZH0HKpe|{~u-?W`2 zSbSyG@JWfuO0r>$ub-%_TH|o8*p^qh9z7&7%`(~v=xP!#Yy)aij8TbwvR^yMp3_vCyOqLh6-dP=;InQ?H z&OPk~XE9`2~rTgiXOY$Ip<5~|2zPS?MYZo0u^xPqU%rIgs>4hH>?ppy)9?lbs^~s(OhGGM?04N5Za1XiNSU z)s%5bty@}vxqQ)5i>|WS=f!LJW+-871YfdM;l31=tIeOfn0t~ro)`Qu+DqlNnRz^C zbXb)KkwfDUybix1Mayw~{fZAPQ*XeP!sSozX`?VYX#5jXQjd5?nK*(olt38sx&q_m zEDXuFO?H-)1QRsZq60b~)>Z5{srNg--kG~vkBE`Y@Y%@I4?`7!YT^C@#eQ#(E*3Yo zB+ugzV||*!;8x*+*+%fvBj0kgJZ#8^r4;?L6TH$!)8daYhUh11J*yB%0lt`CvbKY_ zIe^^Xq)<91p*MNRJ)+J%pO^5jUCyOvGTI<2?NJS?MJb`a`;PUYLzu>}KaaNG3-fNw zrt1%F30bU@DS#zj86g`)yMo>2v@UF85??X~Z8Z3IVteapr4OH=JG73UR$;UvoorFK zoh&kQGcgZM-n2VKvBSJOm|7_23irKSJxthUQM3x9=quy^vAn#+ZhW&juFcaA^@rHD= zslU+?TP$7h+pY;G+uVODguMWP^@L81?i(|KgRJlvH#P-hN zMCIs~n#~-#iTypK9>l|86*;)gr$;>zaN^ zLaTiG7q*2g&3oe?LVY=i4w{7z6A!qhW;NS2d(tNpL62TMfDUzx@nSl#2OA9+Wpb94 z>7QDRUprLtRvqB&kLA%@G)}DTi}3icxq3B_v^0IA$FqfvN0|sZyfX)f(MH(>4xjoM za$=B5_YbM(S{knw5pOqbC!xgDFWzmcm>TsN(Q}3z8F9N+;=EqHm$)%-g>`kvQj!1(D z?lwm+;ryd0SP`~wh+iXdcm4m}yq;)EE8|#QV7vGzWKBxNracTxm?(Ud=8AM!f%}iq zyd*<2R6%TEq6Fm){dl+9ZOjVTPr9-&zv}i%QP{I0Vyh2lo13=13@1TP>g3y*_TKi{ z#m_Bq;m#Q(>nR<_-%v0FbF(R?qC(ey&RDj1cp5Cce|G`VETIAQXQALU*H4z#j2Rd!BGrb=tKTQLS|Nadyira(lsKx+~9e&vuGB2BemrNuYkz8BE zJvGg=gkgHRra3~!S#-YS*;@HS1X!}B>;35q0k1Wmsk!@N=Ng75qco@mdi+3cQ)$c@oo=WnUt^n= z4+vxGkO}oXlNLi^x{l}fGW}t-^VRSkJnhA8iA?votK+v%niHUzL(H%jbv_jb16$l| zVPrlV8>Ny~oIo;5v^^fr8-`qI`g7-CrP79$mXM<9={Au`4=+QYYf_EY{p7&3^YQb# zI$bqRo|`ZNvj;;Ao7eKQw>_>6EsMbD7IEd|#bg$XTG~WgTP#mY>F;9`p~KuGzFbHN zW-pFRzxo;ZS5d+t^VWT94Y!DsHgkMoDiXF~j+)X1rw0I1% zy~Mp(z+YUHF*Af1M>L||u7{T{S33l$$l{aoUu5s|qr&wWresh`DZ2bTV)Ki6)T|HV z7B!9!`A=kcYMV^3Tw2qiPPO5F$+m&s_`m)N5Vp;#?5nM3QcWs&2@SbrK=SiCimzqZ zgBmYgZ^D0A@@FbWc}-e&v*8Tddetc7jd=}u?_$aST&Ml z$|hLEp$g;XwOPI4N}+Q3iT|OD)@22cF!p9D7zJrFO@Ju zK8!KfNBf_))Jy?K%#b{J)S1`VUrj=!hn4I?NL9Td_u9sRd<=1jXQ@QwIUT-Oyu1T@ zZvbfBGp}~D^`_h>Fw>a(*j2h*^b{i%v>L$qCK?ZOC?-2@e2z3+HBN6h+umGo2$UNF zqTsVWs+K84=*9}Ak=(dVA{q5eY$CR-d)xE|!Pn;$psmKK*h<gI%ff_odxS%$Xv!f?>G-Qn3u_oUXUP-_#6z`lMXS}gE06KRf@R3Z0*drG0ARLmde+WtvHAeZ%)G~vRBFO`w82R zsBtN^Xq)s;YrYssZjjd1NhN>tYuJdHKjUS1@3nt;a6{|Sx^2t%PNpY3^K8^HN5yCL zjD646jjGB08NXU9ZT^m=I0D}ISXwQq)*n6MIqN3cbfq6$I(AR-*7=oc@_nD={7J^W zN5s3q@3V~f##FqUjC2#Cqg$MlNUA&=!L8AZAyU@+!S&GwvI6Jd9`g!l`;&Y?7mDx$ z83jTwWX@44IB2Zhepww2c9QkrF$?Qfab1qb>tBmQbJyf|)x0j17?a*k#C|PX(?aka zf}epZ>4j-4nq(1NfJa^BL20&&=D!(mz}|g_uelvwHcYEU6H03>|Byt#n`7sa|FJ;V zmn8qRSZioL-D2JB`&?m8dvMa8M}Dkn)5=+)i29Rva%TGZg&Lsc1y#2|md2g({*{n- za^%T{M|e=jb!S&ZFaHt%W0BMv%SDpGsm(_%Cak7SQA|`qHC4346(zNrxBP^&-ltI_ z*g%2a>a|`6vc3(>Ck^Ed%jHi-XIT!KCn>Or-jh8>9fk=gMV*J z;6nM97Z@9Tn~U47b|hz11Bsa>HnCSL_ydPj-Vf3;))!tMQcyOK&NG9)d;;?0r0l-d zct*!fK1_} z3LH z^mFtauqu(JZGSkln3OMCk^P)>|bnKvpvm4;(gl{;v z4E@&Mj_fg*-{@=`Tng+16yVh7L1V=T_|KHahAO2*ZpR0X^vhcfI7VZ}hp2rOH7-c( zKdmxWlSGuSb3sBvRVM5{gVZO|-x^oR2`D+A7D9S@D)uYD2ZdN|;v}of_HOgRLm=>j zWa{Eqg=?*xiiLWuP+DH-kD$!GMdwG=eVUVhdapl5>gUNBbY(p${uPP1mD}08I z)!2+gXL?0qRmkEd+;LB z(3_-A>x~NIWubzOp0Eb@8iS^QmR`>X6?8x)>GwTIgVbkKB3@E zJTX-u(DzbmIcXAi+2_4~Br&(m>2M0pTJ+u!t-3)kD8%4mh*4iuC632Rx`^g6!leO= zqJLCo1Dd>>`;@A+XB>KfteVRoKHd-~Pw zze0q^o76Vp?{_B~>X172e(Q)|TqKE{Vb zCULcmzo>qfhpVoFYyM|s42%88@FEoz$&(DR*$&H?#3{WR)?%r*sgWKTLu!khpcX!4%U+1FaKy=WLgl05EH;hb zp4dsv!||$1C5hi*$}qB%mg z@7HC%rjq(JG`&m6GAV$ZPTqQl4&RtB8@rB^{YFSCN%OZOQZxG*7+64331G$2=f$>P zuht2vOxrvU*fPL^oNu4%+AvqW7q`b`mGtxAWL^%s_uor%yI6wm^GV&T!NlB^Cj^^x z=;ZkuT4a>{Wx63tyBd6x1>9%gz0iC|S?9DQ<10$>wu8+<%y_ZPc^M~8ztF24KWCu7 z)pqgEf+**ND9JVo)u}hS>HI=0HP&;3e}ag||&*+(gPs>Ev0Jp#ta_3(ffF zi2|qT3&l>NZCP@Y0^;C_RQ3bDgjp9$Bk4tEny25+lPwSXt@4d2N^=gG)+JisB%UW6 zIC@G^Jy@V+e_%B@aBr2|?sGr+4yQ^lzTlYdGsZq>O!~3X*`dSLy1jg>Xnfe$y@QNk z2```6EEWaEXoNp*)AsqCITl%1W!_m$-8njB9+PpJz=yp^taw$LB{{>ItG{O(9cU>|f&$5<@y@Jq9rUTp6d9 z!LnKG>L9=+DD&WYoM9t32+jzjIzX^PcC!aG&kaQq3!kg~%6629@M54lg|C zwT;t}OjHp57B^sMRriUh)1!%WtdxKZM_3^{Szl*);4M61720^97#qeiPE&s+JwXGV zt@TW2mKOE~s!3Ji%7~O)NoT%*>Rf67R+5==RT1rZ))|!j_WJj`ghEA->dgnGctGU? zb>*9+VDUn->#(x_dna@QzUK(u2xdI$X zS~Q;OszYSIJYXZL9Q^osL`|-_Dp_5OXpw5Hur+e*_0PI%R_nzYw?vzc*c3jeo_y@o z-*hS%?KsUdFoADbY+tY48-v?*?DILq4~q}M!g;6F6C2xQ%O5%36O|&Vi$~oOvGVzB z5WrGN=2a~RF2lS(SWPu?Zpg=fSi@(rY}H;iz0qBfbWBo+IguSwa8#5+*y>c?@94Uq(6YJvLMoRatA6J@rwq}lAEsD-Dkw`p0f--~_ll=MSmM;HrjiCa! z4dYu`jBQa$R&106rk=|zR=Ma=qrgXhU)_uQg-i2zj@>yaM_3edu9_^xTeMUAV@kAc zIkm)@S8kxV`NR2i=Lr_?TW!z`lKnIGvn0c$>(WYOaF`;CCf7j`j^_Yd$m9t4H&^Yi(q-E`Lu8|0cu>Sn=mj z5P1KQ(4_alF+J=e?2}?C8zIyrG>-xsyU^R$O}t_*Cr50hvrYOw9=|kIqSD$|lLu`j z`%DA`CCN17id!_1%8S1&L0ZG`HP;nq^~6BMPjDSKL=;PC?^nOTG;4hsmE;lVK~{;j zD)ztsZ4?nfC_-OCfMh7R>MkE3CSOYobPGDlkuSZFl*(_=+5i<46$hCYVqiz?wxmfp z`Tf%1{e98GBtK~FVF=&b=K2S3)J~LW>cUI;K(Q?7QoMp4@xo`?`34Q-?&<{;&5b!K&#hNqsR)(GoMx9mk}FsS7gW zDMtC}!Ggc7e#S7-6Ci1R2=|e~Yd_Q;r+euHb-X8zig>#nG(jVhB$`i`W`FcWu z^R9%5uTMyIee(&$y+{tsVoG93Af&p#{HEWT;pVk1__Bb;74{7GjX>n{@=l|uFDR&DY699sU- zxYYAVShlx&LF=^P1Z*#PJm*Xw0oh*Eom*>Q{&wS_bsWNo6R7xBlUbmXwLsRAjY%S_ zNMGlOPHDvdsp%w889VB8xnfOHj;vw&=Y66;WQ@4PDWOb$d+*rMiqQF(0^I8IhgteO z@QWJIOKsP0vnvwPO{59ejy`BLx9rxYKi@8j3_cGAIz9^p_`_AvLUuhlIaE~e+DNsE&%opP)h)Vb0bgLr z;uQR6*~)OzZ5d&yr&;hCtVC?b%WSD|&O97FR}xDXF(2qL z&=aCTkgCPS=O5)9|A^NSLDJ1z;|*zXrJ+E4_myQ9-l6ay}iqJlQr*q$$Hx z?66eoP;#D_q~ENe7mDfxQoMh6KF7KjU!GEBk`tRtJU!+asf!TTe+50IZ&fdUPswu) z4XSob?9}{fkOWn40o;djy>f1W@GRPW&zy>=YPRV77`*E+%3+x}NeuMrnb-BV)FRMa z(o}rcjbMp_tfYLCwBJmT)FL8^Yb6+51x>Z9Dc={)yFdufyo2LZdZ!8OhdO6R9JR)Ta46#Dt z@wS_cKXp`H^C}(^Gq5|Fwd%HZT*VGVP}%3Gnp_iP7_%d;Nma`C3%4eGqpM*RhTWXIe)zN)kPdXdK#%J z=sQm2B3b)H2#0iaoKvw@O-Z72LWksNKhyi2!%b3*T8HhkAfaUy9QMKx>(f$-T=L7X zuPU8Ys)Qxm)%jSx*^xBEy^W_{tsqk=^WhIHQ&ky1Z!i98n)@bR#PkI)LIlCaPf^H z{MlF@wqMb^k@qINpPWBwaKgCA#dfj|`lvZyXYGj`ImM2978SMlZepN8LTanPuIKMO zJPKvP9F18eX>WqeVBxag)QUihT4^tG$awfS%xexjl8=g z9pS^0Q+~GUzH9JQ?6_LhjUMNtI7MnJf&qsh_P4YaP%A7r{SBaxt^Co9iA0kBQ_LK{ zGB)ngtcR2KE+%QO9G`7kU~K2rn8bQd$ZPs2n5O8Wr3KJ`y5>yn=nI5QCn+{Xh&Oj96FJ@LkUg&<+hLpPL462H5^>BXoc%sF&FK}w z#>u%>jc?Pwru(2STivoPR8MJm;r>@TrV%n1$3|N<{Ng|D-RpJQ{U($t+2Y~#czzPm zFlR@j1yGhl{fwXxz{voz%81`*yA!j9#_}ayi^CWjI*yRN z=cY+2%ZJZs8^P{5X`oV6OmNL9Vz>5X+$kfB&6I6S9|;`^K89K zgBs?^YhV>p{{+B3xMf^h*3@APp2wX+cKf|WztFVxnY+naY2W!w^xk{QtNy5VrjI>@ z>-aq~PV2B?fHaB2M$9y9@?~%?kK(Jz2h}x0}rg$wAek*4}fj9S6fCm>^g0Ow) z|Fk3rM4nco4pol%Xz8Iwq%vgQo?2X8Qyj~?Qn>i9L@6yy= zXy6}xYxw?I{9(nIh62UIBki?Ma^x9CoQ_YbheIHXj`e@MVT-e;;_xIA^=JAA9wlfxVBmq8uBO*A)>J+t?1-+M6_0IPt$S z3j+dQqkd~ykAy1y|vYq{DLCdQAZ{#ZwCg9f?V zOob;GtJ+?T@0SjkUn%}ExHU?j5!&)2{SnNld;YQ~F5ZP@;VRzlUCf&9=__rlhYle= zLug#FU_)P=9(~TSyf?K4gOSj-*>XQRscQDuK=1mx{&b$0Le2JfcDvzTt?x}v5zvT?3B_ir%9t&py%~vny0k*wF zq;1*1v^qM-?Nv?}H+0L+hHf5+-wj*4aBa`Znf&cSNxwbxsrBU^_1T;_OR9Los2*LUp&|prQH*0yMZxNblo~%7-Ib&q{lN6dZ z-Z|tW$m#e7Enb|Gcx$6wsi1Wpj;sf7e6I4KQKVBNIO(@h}jbyq0fso7oQ1gKI(_h0zsnELX@Z%@cpWU>b)9L`%SC43KUS*(Ly zaxW0b5fsx9s5!N?_bkIK{f6|Yx{1Vu#Gt(LypZ1Y^o2(|aRN%KphJf5?B({2y@_b3f1P*uRRr|E>>R_y7O?;*qAo@H&+_*x|oBf1Le# z=jt!GVE3w2|H8iST{>6f=xNAM%dsDoe)Ul7&OHNFsJj($x#oQ#=V@7 z!_61x40NQ`a@D|n5$#C3&LPxcHmT-wlE@{Zps3HFh6ZTpg5FyEq4Uw_B_9e7ndu9FXg#VK}YW+^Kpy zqkHn}&sPy$#vOAF&ywVduf=pzIGf5R(tKruVlIS+38j-W!#@oK0|k>{8B^B=oEsbr z!YgN?!G=U_Q_s+3e3c7{6$|@(QPaOgFEsOD`OO3QZtr#HYwBz?OBIwdaOtM4c+GUV zo^p#_(~DP8civu3tGoKMFHv*16tx9+lRNWAcBA93nbo6=nNQNlI`nL4Nmi<3V6R$w z^Xt$xr9np3?a?LZ)5RRStl_HT)fYQs?`PA-3#HJBF18{+ki$hyxRpk|lWcQeTr;O^ z#q*+duCULv-Ag#@`IqKZ~>ZaiWC5YNGj~+n~-2 zr0ClA$ED7Kse>W#u{uroR8b4dq~79CLB?n%68D$J*;+uCg9@H0oRcl3^1{fvqUB04 zai5+_#Y@+s2e_Y*1W}+x5`r@)$Sp=F7gXl5Nc!;Qrb=FgGXon=&;-Ph)U7HE-D+@ZL;6RfzqySuwfad&qMZbgH& zxVw9i;O^Ew6Z-t$nRjN*mzjJ`*1eLGeV=>p>$k6cuJv9ZcP@89RXm<$~RJmKw0NnqtfJP8Yq9Tr=|26 z1$mJda%NanM|X1DEad5$XYm)>yq|hQ^b-r^T_~u=2vYT69U3IyLCgzG9re$uw1YsEEcjD2j5(4 z6bn;&w91B+wNYP4WVExbZXTbjBE~DsA{NO>L*kaUKtoJtS!1TWhsmH=MTWcTutWNI zL#+xppmb5uGN*$%U$R&h7KS%lrlnm;$_mZ3A>)gXn~c{hu5Nb1o9V_vvwasq8TYjo zoxU)iSWj~VxqFl1rf2F%lVBbn5F+58=q2iUadG|On(Qe#f!@Y=+$p#skq4!DEBIBKA#Dy-?iQEoOQDZ<-1LX z4&I35ORBgR$&EYdjss`>^=;Et@N{z%D%x;X zsm=x^CO#V8Jzg@{XnD%^+(&6edxtrMf0#W;qstK{_++2=^Cp0@-V{oso%>3xl?`*q z1~h`N;^BnX_vclJaoL4I59r5C(N_Mq$RNJzo3m<;VjKY0N}sHuCazN9=@%ZeW!ocy zoQCK*ZyFDlmB}SCT%R36hnRh@qSPPbw^2>TL`{_Kxy?8y1M57AWag*KhLcv9<$-Pr zb!|r%i^eGO`pXm{XyLGZ?rHqgy+0kRB{TKv$Kzy`F&3p7-5WSl~Yrp zujRCw*{qA>0p?YE-({xC+lI-IWc)43B-FW9gX0SUYv;a>{VC2O*xjNl(8iQ{TpGIk zusN1(CbxhF#oXFGNGfr!#E*+XM>5K&YC3D+gM%Y3bQd;OYrTL_L287hedQrrc_Ff; zmU>x-SSp66OAvadmeHa>K?U;dNn)xWV8%Qfc8JjnKX*#F7uOQL^0Wg%6~AY0efns%jL6UV?Q|G098Aveo zg^?P&m!VO;r8ryOfKk=z-H-BV9ukEGn9oV|<1n^P2mNwbSXXh|Jm$;Pwhe^@6cOdU zdEFuXqwXWTlO$Xfua>3S6PCQ6=*W`}iK_8nfAB;dhqhO!wl5HJ0fuTI=wF$VFujk! zO7fU?Dc19~GzhyLnS#?UA5?+$*4Rl5i(oNT-b5Z7wbm0`+I5YO48JP~?*N`o` z8x9+3-7JeeYv$P3NS zFC$!qCz?n3FDq8oWOI)+WnFY)6pPoo%-8f7{5JHMDr0(462 z=K^iL`<BVuT#j%fus`V( zx*NMGu;zcoR1xcPG4W@%?^n<-y~IA4qtdFVrvu*E0~&=$2@jR&6u1KjwU~hMAeIS( z`!YwvT(ClOl(F~`XP2Y}jqS@WA=RLkTT3wk3c(=K7-fJ|^qIp6HyuJos$X=bngy-4 zClM?r5@u#EyN$Ttj8qYYQoolD;bJXw1avuzqibCqzdfmUK) z?p6E#5+MUTivfDc>PEw`d2R}wU>P4AS@fnuO1+5_gvCLQU1WrSiOTWtCG+0!G!g0X zIMeSnXAip|F`FLRnJNMgUNjdrEE^}EgVBXUV_fT;Cwz3R^s(xHMiIiax^z)mCBeR< z6WyWJo02>U+Y9?~po)F~o6`&(wa$|hEfft;P$QPfVY!oev$1SD-wxiU|2yFgoJAe* zP$381_a5Z)uKIG=2WV0ELv_+hP(|g`uQ1Lgvq%ETn8|8p8{*aZXGk(yGF1w4V#Kx> z$>7Nzc*M&Mv=BLi!VEq>4Kyz1^JLptihEycu^1KpZHeP$d8}npJ*MP?W+H85JHzkoS(ve>nJN?MxgwOR5~XYOl_xOfH9;C|8z; zxUeSVKA9hguvan1hNQ5}aGrB%%3^>w&iMU4T`e3*!yxG6PB~LL$6{ri8;-a~nl*aO ze8KgutH(!<;v?>+1ZLU?!v$(jUWS=2#Y}0i*7vCjEv*#aLS&B;l8QQAuK6o9YZI6l zm;jBlt^R1L23}7|beWu-;wtyag>Tj|w7p9)Qp8=D3a&PMCfPB=nm&bIVea%0kkod( zsKag(V;eGNjjR#RKdsUWTWMmaW^aLc&O}kLIbhVQPls|Gm@4Ue=dX-t{$Q6@PqJO8 z%6oM264IgKXI_Cd6b5WssamnJE~+#=^j8x-!s-c%N^s>Qzl0Wjl*#3DGmUwcwNKqn zT#%_QvpJU!Ej_(_AggF+h$_-ZzW|6)|S$?eUDmTRuY=?eO**O-Pv#4KcJI%4A5BFYytPzC{ z4PQ_tO{quNEye5K@akoG%o(3vv@XLUA z?dSk&Kevj~(qQY;VzzaeVx0sL#b@ipB77Qb*3PJgq7PA;k8qn>4w_8PYPcc-OI_(q zzlt@ZUCDOIdc{#)Hw!}+s>|C#?)3TE{Gc)kSILwH6NEJzAOV|}p7tg52;C4NF%#4N zjD|Ew&Mw8E_iGtpt6Wj=!wNM(D6wYp(`XL6s8u01t$566{NjchTNVIcNzyv{n|&PZoiNR%jFopsaSE@4CE44vgl_4q zA6#y>#DQ?qgj%^uE7K(1O9FoeiMpuW_^78$UHMlA@h&8#SS2$INbosWb&BL}9DK&L zK~bgB`zkEH$bef35a6Oi1Aot||0C+IsGPCck8eJ-W@V8CgPO9B`e!yQVDwfJj-gj$ zESO*SO92~%U&jc)@#`^bVl<*ZS@j$|e9Z;&z*xt!<8ft%xRCK2z;`)m@gsurFirmZ z0&aYQ$L5`!++H?kQn8R919XI0p=MkLD)cmBEhf6%;rohML&|LOqbbqEGJX`4olO+s zjoNmkdZwpGhh14rv>z2Bv1GvO7>p38UVO@Ah=Bx#=7@Qr~wF7QL543oKFL!3kJWTD~?B8+M>mWq_elapruM+sCF41 za?{8X!ukxSh?jt(3aWx|M?Z`}>Llx;kJNxi*&`@?8GtQlqwP)6AlqCuhm#LR5t4$$ zs))4DXLi#A{6UQ(A*Cu?JD6j)cZK8OR5gbf8xhXK=qkf9_!?}AAC1I9*=ulEfC32_ zOL`TW*06mv;a~mWj^|h1h7966rGNwF>Fy6RdWxGm&_hJj%>x_>;~8%)a{kR|bSQuhxD z_-pUQgGtBd&qRZ~e);iOYxUg^nt63<(XM5yZ!sDuuGHCfVZShZjA}4h2Izp!E zxHNZ^@$QDW?f}vZe0d^1LDHW+t*{HBc7wReUq;Tl2?{S?wpp$}2WK{F^_vlk` z+qK+1og7N>W=2p)-6%Kp||cPw-0CU9*JhG8-(KJ9r0@lK%eKo*Xs<6@$=h}k_{)X z#=FuMRG2-!YBzt!P9~g+#=Ij~0~l0X@{RTFOYq4XAe@Ra`E6qjn8 z!-1V9;CDpZd(-ew6p3iG5MyU`$qqNsmIG@J?k<7Br}j`zYELB%5g7DDn6H_b=KS1I zWvG+wL9QP@=?Lx5Hd+_0oVN`bfv_^a@M1`mE~+p$!H>`Yiu*c~ZD|qEycgpgW0h$J z5o0`zzW)WZWZEG3O&F&Dd zM8-Qqf{T={Sbk#1g=sDPAT@*0LhE5-6G5_BdXz;*Ij!Hq#T~6GY+M|rGhH&k#jMBYIY&DkC zj|&U~dv^m<1v(D*2=FR;DZ(ma440XII0x^zC@ZxqRw(A#aG zPw0j!m%~7H_cm~byVDi2jWPKi`?yywNzuWT{@lJIkYT5gG~%GE>_HwGEf)wB1o(QD zad3Uw_JhlZCZA6eD=BMDS`{@@4{7$e}B#<7bXlZwHY~$Lw9rOL2b)`7E zYR!A2%*l^d5-{f}A)x(O^JWI6FDatZ<(vjmPfpbyKvOHkCEV`WA`I=Q^gOc8vsx$D zE^+)rIx5)1Kh!sus$m}_ill~EWO8jG+qJz*0xHzxhvoTc^G5)%%xfh07w-jAdv zHNP?i7z$YEK)meVEya~bAR_99$*P=OHc)sY^ozpSN^+iWqUvS(Y!6|8`DM^f;Psb} zTB^Hbk1;rRtEB3hvcn}1kSWT|FR#(01t&zcFD_268d5DC zR<_55#fQMFSwMS{%g}hCZc2I;v~O|f8FH@Z{WFj*TO}S=^*l{l=6M!s-r1VVH&f^a zJc5-by~@JssL#U0O#ihhV@mwfz`HoMP+AiIj4cqY)odG!Ue-7Fl+{}> z*|Jbg=T*bOyXh#t0!<6IaHl6?r`pCtL0t}wMgL1)D#K>eQhf~#R#>Ve#QG*xl_m;& z#5l*zUO721Egh|FDfI|x2mr{l0{{F>R)G$xn1Op9jf~o{3i+GPr4H--jWS(DYyMQ? zJ2L5RJ+UH$k^N_lZxKLIDT+Un8?j8G>Kyf`aqQ#@2DQ{Y(CNxQ#+-U=$s$);&5SY- zRz%VLEkZ0jx8Xs3!h-Tf6^_*8thbfuD&4=e3Qv!nto#u26dh&h@^(mEBh!Ik@-?mX z(6Z8_!tL=+O*nHflWSH`@d@VdQhw~_SnFK|rQ#FQ-upSmMBg!KCFa2=k3!*I7p4s# z4yu+wMn?1Yhc$-@k&O!8#*i8hah^6iWXn%pY6mUiZyTT6Hl^$j8>E)Ga|B^|8!RqlTvoJx*07MO+IX2^fUpu{b=WRF+x|u|s88nw@ zy}g3I<4r?Co{Q({KHTZ)*w;(pY{tHqzJbr}kUbDBcyeX5s1ie2w_nx+z|c}h;c z_)eM&u_}zt&v>KnDcWgOzKlYi$#JL67HCb9x4a1(cf3v z;LSZJ?%nTRtdZMRc&F--G&Iou%YHkn%S6R{L41RJ{xgF$0*cVFp`sbyEtKl=UFSbi3zrZkdOe^L`EbXe;6CAuX(T(_FLAEE?pw_l&Np+)N!+ z_wM$lyHyZ-9v~Li$w|<{=4&}u0T1NF$64T+d27sjE4SY_Ay%qoNGl|3#zL~j(sx2B zW%9gA`*JPTnRJ**)X8W>uu^VaiVXqXzn$}8m=KK;(=#9)1xa=ZCrD>98FfIqF*kMk z^GJt>%m%I;k2SSMVMM$$*tFZ+sjm(CGfy#PkH*JnY%6i`;BSuwMYuAf7hcoWbO&Rl zXTN>l6%A_w5+dBVkW?JqKi4R-i&UIKZh~W{l|SZWW<7@Xp?63jWj3K6XLa$jrJFG? zUDD~Je^{$yZU|MUG?at!(ZFjpuRg=Ou*VM}Ar?Gq41zc^`9yO1s@~d~DmlmJ^}*5Si+I9`-9L!mx{?DPM@-LdLTQ@@duG7MhLMOjCy1&$0IzW z>p!c&mF70cd=S$jVb1QA$r5rf?zu0kK9`S&(I=od{>r>6|D-bRt9)l(82RaEgTxk9sAtba{BUgeq1|w&K0Vh>@erl z`^ysa2V;NcT6%Bjz^^t{)7kKb9=+*85-9LN;?S9}frz|R9Yn)!P%t#uwLtNAl%wDF z3lsbSxv4g+R(5LZm%cJ^Q1vF;(d9SBT`UF{c6d%^tb&&030hEX1unC$LXeYKguVgoP1RhE3gwSGAcL@H+MqW5Qq8Msv{zOmjdQIDlB10a)eoB-gU0`0=8t7h`k zf4C#uv6fhyXc+9Sa|82sGFEwTbw?>D?meoWpxkybHuxx<(78^u;lIOiE;Ls)nA>sM z0*Dvd>@@2B9A)=}%`xHKrJvZecF2)&dMf-uDu!ma@M<56$)y`MPzd)4270k}&<5Cj z;y6NhL+vd`$)}2T8-t+3M4seE5Q#1XCNFd~toxrS$A}259 z2@^S>vIQHW4fqwTdhD!!W7E~?*u^!2w=0)qGzdt-E{nFg-a%LDAVEG~D38rOH&^ZC z)7(7^OKhu+$1ks~F-0@?eU$On6|6ihyW&2_0d;d`M`dozZSJ)UqTmkN;POW<6zPn1 znh!EDUheXu9oFUR(Job;pDc>hYUBoUELM9D-!ahY;kg|x*k}RqTF=lLnsKf5i+@M( z>YG_Xx)IbRHo)FI+3dy)4NP?CiM%^R&s%!5I2KJm3}GdILA z;P9od(s#9F3PnSMcHM;d`*q$Ek{w13Xz@(yp(d^ZbN=31Fw#DRf@sWM8 z-=nZc&BRU1@ZId)`x|xu2HRFv?Q)^5IcU;*T!Hl!(mO*UI_73``-E^`=~^@A>7UXp zG9QsMInr1iyhhA6ZfY*}rxwe)x6;zjnxn+13$M9hZUZSYJ^rrOFgi19oSgsnsa)nW zUU_@|;BK1;gkSp$dDJ>Gn%`T{L^4%L>2Ax-C8O`uOJ?`gj3phbPw&j%sBGq-qW*AaZp1~Q)hBZqogzBAC<}-| zmXDlrGV>}uso3Q{`jOe=!=E@W>R+%fS>0wG)2bhcu#`D&%;8fGep(5{_%6qeyjlR=Grs~ya7R;>Zcqwvzc+0 zg9e1-E5E503>c6wdNy-7?BKccxYOxqdZ;InD0kNR{iPO5A*-E$3dnVVQ;4FEW9T|} zU^1&!pCnu}`w#lPLOz1D-;=#bPk zU`YlPJ>q^Y5G_1}U+e`~s+4*)9QxyXN1LdGKWhzZcb@e5u;XA?IYlqw4J zR?0g^^P;lUWqS{`3^!cj3Sq_*imwaX-|Un-_0(FMjUU{QrW)>Z>8)+4TOFG_Htf;E zFRl(W$~r<5G0M-&>+ioA6seEQ$dgn0-Sp`RYnL)fh~bd8*wkv7b3s^sBP{h|Ll1%2 zkb8e@bN;k`>}r;ecUsWZHQB*KDr?=*Z`-;R4P8cX_|{?l8J~k?|I=mIh=Qu19mhoz zQ?7$W4K9{Mhu}|Aw+y#{nixqg)VlgKx{`c#7sO#cKYv#v3NGrrB6TMGb=Z81Tcc z=lMhfKBIdQmwSzqx1705*~S6+w?6cw>lj0i;WEWB^{ zvT@8Adp{F?U4}&{9@4DjV8aX%)2(XaJX1Bf%cd@96&m}a^Chv<#{SxHgDLHo&EhKi zZAMIGhJM|BGt&|Sc58}!-|7wk{q@~OtBtZZ_wjL#ZqQ(3yBv+cG;=mV(QopbU1@z* z-}d&_F7Ye}B)w|Q&TQJExWuZpn7o;M_2|MBbM zm6ypelP9k{{^gGh7+Ry_WeTiA!JDEHQF#*RW3anc4WTzU*jeBs;OoLj3l{y#S7-TdY1b{ zUM#{b@2fBOHxKUlIKsM8R@BjI5>x$*EV&Cw$~A3;xG8$gXe@rLG|PC+@7cK*&K{cj zQzeZzodtUKT=yOp47C1cRS6(oJ&~R8wh=VJ>=NfxG7B-Rwd^n6I@ojTbBS5oJjP}n z5BT@7BzMAladkoOp`h%Qjjz=*}N=AGi; z<1{k|=zaJQb=UVl3$BE>1BgR_bs2h8;p<1V7*HW0clM$^l z!+s_r+w5!6DKg$Z9^qW{t#sayBu{RLbHP0>SL*E5u1&bNL}&Qog%|(B)j8*&?NsS~ z&3hm&GH}febsEi&CHUvs_Ei*hYpU)W+`QqVh;CHvHiai^(!qi7YkY`LwpubuJf|I@ zh7WRY0Ewj6E{0s97hxcWmQ!lY4!_jk9=lLdk@cdlqJMCss^@)guf4raLy&nKhcEuJ z9oN#zs`@1zv3N+<Dro6*c$IDIS znP#;R*8X@7MLOvdMTL4)+#*ljQ1OL?t?SJC!p&)^5N@E{Vj-or-yS#9-w=i0AA@3J z^E-1|sSU1o$xW4=SG`iZo}Gs^S-a9|W>0@>Kbu#pg|ub46iGYq zZioR?b(^d-e9=FtT~sg$Yg#K%HosJ0%vMP&t*^ZfW+^|FZ2b)BAWJOO{qy~!Q*1og zI(gBvQ`u{AboLQ+8{v%~J~U?`=d+#{uGI<9kQN!J|42)f%LgR!b2I0@gKC1Oa8I!+ zOz&`wrG*1y>#5PUAiyqnmuPEFtSY}pz6? zBR*1#SlccrSp*KLP%PQ;BF3D!dKM`yufDD&D4M?0{(g)m*e|EAmEv4VnPOf4*ueQ= z7i&1dn*;_4(lvUy%SNM13yD4JY+|4$d zm)h_aU6M1@fzm;&>7`;todC=Zlj5RU^8*!{jppahLt0YWlGHsmiUA4)DaBUiK*s>9 zdA$?ZEB=3)Iu~WCTbD!~H2dR>d$vEGd<^O6xD;SbEun`<;q3 zu%Z5@j?xIN&6T{QRp$Pc;ZdrJOj=NHb;D&96n|DB9hzW6!7y$pJ`Y1Q52a%MZ)UW) zo1ouS-(cO%H(F*}++W_U;ULnG7GH&np}YD{Yb;+)ANRxjp=v#6A*|b4MVao>*1U3q z`!SMT+id9`brqb&9m!7Lt~K%-FFdk~eH}wNPuG$pYYJPra@Y2;V%YrM`esC(m%>9m z|L{%Lx7-E-1~Vi{#Q(ND;;27T}S>ifjk&2 zoriAr2PWf(jUmVlq&LnQQNGM~d7ZRV=T4xwP7~>Qo7?0(gN<5^Jrs|3waBTG$t;pT zl#d$VmF3>^t9gu2scbS_@4=D{W};g0yQhASHQh%twAfR`trO}xdkOk5o7JQ~t+V3a zYLx!<*(v)Cs*_&s%^6;OEf+>L(Sbu;JW`REx=f@E1I3!M@N&-Kcr-&I!hvHrcK93!{Es+Xu#C;!nvhmZUrOcG{l(LzztBvb zPV-yr1Z$m{pLXBu+kx}_Qv}YF4>!B%SqaiWtBJ4F>lf0uZK(VnOHt1B)5hs77Y5Aa zNpS2uh09jqi>Rt3-4SO&&j^?z1q#YYT1xb*>PByYGU0aJ5A3F$i4*lrWZ9<=9?s%>2f;5u zXi$N}l#<<-p&BRNME;TTqrH~@s!+Z+Xq%wUSH+7; z8F4fUOZz~vPxNrb)QOVN=5DN2+STMy-X)*tih7|sT)>Q$o9n!*5`}6(YDg@R(?(*W;HnCA+)(#BR(~NucLuec`>5g(u%VPpO{jxJSW3(`0(3VM`VHn(o`M zTld^lVZYbb@1M3A?5(u*^;n6L3C6bl3-8QhddOoI#p0tG!;m=rLD)Zp)rV^Ay|z|GXeglsDH6Ifu50Lt&qD$FsfWib!CUknj{we( zzw{qXA1~D-B_ynjVUQ@PSQqh>y70Qh5O3%(@KUdLB6t@#;>X6GZXwy!%Zodb2A?RG zENM2WNeKrShQrL4!Bce%b5)_L0ru7lZ_(l=zYLpHKj&kN^~^%_Rb^^d#;K=1efB@-(pb;+nwIA7afCHq3Fry zPQTYSYv?LrwzlUKU*+zP)dy*eqS=+M*n<@EazIP!GwSt$ccUB-~ZX@ zY+qh8P!rw+pQJo`J4_ATzIi+8C9vY6&O_v?lMZW@3LiRyiVO9gDC2W@(-IrDlZcX~)2f(5$H|PgyN%2 zqt*0lka}sj)L>f8MECqy({kGZl-q}Otx%{2gIi0j^Ezp?>V*^3z6481T9UWr~iG$)ZDUEu*T| zD^9L)*LIRNT5?1HPOwD@pOScn<+@e0(8Y{Li6LFYP_X71Yx<&MHc08pZR!#2cQh;) zuxh|Iy-_1k+cnihAY!N$A!&fJ0D7S#RDkq%jsK~}uOC|qnx6A1@s2|mR+4U)TSsyP z?LCw94rkM>N(0T1-M>6ghC~k#AiDtZeqf~RQW5IKA47+wut(aESDnGbDg7;ljfP;# zG^YCMByyM%9r2>0y1cQPnX|EQPKH;9xWYcHhKWWB%Pj&6%hPq2%ABQ!Z6n<?|cO4(I$hbog9O>^^5nvHJ~kNZcqhH~msX)&|+@n+(FbBimR8>N5 z=Snw2)%_H!7$mpU9OSN=1e?2sqAG%9vg43|fRE{I8^S0vf1cIVZ`$DZnnR|-roH7z z-iHrKLH6v*norOkNs)@^;r8`xV>$p~172!($|B-{6K4*+j$;)~{(XuqV&NJWnFNWi z996=@@1(OtSu#+Yf2Lm(HA#Oxw*_j{nPon3S8GgRpH-ojZTnG0(mos)+iH7O2g?A? z%q;>eH-hnUwX5Ysl&CimnB&Wy&?{U0-E2B8t&@RRR5wKU45j@`*G;vA90JHYYX z->fsEV~9^DeYo4zt!~?ZzOkCS3e!~wG?C-bVZ}z5l$Kliv%~ zppyagrdZYk`Nkm7$vjhg+3I*eVsN$8xK7+|qR%G{`qG@MU~cLqvE;VXd`kdG5~TS+ z-g?vY(WL_<(T={#T%j71xIwiI8J0GANm$*u{T6jnnq!!=M0Q303A%Z?Z~f75|Jd4MW^h~Bx?)~=}*UFZyip5Dk@Iy&xlg=kE!%dW&b17mEXCrc3we}|= zpl<&UTsTz|)#qdR)Phu+Tkj<~<96cb=6L%0Dr5&XNV16?PrKg}16Kw1oI4)!TPkjfwzcRx|Cl)R z_t5)k^R3YTDOm$wP2XEuM08oTQl1xF45asju$60kBHFygIN&0kSDC8qV%t94KseUG z5=Oe_>mJ3M21Wl(HmHL*D!$RWnvsgU+n=S`PhaZ6XyCSc$u1$ zdoG5x&|DAa1_}2J5vI6-U2?RQrsCFQgu_>?vUb3!k4bn^Ule&=&LfFE+OdYq zgyvdR*EJhv-ePDf1-PT_Ob^#b%ulk*uo}B@hpxhBr*GUh*$L^~0_rX9m=d(hp~w`f zr)MpVx;59*Yw4G`IMcpw^r{bpzpHjvDC%$HIecrA?EB1BJtd5TBBJog} z>t1}Z&dQ01X%+#$NlGspF@Y!nJRMyi?xIPPd%g5r6loPKq26>s4zDRk5u^z?)*_sA+ zRI-#8O_9!_;);R00#Crq)4t22Mi1sZE5TnYX#>h91y6-9^SPCk@BUke-NxK#{1u26 z+|TBj*5=B7@f)4fk!_Beays-ypU!sYD_>-$}LELEK? zgs-ymH_|Q&yuqvQhouePHgk&e4pkt+54egR(W+2c-%K3S6q>71*>0kk^;bvZ&G3ou0xN@cIpWde(^Gpb3@L#>7D7K2jmjjuzz`wrE&F@d!M9kT}g1O zUadn)S;zP?=-ca^Ya5qk7FA=__0ql~*n2z2DsMRL$tiVuH%4SPjjs^ms65ifd@2$* zg^957c0sssZk0--&-4GrBPw;7{BurmM(eJ2X$yz` zHNNG(XNCZYw=3)HJzH~HDM~>GjVXjo-#Y)^w$%BDbBPT~NaSB%C_CLrXb%<}N2U~9 z`PW?Wgp(7He&4!NU#bE(Zk}MCG$F_8=7P)NjBD$RfNx>PzVFH>kbZlfVPpbfRHlQR zM0bs)JIEelR(#`X7=Mvipt)F_MmlTV)BG=M|69nsFdMr;-mOV(HVCZ1ySVgp+8A}c z!VhWJWZIvk*ztLM2how^U?98iCe{IRV=2Q-D&}Si#Ddg~ci;k=(6lM?nZ4&9CoGZ` zX%d0H*{*V&VBU@F!L4}bQifbSwh#+3LmD;33Zw{vrlXK2U*=Dbh1;w62hmHr=(;|0 zN^Oqb6YYBZm#FW|zvWOq+XWHYUlKYSA>$BvEQ{I{UtlRcbl?^;(y5XM3$Lu)7gA4b z7EK+BQUSw7FUN-VV)`Fa4_()@8-Zs~LvQ0ODRAsROl07L|4U>yzr)rd(1DnY^d&=D z4O%$Qkq413UO(7Wwl;>oOy?2g>b!Y{_!qL*sHc!`@K2e;_kV8A7{AN-cXr~!UlA|)=z~}-{=Y^Mm3n%cNP=NXxflPpxr!-ky-rMV zu~=y3Q@ClK$))c3HU>kRgeCe|lwk0ZdIU8E=~HoaFPOe|WpPEHT;A_h>O* z!Bpc(H+?cQG3_N;u$eDnFhhf8G@$%MUoG{_+sN?;s$e3pjUIcJYG?3ILF%#@7S0PN zE-ag7?G(yj?Bhrk#_5jlGr0@jpyLh7EgKmE3jNQ0S+F_~Gr_e~0nueK&Z&_aeu0 zUrVi1yPcY7G&=<`KvZlIv|%4Zedq8WPCbm$Ez5*C9(VLML2F{&io0HQP2WCmlGs*Y zW;jngp~Wy{80+0@pYa=u4MjupCM%fG3rJC*Vd8+CRY}{0t|YPgd-}Zt0M?Q;xI+mB z6J-Li`>K$3iH139t`PKD8IHOq`2N0%maA_RvukT6%4}O#_8e9+-ZFW+S&Gg+2&n@5 zZI32~l)OLwJf9pNACHcX#tZ&wd;gR3>TBB$bL+%A646@z3-s(?a zr_MptGTXCbl70>Ydd{>#K#6p#cz*i#gmqKlTv4B-i(GkQdY%!AydqmE2}1lbC-bLt z;`Iw_4frW`AGnDR9}-TyoSzYhJuu%I#Rov>2?*HLHKvsnC=o! zWUJUxC!2Ur7#jniml?k-1^o&q_D|S{EEiI2u6M%_KBk%#I`B8Q>kr~JSZ%2Bbn$Ga zyV2B>n7ivGQy1sP)l3v&WnS}%wL6-WsbaMp{ddRKo2c}_snA)OjnL5^1Ue{|m2_VNg+@60*l zJS!C3YI8jtx0e6O-I9-HKyvyL;}yxYhGjrjcNoW8!~1!HgVKz@c4oR3(!AViNh6e} z4n5q)4DE1#AVUwF1lmi>{_fikdUPm0+VTexvAYvS)ZRbozq<)$c^QZzU0S-f*d6rO z4(;Br99;#sv$an)ml6qQecK+a%~3ex`j1dzRvG%qpkyNzJoW?pCX~o-2Z|P?Q*JwV zRq85^1&(Pa-lH<_7(4rS~Gj7;j`frawzIln-=sc$iRqxxw89b;p z_&wgwuaCR&TmCOKO^~FCxWs3`S_ivZNUxgizEQZ>T!Dl1v2MN24%f z<=mMBDEUqsiMzznji&DwyPp66j3+8y;QUxWk@U{8+hpbTO%nwO77nN~9xs-r5zkH? z7g@4I_b@FDj9%78om)BQmMQG)U6{y!zy!(94FhV2@o`5>9V6w321jVPFh*D1y4&@U zNsuo9+U+?P@%R!$(I?>bqYN*4Jy-EYwZ}gnHaWI$Dtef_|kz z$A%jD4Em(L$p}#ln0yAxpC9+yTZA_LRT5}PnmZ++piaFZb&A&1WBxy{Wv|db?;*Jc zfu>Qy01VWxpc7;Z<=SX6s%7Mt=G<+7HYu2QYi46Pz**N`raR$>Ku)32`0VYpqq%Yw>sll!e`?J|A9S) zAH#+;J-*WznEdqm>73HNX`mg_`KP;5Bq&rHzAr3^ORak*H$^{Ovr*?UbT)HW>CD!o zyV8T@v(J`(z}iRbqII5n;%o6pgCOL@QVi*4RAv$l%gQZoQVMA3=hK-azt4z_e>aN- zHBAl)DkcVonwo93FU$UrP2$}iFI3^>S8WR)d+b^`aQn`}YyIO6yPt<&yJf70=!n~W z^>vWVTjSgX`$oOGC)W(6{A~J9A2tK$uA6e^XY1_O!P`8~owJx1{$oQAZuZoT117T7 z=7Nh_#K(ihfqn;Qjm}E!ybRi{(S718BBr+DLj?7~rz~&h>Yx3#^|}`4p!_@Yo)by^ zG=m%EnZ5Q8jn^amb|3s8LNC#}?8; zN1}CpZeCXqv+ba{)FI|R=dpB=>QY7q<|Sjs79JIHs_f{K|FvAWSN|+fVr(y-LWdQ) z?xj+8p4b#7(Uk~W|L1l$O${Txe$S0(~EcMjFI1_S1?%et+Y6Xw%hIxA6HKgCm zlJvj7l}-J(oEbGWh2-Rh5AQ&q+%XeQenS7J8|>8bzkT?v{0JmO-s4?XgIpE#=s_lHSfyKKz)wyLZ>E;viEV|p8-j_X%MZROo12vPMufhGN1?^`XoO9Qob)O$~7rpZ+*Vvww zd=i%}2M+>d60t_Ua-(Jfzwl{~*>!Mpf%eF>|5d;N?bq_B(F8|DTl`iBjEl1wv zYjls4GTq)8WV}9GI4ShOfVyM(3Uw`ZZiX#k!8Ci`Q*w}5E=PMhr{P}Di?0jlOniNl zSw03tZ3Df{t{$hc?|fI=0>i*h!9G*tnrsJgryR)Fen(I`m%s6F~tO38!=T~wM%=hN3KO8Nef~0PiNATOv(!}Nv_J<_> z=%%w_qdpP-kLKPy9_se}8y-n2qEd*Mv=FjIWOt=f*-Aw*))FdY7-Jt2D%rA(eUz=j zjGe*EDEq#Zu}>K5*vCF&=KiR@zw5fM-}Ahl*Yn)>{dzs~Px&n8dVG%K{XWj)JWlmA zoojQo9b3WAkp)>p;< zJS@=o^f#affm9RcqbQ^yhLr?Ue`dKp(2W$7q?ya4?|hqYYND-odb-SBd3}MoHBwvM z{{~ynI~PeAyfNMgt9d-9zB2hnJEQNAd_t-4h=4Neu?%f_E(+bFuAbckpJ(5gM;0P! zjI~-ql1x?a57&yR+EBdFndld<8}VAus0Q4cm)p~1Nk}<4t1JGIL7NNG&>=Ia7L&sw zGf$pQHgG;+c3 z#a|htozvvNAJ_w4%U>}HmkjmMmHXR1zqJ;(-$>m`W+ti{j{g(|>msUkFh81>#{L>_ ztWG&4;)NhbRuSSoqZhnKPdm_2#!uMGlezq!EzKpI&^V~xqVuz@2YuCKqQX^BDjV*^ zGX(zdf{``F%O-ITEf4GvJmrgK#=LoPx(1$Fgg&>$b}PgTarT_w*qMT?R2g2`O~>P` z4-fp8>)MTC()LTs=)#>MvCLOE#}9M%H1VdkQflSe{H{$eH|{N(i1h8h3MIw4*#R zTX4G_AzM~lQL()P@%n^8kX`+(#}^^_q={QqjbyZM>-n}P7qQO9eP?n=dJ!4hM&P$) zdo$kNWkpmh{l)NxF0^~I>g`8?15ZWU5U@{f%(p8&gVPpHF*7rWjedtAXy#iG&4fxr>%Wu<#pM|_S~K< z!^-+7+LfEYeDdaKz>^b~+cjE!U!;zBX`$tx#!+;sWg0k_8b;D)O#mw*{)OMj=4!7w z>NW4t@8*?^`n^)_CUyD8ip`a3TOCEZ>b`HtVi{TdEK|9yq|3<5#g^e(JZ^;Ktc7XU zBk!!RezU=w=ZcF(yMByU5AsXGJ9=(x;!~4OudGEa3;Cw&>*a>-t7g(((7P&bO3A)-xWhtj&d-^(1V|{+Qw_ zcBXIttSMS>R{n_J-ua%d*o`i#7LJlY-Yb|L8t>QjRd}_)85|Ag%c@Ocdr$FQ+|l0` zey2kHo5AZ&38-(Z#d%2S84)K6{Pctt&%y75io&F%PS#$ygYla^q>qL;RQEw>ipNtZ zZsoDZhmI2fo-qmHm1jn{ZR5#}Vf~(zc293N952?X()cel`^fe2J_Tj-er<+$;~K6h z)FAP0VTWouMI<11-`_H&h-I{8Ya5kA^HjEj_<2d2qmyjdt&`EUQ`z__v4rhZ6-?ur zX4ID_@byfM_;hRNS8fy`XHK3;+0g6ZqB~Tl>;r>lEbbrImARZz!Cb-0i=~j#nqjmD zx03~Cb$vIF3rRpzNN}pz39b4aZgw^9i+(AO%5WQ`#Mjw(k>#iOSSlqAT=y)PjHoIo zU21^|WgP(6`gI|)*Py3HdP;hz5$|5V27G`joj7G@?{K-vRQUv>?|6X=4sy@}fz@z* z0#;?{N37sh&D2--jQaCt$YT8xNnTEIez~p5o^hmR^xLMT^;UN*7b*uXcY^U6;k@-) z%NT(2|FKe2k2f1Mb-!+H7T`pO&JeK|#LBf|O}7_bbrxj2-T4$+PvEx|OFl67axK>T z?qWor?$n#}ShU|`X;ZXhL?tu@wVJ+tWwYvu$H^}Az9CE%+}~Z!{j7 z@{%4YoMS;OyTI^7^)nC9sjUKG65;cLn3d{80`Z6ZTt)gcB3w*{V>S{>ZH=L2&y zKR(6M?x(sX)(9K>+yrAo*IaTuAx%u+TcJ4VEx~OcSi$bx8Zt!vyh8L@Z%hz`_c#v} zu8TcexB13U8?5zzQH+P0@4Nq(hhrP(l5_rvj;a?nZtK^X78Qrj5@(DV*Hn0KZSNgE zB=8n#LTGk-#Y*wQrN#C%X7-Qa^80OzbWG!7=SHslU2qKOl%X8;U}?YpCl<=wqb|asc&(mZyxb= z$BEA44ghFxf1m>_D=OYtCid2xC8#t??0Nau@Zf|r#ET5aJ)li{H7tIaI+uwL*jT*( zzMK;;Pxl{6^@U9&d6&tf5c+(6_!fl<^-t}4Y5jPPhxmi3rJ=gG4K@Nw(aKK1n+nA( z8s1;vBq_zjd3Pb0_njnE8;~q4}e+UK3f0m0*xdN8+;hp~YN$y-+L#iJHGIRNS(-q&;E zTzk4sL@%h%7?`TS6X(`3yOcjDIEM1h(u9DEKB4ZM0}-w3i11q?IuFl~2160^+oB%y zA{=ofITLwc9?gPjX-!oB)xI$u(9X^Yk0k?oMu;j|z7P91Js(=Ql?;#NuECr%_D%BTr) zQsXj-sI)ZtvM9)cC(sytIc=2v)Vr)_C4aF71`F=*e9C%wKY2T=&k4)e%=z3!Wfd>j zPtd%yxN%ky^q&l{YLuukCBeS3-rKzo7AlkUgu*8*4t{6OEdat;ZwD-3D*8w>ht z{h~#A8ZWeJxV8B0Oa2=7|F1d#dbHbc`%RYpta*y|Cp%xTvY0x8_WYtryTfou6J!l^ zB8*kQ=@d|?)~Q{(6!53ToW%oaE?PB*_S%=Q?B5F&nv>|9Wo1{OgI)y~3o3Bgmj{6I z6hQ%6=s=^TMfc&}070tK}+P1Xb&M8Dd_91zq5!&&s%{5QYXi1x()FdOcAYtZn zuEA70ST_8fdL%%@iXlqtDfs&_VzYs;OMeM#xK7uCkA`eF4UXBV(>RMLJ!5m7EIoQz zWzOFNWA{E31%VC%zC%e#$q2A!oF=GGqg;>GA23M_kx({}mR%8aC*(7SukRu$nxK}u z^I~zbwo&Vg;R`_OqiOE)bt(q0`z=*tjZ!7kUxBhtJ zG~G}a-h;U8{_~+6!Do@fIlRr3e7>ea-hIr|JyqFbvOb$tZzE)H`m?cgG+!gziq~~D zG@I&$SJX!t_~RZ=hqljXKDOrJ9@Lz|c&78Xi|stv+P)61>++Zk;z=(P9m$YfDXFXJ zms3t38QN%05L_|8{@_$j(BFfx>-+}X-i^mp>-)a0e~T5ce~PCqr~(ep!}@v9ouomq z-ULBheZ(Vjq4EVaWDP~IELT_dBnhj?7?|&mn$RRA@n2SzBlf)%g8F(}yPGwa=-<}F zI>o=k>5Qnkyw1q77VYUZ1o)S^PO2?oU0C@?k86dPx|sQ3nPsyD`Z*zW6HW~xR`eYb zvmhT`XWH8DqZv)^B{cbHM0wbv$~7s3=@xh0l=IZkdqu(x^sKE| zxL0l19+V0-cm;5}Ww!0FK0Z=kEzflxe@_9>FF1oEgdwZAK1CLBuTzWqaEZ-2AeYzp z=;H(s=se(=l8?8sG&eVY_|Uo{WsMcoC!HS+EFE91(aTi(^44gf+dr8+(!u1nW8Zg? zyY@$i&h~Xivt3`FZ<06j%B>OE)xT0_wi-4@3=iq6u&z)v$(sDiEzUR0H%~EZR8r`k z>qievE+Qt%@=0(pqq(y9)6@>{1b9eB(&rBwPJU-fm@D6d@EcDM^e3|`hs|dV&2MzX z`t58bB`qFWPAl}*WX7p>lq+??*K61{+kItQF>Be^r=QS1N)t`^vNL#gS}TL@(-dWL zI9i__k)0%d|0utRisRH9GPg|WfSj_E){~<4pcl2%qq&V24Sos*{1k73@yT7Ci>B0% z$lJVElQOouau;&6hS>brV`d;KK=m(`RYs$TpDKsZaypOO_}8dPdh?tz^b$EQV17+V zV~rr*HCteE3ZPEmI9EgD0oLS!|qBlCZ(+Vre9F^=o4;-4W&A^ zf(O-?myh7ieLCEDYuD1;82$}K-S=K&E3FC*}SpV<^sjb?!$1DNkmn;PvHXa_zzTVR-|Tjk_oS92yJ`cMbeVDIHxZwE8lgo#Yziq zpW;(8U!W;<1=ax{G|U2690D|1luTVknHQ1ocbRcF!VJQoxXaA`FhSG+0$Isb4AZ}?sflx; zAbccDr!C;~UeGZ~_g)!drPFKkG4SgHlTpxN-kjQIdYJ1QZCafZ<)kz*NY;G~D@qXh zh64;{fQVag<;L1jj0+|N!l$8f1m5#ky{?Yu*|U-N0UzD2y#dg^mTSQYY&+Xj<9v7E zv(I>I_*tJ=@ufG)DmE3kMchN|+3*P2Q1zL3v<6KCS;YZPoxgj1K&erjR;K^`)QYxj0`$5jBSFm2Y4?Q6Y69CyIi8R@cfr zlY*B~hCXs1sc;=RVUD?mX7?02MP$|9>=_nGEI}`bFprV9N0hE7D`Y<=EWSgtvlj~N zB1*t~0v)xNRumx;w%l$UG)Sb6C~XG~S;if>^M}{X$t^Etw@X5I3?cWUs||c3vt0mI zSEfUotK9tL^<~kJ^=z*;{O#Fuxy`UC>wTXW2tEsXH>Z?7L5DSXk7Wk~o&vvXA#Wj5 z8^d(t;0PC{_Q8nlQ+DCQ@S7&f@P2WTMl6I6Bm11bA>%`Cq&>;Ljz!lfSmS!p>=Zqb zyWGjBaU{P5vGx#c-@=k53iTm#boTKk0(DrB*pm4ZhNQ^btruwTgu0a(^a#FUoq96U z(A;{$)DL``sJ(bBdUQTv9x9|^vS@RW9u?)eC6Jz{$RL#FPpv{!egm)HJ;X_4iv=uwP zZCY@*D+yVb^zv3ZHvoU z)Fa!ruvrOoCmXepz17fnV+rp2c#B-&9k?|YC9kxQMJk?9@ojWGYmG>C96Jdw0cf4@ z`5TxC_+&hB)fy|PFbO_SJhMP|n4q+REz%?bqBk~sgHQD^G(|WuWwWNhcWk&;p2me! z{94u%2zd5&e@F5phN?8fOoJRT&AgVD+4=+W+lq#d?XPK9M?KnNw6+nBy7(zH0*w;d`spKI_=*{*!y4I}X(GxsZg8MRj@rZ!N}86Dd4P5j;%m zW^II>`e#x85X69*MZ6cham&N!sl6L?@V4ck*Pn;}MAC7-Me z#`e}qxWoe>Z{GaE>!j7R6VJR$yxp25TAuwbS>X~;GDckw^?c%%|85=t#RDdoV7_?A z&;3#{2Le*-J0^+bwLC!XzMs%X69Y=<{g-7j4qp1~`}=)&8GYFke#%m>3eU)AKs6G1 zCEWAw@vDpO+j!qE#d9z*o0173+!k+|;|-tHMhB|gwZk&(E6k2{weaphB+ZIu=IF-w zZ@W>RyQwHZ*miM4xa-%Eb!p@wGk@Y;%TJ2N&>H9BhFb5y-JR783M%ZmT3B6zp%nH)`vUF5t;=rLyE5Tn$#rcH$`Oq7p zb6eDTXU-|(+O4p#hZf|AQfAHW;E&CcMr%)ioxQc~?{p#w%YH++ATj04!W5p(_f#oq%e0N~7< z*5|K_wH6xrFZiVgO=xzs4X*5pyH<{ET5k)f_9m$$eI)dxs43vEYlr04hNs7#zKUdhe_Cbbskf1ahho!& zSHtGf%KccbS-t7Un_~T7CuJoMy;egzAh_Uj`Sx3!J{oCxSSDjX&6gL^B|1@Yp7|=5 zc&|VG>51Q?a%exfqB@lmaRGPj?xP*3y7J70&#@H)I(A;z_{qSKF&?**p20c|_}M_q zAP74w{e^U|XI--#R^w3^IP}m+^c3aVmUWhiPi??~MHr$0*|&Bhf$a>CUWz!6T{g9i z_+-2C*L|-27S_#olY!YvghL6ni%&i4!SEZ5M9n`nb3kyOtb+Vo1HmHAn$%| z5i8%OtSXxvJ`mJ5{iBNneI}HE_doaR45G#xvu(qI7-Q+KclH6@d*}+@TOMpff89ox;F( ziz_^u*3S0)oZ6>KGMLI+8BmEeqZ~wp)n%6F$}9}5U3w;J7?RU}HU*RKj`RJbb;;q9 z{k+%h|C+%538?S9^>#+&*gJJ0T-nX?fm>P)b0H4A7jTyX ziUOaP7b`PyTs~kJh*i0)Dx(x!M$*XDoiH@%5A2|JnBBBIMf~g0qnu~Qx6A`q+{#KT zRkaQL?e5<+-p@V-i*@TnpWS0e+I(<Z?Ip7qm=Nm?TiqSif#SX;m~7#_?Bwwt~wY zlzC-){%X?ZOBI=lz`Jp@cD=3Z6$N5I1`2rn*HHPu0XQ+GZpsJ^x10PfkzN(dfwBEP z!3qMq8Vgw<&9_(qu#QuaP@&3(UthidFo^6`b63K29c}s!YTyIMnWJaeK)Zn%zb4Xr zFL1l&`0M`e>p6~f-EK9nH!3S_SwLrhu{1z`@v&e>mM$1_* z(9ho{4G6e6^57+^2HK0Wh_ z0yR~w6dPH8>O9$U5n+?lsci#f)xZ(?nkg%@y?_y))tfQ3n<{xvzr)wt!eLUWI+pc` z*Ae3$Vert*>^O`4ZX6YOcL>si8{a5~W+Q-8S7 z*3tC2OKM`Q*qnUIj4i`8@1955-FFM;#L8}o-@y7Q=$qQ%VkmqP=Mv11|0&)L%cxaL zT$nspOf9^oNo?+YuA)ka#pHuPzge@kh*@t|=0}Ja5U>o%*VJr=Y43EARcgRrR<2CW zUrpvVNtBu&Hi`YbG7;ovq8ilk4rbAceBw1DYVrz5NdQ=inc8{t8Mdv1yVfrOKynW` z27(DOVs0@n9pixvE8|8@6gEcK=+HsUws`%no5n4`7LO2{Ij*8iR}X^(1)e)CAp2c< zyQ>7Ql;-N|-iP`=nvXj2nJ#)u$V?F`0B}U#mSbV{NxWr`Di!4*^G?83#3a5 zvWbcpWjcf|eLD>PBsTm$M&Jq4D&Q)Bqdv)3KsNM)G1dZAX|jFaz(WYAPcMyEi}yLQ zv@0ZF>fvZvP99)e-rBP~Gdl8hl|2L!zh?IKPW0V3R#e?5<-ITv1X84^?AC38K zU{1TOU7zuK>8GJtb*g?_IJ~rHabZTsz`m_r(&s1Q5>fJ4_~Fq^PDHmbYWGx&uEhnj zXOWb&h3}qjzK_z?lAab>UQd`GcCc&Ed6+-%xiVM#@tWj)vS+1AuGx51WRkOfPh({a zW&N)0!-qDIXq_KGyM9Lrr2TGJ5~M7ok`fj}5m^47drS=5L%-^M5vEwjd=I(d_D-hY zna^zHX^Df{Y8h8vwdBm-+_Ji*;Thy0u`6n`(!@6tLqFvb%iHC6z^)sY$seOmH=wjBHtxi8U_g~uLtLeI^YTh_=KMH#)lKQtc1&$D9% zMjPcJuV^W;o%errzKUvLuMi*!D9IcyJ!`W^)2qy&#IW|FA#W6X%&j>bx(>l z?elMNDzLx5P*LiB)0)xbCBL2z%h~xqPO6HU7iv!UTs8=&rL;GZBp9Q$l0N;FiWMVC z9DQ;efQ*H8H@xvcIE~)21I|K%Ak>zZd404;N9_e;O)TWfoZQs&<5)WNeygKHubw|l zihB#i6-O#d^>!owT{OaAWsiHY|hcUV_{bK_UsctlkYr`(I*^NQr0UY+G($0zqSL1ljT&^L(D9T z(61N8q2f*^W_I)2iLou3Lwyh0L}%QBN+|Q%Y+t0-uX7I!tX2PObZ_+vXBoadQTof) zV6#eM{lojW7QPw3fngw1)<0jGH_ySufA%MAQXL&Ts6rzXZNNUaCsk6{p>LS^*UC@k zOqmR(I*-%LLzMunnTF0qy6(7K%b_+c8D2azVoa1+H=duEDSKQ1KkPh|yk~Lj{EL}1 zbDh2I_~kn#oc^LfOx>~Oww)x+h<vWQmAG0lK1wzp4;Az4kSyZ}rT(frSt%KyxqXjY4!TQZepF%DA#PO+ zTl8>%A_4Kb%?6D3i3dJYq<1xoH;gE>V{%X2U_9FJ}qlO?&O*;nPP2((cl&X?ghvFVxlW+lV_Jw9kv+9*t zlXtyQ*S0wPQzD)}{AzH{@M!J3lCGy_1q$Ya_k}^H0P>u65a>Ej{>mG9GgJGuyGo@m z@`*Lk20s|HDS`DARBofCYJ^NXznLIIwKXucV}cvx&QfU0rW!l8ihZn;14%S!A(GlJ z#LO;+`zajIRj=IiPugv6EBFRN;|LbCjM)-hM!a@AXCZMs z=VZgYJOO6G>#^Z5KD#m9)mvkyk!S`fj!USQ9=6^{!Xy*4zm~6Te+^_eo9ps%5&tS9 zMu;Mj>^l+-( zheup1OO4*! z4fPKUuj`J|3H_=cfq{U=Bg4aR&ckuD;ga3*mYvqq;}Uq^$vN-u6RU2|i&y*nmOvW^ z*k=2)!*VRgKXD4$EeyE=#SImp%uia6s(abK37=|T$kbimul(7VW;9X#>{03$5bie^sBLRuf_8AR|uRev7Fo&U%cSTYVc;M`MB_YAY(h(#tNnW!{&S_HBVPY z#cX4Fld+I;O-?^;wJ8aDCw+kZkCUs8T%jxavV)NT4JFhQbyej&6o}`8_|$Z1jxZ zbAg?FQ(pB^1Lx5k?+z84*d~+2X^g>%Q&JL>eN5Ncn9nLXkS`KT#i9@(j`Zk`vdHjM zyWCBmn+Z}@=AQksH1XFX#Wq*3&T||rKb?5fV~}+*)gFp#vpXH*Y?ORVrV&1KDnh31 z&1NRVG^1|M6UvtIt@+zTki8zDp@7c#XR!kd?C!5*Mfyaa0qE!)EZxb~}{D_tMm zZdN@!d>;AbpxVu68e{`)$|PdHvY{(2=yI8e+=UUoy}8}o5duvNJ{j!OlsArcEI_Vk znoUsEVfiC_P)6O&PdZ#1I!5AhmTSye)8zgsLxXpYIdAQ|c?Ij6SaTf%l;{-`uAGO+st!(%K;4&g|R$jb5><2t+ITlwfh-B&c5G%UGV$8e!sX zF^^}RN1eP`mDl1wEbtr7elO}sRw-@mRPdZJAh`yoUppgx|G3A>@Eoe5r;JF)LCDfN z#EA;8mzZR5n(`DdwM)zN*PoQXB{?6N3U24op9s>ey{m@bzUO1`3J^)re~P5?+2Gja z2YA7R2VQM_=An6ACb{3Tr`T&7`W#BICt2be!oQEdy=Tw|XqO-o(`x|Ai$-R6xKAbw zHZ*&b2v`|q%UDX}#^l;&A+g){GcNx1ZBR|+qFvsFkp<16?dC3HozPiiIFr#f1xYZy z_VZ!mbI!_xF&m3)_L(1^}e>^`kWr_GFa zhgm@#2o8a3zrADjNsn4EA7D$<9tyVBfLBfNFr=IoHC)?&N(C+oPDvl*_JRa15F=gd zer)xPVEeuN!4{q=h`Al?2jzn4fl7pG59$OXimJ|TsDJEMtB##SfS*GYqOCpl^Kn+0 zeKq~Ib|r+2d-0cHFSyP7X_a?P7IX_v=HJp(c}jSIO3vs^U~h`5i!z3xl+Pt@AI7bG zFS+KG@V*q=0O+{^m_9-?3EUf^_%Gtvb~y zo~)t6T%gXS#yFT{l*TR@{n->LMTrBDcQragO=*4G8hcrNwP*>TMORC6&EBjY*saen z`1!*!AgBlU?=B~9f+fL`Y#dfc&odCLU@o(1kzqRNdcdtK??X`DmO!rXi2l4l{+}Z5}&8gaAmh-+V z;NX5jtj%`&iMyiWph}khLZ=hI>8-0sB|k{veCQ%Q$z@Yr8UNoXB?#Ub-C z^S~uXb6Usv6w|n$``OrZ*9LMT;_xjL-hr{M7R_i`1Ycr~M<0Z1-Y<`D|1KuZYJEqM zF`u#v(S!hq_Mch7{^}WzZDDceY_^lyHFesnyCu4Jvs-bj@Ci&x2yEh0LCGkg$BrK` zkU&Jx*55Of$kAU1N|SRD)s^`Tzlv?Y_u8@QnCaEXwgzTvc%E;Uvh=L$^LA=i)}Ypn z*F_izWefs$vhU@ASIZ3=?>P$a0A2UXAIGak@L^K6hbYKGNGvCIHZB?g$nY8gD+BTgc%GT3ZF}F z@Z-{@JB63sJMEQSr%-eG_clK@gs)K+&-3iPdiB-@rmDXgz48Dt@`yh>EAF6)A0jg4 zqL~F@HCFXLYS{BFYJ>(x9?ZlB#ML0L3KTxT`_!3YT^XCMjBH`dkmr0ko}F?$1~q*Bw0*- zU#6(~OcvF3-x}?f%vuJcBCBZ=iZ@#YA)U+P>6nw6o4qA3?-y#QQj;$lpQM)?^xboW zDXR++d{#HVraq&#Mhx2dQK~L1&G)P?bz7&eO-ts5&@gRM(x$o@6&P6z!uzeJx82WE zHIdO%Tjz@IUsl~{mkjAYhdr+a@mg-3uQPIBbl+k6tRW0iE>5clz1mR-8wW=f{Xu9P zyw9FFy*j$~R!HMWRC=DX#ddD>l?F)05_7OCojrm|<3L&{Cf^&A7ivw{hVz=-3fi!= z8y$JpaV395HCH_|%W;NF7cB4M&@K_ntEs#;=Gu|4{)pb~%7g`(cSCQ94tyO)O#0z; zy6Q~fo%#QkDiM)Gp1)w*KFi_xLZA6^>(mMnTdUEIyn0EK8xekM207N;)b4_Ujl97X zQS?aW>qFjdeD7-%Yeq&c@FN`1%FL zU|PThpbFDOZnqqyf&Kw7LOhwNWHws4^pK@AcuJeX>PpB@*JTgGsiOw1ebtmY$2gt5 z&z%0&@lBHF?(`DU^R-`spjCIpVz{pi!dTS6b9O_-P>$KYaLKPl``ZWI()BD|g16lr zh=lJ-me51zk5OJG@7etK0SMh}-=BrEM(KT^u>Hh<$t&Db z)-RE%s%0k4Pu{=)(To{L)lP&o668r2&ZhG7)okS-;zqC;`Gng6Y8( z!C3enOM|9u7!Xv~62p1Wrc<-HDa8YX&W20h))U6HiBJtiAxY=G<Uh!mmWlvv`*z&FYz z(4l|Wtl!%4@HOq(nlB0$^u|ZdnRG(!H zUU;y&C;rbrb>;SylL=; zcO^!es0-gtbp@yEHlJlV zbr~g;){)B$s-1EjMqNNJtx+*2VPYK=Bo~wM-DT=1f_SPd$g?v_#@O<> z)PlPgC%!1HT1dqT}a9TosQ=j3hDV4?!%j*ez4j6B5mOUsEy6Q;h zzWJGJfu3%U+W|Z{jM((B?6B5pVp7`^c(GDG4z|nfS38a~G`=O-`yf5w-7KK6kbj#} zE__c?VT20msT21FrVZltpls_@_{QUDv!M}yQ$D&fESGv@wVZ1UE%G>9rP54YbQOeL z;C$Wjo+)-nQ1b4w`7MMhA|9bjpY9)Q$^3k`dB}VIsN;NAyDSo=z-P_8y7L9gI^(NN zdJuj`LN8h6MnSL1ocEb;KU)TdeOF>&lkY5Z4Gp>*`r87@jbk@*Dmoz3clGk^HkF1q zPO7bSoeuky6U{frP3(C|XR0AWDo1ZBphxN!SOMViulWOoy@dxWgVOE*0C5-T0Z2%J zuP~GaWPf{8XPCTn36%EXzun@W6!k*;7^m4%jYkK}03}wj*fI<9zrKqK|Ec)Wtn;1L zPdZO#uF)sC%!>{cPCeuGb-9((D>e7{y`{)r%eeU1NugTKrwaP6Pa@fR=wuKgF9 z{a-B*cptFkT)%Maum7iw{syW4XK#E;f>>HwB7uGHe|{djfE29mRa{uO(!*sp&ZIH> zH<>$Nx&z{Z{(l})g8>f_XbY8K1pUsJ5g`t;S2g&*A|IZ!0|DL$CXJLy9&XY?v(x|j zy%GkDmiuimma#OdE$#`w7)fD4{KBNWrREE1p)3FOEC{=>2P?e9{!1!$9~xvKSNyxG zNQ(6Thl0L_$5E({bU14+UtF(tt-6`|1%k-(e&ldplr&E8#3;7^vp1^O&w?l%=yCd zv$=L|-mL)NU>By$%H(;SmwSxc{y7+fGQ=sFb6jgAiNf^QtpZ|r*iOXdJSebzwrBXw zsD7wvc9+Nyb0(kkjKoW+er@yXeN6#!rEmd1vL+L(LKh;nEjW% zeIF$-A5Zb|DlyzW&s3g|rE20c#+Isr)0alSXMQ_6+faUZiRc zsiGW{^iho|%GU=@wSfCeX98R>zsYS5X03wNmw%h3U%m6a~r&7@(AkI{JvN(M|4}@^-1QFU_nM6FT}c?XiB- zttEm=8ZgF_VWA1_Pj}EEdcmYBK$IG@lr-EJao)ccj!~ZO5@2)l%2}O?v z*&yl_fIx7H2+zECe?cLsvVF>K{o;({f_kUB7DHWEuyKAq=>U>4_Mo)@6Cj18=n^N+ zt!EEE=O!Zh7Di4no<>sctNv%58w5Jkp_pf0=9J)u#0wC}J2=^us9}4m} zZ;&C-SH>eWo9ms$0)q!>A;yA0L;#SyNZNjlmC?Dx3aUnrS1#fMA*2)pu&D@S1!uu7 zyfoJQ$qj5o0?nx~7#oC^IOmZ6yO$rqiw8IrhDJ1j9Z{hCN`DCauN?4FNHDO{?k*Hb zsa)pU;=TFR`9QhYMV5c{nXUeH`$T%K-nxW+_tIdOcV2G)MTU5XbmG zZT%DhK>+!1q;JomwdzpYf48gbEk=xy^2VjU;0#awMI z@YNd@oGg+_=1(axuAMpfU6iQVY3P^VXz1>IL46Xbq`1Hg3T|UkR_Y1l121o`rcwmg zrS>*$GAoyngyz9su=9lsrFBUsMyBsLLqce1hHEY8+u@lTOJ`ykyZUWczJ3EW!_)sO z#^Ak5BdmUVw*III@!ecOSP@Yv4r{=$wS8pmGVY9=c~|Fb1uvBE9|`+PXhOjm5~z}H zbW((4!h9nvxPi~zwfGDt^UQCR`*)L)kd%#v@ObY^rw4jAr0sEy@y5m~1V0^d-TwJb zBR|hr@BMBHd+@7uu4u{_J%H*;M`v<|HI=1ct^>#B5`}7$-9Nk~&Ie7yvGo=|d4ASq zb~Y_BO;k1=B$=M><9zGmgJFC^nYfB&J~Q)>ZKI~BYXAH6UtcO9n!CZDosjRRh+w_5 z7J`+M3Rqaqlu|ujbHv65SPrj{G77_c~ze6%_{zjo=erV5QqbmDfuO zN}%RKXStI(5!r*dzvw?s5p&#s>BmI=|Fqn5z5+&R4Lu;YmQtEXN#9xuXkCpmB@K3n z5jdW_@?XT392F%Z3Z2$F8PLgqTCkUw!A7!&EvX=%$f8ox1nUSHI(={XA^yNgZ6Di| zlx3gBc}GU{SEmOLh8|cPGG7%Q)s6k7^R;;X1oHAFk)BE?#+s@7oKG?Ig&*!2Z%a-3 z08Lq53k#_Iid!wVUKmEqwc6beD+WZvoOkANjD!=?(&iDJ;_Oy`hS*Q4OA=(}!~GFe z6)u%XgWj{me#=Y$s>AFY5vB5@d2Mp*e-@Ho>TtL3edfQ7Y8%_GO8x)aL(!BwvAr?jbfC68Gr^ rzqIl1$Ra>u0h#?j#dF?;g)ucv6W`B)^jHOUYr1*O;41ox)yw|@^Ee<6 literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-tagging.png b/2.5/de/assets/images/manual-guides/mailcow-tagging.png new file mode 100644 index 0000000000000000000000000000000000000000..3d56b15ce1b3fb73b87e7bef2cba0ea8b9ae68e8 GIT binary patch literal 69226 zcmeFY2T+sUw=WDLq9UNEARwS3O`3E<7You+q<0Y_H5z)2h=_EN-a+ZTcZhTekkC7X z7D5j_Kmz%KzVG`#=YQ@!^UZv7znMGtJ~IqE&#r6jwf8E&^#p3FD^gu%yi7tuLZ$Tl z$x9Lv^6Mldq{kP}5#KQBt8xD_aE zM-mcRr?WrO87o#d;!9emr+Q9WAS)+VbFd|eBG}T>!SOA~$wd1iu?rzU>B*y4ZYJv| z1V=5!6ihgh5SW@XF{D0SD78OxJcWNK{9^c-RJ{C4_%}^+hRyR@j%oX~(oTlNh@;n!K2dRrJ+t+_bFMQ&FruSLus~n-WOdU~J+=7wb(h%E z5f}Y)N%UT>p_~)7O1z-5P-0BB&{z)cNO?_8xXB ziofVFBb&=h!c5m=H>#1RqmYwWJhim>=hsWGpG6``|7v4*BPrUk(!f$u(}&c#HRN*y z@UMz7GYK9vsOjj!k6yK(Aswom(7(Afc9mEYAJ1@fN#vsH-*Yit;X>1q4gNLk&kJO* z+V-DBiTM4LG=Bg)2u3i;e27D!^u&yRHhoUOo+3}sd~E3h z&_P-=Ywh|CBG*Jnqa1@D36K^*W-~YBMLDia-rnj7rGPnkf1D>F`M`0;v1RrT`!o#| z%sCyO%oEA}T7>3p5|Y02#5G)KJYRC^8(T#-9QV-9@u#pj3)kTOr64jAk_5A9;@(|2 zIQE+3sY0yX+@t+@OkpxX{mP=Hq?Z&i<(8&8%E?7dLh|;b4iAvu!MiEhoBhbI8O*<) zZBdztnbORL{s1OGK7%i$4gXY`^!=~Y^--hNu{dujxl(0x06jI%bfPSiWd&!vxs1Tl zc(=+u29WjH{EsPn8vveRIyEcC?0?dil@vk|g?+u_x*!hh2x7|c>5HncJc77>83 zg$Yxxkjt)PJzXDT1|C(m-jg0>r-_Uf)yo502~5OY@vLjyD2X!z}!rCp4iV=Ai` z-k86kcl3RlfbMJ37;tLC=-k>x$kA77zBkl3Z%?gq{I1>>`-UTv{Qq1e-bR9b@LPEE z$Cu<%nB4|P0ba=aete7J4s-Oh#A&NfGK8q`jP=T!&z{XsK_qsW3CV78IJ00(FX`Qg z%J)nDQxwdrhmPIzYB{y? zvd$Uo5w+#v)$$9>LzR0iV>m;6u|1}wckuLZA>6v9hU%bR`p30C6}K`5xf<)ius6cO zv`gQLK@(16{k5aaOg~l7P0KUe;fdn*6MK!Z3*w8Qq$QPinK>O(ABG`fwHAX}ehWK> ziDM)wmv{@HLf+pdRu6n15N~R=J~0&j(0qx;hrs$A79%^(En2953^!r8cAw4DxHiZi88) zk&ZiwQW|k!pLg5Sy@@FsDK?XP_sSBfqlcPLSBCRR=~$+22SI%No)$y&H{dEnt2`dYudpdT=U`DAwqygER2%tKy%9)m%I2 zU#k8*ev-1%)eE{(knxyp?j*w%Zo`0vz>ObC?#A~Lg(4Ig1AVIrJsJn57ODUc2N>@{ zT+o+vmTBk4M1TBxmiRI1vZwC^ljl2BtG%b8d5~D?O94xUE3(xq@rAy=xl&lPLx}0R zTp9Mx(NCL4?M_?YP1uZ7wwlM0MJYi#q2mSS=wnEo`(XG?5YVA#8Y&zONR)06w^^s} zrxVKp7g29aKN+s@R5df*XM}Qx7YVs~RC|YaXV?0QH(>>o z0yqO7h%cOK4~6mwXzhnRblrW87eDPy6oWbzt)R))UH~+_e_Z*nO*(O6ZITWScnjoC z(Y=?*z=L6bE8QpzbCb)ZZs&n}oy<0miXUkgn@LOH;8}&!tYtn=jpuF+r6*;}y1DGm zrJst6+smZ8=%-}t7?j4ET#_F23b#kOxqmVExOhP$3Y@Z*9pZf#T1d_G5}->lV;0YN zyfxm7F|ivYDHwL>)|y5*cpS8HA2~BSF4RCo4fCR7a|@evaag;Fy{sh50g1KZLJst} z*VgW7<4E?;j3igD??doQJ7o?>BE2pZ*L3vSNl0c_GLm6O+Y4)~_T~mdV{Z&2nn!;a zdI>PgKE{~|L>28dRu7t{f|opPcbRK}AnN#o5i5mcZ}0j}bI?Y7Q)3ffM&e4vc$2ud z;S9a00RrZEiBa9v)q(@PgdtSmzVlzo(Za#UYni%`4w(!_2roz{1wA^3b?WP`wK#-; zay{P12}aT(Tr_%(*H2fl)=uLC8<8Py%JRyXYi%D(tIfDn=2w}~oNj6ThEjNAcv& z{)Gl6OJ$Ct{R_1M-#z_B+itYIcUWs@Itf5|87HJ*C+`}k!!7HOhu5OFmLOC8$<}49 zZF;4#I}ukEQL5@?uFGL_K|TJ9dkQU;H{z(bS)t|yCNn$g;NxbCrA#@`uoiO@kHyQ_ z7^%n5VGiNz4JEf#-bpqMOZ0M4i_^Thly-Z169S}sI`-+wtI+WbbAQQ7ZXmb{I3uVe zFX<@E{tXp-l9|Sfd>ah%Trf6l)8T(UQOUmBlWi z#|>SOU}?oaIuc$qfjeTh5#weXvio+u&dhV(EN_2!dwFKmEl{uJyvs0$b-@OYK*uxTGhfuX$O{YN%mON6VixOAk9v}?8}8pE<)@--w}jFd z5S3W`1Bs{RK9}tVJH7{gExaBjOhQs1wxJF8>RjhjEbanvFf_h7t#no28dK@STtj!Q4cA5r>wUsG#%S?3 zt9sJdDO*r`=TTSu&k>-QO!ody79%R@>Xq7Rb)#BGs6nGQ`^?c)7AyH1P@-!xwrK@R z;PBaAN@l8dPdz>zU%uw?t@&f!dm8~6>exXx?vu%xsWnJSR?1ARdjPy?M$H!@Bv4bfo>y-Nmfw9sm+XK?Oy>g)%+q-B76ICBs_8!v{FU%6K3U)8+ zci7DkGmV6rLQk_*_y&_2@5Jxx-}=(Y z5}F3Ap_$gatG2rLYRA6cQd}2Z8+b^qlUyl!&>#r`O;SvqIB4wC7?pa4~&~8cQqEvl{%!f*SUUe}+5i`sZA1nmUWmyMyXP zRdKUAooG4{8yNJeQ+13VQ&s0`gA^C0S30KmJ9PdEyHb6`?w;H(T;HN0VjrRED;1LQ z-c7D6BsUd!Ct4VRDQA6qFKIw2_^bU19~ooR2u;MJB&S%i8~s-Cw_st{a&sH(EP-ip zU*Z1$$SJTK%>fG3x0-mKeRa**ZUF?`5&F2YP@%PY0 zd@{H^l&G6LXEgH$5-itVXys`?7+N zSLOx2_kH=i!*^_HhehahS9wg58z1ndbN!qcMvB~d#?E7KUp(7Bj?OKs>)d^boAs9* zYb$*kCi0wvs!Nvy<;lttjnH1e2g%ZhJ4(T+8KlgxJ4eW>=vw?rq26#^CC-H-#qGP#>G4o2}Q=!|Z%ZRwX>AUofhHEv? z%irFfn)*gxA!+eNF8&*xaD#zDshs21W!w3~!ON}gIia*b4-sBz{z31)3++YG^rorB z(qB>Ko^6uoNiCop;5m&4_1bmCv?Njzvr1p0Q+Z|yY)KUjK+|zpEE#<+_Ri_%9%fK| zHrc@2>Ek1BHfM&oiN>@r|JwZboVB6Tg~jEvgHK(0%64Jx5UtcrPl1*Uk;JH7sPSSd zxl#k=%`OE&-nCXFS0_ef1?Jn@OtU{VSS6D+_LJ-)1}AF4UTM9ecKJY?{0W! zzTPY9xgaPjSL3MN;VkI**kC{!j-Q>93L4Yu?ly3_92Cf6bP4}5t0FnDDXa@$$Un5WrJP;_HX^4|<2)(r2i-58NlP8Q`NJQ^$)x5kM!9K0eurM6vPx&?iRjX0Dk<@PR_{T?`8}*ju=*u*Hg#haH#5}> zn~oQ|-TgfN7S2@`dQB;-n3rX6^+^f7E!A#`^1C1jF-L~NRISR)_1%sP$-?RjLcwpu zsY+K$1fgK)_~Gpw_el(=mg_gdcO?fHMl9GcUpw#- z^@0oVeON-=MG!5FpU!hDrtn&|7hk@Lia`iR;?&eRDoM*+zm*aPF*IO>YCKQ1Hf_9- z!*J{5K_Xbk^MVbwWyW<#pxVFnq2!3VA}hi~iN&W?K(~mN17)Y?M>aw-9_8*Qn&F!v-I~F6ofuM*+h?Ye6Fw+WA{o-HmGb&1DFt#1`3<^X5cjmY$kFS18Fm;?U zR%?4H>bm{Q#K0CC0>NA=4U5e&!N~m@HTS_(`T?J2n|9TIti8RK@Na>MmtfjcHwx#*?J&yDQfUlhVzG6yJYj7S9%Xd|jsC7R{T+O2I#tz&}i99-Y&# z2`kjHU15r^qd$Ou6jv3T*uZb zXT0E(bC&S}H|u9k3Pv_GTjoG7j{6O}0s%*0flAj*#=W}P&(7=S$+q9r!5%j?2mcC8OhE-+U1UJu$`#qGQT~ zJxVeWT={UWy5fq6$VO4Vns(rv^B=J{%1UuPpJ*Sy&8#k_KWWnU8JtzaJCbHinc%;2 zjjxzZq}@1?Y+k$nb`tEoX(Vg%!>LM1skZNZc{hLaT7Vd<>p8RJtE7tbAgG*VyJQ0u z~5FnaSNjRqgkVxjJl}V~cMOX}By44ppvxn;X^; zviNfTLMr@t1e7v7ayNfY5BdE~kirJD$KDOTL0N#;MTNc8Av|NMjM|&|j?@&#~v^|gjq3I|>s@(fGr-;4MbIcQyWACTu$mpXsZjupGf+FE#?`>OUU zH}|xFt9jRn@+`C--I^%AQZLj0+LyWO%9;&NOsP9BgQC?Zd`Y@9Tr?kQJ)C3zH0Oyc zk@2}eaBeQY1xMSWOX;tVJ*bi6Z5y1zt0vyq=5mmMLc#3jL&p<2QH{RLbPFv8C8H~u zBIK{`O{%xiBt%V?Pb;3wNVSx-=OaVu8l&w(6J8d@lyxSzuk1Y2w~n7!tG`^Ed2rQt zR_dHYik;r14@fAg+-Sd0&(HIVgMCwT8wjD!jOAHF%P`V;8gWE%BPCa}E@;9@NJ^T{ z0+VMtWDHYNKwnAppcjiuhR2z7FMK~4#9zb=<;gtMwz`@}oeu9?>P1Ll3VV;K5cbD2 zOo~%tqoUZ|oXG8Usn*xU#x6S}m=nJMFr6=G=7Fn7;Y_?lqO^I#ZRG%LWY1a>MrvQF zE#3niZL2bIOU*E#V6QrdtZrqW3;8CxN@e;W964ElEgG6h_tc1xR6PhQD@_bbFh!LI z1Qv17_<&!;z23AUNXgNXsW}4WLJl;38M_pF)mW5^J$UMAyM|*4P6l5{xG})9KTw+D;qxwbhEyG6lqf3FwQIuFNFR~4AY^d`f|p^V&9deC(M?{X-h^h- z>c&d7&E`8a?pBIk9}mKo44>B^f7=;1W4K!lkZMz3gyf=_-Xd$k^M!?ovdIq;ybm`LFR;fvY*s^j0OGbAYV?nnkdThL$0a6l`>6^x+s=GQ%@flyEH#Vt48pFDb912;rC+#`2 zijrp6LgNuR#m&`osE5H5xSlS?X?nEY+FjV6Ee>F5WWd;4Z85JD+SqJTVzGcprV5nQ z<9qIeEu+1>!*&#W-p$>wpg{GKt#|c1;B)L4a{ywdHhzjjgXk6D8kMx+Q;gIY$C0`4 zx1pK8Xk$OOAIWmf?Pe@Sfo?AN7Sw~ACiv!G+s*ut;j;de6-Qmp>EW$m+XCg0t9 zGWblu*{xxxB8{H)2p_;E&J!kCY25#y8%vj# z+2sLp`xX5v=}7=Sv2{P2{nM$TZRU#6gavi=P+{?{3#mm7`^g#(1@zNXI*1$cfMQ8| z0j<6pzmbh|L_BKu{2pyuQmV(qa;7FcX@oHb)7NCZE4R6P`aN(zM1$6TPn9%kH*fGj zh+NJ0|2yhJLd3k%Vo65iwgz0%7_Wb}r~V7cdi0(MNL@bzr2gkf%-MSVOwQ>M{>OOB z8Jg6mLbAr{W-X-|dZ|^6;xGIvO@attT_SGQ6^~11CuIM>LrwoHiJmP;;)xEzpJ)6O zA2$8lVfx6YmUu>S{@Tl4`4;(7h^Xk33uBjqdjH-<~{ zlalNImWizSNvVs%BMB$S;NW1SHp$|>2M}X zZBp(OcJR-6DJidm)gEpisOiiwXR^^F3AkR|G4M!#HK>5mQMRXap#D5@?T{2*^C5(t8&I6l9ETm za@65q#uWY)Yu~eev}8Bvf#Q18JKTa{vctX z00htUeu;qZ0;wCNp!_DUh@(_fD{TR$rHc-7cc}-^$SdBW?(^buM+B~4P(rhYTth}k z1VYURf1trt3&BFGpyDFQgc^&%`e%B)+#tdtH68(A&aRM4x8g>(PC0sB8Cwc&|A zTdiTLNQ&^|eZVU>qj)^3wsQE3-+6J!bYIE!DvGbZMN(`-APDBNHx;HbgwWP z*))VjjM&M;o=y)wSgprrZe3@_iXdX&@q$nqg0V4dTy}{!3mjaIXehTHoP;ao^89O% zC{7)KBL|xZc_OvuFM`v0!eP81t_vY%U-Y=xKn@e(>2s}uNuM}I72JJ$2S+f}g})B0 zY@Jwt_Ag2b&lqKbmi9D7T23hSf^W#UZ!frNB+bSVYwz10wM2qi%FxzVflua8g6 zOqi@eYGCf1kxDvP6yai9;f(RvN`E`stMy57!KAzc=gN$u22}a!b=T_4r6cmAd zY&1vzUJ{AhcVak_vI0IX5_jdVZJSjhht;wh;SU?b1Ni&Tt&G>38q03yvpP&Pa9Xa5 z{(XDQcAYiz65X58AgoZlR@%=xJK#v>q!`7&_g{MMAKFPsO#XK%i{vJu{!vY4Kgdvj zGls;C^#4V9dx#57*p}N0ki*Z>Kn`13Pya63&T5ds82;0%KeYi+aBV|P&9C#Q!OW!2 zjt-%}8Tf%yL7|MsUtz8u)8ttfCER^rN;n=Z|EF3?LBZ#EC41d5_to)gesKyvs;5jw zOf2RfC24e(Rw&}R*TFb&eQjuH$d7_1qpqSka17!oqD+Q&ZLd%tdwgZa_c)1qFqGNyA|~y=e~uK{(52yAfw4RtC1Ja@(3E z?FRhaJni27#ac)7z{(z~J66EBZg1}au-fkLb-CpUs{AS~75qmqN#sdk4F4#&Gkr_c zxFXH10W>JiKSPR1|9PieYsA9J$|~l_SV3xS6q=r%E)0a1STRmDc^mqivx>8P^Yn}? zc}idKS?1IWev<|XA)ywhX;aaGwB(Cyly|96ydS_W#GN2EdrSFe)S$7j)aE_m>)8!HoXcN5Y&aH4$z{dYr1!;WpfU|@uE`?vEtF8C67ybh)p@FAVJAS@s(BrGZ{AuJVD zPVyfo8+~<_N#K0-0rJZF{!xqWVl`FQemMS=3`n;qZuW68pPXKl2fjzRYk>?(FzP;0 zxLL_N5(uU%i(jd;6Z2ddU>|XL*zri^nvUg?1l2#=(XE-fiN zX*%wt`*gZLX~+|4NnLGHDARL$LTW1%KOi(&r-dVYD0ZF6EnSNVl@`fM4R^ukQ;4DOdu;W>p z+1_B=6rZOYV?DIt-9mY*l<8}^!|HWO=~wf>%S#<$o0AH_rV>X8X5YUw?b_*y5d!1l z+92=fb|SDLjUT77FWX!HnW*Y9J=(H&Bqixt#4VglA2s$ke*7iU!Bm1XoZILU&O~EM zlUDu(FOn6P6REh0Ids-2dVm&qq)*ks)GQM!&9?8b>I4_)=TR7Zl`#Cv1$@xF+OScP8)NV}Js7pY3rvIwK%K992 zDhSO~UrjJy?hvP>L>g(V@8YWVr)JTzCcpfvk0hzD7-c^ehkMmbVz5keNW|W4xyQQN z^bUA;0v$5u$7mZVt+Qd3J@O=7!a#C2fI5}XD6D|uM^F>TL0$}xUe?@<#8#C*oQ^6l z{;`0@P%Q%K^U6mxHurH=>pm8^8NH%c#(G@IfQDXlP0GmlMaK0UWU(bd8R=QPy-dug zB3ecfRe~_gsWA5FT3MpIh}+TePen3-q@(!(tUp=S6kQ^*zugl3E}(d!5mAIFdn}Il zguGL(gj!Gb_T)YK@l5l`7pwRFN%1aO$}_RSG%#GI$;BzS*zx(&XRyZ}`vW5_iOq3c z4PjYGEMOgrkx^nW&va*#ddGp0wrD^-+~&x#F>Uf1zn91QhV9(;%ydtamCp1Q$NA?nKb#|a&{Y29)7-IOgE`9RBEUds0}fHcWq5 zH^Y7?w>HR)$rFi|dNW~l%Exf7xLBi3Uce%Xax)=-3 z(61&@y0Xcc8&u)lP=RolU)LK#?0g5T#_xt?Z=Uv+mKGd#_wJzCJouGU*N5z$Png6R ziSVi3en;g7;!OS{@GIGz}jRfXNVmmXj*6$WP@xT+j`- zM61xV;Y^lHPXsmz1zZ~7bZwaX{DQGhDuj?a{X>dA?f%Jj1HNwaPpUfcGTXgOJTgDr zPs-H*`R97Bf?Vvas0oQv@;Qz;Tdzy}*(|8_w5A)Rb}dSP#0x5kn(&c_3`-T`*B*@% zlf9jm4o|0xgZ=AoM_4BM4@ZsuYGS8jiDG7P^Mj3d-BI?j%-9RQ7}?QvG$zqo7K30^ zovX1#dL^uUL-{kcK5D{GLZzItGI%LLJanj@q2wQ6^+ulEM|csi&Z&`KIqT;4U8GtU zCZvgM#MJ0;4OcwG`hrJ~3f1%W6(E(smZ@BpEiM2lYKI(bMvPuPEiB%|on-4O@1!wZ z@7HDeqJTP(=L`pq)(1#JMx1^4Co7|ynkL+re+o#+ooKknFgZU!dnqhgD>^BhW}MV; zKFXzoxg!Y92;W$63iE6AnGZP*dw8pVE`CR%c@EM_hn=^pFA{G1CVvfdAc!7NvUjy~ zNkBqzt)<_*pb-yj8=oY5_eEE=n24h6SRHjZ0F#4OX8je&6`r4&?pK5*LjZ$|z=$2j z@#?nut5NEdQRU3-3|#o+)Tp=5y<(G$9X>5Ycsn|Uy+EQVt8_O`CW*^bSy`Ykfuy|Z z?1moSaej1a5PXvh4ZT3fBn_OoJdz9MSED{3$MUA3OitFoVrxX63rGkqc7Q~mH2xyn z!mw@)!LN5#iQj{3KXIy`pQuFFD#(ZkaY8)@bHE2jQWPR8Ij~wW7MQ!$7o&0?_NnC~ zwLey31vwWwftWYvq!9p8dDnAasYp@kEqnRlz!&h6q>(Y&3$kp_{b`dBPk#OOU;x$8 z@tjALaAf_Ge^aYCtGNge+*V#>74%mv%~3$(;L2pp6| z;~ppTa^6GD5E;@!wJ8_%{$(8TE?eL-Wqy(DJMs#;H{%In5)*IPhBa|ZR_D;eo6ttf z_G#*CLMZyG)#o`ml*#154RkW!$Pr{Po4I3`tF&^*RRNjg72&LF=DU!?LM{#g; z5Ezg4d5p3ssef^K(rnJaG`zMet7Y+&$=pBOb`QxJzVtQHf7?+-%7La&FkO^*RhDT= z3WAsQY^y}% zj*t75taggqEL?x!GJa5fFV%D&3id1clms{($&b2E{Xah#>8F6`V)xFbA?V@6G zCyww~>mmHlda1GWpMW|s!YIEW)g;up)3+^}w*Ekl;sB(@FOwv3AdIqQe%Wvr)v#dd zS^_!2PzPp{D2atV4YFtoEJb!KHT`oz%&BzFA13-N{GUyA9X5(cukcuA$faddZ@gKN_Fj`X@8q8 z+gbI}!+O2-LSsJEYtPWeO6%L6-E$(Q9}Qvq%wsE%bXin`k@EVEb)pJl=9cVwZMBOq zEIxlQtQE*@kIf$;ogC;&?vZ^B+89rK9ANKhi>qoJb@fNDB{J2{rQ9vey%{^j43T&| z>47wL`=zUhk%7AgE!BsC+?$Jm?sL-dYIa|GLk7z=rVS^BaWQ&h0u|L&rjzoX=}~gR zTV1!1wfT=wcKT>u;AK5Q02w`ARd?C5jN#cqPm=*%2fDVWf8p`yk;&8m$C_PF{9Ia+ zH$vD1hcX1Yyo*2HVLfdLUm@nZx?dI8^jIromi~f__g$I@8k$X?_>CaCgql8tlc=oI$l~mTW-D>A&w2j8l45aJr z)Hnk8PMXPNVh|Lm^y1LPsjRpYF`96HCJrpShmIhLKIk^qUr?k#C2h>FSS8e!?*avI z1W|S2hFUPkr2Vwxtg&DeM(&}AioRPS=g~g=!*jS0{l_GUZw&x)CN(}@0_+n|OK8)h3iysfkt@_I zRk*RiqbI5gg|q0y28-V>Uzmh2_q@HNS2Mykvg~lgY^}5q+KV?HDPK9UiBSQze>6Ew zKnZ~Ma=EcRME!T%?nWgpF_B4o;nQ>?sBH$CP@ zCs7G*ODgGiPxg@;R+hxiE^xO}Yh`?P_>QZ1gkUr_LqC$d1z2v+TC`M@#9JeIUKp`M!IyyCp!b_n)YIRRS`!2ZNa9I%%xGofbywE>F6xl3YqNzUK1k33_s$0-)UU zN!S~*;Vm1NgzIKK^>509jbnGY5Gm4*ql)xzTHJ=5W-TPQF8kl1+G#QDL8V3F~>a5QLq0{o?(gNhrN_0<0Z_GGOz5TJ|VEwe88LRY670sut| z9l{ig%Rr}CcOky(we6$2=hz&sFY=*Bb>Njj|8dJRlO_X8;kC{+MUE!SQ>IHpk|EA; zmk|k^1}TpgTuN4=6{?m|b8GgTb~-<*L9UA?PNV7p@LCf&cO_&#`d$yjKBwCPUdo%v}KVF}SEvhGWI-vt#NW!;g zU&#m}F_$&v)gaVbP2d_ z@{I>gZ}l}*08D|og-QEng|H)28W!aXIvhB>7^V2X(_oM48O>U9fbX=IW(qdFF=(33b1$O#bOFBDE)@hUh8&m#AfR&g ziCWWQMG(5%5}wI)w7T?G?HmXkqC)H#hYmluf^LH?`VZ(GQb9qJ{cB+HN>TW!)^o#X z;lcO{g~N6vM>~FbDs#chvh?=7qTHlPrG5h^fw!a#V^QT2gF=Rh0#AvX4xlhpmvBue z+(=7$+Ol_>p#X$3!bb@>Wev88EXlBTvt5{{6~rZ2Xu)4Pvoe+z8ku;bq~$zM!(UYh z>_(&J6;bC;VO-8t2fV4tCRzZf)P1Yc?(yjmz|l~%{--r`xinPcv-dt*laGE=EamSA zj9x4eGOhv>Pc;(b0z!A|dsjSggUokF3#cdeev+)VEhas1b-I9%1o=&KSP7h$+ONJk z_;GRss&{DK1R@|RMH`79m_cHHX`|9b5k!)cVdDondB;(Xn|4I0%|CTt<00(8c)Xze zNIAl)#Au!g%-zUtW*^T3Iz1?yh6aVH8?8#oD}OrKswbnEk=h#BEUd3BAg0lu^w7IB z?#E1FacV5-+JH!>rAr<@orX~F-C_C^w5bgjI#4Co)qRT@v@_k!bys?H<0ZVR`laai zBtB5)F}ZG)R-@-~K4i4sm!uapv;AFfSxUG~mnJy&A@REhGhO&@rX%S( zXh-(F6IIkM-s^pume@@fB44Fokq=xiTF}h~Zfn9L-#4LR-PoP)d-Bgh+>yRmeKDH# z@3or(iXBIyk}v?8nNDEO!yr7~sikewpOQZAD-$a#6pXr@|Kv*UuDr^%s^6i% z3qUJkj@N%8F~*(?*mp6rZB3R7$T3$o&TA{wR#JY;{Q{rj*q?yrZJ7Rlihh>c5#yhV zbiV^kTew@Ne8tWz>ai@k!U3l9au;WA$KA}<0bRL0QR^Re=*q%a^Wr8{7VbT}>-{y- z^vk%fxVNWVB)y(`AJfilCOp2AXdK1GQA4hc5fu7$-)5qShkrRTFOzzrS?Ye;w<)F1Vjm^Ruu~3#!VgriunuTKe(AZ{;$LHbW@6d_Vdatg}5%O zDupc@L<#HGy408*yo7sQ8UNhZA+0*-zozmRw6x_!JWZ%8Heflqtr@XY!cPWS&k4yT z>4PSOE0+ah%t#40+Gwnp8y(*?-L!ED-F)|NFkpnJ-8JE9EOhXuY_&{cJgG>$NltYw zLCyA?=yL#u-Xl?Kb+T)*SQFmumAtEDkz7s;EEBmveAbATE*EgN$7pGJJAIA4>0)iv z+BkZ&BS~rG7|VXBK7n1KZ>p{$gl@$rmg5)KfU;{$i9fXBXAW?Z)TyX?bENcjpC1<8 zDhXgZqNgM|gS+23`W!KH2+lzZye?k<9KGvJ7lCxT@n^a|q2GKLMjC72J)|H{%Mn-w zMc~`z&$2Gkj!RqWr|PJ%l(qR-f2POj@G$ztu6oF*tFc36d<-i;uLOVPUm#q;tuuQ6 zYI26K5fA8Jzs_=S{vA;HT_x?)AR-*i6BUc9=A==EoUXASZLFBBta&-uEUmzH4SsK% z{93%4BAM^vCwx^ucXs%N?`)Pw8{C#cN1vh(FFdHcRCbbqKUWZ?_}%x%N_K;f*cE`b zh<(Gw@9H@QL>FybXM>K)`}NxoE7(>xH>&d9 zVrk%p4nJCung0AkQ!lBDx`XX*{Jth{d`d!Wz^Wyca&P33D(_VmUKog~-wLHV9C`d% zc&GjXU@kIE#Nd09|FxvI-r4TPTZ=sCqy9MFdmXt67&{{+o6);j>mv7Bms@^mD*1RC z#Y-nEQ!T;5RmQb)hv?_AUJtl77%z4RVaEhsnfMmHfq$=F;VAOFCa1`G>oRK~%@Xg% z!F&&UrX?nbU2$hOyu!kwp!^y`6CV`3BrN0mQ>nZsb(4micERg#ICr9|F4xEzWpsQm zTGF{_>nnZlN>>p6=)E-;?H5bN#%mux{|2zk$X|_l^9s}Vc`lU^=a&L--dK4LGdJ}c~;xj}%DNgeduC69ye|?mJ z$M$Bb7fLniGaGMG5`L*m`DMM$kZD%ddfc0_0k@VPk|i;nMw=6r!Ygcf-Z74i>ns^^ z>XCU8UJpQZG~-d_ChuX@;FbG4Nt$2<=y#zRChGI8rOiEyg=tQ`*e)~yQ(kzQY{4Y(O)asT8|&o z^l_XWKhn1>jGVz)0($`;cdiw`iH;UtyIe6hqAhNl)-3IiZ~G+Jqpor;Ir|-WK)U8d zZQG*iW5?l3w_vrtQvF1V z4Ma4F6z5=r*|Wr^^T{fumwp^+iR9F`k%e$w*XY6Cc~E?)WXNWx1z!r%V%!v?1wigT z_F(lvg2TKpsvd@y`zJKXSGY4x)W%hv2GV=7m;MVr?wF!)8=*Bffnj@DlnG=a-)>$1?g3ZD26XLw*8g>B zpI0DS$h)-UVm!I?gY4eYS9bYKTQdvoi3a;`_U$X)gq(AatMjbM$q*Yz?0@#XfH$_R z%VNIbIo_%1r%^`^FaON1;~&p@FMSGYqbObp{XkBEGK#+y!rEVS^YgH|wGOS8`OT*) zJ@dV)FW&?h-wb14e5H4@ECs;-^rgoTBU-1Q52L>CzbDV@sHM>`KAX~BsMGqq&P?P6 zU3ZRKH77s6arwCfMuyL^^ux-9^YI1V4+~rqMWydrB<%cPpbOhEPLD8>aI>&*m8`rI zf_wV@i(%A?&hhR$y*qh4tL8zVhK556wN=_*rnM*gbUh~TpRZW=Z=dJE zawHF|Jiil{G}Mx0{^+yT5xXovKU77YhW?N*WFarfm^tpDs&WTwkK7{ELqx6MAgZHM ztW!p0M?7<>cnQKC&-BquP{lkf&n`?!Nc?D z^sBXR=zwYZq=`gCV>hSrG~b(N9m7)DX|kx>mt7ULVuLI%bE@n*YrH`*w>Wt&X$r{Q zX5}u4>>gZ^zAQ(aJydT`-+E-)lU*%>?n@TU2lzy`W4?b=;UFeJk{*(n#W1E z8AfBu2cJqX7u*@v5!!-H8?9cfXG;*#tEDvX~uhB3re`VQTYYYwR$eXTh-5ltzWN&j*gbJ@QxWG3YO(3u41 zjM9c=6v0cr{A!tYTC3h~y~wE42T!U^c%2L#BToU^-q=Lt%ad{VE&~kof&M+i!-!ya zq8uNqmg;G6c|6dnk)?w)Q`W2R;erP&>d$qxAO zDAsbWLMzOQl;O(@eWS*R5Jq*Q@5pg&|Ngz26JP(fM*xH=%k3LQhJ61IYi}9UX4E$7 zQUQvUwm>NqDemrW#hu{pQrsQd0>vEy32wpNy;yNad{)c_K_f zr{(kXgd`u$$^1Kmao0;&Tf`5iwXMiHR@e54LPVn`1MU@Dikh!HUdyVYvIg5!M=E}_ z^-ewZJ@$e4kTu}q>W^OVJDW0YOx(gD6p0B@v6%H*35G1!fgc~*F-IQw*(FQSo%z-YFTHW-8P> zP>6me2$rs%h@jbvCid4E#G$rRX9qHLTXAbIzZ6;c`Zvf#dJ<9D#U9Y~S;jxe4uPub zHRdYLE@1duMWt=1lF~fkn2WdhXuz3p`N=uBE^KTo9^f_D98n<2qf63v9&(t_G)Da- zj-re1R)jA%m>YNe`r9C)mbBK7?%v&=9OPJ$Jq0Svfgo#&UL)ajG%V6*wWacJtpWyB zzxT7VwOuBF8F3XKY=3d(McV7r0*2Q<_E>GF7_Kk6Pzsp7<*X22({4j86Cjz$nxf@c zwoq}Ks1&_a)eA?ra~aFcDPk2n*xAjVd@f#;8=P00WWzMPH6obs!Ad~hdz_^+MrcSLV90L?32uOR)GAf~@~z0Dj*94iIy?;s zKcM)7>`z&BfaN^5Gi=X={Wt&eq9)^F%a}HV=udy=p*95_E*O4Iy{v}DA$KAA_~!E- zdh$ED?SjCl++Pax;>v#%NC$;I|hO^2zaFld#`R>7>+9a;SMnV{l9Oi>v>OJ zaxJnYx2la&hqIx<+wrEb~}DL-{?gv|AKAd`dmQ#>DN7 zZ3ip<=`A`e@B%jaB@v&3m9$qbmD!y!k7LsD9k0kQ>%ATDxQX!HO2LEoG#{V+Y#<{) zkP)vijeKT%&W4*mW_17RTEa5(HkC z!?fSTQnXxXl#dzg9vT zX)V@WSpqnnZx_I(8@8Z+-udZrE;s!E1@UlwoP#cN>a#xRRHn3bTx(*G-T4#2p&KZF z$?{K`t3dSKc>!+JZl(MDQ014Fr_}C~%<{OWW3DuU@+c7Jh|&va4?)H<1umzKj7*PP z0rO8%!z&)&WA$LC($~5Ga|XUZ9@{tO+!bAE-!mO{?Z6H8$B-!+_E!00H`?^vMf7m4 z)DP}p6Bs&$g!MDwlz%N6@0v}6?)D6DR%+KMXI=L@@No7xp?0PlUg&^N+9S(;I%-F6 zTvQufPvQ?k28OP@e~1N3H{#Am%>zger>oqpF^AwqJn8n?nBeIW+GP8za*;Ul|q{zh0)Vo%y5*^0Zd`vf6G4__}WSWcyvQ#EUjW%&_jJzm+oD`^h zNVGn(YHbQI=8DM4Qe{8VHlZ;nZ{f?W{?V~VYZq)t*pg%vF56Fu*&X$2dQFt=J(i~# zl&6|3nT9g2sbC| zGZ%E2&3xA&tUF^Q!WXYaBolR#224!8J-CUtC-(+5@H;1;NpQa`ljCyz?T4p_3Wtll zQSY65*C5s%OY;eQ=C-@0QaQ?&zVYm-1x&Fj6DEo&ro7?uc!&dv*bH+<;`6l;wXud*7V5pIJ+ z>=?!b*w-kXwpZ5u<0#pm@L6k95Gr(je%QJ=mPnJ7HO8p8YpyMQp6Qd$VNfHXF?gqh zVXYW3k-7~-HOShnsaRo-`kc17re{qL+e>tBe)7g|SzdR01w>aFNvQw#sRmIx8=b%l%WG*zZccfxO{Zrq#=d!pm!ZHY z3=Ky^caTDiozh1~zM^)WnVMzX#PfTa+-J34noV+whuzKP*QvI)AogH8+by*=nQK&{ z*ZaofzYd>oj$|{L)^CqrOM~R?^RvlaDV$e;CE=+8ETuCDwttz#*I#R;?M+_6nG`-w z5817?iRd zzG(S@ga@BIS(0fE9yfhGhOGzzT!jYB6tBG4wTYUck_Oue=a{m`4uA}F>U?&>Tqmio zdMm-Nl4#J8B-P5667atB%+5>k#3iYGiH{x*RtFNB;fg1U|bkY|x5uhH~+eIrJ)~KeLN-MEvN7`bNiRxo?M|G^m z9v|Q(x0TV19PX8GphsA=J_j$o8i81KddkyN(vit9v$8M?FsIMf-B0leHu4WUo~d2o zFpW60u8$06w2S>W3Kq10+CuGLOdb5~dk^48^ND`rG`s}eayN>YhwdYs@)r|H8} zABvEJQq?O~M>BiGwt+M|2|p$!{Y1%$s6jh9P_0HW__Ym}RV0MwO}nXXR*CZ#UBT37 zciY#_SLq67$w^0y%8JE3pMvbM;US*?!e-Ii4N~ml2{wLYook$u^`EO%?%6bQgJ1ED zSZpj9z9j39)veT}Spg3opQvn5?k-7g5|%sI1MA9D%SSQ7+eN5I>t)IY1vfuT6tXC5g<|iGPV+Rjp;g`$1rP zGACOXzQ3yRD1lNoGJmi4NslBaxZ47X_*(!(IMc{}D=Aj{Qrpy`ZjoaH9?r*_BuW7yl{I8{ z)o58a8t-(YxT{@GN4elZwS=Ho)_JW))nq#a8H>wO#&XoVqGBaorXgoHuZ&z`7JzOs zTlP%OP+TJhEnX425G1*S7}{q?RRi)7H;fHN=EMhb8uo+v;u~U*K6G8y3auu?J^=T| ztcO94lQw3C!mY?QDrC*dFL@63E&j}aRSmU6g-f=ZgBlQjA>|GVze8=d=M271@o%tu z{_VQiu~&GCzj>P9*z2TlysOsQ)_E-Vq%y5%H@`DZHM<7FTL1$B)qFIZfn4?hgS{Fz zw}=PfR-aVImEePHoN&Xz>C67rVbFMV~8n+$hi;esQanQ=+oo&b~!#NifH%W`Orm84U~YYbY0JKyes zZ$0PFhH_QqHtsohme^TVVuH=fE>hgGwh_B|aaB#HTWbYUp{l0*(sdT7uN|`dWCoXY zpc$yhO$V|a9bx~8;g%xVE7wzA3j<%GsWrL4WJ5#hNWsfY^oS)GZJUa1)(L5NvgQ#< zv@`1J;pb&Wenz@(u9NP0NKK?CE+UH}CAT6K1ua+{#=aTVwTd?$jqF9Ohb-@ix5_O` z6$2`5z{~XnQ510y*1xiC4~p5pBLX zpcjxOvd4-veMYtro-@{V0(uvZ99H^193*%^n02mTzjOO%O_w79L+#*R@sMXP79#7x zqZ}tV>#2ZuGKR0ln&c0PQVVn0Za>;Flq;Dxc$jczwZ>>o6L{ZIR?=FGdG*Pf6fU;< z_$S4x!eHa)O=cUgaoL~_O-&|#ZT&q`32nXDzW%yU;9s=X_UB|LtUKmpC{k55)@WV!Lzc z<6heY2s){I<@tdguR}?<4Jh~RUCwZvLtvdo!b=mp@u$~NEgPOP)5u|EBcg(~j^t|H zwxXJSy~@pk#~)u95y_@;xz8G{eA>XJA|~8)7EH*La#Q3$AZD@v7-F(*J~*YjMA6~l z-umD>%&5>)fvu&-XH#4r_~y!GV<{}t^&jn?rili=zmZ}^Ff>_xw4;LO9Qi~womMqb zA!)n9c+nmTfAZ#@IE*=xIaa9r#f5MPKI(T}Loo205x!plp0fWqulKYW2O)fx&Py~V z!3Jq$&XoTjlAd{S+%p(&Y(;0_Ldbks`NB}|)Y9CiLdbcqAHR%#8ws!t$ylb*9;j!1 z2-tA7>%dTd`ImseFQPr7LP8k*`^fXP_ZNxO&26G-vHbdyQ3u64gL%hCWAE;kRV?zz;ofRLoiE}B?zh@oCUK`r!6WLHD%AN=_gWJ>!RV|?G*Z=}_fyo^-sAa@+lkx51GjJK?IklZ~BS z(9Ipy-SgbbB1;v?vA1H%+7E%27u6MN>ca%kq-rN%sr-6XtKRl_EMn1YFX%@~khTL> z<;xNNI3X$Rv7cLth|j62TwCZ`P+xx~{_U0yttm!kcl^UjAdVrz-#gHqv?&ZlSrw=A(P zgcu)=+$pR0JLEoKOCXypo%gNk(%}ou6=J|Sy?5|O1s*0QnHTD)VkOT_n#{zz3{fs8JT(?$~ zAoN^ufX@BwNLT!@C&QCM-^dOu7%0}dsu$dL|E28?{vB11>5Vo)ZaSD47Kl@)&5sXdpb)$ zy{g8G=EG!2vK&w2OMIxMwOyakicu_i?Z3wvl1!qb|4W? zFcRwN!UpVgO0^^$`CS;K3}|JO%bWhD1NC!DNtYwJz*$AYTWfqX`=2|fDx7ZtWkR<% zJ?-6QygZX@I;nDmq2!D_E-0yYY3y!UgGfG_!)almuIX7Og#^*S%w-kUtBN?{&0=9& z-`8U|DWF5l>d{~5;h=;w6`Bd$9C6N5UAC!)?USL5Z*rn=(A@%S~=&hRJIVQo#t{Zw=8u%!RD9d)7{&xp{}F)vAm-Gj$`zd`#x1s+`Gj& zk%om%8E;|Uqtnqd@z-vm{2<77fD<{{JT&Q2o8%Pby(|EY<cH*fqo(%3Js7EGwQ4Gq;sI2LA!tg#gn;p}@*?!DJ`yp}_%9C_-gxbwm z@D^v5DRf{1yTFJznqUW}KcKN^r5!})rJCiMrCQy`gI zR%ec$rt3p^uh;?UFmLPfvn$!a%+cjJJ!1~yataBl`0JA#3(Pls@VZ2_Oi16 z#j1=Hn)SvF!p^w3T9T1h#xL>-+$J4&+*PRLuB6g0wC+i#>3n$+w8yW_N~j0~ zSyG!h04>&fp^ytdAmyFtx3bOL>0(ZrZOI_#{PB2fk3U@6Ro^&=)MaVE5f512tTl~+ z`k6HL@bi{>qY4AArX*V?)0DGfE|lz1N;qAeF`~O`a%ZgSDWu7F4QuB)11Uo;oP8Uw z`dYPcz2WARYY&&c#zk!su2}t3iv`n-sP+)OY`K@^1(?^6@+M-1xnp7QIrDo~vJK#{ zMo=mV56zuF+{;|e9+~q6cdoESrlh?fFN;4-eZsI~PflY3Me%iT^sk8tufiZw$9AoZ4Zxp#)=!GJR503{X5_nxYgqF$rXgW&4hk$?!I8b| zJW_^~_C$FW170@;NII(Qdt!Uk2tLHF)~~s9XC=xSA9*fYi-n&0Trf|EW7Rd6xf*W4 z>O(k5lyN1(k%%%yV$+rsazO>=2Call3Ne6QNz@+#0bYJIWT(TVsRs6pzjsRAaIBkW zaXsAujE)tJSFKFghf!g1we=>0R&Z*+nW*#89m}KQ*@tQkeoPp3QOX;z6mET= zI2t?Ia1xllX}MYR7TwjClvGm^HrUj+I|}KAK^BCv&ilCsU^~*izU{iVX)<4Po6Oj| z$?*4L`ri=BxCVAajJ?$&P<(kY9HzySQlO+LPPA^NWV{vcI;Fsg_xTdU|E^HfTv-7t zPIEv|BL$j?cR)ynv`jg4D|c+^iai1JcEy>Z2|Z3psmKa zHrk17X(gJ~>fddX_?n9mQ?8mg@a1nwx^ly9cyLGt9QwX~;WnlWoi4$1twy@2*KPs# zQHCpS5*hVRY`s$Iob3KhUE9D&{rD?C{A)yBJ(-vzDak{L z+Q!;GWb(Ga6RZ@_j{*o=M3Z9UoASybt)w0KC^;qeWmAfdPtl;X+KNNh(ea*~4H!UP zrnVy&`4#L7a~q5=Vm#hbD1{{vo8>X3%Mni0({11Y8f9o$58g#hZPgz77Reqj#M7W5 z@O%E7(hxvP!A4DuPBx+%qV0QpfogC7OY9$`N7^*=Lq+3;oWpyA^a-noyLVX;+Kkz?zSNXpqEJ%$fKdk%@py$5~; zzj;S$KrXQY`IIK(`&MRxLIIF->kH-56n!P^i#qL^Vf8?14HgY@TpT|sW$S3y!4I_! zf+gEJ_koWDT(2e=&O#LFh^y61qf^I8oby({g_O)44EnEk4(eN9-x3x!c*HpwbJ@C7vxyMo_#6nBX?Bt-Y@1hEtR2C#44D} zN9(Z&t^#DVyjr1FxD0yH`y+AZypxiGVOa)--!llXhBo(X>3h~U2QvJ>%JWw#_;^<{ zS=oyL|2(<9I3w`+lGZ`UT|I*^@7yv~-G;**)qYa5aN3LDJAqcPtjkd!wp*a%ek(HD zR+QAuB1=;Y4KXS}(Y7{$Fha5k1{M<~f)^lIbxbjPwe?-0A)|WKTgvF+DBxEal6Y)c ziD=4d=;;@<*Ox8>nPPaLMZ-opy0o49KZrfxcjmrj%BTaM5>;GNqAH`dza9hG_Hw!g zK6=aWIeXfLXwD?L#M@+t3UcDyb*COS2`Gd^BA$#R-S7;Cdf{DeJd1Npf@rKc0tV=C zZ{6_rdHzjOfsk1|lM)^Z#ew={z%CY+@v_Q)~HwkT3WInNa7e%STT4#umo)c)W=jDTpPYU)pPvMB=j+ctkwlTVLT~ zgf6??Sunolh`U{f=3J_=nOO0jRSxoxLvuTmVIrPd4Fa=45bBbRg+AD45X4v$D7|qE zKm35&vsT4eizWRC~&C&Z5F1MpXIi1&2#_&*=A?sqkkq_7dbH_X{9z8)dSiEA30&#^i26d#jq)8; z&7?x!VEp)01h=`2JZ;*i(t}tj98?jlddjki&V=w4n*riddUGpij%-=!<#}JGEv!N= zQmn5>#H6k4xz$YHvDJKwcA%)3qTWM5$wc9TJOi1x=TrvL2wSV1g{yepiU>-je+&c3ahud>(<+$pa?yx0sOgrTxIVk)4fii{%793pmA3+}9`~)#j7+&uH>bvMbA-FZ*c9 zxglw<3x1lSKw-@i4lUTZX*V(^9CB@p8jdg4tbA;l(GKfPMZBKV{DF;pZkGE_MO?>!m2N zU)-4=0i;ETE=Y1&9%-|o#sq<1`ac8DdBknV^1dDG05MCTGv@3s<(pHxg!qbryZS$(+U8Ep6ANC~R;9i|gM z7i*dTX@Ykm8@*S!7`?$T#@e3#v5trjPc>IWgWN8U*UW?@Dg(U?IRP~=nw7_-b_Qwl zZWh3onLvfnTe-tf)wPu7B5!NSCiI?c;-T^7B~_ofSa$#Tp?i-fLvwJjZW@Td@O$nd zi$ys)*uA(dQJT70ZCf&Kr`QM1Do1ldD<+cJFv8$#>?YA)5*$9GOm9@rBeW$HU_BXT zmR89Mz0rZXlg-4Z?!F$)1}@nt(>78FY6?N< znBn)*BsBa}{n|0+qZ0+#0AtBPFuFMI+jA-Lg^M&dSI(R2S)ihg8U2I0C#l37Iu)a` z)vyMr9y>TXuq&VPVDAmSWodFggZ;h+sZ#4d)0Dct;pEHd_b{A~E{i%T zo#;Q}b2u)i>kbhaPStdHoOz&1Zm0l(ZazuvPw8#i785ehwCyx~W-|)9DvMo$<6MD9 zFNoDS%{7QknZ`ZZ7AaD06rWg585!Ck5y^FQ+pPLPZd-7Se7^Id@fN(wh?89jCb`Ld z`2Gz5Gb&S@iqcOFW1vz_Vg|it&2As$2c3jRk zVH9j!X%bA_mwqkYNLt`TE^^6tcrc9qKV;hjjgBx3Gt4d>;}PG&butzWsrL62s}nsF z5Xt;)EYbj99s_*EZNuA4l_DFtHoj5gK^auoh5%f9PsS%|UjoSxbA(XuUnEUPeJ5nx zW?yXuN{D%ud*pJN_?9Pim zl=?haJ%1) zHBe-O9S~(~<(oXllV7s_5)cn01$>l#bhA^|ue;)jkDojdwAg#S5EV()yDrtTT7$bZ zC(z9yDeqDy1nQZyUY7bTtZCSD>C9owbHg2B8m`IwlQ?qREj+Mmv%$Ga z^HrwpfHk!Ik{yEqpIN!Ijn&QuR2&pi2a$A2kew5fL>1bE_40 zGzJR4&NZGPi&eIjSe=m1RwVS^85`LWdS}uBTQ(oVjv-pKxf^dyeErA|uhkt8(mw$$ z?csLir5Y74?r5_vgc{WUD+v7uWv~8=`TGymhI^smA-Vtg<&Q7vzs98hOWyte>!rR% zO7Zxzzxkb#urfHftum(cH3S_OX1{9HH6Vtc$Nvt40M4`PsUqiG*xyJg^x5yl^^=#E zkHx-UNJfp4s{4gG4Uf|8e~$1I>puaHKkrPDI+VD9gNwQek^&7$p@>}pT(J6Ippow9 zYaQV4GkUmc)hC9Zz>Mlei6Ez-r*KQX$8 z)(ly(T#!n%lRo|t#>=MLv*=BCuIWmrvYa;d;&S%6!f{HJreDxT6(~ITJ?oQDQoZYr zHO$P@f$*=c>R-0NSMychs_s10i41a)e71l}=Dj(H1q*IB(?TW5iRRU=@F?+mOVg?FEn^n%*lQghYE1Cje5iENvSTqE zt4co4Qqmx-f~r!(2{A1ojeb+fU;lCS7q9xT>m)9H!?k08}#iX;XuniX=A* z!e!>-S)~aCMTdhkr_NMyx>epukI*NvhQ88U9Yux*{+#o$_?0IgCSnPSRd%%SR<>%7 zVv2iBAlkh|K7^_CHi&4eQgg$ZQutJXa700)s{ih=QmU@FcE$iIC(9k&sOYR>4M4uLJiD;||FD5IN zq z3OuOQmWqQFCN9T_QPB8b$ea$5j7RvI|8F-A+%Zn217<=Of3Ze>WY79HZ6j9o&@N9U ztv@a7<@d^nH|@}%e|Ry^nKrRG2>z*rs~@#K!9$Hdq)#$o2Hxf0uvEYM!(bmKC#Ue< zcMeWr@A3U&46&sDE>h8=S&IEb(=wD^9$jD8xOGGu%JU|?Cz+C%VQ`UQNK=w%4@&v; zKe5qJE6xtDZK^7jCjr{?;1_TXD%z+*gF8+&i#w;q)p2(|Z`DKJlNSQCLM0PaFbJNy3pXg}0Lz`a`p}XWb4DCmh$a zBk}BIQsoz^eZIVmD14|VoI*0|m^K!u!|BNUC`2bE+xh$rBKRc{o;m8y+oZi5nO)po zERi84R`;eX>RBm8`b9$GHh8<{5X;+F@0P_@a0!uvRuJyNSf`uP;v@t?APwWc}NqjUV>Oy?Y~nu zPXSM@bnj=*tJTx;oGAI|KL5B5K!OU+G}Ctc<~bqw_HhVW=}bBV&k`Hh!UEyR(3UzS z!QdHg%)I=1M)*!QU%sp1={NV)jc=9VIKb%_CUbltvF1Ptj-7gIQk%C z5p`=sRW;qgaMH}0+;umpeKnu^(y~PvX@EqFB8LM731?YDo!5;ckqzyH^T{~B%_eNb zs5EIrGdq?V&nl?9Jx(iK<4#aBfi_-VYSwC}L@7fPq%1cPQ46PZM7J?jpL)dwa#k-@ zsTj@z%Aj*ythAg=RS7}gRflUbwPT0r^%=v5pmQ&ILiuywhcySkvV7ODg_J9clc>C) zv|q43T_!HK<2Wl36|tkr)S?SBYIG>gjp*2=p2N<|yw2*L5aL)&tPV38k-4#E$O@n1 zCPWJjHc*wu)9X+Dz-$1fIbnkxY5%&hwEZ;7kSYZjmJF7~)RLej7r_(laN=Xm-gy@p zB}k7^P0!ZQtfFW564n75uaK&#NC5_I<|=)SFacLljD#Mq8OM$O@YM{@n){ZBo$+i< z?b(In7OH@^%C8Lh<2USku`db`;-R+)IE!hJDetcK9=dRg`}_eQn1REW&RLKISp8P|Qy@=P=UJj9NA z1DY0`@)?LSx!66GF8!}et1>RiZAoJwodXug@8X06Ot!z zdO|d?eQ5oR2VF*$a_cl(=yN(5OqNM(V)>1%DE&E-u>9-0XTgxvM!CcjxV~c4ga``a z&-&r?SVz6l1Rg+Z?R5>xQj==>aQf4(;GU-1Nnz`Hj+VH9x)2;&! zn+#{Wc`fz+@rS+vp&OW+$JZ8G&{&v9W9mmiJhbqg34H!A(D~cj5>(fydjS`E5N~33 zdv0Gw?nm{^^Xox z9HVgxiP)+)iI?9rP|H#KGAp+Xx#ff!%fi*I-}p{ve=7L8>5Tl%sY;~{KLM7GuJ$p{ zbgv|CavYkEgCDk_)UtIs>L)0$!ct!V*V{V&Cm46X)t2SF%iCtMql)bI`xcrOrneG3 z@qQGBB1)v`9yj!L*?1x@q2TVy!dpW1;MaM=C}98qPYNJg#h&w^u1FC?&28E%MTNN% z6%zZ-s>z|zhaoK@2=-jIbIKSQMY{ znlWMx7u3eZeiz97s8tC!V9%jZj~njykDb|#|GAV{{Wu#^lRd}^xYJcBIxI3wK36u1 z3G`fKkIjS{xK5RFgMm^qSzpvpS5zHjTmevxt_EG2Io{%2jxRqb-kd21pJ8l2L->k; z{4Yl*(RhViANbAgM+*%K zl;Gc`mO5!IrXjDf&``3%KJzCVVJ)TopBhc$&|`5&-aL6X=*Ng`_7WQl+t8i?R@$iH zRdg$=o^(0hiBvWDp>bt-qKt5)7qNgwypz`?hbZ$T9K0HsS(W?x=3(>(e)LbM0Zquf zA7t>J++R)mwMD`MT?wp9{BV=^#0l4C3v=2$Zu605%C?$TA*tJ-=(qEqm{(jgI&unF zwrnD3Q(~ZV+`NhFLJl(&&CKe|TZ17KeUJ1;#`esl8K^SOV_jeqE3Y!;AqtaNDegr7 zK8?rl&{yd=F)UriJ7GQ1G~bwD0H=Q53{#^rk!f?u!rbRDQ(XV*NFI2X(*FrKVc8kP zx@E&?=Ut%ycz_?|mGduepKaEA0Sb?8qTepCB4orKZB7X4%z6Y_`TQs+OB{HWn4Z1R zB;T1OM&qC|Tp3ZBR@-Dgm6dOqJ!~^yT|$l3NUlN{;q*POl+hP^8fdkVp~xF7qQz|5 z#V?PkzWoj$W17FnhH9tin#Lw%2^Z-VoK-}G6|>DMC$L5Hxv;)v+YHP~ZL|R_&pcSN z79N?JhYe4O1&&uUa!|F$@I_8>Ch*MihI^dEwM`566yUo4Fp(%_GDWR-9kzQc91C;; z<|#Fj2UbUXpRsdIJM$sYFpT^`u%#jCOROH|-V^__F!e>O-@IH$)i6lES)LnC>*9k! zVP%!Wpg6CTB0;f*H{nE?eUfbJrNa?Yq-PhWgPv^{?7mx6Ug|%4|LkKZvDQlwYhF@b zYvtaPLBSUB3z{i}w4W4VivpUHgz5HtRPm)in=~~Q`e1d1oP4BRUJF^r_~L@SRB;~o zY19au)c+vPi=+4*I@N)Cr>@EB$=je3y1A~lp5PnvibN+zCl_WiH&GQ{=bKp5+oIXc zMqL8=z$q4s`R0bU)>J|B1bf_la>JJ`xnoZF(c6eoc-m6h8j)arQ3-(799HS$!+ZN@b|@(30rc7hktm zPN}q!P#d1FQ-mrQ?H9#{h zOLX3@d^{o^#P-mVia%ws_&cjQlXKl`mQG>L3q}&Ey;W)B05vjO;eiskskc=wRcT$p z8Rct`)Sd|{Qf#2}){ToL9wJu3?Y`x=S0W4ZVEwzvQax%w8I8qRP}ALs4`}RCHzq|$ zXSD9wL}GP_`49RmU0G?@g^7U(9YoVgVho2RIi+j8do+!^F%kWgg1OK*?3u7aBbZz~ z{qBO!LZQrf)2$(VvzZ9-WTGh^4}SO!L(fA9ZXKNbHPa=&h35qt2K;B~bu0*y`7K2% zFD8k<A@nCjfqYid9xm5lVZEw(&=-CoS zkIzDvgKE9PG^;lfhx<;x9M$F3k8N$8y~vVCU?Uy{mRGWp1p72<-O$+vWzjRWxuHx~ zh9sc|upH#c53c&+ovd5cdx$ZvbVm zDGe~h-)+l|YZN1rx$pPIUatlgT#NDyBxO%XPVhzIL9SHehbEJ7ikYb2BiH7$y@%QK z?e{r^A`3c`46B;myOe2eF;#juXci7*rxLy3Q5TMb?y^5CV+)Gm)SnqN;DNsmf(yuj z@;JfMFbHvxEWVjt|K>HK(MqDF`2nk)(LI@1T-n}NTAXU}nc}GSv4?ceE5gMBKPCQZ z2fkiN*tVh)rRb+jQu608mpUU^59Z{FH@`OvtQN*VS-Z*8`Jt=}FtR{QJXtq~bL zQ<%Vk&a>%1&6o9W^DTkPPWHYk66sq-&wU)Bz80AfrhuP?Xcg*YM^Q73SIPzNPybeq zpI$GZbI;l+-BjouYRew%-li)LMqgk?DTJA&CN?)tzU9@dU_?SfD5112OFe^QH8*g1 zS{V?HtVYap|9e#%oD*@r`|l+QHUIE0U#KPZyBP!jC070%O)wm)e+YM)>u9MY;XyEz z*K~&I5*>vH)tcRWE7LrUYa7IezXicR8u$-n{Ws|H{{lks5B;Ci-|f6lnW-oLyDI$b z)*F7h^hPht31oIRp(rFz{;p8mF8B}T&#*?{ySn?A!r_Jr z6e+au|H!mu#@VM#!TSSZ*AJJPuMU^uTU8O%5fa!edH(znLH!xLS_<2?-R{!Oi6a`C z3G)O1{~|9#oIkSBNu)2xHK^BcQS|@3dOJUY&M3qF=qJ}{O3;5z+_cPm$B>aL5d}Z* z=a%#x#daf{&ud?3Bl@7!5d0Nt6eA>@X**EtyT_I1#V`0W5w^C`x7P*zNI2`f_@-$N z%#(Z?HJ(m#YI}@b@n0SMe!tZR*TL52_&s@B6s?Ejx{{kI>_Uk`-lCNqA zP)`QUVV0eiv-r4sS{e%dE89^0q?P&4Vo=Yfe6bLL2eEK11E}XE)1AAdGbW5n@(X#x zKfBK$^W0fV)`O4`_)fv+Bs%eZ`$25NMDogZEz5q+^LKY7BGcoE!l!?X_V=L@!-fejxKa% zWF^x;y4}^~{=T)14*S|huyW>TZ*;v>gD2_M?G|pR$$Rs@C~vRp1zy<-+;)6!%jX06 zOru4uM|?|91~YiH{EzBdCE~@A?SzSq6p#ImhpqedKF0e#(Vf9HTR{_+V^PMzPJU)# ziR-OjAWTrlJu4Yp{C@Y~t*A1I20ub@?i-t@9T92_dgH^&-7h?PkX_?u`ZStS1r6O&0p=KHj)J=gqB6XM0u4#2Ni_5!v|GwYK%fyGd^rK-0>1kex)%MMCX~El= z)d8o_k;^a7P-T3ZYa&L27Q7)nN2vV5Pb57tTl)i_wb{C`?!7vtkO5miwC$vLW&o%} z5EF5J?}vdn!Iw*RnQp?xUzxuBKV6GHUjoVkd8&)RuU?HVEkUP&C-bK&13;*5W2?}w zk@(Tss*!d+_LvlwgxL+a(dY-ZhSJ5yVAK2n^NkF+;`~FjudV;c+{Y^%*yZtn16=3l z>pucYae4z3^K!D6L03Ba>$YZRhoq`0L)l0Z&t~rgS4hP4SuOe1%}w15GghuT4_7T3 zwJy+!3`b3+0G9_wPLnUuRBIPwoXYaC`Q_^8OW11J-mbu|9z33emHq7Twx0|BA|4qi zFWuzF^in+XhaMGo?HgcLUan0=SDoJRu37v=>_HLFGWcsb=*DcDF4;+H#-of?_u{Z$HNw{|C$Tw9EPluzRIH@85 zVZdeD!Tz~7Ut)FAj(W=Nq(WN~`*#e=&rk8hmF_3oVPsF0M=;{E3BUW(Huq?ZhwT#n zO+=01N6v!L$U?a4v)#XqsJiU6>rI@)hmYT!=SiBGa3q@iZdeaq{Vcj2xO;tXMcpoV z+M=9zmj2WX9rJ?kOu-MhfsYybvYVp?Rz-Dp4lHYs-`rQ_m;}F%LuVvw{RTnHxn}Bh zatVT|d1kY}@b&t;<|;9FEWnhl{O{RE6`48H93TR-ylR15=r(y`#3Dk1ib=Z||`vID5Hjgt1N#)^+a{q8U zx+*ck>G=4NRbNUM#!&**@=d$wLJQV9(m+*Kgvn{aCwY($X>sQsYxJPtvZB0Hv*f6~ zRDr~5S{IF?|M_Gbn_rE7zR4VhYDFlwd+p2K_||Dwy~Y}b)rwd>g+F;^y0>)u}bK<{Z_EcHmNo_#no#^LVDLXhIh@1Ilg%HdkfcEL) z(ErKjvHAsHptS#69wxLp7m5yl)19a2*w|=lX1prNxA)oZ>&B*-xb=gb849OlwU&KJ zf&1(N0}kgDCmWY0Rjb?P;q|3us{FV+_aGMPB@WWWiyNVFrlu;jHm8(VJBR*`y$ij8 zrF|Is7DB9hu95c~qQLREZT*Bc0b-2qm95@nHXle{E6PF<qJjU@k z@-W(p(yP=IZivUu{dnTLFdU0eti!_=+s}ym(Q;(@zh1O9&Nufq5%!EjuQ3RhDSK1P;X=~B z)7Ek=a4@EO2#W=h?VE#{%N%`b*a*5$r+X2nMKE@Qzdfmt?6&TX_faH+j*IecVJb0` zX>uRX+gg^)(%X8(EQ*M@iLw4}_+tNThG&cZa__SJE&SOG!ak+mK^>k6<;Ia4t}88i zI`v^9_`s5Z6SIOXrDGNC#E9WC?#cI9P^d(gm*p-^)-sQ`BkyvMBho|Y8282vwr>)2 z=-+xKyj?u`@v4;o&q9)N{Yl2)UgyfC?SB#XmO*j6U%PHXfZ)M`ySuvv2=4CggS$h3 z;O_43?(XjHIuJC$9rlplU-nz)%c)am*QVyfFg?=U&+2|;-Rrt(TaPrbI(ZuXy zdH?WRUBnc>c7BN!*>=Gp-|1ln`Z!_Z$B~OGa{2Hex@Ns{iLXtApYEC(b)xeVR7f4x zvD|yM@fAKxe-~G9@>YqR0z(BssULSUUA~+W+4atHbn?K3OSlzdc;hDPAcKRarl(+H-^wp57tbnO&TT-Tk2*gl`aRPy}$nZw;%ONe1S>|5p5-R-M6 zf0g9tKobf<_P28A|HNBFj@!TiIydY*I+=}I1+%LF1!bGPhwF>cq4NWozRysVztG$x z6lulpg{{N(EB~6nc;>d}N4qoD8SXps&UXIW&cgIAPKWzLBCV{qf{drAs1UDSlPSE- zikEidrB^)43n*a0=(Y9!OIEO|X-ZukkB5kd_7%u#g}Fds3mXJF6*&r5J38~o$-8nr z7m*m7cUeN|+N3)b3lbD!|LF#xG9ARJSV=UVp5c_!;av}{7`omp{x zrnlGZS*E(`vu@vcq|`${7xU#y_720)UT7+3A(025mdoUCCj>Yx>KugMHk%IL(0~l( zr}0xsuk9evH%m0hp9cg_x8#5MC5IUw9{d=wWwQfz`Q(c}gGefr(A zQgID0hA8Ig??D#I;TZ{xy7JPZcvvxgE6Tvt-t%m9E|!eJ{j@&g1sVxrR1aso37 zKl%f^IlhY2teN1^#FTc3t(`Rul`}2aRwrsxs~BfkP50DQKJ94A*Tt-S>IYqZMEnXy zMUQ=g3`)oa?F5kJ3iU@T+tld3>NhNONF==8IMp(W0v~{P_j4We+A$rir-YrkzeZ2z z{rQgv0cG=j0>v?J^N)O*J+hocpS>^qp`K)9O%EooKKWibFo~AhI~RMkzJ-03Eqyyd zA^P>BoT=TU<-yeIFWs~pOm0%|({A&mTVBnxt-k(E;?ak398RfBWU&Z#po!l2&Y|^(Vz{R@ z>C<69M>-;T#wTF~)>9*7LMij$k7_v?-!Cb6;gB|RkOoA)&q(ZL;XMM&?76vQ;DJ02os!{qv-SF%dCRGIeeJBF zvkUyRu4^hX@Mr2PlU0sBfI!m;dT;K0RbL1!TE(0%;1_15K_>*nH+OM*QHM`F zoKC0g`5s@`Rf=t#<&#yCiQcAgp>5D}HB6|W1&uX_QrA2&f-++cG(e3LOKY>QR0h`= zPF&}l;{(zRzdd}&+N;#eWX2?4dvJkJSP5Ax@b$@K26;gI!>dNa4jUO?yv8`FXrici zU5U0DAibeDTPkS`@O-~Uit2mzIn#jL7FmFje6;PZBh}3d0b%G{#wi^lS z3d0_GIvIYT^cr6|&uaM3WYwP>zcZOr6gJj8qi%W8W1*0dpR`_-^RVvlvTn6sp7BEY zw;#%GX+@9-D(eKJ`G=*>w&b&tiM&KfH#e;Q`4isNZz;ZnKcSFn?^o|h4ZeZk567&U zPr^Yssm#JgZDNR>$Z|oz0j>4PNf}C1Sk%o--D;ouj6SIm2Sqab*ot(#a@xWI#A9kO zS|iExbn`I#SCCjk2ZwWQJsm^;bBkHy{ZZAgG^NSw>z=z~QBT|ptwsxKT%s|HOiq4s z*r*J8Qws}hm$8EO_;&ZO**{ZcmKM(DRV%9v{>G@Exmv8*x^zQjv%G8S9KHzmcSb=z zck+68_e{nwm2%ooWDLBS)*lZEBGxtB^;@-J|1+yx0yX0_nx<zihPK8{%w^`d=gGBuuSLX}q+lq51LRv^KP}>=*H0gVc&R??B z{ZeYXqdm$Q)kF7GWq`di7G@d*c1Hl;542@+b3!ZF&5~YLaWMbec|F%$Q!2`wz&m%| zV;-4og|)fj9oc-7+DB_N2rd}jH(W2OZJ}CH*GFJ->Q8 z{V?$KG>NMjAp4#}_@D+lxt~4&=CFX4ez+4~Uc9qB_31m(52lMQZ#ZEb24bS>BivHd z9*xm`B&9PzB8W}~$6yP>x0BD1e0=?1#8P@xJC1)-tS&r2qeJ{XiwB`XU5Ap*N5bDx zh*oJDX?FO}Agg>pi;&?WWn8n>fdD01z zS}`{_fny79T&;sfB&y-z?EuH^Q0C&Tx!jxRb~ZuQhki3n7}#)fChMl{_l^&*u6(~z z=L;Eu?Q}6$mdfyu=|~bKbeQYl*xgBv{hiaT*5H-HxV z!kK&jpZqx4Q;&xvPrloykLoY+6K5K*{~l9devnHeS3HXsd2N==f}f1n|L(<1FZWRE zvgOQ)v|-%nFy`8uaP__F0zjQa3i(6v(LyhYZ^P>(axzM!oZiv~qy+x&>S3mB!>2{0 zKcv(4|LLPX{8;^etd7BbD2AU$F#Gy{{*Bd%#hXzrk--Mu#BE@FHn# z2^i?L)pyIjY&MtQn+Y$9pm6pXE_}ydo4woL{aE$9+i*dg`tZXk%(4{p>W{|1vs=(J z(BJ;@iBVEwj^DWz>n!?96Kb;SY;E@dYMV5pIop!4CI}@T9-;A@J9viN4 zOKS8M8^Y#8Zf-b8m)NANS4)q`kxDmaVsxO zHWRZjeBnv=75-w)!f5%5u6;5Uc6X#|wL#5?&4yI=`}up5Hc&=YpL-EZFX%?|L*;wI z!zcUbU|t=%Y4s?9X!kG|DAq1WZ1mB1oyNkWosg16>jFwQQG;*9`+>^S$FgfKg3jH z#*02`koZ$2CQ){J$gUm-Vpo4_9q0@g9yhZ9*H8tGnn}9EC4}_X9GbZP%m+1i4SuCC zrFL>wTaxW^=Dn%@>H^S?Gc#<6XYTUamul^9SW%ZPAW$>@tI|aH85b9J=`mN0Ry%3r zvE2Up4K?wysMlAIgjFLMBqdw2Pw8>JoNeb}K@5p%taLpo#%1L>zO`)zI$UGDuV%}A zDcFI6UicF|Lt3e|-P=;e-=!g|`4!~F0r10a4$(LdzNuwNR1;XrQ3sw%TO?d{IFOv# zU#_Ko1h!KZ<0g@LrDdwA=R24;x0R$&o{jRw*ClX~%4HN)fSr(&mH}nT^3xxlYu#<| zPfAe1%SzKtlPmmY9AQb28ls)Z);12{!E>W!AwI=`WTuUat{$koz5$>+C=X@4jKh&7 z3jhReKKg7315(k>6-^w$3-9{3xK&so#dYKz9wteqfJ30}`t9l$ zwK?l#0C%<*I&@$6%=N_2CW1@U2MDcE;9JdWif{TA3L(jFI2RWDVzw%Wx94kzA;tvl zNRVQ>h9Iv-_biN49e=4&sV)xg(7qf1yg4Qnk>P}&Y75Hd-KHy4Df59+(sDC7t7p402gzdAJs14(P5wY(xt8h z?w3?uF@b|Qq#dm^pMS24mJ|G?+gVR^7-k80Tnlh?o2r|qeciek(duq?H~ zKj%*f+@1K8X9+~bfu9hoF!Sm=Q+GdjDCOR7=;%BGPlvGA@sE|@h#*LZd#p4Vb@`(0 zJ8Uk@6;`skIvx*6Gg6mM9YG!yawSxwC{mXDCRh&Q{H^l#-un7@1V^3#oAfO!Ut@YBI|ba~nwf`4=D;<)~Z=ZZIksRSs;9y@AD5M5!-8 z3DB&FE1f%J)vMRyNNMi6q~x2j^rzB>obm%66RA@^1@n=@qY+))es*u|#&3|WSffuE z!)bcVisz+ABac_ROy{Z0H9jDSyqRUDFmn);E@pko$IHvA=7`DPIe>OpP(HszH5B;L z)8VW%gu)~fSzlqX;d1+IgZs&@p%Dx?EX=8x`n9Pf@8ZrHeBI(Rb-+D@L~Wa>@}S28 zPAc}<0x0SGK@Q)3UfrTPaS-KN8D%mG=0*R}dUu&~##54U9VKe4jR`hCmbZtW33>+i zfE|ic##nyx%D_mIka2Jx-ewMy>05-Yk1wm)9n*z%Ma&tD;ypRj6%9p=9~YvS^hLI` zE7jpQ4o?<7Ppd+OiuiXLt>Hz~YJ^_&A`E%0%Y)}{kg|5TnWsKpmhlNk+Sn$6dLgCP z%p~?eNS;n`$M#yOQOzW2+{mNPS1){4V%*dn%$K+XCx9)E`zs@Yd~Cg+Yd@^WUyOjc z4{Jvi^F$~qh%6jW348|&!@tbXh6;NbxGHFI^oQ>?Lxu!xWsI-d#1~@ccmTexpXS{{ znuT#B^6H~FPg1ad9T?CeO>I>&aw}P%AX^say~XHHIan)QeQ=BWUqznz2DOK|bpZlpE!!BK zLsW(gh`71?HMul8(x!!!GO9M$w=fk1G@TRKqZlCMaO{yuWuaOSt8-5dI8ELpC~X3- zreKuvpu@vE0f_yZzO-a&RnMVRdUbFQts6>*U z*Xp&|vLzhItB%IKlw%z$kIpec{v**D@~FgnHDoi%iwL}x>aSs)Ycl*}J)sqG8VHi4 z3C=x?`TO@aF6_2sMl(`_(i1l53MD|9hP3Y>0Z28+pmlXEDwT@^+HZFrem)M0Q!UEO zsDOC#Wk`u5#d84lA#eat@GWW_S-p017r9PTy6NKjvqgk;&&%*nRrO|fKS>m6_Ey_n zsUR@)r6N$6cep$^Go+0CUZ*M_f!lA*zuyRrV(4Yy1cxj=YtlX-iJ>zVqy#i=%50t zR_mU95}R*gPSZ-QfSNaQU%Z+&xmGK&|MwgDe|2WLmOj#Mt5*=odO}h!=iWe1Eh%1tb1hNaRES1PD zNn?sC4-k^F>U|BJoI*H{Aa|PyiX@#|Lj72=3B{{Wwrzs{sGS-U^^#ei5;{~shnC&a ze?XVd#%1H7`!YF z^`4ll0$qTe@ z8Rj)(E*r?6Bh6L`!};w@r{Ndon^f8mj!gqG=;80+Ol&YY4Whl^_I?$+konqO6>aN49KN6upsGv_ zlvf#)5zam)a{r+3o~hhLdKNG+K|$_aCVpdY(gqxu_0qp8>=@{g|N3!HpZYiQT{p9S zsWEsxRGs9~1VT+QuneR6NW?#BdsKtjci|#EJN_C-5w+9b%onl|snMB<GAq{>MjJow+FBSrcRo33QdF;wypWn`+c^=`)lssO+_Rdq1KxeU0krFuT zWt8~Mg@;%;Gu9*ua^j~cTf(aT?bNT>P=GFli&*E^Vnpb z0zj>Q;OtzJ%-7S0V&*>X$h5(LaeJ_dN6b16M=PFK#fsE~S@cwI>Ld9=qeeGpKpEP` z%|^4ixo^vjC|J z7eYV%mN4xF&oFn!xRIKg-4{a3%`=o2K={+okz`pA9Rn)|;v?)r;5WL0E?I>t1)sxY z&)@O|3{w3=XiPiIJ~A2>vEy1&FuJpgNSiH=PH; z;$-?mF~D@KAyE1h!ZczY;mfFZ4p!c1p2X3t-m{pRy8Ce|gGKc*kCiViT7xI;*XhWO z1DuAL>Lk6sij?kSR~fkxe_6o>5YgXY*O`f?$|;v=ZJdg@YENh3uv|UR zwfR!cnN1a>ODnD^84GjmMlz~Hj>(-`Bl_p?Q(b7$+sAtQP;k=B28DE}_LX*)kJ?X4 z^&uv8mI=Gyhy!l(0169JICrhGf%dna4g{Ht&IPHGwK6H5M&&Q0j*?DNNRS@qp-^ZL3=K4lA7U?@rt5P<9yb2~jIA@x5w;#|37V{!sv5hcA z<~3DxpFyoCz=kDn{u^^Wwm;B9`j_Y7Q~lX(xijwk6j|bZFPjxYMIT7ud&0JNE0-u2 zYXlNFuK?M+$IJ_hdKn8jsMrOo=D7?SqhgZT!a1q^|FBBL6(&Nsow78@o+P=Z%;@+* zjyD~xM5_UX|9j=pcT6uIdyIYU%$#VoR%vkF(9yrKYNFvFIuua|(;t_zo{w$p-8EOc zNM_E;BC^`7Z{pY&PEq@%U*^u6(nU)qMV*2^;DC6;B0HvbXbx*xQ~avf24>%WdMf7! z-(&)|B%qlVh z@GEp3MK!&c2-iRb>&)H5t^7CTMjmMG>T$G$Rh`ho`CZ76L;|B448DJy{a6jV@yM zc(^uJZ`=bGnl=&v+(Ni7%inzF_tW7uVry}Nb(v(E=)&h?kAdTj1JSjCP-*PHX?c1i zuql{|gpaL3&ARf~h!MIP&!GCZMR{IC8TIBO0z1I5Z6-Jpsg8nUVujsT3sT%O6KRW? ze=cdor^?2-t}30j9xh+C2G#zO^L_^{qv7Ed z5VpykkSj@^C1$uoL30?X{MIa6$y%rreMC2fje;4xfhBRao%J>0MEOpeCrcl?e{2;` zPOArX%SJ}rp(CQplx<;EU|^?qa%BVlS8*RyKj2*pVg`;S5sTqL$=J^pg;xJLw|&F3 zxI+ja3mjZsq9xH z4F{q|;W-b>B>&NCkJr8HwQqWU4v43MJAGf%d{S^vKNr|^QM?e-JO|hOhx<#!!YXc{ z>R@bhCWh{WXOvyvWQQgbVBnl69&34W$1g&+1}HeNV{!F~$!x{hPjXwie*r;ALo8lN)DtDE){IN5Zqmzk{38lgNN0Q}Rglmw9UWm?yp~DGRd^ z$^!O@3wG}seyVfD?w=Uj`}zErm?ly6W)IM?JwujU)SgHmsEMgVwP`pBe#bkpy{m(R z?FiC?cR2sa%l(>Lq0n*MnRd7ac2V01GVeOx*L$2L$xx&_P)i+2`X0bs(9$`$#heB> zL*x}v=ccHK^ZA_Y!b)-oClYiN0Ja)gYw@mQ$R^x}F%6Q&lD0Vv>;LRvY*jd> zsqfY<>!YdvV{_J1oQ|zFqg@S0db9~jp*zIkde!uwIK(mwbfz|#&=m0~&?7*VRJ_aB z60|WHsLH-Y)5LL0v<`Ldec-QD@2QE#p^P}W~M4;U+O_YUyeRck76+i$;Rd8&){Qw@BZ2@x#G-lQdwJflQ2UBl-+S7 z$<%9&19L(7#o{h#E}fG)k2U#RY~X$3LFv_Bl4G{48P9(1JOD{+v+h)<{E`VWP?}}J zJCa84n(Tj%ClL$&ul3+D;CFWek?mjh=EFSl#?PVCduK025~xK2(U%d4X&IeHxTIcRg@p z50VEwj(zbrXpXt^;%he8aF1g-mnVfARcm_#oPN+UTSfDjj(KVF`%}#zH=VHW;+U^4s4`!~55N_yA%g{6|;) z|LJ+zD5xCWmIXA>%%lL(c)t;F5_bLl#vetWK|9!8T5Fx)@Tx>$OQadImHw`a2K~8e zyzg8&)rksclIUKH?{n<)0SH$7zNvc-2J}QvxyRD#{a+9R<2@lz92H`e?a}N?pTva* z!{8UwFJ^Z!<9V(`gPM;oSkvRFoHs8sU!3bW7Wt*Nm9J^01FcBXVTUET z7t`}Bl#?#>(n2Kp<2l3FO+Hh$IX@x*2ajs4No*?d@_M1huAmY(h-Y%WCJ{=k2^nJ1)&)9omQpo--Z z)G=w$Qq(X}tLAXH%w(Nzi#@_$TdPz16i{^|u0eCr1ml=L`-Ae|o!%Dz@ONd6MEX<6 z*rVX~tS$RoX{xp7bF)1m8Wain!;q9L!8CVe78gGjEI7(8_sH;%=kXldTw=kR*u?_o z1z#3<5<^AA|X=mZ+c%URC@F64|X!^3;d=Q5vb*9B1r3LJPIb5$Nu?M z=zss}!qHs5q|oXQS^;t>OiuBl$at!S(C0SL475@?$e9y0Qk;|A;koXU<5`WP_?Jd5 z@tsf$%3HD3d5#sKGJ5?e`_uaVgZlI0OPJ-m~hA?;eOeg9E zct9=F-c&4yTQTf^1!&y6hCZ9`Sas6+S!{G`2ltzk1ri{OqjNbd+5s1>I3&O*Lt zB0YvqxFgR?-qoU8+$<@ zkNX=kOFJU-bdj3yxkkOr(G_B=O?5Ix{4omAzgJdwD+s^}S`-D9XOZ#Qn8Y$Z@a=z7 zCCQ`0<6C-z;zk zlN0XxE(EsQ;_fa6X@L2r!Qe|;YagbAKdRlQlwO*`(C9@zk zzMfkG@ql%XNJz2MT!WRlxIe*MVl&NgI!qV*f)rIwA^2#E@cbO#r)ulJB_=^~lc$UB zo9i8F@cM1PaFZd`tYW@cs79>8@^B-bWd>VVnAQ^PkBn%NY9i;a(uOCF`o%Y=nFO-*72FmAK=Lp9a= zH1XKKm38KNDd5$Xz}9{}SsrjKMw>uKVz`5dpN{a;pk$rb?T0*NJ_^#=^n2%Ui|xcG z_^D-Aj0k!EbE|>>qor~vV~U5`$QKczQ;OdTYOOyI^kSdyk#28{RD3y%j#LOkbClpt|!vR)#-f`JH$9fd2NwnI^r-nzVO0YCB@eSVyX4B}J z$9Hu=n3N%-%iW?Yh(!Jgu*yXSw|FPEbPc9iR74 zeeps2hf;417N>@G8XwgQ8XC!{XMIi=Dzb4rsDM3m*U(}!gOs$Ecorv$*|Z&46soFA?wG-V~||(fCjv34>Pb4dmp>M0JW8@oKxW8D*^Ny}GB$yNl&oYk{gsTP7PXM(e$+Qw2 z{<3Gn7-Pk@981%VO;G^;*~xxsT#n(hQ+Ej4J9X2dk}}fZE{B|JU|4u$zx3+a$esfoj1Fy5dlB!>#7_g-#-N_%P>lomB*5vYkst?9^lg+&6^-w;mm+VV356(pQg7ZNOjP}d$-p94ozNyp>zcouywHEYov$*mZtdAn ziv3~YpD{#hhy0M2IT0qz&sdbzm*_3)n@FV{ODZp`z=NX%@~0JEZR{+aR0+lb+;{Fa z^*i+C7s*@37I&Zig9j-4i_JDzPdO;|Uk6E{7unT6mg0cU5xs^Z@+8vM z^G$+1LOGT6>Dk1hk0ke7HD5?sFM*QgP~zGZ30h_)CQBbmFR*30fzUM2VGUTE8gC>I zBoD|5R4ctMus)zWf>`_*0m>sOPH0KjRBE33g-iF;RZ}RtPnCO~s}W4&;*-(SqE{6T z*<56mnDy@D?YfwB?@%zenS7I|NW|l=q|A4fMrglok^n0BL6_}-Ng5f;^Mx>Q=l?4} zahP{oMCt{PWMw3_3)ONW!{?DiI)#%1Q?N7nd$m5o1+CouHlg(cBLwKoTY1LyjmTvjm3Dt(^ZK% z^BT4Ak%XDv@r_wH3)J?pnb0!(%q|`d3XO2Ug_bPE^g1azA2Lehh0co zJ(nVebX1+Y1d46)Fnd08LkH^8tg8)ytz|O%(fSGkjSUqdvWJa3LdSK zxRl2ZV?qjg-ZsPU;*G{w}OoAqhilAP`+i){~gEkIPu`*t`OI?mp^Sq-Nk zGq7<|{S3XazrB#I?WWFr)yRA~nYM(?U*soIQN*v}y)rB{g|(P{Q@akn?9x7u2mpK1 zfo*9?!com$rXXI`LSX0@M7FRLs(5$%jLE$eBvT6bRf4Ot9b1AF6PaA;?V|Rp&(y5M z5fnN-K6VvQ6=MAKc1{yiRhXr)DesYyHU>n37fzj}FJ4RjS1@eMbx6yxW!PPOlxR_* z<8eD!-BFKZJFQ9c()?x^wfY;dp~RmihYkL!E{SUlg;_Tt(h=GJ@H|{ z1ZXJ;Kb?qtky4I2rLiVqO-)Q?FNcS&{i_&IF`5EbV5IC?@(0nHdO$PrS7AASlwPrj zvnZ`sTN5^W49L4YdxSHIj=9bv0GKM1siPq53aVWI5p0?i z3V5*CbD4|#V(v{nK8nZZA{BS2NmNkULPVj4x=tWiMhu%U#_=x1B}~QRu^(QH2g8a4 z#mbnZsu#l^Z!3tZj9XWHHUGYGJKjcAPw;~9nj*`}0HR|gRjJ!2Kp%5CVb2kZI*K`w z%mF31cyUJ7I;5w6C-Sx~>n4hGu;XX*Pyy{pDke>DsD=tso)@%ao;PBn)Gcf1=~g_F zOQ*tWs}~fR0k>9#+1C~Z;nnCJ-$}j*w=qS}k=bqEgm$wTH z0#pdiqfh7Z>kubB7d}bb>doAMGGT12)o8zSt8$bk8B93)cm(^+>b@pqv}y+cjK0Lr zHhFMYq4P}K!sLdNd*si#&VE1AANVdEVJ2&)94uD7@HySWH~G`obIkG0Qi{20;T}%V zHTm9efGX8NbI+@cxrTl~VdgXT5!pc{yZrk~i~-fkxc8$t>!w%^|H zt4ZQ%b3}*)h;w8mNO(jV+c!lr=e4k`|wPatlMB`iNBJZA=m z%;lsuJUpA6BkS(q9TCtl!fHYy2D|$S2I`9$6ZN-lI6KNRr1kfSR7`HD-wPmH2K6@RWej`!OWf)7#Jn3)NrDQSkEy#z zbXBThRg3G9*>$9DRMtE@xyF=YCm{jc7yh?$Hez)1baI^$?LD(!*QFM~*qcl1w;m%^ zqJaiJ!q=FwDBe(Yo$50LdW)4J(xP*<-7joZC)D$dp4D5wx(15C?={o381il(k0JX` zKZs7k^~L8+qv+D>umAZ2q{45uEEKKYq2Sc*fs_%rU1%ET9J7$#MBg0EFIHs`0G<3> z)QAQg86W~?THJ`t>6+etj_9Yg2K|r3$x@jU`5mBY=vbnyQ1^+Nu-{lYhFC;_HcZuG zE1`~04wE0Dt+b(GFx9cHXcZ_l-TWXfK1%9PXHbq4mu!s^^=0;TRF>m&8)I2RH4${> zd84T=UBFeHn;9vOEaFGLQG`4lv>^kkFxokXms zrqK>AeqEnY&ZY!7w?kH-@>70a)!}z>z`>;2lXs z?FEcrsh@n_`*8CWf$3DbF0w~d-_sBd0X(1nI^X;)6aisdbCq$=`+Ja{U$!M50XV=Vsw5F^$bJTJbu7`mOvHsT)ABT8Ct=rM$g8c$s7!ty*HFlRtiy|zaz;^Tg3*IhEMCxUD;sE_ zrH0O&JVaYmTt-p(FW7#rMdQ=T+;JMhW-CKQo-JUkF6nDJ}Rf zto``@13cEITXJpJswOXh`3{yNE{ZO)NTc9C4UjJaB&1@^#_DT66Q}l&`A(V?RXMoQ zjd2nv!$1*YvPqn_Ls;g1NnVb~jwLqe4#i6W1KF5OSiHV>0!K`%?R!?tVC$b@IQ&>V z0iEcbmc#sYQK8=!9|>oNOa=K|_U#N&^^AbX`R z>KW{Y`D$0L5H-%ne%T;fx)WiTKI`x|Wul~`OV4By!}Vme_%rRUMtqmoTAe3f(bL&H zGYgONVa_%ODA8Vt2b4!-`Tz_JDBqElRYuOtc??WfSOYz{gby@@TsUhKmlefH62IC+ zekBhgek$Z8cKXFQU&ijg8RFF}Gp#l_Y?;zsQuk z0fNt~3aUahGWii^^O?DDy6sdkkW$MQ6C4%e4n^s->WtS)A> zehD3~rpJZWF9BRPc;ou1MdwjU)BL;Ah3AkDcqS@@Q$!QB_ZmId%^B$9}DDySr zy;~O$X=^Zo=a8MAk^0WQ|AfV9$kHBLJEgo!N7hl8Y}|wB3_H*eYcC=xVtVA@RSCisPkqw8%r93xdlvo?<6K6!KPEsADTs^E8=~jT7BFxYeD?3z#;-jhHLWG5BsaWOGHF8Xb)=(lBCz##DmFX zBqHl(Z{prX%LPQ3^om~%d(L9&f}0l7La7&YyhCjwHQ(Eu`SFplj=q!r&PFzXQr%4u z!uMv}kt`8xCxY=Q!vEB-xPTb~3|_z%dI5P#T({tG)`C^QY!7UkFv^NRBS#We?$)Ve9>7&{sO%=)1A>a9qxWsO@Z3} z&2@ES?)`#Z6aE%vQvzoB9Y|TKWC(!!(hNxdrMDQ(<6~!6Pu|~=%vW|?#S`m^)p)&D z8X#$Y`^zGF!TodWlF9AXX~3u;;hDg#v&9jg@L~c$u`_zyGo+>%=}#xMZvk~Rt}^Vp z9;>)Ob`)Bw=e>Ok#=&ogb7Snr0Ft9?2I?pPW`XC(dddN*ck6o+Xt0S+fKT;C}ij;*w6DAV}M=i5gtY8%YJ77GUZ zLT+ns=wZIYtb_>-t9H|5?d{kbTcOw)^7@ zaDDHOCdkYgT;T=xAv?LfsiEU3XG7iJq?Jn8L45(9RbTs_P5%2<(7Opa>`mT(;O`?D z@$X^$>x-nI{`2#otz_Wu{r0~$!J+uQNA$lx2;KAE@%(%1&wq~3lq^X8nm}EBiJv_y z)*ZFsO~Ge_3w=*UyA!c~F{^CKI;3k=@K4C2{{ve%pjra&`^=7u!r7ztY^gqcNu%gn z=@%Ppja*Io4HsqAXlRxYZi}(4s5R@=vb{(8-AZWwN`5~8nH=lcT(*2ju7rbQh|f99 zvWA>2U&$A5yXm>teBcY|n!Nb?@fG5Xj#*GGXw4{QB$sJ|^a>o;Z-KFAZM0H$EzzKMYA>-J|H0Y5-WRj%4`L%{_%qbyni!$j%1* zMcmm=@z4wSIwJz(ntN6 zt9EqJiyc>|luACG;a(cuJLGv4=ZlGTmHqZ#VFX=_&2l~x;o!dqi8-$t9w3MhHD|~% zFMN^^#vmLq{fdZ1!@ll9OE^*}Vc(J3d$09$9nh zpqJs{hq-LG=?#U+iDIWuF<>zcggq1W9@99d^ILmRu9lAMh?K0d1IzSn&6F(mba`1e z`;Y@m`9;#48e7jRp;Q?qkN2A0Jr)D3h(QEp8XMF|oO8%8#lx7F6{LgrM7Vs3tD|(C z8JeN#Q*8?!fCh|SENJgKQTv_Ar33WvbQ|F;qy9H-E*kV{T}Qe!UE(ugNy zPM;2mEm;$M8$hmA%+-MSUQ%e;%-p6z$Ts8jr1M)~WH_$BanNkMA6yG~+EPVY@cz;nJPOIS)~HowD@%6FmCfftv7p_q-EW>3Jdv5s zZBL{`rlIoiore2xBF_kYyK5ooMH>J|4h)`906p3<@%H2baO9sI4tQeN4Wi52uvX1o zw5S_+-H4*Dux8&>?)5<7^ug97GPTsg;pC1H_ZkYFh^c$*`+Lc-oL9pnA(W0(_7-0N zoEFVb1*Q;{PcrHj5+0vV2AY@3N8qdEZ?acB^2o92O-JT58o;uaGRc?^{WN_XRWW$` zrw-Bgq<(0eD6_GjBX4VW1wK$YQqHQ+#=58gD)!V%I|^*_!IlP_F&%UF(3-6~I+O9s zNb)*FqUgS9PYGWzRsmjY>$ON&52IrsF-{(~s|i`rl=lYXaxkQ)vc@WMVS*}OQ@%Yc zRDEwbkbqKbLa)-aE6Aj&#DO+((UEQQ2oQKSxvsBHb!7C+4FH#OwfH9GVURPZQQNKo zw_m9$ibPlRVp3SPvm2hT0@XdLM0F9@aejT(d?mNqy2^p2i>QenkQ3^6viOU+2KU)H zLtUN1wR-sY)#RddBiL!f!g0`DJ+Ez8S7nd5p!K+KlEX#_H9TfeFL;oe%Z48%tNsC8mgp=+esS zo8@{sK4yCps-6i4Z0^f=bc5OD>)B@)Nsg;!{(|vh+>fS7Wdfc@mJTj_&(dqtMcGnw zXqU8sRtuFD6X0AiYb|R!iTi3TF;MQ0{dAPxBFy!IdaJ#lipR_{*s0S z_7|muJeG%+DLRE?b&(jetUCH{@HNisTme&aW581q%o1z+#fZFnJ0{J7BLL)v(R#+p z<_K|MHivug-s9fuzW=Z>s|THT{@v9*_>cIBm`6^rd7jLk!Lh4+%2(Gwh=!}&C6Oou zuACSLWicm~^e`qJx**v-Pti&oQXI!YfVii%TZ<_xF- zy8Rg_UW#MNzvBPyqH#7V-1oidq-!;|`K(K6N?j^?9eS?|3lrpt=tcOmO+&Yk8LCTD zX!^mOcpRnxN_bK}Zw8ULE^g(r&p=)6#U*0OBEC|k&QMXc#alv^>Rud&-|Tj4e_^58 zNdQ9wdZ!iZcUbaAACFb!y|z^WT5qlo@Kq*W`YN@PuD3oJ;11%dag`JS-u>HDmjm1K zI;4Z54aK`!d1WT(J&4yH7k4@?R0gy;ku>&n`tExgY{wEx+*tHA9eM=|E0%@0a#fbb zYUX*(S1KA7yzXFU2GFZ$cFZ*21}xaqeCDo|l+rbPAZvSGVG;W*qv|KSo$@Yk!H5NpF~2K&y2WSb&MsirKSPt9JBZRfKX_{g z-xdUXHVq&)H<;Gglc%9!_3ldd`O(;t=X2YN)ivvPJ}Fvlj()9PYF;HuJCg{sDn&95 z!5F-B_sH@E1G6kkmqU!P$rq## zk}iYf0&bPc+fkK8bg_d&gY=aVUP}O2s9JhI{buq^6kovkrxcbgSe(9>9>cx3p|RmR z5_+fI?wtU?)voO3k&dsV&zk&KedGd-ZMrcjwA*!D#Dv5#BV8qMv0Tj%2jEX-6$S@s} zKNe$@n%IFsoX6V>`b|z`vA}FVs!50^r`#JVpyQs|z1FuS6I8$*iu{5*X~liIGvgJ= zMin_SLo@5tc(Zx#BP%b{;xC~7`rLny!#jC{`_Pu|H&>Z1ype@8va!}!#wX2geMK#XF*u?_E);$6 z_&^9248Hs?V#YDtNojtC?-A-zEMHAsrPRaoCX)IVY4VD^x_r;$2>Y?cxkbCt8a87< zm+-_w5Lt{+ie9@tsGwjsgOkZ{z@l7A5-==P(E43;De>*-Y?S01ehWn!dOa?dR{+@i zTIh`;ftF_Oeet{^b3r?C0Ta)Bn^tF>ez^{Cr4Yqe>{`tJ>Pd3$)qMD&Cl#09t`c#~ z4^dYsVJ3F{EB#B{bgGC;>$d*;qOP@3ye@^m;@Mu)7@U8#4hOHq)>@1Y_kX$P!YJyD zvGk)9B&nTalOv@3*g+3KQh6ifR%OfQt#7D>-yjXe&oguKh==b?lQO{B2Ne zlMb&cJ}_jA-^OUYx|{_BdR110gQ)GcFigc#Qitj_)M4@mRbj zCWV55Ti)v`e-Ly2iy<>p30p6vu_qg8-a>B&3^>$j(k4G8d;X zn^*z1z=;)3Vb9;yyr!xGZYEGJ`WR}CO1W%A9-T;(Q1!WXiv*soI}i5DWl1DsZT@X$DB{FbFYR#tJ{xNT)r_V z4aOy%@SkSvd_PfP)oSm>&fs;Hn#K2E^;y0y#bpf}WB8F+5jLjBM!-A!%koYlcPF&8 zZOocHyYTQO{yi+Ghqwto#l?%&pg{YZZoZzVhGkI?({`BYq zoCXiPNF`Jw8Ubqubg5-#D?b@RQ&r_eA}yJx4U*p2kJ=GN(y~m*)CpXcRl!AGZ$+Nj zGyq8oT*)C>zlw^S^K^t4fz7Gvv?beutlRe)*=de18yl{*&@@*sfL(sqHt^!OCGZm* z7;>wDFObtHB^@Zd3cg_5ud5t@AMU}lD>e>_pU!8p^d5x$6bY@*3l{kPpdW6%=!!-O{ zDkJ>#sl0UbOjBN^B*C#fcuT2Ea$U`3kFJb_y)6XX8eg-t?Hd~Jn)&hX+LMDHlwMOl z^zzm1bRP;BoJlppcwc3j%8yg}xi$*s0YP(h6;LRnfg7-la2?SK@5oW-;LY$0({Z+n zqU=(uy43Sn7cyl(@`h%%vC92Xp2822L)5rMH3$nm zUsTEt3Wi~M9T=?{TiFggostGLjK_g%kQ*H2dw3fLl3*$o)GrS3Mvu}1{{dQpiZANE zC+^6*dIZzWbk!Ud!c_F2jYJmh_7VQz;z-1JCw0imUu4qm#+HZ`ug{gE85mmGxl+xc zQh3K1E-sw~M4ne7n9t3UdpT|Dp%OVwZR>gijmJ~CqOlY>gvULqmrYbH53 z;UZu#E5GdVGjdEM&IgZypRY>V-{@%y<``-pvMe+6%ik$CE3Hrm!^#|H!u8MWYGc%E zK;3vWr4jb2jqQ7pZxx6o8yx+>nitlKWMp7M4jqND`A>bSe9}bP7U6;A=j-_w2SJz zB83afUkUCeU|?Zb!1OENAgTWd)%=&!^I`D`y( zN>%eL)89_|LZw}{O`&+p+Jp4X_FhRNl(F$iEjZ}4EO`f#3W-N7FOabuO`P6g+U$EL zh?zhDjYm!+t~Uljt<$j5d#eBUn?7nui+F$qS6N7?qizr=-MLU6_p;s{G?> zc;(T%O?6{nk;N`E+ucqU40j!4l$PryWcW!ud48FW@gOmZxu$_kbC4>q#}Wo{nDW;YaAODkz|HyDS7MqGmZPbRARDB_Ry==x%`E;ss1`7T8il0h)26tz6hviQX zgW$3Ix|3V*9u(hQnf{?{_rr_R_gsuKP6T(Q13}X#9|%paRD{^X^DJIY75I1gsqJSm zROpf7kZ*b*26s681OdHRRCg$Ds3sQ@Su-6xMBlq;H$MR3_`tmQZ~2r&(|p@`@uhxVsi?^D&JM8c^)iby-=_+s#E+lfzs{rZ zjTXo@h<^lwSLtC6`8H{>%UcHOa#Kwm)TWtxvJnvicDvqinvMC;bXDuY+$?unG+d@LO)V31{HP#Sce&;;QJ9kuTi(n#`}PjZ z^h=)MCtV@$LEa42!@Bk|9cu~RUH(B|8P1uyLzTTDU|zWCriD+9Q_~lPcfmh9>4V#h z*qF$n?{C&gfTGtGSIUv20A!2ERmCw4$0QL*!Z!?BpBRRh$gt77# z&wFHtt&ie#f5`R6VWll*BSyKRE8iHd{6p{?y^2kGugZa=*)Buy~Nv@}ILn@N) zQ^%LeQ|KJ>GUl_9sOgVD=7&~5_H~LVdlnuY2zhN^M{&Bo$)}g1V zQYvZ?_SUP1%lV77OOdp+F{@{!BOrQ7SvX4{N$0sMuaQ%nrseY`MwaqI?NJsN{67m+G)5ySbq}(b zpGsX7Aiy;vN0Q*DtZC;-4sRuCo)UU&^%oKD9jts;qC5Gg9~CL*R4zGHkmer|JFl5#KiW zS`9wYWpL~6E(jF&e&D346?uB#4Eg=bdsAO~Svh4wEGS5J!O@Q^%5q-)5&r+w zkWqdYgSnXe2mRC7`tzsF+>EiIb<~#U>=HcHRBa<(3)S7rwwE({DqST7ThIKDC!04j z;dRt2$R(m({L8=N(@*zSkMNfxQlENB-Y|iW)M-!967>MmtyK@sXQq)dsefTn#HLlj zZ%g9v!DFVfyUE>&C>-iEFQ;OT$Z)+nU=9DB9x|HpauT5LDiw|zOj$Fev@P&k3{h4p zLdyiY`*Y0;WdtFT?N1b07+3q8 z-MPt}D#~(~l2dtzN6An-`KKn*BU>|9e)s*( zY{Ew|WPKZxze{*;-oC%w?f*q5N%jH?vA<4m@wX}F@Z=|Pm;WS*EXem$;7zm7 zn>HPex}JncB~gmFv!(pJwN2Mc@IB&XiYfo=UrtG75l(FQP^q<1@qrJ52j64i-L$-W z3H{a34zODi-qAz9a@!6rgpM zZ0oT1DO!xKoqkFdnGeHu8y?92%qm1KLz=h{UM(0>En7Lhgs!+s zX@J#v{|GHbT}Y+B2LQ^}%y8Qx_@si?pvPI}ff9rcmm<_p(b>PX+20Q=95&ek%>-rHV0t zA_XO~u%ZDhMWnr>TR20RFmgIO&I=Bf3`8tblVU=euyxDP8w)109r+C^efibo z()**s-9i%TY{PImx)$D#1UXOV5%uJy3V|Qtr5-cqU4o*Q7SJP&Y%lNt?T>PcW+5W= zNW<4WE7_*Q$P<~b!tg3%;V6rLAgx!}6;Buc7A^$ua8n5t;qns#Z(9{N&~+~cHH7s7 zG$VLMhL)vF1y6hr&KnQf3LGZR_CaR2$`r0Nzv%-sN3TgQaVCvjd%mL3_dXqp>p+Xf zz2yFqEnl)voXSr1YM$1OBk7w|*Gqo)m%c*v1s5xV>7{&s(@T|wpowRQx ztksR^b>`F#UcFA6iWsY!S)BQ{@A{Ezi-r(aT;K)8B>Rf#`ak<$sdg+UKUgv3g1*)l z3?n0pih4F}YG1=4SH4)m2dm~J_G3~L63{^#C*bp5v?qOqNDTJk>&qg;aLX8mb8C)z zcC2*9t%|td!|X#$s*uQM4GdmPGfVc|FyEv`kS8a;RC(fJ=JC_1yxhxyq0~wj zGa|!n?ZmlQBh)Xl9o*REKFA$=I_3Tp#-!}8#d*t}j#v49&bV(z7qq(bXzLbNd;)*= z#I0V!S*a?=W|;%^*X=Wj;W+26@qI&d0;eIOxjP3=_t~hvP@CvXb%w#3hm3a)(suw5 z+;)Y^3pRhR=D(CDZUUUQjSTa)*dzahseW~1&8!jV+?h|c zdK}c$qP~sAZ;s2tC@6xJ;jq`QL}izwutZIZ{E;?-R>hWRo^|`$e%p6G;Bbu+vd#xb zueXrj$_CC`coMp@?H1&W(crTTl_vV~XLz(C4Zro(67Je8uL8U7WX$*~x`Qn%?hgYeW^Esh@6%AB@6`^wD1<+-D_mQe)`5T?pZ_v;i{XgK zfb~R`IE<)8ZpTrP!jxhZntJFm#80N;+NaBr3(M!*JEPSgxeL_*h^-cX`Nly^MIqYw zih#xakzK6Q_drJ~HfJn-^=-Pn!^lx3%nP<=ebf2o24tOSJwkE~(>Xv!HKR|n3kvvy z=#&lbTCcYQ7m5j1Sxx?AiU)>a62B*J*~9qrxVY+uNtYPykKz;%q(Y|#p&~$`z51Wf zEU@?+X=B`~_IMV~;3m;g{a$SjTmy5)&R?I!q)7J+Q5Qv_gxuylnj|nJNYtmL(M)mDb+1nzOsDsS5cAJO(H44-z1>aX(Hii# zQ-|Y^(ybj)HQg+qff&8{mOM~ynN7SHkr6+ki-E7VII{c72zQm~*z&61X@@>$v{`J5 z@s5loA2*IJ9}WfU{avVrAa2ozFS4*$;;2aK` zVB}F9fS{Tp^ok@alD=RF{Y5$-6C1DZF5snM#Kc3ygBu2gEeV${9s#gf#K{Mzj;$i+ z($2lxM7-cXENqz#A#=h-PN{%~JhB=Vhp~7xII^OSG(cV?fXPuub$Dq;0Pf)ia_K!u ztC)WvCSSh?3gH70@FqKs+JOhkQbdDpfRR5>3C;)wK#B=Q0JC=ffgacA?t^5HRd0@^ zrUYI4U}L$;PMI2$B52?pEzn&q)^-o{Rug5njW$!MqmE(=f1x_ADOIQX(gQ5PqRe(A z5h}^(%sOOW(8}7^l?A!;1B7YpmcYw-e~`If*q;zC8P;ldfIZu;2bq)q{-Z*-vFQHH zRf+5qDqxvT8k@*%@5aRC+vLT^|Kf^R~R@6GHfoFmk z(krg)TUC9bFBxWq+OZ@q;Ae3p6X~5+Etk%ve76)s^6M)RtDi}Emc81;I6$D#a2-C# z<~B+0hb1A={!-!u+AlS-(gVZ#5#v<9EUPAo?K+z#UUp9oQa#G1x8}*43pcNCeC0dREk%!l&}sw&!8X@=r%5G&Qo@18bSn=98&mZlmd$2Q0$-^i>aE;&v9{c z>InSAL_nT-*;Z`EC2DI6cR9u2+^cRIEn~lSq)sem{7xjZrgEtux#u}wp%mpuo9Rp@ zLl3o44#0DgZp6nuZGg2T#V@7+9oI2?R1Bgz~oA|FFp_x@e& z2FzEi2!sD*6qzSkiqR)A_GFM46Z zBUFny@?cC2!WAEO%SQOi7r+_qu~a;%0Ag%+(D0n60k99HeNeB_A8VbD@}^)-yyt?R zl&;ng^B~)hx_DHJM+hdRcVSy+R@EKVzLeCplp=tpl8? zDzRx6PpH=6)j9oU}~c=fp^fu6mUMfU1{ zw?A0h-fgwH#Hjjv=@TT|v; zi3?r$?r_swMurrF#iv2rBAvrBU;zAXNBDARFr`5vYZg#9D-Lu3FntW|7DExdH5X9$ zJpekzx`G1kL@3l@X0(zi8%ZJXP~{!o;{xYy>cHzTc2#ni;#}ArORkofAz9{ft&Y#b zb!?=ncXD@)-BDDjt!>2B{)xTbrVy7mQ_WWN6@)fX(}U*6p@eqChDF$LgK=(lw9*|* z$J28Dfd7BnsF*ejCbgH9m!3WmbnW2fu3j(PLVWL_=Y~SXJjL4;XzPdnERgoB#lO>> zmPjJ`H-t^;(k$9Y>d+paV)w$~dB*KWkLfEB>2^MxJJQd4KD&GcUC`I=&Ulz~NK|kG zCx%`>q#+RM=-TD7mNaK8zYzG?5RHh9%jM!K`hvocl&%^9zr1D+P1&pK%Pfbaj?KLi z2SIgJEg=q}fn=DLF5#uk#c1G+Af@otZ)ggeK1<&Z#+u_bSoS3=c|gF2;?UIlREvm4)fB6*yz6oVhsQd)(SG3B zuh;4Ns~X2q>w1x?qiGOmg2E0>GUL(%1T9Tb1$k8fB{SLTa&saQ$gPvzA97V(OxgFs zR5Ek%gvxJ0jYl0RPd}tv&X%h-{M|UL`-k|nD~sj=jJX*k!$&yJkr`#%g*H9ug{zs+ z0~a~a^|^bqctb44MMWXtq-nBwEP|Z+>}u22kF11Nn*_g&(l0_?XVN7l905}tkIq`t zg5IpV_&$0*%m`s;IF92K=zfvOc^$Y?c`8&J(c(*|K#F`xUX8Yqck#Umo>Z_lsbycWM7=->?B zEfIbKSn%F@`C|jktz3#Eh4g=6VI=wAl+xH?nF42Qaa-XBUXW#`r|>(H>W%20Q_mG1 z%5}8;r|(8r7NC#d>Ff|k4`;kQPFNP`-L0Y}nf=h(1P_s+7{h={!M1yuUXT*qJ{4@@ zRgUC1Gd%fTH3|xbt&zuq(X~!7+JLeqIYrz4`>b!)dGvXtH~oaQp5!(;Pg9G<-Rz!sVhfRD#ubbgdpmE*&)pE^senc~A)-9t*V&I(* zd&}B?F1)j0r|G;DUV$G-7;;Youxw3S#{BX*M~ts1bBaxpg+K~emPqZG`QTKsB7|Xd9C(nCcbZd5R#XRG>(iXMRuG~2RwWC^LG%WqUEQ*D8+ApokLj4mk zTZ8bJ;FiV>c-3khD02H7TnQ9!La~7{W2mZEejvpMqqZJAipzx~D2r+VstD@ErvUWH zM7NBWb!OR;xCU)}dBQ`;qUv;LN1(^Kahr7UHnF)H1F-5l#4R$V;B`a#viGb6?30o$Hi4I^wl4B>{gm=;dx7IUgrvmk57hP!otzEh;A~ zAsTYJmFv^OGq_C?1nB=%FTQFB*m1eW9x;9MS6R>_TcLBn6dlrGR#0N84e&LQyJORry1AYu=p-Osq~ZZD#0Df^punx|DG@*=48IGl_fYC%mHyyw` z#y;2CxZnQqxc%9gc7!22F)eZJzW4|9^C*E-r)<*mG{LaJd)#F*5!Z;`f~{`cpWW<& z#Dr*FWM-V`+6PvU+3%ne@-X64^#7`|Ap>4nuIWE!{G*>_c^u#BFi4i!!x%*wS8b2Z z@!n_VB06ed0_eJT*#`a=tEQtXF?>BL-3NPM^S+h)r~Zp&Z+rvXKV$r}O{G|9w8o$0 zhzHyYBnZ`{^V0-NEI5_sHLNd^!RC-;VkJ z@zV?apBeO@50+_5Od9}L_gJ^uV9AE<>!m&a8S`yEM|U0af9&_~8Ya`b$D?LdA1}{s z47Rd5DDn;W}?OT_3zZhDH$rqT_aML{*;o8e`D;9Bf{yx(l zNVJXjB;qUx*Pp7M<9MG^^i427`Qt-p0Z$K12#_%fmMSj{2az#&Z5sckZpclxD(-i7 zwOJF{(~CUQLCkEQemeZ|YiyCyE=JY59PRGuUQG8spf7(Ty|z6n9_%Y{$^=5e++mUr zgFSXf!IS;dCsMN{pkjfqGBtfqDcRWkM9@An_$RyWm0VU3@EgRNuc={q*_Wy63`Amz z>*qO>>c7TURv0<09;Ob|`D3J+epkV6U=Do6wfDwlMQWd4)Ac+bZyD)|&1{hRPXD`< z*!@EEVd3}mupmp!zrxChS-)uf_Ig{iBH8M7$7F%IJTo*yWQsg}Z4u?j9ZQK)Or5oL zRVD|JPSIkuvcgiTLQbe@xBrIl?@^H9`8#oVSDwR{ZPs5)Z!EHkf9-FT7*^m8ikIdk z?D>1@i~XmHOwjj&i}AVxs?@Z|aC+1So*F^IU%%aL1jZRQ3wiFnjZGYGCS>22ZB z%i)q967f`s$pg8;A+j=&S?tlZ>jE1L7d$X|;OHRr6KDUC!tc%te-`jRo z(rdhxIvK~c#k=BvHhE-}*5`9SNOjlV`^FBeCViM^%Xd0?!tV~Pevb#)+duAsT+geZ~k7&>QyCso8|3Yp)-qsn7( z2&ushjJ@4AM{p=tv6N4A=L21))oa45!vum+Up0Lh#Db^iw;$_e;|#`<{IT5iw8<6) z9J0dWd4h7-AN?B3@QG%>jYahJ487W&ccvfD0K1JfEy`%zj1K$7X{7KnM` z@a^u~Erv(N2_VWQLr=fA-R!w;#SyPN@+9oqO$G(MyVvZgiz}1hP z3A@hvH^NcAQ?#I)Gr1WtY62|&uUpt(h>@%L6W243^bZwq^K}5D5G7zcW`)I9ezt-|=_w7~#UhQuz zAjuRSl*_(+L6nme5mcF&EL9CZoi=s*YvGduKXuT13)Jc&5V`h{c5e@!N-@HKXjXd|t* zX}CBNtBKMEp)Z&89mtUji>;?gaMEfPd|kSKsX6$9_GnFJM@ERb&cL8e6Qcr;3ERoN zMnkUlD~TfL%G(+zP?|;W;?SqXOh>(U#aL?l+d(6$`@guZX#p3zPl64x;gwUb_fk*C z^%<-!ptZ7EQ|iL0!Z~nHffbR8H5{2g57PdUKt8>w6U(i0i6ZFG0|~Rlk}zDQe`^p( z0GA`&`)-?AXVX-giqPD8=uS-nk;;M@531m}!GmGj6Eu6L8(`#8KigR(cg_tW-EN7f z2JE_6+3e;dl%x?bEL>6LkpVcghO(ed=YD5A5uW_hE2Qcc_bWrJ%5JJ$>Z2;pwISKC2z{5!42yV z0eHPx2)39;qBNs?n^nZ^VkhZ$b2{tKVL)s>d9lXU#*1f3`o(h&1yTxWz>0+SgD)ds zh!Cl21ylun6ie)gOY;dP>o*!R2G-H*a<>IKDhJs1mxa5*5lywJex1xOR;Drp+MYME z-Cb?r5_^(rXLjRGgt~bUS$)ZUGD)K5*!#Atkd9x@)SDz6a3oUb$_-LGLO;#1pjkS69-;mQn-Ft0 z)5lb@+caz=e)MWle29rKd}K@8E4s-ZuWmvV2qfQuhGj+~(!W)ZvP*WzL&yi*vlRf~ zJ8}|HMj|7H>Rv1T`U3$2Lo`dm)(N^ymjO;ul5(wruy4~|UhFAJGt*Tu^LHT4b+oHeeqC6YEZ8uU)Er?zhY+iXw6@QTY zt|DS^A~k=3Oo$hyr^Xq4B8hLvyAaxkH=S)GY|>~R_l0K2QY*&kQD?irOwZuNfDxYX zLY4=k_R#e+b7O%Byx{OCxn=d$d@%ujPOf^%DOEWh+uvxgw6qwJEY5)Y zG}AblS~n{!1u6Y;fymVuu5eF*n2COHqY|GE;+HwUKj{&YI58FqOCUiJi$9cVEMzHD z{$IaL2%Elt(}O>BpSsN+Ww`}2rU)st4f%_xI7b`33pV2P66>lWBk2d$V0od;G(xa_ zhfc>0I6+xyVt%Z|F(R(=lY=q5^CK%;_;fD3BgcP!BgQf6ghAKAO{TN8YBk#g7qZ1y zVTfm9vMhvEhv}oh2gWram#itdg$LmK%y#|*-?8T!b2gYN{2@%7 zv*_hKCj&LC8^Kgus!CQT5uh{ExV2!DM4ZITFxTj=mp01L6KSokq*F&D1 zl6z^tK;++04>4DV0nO2|5muntc9)~BA^|&=y@CsB0$na>>v0-&%&(z0HW~GL@4$pk zy+(1t_j+2wc*#C3wmjRqnAJ9%(u<(wqlNj>HaPhLAr!8pVEC1rJUC~0o7dz31T+Ty zmj)b>Y8aJS%mFx9)-tlXIkbRkAEPVM=P4+3S%$X@$#VavQ+=E;XZ|BfXK$5md7&{y znC5Bhd~Xo?glHX2d!5%gc{hZnEf{7>j6J6J`b(A>`*l6o;X>RB(~;v;#tDiQl=PJP znb-H~mvaI!2~oS-%|w#()w#bWLQS5!O%Rw4vyul(B!?8z`2(|dKWBdviG**~vHW&=n}^sd!u6HCb#+%I_jH^dNj zR#g;{tRhVzb2n#kjF5yIHse^sG7G!k*U-Z<0hg`T+T@NIxD%ch<{TzJtp>)afRTd| zgL5EkQuUhBtzYww(LT$SV2)j9-adQ%!rY2mq;l*}Y^Lqvx(ux42TJ9H1I+g(10QdY z3d2#ju3B0-gup(X{sCc18f`Z*vId}gWGom-%4dy#gf6C;InwBUn7GEu-^mIh02?^A zqZt@BXhm#ljg>m)SJoGzJz3A>PtB_r&Oir>$G2um%}wCQA}LhH8+YBY2j=v*w!zp8 z0++LBECPqwv$^KBqispU|30)$mSGeQda-MsFA!4@W-;Uta88egs*DpGpXD%lZ#UqQ zLACa)hxBSryro8ZYe|fRZuiOFF89i?epGu`A18ionjSsH^r^+eHj5XJvUs^%JL#3$ zZDK1bt=bW4$!8abt4y%{%|w~Bhm6qoz7_cC{w#!;picW&27J!kD@OUt@7j2wBS;=@ z^=B47)cUOXpNsul>3|h{mOt*VIy3_8gC!6{o_4mCbO!u@awMI>hNe9WyD3f4Y@ojU ziji*1&Lg)CkR{BJi(MPV$&RJo=Qkf*X+*`p!v!puSO3?vW1*+W2z>x&38Qy@d_n5` z&Y64Dw$thUXT~jIrP_w=o!mFlN5JdoQ{h(V(ru7TteD~vs=iLZU<$H25J}2I)_hYS zs{*O!aOgI7Ea=^ym(z*SA!*LT{JLbvE)VQ@QORQ`<3z`=;GNzWJ3L2O@d(D6%0?G{ z!c9vW+W*}k#I@^mz&X#GKt;GuRSoH26d?3$3)zJ>vZU+ViTFDsM%bS?gctLXgQl`B zI@`IK9Td&X6JYUS1wj-UW|6`$!>E<0F4vC`9m&$`tQaXeR`GlVy(Rs%=Y=ZjjH8bO zZ^_{b*TpNY3`r zJ`ue&BXC2d_H-bXgEkMV?@p}+pkN=ef0o}Dy>S~}uVJ8}PcLsq8#%LQY~B#Yrf-^2 zT}DJbY404KoYha|ym5crHzz!He==pGsgy?#2!1eY-Xi4K7hHJR!orI*SK?rz#%xb^ zGGoQR3eu#V7~lof+)s;IMgQ27c5U!(yCR%=GwvLHE1>K?ZE(dUK@kX?BJX!k6@e1F zTcwE-Z-FGgdG~1gK3j8L$@V($w2mk?1^Uvg>IP>C$`F0M?Bu*!ep1zW)vty@0Ctz$ zIh!pdrl7(cp-Ad5q#-IDDerhE<(4r$|CJ^HnbyYXAkzB180)6|SAkl&>~jc4URYwY zhiO^sU;e!;(xVKH7I=7v5tMFDu8C`Kb)lO*OddYu^KeX0AR<%6{b02^!D^rhTtO8& zeXcX%bXTCLo;PRkRJQcIvyaC&d)8(0>vaRvnmzjl@Lay2*%4}T6RO4B>W9{1li1hZ<*)}e{R{(#%+0l0o++Un%TLy^yW1QL1gozbwp$ z&TF6}!3`2~LO$v`>5B_8Hk=d?qNVElS2SfFo233netnn>^3=n-9DzLG<3NL_=3t($ zw&N9#u=3N3c?;}i0L-a-@QK8`E)BBj>Na6wGJTo4C!jVq!#wFe@mM#)XHN>~fB5OM xBtTRIq)C&0MFcL=OTd_fASEhQ1umjA;evD( z5+D$YB1$hxfB*rJ8bUxiAuz#r%{%YA)~xw3-)7E-JZG((=bXLI-sk^2J9%VfaZP|% zoEHE92wXRT*#H3SFjn6i$i@1U`4Xc90EkOmhZ)*NzNAg)RS`P#IaeRlFl04~|GH~q zez8Z>R@l%%PT-1)|o>lO#fTFKOCpYAWd7!dEA?&doC4 z9cFJn!`0xy>ii$nyB>}NX(s*EC~m z0MXy8qf-T66phx2_bM`1f8Ke^e$D{b_3qY;l`WW9S&Z-#YuFFduD!w&bucj8`lp^h z1WAW(B$1CSvrbVHfCYpwf9Oo8$P|7;#Ampl!X`c)N$^Y!qO|T!$I54iS0y-ui3o_~R>{lLb zfzuXmBK(Eu64nKs)j)k8dD(PB;asjKJy6?OJq6!t2)dynuBBn^`gX6Pc6Rvz+2KUl z4gS9HX-9S{mkEOFqu*=Ly~`u*;iCE49MxUnN+7#-L7PACd^;~0cfGIZ+N@9--AIYY zUs-gGxVd39Dwq>@q9Dhg@BKTJV4WD2`!<2B*g?9|46z)QDOHf%1e(wSve`< zM4_drZ;%f;514$b5Hwl=bPSqzCT1CTAY2m+qE}Tl3BZsvt+nv7CP4IQPA#eTYIa$2 zKP45;=U1fId5mFvIuFJJrwOWw_CfpdopM(qC!2?#I5C129Q^_)j(W1J0PYFqh++k^ z0iCK#%_&qdhG#M_G(*|R@U#Z6)>vLibZK|B-tnm=sI6B}`p42>p2_FXJFf*)t47pR zp1)sFL8N-AcfJ8XsW5sP=se32eMYk%)gSd}A{=pMd{)ql^LZ36eGVbv=|$FC3WzV! zNqzP10j+9jv@9+o2wyy3_PyptF(xohGwP>#`|Ce|k?J5jlV@T^CX&4((x-UTEG+uw zxc>_M%(=pD?M_fx7c*+uq?X`*cLr}6zE*{iS zo1?!bvw2Z6Io)3Y)a146>*Em<%CzHFcmtvj_BQN<(0PoFDY7RD4y=M2>KC?fdaC3sDqtz@}YsFxp=U_va0}L!3hq}%Epx7 zUx8T3i~P+pTUK#h7?T0)%MF`nT-5iQiaeH4CT0X&?&9^DGcL^w%_2SxGUD?RF|YQ& zyzL`nlx_sH?&BEGnCLULjpC=#QvF>x7zH^ue4QNQf(Wsx0p3{ZSdOCm7Rr=jhs%d< zWXu-x@%`rFeWueh<}+M2z4i91uzT$%#rIJC{$hLUl(Q7u=|RzFEl>t|uU=zaHa4Ex zu$kg1(6*tgG+Is|M(_bf$1pq=nRrgq+vMPSmn=^B@7H=*6Eo}UUnMowKL{-8eu!E4 z`yVcGTkZ=A1tm)PcptajT{NSOhOdU7Dtu)iOV5?H(SqGd4=RE^Xe64NVRkT3+q-7K zd_>nuZkMP}l9hyTi>r*{mQbONt0I1-{)5Z>xdX5zqq6u@nCv(yDr!X8JiTZBU^4v2-J{= z)~}iPT4gXMt=vVFfWA&CNxh(?<-S&^rp?`70C7HSy&`mu_FSx_q9pKLrIX&WR}F?{*ubyU77n4i^dXslxiiULQFX>E@Jx0*~9_EKZ z-saTG!yGPWyC3-Bm-=xGDWrsfI2W(oY6ggB=R` zgJ3mJ=-##7PC838|9yPl7jb_%^N`>D?6!wY!#LI>xc>aLsE=*%{K8lpaksig6j~`n zM&fr}W7<|t3GnuhjLF$x?!G@AsV%|Ck8gjE%&dRQ)QR{qZk2V4r3YA_0HQLe=|$BJ zS|f0?(~A*;KQ^y%lY_sHUx1^a%63l4M8tp~24l6atVHE(3K=E3IDFn6ig<8$L7vU} zQBmlt_Fw!XeSmJnxYgftUr9rE?-^kfEcH#^OsVLqW}P|0W99`i6b1nb5ij#IKbn2} zwX_(!P!kS)u#dCaxCuN1fe<#1*4g+jcJwXFG~EB#S*T^sxVKcH4|i^ez# zm)w1SwFok;>Hutwr!w|89jZ;`MsDnSze{P%V9mO4@d9YTj}eRRZqVX2GX1=sf)lhS zhuH)Z(K2jLd&Cn8_Et%PUv6_-Jb17ja%6{eI}}z$8vtx%L(F+u2!8eL^N>^_Xe51x zouR`~;B9jH1N6vn%hscD|1GE_H9JqsQR3`*$F#BAB+?|;(_g&x#a(y)$Y2Ac?ubVW zRTOy2l`6ptBR(A|(u*8!8~e6^%lj`NgI9*9l^%UN8$aI=RE`N}FHD*m zQS38m@;|P}k;CUFoG2j&QJb5(r64O)7-Pdb9R*p=X!X5i`hm}32X!Hp<&WF3qkX^j z0krBNQ<{4ALTsw`OYViVwAJrFHtwOK)5J%2>&eg%myQu|s4d{#onx{pfV^%`;Nmcg z6&DMC>U9m_6Dv29IOY5+4L$EU%f0q^E%2DPq?4Zz3SyB)Yi#P>XXc=h4z>4Z;lNHE>(M_!31NXfOv~Wb{H(7oT+$ktQ+hLT%GIegR~H33l(AjR7%~s_m8JjZ`QQQzOJ?KTnd*6pe_I9REu6(m#QX+0Z3u)~MLMjR%#64$o?V zE|MJ5^?b{vVJ4?g+1K5R1*`M2D;pZn01>}!%62%YO7>g%@!zAJl_VHgX z+0}J}9=pg~<^lZpH^TH~KKJtDK0Cs$?fMi?tKV(u*N_%~ z^~}fPinIM>5j?>AGu75BQLG|0j3~ zj?U8hU32qky<*%6w(RxryT5c8uU&ybrsoEHN_FMl>rsEW1UxU$8A6dT_>{4h13mIw zsM$BZq&ov-L}}W}zi(_Q<0M7sdQluy1P%LvXRU)>m^sRNKQ6f`@yCD1=0Cb*XOb!S z+;te8aJ9`@e%`EBQSvy+jKC&ORb#%^hXSq9-sdP)WDKz7ll5vQ4qgqxB@XZD9t14$ znmr^J$iHkCy~3H-`PP+A&zMo-Avop|y>0IRlVXx84gcO9%MVZDEYQ^KUzyvt$or+u zbTuKxN2!=2TMT~X-`%?1p{+Mq>tw`L%QIbXyrZbf}diBiQ|I^pHp}$fk}81y5-~HT&i*9hhFhv`yJ(i zNH|{7{d(luiR6J)(+^L+50?+pT<7+NFN$JILynUaOx}Rb=#=h9e}?Dx!n4+2Q&RRT#%zfv(B@{d&hIJ4LB&Sixl$ax+Y#?R32_0jai7nVBMVmT>xLK?O0zpx|0mR zJANs^zv`csrP7CM9!GUk0X>=ZZZ?o29go@zR&j-u9z}p2dGeSL2nlh+JcNO`%Zv8{e=tN zA`IZ;+A2A-UlK*`vi0_Rr9WY#u{zs@`0^5=6Q2E&ZKmsNTexfB01gs2S)-_oI+0X4maAeD}6 z$b>$>YVaJSK72d4QBXP}=W3)vC7RG6?egO~Kgr3_Z_yPg=0aReGS%IXIArKqr)X54K*4r z&p(Bh0tjA!zVK8#n8b z1ticmx4vO)rEz6I!>QK4{K)lHj1{e5>ie++S@qSYk^rkYGweFxly;ALz~evjCK+3X z+qi9#!{N+m0H+^+c{oV*CE?i|c`U@8A?`+TycM5;c>A?9y#8gN5deBmbrV%O)T0qi zb@Z9psA<}w8;2X%t}r&)+glR|U4f=3r;fW(P6;^aE#H`y?P;eZ86vK%BY7g9Mx$g# zoiIX30H9gzRuOj1#nk-)%Gni0;&4OY*pFdr?2Gv`^K;tE%Y2nxhs~7aO{6Qcbp!dT z+(FeqfExEfM;wgYIn{!Wx&9@ZEbx8$s~sE zIWxBUK0;w?^oaO{t(z|t-HpFxh6?w0>Og{{pNeLprm90c+CqK)I)N<}HhrOM{`}UX zuGuqGrmsipCqeVSEF9erLuW5UM?CBL^inroF;2_+vWc#;a?I6^5FVIK{m4D|YI-b) zjWfD*#0YrIi>;ib#Nu!`0HA&L%P!I&g5XMpp&goy$)PGdu^`9gCk?#~T@x$%DG8oT z6uq%`k~z}9Nj(2>?Yh_U1f|ETYj0PP0xg|FH9ZWMsn*K{y-Py)>-mt7-q{PQxBQ#+ zulDyYzAKn%liLWBim9pDChG@-!vYvB2MZKSamMARVC=k?{QSIX=3^7t z`)XN!!*q`<=S^AX@L|`LY{L*cnbFF(SR-v4kEj&@VapQ{?n=+r5Cf~t>>Lo?ak>fp zbD=k>dEGG$Gywi#EkkQy{`WBhD`<{;v!-bKg;>HDD-l11;$7Fw%7#TU_XOFX2BHgw z)NJ3RgwLhmy~1!uVNfx1M>MD24?fJs{d zbv!U`dKPBE3Cx@gK((c}e&bpTNGT|+dk?OXxh+WD=dN(k?qL)kzLU5kfhRs+In8eEfE0kBq?S>RGE2Vh#?)-v z49pfPKP=MWAUiG$*R+xqQ%NB#J!lkkmRHcK*bb{WO|D^2BT9mgg9%Ks9!~AahZCK( z>eI}m-=z6qODjxcX2^Fx<##6@6${N@ruy9Lqy6M&5Z4i7%+`-k4v!ge4#Vh{oA+B;UARXPG?sf9#l_ZzCbPNgu&$g^o;(p3ZB|8uXYpmndzY;Yx#yA!$l z^-X7{)!oo2b~zOZ_K(TT$Xi1#j2F2+6XSUhPL}iBNpuBGHr?>!97anlA^3OYdD@a@D+qBb4UsszlYawZsR~W&RRqwNk6&wh`k3MOZ?Vc zZyXkENZX%x=dLXqXOE>EmpsYd@h9nB$95OHXKWg(-T-Z(8 z_6K1y;^m=%;8CvnVt^wI@s$Q-TkkV5iy6Meo=4Nn!33OYjLgTgYkJ&q#o51!Id;UI zRJKkI`)o|5A}Y1-P1URFlj6elm$NU~Rf`V44I0lAaf@dY0!YG@wCBQZa#FcAFOmVN z^o)K}Bj6*uNon;vWT2BoPJ<9Fcaf5WQfY`52_K-SmC??|+fquLb>AVuiItmhMT|o%$=!b#TQjHJ4 zEq49rsxG5lq$2jpTc7LRGd+pR+4afr8|1eRl-j7xpQh2snTwqmiQHlLS!WX(p34e9 zpK_oz@EcZrTuslW4Yn9df~z%G(WwU4%qb+y)9PgQj^L>}>5S}~r?NX1`y-fGq|Z&p zTE5o?xXiUnnxdAHBox0lJ4Y0UM0EU$3SFldGLFyW_9^N+jGqcs2Mt`ZZn?SVdiWvQ ztyPKMabP&;pz}%49{zC9q4M_^1)ZKFvq%M`JaMhV9Y$Z(=?D%6{^3Bv+0BtZCGiu- z))`iNe?oe9A7QYl$kDUW7rDAzN#$%z1vfOrVEc~StRKfE{5=#?_w}2M%5TR+ynMS$y9EMS#J9x?v`E+4_N literal 0 HcmV?d00001 diff --git a/2.5/de/assets/javascripts/client.js b/2.5/de/assets/javascripts/client.js new file mode 100644 index 000000000..e8fdf1cf4 --- /dev/null +++ b/2.5/de/assets/javascripts/client.js @@ -0,0 +1,112 @@ +if (window.location.href.indexOf('/client/') >= 0) { + window.window.addEventListener('load', function () { + function setCookie(name, value) { + sessionStorage.setItem(name, value); + } + + function getParameterByName(name) { + var match = RegExp('[?#&]' + name + '=([^&]*)').exec(window.location.hash); + return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); + } + + /* Store URL variables in cookies */ + if (getParameterByName('host')) { + setCookie("host", getParameterByName('host')); + } + if (getParameterByName('email')) { + var email = getParameterByName('email'); + setCookie("email", email); + setCookie("domain", email.substring(email.indexOf('@') + 1)); + } + if (getParameterByName('name')) { + setCookie("name", getParameterByName('name')); + } + if (getParameterByName('ui')) { + setCookie("ui", getParameterByName('ui')); + } + if (getParameterByName('port')) { + setCookie("port", getParameterByName('port')); + } + if (getParameterByName('connector')) { + setCookie("connector", getParameterByName('connector')); + } + if (getParameterByName('outlookEAS')) { + setCookie("outlookEAS", getParameterByName('outlookEAS')); + } + }); +} + +if (window.location.href.indexOf('/client') >= 0) { + window.window.addEventListener('load', function () { + function getCookie(cn) { + return sessionStorage.getItem(cn); + } + + /* Hide variable fields if no values are available */ + if (!getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_available'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_unavailable'), function(el) { + el.style.display = 'none'; + }); + } + + /* Hide the TOC, which might contain hidden content */ + Array.prototype.forEach.call(document.getElementsByClassName('md-sidebar--secondary'), function(el) { + el.style.display = 'none'; + }); + + /* Substitute variables */ + Array.prototype.forEach.call(document.getElementsByClassName('client_var_host'), function(el) { + el.innerText = getCookie('host'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_link'), function(el) { + if (!getCookie('ui') && !getCookie('host')) { + el.href = '#'; + } else { + var ui_domain = getCookie('ui') ? getCookie('ui') : getCookie('host'); + if (getCookie('port') != '443') { + el.href = 'https://' + ui_domain + ':' + getCookie('port') + '/' + el.getAttribute("href"); + } else { + el.href = 'https://' + ui_domain + '/' + el.getAttribute("href"); + } + } + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_email'), function(el) { + el.innerText = getCookie('email'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_name'), function(el) { + el.innerText = getCookie('name'); + }); + if (getCookie('port') != '443') { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_port'), function(el) { + el.innerText = ':' + getCookie('port'); + }); + } + + /* Hide those sections that are not applicable because useOutlookForEAS is disabled or SOGo Connector is not available */ + if (getCookie('connector')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_connector_link'), function(el) { + el.href = el.href.replace('__DOMAIN__', getCookie('domain')).replace('__VERSION__', getCookie('connector')); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_disabled'), function(el) { + el.style.display = 'none'; + }); + } else if (getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_enabled'), function(el) { + el.style.display = 'none'; + }); + } + if (getCookie('outlookEAS') || !getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_disabled'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_enabled'), function(el) { + el.style.display = 'none'; + }); + } + }); +} \ No newline at end of file diff --git a/2.5/de/assets/stylesheets/extra.css b/2.5/de/assets/stylesheets/extra.css new file mode 100644 index 000000000..cf96f95f3 --- /dev/null +++ b/2.5/de/assets/stylesheets/extra.css @@ -0,0 +1,67 @@ +/* source-code-pro-regular - latin */ +@font-face { + font-family: 'Source Code Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-code-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-code-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-code-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-code-pro-v21-latin-regular.svg#SourceCodePro') format('svg'); /* Legacy iOS */ +} + +/* source-sans-pro-regular - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} +/* source-sans-pro-700 - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 700; + src: url('../fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} + +.md-nav { + font-size: 14px; + line-height: 1.4; +} +.md-typeset { + font-size: 14px; + line-height: 1.5; +} + +code { + display: inline-block; + white-space: pre-wrap; +} + +:root { + --md-text-font: "Source Sans Pro"; + } + + :root { + --md-code-font: "Source Code Pro"; + } + +[data-md-color-scheme="slate"] { + + --md-typeset-a-color: #6390e5; +} \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-accidental_deletion/index.html b/2.5/de/backup_restore/b_n_r-accidental_deletion/index.html new file mode 100644 index 000000000..a2902c229 --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-accidental_deletion/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Versehentlich gelöschte Daten wiederherstellen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Versehentlich gelöschte Daten wiederherstellen

    + +

    Sie haben also ein Postfach gelöscht und haben keine Sicherungskopien?

    +

    Wenn Sie Ihren Fehler innerhalb von ein paar Stunden bemerken, können Sie die Daten des Benutzers wahrscheinlich wiederherstellen.

    +

    SOGo

    +

    Wir erstellen automatisch tägliche Backups (24 Stunden Intervall ab dem Hochfahren -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/.

    +

    Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrem Mailcow-Backend existiert. Legen Sie diesen neu an, falls nicht mehr existent.

    +

    Kopieren Sie die Datei mit dem Namen des Benutzers, den Sie wiederherstellen wollen, nach __MAILCOW_DIRECTORY__/data/conf/sogo.

    +

    1. Kopieren Sie die Sicherung: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo

    +

    2. Starten Sie docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org.

    +

    Führen Sie sogo-tool ohne Parameter aus, um nach möglichen Wiederherstellungsoptionen zu suchen.

    +

    3. Löschen Sie die kopierte Sicherung, indem Sie rm __MAILCOW_DIRECTORY__/data/conf/sogo ausführen

    +

    4. Starten Sie SOGo und Memcached neu: docker compose restart sogo-mailcow memcached-mailcow

    +

    Mail

    +

    Im Falle einer versehentlichen Löschung einer Mailbox, können Sie diese (standardmäßig) 5 Tage lang wiederherstellen. Dies hängt von dem MAILDIR_GC_TIME Parameter in mailcow.conf ab.

    +

    Eine gelöschte Mailbox wird in ihrer verschlüsselten Form nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage kopiert.

    +

    Der Ordner innerhalb von _garbage folgt der Struktur [timestamp]_[domain_sanitized][user_sanitized], zum Beispiel 1629109708_exampleorgtest im Falle von test@example.org, das am 1629109708 gelöscht wurde.

    +

    Um die Mailbox wiederherzustellen, stellen Sie sicher, dass Sie tatsächlich auf die gleiche Mailcow wiederherstellen, von der sie gelöscht wurde, oder Sie die gleichen Verschlüsselungsschlüssel in crypt-vol-1 verwenden.

    +

    Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrer Mailcow existiert. Legen Sie diesen neu an, wenn der Benutzer fehlt.

    +

    Kopieren Sie die Ordner von /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] zurück nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] und synchronisieren Sie die Ordner neu und berechnen Sie die Quota (Speicherplatz) neu:

    +
    docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
    +docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-backup/index.html b/2.5/de/backup_restore/b_n_r-backup/index.html new file mode 100644 index 000000000..f98155289 --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-backup/index.html @@ -0,0 +1,2773 @@ + + + + + + + + + + + + + + + + + + Sicherung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sicherung

    +

    Anleitung

    +

    Sie können das mitgelieferte Skript helper-scripts/backup_and_restore.sh verwenden, um mailcow automatisch zu sichern.

    +

    Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

    +

    Um ein Backup zu starten, geben Sie "backup" als ersten Parameter an und entweder eine oder mehrere zu sichernde Komponenten als folgende Parameter. +Sie können auch "all" als zweiten Parameter verwenden, um alle Komponenten zu sichern. Fügen Sie --delete-days n an, um Sicherungen zu löschen, die älter als n Tage sind.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
    +
    +# Alles sichern, Sicherungen älter als 3 Tage löschen
    +./helper-scripts/backup_and_restore.sh backup all --delete-days 3
    +
    +# vmail-, crypt- und mysql-Daten sichern, Sicherungen löschen, die älter als 30 Tage sind
    +./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
    +
    +# vmail sichern
    +./helper-scripts/backup_and_restore.sh backup vmail
    +
    +

    Variablen für Backup/Restore Skript

    +
    Multithreading
    +

    Seit dem 2022-10 Update ist es möglich das Skript mit Multithreading Support laufen zu lassen. Dies lässt sich sowohl für Backups aber auch für Restores nutzen.

    +

    Um das Backup/den Restore mit Multithreading zu starten muss THREADS als Umgebungsvariable vor dem Befehl zum starten hinzugefügt werden.

    +

    THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +Die Anzahl hinter dem = Zeichen gibt dabei dann die Thread Anzahl an. Nehmen Sie bitte immer ihre Kernanzahl -2 um mailcow selber noch genug CPU Leistung zu lassen.

    +
    Backup Pfad
    +

    Das Skript wird Sie nach einem Speicherort für die Sicherung fragen. Innerhalb dieses Speicherortes wird es Ordner im Format "mailcow_DATE" erstellen. +Sie sollten diese Ordner nicht umbenennen, um den Wiederherstellungsprozess nicht zu stören.

    +

    Um ein Backup unbeaufsichtigt durchzuführen, definieren Sie MAILCOW_BACKUP_LOCATION als Umgebungsvariable, bevor Sie das Skript starten:

    +
    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +
    +

    Tipp

    Beide oben genannten Variablen können auch kombiniert werden! Bsp: +

    MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +

    +

    +
    +

    Cronjob

    +

    Sie können das Backup-Skript regelmäßig über einen Cronjob laufen lassen. Stellen Sie sicher, dass BACKUP_LOCATION existiert:

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +
    +

    Standardmäßig sendet Cron das komplette Ergebnis jeder Backup-Operation per E-Mail. Wenn Sie möchten, dass cron nur im Fehlerfall (Exit-Code ungleich Null) eine E-Mail sendet, können Sie den folgenden Ausschnitt verwenden. Die Pfade müssen entsprechend Ihrer Einrichtung angepasst werden (dieses Skript ist ein Beitrag eines Benutzers).

    +

    Das folgende Skript kann in /etc/cron.daily/mailcow-backup platziert werden - vergessen Sie nicht, es mit chmod +x als ausführbar zu markieren:

    +
    #!/bin/sh
    +
    +# Backup mailcow data
    +# https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/
    +
    +set -e
    +
    +OUT="$(mktemp)"
    +export MAILCOW_BACKUP_LOCATION="/opt/backup"
    +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
    +PARAMETERS="backup all"
    +OPTIONS="--delete-days 30"
    +
    +# run command
    +set +e
    +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
    +RESULT=$?
    +
    +if [ $RESULT -ne 0 ]
    +    then
    +            echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:"
    +            echo "RESULT=$RESULT"
    +            echo "STDOUT / STDERR:"
    +            cat "$OUT"
    +fi
    +
    +

    Backup-Strategie mit rsync und mailcow Backup-Skript

    +

    Erstellen Sie das Zielverzeichnis für mailcows Hilfsskript: +

    mkdir -p /external_share/backups/backup_script
    +

    +

    Cronjobs erstellen: +

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
    +40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
    +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +# Wenn Sie wollen, benutzen Sie das Werkzeug acl, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path
    +

    +

    Am Zielort (in diesem Fall /external_share/backups) möchten Sie vielleicht Snapshot-Möglichkeiten haben (ZFS, Btrfs usw.). Machen Sie täglich einen Snapshot und bewahren Sie ihn für n Tage auf, um ein konsistentes Backup zu erhalten. +Führen Sie kein rsync auf eine Samba-Freigabe durch, Sie müssen die richtigen Berechtigungen behalten!

    +

    Zum Wiederherstellen müssen Sie rsync einfach in umgekehrter Richtung ausführen und Docker neu starten, um die Volumes erneut zu lesen. Führen Sie docker compose pull und docker compose up -d aus.

    +

    Wenn Sie Glück haben, können Redis und MariaDB die inkonsistenten Datenbanken automatisch reparieren (wenn sie inkonsistent sind). +Im Falle einer beschädigten Datenbank müssen Sie das Hilfsskript verwenden, um die inkonsistenten Elemente wiederherzustellen. Wenn die Wiederherstellung fehlschlägt, versuchen Sie, die Sicherungen zu extrahieren und die Dateien manuell zurück zu kopieren. Behalten Sie die Dateiberechtigungen bei!

    + +
    +
    + + + Letztes Update: + 2022-10-25 14:46:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-backup_restore-maildir/index.html b/2.5/de/backup_restore/b_n_r-backup_restore-maildir/index.html new file mode 100644 index 000000000..0773cd8a9 --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -0,0 +1,2606 @@ + + + + + + + + + + + + + + + + + + Mail-Verzeichnis - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mail-Verzeichnis

    + +

    Sicherung

    +

    Diese Zeile sichert das vmail-Verzeichnis in eine Datei backup_vmail.tar.gz im mailcow-Root-Verzeichnis: +

    cd /pfad/zu/mailcow-dockerized
    +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
    +

    +

    Sie können den Pfad ändern, indem Sie ${PWD} (das dem aktuellen Verzeichnis entspricht) zu einem beliebigen Pfad ändern, auf den Sie Schreibzugriff haben. +Setzen Sie den Dateinamen backup_vmail.tar.gz auf einen beliebigen Namen, aber lassen Sie den Pfad so wie er ist. Beispiel: [...] tar cvfz /backup/mein_eigener_dateiname_.tar.gz

    +

    Wiederherstellen

    +
    cd /pfad/zu/mailcow-dockerized
    +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-backup_restore-mysql/index.html b/2.5/de/backup_restore/b_n_r-backup_restore-mysql/index.html new file mode 100644 index 000000000..6aa56a87a --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -0,0 +1,2610 @@ + + + + + + + + + + + + + + + + + + MySQL (mysqldump) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    MySQL (mysqldump)

    + +

    Sicherung

    +
    cd /pfad/zu/mailcow-dockerized
    +source mailcow.conf
    +DATE=$(date +"%Y%m%d_%H%M%S")
    +docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
    +
    +

    Wiederherstellen

    +
    +

    Warning

    +

    Sie sollten den SQL-Dump ohne docker compose umleiten, um Parsing-Fehler zu vermeiden.

    +
    +
    cd /pfad/zu/mailcow-dockerized
    +source mailcow.conf
    +docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-coldstandby/index.html b/2.5/de/backup_restore/b_n_r-coldstandby/index.html new file mode 100644 index 000000000..492272062 --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-coldstandby/index.html @@ -0,0 +1,2677 @@ + + + + + + + + + + + + + + + + + + Cold-standby (rollende Sicherung) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Cold-standby-Backup

    +

    mailcow bietet eine einfache Möglichkeit, eine konsistente Kopie von sich selbst zu erstellen, die per rsync an einen entfernten Ort ohne Ausfallzeit übertragen werden kann.

    +

    Dies kann auch verwendet werden, um Ihre mailcow auf einen neuen Server zu übertragen.

    +

    Das sollten Sie wissen

    +

    Das bereitgestellte Skript funktioniert auf Standardinstallationen.

    +

    Es kann versagen, wenn Sie nicht unterstützte Volume Overrides verwenden. Wir unterstützen das nicht und wir werden keine Hacks einbauen, die das unterstützen. Bitte erstellen und pflegen Sie einen Fork, wenn Sie Ihre Änderungen beibehalten wollen.

    +

    Das Skript wird die gleichen Pfade wie Ihre Standard-Mailcow-Installation verwenden. Das ist das mailcow-Basisverzeichnis - für die meisten Nutzer /opt/mailcow-dockerized - sowie die Mountpoints.

    +

    Um die Pfade Ihrer Quellvolumes zu finden, verwenden wir docker inspect und lesen das Zielverzeichnis jedes Volumes, das mit Ihrem mailcow compose Projekt verbunden ist. Das bedeutet, dass wir auch Volumes übertragen, die Sie in einer Override-Datei hinzugefügt haben. Lokale Bind-Mounts können funktionieren, müssen aber nicht.

    +

    Das Skript verwendet rsync mit dem --delete Flag. Das Ziel wird eine exakte Kopie der Quelle sein.

    +

    mariabackup wird verwendet, um eine konsistente Kopie des SQL-Datenverzeichnisses zu erstellen.

    +

    Nach dem Rsync der Daten führen wir docker compose pull aus und entfernen alte Image-Tags aus dem Ziel.

    +

    Ihre Quelle wird zu keinem Zeitpunkt verändert.

    +

    Sie sollten sicherstellen, dass Sie die gleiche /etc/docker/daemon.json auf dem entfernten Ziel verwenden.

    +

    Sie sollten keine Festplatten-Snapshots (z. B. über ZFS, LVM usw.) auf dem Ziel ausführen, während dieses Skript ausgeführt wird.

    +

    Die Versionierung ist nicht Teil dieses Skripts, wir verlassen uns auf das Ziel (Snapshots oder Backups). Sie können dafür auch jedes andere Tool verwenden.

    +

    Vorbereiten

    +

    Sie benötigen ein SSH-fähiges Ziel und eine Schlüsseldatei, um sich mit diesem Ziel zu verbinden. Der Schlüssel sollte nicht durch ein Passwort geschützt sein, damit das Skript unbeaufsichtigt arbeiten kann.

    +

    In Ihrem mailcow-Basisverzeichnis, z.B. /opt/mailcow-dockerized, finden Sie eine Datei create_cold_standby.sh.

    +

    Bearbeiten Sie diese Datei und ändern Sie die exportierten Variablen:

    +
    export REMOTE_SSH_KEY=/pfad/zum/keyfile
    +export REMOTE_SSH_PORT=22
    +export REMOTE_SSH_HOST=mailcow-backup.host.name
    +
    +

    Der Schlüssel muss im Besitz von root sein und darf nur von diesem gelesen werden können.

    +

    Sowohl die Quelle als auch das Ziel benötigen rsync >= v3.1.0. +Das Ziel muss über Docker und docker compose v2 verfügen.

    +

    Das Skript wird Fehler automatisch erkennen und sich beenden.

    +

    Sie können die Verbindung testen, indem Sie ssh mailcow-backup.host.name -p22 -i /path/to/keyfile ausführen.

    +

    Backup und Aktualisierung des Cold-Standby

    +

    Starten Sie das erste Backup, dies kann je nach Verbindung eine Weile dauern:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    Das war einfach, nicht wahr?

    +

    Das Aktualisieren des Cold-Standby ist genauso einfach:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    Es ist derselbe Befehl.

    +

    Automatisierte Backups mit cron

    +

    Stellen Sie zunächst sicher, dass der cron Dienst aktiviert ist und läuft:

    +
    systemctl enable cron.service && systemctl start cron.service
    +
    +

    Um die Backups auf dem Cold-Standby-Server zu automatisieren, können Sie einen Cron-Job verwenden. Um die Cron-Jobs für den Root-Benutzer zu bearbeiten, führen Sie aus:

    +
    crontab -e
    +
    +

    Fügen Sie die folgenden Zeilen hinzu, um den Cold-Standby-Server täglich um 03:00 Uhr zu synchronisieren. In diesem Beispiel werden Fehler der letzten Ausführung in einer Datei protokolliert.

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +
    +0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
    +
    +

    Wenn korrekt gespeichert, sollte der Cron-Job durch folgende Eingabe angezeigt werden:

    +
    crontab -l
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/backup_restore/b_n_r-restore/index.html b/2.5/de/backup_restore/b_n_r-restore/index.html new file mode 100644 index 000000000..be9c08fc3 --- /dev/null +++ b/2.5/de/backup_restore/b_n_r-restore/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Wiederherstellung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Wiederherstellung

    + +

    Wiederherstellung

    +

    Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

    +

    Um eine Wiederherstellung durchzuführen, starten Sie mailcow, verwenden Sie das Skript mit "restore" als ersten Parameter.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh restore
    +
    +

    Das Skript wird Sie nach einem Speicherort für die Sicherung der mailcow_DATE-Ordner fragen.

    + +
    +
    + + + Letztes Update: + 2022-01-30 16:17:22 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-android/index.html b/2.5/de/client/client-android/index.html new file mode 100644 index 000000000..7acd8e81b --- /dev/null +++ b/2.5/de/client/client-android/index.html @@ -0,0 +1,2537 @@ + + + + + + + + + + + + + + + + + + Android - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Android

    + +
      +
    1. Öffnen Sie die App Email.
    2. +
    3. Wenn dies Ihr erstes E-Mail-Konto ist, tippen Sie auf Konto hinzufügen; wenn nicht, tippen Sie auf Mehr und Einstellungen und dann Konto hinzufügen.
    4. +
    5. Wählen Sie Microsoft Exchange ActiveSync.
    6. +
    7. Geben Sie Ihre E-Mail Adresse () und Ihr Passwort ein.
    8. +
    9. Tippen Sie auf Anmelden.
    10. +
    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-apple/index.html b/2.5/de/client/client-apple/index.html new file mode 100644 index 000000000..e333f10f0 --- /dev/null +++ b/2.5/de/client/client-apple/index.html @@ -0,0 +1,2645 @@ + + + + + + + + + + + + + + + + + + Apple macOS / iOS - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Apple macOS / iOS

    + +

    Methode 1 über Mobileconfig

    +

    E-Mail, Kontakte und Kalender können auf Apple-Geräten automatisch konfiguriert werden, indem ein Profil installiert wird. Um ein Profil herunterzuladen, müssen Sie sich zuerst in der mailcow UI anmelden.

    +

    Methode 1.1: IMAP, SMTP und Cal/CardDAV

    +

    Diese Methode konfiguriert IMAP, CardDAV und CalDAV.

    +
      +
    1. Downloaden und öffnen die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.phpmailcow.mobileconfig.
    2. +
    3. Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein.
    4. +
    5. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden.
    6. +
    +

    Methode 1.2: IMAP, SMTP (kein DAV)

    +

    Diese Methode konfiguriert nur IMAP und SMTP.

    +
      +
    1. Downloaden und öffnen Sie die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_emailmailcow.mobileconfig.
    2. +
    3. Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein.
    4. +
    5. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden.
    6. +
    +

    Methode 2 (Exchange ActiveSync-Emulation)

    +

    Unter iOS wird auch Exchange ActiveSync als Alternative zum obigen Verfahren unterstützt. Es hat den Vorteil, dass es Push-E-Mail unterstützt (d. h. Sie werden sofort über eingehende Nachrichten benachrichtigt), hat aber einige Einschränkungen, z. B. unterstützt es nicht mehr als drei E-Mail-Adressen pro Kontakt in Ihrem Adressbuch. Befolgen Sie die folgenden Schritte, wenn Sie stattdessen Exchange verwenden möchten.

    +
      +
    1. Öffnen Sie die App Einstellungen, tippen Sie auf Mail, tippen Sie auf Konten, tippen Sie auf Konto hinzufügen, wählen Sie Exchange.
    2. +
    3. Geben Sie Ihre E-Mail Adresse () ein und tippen Sie auf Weiter.
    4. +
    5. Geben Sie Ihr Passwort ein und tippen Sie erneut auf Weiter.
    6. +
    7. Tippen Sie abschließend auf Speichern.
    8. +
    + +
    +
    + + + Letztes Update: + 2022-02-04 11:16:21 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-emclient/index.html b/2.5/de/client/client-emclient/index.html new file mode 100644 index 000000000..6c10d484c --- /dev/null +++ b/2.5/de/client/client-emclient/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + eM Client - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    eM Client

    + +
      +
    1. Starten Sie eM Client.
    2. +
    3. Wenn Sie eM Client zum ersten Mal starten, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort.
    4. +
    5. Gehen Sie oben auf Menü, wählen Sie Tools und Konten.
    6. +
    7. Geben Sie Ihre E-Mail Adresse ein () und klicken Sie auf Jetzt starten.
    8. +
    9. Geben Sie Ihr Passwort ein und klicken Sie auf Weiter.
    10. +
    11. Geben Sie Ihren Namen ein () und klicken Sie auf Weiter.
    12. +
    13. Klicken Sie auf Fertigstellen.
    14. +
    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-kontact/index.html b/2.5/de/client/client-kontact/index.html new file mode 100644 index 000000000..b008c5c44 --- /dev/null +++ b/2.5/de/client/client-kontact/index.html @@ -0,0 +1,2547 @@ + + + + + + + + + + + + + + + + + + KDE Kontact - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    KDE Kontact

    + +
      +
    1. Starten Sie Kontact.
    2. +
    3. Wenn Sie Kontact oder KMail zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort.
    4. +
    5. Gehen Sie zu Mail in der Seitenleiste. Gehen Sie zum Menü Tools und wählen Sie Account Wizard.
    6. +
    7. Geben Sie Ihren Namen (), E-Mail Adresse () und Ihr Passwort ein. Klicken Sie auf Weiter.
    8. +
    9. Klicken Sie auf Konto erstellen. Wenn Sie dazu aufgefordert werden, geben Sie Ihr Passwort erneut ein und klicken Sie auf OK.
    10. +
    11. Schließen Sie das Fenster, indem Sie auf Beenden klicken.
    12. +
    13. Gehen Sie zu Kalender in der Seitenleiste.
    14. +
    15. Gehen Sie zum Menü Einstellungen und wählen Sie Konfigurieren Sie KOrganizer.
    16. +
    17. Gehen Sie zur Registerkarte Kalender und klicken Sie auf die Schaltfläche Hinzufügen.
    18. +
    19. Wählen Sie DAV-Groupware-Ressource und klicken Sie auf OK.
    20. +
    21. Geben Sie Ihre E-Mail Adresse () und Ihr Passwort ein. Klicken Sie auf Weiter.
    22. +
    23. Wählen Sie ScalableOGo aus dem Dropdown-Menü und klicken Sie auf Weiter.
    24. +
    25. Geben Sie den mailcow Hostname in das Feld Host ein und klicken Sie auf Weiter.
    26. +
    27. Klicken Sie auf Verbindung testen und dann auf Fertigstellen. Klicken Sie abschließend zweimal auf OK.
    28. +
    +

    Sobald Sie Kontact eingerichtet haben, können Sie KMail, KOrganizer und KAddressBook auch einzeln verwenden.

    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-manual/index.html b/2.5/de/client/client-manual/index.html new file mode 100644 index 000000000..0c4ff5e02 --- /dev/null +++ b/2.5/de/client/client-manual/index.html @@ -0,0 +1,2651 @@ + + + + + + + + + + + + + + + + + + Manuelle Konfiguration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manuelle Konfiguration

    + +

    Diese Anweisungen gelten nur für unveränderte Portbindungen!

    +

    E-Mail

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DienstVerschlüsselungHostPort
    IMAPSTARTTLS mailcow hostname143
    IMAPSSSL mailcow hostname993
    POP3STARTTLS mailcow hostname110
    POP3SSSL mailcow hostname995
    SMTPSTARTTLS mailcow hostname587
    SMTPSSSL mailcow hostname465
    +

    Bitte verwenden Sie "plain" als Authentifizierungsmechanismus. Entgegen der Annahme werden keine Passwörter im Klartext übertragen, da ohne TLS keine Authentifizierung stattfinden darf.

    +

    Kontakte und Kalender

    +

    SOGos Standard-URLs für Kalender (CalDAV) und Kontakte (CardDAV):

    +
      +
    1. CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/
    2. +
    3. CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/
    4. +
    +

    Einige Anwendungen verlangen möglicherweise die Verwendung von https://mail.example.com/SOGo/dav/ oder den vollständigen Pfad zu Ihrem Kalender, der in SOGo gefunden und kopiert werden kann.

    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-outlook/index.html b/2.5/de/client/client-outlook/index.html new file mode 100644 index 000000000..bd57c3d1d --- /dev/null +++ b/2.5/de/client/client-outlook/index.html @@ -0,0 +1,2660 @@ + + + + + + + + + + + + + + + + + + Microsoft Outlook - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Microsoft Outlook

    + +
    +

    Outlook 2016 oder höher von Office 365 unter Windows

    +
    +

    Dies gilt nur, wenn Ihr Serveradministrator EAS für Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung für Outlook 2007.

    +
    +

    Outlook 2016 hat ein Problem mit der automatischen Erkennung. Nur Outlook von Office 365 ist betroffen. Wenn Sie Outlook aus einer anderen Quelle installiert haben, folgen Sie bitte der Anleitung für Outlook 2013 oder höher.

    +

    Für EAS müssen Sie den alten Assistenten verwenden, indem Sie C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE starten. Wenn diese Anwendung geöffnet wird, können Sie mit Schritt 4 der Anleitung für Outlook 2013 unten fortfahren.

    +

    Wenn die Anwendung nicht geöffnet wird, können Sie den Assistenten zum Erstellen eines neuen Kontos vollständig deaktivieren und die nachstehende Anleitung für Outlook 2013 befolgen.

    +

    Outlook 2007 oder höher auf Windows (Kalender/Kontakte via CalDav Synchronizer)

    +
    +
      +
    1. Downloaden und installieren Sie Outlook CalDav Synchronizer.
    2. +
    3. Starten Sie Outlook.
    4. +
    5. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 5 fort.
    6. +
    7. Gehen Sie zum Menü Datei und klicken Sie auf Konto hinzufügen.
    8. +
    9. Geben Sie Ihren Namen (), Ihre E-Mail Adresse () und Ihr Passwort ein. Klicken Sie auf Weiter.
    10. +
    11. Klicken Sie auf Finish.
    12. +
    13. Gehen Sie zur Multifunktionsleiste CalDav Synchronizer und klicken Sie auf Synchronisationsprofile.
    14. +
    15. Klicken Sie auf die zweite Schaltfläche oben (Mehrere Profile hinzufügen), wählen Sie Sogo und klicken Sie auf Ok.
    16. +
    17. Klicken Sie auf die Schaltfläche IMAP/POP3-Kontoeinstellungen abrufen.
    18. +
    19. Klicken Sie auf Ressourcen erkennen und Outlook-Ordnern zuweisen.
    20. +
    21. Wählen Sie im Fenster Ressource auswählen Ihren Hauptkalender (in der Regel Persönlicher Kalender), klicken Sie auf die Schaltfläche ..., weisen Sie ihn dem Ordner Kalender zu, und klicken Sie auf OK. Gehen Sie zu den Registerkarten Adressbücher und Aufgaben und wiederholen Sie den Vorgang entsprechend. Weisen Sie nicht mehreren Kalendern, Adressbüchern oder Aufgabenlisten zu!
    22. +
    23. Schließen Sie alle Fenster mit den Tasten OK.
    24. +
    +

    Outlook 2013 oder höher unter Windows (Active Sync - nicht empfohlen)

    +
    +

    Dies gilt nur, wenn Ihr Serveradministrator EAS für Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung für Outlook 2007.

    +
    +
      +
    1. Starten Sie Outlook.
    2. +
    3. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort.
    4. +
    5. Öffnen Sie das Menü Datei und klicken Sie auf Konto hinzufügen.
    6. +
    7. Geben Sie Ihren Namen (), Ihre E-Mail Adresse () und Ihr Passwort ein. Klicken Sie auf Weiter.
    8. +
    9. Wenn Sie dazu aufgefordert werden, geben Sie Ihr Passwort erneut ein, markieren Sie Meine Anmeldedaten speichern und klicken Sie auf OK.
    10. +
    11. Klicken Sie auf die Schaltfläche Zulassen.
    12. +
    13. Klicken Sie auf Fertigstellen.
    14. +
    +

    Outlook 2011 oder höher unter macOS

    +

    Die Mac-Version von Outlook synchronisiert keine Kalender und Kontakte und wird daher nicht unterstützt.

    + +
    +
    + + + Letztes Update: + 2022-02-16 15:23:32 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-thunderbird/index.html b/2.5/de/client/client-thunderbird/index.html new file mode 100644 index 000000000..a9282d1f7 --- /dev/null +++ b/2.5/de/client/client-thunderbird/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Mozilla Thunderbird - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mozilla Thunderbird

    + +
      +
    1. + Starten Sie Thunderbird. +
    2. +
    3. + Wenn Sie Thunderbird zum ersten Mal starten, werden Sie gefragt, ob Sie eine neue E-Mail-Adresse haben möchten. Klicken Sie auf Überspringen und eine bereits vorhandene E-Mail verwenden und fahren Sie mit Schritt 4 fort. +
    4. +
    5. + Gehen Sie zum Datei Menü und wählen Sie Neu, Bestehendes Mail-Konto.... +
    6. +
    7. + Geben Sie Ihren Namen (), Ihre E-Mail-Adresse () und Ihr Passwort ein. Stellen Sie sicher, dass Passwort merken aktiviert ist und klicken Sie auf Weiter. +
    8. +
    9. + Sobald die Konfiguration automatisch erkannt wurde, stellen Sie sicher, dass IMAP ausgewählt ist und klicken Sie auf Fertig. +
    10. +
    11. + Um Ihre Kontakte vom Server zu verwenden, klicken Sie auf den Pfeil neben "Adressbücher" und auf die Schaltfläche Verbinden für jedes Adressbuch, das Sie verwenden möchten. +
    12. +
    13. + Um Ihre Kalender vom Server zu verwenden, klicken Sie auf den Pfeil neben "Kalender" und dann auf die Schaltfläche Verbinden für jeden Kalender, den Sie verwenden möchten. +
    14. +
    15. + Klicken Sie auf Beenden, um das Fenster Account Setup zu schließen. +
    16. +
    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client-windows/index.html b/2.5/de/client/client-windows/index.html new file mode 100644 index 000000000..caf857d28 --- /dev/null +++ b/2.5/de/client/client-windows/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Windows Mail - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Windows Mail

    + +

    Windows 8 und höher unterstützen E-Mail, Kontakte und Kalender über Exchange ActiveSync.

    +
      +
    1. Öffnen Sie die App Mail.
    2. +
    3. Wenn Sie Mail noch nicht verwendet haben, können Sie im Hauptfenster auf Konto hinzufügen klicken. Fahren Sie mit Schritt 4 fort.
    4. +
    5. Klicken Sie auf Konten in der Seitenleiste links und dann auf Konto hinzufügen ganz rechts.
    6. +
    7. Wählen Sie Exchange.
    8. +
    9. Geben Sie Ihre E-Mail Adresse () ein und klicken Sie auf Weiter..
    10. +
    11. Geben Sie Ihr Passwort ein und klicken Sie auf Anmelden.
    12. +
    +

    Sobald Sie die Mail-App eingerichtet haben, können Sie auch die Apps "Kontakte" und "Kalender" verwenden.

    + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/client/client/index.html b/2.5/de/client/client/index.html new file mode 100644 index 000000000..a96b01606 --- /dev/null +++ b/2.5/de/client/client/index.html @@ -0,0 +1,2554 @@ + + + + + + + + + + + + + + + + + + Übersicht - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Übersicht

    + +

    mailcow unterstützt eine Vielzahl von E-Mail-Clients, sowohl auf Desktop-Computern als auch auf Smartphones. +Im Folgenden finden Sie eine Reihe von Konfigurationsanleitungen, die erklären, wie Sie Ihr mailcow-Konto konfigurieren können.

    +
    +
    +

    Tipp

    +Wenn Sie auf diese Seite zugreifen, indem Sie sich bei Ihrem mailcow-Server anmelden und auf den Link "Konfigurationsanleitungen für E-Mail-Clients und Smartphones anzeigen" klicken, werden alle Anleitungen mit Ihrer E-Mail-Adresse und Ihrem Servernamen personalisiert. +
    +
    +
    +
    +

    Erfolgreich

    +Da Sie diese Seite aufgerufen haben, nachdem Sie sich in Ihren Mailcow-Server eingeloggt haben, wurden alle Anleitungen mit Ihrer E-Mail-Adresse und Ihrem Servernamen personalisiert. +
    +
    + + +
    +
    + + + Letztes Update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/i_u_m/i_u_m_deinstall/index.html b/2.5/de/i_u_m/i_u_m_deinstall/index.html new file mode 100644 index 000000000..8cc9fdb8e --- /dev/null +++ b/2.5/de/i_u_m/i_u_m_deinstall/index.html @@ -0,0 +1,2552 @@ + + + + + + + + + + + + + + + + + + Deinstallation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Deinstallation

    + +

    Um mailcow: dockerized mit all seinen Volumes, Images und Containern zu entfernen, tun Sie dies:

    +
    +
    +
    +
    docker compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    docker-compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    +
    +

    Info

    +
      +
    • -v Entfernt benannte Volumes, die im Abschnitt volumes der Compose-Datei deklariert sind, und anonyme Volumes, die an Container angehängt sind.
    • +
    • --rmi Images entfernen. Der Typ muss einer der folgenden sein: all: Entfernt alle Images, die von einem beliebigen Dienst verwendet werden. local: Entfernt nur Bilder, die kein benutzerdefiniertes Tag haben, das durch das Feld "image" gesetzt wurde.
    • +
    • --remove-orphans Entfernt Container für Dienste, die nicht in der Compose-Datei definiert sind.
    • +
    • Standardmäßig entfernt docker compose down nur derzeit aktive Container und Netzwerke, die in der Datei docker-compose.yml definiert sind.
    • +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/i_u_m/i_u_m_install/index.html b/2.5/de/i_u_m/i_u_m_install/index.html new file mode 100644 index 000000000..a33c9e8cb --- /dev/null +++ b/2.5/de/i_u_m/i_u_m_install/index.html @@ -0,0 +1,2895 @@ + + + + + + + + + + + + + + + + + + Installation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installation

    + +

    Docker und Docker Compose Installation

    +

    Sie benötigen Docker (eine Version >= 20.10.2 ist erforderlich) und Docker Compose (eine Version >= 2.0 ist erforderlich).

    +

    Erfahren Sie, wie Sie Docker und Docker Compose installieren.

    +

    Schnelle Installation für die meisten Betriebssysteme:

    +

    Docker

    +

    curl -sSL https://get.docker.com/ | CHANNEL=stable sh
    +# Nachdem der Installationsprozess abgeschlossen ist, müssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)
    +systemctl enable --now docker
    +
    +Bitte verwenden Sie die neueste verfügbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.

    +

    docker compose

    +
    +

    Achtung

    +

    mailcow benötigt eine Version von Docker Compose >= v2. +
    Sollte die Installation von Docker über das obenstehende Skript erfolgt sein wird das Docker Compose Plugin bereits automatisch +in einer Version >=2.0 installiert.
    +Ist die mailcow Installation älter oder Docker wurde auf einem anderen Weg installiert, muss das Compose Plugin bzw. die Standalone Version von Docker manuell installiert werden.

    +
    +

    Installation via Paketmanager (Plugin)

    +
    +

    Hinweis

    +

    Diese Vorgehensweise mit den Paketquellen ist nur dann möglich, wenn das Docker Repository eingebunden wurde. Dies kann entweder durch die Anleitung oben (siehe Docker) oder durch eine manuelle Einbindung passieren.

    +
    +

    Auf Debian/Ubuntu Systemen: +

    apt update
    +apt install docker-compose-plugin
    +

    +

    Auf Centos 7 Systemen: +

    yum update
    +yum install docker-compose-plugin
    +

    +
    +

    Achtung

    +

    Die Syntax der Docker Compose Befehle lautet docker compose bei der Plugin Variante von Docker Compose!!

    +
    +

    Installation via Script (Standalone)

    +
    +

    Hinweis

    +

    Diese Installation ist die alt bekannte Weise. Sie installiert Docker Compose als Standalone Programm und ist nicht auf die Art und weise der Docker Installation angewiesen.

    +
    +
    LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
    +chmod +x /usr/local/bin/docker-compose
    +
    +
    +

    Achtung

    +

    Die Syntax der Docker Compose Befehle lautet docker-compose bei der Standalone Variante von Docker Compose!!

    +
    +

    SELinux Besonderheiten prüfen

    +

    Auf SELinux-aktivierten Systemen, z.B. CentOS 7:

    +
      +
    • Prüfen Sie, ob das Paket "container-selinux" auf Ihrem System vorhanden ist:
    • +
    +
    rpm -qa | grep container-selinux
    +
    +

    Wenn der obige Befehl eine leere oder keine Ausgabe liefert, sollten Sie es über Ihren Paketmanager installieren.

    +
      +
    • Prüfen Sie, ob Docker SELinux-Unterstützung aktiviert hat:
    • +
    +
    docker info | grep selinux
    +
    +

    Wenn der obige Befehl eine leere oder keine Ausgabe liefert, erstellen oder bearbeiten Sie /etc/docker/daemon.json und fügen Sie "selinux-enabled": true hinzu. Beispielhafter Inhalt der Datei:

    +
    {
    +  "selinux-enabled": true
    +}
    +
    +

    Starten Sie den Docker-Daemon neu und überprüfen Sie, ob SELinux nun aktiviert ist.

    +

    Dieser Schritt ist erforderlich, um sicherzustellen, dass die mailcows-Volumes richtig gekennzeichnet sind, wie in der Compose-Datei angegeben. +Wenn Sie daran interessiert sind, wie das funktioniert, können Sie sich die Readme-Datei von https://github.com/containers/container-selinux ansehen, die auf viele nützliche Informationen zu diesem Thema verweist.

    +

    mailcow Installieren

    +

    Klonen Sie den Master-Zweig des Repositorys und stellen Sie sicher, dass Ihre umask gleich 0022 ist. Bitte klonen Sie das Repository als root-Benutzer und kontrollieren Sie auch den Stack als root. Wir werden die Attribute - wenn nötig - ändern, während wir die Container automatisch bereitstellen und sicherstellen, dass alles gesichert ist. Das update.sh-Skript muss daher ebenfalls als root ausgeführt werden. Es kann notwendig sein, den Besitzer und andere Attribute von Dateien zu ändern, auf die Sie sonst keinen Zugriff haben. Wir geben die Berechtigungen für jede exponierte Anwendung auf und führen einen exponierten Dienst nicht als root aus! Wenn Sie den Docker-Daemon als Nicht-Root-Benutzer steuern, erhalten Sie keine zusätzliche Sicherheit. Der unprivilegierte Benutzer wird die Container ebenfalls als root spawnen. Das Verhalten des Stacks ist identisch.

    +
    $ su
    +# umask
    +0022 # <- Überprüfen, dass es 0022 ist
    +# cd /opt
    +# git clone https://github.com/mailcow/mailcow-dockerized
    +# cd mailcow-dockerized
    +
    +

    mailcow Initialisieren

    +

    Erzeugen Sie eine Konfigurationsdatei. Verwenden Sie einen FQDN (host.domain.tld) als Hostname, wenn Sie gefragt werden. +

    ./generate_config.sh
    +

    +

    Ändern Sie die Konfiguration, wenn Sie wollen oder müssen. +

    nano mailcow.conf
    +
    +Wenn Sie planen, einen Reverse Proxy zu verwenden, können Sie zum Beispiel HTTPS an 127.0.0.1 auf Port 8443 und HTTP an 127.0.0.1 auf Port 8080 binden.

    +

    Möglicherweise müssen Sie einen vorinstallierten MTA stoppen, der Port 25/tcp blockiert. Siehe dieses Kapitel, um zu erfahren, wie man Postfix rekonfiguriert, um nach einer erfolgreichen Installation neben mailcow laufen zu lassen.

    +

    Einige Updates modifizieren mailcow.conf und fügen neue Parameter hinzu. Es ist schwer, in der Dokumentation den Überblick zu behalten. Bitte überprüfen Sie deren Beschreibung und fragen Sie, wenn Sie unsicher sind, in den bekannten Kanälen nach Rat.

    +

    Problembehandlungen

    +

    Benutzer mit einer MTU ungleich 1500 (z.B. OpenStack)

    +

    Wenn Sie auf Probleme und seltsame Phänomene stoßen, überprüfen Sie bitte Ihre MTU.

    +

    Bearbeiten Sie docker-compose.yml und ändern Sie die Netzwerkeinstellungen entsprechend Ihrer MTU. +Fügen Sie den neuen Parameter driver_opts wie folgt hinzu: +

    networks:
    +  mailcow-network:
    +    ...
    +    driver_opts:
    +      com.docker.network.driver.mtu: 1450
    +    ...
    +

    +

    Benutzer ohne ein IPv6-aktiviertes Netzwerk auf ihrem Hostsystem

    +

    Schalten Sie IPv6 bitte nicht ab, auch wenn es Ihnen nicht gefällt. IPv6 ist die Zukunft und sollte nicht ignoriert werden.

    +

    Sollten Sie jedoch kein IPv6-fähiges Netzwerk auf Ihrem Host haben und Sie sich nicht um ein besseres Internet kümmern wollen (hehe), ist es empfehlenswert, IPv6 für das mailcow-Netzwerk zu deaktivieren, um unvorhergesehene Probleme zu vermeiden.

    +

    mailcow starten

    +

    Laden Sie die Images herunter und führen Sie die Compose-Datei aus. Der Parameter -d wird ihre mailcow dann im Hintergrund starten:

    +
    +
    +
    +
    docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Geschafft!

    +

    Sie können nun auf https://${MAILCOW_HOSTNAME} mit den Standard-Zugangsdaten admin + Passwort moohoo zugreifen.

    +
    +

    Info

    +

    Wenn Sie mailcow nicht hinter einem Reverse Proxy verwenden, sollten Sie alle HTTP-Anfragen auf HTTPS umleiten.

    +
    +

    Die Datenbank wird sofort initialisiert, nachdem eine Verbindung zu MySQL hergestellt werden kann.

    +

    Ihre Daten bleiben in mehreren Docker-Volumes erhalten, die nicht gelöscht werden, wenn Sie Container neu erstellen oder löschen. Führen Sie docker volume ls aus, um eine Liste aller Volumes zu sehen. Sie können docker compose down sicher ausführen, ohne persistente Daten zu entfernen.

    + +
    +
    + + + Letztes Update: + 2022-12-16 19:22:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/i_u_m/i_u_m_migration/index.html b/2.5/de/i_u_m/i_u_m_migration/index.html new file mode 100644 index 000000000..6e5e3c479 --- /dev/null +++ b/2.5/de/i_u_m/i_u_m_migration/index.html @@ -0,0 +1,2598 @@ + + + + + + + + + + + + + + + + + + Migration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Migration

    + +
    +

    Warning

    +

    Diese Anleitung geht davon aus, dass Sie beabsichtigen, einen bestehenden Mailcow-Server (Quelle) auf einen brandneuen, leeren Server (Ziel) zu migrieren. Sie kümmert sich nicht um die Erhaltung bestehender Daten auf dem Zielserver und löscht alles innerhalb von /var/lib/docker/volumes und somit alle Docker-Volumes, die Sie bereits eingerichtet haben.

    +
    +
    +

    Tip

    +

    Alternativ können Sie das Skript ./helper-scripts/backup_and_restore.sh verwenden, um ein vollständiges Backup auf der Quellmaschine zu erstellen, dann installieren Sie mailcow auf der Zielmaschine wie gewohnt, kopieren Sie Ihre mailcow.conf und verwenden Sie das gleiche Skript, um Ihr Backup auf der Zielmaschine wiederherzustellen.

    +
    +

    1. +Befolgen Sie die Installationsanleitung von Docker und Compose.

    +

    2. Stoppen Sie Docker und stellen Sie sicher, dass Docker gestoppt wurde: +

    systemctl stop docker.service
    +systemctl status docker.service
    +

    +

    3. Führen Sie die folgenden Befehle auf dem Quellcomputer aus (achten Sie darauf, die abschließenden Schrägstriche im ersten Pfadparameter wie unten gezeigt hinzuzufügen!) - WARNUNG: Dieser Befehl löscht alles, was bereits unter /var/lib/docker/volumes auf dem Zielrechner existiert: +

    rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
    +rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
    +

    +

    4. Schalten Sie mailcow ab und stoppen Sie Docker auf dem Quellrechner.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    +

    **Wiederholen Sie Schritt 3 mit denselben Befehlen. Dies wird viel schneller gehen als beim ersten Mal.

    +

    6. Wechseln Sie auf den Zielrechner und starten Sie Docker. +

    systemctl start docker.service
    +

    +

    7. Ziehen Sie nun die mailcow Docker-Images auf den Zielrechner.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose pull
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose pull
    +
    +
    +
    +
    +

    8. Starten Sie den gesamten mailcow-Stack und alles sollte fertig sein!

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    +

    9. Zum Schluss ändern Sie Ihre DNS-Einstellungen so, dass sie auf den Zielserver zeigen.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/i_u_m/i_u_m_update/index.html b/2.5/de/i_u_m/i_u_m_update/index.html new file mode 100644 index 000000000..9e784b96b --- /dev/null +++ b/2.5/de/i_u_m/i_u_m_update/index.html @@ -0,0 +1,2848 @@ + + + + + + + + + + + + + + + + + + Update - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Update

    + +

    mailcow automatisch Updaten

    +

    Ein Update-Skript in Ihrem mailcow-dockerized Verzeichnis kümmert sich um Updates.

    +

    Aber benutzen Sie es mit Bedacht! Wenn Sie denken, dass Sie viele Änderungen am mailcow-Code vorgenommen haben, sollten Sie die manuelle Update-Anleitung unten verwenden.

    +

    Führen sie das Update-Skript aus: +

    ./update.sh
    +

    +

    Wenn es nötig ist, wird es Sie fragen, wie Sie fortfahren möchten. +Merge-Fehler werden gemeldet. +Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow-dockerized repository code).

    +

    Optionen

    +
    # Optionen können kombiniert werden
    +
    +# - Prüft auf Updates und zeigt Änderungen an
    +./update.sh --check
    +
    +# - Starten Sie mailcow nicht, nachdem Sie ein Update durchgeführt haben
    +./update.sh --skip-start
    +
    +# - Überspringt den ICMP Check auf die öffentlichen DNS Resolver (Bitte nur nutzen, wenn keinerlei ICMP Verbindungen von und zur mailcow erlaubt sind)
    +./update.sh --skip-ping-check
    +
    +# - Wechselt die Update Quellen der mailcow auf nightly (unstabile) Inhalte.
    +NUR ZUM TESTEN VERWENDEN!! KEIN PRODUKTIV BETRIEB!!!
    +./update.sh --nightly
    +
    +# - Wechselt die Update Quellen der mailcow auf stable (stabile) Inhalte (standard).
    +./update.sh --stable
    +
    +# - Erzwinge Update (unbeaufsichtigt, aber nicht unterstützt, Benutzung auf eigenes Risiko)
    +./update.sh --force
    +
    +# - Garbage Collector ausführen, um alte Image-Tags zu bereinigen und beenden
    +./update.sh --gc
    +
    +# - Update mit der Merge-Strategie-Option "ours" statt "theirs"
    +# Dies wird **Konflikte** beim Zusammenführen zugunsten Ihrer lokalen Änderungen lösen und sollte vermieden werden. Lokale Änderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY geändert.
    +./update.sh --ours
    +
    +# - Nicht aktualisieren, nur holen von Docker Images
    +./update.sh --prefetch
    +
    +

    Ich habe vergessen, was ich vor dem Ausführen von update.sh geändert habe.

    +

    Siehe git log --pretty=oneline | grep -i "before update", Sie werden eine Ausgabe ähnlich dieser haben:

    +
    22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
    +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
    +
    +

    Führen Sie git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab aus, um zu sehen, was sich geändert hat.

    +

    Kann ich ein Rollback durchführen?

    +

    Ja.

    +

    Siehe das obige Thema, anstelle eines Diffs führen Sie checkout aus:

    +
    +
    +
    +
    docker compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Hooks

    +

    Sie können sich in den Update-Mechanismus einklinken, indem Sie Skripte namens pre_commit_hook.sh und post_commit_hook.sh zu Ihrem mailcows-Root-Verzeichnis hinzufügen. Siehe hier für weitere Details.

    +

    Update-Zyklus

    +
      +
    • Wir planen an jedem ersten Dienstag eines Monats ein neues Hauptupdate zu veröffentlichen.
    • +
    • Die Updates sind wie folgt nummeriert: JJJJ-MM (Beispiel: 2022-05).
    • +
    • Fehlerkorrekturen eines Hauptupdates werden bei uns als "Revisionen" wie a,b,c (Beispiele: 2022-05a, 2022-05b usw.) erscheinen.
    • +
    +

    Update-Varianten

    +

    stable (stabile Updates): Diese Updates sind für den Produktivbetrieb geeignet. Sie erscheinen in einem Zyklus von mindest 1x im Monat.

    +

    nightly (instabile Updates): Diese Updates sind NICHT für den Produktivbetrieb geeignet und dienen lediglich dem Testen. Die nightly Updates sind den stabilen Updates vorraus, da in diesen neue und auch umfangreichere Funktionen getestet werden bevor diese für alle User Live gehen.

    +

    NEU: Nightly Updates beziehen

    +

    Infos zu den Nightly Updates

    +

    Seit dem 2022-08 Update gibt es die Möglichkeit die Update quellen zu ändern. Bisher diente der master Branch auf GitHub als einzige (offizieller) Update Quelle. Mit dem August 2022 Update gibt es aber nun noch den Nightly Branch welcher instabile und größere Änderungen zum testen und Feedback geben enthält.

    +

    Dabei bekommt der Nightly Branch immer dann neue Updates, wenn irgendetwas am mailcow Projekt fertig gemacht wurde was in die neue Hauptversion reinkommt.

    +

    Neben den offensichtlichen neuerungen welche sowieso im nächsten Major Update enthalten sein werden enthält er ebenfalls erstmal exklusive Features welche eine längere Testzeit brauchen (bspw. das UI Update auf Bootstrap 5).

    +

    Wie bekomme ich Nightly Updates?

    +

    Der Vorgang ist relativ simpel. Mit dem 2022-08 Update (ein Update auf die Version voraussgesetzt) ist es möglich die update.sh mit dem Parameter --nightly zu starten.

    +
    +

    Achtung

    Bitte machen Sie vorher ein Backup oder folgen Sie dem Abschnitt Best Practice Nightly Update bevor Sie auf die Nightly Builds von mailcow wechseln. Wir sind für keinerlei Datenverluste/korruptionen verantwortlich, also arbeiten Sie mit bedacht!

    +

    +
    +

    Das Skript wird nun den Branch wechseln mit git checkout nightly d.h. es wird auch wieder nach den IPv6 Einstellungen fragen. Das ist aber normal.

    +

    Sollte alles problemlos geklappt haben (wofür wir ja auch vorsichtshalber ein Backup vorher gemacht haben) sollte nun in der mailcow UI unten rechts die aktuelle Versionsnummer samt Datumsstempel abgebildet sein:
    +nightly footer

    +

    Best Practice Nightly Update

    +
    +

    Info

    Wir empfehlen die Benutzung des Nightly Updates nur dann, wenn Ihr eine weitere Maschine oder VM besitzt und diese NICHT Produktiv nutzt.

    +

    +
    +
      +
    1. Das Cold-Standby Skript nutzen um die Maschine vor dem Schwenk auf die Nightly Builds auf ein anderes System zu kopieren.
    2. +
    3. Das update.sh Skript auf der neuen Maschine mit dem Parameter --nightly ausführen und bestätigen.
    4. +
    5. Die Nightly Updates auf der sekundären Maschine erleben/testen.
    6. +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/index.html b/2.5/de/index.html new file mode 100644 index 000000000..c0f5925e6 --- /dev/null +++ b/2.5/de/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Informationen & Support - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    🐮 + 🐋 = 💕

    +

    Unterstützen Sie das mailcow Projekt

    +

    Bitte erwägen Sie einen Supportvertrag gegen eine geringe monatliche Gebühr unter Servercow, um die weitere Entwicklung zu unterstützen. Wir unterstützen Sie, während Sie uns unterstützen. :)

    +

    Wenn Sie super toll sind und uns ohne Vertrag unterstützen möchten, können Sie eine SAL-Lizenz erhalten, die Ihre Unterstützung bestätigt (kaufbar als flexible Einmalzahlung) bei Servercow.

    +

    Support erhalten

    +

    Es gibt zwei Möglichkeiten, Support für Ihre mailcow-Installation zu erhalten.

    +

    Kommerzieller Support

    +

    Für professionellen und priorisierten kommerziellen Support können Sie ein Basis-Support-Abonnement unter Servercow abschließen. Für kundenspezifische Anfragen oder Fragen kontaktieren Sie uns stattdessen bitte unter info@servercow.de.

    +

    Darüber hinaus bieten wir auch eine voll ausgestattete und verwaltete managed mailcow an. Auf diese Weise kümmern wir uns um alles technische und Sie können Ihr ganzes Mail-Erlebnis auf eine problemlose Weise genießen.

    +

    Community-Unterstützung und Chat

    +

    Die andere Alternative ist unser kostenloser Community-Support auf unseren verschiedenen Kanälen unten. Bitte beachten Sie, dass dieser Support von unserer großartigen Community rund um mailcow betrieben wird. Diese Art von Support ist best-effort, freiwillig und es gibt keine Garantie für irgendetwas.

    + +

    Telegram Desktop-Clients sind für mehrere Plattformen verfügbar. Sie können den Gruppenverlauf nach Stichworten durchsuchen.

    +

    Nur für Bug Tracking, Feature Requests und Codebeiträge:

    + +

    Demos

    +

    Seit September 2022 stellen wir zwei Verschiedene Demos bereit:

    +
      +
    • demo.mailcow.email ist die altbekannte Demo, welche sich am Stabilen Stand der mailcow orrientiert.
    • +
    • nightly-demo.mailcow.email ist die neue Nightly Demo, welche Testfunktionen beherbergt. (Also insbesondere für alle interessant, die keine Möglichkeit haben sich eine Testinstanz selbst zu erstellen.)
    • +
    +

    Die folgenden Anmeldedaten fürs Login funktionieren bei beiden Varianten:

    +
      +
    • Administrator: admin / moohoo
    • +
    • Domänen-Administrator: department / moohoo
    • +
    • Mailbox: demo@440044.xyz / moohoo
    • +
    +
    +

    Besonderheit

    +

    Die Demo Instanzen erhalten die neusten Updates direkt nach Release von GitHub. Vollautomatisch, ohne Downtime!

    +
    +

    Überblick

    +

    Die integrierte mailcow UI ermöglicht administrative Arbeiten auf Ihrer Mailserver-Instanz sowie einen getrennten Domain-Administrator- und Mailbox-Benutzer-Zugriff:

    +
      +
    • DKIM und ARC Unterstützung
    • +
    • Black- und Whitelists pro Domain und pro Benutzer
    • +
    • Spam-Score-Verwaltung pro Benutzer (Spam ablehnen, Spam markieren, Greylist)
    • +
    • Erlauben Sie Mailbox-Benutzern, temporäre Spam-Aliase zu erstellen
    • +
    • Voranstellen von E-Mail-Tags an den Betreff oder Verschieben von E-Mails in Unterordner (pro Benutzer)
    • +
    • Mailbox-Benutzer können die TLS-Durchsetzung für eingehende und ausgehende Nachrichten umschalten
    • +
    • Benutzer können die Caches von SOGo ActiveSync-Geräten zurücksetzen
    • +
    • imapsync, um entfernte Postfächer regelmäßig zu migrieren oder abzurufen
    • +
    • TFA: Yubikey OTP und U2F USB (nur Google Chrome und Derivate), TOTP
    • +
    • Hinzufügen von Domänen, Postfächern, Aliasen, Domänenaliasen und SOGo-Ressourcen
    • +
    • Hinzufügen von Whitelist-Hosts zur Weiterleitung von Mails an mailcow
    • +
    • Fail2ban-ähnliche Integration
    • +
    • Quarantäne-System
    • +
    • Antivirus-Scanning inkl. Makro-Scanning in Office-Dokumenten
    • +
    • Integrierte Basisüberwachung
    • +
    • Eine Menge mehr...
    • +
    +

    mailcow: dockerized kommt mit mehreren Containern, die in einem überbrückten Netzwerk verbunden sind. +Jeder Container repräsentiert eine einzelne Anwendung.

    + +
    +

    Achtung

    +

    Die Mails werden komprimiert und verschlüsselt gespeichert. Das Schlüsselpaar ist in crypt-vol-1 zu finden. Bitte vergessen Sie nicht, dieses zu sichern.

    +
    +

    Docker-Volumes zur Aufbewahrung dynamischer Daten - kümmern Sie sich um sie!

    +
      +
    • clamd-db-vol-1
    • +
    • crypt-vol-1
    • +
    • mysql-socket-vol-1
    • +
    • mysql-vol-1
    • +
    • postfix-vol-1
    • +
    • redis-vol-1
    • +
    • rspamd-vol-1
    • +
    • sogo-userdata-backup-vol-1
    • +
    • sogo-web-vol-1
    • +
    • solr-vol-1
    • +
    • vmail-index-vol-1
    • +
    • vmail-vol-1
    • +
    + +
    +
    + + + Letztes Update: + 2022-09-24 12:40:59 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/2.5/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html new file mode 100644 index 000000000..f95d7a084 --- /dev/null +++ b/2.5/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -0,0 +1,2723 @@ + + + + + + + + + + + + + + + + + + Weitere Datenbanken - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Weitere Datenbanken

    + +

    Weitere Datenbanken für ClamAV

    +

    Die Standard ClamAV Datenbanken haben keine hohe Trefferquote, können aber durch kostenlose und kostenpflichtige Datenbanken erweitert werden.

    +

    Liste von bekannten (kostenfreien) Datenbanken | Stand April 2022

    +
      +
    • SecurityInfo - kostenlose ClamAV DBs für Testzwecke. Registrierung der IP Adresse des Servers erforderlich (dann nutzbar für besagte IP).
    • +
    • InterServer - kostenlose ClamAV DBs. Für E-Mail Zwecke eher ungeeignet.
    • +
    +

    SecuriteInfo Datenbank aktivieren

    +
      +
    1. Kostenfreien Account auf https://www.securiteinfo.com/clients/customers/signup erstellen.
    2. +
    3. Sie erhalten eine E-Mail um Ihren Account zu aktivieren gefolgt von einer E-Mail mit Ihrem Login Namen.
    4. +
    5. Loggen Sie sich ein und navigieren Sie zu Ihrem Account https://www.securiteinfo.com/clients/customers/account
    6. +
    7. Klicken Sie auf den 'Setup' Reiter.
    8. +
    9. Sie brauchen your_id von den Downloadlinks. Diese sind pro User individuell.
    10. +
    11. +

      Fügen Sie diese wie folgt in die data/conf/clamav/freshclam.conf ein und ersetzen Sie den your_id Teil mit Ihrer ID: +

      DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
      +

      +
    12. +
    13. +

      Bei den kostenlosen SecuriteInfo Datenbanken ist die Download-Geschwindigkeit auf 300 kB/s begrenzt. Ändern Sie in data/conf/clamav/freshclam.conf den Standardwert ReceiveTimeout 20 auf ReceiveTimeout 90 (Zeitangabe in Sekunden), da ansonsten einige der Datenbank-Downloads aufgrund ihrer Größe abbrechen können.

      +
    14. +
    15. +

      Passen Sie data/conf/clamav/clamd.conf mit den folgenden Einstellungen an: +

      DetectPUA yes
      +ExcludePUA PUA.Win.Packer
      +ExcludePUA PUA.Win.Trojan.Packed
      +ExcludePUA PUA.Win.Trojan.Molebox
      +ExcludePUA PUA.Win.Packer.Upx
      +ExcludePUA PUA.Doc.Packed
      +MaxScanSize 150M
      +MaxFileSize 100M
      +MaxRecursion 40
      +MaxEmbeddedPE 100M
      +MaxHTMLNormalize 50M
      +MaxScriptNormalize 50M
      +MaxZipTypeRcg 50M
      +

      +
    16. +
    17. Starten Sie den ClamAV Container neu:
    18. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Bitte beachten Sie:

    +
      +
    • Sie können ExcludePUA und IncludePUA in der clamd.conf nicht gleichzeitig nutzen! Kommentieren Sie bitte IncludePUA aus, sollte es nicht auskommentiert sein.
    • +
    • Die Liste der Datenbanken genutzt in diesem Beispiel sollten für die meisten Fälle passen. SecuriteInfo bietet jedoch noch andere Datenbanken an. Bitte schauen Sie sich das SecuriteInfo FAQ für weitere Informationen an.
    • +
    • Mit den neu eingestellten Datenbanken (und den Standard Datenbanken) ClamAV verbraucht ClamAV etwa 1,3 GB RAM des Servers.
    • +
    • Sollten Sie message_size_limit in Postfix verändert haben müssen Sie die MaxSize Einstellung in ClamAV auf den selben Wert eintragen.
    • +
    +

    InterServer Datenbanken aktivieren

    +
      +
    1. Fügen Sie folgendes in data/conf/clamav/freshclam.conf ein: +
      DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
      +DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
      +DatabaseCustomURL http://sigs.interserver.net/shell.ldb
      +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
      +
    2. +
    3. Starten Sie den ClamAV Container neu:
    4. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/2.5/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html new file mode 100644 index 000000000..4258b91d1 --- /dev/null +++ b/2.5/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -0,0 +1,2631 @@ + + + + + + + + + + + + + + + + + + Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Whitelist

    + +

    Whitelist für bestimmte ClamAV-Signaturen

    +

    Es kann vorkommen, dass legitime (saubere) Mails von ClamAV blockiert werden (Rspamd markiert die Mail mit VIRUS_FOUND). So werden beispielsweise interaktive PDF-Formularanhänge standardmäßig blockiert, da der eingebettete Javascript-Code für schädliche Zwecke verwendet werden könnte. Überprüfen Sie dies anhand der clamd-Protokolle, z.B.:

    +
    +
    +
    +
    docker compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    docker-compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    +

    Diese Zeile bestätigt, dass ein solcher identifiziert wurde:

    +
    clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
    +
    +

    Um diese spezielle Signatur auf die Whitelist zu setzen (und den Versand dieses Dateityps im Anhang zu ermöglichen), fügen Sie sie der ClamAV-Signatur-Whitelist-Datei hinzu:

    +
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
    +
    +

    Dann starten Sie den clamd-mailcow Service Container in der mailcow UI oder mit docker compose neu:

    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Bereinigen Sie zwischengespeicherte ClamAV-Ergebnisse in Redis:

    +
    +
    +
    +
    docker compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    docker-compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/2.5/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html new file mode 100644 index 000000000..1b2575944 --- /dev/null +++ b/2.5/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -0,0 +1,2557 @@ + + + + + + + + + + + + + + + + + + Dockerfiles anpassen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Dockerfiles anpassen

    + +

    Sie müssen die Override-Datei mit den entsprechenden Build-Tags in den mailcow: dockerized Root-Ordner (d.h. /opt/mailcow-dockerized) kopieren: +

    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
    +

    +

    Nehmen Sie Ihre Änderungen in data/Dockerfiles/$service vor und erstellen Sie das Image lokal: +

    docker build data/Dockerfiles/$service -t mailcow/$service:$tag
    +
    +(Ohne persönlichen :$tag wird automatisch :latest verwendet.)

    +

    Nun muss dieser gerade erstellte Container in docker-compose.override.yml aktiviert werden, z.B.: +

    $service-mailcow:
    +    build: ./data/Dockerfiles/$service
    +    image: mailcow/$service:$tag
    +

    +

    Abschliessend müssen die geänderten Container automatisch neu erstellt werden:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html new file mode 100644 index 000000000..cd0670ebd --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + Aktivierung von "any" ACL-Einstellungen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Aktivierung von "any" ACL-Einstellungen

    + +

    Am 17. August haben wir die Möglichkeit, mit "jedem" oder "allen authentifizierten Benutzern" zu teilen, standardmäßig deaktiviert.

    +

    Diese Funktion kann wieder aktiviert werden, indem ACL_ANYONE auf allow in mailcow.conf gesetzt wird:

    +
    ACL_ANYONE=allow
    +
    +

    Wenden Sie die Änderungen an, indem Sie den Docker Stack neustarten mit:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html new file mode 100644 index 000000000..e13376d67 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + Urlaubsantworten für Catchall-Adressen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Urlaubsantworten für Catchall-Adressen

    + +

    Der Dovecot-Parameter sieve_vacation_dont_check_recipient - der in mailcow-Konfigurationen vor dem 21. Juli 2021 standardmäßig auf yes gesetzt war - erlaubt Urlaubsantworten auch dann, wenn eine Mail an nicht existierende Mailboxen wie Catch-All-Adressen gesendet wird.

    +

    Wir haben uns entschlossen, diesen Parameter wieder auf no zu setzen und dem Benutzer zu erlauben, die Empfängeradresse zu spezifizieren, die eine Urlaubsantwort auslöst. Die auslösenden Empfänger können auch in SOGos Autoresponder-Funktion konfiguriert werden.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html new file mode 100644 index 000000000..7a82f38aa --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Löschen der Mails eines Benutzers - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Löschen der Mails eines Benutzers

    + +

    Wenn Sie alte Mails aus den Ordnern .Junk oder .Trash löschen wollen oder vielleicht alle gelesenen Mails, die älter als eine bestimmte Zeitspanne sind, können Sie das dovecot-Tool doveadm man doveadm-expunge verwenden.

    +

    Der manuelle Weg

    +

    Dann wollen wir mal loslegen:

    +

    Löschen Sie die Mails eines Benutzers im Junk-Ordner, die gelesen und älter als 4 Stunden sind

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    +

    Lösche alle Mails des Benutzers im Junk-Ordner, die älter als 7 Tage sind

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    +

    Löscht alle Mails (aller Benutzer) in allen Ordnern, die älter als 52 Wochen sind (internes Datum der Mail, nicht das Datum, an dem sie auf dem System gespeichert wurde => before statt savedbefore). Nützlich zum Löschen sehr alter Mails in allen Benutzern und Ordnern (daher besonders nützlich für GDPR-Compliance).

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    +

    Löschen von Mails in einem benutzerdefinierten Ordner innerhalb des Posteingangs eines Benutzers, die nicht gekennzeichnet und älter als 2 Wochen sind

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    +
    +

    Info

    +

    Für mögliche Zeitspannen oder SearchQuery schauen Sie bitte in man doveadm-search-query

    +
    +

    Job-Scheduler

    +

    über das Host-System cron

    +

    Wenn Sie eine solche Aufgabe automatisieren wollen, können Sie einen Cron-Job auf Ihrem Rechner erstellen, der ein Skript wie das folgende aufruft:

    +
    +
    +
    +
    #!/bin/bash
    +# Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized
    +cd /pfad/zu/ihrer/mailcow-dockerized
    +
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    #!/bin/bash
    +# Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized
    +cd /pfad/zu/ihrer/mailcow-dockerized
    +
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    +

    Um einen Cronjob zu erstellen, können Sie crontab -e ausführen und etwas wie das Folgende einfügen, um ein Skript auszuführen:

    +
    # Jeden Tag um 04:00 Uhr morgens ausführen.
    +0 4 * * * /pfad/zu/ihr/expunge_mailboxes.sh
    +
    +

    über Docker Job Scheduler

    +

    Um dies mit einem Docker-Job-Scheduler zu archivieren, verwenden Sie diese docker-compose.override.yml mit Ihrer Mailcow:

    +
    version: '2.1'
    +
    +services:
    +
    +  ofelia:
    +    image: mcuadros/ofelia:latest
    +    restart: always
    +    command: daemon --docker
    +    volumes:
    +      - /var/run/docker.sock:/var/run/docker.sock:ro   
    +    network_mode: none
    +
    +  dovecot-mailcow:
    +    labels:
    +      - "ofelia.enabled=true"
    +      - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
    +      - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
    +      - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
    +
    +

    Der Job-Controller braucht nur Zugriff auf den Docker Control Socket, um das Verhalten von "exec" zu emulieren. Dann fügen wir unserem Dovecot-Container ein paar Labels hinzu, um den Job-Scheduler zu aktivieren und ihm in einem Cron-kompatiblen Scheduling-Format mitzuteilen, wann er laufen soll. Wenn Sie Probleme mit dem Scheduling-String haben, können Sie crontab guru verwenden. +Diese docker-compose.override.yml löscht jeden Tag um 4 Uhr morgens alle Mails, die älter als 2 Wochen sind, aus dem Ordner "Junk". Um zu sehen, ob alles richtig gelaufen ist, können Sie nicht nur in Ihrer Mailbox nachsehen, sondern auch im Docker-Log von Ofelia, ob es etwa so aussieht:

    +
    common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
    +common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
    +
    +

    Wenn der Vorgang fehlgeschlagen ist, wird dies angegeben und die Ausgabe von doveadm im Protokoll aufgeführt, um Ihnen die Fehlersuche zu erleichtern.

    +

    Falls Sie weitere Jobs hinzufügen wollen, stellen Sie sicher, dass Sie den "dovecot-expunge-trash"-Teil nach "ofelia.job-exec." in etwas anderes ändern, er definiert den Namen des Jobs. Die Syntax der Labels finden Sie unter mcuadros/ofelia.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html new file mode 100644 index 000000000..e10753a55 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Anpassen/Erweitern von dovecot.conf - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Anpassen/Erweitern von dovecot.conf

    + +

    Erstellen Sie eine Datei data/conf/dovecot/extra.conf - falls nicht vorhanden - und fügen Sie Ihren zusätzlichen Inhalt hier ein.

    +

    Starten Sie dovecot-mailcow neu, um Ihre Änderungen zu übernehmen:

    +
    +
    +
    +
    docker compose restart dovecot-mailcow
    +
    +
    +
    +
    docker-compose restart dovecot-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html new file mode 100644 index 000000000..6cf3bf963 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -0,0 +1,2671 @@ + + + + + + + + + + + + + + + + + + FTS (Solr) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    FTS (Solr)

    + +

    FTS Solr

    +

    Solr wird für Setups mit Speicher >= 3,5 GiB verwendet, um eine Volltextsuche in Dovecot zu ermöglichen.

    +

    Bitte beachten Sie, dass Anwendungen wie Solr vielleicht von Zeit zu Zeit gewartet werden müssen.

    +

    Außerdem verbraucht Solr eine Menge RAM, abhängig von der Nutzung Ihres Servers. Bitte vermeiden Sie es auf Maschinen mit weniger als 3 GB RAM.

    +

    Die Standard-Heap-Größe (1024 M) ist in mailcow.conf definiert.

    +

    Da wir in Docker laufen und unsere Container mit dem "restart: always" Flag erstellen, wird eine oom Situation zumindest nur einen Neustart des Containers auslösen.

    +

    FTS-bezogene Dovecot-Befehle

    +
    +
    +
    +
    # Einzelbenutzer
    +docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# alle Benutzer
    +docker compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    # Einzelbenutzer
    +docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# alle Benutzer
    +docker-compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    +

    Dovecot Wiki: "Scannt, welche Mails im Volltextsuchindex vorhanden sind und vergleicht diese mit den tatsächlich in den Postfächern vorhandenen Mails. Dies entfernt Mails aus dem Index, die bereits gelöscht wurden und stellt sicher, dass der nächste doveadm-Index alle fehlenden Mails (falls vorhanden) indiziert."

    +

    Dies indiziert nicht eine Mailbox neu. Es repariert im Grunde einen gegebenen Index.

    +

    Wenn Sie die Daten sofort neu indizieren wollen, können Sie den folgenden Befehl ausführen, wobei '*' auch eine Postfachmaske wie 'Sent' sein kann. Sie müssen diese Befehle nicht ausführen, aber es wird die Dinge ein wenig beschleunigen:

    +
    +
    +
    +
    # einzelner Benutzer
    +docker compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# alle Benutzer, aber offensichtlich langsamer und gefährlicher
    +docker compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    # einzelner Benutzer
    +docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# alle Benutzer, aber offensichtlich langsamer und gefährlicher
    +docker-compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    +

    Dies wird einige Zeit in Anspruch nehmen, abhängig von Ihrer Maschine und Solr kann oom ausführen, überwachen Sie es!

    +

    Da die Neuindizierung sehr sinnvoll ist, haben wir sie nicht in die mailcow UI integriert. Sie müssen sich um eventuelle Fehler beim Re-Indizieren einer Mailbox kümmern.

    +

    Löschen der Mailbox-Daten

    +

    mailcow wird die Indexdaten eines Benutzers löschen, wenn eine Mailbox gelöscht wird.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html new file mode 100644 index 000000000..bef5fc258 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -0,0 +1,2685 @@ + + + + + + + + + + + + + + + + + + IMAP IDLE-Intervall - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Ändern des IMAP-IDLE-Intervalls

    +

    Was ist das IDLE-Intervall?

    +

    Standardmäßig sendet Dovecot eine "Ich bin noch da"-Benachrichtigung an jeden Client, der eine offene Verbindung mit Dovecot hat, um Mails so schnell wie möglich zu erhalten, ohne sie manuell abzufragen (IMAP PUSH). Diese Benachrichtigung wird durch die Einstellung imap_idle_notify_interval gesteuert, die standardmäßig auf 2 Minuten eingestellt ist.

    +

    Ein kurzes Intervall führt dazu, dass der Client viele Nachrichten für diese Verbindung erhält, was für mobile Geräte schlecht ist, da jedes Mal, wenn das Gerät diese Nachricht erhält, die Mailing-App aufwachen muss. Dies kann zu einer unnötigen Entladung der Batterie führen.

    +

    Bearbeiten Sie den Wert

    +

    Konfiguration ändern

    +

    Erstellen Sie eine neue Datei data/conf/dovecot/extra.conf (oder bearbeiten Sie sie, falls sie bereits existiert). +Fügen Sie die Einstellung ein, gefolgt von dem neuen Wert. Um zum Beispiel das Intervall auf 5 Minuten zu setzen, können Sie Folgendes eingeben:

    +
    imap_idle_notify_interval = 5 mins
    +
    +

    29 Minuten ist der maximale Wert, den der entsprechende RFC erlaubt.

    +
    +

    Warning

    +

    Dies ist keine Standardeinstellung in mailcow, da wir nicht wissen, wie diese Einstellung das Verhalten anderer Clients verändert. Seien Sie vorsichtig, wenn Sie dies ändern und ein anderes Verhalten beobachten.

    +
    +

    Dovecot neu laden

    +

    Nun laden Sie Dovecot neu:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    +
    +

    Info

    +

    Sie können den Wert dieser Einstellung überprüfen mit

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    +

    Wenn Sie den Wert nicht geändert haben, sollte er auf 2m stehen. Wenn Sie ihn geändert haben, sollten Sie den neuen Wert sehen.

    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html new file mode 100644 index 000000000..6f702123a --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -0,0 +1,2576 @@ + + + + + + + + + + + + + + + + + + Mail crypt - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mail crypt

    + +
    +

    Achtung

    +

    Die Mails werden komprimiert (lz4) und verschlüsselt gespeichert. Das Schlüsselpaar ist in crypt-vol-1 zu finden.

    +
    +

    Wenn Sie vorhandene maildir-Dateien entschlüsseln/verschlüsseln wollen, können Sie das folgende Skript auf eigene Gefahr verwenden:

    +

    Wechseln Sie in den Dovecot Container, indem Sie folgenden Befehl im mailcow-dockerized Verzeichnis ausführen:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    +
    # Entschlüsseln Sie /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
    +doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" > "/tmp/$(basename "$file")"
    +  if [[ -s "/tmp/$(basename "$file")" ]]; then
    +    chmod 600 "/tmp/$(basename "$file")"
    +    chown 5000:5000 "/tmp/$(basename "$file")"
    +    mv "/tmp/$(basename "$file")" "$file"
    +  else
    +    rm "/tmp/$(basename "$file")"
    +  fi
    +fi
    +done
    +
    +
    +# Verschlüsseln von /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then
    +doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" "$file"
    +  chmod 600 "$file"
    +  chown 5000:5000 "$file"
    +fi
    +done
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-more/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-more/index.html new file mode 100644 index 000000000..471bc4b98 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -0,0 +1,2629 @@ + + + + + + + + + + + + + + + + + + Weitere Beispiele mit DOVEADM - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Weitere Beispiele mit DOVEADM

    + +

    Hier ist nur eine unsortierte Liste von nützlichen doveadm-Befehlen, die nützlich sein könnten.

    +

    doveadm quota

    +

    Die Befehle quota get und quota recalc1 werden verwendet, um die Quota-Nutzung des aktuellen Benutzers anzuzeigen oder neu zu berechnen. Die angezeigten Werte sind in Kilobytes.

    +

    Um den aktuellen Quota-Status für einen Benutzer / eine Mailbox aufzulisten, tun Sie folgendes:

    +
    doveadm quota get -u 'mailbox@example.org'
    +
    +

    Um den Quota-Speicherwert für alle Benutzer aufzulisten, tun Sie folgendes:

    +
    doveadm quota get -A |grep "STORAGE"
    +
    +

    Berechnen Sie die Quota-Nutzung eines einzelnen Benutzers neu:

    +
    doveadm quota recalc -u 'mailbox@example.org'
    +
    + +

    Der Befehl doveadm search2 wird verwendet, um Nachrichten zu finden, die Ihrer Anfrage entsprechen. Er kann den Benutzernamen, die Mailbox-GUID / -UID und die Nachrichten-GUIDs / -UIDs zurückgeben.

    +

    Um die Anzahl der Nachrichten im .Trash Ordner eines Benutzers zu sehen:

    +
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
    +
    +

    Alle Nachrichten im Postfach eines Benutzers anzeigen, die älter als 90 Tage sind:

    +
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
    +
    +

    Zeige alle Nachrichten in beliebigen Ordnern, die älter sind als 30 Tage für mailbox@example.org:

    +
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
    +
    + + +
    +
    + + + Letztes Update: + 2022-02-02 11:37:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html new file mode 100644 index 000000000..5a4ad847c --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -0,0 +1,2618 @@ + + + + + + + + + + + + + + + + + + Öffentliche Ordner - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Öffentliche Ordner

    + +

    Erstellen Sie einen neuen öffentlichen Namespace "Public" und eine Mailbox "Develcow" innerhalb dieses Namespaces:

    +

    Bearbeiten oder erstellen Sie data/conf/dovecot/extra.conf, fügen Sie hinzu:

    +
    namespace {
    +  type = public
    +  separator = /
    +  prefix = Public/
    +  location = maildir:/var/vmail/public:INDEXPVT=~/public
    +  subscriptions = yes
    +  mailbox "Develcow" {
    +    auto = subscribe
    +  }
    +}
    +
    +

    :INDEXPVT=~/public kann weggelassen werden, wenn die Flags, die pro Benutzer gesehen werden, nicht gewünscht sind.

    +

    Die neue Mailbox im öffentlichen Namensraum wird von den Benutzern automatisch abonniert.

    +

    Um allen authentifizierten Benutzern vollen Zugriff auf das neue Postfach (nicht auf den gesamten Namespace) zu gewähren, führen Sie aus:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    +

    Passen Sie den Befehl an Ihre Bedürfnisse an, wenn Sie detailliertere Rechte pro Benutzer vergeben möchten (verwenden Sie z.B. -u user@domain anstelle von -A).

    +

    Erlaube authentifizierten Benutzern den Zugriff auf den gesamten öffentlichen Namespace

    +

    Um allen authentifizierten Benutzern vollen Zugriff auf den gesamten öffentlichen Namespace und seine Unterordner zu gewähren, erstellen Sie eine neue Datei dovecot-acl im Namespace-Stammverzeichnis:

    +

    Öffnen/bearbeiten/erstellen Sie /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (passen Sie den Pfad entsprechend an), um die globale ACL-Datei mit dem folgenden Inhalt zu erstellen:

    +
    authenticated kxeilprwts
    +
    +

    kxeilprwts" ist gleichbedeutend mit "lookup read write write-seen write-deleted insert post delete expunge create".

    +

    Sie können doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read verwenden, um den Zugriff für einen einzelnen Benutzer zu beschränken. Sie können es auch umdrehen und den Zugriff für alle Benutzer auf "lr" beschränken und nur einigen Benutzern vollen Zugriff gewähren.

    +

    Siehe Dovecot ACL für weitere Informationen über ACL.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html new file mode 100644 index 000000000..65e38cdb7 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Statischer Hauptbenutzer - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Statischer Hauptbenutzer

    + +

    Zufällige Master-Benutzernamen und Passwörter werden automatisch bei jedem Neustart von dovecot-mailcow erstellt.

    +

    Das wird empfohlen und sollte nicht geändert werden.

    +

    Wenn der Benutzer trotzdem statisch sein soll, geben Sie bitte zwei Variablen in mailcow.conf an.

    +

    Beide Parameter dürfen nicht leer sein!

    +
    DOVECOT_MASTER_USER=mymasteruser
    +DOVECOT_MASTER_PASS=mysecretpass
    +
    +

    Führen Sie folgenden Befehl aus, um Ihre Änderungen zu übernehmen:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Der statische Master-Benutzername wird zu DOVECOT_MASTER_USER@mailcow.local erweitert.

    +

    Um sich als test@example.org anzumelden, würde dies test@example.org*mymasteruser@mailcow.local mit dem oben angegebenen Passwort entsprechen.

    +

    Eine Anmeldung bei SOGo ist mit diesem Benutzernamen nicht möglich. Für Admins steht eine Click-to-Login-Funktion für SOGo zur Verfügung, wie [hier] beschrieben (https://mailcow.github.io/mailcow-dockerized-docs/debug-admin_login_sogo/) +Es wird kein Hauptbenutzer benötigt.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/2.5/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html new file mode 100644 index 000000000..d0c48f925 --- /dev/null +++ b/2.5/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + Maildir verschieben (vmail) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Maildir verschieben (vmail)

    + +

    Der "neue" Weg

    +
    +

    Warning

    +

    Neuere Docker-Versionen scheinen sich über bestehende Volumes zu beschweren. Man kann dies vorübergehend beheben, indem man das bestehende Volume entfernt und mailcow mit der Override-Datei startet. Aber es scheint nach einem Neustart problematisch zu sein (muss bestätigt werden).

    +
    +

    Ein einfacher, schmutziger, aber stabiler Workaround ist es, mailcow zu stoppen, /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data zu entfernen und einen neuen Link zu Ihrem entfernten Dateisystem zu erstellen, zum Beispiel:

    +
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
    +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
    +
    +

    Starten Sie anschließend mailcow.

    +
    +

    Der "alte" Weg

    +

    Wenn man einen anderen Ordner für das vmail-Volume verwenden möchte, kann man eine docker-compose.override.yml Datei erstellen und den folgenden Inhalt hinzufügen:

    +
    version: '2.1'
    +volumes:
    +  vmail-vol-1:
    +    driver_opts:
    +      type: none
    +      device: /data/mailcow/vmail   
    +      o: bind
    +
    +

    Verschieben eines bestehenden vmail-Ordners:

    +
      +
    • Finden Sie den aktuellen vmail-Ordner anhand seines "Mountpoint"-Attributs: docker volume inspect mailcowdockerized_vmail-vol-1
    • +
    +
    [
    +    {
    +        "CreatedAt": "2019-06-16T22:08:34+02:00",
    +        "Driver": "local",
    +        "Labels": {
    +            "com.docker.compose.project": "mailcowdockerized",
    +            "com.docker.compose.version": "1.23.2",
    +            "com.docker.compose.volume": "vmail-vol-1"
    +        },
    +        "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data",
    +        "Name": "mailcowdockerized_vmail-vol-1",
    +        "Options": null,
    +        "Scope": "local"
    +    }
    +]
    +
    +
      +
    • Kopieren Sie den Inhalt des Mountpoint-Ordners an den neuen Speicherort (z.B. /data/mailcow/vmail) mit cp -a, rsync -a oder einem ähnlichen, nicht strikten Kopierbefehl
    • +
    • Stoppen Sie mailcow durch Ausführen von docker compose down aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized)
    • +
    • Erstellen Sie die Datei docker-compose.override.yml, bearbeiten Sie den Gerätepfad entsprechend
    • +
    • Löschen Sie den aktuellen vmail-Ordner: docker volume rm mailcowdockerized_vmail-vol-1
    • +
    • Starten Sie mailcow durch Ausführen von docker compose up -d aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized)
    • +
    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Nginx/u_e-nginx_custom/index.html b/2.5/de/manual-guides/Nginx/u_e-nginx_custom/index.html new file mode 100644 index 000000000..880abb281 --- /dev/null +++ b/2.5/de/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -0,0 +1,2727 @@ + + + + + + + + + + + + + + + + + + Benutzerdefinierte Seiten - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Benutzerdefinierte Seiten

    + +

    SSL

    +

    Bitte lesen Sie Erweitertes SSL und überprüfen Sie explizit ADDITIONAL_SERVER_NAMES für die SSL-Konfiguration.

    +

    Bitte fügen Sie ADDITIONAL_SERVER_NAMES nicht hinzu, wenn Sie planen, einen anderen Web-Root zu verwenden.

    +

    Neue Website

    +

    Um persistente (über Updates) Sites zu erstellen, die von mailcow: dockerized gehostet werden, muss eine neue Site-Konfiguration in data/conf/nginx/ platziert werden:

    +

    Eine gute Vorlage, um damit zu beginnen:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  # Location: data/web
    +  root /web;
    +  # Location: data/web/mysite.com
    +  #root /web/mysite.com
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name mysite.example.org;
    +  server_tokens off;
    +
    +  # This allows acme to be validated even with a different web root
    +  location ^~ /.well-known/acme-challenge/ {
    +    default_type "text/plain";
    +    rewrite /.well-known/acme-challenge/(.*) /$1 break;
    +    root /web/.well-known/acme-challenge/;
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$server_name$request_uri;
    +  }
    +}
    +
    +

    Neue Website mit Proxy zu einem entfernten Location

    +

    Ein weiteres Beispiel mit einer Reverse-Proxy-Konfiguration:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name example.domain.tld;
    +  server_tokens off;
    +
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$host$request_uri;
    +  }
    +
    +  location / {
    +    proxy_pass http://service:3000/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  }
    +}
    +
    +

    Konfig-Erweiterung in mailcows Nginx

    +

    Der Dateiname, der für eine neue Site verwendet wird, ist nicht wichtig, solange der Dateiname eine .conf-Erweiterung trägt.

    +

    Es ist auch möglich, die Konfiguration der Standarddatei site.conf Datei zu erweitern:

    +
    nano data/conf/nginx/site.my_content.custom
    +
    +

    Dieser Dateiname muss keine ".conf"-Erweiterung haben, sondern folgt dem Muster site.*.custom, wobei * ein eigener Name ist.

    +

    Wenn PHP in eine benutzerdefinierte Site eingebunden werden soll, verwenden Sie bitte den PHP-FPM-Listener auf phpfpm:9002 oder erstellen Sie einen neuen Listener in data/conf/phpfpm/php-fpm.d/pools.conf.

    +

    Starten Sie Nginx neu (und PHP-FPM, falls ein neuer Listener erstellt wurde):

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +docker compose restart php-fpm-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +docker-compose restart php-fpm-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/2.5/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html new file mode 100644 index 000000000..81e293e8e --- /dev/null +++ b/2.5/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -0,0 +1,2586 @@ + + + + + + + + + + + + + + + + + + Subdomäne webmail.example.org erstellen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Subdomäne webmail.example.org erstellen

    + +

    WICHTIG: Diese Anleitung gilt nur für Konfigurationen, bei denen SNI nicht aktiviert ist. Wenn SNI aktiviert ist, muss der Zertifikatspfad angepasst werden. Etwas wie ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; wird genügen. Aber: Das Zertifikat sollte zuerst bezogen werden und erst wenn das Zertifikat existiert, sollte eine Site Config erstellt werden. Nginx wird nicht starten, wenn es das Zertifikat und den Schlüssel nicht finden kann.

    +

    Um eine Subdomain webmail.example.org zu erstellen und sie auf SOGo umzuleiten, müssen Sie eine neue Nginx-Site erstellen. Achten Sie dabei auf "CHANGE_TO_MAILCOW_HOSTNAME"!

    +

    nano data/conf/nginx/webmail.conf

    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name webmail.example.org;
    +  server_tokens off;
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  location / {
    +    return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
    +  }
    +}
    +
    +

    Speichern Sie und starten Sie Nginx neu:

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +
    +
    +
    +
    +

    Öffnen Sie nun mailcow.conf und suchen Sie ADDITIONAL_SAN. +Fügen Sie webmail.example.org zu diesem Array hinzu, verwenden Sie keine Anführungszeichen!

    +
    ADDITIONAL_SAN=webmail.example.org
    +
    +

    Führen Sie den Befehl aus:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Siehe "acme-mailcow" und "nginx-mailcow" Logs, wenn etwas fehlschlägt

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:38:44 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html new file mode 100644 index 000000000..e2bbb0bda --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Maximale Nachrichtengröße (Größe des Anhangs) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Maximale Nachrichtengröße (Größe des Anhangs)

    + +

    Öffnen Sie data/conf/postfix/extra.cf und setzen Sie das message_size_limit entsprechend in Bytes. Siehe main.cf für den Standardwert.

    +

    Starten Sie Postfix neu:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html new file mode 100644 index 000000000..bd9e0b78c --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Benutzerdefinierte Transportmaps - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Benutzerdefinierte Transportmaps

    + +

    Für Transport maps, die nicht in mailcow UI konfiguriert werden, verwenden Sie bitte data/conf/postfix/custom_transport.pcre, um zu verhindern, dass bestehende Maps oder Einstellungen durch Updates überschrieben werden.

    +

    In den meisten Fällen ist die Verwendung dieser Datei nicht notwendig. Bitte vergewissern Sie sich, dass mailcow UI nicht in der Lage ist, den gewünschten Datenverkehr richtig zu routen, bevor Sie diese Datei verwenden.

    +

    Die Datei benötigt gültigen PCRE-Inhalt und kann Postfix zerstören, wenn sie falsch konfiguriert ist.

    + +
    +
    + + + Letztes Update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html new file mode 100644 index 000000000..994a84a38 --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + Überprüfung der Absenderadressen deaktivieren - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Überprüfung der Absenderadressen deaktivieren

    + +

    Neue Anleitung

    +

    Bearbeiten Sie ein Postfach und wählen Sie "Senden als * zulassen".

    +

    Aus historischen Gründen haben wir die alte und veraltete Anleitung unten beibehalten:

    +

    Veraltete Anleitung (NICHT FÜR NEUERE MAILCOWS VERWENDEN!)

    +

    Diese Option ist keine Best-Practice und sollte nur verwendet werden, wenn es keine andere Möglichkeit gibt, das zu erreichen, was Sie erreichen wollen.

    +

    Erstellen Sie einfach eine Datei data/conf/postfix/check_sasl_access und tragen Sie den folgenden Inhalt ein. Dieser Benutzer muss in Ihrer Installation existieren und muss sich vor dem Versenden von Mails authentifizieren. +

    user-to-allow-everything@example.com OK
    +

    +

    Öffnen Sie data/conf/postfix/main.cf und suchen Sie smtpd_sender_restrictions. Fügen Sie check_sasl_access hash:/opt/postfix/conf/check_sasl_access wie folgt ein: +

    smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
    +

    +

    Postmap auf check_sasl_access ausführen:

    +
    +
    +
    +
    docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    +

    Starten Sie den Postfix-Container neu.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html new file mode 100644 index 000000000..0647bcb75 --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -0,0 +1,2548 @@ + + + + + + + + + + + + + + + + + + main.cf anpassen/erweitern - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    main.cf anpassen/erweitern

    + +

    Bitte erstellen Sie eine neue Datei data/conf/postfix/extra.cf für Überschreibungen oder zusätzliche Inhalte zur main.cf.

    +

    Postfix wird sich einmal nach dem Start von postfix-mailcow über doppelte Werte beschweren, dies ist beabsichtigt.

    +

    Syslog-ng wurde so konfiguriert, dass es diese Warnungen ausblendet, während Postfix läuft, um die Log-Dateien nicht jedes Mal mit unnötigen Informationen zu spammen, wenn ein Dienst benutzt wird.

    +

    Starten Sie postfix-mailcow neu, um Ihre Änderungen zu übernehmen:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html new file mode 100644 index 000000000..a0c54d216 --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Statistik mit pflogsumm - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Statistik mit pflogsumm

    + +

    Um pflogsumm mit dem Standard-Logging-Treiber zu verwenden, müssen wir postfix-mailcow über docker logs abfragen und die Ausgabe zu pflogsumm leiten:

    +
    docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
    +
    +

    Die obige Log-Ausgabe ist auf die letzten 24 Stunden beschränkt.

    +

    Es ist auch möglich, einen täglichen pflogsumm-Bericht über cron zu erstellen. Erstellen Sie die Datei /etc/cron.d/pflogsumm mit dem folgenden Inhalt:

    +
    SHELL=/bin/bash
    +59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
    +
    +

    Um zu funktionieren muss ein lokaler Postfix auf dem Server installiert werden, welcher an den Postfix der mailcow relayed.

    +

    Genauere Informationen lassen sich unter Sektion Post-Installationsaufgaben -> Lokaler MTA auf Dockerhost finden.

    +

    Basierend auf den Postfix-Logs der letzten 24 Stunden sendet dieses Beispiel dann jeden Tag um 23:59:00 Uhr einen pflogsumm-Bericht an postmaster@example.net.

    + +
    +
    + + + Letztes Update: + 2022-03-24 11:27:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html new file mode 100644 index 000000000..43974a55d --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + IP in Postscreen auf die Whitelist setzen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    IP in Postscreen auf die Whitelist setzen

    + +

    IPs können in der Datei data/conf/postfix/custom_postscreen_whitelist.cidr aus dem Postscreen und damit auch aus den RBL-Prüfungen entfernt werden.

    +

    Postscreen führt mehrere Prüfungen durch, um bösartige Absender zu identifizieren. In den meisten Fällen möchten Sie eine IP-Adresse auf die Whitelist setzen, um sie von der Suche nach einer schwarzen Liste auszuschließen.

    +

    Das Format der Datei ist wie folgt

    +

    CIDR ACTION

    +

    Dabei steht CIDR für eine einzelne IP-Adresse oder einen IP-Bereich in CIDR-Notation und action entweder für "permit" oder "reject".

    +

    Beispiel:

    +
    # Regeln werden in der angegebenen Reihenfolge ausgewertet.
    +# Schwarze Liste 192.168.* außer 192.168.0.1.
    +192.168.0.1 permit
    +192.168.0.0/16 reject
    +
    +

    Die Datei wird spontan neu geladen, ein Neustart von Postfix ist nicht erforderlich.

    + +
    +
    + + + Letztes Update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html new file mode 100644 index 000000000..eab0b26bd --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html @@ -0,0 +1,2644 @@ + + + + + + + + + + + + + + + + + + Relayhosts - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Relayhosts

    + +

    Seit dem 12. September 2018 können Sie Relayhosts als Admin über die mailcow UI einrichten.

    +

    Dies ist nützlich, wenn Sie ausgehende E-Mails für eine bestimmte Domain an einen Drittanbieter-Spamfilter oder einen Dienst wie Mailgun oder Sendgrid weiterleiten möchten. Dies ist auch bekannt als ein smarthost. +Falls nicht, überprüfen Sie den Fehler und beheben Sie ihn.

    +

    Einen neuen Relayhost hinzufügen

    +

    Gehen Sie auf die Registerkarte "Routing" im Abschnitt "Konfiguration und Details" der mailcow UI. +Hier sehen Sie eine Liste der derzeit eingerichteten Relayhosts.

    +

    Blättern Sie zum Abschnitt "Absenderabhängigen Transport hinzufügen".

    +

    Fügen Sie unter Host den Host hinzu, an den Sie weiterleiten möchten.
    +Beispiel: Wenn Sie Mailgun zum Senden von E-Mails anstelle Ihrer Server-IP verwenden möchten, geben Sie smtp.mailgun.org ein.

    +

    Wenn der Relay-Host zur Authentifizierung einen Benutzernamen und ein Passwort benötigt, geben Sie diese in die entsprechenden Felder ein.
    +Beachten Sie, dass die Anmeldedaten im Klartext gespeichert werden.

    +

    Testen Sie einen Relayhost

    +

    Um zu testen, ob die Verbindung zum Host funktioniert, klicken Sie in der Liste der Relayhosts auf Test und geben Sie eine Von:-Adresse ein. Führen Sie dann den Test aus.

    +

    Sie sehen dann die Ergebnisse der SMTP-Übertragung. Wenn alles klappt, sollten Sie Folgendes sehen: +SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 als eine der letzten Zeilen.

    +

    Ist dies nicht der Fall, überprüfen Sie den angegebenen Fehler und beheben Sie ihn.

    +

    Hinweis: Einige Hosts, insbesondere solche, die keine Authentifizierung verlangen, verweigern Verbindungen von Servern, die nicht zuvor in ihr System aufgenommen wurden. Lesen Sie unbedingt die Dokumentation des Relayhosts, um sicherzustellen, dass Sie Ihre Domain und/oder die Server-IP zu ihrem System hinzugefügt haben.

    +

    Tipp: Sie können die standardmäßige Von:-Adresse, die der Test verwendet, von null@mailcow.email auf eine beliebige E-Mail-Adresse ändern, indem Sie die Variable $RELAY_TO in der Datei vars.inc.php unter /opt/mailcow-dockerized/data/web/inc ändern.
    Auf diese Weise können Sie überprüfen, ob das Relay funktioniert hat, indem Sie das Zielpostfach überprüfen.

    +

    Relayhost für eine Domain festlegen

    +

    Wechseln Sie auf die Registerkarte "Domains" im Abschnitt "E-Mail-Setup" der mailcow UI.

    +

    Bearbeiten Sie die gewünschte Domain.

    +

    Wählen Sie den neu hinzugefügten Host in der Dropdown-Liste "Absenderabhängige Transporte" aus und speichern Sie die Änderungen.

    +

    Senden Sie eine E-Mail von einer Mailbox auf dieser Domain und Sie sollten in den Protokollen sehen, dass Postfix die Nachricht an den Relayhost weiterleitet.

    + +
    +
    + + + Letztes Update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/2.5/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html new file mode 100644 index 000000000..e3576ae7e --- /dev/null +++ b/2.5/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -0,0 +1,2646 @@ + + + + + + + + + + + + + + + + + + Vertrauenswürdige Netzwerke hinzufügen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Vertrauenswürdige Netzwerke hinzufügen

    + +

    Standardmäßig betrachtet mailcow alle Netzwerke als nicht vertrauenswürdig, ausgenommen seine eigenen IPV4_NETWORK und IPV6_NETWORK Bereiche. Obwohl dies in den meisten Fällen vernünftig ist, kann es Umstände geben, unter denen man diese Einschränkung lockern muss.

    +

    Standardmäßig verwendet mailcow mynetworks_style = subnet um interne Subnetze zu bestimmen und lässt mynetworks unkonfiguriert.

    +

    Wenn Sie sich entscheiden, mynetworks zu setzen, ignoriert Postfix die mynetworks_style Einstellung. Das bedeutet, dass Sie die Bereiche IPV4_NETWORK und IPV6_NETWORK sowie die Loopback-Subnetze manuell hinzufügen müssen!

    +

    Unauthentifiziertes Relaying

    +
    +

    Warning

    +

    Eine falsche Einstellung von mynetworks erlaubt es Ihrem Server, als offenes Relay verwendet zu werden. Wenn dies missbraucht wird, beeinträchtigt dies Ihre Fähigkeit, E-Mails zu versenden, und es kann einige Zeit dauern, bis dies behoben ist.

    +
    +

    IPv4-Hosts/Subnetze

    +

    Um das Subnetz 192.168.2.0/24 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK und IPV6_NETWORK Bereichen:

    +

    Bearbeiten Sie data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
    +
    +

    Führen Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

    +

    IPv6-Hosts/Subnets

    +

    Das Hinzufügen von IPv6-Hosts erfolgt auf die gleiche Weise wie bei IPv4, allerdings muss das Subnetz in eckige Klammern [] gesetzt und die Netzmaske angehängt werden.

    +

    Um das Subnetz 2001:db8::/32 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK- und IPV6_NETWORK-Bereichen:

    +

    Bearbeiten Sie data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
    +
    +

    Führen Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

    +
    +

    Info

    +

    Weitere Informationen über mynetworks finden Sie in der Postfix-Dokumentation.

    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Redis/u_e-redis/index.html b/2.5/de/manual-guides/Redis/u_e-redis/index.html new file mode 100644 index 000000000..d1c51989b --- /dev/null +++ b/2.5/de/manual-guides/Redis/u_e-redis/index.html @@ -0,0 +1,2710 @@ + + + + + + + + + + + + + + + + + + Redis - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Redis

    + +

    Redis wird als Key-Value-Speicher für die Einstellungen und Daten von rspamd und (einige von) mailcow verwendet. Wenn Sie mit Redis nicht vertraut sind, lesen Sie bitte die Einführung in Redis und besuchen Sie gegebenenfalls diese wunderbare Anleitung, um zu erfahren, wie man Redis benutzt.

    +

    Client

    +

    Um sich mit dem redis cli zu verbinden, führen Sie aus:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Fehlersuche

    +

    Hier sind einige nützliche Befehle für den redis-cli zur Fehlersuche:

    +
    MONITOR
    +

    Überwacht alle vom Server empfangenen Anfragen in Echtzeit:

    +
    +
    +
    +
    #docker compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    #docker-compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    +
    SCHLÜSSEL (Keys)
    +

    Ermittelt alle Schlüssel, die dem Muster entsprechen:

    +
    KEYS *
    +
    +
    PING
    +

    Testen Sie eine Verbindung:

    +
    127.0.0.1:6379> PING
    +PONG
    +
    +

    Wenn Sie mehr wissen wollen, hier ist ein Cheat-Sheet.

    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Rspamd/u_e-rspamd/index.html b/2.5/de/manual-guides/Rspamd/u_e-rspamd/index.html new file mode 100644 index 000000000..041a0cc77 --- /dev/null +++ b/2.5/de/manual-guides/Rspamd/u_e-rspamd/index.html @@ -0,0 +1,3022 @@ + + + + + + + + + + + + + + + + + + Rspamd - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Rspamd

    + +

    Rspamd wird für die AV-Verarbeitung, DKIM-Signierung und SPAM-Verarbeitung verwendet. Es ist ein leistungsfähiges und schnelles Filtersystem. Für eine ausführlichere Dokumentation über Rspamd besuchen Sie bitte die [Rspamd Dokumentation] (https://rspamd.com/doc/index.html).

    +

    Spam & Ham lernen

    +

    Rspamd lernt, ob es sich um Spam oder Ham handelt, wenn Sie eine Nachricht in oder aus dem Junk-Ordner in ein anderes Postfach als den Papierkorb verschieben. +Dies wird durch die Verwendung des Sieve-Plugins "sieve_imapsieve" und Parser-Skripte erreicht.

    +

    Rspamd liest auch automatisch Mails, wenn eine hohe oder niedrige Punktzahl erkannt wird (siehe https://rspamd.com/doc/configuration/statistic.html#autolearning). Wir haben das Plugin so konfiguriert, dass es ein vernünftiges Verhältnis zwischen Spam- und Ham-Learnings beibehält.

    +

    Die Bayes-Statistiken werden in Redis als Schlüssel BAYES_HAM und BAYES_SPAM gespeichert.

    +

    Neben Bayes wird ein lokaler Fuzzy-Speicher verwendet, um wiederkehrende Muster in Texten oder Bildern zu lernen, die auf Ham oder Spam hinweisen.

    +

    Sie können auch die Web-UI von Rspamd verwenden, um Ham und/oder Spam zu lernen oder bestimmte Einstellungen von Rspamd anzupassen.

    +

    Spam oder Ham aus bestehendem Verzeichnis lernen

    +

    Sie können einen Einzeiler verwenden, um Mails im Klartextformat (unkomprimiert) zu lernen:

    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    +

    Erwägen Sie, einen lokalen Ordner als neues Volume an rspamd-mailcow in docker-compose.yml anzuhängen und die gegebenen Dateien innerhalb des Containers zu lernen. Dies kann als Workaround verwendet werden, um komprimierte Daten mit zcat zu parsen. Beispiel:

    +

    ``bash +for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done +

    ### Gelernte Daten zurücksetzen (Bayes, Neural)
    +
    +Sie müssen die Schlüssel in Redis löschen, um die gelernten Daten zurückzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank:
    +
    +**Backup Datenbank**
    +
    +```bash
    +# Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren.
    +cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
    +

    +

    Bayes-Daten zurücksetzen

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Neurale Daten zurücksetzen

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Fuzzy-Daten zurücksetzen

    +
    +
    +
    +
    # Wir müssen zuerst das redis-cli eingeben:
    +docker compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    # Wir müssen zuerst das redis-cli eingeben:
    +docker-compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    +

    Info

    +

    Wenn redis-cli sich beschwert über...

    +
    (error) ERR wrong number of arguments for 'del' command
    +
    +

    ...das Schlüsselmuster nicht gefunden wurde und somit keine Daten zum Löschen vorhanden sind - ist es in Ordnung.

    +

    CLI-Werkzeuge

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamc --help
    +docker compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamc --help
    +docker-compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    +

    Greylisting deaktivieren

    +

    Nur Nachrichten mit einer höheren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren.

    +

    Sie können Greylisting serverweit durch Editieren deaktivieren:

    +

    {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

    +

    Fügen Sie die Zeile hinzu:

    +
    enabled = false;
    +
    +

    Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Spamfilter-Schwellenwerte (global)

    +

    Jeder Benutzer kann seine Spam-Bewertung individuell ändern. Um eine neue serverweite Grenze zu definieren, editieren Sie data/conf/rspamd/local.d/actions.conf:

    +
    reject = 15;
    +add_header = 8;
    +greylist = 7;
    +
    +

    Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Bestehende Einstellungen der Benutzer werden nicht überschrieben!

    +

    Um benutzerdefinierte Schwellenwerte zurückzusetzen, führen Sie aus:

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# oder:
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# oder:
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    +

    Benutzerdefinierte Ablehnungsnachrichten

    +

    Die Standard-Spam-Reject-Meldung kann durch Hinzufügen einer neuen Datei data/conf/rspamd/override.d/worker-proxy.custom.inc mit dem folgenden Inhalt geändert werden:

    +
    reject_message = "Meine eigene Ablehnungsnachricht";
    +
    +

    Speichern Sie die Datei und starten Sie Rspamd neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Waehrend das oben genannte fuer abgelehnte Mails mit einem hohen Spam-Score funktioniert, ignorieren Prefilter-Aktionen diese Einstellung. Für diese Karten muss das Multimap-Modul in Rspamd angepasst werden:

    +
      +
    1. +

      Finden Sie das Prefilet-Reject-Symbol, für das Sie die Nachricht ändern wollen, führen Sie dazu aus: grep -R "SYMBOL_YOU_WANT_TO_ADJUST" /opt/mailcow-dockerized/data/conf/rspamd/

      +
    2. +
    3. +

      Fügen Sie Ihre eigene Nachricht als neue Zeile hinzu:

      +
    4. +
    +
    GLOBAL_RCPT_BL {
    +  Typ = "rcpt";
    +  map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
    +  regexp = true;
    +  prefilter = true;
    +  action = "reject";
    +  message = "Der Versand von E-Mails an diesen Empfänger ist durch postmaster@your.domain verboten";
    +}
    +
    +
      +
    1. Speichern Sie die Datei und starten Sie Rspamd neu:
    2. +
    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Verwerfen statt zurückweisen

    +

    Wenn Sie eine Nachricht stillschweigend verwerfen wollen, erstellen oder bearbeiten Sie die Datei data/conf/rspamd/override.d/worker-proxy.custom.inc und fügen Sie den folgenden Inhalt hinzu:

    +
    discard_on_reject = true;
    +
    +

    Starten Sie Rspamd neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Lösche alle Ratelimit-Schlüssel

    +

    Wenn Sie das UI nicht verwenden wollen und stattdessen alle Schlüssel in der Redis-Datenbank löschen wollen, können Sie redis-cli für diese Aufgabe verwenden:

    +
    +
    +
    +
    docker compose exec redis-mailcow sh
    +# Unlink (verfügbar in Redis >=4.) löscht im Hintergrund
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh
    +# Unlink (verfügbar in Redis >=4.) löscht im Hintergrund
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    +

    Starten Sie Rspamd neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Erneutes Senden von Quarantäne-Benachrichtigungen auslösen

    +

    Sollte nur zur Fehlersuche verwendet werden!

    +
    +
    +
    +
    docker compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    +

    Speicherung der Historie erhöhen

    +

    Standardmäßig speichert Rspamd 1000 Elemente in der Historie.

    +

    Die Historie wird komprimiert gespeichert.

    +

    Es wird empfohlen, hier keinen unverhältnismäßig hohen Wert zu verwenden, probieren Sie etwas in der Größenordnung von 5000 oder 10000 und sehen Sie, wie Ihr Server damit umgeht:

    +

    Bearbeiten Sie data/conf/rspamd/local.d/history_redis.conf:

    +
    nrows = 1000; # Ändern Sie diesen Wert
    +
    +

    Starten Sie anschließend Rspamd neu:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/SOGo/u_e-sogo/index.html b/2.5/de/manual-guides/SOGo/u_e-sogo/index.html new file mode 100644 index 000000000..c12e56afa --- /dev/null +++ b/2.5/de/manual-guides/SOGo/u_e-sogo/index.html @@ -0,0 +1,2754 @@ + + + + + + + + + + + + + + + + + + SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    SOGo

    + +

    SOGo wird verwendet, um über einen Webbrowser auf Ihre Mails zuzugreifen und Ihre Kontakte oder Kalender hinzuzufügen und zu teilen. Für eine ausführlichere Dokumentation zu SOGo besuchen Sie bitte die [eigene Dokumentation] (http://wiki.sogo.nu/).

    +

    Benutzerdefiniertes SOGo-Thema (CSS) anwenden

    +

    mailcow-Builds nach dem 28. Januar 2021 können das CSS-Thema von SOGo ändern, indem sie data/conf/sogo/custom-theme.js bearbeiten. +Bitte schauen Sie sich die AngularJS Material intro und documentation sowie die material style guideline an, um zu erfahren, wie das funktioniert.

    +

    Sie können die mitgelieferte custom-theme.js als Beispiel verwenden, indem Sie die Kommentare entfernen. +Nachdem Sie data/conf/sogo/custom-theme.js modifiziert und Änderungen an Ihrem neuen SOGo-Theme vorgenommen haben, müssen Sie

    +
      +
    1. Bearbeiten Sie data/conf/sogo/sogo.conf und fügen Sie SOGoUIxDebugEnabled = YES; ein.
    2. +
    3. SOGo und Memcached Container neu starten, indem man docker compose restart memcached-mailcow sogo-mailcow ausführt.
    4. +
    5. SOGo im Browser öffnen
    6. +
    7. öffnen Sie die Entwicklerkonsole des Browsers, normalerweise ist die Tastenkombination F12
    8. +
    9. nur wenn Sie Firefox benutzen: schreiben Sie mit der Hand in die Entwicklerkonsole allow pasting und drücken Sie Enter
    10. +
    11. fügen Sie den Java-Script-Schnipsel in die Entwicklungskonsole ein: +
      copy([].slice.call(document.styleSheets)
      +  .map(e => e.ownerNode)
      +  .filter(e => e.hasAttribute('md-theme-style'))
      +  .map(e => e.textInhalt)
      +  .join('\n')
      +)
      +
    12. +
    13. Öffnen Sie den Texteditor und fügen Sie die Daten aus der Zwischenablage ein (Strg+V), Sie sollten ein minimiertes CSS erhalten, speichern Sie es
    14. +
    15. kopieren Sie die CSS-Datei auf den Mailcow-Server data/conf/sogo/custom-theme.css
    16. +
    17. editiere data/conf/sogo/sogo.conf und setze SOGoUIxDebugEnabled = NO;
    18. +
    19. Anhängen/Erstellen von docker-compose.override.yml mit: +
      Version: '2.1'
      +
      +Dienste:
      +  sogo-mailcow:
      +    volumes:
      +      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    20. +
    21. führen Sie docker compose up -d aus
    22. +
    23. Ausführen von docker compose restart memcached-mailcow
    24. +
    +

    Zurücksetzen auf das SOGo Standardthema

    +
      +
    1. checken Sie data/conf/sogo/custom-theme.js aus, indem Sie git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js ausführen
    2. +
    3. Suchen Sie in data/conf/sogo/custom-theme.js: +
      // Neue Paletten auf das Standardthema anwenden, einige Farbtöne neu zuordnen
      +    $mdThemingProvider.theme('default')
      +      .primaryPalette('green-cow', {
      +        'default': '400', // Hintergrundfarbe der oberen Symbolleisten
      +        hue-1': '400',
      +        'hue-2': '600', // Hintergrundfarbe der Seitenleiste
      +        'hue-3': 'A700'
      +      })
      +      .accentPalette('green', {
      +        'default': '600', // Hintergrundfarbe der Fab-Schaltflächen und des Anmeldebildschirms
      +        hue-1': '300', // Hintergrundfarbe der Symbolleiste der mittleren Liste
      +        hue-2': '300', // Hervorhebungsfarbe für ausgewählte Nachrichten und den aktuellen Tageskalender
      +        hue-3': 'A700'
      +      })
      +      .backgroundPalette('frost-grey');
      +
      +und ersetzen Sie es durch: +
          $mdThemingProvider.theme('default');
      +
    4. +
    5. Entfernen Sie aus docker-compose.override.yml Volume Mount in sogo-mailcow: +
      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    6. +
    7. führen Sie docker compose up -d aus
    8. +
    9. Starten Sie docker compose restart memcached-mailcow.
    10. +
    +

    Favicon ändern

    +

    mailcow-Builds nach dem 31. Januar 2021 können SOGo's Favicon ändern, indem sie data/conf/sogo/custom-favicon.ico für SOGo und data/web/favicon.png für mailcow UI ersetzen. +Anmerkung: Sie können .png Favicons für SOGo verwenden, indem Sie sie in custom-favicon.ico umbenennen. +Für beide, SOGo und mailcow UI Favicons, müssen Sie eine der Standardgrößen verwenden: 16x16, 32x32, 64x64, 128x128 und 256x256. +Nachdem Sie diese Datei ersetzt haben, müssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausführen.

    +

    Logo ändern

    +

    Mailcow-Builds nach dem 21. Dezember 2018 können das SOGo-Logo ändern, indem sie die Datei data/conf/sogo/sogo-full.svg ersetzen oder erstellen (falls sie fehlt). +Nachdem Sie diese Datei ersetzt haben, müssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausführen.

    +

    Domains verbinden (untereinander sichtbar machen)

    +

    Domains sind normalerweise voneinander isoliert.

    +

    Sie können das ändern, indem Sie data/conf/sogo/sogo.conf modifizieren:

    +

    Suche... +

       // SOGoDomainsVisibility = (
    +    // (domain1.tld, domain5.tld),
    +    // (domain3.tld, domain2.tld)
    +    // );
    +
    +...und ersetzen Sie diese durch - zum Beispiel:

    +
        SOGoDomainsVisibility = (
    +      (beispiel.org, beispiel.com, beispiel.net)
    +    );
    +
    +

    SOGo neu starten: docker compose restart sogo-mailcow

    +

    Deaktivieren Sie die Passwortänderung

    +

    Bearbeiten Sie data/conf/sogo/sogo.conf und ändern Sie SOGoPasswordChangeEnabled auf NO. Bitte fügen Sie keinen neuen Parameter hinzu.

    +

    Führen Sie docker compose restart memcached-mailcow sogo-mailcow aus, um die Änderungen zu aktivieren.

    +

    TOTP zurücksetzen / TOTP deaktivieren

    +

    Führen Sie docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}' aus dem mailcow Verzeichnis aus.

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Unbound/u_e-unbound-fwd/index.html b/2.5/de/manual-guides/Unbound/u_e-unbound-fwd/index.html new file mode 100644 index 000000000..d980d4b4b --- /dev/null +++ b/2.5/de/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -0,0 +1,2641 @@ + + + + + + + + + + + + + + + + + + Verwendung eines externen DNS-Dienstes - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Verwendung eines externen DNS-Dienstes

    + +

    Wenn Sie einen externen DNS-Dienst verwenden wollen oder müssen, können Sie entweder einen Forwarder in Unbound einstellen oder eine Override-Datei kopieren, um externe DNS-Server zu definieren:

    +
    +

    Warnung

    +

    Bitte verwenden Sie keinen öffentlichen Resolver, wie wir es im obigen Beispiel getan haben. Viele - wenn nicht sogar alle - Blacklist-Lookups werden mit öffentlichen Resolvern fehlschlagen, da der Blacklist-Server Grenzen hat, wie viele Anfragen von einer IP gestellt werden können und öffentliche Resolver diese Grenzen normalerweise erreichen.
    +Wichtig: Nur DNSSEC-validierende DNS-Dienste werden funktionieren.

    +
    +

    Methode A, Unbound

    +

    Bearbeiten Sie data/conf/unbound/unbound.conf und fügen Sie die folgenden Parameter hinzu:

    +
    forward-zone:
    +  name: "."
    +  forward-addr: 8.8.8.8 # VERWENDEN SIE KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL
    +  forward-addr: 8.8.4.4 # VERWENDET KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL
    +
    +

    Unbound neu starten:

    +
    +
    +
    +
      docker compose restart unbound-mailcow
    +
    +
    +
    +
      docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    Methode B, Überschreiben der Datei

    +
    cd /opt/mailcow-dockerized
    +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
    +
    +

    Bearbeiten Sie docker-compose.override.yml und passen Sie die IP an.

    +

    Stoppen und starten Sie bitte im Anschluss noch den Docker Stack:

    +
    +
    +
    +
      docker compose down
    +  docker compose up -d
    +
    +
    +
    +
      docker-compose down
    +  docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-12-31 11:42:41 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/2.5/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html new file mode 100644 index 000000000..13d897697 --- /dev/null +++ b/2.5/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -0,0 +1,2889 @@ + + + + + + + + + + + + + + + + + + Thresholds - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Thresholds

    + +

    Watchdog verwendet Standardwerte für alle in docker-compose.yml definierten Thresholde.

    +

    Die Standardwerte sind für die meisten Konfigurationen geeignet. +Beispiel: +

    - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
    +- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
    +- REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
    +- MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
    +- MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
    +- SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
    +- POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
    +- CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
    +- DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
    +- DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
    +- PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
    +- RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
    +- FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
    +- ACME_THRESHOLD=${ACME_THRESHOLD:-1}
    +- RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
    +- OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
    +- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
    +- MAILQ_CRIT=${MAILQ_CRIT:-30}
    +

    +

    Um sie anzupassen, fügen Sie einfach die notwendigen Threshold Variablen (z.B. MAILQ_THRESHOLD=10) zu mailcow.conf hinzu und führen docker compose up -d aus.

    +

    Threshold Beschreibungen

    +

    NGINX_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Nginx auf Port 8081 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.

    +

    UNBOUND_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn Unbound externe Domänen/DNSSEC nicht auflösen/überprüfen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    REDIS_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu Redis auf Port 6379 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    MYSQL_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu MySQL herstellen kann oder eine Tabelle nicht abfragen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.

    +

    MYSQL_REPLICATION_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn die MySQL-Replikation fehlschlägt.

    +

    SOGO_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu SOGo auf Port 20000 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    POSTFIX_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn watchdog keine Testmail über Port 589 senden kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    CLAMD_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Clamd herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.

    +

    DOVECOT_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn watchdog bei verschiedenen Tests mit dem Dovecot-Container fehlschlägt. Der Container wird automatisch neu gestartet, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    DOVECOT_REPL_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn die Dovecot-Replikation fehlschlägt.

    +

    PHPFPM_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu PHP-FPM auf Port 9001/9002 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    RATELIMIT_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn ein Ratelimit erreicht wurde.

    +

    FAIL2BAN_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn ein fail2ban eine IP gesperrt hat.

    +

    ACME_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn etwas mit dem acme-mailcow-Container nicht in Ordnung ist. Sie können dessen Logs überprüfen.

    +

    RSPAMD_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn Watchdog bei verschiedenen Tests mit dem Rspamd-Container fehlschlägt und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.

    +

    OLEFY_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu olefy auf Port 10005 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.

    +

    MAILQ_CRIT und MAILQ_THRESHOLD

    +

    Benachrichtigt Administratoren, wenn die Anzahl der E-Mails in der Postfix-Warteschlange größer ist als MAILQ_CRIT für einen Zeitraum von MAILQ_THRESHOLD * (60±30) Sekunden.

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html new file mode 100644 index 000000000..058d651c2 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Blacklist / Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Blacklist / Whitelist

    + +

    Um einen Eintrag zu Ihrer domainübergreifenden Filtertabelle hinzuzufügen oder zu bearbeiten, loggen Sie sich als (Domain-)Administrator in Ihre mailcow UI ein und wechseln Sie zu: +Konfiguration > E-Mail-Setup > Domains > (Domain) Bearbeiten > Spamfilter.

    +

    Black- und Whitelist Konfiguration

    +
    +

    Info

    +

    Seien Sie sich bewusst, dass ein Benutzer diese Einstellung überschreiben kann, indem er seine eigene Black- und Whitelist setzt!

    +
    +

    Es ist auch eine globale Filtertabelle in Konfiguration > Server-Konfiguration > Globale Filter-Maps verfügbar, um einen serverübergreifenden Filter für ein oder mehrere Regex-Maps zu konfigurieren (Todo: Screenshots).

    + +
    +
    + + + Letztes Update: + 2022-06-08 16:05:30 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html new file mode 100644 index 000000000..b39c99098 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Konfiguration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Konfiguration

    + +

    Mehrere Konfigurationsparameter der mailcow-Benutzeroberfläche können geändert werden, indem eine Datei data/web/inc/vars.local.inc.php erstellt wird, die die Standardeinstellungen in data/web/inc/vars.inc.php überschreibt.

    +

    Die lokale Konfigurationsdatei ist über Updates von mailcow hinweg beständig. Versuchen Sie nicht, die Werte in data/web/inc/vars.inc.php zu ändern, sondern verwenden Sie diese als Vorlage für die lokale Überschreibung.

    +

    mailcow UI Konfigurationsparameter können verwendet werden, um...

    +
      +
    • ...die Standardsprache zu ändern1
    • +
    • ...das Standard-Bootstrap-Theme zu ändern
    • +
    • ...eine Passwort-Komplexitäts-Regex zu setzen
    • +
    • ...die Sichtbarkeit des privaten DKIM-Schlüssels aktivieren
    • +
    • ...eine Größe für den Paginierungsauslöser festlegen
    • +
    • ...Standard-Postfach-Attribute festlegen
    • +
    • ...Sitzungs-Lebensdauern ändern
    • +
    • ...feste App-Menüs erstellen (die nicht in der mailcow UI geändert werden können)
    • +
    • ...ein Standard "To"-Feld für Relayhost-Tests einstellen
    • +
    • ...ein Timeout für Docker API Anfragen setzen
    • +
    • ...IP-Anonymisierung umschalten
    • +
    +
    +
    +
      +
    1. +

      Um SOGos Standardsprache zu ändern, müssen Sie data/conf/sogo/sogo.conf bearbeiten und "English" durch Ihre bevorzugte Sprache ersetzen. 

      +
    2. +
    +
    + +
    +
    + + + Letztes Update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html new file mode 100644 index 000000000..d9f328d4c --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + CSS-Überschreibungen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CSS-Überschreibungen

    + +

    Für benutzerdefinierte Überschreibungen bestimmter Elemente über CSS, verwenden Sie die data/web/css/build/0081-custom-mailcow.css Datei.

    +

    Die Datei wird von der Verfolgung (via Git) ausgeschlossen und bleibt bei Aktualisierungen erhalten.

    + +
    +
    + + + Letztes Update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html new file mode 100644 index 000000000..c41c59b5f --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html @@ -0,0 +1,2619 @@ + + + + + + + + + + + + + + + + + + WebAuthn / FIDO2 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    WebAuthn / FIDO2

    + +

    Wie wird UV in mailcow gehandhabt?

    +

    Das UV-Flag (wie in "user verification") erzwingt, dass WebAuthn den Benutzer verifiziert, bevor es den Zugriff auf den Schlüssel erlaubt (denken Sie an eine PIN). Wir erzwingen keine UV, um Logins über iOS und NFC (YubiKey) zu ermöglichen.

    +

    Login und Schlüssel-Verarbeitung

    +

    mailcow verwendet Client-seitige Schlüsselverarbeitung. Wir bitten den Authentifikator (d.h. YubiKey), die Registrierung in seinem Speicher zu speichern.

    +

    Ein Benutzer muss keinen Benutzernamen eingeben. Die verfügbaren Anmeldedaten - falls vorhanden - werden dem Nutzer angezeigt, wenn er den "Schlüssel-Login" über das Mailcow UI Login auswählt.

    +

    Beim Aufruf des Login-Prozesses werden dem Authentifikator keine Credential-IDs übergeben. Dies wird ihn dazu zwingen, die Anmeldeinformationen in seinem eigenen Speicher zu suchen.

    +

    Wer kann WebAuthn benutzen, um sich bei mailcow anzumelden?

    +

    Ab heute sind nur Administratoren und Domain-Administratoren in der Lage, WebAuthn/FIDO2 einzurichten.

    +
    +

    Sie wollen WebAuthn/Fido als 2FA verwenden? Schauen Sie sich das hier an: Zwei-Faktoren-Authentifizierung

    + +
    +
    + + + Letztes Update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html new file mode 100644 index 000000000..be98adc5d --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Netfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Netfilter

    + +

    Netfilter Ban-Einstellungen ändern

    +

    Um die Netfilter Ban-Einstellungen zu ändern navigieren Sie zu dem Menü Punkt: Konfiguration -> Server-Konfiguration -> Konfiguration -> Fail2ban-Parameter.

    +

    Sie sollten dann dieses Fenster sehen:

    +

    Netfilter ban settings

    +

    Hier können Sie verschiedene Optionen für die Banns selbst festlegen. +Zum Beispiel die max. Ban-Zeit oder die max. Versuche bevor ein Ban ausgeführt wird.

    +

    Netfilter Regex ändern

    +
    +

    Achtung

    +

    Folgender Bereich erfordert zumindest grundlegende Regex kenntnisse.
    +Sollten Sie sich nicht sicher sein, was Sie dort tun, können wir Ihnen nur von der Umkonfiguration abraten.

    +
    +

    Sie können neben den Sperreinstellungen ebenfalls definieren, was genau aus den Logs der mailcow Container verwendet werden soll um einen möglichen Angreifer zu sperren.

    +

    Dafür müssen Sie das Regex Feld erst einmal aufklappen, was dann in etwa so aussieht:

    +

    Netfilter Regex

    +

    Dort können Sie nun verschiedenste neue Filter-Regeln anlegen.

    +
    +

    Hinweis

    +

    Mit weiterschreitenden Updates ist es möglich, dass neue Netfilter Regex Regeln dazu kommen oder entfernt werden.
    +Sollte das der Fall sein empfiehlt es sich mit einem Klick auf Zurücksetzen auf Standard die Netfilter Regex Regeln neu laden zu lassen.

    +
    + +
    +
    + + + Letztes Update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html new file mode 100644 index 000000000..1392bbda9 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Pushover - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Pushover

    + +
    +

    Info

    +

    Pushover macht es einfach, Echtzeit-Benachrichtigungen auf Ihrem Android, iPhone, iPad und Desktop zu erhalten

    +
    +

    Sie können Pushover verwenden, um eine Push-Benachrichtigung über jede E-Mail zu erhalten, die Sie für jede Mailbox erhalten, in der Sie diese Funktion aktiviert haben.

    +

    1. Öffnen Sie als Administrator die Einstellungen Ihres Postfachs und scrollen Sie nach unten zu den Pushover-Einstellungen

    +

    2. Registrieren Sie sich bei Pushover

    +

    3. Geben Sie Ihren "Benutzerschlüssel" in das Feld "Benutzer-/Gruppenschlüssel" in den Einstellungen Ihres Postfachs ein

    +

    4. Erstellen Sie eine Anwendung, um das API-Token/den API-Schlüssel zu erhalten, das/den Sie ebenfalls in Ihre Postfacheinstellungen eintragen müssen.

    +

    5. Optional können Sie den Titel/Text der Benachrichtigung bearbeiten und bestimmte Absender-E-Mail-Adressen festlegen, bei denen eine Push-Benachrichtigung ausgelöst wird

    +

    6. Speichern Sie alles und überprüfen Sie dann Ihre Anmeldedaten.

    +

    Wenn alles erledigt ist, können Sie testen, ob Sie eine E-Mail senden können, und Sie erhalten eine Push-Nachricht auf Ihrem Telefon

    + +
    +
    + + + Letztes Update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html new file mode 100644 index 000000000..4a3cc1cb9 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Temporäre E-Mail-Aliase - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Temporäre E-Mail-Aliase

    + +

    Diese temporären E-Mail-Aliasnamen werden meist dort verwendet, wo wir eine E-Mail-Adresse angeben müssen, aber keine weitere E-Mails wünschen. Sie werden auch Spam-Alias genannt.

    +

    Um ein temporäres E-Mail-Alias zu erstellen, zu löschen oder zu erweitern, müssen Sie sich in mailcow's UI als Mailbox-Nutzer anmelden und zum Reiter Temporäre E-Mail-Aliase navigieren:

    +

    Wie man Spam- oder temporäre E-Mail-Aliase in mailcow einrichtet

    + +
    +
    + + + Letztes Update: + 2022-02-01 11:25:58 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html new file mode 100644 index 000000000..b49e92157 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + Spamfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Spamfilter

    + +

    Ein Mailbox-Nutzer kann den Spam-Filter und die Black-/Whitelist-Einstellungen für seine Mailbox individuell anpassen, indem er zum Reiter Spam-Filter in der Mailcow-Benutzeroberfläche navigiert.

    +

    Wo man die Spam-, Black- und Whitelist-Einstellungen des Benutzers anpasst

    +
    +

    Info

    +

    Für globale Einstellungen Ihres Spamfilters lesen Sie bitte unseren Abschnitt über Rspamd. +Für eine domainweite Black- und Whitelist lesen Sie bitte unsere Anleitung zu Black / Whitelist

    +
    + +
    +
    + + + Letztes Update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html new file mode 100644 index 000000000..fe4fc701b --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html @@ -0,0 +1,2602 @@ + + + + + + + + + + + + + + + + + + Sub-Adressierung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sub-Adressierung

    + +

    Mailbox-Nutzer können ihre Mailadresse wie in "me+facebook@example.org" markieren. Sie können die Tag-Behandlung im mailcow UI Panel (für den Benutzer) unter Mailbox > Einstellungen kontrollieren. +mailcow mail tagging settings

    +

    Sub-Adressierung (RFC 5233) oder Plus-Adressierung auch als Tagging bekannt (nicht zu verwechseln mit Tags)

    +

    Verfügbare Aktionen

    +

    1. Diese Nachricht in einen Unterordner "facebook" verschieben (wird in Kleinbuchstaben erstellt, falls nicht vorhanden)

    +

    2. Den Tag dem Betreff voranstellen: "[facebook] Betreff"

    +

    Bitte beachten Sie: Großgeschriebene Tags werden in Kleinbuchstaben umgewandelt, mit Ausnahme des ersten Buchstabens. Wenn Sie den Tag so lassen wollen, wie er ist, wenden Sie bitte den folgenden Diff an und starten Sie mailcow neu: +

    diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
    +index e047136e..933c4137 100644
    +--- a/data/conf/dovecot/global_sieve_after
    ++++ b/data/conf/dovecot/global_sieve_after
    +@@ -15,7 +15,7 @@ if allof (
    +   envelope :detail :matches "to" "*",
    +   header :contains "X-Moo-Tag" "YES"
    +   ) {
    +-  set :lower :upperfirst "tag" "${1}";
    ++  set "tag" "${1}";
    +   if mailboxexists "INBOX/${1}" {
    +     fileinto "INBOX/${1}";
    +   } else {
    +

    + +
    +
    + + + Letztes Update: + 2022-05-05 21:53:01 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html new file mode 100644 index 000000000..4e74c74a3 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html @@ -0,0 +1,2642 @@ + + + + + + + + + + + + + + + + + + Tags (für Domains und Mailboxen) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Tags (für Domains und Mailboxen)

    + +
    +

    Hinweis

    +

    Um diese Funktion nutzen zu können ist das Update 2022-05 (oder höher) erforderlich!
    +Sollten Sie das Update nicht installiert haben, denken Sie bitte über ein Update nach.
    +Für weitere Informationen bezüglich dem Update Prozess schauen Sie hier.

    +
    +

    Wofür wurden die Tags implementiert?

    +

    Mit den Tags ist es deutlich einfacher gezielt nach Domains bzw. Mailboxen zu suchen (wenn diese einen Tag haben).

    +

    Wo lassen sich die Tags finden?

    +

    Die Tags befinden sich in der Domain/Mailbox Sektion der mailcow UI. +Um sie zu sehen, klicken Sie einfach auf das kleine Plus-Symbol auf der linken Seite Ihrer Domain/Mailbox (das folgende Bild zeigt das Domain-Ribbon-Menü): +Domain/Mailbox Tags Ribbon

    +

    Wie kann ich ein Tag hinzufügen/entfernen?

    +

    Sie können bei der Erstellung einer neuen Domain/eines neuen Postfachs einfach ein Tag hinzufügen/entfernen. Sie können sie auch hinzufügen/entfernen, wenn Sie Ihre gewünschte Domain/Mailbox bearbeiten.

    +

    Es sieht ähnlich aus wie hier (das folgende Bild zeigt den Bereich zur Bearbeitung der Domäne):

    +

    Domain/Mailbox Tags

    +

    Wie kann ich nach einem Tag suchen?

    +

    Geben Sie einfach den Tag-Namen in die Suchleiste im Bereich Domain/Postfach ein und warten Sie, bis der Vorgang abgeschlossen ist.

    +

    Sie können sogar angeben, ob Sie nur nach Tags suchen möchten.

    + +
    +
    + + + Letztes Update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html new file mode 100644 index 000000000..edc453800 --- /dev/null +++ b/2.5/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html @@ -0,0 +1,2816 @@ + + + + + + + + + + + + + + + + + + Zwei-Faktoren-Authentifizierung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Zwei-Faktoren-Authentifizierung

    + +

    Bislang sind drei Methoden für die Zwei-Faktor-Authentifizierung implementiert: WebAuthn (ersetzt seit Februar 2022 U2F), Yubi OTP und TOTP

    +
      +
    • Damit WebAuthn funktioniert, benötigen Sie eine verschlüsselte Verbindung zum Server (HTTPS) sowie einen FIDO-Sicherheitsschlüssel.
    • +
    • Sowohl WebAuthn als auch Yubi OTP funktionieren gut mit dem fantastischen Yubikey.
    • +
    • Während Yubi OTP eine aktive Internetverbindung und eine API ID + Schlüssel benötigt, funktioniert WebAuthn mit jedem Fido Security Key, kann aber nur verwendet werden, wenn der Zugriff auf mailcow über HTTPS erfolgt.
    • +
    • WebAuthn und Yubi OTP unterstützen mehrere Schlüssel pro Nutzer.
    • +
    • Als dritte TFA-Methode verwendet mailcow TOTP: zeitbasierte Einmal-Passwörter. Diese Passwörter können mit Apps wie "Google Authenticator" generiert werden, nachdem zunächst ein QR-Code gescannt oder das gegebene Geheimnis manuell eingegeben wurde.
    • +
    +

    Als Administrator können Sie den TFA-Login eines Domain-Administrators vorübergehend deaktivieren, bis dieser sich erfolgreich eingeloggt hat.

    +

    Der für die Anmeldung verwendete Schlüssel wird in grüner Farbe angezeigt, während andere Schlüssel grau bleiben.

    +

    Informationen zum Entfernen von 2FA finden Sie hier.

    +

    Yubi OTP

    +

    Die Yubi API ID und der Schlüssel werden mit der Yubico Cloud API abgeglichen. Bei der Einrichtung von TFA werden Sie nach Ihrem persönlichen API-Konto für diesen Schlüssel gefragt. +Die API-ID, der API-Schlüssel und die ersten 12 Zeichen (Ihre YubiKeys ID in modhex) werden in der MySQL-Tabelle als Geheimnis gespeichert.

    +

    Beispiel-Einrichtung

    +

    Als erstes muss der YubiKey für die Verwendung als OTP-Generator konfiguriert werden. Laden Sie dazu den YubiKey Manager von der Yubico Website herunter: hier

    +

    Im Folgenden konfigurieren Sie den YubiKey für OTP. +Über den Menüpunkt Anwendungen -> OTP und einem Klick auf den Konfigurieren Button. Wählen Sie im folgenden Menü Credential Type -> Yubico OTP und klicken Sie auf Next.

    +

    Setzen Sie ein Häkchen in die Checkbox Use serial, generieren Sie eine Private ID und einen Secret key über die Schaltflächen. +Damit der YubiKey später validiert werden kann, muss auch das Häkchen in der Upload Checkbox gesetzt werden und klicken Sie dann auf Finish.

    +

    Nun öffnet sich ein neues Browserfenster, in dem Sie unten im Formular ein OTP Ihres YubiKey eingeben müssen (auf das Feld klicken und dann auf Ihren YubiKey tippen). Bestätigen Sie das Captcha und laden Sie die Daten auf den Yubico-Server hoch, indem Sie auf 'Hochladen' klicken. Die Verarbeitung der Daten wird einen Moment dauern.

    +

    Nachdem die Generierung erfolgreich war, werden Ihnen eine Client ID und ein Secret key angezeigt, notieren Sie sich diese Informationen an einem sicheren Ort.

    +

    Nun können Sie Yubico OTP-Authentifizierung aus dem Dropdown-Menü in der mailcow UI auf der Startseite unter Zugang -> Zwei-Faktor-Authentifizierung auswählen. +In dem sich nun öffnenden Dialog können Sie einen Namen für diesen YubiKey eingeben und die zuvor notierte Client ID sowie den Secret key in die vorgesehenen Felder eintragen. +Geben Sie schließlich Ihr aktuelles Kontopasswort ein und berühren Sie nach Auswahl des Feldes Touch Yubikey die Schaltfläche Ihres YubiKey.

    +

    Herzlichen Glückwunsch! Sie können sich nun mit Ihrem YubiKey in die mailcow UI einloggen!

    +
    +

    WebAuthn (U2F, Ersatz)

    +
    +

    Warning

    +

    Seit Februar 2022 hat Google Chrome die Unterstützung für U2F aufgegeben und die Verwendung von WebAuthn standardisiert.
    +Die WebAuthn API (der Ersatz für U2F) ist seit dem 21. Januar 2022 Teil von mailcow, wenn Sie also den Key über Februar 2022 hinaus nutzen wollen, sollten Sie ein Update mit der update.sh in Betracht ziehen.

    +
    +

    Um WebAuthn zu nutzen, muss der Browser diesen Standard unterstützen:

    +
      +
    • Edge (>=18)
    • +
    • Firefox (>=60)
    • +
    • Chrome (>=67)
    • +
    • Safari (>=13)
    • +
    • Opera (>=54)
    • +
    +

    Die folgenden mobilen Browser unterstützen diesen Authentifizierungstyp:

    +
      +
    • Safari auf iOS (>=14.5)
    • +
    • Android-Browser (>=97)
    • +
    • Opera Mobil (>=64)
    • +
    • Chrome für Android (>=97)
    • +
    +

    Quellen: caniuse.com, blog.mozilla.org

    +

    WebAuthn funktioniert auch ohne Internetverbindung.

    +

    Was passiert mit meinem registrierten Fido Security Key nach dem Update von U2F auf WebAuthn?

    +
    +

    Warning

    +

    Mit dem neuen U2F-Ersatz (WebAuthn) müssen Sie Ihren Fido Security Key neu registrieren, zum Glück ist WebAuthn abwärtskompatibel und unterstützt das U2F-Protokoll.

    +
    +

    Im Idealfall sollten Sie beim nächsten Einloggen (mit dem Schlüssel) ein Textfeld erhalten, das besagt, dass Ihr Fido Security Key aufgrund des Updates auf WebAuthn entfernt und als 2-Faktor-Authentifikator gelöscht wurde.

    +

    Aber keine Sorge! Sie können Ihren bestehenden Schlüssel einfach neu registrieren und ihn wie gewohnt verwenden. Sie werden wahrscheinlich nicht einmal einen Unterschied bemerken, außer dass Ihr Browser die U2F-Deaktivierungsmeldung nicht mehr anzeigt.

    +

    Deaktivieren inoffizieller unterstützter Fido Security Keys

    +

    Mit WebAuthn gibt es die Möglichkeit, nur offizielle Fido Security Keys zu verwenden (von den großen Marken wie: Yubico, Apple, Nitro, Google, Huawei, Microsoft, usw.) zu verwenden.

    +

    Dies dient in erster Linie der Sicherheit, da es Administratoren ermöglicht, sicherzustellen, dass nur offizielle Hardware in ihrer Umgebung verwendet werden kann.

    +

    Um diese Funktion zu aktivieren, ändern Sie den Wert WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf von n auf y und starten Sie die betroffenen Container mit docker compose up -d neu.

    +

    Die mailcow wird nun die Vendor-Zertifikate verwenden, die sich in Ihrem mailcow-Verzeichnis unter data/web/inc/lib/WebAuthn/rootCertificates befinden.

    +
    Beispiel:
    +

    Wenn Sie die offiziellen Hersteller-Geräte nur auf Apple beschränken wollen, brauchen Sie nur das Apple Hersteller-Zertifikat im data/web/inc/lib/WebAuthn/rootCertificates. +Nachdem Sie alle anderen Zertifikate gelöscht haben, können Sie WebAuthn 2FA nur noch mit Apple-Geräten aktivieren.

    +

    Das ist für jeden Hersteller gleich, also wählen Sie aus, was Ihnen gefällt (wenn Sie es wollen).

    +

    Eigene Zertifikate für WebAuthn verwenden

    +

    Wenn du ein gültiges Zertifikat vom Hersteller deines Schlüssels hast, kannst du es auch zu deiner Mailcow hinzufügen!

    +

    Kopieren Sie einfach das Zertifikat in den data/web/inc/lib/WebAuthn/rootCertificates Ordner und starten Sie Ihre Mailcow neu.

    +

    Nun sollten Sie in der Lage sein, auch dieses Gerät zu registrieren, obwohl die Überprüfung für die Herstellerzertifikate aktiviert ist, da Sie das Zertifikat manuell hinzugefügt haben.

    +

    Ist es gefährlich, den Vendor Check deaktiviert zu lassen?

    +

    Nein, das ist es nicht! +Diese Herstellerzertifikate werden nur zur Überprüfung der Originalhardware verwendet, nicht zur Absicherung des Registrierungsprozesses.

    +

    Wie Sie in diesen Artikeln lesen können, hat die Deaktivierung nichts mit der Software-Sicherheit zu tun: +- https://developers.yubico.com/U2F/Attestation_and_Metadata/ +- https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 +- https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01

    +

    Letztendlich ist es aber natürlich Ihre Entscheidung, ob Sie dieses Häkchen deaktiviert oder aktiviert lassen.

    +
    +

    TOTP

    +

    Die bekannteste TFA-Methode, die meist mit einem Smartphone verwendet wird.

    +

    Um die TOTP-Methode einzurichten, loggen Sie sich in die Admin UI ein und wählen Sie Time-based OTP (TOTP) aus der Liste.

    +

    Nun öffnet sich ein Modal, in dem Sie einen Namen für Ihr 2FA-"Gerät" (Beispiel: John Deer's Smartphone) und das Passwort des betroffenen Admin-Kontos (mit dem Sie derzeit eingeloggt sind) eingeben müssen.

    +

    Sie haben zwei verschiedene Methoden, um TOTP für Ihr Konto zu registrieren: +1. Scannen Sie den QR-Code mit Ihrer Authenticator App auf einem Smartphone oder Tablet. +2. Verwenden Sie den TOTP-Code (unter dem QR-Code) in Ihrem TOTP-Programm oder Ihrer App (wenn Sie keinen QR-Code scannen können).

    +

    Nachdem Sie den QR- oder TOTP-Code in der TOTP-App/dem TOTP-Programm Ihrer Wahl registriert haben, müssen Sie nur noch den nun generierten TOTP-Token (in der App/dem Programm) als Bestätigung in der mailcow UI eingeben, um die TOTP 2FA endgültig zu aktivieren, ansonsten wird sie nicht aktiviert, obwohl der TOTP-Token bereits in Ihrer App/ Ihrem Programm generiert wurde.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/u_e-80_to_443/index.html b/2.5/de/manual-guides/u_e-80_to_443/index.html new file mode 100644 index 000000000..1e40ecfcd --- /dev/null +++ b/2.5/de/manual-guides/u_e-80_to_443/index.html @@ -0,0 +1,2555 @@ + + + + + + + + + + + + + + + + + + HTTP auf HTTPS umleiten - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    HTTP auf HTTPS umleiten

    + +

    Seit dem 28. Februar 2017 wird mailcow mit aktivierten Ports 80 und 443 geliefert.

    +

    Verwenden Sie die untenstehende Konfiguration nicht für Reverse-Proxy-Setups, bitte lesen Sie dazu unsere Reverse-Proxy-Anleitung, die einen Redirect von HTTP zu HTTPS beinhaltet.

    +

    Öffne mailcow.conf und setze HTTP_BIND= - falls nicht bereits gesetzt.

    +

    Erstellen Sie eine neue Datei data/conf/nginx/redirect.conf und fügen Sie die folgende Serverkonfiguration in die Datei ein:

    +
    server {
    +  root /web;
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  include /etc/nginx/conf.d/server_name.active;
    +  if ( $request_uri ~* "%0A|%0D" ) { return 403; }
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +  location / {
    +    return 301 https://$host$uri$is_args$args;
    +  }
    +}
    +
    +

    Falls Sie den Parameter HTTP_BIND geändert haben, erstellen Sie den Container neu:

    +
    docker compose up -d
    +
    +

    Andernfalls starten Sie Nginx neu:

    +
    docker compose restart nginx-mailcow
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/u_e-autodiscover_config/index.html b/2.5/de/manual-guides/u_e-autodiscover_config/index.html new file mode 100644 index 000000000..03bfcb9aa --- /dev/null +++ b/2.5/de/manual-guides/u_e-autodiscover_config/index.html @@ -0,0 +1,2576 @@ + + + + + + + + + + + + + + + + + + Autodiscover / Autoconfig - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Autodiscover / Autoconfig

    + +

    Sie brauchen diese Datei nicht zu ändern oder zu erstellen, autodiscover funktioniert sofort. Diese Anleitung ist nur für Anpassungen des Autodiscover- oder Autokonfigurationsprozesses gedacht.

    +

    Neuere Outlook-Clients (insbesondere solche, die mit O365 ausgeliefert werden) führen keine automatische Erkennung von E-Mail-Profilen durch. +Denken Sie daran, dass ActiveSync NICHT mit einem Desktop-Client verwendet werden sollte.

    +

    Öffnen/erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie Ihre Änderungen in das Konfigurationsfeld ein.

    +

    Die Änderungen werden mit "$autodiscover_config" in data/web/inc/vars.inc.php zusammengeführt):

    +
    <?php
    +$autodiscover_config = array(
    +  // General autodiscover service type: "activesync" or "imap"
    +  // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
    +  'autodiscoverType' => 'activesync',
    +  // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows)
    +  // Outlook for Mac does not support ActiveSync
    +  'useEASforOutlook' => 'yes',
    +  // Please don't use STARTTLS-enabled service ports in the "port" variable.
    +  // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services).
    +  // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable.
    +  'imap' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('IMAPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))),
    +  ),
    +  'pop3' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('POPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('POP_PORT'))),
    +  ),
    +  'smtp' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('SMTPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))),
    +  ),
    +  'activesync' => array(
    +    'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync',
    +  ),
    +  'caldav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +  'carddav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +);
    +
    +

    Um immer IMAP und SMTP anstelle von EAS zu verwenden, setzen Sie 'autodiscoverType' => 'imap'.

    +

    Deaktivieren Sie ActiveSync für Outlook-Desktop-Clients, indem Sie "useEASforOutlook" auf "no" setzen.

    + +
    +
    + + + Letztes Update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/u_e-reeanble-weak-protocols/index.html b/2.5/de/manual-guides/u_e-reeanble-weak-protocols/index.html new file mode 100644 index 000000000..145d5ee8d --- /dev/null +++ b/2.5/de/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + TLS 1.0 und TLS 1.1 wieder aktivieren - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    TLS 1.0 und TLS 1.1 wieder aktivieren

    + +

    Am 12. Februar 2020 haben wir die veralteten Protokolle TLS 1.0 und 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) und Postfix (SMTPS, SUBMISSION) deaktiviert.

    +

    Unauthentifizierte Mails über SMTP an Port 25/tcp akzeptieren weiterhin >= TLS 1.0 . Es ist besser, eine schwache Verschlüsselung zu akzeptieren als gar keine.

    +

    Wie kann man schwache Protokolle wieder aktivieren?

    +

    Bearbeiten Sie data/conf/postfix/extra.cf:

    +
    submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +
    +

    Bearbeiten Sie data/conf/dovecot/extra.conf:

    +
    ssl_min_protocol = TLSv1
    +
    +

    Starten Sie die betroffenen Dienste neu:

    +
    docker compose restart postfix-mailcow dovecot-mailcow
    +
    +

    Tipp: Sie können TLS 1.2 in Windows 7 aktivieren.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/u_e-update-hooks/index.html b/2.5/de/manual-guides/u_e-update-hooks/index.html new file mode 100644 index 000000000..8b8a736a7 --- /dev/null +++ b/2.5/de/manual-guides/u_e-update-hooks/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Skripte vor und nach Aktualisierungen ausführen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Skripte vor und nach Aktualisierungen ausführen

    + +

    Es ist möglich, Pre- und Post-Update-Hooks zum update.sh Skript hinzuzufügen, das Ihre gesamte mailcow-Installation aktualisiert.

    +

    Um dies zu tun, fügen Sie einfach das entsprechende Bash-Skript in Ihr Mailcow-Root-Verzeichnis ein:

    +
      +
    • pre_update_hook.sh für Befehle, die vor dem Update laufen sollen
    • +
    • post_update_hook.sh für Befehle, die nach dem Update ausgeführt werden sollen
    • +
    +

    Beachten Sie, dass pre_update_hook.sh jedes Mal ausgeführt wird, wenn Sie update.sh aufrufen, und post_update_hook.sh wird nur ausgeführt, wenn die Aktualisierung erfolgreich war und das Skript nicht erneut ausgeführt werden muss.

    +

    Die Skripte werden von der Bash ausgeführt, ein Interpreter (z.B. #!/bin/bash) sowie ein Execute Permission Flag ("+x") sind nicht erforderlich.

    + +
    +
    + + + Letztes Update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/manual-guides/u_e-why_unbound/index.html b/2.5/de/manual-guides/u_e-why_unbound/index.html new file mode 100644 index 000000000..fa9eb91c3 --- /dev/null +++ b/2.5/de/manual-guides/u_e-why_unbound/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Warum unbound? - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Warum unbound?

    + +

    Für DNS-Blacklist-Lookups und DNSSEC.

    +

    Die meisten Systeme verwenden entweder einen öffentlichen oder einen lokalen DNS-Auflöser mit Zwischenspeicher. +Das ist eine sehr schlechte Idee, wenn es darum geht, Spam mit DNS-basierten Blackhole-Listen (DNSBL) oder ähnlichen Techniken zu filtern. +Die meisten, wenn nicht alle Anbieter wenden eine Ratenbegrenzung an, die auf dem DNS-Resolver basiert, der für die Abfrage ihres Dienstes verwendet wird. +Wenn Sie einen öffentlichen Resolver wie Google 4x8, OpenDNS oder einen anderen gemeinsam genutzten DNS-Resolver wie den Ihres Internetanbieters verwenden, werden Sie diese Grenze sehr bald erreichen.

    + +
    +
    + + + Letztes Update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/models/model-acl/index.html b/2.5/de/models/model-acl/index.html new file mode 100644 index 000000000..45039c49c --- /dev/null +++ b/2.5/de/models/model-acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + ACL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    ACL

    + +

    Die Bearbeitung eines Domänenadministrators oder eines Mailboxbenutzers ermöglicht es, Einschränkungen für dieses Konto festzulegen.

    +

    Wichtig: Bei sich überschneidenden Modulen wie Synchronisierungsaufträgen, auf die sowohl Domänenadministratoren als auch Mailbox-Benutzer Zugriff erhalten können, werden die Rechte des Domänenadministrators geerbt, wenn man sich als Mailbox-Benutzer anmeldet.

    +

    Einige Beispiele:

    +

    1.

    +
      +
    • Ein Domänenadministrator hat keinen Zugriff auf Synchronisierungsaufträge, kann sich aber als Mailbox-Benutzer anmelden
    • +
    • Wenn er sich als Mailbox-Benutzer anmeldet, erhält er keinen Zugriff auf Synchronisierungsaufträge, auch wenn der betreffende Mailbox-Benutzer bei der direkten Anmeldung Zugriff hat.
    • +
    +

    2.

    +
      +
    • Ein Domänenadministrator hat Zugriff auf Synchronisierungsaufträge und kann sich als Postfachbenutzer anmelden
    • +
    • Der Mailbox-Benutzer, als der er sich anzumelden versucht, hat keinen Zugang zu Synchronisierungsaufträgen
    • +
    • Der Domänenadministrator, der nun als Mailbox-Benutzer angemeldet ist, erbt die Berechtigung des Mailbox-Benutzers und kann auf Synchronisierungsaufträge zugreifen.
    • +
    +

    3.

    +
      +
    • Ein Domänenadministrator meldet sich als Mailbox-Benutzer an
    • +
    • Jede Berechtigung, die nicht in der ACL eines Domänenadministrators vorhanden ist, wird automatisch gewährt (Beispiel: zeitlich begrenzter Alias, TLS-Richtlinie usw.)
    • +
    + +
    +
    + + + Letztes Update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/models/model-passwd/index.html b/2.5/de/models/model-passwd/index.html new file mode 100644 index 000000000..97c9da518 --- /dev/null +++ b/2.5/de/models/model-passwd/index.html @@ -0,0 +1,2649 @@ + + + + + + + + + + + + + + + + + + Passwort-Hashing - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Passwort-Hashing

    + +

    Vollständig unterstützte Hashing-Methoden

    +

    Die aktuellste Version von mailcow unterstützt die folgenden Hashing-Methoden vollständig. +Die Standard-Hashing-Methode ist fett geschrieben:

    +
      +
    • BLF-CRYPT
    • +
    • SSHA
    • +
    • SSHA256
    • +
    • SSHA512
    • +
    +

    Die obigen Methoden können in mailcow.conf als MAILCOW_PASS_SCHEME Wert verwendet werden.

    +

    Nur-Lese-Hashing-Methoden

    +

    Die folgenden Methoden werden nur lesend unterstützt. +Wenn Sie planen, SOGo zu benutzen (wie standardmäßig), benötigen Sie eine SOGo-kompatible Hash-Methode. Bitte beachten Sie den Hinweis am Ende dieser Seite, wie Sie die Ansicht bei Bedarf aktualisieren können. +Wenn SOGo deaktiviert ist, können alle unten aufgeführten Hashing-Methoden von mailcow und Dovecot gelesen werden.

    +
      +
    • ARGON2I (SOGo kompatibel)
    • +
    • ARGON2ID (SOGo kompatibel)
    • +
    • CLEAR
    • +
    • CLEARTEXT
    • +
    • CRYPT (SOGo-kompatibel)
    • +
    • DES-CRYPT
    • +
    • LDAP-MD5 (SOGo-kompatibel)
    • +
    • MD5 (SOGo-kompatibel)
    • +
    • MD5-CRYPT (SOGo-kompatibel)
    • +
    • PBKDF2 (SOGo-kompatibel)
    • +
    • PLAIN (SOGo-kompatibel)
    • +
    • PLAIN-MD4
    • +
    • PLAIN-MD5
    • +
    • PLAIN-TRUNC
    • +
    • SHA (SOGo-kompatibel)
    • +
    • SHA1 (SOGo-kompatibel)
    • +
    • SHA256 (SOGo-kompatibel)
    • +
    • SHA256-CRYPT (SOGo-kompatibel)
    • +
    • SHA512 (SOGo-kompatibel)
    • +
    • SHA512-CRYPT (SOGo-kompatibel)
    • +
    • SMD5 (SOGo kompatibel)
    • +
    +

    Das bedeutet, mailcow ist in der Lage, Nutzer mit einem Hash wie {MD5}1a1dc91c907325c69271ddf0c944bc72 aus der Datenbank zu verifizieren.

    +

    Der Wert von MAILCOW_PASS_SCHEME wird immer verwendet, um neue Passwörter zu verschlüsseln.

    +
    +
    +

    Ich habe die Passwort-Hashes in der SQL-Tabelle "Mailbox" geändert und kann mich nicht anmelden.

    +
    +

    Eine "Ansicht" muss aktualisiert werden. Sie können dies durch einen Neustart von sogo-mailcow auslösen:

    +
    +
    +
    +
    docker compose restart sogo-mailcow
    +
    +
    +
    +
    docker-compose restart sogo-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/models/model-sender_rcv/index.html b/2.5/de/models/model-sender_rcv/index.html new file mode 100644 index 000000000..03158bb94 --- /dev/null +++ b/2.5/de/models/model-sender_rcv/index.html @@ -0,0 +1,2611 @@ + + + + + + + + + + + + + + + + + + Sender- und Empfängermodell - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sender- und Empfängermodell

    + +

    Wenn eine Mailbox erstellt wird, kann ein Benutzer Mails von seiner eigenen Mailboxadresse senden und empfangen.

    +
    Die Mailbox me@example.org wird erstellt. example.org ist eine primäre Domäne.
    +Hinweis: Eine Mailbox kann nicht in einer Alias-Domäne erstellt werden.
    +
    +me@example.org ist nur als me@example.org bekannt.
    +me@example.org darf als me@example.org senden.
    +
    +

    Wir können eine Alias-Domäne für example.org hinzufügen:

    +
    Die Alias-Domäne alias.com wird hinzugefügt und der primären Domäne example.org zugewiesen.
    +me@example.org ist nun als me@example.org und me@alias.com bekannt.
    +me@example.org darf nun als me@example.org und me@alias.com senden.
    +
    +

    Wir können Aliase für eine Mailbox hinzufügen, um Mails von dieser neuen Adresse zu empfangen und zu senden.

    +

    Es ist wichtig zu wissen, dass Sie nicht in der Lage sind, Mails für my-alias@my-alias-domain.tld zu empfangen. Sie müssen diesen speziellen Alias erstellen.

    +
    me@example.org wird der Alias alias@example.org zugewiesen.
    +me@example.org ist jetzt bekannt als me@example.org, me@alias.com, alias@example.org
    +
    +me@example.org ist NICHT als alias@alias.com bekannt.
    +
    +

    Bitte beachten Sie, dass dies nicht für "catch-all"-Aliasnamen gilt:

    +
    Die Alias-Domäne alias.com wird hinzugefügt und der primären Domäne example.org zugewiesen
    +me@example.org wird der Catch-all-Alias @example.org zugewiesen
    +me@example.org ist weiterhin nur als me@example.org bekannt, was die einzige verfügbare send-as Option ist.
    +
    +Jede an alias.com gesendete E-Mail wird mit dem Catch-All-Alias für example.org übereinstimmen.
    +
    +

    Administratoren und Domänenadministratoren können Postfächer bearbeiten, um bestimmten Benutzern zu erlauben, als andere Postfachbenutzer zu senden (sie zu "delegieren").

    +

    Sie können zwischen Mailbox-Benutzern wählen oder die Absenderprüfung für Domänen komplett deaktivieren.

    +

    SOGo "Mail von"-Adressen

    +

    Mailbox-Benutzer können natürlich ihre eigene Mailbox-Adresse auswählen, sowie alle Alias-Adressen und Aliase, die über Alias-Domänen existieren.

    +

    Wenn Sie einen anderen existierenden Mailbox-Benutzer als Ihre "Mail von"-Adresse auswählen wollen, muss dieser Benutzer Ihnen den Zugriff über SOGo delegieren (siehe SOGo-Dokumentation). Außerdem muss ein mailcow (Domain) Administrator +Ihnen den Zugang wie oben beschrieben gewähren.

    + +
    +
    + + + Letztes Update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-disable_ipv6/index.html b/2.5/de/post_installation/firststeps-disable_ipv6/index.html new file mode 100644 index 000000000..70615e9e4 --- /dev/null +++ b/2.5/de/post_installation/firststeps-disable_ipv6/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + IPv6 deaktivieren - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    IPv6 deaktivieren

    + +

    Dies wird NUR empfohlen, wenn Sie kein IPv6-fähiges Netzwerk auf Ihrem Host haben!

    +

    Wenn Sie es wirklich brauchen, können Sie die Verwendung von IPv6 in der Compose-Datei deaktivieren. +Zusätzlich können Sie auch den Start des Containers "ipv6nat-mailcow" deaktivieren, da er nicht benötigt wird, wenn Sie IPv6 nicht verwenden.

    +

    Anstatt die Datei docker-compose.yml direkt zu bearbeiten, ist es besser, eine Override-Datei zu erstellen +zu erstellen und Ihre Änderungen am Dienst dort zu implementieren. Leider scheint dies im Moment nur für Dienste zu funktionieren, nicht für Netzwerkeinstellungen.

    +

    Um IPv6 im mailcow-Netzwerk zu deaktivieren, öffnen Sie docker-compose.yml mit Ihrem bevorzugten Texteditor und suchen Sie nach dem Netzwerk-Abschnitt (er befindet sich am Ende der Datei).

    +

    1. Ändern Sie docker-compose.yml

    +

    Ändern Sie enable_ipv6: true in enable_ipv6: false:

    +
    networks:
    +  mailcow-network:
    +    [...]
    +    enable_ipv6: true # <<< auf false setzen
    +    [...]
    +
    +

    2. ipv6nat-mailcow deaktivieren

    +

    Um den ipv6nat-mailcow Container ebenfalls zu deaktivieren, gehen Sie in Ihr mailcow Verzeichnis und erstellen Sie eine neue Datei namens "docker-compose.override.yml":

    +

    HINWEIS: Wenn Sie bereits eine Override-Datei haben, erstellen Sie diese natürlich nicht neu, sondern fügen Sie die untenstehenden Zeilen entsprechend in Ihre bestehende Datei ein!

    +
    # cd /opt/mailcow-dockerized
    +# touch docker-compose.override.yml
    +
    +

    Öffnen Sie die Datei in Ihrem bevorzugten Texteditor und tragen Sie folgendes ein:

    +
    version: '2.1'
    +services:
    +
    +    ipv6nat-mailcow:
    +      image: bash:latest
    +      restart: "no"
    +      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
    +
    +

    Damit diese Änderungen wirksam werden, müssen Sie den Stack vollständig stoppen und dann neu starten, damit Container und Netzwerke neu erstellt werden:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    3. Deaktivieren Sie IPv6 in unbound-mailcow

    +

    Bearbeiten Sie data/conf/unbound/unbound.conf und setzen Sie do-ip6 auf "no":

    +
    Server:
    +  [...]
    +  do-ip6: no
    +  [...]
    +
    +

    unbound neu starten:

    +
    +
    +
    +
    docker compose restart unbound-mailcow
    +
    +
    +
    +
    docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    4. Deaktivieren Sie IPv6 in postfix-mailcow

    +

    Erstellen Sie data/conf/postfix/extra.cf und setzen Sie smtp_address_preference auf ipv4:

    +
    smtp_address_preference = ipv4
    +inet_protocols = ipv4
    +
    +

    Starten Sie Postfix neu:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    +

    5. Wenn im Docker Daemon IPv6 komplett deaktiviert ist:

    +

    Folgende NGINX, Dovecot und Php-fpm Konfigurationsdateien anpassen

    +
    sed -i '/::/d' data/conf/nginx/listen_*
    +sed -i '/::/d' data/conf/nginx/templates/listen*
    +sed -i '/::/d' data/conf/nginx/dynmaps.conf
    +sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
    +sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf
    +
    + +
    +
    + + + Letztes Update: + 2022-10-19 15:29:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-dmarc_reporting/index.html b/2.5/de/post_installation/firststeps-dmarc_reporting/index.html new file mode 100644 index 000000000..312496a2b --- /dev/null +++ b/2.5/de/post_installation/firststeps-dmarc_reporting/index.html @@ -0,0 +1,2862 @@ + + + + + + + + + + + + + + + + + + DMARC Reporting - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    DMARC Reporting

    + +

    Die DMARC-Berichterstattung erfolgt über das Rspamd DMARC-Modul.

    +

    Die Rspamd-Dokumentation finden Sie hier: https://rspamd.com/doc/modules/dmarc.html

    +

    Wichtig:

    +
      +
    1. +

      Ändern Sie example.com, mail.example.com und Example so, dass sie Ihrer Einrichtung entsprechen

      +
    2. +
    3. +

      Die DMARC-Berichterstattung erfordert zusätzliche Aufmerksamkeit, insbesondere in den ersten Tagen

      +
    4. +
    5. +

      Alle empfangenden Domains, die auf mailcow gehostet werden, senden von einer Reporting-Domain. Es wird empfohlen, die übergeordnete Domain Ihres MAILCOW_HOSTNAME zu verwenden:

      +
        +
      • Wenn Ihr MAILCOW_HOSTNAME mail.example.com ist, ändern Sie die folgende Konfiguration in domain = "example.com";
      • +
      • Setzen Sie email gleich, z.B. email = "noreply-dmarc@example.com";
      • +
      +
    6. +
    7. +

      Es ist optional, aber empfohlen, einen E-Mail-Benutzer noreply-dmarc in mailcow zu erstellen, um Bounces zu behandeln.

      +
    8. +
    +

    Aktivieren Sie DMARC-Berichterstattung

    +

    Erstellen Sie die Datei data/conf/rspamd/local.d/dmarc.conf und setzen Sie den folgenden Inhalt:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    domain = 'example.com';
    +    org_name = 'Example';
    +    helo = 'rspamd';
    +    smtp = 'postfix';
    +    smtp_port = 25;
    +    from_name = 'Example DMARC Report';
    +    msgid_from = 'rspamd.mail.example.com';
    +    max_entries = 2k;
    +    keys_expire = 2d;
    +}
    +
    +

    Erstellen oder ändern Sie docker-compose.override.yml im mailcow-dockerized Basisverzeichnis:

    +
    version: '2.1'
    +
    +services:
    +  rspamd-mailcow:
    +    environment:
    +      - MASTER=${MASTER:-y}
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "@every 24h"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +  ofelia-mailcow:
    +    depends_on:
    +      - rspamd-mailcow
    +
    +

    Starten Sie den mailcow Stack mit:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Senden Sie eine Kopie der Berichte an sich selbst

    +

    Um eine versteckte Kopie der von Rspamd erzeugten Berichte zu erhalten, können Sie eine bcc_addrs Liste im reporting Konfigurationsabschnitt von data/conf/rspamd/local.d/dmarc.conf setzen:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    bcc_addrs = ["noreply-dmarc@example.com", "parsedmarc@example.com"];
    +[...]
    +
    +

    Rspamd lädt Änderungen in Echtzeit, so dass Sie den Container zu diesem Zeitpunkt nicht neu starten müssen.

    +

    Dies kann nützlich sein, wenn Sie...

    +
      +
    • ...überprüfen wollen, ob Ihre DMARC-Berichte korrekt und authentifiziert gesendet werden.
    • +
    • ...Ihre eigenen Berichte analysieren wollen, um Statistiken zu erhalten, z.B. um sie mit ParseDMARC oder anderen Analysesystemen zu verwenden.
    • +
    +

    Fehlersuche

    +

    Prüfen Sie, wann der Berichtsplan zuletzt ausgeführt wurde:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    Sehen Sie sich die letzte Berichtsausgabe an:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    Manuelles Auslösen eines DMARC-Berichts:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    +

    Bestätigen Sie, dass Rspamd Daten in Redis aufgezeichnet hat: +Ändern Sie 20220428 in Ihr gewünschtes Datum zum überprüfen.

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    +

    Nehmen Sie eine der Zeilen aus der Ausgabe, die Sie interessiert, und fordern Sie sie an, z. B.:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    +

    Ändern Sie die Häufigkeit der DMARC-Berichte

    +

    Im obigen Beispiel werden die Berichte einmal alle 24 Stunden sowie für den gestrigen Tag versendet. Dies ist für die meisten Konfigurationen ausreichend.

    +

    Wenn Sie ein großes E-Mail-Aufkommen haben und die DMARC-Berichterstattung mehr als einmal am Tag durchführen wollen, müssen Sie einen zweiten Zeitplan erstellen und ihn mit dmarc_report $(date '+%Y%m%d') ausführen, um den aktuellen Tag zu verarbeiten. Sie müssen sicherstellen, dass der erste Lauf an jedem Tag auch den letzten Bericht vom Vortag verarbeitet, also muss er zweimal gestartet werden, einmal mit $(date --date yesterday '+%Y%m%d') um 0 5 0 * * * (00:05 AM) und dann mit $(date '+%Y%m%d') mit dem gewünschten Intervall.

    +

    Der Ofelia-Zeitplan hat die gleiche Implementierung wie cron in Go, die unterstützte Syntax ist beschrieben in cron Documentation

    +

    Um den Zeitplan zu ändern:

    +
      +
    1. +

      docker-compose.override.yml bearbeiten: +

      version: '2.1'
      +
      +services:
      +  rspamd-mailcow:
      +    environment:
      +      - MASTER=${MASTER:-y}
      +    labels:
      +      ofelia.enabled: "true"
      +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "0 5 0 * * *"
      +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
      +      ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: "@every 12h"
      +      ofelia.job-exec.rspamd_dmarc_reporting_today.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
      +  ofelia-mailcow:
      +    depends_on:
      +      - rspamd-mailcow
      +

      +
    2. +
    3. +

      Starten Sie die betroffenen Container neu:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    4. +
    5. +

      Führen Sie einen Neustart nur von Ofelia aus:

      +
      +
      +
      +
      docker compose restart ofelia-mailcow
      +
      +
      +
      +
      docker-compose restart ofelia-mailcow
      +
      +
      +
      +
      +
    6. +
    +

    DMARC-Berichterstattung deaktivieren

    +

    Zum Deaktivieren der Berichterstattung:

    +
      +
    1. +

      Setzen Sie enabled auf false in data/conf/rspamd/local.d/dmarc.conf.

      +
    2. +
    3. +

      Machen Sie Änderungen in docker-compose.override.yml an rspamd-mailcow und ofelia-mailcow rückgängig

      +
    4. +
    5. +

      Starten Sie die betroffenen Container neu:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    6. +
    + +
    +
    + + + Letztes Update: + 2022-11-09 01:03:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-ip_bindings/index.html b/2.5/de/post_installation/firststeps-ip_bindings/index.html new file mode 100644 index 000000000..f7d484f3f --- /dev/null +++ b/2.5/de/post_installation/firststeps-ip_bindings/index.html @@ -0,0 +1,2682 @@ + + + + + + + + + + + + + + + + + + IP-Bindings - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    IP-Bindings

    + +
    +

    Warnung

    +

    Das Ändern der Bindung hat keinen Einfluss auf Source-NAT. Siehe SNAT für die erforderlichen Schritte.

    +
    +

    IPv4-Binding

    +

    Um eine oder mehrere IPv4-Bind(ings) anzupassen, öffne mailcow.conf und editiere eine, mehrere oder alle Variablen nach deinen Bedürfnissen:

    +
    # Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen.
    +# Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port:
    +# Beispiel: HTTP_BIND=1.2.3.4
    +
    +HTTP_PORT=80
    +HTTP_BIND=
    +HTTPS_PORT=443
    +HTTPS_BIND=
    +
    +# Andere Dienste werden nach folgendem Format gebunden:
    +# SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25
    +# Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x übersprungen.
    +# doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte ändern Sie das nicht, es sei denn, Sie wissen, was Sie tun.
    +
    +SMTP_PORT=25
    +SMTPS_PORT=465
    +SUBMISSION_PORT=587
    +IMAP_PORT=143
    +IMAPS_PORT=993
    +POP_PORT=110
    +POPS_PORT=995
    +SIEVE_PORT=4190
    +DOVEADM_PORT=127.0.0.1:19991
    +SQL_PORT=127.0.0.1:13306
    +SOLR_PORT=127.0.0.1:18983
    +
    +

    Um Ihre Änderungen zu übernehmen, führen Sie folgende Befehle aus:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    IPv6-Binding

    +

    Das Ändern von IPv6-Bindings ist anders als bei IPv4. Auch dies hat einen technischen Hintergrund.

    +

    Eine docker-compose.override.yml Datei wird verwendet, anstatt die docker-compose.yml Datei direkt zu bearbeiten. Dies geschieht, um die Aktualisierbarkeit zu erhalten, da die Datei docker-compose.yml regelmäßig aktualisiert wird und Ihre Änderungen höchstwahrscheinlich überschrieben werden.

    +

    Bearbeiten Sie die Datei "docker-compose.override.yml" und erstellen Sie sie mit dem folgenden Inhalt. Ihr Inhalt wird mit der produktiven Datei "docker-compose.yml" zusammengeführt.

    +

    Es wird eine beispielhafte IPv6 2001:db8:dead:beef::123 in [] angegeben. Das erste Suffix :PORT1 definiert den externen Port, während das zweite Suffix :PORT2 zu dem entsprechenden Port innerhalb des Containers führt und nicht verändert werden darf.

    +
    version: '2.1'
    +services:
    +
    +    dovecot-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:143:143'
    +        - '[2001:db8:dead:beef::123]:993:993'
    +        - '[2001:db8:dead:beef::123]:110:110'
    +        - '[2001:db8:dead:beef::123]:995:995'
    +        - '[2001:db8:dead:beef::123]:4190:4190'
    +
    +    postfix-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:25:25'
    +        - '[2001:db8:dead:beef::123]:465:465'
    +        - '[2001:db8:dead:beef::123]:587:587'
    +
    +    nginx-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:80:80'
    +        - '[2001:db8:dead:beef::123]:443:443'
    +
    +

    Um Ihre Änderungen zu übernehmen, führen Sie folgendes aus:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-local_mta/index.html b/2.5/de/post_installation/firststeps-local_mta/index.html new file mode 100644 index 000000000..7662bbe26 --- /dev/null +++ b/2.5/de/post_installation/firststeps-local_mta/index.html @@ -0,0 +1,2545 @@ + + + + + + + + + + + + + + + + + + Lokaler MTA auf Docker-Host - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Lokaler MTA auf Docker-Host

    + +

    Die einfachste Möglichkeit wäre, den Listener an Port 25/tcp zu deaktivieren.

    +

    Postfix-Benutzer deaktivieren den Listener, indem sie die folgende Zeile (beginnend mit smtp oder 25) in /etc/postfix/master.cf auskommentieren: +

    #smtp      inet  n       -       -       -       -       smtpd
    +

    +

    Außerdem, um über eine Dockerized mailcow weiterzuleiten, sollten Sie 172.22.1.1 als Relayhost hinzufügen und das Docker-Interface aus "inet_interfaces" entfernen:

    +
    postconf -e 'relayhost = 172.22.1.1'
    +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
    +postconf -e "inet_interfaces = loopback-only"
    +postconf -e "relay_transport = relay"
    +postconf -e "default_transport = smtp"
    +
    +

    Jetzt ist es wichtig, dass Sie nicht denselben FQDN in myhostname haben, den Sie für Ihre mailcow verwenden. Prüfen Sie Ihre lokale (nicht-Docker) Postfix' main.cf auf myhostname und setzen Sie ihn auf etwas anderes, zum Beispiel local.my.fqdn.tld.

    +

    "172.22.1.1" ist das von mailcow erstellte Netzwerk-Gateway in Docker. +Das Relaying über diese Schnittstelle ist notwendig (anstatt - zum Beispiel - direkt über ${MAILCOW_HOSTNAME}), um über ein bekanntes internes Netzwerk weiterzuleiten.

    +

    Starten Sie Postfix neu, nachdem Sie Ihre Änderungen vorgenommen haben.

    + +
    +
    + + + Letztes Update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-logging/index.html b/2.5/de/post_installation/firststeps-logging/index.html new file mode 100644 index 000000000..a6def34c7 --- /dev/null +++ b/2.5/de/post_installation/firststeps-logging/index.html @@ -0,0 +1,2802 @@ + + + + + + + + + + + + + + + + + + Logging - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logging

    + +

    Das Logging in mailcow: dockerized besteht aus mehreren Stufen, ist aber immerhin wesentlich flexibler und einfacher in einen Logging-Daemon zu integrieren als bisher.

    +

    In Docker schreibt die containerisierte Anwendung (PID 1) ihre Ausgabe auf stdout. Für echte Ein-Anwendungs-Container funktioniert das sehr gut. +Führen Sie folgenden Befehl aus, um mehr zu erfahren:

    +
    +
    +
    +
    docker compose logs --help
    +
    +
    +
    +
    docker-compose logs --help
    +
    +
    +
    +
    +

    Einige Container protokollieren oder streamen an mehrere Ziele.

    +

    Kein Container wird persistente Logs in sich behalten. Container sind flüchtige Objekte!

    +

    Am Ende wird jede Zeile der Logs den Docker-Daemon erreichen - ungefiltert.

    +

    Der Standard-Logging-Treiber ist "json ".

    +

    Gefilterte Logs

    +

    Einige Logs werden gefiltert und in Redis-Schlüssel geschrieben, aber auch in einen Redis-Kanal gestreamt.

    +

    Der Redis-Kanal wird verwendet, um Protokolle mit fehlgeschlagenen Authentifizierungsversuchen zu streamen, die von netfilter-mailcow gelesen werden.

    +

    Die Redis-Schlüssel sind persistent und halten 10000 Zeilen von Logs für die Web-UI.

    +

    Dieser Mechanismus macht es möglich, jeden beliebigen Docker-Logging-Treiber zu verwenden, ohne die +ohne die Fähigkeit zu verlieren, Logs von der UI zu lesen oder verdächtige Clients mit netfilter-mailcow zu sperren.

    +

    Redis-Schlüssel enthalten nur Logs von Anwendungen und filtern Systemmeldungen heraus (man denke an Cron etc.).

    +

    Logging-Treiber

    +

    Über docker-compose.override.yml

    +

    Hier ist die gute Nachricht: Da Docker einige großartige Logging-Treiber hat, können Sie mailcow: dockerized mit Leichtigkeit in Ihre bestehende Logging-Umgebung integrieren.

    +

    Erstellen Sie eine docker-compose.override.yml und fügen Sie zum Beispiel diesen Block hinzu, um das "gelf" Logging-Plugin für postfix-mailcow zu verwenden:

    +
    version: '2.1'
    +services:
    +  postfix-mailcow: # oder ein anderer
    +    logging:
    +      driver: "gelf"
    +      options:
    +        gelf-address: "udp://graylog:12201"
    +
    +

    Ein weiteres Beispiel für Syslog:

    +
    version: '2.1'
    +services:
    +
    +  postfix-mailcow: # oder ein anderer
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  dovecot-mailcow: # oder ein anderer
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  rspamd-mailcow: # oder ein anderer
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +
    Nur für rsyslog:
    +

    Stellen Sie sicher, dass folgende Zeilen in /etc/rsyslog.conf nicht auskommentiert sind:

    +
    # provides UDP syslog reception
    +module(load="imudp")
    +input(type="imudp" port="514")
    +
    +

    Um Eingänge von local3 in /var/log/mailcow.log zu leiten und danach die Verarbeitung zu stoppen, +erstellen Sie die Datei /etc/rsyslog.d/docker.conf:

    +
    local3.*        /var/log/mailcow.log
    +& stop
    +
    +

    Starten Sie rsyslog danach neu.

    +

    Über daemon.json (global)

    +

    Wenn Sie den Logging-Treiber global ändern wollen, editieren Sie die Konfigurationsdatei des Docker-Daemons /etc/docker/daemon.json und starten Sie den Docker-Dienst neu:

    +
    {
    +[...]
    +  "log-driver": "gelf",
    +  "log-opts": {
    +    "gelf-address": "udp://graylog:12201"
    +  }
    +[...]
    +}
    +
    +

    Für Syslog:

    +
    {
    +[...]
    +  "log-driver": "syslog",
    +  "log-opts": {
    +    "syslog-address": "udp://1.2.3.4:514"
    +  }
    +[...]
    +}
    +
    +

    Starten Sie den Docker-Daemon neu und führen Sie die folgenden Befehle aus, um die Container mit dem neuen Protokollierungstreiber neu zu erstellen:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    Log rotation

    +

    Da diese Logs sehr groß werden können, ist es eine gute Idee logrotate zu nutzen, um Logs nach einer gewissen Zeit zu +komprimieren und zu löschen.

    +

    Erstellen Sie die Datei /etc/logrotate.d/mailcow mit folgendem Inhalt:

    +
    /var/log/mailcow.log {
    +        rotate 7
    +        daily
    +        compress
    +        delaycompress
    +        missingok
    +        notifempty
    +        create 660 root root
    +}
    +
    +

    Mit dieser Konfiguration wird logrotate täglich ausgeführt und es werden maximal 7 Archive gespeichert.

    +

    Um die Logdatei wöchentlich oder monatlich zu rotieren, muss daily durch weekly oder respektive monthly ersetzt werden.

    +

    Um mehr Archive zu speichern, muss die Nummer hinter rotate angepasst werden.

    +

    Danach kann logrotate neu gestartet werden.

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-rp/index.html b/2.5/de/post_installation/firststeps-rp/index.html new file mode 100644 index 000000000..1f8f5750a --- /dev/null +++ b/2.5/de/post_installation/firststeps-rp/index.html @@ -0,0 +1,2953 @@ + + + + + + + + + + + + + + + + + + Reverse Proxy - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Reverse Proxy

    + +

    Sie müssen die Nginx-Seite, die mit mailcow: dockerized geliefert wird, nicht ändern. +mailcow: dockerized vertraut auf das Standard-Gateway IP 172.22.1.1 als Proxy.

    +

    1. Stellen Sie sicher, dass Sie HTTP_BIND und HTTPS_BIND in mailcow.conf auf eine lokale Adresse ändern und die Ports entsprechend einstellen, zum Beispiel: +

    HTTP_BIND=127.0.0.1
    +HTTP_PORT=8080
    +HTTPS_BIND=127.0.0.1
    +HTTPS_PORT=8443
    +

    +

    Dadurch werden auch die Bindungen innerhalb des Nginx-Containers geändert! Dies ist wichtig, wenn Sie sich entscheiden, einen Proxy innerhalb von Docker zu verwenden.

    +

    WICHTIG: Verwenden Sie nicht Port 8081, 9081 oder 65510!

    +

    Erzeugen Sie die betroffenen Container neu, indem Sie docker compose up -d ausführen.

    +

    Wichtige Informationen, bitte lesen Sie diese sorgfältig durch!

    +
    +

    Info

    +

    Wenn Sie planen, einen Reverse-Proxy zu verwenden und einen anderen Servernamen als MAILCOW_HOSTNAME verwenden wollen, müssen Sie Zusätzliche Servernamen für mailcow UI am Ende dieser Seite hinzufügen.

    +
    +
    +

    Warning

    +

    Stellen Sie sicher, dass Sie generate_config.sh ausführen, bevor Sie die untenstehenden Konfigurationsbeispiele aktivieren. +Das Skript generate_config.sh kopiert die Snake-oil Zertifikate an den richtigen Ort, so dass die Dienste nicht aufgrund fehlender Dateien nicht starten können.

    +
    +
    +

    Warning

    +

    Wenn Sie TLS SNI aktivieren (ENABLE_TLS_SNI in mailcow.conf), müssen die Zertifikatspfade in Ihrem Reverse-Proxy mit den korrekten Pfaden in data/assets/ssl/{hostname} übereinstimmen. Die Zertifikate werden in data/assets/ssl/{hostname1,hostname2,etc} aufgeteilt und werden daher nicht funktionieren, wenn Sie die Beispiele von unten kopieren, die auf data/assets/ssl/cert.pem etc. zeigen.

    +
    +
    +

    Info

    +

    Die Verwendung der untenstehenden Site-Konfigurationen wird acme-Anfragen an mailcow weiterleiten und es die Zertifikate selbst verwalten lassen. +Der Nachteil der Verwendung von mailcow als ACME-Client hinter einem Reverse-Proxy ist, dass Sie Ihren Webserver neu laden müssen, nachdem acme-mailcow das Zertifikat geändert/erneuert/erstellt hat. Sie können entweder Ihren Webserver täglich neu laden oder ein Skript schreiben, um die Datei auf Änderungen zu überwachen. +Auf vielen Servern wird logrotate den Webserver sowieso täglich neu laden.

    +

    Wenn Sie eine lokale Certbot-Installation verwenden möchten, müssen Sie die SSL-Zertifikatsparameter entsprechend ändern. +Stellen Sie sicher, dass Sie ein Post-Hook-Skript ausführen, wenn Sie sich entscheiden, externe ACME-Clients zu verwenden. Ein Beispiel finden Sie am Ende dieser Seite.

    +
    +

    2. Konfigurieren Sie Ihren lokalen Webserver als Reverse Proxy:

    +

    Apache 2.4

    +

    Erforderliche Module: +

    a2enmod rewrite proxy proxy_http headers ssl
    +

    +

    Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden problemlos funktionieren.

    +

    Die hervorgehobenen Zeilen müssen beachtet werden.

    +
    <VirtualHost *:80>
    +  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +  RewriteEngine on
    +
    +  RewriteCond %{HTTPS} off
    +  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
    +
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "http"
    +</VirtualHost>
    +<VirtualHost *:443>
    +  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +
    +  # You should proxy to a plain HTTP session to offload SSL processing
    +  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
    +  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "https"
    +
    +  SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem
    +  SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem
    +
    +  # Wenn Sie einen HTTPS-Host als Proxy verwenden möchten:
    +  #SSLProxyEngine On
    +
    +  # Wenn Sie einen Proxy für einen nicht vertrauenswürdigen HTTPS-Host einrichten wollen:
    +  #SSLProxyVerify none
    +  #SSLProxyCheckPeerCN off
    +  #SSLProxyCheckPeerName off
    +  #SSLProxyCheckPeerExpire off
    +</VirtualHost>
    +
    +

    Nginx

    +

    Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlos.

    +

    Achten Sie auf die hervorgehobenen Zeilen.

    +
    server {
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*;
    +  return 301 https://$host$request_uri;
    +}
    +server {
    +  listen 443 ssl http2;
    +  listen [::]:443 ssl http2;
    +  server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*;
    +
    +  ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
    +  ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
    +  ssl_session_timeout 1d;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_tickets off;
    +
    +  # Siehe https://ssl-config.mozilla.org/#server=nginx für die neuesten Empfehlungen zu ssl-Einstellungen
    +  # Ein Beispiel für eine Konfiguration ist unten angegeben
    +  ssl_protocols TLSv1.2;
    +  ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
    +  ssl_prefer_server_ciphers off;
    +
    +  location /Microsoft-Server-ActiveSync {
    +    proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_connect_timeout 75;
    +    proxy_send_timeout 3650;
    +    proxy_read_timeout 3650;
    +    proxy_buffers 64 512k; # Seit dem 2022-04 Update nötig für SOGo
    +    client_body_buffer_size 512k;
    +    client_max_body_size 0;
    +  }
    +
    +  location / {
    +    proxy_pass http://127.0.0.1:8080/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  # Die folgenden Proxy-Buffer müssen gesetzt werden, wenn Sie SOGo nach dem Update 2022-04 (April 2022) verwenden wollen
    +  # Andernfalls wird ein Login wie folgt fehlschlagen: https://github.com/mailcow/mailcow-dockerized/issues/4537
    +    proxy_buffer_size 128k;
    +    proxy_buffers 64 512k;
    +    proxy_busy_buffers_size 512k;
    +  }
    +}
    +
    +

    HAProxy (von der Community unterstützt)

    +
    +

    Warnung

    +

    Dies ist ein nicht unterstützter Community Beitrag. Korrekturen sind immer erwünscht!

    +
    +

    Wichtig/Fix erwünscht: Dieses Beispiel leitet nur HTTPS-Verkehr weiter und benutzt nicht den in mailcow eingebauten ACME-Client.

    +
    frontend https-in
    +  bind :::443 v4v6 ssl crt mailcow.pem
    +  default_backend mailcow
    +
    +backend mailcow
    +  option forwardfor
    +  http-request set-header X-Forwarded-Proto https if { ssl_fc }
    +  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    +  server mailcow 127.0.0.1:8080 check
    +
    +

    Traefik v2 (von der Community unterstützt)

    +
    +

    Warnung

    +

    Dies ist ein nicht unterstützter Community Beitrag. Korrekturen sind immer erwünscht!

    +
    +

    Wichtig: Diese Konfiguration deckt nur das "Reverseproxing" des Webpanels (nginx-mailcow) unter Verwendung von Traefik v2 ab. Wenn Sie auch die Mail-Dienste wie dovecot, postfix... reproxen wollen, müssen Sie die folgende Konfiguration an jeden Container anpassen und einen EntryPoint in Ihrer traefik.toml oder traefik.yml (je nachdem, welche Konfiguration Sie verwenden) für jeden Port erstellen.

    +

    In diesem Abschnitt gehen wir davon aus, dass Sie Ihren Traefik 2 [certificatesresolvers] in Ihrer Traefik-Konfigurationsdatei richtig konfiguriert haben und auch acme verwenden. Das folgende Beispiel verwendet Lets Encrypt, aber Sie können es gerne auf Ihren eigenen Zertifikatsresolver ändern. Eine grundlegende Traefik 2 toml-Konfigurationsdatei mit allen oben genannten Elementen, die für dieses Beispiel verwendet werden kann, finden Sie hier traefik.toml, falls Sie eine solche Datei benötigen oder einen Hinweis, wie Sie Ihre Konfiguration anpassen können.

    +

    Zuallererst werden wir den acme-mailcow-Container deaktivieren, da wir die von traefik bereitgestellten Zertifikate verwenden werden. +Dazu müssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf setzen und docker compose up -d ausführen, um die Änderungen zu übernehmen.

    +

    Dann erstellen wir eine docker-compose.override.yml Datei, um die Hauptdatei docker-compose.yml zu überschreiben, die sich im Mailcow-Stammverzeichnis befindet.

    +
    version: '2.1'
    +
    +services:
    +    nginx-mailcow:
    +      networks:
    +        # Traefiks Netzwerk hinzufügen
    +        web:
    +      labels:
    +        - traefik.enable=true
    +        # Erstellt einen Router namens "moo" für den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verknüpfen,
    +        # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable.
    +        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
    +        # Aktiviert tls über den zuvor erstellten Router.
    +        - traefik.http.routers.moo.tls=true
    +        # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt).
    +        - traefik.http.routers.moo.tls.certresolver=le
    +        # Erzeugt einen Dienst namens "moo" für den Container und gibt an, welchen internen Port des Containers
    +        # Traefik die eingehenden Daten weiterleiten soll.
    +        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
    +        # Gibt an, welchen Eingangspunkt (externer Port) traefik für diesen Container abhören soll.
    +        # Websecure ist Port 443, siehe die Datei traefik.toml wie oben.
    +        - traefik.http.routers.moo.entrypoints=websecure
    +        # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network
    +        - traefik.docker.network=web
    +
    +    certdumper:
    +        image: humenius/traefik-certs-dumper
    +        command: --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1
    +        network_mode: none
    +        volumes:
    +          # Binden Sie das Volume, das Traefiks `acme.json' Datei enthält, ein
    +          - acme:/traefik:ro
    +          # SSL-Ordner von mailcow einhängen
    +          - ./data/assets/ssl/:/output:rw
    +          # Binden Sie den Docker Socket ein, damit traefik-certs-dumper die Container neu starten kann
    +          - /var/run/docker.sock:/var/run/docker.sock:ro
    +        restart: always
    +        environment:
    +          # Ändern Sie dies nur, wenn Sie eine andere Domain für Mailcows Web-Frontend verwenden als in der Standard-Konfiguration
    +          - DOMAIN=${MAILCOW_HOSTNAME}
    +
    +networks:
    +  web:
    +    external: true
    +    # Name des externen Netzwerks
    +    name: traefik_web
    +
    +volumes:
    +  acme:
    +    external: true
    +    # Name des externen Docker Volumes, welches Traefiks `acme.json' Datei enthält
    +    name: traefik_acme
    +
    +

    Starten Sie die neuen Container mit docker compose up -d.

    +

    Da Traefik 2 ein acme v2 Format verwendet, um ALLE Zertifikaten von allen Domains zu speichern, müssen wir einen Weg finden, die Zertifikate auszulagern. Zum Glück haben wir [diesen kleinen Container] (https://hub.docker.com/r/humenius/traefik-certs-dumper), der die Datei acme.json über ein Volume und eine Variable DOMAIN=example. org, und damit wird der Container die cert.pem und key.pem Dateien ausgeben, dafür lassen wir einfach den traefik-certs-dumper Container laufen, binden das /traefik Volume an den Ordner, in dem unsere acme.json gespeichert ist, binden das /output Volume an unseren mailcow data/assets/ssl/ Ordner, und setzen die DOMAIN=example.org Variable auf die Domain, von der wir die Zertifikate ausgeben wollen.

    +

    Dieser Container überwacht die Datei acme.json auf Änderungen und generiert die Dateien cert.pem und key.pem direkt in data/assets/ssl/, wobei der Pfad mit dem /output-Pfad des Containers verbunden ist.

    +

    Sie können es über die Kommandozeile ausführen oder das [hier] gezeigte docker compose verwenden (https://hub.docker.com/r/humenius/traefik-certs-dumper).

    +

    Nachdem wir die Zertifikate übertragen haben, müssen wir die Konfigurationen aus unseren Postfix- und Dovecot-Containern neu laden und die Zertifikate überprüfen. Wie das geht, sehen Sie hier.

    +

    Und das sollte es gewesen sein 😊, Sie können überprüfen, ob der Traefik-Router einwandfrei funktioniert, indem Sie das Dashboard von Traefik / traefik logs / über https auf die eingestellte Domain zugreifen, oder / und HTTPS, SMTP und IMAP mit den Befehlen auf der zuvor verlinkten Seite überprüfen.

    +

    Caddy v2 (von der Community unterstützt)

    +
    +

    Warnung

    +

    Dies ist ein nicht unterstützter Communitybeitrag. Korrekturen sind immer erwünscht!

    +
    +

    Die Konfiguration von Caddy mit mailcow ist sehr simpel.

    +

    In der Caddyfile muss einfach nur ein Bereich für den E-Mailserver angelegt werden.

    +

    Bspw:

    +
    MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME {
    +        log {
    +                output file /var/log/caddy/MAILCOW_HOSTNAME.log {
    +                        roll_disabled
    +                        roll_size 512M
    +                        roll_uncompressed
    +                        roll_local_time
    +                        roll_keep 3
    +                        roll_keep_for 48h
    +                }
    +        }
    +
    +        reverse_proxy 127.0.0.1:HTTP_BIND
    +}
    +
    +

    Dies erlaubt es Caddy automatisch die Zertifikate zu erstellen und den Traffic für diese erwähnten Domains anzunehmen und an mailcow weiterzuleiten.

    +

    Wichtig: Der ACME Client der mailcow muss deaktiviert sein, da es sonst zu Fehlern seitens mailcow kommt.

    +

    Da Caddy sich direkt selbst um die Zertifikate kümmert, können wir mit dem folgenden Skript die Caddy generierten Zertifikate in die mailcow inkludieren:

    +
    #!/bin/bash
    +MD5SUM_CURRENT_CERT=($(md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem))
    +MD5SUM_NEW_CERT=($(md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt))
    +
    +if [ $MD5SUM_CURRENT_CERT != $MD5SUM_NEW_CERT ]; then
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +        postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +        dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +        nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +        docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +
    +else
    +        echo "Certs not copied from Caddy (Not needed)"
    +fi
    +
    +
    +

    Achtung

    +

    Der Zertifikatspfad von Caddy variiert je nach Installationsart.
    +Bei diesem Installationsbeispiel wurde Caddy mithilfe des Caddy Repos (weitere Informationen hier) installiert.
    +
    +Um den Caddy Zertifikatspfad auf Ihrem System herauszufinden, genügt ein find / -name "certificates".

    +
    +

    Dieses Skript könnte dann als Cronjob jede Stunde aufgerufen werden:

    +
    0 * * * * /bin/bash /path/to/script/deploy-certs.sh  >/dev/null 2>&1
    +
    +

    Optional: Post-Hook-Skript für nicht-mailcow ACME-Clients

    +

    Die Verwendung eines lokalen Certbots (oder eines anderen ACME-Clients) erfordert den Neustart einiger Container, was Sie mit einem Post-Hook-Skript erledigen können. +Stellen Sie sicher, dass Sie die Pfade entsprechend ändern: +

    #!/bin/bash
    +cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +

    +

    Hinzufügen weiterer Servernamen für mailcow UI

    +

    Wenn Sie vorhaben, einen Servernamen zu verwenden, der nicht MAILCOW_HOSTNAME in Ihrem Reverse-Proxy ist, stellen Sie sicher, dass Sie diesen Namen zuerst in mailcow.conf über ADDITIONAL_SERVER_NAMES einpflegen. Die Namen müssen durch Kommas getrennt werden und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt überspringen, kann es sein, dass mailcow auf Ihren Reverse-Proxy mit einer falschen Seite antwortet.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Führen Sie docker compose up -d zum Anwenden aus.

    + +
    +
    + + + Letztes Update: + 2022-11-03 16:35:20 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-rspamd_ui/index.html b/2.5/de/post_installation/firststeps-rspamd_ui/index.html new file mode 100644 index 000000000..8f7b2e386 --- /dev/null +++ b/2.5/de/post_installation/firststeps-rspamd_ui/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Rspamd UI - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Rspamd UI

    + +

    Rspamd ist ein einfach zu benutzendes Spam-Filter-Tool, das derzeit mit mailcow installiert ist.

    +
      +
    1. Gehen Sie zum mailcow Web-Admin-Interface
    2. +
    3. Navigieren Sie zur Registerkarte Zugang.(Zugang > Rspamd UI)
    4. +
    5. Ändern Sie das Rspamd UI Passwort
    6. +
    7. Gehen Sie in einem Browser zu https://${MAILCOW_HOSTNAME}/rspamd und melden Sie sich an!
    8. +
    +

    Weitere Konfigurationsoptionen und Dokumentation finden Sie hier: https://rspamd.com/webui/

    + +
    +
    + + + Letztes Update: + 2022-01-29 23:04:38 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-snat/index.html b/2.5/de/post_installation/firststeps-snat/index.html new file mode 100644 index 000000000..3d03cd174 --- /dev/null +++ b/2.5/de/post_installation/firststeps-snat/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + SNAT - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    SNAT

    + +

    SNAT wird verwendet, um die Quelladresse der von mailcow gesendeten Pakete zu ändern. +Es kann verwendet werden, um die ausgehende IP-Adresse auf Systemen mit mehreren IP-Adressen zu ändern.

    +

    Öffnen Sie mailcow.conf, setzen Sie einen oder beide der folgenden Parameter:

    +
    # Benutze diese IPv4 für ausgehende Verbindungen (SNAT)
    +SNAT_TO_SOURCE=1.2.3.4
    +
    +# Benutze dieses IPv6 für ausgehende Verbindungen (SNAT)
    +SNAT6_TO_SOURCE=dead:beef
    +
    +

    Führen Sie docker compose up -d aus.

    +

    Die Werte werden von netfilter-mailcow gelesen. netfilter-mailcow stellt sicher, dass die Post-Routing-Regeln auf Position 1 in der Netfilter-Tabelle stehen. Es löscht sie automatisch und legt sie neu an, wenn sie an einer anderen Position als 1 gefunden werden.

    +

    Überprüfen Sie die Ausgabe von docker compose logs --tail=200 netfilter-mailcow, um sicherzustellen, dass die SNAT-Einstellungen angewendet wurden.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-ssl/index.html b/2.5/de/post_installation/firststeps-ssl/index.html new file mode 100644 index 000000000..faed4068a --- /dev/null +++ b/2.5/de/post_installation/firststeps-ssl/index.html @@ -0,0 +1,2867 @@ + + + + + + + + + + + + + + + + + + Erweitertes SSL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Erweitertes SSL

    + +

    Let's Encrypt (wird mitgeliefert)

    +

    Der "acme-mailcow" Container wird versuchen, ein LE-Zertifikat für ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN zu erhalten.

    +
    +

    Warning

    +

    mailcow muss auf Port 80 verfügbar sein, damit der acme-Client funktioniert. Unsere Reverse Proxy Beispielkonfigurationen decken das ab. Sie können auch jeden externen ACME-Client (z.B. certbot) verwenden, um Zertifikate zu erhalten, aber Sie müssen sicherstellen, dass sie an den richtigen Ort kopiert werden und ein Post-Hook die betroffenen Container neu lädt. Weitere Informationen finden Sie in der Reverse Proxy-Dokumentation.

    +
    +

    Standardmäßig, d.h. 0 Domains sind zu mailcow hinzugefügt, wird es versuchen, ein Zertifikat für ${MAILCOW_HOSTNAME} zu erhalten.

    +

    Für jede hinzugefügte Domain wird versucht, autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN in die IPv6-Adresse oder - falls IPv6 in der Domain nicht konfiguriert ist - in die IPv4-Adresse aufzulösen. Wenn dies gelingt, wird ein Name als SAN zur Zertifikatsanforderung hinzugefügt.

    +

    Nur Namen, die validiert werden können, werden als SAN hinzugefügt.

    +

    Für jede Domain, die Sie entfernen, wird das Zertifikat verschoben und ein neues Zertifikat angefordert. Es ist nicht möglich, Domains in einem Zertifikat zu behalten, wenn wir nicht in der Lage sind, die Challenge für diese zu validieren.

    +

    Wenn Sie den ACME-Client neu starten wollen, verwenden Sie docker compose restart acme-mailcow und überwachen Sie die Protokolle mit docker compose logs --tail=200 -f acme-mailcow.

    +

    Zusätzliche Domain-Namen

    +

    Bearbeiten Sie "mailcow.conf" und fügen Sie einen Parameter ADDITIONAL_SAN wie folgt hinzu:

    +

    Verwenden Sie keine Anführungszeichen (") und keine Leerzeichen zwischen den Namen!

    +
    ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
    +
    +

    Jeder Name wird anhand seiner IPv6-Adresse oder - wenn IPv6 in Ihrer Domäne nicht konfiguriert ist - anhand seiner IPv4-Adresse überprüft.

    +

    Ein Wildcard-Name wie smtp.* wird versuchen, ein smtp.DOMAIN_NAME SAN für jede zu mailcow hinzugefügte Domain zu erhalten.

    +

    Führen Sie docker compose up -d aus, um betroffene Container automatisch neu zu erstellen.

    +
    +

    Info

    +

    Die Verwendung anderer Namen als MAILCOW_HOSTNAME für den Zugriff auf das mailcow UI kann weitere Konfiguration erfordern.

    +
    +

    Wenn Sie planen, einen anderen Servernamen als MAILCOW_HOSTNAME für den Zugriff auf die mailcow UI zu verwenden (z.B. durch Hinzufügen von mail.* zu ADDITIONAL_SAN), stellen Sie sicher, dass Sie diesen Namen in mailcow.conf über ADDITIONAL_SERVER_NAMES eintragen. Die Namen müssen durch Kommas getrennt sein und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt auslassen, kann mailcow mit einer falschen Seite antworten.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Führen Sie docker compose up -d aus, um es anzuwenden.

    +

    Erneuerung erzwingen

    +

    Um eine Erneuerung zu erzwingen, müssen Sie eine Datei namens force_renew erstellen und den acme-mailcow Container neu starten:

    +
    cd /opt/mailcow-dockerized
    +touch data/assets/ssl/force_renew
    +docker compose restart acme-mailcow
    +# Prüfen Sie nun die Logs auf eine Erneuerung
    +docker compose logs --tail=200 -f acme-mailcow
    +
    +

    Die Datei wird automatisch gelöscht.

    +

    Validierungsfehler und wie man die Validierung überspringt

    +

    Sie können die IP-Überprüfung überspringen, indem Sie SKIP_IP_CHECK=y in mailcow.conf setzen (keine Anführungszeichen). Seien Sie gewarnt, dass eine Fehlkonfiguration dazu führt, dass Sie von Let's Encrypt eingeschränkt werden! Dies ist vor allem für Multi-IP-Setups nützlich, bei denen der IP-Check die falsche Quell-IP-Adresse zurückgeben würde. Aufgrund der Verwendung von dynamischen IPs für acme-mailcow ist Source-NAT bei Neustarts nicht konsistent.

    +

    Wenn Sie Probleme mit der "HTTP-Validierung" haben, aber Ihre IP-Adressbestätigung erfolgreich ist, verwenden Sie höchstwahrscheinlich firewalld, ufw oder eine andere Firewall, die Verbindungen von br-mailcow zu Ihrem externen Interface verbietet. Sowohl firewalld als auch ufw lassen dies standardmäßig nicht zu. Es reicht oft nicht aus, diese Firewall-Dienste einfach zu stoppen. Sie müssen mailcow stoppen (docker compose down), den Firewall-Dienst stoppen, die Ketten flushen und Docker neu starten.

    +

    Sie können diese Validierungsmethode auch überspringen, indem Sie SKIP_HTTP_VERIFICATION=y in "mailcow.conf" setzen. Seien Sie gewarnt, dass dies nicht zu empfehlen ist. In den meisten Fällen wird die HTTP-Überprüfung übersprungen, um unbekannte NAT-Reflection-Probleme zu umgehen, die durch das Ignorieren dieser spezifischen Netzwerk-Fehlkonfiguration nicht gelöst werden. Wenn Sie Probleme haben, TLSA-Einträge in der DNS-Übersicht innerhalb von mailcow zu generieren, haben Sie höchstwahrscheinlich Probleme mit NAT-Reflexion, die Sie beheben sollten.

    +

    Wenn du einen SKIP_* Parameter geändert hast, führe docker compose up -d aus, um deine Änderungen zu übernehmen.

    +

    Deaktivieren Sie Let's Encrypt

    +

    Deaktivieren Sie Let's Encrypt vollständig

    +

    Setzen Sie SKIP_LETS_ENCRYPT=y in "mailcow.conf" und erstellen Sie "acme-mailcow" neu, indem Sie docker compose up -d ausführen.

    +

    Alle Namen außer ${MAILCOW_HOSTNAME} überspringen

    +

    Fügen Sie ONLY_MAILCOW_HOSTNAME=y zu "mailcow.conf" hinzu und erstellen Sie "acme-mailcow" neu, indem Sie docker compose up -d ausführen.

    +

    Das Let's Encrypt subjectAltName-Limit von 100 Domains

    +

    Let's Encrypt hat derzeit ein Limit von 100 Domainnamen pro Zertifikat.

    +

    Standardmäßig erstellt "acme-mailcow" ein einzelnes SAN-Zertifikat für alle validierten Domains +(siehe den ersten Abschnitt und Zusätzliche Domainnamen). +Dies bietet beste Kompatibilität, bedeutet aber, dass das Let's Encrypt-Limit überschritten wird, wenn Sie zu viele Domains zu einer einzelnen Mailcow-Installation hinzufügen.

    +

    Um dies zu lösen, können Sie ENABLE_SSL_SNI so konfigurieren, dass es generiert wird:

    +
      +
    • Ein Hauptserver-Zertifikat mit MAILCOW_HOSTNAME und allen voll qualifizierten Domainnamen in der ADDITIONAL_SAN Konfiguration
    • +
    • Ein zusätzliches Zertifikat für jede in der Datenbank gefundene Domain mit autodiscover., autoconfig. und jeder anderen in diesem Format konfigurierten ADDITIONAL_SAN (subdomain.*).
    • +
    • Begrenzungen: Ein Zertifikatsname ADDITIONAL_SAN=test.example.com wird als SAN zum Hauptzertifikat hinzugefügt. Ein separates Zertifikat/Schlüsselpaar wird für dieses Format nicht erzeugt.
    • +
    +

    Postfix, Dovecot und Nginx werden dann diese Zertifikate mit SNI bedienen.

    +

    Setzen Sie ENABLE_SSL_SNI=y in "mailcow.conf" und erstellen Sie "acme-mailcow" durch Ausführen von docker compose up -d.

    +
    +

    Warning

    +

    Nicht alle Clients unterstützen SNI, siehe Dovecot Dokumentation oder Wikipedia. +Sie sollten sicherstellen, dass diese Clients den MAILCOW_HOSTNAME für sichere Verbindungen verwenden, wenn Sie diese Funktion aktivieren.

    +
    +

    Hier ist ein Beispiel:

    +
      +
    • MAILCOW_HOSTNAME=server.email.tld
    • +
    • ADDITIONAL_SAN=webmail.email.tld,mail.*
    • +
    • Mailcow E-Mail-Domänen: "domain1.tld" und "domain2.tld"
    • +
    +

    Die folgenden Zertifikate werden generiert:

    +
      +
    • server.email.tld, webmail.email.tld -> dies ist das Standard-Zertifikat, alle Clients können sich mit diesen Domains verbinden
    • +
    • mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individuelles Zertifikat für domain1.tld, kann von Clients ohne SNI-Unterstützung nicht verwendet werden
    • +
    • mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individuelles Zertifikat für domain2.tld, kann von Clients ohne SNI-Unterstützung nicht verwendet werden
    • +
    +

    Ein eigenes Zertifikat verwenden

    +

    Stellen Sie sicher, dass Sie mailcows internen LE-Client deaktivieren (siehe oben).

    +

    Um Ihre eigenen Zertifikate zu verwenden, speichern Sie einfach das kombinierte Zertifikat (mit dem Zertifikat und der zwischengeschalteten CA/CA, falls vorhanden) unter data/assets/ssl/cert.pem und den entsprechenden Schlüssel unter data/assets/ssl/key.pem.

    +

    WICHTIG: Verwenden Sie keine symbolischen Links! Stellen Sie sicher, dass Sie die Zertifikate kopieren und sie nicht mit data/assets/ssl verknüpfen.

    +

    Starten Sie die betroffenen Dienste anschließend neu:

    +
    docker restart $(docker ps -qaf name=postfix-mailcow)
    +docker restart $(docker ps -qaf name=nginx-mailcow)
    +docker restart $(docker ps -qaf name=dovecot-mailcow)
    +
    +

    Siehe Post-Hook-Skript für Nicht-Mailcow-ACME-Clients für ein vollständiges Beispielskript.

    +

    Test gegen das ACME-Verzeichnis

    +

    Bearbeiten Sie mailcow.conf und fügen Sie LE_STAGING=y hinzu.

    +

    Führen Sie docker compose up -d aus, um Ihre Änderungen zu aktivieren.

    +

    Benutzerdefinierte Verzeichnis-URL

    +

    Editieren Sie mailcow.conf und fügen Sie die entsprechende Verzeichnis-URL in die neue Variable DIRECTORY_URL ein:

    +
    DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
    +
    +

    Sie können LE_STAGING nicht mit DIRECTORY_URL verwenden. Wenn beide gesetzt sind, wird nur LE_STAGING verwendet.

    +

    Führen Sie docker compose up -d aus, um Ihre Änderungen zu aktivieren.

    +

    Überprüfen Sie Ihre Konfiguration

    +

    Führen Sie docker compose logs acme-mailcow aus, um herauszufinden, warum eine Validierung fehlschlägt.

    +

    Um zu überprüfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie einfach einen Browser Ihrer Wahl und überprüfen Sie das angezeigte Zertifikat.

    +

    Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu überprüfen, verwenden wir openssl:

    +
    # Verbindung über SMTP (587)
    +echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
    +# Verbindung über IMAP (143)
    +echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
    +# Verbindung über HTTPS (443)
    +echo "Q" | openssl s_client -connect mx.mailcow.email:443
    +
    +

    Um die von openssl zurückgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, können Sie unser Hilfsskript verwenden:

    +
    cd /opt/mailcow-dockerized
    +bash helper-scripts/expiry-dates.sh
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/post_installation/firststeps-sync_jobs_migration/index.html b/2.5/de/post_installation/firststeps-sync_jobs_migration/index.html new file mode 100644 index 000000000..454dda4a6 --- /dev/null +++ b/2.5/de/post_installation/firststeps-sync_jobs_migration/index.html @@ -0,0 +1,2612 @@ + + + + + + + + + + + + + + + + + + Migration von Sync-Jobs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Migration von Sync-Jobs

    + +

    Sync-Aufträge werden verwendet, um bestehende E-Mails von einem externen IMAP-Server oder innerhalb von mailcow's bestehenden Mailboxen zu kopieren oder zu verschieben.

    +
    +

    Info

    +

    Abhängig von der ACL Ihrer Mailbox haben Sie möglicherweise nicht die Möglichkeit, einen Sync-Job hinzuzufügen. Bitte kontaktieren Sie in diesem Fall Ihren Domain-Administrator.

    +
    +

    Einrichten eines Sync-Jobs

    +
      +
    1. +

      Erstellen Sie unter dem Punkt "Konfiguration > E-Mail-Setup" oder "Benutzereinstellungen" einen neuen Synchronisierungsauftrag.

      +
    2. +
    3. +

      Wenn Sie ein Administrator sind, wählen Sie den Benutzernamen der nachgelagerten mailcow-Mailbox im Dropdown-Menü "Benutzername".

      +
    4. +
    5. +

      Füllen Sie die Felder "Host" und "Port" mit den entsprechenden korrekten Werten des vorgelagerten IMAP-Servers aus.

      +
    6. +
    7. +

      Geben Sie in den Feldern "Benutzername" und "Passwort" die korrekten Zugangsdaten des vorgelagerten IMAP-Servers ein.

      +
    8. +
    9. +

      Wählen Sie die "Verschlüsselungsmethode". Wenn der vorgelagerte IMAP-Server Port 143 verwendet, ist es wahrscheinlich, dass die Verschlüsselungsmethode TLS und SSL für Port 993 ist. Sie können auch PLAIN-Authentifizierung verwenden, aber davon wird dringend abgeraten.

      +
    10. +
    11. +

      Alle anderen Felder können Sie so lassen, wie sie sind, oder sie nach Belieben ändern.

      +
    12. +
    13. +

      Vergewissern Sie sich, dass Sie "Aktiv" ankreuzen und klicken Sie auf "Hinzufügen".

      +
    14. +
    +
    +

    Info

    +

    Sobald Sie fertig sind, melden Sie sich in der Mailbox an und überprüfen Sie, ob alle E-Mails korrekt importiert wurden. Wenn alles gut geht, werden alle Ihre E-Mails in Ihrem neuen Postfach landen. Vergessen Sie nicht, den Synchronisierungsauftrag zu löschen oder zu deaktivieren, nachdem er verwendet wurde.

    +
    + +
    +
    + + + Letztes Update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/prerequisite/prerequisite-dns/index.html b/2.5/de/prerequisite/prerequisite-dns/index.html new file mode 100644 index 000000000..e36209921 --- /dev/null +++ b/2.5/de/prerequisite/prerequisite-dns/index.html @@ -0,0 +1,2823 @@ + + + + + + + + + + + + + + + + + + DNS Einstellungen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    DNS Einstellungen

    + +

    Nachstehend finden Sie eine Liste von empfohlenen DNS-Einträgen. Einige sind für einen Mailserver obligatorisch (A, MX), andere werden empfohlen, um eine gute Reputation aufzubauen (TXT/SPF) oder für die automatische Konfiguration von Mailclients verwendet (SRV).

    +

    Referenzen

    + +

    Reverse DNS Ihrer IP-Adresse

    +

    Stellen Sie sicher, dass der PTR-Eintrag Ihrer IP-Adresse mit dem FQDN Ihres mailcow-Hosts übereinstimmt: ${MAILCOW_HOSTNAME} 1. Dieser Eintrag wird normalerweise bei dem Provider gesetzt, von dem Sie die IP-Adresse (Server) gemietet haben.

    +

    Die minimale DNS-Konfiguration

    +

    Dieses Beispiel zeigt Ihnen eine Reihe von Einträgen für eine von mailcow verwaltete Domain. Jede Domain, die zu mailcow hinzugefügt wird, benötigt mindestens diesen Satz an Einträgen, um korrekt zu funktionieren.

    +
    # Name Typ Wert
    +mail IN A 1.2.3.4
    +autodiscover IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +autoconfig IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +@ IN MX 10 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +
    +

    Hinweis: Der mail DNS-Eintrag, der die Subdomain an die angegebene IP-Adresse bindet, muss nur für die Domain gesetzt werden, auf der mailcow läuft und die für den Zugriff auf das Webinterface verwendet wird. Für jede andere von mailcow verwaltete Domain leitet der MX-Eintrag den Datenverkehr entsprechend weiter.

    +

    DKIM, SPF und DMARC

    +

    Im folgenden Beispiel für eine DNS-Zonendatei wird ein einfacher SPF TXT-Eintrag verwendet, um nur DIESEM Server (dem MX) zu erlauben, E-Mails für Ihre Domäne zu senden. Jeder andere Server ist nicht zugelassen, kann es aber tun ("~all"). Weitere Informationen finden Sie im SPF-Projekt.

    +
    # Name Typ Wert
    +@ IN TXT "v=spf1 mx a -all"
    +
    +

    Es wird dringend empfohlen, einen DKIM TXT-Eintrag in Ihrer mailcow UI zu erstellen und den entsprechenden TXT-Eintrag in Ihren DNS-Einträgen zu setzen. Bitte lesen Sie OpenDKIM für weitere Informationen.

    +
    # Name Typ Wert
    +dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=..."
    +
    +

    Der letzte Schritt, um sich selbst und andere zu schützen, ist die Implementierung eines DMARC TXT-Datensatzes, zum Beispiel mit Hilfe des DMARC-Assistenten (check).

    +
    # Name Typ Wert
    +_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
    +
    +

    Die erweiterte DNS-Konfiguration

    +

    SRV-Einträge geben den/die Server für ein bestimmtes Protokoll in Ihrer Domäne an. Wenn Sie einen Dienst explizit als nicht bereitgestellt ankündigen wollen, geben Sie "." als Zieladresse an (statt "mail.example.org."). Bitte beachten Sie RFC 2782.

    +
    # Name Typ Priorität Gewicht Port Wert
    +_autodiscover._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_caldavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_caldavs._tcp IN TXT "path=/SOGo/dav/"
    +_carddavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_carddavs._tcp IN TXT "path=/SOGo/dav/"
    +_imap._tcp IN SRV 0 1 143 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_imaps._tcp IN SRV 0 1 993 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_pop3._tcp IN SRV 0 1 110 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_pop3s._tcp IN SRV 0 1 995 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_sieve._tcp IN SRV 0 1 4190 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_smtps._tcp IN SRV 0 1 465 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +_submission._tcp IN SRV 0 1 587 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
    +
    +

    Testen

    +

    Hier finden Sie einige Tools, mit denen Sie Ihre DNS-Konfiguration überprüfen können:

    + +

    Verschiedenes

    +

    Optionale DMARC-Statistiken

    +

    Wenn Sie an Statistiken interessiert sind, können Sie sich zusätzlich bei einem der vielen unten aufgeführten DMARC-Statistikdienste anmelden - oder Ihre eigene Statistik selbst hosten.

    +
    +

    Tipp

    +

    Es ist zu bedenken, dass wenn Sie DMARC-Statistik-Berichte an Ihren mailcow-Server anfordern und Ihr mailcow-Server nicht korrekt für den Empfang dieser Berichte konfiguriert ist, Sie möglicherweise keine genauen und vollständigen Ergebnisse erhalten. Bitte erwägen Sie die Verwendung einer alternativen E-Mail-Domain für den Empfang von DMARC-Berichten.

    +
    +

    Es ist erwähnenswert, dass die folgenden Vorschläge keine umfassende Liste aller verfügbaren Dienste und Tools sind, sondern nur eine kleine Auswahl der vielen Möglichkeiten.

    + +
    +

    Tipp

    +

    Diese Dienste stellen Ihnen möglicherweise einen TXT-Eintrag zur Verfügung, den Sie in Ihre DNS-Einträge einfügen müssen, so wie es der Anbieter vorschreibt. Bitte stellen Sie sicher, dass Sie die Dokumentation des Anbieters des von Ihnen gewählten Dienstes lesen, da dieser Prozess variieren kann.

    +
    +

    E-Mail-Test für SPF, DKIM und DMARC:

    +

    Um eine rudimentäre E-Mail-Authentifizierungsprüfung durchzuführen, senden Sie eine E-Mail an check-auth at verifier.port25.com und warten Sie auf eine Antwort. Sie werden einen Bericht ähnlich dem folgenden finden:

    +
    ==========================================================
    +Zusammenfassung der Ergebnisse
    +==========================================================
    +SPF-Prüfung: bestanden
    +"iprev"-Prüfung: bestanden
    +DKIM-Prüfung: bestanden
    +DKIM-Prüfung: bestanden
    +SpamAssassin-Prüfung: ham
    +
    +==========================================================
    +Einzelheiten:
    +==========================================================
    +....
    +
    +

    Der vollständige Bericht enthält weitere technische Details.

    +

    Fully Qualified Domain Name (FQDN)

    +
    +
    +
      +
    1. +

      Ein Fully Qualified Domain Name (FQDN) ist der vollständige (absolute) Domänenname für einen bestimmten Computer oder Host im Internet. Der FQDN besteht aus mindestens drei Teilen, die durch einen Punkt getrennt sind: dem Hostnamen, dem Domänennamen und der Top Level Domain (kurz TLD). Im Beispiel mx.mailcow.email wäre der Hostname mx, der Domainname mailcow und die TLD email

      +
    2. +
    +
    + +
    +
    + + + Letztes Update: + 2022-05-20 17:31:36 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/prerequisite/prerequisite-system/index.html b/2.5/de/prerequisite/prerequisite-system/index.html new file mode 100644 index 000000000..5dafd30ca --- /dev/null +++ b/2.5/de/prerequisite/prerequisite-system/index.html @@ -0,0 +1,2978 @@ + + + + + + + + + + + + + + + + + + Systemvoraussetzungen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Systemvoraussetzungen

    + +

    Bevor Sie mailcow: dockerized ausführen, sollten Sie einige Voraussetzungen überprüfen:

    +
    +

    Achtung

    +

    Versuchen Sie nicht, mailcow auf einem Synology/QNAP-Gerät (jedes NAS), OpenVZ, LXC oder anderen Container-Plattformen zu installieren. KVM, ESX, Hyper-V und andere vollständige Virtualisierungsplattformen werden unterstützt.

    +
    +
    +

    Info

    +
      +
    • mailcow: dockerized erfordert, dass einige Ports für eingehende Verbindungen offen sind, also stellen Sie sicher, dass Ihre Firewall diese nicht blockiert.
    • +
    • Stellen Sie sicher, dass keine andere Anwendung die Konfiguration von mailcow stört, wie z.B. ein anderer Maildienst
    • +
    • Ein korrektes DNS-Setup ist entscheidend für jedes gute Mailserver-Setup, also stellen Sie bitte sicher, dass Sie zumindest die basics abgedeckt haben, bevor Sie beginnen!
    • +
    • Stellen Sie sicher, dass Ihr System ein korrektes Datum und eine korrekte Zeiteinstellung hat. Dies ist entscheidend für verschiedene Komponenten wie die Zwei-Faktor-TOTP-Authentifizierung.
    • +
    +
    +

    Minimale Systemressourcen

    +
    +

    Nicht unterstützt

    +

    OpenVZ, Virtuozzo und LXC

    +
    +

    Bitte stellen Sie sicher, dass Ihr System mindestens über die folgenden Ressourcen verfügt:

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    Ressourcemailcow: dockerized
    CPU1 GHz
    RAMMinimum 6 GiB + 1 GiB Swap (Standardkonfiguration)
    Festplatte20 GiB (ohne Emails)
    Systemtypx86_64
    +

    ClamAV und Solr können sehr viel Arbeitspeicher verbrauchen. Sie können diese in der mailcow.conf durch die Einstellungen SKIP_CLAMD=y und SKIP_SOLR=y jedoch auch deaktivieren.

    +
    +

    Info

    +

    Wir sind uns bewusst, dass ein reiner MTA auf 128 MiB RAM laufen kann. +mailcow ist eine ausgewachsene und gebrauchsfertige Groupware mit vielen Extras, die das Leben einfacher machen. +Diese kommt mit einem Webserver, Webmailer, ActiveSync (MS), Antivirus, Antispam, Indexierung (Solr), Dokumentenscanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, verschiedenen Webdiensten etc.

    +
    +

    Ein einzelner SOGo-Worker kann ~350 MiB RAM belegen, bevor er geleert wird. Je mehr ActiveSync-Verbindungen Sie verwenden möchten, desto mehr RAM wird benötigt. In der Standardkonfiguration werden 20 Arbeiter erzeugt.

    +

    Beispiele für die RAM Planung

    +

    Ein Unternehmen mit 15 Smartphones (EAS aktiviert) und etwa 50 gleichzeitigen IMAP-Verbindungen sollte 16 GiB RAM einplanen.

    +

    6 GiB RAM + 1 GiB Swap sind für die meisten privaten Installationen ausreichend, während 8 GiB RAM für ~5 bis 10 Benutzer empfohlen werden.

    +

    Im Rahmen unseres Supports können wir Ihnen bei der korrekten Planung Ihres Setups helfen.

    +

    Unterstützte Betriebssysteme

    +

    Grundsätzlich kann mailcow auf jeder Distribution verwendet werden, die von Docker CE unterstützt wird (siehe https://docs.docker.com/install/). +Es kann jedoch in vereinzelten Fällen zu einer Inkompatibilität der Betriebssysteme und den mailcow Komponenten kommen.

    +

    Die folgende Tabelle enthält alle von uns offiziell unterstützten und getesteten Betriebssysteme (Stand November 2022):

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    BetriebssystemKompatibilität
    Alpine 3.16 und älter⚠️
    Centos 7
    Debian 10, 11
    Ubuntu 18.04, 20.04, 22.04
    Rocky Linux 9
    +
    +

    Legende

    ✅ = Funktioniert out of the box anhand der Anleitung.
    +⚠️ = Erfordert einige manuelle Anpassungen, sonst aber nutzbar.
    +❌ = Generell NICHT Kompatibel.
    +❔ = Ausstehend.

    +

    +
    +

    Hinweis: Andere (nicht genannte Betriebssysteme) können auch funktionieren, sind jedoch nicht offiziell getestet worden.

    +

    Firewall & Ports

    +

    Bitte überprüfen Sie, ob alle Standard-Ports von mailcow offen sind und nicht von anderen Anwendungen genutzt werden:

    +
    ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +# oder:
    +netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +
    +
    +

    Vorsicht

    +

    Es gibt einige Probleme mit dem Betrieb von mailcow auf einem Firewalld/ufw aktivierten System.
    +Sie sollten es deaktivieren (wenn möglich) und stattdessen Ihren Regelsatz in die DOCKER-USER-Kette verschieben, die nicht durch einen Neustart des Docker-Dienstes gelöscht wird.
    +Siehe diese (blog.donnex.net) oder diese (unrouted.io) Anleitung für Informationen darüber, wie man iptables-persistent mit der DOCKER-USER Kette benutzt.
    +Da mailcow im Docker-Modus läuft, haben INPUT-Regeln keinen Effekt auf die Beschränkung des Zugriffs auf mailcow.
    +Verwenden Sie stattdessen die FORWARD-Kette.

    +
    +

    Wenn dieser Befehl irgendwelche Ergebnisse liefert, entfernen oder stoppen Sie bitte die Anwendung, die auf diesem Port läuft. Sie können mailcows Ports auch über die Konfigurationsdatei mailcow.conf anpassen.

    +

    Standard Ports

    +

    Wenn Sie eine Firewall vor mailcow haben, stellen Sie bitte sicher, dass diese Ports für eingehende Verbindungen offen sind:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DienstProtokollPortContainerVariable
    Postfix SMTPTCP25postfix-mailcow${SMTP_PORT}
    Postfix SMTPSTCP465postfix-mailcow${SMTPS_PORT}
    Postfix SubmissionTCP587postfix-mailcow${SUBMISSION_PORT}
    Dovecot IMAPTCP143dovecot-mailcow${IMAP_PORT}
    Dovecot IMAPSTCP993dovecot-mailcow${IMAPS_PORT}
    Dovecot POP3TCP110dovecot-mailcow${POP_PORT}
    Dovecot POP3STCP995dovecot-mailcow${POPS_PORT}
    Dovecot ManageSieveTCP4190dovecot-mailcow${SIEVE_PORT}
    HTTP(S)TCP80/443nginx-mailcow${HTTP_PORT} / ${HTTPS_PORT}
    +

    Um einen Dienst an eine IP-Adresse zu binden, können Sie die IP-Adresse wie folgt voranstellen: SMTP_PORT=1.2.3.4:25

    +

    Wichtig: Sie können keine IP:PORT-Bindungen in HTTP_PORT und HTTPS_PORT verwenden. Bitte verwenden Sie stattdessen HTTP_PORT=1234 und HTTP_BIND=1.2.3.4.

    +

    Wichtig für Hetzner Firewalls

    +

    Ich zitiere https://github.com/chermsen über https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (DANKE!):

    +

    Für alle, die mit der Hetzner-Firewall zu kämpfen haben:

    +

    Port 53 ist in diesem Fall für die Firewall-Konfiguration unwichtig. Laut Dokumentation verwendet unbound den Portbereich 1024-65535 für ausgehende Anfragen. +Da es sich bei der Hetzner Robot Firewall um eine statische Firewall handelt (jedes eingehende Paket wird isoliert geprüft) - müssen die folgenden Regeln angewendet werden:

    +

    Für TCP +

    SRC-IP: ---
    +DST-IP: ---
    +SRC-Port: ---
    +DST-Port: 1024-65535
    +Protokoll: tcp
    +TCP-Flags: ack
    +Aktion:      Akzeptieren
    +

    +

    Für UDP +

    SRC-IP: ---
    +DST-IP: ---
    +SRC-Port: ---
    +DST-Port: 1024-65535
    +Protokoll: udp
    +Aktion:      Akzeptieren
    +

    +

    Wenn man einen restriktiveren Portbereich anwenden will, muss man zuerst die Konfiguration von unbound ändern (nach der Installation):

    +

    {mailcow-dockerized}/data/conf/unbound/unbound.conf: +

    ausgehender-Port-vermeiden: 0-32767
    +

    +

    Nun können die Firewall-Regeln wie folgt angepasst werden:

    +
    [...]
    +DST Port: 32768-65535
    +[...]
    +
    +

    Datum und Uhrzeit

    +

    Um sicherzustellen, dass Sie das richtige Datum und die richtige Zeit auf Ihrem System eingestellt haben, überprüfen Sie bitte die Ausgabe von timedatectl status:

    +
    $ timedatectl status
    +      Lokale Zeit: Sat 2017-05-06 02:12:33 CEST
    +  Weltzeit: Sa 2017-05-06 00:12:33 UTC
    +        RTC-Zeit: Sa 2017-05-06 00:12:32
    +       Zeitzone: Europa/Berlin (MESZ, +0200)
    +     NTP aktiviert: ja
    +NTP synchronisiert: ja
    + RTC in lokaler TZ: nein
    +      Sommerzeit aktiv: ja
    + Letzte DST-Änderung: Sommerzeit begann am
    +                  Sonne 2017-03-26 01:59:59 MEZ
    +                  So 2017-03-26 03:00:00 MESZ
    + Nächste Sommerzeitänderung: Die Sommerzeit endet (die Uhr springt eine Stunde rückwärts) am
    +                  Sun 2017-10-29 02:59:59 MESZ
    +                  Sun 2017-10-29 02:00:00 MEZ
    +
    +

    Die Zeilen NTP aktiviert: ja und NTP synchronisiert: ja zeigen an, ob Sie NTP aktiviert haben und ob es synchronisiert ist.

    +

    Um NTP zu aktivieren, müssen Sie den Befehl timedatectl set-ntp true ausführen. Sie müssen auch Ihre /etc/systemd/timesyncd.conf bearbeiten:

    +
    # vim /etc/systemd/timesyncd.conf
    +[Zeit]
    +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
    +
    +

    Hetzner Cloud (und wahrscheinlich andere)

    +

    Prüfen Sie /etc/network/interfaces.d/50-cloud-init.cfg und ändern Sie die IPv6-Schnittstelle von eth0:0 auf eth0:

    +
    # Falsch:
    +auto eth0:0
    +iface eth0:0 inet6 static
    +# Richtig:
    +auto eth0
    +iface eth0 inet6 static
    +
    +

    Starten Sie die Schnittstelle neu, um die Einstellungen zu übernehmen. +Sie können außerdem die cloud-init Netzwerkänderungen deaktivieren.

    +

    MTU

    +

    Besonders relevant für OpenStack-Benutzer: Überprüfen Sie Ihre MTU und setzen Sie sie entsprechend in docker-compose.yml. Siehe Problebehandlungen in unseren Installationsanleitungen.

    + +
    +
    + + + Letztes Update: + 2022-11-03 12:00:08 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/borgmatic/third_party-borgmatic/index.html b/2.5/de/third_party/borgmatic/third_party-borgmatic/index.html new file mode 100644 index 000000000..0d082b034 --- /dev/null +++ b/2.5/de/third_party/borgmatic/third_party-borgmatic/index.html @@ -0,0 +1,2998 @@ + + + + + + + + + + + + + + + + + + Borgmatic-Sicherung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Borgmatic Backup

    +

    Einführung

    +

    Borgmatic ist ein großartiger Weg, um Backups auf Ihrem Mailcow-Setup durchzuführen, da es Ihre Daten sicher verschlüsselt und extrem einfach zu +einzurichten.

    +

    Aufgrund seiner Deduplizierungsfähigkeiten können Sie eine große Anzahl von Backups speichern, ohne große Mengen an Speicherplatz zu verschwenden. +So können Sie Backups in sehr kurzen Abständen durchführen, um einen minimalen Datenverlust zu gewährleisten, wenn die Notwendigkeit besteht +Daten aus einer Sicherung wiederherzustellen.

    +

    Dieses Dokument führt Sie durch den Prozess zur Aktivierung kontinuierlicher Backups für mailcow mit borgmatic. Die borgmatic +Funktionalität wird durch das borgmatic Docker Image bereitgestellt. Schauen Sie sich +die README in diesem Repository, um mehr über die anderen Optionen (wie z.B. Push-Benachrichtigungen) zu erfahren, die verfügbar sind. +Diese Anleitung behandelt nur die Grundlagen.

    +

    Einrichten von borgmatic

    +

    Erstellen oder ändern Sie docker-compose.override.yml

    +

    Im mailcow-dockerized Stammverzeichnis erstellen oder bearbeiten Sie docker-compose.override.yml und fügen Sie die folgende +Konfiguration ein: +

    version: '2.1'
    +
    +services:
    +  borgmatic-mailcow:
    +    image: ghcr.io/borgmatic-collective/borgmatic
    +    hostname: mailcow
    +    restart: always
    +    dns: ${IPV4_NETWORK:-172.22.1}.254
    +    volumes:
    +      - vmail-vol-1:/mnt/source/vmail:ro
    +      - crypt-vol-1:/mnt/source/crypt:ro
    +      - redis-vol-1:/mnt/source/redis:ro,z
    +      - rspamd-vol-1:/mnt/source/rspamd:ro,z
    +      - postfix-vol-1:/mnt/source/postfix:ro,z
    +      - mysql-socket-vol-1:/var/run/mysqld/:z
    +      - borg-config-vol-1:/root/.config/borg:Z
    +      - borg-cache-vol-1:/root/.cache/borg:Z
    +      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
    +      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
    +    environment:
    +      - TZ=${TZ}
    +      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
    +    networks:
    +      mailcow-network:
    +        aliases:
    +          - borgmatic
    +
    +volumes:
    +  borg-cache-vol-1:
    +  borg-config-vol-1:
    +

    +

    Stellen Sie sicher, dass Sie die BORG_PASSPHRASE in eine sichere Passphrase Ihrer Wahl ändern.

    +

    Aus Sicherheitsgründen mounten wir das maildir als schreibgeschützt. Wenn Sie später Daten wiederherstellen wollen, +müssen Sie das ro-Flag entfernen, bevor Sie die Daten wiederherstellen. Dies wird im Abschnitt über die Wiederherstellung von Backups beschrieben.

    +

    Erstellen Sie data/conf/borgmatic/etc/config.yaml

    +

    Als nächstes müssen wir die borgmatic-Konfiguration erstellen.

    +
    source mailcow.conf
    +cat <<EOF > data/conf/borgmatic/etc/config.yaml
    +location:
    +    source_directories:
    +        - /mnt/source
    +    repositories:
    +        - ssh://user@rsync.net:22/./mailcow
    +    exclude_patterns:
    +        - '/mnt/source/postfix/public/'
    +        - '/mnt/source/postfix/private/'
    +        - '/mnt/source/rspamd/rspamd.sock'
    +
    +retention:
    +    keep_hourly: 24
    +    keep_daily: 7
    +    keep_weekly: 4
    +    keep_monthly: 6
    +    prefix: ""
    +
    +hooks:
    +    mysql_databases:
    +        - name: ${DBNAME}
    +          username: ${DBUSER}
    +          password: ${DBPASS}
    +          options: --default-character-set=utf8mb4
    +EOF
    +
    +

    Das Erstellen der Datei auf diese Weise stellt sicher, dass die korrekten MySQL-Zugangsdaten aus mailcow.conf übernommen werden.

    +

    Diese Datei ist ein minimales Beispiel für die Verwendung von borgmatic mit einem Konto user beim Cloud-Speicheranbieter rsync.net für +ein Repository namens mailcow (siehe repositories Einstellung). Es wird sowohl das maildir als auch die MySQL-Datenbank sichern, was alles ist +was alles ist, was Sie brauchen, um Ihr mailcow Setup nach einem Vorfall wiederherzustellen. Die Aufbewahrungseinstellungen werden ein Archiv für +jede Stunde der letzten 24 Stunden, eines pro Tag der Woche, eines pro Woche des Monats und eines pro Monat des letzten halben +Jahr.

    +

    Schauen Sie in der borgmatic Dokumentation nach, wie Sie andere Arten von Repositories oder +Konfigurationsoptionen. Wenn Sie ein lokales Dateisystem als Backup-Ziel verwenden, stellen Sie sicher, dass Sie es in den +Container einbinden. Der Container definiert zu diesem Zweck ein Volume namens /mnt/borg-repository.

    +
    +

    Note

    +

    Wenn Sie rsync.net nicht verwenden, können Sie wahrscheinlich das Element remote_path aus Ihrer Konfiguration streichen.

    +
    +

    Erstellen Sie einen crontab

    +

    Erstellen Sie eine neue Textdatei in data/conf/borgmatic/etc/crontab.txt mit folgendem Inhalt:

    +
    14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1
    +
    +

    Diese Datei erwartet eine crontab-Syntax. Das hier gezeigte Beispiel veranlasst das Backup, jede Stunde um 14 Minuten nach +nach der vollen Stunde auszuführen und am Ende einige nette Statistiken zu protokollieren.

    +

    SSH-Schlüssel in Ordner ablegen

    +

    Legen Sie die SSH-Schlüssel, die Sie für entfernte Repository-Verbindungen verwenden wollen, in data/conf/borgmatic/ssh ab. OpenSSH erwartet die +übliche id_rsa, id_ed25519 oder ähnliches in diesem Verzeichnis zu finden. Stellen Sie sicher, dass die Datei chmod 600 ist und nicht von der Welt gelesen werden kann +oder OpenSSH wird sich weigern, den SSH-Schlüssel zu benutzen.

    +

    Den Container hochfahren

    +

    Für den nächsten Schritt müssen wir den Container in einem konfigurierten Zustand hochfahren und laufen lassen. Um das zu tun, führen Sie aus:

    +
    docker compose up -d
    +
    +

    Wiederherstellung von einem Backup

    +

    Das Wiederherstellen eines Backups setzt voraus, dass Sie mit einer neuen Installation von mailcow beginnen, und dass Sie derzeit keine +keine benutzerdefinierten Daten in ihrem maildir oder ihrer mailcow Datenbank.

    +

    Wiederherstellen von maildir

    +
    +

    Warning

    +

    Dies wird Dateien in Ihrem maildir überschreiben! Führen Sie dies nicht aus, es sei denn, Sie beabsichtigen tatsächlich, Mail +Dateien von einem Backup wiederherzustellen.

    +
    +
    +

    Wenn Sie SELinux im Erzwingungsmodus verwenden

    +

    Wenn Sie mailcow auf einem Host mit SELinux im Enforcing-Modus verwenden, müssen Sie es vorübergehend deaktivieren während +während der Extraktion des Archivs vorübergehend deaktivieren, da das Mailcow-Setup das vmail-Volumen als privat kennzeichnet, das ausschließlich dem Dovecot-Container +ausschließlich. SELinux wird (berechtigterweise) jeden anderen Container, wie z.B. den borgmatic Container, daran hindern, auf +dieses Volume zu schreiben.

    +
    +

    Bevor Sie eine Wiederherstellung durchführen, müssen Sie das vmail-Volume in docker-compose.override.yml beschreibbar machen, indem Sie das +das ro-Flag aus dem Volume entfernen. +Dann können Sie den folgenden Befehl verwenden, um das Maildir aus einem Backup wiederherzustellen:

    +
    docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
    +
    +

    Alternativ können Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe +Auflistung aller verfügbaren Archive)

    +

    MySQL wiederherstellen

    +
    +

    Warning

    +

    Die Ausführung dieses Befehls löscht und erstellt die mailcow-Datenbank neu! Führen sie diesen Befehl nicht aus, es sei denn sie beabsichtigen, die mailcow-Datenbank von einem Backup wiederherzustellen.

    +
    +

    Um die MySQL-Datenbank aus dem letzten Archiv wiederherzustellen, verwenden Sie diesen Befehl:

    +
    docker compose exec borgmatic-mailcow borgmatic restore --archive latest
    +
    +

    Alternativ können Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe +Auflistung aller verfügbaren Archive)

    +

    Nach der Wiederherstellung

    +

    Nach der Wiederherstellung müssen Sie mailcow neu starten. Wenn Sie den SELinux-Erzwingungsmodus deaktiviert haben, wäre jetzt ein guter Zeitpunkt, um +ihn wieder zu aktivieren.

    +

    Um mailcow neu zu starten, verwenden Sie den folgenden Befehl:

    +
    docker compose down && docker compose up -d
    +
    +

    Wenn Sie SELinux verwenden, werden dadurch auch alle Dateien in Ihrem vmail-Volume neu benannt. Seien Sie geduldig, denn dies kann +eine Weile dauern kann, wenn Sie viele Dateien haben.

    +

    Nützliche Befehle

    +

    Manueller Archivierungslauf (mit Debugging-Ausgabe)

    +
    docker compose exec borgmatic-mailcow borgmatic -v 2
    +
    +

    Auflistung aller verfügbaren Archive

    +
    docker compose exec borgmatic-mailcow borgmatic list
    +
    +

    Sperre aufheben

    +

    Wenn borg während eines Archivierungslaufs unterbrochen wird, hinterlässt es eine veraltete Sperre, die gelöscht werden muss, bevor +neue Operationen durchgeführt werden können:

    +
    docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
    +
    +

    Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.

    +

    Jetzt wäre ein guter Zeitpunkt, einen manuellen Archivierungslauf durchzuführen, um sicherzustellen, dass er erfolgreich durchgeführt werden kann.

    +

    Exportieren von Schlüsseln

    +

    Wenn Sie eine der keyfile-Methoden zur Verschlüsselung verwenden, MÜSSEN Sie sich selbst um die Sicherung der Schlüsseldateien kümmern. Die +Schlüsseldateien werden erzeugt, wenn Sie das Repository initialisieren. Die repokey-Methoden speichern die Schlüsseldatei innerhalb des +Repository, so dass eine manuelle Sicherung nicht so wichtig ist.

    +

    Beachten Sie, dass Sie in beiden Fällen auch die Passphrase haben müssen, um die Archive zu entschlüsseln.

    +

    Um die keyfile zu holen, führen Sie aus:

    +
    docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
    +
    +

    Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.

    + +
    +
    + + + Letztes Update: + 2022-11-04 14:12:24 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/checkmk/u_e-checkmk/index.html b/2.5/de/third_party/checkmk/u_e-checkmk/index.html new file mode 100644 index 000000000..3aa3237ea --- /dev/null +++ b/2.5/de/third_party/checkmk/u_e-checkmk/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + CheckMK - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CheckMK

    + +

    Mailcow bietet mittels dem eigenen Update-Script die Möglichkeit zu prüfen ob Updates vorhanden sind.

    +

    Sofern mailcow-Updates mittels checkmk abgefragt werden soll, kann man im local-Verzeichnis des checkmk-Agents (normalerweise /usr/lib/check_mk_agent/local/) eine ausführbare Datei mit dem Namen mailcow_update und nachfolgendem Inhalt erstellen:

    +
    #!/bin/bash
    +cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null
    +status=$?
    +if [ $status -eq 3 ]; then
    +  echo "0 \"mailcow_update\" mailcow_update=0;1;;0;1 No updates available."
    +elif [ $status -eq 0 ]; then
    +  echo "1 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +else
    +  echo "3 \"mailcow_update\" - Unknown output from update script ..."
    +fi
    +exit
    +
    +

    Sofern das mailcow-Installationsverzeichnis nicht /opt/ ist, ist das in der 2. Zeile anzupassen.

    +

    Danach für den mailcow-Host in checkmk die Services neu inventarisieren und es sollte ein neuer Check mit Namen mailcow_update auswählbar sein.

    +

    Der Check mailcow_update wird jedes Mal ausgeführt, wenn der checkmk Agent den mailcow Server überprüft. Sie können das Ergebnis zwischenspeichern, indem Sie das Skript in einem Unterordner mit dem Namen der Anzahl von Sekunden ablegen, für die Sie es zwischenspeichern möchten. \ +/usr/lib/check_mk_agent/local/3600/ speichert die Antwort für 3600 Sekunden (1 Stunde).

    +

    Screenshots

    +

    Keine Updates verfügbar

    +

    Sofern keine Updates vorhanden sind, wird OK ausgegeben.

    +

    No update available

    +

    Neue Updates verfügbar

    +

    Sofern Updates vorhanden sind, wird WARN ausgegeben.

    +

    Updates available

    +

    Sollte stattdessen CRIT gewünscht sein, ist die 7. Zeile durch folgendes zu ersetzen:

    +
      echo "2 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +
    +

    Detailierter Check-Output

    +

    Long check output

    +
      +
    • Hier wird ein Link zu den GitHub Commits von mailcow ausgegeben, sofern Updates verfügbar sind.
    • +
    • Metriken werden ebenfalls ausgegeben (nicht nur bei vorhandenen Updates):
    • +
    • 0 = Keine Updates verfügbar
    • +
    • 1 = Neue Updates verfügbar
    • +
    + +
    +
    + + + Letztes Update: + 2022-11-08 12:01:39 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/exchange_onprem/third_party-exchange_onprem/index.html b/2.5/de/third_party/exchange_onprem/third_party-exchange_onprem/index.html new file mode 100644 index 000000000..3d276ba3b --- /dev/null +++ b/2.5/de/third_party/exchange_onprem/third_party-exchange_onprem/index.html @@ -0,0 +1,2688 @@ + + + + + + + + + + + + + + + + + + Exchange Hybrid Setup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Exchange Hybrid Setup

    + +

    Die Verwendung von Microsoft Exchange in einem hybriden Setup ist mit mailcow möglich. Mit diesem Setup können Sie Postfächer auf Ihrer mailcow hinzufügen und trotzdem Exchange Online Protection nutzen. +Alle Postfächer, die in Exchange eingerichtet sind, erhalten ihre Mails wie gewohnt, während mit dem hybriden Ansatz zusätzliche Postfächer in mailcow ohne weitere Konfiguration eingerichtet werden können.

    +

    Dieses Setup ist sehr praktisch, wenn Sie die Office 365 Sicherheitsvorgaben aktiviert haben und Anwendungen von Drittanbietern sich nicht mehr in Ihre Postfächer mit einer der unterstützten Methoden einloggen können.

    +

    Voraussetzungen

    +
      +
    • Der mx Record Ihrer Domain muss auf den Exchange Mail Service zeigen. Melden Sie sich in Ihrem Admin-Center an und suchen Sie in den DNS-Einstellungen Ihrer Domäne nach Ihrer personalisierten Gateway-Domäne. Sie sollte wie folgt aussehen: contoso-com.mail.protection.outlook.com. Wenden Sie sich an Ihren Domainregistrator, um weitere Informationen zur Änderung des mx-Eintrags zu erhalten.
    • +
    • Die Domäne, für die Sie zusätzliche Postfächer haben möchten, muss in Exchange als "Interne Relay-Domäne" eingerichtet werden.
        +
      1. Melden Sie sich bei Ihrem Exchange Admin Center an.
      2. +
      3. Wählen Sie den Bereich "Mailflow" und klicken Sie auf "Akzeptierte Domänen".
      4. +
      5. Wählen Sie die Domäne aus und schalten Sie sie von "autorisiert" auf "internes Relais" um.
      6. +
      +
    • +
    +

    Einrichten der Mailcow

    +

    Ihre Mailcow muss alle Mails an Ihren personalisierten Exchange Host weiterleiten. Es ist die gleiche Host-Adresse, die wir bereits für den mx Record gesucht haben.

    +
      +
    1. Fügen Sie die Domain zu Ihrer Mailcow hinzu
    2. +
    3. Fügen Sie Ihre personalisierte Exchange Host Adresse als relayhost hinzu
    4. +
    5. Fügen Sie Ihre personalisierte Exchange Host Adresse als Weiterleitungshost hinzu, um alle weitergeleiteten Mails von Exchange bedingungslos zu akzeptieren. (Admin > Konfiguration & Details > Konfigurations-Dropdown > Weiterleitungshosts)
    6. +
    7. Gehen Sie zu den Domäneneinstellungen und wählen Sie den neu hinzugefügten Host in der Dropdown-Liste "Absenderabhängige Transporte" aus. Aktivieren Sie die Weiterleitung, indem Sie die Kontrollkästchen "Diese Domäne weiterleiten", "Alle Empfänger weiterleiten" und "Nur nicht vorhandene Postfächer weiterleiten" aktivieren.
    8. +
    +
    +

    Info

    +

    Von nun an wird Ihre Mailcow alle Mails akzeptieren, die von Exchange weitergeleitet werden. Die Eingangsfilterung und damit das neuronale Lernen Ihrer Kuh wird nicht mehr funktionieren. Da alle Mails über Exchange geroutet werden, wird der Filterungsprozess dort abgewickelt.

    +
    +

    Connectors in Exchange einrichten

    +

    Der gesamte Mailverkehr läuft nun über Exchange. Zu diesem Zeitpunkt filtert der Exchange Online-Schutz bereits alle ein- und ausgehenden Mails. Jetzt müssen wir zwei Konnektoren einrichten, um eingehende Mails von unserem Exchange Service an die Mailcow weiterzuleiten und einen weiteren, um Mails zuzulassen, die von der Mailcow an unseren Exchange Service weitergeleitet werden. Sie können der [offiziellen Anleitung von Microsoft] folgen (https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#2-set-up-a-connector-from-microsoft-365-or-office-365-to-your-email-server).

    +
    +

    Warning

    +

    Für den Connector, der die Mails von Ihrer Mailcow zu Exchange weiterleitet, bietet Microsoft zwei Möglichkeiten der Authentifizierung an. Der empfohlene Weg ist die Verwendung eines tls-Zertifikats, das mit einem Subject-Namen konfiguriert ist, der mit einer akzeptierten Domäne in Exchange übereinstimmt. Andernfalls müssen Sie die Authentifizierung mit der statischen IP-Adresse Ihrer Mailcow wählen.

    +
    +

    Validierung

    +

    Der einfachste Weg, die hybride Einrichtung zu überprüfen, ist das Senden einer Mail aus dem Internet an eine Mailbox, die nur auf der Mailcow existiert und andersherum.

    +

    Allgemeine Probleme

    +
      +
    • Die Validierung des Connectors von Exchange zu Ihrer Mailcow schlug fehl mit 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup
      +Mögliche Lösung: Ihre Domäne ist nicht als "internes Relay" eingerichtet. Exchange kann daher den Empfänger nicht finden.
    • +
    • Mails, die von der Mailcow an eine Mailbox im Internet gesendet werden, können nicht zugestellt werden. Non Delivery Report mit Fehler 550 5.7.64 TenantAttribution; Relay Access Denied
      +Mögliche Lösung: Die Authentifizierungsmethode ist fehlgeschlagen. Stellen Sie sicher, dass der Betreff des Zertifikats mit einer akzeptierten Domäne in Exchange übereinstimmt. Versuchen Sie stattdessen die Authentifizierung über eine statische IP.
    • +
    +

    Microsoft-Anleitung für die Einrichtung des Connectors und zusätzliche Anforderungen: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment

    + +
    +
    + + + Letztes Update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/gitea/third_party-gitea/index.html b/2.5/de/third_party/gitea/third_party-gitea/index.html new file mode 100644 index 000000000..a3e191a59 --- /dev/null +++ b/2.5/de/third_party/gitea/third_party-gitea/index.html @@ -0,0 +1,2568 @@ + + + + + + + + + + + + + + + + + + Gitea - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gitea

    + +

    Mit der Fähigkeit von Gitea, sich über SMTP zu authentifizieren, ist es trivial, es mit mailcow zu integrieren. Es sind nur wenige Änderungen erforderlich:

    +

    1. Öffnen Sie docker-compose.override.yml und fügen Sie Gitea hinzu:

    +
    version: '2.1'
    +services:
    +
    +        gitea-mailcow:
    +            image: gitea/gitea:1
    +            volumes:
    +                - ./data/gitea:/data
    +            networks:
    +                mailcow-network:
    +                    aliases:
    +                        - gitea
    +            ports:
    +                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Erstellen Sie data/conf/nginx/site.gitea.custom, fügen Sie folgendes hinzu: +

    location /gitea/ {
    +        proxy_pass http://gitea:3000/;
    +}
    +

    +

    3. Öffne mailcow.conf und definiere den Port Bind, den Gitea für SSH verwenden soll. Beispiel:

    +
    GITEA_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Führen Sie docker compose up -d aus, um den Gitea-Container hochzufahren und führen Sie anschließend docker compose restart nginx-mailcow aus.

    +

    6. Wenn Sie mailcow zu https gezwungen haben, führen Sie Schritt 9 aus und starten Sie gitea mit docker compose restart gitea-mailcow neu. Fahren Sie mit Schritt 7 fort (Denken Sie daran, https anstelle von http zu verwenden, https://mx.example.org/gitea/

    +

    7. Öffnen Sie http://${MAILCOW_HOSTNAME}/gitea/, zum Beispiel http://mx.example.org/gitea/. Für die Datenbankdetails stellen Sie mysql als Datenbankhost ein. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

    +

    8. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

    +

    9. Erstellen Sie data/gitea/gitea/conf/app.ini und setzen Sie die folgenden Werte. Sie können gitea cheat sheet, leider bisher nur in Englisch verfügbar für deren Bedeutung und andere mögliche Werte konsultieren.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# Für GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
    +ROOT_URL = https://mx.example.org/gitea/
    +
    +

    10. Starten Sie gitea neu mit docker compose restart gitea-mailcow. Ihre Nutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten anzumelden.

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/gogs/third_party-gogs/index.html b/2.5/de/third_party/gogs/third_party-gogs/index.html new file mode 100644 index 000000000..f9f4cc821 --- /dev/null +++ b/2.5/de/third_party/gogs/third_party-gogs/index.html @@ -0,0 +1,2567 @@ + + + + + + + + + + + + + + + + + + Gogs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gogs

    + +

    Mit Gogs' Fähigkeit, sich über SMTP zu authentifizieren, ist es einfach, es mit mailcow zu verbinden. Es sind nur wenige Änderungen erforderlich:

    +

    1. Öffne docker-compose.override.yml und füge Gogs hinzu:

    +
    version: '2.1'
    +services:
    +
    +    gogs-mailcow:
    +      image: gogs/gogs
    +      volumes:
    +        - ./data/gogs:/data
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - gogs
    +      ports:
    +        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Erstelle data/conf/nginx/site.gogs.custom, füge hinzu: +

    location /gogs/ {
    +    proxy_pass http://gogs:3000/;
    +}
    +

    +

    3. Öffne mailcow.conf und definiere die Bindung, die Gogs für SSH verwenden soll. Beispiel:

    +
    GOGS_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Führen Sie docker compose up -d aus, um den Gogs-Container hochzufahren und führen Sie anschließend docker compose restart nginx-mailcow aus.

    +

    6. Öffnen Sie http://${MAILCOW_HOSTNAME}/gogs/, zum Beispiel http://mx.example.org/gogs/. Für Datenbank-Details setzen Sie mysql als Datenbank-Host. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

    +

    7. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

    +

    8. Erstellen Sie data/gogs/gogs/conf/app.ini und setzen Sie die folgenden Werte. Sie können Gogs cheat sheet für ihre Bedeutung und andere mögliche Werte konsultieren.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# Für GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
    +ROOT_URL = https://mx.example.org/gogs/
    +
    +

    9. Starten Sie Gogs neu mit docker compose restart gogs-mailcow. Ihre Benutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten einzuloggen.

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/mailman3/third_party-mailman3/index.html b/2.5/de/third_party/mailman3/third_party-mailman3/index.html new file mode 100644 index 000000000..28809352c --- /dev/null +++ b/2.5/de/third_party/mailman3/third_party-mailman3/index.html @@ -0,0 +1,3170 @@ + + + + + + + + + + + + + + + + + + Mailman 3 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installation von mailcow und Mailman 3 auf der Basis von dockerisierten Versionen

    +
    +

    Info

    +

    Diese Anleitung ist eine Kopie von dockerized-mailcow-mailman. Bitte posten Sie Probleme, Fragen und Verbesserungen in den issue tracker dort.

    +
    +
    +

    Warning

    +

    mailcow ist nicht verantwortlich für Datenverlust, Hardwareschäden oder kaputte Tastaturen. Diese Anleitung kommt ohne jegliche Garantie. Macht Backups bevor ihr anfangt, Kein Backup kein Mitleid!

    +
    +

    Einleitung

    +

    Diese Anleitung zielt darauf ab, mailcow-dockerized mit [docker-mailman] (https://github.com/maxking/docker-mailman) zu installieren und zu konfigurieren und einige nützliche Skripte bereitzustellen. Eine wesentliche Bedingung ist, dass mailcow und Mailman in ihren eigenen Installationen für unabhängige Updates erhalten bleiben.

    +

    Es gibt einige Anleitungen und Projekte im Internet, aber sie sind nicht auf dem neuesten Stand und/oder unvollständig in der Dokumentation oder Konfiguration. Diese Anleitung basiert auf der Arbeit von:

    + +

    Nach Beendigung dieser Anleitung werden mailcow-dockerized und docker-mailman laufen und Apache als Reverse-Proxy wird die Web-Frontends bedienen.

    +

    Das verwendete Betriebssystem ist ein Ubuntu 20.04 LTS.

    +

    Installation

    +

    Diese Anleitung basiert auf verschiedenen Schritten:

    +
      +
    1. DNS-Einrichtung
    2. +
    3. Installieren Sie Apache als Reverse Proxy
    4. +
    5. Beziehen Sie SSL-Zertifikate mit Let's Encrypt.
    6. +
    7. Installieren Sie mailcow mit Mailman Integration
    8. +
    9. Installieren Sie Mailman.
    10. +
    11. 🏃 Ausführen
    12. +
    +

    DNS-Einrichtung

    +

    Der größte Teil der Konfiguration ist in mailcows DNS Konfiguration enthalten. Nachdem diese Einrichtung abgeschlossen ist, fügen Sie eine weitere Subdomain für Mailman hinzu, z.B. lists.example.org, die auf denselben Server zeigt:

    +
    # Name Typ Wert
    +lists IN A 1.2.3.4
    +lists IN AAAA dead:beef
    +
    +

    Installieren Sie Apache als Reverse Proxy

    +

    Installieren Sie Apache, z.B. mit dieser Anleitung von Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04 (Englisch).

    +

    Aktivieren Sie bestimmte Apache Module (als root oder sudo):

    +
    a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
    +
    +

    Möglicherweise müssen Sie weitere Pakete installieren, um diese Module zu erhalten. Dieses PPA von Ondřej Surý könnte Ihnen helfen.

    +

    vHost-Konfiguration

    +

    Kopieren Sie die mailcow.conf und die mailman.conf in den Apache conf Ordner sites-available (z.B. unter /etc/apache2/sites-available).

    +

    Änderung in mailcow.conf: +- MAILCOW_HOSTNAME zu Ihrem MAILCOW_HOSTNAME

    +

    Änderung in mailman.conf: +- MAILMAN_DOMAIN in Ihre Mailman-Domain (z.B. Lists.example.org)

    +

    **Aktivieren Sie die Konfiguration noch nicht, da die ssl-Zertifikate und Verzeichnisse noch fehlen.

    +

    Beziehen Sie SSL-Zertifikate mit Let's Encrypt.

    +

    Prüfen Sie, ob Ihre DNS-Konfiguration über das Internet verfügbar ist und auf die richtigen IP-Adressen zeigt, z.B. mit MXToolBox:

    + +

    Installieren Sie certbot (als root oder sudo):

    +
    apt install certbot
    +
    +

    Holen Sie sich die gewünschten Zertifikate (als root oder sudo):

    +
    certbot certonly -d mailcow_HOSTNAME
    +certbot certonly -d MAILMAN_DOMAIN
    +
    +

    Installieren Sie mailcow mit Mailman Integration

    +

    Installieren Sie mailcow

    +

    Folgen Sie der mailcow installation. Schritt 5 auslassen und nicht mit docker compose starten!

    +

    Mailcow konfigurieren

    +

    Dies ist auch Schritt 4 in der offiziellen mailcow-Installation (nano mailcow.conf). Passen Sie also Ihre Bedürfnisse an und ändern Sie die folgenden Variablen:

    +
    HTTP_PORT=18080 # verwenden Sie nicht 8080, da mailman es braucht
    +HTTP_BIND=127.0.0.1 #
    +HTTPS_PORT=18443 # Sie können 8443 verwenden
    +HTTPS_BIND=127.0.0.1 # # HTTPS_BIND=127.0.0.1
    +
    +SKIP_LETS_ENCRYPT=y # Der Reverse Proxy wird die SSL-Verifizierung durchführen
    +
    +SNAT_TO_SOURCE=1.2.3.4 # ändern Sie dies in Ihre IPv4
    +SNAT6_TO_SOURCE=dead:beef # Ändern Sie dies in Ihre globale IPv6
    +
    +

    Mailman-Integration hinzufügen

    +

    Erstelle die Datei /opt/mailcow-dockerized/docker-compose.override.yml (z.B. mit nano) und füge die folgenden Zeilen hinzu:

    +
    version: '2.1'
    +
    +services:
    +  postfix-mailcow:
    +    volumes:
    +      - /opt/mailman:/opt/mailman
    +    networks:
    +      - docker-mailman_mailman
    +
    +networks:
    +  docker-mailman_mailman:
    +    external: true
    +
    +

    Das zusätzliche Volume wird von Mailman verwendet, um zusätzliche Konfigurationsdateien für mailcow postfix zu generieren. Das externe Netzwerk wird von Mailman erstellt und verwendet. mailcow benötigt es, um eingehende Listenmails an Mailman zu liefern.

    +

    Erstellen Sie die Datei /opt/mailcow-dockerized/data/conf/postfix/extra.cf (z.B. mit nano) und fügen Sie die folgenden Zeilen hinzu:

    +
    # mailman
    +
    +recipient_delimiter = +
    +unknown_local_recipient_reject_code = 550
    +owner_request_special = no
    +
    +local_recipient_maps =
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp,
    +  proxy:unix:passwd.byname,
    +  $alias_maps
    +virtual_mailbox_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +transport_maps =
    +  pcre:/opt/postfix/conf/custom_transport.pcre,
    +  pcre:/opt/postfix/conf/local_transport,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +relay_domains =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_domains
    +relay_recipient_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +
    +

    Da wir hier die mailcow postfix Konfiguration überschreiben, kann dieser Schritt Ihre normalen Mailtransporte unterbrechen. Überprüfen Sie die originalen Konfigurationsdateien, wenn sich etwas geändert hat.

    +

    SSL-Zertifikate

    +

    Da wir mailcow als Proxy verwenden, müssen wir die SSL-Zertifikate in die mailcow-Dateistruktur kopieren. Diese Aufgabe wird das Skript renew-ssl.sh für uns erledigen:

    +
      +
    • Kopieren Sie die Datei nach /opt/mailcow-dockerized
    • +
    • Ändere mailcow_HOSTNAME in deinen mailcow Hostnamen
    • +
    • Machen Sie es ausführbar (chmod a+x renew-ssl.sh)
    • +
    • Noch nicht ausführen, da wir zuerst Mailman benötigen
    • +
    +

    Sie müssen einen cronjob erstellen, so dass neue Zertifikate kopiert werden. Führen Sie ihn als root oder sudo aus:

    +
    crontab -e
    +
    +

    Um das Skript jeden Tag um 5 Uhr morgens laufen zu lassen, fügen Sie hinzu:

    +
    0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh
    +
    +

    Installieren Sie Mailman.

    +

    Befolgen Sie im Wesentlichen die Anweisungen unter docker-mailman. Da sie sehr umfangreich sind, ist hier in aller Kürze beschrieben, was zu tun ist:

    +

    Als root oder sudo:

    +
    cd /opt
    +mkdir -p mailman/core
    +mkdir -p mailman/web
    +git clone https://github.com/maxking/docker-mailman
    +cd docker-mailman
    +
    +

    Mailman konfigurieren

    +

    Erstellen Sie einen langen Schlüssel für Hyperkitty, z.B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie diesen Schlüssel vorerst als HYPERKITTY_KEY.

    +

    Erstellen Sie ein langes Passwort für die Datenbank, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie dieses Passwort zunächst als DBPASS.

    +

    Erstellen Sie einen langen Schlüssel für Django, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie diesen Schlüssel für einen Moment als DJANGO_KEY.

    +

    Erstellen Sie die Datei /opt/docker-mailman/docker compose.override.yaml und ersetzen Sie HYPERKITTY_KEY, DBPASS und DJANGO_KEY durch die generierten Werte:

    +
    version: '2'
    +
    +services:
    +  mailman-core:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - MTA=postfix
    +    restart: always
    +    networks:
    +      - mailman
    +
    +  mailman-web:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - SECRET_KEY=DJANGO_KEY
    +    - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org
    +    - MAILMAN_ADMIN_USER=admin # the admin user
    +    - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address
    +    - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
    +    restart: always
    +
    +  database:
    +    environment:
    +    - POSTGRES_PASSWORD=DBPASS
    +    restart: always
    +
    +

    Bei mailman-web geben Sie die korrekten Werte für SERVE_FROM_DOMAIN (z.B. lists.example.org), MAILMAN_ADMIN_USER und MAILMAN_ADMIN_EMAIL ein. Sie benötigen die Admin-Zugangsdaten, um sich in der Web-Oberfläche (Pistorius) anzumelden. Um das Passwort zum ersten Mal zu setzen, verwenden Sie die Funktion Passwort vergessen im Webinterface.

    +

    Über andere Konfigurationsoptionen lesen Sie die Dokumentationen Mailman-web und Mailman-core.

    +

    Konfigurieren Sie Mailman core und Mailman web

    +

    Erstellen Sie die Datei /opt/mailman/core/mailman-extra.cfg mit dem folgenden Inhalt. mailman@example.org sollte auf ein gültiges Postfach oder eine Umleitung verweisen.

    +
    [mailman]
    +default_language: de
    +site_owner: mailman@example.org
    +
    +

    Erstellen Sie die Datei /opt/mailman/web/settings_local.py mit dem folgenden Inhalt. mailman@example.org sollte auf ein gültiges Postfach oder eine Umleitung verweisen.

    +

    # Gebietsschema
    +LANGUAGE_CODE = 'de-de'
    +
    +# soziale Authentifizierung deaktivieren
    +MAILMAN_WEB_SOCIAL_AUTH = []
    +
    +# ändern
    +DEFAULT_FROM_EMAIL = 'mailman@example.org'
    +
    +DEBUG = False
    +
    +Sie können LANGUAGE_CODE und SOCIALACCOUNT_PROVIDERS an Ihre Bedürfnisse anpassen.

    +

    🏃 Ausführen

    +

    Ausführen (als root oder sudo)

    +
    a2ensite mailcow.conf
    +a2ensite mailman.conf
    +systemctl restart apache2
    +
    +cd /opt/docker-mailman
    +docker compose pull
    +docker compose up -d
    +
    +cd /opt/mailcow-dockerized/
    +docker compose pull
    +./renew-ssl.sh
    +
    +

    Warten Sie ein paar Minuten! Die Container müssen ihre Datenbanken und Konfigurationsdateien erstellen. Dies kann bis zu 1 Minute und mehr dauern.

    +

    Bemerkungen

    +

    Neue Listen werden von Postfix nicht sofort erkannt

    +

    Wenn man eine neue Liste anlegt und versucht, sofort eine E-Mail zu versenden, antwortet postfix mit Benutzer existiert nicht, weil postfix die Liste noch nicht an Mailman übergeben hat. Die Konfiguration unter /opt/mailman/core/var/data/postfix_lmtp wird nicht sofort aktualisiert. Wenn Sie die Liste sofort benötigen, starten Sie postifx manuell neu:

    +
    cd /opt/mailcow-dockerized
    +docker compose restart postfix-mailcow
    +
    +

    Update

    +

    mailcow hat sein eigenes Update-Skript in /opt/mailcow-dockerized/update.sh, siehe die Dokumentation.

    +

    Für Mailman holen Sie sich einfach die neueste Version aus dem github repository.

    +

    Sicherung

    +

    mailcow hat ein eigenes Backup-Skript. Lies die Docs für weitere Informationen.

    +

    Mailman gibt keine Backup-Anweisungen in der README.md an. Im gitbucket von pgollor befindet sich ein Skript, das hilfreich sein könnte.

    +

    ToDo

    +

    Skript installieren

    +

    Schreiben Sie ein Skript wie in mailman-mailcow-integration/mailman-install.sh, da viele der Schritte automatisierbar sind.

    +
      +
    1. Fragen Sie alle Konfigurationsvariablen ab und erstellen Sie Passwörter und Schlüssel.
    2. +
    3. Führen Sie eine (halb)automatische Installation durch.
    4. +
    5. Viel Spaß!
    6. +
    + +
    +
    + + + Letztes Update: + 2022-10-20 15:33:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/mailpiler/third_party-mailpiler_integration/index.html b/2.5/de/third_party/mailpiler/third_party-mailpiler_integration/index.html new file mode 100644 index 000000000..16ec5be7c --- /dev/null +++ b/2.5/de/third_party/mailpiler/third_party-mailpiler_integration/index.html @@ -0,0 +1,2692 @@ + + + + + + + + + + + + + + + + + + Mailpiler Integration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mailpiler Integration

    + +

    Dies ist eine einfache Integration von mailcow-Aliasen und dem Mailbox-Namen in mailpiler bei Verwendung von IMAP-Authentifizierung.

    +

    Disclaimer: Dies wird weder offiziell vom mailcow-Projekt noch von seinen Mitwirkenden gepflegt oder unterstützt. Es wird keine Garantie oder Unterstützung angeboten, jedoch steht es Ihnen frei, Themen auf GitHub zu öffnen, um einen Fehler zu melden oder weitere Ideen zu liefern. GitHub Repo kann hier gefunden werden.

    +
    +

    Info

    +

    Die Unterstützung für Domain Wildcards wurde in Piler 1.3.10 implementiert, das am 03.01.2021 veröffentlicht wurde. Frühere Versionen funktionieren grundsätzlich, aber nach dem Einloggen sehen Sie keine E-Mails, die von oder an den Domain-Alias gesendet werden. (z.B. wenn @example.com ein Alias für admin@example.com ist)

    +
    +

    Das zu lösende Problem

    +

    mailpiler bietet die Authentifizierung auf Basis von IMAP an, zum Beispiel:

    +
    $config['ENABLE_IMAP_AUTH'] = 1;
    +$config['IMAP_HOST'] = 'mail.example.com';
    +$config['IMAP_PORT'] = 993;
    +$config['IMAP_SSL'] = true;
    +
    +
      +
    • Wenn Sie sich also mit patrik@example.com anmelden, sehen Sie nur zugestellte E-Mails, die von oder an diese spezielle E-Mail-Adresse gesendet wurden.
    • +
    • Wenn zusätzliche Aliase in mailcow definiert werden, wie z.B. team@example.com, werden Sie keine Emails sehen, die an oder von dieser Email-Adresse gesendet wurden, auch wenn Sie ein Empfänger von Emails sind, die an diese Alias-Adresse gesendet wurden.
    • +
    +

    Indem wir uns in den Authentifizierungsprozess von mailpiler einklinken, sind wir in der Lage, die erforderlichen Daten über die mailcow API während des Logins zu erhalten. Dies löst API-Anfragen an die mailcow-API aus (die einen Nur-Lese-API-Zugang erfordern), um die Aliase auszulesen, an denen Ihre E-Mail-Adresse teilnimmt, und auch den "Namen" des Postfachs, der angegeben wurde, um ihn nach dem Login oben rechts in mailpiler anzuzeigen.

    +

    Zugelassene E-Mail-Adressen können in den Mailpiler-Einstellungen oben rechts nach dem Einloggen eingesehen werden.

    +
    +

    Info

    +

    Dies wird nur einmal während des Authentifizierungsprozesses abgefragt. Die autorisierten Aliase und der Realname sind für die gesamte Dauer der Benutzersitzung gültig, da mailpiler sie in den Sitzungsdaten setzt. Wird ein Benutzer aus einem bestimmten Alias entfernt, so wird dies erst nach dem nächsten Login wirksam.

    +
    +

    Die Lösung

    +

    Hinweis: Die Dateipfade können je nach Einrichtung variieren.

    +

    Voraussetzungen

    + +
    +

    Warning

    +

    Da mailpiler sich gegenüber mailcow, unserem IMAP-Server, authentifiziert, können fehlgeschlagene Logins von Nutzern oder Bots eine Sperre für Ihre mailpiler-Instanz auslösen. Daher sollten Sie in Erwägung ziehen, die IP-Adresse der mailpiler-Instanz innerhalb von mailcow auf eine Whitelist zu setzen: Konfiguration & Details - Konfiguration - Fail2ban-Parameter - Whitelisted networks/hosts.

    +
    +

    Einrichtung

    +
      +
    1. +

      Setzen Sie die benutzerdefinierte Abfragefunktion von mailpiler und fügen Sie diese an /usr/local/etc/piler/config-site.php an:

      +
      $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
      +$config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false
      +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
      +include('auth-mailcow.php');
      +
      +

      Sie können auch den mailcow-Hostnamen ändern, falls erforderlich: +

      $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardmäßig $config['IMAP_HOST']
      +

      +
    2. +
    3. +

      Laden Sie die PHP-Datei mit den Funktionen aus dem GitHub Repo herunter:

      +
      curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
      +
      +
    4. +
    5. +

      Erledigt!

      +
    6. +
    +

    Stellen Sie sicher, dass Sie sich erneut mit Ihren IMAP-Zugangsdaten anmelden, damit die Änderungen wirksam werden.

    +

    Wenn es nicht funktioniert, ist höchstwahrscheinlich etwas mit der API-Abfrage selbst nicht in Ordnung. Versuchen Sie eine Fehlersuche, indem Sie manuelle API-Anfragen an die API senden. (Tipp: Öffnen Sie https://mail.domain.tld/api auf Ihrer Instanz)

    + +
    +
    + + + Letztes Update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/nextcloud/third_party-nextcloud/index.html b/2.5/de/third_party/nextcloud/third_party-nextcloud/index.html new file mode 100644 index 000000000..6d59779ab --- /dev/null +++ b/2.5/de/third_party/nextcloud/third_party-nextcloud/index.html @@ -0,0 +1,2729 @@ + + + + + + + + + + + + + + + + + + Nextcloud - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Nextcloud

    + +

    Nextcloud mit dem Helper-Skript verwalten

    +

    Nextcloud kann mit dem helper script, das in mailcow enthalten ist, eingerichtet (Parameter -i) und entfernt (Parameter -p) werden. Um Nextcloud zu installieren, navigieren Sie einfach zu Ihrem mailcow-dockerized Root-Ordner und führen Sie das Helper-Skript wie folgt aus:

    +

    ./helper-scripts/nextcloud.sh -i

    +

    Für den Fall, dass Sie das Passwort (z.B. für admin) vergessen haben und kein neues anfordern können [über den Passwort-Reset-Link auf dem Login-Bildschirm] (https://docs.nextcloud.com/server/20/admin_manual/configuration_user/reset_admin_password.html?highlight=reset), können Sie durch den Aufruf des Helper-Skripts mit -r als Parameter ein neues Passwort setzen. Verwenden Sie diese Option nur, wenn Ihre Nextcloud nicht so konfiguriert ist, dass Sie mailcow zur Authentifizierung verwendet, wie im nächsten Abschnitt beschrieben.

    +

    Damit mailcow ein Zertifikat für die Nextcloud Domain generieren kann, muss die Domain unter welcher die Nextcloud später erreichbar sein soll als ADDITIONAL_SAN in die mailcow.conf hinzufügt werden und docker compose up -d zur Übernahme ausgeführt werden. Für weitere Informationen siehe: Erweitertes SSL.

    +

    Hintergrund-Aufgaben

    +

    Zur Verwendung der empfohlenen Einstellung (Cron) zur Verarbeitung der Hintergrund-Aufgaben müssen in der docker-compose.override.yml folgende Zeilen + hinzugefügt werden:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
    +      ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
    +
    +

    Nachdem diese Zeilen hinzugefügt wurden muss docker compose up -d ausgeführt werden, um das Docker Image mit den entsprechenden Labels zu versehen. Danach muss + zudem der docker scheduler neu gestartet werden, um den neuen Job zu registrieren. Dazu wird docker compose restart ofelia-mailcow ausgeführt. Zur + Überprüfung, ob die ofelia Konfiguration korrekt ist geladen wurde, kann mittels docker compose logs ofelia-mailcow nach einer Zeile mit dem Inhalt + New job registered "nextcloud-cron" - ... gesucht werden.

    +

    Hierdurch wird alle 5 Minuten die Hintergrundverarbeitung gestartet. Da die Ausführung selbst keine Ausgabe liefert, kann die korrekte Funktionsweise in den + Grundeinstellungen von Nextcloud überprüft werden. Hier wird automatisch mit der ersten Ausführung die Hintergrund-Aufgaben Verarbeitung auf (X) Cron gesetzt + und der Zeitstempel Letzte Aufgabe ausgeführt aktualisiert.

    +

    Konfigurieren Sie Nextcloud, um mailcow für die Authentifizierung zu verwenden

    +

    Im Folgenden wird beschrieben, wie die Authentifizierung über mailcow unter Verwendung des OAuth2-Protokolls eingerichtet wird. Wir nehmen nur an, dass Sie Nextcloud bereits unter cloud.example.com eingerichtet haben und dass Ihre mailcow unter mail.example.com läuft. Es spielt keine Rolle, wenn Ihre Nextcloud auf einem anderen Server läuft, Sie können immer noch mailcow für die Authentifizierung verwenden.

    +

    1. Melden Sie sich bei mailcow als Administrator an.

    +

    2. Scrollen Sie nach unten zu OAuth2 Apps und klicken Sie auf die Schaltfläche Hinzufügen. Geben Sie die Redirect URI als https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow an und klicken Sie auf Hinzufügen. Speichern Sie die Client-ID und das Geheimnis für später.

    +
    +

    Info

    +

    Einige Installationen, einschließlich derer, die mit dem Helper-Skript von mailcow eingerichtet wurden, müssen index.php/ aus der URL entfernen, um einen erfolgreichen Redirect zu erhalten: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow

    +
    +

    3. Melden Sie sich bei Nextcloud als Administrator an.

    +

    4. Klicken Sie auf die Schaltfläche in der oberen rechten Ecke und wählen Sie Apps. Klicken Sie auf die Schaltfläche "Suchen" in der Symbolleiste, suchen Sie nach dem Plugin Social Login und klicken Sie daneben auf Herunterladen und aktivieren.

    +

    5. Klicken Sie auf die Schaltfläche in der oberen rechten Ecke und wählen Sie Einstellungen. Scrollen Sie zum Abschnitt Administration auf der linken Seite und klicken Sie auf Social Login.

    +

    6. Entfernen Sie das Häkchen bei den folgenden Punkten:

    +
      +
    • "Automatische Erstellung neuer Benutzer deaktivieren"
    • +
    • "Benutzern erlauben, soziale Logins mit ihren Konten zu verbinden".
    • +
    • "Nicht verfügbare Benutzergruppen bei der Anmeldung nicht entfernen"
    • +
    • "Gruppen automatisch erstellen, wenn sie nicht vorhanden sind"
    • +
    • "Anmeldung für Benutzer ohne zugeordnete Gruppen einschränken".
    • +
    +

    7. Überprüfen Sie die folgenden Punkte:

    +
      +
    • "Die Erstellung eines Kontos verhindern, wenn die E-Mail-Adresse in einem anderen Konto existiert"
    • +
    • "Benutzerprofil bei jeder Anmeldung aktualisieren"
    • +
    • "Benachrichtigung der Administratoren über neue Benutzer deaktivieren".
    • +
    +

    Klicken Sie auf die Schaltfläche Speichern.

    +

    8. Scrollen Sie nach unten zu Custom OAuth2 und klicken Sie auf die Schaltfläche +. +9. Konfigurieren Sie die Parameter wie folgt:

    +
      +
    • Interner Name: Mailcow
    • +
    • Titel: Mailcow
    • +
    • API Basis-URL: https://mail.example.com
    • +
    • Autorisierungs-URL: https://mail.example.com/oauth/authorize
    • +
    • Token-URL: https://mail.example.com/oauth/token
    • +
    • Profil-URL: https://mail.example.com/oauth/profile
    • +
    • Abmelde-URL: (leer lassen)
    • +
    • Kunden-ID: (die Sie in Schritt 1 erhalten haben)
    • +
    • Client Secret: (was Sie in Schritt 1 erhalten haben)
    • +
    • Bereich: Profil
    • +
    +

    Klicken Sie auf die Schaltfläche Speichern ganz unten auf der Seite.

    +
    +

    Wenn Sie bisher Nextcloud mit mailcow-Authentifizierung über user_external/IMAP verwendet haben, müssen Sie einige zusätzliche Schritte durchführen, um Ihre bestehenden Benutzerkonten mit OAuth2 zu verknüpfen.

    +

    1. Klicken Sie auf die Schaltfläche in der oberen rechten Ecke und wählen Sie Apps. Scrollen Sie nach unten zur App Externe Benutzerauthentifizierung und klicken Sie daneben auf Entfernen. +2. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): +

    INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
    +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
    +

    +
    +

    Wenn Sie Nextcloud bisher ohne mailcow-Authentifizierung, aber mit den gleichen Benutzernamen wie mailcow genutzt haben, können Sie Ihre bestehenden Benutzerkonten auch mit OAuth2 verknüpfen.

    +

    1. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): +

    INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
    +

    +
    +

    Aktualisieren

    +

    Die Nextcloud-Instanz kann einfach mit dem Web-Update-Mechanismus aktualisiert werden. Bei größeren Updates können nach dem Update weitere Änderungen vorgenommen werden. Nachdem die Nextcloud-Instanz geprüft wurde, werden Probleme angezeigt. Dies können z.B. fehlende Indizes in der DB oder ähnliches sein. +Es wird angezeigt, welche Befehle ausgeführt werden müssen, diese müssen im php-fpm-mailcow Container platziert werden.

    +

    Führen Sie z.B. folgenden Befehl aus, um die fehlenden Indizes hinzuzufügen +docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/occ db:add-missing-indices"

    +
    +

    Fehlersuche und Fehlerbehebung

    +

    Es kann vorkommen, dass Sie die Nextcloud-Instanz von Ihrem Netzwerk aus nicht erreichen können. Dies kann daran liegen, dass der Eintrag Ihres Subnetzes im Array 'trusted_proxies' fehlt. Sie können Änderungen in der Nextcloud config.php in data/web/nextcloud/config/* vornehmen.

    +
    'trusted_proxies' =>
    +  array (
    +    0 => 'fd4d:6169:6c63:6f77::/64',
    +    1 => '172.22.1.0/24',
    +    2 => 'NewSubnet/24',
    +  ),
    +
    +

    Nachdem die Änderungen vorgenommen wurden, muss der nginx-Container neu gestartet werden. +docker compose restart nginx-mailcow

    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/portainer/third_party-portainer/index.html b/2.5/de/third_party/portainer/third_party-portainer/index.html new file mode 100644 index 000000000..0f4db4b6d --- /dev/null +++ b/2.5/de/third_party/portainer/third_party-portainer/index.html @@ -0,0 +1,2644 @@ + + + + + + + + + + + + + + + + + + Portainer - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Portainer

    + +

    Um Portainer zu aktivieren, müssen die docker-compose.yml und site.conf für Nginx geändert werden.

    +

    1. Erstellen Sie eine neue Datei docker-compose.override.yml im mailcow-dockerized Stammverzeichnis und fügen Sie die folgende Konfiguration ein +

    version: '2.1'
    +services:
    +    portainer-mailcow:
    +      image: portainer/portainer-ce
    +      volumes:
    +        - /var/run/docker.sock:/var/run/docker.sock
    +        - ./data/conf/portainer:/data
    +      restart: always
    +      dns:
    +        - 172.22.1.254
    +      dns_search: mailcow-network
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - portainer
    +
    +2a. Erstelle data/conf/nginx/portainer.conf: +
    upstream portainer {
    +  server portainer-mailcow:9000;
    +}
    +
    +map $http_upgrade $connection_upgrade {
    +  default upgrade;
    +  '' close;
    +}
    +

    +

    2b. Fügen Sie einen neuen Standort für die Standard-Mailcow-Site ein, indem Sie die Datei data/conf/nginx/site.portainer.custom erstellen: +

      location /portainer/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Host              $http_host;   # required for docker client's sake
    +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
    +    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_read_timeout                 900;
    +
    +    proxy_set_header Connection "";
    +    proxy_buffers 32 4k;
    +    proxy_pass http://portainer/;
    +  }
    +
    +  location /portainer/api/websocket/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Upgrade $http_upgrade;
    +    proxy_set_header Connection $connection_upgrade;
    +    proxy_pass http://portainer/api/websocket/;
    +  }
    +

    +

    3. Übernehmen Sie Ihre Änderungen: +

    docker compose up -d && docker compose restart nginx-mailcow
    +

    +

    Nun können Sie einfach zu https://${MAILCOW_HOSTNAME}/portainer/ navigieren, um Ihre Portainer-Container-Überwachungsseite anzuzeigen. Sie werden dann aufgefordert, ein neues Passwort für den admin Account anzugeben. Nachdem Sie Ihr Passwort eingegeben haben, können Sie sich mit der Portainer UI verbinden.

    +
    +

    Reverse Proxy

    +

    Wenn Sie einen Reverse-Proxy verwenden, muss dieser noch konfiguriert werden die Websocket Requests richtig weiterzuleiten.

    +

    Dies wird für die Docker Konsole und andere Komponenten benötigt.

    +

    Hier ist ein Bespiel für Apache:

    +
    <Location /portainer/api/websocket/>
    +  RewriteEngine on
    +  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    +  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    +  RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P]
    +</Location>
    +
    + +
    +
    + + + Letztes Update: + 2022-10-12 18:19:33 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/third_party/roundcube/third_party-roundcube/index.html b/2.5/de/third_party/roundcube/third_party-roundcube/index.html new file mode 100644 index 000000000..ffd163949 --- /dev/null +++ b/2.5/de/third_party/roundcube/third_party-roundcube/index.html @@ -0,0 +1,2832 @@ + + + + + + + + + + + + + + + + + + Roundcube - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Roundcube

    + +

    Installation von Roundcube

    +

    Laden Sie Roundcube 1.6.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/): +

    # Prüfen Sie, ob eine neuere Version vorliegt!
    +cd daten/web
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +
    +# Ändern Sie den Ordnernamen
    +mv roundcubemail-1.6.0 rc
    +
    +# Berechtigungen ändern
    +chown -R root: rc/
    +

    +

    Wenn Sie eine Rechtschreibprüfung benötigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibprüfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibprüfung haben, so dass Sie diese vielleicht nicht benötigen. +

    #!/bin/bash
    +apk update
    +apk add aspell-de # oder jede andere Sprache
    +

    +

    Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. + - Ändern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vorübergehend zu speichern. + - Der db_prefix ist optional, wird aber empfohlen. + - Wenn Sie die Rechtschreibprüfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false;. +

    <?php
    +error_reporting(0);
    +if (!file_exists('/tmp/mime.types')) {
    +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
    +}
    +$config = array();
    +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
    +$config['imap_host'] = 'tls://dovecot:143';
    +$config['smtp_host'] = 'tls://postfix:587';
    +$config['smtp_user'] = '%u';
    +$config['smtp_pass'] = '%p';
    +$config['support_url'] = '';
    +$config['product_name'] = 'Roundcube Webmail';
    +$config['des_key'] = 'yourrandomstring_changeme';
    +$config['log_dir'] = '/dev/null';
    +$config['temp_dir'] = '/tmp';
    +$config['plugins'] = array(
    +  'archive',
    +  'managesieve'
    +);
    +$config['spellcheck_engine'] = 'aspell';
    +$config['mime_types'] = '/tmp/mime.types';
    +$config['imap_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['enable_installer'] = true;
    +$config['smtp_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['db_prefix'] = 'mailcow_rc1';
    +

    +

    Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. +Initialisiere die Datenbank und verlasse das Installationsprogramm.

    +

    Löschen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation!

    +

    Konfigurieren Sie die ManageSieve-Filterung

    +

    Öffnen Sie data/web/rc/config/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu): +

    $config['managesieve_host'] = 'tls://dovecot:4190';
    +$config['managesieve_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +// Aktiviert separate Verwaltungsschnittstelle für Urlaubsantworten (außer Haus)
    +// 0 - kein separater Abschnitt (Standard),
    +// 1 - Abschnitt "Urlaub" hinzufügen,
    +// 2 - Abschnitt "Urlaub" hinzufügen, aber Abschnitt "Filter" ausblenden
    +$config['managesieve_vacation'] = 1;
    +

    +

    Aktivieren Sie die Funktion "Passwort ändern" in Roundcube

    +

    Öffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin:

    +
    [...]
    +$config['plugins'] = array(
    +    'archive',
    +    'password',
    +);
    +[...]
    +
    +

    Öffnen Sie data/web/rc/plugins/password/password.php, suchen Sie nach case 'ssha': und fügen Sie oben hinzu:

    +
            case 'ssha256':
    +            $salt = rcube_utils::random_bytes(8);
    +            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
    +            $prefix  = '{SSHA256}';
    +            break;
    +
    +

    Öffnen Sie data/web/rc/plugins/password/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu):

    +
    $config['password_driver'] = 'sql';
    +$config['password_algorithm'] = 'ssha256';
    +$config['password_algorithm_prefix'] = '{SSHA256}';
    +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
    +
    +

    CardDAV Adressbücher in Roundcube einbinden

    +

    Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins): +

    cd data/web/rc/plugins
    +wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz -
    +chown -R root: carddav/
    +

    +

    Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav) und fügen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: +

    $prefs['SOGo'] = array(
    +    'name'         =>  'SOGo',
    +    'username'     =>  '%u',
    +    'password'     =>  '%p',
    +    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
    +    'carddav_name_only' => true,
    +    'use_categories' => true,
    +    'active'       =>  true,
    +    'readonly'     =>  false,
    +    'refresh_time' => '02:00:00',
    +    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
    +    'hide'        =>  false,
    +);
    +
    +Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen "Persönliches Adressbuch" trägt und nicht gelöscht werden kann). Weitere Adressbücher werden derzeit nicht automatisch erkannt, können aber manuell in den Roundcube-Einstellungen hinzugefügt werden.

    +

    Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzufügen.

    +

    Wenn Sie die Standard-Adressbücher (die in der Roundcube-Datenbank gespeichert sind) entfernen möchten, so dass nur die CardDAV-Adressbücher zugänglich sind, fügen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein.

    +
    +

    Optional können Sie Roundcube's Link zu der mailcow Apps Liste hinzufügen. +Um dies zu tun, öffnen oder erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie den folgenden Code-Block hinzu:

    +

    HINWEIS: Vergessen Sie nicht, das <?php Trennzeichen in der ersten Zeile einzufügen

    +
    ...
    +$MAILCOW_APPS = array(
    +  array(
    +    'name' => 'SOGo',
    +    'link' => '/SOGo/'
    +  ),
    +  array(
    +    'name' => 'Roundcube',
    +    'link' => '/rc/'
    +   )
    +);
    +...
    +
    +

    Aktualisierung von Roundcube

    +

    Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite für Roundcube und holen Sie sich den Link für die "complete.tar.gz" Datei für die gewünschte Version. Dann folgen Sie den untenstehenden Befehlen und ändern Sie die URL und den Namen des Roundcube-Ordners, falls nötig.

    +
    # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
    +docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
    +
    +# Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version
    +apk add rsync
    +cd /tmp
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +cd roundcubemail-1.6.0
    +bin/installto.sh /web/rc
    +
    +# Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren.
    +# Geben Sie 'N' ein, wenn folgender Dialog erscheint: "Do you want me to fix your local configuration".
    +
    +# Sollte im Output eine Notice kommen "NOTICE: Update dependencies by running php composer.phar update --no-dev"  sollte an kurzerhand composer.phar downloaden und die updates durchführen:
    +cd /web/rc
    +wget https://getcomposer.org/download/2.4.2/composer.phar
    +php composer.phar update --no-dev
    +# Auf die Frage "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " bitte mit y antworten.
    +
    +# Entfernen Sie übrig gebliebene Dateien
    +cd /tmp
    +rm -rf roundcube*
    +
    +# Falls Sie von Version 1.5 auf 1.6 updaten, dann führen Sie folgende Befehle aus, um die Konfigurationsdatei anzupassen:`
    +sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
    +
    +

    Administratoren ohne Passwort in Roundcube einloggen lassen

    +

    Installieren Sie zunächst das Plugin [dovecot_impersonate] (https://github.com/corbosman/dovecot_impersonate/) und fügen Sie Roundcube als App hinzu (siehe oben).

    +

    Editieren Sie mailcow.conf und fügen Sie folgendes hinzu:

    +
    # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)
    +# Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden
    +
    +ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
    +
    +

    Editieren Sie docker-compose.override.yml und verfassen/erweitern Sie den Abschnitt für php-fpm-mailcow:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    environment:
    +      - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
    +
    +

    Bearbeiten Sie data/web/js/site/mailbox.js und den folgenden Code nach if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

    +
    if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
    +  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
    +}
    +
    +

    Bearbeiten Sie data/web/mailbox.php und fügen Sie diese Zeile zum Array $template_data hinzu:

    +
      'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
    +
    +

    Bearbeiten Sie data/web/templates/mailbox.twig und fügen Sie diesen Code am Ende des [javascript-Abschnitts] ein (https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57):

    +
      var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
    +
    +

    Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet:

    +
      +
    • data/web/inc/lib/RoundcubeAutoLogin.php
    • +
    • data/web/rc-auth.php
    • +
    +

    Starten Sie schließlich mailcow neu

    +
    docker compose down
    +docker compose up -d
    +
    + +
    +
    + + + Letztes Update: + 2022-11-03 10:44:53 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-admin_login_sogo/index.html b/2.5/de/troubleshooting/debug-admin_login_sogo/index.html new file mode 100644 index 000000000..7d581e214 --- /dev/null +++ b/2.5/de/troubleshooting/debug-admin_login_sogo/index.html @@ -0,0 +1,2653 @@ + + + + + + + + + + + + + + + + + + Admin-Anmeldung bei SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Admin-Anmeldung bei SOGo

    + +

    Dies ist eine experimentelle Funktion, die es Admins und Domänenadmins erlaubt, sich direkt als Mailbox-Benutzer bei SOGo anzumelden, ohne das Passwort des Benutzers zu kennen. +Dazu wird ein zusätzlicher Link zu SOGo in der Mailbox-Liste (mailcow UI) angezeigt.

    +

    Auch mehrere gleichzeitige Admin-Logins auf verschiedene Postfächer sind mit dieser Funktion möglich.

    +

    Aktivieren der Funktion

    +

    Die Funktion ist standardmäßig deaktiviert. Es kann in der mailcow.conf durch Setzen aktiviert werden: +

    ALLOW_ADMIN_EMAIL_LOGIN=y
    +
    +und die betroffenen Container neu erstellen mit

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Nachteile bei Aktivierung

    +
      +
    • Jeder SOGo-Seiten-Load und jede Active-Sync-Anfrage verursacht eine zusätzliche Ausführung eines internen PHP-Skripts. +Dies kann die Ladezeiten von SOGo / EAS beeinträchtigen. +In den meisten Fällen sollte dies nicht spürbar sein, aber Sie sollten es im Hinterkopf behalten, wenn Sie Performance-Probleme haben.
    • +
    • SOGo zeigt keinen Logout-Link für Admin-Logins an, um sich normal anzumelden, muss man sich von der mailcow UI abmelden, so dass die PHP-Sitzung zerstört wird.
    • +
    • Das Abonnieren des Kalenders oder Adressbuchs eines anderen Nutzers, während man als Admin eingeloggt ist, funktioniert nicht. Ebenso wenig funktioniert das Einladen anderer Nutzer zu Kalender-Events. Die Seite wird neu geladen, wenn diese Dinge versucht werden.
    • +
    +

    Technische Details

    +

    Die Option SOGoTrustProxyAuthentication ist auf YES gesetzt, so dass SOGo dem x-webobjects-remote-user-Header vertraut.

    +

    Dovecot erhält ein zufälliges Master-Passwort, das für alle Mailboxen gültig ist, wenn es vom SOGo-Container verwendet wird.

    +

    Ein Klick auf den SOGo-Button in der Mailbox-Liste öffnet die Datei sogo-auth.php, die Berechtigungen prüft, Session-Variablen setzt und auf die SOGo-Mailbox umleitet.

    +

    Jede SOGo, CardDAV, CalDAV und EAS http-Anfrage verursacht einen zusätzlichen, nginx-internen auth_request-Aufruf an sogo-auth.php mit folgendem Verhalten:

    +
      +
    • +

      Wenn ein basic_auth-Header vorhanden ist, wird das Skript die Anmeldedaten anstelle von SOGo validieren und die folgenden Header bereitstellen: +x-webobjects-remote-user, Authorization und x-webobjects-auth-type.

      +
    • +
    • +

      Wenn kein basic_auth-Header vorhanden ist, wird das Skript nach einer aktiven Mailcow-Admin-Sitzung für den angeforderten E-Mail-Benutzer suchen und die gleichen Header bereitstellen, aber mit dem Dovecot-Master-Passwort, das im Authorization-Header verwendet wird.

      +
    • +
    • +

      Wenn beides fehlschlägt, werden die Header leer gesetzt, was SOGo dazu bringt, seine Standard-Authentifizierungsmethoden zu verwenden.

      +
    • +
    +

    Alle diese Optionen/Verhaltensweisen sind deaktiviert, wenn die Option ALLOW_ADMIN_EMAIL_LOGIN in der Konfiguration nicht aktiviert ist.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-attach_service/index.html b/2.5/de/troubleshooting/debug-attach_service/index.html new file mode 100644 index 000000000..c536caa98 --- /dev/null +++ b/2.5/de/troubleshooting/debug-attach_service/index.html @@ -0,0 +1,2779 @@ + + + + + + + + + + + + + + + + + + In einen Container wechseln (CLI) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    In einen Container wechseln (CLI)

    + +

    Anhängen eines Containers an Ihre Shell

    +

    Um einen Container an Ihre Shell anzuhängen, können Sie einfach folgendes ausführen

    +
    +
    +
    +
    docker compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    docker-compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    +

    Verbindung zu Diensten herstellen

    +

    Wenn Sie sich direkt mit einem Dienst / einer Anwendung verbinden wollen, ist es immer eine gute Idee, source mailcow.conf zu benutzen, um alle relevanten Variablen in Ihre Umgebung zu bekommen.

    +

    MySQL

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    +

    Redis

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Dienstbeschreibungen

    +

    Hier ist eine kurze Übersicht, welcher Container / Dienst was macht:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DienstnameDienstbeschreibungen
    unbound-mailcowLokaler (DNSSEC) DNS-Auflöser
    mysql-mailcowSpeichert die SOGo's und die meisten Einstellungen von mailcow
    postfix-mailcowEmpfängt und sendet Mails
    dovecot-mailcowBenutzer-Logins und Siebfilter
    redis-mailcowSpeicher-Backend für DKIM-Schlüssel und Rspamd
    rspamd-mailcowMail-Filter-System. Verwendet für Av-Behandlung, DKIM-Signierung, Spam-Behandlung
    clamd-mailcowScannt Anhänge auf Viren
    olefy-mailcowScannt angehängte Office-Dokumente auf Makro-Viren
    solr-mailcowBietet Volltextsuche in Dovecot
    sogo-mailcowWebmail-Client, der Microsoft ActiveSync und Cal- / CardDav verarbeitet
    nginx-mailcowNginx Remote-Proxy, der alle mailcow-bezogenen HTTP / HTTPS-Anfragen bearbeitet
    acme-mailcowAutomatisiert den Einsatz von HTTPS (SSL/TLS) Zertifikaten
    memcached-mailcowInternes Caching-System für mailcow-Dienste
    watchdog-mailcowErmöglicht die Überwachung von Docker-Containern / Diensten
    php-fpm-mailcowBetreibt die mailcow Web UI
    netfilter-mailcowFail2Ban ähnliche Integration
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-common_problems/index.html b/2.5/de/troubleshooting/debug-common_problems/index.html new file mode 100644 index 000000000..38a519908 --- /dev/null +++ b/2.5/de/troubleshooting/debug-common_problems/index.html @@ -0,0 +1,2752 @@ + + + + + + + + + + + + + + + + + + Häufig auftretende Probleme - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Häufig auftretende Probleme

    + +

    Hier sind häufige Probleme und mögliche Lösungen:

    +

    Mail kommt in einer Schleife zu sich selbst zurück.

    +

    Bitte überprüfen Sie in Ihrer mailcow UI, ob Sie die Domain als Backup MX eingestellt haben: +Überprüfen Sie Ihre MX-Backup-Einstellungen

    +

    Ich kann Mails empfangen, aber nicht senden

    +

    Es gibt viele Gründe, die Sie daran hindern können, Mails zu versenden:

    +
      +
    • Prüfen Sie, ob Ihre IP-Adresse auf einer schwarzen Liste steht. Sie können dnsbl.info oder einen ähnlichen Dienst verwenden, um Ihre IP-Adresse zu überprüfen.
    • +
    • Es gibt einige ISP-Router, die Mail-Ports für nicht auf der Blacklist stehende Domains blockieren. Bitte überprüfen Sie, ob Sie Ihren Server über die Ports 465 oder 587 erreichen können:
    • +
    +
    # telnet 74.125.133.27 465
    +Versucht 74.125.133.27...
    +Verbunden mit 74.125.133.27.
    +Escape-Zeichen ist '^]'.
    +
    +

    Meine Mails werden als Spam identifiziert

    +

    Bitte lesen Sie unsere DNS-Konfiguration Anleitung.

    +

    docker compose wirft seltsame Fehler aus.

    +

    ... wie:

    +
      +
    • ERROR: Ungültiges Interpolationsformat ...
    • +
    • AttributeError: 'NoneType' Objekt hat kein Attribut 'keys'.
    • +
    • ERROR: In der Datei './docker-compose.yml' hat der Dienst 'version' keine Konfigurationsoptionen.
    • +
    +

    Wenn Sie eine oder ähnliche Meldungen erhalten, während Sie versuchen, mailcow: dockerized auszuführen, überprüfen Sie bitte, ob Sie die aktuellste Version von Docker und docker compose haben.

    +

    Container XY ist ungesund

    +

    Dieser Fehler versucht Ihnen mitzuteilen, dass eine der (Gesundheits-)Bedingungen für einen bestimmten Container nicht erfüllt ist. Daher kann er nicht gestartet werden. Dies kann verschiedene Gründe haben, der häufigste ist ein aktualisierter Git-Klon, aber ein altes Docker-Image oder umgekehrt.

    +

    Auch eine falsch konfigurierte Firewall kann einen solchen Fehler verursachen. Die Container müssen in der Lage sein, über das Netzwerk 172.22.1.1/24 miteinander zu kommunizieren.

    +

    Es könnte auch eine falsch verknüpfte Datei sein (z. B. ein SSL-Zertifikat), die den Start eines wichtigen Containers (nginx) verhindert. Prüfen Sie daher immer Ihre Protokolle, um herauszufinden, woher das Problem kommt.

    +

    Adresse bereits in Gebrauch

    +

    Wenn Sie eine Fehlermeldung erhalten wie:

    +
    ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use
    +
    +

    während Sie versuchen, mailcow: dockerized zu starten / zu installieren, stellen Sie sicher, dass Sie unseren Abschnitt über prerequisites befolgt haben.

    +

    XYZ kann keine Verbindung zu ...

    +

    Bitte überprüfen Sie Ihre lokale Firewall! +Docker und iptables-basierte Firewalls erstellen manchmal widersprüchliche Regeln. Deaktivieren Sie daher die Firewall auf Ihrem Host, um festzustellen, ob Ihre Verbindungsprobleme durch solche Konflikte verursacht werden. Wenn dies der Fall ist, müssen Sie manuell entsprechende Regeln in Ihrer Host-Firewall erstellen, um die erforderlichen Verbindungen zuzulassen.

    +

    Wenn Sie Verbindungsprobleme von zu Hause aus haben, überprüfen Sie bitte auch die Firewall Ihres ISP-Routers, da einige von ihnen den E-Mail-Verkehr über die Ports SMTP (587) oder SMTPS (465) blockieren. Es könnte auch sein, dass Ihr ISP die Ports für SUBMISSION (25) blockiert.

    +

    Während Linux-Benutzer aus einer Vielzahl von Tools1 wählen können, um zu überprüfen, ob ein Port offen ist, steht Windows-Benutzern standardmäßig nur der PowerShell-Befehl Test-NetConnection -ComputerName host -Port port zur Verfügung.

    +

    Um Telnet auf einem Windows nach Vista zu aktivieren, lesen Sie bitte diese Anleitung oder geben Sie den folgenden Befehl in einem Terminal mit Administratorrechten ein:

    +
    dism /online /Enable-Feature /FeatureName:TelnetClient
    +
    +

    Inotify-Instanz-Limit überschritten für Benutzer 5000 (UID vmail) (siehe #453).

    +

    Docker-Container verwenden die inotify-Limits von Docker-Hosts. Wenn Sie sie auf Ihrem Docker-Host setzen, werden sie an den Container weitergegeben.

    +

    Dovecot startet ständig neu (siehe #2672).

    +

    Stellen Sie sicher, dass Sie mindestens die folgenden Dateien in data/assets/ssl haben:

    +
    cert.pem
    +dhparams.pem
    +key.pem
    +
    +

    Wenn dhparams.pem fehlt, können Sie es mit Bash

    +
    openssl dhparam -out data/assets/ssl/dhparams.pem 4096
    +
    +
    +
    +
      +
    1. +

      netcat, nmap, openssl, [telnet](https://linux 

      +
    2. +
    +
    + +
    +
    + + + Letztes Update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-logs/index.html b/2.5/de/troubleshooting/debug-logs/index.html new file mode 100644 index 000000000..061f51261 --- /dev/null +++ b/2.5/de/troubleshooting/debug-logs/index.html @@ -0,0 +1,2571 @@ + + + + + + + + + + + + + + + + + + Logs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logs

    + +
    +

    Warning

    +

    Dieser Abschnitt gilt nur für Docker's Standard-Logging-Treiber (JSON).

    +
    +

    Um die Logs aller mailcow: dockerized bezogenen Container zu sehen, können Sie den folgenden Befehl innerhalb Ihres mailcow-dockerized Ordners verwenden, der Ihre mailcow.conf enthält:

    +
    +
    +
    +
    docker compose logs
    +
    +
    +
    +
    docker-compose logs
    +
    +
    +
    +
    +

    Dies ist normalerweise ein bisschen viel, aber Sie können die Ausgabe mit --tail=100 auf die letzten 100 Zeilen pro Container kürzen, oder ein -f hinzufügen, um die Live-Ausgabe aller Ihrer Dienste zu verfolgen.

    +

    Um die Logs eines bestimmten Dienstes zu sehen, kann man folgendes verwenden:

    +
    +
    +
    +
    docker compose logs [options] $service_name
    +
    +
    +
    +
    docker-compose logs [options] $service_name
    +
    +
    +
    +
    +
    +

    Info

    +

    Die verfügbaren Optionen für den Befehl docker compose logs sind:

    +
      +
    • -no-color: Erzeugt eine einfarbige Ausgabe.
    • +
    • -f: Der Log-Ausgabe folgen.
    • +
    • -t: Zeitstempel anzeigen.
    • +
    • --tail="all ": Anzahl der Zeilen, die ab dem Ende der Protokolle für jeden Container angezeigt werden sollen.
    • +
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-mysql_aria/index.html b/2.5/de/troubleshooting/debug-mysql_aria/index.html new file mode 100644 index 000000000..848230a2e --- /dev/null +++ b/2.5/de/troubleshooting/debug-mysql_aria/index.html @@ -0,0 +1,2595 @@ + + + + + + + + + + + + + + + + + + Abgestürzte Aria-Speicher-Engine wiederherstellen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Abgestürzte Aria-Speicher-Engine wiederherstellen

    + +

    MariaDB: Aria-Wiederherstellung nach Absturz

    +

    Wenn Ihr Server abgestürzt ist und MariaDB eine Fehlermeldung ähnlich [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files, können Sie Folgendes versuchen, um die Datenbank in einen gesunden Zustand zu bringen:

    +

    Starten Sie den Stack und warten Sie, bis mysql-mailcow beginnt, einen Neustart zu melden. Überprüfen Sie dies, indem Sie docker compose ps ausführen.

    +

    Führen Sie nun die folgenden Befehle aus:

    +
    # Stoppe den Stack, führe nicht "down" aus
    +docker compose stop
    +# Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
    +# cd in das SQL-Datenverzeichnis
    +cd /var/lib/mysql
    +# aria_chk ausführen
    +aria_chk --check --force */*.MAI
    +# Löschen der aria-Logdateien
    +rm aria_log.*
    +
    +

    Führen Sie nun docker compose down gefolgt von docker compose up -d aus.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-mysql_upgrade/index.html b/2.5/de/troubleshooting/debug-mysql_upgrade/index.html new file mode 100644 index 000000000..01f35ac01 --- /dev/null +++ b/2.5/de/troubleshooting/debug-mysql_upgrade/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Manuelles MySQL-Upgrade - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manuelles MySQL-Upgrade

    + +

    Führen Sie ein manuelles mysql_upgrade durch.

    +

    Dieser Schritt ist normalerweise nicht notwendig.

    +
    docker compose stop mysql-mailcow watchdog-mailcow
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
    +
    +

    Sobald die SQL-Shell gestartet wurde, führen Sie mysql_upgrade aus und verlassen den Container:

    +
    mysql_upgrade
    +exit
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-reset_pw/index.html b/2.5/de/troubleshooting/debug-reset_pw/index.html new file mode 100644 index 000000000..6c799288a --- /dev/null +++ b/2.5/de/troubleshooting/debug-reset_pw/index.html @@ -0,0 +1,2793 @@ + + + + + + + + + + + + + + + + + + Passwörter zurücksetzen (inkl. SQL) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Passwörter zurücksetzen (inkl. SQL)

    + +

    mailcow Admin-Konto

    +

    Setzt den mailcow Admin Account auf ein zufälliges Passwort zurück. Ältere mailcow: dockerisierte Installationen können das mailcow-reset-admin.sh Skript in ihrem mailcow Stammverzeichnis (mailcow_path) finden.

    +
    cd mailcow_pfad
    +./helper-scripts/mailcow-reset-admin.sh
    +
    +

    MySQL-Passwörter zurücksetzen

    +

    Stoppen Sie den Stack, indem Sie docker compose stop ausführen.

    +

    Wenn die Container heruntergefahren sind, führen Sie diesen Befehl aus:

    +
    docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
    +
    +

    1. Datenbank-Name finden

    +
    # source mailcow.conf
    +# docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +MariaDB [(none)]> show databases;
    ++--------------------+
    +| Database |
    ++--------------------+
    +| information_schema |
    +| mailcow_database | <=====
    +| mysql |
    +| performance_schema |
    ++--------------------+
    +4 rows in set (0.00 sec)
    +
    +

    2. Einen oder mehrere Benutzer zurücksetzen

    +

    2.1 Maria DB < 10.4 (ältere mailcow-Installationen)

    +

    Sowohl "password" als auch "authentication_string" existieren. Derzeit wird "password" verwendet, aber besser ist es, beide zu setzen.

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user |
    ++--------------+
    +| mailcow | <=====
    +| root |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    2.2 Maria DB >= 10.4 (aktuelle mailcows)

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user |
    ++--------------+
    +| mailcow | <=====
    +| root |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh';
    +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    Zwei-Faktor-Authentifizierung entfernen

    +

    Für mailcow WebUI:

    +

    Dies funktioniert ähnlich wie das Zurücksetzen eines MySQL-Passworts, jetzt machen wir es vom Host aus, ohne uns mit dem MySQL CLI zu verbinden:

    +
    Quelle mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
    +
    +

    Für SOGo:

    +
    docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
    +
    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-reset_tls/index.html b/2.5/de/troubleshooting/debug-reset_tls/index.html new file mode 100644 index 000000000..1cd57c082 --- /dev/null +++ b/2.5/de/troubleshooting/debug-reset_tls/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + TLS-Zertifikate zurücksetzen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    TLS-Zertifikate zurücksetzen

    + +

    Sollten Sie Probleme mit Ihrem Zertifikat, Schlüssel oder Let's Encrypt-Konto haben, versuchen Sie bitte, die TLS-Assets zurückzusetzen:

    +
    source mailcow.conf
    +docker compose down
    +rm -rf data/assets/ssl
    +mkdir data/assets/ssl
    +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
    +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
    +docker compose up -d
    +
    +

    Dies wird mailcow stoppen, die benötigten Variablen beschaffen, ein selbstsigniertes Zertifikat erstellen und mailcow starten.

    +

    Wenn Sie Let's Encrypt verwenden, sollten Sie vorsichtig sein, da Sie ein neues Konto und einen neuen Satz von Zertifikaten erstellen werden. Sie werden früher oder später auf ein Ratelimit stoßen.

    +

    Bitte beachten Sie auch, dass frühere TLSA-Datensätze ungültig werden.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-rm_volumes/index.html b/2.5/de/troubleshooting/debug-rm_volumes/index.html new file mode 100644 index 000000000..0a1e0e9b2 --- /dev/null +++ b/2.5/de/troubleshooting/debug-rm_volumes/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Persistente Daten löschen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Persistente Daten löschen

    + +

    Es kann sein, dass Sie einen Satz persistenter Daten entfernen wollen, um einen Konflikt zu lösen oder um neu zu beginnen.

    +

    mailcowdockerized kann variieren und hängt von Ihrem Compose-Projektnamen ab (wenn er unverändert ist, ist mailcowdockerized der richtige Wert). Wenn Sie sich unsicher sind, führen Sie docker volume ls aus, um eine vollständige Liste zu erhalten.

    +

    Löschen Sie ein einzelnes Volume:

    +
    docker volume rm mailcowdockerized_${VOLUME_NAME}
    +
    +
      +
    • Entfernen Sie Volume mysql-vol-1, um alle MySQL-Daten zu entfernen.
    • +
    • Entfernen Sie Volume redis-vol-1 um alle Redis Daten zu entfernen.
    • +
    • Volume vmail-vol-1 entfernen, um alle Inhalte von /var/vmail zu entfernen, die in dovecot-mailcow eingebunden sind.
    • +
    • Entfernen Sie das Volume rspamd-vol-1, um alle Rspamd-Daten zu entfernen.
    • +
    • Entfernen Sie Volume crypt-vol-1, um alle Crypto-Daten zu entfernen. Dies wird alle Mails unlesbar machen.
    • +
    +

    Alternativ dazu wird die Ausführung von docker compose down -v alle mailcow: dockerized volumes zerstören und alle zugehörigen Container und Netzwerke löschen.

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug-rspamd_memory_leaks/index.html b/2.5/de/troubleshooting/debug-rspamd_memory_leaks/index.html new file mode 100644 index 000000000..90684059d --- /dev/null +++ b/2.5/de/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -0,0 +1,2550 @@ + + + + + + + + + + + + + + + + + + Fortgeschritten: Memory-Leaks in Rspamd finden - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Fortgeschritten: Memory-Leaks in Rspamd finden

    + +

    Eine kurze Anleitung, um einen schlecht funktionierenden Rspamd tiefgehend zu analysieren.

    +
    docker compose exec rspamd-mailcow bash
    +
    +if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
    +  sed -i 's/apt-stabil/apt-stabil-asan/i' /etc/apt/sources.list.d/rspamd.list
    +fi
    +
    +apt-get update ; apt-get upgrade rspamd
    +
    +nano /docker-entrypoint.sh
    +
    +# Fügen Sie vor "exec "$@"" die folgenden Zeilen ein:
    +
    +export G_SLICE=always-malloc
    +export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
    +
    +

    Starten Sie Rspamd neu: docker compose restart rspamd-mailcow

    +

    Ihr Speicherverbrauch wird stark ansteigen, er wird auch stetig wachsen, was nicht mit einem möglichen Memory Leak zusammenhängt, nach dem Sie suchen.

    +

    Lassen Sie den Container für ein paar Minuten, Stunden oder Tage laufen (es sollte die Zeit sein, die Sie normalerweise warten, bis der Memory Leak "passiert") und starten Sie ihn neu: docker compose restart rspamd-mailcow.

    +

    Betreten Sie nun den Container, indem Sie docker compose exec rspamd-mailcow bash ausführen, wechseln Sie das Verzeichnis zu /tmp und kopieren Sie die asan-Dateien an den gewünschten Ort oder laden Sie sie über termbin.com hoch (cat /tmp/rspamd-asan.* | nc termbin.com 9999).

    + +
    +
    + + + Letztes Update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/de/troubleshooting/debug/index.html b/2.5/de/troubleshooting/debug/index.html new file mode 100644 index 000000000..347d06d9b --- /dev/null +++ b/2.5/de/troubleshooting/debug/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Einführung - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Einführung

    + +

    Wenn ein Problem auftritt, dann immer aus einem bestimmten Grund! Was Sie in einem solchen Fall tun sollten, ist:

    +
      +
    1. Lesen Sie Ihre Logs; verfolgen Sie sie, um herauszufinden, was der Grund für Ihr Problem ist.
    2. +
    3. Folgen Sie den Hinweisen in Ihren Logdateien und beginnen Sie mit der Untersuchung.
    4. +
    5. Starten Sie den gestörten Dienst oder den gesamten Stack neu, um zu sehen, ob das Problem weiterhin besteht.
    6. +
    7. Lesen Sie die Dokumentation des gestörten Dienstes und suchen Sie in dessen Bugtracker nach Ihrem Problem.
    8. +
    9. Durchsuchen Sie unsere Github Issues nach Ihrem Problem.
    10. +
    11. Erstelle einen Github Issue in unserem GitHub Repository, wenn Sie glauben, dass Ihr Problem ein Fehler oder eine fehlende Funktion ist, die Sie dringend benötigen. Bitte stellen Sie aber sicher, dass Sie alle Logs und eine vollständige Beschreibung Ihres Problems mitschicken. Bitte fragen Sie nicht nach Support auf Github.
    12. +
    13. Treten Sie unserer Telegram-Community bei oder finden Sie die offiziellen Support-Pakete bei Servercow. Alternativ fragen Sie Twitter um Rat und taggen uns mit @mailcow_email.
    14. +
    + +
    +
    + + + Letztes Update: + 2022-01-30 15:28:48 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/debug-admin_login_sogo/index.html b/2.5/debug-admin_login_sogo/index.html new file mode 100644 index 000000000..3127018a9 --- /dev/null +++ b/2.5/debug-admin_login_sogo/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-attach_service/index.html b/2.5/debug-attach_service/index.html new file mode 100644 index 000000000..351f3bb09 --- /dev/null +++ b/2.5/debug-attach_service/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-common_problems/index.html b/2.5/debug-common_problems/index.html new file mode 100644 index 000000000..e06b05c20 --- /dev/null +++ b/2.5/debug-common_problems/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-logs/index.html b/2.5/debug-logs/index.html new file mode 100644 index 000000000..f85208325 --- /dev/null +++ b/2.5/debug-logs/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-mysql_aria/index.html b/2.5/debug-mysql_aria/index.html new file mode 100644 index 000000000..42a5ef364 --- /dev/null +++ b/2.5/debug-mysql_aria/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-mysql_upgrade/index.html b/2.5/debug-mysql_upgrade/index.html new file mode 100644 index 000000000..dd4c082a9 --- /dev/null +++ b/2.5/debug-mysql_upgrade/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-reset-tls/index.html b/2.5/debug-reset-tls/index.html new file mode 100644 index 000000000..e991c8bdf --- /dev/null +++ b/2.5/debug-reset-tls/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-reset_pw/index.html b/2.5/debug-reset_pw/index.html new file mode 100644 index 000000000..b998bb045 --- /dev/null +++ b/2.5/debug-reset_pw/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-reset_tls/index.html b/2.5/debug-reset_tls/index.html new file mode 100644 index 000000000..e991c8bdf --- /dev/null +++ b/2.5/debug-reset_tls/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-rm_volumes/index.html b/2.5/debug-rm_volumes/index.html new file mode 100644 index 000000000..3b2228662 --- /dev/null +++ b/2.5/debug-rm_volumes/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug-rspamd_memory_leaks/index.html b/2.5/debug-rspamd_memory_leaks/index.html new file mode 100644 index 000000000..19f546711 --- /dev/null +++ b/2.5/debug-rspamd_memory_leaks/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/debug/index.html b/2.5/debug/index.html new file mode 100644 index 000000000..292bda6fd --- /dev/null +++ b/2.5/debug/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.eot b/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..732a1d88ae47d157d4d7565adb61fdbc917054f8 GIT binary patch literal 11260 zcmbVyWlWtx*X=pDySux)b8s#0?(SCH-QC^YiaQ*jxECu>+@ZJ>S}yOKFE?Lu|J`RY zd#_n*ubs*KdouIR2ms_V000o50}Ak&5h39rp&%h3pn!m6;3ol4RH6NhkpF@I^A!OB zCjWuko)C!tL;bJB1yBb#13Uq40CRvPfD9ndDqjCr zWBF9s0X(0&<7XH9Pyc_atUj~%=OhDge0JdeoIIbA=fAxG0LlNa9h3b(`vm~R)n!!v z*HQczLIU(=01T-BhD-pd6~^pY?Cg(d>{dPT!=2rINur!B9VVt5>m+Aoa43}TtWgUA zu$>5wCiO$g%#P(76N7s@#mZm}UVZsVL920Mc6^>cg9g9icPg;Zjhew*_fh)1tf`N@ zx2I-XuDHQhc{*W7Q8J07#$`OhqU z4PGQa;T#+@h-gqwaZr0XOfHC8fUuQ&A5+$dFQ>kNaF7fYBAxTb1RhugHUxj)3n%NCWTg-I}= z%6M$>>pc%crQe00Lx+)3DJxWjY$Vt6o4nG(Q7KB6jw*G41VAikr)-s)C6%H1_dUTC zOO)gi%oQFr|E$JjAi7G$uAO|VnwFFqL_#E$^pYml3KYuQ_;C7z03y^sjhkCC0X7`# zJ<{?{fY*dmcY5ruKJT0r8p~!nc1;k+#Lyo&hrMbM}wt;)%WEDjcW&Ya|(BA_=fhQt^+P z!@xqIx7iwkOUD3=J2)&RM>8ZUxe9s(HRm5XIZFiN3Y1LvU#EWk1SadXI~uVsN$d)7 zg-pO3o`^w(&Nv5pM@k*aBW^Lz@eNv$tTGzA4`3`}p%ecwD$FrhK(2;3-josM62T%t z67&wbbe{0Bk&UdWB$~OnBS6=`Mst94Lu{kR&ETO8MuC#W1T}|MQ?A8=Acsb))gYDO z0(NndU|gXgGo01SBu)s%DYUTVR&r5@{Hka(kbFZn3{|dV(pcrha^a)qT#C(7YG!3m zmE>}&n+47s9`9#GLN-xuCl^)|J>q11q?ZQLbKw#zGn&hUFHcQ88mx0xM)HTwB;*O! zcGvF`BTh8!QjzVfXpy??r)xaroSEsH1i%^58LJsp?q&!p4XM^7mWP4b5Dt%{JBj19 zjb_YW)x6U15J_tP@VHT5upyl|<+;`s3ruI=M%X%1%2X)5m-?PL>O8@%r{pY_B-jK+ z!iZ=~M|br5zzxaTj9v44#_v(>!TtH$#26nS;LPI|5weK)rlxgY56dTt)vrFyOq(!CPZd@)Jai)u6jT?F&S zwz=EzQ$-sQh&PDw!@H)+9`)c!-|o4Y)F;EGb%FQ@ouvXgY<9+b94}4)iaT+^&l(_S zKqW01Pc(T!i{q*M76U{#DFSXqHB-A#&-lv;%5GnuCf2;z5jd25b0ymCN2%ObGhs1& zY*R85ddbLUGB-ULfC+4;2{AF7j)SjEV}({Eu-(oJJ6OusryUXA{!9gm&^tXG8emx3 zw9bZIpAm7bdyMZ=Dk+J52Rk;}vf&X)GeE5H$drMmBx&)Fs~0o#;f`f~C5vf~Hx?2o zYuZ5hC{0V%0$SkRQv0&%tTJoHp1Rl7>M6t*vRZQh9OFZzA&cFcg@$u&i6voAFMA?* zjE1Ll(1MD*Qe#rcqm3oNm6_NF-uQ}B%0;_ixVyy_8v>NT=#SCbXth-;J2J)BF$Y9p z7_wlF)<}5BFE<}XIcF&%_mnZ1B&s@$blrk@Y3qnDBhYBeAiANXibk{Hc%&I`e+h!G zm_{<_X+BuC2-AJi`uR{5NL|P3b*C*)f5=qw=969N1TPLJVfjzO?ApllAHlGcqQ%?N z^tomp$Pn`Ru?5PphKv3>wnU>NP&N=8X%M!@si8moASHltFg!UpwQRlMM#terZKLgw-XoBTVMEwyY6z zvyu{~QODKs<_9DtOtR;9XBWavr!QILs$H9#aHmIlq(Fh`Hwfr7@Cm>s-l9S11bm%* z*@NIw^@npAkOaQ$kUUzhlA~3SEcG9}3Rp8HVX2?Wb5SvUsTfSZwph?W(uI8~rlUYt z9^KWRgN|(JGZTIht`eSa>{?VHU;IWj7VhZoD))Ng)TXsnkEPr3v*>UkAbX>Ny9O zil|6h=|DHf=b+;s&I9AsAmj=s=Cnf%S>f0i$T_=gH@S0sROsTKolR>Ag5?}_*Ix(* z{_2rON?f&dJsRk2xCXesG~?WGp7% zkzfn+6sv_xY--1omsoe@4tpRHJTb2Gt7t_zvE6uF-yx}?U(T=u=zQs$ocs30Lyd%Tf zj8coyT0BSi!epJ~aQYb-ESNzH5837)lS!p0Z-LV^8C2BoSiw5dtY}32?!}=dN$`DT2X0 zVRnH@hrtUnwjw0CK!oAn+8O%Pgk}xEE?CMgvqFR)bR}fa&iNX%pzB?H{SzPo8?0*X zpSNB4WgR!~$4T5fay0r#j@~0%#n*83e|pyt6DE419C-dey}Wy<>}du4Uu)?80*mtS z6REMOi4k_B(Aj(3GhT|axP;Qhlo8!K5H*C{QxG+579~jTwwuZ6S^I}Xz>S-)a`LA3y7=e>XB@mZ#?wJHvS&I27PdL2~z)a=5bYK(cTs@0Ra);!cM|n5i z@1bpVJRC=%o|A}kdGu8=>?aa=AeB0a;63edOe3(I2hj z`|jm0LFvPOVseP?EM9RK%(HS}B>#QMNMijrtU>w950pHV!o^ax4+FBbZB1TgF}{(>xkTVDFMh6+Vc-T_ndZm4Lb zo{Z`JLgNpombb76T!p79817!LLfJ_^wFfNHm~sv{({w8&0}$89otuG76Bk=&O^BF7hlc zQ%+Y+QF;I+q(iYK8k|kGUDrMaBzis$1o@V7_L|f}5}xdL|3f-7mA&4~Gc%EXgr%CMA%*G-ljjyPK1? z5CYKxZsyX<<`P%=q5=1=_#6cThx6SD_gtZ>P@ctJ|FYxl4>$P;JrMg)-+In&kXmNq zy$mha3g=bAxBI&g+VLo*>wc%*gmBNzPJN}a1GhmpCMThNGREku#;;NQ<26^J46HeO z`d`MKdXBzA^oLFEH0KT~i!EVI-4a25e`e$4|Kf2K%@V zQl<8F!cJvW6(wPaIt6X#prE3}9&V@AgIBn4$=l9gE0!f5)1Nim%?La2YXNgeeiH-XO^r^EDm#u6NHc4q-i*G0N1Q6V^n8o5l$mScH&v%{8KL?Ho*7vHYwj zK#S}?lVWE`=Mg0ZNu!HA<+3W}q`#m24mg7mDTa6o=&1s6!xH)9!?(0Q9Kt8;&N3%V zaDu{gg{T8OJpgBVYv^w@I)~cN!vZn}wbTGR8w>WB8E<|79G}2KoK3VLlCATrVy{)1 zV?z?-L%g~siRq*)^4+V|x9V@z>@$!t4#WNoJCAtU*0^^ap+~5&(ot69G(^7+1rBB_ z^^?lYplp{wVvhXU1B--t>vWVrB2!|75pf|%BaFmwG@mYg?+F3)wo>#eeJ3{GgjnzP zSQU<9=5^vkN2s#2FfNnRj*Ez|=FwMF8IpR!`*S!+rZaYXk1lv8qY2YVr&iKO+$_8a zcpKK8&FBMevW16^1gxyE^Y4HhVyYhXwhQ)Pg^K=pg!lkn&jg zNFqRkJZYOF?CnMB!CNe|2?d|l#WX73<&=0GvF9-mPr$dCKB63RyC3xf`zOQ4Ll!Ql zKWSEr2Urp>Hd^fLjOa`F=d#-A{-_AD>#;CZjUl8{eTWQ@sR=s2GYfU?%~9w5_KI#T zvKqst_^Oc)lCS>;v^q)9K=Z^WEpfD;pGvz6snKM2sSPSmu(VW;Dbq5jVpdkKS<*)J z*bJKhlVfX;=w$5=In#RGr~di;COyGKT5==fYV zz6b9&Azh~Sq0Xbc(*Gc$&;!4^y{pv%qhnLO;jF@bnG{I_ct&Av!>4!;Oc8ad$^+aG zC&WB_WCmXpAc9d%z#xc9#<8|v{y$Wa09X*0G|cwsp*Fwj;#%)G%w?C<4NvY95|;f) zw{m_4zr)ZrgT%y0lA;YAnBLCxzhSXcQ1g}_RY!QS$d^)d`{>_hNsq`JeisCyUWR5Q z>fut`mP22sW20fAYr^JEK_p`7{SbDzgnBLS2=6>nB+SmTP{w#++H4F~2_Tp5ipNvn zQo^(|BmY;1g?<&V+_#w9i>}{)4;Wc(VY<&~x5cK}H<(!}j}z)5RIGdW-t^t=+eXV5 z(BPhYOeavsMjt{Z2@7V2l8m|O3U9hx`?qGqD|H{YLNgFxt6xb)Ila!x7#$`Mkzt3f;2s)b0 zGzC{N{Y|%!$QQ)ro^+WNh=tIJYKxmhm)q-T>Y-ry=bmD(Fjq;uprPe{8Q%^SWXu?! z$ult6ca@q;0-l|Zfn;TpOG-nkoUS)&1(kQnJSJ87V|7N;5b8DKer$sId6?I|ete*` zSb0%eIy8ATHy-IWomTOd_O$VKe09o5Tlw*1yxXn3_yKx;EH2USdKh~)h-2F^Hq7)3 zP+wGi+-HKD7MOW1yr3Ts>K`)B&mf zRPW(y!#nvuNHyLG5_K|ZU`2hI{{m$wQ)&0Fj*@IjygTXN(HubzR#vqRcCeYGi3_O9 z7&$8aEFL=5T`ztt$JOCqI14acL^*BhobnnoCg%$Ndn7ir)rpK>M6#CWqmb9$oPfLt zSDakGNczy=S&-dCTYAWO%?5U(n|3SBtjSYUg~BZc^qsFbSSUkemhkWKX0 z2|C6)$nHRuP(PQjOq=Q4FsU&ZcmDQ@ac#3#q7(3N#sP8sol1?pQHsEX$5y^MhGZCp z=JCJ&Je$DLN;C^nJ!#%ZvyL^D8#Fp}H_Sv>!pdCMZQ)dO$YFuaMLQ18vIW)PAy&%s zrf&Pbzz?L2ZoNe5%+ivGWo)pxjo+|I5bmsYA^it3v({m=%OZ^_|8844c zQFC#MWy84>u)ECM_h^dU07tGbP0P>WlTE>*ER(I zD~It5S9y$coc!+aL1y#Q7!)Y-0WBJ!kNVM!gu8rmktO@?=k@~W`yO}ZV}hTKgr+^1 zY-#7`)sLrG!fJW!i}T=RuGAV_eL*B2Z<@-en9@r0-J@_JnB)N+$2?UDA7v9}c2Q28 zdS8`hU|)`}OhU*Ax31twGBcAD553=63c;j!;UqrJpHMJll*!}3V4r5<7$Tr-1Rt&7 zTsTSs$NP0_Sz80nADh#_2qSv#uja#x$tc{Z7IhZAOfz)&iIku2jyBMOjNYp`q5Vc5 ztDm3MxBH)%(bm$DBKK#FQRRGd@%Pa(RX9Lj)nh8egE|h^K=guzTki1TUP=XqNCx4^ztO`FjLV zkV8lfQa6bn6p~?5<@~I6%?WjjMol|7ljo(faFKjxW?s=DC^jOvz&zu^ z|H8N4$uo^H57EkAkp86#`>f`w%mr<3b3`k+An2@!2#oLR3fLk|gcacrzAvy0&9`|y z2Y%1hwdYLyYSKB8jSnQyys2!N$^Eolhn!b`)ZUql%5kWW~;rC=nwxDje2Egb#Xv>Qk<=ud73P7xv$~ zMoUJ~kZoCFm1%+Q0o%MR>aXfKzI1tu!?rflNmWalAk)CJwAs#SWM$#1jA1UsD|?); zbCJ4RvE0FhWHo2uxM6g@GVeuVlyep!qC2sIxML`L9O1K=CE^*oU4z`oE6O|ZVlfKH z4(gSx;$XDiRr5=uXM;a!s6+NUh6Q4l6b~EhZM4&lBqsm{HL_kGHUyK4V<9rvL)#{ zghw)SFUPU0aU?-H5RC^XN8W{KEI{j#q51HnMXghepDQzYb(dzAUIUnotXMxDwk6o~ z))4HF($v-dr1kY=vs`nDk-5qh{DrQV0{)?N=C7TclWHj@NI^vdhsd;cLZ&FW$^F^M z_UD$9tt6EyC!BoGzeQ7F&7H8SWz9v692W^05A?PFYR~_DC&e$am3Jla(8=d5=`e$0 zDC^f<#>C#~YlmTUdRhx>n{uo*p@tj+hV_O-w1o=;X9zPLXXgrBiGCs5wR1F`#71bz z>8#MPeJvzlJL^F}5kE6b0>pvN-*C%L5v8S)Ziy}^~|UmmVpA>!}BpXZK@hevW$kc z6{B?tZVvv59J9Q3ab6iL)6z0&a{7gzkGJUt^I;WjMOXc}n`3;ABi&}r(n_`zN-YiJ zRi35|a3PY7zG}l9nQNSWZ^8_2MGfdG~=e**YwWNTd_bQ~tJYpU(_GCQH$soStELyw2}!Mpry6uX$ohgtCbf z3;`pA0kgt2%3(l+W=pB39$HoirIJH@F8sdH0NkkcpU9hw4=FfwEDq6?*CsBqZoXO> zh+f;XUW9NcL(GLmg|_5Ovwv)EZU~L+YJO;?Oyaf`n=Q95qjV?8j?$HDUWZHTk!o$~cQ&uX+d&k=r3&LF!j5ta3406$tnKBLKnyjM;pRle)aqf9{Jp@P z{t-*&rG}BE9T=)OOYci@rf`n+YmCo>o&>rGq)NC8$-Q|iX-}9;+Fs6I zRwH=tbx6IvM9oDxkeXYC|I*@TJ&btsEdi5oX}T?eGdm;-mAd!^en1GyxADAG<1fyV zybghFRvt6fN7Hz{;_M{0FKY$4EGSB(4ZF;D?ZY5Tm&RK;Z2_Gg)4iR3M#p~YW}w!{C`MNQF`(3!V09ULKrVp@a0 z3L0EH2CFXK^}Qr}y+ynIf))d^GL2QV%@o31`dp)<@76t_8&?}_pW+(C{NfsM$~M!N zc^_Z4^7g%D_xL(-X{H4m2Kt*4?c1NRi)Kq~XtJckz>fHO3YqwV{~cx+Fmd0Nj-<|& zg?g^a(k)kE#=xRaT|I)$#$Z!BXUZsm)UjXIc9NO;P>)gg#=28T05cg!D0W6~qY`=s zaun4-@bXItS`wil8FGzpvM2!K|5*k${k>ZJeem(k&N+aApX~s6fLt3;tYnYC!i^0D zVNQg(cG4NPyVz-ES$`?*V-LM!uJhtUl^7n&j+RO(Mqd+XQ5(yz2U5aqh;_oYCE7OG zDN&^#=`_XEewM0nNl~><)=V~^^jIwQLTPB2)fML2$AzZIa0}vmRAj4>r5g`YRV9X) zm%Z>|2*)J$sD>t=O*M~!gYNgt()`;6F`x0|OOxliXOlofZxkBBW*Q199718ZAWN`` z*L}v|!!{&2SY5n#&*QEEmv*ZG9`Frc^_0&Sl7L#jHJ9j6>!O@6l94>mD6!|)l~Ia0 zCB3ABK6M!o9rKii4Z!JBE1R+QcervEuU%A}uPh?*QrhC`E?yRg5Ih<5mm3D&d~t;r zgJ0OEv;gLwLD9Cij4eDSOLOB9vP2|kCf%1Be&cM8J}KQMkt``$G>gA%*^VuGd%rUu zxB@X~DThVgP*awAYHVjxn_Cv+ZDE_6V)B@QX!QzEr7m%9azP_huwyQdt(QNNR&I7U z?tJiLH_tF&k`6IJE%aaSii?RemDEr$#B9%`P3qAn_TTso@qpOR%pRM2$|{g znz8X50of*RJ$tnEGUZxwDR$6Cx&gwIgM1RvD*$Z*pS}F~pW3PdbDHm8@PUpO9`V}! z2}D)k5NrWd+OD0unnJLVxaOEKPNPS&x5>%3q2trUk8420>|qzqBI5TRpzr!5`a zX2A|auZ00-%-xsCMM~QvGj+#V07*kS>Bm}fsiCL{uJ(s zu<(fqUmEQdC2_Ov7=pDT!@A|r6o!qH@4 z>p#XflPQ&>m2WYGsf7g2cK-nQpcvkmsCs0?do@UJQJ5Dom5l@KQc=Ah@l#mPknVVZ z;6_t{?wt0yojHF~Dw&C?T~)(z6zJ{KR;}1qw%IK;{S2+|#3hg9lj-L6twh-8TiMdQ z321b#xCj2+l=q<# z%b}Pzx`U)G#T5Mb+wbdN!z5v37oCgTdnE04@fK4l3u|I_cKQg|7?`u%@bRd&GUX^` zOp$i(Y^|G-2sqjXC6+X;j75Zkyn*R+==5&#hcO&%L1O&-1Yi7@nBv_eMO=}U(;>~R z>T)HwH%*Rw42qcVI`Aa}(7EVtqj+&0UhvIC zu)M)xe8jQ5gu%^t0zkQ<>Jl7?d{xJH8kJf$wGk&A5sAhP$&D^AH948ILk~-gXh=%> zUlz&YbBN5kQ*`Brt5d2{__j$){Z>oep(q>!1LpL=7 zPxn1WXkrkEPD4Q6~0S@lvOGg_p*Y`wT`cnqGrxg%hUDUNkD%ez|&+x>| z2(1wY5#Oyrh|^1E#;thL6@;eHmdmdQr6EfYy&4Z06OlY@s~RF&&qxj?E!N!+*kQx| zWK;v!#_7BOg-lQO!#prSP;W@Zwqo9r)M)&-v`Bbg%yzM&G2M~Pq58wOj7@lUqGyt>YRs!QAb6m zSQVc=%wpMdoHK4q<0-O|T52O0t8T4I{cj#uE#}3RN6Y~n_radf3nRw0)kb@tX8@b! z_gpMHjx_yz0hRjwo*ScIRPk}IF8zRmnR{IX)t)v$w{UorMtCVXtlHn1zCON#yq2xU zI^|#a%w-@(PTXOZ45mw3Z*oXYxG%cT_mH|pqitGXrSwN|8C%L+6V42Dn`mEK`8>L` z?_-}MN2)MXZPqDr`_A#ZZU*SWMh9!i9S^pjUT-=>z!YEM%IU-qhl=v%Eo9ecQjjFn zcIS-t1aq8il68>Y%e_ApEN+K94gijgtf6#-QE1C)WcXV=th@W!hLH>AvT&Z783MjE zC#O@$TFCXrC^fXY(i~w^r99HHwJXPpGVx}p6+;5R(NN#k%>|I+S{rB|F6_~4 zCsJDoRLgL7&0~b{O!(c$$Dam>(R!oSZ|$-EF;Zj-ajcr5*uEzQwQZ?}g37X*%rr0O5>85C9rM@@L04#m4Z`8W`j5mZ&BuFgP zcH`4&yc>ABfQD}>E~cg_Z|hlmKmab@;H9FuYBsPrsNrobO$>Mp!J8vYexJ_94(yn5 z_{#%xb+*a{Q%iEqa+++MkgW7US&5D~Ncq6;rjW(VX9=B4X16Iy%=qT&RJZLtvD1g& z1Evf~mDS-uoCp@}S()OXN)K=Q?ofjfHoaRlo4a6hMTlu* z;CZez5@oQRO6>5z(%Vbx1r;DLwzrF;U0YrM7n=>J6;>;$hH)&NPKDYB8D_VUfKU`URq0cMpp?Xrmj={Rt~GqYupukgRxJK@upocQ z9!g<0H3TTMY3{{AeuHAE>x2rjR}CosK}{vSgS+_fASBVmpd$SCz8Q25?w!1DQynS_ zmK)&;q?P36mb?^eSe!#s`eie_O!Uj(>y07=z!b5G6q0mK-Ca|($$LN9dufpE73;|u zwrVm4sK7c?Sj?cH;HMJjMa4LvTrJv+)Jevmiq|Pop3`*EqDX@k3{Q!S#uiQjEg|8= zZ;>L37&e?O%1Y{1*UsM>s>^oRH_}2$9SD56`1$Sjn-gDDAoT;(Y2~)>(9wgg=mA4t zH`6W*S$+Idtn|aM+G1)3tGqc*D*aD4)J*Y580d7qVoH?`Y% z`PFmR3n%ItWE)P_EBuJ8zce}PPHmg^T? ztlrj8yR0NkOkzF8Od=)=hd{vul4`f9v7q?f0wgW&fofhn z3`BBaYi=qD$@xOgA>^^^c++3`Z>`N=eqDqz5CmcjA4+m~KIMQ7|Iebxhs5w& z!ci;iq0z2fim_YL{*XPMlh{ryP%fqw`b>rlN6U0L)!yUTI~?=H_QQ{rS|rht3a+*HpwjifJ1S}6u9SXTuj0vQbJr1$t%Sv>`}5(2 uz%q*&>jqga$^};-0i9*=vq697z}1AORNG%v%(7nk7#TJAzt2)X!~X%67Hy#b literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.svg b/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.svg new file mode 100644 index 000000000..38ac0fa0e --- /dev/null +++ b/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.svg @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.ttf b/2.5/en/assets/fonts/source-code-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..918694a4d177e31985d6279e52203e470d4fab9a GIT binary patch literal 19720 zcmbV!34mNhwRY9*p6*$CmfolLecz_{o}QVWec!ia5|T;6B$>$`CLs%I;ISy6Ac+wO zB8wn9LR1JCKtx0kL1ghEf<#c@Ap#FUP)N`J)xABFNkrfKU+&!7_nupI>YP)jPMveA zZU`lWRN*2fq_eHPL-erduY~ke0Xoq+G&s8PnxR8@p273^oulI|<16Z(!t*d~?0u{WQ3a-5L9hw9yZ+8Uoq=~$Mo4bO%(^ve4fdC8gfu^Z_o*2GBysXh)c4}qIkRQwp4^QY2i|`O ze6h{jrq;BMCEg>X@j~{zWzC-Lw2#|}XGX7e>zXa=w!U~#Eg>C`5+bs1-?n4t+KQ;@|B5Mxvf%MWtH!+&=7ao@$Gb5dP{BXmUMpqFt0Yo2|08jT;;~dR;dVIiM!1>!QR}+eOkLMdZd=c;WnaZGDJ~mmYg*!`UreQw!Q-FRwKgOPCCzgma(?b=VkV@>9_EsX zR0?frrEa&wE|I8J8VwpqYb6r8s$pgz(0Bflx)sKVuEp25GLcx>80xY_+-qgwrDqRq zI5ZNqB#qYQT_dA=THKC!C4negXYP{wK5|{{hPVz9at<$|b?M8k|G_itKLpzu-LSNXF&het6`Zp5F7u znc&XJig?ZPCVNhC-ZPeUvf(Q?Z9Fs_HzoCUfqAv!_V)Zc)*xCL1T`h|lr!Cm z%N@85j#0(fSpHq^vix7D5(<#aKZ(+-FgE^PD2;X<&=>Tudesd#(5r5^p_3DJbR0k4 zi9%#}?nC+)Za;LEQSV9f{gjm3k~X;tQ;s|#sMICmX+&= zL`6kZjLpRJw}SH;^t=~6Ur8({^*tM563@I| z7Sx{xduE%OW_yHdtk>u3jqz96$f3;}uNWG-V&mpRBi+q=$3}NGHtrf7+uIBh$$DHY zpi_2=-aF(ABX<2`-CG(Ows!5d;@oxYpkn%St$P*?P_W7Ov8kM(v@7GKxz1Y zrd7){!OYE%*pn&m@%wvXF?M}(*|zE>rM`M+rM|eT%5@SW?agN`9ogO3xO-&jS_ zahExU+gg?c@_(kw8k?Gu`B#JaThO1a=nEY<44tIMunQi~sn&=YBdylVv0kFluDzj{ zYbw*$Yf0KCZOy^->ABpDGiV)%*LFBk#udI6cVjdkV z;%_TB8mbwtw~aX)J>Ev=u&r)LW@=d5L9fiOZyR9m ziYviaJe9&o5qe(3iF#Z_2`imE6S^@ z#N`^<@`)plu9zw}Rf#L~<)_n8+Hi{|Xfg#gx8#4EKYX}4ZZ^lO4+FCsm}9_P3CSl< z!mOs;%M(*dr%J4HD_1Rf`E7dBPhEXpZ=d^-{PMS%HDE){0C_N5pQJE;YHCwA)2;dM z(|hv!>CPCZ>xdnH3zmsv7Lyav4=~fAuQ5`X#ZQMhHqA*rISd+RKOAhLh6zX~E1+i@ z&EGA2mzP;@|U+Ae{YWA6%Jeeht@OUQFYj%03Wc9N{BeV5>Ol{`KcqTm- zaq5yzFSx14{PQWeQ4u?je}4Lmd)U0SAjJhYf>y5D*|@GY&}k8gN7|$!)2PYWX0tU~ z{q4R!*#&zCcjRp5TGu?&2ejU_T@{do~x`|7A>#LRg|>V z9etHX3OMhEqf;{Y_M7IXNmi2M}q0h zDz&T1ZX7;ltq+)LHR3Y2MH^L$l}&-H}>7 zsO=7KdhP1`v((Yv8Vu&|By)3QIZ$20{gQLD*^@|Uc@2Z6=R5`Io_Q#GX(L+9p~Zjp zUN(-1sbn&LC3Qa(dy9KKZ>A)F&G}T6%s&oFnHA8X9(;3*iX==uGvo6!=H>k(H+_-_ zsDlQzEh}5Lgud2#{DovqnJgzm1xm7LHH;pGqJU3kw9!#o{>n28Rg|7!I@==Ulrg_E zT&j-y5_4mJAWNr;t#Oj1$m+!)#7#*i?dBC zcApR@ePh&@I!T(s2<42x@xSzPnzppIZfO#(kq)=JBNA!%c-jjVpni5_XtusBGM3Ja zM+8d%QNX6f`8If)rd^Q8f-*a_>VnF$QOa!EN{oH`vQW#iaBgj#ZO|qXpBrdfFlkS5 zKge1A4cq!gcEKF1xRFX0+cai%;`CEqF3jpA(=gT;3JbO;9hYOoumM)E3G`O6$TSj~ zWTq$B#cb*CPFS6%4llO^1j}Pf9q*@-MP>(meE%^A*q47D^*fV&K`~RD6H(T@Ta)ViV$khh z-VlACU|^1vQM#;;8Q8&Jo8&Un^^S?>$W_;>hR~wr*K` zdHox?qN}fNeKSyRmX+2Ey5A3r|9AQZ(@D&pg8Re94fDR4z5mC{)~=k??MG-yIB&bfdCevj=WzlV~iMz>cQ%EjgSitU3>&^Pk$IJ+E< zE+@(q)>ht=y^j+a_m;NoZ*M#=8Xpi|jY0pA4>9|yTqMfGuZ$GWS z+*~0pHk! zZRzw$qNw1`t8$dfOSNV3CPn4zqq{3CmEv-PY~#Rh6sf^qOT^70ab3ts-^~Bj+U<07 z+i3am4{G{@OiIkrQ3C%-{!l0F&%a2oflstFNO!je^B1);yJ|(*jA#nhmgDUz;lU3cqdvx_to(b4obC2{#DePeC+Rp4;e!ha zlen7FV%qrNH@@*${#}vEuihVe4Ke&vo$qyW1Idl4{8xV5+6p|)b7q#u0DdvgjWWhs zodtdc&!a@((eimv=^`lOQ7Buo2+Ft-pp`t7kJEX)rHf>DDpZi20A+ZEvV!acD8nm2 z1u5~-t%yk!&zJ$rN*TR;yvn!6@^lg^^wgGPR<@R@%RD2ur}oX5vh|2kae*r#$nI3AAUgrdWG9prWG6tGlmw{IQ*KZkmt97)840cK+s|jea=S)HXX~HO z0q;8CwPBo8u;`O{SPNJk>LiRXp9)+zwyTRJ6gqcpS~501zKOeRE6XS>4_^LKb4O>2 z^=%vQ_<^Sg{*QnOxJ3L63XJeLl`IdWZtFYGWDA856Gqzm&gFAEv?}EB1OgsUDE~eW zfNc4QN>l>L7QSRv|Ohg=!W0o7o zEUPBSJh6ER{(4%?2X6(Zj#nopAUGf%!C`YOgj`ZvGXBpY#Qt=5de^GnF`Lh3X*U=> z6I4_`7Oe4_8?+YlU?A2~rPhvy<1JPM7_a}O(jPL$ZKjORSfe!Snq{30@!p!!WQjd$ zad?70e>~ef+Z!EdsIJPWtPP!=4amP$n97?}<72MT_Uw3AS)NhoAh{vfFhp$N5ZPGh zlp@UJ$;Usul&yl4t3D4ZIRWLRER-!?1ZDCRpcOondD~a>c-ISfYZzVzeSHyBvH<;< z$19XAUV#3UV|WEv137YN>*?ifEEE z@~y&K0_U*dp97Vgfbz5mW#Jjjm*p5<0Sc?S0A&;k&G7H|Km7zvbEK@Gr{$y( zHuXeU2VV?YyWqlpo@Sy*L6za_x;=4;V81t0q@X@|tLEiT7hL zQ8EFV6NrRiI!^Ln#Yv=dg%QQaB=e(*jXJZKPtWc5cUW!4geed-g%e?u!D$HkQ%xf^ zr{$8}ZakU7@vzC;Evr^%RmzCPCjWb<-`0m3rzJ^QF36 z!JbgE!|v_d+~#iIvm%k*^kXv}Fw1H;bhWL^B*U4Q&)*$JzB#@uJ8|BcUR%OCy8WAL zhW576e+G|NMCbb3J;sKpwcBOy zd`k4qCzi6L5{ts@rc zMMHUorQS#HY0X!Jdebm(qPb6?U7Ptx+(aUUnBt^pT)B8&ViCtlZ{KKY-E^*gc#z!UL%u{0;GpvHw6?2ikPJ^zO3`q*4M@0ojf844)@7TYYINm$lJ zh&Vkg6+Jc*OX_N3x=||Phw;T`D-0%%g*S*2Jz-HH$W^Ns_vtIbaW* z(c1mxOehNr%3@nNcQN8P6SLz53o5t}|FnVv?@@?%F$!p~bA9Fu8#kSmp6(2_c|2{Q zAhV@Goy(=uJDsw@gB!2E<(BI=9vp0`-F@1Mo$2(>6{qd4{gu;VaX2g%C*-vTO0VGd z@wsz;jSLxZ=CrK2@9XYtjjG}1Hu{@nQH8wh_+xN)5C@}tDQJa{5>L+Ct%4`Oj}a;C zS6tn_`I`f6ouPh9Brw(1v@+gv!BTU*>DlP2{X3KCjv&(G$;eo3{aIfb5{Wt)-de~& z0=$KFnT27%)-;oXfj{ALu!f}S!rFx;y`;I?Z(ZIHZ1;xOkM*tab=HN3EkW;eL;b2u zf1STO&^RO0d#h9Cuqo+q*IFB`NqZ#aG$kA%cUL0YqY{?{T7tF1Y=zMS{%nv(6`OCN z5-f0%VudtG<8r#4ifB=#z3NVSZC*kfC+L0p2E8_-eW@i)uQ+}#<0At;N>RTs6BZVb zc$boSOiG|)5-PZ{)LgryvD&AOxA;RnfhC>Zj6JBP8}i5GhP1O`ZMJo@Oy||4P|MjI zYUxoajWpi*psd2bti62=>=k8}n$yh7jji$Ux%Wl6kb>o0ek5I{X6)X0aH#%2jr##-|z|IIZ>J|9#n{=uZi`sffN?|pT=yZ6`gkZ1^Ze%<6Y-p zcxaOO&!Ali+Ra$Osaw!{KI617J{S5~B&=_B?8(&tt z61R?8TXKE%kh#{MXbbhz&VEa(+i!^(J>9aVps@~9`QLOOSha>%A zI+N|N#4WX9cg&H0EEltdEcyz$H)eIDt>BQYt;yykJ-GDtX+oM=TytdV()39T^=32(|k!p$8E5?&eSJK@4HC?_SqL+0p9 zIR*=_z)f1z;X zb;#mO?ixMgsJ;~SSy6BmR zcvuWaim+&?)Gm(TsF*9wlycqzhWjSzME;gZuFB_h`q&8?wt$9Lx!bU}#0_86ox|L6 z@?fhFX%`dqfz%LV|IExwG!5ORb)9T8t$ERyw{ zAetk4=j!R7K{MZ?Fk9rnyQTu3(YzL(#6*0)k#4^2Ov=+_h}u@h3r#-CTB(nsl|WNG z9JBb+7CqYLj0;>+@)2E4r?|UV96~*ivy@ipxUER(uKvT;t$$#;a4t&x1|{6&>zBZj zBwydbwDs3?l75jp%DfxO_YB+pqGrk{r~?gn;{C0LSW1~Lx5+IYADwK<^zCxgn3mQK zv{Wd)Ry&q=Dfun%oG;)}F4E)$_5a8iORLi5R=LINw|e4zbdtx=TA}b-9D%0V-rbDG zRlxEdu(-*7p2qz<7<3xYk9p_;9(sU>{&vnx&nI8tq%3!R{9#rOkdMh1Fh?AiyX5%8 zSlvEAcHkG|j3np<^ih`8a(R+ztyD`V4;}KHeRkryq3ayqy@_$~9Ljt{D3kW!(5nA| z0-i$&`%T|wFHALF5!xL^>aHp%jWIKtTnH!?N z=U!%>Mv<^)$20)}8$CR;ckfJS?dsKQ?;d%5|NcJ?`^SEq4OxZ^070 z<;DDeGhZRJVb7ks{o_yU+xLqx|L`C8?`LZTf0&!0f8!oyyAQN-Vb9MWsQS6*t`x0^ z9Osx_JRK!=7fJ{_gXE___Z(GU8R7Dg&u&DCJp~-mc`GYe`hqLM8&IU3ge)5GjqrIX zHaEfhq4!UoCN9!8*3~s?i^Qi*HYDOnmBf=scqFQ1JaJ{F-<4~ysT|sb)~U2KHaYq; z5v9i#I4x3>C=r(=YGUJIt5?Y=odO-lKq=_ZvfLCS14>_5_QV6Wd;!jP3*WlBkl6!K zj;VM8?Ya{QH`-0a8zz^ZplbQ#l@W}t@OZ4yX5_Sh&7+KD`W;P;7NrxkIaIcWoU1>> z`eABrHT{TtjPF(KY?`87J^A~t6RrR3D!irAIqd1;-eqr#kn^I_o_~nm`mFlodPS&5 zZ_nS?L%W2E+@gBuD^^n^)b8o|2fZ)f#nrGYu#AyyoR|wT??M$ zZZ4@Qxw+~)oBeyXnZMf+PCxiyI^6MH^R=+fr_DV~k8^imjj@C8Nl#&KS0aqKAjKP_ zLX@56155^Grm5gT&4=JpYDulM#`Fz-Z7S5iEM@#JjK#Q|r59<+kGL#%37?x;stA1Z>T#M?hQJlN_&-A9jZ+Q4elzlCRsLe`TFUDgM$aB*Iz#3?>>L&#D8>k z{l~=8^SdV_%W_E68C0Iis@}SmepQ8EWxz_qcG^ha;-28C4Y524W{i1yK9^qXj^H() zts*T--O^xUNi4P`5nmF=ANF{7V69kqWa+a;)beoH;nSGt{9)!Xo-(WNj;M>{&!%jJ~{tgd`Yw{mUVjj$>PLX<3gX1fWoO3SvjBBPG= zQz^*Ms!v<}+3HI=Lk6)v*qN4!JN;c^Dcy=qKdCuFQ?o-uv-w|KwBhK{4HuzrqjTG_ zuJ{GyPO?lt7j|jQ@19{vD%K@weyH08hqvHq@~gAF4W;9C8;2r;7mOf39g~VRogPP> zqhZ&$r8yZIX>vAfXb!cSjGj@IF=L#W2woOjdvNtRw=cse($Li{;voUC}XpNjqQ)ZDT0+R!b!V^l7sK# zTt=_X57Dc+i;wSOCq0zSK2=-GW|_O_SLw?lIc6DbKji8GIRMB*A`>9@7a*6?v+098 zK6e@EQ9A{_P@Vsf{(H;@|$^hWMG?5Z8gncYFF&SCdA zHM&~6LJZrbbFK72V1r=be=XP)K2$vkHB(!uFxaRsKCJaCYi-U%Q)_)D=+s3NZe4r8 z)!_1Y195NbgMPcsXm;8h4zJH_wCgo?i(OY^b%ZO6V{T{C2)+-3i>J}9h^=!md+ACl zwIH1?&(4vnBIkc}n3m@MHe;hDy4S-fe?5HDBeVf??);iV>8zDegTWDr`n-CR!dq!p=IoI=z1ilrre!9bN1@Z` zbb7Z@tI{f}+$vqrYjl=LJrMXIG4KWy_ z$)Y!!Wo4>wr8;Es8f(M=?019zJ3)z{YxDN7Fh3RI&XaTwa-g-IoYUJLGKUoUa;wrD z)J07Oi_xNXsX1lT7*90ITy2rsL7$?+S5|JR3&um{YOPtJ_AAs$f1rVJbp)5&z!lri z%=Q~Y1{Iw2xJcu--uhR6NFhp$_W6>|@aWPcq;wakycJaHkT+fMnF?M?!AJ|c?V0ml zNXTilybfZQ7O#V~ZC;(m+7^yA+m(7(r(G#G8Fc1QsotmaXd@n3(qVPU#1$5UD-v-T zZDryzm(3M_P^Pa`RBPp$>O(q}Qe7!gyD^!7{yPg4ois*Iw0$C4hk2c!5NV}3sMJ?j zROUc+#LP>~t>#paSiCs~kzxmrvcg+hZid9dW}Vg~SNoK_!~}7&cHf!%Aw7?N^>h5( z@mM+?3x~YkP+xRgZ}0Y~Ei_e^okGfsk{3{GbD@?XB4$-sSBm%=VbtxjhNrT1Qz2V) zdvEVHR_oKbkLXIQ5&csxKy5Utah4ghTBA{`WqS1C+*j!|$|4dgLJOWkEHR$9;RT3_-pb?oNda;RzRXVx zkh@UkR=&)m1<0KXke?MG?~v!|dED)w@Ua5q1wc0Qke?SIpHdB7NzX!=#|w}T$?bHS zhdfb$+<<<4hGiZg?XiRH$`aW-SV^YlN>gD=K^*DCxoEP&avL$M}N>vf4(swrg)U7l`)ymOg zmr0KWXO0voz--J^{-3?2g^@;s{;puK%P(95(P#iCJ!~ z33#()lrwY9SmCVUJ#HahL(Gbi!W?g2GnxC%(n+303vg^CYt{$H6bglWG`KXHYltlk zj>(lu`B-p5TWfBt*=9{!ENQDXg}>3zxVFyjsM9V9EqA$=hn8sT9QHcxcxahY>DJoo zz217eaD{~#pF6-2?j5W>hOq~fq)&3>*$6(xWoMp~5=Kh|13d0=t<2Qr!d=5%;n=d; zmT`N~-WZG50ni;zt!nfRwSTuB|IVm2_@Zu$-(vRG1tRUPpsmJW4!I3(qs7+{uIct_ zobK8yjq@E)tDPI*J$gI z<*QUzIi0jCpPig|b6i@1}T65^y0sH~3YvlXCambI5v0~&$-#K#R$Tc<15!!USt<~XZwcVb7 zIMQ5m4T}}B$l0a9jY;4KbM5EMHJXCi-#soP};J%ycYbld`yHMf=A3mMtwc9o1fSjS0Ejr9FhIs2wpS-q znm~VIVA7~enCazjzYJj{vgO9{-P7ePo4RgA*que0}J_IGI7_HOOqgi`N5THzF;&_uiI!@16N+?x*-;<%CQT z_$5j>$m8^TG?2@|T#)r-ANEJ68HPes&4<(nf>&KN|F`_JYKKP`Ved)Cc<&FvE(n%Cd z7O6MU5DJ}H!%7Su2frNJAO(rBoYo?lNg2I@+&-b-JNt0%p@(vZ&jw+XY@v3l-2#sCg zu*(rfPKVO((;4pjYzH7!vVjNzOOJ+WiI|pzkLu`=C;aTAL;n-`?o-OsG#23HX)UGx z{Kw&=ZAZiTk9Ab;e}dkd?|H(Xe-G^y^2=y%KR;>;d15>xYm4_cav8cA`w-@L!Mua# zAM(!<{{4PD{~UW7B(#`+KAUT%zs1fM2}Oj3`Ukl_`Y3iRNGNhIc)poiMh|lb@C?5g z&ku36^eXP}ct)xQ&rcyod=@Fjvx4Wp&^{Y|6n2I-e>;0AmpPQV1-u^S?x$NsQw#69 zuZ-M=G!4&D{$TzIDqT$<%FzFXJ~@MqM!c~QMe=Oq#De*ZaaPjG=BHe!^BJupQ( ze(0DTnRVM zDYp!{2E2J2J-3znC9`gVFD8T`G-!0YjX1eJhsoq%CmThDe&#J3S-e+b@fy{W)fP)N z&f5yVT%S#=wJkn@=^E}y`Xf=zzsK}zjmf0Z7>(DdO(r#5bnZ$1QBwfp7nlmVC16_2 z!^yFGysj>u$YvAOHd}SI&CbX609q#ehyhU1# zN+Vg_Rcy5cf~-&e?==anrk}v~+X_p=RxwWe6S2O>8$ayte~`oEdCVPo8l_$E=l9X8 z5S9KG-&TdN5O@Xm6H$>!BdQloh`uR$M08B_H*re5Rs3!7vqhyvk)j)meqQu!(JMuN zmsCsoBwHodNnVszNW;>t(#xgyNna=~FU}Ot6z?m(sQ6&@t=y{FaESd zQX(%gmUv2HB@HEAC8H&iB^ye1mYiL3amk}4|6TG~skBs4YAW@Xj+O2yy|(nW(tAoD zE`74}H>H0l>ns~7TUjkim)62hA{!m3xMN7ri6)#nMfF1IuSDst>qsn|$b=9`2A5=Y2^_Qx@ z%Zuc-^5ya`$bTq*S3ajGRfHA8iWQ1!#dgJ)6kk_dr?_2lui_!aV~S@LzgN7e6e%l} zer20-T)AF(oAO=daeNJ-Q-xGLsykFqsIBU4>Z{c6Y2+Hc#-Rynl9~a{nVQ3zCo~^u zi?jjldhHjrw`ZWzu zb$fK@=gIs=;CyHB1|}8Fm}KVz|O^v*C#0NyCeV|2CS9K4XJ%$hgsX zj`4QmQRAD&k4>DZ)MPhhO)aJ#(}-!g>2%XZ)2!(%)48ULO;?(3GX2o>i0K8>TV@45 zx9l`en$I)eVt(5Ep+#;9&mYhjrbSeIbs2Z&E2}E&KO!R0TTH25Htx8Q{l0RA`MSBj zd{!hA!*D_CI0l8Om>_T_;G<6Ad&#BP6Mq3b@N+;S`I54|3 zqdnnRg%;VtTAM$d*!ewJINZqFtV2t~iw-$jZz~+j(YkQ3c268-WCHCAM-&t=y3%u> zUl;{AaR`NTneX`R^UdOS8>?I$ObIGsCZ$aBMuG4t;9H?9kKV}^5 z6O_IJSf7D^@CQh259BySrTjTYPJ>*`Wc%EwXn85Q3-Y*>99;Ol9<}a7W{w?qBR_Q) zp58$g_*3#B`FHPb02X#;K|w!yD@)FRch3$3f3@(mt>>?M;7g8^ZLlTd@T@4g1)SS( zFph3SYx~LBpy+1u5P1sEhXMIBU{?bA1wh}%yKC_7NxXfEX-nZBMS%5U{ynBWbA5At zA{noJ^KaQNC1R}0^8XJ2cQJH~kY3@JPLdckqh^_?1Ya9-9Q-l#0E^fP|C-xc1`!ol z^K(KQVkdoUHKEtC*I02qh#xConrSerrNR{y;a5!mf!_}3S`jong1&8nR;)(f>?1!W zzap=a_sAS<=_ov)$GDfcm#r$R-fFhmt!``FnzgoBcUteT*%3N@!>+Ka^K;Nq)*4&Q zXhv_YfmE&oZO@Qn3?kX!_Oe}S|vA>W5y z+(y1j{u?^^8M%qv3cdJ%s>s)%@4qK6L#DTrJ0bqN$cy9<`761a+zmbZki1XsA@`Ew z4`FnVu+>qr3nOiYY=Ax4 z1YY04NZbxBpCvoM^=@(|^nNS!^Z=r&Z$L*cC*(dlcfs9agqj3C0bA9fV)*DRLsqz_ zB!MRZ&SB;8ABB4n8H2AZz{RAEt|;6Wk+t-?!o7s#pr=Ba3hZBK5$>sr$hcjF`&Qha zTexo{rQD^Elogqs8jSrK+=U8H3}S^gtp%5-!=_mwi@iKw>%ip>Ja>b)DZHHp&+NJe zJg-A}EAc`mJ8^7>K1Oit=8rH+%wr4lHMiiMj|5R;H)OaIwXBfqI$&Q1e7g$RI)HsE z-dZ91HE0{OSgS$JHpq7tc-C2U$W1MJM#)yZUCTX8bZ8nMRKfVodd6o>{lh58Wua24yy&<_O9$s<-kZ0vFhydsya?x1Id+ z!i5qF%U8+2L0riHW8W`v;0rsvaj>tQ>v3(wK{0~+aUI1$(f(3gmy;E^vKgJ_W!B@m z87))DayPCN7)#N19}%~8^oi$_JsV7*TMxaeIm5%X^-)$&m0$!z^! z(7xBpbIa@^IkIwWeVMf{25kbBC7`+kJ$D;s)7Qvn zbbt=<911kEh^7>K^f7B%oMCP<1YwqC|`d` zp}Z7u4%A^q0#f-SC>7yZ1uuqKYoQI+rvg6K)&rnifEQ?-`v5f<4gbl*1qzrizBR5+ngkmQ#6D z(RJHZL0lXN80hC2a9UDJW~oP49q}4pq&5t{lHMSqM=wtRY>)Ri~F(p zejs@~HKAq#FtYpMW`F#C|BQiv>llb`ZshpGf&b?V^?!h5ZtZUN!wCWbQOf`NNI=*n~eIgJ1zlwg5P}{ctBgF@EL)!pvX9Nos9t z^3#u=@yEvcj}uX4y#^S${lsOI{PFvl3lI^oEQqCz5#T2;#-BLA20wX{*!&CUva@w` z`l;XGPall``hB+ovDi8M{_$nn_^~1Xg9SuXu-h8^fIqk&5E^)|C$L4fXaO(^R6G9}a0J0GX$ZZWT92mln5lejA zj9i3>QBdLp4jOJ2+>F{f*kJZ_1#Wx96A@e!gV${HBPKG}bc0-?|L}&N6HbuILNH$e zI{p?RAuS`{o9dU5gJpm;WCTvZ(7|vLB*n-S4HBq86>a~&c(PM0 z0h&r^5Iff!&&KP`+0=ToU~-Bh%}eH(buCCH)+>Q}QG5${A82V7wV8LIp)py1Z#EJ; zR_HpNp8MHgYjfLt7lgT-TqlqdWPPqSqSrBUdfd-L4l%EDxXdr7AUUqq!hwj1F`3)y zpo{`m5!x;*bG4lY>o_SSuo$Y6WLY&vvywAcfaqJ8u+~L*ZO|ZC{~H)lStidz;-@P9~hZqS>+<}R$0=%^3dDibN^ zU5u3fswVQ&lubz@nwBJAL7f$Ws0ex>%RHe5KbpqflJ4r{M>GR`TZS~HKC+IHPeJ9$<$ z40#Y%J*`7z0v?z~O*0^`+DI)cFM)YB|Nf(#xPSr4?P}Qu_VsEQ7$+L$=b*b?WSNLT(z&g&3*cP-Bd2EwrqDw4u2NcuKRF>UMK(@Fw0 z5=U14)EVgK9r^tYgy^=G?FnhPKD;D=P$UT-figr+A4en^;OXxvMaEV}r?eo`yx)b- zQ@8(M^`zglNqa2Q@a&SBXy)`R)Be15DIn*X*}Pitbqy3zf>t^~A-EUX(Q>uf@r-~p zCwKrAu$ah!LQ)VOhm0STLBt7O{da+OLbBLiePU=oDqZzpHkL*L87C~v6jKsCoS92p-bPDHLsPfS>2hZ)GnWJjI`8sX&CJ%{ zjisK$(O;Apu^yOPQkV@&Ajq#nJ&87VE&(KA5S6)6;>Jun#mU@wQEDVgm8>|1NGsB0 z7TzxJW#%vS=?~f_f*N+t)sdph&acu(ekKi*0-n1sF{p=eT$YUoh{=>QG@Mw|m=IQz z0TlGJMd^wwr^H5@M3LZ-W9HYZPQMMV(QzpuL)e1{GD9Fn3q?j+u3POJOV2mP?zsNM z-2o|{0#Va_yp*MW5ejl>=nGyZ_v9JfS!`>(e=i~e7($z~XPe7ws`nfo`o>G+JMX9) z-~SjKhR)K%WK;?{;#ghTb%q`(QH)awzK7q51&XA~A0J2gPuB>#&|&Is0;ZgG-<wp?Se1MBc{Mu0EW&Av? zGdyCu+V(E$PULH9d8eqcl0Q~X>JH*&9h``LkW_u+DXx@Rr_;mumojrxhr89p%)!zF z(tVL%?M&~mvNKRRcEk1Ivlm8HfR9WVT{zKrAdbMZ&i z`Y+e9%~wOW$>WA0S=M6~o=0Z$j#{KB*-#+_j*}zE%_1-%jbnV09)*Y=1%&>rcg~zK zBC4FRHOnHfT2y1vsBbFDcm~e+{8DSZs)h-6q0*7xB^O8hPFBCIW`d^J=K^git*_U! z*nsH}?e1@_!1}^D$xnucj2Tr#uf0rc%tP}pfHM%>;C;V4`e;6c3AO));*_I-=Z@p{azSKO6EP9E7KbgUi^VvSkPoPH zNt@*IG`Rq*%sX1uNOkyJ&m65dnljdg9K6r9EKq(E&b!G`)E?!JQ_@f>xHzBfDJ$4$Nj7lB<-KLM9ZSPw6m1Y26_?vj6 z%`sYssUOd6jfc*SP>;-V87Z$|>bn&aX6%MZMa))$1&?UcOcu4~4mwJVA4zVdqQj{N z4cQyW8~b`raa?p=a}~*eO|G^s&#&@aQB8Y9D91ap9MX3*6Cx-PV`twdm9C$FRWpvF zUN&-fQtQ0h^zAWlR$;Pf31fgRAbhL<`;xwrOyXzmoJXOJxKOzczeZ_zECMqBMid3t zON!2Tz*K&&PLaFDvzZA$_+_7_G96*P?wKD|PhWKBkBPMDe_K;<@0#G%W;_~Z+V7YH zdCPq}c@NkdKi?`vii>G7ed4&sL_0XES22kI&Sy^75*{8h#r7OxRZTNkS3NA+C-$zK;V0+? zm|YkpR4Q}zB%Lz7yIgR~kkVu)Z9w=u1QGd8j65|y68rsRNUxR6?RM-8wpU-f<&+Yt ztc7@%OvJXs1b9*JpB9n;*|d&!#utL@ZA}_AwpYv3lWwK;dMX6j+{=H4eCpxl!SB{Z zJCNE^Ly3Za;gl}bdYDBt>x)a-r+A%>a1imWrs$(v0w%^XJ?3G3g`bab>@YO68{?Sb zcxBPT#xfpmEj}@kRvau#a3uO@-1ImN!-3}_fNIfd(zQhnF1GQU>!ewJFEY((P5<^e z1ralMFclLUM8kGqXKTVj7dIh0#)Z#I9ELJEl%<#+7mZ4`iq^+ppu(WhvkXO?8E`gi zz}RYmzG_scyzQUiX)xAn6Ee+}nNFIBk18Djweg(A-tNr5lN)@%=-L|JAKW9U!;#z+ z@=15vSxSt{TP70UkF-YTtBu%GT7xddv-5I&s&AkbPk0@#9=#QQLBAV<2@V^_PbF4r zyeo*~i03{jMe0=dU*J)ja<(C$61Wi`EPTRQbdqkig!rs)y~(!tE0&T-^*4vAQ@S@y z+dW5HNbd5_Z+AT_=~5VFWo(!Ak15OPDe?(q{A!$K9H%FQ2ZxrWOP7Z3c>i&43$wMW zvW;M~4T2B72Fe?yrTcOY^H|jjPJsNwT@g+5WJW(6d9>jE_M}7mGg_o)d$42P%XtfeY#!Ex55RbV;V}0Og`a*d=pqwNo7nIC{a8}aOd7ilT}R_a5=OQA;gid z0^&TSGwYHU3)Z(ijNu4T%mgOdh5x|`2NJ~DSF$i1 z&3eN%W~zZYT5WEHy?mJPqJm`x<=E^nUGVip^}XIbAv9Mpak zwVXibg-7_T;X~r!{aZv}CA!W}J>&~}89(@97pZJjW7rmWLh)$3gVYH(l4dWeIAMAg zKjA{)JAI3SHs>$>lQk`Za6wyIL}zR-qGM8$WqE-VNiH|Pc=MDE9WF}}LJ9$=-+Y8k zVe5U2zl(cH^QQ4Y-qTa$3;yB^DnNHL@G75GJt1ARw&2yC>+UoqNkfj=lA#T0M)*Bw zISR5i1W;Xn;ptf~cB)(=Sc>WSGU-{XRrhS-^o6B^ki;m%=?!7a4I4>K7navwn{K4e zXrj|~l~}K(K%AHY?5PJ@AD_7L7@KUzh24|bubGSVlz&Vy8=62^EVkcR+6_il2chDV z&l;p4J{HE0KhNREp-y?s?H05+I3w>>{8b=c1G7&)*tZ0=r%=@neOj6=;daUkX zL2yE=VBeC?;9jp5Eq1mrfCp5F1Y%X=QgvJIQk|s!@*}9X45r0=5+K^ku^)l8V&h>A zdhU9oKYs2KCjR%#?SWQ|g0jfv6}A02j-Qdm8~5shaAE`8&Z?k6W2(tk5yjoE>Ta9P zt=f+Z^BL+gB`c?JO%i)G!~;{=#qrI!y+Sx(vJUFB@v#+MAPsF1UbXZH1x4*%Wd5Rz zdU-#`dH^(#dgIAcwmDKyfH?6+?Yj&77uY~4Jfjyvd<()D-5x^K0f*dIPXzaT)^>6B zi2I=phq_i|yDI;Z+S(pGZ@~*f8D*K=E~^zMqD5PIq(enjGE374+5Aif>S~jGuIwPlE;i;tLb9`Ae6oD1b zpvZ0r0!O(s1m9;?r_9&QQyYw?B^Nq5OMJ{=Wp?;~GPgAtZ?-+AvPM6FNS!rU%1^*~ z<1Wz=!?iluX56HvMg-|C6`R3+Gsh8{^5g1Ol@7*4$_a6B? zf&Q*1YeUM4p)?EVOBeOx<~$U)ZLP~~R{d;DJ_$(E-tRs3Vf!+Fnp~)v6qHFxl+0mq z=jP!nK^k!vDdhjQ2s>AyMk9?k z+QfI;HBO%*$S!nuGTq9)yn>}2Jt4Z9?r&#g2p;L>KmU|q4w{Rs2QcDKP+S?TCPQdJ zU97$}L^--xt(;-h(v}+QVMJOjIfy7K)6>&H1?>-y-Dio`{QrUr+TgiSM*nJtSR#kAO%$~egfT6fn&%AqZnTugKr4TBtIYNYXS9IsPJO#n0^ z#tZipyvyhSg4^?ajj23d^|WWiqU8&9{9|MV0YrmrXQQ&eAD-zL%2=*)rEtxazfG!t zbN!b8l8??@QB!nBp?UPH_2!m!U;Oz5SC!Q8oWg2hgpu0xgiSp7_?#dWIs!RXBIVJY z?Rs+zQ{5CFbM8{t`7Bpf>9(3Q7woMht4Yhquh=C=7yF%vAO^9pmo;@EebBi{(N;?q zKiFI*pW*XiWcT+LimevMmDgLqXE#C0<*mCt?c>>nOZJvoV)SO~{Z%MIyXSGVN$|lg zo7GJC$c$FUk=>mYdqcX>q#5o%E7EV;8;~76Z}Ak;ea=6tFAtD-<$2WahKO%AjY2gR zS}($g29P4}W^qeUm-(0VvVN%=FalhUy;qsyo^RfyM}Foi3eVg&H+NdpCU0gIpLLD} zxBLv&5fY#(W0S8MF_EI5X*MXnwy%`d>vB^(QUjGo!+_34k{@r|Cn3r%_@t}esBdZ@-Z6H@497IDH>Ws!%Ee~BpvQrjn% z?#Riz2_aw{hZx4XbZ!O6+$2*~mlTGnpe(Y5<}8~(uK7KM26MLm z-bJaB0C}(o`I<~1KpR^MuLV<{Ul5m!>por$yu;N( zgpAGn))fN~-^R&<=4=Y^1|P|iInX7PuSF>37{?=plwjB8Iy9BbT1N8xuBqF!FPYFg zaSpzl_H(7r)x+&`c<|p;&Et^urKgP8H`bz0_)@Myj2)(ynA0$7nvYoC@OlLw@~LrJ zRiiwDM$VO@5^{;SK|0OYUb#G6j%_HjiCzh-@D%7b0Y6~4l;rNHnkH+ZZbR^4mf~)2 za?Fx$C*|u#UKB8nfp48MBIO~vj}Gl}H|Wq5Kth0TUq*Z#j@m!Lo zD2VZw2Lw2j4+tR8b0V~Y{2l3<&_oM0p?+BT_*U1Krh?B^#4C zB|g5NzvBizH8rC_@Yb+%WPY}0jen1*TpiyTpA>ZgwKPI;3k*}YOBb-G?;CcX0e7>e?%xoALGKI2` z5SQb{iNxH2Vip*C+u#kX!Hp+bR~k$aP8x~*;2DSQST&u2cTy7{Det+5Dht)>*3RYo?;;}eu{V=-xlwdbU>2e=+zVxeI1HReMyVraL*{HY z#NcA{9rgk?RWR~e7#8x@{~Y=z2oY~^>kXbY_AAsYMX?W@0R=-oI=hZKGxShABE(J> z+qM|pY&rO-19c!YE$n`~ZT)%`(6%r|4meuZ15n2}369W6)H zkvoi-d+5TXTYI8N=&LtL-ko{g9#PCKGXYQ79Kf%8x^Tq(fiw2YFkUzn`I@xY?b>5k zr4^s37WJA`bMIyE5jL0PCOhy3{yr)!Z({B^kHN^i(7swV@<<`ekfD>&VdX_{@)OYz zz8f6C|En>);l`lS2NvfqCCM`6mH8FU@pC1~3B1KFkOjHU~G1HL0JWw!!52`n*)4N~OD+`=|PG7u$DF6zy%oddj(TQ~{j2cHKt zszdX76zwfxJkeZn%A2ipZ!x*h&glZ&GsrKmS^XOiSeIS6Pv*$uxZxplCP+HF(Y#!P zm2JeA70i)2g)zc?*}^`hd$3>sX2&iiVyvG5TYru2RSpgCd7jRppBFJ1T6c>7RE@mO zo>OmB;`EVl-Wd}U9PqrjWVvpsT%D%Ux9&u$T!kAD@`U7~e;C{Ictn5T5f81F-b~Lh z#J%Zkx2rX>{}tS8b;D@n)CCZCVi$3q>ud|3>42J&-%NYY?sZZ}E3%E#D~K@yX~iJD zoa>VZ!ou&Iq`$K5K>#$kH;VyCwdphBt!2{v;v`j~=!YaN6yg_cwAIFq$klRxuFlNF zQGm&1JeR=&;wkJ^$gpyrbh4yrPbuQ|j|1?C%6q$>Ivd)7Avn$G?KEJSjr>*z#r$eX zQS5=Xp;EIAytONq?pq)XU0zEE)N=gU2r|?lP)KE6Q?>qpu418QPpwLzfH90fJRsh| zew2|Q0ECPC#ur?}o4XxxH^k<}pfiZRgRa>HyJL$2ZNv55OC8;NAWlLFs(Jasq=hBw zYjRajs8Bo*5xRqOYLZ5Y`1d^m{z*hgF%TPM@Yu^onx`jymU%w&T_UoBXA)TVn76!l zdM|!@f4$t#jC^`OtGJ?&)tTL@SonKI{YCMnIlsz)g;8_irO11XEwkb%9>vo!hdytx zDJ5Kim=+Fme%W~S@0?Jxe0gHiOl&o$nc39B7Urw>~L6lFoQ|!hF^m5EmSgk{@RuP(6f~p zUhCD6PhTyx6;E0`ACJ7NyOAJiO?7unyzRFlaL^Q-wCo~%DKp#&A;D7|-kfB+)qXi# zSBKjI=xVzlXtj2^+EYH=Yg?UwI0CJ7_^V{DSO>TiIqeUVzEa1AVyYu_&es@Cb^GJ( zmJ9X?>%LlXyk9EmtkW`zn+_dnPO!|t0;u29wU(@622kE;}|m?tuFBpu2x7elWP!NW+6YqzIW zd<|5xi?9pI>Vx+%qWB75^TwwqI2D-)_paBVmgeD5;3GQ!k_Da-P?OYDBVTS>bgMTl ziYZe>xy*YdgSPdQ&G=_@IdK=|-?CUOGw!h=9NVqC1rp{C9iG(NGT56bjfv;>920^2 zLeB^9l&+i16-zG<6sE;fn2kdpQHex@A04I2cQ`&Z%{SMWyQM*PVMOB`z5desb9Ftv zbugRy*b*&?E3|n1klgXo-sI_nm6M4l+7Bl2AnNI*{@M_6`+l87%)ocD=xxAyVL8X~ z3aatA`BNJ12U<~nOF6oDA_5fMq@A_1K+TY#&>OKLEXP$#YO+ErvP&9aJ#0oZxENE_TMSNU2g?RdrF?H=79T!6h zh$meYq!;I)Y6WvZ2tC6Sr4?a5MW7^n1RDEgW7v%9m89v50X=MQ$%d-pap zfFf(w0ZzT7xr!CdDRsTs{+D%}0R){zD35I@Z7=kfh%hr^{k1}Ay094aQjG9*kkrq8 zGRvCI=4^4fc7xaa&&{~Z9APa@KIiK#jWX$o&5`qq`sm;Fh0XLn*CTt+6aS2CoIE^| zaLoqBoG36RiW0%}hjts0gM075@T=GGwI&*6@O@S{XXz`w;9ETK8k!Wu zq+J@M4&xd!qUcfz_aD^Q%_+*5GMc2dX9k5K=%vN{mre2pyagjaHJWQ!nnu^CClc(A?}HhkjtJY`?QW%N|PrDc{$zcBs_(xxKDphGYcZZG1vYpaKd z?6+cH1(=a9nW^*o0ve|ArstrAC>pjT$FxW*C3&L+wO5Gg#fxTA|l2&Z+DJv@8V${Depl4`ZC=j+yhXd;<0I%H`% za4-D*HYHoabS@gRJ@rd$&rcSqS+gmfsEga>3S7$IIuX^$9crpp&QqJT;gy`T*vBgu zC#I;!7qIi(BDofeU}%RA2Mm?n0wt(i*;|winFNX#GSDnj6I#*?nb2s{0 zSP))4KJ5w2avMK(JcBHX7vjWV1gcxHS~mTQ{pxn3TY~_ofk3+a1`j5~M+?M(gTIW% zM=NGkoO9Gl-$Z+sA^QucFu&a54;ykNMducq7NPY)0Q(Dc=WHs3JH|{jqY*y>?CxiK zFO2RE=dn3Lnp;JT@cqvRWs}j z{pyAO3VI80qI&&BWKc%34Q$F0`(c3Yj{9ep+liluK|Q_)HMRi2d#8-vhB^HBvooP+ z@)<{TBMrV{a8T1Q8*R0dkmTgYjHe?ZH<@{!3-c3VI z;fx*3Kg*?8pD#0TC0QW_P%A&kaq;$DF~^q{k*vZLKrF-urA_33Dy`R-4x^ylTAQNr=%5)n`w3Lzo`b_ z-g&_7K*BYMPXRp2J3Bf3qUdVK*JbBD&sP4G96@!R#V+Lx{;aiU=D1-T-e*3~Q7xyF z-sm#ivSwp&nK@U2ZKcg~sZ*@V-MAdJkX{F49>%y3IU*JC0lG`^A&OPBNBJNiwQ7G< z6qH9E0K_}Bwn9G7<@=}L0I^mYqoi8jN+V4MlyN7v`r0Apc`Mi7*PIf*CT`$@U1hqF za@H!8j}7$D5erYef#w_$fs>8>;ke^k|ApsUeg`V+=Bqf_@RpmBH_s!Lk&N)&g026$ zJ?6+ELSD?&Tf-&-#&Y5B#7c=x%c^2|!deKK(S8V6vQ)9$SpAF%v{S|%GIh?VCh4b{ zy#TY=AT$WF($09Ve5I78KbIG+=UirG_lf^#toMb9s{l)vy3r+)t0vEKih%u0xk~93 z)DdXeyHfioquATrcqz#14t}e;WM7URTqBc__t&A$v}QVlmvCsv4An!H!O>A!9R0pz zD&N&@P^lpd*Rp!eiC8Fg7oUYJgj#QN=CHR@ui+^_uRcG6tx0DN!_xf?!X(qKDUOOp9)KxGg-S|u!D~u-Ygrr zN2k6h+mt)qHOskzgRFJgXz}`Z@0Xo~cKu~7ULX6xvA$mK=8n0+i2f-qA$H(3L16AU zeEz&`cqM<6TYn;cE*Gd0c?AV zDTqp&wiqu&waeDa%lN(^!wh@0f%7iP$vUY%-q5Cf?;3-pg5$P<=spq`BxH8o(AWJ) zLJtxSJOor7e3lv#<2i0qr@DGE*l#UFYaXjwCP$6O7qhUU<>JAGyp| zJWAY3)Io#!ARApp4t*-A24856_!JmY*zMu7MiV#wJvgty=7JxcZIftDb!Y5_`Q#OZ ze^r26EjZ403xeWumd7rmngu96PA(#shOvihfhT15IRyFj+K~BxL3Opr?C63BLfLL_ zea(Ni3*i!rs$Z;|+Be-;@cC@yx&9>$B^cvVu_O(<^lVSRK!bhrM>QuBQVa^Jg>!ht zn-xsK5Y@f9@ERlb%_#JFL*B-Q-gF-b95HHp-@!HZRvbvp4WXZ~Bj7qK5YVoxW0HGckO?wRwbp}#^L{7(LGJH8`x zHJ7vnWd61%40N`t{3~ZnrkJ@9{gnhaz>$t1WJ_ zkT7nWD0R!dEgnximozufip%$ts0}8YEOwwNs>jD)wqSjfW4ArK=WCoKc$yMtw>@yB zXPj_`e=vah6|vZc2$d2Av9BxffW;!#LgjL+x7z=F%p75ufh3N|Tu-3-I0P--jxR{V zZ(F1X^8Br7wFdF$t;Z07Y9U3)i<+e9+3RG+KaTf{&=4VfEa~bgyH-}`|(HN(RS~Ej9X$xTNcKR08;`7(Zo(u79R&b zoME(cy5jzy=rk>;Kxfpy_$H%_Yf^z&9}*m*MrT$lm7rYW&}ezsrToQ6l!COG6Oe=# z4$h(DCGqGb68S?mh+W);%9s&lCr>1{#L5IIuVYt62hTBv{gaTC!(s8z0VqhW$uwCw z{u|ng7?v1o!Bf5*CGYYD>#Lys_%jYJS*s?ePvE30qMjgrVwf*S>FwDxS)AxOx70OL zWswMZpYWbVRihV*QS$9Qs-^S4#_Eozte8^8B-yN+t5P~+rv0Z8BYM+8n-vQSjr!)` z+6Dp0J^GE`26GN0`!*URyUOWP)bL{QGa=bEcK;6H)}uVK$BGtkp&JkOMRhiFcqtEp zw*Oq*>F`ab<=D%9&#&e!m9Zwk7mG)(?vsDL=X?`p`S<=OEdJ5e{QxWr7Q}he0Fn0* z2o&^3rwatMf#+ECU%Qz~koPV7#SIDvM)qSu0D=6+{%<{|si9%_?KK}LsLG&k?l=D= zuOPB&FBDK(2>8U0UekL9w2Z(I4QQ4{r)~8=Eo3z#uDw~>B^_P&OTTppF}(fOezniw z%Il;jtimEb+tl0ySmovXG!#n|^STXa^z!^ind9T!KPb7RWqt3iDCQ|iy~n0r!3Ejn zzCF!LYwap==UJdnxCL=3zNQGRsm4y;t}6Moc%+`={Rc@e z9CFyG@G=(YB=q=qUpSR@z-FhVi4fd4B|Y75ZVW1_Y~BbHRreDv3SDdi0T!5}4;vON z(XgbqTTFUwmwjxsvn*7?1o+0l3IuM_J6hfe`n{2 zz3!etq(fJ$+J@E@({r}M5avPU?dI#)2gw)8x0obF5*h_mhp1NLV3o0$eO9YZCslXq zyv$VbpZP!7V^jxicfhZWUUFYWoYG3gZOkfdWg&|PmX6My?Mi%*0Ys!0Q0;+2hO}wG z7=g})l&z5Z0St=%+z*BzX*gzq;6~V*`0N1yBScQDtKixljUti&Ea|ZEf*1=3?WpDa z>=P*NSesptR@Ryj+&%VI9)h5eJ#06ot)S;U)EDONP=h@Ne6q@AZYyq`@+oOV19{HKAYfv$nffo(PktNiLYgg-Nl3hh88+H3eAb12dr)K1Xu;g>?pYI(GKF?CUv(PFJ>f(8Do?EN6Pn# zWM)NTrVa%}* zlP%)3Ss~;kRpusH5$U8S=FS>{0a85kIZmium~zOMSbC^kyTf)9t?(NdHju7VCn420o*W`Eg?&Mv=`UyQNn(ZuH7dw%zx2tyhJOC!N7I2N$e8_ z7M+cbDdT~U&0*B3fuzuRNLr%jD}2u5aN_@HNm=9Y{^&kOEzaHOERGjb1{XpDyT|(L z$+Lma-r7;q)A4>OrK^F2&!+cCO(DUZW}d=@F55*>yiOt)O@{pm531exi2l42MoqO& z;oOzh5HF5{Qn9SbaHo+K)CKGa*NLuDU4VshkAOcajokn*fHA` zHaN~`?m6}rHI8z(sJof25A_pK02OCvA zGov+C@g^yXazQ#A(SMy_j$yM7+FMxkSTZI{TpFOQm$?&OrVA;Ww)lg16-nLk_Vfr# zhOI}lNpjQh(0>X(FjONXndN!<{rkgbdCRF;S5x7kye3uXmM3jOK+z$Z#TK^svqX5{L6 zRW2&s-SRfq?RMMka^a$`V&O+?zqz}&v!Y+zGbxFMOz4zCB!mtR|38kp?+?`MI%kp? zsuHnq+tZc7wk2(en;oL`4(HOT$tgLF);@EA;7f2xN&s*vrzHgrq`H8V5+ywb&rDz` z3;6ilar3pmCE#TW{GZOUow0WI0Ox?J^GlAnXaZDnm)GZ|%1iZUBr6(?eb&mmdA4+D zhrABRJ~HK=w0qznR=HG&|wINN_}|*e<^vLcnT_ zmLVH1PGo?I#?a72dYa2k^95+J5G_+Cs)5F70-zmQXs6N79)XoYxS&^$x`H5ge{9Dn zkbB%w+XQkiB3&&Y7aEvmDv zfob1$0bmC z9sj+xjxrcR3Z!IEqRKd*IOdukz40MVm_Yk`w%_)=cnaozW?wck!=K2j7mj}x5jbT{p6PjW+-wEvS?%wYBN6d^1OkfhlXOV*i{IYEm1U7 zittMmsOyZ8SB5_1t&%q_i{q>~X#=VnVDKwX$%5k5Xl`CKY?^!;)&)1>iU#+qDS6FC^gD^YYKD0`nSravel5&O;*v^rjq;?H z(j#!m%BGFpal30O03<6mu3pWK>lYR~i*SCd(TKIOE3clSV_oPSO4CCe_;he}2ZBBB z}N{Xl0))Vlp5I`D{!(K0SsZBCJ^QlzC7y zo*cc$i4^%;`I93wWn~4L%;ta3-rN@!rYN>-CQ3}^$-q*j^BK2)UlD1b0h(*+g07`} zjW2`dRi2ZyO{du-SozqC0_Vt7hjjN+C28Oonjo#tBu4&B1s4ZIx(qRy>0|RtH<>Kf zIhh+KL)iVL8gQOIfP0GQmIrY>$}>>L_4^6Bb{YGuN$&EEIu$)VbU9Cp#13SD*8TNv)pPcKC`lQIhgR&W0Kq8SZ3GcefoNcr<(x_S&<|gHZ1bvEy*s|2Rf_akHH37l?enLhFKjWeT734^NO)4x`pF?CBb%>Eix9ed zUlrwIkWeWG2AVg>oc>)>D}yj>nd?b(j$V><44T&uK7z7%jO1L;%{4aq=SizpDIDIQdRcc%td7)(g~LWZ%5E z+}bGYuA0c0Wjvi{o{~4YP~DV#T8Fz;lxH-BvgXQozuEV3`IiM(#hYt8c&gFaZWF~p_~dvFz_o6gT7@#j$S%G2K3Z4_2pQ?h-1RD5D#_?` zZ{A0_Iru;0{$PYz5-)h?E~THH`wi?ktFsQBGpOHA)isF1YrOU3UX_2oP#Z#Jo0_$> z{a>=T*9GYZhSt(pE2_&UG8N>=YAR0@L5S(oPQPx(!zvJc6FG1>|{nsE{HJ2-d zOO5c9+M!W=cod6@W10M5U$)Ov8h~@sEZ2g4nsnDP1~Rf`Izi_PcxW^rmwC#JYCkTc z^EE!&X;o(Ms|L}jvANc>`KmAs=oZ}+Zreuy#?3R(Gix%lO zaP`jtCha~8zv5c)y>s7&PH6K<`$4tWM#JH7O?1leb(ze+Xi$dDmbG@SLStODUzV43 z%x7d5zG`a^|XR&a0DKx9Y!AG!UqQWwV~r-MPM zp-$8~4dEBdLOQ0*+|itdonE!vD9sXmtvX9h6R?~YpP2y$kO#KKYDl=Jm9T~J^;yYy zxtyNrqFVcO{WmS*Xt`sFENn)tPJI%qsS?#w=)xVRAB=vYAw!)qif1}KjU^bD#PV+j z(&q+kvY((~-Z6?Q4dm$SaM+4coZFXX^TlEDRF>(O`^+%}bFKPPuLNgbl4R{dxH@@_ za*i?gfQG=A+AZEcLWN@%I}RAOwWT87-uB6MMb;iD2QJY%ESm2!=Xd9^nOvv8ZC|xr zojWL4ZH?EuDK?+*;jf>dkzq=#WU^+BVx$EqWEI5--)sEQJ!VZ zK;?XW(6o;vE2r-|qCT|qggY>`l`~O`0jNbc(Jgf2`qw>E2+*a@!!$o|3JK?yrbiaS z1owR{k8)tAbPK*)(5j5HO%T_irFC82Pal8!WZOZspxoH=;_8x+3hzg5JDEI6_BO|n>t{;%jg&nNU!qE)^VoG{Z<_>B|h_Zht^Ly3DBOBD4n& z%A!IL>RlI|?6AzOZ!piFUy1 z$(lq5K8*iUpM7ytqhrYzzCvS2)c|UDxZg<#5qP2O35Fv^-8z8b|vyKEr`B za&v6J-&=NLxo%2)%CJUB(D!ZQQisLFApl_h=ZsyoJ(YA&nztMsOWQ7g<7G)OM4Xm*t zKdZ;y07J6;Aqm?5*ciND+)|cpE=*WGV;?nnVP~@GPXyHTUWV)PRX(#xRanP{$7U8c zyL~!?!6$Jy$4Ex#T&NNVFt#z0OIUL?M`3m-d6Z{Pd^t1Gz=8|{k<1g}=yWlTc;8z$ zNvyPpxI{+r;ZnvNBZp=bNaVqo5X3v~TG7_K4#2?(e7Js6)Vd_N%uMk;WH296eCA~Z zORS{m4lfS8y*?-05W(iwV9~7Hn&I`4!fSItOSHFwzntyT0hDjm@)G^;KJD*~%V+!0 zDLgfsyP~ABw_ZQA`D-`Iz4T-KP#`)ev-F#;JTlD49eZ`x@`wgc&W!1aSoqUJ> ze%`srZV>E_iNh-xDN6TqWTE&T?`x~DFqo_H@W8Eie$?ihHpBS!_bOiFR4<1ee zQ`-2%<+N`h{d$zU4Qb6$^?nt}$wJyU%ZLAE$O` zidf%Gy!VcwDCF^i3OP3r;K>w>re ztzH-?WXm|#9Q18@85#VRtY(J`1u)e-lE?j?Nir&7b=v)Px>@L47%+ZBqC_WzpIVD% zKPF~h{|fyDACgMkMQkza#Rd2i(217_9YKaPeTyPjor-e`nk!1gIEXX^IrNk7Knegvv2Q%qD4k$nGKZ))@At9Nvs32O!^HVHhlLmsJ z?E%nu-v0nS^~GLe2HKI4fTEX24A!bJ}@!T&%~J(PK9yBpIBRD-70crunvy|>iL zVT%anjlwICqZblKqEUqc6;kLN^+U}@UP43H9E+N z2T}|&o_nNlWi18PT_GfGe!K@;kzN7I)U}=(MU1NG8XCyuvE#kzL{q*!$(K^Z8bV_V z4V4Tq4TBVj@{2Wt({wY?BbJ+2yn)|5flAByl<`aRFt!x%CnlsE6xex@Ny|2~KPm7J z!U;jNJtPC*#p6J0`omo0B>E&4x%GPEyyqW-j)up6B{nj`AVQmx4DIUw1^vH0^}lHS z!weB6))jl)D1TCnLCVqP7^GPG1Q-tfzwKG6tMTN$0rcsMr)>419lw12M@g{tQQ{xy zNB0N4t>BC6DYR25hIvtp_&?mk2ZMp0kv|e_578%cZMz#rdTu8Yr7jNy5RR*d39sU~ zdqOaX8#+gCJ#u9}GXKq4B+Y}8uo^7AV>n0Q2QU!d+TM9<`?d5n`2}S9d)(Uj4fXoD zJSYb|>Uu$KZ?L7u7UmB^aWjPUEc&*oC}6N6L1|$VF!#Fb6A)Z7`7(oXkxYKR zr(T+qwck&_KtL}>ZnJ8|GDkPRVz|^XEI^86;KwZ7Z=7#FH{<}#`UkLN z&=&?X^38mD(4rTnK75{q&%g-6BIgF~?fm;5I4sBS%Dyhn4(!4UMRkP%UKj)m-D*y| z&(CegwFt!)dzvdX#pSX~1aHxF#Tf1{oEd;P@`{Q|xLlI^MObX)Jcas(Yh0I>=CVqC z=wVy3{}{eUgoln2@n^qP{cts(vPRuUr0r(Q^iIeB{-IiaS&2v|wJ~TgleST{H8Mo4gi5eYyA{hXqI9>;7n5h7~`kLO;n`=47#dnXGd2uy-XE<%Om8H zYxE*uk2f;FD~u}46BJ1KOypmi@RunR{5EoaEsF=$+3JeRZfZ>Q3t6z*%b9DBG)mEyd(Yw`nIG7*(SL5C*CB$mch%9k;o$ zY3$~;jk5W59;=ZHE9gC?W%N#1#^so0^v<$UdXHHFUB$vgq6wQTA`-gBOjis8y9#iNOO@33j1yqWfd1sSUX*)*}TI_*1f$#Fqmu z##YZ!ctsqB;Uy70R$&tfMfNaLSzce^0IUwtU)<_3|2dwvlP2T$RF4=UMnHm67nQ2*;;MbgHeL z+VDl#8~ft9LL#e2#(2MVWPBM{l*ikfT$%GzTyx6}?gs&|%Ncxy%hhel@54!plxc36 z@k)FuF-FRt4*n=VhLdS1y{qZUuPYx-q%0#b_)4d<2b7DKtoC7X^(PxX*$Dm>M>;r& z>PH&~yx-Uk+Q3~~*an~uriscjaySgBmPzhBP|rYqLcs36SizVFbLWnE81r3-1}ZOn z@=4|SXb^1bi!@kyo~ajIsP~P2ShA+k55P~0%QE@5-rwSb$l~gilUW81F0Lq%yJ=b% zIiq?|Em03f(}^BE#a$w=(DEf>lZ*@vDd7vE3bZ0B5Df|PNOF@{!Uxrh`C^GlPT~y- ziUa|3O9KM_kP?V2GfBjJZAG!%P0@RZ=~14eRcDZ0TAI5!A5^c-m{8~7X9NlVK6N|= z+v?eaj)QjouoAGRWo6TbwU&3AWW)Le0VdCu)qFkxtyRQOZDPXHR>9#eoUtcxM@$9UXs zhGfO+BxoyhvEUk;d_pKJ|EvaqVFI$kAp$zsj&iPz2ZePiZqUKyP)AU*-v5}%RXEfp zsf&{rcy}-00FX{nC=`a&Dq$EciI_d2uu3foK@pX0V$f}TK1^p~ve__`JhZ`#mzP|m z7qm2Y0@u&Wx3H{rxfyM#$>eMtC}{>&vbVA-FiVDT+H<{VtQTrWWb$bV^=RuMHgX7^ zP(KX>=cpTm-Y9Q=)n}e<6AS&8VlC8UW{DcmrB)V$(#K|sHE=g8I6O%}@EZ71ZUIa0 zr+gG>(k!ZX8@Z;eGyM&ITsj%ocJz~2Qb@|98~`@&G^uCWFXcaT;U%gSs=mw06-vO` zEoop)HdIL_AC_@tVC`;+Nm1(koSCLhL4{p;spd3iJ}_L-2*8lRo92%pye<~HSSK7TtCH~-s&A|n3Z zTHv{@y#1}6*mmny)!u7tz`?LCZ}}_kAQA7$#c7G@_n$vZS$0G=W4L7oQFK#4N*V_g z7{&kv<|`QPHm#>?+b)hW)8j*P@JNs~E=HcmOdI${Z%DPV- zY29i0b6DE#tn7Q~d3R_Wi3N=Of^&l{X;8KeL*Muvhl@5(U+u&)jXJCTlvEo3#UYUU zs3Q;@ics;nG5~$SM(B`JDuWydgUv>mESXe-=A92EOQgxr?v+ZCL9M^PVr5ym`IOuQ ze_?-7F<@*jzaZ%UY{?=;UND(2A|z75|4iop1t8c~?P^cT-Ze!CZnMq(F zkM4y3#0%|grc2@}DtAzp`^AYqvb%Pdco%RHNA5qI*t7tkXuD3euoXC@!nu+ECL z+N3nXv-8U&<;a3{2-bo~!SUFsQMz4m0NO#G&7w0{bIAE~SPVLAHa>qPg|;%Eypl#) z3BX3?hk~Ric{v!KbKubVd&82^!;e)In88?-p_Q?6|GyJ!O@w?m5;P4@3eOpnpk;>*WH0U(s*8h4wHLHYD zJ+y2cB`*wnl$KSR79CQy9`u~Xb^U)kEqyM(lO;89ag+W#^J@#RG6UEYR*p~t$cgjg z@qXO%xZt8Q=cnxKpK@xqkwxJ8#jML&S(gYMZnpk4nNXS8KLJP~-ppie5=$1bn2RMj zaoAi?vx8i0sxcg5N5%-7)xNh+$atasg_jvw-(hp_gMpt%Kf05Zk-3pkDZ?U+N+J}5 z(yw?rr~?4bIP*u+-{c|4(%ROM5~#`<4l%H_CSpR6r8SXQ){sJwrL`@Qx`m}R@!9S} z_k}8$t!x}f^sBsQ7)WL-0$+in*^0obOqq3n%vLr8j)8x(6@hCoS{TxL%;Y0S5~_RI zjb7|A=OJOu-e4~C%2^aumioJDilI;RpAFRT4o($=QE-pR$AvPPI_O6aIv zXUQ=+A*bl9UHZv6xgeM1id>T$a!c;WJ$WFHjCVu4apZ>r5=Pdw_UXBIU!M;2`n26H<0D!YVUiLD1GV(J=0y;UO#7gW$ zu&6f1B$VA1I`GaKM-+(l>$Un-oTZo8N2P)u2!&?Gk1qjoD zPT+z&L7|32r}#(Y2I*hazkEq(UVdW+ky{>&I`xt4SDScFJR+aP58xoa04mRGL;MYz za)E(5XBE2n&;6h6+rI`&jyMQQ$r|nTe|&h^pLapUSAnn;sTR z`0p|AWj_;*7sG##?k9x&urZls!*#ymRkX2+*F zA{Iz|b=7MlBL`aHdXN&S-%b#lKLh+5xli#ZhrcMbozYy!@luPRAVRLO%gKi-}@QUudD@ z1r;}7OMI1SbzcdlrHl-^5f%AJO^oowF*g)NMvdX%1MkK2Z;o?)J zMGOf1Ov&n|2@!x(f-gpl*C-uen<%4@4wFcERVq+zG8;dEIs!FdY+jHNBG4HXDCeVL z7GqPcgj}NnD&;iqpT|513pcT0k_aJ4*$DZ;lMYhZ+fOinip+b~bR#t~D;SW<$K0lb zeXbt{V3crUA;-0+^87~-8zRC&i9x~5$_#ejnfDaQLwxRb(5cQY$FOc^9gRMn^Ly0kDVU>w=d8!-^-~~VqAYsl9U?%?qgn}40 zK#>+@15_Gf%>XH(pbs|*E2a_RXhxPE43jSwWj3PBwiStpuy7&?w^T%>Mm1VhtHmJ$ z#_H51no~ZBU5lvcc4#YPq!2YB#Z-S3U1LgxzbT_9^F+8w9;0ZsvMd~=IA((`^+^1p zlP7lQ;TE=P)dCduh-l7|`g1@)72QQBxnQ6h#A68jfEBLy`hGZQa0Up-T^*0U?&!n{XyWu#mdDZ}m5poS}waEkiT?GkN? z_vDhdh=t6awpm1z+FqhA$uYu(2(gsPNZEVMM=4t}cB)fUqYc{ND0#@;QFt!0;utU3e!|WoQUWp;<=2Wj(*ot?dh>lh2M$2t!}u_X$1DKbLigJM literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.eot b/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.eot new file mode 100644 index 0000000000000000000000000000000000000000..86925676449bd5d0fe2f11bcae5311bca7c00dc2 GIT binary patch literal 14950 zcmaibRa6|oy7df$yA1B`1h)Xe-Q6v?yCuLdxVzinPO#u1xVyW%LkIyv!p%ABu7BOP zzk7AXxWa>(dS3k!#^CAYKPVE~^3bBR^i8J&f>Y&Rq~)WZW^)=!(DvI(~qUsh^1t`$y3wu*rWuJobPdB{*CKnU9LwO^z%`|o~Jb~tFNoWG#D-|Ws2V=Wm z(k(hxW#2l;HO9RuuHm@HDm^43IX}`6sT@0*uhxczG@wNx|6ZP*{5BubTyj{iSavtN zfY+D;LRf9Ec0n9QUo5X~1JB_t;R@oPvlvR4qgm0j#WYEyWTT6SShNEw&V$~b3bPJ< zfaO68V;F{6RJ-3GkxW=BZ7FuGI$>pdfmENusBc}XO(pFotYcvcX^LZSE`N}v<_O?% zp+9*H0CFNpN-B~;@IC>^mZ_CDU@h2#QXqKJTe3n)g2|jKM<4D`FODlG;ql8?7mj`u zmK@0vR_t;Djq*=+evS#g6nmo3R0%M@7b+)dusSN~mu3HOgQEZ}ZO4BcVS$ImPV7(v2ZgNPKE ztII|DGx{!T`zHIP%3^7NkGoU#Gr(%B&Vinmq;q534}MC|=0al0&4mh$dg0;WdgJG)>H ztg)Q%!8NXXwSv@*XB?RpeC29fjlL{H!&4dO^}Hm?d8h`1I<`0YiV{1lRW~Zpit=j2 zInCgs3QiHm&1!tzq99ra&auK=4a18N+E=oDoIGy~&u`*E#?=jP;8!{9_rjEhE|$+ zjUeK~{*9lxiMsTr{L;Lmskuwg{6c)y5JiJo%RU&nGP;`otfSMaEy3G1=W+Kb$_kT# zx`DZ<(jMLSh>=1Xv?<0o)(i-qiXiB-B#kKOTnL%S_krfCxyOo{JZKM;LNRc-+^Ula z(Yk_t(_tD)7_iPmvOeILNTS}p6bEn@&|Rf<-^wbs{F!b5*r!q{n8dw;rTWy5t@=pd zARx}zdDuk#m2C`3&|On~D2hIAMBrGHlJ_=6!Tgt6%{$R~jzweJ_4|r2L9=+s3tYAv zpS6O99+R-r!r!FkQW${egQynaSJ^N@SlyZ8G!j>a7oeD`YM$)$>X#%z#qZFLWbKOT zT0u@5dJP^Np2fM~glTR}T5&#mY5)-A7LP1AgqM}ekKJ1Z z$!p)IXA9$H>@~t+AtN+Q0K!Cgl8}{(F6`#Gbd*WNE*_hV#Q7D^~T>A4Q*zP9GvLt>3s& zp9A-7TFvK1iwZ+A^h2j?Ptfi@pLeq+*C^~(#{p?ux3sIZJ4h7Hzm!b-Q?ExZ1p-7| zkgaE-QmaFuycX-`>WPSm9>#YI{yB?=An!&*Gaw1`DrTB_&qVf8VOp!U-m zM*=eB5oIP!vcl(-esugw#Ow(5`ywX_g7Iu7Cwqk6?8PF2X4A^A`#upE$qV^X;M@yY+721KPp*5{0+dCXL zY`v_x*dWq%2XtZz%GKQjb@OsV5JCuyQ&T(w4a;Y+t&AF-ND^Q^nutzJd7I4IgUhHi zPEFiLGtfY1JUw4`JS0Fmw3s|7K~_ZL%FCo+(jR)F8n3!9Uuw~4G4PQk*HSyzGIXl3 zr+m~;6InuEW-3S_9RTa?E`joD1kp&B8dg`N)szX$xRg@Y(qPe}q0C|*-m>_j$s_ud zhkNu^XEErBm1o_e;=*&fw|Ls^D#4=~-!gB*ek3iU6-gn@f4G&HYr~zUCjw;7FluU0 z=~57a4g9}8l-XTZ9c_O44NHQcp7vb`Kj~ojA!58MkD$0z;M%PLqtG|b{0zu5)fuip z>8X-sEh^fph^sRK#&k^}P7naAEsAlsMNxQVBKv8Q`rj5+E@)hc)=ErMu{p&{6gd;? z5*AV|5H{LNwqvVhYyRjj3;pelAOwJc*mF_xNmcH|47;9NS;94gs>5l+io){zAlZ;P zh4jU*+*TO4_((HmXm2dZ@@2nd-=TyXq9`5a%EeXK5iqAO9_S(Q8ak@5} zkMqo&{+gi73m#H&4+}YxIEZ+7quQDJ8cc)FK|avIzpcKz{J~5%8?pf_Lu(I)VVp`c zD2Cl1j&ma{B);2K9z5Ks#!aF3T3)2Cv%EDx+vHU1!sEe$U?kj*N!VG|K@h=to< zFtbK1rK+MR-_?c;C;J;WJk4`5>A9B_ne?+D<1@|P4pGjDs&Ufq1;!aIMt;O(xF?zdYDa)1C|zQ+?K10 z7TuYlu6|NEd1)V@rzPFgofRR7bEIE7z>X;Y`_n=yf?I*wVKx# z-GGNfLcS9fb$*%Pe856 zfN&=WogYRFqc{J%gbk;IP@_Mwp;ImZniQq&FiT6vDP|yf=bNJhIGG7aNbycB=)Ij6&*FV-!mKLt;oZ;`nybS6}tJOx=nD>P@2>oZ(dPr@=L|!suDm zccmjcVj8?pqPp7?LX>74I$mr*KMl0<`j@gf$QhSg zZ!fhf@Ee4^pmncaGovO($`(#0HwH+KIOKLymzPclC}=kcoj31wl+1Wy2IR1)Y{8@gP19PaZbus=z$* zRi?b&dz#Mg1iA+TVZ#RQc_~9e{b>;%Ca6tM~a{ z?X>d6=v&FYOd^!VN>*%l!+md?RDU~w21+7*7ei-Ve~ZSZ(7vfWQ_7k2E8}n|EsL>r zByYj7vQQZrtjUG@n2?N^o7>EFIB#)}A;11y%j=jQnqD0O?%nNR8s6++xYj~HlUAm z)(bu?|9H*>t~p90vjNE6)>E*Sry5`=MFi)BkV+Sm?HMSe19_kVG1UbN8y%b7$D&2} zSYiM5`6i(a-625$2e^Z!n~>Q1>T3Y z^u4x=CGMYYw{c#3x1aR#%)-rV3IZ=0@SNWnMPg~q2J{X!vU835T4tP>vnF&XuEPiw zex>Y+1DIuWDV!PL$q-q%g%*4lcBe$!bVr+NqHFg|8D=yA2glCP(Az1K|hN1qpX)qrJ%o7|p;Dn)f%=}o@O2$j}N}9waVcxOk?4Pr9 z`Rs|C&r@W-Bj+5Z$@^JpV%gU&9IvTX(3f68Ujxt8vp7$zrA_LbX3%eeN9QtSRbCkK zU5#0f+_E$;10S>Wx4v1*!5K%qEc2|YU>7%eJWPR1s;}-SrCp^xhGu+mxnlp$6G3np zOJG+N-$94eYNM#&IBQZNE=&G7S8$Y*h${k-lcSz=&Sr7&JDW&~rEnVlh(?a@Hfrv% zlYBa~k54FX(7;T(b!p**tSnuAgKL5=hIp?~4z-05O;B3-YMmf_?E_Exd$~CQH4yw1 zn*Ho_H{{Vh-tJ|3vTG|u2~gs zu+FCy6s{TkbpN-niM~mPOHEZwe3ELWyeboD`J$95LnZgl`-MG4#(-IY!bJ~W&#|iH z`VyL)H^+v;cD0YQXPJ~5?V*hwazEyh%hm;?wAU0jH&SO~Cwmxh3;pDHB?NJ!kGjM) z>2~uP76lY^AGppJCCq{OWf857@7|@kIgL*ZDjd`e(0Gs8R$(#RbiXpTZ zDR?2Egyn78>0%PRRiu#T4@#>ie^w;O(J*q0;J`&@HH>~uw*%ZpUq=_|R>H+ugSN&! z@Y@{0D$5YV)&ly!DhSJ&I;kyB?h?3#!%e;5a5_14hn~v%lgcOq?Jx}L(<4k)d&Z0 zSvqa`Xwn-uoYi|Q6cY}wU|4N6Z1cB3Q5qYXLBx*wR`l1k2j{Eh}6eGFeTD_5}w}*nZs^vGkH3w zc@??+bC6Z+1Z&pKeK7? z+ib%hM6-#$P1r=ir}?Q8KVhsW)2ZmFtlB^t<8ogAh|Ci2OjOzGW}-?uAU^gyd^CQK z0XCx<1XkSB;Xo_ZdSsuL8BV6wbAXDOwx>Ph`cf9@RRN!QuE4nu_tE}-A7su9*QGhc zS-{vtF}XJ+E`ORrJ2GZ#J&bC;#fQ%<=wr`LW^*2FmI_ljh|-3eO`nIs8vyYv!24~z z4OsH5I{oQHcYSxtda_h^3HL+dXUB2-G#v=b&HAMYGQ~f<5%auoHc&3BTTMy-qFL?W zM^IO0(cyk01;+ z9umv^d!5t4G&;$=jsTspr0qWcJ$?H;-j{R{gP@o2d$O!<&C+R6L|QiHMu-b7-Z0nU z`{6C^W&xkN9VG_Ij>hP(ch5lgUeiZ8PxRXs!GscLj2t(dAKv>vTu`u{;Wk&}Y{WMb^p6=li@3dgWQW=>fi$VY8BYN;yl2gDhB0t z0qGc?jyxLu;0c+|pPh+Ihm`&bx*!BOl+~SxV8_97P%gpIOOcn{sKHj$E*xr=>4K~P z7MNN=&HYrQEByxC35RwvRji?PgXL|%HRXr0O9qIk3*(n+Vx-<@YWiWi#I50c zmP%mdm=Z3YV_Eg)MC`I)(y+zVzsy1{skcwtqn<42Yq5L2>9=L%SpOpW*`zX= z1J6-2Yf8h{L|WEcksxK3#VU8OXK7BCD-??807vbD+#!h9#6vM zg)q&?ZQQdrY~c++;ub*Y&qY5YRR3XXzR-q7B*|qJR*N!SqVY~3n6wf3N>RKWx3njU)64# zTaUlAXK4F|{2n{PKg5Xf`GD8OKeXS__@rDzT0r&RpXL@dN-rX`KmH;H|C@@lHw6ypa6^<;_OF)wr;%?aGY`C>HZRp zAW83(?tYiy`5Mst!dR=YJ4wq?kS?z7%APxpA0`V)w}r&;q5#CFcsSFjLL%VYQVT6& zw0~+>oKt+OSK3|k^0vUcAat)sT1No#qofX)QnxaVo>N$PNqtP%ll9A+-`3}(?u3y0 zGdZH!<(M2A22Zj{C`nk(O>lRJLxC9q2F!YngYC{DFsfu#XGk;+M|;w7>#9|!=RnS) z9$#e*go*dW-?%hqwDFaP5keCIhQBa$uX!m)9~0J{v0G-p0!{v7d0^9?B5J5QOjZNc z7c9>&1TRv>Rn1V(?uPS0sZ9F7i2b%xI*(Px2(759r=|VE4OOZy{hdN&NGRV z4~axVhdU=pXJ{=UEZ(gpHjR;2Il@<6w+kUN`?+#DdlMDDo5Z=mXAvB5;{ZHTR zGt7Vl*1?rbzRbZ7pbK3@#gR8L!SCDI&Ud>-z@w+2?9UoW*2_b04)Qzal5@LZwq(7Irz&4|Z7jB0yrt#) zZHp~*lZa4+NYL|xL(cWq4JD7dKKlf=(Cl*{wCvY%7C7_UzdpEt*WUgN_*xP7ow&{i z9>IGX87Wq^Mef?o?kGYr&?0z86$^-4QnAyLZn*2NhYC{~VFaftlPq0jk{>q_&iBLM zy~Jy|*fSyB7{tS^EB$;5m*i)x5+BXc8ylSHL``&lljwn++KO7|nd@VR1?i3y23}&` zcgvZVQ4L4TV>HVhn?x5mvlz^{6OnC2$GeQm5`0l3@6vVC;>Cd;?1|+)Gn5-4C+toc ziJPvd^6-MZGgFR?p$kz~qM3uv1u6EA+c@_Y#FMVizDp4RlE6nl;jE3mI_b zJN1PptD9UUXTA23Hb|Vq<+YsO@ERh>Cnrlyam-#~t7rJ5rJEczG1Eo+{>Z#VO~UYjOj_+Mtji;yTMTBF;0V+@sl|nLq z!g~OUfjIe9!o>H~llNEJMHS$M=K^@HnMa9c(F%?unyGwDLc{xE|9!h^t znc2ku(&D+eoL)~(LALQDP#eg zCb~3~XNTg(yWz?1?1~lweL7AFE-esgwUnrs&C0OZx9^o1vPiwOjdhx%zsrdOLGKzj zP1!szZ42;(^LBqfz;$DqSYgK_N`MA$CQjk;clER)9|Y0K#Y_cbX3{+we~<@?OBMIC z!4AH@LT=opyH~x0^10($r#~o6w=}WQJX8~!oO#AYs?pXbDYRemS@Lr9atC2JGbY;7 zeRA6CB^7k&$-*(gvUs+D%wg`v-H|R|P=WX=2+vB&JkA?F!LJ5@U;7pif#RH%L;~9JQm+z$nT0P}$y_=Gs>byDrH^gM+Ouhgvmw zgO_@>k&&?sW&SYw&)*n=N5Yd7%AVrd-xO}LsJC@}bQn!~PG{Bx!?+FOU{SQFk%>=( z-BGn4KC8uryjT5go&{%%(w9dD0HsNh zGn%wDFapTR{TbQcxZJD104m!JRGUcLkwj0@EVamC>dCjVadT$u4wgn#T%dV8{JpnJ zC6g$chu2Z%#8h5B*RU#B?*&TsQd0%iw`gGZEdS42cNbpW42%d757wFFLToQEDGr^H`wsoU7%EXxy&WimGJkQZ%+p>Z7KOj__6|J?@hn&D{uU9j|X^oPuzfb z_L`Im7!_N!;cJu!M7py90# zjb#n8ev;KwxRN2Ba13MJCWi2b4`tp4J|i(Wvs=%7tAj6k;AEc$)PeDqRnN2k5*|f+ zoKVpYh38s!GF@7;dvSV3nL%@;blf!D3{EzG*EsiXHo-F<+x#7pl?hMS31jjeQ)M^3 z{cF67I-BtO-U>qqg)cu>HQ8i~`mwXEv(Io)p_}KGMmmnE-pzZgvk2A_bDeOVbQvXR z2Nv=4I-WZ!pb1AB{jXsbtsGoa&v!@WSi6!{qhk8r~fxQcN5EJHl+YOAFfbI;6!AeTB)8srtb zemFSQAn^|S`a3z?F)bP_Rct%BP_0W85vvcs-vEm?`pg+KiilSnbW{L^?B7G$oUVjd z`UHqmA#6t#hyK!}pIMY3Fu#wtvvvk4D6<^T2?$v;Gl}=E5D~N={$#0Z$0$4TR*9N)D@Udy0L>k`E5w1Q*sa3*mRJ*}H`tbo zsFp9z=fWx_2_*#Rqo4X0R22gD2O1uy^x)r4%~9^Kef#<}^Yc|VW9jIc*i+-JB~y}V zt71`fwqmLl#brhz2ZAW5vh;^Y)8^FZ&4kcrvUj6|6C>{;Wdx@LowCRu)edIlL*LUY z*8)e7fuv;LzT+{Mp3t+g(asIXywq*xcAnIl4I&RxheoFuR1Tr?9?nkf;5C_`B^OmD zs*1~n7MlR(@Z{w|t1y*wwxh3%ZNg!>gaPEXZQRVCt8EqHg})!dNrUdNN}Vp(7!MaV zk>Nm1`IS_tNFtWJ#BJzwOgWV2aR=Uv88L`ShkD%}dYw{;b%rXeT>q>lqO0pv1-$8TqwYCSm|XFvmGRTfC2^e95k~2wAFax|Zp!Ttn&cjLT9R4>`k0?gdk%_{?j9ugpdjmAA zRpy1v&Am8QFU5336q5I*H$S;c>xf!@cK%^*6NEJB)=y5#(+58(CcV!k%Aqq|YI!$l zaU2OVUKaqpA~Dd>8Q_kh#^!zL%VL_~N86MPF?)ta_@}N8wg+WY=?Q=W*j$Hb4vI7f zdER>yedP51smUp5`;OtGi*>^y2vxUfgSf*eQ|@!3dQ=qV)TqQh#?#HD`$Wt{!lASz z&9%gQIKWFO>?q{V^CSaBAT<>txy1K_PPv0*;+`W^qKbCATJJZ^n>uE#QrRVmU-jV} zRXwN(8g>7^WuT?Olm(N{9@1@1R^rZK8JVyf3s#FdL){@H%Dci9;`2RJp3FuUHoxi? z5bWMc=qAc8JQ2`!tSGGR4UnWeYPCy`Ae*EdV-W8WcDq9;J$1$DsP{*uuUZn0<_QKk zk|AV#L<6cdh%}zFFYamW@<|sDLljgWYDfWvO%bIpB^Oy^gu1SXNBU}j6a6C9?Wy(Z z#$}Y}C-E4u$>}}8a3Zy;Jp(o2cAkanuLi5E1gC}CHC*6cAd;lgR<(m5xn2gGx?_>Z z`!g~_u#!+7Mmm?hb7ymHpoXHr?!epdy5be#AMt?;6=L5Iv1$JPVRu0hE6x`$d0U9a zL$8TLEEL~V2TBUm3H)5%cb?2zQ;>M^*(N(Q6$k6?raYuiy*H4cNj>9mlqbfyVeft_ zGP#;=2)`s8Ez*mL8K8d8I#VK)qar~RNrY8}V zI5hnZbnDCzj$$`JJedPaN~n^e@WHLo`cqT8D^4qFWdp;+k@c7nK9mCZAPZEpMcVsu z3p}lpgvBF+=TPv(0mYf3Aup1CdmFtEig!pY2VpE;tiDGoLhV-KfDW?#7fZt!Z`cm%}?lTLsjT zDD|W!!HPFaYe6UT!GikB5-_ zfv+LZk6HT)30L>$mrV%imDE{6iG^zMc%b40v3)S9R^U4;%??Imp4M!h zS<1%&+Yj?V9L(HduX-Wh2yswLaL?*_aP06D;zDp7_e3iYSB08Wy)@qr=TTO0vyJaW zVp-Q0+_etnR3Z+QvXyzC$adg`V7Hu=m{HOw{dgCrY%MKeW()BYHmTqUC&MYK6zV-+ zg?vaoJp6b);(KCB?<=@fc!Ghb{a_Z9d3D-2lQIiSvuYk!c!tOKl_C3#k5Ki_{)|l& z{V5Iy&LdnBW1CGX28wL3p*;1M@Un;ygg)L~g7YMydS^h?B_Z?VqI%notU@#=qWFfl zj5Rw46mcm`)&&8IGDSF8;e~B+!~5^;q{2hz7qA@rkq|q#(JnrD<-(}h_kDeWxIyyh zQDurNxc7C~OX}5|yv|W7z01*^mE+~Y60-BrJjE$Br6{LGd>rpvy{HDy$OqY<6^o$k zd@%FE+#VhugPy z!z;Q+8>uR*<5&>eLKq5=d?yCU78-kwYF#k6QxQ3kn+oIalv#ra_ha;h-5?9D`(Sp- zvPWButtL4xOYfp1VR||cxrA%O8xr;x=Y~_++8{|K77_B%OuF>&I7`G!H}tS)_D44T zo2(MYMh9xqzuFwc`pb;bb;-9Y5$d18+@Zi-qHh)g7E7M+=m+Qf1E>;ro)DsHeo5yU z7nk4>nr7?IZ!&>FLXM&>SE8X?*)y?l8a-!5YW94TE;4j*v?^(&V*P(}`z6-J-PG2d zc@6cX;H<~3JNHNhqZ;O(Jdv}eOiwAaw_i79S;H>SSVl5vw|h!~@l?3hrPU1Jv81cb zBiYM?Hp#%T5a|L0RY9uvcIOp!ogSzyU&rqe+l4R+^cfYO)O*bV$w*me`&0uxb7>pjqKiA{DWg~C@O0+41hTZ&;wg~INENM%?9VC``_)f>wR{#w@=h=W0`+kCJB9^d; z`C}E3dXTB*q4E4|Hvctu*?nj!-nB^tU(-6o%xLBjgU3=Qe1~VrJO-O;|RPXHW4`E)_o8d~?PO>*9KjoxS3( zjzO4n7I18{phS<5lo%@B@i-*z&5|$Za_O-6^2JH=aqClH>V!3^znGX%2=>c9eLBUh zPtzeV=(Bcrhk0PT48|O#cbSuyT?NH>h*K;j2GZ920$6rhx(qFtnf;VEr`PE8T^05g zGBptDmvLq~m8BGxXTUAL$R@UYn43UCTEwf6P12^uIN>kl)eRul0jfoyUL-uK76E1Q zDK+Tu`bu8MqWq(mriE!kWDpCQuC*(^GIQiHYE%^6Mw-r{k&u?;&Am-vv60rbp@Ss` zCQO?Q|CVmQ0>y}&%$&OuIiuM)<8huOntXE@ajSxmvCRyo(blwMmy`Gtf08>N#wllB ztify9D9O=cmi>_O)&KaZUr@k1w&WUq3fbCg#Ycw5Ce4(AlXItNvoSYXkn?yBc@OfT zcsTx?NCViZJuwhsZ&GtLrj3xvhK;X8@@*SYpXP98KnGblmDfU_wQAa|^Qygsz2G~T zB%o6#oL!H#B9@y%-$H#VIQH>K@W03M91z&9w?VIEV9Pw+AfE1yQ2DSY{}3Bpla>lY+AwY0y_aXFV{B-~Zd2uFQNNf9Y-u#`!0=_x=CJf25m z-BOLN8i!iV-fqf!;5#U5??!{WL2pPIL*)v)|tx?8# zQMk^T&V)Q3N#jM8D^s%_*8QN0Ux+KVLCnbyJTNzN!O~+!9Yv7rFHEMiQ8Huwt9`Oh z$jG&0$QkH8`U7Ej6EsR37Vl36z_LFlvY0B(&Z=_St?OE}8#TqKE~8G)V2QR`n(Ww? zKEWaG$VnEuz*|h}tZPJ`3`l%H;OvX)=Pm^)!Vn#i?k1WZnTOmSuL_a)C@Wk+MA{$% z5d=UVP_D_dLD-)z-|2&?e5K3jZ~Q+58_h3?(aVxlT)R>1g8`_$1Gi$Rx`a-K!r~4= zAMZ|9b9@)o2vd)xuCsVjqTd@zYoBmVLS!Wl)sExxB!fz44Hi>RjJF0XaQ4a0-4UoC zKP%qZ7U2#sVOhZm6kuckaSm}kZ1|CrB883)DQw5KnfH&vJaFo53LtQNmJx%PE&&Nd z+Gv?9bm!r*ZN=~0urs)6SJR#dR`FIzPu70T`7Vy+jHH+(J_5)J;e{y9f3)Gm5FPpk z%%*TFI9Vt!Y~lM4#$8X9{Q-E3O70yVUFV}`iiDHe%`r=9FWO?;Y&hZ=M68>vV5_`y zvM%mUw~YkhDw!KR-l%-6w1GEdv|z$#w>FF^E;B+cb6{wLXV-akUs2WSGfIiTM$lNb z2p@ke0m+vs#CtDdY;#VJS0-7wvmj8AbxFa+XvPNZD}sob+L=NF!M^0X-mi&SP-p3ty+6F^7)q&zECWx75ScV(hE|xci&!-aZ zYrWF$O8tkK&HD6%z+nN=+ZBWu!Th7C83c!F-^LlNTB<@ftVo*hAB}PZT3I8k>RX6qgV#f@!d9v*;kXH4B+S$qATdNq@ z%8(nyvD(U^{5C`zP1CWEA66{#`^;R|9p{I<&MGjg*OPwD-9^;;v?(7#1^L-Yq?%79 zlhUi!LlEZD&{BTzLE!|RdR64XoGiI7thJv9w4v1}alvp6=_bl)7%1ZRHT}0qx?@kK zd#*C_A>Pr#{$u0pjwz3OAb8^8mVaz!INeseDRpq;xX|EHM0Pt7hFzdez2M&x$;=-7 zoAeu?*M;-19eivHs@!qN(66~)d>uy5Sp6)jwu}rO$5{m}_tsQ>>n?Db>NL4azp-OP zOn5J$-e_>me<+xqk5I>hkF=7Ff)|x&zl^hSXqct(^g`iqtJhI4s~r4j)eWS{Mt*WO z=^O>yiP|yc*GUU)WTRGn!8a8ZV_BEMfe)wVRF}}cf8gqGyW7&V6&z$+saDR3*n*9^mqPxw?Xo2BjN*}c&&W6KkZ5|zs7GWi1@?_rGh$rgBJ2aD* z>sV0ji<*t4cc~X_;s0^vE3wthj#K8Jr5d$Fk`*I@QkIdklUNGxC+gc;84b^k3mjtg zc2e$5@Z5LSEOkNj_{KtbyLHq@I%X{=Vxa*oYy!MiM7A8;HwmwYVBJbm=JAvd6yJmL z**w}5D5vsDvUJW2&M-^XI3($m94Y2ySKkq17ObgH=7FL>wpoRBu_9YVO~_r6r*&=} zSTkqWT2m{R7zPwY{qFA^gzs=g3WBTFm(u)VCOW%cuhJ2=(gwbVu5aK7biF-zimSl? z#uNASB3Mp9E8k24vgyyc+?a}3TN4Oi0jVM37GxO$06Q_V`QD%VsUE(eGOhriVbperbJmW>)W)IKPp{9%K|78?>w zbK?Q(DZlqnb_c)9&sbSx&$F%#CZ8&IPx-P$FuW$~8nqM%Z&@j~@F_P2N5+Pr{T5!s zenwtUYrq^JgnKby!yTN~KCD)Doq7^fh4HmhjebSp%(BK+iPY+j(y367)atRHTDE|W zBR-=bE=7l5;TR#iyeGr75LW?3qn%!5H_x6a+xxHbq6ZyEc5=G~@eFh}$2F`EHKM eTY?kcbHDXBOk_*czu5f5KC-Kh`}zO=q5L1w8#G-2 literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.svg b/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.svg new file mode 100644 index 000000000..5f9e7277a --- /dev/null +++ b/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.ttf b/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.ttf new file mode 100644 index 0000000000000000000000000000000000000000..2dbb3d137a928cb4b9938a242044b4a173f4edf8 GIT binary patch literal 29848 zcmeHwd0<<`@&E3VEcuWRS+{J-vQEo~Y)iJ}_`aPuzG5eF4(Gm{#5tNc2ZR7$AY2U) zNVv;U3Y5E?iNvc6N4l zW_GPG&KS#Nr!oZ_=xXoilpd7+#2B9kXmi&<|Inu=esC3IhJ%b1Hg*loX}u<86eUt$ zVob56f2ce-(z5*y$OSmQu<}k2ucgK?K`p+3xyiZtOUv%vmbpPY(@-WIi zk-9q4BIt-{IK7^AwkvF*6-WG5oGLMoOX zVJRqlt~3vLX3BTIm<73?NKz{lN`)jT@y&;%h}Xqh+FSdXgE^ux=}1gPE#z7U8zYh!_xw`6!e_Te$IZ)-eMoK7_a0*(j(GS z((k1=9BGaWhu&dz*d0!X*Aa5mI@%rMj@t^Ig%=j?cjh_`(O4`7oDNpOYFP_fyo~K) z*RsdhOY9&!3S5KI!%4Vw4znX);0ijX{S#chjKzL|^f2(U*mk6CNL7p-dplYmEsgr# z&VD=VAhnYnJp16LgU=sad+^4CeFy8`y8Ny6Z>@Xt;G4gbs9(F0VKvfbq@8FXV-F$y z4(U^*%=uL+m|vAG@C`*@NKr_3R(O@DNX7@3Jq! zvtMuy?mfV6=4$lEL3RT>f*v`_E@wlmlXbD_YzA62ll>JE*2ntU0Gq`I*=)8ElC_$x zVWVs`fZXEKsf&GA8g`T;ZUBiATT3E_Tf#Y=0`dd)-6))yZ zd?sJZPv;l$C-|QvtrV0tN(ZD@q(3PXiUP%a#hHp9DIQcDRTe6HlqW0iQofebn6flw zEM;fPzLeWi-c&JFscJ-Zf$Ar!57gP}N_CI=boEcvZ>m34M^n>Njj7JmKx%F3^3;u~ zC#Ig6dQs}tskfy5H1+Y+7gK+qdN}pd)M#3InlWu&+Mcuv)2>RpIqkl*U!?sdJv%)w z-IpFpZ%Ut;KAiqQ`V;9drN5E>e)?w_EJKrF&TwZ`WYlL&&zPODG-E7dXU2n?OwAn4 zGR+3f37S2c3pH114rdxOt1`zk@6JlkYR>v$)(csOvU9R~v%i;pUH04AU*$~CIXmZp zoab^r%lTTX)M~VPZJD-O+n^oNZqc5sJy&~$_95*ba`m}=xr=kx<(`}S9TZIomUss)#-+HD|EYcm+EfPJ*fLqAJKQ{2lY$!*nFq?LG$D0 z=ghB||7bpJ{@DDbgR#J#T*A zy1ZR^d-JZ%yFKrzyifCv}!g<)55?e*TU5Kg)kH|M&Ut=6{s`d4ANUw&mC? zHm9w^)@bXoEwF8{ooc($_MGi?+Y!6YUSnTmKh1uP{gK2eWG5B!2Cbq@!`oAQApXpm zod@I3(22Y_{;YuX9*RFJSrNvFTsDQRWb@+BD&}TY@#ic&F-Y?`&dty(HB^ zZ-nLw0!syItY&qna})5d5MQ?ATc!9Gz`X+6vJRtY8OGNtk!v;XJCS4z)yNqJj%wr! zPocvxL5U+yi(`V8mg!L1~3(iv#>1y6LS3 zPc7ifCbnF(W{8~t?u_Gk1MUv!oQ;AbTflqb_A>EpCB76L*GD@TodM)XU<-(n8_+*~ zXd4HR-`S^PpgpMf&QcZ7{^l|Fl+$S;V>uj!eIe!4#`MokMLhHWqW7O zY8&u97oataj%poxb6$NWZ&rHnD zJaI@0=5Zaq+aQ5*9wp0Qxy-=wnM*)YAeZS(%kr3$(R@s~QZT=!u^iM^m;~dn1hSb0 zZJ5l*V4GwyGb>=;l^Zv0;Hlr`x_Zm96)gH)u48N0EMs4Or|YH_W9(B{T@%-h+cs=r zAAOhWW@KWAzsnWu;bhm~N_|C%uCP>SbR!XGIJlR}5AfNTb&QxbPeq^SioC=@2|ba` zt?ZZV3HBs=iapJqVb8K(vFF(H>;?8BER~m#M?!wW{u}lt?lRU?Jh_olQI8&6PlYT? zkiMO`7Q)U^;98FF9Cw*IDxpH}61Ls!OyH9#9l_YpAio4j(c@cKP)&VFIe!UCL<>PB zwTkSG+$lMTDzd>OGrK(pN~ABi)AYv*Y(w zxR){)k_F#pNTspAE6P}w6k!=sX6#D|qfp9b#Zm)n;VZd#a7d^tjcNGv%q!YM zZ8|O~dSjo8Hd6bN5-*E=h&J}%egx^=iMCPurlumr8o;Q1$%)!`fLW!rz)NlXmZZpK z<)YnaGqpRBxIXqA+KslyUPgMAo+sK&?LICk!hr2W9%_4XLffhRQbnA{#K#N4mphqR z@e%HWD03zHCWm>DI+5&1MkF1Q3CWLCid2l`l-gM}zXE-f#R~Cm1YRm14-6iD0^zXcy>vsohjn)&&!Suwu#NEX0L(Z8jv3(paxuK05oce6^QFh7X< zLEL*-3GO8d2kwM_J}cs%p>OB0=|~kw!$<+70&yQ=nOwu>@*$Ql?$1I7sGTQ){v)i6 zzsMZYEljC6i&awFgq-aJJv&)mJh^bUA{`H-?{1_Zk{8JZ{7pzMj7vXK0bu{Va%-54 zZ)0YjxNiWhIZTg4_X;Epk^!lnEsf1dB#a5G!p{PVKBOS}mHJ9fR3`D9d=CO{6W`VX zHxhU{2>uU3wuX^jM_Ph34`~_FX-F3#-H7?H1!)NBain{ZW+2T)YDKC=8bi7rX=Xf~ zg!}nO7l^bH`i+irrxcS7TivJc_${RRHmTDBh6%ouE&YhmGh z4^|XepW9&RY==Gc8l!l?3Gn-N!?*k)yv1|aDezWLW&eR0;~~r&N4UflTnR7nQdk^1 z%ti)SD<;e%7FZv7kYyED^HiS3(|HEh@Jyb?vtg}d!=kaXTQM{K2zJYL(D5noTJMK< zdY_nAe+D1(W_Al~n7iSn{*s*qI}%!wHL_;57*T;-wuCjY_hB!c$v)t$KU%$ZYMV{{i%mKTp5FU05Y{Kh#m`8XGpT^qQ zd15|0U!Ku;EwAJCyn#2uhi&F9yp^}{cHY4|c^99~XYg)#wmrO8y=~*#ieM$c5XQwcjg#Ie((j9okla>z&&1;hgtpoe$? zdXx*uPehK$N92fnGCAT=CP!oxMl`Z^e_tWMuLwruNYfJ|xivMpOS?bx&&q98x&}3C1D82}mdo2~9w%;-w?;drdq?%|wotIHV;3 z2}Wc{Fd{>O6&2H{H14hGTQ@ITu}W?VK%E_(ox);Ehu#{G`$LVw9|{V8$Q$>E$TlXQ zC1HKb&k{640xsLnG92O9^{ckPkNV~n*<}k;2~7k`*?wc5-a1`-n^FaBK~^k6txS?Y z3l#KY(mv#J0_Ki=5&K2#2eCiJo`~HW`(y0)v5#W=VyDM8#ZHaQi@g*3E%JPaBlbZI zR%q;K>?2&iK*CHjc>w3(*pb*9^!2}X#K@NaFC3@^G3(fuvBS6?#{E~v7X~dyj)zTs zkG-GV7PRU9?2JUd*xQMxZ@OnwYw7b8|H!K1tkkSo|t!cPwZB4M^fzz}k($Em{{YCsMn z&J@h0Cd@--oN35q!51se49u;0_@0l`jG5E{9ECWokZC8rcyMxIeK=r$6ys|NP6zCe zQaqQ52ulDKNj_|na@Z@CI90Grf*2zqoO)O&RhX42W>g4Er4BXI`hf`+$t+Mch%*EB z$U@XUg85j2-LV?@*T9;PU_p$dEZGiL%+6AW%5Jh|0&LFwCNJ?hsH8_@u@gf;0`4^$bY9K`>hjW zKK%!PG0mwN3^kUaj}Flo`9C>GO1}{2A;{5lkjbNzm@;-NM*n-UgQNqHKKZX}0-0Xm zJ_@{tW1k~Ir=Y&)0s9irmtwESonN}A;%$s6B;jZ zfEypl`XiaoRR6y_1dX4|xxl+8f&DPJ`qxA`(Sv^n6nZCdfcqbbR(=`#8a<2kLDE#{ z2edr-NY=$fGkWKvWITWfod-@#P&)ZUm=Zb{G$qX>v6Et3(8r_+KScTz=?HqAW}^3# z^I;q^_$^|7N~TL-2Asa24_=u37P~2SKOi)pO;CjAFPR!pK|u^FqM*uwYoecMEYj#C ztp&XuZxcyD5)LW_zQv)kCI|1R4K%+9T%hI)8rdQjT7{>HexSF+0X$PMC*a8cQCv1; zZl%)~jKcS1=wv=X{|ScVJjj)3Bk2&i{YQx3(A?qx=FdR&SMj%r-17VX>>B$|D*sK& zWvm$cZ+{zp;uyGq)(L3?MZ|aHR6@!=1B_O)kwf&=w;`afUyD4)aVWMoc4q9c*kky9 zFUe)>cWC_)Kt4ixCZS-ufn+3ln;bP<;FLSUSUnfe@`y|r|*`QG_@>6jk zV|maE6H+`?>f}-rIpZ~gyN_WmA>4lv-`=6S80jB@Z+`-eW}Rc0wQI$=7xNEG7kwV@ zGm%S3ufQXyLz&w#(vTxgv#doAk>xmf2nsWx*GOi>F_q>C=oBtOgZ~E7CFCZNgX$4= zeIaT9%{VNGlKhinvc}{LLPN;Cau_lt>r0AFlYA$}FoI6z<8Ce^WM4_Gnx)2^}cs zgWV=`MZ8XJe}b3CLHEIPxi|I%XnQvH0YRxnMJUVS(pje?<@M`aby5MX4~9s`7A*F^5F)(?)dX}yOGC`DSDt31++-yO*z1MO7t}w zJwho%SPkxI@J970fhh-^)8b4;4Y_#M;Y=4& zuMr+#w(tP8f}1+QF#~$Yf_LJV1w5ydWJM)pB?W!q1*JZm3gP>ufLkT_N?u=%@cPo= z^99hi=_tOjC&nSF9v+(__Lh{tY>(dIa&w^F&Ay7LTXC`EE6)>#E znF8N$40X{ee2(w{%|bd=LOQdAblQY;<_qb}7t%>_@&1n*#b z%lG)(!T6mtJ;gQ-#a>DN{@tHrx52}JWt%7=TS3q-M*t=LcqDck%YxoPtQVfvQL_7C`mJQe1@IO0bGZm@4m$MBufTwG+P5oIic(R0?3z>r6!+Zv|@`R zo>SzHLtyC(n$a404wB(`OT0DXtvL$0sjCw(Gjcj~1$ zy)pQ6|Ni(U=ctUJ;^j$P2|NkhiFf2UBF1o$;M8LRZWOaRX^vv(?_v>~5RxNg0HXnS z(#y0PX1XZB&?Z5(=mq3RK7md}fl{~5>gAbh}k2_hef5h+_#6VSNK0mq%|Kosnud;MGN1b ztcB!I;Gs4rwL4zl5oopVaL`C0JaT03n+0UMlq|A+jqb3hWaB=s@veNkYZ z%EtUaku>%(w|Fh3<)( zM4^cb#dIgngcT%54=DCKdCGOumF9Cg<(enqWOvYvPbXOc@e|UvZU0| zK(v32#+MSaGVL!?0ICM}(?pWvswr{QnYha-15b9OgzZxRjYWqK7z&VR2N79z6bYwO zu8lAg-c(Ra7F;IkPDd|Le`f-p9VN)7O93_q%8*5tivE`+z>R#w3zCC6;HT)c8n$o) z@Hb*bRt+n-1DHB-W(p}$BU-%>ct&t4uy(!_&$Jsb3v#mo&l_=4)OsgsA?e8y(j#mW zNEONBV`A46^;QlwZ}JctYbuO*wM(RC$kcZ~s2r^Yki|(cG~#h4D4OhnM9+}lKzrro zgXVZS5v5s32^q)%-)U_uZfEh=sV$08{yy@1@nymvJsf-Je~5|jJc5LoB6d?UE-||v!rb;o?BFCk_G9GxW9-&R$dsqD*tPJL zZ$dil_*pCVV|ecmPsx4U%m1t`uv93jkg(LI;-=n@AF}l!&&dRu@YB^4Bga9z;?BpK z%H`NMaX0o+$X*|fN|FaU!w825;|=?eaFSQ2 zh$k~7&w?7&(3a#g(r8VbiJIco#BcJ*Ph834q0=Cwd{QIQ)1(hbW1UX9=1I5$)Q~4c zC+QE_2a~na)LQ@b8)+TVoU~pnYd#ulw9kYReI+eJN%pn=HMZohPH-+ota>TMN*5O^ zT?+Kg&G>RR&XkD}$zk15Kj@__{xv_s4ML-Td)>bVoUU3Oys z3rAn6!IeVzYdf(w=4|ZCITyQN_G0JB`RoGh1iBl44{{iPIYDFmZ1DLU^v=0R--iV4 z#r-^3K?-&b#{0QQ`|y^|&cf5#h^L$bYR*OaK1SDG+|Psccs|NqfN%Sd2N>~1E_;;i zgs&p5q$YVU`_Dm1LXKj(EojmKgx9;-p_|+EmQY<^vv0)hgwe9 zh{nUBtrFIMbMTiqIf6&^;88tzRF9m?(3i_`UxE33C89MFp0e@efJCIQ0W2Rc$G%Jj zWHDQe7Z%bMYCR#J&!vupA`zEK5%F=YdO*sJ-f+Fouk`zs#g5AgPF%8t_b!$W92;BM zyL|Z-D)*Duphja{=?=obP96=4C21 zmam?_>-irPJzd1R>+35whN?D1_egt>jbC{s#cFzir5;$c&;U*b%0fY-(V$nU4dSM9 zDMG<;b(PoU!WVJxeXD(}xvVJI*1n}{Nk_OcSk*anLVd%KwAa?zR5FyU%$(WMHrvn7 zDt37t(RuSqVB~NXhvcI*DudpLY9b~TUo?2`(46xI zn^qR~St72|86|V47d4st1~okwZy39LR>-;7WD72CUAft98CeQW6a77)KOK5#l6sZP z2Yf^~2=9GhePbvz zgbXfRd--M2f4uo7&zAO{bo#DKPKxJzUvNDsXD`1p`sF+CAlIcQ9ZR&f9j!$)>zl2O zH@4bU9nz{)e8c<;=M3)~?pp2WwbT^%EFD>>_iDzDIKLNfa#i7CqkZ%8m7CMkH}8zT zQb>QJK&_sWpf_X)0h0@7@BX(B9C%yW`;UJd8|OLEqjFAm5IGfsJIFy@4|q=OGky=? zuy{;PuPr*QT$z_Dpq}LRr0N)}kt< zGF6Q_-^_2c+Z*$_^Vs;uj{bpyEC2rYD+>nt9rzPXnQD?0Sh!S&DFi7bzA1bzh`OQo z(p#F9%B;O~OUVSXNA^{nT6-9b>^MJsQtf+?HIm_z(W}|VNimHVl}{cfPLgFlcix_v zGxyAsuWfyOZAhBI%h#>HxWE6Bb?Yu4JY{_O@{JppFCPah1wShUKjE=}HhBc9TrR`J zm^(OqTW9BZ$E@i)o9o-9y}ptDp5^6#{d(GzJ znT}?kw`^MR?7Gg{jhc$UD!bQdE3oCdv&uWm!}F?2ix*k)3i9oCtU)s~Nly8V$cl{-dQ+!Gap=>6wE0QE!@v|p?(3fq>R%V&AdM|kba`#g8>Tq~< zHLnok6kdSBfpUe%m75$R3YS9G{A$HnCtO;l%2FxQb?KeEJ8@O2Gu371jX&6&nwg?h zWu`U&|F1)9s;bt6cxCk0m7~?wYl6HILSE$Ub-R1L(bv&VXhEqIb%G-yogxHQi{Tid zVIH4l)as1;Zn=J1hAC5-VMwpK>gIc|Z_${tlo`g12Hwvbb{VS*3aX5|qK`x$*kcXZ z?IG(PZ~-wG$pFmoi$c{?FdH6y^6J_wYo;T6+ z*C+`)FI3G7(LKD-;O36#Klnq@gWNTr-+$8l=nQBR3F~B^@mKiQpdXepv>T)+BIX&j zPs}<7E#y*^|eb@?@U(~bfsE6y1x1X&2UrSyzD}s z*|5y!-nb=tD3tHoV$uz#m)OiE)Yby2FiMZY29UKq=3dN|2DPYaQZ=}oG^O&6!Zw>y zvvt4H*6ysIS6;tlo;N(V)UPkn6gsMYSK4Rov3Csb%{1_CQyDhs#mj)Kp;(=xRN4H4WPahsGQ1rX{wXmgZhV_EHBX zVTt*G^=r_rBRfUrl9-Zxq!cIkBlw0&J{{Rqx1`EnV^Qq~bF7_`*_W#;(YwOsn(v=5 zYg=Q!x##9%ZIxEnPQ3+Gw{^|vKpjN++o0Th+)OAmQ6Z@!(nN|7>BiM&#ls^#!^xWz4ooq)5#uk#>yl$ zC@x1tqFe9<;uEPBIy8O*mrOtzw~w4Y(Fai4Gz%z_bgwS1|Den$%cr%AYr1rK4ztx? zySTcv@VVOpXY_)B8w?{7wy=Mz>58&^s?l| zIuW87TnoP%P%kr2%XYD3Ef%B!xuAoj_7ZCJ1R&5{zeh>h^2XQq-zkjYqR^rsO*Inkkp_4Jq_%3}~Ce zhMpqLs11>ZB7-t9z(oty@s^^YG@>C;ExN+)%7K|^ucv}8<@{)KL0L(Wvog`_is)U` zdfXEHLml$G9Iqppe?aT#onRn8+GHMw#Z)$4V*xtUesVopE z3zU_`M{mRU(BQU)9lgyhJv4}^TU%n&B_n9l!53tv2@a4Hx*&2UgOER2?NIY=Gkgn1 z>z9Nb_12VrD4mjGebEEbO&GH0Y@M^SDbLb>A$KQ~4)FV8)8We!eh2hUbwr>|46RTk zq=l^0h>(>KU#qgTI%Or%NE+_Ygo1eB(jIexP!cvr<*|9(J*go?FY*ge3nFq!y(qf{ za<}F6cn$gK=1faYeuJJL9S&Beq@1Eu`h(Gf=ph57=Ngpv3F(=%8oaXAFyUj6%>esR zuX?$1jknd=R8VNQ1+4bEqP26T4HvXptE|(ec^wV@QH{4?#FA&yX^pycjeDBEW3JCU zPjB>@Em;|^X@RyyB;#7tx=|V@tA{KBnDUVb%y2jj6SB+MNPl~e_QV}KTsDm*-K2|X z*3Er(gX)Ykwmx0#Q7PA}FhCIV1g0`__x$)kGg$#?y7ZRwuH#2P@bvn8y`B%EIVc5f zDIG;A8b8TXaZ>ro+5W&u7geazRj?=0BB#`(Wvi9yGMSbibUlUIV8`&!P@AwRd`UKi+B8{9)@2u5U7Bu8SElBsIxpLI z`PCH~lSY}QPxEo<$bg~5fPVwAPX-O8crp$W|1_~iehhdqrGbC({*OeG8>GmRb{Y$_ zt?JxVPf@!1=Lfnn;6bEn)9TN=%~aF>xJtR1r?_oa{_d;JPLHe0^=dSuaSqH-PS!NP z7ubc>p(CSE5i)pRdXR5^>9u|y*xDEU%~sNd!WUPZ3>`@kS~dPw3hMV;;2BfkZ4>!3 zr@&`Vz_X{or%%9jQ{a>J8VHWqz^BlS7FbIv#NrrNLzZCg!(ej79oxccmztLs?^f!4 z(VyV2p5FWF<(IiKy7sPizH$*aRxFNwFYfYQd@;=dftZ%OchpZ&E;artYcaKtJQx14 zXtyffZp0A21)jl^;nZ$9f94c8wNHlYWH{}RV}}I(bQwSP-4p&E)Z38+&yeAW)-c|x zApCOv%sBjAz(q41=Yv-11>3|DYJy^H6Xk80@&)&2_ ziSy`elWE#;W#w?!MVmKY&@MtIJNVU}dHww(K5$j|PlBtEO2Jk1IS8~D|`$4dzS}x9UTq% z(RSghC~DCbFdsCha?AwZ0#8qdOYcwQ*Gz%GI|0v{0)J)#o|_C;C@0{0fMeY9n`PmNH^(u0? zea#!%^@V9wL4D2=tG&coOpaKA%OG5_UzF8U66f48EqP058LgbC@i(N90s)6FA~@}c za~kvJx4_eR5?pXv&aasQCyvVSTp2D_on8_6Wji@lwv&mAd`1#HJ#If^#|du{_~rbX zIQ&(>n^aBnXpL(8Fx7GOT+-Zq+NorAVv4E#? zNU7Z3De&}UxS&VQubBcT{4zXi3Y_Sa;kg6{b?(@Ek{Z8Yn?|T`?f5yA@AbSve^X%{Z;-zz+Y5W#?`XO%FcGc?+;9o)quaGbi#Un zgd~-E6k~0X^fXq0;t?;nJ=IkKMRippB3{Cbv9Qc+HxsaUmd0#Y>CQ8l3i6!6B3rT7pJ(&6)kcf?do8PKD|$-Y zL61|X&&%`F1zTIhP+enpuf~{R$*qmPQa3hZ z`l_(b)LYZlLeZ%Cxy6?0Ee-WQ+B|UbbWkLGE)g@4eXfK@{jEONex?KW9@%z zFE;0@HmK8v`qHu@b1|G0%z}P7N30E0;rAAxk10qZtC#p7nlLg&2n%K=GDJcu6+J;v zFrE7ZS>o~SjC5Cp(PVLIyOvdURp<;Q1L5wuMUBqvuO33O=i@C^b zF4Ej`-E}wIaNTvcZ1F4}9v*QzM}~(Ndq`?JarwQpOGK(D=vht8h8fp+?vASI&aoXk z_@;&F`TApDBfy2K@Wt{bT` z*Beir-Mf2jS$U<;+8+!B7dBLH+7wo#AX?3t5v_X*crkk?jd^MntSPyl5^?LvW!b;> zZg92RI*ZC{^1D0cHWzuF5qo#(^4jGmU`4sBWxXa?v?$;0bLabwqvhU0kKMY!Te5Jd zveT%{>20hVDk1%fl`#G#+Mh#7T@vGhjKjBC$K;Yy7)D;WLD`}fY6 z!Bf{1%(7dPy~&)W=lj58Bja1eM9|DMtUbc@=jgXf^8{t`U;Ti=+s)z)5A zSzA+@@3FP!^3gwM6nY~IYg*Q6syvIVo?vA~Fe|s1x16*iyLh<0b7d7M^`nN5gap8% z;6N)cS5|oyNz;I=(^PWcT}+cYOGuwyQ&?DDZg1GwF=Ja>(}=w{Cz9`~btx<}Y=a2( zbC1nAb6RCMSRDOz%l9|!xNJsQ!Mxl&&v3WHwPaQ6k}9+h8jT-D`!dnqc zYgEq8`slm-p-7u2N4f5%D~3*5(6)WozC{>wG;_T#WW~oY2oWO^R42yQjG&urWL*Si5vuBQcoY9V{07 zjA{aQnT-YR;^DT|rJJoJoksHwLt`Ykl2m>v5@D-<3yW zIxo*}H2O9D7mr?bOYcRaqZjw@@GKgdy};>QFneebt>q&U$ScuX*i$qyrmx-+no+oc z9~Q%T56NsHE`I5F>e$7|Ba9 zkVCnT2tB^5hWST#^FSkK&rh{k{9l64gyCHQ`t_+E>CI0gz->~t(B%2M|F zH>B)hRbhKw^b>wtxYad9%7C#77(Nvk_M}q{LA-w<-p_;q!C3=#wtS4=7lJi~aXFzi zFY$)3_8kgos(nS()kVH)${Ro&jUg}MuqIzP>~lJ4dQK?X9(zqKmz0t#9QFpQMjr3e zw|Gj5yn*hP!JSmIsEL0f`SAMyjJKmrxC1V*PJv$};61R=FGg)%b|C^UD8(0&MaV9c zZWNZ^EVM)+U5(uWU`<5f3#k?AByvtPq#Q^wRK(ly9uMx>6MgZo6U~v>tk@ua)97ot zya^i#bS7wuiRLU#F)THtbjQozv4;nvFYe)=5HAP`=|<8xH{jR0tP}%`cpG7q(=;=w z@3R!9WRk8>8GXezk3GLcKg+ee7GuI*T5MIec!NRW^?Ux7>ar4Jfy1ir_6OZPb)IPz zx>&Bd`!ej{iWHKM;jZX;T5%!0`;1}PRqk{j`Uc&?~JajK}=Yon^&O9Js$J>>4K z^VC#SL|jyLu}M^26ynDwTZvzi=F71=WwyV*2b4Vy=TwU=s$etFW|cu zzwbc(a|M2JililiIN6`1TS;1=HE7}hafUFaHq!DJ2P!(JJIcx=mEIev3(Df>ctknCI?q^+7PokZ`fK}m(mQC8v%RPd$Erg|#oE$wLBM-qja z`EOCP7r!(?6#alG0vs6myTIthZ%+{XssubXj9+`YQz8gE_BYBI8|Lp~AD)+8D{@{N zZxi{7NBCnDfsFX75pFZxf99EyO`B@=jqWSG>@rXtMvlKGazuO)lVJnCN6xIl=hA(n zzzrPy7Ub~a_ppeH>+oB&L>)@Tk`p)j*h00NH7?=XU&^uobl!w@3Pm{uX}Ad%2c3CPP`2DGTeN)Xb_OS zBQ?Qb%?L`~<6ZvRy7jLu^NO-4GaMV`#nKbt9a+X$xD6SGUtYE9GQ~*WvF1LaFn}C9 zoX$F;lOF5)`g+Py5XS*gll7jc8rB`ziX>*hD^|`yN_-ZkAr>-x*xHzq z;;F3kq@*;qHt7nCO1IbRRvHU*mo?0CSBDC$<$SIbusVWa*Q|ymUoHJryp)tw3VotOIfW>@bSZu*?WfW1 zV=wZjqV!9mUcQL`NP31=dUQS-9gz@u<0iH5KttV_X*{zxbE|o*u3>;LDjltyZr;Ab zGQD!NbUtZYPwX~W_;+LcG>SfhoXD{dC9zKKw8U;f1VNP4aYB+5db?y2{pwR4jjVOf zsjM%sdF$Kiy(ON^oW-+i7Z$XcYOG;jV@IQ}#FwF2e!C-7Z*x}n`&_gAB{M^2gg~qX zB`xLNc4Lm;+CIl`9?|Ffa`W;WWzA(Jt>zrBscj*@!CYvyW*fW?pF@vDKUy8VQ^H0< z@DlA!A+97wSxC#z+5gwBZJizC9i;=(8^_$-P&L{!d$~V~z?_1W#r`HeCS3sQ+eQ9Z zij%fCHA0O*lT6 z$*^#kXAYk><})fy-VO6Il+)U4lo@>8yTilp^4b-xtt+BWE!}#<4O^E|pH{|ZE9Od9 z;jd0GkSF_v+Lt9^hJr^fPgK-f*b{}F4JwGK5I>hwIPVh^HH>Nz_Joe)x6M3zeM8so zAB~J%Gwg4h(?kqOt6~8gJbXH{guAZvp=geMy zTC*uO@Tkz3B5ojQhLTYLQw4q2YFinRKbB*0|vicVq zX6r|h`WI%-USgVKTw`*s$r^ol@y5kB;K1$Shacvajbcv5oI^WA=x@yFy@&6>j*erP zjh;ZgI{?W8q)(9s$deP0^?a6qJQatykY}?f^)x|1wG}ql5`GcvR}48>lgpYjS=Juu z92x2C8X4)bxLg(_4R%$IjbV4?U`=OdINaGud;5BTF_)h?#V5F7zCU1@%Pp-cy*7Fx zGLS6sKGa7$iRIZsw)o^q!K1R7OYM0&m$spPeoKFoe|v4?5|7PcG1d%pG?fnr77z~5 zJPSBrHG<-V9{YwXPeVr5V5)~ggVq*Tg{g3nyTpp+jI0JnYrx&;wddLW#T^>IH&kIU zh8j&41UR%|m&01=EGWs*l)Kzvbf!cxB)%DKOCf725+czz(S`(hKf;*>t@p@q`0s!292TtwrGqG!Pn6QcEYDTgFycd5`0O;aLFU8j!Yw+V#o}<83-SWm zk1kbZT2iZK&e8OTEGC!PW-~b+Ul>*>+UsgDY~(#(v%vxJ+k6pc!d0Izmg8DX!~}p| z^$UA`irb*eFYX^+GF)7vEzWZ2ONvw6a27G;Ymq%gC;&bhg#_ znjmQOHy8MyX3zqx*N|UMS|CeOZ&RAfoOf_S<0L$PoVWHvsGu%=NL?n*mNdimdR)U?8S8<@M4XTY_0S)wn1L+Lq!Lq&~lVi|F%DRv|K zGk^P=mfIC26%{4@P85R{rFAf#;w;zFLyq7-SHL>{cq0?#vXh#RG5i&D?VAwiUyC-VF%4)IQ4el8Ai zO_X{*4r#(~Cj42#su+GlJzhH?F9^tsafqKq*^l`t$n)zsqyWEJdzXN`6o=UOCf+PP z3qAX`(6eT|kBIkopn)a)lC$`ZJvPwyalcH+RU&?95L=2S_Pw4Kh|FIunauit*;6>f z*W5LfuFMUnvQ3$lKEA2GsJb@IVA5u`>&@LWA9d!M`?EBW6q^=d8wtM{E$SBb0M+$R zZGnf1y90sl;*uGGz>E@Ge!k6?m&Z5xd&805;^N*&xYs`zEb@m!{vr%#*j4;|J{=yX z*e&<3@ZMk4;`6l>`RVGndpvfV*UQiMv=kS&c;suRztG|LI|>ozk`Un>!kTasb^zcN z)+y*E8x`YAEE$nHhNVjLyH8$`lr5P>Ga8(Q^)osu!d1ZzJm=;#%;+>#S;OV4+`*t5 zX{fs~(9#rW?C!K!I=dUonhPVQ#_leS#@tt3RvHeMmWlX^FLn`sMfx+v5>0Rg7eaL@AAx7T|IJC{{Vw{_uaxb5rzwUDHUg z*f(G>1S)dfxeL{qsqU&gCH=(=v@;?{yTslL%u69kQ?_TJMp}n5{Ot0}FF$err6G+a zQ<-Vb3?A5j;uTk1vA;9Y$vt}tTOIhfC;A7x?gv)v`@>dc8_v0I*>CcZ*Td_Y>__;<3Z6wN5@lQk&rAMoAKAJC}K_@ra;cP@%Tk>iQjJ6t7ltQ0w( z=66lxa2=Opj>z#Oe^u5^z~L7;o{AldJ2;N;lc}{>nJ_raf#W8J|eFvuRKa5qnwasK%;F1SEk zH+NsKuX`WYRxuS-$|^gk1s^03VLR1H$Y1;ELa=-WN)o z&Js#|H1PzE;rGu$_@^NnIVNt{bTYh><4 z5Ao-(K6~`0n?}#R8mxk)1nc)r#8W|uPW*i!{zyR`ymI@MCj`orWdVHM8y!FOtg}u< zUK{>jwZHP~X>XMWzA4#*G@|VAdE~*fsG!{AHuwsAJUt%qXmI89cxE0o*-f=|HRZV3 z^KqZ(WAt4LaA8%cP|Ht?Udx|H??w;OcVFzV)GBF-E|XU6gD|Uo+ON*&=NU?_893d_ zS6|Y>jnNM}E{Tc=MpFJ19-*bvh>0V5`+5Hv+fE;derDyy&P({J=#`grMn3@lL4F4N z60?bt+HF#+2X*^R<@lT2Vt(?iBqOB~m3~qwgb6VyDbJsR26vU9ks8F11XW#-Bq>L=6thkkh0Aev5QFAUSc!MN$>N zLZJjiABWtC9ZcInGwof1=YtVX{})FiYR4GBJ{nW{eJiez>aSY%Q~EX}-Nbqn^7x={ z_xIf@-LzxLUi$Vp%Kcm}hnS2hefkwEr26SUT}I#TMY-GMasp@Tt$or>-FuhNw;56; zyPw*I`VhuZLtO43yJW0pw{o|%>h#mAMn)*tT(sjBMVrV4pMkQiYhG~eg62`Bbh~fU zCf{tz)r$Wwe>0b7fVm5hbWE;rt84XxtTsXU2m2Pd8Ua>^kRpqYm0X=7n5XV(7q^)m zz%(WeumhlA~Jwiz(Hx&5&1rDF@p@O2K0!LAiG|gXN_xtSxmhS@7BkVrK^nZk)*1IlG6J6(vpTqp3#^`37F1D zJbeo!V6H8q8T&CNlr#iB)$9t@Y2Racjlg(GInx+cBe44z&P)8c=7P(tf6(k2KL oL0)A4cXdWxX+fZ3Zob#M=Hohr-jHojEpJJ4IzpJ*|Jx=1A1bG;VE_OC literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.woff b/2.5/en/assets/fonts/source-sans-pro-v21-latin-700.woff new file mode 100644 index 0000000000000000000000000000000000000000..a6786d1f4a52561fd9a03e17378c4c10914d1ffe GIT binary patch literal 16104 zcmYj&18}at6Ykgc)IIH~+f&=NZQHhOpW3!<+qP}nwr+p_xp(Gfva{J|Ht%NMY%)n^ z*F{EH7ytzLDcmQ3-~VyPlppzj$bZuRUql3jgaH5`+8>PRhj@Wofe%GwWfXoeQvd*J z006+_zH>jz6j4y(2LNCwfAACl0K`5U)D%cYfrcIc`2C{;Q2HTVO+M!;11mjS000*A zN6!HO0LJE0DM&D}bTbA3;9>v(;&=dn%M}ii^UKso&kz7$Cj9Bg{2yWXU@w^dfIm&m z9~t+D2%&ty)=jM(U4JmopKp-?0KaU18Q}f1v@!V6V=ei?e)NFZDUvW(tn^%e?6Qyi z^!u?5zy)FiJX`Bo8U0`fKVzZ!(eso)vfi?_ac~3xIFWwj1pok)QWry}(RJ;2Z!J8p z>>tn`FI30|0tH~?5Tk$yxzBE`UKrB&x{$_UV^opo`r$*AXcbRyCV;akX!eg0*R{(O zP+N>qgrM$3$L;-|b4o%f< zuL^T4M>Re+O%+{=JSn~Bc#UcsHLosW#;g#x|FNu>@}CrqCL*d+t1Xi{x!Oc(PiQB) zqlaa-K&}ZJ3kN#WFTENbQgo*zm%$}+PESe5zTA+ieRL^*M*0n)V|b}^w8?W!|e?f8d-h;v2Kl#2y%V5#MLx9PW4`UE07LU8lL&*=%xPG zt>zaU50Lj1jpBP^$m{QK{Ngo%kq|!dymV~3U~Tw$68nd6V352-zS;2@QaZ{vG!+iAMSy*C8Lr<5NM7YVQ$#B1cRFIVOKp#u9qK0UeScO2TjoSH1a0k1e2%xNO@56 zKjb5BE$CDnZZ+6nGEMiN^D=otn7>HZUJ-qizxRbmVvTKK(Q&~WLO4NHd?{-!kRU9& zUO4nk-{m3QG=Gn6*9eUB)PT zf@+pEsWobw?K|gwTq%3ycPLuZLWW>QP_2dOo}&?=h?inv!U@?IF1o~r*=+w z6LuN4Tk_X#7t~@IonLS!^3+GK#_BG9x~Du$L-F0XBy+xqOHOb4O;kIA@1R_Aes|0? z!4GuzW{wEB2i!5AA7XpeBkH!tmQ@O0?5(9#mK`&*blo556}e3`afMQHRZXvoSo%}y zxrjHn9il(RbUN~k=_a#eg4=*kuaC=De%B!`zGfdi?@k_eldJob(L;GL`fLWZKH}PNS|-8yOp-j_5_*Xqc7#y zYAnCj*O4Eq3ZA`4oef6Pi}d#=pV`-s>USI}>cXZu{;UU7ITAzOGt|IMd!$XqcujZd znXIMi4zD@aoHMPI`Du5u`)5O1y;{vlY`t1mDNGleE&Ee$KNoTee$aOsYIP);mvLr8aF@ zZ3j*Vh#{@0)8(I*Dy3rpv73ygvSVp@SXskS6 zth2X^uQnFzMT!Z5h5(@%j&?mo3fE4KHp|OZD73KjSq8gxD;SMB2gk-vY$OG_&dr{C z*L0{gH5$jU%m*lSZd5ectxHE=%14()4|tRmd7NsQZny3p{}b~}D7Aw{yteviDmFWh zzHk|fcIc(98#i>yJOVy^2~d}*2|qMqDP!n?Di3Q%5=g9h-_chAa@TGXW7qB;@%29r&OI{hN|^m8`gqMWxl5 z$X{nd$V|}U$iUWA%{bxL1)>E1F{=> zliI|IwRQS<9J<*OBO}5W6I7e6YO^X6Qm^k&vQ1bShJKS$%f&4bFTcI*no|IABp2X? zwVsi79L7yzIp!RI-s2oPscl_D)zx0S*Oup88d1>CzrO!o;Hq~RID+I51TZvP9Uh(B=-t<*jDbY}i{l%tQhTaa9A zm|YvW%hTE3#}l;@**hinM8koS<1AEW5?`Nop$xR~MYKUxTaFHyp9MjX0i`{6T);}| zbgnlE^qTVY7-*GO`qFC1V>0`$_CBT2P2^d+e2Q< zYRZE}sTYH{9h^KWgX?OU(DfG#coXojP{XQc_MgW|0O$7wY8OX>B>x);2d41F{}T?Q zw*1dDcah27zGWuM6cSA$)9Z*H&U1>sZ7L+BVm%z|`DmodG+(Jf0V&f_bR8X0?I;ZM zUNGx5FA&rfECd!MnA4RKJ{l1en?^sYC*J83DT`WS`p;z+5vVrBU5B)x8<)-8W4ap# zR)@~Pt1qehQ-kZ1V@!sWD;k|GakQKUi)_`l0LB{rt=clltP_h&9ufR3B$BUl>>F5| z4e>EjFHyEBj3aLxh!H(6eUfPgTHSS6(MUbvqX!_pYFoh)TBdH^GF*#-E8c_RYM8n) zEOVk0g+qxQ?^ETIhBqAv(OIJGF?;UO8Di3?@pF{A$w#bPzS-hbjAL0^568ZGXz%-2 z!i7aA_4l`(49TM%KMn`|fm9aGjfD3kALeB3?j#G?06?tu&(A`4IL%9Ed!UWhKAIoa zuZyxgaR)L&3HOfu&CVOer!z?Km2O7~I>0EdDd3WmJQdWe&#cGy^WSSydU?ZnokB9& z2`cp!8-QhDEGh-lEy`y!hMZQ|Y}I&!FnRvabtA!dqo~0mphuy!8VU(>2B4jcItqH^ znKP1gvbQn5Njx;3aLwN5F~M8vXN0rG+1!wA@e0C$zNJnJD18%e@2z_VU*BEHRkd%n@eH{XY&V*972mxxOC;H>!)(WXi8kVIFDy1&w!aOXVU%A7{IK>! zoRe0Zv#sa_5fm$Y&i2%6F(2LLvnltwj#Q(L#KsP(zvbJGCn`$WV)o{#g4mr;1gG6j z#e~!GEhdlOQ4j4;;H#U2)6J#F&Td^&oyCjq{7`3Va?@oRpIPf^Gn--S)dK{uW`>T7rR8qlAQ25aZ?0>RGYtJndT3xf`|gQW z>zaEBm+Ey^7!nzE=Wqu{MV1;G*5>Ar(=o4`EfWekIf!<0MGDE<{uemyu2YN{#8c=z zi~r2>k0)j2XilF5*j1LB_I>#l7jYPKOq`5fAH<}k;R_QLlrm|OD*D99%EQ)lDA5BG z6ori%MJd(HKoe!fq|m!ob61!gFSQJY~I#9z@o|9dpN+f69|RFILc%i#hl%GMeJPP`2KiGcv#W5S<2LJ{stC zIea(Qe0{rNZeg1LcW3dMVDQy~MgpC2+HSVmOub%dx+HG0DwalHZ?a<1L)_mCwX#?k zU^BVaq8_+`?ULFAY`e2O(UFrLap8=Uck7>-7DNLvuTfm39pHM%GBi;)5jYb%Q+|+s z5PmR!uzhez!hAzI1cCO+>owbI^XvER1muS5ka#~cvazA(TK-IQ)zDj-VZ0aqvO?wG z+QwlHDEEM;&)6;G-9YQbc-~Oh$3v_G9 zjZwyeN_qUZv$svR%p`e;;QHNAioDQ{{4^jnVBog%;Vw%;HtjtS29+*D$e$5()1DL? zv;#2yRCEipE}M4Kr00}16Z~)!zf}!O2eF|d9DCJ@GwV0TcC^X|rS3;yEdD)b*l!c3 z`}69QPr!25$QibkSG8IYi5XWWsOoFs{tm6WBOnU@s$U#XjxCN8a+o;NwOpB2U}<|D-ynT<_!KILre&uN{0V?A(_J9Jw(crIHUe0OX{;uo?xHax7m zG29y>Fx{}Qw>eU;`+s30fl2*?$F1H z?w#`4pDk9)4~$otc~MzuIMCws62jJ6i#R@s6W9f?*=x>^ix7@ypwy2& zLZJ~OVvOO!j_j4f#LIW!=mep{2)AhCw6?)KPhD%w+eig&`eDb_NIBKoPjnUBBw z7xW~EFLA13lBle#v2OQh-qDt_w7NE~g(321_O455oiJ1XklWW;awduT5~@$tMJN!@ zn>*qXi;dqL%q#~bYcVEhU!E`!rt&8HG|a~@J^v$T=4k-hPWOxEp zt@*+Ag|d?fF)N)UaTX$Nmjl@Eob6m{RYzua?GOQu4{K|)4(@D2-_E*}nr6b6d*f_S zg5bea{eBh!883 zIKaI}cF12`GaZ^zSm$nfhFhun8rP|6`u(uZ1BT8fBL_`?LK*>Gn;u}`$gb;os3j$D z_Nr%3N)BQit@HO?{|t-P@O?0ptJDR4F#7CRPmuzuL-m0*N)pk|_4ee>Um_V>llnsA z{Y_m@0Y_h?7Xb&g0Ar*mIJB z81q^2=F?#Jepu@C=PC^fLW23{;ihv;nE81gjI)<|W}8B^-|y=rkpnlAo0lO13=#z` zmz~PXNVNiCk=FGGT~C-RS9hU%LT-8~b6dH7uz6u?pte_iTU3jv>P7dVm_Y5l2gHY6;TaMr)IqqkwkJ09mF)k13Ov1m; zenFp}6@-89;twY(dcAa59T^iPmvlOG>@H9^6S?T;=NbH2jBVNu(fY!DfUe|BHNZBA z+_0%%ui}>R~15S+w}ZNQ%7-BLMSXPZRQk`j=`jEp4y`hJJcI@PYUkycH0sdAx4SBLMI+uFme zpW8pyt?J-O=0PC?Qo&+MlLXD=6yqcvq!Wl}KBu&r7n0_T=H#u!F4j1@y(H@YQ70#z ziDTIESg%xuuUgV=UR~_32E+Z$SGHJi{ZnycvQq&%h1|oY-J|wC5WieF7HKqR@1V9B zO0wPGjOox^Z`uB?>b%D_GaC5kOEIF|?!tGs7q$|5z20Xq+E}N50_tNX3wgDQ%aHj6 zx9Jnp2kMQ%(-Gua>@JGn*p+3D9DOdB5VG&1{%v&rXO+1u%%r9R`%qAL=tM~3@e7IuE&tpnG%bCHXoJ1nSA z899kp@E0f0CtcPj9X+>hVLs`{lq<+i6Pk5H1Js5S=k8SF!v%lVqOw z?PI3@I>zK%7KcouGDa%aUl7yHwb{ieQtkU?K8H@z^naoUxC|Ml)S-8~Q0wf}re>Md z=P4C&@~g=b^ozHGOdL*o8k#++vW(Uke>ak(ZA=x~!x80%q4JT7J8sG8X&!6Vg}Id!%z<3D>YZ=_WqhS4w6e52?vh0>4R>y*N!0JM3Nca3kkt4wK2749|%kh;u3*J zmdj$DfwkYTBQgLKZUG%;x@2HxB*W1_BLvBD9V_K1`#3GXY?z zGrisHEZyex71%mK5X;w|95q;{fYVv#23qsMg8LS37!0Ixwg{;1S0rP_OUov8wy)(Z zNuA8i+qH<0*&EBMnAp+!rr$a;miKSp>O?fb+T`(PF(y#-Q;q3o23P_)`MlRY6FZ{p zjqc%F-OLPY&O-*RpH6x|mC-&hi0h~IMEVSJ>fv$*g%SiIK4~5q!h|e#B%=~fEFf+M zk5SKO%Q?Gn_kw55Qk7%e*f~UnNAG#7thxl zK%G$hq6r{oOZF}*z6z;p5v5ij+X%ZYL~=MYQV+Zx!f(YD(f5nBzp+0lp*;fSN;r<1 zG!*t1U@FJjTm+HG?Y^R2Roac0YRcK(ui)Oiw0#1)wO#YZ6^N%H*!J#O+Dd1@e=1-5LW839i1FU4OyVt5wNX zkJ4&|z*9xj0hU(;%_lXPURhq~H=iVWqZcS_<@1+`5-JN1>%vWRCs!wxfJE->_)dnX)u$=Kyd*6s$7%6kt6Ki# zYmyI1TM#onB(+T3{+gKoI>{REuR}mTKpY&USwK=5DZJBnTU0^0f*c#)=}^S(A=$Qb zsk3CchxNH|?2fPW3>$UjL_Z?Ki|*|PH}jP4J%o&%Hz`QK={{)V4XqMv6KouC`q*_8Z)WF$1wJ!r(8s4v&06x?wtuPxj_z?z_`D~ufX4B&unw*hhCK9`Lz zkVROmqv873-0@(~18a3T{?%Ri2Rcw)^Uf_K5D5o5ycRSQnue-J!@*Szh&!&I0_tW8 zv+4`uqtO?n;YA}P5^N;NP!yai#-GMdKws2sux|<8e#8Qnz&bv1!iLBte`F}XE5BYngY6qtDQ6>%8V9EvSC zY>g23-76`DPl&U}7HX{_(>@3Uy0KQ3ggt`0Ygr~hko*}5eKwtqj&NuZgCn6^1rw7FO8-%)8$o9%y^0O=fSZ*BAR@>RdSg*InNH;_l{ zv)#-AcQ6GfBkyFgX;SU*JN4evg?Was$Q^{K_p6km&qC%(ttMpa(Qwnf8TnwDVX!DbIfK0i+dIcH~tyXVq) zR^p5KO&Mz+6RG;ou-(LYX1LP?|I9XvgR2|Rmn5tT@=fxQ?eCodkn*0U?xE~|s0Fh1 zDc@O2+_Ru$9WO2W^_ps!)H%Axodjftk329B`{&dJN@a;|F~pA_U5{HKR{nws-N%#r!5D6@*v z7?s||(MbBt!sE&MJP=EY@mZ}Xi3RHaveaI)PJ5t#VVc8lw}>u9nuG0CFF$$AcOdYUj?i=QtrpYO;&Zl zcNQgMOac0Zv?sDf5#@Pl#zn?PvrO`&;v(Hah(q!g(vk=8VF*q}-I+eHMedFLb>jj= zBV=z#Kqpz58$SR?=tGc16ext2l4ipjLln}A z=()Lv*VCfkr!T&%>`0bs(wa|By+-*Liny%$^^e0HxiQO#F#2rQb^2}CckTk9U4QT1 zKw2+8?erR4!4=-cN;71ze<&krW6WWRJ5mT z7D4_^ONrP=a2C;$xqNFr``hk;+$Qf&p7`mu>8Wy@7LayTd1^{rE=QrrEnwmx@Hwdg z#=Y&e}HQPGS!M;UsVY2c`-#m zMRj3Y&XvnZ7V+2reyToMyzYI}9uf;HG+~SdWfT*}ic*su@2)q!8vNC-yAjI4IdI@6 zaekG8f#oP!vMThed`i1ylp-f52YB|M<*1MU#ZmY2vyXCaw@tJI*~{~!LsQ?!#C5Uz zt(dnLef0rFv8&N9E!LoCvYXQ*0_F7Ha_+G30(U8+!n(Nn>C?h1=0q*OLLoR=7Gs^r zS4!%Ql()G+?oRP0Ic?4j70oQn$XHWTU%OZGZ)@D3If&SeSVK;?cu|;%Jc4nj09oGz~2^uXKW{r$916&bX1q>awy%ns54hFf3}D$n(fDttVxLElUkNJhst9JzR0|s47jO zzZ1-kxC(gQ9|aVc!tIv(Z*@X>cA8Y{(#A*~N{sqYy|-^gN~RO-mzL4FG)FVLshZ5K zVWmh-UP%haV@+Zp!A}>g4z^BcZ)zf++iFBosC~cKIti0hURYINJjK71f!+E9eWAuL zf;%O+0+aPG+KFgNUG$jRuqp-=LK(ObzMnsLZ7v2TSJeMjkAzfkp1);!xnB)$!X)9! z$pxWgBr|epA@yT-P_dS1dLMHf}By3OwGTajF@;O*?uFOYxXHiBb$E zI3&lh-l~_~#jqH!i1I7aj=Aya0C(lZt>L2Lzgu+~HQ}dM#>h*H`x~5JHnvt%+G*io z;oi5Vk;=$GCaix_2h%Ih7*jQyltoNIz6@o?V`gTO860f&b6h&ibTMz z(c-O1n-Ev85}}6YGj#WGrpSH*J4}2wv?PL=Ta?CRJau08a)x|WQ@@qZRE*^JWm={| z!{j22@Y!|xB^xYlej*_P#{Y8PTf=c;@8EYq!wQ$8UK*w0siZ4Ga`FUgBXPsp_{Tj! z#N7G<;X_|%SNsr5FBz|lT8#a2H|U|Dv6^1bd9jU@)<9p4kV#=(6egk@{r2{0f}CHu zH-b6YrlQe^cQ0o3b7fU~n@$$B%8vl9lpq@i@Wq;}?1 z`AN6_)mpndO?G;Fo=-0q8)x0zsU{me=c#Z?#jibcv`Qj~!=nc$=vnGv;SX4zOgMyW zr=F{BKIr|^RZZH-fmTe+mD#2VwQ?MY>}BT0R%4-G#&^cv#M3>3QNqkpA@?bUbbFjd zh9}`6ngSuY;=FL^Z*gIo;q||+uJ^BtcixapaRuHJMIY*PyoScBV%XNs>biTM3Dr}8 zX+U7j`X53UKh&;X-}~?adhVRQw*@ zfoSPz1axN%d+fM*fr=W;8X-gUYH>=_^EjeAVPwDl=9eK{a4LcDGmAr@CQlx@Usx@q zVplKt9scQxDgui=(RI_V=_2}$N7AWcb}4GP8OPGBxU6Z9}HB!(Ot8?-; zN5`ZdgK2Xsq`Y`a3!_TB?at|m%J{}Ahar}9X)|)hL96vZGAM34^cf+)17;M}ZMGsX z#91nMK%49AtkPjQpkFK~ z?-1nG{_!q%xOB{|-)A+vS@M9uiPf3)9+i0>LUjf+JUnANKGKxqnm?bo@Txx$XM)*D zib2%IVc5K8er?><113Josz~bX^Jdw4(KT4B0rv8n|1B(Qi^Rj6M^&(=y()W3g`?m$F#SzvO1kMvx zw&sMm592BNUY!u|4HmsEX}bafi}`t?cG0sa3XHigSNR=1Jv9mW0{z0lin{|_iQ{t_ zSV{&|{1p?dzyp*q!SjGJ(QQGN!q@XmDC<6BtrD#VtiRgUjdleSC96yOSB-xgyXRHU=a5#N>dJv>X5c9U! zqyUHQsEg8iybF4yndVQYZ74-rxAoLLj_ZI5CNam4O@lOjrE-2ce8kY!9=x;4om|<& ze3Ii4w$JU-*Tr~WO=B7+Li8$5dwUTDMN%!mRl~5%ZM5)l?udT#-Y#zb1C>5PKsv<5 z=a|8BV-4mxde3}K27~JBy)vh&cu-a4jEc07y+wNxCSo;2&M6)k z@g({W-SVW~m8&y%&9t_GRUPB()}4y&(_HA(j$2~X?OmMlatc((ExDazRLj?GCI>AVNRpQVgE&tzw?yGw+(y}tQ`^8b>V_BJQ zPhg{KGBPn9`Qh{rxR3A~`{hxysWODuUS%XM6EoxlO>u&Y*B^#QB>EKO)yS%vzb^?r z*Hh6o{c$Fov)zGs5~YCPP-OPfOHE|iWN+&U&`p9`BuggSgVu zs%(~a+xE_=aiOaEy}*29kKA-a-WS6&j%Yx~h8>FargN4jz+l=ih7O6(>d!gSyLCCJ zIdx9Oz`b+Wogm=XiY7F02x(Cmy<{DjQXbC{uh+G#>e7HExY~$C6 zQX@u^->O7^R2g^_d1-j)`o3i=P*+4wK1NKq*Ed3(_=o%Cb;)S`TL|GZivtQIt=mD2 zR3)n$a&U%9pq#LU=6O{$RZ9sOCP7i(K@0D#eeaVz>bt56lr+{;n^YyN#YZq-AfdQS zD-#_su`TUCI@+6Ax$5fD8voZjtJUe%KFt5ysy#T!xvA+2^Y7Yb6JtkSmvuwfEDLF3 zq@QVLTb`7Oki6lrm?zDn!WUH&_z-02_f)#2^o{MEd9)5B>c-dR!Pu_~B|;TK1d6y* zKR-uzTiM2ckaSz_T(#>_vUEYm#4Gq8*G=t}* z1PfFM>*!sd2CGT}ls zK?3ra0-n=z)t06wD<1a)ACCrGOMFw?4FPjat7mN$qt@MiRQY4W0&B_^bEzA2>kSr4 zmpi@O)+5GnmF6W4rH{zW<=I^%j83x?uP)c-=-s;?PfnN8(c^pAmT-|qo(-eVJo$dT zhR0V~D;Fvv#?MT%i6CHqmrY@GngY}-Dho`c18@~S{?gy-s1m2P)Ce7Z6dAol0_B(P z4wY1SsJVT&I14g>Yka$|jxcsgHb*&EQDl2qn$Is(-hc-WV|&10FdzEh;R{gXwf94- z3T5UUoDAc-0R2J4^@`Ky&6>c&xWSF)B*KT8vE0?*lKL~V2En$%*oAqg(njk)`P?|n zfQXnH6&eZ)(vPOA(4&%ge}Ch2C@V!AFKS57L^ur;MebRWL)_vN$YO{#7=)54oVp46 zYarPcXJj52dFFtgn~!vbw8e4AT%KVp=nZ-D)9gC1bjYlE(0XPOrlGieh@S!yZpQ78 zYYnK~1w$d{v}_7%v~Y05q-2V-WZQ?Zx)p^@O>=-|WW}Q4(LYz-1nbin&@LjjjG@TBuf^3;^~5Ys>4kh2cp2Qo z1Dn2WIq_l}77O17uC;C;RC7{XwdTlB(eFp?zlO2!Jyzi=j_{L}t)3pErJ`TW6T0l% zhps8?l@=RX=AP5NsQuZ#UXn&ft%kyu=EBmNaD#=lmfj4pNj%@N8Ga zaoh@Cs5tc`-vib=vZ8%^^OXYC)yy$lBqmG$J&mX9Y8t z|Aeu+jZ(yTC=>5A2%S1>WUUN4ieXU3Q+ln8U0VxblclbVXceH!K8ZB1ERvVtv6h=} zvtKK1jG-HEj#WpD%+T^98H`X}u<%KkMQwF7uOH2xKqu9l2VPz8If0=LoXes!%m#-} zRJ=pEV{8i<4N05}Z_a(bJ+)Q#Z3AT-d32SFYFqx9Yh0dUS5Mzc6>0I4#?p3e2t;E&rUhh@UY#41vPymZYr~oV<8&Ur{+Hd1y?YSv$Kve zEFLpL3TC-Zyw0?Evv{OHM(#Q9{)M>8p=?HV14hE}^##CZKsfK>LR4>zHw3w$?Vg;t zr_OfW|8;x&SEmiWkMwvfvUPbZqIf^I(IjZnNzA%SiC#N9+DT#c6Ui%yD)S{PIk-A> zl4OxD&5hMDM|OFfB1$KAb!)~_){#~UCXuEefcWsBx-KkZK{>sDXywW#Z|gH_P!c0< zU0g~LdU$nh8Rji>AlsnkM<-u&DmSm2>#2Fxwyz#r zI77cjEbBeHU&7Mtmh<($D3C`|j*P3=^q@X9yfDYvlBAa12-C}q8LIft%WW@WOAp{* z+E$fWo{Y`V8RVHqQXts%GH-06nM()%ZD#-zC~Bu$IS`$T+{A(k?4rSjAw=-Q)iHAj zPww}4d6x541g&759Q>7>;N7O_Oj6XmmJCv!Lfo{;G_usZSTB&Ov@0#qOs4Nr%Q>^% zZsr7U!ZU4Y#nN^;#mm0ZS?0O<*R6+HpH?-~J$Mn@9M+{uVJcP}CRQnhhQQ})bSRc& zfQ^29Be~MPQUC*%S+}E2ikL>a%De*I8J1M7vsj#(>y0R)(VY@~8D`+n=x!E2QYAAh zL^7=Q1f3m+A>*zJSm?h)i zO5y%ziewfzX|F_UN!<+70vc^B%tpAXIxzU2V@^Cag|O}ymf z(Y3Iqi@Tanb1wrc7df-o4*o92RC){#V7)z!$8ef`7rcBHd~j0&>boPbLHvj z6Byv9XG*Aj9HV^Hl@^U@4OL<64(<2kEc^Cu#p6#l7bzBGYD{E}GZc?;7hr!SkNQ>hS>G zT`!R^qNyj0yx##AxmeZu>Z0vsuS$Y?_gSNjrnTW+{zYrfi_F$Gk205baj$t7fIyelxf{fffDWrOZH@%(7yBU%^PJFqRvR^|SiC&u95Ze$TvyORMa z0ZhR5+17a-wfp0c2DlP5bD+Dw85hg+H`AYeq%3UZvxkG!2BlUl^{LtYE4%w*^`g4r z&IdxPLIo!#CEJ>`-4qN1w08U*IvzRUdc_oX?l_jl4Zh_hhw=vD@}USb30vA{TaS!ChC{ zD>82PPAmd^YEhY<)k9|ojZu=q?*ojA4jV&dxyF~`1qR;|K|>rS-|M_9&;ofu>SFzu z070k_VL@vR#XV?vKF1Vc!yy)h#}fF0e#{u(>}1d54n)Pz#&T@J=b%y!*=WHOoP#X^ zFBb(DN=Y2zXK#qhE|Im+XLgwkkwq8omavU?=7#p<21K`}jZKlwSufYLjq|*+S%Cr@ zTN?Dj!yRh4Nu2cRRfku>j2qC z+21Gay2w~3J@4@s5d!c&=CkcqU_ycN^n6T(FAm`_(xqUHa#jsUkJNz%2(SSvVQ$`17Et7m;^vE@wf}#PqD0Z zXs2iHV>h~SGPe&4EV^4MS1&`=xE`=^MRgIJe!OQeud_~ptv?SCJhlv*KOWfhn86_n zfD_95#oyT|PEJ-fqe45K6IUhFbQV>Z{6h12_+^?Zb-ZXGIkh z1kGqk_42XBe)-?J(x!->?UqVdFuK>A5`~L1Mivn2kIF0~%H@7(X{e*t1oq_{Cuu#~ zWeVn3&WstShi5*SGQB-(eEGOw!L9wIMEwK<0z(J#rIS?Yz;QkTfIv=u5WtF7PQZVB z)0l?&i{)zo!V2W}M;8PD{2%&X&Xa+zp{{P%?KKw&$Z&+u(f0(Ky&pcQuN)X4UlPpZ zC)RBaq(YMq5V-4bywvn*xo}lqxhAZ--UPqs+#mGYoS~v`&D!RhdMvVSG?_t#!GYK! zicH0XaDMgG@QrkwkYY{}?^6zPzICgJk^)#qX%gm88{M;y7<0!hmn1l5_fEhot1#8} zI3FvQyr_~qZEOmBUiGV}j9q|K~Yx+sr)^)RKsM%hiNj+%64aTuIq-0kp8w0nDI+D&p; z@(vx_z5Vr%B^<%&Gx%F-qq(l|4HlMHtp(}WV*5mPh5D46`*7^CUHt9zRM(2tNGNCV zJI=`!!X>xCGF#Q2W>iVmXTZd9I#roX85v;I^dEakXd46{EB|aCVOe9N8edUZTKiTw z%J!{x1$&Bo2WpOTghA!cyK4cbS^} z;w6#NXV*w>t6U2`u)7)c@a677+<@&E?t#2o3(kM7y{Sj(Zx9NQS2;Ls1^{CNCTB5e zOek9@l9(X<`t}MAXffv>Hql>OfSfvgP+{Po;I^F#!k(! z4y&IaRG6)%|JZ+Z<&c$n^BcL@bRg9~R0yylCo3y}gi@IA7d3dwBSHZGY`1*axw#XT(pD z9HYj?_;Ds+8;QKiDJ=j!@)69yG=OY6ay9>3@3GpAvQ2Ko*zCNbdyacw`TPfJxeF-n zQM1+7L}VH4yjARgu^Ha($k4W{4qF~MKajf79^$PqvlP0ZC*xm>zcK`%ixJ1J9spV; zyM`DB#|PU7RfgddM4@Nd8xXPhlINTpIkzY@J*QKmL40*(Q*aBP@o!2^!=P&1RiQ zIuf{}b%t?^_@s)v{MGoew9~#9#dNhzES9X9Q|iXvS}NwsO%z0F)uJ z@c-{#lc1N<)6*X_(F1#c2Z91-48ULkqWXzjj}?*!r9%>;xstSVamn7f;y!3^rwQev zH724AP$=C|uZ`a*-i#wZR0<6fFW(u?Qy3RAr%7wltQgDF8z)*@ia(V9eb#HAy3y9C zS*1OxUKLE(Jr~iE#MCP~T37(QF@Mt{Z=1p}R1WtUfEnDjleIfY1a~2e)UI$v7ipHs zB{^i#P;eWa>tdcp8gG~}55;CM;DSyR&TQ0RHzh`uD-wdE>>Jwc;A@x+`8N_`VRRJO0puGqZAT1+U)EL0tSuv6C1? zFys+UN`0TXZ|s6L8A<^V>`@vjphkbB4`4EKzYuc%4~?>o*o6 zUY~`D$^Ls5dphG63<Ce7x*ejq&1OWWRlTSB!tX3skEw40L?MGauPX6$9?PxVC z3!gSrM1ZMh1bkXN5G_#xZC@yE9BE!CUJ~n`7;Y?K1YtZsxmiIxAF-NYyZ|*(g1j&r zvZA~Y6Vt-nzodpdCM#13jsZLv9(@5dv%m zUsTRRbP==>@~FGC5dUAGd%^ogkxtG-NCExS?RS+2X0a9wDIcoJ%(>dbYCnHPt+A{llA za6YiQL$Lo=qkbP{9Kn#V4N6(trBYlN@JM4G|6)<)g>PDk6#?Qp354bvJ%)aoFu{{h zosj3RiHXlR#8+t@)xy3@NbWc!&_O>S@c|{3<%3cV;YTjA6(W_F3sa8JM=o|HB8`=@ zRE~?7*hNU1FzAd+9TzGjMW#3_%?ASaz7MYdg~0pAg0z5zBeBTQh%{b5={CuQ@|Y|8 zrGnCkLZo#}p$kf}1RuFvu#jA#m0YouT&Y~RQHm=T)OvvSkI;CfLYo*8Db)C~s+w9c z9|wJc^!CeiMe>&h+zAoe?>3sUx38MbhVx~d>ekym8MSyC_6ZYV3gB-klGN*pJcijc z-PAXlD~C@wT!%9WGyX*%XKYf(X=u3j4TE;*@bGn@1}xEazL`~XkW7dfpc%j)5Zn{N zf3UtzzB54l;Es)=W3!kf5oN3)(4{NGJ(XP|1ri*@ykQ^ zo%E#z>4Qm_DCsdSjh*Z<1mlctaUub;d%&&;oo*`|Tc41cb8@pVav-l{+SY>~seD~B zB|i(Rk5XF@!ehM;k`eDsl_vio^B=Niy=KGtWpd_30RR9100000000000000000000 z0000QKpVn79ENfRU;u<33j9#x4hw`j00A}vBm;3d!@ddJ2_$}BK(7M`P$}^1Aw%Lq=q1;EjmA~_J4kV zyyx5p;Zqu{xMVfJrLCmhXZOw~o_Xp1cO+F_93qruT2&Gbh-_$s%6S_>?(QFg1Tu;& zsI3HIOsL`cZT5h#Q*q8fN|6eo6%cp``ROObHL)??*fLeqFP+h=(X5p%NJ)4MG-cG(sgaeLH6Q3gG{Lb>=YLwH=o( zLwOjx@dO0pA%WtPgR%=5T@;-2BSb*Hs*^7t`C;)I7zWUqTtld}o0@X|qaa;CQ zgFJ=)Z%$j=ygkpLi7bPfa;@ELf$4Ig!r)S%e~JIS&DVC%ym=qO*XB~;A6BTB108S$ z0F}P(O8QsND;a3NOtfY>_>Bt&fhj;#VMPi7Oz-K_ao2>W&-6)Kr0!Gq{C{g@_E#9^ zMFG2g5h_Z@sOqX7s+!66*32XWfq@Xz0`&%ZCqV2rQHjf2)ewf+AUI@qcaDr9VFaPP zcTm|GpKSc|Qquujl@qDa0oJro(R2y8r0Yas6;6_yeM;*}L|TMJd5jc5$WW7$7{5F) zCG?9IAvEi-v<_?7e(tVq_C+U#7`2#dS;(>wV($lG)fSyu6WoH>z@670@ng7UFeB>= zmX{#@FD?Nf4*&@9h&rfMD>P~hTCoCcwi()GH+0w$=$I1-1Z2%Rgznu|CukpCEe)W0 zwp7)F{NrtH1R)xLf_ep_0jR+Och9!G6LH-aU?B5Hb^&19rb#!{8?`|em=FP^k!%GT zL@(zPWCJG1(#18cD@U4*@YlERef7@tBVm-B8%kcdF+n4VmQcogQ7(I*c8n5cLb?D zG1+VuhlA#FF+3iQ&nE~39HEdT5^=?1zEmb6OO{Z!Y>_;9P@y83iWMVDl*m-76j7#3 zrgG(C6)I4wRAE)C#;Z}oR;!k%PMs|ES_E3P@{F6pm^Mu^XN7N-b%@Qj$h6gN#6gFM zjyWN8-g&wUE-+knMdG^a5;xtHy6v_Mcig4A=N{R8_bDEDK=#l>ibozxeDa9~-C!Yr z6d;Yq;;=XXL}(NmLTGoYEBx8Z-yvYA46s5X6Ih{!4xVV<)|~gG4zoL-oeToB`JCqn zY(;Oo9I27&mz}HV(D5LB6V zpDjVCu1Ge#THsfJ%1SnJ=Cm|R+OAr&{A31w`{66M$=PR>74#}yD`?BY1-5ZeDd$LD36si`ZUfm7dSm(yo0Udr=prw2v*KN#x1`{( z@){6hVT%h*+}?Q+QX89GAUf8-nOt#pX?b4GEIW}X%OHNX#%T3U`!ro89MMAqa8SAB zdclQ1NirT*%XS?@=*nDt$7~4~+z*VwZFEFm$s0naC6`<=x&EstBia)Ac2D;j__iK$ z(k`~=UhH6Z8bXwam$QU;r(!E_f9WX6W~qsK;<;86zT({%g&VE70cM*odvr zMn3cSt=`gpw6+!fzVkkhgC|{X4zFdCn{*&%FBZT!uBy+Ddvhg`9z=?v+u&%>j3?OKjSM?u}W2mid9?|e}G0M477B=b%7zG zlM*&1*wmT%wE*1qZIX4uuUhX!|ZSkI-aU; z6xMNyu}5_(lAcs0e_4Q$myc)L*FjVV`g!Oqp-UB(K)BO9ae|}vd_J(ZHy30r><7;S z$rM@jrqT9$Kyb1nsf$L29upB6rt$WOeLoc&$6H%`kO#Y;>P}W6y0_Z|%<&c)3s(i( z*DR{41=Aep)_5*fZmn!pV{S)T@2B8o~=#3BY{*UyzlSFfLGEP6TSY-*J5 zwnwdFP`zJH!`y=s-L$tt3{La(!V(&v&JZ)@umRK6ICDhjxgy!%%*(Av&Ri4p5F|E+$ zwBga(b=A^teKh@$VvIN|#9HN1R$E8udYhSKWPjy8vsRrB@xz&Qk?g7u%AOcq-v zM;2G!hhAJhIZrm-Wa34K@{@gxz`!Q{aIrjf2MrjIXtbI700$6&MoMSHOQgEy3BYe0 zm;!+3I>@(r|D*xX_ndg%`w+J^X>E83opGA zY=&qvC730_?16p>=1fDFIWlWx{Wv-{6 zWJglX`X&S~mI?xuBG8Bi!M-a5T|^ud$$aE>(?yytT(xP?Jh1AT=O7J*w7{Ty#;74k zgNUXd2VBX*C|bS*1du)n)}Tp2%2lHhpdrY}B2E`d2*WaxKsg36x(hbU10ey8tUf#3 zLXieV$^!)yP?UP1l!Gqdx;pS*jCm*$7+}z`ocqQJwMxy>?H`pDV)Ju73CN%1I7xu@ zEXP6uXrO%63N{)FMgscc1qm0^8%98bA_Qr`VmvB5RRbYRlsFU+;7=GXR3tpI2NPn9 zl#}4w4Rj)45iwpjHu+&8*Z%*`aVLZSkM*~;HD2)Nfto5Bz?WnBeVe}pypxaaT!R;| zF+d1XFa;1?sJ@lur3JW<7>qNVpe-?xU3Bh869SHAOyK?Kgp*D=?ToX|Iq!mtesam> z*(n|dxa1+2U1q^}iy@#yy!PaD5=S1Sl|4 zz)=TY{Luv;g9RSqM)6>xlT63}g2}P1UIx7OPDCOWFb9^6y8%aXu=0J9T&z{Zni7LW z@nwOMn zASlCrdG}BW5=J1EN|7?%#{1SKk9_nMCQ5FP^;GZn{=HDrCDLu*^+TWdnLqnW|4eEn z?T9JyXFQNZCyoEFB^DBrQ*-kgXN~V%_SmP0lGCF&>)i5f-`_JQf8p&1%J-?|Q2?bK zZQn7HfPeq|SKwkk=I5)AzXCk`{IKcqg~zpzH$AjJRy=iYdtu*h=9J@;OZWet6xgFahmlLhvDsxkg|zxl%w$Nq{mY`4E` z4*(bJx7Xib7JKc5XI?tsP#`ekkq!Q_$&mzsr~dSv?*jwl9JV#1z_%XT=!1_wSt^%- zk%?I*i(gpTIb_L}!>Li5YBhXn)v5QZ22Glc)gqu>D;vKRR$60~)z$*UEI_UT`~b!u z17_X;&@2V2695`OLV$sT9W*>LmcC9EN?F75dkHHqu;*ntlPa0Q3Q0s|R|&_2{1EoI zfY<@f3^FbR&3ERLArSGs$}kLP?XS@c4k*Ybl18Lpk!yH!s=)IzTy1$sDeEG_aA&Xm z?(itoZ7>31s&ZR+Y6e|`TAr5OfHNjlF5E8bap+ikHtG5(kDjPKk99B5wXS!L!`@Sq zspc38cdR1u1DW{X+dr<;x30R@y5D|VoDAW!v)U4~GBd}#hD-`N2@y@C)M@2R+J8_f z%=bIxT;ERCjcLGzyMIgxkp3arOh-O8%lJhJt+52uW{%r+{+?vQMHH$M)j@Ksxs??2 zpnu~IH!8xKN}|gU+(iR1D@>%l_-L+aDw49Sq{|x6`q3*LTePD^Z2*;Y^2XG{9jzX- zjGYB+p_?466o&%UeJM|q#$^O7KmAA)7`&}o0xRz0Z#?!Hu+d&n4T!=kBS!rq^`5Tc z=P*Y01gA0~Xp>wr)!J+{*&bJsjW(EiqJ&GE3<>pyG?gw{ab3A_Fc-w~LO8ueZrd>| zP8D}KNNq@sH=I%!=5CrUCn->%q=jtVSKk#Qmtjr$ou7C3jlS9coL~A7ze<0E1)EPZ zy$x|cXe3>%FCGrmLS&Zfz1$VDY88+=BQ~%rBwUbOc%AZ9rht0KKPMe%oTO=3uVy5s zXJ?EZOPa@&WLW`;btW}oqOee#Usir7ACe{6fHFL?-=j1MtJM^HqHL&fK_dlO<&<6> z6OjK}$Mzi>x;P!TfNJ3azWxDX)Fxj@7zEPGg||x`hqSenv%~Y0t=@4s$EvVs^=h2t zd0BYBHN36-OqNnfIX$(tv-xkFq=CKl=Ox-C;b`f9ylM_3NkCPT8vO0!1$HjYT*%>V zKj7aQ9s1@fNtu;18i=mcRc4ffPCz)o>qv)ksw(>~MER5{3A&i?O-rJhn}M!PK*32G zlw2!glY_-?#v%#R=;`H(o_{6(a82)K{kd62AP9F)wY;XBZyK|BW3ad|!ds9{K%K9d zi-kxq+;#$?JQD5F{OP+s5TPWb_*wS3?w!&SqWDuBSJm0hEo~gOgd;#8N}dt{c2J-Z zQcZC|Qe3WlR!33wBjdG*coP&kN})_sHI#~b?OF<$n)6^nr9@lbW(o??a)dG{B-K8&>1TR1@w$U?nG*;Y(uf~RuLlSO7Yhk&T z(dVc#8FZl`C#+HkGvJ{W6kUfeYat)dq4>)Q3obY`GoD6VAsYHJvM9$RUPptrYCdpB zUujp)$%MGhw|L1L11xJDDI-9I|-Z6rGYxy!O#Xko;dN8QZZfpSb`gz++ zt8zeHVesK2+}Hn>!tIFvuBpd4HaiflizoeQr4XIGS)>+Zz117cXnD;9NhW-*pM|)Y z5_}ezpB1ABH@_tN-dX>0#M+S#CFv7j0oRE+d*nIn4-)pBq-ja-3O*K@;|MoeFu?{C z((Iq~PwhoocUeur9%wyFvb3z!KLA;FZ1ICfO7Vr{B!AWC;<6={7*QlLj9*fv*5FJxV2RzR{<^6$uMlKz>@4;z`oJy+_gOQrhV-oxw#=WVGiuQ8e| zu12jI+Orx_2B0tevzuIfAzkL)^Se_`ht~ChT}DE~nq$2>rruv~Gqd7ObDq*^`-_X6 zq?f4OHihf!{ba0!n+vuPMfI6f`=OGiJ5*CRmS!B5;NKrdK7^l{mNt=5SS+m3B1N7hr&rB&f!0SQmo3WsHIAXp*i3rj25=k{9d(W}jCgZz0I zW$N`c>#^2dr~bib5ZaneK7uVtXhIX3P<{94f4+j4QzvhYJ&yFjAa>bM6ioQdJEX8q z<&110uxq-RVZrBcU=AgImt#UPc3(gQGT{&v7b8cgnT&LkC8(36FbaZ5&Ocv&kA*ZL z5g`%!5=JXg5O%n0%;wd3b7*stCKCQMbbgZ=(O@1SErA+Iy5GkIfKwG4R?S`4YxrlNs$8S;=@kjy;GrzJ}vOU&LHs8Qx|J?CFUDifw%o2?jK!%`}ki%K8#scuKk@fWlta2lP%+XVa5TqbQS@vyw?Oa>r<5S#1=8ZmPs zlg$WrLR6n6XZxE>Bjbtg2i#Ql5TM=*Xsh?SVLN4&%CoUTd`Ju_XM5z&5@t2@^(2>q znelO(=^dzcjrjS*$$~$kIw(LMvJ1{#H%6gJ%^yu* zFYcF(Mf;3-hnjItIZf9>)xoHTiUY^d@vOb3S%cAoMMWDJR+bmqt`qAwi0%1%$(t^( z=dfqQ+7c)k0ng3<%zpbF-v0x%AKUO(_xag-jcWyS+38mj*!myo>f@DqWg<6cJQT0V zRBN@lV_8PeG`%#G${;2gw&ZpdBo3$Nf?{OOOiRw7zrnerKPyLBA%@vXrZrHxCK0DZ zQ<>LfVm=LrtR+)>Io8sq@=AA;8&x>c+|c=f z8`;cz!)D;0pZ^)`AB_AtlGE-7KO-}%rNnE zO<%hz+ETH*Uqr%Jn$ubzc{yPvv~u+FYVw-?X&*_!_7DdjN?KO@XZ9vZmO&Y#98y5~ z_?qS7ty<+gNHThY{6+unq;<+UkUo5z{3Xak7W8FjE~%@}9PG0f*s=D^p}M*SUrqAI zYi)t@a+_aUkUz%&u=PJSwKDW>hgI(l@b%dba!j2*$zKW`$gA%UZuRMWzWPZxa?QL- zilrvDXXmV?{z;tDw9SL}+6nAf!!=wTb_cNaztxYWY4h!-jAFw8w6W(+_S-V6{5zrW zq}&Q(kgD+lLT)85kIv$MPatyFI;o?-q3Z=wdA?7gOKD16npynk-v`D|@dMDFkTyJvqSupuW*9opa-^p~YtWU@3%nSZWl!{j0G&57A7Y=UR#s^`!R zOx1O(V9}4W!Sv4Ai@Cy_(bc)oKy>v&y|7m=oF82?2vvqxd%40nf!QNUW?Q&b3+0Ae z+Z0TI9JX&&Y)I+eSn(6IOFJa#Ub#iP-?%~5H&Xrp+L^Oe(FcydId2^tO@AJ~DgoYlrt6#41=W@}zrrza!7gORMaPIGbl z&x?8i7O8Jks9JM!je$0Wj&C3w)Oon1BXYtEMY-m31MmKes(37;sHgy8owHfOQz;IBwAwHZ}|EXgW++P83~1f!d~$CPhNuS z;3^DEh`X5>_jv-efTc}Tq}ofE$z0@tdPm(PRI0?BPn8i~C!k}Z*jdG8a;-$0HI8RK zL#SmleFQ=ci(SiV5dVV1G|?qE_`c1!_zOUNd|*d#!Qo7fINMZLk~Bb;o+ib2wmX3O z_`HSCiW6&goHr%93uV@2MKuf?fcjJCYUqQWD@s;zm@uu}t+zR&oyW7P)I1B1 z&$XykTq{r=+R`~6I%}dZi)v;B^3pmy8B)@bC6IlAof<8}W{E5I>^rnL$TD4>Kq;eI z+`k0v32b>vts3IcI}z%F)>?#&*x^CU_#dZ4#-9<9z*VHEn(k4%v2Tdvn=w%*uP(i} zzLTx@<>jTi7%$cN1IhSQCU!>2-#^UYYio+ZS1Y#Hy3XqSmY~Qf-F+Q_j?)|(A$;lp zx{h8CZXmPUB>DEgkiufqz^BeI9pafe5$xaeaZvesFxt8Znig#xRK1?F_9GY^_i>@% zxii$52UUfeCrh7CkUj5@Ir&WUN;rd~yPd=5A4LZI@2R+3#m7zlDffcpiJQ*}xUmK+#gjymE zlhdxx+5W3v=Crc`!*Pi>5@@zx;@=7Yeg(U@7Y!*HC0TQmXTR+Ed&;$O*A_uNi--1V z2SI>kN!8_@BaPL|m2EjP`-jthR zaiFbaz>v3~x!E;$k=DDt=Z`6u$6a0o>)GCpS%pb;(S-R9htTa}fNGvqV}Y>2CB3%S z*emhB5*2P^3qx1ru<5-4p58s~Q%phF3<2?4c;7ay}*5BwhOCoLT^|3K1 zxjaeE=dm-h62b1LX&2d?B(p6X9aaFtCw7%3X87dFdb26DvN$=3&|<(@H_tK9Re{v> zv;E2fvYs6>*GN}&D7IVHHD{&t)*6B8P}{(EgkjNN6i+=X2S)P^ABBni* zT(e7ie`nUe>BmF0XYBwv=?)RsPt6z%h0Y<`IM}hM$loFxe)o}lm>h^^(?$PzJQy*j z1&`lHZyuoiN5;4@ICNy3u}my#^jb^^u!+Ug=`HXrndOJp2`xm)8Y@CWA#4Q{|s^~gW|tqE97ucqCwTP%U}0erZ|`q31}ERHJF5b&r{cC&A-dJaqFYx)~gLQU8dt58JIM<0T92*xmDYnp= z8(Z85R=wzOvrTab|2V*NI;&F#mTb9g2vdEVRTau7z(N- zZPqT8=ZxvuQIxDvw^7pjtr$WwXiOH3!Jx62G+_CjU<;(GAUI8Oidc*ihFD@&=eRpS z*9(*g>KlamP$Iz>C2CQ+bC8uy2$?@coDttSu=GVitg3RwIW*Cc5WiKDWoCIra;cLl zvZT>(f4gdtMD>M%VzN-nNWL7A=FMO&cI(^KizpN4>v0xCEG6t9^N4x>E;-}(#-G|2 z{HQw^%;pR9=|+9Mk@EHA4mUCwo_UHwKL)Bxzs_xQNx_FGV>_i^QI|0v9F$F+=i8$7 zjf-spG{_qM`tvxzIph01ce&`9<$-fKZ||lL^O-FEemY}6pT*=41LW-7`?=u!zKm+! zgT6kGwSt>2Efd|WuVbv#3uf=zH<5Xp)YWUUvJcNRPX=%;F1}{3`mV|jc#G}T-&NbM z6@xd6HTSb=It>wT2QHWmPg3it+4nU{dknFd%|clDsp0~tK%B})SlH}hV$6Ke7?O2| zPq^JpV}eYYu2vS?N~)Vub3dD^SCjBIm=YO%J};On93uyuAgBFM#9?*OfS(@*>ttjk{tTUdoKFyQ?GKZ{j6#)HS;gV6@(%9UHKp z*dsro7$k$8Sit}@9QOzAe?b{rCHfkxQ|Aq^^xV^+Jw(&abGwqd?e?TDx3itA(X?~j zd6F)hUDEA#we!@9%r>pQJ10lq*`~=fw`=sBHP`NTtur&lB@h)T(vtHE_+tLmj)qU4 zx&i`M634;G!35d^Dgt;Rl@&^oi_+2(F2iK90)vstl#U#OL1Ri~7MNdr%*jIPBMP0w zvMTNo6qT`K9wU+e$Hao7+Nb&Xqx18hPL?+?%45|KT1_wa%L~fFTA-8-I@ty&>_8dV zzTGmNS68CwFRL|d>*-pjE^b&=kOCzS4vh;j{OR6`s6LGF{ z@H=kaJyf1Hp`M&2GfBHUEaj>$NtrighO<0tQlHY!%tn7CI&PPt6|%^uEX=fb#Dtw_ zb%GYSVvl5c@<#g|9ye-(GiHO&R}K}z{Z3CQ`bb{SS0hm}wq`N+ful%++h1Ppt~VHy zQq25@Y#h^IpyP0K{pZRA8*zo2sn;gDrU9NjGriP9Cp?OaVFjH|a}=uWI;9}PHK)A@ zj36c1tRaOWgD*^80u0#d$wW4oS+?rpcW)@ZIi& zqh?8L%;ETC_ECqcsiedc$meuLur+u8MJ33vV^NoTXj+5`!&Di}mgBh#pr~6x_A&nRGN>Uc0gN@xl68gJF_#>Ah@xm&O#S_uW4bzDn4PFD#{_G)XS z4+z~qDjdn9!r4tOEfli3X6B?})~TL7Y2rDfr5ll?|nO_}i}|%_`9B1fGaC!?D6f{(y%4RXT+^s)mTx~vf1r(UtPQj+-VSg91#?MB)+goW0|2A zxzWO>cg13P|F~Q;`CwAX;WFO^68I}vJ!QzQ3yX!2jzc$js2YfHXm1^mtN4Q=0{g1P)f#PhPaS0zGc1 zZ&17A_rk_CXZU+fE(E3mt9d;+e2h@)hG3)0OnG;h;Bw9m81_@c6;Tn%98WM}#Gp;0 z{cDXZ9C=u;0|Sl{RtZR@-=R|P&}%YiNFmN3CTIncFM;SgLhP*237rm|pz$cNCLy7Q zDD!@c8AwuV6p36-np&MSZX#7w(&$-e^sH!O0!AdydAw&5@vp|@H+0l=6lz*j)HL%A zF&$KW*tTwe?3iaa1YTF1svw&rsTK~ghciGG063TdW`Q1bI_L-90w$KMShE!e=z1^@ z!7X66B`dKAYXM$MR$|SVZDe{P*SzP&k`-&QK(~OSmaN1Yyb6~1FON1BEnBr2n}l(f z9@3VvXgMZT%>x!K#~k)H(lnekZ&xf@wi***^O#t)9FwFLQNldIaK08e+T(iesAU=e z&eV(GZ`ySLUts|d+vo*AjjV-Dmb=#gxb}@3tLxuQsaZznW!|e5dWBkvl?1YL!N31e zYn(Nc)w*Oh$BbHUt!MS@3jiM*3}|>KfH+e0NqtJ6#*a>`(XDP(YopKTv-+GquP^9} z`X_x!UG{>(&wy7?^qZl;ifz~;V0x2YK=H@?JgV!7JyDgrcRG7jUgwj!(e>2+bGo%= z)pU*#m_1|k3Q~>eN zguNQ|1z%w$;9jro;uId4qxLtDThDl{)y}+W(xc$-N`+m*2E>PBm}qTsG?oKAooEGO zJI%wkExipb1H}H6+(+&^PW-8kC(LMV1~M_j5rWp1nx=uA!Qxy+t{*w8_mzI?oS`EG zXuFc*`IjW}^Jq|3@2i>4>^xvu6V*WMrg_J)&3&~SvXPn9K!QKf_Uov517>yjEB$n> zGZcOErv^!4(~1{fHsrq+OY2e4QvXq>qXRhz9|waxR>i1ktHWryPYv*dD;#t9V<>n@SjbNfUhYQGu_?paKi_bEjCB5BVY|eR_3=51=uuMCr$m2KT=VUx1#Kw#6Zq#XnX$f2o^PYgXT z9i#X!1crD8aP!rg0PejJNdIL{^#1et=zjuq1l7&IAA$Z{$C6zbOz}C#Z1>4>2FUd* zwuG$){EjO^O9+?oM{8Z*@bLZ<+3KqVgTJv#sdEj@~LG)mK29Z_UKZ@09%#RTe8NL@w$CTeqPec#M&ztN*& zGeJ~SD2fE(RS3Wq4k9uXgvSL8TcRpsj%|T`ik78Ec*`}hHV+FKyCRs(IyLyV`C(=r zgl{dIeUUQeL=)ItC72#TZ98Rm-yLI}`s|IQ=}1SnliCDG!8pRhn>vIY7r=H8?0JXe zP`Vthk?08qBmj*VV88|!oCl^;#mwEpHB~FKj7sjq;3OM(~0cj@0i=knsgkfHSmMn01aZpzzqjVjZt03UOvQm zPG5tNHdr&GAG48A!a#^{#7;n8T)ppr|KmU)vrb|VroKA|MZ z()f^8pBgFcL5YN49#|+<8b7akRSKy_I+H!OB;!gYD^deH3I&pPNWPI2sC)OT>1a5l zF|c#R5eoYAg{Ww@k~BgdBS?5Vq=@>>VNJ?Qq{~ZdHGWq#YZRl{qWRi*<5KCXvD#xg z4kP%yNQPe|{s(HGT=EqtRK%@V ziJi_mZI^Nt=BspGl{3z{bSCzp+O_b1yJEK*3+!>zbvO9D_1b%NYSr^=&}fY&V>N3L z(56+p4!3mb)@7VtJ=WT5rU}NIXp(o1c;m`2p`vP8EL04XSZEknICyd5BUm>~%XVDP zmndTpB-jqJ9>qFgf*f?numet5HRoGfZ4+sq{eJY322!{TDjsE`l~Q`8$}}^~HcLOM z;QXRQi-8gg4Fd}YFHSsy1Vkic6jU^H3`{I+9ErGi_ymMmX;nnTnc}!nrdkw9`W#D= z-j=!F@pKg0u-lk0#YHF)6G%GtA{2(Q;a3dAqEr-%Q*kUw mC6gp#*(7CRnle#KqRz!KMA#jQ94k%OZCcn3>wg;b1_J=`%zc*t literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.eot b/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.eot new file mode 100644 index 0000000000000000000000000000000000000000..e4aed0bbd4487746ea16785032b5025722fa8b3c GIT binary patch literal 15027 zcmajGWmFtZ)Ga&=?t{Aw?hNiQxVyW%Yw+MMgS)!~*8suYHE14!dmuPOzP$Ilcdh&H zRB|023P{z0N(#RjenT?KP47G>mOtP zPvi2B^ZJL_0QCMLUjI~%{}gWjwA=s=00h7b-~)&N9R6WG|Dyd5kIX58yGuoj*^QUjgZsu-0@lJR{>$$B##0CGiy(i%DQ1C!*WBG_G_~!gW$h>Bm~l zWYo?rM{k5r{peuf5VqoWbvO#-Q)I5NsXC{#w2dD=&Co|3uOWc#K3~A)jOZSN=Q+enjMJ7 zH?6~WK=Qp4!*X>(7j>r$I$X-S?r@MJj!`k`$FvqXrdT7n}c3!lVz54x?smsPYf!5|dNyBCS5FdH3z3>KZhe=FDM=G<*H_vaS=P;v; z>*K96i8YC{gi(5y=Dj^-18}b)u+*O-7CRQcWk3He%+EiYGj@rf+UyLgBC2J`yYwg@ zf+tf~4eZG%N6KsnuL87+Fsj9&hvmoq-3-;}aeCu3k9HWiE*ScH!M{`MXGYB{e8W=Q zRh)=+yjI(5+PiX>ACn^1`cvNDz8?aiMk`d;F`;LDlo&(#{?;^&xW_@Y@}P+WN}d9` zlD-nq3{~$MKE^k--4C)V=Ak<+3FxsZiTD)_+U!{HF)5FMDXnII)B}Dwjlln=`fQ@# zyWOcJjl-CTQor|DiyXgJWZR*`W$9vBr#baV-?fJZ{@c!^Camr);t)Op?}15hWh!F5 z^{$JEmN-|e9NV9|BNoa$qfT~baup5ObE_E5>n<%mFHc6p{c9*yQ0|emVVd$Ew};E+ z^mY#@im?=cjvePeCusqLZuv!^e|5^+hxDhHB#6bBYpn$!RiIZ+Cq?&MnVN@DY4F<| zP+UTP2vm8~7;cR*VI$A=k+6cy<`~+i*SzWWSqg~*4%-YoO&sQckE0@(P!ZFa28_=Q zrVUzZ7^Etan!K2@;p3Z7WKV}x4Vn8Jyo?utPz~tCT;^lW+|eiAbK`V*xk^{d^Dov& z!xk5r7`ru|StEE_BhK&>6@P$IWpnKlI&j4Za!~7VO zvpj!`7wT3T{|I1-;H9DP?+Mc;)sHyH+WXQ|nu;jrHXik34@~e0I?50Y1!{`s{WLvG zatsScO}%9}z+=g~0bIrE*FYXn0^VOEw$o~*n&M_(ToY(OG@zm zasFT$ikguiE=^nH6tB&>Qodo>Tukfl;;q3$63^2NDi^VV*{6Hh;#-g)2r=H+@E`|B z8!;xR!6ebboKTsy*<04~v!O{6jqBlvss+gf5q!AF>Y5WV*|^~APSRmQ$($P5{@P{_ zJQJdvUEjHa1i3$fGPWst%e#IFd$s;iDlw!1M!_4fFY4X}sUg?vSnQv0$Vz~SVK|!m z3HYUD6imQj2#x{h7ibXuz3(I^z4_Rh+DS@Ha@zOii2U~J2kNs3kzQn~g@=9+OGFAw z<;p9=$4skjXFk-{o8(quS{l$h=Z5ycw4C(*ZP-sL9klf<7K0U9R#Jox6t{Z`Gb@XKT6t=s3>Qr&ZoNytPo7QDb8o9u<;}9d z>!U`&v18ubwIbqa!1ET&7Z7mA{9^jOJG<^rvY6yX=Ao;L4uz8%|9^4BFVS-%_Y2EK zyE}0>XE>jccDrJj+~LlamDG{YbcZ8aZY`tBm#Sy zXBwcyT!=+zN$Z?zN+#E!`Qt$WwUW1I2<-@->?ry(@}hsvT}K;Fb`Hg&E2?-uo(^i` zLSAID!Y!Tjy@kjG1EP65o~R-8*Lz57>|*$p0>yw>@57HFAycOFU#QNMD|#kwnSi+T zt%Hwntj^BHm^gm*wx4;>!8V(*)O-&pNEQ~Qh&+$AYpa?}(b_1Z1ZS6LE^5w3U zcHCJcn_v# z_i)5oBI5x64hG8mm0~__8dAaJTWu)&pHB4=iEj^Vh7>tYY;{~IOqMtjnX!8&nxr?EcU%axxlP0*bP%!q=Rs-bf0 z#VukSj}*cSe##qCbkGifNSczBlFV?o=aNIq5NZjZ^3h^~iEZ*;JU`3^>ki@6*sS$> z`mVdUlb^7+^KM+F6Rp6hW~AYvJYpKQGw&j_Fk-Gyb0Hf9H{cn7WN8duH9U%x0^hAl zo<}hDDOf+;#rKE{AiZ0C&chdctin%MdGfwA4zI}ItEjI3-Do=0;?+Up$D*L1o5e2v zl14(f)Gqjn>s3U_#3C2-qGLfp&CZ-EyriR{n)CVNhXpF7zD@u8z|yR6a+2=yrW&d4 z>oI+^LTNH%PmFJA9Dg0~x{HTtR?ew(s{iax_d{GG;4~*Nx9E?Or)5ZnA03glVsyUq zqT*2k6rCz~A#x-{(39BK^yW^jMqOmT+Flzk z$>6&jwK=YzsFb>Uz18!$lqhXR$6e7vACKsNWO6&b2PRDx?@hC2UQSrnL~t!7b@Vv% zE*v=x(i*_=E)<0q(xUEoDfWl~Mv+i7oWK1<*q~$5b+k4v;x#X&)8OW?WN@A+&D2&! zM_J+891BG8pXY*84xlM*u`4O!+0@@6&qf@VucE}E27xMl$BbkZndu`o=_SSG+5k_? zP^!{yP(L*21fquV^>;Efy!35%loEqx6m#w$C>qmxw+RFas|(3K zMVqJe(c_;bMis4^!fyqA-8@K=yt$QOD}t_y5~odTvCMOYE0K;aGJQfNR1LMTkyV<$ zUcpw$uix+Tpu=~eBge}td%rd-0#=X;F$tC0CYvtJ=y~bC5r5nE|IS&w`nW>ur19le z_@jE->d_Cg>+ro=$KMi9Tbo|3f`Tu9DcryMC;g>;3vyqN{eU9DuM?=g9!stwnp^vQ zk_1gO61iKKoqo@xp&4VACc_fCMH7YeE6Z4}5@||7F7{_qNKuu*m{EokUj<>tgnibR zXx|xKX7Vb=C?GJTW6jW<1{up zjRs2>7V!`hUyI1`F2;0h0uVBU@H{*{SqhCV^#a&A5_EPnEHzY99;EMSq?)u3yz5vI z4_k@#O;oEjGC4;MW!{RkeQ2K&A}9A~Ewow&%GWNM6L54+t`evaYK$8RTZ=k-W6+oP zCd>)<4-|MP2VLi06;&AcsZ{$F@QZDE>vB#_HOI*Ze9fM0sRq@|37ajXBvD*%DR8&J zMcJS=rk_o5d`|jC86=8VKkU1CXTjd~lXel~LBC`owPu}<-w=d0GmApiKNpNB9jzcE z0!EJE{5E(~!_PNV&+pwTp2nLF3VBxiY78adZ&!(Q%VEaOovzGsoGv~IQbeY=7j?AR z1bUt)R)Hf}Q<$3e@@~Sut?;|MDHC-oz)wbypf$S;A+r{5muHjFd=Wfc=xkYX?W=_& zc`n|+BJrJhtZ)xG@g`;Z4dsha9b50T1SI*qD9B0y5a9h?z!;c9ux+RlygWI+S=D_E zcb*d&3K=>xfYjdrMgoA*-zXOdQ)v92 zcgS^NqzT7DN+I-cZt}n#vJD$L~6s)JX)n<=ZL4*?zN3`dT?eexnk zqi0}l-CwU3M71WYH(-K@T1~2QWrHOnr6h&F>%jQ;Q_DLPNl@J#4&|?@TdFsydNA<9 zl8GgH;F84mS$v4Z2dD8E06utsGYp$`L$OawxH)MaR>qD&DxZSXEQP=9Xi#uYY* zPI6Hx9$?$T+SwpNuc;20U7p74m3VTj47DCD^BWTnx?4};cgvU8Bp56F%^xP zsew;4I*5V0^`c2*1Iq_>^A{T)whZH2}}MNGQe!#`^&m5SIta_2{1!q!cg zR-)(0lQr18$Lv>etySpPD)*}}h1KwS344=FF|xn!ZOddBZ>;B{+AP9pT)RGP zg6W%=V#D_7v|WCQv#pPVYwn_6N>0gWYCiJsZY{kXuuacuVweac?EHu5bTW(}Ja?#h zdL<;1s1+okf^vrrsvTD(@=UjRS^FiMqH6LO->7JXbcVmH$ou+Xi;I9V2ngoI>AYmn z$@r>v>r!pC%NJ3UV*M6F&8qQIL(_ssuU z-sz6JURK@mF}Wm*V!e@rqPZ{>S~j%D=!RAog3czW@VU6zH0lWoV+3#|Z_t5hp~uDS zS1>;lCw|~3uV`*Vam16>Nl#D~5eM~8_wS$Pc+M^1_vTU$?UC7rlauhIL~VhX$37CWstZ| z-icI*u?nyHlf*VDLQN6YRrm|>tjZ`8ho&4e{A5WB$&J_TVKzMW9e%LuS`BFjz}`Er z9Xqe>M@Csq$8TxwxUO2w6m_m?byX+RS zOF>;DO!Mx*Z52${eGs^x4*LCWgk#3`6^Eo_)N|(d3R@lQo$6z*0p+$ z#_A%8I|qo#hSMR=hbu>!d9c95-7(pIhyFc?LD@KSgirf6pVvCRrjQc83$$b&D0;o^ z5o?Yp!xK%?VqDVhJY0d{3-{_oq#UCze(n630amX?SMwv5cd0-xU)Pm0z4`#Uq*mVu zJc@=F#?LPLtFOZ=w<WZ=75hqo|BnojW$W*A^GWLxr>nv4B1Ox_eE^R`?xc{dL)RT z>6{1x-8?v%PuU5cY* z3-6O6Zc)KE%rNbVA=cfTn1j!M-OpmP)0wo(FCZFA@W1d(k+q)@ zcAZHefLpa)X*4F5i-iGn(MBU;n+&JCv=JqMB}M9x4r1a5>3v56+tRUbea&CBC>uy= z@}{Fbh{H#ZkdtDPgc@cLquGQh-!`xdbQa|Yguk$A-T-e$OKFl!)~gO+*q^xsqr<(M zD|rcc(dRV%zOB4x77I8BUqbf*?q-1e4FnvEn5hODnfm}}PPx)2ijWSbOS=n8sz5<5 z?Ql5gR~>Tw;jGHgRRK-%blU=QB6Mo)m}aXc>B>?T zWonHr%8!^AgQJ@aq+r=nllFz=f#(~#;o~Q`Iy%}a;>4Gy0V$CUXTKpC-_8M2gvqDl zbo;6Dl9Zs~?AnyE7o>G;R6ex8W9hM0$PNr;X9=Pac(K!dw!+Zw{ke8sRm4qR*d1i{ zyWyAr0GwQwbTcX#M$HoXJp~j^8U3P@a6KU;@oAHeZf3PFJjN9owq0PA4Xc%4{`KdP zt)R9JS zZs3rIwwhs5Yr@2#W5PDkRKynGUYClin<34Fg!>tnq*5^nd6^{82roEPyGMr_LJXs= z=y!~|s||ln`?J*)q3OU^GQGrMr0Dlc_WkEN2iki_3v$B_%|Z)tY9<$fC1AiWD3^99q5$pjJL3t z`OtIQAR{xVu&)o>;@>VY^U4`fTq&=Q)FI)TCJSnJzasKfDkO;u7zxf&Y*W~6RU3)F zM#w7(Gs?ToB|+qN8cSUMqKxeBq<+xipXOe!)F z3ba{Zq!}*9WF}!5lYx5d>R?F&N#t-gbt_2uC|!OEjpkTZ(c04S$VFt~51(k!-1^en zrJuvp%L;EM50^5i6e4Bf$}4=oyAo);(bJS6AY!G-o$_FP7jv7M;XeQ5==wDj+%?3!Wv)%`ogo}VvW%><2gX{$g1Q-=RY$^Ob7wZT zTMMGNAZMPgksBIG2%!mzCU8h5nh&2s3#B{|FsO6NG$(zV@|-wg#e9P0HCH#011#G_ zKP*p%%fYo$#2z|N@E*#Pc?;9NKC_15m{v)O7>@pQB0>qj5(H*Ql=sUNTJSptqrsoi zBiJY|rA?BRvydul0<=kqAbFV39=N@^_hfcllpPjk26P#+d!g?}d9jD57=^>c+JI;| z0dYKnQna~IA&wYohXtzi3Y<1tvrC)Y|3={k@ijqwNWbC%2#B#Fp49USA=I{r7Z?8O z+(cGs9%BIr**18uc9J9q?H$EM+#z+yaq&Ms$wImQpr-Ruz|tZ@=9Q)M+cgAxB7M3K zog10H9lal@HE}rwEzqL!q!>{$?u{dV|82u}<7i^Ai`LRzV_??fu0=zFi~Q(2uTH-S z{rSQ<{4R>UXl60_%kKy#Hqxj!0K`DFFJ1TbT3P_0>wnmR%3({DO8732v8g@I(x3jB zN>-0vCSzSH}PH(ux8`ent(#3M0~znGUNs zN#``EsOO88IFM1&u|K(yTJo_?yh7InF%GA5A{ zV!bT7)#a|2b@AbUM^m_ofvL8Hrqsg?egoJ&_s)*^=1G(Yi@32BE4BJl*i4)sJCM%R z5e*}7l^0qCFOzvoWum(ql+HB$sC?HE;r&BqxpXj({KID>Q!U{Wcgl*J6gE~4Z&paR z<-T1bz9`mNGy-S>rq#+YrEGa<-w{66Cd{JFYI=kM&?c8?*0eA^=8zrU1p%HYFhEn zUHl#U!^$5An(;iqiJyA&^1X$xCHTYW|AW{5xXGye1A(ItTy4Hwkg6v!GGs|Bs)M6d z*$n-k=N3B8)ic2oP$e>_~A|SV_Fs3psUxD^c26>AI1W}XqCKm2sV#+ zQzoemBEY-lvVYc7#4IjnU}k6TE8fxoGPaa`&x-esyXd9bvD{(&+_>EL`a)>nj(@A* zaI#&m)m^FL=WRC3j(XSa^jU@9ZX1-g5!MOlvq)(8xsgl2I%`M*bo>_rwhHCM&*B zDJZuOi%lI?tX(Q|7Eh;ApmA}!GPeL%pJP2FkjCFf3}$a6F>(dH3OyG@o-1(hP-)K$ z0s(XKJ=~R5rpYC6ygH3~ZKO`pKPD;8epePuj!H=?1s3a9<^`t(j`l&c>)e4h78MJu z1L!N3{Ti9EsnRI(0ZCIytYHt~(68P5O1!rH>YBNyDus5{aF2t^2?V~U18mf{`o=aF z$MYDCrHdzB8!C0KHnN7Yv{u}I6BikxzfR@iZFSr6rh}6$L|p2Kid1S?pmb(K&0)pg z>|5B8^HE#G8kLjjtE&YE?I2i3iK~CdZg+O!2K$-kz}wTr<dO1n4#>=3fI#n@ZigWC5xrL%vr*OwM`N|as{&LHMyJd5kJM<1 z8~DVUf*lAZ9KP!8xW#)Lg~;mk$&xz$%rz`y^c!NK-Die6C?K$iSl?6A;MbBLc#dpR zLfyjzEe^xLfC;46f>3=Vgx?<1LYj^rH18v-(@3%#|LhZ-kizxmBV|5!MvJ?FIO{K+ zw#BnrBxx-`*2z^zs-ljVq^Qwdtq{kM$6XN`xQWeUu=YXEW-DlaSjj%8}y69-vCIFvUrup#?aq z-tl(ZKdAn7ZTif%iA1>1`7wIMS*^QsBV7`? z3WLl7>~;1RFwXM!5QMb2Ru^W0TpNKYmAPQ=)C&Ui&2*%A=BTM z(tdJl&v%*N=lnddm);c;Ev6Cka`8z9ttn0x>1Anqm^_(7eo@PKt>exIbK0&S1uSnb zdF%j-DQuCcHDlKBSXsm-XqPQ`DQNcSu(Q9WRpv)A0_Z%e8Em4H_Ag(vCm-WF`5^C0 zqH9L)yOl-SnNmFUjZ;3$-s%=MFbq-J&7=TYA&&vYX5>*F0)@#!>9SS9p;^(kLL}hp zG@HD!6=c5R9TyE;W#)rqzPD&Iy9_+ENey%OwU)d# z`$VyDebli{U(vFD0Y*o&cuxT`8H$RT6Nna$$|QF%aV=>cgzD_rmltQF`jr#&!jh{G z<&%_Jq63h^j1T&Pur^`Hht}dPVD?|E3EO?-;p3IXga93Mv6n;08d1Cie|)>*K@2#e zFSM=4`Rkw`mj6n;GcAM4xOD;c3q{ODRwo*KH-DU6O<9%hl1N#_OF|bO;BE}#fhHU@ za#=SMA6EDqF;u=|6{pn}KW-Xj&El5VqJn}p)J^c!wuWw0K-z;@3Sj|x?3*msoi(!( zOY}S4$=(4}Yz-xtRNl+=8*^2@Tgt2zHe?Ou6R*AlriPrpvc=&a5y zoE9Qo*0&c&-GQV$L+i z^tXy-s-U6UHew@ON6dQM?{sNCN ze*d^t+y5vI()Z={GKfz&El*_Czm7)1EbXWCt3cK=84RSviOUt#F$psEg)BdXz@632 zOYxRYlCwDIqd_Zw@)*mO-~9nv{8gAl&}@OzgPPatl%(M{MzxRQ?Sd`Xgjf-Byyacf zu;{Wn+CBubk4iYTMg$@P?1`@; zb-RWeoMoY9e5?nynV6Og>UQ!k%SK!@$tKK*A1J_}DAKrR`%j>qB$VEJpT4l@Eh=dY zC)@f37LHLry-_^;k%0NB^)MZ1Cb7f%m|QdlwHo(4e*Y2qN5t z*nX0HV8N5hg+^1Ik--dQ?QIW1AxnCXqQe+N;iZK|=J1wYL}NNsacV~f?^Cy-jowey z?zT^D+|foYfJQlRMZIKAwSo#`1B8qougBPD(-w(23Syx^;TQ)D7^Fl^qC$X!p@B$n zV@0J5{iC2XBJqH|5K3X&$g|ZSEgiXlacPv0r*Vezxu`64u05Yy=bzYpOgKEC-YnuL ze$|q!sb9hT>fRtwqTrUp;NlIugP-*4ZNKMldhdF~cuiC(3hWF0YQ74QyvR?Ff z)vVGUlO4Bm&Koi2I!rMd2L`#hQt+e!C7C7fYW6GFkH$B$iHrzS$1`*!kBr;dBlIZ1 z8*$Uw50s~juH{q8(utVr<+LVU6Zz9v9Jjc<=R1}!CCAl8wR;g^+paRGeVlzesP=Kv zCt4ia!wrciLq+zvk7Fv3OB%{iq1NXtM^082})cK#GDJM8Kc$(AY`Wgo>$&cjP?O*Dpj z1u{1u_|xk85_PP{NSJLblv)E$=krkS58Wtz#gi<5p`GP=Yn(5$tpG2$RZbq)F)uPZ zquN!R;E&$^(@>i$$7V|NE@nx$fBd}q5)~o;6lgSi_#}Z6W#jkygs}4azE-Y*m-Y0aa-Iu3i~8)6cC}B;;OWS zj`2d+@Qoqavt*JsHYP!*%|Bd@2mQJ!?-Y9uGBnCnN!zaFEggsw|7Ed5;iD$*OgCb%tc!j}lYZ_b3?iRsZ{)DdF>v(yN z9E~yyn@oebi@FnQx`A=t={trzZY{@+F{?9p^wwY#R3XWWua8%&qn}VZ5x|-(Cm_ie z6z9*$+mg3AFtmqaRAF1eOkl8McyfUA-}&;?A&oWVAY%+nevyu%Xa*IyAE?C-P5*61 ziY62L-#O4iA&R8I!c~UlR_Keg*B{54f|S_YJGNvNoBZ1$GW>}CL1iPSzQ}>hAKWJ8 zud{v93LjAekG|dA!6+4n(-P;JNePAkZ`@?Dr8VxsC>JsEqbw6Qlp2XK0%E8FvPI;S z?N8`gjwr^T1k*&MI9PunPO^h&PS+l|w9rpbI5E>f(zfW$GW`Bm0FoM=5Njt<4}F9b zQ{{;{1qbog=X-xzfe$isj)jp{slFENoy=10w|oz~quGm9JddF|8;n(As3Q0}^dN#@ zqs$!v$t$?!{wD}C6b=DS*>}Yl6y7jxPAMu#ZLu;JfJK+way~jbhB9_$D;hf|+&DAi zh$7Tc8g0A;&DoxmHQENItT#;6{LS1i#W#;fTZHY>2+CBT(#F4p6QQ10Mk5up{;^2A zm`R99-N^GLNy6Vz7)~Qr$Za4@Ae4biO~WpG*KeZ>oQaW#92Vfy7qv(Fs&Bv-rk-Jy zul&T|G4&(^xjF?PZf>piy9Z$yUQ7M^BWXXa(zjlrHqAPbiSoDh8n|G=NPF4snH`DbhGkT-o@5+lR|W$+m2^n=p(9=@GHh z%I9nLdsIm82Xc#}CLaunsPxbjN_Osu2=RJuBB;KZli!0YwOQT+n;hl`9A8#8I0ioU zbdAM*-r^Un1?v(*=(&LzbvRbuU^7P{;g-5hTh6mM^p#HXKQxyfE8#dhYz2OJ1Hhc* z_|Em4dQi%&hQCTtm|NfnI<{rLoKZ<(MD2UNcpG-I@;ogE`%`%Zk46Xe0u^L_R+qvA zKup@wglS`=w*1fH72Ak1Ic6>GWmX0Znjoo!lTHIQ=K{v9PnA56R3jBDN#f_le6m|| z;f06F@*EeXTKC5?^Ns&LZI{~I9Ci3C#`vb=xiJksxYFFj)8;L*GgoPg>J?F30N6$` zCQuG)Uk%s=$2Bot;9hOFBxeI2KKEhxH~m;gp2Ar|9h4zo-M!`k&DP)Gm;WPZL+Lc4 z-ZWG5NE24;hU-3LcRqu)3I@;oRA4g?=z>L{NaG8`kPW*a-XcEpm|uWkKbTLKGm$&vVWw$R213r@!{Tq_d5WVi{mokS)B^ z%N+M}nEa-1>bvk*lObMi?q%8@>MC>VQNK|c@RUtxCcUS{EsEUyxu@^Tz)b96R1bse z=;v?ldGA$Qtf*Z#GK_TF=bDUotzWHgapsIb5UN_JtC#Qm8f=f#@2VaH+0#wPx#_M@ z{2KnRj`X>=;n2F5AS@ID7FNIAFW2OWW&Ma_9ObTf?e|}ZlC@*xeVl(9_uc0L*qSbi z+BRI`2;DiwLJI(gu}=nRAPfyG`C)H}&R^qe#4jhtvP{flJ6-4M2^v~pb_$CXX@s64 zjTg1#uqvAm*#ID$`0E(Dgm83i}TQ{~D1*WhdRg`QA)~3bQQ7f2k}@G7#1@ zGlg3I+RGqFZH8El0h|io(v55)N@TQz*}kH_=BFbS!f-5_&`?Zl`o=H!jXjt7r{%t7 zS?mK5!9mz_FaQqNL1<4Qf@_}^tP*xpN}UB?1=Q(A5P!Q@ANeu$Z5 zq?%@a9p%5eG!tQ2smrNQHoRB@nwVDnnWkB$nXMMo%r1#`ju}X-vb{tQ)1nf_6v(_a z)JQJCR`aKv#VR?oPcN&))i+01731uREb@jnix1J`)JoAlM!J{Wvr#<`TZG9mVKk-q zLMDO^7ZN7IMCeQBoUe)nd+`yCvC)+KUUn^dpK+RW6A2pyeG-j7t3*@PgIBcZ_z8R3 z;)QNy$o{f7Jc#F$t!g!6Mo3(_%cc#GEEqZdJKFLOUxT=Z0mlgAHC^fpuvT~`&qCs z(Eh73gyeltm(t!iy|J`MhHu6Upraq=HZYiq8rH!!bpDF!c;8QSM2b`#1gGxvA4a!mWjA-RSo+~;gG zZhkdk!~ACZl6tnPO)5h(mM4H1_GtMvQr7VWM*y1_uTX)Ctv zYwtm)KiWP?)98**-VxIw*^VQP8%93FFRpUgkzB6|%X2eAx|%Y)9A?R~%(JqIXr)sS zl4J|36ztvf0GWj8RcTomH+k5Cdf3E*cZJv@agj`2^iVVaH{|Ttj6U7|#pvOivO1k; z0V)wL+&+8i?LyOzvR6Bs(=oyiWfDKx>%gZs+- z^+VEai-lbJB4t;T4;zV%*oqGL+tZfw0DWxt%Ug&Zsj_GO3leH$URit_&dTQ6LzRYw zY|DzOIBG7MYv)E*<094{)r0U~a}QA@iK=4spK_7iq__I)CFzJ#@kFw%tTjd6*;+7{ za=}h(V&xFOnMn!*@LHUm@(r9`GONE49pqGmkFVry&jZyqV!VhYC)t7pFZU@yiZwwK zkpEj78d5$p68fBrgYKpNK9x{t5PYd*BO!TAGKtf$J!l8>O+oHaZ;3e8sG1R~!yy=Z z1$d;jz)uDj(*Kh7qIWH23y((+{;1>YU~nObMoD-EZC~nckW<15l^-vil4J}a=M?T& zWyI-PoHKghB!A%KQkG5Q;TSQo-OjCov;M>MhEd-WytClOi68fS1fJZmnj{fzOChB- zA4T~A&AD6{7f3{zM0oxN=gaSwV)SJft(%5)5OmcK$S7jSDn7((O$3lV3BGTc_A?hNTy|2D(Luud#^d z0?NW`3532xj4C-_a}5Qoz(0`Y$ZI4+`jW=k(kctt^KjJ}0>~4ULybNWzcP1JB4fES z!V+!dB6_8G@IO%hTLlGAZi~*;FxNvITzFzilrKkHWZdd?22^&gu65@g2so~2-{0q> z8UD6F683`d?li9HNHz5R>f4W2S?D;=!)C}`eh%?(fyzrUpp5GM(n&5vi;!)hf>&Ub zDeOfIUNgAR(4cZqaVYDY;V3)!HO?1F>UH1unQNT0o`;4qr{rC0f#BBM=MUf;7*&&Q zmcq!k1f|6H{6+RB4{ajGW%KRF5n*P_``M)7C(ek}AE#z|sFHIdvnixv6B&&ej!T;@ z|AA&aq)_OXSU=LOP<*M?c0scH-UUY6u^?Uwa*JJn;;{$_+Og;$e*JY^5)Q?_Pjg59 zF3pZIo7*`W8^arX?Bv+0GznCLSo<<}pu3f>q4Vk8SY%2YoERv8pD}}KaijKeEvab@ zTTK>6Cz!Dv=)C4=>};&a=wa0h)t>u=6lqK)(ryR_tD1Nt>$25abOW)eMT1>S{ zRRGQy63wu=ejQO7ub#YVv_l02_rChh&n4QtA*5Q!Ft^i@%V^#7GljKjK^MJ{v6x|q za+!SOOn+vBY0lkyw;<0BUE6%HX3d#NJ`dd-H_CbX#;_cYQdfK(c(Vc77q@J(j%F+! zm)R5v5UCS%Cl=C1tKWk9p^XeESCr?8d+;|X>ij&oj{qA?WM#L@vGQ;nz-d=~$PP=RtQJjLilL*jrd zh-}plF8W!&(c#7x5fuLk`MrtnoqtsXYlUxyOtB(>L8cvNS{b4u+ed;u9rJY?Zx-GG zRcmS{$zdYRuNblH75fQ#<8{D-6Xe zWWx=YA&9&EnYE&T5@|)}ic70K6u#nKnS)eufbns#D~g=;9qSid-OoULpj-dk$$kY| zP@OAi8=T^DXUXU$4tYz2ENIZO>RzUijJO7D-oX zp5*l1UPOIST>0uF_m5_XU023#qI3Xyqyr;B?RtmX;Rw}x56gGoR}?% zYMBr^4Kbk6l8*F`y;w|ExRmZq1}7kjbqY(gLq~s+SjpOSn8q=T@jnH6mV8Q_S7Iq) z5O1aJmve+g2$#<~RgsAP)!CTMNlGiTE35jq8XL6u;tIx&265`U3 zQZmC2@-3B~S>fq(Bj4}K*6d^PNTM=k+o*NQPVrPAb*{KgZ z2CicstU5Jta=#xDI%h*t-JUs)@#>xoekHh7wRzC(GvbxmVM3jG+Cs}chNe4~iL@K@ zDiHVa{Lj{NfP)vZ0TJ0#6HYh>2oxu@b*;P4dHhp~3{S0(EXI6?AYfkDIqq5@vGN@- zcH;b(e`wUDGCq0}jycsb2H=*Y`EZ%Uolom(K#$|vy@d(!2iXvKwxz>`XLhLZQ3Ft&2%@Ne9T zAGB`WeOchTO2iUpaR{!T9%#Mgq`tKrm-~-fMIw3G`jZOx-`ajwp(XCCJSmPBlAlY9 z+M?u!PBTJL6di{G(m9RuX!%l@1w1vg63Yu4lv4@lS;@7mmTUdSCsM=fq=o6EJj_d& z==H6~*g$-7@AKb)t(n$H8PXjLKDBYbV^xokbMvTStBku*#B+)Y)?`fv4L`>Pilbkx zI7>9=le{kj-UGha7p|Cj&A&59w6)<~#&Uf_0BXUY$c^@Kl$SLG{dgGW(Eqb3 G^Zx_ixl0oO literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.svg b/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.svg new file mode 100644 index 000000000..23df74af9 --- /dev/null +++ b/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.svg @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.ttf b/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.ttf new file mode 100644 index 0000000000000000000000000000000000000000..16649b9dc6af65a34882e3db42793d440f1b43db GIT binary patch literal 29856 zcmeIbd0<<`)i*qIC0pKYS(0VRlB~tn;zg1rOY**NiS5|2ojoyGoDH%OlCTD72@t~4 zlmboJw-zW+ww9%|g|dXTY;A#3mH=&fNcuBld_JIUy~9JJpYK2X0%L~f8FRGsj?U@0 zE^Q5ZWc-3L)#jnmKxk3^mYdLi585wXv3}X6=6N??hVP#{|7RzC* z`LZ=DmrazMYkLRx?Pwoe13=b}^tVy}3Z-n#`YosIUsth$v78`d>P_o5u2>da<@hD) z#lY9Fe%UFTcrE)3ZQn$(Z& z16|)*6^NqmA2T+pp2k-dlL(4~`eD}MkXQ!b5x|;oayGyQ@wo^mXDe}XwvMgG=T^22 zpQo_X&{`#B^4%;AgYS}PHTsn+A7>%%B9hWnDz!?I)VSwCQHhc8(caZD#M+oWE=wQD z=`=&GwKIMl-RJuytPZn_)=6%Y`58+cDFrjZ?JdSx7hD+I33@0e9u|vG{j|D22MK* zvIf?U882g}v+LQT>?O939RjWq>ERSyI(xC*B5;N5_5TLfAY<~cQ62_fCT~O8ic-ti zk$2-w@v6Az-TZg+_R&1qzMcCv?t6aU+I>ITH)~(hJ3n~mgm;dAd*9oyO0=#s(O?zI zCX`b!L&koN@+!(I!LDMzWPfIVV`s1{*&Xaoc0c<&yOjNieV5(K zzQ-vb)$9>~=8yZgwBLhkXfZzR&*3_Om~+zp$UN2e_I&1a9BV z{sjy_=V|PH_BnX=YtF&F2ia|0gZ0?Qe#kz;iX37;V56*u^|C%T1GDO9|A2(eVnb}0 z&1NHPjBS8qtzxU$8n%`l&rV>UK;AZD-Y2rn>?FwC7Rcjzb~U>OD|0Qoj@=+;SjDP< zV+SaF2{ZegSMYW|$k+07_@(@D{%1)qMWk)gHPXA%VO5bTq*|x?f$DzM^J=v^re3N3 zzWQ19hiP-uPDwi_?UJ-x(jHIyG~JlqnZ7Okw)Cep8cmgEmgacP&6*cAa)v&`o>7%i zm(i6moUu6LoQ&^eT$OQ4#(f!&WIUJgTE_bsA7}h4Q9I1z9VzPRx2C>y51aS%{Z#D zv(L=lmHk{!NzT%obvdWx?8w=jb9K(GIseFY=XT_tntNZKDz7Q;`n)Ie-po(W@5*13 ze^ve)`Tr>BD>%R4&Vok^J}5X`@TFGLW@%m8N^Mv>L%T-1MSHe(xAt!B%Y~VR?S-=o zmlU2+cxB;_3hym^xbUgM*9-qz_^FQTa&;zMxz4Za(hcj5*X__7Z7w>!Xh+e-MOPF(T=YWGKa5qzKI6&8yNpj2=NI=C zFE2i$_|oFLiyta}toXU&-xa@AyubM4;?GUolx5PHET(dk-xM{qn6{X%H$7v{GWVNz zn(s4zSyEflS<+uJS~5|xwdA~#@0Z+O@?go!B}Xh77Mmq(8MLghTxhwP&pw%Nr7P&TP=A3S44&JTFmKL0%tA)YU0%(%1wWPr%bz1*=We^H5`u<}Elk zL9YaGp2Su_n%Cm{7S#PHYa!)+$oXbSegKl(gHcBDeJdaG#Pcnv%>st?fZFZFseG}UfLpP#S?m}5 zS*Gsl85m>Nt~hn`I<{-|=9MR~ZR?h8*}%+Lb5;AoZaZt}92o->_pPif0a3GTR>%y@!eDjLD-AN3#k8!1IT_hr1tzgfR)EnQDKHMJ zpU+H~#Z)^6KO~P8vr^`s*syUu&-f;vt2QrN!Q$WKbKTn2%h>1N=yT(Wb?h)atjW&} zTi0)92fxYZCNyIEzsaXqBls||Z(Mxh12uRhw3AVYGaTMd2EUAt!NL^5LY|FPFHE#2 zzp0Gnb2EFKJ;9!2d)ZU$Y4!|zmOaOwXTM=Dz${X!$aGh5eTOj{P1U&TH&-_6Lmc7U=pTd}(-_iTQpPK1-JHUveh< z)96>?8*!6K7qbOe0VctRlm^&Bsgc!6t8vX|3;9R5uEqC@P}iXBW2I6juKNLh4dr~4 zJ-8oDT8^jXI2{O_y^WeBAV#f+jwF`)!e=$;S7E16l0pNRP6Q&x`eW=X@G zxSFI~*33U-Rk+4bYT^5~qXd#y)lbq;Q2!*a5LrsmmK`|yuGn*?fNETHcbE$G!tICUF5o<#0LM4>A zCch`IO@Px{JEaq_KT*Kb5%8b()!8Vop=?1}j^J{&SUeT@fIR- zUCfpsu6qU+=qK=xRB_A=tT)rkD=hOQ-zyM}#;=p2NN=N9-rCqpk&?0+g^yzPi1Z-A^^z|KNsdN%tOEXL1a zH$LJLS8+8W!tcZ5(7_rR;H?;8M@;ZON}%J?xrS%(OrFKFc@EFzdDtadmJg4{#%_mY zya|5Gjgb8`tknaEM1Lmi>aP$_-o}0mALd@fdylj8;ZtVA=CvRLFwU03o*jq1cL4s< zd2A=UknKWN#l_Nj0oU?EuH$-c;6>cXi@AxLc?q|0E4T4dZs!i}|#dt>=MPI@dn<=n|L#C;jO$4F>43!MwdLjN*KAQ5ZdjW@s9NjaBCwydb<;^1gq{L~- zi<%&ZoJ7$R*w7)FdD^laNpX5}JgB6OiyEq&Cqz zmblg>TGUOpXiq@elaNqMfrMfTBoqwRQ*T^5vQFBxY{g1tDggC#_w>L+W7yea&?ZVe z)FR@ckcfxeiFk;7V~Sal-nUYhgwL$h75`bOBlUX1%FT$QzWxa`iifF&CW5DI`%#JB z+^4-moeph5UM$k8Op-tg6!fFgZnSa&W|lvdUy-ko56W-JkH{a$Z=-gze22V8zFyuY zzb8{>_ZuAYe)(n0;|q8~O#TezSE-$V^JDq2{Ac-KD)gJw<$d3z)l?gd@;XNUN=6nL zV}2$7aq6B@11(4A6OU>lzazhb-e1Tc;`1|HVI8Lq@Z>%D0LJ-f3ii!vgzuXl@;j4l zb5Wy0>pFSJKcjibU!dGB|6YC?6ukp#@06b-i>@5<-em3ASNSIdPvCe&-YXxHe=ENz zpCO?CkoSx0`}Fzm5BUbM-dJ-w6kdVH7c1ZKNwQ3F3}crgFDoIU+yls!>{i%33Elw3 zVJ28NitF__b+DlZv?#)v23u-`9V*6|iB=}uG2_gJZ7sol3(jI#Qaf-saGD|0PTVQS z$%Xe}hyPK5yOlWY@I$IluNFBLKRgl(e3AhCl^UGspe2Mo62_^Ahf<5ZOPL`D;>$*i zOwS68@JMEZsu7&o@JAM5^u@5p68w%;z`q*agd}n_S;BWP!#eMT6~6?hR&c=zE?f@l z|9zY`WQu4bEI-eXm9RI-I%iOm0B?`*G%DPFH|Gw3jK0&%l`u z?ogqF;&&=a+&a1Ev#th=<(!?(Fk&^<=m71J|4$A`DP)k&kK_-bQ4VAGdm462f z@u~a?K0ieHZ|i|1wZQxZ zZ;|gto5S+W|JC5~0fF<-R6B6vpco;A&ougfeFz%CRXV`sr^M$g@|XCUE?~5Rf1z6P z0Pp`M=J*w8eLtZyNGoC9(~nfCBbvn;q2<&eXx=|Xsi20&7KhNdpaOKI%nRRl%Nw8p z-$RYCDwrV!sJ}DSQvMv@UqCqqA7nhE#NMEtac}B<`6>Asz{sAZ^uo+cfGRW;;vP6Z zX;VzVq(d=5Z$N9)jNrB7AStD5@_@X4CHO|zNsftURNjR|ixof*x<~S(tO)ISu?k5X z7=>(I3T=~jLm+1aNX1c7`>ujEDVfPZpzB{J zN);(j(0o|zMaXob4@pL5Qa;f3pUFFP6@6fx2nT&84|t^yKsS;v_IH9|ci>7o2zuv3 z@;Avh0@f(Fuh^b{vMj=##7~|n>^SxPoBRnrmEFMP*T{C@yV#kDopOLY$Eib5n>EFQ zBu=FT=@jHSlKXSA8+7<1;PpQy0iu!^>oel5@aKeF$zKZXI=v~A$?NhEaQa=LA(VCb z7*Zu9N$42RFu5oHiW$OJROW@N;M=qTh~^Y7CuKl^K_(7CCKc^NJLb>8P1i2~dmSE_ zO4wg94*@?!cLc46;E{ao__}NW-xmpf3mur~f^|$DQyeFVpbxS!9g6Qil&_Y5DL;YQ zYx19f^=+}gUY7rYJ^76MM{tYy@Cx(O3^1$D1iivSC?m;uTSaJU27T}v+NO9$@?VMf zV%3CA5^Ex~z0w!=K25A6(U{Qg$*X7s{rvR|_70Dh>w)=nm3O_P=D4H|*4YV9(Q>O0xhnfW6I8FGn+2AC{ zw-WfOR-6UMXSv`ryRmZ%@h-&xbnq<1(q4Gl>)^A~6W7aCRc!cQ>+%ynlt{lo$nxu=qQz?e@nm~aSqh@3Gk)@)ilIfs?W?m^M zWg?=W=igMkurQg3J1mG6Z1CABYDu2H$q~_c@}P)j>ZF*4PB`Z{RMSpnZ2F|=g-(iP zrl3@#s8Bg=^MG;`W;GdhtX^8#SVJvzMUmzmD zVj-RBLOSz=bXtXUT7-03gmlugNs>ckX411r#x$>{&&5d4b#zSM-(yQng>))ZTNmHwF{T!D5Zu$9S-|1IifDTGp z*r|KKbO3lLMmXA&QLHxI5gHUaPiV)fzEn$MOlZm!p9Po|zmBweicLc&+8<<(XqV9Y zbmBn!Y0=>1+{KI({E3!-R(y1_xd{lYGWwG(!AN2@G-4Jj7W2c*|9?8*lPVM>$4k;E z=pZ|{AJ!y=OK1l@D_S9n5Nm`e3g>i=CD9$@IwdVf-xQR#SH)^6b7+>@zfcKdb&?(UPDDJ|?vgIA6j}As-=eBzI);Itfo$fAk~ig~W+b z_RDW2TO9i;JV|cQcmC}MW+--<{3nbu zN%7a3XFvo0-{b!j2P9!7$={%NUsRBYd}uMsbdrbRg!Q7Qs|CnP_P}lp;&dSsIRWT; zJjbj>-tiRN`xVZZur9w8mUz1FQ#Ludr0-LXQOv-q#TbRK{iH3)l6qi;5iJONN}b4- zdJ?4=w2>XQzy_DX){@muo>Sfy^-3O7eh<|slS^lzxJ{OS>Qu(2PjBK>MxKIGbd>a- zN-@52D8AQ!M}9T1=42@}@D)gxD;k5|!J$HTGvHxSQSz#kg`tC@6{V2xmg@UB6W*5> z7)nv-4I=XFC=*VnG8$nfytLcMgUiL(Sy%;H?_8{c4LxXHX;=+A`cQs5L+DVFfHJhB zEH}wPBk)spS_5CW8Tec9L{=l-Ld=JZ^Z*-4i3Zu~MZmKdrwY%`m!eMZ1Li?))}y`w zCuOZq!6+m>dBB?RO(0bykB^GCo@lj@RY^VMKYtBIygFT!HptXBKd2u)3m}hE8HfDE z)D=js48;xfUc7RUjaLd$O1d#A0|jChlXKy((_B<*_yM#h$xg(7(1>IWX+jBuY{W86=mN-Q2>_ho?$?r#9 z8|B+5gNAa;(e_Gy4AJ|mN41~!RsQ+3um8<2u*dI$>(icWO`=GNo)g&uVUy|pWSnlI zEIAH(EAA3JQ~3ejo46P6Q7BO#MMNYIbST%UxQM<}DTRC%BKFW@ml?3fima;c<7`khfT(ditd_<0m)yY zQyF;*t^z$t%}4q}iNh4_G&SOXT_deS@sq-R+DWw6=sgoEbeFUY6(!dCuQ4WDIKjCz z@zhH#o^)~Xq)Uahxea&j#hE5nh$0`3*o)RdFXi#C_(%LtD6jD6`Hg%BKOS#}_&L3y z`8wX}xf^f0oPzgXIMzx7t~d~{oq~5`cH+I9U3d%TBD{HW3HuJ-1iBZ0A+aBSyFq(= zC+2biR%aK=h1ee#;d(K=9~HX*lD7+GH@;=D^HJLgkLvsffirj?mM{iAuuk3ty%%?JAtA`yMu{#htcK$=DZW1G$MW5jq+D` zZP^(4Kw{*BxO)&I-w3?>G4gw8c?cuFht>zt`en>}Co+^5px-W(iv+IyxO+(8qPt1j zl6PsO!?^o}pgc*@XJT$NFS<+pKAWUf!Fm{XJ`-4zyxETyhXnl>V*gRAi}C#u8y~*oa2De*kNKDaN=Ag?Q8i9yNhSO=!6cYq=a!w*v9@1ZzXf6_7~sW+-A= zfXBxX=`!@n#7?38!opgIw%pB2e}Fh5uN zWND$jK%H-Yua7U3b|2aF^wX59SqLm;z@mi)fL;k}!=a)g zgFanj5SMh9DjbSNYTYgu?kJUok9V%DuL(5vw{Dtw=CZMwgM%wK&lz7bceAwH-qTPs zl&{X7)zvn)f}h$Dst+Fdq_v~D9$c-JKaonLtHBwT=5)Iwwb3ZXGHTpzmoq)xpf4)I z05M~FIv*MNR{y|`(Wb?gYI8?L%aU+tQA=QEso%3aXZD^Gj^8secU-Of$3(q*?T+oG{{B87v z2ZVJoI1FKf3!e-5Y4JaN@ddAucK5u{`%!PAD=IREqtTd-W>p)Fxil)5%Hx7SY8OtNnPbdR=NNL%SUD?0rLH|Ac1EpQ zrNMYNI=h|t$Hy`6wN)onULL=Lk6m7QLRI|x37V@h0&;saf-wvU1Raxj=l-o1Xolu~ z)T>q#wuzmg6KeS=a9wkL&6?Uc>3ovll~`GN^D$M1X}_dy=RS# zp4r!T=4j)*;PLb4A0M2bGj`?LwcnpT`}=FxUO6_S^VE^kF1h5ikyAUtP{Gw~P?!yE zLNqG-5c_Uw<2^icL(6&V)-9hqI&bc{w7YCh-|C6@SG=#ir#B|(TO^$X`f?G+u<~j2 zV8?mbCUE#2oCHLmn*K)Er1UQm65o&NYq0UAK&1d-8_Ck&(d-(r(x6 zu7M@m_Q#xMS?2C*yHcq&zZ8Q9_PDjYR#NAvLoydt)HI!F32Ay6@o-eneBN!U0t}csO z9ko@ZK6AFWpt`-Lc1{R%SU}8Im=z)hNKC|GaB1J$%lGY-X7=0#5+4rXc_f&S621-hFgx$iJq~Re=ELyXp!5!Xo#N^KWpt7QQ*NLselI_ zd{~vT4^*$bvS4jtiB4T;(XO5I66EvRhLsKY$Crzp3~ozMLGUJ~_nX>D*g=YY(5P;_ zaBg>|K2x1toV{pZQBHA=Iip=~BwWcs*8Sq~fIX)7>4phP`m1 zdxjhT;#)y0v<5$nG2!8cb*iv2v1wyr73@!9EKU9+_by(LYs^>Y8FJ>$zweR7OLI#K z)OqHd(dfd-+?yj1j_-X_yU9Jh@;_L1}?n z>&zdU_hg)3`cPReVtm+M?sLwtt27-Wl4Hnw-15fbdYXnByGz?#_SPJSH6%U# z*nF$!yc0*awREpuIK0AXmn{$ij;Dm5@VhW8$n3GLY|_XUwykMuKcOYqZK^N?tX18f z(N1SWQJG^nr)l%>$mS-eF{&#L%&8k)ZPmxD5G*_c0q#E}XP|IQm~anlS%Ouu$fP;{ ze9?x+WwDADyLuFSvJ9Bono8?!o>q5H&bg-!oz!A8k3M{)uHNG7?u=WEfzi5oD=-Gp z|19XIzh_IG0l6fONtLB?2u5*Z`|&NU6R{;LxfFjeZC;P7vBX+B^c+{W)`w^3G;ban z-rRD=np{)n;9`R|s<(0X%)udW2{9FKm42uAVy;LGYp?hsE~kO)zjkRyNB0b4ML}VS zrEB$Sep5@@;LLfMn%120!Or*+Skh|Q&JTjl8e}U5C*=pTCoxhk0ws_o94V(q2vHaV zk(N>^-jpyGx`by1B`w-~wqTRnQD}1NianvR8hu&rZ4+8!a5&^~<`$OMjL(_Vv|*s4 zxv8?UsX5v+77mQ%ISS0h{rkFFOY4i&*Rds-urrlv@wHNLai?KG>^x(b8G55A0mFRx*R6$_M>? zSl(C;A)IgomMw`t&wX7j?(+Ec^oDOYl-PaJ{gNBcm5|Ti+A{z}T<&4_3h2oS6fbxx zYzlV#z^}+FHiynA_^g4P7pGBB(ebR5d z&F>q@%T#ML*%?JS^$}^+k;`;i&Rf*Lg?v?CB$ z`#@z~YrcC{RsW2UDu1+Vq$&{Y;`@7Cfto5`ZF186@#|^sxForUF%<44#()-?hbIyqYTiNgqSe5HNQ*~g)RjsY7npy`3TU%z$O6=XH z%_GB`o4Qtyj;&cUHoBVj?uZ=b{{mj2eTQGA@5f7|6G|V~Z4Ic?QEY+(J4w9k=NZf@_p|}(;*N(e<_O8lc z&=D?ic2q1Fs-9)>nxb}pr7c+E>ZiVFP`DGZSXii>Njd&-R&(D#R`)sQI4W{&IR*Ma&cZ&P+mg0( zXJ`Cybxo$aMMJs8eqee5e+LO^6PU>5AmvV8E!nMogMFiwL3g8*7SlP9vup{kjlb5_ z;;Do^G!J-#z=3_op8}4r`5O=4HD__QFMP^=xS3`Fk-8uK zzLCFi-T7mE8F?CYMnPu(@Ia7DiMiJr{-OhB`+t>S-ynBgBcrPRzk&DB+2 z-tCHig)xy2<#%ID@;73h6n{fwobosFuKV7C_Uz(Zb#_s9^%3#;otx{BV@(+cR;n`k&yEUkEE2d zKk)(l!9+$CKe@9ienBVnrikZNE1)+iW39p8TS3Pi1D-t%-ZR-gcN%=gBs_l_ym}I@ zn+D%B2{#ZNG$1FZN`o(zMplw*AXVucv?t?ZN5rM!&gMJRk@($wKEEpd!GQzZ9>3^? z75tQKeBgvQauXtOe&i9FMXhY3=pUm{o=k(k>zXHKC!%jLYs!4ntewY%XHSFEtd;h; z)8I5a1+G)z@)2PDxxi1kLEy(K32o>(%~VvHFP^C=47qtX`{IVm})eF|GWylAPvr__nSZ%to|zuWFa z*t(`yr!C<2@WA}zA47H_=D2RlkmJ0_&w5Hlkmc6@Q)|qdV)jd8W8<{2#Z>YzlCj8 ztkKc2RKnBJr}*&Xc2L#?0_suXt5{gLna?zjeCPWGm0oY3)!|$kjrQbQM`{)-Dx+*`f|l znJ!{6iFj;Z|L_<%=9g_0En!CVltqKTH^uH2a6}=3!}bJ+p$(4#&*CX?!C|F+&NMi2 zQh^sLaPh|PPX&I(N6sK08SnX#PNH>HpjpCmeiu-qz^y=Y1oQ(y^TZk{(84nSATJkx z#k!wt31kcIIxMRhm=(XCR@x`#lgB-i^Eo6&gsu>hq}Uva!cyT`30ooHf)=HH&NMjT zSK#y)!byG|5>zViLSb7};QL?sA$|llhJNRT#q>rUDWi1Nzfo5)+8G{I(OJe<%j;1;6g@}_DLC0;ItPMxR3?l7ao|v4|@R_%))Pt z(YOLGWJiG)5*!*d0@?ht^akuL@Whlf8(A=sc+jOhS%6;AK%U6MpR#@DxZB)aop5A2 zoSidv)vaibEopG~nsV#h7Z;yZ+vG0mv0qaBt)_wKvbRJ1z76y9EV)&-#qpQx*Y|?yudJrg>G2g8QS=Y7zp=Zfyj3N|XfG+t+>_HebE#q=;R@aUl&P4QMoYnl3X$hFr zIEW%6gPGc{ZL(w&MvQJig=;isUYt^bLhu2=5RrVxWm?crJ%z zlt+mvMg5oByy{M?qr9rJaZ#we!KpX8yQ`bKsyfT<^Zm9!{-Cbj<7_D@at?aS$M5Zr zI$JHl1ukb$l1dtEw)RSEW%S51fssg6SJdbmEJG%|uc5N5t|WAv$G5Dm?c`dcJ)gu|? zbMCzUhFfpF;rcr}&bsKL(@($XqO%|)LoksKNN0*{6QwL8G+S)dp-Z<^wVPXabn#as z8ODMmd&v+}R+vA5aS<7YBT1#3ObsJ#LW$e3!MpUlo~CARmnGm`)Usez=hgvpo#~;P zrQh8ej`dXA167gLbDB;+e@If(6GSuS@+;tkHB8yRly#0wKCYP>BKZvV;J_+-g>_b4 z!%WYDfvzEEW7ykittwwwH@dE^wqdyLxSW_PYV)^6-1YWWd(;t#mRW0E)pG_LX6n_s zqaAf4^cTa(mhj(W_L-D1h|z|RLEJRDh$F&@3ogT&r`24YW6lf5-{soH^X46X$lPbb z?*ztc?~d|4@hu&96JJc2!>@tIe$*VGM>HNC9*z)W6sI=*gMkT$*E&$wID2M`16gJR zZ~dp%=(oleM4OlAL>*B}^-yQWOuf#+!@a-E$*Y{--MuVCT0V$To)N1K|9}Iv@^rG+ ztxD1GiD$>kfE3yAw9-CXMsIVVt+BRcqM>_ZYi)mtUsq?Vo*9sA!=BL+dk?`m;i&t+A*~3e;c2`5Bs?pb#R@WUI^1H)BIn~3ViuRfUwW%*u zGt;+prlT>CuP&%+t_;ko=4-5Nu0Tg!z#VeM_qNvfYTbpVo~lSUan=h;A5C%=T7eW% z(sq)q#P?_{HE}1D!`8+|dv9q*U$eh`et6LA*T-y>Nwy7pN5Io?>qLF`2L8*I8Q$t8 z%Lb2p?y=MwEw!hta#snKcI{jZKGWzijQ+kD9lIHxjbe9>+RZ$7V)Nz+Dvf=8jVL*H zUvus4w_khB-Cbwx+I8A#yLO#Lk_bUzUtpEsgHP_}Teenpm|G>Y*vQ|eR?xU&zW;e2 zS1#SrUEkvEE(umFYF;qWv1KOq@jX-f*dLzU$M8)O`&de6XA55iISc#_?wQCvd`nBd zOJa}UK1jg#X3Y9k%sQQ&1CdhX>!Gj7*DdMg11<5F_{DWSUR|nu0R!<(!EkOKVZ^g& zJWnT#=j9N_cI3q$#NTZoB7Vh$^{{ zQ*4fCZL!;}O4mDV{Ek3n(|nu9RA0f(CKEkg!|$uz#eR)7rrwaU2zfS>t1{Q^7s-8RK`kP4$)BTx_-ls+#73B8<$}VPrRcPl71AnkWJsIQeGabmJE$2!2fxE^lPN zW~bxV;Q&AKD7BO~^38aA*UhdMEw4|^sT%JT|AF5Rsbw)w1Sv7&&vx!C+qSLas+Oy4 zS6>UdqiFG7vPH}jGa44Swrz7=&|$guYTH#UzzrPyWVCSOSFebQ8}UmQL>+qavjzMn z0l$gh!02OtL|%}7$&tk(VS{h~A6t<{6QPd8YIx**c^0_>xu`-r}n*Jv}YqhWh%3yH~!oW5?SQ#mBw1dGlMx zp^sZ0W^X0>(ApyWg5`h~Um)6t(ev&^>*9&GckFlzea7WATq`{Revt=^XRKkv_OgZO2zpd~y%Hdq&^sPT`5 zYr>i8%-Udh%wJQHq>Sf+G8#9LrlakkJm)2Cf!Dc2Mv(Ys5bOgDu2QqFB(215$A`~c z)l{EZ77CSR);H}@h6&bU7z`$cAyUE?L5ej*q|kh`M?D?FOPvl8?hQ~IT$AD*gw+Q_q&j#5fLtc4CeRibx8 z1AbNQxp?Hr`~0OiJsoP`H}f@!Y4PMm=b@bt3sWF%)OdDz>zC!P%B;y;oxiNk)5~wR zj(h#4bte@2z2nxoq*JTqN8vr+fgEs`SSykbC553T&Iv&S%Z!Q(hwO!#7EQ@dtMmwf zXi@zVLXd-z1*IWVgV$T_ZS86G)|BUK2m1p<7H@IXQBm$~?QQi2+<67Q89(y0^p;vn zJuN+@7Dt=gQC)2D(a%iVd@cT}Hba5eTszBYjOfkf<`O_FTKs{gB0xPYW&CPKrQKSX z=XN-&a4n#}dhp42bG&H-?qdFF#HFO?8P@VM#%}N1+|jzeyJ}e4cf`&^{-ymxOMLMW zio9y%Po)R&tEM_+m$1>(ob+I^1<53G{_>>6n_^^Q#4|?hT#{bWtCQ?V+5x_$ee1$- zc;VLeMPso`?=#0b+oSeikojj0YC9G|cfkiamNme`Cj>Nmo%!zcFmYZ`icXKG(>7rD>$QHr z%V(}EG+KCTXhB2c{7`6qW5a?_xpzh&FvI7gPjB;c*0RFV^wFN4RnGiEtb~ehkd{g} zLvz4~(;;r7H?R=07>!{(Jf#c+UZwH4jD}S!xN73E83Bvh;_r)T)H4Dz)Ed44Iz5Vq zZP6{WW^IW-d%@br9$R|>$!J(!sj^7tu{L@dq`WOdtE31atd&Oz$Cb4!!eC)dI(f&K zCl-%#ZbGKXD#C}4DPA-!DgWN`>&H8`UNN@vd&4b@{oaN&$<*cucb9~EtIWP!DLdw| zjoF)ht*0;Q+&-;(X5ob~5aXkjV$(m==d+JNQSB+f1W#vs2*e3be21a;8LP@dHHYQAC}M) z$Z!n$NtCdLW&u4ZiVKX>;l@JK@Vvq~i;WTExy6y<*;F@0ig%doI|_F^Uw>J{12`Hk ztAGCa=Xu&?Wa+wL*XSLObc&MkeICD%9aL#ynV!J77Xsqt7xFfh6_6(r5Enm-w+hJK z1f&9OhDEQZ2triD6C320{^wZ#!OoG9PAcwT(CrBZbJk5P$4ikD>%v2`W(^L`nniE; z;OQbe$j_S=8{9F+QKhftwH4{Q{P<}Yl5)@ZJ;zHavk+FyNUGn5cr9$GT{P}>nJTny zW2d*V*WF(6!}5{URqiTBvCCP})>7WxS4mcsC~pNO_jGM10(;sQDeh!K&HXgcZ>%f~ zmD>Gn^`SbCy~wNem|MJ|nQogSJd#uCaFmpmIh`(_*Jg2+=$%$qEaVL4Wz=}0P%0AT z5cn`=m_|jB2F=&m<@s;iquIr9_NwwayrAeS4b;^Ioc=tuw#F4`|4{4J znQf)THs@0wOR+_lZLcxYZ@PIB^ay?(I~tFrE1q+LVaq*bMqiP-ro7Z!>#Ww6fLT?o z>dII{o3pX3XJk3gcUB9Y#UE3+)$i+xxf@-?KH^xrd=J};-)a7uzxRX6>gvjBx5MEc zYCe0;*jdd*4QF#$=WO(; z#NP#)_=}f$6f00fIz3jXDX=+JX6t?NE;>FbPCAR2}m`1^@v{2Bp@O5QrbM5(ncBUxdg<6UJB&-1f-ok z%=Suefx_QRwt1M{As{a#AeCHV=kaA|^I`(xU{|o+0`gJhXC=4O`}PvlJ9o~Bqxqt=IVJ(Yva zrTm<5Wuz|4?la_8=9l!eK2cs+QsbSI;jx(TcptxGuZ#`n3`8US-f(+uq`f^-i?lWTFn%X@Nq0hCF-!ulB1+RT zz&~=-yZS?+epj8-QBmPQ;dhocxEp(V8r==0@H@)={&JU}Fq+wFyyaL84G0|yzZPB& zdAHbKlh29B$)y~aM?85X-3Y>as@lrR+N!#Otu4W>s&=hjuWhgDGB#M-0vm%pJ;9ou zp4E71ytAvOqnh4IuI?~4x}1&1_Udk(&TX98)HIU{baRNbf5f5k$~tN^y=6 zBPt1aF|6Vl8{Q5sw7czt{<@gAt+&lP+};%IEUB_YeEz5ajP-69>^5!+S(et}fmyBE-cmYeMWsDpw6)ikHreZP zE%~**rAUEeWY}8%26A6W28HR*V5m%c$r}UG>lB6;Z@lrwi*K4cE8hxrYR#WDcJn1S z-E`Bn!S(=eyWP?0a&nzT)@brFvUHijIZMl(Rh2ME67qfT@V$rt=zsKJX^Gc?DfUl1 zSkWTIig7gtdJl*G4k&%WrpV&D+Nw6AS6^+m*XqlxeV*G}>tbz=HQA>f-#yWkar|n@ zSyWqSztpnev+{wS5;kgC4F9b zX7zQ~R$q5r^|jYkUk?mUwiIKAQB!mm@J)IvuyKg{pf?qjgK=Ip+U-VTX{j-BrE#CL z6&r0fW3i2|N!Gv*Cwmk${ti#P592r5)A4z^nBh4X%|LGimX}A$4H}KXXyh-(NBNz< zJ@35Vo^xx*t-Z5C>d>s|ZDWyGEaLG*(hN>&#_v2wY1Mmc2T2^{EWx*Y=(H5hX)qgw zd;jEjo^?;luYT2X&shqmn(&+IKSSmfl<34?4dPD{G);SE?CEQ-QHR=b_uKI^?>_h3 zyFp1A=lnPPdt&z@o}DxylkZ6IVOzlKF%-GA{*n%RN*&n;r^#w}1S`bV8Gy=3tTWax z4P3wzD2J9`9KW33i4~5^biYFWi_|XV6K!c)jRyj)@o2g3VL#7Q^Q^$bCjP)P6}%vR zsN$LUjHBA~7(HT*895Kf|LK3Y>)}BBGZWWVJj3sg&wQo=|2rSDUi{bWA>=&Om^*SB znvtT}`A+`WA-?ExtQ_w0<3&a^E~GP_$TOZTHS=CoZpxc7uK{wcfF$34*do>OA4`8i zo8+4h%cXYy3kiSsDt7FvaiRV+GOX2C0H?mp%qW zpMcztx0O~vO6ff%ypxGNf1=dP>M%O(0$8xTYZ@+=ntu?xh3=gyJ;b6aYA^0-_XIAH z9y%#@Hr;y~{l260!z(w&yo!q(q-NhOF}n9G`kk-zqkG!&O9IkE6=#ckE2TPi70nH< zG?GCY2+UQRM>e~*skcefQ`gr6&zmgVV0A@4&S~-2jh+%cn~V*tu8> za88BYb1u)479cT;JI_cn@&Aq7Pr5~$q7{luON&vYnO0M=%~ouJX_Mp)Qa`&CYb>5y zr|OV!O3$T57E6)AV!0i~fV$LgH5ja^1(?=I&#^tK>i>*swZKqP@?cR(31O6;145;m zxB}CqQU%)pnG!Um&LH(!dZ?)>M5Wl_C`OSg>MASh>MAPh%AFRA!(p-DFXQFwu*S<& zoBlJVidd||S6AoLmzL^_Y&PlPkk=Oq`MjYri`i_U0-oL=+mL@D-OK2S3*1D=jFJhQ km(l8XR#ru)QbUaO^*N zjsUV?BEQ-Cs>v{2A;<~S1 zVp>=Lrv61R)8K|)CdzXxKC@3)3%>zOi;y1ddPxC*2<=!td z*9~WjIgh628J7a@SUDG1(WFmMBK(wf7FHA2^{Qt=z=q*~jty@}OwPO81mN-?{je@s z;>rEW8`!ONw_w0cI11mcYoT~;SP+FgorW1|f*CU9x^OyNT#@1-ML27_5YJYA7T%mV zJ}?OeiZ)ERP4Qnp%t<3Zb)r5ihF+XFy=n}->{I=2v3fZpHIj2R8Vz-#dm7Y0ngb(= zOd?JcuXkA{a zk9Xd4HEJKRM0`lFA8IJC;byxf`Moo*99@~jSdg!931R^ATp6R$b|4b*Hc%PnlLtN` zP+0tmP~PK!s8y&h1}eWRR}t%uDrFfJs~lyDRc+QvSx@IJTIvVD(Sv z_R5yLroL#=XyZyZhM4?&}Y+~mY7M_$?KU$xj)xT|1X13D#3&*UVi z3D(VP%d6_m)76UZA)m`Kz)uINID)Ld^bCa*n8$Sl+c+IY&~=r_X@%c3dbagL{b2lJ zcD?Vu*5I&T99lf+ajGZ|Sh`gQH!cm8@+7v8^*8V>rw9esC}Qu>hVDnYO>F0&S|Qz| zxGgvPmM^fz;R3cCUfEaI_;Y3=naXoEnq0cB-~ORt&&5XtWovTZ%TH1OC3NC|K%FCU zgWO1R6OE7CZ-o=tB+as}lf4`>K`x=W%K~GTD+|oTaM%C6fzbIC3tsEJui_VeETT+z z_l3MgDRAmJ`8@R1q9TqLdkKZVF)*%zV_z~6V9gd&ck{8D8Y4ItVy*NNGVqF{?ygtL zD)Wr{9+YKy5}<8RkgHy=@HO3Bf4z-&%;|zDXt5Pm1)_O_c}?nP@=8&~E5Ww9wC;c7 zrx9$wt;BRz=S}yZPIt&g7xA%i)vIu8dr69A-LcZ> zDrAiZ`QSm$UpeK@!{?O&|7*db!1iMCoMA(eX~M_=h5|qj;xY;+PrLym1s=xNB*9F} zwY2=?W*syKci_`Aj-%hx-#WxH)wO6Od)k)YoMP?U$Y|ZPrK93x3u;Z`{r%(<#3Uix zUs+Zl($uzh5`YNM1%^}(yGbA1U~6%at<&9zxish)A90B2tbTZN?$|2faPO*W{yVY< zcf4kkx8T>}T39}U4jj1qKHYW4BVo^t61`rl%eHda@J@kXYu_1FG>~&SkTBuWvu#UE z1!U_@@l>XqCjY!JmCDGI7 z7GY9cmxzWpk$|yJ$sK{&na;+L({fLn{D5aqb#nsD9b|j|8*eygkoYyijie-86ft(! zVBH_iuT%;!w_}sFD4(C9Q!GE@6wg1LCIyu$jrH@SBd^2MAD-ria(gq+>I_M7mMV)z zDv0p_#xT;t)(CYRVMc==A+-{+!YL3y5$VCrz`%s~e%tt)6^>P%HU?N)7zyrir-M{e zHu{gy^m)w_Nd}6^AyB3ZC7Z~LMvO9wADW}WHinC=3pa?GBW2}B#h>O%nq_9{aYdN?*ArW9&?FojtVm%gWBeoSDuyHLWo z;|?`B7P$Io?n0<~F_gvoE()kL2<1$(Y?%Xs+)h$z`f?tQ? znzGrqyH`XTwbTSAtYCQG1ipNW0;r-n*#>q1|fSW9)uYf z11!AHqIc2;e%W6NO6h-7T`^#V3Eg0|YS;v6W}MzNGCn8M2`RwWVqUC;!-YOFzW(sn z)D|o$7i-x;X|3;c0SgTvT)S7Ba&gckWLhKw_`CFJQeHihnB<+TugQNDrz8seP4%e@ ziDg7dAec=ej8#@Z&aDq4KZ8;{KgftD2rY}2;Lchzzs2@|mVC=w7b!V-e|x#0;`p4V z@B;~AZRR;C{NFIMP*SezX<*$sza|kE1TP9t-|gVL9+@JVso0|%WL3qW0aXmeqLUDJ z>4yB2g}S>Iu4M5&>T!tbCcy3lq(~%N_4(16n!AO4%3+n+uWP1ZW4jEJv$6spBwM=U zck4KBsIZ4Z{+(uzceJzQ@!K`bz(fPNrG^kQ0C^*eRB&=+yT79jWe=B>NLkWq0#L1y2@qyL^@B#5me-*B zfj003?g8X;9*DCT|7gO>5yM2tt`6@&koXr<^gt=ax@j>82bck1_HQ<7 zVLibQZtn%w&Dh2#_j*T9t6n8k3RAY5N9jB9k}g;PAk6N5*Eimt6PRfz)oxw_ zP=ureNMWi*pLBD5q$-%%VS+0u(zDUfo;79$Wv4JBv#dhOH=66bXxe|}eke^6LuQcX z1&C%bagi8MKSq}-LQx>sqe5UumX~?_ivw`aB{(;?n}DohwAq@zvkU_(~G!_-Ywom?<)yl1CfO~2Ca=k-Rw2@3VHdglBj15 z13(3w4)72U@`w<1B4lbze^&p}$VFmA+T7CCwZpn>aqnOvr&*tq3EUB}#utK-0yW0OKv25<4OFj;Ezt9B*rlyUB z1>{WZ+g9tOVs0+7y?n7^ica7qeuvvMGd9^YCf`zkdBMq)oIKsxvmmGHO7nr=pQR;y z=3G-}$)_U!HG&D#!X^0>gJ$Ha^ljM-Kz>v6xI1y ze5(RJLrQX=;Mi{{$~r90BU7myJohKTGO0`+l`-yl3uLl5SKisDlXVN7?{U+qeBRM5 z?s*MJ$L=~50%(K?1c$L`V>1MWhcQ(Q6j&naTvhX;;{LI^64pcc`HC`J2bGS~9lQCG zv>p59merD^Y#=snR7Ty0A?rxARgL+Ox->;;!jM(^;Z6b>ka4%K$#IHu5^6TEx@5S; zZT*n4W#x^tNd8{oq?rzwg!%c6a_SUkBVk5VB#N9zoI0KrrHyjiF?EE4DUqSC_T|k2 z>|emNT_~T#RFFhSMm}McWu@3Q?MKaA*X<|W;CLSUWukbJ;=XIH2~$v%WHxk@)3MLgsG1(3wQ)1KEgARs7~al10YxE;KkHCC1GU|c*X|MbH_1tH{xc;}F@t$Pz(}qR? zops)6vEE9%S#7=|Yql4>kkhsu%P<)VluzqlS@JPXYLpp|l_ABVO*y#uu z^zR1ch3k_0yfAZcVCGr<-014zf9XaE-b5>kRakXRGwM4*d?7u>njHNfwzX6Vog7V; zgl(c09VM*jvhmqy9_eRiJ>t3~-gvNqW_pVZ>!?l9CPK>j0(WzF&3CNi`N-e~Jy1&g z&`tt$z_noDb_)@%%fhxDy%2^~uEVIGkqk3l)SL8!FoC}r7U^BL>}M!0Xlf?~;3r|# zjLL@apdy|6)Jw7&Hph3hD~6;WMqw-iUNRka$T9-?bt@*}cx&a2+AFHtY#P(YDJnAW zsY*|iCCW?7)6XqRivq7T%*v9M*Uc`PT{zDR8))0l^D@TQu}wS0$x_W6pkmCU<$i3Q zo6*`LV}(tM5&?PvO7V10dNDwso`G%m|;AMTEr_T$y(!M>p()#DlVz^=;z z*;N9ccVrvrJcmrlbMdUxvQphwU8* zB6~%A@)qYJg~FxNMol99a}>Av!Yb5;2i2)57#cX;l zG${&}^!f@e?s?jDp7r&UdOl~y(5Hp>z%ymEImcli5pn?MP~WXxwtRiL;^e}i?_9r2 zl*b;U6_ONzhC2a)8SpPva16rfL|ESq(XYtgsx z)>}d^5O*D7|NGrpPN=P945s{|MS0U&lk%A~7d##>*Jqse2aO%$Rg1$PI3eMZYf=As zMa|>V2uFX1B1Qzh*9?daOC;_HT&w4i+zWBn8e)!2Gg8wJ0>;ny`!-WZ0@0LcPkf@) zEn;EVDD+l!jo*uR*m0(p+dfSPB2-90gdn~q6G3n6L$gQc;hr{j*Pis9FLQiW4PjxKOCVj(Io?B(itdPf$XI_7Zu)AWw~U zyTQKk4*|?g_!T5HDABHKN7)L9uN&Uu_Wt&9dvX`Ptj@*yu}ROM<1GN(JPjDPUL(95 zwSA%I8ko^=q2~-43bH8}I&h=k?U&h>(;q#@)Gl!O&2gKcB5(1Og0G{L|4fGxR&3Yqi%_Y%8;vKP5`fCr%mERGbx9*}|7I&u~^R6~lWMwC%W)wrG6h9-NFH2haG%q9U@2m1kqITE zxCyGJB$X$qIlFg4sPFar${U)zHx!M>kTW74m4x&y%x$4vj%LzG`em{czQ44(&7aGg zjCqdXXTr6wIrU||iE9FZoXmuslHdlp%9q@zdpJ0BS}nhhnOve1C5XAo1}6XZ-(o?& z8`7BihMzFZZ(DDvf%|(plaKxQF10|zaJ9;{H2vx- z+lqi26@-JCV6r4PDeQDmD6;m#*9+zQmV!l%2G286j1xF}FBs8bn{JeBzfgNymOW=D zIos~BeN%YE&7*?7-4yzZsKeDNX{p@;24C;Rb`2Sn^A?{J!1=pZT&@Wo}Htbn}e0B5eRpphlXFD^Y|PeC`$H<;&s(q$m(kGc{JLF9HXTTm@37b=@m zyd%8#Vy0px(9XO8xARDHUpgGL!9*;HM|3@mY)jR)=n_)a2~0J$ujS-Z!VyJgKJi;) zL{i+K-`O#$vaFgWjp@JX&rJ|N#fWwB|4eD!ID`qODb ztkX@0NFfyZ#Cz$`n{+NUt@~i%6W2J4SW?(Xjt8J|y^R8Wg=r1TphLiGca-70(-=nD zP$SXGmn+CvrqhKzxxbGb)%FvZ>JRJ6|FCt<|o#BXEm>0{IiE z<%b#G#V-=bQ56lxbiCmWN5i7l37*a)8ZNn=Ubcz(O7ur3ok=+#q^jV`L6gx&FI~2({sjeQShse>I>Qk4+XpVu` zcQls$Se3&zi1LgThlo%`d^MYx+GvlZu!E5G$fs)S$%}60*BF=cUq2d#WyCL(kY#Zr zT+MO1+*JhM$@ZDB5r)RTIY)QGAD6J~^as@-)qfG2Qb?J$6f;5Bv0yU{@yfF)8pT^w z`CP)%OgaUtgmt*aMBT{TtZn97;i&&k5i;hq!o|S^ratRc!aNrwp}RT7px>(m5jxt` z_O_;7;o|4o;95-Y-zVxO)@Ea5U!WKdI}yFV#3JF(CI$XN9mV9|GArEYL$q8%7exxY z3r`$VY3A!$57@oCr8y!l7}LOeNNG!`8ip$pUpI%A0W&&I_CzCT^yM~VYI0Kh^`NL& zmNhVaoj8$n9*ssW*gd9V*ir6y8X6qgElFtAZ27p2mRGs^HIqf-&m-{l7xx%=S zcKHhPc~6uvPK*jQ+-McLqlzp^j>37|TBlYL^70;5P5&BB=}y`K{rE#cfeJD;ZdXiq z?5c(2_ihlh$WA-UWyY$!nC9=xDu`zrI)PK_MZ-i?>!1b?nl<3ldA1a*Q+YU^g2?PZ zHy?bUo+Bv%2}Z~aF&zy;H`66t+3HR&)F-Nnfm70F&z@BeS{Skp2ybK)I}T`kGxw6# zkqe3@Rw&{8W3b>>Y5{9bmnfwGdkqR2$9y073*$rfxxD-H#Z&TfuasVW*nw)d;wjE^ zJS>W~t~r6Rs|d7PQQ={9JFfl-3HZ8}d)F)ImU5fR3-IeDL(VwaR**Al1* zH!6k1O5q!G4(85}gz;D-S`P@W`^BB%oPp51m<Tt+BBISfHGNeMCPra4H)4`Bc%br#sE2;({ zwkPhpL}m3%;dZFR)bF?&?bEp?SOa?@@$JlqZ?k50Ms^#W6S&O4*)q?&&3LNY@wK+*{OL`knjl413;=PDXD#oFN9`C#go{}q0>Zh`P_nQbiI{Z7&IQgfcRMnp>V;}u# zl(9&ez)`f}^L?TX)uMHs?}`Xb^TrNcTG2&_R>2@b-BhnlZDSkD!kKS9MJH`-rV?Om zB+YaXBk9$3vjp9sq&;sqjNjn9_>vL%3AX8Q3IC-Jf5*z>r3LgjfeEQNE%u1-fyg4ZGq9 z`s5^=SgT)>Q{fXBop2<0m=y zVw?*>wd@k^f`sas`ZTw#=>svoIOZ)Y#KjgEXwcLRLXw}K{-P*ls&UBKhHug}0cASj ztb#vZrBQh$hk0#0J-SSjoByYJx)yPu6$1O~tT%9dEStrFEnwCjygrEJBg<-~$#usO zWT)SA7OUs`(Q(@Swix?nZ?lA-1!uG4#UP(a)!4pS@s@Qe4|#8j#jP%&W${0Q|2M_J zf`WbTeYQ;*`u-7ul^ePHxBZiUl0qd3Bg5q#QY$(U4YY);N*>ZXPj{&GnH9GvM>rJ< zClka;zufm9{jat{n{&FoJq#QyxSZWejO%?LLN2;toqZZRpI;IGK#!K~9a;gz=OAy3 zEi(U^gQBbM$;#a*-!7-$!7JZJV|}!sYJsuewSlZYq}Yi%=dq7xwkGGlSrt%)p44k& zX9`}@uBg@_r1*6%Yq#%9UeR`R=~^;ZMTtaMuPf-;RQY)e(`T9NTV(l=tZL6&VbMon zW2fIzUI6!eOETi&R95xw^Xhutm`IP@T4>CZE(}dpIIuP_=gT`ht-^;6lm8*UiH}y2 z%#Dj)5cAJqmu{m9YAEz?u^WKA`x&rW>c|kws~~D;!H<7n`Fw)s4V;X^dXAp{3Kv&4 zL;jQE141Ef_E4HC=nG^-p-1wH3~%as8MiVP~ogWK7F+q_W;u(^y5cbHg4j zqchWtyf3}P9vA#y%buv6O<=yI0j>x*kbrLvqqY$_;MJjMIVlmzwnDjEx_;%zOPCD) zx}2|e((6(6&E!%A=&>6&Ml&+g3T^iD)!MBd7{BW27wLx)uX3<5?2M)G?Tj!)xK}%;IV$)IL*c?k`VpzJw~OIL_I* zpP(xa%sKDC!*RGwH(O|Iwl7_JYHR+3#y$X3^oTO%_%i24k(_2SM6^pJkRMhDE8?2jfR6TS+`$76$q-}vh^IxL!Q$R3n3u_3BraB+^7@g ziPOPh#n|$ru(sK)Lx1rCXK>XsC9)j* zFi0KS?Ky2vvz zVsc2L8RWBC$PKO-jbP*p=q#2)FlQFU4CKhH(ng0QZG?Wj;tR`cM~oAUp&r+u&?s3X z5>cwMca*J%YEYoAoMrF}LQ-XB@?%e2xhLLb!RmF7g10|A-7|Gn7?QIS-~_|Md7Cd8 zU z0J1c5Jf5Z3{q!EQ=oJ}$mRj0_lCD-#H_`Y<&@5`OmxSoLus{y|<|)R#DvzPgl>2lN zY(04VOHXgM&Sf_Bu?ccxYm0WL6x??CnZ8?V(-fBRa!#rjvDt+p;#!QZt`e8T+h?s_ z!N>PO-d}ghO!^=?;iJ)LezwH+^yb;bRFIgehNhS}%V?{$3xpNc7_HsIb>DOz*kvZ& znRw*OWFg30`gKxTh0S!nKR80qw4VoT)3?4e1(2@@TJaUp-qR)lJ}@ z9rMpRO*?Jno;HN8=LDArqR}^owx#tkDapw%49YRnM-HgSXNG|!Pp1(`_Zd6HcAwnW z9&8_9oTG9vaE%1pJ=q_bzFW$+m@*AF`xE=Z9gXWfegc&Odmqb38kf@7FN6$vslnZ^ z$YyL7)lqStNiYSMMi>kQ%Z!mKQ?Yg3MdnT@!!EsQwSiUJgG$n46Iwn}ONv>M>gKg5 zH&2pGE|p8APx`VmoV%0u{X2P9rxFCspd@~_y&UB%ugW;Q@UF*-ei^9RWx^2E`&T46 zf~pF#_HUagvz`g)&Z5*(Kb~`my#eAJH3z$*_`^og+mZs*3a$i$h|I0d;PQ35wD3#gh-PS(DmFFx*{1$jns z722Py&D?^fVho?r@=FJO(|b-1R|){HXI-D(49Ya zxu^U)eb#EhAp8tS@m#$BWXKeUef{u9vWzz=Tz4mYXP1^z2 z1ss~%oyzh&%@Ondee(7o$JF09Z+-P1u#ZLnVn6byYV%b(lDP$*%^^dMlA;)7CX2^w z(pIctz}OwA=0(B}p8{+0!5Q|EHe+Q)df@=x9+M+jq_Bc{7fjgpb5v*C?0-1ga7sGq zJj%w+<>u4SnVIN4RfcoUTG#V~4;{}sw_pYjJRYuIjAO+1#aIO}MZ+SJ7VZhnfrV29 z*)Gg$bOvyaS7E}%h3NeKe5eYL&e4&ruGT3RU6Jqcuh5dN>&6t>>BKY5qOK(%-fs)<#DgHe4i zl_m!XyklwS2LqK$j4ZN>{S-NV{A1j2^Rmh`6v?A!o)8K1Hq87yT{>r8XZnxPC8w!r zi{aK-vt71kX=7fvYk1X=#eJHKuc`8Y(9JG)&4^z6{8@xT`zymz?H$ zq%Cth%zCs+#oS@YjSH9Au9^o%&qNms_`enZV5&4zv49t;?Uf#`l(o4Fyb>R`Nx#7D zCP70>94pAa*WUS@vXQchSQG{d!Fn7z;dR!$+-RaItS{-ham$#x8I#7P8uQF_9&2NY z#{0(0`-#Ujc@hOSr$Vc5%!2` zkI8)os)$;mUfl0LqAqkCvG)RJoglvY51B3}H?G`Em~0!4oCm;ar1qZ};gTu>mv^P? zXyYsD0ekb`PHZmF~6QawM?JLbl5l? zEFGLJ>3HTxD?DQecAe|xXdap6r5mzt73OWkahNLm+z1#v22k3L720JfC3+^Ut7J_s z7q#rjwLdLJxn`!PwYm&UVp3)ZTVhkJN`jJCHTHOD=t;W_b$^`>PnfP~FV@6^DM`>Q zpW5aX&B<5nh&vI7Z-Z+sSCG$0ra`#+fo&3+wgv(Xi0}1F9KA}7ELw01Y1G)9tmFp0~G06;o^un}aU#vFSigfZb)Hck; z8RQAfR#uhXhKb@5DTB%y9!|q~SWf(s5o^h#VQi57k~2#DHh;(0==VG^+20756jOjme;7dZ>Fl^3n}` zMp@!QOenZn%A&0Sw+_=(;{{i@i=|`5A0$i-`D9wXI!`W*vyubyB{nq1GD6yG;3uM% z0F&7AavStC3&C!)wc#1cOQ)B<*z@Uwwv(=uUN4QB3jjj7z*O@`M?6ovtL-rul-Q^`X>g=CNkc8iN6GX z$?&S#)4sqhcDE>RIM*pBoigj@B|MC@hjw8V)zM-2llhIYny8FcS`?8|u)4A6I4_b; zxBtF#$s5dj89LxiXi=tsr0>3@BULGrD7jfo>$X^MvM8Ji@f(MHuD`ptd*-xf!K)}A z`cwPF%5)_M0gTqgV|6dKs7K=}a{8ClLrUDSt`V;#jXQH{6@6kE%K^o3nM80>wHgKA zpYtkk=EU>+_})zmuVT&&_k!2e!ojzNsE#gWCnJD^HPw-iuY_zT<2mk*H*|!lSnO)* zz%x0I+&xns3%X*?6?8-EK{l|ek^euEJ-U*f%1@wD8c?r!3kqH9_re$Ng!9- z6lqbM8LLbInR990YDKS2tGY3Dt1D~}b#Nc?TqKN$4ycTb7Krk`gs zRn;wMa{T|ebj9!?$DuOb9YEpGq-&V?&*or^dzXb&+6p$eK?Q;By%-u#aJ0e>@L|;v zgWu*1q3uH$wBjj(4)`b+w}H?~-T=-$ZH!uOw37n90L~X8dZ_cQXX5*(VRiFyO<+p~ z6^qssb@lzYXGSKx)@gK=_8^rAYQo&OjwTfv3Z!u#T83qzW(<6gR-9WxAEB*%Q&~h> z%5U6rKkxFsVtFb^x@_0CDV8(eyW@4k=={KsC(f)cxX_ssyVuWGKW_>o+~&2Af;d7? z3hZd3hB&+AS?67FdO;pQcS+?eXnju6KVw65CKMPr2K$7$GvuW~!P8zg6Xb1;SAWrZ?HU>7k)v&HpQdr45W(HXitwNVuJE z4*hZ#>>b1ei@y`Hosw*4LbNIW5YN`;9e0qmVcYXr&s8kC(TE_^WL=Qps^c?)>$-V4 z^UrR^dzgFRFzTgl=Dq$a<0qcBpa;bJ^`s~_f&~XM)X+{LOML)#ON}mJ!YETCiH57e zp{9^L+`eAaL9feH2{jfRw(Slr*_h$$c|}8{bUS7o@O1B1&l$)Ce}Sy-BR4khMSvS&&%7vN(0Nn0V>8XW zb;;`YR(5dz%)Se4NLX?pLT|O*EHk@gq_(`R(1-@^mBV0q_{m?T>wo$GGT9iHN9p$U zcXiZ`Ou4o6iaC;9tZ74}qx0^MQ5%YSrRpwY+`q}eoEwR91LYfwqVEfnZ9^1INq$At zJv85pX@$bK9=?&YsV?Yq7v;!$J2s3l#`m;(kUUG-jlmApe#Pw!Hlq&q?1l^oqRyf< z1$n=9Ow26cFIVX{%5vSY3w#f`7(01-=Wf}&Y&$}mnQC#f0fi!KL~{#?^^4KwuW8>Q zFXaU1)h&SqOJBY)|H`=a7F-d(aB?bvv(@1}Xz!m1jKo(^c?55ST^cxP$_xSb%gF3R zG^-P$aflO>S$M^D`NenJmnVpi)5_)Qx??7Xfm4Nx9WiKtnDJYIoGniO)gSms-rMyA zAwMkV&c(8#DU-tBu%7W!2D z)E(-Ns~v*8cwPQfknRVrj`P*eR_ zTq&oz3cF|fO*-l%=eFaz4vjXg=x>A4$MlfZXXdL&~#rNJN~_(Ims2gs93Jup=3E)3P}}#2dJ1O z*n#9J*R@`{Ac0E%E8kta4&{v*9FVD~Zb!mKEEe6{GD0F1320(CM|}*_15nEFMb+#fWR$j5(>ffn zSRf3Qj)+;sDG3M5baf-cS;$pfE}n5FX#|xPWi2AKLoKIP7*`mIm7aT52^7eWvZTN7 z#tv|>6edkHErH9eOLh52LvVky6bVNMXnca;1Q9)jh)n0)@9>{djfcAg$l528eCKz= z6)XI4aKehpvXh%`oxqIY(zcHfFJQo8!9td62VHi{+CBVEk7q)2LyL=Dm0;1;$u})fXXQRS?(41 z=frXsBnTr`LUV!vhRF66ve*UCDm$PekD-4+bcB2DAN%ftv@e#QOsP z*W}J z+&?ARW(0Teg&cW1;}tNrK32r*5qU6Yndwkin4k#-Q3p~!)M`wDk}HzafkHuVVUbo5 zsehfm*q@WY2^A;nr`aAL$w%lv82boOdHvh|TC9zJ!@fK#0Xiokq5$E>qu5izbh8si zm5)kwn?1ab^mnwOlps1kl^1OTvHWE$$|28hF7A_2pYIBui`B5ZWW{{TL0@qy?J^~8 z&K9fR*qb*3*RepNzvRW_gyvS+b70#!750mwP-N zBCZM{KZMD;vxK~V5S&Eb@o&C_Qan{W>5~@s(3pf>L|kn+UD$F>!W&|qE_nnIg$`l( z85y`wE?L@w0r;xsJ-Hb=IFD7WesH`EZf z+qV7y_PeytNi$)F#V7&F{!tr>Ao$aM8k0k?=_ha!N$CBbsFNX;>VY!34_6nw7?71T zjOb?+(YQoCqwA6QvE=kRw}EWi)b}{Cy>D+_(di4hph8o_!ICd{aE>ysa)Nbp+yx4F zB4v3cRePnOS8{VJk7FW!c@#o$;y)uC)aldvQei;(9f+x~7!<59%KrHq3g%}6LwmO9BNQ;#SqOBW@}YnDbVHk|A3`nwUJ zj)Fn?JLIBaKnw?@=~1piJO?D~Qn^8F2js{F(?&uo_E*-jX~C=vY~8YV!rTy}l8UCu z`zT>4i$=+NI)QER%g%y7f)nHP-PuWGf}-~t+re&vxb}MALU<`aH+g7KS7oq@VV6wJ zC!6Cxk$3=gb#%`mL}?9kAJp1UC`}5OFgX^x4}6%RHiT$YRCzB$Uj#l4pjjD_H!7}U zUhTUubtG)f;F;Dm%y7+)-6XnNaCK#3P9vEHHY{+QYdL0f!-~-{`d1Qfi~%{sYZ0}KA>Su^LB9e(ZTJHR|D+R0#*&|+OhQMG$W25w^ zMb-7%JlLVbAimG%6tIpDEXbGeQ_Xm959OCK&MUklH^|rf*h36(^RMp`|LWc$q|8{m z4t+nB7WVf+cIT{E&9Dh{otiAX3OdF;Z53_u@H3u7*S7fgi}@y3CPPJJbQR zCTb#1v%INy7pBqh29WpCSOrVbse&!Xo`0krnHeiXaVs#Pd3hTJp*Af(H91_Nn1(^Z zXCpHh3K7S{J(M|I`7g;7kDKDSje8FgQ#Td7=BdEAo`fkZNwIVcQ_QND6~nE4OdX|X zF{SU%Z1b&i`NWN5WNk_nCE;REO5fp!3CJ&DaZuLCoHb%%(3cKp%zq{LdK8sJCa6<53o2?HbuhOP|@(rCBb!$uCc64NbnO7uYdIAtV zX(D}pI6*u`emG$=`@T3q97!Zef&i6yVZt9Wb)y79TGB)X5e`%(1z{GJ#rc5b#(WlQ zGfA%X1^;NLd?xKv3AT2}Fwf0BdhgQ-iGO!~Uz%!6|_0SsL`rNzk zB*_?)(k9pZSgKq1qQSG>_M+gsF^mW$)yFhg>yxrBj|fCF?FZp~;q->#0@k8ok28;9 z$T^0jZS2#iFAe!*a85wj)c6sbSK~y1cus?%dB#qlpC?TTCDkSs1ZrawGLMK<+s3r< z?h{iwkBD_K56OK&Ddhe@se}oj7TXC^D9Ha+i8MehaU-ROleSWckDS~?N}e?Aicgym zE}}rCJ})Z(0{3|cZ2&>yN3f(QWaCOIb~2_&Fi5^jcBMJt$$71$F{T!68&~XxQYs}v ztq>}rQf#AADx*@a5NVR;i37D6q(=~*s8VbfN1=e4SW#0~FZsj8m?*RJI#ZeQrTO#D z;ec(YEC2UZyVZEHf?v~iw=b)nK*u?0DnkA1TbexWrZS&tE?qC}AKkU%Cp>}Uxum(k zlCKLMh0_c){QIV12XsWl22dle*v6mPH4ES@h*_Xn00J<|vKiI+--c-QMPWkrhY(qb zzBC!CA6WdrhW&;EAH?+B4K1@H;ataVUR)U^CX+5r)2P6X^6vED^WXrVDqq|2{{b0} BX_){3 literal 0 HcmV?d00001 diff --git a/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.woff2 b/2.5/en/assets/fonts/source-sans-pro-v21-latin-regular.woff2 new file mode 100644 index 0000000000000000000000000000000000000000..e49928e8297a96a91c41824c0362e354e6a5c867 GIT binary patch literal 13036 zcmV3W(SHa8*XJK%(Lzcls90u z^`CW0uA`!yir!;HO3qi=|9?%8W5i%zH&E3tMPL$@D3>TCZQ-!O+R~&Vk2D2(NgfQz zgVMcbf?Z+d@ag-G%YDy@9_-&5vF4mBjcO`&*xBt0Leimd@y*-)q!Jj(Y&F>@s~rMvI|KqD10z+2AsU))x@igKXm;J< z`MLFApBycWZ46eh$Y#wpBEq0-un^A13KZcKqtLUe?#^n=^Aw){U;E!a_m00m^UV~O zs@jNz;?|(jG_g9-R8Il?@2ArrwzX5o^3(}%BH)i0hKrI@Y*n?DoZnIZaIj`y!kHzS z#tEi)q(}6roIfbsRF*0IZ+H9ZZ6auUyQe)a5t)V|NRS{RVcz-MWlZg(_wRfw zXM#jX44w_5W;1(4)EHveOVLK`R~HZf1^@s6Q(>zh8*PLfbO>_61xQN^GG!VvV-_-R z5rzQhP8uM~?t>>`^S02Ng2vHnO+xl=4muD*0Kg}ONIzDLSBxBpu2yfP&TSlkfy$rQ zH2}1YhdpSE>noDLhF}0H90x#v^qNjINdO_$`a_rE?3azXc=O@etGkwF#JyGh&tx`l zDbVM_p|P7+%Y_KH{%OJ9$`eesD=xK87xO5mW_z3;YNMadl;-asrH8=fLUrJ(qnSbQ z-Nu*ZuvEBe;Wes(9*q8$=gXr%_lKT*p~rDJjGY#t-(9K&Ea>EV6J@>dg^hnfGPencVT+B-^#l7;H z>5Vs-x8CC3d53xLJ??{#qJHrU3-XK`1|S1asVL>LQ~&@8F~|qwPWcUg``D8LF%=*% zg$clj7%D}lp2bwt*D~=)wThQT)9r`fm zm>)O-X7ly-aG?S40Nra*Yi;bNa_Zvcc~LOG)`WA>1Yhn?lPNN;Srx;+ijo67HqD5K zo!U9NM3^J>dd^cks7h*kCjLl})GJdq6iw%)z4hzw?Ii_)tU{j@Ss=@AizRl=@fQ#lA$|5y|CLtpFXXD+ei9Dkx}dHtn7L8%ADr0TS+)l)u;5UHvf3OHc; z;G4&TLZ3U(&?NSL6%G4e=LewgRPFA?wLK-Wx;e3voe`7Mq5I><&ku(B$G&B0+-pJ4 z*FN^>vRy)n!bVePEkul0d-RU$Gxa-@H#zS<7*?}t6jtW38;4qv4HxPgC5)&Pp!zGA3+^C94@*)#*57c1-VL zQk*>Cd{sD!X-f&Y?CRwf{9*F4S;aI5uD&kVivcUEGB|O7?XBV<6TsoOE`Iu{kEKeU z8?A@?zxMg}=|+O7A#KcNK}jPtizi!ocxj5SCzh}fc+NvwmshOy`LeIadS(ib7HnEv z@U62R!gydFln?(&&LA2ap_MN|!ND3lf*klw&J`DOtW}luS^siSpGHiO$p8!-B7_l9 zQ9??JOV%p3Jq}7b?4-PwDK%XKYs{Lp$$~|jJ@&*_U-`;*-}uH3-}%l?2=*Hv06zdo z7sKFJzPz*mRZv(|mLW$1K)p#dO(k*!P=uxK^XDlvArZP5#s?c+;0NvfI!Fd+FSSu! zLa{v^1fU_NK&4hK00Mt{qzu3Xz~P9qVW|jW5ypf89uQ{0CP&D+vvHaiN+npWzmbAH z2;)QuQn*NElfq3p4>4Y{_{haiZUOQNl3!>*P#967QY6a~k~7k=4|1`DDuaXyX{uzX zk*RJ3C|h}yPX$a!bw)YxDOVJ9f=O|bxE2YcBJ=U5P+dLZ@Mi+bR8*NNsv;`V5ILYx z(qT!;?`43i&S>wisCt<45w-a&_<`N}^qZ-zImY9Z4Z~^1y8OZXXNX^$DJ>52ZN7d_ z|9b2Nct&_+OTnP6X<~R`a~4)$o{aUUn!v#=APsS%Hwo})m>?YjkW<^NomQj&)ls$Q zmFC5iw-%W1e1OD}g4TW)D7K8uSB@WZ5W=OYIRRsrTLHHN4^WxM`XD&}3dcoLOf_@W zJ?6({OvAqBk26IMoy%=A9?Nj9DHDG~o5KSjcZz(n7?4+xGHfoy0p<#pNV<7k zk=OMUY>y4WmfHXTJZ(9hN4b4&5I_)d14wWsG=aTA@g>2}NSF zZF~84yI6LExI?74K-9&eZyI5m22q`YuAKR(4W=z2E2Y7o+#t52RQuM?{wyKL z(&ftB%4I^yU|5Up5*!yl=!%g~R(B!2STYwa!++J5y8e+m2z&IiW&nA=TT*8tF2s?~vgpfoLQCZaJz&9H}VG4-L?w#&5Qg4<2 zo#SeT|F`w2_E;1C+fa9S3jW=eJ2TUT(1X|Voh~pug{1(3pdtkbh4!^9uS{Tw$bo#( zLRe%xry%D_OP(Nqn?syZ90d_CrGP)y zM)F73XfSlKx3~!Xs$(IZ|{L+`QYj6T7o}hHxP`I4%~4#wFnhI1-MJli>`wCfo)*0Y4i*mk>jU`vsogzYi*K z$Y|v%Hb%EYu6gEL+&tS$Gvc$NprT~mbX5!8j~?9c$M7Q%U^T#cfDKv!&H`KqK8u@}=RSBk zq1{sZJ@HwwB^`aZ9X^<2wb`~l)|mdqXJ0L{@Bc`D+3dUZ0i3W+zaRYQ@WLCfytQU$ z5L+G^^`F)D6u?XW9CDN&MRr+R5CJXK0`FCP^n6_ z8np)08ETk%4H^yC#9^>yx^!D^g_QtE2>@mQ;0KWL4aofsxCMaS0RS$*z#$lP(yU%C zxMc=K?^XG_M2(8;-t-(^(W9zSs8`)0cP{WhYVisAFJP7-hZh)F;#>ZVG+Rf{~7Dcxqp;VG|)z-9_d`nDEFd{gO zd4$O{Giqs7)n_I{LJ#X69`*2`;%hMBq0E(N@YHxSXO2xz)XgWR;>Ij1G8XbkNjDNKYC4=}tn*sLWNykHQYc4lTTuuv%7|&IYPn2iuvQ6T zctk{qHt}pTOUS^8K#m%57UW3fplLEYqzU$_h_h-b)`%#CeF&JY=Rglo;_^SiK|A12 zdi=D6Fl0`yai1{8kP;Rloe{InRe@r2ffte=nE~!2r;@{*V>1BF(7c~>ntaX)9Op!# zFg#@WtRv>SMpSg3;AAoFu$dIqb=|@MX)w0uNqx!O?)Rr(cCz$j+(V zRL65UL~g|4Vo2MMpHB}JW-dEp_^FpSu*#CJKydHUo88UUvQOj%x!8CK=q=;fh71>4 zCz=m%{EOtHw0~U-sH@B*DlF>`Ee93L$Z==ek9>cMApXp0z2xuVQF3EVh6A7Vc6}wg%+d$=9hePN1LKwm zda%(0ZEdTN@x&dnC~v%JU(y;3q z)YGqL=vEly5EUj3F8st3J@Ux9!%4utB*LUvLx<;k6_Kz@D2Es)rpMIb50v(P=_iFZXLIQ+~d#|6H!z`VEX}0Kgk2uOKJEqx592>h^@;-OG zMs|>JFjx~XE48iRr#Zb;uoW73!~9UmzGF1FKn zOhW)MkQT}@ONa8_4&L9+_oGpuo>MgyC5w6=)yH~{GtQN}N-s*U@CTC`BIvOK`sM2- zm)U)Q74fqt?A`vcD(C)}7aU4`W${~QoL*j@4BZ0zWZW+EX1%Z0jm(FN8B$s@Koe^l zT_%$e&du}k{6Cbp!|GqD_Y|fX140in9&AwT()8~Zwh1CgUrSSR28gHLC8sEzNVHfunhWg6*jbSG@##!VaQoEr?;YxR@!c0ObnJQNcC<7bF6!SdAhvIe zpwW>Lsjq3zYtGfH+zJJXD zo>H~)=DVKjtU_wk`vShM`cnpVGFDS=~3R7e`g(#qXze;pW$ue{0R_~uvoz-WGqwuotda-w*9FGZt))ZZ z$+s~+RqNq`Ef62 z{+uPtFq)8Q8AOIP9c9HY;Zb39F%!~%^B?+C{$%Jc{xfjd>D5vY6O*TfW4c!9c7tW} z=YO`^9PwFZdht9yWwc2oA@LcpveG{3$?mlOu3d4|%)UnDp~6s@Lq1L|Zc?eBf(pI2 zXLMmFB(B@TibM~EPF_{Ms^-`rXp(pIlbqj(RnsZfWLg14rVs^g-;K8NI87B{hfqiz zH#Mw{ah~ibO45M!&+=p??|YkGCgx`JuC^%Na1DMgUnM&f<`e(gEUcdHV08zOLShEL z-J}FVr;s<7QX@hM3JcDTCgx-5K$xR1Yn%accbptYh2qOo1OfvsK|(IoWPps;Glxqm z#TI|-zgi~ElJfo4@Qx|FVzRV)Ds!$4b@ykt@~U>GKQJ8jbld|X>e8`?u(Z45 z_rKOC2J$pXM~{|CC+Su|kAB%5A`0XZhFsB zAgHKrNlMK4$)xpN=eM|#q&gl4v2vX-$2w$hr90^26>bE^=B-zILliFR|JdcNG=bM- znJHj=*>;l(@^>T*8*$zpSjh`C={VIYhh6aqPwW3Hh!_Zl8 zoEQbJhaoay0hV4iLF%)|bwA$15Q4zJwo4icX{qzyuj)F6X85`Ff9XDg+QJ*fq>3IM za9ETQlkT>KI$_>!tAequ|MHuR4C4qW1zHP=pfNZEdL)$w0cYt?aH=*~dIu{i%3I|2 z_5TsVzJo?Ef}S(vs?-KvmoRI%KCSyl=>C-adZw;^Vcl*>^~dg2 z1D2jSK~`Jy)j^fY>Enr+_vJoVwG;DJNXO03IK3Y|2;0AH|I6<3n1``v%^7yz$xpGf z-uT{BP6Y*|SXR-eJ5!#v3aiVceo$OscE2>tyEkvB)Xy@BUjYd#gvTIGzIOPl=ireI ztxsB?WuCv#@(i3Al2m#;2Hr9OqkT zoz-E`sM3d0tt}&qeW_BO)XsL4hc%?wgU6R@ z@ibMQhS%)za7X57RqRyqXtT~R+C;wa z-TeJ6*Zk^Rc<{sYg9LKn8I#?%g|#(~g&k>`hCJT>>r=Euo~~FUX!eX9)>%y)z^|WX zyczqbiZ)W=9mE~v>+}h^!r`TMf~)W`(yHAV4MZVdV>{`)C`rzDi9Ub7R9KXy;N17u z^Yf4ThP7RK&#}KMC~L{@M;Q8{{@9;^WAe*8oz;w>8XCl(H^wVYcVD%S`PMC$LhG32bmrtJk!+y4tj$)$Q@NxXlaVVDsV@ug4_rZ=a|{$$(c3;PRdi>{e# zD06qrDl3^fIl|Hml}BIxYb}}zA`f`_6?s{G$7^3h_iWoU`m(la4mk4)x18+xAG$wh zXTcV5?ANi`*}h$$l8gfogg5@<-IaN4_Ag+`%Zitodbru~`DSn!u5??p?wP(NQP`j! z3N00T^jlmBMV9TV%cU8rVF_+(oR)Z*)iE-nNY19l0t%d9!Tp34>rQ!&_+^GUNtD9k z$@N}YbAi%mP&g}c+_DlQ_5=I(e+opyHI;ICz1yRyuaT=b27LQ`-Lpi7fkpC3yq*d@ zVVPGH=E8xmatF7Ka>*Kslw#Wb?=a6^?K)|)t z3T3^^t*S3oiu23HRD}m4Es#AU*F^lY`}jZ3#4{<7Rb`j*-A+){t5azqht-gg8o%gE z(t3=cz)`8M>;<3C9;#PkvjQM=2L_wSfEr19x{&MeQn|6BV{6rAk!4r`+vcM1$Wdp| zvGERWLAp<*WXf%WS+*^-3qs*uI(@HDctJSApOn>fdk< zCZF2~%RFl((<J=s!z`pGR!5q*@guQ1?hFaI1Q+C!=i^>Lt zbQu4bq@NVQ1hnv5+x{251P|d3b5Xv)OEqldkXEC!jsCsaVDUCK*t_XTdhVcJgt-Um zL73;}4oX}91gvO(;xi-b!*#__eWY%J73sDiCq(J$q5242u?gv%@TANLO^ndDK~0f{ zIeHj~SpNT51k-s~P(O~#z}T?5&sVaJzVgN}{fp&bUYFGU^S7OANhgiv!{ z_a1qgUJ|wmXGUF2y^cUk7U^l41i_)9{x&i&tIH~9^gkPnm5=XL5=J0%vnoK zhzrln&)?$AO$RTO8~}xhSB*KZ@XeM~cG@blO6k60$oheAGV|sv-YSzOCXN&3`5hmm z*u_8Gkw)?TW8J@!n&UzJ{JxD{%hs$}v_k72x<}6m<_sS_sikG~6fjKdqB~)@h9|l= zpFN-b-*?FH)Y@c)*HSgPq;B|vJ9RAF?-i!kfm3j08ehNy_^MFM-+gdgAw?uIir-#H z6LYf*$5vtRa(`QTu8KIk`_@19M4mEDw5>eHq9wRUu!ebXR6|6uoK1z^Km1~oxg@;Q zm`Ax%(E3?F_`1JYLe;X8y>z`@sF{UH7h*Vauf!yF;yK+wdtu;;(`gB1Eu+zosy9w^a@*r*JrC#P*Caf z?n%`BA2ua{bq-F1Qw``RAu)dQVJDmy z=lP~vMz(6i2faKaTi*z`aAc7lq@A1ZISjntZON3PQc6Ayq81YjJeQ5V zg)korpV$q&MOYTM|4iYQJqbK8|TNfZ4K!#{L!Xw zi(p38F)N;ahq0+w?dD7WZ=SYwv4^UmYT5WJ33e|ihR$Wh@}j~&Z=AOymby&i-(_G@ z54(7m#*uc)xD zZ)JDgh61fb-#UG|ezZhl7(IQup%u6cb8a*VcWMwT)Uq}Mpl}NdCwCf~_+q(HNzpS7 zz8#YzP-T}_q$_lzo7!#8*^Q{(X7CDbFBg5Bf8N2A$WqlpQdJh#t~NNaad`GBK1D}7 zw@sJLka%l-4w*WY4=rN){!uaBuylw?EwGX{Tp^84Vy5y~!~M#xxoBi>NlA&4pX=j;{(upr1NJql z43&8)Ut%`5k=q9?hUJ0p6!{F1i$^19iXK7~p_#{Jr>0T(-l9S)eow0kx|r~j&gMDt z7*Ul!*+jNfD`fPsNfY!0NGdU?xYSS1l*?H>BSYvkfTn#anMIB>kzWVpnTwPxjXg7n zZznCiDymIl+W4#yp!~XvPVrcD!F+Y8UeZxH-mrAA353DR>Nj^SuU}VIruOo#9qp3b z+&Xotd6c|JqdwbK(1&go?$jbys9OP@TUa=$)6m2hON=UtfwB2lR}N2^U0RW@(2j0w zPYoCJ3;O~_BpzXb zB&bk0JyT;W0*%K*NBQM@{qjRcC0x$xR_y%9r9TuXbQBSj@agB8fFXhv$A`q5*B}3k zqXcvCn`&Nu^0CDBoOCPs*R$PdZ7TjUDkdQ@28Ghlym52`sPWWXKjteJ-&OPDqhiy< zTJt5FB3Jw8W<62v^@)QK>yskr3Sp*lcvcn-7Z@9YLfr@Ho655+bX-8(cO?3Ld}0zq zA<6)MX*-svP*yfCZSDeDT6)ISX8!S>1C%@Jr)s+Ifpn%6E(jLRWa_jckxs`HNp~Y! z0B;fB6NBrUm1V|zZEeQ;%2KklKyt64K@rD-tj#NoY@^rkKgoL_e_`G>cJr@hHb`2? zZu-^4-kJygStwuV5C>=S64^Kbj*a05XNn!| z=JEL_ctY(%zm%tSjKb_0VlF50QaQFfQnQ~c;C<$mfGTFjr>#&YOqnRWC>60Yi zJ8Q??OO8iMN_%9r>Swi%2z(edQ1)av#o2U$Q z`zilEG3jJtlMi=@lBZ2mwTw3B>cGo$CG%kmIAgs>;aXM~$3Teqco2l$J9wk-!(sI4xyft_%DT5Va0 zn);%Yl*Kw8iS4|vVB1M#YS6!PC)glJrv+?P3EF`mB_}Pvf8=P&W6?LPNu(+!P!bd5UHzEmBj6;lu6)(F&;iZargu?qlII<{B1?uJx zHNom2uABR{YAe3?r{%qjC948E-~tP+sGIhSKs=N}xt|=5|Nm+9-s_U?(1PpVqJ>ty zTH&^W1IG~!m8sv8adkvuF7~o9ttxLwagBv=_`hYh!(-_xGnCpVma7bsl!P8I38qI4 z=2kSH7Dp$);tz>yfa$?@xYDL!q})6RjSt4MO=6zVEM^m0lu%R=k?qtFU%G{Z(D?}{ zCo(A-egby`gWP*%T_G2}78FMi>XPFpW=ca+uw(g3!eRJ^+u^Ycl^JGTBbKR+ViLM1 z*>p1(4i-5#Fvg|(7_A$QXX9FQdfeDtknVhv3tO+NgX|~MP1~35&J~aq6uUSMu{bt% z3Lkxa1)MHHKnM5P)?RGUahwHnCt3YJD7)H*7atq}@@VATfv zOe#rkHS%~Wl9Q;diTEyJN*7)(FooC!j1~LT8jjw;QET_!-Qm!Z+ z&`~#R+2f$Hyo}`54<`IivQcFA=9xmufrv*J6-pxHj52`^7PBH8n_f}k720Skev$qs zh$I>T_SLKvk~tW9qyTGr0HMs_;_@C&kG6+Bqeq?LSoa8{`w01CbdMbCe7)+K>|Sjz zr*}C}!E?q=h-%W%dxK*_f};cFjDe`;iESlJ2ct70H43M5m4v1L;`#?h1cwd^zQeg5 z=5rJ(Q<^5gL%m!OfUC+19XhJUC@9U9kEjt;_J1gE2mFqI}s?4#j zI&~&k4X^H#RQG|Kl}C4|b{y5JSpc4<+Nc8gE&G-%U(ywo#mkkhCH~?S+vDqJ;{Qj^ zZyO)~CLZ|)QMr@@7bb4#)1l6M#W9%+;p-THpD3pJUtAjVVF1>;jDVa4H6o z7hQ^aUtm3kX?uMwX3%VQBSolX7A}qwq-~@MHJ~j^8Y%@=Acg7<9Fc^SDf^eaJ zU@xthLM^6I>#3CbNwKfc=vT3byFu_1cR|ME5&zym#Kx_n=Lj)6av_%Pqi^|A3}>MQ zP~=)(taHm!!w(A5kOdVR=CAm>t;4>$3txRkd9MTq*^zNz2}Uk9*bF@8TMJQjU2_hiY#T_ z%w}xrR;`=GW@Xjk6LzOC{-Q9!B~08VaiC8&y|uI6sDRa*4ahpwCLju@IYC|Y1Zc-q z2gjeVy)CnZ0p0r5GTp1X&_}@d5%~89)olk4tDbn+a#6h)$#nCz6Y0hn2u{iNqEG8H z`YcXtq@yDpsmMp4)93XCeNkW1m-Q8WRb4B3Jcp!S=nvCCy$#F9*vlFK;*(DA8g%Sl zs@%0ZTbD8qINk0+Cr<4IU9%xYiyzer%<1!y`~vX9{=DK%bfnXCqO){{&Y`^G-g+Pn z{^LIV`|#iQe*mNY%3tyU_E6c4k5|)g044#P-j2I>^|pqc1O`m$E7c~Qs+mtTjNp=% zuw`-px!+q0Z7OHp{{Uw#IP)na?|r_&OWtdzeruC%~+`!61Ewm{IF=c{P18q7Y z^L``uOs}Q>7tVb9w`WqJ`R0+jT*SyT=uq-wxPQ1qOPYlY%eY8hB~asMF#0ix<<5v z2;+~c4aQ~@^3H?EY?{}PXcY94<|QIFE_DzZi`yzE`junLdYsVYI-O9LSfF;v33b7U zzJMtv0x!1;jU`LE)?O!epD{M{Zk|826~kMgGo+_9DcY{la-4^{c{kv{ksJxc z1@;EtLFo6h&kl95Ya%;b&9)jpW#$*o-GJqvyzEI@w|^x~+rC{^GFvOR+0Z*#01 zt(LvBep;1+K>(B5_)Bij6s9Zw2gB@3fSd1Q0RZlO+FSq2-VKJnQ-Fm5K!CmZ^A!X~ z97lFZesudRC7U7JDKHgaW~Q9U306s|NTPZx)wMG{Sy1s2?dc&;ExD=akVT#qDM&vq z1lo`=n=ErMV6()}4{5o3x&+L=5sb>yDORIn_a3WcNxU#~xF_(1(bv1xJCS~K;-O5A zXp(e|M?as-$Ep`54naIzejnZe5#4ee)|a}2>9$X>e=0IyXhHgag3zSC4`2IL zhZ(%*BJiyW=CG~sGt2R>u5`a>GM~?-_YC#r-Xs{3_t<$^;cs0M&)hu?kKa`=8FZUU z!Z>*`>}6U>^GJF_i||lh4A%z?g$v0*BN`~n*$wJLQ-&t49|tfk+|hU8JyTTu>yIky9HBHXa~G?GX|W=bf|H zI4BJWlXf0}gaTjYlT$PyAZI>>PZnK+I!%H&iBr0-~j< zx|?8H9!0V@d^u&TAN{Psn;bn`N`oaymkl*7Ab`-ut3{PEF1wc}L44tOKZ+VmdgK6a zr3g?Uc@e^D(GKT3PwVm*#^WZMP=Xej3am`+0JI*Xa0+KojyibZ!Wf*!5L96fR;ZN| z%XH`8L_|JQiRr>f69hrI0|x}A13Qru0?s8{j3TtcjABShGKyzl2mReh4v&(JxIBs~ zS}EpS1Q<7Xq^?`9R^B(Pr(Mfnr>cHmrc`zHjHx+dw}VbVW+WQcqVlGWzN7R~yDE-r z88c%_Q_pEFy)(S@t`0{-RozOfY%s2CV0fp@iW-t?dHA|@Hkj5lsih&Kka_iuWfh{; zRx#F9o$rCQ%}(1LvB5syK#oX@T|2AIL#JY$iuv3UQ@3?bM`Zh; zZ5Z#<@i^|eJ~GYSGLl;5Q^L&k_N;22$yAMG+AbE9Ig;KsFwSw@^doI&&t!H-6@wXv zHBH-bj*j%_@I45suV`C|u+l24t+CcR>us>n zCOhrA`*O_(9g-9Bex7pL8D~K&TaH|L@@;h5S@TMi>Qv^eRHs~U^sa9*SIzx0Ds@^aS8Z~P&+z2=28*P*^T8y<)zbVFPHQofTZF}iU z{$j-umkuGwixmeU9uf*#0!)G8OCX^{l9DuuC6RPwMWQLmdJrQBdW0g#x}E;A-7%-_ zJ7}$SqHMLzQFV0SNZ>`IK#>@Q)Si>1)*q&sYC57o$tb#*1{GUeh~h(r3SB~&5=#mj zE_{TDC6^K@a+IjiqQ{6CD|Q@RmdA}}lKq0Hu^_%S`w}D+%x?p}h~TSlcEQ2In@g+M zpNSGDNlI^qTkflO$74^DB~OtuRq8Zp)1}XlF;nI&rDn~Rz3)Gy%yioI244&ty)vqa zft-wTX3aEsx(e=7qoANDHyEbF{C5cNQysjltguIi z@v#u!H22R4v-?(gFFRm(ngQd(Er#n1!>|s+_;7<^D&XZxSY_ds56>siX4pDtNDJf# zTfB6Bs78Y;4DC-f`{UIYK}=PeJu5$VXtassrorUFST{InQ%FQB}D~bCCJqo;`bL zZpq(J-?N7jvS$yu>wYTmOGLcx^*wvo_uRT6qxtaeJeoRQ%dBeW%jh1*FX6E>dC{>S z4~2<+6%i0m-$qmLS~h(+u8cJu;S;2zJIb4263a}nf1FaT(COVW)&8_b<-%tP5v7qG z6y{Vy+^t6i%P)O|6MH|}uY44+S*Th|tg={}D)d}+T$?XWT)nnfyk~Up`iOWL)%FMRYIZuiujSs^$Lu zL%NKsWWF6w#itH2{{4mhkaDWO4VO+j`7_0S2p29=!1%B8p<`#9V*blKL1R8okFhi6 zlxci=bOijt;N!x3jan{Cx~5Ljhmw3h`=dQS|B?1TFv-n`wwb-WQRiYL|3$(X^NJsO zYjLT(%6xQAL*y=wg_z=HHm`2=>Fn3LviAE4OLF-WWertVXB8zwqZ*)H$I15}_mMV4 zzbaV5ZSWh9T@cR^@%SjWKFmR!3;9TRfvYYrk>x{0Bp3_MDTcA`nyOFuiAF^}q|8jX z=eD76tGIGN+dM~%)K`HG$m&5Rct6K-3lb?Tk2cNtm{p^&?J||h|6u;CI}I1nxM;HN z@Ln)Em17r+jl2C%GcJ5JyUsW0Agi}qBnryxi?y?FUd|2rCx~;2w1t&IcCK$%q5Q2p zC$2GVM~N<{vtR3Z;PM5%!vm{3S*$i4FRWx<)qb{frR&(Ku#Fk7%d3OWWZ1<8uR_zF zb|6gF3In!W(a1h^@qGLVGKzv@^2|ZGIq>s6OOKK}yK-*08L?b(jLgo3pC0ZV%(W)U zcD%l%)12~wHemF&&J{7QSsl|s7oGHw8SQA)X6_wgk?s&q7z$58s%J8y-Gk|Z%-6l| z+3Z^J|keDFbgm3kq_P_92p;A_z~{NtP_htbI(Rv(3~r_to^{G)?tPG(*R6a{<{Dh=n{`P6!tU{Ye)bm0u?m9GXf> z1Qh}E<(cVrIddrP5NiY_LOi`*Utg^!9r`GfK9!B|rO>e_`D1N{b`Vx9gTV{y?Jbu9 z-+M`FY$`=&kIyoFvR>8Nxci)3^{L#4@L=D8E_s%W`mS&X|OdLN|0%>{ZxWi(MyP0$?Wr0( zxWic{(=+=(tw(AprCZsKmv1JXyLPtr{`kCIR$e%-X1P|5$m6c13Fzc|%Ex=ir?|t; zF)E|#Glrro(lSOeniA(?5v{d5pP|*0`(6!DA#luy?P^ybg9DJ3O~cmN-BZVtyB~n8 z(s>+vokg{9?FD5JfmMW&^#nzFNshQy)k5s6qf{@L3s7!ey(P%kD!C7rEHcH1c#Sq* zoD})0IKH-X$3^iC&Jy1mQ_m}^z!N%fdvkKF3o;(!Lw$gZqFMiKjZr{Oi}BPYTk&xKpSc zHN5eg2Kd#K&(=Y@py|Gd-d!8>=l>^D05h#PcCJHim(u>()c=&u6*R}DidQ)Xolpt4 zef&22rV2#|um2q7H(^}7?{jz`BCxNgDcs+!McK(dCbP>TKsMo;LuC*XEF}KgXJ_~7 z>WO=PrzTRaAf|k&8x)+5m~;w(eQOA|XQzbQ#=K~)rKFG*^-uATdbkMn3EvOt%e%uJ zdf7;hPj9&IXq9a8Yf2zD0)8rIg#zJ@czt@8_>yNS#kd)Zo7ImwWZlYn*L{~o3d4Wr z>)X#unC8@HsU>OWw@|P0)p!!Ga%8LaB;y}XQ2CF#WofOJk0w@0-tSj^DY`HyylEX5 zdKoU5{UF$y%dqCz_I#%d1)cn5X};JO$ZU~wjNEfwEn~Zu)kl~-fgwn*XJ*z|tdcTD z_O_^OY+T%s(uX9^iFv*yXFrY7`_9I5-7p%#P*#3T?INml*uF!D_LepL#p;8EB_G{#L!uuI7I>@&E4E(ptbB=`i5&yLa;MM(2_AQJ_=K zDcJh`T{LDK(tLW_=@GR*g|(}l|A)U0D>Zih+Md@~G?%L~t`zH-dRcGFcqD)Rs=xK9 znAb!$ljBx?gZvKa?22T-IT~~EPbie^)Vq$E7Jrk5mN&glYL6E9UA)@XxEvMgUu)@9B3>u~TtrQvmyC;&PcR0b{ki$SE!^Ze z)i7g0`_>b=z3l9<0-Z&DwP3?f3`^S6w#oO}@>>T!LLO42D&>OrA`Z!9U?{ihrp%*``nnF&?TWzE*L3oID zk{-3NVPRJ9S;B4dU{^kjtl#2Gf5&Cag!i5$hT$U6brR zxI+C&Tt6V*OF_?l$X;6YKptHBOVUujOZ?iMjHH`cb4K#THpJdGW>^_LLKw;t<34Lq zDKXzq7#5mEVz-V~X<~$Ts|)EMD1;ozz?RT~^2x39@ zkka9_nK|AS@7Wn`MO0U#P1K)t%gzbbgUd zv31xEUmkMD@1J9SV-w-Md-`aMCJxz(?p=2oGTKb173wSz(!3OCJ$kK@*D~cgrJ$Fs z-j2do$>K2k4@je8cWBoHcRveovz9`y;heuH)nf?dz;{yCX0t1$O(|45K5MfKUcURF5)_w_C02Ew^ra z`zyGe9pfQFR3tMYRsWd)u1w9wUa#F4hEMO@%&TZ9-lKi{zUFMKRh23Ygxf2h`ZOnF z@uNQ4`z}e&wHb?JxSjR_vnO>ExhQ#29`Xc^l1Ew1gDTc6r5@~2?qqXliz?rPa~vShf9i+d7&_+xL)KC?J4|+H+r2l z`C-MZ^seS&xt@c>v93h@c1%bMx~+a})JviC%X)AHlX|DIVD5Fztd9i;Al#4J5B9Rm zj41Hwl`p~}xC4{G08>^9MV({pdDO*u1I=>-{aU`R;YrNhQvt;cv3k-rB7&VWP!5~n zC(6u0s2&{iJ07EQP6Ku6(3yZ3F;~Np_f;KZ#SMs#4SAJyI{0dB|PU%a*Q8!u*w*G$e=<96Dv`uRCP_+uBci~xM$)mfExtko~r3D-$?JZ zAUVWI=2-E(KlBTGn7vOWz$ZQCsLUahWMUPxN5%o{Q;E@}05%;7tEgLgO_hL*U#s#vq?{O0gx2q~@R;=Q$UJpDLe64t>T=jPr_Z+=EdP&`#; zk24muMpahl*$r;KtC&egUM1S0FU@-EGL_b6=nb&lnI~E&S>eQzUMit4&6m{ZQ(7lA zl$399$cC5Vom+-gJW=fKq_f{-b#f~W4@+zrd6*>y-$@OS_h%Y+|04@bJA ztj2N1g3|4QXgg6Pq0?xz8|pYob)eUL*x3~((PfC~3a*87ccHV;lILk4U1-sf)xIm{ zo;n`B9R{P<=XF%b0b~<{x;>#;=UEV2xMs+Q+$8-sxXJrsAw+ANcPu5Cx+<=!p^_aGx}O`Di^s8fG-G1#U;bnDKX3snRrD}Wmmsl{ z^L&nw&vGh@YcPZU@r!XGnwn7wL%s>7|HsIPd@Y#jc6`&+Z&JNn-zckKKD3ZljbK zB;Qj+SwXZN?6I>@s?vs5ue!bzgPCia6u~Yi@dVx0PPk|CS7C5!vh&u?j=Q)N zn2w_zyN08aA53+AP}kQu3!KKwOxhsQBdX09Ahvx%0GQ=u<5Ky%*@L~kz43XU=!&P5f_3YuAGRE5ew0d;L(lTu^u{X#4WfRr2V^r zrC;u!xO7e#$fo+)6!fAIx5|kgxGBzQ>3(>g(+-IsoZX_6Ze-b`xGZEPS;|$1)a4fjFc$ zowZD+)Ln^ONoOM|#vCM)Gc$GH)9Hh0XaCyeBs)-Y-60Dq)TPGlN#W2TJxVK0KIBmL z!>?p_N+< zJ}RwjC?7I!V?2vhAaJFL=dazehe?wxD+~UPE=C7RAU>sr2pMPR?QthDXOY*tjYc(PwJYLas0oy?+5$G;#>V-F*WJ`bi z^0Vo0?Ik}TsmH=pv%hKtx{K;SJ)V)c;=DUV_EW|G-`)AQ9IVrLZ2Ethy>#+d5G{SS z7~g*Ozli4zFrGd>Rv?7*H}O8b4UFU0PX{Fah+O_FJ|A*YAe-^U^xv2M|77RaeIg`X zs;}WEb1Zk8cW`8-$-pG3A1OqTp5x!qoK@UaUMtF5WCc-Peh1|;cRsIj3t725)AxRGd3_ks zHp0J=wZma^7p`#1ds*0hE}?HwXha#+#AH;dB&jBFb+*p69G^~sc-gi`|IZ1#Q?Z_B11 zP9u?It$V&DY2%6Q!$te?bytk;6@$$mT!3B;2n~T&bUwK)t>iQ#cOxcE?ay^R$6ISj zN*~WAR!sJ~yEPZREHuT0QvxH&4Km1&zopID>8_?MUg5{SSS&8=&!5=q{yFu-@?6h4 zWmJmB>&5E8^pb&*%7je3fyAE@JuaWjUTdjo#C@%}FCg@q26oQqP!h=3LYP5%hfj-* zFo>Unvj;2lw!Fxns9Ut^N4CY}=rU=iq399bLk#U$Z%oMCngH^?V4tg9%@h|~!~_-m z(zT$WbVZ(17Z7dYTrOXmWLy^Bk!$ub%*MXDL(zPfeSm_nc1Vm~3Y)K=Ct} zIBPt6hY;IyyXC1?%|SnXYBBEl;xE?y;**malj9%O6>A1#A6zC30@tO*u5?E*JGWS} zT*hI!t05Z1s}GXzNX~BZFO9Wbz+rn^7hAY&L>fzShNjZ9YN8)X3I9jJ#AlMET!~l( z5wD`Ku6I(@OgZYEG{QNbo5|lFNe>O*E(Ru8?EYj1pRu!FhqH}eJ*$W{OuZ(-c5v0t zXlEn1(7f?W!>O+Gj6HFvH{H_9)KT0=E*43@>SdJJ8slvgp)!mr+uV8R6tT4$HOt7BX;x4%FAVlkuMBJ*hw%(5$HFtW&US!*)x_yvCBi)97e~-$F=KOmefD8)BO`<6wjjeH z)g$;Hqr4clZrn|?eOVLFB?8+lGuEtYijA!vpC+ZuGiO*c=at+(iFZPQHTP!gq^vMN zfHfhIYt*b-Uj3)^?oN8;mqDq*Q*^bKy{7YjA~xwW-~8UPnSHOkA6Vwib${(y<$VmI z56rJ{t%}2#jcq}%((o?y&KqNzHo(`Q&vhYykcV9_qcZS?^-Q{1{YtXt9+RFp@1ryE z9`TvA1$#;Q5R^dqST{e$nXJO~cJu8*1+)7Km<&=ZlQqj(C6>YAZ zux^?x{zOq>;P-^nUER@GZ|>!0n;h2h?TE+pANj*Z_!N;A-GOAb749Uf+5~w!jkSrt z2egpWlCFOmb9QYIk$eVbK)0Xb=@rJFgM=MDqR=PWKgYfQI4L{0Cqs~w0C*vNlM~`5 zXdknayCe3$)!yvVe9c1tu_XUj=UIVa{@-SpGsMc^hE8OIski=A@&8)#WJ{0>dA8Qw ze&z2kT#N)=yfU={w3@%#ez0OimbYnG|Bl;yu7k7=gF>|H5$WWMl+|11HBIyuRhM=O zbktl!RZjoMT3i6HyB-w`1XPXBbPw;}m3U?85P#6)&qR!L49NbvUXt2(bC1s_23=1h zm<3z-#D6w-1iZ#De(Mz}%}1hqy&LG{|8p;;o&&&A!QxppNG}BfS%@pi@BPzYMfw9F z+=+)!fq~ot??fo%v;Nr*pj3bq!236^_?-reFXeoR;EC|3z5J;nku_a)A$@KMIGm0h zFFN=M@A9A2n++M!*^b6r(h6VS<8z&akMv%weaA<$UOsK!hLcS*awWw4seay^6QW+a zEq!olSEqxN9bfVVDjmK8ppl^e9y9w%q9^1eT*oBUltk;R($c^V% z-r9SHZETOPUjd)^j8IK1B*dlAt<5Xzc*K9zNJAEHE}){@DP z;!x@&n6KjYasEBu*MIOpJj}nbEqeaYIW}DmN8$o^91Yv>QFA?AF|6tHB!jNySgM!L zw4YupM%lfv8bZlr_$M+Hp~kZ)Ur`_o;=fBaGFn>3x8ou?_3ee?h@0^|ZGEM~ta^Lj z|KUXwH1}uT%aSxg*~;m@#A*i-?DVCx>{7*ZN86f?HMG3wn0Z~jaLVLE9j$!L;NX(b z!d$*=K=V0!&-F5f!$WI+ehY;dMJq!Hp24RR1ZcPuoaAnQ7qUEOvdpa2gd8s662Gmg z;@C!deS)VAo%PVL0D|LkPlE-d*ehpz_Oy&vCS@A1Q8hJo2zo>bKt-Jb^{(G1aXgU3 zl45-t5Jz}WC&Q9rq$ajrKj8Sz!S6Njy?ZWAm*h$G5ih?kLTaGR-%Yl>7VWR4g`k^1 zj^}6)gt`q%b6+WQWU-1M!+RDdxSgP3ryJN<0*auIY(P&{Ri}DNhVp#wYT2Qxk2j>s z@X}qp4R-MIwY;E%q@$QzK)J=Pk={EL>6UY{Cv(MtK8ZQ98t>S0{2`pPTK@_m2au1v zRim&vLEcg??(S6e!VW;VHpNWw-$tK$f#fCU1vuB;q!#7AQRH%6Xx8A3r2}J-_1LV6 zXx|zG?^pjr5>tmTeR;x%WLM`vdRw^G5+!tVB7~(_GIMCBjAKtqTIbvsQt$kjVl}K6F9w4RJZ*T_diyHw#RCHB2c#gcS87NRt z`D)N;qmA*MW78@O9|%66B z;AXDt_}A|T^fIH?Hoj6)`)DQ7MpT>aM$vcEC({MS&d32PK?=~GvL#_f+;G4O$`lz@-M|KYK-Uk3oK zg`A9nQ(>$nX*15ip*QX^XtDP{TU-Ekqnz_^nBo5?i#h}A)_)Ano1LIn$6tMm)p!uKj@kIuo?R|FP_DKbh>aVw+OG=2>=){#i*}_^qk2`TF ztT+!hxWPL1&#tAGz5tMfEC1EN?_lihiFQ@|iN0)1xODg8Gpg4X1~ONhwZN(U_0beB z06*I^FOGcMoX5-G2064fhrziLRd|S1jqmRyg-w6P9F^D|8(iigA)Oy&2bTw(kz8gS zpZBed+yk))kjOZ#s^gY%xze-x5F_J96W3D&;t%FI=8a;^i9d(nsq|`t9T8SaI$)_`|@)l&CYeKiUr% zl-eC`7NgB%*k}^s9_@mu487C}7!|i3`vjX`^|UBC*^p?zX)?5;zFs`<*AcR{nY6HR zF(fMk#tY`K%o>D(C#$Rno-Bn&)Q3i3vDJ3(7Bc#H552QT20mMTiZJ@MjI2j4%JX5} z8ohN($GSNcitbzJ+N5GgWDl+Lg!Y30Q8M(+AU;7aSxUs)*l=Oi2(mTB6Q!wb#hlke z(`9lc?|Kq>3(Q&=M6YBdw;Pe;UDm&{)|wjumf&3Xt@3E;iKKT=$-@9Yh;m&9w$ItC~Y4u;0K5tHiU($KpR@~et(mT_8*WiQY z@E2zzVyPnAnthbGz!}bNMK|2m$^;d{VxMd~94ITwcrnPNeIW>)~?9nyZ8p=$lWlO=HRPUEva0-5EQ&jQWkE)QBK4?s9BP>`xIKCcB z#S`H-W_E9m{}QfR+nqt{&U9!ijd==Z?{Ia4J4Tq{vED@s8LMtdH8PEEO@ebn*Oy*R zwvzP)fb+FUM+0aC`!k7mmv>1mvoeoF;TgTvtg_-x| z+`Ua`Ur!=>LKmghh1O4+ip8u6geZ%bt{3|UdK=+k;dqHf-qG=rC`{E67gjSQs;4jA zXva^uYlgUTY!$WB5cx4F!}d1^QQB%hsGeEnx;|{}4`}t2NbfM?n*K6+HiF{K&V^M$ z%Qy``n4WdM?~IB|%=UHT)7jeh`mf?+cDz9t%tb!ehB~^QLz?%9v@~S_;E0UL?u}RE zsk)Z&&g;t7+2@-tpIhnW*sir8M+l3VTH;qnb7ttKmBAUR*C_Jrcv5jSZIC< z;3T%@wazPXD9z`h#@_3EcCs~VY|t8htsuyP&GfdW$GUsk6~au5R0vCuURY*r8e7oX z;b;_b;`;N@bvt*vuVc~4nl-%`yc>lgOrJ8tGf3@1X_9r`f_{6f4WHO&yxP5}j9dY0 z8J9F6_levMCHTb$4Tz{_oX1;&!Db3A%^IFIhY+YmJS*qo(!zEePe@>_yp6^}Jr^%z z8mx}4^hS@y*p94t^I1>4ktEnzcqEyEK|i`P{pm)c;*m~0}p|5rq0D9tdKo=pl=62`Pjtm&uxH~O)$kkOK z4Zzfz&z=6YVB>Dyp`1-g_Ry^RRG4>YTbTxV!=$xCoUGJ$LJ`F$BoY>+wD~U|pZRmrlb~fALUxnm_9{1e5>8qCWvAaRGCAydz z5^;Csy=6X8$a1taRI4B@P9X{N&~=5QN|N8-3S)p6 zF}Y2|-@$Y_&2Z^8W!9#n`I$vfvEJXf~yKPovJTh7QT~X zJpaq4Pn{(>LZVw%j@!yFhWi#mmi-SyR!>+EDc|C*+BdA)KONHv!agh_e|;t6QGQ%l zWZNZ+bHGbbVehhdiLD*9gEQqbN&^uUL{AAFz zzRbd`v4+0Q(+RUE2Q~Uq+-UV>8v5#PZrXO|u>r=x&Gz@h&1Td)F0E=+=eOcG%ut`^ zaVu)Imer#xYuisf+ip@4)Z9`_ugEc>W*XLt+xAwx(j1g0A`1$2dn%B5PtfKART!Vc=zHd4b{KC`29&W95`nj?t`;}zjyg7Tlhb_ z^Y6^3@OjaMKcoG?SNOIbj>iF4|40b>$Kw22Cel-~GbsSMKHTB-{cSPBWX@~%qXhTu zJoC_`%)2$8l`vv>cy|`(Jy=~whkqp`eTIxif}1V}+oA8_J!_1~pW8XGPBiX{TizDW zYYd?+DT1Vb8MjLD%RjP9zN*H+xhLP-b?y7FQ|!jCEY~G>ZmuzZbs2EkL72u=*_bv& z2ahkIR!1~O;1z1ZRbL`)b%~<|ur7U>pjgq9tV{W=j^mlZjvv*|z&u>4yQg!`gi3Na zPQZi;rlTYiM#(~U4czcNV4<1ePkt{;_UWX1^Qf@xrWD8KNtfrgUSCcPEPxD|_?-78 zwCBQ+!}l9{-ONJ0jiT4@x*M!ro7ddf)DUT!?%N3yKG~y+ubyMBI7hcSCB!b_a&X+z z%HTQv=r7UwY=Owabi;FPAmR6v+B}Ari-m+1ARX=f7ySYcMb*t=O~3dW$*(rh^7hNG zGAc5RaFgg!{a2b_jhBmjiUzc%#&`P|+#X(a9kGw~tWZjjEUa7Lu#*lIpP6=FsBdTL zyVEH-=*rC%K-Ck^Ml70N-^iNG%R1i_Vz<~-om8Q|U0@qOFS_*c!L#61shH4{BKjj= zTeUi?W^e^N$(hUb6FaBlc2dSI6LK+fgcVR}NY+P5PY&l6?bP2P%wtwryx@v5*L-3qZCC6wR? z)*Hv>N+*e}@R&qTuXEQNhDM0b@cnj4$-d5P1IyEeDVxr7<>{4cE%r@o+$?A6I%cN( z(vfmf0t%*Ijh`?oN^Vk(~dF5ys0N7sgq6KLVs>jT?uB4!gw zIGO|NY}bTdaKZ~KYhGP?A)H5#IKyI8#-;02q_?&)Svr-+bs=zcv;Easzc+ZJNw(V~ z$3;`U7hvLfHTH%bj;@09-<-gMJX$bs*QMC%BpwNovXFo$!veCVlaJYhTzr+OrO=D3 z*RJ2FQ-xW!BV{m)-scOxc0|v316~--Rj@B$NlQY%9sVg$ji&d>A}0UzBk5l9m%bfw z_El%&9dquD%Z*Bk#GB`Z>Q4`o2nvCD%86Gc_opGv@ct%eLl?EF^~4*f77p2hdNaLJ z_#v9IExMj}ymM~D)y(IG1%*=yxiaa+sR_zjEE#S==2d@9y9HYN=vpU3x2*6TxQ z>xMJ7^;H4lae(PWWIVXDIha?HS7r{?Wf6*|_H`OBol3G9ZIq~a>8oaFei}Ep1mm_0 zIq2NV0i?W^z_+oi`698^g=yV9Gu-f`rJhv-4(jsb3NQKPsL@!&fpl z{E~+Ykatk)+i$$yY_Qe3`Ht1Nd%jt$uC0bsZ;jf!?H6I}F2qF_+FXs^qmd=M zP_7-aZ3R=D%Bb$0JI4JgUHcKXjuv8cu%w5shXztiz8Y4|Jp?=l;+Mw5zi;ORu$>1I z)Tuz_G3ybqod*G{uQ);bk@c(v{R_f1YYBB5DP)SE;a3Ks^CE9P7Ufmsl%$Sl>jUJM zOF&gr?dZkZhaUuG`~u6$olKZ*;63fQck6~f+=SfnwWKj6I@~mrRolMR%h)HgbWjl4UYsXwq+i<#k(bVB_XuO{RMWezrW%b_Ab- zpRINaOInM>Nw~(?=^N3OY?M`2eCaE2nQK`%3?dE;rq=Z7z(Ch%T8tuCIdTX_qNoHymGO+XZ$?|rI z@lzO|ns-bh+w+=jcWb(Ta2#x+#+8+&7$!`QKn5Q=Uv7J?&;5DelAoHs1wJe`LBz1r z1+w~T)T!>Hl89z!$uzIk0Z?7B#{3rRCj=2laR0qFAh{C2m6pvdelbu)uFl?P+-=x$ z#qePU+QILd$nhc}$OKXnfus}25w*56D+C4jaQNky_0zz~p>k0hPp3ivuO!r#3*y3N zDAFy`wRkg!KKAu>5l}ukn9CB0)yp#BxyqZ}ugo7M*(?Qqbx;(3UGXUe6olrsWRyNd zM|tN}-QG{$hBobzN{XpkXX1pr+j*32RBtA5#R*HWc~{Nlx-3t#aJwlJa;HZYH733M8_qa%f-NnP4WEN`E}uVnvDmHFO7`yY8`) z;_Q~XZvXMP5KIbp{DbKGRX7?I5bvutr_miw31v&U+gII?Luoy+yu<3WnI}@->GWKX zu}4^luCL<5g>o*K0VuTwbtcgIHg}AislbO#=Pb%= zY2^uv7+FI{IJK%I&n<87t1Z#@weyrOz3aJ8#Khz5vZFiHy9#er?xvx3O?cmWsM!7E zZmGOaBV;c8I`nk26r^hgTrZfe$JD$Y&)DuvtI4=<00KJ(iX_Suu2KM3KT6u*tG>3M zDWCh1{Wwv!t=fV+l3SV7W}BY&jrAuMsfW-z{Y=ZD7wjYLSeQ-QPy%&}cG)$G9ymiT zHc9ODjk%`>#@E-b;RP|(bKc9L>C+V4#YIz+=E@l{5t4B+xznl71HCUeemUgZQEA-y zdu0R%JE_2rGaJvPnB&{PY1yriWjR014mAs@Hm|iI-6&C$k@=M4!QI(2z$}L8kgXSL zvxH=&e4LZ9%ATaO<%9vMRTG&}wQOu@)iF&tG;CyZ+i0MA%5I<3n%iEI3%xndjrPD@%9HrYJy7i;JE=(^V;j1>ZrG=LTnnMc?SYMCzO$l` z6fR|d=!b9cO`zci0PDV(uKS(RPI+!|ng;vA;rHGjGVJW#j<}YxN!n(7jCZxeQk{dU zT6bMpC@WzjlP-AXlksP#eFHSy`d<>`shh*r2eKmYOK3CpV<-(mcBm+(7=f1F}K{B6r? z#sX4jfRC(stQ*-=gqsepO`|sDEbQB@Dq~rYY1V#j7F@rERSS`wj{DiX>D)ggL7V4 zZeGFF-;x>e-nJ-!t&E=S zqt7`fP`@jI^nqKo-MG7Vy~tP)s!#!PGiw7XsX*z$bj7m;^oCEIuKJdXx=2H|PNkqF z;i1?@3sdr#N7?sp&DjA9zP`3&Szx!Lz?2&XTX+FgVZ)bG}Ww95J z3Ggtwqz}#=Xwn2s{aFISLBtvv8PR<8yAUo$KFSqE=BL90-Nh5BQjTs~zw(f)_-%cF zpS|{t2r0YS)kj>tj^xA~v1LMdjrjTSdePoVq>3W>)iaq~{qys(Mpn?r{5K`6yH zuUFhQ(?!r(IhoL7(3@4>GIZYixc=jEt_+gjdr)%Y5Gxsl>%p?x+4#8WX5dexj8<5F zoP7{%BJ!f}ZP!|fP-ui^ke(R==ehh(SKUN^9W2M=?OVPwCs_%bQK&(BEeR~^gwSxF zLx=HNNjcL@UqQ4Tpk?bjk@KcIQ2z?Eh1^7!F3Y9rampk42ysHxjKzLjL^O~*T-y%4W4DVe2_3xIi2|Nb!~<+ zS81~n^$DR!TT5Go)elwU38yYtZ=vip`!OM0$XJ0cxfhvOZKIld1Q)xswoPJJA9_jG zsPuto*B5snt>4$=$7K!t`~U}Be|uem=3|k9W*?K`m!-Y@+u<#Pj}z3C_2llOj0H8` zrrQ{!Y@D!83(q7k_gAC}y(!B4%v^N$8n_nH+r$ss9$W{}w;t2f-z-iE9E1U?A*c0Uml+GQsso z;v)}N?4E-uua=m*Si7bHGLUT%3_&hOZ6>5zG*+BhtgdB$H1#x+%^0vww@xwA^o`t43h|5p8Xyy6i^oyEq9MOBrTi!PvE;b@-o+p)Nu<)FrY z?q$>xS!fH&>}zf<9T_R;wS2RNc|rY2(Z5iw1n2BHG*WZAlcWox^0%Gwq*74ju0Bpx zn66OP>LqkpxWTbozG^No(+xzXi!K7EuvqiS5EC(5xGNUOt~vr>?G((L32+3@9e)5~ z^8htY&!3kk6npl$!kIlZGh)EqMXQWBLb{#|b`(U6|ADeCkV2%hq$)7C_4HDkeqDWy zE^{y8C`srR0i|6CBDHo-C*0jWx^^Lyz6Vbs=sP1J_e3I>m2DN^!*d6Cj|u<5!n}AE z9A$p7mxoA2lk%Kn+L7ncfeXKHQ_=~$cmcfSC>9s=?X8R8A{M%*t$)1KOyYUk-sax> zM-M;ZseoOnmP@ni1pGX_|6jN5AqlK&Ps|zr=<&y&;PxwZ{XA{#AbL1; z{lBQ`-|yV}`NhwH0TOYf&9A?9J#qdIyj+k}2l?Z!x*Hdi%hegUz4;d3xyD~Fswvri z=}N5n&SS_v96V8fM*ujBp$CTK`xfKO+agI75-!#7qN0 zkk|jq6L31!0xBF7O}ado9G5TU+v&crYT(ycX!DmD8#tMtPKg*Sk<5mz_5~*T0nID5 z7Qe40WS6!65lWAIL?Vl3IOw-q`0w?>=Wt%$AV26f12KT*AXe#`uyUI5X73ZtiOL zTeOH_4R>R&3D&*+QBMw}*y(dXo!U(H*>Q&hl{(*0@NWV8Z$p!2IzTGCq>T$WB}5#e z-Od(sB$b3jg#q5Do2-n;eB4Q;wmwh`(oL?MlYMe`A&5g%HV7*j)W0$TXvU-I!-Of` z-NN7J4GT{_WtuCoymod>#we0h{9pb0)pD~|jRGa2)hAZJgJo(gM55~|dd1LMtJVxZ zVs`OwLSv-^dj+d=4(0PwOHyyiV(zhZdpVzOU^k7hU2~bg_gNJ-4x)`s9iL{p|2oJ4 z9Scg+cM`;vIm~&P$0{VXTovPD%*n;EXm?>JzMAY))ZnWc;e_12wq3SlGdk+>paG|Y z1i5Q)QPF_UVFSPUU6}C4fTYu@K_2vGk~6Z;Sj+XP~Uu^?tG!Mn#%`mcIM zj8wRxxjCWZK!}P~^D*sK4iGfW$;7ZgbLqo8+#c2}fLjFx?wFy-)N&^t_^B-{b|({x zIcI|^64S+d&;*P&R4+BVdOB|}(k2L7K&E#INeig8oI_<#J1zz~(<5G%v`se8{g~a4 z?fIRM8Asv**I0Ma(h-HYh?#>9QPDX3*14{?F2Nmj*u%;>=^NkbIC_UIjz=2T8ZuC*smqt>k8~qb`4RZHhnST&?9% z*_s+$YfMpWZ}C(83xds~QYE>xbJ``?xovgITiFk@{^S^b+xx27B>4QyUjxvL2k`Dgf+JPX-(LW{ z(*LNZ`2Mx31Hei2Zp}=5zlGj^8#$OL4e3oE>7LES@!#eNIy!gMa>T6k#?Sy{tNJ

    H7DOnRyV&8IsV%h zs_g%MK<<)c4p=Xw>wx)5oAe}^x9Yg#?;yqJ9C`T`F04iJ7U7*R2(iQgDMF$1fG=#u z`IeT`%;P>2!*617XK0*q3p7}3aw@d~cdnfTaEoUjP=oBBWse-+r4HE>qsygZD|fj5%xlRSlKO#xK^7SDh|+=}d{0_Uyq zayzIVSJ%?w05=7400))@$LId}A(H?herXO%wl`H&R^Z3|gpZqIntbJ+eSjyHpYR`j zM-cSxG%Hy0`N04E{sui!_xG4(FBq(s^$jtnN{MFn3oo;P9?$+D0e5rjXCNF1gaztU zzRxvR#}@b!10Ydpj`&alWWGj{`C9r5GQfzxaKMspu)q8GDZ8bxSL1LU9>bH{rQixe zH9&-nGA<%EX>_^J%pHJ;V^Gt4AiO-*Aducfw$Dq@7G$3u>g9r9=oUfI=xb$A)vWK* z+<+7GdBdq47wnS5=EuY4xug5QQ+k!)Lb=CHoly70OOcFA|Bu_Ll%iki6Fq z$mY%3$%SAA^`)r-!2T~fXvycXlH>N6J_Y87RfT0673x7_Jw3lll-|cji;6UcO@z{v zT3Omgn)tD6WwC*Mi_*$~x*$u;dSYDFhdGs~trm0#MPRx$TYVEMwjku^X}IYMidWv5 z|1Zwo0xGKZZ5NkTQV@`kP`bNQkpb!Ml92B16ch%LmX4vjJ4Hf}?(Qz>7~;PNU%%h` zo$svwI_J38nmsO^{nY*3aoyK*?=b@)O3tUgW!rMG(cfI)6{s$~));C6GE`am*46?% zBo{ycg^bt86e6kR-P;KuSt%^(@0a{hUVKFrFQINYQwIkcPCcPuP;R@5}X=>$dk~W@l$=a*n&2DTQh&IBlks z_`_lh?bO(9n%8kcOkj<5_qo`6Uq;35gCdTEzC+CVz34tSkj*zr6mPq{qUrT_(=TUD zYBz+89mlD+N1H5nS`Ss58RoNqIq}}wwF(of*T=fpJA?fHO{xZ~$9Mbgp3Y~vL5s~m zl;1vfEinstyDPe<`;HxDg8{!Xa+6;U7VD+35jfY{Vn!jPxY%YukfP3kf>7pH_@JF~ zD}4--ZhZ&Moq93@P|6&@o=rIrZgMVY7CBo;)qcFwasaIxJ-rQ86p=ZXtrrCV@H!;U z)3NTu)Jw8@w><(v0Usp-wH!1;YqHi%jsqw@zXf#h$;_mL4pi&x>c{ zdtYxsl=Mvtd}KXh*Nz*-n4y&W5smXmzG*K@&opRuJ%mYg#QI;GnDLmGSi}`<6pZ=0 zs_cKIzt#W!pIKztyMCKgi`#C-oW{Bb6v{GT7}6BUi(w*vhz_-o7zv7t^I;5upvCcm zq2R6@7l81!L8v#EnCY`+y8L0xBl|p2wa{W#t=wWf@meP$TQz=0-rMYcqQp|NNzM$Y zKvq2C1YN%1un1RN>@M|k&K+qS&piNgL9mKe3UlyUw|Otq#@Hq5*;@|I^A8oKO`Fo zu59tIE^IFlu6i}mGVnnrp)2{1WaX17mg?V4%pcF{g{_5?$_AytJ&9NrIJx03Ux(GsbmR}EAtG;l7|bp#5gJ#t1^uUOcZx|H}oyqkt`= z3OX$U03wFsl^L7@hk(A*0cAeu&S)_CT4Y%*l)I}dM&Go-0yd$A;ve87sYB#o?(oIy zocok3h-C-rh}FdU*y_x6&ff|)TI%E1?=5q$mA7vV#?z!0yK<}dfm&`N2TrQhc%Js` zc8H-eZN)ZKe&&p?qC-Hkf)TYT`2iih_Ut}73EI2yongS?rR!UTD8Uc_iGcxipuvj-Gs zeV_qnokku(wqZ=@@GEF{!~tO7?E!BJf73lf9gr#yc;GQr&W+`f#6B~pt{BI_5jb&P zlMx$*wbExq&tnQg1)S%a*&FJ@pI;IS zs&~L&x!y&CL#zQCe1bSq+)3zql3hpqN>hWVmNZwSz==n{H@jjaP3n*t>1&Ch3WNCB zhN2o28- zu!9iH2iry}8gU**z^c(63#PFp#hIxglaw&r{bbW!zAu?~ljevPaY8So7kh{pE4e0^0x4 zv({gI{nL-)$pl;Z$o&ej)Wb7g*iL~}2CpG|3FEWIG7b>}Tcd)-=wD}w(sdC3_>vW8 z*8_{2l421ez1O;G&%ihj*9R!}_j5q5e!{051xist*=wpY2WQui4ec3fUUq&ARVPePqLEg;kA&nKx zKN>rxnWhl)Kz}lMKPeoRI`VgTwgo0r>Foy}{o9HC{EufkJ#{`aEb-xX-<91nf^FG` zXlwhvfy-6;qvsXsRm<7@sPURO%?}sbuBo)%P^8u;5zya-CvVeO^e=atP{O74n{~TV z-HMAmTj*@zHs(|(d+r5~ljn{)JaH~+7njG`q04ptkx(<9cw{8~_~ITjDn`2>*rpradgs z?^wQ&ct%xK?G3BPuF+(V|Lr*ifpu|7zxt!JLxVJ+KA}8r4NS#7qdmo<$3y9by^-T@ zTuH0^k4tQIi8*~^ezoKI%w)NQ2UnNX<1pF8VMe?=H<*L@v7-L*o3Z)`Jtma1MUlCU z!QF+g!`(VB1p-1Rokphs>yBowTf4n_5VMZvlTwf@4FV~k1R7fNj1MJ?F+xB7jWOw%$W-;vQ~&abL)nz%bQ6Or>DWQgO{yX)HVsS_JsTNjfh zHmDblP=!wxt6m`~)2FcVjQ?lD7d{z$?{GTtvLbWP*V&>j7T{$FIE{15D zV4}jeo*?Vy&>0YPnbTfF4X&^EMVbWAubc|*OyvaM31>THo6AX75;ettnTmo{*ei z9#vbD!-BYf_g!Xt?nkd$;cEnUrpF}oUl z-WU%Ia!+`FhLKS9&W6ASr|nr|J0GTCr-q!E+~jIU%oCgP(c7;=veo*XzLctnkcgsj1D_%U8YPf#-nmrOL+mL zhl=#607Y-%V*#4ptqFR04CZS6TBMhIhjGFTB3H}Jnn;j~UwVlR*m1H(uJPzYUtOlZ zch44M%*HA&?CY#GVj)7Ny)w&~fLDkli)Q#L08x{~vK>g!$8h7yA70<4HOl^%- z_iR#eXx}moe(`b>t3fc2z*5<{*0q1aSkT!hhxVZt|9agjbSmK1h zEKNSaKH1zypOJ{cNXLkJ#ywk!1F1#4_B_5VTyI@sRkGFOYBlQ_A)uJ~38t|&pm+h2 zD{L||+`jOx*tuV=s~dL&hwoz!JI3p-Wkm-EE$X*;WjEEDD_=U#U7(FiSh^l!9WvP7 zulBzo%b}fFgmyrYjJzSV*GgM*dw9u{7Lw83O5(hh4rmOhuQp7bt1%>+Zo<=*+Dry{2~N$)kUu1uM>y+gY)StU;aW zsp9p`{Q=b4DB#?6pUO3?<|=_a7CjSJ5xN>PMj<_r1;ejfsM$eTzRuyE7X5G5jb<+KB(2sm^F zQT~n$v{+{;<;D%j+?p{i5_gs2pUYTic8wNpJY=?QRlW1CMP|~jwTkOcTG%hsF6Sw` zhZ{fc0*WOPGsi#!2eXd_J7OL5fXNu#t&I^0bbNqhD)>$u7v0o0_KrxVnaN^QSS@(; zNAeHV{LOj9iHKF$O3>)}qGhscdx0ufDbIj+l#uLnr{K;x-`1b)+q8@w{=OevaDODJ zm}PxA|KbC}9((}eyVTA6++5d%1ibdP`HW9J8LgUc+1@{LZ1aOd5=VO7nd}Hs0q5qL z^5Sv4{@I7j-94SsTHxW4lk56Me(?0**T8IY?X!m6LXX0RoSp5`7NSrAz1A0-Xad7- z;Kb$kf)vc;Bf_U-PM-It$xPaWljLy^J` z0~`BEPETCpTAv>>x=698QrlK6F&3`&=l5aQDJ`r=xqfapPK}XZcnZxn!;}7UqMWTa zjY1>g3FeOfIfpWvATU+mRghD1Zul$T4aF5dg+h?3x-hEKNF_kgeak?erBY|%ZZvdU zabL<-hm>VB(q14tBxkN_E5-D_n6uuaT;q*zU5%Fx>9uRa2b#fTT0<|=Q298Yz+Jh< z(ONjAy1I-bWQYS*SWsdh$Odv;r?;oT;u^=Z`P!x}t6M2{z0NMRCO`H7gBTqw^~pl# zO(`d@yw%QWQ%%0IdJTyOSgX0iofIz}UL_q3*Ulk*nfZ*=*7(Fk}nNV?}UVK3XwO7%K5oDOlw2x3`` z8AlA#b~g!6cIatCEhlOtrPX+fK3gWrQLBxOJQq+u2;2CDeAPozzkg-+(+t$WnmC>s zRs&Wmx1vHIBq977v9bPa3-gEtLh-C5YGF#Nl5l#TZzYlXOt(ZpUt0P_y^Z?jq%g6p z#g%+b*)l%&$PZ=RgdCb?F$~<9&I$taN~UJjseJ|a$g8Lc6VfCO6GlyQmZ)&2*j7)`Mtek+Zb~wXl6Xoi`-X?_?Q#6O%3(&UtX*#QAdC#v4-#=a`%a6CqQp!E zslV2@ba+6-=5{8y6hbs47#P)h#QT{qMuMj(MQ@yQ8^s4^BgbF%4QK99bZ4pZ5?2g3 zsx;!*3yJepyycr2ofQ|#>Z{Gvdpj>p{HE~N`5vv6n{%I;%2~#=8NLN7@hcJ&F#?71 zoFFE13YONVW@qUw&0U6kU~Xf+V-?-rhDi5V^WI5|bcWfovgwSfUNv`YS-JH>%{4_e zrzubISh3pSSIS&dJqr8k)S1&y_ocRIxnlRFDu=TU)aOB^dbh($<9<0#OjdpqT|pR; z^2IMIbU%CQjTIIdX<|A+j1h z3f5Aj$3Br-SJt0+hgSqE!;w~5q-ns(``Bczg{M z75`sk7y}6u!FNr&SG9U*f96~nd)3F1>ObCk7kYkv4s52QF^-f9&9Oqx63s&%1KJv^ zYpxP={)8!a%L8nKJk;0(Vm!p3`*s;rvVrW=q;MP~P0^V0HLk1p{+%OpJ-COJCnpMv zRjSD}>DhH4e?@z5M~~*v&BRGXa#5M)-j+M99OAj)MtK;zq1{sy2sh&6&sE*JO(SA*1BI<&;BDlN3fcca|C(4&67#`P!_-h;2A&wVxa*(Z_eiEb@S7u0J&xhN?3_B)m))K|Wg8{1rlG=H?3A zbFcPgj^ro8+Exo*WLRx!IhQyBD_(^9C?$6oYxIsu`8O z_Bj1e@R(+eQGaj|N`mVXxpnB?o?upOHe^^i*MIo&Sw`*Z5I3dHFQt9;yJ&9Xh6-V0 zccb!`CyZxbuX8=wW92HWmaQe{b$3V^?an}+DYGablO*nVF-vuL+9azUPsMh1RkE4D zz!$?j8ugnd`st5KdqRq&n}s=val(7~v9ajh3Pks9RIyuNVeZY?t)IQoHVUH;@%WT( zC7H}3_41(Gj{BGOr2b|F8OOQqvCr6!s=xiPx;gh+2Su^(*ufR1^P<*xsCU^_ZIHK} z>qYzUou0ERS<%_aUSPPldYuPP4LGDq1d8G@D<>fYQ^0@te| z?xi^3&_!AA6Dm6F*Cmdm-+tz>wC9bJe%w@qqyHL(%FCxd?$Y@VaeF@b>coT!ShE*TGhd5U|kq`z!J1t4X%%ya}?gE)`4{jWst&jD4QCv4p#- zcT|#J7d$KsUy{cimyLoDdJ+0BYqJgwRMd*jQgYLy4?UQeo(QbHeEA8Vg_fVVS6WpU zvQG64BSHTvJephT8uQIZTFV=&Et8ScVdt>w7xZjtYQwWV0|OFra>6^i^f%7MldW-z z`=p`m!L7{IH-w|7q1X@%U3sR`468asMyJNvp}EXrAci|UO zP1Z4|gr9bL*{eLO!s)A0mA@=q7!|FTIShtWDr)f~s^aa!&&K8-hK>ifHU}M$ z8CA9mPu*yL7uHDnU5WKYVi9j@FxP@iC$%1KT{E*3Y&Qk7&(uo7r-y_2O~i%ltzC(G zwvPe)LzVdP^Jn8t4BiFFz*{}4C6?V){7|#9;N>t?l5xk-L5rH#r~`tVUN<*=QaY~v zc$c%OzKVL8_qQw3I_~{v^bC`F-hAiRyQwXMr8sG>oj$*QB7HmC_L~&&AP5&f-l+*N6jC+V@HmWT2zL0hcdxn2IwngGyG3fP>6Lc3Afc; zUX#dr`E3vO<$i5-%LM`ox*)oepz~oZ-?v+jRNG77)zW z&g2Bn4mE>S`H%1CT&&WJ~_Mu-SdBAc1!AtVx&3kT=>G z5kir4(RSnt6Hv1OF9A6xE zd0NjV<#Z&%N4J?JI7T@nRiq-CvXvyb9)14g&9T8N2e3j&0+)90h@Dw6X`-L22NfySi-eUqEmEfSa>+%u~InXVKuiU3VOX zCaK#jnC6+Q?G+0?ZYoU^NE^0?U{^}o)F?dQ!U-t@Dbvkeu7tL{x%rcg(ArM&6CK!$ z_gJZL@=pLQCWfc>L`C7HJq0K?^P}e&;f!FGH zmiv_jmeLr!sq##@?JKHf1+BNl;FDjxgLgFqM6`*`O1D^W^;c2YKXMW$eSoEhE2gmX zITJGM7%F^wNpq#}dY7V_d5Xd(Tu}0&NBH$@ezHKEa)^oz)|}VRD?Sk>1wf<1jF0MiPc47P^E*xW148mY8h}<|{Gie%>x>HM`#Wn~hs0u5 zDjwkPyZ*+A8$N!oBNTnTWEku}8Xc9aZ%EI1y*rmkMA7&S9rjqnyL=>b(tvT1{vERl zy-IP!l)QkUZ|Go{y8$fEr-TM3RTUy(mS=0}(F8pOB&>Al@xm~$(t}s#{-_H6lmM}C z?5bCqnsuhtnKviQ*?9oc^bQ3|Ly!K@Ys&{}c8E~pUl5JGHj9W<0k!p#Id=meat zh5zsg!$CXNblQ9C4FG)ja}CJvJUluTAfD!(I48*%IN9|b+Jp9s-F`VE{DbVm(A~TZ zwihOXYTNA+5yPUkyKPj16RWp`D@NOIU(5lnXPv2sAIc2YtTFHtZ@plHqxsE z!C#xC<4(+^PmjctMt1(rSxVa2A4yYxkTmXuwym-_U3;bdakpNskcXv%Eg$R}Yy71d zrn!0Xsk(wN4%-YHY>~9oL!t5sGro|Az$k_dltPy9@GO1=$ypm{N>yqC3M@n-{|J;h zcWyb3egeKL*=G4RWrwZT)0*<%o*iSrNj^{})Mklsjt%Z2V&JNd8xar*0QT6BBk=3} zdgs0!M46Dw7;YIyVah6NT!y6%`49LZDSiy>pxTh zvS?lJ&mVw(kaPj~J}IT`#_*6vF4CakaGIsFo6f(>@b5cZpoxGZiohhV$Qz&|UmF17 z&as)VTmv46sOX1)x0xgkbVG#aMX+~Lml5E~{`<#&zuUt>1|sSnmevgSw{d+N0c4oA z%MsA?TjdYCr5e~R7bPM%jkVye`#DQ4F61cH7V@Kq7T+ zkpkxRK;ISpZs?lF>+1#jzeMFvI^aQQPDYWm(&6Vb0m4RYj~oOT0%hWZ>XHP8FkIbj zROk8JD+UVx|M2S$OL=kM3s$d0DAE7JukFW8AydksEDmwl|LE2~hWYO&zld%+AO%do zxLv~bIHdrykqHzg*zpRdd`6I>;4NGsbalyZ%J+ZK^v}nji_1|PT3W_7nl!J_iJF@9 zsDs7}y`7T?;XBGDs6v{6CJV4CG`7u%`vBn}@)rAl|Mci*NI9}d4T^wp+2E$-z-;#m zq$mvVK*KS+m52l4M2UU`iBGK%HHoJo4e#~dvxxMjOn3|oSps3J$6pdpeWiXQoov2j zk{uPMpm?U7n}Q(!Tm>dm&ua9-8%~LCV$SIPH!Yj}GEf=daRWr)s|KoDg$_A^Y!Ux^ z8<_2*Mv8g@KBr^qOe$^mYd#myXde>T>~9x1^!9tM@6nmNK<08IMA~Hg@_cTS{A~J| zN5A7&UrA6d1c7HT_2X~|S%$Fh?fRzO?Vk4UBVS=>ohx9Q2eMB>YiM7FJg7~EO*#<^gE8#Z>Bm^(-#)}o_Z$Fr-uM6 z%3xj-h9!sZ_fpNpzasMA@BG5r>A>cwh6zmZLKO%Qm;i>aRtBeAM-qlRnw#{hG_uKl ziYTN@o-87}1AgRFMFqyjKqdCEnLnNV7RBs6bo3Ht;c0cshbqzn1oC4@xT2%(yT>n z{X>kQ_`_%rk|%dX<#A+6QeZ;^y;zE+xkX5;^;GqH8zX<~(p{@Mo#r9treR|3T}VNM z!iAJzA2t@TRDG~(K}F`65v z8LOms1{}KQY-WSmx;Ot2&o8`2z6XSH$q!H{n4fwnVf#Q2Dat(E@SH%%=9tn-Al=um zJMZ+>{8@y+YE)mTTI?&Ms1luKxhN~KgUWS-rB#usSk|H}oKoXHx*dLHU= zA$B&wjuZ=DqGhR%PdEepb``JZx&XRacRXr4{i2%7f z|4_GC97nMO9Ztk3PK&PlJ|J{htEe-lALAUBuZwi9TRt;1t6F!*_JJ7xTH?IDV$qn) z>H-%3)-BGbE~2P^h|gfRC8<%1`AG6%<^dcZ_wyR(rbUx9k>l)rho2kK@|pGKh{EvJS~rREo~pWj-ExZ9ewpI;`$3ReB?w z@MXL74TmuCwPh=Yx%_JbmgE{EF%w>7;_2zDo}WJ@ymdc{+5A24YkqcX2ic zbeoBl5;K*eHV_>b&)U^{ggt#>ZDx~ykz!ip=;+-OZ9I>d`fMQ>ulSVv1ESzj%|8yB z7b)b3PU5#G)r3P&18S2x|6;`Qf4RE+5pE(NQ!!ihiqhBj3uft9XIqdAnYz_j&tXAVL?;@F|0TtNMBZu|g`1qZ_gvE=(<)2F;EFy_Tt66e*cn8 zZX3(CL!_tr+Ah?f3PtWzgOdK~8=#-u7%;fr@3p@%0)&0n^TwP97Z-miT3%Q+6>`jL zaPNI|wW*((p~&cu7lN31e7V<}1|4AYxf||IbJ7%$%;}FWVe%!kU7L?cbh4h#M=o$8 zm$aqw03%;ifibiIkG5s93OcZ3tTrh^qyTeyiNa_+D9zqQD2hR&cs`($p20ky33bIE z8`bhaT^MBqqD=Vt5}4ni4#xqD`d-m}1siZio>oT11IC5N)*WqdV^CbogR4C+;Jc30 z;5$B=bzLqxEF`!3m{hD>f`OoAnbVLeki7A<=?@z8Pgk$)EQFI^5md7mZ1Sn3n*wKl zW;k{tvth2L9H8~P-u1BlggFO|>j;874fy@$ugH0XfT*e-Tsi99_O9N;F#XIerD@6V zMC}y;#wOJ-0?0!k1U`8|S7K!aKuv+e^Te3#k1kkGcczfFM|tuW6BqVpGwF>W*Y32~ zrM112E48_<-H%jq`}&1B6vl>8!ndn?c6vbg4&(K&w0LJmv?CW4gJztpA+H@9Z1Ds? zF=<++q&*&j$77{sO?O5FalLr%2n|1PaVxs0hC2f|&L7?(0XCBr7|f2Bqa-z}hx)Xs zh7PYXIvEfZ;@xNbSJ1S(U<79CC4i)G&!SyFZNH}WgnuDUt=c=n#pjhMno3)`pH52ct6d7Xd*Hnu`T`f7qs=x{fSSpIshJ=p zSR_;v34|+()Ay{czZu!S;WlQB8Ud~WDddy@4-2KiLaD^V$XuQjxm1NYdsE5dpAW1B zk=_tCt$4!g*Cpd_pKS2s#B@j$|nV&e`ZNbLU#49d2KTKXX|qnnOd3R_o>O{xR2+tO;d$D$XEg|0B>z z`k^yGcKJ))EBuBTkBq!8;s)7j&7{8eqZ2HCIof~tNDjBn74u@j9_HUn$HL|htg|Ck z%+3~5P%STser^H0sVsC7FMh<4PAGl^#ZyC))k5#1^54kTzOaN@I7yPq6%14rB8W9= zII(EklBE*USHhca-3a}Nnki=(AoYeE1 zrC;c{$*g<~`nYM5&O;*v+THyVu~5LF|AlvMGvw-Gi4Y+v-HW;yfWwv)$ROPfp{|^} z`UzXR4AJ|ESc$x%pMq! zy~{YeTv|w;S37L87A3;*v>B2860R$}UQ*GLVi5w#=e44qc&3DhPZuVqp#vN3DJt0P z?%7@GfrH>`L%2ZVpS)cePJV<)()?R!(+ED#E>`&b2tq>f2T#^VtSr(}- z?afMrFwL`7Enn(w+I+5z0hTkXdkQ3;Kj}NP+WD{pTSJugcXtL#twIdI_QN~!8dqy7p9z;QOD8)_YYhvU`9 zw47Wv7RHZ6SPPQaZi;~K*IRdQjQ#NQ{1gn*t|^Xk`G=sI z{wItI&5rBBP_Da*B0CokZI}56p0IfFUOU0oiHm?_oRjdr&z+16PjK^}R+fflqFH-x z1-zo5sQ+rEj9uYf)(y3h9xx=E$qEj+!g|t(&nDt2t`h6)a?Go1un#8}!rYz3>=1x{ zTX4Hxa{309WC(e>S#2lF^DMNL${PhzVQ4)yl?-ZQ&_{tU>ftt?e+t%u%5v7M+7TZ~ z3aua7lwBKu6@xjp=}T`_w53|rPejUII^xCQGrjBDMmk9jLVckM&^!dMF6n`I&kSdR ztWpNBCs=>L7+HK)en7L{sd}<4*v-qcTD)J;hwW@czsFn&<2)FO-?|?$k0H{~?mcOl zW1b6|4#gm0wpU_ajzXS&!-VBp@6oYuBjzaGd?*O%CI`ZO&2>p4LOw+NRgHj>Tzx#- z>jf!n-@+{ReO>y+$1Qygb(01Gz)geTO;r~@j%(^K*Zw+u@}GA6V*RCFt@99`L;-EZ zcipnp9C0?SH6;BLvyE+X&8qhCIs=Fk z*Tqq?Nl(>1pO2Ex%Z*vvrXUmB)(~x*q~~mfBP~Y+*NrI%3({@Z$0zcynEIhZAg@M? zGm95qQ*~wL0{NOh-Z&pUsqEA5W^hMSjMjV2I@38b`r=^^7s0C`)5oxKBLO0RSABOl zRk)s}k$4XrDf-uyHt_hY=LSli%z%eoDXs%2!Wu&y88>m)8TtFQAVKFvCKg@b2uBu-<*L=iU1{{LN#c zKJLs(t1^#$1c_!*^ZdyHOA~sr8E{evzS;aij~QqJzFwcwv@n}y+g8ijvoh_z*KPv$ z*nf5K-@Emm80*fhY!$Lwv8Zvt@Bs=$v!{LAxpt|@`n*c8s}>$aCCcgX4f*6aCN+^l z0<7SYt-fxyteTI|rI5hp3EpvMOSL^$hho|s7m}x0 zJwNr{5R7U&U3f9-p4SX|P88(vJB6!Oa*23{p?%Ohs3c=ttoUWya#m96bJ~#L-tPX* zr3+U-PR!r7&;->*kAK9@cDlB%SaM1+4Aq!6iW9Ge(qOf#?zBE-^j7#j+Rthmo!q){ z-!*jX+>nl^6o_>Itl=ZfUZ^Vr_9AeHS`0bUm*t-B@1Xy4&k$|MXJPf|*NSL=K@b6) zuz|Mc6?LOo9&~Ka-e8lUDv1jh`6(uZ9=xM_zubc@hR~Laxp}(2i_=Tu(bFCmmrVS! z(EUk6mGjm&Md4X~g0YiVi-XN3+`)%S7sucabj^w>2K+q^KgB|dhac%PBo^zO6=E$c zI8N?Q`K&#l5S#!h1@~YL?ov3@ZI;X-CH0yd9FMC}LD}7TY&iwWKV zbo0xsEw5$w=6k0!mh)9hDu3Hkm9^<@+#-o<09QwQh^&APZ|F6A98l54VEQspWb);?(0?M{q1+l>N1DO z$;oZle&fFKxgf_71ftH76QD6nKXEfl1=i!+4q?x4^}nF>zwbgsVD4NVBiVt; zxDaT0z_8tKb|q>cOPNE_OpAq|#JwF7Th&iK2E4s{6tkL6k#=?@Oj++_-*xdLqnHBWUZyJ&7kzM2FHOPQb8P&}#j|8k8uIC$yQRjVLu;&7e(Lwg%#% zH#;u8XgXOyaXZRZ_fopG-%PRV3!hvr^Cis|Zrl#mbUUlgHnRZU$69H6wKCUqckEc_ zbIx>mDU!y|>va%nal}sz&mr#J&a0Sb{7vZig(vHqX+N-^QLiT9F{mUIKN1z%mn4m;&;e}`pf4al zdtb^_L{U zCyjeID8{BAjMjSIyR9AN{{H32VleXK2?3uMuT7o%7ygU6%7M2gs(7THD|8Z0T-1rc z>aG>+DyAs>X6u?2#c&YYoBx9X zJ(pu}$AKEO=D1u-71aM{3AE7|_iAHP=G7vY{JPG4~dbp!PGH@2K? zFS6cequHH-KEa#%V=kX~(u{88d_+zHPFVNBbZ#fb>%!?~_!K%i zDvlmqZn?vIQe-xC&8cLN4;dp99cVq4#)%G)LP-OaR0h|25x^q1WG3~Q)cXhV+3TE5 zZ|!e~4La!45QK-M%LKxril_2OMd&Ik<}7hllmtQ^H<2x5Hctd3NZdr*u&&1Fa+iwo zbB$KYY0_I-Nacka5TEP2a3N!n2I)12mTxUk(W4y;avA(?;n`pS{=`|iG}PQLVNW&L zsOpS5y((9(nG34;RjrY5^6?uj+G9i(M4VEAA0kIG%D2&J1y3TlZ?Sl#q);+59h&Rj zJc2)ym(d!tJfs{-Dru6e&1kK$pkSRZsm_Siy^H@6HDawu*Gm-PK)}T{^Ef+6wK%Ir z>7`?{xDkbfOmC&5gQB`RUe&+(0S{3^OL!{LdlZ2qv<=MWdt$pc)T5QJrsv6F>!z;7i_eDGm7fmj5Yu7`&T?0b4 zRRG!Kv1%-_*TtK%I}SBskNOUvr2SNx$6zH^&7G%75!QM8jI99Fzz)qxaR2*^sHqR0GoTc<`F41fOdY$QC18|92( zzp+1kio;SeWAM@Pc!jz5!}PDJ>jgTyix{QsN+7*Ur$!-yk9Ct3IGyBIP!d*KI2={b znZx4Z(r(%$DjlXK!U_3CL!u=$lFCIq;|_v)wA^qTFH~1@dLC6~xEKDs!N1rE+u5n$ zo&IXVYLP$vNuJNidvCg@w^!_g3wI)sMc`Or>IW-s{#rI8y~Y8Mk5BornuWD>g$kKg ze#bn+c`x>!-V<*TkWq(kDK7qnxLChh6;RG}fA%+bxSuEQrI76)Yy(b}ezV5??2})U zGdJWDeyd?XmXm^8e^@apqP5-lJyxub7z&UOy3VJaZy~L>(@>`J5nvTCxeh|d2D@_s zkbgd?Kxdgt3*YCL1wc7nPdtE!FgUgb06eqjk-qtU6sR)A$zd1?4CVCNyy@&BF<(4m@7nT*9)?JNNInc>^VpTGJX&OFX_G3)9zClp z`M$hbH3b2)&D1*#lxhSWcCueDR`@I_d7w$V0+`)NlqvISOy7P73*LBLQVXTv<%sUb z*18zI-K>?eUn$bt)vQn3X8_=XSd0_s$ONb^MpzZPG^Qhkb(46)lsHPfDrouML4{nw zKa8HV?Y?5MGq@-X2+(-{1ZX*;?EZ@RDRcIE2cTAu{!+Nc5s}+VF~grXu^K14T8vF6 zF1WaBMjc(UJIVI~N1W9R&EU%Dgvgia77VW0SR+qO)dYhED;K|a73ssU5JICdw8sRC z%tVqn-Z%0LCzxL^8zy%<$8!W0;Wz@vX`yN2sQkxJh9dj`ms z>p@Rv;=OSn@Q4)dmQkOkDtn(GJfhhXce02E8&M+>=2Dn*fuXYI;Z2|YSl*t#)c0(vL)z~G~%ud4CSCHI#)r-ISP_im9CeP@R8npY0EC^jn`Ui z>pE3W&1ZqeG!`Za4U2WCd+d)|wtinMIpxlo&zkxA<9pPyf?oa|H{rez*-R3L-7yUC zN~|+*vh4a0V{(t*Ka{$uZdRuiNN?|s z6qdc*e7;G8SoO6672RSQ&UAdBLktPP`IKw$%9a56qpW%exa0xn3q}fiz3gr#Z3*)? z{$ADlS5mC>L*)ldFCaWLMqu`?ykUl^S+6~PN| z?tlJ_@qAfx(i#y$H;bxa2dEDmEg-DjETjQ~TJI!v1DhjUr%%2B!3e_b_PBN}76!Uf zO?%o&tX=MZD)KOT6210bgOpKUqJgZV^PZ83B%mPFIb{SqffmIEx-DZ-@`lNp16{Mb zQI=?%_J6QYW)|UADnv-TkC^eE>AtD>#5>cWg{TEE7oWa>$jkJPF{%a^!D6fh+xl+f z)t?MFO|;?ARea7)sl4B(*86bqwV}Osw5sB-0Km#Cv=FP1&5}?^9&)~HrHIdFs1&|x74#HfI z$tVb9r`6g5fV9)sp$Di^=;tF)Wv9*OlRgo}Mk*Yz#Zl8M_qW(!P-42~d<;eZQbJ$2 z2zY@}O%V49h(Zit-{qjVy(64eE&CSNkn6>mBspyK0L25*oPChBNz1Tq<49l4wb(-L zfc#^#mnL`w+K&9!wYDJ-!M5I-b7gfAKZ0V!Oyy=RgJfna}>`)Rz5H~Iy>9)PC;c`=6Su|g>M z7zhIqk|Ahsm=v@7=qE$VM7>rM8BF2si}tm}!bKjs3vfRMg=6`A?+}g;15}Yy(x=vD z>_aixw~Mxtyb;5h=fYF@&bCE;H}Cw0x!2rv%s>!7_3fV5%risug178H8qs6*P-ezk z8I2+0$=ldzYp=*;%`sN0QLa+qIkU`-9>=@Q)9Qsu(8}<1I`bA?AvUF*F#7age=*=Z z9!oFAB^Ug&XCUGSG8ZW`1w8M6pZO1=?OKZ$6>j-vK;V0 zSbcb$jb>NA=R|%hvMm{N_CW6<$AcxL1 zkN@QY0Q)|aD)IwXr(NHfb2{ZqamL2_kQ#sz_`pturKX&H#^lgc$hm;$%Z7V=paYa@ zSsnn^if0(|G7+|I9VXrdygTDKl4&pgtK(sJHn@d6*GTR?kS$jUV@JZ<0AsagzFXKX zQ@P;%f;;nlpi9#K?7tX=_8|nW)8(%th6#dqn_^J2VgNNtr#jEb2v`(Yq98m=VQ&$T ztoeLh;OD3tf6r6@0elKl+6CT94;el|nPn4JGD9dNZVRf6Oi77IPWBp`eAwHO z25yFd!&4GtGB9$Y8~xHx2Y)uuYCi2~CXf>~f1uy(05f(l;r0~MTo9Y35&u76(w}c{ z+z%~mvS##;gy%39GvHW^z*2dI@ABa;R8D}2s**(mw!)MmkO}%?(G(0cLJGVqH19+; z5#8W)5F_M$Yt9q54rj9e0ruoQ{~#5yELvu6njirDe+nCbgr-8S1*{@O6}$;3xgm;& z-f02b{Xo~3@@~%IaooDde<0$&P%)5acKZ6OKJdg51$cyRHjqzNr;`-`dIcD!7jwM& zFg1Ars8NC1gTVExi2pu^e@DwNA`2sv6$47frSOImrqMGWdXSJ^HPb<5D}WFNJ=@DSc@+uZ2JnlGB(o(GV2Or^fZr^t=u3iIJm?zl{F;g)UDwx#qR1yBm9jUrLk9LZ{ zYQRaEPX|cwC)jn5J>JXcR8Y$ zy^(%iDloP=V;RBy{`{_$jfKh^IkUpBxq<#Sk*^jBy>5T77t^Se@_EtpQw}aX_?O8T z32}l9cihILCRZFojit1fS2I9dNfoud18|uPSwd8_l%<_`}f8yBms z3p)V-V}RsXaLlE0FW#Chf-a%MK76P6Pp?w3Od(l=Pp$B7m43V6kr8_|qE0@9nUS|$_w5iS~z2>l^A&Lm2 zsNXoT-6?4J%S(zVhW{M9Je#gJP5E3rKJKqE(xHizqr<@v_9cOQ8I7 z>n~B~bNnLuYb~mjji0!rMhAYAsMPN4KjMj|R7%Gwxpcj#?@$jDSM;*;@~2k>^(nIHfiUN|-CEeXQ0s%_V^PKbhK7YLO zhs0;@z3&}s?RBkdUE9p+JI8QsPfVU`OzpU}lZ9GY$lLxI{)yi_n_0D;;yOA{Ca0#& zocT^CYgCH9PkzZ3nK#eO%VU3NQP`G=OAwrh9Fo+;W)5h025|Vw2qr!lUm2`AT8%$v z+76hsz&OI3RMA6_782;Dk>_{^w|%w>00>RqapUNE6E(yL)x`(eqb4oKs&7o*n7p>? zBrfsh=o-?*9|^N@fcb0%q6jmYyLRk7B zhM4eroxbkEf#u#*{@Dol@}tUy7+@F=USLOBe=F0wd|y#jslQY(67Mz~K`vzDJNd=D zFNAOQ=)_gOB}cYVlaoCzu7242YzAd!W6_@KJt6jDuoH-X3rAbmgMKhN@-T67_pAC2 z{Q6Vnn$Jv zII)weD0@t_Cs@ral3eB>dM~&upv~p9RIiM1Kb^(#rt{v8|5AQ$PmO)6N3bgq5ky!TgPYDV!Ye&CkTaATqRT|AOut$?K}T zvIyXyvA$RKu)@Yfx9ObFHJ)k(QW)^yDE)Ju+Va1DpEonv@U^ z^wNIf%1&*r)=bv&2@qlBX|~IP9tyx8Gc4_Kl2)DNPIu6jh`>j$T%XBn#kl=8PZ z>Rc}(_$$`1KExbSSGgiXV-j@d{B>OUMHRmJf5Ri+prf2vPv))2VC@b0fKfs@v_AZ- zj!iz@ZRVqld@Mh+dq3qm9CypkP+<+*e&W&icf>WLYzYc*wQrE#2F`YQ`_^;=O+axJ zW>EEqkSV;}PZOK|-Tc5-N6&e7huKqd^a2WAx3~B7hW-RHkrA$re=#_?fJ12Be#^ex z1HybT@jW@uc$Bb<&4ilU?Owt#=WmM3k9&le^;Z^vNrLxAfzaY3-s@{}*t5u0Afg>julaGRBdl&m z%CM9i?TD^^tNv5{M*1mtOaywgR*7KMIm@RubkbZBK94=2Q#JJtQ7ldGe@P1x!yjY=&B(f{h;d;fLq;%H;t>UXLdhM{NHO@K5P zo>widv%2b;A4#Y1Rp~vF@eeYvR$sEuznC0o6(0thK{(74~ zo%(aqSAknF-AklK{5}|?p=9NM&1{1fV}#+`G@ok^&_T89BdzAo_0~CTz_PmG3*SD?Yn65rqc2o_*(kVq zGbBs`bv=m~nM&)n&6V^~KX@D+dopxkOU4Zmu-E^))AhX6AH^u;n+i`*|BQjeaqkO3 z#_k25qQP5Dly6o?o^z3JHS-yK`(9&?AbE<~(GzOMng_CL&UjDTh9LbX6XN~ldc{O4 z&5x5FXv|DMr|1)EoWq;ecET84Ilu4d57#*&re=#@vg`*C29vi5Xn+-r=CrI>@(nbt zrXG5Cz*(7(>o3XQjf;gjkXfA=LCJ+A?74QafmZ;{aYPbm0jemCTsD6-T$ScT}V6~HIgw0GXI zqjD+4!GoEP*jl2QCmczw1aSb?;;o_%n%X80T*xwf@=(qRhbvn|YtHrFDzhg&(O(C5wW>>d!Xqxgo!S3|H z3S_+Yi!sTodIwnr8}E{Id}zu=>HbHoF3Wh$XbZmA9k1)iy5}F3iR8$Fc@_m$`fKpn8xG1&FUQinHZM{!x zqB1!a#)r@hV{=b(I)PSS0|B`Ri^zv^u>VNSaAoHQ9=VY~IPCiQ=3P91opdzX- zN!zGAGxp%+H^s?V>O_CGaFf4|`9oB5{_z);?+eL;@{YVzvIT##o(BAWSe|=Hm*Fz@ zivA>p(g$RSdxV{1>(1P|&>DuIirdG}f;~UgJO)C^MS3E~@&<;K$AFu;r#uf!FZ$>} zS0UXuW%|L$Ck=<^I9+syiI9F0Z*a{KaC_@$L{6X3$^2LH3QzC%u9GSAsPC8z{ld38 zk{$EdL)HTN+xrp45mS|g+>6Cq07q3&d-`mzlJM8a8*L{Y*irhpbSnk46lqVqAvBHK zG+Dl&r<^ZXxVqdiVn&?SEFN}Bu~5Q!=~$c zm`b+!pX1ksUc_AYI!HqEQ+)vc+}IUE$(o&i=43Y2M?ME9aE(nho`@s`F_BOn)u*T+ z%7CJmn;!|=%rHa_jaQZdN}UchK&d01%L6zw`q_Um>LS^Dui13pmfm=a$~24-6-uvd zc?2hdrJW@O%MoIYr*4Kb7x9p7F}JgmFl8FZ5_H9&q~-EUshFHtK!=}LJ2LFfHb1dp zHOWV{4b9TknT?$TZRy=U$E)@xlA|X7>a_PDd@B~hPyo_UWp{E=E+=51X5T{>iH(#F!3v$oWrpE}Mr&4>} zRl3&MFetN?8p8i!P?~P6;U_)!IKh+B3mId_3rK*78@Fld>d=}SlO4Tbk`VrA@bs@Z zS7p@wLl-f)qC#=SqrU16E3UYh*y1}>gO}(ecEjZ1+*yn|z{~kd<74{CS@Ej%YlP@S z>nu)kaQ3=~Rd4w2k!S>N!1ZJ>uifDNCF}Mzy1tT&oc-nSuS^>X|kUJlD#qRUT^^(sAWlAN<5O9gCNT?!NK; z*0kqwtRH|?<3qW%!3Qs^jw@s!+4~I}+c#mUpMVTMY8~G^qEeEcL)*jS`;y|I$=r(j z{@B>+`%|`0EFAze7SL4Lb_zXzPff{dyw^71US-gb+vF#p zV6yWlCNqS*K>&U7D8d9T%c%D|b7UsdGaikjgSfHbEEh$OgW+vpYCkZpM4E!KoC=6= zMMIW;gT?8|p?f;SQA*JYY$>8AkzdJ$%S26N6OjAAbt}$q;S)=5EZI-F6EVpvIy(*A za|b49d8K*s3}l?7{b}E_LQCyL%lmpU$K*J>BJ>DGHYvT%~8jALdWa!Evfo3 z!13M(KlwcboXggEG-dFi@7vGUb~&BowX_4?)xGhpb`g4|BY~}`@xP&JEafz2Q5vEd znB;|Bj%ilr%uJ}EJU@1kwRO#Mp!9Av?D9>@6+j1RRT+Cv(;^>ws2T-K%XZlna2~<0 zNcaDTsRMK*dgJKW9dkSKM#68rm$D^Hdl9Cvv9Maqzu(XW*>OICJnz15&j6(cXwKrI zC>OWFRsC*_FF532r=FJ>(i=q&iK?P?bPBni04{?=JF_}Bq88W)oHOP9!mN7vu)e_1 zc#y#AGvz@Sevn|v0iCYruk3?8x8-7Ex7p=f;vPe%MK&?}j*Yklq(SZZJgT^3$hGl_ zLAcj2qswXxDup$64p}fLB;QJLVcfR}y1kcRO>Nt5(s`w-s#5{!l-Ka?>1Q z&^qXy?fW{{ob3xUtRz7q-kTi}bP~_WndTP05Vv6dG^>fvOy9f(!PC2y+0KC1zVElB zGU_YPUQqg-)1qNJ%$7Z)dg(V5 z2)4UyzeJvs#@QD%s#JND^QrI5g$FA5Vd(DzImc9gmn2;rH&CCa)wqAZ;O=)~# zL=_?52P+R_aonG?9%>oQAWzW5F^(5gjWA)#QlTI{E|<(jP15QZl| zQblpK+*&MEKwriCyhp=};)FV`QvXb*1mFPtTa`_!ov$kM`Z1h+lf#^>jF{ zG2VghZ(AwsG3rWwZ1^vMRf`kEdP*lOr9kX#nAjaTOUedCc0|2Tv)28n2|e(}{Ws-Rq(f z1`^~E?r?mmUS{9J1{TN}^b4g4j+T@yT$xFIW>uf=5EOaJw4@e9sp7dQG$&uPLr5&| z6h5y0_7SJoDixe+y`K_->2>N-iA3#1Cq#jElf`z@vJqdX)>jHi$C?a+yR^5FcR3_; z!(@T%{pSNsfGN^sqog_pY#40-pS;!cVqmk@oK5>Vi0R437h<~MwL;Yr1%iQO7jEjz zIc0*_P*RWuTatTiqgUp{E;-N2SPeb`-{-IW;FGmS9s~a-5hglF=I4&4)H=^%G@_Q* zlfC-5cP}paPjx#C8+K@c#7)q)c7|M%;L`m=HE*PmlB5wxb9Or^u%ClOvP#Pnyh}mmkbQtGo8NpHS;5Kjdn^j7AoH zy3fs?&BqoNXD%tpL^ZhkDAomu}@L_!tXl&mE&>V{%4LyoB5@QaG2A=9{%54fI%-zg<4}V z;izCOO=!~T0&qQed->GNT#|5SYj3K+G6s~K(*s;TZ1+m*2)J)hq2%81u=48$kq4A_ zMfV&4k#u*bN%8dOmPP($p9c#pyPj-F$h-$rWO(?pkA)t%tBMnHIy(HGRyWOa%q|`! z9En^Rw~F6Tw3OGjrDN~Up1)UJ!Q&qE0AKD+qv%1^nD!EoTJvwCH@jP!C?xFg`%$CJ zj2dAC$Kg-fDoA5q4bgf*VZ%ivAQ)m&t@Ma)zfYTQYExOcdf|)fobo#W}lrF z|AKw}I*w!8I}_Y>PB31Vvux2Ic{N_dJ$3msr(GY`&BQ#Pp1EWaTXKunI7&vut( z<9j&xi(0p$*An%OLF{slAC%}iiA?$8yTldQVSJ*bw{O{p$a5~9IH262A5>kk`D_V| zr$2QyM2ifvSygEfvS;07EPg>tq}-#zWwfIwd~xh|JmrN`SW=wkOy8)z3r_V|uKlQF zTj%vas`cKPV~*~Z*iqHP8H}^7ptTjbmgBD-1*m@T$@2#+jYLQm@BZBf;lHRer>a6* zDR>-rUpEn;apAl`4rcpY8s!`xAzDWXBcN2elyyNlg(Gf|nW82dzS;(epbem5{3ax6 zuSCe4%sEVZ&HzMN$<#mn(ScZrYf%3>Hzs-VWenvxb!%b1h{)h=6Dh{yw>gODfsZ@_ zh}Q1=L#5wd)STYNxess&1-^LBJ|lj{`n4(V{P2te$#q8xTa-T93vlvN0^4(BiE)Fd zo%u31Gz~*?(MJlTK-QC1=n}76Yr*r3+WBdFXwo-cgG9##f*Q|D?c;sjqo1sNJcHsJBH#k!PC=^8m^io^76hb(~AJY!Shg* z=+BRr7rPzWE`;yqg4i3IrHD7$(fK4pZrh=1xQ7JBNHPCCir~w1d-h;kexiP|p1<)I z743{$K(TR=m^4fkD|4W&0-uyQMsJvgIR>4UL86OBu`|8RrYRR5_BD4G*9-b6P-JpE zKthY-O%J#!=ho>Gz%Mf~GGU8exYg>4wkx-@0py2@$DII;{A9i;^BFMu9{>7QW<6hU zdy{O(oXQyZZ;}F5W@E_DjNRp@{T?=hJeAJiOg>un%GV+R%D($v|XrTYcCO zx+i88QrDFtic;4UNFiWybq*yA`eVgPS*~9G6UZS=;!y2Z18C8XoAYktdcgyd-33M4 z z$*y%?^*w#0Yf|;%n3F*@^t0N;C&Wcu|ytadHwn zBSj6md^yrigAJPXN1kAPQ~iR5XXxGF08!dX1I7K|;=m?I|3osXXPEA~y+aMrbT-Gr zB0NI$*s}__69Z$P52#Y*?enDk0^pzC`}k%wf!9pLznL-DdU2%T!Mfj-sg5bZoII=M zy|=Cd@4Rxu!%i)BiTW=qHMD1$-}Ibh@!^oZUQ`OKxCMO&e!#gInnwJWESMoA(TF`J0PC^3*-yAsi}#J3)GQeCC%|UFDQC!Xky!{ z0a@CLgLl2;`CMCdK9oK7Y1?`OgVOe_zS*g%IA5;){fW`_+KN1OzwkKS90JRNov| zvlvjnc^rc1FR4*;3-bCxkO0HN&ZIQlfd}cbDKTVA9!B8lRnR(Oc9oA#6dYVnXJix^ zTIiJNdOC-I>69-@4Cy+MJ!V|t`hPp%t1v*4<32cIYjFO}SWof>0L6D8R9WAvT(ZD> zA&S8Pd_Z%?!1~eX#q8f_zWZl@d&hlyCkm~3g8p}V{RPQkJQ|2ESB-zq=0E=@5aO>w zi?)XB(>e7v7iqzpqKXB~WD0Td#Jhp_+9=>Wcq()~ux6g8s^7a$I#nw_|7&0$M*t{s zHX&dzbks|+bWLGF1RDRjkK~_tF@O_8b2p`@RotirX9@Ad3k`thGdd;|vq)r}N@9a1 z!*v2G1rQUF;Qzf+n7h*2&uaU>(K@pJACenz<4PAG+91#Sz~YJu8 z0TGS7bbI^Ytw4tbY@YYrKCe$2uN7q_e-)%K$SJNpvd^ zWGxBVqpVHvQ9>h1udYR9C8@G(eC&T2um)JnHJ*Nfi@UgpI5_Mn=&H??I6^O%bX%TL z9q}&hjMc^_n-NbR)6p+Xty!z21)svTYF1j>ZeFvh@k+n?lxla5DTv^g-m?Y0zcR~4 z;#vR2qWD2G-8$KS=3PF46Y#JE>ymeBg8VDTU&#ms&F3z0^L1TnKfbM=hwD{5fl|Yk zzJK8~PPLK1U`DUm;SiVeNE9NE9zPebg2N7bH-WRD;@j(75ZVehup$?T#}3V;N`M6R zy+}JCu~@qao-dEGoBgDL*_vOyi_>IQBZyA2EwwQ2i^(4~or;-Vq?<0{49?vs8BtFJ z%Ep?CDYPIDCx7F)YEteAvvFsQ6sBRs<=*HuCje?ApWK;P=gRHd*q{yuPqxqcG&B49 z4s1<(zfgeC3>z!ENMF`T$8DEU=8N2<0iC8iu5h7RT}%3Y!BCYRK| zUNz^hu`}1^JJ;uX5%X2^N}ixk-TVTKd;z?(il@KR3HTYqkk^j~LTpDj3bfc!Q9vA; z{;UQ82(~u?g6#|JR{-6rtLplxf9uaE17aU@&DKjavwa!nSed-@1cO>%;ZkUKXoA#i zCqL{64&@Qy1dCT@r~mPhePJVjKw%bIR4`w4frTBg>-yK!PM@btWQE0O42w1E40p2J9!df`#u1nmhXB zIz#vH9%-=65HA*)jW+GgK3%zMK>?=8k3k&bo}L(n!5$5zsuz06fMNp?j{*E?$D<4} z1h)1`O47U#S9=~}BbGYz-uW&t3gBdihrmG0=b#57L*XNbc&0+o3R(m=^SbvQB&5NF z<`cw9mMgOZzJF<*;EK!M@J(V*aD9nhbd{KH&hlmpEuZavgxROAaZGAc&H{*G3XS!( z8m7zr*=1=L*f?_zL{@kdeVK45sj>qyvi^?kodIRvKE8 z;D=z57E!zOu|{;pwXk&tP+J|~MbohLB!DdeXIh= zsHRWNbxKgTdSwzSke+UrjoA%GbL|2p+o5W9z%+Re%ZQ~NT^@5IdH(H*iR+#uQZ3N= z^8(y(Hk)VH^;n@qUFK*lo*TgOnRpEB{%2}lIw6W9`WOpEa0F{m&RLV`xxLiku?AZcaaclKm_~W6d zudx*-rB*+vYN^Q{4z3TcU{kf_$(Ja^VMACM9g*I5{YoC$$<@0{zr-@1ci8i&WzZUe z8@o^V{*NQhBVRCQ;isD8bsp*~C5liY4$kqV6X%m%F^k1}UG%Z<20%NH4J88>)^8HP z?SkrLVP5gxs8=-P);2axVqwCg`I;pqA5?C%tJVxWdyy@DSf54=pKKM0CUOFzW2-UjK^9FMQ|lYb=wzH>s1bBtkSm3>3ET; z5$Tf+xnfD=kR+2<2P`=AC8ri?&-)dTsVB&eaVts4x{h-Gh0yGA}4vu7O4do$2MeS>BKX9~HJS-Y}zsWVa51fY{YV&uAal8mc~Y`QI8TAFb2 z7TuvS>AKE3D%?-X1q|}tY`_F5;I$6{9&vR7FRSat5}M|_ZvKZFPI`LWLNpuEk@ge7 z!w)y{OxCWq31GW`=|)!;CEx#XeL+BSS+^1Jr`tf#@jM9|*hzrG*^2^vmr%L$!eJ>opNT~Se02LAI1^tSu+JiV6~*MtZ4UwHEAzyr`K;Jp3|#=u_> zWUv*@zYTgPdGVivtkpc$80%`Sr2D@s#|Hk@lfNFr|LxD5!+D}0D`FRpr z^c(2U4ICyb!aq#`UH|I?>Iy%v$3u0m*%A2N4|D|vc*czs_y|}TgHYMStgTG_-yeG1 zhxbRTzi-0C0r(R+;5>~TuipY|?LMQ_0p5G(6MDDB0S0vO!f;#tb{!x#pVqlhH^H}1 zc;!jLIk2`O15~~m(=M+$t|xP3O3Wp5$xB#UQx!w!OwJn|j1MRrb^^VF!S6SJZnqB_ z+n#*iJXryQoL1lIQUotU4w>4Gxl9eJwOyMFOJHA5T-lX%yZhN;ZqHmU3};seO~C6} zB@LSf!l&a=jUF+$Sj@20AKy`T`oNT!r?!6Cwot$N?M56RS%elrD6ZX8yiZDM(3Ek8 zSrH_tM5z4(VBE?Gp?p6M_ihQsn>(JxJbdpwK`%+7H79OyMo3C;RkmEkw6Wa0-`@mC z*X(q9i?lQdA;q1YWnVnRte$zGrXz?cRz>LxVCxUUgpWR*>Uerh$lz0O^3U#XKUV`K z0YE+J)!8ZK`AYd!L5WzU{6ZzpCXBsL&=3#!w=>^eVzBE;bX;6Hnd>ZZ(u-Pe#a-ZV z9~?j{J|=B|{Y_ILPmHP}i->p;g&j0}6eMASuReWZ>|m|#Yv~#(6pA^l>5Q_QUNrpS zbs^qUcPVZ)UZapgvcA8aCsy7olAT@iYFc-QyF@GyZQ-Y)!w2TXuIM+v538u<&PWKsKqKRN_>7s80z$-Uo-1~I+r~?is^B`)WEpSAz=K+kk6a4g zdjnU$-e}h+ahHoJsF32@oQ#Ps9mp|sr$V-9N;^jpN0y?7l~*GB$1R+0$J%mJmWZ_T z^*avRqIHtS#@WKBY4$nDG$!d-n;BH~o284>b%?EOgr)6yb;IGPkoc!s%|N`MEF{mE zcmnEtD6E@AJ}mC5_+}$2HG=cJxPIx74{;B5VxNhO6p{#a=?j>v+3|H;s=K^cROH%C z<#sPHyZW$l_*U*}*lTS&ZB&QUG?jB!C%VFNGL>%{2rhBgx>~B8kyr^7|}!_64=!9P?!MYU%o&n`fbVIpi>j@^jZZ`T1|C;o^2FN*v5?hVa^6>oAg_+q=B{bu}eL9>Oy! zf*Lm5%W_|vqe^Odr-mfAvK|DsCA%nlx7znF2i7R^^NJJM5e~PLJyMR2S-1X}N^R6* z$AHJ~7WF!7UeGN*?g$b!Z6;$4n3VmJ%U+L*n345SqEm^g=D2QMy3hA6?NkRX`QyrR zWfPSyLQ2W5^;}uF-A&0(8InW>(2z&qKMApoGuB}XhOHyN+X0xuOpqo!_ z_&7cL=_fU!g$&iYqEF(riKHVGRW4qg=qDDJznuEId?g78 z_mX;!^m91;xM6(hi=;|7IFAbJ3Qo}Ntae=CkNR|{Pe|e+@AMN+jKP4*rWWyEQ%Jdz zI(x>x^uxN@>GBYqjrSdxs{RALH(Pny8&M%+8&|X>DO_?Ji|@6edZwPIjpuW#hQ^19 zJbkav3z*rWP=ySivs}sYCyL8lqn)7roMpO@#&vr89jn*s1 zWJQlXfzkkHVU188gO--|g##0=QftWhTe*>8KO^lnLHF4v31Gf+~PiLSdnwz%><%D?I&<7x~((49iD^Lpwstoi|W48l`IX4cN8 zPJcI^_HUd~+LjV!oECVjH0&-9p`bW z=cq#jX}oggv)L#RT==EnEj+k;`e8ObfJ$H49|v|haZvy_*@M<jl!%@g~^yPLYPK5>i{&K&o7tKg!t=Gk=33lh!V7jM} zz&R>FTv&Q!!4=_o6zSOOT?8tC)#{&Hha5J13$c?$z{|SXU{Rvf?yp~yABHx;OI15& z-mVm%K!P0I|U+WY)@pgAh?tQ#Tj{lDfo&AYhWmnT*VZQchuu427s zNV1`AkuP4MH>2mxDveuxf(qdvb? zedEz!`CvKn#!#{DSM=se`EpfeqPU$zl4y%Yf_fLC zw9TWRSHNvEEg8$Av0f2nO$75QYA?6}=wb=y(i|Tm+&sOt)Ob~OD_!!xa4v5Xb6#8! zB`+;h5s{IScJ4G)3*C&8tJ+c}yC^x!b%e`VZJk63zJdI(4)U04EJ!ty7d=a+3$7z_ zy&7ianBKA&%KvqgOx(!6SQ6L}a@4oVO0iVcGA83bAkhyT#7Zm0AKt2LgUQc9fL)QDk9 z93Tu)GsXwM^c?~z98Ho=)%AzLu>otJ)7#`G?&s!$O4F-8%G;>V<|o zKVDY94S=}>KTMM66|SlTJ+#CZnLA$Sxl@yAv^PAKZQIXG2cy|-pDm8lrDxUp?21pw z>3TcTGzszD+~ntoG>yaSimRpG2+y$#1t~tB@T*NbvBVMDiypAo61_t>vAC_RlZ{je z^2Z+SgmnviPj$eplQ%VEoxlQq|6z$jxoylYEe}KTM!rOT>JZZTQE<#r_qwNhEK0r+HIeDqrE=k}8??RyH?sw6PC@63Qc-vYHj!)30rl9K zX0wLV`i(-8jI)l=$ovx68cVIJJ#9~OUgZopp=xFNVp3aT>d|9v%)hw+-YT0TmwIQm z@%{>yFkM|0dxO^BFHJhH6n8y76#NLcY0fJuOam2M>^E}I8BbE$3S0~!-!&~oTm|!J zVNTP@hk3JYcc;!~npilV&J>;@tJC&rb0A?NT3<~{Pk*?6xDy2wZt0AOG;9>tcNr2P z7|2}Ko~3z<(B0&x@>k%2!y&47%Si|8w(I-hd$XP>$s|H=E=VC8ynyR)+dhW)+vW2W zN(E(IUXPCIAGb3{?aqYe9*7?rhfv44)V{uSF~BkRZthg@MbMda2l%unodi*E88>Yv zq?3sQ_Q|@Nq4$VtCYaCm?OXe3ki`(>%;#)LS>0a&#-Wb#^*m^TWDjYqP?R8AGCnET z;*4?}&*8MkgC{yZdHtDahDsQDg6?FIv`$1^V0%|!a++~}AZFIYXFnsOmhA-HUF-KP zLuv=HV!*Yb7$NeK`SiIZt8^zZ*n9SKM!+OSW&?KV#!V3{w|BU3*6Ev(Yz!jlE%wAj zO~fW)z4_vw?ARH+mi$e#8a0+RRds9{L|yFIK6Hc&W#{F+lak)({8ituzV*eQF*FVdO1*Rg{%4y^-ym-$B@)ME#y>Qq(8Rcxte z`ggp_W#DWvY8c`uA>lr^%GH4)OH)Q&E$YPVgQ{W`VsTxsOY@21VV0%c1BCO&sGui8 zZrizY_CDR+0DVR%BI|vBKG~31JLVRUtafTxY6!slS^_<{Y7KhpclyZXS5u#&2iO)0 z7#R>tHVP2@5ZFp%N(S%z&g3{t^H9G;rJpS(QrZN%C3KQqa+F@2jhpY+XMO^#T@8Z|T zt22DBq3ceJ(6a_MUD2hAamkV4c>#e|M!&vXmnORp8p=;$kV#D|Gq^qgp750*3@t7~pT^j?#LM>i`A z&O8grDySh8Va*eWK6~N2hkSfJu%hiaCDUY=g7=n3uXHL_O*?ygqh?%YG(>nX7WzOK z@tgX8Sr)8v=hiuIVIZ38m_-i_rJs=QIZ^FFWKa)Yl(C|fDlIoRjI|`m`h5dNyc51E zhV##mt3ZKUXJ9p(!vz&-2Hzek-^Kjwb)z2RZO!vk;de+)4a-<%WKDYhx&2nBgXMxX zEQ8+gMn~SSH{CX|V!RbG%!yX;!DlKRz|S0KpV=Zy@Zb{UvZTsgJ~yx)-wnD!#ME^5 zS&O`~DUPjXRZ+t>qq?52)0I8DTFntMz4mEq;A)z|G}+N-)8c3fPiu$1Qh-8#7#gjE z`I3cqATl7y3;~~&KKelJ$8N42MJ&FhcuM*#yt$BFgpNcfiKQQUTsG7IdnivoQzGxj zeh51fH>L0x_hp~(iVp^@S5NoPcw6se-(g={z75yE)0pLa=n)+1Jx_cB$HJk6AiN*l zUou|myNucv`QELO#yh3aAgDjD+7!2W@&j9Uu&xG-J;EjZ=93zO%w&Q0q)TsaFR`b& zW1Kt3{v}QlCh6K`1|_eJ9nc;Jt5s861F8VeA`I*V!@cJk^uhAz^{5!?g=&A3QM+C* zq>k9cWx_r89k%XXy_!7N%P)QWMVSls)n_*KUE>3E!K>!2vgJg%+EOKu6`d&o=@IsHx!{OCU@37?dfDvwN`Q zYz3Cx+z>n@R$Vgy;4BA1Co3>pTy0=v2bhD`JWyjIJ{B7OsjQsb5m2w_RQ~c zY>VUJ2H#kUm)0efrT^EeYJ{T4Ok@Z6R(*%&Ou$9Liq5!&6+HIPQCDcx<=G_MOL`56 z6A#;V+m#MdYYah6am|Cxa}{E7@?l!%{`ibr2C*8pkz2gHu}WRV;e|;RM7d2AMk-;t z;@ubpE|cgHnePr}icQWaBR z1P=Tra9h@ls8YjE%$lUSipKY~g1s?B2Kx`fYC)4hC9uZNy z(u_Lsy`R!`nX)D$`MGRP@@|7;<<#S{eWRE|IzEIUXXAt3f?~45Sw*g06^FVz*I+hOt7&ir+;Z z9dV39N(xq17)`tfjA1NMFIyyD3maMQ&>!XqA(P8xl~F^B0W@BbNj8nF^ZE}rKFofW z)E6g^87`6U|00p%A?E@+S6usD9Kv#JlfIuMWD0M{o0Sd&pMNaJ$vyjh;j=FTw=Cw( z$j6mB>N`L!@-AS1XSZ#3Snb9o?LI&?hq6LL9v8sEh7e~jJ|~a`F>ONp*fq{(tf`I= zs>prcBEKpWRrQ5*A2&OFMZZUf9;}pibo^1Qi*s0$P0}<*%fSc1u%_!{{ikf%p{7ue zXH2Ko-8wM?haQ4w^2;g@If`QF{E&Gj@zJx5a$d-w<1oI@%b?tN^<8&PyR$osE9WPS^}lA@l$O3m z`jjz21c2Z?Pw_5#9g_o1rCa`^8Q|N_ySLHjIR*+X$?}93`;`H|1PY6za;0xcd>W8e zBZ%0bOl5&BvtcL^+#@evRnmxtzMy8gi0ffJ=QdV*Sij0eq2S?f1#0G1SX25OtyPVLWQuwg4M#jl{mdja*x&4>vi&mhpGxh%VT2K+^W_Q8{Q zi!VP3DP1BrV!`I02KpEGefbu*JdzgJlu^GON_3B+gITv0HetaXX3k$DX@CiOar35d z-tRZ)7yZvj`WW5DN)W>8j0$GWnvj`2j*0t)N0E=VDom*y2>O{L;!a_MXKBM9IOYcZo12U}NSJ@LCzyuXRH|TI8Q?VBF67_~LE^ zmt^Ywcumtle#bYu3(phjbjeHJY;c^$?UfsuT-NWItdTf>7PD4!LhR9H53N&kGN6?5 zdnTXCTZulWe>U!rmd}T;&rScD5evQ6nxA|Acg>;SMiRs4F|BF1Fe9k4@4o$RnUInB z(W?{QtA#HhkHtw6WBa~W?&d<}NVCWej3Uj>V2$!f8QHQHH5zt_60pkhvKLzj-_|qK zmYuWIw{ZuC=;@&UU+%{Wu1^Qe3})f4Aec|UCS15EEo#@<^ln?v&mA(%=* z%mHDcV%A-T(TOhhg#z*Y_cPJX*!S+=n^@m!dvtvwTdaILWHcMDk2_>Jx!jv5u%?s5 ztx~7sWvon1s;*0ZRbymq{HCuzg-?FciJwt_VjGJ}UgYg(f;yF>Y0E37rNW}tj^gwB z&B{v@Cp*${qGbL#1w2n$ip{#)GxHc1ILzM7zKfo8+}lQ7es}}~|5yPSw})AL{@`p? z4@TIv+hAmAp0rZmoZ>W-npZ=lQ)Bbrgmtq|h>Cw2c(6eflfugzV=rVyI2*MpsS3zI zTYOTACKbEb%l|f!?x|Hfd^@M}y-=*RKAE_@&VY7Ri4}|Eeq%WAl4-YWh`jVCfqbNO zEzSK#Ur^$Gj(b3qbT{vrkIaX6`Oof^iT!IzMgD9AT%mK|G+y5^O}3=JezaF{m~_6r zKbYa}xRU9iQpKYa^R@MLNyq910V2jQcP#AH(a$9kqh3P-W68`rDSHj@VjHb{?jI+8 zFV?>=QI8cnNAu+c=8`;<3w7&P&1S8%Ir?!vO`Yil&x4*4gzxrS9}OSkReKccmK0{y z>RYwFznI<{?2Fh)c3RiiYwJN2Cw+&mu)$t3m34)HPHWFSdvC1GEV6f+ge3LF3T4j9 z{%f%3{qRBv|25cIsV~B7#lnU2tA#7+pV0-clNROW`f3L)L&R~v=-5g#b3VH#0d3Cn zqV`x4<8(jQ3hh`WSSXIB6MFQVh$o(bk5}Za+(g+^Xud{dF>U@~Yem{fpAlFbdjDc? zO#r;alHg`!Va)pIX^#a2P90ZP$Gmj1qWNG&*wuMLDW? zbQ;6(4 zBc$dr0t#m;_3pdki35a+qb#lBQ0R^7xTjnTc71fqo2qx<=Q2~>rW7Z^j;Ccd5 z-Xw}A!yc1;S0jPPc8>@etCp8)qS+# zdc29nx%-lSv!|5kKYk6^JZqAFJi(9h{9-`WDLhI``CtKfOILMR(EI9h4hpr&|F66E zj;Fef|Hm5=N8_xtPn$M^p0+&$jj*LA(F*L=R7*Y#F0H1KeQY9@qMyW2IM^Dx#Bs~Xp+kM|BR0+F3W`LtsMQDSQH!D(ecDiakD|1!P zXHHJsgfNH=|EgiPQ_kd;G@i{bVp<|9ge!Y(dBN9Su(E~%<=oKL-Ff}vhs$whNF}m= z96VS~hRsh)DoE0(P8TF<$=~Qnv>NlKF?Q()6bo4wEUeW`)#%Fm4N~THMP91(3ERba-HDY| z-XJkVx#~$;WQhD)@L&!2cJFmLpfkBEzGHN%CKc%%Hf`f0^h(YFMzxJ{Cv2se>mNGH zWa3X51~BUyeAZ^!&9tqx#$v1Av%F?cIJjhVCx+J{X{Kx4q-zRL^M~l=&!aUzn)+o3 z9+Mm-`OcqqK!p7xgsMwb+K70%2B|VnulSXW zNnl_6Wu7=8BZ@EImc3_rxmG4_!f|TM?D1wfk$dl|Ow5z7F-VP5C-V5><{m6|8(i1f z-@t8}Co-@XsbX<7^Q_l+ZyS@_m17~-I3+Vs-;qD{j3>=%)zY>R7k9qKysT^4tFiku zjojR4*eg-}yIl3rSI32Y#kY?6hA};6N z9gfw*bM<5g8wKVlHcsSE0@$q$QIr{-(m5mE8x^j#4PM@LD3ZNliRJ;@y{1E5(zD4c z_?7lY-`8&=rA*N^YlB4@mW zo~NuLH6ay*U?l0r@3Vg@rt#NiXw)NZ4kMULWBa=(=385^^`uyg(hY9U5c}#g^nJK8 z8H+>RGeSwTR9dH;#zcB+Ywft^8||1?gG`b0_c#T}A@VvMJ6ccgV13Jo#<&yxrFr~I7Uz6KBNn-mMIsvA{Ial1?(AIwgpc!snDy<8at9vj$tHZJ$Q;5amRugKVI zs9vIQ5EsUw%bIQW9AxP)UjZ}$eB|}Q9~&=5f~!Zh+&qu(+5FA?K)}7Jj6)Fqg}dOR zAvs^=z;qh8Jf23#-pXdQ`3AnU-^Vju&81`AlDhx#;ub3t>FnRs=||vb9lq>fa2(p8 zEv&0K&$2}%eRIAydOJnKm|JLlT>zwmtwJ(QcRgrnV5jVkrN>G2Rl2T1&QetB4i1n% zWJC?4w~)m7!(p5==CSj6G@prQu5WEr@KJY_8OGLqB(1r`hL=2M?bzFf*my}dcEw!z zv;*JRMQ-}R0UavOW@vrZ9G>jt_k!uBah0xY=T)@V=R6sRXZlYKdtQJyPtx1M z873NYdyk#Z!u$Xy>kN_1!0dE0xN{BmCa0sneA^skuo4^m_{I<^RU)86yV`>7u|gt+ z`hk7_XcCzI`H(-I$2rv%iNVWAN2|O1XWN;u(lY$flc2sf&l#L_2xBFzY}lW#s?o0={sP<=+2RAG+9Y+IIIqWhI<5sLx#B zEJo^JCI~%!^N+J53(a(JInUv)7aVo;&>$9;@432r$V+$JkRA%#ItnOjHFF!EPJRiiKi?npKXq%qL0z1(W0{Pu@&LfG39#xCj)^4%zoZV+m0qZDy7l zN5rB7b9gYuLUQTv82}M~#{XHIyAa{M7B`5;jg=akL97Mf&4pSR-E6j;SDi0|@P5TF zQi;tPPP;=WPdO?do1*tUu^7RI=ThLYKm)^kAWx58QYZcwaXJCz?0}#6!jDCY88BQo z+xU{O6bR~7uY#Atoe9-CwmdcPSjcb;uTBx&ghxA(M!aN`)}pb(k?lVF_LI&Jfm7nB z^F8q?WCeQl+dB(;Ee!KV4Q1Xzee~q0Sc_Fu!lrX`)PjI0gSlfd&bs>PW%c3npGJ&r z!z6ty4X3Zp@g6mq)^E%m1aHq34fXCD_+_tDE`Y9(I`At;;YwyRp|lGfleKEbO;`H; zPP#M%lD{ZmJ8~1CXPi&zPmRYvR8LcT`=5;hVsg0y)^YugieSZi3#{xb=i~eH6cmgZ zFsL6g1MMjQjKm++?yv2&R{5D7Rb7_4M19@l0#?>-hg*uz&SBW31D9Uio5Bpfn)0{4 zQB(Ykg)tF!Z%8k!JOHlJKo>^{kR5by1F}QOqeYs(p9Oy=3;l`QWQ*KoI_H0#5CnuL zbC1ZtT#nFl@mbWz|L5I*Wy9h-kHPZ3(mYJmqCx9L&iS-^XjL4vz93HNfaKv|!uwq- z1m&OBN>JE)6sAUjdV;$`r{D&7y~YLMNk|;Y%I~6i$dAq8o}av~T*4i5uEolthPfIj zK%wl@;AEx?v;w~bf}TI}?)k-Qu2o+P+@uM_NP0e6LS@ zLd~P>57amXsuu(`k@q|cNEwQp*$+tzdA}KF^&cnd;Vgt#tPf zYWBfMoU9e`+l|F*mVv8tqXgg_Hab?=x|YmV zdMZYH$W(62(z&m;iT#uXo9AnMB5X&-cTcRNnu@g4RG}LUn>2=_)4hKIB)le>)14 z$Ii{3CbnaQ3@Txhnrw~SKz^LR8psxUtXHNSNtnk5~UjZs(pw3aeiGM z#|<&LYSfdLwa*s60yS%q%HS%Kye{23M6V5euN^H~!)u}n^of5cLx12?B5{q$mA)gg z4&+w}2j@UaxHg%J_5j^?q(~m3>1=pQF_F`DShEEr$U`~#K5&*1cuOjgs|o8=Bm=CS zncYB`b&4k0KG^t~Bk%0!sM6%r>=DnTqMBe-iI>7+6gpGv9pE;J{ivV)-2?NeKQT}(_a5V>{0S2 z7qPbY7@DqgUa`0S(tvhLe$Oh=a6nBkyurmjQj$MMZ*m(am9K1CuS)`tNHuw*(X-hQ zZkcx^xZzesndLTPl+30%0X1UzV58#L*pOBjf;32IR+;BSHlZ3&IZbaqv)IYVJI9cW6?{Ts=ym%d_yLBQcY-_91A0^4=mpVW_g8F_;w*fbPL3wFf z{y}fiD@Qz^zDMwoZ~LyzwmPpT7yEd&#_#JG53j!#=leN#JNpj%8_mqRArJo-y;J4^s6x6(W(Oti|0O+7XJ%mxrafl2I`9$C);=%}b z_k7F}*^2an(G$$t9SqNP)eqhu2vl_!+Fj!o6TCITX2aOHm!k1{&_U)4vDg&lJ6~vp zrWT3PAf>A~$sXa<&@+e;%iA`#`Uc%iMtcSFluj=nWLgE2x0jTX(k4(@+aojZlSH68}?8px~b28IW304EUuoH@ZuSv2|$ z+$qhYARZ#CV*Z#=AvY%~+g=ss*x^`?!nkjk+Gn@I5f_3}k|5Ua?pgA@ms44d%x2zdR%&u|==QTXbdKaB1v zM^d?xLK{dLsL_e#gK*(L;?-|2f0BFsd$We6Y@^bI!V_~J#(Wku6;i%0*Q_Tq+KD-9a&*9@>G@KX@9y}`BZe8deI+4|y){-5 zurZLS&FM?TW~Bs8Akgxu?Pl`jcNm}3G`xG6)Y#==){ak5pL2o{dnC_y{uZkTvv-9Iu^FSL{~&yjrkHnfi4TY12k!))Vu2B&gdy- zbyG~8B2PS@!;1alymf`?9L8g`ToRs*z~lXRH|CjPZaRG0?dzWzkV5hO!P%{kFhP(1 z+J*O&5T@`g9kua{D4ucin+4kS$`zIT&6gBh?8YIC2SJxAb~~udhqiO*4;CwaNSHAP5PUnU^pb#;T5eJ8Z90HF1D8F@V$jny3H=1 zz0w4CqzF0x`b>fmb8xY!<{_{395ZZRU+@#l)FzBWJ}(Ho`g)kyo6AIjs$L*fL%W%u z2_};4uOfp?3zRGf*YGlk)&n4qkLPiU^(_(xFU9XY_&{fmb!v$W? z29Gz2#b@bnAJ?&vTLt#<_1kx}dMh;ecB(r$&kf*9b7zIAUICCLJ%C-*2qBDr=v|`B z&-AyORwf*I;XJMjq^!c<8*=Zx7D*2mG{UglCVSV$1s1zh91&s$cRl(T&YTvXaHSoP z?A_a?Mx0kj1Rk}jO52HyVt9M?nt8ZKRbZ6V@nO|Fw z^Ljsn87dqqw<%p>?)oXTq(6eIZ@qrg;~vOqT{vxkqZ!2TSM+(P!vVEW`jV;mOTK7P zo3Z%k0+PI?e_6=YH@@MJ#W+a8srWWz<-(okVzO9P8CmI0i=C6lk)}9VOC`02(nFiK zMQ?ORSnu67x1SHt;O|WE+(e90cy*Lat%otlJ~1!A*XxaL^SqMPZ*x75lm3PJQflU= zZ2)`F?_`&*He}U5hxE0Ej z$F)aM4*0-ae60Np&=j&hd3yM_R->aD{!c|C7<-Spjz#Ogs+f_*kCPsoQ#%8I02P*1 z8bYPP!``sGw&DQHCxUhc(9SsT1NXTBlUxL!7Af57c{d`Bac&hirYv+iQocw$1(U@O za>#RVrNxRw=qewGtY4`?HFR(MJo9h*O?}<%FZY{zabNshd;4j_i?UJvdwCfO!4)B&qQ(H^Y|! zy}h&u`8qiEtV=ucJ}@R6Ed#{bKV$OGZTIK+%bj#zMdfqXtCr>0tK*%8#S7cV`|fQ#m57Sl+s!FsPEH3z z{pKAP&0}aw9ema*92{4goLKd{>TVo8~_I=w){I-j+uAn&aMkvuM(U=OR zc}JrYXr2in!7i^%@9M2aOhK}@E}WsZiFBEw=uCad7_xiNrEU1DsJB$NuoevUvv6s%+r*cv|eK7)ztBGIu%4!X2(Ko#fFpK zGiNjF>BuH)JSJP#j<^$v#d%-)JtlZeFxfFT)6^6C7Xy^!`!P?1b|pw~Co%#=fC+nG znYBC%rBWi2zC5y7w@}W;w|Sqr1EmCGO@-l-yA+uk{w&Ip8w2kJ5Pt65 zNrSfe3Xnz$tmCKD^XCzfRlvxId*|%C^YNYZ>rLmTFOKIbDJ2))Yf%-sFo8UMlW8^g z95-jk_vm9Vl^+c_4nZ4-jjm4eymr;ng-DGdZDR1?g7k#E30tR)2G9PQRypj=n`IsO z)olg}n~ke`ZmtuvHD5vHPHSQ=Y@=(qW1*DF`OYAo>L!JHospYdwnNfl&{iZuE-#H} z%d6UY{M8|YVAbjV8`#twj8#K=_cyc#Pc90RtZg1b^%O}4<3S-ASJRQcM!n;!T!UI|9sJmblGgsvmFM_; zy*ipT*#&LuE%NV_6^HJpe&L-udio|QiP)_G{!-aw4m)e>m91~8*#PB`qr*Zm3;3LG zs(FR4{VWmZE`O6{`gv6aXo-hEhwcfV+}=rFH%zNj7+NRQ_w1S--KOH1Sl38tc;Ukz zt?r?`SK|cH_|ki!`=@<3v00Ng86Cd%)_WVYy`3AcR=ykI6{K3`Ug%?OTxM@{%Tu&| zv!{?H2fjnvxU`4rWrZDLr?_pH9T^n!l(&<+BRto4$t`z%SA6!Wqi)7C1-essPq%o4tdQ$*JfBQsBz+!5}$vKPL#I3*nrjJ>`y}kJ6 zI0H77xU2Dwq4&QjO*kwZ^t-g42W-_PCs`@-%7o=0)fJu>1A>(wP7BsAA5C|l5w5uI z(U;@(A^m926bKWe7ta5FTd5itVJ7q-SQ*RZK|;5lvTeHFohf2bv1&#bCXs=J8}!jN zv?~jKO3}RjYLfxSpULxr;O(KC&v)iLVC|+GC*iL}qAfR-R($ySY5;_gRI<-Cc(cVs zxOB}oaJqNj{4QnI`-zst;*g^(tr^>eu*5BRVnwD^)^nkc?=Nq#Z#JR)W8=!=FegS5 z7MOh}W;lLOmXI-u_Sm35>cHM+*2dT9E=V(PI|hf3)Bn)>*@9irpy={q!0H!E*DZE(9Iwp40~d zX$3%=k1!X>_KVqXO6aFnHU)Zn8@L9e5pejUE%GBno4WTvTE#3*fzjB*#RZ?+>s`HZ zO~{n1M(f8@4Z2Ynkbn~+7V!9?L&#Y zU3Xkco=q`-99Bv=UjDjIvR4E*$jn+}S8L5`A3_ndcd>I@=q zU3hZ9wZS?p#yl!GIXi_y*+&sF-`zgVhEH@pBK)wzM);v19A8(I`4yAn2>E96e#*i~ z=ksD$t`V#(%aU5%L!PmQsSpt_)Xl*Zr;--R6Do=G226H-EslQMGy z`v6ZjmY6k(T(zpUaQHCp3W|%}oQ|Y$mXb<5$^G-phK+Nq6Op`IT`wm>ZP4RMpSxXZ zK~}{Vl%7-|ewdI{%u&eey2)9{j=A_Lxmn}OjljOay^!%b(c-(~Z^SPO?7qBsOBI5; zp`q$h7T;r5chKN)awyyOlP*WmIT#y@1CEWj=Z9(lRxNKc5#&Vpj{Sj~POa}SD|hkI zV?a?s3Cu)_E3xIMXp&UxseG9Gx=#?kl(R~?bo^o2V}00bXsqAmc5i^{{aP(c-?)aV*eeeb#iWtCQHMxJYj7GJ*?5 z*zRpc%8yK7Wl`N|U~-JRPXvTq#pF(H4Jr&6!%J*DCXmb%w&b%p_ep?mp{(oX!_5kO z_|5#&SIDnZ;PU}Xq=L)DGbj9wF^=%3R^Tpb+d%nhaegr>PZWtjQ|qERiJPZhv2rqC zW)pL-@7a0Qc$ei{Q}Ngd>N&dWY`nY1XOIb>BlX)+6$dGmJ=UApCW|Ddv~R6yhe^g8 zth{46yVKs~4Y~Nz>LU&X4WcHjIq=NoYZH#_!4zH@_)?-=nO2F%4tewyo72!va9D=}CtQPD~TIE4~N);@YQ7m0XUnX|z z%ODm= z8*ia?xzC^j1yYeznjd1u)dXV3BmmbPtxj9TgpcI9C%!$2a=jcR8^>Y8z+R@5M9&m~ zG#1f1*}u4xeEeZ&b{8iPILztGc;w&`UoEmx9p+j0JTq`MSnh-ea=6!%x1r*Owb#j%pfXWo6YCi-?<#4CNS`bc z_#Oq=G@_{>V*v_Br6cDbH1bSsk-2>0@LD^;rVu*r(yU(t-)0w)S^u7`_smn|{<<5c z8-iP}SzECP$?3JRO|F!Y#miOsg*9*4qb1+V^Hlp=iQ|&XaMWelHjw#=7M5$FpK$}|l*Erz&q#eRo1<`K zpz&=3KzBJtsg`4u_fRB5!M9OrUMTVb4~3N}Jct{%56Zy+9_m3_W~=+PU#G=!|EgM< zdVO<5W6gb@6%;VmYCF{8f&-qGV`C#t@eG&G{u1J)f1r(6#br3D(>ExD7W)TM$H3Xe5VEVj!xRkBpae@EBP-ACeb=?i@HU3 z5K51joiWYa^j_Cndu==3RlcxvPdo(zz9{p(wz!9FM+w?78?vpxWl%w5S+1kj-14Gi zMzVj5T3KS%J)S)*Pi6s}_sEr!1HFYoQqW2!N~L53A)1V&v#DJ3TqlN6ze`dtp!b(eGkFwZ z2|1p62e1z%_63IiY7xFLD8|m!p-z&`?n&l5*$ETsCCYBa3pW zT*?>u>0ob0j3(X(2s4scL*2S@V@aSD03om7I^SRnu+p9%UHwDD)8(Pm`7f>|N<4?) zIIoNNdlp87&PuWy;Abo}^%t3!Y(WfS8v9?A7)kZVy`omWn4lc5nxjPn%dL3Lcm+g% z;R}g}8JUz>os=PgeP#$bl*@F^?usGR+HZZl(WIxCx`NB^G`CNK)9*n;`K%`&?oU`! zRi;e8$RJu>aMz0;Xf~Bp+b7AnY>smt{!Bq>aOFpF)56egm_EaBLz=m}|2rTE940-P z?7Cu(!aeGmkm|kHvfOf9X0EZZUD9tszT&#p%WbB8!dB6_CSJ!^KM5u++0U!nT(oO+ z`exF|5#YBH;4jyu_>dkQyUJ3 z>nplELgV9OKT<{9>&C9Ca+?w?Fw#|t_^>9`N^5qp_C(vP2AOey$>s0^ENpY|umw{RwaKnu{(x$jC(l zOq}$eRi%a(PsHX}b4E6sSiE{iVs{j;=WQ1caTR^Bmmx8TJxe_{q4@-jq!`|$8DaHP z+$eFcriFR64f}LOzEm!Pc2?54)4+xyS?X-SjgkVyqZ8(qP5ifHKwX#*y2a=t$Ac~+ zcd0HE+<9q`NIOUD!zKY=wZrIA3JFrB^#B)uN>^e`L#?joQ8_oq)gGjS?TT)o>ONzi zWSS~n-H&%*4(_6*;|FKq<;#u8%d4Ffg7xnfx_QZ$%xcQxEo)3=*nJl3m&aW5h(qwrp`J+IgKxETlkgnCeZDx7Y;L8 z{$v-4QIlSX^Q7y%6P7JbQbNE+karuvnl9nkE-pqZywW67Yn7z#jE(rhOGLg77wGK` z-8Sz}qP@z=(3;Mn>3g_dj?mjRZEHQZ(gqXZ2PGVWd0*54Wos#W{ZYWZ^@`UyitOI_ z#yq%3H|YOlSO1Xz%k$_qd^eGUWO-TWK%-lh0|Io^;wznsoOoXh#I#8O z?2;W2k&!7z3r7L$aCvud*xTt_9bY@`E})qSHa~hEYw76bjeMIKd_yb#W8NioeCd_u z-}m@ePvnu_bup4D;=x)Adjf!M<&|u(&aEbzugl?NUD;`l*QiCnxtyy2PNib)2yns@ zT3Gy2Z0B)6FI;}aci~dS#PbuF%(64!T!^10;Fs?;EbzZH4Pit2tA3fxJshP7>{*^+j3;CbQ*?{oIkae&60`Fa z(J7p-jG!X{D)DfcF;IbBQ`)wpiu5iy?tg{R!iNBm}fD zV9zTJ-Y~gh@Ld+P0dy@YIo+QY6Mdu}i_iCB;Nzi|WMH2Xz0=7EeLy4Xp8J7o1z(YV zQ@0;KAj8G-&%7uJOUZ7GpSBIS*LYiW;S=c07^tfg{BE|tFf!RR;E}eAWfRjdBJ@0? z)|!kRJ@b~wvV;2QJg=C`P2;H&4O1(hz%iawP-eB;Lz}nAu^bv#$dB`eP+;$o?%@e-{SOmfB!_aT0=+QkR*B?E+y+ zzoD!MRvCX(d7L6DT4+W7VFjP?10xMAskw=hGK)NXDgS7>)}^?++fUE8`-G1M#@2b# z_oC!Vs@X+QKIX||B9e-Y08yBidgeb=7Hz9fIdnm5fLjsclb&x@tYt|&`;}=R*%MyN zf@AG(_7L8E#6%fY(w|1ebZppwh zhE=l?=M^{G-nfFGGoo-Dqgr$R&n%r>;}-F>x}m2fXY~s^4y&lB!(=i!o&B=hK&MX5 zGo}hAv$IgqM93J|5C+HsLB~ex^vym-rM_?J)^YLUuDdTER0{i6rx*+yZLqBye=2h> zEk8QcR5P*DOK$9{-N3dLLfj?%fNfk=<8^rieMS{n*`F3b31sGijTIPn4t&1Pvy2CIt=t6j+zAcNHh%<3}#V<_|=)d+y6?58nE z&iUU(kBs#n&rm{?CQ@>!P*w%F9}e|B%p+N3OGh+5Ru``8kk{KNy5nY?0tUWb;GhVsA%c zpVpl_ccnm1QXB&2{Jcoy4d%bi_2&-dUjhSGpG#EubGv?f`Bxf1h$!8E_y2%k{_hCG zta^0wOPB83YYG1jJ-?)UoeYTmwKdMw|FDC<_8F~A_EC$1ziq`IKgF!j%gJTr_=6Pq z`y=_R=)ILnTKzTZzpV20ZLqgVx$k})2mAd`f6Y9j2CekO)}?5I=|7tO+t0w~V4hY< z7bN~yr5^_hq^p-*`vdj-uebazj25v+Yb`1p_X`Iy3mDf>Fn`oVsBGqHJvii_$%kgnoVexJ|&X zi_|Ycr?N?2n}Kz8yVM{%nUQu_Reev^>K2-0@D>9?LNT48_ds4GeulLZCrglC_~=6x zmnV{3buNIyNVi7t&ey#)67vBsQ3jTb=L8=rTGM6_gRCz+guk|JIrY9hB0P=APLil_ z>rFcd0ldD>Nza{})*0pSO!CcoG8@cLbRYfqod7DJMgtoUnIDCo(LQ@V#VGh1O_;jF zJ%;zlIozz=^|M?lWk+&Isq$hqo0pXjKnPvc)`-MxK3L&^cd037@CEfDVQ~e-7|#N_ z?-&n)lNMV}z5~p&Xc@_~|4A&QpR27ngkL>Ho8x48gS$&^0X7FlUoVps#pIqnvg4v-xWs$8C zS!DL9q4txT| zt?DRO6>Hc$GIOcE@ZITYfqmSfQSs((8|mdgl@jzb!o<1)Rm&1$pwTuAlMX6(P}w7_ zSmTY$#otG_x}CGlcNQZ&G6;K#dy=I|E-ffE*vq(h4{m}6R7m{L>Z_`e(_rb0Rm*BAJm&fEaT-PB_dF;|vrWS;H2J1v z$i7BtA%G-=;>3+wALVXkxI%Rc4MO%ws#i_|RpD=o%{>tjBS)Yk;G0&ZSv54nP?k`l z_Zio*tb^+htvGkVH3q%-u-?$9!!exK)8=3JO7`Y=38i_%m6P(6p#yTIhAGI`bNg5t z`2DL3^A6H*){UKz2HlgofOHO|k|hF{2G(8_+}ck#39eHfpe%LW+0PtakwveO2wY#K zYVLmw{|>D1-3so7Y|nKCdO&fN(jgKlvAPEh%PYjGKD;0;%D~+Y z(I9bUPuIeX$yE&ZK-C)^-@WJ~zHn{UvT?`0xqr7D+0KGFr&GC}aKIuZub1@|L;B$_`xkSn`#gw<8>pb^*rYRGEG#+Vrpd|wi za3Ve>^Gyxl+YPC!!|}?~V{WhQeI69v!jP;lZUBS02@x6Srdt8dVTDq=n`4q>OMb3p zWFNKJkCP0)8>lzhIUcSnEltG?G>+scIf{6gU}tSC988;kcToMDI^%^`fXXGJC}zlW zw{EN#m~6>kB=?@^$rQiu!nlIHKG88{I;iJx-FOh(rDa&K;g$ceNDq6|3nC?nYn0GR zgB6%8rgSB1|FjyaR(GjKdp0k^&+CK2>P^{BFYoqoQwX98>J!0jnmc2d)marETI4la z@?h7I`HfBD{u|Tk+#NQ#NO(uSR&iDO2??^g!JLjzvTGcDPfBUB5yXoqo)wX+Y(>Y(t1C_ujK2{lq46jkTOyA55cR%&!Mqzu; z@&=ZvmV9Nap%}R!)y7hH6;)P*9u=y|b7LWGBV9a!sI+GF$WRkU3IApaF4q(tZ~l<($FU z+;*dIcTHDzZv^+kXzTAnPg1R>i>(JKyM0***4vPj!KPBFaK+tAuTG^$AE`NLZZ#F* zsQ3Ru5`Tp@u^s~1L=N3b3pGLDTKvavXS7&V$c#)~<9zZ_Aev5$I@3%p>e|0T(ld10 z^Kg+2t+@TMPjRQSr=xsjD#XKi*jucU+%9yZ53T(g1N?mX8jV_18H4Ee`#=Bo#Pwuw zK|mv*Tl^XPem$M@rDtJ?e8$+3Gp)pPZDkWa)!P0sjXK(2u$R literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/checkmk/no_updates_available.png b/2.5/en/assets/images/checkmk/no_updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..b32aa619b9080fb9a7cb7e593c094ca0db6a5e1b GIT binary patch literal 3256 zcmZwJc{CK<-vIDw>?ShSGL~#(E!oB|#!wLo+2Scn_H~eb8(X35$!<)tWG##sGh#A? z3fc(4gj2uG1R?g8D_s?7n6EdpAYfwXJah;XK0$zuiPo0D%n?=$7T%2 zV*JA}Ca)33tcsG)xuT%2jlA5|9tv1!Q$o$5<#0{X8H7Q^4Fg#L#PvfRQX5CkKWFTR@fyBc;s-@vV*YPxG5vLBHuCKf(#`kjTW6|AxluM6kNV z8y|hqtXinq0ILDnQqUHl->;rUnvYY&ak3KU+Q)1 zd?V{P7)>24nGYp=qy+3wPgb9!WLqz zclB#xgqK%q?ta8URgK0pTih`*x<$R6$0*Heks zxM6Kdv50v^VGaEky_UYPP%t_+cDr8;NsZa_IKyg7VwIFbrbn%WYiu57o-G=DPkvA1ZG>_gv@P|2^z%DVQ2>!^wwIsTu_g+(51WH?YcPb=ed3Jp5?N_jb z=kb7=D)#$afwCbRP=CnT7BaXCrMd@)WS z#t@W;x;mF{1B2_eM0qiHV<(#AIW$v9=Y166`j8f6M)wN5MU5#C?cye{7No)|XY|CL=LXWCF2COVvs8#?)IrH0TWL`o}!%?YUZ9>g=kILQ# zbW7JBJ_JEN(agoDk93;gwn-m~RBu`bM2Y$ka~AHz1hFzkMdi`QV!j$Hw*OXXJ;^KSEor{t6;g+3Lc-Xqs7*mZb!;5; zBrKZrzL>|Fw$=})h2-Dok5>Bd@Y9!-pu;rI`zO231qaP{>W046CS_?O?Fh*sTJNMK zO&)xxSXNxIysO6byEtkL?xh`}YEds^e5@m+drnns;cB3^C?a$W6X-#oJ!oeibIZeJ zP0Zm4Gmql>VOFCk`qMO;)Y0>t#$OpP9FRu}uI}|N6SF=#9C{tiw<3qCuq6IbPC*NG z7z`Oj`u&BT9@zA2_$O^hmv0mdv5)JonS>&3oh`?T<4>N>RMNEvSUT?&-a!6QAOuD9 z7uUzkDi!)4Ug-2M0`cD8=$o@3_~<0rN? z^9Yn}PUNx6e#TXiy$hsC>EtNas2OQ-q%zR$%6$o8>Z8RUo;=E(3m6BRRLBpeYS~+1Mj;^>A@X+e&|E;2t)p|gF}=*Q zzqOfR^0FthSs;eM_i8!0e+7ABaVJ{d+rO?iIr<5)k+@2za}Ms_gl{_CYy zHOGJ>qNzrnd*>#&XzT4{S4%?bh!Y%bmCgYYsPB)DK_znaz&NByv6XGQ6)p-9#9fl?zxLw)w1=uWw%RFoFa{E?8v~ z)tTbQ^|R2kTX%oBm^^3o@^D^X-LA%w2W(q*hrGq(*Js2 zfd^fek@ykM_a}0~2m8dhD&w`#26rC!B8~oXStM;wGKkFFpt2j!0pd*>raiUL%oah- z8gX9$FRCPsGwDw9RdVLB6WYMYzJkbJoR+^~8xN#3KFza|uyS|!c5jzGBb6KG{cHU8 zs_@Zq!%+(9{pXO@W%%7O%aN*)X4S^J#GC1LC1zzeO?}pO3V0TmX8g8Y#tU;BGCwYW z4$iqf-}3=+1YVQqk@~KEpH@Dv?Nmuy*_4Mo>2r}ykqumTLGY+Mb#1qPof~q!Z9q0u z#v0Rj$)fvFjj;}nU5Cy7n>$Y)V)}iH86S_gdHJ~5^$jWO2Fm+cu9 zDc`fY^H&P+ozNOBi>2`Z<9L;gq~Uyq5nfmkutNa!fQKb-3gO5TEck^F`(2p9#?l@? zjeC=y(a&v|DQ7hx!yc1q8Jv5gBG{z^+GXQ^CwF}kUS43 zcvuRFe+4_w-A!j8OJ?X0mCVrj(X$}M1hYcW;`CtuuxdhDx*O|y_aGMB$@|?r`PiAg zK*n*dFnhbkeqW|&E&^)ei>cQ#6v-9ptty|ioi6a^@}leyICM6r)tCO{uM0IU#oZ89 zroRh7;!UFc6o~3Eiiol0OBX48UiY>-p25YkCgu%-Ez{Hd>QczqbvExK-!OZZb!Z@Z z)zZ@P-UGYSfAx}Yxe9Rx%T@-H524~S7%R)7xr@@to40Pz8f2BjcKxEr*Kj_i(Y?^q zTbWG!Pd??Dde$V0i_OgcYTvUKHpsZWN*4|8P>3#U+?Qu_YxUh6eF9(9;F|~K9qcEp z-e!rDvUu_8#fdFt;-zYW@lwm84l#?VJ?|NKI?BmdisB$T#N+9*z>YRvg7H1Z}g0(3~qu=B{%my}U#G zAyc+($C-R#aK#O%3PQKx?LPaY^GvLV+3WPX^0e1YF@;kOg&`BU*xJ`kknO0_PN-jn z{2B@0S<&GpH|sAvQvH;(gvW%DO2!gmHdL5OUSv1OetZfSO+5LN%{Dp1U)5=Z`otVr z0eds^1inajNz6UZS9tC!^XWQbU^MaAexD@D5c zB=sK;>%4U0`pAmje-mmtcsJN}4BJn7e>c#JL~MKuVg6UdeGIz;I#FUAa zVyJY+SuaN5f0a(=JO#L{X20W=f3^f*Jj-~@Vie_IP|hXr6L8uL^-Of@t~)&XAM~0Y A^Z)<= literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/checkmk/updates_available.png b/2.5/en/assets/images/checkmk/updates_available.png new file mode 100644 index 0000000000000000000000000000000000000000..d948cd1d7d70abe1f6e00acee3b891305d4dbdf9 GIT binary patch literal 4034 zcmY+HcQhN``^V9$y+_oDRjSlpH4-aUW7e!yRch}lf*37g6s1MAgqW=wRikEVm7X?YpU?OFexGlD|J>)EbDw+P@8_I*p7Xqt%uMtdXt`<0$jBHB4Ip>O$S7bJ zdp_zb7b~czvyY67DajC`Wf|tQ>FAwm^@GESz9zP@N6Cv+EF}M+Gp_IjKf_qb(hn~h z0rr%K)70#A6p|F2H?;F;OC@P5$m1_(l#C!)!{ccYCdOtX;^t1z6Y0}AM=9RwnBT7$ zB1Rt8ZN0zy5rhBU9JeD?$KXPNyz{?yVp!VM z$$c*jR9jtEZTv$UWgQ_{8&TEPDtuyG+A*g;A}oOptUOoBjD{<2a^~yUJE=`BYpyQ_K&su*;eRCnqywKB&EuC38oFd(P-mmfnFKT!Gd!P7^iJl<9#X zM@=6l*@b7H@6ezMx<~UT(Mc8dIYcxxf^C1xq&~uzq&$HSw(nL9ckGt&7snPapCZqe zy->}j%J6a@;e~R)hy$FKz0&()DaUq37$sU6O%Qq+g1;LkJWHSCw9xn}8{Cws<9UB)odp^yh5J-@gSEWmZ%YNpH%#+n;NbW@R&4*qWgDL4|Oxx!rLy7UKV#7u8^oIPkkhvc8Hf zQ%0QEik}^UE{(3xmuwxdKn|G%VQ@GJh?x2^F?!9MRa-PBbJCM_O(-i~k65p&%UALH zN3C0dkKwBSE8vX%vOs`-FB!~vaoHI7w({i7JjwY|d-Jx)yWbi)10C}c7Hi4+SF)yC z6j1=Mo%vco7&P8oxVq|_2zI9F!1-Y-rxwdW(oWW)i7;%I&UuIsdF`aT>7D_Vkr`ms z8dF|}>5(sXcm6OI^O63=&RIwbB7w=^#AOUkbkd1}?8B_ST!#%mPbLryAlr8PQ5VIJ zK>T}l?$@s*QQojs30TSV4BAx*{-WUDHsBGbKi;g+q7fx-WofCvV|pf0!6td=89pKxVaQx8!b%_lTBMnoR8*xt}qi#mLlHq>rs)VLt*m*n5_D zP&xJXW!>*|IAD;gq(`c^(fg|qvu}6fy4snL)jjde72l~21HPHikr{I0y-t8Ik33WX_^l?mt55Qp$dT7%7)xUvyr$em~>`>F3; zdO3CJwE%e#=az_BY4wv2PY|-tyZqS=wH*hTt&W#mHMzqTJN4`b6J91Lqy`9ley|XG z>FRQdyT3&bpzdpYEWA8Td;r?SUSYL7*<0;iaraK}^3pzSdDM?OzEX+DYQ zY%Mi5XS1!+vY4a9Z|)juvF_NKME6rw9XZWYXP(L^AITLOVHkY5`>eeb1s#|VM1JCL zNtb#p(sZj~Kay!yBj{+BFm3+G*Q1&<7& zC}G$q&Ul;_zggh|7xc240+xE@SO7KQv#_?lQj)}^bOc@kh@8i7;p2#Ucyrqq+=n^p z%`sQzq7?nVduyhrcciO`0TPQ6Wi_{M^~`P^CN`5e3)OgG|2ukXxY}#Ew4JWChLgoEM*1qzJN4DPaI zK<_u+pO2{`WiIX8-VaFwZWYDI1U(Pg+O^hv(0-5@G4n-Imw2mffDl^}&jNBP-SCyp zA+%$1%vKE%hQqNnMzd^^*Z)m6CDf<_~C@xP7SEJI@=9dS*|g?jCGgtaDiTzH0av(pL=oyZLN2k)2`&XO$tlkCSo0{@){XUGJi=^w%S?*pQ;E)ev@CbZ+M1ImX=XAQyZcPJjr6!?AHE?1tc~_ ze3h~fVBgHaKL zh#DFcSYykU|LuPL(KU--d?)vBZgNZ4IfjQwsXcRVxD>jo9o&)zM9TDzL(=z%i-15g z^I!Gd{)8fJMxXxEM{Q8QUV@gvU7Pv7Mrl;EoI#w@Pi9bwL}6QtuRa?JP_k#JPps`n z;7{skygcp!*s+7<7cCmbRs7}`Zi(`Z1X<}wx!bX;Byzw__u!o24`3s+bLqsuLL{{ zo7|OszPz?iPUGV!;KQG-Ar?$L73G}oO&U|pTpZ9%9ighsQl~HkehCYjef?H!K0a^o zE=}Gw?6PabE4C-ciIkZ`p7BL1kq*X|aY01XBsrQFbXMRKOeA*6z2$8e=n_4t+JsC7 zSNE1VIMg}1r~#hJ@^kH^;Nn4pB*DG9;uYLFxRu?J4YZCwau)0`h!voTd^P)S^&qT| zuGL0$jnOsji2!Mba;?!FN}QYss8YiYg?5= zY-arMSOsm-)ad(~B0W7l{s3HWr_-iSn0-;lvRXrHi`h=pxGpsHQn zASuMZIU#{$CY!>L;QrOOGld;HE*Vt+3t+46FkrO&UGfLU3ysw<$U0V6P#mQqK7S?uKScn29=G+xXzV;f2ut0G3JgGq(X zxdm>^__$v#tR3H9zFXZ$gfcl|21bcVaD8blz9CNwb77bY2g-nZf~HSbs4?jkB}MZ9 zmS-U%igQFkJyQXjB4jkFRVn6c%cr9$WLCj%bfx)O@W!4UpVeLngD?+lqmk>yVv05~ zclG3%;fsn_H=<=d9?8jZ3So5$#@{^!*RWEF2*U!0>srj2#l|#Z6Fe*@%RixrHIw+< z8hMn>Z&e=x4~1lcX0Q+}WZ%YP|76{w!kRwTMW4*opHShov5+ViEh3DJ>U!+^1Bi0N z53cv$I8kdl?&-*#cVlUH;g-z$!7N60ITgq8Ss<7CKi~*~d`37y3g74b7b3YRdJ`@{ z%!NlbYvONuLr`;JQ>b59$^VUqlNa=7<0Jf#!2K@~#t1UA#L{DD+6e-V(T+Xkv=!6M z+}lqEmLu3RAfm~C3&qD?04PKA-py}UgUc%Vfd=!ZipnG7j>_y;@zsCRo literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/favicon.png b/2.5/en/assets/images/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..fe6156078be3bb14a2035117bdbc5d116c0cf470 GIT binary patch literal 10281 zcmY*fRa9I}kjCA0(4d3EFgOJF;4VQ17~CbeySuvucM0xp0TP0Ha0n7K=<=U^*?s8h z(|vCB?UH-Dy6THkRhGp>BSnLOfx(oQlTv^0GyiKSNbeLdNJahL!Mdu;O2E{8CqI54 zAXthkiNnA&CZIo?Aij@Lo#gaf-p4n?JywR>Mjb4xMSzOIrZ^$sl55W$JQSVgy|I-4Nx7RI|E$|t_ z0|*WpxK-UA-+6zCmZkgCgl0Qz7@aW*Rxt3M5bg3avnUST- z;5m>K#RI$OX-~53s@YmN9rSO=_uJP=wGC?gYL;cW4`frT(&n+G47}h*!2!|`zJOoK zn#R9u5R8}X;kNkf5WfWc!4PfzgV^WR8noyqE7tW|g1?68bmPD`*P)-I_RiH$iV_yq z=iYQx6BppOh12`EWBE`guJF((&1bb}4{AB)Lt9cTHBwxFX792N!nQ9#E3L~={V+Geq z3XccqL}6>yYawRo5;n+48Y?)n+CJV`tN!IB%HQmI*Xe84bNpgq-!F$ib6_LaX^+EJ zH-fpBv(w(i(4Ge?%uJcqg9X&oe25g2A$VexTYBnlgNox;U`cKqprZ2EM_;2$-ls~9 zkkjEng3+IBXupe_kEr{A71(Dmcv1qj1u8 zB*Rl?=Z*0Jet!0XbWix^>dSYAl3qt@*jVP%nepMtK%P|Ql<}YKUOwXrPYXU*BRaRyKOr-|X)lr|3*s zvX&0f7Op_zmN$;LN(8(_PII~Z_6B+7jcQhnk4yDHFiWD^6E()L661#P@3xs2tQUg2 zwaG}uuPG%fkm!zW4zc*M0xP=zN`35-HmZhC1A@V7*t#WFoqwq>AHNvr7QZ!6tJ`5$f|T1H zv!ikcDoIkZXOCgf<%`yNe~$h3uZYvj_}79Bf|3w+C~p4GogZHdqZxY)Kv>~RcyY#h zM>JsYyt;1KDKqUXp5e!ph|C$d9KWlAH^H7Afk?s(XavDbIf0zkXqnuK=MJ!lXbX^!{0x-=HtyNPCV3U$KsDVJN&Hck>n(?>P^mK{WCtpVP$%rQG zi^3KV`s8N0#BrC@->k9*?(x-Mi-brCE{Mdyn+dZG$RYw?rsxDF5$M3XW1z*^0kk=U zNuIX>!Fe*`yYo8{!B8qs8<$c*(cj4*hjGo-J4cE*6c~hC5{F!WwyanxWMZPx@YU&K zqLbOAB~z5}$4e!&kkGplVq{@4*ZV4JE~iI=j8<{;`;GRKi1}A~MK`b9$Qjf+Dz0cU z9Gp1&RAotnf$sx^7GUZ>xxbNurjEUNM@jBpUeMP~erfV$f=1);EiK(u+#Qv4OcSGQ zOh~YCh^5%e(>n*@_{gl5s(6@yX46?hId&~g-JZZIC?m_{4r$KYu=ThAxxkwwYih|fuQpI+43q$t`2x`dXw(%byY78}x&#!_nXe6- z4W&4rw#pm3dxJf!Ibd~ushZ*i_r!FOo!%19-4!+J za-P$kaPitlC5+Ht#gZy07=p7=RgqbAc4Ac~wYbl?klvAkd&DrO%Llz99-EI0bxHAc zPNqzT4BlK5UX0JH8%WnCYNZ8=spwO3pPffzyqjh%ap~xQ*1($F zT)S~ag|L=Voy2S$c&4kQMDlw)btCD7ux9xC|M9%Eq~+T(-*oc6Kx+44!YM8g4Qp9|{?$tl zEYtW%#mMvuV>0ksb$a={>WtI$2fIDM^R}F~(;LSKp_x~(gT&#F;qZw^@Ls2ydkB9J z&+!6s_7^gkzB@pvjix*>JH#ADHZDrMhI4atgER6tl4&A7xH}XX$7>(vx!Es$H@dUY zLtxLmcSiz4vjjjZ#DZ@m8#eHBd&tTBiClaB$EVaO#QQ~SF*T$$(_wYsAN`TaZ?0jNO;T|QI z1d*3VS2+BlL zQ;UHZ%X_x-c_%>ya?zM>|7`qG!@m8?^VTb3`Dt9DZWZ;-e`d0(gS#CglqxnM!HV3Y zeQ);~YhLWU$ru~L-=e0w4bWCNE(Vf#rpGSBTS6I|lEVsrzA`_<8f=K@Bohm((l;d3 zKqZ8_okhB%{l(Lz+49`aAPgPfNhdlG1AdD4D*NIS!C?FGCq ztVlzEfzz+)+a}wTe+7UbvUg>VfYju_HIe_QMsHgc&y~kGR|_j<9QTtn?+gx&lriFe6<;N$0#wqs$a6ago}h@uy&_WohgHSvU3XxZM@h=6OG` z8U}tUlsLCOzzRVG|BQ}g1oC0DyKI`5BH3Pjn-AT_}rNK!V#(2H5FQn0|c&f{1P+xh)K!=|MpK^ z!^`U@foFl;$83Y-43v(J(L8U~ny=Rx`YzB{D|LW=lk0LcZpEX|oCt%|rtH&%*uioBhtPDY1N+>U-Zq0hTF-tOPtW{ zzHr8EB)UN3auz|@V&S;aNH^W-2swZOAIWSg`Wo|u0)ADqC;Yh;rwOd|G++S|@RNF9 zlLp)+zur%ox3d7&kw2(+$ini9!p1~<6q)rTXB0UT;rm0~tD+U+xLsqaEI^M|yYd`C zOV^h!oXiEYg^c6>3H^sabENQ+z~DyzKmAx1^?P-=r^Hq9aVbh5WyyhBESu{ie1?Lw zyK@h5sc_$5)T!jAEjR?FZb;A=k(0f{F4syDO#<7UBOir?4C}X@#kMEV~L|||5*Jnw2eTsB<5VAz>^(*0@VT<*&XG-bu39|6=SJ{d| z1b&k`i=vX{4+;q}iNn|&4tem-^CyapxUt#t;G~EsnJdaFwwyMEtt>1gM2UQ3QAu+Q zm!{_J^ew@O`&!Jmj=NHv8-$EE)h`xULwpNU2-O@Pw@-RoFZU+!Q7{9r^j6B?*U>w20K%$WCDm)NQ*W3(}G6!2iib)}XjtCA($l($k3+a5eK;tl?w)dRGT#S|(vY2Lj zr#1af@yK8|Im#wKp#vgCc=@cvjPNcxqeP9H z{$7}&!AbPbqzj6OlDwt7lL%%vC#8^^ht!agGihH6EUr<2`#fn z@!^y%s9&~Z`w0#GZJZQjXWFd_mm`Rd(&7>s8$WV{?Ec%?GX4*)((g>Y(>61(TCR{> z>goQ~`} zUOb0Oa2%x{|AqGsijQCp)l~ zSS0)AZ}z>IVNHqJmbC|dUMk?{`m`ZA9yTOIcgupjo)q~;*Q=b2ayBw0_g63s5KD&{ z8U}hdWpK^UcEWDu^g3-nf=BX449nMKnI}V&3wj6cy}J>v8bE;vG2GqYvV-XHZi0O# zq?dSTbE?RmLSBTHa^qj-(BIj43Xy4p#bD`p;qfPw748|MwB`g3uImqO&m(ZZX`a$^ zIhACd|mH$(Wzr~tlX=r|h6^#c?^CWU!gYt|H0W}x1+Hw>y;iP(vy{T?17~|$YJ2{^DitWjx!y<~ zfrz5SKW=$UH(M`Aj{x51FZa8#E;HumRu(C|F@HHIj8ho#B4Jvf-Lqp-shY_aApbTk z)9zw-K1aMO4vJ(tSo5I0ptTtLh^;lCR+Kdy<zDYPAuEu_DU6Z1Mek3dkrAOl!Uw0?CAxVUIn|3oWl1^nf-tJ;Yki$XJ zA$K^NBLDMIgj#$r4tG{_xI0}v-{?#Ajb^Su=u}lDArXI`lpzED3j(jt0Qe**_bm+W z6g;eT9fF`O^k%Vu;MHK#w^f6?_eDRX%!TJvi;i+CgHogxhd7u)TQ#l(5n!@p`>Mt+RJNLAibK1!1Rg2SkQLWX zkN#DMv57r&Ox@T&NXxo9rT8Ie$1BE~0=pMI(mmf|3_xAsbIvMU+S}ix=EDnav6_!~mDrI0Get7yYXTq#n8r^7acBe^66` zaJnv}y*s;88R-$lZd}eAab#gc1PP7|q+SqM&g0@1RB}$!<*eP=Aco~B1AHq&NKdZv zo*b{~*OdNi_>n<@GThzwY}yN zk`Xq`Y|~U9Quh->iO$sa?H~W6sWSVQc{i4dDOe%;TXtf9djL}d!Y??ko?^lx1Spmn z@Q3T7OH_a7vP~O%jbL!f@3o%R71Ed24#{Ni40H~VuedBLXj97KkP*GT*gq8TJTQb% z@=!~2A$pL4o!jUZA_d6<2p#(7Td0q}>d~^T3g9AR;quL<+_EDZL6S;S>c1mPzMybE zghZgqII~XMKNI{7Qs8@~#|1Pw{Ur{f4tPHVZ-4*#XZ~QJarSc!+A|gOE>xMEI&m2Y zMU4t6;1V>z7$3G0=kk>jMd&3y3C`7{87pY#F8OfL(`BvRc=ZT#$^Coy=iZq15~PdA z`faSc?$b6nhl|e`OCB>JEIH-k4YN|`b1JpGETgE86dHDf7oy=7LMO=g#3?+io}cYhw{+>upW)98_#srqq zq;}eN(aCM|>+($<_2=R?N79jhywveG;{Jyp==?Gh$;_(ZALt4 z8PqeS?5awd5L~+dPBHx0-Hk8))@yOOXa1Mmu>=6T!krUsvs`1Ycp(kWgGZC|K$MSP zGVtQG_ZUQjhLOv6uCC$?66E$L2!a$0r+m01R87CvTxpyzCr)36&o{$=Y;R4_C{GVfBPRpgF-ZYa8QSO}qJ=B4ah?o>bsht+9~e|?dx z=8wp>={}K?cPF@~6=>6copAAV|FKVT%_eAeSbQurLyP zN&LiDVhP}1(EPYabtH1hpcGO+-!=hLL*?&1bPVhzZ?b?4yTa`Lh-uT@)t2K78Zv`_C5a%&5#ADxo26UO-D`W4mHEX`y%J^LBg3b3SZ;0WkVGS z2Bk{I6?q@N=FJP2eK+U?;_5PRt)UvM2_Q%RpdAmdmQsX_T{ zOhm-WB$bidpWS!a21DQZ^SPTu{cZFGG2E`wBkkgn=og6j6oa2j$K2q3kqSG8Q9VrZ z)`h;M)qL)_d?ju*59EAXK}auHi380uqIC+k$CrSI8c*k(qx!oe=@+ah)${WiSYBO= zsd!SKik!bR+0;mX7Y?qk-uVWL8|tOm7@dYuherLLBlwSf@u{PAJ_9LPeM?NVTpkH- zhJ)!B;h|xI6!k!aKgNPqbV;L}Z?xz{f@0$P! zXB{T{xuaiwU-<)mKWsZWtJ!BMP-E-^W}Ae~XXI})WbhYTy0ek^d3O=SFD7;zLmOqz zDh<+g@KkIESY8w=)(#l!n|%c8yR2)7*?bB0czASh8jV9O@`w2m?-`(CwY@WsXZt|4 z2wWXQjO*tiF=*GJAKr3ve=SrRUEp@fr7kEG69|o4a?y}%4tBw2^u zY}}0NOlP==lm5)?y!}iob6E-BXvDxoDV*(g?lmrD2HIK2L!SV&uPI;d<1m|%AJ%Vj zFZ0>uFENOo**^<6C42o?;n?iZfNyFHT}NG2Ffz^}u;_+y%yEalhLZoyk~T_6J?IHu zH`rfGj}dp?k&tL?AIulk>HK&|^c5QoJP%OhkM`y?d(xuPEj(6O)Ipiv|6Rt|4$Z29 zQtQOq0m!}@Zqww?O3;Bm`uWH1d2x5`h#e<7wSTv@Vflrn>gK7&g8=dyPq8_;j7xtq0__}Wi3Kg8uN?J{ck|NC$GI(4|MILFhdYhQ5vIk1B zK5e6_xfJvrz5KI(e;eW$2nVsp=o&Da8aMfHger2so3q%+E)$;1%S}eWi3vM<^4xu& zg(bNl6I&^Fvo-iVew`AINLbqc;Rzh-D|(63+`G z{jSXK-)n(ZSU_^=YQuViE^+fzc%}Vh%zd9o`@BD}0?uW!nsR3)kOoIH?GQPz z1b6tM;dJrJl_g4@W6>#BH#3`d4yZ)RCH*uzo*0R)Lsic5S%BJhkMVu4$oO%^?SNiq zXcgHgO5b&A7|1I(qK3x^uw!&+ufj`^p!2q<3Zd6fWbj}OO9DQF$QvSmdxUwN5aXi_ zY@QB9U{5DyJQ{HhC&gHR$nNnZfs;X~vhHqg##?-$J;;iEyOdANxa4Chd}MFCUKx0k zSz?nx`P_wUbfHGn_0?!|ZL7_0cpW;uwo5WjZ_ltH7XjlMJztU$ZhAln)I=F*TT^xm z`N8ki5BvnXh!6KpO5Dx#s#e1a<8l~06?PiF5KNEL8%kXs6M!Pw4^*Pgn?ssCMv;>z zEmSPtLC4%cQA>VT+EIZ!;ejnnqS7%yog>SHLg>1|EsItd9Hfcz7(U$bzd1<0YM^>&YOU=z}SaLUl(yrmhFlp&^baGSY9k6v+PBx><*}M0A zf(#}JhuwV113K;A2vor!`Nq@y)Hhgm-4UrabvAKKf0R)(P->zG#2c6T3c4CM`W}L8 zvE#rlC63{lkuxIQP&ry*O<-$9gv%ZGU_8mq>~@Av5>4Sl4J}rG&r-!PU(KKFxB#OWhYr2z5PcwqO z9%`~m!Qe9EYN{$6cB`HrV}fNV zYN(=l8-}P@A5o-C;)3B}+!8BCTY#4ls+l>(9kd*Kj=;K$lQ)UQT23eT{Vwmmz>+5f z{_PL_d9C?LS>`v0`mKpk`u%7{a!{o;w~(>fqdx_TK^FKKEvj*!(+V4+bycb}1oi}c zZxDPx*E7BUsvkPzM;jOkglu$CJxu79*|)6>HUi>Z}#uzw&qu|)Gy zH6Uv{>o2u> zoqJBAi0jfcCPr#cnz6ziWvE}Jn1}Pb&lxpHFl|!$6>eDZ z)VD10Ut-n*YdaIal)`QJvU5U<^C3G@VLS?k2N@J1-nnbD(N)jc7)Ub2wYn@Uqx31C z@ZV#Y6HFp?O{->Kt!mumuGo}Typl4fr%m{yA5-Bq*lC(o@9Jp;L&CJUYllPDB>!w4 zmfx6%*^Hbn$>-A6b9>sr)mSRg-ndZXv!H8R5oGPYJR~{zAq`36JI3qCIw^!1`nJsIuS>o7^MYU zjgd>IV+Zzn#3Vs15B_dTx;RJn(UZcb<{h?>XxDO|^!Y$BQ>H{`LBE9XZ<0))GX< z#Z~{nLB6YMH}Lws*w=1f%bmT8YsS-)jsu?8hY*&n^5Lsjo1h=f&k||ZZ(+1uY#we_ z&1*OGe7q7%K>aJt~sf$!VgXpt3#BrLfSR`&UvmXU_wwr>3F| zO6>&A!E=FbE3GPxf>NJ=i?jef*Vt}K2A(J=czyrdPzPPht)3T&yyW%0v|Mexd@Vez zQ4~F_tzA6rT)j+nu%3@l;JlNQ*7h?!$yIfuR`eMZDx*o3RSQ_#p((vilpTRd3}I$$ zSEjOKy0WppY#`Nf$cSI4TC8`#uTQD0Zr~@)PI9K8$EHf|jtKvnXikM?k@yOI2wjmx zN;4d*m%t*Kj6*5>7F8*cKAIkW_Yq@;Pa-T-j^N1YsWJwAx7fC{?CHWZc&zW{5G}Mo z77Kxm{!(^GoqnG}27)F%NB}3s68(~xFEz;%jzs?)&#=Qn;Prw599r=4zqjfj)(kr( zf}MG?AN_6juuT|?&8EXoR36Tm9|E6_2KMmkn;U)YigreH4sHM?KCEq?C40kS6aH-t z_rvnH9ga6M-kIfn6@$SE>I&~Zv)>JCeb-|17l%-DZL3xPiIjV&)z-97HRJRCLp zfo%A6%wC2*)ulUOBnn_EnC(v8h*LkcoFziQZ?4nlX`jwm_#gHKU>CLbxb43~-GvTY zmR9RuJvc;^Ey7yEd#{Qm3X8X?FC7)_xxls8A-6E}sl2u;vFnQk?vAJY#K(u4;>N~C ze4GkQA#gyQj=q_hdf7~7=9EgmAiFACb`NIzUg+D_w)>O=OnT_h8kzGgU!zcCiIQ4w z_ls#xVUl87r;xqMb!(-29sk9S!}_JpC|<;TEZ)fJ`4@hoPv3=R=ZO6e!uBhcINMiq zt}dfeh!urdGfRy^9M9=}4g7BaseC1}ui3rY$>=#tFRX_W4W+jd1!qra~M17U2?iO&`i}fI(A^bn@9Sj^IkRuR_98xU$WHo^BK& z)Y}h*wd+xjqXw)=FX=LcXNg5=*{9N&oqpUZ*r?SX+$tuf$-(rD=;-7`pki6+>Hkt) zYu<^77~#UJCf+Oh%W^M$HxFd;^?lu1r|G0V)2{+?I7#9MrxYDoAwmz$`EGIZ4{*{| zm@lrubU~*Xu3-knnqnSSPEN6J&bAZ4%`B|EVljvxEPYP z`589p6vn@O6F8{6dLWPsvn2;W8_WyM#ttbcuPHDzbavWy`_xyVYD|Inwu0*58giq# zqc<84DzHU$q)lvY%8lw>(k27cGA!tS`6wB^om885+tEIxw;O*Me&;&rdWG3K@JAls z$W671?_5@bSh7e`H`=fc8E@8=LY?6IL_XdIhD6o^%XU1Ps#ruJ2@qIao)&UiPcj8D|_uJXHw8<_H<&_dGR-Y1#;~> zeA`hZnk*HkdJnFETTSGODgI`WZEaNWCvmXo`y;ePK8%x;F8MHpP_?^H8vn|K4DclP zD$``k5I%qqFQD_cINqG%MfPmTZH$uMR&$`bdhQLL>L0l?z~3)80xx?G)P>OPn4w4} zjj(ajR88CpZI5X&D^EO;W;nHv*aSM`qB#Q-&?0o4a-?TuO}QfVvPaJ>+1M3GnmKX@ zd!5*(s43R2ACzZ5D>aUhWc5;*9i$H-x>$tdJZSK!&ZRweO%|r;1)irNfQMPMF>W>U z3X`;=J1R3;-Bgcm^PBIYVZJ}P1O48LeR2Vb#)BJL zRq-y)s73AMW`XBzdwF5_004l#O=#V3TMv4tbH9T*uTmq#^k8u_yz!Jk5QxI3)S|7e z+yyrXrrefCt4G?ysril&U)3a}0J*$bAOh zk=B1*{qPFBBXzCt5yXB;fE{*}Rn*yAMs^Tg=>@b7@Eo5>s3BM^f6PR9e-h$=)+X#~ zlgD`eORIa?bs|Q2D4H=k_;;;j7A@|hJn&OW~aPnw#UL&K=NImVfy<1^T|j~Tpw4NM!sGx9peJ|zm`A!9@MZCv5VrV43ZW7(W{#; z@#wC_e|YV|6jH}Bf8GzFrU&Tr41xZ^-8jHKDiD-6XH^k%YbK1>?;jJ3BqkaB3QJzv z5hkt%Km)U5xumkr^H}>|Gs1}UIEP(j;dmlFj-SH~U;AJpj%j$EfMj%Y+&fLfo{iVG zp+tn#jDLgK=3RqftBuK8s&ztx8v z(!SI{ZIEeFPg}W?S*4o@EWx`*Qbp)=Y({rC0XuE!Ogl-Cdy<@5qSjYK!WfKW%JsjD}^>>uR_+t4J!>(sI zl#IzisdRpgAMsXo$KpVX#)Jb2&1#b6cJ>l>DJ$B{iPC7QEG*M?1K4u#Vmy}g#DUQM zarsvP;v~bOo%(umRPAGP_HL8r zjz&0Aa&**}+~)sr&Nb-zF?RBeCT-v&=WR@ydQ;4DX7^Qd4bR0f_Yumj3uRjk-Ylk%no3K@~_r>;6yl2^J(1 zJnWBEnrWz28)0*HO!QbRky7e2SI$zqoaCWxxnA=xhh5s+=oL#SIcFjaYQ-N%Tlp)C z4-o(ET2;QgVyHvtrK~mx0uc;Gm}Jwtc*+MbV}EI!9CzW|8hxloFK*n)45~eAuIUh2 z0mR*>C;7{`c(T6&%|GCrO|8b-YB%k&0+*yGNk^BYy=leLGiALEvD(F8ksiGK@f+w-L)}EYCK{@RevzEt`M+0H+LiWkI{E^7~uEpniU-BNu zLppz9oI9Y4I(>$-x;KN4*Uff(NAE|PM;wE9Yp}n!PEBnoylUZnW?lBbe`y6paG#|d z40gv0V{37DPsDhB$~}vJ-{8dBB%UUCJyGFDVvoDhk4yRckFC@#zywW=>{6J83vz^z z*Q1-#@9V%n38jRo9D%-nU$0hK#nv)j`gJ=AF$1JToqqkz)Z=Q?eLPfnGQVYNcfH*& z8~(Jd=g;BYnJ8j?K8oG0q);PutCB$#k`+u$E|6So|JU+82&(H2s|^0Tam~dC$E`lL zZz_Ay(+Vh&Y6b;Tot&^B-kal7A1;$8B9Gy2`7$*)6Si|h5!E{NSB_ybsEK2sgtb^q zXEC14T{z$m-%bL>xFhNusPihJM_q05bR31amHf6tauRCWS_mZ%JmK@lF`tn#*|>4G zZ?}N37503|Hw(g&w9P)Im2E@gl$czfNZ7ES+FNy1S~;z@n*Dgmzxjcn3V?TY7eM@e zwgZV*5`&BED&K`W;+h5NB$!AC23Rq}k7kDVITCu8x3)!hoTFZ2NGGk&#b16$`p zrrn=(8&Gp<`d~4&`uP$pQvaRN{xi-Ybw}03T=gSu4C|!M)+~czk)}UwDBS!Nn6>0b zwKC5;q;37u0$0=#CnQ=H+_`X9-=AD^nVaBdO~K>B6d4+>4KGvgfnUFY*6M4k@g8ba zX}(Qj;?h((e+U`@bMM>A@jGdy^s>}nvBDUkig`n5k+iUIzRGI3pt2fyt5qeSxZ2*Q zwUYYW4zC{h1l~<-+ZTHy$H{2ve=vb;+R*kFFuGI#8J-^+Ys#?w0I)V%u$Ot1heaoq z*8)FUNd7P^b)#?;)wtyn{nGYVcE(PIq7$CF@MzbmRdP+9;Ls03R8~Tezlp|QpPSVB zaEfInXz%P>QBW{PsG5^#$b^HRa^{taCE2Ifb~Pk&I2uJi$-Ba37gvj|dP_)zYua;i zy-@!3CbEdf)d~@w7a3C(4hnyx`KrJr2F}#yB1u1QQc3Yx`Sy9nBM&5(0xw)*mr1jt z%Ek9b{jn4<{C$j~OZ84K^DIEcM-Rn>K5uU6>v4ZW3P>tfY&*MO9+fE;4OI-_VL;-J zND1^JpRm;3gk6>}Pe{Gpj2Jr(O^3C{7Vk*evtMm-1YI6;75+LDryk%TKhP1{9duEq zUA*OwANrQl-Q1Tloh1xj1foMqd4Ab~VxasoQg zWO!9k+N|J3>s&yQ&|q4DdD_aS<~CVW@>G-ne-(VWB5+CSs`C;EoRhxS5Bmz_*TZ#N8|a5Ado& z3dRW3{VEr>^FSQR(M z()UXtllc$s41lLc55?H!%bXg1_9q6~Z*r2^OG`v-FMd3l3!1C|Xs-`F#m3&JKv@tS17L`^_151P&v?*gL9-?`y6OPP8c5dZ7&)H% z#WpD)g57LC>o^(tLqYl$SH$ijp?z-8tR1H{o|FH$l%3qgV|xsT23(gVmgkSyio_!R z8Rv(e74uu0JPB}M*6*8EQI)D7{#UnwsYx2bF&VD9L;WYLES*kBo3C9^b=WY3icI8; zR+03UUlw-CiSdN^P09qkn_n9xPvqfu@nD=}j}xMU58|x)^3jh)|7g<1-Q@w#En6NcJ~PkxJ5hd-p}FW*r%7_sga4TbzF_CPNl!AYaB9Af`Isk(q}J#A^Y z*-x$cREIuV>Saos-ra|S_bC;v8I3cm!jM69Ed9{8`_A4~kc*`ad&&TzL-v8xH=^Ot zFq+ST+UZWSwgjLNpq9WBFhcUzEkf;7r!=FXi5VQkP*dn{<4-?5T<$QCIN~cAdcA7u zY-N2JMuw#AwN0YyG8p+$P2eXGi+>t9Sa}1ZQ<4F@+RU~^@Nl}JTuB}FiMmVgjp-5@ zA2;cx7yUvSTHtKx+@Y5gz-LK3wksT%jM4##bla~yb|M45XOARMS7st|6HCq22Sh3x z3HFhTIp?fX5D}>-6752vvM=9WVwwEhtzWi$%j>draf*enCg1bNyEHmQcQw`ijT>cS zRwUQBoOmfPeiCo%TTup`kElLr;pVFHlei|>L7Bh0^~FDgRURu7Kfki5UY2du_Xqgv zmy8Vw@xZ=RF_&qd7*izes?;&8BpP3UZADP7HLeX*#Qx$ z?0m!b>G!i@6@F!P3aXrl+mB7a_M0_*y=j|D$1_}cE*gkWHO@J6Hb=U;zD?VnGa0QI zw5@`h6B6mn>5F>=D{G=o8wqhNTm^GGCiv=A%*~NtgDPF~I3opz)aNcTzXHXFwq5z7 z-M~bvHgLZ9@|ZFAWg%<@3pkM5D8gJ5K+90`oaX1C(Tc*Lfa{%FzLXU9A;TEDi?ONluT9jc3- z5$ZIQ16vp)_0hEHp>dRtW^gAs{a!vt&hIK-qOv2TBz2V zIn?9Ya`+Hjc-USMn>HUJ!s;q)Tn@6xx>qpUvTTF%l*it)_N_gNoe48g_a{StPf0s9 z?bq6(##gAnM#=e(?>RW*rg&4QChAMXi;+@7RprDH=Dz+qW&K0k+^miK*zp$75-O}7 z5aWx^122)!ZSJK&H9H$k4zw!*2`nsIH01*UwKRGAbBFdMel5?q23P|We)N{};S7L@ zT$v)B5ox#&TMF$ic6@Z4Bf0yyFu+rC6T`+!zg)cEr&r80bmz_$SNnG(&$iQD9iQu@ zOqBmnfwx0dxA7sE2^_llE8;)B)_>YExz5Mn8t{0HgiVym^Pd6AJ9#y^S{d`t{{!gn BH*Np` literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/logo.svg b/2.5/en/assets/images/logo.svg new file mode 100644 index 000000000..ea3b2796b --- /dev/null +++ b/2.5/en/assets/images/logo.svg @@ -0,0 +1,179 @@ + + + +image/svg+xml \ No newline at end of file diff --git a/2.5/en/assets/images/manual-guides/mailcow-bl_wl.png b/2.5/en/assets/images/manual-guides/mailcow-bl_wl.png new file mode 100644 index 0000000000000000000000000000000000000000..94f27fb058c32b5b99c6561c901db9a48901d09f GIT binary patch literal 56090 zcmd?Qbx@n{*C$+oLQ8=F1=?c4+u~Lz6ljXOyQH`~1Sc(&V#P{vYjFwgn&J+{9g0H; z?t#FDet*Ab-glm7|9JPEo!!~JXBd*}mYj30qn~r`5M@Ov{726p-MMoIUq)J7_0An^ z*quA~ym0SfR^+a}O-n`=(Z--G*w0WTe>B)tag9t1U~khqIY3Eo)B} zOK4gCW=q_kEak$eYDP(Ng8TKvX4nySn=?`QrDi`0mN}Q)h3!5Rp>ah%-s?HD;eCDA z78!I>IeGnIr|JgUhanMj%-#V3{(dNB17O|#XX)Pm$0gWH+(YJ$#=ke;nR>?(E(a6A zJ*4Rs{=4!qXtnu}=H`HgNjKUu78E6VwM1xc^UuYEL(r=(=o}mhH8N^xXI(C0!liqy zTsVFl_s@Ci;+w0Xo2we=CI3NCh<>}a6JS*diW;4pqvUV>=jpExZl4_%7UtsO(xdhn zCV+d`C3<}j#?j14@ee*H=i$uVb&v={D{o>Kv6@YH*>cCod1E(%E1A>zSzLR z>?!8>MOGsZ!20{q7N_sui;&X)pNoyL{y;SxcjVOY#pq&U{F!-#@6pipRenW!V*K`c zMLHxDze&K%u+wsU;xApltXXR;0IL=JrU|sLqwuVR_nf$g*I`2L$aAk<@Ias2s6HS| zLl5UKp@n60ouH_jnQ2kZeRvAA1PI@rUV2I_r+(7r8w;V=+_>dw6LuSaDVfTN<97g<`mH0w zlzh=c?zqtFlU&2MLOe9hRFch_?!V^*FZ=m#Sg31+(uI2?f`v+{Me;n+(m%4JhO3AMnP&z0j(Y`XP22@AZ(Ij0v05X&>dYh7gk> zGx#;R^TVdCe8eMn>c1?C>ny-PQDB-Fr%$4n>pXQ8B=JMd*Gl;%jmZ^%;CNz4 zNCk(VTI2O#Sx6tr;i7zhDj!_Z9W^Dgugl84va;<{Yz(XS>u}kV2$C8-ZP`pdn9M;i_nAZ<)#E+@Uf5^ zxm@qlP(+6X);Y`?*ree&!Lx_ zaQc6Fj}LZn{A)X$$$YqnV_d?SL6>{r8__DPe|Z#Lt3+UMW)&!koSAH_@WsDu%QAmW z;ThJ&j#7mX1o>DJ%k_s5h6Rk2+PPb%C6kg!Oq=(8FYNnMfND23x%zE4gjLj&xB-BoAVX^TxW< zX%pBTQ3AIW2DmS2%Hm22Q<+O`ltEK@9G;$((c;0WuNE`Y2r|hnt^YBAcd#`DJ}$(s z?Y(5&maDOkUteBHoL=5|K$Z`uC&3=;$UChF9vGmmes}AX2h!V(kyze3ujcjk9o`l0UhB}gj z7E9AUQp};6^c-A62l{+p2OTZ*C|$*;rivDE7^NLvl0z^1@vJ{#^m+EC$WLHk=ij<_ zyJxr%d82)PzUjkUyHS_apDu0bnRQ1hnuh`fkU-=*dehv><`jlvgJ$kji#npdLs z4dY0>jwjCw;MZGc*QfBSMBRC?@X7K}5pFPGp?>PRWc#wwq$?dA?;vu5p2Vv`woo1M z<8`I+Y^x{xp(jrwljl7Dst~}ePB;Ll2U7o+JAKQFai_Y0|5C6W(?p|ibU@*2=K#qzRCMc^yWx(0MC{+ z`j8Gi@K;=Vn6%@EukS$z`5g99Y4CUQEeFHfd!~qS{qO9A6&yQ8Ut_-hA``o%LOnYu z?D*CVRwum1_usVe*DTa1d-Yb_eRu8xy$7Y?7iO5QG+Z9h@iDz_Z38Gmd*4p5*BM|^ zuXl1G*V?n#pmx5_xw$!->wTP~=Y+A{xY1Ng&**w`PDm36ZD6w6neR|)>t%+^Ga8s5 zsno^XuzMu``;@+1%rq3;z&JhjXvvic_t0^AODVAn^=Q%^bD8bOYCQkBChvF}-Px$_ zCzn!k<@pl#w&Ve;OXZ_CXYdO;nTNdT5YS;ZGyYpRht z-zaiRzFty{NFR_;ary%-LsR)o)wZJscLEyU6{-|tp7lCm^CJ-!NDT?2P1X%^wWnFd z)(v;Y2(h$99Oo+#H_6xne|k)CmNC_4?P{r*fFq{Ig9_)-(Yis=cM=D}*#5$xAnr)b zOnnT;ww%Lv>2dvYrfyjoMCG{bXd3Nbz#j9Naxd%-rrmG5*tY+*w4~j5Xu`2_vdSJS z%hM6EJ$})LPIGrO20>*3ShLvwne_>-RGZN{Tc#CZAx^)1?Z(&9qHli3pP<;Q!~j{} zkGRuF*QFo(s}BmN_9!HiQ-u6?$jLtP@q;oQ9ebGdG}<$B_YZsjv^K=914SuyHE?5r zO8Ne?JS@;7b==pcOfKiW8J^F8_wn!VjjxBb`63|C9Ne{Twp0f~6UJVVWa4<0H?#*O z_7~eOvXGp3$ez4+SnoLq^UpY7&n(Zx!1G@bKb`@qy8^;IQ2x%LU>Pd zuP#seGXbxw>zV7Wu!nuQcB3Y1%H{!gBC zTL}_-*MrS!*a!2=*(q0tqd0^R_u~}hJ^3`DTIQH(p0^a#LC$bZy@aRTre2EiHh9Yp zbuG2PV0{l&*5qdiPvnvUJATGSnDH2Hv{aB}Cw^O~uMu^45Z4WqHvgl|zU_9}H_!52 zWSj=}^uI&9{Kn9cZ^LTB*9EP^?4kSg@6~^_P}HjOlmt#k!$?DLUp1%nAgL!*0HhV& zu1(XyCF+Ba5O+bvgcl*D=L;V_OwMyWx4!AsI0S{@`{Rxt#<~c}ujy-bZo}uEE~

    m`1^@552B%4~SLn;UkubfOf+e;DDcEGVjuM`;&Vu6DVqjSLUIIe*dZ zj<-&mT6h2m0NN~Gs6!@TWh)}?kn|o3vkkD9_i3bjQJaJf$sDjd+$3`6yi-~SuAQGv zQQ~LPWl~afIO~Kl!+^NnOr=Q&E18G>tb^TM+ve#sY;&-@9s%pM3htcY*Py6R5395W zMTK8yr3L`;)_Nwr&U{u>3=V0~ooNe`OnpVL>f|1upJ&mji%nxmtLJ~B6kQfGBXwDE}kITk1>%OAM#v$5w#m_uW!l)lQ_^1Xh$ig)E2rV3(sm|VR}5JHLi)u>(N zCcja7m=B}rR{r$mSB1&*nzpgk9Y&>yxFWfR5v~#iOpQ_F#huvvevTeI^BULr(zu3o z13Z5gz%?#uKzV6Ya@HL|1>S0&((iE?M15}y`f&n^+J*Ak4UVnxNS%rvY(`KCrPo_l zF%ah9G^H*Nz;}g@J0;4dR;Q!Mn~$b4hxB3TWFutSWo{)a82>Ac(MCOX-12XIE9a#h z0X;NGeJk-5+6SQ5A5-~kkhO)t?q;4-4a8N4y^|Fez_$abt1!V^xeG~%>`I#&UI0a9 zBkDG|6LU{ijMab8a&jR;2tK1K-Xpl2n;5?~(YVg*m-K^nw_ z*domZg5**v2R3BdzKRn=xSnH(9yD=&SoVu>@cUi}dVg{HV3XvsD~AHkDN^g}ndM$` zZP}H%xGCaVcW_ijp_xF2Mw2i2a-J1N8~OrIVoN^#m5&q_=$>Z{FTd}p@);QFmOFQu z3P#7t8(#RmpXgTzM?#kiBZJS{4>?lmNL>`R9)L{Qkpia0qia$NQ(c6;7GRHMjQ_3uJ*P(_QCx$TI%tsKFjVZ4xYVJ5} z%^Yl+EWU9a=Gbvs+i%H@p+6B4Xg<_F`?b0g+~=WzvlC53$OH!TL3hR})~g)FkcAI5 z2NlwvZJw$(DeokYYxhvak@_t0)7RgfJFC{V(QSBAoLmt2uv)4gLv=nQ(+0NuLSetXzXF9Z?Mf_JT*PAxEd zbNL+tb1sY-;J(`Dy z9}vI!PeZ;ZUVH4G29Za0XKlyUh_;(4oGdp>LEhG%jfZLF1VvF@ zir4#Eh%XiaYZ_KU_WYnjT5CxiLgoX0<^2A@zB4j1_CCB$a`wWeq{tapmkEy4LM_GP zGvtW{-+b)O8%{wLr!<05F4Y1t)(eup9j#=1zk z>+u2O3=l#Ucbqg{UrPvbiub2=N5R}(~P{O~hp z&ry2pbn``QT>Y;CSQ#58hx{cQLNFDF=a034b&!jtB3iR6WH;{v)jO@D_Xi?0dVhSY ztYU+{651TRXZ_ZvsjGw?z61V3Bj5A_H5E?t8QV=^go3JGJBc_IRdS)ly#x&2oKw;j z6CL}t*SR+EYD%Y~Gs2q_*Lm-BH4NfND{kO*a{ZoJT);+s#CK(!A{_7hP`fLFDw-dW ziw%Ofe&u6oRZe^XeOLm|^rJY7nSbPu8!gILGAEehlJVikU8C)I@}8X#)EJFpG%=RS z3Q_Z^n9Evm-bdS}D}EJ%T)(GJ7nhP_SKjt_k^dty28%!;aR<7)o0Y!DD0JYd7&>w~} zBR!;C_q%yz!}UyBRmrteH7A@fh9(Z6DrFqqD?A$SGzxtkhI$HC_aeWhA)mWg>!!|QROos}8QA}A zf?Z-vf#1H64sL#znR4rLAUf5ltN2^T+R3%a%J5rzlIOH;pT@1ss4(T-I}DC9>kNuY zV8P#Tp0ofv)cVe?hQ%FMNwEJY*63$y#S_<0ti|LrgoBjR@Gc%6vlkCRQK*i(^p9ui9I)<{II>zC9(^AfTz zp{B=-TP_R(8#2@|BSzOH{l&qd(6{U3eTJrQV2bI_knZrCBy6VF*i`rT6HG@q5gU4yinQtg(-vfu)StSY&OZlk3LlU1g%9!!yCTL81ObiucET}9(;mqN3p3|MdV-sy+K{d?9pb0xgR z0BU){UJA*2aD&H+nr{u%6XwK6J$0c#gk^>N>Z7~Je=rH?5_Zs)`55JV@>_KXD z7|p`ONygO|ZJAQHkulWTIo_K);)Ez=6ZX{sOYX7qQJBs^YsHaX(4hXyp)JH|F^t8$ zi>~0?Z$l73M)KA;ST{-xUqs?KwhfqY>~j5b*|?#s(c2AUMKT6@ zE;VhuR9HGMj(4Y)(3vi|ozYU&(g4$og;l&|{{j(3LxW-8v+~$l7xFdoer%-|Hpj;= zTFTD2h}kRY*bA#20a#lTTpSa}u1_`S<=^NZ>~LB;b`?i=%JUnO1RNF<)qL9Tkq*+< z@Pu)Z2J5yFGHtBVCP*sH+n*YELn7;Hie#yt{nTCr2K#O(rcynA6bwr%*y3!+nwiR) z&Qv4UCPiR&<+egD-66($sBa~Wu=s^KBmzaj!_u)i?Cgk0G8d8s8JbsyChE#D`t)|n zq(ouo9Xiz51qakGbbX|Myw+PXhSU4rkf{jj_GIumA6J3Uk}*sZ2LzipOm&mDfDL=C z2PTnwcJUh~RLaGaa=J-3L$gF$azm8`?oLpMl^0)<-~0?wiMQ|L)=6*X*Cr47@)wh1UDGZ3%64YR|vUNvY-Y193BIER}RwGy9$CR@MW6 zgno?4tIP|WR`fwxJ5yV{GsT!K`Xos3Pf2gvhYj*q3Q9brAHcxYWIfI0myHlSo*TpqI-7N7FaUhhOO0+^ z%4dnOc;KD>)LHGFjRC;)=e|MHERDRsTBy)9|1hKlKl%JM54GmFG~!M(Up9Jqt=&%Vyw=r%iHP_I zb~@nI3R^R=Bz!&|0r?6kPX!c?6~R}Pd(#W+gw_Fx}L#rMaU zE3~?T_?_rAnZR{w*@`<& z{DI~0%K+xF%9KcvQ(bi$ekZ$`xmc}+ld-f&pOX+Yz1oD?&7%O|@=CrI{3u~MeUCEf zNNWaX>-)pmo>Szoi(ClInLw#o0mlaXk+E0xm;y%D3Aj-`*-vie`2k z-O9)!8C(DBkxCZ^NV)~3?6QHly50ZAzJ_NSYkkeZ9~kaUboyO#vI?YbBY z)CBg+-jKa&t$$(nKS(k7^X>7`?$f_I7gJ>a$1P!map?UIn;uO5rOsdfM~4Caho=bs zZ@;mX?6H4;>U@n!SA?&{M*p@pVNOtEYNSWW_4+4IlcF5L5d1v>UOPi}4lND{)T|4G z70J(I(EI)03WRwi7dY!{URF64#D?bVi|EY=sfHt0I!r;XWJh+JT=njD;l(V~e!j4@ zFr73-1RYi^fLVj#$po06^i=h;S)AP-Z^Fd}i6}d~b^o?21X{T8hHxOAJ^Sc{pMZr;2l$DHxw%=_Dn4t#nV7XjWENAu)P~``cmzgU#3s z&92>C_N5*QFR{#%YixjQFc8<_+}PBgsj*NmESgA9q0`j-Bn;L7gw10L?lrZvO)QVx z-t{U6uXo2<&8Jl*J5yygtmo4^Jl^f@&8Gzs5xg{5AR$5p?mJ4CFyl0a+>D@-O#$Jzf`{N^mpNKdV!nq#SMcY%bU2z zll8`Lv#6XgKsN%*`poLmm~N?pDf`VcsODjEPG_Kx@oVmMFaH8EiFYx%; z2~Kyp!b1F7(-vAQk826fEGfrZxoksMg!9H zJG7`rS;op@rPAy2F4<+R0jn*?zf6|#%e3Z21)Nudn!F+TmeO6?Ixq$^OyvLds{O$& z`V0C(i+Y|K8Vu|X$S0>J!eA0p3kzb)jY#)9)D#Jjbw{|br! zeC>U}Ra_G7wT-B4{|7qZTHjgJmm~ubx;YGjj+o)XEx$^p=dM?#+5PDdbGp+?HFzPX_U|uVScn9{JkPgWSOeo=Mn^bw-UB++hUc)crXzasZj=2cK_a;9l)HDZ7B7_1aYwPcWrQXHY`5)t>G3!az~v?^ zkxV@B4dk^K18P_Q=$*c=dw+B1X2fTK)`9?_7nT&v%YmK^x4hBkl6*0i{zJ#X)mpQd z#r#s0ED|$c^>G~I*pw|lSlJ&+@Tq7m15~V<-(Gb7Txd#53&}GEX zm{p@6%1@jLlxkey&nZ&Iy&dftsj>pJ_b(m<^xz0a{CP{zIp@Ptk8S>~6qU*?`+~qSYMDF~Du0IpOU-fP~G`Z{e z0|v0^XrK_a=koaC-0uKTnt<7j4}GA}9T@}vi^El$rZg|=fz0sS*}rbvpy2^1F2^)} z&89@LkW;D@=SKjZXhKR{OxAe=31X1n<1!KY&DY zbEu)Tn7Na8^$>jj^T-ageY!wX5Y#|L?UT<=Ao(iyiKk5Xlwuo3QP$&9QXirz%+^3r zzsW|uG2=QPu$KdXRyA#TI3t0Iz3Y169b|{j3rDF3^pf|P&&Gx6_*KUep7;ar++nbq z1qO?pL3eC2(v8;Nx#jtVppN(M4JCx_@$wR34WCU0o89BzX2^7pGveZFTP6 zsJ2d&sy{GYQOOtaMJ3L@@H#Z{o@Vgut!cdC0!87}oV4c&H4i`CdbasA!D4ZS*$gVE z@pBmJ!C53}ihSJfQNMp+H*bY|B9DQcx?`uDV#a{ot;n(PH#Ou=N|9LkH_uHwv&0n} zG4lwOr}+K}Rv-+nKcg)0U|IBqq7On5mk!2=OIOb*)l9oMcM*SS`1I{q!&w7%MI|5O zCI1x;5}obU2Gw@(0*DW=mH!PYggwtRpuf=xNhGUfpSC1(nIL~1`eud87`=0#)M@y< zb;{=es{0#R$n;wHi12CTq8k|rp5Hlw#QF%50XvFAo}1=EM< z=UBrW63khbIL?NrVwdUX1#`wG_^knplqy6?sbF73AiXGZ{>b+qPwoUTwL(P+HVA=2 z>(7-YpI{N)wxc3;DMAQF@nR;rBLkG3N8fd5^)%7fx$5#bcmgB$!@1*UW!ESZFPe*jvs5t)5y#1waj5aa z`9*YTmnu&b&MY*T46T&HOxR{D9uX)e zRf2~OlQh>XpYf;0ohq(#^nDX3`(VhfHRxu>Jsm$tY9ZUvW4zYvNikCJTs7CpWwr^| z>I5_Ey;?nCo+-4sZMsGt8tbAI7Ur*Sg_&k?c?D)Ql-j63x5fAJL2o7*SH2BK+6T_m zMu;bmrN+52s9ru~;h3HM_==Pm6m_TON75Jjp%#}(Oiz-eLy3G~R$DY*!$acr{__ET zw&HQthVs-QLNfb0G|Yq0D2U!}Dlx;2JhpJeo*wjSMd?AqR#jg{4Er&EG4%7L)&uUu z2%=~43Nq~<0OGH$S-Q8zPYl|3J#B1r9{R&9`f8mfXt((bF?`+wMP0b-))oyo@Zn=R zZB;gQI8A1nK0jZGMWt~%y1D3+=J{+2Ui=NrFn|i4> zb*p2NnxEV%NANnPNvINchlkrT#7Wl&yzSUtfvrh6LPn=QsNg@)iT^4mC|aCDuhQT= zrMHdkqc@T2hLp}q!`0NSo^A6o^}VO@ioqY)^Li-X;z+irmBK!-N(md3^1hr`sL`7~ zIaR?YM|&u&SHr3S*zN4Z8MF1Y*~)N>=9Ty2%eC}A57B1Ty+*ACB{g?6H_y+?ptYsVT%Lj{zMQoFy zVg`ef2#E?!_QsL;dB(+~a^E(InlsBC=;Wt^k@s9&xW;x~TGe~vP7Bl%m#ZGxnu9dE zBV94RezgM3a205-$;}_}4pxqV*u#=zx7`VfJ!L)qbO!2X8>?nlqf&}F8(7mc&Nl_bkVfl-+x5&xE)-R*{TAg7v^Rc5e8`*1iA&2h#+8$mwG(o{Nba)*pTN>fNy;VS1(dKKVd;~%1*Ln zLGf|ui|#N=7JRcF8Vye>WGcgV7NM1~=j!t+#v^rQhk+v=zIU_F&RGsa7n`fe$I#p= ze0iFQ7y(Z#LaLRXygmv6fNd$A0zqVBg9l1Qt(4l(mgfVPd%BF8qn)Y%#1WK}%@-?wJAa1$ z5nBB#%WR@~Q7*x0O>HRdgL7G$1c^XWTgvSZ@UMhAOZ=dwWx}Fz*|E`2&#tkvk zqyB#Gov$gF9nV$Ap*1T)6~a^@Qbu3asLp2abQfA(QARtATZ zj8;LWc;P-gVHvA#*RpF-G*WqN_)4AF8l2(?U}&U(47lmd z#O{=$^R-7SaPTS)gecQx-yd0ojz39otIL}MUYpI?R^HJek(-VMX!Jvu$%1jK$GMo@ZHW6*i^|3JM=x4pRmSTPPZB;*gFp8 zI8J%-#6p(w;6ymFKTTieCir=}5kgO=YIr~%BqiU6-Eige}J#`rY)?T|q>$b6!MX96#u-FuywzWOcW2Nddf9u(p zov3=Cs#t6TcS{;NKHc3z3TY^>_^st8<`PmPccXCfFcTqv_F>>EvJwLGGs1Odxiz6! zou+E9Wj?Us9{5@RDS;s%U!`b{b+vw{s+%UIW65K_&YzO=bu_fDYc_^-qr)pUnJPN{ zjB?aFfd+Y6?!CHUu4m2vAY!fD&;tIp`2CjJf&F_y^`lGS*tG1!t_tJ8HXKyvIQG)A zyrPek{ib;xEBEs8yG5hz4;|0bsMz&MJb9gV8O!9R=f1}JI^S6I(S+HB6TTJwEg%SX zotRv8=kZ2Ka%{CY2bhbd<_svmWF^~0suxL#HN6YX6d}4&W=Lh1J0#cbspr0M)z@Et zRDV+@z(aXp2H#I8f;xC;XQkz^M96*Ta>7bQXTIXcTM5F!E07}I#F%|yZGBACV0bJC zTWF=m)>}?mn=)zhaU!R^>%0_Ft^8;$%UGA8(A~@zcVZD;5~+QDrNHVb0pdpiuksA$ zg{jJ)^kn$$O3^hHC8brKc&Sa$BcfSfSrGQ>I{o?6GVixSmY4QWb26%)uXy-6YkaYm zE_#l&n@uFXZ|AJhLgLL!#m3xwMj^AZ1#p6Cr2FpP4l>Rr?ip>&%=XQ23&AvQn7cgv z9CZ2yf-Eln;hL|SL|Rm1<)@*>bO;|dQ?fL@r%u-HUi7WkdgR$aimmC68l!ckQi@Ic zJr(r1wDW3FL`i;klD+nf{tqkFF=>D(FQq;Z^VU%;B=>(DavP)roPlv`7p7O;Vf1O28hQ~!@FMMxE0D=j#Z`HwB;bY z$1l%b5jA}}gNY!DRGgMJZXg!epwEt;8u(r-wrqKN=JE|>=|+cp2@xhg63I-rt@yAq zc>50Iu07wUGI$N?^l19Z!G4w*1l7|t47-zWf2;Z6`nV9sG*7{z9zibZHJT{j71DXP zz$NX3rA!Vjvd({8$X=439%EAn<1uUA7j{ymWPM$pr|F}UMy?>)PmXFQXhQmkyujf* zpH*$3En!4{i~UZ(JxZ^pl&!Q%%W8O0Ca|WxbFFHopE7uo_o(Xruz`%0>qJ9h;d7wH z(6;&`xeU)&n&M%ai2^Voz_lQm|(zb=!i5lETjOxoG zXgY?a;HrpJf&;|a6os1T5K2V{)S1-Htx1Bo)qS0~`^ZHg$p*#7+loGdIGWVmUB4yr z1xNlwzE+7Fi+ZSrHVF%-|H--Ok2>~P;isABaA>E}ADnPQ%_=0mim|8Zqi%?{bi>bA zTe-@TE`%RQ&~;mp$$Q%9zmR=78(IRtTQE%?o6$^N74zvmaoU^gmYMN&x%e63+zV2+ zrm12J#djg$^6%8SDh^*X!C$4bhZPP6JTG8Ce6VaHQ>mW4^zQ`!*LQog?j)tj|l z{DXH*pt&`LC4TQ8@^XM6b>SR4;d6-%+(56UQ|tn@pDFcBHxY_HHOxf}5QY&%K8uqE z5u?tyKdCE2D2JXI{q?@u)XVf4C25vf)DQnp0T85gyQ%Le)x)1&eBfFg9rXqkPdR;n z3=`wHy>z|7VJ0<7+D$&|X#XAk)>z{E=B@ak&#^;b;yQ)|YO4<)3wphb-YtHq767LS z7`&LBHp(+~eN+*xud!naV99AXji5>mnGJXuJq{-d8{{;KoBtHacB1W8XPb zSWUm2Vt-~d*Hasm~Snm@q#|%l<}dyI{V;I^UD>&lbv4tj+)AW zy;62R#Y^+g?gDROH6c0L-k)^R!+Iwy+knBlYun}$5LI*mi=OIHO=IMI-#}iC0$u$; zRKbzotHK4x_W<#0Nkq^u{BdhIj9qYrM?N+H*@9QGL=^JVTsKywW)!ym5~;$+S-?@O z8`n*yTr?+a=teL~7@(Y9A4E@B7p<@Q!;CPh?@|bkI<&6(gLtg#;E$guVNOH09r@N` ztR@@MR_y%VSTL{fyD-iXKSfbUj$iP;R|IK**yi}ty-tpe&?IfpJa4gJGdJgfXRn!? z!1h}A$e%z>?UZ!G&;8!L)mle(c!p zj)60d@ulEI@oR&6bw3?9H7i$W3`OF{Jk6Qj%=7Xj56Q4c8TpbwdPLG?Ls7H|2ekaq)?gJbI$65iqCDANaA7u(gZ-D?)3B zCd_24VcvJH)TjhWky2;TEMr02>n2W=piYr~)cyQ##4SzsHQDMK+gDGMrK~LWy+Gp} zMa0F$)D#zVql?W=yq`3vlD5qmSaVLT$LAkcG21jqI({D7vbQT|?;2^qy!Y|CCMXI* zP&FIZUO=Vuv(j-#jzMi`X=k^}-b2R9DtW<(|N9@@9Y<@HC&l_@n40|sr)JS(^|II$ zJlzbc03cnH>89Km2`OnIb77;C3i^(j+wRHbl6Yld_LUGVZU(nND7)&zXH0t{v2FgV zO>4}LDl{cDwkwmZst8ra(rUde1=zwAcEp}kefga;f0&EiyZzqmHcN>~U7rxJT3d6= z$K?Ms9?cb_bHz-F9Q7<*FyG)Qi=!NPQ63*dZrh>0)45I^v!T|_K4Sw^hXpL~!r|e8 zpci2z|DeA$iAsOOxc%Cio#x?s&8Gt!4K#(cw(A5Aj~3eh`FJ-9$E>Jjk<0hIOlpTY z=SJwOpi6?c(G^~`vdR39Q%>V;+UUe=Y*E=4S_f{-?5X!z+(U!1=oYX4K&HjdKb@8$ zT>Z}9DdpDXYvfxf+m<=ClYQyVD0cp7I8R(nT@3!&_O)QpX<{U528Y;F88Pq~Wy8RW zr_z;NUo?fHcv9@HD5V@Dq+IevreVf*D^&hb>>z@3{F8Wytnfx2K68h0Z^2B^3xqWN z$lEA_kTKE*$_e|tUG8jnZ7lyz%Q8CB8NH(Q(= z4y5v)fp2}DFidi8`)PZ_0Z|37p!ap@yt@=0kFnFlL89Z z>tUCAO8w*>dXwvwkYPVJ&3PNIp}WI6H2wM(><^L!U$n@YR+;#V_(1P+T$)okVT$xv&894f;)F9X6 zMS*)p+qiXUfRKH6u69@P+>7j6n5NE!`tAbx@TT^GiL#$&!5|N%ai@ z8!PFZ`yp>%oS45yYY-;~=B+5q#}O67K}%lolvpy;8t+}FMfi(T=LbZ!pyc=0lg&5o2H`8pD$Z`p-N%i5 zg$o5YNvYM&EnlxUpQgRsB5Skaj4#NpxNi_%n3*RNJ$KKrcOF zuncS_np9R#0g#oZc@%#soGYDMS*ft+sBZmq7!)<79?B|O_NMvp9{sgqUhM9~3ZZpC zr5QlH28q77GRloCzC1?9KZ3-PWDu9BY#%R%m+!`D$wbFK zx#!wqC0WM%y+dh$(E}bEaaVZsnjGq5h= zzQ~trz3UTH$*F^%K5KByXXF+CUTrPs)fLs89h+($R67-$UaM`{bTQH|b9xg9GSmF= zfmfB)ZhHwu>XfjAptQlq&o@{}DuAm<(ADV#3oeY=y+LC9xmu|eAIb0z&G88;!!2_ z7q_AOig(6F(w28LJT+Is$5SE(i}rS3vSzH>D4IOo4P%BdXsWxbq8LvaRiqcluN|6Or|4k}ms2;}7yf@*$a+fDN=b+g6`COFaaaxql4~NL{ z>F8&@TaovULfVVp3fQI8T`JWJ^`8UCw^apXG>jCRsLUDXzfQ$SoIhR= z0Gx0u`>sxrJ!AN0@j1cj=V(DdQJwvliiDZMcV$)>tfjSJM^;EhQe&rcP1~B3AXr;Z z7hMkjrd?$sw4_qSq4Fm~b*Onbp^Py*+s-S zfqd_K82R9q)ILhjT~6+!V29)&o@IQ~cjvY8?TEtY!B750h7ZCrbPU>M&9PUpvQ{w&3Cxk9*; z1YNdHu)xBx9X2n*;TL9-)T-fCRy=zQ*go?~+S95YNl7>M)U?oNtE8-_p&FVoLzV^I zZ^9!D?V9iybGssuQI|qAxSEJ+K@o)+(2tYfW5|_tO_0T>)mFgbotZTqG_|F0NlU(R zG~;6Fb1@BL%sXeHKiEH)QH8{gr>=^~h=Kh+@3GH-Zxz#R7HS)&sWVOEOjzBl^DPX@-u z{ya^SiW1`pVI8hynAZ>gLm}<9oms0MHDpZ0slroA7&PtNil{}o3iK{lt+;mIaJ^DM zR_dk)QT5gZg&A* zQ=7Tks1rzeZ|OVbs5ffH4NRzd>Wj$sLLI+*Eo(Wz;f+(F=cU)kPBnC@HwkrggTBao z=0rBlu-5m;^O?mGxhae%6?IoPs#awidLo%VWPS$mVqq((pJh|k5Q#3#qCQ}uIn=$$ zpr*{Do@9V{(A~%?1s%O(682LP9#zS{`BOo)B(?fQjb4OGw$0$M$2vQ*&=@+FDX9>n z?wbqO5&>IRmn$bW<)rOtK<(!mQ%2y|?W}d_%%}#%JcHVpy?8>OSA&|?vB{`sS}G<2 zfx)nJs`>4ZaRUCEV11$J@iM%VHgX+S6Uw`aPqovvzW?e7L4|O)o7TYHYAQeHQSA#t zT@^)g( zl5UVzLb@3`q?uvpPL&Snp-Z|!fuZBv_&n>p>v#Tp&pQ0cA{N|x@B6y;_q#uvaGk01 z*q!d0-Hx72(4$nZ^jCk&^u!Dk=RyrmWmk8c>PwJ?`I*_S)Pk?O{t?hw)9f^!ozN!Y zIV|WklxS zl}c6Hv18>4cOu(gnwuHdcOXi*@0uwgAkmiY5F1hH8XtMTiHlN|agsYVQFfTJL8l60 zUt&E1<@)kMPgl*3Y`;S1$8cdyJFfn0;JUW(P{ple^*NW7xQzI^)amaT6QDzTtp#oB zjFz+(cB3upm&0YNe3R4vc^-VBD2ZBA7!9$?m%d&WR96=%&5niCy}_2Z>WG#EP4X_p z;gUb7e8j_%4%SCYh-Vh0EfEGKa9g7cosfL5N*901>NgfvsaJ<66eDm#Q`_f-Xr@lW z*9jC=2D*EOI@j)d00o&p$uLZyjuApJ-pwsR*=GbL5-tmoL0w3L(x&vvG5EgLApb(! zYlYJG=&i3be_y{kmv66Czrky467P%os`&M*wV~Y#om!d%m#`Hl3eBp3a&onY3SW1Y zXwMP&Dgo4*Hmj!UcXH|XBtS9G6Q*2-`PJL4eAE}+`RGhb2sYZRZLK8~`JZy^x({sF^8prrz1-pz}9~sEpYg7Sy52xzMAgw&JcQws!ZfFLck2F~f zUygXM?;q@l>chh>n~#p}wWpCQ(^JFJuGzb8wB{=2QnR-A@cH;!vYED@ec`iq{<;VD z(P2xAH_5nWE28f7{?7PfriN)#M-&+Ve^(-XRbTwEOPl~RFb@$TP!gY_vVSOi=Pz1uD_pS zZmu8h+kFY(E=NoF1gd?L%wH^b5R*aX zP{U^k?T~j1FG!r2=1Lp+7;UB;Hpb#Hr-FgH(prrRaoZvJo?<8h9_DlZV@IZn>RmRM zYM%NSGJzJgL09`$GU?RFb28KRCZiol26Y(|m^$BlL47=UoCn66Ab<};A@RP$KLp73 zkw4>aE%A>Yw{)Blkg8{JA~KYfyIAuJh}8m8p?}JqJgfoXQ1+(s`U3j%rqBnNL}yh7N5t0`SmRr)n4e5IR|&ejpWKPCDX58H<#(+b!{aINE=!rHRw* zY8N>@XZ+wBzn8^hYHI24R(({m=iNVER4*??D&>PoCZ5%IAO}*JDV*LZ%Fmf zYeur@#XjQG5e1S5HM~xhTDrxG*L)@7RPXAWY^`^`ehcCM6J;+gM5-}eT1dS_%d>#( z@b3P*osZYY2DM!TeeWc%f6q?lc~qflRJPGR*A*TJoS28?X5BSw4<=h$SX$B#wI=%Z zTB0?P8lROE*mSL|6=%p;XhcrVy9%~Q;XQs>(Wg%d@t}0SSC=X6vm+M!CdWkzupZ2& zr7BF!EpR*L=*_9uTMuCmY!kIa7hxRLQ|zREwwIpP%TdWLI*S>y4nXnVV0x+_F{LD?!qqtpqdlG_L$PzEmF>$jab$uugAtAcm0(+U{zzg3Hzm2TR;XlEh;B8_N{w zuf`fz6k&YY2&6^GnORj)|7Azg*`uV4LA%&foPb{{C*F%c`@pwG7Xb0$IC(u#y-m<_+_3H&$94F>CXs^YF$YD_PupEBk&y^ybGFZ1$mOGcIpwrELe_rC&4iPpqz} zdS3|^10aWYchTO3Dm%%n90ufnChNbvdAg$8lbbzV9mlqCIf;2yGu2Pkt8>}{~Yq}pAoDbriGo$7XbI-lr)=^hdB^SYo-vGDs1TJ7Ah z#EXF5v8-va`2(?7z`fGqE_#h3vVFjt@6mL=_=;mO1i za53Odu|suu2qB)R-r$a16mq`=MW1hNUm3`3^f~P=r0JDi={0C8?i1On;wa4kHkDBz z*h=3%t)eAs%F@Wo%}YHp)g423`IFxQeic%O6M#??&#LfZOO~3shlAO`m_VU7;Imm!*J1%)iUSAgWPbz% zvMGNpMTULRR`6fzf9XfX>;SIc6`YhwFYT{ z1Pw|QBPq7tHP^Gu-H*bzsWlD(<_Vj7XGk+x$L#6}16k4A)cBP|2+O9MdgyRAWk!Xv zlk%vC?rSEIICC8&Z&S0TZ4Lf-HQwRej2)W>i{Y#H$L*mt0&jIPxF{vH(m1mIXtb61 z`xHWIl)aau5eN%t`;T$vyO;|yMS%?SR3~fCi|xg>(Nvx5EZw9H1(GLMrZK&fL3tm2Xd~o@zl^eY(6Bej_q6;vFy7qE>dcg5rp4K0 zTvJR)y}9U~LERELHM!x)PjYgM~-Xf46G zoi1G|x-iI$YzwWfI8B_LK zIzb=ZN!cSk-^+s$wnT)#!wg#5c5BA`qSTz)7XIYzb|lqz{5iHr`v(&18g9#&+qsyFh5+()6{PKq?M>=#lKpZYk$mjCuSFOSd(VIHfO?r?<$?J zUFY3EtMf=0PrBlVY*;N!tgK(z_~&3=ei_I)wQ^%ywONzUysB~*R7L3ad`YjxnJ?kO zfVz-xQr_Wo*W#yY555Rf$v)2%UjqhBwH9j~h$V9j>tsVB`KA3kcO3;MqPOQmwyv{t zWG`xEoipWxo4nAIdHb5)$%rkKuv?ongekz7N?Y(1S=pivvZqFY<}1+!%CS$SA*-s4 za4niBe&}P#s0F}#>6#TU^=XpHcm=e3R}Rw<&>VNeY?Jl&b*E7+kC|p)TT$(dPaJyD`-5P>cj2irYX-aiYwN@*>hld4 z4SLe7!&DCtpvHN<0M-^Hqv7rJn^WWO#ip00KnmWpW_n)@qFLgEFIc-qmIf4bcQ#4n zO_00BiH-NqP>jy8>!si8{u2V#sK4RXnfJa2PNq(2hM}8cjXltzVBtADac^h)V2fW3 zw;7ZnBHTJ|bnMhmWijZ%*z8-}#RFdz z>kdJtFAlf^m9U5Lu_ysY4N2Sk*?NX_BG2Xez$mmgeUV$_{U|SkVU~+98v@N8&8)v6 zZzick_V!4&S>r3;`hBXPnj~)BECWh^b!#9Ay*#BR3ojPGCn1W}L*DJJ=j!(cz663P z6;3;cqyet3_U$ii9T28)!SJgpAFl;|HBdiga(Hq#Miym7dB4x`#f|czjJ!a2r}$B9 zw0P90U1Uw7sjkp)wIB^37%N3yFE8{5_dcJHsrf!tF4@)oOs%?9XG5n&AZ3B$Rg(IJ zviYgHG7nl*epMGQtNp9~HQ%aw4+qQdFsx1N@G84ZKHm$x%LctJr)Qi4U z)mCZlIHUvoG+1DAn3*i7*hMCfc?R?sx2wgaobeG)Nzgpg3CupXgM%7gf&N~()6Lqy zbA}D{Yeykm7|)?IqgSt~b7z)WlbiK&uqoWP3^K+hC|lJOxXD+&Iz%R~&6*{Yz>6v@Hr2#6nHzs?Jx;RP;>D&3-dB%n z7j^%e{MyyF3#pgeHf0|*V4;21b5dZmm5-<=Ti~Om2<>0Fx4;zHEETAKlGz)CB_^-K zPn#*C@;~8uJ5vt0vaW&}n;XC94Ujk+W5tex~%9%4yoE znfVn3WfQy>_Y~u&*Jiw#O$gHrZp(fdUXc==E*8|&uM{C<9 zkg9LVyav0|i^h*EW?VO??v&Dyv~KRLLWCD?2P~?cGZ%jl*_5nnK!$&@Yvsg-=y=ZV zyU71F-^F0B9r`uC8dXW%^ze8!l$nl8|MZ*8O=C9luaxM!xJ@iyzVicCrDH8W2kW}BsM)O)I0lL6px8V+)#`hC?lTL%hI+DCEx%N%HshG0 z%Yf`Uwr?f_v9z%=OWrVM0K;4>v$e7d$M_RuTy)eU5tvVtH;o46=Y+wH8KLo*Y3HTc z>4L_~^J+>VE|LIor2*PH)b}m){&@NAWp94T9eu*2*+ii^QY8x;sb@4 z6iq~J0jZKX{kVYlv)BQtm@i$9?#oKI&CKGXw@xEX3FdS!+6J!m%5NbaJ;hwnm#D?N zsLn7p`uh~A2~~{5voBjONW1AuwCh7gi0n7DKPzz`YrKt2yEn*y^>gMm;x`xV)*|>8 zN-j-K`PW^yV@ohI+V+Li{bhK#`^+s)gA|PftKklPHP-ZCI`H~nB|}zP!HDu#m44K| zG%xmFjNEEI5hLcA^a$BuM!et|yEvMv>FrT%B0ckZjWshZT0S_Vx}=g-9}wg;B|lk* zV6-EGZo$n<0_YhL9JQ9G{Pu%&dbpBNwb(Tr%y2vUX2{G8$plkzHE+>@#Ei>Zf39sT z6JE4D3~2v(0*ZG+;1O>lAqE-73Lz`l^%Vx))c9KUql|ow-90C7e)o=2;sd8);T>8A z`3f&Q-4g-={-b%SJTB!d9dW6pea4qjObvQ!hb4P|2u9f6GQUB~Y+vJiQ_Zvisvn~Y zoo&h#9rbc0uy-aSeR{m9m^F872~eTu9L0{~@QpfOGDwcC){stR;ES zTMihhX}eK-&%kT81zzAuiL=e?<+RI})`^Akc}Nn|f`#&> zFEp1$<F>Ui)Kay{rbP6s3^Ce~3rOu$_CyALgIR#`7T3rzpTq;@ln%tWy2_jZ+< zPRzEkvVe4QaqI5`qk5Xu729j{vVLjE2VeOuAETf__Qsu)nI1@NjCf7*IBg>-AOPW< z%;}0vu=3sS3qNiCMp^1q$yk^~s=AP$gN5vLl}^~LDoT{Q;T6Lh&t^1%2&s;cH;;t|88ch+9bK~cE4ctYpZCF_gty^zDmA$9TyKuAz>yc!nn-ZLwd+EzYAt4Gj^(f32s>z zNk`9hSNXnuA9Xv2jB4h5$Qn$b^}}X&1_HF}k34pGyY=`zsu=2qa^g=KZ4{WN(%@Q3E4+A3L`reN1@QMFI_80~eg`9k?~Pc+_i|w^oH)Bq~{rMnyU* zUSlchTPQtaRi}KMl>XT&YP4Vi-J2nS<fA=_{WRh*OgcL(Y+E$4g&hYKhO^7 zA+rxK;t71^AQj2+Z*vg2-z+26_mb z9@5)8hji%2s{@=72&ikEl;ceRl~dU3##z<-Iwr~)1M+zXqBJ4?AEA{a>;WTFZO!_L z)pbN(+dd0z2rW<7?lS}>Z44yj-R!)c^i*7!gMK1(JEl~LJT3X%v8ab+Gd>{7ORVCm z3|=#)2p-}lwNIXqx$7=brgq+{LZG3t&FA%=S{A!VO4}L}V+|N;J~^K12e-~?uH(s& zP|)T6&*&m``@G|DhwXBeomtnWI-VAvV=r%Q)m)@L_C03m)^dX?Os9y=9iJpl;G5x>1 zcp8w;lci%82BnE;y8YQ`5Y~>>dBTERsw5IRazv)92@+TOm_<+Du*EIni zJuV%=9Plu1U8|An9aR$=9ygC0E(j^G58(#st?@C=XeIy`^lB7WtP;4CL1tj`LQ!P4 zgAMWJXJw9<>X)Bx@SjTLkD)2O)&yTBngoe)*)Lhz$h*n)3oXx16oPe)aye;k98I1W z2A|I7?7)wO>^3Vm53;8F(vPGD)JuKjeR9(|(Jzf|RDiKbdx2@>eaQf#Pg z(HpF#Ap&pFc1ExbVf`+0tv?zXafe1!y9mW!B<4tGQP${wx$sy6Zg`(k7AhKa75UAd z_(hLrBm@EP#Z-Cn3cH}RNg}8vo7)-4z6VDx3WyyV4@Bp?SDNTdq=~UdJ9$68@Yz{; zB@~o>JAF>VfYB1#$ec+TQE>~Ipvun{d=D0S-25AM^ro05-yRf)80xSFxWc05<@tXj z1+&wjk5^pbG;{SGv=iupqxdZ6^39m`?oYP^hwTR4h~||_6d(!PEDjIGfzYArKOmN7 zja3!l7JOQj`$SZd!lCC6y1vsd?*PT_g%0%5749cH4BS~(eH7`2EY@YUNLKgG`xoD2 zABoid=d#l6B0p}D?jPO}N9vPUd&YtC^*@Rrm-!j&0L}MbJ zD#sc<4trig3f{fz#tFTo@V7gx3t3KZ_H7=GlJHrMfeVTaZP+SIgmtWFwF9^-8mUqZ zi1pov0I|3A3FWG(*C5U z0em>jnt^BYjfJ+AT}{+JD=-bZH`ds9e_Z)$SH3Z($Z=iIl)`nh>G-kXF4ysVkGcl4 zUkkY3eA2J4cv9FAR~<#G6!J!Q$AUpRO2JHcE_HzjYftMl^JU98^gv zIkUHE_F=uH2FKgD)bvk$aI(a=@8H#&bt6S^{s^nRy)~taT!p(xCI_$*(*^qsyNpP@ zMqSY<$Jl?OX-BPh4aM2|rsD?U0=uMaG#>4<&nURBOdlIe((sAYQo!odyeIITB==k} z;%nD}3CNr7Y{u||itu_QVMz;2g3WSK&RT}&`an00CW|8z!e<})(kKjk6a$xZ1h+5eKf6VGwXB7yt*Rtr6DhiujkzJYQ%s~+ zA1CTrAmuYsq$&(aG>cD$LSppIwNG$bA(%GGjm}sf6jyP*selUBJCmWHA1)&V=BQwX*K!6Pf!8-i`Ko=ydyok>t?;HO$K+((0noY%MY9icyjM$xmt?kvR<(E4 z&KFNk@?46@#K8kKoOygK#MVz)xiCcGgI`F^bV{GPH>Y@w?d_dnl`{u=#)Y6J$e8f= z84YJmGMkEQUebIFnENDU_~iF`t_!@zpOLuu1Cd&R^FLySU`6lyV!GWt-dYcnx#n?* zv})r8%LpqVG+u*UO)VK5R!B+?PtN)`mj@xl%+;51pHNuvpuB&sijn`iD#Re8G0N|w znhl?fMbos!3L*2}-jEF+?|qJ*75<5-+TP4#pUs~&E zg0gni-5oq{cRuTUuqc_QyO?e-Gd{KgbpO=cMunqon}R>K4S0>K^wG!$X4$@PL5Z4_ zbTtLy>Inr|{Id;M(!pXG42dw*RZQv!7DS=g$DMiV^W93UEN0OF!=RHqf=7D^X^pq# z5g&QgRc87aIFkXRNGtQj)|sBz+4d#__Q9BnFi0t=c-y4p;EnV6B~g^VJmUV^JO2vm zee_TM`c%q#CB<}8_Tc7M;B;Al$ot(NSAu7!C!va?sclD3-tI@@f^#z>_8lLk00o)h zY5er>5~yWWUOh4%52?x&NA(3u(_brL{1-ew!d__H>my2LZAURN#)dpTbCHO9s%_1V zdoDXhcDj>FmaE9GF*5OeqC{c3kEFftUC4SS38Yh~l82wT$R(F%g2n0P(duh#Ebbsay8cVUz#lHZA&KW z4J$T!0R$Q4*M6PpiIX&qV2K3itZ1xbI#q||io9x8qenirL$bi*%3ptKyXislrzFh4W(aofa(FT@`TLO@Q%=e-RK?6QFtApw z(e%j3G@+G;Yqo@Balzrz*yOD2#o6|DPfK*!qrB5-bZ+&<-A_$`2t$u!CnbhUz3jL) z6nQFI%8(6BXFUHh+$&sOve1vS<Ywt{o8O9M5T9$RCE5D*fOB5gCNocZrlu!2Zby+u^fW&sdI(15p8W9)r z!-RI1LCu3A1#Y*_sBSoQ8*n~Naqmyub3O1aP;H}|!X8vJn{uzC=to1IO>Rlkdx`7{3^qnC~ zCXbwD8n>ovLamv7P^I_V%hWuSOQZFU>DR}mnTTAmkHC3JKH7*x2<-Q`$IN0@4KpeQ3mShhQ^vX&Q{+P$kUR^xk*!zhnUaYh{9>ocQjY+iF=ua7?>U2 zjB74FpwGt3ZNqPv#^(9_Y+b`85Wvg?mYcqodo(a{xr=j%&z&UhH=m z_+XEKy+Lp}_UZlvTVU_XP@5(_;tNrk^s~s1aRFe7`1{-_<`H|5^lUMAOSYVe?LX=X zj|S2v_2bclyg(|G<>FnY&6@LTqh*L~w!a&IK|)hHjclE6#uyLADk({YJeZ5wS$Tg! z#a=^g(_i9_+-N?-Eygyv4i)_tm5*ZKA({DJU*260U7ItmXanKWS_FJ&3lgtAFvF#_ zhXm0((xrq_$u{G&ZDd(6@JC3G_U!b|sitT8W9>^THQ{lu8+(5|UhsapMlRvig!^qD zFh@X?qi#(bC?VDci=FjJOR^34ijuhb3%`=r2agFh4f-uwZo_J8QV4w!@lD{XMi;r& z@KFk2EEo_4c|4vPCM4K@N>x17f+_h$SRF6eJUX%)r?Q!99} z=q8-BgWlM7O@1R!53=~U&eXc-JyAB>M%74Kxe@9J*ER?lBPp#V0h7YAUh{tp34 zTAdi&WFnk}KDom(cKgk$I5Js=62lX^`hAaiKHJIEy3s$qXE`t=2v4|gzAi$yDau4- z?Dv0qq?u+TK6lEPmgwa*dtMTU5;nC@D1o{C9l2DP3K8Vg2OJyVfzk{4pN;O|cNu{R z>2A~0UYoX90aWQi!32EhF!ZMZ@ALKpset7np9Uv#xq0m#+N0AyjgO>~t@#i=Kyk_} zuO|C@kMl1282`sLZ!@M9{4Ye(X>!0Gg~pNJt`1$8TRiU5b>_~_Ud^NLekAQAlRym@4CexV#>{^rAD=; zTwlUw_w^mfzTTrg)#e+3y=bcpnVjvc?5z#UleN}+)x+LaQSaa?O+Gi~v)yjAWN>#= zbk&2p8mL`SP4*f;(_2I|{fDJdus9Fh_mrdiYBk&ck985!x}bkkG*6BV2h+=3WtTG8 zEd4giBX?(UG{H41OY|=&*C>jY!#tKdYRreEz7!tO5RC<@A#+r#o3kG6)NjFRl-5UA zCUt})u?+H_h2b{pW2P{B5?&<&r$VQtD3mB1US{EL*4xg*vL9m2&InwdT{i1HSRTv# z@Nkmy@}8T~q}WJk)3(NNym?{3kx=X3pbF&{T+@Uom{N)irgxsC!maJ3h&LYPX&#)D zT0mVYA9Zwf+f_%kH>$oW_t%#z{`{aWYqs?Iv%kO=QK^kootvKu6_SOhXtY3QJJDXt z>)2%{@VrnOGuv@hhf7m@Ap4V-lJ!Jp=HLHVL=g4OlX6_2hU5jZCt=iXHv|V^MlR&R zEmsMR?uU2nrK?eHkD#L%MJ%_N*1ttg%%Y{c z95V~vMX~Qk4dMF4bYm)&6)BT2p3DKDAP+!H-CVR<#$^qfvFe+v5A$bD&PUL!cG;8{_X&f`zJ*GvM$-Qzk_FpH7Rx`Fz~g@~fnkco^s_Sv z5fs?8LZjVZJw*?6*RK|9M8nyoBDjtaBQA=s)f$B~STiWL1YZlUg4zqmt3^tI1h5;R z8{h0(Tx|8*fCsle!oWE=Ae5tCWO@?M`wrtxe|08abG7z&LL!c+(;29mDr$81RO7?z zJgr*)Sx9hWTh51;vC-)ezDucEDWu1Z5(skZFcGxqJ1v=R7jcEnm)l4us#H>b_%c+_M& zh3~45OUg>RreH_0a!GHIHbcd(z%;928q24mG1}y>a2#9aYIa((muz%c|(4{&k zzfT+Sh)|HW8IilAwB@#8v9@7y`jdV@ck^~pd0b)C@a)pxwL)TY-OG8#H~@l5?pz)S z^3~SQ0pdoa9J^ER`D9>IpwqR?4>K^&RYq&O! z_tFv87dkx%egIW9gJk$wR(15Z%cS$Kx?dJ*&9f-#{c6gUT4WM>n+@V{G^-X)z5Z?T&Y#(ZNJG7cLOyP1^q82@ss6u+Z;^z;`F$1*)< z+X#ta(z1K2XQP?qo@fCf%-2Avpo%v$3uT4Qlv>S}EKlk1yVdKRHn2i(G|X{hr@Uo` z^tN)y(dDgP)2(sE6Auqt)>+45M zsj(K(`^W$!8UXxB9rAP!GKeQYGr!*$w{iAGPuVPn+{_I#^^G0`&C`kvcj6UX&y}U3 zn&-wvEOR#DymqjQ1Ojf~b!wATzM}#~z&D#D<|fqL8%P1Jh!YWCu0O6qo!BkO0_I-6 zW2k-zc#6yWPrL0O_pDC!nor;wH-q6ylQp)t&oVYliL?)i^UaQoQghwqsGv)F@!p$76eMpa`maszaa4b{lb1o+BsU8jj~wVs<|E%FStgL8J?b! zC3hbL&emnK1vj3}pgzJ-wy`1VAdR+}TXoQxL6mIOqT&Gu%$*gk3KNbzeERJ2?C#c- zpA-!iV;Hg5ZnZ2CffMjJMm!ELBtIy;lq1e2A#Zrcrkd`xcqlV-lr#I;a2tMPKNXv2 zNcxIvZzfNEm^^68R_%G5?)yHnIXG=n?zHkJcz5C8m*#ZUK6`A@R;t<$06ZG>CDdf< z!-V?uYQW>74-M_+bO7HpQ8_y^Vw-LlZnX{k3h>tg9dl=&-xov5E*>c$L%FR8K%P-| z*8)E>G`$(WSbij&xxvms*M!#Nps7`?2)wnttH$SZ7%mK5&zMu79`XR_Nm#{QC;d!R zKaB%E=eeez39txmt(5k`gc{)hCJjTdYpNxBv13)PR={|CHw~rUUZ=O5Yi~ET`9uug z`E8C+2rq3Kj3wm8EK>gAcu^&`UQ{WOul8gzt`%kL1B477wU zZwvE)c&HeJR zOvYBGYsLihw@%qTj&5W|*xPO=Lam*j;+J;b_Can^o%haGZVF2BAds%bZ&O}9fys#6 zh~-jY^or@Q!?{c*{!*b5*ys_dhTtv{?3Glj^52eO=9dPJW#~V2sG45(@}{d4OGg)# z4<-Ge8Hx;nAC8z6KAgk7%f67f9yuN#c@ z;Rx2$bNFX|=|d`^04vgQs=BsV||^$OOWe2+&^G;RMn&1C)saWzOB)-J;J7!R9+ zI(7cMu5|`mZcRvEb5v-$W0pK{r@y-XxNISn9CS2uxp?^>4X~>8? z5`9{tv*5{U0uN7ADz};BbxUb;RI9JswW(oc;!jb{>LA0nQ2;oVhEa$|nrG*I{nnY@ zf%7lAl5#I%7^JVjyRDi_EG0=N4#RbK+fQcMGSpy?jRqoYVaRkpl^<3vX!~E|=aHQ} z+F_J(eQe*G8BXEqI&OAg53 zVK-OdqJg2IV*fbHi`YMx34v6lI~-DnMJ>DijTCY_9I(NO!+`o?Qy|ZoyrKnoTkyfo zk$-aR>ZoMpi@X5c`e#xP)OWsL*2Gw-_f{USRGzDVasC;O>|%|} z?CGCP9sG?9P00#C7Fq#HLJP2ND0 zw?7RKQXzDalq8y&e5`f3URZ`!C_#Y4!XG`>60t(5mT#md4%U?}`tt zvdo(g>X;`O(WQ|kJud(nzMQ@Fib?}hskZ#U;Xzm}yauuWjLaL=^OM4wY4>JuS7tUf zG)~$3@O6^&{j;1#YuU+7asN5}yM}qYpm=B}s9Bwdyev`~m-fCUU!jXh zrk-*x8hdXLriVvuGg|p3ncjqzCBO*s;H*xZDuZ3>h93qkw=)bkIr@fo(HZO3E)e4? zowLYD8MQ7o)nE}56AG|CMyW36qvm{oFma=z3VrKtf(#2)D2IbCp zD8N&9b_^r!XePGdS9+$$G~-e#j1~@HB6SVZ{6w1MG*XfGo9?rPnpvnXdew-%x0(3G zl50k-=5hl+gN_g)N09gL;AvyO4#iVH6-c%7ATkwgCiHhUKMFq! zNE2;infHtulz7JKm%3t@t31RjJF!X`zcR%_tka$nc8TJYLuNtg}G)*J@X4woxxI=X{j&4 z2B89f$rt?6&`*4l+`lnb*6-!#7*8aJ*1}+pfrg_i*wm#OTN9%ym+dd*Sph}VBsW5U z<)@5+;BfOPWt_LTu%3*_5~HT-ez0x;ctI6MGa*9%)xYsxw(ulyie!SWzt<$}cBs`V zrq^vC$@g;9bObqTVd>D1frdUwOx4Che0V*|k9y8_;aczHBn(qg0APnc%Ib2$wiCWV z)1_+s);k3*T>w;3N4qfkuCvV;MMZP*A&=TENp4}8ii>}y(PrJ+++94HV}Fm(Cc5m0 znv~vOhE=9t5coRjg>A*2f#>6mhy#NeCR=)bLES{0G<6)ss%$7&AcunTKa=8?jT3<; z&kBk!mHo?oqK|CNb2z<~ggcmao;miVE35R?1ehtzBn_|)t4m_@=p-e+R%9GLdUMfR z?`2M!lozpIla|fbFd!m*h1YlxIJ4#!fIxT&xqSAPtPM*xGw#!mkJ*ktGh6688wiOa zvSg|4SGxJle#hDdqDYSUeUx2WND(_Z=g|LImrnv#^VUf$exjJH?eTW^bjv3K_3{vxR> zZU5)_vlBNrUIfoJH9`(}bwzXS`}1(q{WU~iPGN2pTk+A^*oyaWGc|ms$Kl%1%XSv1 zqjLq}56z~zR4MERKRFf6IV2?9^DHZF-cs179X2FYg$@XLLEIvnmCvup4sHb6Gsgf4 zkL60?I3c%3?Qju;A})OqXd%L6+)^~lf+qXCwjy&Wgzsy6ZKHbGuuBiN`maMcAS z;8zUg@c*oQ?SG>tQu_R;{CnE;^5?`|@_I#SO-!p=sds+^-fbT-biixhMTcD7V#nK4*;+)pqKSZR~yWmDr61w-#kUthLw`PWE&zPV2)A! zHxWJ499?vU#movE0x3rv()96Pq*llG7kpv&yei?_QyZ6OPsA!eN!9jrH@}hwe?g*~h(c9I<5g&T{MBbKg+HP9@|%*?;rI97ef|wz z`};9*T-n~8M-m|n;lwJa-CVlwKwI{YvsC?{{qpmIc+BgbQ|1S@)KM%C4W8kw?nIE@NFEMC6k~b`B%{HkeE{R#r=0$OTSh+yb_&;&= zFQ1E)G5(6v{N~5RCj!rO#Z|%tXD>_+s=kg$ktv3(XuD_R(4gu%VxbwjQ}K=~$|(;_ ztWzP)5&fEc_xSyOy2)$XyDeAK5E`%VFYG-N;(^1?J_k2Ius&*M)A%)ZrLe>BH)t+k zMTa47W5sKtaX=zi?3%K~Y$b-`PqSmL%dHALDHwCY$7xzm*OR=poUnhz`PVHqM9*i! z`@9J~R)1tV2s4p4Q)$#@Zh^%My8givJ5(sBM%m5IqGrlA*YM7OUDCk6;LuTZ<-Wd} zvIJMm=B7CQOmV&-@Q7A82-3wb2X{c<0b3$ifbv=h^wjs-T0+>`jvh=i&SO7%z(VV9 zj>@H<{ZTlw(W)xYXM6++wb-9R8&*b2PXlVEPaID#zBu`2|KWCP&Li;-VFnh2rY8)i zhi0hb?H3Mu=eWj?_cBG9Y-r4d!!K^jZV5cO--VoOzVw?+NGJ-j{PtiHP&y(8le=-w z+%7$g`sO;6i8@>Wa{hw{yRd)XzpRDOqX78B8pFS+i@sLSt2~?}x!-UBd{nUgAJWwS z?WaCZGXKNZ%Y6qd9D`{@@$=KPgSi z;h5ki%fqp%&`>yoDzq7AmjUzjOXZ zZ5*a(+TcD7NOU&nuEzNK;K4}uzx8D`5W#tD4R41Z12ur))OdLC@PRGI{o<1!leO;+ zo8C^>Ybt5Q0W+Kjl-Xfz!ueh~yvJ*wy3!VDuC5)OhBE({{11XR&+dW1TLYc9*^g<+ zm#Jj`>jbzgyI*KrGsVKI^QnNNS)ue3Pzzuy*YOwM-X{(MpySC-vg$W0nTtLR#}m^b zI!?t3`vr%MEwj}+7h^_-5dRgoy?rtt%epLqe`3v`lLs(1PS!X1Gyueob8a~Gzi4~U zu%^1EZ8$0lf=CnvQAz*>rA3-Z4MmDb@4X8O2+})Il-@x^KtMrylO|GQqc`c&rG-u; z)Idny6};~6x}W!We?7&55@rgS<06ULxa>BkmWYQ(viQL3fg* zv|y7O`Y_laxD}sUWYlG-TG7}CZXn33*X zA>L&2Bw=)Hhp^Eefc>_@uVQpjk;CBI&JnUCl>tttFh$ zBw{xtvZI(G@h3&Aozc70-5mKSnyeN+e1{)4>{kaAFHD~bA}!8Naq{-}6G291CRrGBzBX8<>j zO$Kw>{?}K4OFHShSxaZqptyZKxYGktj_%v$cU%BZbx(syVHBcdmi^!b#EZrKRcjNI z!bTFq#o2_)P@4+&=u_qdcat^k=^KrwNJsnEk1-(%S0dr4-V38wq+8Bqp?$bLppJ~a zLd@mi84Qg*C0*2PR$g>PW^q3cog>8iddF1|o%G=wW$oiFE+syUA_L&dkaVs+)L`8H z&OPKdDe!u>ch5S9AlZUt}c_`v{p! zusR>KudS>gG~euue0UvY<@pS>98K&sAf<*o8wYEQCMg1C)?2 zbp`0X&H~;u@JpRu+a_1^&sdlK(q|;QfQ6}gH<8LbzZcsT^YK=Mk2f{g{q zJ$JE3mHR}24D?C45jchHb9c=^to|PFaxb$LQCl#aq=g*qpU{)l`t6l|X1kaiL)>*H zdeZ#DgY52HCme;JjfAUk1C_RbeyYgf_O!pQ(uR)<^1fJz6g(e!GF=T4ywxF9Fr_?U zT$n}oo&K)%+gzV3?LObVwYbsN{X<1@%m#YTxKNFePEqLTLKD)t$7Ab0iRtGH$FQeN zoPD(z0)Zqpr63u9t&s-Zn5@qX*iE@F05O0IM8q=;(i+~}NK7q zecPL_OFI`-{K#t1$mL@;KfJ)FFf!sz{t4FT#ZR9>^?_uMe-Yp1u;uRFlyJ?)@A?zc zDyBw&j3vJH2Lv*v2jXf!yfBmXc4m+?7MVDX@RtJj&p=k?&AYr7DMh%4Vjl!+2aHOl zr%xS_$eKfI*XR>gDl(f4VMZ(EE906%lpb-#u>2wD^0NMMx0o zAM|;(YkD~v$NN7XEymyyc zP0Xv62d*2*d9dwY~HiF&>4HT?>oWC6{qb zq6%;o{mbX`sS42G;Fjpw=X@B(KJSgrxBYBhr9mTZshat_&Ev~fttFaxGNb~xcQTQe zgqN&mzHhb0GNZf&1w8wkD1sd6NMD}+V@|Q`C=l(za2l7nh_sWsz%?)jUq8IISz3c> z9>CE$LFa2w`1WbUMtE}Sd z9*D1gTl-!9S_czyegBuA`I{So!k*jvxYfPwA_{Yrw-REmxKBRS4gQ$Kf|^!WIeXpK z7QVnoE#VXOfrS0OY-?0SNHl(TaW*{>vqC+2IQ!z;{wg7Z@tQdC>-vqI=TDE;vlWqd z0x%n0&HUA0G@Rzw<~gmBS1^o{Vp#No!W(qYe0z2)9O;Qk^y-aT>YcnC0xCpU=vsEN zc9L4lX>N-Mn7v7<0bRI;YRcg7sSGi3wq%C7{diyE6o#X_^xQ(r6yKB?erfh+-`2>G zU06*aOi6w!J;4XhsXdFKF~?j&V#*X{0=?d=hw?Ny2ON&8dk6Wye*tqF3B)2-dYOry zi!}{VgxjJNT0WS;8M}!iA16+BwUEq@` zRdHHEFhg7_(6C9+ZD+RaXJ5AS8xO$k*%v>e=*kIK3s-+2U;XVMgX{&&-0T88 zHls_udjibhRQ2v0JtBf}GRs=DwUtu8+1@S!laW0BgfVz*C~*-U(?L`VyseG*FwE_< zOMWQZ;I!W5(AsPduJ;(J0$Q=3@jkPhBZF_5SPI3hc2POmFqHVwo;*|&)x-?4*uyKYqkN-`HgVr z*vU9Ja&I_rXZb?o3i|(3I~){Q-)LKrW_lwlJ8_}gY}d%Ch%&^y`7HAH!^>_?xkX%X(a z5tjNU;2j4^Q9O6WcP$Qz{q5H5tsj6#ihUiGY0hZMKt-i;;>EYLoq;I36Y6|h&jv}n zkrH&@{*2OKZ+>h23Pkw66Ta>Dp!M#WImBu07kHP6I&vq*DZv zdUs`?)jp6{--;K-mKqIG+r2>@9U5w7o~LCY<2OG0lZvbc{C;VeQXWvB z1qQUx+{}Lyd^s)dYf#_b&`x8N`}|bjo+rgZCW~7TY{ePZ+LtK`ZpDZ8L=9%2p>gVn zXS2p_3B3Lt+ZmRnxAW=j#r(D)!N)~0Rt?CJhF9}HN&`*gV#!i&du>0WnYTo5FJ0uM zU_&j%+VIc!F-an<&4m5=adqcr2c7FRoy-GEHgm^x#m{{R;?a|C{p=GD{4hOcGTbDN zSn!QPM(j1XrWAL?j>0dXgb0mZ*<4a?s8vPDll&L{YN4@Sy0bw%M3?vYjYITC?8>&y za_7MW1Ixl{JOu;SUE=!#Z7q1Wuz$eyFn_@Wk80xYY`hCj?`Zh4^>XJmS6R^Cu6zAX z0xg*f+ZnEinHH$53>2X-ceqyZ>mwnCiA)ozC@RW8*`I$3)ba00E5zV~zt>-F6kJjD z61`{O0-g6-9J&iVEdPvlspV3#bP636!M;DZx#D?+sF0NF9Lm4ye~`BW3#(;nnT`<9 zABr8kaZKiBkvPUB6X%Uhm@?Vw442rEgeL@0!xhDrQZ#j=emiPP%8j@I+yaF=w;wD(kN28=7W%H$>U=QsRg9amxuN?V9go zo(gK8z$cys-5uYEYd1Zi`3l{B;VO98LeK^5ZQ_>93iX&~e0K`J=tMSi!sqyr-s&A- z`u0JEG~yC6mt5utS8NgaY6K==HI6|M7(V6MB`;R_jpA99LZ7N4MpI;>I6c<%6DGC1S)>3N7Vt7)?SHa<;1d<1;^6S zm7436xjLJaA~f{6uZhj}lv&np5$+=?wQ%#3z(7su6zTC(*-^&E+C*6Z!q4A7@~vKM z(q?xk{wdVAe6UBifqNnQjW&DgP@~7iC{tdTjUr3LG?Pg$e(T#svd1Tnl1RSS$Bm6? z6mqeL$;H&>7`dp)3vLLQosrIZ0wvRoZKIy*i2og%X%cv})W_;$9qI4- z);JC0+Hsb)(ffQW)$mKLp+D;ImRv|4db32gRx=gvdro&hzt4cNd!ZF-c`_OO1@h2R ztP}|m1Z9%nY2am#4`qa4!SXrp0f+}CTR2px#0@}}blV+@pe4K3bJ2KwcCPXFX1E>Y z96Mnx zmbBiT|Mg4W;oFEb^q#@K_eulm6!6v9o#{%6^#tkjb9a5$7NbM!!%lU@E`$sw)B@wz zl^o5WZWRP`Jxa9I420~l(Wb?8Zyf9NoYn7kH$4^+)lgWI@sa;LPZN^)>-h3hS zN?ghljU_j)dc61ubVVz9hbCj7>iQUQ`+%E-MJy)6)tdXY0?ys|xZGFp=wdo0PIN?2R6ev86X!y^vHTkWDUG0fG>F)zGHqa#m$sms=W&Ksg8pSYw0QIdv!Fs(KO z1jTmR^wW&-+VAaKTYAiS;n$NGul&EC2Z#ZTpM?VB_Z57hlgrDx@6H9e4j3w{=zx6o znFIM;(y@qquibZD>@wscz`RD0KopkBfGD_geQf^u&s>ke1~TXVwmzg-T_?Z2fmf?Ks*Y7U@v3uXOBc z$!IQ={FG$Eg$&Vvfrd|$5=T+^KW+7BkMHDV$nj2ZBnz%2RPOpKfQ>0gjC?=`690rE z-q3$R=kfiCkAd8L=24RiYeOLgv{P^O@}?vkkEgej0E_?LgRP6}%5V9)bqUG=X5RM| zZoh2u|0bpfXvFuzIHmRxvFd3fG?_{_6Kx>Set^qCD5AH!`v!*gV|YH5{|8!AI`Ef| zYQvYvaO=Hp;FTyRvtZt%L(b-J`)w}euM)(ic6aA@{^FYZO9KmBI>?z;X@Qg`s>@qW zzgB`^R!2$79zFP@!)f!wcG{FK;#P*w&h4;cnD zL|nUuOIGi?*h$k79G~6Vn&+f=?!cf<(#LgashvBGH&q%O0BD|?TM~*b6MZO<(nX7? zy|Xv7nm${0bPSUM_c}8rwq7Q;d&d%w)B}BXKSsF?zJMhy55PAPYwGabP01}=t#i(y z1;|w|3}Jp56<_ABsKPU!ZBCd+`adXDc3eWC+z(D6&Sy6rcI|IhBiF_`Q8y9Y)A=f~ zs4Ddh-4?%oqtB1o-m4^>kPcg728kas2*e^nyIhtx$*#ZJhPJF*2O~mUt#K(nlbFJer|p~OuZE}|2HLAM zZ0&k5U1{3$DgT2G8>QWBu8FLnA0qGUG;i|5E;%GSPaoP~iw$8So-XLp37xt0zO7~e zlMZm%ioN)QDSRk>cgDOz3mjRcfjI%Nl9%0zac}h76uhZy)tKm)c)(Mr?(eFvt`>-E z4UVO>wtvDoJ(4+J5n*GVZUn*iwP*}HJDD~M&id^xv@!O)Qy@ut_zjXK(WM; zf_ac%slz{6Q!;(!Ofp#{#l&#I1FET+SH;D!@S2^-98sdO*w*dx)l&mLTs+*jAfQ2Y)yk+p^>e|AT^%v-4An{xc&!LwJ2;zbDiVZYAf zM&#>+gYMbu_nKS^|1)MVQ}}CWRUmppHS@wMeSy|=%3NzK%>}ai#~3yG6bYiP3`Nzk zqmilQFid0dw{yg;ZOmX4GfT``BHROn0S zKjIgoWXErm9AOvYd<#&kt@pSv+eOK-EQFk^NBlV(#TSYQCH_Ms%umwg5Qyf5z`*)l%WEI@=np!z+(Zr*)3|RQUq`V z4Ioi3LJLmVZ=TOTtDCn2BA;jJ%Apq#Lfk z8g?TI8Smg|1X7oL3ef9A_CN&1;d19?dfyV1{B3h_-nJ&8@QJ4(XVv%jDz8g1DFi~V zk@1_K>!%|7gpD`b{R7_-DnjQ>jb8@Vjbvp&+DN#hLJphK@Nwis@Hml;P-R66Vnj@J z`Rvpq)1T%}Qn@mQUMA~9uDU>nOZdg2T-`q~3u{>O#h?NFDwp6{p$(cuV^V6Qt`Ph-($nUviK42p^X>h~Ii2!MWS{r?28Ub&HllFc_90Zb#pFcJ5`z$5 zLsUpvELnVCoKoQDd;40&+8-6oZa#1u;oO>I?;*S43H`xv|9uwYhWHFDtXgyV>voFo z#Mkpd`KavAtNMc{&SbI|pLzc#nB7y@)o%L)NHna#BetbBTvjorAm>Xb+>0*~-oP`QR0@*3yy zcdflJ@aq|@tqt{R$CG!D`K51Eyi8oMdGwH12(0bE$OZaif@W%dA)1(c_FfJbSrkUr9ZRYif+x-x+$?#Qq=X z^!+%%U_5Z(rSv1G4k;e>mfCu0em;+iipty!X?NX=$7_3jL7k3HD&?*r%dq7JUHF>^ z-+z9MDK8Slo@YdU({Xd_b_iB4W*$?-DSWm}l8MU{-COuEeV#p!r96-R{?Cc^+s|QP zbxa%|1y}f30Rs+zf3>2eRut)For+aLOXLf-yXgte(+%%f6jmh(d#zE7~-qd)rMO>5VRU!Z!CqY|gX z@DAcB6uhkl{R9`AOAq2R^I>6ARkYW%NMPuG&1^hu97sIm?B59$oCcg8VG|SMBeb@+ zsrT>x=7J`gJI9^Bpsv!{ljpOynjDUy&76Yb(6hUtmw(P||C6 z-=THn3Ryc7BCx7malS`A^Mdg;F(1NY*2JQgW{+CJ$g0uJjMwJ8c(ulh^`_8B<{g&q zYhXY?j-5OEQ?pud0qbl>3Yhh^UxCWR3H=R(lblwP;M(60y(cA(-rp}PE~mNmx{2p< zi{c>c0;`w*+Iqn_&1;M)0?v21p0}79+PRX~-eJjMZL2(JZM}&2+(-&X4PPO{H7lCG z=8I{+aAUT)Eye2^ZPOXxP|5nNJVBEGm@SK?FI`PD8!Qov4#iN;LXL*cFDOj$bae^a zN`#*eYI|&M#}|_#6mMS3jrmGKXMeK-0002r#8H)ZC6346dvpJ1-^3EGouO&-0IR;Vac{6{NRf0V0uTJMeP`sIT3Z`Ih? zU!9|$K6)fopuPhwaR6!XyyL zCl0aezpVadF-X{glqA0wN@jfSZzAJAF2qutMI`J0Jvm3vK%Iox{AHTBVzg&1U7mKFU z;aa7AwJ&B$GSL76x`UH^qYhH6U~gkm+-oC@aQ0(Cc!FbuFvOzzo|`gh1n}b+@Hc$| z`SR&l7)ZYYf&JsZ{jYvim1#T|z@8(&1y&yd877y3zSQ07efY|xz2TH&@v;fJ)_ecIB@o%d9uKjSL?0w_|v^MFb##dzG zbPG+Egy}USYU)LZ1>WM9$ToeZJM~58xwx;8@i$CSb+^h;1pT%IA3d!8L@aqIXMA_N zHUh^8{{4%d0@Q~3b;PLyNVe~7Md!2$QxPW9t;Qp5RXqc)nL?WpOC z;($oy)hhouCez?{=Lc4bpiolE+Nijlash8V^eeifHcz*2*H;nbkG(o_+VOv$m%d2W zlXy$oi7&SIpf2nuLBO50TG4%w*x27<(3X{!@`Obbi>oH!(eZ1NC)JPxIt= zk30FkPpXKczA~6)1ixl23!!Zl@M}mIK3@Bp-caZb?v@RA(4VRE?96E>ecoWKI)61| z*t!k$@;_9JBr^xId`1nbe|S?t>TEzXKy?Ub+etpDNG8)I?r=6phiZC2(V`P=>+Mf& zl&xFyU8f~eCwOF)DK>1D_qCe)8LGNkZH^UoKkwwTK{geBry_SU1iLNguQp7189jXk z-VU(>%N3am@+#<)x3*l5T2l1Rf{ZXC^UAO6sXu2*msqOwnL+K0*gL+dhN+sto!?pu zZ<)uxsZc(O*E=oqdJ(>N7*A1VP5kpCPw(aj*U|^bpXuCs_6MGy8kmbUiI0f;Yw1So zYPEl?C99Pbos5D{9>J725}Do<57OBuwV!Bw2|DAuo<&lRzPEaE|9lD8`GVfn%d}u- z(yJigLz>#xn{re*nYd?;PGhKF#y-#w`xSwr2F1PKG#GU-+vvrvYhQdR$zd1L99Cxm4OEEZt>lY!~n(6z54AE_1#pE_8l` zU457xNi9kE0_{7<(00bjRgo5^iW&5ne*{vXDCvmIaEr!!r)3UW)-&rtO+o?coWq3s zsp7~L1ob(S(o|TRtjj)bv%-5M<%)--(>J4HP%bwj$2v8`ofWd*+Zb~tbp~nEeBx9! zM`6t2bi&R}yvDj%5eMnGlG4EreU8u{sPyXtTd!%aJwA<~$jUgswJCa()tM1#Gb95o z%a-EIA!00^$HNTFGZ+0D*S;qE3aan!ZfyEa^BA9K*!iTvEG%yt^Ee{H{mLpm*=EI8 z_weR}t0T^U zrmmSgbch?SPie|{auu`XKh0% zEaz|vUC#XD)nBGqA8Pkdb&%Wc&m}POpW9#uU*ya_t1E8Df0mjoK#mT8!yH%1`I;|! z7b9%F0d57Z^2Z?L0VhI(ka#ht!ek=%vJ4?JX0@oi%PreJqIJ~mi0L32wD+{W{$RJ2 zRyW{WWOYaPw{2g6t5aI^d6CL7zSnK%77r&mc09pRvTHcyzqTd!Q| zCaGeFAOydCi9kAwe~tysHic@`3bl!@ZWc3HyA3&CQW4eAXpKrErAidn$U7SAzno*Q zTjxoucP$iLc+}gni6lY{!rhPwf?MA+}^X9Bf z7t^Ap1#!yKr0qnWlSYWsFZv zMkF-e;i*D2fO?QepzfjQQU+Q>wfsU9+HA!d^<85gHn2hlVz%F4Xa;^jBJ(tv za@Lzkoo3#7$UgaSVG-QmDL7U%#kCRRN$dWBw~^`7AIl4Px|8|NiA0o-utvDdyw;UW z26vrKN$&Jk2E0h--Z^2iCAfH|%d3&pxn|ekGJ>N2P_Nd#4)tKNC!0IjP`ZFrK0Ez* zHqUAmaPly2^44IU>kbVCV9KxnGb|>H-@$2B*M+mpjU% zRbt~-g3XvX^H&>T@KITe->BVTDEw97g9E=3k#s@h;f9zVyF*1z?&_p9hzwN1#tYk+ z0<5NinHd*7$fm>-r&3IXsDz)qH}TFXbF0attTmU@Z=i!*JLXgQML`;2tlDIR&x1N= zeWk;+D17hx*9+GA=7H8{CeMI$@|wo|4RbeO>{zMJ$N=gCg%>k4JI?sV%OP<4oC#*r zh9{&>6mF39DuW zq-$T_E?+1~MXH&qOD318oBbx2dHd(Nw|1)xpg%#E3~#=Gf%>x+R~HS`z+p_?&&1^9 z6@aG{H)(#L)}qb@>6At9A|~IT|3T_GRMqy7-H787nW0IXru^b`p_9dCr>FnR1vQs# zX?4BWt+Awa(c2Q61*jXV>?G!?@Ni}J;>TQ?i)l%uE(fKz>H#OhtMs-!6S?F9`M=Z_ zB5MjD7X<2GAdovjq66$kl`?S)Ia+FpG8v4{xOaz7p+Asz)IeMHhpPpU(Ut9`A6$Lr zahW2B$ArPZqH^G9#LZWjwYeiLJ$Jjw@Vxq~%DaM$TuW%Rl>FGW8PmWUV*?BZ#e2Nk zs%#^_*PW}F|B1EyU6^H98y3*U`icu0IPTD(p2OPkYx{u#GYh@GAAujg@U|%!Ca&{p zB>Dm9NTJuXd!}>()E};L3thCC1bi{TB076vJ__1B18QY`pzw=-mB(zFGl%_J%uSv&cc5Z2-@R|BT-XuR6xA@uD!>i$I5Wh2f|WW~4>f zzKJ^5Jd?xF^OMGBj{`6lx>A_?Qo-fV>~p-AE|9gKH>*Zt41B-_FuZpep#B&Gy4Eau zzRB1$Mz0SU8@+Oy7zC#8OOjFc#<>RitHAUL83;L3I0=Ur&h36IURwGf06csp#bbY) z%q>^33fOqiWo4tyeil@~CxPcE$Xz;o3%hYYvR zc0DB)jHaFs;?c#DpDD{vQ(Ozzq#s$$sK_zGy(*=)Z+V-q6j~1MvB0kt-%IC|JEabJ zc^pdnyS<|@CETkFE%pJAPYYXFVk4%Voz;8p`^~GUHJUR(^rN32?f4j52f+v?2~IZT zkAeY_L+h$f0ZMRSynecqu-|bYg?Pw+yX||-*+8*UDqp+(TWT{#w0`0$#Fr6cZ8a(m z?=sZZ%O)tLP8tB;8Q@XU*0J&GZu1_cY`9$}iglybNCmHnm7G176b_F#W!Ku1?pR#a z6rt#UL*Bn7cLgj+{%L`Fat&8e>@74tm7(UFT z*DbjMeLcqH)T!cU=zllw;(5=d2kE~L>nqZGX`;kqXB^9)Lhr2&i66{%qL_^V8O>5> zAuI+|QuFn|ry2EJ;(x)yH2wk=IrC;8rgV}a(_a|P_+^5&!+t0Cb)QLI@OGa5ol{{d z=>Uoidu>%eTIqknB!w#nKt@cKCoH#2j|uaFU9C%*5ER&nT5Oj$GTG#LO})eKpz5%X z8hj1?BemmY@_v2?>ZS!wUm*MzTR?YNQ03#-#8bLrIULY8o_X5zY(t)1-{I%rNT9F? z0DAa$su&wm<1VOnTdv>wbeEN-_J9Tb&=0rQE|;RRmlEM~_8o7Epd85c1St z;*)-cXQNyq(P^r$lmLiRSez&M%f`AwTUmO&5u0;&s%ZkT(*y!98=G`Jznw2c8Z=rU zl^~w5NFy#{>;wXce`r#=-kXn!B>UqBh}>KI;S5`a-T9ha#63iB0X>ob@IX7I(VC@* z9x@gtI&cb-02UwAG*Upu$q}0Zz3G`gdGN$#zdZg8>y1pJvpA0c;;^Ta_-A_F(QIl? zoym8#rNIaB!8KQWYtLC1Z8v?;hur(oFGqM3EsE=zvo9)RMTg30Dxw$17ESccu&8Kv;+po(9-bV5t5-n-xW8j=(s)2Xpr#fd zHY`r{vz#8{K)z~k_>-84PaiqT&TQHuAk2?SD6@44xMozRw`A+I4{>D(>2oAn9&|!9 z@A1MDoZVizS82!Iv>28KQ45;$#}B+(J6d)gnvM|MmW$SE$L|;J7u`V+HyJkj+z|Dm z2!sfNh}m2v`#1v>C&I1B>ChCn>^q{rA9}LX z8nL{7|Jw1~=F=|5>GXCRX2dppcPUbwh!5yJWO3H*Vk}zu%IDhFl3qhl09z#$jdSQwLDC~tG{+NWN$QyXsiNpn9&t6=&nt-qdAm)HpjGPDW}aR2`R$PPGLEZ_$u}GO?YFt0|Wt5S=lEz-%!Zspmv?zsh94%CWTd zAv4G7z4|`x^u{Zq6=9lJ#W7UWK`@P*6&DYj%I`o^??H%5;pni6x^2sz+_M1%q@AJQCa@24fsQ&%Mthhdg3trO@zL zNY4m9E1PO1A^dbk1^MgdbyL%eyys>5&$8zbP{Bs&IiL`YyDYsx&@XqwFnu*%o_WVj zy@JkO8&UB@(Ox`(XX3WU^MgCjb15VxA<|nEGS6VfD;2k8-iTF*a;;C4mwXy}^jg3% zW7=xYX`wA9zs{qL?ZNAEn|@WXtj12>jDo~&LR-zll5?ES6NV2|6YQ}^xB?a`^UZ8O)G(J}+U?aU2xY?D|3eWAc*O7e0YQhi?vWDg@S- zEQ-815??u=ZRqXm^a*0;MhvB;&1=oG)pMkM6!8^lh+28ujKS}6Q%BE@Fp7Cw+p=X8L*Q*b)QPIzLR}1FR>MVZhaK5vumj{_PO4_ z>XY%x#9DBTrzeM3#zezn$>wtXa^LOh0+z@crj*9p`?3d)%LS5(Wr%mG@6O7qqe8w# zo_O|&R_w6ltPJE?HPrV&_>$Qc;uVURCI z6p}|*DdA@zV`@ul*Em5ka9DO}c|^mTAM(>v)^7SPD+S~u-TyyRny8}!AxY-Q+sY>& z{n&TTUNWCfp%k`Ar~ErNX+O&B>+cMu5EZ-;SxoFn8fB?VaQX2Ve`fpDu0e6)Re2N> zjj%=I|9JfVM$~$wR$462TRlzOz^D8{#0BtlSGc5R)mHDodn1NXoDK2Eq{gY?*nift zDi4gGI{)ojdfza(I1%AHRjMwt;lJ&AsnOl)j?PGm`)lRJFE*Y5Ub{a!bCwojH*AD0 zO#fNGzjGALRWu9BdND_T-a|p1+T=~9ii@R%43EHJdpUL^I_GADvig%L5qx{Zj8ffa z+eM{^yNNRaX_+b+r9C%ljTsPCe%9FgIxGH8({0T^zpORK2lRU6t}En3_hK0E#!|KH zhq_d3Z?^Z`n_O7SK2+*t1+W}hmtrk8Ls-Vd+wOwQ`>nQ1l-o3CgV_B*6;;*msQ z(yiw>dsK30g$OQ|PaO&dEBD$$=jQShcaPX2GCJv|brd`~o=75|Zo6Y~;qfD$dzn3G zHyf1w*REGfdIBg8uG><0wEPAEUlS(oi^7S6~dMR{nG^P>?jmQ%3Bh`Dw^|8ug+#j}my^+Ih8MJ~vPZsVxx25=R zxni)5#k7wkUC#}wQ&Li|jMbOliJx~qTK^e4y9 zOaC0aN9vZZ$b`QCSk1wau|DA5jh;MfsL(X@$n$*XCj>8rL!#w)FBCq=pP z$Uo&6=kK0VnXjod*F}zXBBaLXyD<@U;Qd*Zu0^k_&I&31qaDVyuiQA{0H>l~p?&FS zJTR%)8@pD#j@zsuJkq3a6&X*+{^X~0Y&vMk2hO~nl(v~#^Trjdn8dE>5A{m6b7ahG z>s+L=3m(i&s#gj~lTQ3cfxVLq*1Y&}7fWji-i-9GD!a5kp;>NYLeWG~>#rtLaBe3tBp3!$?Pea3uPG34NlNj9~Es8hv6rT=IS* zs;#$`3BhkNh10sKqNA|4?z6hI|ARAAC59zH(qXsPu+k8!?Q8kx-tM1I8I3Q<7ddmg z0s?Ku@x^ieE6R_1>uG6eIr((-oM;~<{P!jeo77de4zowf1#O*LX06#Vj-Ee=Tt=UZ8T3 z+)FBH;?@(w-q+35Q4Sb9y$xeqpg4KCqW`buIu_9X-LN2D&q_hcVLg+D z9*6mYVWip>2&D`uh6A}2bQ}Y`Nd_zy1foF!j3S6kLxGX|uYWX%Wo>(bB>m+}?8gn+ zI8X{2urs7@UMV(9+-8~0Bo_a?fkT2nKa(}`Vr@${4-^#?q$Suay3ht4k4@wT_8>5(l9V&QbhdLpFOc6X$m&dtZwqKDwR{n9FHD+gX|U^YZz&I?>@eS zHM9NmZ?B;r3|_)W^L+O0V$h{X=snVhXc)-GSzY*Nv63izX(HuU^m zgaU2bt$Fp2XDP4S0G;oW-m9E^JgT8g`%=p;pIPi0vv6#7Acf3T)jFq5r+=Nn-r99L$}v^t%k#(c|TV~IsP@!^GPj9w4*`sAy?B5UpG z8MjvR2XOt4TXaoX$Tj8thN)<(>?63-@`@5mgjk&?)0OnM?HD0$GMwQAf2!`>{v`f6 z=d2eZ#yPZi);V`JK>a0LZ9*A=`|Y)9H!44y7P%SeH>d6#%y46e#%nEtvoyFD)7zYx z9_7W6iMll1B_&F%U$Mr7*v0I97&?``DdJ`*8RKjoN!;)J^DFz(@os2V>r)5_ihdU5 z+KDk!Erp+d0+%;+e%p!RsTLxub*Y<33cQq5S65$;ePh)*PG8|?clf=8dbC9ARwGlB zpGTF5-(B2PeW3(wJNx%3DX% zbA}ZIAD|zyIhixt3rA*4MknJ7ipA)WcP^_h`uwQoLFI?Q!VldxC+&6Oi*)mdsf{_D zgsOx4uH3PrPMNXdfpo|>suHz+QusITBOmV&nz!|yr1$I;?E4Z*Yxik}bQa$KvuV7{ zK_;SJPJtZq3xh?beFF>HNoA-E(Q%@?&KSS@EtPi$EeT)?$I=3S;*6T)>>oOs+Zj!# z<>}DdTQE)H^5hjoUN&!!6a>wXfTk8!>P} z(**^ov>W`N5Jx>B1jpV4^pmL6)JS4NZ|$$kw)Rn|SGt*DaJwPx`hI%~8LY~D_`Vgh z+e8F1bKw%JN{VtBGC-g{W^OM-rAS;+?mX5~y+JtBTY#RW(1D1xI57AeDAHIe{ASws z)!!poIDB5FhnYv7sXl}+cO?0|Gh9CH%s}`xkH>8tuV2FQD(<~cgpv8uAjZht&_ zx-)vP&5DZY7#euU9H;$KpGRQYQTL(MXJRw2P5skE&A-S5d(6J}gbdK2Txy$7Kmbfk7Z%f*>G$3zF*HCHn& z?mlQU>A80EiO-X}0l&LVN0U=82ibI55}r!cXM`gYr%OU$iP@Xv9t(S;Axu6LS`Tgn z-lM=i-krqfc=d+1I%RZa6okMs(@p-Y)YzZs{vL6xpYn|)$nMXJDqZqu^euFqb0i8b zKg7+S;(Tty>>;XxdDO4h#F$$p;yCTHqeQ1NKTX|fiM@Zb9V4nc6*rvRdFvbZokr1= z$a*mK&lRbss3P6?R&3&~zh+D(ZEXimsbWtZmBR9S?;O zL{oo}f{BQ{N*YAh#n&I^1@DzE)<@XnWOD}Q`X2rK&mPjqTog=>VPWp{T2)dH72Q=z z`2xhzX>VYxC0|p&>2hn3aj&Nb+AlK%qbH)k>*0wQpKP4Da7RIvd2*tjSlwjW%TYEe z-N{O zdmh$jqG>{@?_C_CHcS*isV(Z^mv#Kb9cJJ|^)$T4iag6c5<0JF$U)YAXYLnK_U;wi zz6-UOqD{oE}NG(^SYkR-i!Xzh%+otN(??~7l5O+PK=Cpl4A_*Q&^{(La5 zrs;in`;7UGKehU@Vnm5~!f@60ry5SgW zR6}iVwj13tFly{NtckOt`*JxaHb#+?*q=erV;9Y~6P{*43zEn}pX9ap3km@rYkGPSLI6trM=i+KcG0 z(8QEJYV~@>lXdiBl9v8nY2yO+`P9d#9ItKrK)3W`6BaRdh(Qroippf^+vfC^WaJl# zF%O8`%;Faa1t)%rfuYggo??bKB=80mrb-KgtM!G~3KVjv(|o6|)K@KiN%oKIX)%YNFF@LZ^mzS;^z4m5xNgGEHzI2 zi~zRUs==z^qz2=e%S9dUzP$sN#eo%W_HOn*{qF8LF1;j~V42g>+(xmi6h)ltC6^%) ztjqh~rdNxDsvekLqP$c>8V&}A>molP&j-0A*S{Hz8ZkWmIJxfTrJF|lU|<uPM()`z%%t_8ioM%C# z?DMS4FDReURsD5k+GX^5|NEgv)wf)V;p=kAaz~tX?%sZ5Q$=|dM&G0JOjoir-aTpt z-*dX89!SCOa)TY{JXYg18&7$_l9u=Eru`&zK55@`KQ^HbL9cEeMI%u=U#`b33w=g+ z9r!n61BIb5{Sf4lqnDRfo$}*n(4;!-3X!4dYKC`%5rV81LErn3zQEYUr_Z`X4=6ca zCEztwcN3t3X1OwR7N-u=$Z(k5FM`Lk?5!4-82|fJ=G7pb9%>e;%V>8K2`O*K z1!2C<5Lj~Sfq7eA*efxSz4K8+-RElshEdsqwYp;;8~YI za>eB5cdPefQRgy=54nzPtZqvoXk8QMH!xn!v?H=RPLtp7S7HJsP#fs9f~OAt93@kd z2;#4WwdWm=i~?+(@yjJY$BvAb>%UpYYW&yd&;{wlV0h)#_cGJ(^Qk9g#weqhfg{w$ zLoLHc^Q8BCIQ8UY?*|`6*HJGC2Me?#ap18e7fEsHMkwcOdn&P%HccBxbJx|2T(7AZ zs}PmD!)(%i+S&nFm;w8b0zNl|_DQ-J2rd-zPEr_r8%Hl8Kx*ML5U_%(fF&ze zACIbw81y-4e~ z&yX_dwhg|QUbevdP)5b7_AMJye(`JNXh~UF%$jmhS?J115vP}tDdk6xsnU-|wN)u( zRswd-KBx6|e#SfHqiIF3_t{v<3T)Yk@cN{ESlTSVJActc1kH8xiObVn_L=B)ynxD` zTEfWwqU6j09)m`CAR^VKO3b`$$_T2jd**AHbAX3$6bFvOBX#OvnEv#*E|*8LdakD8 zf=w+q*ACNzveo{$BoHFyTWD=@M3|V$(DuYHGaWTtmF&udX=h5!k7(j-0#{Ff4QjTU zX%|a!`%dmx^K$g2%v2z)Y#cC9BI?Ym z(R4R$w8XxW{tt-@$k%2e(l%_F-W5ta9whVf&(YI<(P_z*XSN=pJh_nlJs>B4bx1oY z(mFe|(^OMGBTAwzI|Mc!S}K8temMN{=U1rp*1|-V+v9K6IlK!q+t0tc*D2A;#f9t7 z#>j0>t{n_MpmGZE6d+i*H#HtjK2k-5iQ3}kGOjvNHlT@~h_ ziFBhsD>OWzCmz}T-Tx*|rPnX+X+CcKnUhlVeR+d12M3!w!R#X172?RC44j2JxwaAg zkO~Vnb(U|gZ&aOgS8XrmnRSjC^5wOeYmQw@y$`OI$2XRedaM^+z z7jUj`+$WWHa4{MCDQm#w*#s}#uD->&Sb6K_z-UnFSp7G6Eghz-@UahD;70q(4#|gk zcbXJ3-QCW9$gYzdqx@#-{x>&qKg%75HR*;b#m*?GeJ zqt>5=qgQn&ed}Gu=yKLPSn+y>28-t@dH-|rTcfR&%%{Biwqk2;z~@UF&G$vv)|(ra zYum;BorsjkF5hZZus{0sajo`p{>k}e%gvqrHtsVKYTA+s?D7JuG!BLf^RDG`1X*t~ zD_v%P``hC8KfbQn_2Ayshw)3l?^+$*vIbaJC~`Px3juq`Z!`C{DJ(zra+-W}75|je z)!UzUNA8OA-|pkP#5=@l*RJ>%+WWWdH;+FS^h!3iEF>ETRsROF>862vGn$~E6I_#k89+;R^SRzA_ zeB;TnX%(p7-Vg?<3ZJi8X2KM}kYNfos@48lq-^)&h9oiI@hM=pJnSzGJO0RG!3Dx9ZN*?4%piLd zWN>M0xyl6^)nT|c`?!3QkH3HWHqfZfwf2|5yT|04?(C^FHUUocF>J5{GCv!(E77tYKhMA4ueZ0h&W_~)D!LGJ`SRt> zn>XLD|Npmnd8105562{rTYG`qbj$D8et*0D{ymU|8EyId|9;#3ejjl8_C06e2}k;Q z9EE^(Ie!9;E;T%>`k*yqmb^S@z=vTAct{4J~&(jl}2rGtQofb=H41W ze8OJYz=@9TOatxTp%%LwbKuMK&WcZ+b?ja`yS;FYB!nY^PgfD~2OD$dmR(hi3g6?%-SB_j!`f_XUq_z*vJ^LbpR}cuuE+$q%2uvX!Ez<8=aW^?~YnZ)GG(DOyhV{yiBu>9DM(29Qd#`7i$u~@xa8X-MnQpRI3->sx4!##dFcMDQ*%KHYJD?`_HiQ+D1O48TJluJzPAaY5KOAc_ zUQRAqSm<0xZ{tVu{i7iVWWSAx4Vf%y_HtwH^hMJOgfW?HjJy9?dW&2TCx6TFBv^Z> z?qSmy^kAOlMd^Voap12Tk>XE+YIkN+WpK5mSZK|ei!lRI9J#Lac zJxCZxSBIdaY%Q*>srFHD#W1{pdn`6NKEvbmmmoT-EOpIg?yYgH1Cc z;NGNi+i}zzY1kJ8wiS)NFh|x$;gS%UC%|uNCHscmej%D#?Dli=HCWw;sao+k#9&7Z zh_Kt;BI)5F!GR{gWp2p8TzahA_8$aZLzCBCrFBd+T4YoOaU-~|FE6EROxNQgymiY+ z_}xo(_` z>E7v3yBDlir#+6X9GG6;qY4g{*Ag=oo~N>nm6Net;c?r`sM3Y9#>dHJ zJu)QG@yWI3TO8*y%E?_{iIK^{A}FseCy{`dj^+c6_IV$|0r^sF?RMqVzHy^B;fJ9H ztU+AoKBmc@ylXp7`La_$cr_8SpY&AtoX}!GIo7=^>2A)TEdt~U`!+0tUq#!D?}qWB z`%+GcI2zibtdt5zC6&(qsfgBk+Z$YSw%oSz-P@dHAMx*RaUwTvef-6d(!cC|X)`-k zxnkar{T{~w)8@3sSd}Ru344q`x%DIqdH>{}daM$@Q7K@AyheS#F#&myg7Gh7zoh#cClB4wIi|2e3DG7Zsr4D|LaPNG?h_xql{`W@9EDOi@ z!^VSFq%-D|IOFOWuRPvI&#ZU;kS|+>Ewt<>ggM%_#fIh-0*Y@JZsgoKU?T9WXRAEY z)`U=#+_650uJzQXa_=_7qfSGo?wt>f(-61)bLGA)VientNM2^6ZHr0~Be2PPVrzvP zg&bK|#|@`)udIxth?7_tw+=MTeCMpO=d^JVptj`J)vj(VxtBX!yz^AL zmUKe|Y{N1FCR!p|^|yJYE@J$dlrC*7?e9fSmJ(Sw2pQNlnY%KG^>t+s#EZBzSrPGs z9M{QJZVT)v=)Q~4J;l{6RJk76|IM>bzA=jE@Z4F)70Uc*6|ncPqL+)wy|SbqXr`K% zD#kTWshu4WR5?4JjaCq_!**Se1VbUMcz6x3xNjnbDPwo#xzogNGw?zEPD7~LckrKP zY)%1+dGOnk$^ASFsmzIu_yYH2IM9fvZhkE7aSI&S#igYjf)n9rPnOoynFC`d_xvn` z4~kc4fZtVA92r!4ef>m?km_ulNI5T52kjQP3ECHd{XN0*;l|!sm3p z7{m?n%^#s@>WdSk!L_+I(7b3hRUsLwt2!c*p!Uy>+AE z3^2G0C*>N@yHhHAo)a%I-WJ~u(RNKOY9t9jI-=2K=CQak0l`y zH?W9E?V`UBA(q#TFcvl0M|@0858X(?)QKlU9(WytH7SZp-T z$ev5nIT_>%G%2_YOsm`7N=z-Y!Qspq(w-BS=E-dVU^b;^;Q{9$HZQw%8eZSH67FO_ z(vrgbRy)-M(7aFndqVFwOoag2>N-pIiM|aolthM4hsl6rm3p%=s7VG!_%H1NxsxurK^7j*#U&oGFI_w49G|)AA2Y)601&k;JS% zj2L~O_rCZ!zGK9TbaZkCL9z{il!X>@F~ZSjTExXxXL^F=_+jETIkm5}PF^$u3r`Z2uoJ*fJOsN`5lefOu3hO`}a%*_dp?4X; z#d`mlm#3Qbp;G4qw=2RLEyIUq2R}Wj+eqIAI7d~f{ug2yr^6`P+;B|gVLvbAU+-y1 z4>oZPU}^IQ*A?q`nd9v4%E%7&7H2%@)-1`-B{@5HGDCt`tK+wc1tC{X7kca55mH>> z8C0_TXn5`A;vWeS*)}sF26EqACHlsSbwpWC4!4RlcM0Q@$8GUt@mC%RL&N}C+O7Xr zf_}#V$uSft(6seLA!E(Oww~B3T3C#LkxzpKZ=I3lmys4n<}|Jzz54n^>K$`~=&s3z z(ke<(fXa_^kVb^Uvb?E_hTq8 zmT8(D%EF&1>^c}06n5pLqzcS!3q$$D1=}rt>Z;LmQSwZX$_{k4#|nzE@)Wr@VAGa= zr?X{W{C`l4dezu%*nK&#)eq9rJsYO;ugbV3em+TjUe7rAP1Mc)jqk}nCSJcYvdAHS zB3#Rj>$CMsoUH3^D65jOT?tb~$r}9k#8<~3KDm$e;`E84V=?p~3) z5{CzW3M+f)<)XDvCGZ)S3gIXED=jvByQ@WOn}${SxrfCxx{gy4Ja^+z6Xk2*lsFNP zuVobb!c7jy<^4@Oir9J&6N%vXL&&V`S0Wc_&u)tOtz-H>cKL&F;rtEb$z}6w^83>V zBZaRetcYm*{3EHZD7oRB_sj<~*Wum0!ilo{WA@4MBFQ|uNj$)*x`KwSe$UsB>6-oM zsN2k>Awwy%HIdwiA%3VR6HHP+7lB*eiq>b6+FgivqaR3!M8I&QL0NagbjwRqakVn) zQn{@OX?#~d0t7E~TQnMQxh852-Q3u%0dqiC$0bT57v#5zEa+PD&&N~KZ}wN|$1A9| zUl>|OTa;^M=1&kUukPq~H;iXTh)8HeCfaU1+qz(pbX8VyiDrmeWA}t^j$r(&EgDEa z19jHYX7|_qg@mu?TJt@77}KdV_t363iFMX>TzMViA0ize$gc6zzR31S01F(suxLG2 zlJW$ubm7Q23g1Z*zjz3Q+G`@;olC)k{5t>v zb(wpp(9?KnmKE~FCfw6@Jq*o&@vq^ib?7{=d!MX)#$sYJHou&O(&W`vHw1?k z?PydS<41~>(D>8^qXFeoNb>s@*zO%NtlyG1PD{xf?Xj;Aull02TQjI^_h9-8!1Ov$n6qVDBQrBIXV`iFs&0JHi+6Y;9SPN4rsUli z&ezswIi4VpD7065Lu6s&fyGrvCmu_LhDHv{S3O<-dumV&D}G~aQOFZTb@6U!00OH0 zl9a`dn1*2rb?b8fwU+a~!IIY+_iK{Hqq1JPAzE|?S|7nDJl5CaEM1oZI0(yl_)YK$ zjqp**q8pxq^KWdLZ_7lJQqUrzmVfvUM>I)vgHT3gYU|;IMN9=ET$;Hr>F}d<=wOH2 z+JfG-@JigHOYmtU&ZUMKjZx83zGb5?iS*Ldsr`cE=hXyF#IoFMNp;LGRi;*FP|atk zm>w8sd4s63$DW;<$!K{OWef5KSsN8!(^BnfoK$8O?5#0;0t>O9DE#P{%sgOK=Qf*1 zcqQ?(93chk^SY!iL%A4r`{nYL((5I)Om-<^sgk}{gX=={1By)i3thDdqw_J^5{UOJ z`|u4TatBnbQgT#$c21gKX^Ma4)G-4y+Ho!S0yyXIp8#u*T=$gnxOH%F&D?Mm{&ofe ziDbOSQ`5kB2e(vIYc-`=`T9Gy{a3U#uLRpbzmPm8K5MFy5QGx|F_L*%n&K|T=aV777!FH*AXXcd$u{?q~+~4Gg964Eb=eQ=?hXw zxF@Et+|F)%cdfkQ(wA}k;Q6mgbrs&@+-SmP$#6JGc50kbv4rYYFN~B@#Nq4kVJMkY z@M`SJ+1_$Pd7VKDQbm@pl8AymT@*rgR`%gXF%q`cq9jaG4Ci^|(Rf~bFemd+Y zKGd`f0VfvPUB|Ct>#m+Dow-YN&X)TqNokpu^UhbFj7(?h*bPa7lNLoOMaJR1Ew`%V zK1%r#FT~4dcBl5Zf5^_EEhe#p=#3tyw7NCUqlQRZZSR=Uz4wQQFfONxJ%3^q78Rb4 zGr_X-Q}0a~U#;=5nI^%#f0;-5)zIMfK~WVS|&tN!?|X zl2fP7%L+SYRM?@{J5f_qUWXgo>~S7}W54peNpzEX*qu381h>Ga znhg)U#c2_$`KnPcmk2CX|mJ zUibZE`=(6LBp383;Dj5!8~plOUH<&X9^}u6(NRj6cd$&l-W&9TY3`L%{suE(AZJK- z;o&~(Lug5yxJDP7MpV(8L=HmKwy1}4cYL?;97A6B)&yr-UH2}jXgvF&VJTt+k7H$*lTAA>c7Cx>K3tYxgh`pi{ z!3Y&&N}rZ+waTmgLW=sZ=A2(Xv~gCEp0tNpQ~0v_E;N35RXbVyiYn z+w?_g)GasFI)Z2m9uNNx`1qO(e|N{NrPT7yDBT%;HL-Zv)N_$#eWQztXcL8t8ix z!!ya39h2{&l1%Ehnt{X5o0Kqr;$jGPQ!7?z@u*6`CHR<3ru?a-qitHQkPpL5Inxyu z-L)>@Xp1*!-JHle$(X*x{oq#>93^0;O|*GnfzX94W!YcAa<)eNEu5iwFK*XUry75G zyiW7@@)n7p4pt!Y67Y8TOmc{xCii&_Mf>t9SHT==q{hb#Ugx1~GgZbklme0io#E?XqVnPo{zd3V!f zJXmx1#D$qS7XFq8TBko>Q6D8lXskxLnUi-=+_SGg`T-Lok&Fw!nV=KSU{`ma3N zEu~Eb#36qeUo?}1I8P`#0^UfUuK2sU&r_ap9&D^u*HS`S4UAuRpKLQePq?H^5SVt@ zttL%}H?HSQZcH5cRe4FagI{@4cj3hy?T92ni#Phd>$qQ(Yvz)ZiV{p8f$a(98rm*D z=W=UXtac^2<~n<}pv%HwJarGA=)hiZ%1uAV?}6}jDsQj&6GmNd&oWi3$+PaS{N#J@ zPSvO1>wvfH$M-AszaO-0T{!gh1fZbGkp~L;;qqS`TDiaFMC`?2Rzc!UwvM251*#C|UL=6D5`RPy;3QtH|` z)2sG4yriIGB2{~Ien?+UjQJ*cU`SYUemD_UpN$lK*k}2Qgr~G&MM|}YSWjwAfb0QP zomKv;<0W)>|jM zx)*GspN)Fya=^O3(g< z6|o)}Gw+@8h&4j6NAwpdPI$(YzZK+An(K_U2`SzKos+l@)3u7x`S6TU;%|bplwcwx zuMdO?dFMP??SR{bTdb(N9^y!{ zp9tDt;~p;`xBKE!cSBcY$&ct?HNDv87QZW_gD-q+cj4knY^<;ix^B|lJx~Jl&O1{+ zW(p$?4*>Ro>p46i%6q8Wvu`C}TeF+P;p9EZ2-uo+90F;Nw7urAk%awn$5Od2DZ3XL zw98Ai?JpwsTP29~YpF%pnxpgYO=w*Rx>K;z}tt+5P2kN`4FD8~An) zh}0H5E(+T{(sHkHe-FChEPZ!CStemFFZO~+ zltI1D3u&bH^mn%|J=tBMg;3Egt%8~T%{Hno*_-4ZG7cgW@pu^_EBGeDb%ws>R-!ul zqEa2vyQM?9H1TjxIAeE%=@$-3!}bZ*9{J>KNtcYkx#JefScqUe7OtzUfH^`QCyzOrmM5#}? zTW~K$Pr_)9#Xskg3VIxPkgfjS`>GCH>*1{n#x_*Q3hP!V*UuiLvQ&(j?=Kdh()7>i zpl%|&Wqqj8NDE4sx84Z$LN@4VRf6=EudIfY#{(Jf=@zuRc>=C2`|=T#GH|fb(nY@y z@6*}2&O-}g%#hi78H)2>Dq(M;hYdv99p1^1-RGc`T>X1`=^yR?b1La}eP~zb|NR-X z|9e<`dagcHLx#|}&v=MiJxr_+&^kbkl5(Hmcw+?rOs>;ua{c>@ivMa}`rkIArW0Tp zVCw)+YpWjvVW$26yF%*!F+BUR_;hS-ISR8~ls(|qr;PbxOwQNGO}c!&XE4W}PoUt` z?j%Y4`ecnKzG&~zL2AChKc`T^|N8PxE!(*2d`^Hy2@-h|mL4QX6JBbiLellT!ZIWH zedwV-rg@jAYCVZc2h=qcs>kjQ>Qeyr<+rIdZrEni5_%?%pcDq7OSG<HG4x}RI~PRhu{bDr zYo1IW<3iGf_)wT=f6tVM9=dRdd{AUi38eKV%F@371hA)hbQ?~4=ettRn98t7rM+uP z(5U^S(n>+8&J185u2d?GYq=$$Dx@e!r3c=9`mO>4aK0kLZ$6*UGp15)Ka1&Ce3mhpol%UzxiJq{dBkB9C}%($eL=vHAmzO}+3Bv4PierIkln7TV{gy~D%G z$FbIv);+yW{%3(&`AD?bySx)F&%$WwWQ|H7pL~f&vOzD$b^`lBGJYp9cHd3X z)jcOaS6#!=h5JWsc9AblG|&4vks}-09Z%#3<6SMphYdlcH(cGeBh(*1KIJ9~WV|d$ z{LwZyldKTm9+a(-Got$YnKQ_ff~V<^vkYi&3Y;r>nqvjmN7Y@=%q-I=d{kJLSzFup zcm;&wYt9<#ku4}Z-4T7VVN&BsaQU*Q#gWa-#c6`&%FX=sQCz6D^CO#VPm|7e>y(gF z`O$77tzmCeCr)Kp79p6hZ$yN?4Ttn0OP%@$Z-}kf+ZUs+nyq3K;aC3Ru+@ThB@(j2@vm>ZB&?=TWTT$o4 zgBc&HncM)Y`s2>CkT22^vDJ!T`$?lO97!)6kGL2slK6#QAO+3K_WNaZd6_n*L}KS#H{|uDkieLIktD5zI6X$pFtgO*@6k>ILzf3GctjV3|GFAi*Cqp)QSyE_Gud1 zCQ~`D^JK~HQ3AC$1b1}J(-!n1ea~Dpf2Gy${V4DcBHIb^cF{5IE@E$fJG?@_DCxb_ z8KE9jJ61C|WrW$ytbLwe)$fZZe#W4U=z^|3LXg0;&9{7;u|9 zl^*kndZ;LTBgZKJ|4q21Y$t;+D?6xsB-bmxA&b( z)JNV=vtJJpjxtv4yBZc25nDfHV3VzwGDme%%4x!}Iqt`DIk^VfKaJz2pS#Sy$|AMc z@=Po_@^dgz#n`wc?PSX~)9QA?AOf~4RjgB6H@Nd%eOUgEQDK&h#a&pY(qj$3+pvF3 ztE(tk+cc-)HR!Ou^}27=u2hyxvCutNzSYMZ=9(8hg#WH44nT{EoFZbhY$t{T^Ih@V}hr z@Wa6%Od>jM{yy`|#_Spk`C$F8d9h#DZG|mmdM5QA1+8A++9`Hq6v)eKY~RNVm)Qcm z(j^?iGzG-wTw}iB`b6~GLv@I%7vq~yrJkL#d)Jb;pO$14+lZQ*1eqU89tD7z38&mfS_QJq-Np@^J%Qjt1F*-@t7{;1h>;Nioz+%#4-jr>^nF8;=S$Z63U{OKGj-iN-`2K)@# zbK%&(>a6^)y`l8p#rF0P!ol!-99p))@f}{RAiyQO2?itPENN~I-G}g;a)mAnnc0Yq z!^+igs?4wn?Q6MnOV+m($}D79{5B5T_YRu`r5vC>zK<1d#xtsY13WTXGrD(xGk5Uv zKY|YbjlObuGIcxU58$~s1&r$>2%s%iHV2NJ0-nn+DxDU(vr}MJun1sw&qJ>wM?9Xe zZmic}laKj?$x(;SQ!71ombbP_3A(^y`V{&BogaNVG&3`keTZ{o+pZ8!9)@3}Ca0vp zH-5b(*wPva`qCQtv811Z;wRlK={QG#cKRmXJ7J5Aej*+Ub@&hGrPR z3as`!%Y!R)XP*-*hJvtJCfe}>eLCKI+2`^ zkZ|nmA3%qEL>;kR0Ffx>VCv|o{XQ`zg@sC!z0WV^>kDHkMm%ExTc+Cej9MkK&<#0f zI*2ywb$f=sXsZA#-Tr#l?@yG>%w*TxikKbBT{3puuQD!}Y_ zFS@hr`$K@jjqE9uDMH_RX&(P_l_(o)On1N04v1WQ!Zc`+#6gd3IA`i!At1P7{<9EH z(5FMMe^TH2OjiI=%J(d}-+k{>=?{k-jFxa1b8PEA>xbiH5Cb2~8dxNolmBi)O>0z; z*Y@j$(JB;dZXYh=u|>scpoqQ=89&$?%Yy|kjPsZ4*?b)(?%RGM3qnUu(&s%TJ@xv{ z@C63&hls-+J^+?SpinweTxk5bUI7K1R|l$tCEZRaePLg%^2W9@!4=!t0_TQ$r5 zy&N<)l-^o=@1wU1<3W1mjFsjw)!N8}hu7`=_!wt{k4GA;6x4+%54t*t++CwV%yku<)rqX{KXji}|)oLA$$l>yT_G?yrW9=5OEYr(BY< z@jnvXAro_n7Nz_a@uwTeAY+bYtGscov~}*>k=~yYQ1_BQLbd2J4O8}a^LCI5}XZ?*C^Oy|bhTKm;p z1|_>P1g^D2Uz{4ff(h{8Y-ZLqEzyM9sk&9&egBRG&uY1|YzlkrfG+8k6}uR=G8zs2!tErw`o`pJmzNL|jEaZJ5p_RjU79 z7Dmjm!x`5w{vI~|x}!e_WyNc9jG*0TcuNCW+S?14(u&A88gi^a5pg9e*}o{%VMHQ+ z0NQq+1y_Msar`#t);5z^mP~EHtY9bf(QR--lTt4ee8Q|bG#$US-DC+zm2x3$_O>9- zFHCxlk!G^-Sec|(yAcqS!}64`2I@n;=bk-bU=){iBgSy&*N*5Q>ML-$06V*N=K82f z$uE^{crw!4-C(_WVKZ6><-UOU2m(Q1vIc$Bu3STw^_CqhicLlMKZ^kOJM4 zg_u06B^x?91X{LY<>EG`e_L`C zo!k0;1DFMd|Iy8YCeHt)M^R=wddwKB{VpkD7fhPLY9|xv3Y^f^vt7tV@B_r%InVRS96tBXL}p)% z7=b_;ZjNosLg1V*0co#|N7$Uby>;r|^Euq$+}ry?I1q(6zY@hlB{l`iF1lmkU9v{T zbvX3ko-n3KQnq%7u)ws=wD0juco0f#jw($G_C^^K_A%KA)O97w;xGu}QAu3tVrq0C z^)ssGZ$`k<*$BS%Gs!h3t@-CZzaR{O&!J*qnEmZT;R@+o=$>&SNk!NmJh z4-PDqebZQsyi{itOsUgy{+QebR7D(5v+@q${bs()6XOX~xB zc=XdvWT#mm3_?ozg_fMQ@EJKmuAs> z*^uEnPg{gQZ%kv0H%Q7}@Dh#C z*Qk4Z3Nzdr!90!yL0Z`;p%rkUv=-igDx8VLn5+~r8|!Uae?=F!;){z)Fe#Ww1Q8oM zm)b?N1NP5+>Nz4QU1zjs8^2%g-QMSV@d_kS#psP06AYthJYAjK`4@exk7i+bukFW@ zA6spGGrzRT)0s$Iowc9MeYTLV39uiPG_BLL9!?2vYYXnBgim7HRY>ijRa4D0h-Giv zXwzt0FJ*V^gYGEo2Epp1i}uHj>5WB`T4pCm4z>Z2JZ#cY6BjaOke&_ON1)UIz?+y9 zo>(|H;tM{n>$ubq`T##%_9z#`WRd_JQShC7f)1XevGeq~2hAG~)_;*LcNFP&Q^!Or zY{Z&#L?D!%_T@4>T9>-#xSVvtT{%OP`ecyMCaIzw;KeimV)ukE&U7l>P=jG)ES758 z4Q1;pov9sQeHjC`ggWz4rSG+SpfjCG#O;njFb8EFUqKySnLnQB{1=HF?9fNh61Ei3 z%BvBrtB4zUzmH(WDVC4OQZ5c@7IDptZ=WOR7;lqJv8obA2vqli3*- ze5xncsd3mdXXS@HfO{&W2Wke9Jjv`BR;kzi3ubqbi?t3*s@|e+s~5ks(u+}(1d*-y zHw%{Vb>q@Fja26i)LRHOUQn6ZO>`}6qZq;fKKsWZ{v)%sS6{!m%pV1uCG!h+m#@l8Qwh8kb2Z`6Zf`$ z*iGky9(Ra(FJ5&YZ^iV=dM(WK%z(%pcA#rTUo~T&cTPcyK`@Ny1=rNO^DHSEwNVrG zv%h34SgTbW#dgPoqZ>0G_NQ#3;wi%D?&80kPuyoMd|>m6GvCt*>_?B`shxI>-vUt{ z3uanu9((#*rXMt37?HO##+MJpVD;X^Zf{Vq+fKI}PlL^SDNUUN1ELYNJ4wCh+MUhV z6qXB+S<-P$&sICQ(;2XNX)*B^p!C$akgSV`o%)i-F*7^lF zo_{E%0LO>3Z+5bVVOu_iiGIF$U3}_=yI>EnOB?I(vQ^pWsOtT;6Sa!`*0#b3$gum@3 z3A8u~-ZfCAQhQhUnH-dbMs~dBXSq0iN5EwzkOUVvBgYUdm7SnCKbvkNU+rzgbl_S2 zEnsPWMx;4$@pFUc!!Zb$6KNtW;Rj;2i6fJg<*l=B_d~wq49%LzIs*5U?B0DgG9PK# z`F;>AsR8aHA@!89Ss0m`0`Bx&t__n3lD#K_H+Mr1bq6Uhv|1Ck34338nDCFCl2SKVKOihrhgA)gB0=*@PQ%DVI1 zcVx>8WLunu{~duG-Yt3Z9~xIsL-P>0)d>@nBSjV@%{q&iX!8 z??@j|Iy&^v%>AE7h?^~}sG#686Wu%C-?4Mb-;+9~D`~(AySuv!%Bs?-`2UxG#sar$ zjNpfkp7|}EyWU;?Ipv)T@6JMOq(2>EU0MM*_8j){`H3oQY9!0TVXm&O zFxb>%AWI@w{I|4FNfV&%BTs)X+8mG-1}MCpoxacqwm0TcK>%gBLG~C30a@0;%@h$u{=Vs?nHJx^MXfzKUY+O3J zf5&ZJpAIFE_qWPQD1O~|lZkGmv=MQCvqN*gVc!wR^6&}NGjcBNu8sG;dP2pVp*xE@ z-voY$6F3jlL%o3LNPa)=7VPLYdWDWojcO{4;sZq24kY?+!>A;*)95ieXpqVK>ER55 zB9J50O~4l~WCaoG}d-|z2x{G~lW>pKfg8hn!VjNdtdOs5Hr$<$Tg557P!>P5S* z>{ANdRXzm-4I7HIHEItB2KqO39NEJ(?NG%8_FG(V=jcLcL(+Y^0%SOC_BN({OIRYV zNDhgXG*ABQV!!Ow;suFX5`|MHN){kQJX5D7-Q{zC&ONk@&F*UfkXFIvDhyd%_dmJa zJeTodqy7T1C0tr|uRHK%;zoBWyME%9tfeRqu~Ef@9XET_!|=Q|Pxg(MP=|%29}5bG z(g=-&b9DE(Xz`JzYr-=>2Pd32F%3eb| z0}&<5>3OHzbC3&mGp5{vX?NExF_@-MJ9fAtWc)c=a{2`LlB}5IzIH?v@oFEQIF3>^ z%1DcWzu8!0n&N;hxr_TECAh>#zs?Gn386%pwUO}sW21eNyXor58(g?&%$TMnJOn?U zB`KQS0twDJ(UQEfc?&=Bi_oMxv#iZjCead)Knd-qKfCev)Db=r^gb7Q_5n@h=qxG- z^`UVYgE515OU-4nLjEj+q+s7?#4%?vZO1~YZJ40t7@4cVjfH`4<1dw~b&?bG+6r3y^vyin263f?N zs2y?YkzPpjSY??Zo$(1?u6KXxb_~hPT)u?`#kAZKhVsgJlY%`Xm4v9J;6}s1^90Z+wWEL)h2XIKvR=!y{a9?#Wy5*nGZF_ zhs$NnTs8^0l?*TME?rKRM)4`eCPub-Jk^12_9iiMm*x$-R0|=0x~Z^}nh*=-%k~Qu zDD7S!_j`(5e9*aVH4$A|bYIylj!H}p7bps&K7ei4-cgV(5Lyd;=+zJ^Y`vpSCfg0@ zUiZj@L?k&)xMNM`c$RnK=fZdPJ4OZu6Brpm?Yzd7!v(U}^^QLG9w8{cX!8dED}aT1 zgY##}-xR1NDO7O)u~Aqea=FMyw-m$Iq(391WPMX$Q{j|>kzra)YL>-SxX%@2uHN3pBHbfHZ+93&?js?II0AFq2eJaru^Ri;{MdrA5~vs zP3EW=JIFa5ZO~BMFA!v}NCfvJN(Q=UP}{)|z+N~LwL1g%f1BNLKaBr{8mWQEO6-f_ zx2@t%!wOzNU7lsS**u%C1-KO$YK<4<-7JxJl`dRYe$D>$3G;gaX_sAR@7Mm;n@w*Y zcI2&8aZw9-c$fFSl@?yh_P$M3S1ymUcwH8p+-5arJF|>Fm^Jnx6L@v2*3x`dq~@Up z|58^_EQM^f&JoM0w{uADU?PQW3Ti&hpofM zgC4QnJ$CG6TO;@NPm-X#gga6L@0U1+_%8|~Z&!p>CL>GsFoDayZsJX~^Ee{q)9{pf zO(xyDpxkJsEzH^JjTwG5SZgQB8JE=ZTIB5`KjRK~W!hX+IqHzEx>ZO9qWSaWe z1N%8el!JWyV0+zv)t48kjQVEck=h)0{HtwZd@_Y$PjLO|nA^@u4g*GU>%_T_{4)r( z?Od&HdRLyQym)@Tvnl5zh^y{P(P<{TwS2LzmPbN7dX>ilT_7nEX%NcQarezwW^8Cx zX@N-p6Wn+85~0XClQXqjeT>pQ*Im&yiPLAmk9V)SE*^8>n{YbJaO<~t4LOldjgus{ z+^S#d;rYxf9k^8;*6>`+J1_Nwj3?zHp}Pus6Dl|xfwtEmsSe3Em)nreUtS(+}rHVh87VjapNbVz62d{Fntzr^sMu5i&ZWMO#|^80APrHLsUp3 zp;0;ZW>Xo=C^P?_$>KQp(xZX#Er;m!7GsGyy?9IGN4H47V0>Ay_AH1Lu5T2$FvxMJ z%yzV%5$E;(F5fjI1D&^suYl|!pY#Ke)xkNjxx3LF5Oa&1)zeE^zqFI}v)nw99g#4`%u&w6$AkgOtltnSUEh8SiF0MsyF&Gw?&zO&_!qUFGtH;KrM0h)(ha@;twr;U;Q1-9 z>fATku>PQ&Ubg`em(#|s5X-X>$t%{jBUf*Dcm_CpMH_^!3=YyRh;7%W*{kW`mliK- zjZ1cT-;vkX2{V8L$gVV(=MNW-R|T+$7hLO*@sre$G*qs8qo|5<-rX=&Q{p6T8dpuY zJ&zqL4!L5Cy2Cx(0ZiqMQKHle>EwAjzDs{U$oL(7d>Nz%}@H zfHm;}|857|Uq6je{P9=!Ewn3OBmFtBe!mXf-vjpx@U;KY!v_En($xW7=;THLQpW+G zYw!1ZC;{-m|JNO-5l+A$xKNr?`xu};1Ngi15zcfzzI!{bU|KX!5J-zY2Y%8bdmj5A zzE=Ecyj)Z=*4!1?#Z@fnf}N74Ik$4>P=9nGlmU-*>nf6=oK`%t26Fa4rgAl8$)89{ zbaH1=r>f=w%14i46n%`nUf7A5i|2U2k!obKIY;zcHgWL*m`XQ$itLrwwj;SL4F1*t zC{Ag{@f|12Yu4Z{0Hn8;ce|fSA#j&eDqohx( zI*b;Ko$sI}>&6ydxd8yhG3K~XB@MTwxfRbAZ@2c*pjVl{OJ&ZN0sjZ6WQT8Xeb+M$ z4Q&@lA$&M|efHitSx%^kJ6k;mowU0Q;_e#e>S`Ms29Bj)`;xtv_I`Z0C?h;S@(H*b38Zdw8<;La zo~997FD{g^@k?gDbXvPc8-VU!eW(v^i14zLQfI@$BgTB9Ea=gV_j@B(J*&OEvUEq; z-AOUX(gsCA_g9@4r2!n?y{aIqYZKzHd0qkKvt8wA6+fmF7r~Tjof}6^43?)Z5ZA)gx(otRlgbK1WhZLi04=yL)?9zx7+E~ zbU?5CEWo~MA&z_l9?c@mB)&|(T)X2Qz|!1aHvCM%EWG6f^o>{>aEmyxfl-h{+D+l6 zuD5gZ`-8qV4!~rxm%WDNdHb%PE2_Fg+zq|s@5jR9orA5tN-YF_ccU1$iYcx&Up^u^ zqwleM4dfKbkKB-Y)bOa8d;WCs0hP0mqZ8B5zk0-2P#YT?7Y#u-3B2cmc_F(R-H?>z z58#`H1$igu*dXuSRuAg9pX+X2(nDyS9>nv+p3>LT`{Jp)yj=g>$^T+0FA2Doz3y+$v30jQ~@9xz;0Na?(H}BY`E%vNTKreuK@V@v}CAzYICPv z|A4nd_3fXZt)X}DFRdHY%LOyQ3EwjQHf4A%yo)o)0RjF6sOqG%*DBof&4md0aezwbeItBRIG~g)?2MW^% zRhi$>@PGGy(D+~fRWF)x1)l%^3H>TXBH6r=G?ujC z7b1(wAMZrV0-1)hWGVn>FL}E9!|E3iqpC;Qm1)C zMh-fM96-`(pmMowDgamql4Zc-GktClz$<7TO{db*9>DYIT~7J`gc$!{fUpc(*2dk2 zWj>cX{sX`MeFzhL_2lKphE+89`EO#+S2h~Y`k&4!oB*I>i_POV4}Pqr{P+RL-KVgD zSsogYAZn+k(Gx=TX!bnbulEKxm=ggch$?U{2$>n3kLvh?qq05}FoBvm?)F;nv2VYD z@a1PTPGQ*JOd)sb8IL3-$ud*B5={=~Q-aBH=DKjwKx8tulP^$pQbbQt@ffB_!qABt z+tL=LOoP~IGG8(i%m*-c!%MFw9)F;1sMC^-!T%3?Zyi?E*6)wvHc&uN6p@w^1O(|u z1Oe&pl9ui+3y=osmhMG&Dcy*43zAD379DrYh3>u2dEfIs=RN1%=RWs7zx9_cU2~2( z$DCt)zu!-M? za4wHEW@huLyzKL?RALKLQ)^;s=No|>QNH|SfJ#c(*1QDOUwTVO2)M(?ksI}==RAz> ziI0wF3d7KOmrn!&D%vxM{rRNG!SsZlT)xoE*??qXxdv27>cbS^bdW1%5gEq1%!xf7Ncy42VAVJk7z<@byT znYnM=L`=CYf45fsLd#Smlf*mg6_>eb-;7%ndT)z?=*E1PqNx$sALF~K{2Xy3Iynk% z`SuY?YD9%t8;wYRIn{1uVyfO;Z8-UUgM2;3N@!RhV1Cei^nWX z;_`gM$CVbqFh2~hN|cVtDR6pa%D_{7D?Xy)#1Xi=*>c*aJ~yzPUsF#slFsQu3Z(C*Dsf z{8AbLLgAZjvLp1nYZVP|qR!bIL!IV)L2OPg%|4_Uhbl?E-l^Pz3qut!#0l0Sgj*PA z!PtVcLa@thGd9TvYyh7$Xv)T}1(uO{{1MOFq%m0Q2^)@cikKM)<15l@H1LFSHl{%p3y5oyQQV5QTE#&jn-DD&9W7c3fbFmy|*M1#CgiLbW3HXd8M+J)&`4s(Eeo$~6F44`l@ zxsmybDNCh_m3OdA+u*+9S`|-eYCGEU`S#2ASb<{`v5#xNU&yE~{k3$BT4~tlR~rks zg^USF?o+b%0<%cFR6xi6Ve(#nEv3;>q5jA>D$rd|#57OF-I9KxpxP+ax&8KSh~RCZ zFuqCFWg|s9qGfuUxgvlrrjaMp(YQHvDd@w{VXa{K;P(1COx-C!9EKLtX!@P_}9^sZ@?G~JPkLcF_L|lji$MsKcYG`T192k)MaHCU{RHz8#yJP zsgBqR1x5`{C=kth`O?o*;==#HFmfxxw$+;W{;BiT;b-3~_UB@I&}b|`l;;zXEqn+cx}Y$~BDRMbNx0Q2Ymd*xx+jly2|SprZ6yFG z!eOM9YLob!Kb<@`mD%_H3;REo;*6l1_~|{gC_%f#P7>DWp_deW^L@r?&N$v*JB3pt zdYBf6cKiwk!=U^Vg53c|+Fx!a+TU`s6PE>SnsMQA9veTo?jVVM@JpY5<*IL^xlN&q zsA5+qz{bM4>E)PXu896sFuL%c;f!cPxA1i<5lb)wIY_ zFxUQmuuB=nK;N4fk{m$Z^>rz`{Iq#>ZVpjF-V+hY+yxE&^~dezTYE2;a2pOT=N}44pi=j_IQmC z$d?<)$Ha!ue~8PDm?};V_E2rpBjbCOr-}C)nI~(VO)GHbVAY!xhdprOMf#oXv zPt|2Ur7iSxzrHQOlJB`;FT<}Rs7Ct;kkZ<19(=@$D1~&BIayhNK5sTFbJ<7eENd2IkAN-+|KOM%5*Z% zZ20cNjNwvl+$02+xupVumpg=kq*PbJeO@f`2rBgC@NwOV^NY4T{k6n0hDCr_)U+wc zuUW08bulauNtNzK{GmHmodNqX!q>&|48~X`zkMH6{eVe;-Z^S#SLE#ve+S}gLC$K7nd789M54UeN?;^%JAjTYdfmIuBl`!r@ zu>&1*b0h(E!i0F_J~ZXjSid5IxajEJ03J^d;eh>s!HdQC85#Nx2q#aS{A1U}4NH6J z2aOz^W@jHcg@M##@s%V@s4gcoKQ@)QBU*6g^UFlC9N6{IfgdlP**!_o!!9eGkt8yv z0$K?r5G!XqMKk%ih6i$n$@?P+%A(N75HaWOCHs={vkks0A18aPmeLN>C|n?|F-mw0 zl{d8+@--uSvD&Cnr$P~~A~ncO}rWD=_r^w#qX z8K(d2xFh)MJ-$uR(a7VmXT`DAQ*%^N<=;#s-JFW+Q>~7llZzlHx$D@HJBQxoZZBZy zVNfDPHR#P*aybr-y_=~h`$KJCGn&_axgB?^A2@d-dLLT+8h2){=kb=s%awdVr{vcB z^F(Obd>!?-i;VZG0)gt(`6rkv2vh}oL$i#RTz)RJU`PuIXBIGs^|NC-(`wnb`Gg$% z)1cj87+k>YHBhpU#Ij#gmK9PwcG||gHFLuhgCUVniF*UvmRH-3H&4*%O9WCM{zv2A zE)CYG$=jD~&f{?MlG<*w@`rUqMn=Sn_Ylwgi)$9U!>(d4@hlY_f^L?5I4>e`j)|d( z%MI?04i;MnP!AMyrm;P&q&j$yo59R;@6M9)(;^iecvOX!p2Zebc z^>o~(z*?O|n_S2iV}SqMSLs+4=+W`hU@h61y|rzg(~CX&9C!O8y8R_@^7;=9LIau! zpWv?miPfNKg=7?ufcvgg6lweDmwnQ(pc{O%LVQ@Oc9y19ce!h2ssd=6WTPqu_ottb zK)3Ug85EW6=F0hadl&@IDrU!p=RT26yA6vnYUh*)jdQwUcs{?1Sh;a1+~1j#Bclsy zu+2gA6hzvkE8MKpYdNKPGCQC4;v0v}p9DTRs7r2W~Mtl>! z4JdV9X4N^A@RzB~fV^6DKFLZWgmFKT*ULD@A51QhW^+{+ZEROPp8)GPmz0LBW=4_C z+H;Y29xt*qY?W=czs>JR+WWToD6M9Nsi&8du3bsm6jh2lW#%CCd&8prP3X4uvE-K8+8Xh^qyxkw2x@5LGHl50;bacC;eO}uFwp<; zqX~2JL@s<)oTs%f>XU@hnG~g;XMCWCesSe3v{5;DgmPBhy0|_o@>=Q_9Y+n_G51nC zaJ!&d6aSdA?)5&aoyGi>m9CgDbjFLllpP=`7oG%v4+bj%q2fK#=HTyTpx?XuKMODa z(Z%3@xcfsk3DlE-@nEp#+r1+F!#vWUEbu3m`pv(b77kVJzryf}Ma4x>HKG&z?fVC{ zFa9K*flG$!Xpvb}NaWef{ylE_!oot?2^}(;`u4Yfy2A7_3%SD)X5H|iLn0iEY$V!} zK{vn>gQ-={K=9$hK0qO?xfJP!SQ)bzL@U?iZ?&`n*(5qBq|xUzXB?>^6j-aoEk58s zomMgi3j2G5RFC+^9<>gNz@is^?C5Dq`mW`3-iq;C*@8W?*#L(yG_)V2Q9U-o!g zF^?(IYMMMnS$==jxr|e)Utgxk#?&Rtw4w6}@ZJb>gduNjIe>x!AM|YsOa=Ax%x9fh z?haEK_2Fxk22c?9Wph}dcg&XG#)<#6Wr*@EGXtZ7(}1ATxqe%b=7-J}jL65@OcO}W zpC!(Ei9LwNf~f#>x^#-!?jKUJ(n&!pv0YejcS^sV`lK08|C9D8 z|9V7~KsYUuD!WyJ{Jjb{1Y>k5Xn0|-0kokNxaV(7R@rV$*8y7`KN2L8_gU@3xR`

    p0H~4aS&BTmP+IO|dG`e%%YK5?&|1*la|NR0 z1K%fl$mh=syDTEB@WQ7@9}}5zHXQhpl|w&%J%>a=ARGfAB>*E?M7~3xoc_!&H5`x! zNq=yWTwY{x|9#(_f823C4_hDaO_gCGbF6>0ef?D(QRk`s0H}H_fFJoD$xYBhXT}}V zQ*|Y?UDV^OVmGLjT-BPWJbV2O$?`*iHpAchs_K?@pHm-5QhJ1MGAKB&DnK`LMO}09zHhPwGDZJntO)IxB=o zjuHtxgA5vI=x7y&_=uTz^zDII;e$1x@u+ZlJSnx1ZM}DcVHgp;m>F_La>3ic!;Cq| zPcF0U9CKEt-zUoImv3o?4LC6E$H7drgRv$9o-o;#p2#UL>*^JIM~~#R^?I z)iyLr&N-D9@isVNn>>B4*p3D;QwK{BTDif@H^Kl>LCfdKrR#}Hzi0`U@|aq~wdb&XGym{$(Am3MG>VRb?~(rH z0nMvE78K>Zhxdatdl5#H9FF{<_*%%EHB=)kSM!T?_@pvQbL#|6K4f!$MxEu)BY?Pl z{+gN%hY=V3J<|8TAl?LPY=V-#*_K+aR}Zi!hF0q*dtpV+b%}OuEEmo}44>FE^W+~F z_M)wvZ!JF_QI&CIR3u3d^%$Lr;@E_;-WQZlU9&taGg_Azv>Y@{k{?p4A=7#?D6L=K z@NANz-~F_M&Nxl{gAkevv)LB-w-^4@t`n{HvK%Ao3=LlE%OnZW(NDCsE0WZ(uTIO^ zS#O<`*heDfH&gCveiWzsdxk7}nqH<^xkRkh-l{lZ-#9I_H$9a}^r%O(aZK`ZHCEs1SDxxkJ_sPb}kch3Qu zgU2k{>8ZVP`*@tAFzX>TT&Aj(q9d&dZ>*~F7#Yszfn4=#Qw;Nlq=bZvaN^Ua0p&XJZ54Sr!YRJ;|F+FMYfNFI~JrF?aTy`qHP&Qk8^Cd*(-a^&q}Zkw{Q zb%qh6Af?QFt{#7;{DEGkG46Wn9xA@j+7w$N zU9z5@Ph-&9M}j#{3fN;sT!KoAqkdIUGR_Vc3C)G`BN~BoWf5BIllh|U)enR?CQl9c zIOzf_yatTeXnKFyy$Q|#LQKZoW`%6TAmA#0{2{jxtNSa7C})#liCM4Q$-OxBg+ENM zGpGp@YDeY@4eFtr^&&E@r0gs{I4+o|=_Up0Z_lc4|ElG?N1yOiAa*%ZKs(&()heX z-rK{iUqG)}{ic9ojfr1uo3w7#pcwm~20_Fr57Lt+67VY7ADv#qU$1<&t@>tKir8;JBa}~)W)|$kw@V{S3T5QX4eFTl zS|a?ZE)7s&V7s+?%?I&z6Z`wfSU>4V-) z(eJVsc5mK3vrm}I$&>st%`@+`_s%UQz3yJ$fRgg zyfH6IJi4+Nb+dU%1XD>ZD3d9xvlo#j#xAY)$xm>pgjC_NaeFJ9rakKPeF5E^A2Hc8_U9d*Wrppzk&0xOj$}!ShJ`Q>$*tFGWp_8CAxdf zhtt-JiWv>4n4zBL3??UQkLfun=D^f*vFhlwvmfm`l9-HBCS3`2n@=v@%m`qnaj1Y- zyhifD#)oEew!$J{y<8>}#|x(HRPzLaw7EF~9k=*NxL$IBXWa>|wNc4b^;9ZPgZ zOwl`w2-@y11MbhV*WkM!K?D?ii!W>*PU%Mm+Ey%1-{q97rx}{w4w{;i;UxRu^<@!l zDTq@$!ld)%vBhm7?E~c&5D>$AN*k@x>?>5vw^3FqbSpDQhR?nhrEhi67fE;E5f+Fk z*0w1Ot#6mOIh(&$fF!P}TYAk-OJ;jeY~hW`K!~(2dYI%GeHXdIzu=iGMmhpI>59vLdpoKy z&mZWrtw*f^@rr1~5cCm;IfWYh zD1MJS+uIS*^=^?Px+NhZpF^yJcLMPJ9Hpc|#4Xo)KsFX+X1KX+u+P`B)W+4_aUEpH zdy*~lL-&K;l~;qJh)qyz2J8+@9?qK)w6}YtH1AHmu2;#oy>V_^C%x*)#blN^Z0+vS zj)PAbWD5}RpZ@+w&i51jKkQO6Pfw)m+VT^d!ad}#@r#1a5Uy1i(33mgcSmsaU4k|! zi3t9xT$IQ*p_^gwz3E;I_dM5*KS*-O%2?*$n8ADdVo z|7Tf+n(`t-8@2ljOZ#Wv{kD1hdr9Trw}Je}a2Dmi?=$&471Y;oc98M33{T29Hfz*j z2t-l>ppjNrAE2iK$rsUI?n@zd=V$J)2I%Y8WZyfmY*%*>elkMa)Qe4 zozcw{bBTNUpe(1Ujh0Je?m45%>Z2LbvLr2{M&JOaorU_kSlB*tGpo)2hQ^9XA~>z zM_P!fC7$n?`Z9Zo9zu8f&4)UNvQm{)_hWugs*BMLJC<{|dkE4c$NLl(k}rOhRJ9n< z^`~8w1^&#obd+`F_js{wY@*zQn`5P{WO0Vi^?qm)k?R`OY8u%iF6xPNvB7U++gKky zvUhfWU=q};5gN9d6mb#@WlAX8zrYZ7M#dF9=d+W5`x|)K5RL6E!7mP58nT_({7ADe zXF&Q7>9x@be7wZydOq&487%^_;gWSYTX3h6rlzGLn<`u4v z$z<+czL`>7+-RHju_i?-S<#pc^mYq38{_l2n)IDaT^+dlVv7<*_KNO^hNimNJQO|4 zs)T_Wzz{42JFn+~uY(5r4?X{P4A^JrO1TPw}7H+ z%+INTA0No=1awfzy%N6b(%LwMG6~3t3>LIONmIVngwr-^OAx(;_?eHE_yip^xoN*y zUN_8~l4i5q|XMVcGzvf?awJQ9W;HW$EOBKQ- z@C>JP2FCFgOZnQz@0`3>DtdxGNW5w##occYNx1~};s0t0A z79N@>bqW*a?x#{6uP4OyVWzDY9kb|8F^$r$nmh(X1VUwnzTNurr4ix+?aH8 zcwir#kV(2TTr<3E!QBNru*iku^qO}ZU%}N31@PodqN$M_rqGGl20-_VogX+$2l~+? zV>&*P=gx;RWd}EovJZe=GTp);a%%OV6$~P7Qb}7>0fiY2Ct~;7)-yv~ki`sgC=caf zzgZ-0`#}Iu(;Av*ipt6tsHrv20Mom0)CXwmh6Wu=Ic%DJ9n{~;LsySyKi%6iOWG;F zUFOmkr}oi?T3J5VIEmLG-kVN+LoKytjjrZnmpM5!qqGiA$$Jy_Dhj&fBv}?OZ(_JF zPd@~|W1Blvlfj*x?oXhlKZcy?Tv2CU$j`Oi*@h|MJ3@YSQ{ZX-u(itIr83Ve5;pxm zoD}o1wf%B_YJKc|s%|uGl3MMu_~*tafCZw~qr*Pb)e`|KTwSmV#`h3|iqQ=Zr_dKy z<7MBbny}fsn7dxUw0+!?J>-{G<8Ij5nv=<|kkMuM)lWf2ce2X5))J$mLzH)oCb1Y)x4QQIGdvaH zjd7?gXown_^jToCRs*U+($-D>zvdvX1{=V>k12yoe=261FWP@=xyW@VXC`!%$|uL>b~M zFe}lEq2xzWg>UBpL~7w9!a>BSO{ghp}8G10+d_RWVH=c*$> z7JOrK86pcJIBA}N?CB@75ANLEJPl%&36n^NHL-1ltPV{o*a|vkar}3L!pWup(Ko6b zh5g&dnuzE6G)2;ItD{Zs%=ILkN9M@deFy=2rgEL-6@P#^4xzg0sJ8^cy(8D}j3{;68G~B!g)hB^a{ntkgO)1D{sMp!xBkS4 zAJjqW;_;b^mwaeUo*-a6JACWMMMFcwy9w|DzJ+U;pqYKPDbwUi z3jih%`qIok#4)V3GRj&`>(6A_bN^&~pr`}qif^*}mQM8HA&2j3X~-5t6CnaU&>(gg zX$9;#R;$2|P&f-TvBYH%OtU*G!dt6bouZWb-8F@ge zP4KZItL5ifu^?lFbV;1iDgm;GDhRIm8xQ5=SB$E zKSe>7PEdZQ&xMfq9(-Q&|9=)0{Xd*pP?!2Inv48Dkkk7!0rwdVfmuLU3Jn7*=q}R- zX$K{>2+fVy;C3A3)`HZH#W(fDRcJZsd@9*7nrn#JK}RZwI$wDGS~IKF_Phmw9ZbQ# z*kpG}?^_}*I-;ldA&pql9|n(4pF)kYWi(F@KHp?+Q~{#!Pr?q@`ze9-NkR~SM|fOd zK#nZp75|XRA)x1Y@4h|X<6QGew@9X6i8sK<_FhuqGSsnzvt9_WQUVm5W^-r_NV#of z!s9@^&&Yi321JD{>uB_M+O;z>e^FTLTK?qg{bHyy2h#}L;$A`u03(+$k`hjQ3UPAA zXDBl%AC@Pn$=xB6u$zVJ;~`Vb*OQ=p2tlIXzh@mdfr$0bi*0A9y#;w~JkHHH{&+~2 zv-jxObPr;abse(Sn56*`Q$ww??FT&21V#7gr(2x_(A!un?f)$564aEm?)8R1X2i-F90MnclgMwXA zX1*j{)T(~WMb@AJUD@t_gANt0%hyA%`Z@K^sB$ z$ZBY&iJ(#z-^a?L=WKGC+S-c83i_jGOuWBQ!!E|u(={94)=M?~b;zb5uPki#j&`$_ zy7oa|;Bln!N)G;rWcq22mS?|Z{gAS{nyexv#8uHB9XgP+Ln4=o`>TgSkE+wkNeAll zGXJF5CdSU@Xd}KNp)>r~lv{&vw%QM1uguIU z=-l7sAby+NDaRck6Zl?Dc(q1i{vByE^-{$O4Th-lr<@3|?IJPVeB?1&7eo8n~f~h zsPjV0w`>O-&1jA0b^ZUGn!m?2py(2w*=%H_MC96h!4u9>)pW$jvMH+{IouWDlpoKT zQJk(W7nR(iz%hAu!sY_y)lVEUp46+)=8c!E=h!Z?XdD+O`Vnd!teG5 z>rn=i{uw*dyL%$L_~*sWHGefC0hcjceJ`MT5a#BzQuY%R&QYy<$~>@+%m3*OYDT zP_rj}c(6X70NwrgF$i_dY{YrZbM?O*I$<*N7I~Z1z^C@ipa~_?%A#mPP~X8B;vhCi zvBVXvcMz8SuToTu0{ip$qs4wfCzE^?fGDU42mMFH5OcrtYe^)29>az3k<9hR)q-s{lW zVnEo8bze*w{l8Ll$qLg@zd-YH9EL1M0=OE)l$8J{1sKF88|4_oxvU?nmQ;VcMrn&Q zjumH7DoRbZ-`w`AbtGqO$gSdOLhpCj)qr3xhYXA3Vpof{YOreNyUR0z_to}hjDw;? z9b`B%whNmMOE|OxM>}a=4~wE^_#O)qyE%CCCr(JzysGLFb$J&a3^m zwcoXH$6xzIm-<(JcAY^+3@stm_J6p9GEP#^F8HI;U)PQbyW~#VG;BEmTl-8PANd}a?(I0 zG<>5H#|O|oq!a|d@xV!T)Ihr0hStM*KJ z0M<;1N+!?9th$;OEvKg>4-x;MrV-tx_9d9JLU=WA&W%}2V`BXXzxvGB!sW`z+IH^R zvQ$=pHOyd43RWisD?M74C=P5+-YSo+y-an%8>^r)a+I*!5GYT)4zA`w$aMy>FY;TW zTU+Ha+qC=X@@o-FS)iTUtgkOH58qQ`%&#Bm-cWT}IgsbxD;M^r$|&fQf~yjs-fO<1 zn9PRB!Qi8u3VN<(TNG`T1OB+#GCYd?2`FpGnU-#7hu~;dmY0iJgjP2t3r>HR8S@Yu zZvF*v#Oxy>4ufP+Thh6D;mp^AG1a5%P(r?FH3-l$DJg0HAN^3=|v@;iiEs0Lar5S}Uso8n^b#_{<*HIS9Dgq8x4HEwlGs{?i zx~J5sIbD}4+Re-9>h3bg+wcB>dH*>yrI&=jlqOc&QnGQ|eN~m}nER$k4>crII@nZY z9V;nqi%6_~o*yfhnsa;Fa+Z=+M>_b2DtbnseBm> zg*Uh6@H$jzVNzl;bk5v#lS)_~MDHfJ$ve zTt{i2I*7fO92zOC*8BmWF#V7D9H=?}(?F{aY;r~yDp@oo9dO0{F9${{f)L4I)Hn@fS{I|hNO<&(_`q2Aa)XmDhEFVtww0hhIS3P%Yxg~i$(i?7K zE7&lf^U$=KAsegs#MXm7AzZBlEvJ>`=3&qG_;vPowhGT^Lw;bdwLydnujlUg(-Yq` zVHlvdh0yD2FsjWwA=w|@8i^}a@l*{DHO&pz9`ils;PziMv$nVY-FRa$`GMaC{XsrY znKg25q1ScYMpPTy@@d!SL1|wqERGc)(aOlgpZQVR4o`9L66#@#zV)*wu__VyN8Ip^ zUaRVqp$avHne9056GIhSr%>~&Ht}`j-!6J-{}khRu+{*h=>9CEb(b@-GoW&|xC32X?61+udW}iPA`@VQq-WWP>#Q4_-pA zp1NDM5gx@xiE>oWF|U%mE&XG0*<9y#*$30h`HtoJ(`=+&N}NV>U5*6;>u@W{ecHqL zR2%hY7LZkWP-IYt?s52 zJFfasJ=-Q2PA(txxwVSR(bRbt`RIRn25wJwOBBA|^t2A~)8%Tf&mC2zG-dHvsWN@+ zR%MR~a{0y?Od58DOyPI15#)F8q?f1#9zXJi^qggV5O10x>)))UR+qUy_&?T zkY0>PE4+^2Aij0boaKibt!FUHlIYXI0cV8Ix+LfRy`+c?hsb%Q9M2dkFY5K7Ds_3E z2TK=g(F5p)WFCC8+<2jov$bMzXw%;O6JKOOoob&gmK!ZzoQgPfltKFvXaCHQjH;?4 zj!ng5@h^UUei+(wT|zdKH@plJ^4aC7lm@Ps}UF?GH zm{`7ai<$64ynn2koF8yQTVsvuXR#6t5Y7IhB>#bXMVU*d4V9swy(GaDx)^;UQ7a1rHxIi0 zXw`&T_f|{X;){m?tb;{2+H+WYY8Y+jmHW+k`<~8ZlKT?+;A)?wt1{gho<L=20$CH6{1qA$v5knR4{C3z+^pcCDjAQ=9^cW_KSuq%dJ7iHHEdlTVo zmwyDkZ2@`3A#XN@8IaY#jTbT#ek=hT{C|u^QvR4(CcTIW3Z!9$_M64-xZ=IDUh%Ts z6_Ch0a553p{aN`yF>NTVwf!a!5SeB7d+SNJ#QuyuHd+`Bk5D2>@Rby@Ynpy6F_wj4 z8h*1Ppm`pnW>74F8KQIWh1@VfC(O^5G($QFu|5TZer*Ga#R2x$8RmYNC(lRVBB2|Q z;7m2$0XZOW>eE$oFNm2b+5Hb1w80WKOu7#@XtG`rT1|^53$Ja2$@9_!LxQ2fAs{XT z`*|tS=9imFQtP9#6R1Sh@hKFkn|)p0Y){iTM5@w8r~04LI2fu_OnG#^rzzTE+fwa& z$^|gQ>J`r> zY@B3$^P|ILC+IPIcS|`4kS%!KF-eiv2Q(Z3*gm+lMPteDdMo)2F*0I@fsZsPWZe`S z|A-GL628eteV~&|L1S%nW%N$^Z9OFI4B95KkGB#jD?#N|ppTQV;X8~*=U%fmS6F0)dka1$?=TOLCdzgo#2tyfI#l_C85+d{;JOv?@jWg* zP7PrNTUN(d zj5-^FU1)&Pt&5B0o+IUBt!!G>nxsOOZ@Q>-y@8#z!UKiJ%Q<eXSpVI_?qE6=%e= z*i`}Ep)XM2niQ`XNT=l_l}9f7*{JU}Mv?}9j~0;FP2~wH2&3?!Q|N0O1BatE{L_&~ zZDT!|V_Cm@(aH|3*D^xu9Y1J@jUsH^gue5_e_rqYV9(w9;30*0@!Vt5SRcal-N0!V zqX~FAIa6JT?L*j?O_}{P1wgu<$Il!W3QeT`Ub1xETY9V@DKT{21uNp|yvxLgC8ZDm z*y?Mfda{wWjUCUkzk`emDeTpuTOEEAtYG0>wNLa`*>$tpRI1l0tZnG?(ad+ApbGIW z&YhcYxVgbOirvnYwN}tbcm5z&A;e?6{Z8h6s^~r8_U-^jr?D-%u(E3{-?p7zweIc2 zQC!cz?y$|&9!BXjQj~P(DfbrFZBjhLNJL1T)Jcw%qT@(5pW+a%ZSu{TV3_{Els!CN zKGS1&MO&i$-ms&`teZBqqt2CT%kU>jsy))*$Hv@L_y1TaovCGPbbp$GPN}`O*C=KF z>cA`E3%(E~qI~ip*JngFY8_Xz#}#B*10Zpu51cQ(PT%Q3-&uX(;W9lQJ(R@LQ@>c1 z*3jqd(#)qa7ul=zu+0$!%##BH6BF~r_IoM0xwJM6sFdO^t%gy%BT5C`bzEPE zCUQ&1qUKu$GJ~hTCCPQvdz;kzxY&#nN4V1rx&5IyaTwOpw;N=W&dbX?X6-ATE^Hbe z4$ODw;-Xpuq!C6YGspT%(=E48AC0G%amP6hcRQN;V-;M`RZ%eUC>T%*6{NLR*F9<~ z=7siFU!1)eoI2j<4%nL*F=DIHzMrU4Yb+J*yt0OR5mC%bRT1 z^+(`gPfvk)2R=Vm+H}F9ym)GS8tV-%JEjWp*@r!m0DOD#xxx>I^!rnGtpmv{L;igb|IdQ}?K(83-yi;b z=sJFX{@ovakEwFB&Kf%%-!4DhIh>oG^bbtzh**+$1_x}r49-biRCD@L4^b!Wu$t7@ zxOX%ebGB}n+W*QSnBK#%V%Q5^+A@B>6(Ug z>e8fI*O_|=q1J;6VtQ$;q-8lAwrZ*FTFZ*Jys}BRmz`%rc*;&RL&=5h1J#7b_?&Cfc+NXx6&IJ zsB33}oV;I`Y%rj5? zvgxXEK@;I#yzL8O@te>3B)-wRzs}=tv-h{4<2m3{v#vqGQ3lruL~-a>$1;j{$T1)W^of z>O%*50yj@Bj!c`=Sr{(r)DuQcmg7=04epVt<+Bykb*loS*R2Ob37JWngeELUy)&f~ z^0~Iq-A%xT>I~<@_dl5a=F4(_23?n2q6W--q59NgXhlY%r0gHKO+Zk?E=4u zZ>a5Pb{Z8NK6je*ci)U0O}+(h0H@2=*elGQsVVjHWS%*1ktG)^j(5AH{ErD(%j|dD z&YvC6eVX!A$wc*O-W%F7%&(cLml+Wb3~)!CesWv$!>KCUG|!B(m?G}SD$Iqdw_)Qm z^oghfCdRLlq|6APOzP*4e7RyXi(ZIDsL?bOI>;n2el9^gaa?WC;1i84TGOc~EsVUK zi~(=59)lO;!Mkf%E5bK+J{0b}D#ReLwmfy1a4|eCM!RqyZE@Bq2R^s0l|_wzNb3k>@~+C zMv)}<&TPAK8sDWdTh4fz?N?omm^7}4zZ{dJSypGC>g4|7Jcctv*z~72_MSk-!uOc5 zpD~qS9h6A2ArP3A_OI};9j7twIE^l@=RcOinW*EnEH#tTOkE4QqHS5wQEsW7h(}cV zES0v#P90UlOU3%ei~d5Cz-!&a0kicqx_KJeCS5#pcJ19-Go5jXB>68YgY|m?5-DsG zF0(~>=$0GYkAeAdNvZHhCg*-#tuAfkL65w7r)YBo%|%k7xbLf4i~>`B*bVoG-36~L z>4Qd7)GVfLA_!O)>BUQ(!vd4A$f)eY=%WHhuHXyb-boXoXk``EoMgY9pyXv~N^-4Q zAO-eE_1le^;!gxUgLwp{S#Q%~Ye;Pb1Zi=MoZtDvN(|DU}pi8&t zLBY6eoXH+lgJgzqt{q%vDCBrcZS1-(__9HktsD(K@L4t*s|B?w)`EN@tLxNCRk|$uXcLQ?B|~pC zttvTn_``^d>sLE`F@j?;TO%?Lr*RGYN6n4y{XvO*1ckfTZB6&2eWoUGy>|=Qt=2C) z?ryy#XRo`l))~CQiT!BjnI54w{M*A4Z{w*1c^o!Wt%RE5G?i$)bz_c=H<_`uI=x9W zgn6aYQHJ+kjISOv^B8A$?cThJ*sJFeM`*;jS1A*zn(d!_L4AKO+{^DRAp!gGpS0SGS0nP>y#_R>k*BkY;;?@!otzC)+vARJKKZ0Ly}nE z7E1YdCv&rX(bYwE>Z~4aUgMo?N}Vp=u%(uc>}11{>>Ktc5xJ(-=7=^_e9g=Z+{o|* zWy7}8*V(2H)jP4PKgQ&#L?Wn0)_F!%n0#WDms<2%$f;YWAdqAzMNo7C1xq2~!iGr1eJN}j=E!iq#fr1&&!65qmzL+?xf z6j&;Hh+(Fv$;)ekgTIW{U#+o=r{TO;iI^y{%!BuqR2{XB%}g^9nCBX|@c5T7J|507 zocSulj*z^1Gbu<7M~(c`y=SUShXFjf)gw9PChH`whnCg$`qXCn^VO@hr*Pi^vA&@| zR1p7gXg}8=3#oB+sjmG}@uAJBd2`n*zWT|RS1J9NCwBuBAI@xLXA^UeKF+h+znwfy zX27sq&OgzwS0|BGdDPAS*8WAFg<0Ms#{?pxvvlLs;+fRc_f>;QjwEHe%PCcyrozOz z5lhbUg*`V0n_qKkwS6Az*VZDB>wJTF_vQ`RbK{6R%cfiSsp~iB$Zh^Owv9SWNb5l?5MZSz;?(Z*r9~4t++@jo%vopa^Tde>7=DnAN!{p8Y%5 z^>1_v8Jr$vqXTN5bp`DYGj|_EXxDzvyV1kc-(B-D@}B0`goK`i`RSdxD>weH?%paY zuBPkvg#f_<1W(We3GVLh8r&Oqm&PRlg1bxOuE8BbaBUnKOK^t-Yb3yF@;=Y`_Wt(G zKI2^MGtRo}F_!eInlD z_ncFUJsMG#vbUtYXR#0(n(I|3rs@@1t@=~1g~gNcSy}63M3qr%vsJAVE@pncneB5e zqj<64rZoW=(^y8^1wiHFJ%P6TI_eYqATtfKP4EPJf8P(<{e@cEgXCWDn=2E4k$Xt% z?6AAg>grjqUaW$72QRAU0El$Wj#;cN)_ScguMr1BGZ_?rZjMK=C1<$rNJLP+GFDqo zG5;cXegIof;8k1Rbl{_<2^+>I2&qt=R?4Um*%-UNLyPoVLr{{e8?Cky(~xiYWZww0 z&)wx|sF+n7_!viVcUm4hjWj+wox)!XNurdy*{JllQW_T4{UGwjcqYYy{;CF&80kt8 z$ELq(Mfz$yMmW*(yYW{W`-*oUj0#R=50x4`e6O{zrt*c7WkDzOX0A`EX77UOO#Tes zp>vfjEpBpsSnIPRczsP{;q!})*62Ot!x{eSCMM+pS&7}Xcx2nmeAR@Q+{^?inE3#(lLaiw?bEz~kM6cUL2A{Q(Lg zM+{vg-Dk}C_@<(wl6Wgic_|>fERf!mLt-RwMC+%jw)Ms(X?B;k@z4+ zXmhzyZ}@p+U34QvE+w2z+e)V7gIRf0V*945R;J(11(iZ)3-2Be8b|k%w}|l12z+hO z+cGWC)6+~3FUyUPU|Hk^dDkP?MczsYRVF(6#6`2Q0B+eEgqPZ=g`wIO-QGxGmfTi7Q)8EK=~>Vm_%a5}e?fzvOnaol@6}Pi*+?hw4b=Kayh=1Ek&W(1 z2+?ZW_C}}NC;^t$Ou~HEaRXL3E@a)fDmh$sg8&t6uhB00n1RBuoS5x&dYTA7k+F-Z zQc;y2FP?3mK2C`Ion}L5{J!Yo8|}9W{U3cS%qCyZ+2q^J$z**gY0BuZ9cS3ZkpjJ% zsS)pMZP@Z1kVl`UmREj_)S7b{-tQ%!rnW}3yiZu)?^8TRmPq(G{fLr#wkIuTL5i+M zCW}k5Ra7ySNNPA2-R^O8ethE$$n`fjpj^S{fc%sUu{NhOrS;GE>F|wdMpW14{D^H& zgvu}eJ-I;e^T}9phw(*s2px^KfrsUk6G@(@hzE#7NZ@RnwN+=NP8m0fe`>HQnjz?s zWkXXGg=>hEqTJS`LlT65K~(#(M%`&_Kqi?YKH-`(HmUm7(6N{?4wmUZ z5CMzRwZhL3w@l_@EAALfG;IoeZPj@QJaTfUv)(64-e4+o@O4M}-XC4;hRFr6R}G{i zK=`hS9)$jC0F8z@RG*4Ad$xwHzBb&w_%w1@h+nTzJh8aNA|*5#=LNgGOL?-XKuCmhU!*vp=ZuDpIPI#&*Mliq3TZ04~(`0*ESO7-L-UJ=aeGxpfLV;ZqdzqT2Q69cHzi7x>y)Z(mh| zRDOW6SoxyKjX0rku62oKSKPiqWe5)AqpdIYpXPVH>vmfus5F`E)5_c!y|Hch%ayyB z4n+t}0>v#&VKG!zRy}8%VA(Px!c`Z`&3)XM-4L~aQ!GeoW!VgiEw}bLS&1w36Xby_gh{1z~BPgSwmm(Qam%rtu?y(%sU)8Rb{X5`BENefS z@lYfam4H4`VQHp&S=X5vEZ$LPYpWHDf= z83p+)MucmAWaap)?6vzIQf(%)Rfe0cUoST}>z4e>G8))xg1Dc146RSuJ7|hk*W7rZ zJJq&5#CIFPAmqU%qZ~Hc@)2^+i<}D_q;=ZE@cDODsmxalCYDK(ag-Jyt)@~l>Z0!0 z z-$;V?%AfNwl0_YF(4)jn9;^Ms#QK4`kpLB#!RJLor7!*P`Vijd>*xq z3VEr6P*9tKjk4yYVs{}6+3+(_1`_PS?T@tN5Nk_gc0n4<8OPq*qKlio^(V z<*aePilODHJecdcfZrRJ@Xl?Mz@^sPN1E)SN-N>=1*K;P_sn+G9%}%~00K zQ}GJV1c>_K;?w7K*%Vk7^CkPQC9dl`IKGnHrVJJFRv#?c&kY8cDU&s!*`bB zS3IDiqV>Utp;T-VlR$$HHiU13)$m=jyO~099U2mogc!NH+JH@bw5Up2J|?em*ne<0!1#M zqwJ}|Chl3go|jUeA&ZTth9uMEBl>zB4c=B0ev=h9YIB2C!kqV;={Q0H0X~vmm6;iX zt;BK;QYCG-C23*zT0jA|ZCQtUZyQBAPS&Qpp02B$5l5;jE7@)hoOK_mlo8=wOTR!E zjol&0KWMeG2g(Ji#dl{92#d-fnhv~Y4)x1eVP>$m{_%H0H4hLS_a}PNu(g0%>^pe> z#*~{rl+>1y7~~fu@;72CI}wmq9MtELF@jY)Q2Rg_Qk{z3Iqmd zlUIx!RCWyIA0Hm6{U+nDN66ToOV7?+Z#8tlkT3sm6EaNk_&wr4?@zR z!9*B90>i064?%yqp=(LryASY&MvTqPj^m&Mo?4Vcel|h2K(jGJ0;gI+-}!p;+x$$D z5H@}@=%WBf;q}ck%odq$IVg5nTja|ROBEEdUmq+%0(ZKJjIAA4b+PfMca>Hj_5a*I z_Gl@qOr*d2{;Pj;V#dI!ge|mEZP#Ar;$$VQH0%UD#a(msy`sXRAgpqo z(t~(QXqhfTaWzZ4U-?IzU7D)kDn|xjo`uvU`uwp;dx1iW=T#^*GbXZ~E?Wm+Il z8wJTDQ7K>MS}BZ(wOsAcFAB%DNrhK`+9#rOa<}x_kyh$pSnnJeWXaSJxUQLDur6C< zwbY+W!W_v-oRNB)=wZtsdM|dVmtvGr*g$CH!w}-wlrSIzYlXD4X(N^5{|O!4l+hm z)oKlsoHV-yNzxHuMe5xxy>}4IRAhFYIzR!-Zw=)GV&>9;ajntLv}Y{9 zza+yy_3&#+_65vk@ha|r7?0FG`u2O5wqIT-309GlxeSS^S=mg+q{>5X$lc=2fB)gm z0aH~1)5DVWth4MlmnjvCs7x=#BkMCk?)w=PcZplL3z^;5-tVp3qaBcEN+OIqdlK^z zygir&sjTbkkCEXI(viv*lAjO&4DJQ}$2VARQw_O zF9?2zp~CVSl9y*HD^^dF<4D4tXhE?3Q00ZrI#GT@{$QO@md~yWXuxVJ&V11sCVRV^ zkm=sztGAb}0XI^rO>iUVQ`ld_MHFFE%zuyncU6nOclm!>>i9o?(O196+rlWqK+n@v z5v|*YEs@8#=Q@(yzik3SgcW=kow{|o+)M%pSzz_3V?^k#kv*qTc8Apyq6{cyM7ofz z&GeCXvl?uV1lr{d(b6OquosS~#e-ZqgoR@u=U=)Ip}=G!jaaY_(@~T+^@Qr*d*Zo$ zeUSLFV2CtvO88R7YQ3$;&Xb0By|NirbDP**DptC;B0lcg7TdCk+?L9UkH@ho_l=ET zSZ>Ra29JkbgZcX$1T*uSc>aBsVuD_%R{s}F-#A`n1XzVX==!+?r4Z^TDK@_?^~3I| z(Of5;RAheMnlo(owD}mDEf!i)eU7?2)bQX3>e^GEMHrgB zvKg(>G3Tt-t47r~b~Y0PY1h7%l1-|K9YRqVWEn#qiEv)%;cca&o}0HJY{MnBYsnuTv{ zJPX+ZJch_Dr_!QB@pB0vo{uFp7me84^X1k;203p}z)XvxcxU6hW?E_CC*2N#mUjV(-|#iA^|=}JPVPp^nRTuYI3d{ zzia&NKbZAFnY~ zxEdCJ-e@BCD=x%WceqJRNQ2v&3JkBL4yD1{kxeVVOV6-m%9f$9Xfr?zfEbeHA9B&P z5H_pvtK81nx4>|wJO^mY4AV`H*Z8bX)3!jv>CoC5=?miL6`dL1+WeILraQ2+^+=9o zyrTr6NJC(SY%6~a=BaRt<&#zw=!m;6p}uZkkJ%v;;HVz^L$IaEt0gqJ{>7ns*naNA zl6`YLaeLt1Cpuy+l`#$2vKot4sY^Bj|8d zXy%%QSu*eU=ZfAAtgu?0BDYs%zqg#M2ZeSE`dWB+c-WZOik=X+TgO4=&;9~gTsLhk z9zO{_YrEwW6Kei+M-qZr2{DXRX!UW#e{z<4=rwr!Jsw+`rV9EYg&8y zx?POM&5J{aw7DZ3{9k^5NS#|U0MHyX-tVl}tQ&cRw*tW=O9J*qZ=bH>y8iI2m6nj+ zPI_MqHIypHRuuk)8OTwHh8jlxSSO%LyGaWluYq+ z+NEib8Y`_7xfTWoGZTG)?l)=5XnF7S{FhH+tCP!&txAFFzzTv8zGz&JZ|i22tCG{} za~o4=n5bxE`uA`2rj3ZvtK&=gc)-v$tFpVIE?C+JsqP?rd4f$x996TE$SJ~4?>2l_ z5Smg{lSAea32Jdx)ROgo?_1Z#n`m`YaF{R-BiK152j1umEoxGU+^nrL<+tA@)zVJh z`S9NEaN*L{Enzg76LY|p%nzb`_3VB4vpbj8y4`N^yIRMTMJ`9j_+qr|x+=E@ank zf@TY;dS@{bWT0*`amtl)ZIF6X-~;H4r$)!y^QJds*D^8e z%|JxKORMDF<}K6rRFx`7XbmZjC}1ZUc8AR$JS<}3ek4OgZQ^o}h{eSM^8jA$4msI0Se3PUILkJS>H z7?=j?lSZx5l~9Sf+$oACXI2%0yO~#x+*qI$v)z`^gWtNqYxRZjv}ilVEJflj_Lm#Z zGU=g&Kf0byS7Eu3@Vyt0iKov@dPRY$l)9{C#>LB)SD-F|mOE?NuOW0xKCOb)JrT3} z{Cqw@;p9G9Ef&(BKBFrti(gK3Q6kFSXQe*;ew!w_m2vrx%MP`m z<>I17lKBf=Bd69c4n?uFH5MLbaHph|NS8XqY~CWqYov9s zek4{wFr<&vgrKyQZ(vqsv389O74S-uTj7oBh#zQBoLkYI&^3)_JMIh<+# z82TF1lho2VYA6hmnYrAvBcJ+O4<{Ri2{QW%r_f9+PS8@da5bX)OYQvl*|g1~v;_Xe z7Nyn~+6ZnvuFZOi!>p_X#lOVyP>x>euNlS>j`3e0@r+QDbyQ_*%ME0}w6fo@pVd5! zASI(EnV2X-_$kAtjakkXP9~HgW&woP@u{U2u zi#Izu4tK@j6?^mE>bb?)dVri}L6gUpM-xLwd3zN$OU6`s)tI>j-k1})SY`cfsLVlf z?b(%wmH&w_&rdnCiWy-Qwo*F!)fFeFlU%?q3ocuXfz3pZ?^DaxDDIzFHws<$G~5$RpED|V!GE9M{j_>;zA>*)(J%zWR6I% zuz{ZWS@Kv~zkd0DFfU~qmg7{vCY7`-ND>vZqmAC=bkY`q-V8fLPv^%iQj^iE+Wk>9 zhy$?L`cw-D__omQD|RxeBHM}2oeygvQXKBgq<8+m7dj7^M6eSzCZ?h`j}76d!Cutr zL`jqo)HLsryiOotBYhUYEBSFxm{En{%;4FWU7*VCaprMFU=4Hej+`K zotyY?11VPlU#8HY%Ruoc?`4Tx!5**E)o?dUMY-y7o2EXwd@B3x?y)lS0Ox*F6sB>0 zF9R(}{}^GuGht|I?s!xs%`z!dV&kVidf5rW=U?UG7o?)5GG+* zM2Mw_l?aRv{La6x59csZ=@U2H5xYR3RB4w`1eLg@B*vCTK882xdQ;@92J?WTqk|Jo zbiY8Q#rb*sHbxp|2OIrvReyJzsxd!}xVZ%3l*3xvD{hq%g(c}Tx72INVXfT?pR>*I z$BOltWzd9x-L695?d{BNG27PL2W(LvjZor@xuwSN$M&sfrQ6K+%ktA-X)lnFQztwH z4c)?Cd~at|fXN*w$VxCjumT5iqyNaMZOo6?wg^V?7{vBF5KX z*>GSqPg9LQY50PUxb2L6W_L*1BG#L+>epPzkMC?SpNJ~tbqOV839i$~;Y53m$gG`c zI2Tgalbw&ny)?HsN--znAX zfd0sMd(y(NK+zQni;Xvz(}88mC22XLxDEYbpfnoT4!;S%63UY-JN*g{I~jaCUR-+j#~vM{}eY z(x|Mz$YxO}4G#sAG3(4nqvy$WsjLR%eQ;gVO=R;o2KnToB~~9bEVwndLhMunCPI$# z(!KY(At#_VyUxo{cJF}i1YFD@-Tb5VL-!wU_jVw0 zqz#UmxSSI2w<}*?*o=Xq_CR-qf&Z=E@8@Pe=vthTztodrZ7j&S&MTF?d4St}k4Qj< zN-XrlLW5I;mHwWW$$rOLXq5nSG_uSoZ?1F?iK5DA>NH)-h8RsApEtCeGmE9uS@k}! zTi%e5sAD8G*^-}_-To40{mxX+6VCsx-Sm;uzVd*7_X6}`#LjbykJfubb<2Xt|=(|R^B_7u2bmSc@k^7GVRM4fN<7s@==Q@W|6$HwPvXVh= zfC|dSIRq=8KQooS>)A1^xYQMFJ-B1y^ye(_HSCZ7d*m&^rbYk$2-16w(ElE`7_jX7 z-=mD{|J+5Qy{AcMEJ91SD}lFnGIoIZz0%8%dUR`5ssH>t=kaH~>lo~;r&GYwHZ|tq zg?jt@z<=J0H|OunZzhdQ1*51#3tcf#m3s>pH~msdal0d zbSjDo1!`&k^9Ww$=bH>D;LcrG{r3|&|F=)<6@L66;_dgea+a&g^y6_yq^rx}L3Z%B zsYU(tv*7iCVc@?jV?P%v9c`Rn{)&LDJ{MDi%W<|+{ZqG<2Wt9EaGqXdB1CWq{Ui<9 zigQFT&Umc?}vwnGbvc7LV6@N+(XO`%WFTa&wtzZMBdavsMik1cz%m*JmhgiE&mt%c_?Wh zeKg)=^uTEWaFcE7jtOUo5^QfLA$~z1L@SjpMnsOzj!Usr0stITHG@wNM6D%as2aYn@)ENlb|P+-vY}niI%Og7v81DHNjKxzk#nfFLO$;02^C9?5*LKNI(Uzr zU*&w2QMKaSkLU_AkiTbLrxQWM+274*s{lN9Iv2+ZQXGi=z`~DXMU5NZX&t;UxsXE6 z;Q4Sfx}eN`=;_0|ulnOyBW-bG&OS1YPq8?rrlw{U@T~XQ=^Ngpyo+juX{70jnXm5| zNk^h2HeQFp!(IQK<92e2{e-4vC3mJnTfzdN-46=HEjCmET8q)HC7;jVf+zZQLxG8e zCnWdwQw}ULqu|KBxw68RKNS)Z$6?w6b}~o1-dszh27R9ICaG{S52;SW-Ln!q`0cgB zOxw*2LwEZ}&O3Jom@6mV}mbVyu&Y zZHv(DX-Am8z#hk^-{f*G8{qKt&>XX79KD zUozRLYgpj|2Bsz?1~n#NqW#7`lw*NFH(&pNP4}9?%X0}ECdpPXLoNxZtGnsgrd( zVKgS(X=c)ewB{NkcCyp|sct!kaNOwE2I>M;mJy#d^tuy!D*Nt7!N=^?PtBq1Pbte) z&U)j1Vk8VC_3I{XS7#TL;fhD;SD#Wh8~+3PdS!ocUAPoTGw?S%%Qz`rv$Uk2s^Ahj z`Qe8%pE*}gMH6THS`%SG9oR}WIo1{`+M||b7vo={F6HA}Siwb1zsD182{2PIk5@be zNYxV-y+o9d*;M52^|6N7@G_^Z=;SBqs9|KY50E>Tf&B6ZUgI5!u7(^=yxVxG@iha@ zRe=Im?Q3D^y`@;A*tW2SRF#aq!H)G)ColAq5ltuO*{W*(R1|WP9__?eAN*+!4<#mt zed*|*lx3Z7@u$~IQ24dBxQk4EEh<_dB>c5fs#3~jwo4m#aZ4I%qTmtE(i(^eJ`DYo z<4{Ho_>1zFN&r)~IBV<7ec?}tGJ5De7;UaV;Fw@}P z_Wa4e3>*>#0i%M=l$3?6BBg_klLQS&n1rOMB+{UbqPFLdtkoqg# zv{UiWIr@ZRV8~LQTjg+MDJy_dy*_2(erEiITo!3=ddrZ%pzq;!*>WdvuXk|fIK75i z|Ln~t35m7R4^;%}2)3KAs>3e*Ghtf7n!4}P)-YID-wfS>Fx*uWP>l%}baZsJwUs-) zCxgux=byNFTISs+C#J8jVRBl_4+ifwNy9>mVP#_dtiV6>#vk$5>J>d=RFtlC2$`x@ zXOLz5l3ZgyS{cjZuP>?IjmKi;wn?_D^^(7O<(`|_oZ7iM=3YH_nWQc;!CY}SI^QG% zGr{psT2)s+;*7|S7K95Uhpi?JhuAKfT2DWHTJQXIN!Mh~Ub&loh1pIQy)4qLW)1o( zJf)TmY5@qj=-pa+Z1sYg5_Mr)(s=dps_|Kz9`Cc%CWJ;jO0}3BsRGuPbP8SjdNgVh z3da^^IP4`nPc_jd+m0!SQuJPv$Sqc70{M;HH+@Q6$b#;k zzri73QF?tNHxgB<(zD9hqPPEJ+v@2`yNlYFt@LSWICtIm&*gz<^?cj~6X0RDlIDld z!{cliU{7CMWM+=CV{Ox|Ytz~BSJ9qs)V&B7@T2Ko+j#*sJ2m>ui>cKg{*Ez^?>@oy zSveUqv%gZEy8BsbOW{FY%XNk}#x*m>)LeGu$n~3Pb9ZVpSjhZY2de_8XB+#H?4DL% z7+rj7s~B|qVTWY-gbDIWT+DX)*q=Nl)2P}jGKKmhcci-OyZOGwes|KbuIQcb6NJmb z3tG~_U$2B86X=d&pg2rBF3`{XEw3lov25kyLhh%_oP`*VCuw;k+X!gv%DtLP^6y*H zhxQZgHs-AtQHa%=`)D&GxR^e=xKE+L_lt*U>cBesB_bA1H`qms`+a$eU16PjN?T6A~ekkyfN#tiGd9}!+Clmu@bpH9exf848aRt!B=#(5Ftx280>A_{r9xLo(w#v3%u-V-NIUD?ctx(YoWUpgdW0<$ImYF9!9`eML2RY)md6u7q932gMR% z{b*cH8~95O*1IzQ~mW}U_(AaI%w{6(S4^QBfqtUjlF>!7bXr`+Tl3fd4YToe2= z+cL_0_X{@(R;Jm6yYl_xP30{Xm?|t>@3t3_sZVwh^Br8K_t|LmV50c^SRS_pRFQ4N zB*9#SayoUq4l9Ws?;Gd(PbE5+N|fW+)L2vozmic{W=Tkaji@Gt&6R{xwPuE&`OlFb zVw5}E5`9#vK4b;D`l_Qn-B?c_Fq?LQmL9LpJkZF+OQzXBo|c?l*Nt~77qzzjrU@5SB2^>d08 z(jUYm5PKCrmYb@aUB4K{r$tqPevXgB%dwQZJ%=X|3r*HCurF4ou-!~=AXFcXbw#8% zB@K^KcuP{Mky*JxnQ@pL?`}e>g!dE2_H`noiLFA!Rk#PbvI+Luk~P@y;ECIp>1Nr_ z#N1qx6h`rXw(^hN!PIj=#`52@Zg;V9PuEezjIp4Xqb4t?4-|QW9jo(Z1LgJh!C&`@ z6mt?L7aS&oi3jKtPN@40LussALa3DDr2TA~Wk%2rScOGn{@;j>siM?9L zZ(~y%MSMk92Lu_7n!^{FBb;Q~6(GzbGp$ba{8s;HPJLQEM+NuZ<6ox9Jf5n}-q)a{ zFwmya+a39EnsgUQ+6>U?oNdu1Gzwdkd?q-%`+Wi<$3-^_X9#JZEmUw~Y1l_KTY$p; zo{rzM@1A}Ybgk;}D^`W3Laxis;d8V(KZ}R#zittfQ*p-_c`e4Ou2Hd6-EsowiX{Ji zw(H$CWoTsv1sy;*h_WnxM*elyAyvVLSUz92;$vDF;{pU17rNlBWcd!;j%c9cW!T+28=TG#$&HtP$% zd;V?DGslIMfr|+ofc(k33ZCueQ;6U*J#)ZGDKYt2Tk(wDQHjtlc{$)MthqK4U6DoRZ1hDLiE0vtN zOU`H}{wh$i#%hj;x4>JMf_)6=fCdWG0Ck;`IThF4*DPn9hxxjl)=F#(?N}ucRXC)I zQ=Kns@I=QYwSTVrhz-l2feY_nTNR+uRev_^15wR?``hkAA`zJV1I4dm)#*>l-oNt( z(Thm_%?c`v(Rf27t3WVQBUC>gi9?qxi_vJ+!OqYZ5KkdiM~m z<7ifJI1`-3>Cnc}?QK#bNIh#R)*6=lK^dAM%h0bJHbVj!Zz3z9%@RDoS8s#!Y0v3G zjoR}4v^YsXPS7GL->xuXKQc2Tw#uW1-Js+es~eNiVR-PahMtf9&v)h818QxQJD+3) z)MWxPrihDi8kavzcJ4uY*a{|HakY}8KKw>C{or3p} zXs>JDBt=tb+WH^vz zUdqMJzWXga_ho4&->BuM^OH4ori27bW*GIW@kR4$w}#LN1YL*SF%1-I(j$6#zNAeK zLid-GlkG}^JHU^SQS}IXUT5b&^n3h23eJn&S> z@#`edm2XP6;v6VcFf-ik(7x-_DRxTB;IWt@?AY(n#Vu_|ei`sOGw~#C>KyB40z~={ z2Av0Hp8fqUx3q14OTVkDf=qx^-p!9~F_qO*h=8c4$ehlkEofn|>d{O4`lFD?@bS$- zf_;qo`HNbRC9u{=i{d@#_eM0ZgxwdWJUF1_a+gmX^iOh~?24ki%d%3i^W;9O$^fTA zG^t7FW@nRHKu_g!8nX&Ds>#ut$qIbSmb_$2>9ujkTGHEk^=B)g)lfPH>=q+efgwf~ z}E<2FSYZJx#Bw+yJ4r3;sQ(#t4`Bdu{1RP~rbK8t+G$RlazAZ??H zf-9V|tUT+LPCT7a@dwwZt_GW}$R1f;!xmNhOcKt)h=^mNNaP5*PD9Tv_{n!4$%Gu0 z%zxppHS9!IugWE2tTz9(208b4%*-aNZDrFO7w=DgEv+?^XED_i#}d8xOx-D2P)Pl9 zL?^hvG%ZobH7XF4E$faRyJzUTaF)}{-(AA`d$Mw(g|+CiYHv)^Nr5kwVf4p}92Z}~ ze7mvnH&lQjw_pm2s#-b3{cJohOpa5kJA-%_FL`rVykoQBLcf;whdE$zVUkzC$5qc( zIG?DrjnVxzU20})j!kwcibJen;;9AvPvd9e8qs|EpT8xX`r3`L6s3$bBN(9P;@LZPc&`IXA}k0sZbDW_#(ZWf>|FgGV1 z@MA$cYKKm@&i4tF@sXh#vLwi?kzl{Hr zK0nsm#LM)zW%JUnu5Wf$QCLv`iVvU$U*E@ZIlHUz`}$&+A4S;>&npfXUoThJ;07-f zmt5`VCETufZ_#heo~>FDN);%vw25yK574E#HcmJT5%B=XA^xZBD?hDvU77k8?os3= ztJ79b8@h7vTTE_Xf=C@{O>PmBlewk`zxkT8f`_BOX#W11b|%@kELqw%yudDAjl(gx zWsOrfw$EPupm6QHw+5S|$o#KClz0jTCC|W?Ls-!wntxlE_^sJjtY7A{OfKK#=m)AM z*8#0Fs)Lt~v&r>^>462$3CtUNve&Q1@oXr5?>Zo*_w zi0%3AXnt^&X?X+#->VR_xmLx1*T_M^NdL(?^KwKg8F<$vwUoiwkI#GA%1e?H^A${G zVMk(ReWp#9$9y5k{lXUEKaS-u^L6fgwkEh(#yfVN4i-4cZyGPY)xG$iZU>7LaBwmy zL(nHEVCseELr)R|V(J|J|t)MxSGG|Czd6{n0i22WkK0 zeLgX@=OL}OOHphsKwhHq@2d5%(@AKa^E20j-qC)x`JZ#&5BH4m-f_mcdkiHzS$maP)|_k3`Rt%qY6>^5(O)AWA-SQXD62_A zLOMx8a!&KgdEz&dtGFA)Kj)k^6<&}O_upM7-dwbLuKJvWq%7?E$=gfB`>XF20nQ{O zH(SsCo$CPRnG?UHaFKiMq6M^caewP%L89PfVd3Cx4RkTqxk7y8%^M}z=h_~|+q2Vp zRPGt4c)a>n)d37mE@8V3Htd5LZ`MuN_8l2X9=lf^i!@$IVq~FL$}r7%Oh>+$S4-Wu z<`%~MfHL(-ra|8wfjdGQx8&q9Wv?=Ryd^8wa^cp;E7z(A)qT`mHwvT%XRmD^3spVV zbxqlv)|oqch5zBFNSxm9%l~7Y->DQp;_v%QvNYs>eSY>f0(RlA&#zvaqyBC}Me}d- z0J;BX^WD8R(j?os0p1Y#&ynT9r((yle*E^TI!=}mHJiYV2W$^Bt%L`vf|a`>8+ng* zY0`_%H**GXF`o7Bzm?ED{WZ2f-w-f8D0OF?*?a|oaL15EXCEJ9SVt6Sq>YL{B{rZP z#-Kl>!LkL3`^|C9#$mLL6aj37B)cykfJx7~x$jNjLVWF?oe(VQP%7~|)f9qfKzi_a zyyR?S=26t$i{_|I1wDnUt0PWKqwZM5hzzwm)v0C$uI>FaVjB*x3Td3gPqOM=V*j5y zeOztiTxzmrcL+MJ&se{u?4seL_k}P2ss}nTlGO?&CeH#^m)Wkf)@D>dn$2w}u7?>r z(40n6W&N)!OzFNUq61rMUL*CZaGt^af;Db(_PksoWwD6a#8&68t{~G&j4)s5?KPV4FEl9TrJpu zt2zJlpoEQ&=QqAXHg8s;mq}{YGK@ARCf+p!BeoHT;w3ps3l~yqntF+;IWDFX)i@MTSPo_gP>-66U9Df;o)ZgK&|g>7bClv3aw zcTg=_8*jy`ec^!6YR@29p}}p;+p=_6Rv?e6xaN(?C=3%LKVh(3TFXeG^*TECE(SH} z1C@2O)=WN-kO2M>-UomNR<;n40vgqawhXFAHkb2B;{>`yd@?Vp%mZ=)xO^d7TvGE_ z7j>MEAN~~f9%lN)(3SmDZP8U3o$v_N@2$zq0{k)OJ^#UGUmnfm&?gvf4*ii{So|V1 zhrsn{{rOOc)jmlQT^(puM^g6m+)uhB&5I;;5C7Jkv*Af=v_{Ou2FbcbT)j~_H=LM3 z*ZiJt0!Tkl3CVa31mP#jbtGWMkY&&eHEh~@_^#`Sal^au+4nKQ9&rxi@||2kHEs19 z803S`*6T0o>5j5mxo>Rd?ie9&2*d9Cd%uKz+d6@><=@o^Cb_To5Bo00AYP9+tQc4( zK5qOL+s}?YeDBxkj5^qqge3`&>+0#10P+%rud2)9=Zkn{ZX{oRzMo2Y%;)P1CR?nj zuFdf9RxgmW7rDla=&BzU(}nk}=KJd9zn3qU)ngn6%BZR@og~qUJ%GMjoAs;Z&S5!P z8^#yhV`!oJ6v=P2a(8-Q-OiLv96Z|s0?DOKh6 zh5EXeC^bjD3`l9~FohgqszT^;QNy@xt?B(Vt5H6Y%{Mfr(l3xnRW_Eat(mEYMb?>@ zN%lhjR5L4rGX zPoq4Ui-h9p>vcF7qhZrZprV2<+P!*{j)KHwCZ?S_rv`$0$1;$=q1P}9F>3=|7s@X> zPg4GunR#}ga&uF!Jgd4dCMZ$F=4h=*Sahy(#K1t1CMsk!UPC^qKs!^YdTpl8hF)?! ziwoh~Hu(e`7>987!cO=dlxBLE&;S#^IL7DBEw3JwjdG7n;5kB|6}Ayul-s|)*40gV z)=!^IZKe*iz1T{?;Z&ssKCxmV#Pd6yBvg&;_NxCc8f$H|)FK-+sF`wl740>Z+t zQm=T#k%U9)CwHL*2Sh2yhzDh#f;7$mN|+Iz+RI(0KDhoC_P_u-eiGCX1)G+Xvb?nT zi56R2BIq2M?Q;B`;lV1(1L(ZXVWipEL)E!(?r(+ShiflieY=x_d)-j@r1_vE$cE&8 z3TmD}cn-gHgCrgI$Gmq&^MaXntn=XW_2X{G2_|P!fBv_H_g6XmLmj$5TSGXz2@Mm| zy)7(*ngb`pS-XFl;l{!^yYXXpRlG<<+@q1u?X`qH=gbI2qEFIbb`yY3`v4@m7~Oh0QCnDA5fTrUw)&=m z*-fv91Vm6+VPT=Pl%qO!fL~OPI?wk0z=>S9$z1#c4EamnmaM`LN5`n)TjL~hi!kHS z&V@_IHkQ%RI$R~i(yqtZH6BXC7aj$r&1n`i-HBM+$V7OBopQ?PU}8*fLRk*8)}@B5 zUf&(2X6+yBR05SYzCGRx7R}cEF+jncqE!YuF54NZCEWFZhs;S?`p9*+Y2o%5H0#Q% z=es{OjQ2YibG#aVmYQ7%>YBNhXiJXHVd+Ej_CIg+}8=d z_@HM`k6vm8O4Hw9quUTHkxtx6QGQJWwI07WNp5bl-`gI~AvshB&6k`Qo}8O>Dm@Tc zaF2LlXC~#hF$49>k7v)7>*e6szhx2#_luniUrZY>HpI1$p^pf87KIJR-3KmGeO-4& z2S_?op@zte z%irWXH$I)@o!jZ15wM!AOiU25e0u!7Xd)K9b0GXBslY`R=sWS2mOnRVjW;fKuscZS z<;M2sxmW0y&iogR%hS8-EU9sQD+zQmVX+%UjA8&yod-+%iHBrdJHYHj7@=?>V~I}9 z^*dW$l+$5<;o?0%1L!Ln2FI3Sd&X}a+Z!Kru5ip^K8@!7Dn0sgC^ixIg$hHi4nP~y z?QH9PmwQxQC8z%0Ij#xmQ_pi42>2c_R+DJ?qoKisQJsw{Q%pmP@Y5`_ z(a*Kb4A3jrx!C(C_qH+7v)m8sEyjc#QWCP~Sk33T34Qui6>-rc8LGK{imgEKy{ALS}IRuyZ zVx@rcsK=t9J4jMoM5rX1RpwVV1H49u=xtn{yPn+Z-rNUb(oBZSu%gqZTh&VF2JY_~ zu&WPh(*{TI+$pOge3B|DA9inD`8=1e-trc6L#toa&jZhlu`f(%FI=15Nr9qmG&$lk z29IRsU0x2yrbjP>QJb^#yO z#jq?b*(3c#fMv9S9BkjP@~97iFwq^7@;Ch>Z@XR%#wZvzedN(?f!7IQ_bflI!z#>C zA17B=Y;tEOs}ygB7THtPPbEV#!EVNDx49>YF1Sf+L81iww&VEVIq+_S&Col<+|2q}jWk0!e+9Jadb zkK3+ig~{kd6=3BH6G!=;Xn?fhc*xZp;}LYPiQ1?x1>3wW$R@Gt z9A!9o8JQh*TR^&ljC57&5W@lZ)Vk=u;3xoPQCa2?imSLav|)O+%?%kb2jXKOU~^|(N7zFG_6p#{y`{zZb^ z(Iyj}A>IDpC!~UtCu~9L0Bd~VdZ|@OfndJvkbw5ec;|YIf3i)wo8R#H{W+!KSpR6D z!3+yGutexei?ZGwCf_}`gSryoWl3$z%Lje=`KbJJD~rtqlKw?m%3qSj9jQ|e+^azj z<8{3vA{MSZ+l>vI+Q~i=$~3&6lL3vnW5tkblV+)rHStUdh0?fb(w|Z%D0%qZkGAyA zVh6n4yD?XhU6R&x{fn+jRrk{;;&Yc&+HE)l`?2i%oRoX`UEf0t`gX+HjC&2!CQXc4 zD}lcd+FM5&R4vxZ+6K-dhq{(ZzHJaw4z?*4MZC@JQ5k4%8c5MR%#%>(u%~)M5WNyLw4NZ!?HfQr&>#Oyk(8`p=2T zHP;cQq3GS{yMaimEl$mYhrM)D`+=j<{I&eAd!9Jf`NpWdr${RwJkryuFz~8k`l)6F zPQ3vl?c`))Y3^lS`brEm%_6n=`tEyv7GOU&Ph`ikvgsD|c0!=LW^#i}k3aI&;ZF}B z6>x>gu!=N1#HB0TXW21Bi*`;_50&z6WUgnLQiU~@1x)**zX&1oHZ)c%Xg9^%M?p<7 zwH?YfqMQ8gTmK+>H)ZBi>}|tu{twOd%(h3~4l~sZ`&zi5!*V?3Wx|kxV_aX|XkACb z4?vM!N-}?F{d8huOk*rNg$*GUn)7tYq% zw}zA9pNLyoyjF^_K*9&QjyiYeS4M0v5L(5z-s7=x$)mY%{1WzgA9_Y0v>Fd3PP*R& zxv%Gb4=8G;dj+M)3I`hS*N%$@@uf>1hS&Ef-ZaIoi?`h~=SU$~O>Ig`@RxEO5cB z1a;!Er*0td7)~kKLb)I}9B6Xa4zI8|{DZsrjPM0dRgTH-9@N2nB85+HLVcCp@~I3( zS}k{2EFgKJ)oD>?Um5E9Hdx+LY^(Ou9CY>SxCqvNUJK4BU%8G9_9X&&TH#JQFIr5IF0gns2Gs!dRLxqdnv0yv`V2WN3;L+-)T|Ky;rlGkbE4zVF1R&XU0s>W zufUbkTSxFqqpqa4?xoLKUVobRV%Who0M*2XU=(SvA-^xM9`yhn<2n~4-di)|dQ(-b z;&NY$_{+g}58n4b?_3B-H+qUVAjL3{Qtl;0yztvtmgLghbKK?W2JM_=wTJ|)3)#kw zv|P5V(q=V0_NG6G(U>D2Sv}c%vc}2s+I>F9NRBS(FfHlIa@sB4NU4*(H=8E5ae6vk zPMJ5qh$1#z-n~>FvwCy7THG$(XR>C&AhbfdsHUXokl8*%Drd&$lf*igX^FzyODDU6 z?WT&a6I!J$?`rwHmlS3bRcA`ne0MED>+6t$fUjC9w6z~eDcIx*RduMc>7%(P$=WghJ=K9?u{>6N<)CIM?)X1mr9dzcjqAk z*EwfLx#rsTn|*5{>7lLzZs^#@n ziSda~xh4Bwv8#t_X^(Y+bnZnV7j2+#sj-#+X~EyjHYIc}l_?~E2- z-GBG;^X6w8`ACaL+w2p1S&=kvk6JgF4#<8Mll3odG7ONJ%;py`w7dfazt}WTjcQY% zg&*_Jj#jNDux_8*>u$OjpZae6*|x83oG(v*1i`%~@%D?&%j~x4a-CAVaSk?ARu+pN zJx?^L)~Q&Lzow#D4%d?Qj5Qu4eRR*j3F>&0By_XUl`HTg9k%O+OYyVP1yFfQ%@k!n zUZ(fO*wihp2VmOd!UR2+9pp`n80{kDl(1XTxFyt-Fx96G@aeOdTKcA?_LWwiiPVR`^7PKm z(%l@1JiZ*C%LhJ;-0Z0S4$m>s($NW#{DW(2bC;&^N5*Wpj7;4QV_FePlo`!e_igMbgvY zyp2}uQYKPA5oREwu0u4|-^rrBd-S-W#m2qW5Awrd*AJw|Uv_tM z>Wv9kvO-nZ5z~hC1uq)gSoFnmo$v_Z`u0fB()rL&r`9)!S&3r(IdE)0ZOKnMU6_LU z-&)s0@Di1V32rfw2Qh7Y@v-Q|G9xf>uUQg1B|x?ZLsG$qd=${Pv1!;-NlOU;+uIH) zmhNC7+JWgN!!(l7AX6W_CrU*YausE|)(TYnau7DYrEpW#^NE=XnrsU{QveThJ5i0} z)F^7`@U6{!>zwT?6qjo~q5eSBzCaAAA%J~>Y5{wXCw0LrIuctRpxlp#Vx_rDO6PFP zP{y~qU&GwMTEVL@`;rprdG+Nl#1Lj*++wHclyH%9b>ZXi0w>eo@jDkOe322EvgdCt zn*r1hOC9Hra!;uA$yS%p{j%vdTN&Q79v9y>HXTRw#j{4#2Y7q9F& zeytfK$MYWYB@7as;$B=+r2_#8ah)#%w!r{ShX;?HC%cNotU_qrc!7MBwb0Y1D4(Zi zfj9rSZqF+Nm}lZ=5wrB#@Ut9WgLywPHY#cAER{(@b?HyDfp<|)4qAK{eh0$Y#QxtW z0EvD4@8k>r8=JF~`e}eoZB+YiNrv!XU%kz}?1B~XVuGy`=g&#Y!=!}s7{)>NS zUHvCF`cuTk5UDzy3sLoe6qrFu6#??<%l$w38xoQy1`#k?RbsA`@2Iq*Y8kYmuP@FN zy7BJZFP6<|tnnjAF`uflk%z0si&sVcKHBu2g~eLfvjDB!H?AgYh@KSKZ`ghNY(9+WgvifgyFKJY7z74hwFWDi%e98@ zTmrE@VAGvLvV}z>amLtl6;qw?SkxRjM0H7h45)jQPx)15v zoEm}z5{h!k2ZtP6X=`(Licpy73fX}sY{n24x~An*qQZs`b`Un^aukp%5#-o`D0kBU zZ6RqpZ&%9NU5CgR$*5r>3k;NSHS*&haF~ru9Q=+MZThuP0yX5#EtXt8NIos&%@+Tx4gZQCV?9^KBLiO1Fe9 zh}vA^Q?0AwbM12p2RYU*9vFf{ zG%;f6jB^^|ZfzQGW*%yQPkDt#^l9GoG@NuYZ0`xx7v0X56yikO#_pHhVAc8(nt{ru zg5s|5P6Md6i<&N(VZ$8aZMk{$kNSh{T^F|A+4m$`pkHPxyKSO#mXz!^S`Zi$X(n?5PrNf=m5Hi^B@+{!8vE&q~3cl4{kch{ULZH>qU3D`Sl z8oD~jwAhQi7we7reJk?!3z?;ys){wucUhKu#`4Z%EM}{z!96cu7AC<35f}Pzlb&=g zfOCih)22DyuK6M6NG_sW;ZdR|82uQmKrqTrpbeUEXQDLQPJ4|}&z1g~ml5mhqK3Uh zSv586x~c0yk+0oDFV?_8U&aZeq`aUo9t}B0l`qwOCi6KBa#hgQ1UT)KAYjcS<>-!+z%{o0OS ziOtOWRyEH3EqL`sYtU+d&Q3H3cwnzf8_eea9m>_^;#N*ozdLB7L0{`Vj@Pa%di>>t zJ$huN$Z>TSxGJCN>^J>B9Wv^!mDCsVOjyCN{UBnZ;KI=WIJERXR`17B?s5BWiS?aZ z(qpkuQc9>$Vg1u|-=-hF4|Fw~irRHX7;C+n5BV~5uA3YOphpCea(wL3jJ37iKT`9B zmOo;#hRTFyG+JI18i46n@3cU-BXEimQ*=(PzY>2`Wh5mtsRkd$67~6HUu{+`J}l+I z(6IZAf#r614y0;DFVd97==f2e<%K$%Q}gF-4BTBWXlaD6?zIe##%LUZf-o3bxv~77 z9R0D0A)zK@8d>A89D%L2AujwwyL}RUk#h!i>#?dCz@Iy5kMh;YKG_WQr$-t3rN5%w zW>;yAt1Dht*;Qv)VJS8n>Q<~b#u^$61^T!ZG(_v38)vwhl$Nb*XwrecSfK!t2?be4 z7D_7>QQ7f}AbWl1jQce#HRUAV;W zcIsq1oF@B(Q-u?ZJhU8X5QQE#G@4-5JKk=#-3rnM%{=yk9B}gn$##$3+m1=gjswt` zB&-E(=2fotWT}IHC?~;y1jqfKnX6%}7#>e4QBmC5x}NmSLwRq&Jpf3)O{f|)|FaJ5 z$LUANEr1VYGc}orVPy^%E3!<|jPmo@Osee%BAmw^Dj8AmpN+I~NQ`&7V~UW25=_4; z9TL(*c(19JBlVTLdWBsY_v1C1vP2zbQFfqs*>&)r*buIFJ3ETh1jXbop3b{ zauM`|f^x;~-M~}|p$fCEVvWYru0;ivkp{KjJD1t_i^qaS8f3k8*fzSfTah2cs;+)h zJ(NtkZr7ZHVCUpwWAnz^CD#u$Ih%ZENL)5PIr-?YOV+uDv%W?l{+kH?m&$}7$Cug0 z67NC>i8?+h>a<8^HMJX3sZR-+0_C$2Fe_POv)O^!JSJMN4LJWT^89G;Q;D5MHm~Bj z@&m?w?9LMT5|YAom^;l&MDK!UwsDzfMd5Ab!>v#xKUdJC*Hj6E_3O8%IcmjL=7><_ zc0hO4?n#^4W1S}Y&#mZO0#(wDrRT5gwP;!fogPCupPP`iDlOB6ZAKay%Qx+aM-OsLK>yJ{e55c@Y8V zZnCSnE7#5;*7Snr85K33?nGy~p;y6f`TGFvjTkE8u4U=jL8FP_~kslY{^#@lio_Xyz=z^q^O!or;}G;wvi@s%`Q1=4s`@z{wdiCBRG$^eKrR`~>OQMH!S8>Gb7;o2sE?AzZc$ z+uziy-NFn({1}&grDu1683#CYKI=ekYL6c)g_b*#{8+y9+l?^YgsYMO(DdsXPYUVc zQ@+Wm><$-q&;A8o{NM;}(Q2Tw*WI_emZ(&yOwaYCnnW)7YxU2%hx+8;-XSg~#Zk6M z{a>VNN4%7dDGfclo%#ZfQR%b~c~75{t91&Y2tG#b2OBFdj2a}Pf?_a)s}mI#N;Aig zKouWAyRlDLTn|;yQ$p?($m5T>hPtoj4^%?pn2{`Pu@b9WahIN!b4c%9;6*J$fSPzW z{W1DsDI+T-{U|P7Zm`A$wInB%BtoaSGLlVmid&(qEI70z{1UMy@Ef&oIh!Ay6xi-; zR}`*5$G!^))CEVfUDy!BtOWW!eJ_d&A$h+1{N`e%=qHwYK}#~3UoIv4mOouMmpK*i za**jze(~#SlGh_C3WITL>8zkhmL#sG)m@0_kYbiy-*eW`u>NVs=YB=&T)us8XPJJ+ z!Mr=!e7yiCPy&ymt>Wi(bp_dioz2vCN)&650cliDc?E8>9DDkxpB&<4r9c}CLxOIl zeN~rArO?2&P2luq!$Qf_r5G81Y%(?q3JZyfQl}+@sM0pP-%z;Kk7yh(!IR3d-I+NN zO1E>>C82pgU4(uvjehn{=LJJqDREu6_05c$jlhVK9VrBl0@~FaMRzrS+oL2h)pkp9 zT*Q?jjys(98-MQ_!Zynr(bY3_UOF5*Y$L`0T+fgG7F|PLbB~I#WG(OIONb|(lb0jF z*XowM13lc^Ch$F^Ho9CqyyM%m*DX(W`!4T2NN@fkrSd4~>Q7{)90k%LU_=Y2#lxBY z9&LD{623~Y5Gk=*6nClCT*o(3o{_HB?N^O+Cc6VwAJeug@S2jqz;C5n8d({{Xl*=b zI;C-EJz_?3<(4h8iRliZsLM$*^1hb6knhjQvoVbsi$Qo&GXrF*+Zw%yxdXBwAlW@r6|ZI`N-83nt)$Yo553JzUd z?Va9N4I|9ZB*L&YOf$O&n;D%Ago7`iTnk~ZQ-y7o1RGZgl{0{FmM4+wBgP=Bhh@C) z(&5|nscSRKOnGAJG^gOU*pc!Y5mXcX{2WDEvWf&nLWPGLVLqlU(J!jiFAm2Z5#NwH zab#io%9q|R5=V$?OOy->RF_3A$u0y+su_rs!Go9>*H(8}zfjH(rCZmzJ#uCMIlgKxltKE;yV^m zsq?tOr3z+yew{FN(0UTFrq94=dV>4VuHK^v!8kuzp;qUH8e-)zC+}TI689SxxVpZV z46`cetniq;Qg1hnpAo|3epP0wm&Y1Y&7yDCx^RAAsx?TBKvNCW2F(~rcDxgD;Yyvo z+VnQO!U&(OuTXOiRkN1`uJLBLfepPiZ}CX%w8m9IAJ{oLbK0$gyfSBZpO@bFVtcIT-SFyb51U%8jo@! z&QG_MJ{1aZiL^?E6t!O3WKDmU(Km- zRZB$zK&Hb-X&w}(`7b9ekZpM*-dURctL{PP63o@r9x;XmJ93Gfa!84JXq`+O&sf=K zxM!$7!Z0u_$D`V|3xlRF?9GKy_`UMGy6e&c01Z^+s;35jJqgSuPgOn9xjAY-`qfXG zFh7X~%4s2`{f^BGDmqlMAxm6{rLCYL*8VF4j}JEZeu#c;o{fT??q(_2uaAzl&a<96 z!xCajn85>zdqNt<6AgMwe31>KT_m}nW4ZCe@)#sn*K^zEA8H&G{nNdJU|AIVq9p`mvCqEMhbI$`R*TZ{PJaHog zGoAZ@XEI-%l57CyLS6*%D#(++&I~`3g!5{#lib&LyNQxOB@IrN8Ga?FcgMx#W!InG z;@Y7U{dnQ8dpjE+-CfJ)oT!)zL0QsM|Hwl5-2fdet<&;Hg_A5Hy)uO*pMO=v1&pk4 zEg@z#g+9hFyLXm5H3$gr<9AZPkQ?oHf{Rg%bIHcLQ2zml?JnT1niUt6=g?D z=zX)$iGbT0B^G(Pxzz zNE;9H6WcvO4TQm;$_txCF9X0s~xOpzO>YIrZ;bJs%Otr z@e22vn|F=OLN+h1Kiu)#%nU;~&%OcMdb+ee-n^ifD#$yx9lwyK+Pa#lr3P<-HC7e|4H=);wHDm7nPiGSSV>V-OZ5 z7T}+d3lMT=VNL>m0J(x5Rd4v8dcJXYZK)Rn07Zktb)-NR_x;&8Op8h*~?}Hj0EI-Z@;%@owvAntMB2t3bQ+6zM(de_VQW zlTQJp?_wb6w&!qk$o!5^F%D)$*Jki>I!~#4Tyh&Wkjy3Jkouaq*Pjx?4qf6-*n)%% z#KE+uvCIbG>f|4L`vn2|wx(seGCt<&ocumfP(SQ(TZvnplczwa`k?MbOO$uusLVPY z-?_&1^X0fSwXiM?Jm93cd{doCB}kodpZvJoWAX-m;FFb%SVS7ccN!nD)43oJ2?~j! z6$WPOf6L-=UC5vhYBX`q!n9X8n~dSze7k1q_^e!zazo-k%ye#Ku&TFt#T{=O-J&_x zQywWdhv}I-{D=5_WQW!sUB9*9hVPgvPuIfC?R_6qQ(l$5?GWDVhmfhfbDW*lbt+}h zYU5G5ZQU=s%=xL?8zmUD$d;)4w)|$0bow?g z&Wz?jZg(z!4XZ*@qJw3X=gPXH#Xg&i*&Eu2xna_y^FiRN~KP8-KObXvPE>g_u zUqBj79frDA&T5jPVkc8zJ;FBHU_NyNRdM8FFtk<#6;N16sEUf2?i(rGou%!|?O#aJ z4Ms>O)1ER)mW(g8Xbe1+X2f!Nt!fHT=6c^AfF&I)VB&YU5dC=8G}oR6L=vp0*uGLr zczTf>Zy{1&fs0~=rbGZv+9rNvCeaj*$Hhi-8y~~qw^3I@=w`h`_6NMT2#2$_m^RZ5 zZr0u#XvOij0^`IOpvCk}@3fEM)Of{rt`(aPA2`q!z3sp8iLuLv^lhKpbh+ozy^5h> zQSkWAu`xm#SG@eumO*GB^iJ*T8qGeXqBp7|K80>?!_vGeJ~Whe{|a>0c^fLb>igQA zFN>cu*lfaf{38o3LA!@yl|%y`^O8gOUZdQyy(OFC)vHed*AjTHUx`!&U^v(f!nNf} zyT*hfm2JQND!naIz&Www`NRiZwQ zG-qzSn3M3p!$Qr}y*L&?FV7lhJ5h00_IQq^l!IfND%@&(cvPCs*x7RtG5Tfh%92-` z0;DP5pxz_YD61$5yLYK)Y*f&Y9OAe7b+x$-MG@9U8?wvQgl$W61I@yxy>_K7_<6E# zEO55~8XPhoAGNGH9Yx!Z8XiZTTxd=bH?RPP|FlG%Lbx2&+q)s`cShv<+@bF6VKH4< zQb}A=wIPW?ZMim68=tRKA5*$7U)UpEHZb_1R;7_S)vPgF(oMmK2I>(vZ0{+sA7Lx~ z?ppVPf_R$MlracS9>yz?Kye`_HH|t7SAnyzH=8Za-PIvhp|`Zby~9omRYTG%Jp9&p z>l5N(CQUO_>O{uUa`i+E@jG1ag9Q2Iv1=EAeNXLa z0)8=^3&m~mIbkSocR0)QJpK+i!3@xV$BP^!rcTq*Nps*liKzRCj0z7uZ&VM#sSmTG zi)tw`;f*M9xY555sAd<*3#0~mrW`YYKQe~#zNb08P8lt&1mbXZ#_Wu>nJ)~@wvmfa zhNV5Ca9ROapxoM!zV4fitzIgHl=dw>*d{fEBG;1(n0f=spj>haX_rU7v6NF_XIG-b z)3dngNS6b?dvZ8C?}5ZEY1uxA(hBQXlx#(P$H~ehslXR0O^$Nl0MJ7MXd_6Uv}e@Z zeXi8%qBzm?O-!E7FlrD7WELG@&0XN{qSYX{N;cK^i2fDxpZL$1|IP%;%4CIcLP%J6 z^Bu{3fxYaP-%E@xoQ3x@wyzsM3R#FyrICLB3%^V0oui&(iR+0}vFea1BzY1QGGlMQ z{LN71CowJwyFN7T*SL(7A$MS!tKu> z)=m#mr7{G%=D7fK)CF;-Hr9oxFxK26nAAP*BOPoeb8A#spu#3Zfj2}|RZR`X%E|=G zJz|XiJiDVpQzDU;d>16)n}udQy;96&EbNsjKMpuKNJSxn@~@`+RF`D*b36KCd$X8l zmCM)EbpNfDEtr^785*8Ce6Ov3orKpI!AK?-k?}cQaT!U=)ch^nk%ozzn_FqR^Vwx0 zHJv?wJ=Y^4v5XEU`Y%umN`B3KOr3%H+Pr{VB3F|Szhkp6x}Z>eFvj|{SGx2yq?F4S z(DQy|ZL}>4b-K>T6f7-1VL6p|TfO_=*hiPzsWva9N9GS|k5_jQLKf*50UI!Yt{O5j z+AqbikdX8me*l0^MHtMP`H1!KGuY}a$??NyeoxG@x)y5gs(qWZ&#wJ8`_eALzMsmB zHWg+tyZin7Dy3Fb>p;%qR0&B@2~qx&rJqsxxQec!{QM8!hvFF94DS8G3IG%;dy5$? z$sIFY2MS)VfnQg&@hX#$#KX>4;GjScJf_C)7!`r^KE{M6JXWPSed)$t;W1?YS75b| ziCs2HAS~4vvltGnjD!C{FvJI3PONFvDlo7lCkDHnm`Y}eDb4Rlhm^^)1X(5Egbeuy zUqDQ8QE`{!GS>gOee>nv?^Mfg@FDSM%RKRlsLqA;2BWRfPm_rMIX9PGu|3&ND>DK} z;T=y6N#Tip@J~Ozx?mN6!@XjHeei|_;*V0SsDGEJAoBqVji5nfmRC5BTrGv?O6N#CWH3LF1&h@>+nbX4Ydw)=Ni;hgvK z1OG{x56OF4lEYS;PEk^5ups}8o^>M zrXRMWe*<($*d7uWpyAJD4CX1aWg5x+ccsAz#Dy>MflYQhuKW1-jQ4L(K9S}il|@XC z=gR+uIV6&VN`Od^PBWTQU87vaVM5n=(MOQ^Ec$1EODPGP<=F_~TnMt?4+)G<;B)Me z(elj1Oc2rM5fbL(8*H$51O$!zMi4(+A(HSR5^yr{s^fzWpXhza#%?(MZ=7$hpyV+E z+^&1CcFcWoD>Pu}wd?GG=TLxnKVq%^@dkgt%;n!aGJiqj;5F>d*aW2goaE&*nTvmS zMD(lyujhVvU8dKSWgfyFVDgMn33$YBKoSZ6ccKhj>RzBlHrSD(XwHP=Nvp@6TMVqk zdJseVM_8VXolPwaaPm>wcx|(OzicC+X3<-Zv+zuK-sG%LHa=RY)DQqV_d()qGFRH? zUCTNnXOHMSf6t0PgE+(?ke6_L4{Z+I%5-+4S3e_?WpbH;g2=jije{*j`tdR6%OZMZ zrNgPqh}kpr5=m$185<#HGPa4(eu^7Iw%< zY@ourz7oK5`RGWirUSG3uF(c?a(&kLuO`jPdcSqQ02#cgq3I1T{|_j8!Zs6ea%`>k zH*VOsLRe$IDO@~z>b@dl1?~)0g~y+jJ%R*?dqV6Ea(ppszuV$W5x&&c*=h(Lt&E}b zwGQUd26Nx!X}2?6Mb92?c3I{F`_&_6(%s-Xoe$0s#o@A`-30_D#)8GkLkX~a)YzYC zp#(S~B3v=>9?q5M0u^Xhk*N+I_8fJ~^W-E}Q?$s%7EC{GN}g=uZA9+$`>g@c2eAy? zDNq}r!lJy8mL5&Xm@2O-S5ft(r>T(zc3He6)cwRB|3WlWD08{0?-LRDxMf8jG78#5#zUL~UqmoUA2;@Es=H4uOq!y3sJzI;dR`KN3BfFhoIg zYCL0N5C8>J1A~2z>?!}H?Hfj)C5bx9mQM9f{Q2)UDcqOdONDhP)HCQ7hKoUt^1el? z^4~Mk9)DoGCWg?cQM@@g@2N=xym15}pkw>r4opD0lDxg=VtgKdtI5O>Ur0cScd(pM zv~!iowSLx7l-S56E+k@>Je3odb6T1H$*Jr>oOgd8i@jS|&g>ziIuMZJMKRub#4dcF z3tU5kT4^_PVj)()CQ$*VJ2Q!_Y#{lN@b}b!XB+BkohXQ7h)A)HO!AvaGX2WUP&jQk z%-f@tAbU#4F4qe{xlu6cMizl-3jS4o;T+zn-^6U zlipFxUH)u=>VHVVZ2%X03Kb#}J78HEarHOmljKl4ovUeY(e1chXw6wwu8&|hC0Juz zoD?Ub^29#Xf_Ab>slQJE$7tD3MACSD6;R>kgx|5DqKp>L_h=Th%<2_xuJ=!uo5-xa ze2&EbMFko=eUZ2#B12EQ&1g(Cob#cld#nXkg#N-6Iw0EfuNw9X#5_oyvdH>FLj{k9o2K5b+9DWBq>&7@+&zQ218CMT)N?j z$kSkQo6L5HX!%QXs2mRJq+I*Vc7R9ohR5)JCBqx9E+SFl9shF9E=6Fuq$0l7*y#X8 zLhL1&FF0V2HR=`Qr0x+xwr4MyNYzD^@g@oTWG5vqC#f?{@G85KjvN>OF5z!Zm@6S2 zB&$)XRUD6TjP?bZUEag>1{f9R&V^PY#Tw5nSua(k#&7?CE&9AUYDdr*3U#gRY8zq{ z107h79JEzib3H~osXwtNJz>xAuq_f`XcPc99_Dl-wttDgpC#hO>PKa^C#_KLMEr?v zraxULwp`bQ_l)=?qU?$^$nIuU`m{SxAG_ndYiRzF$nw2z3}zMC6LvD`(y&>Gxvp$6 zOpI#O9ZqaJ!XJf*#8(?6dAcJdCD{}kY8;)j4ef{s!xdts2|T47z@WFAa%abS!ceq> ztIYJ!%~lXUBv_8CWH|FcnpG&{8z?(|uV(KtIpCz{ZH+S2#Sh9z+{&KZVCQ%LQ>OUL zw->@CB_+m|=n8!OBeg!PSjxs2LbSi(Rh93=9sejNxup>eP-OSv1otoEN>p0=jKKVz zlR9^y*0ib}zc-5<+c682yBjwJI}r*_C^!Ota;w-Oww+{fu(h`CS>ipW3%f$RCwUeQ zm^S|B_6b^0OZ z2EoU4euX@XhT;l!R;U9+FNlWMSKznQ5T7$XbCJJtA=vVZfJ`IIjZ|hep<{M4wf0!p zImz^2P6G?9mw9#&)sAL;Lk4t6NRhDf+HQe0!St9@2<x05+c*I4z}qq`YvijuO76&~(Q z;$y}&PdEbGtE<-DQc^M-1=esIyn5_>L@alNCEYZvit>_-qrPzgn`9Fk)8qKEo2CT6 zu+iDp41>g=U&2l@veCL@q62@fa(ao?93_V)4ci}bwR*SDTsg#IGU8ib0!)B_U%1R*9)$k{ zq-Dr3~UNFADBEA{B~-%6cs(M4WECP0mdLJ1Vt)PMzmKd zElbC;v)jQ4u@|w$-fh@5nNE$O?4G}Ukzlu@dmhf67$M)DY@ue~PkPsXXNBRia;1d^ zH_x@PD%SKXwIQ#N=od)8yI~GJdmbb2(^m%Of^0H2>bg;7e@d1QIH zsZmeVQ^aN<=hH9GgBPLs455Tl;i_uf0H!;4X~^&$nRzej(Px$SjV)~lI6X&?J616I zg`vUk4eoY0D8dV^;lC=Ay({v3+bwLiYQ42yr-}e$g8-EG*v-8xxkOWs{Qb{u^b|{w zzQ+TUB(F^(rm9_h?CxDwDSKR}*Z;yt?CP~(G}m7ARQ`w5CZdekukBWv$XM}?Z#p^d zx2r8SJ!!Rge&(x`(hCOW-Ynh5mS55ZZaOAF&uX^s~%hhB%opdp!IcW#zy;+ z7G|>6HpL`fDs#s$psGsyTJC*^c6s%>#|h+ErK4GSll@gA^ z-KRjGF2&N$8#n#?5iCXcm5xh?Ol z@;sB1<4y@Dp6lJPp;(4C=O2HWl|}6J8q=>>DDu0!T4+!9QoEh!owk221ewq3)Zlp} zT+f#ld6PEHG^y=Z$M7*7BF}oYT*KsI9wdIUx}irK$4AQiT1IZ_ACtqPc%Uu&_F-zY4=bpw2}dcqhp`k+0EdPUm@Vjvpuvu&EbiLGqZ7f*^@D%0b-R(Ecg4t7j1=!@otu4-| zk@Zj&IWOGb`1}P1CRI&*D=@Rl_0?SmJzI!*4ded#@@x29U;`B=1{~a{z!ftySc*@? z>l~H`BoIEosxs-c1PJlX%`By5{zVzayxmnGXo6{_npGqusNJY&w^cufrNC|n{9r)x zkTZ5LJuMuy=cw!Mnhl|^OaX@t=fAF} zzhb)nH#~G$70$c^5vU_@Z@}+NM5^%y0Hbuec$-d%1Sy|a}b|rZYyPsC;Y91??^G70) zQb%2=)0-2Ls5e^`PTjb;9~!K8?%Z3%nkqOWl3_JgDxiJ)_DT2mci-!il7{Hrjd37^ zyZh|ILWKoPaYA_W{g%0A<>lqHYQJ?Sb(4h|Opodf zd?WJ*ixuhL=ESafuR|3QLx6V&hSzzK|Nn2NTB9mCU(CFmCoM)84FEUSSmlei?K+2r z{8|UWbXu->HoI0b{$gCSw6v$)_99%rpuD^Xh7aPow(_RF$cxA=y)uxssfME0N)mnY z+7_#J7EMX=>3Gp$yXbMT4@M$Y`5M;ZvBhD*YYyr2zlqGR<|mAvCx*8!VlWY$Y8aSA@cgfpM1CnAv;Pd!bX0l5nPj6Z%u z^@t>YYL}LuFV{j}9Uwmj!WADp_wlJqV9bC0T5s>K zN^U3n2}FeirVS&wjh%?&iKNel>u!vjeeSOVv=uZvwHq5I*q_NK<;qv__oTwfnfmyt z@0}-Za$xjxLp=z8SWbZ%|EIQs!PW{s(I~nhTZJ69nc>POw`3X@hXI!vrSi98y{t+f z#|HQ2E6vVz`1IS57jc3<#W$Dk^y5keRV*)PkLltfAaJY?j!i4$uiOInd2-zAi@UC5 zlSVph^WQGy7jTBNU^P_OV2;fo+|>)QG}pK21}(56fzMzF)gJuB8+Q6J8rnWAp2SSa zbISJ*<(EIMc^{u5z}|G24G3r31F0o+$^_w9{It%*J7G3D~~P>wb@&* z&ZU8lP8_ow-_7-2FG3#xFSZ-lLPAys=H}+K zw^Ab(=&He<*_t2#>M7O+;T}+x%@SBzXMlx%nv#H@Oz8JTzj4KLS*3O?Q`{BTk6mn> zaXjT{E#dwH4_0f_Sm}Vx2~3FpcvNr2z7S@Ds|Ge`*ej*wAg1#V&V-!FdO64@ zLbxj%Ync2+ZJPVYeK3#xWaQC~iV(6b^bjlfF|Y!+1Y!|B3H>Z5KfZtIhGbX&YV9fF z9LRlqHV)joq_48uo!7k_-?%CXw%#FGuy86u&QeBKz1dpa(%d+{imsg(-vAXjHG~Xo z>nscooNf*cGzj7Zu+mbV#ZlX6E2v~u`T#_|$~de7*%>X4MP_UmT^mR)4!bx}z@PU#Dhl)1!>f|-k=nV@S)RPr^LkczpR z;hVY#eCFDIp>%YZ$pnZXn&YU9QdnVdb zy8EPxcK|95m_F|4JUe$iMa>dQBRZm7GIcQ(-JJ*`U$`><-c)W{G70uf@rs3J1eTZ| z{xGb6)x6wcMcK(A)8eq{Xt#?JcP7Cesk$aaLHU*3cE?YF*OsHJD7H(#Yb4bF93ZOzGP=fllf(pV|N zPZ6l-=q|Ux;1%|)qqsciHmdW4z5jRB{}yZZi-N))dZg5M=BxRf_9)iXp!b)T0o8^! zpu;i1sTROC2Z?A3uFyzy=5OJiCX4fk8Qo1HC|T-^oE`RFyP774Tdm#XvkzEQ_=+2>C= zHA4p-L0yaLX?=5H%FyM9d7>hY^-YmgouF}1mf*Pi{?8(hUUrBcbp9^+NM@^#V-R87 z0S)o40h{aqpOA3)t57o&{kS;f(7fngZT~d6nUHGVV*t_6))xDhv0MB??y;E9bxzBz zMFI~DbCM|2My=M|o5I)j$R!})5_;iEzbj_u%g3%x)?w19<@fJ?(GGi`2S)R`kSmN8 zb6M>5uEU&X(?vpk)4ds1#FMy`4xVc|rB$|%McZYHe-t;=T!OOc1F{~S6DgR+QNv}r zw+|Y})P)}xfDUCNp;t4yU25@PKC;KY7>zGSKqun-lsquuf^&c+ql zDA1r>qb#y(z~=ba@>>*Cyz`UqW3Y+2#r4#MrR4NVdRQ2&X3jv&F0;J+FGWg9p`;`c z1r505huoim2}hQ4(RG&e<}@@cFTLTXT_*VoK1b4HRSZyuHLXkMS3mMllAM7@omv=$ zgR9H+#QS0&fg`U>!l&hSVzKcQJG)#P>ajMSYbpgJms&H>!)uM}6xTK)(t@_^rE%)$4DIpsWY z!%Kl*_)wj;>on?!B$=W{88BUulvp7BVg6K+6qk}y znQ7&QfrH_DhSzcXRZ>`1o^TBuU6KaupUxVax)~-l+d(ky>)6$$1W@&Fo;UyiT*Oo? zp{=dMR?-FvKlKeZ&-`Y@P+-EUi#918Wm5c~vN?k~m||?Rw0c)bdB$iGh`w%U(pfV& zasQ?ouAHtAm7Kq4UsDAWM(S=>0lmCyOkd;$u_S~2$l&z-jr@CFgmpxuVhnx;b-f?klIj6mqc zJ#nnOmz9%~Q&7+@&;cF{b)wSgW>TTrFmVc?>Kf|m>Sxd1v1%j|i3nP?i%2SU=YL`_ z80!qnC&6zoqWJD;90&>w3-oPp*laDzSfj&D6yFm6)`^KXKz#_HIX(q}^F zO*Q{6@~~lp;x3qQEs!tmI`;E=YK!#sj|{PBRRYb~7;g92Z!Amt(G^3p-wH3>3jaUQ CsZ!kl literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/manual-guides/mailcow-netfilter_regex.png b/2.5/en/assets/images/manual-guides/mailcow-netfilter_regex.png new file mode 100644 index 0000000000000000000000000000000000000000..0415ffe5c03c8cfb4f3b0e1ca1072ca9116f2e22 GIT binary patch literal 73545 zcmd?Q2UL?=*e+=2cu+Ztf`WpIf`}mq0@4x{1nIpC5$RoePgE2H1Vp5lD7}YbXaOQ1 zy-6v+k^!JF{lZw-$?JXV-V{{qFa9p8bVsX(*lio9pib2M(N6 zex#st-~h|`fdhwC|2o7>arjj0!~A#9Lr3Ysfs)>fE6guPZ11bzKX9Ndnw4sCl==Pm zvq#1r2M(NS{_%IP%{9-8nRv$Yp^>MqtBt3Rg}e0uC3kCU7Y{pEPjmghm_-<&$_n@O ze9hNr(XslYe%}Moj969ul5nA#j!E8Eed8#~MKUE{ZzzD~%S;AEN@?rCJzrTJ|8k#-$`|~m< z()ahr1LTJQp5LFJL$&`SJLG?FcFUnz*E-tRG>q0CePSh(;lF9=iY?Xs)59@YMMMi@ z+Y#Qd&bA4&9yXUS3R<9p>(&P$lwU%E>?WHr3ci5`Ey4 zXhz3u@b{LUlD zU7$5>31ufa4JD_K!ziZYMj$U~*_F{hZOO^$fIhX?+SIb0v@SZkiBJLuq=#9hi|@!# z>iXufzUyd}cm@HvwckhI&PGuEP8U9@)J4>zM$v(EG?jwgStN#jmkXq0d#86^G1_^K zXY&=C`^}cXY&j%f^qi)a^ek0k$x~Q3ZHKRq7Tf(}YyEhfo_7?tq%20mRtoCrJ&~hP zfmDg57i&7t>1o9RX?~+{(&XkN8VMUzaB*7(PMMS#UL2WCxq5WiSLTXIn4zuj2K3xQ z1#be|b|3DI&$J&yiY9iXB2)oDC%A%1^Zip~mQ##P1~Ci2KDr+6&BseSJl?i34x?$u zZ7|&Wc7~%_t_|_>${^TL>s8SGXb>SEO#W&(WK7#04|1?^JLJECrWIpcNZ4f7Up+p+ z?)=mdKdQO%H@R&CI&F^iU5Q{U^6}QJ&nXqSR|^^$dM$DhtsVrt!8E1}#J-l%$vsoXMoBKVqyW3Pf=6Z$ zT%kMNOL~O>t&}T_nHB#IDhWjpnCr@yR}fVbr(>ybMlPKJ2^55c0V`+PimQ%VK8;nA zlDjJ;_L*vbf4$ra>b?~dO>Z>IrMpcBG|B#M?n$tk8h~!e%P8{uQX}g_t6Y!v(=@)F zy?s`R&^rIRDw)tB!}@oUZVAbK0Vw`psnq#+J7fJwLP`&CokVqA|$HZ+(UeM&uRByAk*G zU&2p(9g06qsC=U4KfpWXF|jx=2tzqKx!W>XpCj-?!@EB=yPqW z&W(v(JYU zT|=e8p+kv_1rBlw*Ru1zg1x8s2aW!%@)~Ari(;55mN_5FR<#~5V*Y3UjbN-sW+PaJ zC->SQf`1Q4nv-YI+Re}<4^2um7>)1SVcjbOps5qNgw$wWzhbU3^8Wscz00tF;-j21 zkfM#Vi-S*F@cyPEi?{?(2^Y@V2Stizj2coQ4Ykr>h|NEy8YmEi5?RbY)`s>RHve

    4)8;?#%Fo4uB*jy>QqmxQsI5UvM43Z^0AScmd4hig8UV>wPEIQrA z(K;wD8oFQQ;$dqJTl66B?DEn^D^NYp!Ng@H=+Yc70{kK8icawv#7XU6gP%$CY1nS7 zU84su%+E{*?FQtK$YKkIIvC*_888BgUr~$-u zH~~2;r)B=we)_F>1fwUiiWlPum0A`7krDg+&=-06H$&k`Rcr;MG!z_|J7rYu>xB5w z)1m~UKxqBbd|3D9g40UgkH$@WemGhfOwI(Up;T_Y9}Vm1TOtoKW-P}Y0-cilO`W<4 zJB%9Qr9w2pm2KRluH1hiEI{qx^e$~i zC~auXYtf9*8|M1cT`#xQ(b=9&mj%BcG0TtVd8E7Q@GOk97e^j6T4SI8d20MQUJevh zm=cP_9it7)j7;4xQ9Jt{qtHemFtf&&LengRL|X#8GP6qU5LnShQVFkR|8 z7GA#;CRA9-`#an7lcmR@K0<#Aafh4y+0+MU860fC)9;~M3tAZ1Ke?RvD?!s|;Qx=s z6#si8mj5r*j$CoTZ^|*M*g(XpKC~^cKZQ3aICxqO6v&9PtdC3a&4opQ2Cf0{ASn(fvzLFfDPn5L~Zq@?H*ib+T7;?XB~86dc*FZLxejg z8qXK7uq9)HUHks*bzqxBw%)ElLw&@C(ZH`YmNEv=iWq(PWu_3c`oRs;xrJj(zgye5 zG}fy)Ivaf0w9SMX3Wm{#`dOlR7%1Cx7=C-9E1_X$cP{#3!17wk!{Y5`IBdT^vzEsn zw~DRFI<|Zo=JU8pmOKRyu%2gwkvcD|Xvy~}i*Tk2W|*JZ}SSU1>ruNCGsM z2nk|1DhU7!@w+Aw*l&jeXx+@ALDwl^4yAgZcmtQiHqj6u3MO9#_p7H8>n`~14ppT^ zUo_=~-gT*ee7vyQ-H8pf$A&H)%?!KL5D4)y3yg$T&~e4CaGew)hOxphvV8eDz%3-@ z4lE~#lmd<^{MlWZ9RUknl>x?(WP{soBO;LEZ0|;$Pk}(UVg%B)_-dh2za~Vj2KuAJ z3>DI~=u9>_@@{rj9od@jY9+Ic$B!z5U~JcKrWa(;aK);cm?h0sC1F|et`E!vakJiI zMh|br)@%TSif_tZRsd3)z~|T;^Q@gfO>1X0()5SF+M4J8UEsfH*g&h~d16?6a?3Zn zY;6eg7?cTKHO(*gh}9PG6hcv*Rv8P;FRjEP(n}O!;{Y- zTpC;sVh~tE=Yvq47#HebHbRxrFNRoMWW&PdNVyTVRbz&4dWGDc+`ldACDowl3nD1350lH8ZPJ z*3rFcsnCi~$u($x3r3!(3O^q*8SUV<)Att-IcMki`U1>X4H=lZ(!5R<_Cs7z)!0~O z2j{tH%$j$F1sq0Jp=oj35?PSAWFHXjFM1m{Lo=&cuDaXDl;;7qwsn{8D`fKml`;nPkgG zeOgbT)6OSEy5v+}sx0{%er{n&8A~ZC!RGglLiZ}*%WcC06w+W?b92%6Xup(#uJ z9;{hMWW}S^I%x1-cpwq)ks!>lg5qrx`e6D9Q@um=Z()Q?SJ~a~{knae@KUoN+S^(X zT^xyXM3^;rF23qy4Ed~Yba(6KMx_N#Y&_bhh_{9ta&>9Yo)O?M{NQG4;8tTSmXz-_ z3pc#}@!I}(`RIb68$b{v%Sv|6|=@-V%sShk0cQ-vo!ZCi*y*U{76IEg7Y$ zvLfJ5A%l)}N#u&nVU`y`i~Y-3-|Ks0?)fkfaY!ge_#w=unwV9d_3qY6LUKc-=+y;d zlJX0)JG@eEt9+r17Y?G%dl;>aP?T>m7uf20L$zuQ*jz1+#0?h3i|$JsyiG{iLT;|+ zOcs{kh0nokXU)mIqi}k9)_a-iAs-JDr&x{fGL#+h(n(2~53-YsAF?3D*{eIy+veaj zB}QWA`CqZ{^R!x@_AitGlmvwgoOTjdw*&IoA^^B^w2 z=&2B%eE+eeEZH4#9V~n!TwQdhQK^CEt?y4Bj>y$*5e62w=Erz^c!}7*e9A8?ECC{T z(Mf#jbx60UPvg`_(w8b!158YvOaGH8p-T+7W*d85&(dvgiLqlv_!`;%!cSn@(?8Nj z0d|8Slh5{%fm2!(+++hoH(KC;05q@I`$T#Fb=CeZ$^4aLi${bKQBNV?PR0=Czk;3y ze30+~z}#}VfLOhaO#gv_P(k1^Oe}iT<)rcQG2OI2^i94c%RAHWsg56oFVYGP({-dc z8PEr($^-wYn=^$ir9Y$FC|Q*|sVI{Pw(|>`YD)r_$aeE4iq%Y}=g0FAZBl1=0NCDU ztez>m{c-P><^Dcc<;D6Z1cRLbdi85cP`A6msK-$Q$mQ_8;dgCRk(a8Kvi_1zg@9XIJc&>aB zwK`v7LK>3HW00!t`^5Y~WbWvOjbb2?&b@?oNmq2=9m}^B296yLzqa_!92K(v_vxIf z%Vv?1B5kRK#j_k}aHVgLNT)1nr8npX z9Hy_>r{vghedV*Il_x$z2NFn6C1n>5gJ<3atKHPR8&F|sH6W0j9{pL+nnKM zUt;xYfA*IfxaW!_`bK|f&r)DFxO#5NsGGD!GfeNlewns1XDghox?OfplEXZJp46rZ zU8vqU>nNkJ?TZtgE{n|&%jn3? z&DQaomD#>PG5Q|9JMrE*aSqpqeTU2430v~LyL4=^{qNVAZBg(*>SK~v@M8OlDR0V6 zXBU+i)62s|mQeB|^yxnBSXp(=x%&90b$}67!D*<$wGsr~q@!6^LTUGg_W zo*?pjN>^YeWsn-R*0U!)bt~d!z)U23wcKA^gwVa9dN`Ihz{7{EHc44I-oRlCS!I-sODr|ZO5R=>enuG|d z*&}*|>B;&{Tcg&u0(c6~Fk894{#m`X2_f&3U-_5@q8VG-b!9`gQi;M9Em} zG+^h(Cc7pGMzW2tS=)yf=tRy>CB6&rmtPMsVn$yNX@zWAR|Ow_|CG)NgfEo@-NFFBl6fvb!7nUBV&p#UF zQ_Yf)$~AmP+K-dQw1_!9sTk=9_Tah04yh8nUIo!Gp=(FblR|we^PPU}EQ$QcAjL?= zy+o^glB6UD9q$M^6~ay6`f!BQS>Y(~J zdKyA6_a#fts3j2{vC*>JUu6x@fv=NtzkCH`sSg^}Mx<{RO7J@Rz2eQNtALm&n>Ie)Q1obLykDyRNJ!9-ZtY zT`bSC;>8Pht30%5?->i!s`B?mo>i*HF0F+B9J7jLr0znK`UL+RO;LrhFW{f$zJ9Wj zYvVzedJWUhKAE>sAyvG+W&f3RNTukl5xN-pJm&CD#+|h3e<%%j^cwh$9e-Iwn+?Wr zm>mnlqPUr}e~wncyRW^nc$D#t9T?wtrYyDi4s+(mY78bGdjAMEnmHrU)x}>|*}kSg zilp_#LEZ^W5J1t)^YA=$0-tsjeA#b}*W3WhZ(UQpqA%z{h4eez;d#6kIPf&Z^ZI56 zHU>R@I>{?VXPdGh%OmC0DQ9{?+h%752WF$y|DqzFt>Q8`Ah5;Kpye&scnA^qGs>PI zaeB>Vdqm@OtO#945*RbLF|=4Xb$&Zy3GGcK$~(LQ;Hk?=p}b(9m2F3`>0|1+BQTxe zP#(C?YP|3@NflAQmt1r!yC$^3pT7O$h~A#v(M-Qva46yR74+NPPYj{Q;6RFufTsp5 z*MNf=%oB8@$E_`o-bByOZ>w1L=pxbwLo?qSq?EG75Vr)Dq6)1vKzudriVkeUZi#Fp z&S0-;TlzHh`&AexmuT0I;K4TihHmk;&vcJoJS6^aTt_ZE;j{y|PnNzVX5(M<)()42 ztE5|*1BwTs%hl3RqECFEKtKEl7x=bs7DS6o2hjUNH9+)TpKk5K$Yn_E%5)MNj6S6l zUC_fLL+}!7k2(&o*e#Sq=Wpv=Vgu9P%ANPxq{AS?j+{yJt{>N==~*euHMQk29@ytG zhJ_4wgUObKVPm=ER)e{o7ad=TV87cz!@R(s$Yp!gJsRXsFP@D)ZT)8REX`e-+|CDa zQ^l)n=-V@%-RM)=4_ay)7~B#t^#w(yylwdQcHV4PCfUXNa)pbo3KB{g)YuQ@70qZ@ zjG9|Eg#5*r`o%$h$r*SE0BIT6gQyFda0Z!gku#4cC~uGT03jAA4Bp8jwWKQXLaCEN zo9OLG_w4{6n6~UjDKw1ck)baS0;#&Q!EwyBN$|+En(w!S3?H?lsR~4tI%tb)!<;5L zLU7jnrq6^{U){|0h{k;AX<}?u=6@WvbujPfn2T!-N%WtC3kR9u-rijD$eCT@{Z^(l z328mAV;i($FJrVxNkN>;MleJA_FEpDI3)U}VH(cIoUzcSe_paY;iJm@{M-`M>Xe+h zB6ZmG;fTcdZLsX(krStGy?HNF-zxJyzXd^`M?qkpsjti3Z}p*PV1Jo&fcJ^Yu2sN> zxq32y#_f<66)vsL<3IWdrSZ7wxzvkpTXM+>dxHE zoyZxx_A6Ji(-Qz)sZVw{FDSh-1I~$nZ(j`Jmwo7`eRCy6uxIpkU7*&>%8KPvC@FI~{S;`kRTFDiOa655 zUwv=vvviA&3e@F*&;h4*enUOlO41x>10KWvXH|0Y+Gq1CX84#HZI z5@gihi^1q#G``oTh^l9&8N*hz!+)6Ydu+9V=7HKS-k>$6w6G*Rc5H!@a}jhUGMJ|6 zqqodsm`I8X?ddyr3`R1;Y^OlbjDa}_b2Yg9UG_L4BXnt^bVkva`Gc9!+9)A!EBF6fqVbxnN6Q zg_zM=>nkrpH>CtC8Mw*%_xSG~Yz!mDgHad>-<-2YPXeMp*;1Ql!2N~=jAgL7>EpV+ zXr+jOzb-oPe>Q2XgQWxhVTG8xe9PYpF#k0|DHqRsz*&kLyv7oPL;7y|RMnzu z37lAx=3)gQ+%(L`z(?b@Tj}re&yRn;!qlc3s22tw2XzNp`n}#Z75wX`_~_cq>Z3C7_0keJZH|btdyqAz8HhR7M%<~ z7dVT6h@8ViUl1oW+vT-z#t|Eta|XJ!Ni`oS=U^;BAVuP|4hZ^* z>7S9Y7dD$vf35C+ey;8dH9uB&CU3{~BCD+i6c2W~tsdM*+y5%?bre#sMPKEl*AmSN zumq@2A$>jHaG_BYO&_MXHasJ{@&p*S8lq8z8N+Et3ve0;Lpf+g?5At%%4RJtK^Pvo zOnGuU!gekCW~W1-afD$Z97>p&MZyA!ee3SjjX$bd;-O2!vz%xzyU^mY2!PC~AXQih zbI*-BkMA#Z^|JR%nlM*`!QA?$E3M_Vl&RVNSzh9Px=5xT+!ZlA8#G|b6z&8DKa5s# zLDZ1w5#$}>WXE>J&Y#KX7}f@WiteOvc@}ekiLsg+WGYPRr_0Du4=?3lq+qEy6l}$C z4z>ey1ydy9SY!{q+oG#dlezyi>CLEtZ0hWGM*wI?pw^_px=l_12q}53HZt4Q*O;LB zmDGbk$U3p8iZ^s`%p?dyNjuwO(T(sx#p2ud!99QMp5;ZV^Sx_Mblj;SGOg?5)YaZ8 z3PR_d`<)@@43el(w^KYPfF|I?Da3s&wF{$3e=XPoTkLXu)OGjYW8jNtCI>c*$Zl8A zhI#w?-$O%9(gB}F9A-n)At3Z>>~^)Ub62GqoRMNH<9`eEuX{^$`G19$A65s@TO+wu zRaI|}Sn1T{pKvaDfkYzX;?BvO{cQpMzNV(8&d$z>iDZBy8N_7GT3TAHKj-$Ur=`oa zf$~$v?gOCq_V!RHJvUZmAxHFc&9NaNBfme23;*!I!25iwiSnGyDIcu9rIXhM=R6PH zT-&}f&8eYT{j;Wf>3T_ncYwOT8%%tbFTEtQS!b!*WvBVG4ef~BKhn$-X|0IO<`2WO z=TeCCw^zm=A1-k8@)|b(UG|HDiJ6)DuvC6av}LCQUSd@_4$*=^{QmXHOYMlw!$_j= zzt=-V*7I8SUzh|Y{5y?_-b1sLdw>Sjf9FF@#sMGnkpp}EUnh`r2}uMo`!VopXcpMr za|5N>V2voQ(%2YTzq+gd3AyVnW3}elhIiqFUA^s!_l;Iqi$zQ7tvrVWAURgtI=83 zRUM4H+2UA!3tOR=wSEI<4rPdp-gGZ$JfpkkFNRf^am*yB=479q?TRRG`|xwv%T0Mm zV&mF6#ua{P893aMK9}Gu`C0vO1f-6zm>t4*;MP zz|SVxpAMN&ODt>24Zei@0NX-Uqm<7aXkWrO1zd0472nwXqM|aNb!aw}v*YT(9i2~w z#~d|UgD^(U5VoqOBmydQH;jKYPH^F(oYNT9%Bdz1CZ01XlsU?N5g&acNn#zS z{-dcc0OvXr>h|_*QUGCLjn>z(u)Q6C0D0MMjsR-iL{M`ZmYj$r?X0|IFBwO!v~p@E3|kqKIp1wS3i@@Asn@vRl)@ zSuhR}VpHr6?k2Kwb?x9VYKgc|*vAtuo8^#d24dF9Iz9B5$6z0{Icmb+ zT6bg?M(<(Vl_BoZmVgB^a&AmrIdhyDH|6Up7qlwE{ZJPWvNy^#ZTQFYFQ{A?#RM(Ay z981*l7ch`8t`bXmCM8yj^!K<~q_A62+_GJ+k2`LAO>|I)bRy>4UC|5I$1Z3{w;W95 zXWY$lCLZNFbz|h*XHJ%pYoLDTem)g|OT~Nj2R{7X==HWq6?+I#)QLSxqSv+|xI0;}{nkbTmZZC?aJ@-bsW@hEgVrR%4E4Sl6civAz4)Bw(-d_9fjS$tRVXL!dzKuAl%TWxB`{t zYaChU%qre#g-lEg=ag`O)B~6ppxWeAj$#oV-nzw=JI5%R zt7Q?KjLyK;z|sB$f)VA#eq*BtuF2qwEt*(F)fjWM?e=(z!2MS`F|K`mz{U8AAhILLeJP>A6OkPFeeEf}`6$i$N$kjMWEk^q)8CQ0 zQ7VScR$BF1AApBep4_(=oUnUkW-U!-t%$0~qKlf<-c;atduPG>YS4=FqJlv=%H3oN zxv;7Ld31F+Ak&c}WZYlkd2U1On%;%SMT2z+yYo{PHc|(76GWv?+yqFx4_x<>=^8RT zA;0iYtam9^)6Qw#a^=GGS^H8_4MYggCy=66HwbAox1RgZq&;0TI^;c)Ww8WcYrW!U zC6N#{S-tqI?I+p$rIl$dNKi5@D%N$P#3;=?wy9`ci1(JO!>mkn!Wr;X93JBhWm z#b{TsyS*QN?L~nw+!SN|wC4Kmnmhm6_wQ09g$9S%_jM*ydMjP9f4*mOFe!64PlJer zLs5a&D&k4CdPV86z(XxIRs|2rkP$QfR|Mq6Zn1ZrzHrXo;g)SAfAZ7%eh6mO`H|4X zC9{fuyhCo6ACzruf7~!5(M)mf_-1sbw)t~1NwmKGfz9yZ-H6s&)?$e>>_@b?wmbOm zG#DxR;pK0bc)I#s1w;#gWz+4&+mhtwbFPg#q#k*svE~Wvd?!^IZ(e;nJKppsGxfwQ z(j;P3oY11GW&qxe>z;?7>6?z?sM5eh+v3E=v_DR>;Tv2MTjLl0K$T811lZsqN4}J&=B<`ET_ zXx1rT)ACQ3RR}E+(>C;j5YRxm@>0tDQSia4!94P|Mao`A%f478xoL*KXx@0@*G&!n zuDeL$!a~c^#;B$VQ#4+by1gfLr*)QECri#|ay|HO=XZv@7hbdMMjzOl^h$6ME}Th1 znpprEETnYbVyiSyilRRgCL0^OpY-w6r-^2BIpB4fGvDgJl54)uG3xtNOw_Aj?HT2@ zi54JNxO+5TtK`wxBVDKfUqsPaiIGuZO7JBdPu2BgFVCI_V;5T6k8K^{n|dODy--=n zUHSOjQT@ZiXNNyBOWL?N9n4j4=)N`U)$(-V$Zrz>nsLgA|VByjg)~nMrkNwG- zoxSlF#a)$5P;ni)pOD|{gksce=ZkLN@}&hp>TSPfje5UE5_1;RVj%r}E!y+;;^nop zN6RCpk#cWeBpGGAKxB>Bb~%x<)lNN3U;XFePeoQnSxSVq8Hrw17HINq-mP?11k? zMhI+R9C5SEIH`W~YYT30Bb;`!WZ2a~T*nc073q7uDmCa<5aBH;A$ntI^!~fQk;IjP z7E0U|Q-!~AQlzU|b%(CKNKtt&ydwydlQte}vHb z%z3Ijz@>yr4cI()+9o=_G zQ=n6h)J#v=IkySdM~jlDM%`9}wj_l+n@jH!0!qcf zb?QQo2agv$s20nV5sdHfuAQn?ht!a=hpUXcB-4s!bM>(Koa5@PYC@*ncYP`)2iM;v zB?alT6K)0RYu=P+i*D0c98A<=4|o}NYw*H#zx>w2DOUiea^5KmB;@bkyx>0`V%!TF zt`+rV>cCR6mHCU@@hHoc*W5atX~3VO;Epy4n4!v0s% zvci)_5s<2fOeCezmu?BqYtj94zf9zkPD?ivg=J@7H#Je@#!U{bjC-u<+9HXoqX*H83kz#&YiH-4c<~@!<~57i*;&yE-KCtL#{Ahu^yklaz+lFpa<;qfg^9<9 zap#Ka{;+Ma4)*pPdZNz8gZs>v3kq&m*1nY(s>vU$SQ^W9alqdU2LxyqblWE<2>xpC zfLgU)+D@9!bXoTQbi$Y@(t?RM!_@<~6L+0T4h|!0YaM>A^aBT;TrDms$-$)#&9>dP zM*5}@vN}g+*A0KyEYkRY1%fiS!|!?qqnJA?uf-?q5B2ceezcYYMj9(g>WnXz*_5RY z6>g4eoFAG+eO7kBb1vH0c*6s`%o|f5S!}#?-mUX;_o=P8mdVvRi3@>w6?d&_0d-J( z8&l~~C~HVih+O%!xg#HMbnhGRudXNllQ}ZWQc>lK4)VVI`bARXPh@%L=N>`VSa+sW za!qI@uN8x&A2RDBFr+_FPT#t1jezY8utM~M&|`{kfYwxXI{7DO_~gM`=1nj!HA5^X z6TfXbc^!B37@5Te5b~L>f3n1r5`CSytWzeEEC+DV=8>y>Eq8MT$8sc~mr8O=<-?q+ z)5;D{9^%jCfES#w9gR~qD4d_0be0M$B zeUH90uk&|#=$^||1~*HE%m&CCpKPDt7kt>(Ts8>nLXxG$7YDGx(PZ)k8GjKJ`sru%?4fB(Ao3D=Vw1&xec15w6zteV@B*~L)4+aBer4S{|qo|iht3DtK z(m-Cb=$QLrJe>HSLq;(sWPG+(5v&QNzsLpBwn7tlz{HitC)j*Rr_n^|qLu{lTe=x3 zdAOlc@o$fAyHw{0@1B)#ToaePx}q$$R#@26uAQ~{(A_Lar?b?kRPS3nY_>V|$enbxuj{-iN4yO#N8LviiK5)R!7QHW%*vK*F9mIWklynvpq3#Tj^9qCl+X zFNb8RXSQ?o7n2xwg#sbFeN6$tFZe63;As{6EiKGU;(e-U>>#UTYQzzjD&?Qs>l;$r z5ntlW(mTQS5u+KdYXA5)uchR$gN$n_<1-J+7mw(+?e@78WE_p;_2s=Nn=9;eG;lAX zPsMqE;=<0wi}}y{z@(#s<*K(EZnShAV#cO99AGixZey-_?e-pKXD6a&!3j<`X_zEs z1E&i4dGDf(sL$@hE{vrjeG?kEb(z{gNpM%eMFYJxr-&o&;no{kVk73O2%pXA;+GQ$ zJygoW(kxC1K^=GQlKg9|Y*j{PcZwnnKX)Zw^>vO7uj-qhk#aZ1XP&D&!F9;jD$7QR zGF~`+GyH-HYH!5TpeXGDa@CG}rt33VNyk)IS{yT*{m-onrZ*H7H-sZPYCa;TZE9|v z3A$e~|K0ZV^?Xuh9lw`0K}FM}+nsRF=97UFbvGtQUJ`Kglak7>73OI@WD-cQ-;>d3 zutz=h@>l0MY)R>4=}Ji^_GSW62{w5Yq{zvf5|`CYO!Q+DbJ>881zk%_6l>&iTn?35 zT+J&h0B<*R)_HGOm~u0S#C9k!rJl(mt+Yoa$!Mr;i8-is6y8)@z!`~-0HRhx^vcu@ zCG|R(6ZD5K6(vUC!n33w>s}x0|CV8~I#YLlV5Pg=S(pDIayVZsppnlv zGR}yfsYp+bA6HTr8BlFD6?@Dt#004pKS8R^e-2U)OmXLOpzG?0lQgpOs?<*qvG?g zL-EPsw}ufwq0xup({%a}lMLJ6fTNar)2jMTIg#og0vc}MQD`-i zHj@QoB2{}S-Fd@Z54W>^CXq$yfq!@96t_TR0-j*L5AMSeP@aJoy^i>Y*#PZ$(KLO4 z(2atcPcI)0+cAX16hl@OB|}c%iv6eeVtGDme<`7RHMqc$d0@{-DD+)M#kIfvD9HVV zJ<9Xt3UKPnN~x%5zwO@RR>7C;eDj3YfzFGq9M3RTNhaviy`Fphm(Lrs8kpmNA*}YV zjcd+a=;Wu_lkQ&FICEyy7-9YGN=Ow5{wa$I*YX!Qen#B)_FIcvfIx^$JtW~vgadVU z)%Fy&#?qi*mYlyGuo>_`u`<6!XjC}8+7*!>@q>SDVCSsImHZ!~wa&$&7WDpXzg#em zljNNfY7%G^zT+3X`tU)OZo^)aUM3CE{njB6P~b_7In#7K_{2HMj_31Y-6k*W#>m?< zm*pOak1@_Rr71{=el_5#ED6mz?E5l1b?Z#)x?_rAM@k+`=Td`L@J0-)nE2x>i8!AG zhpw*AR-lFnJ+aZ00;O)VZ|ltuZw<=_FhOg8?@f78KSM~seG|n?Hoi~a-VqQ`eVXK< z4xCKX!M*xvg)g=CW)W@wNLT>OdCoA}eA0Yp+6+|;mt_33)PYD})6+s+^OhZpst?JX z$I!19_DR`d>=o4|iyfDZJCn@BCqAJ#SZ61j@F(ALV z7|!K!|BPTVwb^67@=Q^2#}P~(dPIPU#`6K!N#_#y(X%SGRCAxBt~s^tx}JkVO&r0r zLjQ{}o8rNxy%hwezP2C+dHv+^baR=W=ylaSl3@EpF{i{}>ek}Nh`Z~O*LJu=SE~v4 zZ5D=}O2iIbS>SL{vHu$T%cWh);J}8e8%0zxHX38;p@)libt4c7OPyzup0RMeu6k@=7|t*DEp7evNn8GX zeL#NZN}-8{;PgxUQEIB`H+FV=t6J(D_kRyK1yc;3mRrTu=>FH3(@20R?UWvO#LF=e z23R`WC`GaB4m1*P|ow6?4{40M> z$p)K&wJ}3yDTWKg62(sZh!CDfDgheUn6b42fM@lUNnizjwf4-FyEY9yA)-yHdQfs> z;m_Bfo+~r8rT;2l)R1S~sfG)lc@t8c{YUpdy3Eh@BkbwKpMmO=2fv}Lv**9>Hn+y* zw^&}>yGT(0r2iY~uP`eW_+LqTchklk4V~hM>ra=K3y2EB6>%U2kk*?WneJU@CpkGd zm>|;rKXA)bou7w=MWZ>9i3j83f)yz*(h0I_!kkRAEj}-%cWAoVBuuDU;3GwlZOG_~6d_9+&@+pq@>R-m~|0%Bn z005Fya+nJ0bkM$;c&kA|e~7fCmp^mThSUM(56i4KmE)w;cSQd{?&Aps9t}IaGL@g- z?)}97>`34L5FnZS21v~qU|trc$rGF2BmS}0z|e60ci97KS;ND_dTFsH)Vn!F9Ih4V zdL)xN+8^x9fBs)4a=%b% zZ=tFLcxY$abdwfEjEui~S#rWiCg$EHUUZbPYC*STT+!r*81D>uEE)EuXf>j;!f@1P zsLf~Soy2!d35re)0ew*E((SY zNqo|BWrO_iTj?dgsXZk2Zbgr__xQ7Wme`sNG|Pf7`{_YcM^CtJS$FRoBUsd#fAb+G zaqxyB+qk@_rSifc%||a^(32PVKEzTJrqrC?d#&E?;DIkWq7DG4NC0IIW6MHT^(tE; zT4PQ+Gj+osu$N_Tb4qw`+GloF90RJ%N3>|N?r6BVxVTi2!Gt&l&qK7cGTPA|8Z6Y$ z$5+02eO*R5vxlPW^E7u8se=)blWSP$N!NWqF1De&nDj^@FG-;uoFDa88rU{JW)AZY z9lYTctyHrwk0bN2Wwx!q%|RRXkD0C$>325u6kiE-O4@eGT4`*_RDKb9L(NcAPU-T@03UQa3Z ztgR_I^_Igd3LsIu5@O%{_JYAP##*kmkbkg;z;Nj!6ej1YzQub=ib{UK^F-E$F{4a4Xj*z^@I=|N2#qqdv$<1e7(z*%fVSHV^ z?KyC*K{z)8)JSM>WG?zn-=C6$*gmdnoC1$kC3)_CsyD4#Zf#tPLPekBjgJ36!x7v9 zS<`+{1giQAX0otHj9X8(UJEP@>pM7)jvp@Y>BDy!!sTxHUA$Y!#opBepGKI5*PBb1 zn?VZ3!S7d@x`(5oDZ;6y%)N9MXhqU?R@YziG}mZ{Am&CE4C07uh*x=?muo637fB6 zKAj!UlBoIsct_!-cBGG3&DK9kyz3*ENIe34lKk9{Y_!W)hWfPPRd^lb_Y>dSre6;L z+zmJtRdK?#S4^+SnMJx8r?jH@Ow3zj_@<4&v2-|HPeIB54Mx|?uQh|Jlxx|d^W#TWTuT5`#au59<*67kU3l9ENw*~mtI-&@0Q451YezbpPN&i zyINexjAe7txZy}?J1=PCnT`GsOxUh}*xk-{(wlIZFFi_Cx!$4|FJ19}(=j-hLAv82 zW}lce9_U^dW-d&q?|O8pRuKO5iPs5&TrJByf1xd|Y(~u|q%bw@Z{v=)TN#`|>X_YQ zLq2(a2SYH6BJVAbRvH7J6lD%Op+66u$*an4%E|P9s(M16_uF5C%ym&z=75jb0s9jB zJP%?W0A@P-K=mE7wxiD~+* z8{lFeN0ps29a*Gr&F#gp*3tWb2BM5#BpvnHnE=Wba(&Rbx((cZ7~zTWduUsPIBRCE zXb?=>KRg|0%*SNxrp4^Rk zYRE=hQ5fOTISrPR@(WRq=wtb%tSGrp4TT$F&<=Tpr^Gb8a zU+X>4FNbcsFKk@<3vQyRp;;D0xHqs~taD7zX2Kk;%lf`Rb^h8;YE+d*ZydyyE^;pH zUAC_V^l}CCcAi^`Tg&HKcjt3?oz0N)4^!%&2Q@X{=N0Ry$Ed>8W0kJO9*fbsjSMWh zA|Nw#VmxFAEBai4wKw~6{qWQG?_iJht2jHlmAhge-98~k2x2WAC$*;2xA#}m$nM~y%^4ji~=F=SHbh#`?OfO~Q-X|GuCq+Du=M4#njVDHW-GR3ED&k8`x;~ZCQ@S|@2;ZG&PC|d-Fjz? zVQLLx!J52*IOc4l<-q7f(_Us&ztEKiArI6$Y`>_8Xkp{rO?c7sI0Cl0E(DbG+8Q(k z1reooc9P1xv?3DF;wk8tGO*}TNGs#!I&Er_`g)qiTDRk~^-*kZ-@~>iybkb8u{IdT zZsjC*FVRrIbIj`7*oJ~<#OwK6fc_Q9ltR{;hbk8Ll!arS^Gq%N!@goNZrScom(uZ? zdsMBrd-FPb&F%4bNf}=`hw{gK2}QfeM>g*<%|^+m@{+E(va>~r{a7LycQ2V|T`t1B zOUplc(hHxelcd=G_w-m!M_Fol~>gh}sqj~#nj_-3p7nmD(715>;DI`8On8>sissI%Q9LoW!6gU$B|~$;M=j8!H|eA?&&q9@=vEKYTg?6J|Pr+f3@aP_qK-wylmiS2*an zef~Vg5LESb=&KJ;(0KhF`6s07S$1O}^wt@l#(C)VGib93pPm#Ei49Cyf) zH1a*4ch^?b+O2APGfcI0)=f%)HB|*Q(ruAvS*LSo2V`sLpnO@ z8%|1=T~_vaRt>ZD{V(jDcUV(foA&isQ2`YN0RfRFAiWa-rFWFxLq`Ik_o{**gx(

    ?)&#_?=>vf zNM1F|>ay{jcVthHl&?UNeGvRMG*W?dvdT5|`;KDv+;v~O@!lXA&dK_b zcg<3X&5wVZzBHi-?j;`d^beN}!V6yQ!)2UkuM%FV>DGL$Yg%W}xk;(mr<-p_L#f_ywuSaTqN9fmaKTh5#Cs zjmirLcjus1M$AsZr-#mFBX%cWUsad6Xv*nvcrojGv7h-ZhO81>l&`QIS3FVzz*C3j z#b=C_NBL)`p<6sl$#Sh=j6l;=QL)z-{K?y2&pgRp8t>xmTz4@yAyBvKt)_;H<*|6` z1(@v#;cQ&%yYkrcCYs~mg$Fc!hB^i}JGP2_KiQ`46T}9PlcvYwwtJ@H-8Yt~^WYE* zt6m3~P7LCH7G{>Y=r*p?gK0$J_J`RVD5y_w5Hle;ZQFnc+^bh2I?prGrTR8DpQfTT zKKX>?K7-QA15XrtW8-XY2ynkvBTJvkj_A2}AdHN*m3O3<&)ltKijc}B>WLLhHp1(d zuldd2iLUwdwfsiB_*HWWxGda10@G&wl&`6804lGyPyK<63(CPHX!psTeOx(+T~)x^ z+7*c~y6)RS>}WrGzy4jt$UEgk8iBf)4$8ZDpX9>CWXGGK3sThC0W&E6fPx|uS6sR) z0!1XT_?WwcY$t>?Cdz9yz!8v>_&-+>Jx~5&6%lYJJ2B}l88Ujdt;OB0BG z0&*BxSdT@R0-~*l@2-`ufFy8ZRBW$o$8j;=yORmSZB^)#DKqC>xO?-)*K}U!TFj@u z;;iFgYtBA|MvCk!eEViV(iF=LENSZP1`d*+S#_CeamSm0s(KAg4(| zP{I5@Awa?Tx^c!n7zf=KQWM-3O}v)xwUNCa7`ro;S3o#bl0d)3cvQ|C@FG`S6;08G z{{|MLS>@E8vXV+@b#}|^%aLf+VM)oMmivL4S|;UEsKEikW%ufvX~<_cP0qW7m?S+_bAS zzdyO}6KJ6XQ_ItNVKb$xL^M_8u;D?+teWJgwrXXa>#39-ripn7NV4VgtA@+jrk%C! z_8B$Zk?}nGOlR$O8MTLfn1v+Ds{M3N@h-id&4I&`ekrEOv)qb<>|!rtX4vgRHeSuZpt&Fs&B#m$PAj@KC_4YNoi43>)*rJ#HaX!?( z998>18OHbaXbsY@spuLYIPrXMZdb8(q#m<~5qgNls( zM?>p>BHKkBKB;r}Rjh{mXKdQyjmWtK^RN!}+u_R87K6_y+dsbwFTD8%V&b98l#}F| z7X8|XywJ^(`ONJzfj&Hi1Zh)rndY9sk{uv0eS%yF&xTBA*1QdU&$$gxJSwVuH<<;z)RY=<5@)f~8SZ1d1d zLRWCwFd2 zxhxt=t6|C`l*y2KUm03!24VR5?YRl)WR0{rO{5#u9`o%FkCzX+?Ui6jv|D&}KV>{q z&8V(z==NEe2JTcQYi;Ao?N^d88T5PHL%tG`yUt28=Oum+eErhw&`M>SC-`+bCZCk@uyz@1(O(gBw1(9XV5@=!+WBx#v;1#txZ_^}Ot>=J0=Sm~ zPO2k??gFBdI1ptxH!_U@A5dTcWq1~$T}Ym8L7IPM0)U%!mkMPRP8kEZO-ru&pB0zt zXsNv#r+b6}jMuB*eJb2wCf%?P{)T;1EV2BRQSz!**{b8aj?&X;%T{mPWq+y~NEuCC zu6dvk$))c@cMn&9>#jTc^82?&{%Kf2N6Iph&lW6>&_Oo;)OTfpOA{#k2ma=#%(i{B zyMoI6d-AAAR%|&6g(@jA0x~2b2>2gbx7X>B0}wZP!GM;n_t4j$1{CUlF-7$OrYJxG zU%htWh@#PFoFZ5NzJXQ%ZmtJdjsBW4nJahMUch3pfF-HAxn%k8`jz5cuVKFY5>GF& zx)2f)s;a6EEt)Ybd0&XdzYD{cUf%k1K>o`RrvIyF|BV&u|3c6HOE~CP7>7#|H!QyYR2;CjFO#AUm_Y#57=tk~8*Vdf1x)X&Jq}y)~dlJh!$3Sd=$A zP^2WkVoE-dY?y)m`81xx{1;K_tI}%|WTV z(KuR~>_OrRmTqQzArGGI8=TzL)+;}{@~gudE($uV6V2H`QJ5vMTn*ek`7=SAnWc6g ztMotUv*K1+_(Mmfy0uxUIZfu3Mu$&FkXP_F_oYT_ z9uk;N=8^r%_%)D1u99ddO);WD=Nq`U)8U44u@5{%b)~ykX$8|C;7C_OG}wW{vLP2x zd<+E0BW?H45{)t410zfRkFri#j1~%HMsn`Sn5R^?00WkBMC;?%1QALmwyx7B<&xj+ zoglV`f@X*A7f;HFGa$R@VDJ)3DPE$J9>nyO83;C8W(_({>iskmaNL{$$MwW+@E;YC zn+yFADrQpQ`UO(xJSyzd`PtbYpS@ya1j>Q-tEPS;By!K)a?F1??d~>4)Bv>VB zNY&m=rH{VD^xtT&#(}jaHpWArt_PKvK2S<-8&dU8dgTab^L!K%jC38ixvch6+JQKTBUaCVIttH&UY|6NP zqo<8-O9dV|H;7G_2A_FfnxX~5Mm=9wyk36}woZm@DyFcNk|B4L!OgdMbaC4Te8<~E zl{Rts4F{h9G9>v@u>Fley4DfbcdYreI*)suM@l@byw2t`ZVR;j6^=S9-<59f)ck6&V%*V2( zyDF}5s@M7vUmCvVtbPgXTh2GiW1gFde0q64b%p>#uCsMD(084)jS5|EKbOu`+>#VO z9;-0cYI-p=b^OGDwTm$q78AVs8jQDxaBW<{c=k{!RMzazX65HN!#_CXawY-47Qc(A z$9L3oE}6b*%0^hVCwDC?H+wFIBYTbCQS+yom!K}m-eVz~*DRKasstmzp6C?+R)F7c zNUDS!%_`=NSdyT;p%Gz)bn971V;PfIh4h4+nqgV^_BW)$yM1KSp+@1k`I&s#c%@yO z{+7xS_9;Hf^-)_ZuHz$$rQH5P+WduYqb-Vt)GVvw>0nW9(uOFGx%uxp&*lU4V=z3C zPu{5*YY?r_rzlTn>Bm7GpO+r4eo>~Epf)+eaDs7Nw%9v~=@ugsV&#|zINe(xV`Nyy z%e=?mMPn$$@hLC1E=vRdR3xX=A`=8RcYGuR&$@n6e`j5S+0Nb=eDZC_{fbSKt`t^7{+-Qkw0 zEq6}%1T0#>pKX8;kLQgf!uZ8v^XVO=oZ!XuuqgO<6FW?`=sy!XOBtaZl4AdvVgjwv ztP)IBSU(Q28$u+-$4#6P+1cTrg&g2BYA)vx)@mhM3eYK3a)XJ|o+x$MFz{H$N%AXk zQ7zlc2p0aP#44GMzjJ+AUIMZk&ED4B=Q!p&w(y!d+^3Hc>vtcNwDP zqh=Cok8QTdIBdsVJ)b1PJ}OZ5E0NWWM*4s4g|w&lU;j!^zkxU{&^RGu25`w0lJ~yL$sHHz6Hhq>Iy% zyX;eqw``vcE`+>39}4^HVl6j}l($(Wm`7PRzTdgefuS!Bwqoxi(Spp)cm3v%oSspU zDNR0WFNrEFLQDtf?oEE2p`Lc9r!K>MOC_&-ZA^SKLz(GJtrUtUL5q3>CNLpN3^z^f zE)YPiv)ZQ`B#Q2SC<)~6{PFeCL_)%Ie;Rx#DVFg_z#S$AvE`=dkHbRSFO2T*f`%#x zLntk3G~K&K{oTZaa>XBhB>CB{O-O_qn+0dwdI3D{s<^k#m9X{C>Y)`+yF^tOXyG|P zRIxoQ(y*9=W8j655Dp`Occ}OyUerKnhlJFv?)LL{2bEM(t$C$vsR38|YL8<)H)%5` zXt-OuQGkf&@@c7OPECYMitDOylyR$$l8vA0bk@+=kL&CT#IC}KgbzX*?2_ctc{~$~ zWUnikqK)E7bw3c=$XaEW4Q`q)mDPVisx|0_ZbRrpsTxW=vDxZvx zkW*#5$7Iza$H4&s(bHX{3}UsmKu*VmNL!UeTSb9OlkbG$;iQljBbtVzu{pkslOGj9 zL^#jv;Wb%DB!h-T)NlFavCdi6Dwmw#BBB0F%{L$|DLzbzvQCcaZ3AxsP`H12Lt& z2K3(^#?t}gnTo}{TZ1;>M@u!e!##Ib<>igtz8FzJ>39L8o3wRwbO0CDa4h%VKhi4Y z>-`O<;>i62smE)cLhnD^ahEPhe)%)6^s@GU^GcUk$^O5}E1ejXv+|@|oTZz;P4bs( zB_Rsm(`8!eTOLww59lv2j{q($-W<&-pMcco#~W0~Vc<)y2CgTmRe7|LZhjfFTo-Vu zGKW&&&?AWIs6h?_^$M58=?q<1X=#GdcWfXt*!Ll_x+5PRU^oTdNEqHhIA-(Lh zpV**IO1ho;4ULcM)W?z{jK(7S>>vNUZajJ{cj2h}Jo@(t8eJN&pS5Qui;gWi8Jm*J|8;~MKkQa<#iBC3B*vbnYtYsH%U@!ID^Gg?3N$>=>%{>j4AoWio--36G`D6`0A7t(n2wE$fr| zf=>C@C!HF6TxP$LRT#HiVQGEFwSGc*TKuk_C^11z4OyyVik~?t(82=t*ejT``JMxj zea_?MT5Cza=epeL=z%nWNsp#tXN>bG93^dop9l)s0GB<{W{m3xzs z2>G_6UkkwEvcBcr&ABC3sUdyPI}wrVx?}BN%;PF^s~cPmNSEua;NhV!n&KT`t!f z>CRqd6RFU^A5nGn)PjTfYWbpRylA#zrl2o#!gc^#u@icy!Qnn- z@=Z;Pg1}{FdT7;|>g6@!g?z%{2)*S&+p#LYvM>pu7WPAW7 z(%l}~^@E-kz!}gb@B`g*swZg6oU&X*$O0aDD)FW`)IdUmn0{o)HnAm0HQ$X_E{v$Ng5*&$Od*>cM^>~-mC{C)Y% zBu&b3aQRE#wDyeng{yBzbaia$rW=A+&j=8n#pM;DTB#4N=X5_wl|b{pQ?5|mdsLL* zc0WeD%%;nt{qQvPtI0L!WTD?NV~Zc@4-<(0^G1^i#pd<|*+yALf+v)pR=8X5TjrAr z^%Gy^@`ima()YX9e6f#~4gY&O1%-jZKZXQB&3OJuaDNIem6FoUwanU?7rOZa+OByL z(nCI03r>9C)q}vGJMZj0j-V(G%*Ozya%ily*qh={!~CfZ`)&E<#^H*@Op5!~@zml$ zK@T+spyAitbt2W;t3;;dXBLwO__sJ3C*zwh=eBL(nc~M?`35O(U3!APM<7p@Q6e$h z(u#tL6Mb6wPhbQ;@;CLja;{o<|cJ~WXXEI znW~#RS1ru3|AneWqBCtrdQMX%VZLCEmtN8u2P)WnQ&FK8{E!Rg?B9%Pulii{MjSRE zkU;Byj|C=5=m2lORuP5A2$T4F{TO(Z#rHG_fHw@EdHh_~58OqDiQu=oRI~~FIA$Tu zu&!qkY6$svzH1*1WS;q(gssSs2mf--WFe|38rJRzDuCfg-ZtY#2HO1AQ6iEXftiFn z<311b5CT65m!%V);pq0XhA>2=+-~a24hc3THjjEPThcj1VnSF%M-;|SN&2)%m}X)$ z(t_JUkzx3r@Wrd?h)ez=6;u}7*ryNH$3RXVFF#>Wbf2F*M5Re}J%%i~-Zy!0kiHv!2BjgdtJ~Y+Mv?#^EqP@3027;c$pDBsS}xazw=YBb}KM#Bxna+#a~ERC0dN&gex!) zBzOn&N=M^{-{x6=0@5qt2HNiOXN&E0iLJ%o zcQ-tC6YoXnVjcqB&!RcRJjH~FB*HQVTd{johm?@bEvh@)#jrx4@6@o`0@X&k$vt|n zNJLmx1jmbnWkUC-cDMZt#AK*b-ub*Gnd|Uz*tUF48lOZwnwf8=zf8dn9AVyY>llTG zEKGh#{c`=I;&J4jbCtF9pyF}+)kh1)N<vI45gpUS3>Y`z*sx`;hFEhXZDJAb_^ zMJ+6CXUo(Nm!dAWp2aJo&)}c`9NuqGT+|W!e0E~``iJPR!R6mP`hz)HmN#;9zcX^^I87tpxaik3s{~T)L zvwG{fcN3GdXe#^wm;3WDm^xL-?8SRv)IKN`rwTk&=uS_V!^>^p%RT!+xqMiT@QIR=Hpnj2 zXuB%5cXmkM?A!jy+7);sX7H+*jsevZw0=6Jcen&ml%(=kqC#85Auy6317EYd&{SNU z>IgnNFp-M@a_2$*B-HCxvc;(9KHJY0I>V(DLaP;i%dX^1>ra|YUxQJ;>pO0D(9$zZ z%TWqdsOtmRmDdDF;kltM$KGpqDL*yI6%r(F7wsDD1b{h8>76 z$%9+P?5P3-J#O^M+u7Fg@6wM+iAF7MB&d#x1KdQ8iw>(|CTm(d%12oZZbi5Ve+7=Oqy7;A-%x}RE)8R zMaJQZ$xAFvDqk=U^=8it{=n^pH63QFoLpR00m!M@VhqgUzs#csnP?v4rN{3TbpS9eM?hFWyO}38=GWP zS>5flU&a09O)9@%F{2gO-xOJ6{wt$t$%G1jgx>1xB_DDO|4jr9F$f@6Yb`q_BP8ad z>C0H2KOe6GdSd=AAk>Lg07d$Sh7Z+s=N0-|>i-t8;f36_|9-I{`|pS6fMlH`;H|j$ zC!6^3<3}KYS6a%YHMHaLqy7dA20Q0x{_;L3p6ekeeSLi=CnpMYQSEZZZ|!h1)e5$L zDc6@S$z}n#6{WTkW4WoyjhgJ{5iI-I>)&ZA0Cyw%8ERDk$(~`RoBsP3vQ8^HbOY(C zmgwl;vxNWZh5?6eKl&nAeY*zK}|M#7LNkv6`mYpJuq6MHBL5Ct3 zz%VrUVg>{Im8<`5)a);%`F{$UqVp>nX2S4q*_y5cGgJKKn3`163n&W8ajrp|MPI^% z2jo<*OC=@`$+Uy;6#X3j;Mo;a8Q?OZDN?Jcn9s~J#>-MYtx!RSD^V%9??jU69e?1x zv_4oeo!?OyxA85}G7e8yh-^Q^XPKA(*blBRpH+J-xV8C1;+&Gsx(poI@lC9zJdamj zPSTujHft>^zW}R8A8w}2!pIIw~wFE6uu7mdbkgn)`z-`5JR;`xgs`qnp zZRQ6WIvWc(A8LbT`I^|e;KVX?PDLsYMe}1R;LoIjs7kwR&@3#ef&qMnYI&|K9$fwO zM)+tyQUN)mV~)zjg@K>T!@bw1n3;C7me&UdbW*kCwtB+HDHIpDj7s@bf#BNIhx@!F zZ#Gg|Ktg?tjEHlX=(`}Ef5U1CDEuGv5c~!288I}Ij}Rz;nqVdyy^hCa)bdV#^udHs zYlg{$LRFe)>CA=nQ(;cFbQqOa@zJZZO;G`S>zW>O4B`yW%bW4Oyh!^=o956jaQ&GZbzLYOBSFWPv%xa)QAs*+cjLB_uG3%hrV!{($kP4u z`?OI1H4ClVYSk_Kl8DpdHlNRgC?|iB8fx*EzIMmQ$9u7HpA8j!N2-yCV(Dk5oC%U5xuJC zsLE9Kvt%-tzNg}tnL3N0Kq8+oL7rvO`Qp9Ha^^|L}7 zd&1HE`e(W~dHRPi%6-RD-JMV+9xP{8!7Ih(hozGFF`pV?2|-v#$aE2XlV>t@q3Clf zDN|Wi3H->1@hCGOQsz75tIGU9nr3Bw;OtRRaWz+zBb->{=z+b0AdVCtzo={YjR#6S zR4+vR&5RX#5Gp=4!8IzH^t8IWa{C=}Z ziK-#G8x%TW>Js+J-GyfI)=s3QTx<2Fc+c|Hd1-rzECqMkzur6sM zof2ABt{r}Rk-g8Tc#Zp9an#cRkVQ^VkoAz~r3p_(ZRy#7!$*}!Rg8-_z`7Y}f_WJW z8rG~Vb-3o7)*S-`N(X($@5NwuRZqIrQjP^aUd78vUR$>njbaSk-vq>5V+Tq%Or9n` zmc13K?dR9fi;F~d9ixJ$rS9e1GT;g|IYDd3!h`7#XY2*U01?C#|ISPXTV7CJ)9@r? z2kAH@aECC)A3fN+-zlb2hjO!d4oYo;pGck|>s}3vy>wVkvj|7VGj~1&cYGbVJSrfH zHltM?W=Cn(D`XCtT~WhT5fpY(g9A|FBg8`AZFmfE(z>ER>D6|d`cyqNBs9LC{+Qk0 zrE}|xt-owh+FY;srfe1FiAdI^!VXGQ-^Wh*BKU*J#K(P;oTF;s9LMXWQ2?RU@U(wh zLOMxxCqvOvLM-f2w-?5OTRNjci%m#Z5xn$`Ux$@18ZnE~B=@1V01 zl{tRfTo^ndaH8yO2mE}SqE`*vqI|(F&z3eGs9KJEew(451^7_UMTua_Wyg5G?~X$) zVS4?*AoSGZI7~+IR0SMg;cf|y@t-FQD()B!IIg$b@^>GkrEw{(K=#G_d{T!7#vZ6d z@)a*0q!CegeNQ|+-r#dzh3B`2aPt?`1E$J04?it0&|{B%QjebJREWC5SG#OM4MuX~ zn%`RsL=7poQ9=oHW|;b|(*CvUw-mR9uh~ra$_k3JV%o)Xow)N9V-i^1sSzS9u;rd*o{Cga8C`#9&Js1g*2Si+L7i!PGn3x+g(Xs+jp)6-XYmfo^ECehXD zjNiCdRA=q7lo6>8s6n+hCr=NFK8&`|XdL)Q!r&xjNf@Q(U!YIGlWJ7Z8VR`_^UNtndgJ*E(_1zi0}o zJv4`{^!MRgy8Bl3b;CYw!A$oGskxpcR6c>&l zjk{--C49AhY~AQF)M;jgx!;w%w6y|sLOalaTc$L>GIvHR9fgW0S=HiMKqCk9Z@;P} z$hx!ftkRoCi7_y9*1E9zs)4yLw7$Eag!^8Ia;Yj{o**geU`XzirUMy$6Yl>(xY#Fe zJH3EgGXC`Zb>_hS?}-daA(j^+L-UJL9hd3Lr&R9*oF>xX9S~;|s2Wr!?cX7p#&-d0 zP-0L1PqJ4BKA*$RdA3g2sFCA^AE)-KWT>k}8`kp^mTYyEnW9tohOannq4>gczvf;G zhDx_~KX;P06|RzLh&|l3bb{AMBkF0_UcZ1m6HGQ9cv4UKm8hFG2jn60I5aFk%gU-U z!oH@>NM^ZQnmUX%nU(T`Udnics?qz*u`Ibb`xvv+yA7?DeS@t7s;kP&@{>q^#kCPB zOeM)k1GDax=bjb#AF*~Ug~BPu0!y7eWY=w0NXf~6J_GVX z_>}G-GB@uv)Ziqs#1u^8U&fAF9Y#vLP+ZB7VH^%?vK_-tSf)P70`U@}2i(>Dmq#;S zElTc-D%^^e%+Gck&-;QenL0Cs!K_o?gpo>CB#C!dSD1 zicG^btNswT^}91VNGS#ssH*~U3?HhDXih(#>)yY%2GBOXq6$gO$vjMUxJSwR) z@bWg_g=+>4jO9r(>9#SMQpkV>40VNwb+T_DEt)l}&hC9YHTy_g+de3$@>Z5q3l_r3 z$JAIo92A_@5`>$jhEH;>O?sfY)bNBYT*^H~pY;&pwS2CRJsuH2AnCBnA6 z`wz9K$}J1-IT>+MZsaK0OhgQXuh0!Fl8ze5Y?iB9h+7Kp+%&k%Zf-JXYT}e^d?S_L zxJ$Kd=xJNr)fQcAh3Bqb(tQ|)Fp|->XZJes`r@u-1@TICY*nz;%7v8?*ULI-^JYMh z3X$3*wm;&C!xBU-We(%su&2>ij>L~%fkaXyEaCRQEln5cVZ5?@o5f=N6P53yM3Sd# z$hLG20^V|KJMnS?%h+?8#%GCK^UX&Mz)_#2Cka#rEm&Nd>S199wq~aQw`lZ=X^KL> zmAN-S`wB82T&hh|s2bfBo8lNY6~Er5DDpM`;8lcGxuHgO{rXD{j2UZTf)vq0fbMdZ z>q*>h+BmcVeA}zwYF36u>zrY#$zpN^s2993sUu@8=^8XvqL&Y#x_T+w2J_d%dKVWH zM}jRKwUjzCfT21xx(y5!=RKi3g(C~zQ-`_4*yXmH#7%_vmrb0WQm5?9sf#;yxod+@ z?}!o~H6)OBkY%?*{7WGsTIRgffkPZLDx-xFC3X$v&|7vE^=p|kn*6VcGaO%byLu*_ zRjegF#Fe;9ts2Ihy9SY)H8dX@^9`8&5nRkXx}5uznA(t9>W))9AL?nAJ!rVgAcNqW zzBil6{8s}pQ+`|9>E^&HJNpN4E3d5cDaj9H+412;7X+~_WRF+hS+);=Kl}=-Z#MH7RNx|+8Pu3A`n3FYCPD#d05l7yFY`|$=!g)G(AD%h`34Rla=-s30Z_8KO zp&TQ&9@e3SNy_{bVX_QFr2)t**lbqoVm+#`uIL14CSR$Id|uWY@Zd}{T0`MUwX3$# z6>)wImJng$#yB+_f-HRNqb%l$%zP}UkP6$?)%kTv{^0~1TO57^p2%p zV@tRjQj;im+8ik(BY_dsrbWJaI+Ea8SuKnsjLV8WZH*?oEamSUbDs06Pk4Y?@ z?G?E54~+Wba1yl3=u>tM$9#MRFS?#jTu_-bVLX#=$L$z0mFXad%%%|8$?@Zjw^VW? z_6EjxU5q&i?N|eXj`LtdU*p@2;EBlVw!$eIwK2ydEJiqY6}a~N<_16hgT3zmE+_!wP5eWja}gmQK#|wO;Uk7?|%NrL7uZaZ|j^Ic!##<$&c-F z(u^u5VshzT-Jn|_rPtdFdGh^$z}H`IC3@y~U}10?iLJWlgPvp&#x zWMBsQN4Kw7ynz`vgMZ|2NP~slm0{=`;zq$P%eE2|Czb@e_|^AZwHxwN{RZT zgUm1C$t@i~;A^2usfZR_aWILiwm|oo_!mrDE4#j<-w}vN&&zk>Qpv}T$*?mHdb$Hc zKMH52ZX+hT2)@(24;3)Gz7Lz+ue-{)kleIKEPTmv+@SUvgEXa7``NnqxT!u zu6j_L|CWGosIH~@;=?$~;z)-|jNBG)OO3`>06Bf{$$rC#Q*lg;h))00qLy{t7mqa0 z2DzdS_7^IuCMyij^lpRW4S&A>rss1Y;7MRy#CBs~@eObZm+F@OURxS<*w0>MCF%yA z7iKTm7-$+#TK6CgtF>G>*C(}fPlj8`x^bsFzHhbaDDp+Ojg_jELs8+z!co;@l8yAo zKOR&)XG7oDA7s{Knq zMpb2aU)KZsZ8BHOepb)1WddM?aICRgS%2?@Wo%%Wk}}RSywlriU?D>Zd=n=M{_Ue= z;;Jg=-G;(Sr`Vo}?DzW!R{cp{8$Zj@&AQv{(m|kq3NqAks~cWG2)0|>IeX;*Z|1-$ zbym_W#9GZ(%QrTMN(ZPUr5!87IryIAx1Q`Z-J~nwDSsxcY&K|+fktL5)ekCTHaML> zj9$wZLEgyRUwr6tZMS669_yIMT>GxzD zP6^J9x^-#P*)hTpxrii=bt_PiNRUvv!_i+cF*>N*iAtIAM9i)-xq*g9@ z@-$y_y%b6~n%)<+Vq4TfvCO0q5{?(1I$N&wz;pe6DXMU$okGL^V^rbbxaNA70o(1i zn%j2r#Ys?W&D|$$vz&B_P@0&ylmt~J`7UZLY1*_Vf-uRZ2XWw_%_GIj;?X$6RfT`$DqW#l3PJ5z3_YMWfXH)030$kD}lT4BQ08ywWt(c7=ocpg8I z`?AUT^w3QXn~aT0T!>3^|FYYUFM-XS*M{`{UE@3pfqlmn1%4uEF`|~h z;GhoaT<8lU9e%t%qS=;5tffF(#-W*{ymH}~v^4v>7#sD;e-2|q@Nlt92R1CkLhnV} z_dY1MsimE)JJZ!^HP`(F;p}0gW;N_E&K_7RStc6idHAsr@p#24t!SU%TUOYsshbj^ zpEh{--mg^q(=-<7YaLrCarlPJE!^!S;jeFw!}WbkP8L03ZX|Bx&d0E7ULHm}YCVd0 z8+652wI_v8!>OfKpz%Vp!3*gap4h`3H5RE_im#_EX?rfj{Q{gDKie6MkK4+eZFBz# zUtyPcWb?Gh!ieU1WA_giaZE^Q>=2Oe|$@m|cXraI4H>wROH ze(q}Cd;Y6we8S?_&4aD4>Q5Fv=`-EBlY@n~(Qp^lXq3fZgZ^W|<7>57zVF zFQ4X3ksz;nmYi~b%WyWI2h_4*pKtW8F@%M*)G?{*JKc9j5*4uED(i9ZU%|(SR^LFx zOJ4mlJ4oS0S2lS2Kavd+6AE-UG3n89T3#q3Nz^zukdQ`mG#z*x4?NkH(dr?43{=Ec zdolD%S)*S|on55t_cEP(HJChaPP?s+R9d2Q_dG#I%%G!%TJkb@vIrAdhi})w1MKKq zOZe9=qnLIp2D8&6hY9G^H#f5YA{`E1ABgfc_jaXZ zLVhY%f%K4boQ8V+TiZ3?M|pmt+??q<4MFs!<1?&9l!i{6387^hQUa^z`PjM#r1^wk z)jSxa>hu%|6l&Hdgq(U1AfQR#$d(&WT7NU+(tFQn)_t`7m6&Kjk3s< zhgoTMKRA4Ns{L3jQI#s2PNo}Yyzr%VIi93e9HX5~-%Ag4|(XmjkWOcgLY zDCtyj$MAqqEzIf@ght@=Ay%pilT*Pt{IonlOa%7M7$$f5TUdY#z;Kc5$ZWi$5E!;F zXC(F9MY8-OsZu+_+Oex-HNJ5715VhhLw6GNMVUp37!Ak+?rS@qI=``GZNl=C_}mwR zHIM--8SNX@8#u(HK$t+g(s`z)I-R)&Xq0p;ubm^fmNzo>UGp?um8ulQs0dTD?HFz8 zQ|pQKI$VSAyhdGN!%=%XG~jnf)J6rZ#F_`T<~(veSb`P2)d+nY;s z>=A}$7%ogIy@Vd!13Imb0QscZwuPZc(;#>3+t5}9T`z$XzYqtrLt@@iysJU!>lL}< zevdXmuPA-RkWe#uXB^GuFx|xpjrCw<`|+bE#kLSOxYW^WpqD{fB!9WPu*)dd?uXr= z0ot#&MG~R>-s#Zuxj3Q?fQ=in_fQ+oTg4-p~M@O7;@6zw353A%&Gd@Nh?;$5RqO#%H#qiWGx+&7$b+q6Cl zR!Y~zXVZNRe$sJOUQP-+a4*4_Qb29UA}UQ0@h%aWpCER6CC5}rXwuef`7QiY2X)k^ z&=BV{!sNmDcumy`x7W_xo7#7~)x~L@v3E#N7jrKH;8ys_9hV>I=7=zP8ihR- zO~r|5P*$l*mP|#O_BI4^ZWYA|ZnA4tJxp^rLG^n*4cSFRolQOl?TBLC)u=pq<}z}p zetz5PI>$tR*7`$}(1wLPH0%3FYQc+~8pvWOL?w#BbXL@~gfki{+mbHh&b=F2fioXX z49R2NioL%@WUkC?OKxsWiLM-G7!S8xyrYVL_esQm2jJ-USjEz{3SQWmv!Yv=vRla# zLWN~w$Bmo~aj@o8;#|4=TnO&l+CI0d+f zOX;nDqmYwTTKb9y}ALagWs*u72k2>o>Zq zoR4ZIwp@;wwD!pby>@pw9C!2__rGMhSN@mFB^OL)%@fj$J>2VVXB|A?imgVO5Q>wX zy2;4RH!v$XE5mi8*H@Pc6Ndox>Vs?tuKBp8Yu$CL!ig<(E6?jL*L4Q8YRFWb+>rV5 zLdp;o_tM>OrE_cDKV8(j!}LXJNPcxb&g<+zO>HDBY{X)L+OP$gH| zp*p>%9S|>RYggdrJS3KL;YyUsY=WatR8N_5&V4{z!NXZSeI8j|agS@bq7T=mF#KPt z+r(5pOJ@^;s^tX4@bl8gJTvMEI+>lxqy=793+1;me)rAA|1@Wz=79f%TL!mdvfvI# zfU*dG!-Th8zv;0lXz(|AL-)~f)fJiHW09aX$mC~zd1S=LOZDaG%2>oB9rNz$*W-dr6+4oBpk4vwDJeUT-4?Xy&eqM~sjns2 zFB9@ss`r}t>eumDWNlwGQSw$Ilj+czOM+f8Yefu%!9XT!O@v(h7o}v4J6u87so80? zbuKb4L6_GHXp%fn3l|$62>N&=zuLH7a+@4cg%>b`bSeJ!Xo1pxs8r7B%|M@4$?(m|Tk(0frpkS<-i z^b$gq-lP+%^d2De1QG&-PB=kd-`{tC-#1RV#$9pmKBWbd7|=3IO4`8;dR`Ml@? zZ1>U&fti2KDInq?vW}n`GTKVy*hsT&@vT$*FK4kNNYBr$gVQ-7VoI2 zTxC^;3Tw{$*jG7Y_YcgSadV|Yc4B=+t3La@uHSZ=8=yeoLFG4yiet=!@oYNz?$;zZ zqRIH;i8cMLx^d(ur0RVu@_N4DPBm#*2Ys*YditIj_bksbkR8#;?St$Yt zxZlxLzx)|s_bFx}7Z?)?dZ?a<6^hu)LrfjRWmfZ7BB(r%vp+}5fuj_gAOnvt<8~n` zg2!Pri^A>oShX+10tZIR4(6HW_n{XNpc;p|(AO|lZo%3ltl>Wzw>xZ%TclzQ|AU_5 zf11(BWTyM?F*Pm%>;qpqq4CC_%a9N-Qr?^;7sf8FP1;k{8^v!JHX3h*t*{XqxLT>VGWtt!js|GAZAqg11AW zP>L78-5B0^BIj&3TUfBnZUQAp)qnqa*-NG_%Q5e_gxJ*rZq8{7>hx8H|5?HRH{`^k z-_HH_=^kvBlGxiLX&N+q#15NFIJ){B?`X)e&^@c-m6rmLKPB|sZr=EA0Y}|(-=l+RPGe4o)m&`K` z;Oz`5^yf-=Rwa$wro~Ia8o&bqCCsNe~q%((+m`72TT)y0L#4@ydfW|$zOT(x zB*YYdMn6%TwceJ7cGF`zLQ<8_2sx|6cGnM`E^>0ZtD41GK8 zHTNY8W|mVC5!fAI%QOlHaIYP-S3qRgW$Dqz3Mb)jZ>@*Fy(=r~MKJyImwX zXvYm~F+0G^&4GNCmtjvEn9!tu%~Qe<7jWSb{`Cb~Q=!a1&x8DAp7Ru5vzXeY8!9-O zPFN7vuMm}MP%=ZSh}>PZ$-@Kv)lfl;ldjuOGpkz>_vQ|jsNYmCtHNR!P46M5PfiwZJlE|z@T+R0ujO_l9U2NI3Yh1|PpuImoPzatz*TJR#~%oQ21A!Z5OvVXGA3oPL|K zS3P>p?R%BtSf@62Pb{#A=?CMl#HM=E#pbKTrhA1Id{rbI_ z(Y4z?wMt3obJN_wQKw?W+^fydhZi~icywL;e#ChQ8IA@q0_@Y?Snf}u9X60-_4&$Q z+0>Y(Vv_y}u@v;sce484Uka2bx0ea09`0Mt2w|?%9+_^h1zbLuXt?VOw=o(R@*z&X zyskTpEI-`3(%7rL`5(!*YiiK+HM1&oaNipep95g%y@&VP_VgVE?pegDdnNDQ|{=HhS*j-?j=#ITFMQ?7u-Sw2>DVO3(2$60SRMY29n8 zhbt55Zp4mz@O=xOe2MUYF*1%N#6=J78NR9}Q%UsaZfvejHdRLE;?hBo^NQqXv(trV zLgUympRVhqJo*CeNAE|wY}Vh8ktk?Y?o^~5NB-yvnD}v~^pz8kRwq%r?Xh%= zJg+-lJlCI;^SC{3|MKz>aa11$A3C}?F|uC}a)u9$?JtS-gZg~AG&e@#m5P3db9I{b z+~}-GU;UzRZVFurvlL+xljUiA2@NTE@YzVJH=wtse8iaL<}Fqt`gb3%2i^|+@%qtB z`|BS&Xaiv56wGj;x%SY0`ZZG9ig_DTG3gFMuytoHlu$MG!RBf%*Nl-VQ6tKWo(3=v zPyg~4IgQ|S_;{j2Ne7@rjU%v1xetD1r0&}z5zW@aYB)H=t*4x<4Qv12(j?xL;c6vA znwh%l8Sp`XWI$9sE-*4BE>yCUT#{jJf^MT>;OU_bSmRB49zl3?5ok5yRd6b(bRi?% zI>#WN!Z*>?&yLqTRw<7AoB56$VEB<^?ByHp@W&5|9fRs63)3;Gq@%oRX=w|Nm?oJH zUV_S(Ucq!j8w>=B_EpND zd{V(SZdHVZW$=zgM@NbM$^usPbqrKB+BGYjP%QOJMONO>K<9jXwI?-G{dx_!9bGlj z1}9n6tM$7OO0O43b(hPTp*=w$5E~1%LA4yt`kordjkx7}3RQ64c6hjSFSuP#w{P&{4?{6Z;rHCKd z$1KcrL^6ahvDG(s4hoP>Eo=>SK;cDlm7BCq=hkTDz=6zwxP_1Ru$luu4(hOK_Zru$ z8fO{9g9cOb)9xJ%ZE9ve=~9<`v7j^`ujgLQZ~t>g%}|ie<<#9>ey1x>kgaok#tW$T z`kmZr!n;FZhPNxDk<)n_q;SMI#~AOgT!fDI6*^5j6-h^_I6nvDphS^42d3LXF}xeq zrE^75>8HE?Tb2WvrH{3HQg9%8M&x%4zuxp&AuZ<74_n1Iw`I4Sag}7Mpb^&QM=?gqP5@f!kx|8)W~O`N z6vaaV`uECf_0kKJL;E6u6|k_wNw6?RrCX_1>jI`?DEvSNQ$RLGZ8`g}>x&=7f?qDY`l zamT0!WK|@H;?sFnFylg4Q z&SxNY+7HuHg!;xxnxEE>kuzRBv_jbGMs5xj||Mz&uBRZx8aLp8kc5sE&Np};=5S(jLxMFXfT*ZFKbE>^X8U#MPq}n z-2RFg(XY`kQyrKBJu8&{ix|iQn1Yk&;SuuN*%(PCLq~+p~z&pv_xYGV$T%hwc2T|~l^^R&2t!7kK6m*bc&C_>| z=;HQX<5;t3vq{0J5!$E8_U%{&nq;Eh5X5MXHS5?|l5`DB@<>m+)bAo4K_+_1Y@$l> zwJU_)=uWTy`I+gpDoqU21MW_yVkU( zW9e;SIuVi5ZVCw{JznrL&3z>$kEk>HCg;M3WX^L*bP{mF`db3RpIn{nt3J+GJR@Hz z(#u{sc=B4uIa%E~vPt5=l{T)3Fy5I|^G)Tl2J%qjEsorV)%xeIsklM*PE8N-&cKL` z0rhuI>_N`@(A;+LKEDoqYxrxGF{2ROk!% z&-dzaag_)1_&Pq_*)O~%4u6a+7Div2Jl~YIc8(9;IIxqqMBQ50;>65Y1_mA^)f9KV z)txF)?Ff~Vdz+!tB%z4yP%&N@#A+Dx=&2k-tjU}2sszpw0RsHH40o#Y??E8@vScmJ zVX&CC&ZY$~xUyYI1uUXNG>&pF{egWrFh+c4?j_$?8 z^m~#Jpacb{&D|L)vP6xQ`?#JQ$z{YgscBV(w6XZ!-r5Iwkx_#pN~|pz#p6P2C=^V& z!B#mGVzCzSwMyLcwU=6xA}QE@k{=GXYcai-r&MY4<$3wNKC!nu6$JX@nf)AlNI~H)Ts-&CUC(HQDZNF-LfGESxive=&2m5;{^1pKRSd zS6|ebv4$Q|R339eYg-kn*D9tU(OL;H)k_mcEkZV(W=B_+lU&&PB5vH0qM-$hfeg}} zSoMpAC;4;52#WGDi(&-?J{u*x96I|aG~E!`!_{WPFYizu=l4LM4i_Y%qT^oW-G zZLl$CO8HD8yU;6x;hRBss;er6qqdR#<%D5!5;pVd=an}y!U z<7-Twe-|g57bl7Tt9@l+hF8_`*4D6FsrmztuieU#N6na~5{+!W((|F&q{H5rYBSWw zVX^tsQQh?LG7py>c|GxnOgF->0EfudBF%o-+&UO~1N)jW-&)~akJipmD^ri`Omrm` z=RI*8R;FjDz6bo zR+CpTtdHE_Sv9uP0ylwsxS~wNs1RRiw-943NY{huM=xZ{IyL*=^NBBvspL+o0G%GwjkdD|#Yz76XPx`IbP zI)Lk})S6ef-$`9wo_SYsrmcgxNRd3&B%FVRGF)~TG2NA7CUH2ty?tYE81Kk3h^Ug^ z#wd7IIe)PuW4eG3#NhXIi-CMl|3r%v58h1T~DWJj_Z{2Lt$Gz(+}`D_LdWLoGEs(Wfn*s63z20JS2!lX$U%Zlbfx@Or|m~ zgq_R!ym0&`JG4f3)#@$tG0Csy=5G*>NdZs_>X#dPsUnVFEjE`Q9-q@eI6iU6OH!wNN)W3M2#@|NJwNG7o( zc}cn`V}`mq8T(0WNMof&bMC)otn{e-)ru1Pr9Ae6vI8QCp{yCK)V~h9_G9!VsSy!( zv^i}!)1M-_avrl!$woe?Pj?ek8;uYD{e&+h7La=94cG*bQCEsBz!TSEc)&E7BC*RK z)kVg5XfO84PVnPd0*f{R(rojm7t>4i2Ja&T_R9fWR^CW3wCrA-4}UU8%kk?ZOKU}J z5!~tge46K#Pp&?L8;FHQXJ_ZBG9&)7ig6ys@XXB2Rxh;mPc7$r*0{_()%o-F&P;WI zgIT{%xc1YhRKMQo;uL*Wm2$7|zJBNJe@t=h39gRF--lgWqy00>Yv1($bx3^pAA?-` z;1u&GdF`4C`#-k3)+hO|7Si<;ab3g1!$!?syzha6x2kWEr0A+6utUPCOF92($i$P$ zg6;j)>US}eF3dRT;=4b{udc2>R%pNpXxmQqWL0-~K>4K$dkt47r#*$Lzvp$+-C>F1 z@6qxAf!bv-`mxTG(qZvS5rOX9{zAz=XPZ_YeUWc(5li(}j!A)i;>CZs_dG34e#oPxPHiSlFoV$CvOi zNKf9k?xU?fSW1P%HkXSWlZR+FHDf4>LEpajtK_AGfwqjZhCIHJ<=76o!henULrCYl zs^iIoMICH@CI}YY7S2nRW5NFr`%l(Bq#UpGnDxDXqO3q>54Qs3X{2_jjyD>=rWGg; zJlgivlrY0m3*}pO_+7;kz_i&V72nk?^j<4$97lL4mS+a^>#cu{njm}-nhE(fdQ_x* z)KbUgch@x89HpMwvVS_OS=MT4Xx-MmC~`So{9`t$#_u?Jrr{C(5R@VJK+=ZUxj$@v zHCIJ(IfnrKJvcvcw7jf~B6~s-oLaz|9GB5A)KB?YNV_Wq*Lz5!a!RyKYave+U)wR) zWrcdnf7a*?bZZR2ASmmoN{}7=t5TS=pk|3*ZvJ@=>xUK;6r37raA>z2wlt+-0YyP`S*fqfr`hR- zz0geCJL+!*%g}2rG3gwj#EmU&k%mKbU}n@&a?VwpTn+G%qY)8BZ)M?QV<~ZWn#YfV z>kDeca%x0SsX0y>4)bl=6PDLO;=VRq9tjh*c9;Ea5Ud-p7HSwr?O}{frQG9$r;6B? z--ax{%`?1hnHfKYY|TH73Zd4M!jcCC$fm<17Oj%^6Wrt}UYFH9y3}V|sU7~9m5+<( zn-vY1wKt|!9weS8&ZPsQN{+cSU9wSDjbu7Tm(=Y+Tzs-tDZ|<1+m!SxouPRhnTOE72)8z*vhvtomYc zsFTk#dEqr%3Cs!D_fF0cI6~QhAIh@RJNJ7PB$hT*9v6Y5`Na$VvW@$M<1IWXGlXe& z#d>5c`HUEV2MjXEoSL1ziVHP?F2?K}6W098{WNysAl>B09&0aV?$gYkt^zc;8L0?6 zJczr>e9*?_9F2ffGZb62Xuj|lY~u*`2DlCyHp8x&7-78D_pQTKc;dY)4>BB@q)h6+ z^+OzFdvP{J;P+@CGQA53&n*jU@`4wDP{0&kuJGah39h}agXfyJW3WAX*(#sLt7;`S zF^{)Uq~g|lW+_|rc#_;QD-SPWe%=bQ_F{g<7oL(4Fc!BrvE;4He}k3XmRL(?|GT=K-9rGe}Fyui=JUIFb%b?)I}T5t?+A^ zspNE7plW&yApq)^{K{b=6+piTgMx|mrb+B9D%5E(92XHMV+kv;xBEZ5;Vd`WaN|Cd zop%ZErI%--w_F|QuWMJ>?^;rIhp0BWd>N}%v_!Fi{4e_;;u&K8eojuzWx`d;7dn{Z zae)8XJBPjgvx0U)vT+*q#1Usyrthg0=XGnYZC1af1g-thPb$u}ut<~rVlDgus53FU zzkY&{B%cPct>>&W-!1&E9hesI&Z5H6b9?3RC`kLdGc(w>u~5Cb_326W!{jk_UMe=X z;9O)=jXM5@fi6;}JyH{&dlm_os#zn^^LY8%p~>a_1wgaF`!q%ou_+?mcCjwg6 z+xGp!WIM*jF%hTV8gYH&%04gtwoet-KB%$nVHdx5ZYNG&lCO2EICS3{T0)gIqvkl! zS%;aQAm5x_<641c?$($6j_jFJwTiXo(wp@QTNYS)<_ptapdAqyrx_kEc8YVo)I7e+ z#yX{>C=py)V5n#XQ_}!C>iGEmSc?YEgHAP}o>O=k5PIK!ffs7fSw5>joWtbH6v+$(ID5}24Sbjte#2Xw-UM(4H|Y! zcRB=lnaG#zmz$dmAv!%p zx6|;Wm?(2i<4#?UrFKv!RgxEK)LDq>gVyr!18HZ!2*kD6*5p4&T(q&=@hb$ zD*t6`<9O|@tg~X4*oH(7r}OH+8&f_(xTSgpjB(`*}a8U z`CqW+n$vh(mogl%`F+%*St&v%L@G5UEk4i4x)(aw&Iy(@Jt*G!nA56CbG_tbBzk=P z8UFCrT;e9b%FlFyl}ukg0U3WQpss(O>mUVhT48R`T1HoY{OrtG>@akJX*oSYF{)fZ zae7PFK`J}EGx?*y$9@}4`dK;0aN8%frj|ibE{l=Ovg?c^Q3eSBf3=Z=HL!>_e)%`m zA~xpX#n>6<5DWY<{-jE_nY311$(`q4^Q2H3@aL2K`7-Mt>@*3OTn%%FP8`Br43o(a zYrRbZ*3#YPKtrpJUlH)Na1A3;8ipwo3P6i^wRu;L%@oLg`J|wws&c}toYxFx(h2ZS zw(d7AYo-A))7i8Ek-n~zpTUT^#35*S!`M^*A0-~_xaBg)^_cVTS5w;{nY7_GUlzA1 zTnHS5DrT&0_X3zw;|3YV_$)0+!opRgYk6m2MScDbvLfkV#@f>PSRY|Z&fo?_V33(0!loW(U+;N)H#IQ?ctja%AyG5K0-KtL)}IN_?RWny0R)K_ssPq}6#ULw6iohC0%F-)bF z&WbpE@%}>_ebP*t1@lhLtvJ$Do1(<*efne|U($Y2c39H`b9A2j`b5l(qlu(uygt?Q zQ9H1`-bMX;W;n3RyQ0`$4K^n2B}G)5ERrR8%tT@>H=M%=T!}E{4!*S>ypK?QyNS~rY^(e>7Rt1?}5_`n!?gN zOX5n$V1tOJl&G*Uw(KGIhA&}0>D0Q&!yNhOsQ7m)bn~+|kMbXS@Lc8|kEyG5(4Thq+;t!VoHfFIDsZp?bQkP}D59XjC z?vU$s_((4+#4G~x1C|v56mc|eCgoRVc)0gLaQ|EI)Bu09_sBRf1g3j6xog*0Z~YFU zbGt22>nEzpL?sZB(oUss| za6sMchU|Lk?%&Nr`YC>g;YBE&CO;m5WG4A{k7)&!Vhf5SupCND{qMzoEs?VFmpIwCNW^$G!B?teq7{09{oTlL=K zZas$L5;Nzx{RTK4ScsyJg(#WdYSMmO^d+#kBO$yTzbA6-+w+BH?<4G&>!09Qgrr?& z$UDMi{a`?k(;Iu?@vp36&-jgFk&OFYWJa5N3ZUm$FqoN|%KgvzC-cqT?)LTwtU~WP zZ(>Tf8ESujAA1@6S!<iExsMXIuV@ZlUAbk46 zAE0vWn%UF;Ex_;}bad?**&l0N``?8+|G$6ntH`%Qo8Yn)2h-Xrv^#aqnvjW0#;#y0 zyBs@VYHbZm1+=_qE&uI~4>$#-teDnj^yT?f?IrTfY`-%1<^64TLH$ZE{YE#oV=7BO zlfS_xp%QlM@N(qDh**_FToEHt-ni-jhCNjHcJk?WGwN$10%oXwc!;q(82eZMAke`N ztbU#szb`8E2iSij|I)=#Mia2W5F)R|^asB3+^9TWL;ro{H-9hd4;C-6m8X7p+>#!% z>!km2z)!qhXwnp68zQ!Y0f@aXe$OZ6y3YCD>CukV-K?@w7Vy{#?2EBj?gIe+(7%=!9q zhIln&bUlZ7KYKWTD6j%LQjp>Ai_BzCO_x`n5JZhEieyFE8l0qS0;zpXHgae58*wta zlnq)$%rS3mk0UjU=MxhX%9;UuCtv=sC%iU$teCTAqlFmkzEgv<9>xJay#**BXrvME z=MC5PJa9iChF*d2JhKw)rtM%qVA0>sT(v#nH+Vpob;Aerb&e!{$Rw8eFxZ!`npR+(SywJoDvS4@& zt&)caMw*beZq!bd_Ld6Q+DE!k^Am2>Mj+3QfgI3k7yBl(vP3?wAZiHgd|9>Mu+iBn zv{!~)Xvzw9Jd#pT9(F||uPJ5lZpbkh^*=$*r-)xbih9t804jg(d3F**fA~ho;PVr4 zEJyJ-#$Smz+{-*{X*e7qu{MSGG5J+4cMKmK7NJ@k8cS@e{LWOH=Nm4Az{^oIm+79{ zhIKCxMu)AZq6>*8M8>rh8%9XVBlfQBFda|^3}8@yI?*!76;v2lq)ce{S^JaGS+TvT z%bBv)jHp~lT!#TX)1R4Q0?T|ve_iv6ZTo&UE0>RZJ7vqy9Cb<@ZCR6%GXLD<9EbxV zzu4};_tMfTIRyu2T(02>x<{FEk=O`HiTiH23hHKNI8vcE{sM6zle8PMm(VOXVCKh2 z(u^G;HV)iB%kLYx$Sx~pPQ1~_d>JyuG@KGYb8*tMIJm`YZEw`rvOy*dny`ZS?{s*E zW&tAn`8cu;7RDB6F3?84-}fWDUU2i|6Q0$Y7GH0!jI`Q01aap~4eQtEU__kJ)c{F5 zSSB%2pU>oCkYhs=;=3N8n*}jLxg%NUn_ZnD^ys4&NLl9C<>aw6_mRE-#o#9tC7J!^ znCmG`MxDdakmzve2(3tMt5#z`_XKWSSE?L#OrGx!@`q5CVvh-LSNgp-q{_eTw9<|? zequuYNj!W2TEHj{IZx}0(epn|G!*guZW`&;4E2UjmKib4SodRD1!YNj5Ri&Pq$~h| zwPm01@&R(zuSS=;-l+c65`M$3wTgIB+@;JP(`XIochA)Jo^ro@I&Dp1Q$hMu2Q^kZ z5OTeu=*Y-hVJB{d+F)dKwwM6B)>eP8SX;suMfYE;6x|#I!QK4wy1De(Kf=EF0e+{MW#@`@aDdn;&3ehvqDY?GBE<>4$IR?SUeLBW%;XS|E>@Zm z*1F$wN%i;;OtUuJMPsprg;&XN9SF(-vfdKfud6p4s_J9{y#m8yI% zzkr~ncy|1xwCtP1leVm(*82`sN2@k0;e-$I#*r8^l-9#ctPk8uRLy_UCV=Z=bM;F3 znuIR^QB><(HJA$)?@N!ztR8hm;3O9gJe- zEDNFlKZk{Y1%*>Bv)r^>zC(AhU89-9m8k%H^fd8GRF+ID`4cyrIShVU(%2hZo~w_z zPv0vzE)+VdUdSn1U>?VATr@3v7l+$Mw}_b$RDV^bC2D7Q7fbeo`kl25;xn6<^mKl# z(3I^L_ z@fjIj5#?vt(lYrDE+T6YL>->^`|qD4nI?emlhIRR8ub^0gvxe;MHw`g!?n>xJB-Aw zqAf=0L>Kfecs0+$qgxs$qQ(a^kqSnOWwT9;Hj~(p1sSSohBAT(7;By(0U5e1(tc-+ zrruFL47h_hq?qGYwEDT^)yiXj&Z{h3D>j!$LrZw{hhXW26e(Z++;7n7%gejkg3jy{ zf0_Vph*fns^{6sY?2)Z{B~N9!(V0JC>1QrC0ue1G&5+G_Z&-_6I9Qh1FE3+@5SQyL z8+IVKv24SitVE&_Ia`TsKHS6XwJ(iQb;xMCcKAhI!b#dz7Acc%!?y{4ua)iT`FEPd zdtY;)NM0sJ`hN1i0xHD57itlM5cDL)oYF9oBG?A-Q(TR)cd64-ZvF+539 zwT#+M=V%L58tTz>a%8ttY_ag5fWRMWG; z#fTP`ObLBojAof#OLTI=WR2jq z{|Y0IE*te+ANwOA?bG?~37QJspcW~#jgHI(WMS(mykDNo{?hWmpy=bX@F^_&QYIfc z`CV0fnZFHkak`(%)QyhiQhh^>@qx#Q7w_ecajXHg(A;~TF{ji1h1-{gDr?6c2PIy- zIz9&rAefCoYm?_j4YE-WiH%pz2hgbD7S*oaQZ^>!LcOc-w8y)1c&c>;#YJ;RO~qc(NX44_J%@Sv(QBdz|~o0L6rZ1AA@`gfKawwzmlK z!Iul57Qq_N%Hsg|BSR0JWGOopn)@;vlSh4|{|c4sE_Hl%_jhR0W())kyQU(k=bY$u zgDw!DROb~yrk6g_Yju2S%kyqC5+dMxVst6nGQ~3l?f9LNaM^UJzfp}lHCT*b9-=;D zttX8<{k|0U&9RE;V&~Ja_-XED{qc?H%l@^oQ@W3H`vr@_=)O7Tp)%}3=O{=&(~YEm z)VrFBv%+gVK3p5s>bVMp*A8slx4vCdw6QpayoBNIFLyT28R?Cw9akN*ig{5B;mH?t zpBegN?p6hO!TXRUzE;sfdxUx!{&Hm;9Q9||oC&M~vM5bzm=)W;?pkxS17{)8gtTBJ`~d%ai;k#6@_xL9^KCiacyj z%3KtALBa0Rx;xP_0q&qU{4ZeNrLliYt>fuF2iZVvGy8l!W~LfJgU=9Uwfg@a@cW-e zsVV@{;o;HK`fIG>>tt8G^RS=YrC%^NPVuk)(Ek9FUCmLKmK&D|pS@13_Gtc#U&YTI z3}|6%1z>*#zPqfHSD66+*VFl1>QM`A1w>XH;)B@KYFT5?IxjRVUD$nqgZ1}cFSQl1 z{KKbQ`}D_A*rfIU|FI$ulSS*xnn57De(w#k0a9ZV=!XWD*|YAAfkeqVkpqjL!Kn40 z=2f0xuj%ezY0lRuHck4W$_N`9n>qKuXT-F3g zK)vhG&l?S!@`(f5-(ckY$u{Q0J+5Y@Yjx+U?z=TWmji7ooGCx4$ZXET>x;3@D;HGO zxeGK2M}`@qHS!mezzuE+Zi57Ts#HF^*^{&9RrOhj9*v-UzgF%?GCj9>IsSf8{7`i# z756uH`DPhTKt0R6liJ`;NZoj_L?q0Vm@Zb?tTyB5BGt+~(iNzO-IjEJ{FsW8lImpa zq;r=h78}z)`Xu;c;Tiu+z-q5C>McGiQ?4KYX#WRdd7f7FMtYwEndopz{D z^&rFJNA0R_k?C^W1!W*R?D%VUyw2>J3gVKXo+jrPr+ZCa$yevRJuj|me}|B(()ry?ag|3x-c-z}0u`c9-he()=XF*@iUgn@*V!m)`|i5?aBq_H zI#K^LAKLGs{>6`8l}kQPj7!gmRdcJ5>(CeHktDoy2l3Bm+1)%|>%DHS2l+=ssrZ9t z%d??vwTsk`#Ds159u{9jP%K<7@js!#Vf0E96&Be&oC{lb#+$aZY<8JX*)31%O9S&G7cUYSdh}l z3<11sz4-X4zjBrVRX6b1z^oAZc|vGQAzOH+aE&~b{v3(HkOJPE))pndUZ3S(D4ab; z6@T2DZd7{naVU!hibE-nFX|6$4hnz$?+=NrQdUE?hWQ?I%VB~eDR`m#5fioiz@m*# zott%GZKFh4kort{o~46`DfvUDL{~b}e4GKte9TZ<@Np`m7%4TaDn1@Gxoix9 zhIoY^vP}LQ^WLdO@B@=YAAJ9s@RY$6;2u`JkF>M4feW$XitFu@x-5(=cppb>pk|=t zeN+;ag(X0Sg|F>FQOW7?It-o(zD#5YHhrNc)3JOi%&q)9X;=8L5qV_mvnQUob8!9{ zSJrs}?(gy!XV>Ri;?xYE6gw<;8qOFmb}}7-JxvBjKh-;rpC3jmFs@5NzU`BRpasIL!+zhN@_jI6I!KSod3v5Jp9~*nrrm%>5^EDhICJgEv zP0SqJj~L;MFq&p)ljuWkQegP8gw$y_ z&wChoWABftwwQ{Fijn0OP(qE|)G}vk?;$`bK2hmiam$-X_ z3@o8Qk=-~q%P%72h|vGJxP(9~SU*iTDYLK`XlLPuvM^mItztT=##z~>el&?&(Zo zUp|FYCPKbY2Pz50hI;A8pESrMQOAO}^j}?IS4PQCk!2t~AGqKahCSeDMK+=S^g`dpOpC5eM%IgCMZ@45}PHh*47^0~Ru$urxD2t?;}&Z2ld**NDB=;FCHzCtpBBPQVPo<^QlNtqw>`AS%s$}$P(V%AbQ z+2B#sm2d=h=f~aE&mF!E79-Kp;5)*LNK187wbLbo`pkd8)50mX+7oa&h%b7$!Fuz% z!yy%m8v86qmg?gjoJR8p$#xyZ9v6e*hts6&zTb)m`@Y1gn=4oFdA|ev%(XY9GEk(@ z1T+~Mt# z-Qc(=yG2*bC6I5bhn)K;u3ugQ)H+}yyAHTd!)ed}sEtVM_)s~D{&=1fd=gHxS>o5< z7T(tHF!0LKTWY){oxAad#r-%s3p}k5XJYAKsbK?k8YjuIN6q5xaswi|2HTHfb&@@L zZ10LI%A~1wJs<0sJFroA)6YFJ$b7s$-sx@e)$whraK48ZH=rzN_hvy_VU&Z-d`Z2j zlw!|Ev!aH?09@;@QN^AG-p9j3so$RA@RQkEIKA`OJz7ta)>MB`Yh1cHjU1>`B>$xS zM8tTwFeT|zz0HPHHc|ZP`tQwgkzCjS^ak#f64g9aY1Al58T}KJH;?Yv#Ja$ISo{GG zNP>>l2|{JsA4v(l=#f3m4oDatBPyz43-iwrlQCHz7py}+Z=%#>!!?Z)kH0b&83*t6 zERiPoS8r=3K(Y5yH+A5+oxQ}XpNx%>09$WsJ zL#PVnhQ11-;a`P(ysoZtJo-2TL7VbDf;&w4g-!W1vhsbLFq`hUv5!yPbJM#gonN!3 zl54fqDz877h*_}pAneK$qGM_J7M#q!xRgH(2HalJ7ii;Cx0pne4jpF~LvbyNESR%N zp)9%L33!_yNen;kYUY{FeLy1Pt)+hN0wt!OR(aT&AZ9xq%5GNZ;jE#4a1P4E2+;cj z)ara3>io)MiRC`o$xstf@q24=j2g`RtoHsHs+<<5*5u7lc`r55k84;t-b7~gQ3kia zxou%xm3rKjB+aE(WOPQl)+an)Te+w3=VX=~`yVIyhYBszGAGP@e@U?k= zkf!^^*kZlk)VoTJz=}V@gr3kbIyF;_pQ~Jv_9RNo(!h?XvBL96?))Ji+l5&MlBGi_ z1^sT^+IRnM^`qBI^RIxSMn~3q)5dLnTTRZp5%x2*xO3h;7PT4iB5lGoL7(b}dxBS; zQ)=XnOcwX2{xLW<*sv?=G0{Ynj){cUO^5=$26P2_8Jg>;WIL`eD0;li^Hm@HVKf>d ztxz&kbJWSSw*(TY1Gb9t&OfyHVnP-^3^f%T?n=e^u;6dK1Q2|zZY~i*ZezBA+}VJx zSm9EJ)z%RcmyH`*At9j2_L(fQb;nZo9~#iq$u~6MSzP72gu4v2jtdnInayMNRU&@byN3hOycvJqOmO#xd(_)-o&G7= zQ*{EcO8Yg*z59!fxcozf3|SpGEa`D-xf=XoJg*$=y;8T{;e}}!QcV&WAjI-*Z8!SZez{nN{+MVBsxxlBdNWaSphHVBuNa} z&>P=$(BdZ1PIuj?8cQyj3=C5aHj_g?WZ-SR@LF4@rskd#K0<0|HTeY?;T!-C(cs#` zU_wL)+uQxb3Ms|PXa{d|_(#;R^nYvbyQ7-gqBnid!czpEfGE;@f*@T)Kst&v=}kH) zRZ0jw^r#3(m)=3?y^~N95b3>_K#KGd2%P|-%vGPWX8!oC>GRLbKdi;d&Aqw%oW0LJ z-~RS@#&^#C@DcSl(*H!`du&9RIWu@H!CEqv0^57uKtn@_g6gsjDC*2*lrCm!`o4I= zgU9}Li>7KVQm!=|+`8rQiJV3_Lo{y;|F*m*Y57udq-C`;L&nREyimS^+0(i_ySyvv zSLtbJO{kXn12u%SZ->N}zH#E#*3lo=;&+XRG zD?_Ag@59-PTk&O71O0t{D(R_@7n7%8)zyNLnEfg&gGdqSUYXdsz&@sQR_{ZQE_-=Y zBXVWNsDF5X#F}kI;uhGyr_sWwrgojm7brh4(K)CZdEdi$T_=J`TXsX}Z)lrgI5I_$ zI-afUz2aVU3Gy)Ru+fMZq2{+guD30cX6W9T_4>-_LtjTO;2D7yFJ6`$7KJB2HokV9 zkk?I~_})KDET+E$MNQnnf`kHyY)SNqczfoj)qK<62T9 z2rArfZXEaJ1kK(&++*F}OzLZ%OJRW;i6q9hlhG`b6wH1(fB^t2G)s(Ou&7b-Cp>0- zB9F$(>7XHrjrvcd>x4Wpl^_|Ghhh?SjrOG1G-?Z*wI6T|ViE$P?v4(gpBs@#)|Jj4 zN1m83AN~kk_-CoEHy94tr;G?!QyEZE3#TMr_ES*4*2jqX;&YpUfk862ied6w+uJ+( zHqAO>kM&U0m#x)sgh|JWls5U7?F=`O5IxoaFyP&tr`QAHjM5>E73ecoda!k^RE zO19f_kVJ@=5+Uno9j8TkO2V5cg^dSEUt|ck(VPz&40l3gaF}T-aLZ64y1_h=Rh0D%YPM!A*1JE6H~tHx$-h$9Lmn(afb+=T7Td zZ`E4Yrs>OxXOZ1fixvW{hPW*|A9o$J{naW*=%){P5u^81>Bq2#YR}1Ohrh`^tt049 zy>g1`J`ehq3WT%_gYB2}VHs<}3k6$oIzN4m#&6kF^>lAw_OeOk3o{$U&+ zNJS~v&g>OuH3}mP+0AJ0iqrwY$)V` z!>LkQUQRdqM45))(J*tm11lvKJP~#nq>ugr3!LYlF8{F?McX$FWwSh?m%PS8)!#?R z{cJk89%K+_O<9ruWMgL=OQ0kj8)n09_J4{I3>u?dFy*D;YqZC%ajdhpOs~-xpl6n1$Y1?AQrM=4&N3Xa z2f=jz>=wR525G$P4Mh}}!l(1T!@qI3 zbtNGN_^hoE26Axu=2CTbyZrWRih-}8>|Ka<@hteuE%qq?Y+b>dJ?jgKV;@eWL~op9 zbUiPRmBS8;+hX(c6>@ECqk9j3`sv$Xx$Ma>GG@A6Gq2_so<{F_gZjAi zdK0~_WBl0=^4(*{v!CwVv>*HVr3(NNN3PFe*ZoqNa;hn#M7UPJh&2E5)sUnp+deLQ zn7I}nm>H_6!oblq#X0w_)`;Q(@7z|FH(08Eo=6HP-~Axy&+M_hQe`@|QzwEY zGZ))^RING z`Yl4qlHxT!y+JP?R>o6^`%7EFq+Thn!^~<(UX#K{;yEEb_C4@6KfO7#%AZC>E9_ft zQ|mqNgK{)7%=|$9fR{w;e-dOiynp4gYWzjMN)0W?j^iGaq$fkz38}3@|3!8;(dyyn znx?VcNOo72&B7X8*a1aUL_|cS?+DN6WH=n@V_>bb2_2KXR%Jd=V=UvEuT z;RA=ynkjp{&batPye@M9 zds%P0pFN6T%i43RmeY2|RUPJeDnEXQXg2>ji27n{rrGTD+PQ+^fdE2fYd_=p>KnrU z_Tr_>)tw%?Ygcci{6iN0SXZDOcv8F5CLs;=Aap089Bm)7E7bs&08f!YXYgiOR*6p1 zo6~apx|{r?*E6hBmnhKJ!6DXPfAPMUDT)7tHA6N}d{U>U8z_5Uz^iS7eHv%R=iqin zGe9V7wK*B2<1-c?22++e5a=13osXRK&=t$geX){c6xa7Y;MW~dl5QRo>ji5LjYBVd zAm<_W6R{zM(`ttS?~{j{`n?O}-NJR#?3y4`MFY8Z7|&NHJq4=*x5L(k{nZ}XU&tq0Ir*`Oew~;o(JBVi7?E2{Bc5(0lA+Zw`QXN3ykgF9~as z-rHF=U!O8?5Ot@y{N|UeWE_WJ8wzvc&H!fWTAOy&Ws}+_QJE4g<-4t-qu~@CWtt|^ zC>NioDsqJPL?TF)Wc_`#YFfO?*6a|BQ8fvTO*HDRtx6gou??~-@A%G88d?Q zgwZFZGt#fDj%|240;g_YYQ77FtStq~E}i}zvl>QdTAc;X)ia_r1!@g*)+lneYJ>t=Z=k8dMI{(N+q5d4*f?7feHq$M*k zW4J{0dx<+y3~tbHf;LMlL*QcQHjSQbn+{C-m)0X_$`)}`8I9xBtVfQ8<_+(6F(Spg zdJbyHpAPmIPKs$SzQlG2-mHJMISU}#q{skPi{$~;f}0NB4Y>3zDSq)H zYoJU`&zPPLSfZie0wC~#H2QT1dpx6rVD?I`FC8C6;T)_#; za9QTFZP=~9Y~G_A+fa)!7svgELDpLF78oGOtyI!(JU*W0KCZf+iTEtMjLDi+@kqk% zKX*h`+T*W`e<@Oc+*Sn*@UD{2&qLhKWQv;EiA&Abuq<}%#aqaoao>q48+C$qI$NH{ zN({ZS=dIM1q|`c_$w&%2*cfLBgJ8mTPz3hY(n)kc<9jptmlwyI$;QnE(^Gxkk8rT( z4@4aE%O0LFFrzV~VXNdj)pSX;_q8oBei;ui&^keuPTI$Ovtx_i(7mQw zFu>C9;2n9Q)L+x?tx?ZqJqC9IAs&C_OnUysvcUVqXu{fK0HO$KHtnP}OA-Bis{WF>dnk>kSFSq9?9^RBn z;>5r~08A*+gNjafexg$&4K1Kn6ss-*BNpD?RN~53c%$2#da#MJiV*bn7Z!L*Xm|6d z_qEU@YSitxQY5O1SXuSo+oapyE2D&G#8R%1<@d|B9>H_c5#-6t=>yA@ISKan#=@tG zF_85~bR>!b*7G;QS|WvGD{5s6umhS_0pcCxo+lR9e2I7s8zv>GpLVdevI|5nb(=3LWOKS1s*P^m*QuNNl#j}4 z@$4BSwI}x;@g~QmMWpo_^p*=5Eqz$VO(jE$ZGuU+j9c7pp59D#4fyG)L+d@=bFG_> zO!RlAN;BBQzda5ao`zgkRWZUd=N!d6y2_Kb#k!q2|5EIpsLH)RV`Q8+uX3`UJDl2x z$VVq-?*=H3k1bU(&^f-fdeU7W%RV*66xy1a6)lz%_x$>rv9#ALrEyV2&mezCYliKr zlxA_7Lj(U*rnC<3(uaMgsrZ-biZ?HZYv=->$Qr_ ziy1C-=xdPMH-&rY7FWLwl=#ynJMNgkTM7DO!gpizr2Oi*Mb z9O6u6OFcz*gU`9<)QgUfd{&OMgQlhcRU#{=N+txi8b{-o&zO8ye4ZLlZe@`^%&ApGQky7zzgr%o=~7ib1y8%(Xj>KdRtL z*9-f4KxK2<=~ksV`++*-!?Vhf8}PrvMDL$FV31K}M-m;qX?*KLX?ttbj2}Ir^4)Pg*E?B&BG8t+Uh1pg3H=Zu~s+lmb@O7~0won2_s$2U{Y+jCiW}O$2cKOjYQANGYjc-l& z@1H&ryr=1#6tzs*Hd8VVGOT)GMvgUrgTL+lks&p@dt+yB75~UlMr~^w4iry+V}UA0 zD=@!oidKLb{@1af;<5KMHs5#!RNBwaoh;s+j(kiD{jbPGxGaKS^$3jH0 zw5ulAY2Wt4Lbo^HSe{cTI!L1b*gFQ4rwD-_udRUSbC*sNR9-xeg^CuR*DiG>InifF zjm@Y2GmCqTlfOK=IJ40w>wa$b3t8@8X)3vuS@V#1G^J5~7PU%f9T;ISoP~xr@;@%N zIkKqhD(mMFNQ1%%QpTyMya_ySS$}-W-{;r6cZ0gEZ<;|vc%*==LG;OR+$f@)-{#Fx zd(wCyyh-S>x8n;v=RWTzVvV4Ra6wlOH#y8O+s`(O! z8Iz>Gj@o!jJ8f91`yIOnk}O}s zyOk#xMKoI5>dA-VjWt8QOGU85!C94PBhH{vqxZrOWWj8cg8HNJe~Qak@r zt15OxD6X!lvGx$I)Z*5iD%unvx5Q|54!!X!QOYJuZcjazflNBn#cB+|HeTt^N$?CHqSA_{FGhtz9l4(@kynl=^~l1VSQO>aljehMK*dNk z{V?pvz8)}ZPcOorJam#o_3(ZlnV5dc~>j&Gs6{aT=9dO%LP4{1B_aGYuox)ykGw3B$LQ%}q%I4AJ? zr?ZUy(%#>DlC}U znxWFjDaZ(eS3$VBg^!PKO-bAgR)jeZRL|<(-R{hdYY<8bc}U0Er5GAIJlsFgG#k?W zeW&PkEyPVHtJ*#c{@4fFqOpJN&VU>U48M|?lhIV7v;J0%fBUn3=IE2(?&3gY&Be3) zz3dhHdMa|QcPTYN2Ftr9+Fl=iPoOpsp3~3}&ub(ss_Aezs zId~v<_-yT24t0KQIX=^m167+F!PaNusKnQ8d@P&5F3*glhZ+KS7klOt#Ik-f`i;$m zO<1wR)QI2{|M?FLFA6rnqoja~4c@_n13j$K6Mu*dTqmZmzPFeb_qn1bKdU;6Dms6c z!Rt|~Fc7RHUj$QbDG(%+ggSc?tueZ!w*y={&a#cF_;?Q@31q@SEbOFT=4TeN5RjZ! zSdJVM@)0I@xDI{|u}@qSeL)jOYt1It-qxQgIjR6tupv28pq3(lacqu(YR)U^y52z> z6&<#Dny)zzx6LQUEYx#<{ymONb*Ei>5!+8)sgmFKIchFi?W%?)c!hcYaMLZ7A8z`O zx%s!}SQ)!U_HHi0PUhx|i)swFk<{v-<0`h`JBot}Jo`ba@Fcs>Jz=XSbHlq|9A%3^ zq^zPZer`{}W_1EmL%GY&t&uo&udtX3G;z~@$3NL%OkxpJd(=+iOR!m@AinW=SPxY? z^iLLBu-#~5?8@R8(4Or!)b6LFU~fFpn7dNBaF(F5BNXc+T1=|7?oHo1VGzeV*5ZgR z5gFwhRBUK+S&_?DR7(1ApR*SE~+VNz>C<#s&vd)K~`0kE6fX zI58O8XP0|T$Zbppb&p#Cw(sBSLKEMCq{1fB9t{2;)mW-}m7Y63ls(JoJ{^wMAlKW+$h8;=cg5S6=qd z>6#0P*_t3vCx{Jz3XKT4*|soha*M}!jDM<&Zs-01Mxluk!sDD*E$Oe7@f!G+-pOqL z0R{1fLVhvJzV1wXM1-174a=oN=L>t~w$Aet?vB==Hh#5HJavn`thjBhX}{UxqzRS0VcxcDclEEq&lv?9h>o2r+9 ziDt~d#wZSPy!R%*IiG~7xMd_}Gcz_mK3v(q$Iqk#V;PQio&8EP+TdiXsLKEo1`0<+ zRwTbYHQiEEnyBCuYGOjv(^~$>MJ+UgVbh-K&h*W28wUrsI(`9eSbY=`22_tOU(8HN z8&c@l_u<}w+=*(x)uGNfRd7!U73Wj@B&VO(2=1ssMg{;pYfcJUZhkoQ|i=MA*%(0X^fJOHP_6Zn!=h2Xmb(0p1kPB{NNo1b9s-RscU6- z+jF3Q3{f9k%Qy9kwK{=Z{&s22VhxxjNr-0GtiLaO{i+(!JEQkziF^O`+fg~f{g-G+ zEcXQ%2F!$;d_D2QDbO!rLyevur=IXgDzRz51G^iN<8k#XAm;R!4CX5(s#5cRqi;Ge+oWqRZ?`Z#%a&4cMTkBZoMC-L(4ST zcDCa2t2g+<5dEU55 zri-Q$`u_;L2r+bZ9Wh>2a>~#u(2N_w4WnWt-TO=sV-r9W+c(qt<$J4udgIvx(b=yD2UL=>0-ovQ+*);aBxFE=rDGf^tNuDc;s%19}PV%r(V~?(7vyuXC4UE=Q%_#iI0sfFD zd@S41HoL3W5p?V$CgQHoElAp_`pEX(<+;Csqk>)imfElQrAs!3smN&_kS~ zPxDL)vU5 znTK#JKVpZ#L{;U}J{u=WBv>z!2?nUgRp)J_oV4eAP(Rz@wQ10C{7ej*w zm9@f7lcr*q!*l{P@AU*v%mx;ENfWJR4m}t`jAnJ0A;~Cf$jFE%vq7jL(Tzrs<>2#% zH$)ZO=P_Zww{R^~(vyE%(3Rz7CkqUco_tO)fW6#!+1P4T3aVPkuu$TgW2CVm751`FUwvefA>y?j(WXNF1nN{C4h= z(kK7c`z4^Nv|8D6>!$tEFF>W)r7N*>uCq#zduQW?Lp1+JcxG569cOea5czwJWSA!P zl)&-U==qYcIB8PTwbFxYTzd&`_BTM-B@B!D&^;_L|2t0h>Z9L*sGmdj>hY(yn>45B z8}A34)+1?kCRbxUz@|t?h5CxX~a8`-ohl&GD67*y=?@d{0N) zztVI1kM5jcO1(AL-rTT6vOk}2S%{%%D1MAi6+_1le16Q0h*@wP6}Kt%NZ)73DQUaM zK#ffnQgP|s$+I*+>tXQ#sl@Zxb)!Pb2sPF>2?ci4X@zm_l2w1I2bUyPxwc)?-#D(~ zx|SoZ>Ug!)Gh}YwUdKt*c*HuO9PC}ZH^+R-tnEEYeK26ubodRq<6ZDB?Br_E>40-6 z1SsI{sx|Pd%174?E@DN_AAUn$Z@E#F)doK{44tmD=7zqJ6DccMV>Lss`KAWA3O&k~ z5}+AS`X(ueGy{*4Ddu)7#Y3#-{uPnnp$8P(`V$VCoSD*AFUN22Kd4c>gST#t>Gz7| z<3NN42+E2qE?J41nIsz}h};)syXTtt_vEiPgRvi(ACq$wr(A;cJ9$x}k`t~!y5JM& z2yY4x{c}|fQ+a7&VM8I3Wom_oDgz34icUbs0`W#Yv@gK>-CatZFE?I})JW5bpw+&k& z?C-=uaWv=DuH`{smuCkmT}lJ@h=gRd?4W6D%1rc>8)mJ;Gyt?=>V+ak?E-^Vj{qzAKZ9F zy(BNK)aiSOt;r|;xNu6nTFSFrCu)M9*xv{(QfG&}!l2Stvy;D5v7N2aLw125L=PWt z88I#_z;_m)5BK>+@>djjaabLo6MRu6r^nXql8jiyUj!(Clow^!wN%1uE;$n*8A?h_bEYN ze}{llYmP-q8eNv{ML1&w@U7pN3IKf#2uFigo5Nt(aW<}n<{C8(I zdlEnFk1YR}@u2)Ptow=(2SUrN&~Cb<20~;;J}IYjs@Sdie9kZ*AZfHf&e$*DU7lc) zfEiw#2QtPb@w?m%Vp^pi?0Qju)&q&Az0=`a`mnUE;lNiGXKa@^Oc=39)H?H!X8lYI z^GNh=2BZ7I`jDd_q@f9@?WV^dZWeBYs7b;Kq`dDARN$*~SOdF=d$zbgnG))$fe*lZEX#1cl0yk=#2ryx>jFJVO^Y22A z!W8-+^rtT{7qb`>`57%}Yv=o34yWFm?@*0IeK^=L>a)d3J%q5+IfhfYB}0aQ{o4IT zr#nJpu)3h{XCH9^CIHGj*fIH4VlGn}{I4Oo+^x62Ui?lTR{2-MQ}r9;#earFh?#Zr)SCj3GexMnO|a>t zsdW+LFdS;)|Lf5_SO44Fy#GjU^nYwO_dlp*`hWE1%yT?v>&?*ST6dGpI4^_znE+|9 z?UCc+;L`nHX1Q=--0nFY)O&Z7mzTF#d@yD5OKY!26Ydf468H(075I+wk_pGN>o>ri88-LA|CBT$uG)GpUR-iO-sO9_JOg zi==b^7R0Yj2SDerqv)E8I$MiQ$j|g4M7LezqaHqYf&?Ud*d%qle<$r>g%}izb_vgP2md5~UU-^ZG2stb4%iH`n z{OX#HH%8NOV34ifTBaBY>qo?hoZIT!_s-*~ytFrcYCdcsdsSHd$5Mnwzx;Gy%O>K&W)Eg4|b2LFY?1+5>;oP z3>EzkR?0K&KqmX65n7XBPe;4sJwDVNpz+PeXGH}(q%L&KBHA4ftzV0V9^TTe*)#Vj zDo+F%e1Ve%9JN#VADIRuz<()gUbyf$s-fC*KRwS|_fVT5)4|pR+Lg2U`gwVQByX`u zCsj=EmCZGLA~5E)i_w`>L87OieFV~*&E%0?cbOljzui^({qDC0C1*q4%VAczo6FvO zm!Sy1J-sNSex-hF;F|^1@%OG4d+Wb;(h&4A{@qJx1%DX-N#cc_*|!n}{F!7i@dS+m?n-P#u$$=;orvp7V)59{?)j%-p?_!9_kT2O=ve$@ zi`ZWyyycCpHrN>x*HMP7^3kK{3r5i@nB%6&w>RCDJqRYl?S`M^W2>{ObOf~CO3kc7s%-pDk8@IEj&57Gt4#u-0gC{#s618D9hyO*>2a{iYRr zo7m={UE~y)X+=a3>RHab17iE$Zwga(Cp*aW623%A? zaIrnrKp4n!e7@(66BAWh9lWqGW41qXcyynG`)W>rpOy92a*M&hyZ`Jia(;kjUk%#C zPTm~Qxz;n9t>ZyaD|{D&z(k(2)kkL1XNuOGIoEoJE0yi9t!3=$kf{}v3F})anKm_< zaaC)%qE0ZlNOtpWT3e}Ot?3G$T~9y%?(P@9vk3Nct*^wVzZMZd=exU@I}ENDNTp=X z{BhUTiy67N?auJi9h)MgO~$8p4v%G5`Cn0VUED3jL0O+@G1b}mEoL?|a7@C180KtX z=ghCF@%t*mO#%kB^2jDjh&&HIsYU${rp)&eV6wiyrs{f7nDDCXj4Vo#er%>%^< zA-BW=S}98*%-qeAqK9}Ee2^i_Q6tOA97GI}A-aRF1>}cVrLlfb%VX!`?!QKwc42Q$ z-lRR)i-KaH?E6DVyN&LMe4W=WmTTOmt}oQ|%ma6;6~y~AuG#!{#)_QrBTVVVdp zZ&j}Uht${pucZ&VdUVpi)J=hd1zgN`w(o2k|L>Mq|38|R{QsN(c9j20*8YFqEQLH$ zhtj|AslohPQ}4os7j7HVLjT3TkHy7FX4XJ6D);ZJhctjjLO{Cld=U@_toPbo0s?No z_3uwL;D81`7U8uEd}yGrf5_i*-aj~qYjDTg|Gs4CF5D55l9_3yuU`ioGH_0XyYfIj TDWd!51xj*i&&!^@djFpQEuA5q literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/manual-guides/mailcow-netfilter_settings.png b/2.5/en/assets/images/manual-guides/mailcow-netfilter_settings.png new file mode 100644 index 0000000000000000000000000000000000000000..e287d0a0c69d4d251598d4d13936e9b565fb693b GIT binary patch literal 52622 zcmeFZ2UJtp_dm+$jEpkM44^1279>g+5TwQd6$K>>Rcb_#4nbO|iH-uI0wMxZBZGi| z5NT2ZM5)r7bO_RWLQhD$?%e=nxkd*Wnx2uNZN0anrfDeth-wKJXXrrd<;F-w!@Uy4qZYog$0immi&ezx6v8 zS5XWP!|o^W`$4bk7Cu~DN9x&sKQtrXIegB+Ahz-(k6)9;2^oU)FuFbVa}(85Izj& z!?}HtFwO^ohYb+Uho_gP2vpDUs*7rB$+fp1)^f4EI4x78ddB8V=II5fkoFXUM631HnnbS)2 zB-n~f0MIl+{ReXg*uRm^MFMyEevmt#%o$%rra0@_jUTJuI(xFOev3{vp2AiK?1YZI zpid1r2Z1+U*73oIjKl^{ii>=TmN(^bt<7pV+Og01elj>x>7PpA3?#AoL}<>&)Ufhd zInSsgmTF>GCiMFVxAzrytZuj%lfwA#bE#kT1n)fC2HyF4NohY9*X`4eNmOXpRMweN z88zqO`A%_`zFt|Sjh14+*W{%KqR`PllX=aRc-~BMTC0Jrbtf`4o~iJ(_&6;-X~0D0 zDwnr8WedrQaDSL~url17eCqgvQmP{;hJLd&Kjx3^_xE_y>MP!wq*&p*{^ZH&Qw3VQ zuaZ4)aEit#BIG*IbVd_b7Q-0kALj)HNg&tZLwsenV}Ulv>jGF)7DTwYS; zlrA*CH1+UY)#8y&HJE2W+4}Nw1r@Cy*MP~0R84sA>f=VS@S5~hn}=BxIv;yr%meB& zS)9dFP=7bNsN~V8xnH7wmQiJJ+e1`eZu>R1N=v%!1drVM`?E>|V^k$%3GyF2rd6~h zA@ds(w@YU6^seYEpLs{dLj9~!px;Dyu5nJZD0;WIe}78bYyr1!?=UK?WpZ3IE1iYN z&O{Ztg4W?^N0bve_WJLVD&sCR&oqYe`p4^K6_$RQ$ z8c^c(XVaj0VdFnV0#^I;_0-{S&s>NEdgXC~N1lE9`=q2azqVg#=u9`tby{YXLwnC} zt~PWUxr~3y@?DXY4@7t68HG+wsOEu&mlPIQ?R8t=?=v^TXcSrRBW01&piO=2)^X<1 z6yy!HDLKD_p^7u36J1%K{j%bNJ7dzu3HG6Wkv7e^$GWtM5YN%3qw8dD$*I?xwwa`3 zmkUyWinT{bcmv_ky8|1lD!(l0J<YipqJnkrr{D8Zs)jj1EXv z|NHC80>~_q#N}!om+`jo{Eu5X!2%6DNOgr{ka%uMeRoJ|j=_uUKRi4WyQJGE!s@5I z{%%=wGIKu<@3v~r_w{JR33976FxOywK@3&puY?P%Tc0}lU24nCL62SR|d1zc=wQDjpCEbyBaX%1$)yY@+^#-^sG=a}OwYU0Q3 z?d?~=D%-kYzoZ2yrZWaUjc|XwGF>l7R7JVpakHLxjh_;VuMNHQ^_)rWg>^WF`r(4C zT;A7jXL@AgRerI(sRIN|#tSQNNeDl86HP=AL%z8x00!V{X>&R@w_0Zxd+G1%aPyeY z<2Ur4>9Xd*l*bg3KP*UNlPh@aH%u}%=V7o*fBI&bLemkC4&pWE=PSz_wAlSA!f1PW ze?||{9o}mZd6y)@AX@K7Q_jn8Z6cz!>g#4bbX}VrHdgqh zrsr9Tu=wLbLQfM~k9Oz@CRcv9U|Er4k^ct^Mqbc0*s;NBNy4Kb!)9s6_ff(T2d&5O z*;gH~9m^$WO&il_?egp7bkfCoyIj2_)!?)=fjq+QWoCX@7umuh?f9|6XOy_PX4Z4tJ;@}?S_l*2}i%R zkJ73PS?j9xCTsSbZX;Eq=5|Gwj5Io1G_W0)PY`m4*U)r}&m!>F1n zuNujQi5AyDp0AC|w_-#6qsFGJaALVuQsqxZ%b~JZ5e6yYq7)%^v5a8k*lFtoofUiK zg*-ielekZ{|M|toET8A}GyQYv)3f~A8OgKQ-A8ic1ZIvPGOL9A7;b=GE@{)kGX)nH z?t*eay_cupR~1#Jdi8cf_sWCDvi1l;*aC&>c7(9kjLJLqAfZR&_`4 zTd$HF+xuQ_w)olrJHj~A#;PE@tKB>Jy8QK-E0hA-dRJFp1PWz-nq2*prS8t~Mek?G znxMCy1=XjU;FK)p8ZY8{&@yH^_hyo6WT?MU=SnF(!&fnoXU0U)^e}T?jG~*@q1oI9 zeXNbC@a*!5gc3?N;3SKW?z^EefNSkk=cTy3w*05BsF;oXX0lbS`|f;g)$V%e81jd4^MM^@ciJLhy4H4(+*He2?-f{dIZ%19dlI z;lfaXidan7lY5j97R#^Yd=YtlRf+)4HNm{Hn4Hi648q6E&Apd-J}hRwK9Nk%ISk4V zwQO$y#-aLc2?b0zu*jQeN_Zvr!=|9m-rab3YR8I+4g7bG9)fFVUvXITj^vD!qDd*PK3(e@EeA8}%1T4( zV*@LnYX$l>L*Pl~GRc8>FWUgG-QwArE+S~KpQD_D6T7rTtMh%YOhFWS?_rs9C5g+O z6nG(I>{mEuE$l4KC+dhI(%g4zm$EgO(CpNpc#Ggmn~7^x^)44@Wz3w1*({d_qtF7V zgi7=XxNrMrU%knwHy_1mGFkcR-e&-~Eabg^brC}mvlj1xq5Q5e-IN3!%t`y!WTW~% zV98oR6W_Ga6*Bp-x$CP!&5GK6yJhU9P?`2Go@W=2PvL-dL|v--Ju&;}H6fx=SLbx* zZU$yEB^WA4vN2y)#dt;ntNC=5i(7Rt_SWJ4My#0Tp0gV#2RlX>DL2wK_^Iyg#bCMY z%zjhJd*KbWtk6ckQ)sY*xWR+S5p19j`6eF_XyQRq{TOU}y#JC+@ZAX?viSfksZwa; zbdKwlZ5oE<9i;m9@zoPwBzGZi6|fKF8h|6S7Y#43YJdL!rs*D@2xryifOkas|MH1tO zdxZK~H82c-vVHy6v*aWkt7Xvk^9RLX>z&t>UQ2RP{mX)ChT7+mkzb>ndusb+BuaGZ_bcf^JZ&$MDlPR>QGwa5w6h;fJ z`&4snv&sapz|$hw#{<9OHns`H?9BM+#)yp%QgV_aH0$4Yv0NrU5J z%$+c97~XwX5E8Oc83$faBDR~09lu%sm-;>8-RPmA$XcRzt_jJO;BjZ+_RQKH09EcW zRt$^6;l##9OeHB=N?w=JRl)t2B=0mIxpnN52tP0ySC7x!s2U&%sa@0vSsLmtEF0I< z9Cl(f!&jbPoBru#)#~lhnxJhJx3e>*C$H>iT5(6G1<%*5O@7ujLv8O|v&wy?>h0xL zX<|FB;=A-U*PcMlp*m`ZK7px@K}27UC_^knWe9d3ym{Wdi3Fg!$|l~60n(KrwG|T9 zXS*~jnZR>g_+j1N%Tn(re$_QK&aom?2Kh}aIXi6E=6^nyfKm`t}u(lMj^dQ9Q z16g3CuM%=i5y33S)XWj(bUpmG;t^Q&;Y*4+E^$6?wJ@>yMFwxVdqRQc(ASX9El8#< zjjSh5ETi#cd2(Bo_injCxzA}W^o%V2P9R5C9hGz>Iy%u=%z1JQi>V$+8pJV_axJ!L zd9TcNxfNt&eQHZx*IjU(X7r=cm&uQK(aOxh-Ig=Bh{Y0lgt;$u&1!(YqC{AEhs3*R zor%kW3Gc%CbQsj+@VT_Yhu&JNQ@qb+`c5-_4?~Xm@i@7vHtMchTRF|;+|9Q+Y{i(C zL$52YUln*tr_C!IwR{dVxXPEacjpHNWw#?S8z#22vzpP2{8P82BZmjX+BLirf3~wB zmW0?vjR=zT@?tesPGA~6u6y!LjxJdneX)3rd!2b2-LV=S)t@+)fF~3=wowdB@nuOO zp?+TUJO|Igr%~!V1WWqwpRD=&C_42!keRqdU%qvSgK381 zgWfLc6gfucPt-E=2{a=|N1wiI{7Y1Nd!t4g(4ng?)m|`G*5XpKGE!jWQdL$@xHfF9 zv^ajA@T{ux<1mzaaKJymvUC)ix(n}VHO?juAH(h}xmO}4f0j;3Obl-yJUUK${4UQ* zT7-2B8@q@ez%(^R*yR=Wc?&r|)rY=HO*1d|s_#@1RGJ@1TF$*q$X9JXFY;yU(#6%4 zx|C7Qew$VE`yP5}H-Up4P0VRj$uOIP~W?K_ zs{LyVbw(1@CTn}7<$jy-#IKQ6k3=5-Wm!60@T?0~yUUVe{xKqmF|??zENvPw7@r!p zdDm)|y^WqN)KcH{yE<>OSYuunG3^sPa1|T0_ODvlC_YU9zQ&#t<)riUlA=hx{@5g5Um zQsicy%!KGK`fhK+A@(p<*Fb*=cjrMWLI%tO&aNW={;DRG`!WYC7MyC_Ub{ z+!jYV$t^P~?Te|ECh4$dD&KaSvlL1Kd|bB6Jo=|pWvmfN1N3-2Z3XlfqGC130Fq{W z!Kw*n&_V0WX5zcE!zIpdo*H`l+k!?t>LKY&D(JH=&lWn%lQmmP?01Pac0B+pna)-+ zlcQvN>1$JveZa&rGk@lM^;ctIRt3#xYYfeOck-EoCr)c}e#gV_qSx{iZ*V4gyJPng zbP&OS_aqL6+luk^BQrMX%#wP-vuG@AZCu7J5BIBc$StnJY;@v}{KeuWD=S}A5k6{v z)!-9<-Re^5+|74rBiq)v^Gfdd>uRmpE+yXFa;a;4e=e~ecjYW>p3;&yj1<7-0Rk>+ zVtpZE9ZEiK^7Z}ov557X5{~q3e#*Vp^p7r&%pfry$+%5e>U+PMA@j52ji%(@8IgJ~ zrI#*!%>169)whuRaA9rZWQ&wAO-4Q7D`8wxWm}Z2pP%p1#__y02;=mViYj2pzmf9U zePZY6@Q5RjzN4sMQ8g*wf9&8zEI05OPj-E!nUX!+KhT_OiwCtx zWowbe(V~vD_7o&NqhRNo@lo%ON_Th=3Y)~Slpke{YbsS>Kf3bO#tcv_Q=XE~NrPa+ z_r2}btPhcZp~+T(j34M>i6YC7&tpT^!o<^#29&K3 zexRE@;piFVSOM-~qscei%-ag3WN|K1mZ2IS?Q1)M87G-GEqaHO+#pkDt!4X>@YG`b z^2sQP5*1XO`o4J4)Hy_y%YXrJw$1O_i@t;Lo|VO*K_r?a=kl&=@gI z+So+R3B<1jM!6?%=1adYf!5xPN!JM6s)Pb7aIMYZE=Of~;Z46u>ws!sav}*qNt@vp zr@elno^l&KF`YE}WL>vsBba1iEBMS{_dMTj;|`SzaG8K-PH&G%ksISI_m+oJeSe&_ zx@$+={9nn<(0V7B;Hr1o%J~$3c67SThzZ%qhw4$T%zKTg1UP>w6%|%q}JDVDPgx&v@&dW zw=3i5Vu;PgU@c1JyT9TaQ}o*kHEf>2gZ(~^;8qSQ=z_aIv(|2ZU(eAb%`;QSMp+Qj zvmL1d51o$D-RF!ICzzE7tF}UgwsaQu>_DEgE43<2*fnYM4~@YAmqIJ!sHM*A0lZqr z{k`y%vKO9~c1L0YwA}NcPW9$(tsM`n1Tj@imYg{9sTC_pZj3O$Ew9SDM~z!1ysV8` zOAjU#Z#!p6`uY52fvCdJV}Gr+Ic^EWx2n%4VCHyhi&=!)*sW5=Xxu~%pg(-Hc2m1v z@y|`9mi-Ymkl3FeB2^X{Y;d`jIXzpr8^CzDwGmnPavMGXV+Kv%^dQZXC(vsfVbn^% zbz!q*Tks=BwcVDLM6Z`AGs`vUej#-4BY~laumxt46gzTz+uH}jHb>(Cax2aR;Vh)Z zD+V(IJ_OK?yM+=2jL}aUJZsix_G5Xk5`D-!UdZCc`JU&BbVwSIyC!#~4BeK%#ITqNPUzv=pQ(OrF2dsTlTp+bX8ZlLs`%4=g*KEf z6K_imrYjNVspwJCo-o~}qBb~XHOro}eB_#oWpz}(Pb;%E{iKf)7%E+5pod2;3gt0% z*K2B=bPS2sn+e$1_1>PG#cjdbII-~36TO`MB|98vRZ*1C0cng?E#o*w6O3}%SpNso zV0uVq(7DX3td$%=sb-f8EdKn@j1Uf8l6)1UAYLj@T;LYX92wIu8c(sEyJXB0IQh7N zP&t2LZl*I0XhGH$$2cpV@u^jFvOk4$CcW?{U67XjTPB0j>qdE-xmum*S?=+JTq+97 z8rk?b(V~YZE$m{qC?6TMqE3%liWhm!=iQ~h9qmXvy$)u&D%Ag(3PDYdGVAye^g3or zUu_TeS@0o()37xiS-UCNiJV~II@f>`{o~!!yLqgTRYgT3UTjrc)dhzyaHYYr4999(&!PK7lD?fQA61 zqUJ{BryGDiIE*y$t8~=At!JlVeQ3*xM@B|rpoDK4Arc5b8oHNR?vudZ;c@KufEuPsevbQ4H_>;@g z>CgM;srHGOorV!Q8b~+%s!701WM`B&zf}Eh8fu2@lmnfYNnaM(oh|canPeLi?cVYHgT z!kh?Z0j!#PZM9mjudw)l9h(yjns+n1uz~BFZ1;L3FfA6wsz7>Be2R;dsX>tsF10o zidkCmN;)iW6kAd4jCi?pk22fK0$#7&xw^eztNO>P!ug!$x6VaHZ4rcc>9yH$!cz$+ zvnR^yNRkzvPK7}^Qgd~uN5dI7WzmVu*1~4n5-{6z!QP}*D2qVd znHNf5C#Y;--qx^IERQDAXUF^fa>keDYZH2IdKCVO=3E##L)iVa^z< z^=y{Ic(|M#VP3z7k4`xvh8KXRd&XDzBW@opFf6dHoM&}0K0g&*f5nWVZ#I$Sd86qgwV7e70 zxDAaQ_Zdbr5<^*|gm+<`8Jo$o%js<~89pDY7|V~!B52J942+_Rz|xHSavg;*Li$*j zoiL6kRWcyIzD+i78IUDCfhBLnLtRzG>zFaVVe)jMOc@t?MR0-@;;}xLN!y6-8k`{h z+)Sdd$n!b}TUfHdM&Y0WUT`qCW`|wz!gWV7Esm;^eEL)&PmE5LrpFX!w$hI>aPOO4 z3x<-2%gX#b)V*{M9BNyUZ|U!wX3Nve5B{D}n;-o=)|NdyrQ9V``sdv&vkLt)4&9hn zJ6d+MDc!1EgXDiMDgDyNSxSP8m8OaQT1oIRiLYd478z4k6=UarmW6wQ%G$sJyo_8o)nL!mAurVrz}HSF?Wzv zCQX1`1GSQ#avaa1eYSCn`vyqims2?2@WG<5{}iMuagmr3r~#Pc38@yPvg4kTXBRti zYIS!{N)LC(-OA2MJK=HB^jWuXyN6X^O7gm7#v$XgtQ*K{hildxltla2dLQJf3%Od> zwnT02N5t%$q!jFx0^Q6l;RjyW=7_d(gQ!SPDXYrarpgAPCqw~erBp?~JU*L)_8~w2 zn4EWY;js6|qfgzCR>mH#*YY1r-i)V0k)(oP-ur1EyvKuo*3M!0slPIvIJ8?Q8bcEV z3qQbr@@bt0j5sA4k8t`WWk$YnL^^c=G+o`L(@*iT*w1x82{db+nId7FMh{)rZa|X& z6cBFYq+xcf7K@%qv7IBGi4afQn)x^@OdlXpkj45=yviJfdw|79gfHIwUYu{Q&x3_p zoX{1V3OTTt>gE(juus)5sB#M5BbrU^y&t*$XT&CVCiwtg5zg={_WwUOvigtWJhJw5 z4n0V3dB-;OX0uNec4*j!C_fZ*iX&{oFOh(alXn0Lo=Y!E%!%5-i49rHBDK6Oitf4J z8_Q1`fZlIaMrM_CVYiPVC?G$RXDcN5$w0Z7$PHcc`}IuTME(2&L_J-rq>$YrlCmJ@ z#y1O~vqbDJlr$UZ>>nLKfdyFUwSCizr#BZ19-3yQL3?9|v?W+)xRn$2Qg+HI-_TDO zcoc6=CTCdEcA(eC30J?0K42g5F+nd&H>Qhj&x)I;yqD~UvUr>sUp{8rc-U<;bb7nY zrf)8uPbyZ^K2t{!J;cLol&-2U{@Ao#`S@#gph*t)#SwhsWT$R9v~6aqIYU z$!N@Tb|I9#5x#Y*60Fq{78}7n&rcH&#^D|Hfu1%Xxljh(%~| zhUbM^UU6b5h7J)fe%N^^!_;XGm#g+64SgD57jIF#gz}psf!4#qLBT3ld9ECZ*bS7c zNjollLY1*;WE6eYX`@(U(;WV?v%sltd1sGV`6n~!Zk-6R%s+r|Y z*4ZBcPg9GRMi4*9kyTkJipRNlWyrg2$gB5NRdORmKJ$P1aewp}L(5yOPL7Xfc~2}l zh}R+vdpq{l>C3OGk(g`U7W1Q@H-V^B1YKZ4SC4Yfe&Qj|* zvO3H*i}oh;#W0#$f?m#$OXpM~T%0_`T>01>qh%e9UB^rgPVb^r9Ea998z|S+ez05R z{`BK`uZ37JYYpb3TQ^tu6X8eDsJ7(zi7#9Ah(zk(J!(s-syJ&qUs*8W216$>P{>ul zO^-3H!u5-mz^W_5^MS|yj?aX>GSvrf6#0RnnYI`|b6PcT&3Iyv@(%A|#C6&PSWDwN zg*F#w#Z&e*vk%^JSprLyb{cEkdUG@4 zQrR^q8Z2AN2gZ~HDVLI`auJFz1TG|y8cbgb(a1FHA=yD9|6JK9Z zBrwxh)6=j~uiMNs)SCV1K_`qHf|**LTY~!kqiqd4sX+TX4H13kYlL z&l!f|L?+7aUo}^7n~r9e74o)q$*vPLRcUtt+S4zA zD?5Ah9+vm^mHjKg{x1RIZ|wO1t8&k%=;&*+9GzWWe;yr8 ztn!oUXmC0!`F1}akfMS_uYKl*psABl!YY4-aw?o3oUXh--4p@-2woYh4ph9=+Q4~z>({W%rwSYJ#SnM$D2Rcr@yhL1i@yoFZdzHDlRB1 z@2odN$`OBX#<3uPMbj3WAs7v1W&i1>C=2LPS}axfUwvyaxB7~TivEPMAQ;AdwY??Z zxD9q8sIiVDpgFyCSF)RdZ59!n@1SlmoDctDq4?i4x{G4cqAGb^ELOi$C7&2>Ur0_W zZ|{}qeh)P^ai{Ru@fQjGV&8+1c0%|{tz7`Q#%;dS<_W9ZE~x%*SGCluDa0}ebKw(d z9IgwDs%^pBTw@ww%`@@Sc;!Ot-Gcq(Y<{D-OxzJq%$s}xDHLu*E5KhmjUOycD8fuX zl~+tJ2f$tD+WXm?99f>`oWkRd^j84QFfApI1uT0sm`5!=f+(D|?$O=*(>#*gLht=1`HnPH28x*2dg^^SHnQCyqJ|uN)o@RWO-m zJ>rhJn(5S8P5j4T-53laH(t+%_lU>@zViG!1atl`BBu8FL9FLdZH1 zOC@W>MvvEO1~Ph#*n4t34BXG5ig(!yz3;rt_d(ud4>DDCla^~-f0!Q;yc(iZV|Q19 z(;-$$ZXL^xA&e*=brkm~$Ebm<3R(@1}q$WPskQ zVRjy}DidE99Ew*VYpN$0bRFETFU{oxM!rwmzu!>ZfMIMEf^|{DE8a0sgVMOJ8h?=HyH6Cw5QWs_Rd;d!l(E9G~ zO*{$~y3jpgngi-MNa<{{ZQ4uG-r|un>s|42R4hpWiq&blp8F$-+Wo=hL_wNAgQ6x@-LRB9%OfL zd0okYGMphqE03mUo|4Je1i7jdFh)9YLbNMprM|r=()a!E|9I979sdb=_5${qCwhuf zboa*18HYR|R7@Y4}Vt^xY#LpSs<>d)L=j zNi>P=V3FYYm*sKJpdK7iP*V$99w_j22v<9~9s~OBzPLT!SK#)BFVK;q(zl+p{Ja77 zQezPk&$)-IQ86)x&i}_L&;#%NAoKqM&iFqHjO6tGeWIG<*eqYykF z>ASbVNUMS{BC&06Z@+PZy#W3E{A4_*VCbz$@A|`$sW*6}wG=!baZEz`H?TFV%Ezg) z)Vpif*Rp?&MC#3pfJ7(UZtx0T`SQ`b9{#Jhgv|Sv&0w?LNsewmz3c(G(avc(*nrIv zdS$l7*H!)me5@3h{cz>tSbFuw)VJuUi3Qo_H0CS3xyOls`%3SX1Mhq3RDLZ9t}y!o z9wEs*uMU5nHEo=n*Bxt*S-)(qQE+$sn_EX*?+j*Tg(WI%{y5M^N*P=QS(dQ@P;-(h z%-(B(?G?1YHv2vTuT3KQ;b&eU1s#>`kc-hAG?5eNWV%G z_Hl*R{V#UQ(Ap>O(bQfKJZDU!sodI;$_?y4>4!Gk6&o$frP^V&!E9^kOE4TdCF!bfi zBr;Ji3kf-L^!SOCckUSQtWD7*h*l2$;yzlzyyJb_fYONip$f$tae*^qYH*O(7T&25 zR?C)yg_P1x28mE3*25bJpTVG7FRO$5+RLJwbC4k7;$ljF+^S!g#QjhkL9LEB?Nuq1 z*j>BLc&p=fyS;gu^Z6=DQ?vSh<(Hab-18eZI;6xYa;@rcabts(=W|ZHde1TifCqMW zfMI3N5YD5$P)n%|u*dW3h_Wx3nNM@R@2@6^J}V)+Q_(Jn)LrsQN+=Q1a?CQ{&b05X zyxnN*%D|N9xq{)~3oP~aLJa)(>M#&?`AR2@cdenSyswVSJj`x@F;4$gT}2K6~=hGg+?WB9i+PRiGh*DX7{I$QBvj-nseNT14B}GovOaL=;UiFUVQJI zEU=HNaihlP=@+8$bq9)~Q`l(6bY|6 zew+bvsj4CO@#v`zIUL$y4GjCWAv>8}u#p#0@FQeWWc^N+fxo4zjk5ubsC53vwRq3% zk}268pJ%Uu2H5Kgf07}P{VRjAQ?_|v&+n*RZU*_lL8YGSB2=7EfYi-={W|bGLZY4( z@4c5RAS`{?))c2QP*!uC61+0ZW9YL?pWDU1t?z%fD zmFK6p96CITBO4O}jRN?Q<0<|nODKgWDr&c;Cf4SN6-L`gQpZ5$AB;y2mV)>FWdldM zb98fAcj*%w*MK-L@pRJsY{`v)S!SsY=hTnuJB&RXjzm%|E^DB`07H)m(N_dMKf5oh z#i>zVS_JMX$mRQGlp}#+0@TuH`BM@5)L8JD75B}zEk676GmU~&ws}Q)!Vi2bm`Eie zU)xMg^!4?X`J103tz90wikV|w9ZIX{%=t@*F@E>@`P|CTWtABwdqEI? zGh7wO`TRBP06&sE!MYrfg&cg!O3Y674W8QIVOqVsJN0L6(f#I!o2R_7_ofJez$nga zslV**bfKWEQ+gkk9ovRl&dP8TYc#bOk7V2=$)Y67A_?NNEkUmD*veq=w@9Easn{Hg zH|&)8Q}wk7WHr@h4{Ibf5bQgUdtv$Ih&U=r`g=rvf)9v3yO*pysqEBM* z{w-|z?*vVf5=0^))D%@IuxMFS1T^-v_;SE1*H@P>qypMLE{_AUS+R>qK~XIQEOi8~Z8DeR8sq%jUyaUnRa{c`18AMlOy zP2Ru3l^s4n{?_-kQxd*{_WvG^YfN)y_fskuA(sgM<9X!fv>n`-kCrIU)Q#_O+8b=p z;sxpj3J>xjw}T52BDOH$@1P+X^;~4gdXGEhBy+jIVTCIEa#)iPOzDd_!nE;gO;W_M zQ9%Fs;l1eFIxv)4eepw{3DMs{TC^tA56Cuh>HlQ)os#{^e%2Z>co0pk-{0R2i==0s z@7Y?p+y9Td+2@Tw5?CKR?|}$(a+s;(0g6#8M~v4OXP%2M*inHIrU(z$!>_c&1Tw>;BZlM_9>R;)K#9@HCSo z3aPs0sdkjD;s@#lATLNA-gxd!Q5kSw#7u5nQKJ|7ZGW2c4qW~m>+5^$nE3j4@cga7 zw=@epG8f;<3lW9uraUfg&8LTR$kDYn6wQ`HpmCY96B;2~!}gIG4?W!QdRZIcpIw47 zas%A%n7V*~#o-6PYf~`qJ3hIkE!9*QI2>0l4t?0{Cx@90-v zgDt9!$AI_3>cs`sKaO(lPbfCH#YoA%WvfagWc6Ygd8?0{;wWvkyP4Z|mZo3sOk1nb z?59?lHxf5z$&7^}(wvAoS`Tjr7O(jy=+D;nEjrII(&PUq8qOis>uj#OZu>n~sapMV z+q#RpYAVlRIq8Z2-NB}#c8-Jltq$0VXcCXVVV@&EV{_UvR3BKEnoQRn>J1Mqv)$B* zMl2CEQ=@gmQKOcnfroz!l;$t?MJ?5;;-T~_vNZ!N6jqG{}GALdFRvp zm9OI`^BAijXUT|y#XF|@Y2Ojobs;UHgWudxWSSTZU(N*AFIaxUwikNrmg`d_%}4Dx!EKVqnR#J*iaO*oTaA zlrdm9ruv6b$4!O^YM(%V@bah0Zqy$@Q~GuPW*u9brQz3wFzT13h2!FOeidZHd>!ky z3bUlAwqtk+{FO#LU0G=bbt&P#j6s^ZiipQ7-b$I3xPlL=KOD6(9%d5quD-~2lR4-b zQFS%VUR5Tx{avm|d4J3m9uwYCtY&E$o|3U;xZM~waAbzsqigm)=Bc_LDUGN8u;Q{J zu(Qdc`rf90N^n-;B(iRMKMg}2pHIEJ>ooqAqs|k!?wTM!q~A_q1up;Xr9JZH1CRAnsW~^wpQLrjmA{B2i}8;v;ph zz|*SyN!%+b8%+5O)zdiM>gl`!Mm}LA!J>FaI@D(hA&FEs8l9UNhPtXUXWG`gei>LT z2?yWKLWGWgVNp3tZQ(NL0tOd@PWGMA`%*4^df^h6 zoMw=Q`0I}Q?yp})8QD+vbCq3I(x?X3dYV2FSodiaj^F~jpK81N`S&>s8kk>W9npRg z)%Vke_OhW_)`ReGYJb>B(MKP7T~=NRR?+%-aik0)ru0O8I~R88)LZhf8nv}-?M_h1 zhYnf*KJS!?r_KCzPyMfMTAq^?13>E=JN&kgQ#6+JOcAI}E9s=4$>596{B`Lz=DHBH z%rBwSL8boCV(Zai9V^UEW44C{+y38__!&$QHhP?{k)IRc!B!Yf1wp z*?e_7;9U^7|J#Xo8sH(pm9p?#{bD)1H!vaQCkwTUeFGA-RD3!{oh3eZ6c{_AS^LT; zBu8}cujcZ^m|qp3_k%QYGs;<4e5N2l(J|^zBI!{8i8U7xa3B&;@=L$_FsS3%<7rER z(YQZUcS1u6d{akjyi3e>(ao&Wr#9v8fk3#vVKxrTToyatqoE(XF^WtbcTQE>Eb&bq zZy$CX&nSS=|6H^L&&`92*&Un`^OCkw^7cr{u$_Na{l@$5z(8B2WWj`M+A~; zX|}pdg>S%BOQ0Ouj0yGj(&giYRp1J-^orA!DBjb^eOUXplLcFHeH`%_<+P0@ z-2*Xc!BEx1={V-g)A7{`r}{2@^?hmez!>6hN=G;@v z7UZ(iG8?L{veT?dV(oFV{W(wO&vf)S+uj!930-Wq3!FW_8{+Z;eV#?ogGsxz+v<;= z+1~DCPs3q&=iv6z%UZ)Sqfe!pGjCC%Q$W7SsT%10Tz|K}{+P@8Ay7gVR$hQdk5{D# zMJcEYxZ%KTZ^9R6+qd@w#L6$bEN57fceZse93vgvTG2wEQ;TxNb$Xl?$zrE8Q}6o0 zqQ4ABHQi8z>5txE2n$^dcFxgb7^})~(7bO&GzeSI_kU2%RSIyrZ>9(#yMK1Cj@!K=qPHs9C`x4|nrh+%Lz6!DtkLC=jjVwLP_eacU+KPeG@ zLak6UhyA904H_qnrzn~}$z1ZDD0IGNPqO`OFgOpoV}I&f7m@FY@$8cNpThV2&%G|} zG%mklx_MeAbL~UG$1>sQyJyKU5E5?;%}D`ZJFKGWLeIKmgDW+!qs=VyEhDp|=5D&q zOM75c`i?G5jHOgFRMRF*=CAq52(Jdw>^X7h8+$+JDXj0R@p31yG@&ID<6xX%!a^6Kgs>6W+vd3#jTYITo?OV5 zv*e)Xi0Caavu_6pr>Si3>|6;p9bIpkWD&hf6Y=3ML&5B9DI@%|YpU4kv3HikT(GaF zjF^+ZXJ+f}z*mCq=z|QL@jNkbek`|sztu9{Q14Lc($4S9BaPX)KF<=~Iopbx*yWwm zI5?0wAXfWpKW2~LFnLsJ1SVnf12NJq3{?8hMZ0qJ%z7JQki64GZzA!Ch&rV+Y%)Nu z>aV6;)4z5F+ETu5NT*GDN?=fwEnidk>+XN@7=Qc}UGtmG1LJb{OU}kybPn5MsF{iRk@pyxO-+B2YY}^}6~|T68W! z=GVVAL7IFyt-QzmPvN8rMqQx;q!oOD%rDiKf-XpAcs9G~KfX#sRHTNAYx-*Sb^G01 zSjg%(W@HePG%L5t)s@YN2390iQxiy^cDkPtNzX+_D6JTF=XC~hXZ^l;y6?)Qy%Tpi zPA^4Wq%pt8?x3RZChNAuCS2$uVR1T}9;OX6CTl5+mWyNlZ+_4;%5o*Aq9%=xt!G%d@N-z>UTc54zDiFA2~|1h*TE+9=a?2 zSJ#C5-sHd)5TyJQe0&EiN!0gO!hAtAvpLtnt3~}*&kL)*KYgvVi!CUZp}30Y7!^!9 z!>HdLfqCrg7Ha!<=;I8%$KG!T&l0k_QSAgbS4a3{c)-UHm6}{}(D% z`Gs7AS{e2)B9H$KvpPjki1?jMi0DuaeQ^O}6~W?U)l}HWDL3XclY5h7_fovui*U(Yls3FfV9*?H4#9%_4N4jC0JX;VL zNofv&uXpfVf~YBn*v-_f6{+NfaVjDtaU@|i|COQ1hXtBhMqQ*yrA@2|Q8WfAdP$^1 zWXVcYregO~zr!AY)raf&V}Ait;NL#m_bh;fLirJ9A3H~h+Z_0m2Qoaym0j}@fhjxY zcNs0uf(K2T*~LAwey|z6rnFGFW-vzU4NFRhE=Veg12|tFO_x_XO)a3(m zVX-CwE13C6aT+h?>*HpYZ~|wZ@3c7ovt9wgugxT-6S>8NE(O{-%%u6~#B3$#Ylh}D zODPKTG2}g-Ho$IvFR_&VH|oeu`vHQ(!^Au;-wr1Q{eu$vlp8Z0rb0dyO zpC*`*RIxV=Odhek)bEVOQp>rH2BJ7`%Hz7Nz*g=hpSkTgXiX(*&as-bSnF;3jsR8* zEa28IV{G!+c$MZ&1V1yA>+$%wavCSn{U89EaErXs76UArfT(Su`p<*q2x7M)v(0lH zA~;N(BA92gmMs|Z(F!z2a$Z8EKN}Gf{u)M_gpSU4^)plSvP}0Q8!;+{s=FKZskp%0__J_(f;25FzyxdCf?hJ6c=hDCVA7!Uij;pIv4Uv@sukeFpb~1W&uwy0E zdCh(9ECEclku68#+ok*p3J|}sjp@NzkhJ>WlTh zO@8-I{m=3zC@9GE(!4&q__TpBfHEt=EAKrs^XC9MRqisTp=SFD&=P$GdeO=YdnNLE zpnwjQ0LYAZQ!6{wX%~U?#ryJm@6lEA@T~&>e!A!E58nUnkN;tb)c<83b*klu6pTZt zm-4F{P;!`x!y?bUGGokhf}wb>6MPRS0vYLIZ-&sSYUTLp@1&FmRBK5|dpzjy2ysZc z`rF7JGb$$08^FI58aSLV0~ht7t!A2dcPx36ALBW#S|2c(k$>$dDxUIJ3SoDhnIC|C zm^vQd(aA`E-O_EuQV#xhS|Zw=$^<)Eh~r>WZ(u?I8qy&d7{gmQeeZ?PHpw-pNo>2b z#Nr}dD`QVbxF_m*^t)%BG(CDMJp^km0)*T7cq(l4!!i@+xt<3KuF=|iHV~e!6Du# zqDZXVa-tOuKUSWmPa0br`%*vgfy?JoRi@)T#&-Pr%mdsoZ_8*}ZU0bw(X|yxXO+Sy zBq8RL`q})`Nnpr@Ca<^ndx#`HNgTt3^imd{RU^kblkdwXzuk=D9Wt!FcVS`r(>)rQ zZAz_7rqAC824j}-MW|)n3CMgi`{eWFCe{zl&T}oUw7;f5MHkEp2HfWH(I}x3)Qu&DtJ*lN*A#Xtp5HN*xyrrkdF=SF+qn>PHZlLlsf7gTkx;h)x zGi;>K_N44*t$_NzM1XxgLSKxx*8@mf-t$h18!#0t1EQLiK>H+1Y(xFx=uir7MXL-3)Smv0!%io{sNH z@qDvg^hqdc6sB-CzPbY1)*5TJA(x!Oe6Tb-9Oe@q;Sd>IlFwRDm3ZRD=_JP&w` zV};)GF$oY@_0+P?d;_&+d&~s`YR)nzn&d+G-KpWLPSyE0AAb}oE<#@Nd?mH1ZVtNC zQU`=J;?`fk37|N9dR$3OvtP>6w!!E!i>NPg2Wafe5RlINhQ#?#7fihV)ClY;np3>J zV^B{X>ULCuXwB^#_4xpClkpTA-e#^#x~pq@wYpq%UPiq9I3_NT@v<>{bGq@1JrUS@ z_n0pcI16f5Zy_|45o@ncFQuouE{-a41V`_V`oHfH)$&im7!{BrqEs)5l41q*Vhh29 zhc#7-`HmlpE+(|ogFUgeZSj|dM}F0ItQvrrFI04j$~nyw$71q%*(`0d7Byjow)&={ zqB`{|!DhT;BWwcY;crkfc-F+8L5f;BKzP3*?ZKnBab%>f>T04oDsOu1D093Rj=5=bxU^F1pH-{ayKA5zHG*ETo!P5HLWZ+YhwUJl^d5IJ zK=(36;SI%yZ0~>;#pB>0`3DTWH+Lw>?_raQw|5i$+5qXH<~sb3Q4isKmvw$V_|CV_ z*X!Ahm_z5OVovl)Mr$IRoqYou4x&pyIjcEW8jpV*xWK3ip_lkFPMvqSz+cDg4^_Th z=o0uHmwA3U@96bi0#8n+Z+9EyUjh7xc1GMq+)u!@558wyFdzhw2nqQprfp2*LGC zpSOxc7VUd?_8+TfP&hHO1>L#rvZJDMyc=KFSRjHK&$R;*bY?@_0DT0vInRu}Ep@g= ze4FD)9iGJ!>53a~Y10xyitQF%-^f%y&LzZf-&-1;xh^C`H!v49bQvvT^qaDfTS|Hz z9JxN=*A_^xs0Aa5qnt0Exo5t(1c;y6Yre)*@eQtw?GBBD6TfFJ*3DGC4%6gHkOP}V z7nb{GS|~%7mmiH{w6aHQ5F^)RH@n7MlBjkiBZaytqvEr&n!RuIguXx3q<(Ds3;1t631 zGx8~9e47acrjmMx?vnNE?%N^7qFiOagBOt#&nvJWlIZW6w3nB&$1K_ss*?AH>+^3d zp-7kIc=c^b_SZG6bc`gS9DMv25Ll!{f6uef-a4jPTK zO_Gm?m_N^Kd$~Fr;;_IMT!ZqAOg*j8n(93l6bhMRYve77(U`&4UM+RDC=w>?aO6}A zoXcH^_^D`vE0gkT@#)8_Zju|#oi));Q(Maimw^klP2IFZZvSp%ANCo!{lLsnp`cTK z?%w6yF9~-Y?z(v$mGiQRdA4rG-UNQ_!-$yX`VIfJMx`FD$ACu_oeZd%Sy>#DoZB@# zmp>eXea0NE2S^ov2-4AC!Oz}0U@tvJ373k9k+^0mom=36Q$RzF&rzrIpu?vUP2fDZ=sUFq? z&24_pAC*4E`$qU6qxwM!N=_@Ie%V`k+kt)HrN%v-t#;ODo3~Kl?-N&DDw3~cOviS_ zIvY&Vr_lHkt|vfVoM)vL%wTVMzM2Dcq%-+Tpf0^q}o$iT^3#1%_+)N)ZRyGL37BIl@)WnG!tlEspc>}KJY1p*&w{_b=U7s zm7gobNPj)#P+hC)F85UHtjd{`QL`6@0E6S5@@YxI&tEr)(oAxOsf84o8u}F6w1L`s zB~3+t$j!}dl)RKF>Xo3;C6=B_VouzdcFRH`u;v+MrI)L_QR}K@B>T%A`p<>7^P<EvB4D-7hB8@&ra1xe^cGE8}-KLD)w)Kc&5ujh{N8RQgS+ARU+br*U0h@4d z?gh@V-w!3KT=G(-2UzwLmLA{2jkUkf>HFyWM?Om#drC(o^#r&4dTOpXpQmzR24gdJ zxiUK4FxvGAggb6eS^K$e>4hE5Bw=NRlvjNVso*9twrB)O7H?RV=RKqKGD4H!W^h4l zm{fO`H4w=!A-vnax3exh$4?(c&w?rJW22?Jrju-^s_>T2c#pA^*-;BwwwXiy(UrTj zN=S$0Bx4`zm0xjExopEhzkOU`)Uup9`G+kz4(KP&VRQE$4CCu3kR;R9xJ_(n?l#}k z?5d(YqA>s8@lX8kD473ws7o00kcn=xoCPM7X=XZZFh(8FAx>c-iRb>0j}^E|`ryB)imWUPED6@b8cRca{{~SAsw0 zq3P=MkY}lR$tPmN499kPo=LYsSS+ACUH~I(q>^Df8`JZ-J1{5BId34`T~u*j=#Me_ z7r5^sn9;U#uOYZ+_d_Q9>R%^xLrPQA{?tU0JCR zEhPQpBTfDds z`@Z*rWbs3VWErs&eg5!n`rqm!9*P=W)EImu&=onw6t%h z*|#W>O#ch#2|=tHP5ojgk(n-id9DGuGKn{grvuVx<$X!jx8DIs^TRA47e531u97?= zQ?LAd!a9TnmPZ64Z{44Sm9IuJ-L;E&-<#um+eTOF-xegobVf7WZgl`ZCA zgZQ>3L-0Huth8oe1tlC?&U^OWKG&>B{F?zoPhrvJv^lljqIh7mPpRz^d;w&ov**xL zod^HWlCM6i-cu~Sm;RgdL675yG0f4UAnkFF7PPnXo6iLi zm#YUjY^u^iM~$>xVgqsmN{r}G1spX!k9INeXuN*{XlJjcjJpglU;JM=O$w;1*lKL4 zUza5CofATUI0QgCpIyCr>kT=}je!TYzWZ+7WZ=2b31*V(dJx~IVEWxr5P%5nIC9zc z=rt~sFbro{(v^4Iw?h()q;1E*F!2a|wf30O<`P%U1mGClz~J zSiMu!IreJNxC?Mo>_Qyp34h7Xq-WRm{(6e?DnR51s28>myY2&boV6ZKHdlm^hy!lO ztNZ3CY4^>E2Mb{OIH;%F zV}AOd|Nq(Q_2yr-C;av#IQ7q3dM1?dfA9uCjb@2O1OT2C)+vr>KZ@e*E5JYCWR}Qw zT^4>iGl&Nb!S(!OiT-CI2nBM%A-H_;!D#xQrSzXoD=XbT*vc5z7A-^gIE;Se@Y0%8jfn8gYft)IO2=Z>|*0S(d#$Y zHY601$2_-b6=u>?OpRrm8GGc%^ylSkCm4Ub_AmbME{Z12&5#TL;dA#?H8CvZ}wCL zYNz6y_U>frtXx=iZ@gR5QfKC-;_FSoAfHpZdP~7Q&cr>G@inj`1F)x{!ym2CQVf9h z(m-H+J%_|G_Pvx<=pfD!2XwJUYpQr0ln!ALwgGDK2rl|y@t=Z%yQ#T?DZ0+!!;Kwifx^TSD5?UxfGFu+s@$Z~@gv>wV=`UyGaMFV44) zR##V0rOuxJ)UI+!8C_HYOxO?a13Aas`%1XW7xT61o0ddQ-H|0Dcly5&?+RUFI)ttP zk=F0dhR!kNz7k*}OGY+#Ocly*Hj-y2yfpl+zN)en(5}E$i7oE6*ny}5uCA|!Qna!6 zhK89hvN3=7uBydaJbVy)sMYWsetlPu$}jCZ)A$8g{J$3Cc6Mz09F8`-vWFGLNY;Wp zFPgUcrv@jlg(N31U7NGj@^s&uos^>xw0+G$Z2mwc@?MXw9teA@El37P(*>duNWRY- zz#e13!6c<;dgnM5yRl2^o|!gXG1(1XxiP#a7|Sah)O?3)<8B760a<`!_#|c^@8N2y zGp4zLgJeo2BxLeb}F?w^Itj)YE&O@7)J+P=I zw8Nl}`SUt;ohQ}|-JYdy7rg@B^B;u{ely3ZX>5#T?geAa;6py3QWau}H*MVgJ*Uy+ zg3yhLoq~vl99~`n{@i?^u_^0MdRR&VEH@*)osq?{FOTNPQ-c`qh7g16`DjdV12T)s?E3#5=yvt)^q|Rhb0@{gmbXzXyE)0dVuHNoExh1^5r=!!UGOD_qv^+O^ zFm?pEqa=%(DmfLlw7d$V1WkiFy1&QzBB>(hb$yy#eA5)qhTO-U^_tdacjc*wObBpq zBbTb(>x1!lt%c!62!ot`X^I~g??sOr>zz>96s%6gf{^FJqM?m>s7P+M-6Hhwt^6wSkcY$^Mbn9jiQTyPiX>IC}lW*Qj(~duyqlB}FK&6R( zkHYLSr?j+R`_8uKV75bmO`20K z=~~uNxtX2EH!b9(L z0$c}1Wp~CTGzkbw^1XoG@dOa?aYEdJpX+-{P8c=AFSr>T&1p{=*_*x}$tuWG3V>cA z;N~scoFD_T-0<@q$8I=^uXL%bfsQOL_&y@$GwrQsD_vI@0j^FPvO~cCdwr4woRdO!0bd)tM?!%Q& z0EW%UKP@Up8e}-4f~eC&3s+@OOO@bL`WyxW;)yc8Gd}aTGyB#*za^8p4l&%$v%1-v z-%3b~v;DcNdh4-iRY=;Ke+wnq)r~Ldkj{8;XF9ZG*W+8d<=9yPQ=hxdcI`7`ul1%n z>+{ET;=Yaz#x%=c^~|`J=#$+F739)1a$M4w>z4{*DP`u4Ph zGW0{A@GoGM8aBNGkrpCctvO_RwXHi1C&U8d|H25`>3JzFFu zJhqcka#L+=KjC zN~r-)Yl^-PE}sNKdBKxMw0_^zv2<+vr%MCa_(W#@%QuCHr7xRLkc^1$N8=l~*Ku}; z4l8S+ZNIh%2ZTFL%tI*}^wZiJLy9-5alI2$vZvT+Pu$0nztGW$`*kB)OPITdZDzbp z^rYRk{uxfDH3UbxWiC4lp3cmGbNX$zkmbO##7^8^zz9krLUeX|w_7AFH(t2syI=&X zbby-7*@^eg$}ugGs;l}C&LaiTJbu5fjYa98DIV=GpDmwyz1q*-2@kTeJ*R#Ook^0s zkyx``YGPWCakG{WFQb0kJ(Xq5H7!>YEH7qZX+Id@bXaSDkLYUzoLdy|5>6!mp+f|7 zxR0>QhQX(a=KEFv^OkbOoqssQxN?c{_vX#3-G5C*o zvSTS+`8Rea9PfuSH|w837;vOM!=n&o3I zue(LEFSjbIcAt;0YV^?PD8pZkWh)u!n9ou+mKG6Lo{^S2K6w&N{~Xd=G2wkDa`vK; z{9`|FzJm1>gWpNMeS{B3U}uVP>a$A61ew}P4I&%Zw8FqLJb+P6}4$P08>OaQ`Fn@%H z&93DJwL$VU-!<<=eLbXDIk01@Ml_F4Sl4sh0a9JK7sFc@78H3SuiIko`tPih=`_dr zcY?8Z3jZ^_T(9(S{0Dlu)d+4(to#rBQdap4-#wD}Em3yM7m;q&PjsN3?{m}yJIgTX z^~U0&)kbN>awQ6#l)K&i{r!_1r+Q-nrfv7OTL);58JhN5uL0VOsTDpxjcrhsYcc7n zOWM}g=WUsujJJW<2vO7MvaP@l%6UK96aV`WKy;GsM(NR;q3GI@I%QNg+upkP@;w-G z67-=i=jz4w7WYJfY^&A!nSP^{CZLs~;v*{*Q5&!Tg*nmgz~sgBf9U`6mEZ7i6kYL! zLMq|Ak-K)ylg-(pKO=U-t|AA-z^#26UMCRaR8z#}FXp1E#4UQ^RGL{w- zzeV?wlb$>&gzV}W5=V7ECTWZ*4?*@fOWiPdPsdrcKrVKj`S?jr->2y zjx$%euhU#ulHA#PZ!PPjS{EyJ`_ilL2cIReh1a#D>@3b~$;hiDzzt*$(Ocde)jiJ~ z^TwucT_(HCq4blCZyj1A1p=h&%&@MiCGX2T>nUUPD*?<`Rn+g1Pe}?;-1O?}7e+W& zEQWQ@rPc2O4j#NRWt+K-+mdu=zV^UuTtg~mfF?kfB<9qzyiayn-kYZsUjNT1Ms76k zZ(-M$aOwNM@VyV9a{p-3AKVs`-gRF-3NT8_;NTz-TAL^B7>Z>3fd|5^oSZcOVTT_U1*RMS!_WU`JO00!!u84R zb#4#Pp2qMm2zugg-`ii1^wwYIIEL^;|Jg4OwnmWBZz9Wn-dT@MT zIKRVR-j8`9w|*OV;IQ;9*0WUW$L#_>KEQiV*R|apIEG1$q?ddB$i~TkjotFDES+sB zS+K{<>W(lE^u*;o9AZ3BNO|{{z_AEWG{ShXQt_Q(w>$vV%d2*=Kcjf|6xp9I>_ee{ za+Rho%^`h}*;GngPf=M%aT(JM4Y+vX+A?}NPcD=WVpC}0qz9FN3FlkU*NH&;vXImNPdK(yH{|c)nonQ*|Ehfbf9?VOx0^f~oovE4!W~8%#D>yw$r3#pL^!JA6fm2-% zQ%E|1`2Nlhv3lu$5vcP&E9)5rm2cnJMGZ?3fDOxK-3SC`~7 zD2;pf!}Y8Yea?@{w3cEj(n*_lFDEOG)rQvw!E()@d|O{q$N|uQFzriv;&dNu|QQg<72mLS$ADjiT4Bt+t`G6_gftr|0awfe$G) z;c%&Tl~eTHIDT$Mz%*>$^3i45yELHw>CO$HSjq|^YcNl>M zEB1YIVVN@?;PuE_JnfALJH*C<$ccxAYVazOw+nc-G&;DWyr*beuE5vDktJvy*NfL1 zKCd#~b(&P2Szk79kA8e6K_z0=l+n364~W+?veHj5u6>X4Cx?LHlF4sG{e>JT&!1Fn zIUlx6T9Hn!S{c!%O(iEL``4Mz z$o%59uQcVb;$DG9H72oO`miNA9`e^^K~xq4?8JSTm$jPia1iQk0@66>a z-_5X%eH-uCWm^L3jrA4kz{MN#OM~H}vlC+ZSHDVUDSm)uG%ZiRS;3MBH1z%y!*!DdzM-@VqeSbi&&Wx<6DPKSXq)2; zNG@(gxDQlHz`%S9_&lDmR8m7USjn}R{w0rcuV2}JCElK$5H6Rr(;VD6K9}!cORynd0Rg2i2%3d-rFlce>_|T7_j>ts`hGc9ddRBk!MZ)A&+`IIT z%1hbIl(6Jf1`Amzl+MB7Y}m85ER?NN+IfH^dqQMKYPGfenvB%V=qIp^0SJ;8WrTyM z^5`zhud!ouOD*xj2H@N;o3U7M6|&H8#a1$?-A_74!}Iz|L7c0qgk#o|Eq$M0`MfyT zWY$rcuVO=<2~8M$VF{YIMIJcWuRCAMm+y8$q(|xe>yHTwH!8fhkU8ma0#(5`c=~WnT#uMF2w9|{d>mbw18XWc2(VC26G+!VcQ<0~4-%#G3&4})5$bFKq zTu!F%QVxOv38mv_`w=jBZ#@?Wyn@~d` z)IW2YnOs#lVTlGrxSpllb9S0FAk>CRkNzwqzp zUPf=IExSy%H{GPb1}-2iovOPIvh`YO+VLFU1b+mpeM(*L8xKsi(f(t4@XnmesKOR5 zpcK=aR5RhK4_2;kV$e0})rftl)b_kH$GJW_tmm}0yxMY#qA%sv*7ow`zI4zIE>+H| zEgdm`zp?e&Bd|1|DXG7jZ zE`v90Hyt@@uVoNEyg4wQt;%@iuahGQ#*7moSyR6=EXE-V)y)^o9pA!NAYO5a55QQS?~4Z_H3dObS8e=$37 zICGKTz;8BQXsXUi@;MZ%qs)j}p!PlC*r3f<7N*)+Dr`^rSjQ??tbn`0sHC=|GoB{6>;r|yjKGQWn60AZpu;ym~C)+LWqEA@&m6Du4-z@ zmztgQgx#sw*GQE_p19WgZTWK1Ihp}A&pfdzY8ryO9nT3fshbNAOj>@$`79W^qYIZ< z70pIoSFgI=!3-?^0lC&W;Y%r0n`n3;k(Gt`9@Ktv+U<5KVm2N`8!w0!pwsQ#suQ=K zFdrhRI%1e?*VxBeafz*gW^u9Z#Z|l3XxA|Ia2>jh(=r*!g<9>!vX5}?#8tnN&f^A^ z*oU`xS?rAF^Yyr*8bhw;-*;Ef8hk#mW4t4jA)>k6a&Id_|D?A{3B%-ZB0Byq_`>?6 z%R)}L%}h*ONp|bUwWmfJM}!^?Aa_$2Y)*1XiEcMvp&{2jJ5aWM^P-7u8ityd4;~f_ zKhh)m*0=`V5t(z{=Jd{c{GdVi-@UT;p#8)}X0rvT3B_Iw(LDJcQ1v$i%Un~WK%%aVsjrxY#9FsKv2 z=!Yw#2-~n%Ql)kGm znv)dP6ZP!ybc-aIyn#G4bCK%ks6)JY;o@fRmB?pTf?pj|2z`C(j2MN*zhr|fRX4ZrJ(CAdv(r&t=aSk%IbJxAlmo0uBtNKkU zZ+9kB3+p0uAr?3%+H7ivhfAg?WhIR0Gc!{l=e%vB*o~s~y~l?PpYI>4QL*BAcxMH@ zYx^xmJC=G+JH|PqwOdq2?zCV(6!)F~L zbbE5n+xHeLR}V?z*rK)4aLyLu;pK?9OR^bimR91Z*qM@|X7I7(&9&)3Tsahp{#5kP z1nOz7YB2L*@u^xaa+Ma?($aFU%MPS?BLz6lnO?OL2(DFDk(Z}$fZ9$KJfLKk!(0fv z_*>WRyKhXz)jO1HE^#_7yYisg7u77-uqzJ4w?-r7bEhe&7-9@#DM^hvL3U>KpE+G{ zPmQ2>2LlfXX+k{N-l!cFzIqOPF+LkOs-`*3jFFbVvJ?E zODz?#`2_LHjL%PlqjSH(n#EIg zybz^y8cZ_e#34|P&F|PD-eK>Jz6N*~2O8$+zura>YePcSC?u2huMk#AOU#$84V0W& z^P@G+T!{eo;2TilSts3%N+;wMpWQ^onkZmH_vkIxn+EKeO%8%-?p-Y{+8gPOX|=}Q zPYG#_>owTIX9c$!hfTLFIm%jF!+*N2mT4vlM%0U7T^gZr6L8Aw&Z7@8T&L?>43*-- zE$5~tX~c4BhLKrBz+Fo*p*&Q%iwIT)F4 z`lVkmwkZ|y{(*;o#A3E-Ue0hSK1Wi&qcm!)`b8v3A1{-9(E$1O>{{8P@9~YT!cW9r z@wX2^B|c&4n_{4=AI;4<2b*ct4)D92V-{DOwVX7fY8y;VMXg!>h_zmVdGY~|&iWmk zjJ|<{h&RMwkT22wzEc0`sCdnpMlp`{yo!>6Ot$89VZE)aGUHRZ#F5o7pZ7Lat1HPQ z0^OSiwYk6Ly)+MRwucpvzx74A@S34hYI%@FvDpE6?3^Jtw&k)R#HV{hsK&BjQ{re? zIl|`twVgrJv0da7lmSt-8_TL&UC3_`?4rOs(9)U4#Q3^=0@ zC>K21=26SR4fX`t&^8f)tHRz3c;#EaY*8m(xi?ISIK_mpUD^D)`YJOlt9w%=m%A$@{}VHx28(J5Yl%JN-8Vuz zGu$$^M4KahtDg%T{OcRt!?-2~2Ncc7>Qq z@GOsI*<-hg^2Ew&Z{TL#ZbVz9o3bpyskB0Sp0cuvs=Kvq@6Qt#>prWTVHC$OUOj_( zGoqt1iZiqV99SRLN~Pj*Pi4|vx_ZrBOrd&vMail>@<{rk#SDR{TY%0paNEkP#kkXc zwRz2ovKNOOms`TE=4{eCpG34Uj**);g}L!%vFOKB#XZF{$;sr0gtTnXLAWKUFX8J9 zsd=OEbmfhyZ;!v};=E*hbe*NSIucR}j36&D&)r-5V~s2H^K&ea-6G<$<;&U`H)alP zeQ*y_QG+hQIPSk|q9+e0zcZ~mB;A`uYr5}fY~<{k3mZ$&;C8*-*DPYR)X*;XsT_IT zqb*`50N7ChY@r_ab3C3DqU9io_N&T+i4kat!wS`WaE)$Y`Mhp)A?SWD9L(Xxoj zZ2!2NuUKlH|D*bgCXd(UEtl5iV%#?RQY{I!DqUcZp90pnFt^+7hWvu3K~h>(QIy+b zYmY?P0;e%!(_Slr^FGp{!8X>>2t;3mnkU2s^Dv+PRG4Y^|BKq;+;6rGMxB?@6#g7Ri#~bc;PsMCP zLkK%|c(~F?84!byU69Qn?+BcfoQ+cDVkt)q+4Tlm_HG7;|9V>H8LNTa&A?z^`$!jRSJ?!%7nKt7SP}g=xi^?BPw1A>p}g z4)oj=VFnAUgX+aYYgbNQWYFIK7Sg=-GoxB~3>9i6j*dM)kc$sO%jm!=9n=yXxpG7} zPGh``j0w5GSvF2_pr>D2``J-D0kcM1nnI`x+@{^8W$x>eip~gW!biI<$Yfg5)>s?# zdDj5#6Tam9GEj#sK6q!$yz=s{^#};bL>yZVsMIqfaxolUs*a2UQ>oF^Fmt=pE+aB8X;(T9J> zr7x+g0eXd(;9$-9*0L?JK(e;5Vbhzq8mn8TAg}hKrxjwW*g#gE2-ii}JoGB2I&L)v z$C9m`Q|SWQCW%?z>&a4-=6>aap9WJq$wUeyz}mn(!)~(Jf2lg(-_tZl)zE8W3dYyA zAtnM9skGWFCz<`5_`Bxyq@thL$x58`Xm%um|4D#jR$Xc(C4enL`?euBUC+>zzmjDn z&?VF2KJk^Ki>lz6wYKIBgQg6>r=BFan#?sM_7}=nf-^60zN@MR@pD0_o|tFtL=L&` z+j?YYlOX!73~TdRmF)PnoYOpsecg29C%Lnkp2+TJ zrbRxNhcv#*s&U(YeQEAR&Y>Rz<3-8KXB*GEMGH1S{QCs29EZn@+!rd%MJpjhUh zx1oIr5p|Mq8jMBO2QN=$tO!4p{g_wUzxBZ;c}el=diukG66#EEELFK`t_w3Y=8mwa ztZ!UvJ}+HZ%w`T@!N~@7FQ-kdhk@kdH~gJtW)`=xNAD|v&z45v`AW9+{VZ!g`m(ct zYMkxBcuVa%!qx(h46B!kSq9CaW3iX7-jJahb?Bvmxrt#{P@0z~)#smP9L+<(?(>~j zFc3;_#0pcpLV=iAe|(2*iN`0yr>Lomr!}|AYgU#tQv^3^JfMR34s^hl6`HmkoIFWI z(GsDf+1{}aRbub2--$KYa(Lx<&d5L3B`*j6@!>;5C*Gx;+r3-K>TrI1f^o&AnDJo$dtuQ}3^dW0q&dk`y8I|PAN(1QDH1W%-Y zcYLSknbZF?--4x=dj?nrJ6Ermj@-}^L^PC+bgz}Mx8+1WPRIqvUv7j zR_^aXc*9=B-=t&N!}HU#RO$CEcgOR&u6`V2E<-N$ZMT6*UlU9iMzg)qGvu>X4Vh0A z5U;+`w+xOaD%9?Tt~4bL9fi-wE8P=2QK}TuK|c#0Z=n{CH4_wd<=-E%ncrC50kx5n zx2EeS#$Vi9iA0OgwiXG?KG5poyYxe1Y+1TmZaW=BtcX?jhiAo#jIH*xykt9_0Nv4= z66H|}s18^XdxxZM@C-8U8@l>eN~MkZC*hm zXc7HUmAtmh0gJWw_6~E~Y+AdVgFAllV^k6m%;psoQk6eiTjTBO+zaZ+Q7JH@UHZ+C zF}vmeCcgwoy7qxL&)N}Kx#JG|E_K#SP0T5q)tS-zAW^3d0x?wh$(n&N?7+PQcItRK zbKkP zhouMK^NbgFT7BP^gMA+l5gr|gh(Ha|OsQ%>r|G*u;w}(){?@Q<;K&v%HdxY|a<6l- zKi4SIdGvP#+jrX3W5b2nTPjg#(#Wd-8y+Nioi`C=TC+`ZngT{GWxZC+ff|WglAXqO zL|P`9TIxYy4yd<;q6r8$*`&m`nS>*7cR9l8l;shZ8(KsehDlV2_Z`@-4kgh?kLV15;On95A8E9xd*XbOI zzCKlybNRRlq*Z-tyq6t(oQtv%*m4j`#urW0#u8IIgR26MS0>INs{@_RJW z#>xy?>*oQ}jtkXVI0FguI#iU6vNJ$QA4TPrep`D3i#twmk9YqZ&U%w0XBe7z?X*#2 z>t;&JDS?Kd%FLwVS|?r6ZP97P0Xqb=#b|@<8zL3nQQG-iV+s8J%#msL>F~F(m)_JL z!?{z+EV?LWu6{dGbqttbMVIpPcpr|Gs+HuBmkd%xuo?CS^t7=wV_b#Z&Nrud%b{1r zszH(X;ukryr3gVaw}OSuu;F4kvw+l%jos!P$MG+hzoV3itfu`izV?F&iuT{9w&vb% zT|EJeNt*;BFeW1hXzM8T)+(Jt&m`r6$!&#_f`X7D^m_6i?ta@g2hHN1+Dyj1-{43I z7{Q%R9P=V4px`Q) z?5e^zdZ+WNmq?~1D!Z;~S56XJ`-#4N@@K6k@ zwzC1t!XvCYjM1luE~9S-WqRY*g)56}cr%AK@dx|+>Xc4p^D158$fv8QB=|Bb?bu42 z{}MLiYeDyNSQeb;K@H30QSoxl=*a_zYb3mv@lZdlvulW!=`R}MKhML)VcTnx7_*Mf zoWX}!f*o29rd)_pQ<{t z!O;eBgjRZuP?IkqxOF}A^1joB2rcxM@G;S{aJX9R1=3+i*i?qhRUy2{MmsEEZtCO~ z8cUpTi92r5$BGFDq_(e$gG@lhs?&`=5_Z?SmQ1tqM6fhrzxeE=AaS)?Ctra4;$RMo z%}?>LINuGT+G8 z9o$K~dhUz$=1bvS#r^EgdALDjp2#7dW2m(G^?{U)L#Urz{DRh;T^L^^35P|I=-llE zK%mfmsD#0VeDtZI0gLOeZV9`qE~EC?_*nyXr_?>wB)~Q{Uzc6|%jfb9Cm*t1YIHs2 z2Jogho=~vsmBz{=39}O#rb*4%W`T)zTZ&ZwHW?fo)&P2Q^%S$^ec9|TEiin%PYwD^ zn7A4`l9+W_<12*Q2wds{xiaF9L*3;3Sq%^0C6% zxZNzTed#Az+qLy`@?eGMlP3#JCnv~~#QwcD_&XchfJxB7F$ihMOsS*s`9--rZpoCn zy61$8M-6KgF6*WYdo@?T_7$}dN$J!Vx27lAbi8N)%b}fz>>+>paw~_B5sX|>4$t77 zE5qb4+SGG`2YE1dSH8Z15n*7|!H=Ljg)%}rt0GKbgd;Bqp<-wI>cBd}s)KsnHoNeq%6}C

    kcBG&k zmlm~a=i#T{A_tAoIQnmDwf?Mu;_Tv5UN;v}2U0;}UQ_7@Ydg!cng6Ficw6Z&Vw}Wd zJ|ve5f3*=meI9ZE+^fmU2*LZCbRs;kQ>|y{`y?_XXa4$vYCMHb0%yr}9Tf8O9)zdsu)-PX*c|DY}J7D8iG4lT* zl`eCm+-aeEeSO`t;X}K5o>7H)C#$f9sj2Dn=gnh0J!mtAR{lp{x8dDtXrqHzUY{EY#&Le4(PHU~xB;BRQq4q*uf`NT2^Hn+Pe(Lg=98;wHMq8~4a zBp~xAAz{qqei*agCdKpV?=2zzU0Wk4s_;d!LgKtWXE%2UA8}2H|NHOeA8PM6cc5sc z6g3Lz2PL`NmilK;B}ON6vqFAl(^DQsCU?C-Cv^wG1q@R(^i!ml5xep{B>SBov2u$~ zo~LheOG2f43g?9-p}ISKL?oR5?80m`v%i-6%dQJC%(;>!>ro~Fa)cfeC}qlz(rwzMae!rpK0*}}(umAdtm!n~7hyO7)b)$*wi=)D70CCl`_ z?yCxvuT4*42_2JIoeaEqz?$yDp)dl>b`?oXQZxVqZ|zig=B7xVz}Owmo^7876&~+L zDeqMI$=?*kRryi7Mau1IFzL_Tx~g#Z&CO?FF4ZMpAEY*fRF$~(FDc0p7MB7Zco4U) zBEv21mtw9~XcNj6)lLfRy;ZdKRoae=w9HdPd%CoQ^Q?H9JgQLK*A}zuP^IhSU$|R3 zogrf8L1@3)neL>JQWtYIJ|-nT=4z*Tl!PlPL!mPf$<+;=i*{)#nr_~^il+2wgjMhL zeXy-A-kg`_^M0JNiq;$Y(yhd0r022xqubUj?BKa!9-bPhw*wAWaQ;5k+Z6inQ#YeacnQf=E*`~EI-q?tYaF;NvjuZ04wb`b$nV6ZYwJzTf zMk>d^qhiLDW6(%*_D3;BX0y;68+$?V z4&mCo&1S>RX2+vqz-*Fc<_0l)K|&kvg*KMVW>Ci@Ew~vKYk+IxpPBVFo1JyoAPa4f9X9fC zZCC-3HD2L0ei7EzHqX{}ET1q|-NuGTL>g(+7ai*w9h=B2vc@B_#wW7W+8#7BdvRv= zXrz_4KGJ4P$A-M-P?$PmsB1H(Z=(|(i`KD0m5gNbh){|~DpN)b4Qz66i16atV{z@h zJf!!EB9XCZLmTqrvb}dR=H*_~OQ%9a5bK1cyZ~$O)e+GpjwSSdVL`K7Es1^>ZJ^2( zX0BQ8c^GK6>%nCl@X%UJ9aJh+Ls0K$nVo%_KTM*+E<;%--#A&pOs8_9>7t%zTxyU$HxM(CQmKwpmwv zA@Z;siSl(<)33&13Oe}{J4nM#I=DbN{s9ww9uW~``J2N9PPiON)=P=?U}oVVJ?i}2 zS$U<$DpD(7<{GzN{_`BgQm+?XiJ7JlsMK)9e5aO!FGL8zc^MM0VqA-F;3DneA8_@u zBfa){1LBQqpM|Z4;xP@ZYJ9nx3muFBYlITzM9oJKsOdLfh<5O&z z`4_Fx^CI${C}k;VSDW_=bRGOmU{_I6TdB%wS)0n{3zs4pz%Gl5ZTt#OJp3=NtNaw^^wx<^}sA03pC&Ixmg4M8*(y+M`9eXM|R=l+x4hE62NFI^WtW6OfYkplk z#(@RymSorny?`^ToXBf!-*44!PBMIRvUMd?wo380TP-r(t#)O`e8pj-6W6|l({45{ zJHf&SR$ZI{9_`=^43B)Zrmhz&k%%f~CW@a{#PXtJ<3a(umVMFe65Uv7Z z*Io}*xYB+8J#f9w;VRdV#tqOoG6V;HRV!s&1o8>{3l)}-`Pad77lrbtAWd48 z6CWAje#^*p2Q3P1Zy9F^y7u^BnatM;RlYs~Ob?HFkVx6);zr~*pI}KRLjqU{rj?vR zreN+(*e`5NFzhY~y4e91uKi%1hOX6J4h6DPL*-%Rhpa&jR~_hV(=p1enbYR%E+ zplgM4&^}B;p$C^)Xdh~1=PSCF;;;|nizY$kK9HbMS!9rU z1Z30ui)>y1&2~P@Q0B}Ihz%99HH*k3F_;8*cu$$}@4T$(CFD9r8Jn!}@&N6*=-RXu zfL=KV3?x8@-Dp!>m4X>B1b|R+>!S>=9=K32?7di-qtIsr7@L7pp&}6IE2WM=@7#@t zYULXjD0~Baz|0p6&^WM)TyLGE&vXPh<m`sK! zv4;YwMi`y#!pb-csFR?k8u38K5n#)A`NK~z55z+;Bq$;T>>UCH)QCb&WiJ~76!49D zx-5(n0QZ5VDYP+wOfh0wbC>}#WX^03^OXz%OAljf7?_)fPe(nerR~KU#{g>dfxWdY zAoH`~yy7sxPeNN+9gtcwBpT3TpcZp!kcy`X2z85VU%|FrvyEkW00IscZN9P(tK_aY zuSbGrcR;wj(WwMj9K~qEFlG^{4#p7=cHp5v6BKqXAUV5nJWSnKz<=MV1OgJwk5JDA z&&Y35pK$;@z71Dj$ePJS%en(U&da8Z8LpQ*3BhSsasqD7!4;DsJUK>E0PE6U(TCp4 z@o)m4{?)UmL`*#%ny}FbUnjtny@&uZP85+AaHTlP2XJjlJsHBtimf@$at_3ID%IepyUJ_mWsPzq%l}*cNe0Q z{|XNnQsX!`=$}{T3q+n4LHV%#0M8gZ-#iwKT>qgr1-r5h&-aBSm{sobi<%ZuyEI{VZM)>t2 zbnTT!xVrB}0{A3B8!uodh+vi7eVE*MhGDI8_;4rbo%sB zD$@O7e$y@jALn-=0Y!KyGo%Ub*0O|DXAwpDh>!h_2twxTv0`Nyo~r-ch43H*@px!l z2UwhzQgZcHQGu2I|xz#asv2m0j#;N%`EV+~Bf z(%pPSP_=_Mo2VL$ksWJX&yM9x0i^o0M^!3GTkz8@tk@(zz#zbEMdG2YQ%!K7r-j8( zwH70IXcUeNaj3lCNCge@7ib$v=-S^9tcTmv_kqau8x`nUE>|LE+@%Q~dP@FS5LJm> z0iWI98{t2xE{tIN6s*};HjxdSFaQj76mAEAe*R+$7I*yU-y*xLk>x0BOvHHi06YL4 ze;4Hwc#ec zCj?Lia7S|}Rl$D!abSPI2F0U8EQqv`=drKkxKymEhfx}S>_Xm8!R{KJM2#*y6D$Mt zxDtY#aJdPXUeD;{i3?a6`lo_qaNDEw$~iN@Wl^tfn*fQPw*nl!75oW4%g+Z&qI{GC z!uMhIfN}nLH}x42bM?#=jOa_{f@kW0-h(&JV>yM3elf7LRpFsWNdW!}ox2c8Fu!Sj z%>^uH@v=3NNyeIR8w$=w zfdzG7hmkoE!gxsihzLeVhVLq9aZ*SFw$Ry*+Xjzr8xEgpKW^omZ;mzNG#IQj^qWLu;-YA;ab{50UiF|2Xp!9#MvNMKUhmUqEksd}v!`9K>Pgo)T$!5$o<@sn$eV*JFnPW?vlh1p;*X z1oLZPtw@befWqH`uLHdUv|}nBO4~_A`JX$l&A@aXK-#g!m?_v10xS@)@y_0{j$KGK z8Daux)4ekXFavBjQ0Hkt|8CA*t`9-x4+Ef=4-}K;hSw3W>x=N~c0^jz-myTW3|Cm{ z_5ZXM|7k7$(^~xRZY?6(b|K-vmym+<9N39pZa~@Nfy@J~z6;6tiia`~fZeUdV4C31 z!Tp~SEx?2WSNjfVodj)l3SXbZfa8`j1%fD9;NAgCpab)T0K+694c<2buA8yhbKpb; z_@IfHH&f?i!7^CR$Grb)+K@@s&nuj59fh3ly=mq|OA0b!ltgU9Sql{}5i0;m8bojU_^*azoVBN+bMuMbKC z|B>UZf1m&SO~>ICikqpXkk+uE*6`|yg4VR0v#QpjTyID2^dXwmgM*&J{&y>;H}(#W zsg8rhqHrsn_A{;bNFn<&Ep2fHBO(V@EAh@`A+cC zE7AK}D{_!d)SkCRV<7aVDsBtU))oXB)rtJ(pHdKwx*ZuQ#3uO<&lUatmU zpJ1msM=cM4$*&!x?hg=Pd?y)0N7EpCP?jh>PMw5`5>O&jNuM|*V}Ba%*C+iaeyG|2 zy`iuuQo&5_8;29)zd&`XzR#y7Jcw*!*7kn!xE&W@BV9cYGFZ~%rMqL{0UYy4qR3&T zYA>snFM0fXi%Uug=MDc%vnnwp7y3tem}=bN`sx8drM7F(BU!1###1M7Y85U5)IZ_;e17t5MFHAdLs-r_N!`r zHhS4jb_M^ynVZ?0JRD$JIUycEneA;j6|YZZ;zq2OT12yf4EE1hCB)slNeC-*)NZO3q+DW)4rOJ$>5=p*%k9u@?ii#0`a2VJy4t5{-OdHe^hpZe0gFsR+`=ew?8VtR))qn>}bNl4t<0C*Adf$?X=`LAeO9%JdyLH4*_)_Lp&`!T)+4&M9ixVNJwn!v!icxCK$Q zllOq%E^dC{iKv3&v_ba*p#!(g3z%!+{@*Yk0b98YMK7(vRAzP|(a;s7pws87g@jLv zm-$&DZ|~eH#!5J~lk@AZG(wMZhy?PFy6^XT$uR()d-D&3>jn2gG68ss%*?k?vg1vw z<76m$yDTw})Q$F-4FZm2G-xf43PRb&Na~KxtIv5q97?ww>FIU76WeJX&^ zR8Rh)j9bmJ?BZAsJr6(ckz8Q2BlG^DnEz)tQM=?S^SM_fz$1?5sM%q_xMx7}3Q9W# z8_@!h={T{JvSlItCxDlty)}ng-N~a!=k2>n@2BYYg5@hgm>9B#6#QPnWBtq3bR{~4 zdl+RAvkBX^yxU3!xuupl&LOWIT+Vr? z#rpfpTRy$F6?xRTuNHILDT5`$r}`5Y7Nx+(9=tNMm5F4EoVCf4@j z@>3(qpyA~rHP{A+^||DvIRK(DU$B3gmQch}S32NR6XNVgol7a)7DNn$p0ZJ%SiSTG zBE|80s37%bUN3HY&O0dR#gcx=N%O+NOI=?%F22lB)uo;yj_X9SFOO(M=Gt5=`s8w) zqs0ZK-D_kZPAJ?1XT4u~R)ysbg+ET5F&nwZ*OKosBg~0n1`)%jj#b&E`+3D)DWxrf zi#zlTGk^9*)Mw=^b_VUZy$4U{WanlK_eL`zaV{d-X+6cx&P$)lJ5Iev(yxa1*oa$r zyML|d0_Wy7%^HprdRHu-{8C^rR%D;EbE$6Nmw@gQzRtbsjxW9rs)NBpPTHCwh6?V{ zO<^4f?nHTn&5Na$bO_Grj!x^fqR0n(AOpE0H0r?o76!jNtRI;>eTzXEL@! zf2lG0Fi0pqDbCGp&}WZ4Jho1!n?18|UOh{~&Mr&uRg~to+;re1==jg6Ko6U#75%at zRy~){(Innm`R6_iuC5h*cAsJBibsWYf{dK7Ik}oJrFc!F9d~m;h z6#wr}1w*0VE`1uC7!69My&jp9Hw;&C%y-V|p-jGfVOHL^znD%;-%fJl=hiTxle*;~ zS{f|5o)njT@mpBz{Z7fQ<*^AD=Fm$_Q^^R|V)@|a?B42^tVo9DwXZL>-C=Xu3rq&zC9ExRViVP zEF7+k7WM}xL2^8w5647{Ez032*(Aj@6*ODyahg{d5B{--&3LFz)%W$(1c=DkP9bF$ zM&4^8Pex~YF!#pmu>o{^z{{k2%=>y0yw-_m1`a;@ZpVw8rYk$ZtB_ zMS_IPjJMt&;T94285xaA&S&nMZT&+VkGc9Ki&ng#p*WW{%j}Bw3wE*vY0|;%M`&t( z9VC@xD>*TF=-RM1*sYxake)!Tl=cHrApQs;rFD`kq}^3PS^#)DYp+3Wo{WF0tyd6DB!$aX%|}hLTow$9;_~R9h%9D#GMic)`I0*$cgNN&eB{XX z;%mpwir!~hMuYvUKm3HN*%bU?>5ulJJcM^2D;H(%Od|3EbDz%$P z(B%Ix&LBPrCNHj$8`LQKNTM`(WsO4QD5VTlal^*f4st7QGtpAcqw-|a@elVG_m0Vr z>l51UOWTj;k%;3~Q!vAlCb-@mLY3LJq2%7!%ER*V6gAs%|5@E-o;2^g+$t61pR)9;7HES1Y_j)@T8nZ#VYJ=3oS^}|(_MBW9`(Hw zr8{qX6P(82on(a@e_fJtb)Kd)ZqH};2EpmhPC>SxpBv+wX%4Q=4i2E-6J4@Vk*F$e zihZ_ioKw}BCMWgF+3?%=j_m~?xUX3L<lN>Cyl=}8{$l2jNUr(#R#V8*? z`!!R|pD04j%$dQT%5lM^MRipxjIEYpHX5aUw);J;xFEOd`Xy1N}zvSHbjjbK7wwzzZ_0KkOkfGdL0b|^=mEA(lUpw%Fo?` z^)Ev~HnL!m;xVd59)n9c-IL@<-ihXoHY%OZ4N18El1Lj{-dovGWj&IfU6zx)z*?oV z!AtOPmg?D3xF6|tzS>I*HG24>uZ^bk>X)xBsA|uEj}=mwcyQuYGsp1GmrRuszVOs9 z{40^Q+n!dxG|9bnM2>~l*PkI%Hh#gu&7Oa9?CInLMtic^8QrYykiNp_eI7fjIrfX* zPQ#6=xDL8o0rzL5$0CFn-RWebyL1^lG9)4~P_APT|FZNp1IBPx@^DOAl{Vw__2WBt zd$KcMNTjom%mdd(AsBYd%Cc83u$5jVzAy91!*}I5Oizq@XC*Ub-W#}z;%CR8)y_`u zoX;=3(7w;#oOtVE>&c7O)DFS_6W&l#pwv>cg3RCDo;nT^yWW3x(T0V8D1??JKFSfUjds;H28L&5Pqc2QBf*UuzrXd>?ZV}gkKe}GS`uhp}(4G-;<2c;Fk z@6)!O0-|;{Ey;xe44ZI|-yBif2t9)Jp4SmjP8r0?1S8dlKyN!Z=|A7!Yavb*iot({ zQ=p`Y_yyEgIcb**y2~s8O6#-a?}FdM23V-fpT&JuVPPRZ7|*9 zNb+eOky|B+{^y;ZGGC^m>tEBUdr#{8OZ7HN0{g1OP+hi}-;XtZk|>ULzH2JMiao(9`0@ z-lgQ(um~wstx7n^%6tGztygeRYIpi6p~fItP;>Wh?;ou5{~~|}Z`ZuM2RTIzC&8>V z=8QaU2ktHy3&#G(WAvNU?s0%9ljTfy8e_4pgMV7}Z$tL~uU7mYWd-nRq}lzYb|t3S z;Tsz{5qsvX60t%^wU{)GSyzqOQq5U>#9oe2A-5Sjzi@@d?1tIw?}$C8829|P5u`cU zI%ZJE992baU@FUM8+k(QS^_OgsRunu{ARO*)^~`J(=+)R=qJH2UHa0vejm!41xORhRoLepbLGwl86PvN3 z5n|oUEC;nggHkp^+;rF|l~Qd6J3DCDJP6}k@x(sI3DVXvZAkm3N?8`{IDS#~iB0a8soIvks30QNM@o!!8xiaw&sJep4 z7QBKDT1E=S9F%UURqV38Slmhq;KYw=|0sYzRS|m$jPQ?I6ify?R%Q*kejH3hV=VQL zE2Wr(_5nIY=r&4rP%DtyPC+eV@=QVwi}x&4h`-DJFVwwvRFhrXJ*X(60wU4`1QY}m zgdn{aX$sP$w}2Gsy>|r#5dlE~=~ATk-a=7&ZwV!#cLE6zAV3JrjnDJE-}}xVGxN=? z`K|AlwOA_dT5a$Uh$W!-z%J5V)WLqedlD_LG>h#y zUIZNCF0ifppSDbH-v#s;fLMYb6K8U=cVdD#p=oiqKd<P z5@AR*eP=wX34e3Uma&UCw2|&}L5%1n^#($e2THze znta&<4xp=Oli@A;miv__CfY_`GafC6$_ap^K?r~90sLwQ=&Wz<^h3~bvJ_}^NCFcE zFz+ip074NhKzn8otWV|Mdwsy=8i+>TProDe`sQ&$IVo+BG;Pe+;Z|44f}i6u{%xTydo#rpB}3GgAn6yI~;|C|G^WeVaR ztB2IQnn~7ggz$Z>oKyWoV=a}B7#{agRYAT|G;YYj2cHCgK{`^VJE1*F&&js6yQdo?Cys|=_P)|MlUOpt7Tj@9tSuoR?tGi$$91EWoz0auVsQL)YB zY-;r^wmZpatURVaBgf!aAj?(LZmuj*YGSHNMirrF2zQsmjjXHBEy1org=T&-Fl@lb z^a@dyDy0|ZBmvSZdH_;{k!t6X8md@JzO)6&@ z-TsDlq8l1mU4OhW>1?d6(NQsZ2{VX=YLoh1YhsEbsgh7%vxrH`@x~m$dfgqu()6>g zaAg)?X@KI4pM^DMkZFBd-Hd&M~`o-OC%=<9pU+Weme2QLx6@S)PJGOC|t zD}1ZJ^~#0Iud4oaYOi_B3vBl&aQP?@}lpi7n%qLcJ;V zzh#jY6;AUv?8H^}$kml|GQEA9GVMF$as6|-1dG>q?4yUg6qfXSg!uFPXp~TvyFu40YX1vg!SlW$4t$E zMI*&U?>4B(tVnyP%#<|SbEgme2hO(QCL5Aj@!iu=Q%JFap48l2Io+VE+1LZMO+OV< zy|J0&c-;KG+jJrWTz^T|H<=_WaBlvKH=ocqk&&qYSlW4apM!%0?LlBpWjQYdHVEc( zvdoIZBsz)^m&S5UmoV$rGR9Ke6NT4n`|}k@ee8d?Ss-eKsdnNWwd!9YPV5zaHUw#2mMR={q%NNHy!62RsO{(0E?w2Tk?}=Kem>~+{#+W~`t`f+u6!S8@zwHtWpS!)-ztc#3YIeyYS!G+!O6AOXeij5 zxr_>z4cqLfn5-Y4EB8n}8cuaR{k1F~<5`oBkI|9z$O=h~_9}2lVA@RRgF4HpFbC#3 z%cE7yslva7k$qc4qHg!N^YnV)d^&y{ux?7U6smaR<8#+vuz6Nrz2`SE8 zkt1(Q-w(?!lp4eBuw663gT)z`Jv ze#$=yqI78Q`s&0<#FcyYAeJc~)R)ID5^mt==qF&+jI{l4DrFtjhjM_Gao+Czj^hrj zQ(FWb>6?{0G4A+k&gTWBw4SYZ@~pwVA>S}Q@>D>BBetT$>*e$Q<0E4=Zf#j}bIX|} zW7icBA>X|Z7um|iDL`oyAX_>8f);{K_Z0&VG^H>^Ej#8xWvDC`#lHTMzmGcefObPt zJ#d381W+k9&8G(}ua$f~!?&DF6{mw20by1no;VZGlNceL@?TEWqNw92(MbjNP&?2- zOv$y~6H9%W5rd^>UuZY^F%_D9wfbGEC#N!4r$UU<2sx8h;@42wkymARTrs=4FL{@N zPCPEM(UcLeb4ZTzp<>e)@`zV5e5S8lNNaw?sr_}#7CsRb-di&^`lZS{tZBT+*kht3 zqbD(xNMFltO$)o!)8h-(3=(`JCRkVaH9-X$)>J~9Azs__VPp=lsa&doJrqgJyH-43 zTx4HaU(9k&r5xESVN%%I_x1g&?C=?dw(2h-iO0S<-c=-8J|!lT-{e&d$wWj+d5 zXf%%1UQ$VK-n3nQDH8blPM;M)aW_?&rW{&jiQ~?RqZpz5vyql~_v=diK1|vVZ;Bti zZ#d0!$RH>^+h%1qTYFVT=@au|nP8sciR+CpU#5E4Y(w5g;al@M`##cTx%K7qGlvJ2 z1`#ybc92nbq`v%M z#D@8^e@?7-7%%d1=Yl7d+a~9$0K&~wbdorCx)FW4%7h=aOU+ng*)kr*CbW!JZ|F8` z2K}_dRQ#oVA_Am@g7L`$5hrI8qcH`REJ7gvoYSr#R73Rm>6>0args-ld{sMc7n-YG zZLb;DaMSkZJD6=FidD+BFjN(ywC*RY<>GbXQFu~VFwtA^$`YxsZ;~L&9r3jsrtOX|)^E zVLuK8B(HegxUs45z^?ZOF$H(}l}12ad}Jf|Soi}J>cbAw+G9x<<3 zQam-(Wu<|}6T2E7A@}W1qM!eeECGO}F&#GtK&X#>Qyu?<+z|Oy3ED-SA>t|Ig z>t?;TiMQbI@|ljhDQw`wm{u(^UOr+239J2Jm|aX-Th5XaeM>^Bn!uE}lh~iLaG>L) z1^vnjq5*Y(LdoLM%~jGte5X?0u&g~rP4rgx&jRH21NYXte;sH8PlGwd&JTw0{b~}s z?umea_Lz_>9Uw$zc9ajj!vHN@YRf)RLG;^wA|_Hm$LNR!0Xj-k$45fvO^B*4&~ph) zIdBqQId^{ScpAL!{Z6}hq|my+l_JNMtC^#*s7+65oYVFeR#RU@Qy}|{T9)vZ#dm3F zKy?Yxi>l7h#es=cZP*oM>w@H;&}~?!@xa0eF>}0;Hg)v`7^0~v(w{o9(p*Edoca?W z0S+})%`N!TMa*V;o+P!;=&!}Dss~wNBm@p;W?tC~`WEJF*1cZf2)s}9OWWBb5X`vl zpPkX!d>QP@F;yTIa+1_Uu-fRp`bp2!3bmQVbDqEz1AkOUt)nBH%*J+Q+h`QiUR&|( zkr1UBha!fOJ3^%W%>(&X+{MY*&`H++7c-N2MK-}yxId9_jkIB7zyy)+A-+*}E% zzI510x-E0^ZHb1>jB4L_h&^F@c1+JJ+2d=&;u+7I+@0|0N92UJVS8Acxg1 zKvw&ngPA-*>0UEk@}cZ;^ErD#ST3~tTSCibIs*fmKP+lQS#&ywG`$<)+ zZx(BVsz@d(U8u%(0`(-rH!a26Jx*frj>%;817yvnbTpD&0P)r%q9_1|3b&u_1r>j~ zH|T>l@M`zyvu?Y0UAql(O39?}H4cwhEVK}NO(4+zcD7}jLPI&e@CWxpwr`o%XAYFJ zQK*jP_as{9I0J&VUlhHO*Y|EYXRUnu{C%?i^@j$9cKVZI{+NO2kK!7!dj&r-SqbT! zfb>rLXJM^p8bhp?I(dEy(ar0p*kwc zfZUI(bIEr;y+>SiVfD$BXU_l5dM`NE&-3X0C%Ip3iZ7+gG?oJt1{J=gp0AvHMspSN z$Qku`y_Xsl{eDEabe$J#Ms^UW`n{FL`PM!E{_0rU~E}K&X~U2J}*^G2H6%dwPCu(BmshyCdCQZ(QNV9%FW-K~-0MrsKJD=vIu4DR>?V#n>z>YJ z7ri30j9aK17cD|{%%z*A8Y-Lwp z?i3y;B9R2!Y;DC|R&)}ORb~Yg`$vQ)1Ddvrs%hP%G<+=bLu$t@9uvtOLNBHBo*%i+ z!s{;BBwtxS3!1wQCSU&qqXrwAn z(oL}C>1ZU0I8&Q%npyp^+(pR-uyGSlpTmQEi#a@2f&k1=1#&oduF~OgUUW8Q31s~M z!q7R^BCW$;I5wzzx}0gv3WUlcVqF^eML4Y_veZ$5VaepjOs>hV}xK@B$j zyQMEmohuJy2zcW=ilS*_z)H@Yiy{YcjZ3pU6cy2kSQ7t<4 zE{dzV)7Ip-!V_CdkGKVJIZ13HOZ+f6yDzb17(>pi9K+@b+(P`Hlk(bjzVbSYNB%x7 zUrmD3v6M0u5KqL#fseInKSUhYxo`$3G$)2CedBssx)>3kp7ilRIK0nHSAFUF>`abQ z1RY;cv7TJx{)ys-ZpVu!}Sju>FYy^d815>3$GGhBC&b;g z`A$HLh(KNo@Kv}|*->j6F2dA;{P5`>+dn+RqunK%@44~!8u7V+q1E=tjWc}L`2n9_ z>h7(BH5R~F?dbSAfU!OCUCcTM`UqTISPR_Ctvx&BMIT=WNRpclBI%;p=_I}8H5-31wCR-{4!Yb zbz?o}Y0A#7_Ebl#wOXhUhaJiWr5*8fd`!z~E}shqDIc)yFrl??0Z8!F3x|Ie<3oxC zZ3X?W>SX;)_Qr+9QCNRmL8wIA8r*KEghr~wPW*1*GmAVO2HRUU+pO3Jr<>uZfW0(w z;PxTiMj4lr+(|UA+P90QAQSJE%%QX~tBo=04)cSoP3j6%)n`3>Xff|i7giv1mk*J{ zk$!UU!UwNTDJJChPv9xvF8k$+#Hhteng)FG%(of6(9=acu27!dUkclO9~2CGsuNU}$vZj$vvvT* zBqHgOOgwYrnI@Mc*IMeauWHP*KnddSnAsoR+YA|};D2^mQA3=rNaaay>r#O1Nv@eE zjDSAwAllsuU|;rmhcqmikWrg z0|3WFf5~6zy}QKyh5*w6!k*Av)N_U3g~Zo7QHCl8X)TjDqawJQ%crk>Wfx1qiC!CW znLZ+X4SccMokU#CNdc_t)woksGmeNa^s;}{jNbs+@2l1Pi=uU4`%_cuByIrmnKMD4 zAOau^F{MDY>wTbH$JNcDexl|6_Tit(t8d%_Z`%5yZ~6Ref9XDnFrTImtN2jFcwI`Z zyK#M~Go#Egh5Mi|p`G|mx|@T*#P)@eo2Vm@{ zq5Y(SR<5BJF!HQjwFyFbLJT+OjKL52Z?SJoPepY$ro<3@?wux@CaP+a3W)QjV|03ggKjYrxOPP~BPX#`?T&1=)v7)>nz-Tjrt^PQR zgrEJPHUH5Y|9`mxaJvDt)Bmlc`QI-g^LeZ^$qSk!bQ*d*7f&M=p7=>W;^G5IU;l?Y zlrzLrFp&u^MWnP7+~x&dy8aKZ)N5Sb2E%=RSbi7y>COd>eStIeeny1eRyBJH{OrFL zo^)ftwToU#r~fR8JJwZ0rWcxSrhl$O5P3-Za?COhgL21bJitMZNVi_*qERVF=%)#! zRoP=)_``^v9jeN}r%*t$3nNxR;M_)lo(sjp{GuZ>@2*GC$b4zHqk$_Kx$g(4}!0T~Y`dAP!ar0+_VTKa;BTV+8e+4KrGHj0nlV%5KEy zYIR+PCf~mY@}3S5(YbkDcM%`?^R#|2hcr$>6xg@nfIfD@QM>z)f1)%l{cbg&tL0^I zY%+Dv!@Nrh4G7syr8HY4j5JPc*6~ZSvrCR@F!|DUy>|QQ#U{n|YC5k$xqo`orX+?F zIxd#7fdCigXzQPQ&vgUJxV(HFRYV>@HN{o8aIP#1K`A4rw^M1^bz-F^p#Exc0$IHm zis0?J_9v~?TO+HX9)q}xUO-PmO#~EWFFHamMacqSJFu4WD_PlMA-#n zW4ebMYBbSU$6By{O8Dnn2NJVC1b=q7!XyJ2DrW|Lp@Jx;ZgB=Ckar!(uYam*CUegh z(2Lf{&LOg{FlXT#-6YNOEgl!xZ@VeQJRx%kG3eoXsJrC(;(;%FET034qQgcFlCnP& zKGcF9q{s*`vfvbJd$n zyErpRU!$B`c!0a2FE%;49fXu^^dkvF71Q(*+*c9~Rc{|dkQw}y1C4wscp>Ya! zo&ORy=Tr3q9jx3v)3u8~9}(X5uc@vyfdu*ds1{6ZF74|DsLF_h$hF1*A6DK|>#Wzp z5x$u}2YKkCL){$xMeZj{Lse#Y**jpgTcYE31O4eeQ_aSEC<^wk9hv(z+Z*xv-}R55pRrrHo0u<6H^5jzrtCeRZ>hVmsthMQ zT(Hx7HJX@L z$9BtU6K7t77nFF(LNohZNEi;KFyg4CJg^v-$!dI26j5nJxMGXoPAsG7NrVXq!p2Wk z6z7iZ*~FNmokFR#UKMKE3~&b0GS{%Z6$$&VaOlTVEQoD+c;)h(l#^ur5Ajc#+U5$K@n_NOgbgG!Pe1U`mhmD{kl`#C1w$3(@MKj4+ET(aCZF)n92 zJvim$cT@k8UBw1m zqenMkC5@~2aiVk|g&o(ZN>`Q9l&-mu5%j=TLahYygsxtL#=}w>3Qo1_N*bjX6ZN9? zgsZK5hZe=zNua#nIZai?rk80R0x5x9#7{*Kt6+SHUB0;r;r)igUi!r#xG*<vmi^%9e-3$C!y8X{#I+ZereA9 z@Z{}%!?y)olrg&Ra=b5KYSeKCO_f5mmA{Ddww5x`Iqm|eN85FM;GMeX+n`#5-_jN3 zI`8_L{sJLhevZYrH^!V@$Ok$n1nF;azui`H(ws)A^OR{S+_az=H(-Fyv~G%Klvaa? zp7og$w}5DRk_=8&7uc<;%4LUak5%1YUd~I^C2tCYv<5 zuJ+ng*Z(}YE|XdIuIe0x&wv!rR_tE#O>XTvN}H98R-?$NKchXiDv9)?rrma3BH&fB z3|othmnn$|vLpEJ_iqOn#hjrczH~7bw93)E*(siI!TX)mwg`(=0#Ay}+X6KJa}$Q^ zB$wEVtc^_6cUPLdOU4z2LVl3> zN~N8SKU{uc)^wjg@EzS(sqxLqZZ;FQt~SwH+9&7|Cwn{iG8GTR`uLMRP+tIO(fio8 zbq?RB{^}B9Va?CBQI6daNR-!L>hamoxO8wmr2DW^g0NKVEnO>f!D+Y6$)`_1?aafz z;t|)Ex1{evjDIOpama(4e#{#|eHtx(0Tny>%tXSIvto6n3iLh?Y-oQOQnVueQMP}R z&YDpsOJa}u{PbA{=))r65X4q;#(oxJaLb|$^W(VLCh$CN7cf4U$kmScMO$rj>#pPY zc12e|AYDg^TT2D0-FlAt%vy4hhi?GsK7+lXm2e1~LXuq5{K4R=YyfPJBo%F2kOue% zO-<&h($gD`f5+_E5X^*$E}Nf+`Wa%~NvEUl-nE8XOw#aW(MTT-tIo~5A!SS7u*o;H zyQ>PHJb!XS;6jbwo=ZeD&V`gs)HHSgy~h!M1`%B&6Yxq?&l--n!Dv%33fK_IptI7V z@6*r5sVGA6@V{Y9s|Q_i>1o;GFFw(9N6c0r02TkF9xXlSOTq_E`6)~ZiHUV-4DFV& zGb|#$^gAoi#SBAUWF=&QgFhQm{5bpAy_r^jQ7P#M=*6#zJ=^u0xU4NxHLFqs#p)qg zZC|bkNn|%KM|$*^l9~jmzu?(EIyUuyOev-eTL=Ghg5o?9f7u{#IDcJZMMXoeULmR9 z28~gH`s2|>!ViC+4nA1f`ar5j^NJw@QhU!%dFAYZz3JA!?M>mi&Q0@8O)+gA8&nua zY@f#C`$p+CNt}Zog4^%b_I%KhL_{->qz^wH9O0|}MzLP!`XnM}Ic8y9zlkqq#MNue zcyRAR%)aEu)9lc+4foGMk|SRq?7hZ$khzn9pAK+_Y-7hKYxhb^Y`wEN&5P9#1SHsM zgXn4@juk!(D7>>`jQWlb)O^OBE8Tp~lVfb5IEnuv<&Zcqme6iKwlo=hwAA-5BP~aC zjWdp(4xSR9&>t4&hbLZg{OP}{{`DS(3}kLvh?(yFSD+EbDzGqGzmfIV)_l~c&;J9Z znQIlQz0$a$F|8%UAP;s>h1aq__Z``zs(kO=mNS?E^mC}*F+-wvN$TpcG*4MU7=Nw@>bDGRC^ zXmuox2oo?s-j^TWayFImJu@>8K$j&^?=^lAC{sy}1IAm=Tm>8xv@*SbXyc&s;6_x_ z?OKwNi}mv_!K`#vK=0U0a(}1T*9NM(eBqMiZ9^EjOpulZ(5LRPhD%JuE4C%V4u`kG!DQl2LrI?PfpLOH#M3oBHa}(|JV!KLT1Cr<(IV(tJybp`nwj=Yhd$A(G0| zv$+NqG8Z}Mb0(mM;ElvTy55vP=xKXbNHLa~z5LRDA`~PeIxU5sZyaCV=A)`)yMT{w z|DE3d_iM(1H~)7~qAs8lvi~`5uJ-&2@WvGB3$46)R2MPO^jQi&CN*{8e$LYuUXYqM zfAM_G26#>KXgymMC(&= zasQQGDnG>w7*5?6fDL~v_RJl{2(MoK2TrH7L$bR029r-~aR;l65h=k0bzZ4f%^7 zNdx#e@V({#|KH0s9E4-tR-+|Powc&J+^%d6P;9RSS{Hb2S)4t>P8-&q1PPnlV4PKp zj2*p|=kc$ABK=Pr_PA7=g}$z>iKi7^Ee#vgvVmiD^}EA{hmA|l_F<>HQBU7c{8e3| z-usc}$-jkY1WeruJ9v$dsDe7vO)H&kjDdRQ_Q z#vcZlG&Vn>|4}o9s90#j<2C86gbxl3$GlKMzXMm?^6et5am^MjNzj`SG=NAU@+j8D z?)M>Ax|25tuUhAPG|j_hhl>X4z<@ty0hi5Zl^(3_ZNC%3t_-+2;bxE5GY;J*e1#f8 zCIPz)c8pS55VH5^fTgdf+_98Z|EAWu6_}x&BV>hd?|eTUE#VL(OsI-(7GN05Vek!% z_zw36&d0_0ZO|=vY1a@9=y^B%`JZ+9_LV}DX(muTG53w{X#Q9UxuR^6C-vYwKL}Ut zRg%B+Zs#|me#<22Rg;f?2ld{zr}RSd_S!PiE2^0z@MuD9#g*yod9z@tWs65MH>La0 zIKvtwii8Oq;9$~10rEaS{;E6P6u7?tmo?mCYMwrurm_l_I^jw1Tb*_4#X{9w=X{sw zOO30gd~tgTfpaH4LMyzJPPc-V)`=Ed5Vhd1OaXh#OLHgE0S~S4tD3oEC@e&OIejkh zr3(AgNKUY+&~#;LJv+g2-$znw(fC^e_{*CR3* zanm%T>GhUl38HFbJ++nWSf^t*0k_>%U9h;FK)1=ANMtgTM2y7lQR-r)7?VwdzW>4? z-d6S36uu%d2$R(Xjc}5*oq23pq~G!rB2}34Bl8kzs#EH=zcb|M$?fScd=Ql;2gGT; zq8K(W#SO4v=yTg>pFn?cnrt^S5}i5zsZ!e@ay)+)$Qd%H-nZh(yaRE+&~wvYpe4Zi z2JY9F0H}K=AQHj^p|D;E+AE%rJk>yLBa+wl(0MthVeCT8>(i&;m-0s|FXFq?o8n`nrq0q1M*EF@*sbI*7kRe{wYa)!LAtSlNJ!C1z+wIp zG3xFsJ2x)QH!i5&FkAU1!YE}5pv3(E9jBsct~|lI%K<<5VNWtQy#vK>M?0Pr9hu^1 zCoIx^r#8>Fa<<9Ple_b&LP3Wk6q!%O{ZEiV+(GpV$~dglNS(}?>dS|I_CtqamSm^N zXhe;9*KaXVwVrxCRi^0?=j5YDkTc2Sky)qknhF8MDYLnKAF=(ipMAEn@QN_H>LjXsIDZPX7~Yo;0BzNE_EZW~q_ z)0Z9)7;&oY@mm*;l{z^#Y=N|q&0twM#;#poGt?rN&xr33SFG`+L}un2hi9dtxE zF`5M0qaSgu&@xsO_{!%oCpbWOk1Bu}me7%`qqX>T?pqeeWMoidMj+BncexND7F3K^ z4-nyGw=Ss0oG(*zs%8Y55fRRwp}6*R+0%5}F42O@mgrQOKCP11-*Pf(=tvuf&aNil zWyK%nxO5PUcNW9bb#)Jl-`EaJ6#G#W`4KtJ1Wen$&y{NY?X`XWlc55F`(cZk#xIW< zrqPrZ*&U4ptOgjLai|E zIzGBjyJnHFypQ5;fV9^e^tIja>I%XR;`hKX|F!F1Y*)ZA48lRO->y|#$Kc682;WZFXn$<&~aC*jrNhosjB@2x0{anG{{ z?M+9Zg*lHFh#-xs)RY2ub(?^C(;p=yY0k9A`O>=h42G!`smdhD$r&;7DR#dpI}c2#_tv15Y-^rsD|v_Y)ScWzzH?~ z<@lbc``7@m3RnjCZ;5xw(xu0*`rJS27%JB`K+#V zAH!x}On%WP^3!=*pOM*5G)8`y`Yk@7MG}IhYU9GEoE3K~7!jdH0-MPYeezNeywm2@ zWZ5T)X-8Jj|6(_p-5bZDCtt@fHP@r-4&d4RCEoAstE{w%{IW8}Hib2%~8(V_3$>1ssR;O9!f8+Di9^>e|>2}6yLA(XIZPg2J~ zq+gSM%h7Me5cGgk0Pl+9}O5y z?1J);5xiHNY!EoJ^Qo<#(y>34qu2c_wwtAwrlW-5KwlH*F`IYg=8@8~;j_3-t{PH_lu>nhOy`+Bi)t;VB zMxJ}6RbDf3@6@L}?>cX9W?HDO9cP|$A>9tVS`OP}Bo)%f%60FLE|vDoHI#>D^8=Xi z*fl{$E%R%71LFd4lYP?rJF|W;_26G+5~7)>#U4_>QvJ5yU6asBhHY%3tp=tyYSH~q z0hVt5HR&t@*TR82?t@i8&(BqBt=@AogH219azOU6Qsq}JdlE}k6};Fbzy)5lyYwLs zN6sA2o>?8#r>j<=7FDS6pve0j!y}t5tq2Tk%vED)iEzY+{*Oo4pDpSA5@7smi}{Hb zUn8dexEw(<`IPX0M;^(G3#&g=vb!y(8R=ym{dnDj^k~@-mRrI8i^7xm6c*rfP|eiL z(sirf(oM>refY4XX(vbEfnSp>W+322ej<2vpywrhVym&@4VamezP;iEz!+3EwPS-4l&{? z?yU{wIew9)mu#{e<4Rusxs~8~x7L0-b5?^)SePT$kXVCeZVx_P`TFcO+m zU7Fb!E?$?vYZK5Pf>lLp{5}tO^E)0SU_a^cD|snNtXBL{y7m1t2jOL0xOMB?>6)!i z^Z5O+r~Gtc9R_JrLAfV;p+qa)L2xwS2=?1{Rbw|8JL}tP8LNLt-lfMkpy-hmEi|BFZGP7wvW|T~YRtL}$ zsHUtmm7`{y76HyBd^VRiKq)GA{}t^dYgBIpoQ$hZ){qf1Eyg}~Gy33e3>#2#Sgd!D{k94} z9#U&D6twm(s5bCS<9NMY6DK56i=YR_{j6y$e(+H0fEE2Bj2`9Ji=uJP(UfpkZ?4Dt zoD-gIg_i~n-XumeorMP;59$qR_6NFkUBl^L?HmZ2-8on~yjsbgK8+I3ZmqMF{VgMa z0nEk6)YXLaCeRK}kR#|d^yz|HPtqa~VX0r+x#3hg`@dDMipK1E1+)sV%Qa%K{!?LH| z{7hqdb|J6)>t$j|-v%KoDNCNGkds9*T|YEwlL-6h>VlVKQvpi28**Gj2iBN1BtMyc zNU=+BA#Va6O0>HKG2<#%rCza+x3gmu>nCm^y`_+`=raQJ?5D>-8uPy}%lgl(&P@s| z%@OmEE=>CEe1et&MV;kont}CDZ?d6LxxOC}{PVnN%^^20ci^u;HCqaNxxp@39ZCCc^ ziuXVMIfVcF$GuSL0GJW*Sfyx`5VzU?GrN~A{m2k;X-CRj3pC$Ve=DyZ(pJpp`JV)rRg84^#hvcboNj4ORZQ1JP;Z z8Dc@q63q?Olx-Hv15;9hcm@jV5oB9IR3f|OK~$6l*w5gBNXkH{nHeA9 zr60?AIY+$*WT?pz``iJqq6TnUjjn^(MjGvZUFH}^UUG;44WbX4k>~X#Ct9|6hYC@% zuxs`@R_`3}I=3@gy=7XDA$Dv#g)d-!Y{HsAe2KD6ES2K1XsI%isCS4HR+|l+6oC%7 zH<=ms&{na9j zYEgdkMBB?=%wM%7?Z^^4o>$Ph39&6ASXmZyNisSA>_)A-8yuOu3EUv#LQLx$+akk8PTjDx zB*@x!>BpNPIwtkLyU?Ys^vOqHdJ}Q~CT!hvJk9p^R%qLdolZ7~W5JwD+1k;_6)}`x zdy|ep{nEoIa*%MPoi@|AYCDGZ(2 zKBOV(BIZUFzce<{Z`pp~BPf0<;L+Rc5+-A6^wQm9V$TD7>)D2C)Ytt zaLV3w_C|wtxa8)MPwq?v5v=sNHUdSwOC0{!=+xT)X!H16LQgki4`$~uDJ^zy zy|*`SBYY+ym*zvs_P+-^6f6$$XiO{-7h7(d_>@*U7X7RHzPI=xwcTNJX+ZZE*twwh2<;P~mRi(A#B$rR3c*!Ku% zeDWl#zJH{vU?uLWwip5~oc|HnrEYp$BavciYpQE85KBB6O4f~bq9#4)h0x;J2V$wOWqp$!YJ^WNNf>A( z=`~45npul4q<=f`e?NXQvv!K*k1BW=NezDQd zuc8CaecX=9#O(yF)gG0hOooS+U=&e+-MsS|Hr=!IP^k3IHvWJJ!v2u8i}=r-o$W&b zDocYGr8hCax(OF4)<#03!aIn!hFc3Ffri|t>+fb1Qwl=qob;pKySGUAj@78xIqH#X zqHpNPwZAMiskDJR`lzk$riF-YIu-0ltUq{X!hndZ-~ zrh;Juo2~-gCv!J%mU7I$%6gFVDmi3GB@Gy(I%jVTmrytPR~>|@zY6Z5*Q)c^dkgyc zbqhI>$?045)KUL1YvBp4i2E5{ zX0;V>x3zH1sc6=J=cQ`ZsP47FC0!8XjImQHH*^B%Ic=UA7P3pwc5`3s3N2uC`)3Su zjw${=4t@9^dcHd%`6C*>S7D+Oa~AL3(2S|T+xqtSRFh1C-t?-k&1~!szTob7YxFe` zC$IjZh%LuLHu^zONo79ldG1)}^y+LAp6%wBCXYMV(tIBGyui)qpPHH9iI#7~!b{H7 zAHM;=s6*&Wg^$wv#it`Ix@@MsTA#g?|G-{f6yI(;c-7;GD(CoAnDCRcc)yist)bO! z?`ncbMD#?{O!%j)k5=$}v5xgHl#NZTLL$&Ww)u_EqkAc+;D;64{f(BiZg_J8jpi$lw+#d6QmZ}Gvt!1&nfGhP8*pnp0k3A#(0g8Hhoa|=BW zNmuq{6BJ6OoCa9}$bfWIRB=l;);=tk({N}S6xRl;-be~qyrgsF_`In#P&>9$JER_l z`w|0&iwfJeq)}KL@869R@Divw5W&fi1Fgl3Nfor=A_wPH-^&GC=a)juf5L660PAqU z%^lAEA@6rBnaNX{fW7QSEX zy1|;I+;k;2uhmat?tobmb3Lllyk3K(ZZGOQ6JLyJ!S04&#-TdbLF@NPMHZ-YQz z!zLP{ln)Dio->pt`9fF}z>FiKI_|A5`B{Te_bHp{RsAH=yxSgr&b`JmTeDxN=>v=dAgV;$Zqa3Z0qhGT7lQfCNjEZR=#ZXd zdfLp3guNCu=J$X}U$ts#)g6h`*TA|zPP_Rg{P9%ysX(C%r#F*^;z$mo4`R?{aG$}J zng~^3e0Z7tU7%6YTR>?Y{$|8`u!iEtzYPpW#UpFT4Y>@p3Gs2QQYNPA@6Q&Fxs|Lk ztb$z_qe>aFFbaj}>D5uGkIsYN}h z_3rJ&IUoE=-|>qMo89HY(`wYvMT<(9oEVbi^7r{WZT0R~!%C|i6H6RKHysIU&r;Dd z;Kx!mB7T2ddq}klJH!C3G)&TKVw9}wm%j`gydlaFfxRsXH+dzsU^>GcH@q zd9r+MnyJi*q%bI3%3eZHlF%H)7j*`Hkv)P|IX`ghxNwmQzvnM0vd!d`(P_ttdzDERsPsYl<6r zO~kI*MT9zT?b(0&2LVSsg!^7%iDD5}{y{!qP*iNZ9hX^~)ty99ObYWK-z1aw7<=$-;zslrxpuO@XXhOPdF zT%bYvdea^Y?t69W9S4f@(5SgOmH>xH`jqrp=wzVMw(p3~`nKg2Tng9EEo+D8{|9I9 z6%FU(eGf+x1Q8J}YLw_f^j@O(-pdd@dK%Q~8n<)AgTU2HvKdc>i~3P2 z%WB_wE<18PXB!lre{#*;hHSm0 zU|F-UX?mXHSUaiy}3?V#8}A0FDcAY=4T>GDUe$i2<|lS~=4%IAXzbDMW8BEM`pi@&|1C;0h0XdYnq z=?m2A7LLqsZ3j=`UPjK^7e{Mp#WH*w4ytmM&4WMv!2f09Uod@Z%h ziUz`DXr5*E-%{6R@?94`v^Z?gNhJD09{6=~&Y3#)tW)k*GN4Yt3<2Zl&KtMGZhvuZ zJo2)QlT31R(&_eV)9K{IYC$#sSC$&BLjQo<9wdfLB%ba%_$sXV}foL}SvsWcEK0|3qjUGI>{5?f*Q1;2vdwZ}0z5zH4 zwAa&RwEU|!C<|#$(bran1}5k`bmi-AQJq%634Ya~>Qe3g0VB_GsC+=eADQvAP*Sbu zD2D?HE?gxv$00*x{6^4gssFb(th6f2en)I#A}xmR!lbi5wmkG(3yn0U5?%<{w*s@WMvBmy< ziMyvEN5OEW*Fk?THWE8VUkr~YD}7#$^$hu=AJ;eaKFmBgw=&p7jX;d(oHF69w-1GUx~Qj#7?wP;a5M zzc?Mhldm13{|NIjZf3%CFk|R+4rsFx9@^v`kD*@f`9=MC&>2AcGf;Y3T}V*FSFxw16gR@zb!TnZDepJN{cY=0S$#R)O1n z)H@|>R|dT&74~Dz|{q6v84mdD1hOm_`ydS$8a|OqQ))xFpNY~z}m*zAyv$9hAz2bES8n9D6G68Awi|aoZ|lx1+V~$Td=0(`n9FTWWgmRUItq6NpB7>r$j6{a0uV zD8aNRt6n|<$3-FNm(fNb11EaC64s>k&~)R`RcmBsSjWXP;>>J5j|UE84FmI;qEBxh z7BEMLWdhon{|+wzlC_#uU>mZ$2#)6hx5Liw*Ix-VLESg87AS_#TExyYbXI)82dK1B zr-83to9h?3lqxQ=j<}dkke1~9gp)33X0B}qx{vW)-Ge8khdvHZJ^|6yd`t<`+!C_} zjmJupi2M+3nBHyb$kuXQ{&wy~$jLq9Y>9w}8DE#2-hk4IhIPTY*UM={6c#0nKq!#;LjUWxT-Rr4??2uPz z0C@^umRnu47*z3CgIeKBrY49C{`z0YfMUV zi+on~?)t?17-Svvcu|~w+bRKg|LMjm#Dk-wM_(7`)9bxD#*C$0=_M+0_Xt@Mtd$;9 z7yCQu8ikcKrmmH1`^<{;w>1S?SM|~y-|Nk4GZ=Habwis*4EOI}nJ9+cDvCjLQBwfX z6-JX=wCJZ&nZbc!>JdN0^+tdGRUDaW-@N|j_cV@}h4nM{uqI3Lmu!+34cEK_n|j;2 zyOsYW(cIX8C(IX|wKiJ&4`}&R^cYOvV8G@&u@h)xug?$Hjhjh0k>6;)AgVgsVK&hZf}ac1)^%JG&weKjOCr8yooiV>iF4 zv{%Sr4ej$y7$1N$4hK0~<~P5YM}05Nw+YJ??ut`hy%U?DQ+R!GQN^vV!B@MJIbdUI228i-`;av%3HuSSG zi&dNzKskKUs?gG-hmqLA6&n+S^mY3xBHrF9J9E)>)zc~LCJI$EIorFg8wU~1pu0}% zGr$VB-%g%wzS}U?XPxG{O6sw`P{Rekn$OjwX0PZIPKtPBIs>x27VhbJKX5(q5b3g+ zL0e#;YMX#bWt@7qy4&yBvuJzwzpgKJ)9=QzJzTCdz2ZcBA}#?+xzSMAtjmd*u9BXb z5m%IyBGHz99HD%K6{oAWSXLctzy@-tj>&Sh|24Gats)IdJ9B4G}@e|R7=0W91`{{{jA#(3!m!)a4pzrbJp)7ya z3sgj#&GP3LOP_XBZ&I-AjF-|6)10aDq}?_BURePWao~lB|8-dADCPIL4e%& zl{4DbUEdIIO8}7iQA7)$N!XzB8u(4ZxOse0LU%ADU1Dw|G^Yl;Y0Qo=^Rp7>~dbAI0{t{z=jxPn8~O?j)5__tI)d1K_gqxMa~w9jjjlCoMgL^{`t5R{o= zsJHFUR0ic}Z^fx{MuNt4$vVY9K~j0PoQs`h^<%sK%=4M~b_rZXfos7urdU0T4+Dn3 zCtOpY5iirWk#7-Tl>Mu+OcYq8jZs5kIk_4Yf{x#W76OST>Y^ELks{q7=_6=S=UZg< zSQ*_-S>YxZ8w*dyfxZ1&ZO$5@@hgQTtn=6*tq7IP~qxPY4AXyc_v8matZU<>cC>Km8 zuxNH+Ji;5fc%P)eJKvl3+oKj$h)(zqzL#7of3fiI-WGnj8V<3pK}ri#jgpJ+t?_o` zzj`%>?}I|-y?-dpkfv1M`s_0o$8y9L`?FV8dXFZ@n2MYVXR4Osx9!6H<~On)aF!13 z04IT$#MG+Says};KZ(O ztoe!rJaSxuRQR?Xbl^RK<}836wgt}t^%Q^AI*o)yo2e~V1iqtr8y$_evgWf4X!m7a zM_|0M`0_|dFq!;~@!nFr4b15r-?v!SiCQj1a(9Bl^CC{H^>&M7DFY5Mhl?aT7WlZp zd-q}5sz7P7*785`rLkPn*5a)gnIMSZ8TRgYD?%8j$S2f2q+2yFZuQgWc`Zg<|Z$_K)I7j z?e*PfgRTyYth*GTE^K*J{Onh-Xa$(Fz02QwE%n!%is@)TzO(zJJ8O$#0cZfBq-$+} zAhgy{8u_n^*;Kmn6DqGj(W9FdZhhX=5~anTo8z9dQEdjp6txBUyK&{BMNJC$?T;5H zMd^JvA|kHtF_*nl$r%m(7=IOo1t`srcOB-}@0GKhE_lkM1eZWFUM^cFpv?u}rr{6l zK4Lw^Pb-x#pedOz-#zJyh#o9qLFP;%?&_A06>N18(?Qgf=bd`v;s+1zD0A&K zEc_Y+U7Y%&rVI9LE(2fz)r+mT44@J@XPlAr&j{sBv>E!#fNOe|ray%>T32|1`yYfX zO93#3+zviFr$c=~)rC)P8qQ~%4fD)%{VzL)I|0VM50;TD@a_GhhB*_-IML4|&dtzP z*SC9=9a7I!XUu6!ei;2?Pf=bf5vFs;hB1P?q+^NO6Nx)ckq?e*KK1Crz9Vb$)=V{_ z)p88hWp!m;%J39g#1?Q5)OEgH9TS~uRRRfuE)OW5?pq~^{KZv=nv?;p3?lc{>MA^Y zgUd?q@RE{#`Rq_)0^?RU;kxaHLz z22Hu_bBUj1-@sm>FlGoqUBAjXr?-}9X~*gPh!mkJ9jwe&!cb6Q;tq2I80_rcmukX0l(eSnKr&BW^9W9$qKX3*F8f%BX7RE z!00(BPf+fn{AC@oi`F~uIAFocw%AOgCVYR!*zK(pFU%}F%Z*AWI&R?GHE@u5_D5~& zTP(3wa1+OOU4cNJfJ*uo&H$R5kk`vC9&$)gb5bL+);AR*OTUcC#EpClyT}{iUH~Oc z1;4v=MW9N79+S-^{0(QdKwjrT*Z|SpyTU=PUb}Xc8CloGHek`A7;{zfB|o1bzFBr| zz`_IOzIl&FZp#Om0j07pzWkDKpa7C;YqOHmiw6JyA~s%28Z4bQ6PfvL^Li`h!4%`2sT?5QSD*0BeG)>hsD1N%l-l&q{L1o0$+&lO z{=0hNUj75toiD%Q7R!kK%e%n67L$;O|H|ko91iV$3GJh?s)t&ox&O-Ofy~t&F}i`k z!g1I#cVO}~j*|lL#X0p;U3T#^8D@Y5$VL7Xv8X3wHo`K5keb<%_L+?ZH|^z|Fl~F? zF&%%Ur2R(DGM6ct^+`wYHF8l=FL(+_xz}snjAGN+L@{X%6k6!x&CK9zCpVkDg0`EF z&QFWB-a>(AT~264J3@`lN21Bz4&6J*FX|?`Mhih!Zw9|Nu#HB;zy7=w%_|;#e&Ey4 zG{U@+Fa z=~r2ZzbjFIC+;o6c`@ZTbT{kzcO4vAZ2h`7eUqqdG!h?X zt&d|j;tqzBBbg{OU|JPEv&`A(u}v!T?sg?*uEg8@e&xfLnH^a@n`D-r??lEU(FDw`vF!+e%TfZ=ZR3J+c z_0y#7luRgdhd_+>90D74ATV#3`LLRBn;BADu9C$QaO(}%iw41N)X}3K9FPJeN2>#@ zGVEp(_o@&#P1LE2<*l>jz!6Ott%9up(tBRU({9|`hXzK|wu$!10$#d6xD52#W?2gH z0;fJ00-a_QoMuW%b>8a+DXyH6>P=6v%QU8eAN)lp~ds^DlE#6JKf+o!dfda*+k z(#93|hShgFelDq`*z8?Bn5o9Lw?|B1!16@w;8-|uBepsA@J#Znv%8# zqak}t*&t)jaQTrDywXkCJ4Nd2-*+yfvot`(+!DC(LT+(aJos1F24n>+5)QO&4vmy{-y|tdi z`b$U$LOzP!g2sK>uqvB~n}~L$@tFE@y93WdzcA=|(cz#NX0d2$xo05qVtj9#bQ|16 zASG9Qr`t+@XJLek*NV9^0eZq2j&_p7>kSUy)Q+60PB*{5Re=DekD$f{o6H_5MmJfT zR)kGj?;CF&Hc+)@Ua&@%e^Ap{!_;rCS>@ztuJ6XpZ9x~}<2#zo=Rz}ZJ?9xZjgYBY zEhA42&!b76`-e#XEaZMWUi>hAyfdJLPtsmo177ab)ZY-3-SCalzLCbsMR!JWN;LJL z{FKB#{zBFGoOUhYLzU@G!hTrSa11oXH?c-fqnBD_VaGZuSNJ||s`tSZY!z&gcssGX zwX8Cq5Wf(dR)n%XM=Byk>Ubx%&W3bc&-H9>?FR;HIWB^=<) zP1I<=!*L$n@!pHJpAKNp?qG}LKJAGHU2oB*JSldb#?n7%p@o1|eFbk;7$D|4Z2=$+ zV>*34(k@l~hEfk76zcooXMg7sg829g51Wy z+&Kq##t$@`dm>{mnyPLs`mm}I%bSQVl1sCdE@`@lKDM0E{$c;Ub%d!`kb_)v>{Sja z+=(`?u;0(e^7|@lN*?2rl5|rt9h!Gx>(4@SzNM(nnG}s{%yV9b4*jG1uKl$OV*dEx z5iwR|JjUWb(`VO$Mif0R{2#Np85mw=S}fj$etUM-&P>XW7F5<8TkN!EC(pHms8Yt= zXm$hUgq`Hcd>K)+?|2TQ&iP#VA+x8;utL1Aad@&4RI+>Q+*LyYU*#pVmje`AYMaWj z3rr}b#Wl@xW;#y|bbBr`00*q-&H(bTJ`S_JKNoP+O&G@B53jy=^Q|BK%_VxOw2T3C zFS|Y7XTU^tOo}#qYl-d4fcL`V#B>HW3{`WPsecXdg7S~N&vK7lHb2vp16$LiZcVM? z1)XekdyVv#^_k#43q?-D7>SJHM;ULNraglV5uaBVhNl89Pk<9o#T0nQi{EecJwjAlJ;~LjDT9e<7NXY0qboHkZyTmVj z{P8!Gei|8?pHv2j9CWT~`=C#7svH`}V~KS$Nm%LnkGH@>u|e*+_hxNa2O*h$tpK;28T+6R;YG>qtD z+0RB&@tHXS=p|bJQn*Nb6xk>iuaPv`jthTZ+sCvDgH^eH-r%L98>7tfxcM3Id+l*p zk3K)K^uYyc5Tns{L2)*yQ1x|M_5zljbA2xJ|KG#k&Ebh3(LDu@Xy0ar?c1BNQ!jZm zRXOB$qVER@v@4Ci_ywfl+UAZhPX^>uHZ6+1Z_uczB&G%JW(3t7b~trseJ_wXpYEdf z5H?YEw91$Yzr*%1AYTj^2z-oM@{2mwOd7JR0 zPsn48yTl6yYQpf-&t}-;iF}(;|EV@+u*mYRKwFG$^efRk>`>?06TQ?VvUYB)P2gWl zlq;$KtD{vOQ#X=|0vP4{5poUgqqkViXJ%vDTmRSh~Uj@*CEO^Mr1 zJDw=7tyVR+16=vzsuAc*3}0elfMyduAJ(0{=n~vQ7Xs3GAj>mNUbw)!sCw$3#Gd99 zmy%P`7fq%*X$!)KgA1d@ziP;EZU!_{rX>=56-iU^d(n|0m%`Jq0EbUcH*c_893uO(|l=lw@hzA2= zg)Yhakd0Gf~UVa*$iyN35jq7GuLgGTh|bSOp4!xSHlR0aOG)5 zn8=Bq;!t>Z?60zYe~wJ(`QVj2&rKtAmFv@qR>i97=6V1A`L9#=sLb8nT`oA>%&fMe za;9m${>L|u2A^8}MM4cb&)w@$k3ZMecLImSb?k|byYfq^=|TX_$|p?)-qIbPUugfT z%OprA6374J+H11dX?yP;g23u~F}3oA(*G5s{k$0|nK@(`@)EBb0rKrLuZ?i+ScS`u z$RFfuE4u#0FkbPlG*~oXZiMEQO}&` z>{9xoz!AJ4!Q4asK%JUM9YQnLOv77#XZ)C!J?+|@&0vZ2(M}Zd^Vz$^08>$ZmD*@m zgzc%uFOIbiaJA^JzTmV@HT90hkk6>9Pkg_o*AHUX6vC(H+HZ0OUUGdq9G*5_!)!#r z`QdP578VPs%z}?@fG)g2W=fwimo=r2IyAFW@hz<9k~RWh%kmmaq8AhWdKP#4Uwkn@ ze17dx5sG6jTN1x<}i0|g70H_5mRX9YhXfDC+bmMvT0>z;6iN1jmasLNC%)@Nh{+=E2EC-?@<@k*Xf7MXJWp? z@S%VPHsFuXpR}aA$d;an+X&QHwzS&W;IP$^&~Oc^T}BcZOm~J$Ra7jSXVrQVm8H&) zdIm63OHx)MewXf`W!KzKzu0X*B=wvrvoU>@bEAICf4dbN2kA5)A*(SsB!I;En(I%c zAn3SfQ446{RDU`3G9da%bN09QNuMEabc(jh`eS(N*R$@AzfkBF-71PFzt3RkP>v6# zsI02jPt_vTL-3|V`v{(BoG)nlEIrGdlA{w7am9b46~dOqXY#k)KxQCqk_#gfW^Y2I zaf&$q6DsR5w_YPC{KLTReXVlWr_FC_XCW+tEyvT7uwp&M#Tu?$1zwAh>O{WIQq;zI z(~7q-PxLYYWn3++*_8X0M(2V^O-Hb~(NHhfm%Vs~xucIEKU=a3Bs}Pw54TP!hZ_7} z6qBaG5sfF*%{dgG@D9kBBLKI-K7m@n`Ai@V^1H_LL#!)C4^Hx1nDU>A3atUs0S(6m zR`%v;>TG>GU}=8pM!OZ$C+|Wzr|-1T%o7Kp3#$&34Vl|aoAqu-wnKy$&02c2oJe9X zo8!tMNXulbetJoS)z$-Ch|GlD4=iken8Qy#nglXtv`i@C@#|Zg;Uj>Zyyqru;PqijLOWrOF^7csI#Q059q8r(~xn?i+j#1r1Z~-qiSa>7uWie z43!9IrYkkF4?Vs7&wPE9j>KNJ9+R3mHU(>1VmHV;@-4I&nSV4n_U5`HUK@RTk*zXZ zu6*$GVR%4u9EY2yk$zZbGfe*s-n6_=7=&RBJ)YRxa~C=KWz{u^wR zb>;FzR0;d%Rw$)fAFHR(i=35D-yt<(@JN$FNw!<341salf#`1KtuqdOdjSKw>`Wwn zw=%_^wEIpv5y5^WlhP`bB zrXqVVA+)3>gZAKeP6q-VJM_!?Q)L7|)&}oSjX}|u6wN*FiW)S`1`w)8K=X8i^38~% zG1ZTvv-8cvj9HB3?l(L9@iUAIU#FG;huRKT_ksj+Ae~(OSFnry8ILXhK?Yk{kLcKb z1cgHE`6x4HPNP>QPr_prc?UjFO!P-WQxnJbTyQSN>xWnwO)X28kRI|Mf>x)_FA|HZ z!-m||jyio$RBgbDL27}ozTpVjJg?G!?uT_TR?-_ng2X7Cb#~V`JJ{r&&YVJuYBKKtqa<1rAU!#-d}EU%4Z_91w$QE!XQ9Z{zp_2| zpdaX0Un+M{?QBo8k#}+jcd(&O=EQ|VZsR#};&Yd(GNXH%CkFG8d!L_<)>}_HWEb(` zZ7Bc@NTHN9=Hp>g%8+EFB$(V$W875OXh8oD8J8Q4+5?9j&SLT2ZQq~#CnDSfWmpfx z8JRns@3V?QzZq*Is*Id3X!1}-9?vAqmCR~pFQ9QJ4Bu6L_tvNmrj2>eIzX6fHPwl* z%k`IfiIbm{F@XJv_zw?SG93|G=tPT$Gt4qz6E4cX>ol~J0SOfR!IhN3EMYs)l(&uV z9ko80L_R>eE&o&bT^xxn91fPSHQlS$a8^RzO#V0>Jpq&6+`Rcmw!G5#&YQ(eFZvWFXHK04WPA$Jvn$?MLW57wd=4B4ED<^sa$qT ze}n0L57-tQ8B?|7I%J)UTaa5#oAz@tp7qQm-V&mC=Q^S1mFyAh;Bd4N9PEB3>QJK4 zt{RyvFj5$)V9k`hTah-cDx%TUH#hX85O)|=j6}Yudw1Z#s>%x9Yu`kTnA&Zv{8Z;W zTpxS|T`kPfqo{~V!)vx#|LmL}=RhTNGkE!};+n&@tWA zE_%~gWc{L?*bRR2i_AU;R`gNdUHOw0D!$56SZF0jrd)wQjxjG zotZM@Rqai~vuO;X0M9y@^k01_*hDile=)zt0gT#Y1~2RGjp}Axu&_Mgn!Fx;CMw+z zj8=cSmufKafjc%}Z1ez~1Ss9qg*jF%Z6vz)#(Jf9Kc!kmF2RZBaMac=|1^Kjb>gLS)9ABexc$5ma!JCHiCD$aW=VRW)Nj3}c!V^kNUYkfmQ9&0DL znvlKW?H3y&8Osh|ZPM0Kk+wPLp#5kdP~WWI#*Hc>ciZ_iAl{F8R-S!bSTgjy!qnNh z76h)HNDqkHl8)4NwvfhfP5Rk12lt>Y`3xN2mgje?EpB8iicg0875E{Tv#2OuvAuWm@p`rMYykKZjO7;82GvgD2FO#L8Bh5ykSb+gc8g%ZquU6QMdNO-K#Hp~8 zqhnFwb2eqcE)0e0v#Zu2n0N24om8+_lu+$1Drb^1@|qJ|+*{UPpHDS-g-Y1t(>;+7 zWzHCPf6keklbOe5O2fcUdF%R%;ziCWpVz^lM`6(dy8(9YRcPjPk2mM(6AHJHUM^Oo z*_Xq#c_2?)4VFVm#O$_>$Wt>&pw>EsA-qY%IMqHv!7=Gt;h=6+EH-{Nw3+^-MaVN* zhH%zFc{BykqaML)SF_jP)V;kSJY8fEGQpU2Sn4l}t`Z$1;f_$LTlPzJ9#2t8J{oiw zd#DS))5w{M%Vli}T>0qE>X+8o&z09QW^_LinXK=HNQsPQw)*i1{#W+pqP`T?vo4{h zB#g)lvUH67)Hn{Pk@(Wz=lmLc53yxctGs|)W{Xu;D+Rn%g-pDzq`IfI(!x?}kURR- z?oA1~!~ju24D_(;m1uG{&j;XJb#CF~jD#TjQ7JzI^6p-_p$6jEDR03hGo>qu`QYHX z56)_8_7;FmvHG+L2fvD3N-t-A&f_!oCb;!jM%xIo@XMK7xM|cuVZT-$fJ5vjZ*^P5 zF#6Tv)x>PKLnd~+fVutqgPSp{{rUk%FVCz!bMNwk_Y9El33RE`u%{LDfo0au)EN=& zRNqA(77P5dthH$M$B*d^DV_DbAmXt8A2Z%Hik^qaJGH?2~h?d9TcLL}c1&V-S1s*=jp!jLj}!QzmN0eVq zYeMYMUyCArlV)=Re|kj;*4E+B!M?@H^R~85eT}EJx|=zfy}^7>c%%I{b$wRSh=>1p zo6GsNJFXPz`!|imL6SPglj;>xW8#3Ka@bKH1)a|l67bgBMN!ieY-6~ht$!2NDPlb& zy7e&i#%T|o-MB&~AzaDm*xaVdjdS4td^*RERw5+BT^Zdi4wkJAcgb{8@n%f*f83@n zzfy%^S0b~jHm-*% z)6e$h6>@OYt4wZfG97s2L74-x9Shc&riIrvdJ0UxpQNgUtdo~%YRhORG+h4v^)*Mw z`$7Pd_@-H}l_X)~e25tdc$TWK77pu`xo2!M`t;K$M}mhp7kg8dh4#r)bE>eISBn>9 zsTlh(nF^=IPyy9f9;E1&^V6 zP&UT#WAeKMoRtdckmBkqFGx58f z4QiqBQhBZ~lyRilvWOs0Evjyubu!0AxeuD!dI;%FNXX-bWHUF!Q^m2}o=+uihc6y# z-UT@2wWaTNZvtXB|3b};6=fyy;X?@^StgL{(4PmA8&ad7)J>XH;c|=lXyZ!gc#I8xjeerB_k}1 z5$*?2#)`)G-fw(X!e7@pvW;J8tm6 zB*VuvnXP-6aRQIY4*~F>AHt;p8&tI=eyFTu&mEmx1ADsu&?7E>vDviT7-*+CbHGm` zE3Da32PPj-9I~d>XIeS(M^(BcZiyBiVT@rWkgaVNH_?`NlBonx%>+7GSRb}x%$jv4 z6xcCV)1TtoA{1ruH}j?a!%Y*(+jC%U2P@h)r#N{d=cgEPIi?eWFVLzJo;Mcwr-@Y1 z4thK%7T|K(;?vCoS) zEPzeIc+p{?h;`K6cs}>s5svy*3^xA12oTKH@g7bfEq6*|=g*0zt!}^t+95={N;xv9 z7F)?*a@8fzB`wi>e48@B*x%2fQoo0H$hUcHuQ`m7utR(o*fw*4ssH`+LgyUCsA5Bk zwwLXP+pg``<02*s9^hF&RcRUbIjD*n)jXo{k%6pT_)`@ z$@f5wW+_G1D{|(nhJiE&CIgP$wcpdHVNY~)UH^tBu&q!jvgUv7&maP!s}!hcM(IKmho&1kgy!$NK9FDNJz?G*hiS64T z-Z{VB_sG4;? zha@XwE$B{meJ=TGm0h701LP*8##R@Y)sFPMrB3rvNQ1w4YElFsl9(@^^?tiSzI{nz z$5d}KvTDu{L{ZR^BCX_bc}VBbc;F#5|G9oD^u-&7izw}+`7alkn7O7O2Hf%GT2F{F zljEO2dxBO2DZdJ7$P5!)8nQ1DSH(95h z6mI$=#JX#~`8G3VRMcXYOGocJ2m==1s<4-E6=&6^&Z5pM(Ya3YfM+oC7SXvTDlSK3;kH z?kM$-edw_M+^ytJ_m33BXa-?zYoQyA*WOAD}IS*I}`0J1epjjx6uxx1pgN1U*N6> zrNn*v(iVYqe0W-HR%fPGPM5MR(5^oAqe)v>6#wL&LVj&=>UR*|69RD)@GV1PY*grq z7NqYt#j|esQOg2bZFrZZjHJcMZWkzvs>73(q#1dhps!GLNMV22kv!&4{T-q^gU)6R zY=X+>Zg0%lV3b%~&6z{$ehsDV%{qQ_Y1QwG_C6noQ2N>$;V$#1L9!(x4GW#W;ZO!@ zvkU=t>b*CHq)!WE+du6E4T#2%T!$z8FQJt|=6Il)v>%30mkU9J>z^1e!Y%>&&6y(3 zx`Lyqw_>?Lf!3Le9tK##5KOfph**hvhypBI{n z3fl%nZ%euJ!JYQI@g0TS#-=sB(T(5mX&Oi5v%pyx+T$X_qu^*H=R?WYz1}kOEoZbs zy#>Fm+t?_XjZ@`%gRO?hIYergcDn4xtAU805xMTtYn_5jTTMdJ~MsaV&ps4hAChE4?#T zn~MN;p}^BRy6x1k%BZoGjVoK<^EsclwdNA;phgcvjKp|v^JVHK=CF-Sj4-YjALOFh z1+nZt{}46l`iN;GZn713J&%Vd-6Ph{8R?C*pOT4*<1VO60-WaNkgZ*&%F;+U4r( zc8%CVcgMTj#2?tHfZJ2T4x(=%KZ{@r+E@Yzw6!z-x5h5S#fG9y;@-Z=tbU~&$5FtDv@ zl4I`sKDE1Xo^ITD&4>R`MY%4$t=(8OITE-83-h2&o1RHz4m_ecFyxXH34An1VRor3 zvImr!IYB(?mK{?)JL|W-?sZ~w@6x(-F#j=&B15^9&ucm%G$Iw)PCBekcDGjX_`xC|T!8g}ZoI#?Y{!Q7Gw5ArhaQqZ47g@mL&5ferNc&e@D2|3xfd{rx5XA} zmI;!pK7@bPS;NFIsE#nSZ>G7Cujz@NDL48(BeX34BRJ;T4Ee-WPPTaJwTn1EFDb}E zFNq&e#X37LZ)rgD$(?J#n~{?zc@QZF;WC8qS(^ZKOsZ~QK&gGB1-v(SLO7pvcO&om zA&|l;_CvVeR{hxHhwR96kd6d-IK2e4ik*3l+F|E|+dps|i`v;Nznsnda2%&SyNUQ9 zOo%)5D3mNRzpxiX8O|#u)lb^4QB82gec~$-hQ>xW8XG_I(X}V1L`_V=c>EW&f33WA zfb-FcM|a@>1Vo88n%ESoE>`IK73wp45z|p4u?MKF3Fuani0;+P6*e@wfU7>-0vpQ4 z&?EOU?sMUBw$t6xwV^`&aKqU)Si>}sDb~09u)KKY3H&--V;Vfl>zzjm^#AD(uy-z> z4OC?}Bc{NztG0VKn-^n*ScP+VIaQlK=BfC8{myitXzRd(cTM=0KXC3@*i~tojKHL$ z*pJrZ>1Z#9x*nEd=iM#8e|^)%=arkmVnxQp1HSKxBHILx@pg07$pi2i@6Gc&Wq)wV zhYKoL6+vV`nu!q-%6yU01%KH!n)g=M@I_NDEA993RuTf{JUbs88l|$Xi{Hi=l&he@ z5ni(R0nx@g-)@er(;T<9^`^TyMkLN~ffupuY0=upK7VJfG+s0e*jE38!6Dri8U~aK z{r*kC&O2d;Md##)RtFn{DG{485qAz2AyV!?aMl#<(s+OG;(|?coN?Cj{sAFf8N6}P z6~*n8-AR)@`s68+3kx~@vQI;)W-q+wR7&%+)SdfhNzLES-^}HHy$gnsaINC7*uKrt%sh?9JY8jR;dXr!d-6YjqsQK9 z%0bm=U>p_>bb=_InS1fPiD|eD4T@6p@xEygVy1;JtXAI~QL?Zex}2Kyqpb}U3QT^i zrv=*{Q4rP~Wsm6LFEgbgKWrM09owzT)R(vI&}cZ^O7|NU0qq{;IW*RpapjU=9)}G} z-$4T98O`w5Fhwc(8`$#qXj7jbdh8kmrqi5vol>wAH)t^@AqQdpHRX#q5qR!`(4m)H zpJOhqYTKNU)?&_n@MP;Fb^x7T}U=g=Se{`|aGAH(M_ z8*bcMR+j4PpRW5afL*TGM69L;0KAcb+Pb*(UTa>di(qU zWN8o^Qc#vmw`q;{(HiFFKUabOeYyRUvH#y!&i_={{(Xb~IR5X4KXCrPziJWBGvq54 zalDH0JafZZELx%Qu`X3F-VE0c#uvwY3E8(tq4di$$7v_><7&~V)Az)FpP>ostl!x) zujb|NeZ@NOJ+#%IKAMvs-sv&UoU8+ca5Ju4SAOU57bOd^(AKdf(q;wL0|*jbynFMb z7F~z?7mu#y7ZaM;4;m>zEgKwx2lABfGP(;l~h| zrb@bpb$f&_|DlXgKBG;@=I|J?x20+ zYQ?NzDc8059Q{~W@G!U9;ze#@n_#QVMI^l@I-qfzdDk%KtLoje|F1z{H-L(9)q@&>Zjm~88{1|UWTo47%6#C5A z0ai3(yGja;vr9HGM#@RUzxp4t#^X0e-xKUzW5eU~5=xow)-XpZlAsg8R*fr%30%Vj zPIHKj(EAO`j`ryB*6cS%$Tlu$UQoT@N7QT<0dA+uYxS|`U-qu2DhZlpLv$}}7@fgU z-i-lMg9M4Udk`eFg?n4s|LD7Z&_bZ=d)J6YA`Z){r@^Y8lKl(IwIuE4osuvfORA@i zCH_DipQVlz0ar|#MCc%wM~l#7DZdfb^RFucoIXe!{dlrDOYD2hFCo`yx%)4U)Bf!$ zH?z{n$bJ?!S#C=IioDZL`j~Z4GxHN#^K#jTIL`dj+C$oB{3F()AQfy@abMZ0#;?YM z@n7e2IEZYg<0_)Ydfvk3R+T?g)WOwE6-E=O5v&#UErw+*YiO~;GQ@pIhH*bnA@?2mYVwI1h3AWvCJ z!)}ue$K2{S@v3%r19Vs&t~>J^GpM|z8#yrmUV;O+SKVp#weKRGePnn4$XEBbSZTXf zIUv;mWwk=Q(RZbjS~#ll5Ti_Mks(x92M>Y_HIrJvBZ6JI2uVp5>U`z4LyTO)OyhM2-SiUIY8Cu^9suaY{m?!7N}Ohq!(ew!xt z$!#Bu${t2cZb)-x{I`pohyUJjlQW<{Cq6NH{2ST~E%1AvWQnIVZt4Vs74ySrhCfg#TY-cQ`W^Z%TFajsVbbIsms*IM6Idu{Nr+v`|L>6_SyLCPWG=QZJf zyixBh`Dfx*KmVH1j9#108RC^PQIBEkl!&z`t)AkxZvZQ}=5ENHKaXQK=b)pFMwyyX z{PG!c*`Vf^G|zY~l0VcbpMm_@8!9o+h>!T0J21Ak=0+Z00VJ5u$5ww$B!3XTi6cHEr8L#F+>O zw{lr3XKy3A_wE~7tTrFbLe}D3&PP{w2@KVF=V;mm|Bl!|MiuxL zhkj3P*1v@LTRiX_(VAI!<85)DHG;2`jm9Ox4QJ?uV|aTgrBS|L$q?@2n6>;uP3FFc zH!pq8B1Ma{h+)&Yt=exG=%$WdES>e}($pd*5J|l4YOCY0exVpe>%U~H%(ms3URSvV z#$}WQRF>kK&yP1?pR0O&)%-*~B6XsX;@*1_lutITrY|tA*)wLk(`bxmuQ<3rc@&64 zOEywdAfp?s3XfL!HKJoRL8)sRowwJ?i?iSNTF1;H5!g!OGQ=#S>w>qIlM*VvM`TYd zu;2w(gFvIgt1K(zj|z02S$*FS)Hy-6gO}d7b^Xj6CKyQj9?&<`Jb{dCQXXF z!Rk&ktM&Rcf`Em^e90*b>nyC^G(&fa`?tu#+eR(=%yOc5)Qy>BK@Zq5nR}I4RdAAc zZfTI#Ags3pE(W9%9lC&fR}8!!kK z-bNI&*aX353^JIiVyN>+q<@o6SOp;udDP+{^7hQ{o}|cOg^n{@;oqjEM#KW)3lHH^ zZST7#%`NK6TOzxEvVI%2UjP0VyWqE*#yeg+$|Jf9w#)npk8_VUANfp9-coNFi9q!B zjcro=VH;d%a^l zWBV(vwqqmhv&YLqs`ZySz&i@* z#$3dcX}6G$Xic2w!0#9o)XbM-U3@5UTGJEf>naixOZH~OA>+whOHY1hCM2Kp4Bb&0 zx*ZHj^J35PQy?yhU54rSjgDtWKx2iz>*erfHYHpZmT6fzeV3J_aW+zX`yiACWa3)C zbHVZqJoesu?lif~FpWyk?t9E;_uwv!eOH-W4qMRL%{e@FC{G)ir-{fh6fi(bd>uSP z%+l<*FdW;kl%8(bryZuXSdp)^|5cVk_2X^kmbVnsozCfcT(wd(wIBBghV7y0K9^ll zC2@kRq7o(L<8PTAAHf3?{595YX=FSE<0OxSrnEjh{w`oe8dtN0XQ}OMiJN^4xZizs z|9FX}pEe>ZpRU|msJa=`71{HhO~zR!T&XCl4{y#FJK2KjNmLfc4BP_mq|)u1YwfF% z59@rtv{D*iqW10!9Ur-CUQIo6PM|;E;ziU*_*g$QiL1_kejviG_9?4ydUwJh`8UZ5 z4~?5nb#-ECtW;!X2V`ID<4#~H9^L6YTaaB!E*AnLQrl97>VE$@O>_@Nv*X*6pPKU2 zeJL%X(!WbRjqN6gS!pfHbONwc@Ud}n1g%THccWDog?@(|=tHP7{zYD`Rr#gn`FAmjT5@iEU1;l5qbGiGW%1f35dG?XR-`)zMooJo1 zb^V!+<2OUJSIR#R@hWhU6a%YsIwGUJz`P1${c&fhu(rko;>i;dXOvL}){DB+ho^&H zO1Cu9of_N#FHnN*b;K<33d5%AlDY9dakjGzKG+P4eVYVP<9)iy>Kn22{E+^e+KN|0 zGSzfP>v`*jSNYds4m%tvt3S>c>IglJ$ve)FT%D!p)5IST?H*tm@D%s}2Z@f;15aCX ze$!GgQ5PEUkgUtSb7*7=v|6A|`|_BZMyNt9q+yoQ?Mcpe9}sBii#voQ?q^eJG{=W# zpLf-7G!b~L41;?eea9UGpJMob!6cz^YNv?;cN0kd+GUa`vJrjwp+uAag`&(wx~Xwl zl_om;n?-6p9+bFQy_{&%a3!v!@{yO*Lvs6L!7(Qw62m3>O>W-a@tXP?X*LDi=Yhri zXk4P~hlw}cIuuHH1cn!YcU#MF?kDS~$LY>9fI-sS{J5IpI~u3N=#+O~sA!zBfPKWG z;YsYlc*tj=T8w=+zA(|t%EuO#!WubzuY;%YH!L7}=cd}wN8jrKA25ltOIYrFD*5` z7L|UxJ3(7sl7nm(d|ebXi3dA-FP8+l_|;ZNBINF#1jy~Z$~%_UpUNNQaXUyoWmMUv z_|*QPdyF;c$YlQo`x>avw(%A}bG!*+AMG`4Ex^2NRvYi#0HI%%(|ifsyU^lCqS*0@ zx~J_yt>||jOUlfVgzY#5OB#hNBk&4a1tCI?&pOk^rJ^B)0HSq4IzW` zh+e}jW;<`Lhz+#DX8KN-Y+a#UT5+(QWC^6~W)jtE;>|w-t*mCg{TSz9A=oO`Im6A) zururjRH~!(dyx$?a=ZP0JuYL^s@_qu_Zm61P~VB1Pe%4BK}*EjLBEL1xPH9uzv{;X zc4xC!O)ClPXWO=s1N+(yEU_yE@v&M>{55n3_wGM8t>oDlRyaFQ;TY*jVz8 z*^?q1T&-Lg+dx*^(vrn^!aoY(`snVjJlYLYqYUSqASyk3hjTh%@ZBS1<Fq*BSuv)GXg-4R7Ji+Q0Y8?Ch*E9`jtuIc5Pltc8 z!^y?=XEilGkO#X&EoQJaY+p&q`^koxgq^d#GB|vA!{bIn`B`$(H~?CsFe!GU<>`ji zGm7tC*rl=aKfM*L@B~pl2tzZZ%!{wRrn8rtQ;Io;H#uRSwVTfL*N2#Y92(-0URwMJ zrwt~wK409(^esFf#*Q^9+GGuR^%<342$YQSnX#_S_A1-y--|I2es;CMEBSbM>C5dchNuIRAC$w`)B)S(B$ z@^x@Z??ztYUu3nAlv zEoB#H<7w8qlEPRGpX-Yk;)iWZ(SglMDr=mnR-6cvrriVJk9XF{ zY;GMgA%6ORMnr@qek*qb-HnV{gV)MC4vp*3oIE!c`b)ztpj21q$UW9oTTW4<72&&` z^9)oM$xZJd|5)D1^<#Qf^RH*wly479ZLo-y-LnX9A*Sigt0dJn57cG6-@Q_$CpcgM6$Ez;nfQ`VEZ_-@{A@;>)5lF!COxQ`jeh6Zhs#!@qdW9wFTAnCGRzuDg{OeTRm zPZpjbupJN1v&%fC!cCmwwO|UNu5P;_NS?EW$lz-0{~) zuoP;|!5c%sZQ%vePKA%ZIM z5V>!DE!Rx|GiROthnIfMK-syCS6gOXD-+@x%xBTVX|p3u)eU)yMAFXlh9Ab0a48+1 z{jrG-dyNmQvoCDV)aV87O8q)LpVx#9Hcefcprs|{u+16CXNEqS&}okXM&v6Ks(S2X zwdrEAlM@cJXD8HY=kW6?byrpT#`rY5C5n^u{5e0%sm_3&?DJoJt@0hT(Z@}14s@4r z`fP3WGyasq0+oGR8mr%(Xs*MDIh^~Q`{z9fdm@A~%alhCrdtnL8O9Ud@YuQyP{{v( zV70xX<^Q6A_dlr_JP4cJmg&=<@zQOybC(k9=^i=hAWmPVBi)39cU{x!i0v{+r58}@VB$t> z(Z+Z`X@Vd09Wr5>{uMF)J9ycGhFe#Zgm{CeSP;djr6~ddYe5D1xgJ%@7`<))oaD9N z!fxphhJL9o7^h@2v1{|ZC1*j^)jtx|#|o^H^o?r|05c7;T?amPw&vzM|2=)kzUK$e z;@GzN4*jTIihj^Hp~9S2|o!OywvddYjr|$iUEEV});mtW%1{AuZ37 zg;`fL;<6HNyM_9N8oyncrhs7UOo|BLj<75Qj21}ubN<*a4h{}s_=PK--bTR#X70yi zzH!Jsa?s|3G8VohYIk+vHILqV)A)O4-LK|xnk^m*O^Tv!qs@U}(wq%A8x!6d;Ax+d zOyLp{8O@YF-*~Z)f=!Vo^4XTD2O!w%E9F9deIiKm)Edm);JSxR`Lo?RjQYd?+ry7m_(^v8b zthz{Xq}~))bZ4j5IJHO3Rv@v5UMhdh+7jjhF*>U#RMiOd&6nB@K&jCjZeKM zl~YwM1jn>xys4of32UEo?`wa}r~!}!rg!-K-3;__eTb`WSPYqX zzb9VE@Up#_8pNVChw@tclFxImyQ3{++yPiRfh>C)#bz*(_?;isgg*xLs$aT`g*1=` z|6X(Dm{v{U(|u=1a7zuD_(6LOme?K~Pi7Y&MmiXwdBx;B*j0h{R(cXHPc{&H_X|S4#J~aR7?^UX+NjKMnjhF~4w+w2-HAfNvX}(%<@UnnqZ5fw~|x`^azH+CLaS zfO2uP+x(=BbH|esI8eM2OD%YdtRCz>P_eM93A9!3o~Hze9n}VsdB5M7$C3QoDVNv? ze0^24Am9(b1c~|s6_^z7exW4$+b!oo0tksjGT`QEl55ri0zLMHVu?Nl98rJ$Ee)ja zp>BA*2Yfzn{!SJCejj)>&ExORfjMI41YVU+8U?sEe>F3N!V0Nk7(yWUbw{rFTx#u` zLi3W#n)Qsn&IEag@b{haoB!#lp5W6?2O7O^*t00WoCVa{A_UV4!LkxhPK;d0hcKnt z+~rGTQ4URb_J$W2_2Tr>=|zOh?LQvHE7I!*iVOF*wjk5rb{<3~OjW%c93eNOUuuzzk^Wr@@k0z9=&Vb|ECjFGg7GE9@AP6ohqr1HRR3H*<0ven+ zP;?n_Qdp#E>cB1Br`=kqeNe@h;8xMel#A4MB@2zW*?A$dx107O!}6hSfsZsP_)SZU zgWSXjw|&0+z`^n;^5=yCYAzU^qCzJ9Vsuhuuw9sE9w$oxy9<{Ysd(5Oz3Ni{Bp5q- zG~9lE`8(ExU?*AQX2sjUV!rWMbgzB&y5fFa9N8s>7pp}!8RRAOcXi09WmUC6|*#p8Xg|VbDJquSFrNLQ0(IX$6p zycg{vz7+=%f(pBpM!|=P*HWT`3Aa#Qo0C7ZC2+NLxGXxC6FVu^Dg+~+yXf}%;>&?e z=o_K$@5^*gR>O2t^%X8#y*CetBz2FU2#m)7{GoVZX6l#z8UDHROpOR(w2h4`pZm!9 z1~T((BX0qa1+wu;`uF6&c+~5dTPLn{LH2i2lab_DLzj{(H@12!s$8EnWfh;U=E0F3 zRF|KP3$srMkNq50w)dP2JWpYx0(~1|1St$^seCQROq0i7rpX6?HvmrktNFY-(z8n$ zh{_)!`!nFyJD*k18Y(|ohN36nRy&ms;FXQypq24c_gM#1RkfY-ct288U$mWC#!B(n z=D?b%f{WCQ)rHtaf}nwIl;4g1+!`ySF_%)I`dJ_2sWiGz0+K4U7jauju~e}CFlt|o zRKe_{Q_ZRY56VtRC(34^Gq5de8ja2$eIyLF5_eG>!CZu$x-K^k#fPBt5#RR2d35X0 zh1EHi#(NsTO}ZI{?&#(pa;48*B8+J&q=1s4d|Y+YI&O82Ka=n`)=n+dM(SD*7BWJY zpAu)r`BaRypmJ82H-QtXwGtWv;a>tcSk9)F&M za5Ih3eaGqvPM3&_4h?$o*R9t^hb!HP%ewz051Lg6Hu=TU=s$VF-^0eS>-dzp-8sM8Lz1{o#tbh!t zD%~xSr`{Y)qqHoowN&&+CjgCF6M=1E2Rfm-FZbI&UCv1S_Bbn!U0J&QC0E|vdh=;Q zYxbq#%6DizBvZ3z*)mi+F5UM=L-7PsG2T64nfMmpL3Ql+hytmSy0J5emt~w^2|DQOi*s z&glIgkUOrMma%kT=!-!Ko=xD|;5QfU1a4p4eopulDe`K6`+RjF_%vva^bG(y+=dNpk)oJNAO?$cYOs`OB%7+`m1P2~6LC}6v8*eEQt-j@ zoR{KYc9{qTK0#)@O_0+s@WIM*ip}c5FUfb8d@Ta5Iha9|x5}CKEYwqbF#mTKoPc)w zrz?t)=c0{{S8Rrc-=VVf(B5t!o=N!0wcHYDy*#hIRI9n+an}nfmc&K6vb3`yb0wWH^d>Egu?yyvCnmAS6cc%X}Zsy0+L0jZ!O~` zakhG%o7f!cMh_ZC7atedJHJ_snkF(oy}`pjTR8gU5nK%EK}H3JLf2ONWRi(Jp1ez= ztR|E#^1GqZK}p|y;ri7JtBQaZQsJ^dihe(QspNF>>Y(vv^?F=>n}92)C(4U5t1aJY zHSEhK4X#LR^3y;C+8ALmEgZ7kC4-b&M);;la z&4h`c0Lp$vDMgJ})ga3?X=CSlq*lWTpSE%cS30peo<4Nj-PP2)$n`+F&Jh1wlvesPin0K;RKJpfa+%+Xjh)w=(a4p;V5<_ouXE z5O(*>!EccNJQ2b;*Nv_BL@y1!w^!tfU67_|ONpJvE7}C0%OXn$B*T6!q{(`U)R56= zB?A#}VY73>VivOS%X_XY<;|~spc_Z+Ec_4maGW?5&9Rm50YP;gsx5et?$jG1Bjm)` zoL2)65q#DnFgj*C@$RolXVB(NAVdx$TCa2O`#6Xk`wGg|0W{mLU=@%i4*KqSdR5(L zF2!QGb&YBNMWJXG{u1_odI3pemD5T##NpP-d%UM<$NkR;0l0m&5d;W5;y`J<-wDYk zn}FXca$e)^Nk_6fPIMpvENLrddgfn&p6_WA4FL5`@$RoJW|D0|KpXr%t|;7|J{wQ_ zBAYXhZ^@;jOZ8-SwJz5cJh>&1Yf;tE=clXi))oZf{`FQuOnL7-^168zpcd#E#tw5= zPo~g|Gyt{OMjHJcq*y@&Rs{U4bYW+*HQw(HB|~#h^JQSVHR?@U+$zdzBiZ9mmdG*y zIDL?UP1rbLzxg@cjf-RY`#l+<=n!Drsz8x?A3uIHGkaTuHOi0d#@jf$(pyt+dbF2L zL+k%fv9?8FvedBK$XteJ%FaEqJ?zWlCza`ICmd*njpO8>rsaUyeabaAy2~4YF1cz~ zdfk{M)3-2S(-0u`8~D=(%m6YJ`-Z1#^kA9Q8v>!KZ@~18-A*M5m!CGLUC~Qiu?2gd zQ11j`HPs7et-qrT;){Hs^}_~fS0nxH?U_;!MEa{NJILh-@C_C#0C-$oQyv}`vu-2& zM(lHT%2r=Z0SWkctvT8$o4MIG(Rub0>uC(DF2g(?(yjhCirc2p8Q-A0X^dt|&SkV= zte=pFaPqCj49rAt{WL$trguJvATHqidyF9KiXfDce}lGrxB0z7`Xi8~9iR|G&rc5b zS9-Xk?`cxi4bKnhsuw4~FR0k@K#n1$&3JTEmHd&=?;7nQU&<0{F_ue91B-cKVW+Pb zJP$^l6MofoxQOe-i4QE%a*87LEDE{a0F#+i02Pbz!^`Gpg2=u{+&qUH)rrbx04QB? zfKFp>1?5%c=C@jU(cIUI@+RZe1GK+^zTpL2vv}+z0Hx}(c$yInr3P1~r-4v9AvmIWfIGIsdy^AnG^sM(jm4?$o2)8b{NK%>jRF01=*gUZjT zFCa_uAfTQcQIHPHQjV9=d{m{8h&RDSi@l>m6WtdDo1@aB^SX)q|0@{(Lykl>{&7Cq zVULP&1;G@b*V_m%?#$+k1D*t*>RJIZ{T)f~49HFs2fFpcYgo-M%$r;E6wTe`aL&WC zzR@MRlgvk-g!$u~&-ePez_8==B4-U`{8A_P!&%J1knV+sRBEU(uW$*lv+N8% z5z|^awB>TfD)F|dvhxPzSy*;&!o;e1eYf+CObl1dI9FOIj*Tp~gw7uk7CHG5r4sRq z=za}3CsdhoX3*Q~q{)?@evtBx@c0XMF5Qe>)UxK!_3V`L=Mx7n%@q^*TA;BWgFMr_ z3=Fz;Uxe|D;Wx|lH?5{#)~r&lA+m}agf+vCBZr@Ny1e^BZid?qL!%tc$pN+l+Z_q2s}G{AN;1r9jIvP)I77Kbh<8&A8k`x z#d$&4w+VUpnnEuEF3iP9-ztiyqhIWw?J`7V2x>$rWR}UJZoI<~N-h;iEWzbaH&DZ# z!sIjjlTHaeOp&>z?TD8Y?|~3e&@~GO3UE>klY(b?rfamKaYq=ps#Uc-HVNIf#0L)6 z+ukUgQYsaxFQU&HXWGZ3bpj3r_yFEseV+9A4ga@~-$ahL^A9D$`OhwwVS>KxYJ{@%nB z7xV5u-dxJ7B83Ru`#sk2p|f`vQ2{8~EpOLTfgF#FTY-@AM_#%T~^uI~~MC8gXZnKl)f^*G6AH*4?Gl&C8&6 zUo`j9ynDOH`mmhF4&{gwhOV`LS5oJ+s*)X$gSxTbaZly+5;n0(UT31XaBb@x9-zal zKY?X6;vKv4CA4lCZo?%fQryF0jrVnm{D`-U-ZC=Q0j1}C4QzW7&c=hloAwq#l%s_w zXqIzgI)Zb`q54CiQ}mF(2&bahK(F{1y_h4u?U598q4O_#m@WP}vHX4UrvajMG#S<} zep3Q=3J<t}A1`XZKKLWaN zc?HVLPh3tJhfp#v0?@AO>-#P=?2x~IKauw#P+mL3r(dqSzhi5&I_RIGQg!^K9_0l; zKw%MLlBd^WT*Ig@jY72>)&R>!mz+z?@y~zIZFhD99PPi)^`PMSp`_GE?-X0kf(X@? z06ag#hVdKx+&*_?^|q+Unp5!EH(l7Q-Rp~Scs%=JJTa&G@rA3Di-P@$nfzxKRSSqB z6j@j7hDB)SimK&eBk`y)umKkw)IvtbDMwSVx6wEXH7UM$00NGs2LISvIsCZprWYne zwi=j~h4=7curWKu z)Y>Y>@sWXO{TFnSncW+&kt1LJVOp^1POTx2b|MNpsHt?*;0ivp!=dm|$CapXw zaXJj0OvxZKN)W1q3pfUf)H8HtkA@{xxl$n#_V@-4e4E*VTv2?&r)Sk+Sg_o>N)e~4q_lr%xY?W%Lm(v8{>MD_i|(f z@G>jC12iOX|5+BUz||4FLWlrS%y=}^;6z6pNStBmOino*7UT9-oQ7?wsE1C0hQ}(l zb4nc^`XGp*e~9nk$b?Z;?^NY7;gJxR>+Y3oQlE;qN9$C_I`29dRinI;vf#~rFif@p zqgx@aM#`8MyKbE-W*4oPz^VPpMB&mj+z;zGg_QqfVc8=9OdqVX?Z0akc;L#(YvMjj z4o;M(E-QT^Wwt>C)(Z%t+yp}JL08ZhATyE8(iZ9A9Ow4w$uPV-)7VL(vilHnKIcCK zf?HIyfYtq$q8O=*9s(s{@1VS{q30Dc1&nY-1t^pkSNTJrkaJ@T*tS$`G#ao0UxDC% z&j66MGQOXMFeu*iAriay^ycT9W zKogdckpX-Wk>TVJ^(crtM)Dft{Y_x2adEWlYXBp^FPg`*h?39vz<8q${kH?rX9NKe zfnNxIYfFs4vV5s=^MF1(X6g9xBMKm5AEbqwVg}rudEGcL z0U!@jU>*KEvws`zfxlh=ru)Ai`Ttw5iV~+YQkw;FwB7;HJnqYqN?)?LZiiW@5wGm^ ziS#3c84W+lwm-~DXLUfGi?yauW0Q3#2XH>*Ke1!o8&CnLj%Dggl1yLRaAl&H*XUY< zvOQX1u9N0>=T%lq8K86;;dLFQjnn;Ier=L;qy`#p-dk90J4a5xQi<{{(=y}jqmm#x zsBBf1ceUV#=9iRl7qW>E0;98})4j?Q<-E63p^45oUy<|2{h6DN_lXwOFAsK zl0NYLE<*yOyYnEBI)sjHs$@pYidCnrQNVmHkAjXpRR;*XFEHbMp}YI5He}D-VdAgQ znri7MEy<*<<=4$!5P?VebDHqpSSR~P-CO5KU;G}ttexeS6EuuVybi8^A`yzZgT(fc zLNZ)sePmC`DILa~M6%*IS%C_)(nK0!V2sbW5b+NVEpthL_&a*$@K8Zv z2~Al^PJewmf{B;fN3I{Ta~?j|2|99Dhp;ocmnLn$-6*+rMa3w^6%~MwXs?4b<5;%L zpQf#%A5(t|2AL9)*%_t)s{_IOGCNtuhe^2~hR}&^e7P;R$^rMc?^6-;ld#rRLzm9F z*78W~b7hp1f(gVX+$2Dd$KDstu*yzqFb3p85kI}%k?BcCS8sdgs>6afK#_L<%5^WA zz_QJft%pbXepsb-to4OD!#~GtQ(XwG0|wLRjWfPk?CQ5Dn$3j^7;J{?p?fxtdSEbJ zEki;L1y?ruI>E%0?9qPS@C#;5++3sZr`e+&Yn7ZrJj{$Y*~?9B2^R*R@xSN{R4CoO zT^;wbLt(;rEao9!_rx9lXV>dl$Lk5`X&OpM50%-a&-lj5F3P3Lw*xH#C>s^_oet;T zn0&tUaYiQU+r|sysFTiI+_u>APi#HEZZ6DfBKuT?g&ju?xNHxKDzoI`@iJ&IW|rOeu7{6*HT>a0`lP3oZ{?z=0M?J4RS*gF zM1^%UUr660w^_DySg>W8PLgC&@|GK#I$Ask4v$~Q_fNXJs$Fbi7T9ti;m6bDV4j)4 z)aXB#9CUEKzZKDcuVYYx$_Cg*RovJiZIkC5UC9^zjPX{!^tkJmuyBH6YG1n7e=_H)*Ij-M1?feg@D6qzYToTBogU*z zuXa74xE_^W)s@o8CK3`)RtPc%LbBPj^JsX81gZ-!TjT;Mez5Y;@UTfZ(_mMl?k4En z+qdpLoI0ykLo(Dd{>HZ~8^?BVz&%!49$Y2?X*F&va?z=OjWs2nB4tC01xF;XAGqFh zU{*X`AZ8Y2pl|%~<%X5^x_GnMSSB7rtKa+3+n1s39>fM0PZppe=2~N*q+5>DX zDNK+aaurOEZY4*196~Wy2eVBZ8N7THMEQ&rxD?*jEjUxWkE0|wwYLUTHo12uvEzsD z@VYzKt?GlVCZ-h5In9~?%QUO95H}&+7db@E@on5LqnHRVC04F2*$Tz@R8 z-}0tL(e@i4#}S!qwfd%a&?nPseS5s}Xu?2b`IwJ4&`suG{XD5`qir(a%%0~9Wu5U` zd(*I|82$u*AE>+?KV3)b%ew{PGP-7FnL}%VFo&sA_H)CmE}<$=9p3c_3;3^k=m<@D za1LD2QAdu41V@bk#++z#AK$%xRE@0(cCHfQ1I*HTx%2jV6B4`u2(%>bjHCkws*V0ESRXRt{i<+G5y zm~bpCyKn03A*~o4l$SOa+APzNPj1j+T?DaEQYjsTdB6*U95qs~s~C$Hde8z5N_ zpPrx_$tC=2nu4qH*&uwB20}IvtmGYcdq0KUFK6rlOwMqpq@To;bNW@w8BCCR?ggIHYEC_SnyV5`j^*ct9rR6(P&j#ELF@ z=RN(RQ$+nOKHb8ONPMF8y}c{8zc_CtNcXM_+lbo)qcI`KG8{%@lf+}A$@EsIOUc$;RVs3@x_cl{Yt~0rf3`jS1Y3i&g9%)^i$2j_36N-_kU(+U=24?fE7<4 zk#WD7dj(vGZcnUt(90)XBh-`v%7)Th*4>4+eUl9BU65VO(*Lj%P3NB8pA|+Y_zDap z$uCyeR))ccDWr}bT$uy_giKUqG*x&vkW&4exHDvcrkxgiJCxb20EmitBZWaAtZ7bJ zIhB#o#Y4frv!H$y(X#lwDo!)s2Kc16Kjz8_#(f?-QwwrsjW^4FCXY`?OSHI_*o>E} zByN`ds0WYIg_%e%<4>@K>Jy+oYfd6mjLGq5kG*aED(?{4p6V>a78_kz-bg- zIFS6ibeb#wY`HdR5Q^nOX_ZXAp24&T)B$K8^%zWq)}@#rMbX$JG%3copCgtI7M{mz z;98XZ5e&&9uQ-K>)2nDif|=e|ERnZIX6c88J*8k!z_K{=S{gL+(lwU){oD-@4eKt( ztCOv;U`V3xbf-Qs$Wib=q=ZG%ODP0U^mT3nkPeBqk|5eVXbx=a3ZQtgfa6L7Z4~_s zniOx@sKOY#G~w;Ba!uAPXA3E+IeCcqc58Fh0bt^Y1+yChq(N^{;RbDbGiXg_cG~{X zW+?S8_@SWC`j~OPu`g$1w4xw^FlKgr4^+T?b&@7#6cTnuLbPFQGr&3h3a|~Mvs5!8 z@;fd_QA8GA+&aA*(z)=)d=O>9(-EUa(c!?LmJW+6Zod#s2A@p^#D~V)7T`{23kh=R ztGHI0w@GeTmerlI2Lp<@h2-t_;wZ>tI(?A-0-v>Lh%e_}XR1B8Q-6cZqXLL?q$c zPMNm(F|8FmVf1I`Xu?5u@xU1m$nr0Zq8lJf0YEn8QeJiT*}c-HmV2Zef~UiceXCq} zxFpo3jZY>z8le@6+D4ot5ei>cV}XXnBXfbpBmhX+@Bvh~n{RYrG6LwOhW^Pk@$o`^T?dF}%;}j3;Bh`FKCg7& zoSa$a3d~xoG2ATWjK%l4KmF3t^3q>srl+$jjrsZ43cF>I6240pD1XFTH~6w#UiJn@ zEWgtlq2^FRepf12^k8RRl1&CY4WTspYVE_HVUoeQ!gJ;I+hv7W0Bx%8%uwm&i;r@&w4MzVuEu8i$2zR8SL3ts{aQ7E zN>8U>t4xu23eu}KYP$<`C~&3T&jz~Z^R@73|3b$*0=2OCM;{JNZ1rI!pmChKS3_2w z_LBYH=9}3-MsT$-wRYZ1m_!r@T$ng<88AvRck12>+4bZfO=1rbb=UeekZ$TcDXa!1cSt)g0Nr>ARao<>h7Y06?pHI{!UC-ZAGBGLAn*EWf|b)&Y*=*1Y|)x;M?M(otUmIL%q054iIRWJb`nM2q# z0s;Rs@bUkD&1wQJNq{iDs;@^cK#F7TC$6=Qi~WWe0uZnFzsdfN;~a_&lKgd8m~KYz zTE#r`siIKC4Aw%6vCjEmKyP{y{b`Ka<^TNtfG20yWM(1FDyvvQ9%U z(k;^jXe-ezHcP|*;Pw`Me_QAnc0PjirYLI9MFr6H^f@KHJUJx7BCfI%ml%b;DODN# z+LW!G*aZZ)A-q4QTYi58R1jv=ruqC@Tqm-%x;y}>mkXHKZ*|gAGt3IH>e*JQ3~1V% zGff*A*H{awrdY(J)1S=l*ShfWs~_+E7o!!G&w-!tKBjm9 z&)Lx7%rn1q$uoQ^9M(XgxnXq?lgd$@MvL)+qbJzMsnLC#j|-`8ND^^z|AzB7KKVD- zr@ZF+l7CVW+P#o1SRRMcZXYF5me1{?E)r>JNF0vRDr(MM8KW;OYxC&^j>;=K4a_Td z?z;%FtrR7R5&eVdXYOj5AM5DAH#+kwWPMc*9s24$Rh17jEV#2|nRx6hRwvdVn4_nb zA1$HrwZ`tWr>zePMQJyCd3W`#b0tTn*D8NU*1q67KP1gfk2_r4X?xLWc8d4O%% zVf&ScXwL^nSM`A&*pj_pALV{lzzr*w=Gg? z2;orFs~ZjxO)ij>iyG>hwN{HD7FNU+C?Rxxb53SN1Ejsi{EuCc z+l_ok)JtPmT*g$o+XE^gtC=b>>1OlAfzQY^*~WrXn^k5TNH z*F<4HwH;2n%=eT0eFFRL8fi1yWt_`(*%gS>c|W@)P*O3FZ?*#s`F$JY^FQZID08ef z&$)K>cA^F;r2+lwNf`IczTcyJ$P5dccucHI0f_o${m@&_P+LQt8#LetLd9|wz2~vUy4dQr`BKW>AGwXr#N|Ac>pAsR!6t9aTvMB z(FqH6CIo$bJ9U2cqub>@NR;@09&17iZE>aTWvR+^`OeOJZuX{p^q*%5>G5Zds5QQ7 zK4z}IBOB<{U46u)MSZ#*yHo0Zs${)3vLeFsy1!Y456H5(H_ zT!GYd+&I5cZCDrX$g+}Q#*E81-k@rsgL;#4if8Uvq96YU4gcWee^??2)D-s5z4i|w zph&SOL;!GCGO2&=lz+&NKj#qe;sO$g;$NPsJvvF@q3v55Fz~h}64k__`mj!)V$>Sh-A}gG=ld z2^jj9Qfw~U(h9tl{<7LG{?oyE^`&PcO+ zCl;>5^!=bvgOT`jG)-}!LDAA&SAMUS3-qj^Y@MVDFMn^OC4Zl9%#{^hbtEAi9U=A^ zF4T5e>JLwQe2H+qh@#(%+M%KES`smDpW$2nSsOj`nBwB}OwA7SSoq_IrwKv*2cD+~ zXo$!zRZtoycI}bIlsWugbNh=ycXr{T?p^izU@%!uMku^UN??2?KY`Q)$v`e3M(%hX z>@BxLw;174{j!;2Z+_dy`*{kG5CC1BrAdAdp2u-IB|s@mzo6#lsF^1R{}7g%nQ=H) zzO1VtBrL8txb%O=Chl~jl(GpE8Lp2V%AP4_Cl!}>Ve|1j=V=cU1AIDbh zVm}tcUY3wv>o9hgRB(1cQdX? zh(X@YkIr{DCYTKXdH57{yS7rA*Cvj@#?n{v4*~eU*p{Yms5OWiv_p0J?O*|@)%68H zL^PDvs%+Y3F&lu757}5Dv9C$`M6c*vU~BH zU^XdXoT933H#e@-E}N)VzO1E0)vI;hwEgcRVWMEzq<1X7cwi1}Y7BA$>bl)5HE)N+Lemx%PYP!xE=u`R+%?*X>}X1gx+nZ@q2KEJ+*R&;9_L`TD64X4>s+CITT0%Gchh}0bL9xu!xx@S~` zekwJ3<>4^NS}so$bK7Cn-{p@gFfY1u`p9QD8;twlQ$Al}v8EP`bo&iThg&voQ82sD zOsZzTQU%B~hMf{#>+|<1+kbDI=Rj=8A}v9~tinF(d)YyIx^b**`{)^UyQ*p6y~*|f z<$4B=dyjXTCa3%|{3OG~%`OD%7Im?PB%FjeuEvtoyZwGQf(G9H4nEoyx4Q(l zuefDOn`1QGiJt;r`(ae6=W_48l^4=?Lg|nM6snEg1H3S^@>@xz`g!MSARQLGnJXYe z91~OR9acA?QuxE3e!D22$(cxKuqxLK*I!|KEKoDk+Y zwT}l(T%ZRe#{d5s*fb*8=gAf(g3S+h)^Ol5vdJ(r3tEmxI9-1&m9ftkDj>yedc zK!7j!`?lzl+zS4ag_oxI%3*}m6dzyVHPDfRT&J~p;4Q`SRc`|D;Ysd>FdL1fBu|!a zv*TVuH9=uLrx509{f)F!yq`}YCvWZupYrb_piI?|A@W72Pfh8NGyujncY~#Mt2Y|k z9fgX;Hm-S3&p0-ALMnT^NirP9SHSCUC^~mJ5jc6iTyqe~o= z3@T0!^zaTovm4*AzgQ9?DfA!!IZNM2mlr49dC@_uT#O);*4g@JOrUgb7Ic3d4b^FQ zIXg;$Vg_gL<<F!b|7uJ{Mrad< z)W_n%eF6eG;o>#pV>rr+(HqfxE)jsdSJj-IUCFM>zSfp&xW47vqVF9}aE&BxFuM6^7wpcR0hGo&R zGYaMldICj6BU!03bac?)2+FO{*81+aV+SEpuKBxMKotkmz8~_$Z=^)NyflZ)s`=KU zQUD7oDH0l4|DzE+u%<4$xv&R&(HFNQDb0k&nA!Slr+_RlrMNJJ_WN+%`M|k&=#*O_ zUt5$c0Td_yIjL{&!nx5z_gYM5O!*b@eyRNEGt@r%*S^z>Dt6WS+=q#mf6ZZav(4iZl(j!^!l-egXrnag zXL^?47)$YvaN9PXUcj z)6RyQjgl;TW>^`JLM4519jr*a)3w}XU!dDeaqY9)&t1d$*p3KoIl>NiFh=(ii^ zdc~SL?2eg);<_*R*XmZlO7uhO2Z@kU_*x@vT9l4rw@kF?ZM*h^*}4q2;TfN}hnGO_ z9_+&WQ7FuF#zXIC;Pp*TSutZ*Ztrif?W>~5sFW(x)`kP)3|y}}8ma~qS2y4N6 zN~+9hDqS3dKRhrsCxLCQO*8H#CmAmb5`;x!p|W_n`&OM47}*U7OlozKp#!gqtmvv_ zrDr3r$XM&|kw9l+Dg54{;I;S!O zl)+gQHJYct=INhT@D-jyf85NY;Y65RXZhhkoBT+_J+8POfh@XO|3|jFF5?`vW;0%P z(ZhGHbw@obccr4JBcdd*Eqj!@uasAlo zBUg#1BX(&)hlefaO^RQvKCdEhZAY-^dn(OqJ)uhXpztpLo^s>ibl@*ME>g$??{W_q zybmjZY62dm`Gdl{GxLrT@{CuJ+HHlyE2g&xY09@qgUjp)&Kwi literal 0 HcmV?d00001 diff --git a/2.5/en/assets/images/manual-guides/mailcow-tagging.png b/2.5/en/assets/images/manual-guides/mailcow-tagging.png new file mode 100644 index 0000000000000000000000000000000000000000..f6927d132032ead9c191229aba48d6f4a62a928a GIT binary patch literal 55546 zcmdSBbySpH*FR2(D5=sVD&5^_0n!rE-O}BIh=8bobTcB-E!`t2HGp&v-ONzK0K?30 z@Vr5T+4S_FiX0{F|tg{*XgiamdY)kJ&4x{$U zu4FHlk@aktCI0nH`+Wgn|6P7#i-kw>r$HE(-R)2L3ypjz?w`sK76JXAvi(g>$e*&j z&>I~5Kb3TBa`8Xq5u*P!Q~Y>M?$>IH-YKcz{DPgDliK)g`OlP27OzS{(1qr+sdm(9 zJ8HLm%@;x_L@q=nl#cwfL-UgFf_SDCQ)$_WX7Zi*29YRA6jonKKkPQMobi&+CLif#umLGXVh*aZQM#4@S+b0qm9@+jGh9aS z-;Mu^8xQ>4!)~)A%*G#N$-zi6(zwoYGOwg(J{6UL6vD7+3EtxLjeoX%qZ=a+87e{) zeh={@Ws}po;v--Hm|IZ zOyyOrRi_x^PcqZu3|S~$i$Bw0iQaZO2(A}PvLxv8Xs13Rwynt|vl=JpvkdK4kd>QH zREX6QTXVhded_sCMpmz9^1E2BPB{EWw4vB@Smc(DZ&$Fe-VEh6VrY2D?sfVam^xAn0*Z*=X|2jD&dk+j*MdqFkbvPkM zYH+|W>v-zSHz@h-tgT3CwD)UZnk~@yv=Ckc$U0@ zR)_2RD_3jo2|HOpVDFOasw`sfn2+&R4B${R+flIo>(aI#YC5m+^0bj}J9^cIff6(>U(G=awm5syJ>>L!fuI{5CTWYf*O= z`cIdalSq9SsVT39ML69=3SU{5E&ddoz6$CUl6u=IWHt|M7V&l{go5Hmi76r%HRZg0 zj|k8A`}RgcQvxgA^EUC4y9Sfn=hK>1$8AOcTFO?XTzjhPHx5Ds5@b@OeIC5t&#AgA zyjQQ0f>RMozvUNWp(ie1;7x%*e;9@_HuIGepSB^L6nkS3&i+2@HD55jT7EE`T+#T; zgB)k(Xi!h(0(XD)iQx`=IbE(xoFkUigTzY0LMY8%4I1u}V+6RiiiRL4$^i;4M;{-+ z<;D5Nb6Ikrq>OueL9X$P>->$2sW?l=ae`jCrMMxVC7$hqc-+;(U>lOK84c1KfDxH< zNT1V={N{n%;`1<-yKR)`L;8V=U0)~|m+KiEbs%Nn^wvXVSX#^iZvM`Kj(xz-#c#Wm zAJR2jDA19O#6FJBHw8+GLS&W=wg>X zIZJL5HzxLVPAbH0k9*$;^(Dv#wxEX_&EeKYCAsuC7!H45MvA~<8$R(p1( z;;BOF+IQYL*H(MHpCff-s3kaj3LZ4sxjL-3kC!t2^>p^sU z@DH4g5K1Wu>1M0ohxDRJ|enTYw8DNsiF za>5){-|W55m`JYjTK_4;5Ga?uTL1HcSFl?;q(`tV-7I~awzYUtGGbvrxCD8y7M+H8 zT(9Lq!AGH)?~{pqJGbv_g%xL>H~21d-DAnW^=vqQB)6FaxlH()lY?noC;q9VL0P9< zi-gxRgeW00d}`_bx`JidE8z04kTc{#*tna?#Z(N5=h|^!LKti<%)HzAl`d%)&_8r*r^DUqAv>fwJmvPy@)b{$j&Z8TS+}%I9b-J`b7ka$&Pg`sV$D*Pge9)tEH3bv-fY`7i_rith@--8 zlKVZ#tk_IC3yn>j085gNp=8~78*vqrMh~T;^wb`=Eta-2S$;W@V?K=&t8<>CY4IvB zZAW+K9WcygOYlFsF9!q99P{mw*tUP+2uiC5Lbs-?JQX2XIY!l|7kjFi`Hc$eYuFdw zA*l0|rB51%AFF>b40}nt5{XE+&<3@wo{MRip05B}0h`J#yXP^`8%d3A&7>`NZy_H6 zw&7Iu2Qb;bE6-8cfJYr~o4hYTo|BKnl+g!bBsWaIY}cC2qrReG^K%S_!(jo;;O7~o zVMkdpo6Ye;((5mj-?&G|9j(P5r#`@Qax zV9WMkj`K*Gy!JYr$-U^7vvc2yUf0z0L6BGDAdg{cFwZ%w5Q;A1FbyEipz48NGHklN zuxR09Q3Slo+VrJsWE~E2>5ZX+!wFoOrxxJ(R$nhW16s2!4yrTq-kB(H2}(;9os7%x zRt5x;v)H0TaYNdhef>5*O4Yxr2L%r)pdPigTFntEe$&$*F$c(J9SM0`8};r!E$!d! zsSiYTa{YjMNnd(E8|O;X`9tWM9x-aA+XI@7la}iCp+4^;o+~h`G5=W6Qm^Dj^PrEE#uHZqTryIsKyIM5-(}bwGU3D2E5eBP(nosl>y3WQf$7ZMkAWZ zH?DJmhNc@UzX&%MZFyQ?A=y`Uz!}!{62+reKV}I>%R!8$5=WWKXjy`JA;N&ZMfA$N z)a$;0S+|X=O(nLECDcf}T@Yg-zrkInK!r&>RCA*mJ(atIoDZ^)MAtKCpMxM*hPh_r zW4WxpY52x-HMym z>*|Zi7t~P~I{P#}tF3ilKXI-Y5=Rql>UVvi|u<>R z);k>Q9t;R7p|rKQtU1Xx%;~#X74O}@KEf93b}Bv2+YSyhf{1BNbXHzEOIZOD;z3>p zUOlSt()pqg`1~bI(E;bc(2@Z$zt8nFxI%8J${E_L@C?a)?Yc|nVVv5iTHj|xGO4xF*aStGec^O_-pAjjbYLrUMOS*}AC)!6`cvlRhQbGZ zBxR{qx=7AtMGC?Wcjt^+hLpBikX4scvp*!h#m44X8H(0R`u@6~gTOiGOKz?$L@8Cc z^kRloIcb1Lww_DiNTAP|Z;N13tiZG240Db6oK>wQ)$U8RnJ(&MZUKKMF|w68Q$KBW z5g#~V<1uyE6G`Pp&GLyjUIIl=-0pG7x?g(jucNBC+!&?CiqJOB2X&H@13x{dBEGub zNWBvRx3N-|km2UH)f&+UT9_6bQV`Cu3N_~-oSAeNa}$kzsyMGMe)HkJYvU_12_e=D z>!l+};Z&W`qtp1o$&l?@edgO78&paYH7qqv>BkgsP!}L2qm{^m<+yJ^%g$se!*8S6 z^*l;1oF$CbjbkB;cmE`kYoUj_;V+qs({hpjNE<`!up8S#-e5LZ`)F%2(i$76R zW*~XE;3sw)#bEl7($z2r5J+ejiR44C1acAf8*wIb8kti>`}Ol@uF$3 z!2(CC0oL9&5|b))_Pv!+afm9Ghz(RPVhZPzq;12Ahp%79|mX-%rHbvQNbmoSq#od#!X z?@#(ZFWRM}AlH;S&2smW@itvkj`hhyt$-T4ULA3;7VFi9Gp}z2Of0;z1EE;%Gu*|!jBOgQ3MA`|6+Y!3C&4x`|4ES%Z;@&RX^H(x`u_0tzA3I{ z_0vG$OkM8fFDh^Mk2CIxz^tr$PyLKOt~ep0Av4EBZIF=bn}B$bcKEccDq)vU%2j~ zH^eugHIZ&Jg(--o5}9$%0|X6gNU8X@_JXeH7r*f)$7Bqg;*qX5c?ra(5BrmtK3rxC z&Tu$#?kyjw@nMo;mUWi9A*^#yG@ON!uRdXLfo8Wv7zFabNxNXC zvmv^s?aq)_OIlTv^|ue}Fj_`W?PkZIgA$$i82t_Pu~3zb%BV&?q2*DIyRO!K-+5#5 zn^lpos*1mU{K9Tb;n#WlSZQqnB6>P8mR+w847M6?IGx*kzEl-@+LRgY>AGXIDO`P!R^cOk?s}v60rr_9sqramSmB z00n=?H@U3o*~1W5T4J#t{NR8hNG8U7-55gjk^l zjy9@Rn@QvB;FQR)5^ukxNE*TTRYX}~<48o!*#Y7O>K8sB#?rrBY*tM&laZg2lS}SK z3%1^5=q@i0@`s;aCu9J!Fu%y;Ph15zgy_-qwMN%_-tE`&VPGLFP9RLQ^K26(XC(*{ z_B=@GS7)(YrP#cQ{Z5FN!iKXs{5$c7YRM7=&?M&cbs`4pD<#3;ZB^I)(y?OJX;Qs+ zkm7-bDX`VsMqHBF=ZpJ)IRK|Q_}fd|>3c7(ATh1& z>zBLWMaikwOQVqbp?%8rYK>2N35v39%y1=Ov&;$Hca6HiSA7#4e21Z_C#(tGokR+E znJXRbZj6KQ<@OCyw5gqxsjw{(Nn1JHeFg^k_W8`vrhjNyO=4dPOoP)bUY!lQ2nE35 zfV!PD`sUsAX=SskVt-bO5A(T!$r?&9ID5N#NN4H9PrX%ql!$C%*0P9;?bg-8u#a?z zb^lKJa1d={e6v7>|9oKdwTrW^p|84c zZMn~{n1>v!dvj*GHJ9!0qxdv1r(%A26MPCM9{MRWTycW(%b?C_JvxlDPKH_ymoow` z{jG>HZ&$COcl-_-H%rSPh~seQ;X=}+tw?i>?HNIT=_h1te1ZCj9n5#K2^8u9$;8(a zOd1j*xvYZM)RMz}!Eqn8!seAIz1Y~sX9NJE)}OVVmn`OrzM&#<2R+w}aHmbQpN?9* zR0TJXBPL@Fo!8&9g{^%7@032Vf}-Xs5LG)Eco3_S_m2%Q4;Y`Q|0#Q12GaN>MlAv8 z*cXi8)ucegdDah!bz5Y))JzLsgfu_if67XbfY3^L*V{<)XdT2^hf2l z<#?f|k}GIgH>#92A?AUUMSNLp^zmK)=xeLM(D8>y(&2J#q2JwlzdV1LW+%!_=jLM2 zm6H-IvJ#x7yn&*ZdBEK_*U7ZmZ31rK{z*E~Ysb2wLX$Z$V~)YlUjCpSZiC)$lPlr9 zjz;WWL-!aw$GWp>ciOg-qT%qnc4eH?7qNgd+Im_#)AeZGqTNWKxxFl%v%HzZR3!%l z*5>5LgH?j_8v`fAeC~$<)-y^$jM=*$ydQAsI&KCq-H7_3pm%Q6PTbHcV$SnZ)1Mia=;>Md|WniTWf+x14y>8HAF|~9x4%u_Wx8N-96hi zvt9(WS!J~8ou~WxwVSrT;FI%Mi4yg~f7)Ynui7 zPskQ)zZZSgj!wB6IH}O-*zNj2fe9K@-TqheEOmZJ-aS(`480v|(^YT%O>(S}1AYqb zQ&>PH4ju}PT0&o9;>^~Ze_G%8L>583Ge5Qo;-S`4%=&fyG+^zMX#c>#e~fYfqJIU` z&38dM{9_$j6csf81l2(d|CIl?1lXm^2!h~8P(amch|}%^6r9m#AALG9ba^zs(>Q)r zA98%0V{lIVXCwNG*~)kT^sg#cU#Ck{geaxhik%$F9NkQOYjgJsjW}RAPZJ78 zGA_}i0Hc2OUi$i)88*lND+z#JI*9=JtD@c;i3a#;102co>!pP8WEapH4C()*3W$Cx z&<<^%Th0ZQ-QGc8UABw+``4-WDlEopPf7#=e4W>*(ArWkDxV32)Jaj-Qwt!vDCC0A zt~ms`-)=*N96}>dMo+~!*!#@D-q7WT$o;dkGmXLQ;AX4g7X)Fz3-k8Ohv@pH#a48f z`=H~W)xi?MPll0}M!icYMEw(!UE>3kPj7t);ONNg0F1I(@s&eI#<-#{ZQLWgnniB{ zqHeo56V2y?q}s0b7v!Lf?Gh@FPod`-F|LsX=Z)c)t5E$aV@8R(RoD8f=o}E?)e;l| z=lkU~wYQLwB8OUdf9uZQqymc#{%G5e(dvBTkBGc~6fVgL%auX3AkW_N2k++^}Z{wvAC9G1xG2HrcF zNr3KMKp7Z9j$`FCq9nGNi$jp3!i*ssA*%~ZqR&qIF;+m@aY{nqH=GKf&8CjKIujJl z_%w8>-D{6gvhHdXMfz)u_vy(WHmKv&sK%ihw;OJ|+>eQYo>5U!D!0!)EveYQmDcJ) zklFin;iqEvkT-vZeM z8@>S0wj0xDNfWF8no7_)2jrj`Feh+ts+tk~&1%l*;9e$qgU<)@2G(zMIuJ0%QI$gp zG|%RPB*yNh<3Tz(H=rOu1_X97EuFx{lB>TwiPJEiJM%7;7@=& z#yg88d*Og>UudQ@mnC}OG&barlp6OB8_7#Y6ChFRO9xA*q%{r`0u2|&ah3wMft2xH^Gh5v`W-#24OH!nKCqbsW&{a$j zBSH>|2vbQZ^M>T*nC&H3xn2U7mKZ00-Ta$O<^xBF#DEUxV>bfW0|Mvd6OYNdrt)Yp&{%1*-uuz;Oem?_sb#>c6a#C~uNo^Hrx8)&5 zdttyqrt2P`z9YwgD6c=~CI9iE&KxG!qC+-iU_FwQQCXzk;(D?O96K8c35m2nJUOC# zYa&^RS@!Bg8}9Ama&Vmh_3g_X^%syB(eu#i@7$Chfq&Au>}lS;R&nPwZTT4!bagtl zTlhKaddQ~hA;rYb^!~6xS*WISZf@?j*Tt_qm2S&8hWQZ-H+C3tXAa1~KsE^RnS$-_ zu5Z*73+s+IhwTK@22%Kz+Jfl_kVV~Up|17@f5cTETTRbd6GC?rgEYHH2b?GY{%SGz z#2DU;7z4pgv+Pwte!hY?7>o2fKQmibnigI`R`UI zeO}qCCfCIxXtDUqE|L2Jn#0E^X8Kz)eVlj+D^$G3)MDl$c++>1EnZpHSyGY>bAKzu z(S#7={#Ne@Y`jHTrzRZqYlOU=9pVGB&SI_8mRs%p;g7QA+=`o$Qc}2c&3v+-@#n(0 ztbev3zvm2+w2#i51GK+-fP|S#?yBm3FLpm%>Bel~ipH;Vud}qvshhiJ?D|2s0rEc>>oJ#F|=$|;mqdWcVnYGI8s*H$aEloG@}HxsnCSetUkX6oQgGK+~1jJ z$VTq`2&=G#hA@%V-KHx6L1SAercXzCQ2rR9_`IZQy5Z3n6&3XYOg?hg)&l-}Z<3ia z#016|kK*w^w1}igUe6uwXqLpil%;Nb3E&Tul9LEn(cIb#_WzY36(wV;_1cpHA$Gnh zCnJ1Bfo^g6>@}Z~p0qUiK6YC)JX#kLdo&sxiDFl+?<2_6{ean}fODVMh7Fhkf-OW+ zeXp8=Y*h>;8>`W?{9N~1}H^tkAJjch6 z+3eCK{jRv4=nW3Fn0q6%y}aMc79Bp86>5U^Sc$0hx_Buuws89WR%n)_tOT1zW#XQM z_b%!i&1y-npmJ04{WW}&)(aWQ>MQfJnWJybIQ1d2$yvFHFoY9_|B_dP7pSDEXxf5Rqg&26*6AmwBuSQB7-)Z^&bY zOc&JO=UxyCv*{U}TCde;;{XzS?=MGfBNxldN!g%$QDntCljMjnuHLh&lj#}n>@rAH z5eOq{s^?cUZecopvcsj!5kGQ3&KRfj)^#8V3xbakvdWI{L6|JKFG3@y0%Uqe@B6L> zbL7p<#PtB0At0~WHhGAq0$77>;Xov{j{;GiauzY=mBQ{(J-rd9J4#6(KWOTh}+1RTBgM)GF*@tRw1z|FP9>4++ zd;12-V57~Sg7^SFXs&UK_tpq0oPn|RC2xuy!^fVi{A0oQAq0%Zx1l@prw0XM`jfV< zK;m|FHe!s;%gxm^)tO-3cf`D4PY%+OI5aG9e+};`fF3MIck^@f)}q=Pw#mh&=9JY&p%)PXu|aB1k38t{S-8tDuZ7&>&~cAT#w) z-vbGo1;iE(S>?fTCZjb;S^@hY*vdfVdoo!Cb-V{A(a}C?nUsX~B_x|8?dn9{PX40{ ztX7>0PkpO;q=FHXI9DuuBNCqie5^<u`$Er6{!T-UX`jbZeb#kK%rDONmtW*U?vL9k0$7;5Sy3oxpAzrwuZe{!M1|sY zimpFhiJ+FcM_Xl}3>7X8m}eZLua8d~r37Dli7L^R?NSWY^fs8P?d*8^x&L^K#;u}G zuj)Vu@vm6|k>VP3Tgl5b)M(_s`u$k8s{8t&9v5jdtH--IKD5#n2qT) zAu(RB?>1&mRAqq29<*_I*{TUpJzsvev=uMS_t3e%QHvhuv?t(vPcahS+Mx#{wCM^#N&x&;UE^3SITV&rVUl5uG8VN>uu1Rps&YVyLT=%b9sQ#myiikv zh)V^O7K%rT>o5a_1iaI?xvdVh762UXG#2?L{R`dIvNyrjmCi&+b<0@En+NybKNHIW zK1OP73Ep&3oAss16LZTx%2ZY7a8L~mu`1U~*?xJ1NaTP;4Jt;OEk7NR3PAz-9d89h zbC&=^(gp{h*SUy%W|zUAqs)82PY;O`(z63RPIVN1+SBEMaQO}Z+j%m4tuYpuyN3a%0@ zGI)x@9A2-aTN`zt8bRjQ$yWwTjQ#^E(!0B$b56%oclq;Gy;@9Eh|_Jr3vlyL?IDe# z5k4T~+kh&wSDJRoYRdHENL@LI zsqC_yDTMZ7$dNBzFl0GTESCnLV6j3PCw3O30cKb_R`7k@k@Ie%LQ4*vZ}#rI;|z7? z8ZpD5-MJvQVsWeM7P5Ad03y_-qJ$z>7X&zFQ7e8Ys8Kxisa6 zY+t{^h7?I6`IEr_=n%@GDKkxrI^&V%0JG9D(v zWajEa_$o_r+CvUZY(;}@e%$=dinn-(0?vk} zOy}LL-!mA$3Qfod><@{Zp~%pPkJ@^u%mDO)m}$N%U;E*~a;HpD6cX5U2CJ5W?~|2u znoVD#XoPOiAb!DzX>I03wIZQ)|67$J%>)s%tYj(Qez3SsgIr1r&N*t(l zOkd)hRHPY`$rO#aaOv$KV^SJuBz|lg6;WF?x|BaP^+K ztQa&9BCcxa>8r;qFmha-wIPzHabBMAt+kot03ZOXV5$ZZ<1fvs#G``x(InTdei5=G(zaG5K@bM&Fz|`skgwM=rxEMWqiArn7>fBUFe4_2 ziBn+zHd9L(uCF;8oAa%n-bgr2i7&3)^w{b0x6ey&FB8~4)mz}#wa-rkkKQp?skZCh zZELUJ?eg|lU8x8hI#a>41$ZG|g-40`_nU=|U4rBU&D<8U$`bL-%rbE75{G>TQcR#b z7wjQi6C;vt9RWOb1DBvHiiQQR#hVXTim8E&!2RBPA<%3!(dg zs5~jh*9!rtuJ-qO<*ssf`oYQgXGH?(!sVboO!O`R{l=6|HbbHY!!W0#S%U+41i>20@0u3f{p7Q1+gfnY=ZZn{mzG|P!GWu}av3QMl=6Mn?V*{ajJ(0w48kz8PzM!i$E9g+SOMVqh$UD++h>1qiQ#-t`ug zj=+K8D9oi*qjMV@Ez^dWcc#3EU6Qi{zFt%&F#gmaxY6GkiE!|7eQC^*@+n0Ne>l@M=Bber zZ8Da5UUue}j*<6(Gw{SYryy-aA-~^NL0}hcu;Eiw$+I?I4Qw`yhVPyGiLup-I?**& zOBs=*?STljwzTt@kjvFtM?Lkcw~@yhflJ5VC!Jmocr3@-n(Q@E4Dhuw!;!Jv%te}sx3)Cf6JAk>-QQ4+djXS z?^+%c%%6*X$G|XTU!_Rz1Nf+eH1<%n2`Y{p$2iT+F>TdA=-JR6u@C%GQti#hkl{6s zl&onm{)@evraKoR&PqNAJ1Nqm)o}E*hVT2VY4{$|dx6dEhUtmDTHhF-E9Q7B#UO(m zoD^54xxO>eUF5-!P#SLz=&Wh`$U2CH)so+Db!}cIA6kFS^WyfJp#=yxV3+Jt2Dq66 zCifhErKu_pwbnxF6|AKmcfnk{TD$^YOfx1Zwij@~WT2!2VwtU#t9DTI%NCo#qG-B6 zx|t#~_h9g&4_6%LB$xJ?=?JS6y-S~4S7;3>IEuSJa!gDqlx{XPckrg~7=RT>Jd(ZU zmFa^gcY&|f)insS;N`}Zf}eddIsZ1$64yb5-2F*$_=`I~FGNOb1$Vm`bD{S5wML2=+z3FqqsmRW$aU;3_y0l0f zJKyG(=ucLuF*Y#vXn2KgsP+@Nov*2>x6rVJ_u_x6qPxFEjUEdh!$_bzJqC?9OV%FH zv3FkDp|14AT(G)lgKNH}dA_*+ShJWPYl5)J{Z?=7x^t9o#1 zhj9poZ`uz@r=`-JPXYCX7K8tPC>%yQ#5=?_;&5CAjnqRcDF3m){uvh+?*Nb7FYK>K zFyPNwS8}+$68QpZHBYvHWBf~;fAcSY!*&?hf`q(5?%%;A%qS3$ZYbfmgBv|aPYj}f zVVwU8HeI*BarpU>ice5RLPW%Sy`SQh2(^|A4ub`~EsHIet$?lAf5sEZ{diL{GBe3L zA(qVa;&*%g!U)4~>M^k3e}V3BF-{;!YQzo4&>{}3S073N*I20=2Humso?3oKsnYP< zR~&PepF6)XTs92a_xlr%#>~Wcb6ut9cp&A^6QtK)ss8~e2Zx8BzN^41D#X&i{qJz- zbvMjYM)Vgt`d97$Oto?X;m8qEW}IM_E&Cc+?Xo+Tfz++i=P>5cpl%GoenBa zTm1on)F3z34ueo$!s86q&%lXmkM(SYM$P&C)d1C=Jbmf`iq*P@VzUWsg!MvEw`k<3 zmDPiJNSg#@sEO_m>#U2>>GY2Z#3pF)m3S2Qs5QM}_a7ZBMZ$%1>+WUqL{#9{VUMjj z^XhsxvW|a*yT|JC17+@h`jog{Ul7Y$Us!S~5R!a(>R!q3%}ITqx8K#ggB;Q5-%qaKQR6r&pi}dMAjAuA;P+l z<7OtE1*F;}qU0po_G4zQ*p6c9B{)_%YmmNo+lMWGoc%skWXFME;Gv=5H&bJ9o_Yb8 zD&_T*qIQ8|!S3FjM&OHLc|F};eXBk#;~YMMHNS|fZV^hEj6aT6I*`P`&`wT z3M{Nh!AmEKJU%Th1O4e-tXRI+-F>xdg+d@N#tRfR3V!L8e6{z; zmpS;P@V2UShz~@G(d)t2H%L|#g)}ZwzWwxCxPsncx~d|uP0cJ$fHB& z0FS>lkpOw^V>1hR?Fpm>wMr)(_bM*@WfMM)aK|}rFw_=>x>ZWitJoFDRZJdGdRq0d zlT}@%eb{>F*;=OXI9*y=$7@@zT5E*IRy53ih;?0vo4Bv#?pvLyh0)`tQF;RDxYfqO z39jx#FYeOD^_8rb%J4&L+pqdXdMZ=Z+hltLled(@hfeG6;Z3boeQesY-rl2$xB4M{ z79&^M3mHD$IytMB>Dm)Y*GiT=|ET*+>Q%d0!)YTdm@P4hXVw(9PJnXKOH6o}+ zDl^?Z!{$le7o(%a^FnH^4H3hX`B!)a6~VU+pLjf>3-@MsD^vSIYi*k#$6A?9tCXy~ zeQSv7bLgw#GyJfEuGBNjWiRpRkj0IO?&Z&?=Ckd@W{khtAurQbim^RT}~7$y&u8?A7)^k@@K{!E4yXu17%k?fvy_HahRjq^20*({CSFK+Dexz*2s zOlg+Os?r^H>*0^02Awg<;VJKF$Vg}eWmG0giu6h4eldK=0_zP$Uey7Q11yBWDRVxN zU&9)YbaxC5q6(>maPKy@1U=AR+qSO!rXZM<=kcm^Ja6Q_9=Nx&N{-T`*<<}}`=)EZVh6r#1h#WT_eownA66=+h)V-eB-!UOT&zhC0%x=cBD{_!YSzClH!tElt z%v^t51OOC2>>Xo|hNTi&e+tRUH{@OTv`{!$Wx`&SIOhI+SSN2#a)9J=ggB@~J_XG=CbO25n3)Qaht(Z{1t8hLSZ%P$j&BdnTnwn$zz2!Lz+Z zfL3#I%vs+`C2h@IZpRg~0;ROdvis0$ipzvXK^k>FFKn8w*4q?*4P?Hgc^^1ZUfz0M zH8537`zX-y0WG~@z|akknZXAlva%QuY$F>42?z9ln0yye)SNITI2axz*mcUuLoNEO z6xTz-DBWOBnkA9h#AB`vbAh|WzgJf^w9vMV{^iB#b^ufGvgWmdH}pRu_A;75$FqdV z$$oh;)gy#Q7$ADL+1{zs_HtRLrLZa@@?X&J9d71U& zgeW&(VJ0KX4{<=j4?SIZ2+$-Z+V}hN!fi!AYY)$H6AzHoEB-auL_c)%(HlgRqS+4~=8m22%E$W}VB{Dco z!=r`Ar4=s>X$x>%smKm#_2@S$hf;fTa}>pqRk^taoxCnO^6ze&sAy+lq#6c-RXxv2 zOgHlcT<``MQZG|~S~1_-Rz_awV50Pupc2=3^2{M{7I61d?3|SS`}H&*0$53 zOCFL%sI?wg>6tR-u&6MxlXuMa<3++?irc zT;5lg)>g2jB;;svO4MUC^?8C_p8xRC_$0`~V{umBInI{2sYmkEK1cA!Y3kOyqnEo| zcqvCK0o>NaWycb8hoR4uI7sM@b-FBV>R*(3)hdzhQF4XTlvp-$!gdn6w;#XC?{ip{ ztX-UOG05bLf#Y|EjXf#*#Z3`7j)SsaeKzTISa`w|)#YAq=y3eVMOUmB27hWg|6}zl zO9gpv_1OF?6i;^X`T7IpjklZgZM*m(T>H7#tGb;7Cmy?27W7FB{mCONL9_R6!Q z*lPNk%JfbQe{|Exr3P}U-gn$EU_GX*BBN2b~UTs)M4weXB`At*<|F{+J$%@@j zV68TN?QsquA8hkXML@eip|?=sipYjK655#1pt{6S6eAF6=-;#@VxBMmqiIJ#nFy$9 zCx6B7V7hontNBaN-YXX(73Q*^asrZTeh`f7o3@tJS7+NJ=pKsN^NIIo zP3Ewabi=p2K#_*vac;M{KIsd;thekgfkW}h<1v?rDB`AH?C!-bueSqJI##!t$)uIv zd`w9jYpQAb_29l*VXRb9`4)RHui*1WBbHz0PoJ@uVFz11exG>UOAz5PR{D6V@ZE)$ zwrxpC-M%P&LBq}bnMX&>Ve7`T9jpaqbd6xK+A2fnvps_4Y5h^BVXtcYX$>BAw!l=1 zc>fYjW*vgp?w*8O4I;`P82eZ1#Ht5s2TkS10PTdY8P;GyeUzQt&3r;H1D?%6z(R0Q zGAD|Eoo65}n786m<3Y$Q0})VZQ?{b$t?uv3>uIb6?q)T7&HfD_S=6RVZCRW31*eIC zA!oi1mA)e6?L^AglM}oC6K*r48fmyqz}9$i{g>SGVxuX=?QMcY-UkMPlCMOyv`S10 zYDT*Itw@qNC)e|0Ql^6=W1mUjW7{KQ!bMZl@&zQxCT4N+5Sb=(y+OaerLGhf%sc4T zKH~;1KP>EsJss8Bpce0@RyGldHY=g!oxu2lU}-U_h@pA_inMtyud z$U5GerE~UW*V(hhpC$h(m+O1#00VY)UdksQ&zI9hwrD-s>I`cWH&nCA<$s}6Dm(yyvhaTnUcSxTPi>_q~oi~)p+)6e5wG}zKKVy4ADo%Jl*zAeL~ z@Bhwj!4Gf+o$v0RlQrn%B|*kLx1yuLu$Y=#YRy?ViLLVWKpz&LtJ0@0?Wx#J1Oi>`kXoStEz8>TTkJ5@&^?xyqy5# z#o*JNP0?}iKWVI%WkCR6QHHA0r=W&iUs0}4 zw>_b*jOYv+ff&QVHm+T}X46U3cRu!SdDgSh)zQLD*4;U04itC<1C>TyigC`eX-qq* z_CDMxCDvRBW8JBF2lj?^=q!p&j8rqs#snOai006e-6g6b+sUfKorGh9~-irlt&*v+}^yuD?cwCtnNg+^;0d4s zl9uL7ELWw~uIi=qBA+;q~OnU%|pT^H)BHmq)_S zx9VGPMB#OHrZE0FVL{DLwJAvR$42`wODz0fa*V>md`fz3PKY3I6UO~W-4hnAx$J5v zw4V66F=^X$9GTvhknXYwYV)tuJzrk32J+hq5vcesNMMoL8|_!PcNM6Y(4Ha}ym6o# zTM)Rwhbqut>gPBKV?a@c;!97G-Jx(pU__=F&s^6NY5LAAS2}!7(07R2wJ0{s5H;c) z!PleL+8&`Z@vV)btdIQ|ZEQfjJ)%H&g)oyk|K3)*oz}Nw|IXa20lN#JU>dNaEmol| zVjwB0+9xk(TIAv}XT2C0O-!7cF;DKSu~V5FnK9T#QLc#Y=U*6tbz7W)#ghjTf4i?a zuQ=cL0hPvz(0y5C3^hrzBP=0Je!j#w=&HJsoqdg#I+bEsrffaCbLckr*BMu{fuEVG z9x2P}n;^77`-)41EnJRm8Aq1b*Y9qcKmW{=u{Uk2S?QLk7GiO-qdO1k8susEu1rO} zV_t%yRX7B^{b*Oej!VF6e;a~UKbjxe^ke2hBeV4oe_RVds=G@bnNB``6x!(_^U1)w z3@kPM9cjOY?hnlp5G-S-`|X8cC5{VCO1`;(+V-OthD|6bEMzYIO>Kk1dVHhFWjG0E zr=}G1r>sM!=r5E3!h2Y^f$2nrB?v1Inz+KZ8v8@%=kGhX-C}Z#2o0@*Z<;xyByX2m zifO2}jG;fO_?jD+E)mxP@|KMk4{RJ{GN`v>@h$MGo8MRIa%h?!Eb^v{B^g%a)%(rN zfag0A0iE{->6O^AM9Q$j)a1>dKS}AY)!`f*%ESIKUSKo&ZZ6zxL|tUlBc7CxrA+g@ z?nc{v^Cx;53W@nb56s*)A|s&~!^n*5;uZmc{n)&GF0o0OWa!u@ZS{qqZ@V&gSzsFm z0q4g@aO1CTP`fe+__&g#37lk6J|%>zC7d%q=GT<9 zew_9Ip1XBjjM+L-yss)P9+Za~u5$M7KFKW5K#X#v#Zd~73Oxv_`tfbtK|gL0_BP86 zM|BKM>l*eey(1|yDRp4&3jY~@`~*`UvHQ=ZLG%!T;R|O=Tsw%2(+I<33SqR#xi^Kp z?&zMLUxV#k`>LsH<|k^`P9fL!KVMrH?+fu!lJDZYc4jL^aFxwe5~}?2k5}rAZ>2^l znWmxX1kl73Gb|5DQ!2?je|`8Xi2iKxHHz zim6Rk@!paSB&@)tIoZcrln`-;VA73Ww5gda-7G5$wSFD_vc*M{@8-KcV|%LzSZ!cS zN5`Q}_$2#?_tnz1XUb#V)z-Z&W0a>1XVie9pEK4tD9jPR9(6HIroE%~@N3`WtTcyP zOqh5J7E%pQ{BlKly1%`!u$8PK<-G8w$Hx-NiEtqS5?itZ?a@~}V*WWtrG5vsEG zK2coh1C`6XsQ_l~^zjgj>8G^e?s@tn6_5!E=MN>b*b!5i)bH#X4{*X~| zPVMc3ZcACc8BI3EMtXBrEaC;HXj0VPhnjo1JREqiDvRlnVO57^q;G!D10Q})YVP$1 ztd_$5xZ!uY zwgt7ZS?-2ksiX{=HAo5N;8;>Mzt^Cu){fTR)A0+!`>bEz8Xq--Bq&i!rkUqB&cKeD zN%QB0G&3F7@7t7M87P!03MlJIg=Jtu2Q0mZruFSJ6S*xQULBdY_?|#9ky3j=^e!cY z5k4^2tkeMnoCeA)_VT30rerbRmFsnFUNltOGN$l!eWN3wNu-r$T;HbrLZyImZ9}nM z-s$mV?GvwwqbWl!sh{u6t)6di^O$t=Q{x@}I9F)*)he7uyGYlwc{kv>_Urgo0UCm) zl?Tl6OV->=YAPJlH&Pwms#zsFN0${eX9vRf?<s-&r)#MXdtMtDcjJ zJLTqMS=WS+RSs81#|tw?cX2!j*h1yhcP>nIuYn6IR8?5#J2V(kaua$HB#s+LAEJ1G-xqqTI6@iRNP(^L=!snP~jcfyxwvt80uNz7~W4~@}y zbgNflwCFTO5AXu?ISvK+ar5fJ(A5SrxsvPW&h1lRD$R&er))6BEHY^<#=uOe>*aBv9wT5rq zVBDr{eT+B9O?)wG8$-KQ+ct|ThersE>;pHhOtS%(bq5>%OaANM4LDMWT-s?h!ct6B zze(*Yr3wCC42<$j!J!>~x#F&>twQtf>^U^2itUdvghRO}KF#WEd+K#3=Lq%J1ZZI% zRGn2WoI+ug7JjsS{?_=U zd6qXW3b}`kW+*+txs*_>REDg-or24%l`*bluw;Z{Z7`T%dicFB>=?QgL^Kc0f7V21 zZO9@!8ZTfADDPB*I7ImI%~ggrs`j421sqL2pY;}`(qgxw=~FtF20eQYE|M|ieHDaiZL)~ckh`5OSH|PWAFJc;9hj zpBTgB@c*Mt>d}n^|3@I#lgDa4ZI5OtsvvYleEr2?`>WrXSYYK@`?AO|0>;;O=0a_R z?zjGLzOGck5@j}|O_!XsoniDlZV>LJc+Ro9`rRO!vI0lGAX^XTpjEA5G27rwux#*9 z)PV~72+`lIXWgC;f6;w^e=0@({Kaam6Rem=5eBD2IXD4U zO3#`sb9j<#@oUL%9~N-LKB65(>>hw|l8qQ(ZC9EN4?cY~II3q%5p=nrOqWVCWTh5f zM|t*ewYM+-V0taWp1_ed9Jj3_3rZd)t~r}(%&Zq0TB+4qy3IfjLUj{z&sj}-V*8ejAHk*V_e&}_b0&Niwu>rXK@ zVrLg7WcX`8#d!Iw&ZHvRJyvEupA>2r&*N3ddd$C}EPSRcBC|>#jr+bK!JH;-NP$y? z(on!K(K@;eIW+?KYdb9KR6711Q9R2JtDg53VIEp&-T3A6`Fv*JOMABnD^8=rrl1@Y zKsa0@dcLr(2(Vm9;;@^A%UB3bqyYillwuUDRvYqu`AuUZdV(mZcWswb+Rj%IVU!(~ z2hirP{^KNb63m)>6(3LNM~-^uWxI+ZhJn5%5;t&pZ?CR7gBQ{}qZ@(cpMT9R@BjHf zN_9uzi&9NwopRzTKb8^U-)rzx?+=TRhETz^MbX>ZhD&o1jXcYP_3g^*A zsv-7$r&N@9-N-Gbh-lG;Hd~dGoDlRyi;?C+4ObV6vJba}&}Am1yN1ol965Nc^nK!- ziRDx%j8M3slb|ED7y7c+yIc41xkvL&rRGMs<4Z&xD1E28)bESuKHjiA%eoMf%OM9x zj-$ps7;Kz;SMAejvOeD;wNwaZK*k=I6AE*y3%iq7KVS*d>L_JIVxp>Xl52Nv4j4rUc*A1r?V=M_b>M5oORme2E%OAVu&s`yyp1v&fO5 z$j=VMgUuLKTv7cet3%?O7 zKei)u4_O z*Xf3IAVm!*q&U-dqO;}D${O+`wBGFEdit8;YM#EOu0C0y4$ z#ftcH!+f4y;o~Qkk8g5z(?XZNMD`wWhA`DoW#Fde?-lpGkN-~RK*a`*5|*~aHxFl* zD3s?bPcS>mplKru_h*c1NfwZbDh!+KKL)>h%RkjhD^A+ebv7g(rP8Q6EOQb@sGKTl z50gXm#S>$j#%<>24d0DhciU9#n@7tChojNHs<4eF`GBw<$P9elG@}{Y*=^Xs$N@&y z5+N3WsCH|6=j4zc^l^zf9k_u3G7{j6&-T+h9?Ae*A4HbU=bIFv*H4D$Y#)bT`B@a*-ZCD|L&5TeXwO#(ij^b(h zH3^W1K5ny6v>c1RZMdMAB2khOo|*3p_I{`zOf{-u9oz79K2`C}h0btn6wCJI#w<8c z$}4IxKy~B7V>k7@6)purApPW=cr9wf#c05uTLEcgNz~fC%5XL}T3IPYDbv^; zV2YJz5xqM-1?#f04-Y3-FbL`HK|8Z1zp|yeHqdujz__eo20UE$++@kvqOL4diTaw$ z8nvzYk%5eLb8-pmeVqdM?mm(uv0}i(f=_o`k+XP_gg<^!rX+9q2F~1?kjk6sCN;~0 zt9mEr%Yc8o_9nx0TWiu2&8X^ocI!yL&I7!Ea`OAt0_Py(OPB&~K;^g6CgQHR;w!K| zEP%zdlD<=1D8=<<9s5%y9hb#9wq2C;MY4@=GDIYDX_Qh*bo(H3r>b)eRagyAU1Xej zRQfZOA}r(VFytiJKR*s+cq-7ROji-AL|>WIroVie(jc`{^y>b6gHJ{FS;D8pN3Mbp zlf4JYdWD22+f%K#S+Xtcf#m%meXCE-T0fJH%R~N>b8611n8{o-!}gRW<5=mEj^Nn) zbG0=DT&(#l+@Y`JMT^+HH2s1bDw-(BSQv5yux`Dt{ngR5sMLTEINtoALT!U446TrJX_*m?%!8V% zKirwFk`5rMYwcyGy?7f>Gj}mQF_iU@;P$LcG?oh(?o8|GvUy1d^r1cBL?E{g+_dGj z4@(T*R8_bb3zAY$ST`uf)grz&=84fIL+cGV=!qpKvKTfxF@H|Uj_TT^K|sfwKZr>7 zI3bP5PPo}Mj6%P0gwlBjOakb?yL~*kn-kPqZgC9X=QQ9__YM3oGc;3*iebee4-~?R zI?<~np(%SGlp&5j;H&3E+?71_PYH!9MzS*KXp@9w`h;tI-cD)4eL5?bSXiL-=i z5VL;dyfqp&>^_)@Whi)EXB7X`$uJ)!lKuH=1;*oBo?Nq86iSHsLsOuZf^GBpBVhQ7 zp?}wLQYmm+S2f`%RG+e{MIM(Sh@oJ%Qzq__VM9)V8P`B`NRD)28h{9cqHI|d=l_t@ zpOiEO%{ZgwDv!gXh; z>x?{CmrQJ|N4vZrKL(jZh7q&;A%_3j*En&~AHU8V#XlPFyINf%9-i>|CYo&7{H#3p8CxWh#b zEjL}hm#H=-WM0!H5Bn=9Pp^0D>_r7y2W*=WKv05f1^-4;FW2|7$=fVvGOMf8x{ zs;00O5?I`jphXkLNvug6^Lm6~(#}S%W>wi9ELPbb+9T-VnB-Xdf*o5rqt5dVuEiO^ z+Heg+uLh0KB=WCDMcjmu_a-it#ptic)2kMf-2M@=DI)14$Xiy0U0XE zR@lX2Q5s8eK58R(j1e~2sm`76H1w`N)@0)1M}kn)1mT6%>$lF~!Y(dubeJ*fae*NV zxyqMbTuC+Yv6NgJ2MeU6854UqiK7itRY!*R7+fzokyD*U$>+BkRu9vEX@>>{*e$G~2H-j5rfZvy;MX zF0iQ^Ef7Kj`)SK?-q-Ah%wBs^_4u~m} z^}w56T3~Otn1N4&Abo7_ffzNqWT3B(>VDgY+?K_On&tpVk`%~G-GnMdC$jCQ-CY%7 zX~~gTo$11M_U@wo5>H1%K@e9td^>yDZUlEtHd!3K^$Limi-VSBV8DH)r-Fig{=tOIjx61H3ZEX2gC$XYQhaGnTq$l#~MQa_QoS38lE#cd;J~3OE%qg-aOTMR6_O zb<%IOyB|Ykg6nL57aMa;dQIVJ)Ec0%$%x|2Ad)jV*pgqvk3ORywX$k3sIgZ#fKK4< z*=DWIlwnqbkhP@+RWp=BCAuVwr;mM)WseHyHIBZEWwMSnhb^^sj-Cy-Ys=(I+}cYDN^(kucOgtWQQ}wp zGju=$b^iXtvf@o=whOT`f?aoh4tONu8aG8a%cRQ9$~bykJk)bR;F-@#A$!Y&+i-Z} zqJLM1!c3*FPW2=99-;}=55?tloL)V=M#VUHM)1t1fNLNzB-fJ*=cjjfU#V(6&L2y) zRk+CZB?Sea=8J8$e*r2w`Uxux}lrH#fNUH~u zrJ(>W!YE%knkk1|nR&$9F&FNWqzW&MC&|}EP6pS2)trx_>C2f$WFD$c#4*sO1P~)o ze;x8y+`sDQdO4bn@nKu(;z!lda6FX6HiIkap*4x7$Zm1VJ=4Xm{o_{TTtH0LU96R5 z@zu|6S%KR^b4SDb=k|(6QlA{_q6&)h4i`$V6+dE~x~FkSGI27dQYa($dfx)Oq1YD@ zoZI`yIh!v;Sz}53p-HzD`w9E68b`_*)s=*W?^!nM0PVFc!Y622O*ERE2KK(_#xQt# zYb(Q7bS+a~JKKt~?CS?li&xU{b=fr*Fxl2D_MBCZ_SBN!(M~cvxQG@c(3bOjGTdota^L7tFj9gfaiKgMf;YO z`&~Da-+n=5x)E?(f?Ju>xkikq$-lT*gFxfbi$ z`Cct~{i&~fp2scAZl*|Ks6*ncyqF@QTG0TS597_i8F-k3Vka);Ei5ly55jI^`cvvh z>$&Jit;@)&&Dq)1FoS46y{Y*oog*ER&aYTMs5rJUBRWY}XH)!eZ-2AF1T=P|lur>2 z=ph|%q1w5zh2}{dx@MKpxj9_d`pN*v8TDikmH}sM&Fqtj)(xYGrf8Q0jDV}NG)Z=c zT2Cx@_wSw#m&T0MzcOX95fek$Td-732#wN3it*i*J_FHl=$ zDIh$PdE+CCw3sP)gW$ZnbqvHHbe@^D)|cYrueDI(zH0><11D7huX~mM04FEXjn%;lYcrqNcB(q_yaeq! zO?7GLYbx{^dcAu}PUghA)3qM!AgnURg4S0lt7|_=4v#SlW+fSQCi2VV3fq&oexL*! z;aWKpHfl~EiC<>dbty1wUe_=ZK{~c_GMBZ|a58)c&h?Zaem>2162qDpnZ+9$Up(}x zL*8|MErvl_P}*R9+dJJ~4g-mFt6WY2EXtnbzT!D65@km*8N3tQwz(J8E7p3{xS)CP z)3N)?q1*OzWxK8)y}r0sUC6z-I5?-2IjJiX4j!C5^ZN!0?c+_ZKr#YSCn>D8(I$?O zge6>#K#y2Mn^ta(G~bWhSE$nN8p#OK%5#ORTB4sS>Si&eGp)hk-xF6bDL?9(`WMa_ zFA-8SazKe#IxI(btVzDHJzTkdq+W;%1*Nvh(vIN>nJC0ScP{Er> zGbdABN1#mQlRJh7^{drz3T_FO1|YFu3b?NG^YILb_uUUJyt}`X&*TQ%!=Bmp6u$(G zpSi>GoR4pvj@%ow&Z%vH_qsb>74%6OY11J~xW|lg0kq4x*?iduw+-1DOP`ug#k=xO zZbh30vQRi%H&lq$zcDmp8|Oe;W}*%Yk~_hk>w{q^FqP$pGT6^PcK>x@n)y`TDooEB z=-@@Xh?(2z7PC-Nnv);K-+&St2RX7rppw&p51U%i!m`?q__^h;WI0*QrCJCyBRM#2 zlESuPz0*B4soEH?D#t7ZXXb0?D648S-(HH>F8#o4rCuNgXtwYqbEIW=@HWiGdSB=8 za8ocib2P-`(s*i=D1_!bf%AQ6Ul;7}jctmX94olxB_p1W+o2=I$6L8u3%c}N|rtPf={r@+? z-v-DeJDD9H9#L|{3V|_0>Wcs$A%kl4Ks~B{!=AE&=Mq&piEo#&p`xc694ww$_@Q=EMwi;PG1-UY;Kz`;*vpN>5 zRis#u8QkdPn5jb7vKq1?&JLUzKRZ@&jOed7G2AspN6PO%DP8 zFTW3M4gfqiMss5!-tc}JD_7wfa9=jU1y!M?sAkDU>qe3gf{}XBpkOXBD%K!sc;T13p+{MZPh)yc2dRA*efm`9TTvv(>0CNCZcMs;#<@2Y zGjp-3hS>2Qp43KJO!4m;{2pTDwBi{(LblOz`X*3K?{kZJ42I4H~suc zzISHtui?&`psjHh!(Jtr;^4nfHx-jJSA3Xin1wQCRH@uKgy zmp?G|M|akesCqU&$}R!|#Ne(~qe$2i2W5)U(Fu4}UP=kp@37uqU+sz9P?HphT%Hk; z>aMTe?Ez)CFGK8r&M(=?X}YBf1%b+)Ri)IT-%1P2a=}TvFL~7Z&(napA|wQ~tt40! zVndocd9{FAE)3H3m?XlMD%D|nxk{b}@*zt^8KM4=QP6+nT=Y*UqsAM*#nyr5>l4`J znSfY->Ba;TTTjz(A!O4SZ;|xLF@PJ!yrCa0EX{UJ;`>n>3wEi*NtzMh-WW+!ffB%X z6R{&9E)RS1uU6US5wYnJU4#6E?%=oS&#rlF=}8;GR2f-4>=y#)p7fk7BpcL-F%)8B zXSCQ`ydQVk3NGXIgbAZo1#j$TE_?QuHa6~$g0(AY<5-_smv+P{!OHcOp#;|8f#gtG+Nt~+(yQeR>&~qG78Ret$>~BqST5*BKj{3%1 ztK6laY=KAJ^j0)zeAHmXB z_VvyUvd_`U6dgj~u-tYPSnHPtfAUKv)72~QFDDB=2|d}ftg zkR38mcuZl>_z2z2qA3P8DbvQMagiVv!nU%_qJ*VJxq8cJzZYsOpPVwvx}1cL1z{A# zaOZPuuh;zGzR(wtsE1aW&@iII9#sH_x7RRQUh&CC*%7z3Gm&ojD4h=rC z%}j6Tro%BuKJu^vPAmjYAcl+jisZy&FuN18;wvHyU#uE{TwMWhuOY|1i&c$YMbGi; zvy0#-RpQ#`5{F9ZJ2Wt0`r$_^V$=P_RY;rLVk#uPx=8(@QJWG@3sA1>3fg!~$W;m+ z$YWA6s0t;HoX6xe&Kz;u5u;bHo$wbfeu$~WrioM2ejpD>pw*4IY{Y(J#We;) z;AfQs=9gK3QNq7-L?~O~3c-n?A2@H}=PD2adfE=urC?CMC0u3Gm=9uBlI%g|QI?iO zfJM*GK-qGd=%%?QcRI&jc zLl@}yZ9PbE2gJmJMyeu-enMJ#HeWw{85lOaF`EzUCX`L!LYFPq1M#qIA!gp}7pY6? z_kH-V9wQ8-GM!pl>4YNDF95(6Al#l!R$Z^}0 zWuCxyF7?WQJsz0A9)udL2F~GSq`x+eUr0aM_F=19UJcMWaHV(Sz^5~snGRP z;tUTO?WhpCee{w$<)9Eq41Y<)g$!~v=+yiTrnJ^57Ev2{w;BOQL@YV0H_e|FK&IrO zRH2I>aU+#*PYLI2SRhNs4jGBLNn~S#eEv5xi1JQ{t427Gl-<{U`z=Wtj(U@{<|gC` z5c6p0EEr%I#kJF}YzT&b$zDE5rzH_eXs_$vRCOW5JB1qol>5D}hV9GF(=XzXFtb;f z2|8M$?)k9YBexfgIUM?xVj>8od5RWsQa$+}*tWse91et3i zX)@}?-GqANkUHC_vE(D-fUI8ABhWlL(&w_#xfs)NfF*(x#1aL&Y>Pu;s#$<3I+sgZ zMMN_-Gggu;F^ezKGxPj2YETUk37i>^D?p|yO zo9&o={ZRung?57t<%Gp%D=Y_UEh$Dyy|@P+U^cEcC@NE><~#Hzr6}C%vXCrb*Pr}6 zx;OqE!F*q#C|h$n3OLT8p_YO&duTLpA*Kr7WJ#p8Vb2ryR6MWB>Uo6<=&rihGefW2 zJGT6AevVrJC{=-YUa-$yo6!9fiP5L)Y~asnBy%F1$!lx70q(pPsQg7rlNw#mt(&=0 zqVn9mDbeQBm%y^=EjaEU4qP^)}i%O2B#@}N1)#;|X~)Tin_m~2GxL7_6%RWLX* zUmZrMCJ7&(;U&B)c4Ml(5~osdZBR$jm!;_1Yz_97g;I<9G;W~MeR97fb|szUPp`;C$Gf_}d~#J(id}Z@fFD)Fg|ZrJmRae3rx;Bo^DXg6d8~IP!(93=~T3v z)UBUSzhvDWCfC2GJUx`4D>fo`w@6{!KC5u>x`}JmB7l0rzxi{rRtc6mNKYUT3fv<` ztLCoBr*p#2of?!PfdO+7)*+auJYke2F@dLN{Gc@7cvRU&;KLu)IYI&#>6o(#yDJO)YuLGCU!pRN6V# zcL~25FsNS=(cu0b?#>b3lzGb{9llq^?9a+c?Vpv?`qNhrJm+vE+$tJs1pW{mlIJgu zYbMs!!j`xaOP8_}i+gN~oKYc&@5%W6U7Ks49Q53>V8S)V4uR9x=C0}l&0EIbzVqSe z!swYyv`x05u_>Jn%(!cvn40jnHhu*vLAQqD;t$H8UenNXBq9rH7BSt}ojBq+7|X^ycJFQJi77GWKGr-T(ViBi)%$L^`}R-ps?0KUo1)0 zSsh_&dJyb{p+9e@jmz=aNrFPP)5Cgpq_6mEmn3NPh}t8~z49+yVi9;a3GXkIko{sd zHQln7LYFG0z#g9CKk*^7g{gUMZm!id1z`ttW7vkhBN|L_VsD#^>y)KV;lOXZ6eF(x zw#yLtA@>A0>96j2uH3qIo-I&sXhbv-+7U1=YucW%aO?qEg;n?9WL;5yV8EFXU{T4u zm7ej>VmnMyqdi5dV5Nl*EIr~aM;kvw8$8l=9b%C%X6Bq3UaH&=?|oRRR1vBcId9h$ zioA|6YPM20jM9u9TO%sRQtw*%msL{YKe%%R+D0?4fsUPtnw?ni_AwgO%vloXR)xyj zTbntef`XKoa02%WF%jk)_8I<+kd@2p+i=FE(1y(WkCgeLSP}_Dtk{%emrqq?jVI@Y zekjv81qeE{=$$D|M!}8BJDS9(jW?3c+i5@GkJ0Az@vjZ$hutduk4G`omrxr?=819) z@SV4Hxt8%FGKLb0uO2!{!DWY6A#6*VZzGn(#-A3+tb{d+AR|-B4}f!nEo0}cA&FLI z1vHL{6K)+y%PPz5;b3lX?LRyL>VP)NR^XY&v`HBhOv>P9AD}6h!2FHvF8^lJ=Soss zPG*iLB^SpUl@oRiJu1(!4BApSWf(+=AFzKXs#;7n4WF54$p#%zds1>Z>X2LUr`QJ`@=bVFhOU&n3b`X^XhF=?$ywX?ChvYWmiWV3H zg#F_DDE%G6s$pgMoh1n|^i@#kIh?3Cqfd{tuhZDjWY5(tD2t+e&R6OZjhd?+c-Ky#n|QJ`+FFy5ZrA7%3hR zV&o!uQ+xZX$NS5pf5`CO=pSQ-z~2WH92^`Ngd4YAkl{Iu>dcXb{sr#Oi9lpJU=k1n zLR!JJ-|wW@HjNHnZ1jaD&}cNf-!uG#|L0A4iRtM9;5Xs(xU;dc4h&Z-Q?0gpq{B$vL#syljneqN>%T|J zd*@fz))Mpnfe%;qy{KJGkyh>ZhL)C=_~!H{%S}YQK4q^cZB%|YA;^4z-5TSAn}D}D zou(h<`ci`#LyCWCB9LI`Vv_6mBB5gtpW}xp7#|Eqbi5py_T^y=O4Qu!o9&wEpCnRE z@WYwCEy?nNi}oGm{jtfb|NUiO#Sas+x#3V52 zW0MnCxgBj0?bTuDcGdqhw8>ROg`_b+dOBi<+d(D{u$0@pR_hVgVh*c5?KRR0Zv|rA zNhqc%(ETLG`p|K;)fKn-)6@0Hye5___Q%}o?RMZFbrUS`!jySefSYUA9TuD-YLfF7 z@+MLfgE6d59`<6X?pG?#N=Djifksvy*C4+8{=vd`6}g?acpSC6+fFcc4Z{s1w;eZyQ%gb5Gz zh$-tvb>2PE_=$+LGlGOaI}$@6{Wt)3abzpgNPcE@vA&Y#lY!6c<`xfd*0cA+@`t|U z1RA~5&psxQWw8=$U`)e*7ROz)&g=!Zpua79AxVQ#wE$E$V?ZirRnej>%EY#u8@z&h zMu20aA;H-uEHSOg0&PNZU?CdnsF-aFFW;c@#7tSmjO_6gn#o6V3gxeqK&KMJR^JW>8k`(O-qKtZU>Z64 z{mNx%oOmH`?N@WZEsJ62ymQ@6ms6+vNvsx#+UV)dQWx33yHL=dBh4e#ZuG`E4csM} zHG?mf*Hb}g%AQ3!cnmFIZQ*BjqFYA`FKHwX^XT)waVF#0bYM#Knc4X~WZD`xlX~>p zd>R7Ptu4((Ov%YhaTZv+x3mW2Ll_GjO62O0 zC}RGQ${yDJ^_ef-w&2kOL*r&;9`RT6Vcjk5U=Gf}{RgS|@F%EW>|X0@dva&3t&^GV zBsR{ch~#Lu?Lfxwlp~C|<(-^P?M^z1_{N{qBLQURID$FbCzZuLVUD(^9fLG*M<*N) z<6Y&EPagWmY|FA|Rv0_KVlr%8O>9bqc|PpHA8|R~H4uTZ7odeGC+FOf0xS}mL#~%u z(mu13kFt^iaKa0HBApd*Hg{bhx6Q%^Etz2fHM`wQdB_31>Wn&UR6%bo<~)PytrSlB zZp_dhmg{WeBtdhr=a=Vo@GonPk9@4HH!b0F+RzDvggTrZBYi-`sBwV|RB*w^{tQjD zjt|B@gRDO7je2xJJtU`nll zgv0x+#t51mH_!Gk99BVtEjl=R30U`@KP;u+L$|XSl}%|e{jf7_v-4KCSy>t*=~*5! z_l$Fm+sL1fe?>V_!lo^{vbMOm^FH&TgdZO6>q0a2^v)fa*y=Pvan6`#ex$Z)4ZgmR z!6w910kPgS%<*dY=Db|?QfZ&1fxX7jRo*idnu`f_NDrse^;u?)=br+!HX_9D4jP!| z?4-kZJe_vCya*`AruaTBBo4ZrKdIl#>i>%Hjum$*hfieu;e>yLwVN|D*9E35UWd7a zp~C_id3DHX!H8f){AXW!2vrIbA`tvXp1jg*LFhk7QBB#qKSa?=br)06S!7u6bEz_&}2j%2Iio z5hR`r1EzW5ORAHLHB7yCZDBMfnN{!!^>us5yWcSsbHXJ8dA_X|*YTj%*t-voHwlS? zT#y3vz*5?*$2i@+U9U123DSjTw3K_mz7Av;@!~Lr@Fk-Y4e5hsXxudu9Ll7;Flxo#gWaDi(Z;VA&q~`>D7<~bd zVBXpZa<-e1zUlK~L08T%@tP>D$K9N++iyJ?V+p^km4hPMcsa>-JYk+4{6dkU?b3MN zMJOCUk(T-l`)XLV)nB%_ZO({Ks~`S)kLPwg4+Yi1EyzJ@?VQ_Q5cG*qc+7Pu;d7AzH_gt?i1EU$ z+glnA@l0r89R{9zPTw43gZAwY=rM?9W(}&}#^nEOS&c@b!k*W=h~Zs@T^_^Uh9dy9 zXl7Not-(UCg=#g*;kyJHc@3=k^2StO($PAm7j=rYG@U!|C)Oa}v;!TiZ$n496WP!$ zQGTqTiNIeyhS9A4jLQ0=fGrPl3b>yRYU|>4!5ZT2vV?uCSqG`L)@tqRmg7I}LAE?B z3THoRE&ozXP~ZO`D%VVZf5S(QmG07SgsO=msy^rPGL7tg_VHEpMr}l3CvH!TZR2&> z_uUAx_-ob7};#>*ld9g=@eTX2Cj zX;}4;uXuz77Z<=v@%N7~9w-IyBvh70x&cV+iZrjCCPm6w8&mbPc$flMCt!x;c@K7@ z4$0SJ;vO%W?T%r5V{s-&b4C ztYXXCWCYMJW`})cDTiAxUmLHFKKlgFAq2DXI{LMr$F}T&4K|`bNcw(zjbMY6<+G1k z;g=mw$mn2}klDD97t|QQcwY80l3NBz<{(;3yT<>KxEb&3CfYLQH3> zSyumm9`n5Bofg$-y28n=)ig_|YXJx!2JA&s|}bUe1+zs%3Cqhn$7mlc2&p2PVfsj$n_ zl8$lR?_sna72J=c^mf+#lbFMNQkI*he@*22YPxHAohN=Oxe`=$ouH{_zwt!`So-C_ zQS|B3xQ>oax$e{74-vG~qdKenKJhGpNs2!G%XdC(cd8SoW&8v`XV3-)>$nkmZRf}y zpXoAQtudFX>NdSj$)9XrEYlweRYJJ7V=QB)7I{p{G?E=ih~EwXhveO|cl`&qy;M=)GEb zI{(JD7oH65lmC`v+iX)QtPB*k(8`ilG(q3B51*)sO7*Ft=q_|erzxE~^4T{R0`?9q5dYq4UOffOK~&YfRT4cKMlwL8=JErocmx`%$>v z3FFvhoW~L2vP--LlGLO8sP|?XvHhECIbEl4F%&Pm_)m?eX0uboZFB%L0;G*#tGDPQ zo~T5~(OH60@JfRd^Z>#u663Ev6B7}a?o;_@8XCMV`(LVXT@AH)rH)n`5S@bGPVk}@ zn`odlHqp*gY6yE#vmTj(1!Jk_Ak@V*p}9)P3|g%_R?VYYU~1wS0k|9`WF?+lXr0$@ z>`v0WRN7exzQLvFaGp=`B+#q=GSfEHKLHZMDka7%3U?yHT`tYK+p9ilgt6;##-^%e zQA|S^DU^B`tD8GauAM-qMDeR$?YxYoFs0-2!p~w<54& z*O>obt51l}moMWL^yFz(1R|_*UlqzXAr%5I=8jOuh-V|i#+rwfc<$@mB~anknKvyI zSZ0~t^uCXK3f^B9)~E=^Bnv4II-e#F?MG$n8OCUHHdhurx@2LXOs%7^HY|+FQD2AA zWaoNp$$1paaTWKx5YCnM5j*ThW1C6!q`j354Tfd2Q9i*P=ORuyu%bO- z(UdUi5%V#7P5ZbzIF)fe@6D);+VR{=h5?9t%^2HIaUCY%!M{{2c1yO)6Kf0ZYMWpuYU*j9XduOT=?1)9Aw$U=LGh{BO1pesO@ZhMF zEUoP|NP9^`@kRu@H<>PHuHT~c8 z0ElFm|KgYaKI5{t!yaG;<4gae-_UJi{8FtKHEQrbjtcm5zkAq0d~PB7&w?H-Ic%P+ zv{bu+6$>-{e}8}Omt(B&)*;LR|JwU9$%6kT;r~b$FVDRV!FAg&PhS3*{!mYUKmYF~ zmEUgx{}M6&ajt)FCjYk$tbT}&8tScdX*;w(aw*U32yOpaloeId4LF3tU{uk(;{8J_gx;RIGleE(kN$3 zYOp%e4;o$3&65UP*FNX~u7#oC(ev?yjFL7$ z2S3~-R!uQAC$xSi($G!j9Xn8O#E;zYDoLfNkk&G87K)w9`GDRS|LmBiz4*_J(H3m< zS&3!lrc&5nOwtOhIg-L8NEU(}V>4Hskip5CvP7AnS1_Da|91Pjn)nhf;X+=o;p~@Q z;aBddv;p_*g+nI0_^v5Hqd+s-GXd>rTOQe`FZY$V)2fP`o);C~NefN-<0NuI=M@6R z$+l8OlVJH|1yzjb&tNHpzgKiEfI}qREWa3x{dS>~T67t3X>$qsE8f zV{FX9`F3@6Y!wMSAxBO%=#yBlSsyJLJ!xFqvNOfmuLM^n>kLw#;_t#hGI zr&=^)Ufp=FOtjr`R643>lt>%dpqVZ*u0|O&ClWzG=ne=-xwutmb%v!qWyM%ws~BST zko@H!K`ODOk}nQFk3h-SNE*ISQ~og?_Qe-<9O!I@rI^g*^H>@K=nxKkUQRC0IMO13 z!X$zsy9zOm#XP7chOH3})5vTo>nqWt$)dowwFN&&Cwoc_e+(2jLFYt)XXe(XRpBcw z)4kb1Xyn1>O`$G#ImN8poa9lvoJWg3;z9nIB#54Ycskf;Ah^C_VwTY*MHQz%9xrv` zO6=R~r$NnRWjNeGox~0WcO#rQ?sCE(gX5Mlq7RnJTU_re&u>!W5==3TX=Y4bX6@na zIB^UrPa*HeuPf6{2&W6h>-O^xbwt}EBHr$#0K*dZU!~K|1ECug{J4JZCO#Xp8GmXE zix4*OWUmyupEc{=JEoPkDIY$KdHy211tUOjm z>OKUQnaF}xY$68M6Q7^RC z4JluoZGb{rw@p6DBqf?@_;dnK_xF!fDEVP^yYP=6@4UR3Hj#GE>G%NSq|bzzxln4L ztw(NkQ?%*TW6|-C*t+Qr$qyRc5nj3AqrCD*PK0gZRD0N7Hu&X5!zLpgkDh*F-U%im z-n{JEqBtr_gF6Zv)`(!G+&oTJT%z@~li_GE-KntI?`0!-ufSV|Qn_Q*^F|BLrEu=Z z%gS6epeGRexA_KZ@5rPuubgiSt?EJIoih1w(tL-z>dNIk^4%O+P~d}IeLrL@c0CFq zWGjIQSZ)>K#&Mn%R%n?U{k20Fhxn4G{$?bR?j&mo1ae+N2d+FVP=_d0@Bjzw_e z^BJP9s3ZdfR27LxO_s$1KCbiRNay)xNaJP=G1^EPQ8>nkdUfdm{01M#z?4kM&v2Tn zrKvT=m_SXh5qOKM8C))1g0a{0B0c}HRW*$eZqOq?aLWX>JEtwBel6gql#R1u?Y?t4 zxqtz{?V)CzrWq`Wr1xG0vjrGXh#W2VtIh(=f!~x-;*z`_E#E01lrSL4mepCHz) z3KvcTqXvF zxY%6e!@fn+1Pg2C*!TM>s)tpc1gpF~@xuz~->k-R$06mAY)P!{w|CI>mcFC@QK zh?#k+Xl&>#XZA}xV%mpWS~S$<+YDoclL?m#IXA04Qr~gJb`pWpMvSFn2pU?{CJdY! zkJ?RfQMN>=+y@dltv>#ua{7OnBB{6cI_^-T{7T&VH z#O-He@;+|-cIu*5i;%FiGuL{AaZ9EKJR|uvU zezK>HnGa#-R?Un0o`(20_qG+E8)L*VYDuNLBGNOfvVV{zr54CMJuV#dLxFPA?GTGO|FR0Ff_28$mDh5UD=-&!RJwYYhft!slw>S5c{3b^VE-T{ZX`j(DzYiUoSPL8J&r_2KH(7_P3|okzgafZetO zF{9+&t`sR)PPs@(_12p?{Y9uvv0Tm5H)H?%NrYOr+FzHwsxY3a&3k|nC#K%##p1=6dklGPyH$#z=f`-}< z%J)J?nJ7rw4d-hJaM6@7zb`cUIt6upi50U{`-=Gt5O~=W9G5YgQiGjgIsx6>Y^~-% zO4v{Lp_BxcJ83URfOgY||Bih$b^Y;OrFx0+#AqEp>^4+yeV7l?R>?Xx3pNmWMqSHIbdi2iD64qZ)$XMRFknRs$@zi3WctMicwu*o+vNHmN|C`Kn|;!&lS_;!e^ z9?FPyh}voNZJa(^9Uwi41a&dBuJ#n<7yN9B>SHLTC#8>*dxPP;M9A|M>u!FqJ z(2?l97S)-yRA3Xk(+uCFK}t;tME@?8AYGHziO$qt&J*LHb!I=eJxOQ(%ZN!6x?SW|tsFSJDa zF$4lY4{P#lvD?l{VMFFIbn6YMy8Mzcqo;Oz3J1|mjC!`J>d~qf2prn%A*)L2uI|N` z!*lR{RUY>Y-?5yJ%_ek`dDc&*a*p~&^@Kxo zQ6TNJRjk5_A0bX3;M~?A)pN4TP+2dW#sVd!#ben*38)WnfH(t%wW%4?Mjz8($J^Be zWUzAdF)`w)2XZ?D;F-1qMmxZj=6R_5Ts$kV_^KK8)Ks^jyV_~-yaDJrEL!z9bUf3#y7eQ{RQ zdm06FVmKy5OsDN2Rk!m$gN>zH!MVf{z}H;x+V=c_`KsyDF3+(v__CGUdA4?CxA?C3 zrx<*dgFP`y4(a(J4#Qj!4U=;LrdY;Ravxh7AhFqgwI?sc6nnf^YEdN+^Q1zBee;I) z6$N|a!oVF9BxVA`As|P?sjIzv+cLq{)UMA?%lGr;gSpWQ)Z|LLK1JdHx2Sr0n-;UzF7K$fWj5cU5eHUD3rn*aXE{|g$VF1K@;pXcJIWmNSwy!e;djtc_^ z2W=~B(r~EGe}hQ~(pYCUp+TwMwJge_7F*KT-5B+G&LpZ5u`Ht(PIP4bdvJD3q? z1WU85zF}%!F1u7FP%!VY-UHkyHl){$*M7YjAJrJ_+O~1-5b2CF4r3+*m+RXeRiF5@ zBfyJw3Q0LsEY>Ylj;o*X9iDD8JNjokraKM#8Izfa1-FDnl{rm)CP+0$Fggw7q#UQW z{XZj2(%tIR6xlz+7iYGefg_dR^J~?tc{;O0!y=_hhO{H_GZv(tG6*p2SQ!_W3k3S`a|D{Btl9kz~{KUd2JQ)~x*S z#)S6YZTPuyj&JF+%$egs8|$p=8@W)7lfgCdEG%Ay&;S~&a=pfau>#OkppFLnB;mMd zQ0(^n(j2M$T8lhR@hFW$KvbP;uS(aLCdC$Q%k6P%4mQRR$7%P2?A2FvFtAIDchS zEy5|zRuhhVP!>$xiYIt*i|8h;?2J@!NXr^#`R0b;)&k_61;o+~NIs^1;7i8Bbl zn{epiO7$u6mOBVgGSQdHe_;;>w^qTiGySHdG;oRYD_}ob=)8b&Qqya&@uV=)l51B} zG}$Yojx%ST)}fc1j}lq0 zk2&)+sE=cOW09y%{Kym|wq0bS59kXFSgZhp=?fKhXx$OgkRXYVqvwD-bS>W4xp)u4nh>pLc{nVRKdZG>e|35 zV&NSC2`xOi(99LPV0AWmrbiQ0Epac@kTDF2zo@@dQa3y2~5NK8`Pq(AV9xT3P2B*@yClr8Kvh#6ZU_b` z)kBBR8onDq9}Vc+R8&z4*u^rJ{ezjBn$%vi&{Brb`==)6L&QMSmrYJve8%f)QfQQ9 zZ5dcbf_tJe#Sz8I&?giE_WP{JHSBzD&BV#Z2liffwh@Xnii)%l*$R3g5vy!Ji5+n! z`szm43)fiGMyT(K_(&T58RP_jk(dfhab*saaUEBE=8fqnoXk${glR;(<~~%ECtb<0 z0onkT{uO@D6&XiJlu4x*UjlT$DAn`ar!RLou)b5y{mDL%-lzR{;?3O9SGc+LVGd*+n z^W1275Nhj<=)%+}mC>Dzp^p!Eo*rQ&G--y4rprAUO?Q~NAJmh02B^`^GcFT? zMQkH72VB^}kW0tu0jVr{RKh+*Okqe;jR5o;{dfN`cdX38#y+=ch;x+lh2iFlGA8#Gkf+*Vu17hdJ6e`{x-;D;8O|f-nhK*jchJx z$jH`B9t8m|np>t$kzMTovHK(Hw4uMHj=G;Me!4=3uurqlBqZHFUACL*PgqfsWVu+E z`_ln2^vb->3^fad^fO23Y=61QYQ@>a*Q+547qfvK$18?DJJ1O~(py2NDBl&2d=av! z12(cBHc~;#8avl7MFJ~@rf*2~R#pmyyv;{?Dk-fTLTn0@uz}Yu`}_5^YxoeW+bjNf z%bO&x)Q1*XH`H=DHr0==9mIvf!Tt-uJ29?BddGp`Yd0P=aW%2d&f%7B^(gW&XRuEx zrNvxQj(!)NRWmL%9*-gxEvr{R7*287c=_gq{1vd)sMds_%2+~Z|cvd5*D#IQ|kjccyM1pSGLTQ-R(nBI+euR z`hc+;zLmmtgk&mcxyVYVyc02YGl*K#RPB2mpKbXc&j}R?YY!~h@z8sQ_kshK2+2p* zT^)iTOw926z9tWGZN6*yjY^aQTk~c@8|pw`ojh|17jv%eTb- zR9k8PxSTUhL>=tVhdf9X*Oz7YmQvbh{XD_=fR$GQ^~MG6b!5YWRe0Fe`{_;{#*{hz zS9B`OHD@xmPDwUZ@lYnotCv-#@x`kp)uD)KO4boAtxBnJWVy|p<}dO`x*I-x-v<9C zr9q_);hUf(62)>yu4T7cS?F%tEXjTPhNX<3N2|12>9)z~rm&Y~KV-bAL9A0EjyOe- zITE{t0j8W*HFb(Gqt9+PM}mJVT9r}@4yJ6wGx-ZPMsT`71 zMbD@E9N=NCJ1=%7>87pF>mWj67fl<6tj1i-d9(Q8UtJSAN^dyfX1lE%WQ5?BxbqKU zMzY|v!>9vI+x{Mhrc0gBK)0C9I?_s#%%@_?HxG7CA`qUhCY|U5A#B_rI{Mn4iG6Zu zoY4}DN;_x&&Hm(aeJvSe-xe-~kUu$HPNmG1Z+_(dn-kkBG$IudiSn`?^q%eKXpVN8 z7fFL6=+i1kf9VzkI<`I?57@0=O%M3&;Znichzj^ZGL#Nkck&8Ij<#_(Z5bF}(uYdL2-e;cuKd5Mj~SD7F}y6t}$ zu1BhvKAdP_5+-&n5+SS`@G97~88hj{=Vtd2vm}5oJnV<$|1~!OA>}=7co(`II2;=B z;dn|43(_)Zp3OaN)3*E5(Vw&D*cb)YBC#9^t3Svf_E=dm)!beqHSc>eZ39xwq}A;HN|;G0CIp;Rua4 zZIb}s`OTmDJRO*p3tA^C154@b8y=pSU@nU6ZVQzZzd#On(}#YZ;W$;j&_bt|y-G58 zO4<2*N4?v_u3vp09J!{wvb1;1pnJKCtOf?u-u=EAQw>mDl{*$#xT@zy#OXyzBr!mp zhC+fKiL)gfl`bzSSZx0J`b_oq+u8RpmLjI6jiBX4dfuqK%a;TsE0*(oJK{EAu&rr4|_onip-3gPNVGyTJ1cLp@Z+P>NcSpY<-B zG^{6T*yr+A^vRgul$0l1A?@a2QCT==;VR@2FqI8Uv^Nt@l*^iY9=N8qw+mXviHm=0 z)qJ~B4^!9Gi$2IE6Knmc!|Eh729Z{AHLF04D~f8Z*L{+d`n~6+-}dwB3O1L$G36OX zeTk-`a%2=9DCV_+$ zqWd*$2US@mIKGnZ>x-TvEN_0?vkZagX5pk=>uqn(1eZ*`iuazDGV z@BSGri9Zg^m^lMt`O{eBp~$=a2)tailHl5VY}m0{teihbfDDbq4s8>Nj-iWMw>G=@ zB_80c)g4whjeAXYuR1F2$XbQfQ2QaC{2E&}tPv1%xyP=1<6CO*=uP_QhT0whwAIU+ zA4=ZA32p0T4HA)Iyu`Vv@>fZOnc@2&yt$P1j_Q<818t~qfL(Ad2+7oG1P zk0V4AaG)x|b|J9+Ewg%PK3agGda0Su{C9}K7jY%!5@b%cXs1hE0=VR5uoXQ2 z&=ADxd01vSX{h1YPdBrd&d%55Bw+pbO>p%5Fn0%vfuKW2Ej6l@~FkJ9w@0-Q~(Jx(0b-51-pw>|)cN3N+{X=CVS334tEGT4U3SLd8T2{ z1hc`qcJPPMwFR?I^91<(;zRcN^(c3XZoLcXzdnXXe>_(+Vpd7 zT!=X6SvJv|GaGxVN|Q>^_DJ)Z88{;w%)0Ujb8nxLD0QjA@k%j`Z84_mEY86FhFW5< zGI--Ff~AA}a^!Kq3GMB7&PvmSS9hZ=r-V{U53@8SZ{`CdyN1LS7(NwBV`5++*!rK3 z^Ur3!IqS9O+D)7S{o&u5o-sY|N_6&}22F{1FO4o}ChiqX`R}$Ct$bva^*_%?obKH- zrF;|*X9m(p(sT@8#Wv+W|A%O zi4&iOhl1#}0)hBhXP3R4ry8!Q9wS~{OuPEMcs1;nmZ<{e-VEA_m4_^&btf{E^x0S# zq5k~R?RJ?g34X<-sTZE>AxH*9Mwy@8k9N-cUkitPKwT%~30@_0`NuUPy)RB!8tiER zj68sdfDFx28!l{~gu?UDw%}qT(&~q*e5hPHkkM7xQw<;76J`D*+pFmc4L5yj@rP`~m=sxB=xF$EP7i4RIqFY4xTp@LjF%P2VZsAU6N^FQocx*p;AYqRcJoE!qD8qe zngqbD7d^!Dc&Cc3P1thTVmve23l7x0jbh(mGdsEV_Y@dsg&zhzfH5l zZbYBO=S}P$D_5W!OshhmR*CtCUym9x-fqC0YTnJ^dgkrH0KZ?Ny>HQNwB|dP$=Fxa ztgx2+FrzI^l`4UcsJoHJ3{*jg2#R$o4AqEgf z>|Leh)X*?40x656?zpK(;w3(QykeSx5_>r}=dh9%H3T)|u0hDmtuFtXE^{HyFzp|F zbo54V!DRM#OHStRsC%($K`u$k-JbEHE~rxiT8)}*zYCWYnnS>MiD7bI%j4BS$zP;% zL}ZerT;Exc`KKCSjU1vHTh?vo#DIzEms200=~-2fweHIOI1C7pyRr>{>{L5lC7J6E zlVmJOX9})(YCWBjsc1>`1G(*CuC5E<%(#Phe#J7nU>7!k+QvhdMe9X2s^HN-YKldZ zwl62^sR6l|&c>5WLsPnyROJ}D5N$V)7a^OFmQ5{=kG*26nE%n|B*9UJiWFQ1@xL_6 zcbm2_%PDIkzI{;VI#u~-VT=7^n!#czohcCPpGDfFcMJMw8uK;Hl+e=@mq`=yL7+8;cn5Q?l*oOsCrK5(Fc%l^KI4a>{WvS%UgkKK~ZN zP37c2F~J|mMA_+qewi;6P^TkJ1|o7p@ooE>1{Y!&$O z-6>W`Mv z7ODl49FeyzDT+rRPRYQMlTmp*{4)bmWKGI)YvIQ}lG^4gt@tB}MtOsV*ZetilB8fu zu9C>w{FIoh@Br;NH}6~@{IHA_F#;H+*DJ>8s8Z|bw|)^Vm3oq{_$GTOO#4%@C zw4bH-U<0JIUU6+V+r=0n53VX7i%C5{ZQ0sV;3K3Bp%1_56cU*^qL(FA-w+E@VFFb< zutqiSGaV0Fg?0-D2}b24@u3;7Dl*^TVUeS0T7TOLHny|%hx(P4P*UasI8G|MDcW`5 zBrK?T!+`#8s%bW@qTZxJU&LG>gOuybrQ|-{wGIn4PR;OAR^&DqE9lBEvy(WbURYft zVMoj3e`L32_k;`~Fy><$(ny9YSnxOMg1gieItX90T+cG{RZ5W=Yr{f=pQxwB9*Z_z zx%D)c2qbh!dka^Fy4>?8NvOL)1;2|FxBM2vyE~^iFDa|jV61BSJq2H?&ijo4EnLOnblcPSMZ}JUY(WgQZ(>`gddmjxrDe7{7Zj zNwXp9-sN^Rvll7w#0{KPO&3f)d1)+S<~;;#f|~kHc9cAe#H^}syjr$Y<(lmdPH2a8 zJ^&!6Ld6&Ozn306h6>SFaGm4n&&MISR4J;AgE9pz#I4aJHzI6T41jZiw>Ozz>P_=;BOOxnFwuoSRBaZ zAtsKRP4V`5k*Kx7`o(Cg7+*v^RLbc7wDB0rr!?m5N*b}0 zC=T4ndxbu6lsCp)Cok7mQD!$&xnIWatZITwNNJHrSlq$hWMx|PZgSwYSz&`lhA!!6 zbA;p*0C}T?G$75PR!}0Y~@?X6ugc1j9(pOf{R> zgnG%ciSxN%@2Su9yWH}uJ7*o5J{5;na2CYi*JM{H)m9QS7i>~thHZdu$}`rR>8SAs zKT)Lu%geLF?5l&0a_z%B%=Qi76ZJY&0xxtA7TH@X!%3!_Ij4ft6f@g#w%v54iEXGN zqQVlFe`PAtG@$JLx+3Mzy&g@}yuCLDOH1%T>?)fmDkP}+9&sJvt3zCFrX5yrz|GEu zsHRv^v-$lswbHV_G`=LHqCVAT8=)HkOYKu!Bczcfw;WpFjwY))74;2wZO z?_)NCqEkf=T8tkzAAP%}#Oh;aO{!g07o7;qx)2r%oNmlXn|LN+NZ+Cdf3FP)pwGZ&mOoM?sRbY{ghHKE4;XpmhN;bsKdZb@I7_+?$i_HXBI2SCnYy5|h+*)t-k z^TMGtGZ=T!exTy;=5lL{^w+tLL=ix*;zaxQHPnmK-2-baX4R<$x~l3 zHbfJO zk1Bd&Lb}8|iA?$y(ZRil+%p;>7G+|+JoxIJ39Zz5$w$qN6dc=LNduDWzL5b>q5AA} zBx&mZY*jOV+He5Br;WU%>elr+97oHnu54&EFNI{|{NSP&)V$V#7WRkK>!)Yk0$Jk^ zAOnyoS|@K3KDGLFobDP*<3$3@p0M!wKfiod)BEJbQ!Z$5b}y+bT|TOM=KCz}Z6W8{ zRY&S-2UTRrd%v3y@eOmXzb-g8Z3N)lEF+Qb+%VL!sE>|Sq8nPG)Dm-1Zk)XbBBe15 zB#dSq+Gzdf4a?mZ%HMgZ{Sv?SHaj$~(GIxhE?ZTN1_bG1S>W46PyQX+a00jqR60Y1hP*Gwr(vLf=sgR5@yK5()0h#$mgshgQDgLzl ziD*rS!?`rUDN)>ZBQFn~Tb+Kxdrl1AAAdq9kX4hHg9K znx^agJLhNuoi?S4jtvk%Z*xUW-&7L~C6_L78A30F&oIu7PDy0A6@FNjwc6p7Kf?E& z$jRlB90n5yMv2sO`||aVEh#3(T3C27kPPI$5jok8+;9oSoob+qcC-|Wo5)|mWrepmQm&NM_b0Tlbc^P z)T~02ciTENHz!*x#fA)!$vfrutmh*kA8{qpflPyX>$?@hwOMad@GB;l)Zs>9BTM=G z*ZTBGZ&JO5|K;!Bw;6r@*{teW)im9|E0)X|JT3#bK_#RUSHuyAw06fLRIGaMDPix2 zI4{eXE0N8JLQGfbAA}B0Mv^(*ATJmx0#C$g6@Lz zCV@~qa#kyWoaa&b898oG10y@A(euh(V!O90=l#<+WdM)Cuu)`BVXvX+=BIt@QW0YLe0`=i4PpSj~9Oi z+G_O(ov0L$lq*vrndZGENfMSJ*)i4%W0+XQbrNPgrx8?k8EwHQ3I}fmIl1=7U=PC1 z5OmEO@?rW>x${}@v^KP||9Ed3kk21_59BqqOUz%kx#Ctf#3XTRSCnKW9+}kZ-B4%? z`>e(y#mMrT;?PCf!T&ujVNCBYFxPdFKTmo-bkg4`K~ZRE6!RHI+-&L695U}5>1ifeu@}by;l+ZC#h z8;o&D*$3}RjBD;$eZ(1c&kB-`5f{}=k9vmrxV@JpM7|egDgas+uFw5pGy7=eVMXZs zlyWFuLQ%aZCUAB%w2Ea5lJY1-PwrN-<=yrA;w-PUB40ylo(_XyE>f7GK2VVBN;(`C z`^f1x$Qlq^H(T1hDRs?al@Jy@R(}Gw<=s5S!aq3`CB~Cb>Yfs|w8~Ui;=29?LjgN) zoGa1?MzEZeO;^;lg%)O<6NBHJ)`9!!B8>-0#5;mO4LZF}Vwv9S1%3K?YWZ9$8a?3y zuJW|tY8A-Ggb90hE{w`ea!V8<*ggo(goNV{tL1<7g>w0oaF%Yqx2}OQL2>rsP6i*Bi?WZ7oDl8pWu)MMPAId;=QT$m(p1`(5Vn6*Myx1W(A%<9J9*OIZY zLDoW&c#cjcSkcoIC5QDY#QAE=Mw<$Fqj)~q)${qS)fEANve(hLVx7t|=E%a){cpKB z()dsba)v;9lCYByxv$_XxSAZF{ys4GL}%i+rv2m72X+!H52qGk7o!!Dc1-_eaxIBV zwqm963B{f{|83la@AV&jyBSn>?vo(!R(qcbG8<>oWM`IHopJAPZXud z?2VPO(z9rI0Gjsery@ePCFKH05Qq*6&`LcN-xcU539R-TL;OxiiDa(uVPn+|5ImgRKColBJqPDo^-IF2pv*+~oV?60A9T>{{-s_aX?XaDT zL^^s+=L2_-IDj{JM(_$xKG}Wq{%fN8w^e;e^jJujc(<|HFlb&1x({k; zxVQBth@bByY?xtT_|JYY7D*~<|77GlP5!^-Bm3_iB6t@C3_Rhh)v~@tpNUvK6mn zpLZje4`)o-H+qQRuZ3_I5VX%SZ{O|eR70;CfGisXd=^Z15VaA*p=??1EQ`GE+}O@m za?lr>-tpAd-5gN>o^`-;d-wX>j_6xMponS)Xo_E$)%dgS=h5$;j(#H(Ax+^-B)v~b9wC<`N^4Q8zNd_ChEl4}WIX_G|Hg&q^`STonO%?-z+lXvW=l4+-ennjQ8I)6?Qd~zH*<=WdHrHCcx`9T&`ht^ZaI@G_@W>xMHt$ij-J+ zj(&xd6oYRso&z21I+5U&@N4c5sGw=^+;np4{H0f7H}E>_;i9U+cw623U@`F+RGFxiUvW+0Z#uj5xc^qYghm;MK5m6C_0_mkslCkdmgoAODfo za0M%10$VWvkb+MxzwIa6k#cMH-i;>Q#Qf}-)2~&J~J6p+(?9?ao zjaaD$w@P@-`&l9s+-L??P5Mdc@BnDge8QOzaT2L)7wuxurb11ZQY}JuusLS!?UT zi0No!%gpDlic-!JErUcQ)%;SV$bAs@k|4{cXgE2ksW`h*o5DqBy%aUGMpR(+WHW}0 zRPeI*4yaXUCa)!n=j#$Oem@&`C?`F8cAla5CKa@oGe(Tmx&-lns3Y)sXeyhW_!62*&ntfa-quaWN^#t&rE@a~HDG?9tCS)al#0d1D8KsEB!ZH(@CxE(V;^8IL8tY8OM@pA8doS&A`x1X$|Q|H{p~ z3WnJVmOv>dyjR>Te$jt>vP1&C%q=iOaiypN7G9PARTQGUUv>0Sk?bkE{3SsopYykU zmf9sJ`JuZUwbYK7-f!A6UtJu}{>Tey zQ`#J$IbCm^i3c}?r^p|E>&|8V!e9YShXY5!9%=KM| z#s_I9)EQmJk~(f#0ZKK^IIf7K?j!9zQZ^290z6U;(_~I+>hub6@v=XPpsDO+d%sv^ zCMc~Tifhto?sTp^g7LxMrSD@Kr>d)&aTSU#;6m;UqPi4j7*e6OuBWH^3t!;*j67!< z&?(N0KDi5s<{&p|=QkgO@m;{L#Dwf4ueqYI$F({ z5LDmk`4ZqsCRnBq8fK`?>yIdt?>)M6H(IbCx@GwiqcjM|^5z?*WKfz%;buiK6%HSk zSZ8Q+FA7&EhCRH~fI!=7WVTu6OH($cO3$9-1@US0QnpbQd*_d^SC-`cVxs@IEr!Fr zo;$4SwWLi@i)i_2j@Q{%^XF;((5h#fMcD$;#JmSvNuQ)}9Y^ADh9faQMEgGUj}0B^ zgfy68K1}BI5(H{qx|m4WO-Sg&ei`9UI=iz>58L{7g7qATk5RPqvr$lr3dj2x5iGIs zlV*G{Yh-HWck7*Ny%;aFiHs^%>?Ca=zOf|{pbTLj>PwQ=tu(eWPsX{}{*w+-H6EC< z5Cb~U0`xq+XdEZSg${JtEEF#dMYcS&EI&xtx4Wk0W_$#%sK3hq_Z^cK>{~Y%o*@$6 zxCndet|Dl4{gsL8mz1RU>d1<7Mnh`WHWQY zod(a57OtZVkDO?a##XGxCoUHRrk%XYrQ@6LqdOvsniv@uagL5>*O}k7BHeX#2bo** zhjWekD%OuT_7AYj$Z~~Dh!mq8obMnO-pBbmJ^u2VJ($8OT+M3hhqNd1*+i+8Gvw5- ze(mXS3Mgg1bkV5@nP(!|aI#$v-8#Mb4Z^!{(vH*A2@P1)&VgKc%VpO_yTtZBZ2v^nnv5G~L8|_ltxE3=r^Ca2g8~vIib;MNkv1`cZ)nW}ea+tb0RXomTkVpKy8_`*f z+s}~6?onQVUZ-gW(9iqQ4Gs4HK;p4R-?6(EWAq&DE8hK#E~ut!@MRJ`v}bZD4B?aO zg>2o&c}HfAAU5lHCVwRvoqq3_pqwK;Y#W`*x7xJU4x`so{`5U|Lk6On6c;o0Hx?r? zdeQ@L3O2b&bxm<@mDbJ9;x8s#6FOlyMcK0Jnpu_L3Xct^si1K8p#UoK%VKMu8&^Es zhM;Yd2h>{R!YaMRwB=t~%92gHxBf%c2Iy*sd{O^)(08vpXxtf;sT@dG!IiDWWLg}4 zkBsj$!Kl=aP}z})19rAe1O8cp)HKDI!loY6jgsde)b)C2-?4NO=l351r;JJOC)*q6 zTAaR?L)X6?C%T1x!=<{j(pW^{I7qnUYD%e|Twbf8qxGfS+$rd07nR>UwZ}YDA?LK- z^r|t56Y}Fhe%Zl`iaK8O7G$j|-ZV>f+svj{Gou}IP5_TT`CX-^7q9a( zIe6>M#aB;P<`!#h-!|>kq&v!;o9{QS2!6TsLbF@++RJwPtonBsb<0yB()+%-em`z-%|; z?rPR_t%6xmcY0sVnYBR5%xX{lrTu$T?!Qbq|K#cm^Ud6wwl{9uy}c};|K29on=h9n zR65AaTe)=kRgJ>vr^}AKx_jl#!q`>UterB}2~M*+8TVq7h4SX?FTkK%Xx&%L)@JNo zT;5_HHC<_UuF6_`o_He_~CiR5A1=b zU%bkHw|T=G->Uha-iqwlv$Lk@PC@jp@?_S3i|m)LJ@?aL>$^AXd2eUvCKsu(PyT#e zqw!{)&rg?#7kk@_SEmQEdK$QDhiAB3J$HNYDiZ4FT)$c8Slzh%?GMrsCWYI z<(xQnkLgwV#T7Q|cE>C{`GmddPPIU6D(^}*>$D1~Qa!gl517_}6}V7VYkxRh9;odA zs48V}Fw5G!+6#Cw+kYLQ(rflvEon~0JA>-4$|fHAP-jpref4Qk`KxPR)QaS+fqFg& yLykEDG8q`~_q4!D7#MD_64ja8x14GJ{{QkX&dBtTRIq)C&0MFcL=OTd_fASEhQ1umjA;evD( z5+D$YB1$hxfB*rJ8bUxiAuz#r%{%YA)~xw3-)7E-JZG((=bXLI-sk^2J9%VfaZP|% zoEHE92wXRT*#H3SFjn6i$i@1U`4Xc90EkOmhZ)*NzNAg)RS`P#IaeRlFl04~|GH~q zez8Z>R@l%%PT-1)|o>lO#fTFKOCpYAWd7!dEA?&doC4 z9cFJn!`0xy>ii$nyB>}NX(s*EC~m z0MXy8qf-T66phx2_bM`1f8Ke^e$D{b_3qY;l`WW9S&Z-#YuFFduD!w&bucj8`lp^h z1WAW(B$1CSvrbVHfCYpwf9Oo8$P|7;#Ampl!X`c)N$^Y!qO|T!$I54iS0y-ui3o_~R>{lLb zfzuXmBK(Eu64nKs)j)k8dD(PB;asjKJy6?OJq6!t2)dynuBBn^`gX6Pc6Rvz+2KUl z4gS9HX-9S{mkEOFqu*=Ly~`u*;iCE49MxUnN+7#-L7PACd^;~0cfGIZ+N@9--AIYY zUs-gGxVd39Dwq>@q9Dhg@BKTJV4WD2`!<2B*g?9|46z)QDOHf%1e(wSve`< zM4_drZ;%f;514$b5Hwl=bPSqzCT1CTAY2m+qE}Tl3BZsvt+nv7CP4IQPA#eTYIa$2 zKP45;=U1fId5mFvIuFJJrwOWw_CfpdopM(qC!2?#I5C129Q^_)j(W1J0PYFqh++k^ z0iCK#%_&qdhG#M_G(*|R@U#Z6)>vLibZK|B-tnm=sI6B}`p42>p2_FXJFf*)t47pR zp1)sFL8N-AcfJ8XsW5sP=se32eMYk%)gSd}A{=pMd{)ql^LZ36eGVbv=|$FC3WzV! zNqzP10j+9jv@9+o2wyy3_PyptF(xohGwP>#`|Ce|k?J5jlV@T^CX&4((x-UTEG+uw zxc>_M%(=pD?M_fx7c*+uq?X`*cLr}6zE*{iS zo1?!bvw2Z6Io)3Y)a146>*Em<%CzHFcmtvj_BQN<(0PoFDY7RD4y=M2>KC?fdaC3sDqtz@}YsFxp=U_va0}L!3hq}%Epx7 zUx8T3i~P+pTUK#h7?T0)%MF`nT-5iQiaeH4CT0X&?&9^DGcL^w%_2SxGUD?RF|YQ& zyzL`nlx_sH?&BEGnCLULjpC=#QvF>x7zH^ue4QNQf(Wsx0p3{ZSdOCm7Rr=jhs%d< zWXu-x@%`rFeWueh<}+M2z4i91uzT$%#rIJC{$hLUl(Q7u=|RzFEl>t|uU=zaHa4Ex zu$kg1(6*tgG+Is|M(_bf$1pq=nRrgq+vMPSmn=^B@7H=*6Eo}UUnMowKL{-8eu!E4 z`yVcGTkZ=A1tm)PcptajT{NSOhOdU7Dtu)iOV5?H(SqGd4=RE^Xe64NVRkT3+q-7K zd_>nuZkMP}l9hyTi>r*{mQbONt0I1-{)5Z>xdX5zqq6u@nCv(yDr!X8JiTZBU^4v2-J{= z)~}iPT4gXMt=vVFfWA&CNxh(?<-S&^rp?`70C7HSy&`mu_FSx_q9pKLrIX&WR}F?{*ubyU77n4i^dXslxiiULQFX>E@Jx0*~9_EKZ z-saTG!yGPWyC3-Bm-=xGDWrsfI2W(oY6ggB=R` zgJ3mJ=-##7PC838|9yPl7jb_%^N`>D?6!wY!#LI>xc>aLsE=*%{K8lpaksig6j~`n zM&fr}W7<|t3GnuhjLF$x?!G@AsV%|Ck8gjE%&dRQ)QR{qZk2V4r3YA_0HQLe=|$BJ zS|f0?(~A*;KQ^y%lY_sHUx1^a%63l4M8tp~24l6atVHE(3K=E3IDFn6ig<8$L7vU} zQBmlt_Fw!XeSmJnxYgftUr9rE?-^kfEcH#^OsVLqW}P|0W99`i6b1nb5ij#IKbn2} zwX_(!P!kS)u#dCaxCuN1fe<#1*4g+jcJwXFG~EB#S*T^sxVKcH4|i^ez# zm)w1SwFok;>Hutwr!w|89jZ;`MsDnSze{P%V9mO4@d9YTj}eRRZqVX2GX1=sf)lhS zhuH)Z(K2jLd&Cn8_Et%PUv6_-Jb17ja%6{eI}}z$8vtx%L(F+u2!8eL^N>^_Xe51x zouR`~;B9jH1N6vn%hscD|1GE_H9JqsQR3`*$F#BAB+?|;(_g&x#a(y)$Y2Ac?ubVW zRTOy2l`6ptBR(A|(u*8!8~e6^%lj`NgI9*9l^%UN8$aI=RE`N}FHD*m zQS38m@;|P}k;CUFoG2j&QJb5(r64O)7-Pdb9R*p=X!X5i`hm}32X!Hp<&WF3qkX^j z0krBNQ<{4ALTsw`OYViVwAJrFHtwOK)5J%2>&eg%myQu|s4d{#onx{pfV^%`;Nmcg z6&DMC>U9m_6Dv29IOY5+4L$EU%f0q^E%2DPq?4Zz3SyB)Yi#P>XXc=h4z>4Z;lNHE>(M_!31NXfOv~Wb{H(7oT+$ktQ+hLT%GIegR~H33l(AjR7%~s_m8JjZ`QQQzOJ?KTnd*6pe_I9REu6(m#QX+0Z3u)~MLMjR%#64$o?V zE|MJ5^?b{vVJ4?g+1K5R1*`M2D;pZn01>}!%62%YO7>g%@!zAJl_VHgX z+0}J}9=pg~<^lZpH^TH~KKJtDK0Cs$?fMi?tKV(u*N_%~ z^~}fPinIM>5j?>AGu75BQLG|0j3~ zj?U8hU32qky<*%6w(RxryT5c8uU&ybrsoEHN_FMl>rsEW1UxU$8A6dT_>{4h13mIw zsM$BZq&ov-L}}W}zi(_Q<0M7sdQluy1P%LvXRU)>m^sRNKQ6f`@yCD1=0Cb*XOb!S z+;te8aJ9`@e%`EBQSvy+jKC&ORb#%^hXSq9-sdP)WDKz7ll5vQ4qgqxB@XZD9t14$ znmr^J$iHkCy~3H-`PP+A&zMo-Avop|y>0IRlVXx84gcO9%MVZDEYQ^KUzyvt$or+u zbTuKxN2!=2TMT~X-`%?1p{+Mq>tw`L%QIbXyrZbf}diBiQ|I^pHp}$fk}81y5-~HT&i*9hhFhv`yJ(i zNH|{7{d(luiR6J)(+^L+50?+pT<7+NFN$JILynUaOx}Rb=#=h9e}?Dx!n4+2Q&RRT#%zfv(B@{d&hIJ4LB&Sixl$ax+Y#?R32_0jai7nVBMVmT>xLK?O0zpx|0mR zJANs^zv`csrP7CM9!GUk0X>=ZZZ?o29go@zR&j-u9z}p2dGeSL2nlh+JcNO`%Zv8{e=tN zA`IZ;+A2A-UlK*`vi0_Rr9WY#u{zs@`0^5=6Q2E&ZKmsNTexfB01gs2S)-_oI+0X4maAeD}6 z$b>$>YVaJSK72d4QBXP}=W3)vC7RG6?egO~Kgr3_Z_yPg=0aReGS%IXIArKqr)X54K*4r z&p(Bh0tjA!zVK8#n8b z1ticmx4vO)rEz6I!>QK4{K)lHj1{e5>ie++S@qSYk^rkYGweFxly;ALz~evjCK+3X z+qi9#!{N+m0H+^+c{oV*CE?i|c`U@8A?`+TycM5;c>A?9y#8gN5deBmbrV%O)T0qi zb@Z9psA<}w8;2X%t}r&)+glR|U4f=3r;fW(P6;^aE#H`y?P;eZ86vK%BY7g9Mx$g# zoiIX30H9gzRuOj1#nk-)%Gni0;&4OY*pFdr?2Gv`^K;tE%Y2nxhs~7aO{6Qcbp!dT z+(FeqfExEfM;wgYIn{!Wx&9@ZEbx8$s~sE zIWxBUK0;w?^oaO{t(z|t-HpFxh6?w0>Og{{pNeLprm90c+CqK)I)N<}HhrOM{`}UX zuGuqGrmsipCqeVSEF9erLuW5UM?CBL^inroF;2_+vWc#;a?I6^5FVIK{m4D|YI-b) zjWfD*#0YrIi>;ib#Nu!`0HA&L%P!I&g5XMpp&goy$)PGdu^`9gCk?#~T@x$%DG8oT z6uq%`k~z}9Nj(2>?Yh_U1f|ETYj0PP0xg|FH9ZWMsn*K{y-Py)>-mt7-q{PQxBQ#+ zulDyYzAKn%liLWBim9pDChG@-!vYvB2MZKSamMARVC=k?{QSIX=3^7t z`)XN!!*q`<=S^AX@L|`LY{L*cnbFF(SR-v4kEj&@VapQ{?n=+r5Cf~t>>Lo?ak>fp zbD=k>dEGG$Gywi#EkkQy{`WBhD`<{;v!-bKg;>HDD-l11;$7Fw%7#TU_XOFX2BHgw z)NJ3RgwLhmy~1!uVNfx1M>MD24?fJs{d zbv!U`dKPBE3Cx@gK((c}e&bpTNGT|+dk?OXxh+WD=dN(k?qL)kzLU5kfhRs+In8eEfE0kBq?S>RGE2Vh#?)-v z49pfPKP=MWAUiG$*R+xqQ%NB#J!lkkmRHcK*bb{WO|D^2BT9mgg9%Ks9!~AahZCK( z>eI}m-=z6qODjxcX2^Fx<##6@6${N@ruy9Lqy6M&5Z4i7%+`-k4v!ge4#Vh{oA+B;UARXPG?sf9#l_ZzCbPNgu&$g^o;(p3ZB|8uXYpmndzY;Yx#yA!$l z^-X7{)!oo2b~zOZ_K(TT$Xi1#j2F2+6XSUhPL}iBNpuBGHr?>!97anlA^3OYdD@a@D+qBb4UsszlYawZsR~W&RRqwNk6&wh`k3MOZ?Vc zZyXkENZX%x=dLXqXOE>EmpsYd@h9nB$95OHXKWg(-T-Z(8 z_6K1y;^m=%;8CvnVt^wI@s$Q-TkkV5iy6Meo=4Nn!33OYjLgTgYkJ&q#o51!Id;UI zRJKkI`)o|5A}Y1-P1URFlj6elm$NU~Rf`V44I0lAaf@dY0!YG@wCBQZa#FcAFOmVN z^o)K}Bj6*uNon;vWT2BoPJ<9Fcaf5WQfY`52_K-SmC??|+fquLb>AVuiItmhMT|o%$=!b#TQjHJ4 zEq49rsxG5lq$2jpTc7LRGd+pR+4afr8|1eRl-j7xpQh2snTwqmiQHlLS!WX(p34e9 zpK_oz@EcZrTuslW4Yn9df~z%G(WwU4%qb+y)9PgQj^L>}>5S}~r?NX1`y-fGq|Z&p zTE5o?xXiUnnxdAHBox0lJ4Y0UM0EU$3SFldGLFyW_9^N+jGqcs2Mt`ZZn?SVdiWvQ ztyPKMabP&;pz}%49{zC9q4M_^1)ZKFvq%M`JaMhV9Y$Z(=?D%6{^3Bv+0BtZCGiu- z))`iNe?oe9A7QYl$kDUW7rDAzN#$%z1vfOrVEc~StRKfE{5=#?_w}2M%5TR+ynMS$y9EMS#J9x?v`E+4_N literal 0 HcmV?d00001 diff --git a/2.5/en/assets/javascripts/client.js b/2.5/en/assets/javascripts/client.js new file mode 100644 index 000000000..e8fdf1cf4 --- /dev/null +++ b/2.5/en/assets/javascripts/client.js @@ -0,0 +1,112 @@ +if (window.location.href.indexOf('/client/') >= 0) { + window.window.addEventListener('load', function () { + function setCookie(name, value) { + sessionStorage.setItem(name, value); + } + + function getParameterByName(name) { + var match = RegExp('[?#&]' + name + '=([^&]*)').exec(window.location.hash); + return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); + } + + /* Store URL variables in cookies */ + if (getParameterByName('host')) { + setCookie("host", getParameterByName('host')); + } + if (getParameterByName('email')) { + var email = getParameterByName('email'); + setCookie("email", email); + setCookie("domain", email.substring(email.indexOf('@') + 1)); + } + if (getParameterByName('name')) { + setCookie("name", getParameterByName('name')); + } + if (getParameterByName('ui')) { + setCookie("ui", getParameterByName('ui')); + } + if (getParameterByName('port')) { + setCookie("port", getParameterByName('port')); + } + if (getParameterByName('connector')) { + setCookie("connector", getParameterByName('connector')); + } + if (getParameterByName('outlookEAS')) { + setCookie("outlookEAS", getParameterByName('outlookEAS')); + } + }); +} + +if (window.location.href.indexOf('/client') >= 0) { + window.window.addEventListener('load', function () { + function getCookie(cn) { + return sessionStorage.getItem(cn); + } + + /* Hide variable fields if no values are available */ + if (!getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_available'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_variables_unavailable'), function(el) { + el.style.display = 'none'; + }); + } + + /* Hide the TOC, which might contain hidden content */ + Array.prototype.forEach.call(document.getElementsByClassName('md-sidebar--secondary'), function(el) { + el.style.display = 'none'; + }); + + /* Substitute variables */ + Array.prototype.forEach.call(document.getElementsByClassName('client_var_host'), function(el) { + el.innerText = getCookie('host'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_link'), function(el) { + if (!getCookie('ui') && !getCookie('host')) { + el.href = '#'; + } else { + var ui_domain = getCookie('ui') ? getCookie('ui') : getCookie('host'); + if (getCookie('port') != '443') { + el.href = 'https://' + ui_domain + ':' + getCookie('port') + '/' + el.getAttribute("href"); + } else { + el.href = 'https://' + ui_domain + '/' + el.getAttribute("href"); + } + } + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_email'), function(el) { + el.innerText = getCookie('email'); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_var_name'), function(el) { + el.innerText = getCookie('name'); + }); + if (getCookie('port') != '443') { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_port'), function(el) { + el.innerText = ':' + getCookie('port'); + }); + } + + /* Hide those sections that are not applicable because useOutlookForEAS is disabled or SOGo Connector is not available */ + if (getCookie('connector')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_var_connector_link'), function(el) { + el.href = el.href.replace('__DOMAIN__', getCookie('domain')).replace('__VERSION__', getCookie('connector')); + }); + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_disabled'), function(el) { + el.style.display = 'none'; + }); + } else if (getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_connector_enabled'), function(el) { + el.style.display = 'none'; + }); + } + if (getCookie('outlookEAS') || !getCookie('host')) { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_disabled'), function(el) { + el.style.display = 'none'; + }); + } else { + Array.prototype.forEach.call(document.getElementsByClassName('client_outlookEAS_enabled'), function(el) { + el.style.display = 'none'; + }); + } + }); +} \ No newline at end of file diff --git a/2.5/en/assets/stylesheets/extra.css b/2.5/en/assets/stylesheets/extra.css new file mode 100644 index 000000000..cf96f95f3 --- /dev/null +++ b/2.5/en/assets/stylesheets/extra.css @@ -0,0 +1,67 @@ +/* source-code-pro-regular - latin */ +@font-face { + font-family: 'Source Code Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-code-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-code-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-code-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-code-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-code-pro-v21-latin-regular.svg#SourceCodePro') format('svg'); /* Legacy iOS */ +} + +/* source-sans-pro-regular - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 400; + src: url('../fonts/source-sans-pro-v21-latin-regular.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-regular.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-regular.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-regular.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-regular.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} +/* source-sans-pro-700 - latin */ +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 700; + src: url('../fonts/source-sans-pro-v21-latin-700.eot'); /* IE9 Compat Modes */ + src: local(''), + url('../fonts/source-sans-pro-v21-latin-700.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */ + url('../fonts/source-sans-pro-v21-latin-700.woff2') format('woff2'), /* Super Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.woff') format('woff'), /* Modern Browsers */ + url('../fonts/source-sans-pro-v21-latin-700.ttf') format('truetype'), /* Safari, Android, iOS */ + url('../fonts/source-sans-pro-v21-latin-700.svg#SourceSansPro') format('svg'); /* Legacy iOS */ +} + +.md-nav { + font-size: 14px; + line-height: 1.4; +} +.md-typeset { + font-size: 14px; + line-height: 1.5; +} + +code { + display: inline-block; + white-space: pre-wrap; +} + +:root { + --md-text-font: "Source Sans Pro"; + } + + :root { + --md-code-font: "Source Code Pro"; + } + +[data-md-color-scheme="slate"] { + + --md-typeset-a-color: #6390e5; +} \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-accidental_deletion/index.html b/2.5/en/backup_restore/b_n_r-accidental_deletion/index.html new file mode 100644 index 000000000..c522aff61 --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-accidental_deletion/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Recover accidentally deleted data - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Recover accidentally deleted data

    + +

    So you deleted a mailbox and have no backups, he?

    +

    If you noticed your mistake within a few hours, you can probably recover the users data.

    +

    SOGo

    +

    We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/.

    +

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    +

    Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo.

    +

    1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo

    +

    2. Run docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org

    +

    Run sogo-tool without parameters to check for possible restore options.

    +

    3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo

    +

    4. Restart SOGo and Memcached: docker compose restart sogo-mailcow memcached-mailcow

    +

    Mail

    +

    In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf.

    +

    A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage.

    +

    The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized], for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708.

    +

    To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

    +

    Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

    +

    Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

    +
    docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
    +docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-backup/index.html b/2.5/en/backup_restore/b_n_r-backup/index.html new file mode 100644 index 000000000..f93e4b495 --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-backup/index.html @@ -0,0 +1,2773 @@ + + + + + + + + + + + + + + + + + + Backup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Backup

    +

    Manual

    +

    You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically.

    +

    Please do not copy this script to another location.

    +

    To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. +You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
    +
    +# Backup all, delete backups older than 3 days
    +./helper-scripts/backup_and_restore.sh backup all --delete-days 3
    +
    +# Backup vmail, crypt and mysql data, delete backups older than 30 days
    +./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
    +
    +# Backup vmail
    +./helper-scripts/backup_and_restore.sh backup vmail
    +
    +

    Variables for backup/restore script

    +
    Multithreading
    +

    With the 2022-10 update it is possible to run the script with multithreading support. This can be used for backups as well as for restores.

    +

    To start the backup/restore with multithreading you have to add THREADS as an environment variable in front of the command to execute the script.

    +

    THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +The number after the = character indicates the number of threads. Please keep your core count -2 to leave enough CPU power for mailcow itself.

    +
    Backup path
    +

    The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". +You should not rename those folders to not break the restore process.

    +

    To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

    +
    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +
    +
    +

    Tip

    Both variables mentioned above can also be combined! Ex: +

    MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    +

    +

    +
    +

    Cronjob

    +

    You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +
    +

    Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

    +

    This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

    +
    #!/bin/sh
    +
    +# Backup mailcow data
    +# https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
    +
    +set -e
    +
    +OUT="$(mktemp)"
    +export MAILCOW_BACKUP_LOCATION="/opt/backup"
    +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
    +PARAMETERS="backup all"
    +OPTIONS="--delete-days 30"
    +
    +# run command
    +set +e
    +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
    +RESULT=$?
    +
    +if [ $RESULT -ne 0 ]
    +    then
    +            echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:"
    +            echo "RESULT=$RESULT"
    +            echo "STDOUT / STDERR:"
    +            cat "$OUT"
    +fi
    +
    +

    Backup strategy with rsync and mailcow backup script

    +

    Create the destination directory for mailcows helper script: +

    mkdir -p /external_share/backups/backup_script
    +

    +

    Create cronjobs: +

    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
    +40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
    +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    +# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
    +

    +

    On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. +Do not rsync to a Samba share, you need to keep the correct permissions!

    +

    To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker compose pull and docker compose up -d.

    +

    If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). +In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!

    + +
    +
    + + + Last update: + 2022-10-25 14:46:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-backup_restore-maildir/index.html b/2.5/en/backup_restore/b_n_r-backup_restore-maildir/index.html new file mode 100644 index 000000000..ef393066e --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -0,0 +1,2606 @@ + + + + + + + + + + + + + + + + + + Maildir - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Maildir

    + +

    Backup

    +

    This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: +

    cd /path/to/mailcow-dockerized
    +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
    +

    +

    You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. +Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

    +

    Restore

    +
    cd /path/to/mailcow-dockerized
    +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-backup_restore-mysql/index.html b/2.5/en/backup_restore/b_n_r-backup_restore-mysql/index.html new file mode 100644 index 000000000..208c5be1e --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -0,0 +1,2610 @@ + + + + + + + + + + + + + + + + + + MySQL (mysqldump) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    MySQL (mysqldump)

    + +

    Backup

    +
    cd /path/to/mailcow-dockerized
    +source mailcow.conf
    +DATE=$(date +"%Y%m%d_%H%M%S")
    +docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
    +
    +

    Restore

    +
    +

    Warning

    +

    You should redirect the SQL dump without docker compose to prevent parsing errors.

    +
    +
    cd /path/to/mailcow-dockerized
    +source mailcow.conf
    +docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-coldstandby/index.html b/2.5/en/backup_restore/b_n_r-coldstandby/index.html new file mode 100644 index 000000000..cff0c3a13 --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-coldstandby/index.html @@ -0,0 +1,2677 @@ + + + + + + + + + + + + + + + + + + Cold-standby (rolling backup) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Cold-standby backup

    +

    mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime.

    +

    This may also be used to transfer your mailcow to a new server.

    +

    You should know

    +

    The provided script will work on default installations.

    +

    It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes.

    +

    The script will use the same paths as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints.

    +

    To find the paths of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in an override file. Local bind mounts may or may not work.

    +

    The script uses rsync with the --delete flag. The destination will be an exact copy of the source.

    +

    mariabackup is used to create a consistent copy of the SQL data directory.

    +

    After rsync'ing the data we will run docker compose pull and remove old image tags from the destination.

    +

    Your source will not be changed at any time.

    +

    You may want to make sure to use the same /etc/docker/daemon.json on the remote target.

    +

    You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run.

    +

    Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that.

    +

    Prepare

    +

    You will need an SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

    +

    In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

    +

    Edit this file and change the exported variables:

    +
    export REMOTE_SSH_KEY=/path/to/keyfile
    +export REMOTE_SSH_PORT=22
    +export REMOTE_SSH_HOST=mailcow-backup.host.name
    +
    +

    The key must be owned and readable by root only.

    +

    Both the source and destination require rsync >= v3.1.0. +The destination must have Docker and docker compose v2 available.

    +

    The script will detect errors automatically and exit.

    +

    You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

    +

    Backup and refresh the cold-standby

    +

    Run the first backup, this may take a while depending on the connection:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    That was easy, wasn't it?

    +

    Updating your cold-standby is just as easy:

    +
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    +
    +

    It's the same command.

    +

    Automated backups with cron

    +

    First make sure that the cron service is enabled and running:

    +
    systemctl enable cron.service && systemctl start cron.service
    +
    +

    To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

    +
    crontab -e
    +
    +

    Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

    +
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    +
    +0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
    +
    +

    If saved correctly, the cron job should be shown by typing:

    +
    crontab -l
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/backup_restore/b_n_r-restore/index.html b/2.5/en/backup_restore/b_n_r-restore/index.html new file mode 100644 index 000000000..c457acdb2 --- /dev/null +++ b/2.5/en/backup_restore/b_n_r-restore/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Restore - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Restore

    + +

    Restore

    +

    Please do not copy this script to another location.

    +

    To run a restore, start mailcow, use the script with "restore" as first parameter.

    +
    # Syntax:
    +# ./helper-scripts/backup_and_restore.sh restore
    +
    +

    The script will ask you for a backup location containing the mailcow_DATE folders.

    + +
    +
    + + + Last update: + 2022-01-30 16:17:22 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-android/index.html b/2.5/en/client/client-android/index.html new file mode 100644 index 000000000..310f2efba --- /dev/null +++ b/2.5/en/client/client-android/index.html @@ -0,0 +1,2537 @@ + + + + + + + + + + + + + + + + + + Android - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Android

    + +
      +
    1. Open the Email app.
    2. +
    3. If this is your first email account, tap Add Account; if not, tap More and Settings and then Add account.
    4. +
    5. Select Microsoft Exchange ActiveSync.
    6. +
    7. Enter your email address () and password.
    8. +
    9. Tap Sign in.
    10. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-apple/index.html b/2.5/en/client/client-apple/index.html new file mode 100644 index 000000000..332a42ef3 --- /dev/null +++ b/2.5/en/client/client-apple/index.html @@ -0,0 +1,2645 @@ + + + + + + + + + + + + + + + + + + Apple macOS / iOS - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Apple macOS / iOS

    + +

    Method 1 via Mobileconfig

    +

    Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first.

    +

    Method 1.1: IMAP, SMTP and Cal/CardDAV

    +

    This method configures IMAP, CardDAV and CalDAV.

    +
      +
    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.phpmailcow.mobileconfig.
    2. +
    3. Enter the unlock code (iPhone) or computer password (Mac).
    4. +
    5. Enter your email password three times when prompted.
    6. +
    +

    Method 1.2: IMAP, SMTP (no DAV)

    +

    This method configures IMAP and SMTP only.

    +
      +
    1. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_emailmailcow.mobileconfig.
    2. +
    3. Enter the unlock code (iPhone) or computer password (Mac).
    4. +
    5. Enter your email password when prompted.
    6. +
    +

    Method 2 (Exchange ActiveSync emulation)

    +

    On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead.

    +
      +
    1. Open the Settings app, tap Mail, tap Accounts, tap Add Acccount, select Exchange.
    2. +
    3. Enter your email address () and tap Next.
    4. +
    5. Enter your password, tap Next again.
    6. +
    7. Finally, tap Save.
    8. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-emclient/index.html b/2.5/en/client/client-emclient/index.html new file mode 100644 index 000000000..f5b3a7c7e --- /dev/null +++ b/2.5/en/client/client-emclient/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + eM Client - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    eM Client

    + +
      +
    1. Launch eM Client.
    2. +
    3. If this is the first time you launched eM Client, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to Menu at the top, select Tools and Accounts.
    6. +
    7. Enter your email address () and click Start Now.
    8. +
    9. Enter your password and click Continue.
    10. +
    11. Enter your name () and click Next.
    12. +
    13. Click Finish.
    14. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-kontact/index.html b/2.5/en/client/client-kontact/index.html new file mode 100644 index 000000000..12b5656da --- /dev/null +++ b/2.5/en/client/client-kontact/index.html @@ -0,0 +1,2547 @@ + + + + + + + + + + + + + + + + + + KDE Kontact - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    KDE Kontact

    + +
      +
    1. Launch Kontact.
    2. +
    3. If this is the first time you launched Kontact or KMail, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to Mail in the sidebar. Go to the Tools menu and select Account Wizard.
    6. +
    7. Enter your name (), email address () and your password. Click Next.
    8. +
    9. Click Create Account. If prompted, re-enter your password and click OK.
    10. +
    11. Close the window by clicking Finish.
    12. +
    13. Go to Calendar in the sidebar.
    14. +
    15. Go to the Settings menu and select Configure KOrganizer.
    16. +
    17. Go to the Calendars tab and click the Add button.
    18. +
    19. Choose DAV groupware resource and click OK.
    20. +
    21. Enter your email address () and your password. Click Next.
    22. +
    23. Select ScalableOGo from the dropdown menu and click Next.
    24. +
    25. Enter your mailcow hostname into the Host field and click Next.
    26. +
    27. Click Test Connection and then Finish. Finally, click OK twice.
    28. +
    +

    Once you have set up Kontact, you can also use KMail, KOrganizer and KAddressBook individually.

    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-manual/index.html b/2.5/en/client/client-manual/index.html new file mode 100644 index 000000000..d37438156 --- /dev/null +++ b/2.5/en/client/client-manual/index.html @@ -0,0 +1,2651 @@ + + + + + + + + + + + + + + + + + + Manual configuration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manual configuration

    + +

    These instructions are valid for unchanged port bindings only!

    +

    Email

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ServiceEncryptionHostPort
    IMAPSTARTTLS mailcow hostname143
    IMAPSSSL mailcow hostname993
    POP3STARTTLS mailcow hostname110
    POP3SSSL mailcow hostname995
    SMTPSTARTTLS mailcow hostname587
    SMTPSSSL mailcow hostname465
    +

    Please use the "plain" password setting as the authentication mechanism. Contrary to what the name implies, the password will not be transferred to the server in plain text as no authentication is allowed to take place without TLS.

    +

    Contacts and calendars

    +

    SOGos default calendar (CalDAV) and contacts (CardDAV) URLs:

    +
      +
    1. CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/
    2. +
    3. CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/
    4. +
    +

    Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.

    + +
    +
    + + + Last update: + 2022-08-08 17:51:53 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-outlook/index.html b/2.5/en/client/client-outlook/index.html new file mode 100644 index 000000000..5ab9feb80 --- /dev/null +++ b/2.5/en/client/client-outlook/index.html @@ -0,0 +1,2677 @@ + + + + + + + + + + + + + + + + + + Microsoft Outlook - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Microsoft Outlook

    + +
    +

    Outlook 2016 or higher from Office 365 on Windows

    +
    +

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    +
    +

    Outlook 2016 has an issue with autodiscover. Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher.

    +

    For EAS you must use the old assistant by launching C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE. If this application opens, you can go to step 4 of the guide for Outlook 2013 below.

    +

    If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below.

    +

    Outlook 2007 or 2010 on Windows

    +
    +
    +

    Outlook 2007 or higher on Windows (Calender/Contacts via CalDav Synchronizer)

    +
    +
      +
    1. Download and install Outlook CalDav Synchronizer.
    2. +
    3. Launch Outlook.
    4. +
    5. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5.
    6. +
    7. Go to the File menu and click Add Account.
    8. +
    9. Enter your name (), email address () and your password. Click Next.
    10. +
    11. Click Finish.
    12. +
    13. Go to the CalDav Synchronizer ribbon and click Synchronization Profiles.
    14. +
    15. Click the second button at top (Add multiple profiles), select Sogo, click Ok.
    16. +
    17. Click the Get IMAP/POP3 account settings button.
    18. +
    19. Click Discover resources and assign to Outlook folders.
    20. +
    21. In the Select Resource window that pops up, select your main calendar (usually Personal Calendar), click the ... button, assign it to Calendar, and click OK. Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists!
    22. +
    23. Close all windows with the OK buttons.
    24. +
    + +
    +

    This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead.

    +
    +
      +
    1. Launch Outlook.
    2. +
    3. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4.
    4. +
    5. Go to the File menu and click Add Account.
    6. +
    7. Enter your name (), email address () and your password. Click Next.
    8. +
    9. When prompted, enter your password again, check Remember my credentials and click OK.
    10. +
    11. Click the Allow button.
    12. +
    13. Click Finish.
    14. +
    +

    Outlook 2011 or higher on macOS

    +

    The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.

    + +
    +
    + + + Last update: + 2022-02-16 15:23:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-thunderbird/index.html b/2.5/en/client/client-thunderbird/index.html new file mode 100644 index 000000000..1f329cdcd --- /dev/null +++ b/2.5/en/client/client-thunderbird/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Mozilla Thunderbird - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mozilla Thunderbird

    + +
      +
    1. + Launch Thunderbird. +
    2. +
    3. + If this is the first time you launched Thunderbird, it asks you whether you would like a new email address. Click Skip this and use my existing email and proceed to step 4. +
    4. +
    5. + Go to the File menu and select New, Existing Mail Account.... +
    6. +
    7. + Enter your name (), email address () and your password. Make sure the Remember password checkbox is selected and click Continue. +
    8. +
    9. + Once the configuration has been automatically detected, make sure IMAP is selected and click Done. +
    10. +
    11. + To use your contacts from the server, click on the arrow next to "Address Books" and click the Connect button on each address book you would like to use. +
    12. +
    13. + To use your calendars from the server, click on the arrow next to "Calendars" and click the Connect button on each calendar you would like to use. +
    14. +
    15. + Click Finish to close the Account Setup window. +
    16. +
    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client-windows/index.html b/2.5/en/client/client-windows/index.html new file mode 100644 index 000000000..e74230dea --- /dev/null +++ b/2.5/en/client/client-windows/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Windows Mail - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Windows Mail

    + +

    Windows 8 and higher support email, contacts and calendar via Exchange ActiveSync.

    +
      +
    1. Open the Mail app.
    2. +
    3. If you have not previously used Mail, you can click Add Account in the main window. Proceed to step 4.
    4. +
    5. Click Accounts in the sidebar on the left, then click Add Account on the far right.
    6. +
    7. Select Exchange.
    8. +
    9. Enter your email address () and click Next.
    10. +
    11. Enter your password and click Log in.
    12. +
    +

    Once you have set up the Mail app, you can also use the People and Calendar apps.

    + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/client/client/index.html b/2.5/en/client/client/index.html new file mode 100644 index 000000000..a2ed1655f --- /dev/null +++ b/2.5/en/client/client/index.html @@ -0,0 +1,2554 @@ + + + + + + + + + + + + + + + + + + Overview - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Overview

    + +

    mailcow supports a variety of email clients, both on desktop computers and on smartphones. +Below, you can find a number of configuration guides that explain how to configure your mailcow account.

    +
    +
    +

    Tip

    +If you access this page by logging into your mailcow server and clicking the "Show configuration guides for email clients and smartphones" link, all of the guides will be personalized with your email address and server name. +
    +
    +
    +
    +

    Success

    +Since you accessed this page after logging into your mailcow server, all of the guides have been personalized with your email address and server name. +
    +
    + + +
    +
    + + + Last update: + 2022-02-02 16:31:51 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/i_u_m/i_u_m_deinstall/index.html b/2.5/en/i_u_m/i_u_m_deinstall/index.html new file mode 100644 index 000000000..caaa0e42d --- /dev/null +++ b/2.5/en/i_u_m/i_u_m_deinstall/index.html @@ -0,0 +1,2552 @@ + + + + + + + + + + + + + + + + + + Deinstallation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Deinstallation

    + +

    To remove mailcow: dockerized with all it's volumes, images and containers do:

    +
    +
    +
    +
    docker compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    docker-compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    +
    +

    Info

    +
      +
    • -v Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers.
    • +
    • --rmi Remove images. Type must be one of: all: Remove all images used by any service. local: Remove only images that don't have a custom tag set by the image field.
    • +
    • --remove-orphans Remove containers for services not defined in the compose file.
    • +
    • By default docker compose down only removes currently active containers and networks defined in the docker-compose.yml.
    • +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/i_u_m/i_u_m_install/index.html b/2.5/en/i_u_m/i_u_m_install/index.html new file mode 100644 index 000000000..2bc58ce08 --- /dev/null +++ b/2.5/en/i_u_m/i_u_m_install/index.html @@ -0,0 +1,2894 @@ + + + + + + + + + + + + + + + + + + Installation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installation

    + +

    Docker and Docker Compose Installation

    +

    You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version >= 2.0 is required).

    +

    Learn how to install Docker and Docker Compose.

    +

    Quick installation for most operation systems:

    +

    Docker

    +
    curl -sSL https://get.docker.com/ | CHANNEL=stable sh
    +# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
    +systemctl enable --now docker
    +
    +

    docker compose

    +
    +

    Danger

    +

    mailcow requires the latest version of docker compose v2.
    +If Docker was installed using the script above, the Docker Compose plugin is already automatically installed in a version >=2.0.
    +Is your mailcow installation older or Docker was installed in a different way, the Compose plugin or the standalone version of Docker must be installed manually.

    +
    +

    Installation via Paketmanager (plugin)

    +
    +

    Info

    +

    This approach with the package sources is only possible if the Docker repository has been included. This can happen either through the instructions above (see Docker) or through a manually integration.

    +
    +

    On Debian/Ubuntu systems: +

    apt update
    +apt install docker-compose-plugin
    +

    +

    On Centos 7 systems: +

    yum update
    +yum install docker-compose-plugin
    +

    +
    +

    Danger

    +

    The Docker Compose command syntax is docker compose for the plugin variant of Docker Compose!!!

    +
    +

    Installation via Script (standalone)

    +
    +

    Info

    +

    This installation is the old familiar way. It installs Docker Compose as a standalone program and does not rely on the Docker installation way.

    +
    +
    LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
    +chmod +x /usr/local/bin/docker-compose
    +
    +
    +

    Danger

    +

    The Docker Compose command syntax is docker-compose for the standalone variant of Docker Compose!!!

    +
    +

    Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

    +

    Check SELinux specifics

    +

    On SELinux enabled systems, e.g. CentOS 7:

    +
      +
    • Check if "container-selinux" package is present on your system:
    • +
    +
    rpm -qa | grep container-selinux
    +
    +

    If the above command returns an empty or no output, you should install it via your package manager.

    +
      +
    • Check if docker has SELinux support enabled:
    • +
    +
    docker info | grep selinux
    +
    +

    If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add "selinux-enabled": true. Example file content:

    +
    {
    +  "selinux-enabled": true
    +}
    +
    +

    Restart the docker daemon and verify SELinux is now enabled.

    +

    This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. +If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.

    +

    Install mailcow

    +

    Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.

    +
    $ su
    +# umask
    +0022 # <- Verify it is 0022
    +# cd /opt
    +# git clone https://github.com/mailcow/mailcow-dockerized
    +# cd mailcow-dockerized
    +
    +

    Initialize mailcow

    +

    Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked. +

    ./generate_config.sh
    +

    +

    Change configuration if you want or need to. +

    nano mailcow.conf
    +
    +If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.

    +

    You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation.

    +

    Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.

    +

    Troubleshooting

    +

    Users with a MTU not equal to 1500 (e.g. OpenStack)

    +

    Whenever you run into trouble and strange phenomena, please check your MTU.

    +

    Edit docker-compose.yml and change the network settings according to your MTU. +Add the new driver_opts parameter like this: +

    networks:
    +  mailcow-network:
    +    ...
    +    driver_opts:
    +      com.docker.network.driver.mtu: 1450
    +    ...
    +

    +

    Users without an IPv6 enabled network on their host system

    +

    Please don't turn off IPv6, even if you don't like it. IPv6 is the future and should not be ignored.

    +

    If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.

    +

    Start mailcow

    +

    Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached:

    +
    +
    +
    +
    docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Done!

    +

    You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo.

    +
    +

    Info

    +

    If you are not using mailcow behind a reverse proxy, you should redirect all HTTP requests to HTTPS.

    +
    +

    The database will be initialized right after a connection to MySQL can be established.

    +

    Your data will persist in multiple Docker volumes, that are not deleted when you recreate or delete containers. Run docker volume ls to see a list of all volumes. You can safely run docker compose down without removing persistent data.

    + +
    +
    + + + Last update: + 2022-12-16 19:22:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/i_u_m/i_u_m_migration/index.html b/2.5/en/i_u_m/i_u_m_migration/index.html new file mode 100644 index 000000000..e45369167 --- /dev/null +++ b/2.5/en/i_u_m/i_u_m_migration/index.html @@ -0,0 +1,2598 @@ + + + + + + + + + + + + + + + + + + Migration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Migration

    + +
    +

    Warning

    +

    This guide assumes you intend to migrate an existing mailcow server (source) over to a brand new, empty server (target). It takes no care about preserving any existing data on your target server and will erase anything within /var/lib/docker/volumes and thus any Docker volumes you may have already set up.

    +
    +
    +

    Tip

    +

    Alternatively, you can use the ./helper-scripts/backup_and_restore.sh script to create a full backup on the source machine, then install mailcow on the target machine as usual, copy over your mailcow.conf and use the same script to restore your backup to the target machine.

    +
    +

    1. +Follow the installation guide to install Docker and Compose.

    +

    2. Stop Docker and assure Docker has stopped: +

    systemctl stop docker.service
    +systemctl status docker.service
    +

    +

    3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine: +

    rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
    +rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
    +

    +

    4. Shut down mailcow and stop Docker on the source machine.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    +

    5. Repeat step 3 with the same commands. This will be much quicker than the first time.

    +

    6. Switch over to the target machine and start Docker. +

    systemctl start docker.service
    +

    +

    7. Now pull the mailcow Docker images on the target machine.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose pull
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose pull
    +
    +
    +
    +
    +

    8. Start the whole mailcow stack and everything should be done!

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    +

    9. Finally, change your DNS settings to point to the target server.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/i_u_m/i_u_m_update/index.html b/2.5/en/i_u_m/i_u_m_update/index.html new file mode 100644 index 000000000..eaac95485 --- /dev/null +++ b/2.5/en/i_u_m/i_u_m_update/index.html @@ -0,0 +1,2848 @@ + + + + + + + + + + + + + + + + + + Update - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Update

    + +

    Automatic update

    +

    An update script in your mailcow-dockerized directory will take care of updates.

    +

    But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

    +

    Run the update script: +

    ./update.sh
    +

    +

    If it needs to, it will ask you how you wish to proceed. +Merge errors will be reported. +Some minor conflicts will be auto-corrected (in favour for the mailcow-dockerized repository code).

    +

    Options

    +
    # Options can be combined
    +
    +# - Check for updates and show changes
    +./update.sh --check
    +
    +# - Do not start mailcow after applying an update
    +./update.sh --skip-start
    +
    +# - Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine)
    +./update.sh --skip-ping-check
    +
    +# - Switch your mailcow updates to the unstable (nightly) branch.
    +FOR TESTING PURPOSES ONLY!!!! NOT READY FOR PRODUCTION!!!
    +./update.sh --nightly
    +
    +# - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
    +./update.sh --stable
    +
    +# - Force update (unattended, but unsupported, use at own risk)
    +./update.sh --force
    +
    +# - Run garbage collector to cleanup old image tags and exit
    +./update.sh --gc
    +
    +# - Update with merge strategy option "ours" instead of "theirs"
    +#   This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.
    +./update.sh --ours
    +
    +# - Don't update, but prefetch images and exit
    +./update.sh --prefetch
    +
    +

    I forgot what I changed before running update.sh

    +

    See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

    +
    22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
    +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
    +
    +

    Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

    +

    Can I roll back?

    +

    Yes.

    +

    See the topic above, instead of a diff, you run checkout:

    +
    +
    +
    +
    docker compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Hooks

    +

    You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

    +

    Update Cycle

    +
      +
    • We schedule a monthly release cycle for a major update at the first tuesday of the month.
    • +
    • The releases are numbered like this: YYYY-MM (e.g. 2022-05)
    • +
    • Fixes for a main Update will be stated as "Revisions" like a,b,c (e.g. 2022-05a, 2022-05b etc.)
    • +
    +

    Update variants

    +

    stable (stable updates): These updates are suitable for productive usage. They appear in a cycle of at least 1x per month.

    +

    nightly (unstable updates): These updates are NOT suitable for production use and are for testing only. The nightly updates are ahead of the stable updates, since in these updates we test newer and more extensive features before they go live for all users.

    +

    NEW: Get Nightly Updates

    +

    Info about the Nightly Updates

    +

    Since the 2022-08 update there is the possibility to change the update sources. Until now, the master branch on GitHub served as the only (official) update source. With the August 2022 update, however, there is now the Nightly Branch which contains unstable and major changes for testing and feedback.

    +

    The Nightly Branch always gets new updates when something is finished on the mailcow project that will be included in the new main version.

    +

    Besides the obvious changes that will be included in the next major update anyway, it also contains exclusive features that need a longer testing time (e.g. the UI update to Bootstrap 5).

    +

    How do I get Nightly Updates?

    +

    The process is relatively simple. With the 2022-08 update (assuming an update to the version) it is possible to run update.sh with the parameter --nightly.

    +
    +

    Danger

    Please make a backup before or follow the Best Practice Nightly Update section before switching to mailcow nightly builds. We are not responsible for any data loss/corruption, so work with caution!

    +

    +
    +

    The script will now change the branch with git checkout nightly, which means it will ask for the IPv6 settings again. But this is normal.

    +

    If everything worked fine (for which we made a backup before) the mailcow UI should now show the current version number and date stamp in the lower right corner:
    +nightly footer

    +

    Best Practice Nightly Update

    +
    +

    Info

    We recommend using the Nightly Update only if you have another machine or VM and NOT use it productively.

    +

    +
    +
      +
    1. use the cold standby script to copy the machine before the switch to the nightly builds on another system.
    2. +
    3. run the update.sh script on the new machine with the parameter --nightly and confirm.
    4. +
    5. experience/test the nightly updates on the secondary machine.
    6. +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/index.html b/2.5/en/index.html new file mode 100644 index 000000000..4bf2edb52 --- /dev/null +++ b/2.5/en/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Information & Support - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    🐮 + 🐋 = 💕

    +

    Help mailcow

    +

    Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us. :)

    +

    If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN.

    +

    Get support

    +

    There are two ways to achieve support for your mailcow installation.

    +

    Commercial support

    +

    For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN. For custom inquiries or questions please contact us at info@servercow.de instead.

    +

    Furthermore we do also provide a fully featured and managed mailcow here. This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way.

    +

    Community support and chat

    +

    The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything.

    + +

    Telegram desktop clients are available for multiple platforms. You can search the groups history for keywords.

    +

    For bug tracking, feature requests and code contributions only:

    + +

    Demos

    +

    Since September 2022 we´re providing two seperate Demo instances:

    +
      +
    • demo.mailcow.email is the classic Demo based on the stable releases.
    • +
    • nightly-demo.mailcow.email is the new nightly demo based on unreleased testing features. (So especially interesting for those who have no possibility to create a test instance themselves.)
    • +
    +

    Use the following credentials to login on both demos:

    +
      +
    • Administrator: admin / moohoo
    • +
    • Domain-Administrator: department / moohoo
    • +
    • Mailbox: demo@440044.xyz / moohoo
    • +
    +
    +

    Success

    +

    The demo instances get the latest updates directly after releases from GitHub. Fully automatic, without any downtime!

    +
    +

    Overview

    +

    The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:

    +
      +
    • DKIM and ARC support
    • +
    • Black- and whitelists per domain and per user
    • +
    • Spam score management per-user (reject spam, mark spam, greylist)
    • +
    • Allow mailbox users to create temporary spam aliases
    • +
    • Prepend mail tags to subject or move mail to sub folder (per-user)
    • +
    • Allow mailbox users to toggle incoming and outgoing TLS enforcement
    • +
    • Allow users to reset SOGo ActiveSync device caches
    • +
    • imapsync to migrate or pull remote mailboxes regularly
    • +
    • TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP
    • +
    • Add domains, mailboxes, aliases, domain aliases and SOGo resources
    • +
    • Add whitelisted hosts to forward mail to mailcow
    • +
    • Fail2ban-like integration
    • +
    • Quarantine system
    • +
    • Antivirus scanning incl. macro scanning in office documents
    • +
    • Integrated basic monitoring
    • +
    • A lot more...
    • +
    +

    mailcow: dockerized comes with multiple containers linked in one bridged network. +Each container represents a single application.

    + +
    +

    Warning

    +

    Mails are stored compressed and encrypted. The key pair can be found in crypt-vol-1. Be sure to backup this volume!

    +
    +

    Docker volumes to keep dynamic data - take care of them!

    +
      +
    • clamd-db-vol-1
    • +
    • crypt-vol-1
    • +
    • mysql-socket-vol-1
    • +
    • mysql-vol-1
    • +
    • postfix-vol-1
    • +
    • redis-vol-1
    • +
    • rspamd-vol-1
    • +
    • sogo-userdata-backup-vol-1
    • +
    • sogo-web-vol-1
    • +
    • solr-vol-1
    • +
    • vmail-index-vol-1
    • +
    • vmail-vol-1
    • +
    + +
    +
    + + + Last update: + 2022-09-24 12:40:59 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/2.5/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html new file mode 100644 index 000000000..09bbe2950 --- /dev/null +++ b/2.5/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -0,0 +1,2723 @@ + + + + + + + + + + + + + + + + + + Additional Databases - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    + +
    + + + +
    +
    + + + + + + + + + +

    Additional Databases

    + +

    Additional Databases for ClamAV

    +

    Default ClamAV databases do not have great detection levels, but it can be enhanced with free or paid signature databases.

    +

    List of known free databases | As of April 2022

    +
      +
    • SecurityInfo - free ClamAV DBs for testing purposes, required registration after which you can use them from 1 IP
    • +
    • InterServer - free to use ClamAV DBs, but they do not fit well for email scanning
    • +
    +

    Enable SecuriteInfo databases

    +
      +
    1. Sign up for a free account at https://www.securiteinfo.com/clients/customers/signup
    2. +
    3. You will receive an email to activate your account and then a follow-up email with your login name
    4. +
    5. Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account
    6. +
    7. Click on the Setup tab
    8. +
    9. You will need to get your_id from one of the download links, they are individual for every user
    10. +
    11. +

      Add to data/conf/clamav/freshclam.conf with replaced your_id part: +

      DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
      +

      +
    12. +
    13. +

      For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

      +
    14. +
    15. +

      Adjust data/conf/clamav/clamd.conf to align with next settings: +

      DetectPUA yes
      +ExcludePUA PUA.Win.Packer
      +ExcludePUA PUA.Win.Trojan.Packed
      +ExcludePUA PUA.Win.Trojan.Molebox
      +ExcludePUA PUA.Win.Packer.Upx
      +ExcludePUA PUA.Doc.Packed
      +MaxScanSize 150M
      +MaxFileSize 100M
      +MaxRecursion 40
      +MaxEmbeddedPE 100M
      +MaxHTMLNormalize 50M
      +MaxScriptNormalize 50M
      +MaxZipTypeRcg 50M
      +

      +
    16. +
    17. Restart ClamAV container:
    18. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Please note:

    +
      +
    • You can't use ExcludePUA and IncludePUA in clamd.conf simultaneously, so please comment any IncludePUA if you uncommented them before.
    • +
    • List of databases provided in this example fit most use-cases, but SecuriteInfo also provides other databases. Please check SecuriteInfo FAQ for additional information.
    • +
    • With the current DB set (including default DBs) ClamAV will consume about 1.3Gb of RAM on your server.
    • +
    • If you modified message_size_limit in Postfix you need to adapt MaxSize settings in ClamAV as well.
    • +
    +

    Enable InterServer databases

    +
      +
    1. Add to data/conf/clamav/freshclam.conf: +
      DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
      +DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
      +DatabaseCustomURL http://sigs.interserver.net/shell.ldb
      +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
      +
    2. +
    3. Restart ClamAV container:
    4. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/2.5/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html new file mode 100644 index 000000000..a3264770a --- /dev/null +++ b/2.5/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -0,0 +1,2631 @@ + + + + + + + + + + + + + + + + + + Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Whitelist

    + +

    Whitelist specific ClamAV signatures

    +

    You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

    +
    +
    +
    +
    docker compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    docker-compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    +

    This line confirms that such was identified:

    +
    clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
    +
    +

    To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

    +
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
    +
    +

    Then restart the clamd-mailcow service container in the mailcow UI or using docker compose:

    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Cleanup cached ClamAV results in Redis:

    +
    +
    +
    +
    docker compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    docker-compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/2.5/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html new file mode 100644 index 000000000..1903177f9 --- /dev/null +++ b/2.5/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -0,0 +1,2557 @@ + + + + + + + + + + + + + + + + + + Customize Dockerfiles - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize Dockerfiles

    + +

    You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

    +
    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
    +
    +

    Customize data/Dockerfiles/$service and build the image locally: +

    docker build data/Dockerfiles/$service -t mailcow/$service:$tag
    +
    +(without a personalized :$tag docker will use :latest automatically)

    +

    Now the created image has to be activated in docker-compose.override.yml, e.g.: +

    $service-mailcow:
    +    build: ./data/Dockerfiles/$service
    +    image: mailcow/$service:$tag
    +

    +

    Now auto-recreate modified containers:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html new file mode 100644 index 000000000..0dd00347f --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + Enable "any" ACL settings - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Enable "any" ACL settings

    + +

    On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

    +

    This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

    +
    ACL_ANYONE=allow
    +
    +

    Apply the changes by restarting the stack:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html new file mode 100644 index 000000000..9ce6273e1 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + Vacation replies for catchall addresses - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Vacation replies for catchall addresses

    + +

    The Dovecot parameter sieve_vacation_dont_check_recipient - which was by default set to yes in mailcow configurations pre 21st July 2021 - allows for vacation replies even when a mail is sent to non-existent mailboxes like a catch-all addresses.

    +

    We decided to switch this parameter back to no and allow a user to specify which recipient address triggers a vacation reply. The triggering recipients can also be configured in SOGos autoresponder feature.

    + +
    +
    + + + Last update: + 2022-02-02 11:37:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html new file mode 100644 index 000000000..edf765ea8 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Expunge a Users mails - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Expunge a Users mails

    + +

    If you want to delete old mails out of the .Junk or .Trash folders or maybe delete all read mails that are older than a certain amount of time you may use dovecot's tool doveadm man doveadm-expunge.

    +

    The manual way

    +

    That said, let's dive in:

    +

    Delete a user's mails inside the junk folder that are read and older than 4 hours

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    +

    Delete all user's mails in the junk folder that are older than 7 days

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    +

    Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance).

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    +

    Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    +
    +

    Info

    +

    For possible time spans or search keys have a look at man doveadm-search-query

    +
    +

    Job scheduler

    +

    via the host system cron

    +

    If you want to automate such a task you can create a cron job on your host that calls a script like the one below:

    +
    +
    +
    +
    #!/bin/bash
    +# Path to mailcow-dockerized, for example: /opt/mailcow-dockerized
    +cd /path/to/your/mailcow-dockerized
    +
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    #!/bin/bash
    +# Path to mailcow-dockerized, for example: /opt/mailcow-dockerized
    +cd /path/to/your/mailcow-dockerized
    +
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    +

    To create a cron job you may execute crontab -e and insert something like the following to execute a script:

    +
    # Execute everyday at 04:00 A.M.
    +0 4 * * * /path/to/your/expunge_mailboxes.sh
    +
    +

    via Docker job scheduler

    +

    To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow:

    +
    version: '2.1'
    +
    +services:
    +
    +  ofelia:
    +    image: mcuadros/ofelia:latest
    +    restart: always
    +    command: daemon --docker
    +    volumes:
    +      - /var/run/docker.sock:/var/run/docker.sock:ro   
    +    network_mode: none
    +
    +  dovecot-mailcow:
    +    labels:
    +      - "ofelia.enabled=true"
    +      - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
    +      - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
    +      - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
    +
    +

    The job controller just need access to the docker control socket to be able to emulate the behavior of "exec". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru. +This docker-compose.override.yml deletes all mails older then 2 weeks from the "Junk" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this:

    +
    common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
    +common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
    +
    +

    If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug.

    +

    In case you want to add more jobs, ensure you change the "dovecot-expunge-trash" part after "ofelia.job-exec." to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html new file mode 100644 index 000000000..db72187be --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Customize/Expand dovecot.conf - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize/Expand dovecot.conf

    + +

    Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here.

    +

    Restart dovecot-mailcow to apply your changes:

    +
    +
    +
    +
    docker compose restart dovecot-mailcow
    +
    +
    +
    +
    docker-compose restart dovecot-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html new file mode 100644 index 000000000..9b4c0f00c --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -0,0 +1,2671 @@ + + + + + + + + + + + + + + + + + + FTS (Solr) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    FTS (Solr)

    + +

    FTS Solr

    +

    Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot.

    +

    Please be aware that applications like Solr may need maintenance from time to time.

    +

    Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM.

    +

    The default heap size (1024 M) is defined in mailcow.conf.

    +

    Since we run in Docker and create our containers with the "restart: always" flag, a oom situation will at least only trigger a restart of the container.

    + +
    +
    +
    +
    # single user
    +docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# all users
    +docker compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    # single user
    +docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# all users
    +docker-compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    +

    Dovecot Wiki: "Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any)."

    +

    This does not re-index a mailbox. It basically repairs a given index.

    +

    If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit:

    +
    +
    +
    +
    # single user
    +docker compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# all users, but obviously slower and more dangerous
    +docker compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    # single user
    +docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# all users, but obviously slower and more dangerous
    +docker-compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    +

    This will take some time depending on your machine and Solr can run oom, monitor it!

    +

    Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.

    +

    Delete mailbox data

    +

    mailcow will purge index data of a user when deleting a mailbox.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html new file mode 100644 index 000000000..f9ec3f3fa --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -0,0 +1,2685 @@ + + + + + + + + + + + + + + + + + + IMAP IDLE interval - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Changing the IMAP IDLE interval

    +

    What is the IDLE interval?

    +

    Per default, Dovecot sends a "I'm still here" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval, which defaults to 2 minutes.

    +

    A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain.

    +

    Edit the value

    +

    Change configuration

    +

    Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). +Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type:

    +
    imap_idle_notify_interval = 5 mins
    +
    +

    29 minutes is the maximum value allowed by the corresponding RFC.

    +
    +

    Warning

    +

    This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior.

    +
    +

    Reload Dovecot

    +

    Now reload Dovecot:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    +
    +

    Info

    +

    You can check the value of this setting with

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    +

    If you didn't change it, it should be at 2m. If you did change it, you should see your new value.

    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html new file mode 100644 index 000000000..a4f0ced89 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -0,0 +1,2575 @@ + + + + + + + + + + + + + + + + + + Mail crypt - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mail crypt

    + +
    +

    Warning

    +

    Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

    +
    +

    If you want to decode/encode existing maildir files, you can use the following script at your own risk:

    +

    Enter Dovecot by running the following command in the mailcow-dockerized location:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    +
    # Decrypt /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
    +doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" > "/tmp/$(basename "$file")"
    +  if [[ -s "/tmp/$(basename "$file")" ]]; then
    +    chmod 600 "/tmp/$(basename "$file")"
    +    chown 5000:5000 "/tmp/$(basename "$file")"
    +    mv "/tmp/$(basename "$file")" "$file"
    +  else
    +    rm "/tmp/$(basename "$file")"
    +  fi
    +fi
    +done
    +
    +# Encrypt /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then
    +doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" "$file"
    +  chmod 600 "$file"
    +  chown 5000:5000 "$file"
    +fi
    +done
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-more/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-more/index.html new file mode 100644 index 000000000..39922f878 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -0,0 +1,2629 @@ + + + + + + + + + + + + + + + + + + More Examples with DOVEADM - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    More Examples with DOVEADM

    + +

    Here is just an unsorted list of useful doveadm commands that could be useful.

    +

    doveadm quota

    +

    The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

    +

    To list the current quota status for a user / mailbox, do:

    +
    doveadm quota get -u 'mailbox@example.org'
    +
    +

    To list the quota storage value for all users, do:

    +
    doveadm quota get -A |grep "STORAGE"
    +
    +

    Recalculate a single user's quota usage:

    +
    doveadm quota recalc -u 'mailbox@example.org'
    +
    + +

    The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

    +

    To view the number of messages, by user, in their .Trash folder:

    +
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
    +
    +

    Show all messages in a user's inbox older then 90 days:

    +
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
    +
    +

    Show all messages in any folder that are older then 30 days for mailbox@example.org:

    +
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
    +
    + + +
    +
    + + + Last update: + 2022-02-02 11:37:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html new file mode 100644 index 000000000..3a3b33406 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -0,0 +1,2618 @@ + + + + + + + + + + + + + + + + + + Public folders - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Public folders

    + +

    Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

    +

    Edit or create data/conf/dovecot/extra.conf, add:

    +
    namespace {
    +  type = public
    +  separator = /
    +  prefix = Public/
    +  location = maildir:/var/vmail/public:INDEXPVT=~/public
    +  subscriptions = yes
    +  mailbox "Develcow" {
    +    auto = subscribe
    +  }
    +}
    +
    +

    :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

    +

    The new mailbox in the public namespace will be auto-subscribed by users.

    +

    To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    +

    Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

    +

    Allow authenticated users access to the whole public namespace

    +

    To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

    +

    Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

    +
    authenticated kxeilprwts
    +
    +

    kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

    +

    You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

    +

    See Dovecot ACL for further information about ACL.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html new file mode 100644 index 000000000..b232e3682 --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Static master user - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Static master user

    + +

    Random master usernames and passwords are automatically created on every restart of dovecot-mailcow.

    +

    That's recommended and should not be changed.

    +

    If you need the user to be static anyway, please specify two variables in mailcow.conf.

    +

    Both parameters must not be empty!

    +
    DOVECOT_MASTER_USER=mymasteruser
    +DOVECOT_MASTER_PASS=mysecretpass
    +
    +

    Run the command below to apply your changes:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

    +

    To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

    +

    A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described here +No master user is required.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/2.5/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html new file mode 100644 index 000000000..21be598ba --- /dev/null +++ b/2.5/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + Move Maildir (vmail) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Move Maildir (vmail)

    + +

    The "new" way

    +
    +

    Warning

    +

    Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

    +
    +

    An easy, dirty, yet stable workaround is to stop mailcow, remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

    +
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
    +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
    +
    +

    Start mailcow afterwards.

    +
    +

    The "old" way

    +

    If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

    +
    version: '2.1'
    +volumes:
    +  vmail-vol-1:
    +    driver_opts:
    +      type: none
    +      device: /data/mailcow/vmail   
    +      o: bind
    +
    +

    Moving an existing vmail folder:

    +
      +
    • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
    • +
    +
    [
    +    {
    +        "CreatedAt": "2019-06-16T22:08:34+02:00",
    +        "Driver": "local",
    +        "Labels": {
    +            "com.docker.compose.project": "mailcowdockerized",
    +            "com.docker.compose.version": "1.23.2",
    +            "com.docker.compose.volume": "vmail-vol-1"
    +        },
    +        "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data",
    +        "Name": "mailcowdockerized_vmail-vol-1",
    +        "Options": null,
    +        "Scope": "local"
    +    }
    +]
    +
    +
      +
    • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
    • +
    • Stop mailcow by executing docker compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
    • +
    • Create the file docker-compose.override.yml, edit the device path accordingly
    • +
    • Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1
    • +
    • Start mailcow by executing docker compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
    • +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Nginx/u_e-nginx_custom/index.html b/2.5/en/manual-guides/Nginx/u_e-nginx_custom/index.html new file mode 100644 index 000000000..54bca0f20 --- /dev/null +++ b/2.5/en/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -0,0 +1,2727 @@ + + + + + + + + + + + + + + + + + + Custom sites - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Custom sites

    + +

    SSL

    +

    Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration.

    +

    Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root.

    +

    New site

    +

    To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

    +

    A good template to begin with:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  # Location: data/web
    +  root /web;
    +  # Location: data/web/mysite.com
    +  #root /web/mysite.com
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name mysite.example.org;
    +  server_tokens off;
    +
    +  # This allows acme to be validated even with a different web root
    +  location ^~ /.well-known/acme-challenge/ {
    +    default_type "text/plain";
    +    rewrite /.well-known/acme-challenge/(.*) /$1 break;
    +    root /web/.well-known/acme-challenge/;
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$server_name$request_uri;
    +  }
    +}
    +
    +

    New site with proxy to a remote location

    +

    Another example with a reverse proxy configuration:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name example.domain.tld;
    +  server_tokens off;
    +
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$host$request_uri;
    +  }
    +
    +  location / {
    +    proxy_pass http://service:3000/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  }
    +}
    +
    +

    Config expansion in mailcows Nginx

    +

    The filename used for a new site is not important, as long as the filename carries a .conf extension.

    +

    It is also possible to extend the configuration of the default file site.conf file:

    +
    nano data/conf/nginx/site.my_content.custom
    +
    +

    This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

    +

    If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

    +

    Restart Nginx (and PHP-FPM, if a new listener was created):

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +docker compose restart php-fpm-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +docker-compose restart php-fpm-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/2.5/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html new file mode 100644 index 000000000..f95bfc2c4 --- /dev/null +++ b/2.5/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -0,0 +1,2586 @@ + + + + + + + + + + + + + + + + + + Create subdomain webmail.example.org - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Create subdomain webmail.example.org

    + +

    IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

    +

    To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

    +

    nano data/conf/nginx/webmail.conf

    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name webmail.example.org;
    +  server_tokens off;
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  location / {
    +    return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
    +  }
    +}
    +
    +

    Save and restart Nginx:

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +
    +
    +
    +
    +

    Now open mailcow.conf and find ADDITIONAL_SAN. +Add webmail.example.org to this array, don't use quotes!

    +
    ADDITIONAL_SAN=webmail.example.org
    +
    +

    Run the command to apply the changes:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    See "acme-mailcow" and "nginx-mailcow" logs if anything fails.

    + +
    +
    + + + Last update: + 2022-12-15 15:38:44 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html new file mode 100644 index 000000000..79dec9767 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Max. message size (attachment size) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Max. message size (attachment size)

    + +

    Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

    +

    Restart Postfix:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html new file mode 100644 index 000000000..70271002f --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Custom transport maps - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Custom transport maps

    + +

    For transport maps other than those to be configured in mailcow UI, please use data/conf/postfix/custom_transport.pcre to prevent existing maps or settings from being overwritten by updates.

    +

    In most cases using this file is not necessary. Please make sure mailcow UI is not able to route your desired traffic properly before using that file.

    +

    The file needs valid PCRE content and can break Postfix, if configured incorrectly.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html new file mode 100644 index 000000000..d14a22b68 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + Disable Sender Addresses Verification - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Disable Sender Addresses Verification

    + +

    New guide

    +

    Edit a mailbox and select "Allow to send as *".

    +

    For historical reasons we kept the old and deprecated guide below:

    +

    Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

    +

    This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

    +

    Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. +

    user-to-allow-everything@example.com OK
    +

    +

    Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: +

    smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
    +

    +

    Run postmap on check_sasl_access:

    +
    +
    +
    +
    docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    +

    Restart the Postfix container.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html new file mode 100644 index 000000000..4d18395a4 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -0,0 +1,2548 @@ + + + + + + + + + + + + + + + + + + Customize/Expand main.cf - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize/Expand main.cf

    + +

    Please create a new file data/conf/postfix/extra.cf for overrides or additional content to main.cf.

    +

    Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

    +

    Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

    +

    Restart postfix-mailcow to apply your changes:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html new file mode 100644 index 000000000..893ba90e6 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Statistics with pflogsumm - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Statistics with pflogsumm

    + +

    To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

    +
    docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
    +
    +

    The above log output is limited to the last 24 hours.

    +

    It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

    +
    SHELL=/bin/bash
    +59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
    +
    +

    To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

    +

    More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

    +

    Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

    + +
    +
    + + + Last update: + 2022-06-13 08:06:24 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html new file mode 100644 index 000000000..88aa904e3 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Whitelist IP in Postscreen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Whitelist IP in Postscreen

    + +

    IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr.

    +

    Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups.

    +

    The format of the file is as follows:

    +

    CIDR ACTION

    +

    Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

    +

    Example:

    +
    # Rules are evaluated in the order as specified.
    +# Blacklist 192.168.* except 192.168.0.1.
    +192.168.0.1          permit
    +192.168.0.0/16       reject
    +
    +

    The file is reloaded on the fly, postfix restart is not required.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html new file mode 100644 index 000000000..d9e6878e0 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html @@ -0,0 +1,2643 @@ + + + + + + + + + + + + + + + + + + Relayhosts - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Relayhosts

    + +

    As of September 12, 2018 you can setup relayhosts as admin by using the mailcow UI.

    +

    This is useful if you want to relay outgoing emails for a specific domain to a third-party spam filter or a service like Mailgun or Sendgrid. This is also known as a smarthost.

    +

    Add a new relayhost

    +

    Go to the Routing tab of the Configuration and Details section of the admin UI. +Here you will see a list of relayhosts currently setup.

    +

    Scroll to the Add sender-dependent transport section.

    +

    Under Host, add the host you want to relay to.
    +Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org

    +

    If the relay host requires a username and password to authenticate, enter them in the respective fields.
    +Keep in mind the credentials will be stored in plain text.

    +

    Test a relayhost

    +

    To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test.

    +

    You will then see the results of the SMTP transmission. If all went well, you should see +SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines.

    +

    If not, review the error provided and resolve it.

    +

    Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system.

    +

    Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc
    This way you can check that the relay worked by checking the destination mailbox.

    +

    Set the relayhost for a domain

    +

    Go to the Domains tab of the Mail setup section of the admin UI.

    +

    Edit the desired domain.

    +

    Select the newly added host on the Sender-dependent transports dropdown and save changes.

    +

    Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/2.5/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html new file mode 100644 index 000000000..0a8193668 --- /dev/null +++ b/2.5/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -0,0 +1,2646 @@ + + + + + + + + + + + + + + + + + + Add trusted networks - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Add trusted networks

    + +

    By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.

    +

    By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured.

    +

    If you decide to set mynetworks, Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!

    +

    Unauthenticated relaying

    +
    +

    Warning

    +

    Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.

    +
    +

    IPv4 hosts/subnets

    +

    To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

    +

    Edit data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
    +
    +

    Run docker compose restart postfix-mailcow to apply your new settings.

    +

    IPv6 hosts/subnets

    +

    Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

    +

    To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

    +

    Edit data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
    +
    +

    Run docker compose restart postfix-mailcow to apply your new settings.

    +
    +

    Info

    +

    More information about mynetworks can be found in the Postfix documentation.

    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Redis/u_e-redis/index.html b/2.5/en/manual-guides/Redis/u_e-redis/index.html new file mode 100644 index 000000000..00b2285c0 --- /dev/null +++ b/2.5/en/manual-guides/Redis/u_e-redis/index.html @@ -0,0 +1,2710 @@ + + + + + + + + + + + + + + + + + + Redis - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Redis

    + +

    Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

    +

    Client

    +

    To connect to the redis cli execute:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Debugging

    +

    Here are some useful commands for the redis-cli for debugging:

    +
    MONITOR
    +

    Listens for all requests received by the server in real time:

    +
    +
    +
    +
    #docker compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    #docker-compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    +
    KEYS
    +

    Get all keys matching your pattern:

    +
    KEYS *
    +
    +
    PING
    +

    Test a connection:

    +
    127.0.0.1:6379> PING
    +PONG
    +
    +

    If you want to know more, here is a cheat sheet.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Rspamd/u_e-rspamd/index.html b/2.5/en/manual-guides/Rspamd/u_e-rspamd/index.html new file mode 100644 index 000000000..9e84a23bc --- /dev/null +++ b/2.5/en/manual-guides/Rspamd/u_e-rspamd/index.html @@ -0,0 +1,3037 @@ + + + + + + + + + + + + + + + + + + Rspamd - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Rspamd

    + +

    Rspamd is used for AV handling, DKIM signing and SPAM handling. It's a powerful and fast filter system. For a more in-depth documentation on Rspamd please visit its own documentation.

    +

    Learn Spam & Ham

    +

    Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. +This is achieved by using the Sieve plugin "sieve_imapsieve" and parser scripts.

    +

    Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning). We configured the plugin to keep a sane ratio between spam and ham learns.

    +

    The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM.

    +

    Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam.

    +

    You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.

    +

    Learn Spam or Ham from existing directory

    +

    You can use a one-liner to learn mail in plain-text (uncompressed) format:

    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    +

    Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example:

    +
    for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
    +
    +

    Reset learned data (Bayes, Neural)

    +

    You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now:

    +

    Backup database

    +
    # It is better to stop Redis before you copy the file.
    +cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
    +
    +

    Reset Bayes data

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Reset Neural data

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Reset Fuzzy data

    +
    +
    +
    +
    # We need to enter the redis-cli first:
    +docker compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    # We need to enter the redis-cli first:
    +docker-compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    +

    Info

    +

    If redis-cli complains about...

    +
    (error) ERR wrong number of arguments for 'del' command
    +
    +

    ...the key pattern was not found and thus no data is available to delete - it is fine.

    +

    CLI tools

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamc --help
    +docker compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamc --help
    +docker-compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    +

    Disable Greylisting

    +

    Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting.

    +

    You can disable greylisting server-wide by editing:

    +

    {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

    +

    Add the line:

    +
    enabled = false;
    +
    +

    Save the file and restart "rspamd-mailcow":

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Spam filter thresholds (global)

    +

    Each user is able to change their spam rating individually. To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf:

    +
    reject = 15;
    +add_header = 8;
    +greylist = 7;
    +
    +

    Save the file and restart "rspamd-mailcow":

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Existing settings of users will not be overwritten!

    +

    To reset custom defined thresholds, run:

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +# docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +

    Custom reject messages

    +

    The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content:

    +
    reject_message = "My custom reject message";
    +
    +

    Save the file and restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted:

    +
      +
    1. +

      Find prefilet reject symbol for which you want change message, to do it run: grep -R "SYMBOL_YOU_WANT_TO_ADJUST" /opt/mailcow-dockerized/data/conf/rspamd/

      +
    2. +
    3. +

      Add your custom message as new line:

      +
    4. +
    +
    GLOBAL_RCPT_BL {
    +  type = "rcpt";
    +  map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
    +  regexp = true;
    +  prefilter = true;
    +  action = "reject";
    +  message = "Sending mail to this recipient is prohibited by postmaster@your.domain";
    +}
    +
    +
      +
    1. Save the file and restart Rspamd:
    2. +
    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Discard instead of reject

    +

    If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content:

    +
    discard_on_reject = true;
    +
    +

    Restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Wipe all ratelimit keys

    +

    If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task:

    +
    +
    +
    +
    docker compose exec redis-mailcow sh
    +# Unlink (available in Redis >=4.) will delete in the backgronud
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh
    +# Unlink (available in Redis >=4.) will delete in the backgronud
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    +

    Restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Trigger a resend of quarantine notifications

    +

    Should be used for debugging only!

    +
    +
    +
    +
    docker compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    +

    Increase history retention

    +

    By default Rspamd keeps 1000 elements in the history.

    +

    The history is stored compressed.

    +

    It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it:

    +

    Edit data/conf/rspamd/local.d/history_redis.conf:

    +
    nrows = 1000; # change this value
    +
    +

    Restart Rspamd afterwards:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/SOGo/u_e-sogo/index.html b/2.5/en/manual-guides/SOGo/u_e-sogo/index.html new file mode 100644 index 000000000..f3a54ea55 --- /dev/null +++ b/2.5/en/manual-guides/SOGo/u_e-sogo/index.html @@ -0,0 +1,2754 @@ + + + + + + + + + + + + + + + + + + SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    + +
    + + + +
    +
    + + + + + + + + + +

    SOGo

    + +

    SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its own documentation.

    +

    Apply custom SOGo theme

    +

    mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js. +Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works.

    +

    You can use the provided custom-theme.js as an example starting point by removing the comments. +After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to

    +
      +
    1. edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES;
    2. +
    3. restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.
    4. +
    5. open SOGo in browser
    6. +
    7. open browser developer console, usually shortcut is F12
    8. +
    9. only if you use Firefox: write by hands in dev console allow pasting and press enter
    10. +
    11. paste java script snipet in dev console: +
      copy([].slice.call(document.styleSheets)
      +  .map(e => e.ownerNode)
      +  .filter(e => e.hasAttribute('md-theme-style'))
      +  .map(e => e.textContent)
      +  .join('\n')
      +)
      +
    12. +
    13. open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
    14. +
    15. copy CSS file to mailcow server data/conf/sogo/custom-theme.css
    16. +
    17. edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
    18. +
    19. append/create docker-compose.override.yml with: +
      version: '2.1'
      +
      +services:
      +  sogo-mailcow:
      +    volumes:
      +      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    20. +
    21. run docker compose up -d
    22. +
    23. run docker compose restart memcached-mailcow
    24. +
    +

    Reset to SOGo default theme

    +
      +
    1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
    2. +
    3. find in data/conf/sogo/custom-theme.js: +
      // Apply new palettes to the default theme, remap some of the hues
      +    $mdThemingProvider.theme('default')
      +      .primaryPalette('green-cow', {
      +        'default': '400',  // background color of top toolbars
      +        'hue-1': '400',
      +        'hue-2': '600',    // background color of sidebar toolbar
      +        'hue-3': 'A700'
      +      })
      +      .accentPalette('green', {
      +        'default': '600',  // background color of fab buttons and login screen
      +        'hue-1': '300',    // background color of center list toolbar
      +        'hue-2': '300',    // highlight color for selected mail and current day calendar
      +        'hue-3': 'A700'
      +      })
      +      .backgroundPalette('frost-grey');
      +
      +and replace it with: +
          $mdThemingProvider.theme('default');
      +
    4. +
    5. remove from docker-compose.override.yml volume mount in sogo-mailcow: +
      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    6. +
    7. run docker compose up -d
    8. +
    9. run docker compose restart memcached-mailcow
    10. +
    +

    Change favicon

    +

    mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. +Note: You can use .png favicons for SOGo by renaming them to custom-favicon.ico. +For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. +After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.

    + +

    mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg. +After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.

    +

    Connect domains

    +

    Domains are usually isolated from eachother.

    +

    You can change that by modifying data/conf/sogo/sogo.conf:

    +

    Search... +

       // SOGoDomainsVisibility = (
    +    //  (domain1.tld, domain5.tld),
    +    //  (domain3.tld, domain2.tld)
    +    // );
    +
    +...and replace it by - for example:

    +
        SOGoDomainsVisibility = (
    +      (example.org, example.com, example.net)
    +    );
    +
    +

    Restart SOGo: docker compose restart sogo-mailcow

    +

    Disable password changing

    +

    Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

    +

    Run docker compose restart memcached-mailcow sogo-mailcow to activate the changes.

    +

    Reset TOTP / Disable TOTP

    +

    Run docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}' from within the mailcow directory.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Unbound/u_e-unbound-fwd/index.html b/2.5/en/manual-guides/Unbound/u_e-unbound-fwd/index.html new file mode 100644 index 000000000..c7c065245 --- /dev/null +++ b/2.5/en/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -0,0 +1,2641 @@ + + + + + + + + + + + + + + + + + + Using an external DNS service - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Using an external DNS service

    + +

    If you want or have to use an external DNS service, you can either set a forwarder in Unbound or copy an override file to define external DNS servers:

    +
    +

    Warning

    +

    Please do not use a public resolver like we did in the example above. Many - if not all - blacklist lookups will fail with public resolvers, because blacklist server has limits on how much requests can be done from one IP and public resolvers usually reach this limits.
    +Important: Only DNSSEC validating DNS services will work.

    +
    +

    Method A, Unbound

    +

    Edit data/conf/unbound/unbound.conf and append the following parameters:

    +
    forward-zone:
    +  name: "."
    +  forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
    +  forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
    +
    +

    Restart Unbound:

    +
    +
    +
    +
      docker compose restart unbound-mailcow
    +
    +
    +
    +
      docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    Method B, Override file

    +
    cd /opt/mailcow-dockerized
    +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
    +
    +

    Edit docker-compose.override.yml and adjust the IP.

    +

    Afterwards stop and start the Docker Stack again:

    +
    +
    +
    +
      docker compose down
    +  docker compose up -d
    +
    +
    +
    +
      docker-compose down
    +  docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-31 11:42:41 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/2.5/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html new file mode 100644 index 000000000..83ce9d9fb --- /dev/null +++ b/2.5/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -0,0 +1,2889 @@ + + + + + + + + + + + + + + + + + + Thresholds - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Thresholds

    + +

    Watchdog uses default values for all thresholds defined in docker-compose.yml.

    +

    The default values will work for most setups. +Example: +

    - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
    +- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
    +- REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
    +- MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
    +- MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
    +- SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
    +- POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
    +- CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
    +- DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
    +- DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
    +- PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
    +- RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
    +- FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
    +- ACME_THRESHOLD=${ACME_THRESHOLD:-1}
    +- RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
    +- OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
    +- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
    +- MAILQ_CRIT=${MAILQ_CRIT:-30}
    +

    +

    To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker compose up -d.

    +

    Thresholds descriptions

    +

    NGINX_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    UNBOUND_THRESHOLD

    +

    Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    REDIS_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MYSQL_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MYSQL_REPLICATION_THRESHOLD

    +

    Notifies administrators if the MySQL replication fails.

    +

    SOGO_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    POSTFIX_THRESHOLD

    +

    Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    CLAMD_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    DOVECOT_THRESHOLD

    +

    Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    DOVECOT_REPL_THRESHOLD

    +

    Notifies administrators if the Dovecot replication fails.

    +

    PHPFPM_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    RATELIMIT_THRESHOLD

    +

    Notifies administrators if a ratelimit got hit.

    +

    FAIL2BAN_THRESHOLD

    +

    Notifies administrators if a fail2ban banned an IP.

    +

    ACME_THRESHOLD

    +

    Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs.

    +

    RSPAMD_THRESHOLD

    +

    Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    OLEFY_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MAILQ_CRIT and MAILQ_THRESHOLD

    +

    Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60±30) seconds.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html new file mode 100644 index 000000000..fd96d82ac --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Blacklist / Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Blacklist / Whitelist

    + +

    To add or edit an entry to your domain-wide filter table, log in to your mailcow UI as (domain) administrator and go to: +Configuration > Email Setup > Domains > Edit Domain > Spam Filter.

    +

    Black- and Whitelist Configuration

    +
    +

    Info

    +

    Be aware that a user can override this setting by setting their own blacklist and whitelist!

    +
    +

    There is also a global filter table in Configuration > Configuration & Details > Global filter maps to configure a server wide filter for multiple regex maps (todo: screenshots).

    + +
    +
    + + + Last update: + 2022-02-01 11:34:55 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html new file mode 100644 index 000000000..74573776a --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Configuration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Configuration

    + +

    Several configuration parameters of the mailcow UI can be changed by creating a file data/web/inc/vars.local.inc.php which overrides defaults settings found in data/web/inc/vars.inc.php.

    +

    The local configuration file is persistent over updates of mailcow. Try not to change values inside data/web/inc/vars.inc.php, but use them as template for the local override.

    +

    mailcow UI configuration parameters can be used to...

    +
      +
    • ...change the default language1
    • +
    • ...change the default bootstrap theme
    • +
    • ...set a password complexity regex
    • +
    • ...enable DKIM private key visibility
    • +
    • ...set a pagination trigger size
    • +
    • ...set default mailbox attributes
    • +
    • ...change session lifetimes
    • +
    • ...create fixed app menus (which cannot be changed in mailcow UI)
    • +
    • ...set a default "To" field for relayhost tests
    • +
    • ...set a timeout for Docker API requests
    • +
    • ...toggle IP anonymization
    • +
    +
    +
    +
      +
    1. +

      To change SOGos default language, you will need to edit data/conf/sogo/sogo.conf and replace "English" by your preferred language. 

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html new file mode 100644 index 000000000..09f07d108 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + CSS overrides - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CSS overrides

    + +

    For custom overrides of specific elements via CSS, use data/web/css/build/0081-custom-mailcow.css.

    +

    The file is excluded from tracking and persists over updates.

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html new file mode 100644 index 000000000..87cafc2a2 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html @@ -0,0 +1,2619 @@ + + + + + + + + + + + + + + + + + + WebAuthn / FIDO2 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    WebAuthn / FIDO2

    + +

    How is UV handled in mailcow?

    +

    The UV flag (as in "user verification") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).

    +

    Login and key processing

    +

    mailcow uses client-side key processing. We ask the authenticator (i.e. YubiKey) to save the registration in its memory.

    +

    A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the "key login" via mailcow UI login.

    +

    When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.

    +

    Who can use WebAuthn to login to mailcow?

    +

    As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2.

    +
    +

    You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html new file mode 100644 index 000000000..6b27aed15 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Netfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Netfilter

    + +

    Change Netfilter Ban Settings

    +

    To change the Netfilter settings in general please navigate to: Configuration -> Configuration & Details -> Configuration -> Fail2ban parameters.

    +

    You should now see a familar interface:

    +

    Netfilter ban settings

    +

    Here you can set several options regarding the bans itself. +For example the max. Ban time or the max. attempts before a ban is executed.

    +

    Change Netfilter Regex

    +
    +

    Danger

    +

    The following area requires at least basic regex knowledge.
    +If you are not sure what you are doing there, we can only advise you not to attempt a reconfiguration.

    +
    +

    In addition to the ban settings, you can also define what exactly should be used from the mailcow container logs to ban a possible attacker.

    +

    To do this, you must first expand the regex field, which will look something like this:

    +

    Netfilter Regex

    +

    There you can now create various new filter rules.

    +
    +

    Info

    +

    As updates progress, it is possible that new Netfilter regex rules will be added or removed.
    +If this is the case, it is recommended to reset the Netfilter regex rules by clicking on Reset to default.

    +
    + +
    +
    + + + Last update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html new file mode 100644 index 000000000..0c4328b42 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Pushover - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Pushover

    + +
    +

    Info

    +

    Pushover makes it easy to get real-time notifications on your Android, iPhone, iPad, and Desktop

    +
    +

    You can use Pushover to get a push notification on every mail you receive for each mailbox where you enabled this feature.

    +

    1. As admin open your mailbox' settings and scroll down to the Pushover settings

    +

    2. Register yourself on Pushover

    +

    3. Put your 'User Key' in the 'User/Group Key' field in your mailbox settings

    +

    4. Create an Applications to get the API Token/Key which you also need to put in your mailbox settings

    +

    5. Optional you can edit the notification title/text and define certain sender email addresses where a push notification is triggered

    +

    6. Save everything and then you can verify your credentials

    +

    If everything is done you can test sending a mail and you will receive a push message on your phone

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html new file mode 100644 index 000000000..493ddb777 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Temporary email aliases - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Temporary email aliases

    + +

    These temporary email aliases are mostly used for places where we need to provide an email address but don't want future correspondence with. They are also called spam alias.

    +

    To create, delete or extend a temporary email aliases you need to login to mailcow's UI as a mailbox user and navigate to the tab Temporary email aliases:

    +

    How to set spam- or temporary email aliases in mailcow

    + +
    +
    + + + Last update: + 2022-02-01 11:25:58 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html new file mode 100644 index 000000000..aeaaf4920 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + Spamfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Spamfilter

    + +

    A mailbox user may adjust the spam filter and black- / whitelist settings for his mailbox individually by navigating to the Spam filter tab in the users mailcow UI.

    +

    Where to adjust the users spam, black- and whitelist settings

    +
    +

    Info

    +

    For global adjustments on your spam filter please check our section on Rspamd. +For a domain wide black- and whitelist please check our guide on Black / Whitelist

    +
    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html new file mode 100644 index 000000000..f58ec7ae5 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html @@ -0,0 +1,2602 @@ + + + + + + + + + + + + + + + + + + Sub-addressing - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sub-addressing

    + +

    Mailbox users can tag their mail address like in me+facebook@example.org. They can control the tag handling in the users mailcow UI panel under Mailbox > Settings. +mailcow mail tagging settings

    +

    sub-addressing (RFC 5233) or plus addressing also known as tagging (do not mix with Tags)

    +

    Available Actions

    +

    1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

    +

    2. Prepend the tag to the subject: "[facebook] Subject"

    +

    Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: +

    diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
    +index e047136e..933c4137 100644
    +--- a/data/conf/dovecot/global_sieve_after
    ++++ b/data/conf/dovecot/global_sieve_after
    +@@ -15,7 +15,7 @@ if allof (
    +   envelope :detail :matches "to" "*",
    +   header :contains "X-Moo-Tag" "YES"
    +   ) {
    +-  set :lower :upperfirst "tag" "${1}";
    ++  set "tag" "${1}";
    +   if mailboxexists "INBOX/${1}" {
    +     fileinto "INBOX/${1}";
    +   } else {
    +

    + +
    +
    + + + Last update: + 2022-05-05 21:53:01 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html new file mode 100644 index 000000000..cf79c6742 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html @@ -0,0 +1,2642 @@ + + + + + + + + + + + + + + + + + + Tags (for Domains and Mailboxes) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Tags (for Domains and Mailboxes)

    + +
    +

    Info

    +

    You need the mailcow Version 2022-05 at least for this feature.
    +If you don´t have the Version installed please consider a update.
    +For more informations about a mailcow update please take a look at the Update section here in the docs.

    +
    +

    What are Tags designed for?

    +

    With the Tags you can easily sort your Domains and Mailboxes by the tags instead of their name.

    +

    Where are the Tags located?

    +

    The Tags are located in the Domain/Mailbox section of the mailcow UI. +To view them simply click on the small plus symbol on the left of your Domain/Mailbox (following picture is showing the domain ribbon menu): +Domain/Mailbox Tags Ribbon

    +

    How can i add/remove a Tag?

    +

    You can simply add/remove a Tag during the creation of a new Domain/Mailbox. You also can add/remove them if you edit your desired Domain/Mailbox.

    +

    It looks similar to this (following picture showing the domain edit section):

    +

    Domain/Mailbox Tags

    +

    How can i search for a tag?

    +

    Simply type the Tag Name in the search bar in the Domain/Mailbox Section and wait for it to complete.

    +

    You can even specify if you want to search for tags only.

    + +
    +
    + + + Last update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html new file mode 100644 index 000000000..d90f58908 --- /dev/null +++ b/2.5/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html @@ -0,0 +1,2817 @@ + + + + + + + + + + + + + + + + + + Two-Factor Authentication - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Two-Factor Authentication

    + +

    So far three methods for Two-Factor Authentication are implemented: WebAuthn (replacing U2F since February 2022), Yubi OTP, and TOTP

    +
      +
    • For WebAuthn to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
    • +
    • Both WebAuthn and Yubi OTP work well with the fantastic Yubikey.
    • +
    • While Yubi OTP needs an active internet connection and an API ID + key, WebAuthn will work with any Fido Security Key out of the box, but can only be used when mailcow is accessed over HTTPS.
    • +
    • WebAuthn and Yubi OTP support multiple keys per user.
    • +
    • As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
    • +
    +

    As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.

    +

    The key used to login will be displayed in green, while other keys remain grey.

    +

    Information on how to remove 2FA can be found here.

    +

    Yubi OTP

    +

    The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. +The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.

    +

    Example setup

    +

    First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here

    +

    In the following you configure the YubiKey for OTP. +Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next.

    +

    Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. +So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish.

    +

    Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment.

    +

    After the generation was successful, you will be shown a Client ID and a Secret key, make a note of this information in a safe place.

    +

    Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication. +In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. +Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button.

    +

    Congratulations! You can now log in to the mailcow UI using your YubiKey!

    +
    +

    WebAuthn (U2F, replacement)

    +
    +

    Warning

    +

    Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn.
    +The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh

    +
    +

    To use WebAuthn, the browser must support this standard.

    +

    The following desktop browsers support this authentication type:

    +
      +
    • Edge (>=18)
    • +
    • Firefox (>=60)
    • +
    • Chrome (>=67)
    • +
    • Safari (>=13)
    • +
    • Opera (>=54)
    • +
    +

    The following mobile browsers support this authentication type:

    +
      +
    • Safari on iOS (>=14.5)
    • +
    • Android Browser (>=97)
    • +
    • Opera Mobile (>=64)
    • +
    • Chrome for Android (>=97)
    • +
    +

    Sources: caniuse.com, blog.mozilla.org

    +

    WebAuthn works without an internet connection.

    +

    What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn?

    +
    +

    Warning

    +

    With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol.

    +
    +

    Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator.

    +

    But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore.

    +

    Disable unofficial supported Fido Security Keys

    +

    With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.).

    +

    This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment.

    +

    To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker compose up -d.

    +

    The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates.

    +
    Example:
    +

    If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates. +After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices.

    +

    That´s for every vendor the same, so choose what you like (if you want to).

    +

    Use own certificates for WebAuthn

    +

    If you have a valid certificate from the vendor of your key you can also add it to your mailcow!

    +

    Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow.

    +

    Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.

    +

    Is it dangerous to keep the Vendor Check disabled?

    +

    No, it isn´t! +These vendor certificates are only used to verify original hardware, not to secure the registration process.

    +

    As you can read in these articles, the deactivation is not software security related: +- https://developers.yubico.com/U2F/Attestation_and_Metadata/ +- https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 +- https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01

    +

    In the end, however, it is of course your decision to leave this check disabled or enabled.

    +
    +

    TOTP

    +

    The best known TFA method mostly used with a smartphone.

    +

    To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list.

    +

    Now a modal will open in which you have to type in a name for your 2FA "device" (example: John Deer´s Smartphone) and the password of the affected Admin account (you are currently logged in with).

    +

    You have two seperate methods to register TOTP to your account: +1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. +2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can´t scan a QR Code).

    +

    After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/u_e-80_to_443/index.html b/2.5/en/manual-guides/u_e-80_to_443/index.html new file mode 100644 index 000000000..cd935ff7a --- /dev/null +++ b/2.5/en/manual-guides/u_e-80_to_443/index.html @@ -0,0 +1,2555 @@ + + + + + + + + + + + + + + + + + + Redirect HTTP to HTTPS - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Redirect HTTP to HTTPS

    + +

    Since February the 28th 2017 mailcow does come with port 80 and 443 enabled.

    +

    Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

    +

    Open mailcow.conf and set HTTP_BIND= - if not already set.

    +

    Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

    +
    server {
    +  root /web;
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  include /etc/nginx/conf.d/server_name.active;
    +  if ( $request_uri ~* "%0A|%0D" ) { return 403; }
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +  location / {
    +    return 301 https://$host$uri$is_args$args;
    +  }
    +}
    +
    +

    In case you changed the HTTP_BIND parameter, recreate the container:

    +
    docker compose up -d
    +
    +

    Otherwise restart Nginx:

    +
    docker compose restart nginx-mailcow
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/u_e-autodiscover_config/index.html b/2.5/en/manual-guides/u_e-autodiscover_config/index.html new file mode 100644 index 000000000..03bd2be39 --- /dev/null +++ b/2.5/en/manual-guides/u_e-autodiscover_config/index.html @@ -0,0 +1,2576 @@ + + + + + + + + + + + + + + + + + + Autodiscover / Autoconfig - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Autodiscover / Autoconfig

    + +

    You do not need to change or create this file, autodiscover works out of the box. This guide is only meant for customizations to the autodiscover or autoconfig process.

    +

    Newer Outlook clients (especially those delivered with O365) will not autodiscover mail profiles. +Keep in mind, that ActiveSync should NOT be used with a desktop client.

    +

    Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

    +

    Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

    +
    <?php
    +$autodiscover_config = array(
    +  // General autodiscover service type: "activesync" or "imap"
    +  // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
    +  'autodiscoverType' => 'activesync',
    +  // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows)
    +  // Outlook for Mac does not support ActiveSync
    +  'useEASforOutlook' => 'yes',
    +  // Please don't use STARTTLS-enabled service ports in the "port" variable.
    +  // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services).
    +  // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable.
    +  'imap' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('IMAPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))),
    +  ),
    +  'pop3' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('POPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('POP_PORT'))),
    +  ),
    +  'smtp' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('SMTPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))),
    +  ),
    +  'activesync' => array(
    +    'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync',
    +  ),
    +  'caldav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +  'carddav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +);
    +
    +

    To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

    +

    Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/u_e-reeanble-weak-protocols/index.html b/2.5/en/manual-guides/u_e-reeanble-weak-protocols/index.html new file mode 100644 index 000000000..467e2a18d --- /dev/null +++ b/2.5/en/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Re-enable TLS 1.0 and TLS 1.1 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Re-enable TLS 1.0 and TLS 1.1

    + +

    On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).

    +

    Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

    +

    How to re-enable weak protocols?

    +

    Edit data/conf/postfix/extra.cf:

    +
    submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +
    +

    Edit data/conf/dovecot/extra.conf:

    +
    ssl_min_protocol = TLSv1
    +
    +

    Restart the affected services:

    +
    docker compose restart postfix-mailcow dovecot-mailcow
    +
    +

    Hint: You can enable TLS 1.2 in Windows 7.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/u_e-update-hooks/index.html b/2.5/en/manual-guides/u_e-update-hooks/index.html new file mode 100644 index 000000000..c1864e4ad --- /dev/null +++ b/2.5/en/manual-guides/u_e-update-hooks/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Run scripts before and after updates - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Run scripts before and after updates

    + +

    It is possible to add pre- and post-update-hooks to the update.sh script that upgrades your whole mailcow installation.

    +

    To do so, just add the corresponding bash script into your mailcow root directory:

    +
      +
    • pre_update_hook.sh for commands that should run before the update
    • +
    • post_update_hook.sh for commands that should run after the update is completed
    • +
    +

    Keep in mind that pre_update_hook.sh runs every time you call update.sh and post_update_hook.sh will only run if the update was successful and the script doesn't have to be re-run.

    +

    The scripts will be run by bash, an interpreter (e.g. #!/bin/bash) as well as an execute permission flag ("+x") are not required.

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/manual-guides/u_e-why_unbound/index.html b/2.5/en/manual-guides/u_e-why_unbound/index.html new file mode 100644 index 000000000..f96cd20b6 --- /dev/null +++ b/2.5/en/manual-guides/u_e-why_unbound/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Why unbound? - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Why unbound?

    + +

    For DNS blacklist lookups and DNSSEC.

    +

    Most systems use either a public or a local caching DNS resolver. +That's a very bad idea when it comes to filter spam using DNS-based black hole lists (DNSBL) or similar technics. +Most if not all providers apply a rate limit based on the DNS resolver that is used to query their service. +Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/models/model-acl/index.html b/2.5/en/models/model-acl/index.html new file mode 100644 index 000000000..5dc861a87 --- /dev/null +++ b/2.5/en/models/model-acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + ACL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    ACL

    + +

    Editing a domain administrator or a mailbox user allows to set restrictions to that account.

    +

    Important: For overlapping modules like sync jobs, which both domain administrators and mailbox users can be granted access to, the domain administrators permissions are inherited, when logging in as mailbox user.

    +

    Some examples:

    +

    1.

    +
      +
    • A domain administror has not access to sync jobs but can login as mailbox user
    • +
    • When logging in as mailbox user, he does not gain access to sync jobs, even if the given mailbox user has access when logging in directly
    • +
    +

    2.

    +
      +
    • A domain administror has access to sync jobs and can login as mailbox user
    • +
    • The mailbox user he tries to login as has not access to sync jobs
    • +
    • The domain administrator, now logged in as mailbox user, inherits its permission to the mailbox user and can access sync jobs
    • +
    +

    3.

    +
      +
    • A domain administrator logs in as mailbox user
    • +
    • Every permission, that does not exist in a domain administrators ACL, is automatically granted (example: time-limited alias, TLS policy etc.)
    • +
    + +
    +
    + + + Last update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/models/model-passwd/index.html b/2.5/en/models/model-passwd/index.html new file mode 100644 index 000000000..f52180c0e --- /dev/null +++ b/2.5/en/models/model-passwd/index.html @@ -0,0 +1,2649 @@ + + + + + + + + + + + + + + + + + + Password hashing - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Password hashing

    + +

    Fully supported hashing methods

    +

    The most current mailcow fully supports the following hashing methods. +The default hashing method is written in bold:

    +
      +
    • BLF-CRYPT
    • +
    • SSHA
    • +
    • SSHA256
    • +
    • SSHA512
    • +
    +

    The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value.

    +

    Read-only hashing methods

    +

    The following methods are supported read only. +If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. +With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot.

    +
      +
    • ARGON2I (SOGo compatible)
    • +
    • ARGON2ID (SOGo compatible)
    • +
    • CLEAR
    • +
    • CLEARTEXT
    • +
    • CRYPT (SOGo compatible)
    • +
    • DES-CRYPT
    • +
    • LDAP-MD5 (SOGo compatible)
    • +
    • MD5 (SOGo compatible)
    • +
    • MD5-CRYPT (SOGo compatible)
    • +
    • PBKDF2 (SOGo compatible)
    • +
    • PLAIN (SOGo compatible)
    • +
    • PLAIN-MD4
    • +
    • PLAIN-MD5
    • +
    • PLAIN-TRUNC
    • +
    • SHA (SOGo compatible)
    • +
    • SHA1 (SOGo compatible)
    • +
    • SHA256 (SOGo compatible)
    • +
    • SHA256-CRYPT (SOGo compatible)
    • +
    • SHA512 (SOGo compatible)
    • +
    • SHA512-CRYPT (SOGo compatible)
    • +
    • SMD5 (SOGo compatible)
    • +
    +

    That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database.

    +

    The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords.

    +
    +
    +

    I changed the password hashes in the "mailbox" SQL table and cannot login.

    +
    +

    A "view" needs to be updated. You can trigger this by restarting sogo-mailcow:

    +
    +
    +
    +
    docker compose restart sogo-mailcow
    +
    +
    +
    +
    docker-compose restart sogo-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/models/model-sender_rcv/index.html b/2.5/en/models/model-sender_rcv/index.html new file mode 100644 index 000000000..f6be9bdcf --- /dev/null +++ b/2.5/en/models/model-sender_rcv/index.html @@ -0,0 +1,2611 @@ + + + + + + + + + + + + + + + + + + Sender and receiver model - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sender and receiver model

    + +

    When a mailbox is created, a user is allowed to send mail from and receive mail for his own mailbox address.

    +
    Mailbox me@example.org is created. example.org is a primary domain.
    +Note: a mailbox cannot be created in an alias domain.
    +
    +me@example.org is only known as me@example.org.
    +me@example.org is allowed to send as me@example.org.
    +
    +

    We can add an alias domain for example.org:

    +
    Alias domain alias.com is added and assigned to primary domain example.org.
    +me@example.org is now known as me@example.org and me@alias.com.
    +me@example.org is now allowed to send as me@example.org and me@alias.com.
    +
    +

    We can add aliases for a mailbox to receive mail for and to send from this new address.

    +

    It is important to know, that you are not able to receive mail for my-alias@my-alias-domain.tld. You would need to create this particular alias.

    +
    me@example.org is assigned the alias alias@example.org
    +me@example.org is now known as me@example.org, me@alias.com, alias@example.org
    +
    +me@example.org is NOT known as alias@alias.com.
    +
    +

    Please note that this does not apply to catch-all aliases:

    +
    Alias domain alias.com is added and assigned to primary domain example.org
    +me@example.org is assigned the catch-all alias @example.org
    +me@example.org is still just known as me@example.org, which is the only available send-as option
    +
    +Any email send to alias.com will match the catch-all alias for example.org
    +
    +

    Administrators and domain administrators can edit mailboxes to allow specific users to send as other mailbox users ("delegate" them).

    +

    You can choose between mailbox users or completely disable the sender check for domains.

    +

    SOGo "mail from" addresses

    +

    Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains.

    +

    If you want to select another existing mailbox user as your "mail from" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator +needs to grant you access as described above.

    + +
    +
    + + + Last update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-disable_ipv6/index.html b/2.5/en/post_installation/firststeps-disable_ipv6/index.html new file mode 100644 index 000000000..cda834a53 --- /dev/null +++ b/2.5/en/post_installation/firststeps-disable_ipv6/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + Disable IPv6 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Disable IPv6

    + +

    This is ONLY recommended if you do not have an IPv6 enabled network on your host!

    +

    If you really need to, you can disable the usage of IPv6 in the compose file. +Additionally, you can also disable the startup of container "ipv6nat-mailcow", as it's not needed if you won't use IPv6.

    +

    Instead of editing docker-compose.yml directly, it is preferable to create an override file for it +and implement your changes to the service there. Unfortunately, this right now only seems to work for services, not for network settings.

    +

    To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

    +

    1. Modify docker-compose.yml

    +

    Change enable_ipv6: true to enable_ipv6: false:

    +
    networks:
    +  mailcow-network:
    +    [...]
    +    enable_ipv6: true # <<< set to false
    +    [...]
    +
    +

    2. Disable ipv6nat-mailcow

    +

    To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

    +

    NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

    +
    # cd /opt/mailcow-dockerized
    +# touch docker-compose.override.yml
    +
    +

    Open the file in your favourite text editor and fill in the following:

    +
    version: '2.1'
    +services:
    +
    +    ipv6nat-mailcow:
    +      image: bash:latest
    +      restart: "no"
    +      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
    +
    +

    For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    3. Disable IPv6 in unbound-mailcow

    +

    Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

    +
    server:
    +  [...]
    +  do-ip6: no
    +  [...]
    +
    +

    Restart Unbound:

    +
    +
    +
    +
    docker compose restart unbound-mailcow
    +
    +
    +
    +
    docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    4. Disable IPv6 in postfix-mailcow

    +

    Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

    +
    smtp_address_preference = ipv4
    +inet_protocols = ipv4
    +
    +

    Restart Postfix:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    +

    5. If your docker daemon completly disabled IPv6:

    +

    Fix the following NGINX, Dovecot and php-fpm config files

    +
    sed -i '/::/d' data/conf/nginx/listen_*
    +sed -i '/::/d' data/conf/nginx/templates/listen*
    +sed -i '/::/d' data/conf/nginx/dynmaps.conf
    +sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
    +sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf
    +
    + +
    +
    + + + Last update: + 2022-10-19 15:29:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-dmarc_reporting/index.html b/2.5/en/post_installation/firststeps-dmarc_reporting/index.html new file mode 100644 index 000000000..43f6bbdb7 --- /dev/null +++ b/2.5/en/post_installation/firststeps-dmarc_reporting/index.html @@ -0,0 +1,2861 @@ + + + + + + + + + + + + + + + + + + DMARC Reporting - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    + +
    +
    + + + +
    +
    + + + + + + + + + +

    DMARC Reporting

    + +

    DMARC Reporting done via Rspamd DMARC Module.

    +

    Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html

    +

    Important:

    +
      +
    1. +

      Change example.com, mail.example.com and Example to reflect your setup

      +
    2. +
    3. +

      DMARC reporting requires additional attention, especially over the first few days

      +
    4. +
    5. +

      All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your MAILCOW_HOSTNAME:

      +
        +
      • If your MAILCOW_HOSTNAME is mail.example.com change the following config to domain = "example.com";
      • +
      • Set email equally, e.g. email = "noreply-dmarc@example.com";
      • +
      +
    6. +
    7. +

      It is optional but recommended to create an email user noreply-dmarc in mailcow to handle bounces.

      +
    8. +
    +

    Enable DMARC reporting

    +

    Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    domain = 'example.com';
    +    org_name = 'Example';
    +    helo = 'rspamd';
    +    smtp = 'postfix';
    +    smtp_port = 25;
    +    from_name = 'Example DMARC Report';
    +    msgid_from = 'rspamd.mail.example.com';
    +    max_entries = 2k;
    +    keys_expire = 2d;
    +}
    +
    +

    Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

    +
    version: '2.1'
    +
    +services:
    +  rspamd-mailcow:
    +    environment:
    +      - MASTER=${MASTER:-y}
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "@every 24h"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +  ofelia-mailcow:
    +    depends_on:
    +      - rspamd-mailcow
    +
    +

    Start the mailcow stack with:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Send a copy reports to yourself

    +

    To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
    +[...]
    +
    +

    Rspamd will load changes in real time, so you won't need to restart the container at this point.

    +

    This can be useful if you...

    +
      +
    • ...want to check that your DMARC reports are sent correctly and authenticated.
    • +
    • ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
    • +
    +

    Troubleshooting

    +

    Check when the report schedule last ran:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    See the latest report output:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    Manually trigger a DMARC report:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    +

    Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in.

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    +

    Take one of the lines from output you interested in and request it, f.e.:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    +

    Change DMARC reporting frequency

    +

    In the example above reports are sent once every 24 hours and send reports for yesterday. This will be okay for most setups.

    +

    If you have a large mail volume and want to run the DMARC reporting more than once a day you need create second schedule and run it with dmarc_report $(date '+%Y%m%d') to process the current day. You have to make sure that the first run on each day also processes the last report from the day before, so it needs to be started twice, one time with $(date --date yesterday '+%Y%m%d') at 0 5 0 * * * (00:05 AM) and then with $(date '+%Y%m%d') with desired interval.

    +

    The Ofelia schedule has the same implementation as cron in Go, supported syntax described at cron Documentation

    +

    To change schedule:

    +
      +
    1. Edit docker-compose.override.yml:
    2. +
    +
    version: '2.1'
    +
    +services:
    +  rspamd-mailcow:
    +    environment:
    +      - MASTER=${MASTER:-y}
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "0 5 0 * * *"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +      ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: "@every 12h"
    +      ofelia.job-exec.rspamd_dmarc_reporting_today.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +  ofelia-mailcow:
    +    depends_on:
    +      - rspamd-mailcow
    +
    +
      +
    1. +

      Restart the desired containers with:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    2. +
    3. +

      Restart the ofelia container only:

      +
      +
      +
      +
      docker compose restart ofelia-mailcow
      +
      +
      +
      +
      docker-compose restart ofelia-mailcow
      +
      +
      +
      +
      +
    4. +
    +

    Disable DMARC Reporting

    +

    To disable reporting:

    +
      +
    1. +

      Set enabled to false in data/conf/rspamd/local.d/dmarc.conf

      +
    2. +
    3. +

      Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow

      +
    4. +
    5. +

      Restart the desired containers with:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    6. +
    + +
    +
    + + + Last update: + 2022-11-09 01:01:48 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-ip_bindings/index.html b/2.5/en/post_installation/firststeps-ip_bindings/index.html new file mode 100644 index 000000000..ea754da72 --- /dev/null +++ b/2.5/en/post_installation/firststeps-ip_bindings/index.html @@ -0,0 +1,2682 @@ + + + + + + + + + + + + + + + + + + IP bindings - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    IP bindings

    + +
    +

    Warning

    +

    Changing the binding does not affect source NAT. See SNAT for required steps.

    +
    +

    IPv4 binding

    +

    To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

    +
    # For technical reasons, http bindings are a bit different from other service bindings.
    +# You will find the following variables, separated by a bind address and its port:
    +# Example: HTTP_BIND=1.2.3.4
    +
    +HTTP_PORT=80
    +HTTP_BIND=
    +HTTPS_PORT=443
    +HTTPS_BIND=
    +
    +# Other services are bound by using the following format:
    +# SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25
    +# Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x.
    +# doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing.
    +
    +SMTP_PORT=25
    +SMTPS_PORT=465
    +SUBMISSION_PORT=587
    +IMAP_PORT=143
    +IMAPS_PORT=993
    +POP_PORT=110
    +POPS_PORT=995
    +SIEVE_PORT=4190
    +DOVEADM_PORT=127.0.0.1:19991
    +SQL_PORT=127.0.0.1:13306
    +SOLR_PORT=127.0.0.1:18983
    +
    +

    To apply your changes, run:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    IPv6 binding

    +

    Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

    +

    A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

    +

    Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

    +

    An example IPv6 2001:db8:dead:beef::123 is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

    +
    version: '2.1'
    +services:
    +
    +    dovecot-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:143:143'
    +        - '[2001:db8:dead:beef::123]:993:993'
    +        - '[2001:db8:dead:beef::123]:110:110'
    +        - '[2001:db8:dead:beef::123]:995:995'
    +        - '[2001:db8:dead:beef::123]:4190:4190'
    +
    +    postfix-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:25:25'
    +        - '[2001:db8:dead:beef::123]:465:465'
    +        - '[2001:db8:dead:beef::123]:587:587'
    +
    +    nginx-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:80:80'
    +        - '[2001:db8:dead:beef::123]:443:443'
    +
    +

    To apply your changes, run the commands below:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-local_mta/index.html b/2.5/en/post_installation/firststeps-local_mta/index.html new file mode 100644 index 000000000..e85f183b9 --- /dev/null +++ b/2.5/en/post_installation/firststeps-local_mta/index.html @@ -0,0 +1,2545 @@ + + + + + + + + + + + + + + + + + + Local MTA on Docker host - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Local MTA on Docker host

    + +

    The easiest option would be to disable the listener on port 25/tcp.

    +

    Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: +

    #smtp      inet  n       -       -       -       -       smtpd
    +

    +

    Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

    +
    postconf -e 'relayhost = 172.22.1.1'
    +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
    +postconf -e "inet_interfaces = loopback-only"
    +postconf -e "relay_transport = relay"
    +postconf -e "default_transport = smtp"
    +
    +

    Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

    +

    "172.22.1.1" is the mailcow created network gateway in Docker. +Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

    +

    Restart Postfix after applying your changes.

    + +
    +
    + + + Last update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-logging/index.html b/2.5/en/post_installation/firststeps-logging/index.html new file mode 100644 index 000000000..be76e273e --- /dev/null +++ b/2.5/en/post_installation/firststeps-logging/index.html @@ -0,0 +1,2800 @@ + + + + + + + + + + + + + + + + + + Logging - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logging

    + +

    Logging in mailcow: dockerized consists of multiple stages, but is, after all, much more flexible and easier to integrate into a logging daemon than before.

    +

    In Docker the containerized application (PID 1) writes its output to stdout. For real one-application containers this works just fine. +Run the command below to learn more:

    +
    +
    +
    +
    docker compose logs --help
    +
    +
    +
    +
    docker-compose logs --help
    +
    +
    +
    +
    +

    Some containers log or stream to multiple destinations.

    +

    No container will keep persistent logs in it. Containers are transient items!

    +

    In the end, every line of logs will reach the Docker daemon - unfiltered.

    +

    The default logging driver is "json".

    +

    Filtered logs

    +

    Some logs are filtered and written to Redis keys but also streamed to a Redis channel.

    +

    The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow.

    +

    The Redis keys are persistent and will keep 10000 lines of logs for the web UI.

    +

    This mechanism makes it possible to use whatever Docker logging driver you want to, without losing +the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow.

    +

    Redis keys will only hold logs from applications and filter out system messages (think of cron etc.).

    +

    Logging drivers

    +

    Via docker-compose.override.yml

    +

    Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease.

    +

    Create a docker-compose.override.yml and add, for example, this block to use the "gelf" logging plugin for postfix-mailcow:

    +
    version: '2.1'
    +services:
    +  postfix-mailcow: # or any other
    +    logging:
    +      driver: "gelf"
    +      options:
    +        gelf-address: "udp://graylog:12201"
    +
    +

    Another example for Syslog:

    +
    version: '2.1'
    +services:
    +
    +  postfix-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  dovecot-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  rspamd-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +
    For Rsyslog only:
    +

    Make sure the following lines aren't commented out in /etc/rsyslog.conf:

    +
    # provides UDP syslog reception
    +module(load="imudp")
    +input(type="imudp" port="514")
    +
    +

    To move local3 input to /var/log/mailcow.log and stop processing, create a file /etc/rsyslog.d/docker.conf:

    +
    local3.*        /var/log/mailcow.log
    +& stop
    +
    +

    Restart rsyslog afterwards.

    +

    via daemon.json (globally)

    +

    If you want to change the logging driver globally, edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service:

    +
    {
    +...
    +  "log-driver": "gelf",
    +  "log-opts": {
    +    "gelf-address": "udp://graylog:12201"
    +  }
    +...
    +}
    +
    +

    For Syslog:

    +
    {
    +...
    +  "log-driver": "syslog",
    +  "log-opts": {
    +    "syslog-address": "udp://1.2.3.4:514"
    +  }
    +...
    +}
    +
    +

    Restart the Docker daemon and run the commands below to recreate the containers with the new logging driver:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    Log rotation

    +

    As those logs can get quite big, it is a good idea to use logrotate to compress and delete them after a certain time period.

    +

    Create /etc/logrotate.d/mailcow with the following content:

    +
    /var/log/mailcow.log {
    +        rotate 7
    +        daily
    +        compress
    +        delaycompress
    +        missingok
    +        notifempty
    +        create 660 root root
    +}
    +
    +

    With this configuration, logrotate will run daily and keep a maximum of 7 archives.

    +

    To rotate the logfile weekly or monthly replace daily with weekly or monthly respectively.

    +

    To keep more archives, set the desired number of rotate.

    +

    Afterwards, logrotate can be restarted.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-rp/index.html b/2.5/en/post_installation/firststeps-rp/index.html new file mode 100644 index 000000000..d6ed15886 --- /dev/null +++ b/2.5/en/post_installation/firststeps-rp/index.html @@ -0,0 +1,2954 @@ + + + + + + + + + + + + + + + + + + Reverse Proxy - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Reverse Proxy

    + +

    You don't need to change the Nginx site that comes with mailcow: dockerized. +mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

    +

    1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: +

    HTTP_BIND=127.0.0.1
    +HTTP_PORT=8080
    +HTTPS_BIND=127.0.0.1
    +HTTPS_PORT=8443
    +

    +

    This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

    +

    IMPORTANT: Do not use port 8081, 9081 or 65510!

    +

    Recreate affected containers by running docker compose up -d.

    +

    Important information, please read them carefully!

    +
    +

    Info

    +

    If you plan to use a reverse proxy and want to use another server name that is not MAILCOW_HOSTNAME, you need to read Adding additional server names for mailcow UI at the bottom of this page.

    +
    +
    +

    Warning

    +

    Make sure you run generate_config.sh before you enable any site configuration examples below. +The script generate_config.sh copies snake-oil certificates to the correct location, so the services will not fail to start due to missing files.

    +
    +
    +

    Warning

    +

    If you enable TLS SNI (ENABLE_TLS_SNI in mailcow.conf), the certificate paths in your reverse proxy must match the correct paths in data/assets/ssl/{hostname}. The certificates will be split into data/assets/ssl/{hostname1,hostname2,etc} and therefore will not work when you copy the examples from below pointing to data/assets/ssl/cert.pem etc.

    +
    +
    +

    Info

    +

    Using the site configs below will forward ACME requests to mailcow and let it handle certificates itself. +The downside of using mailcow as ACME client behind a reverse proxy is, that you will need to reload your webserver after acme-mailcow changed/renewed/created the certificate. You can either reload your webserver daily or write a script to watch the file for changes. +On many servers logrotate will reload the webserver daily anyway.

    +

    If you want to use a local certbot installation, you will need to change the SSL certificate parameters accordingly. +Make sure you run a post-hook script when you decide to use external ACME clients. You will find an example at the bottom of this page.

    +
    +

    2. Configure your local webserver as reverse proxy:

    +

    Apache 2.4

    +

    Required modules: +

    a2enmod rewrite proxy proxy_http headers ssl
    +

    +

    Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

    +

    Take care of highlighted lines.

    +
    <VirtualHost *:80>
    +  ServerName CHANGE_TO_MAILCOW_HOSTNAME
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +  RewriteEngine on
    +
    +  RewriteCond %{HTTPS} off
    +  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
    +
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "http"
    +</VirtualHost>
    +<VirtualHost *:443>
    +  ServerName CHANGE_TO_MAILCOW_HOSTNAME
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +
    +  # You should proxy to a plain HTTP session to offload SSL processing
    +  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
    +  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "https"
    +
    +  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
    +  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
    +
    +  # If you plan to proxy to a HTTPS host:
    +  #SSLProxyEngine On
    +
    +  # If you plan to proxy to an untrusted HTTPS host:
    +  #SSLProxyVerify none
    +  #SSLProxyCheckPeerCN off
    +  #SSLProxyCheckPeerName off
    +  #SSLProxyCheckPeerExpire off
    +</VirtualHost>
    +
    +

    Nginx

    +

    Let's Encrypt will follow our rewrite, certificate requests will work fine.

    +

    Take care of highlighted lines.

    +
    server {
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
    +  return 301 https://$host$request_uri;
    +}
    +server {
    +  listen 443 ssl http2;
    +  listen [::]:443 ssl http2;
    +  server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
    +
    +  ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
    +  ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
    +  ssl_session_timeout 1d;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_tickets off;
    +
    +  # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations
    +  # An example config is given below
    +  ssl_protocols TLSv1.2;
    +  ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
    +  ssl_prefer_server_ciphers off;
    +
    +  location /Microsoft-Server-ActiveSync {
    +    proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_connect_timeout 75;
    +    proxy_send_timeout 3650;
    +    proxy_read_timeout 3650;
    +    proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo
    +    client_body_buffer_size 512k;
    +    client_max_body_size 0;
    +  }
    +
    +  location / {
    +    proxy_pass http://127.0.0.1:8080/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update
    +  # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537
    +    proxy_buffer_size 128k;
    +    proxy_buffers 64 512k;
    +    proxy_busy_buffers_size 512k;
    +  }
    +}
    +
    +

    HAProxy (community supported)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

    +
    frontend https-in
    +  bind :::443 v4v6 ssl crt mailcow.pem
    +  default_backend mailcow
    +
    +backend mailcow
    +  option forwardfor
    +  http-request set-header X-Forwarded-Proto https if { ssl_fc }
    +  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    +  server mailcow 127.0.0.1:8080 check
    +
    +

    Traefik v2 (community supported)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    Important: This config only covers the "reverseproxing" of the webpannel (nginx-mailcow) using Traefik v2, if you also want to reverseproxy the mail services such as dovecot, postfix... you'll just need to adapt the following config to each container and create an EntryPoint on your traefik.toml or traefik.yml (depending which config you use) for each port.

    +

    For this section we'll assume you have your Traefik 2 [certificatesresolvers] properly configured on your traefik configuration file, and also using acme, also, the following example uses Lets Encrypt, but feel free to change it to your own cert resolver. You can find a basic Traefik 2 toml config file with all the above implemented which can be used for this example here traefik.toml if you need one, or a hint on how to adapt your config.

    +

    So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. +For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker compose up -d to apply the changes.

    +

    Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

    +
    version: '2.1'
    +
    +services:
    +    nginx-mailcow:
    +      networks:
    +        # Add Traefik's network
    +        web:
    +      labels:
    +        - traefik.enable=true
    +        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
    +        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
    +        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
    +        # Enables tls over the router we created before.
    +        - traefik.http.routers.moo.tls=true
    +        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
    +        - traefik.http.routers.moo.tls.certresolver=le
    +        # Creates a service called "moo" for the container, and specifies which internal port of the container
    +        #   should traefik route the incoming data to.
    +        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
    +        # Specifies which entrypoint (external port) should traefik listen to, for this container.
    +        #   websecure being port 443, check the traefik.toml file liked above.
    +        - traefik.http.routers.moo.entrypoints=websecure
    +        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
    +        - traefik.docker.network=web
    +
    +    certdumper:
    +        image: humenius/traefik-certs-dumper
    +    command: --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1
    +        network_mode: none
    +        volumes:
    +          # Mount the volume which contains Traefik's `acme.json' file
    +          #   Configure the external name in the volume definition
    +          - acme:/traefik:ro
    +          # Mount mailcow's SSL folder
    +          - ./data/assets/ssl/:/output:rw
    +          # Mount docker socket to restart containers
    +          - /var/run/docker.sock:/var/run/docker.sock:ro
    +        restart: always
    +        environment:
    +          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
    +          - DOMAIN=${MAILCOW_HOSTNAME}
    +
    +networks:
    +  web:
    +    external: true
    +    # Name of the external network
    +    name: traefik_web
    +
    +volumes:
    +  acme:
    +    external: true
    +    # Name of the external docker volume which contains Traefik's `acme.json' file
    +    name: traefik_acme
    +
    +

    Start the new containers with docker compose up -d.

    +

    Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

    +

    This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

    +

    You can use the command line to run it, or use the docker compose shown here.

    +

    After we have the certs dumped, we'll have to reload the configs from our postfix and dovecot containers, and check the certs, you can see how here.

    +

    Aaand that should be it 😊, you can check if the Traefik router works fine trough Traefik's dashboard / traefik logs / accessing the setted domain trough https, or / and check HTTPS, SMTP and IMAP trough the commands shown on the page linked before.

    +

    Caddy v2 (supported by the community)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    The configuration of Caddy with mailcow is very simple.

    +

    In the caddyfile you just have to create a section for the mailserver.

    +

    For example +

    MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME {
    +        log {
    +                output file /var/log/caddy/MAILCOW_HOSTNAME.log {
    +                        roll_disabled
    +                        roll_size 512M
    +                        roll_uncompressed
    +                        roll_local_time
    +                        roll_keep 3
    +                        roll_keep_for 48h
    +                }
    +        }
    +
    +        reverse_proxy 127.0.0.1:HTTP_BIND
    +}
    +

    +

    This allows Caddy to automatically create the certificates and accept traffic for these mentioned domains and forward them to mailcow.

    +

    Important: The ACME client of mailcow must be disabled, otherwise mailcow will fail.

    +

    Since Caddy takes care of the certificates itself, we can use the following script to include the Caddy generated certificates into mailcow:

    +
    #!/bin/bash
    +MD5SUM_CURRENT_CERT=($(md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem))
    +MD5SUM_NEW_CERT=($(md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt))
    +
    +if [ $MD5SUM_CURRENT_CERT != $MD5SUM_NEW_CERT ]; then
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +        postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +        dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +        nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +        docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +
    +else
    +        echo "Certs not copied from Caddy (Not needed)"
    +fi
    +
    +
    +

    Attention

    +

    Caddy's certificate path varies depending on the installation type.
    +In this installation example, Caddy was installed using the Caddy repo (more informations here).
    +
    +To find out the Caddy certificate path on your system, just run a find / -name "certificates".

    +
    +

    This script could be called as a cronjob every hour:

    +
    0 * * * * /bin/bash /path/to/script/deploy-certs.sh  >/dev/null 2>&1
    +
    +

    Optional: Post-hook script for non-mailcow ACME clients

    +

    Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. +Make sure you change the paths accordingly: +

    #!/bin/bash
    +cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +

    +

    Adding additional server names for mailcow UI

    +

    If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Run docker compose up -d to apply.

    + +
    +
    + + + Last update: + 2022-11-03 16:35:20 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-rspamd_ui/index.html b/2.5/en/post_installation/firststeps-rspamd_ui/index.html new file mode 100644 index 000000000..dd9b51792 --- /dev/null +++ b/2.5/en/post_installation/firststeps-rspamd_ui/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Rspamd UI - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Rspamd UI

    + +

    Rspamd is an easy to use spam filtering tool presently installed with mailcow.

    +
      +
    1. Go to the mailcow web admin interface
    2. +
    3. Navigate to the Access tab. (Access > Rspamd UI)
    4. +
    5. Modify the Rspamd UI password
    6. +
    7. Go to https://${MAILCOW_HOSTNAME}/rspamd in a browser and log in!
    8. +
    +

    Additional configuration options and documentation can be found here : https://rspamd.com/webui/

    + +
    +
    + + + Last update: + 2022-01-29 23:04:38 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-snat/index.html b/2.5/en/post_installation/firststeps-snat/index.html new file mode 100644 index 000000000..8d04055c6 --- /dev/null +++ b/2.5/en/post_installation/firststeps-snat/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + SNAT - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    SNAT

    + +

    SNAT is used to change the source address of the packets sent by mailcow. +It can be used to change the outgoing IP address on systems with multiple IP addresses.

    +

    Open mailcow.conf, set either or both of the following parameters:

    +
    # Use this IPv4 for outgoing connections (SNAT)
    +SNAT_TO_SOURCE=1.2.3.4
    +
    +# Use this IPv6 for outgoing connections (SNAT)
    +SNAT6_TO_SOURCE=dead:beef
    +
    +

    Run docker compose up -d.

    +

    The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

    +

    Check the output of docker compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-ssl/index.html b/2.5/en/post_installation/firststeps-ssl/index.html new file mode 100644 index 000000000..2e4849d3b --- /dev/null +++ b/2.5/en/post_installation/firststeps-ssl/index.html @@ -0,0 +1,2867 @@ + + + + + + + + + + + + + + + + + + Advanced SSL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Advanced SSL

    + +

    Let's Encrypt (out-of-the-box)

    +

    The "acme-mailcow" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN.

    +
    +

    Warning

    +

    mailcow must be available on port 80 for the acme-client to work. Our reverse proxy example configurations do cover that. You can also use any external ACME client (certbot for example) to obtain certificates, but you will need to make sure, that they are copied to the correct location and a post-hook reloads affected containers. See more in the Reverse Proxy documentation.

    +
    +

    By default, which means 0 domains are added to mailcow, it will try to obtain a certificate for ${MAILCOW_HOSTNAME}.

    +

    For each domain you add, it will try to resolve autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN to its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. If it succeeds, a name will be added as SAN to the certificate request.

    +

    Only names that can be validated, will be added as SAN.

    +

    For every domain you remove, the certificate will be moved and a new certificate will be requested. It is not possible to keep domains in a certificate, when we are not able validate the challenge for those.

    +

    If you want to re-run the ACME client, use docker compose restart acme-mailcow and monitor its logs with docker compose logs --tail=200 -f acme-mailcow.

    +

    Additional domain names

    +

    Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

    +

    Do not use quotes (") and do not use spaces between the names!

    +
    ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
    +
    +

    Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

    +

    A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

    +

    Run docker compose up -d to recreate affected containers automatically.

    +
    +

    Info

    +

    Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

    +
    +

    If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Run docker compose up -d to apply.

    +

    Force renewal

    +

    To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

    +
    cd /opt/mailcow-dockerized
    +touch data/assets/ssl/force_renew
    +docker compose restart acme-mailcow
    +# Now check the logs for a renewal
    +docker compose logs --tail=200 -f acme-mailcow
    +
    +

    The file will be deleted automatically.

    +

    Validation errors and how to skip validation

    +

    You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

    +

    If you encounter problems with "HTTP validation", but your IP address confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from br-mailcow to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You'd need to stop mailcow (docker compose down), stop the firewall service, flush the chains and restart Docker.

    +

    You can also skip this validation method by setting SKIP_HTTP_VERIFICATION=y in "mailcow.conf". Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration. If you encounter problems generating TLSA records in the DNS overview within mailcow, you are most likely having issues with NAT reflection you should fix.

    +

    If you changed a SKIP_* parameter, run docker compose up -d to apply your changes.

    +

    Disable Let's Encrypt

    +

    Disable Let's Encrypt completely

    +

    Set SKIP_LETS_ENCRYPT=y in "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +

    Skip all names but ${MAILCOW_HOSTNAME}

    +

    Add ONLY_MAILCOW_HOSTNAME=y to "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +

    The Let's Encrypt subjectAltName limit of 100 domains

    +

    Let's Encrypt currently has a limit of 100 Domain Names per Certificate.

    +

    By default, "acme-mailcow" will create a single SAN certificate for all validated domains +(see the first section and Additional domain names). +This provides best compatibility but means the Let's Encrypt limit exceeds if you add too many domains to a single mailcow installation.

    +

    To solve this, you can configure ENABLE_SSL_SNI to generate:

    +
      +
    • A main server certificate with MAILCOW_HOSTNAME and all fully qualified domain names in the ADDITIONAL_SAN config
    • +
    • One additional certificate for each domain found in the database with autodiscover., autoconfig. and any other ADDITIONAL_SAN configured in this format (subdomain.*).
    • +
    • Limitations: A certificate name ADDITIONAL_SAN=test.example.com will be added as SAN to the main certificate. A separate certificate/key pair will not be generated for this format.
    • +
    +

    Postfix, Dovecot and Nginx will then serve these certificates with SNI.

    +

    Set ENABLE_SSL_SNI=y in "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +
    +

    Warning

    +

    Not all clients support SNI, see Dovecot documentation or Wikipedia. +You should make sure these clients use the MAILCOW_HOSTNAME for secure connections if you enable this feature.

    +
    +

    Here is an example:

    +
      +
    • MAILCOW_HOSTNAME=server.email.tld
    • +
    • ADDITIONAL_SAN=webmail.email.tld,mail.*
    • +
    • Mailcow email domains: "domain1.tld" and "domain2.tld"
    • +
    +

    The following certificates will be generated:

    +
      +
    • server.email.tld, webmail.email.tld -> this is the default certificate, all clients can connect with these domains
    • +
    • mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individual certificate for domain1.tld, cannot be used by clients without SNI support
    • +
    • mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individual certificate for domain2.tld, cannot be used by clients without SNI support
    • +
    +

    How to use your own certificate

    +

    Make sure you disable mailcows internal LE client (see above).

    +

    To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

    +

    IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

    +

    Restart affected services afterwards:

    +
    docker restart $(docker ps -qaf name=postfix-mailcow)
    +docker restart $(docker ps -qaf name=nginx-mailcow)
    +docker restart $(docker ps -qaf name=dovecot-mailcow)
    +
    +

    See Post-hook script for non-mailcow ACME clients for a full example script.

    +

    Test against staging ACME directory

    +

    Edit mailcow.conf and add LE_STAGING=y.

    +

    Run docker compose up -d to activate your changes.

    +

    Custom directory URL

    +

    Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

    +
    DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
    +
    +

    You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

    +

    Run docker compose up -d to activate your changes.

    +

    Check your configuration

    +

    Run docker compose logs acme-mailcow to find out why a validation fails.

    +

    To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

    +

    To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

    +
    # Connect via SMTP (587)
    +echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
    +# Connect via IMAP (143)
    +echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
    +# Connect via HTTPS (443)
    +echo "Q" | openssl s_client -connect mx.mailcow.email:443
    +
    +

    To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

    +
    cd /opt/mailcow-dockerized
    +bash helper-scripts/expiry-dates.sh
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/post_installation/firststeps-sync_jobs_migration/index.html b/2.5/en/post_installation/firststeps-sync_jobs_migration/index.html new file mode 100644 index 000000000..d9c073078 --- /dev/null +++ b/2.5/en/post_installation/firststeps-sync_jobs_migration/index.html @@ -0,0 +1,2612 @@ + + + + + + + + + + + + + + + + + + Sync job migration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sync job migration

    + +

    Sync jobs are used to copy or move existing emails from an external IMAP server or within mailcow's existing mailboxes.

    +
    +

    Info

    +

    Depending on your mailbox's ACL you may not have the option to add a sync job. Please contact your domain administrator if so.

    +
    +

    Setup a Sync Job

    +
      +
    1. +

      In the "Configuration > Mail Setup" or "User Settings" interface, create a new sync job.

      +
    2. +
    3. +

      If you are an administrator, select the username of the downstream mailcow mailbox in the "Username" dropdown.

      +
    4. +
    5. +

      Fill in the "Host" and "Port" fields with their respective correct values from the upstream IMAP server.

      +
    6. +
    7. +

      In the "Username" and "Password" fields, supply the correct access credentials from the upstream IMAP server.

      +
    8. +
    9. +

      Select the "Encryption Method". If the upstream IMAP server uses port 143, it is likely that the encryption method is TLS and SSL for port 993. Nevertheless, you can use PLAIN authentication, but it is stongly discouraged.

      +
    10. +
    11. +

      For all ther other fields, you can leave them as is or modify them as desired.

      +
    12. +
    13. +

      Make sure to tick "Active" and click "Add".

      +
    14. +
    +
    +

    Info

    +

    Once Completed, log into the mailbox and check if all emails are imported correctly. If all goes well, all your mails shall end up in your new mailbox. And don't forget to delete or deactivate the sync job after it is used.

    +
    + +
    +
    + + + Last update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/prerequisite/prerequisite-dns/index.html b/2.5/en/prerequisite/prerequisite-dns/index.html new file mode 100644 index 000000000..8846a43cc --- /dev/null +++ b/2.5/en/prerequisite/prerequisite-dns/index.html @@ -0,0 +1,2823 @@ + + + + + + + + + + + + + + + + + + DNS setup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    DNS setup

    + +

    Below you can find a list of recommended DNS records. While some are mandatory for a mail server (A, MX), others are recommended to build a good reputation score (TXT/SPF) or used for auto-configuration of mail clients (SRV).

    +

    References

    + +

    Reverse DNS of your IP address

    +

    Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1. This record is usually set at the provider you leased the IP address (server) from.

    +

    The minimal DNS configuration

    +

    This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly.

    +
    # Name              Type       Value
    +mail                IN A       1.2.3.4
    +autodiscover        IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +autoconfig          IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +@                   IN MX 10   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +
    +

    Note: The mail DNS record which binds the subdomain to the given ip address must only be set for the domain on which mailcow is running and that is used to access the web interface. For every other mailcow managed domain, the MX record will route the traffic.

    +

    DKIM, SPF and DMARC

    +

    In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("~all"). Please refer to SPF Project for further reading.

    +
    # Name              Type       Value
    +@                   IN TXT     "v=spf1 mx a -all"
    +
    +

    It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading.

    +
    # Name              Type       Value
    +dkim._domainkey     IN TXT     "v=DKIM1; k=rsa; t=s; s=email; p=..."
    +
    +

    The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant (check).

    +
    # Name              Type       Value
    +_dmarc              IN TXT     "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
    +
    +

    The advanced DNS configuration

    +

    SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to RFC 2782.

    +
    # Name              Type       Priority Weight Port    Value
    +_autodiscover._tcp  IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_caldavs._tcp       IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_caldavs._tcp       IN TXT                              "path=/SOGo/dav/"
    +_carddavs._tcp      IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_carddavs._tcp      IN TXT                              "path=/SOGo/dav/"
    +_imap._tcp          IN SRV     0        1      143      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_imaps._tcp         IN SRV     0        1      993      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_pop3._tcp          IN SRV     0        1      110      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_pop3s._tcp         IN SRV     0        1      995      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_sieve._tcp         IN SRV     0        1      4190     mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_smtps._tcp         IN SRV     0        1      465      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_submission._tcp    IN SRV     0        1      587      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +
    +

    Testing

    +

    Here are some tools you can use to verify your DNS configuration:

    + +

    Misc

    +

    Optional DMARC Statistics

    +

    If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own.

    +
    +

    Tip

    +

    It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports.

    +
    +

    It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools available, but only a small few of the many choices.

    + +
    +

    Tip

    +

    These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.

    +
    +

    Email test for SPF, DKIM and DMARC:

    +

    To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following:

    +
    ==========================================================
    +Summary of Results
    +==========================================================
    +SPF check:          pass
    +"iprev" check:      pass
    +DKIM check:         pass
    +DKIM check:         pass
    +SpamAssassin check: ham
    +
    +==========================================================
    +Details:
    +==========================================================
    +....
    +
    +

    The full report will contain more technical details.

    +

    Fully Qualified Domain Name (FQDN)

    +
    +
    +
      +
    1. +

      A Fully Qualified Domain Name (FQDN) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname, the domain name, and the Top Level Domain (TLD for short). In the example of mx.mailcow.email the hostname would be mx, the domain name mailcow and the TLD email

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-05-20 17:31:36 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/prerequisite/prerequisite-system/index.html b/2.5/en/prerequisite/prerequisite-system/index.html new file mode 100644 index 000000000..9653c7f50 --- /dev/null +++ b/2.5/en/prerequisite/prerequisite-system/index.html @@ -0,0 +1,2976 @@ + + + + + + + + + + + + + + + + + + Prepare your system - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Prepare your system

    + +

    Before you run mailcow: dockerized, there are a few requirements that you should check:

    +
    +

    Warning

    +

    Do not try to install mailcow on a Synology/QNAP device (any NAS), OpenVZ, LXC or other container platforms. KVM, ESX, Hyper-V and other full virtualization platforms are supported.

    +
    +
    +

    Info

    +
      +
    • mailcow: dockerized requires some ports to be open for incoming connections, so make sure that your firewall is not blocking these.
    • +
    • Make sure that no other application is interfering with mailcow's configuration, such as another mail service
    • +
    • A correct DNS setup is crucial to every good mailserver setup, so please make sure you got at least the basics covered before you begin!
    • +
    • Make sure that your system has a correct date and time setup. This is crucial for various components like two factor TOTP authentication.
    • +
    +
    +

    Minimum System Resources

    +
    +

    Not supported

    +

    OpenVZ, Virtuozzo and LXC

    +
    +

    Please make sure that your system has at least the following resources:

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    Resourcemailcow: dockerized
    CPU1 GHz
    RAMMinimum 6 GiB + 1 GiB swap (default config)
    Disk20 GiB (without emails)
    System Typex86_64
    +

    ClamAV and Solr can be greedy with RAM. You may disable them in mailcow.conf by settings SKIP_CLAMD=y and SKIP_SOLR=y.

    +
    +

    Info

    +

    We are aware that a pure MTA can run on 128 MiB RAM. mailcow is a full-grown and ready-to-use groupware with many extras making life easier. mailcow comes with a webserver, webmailer, ActiveSync (MS), antivirus, antispam, indexing (Solr), document scanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, various web services etc.

    +
    +

    A single SOGo worker can acquire ~350 MiB RAM before it gets purged. The more ActiveSync connections you plan to use, the more RAM you will need. A default configuration spawns 20 workers.

    +

    RAM usage examples

    +

    A company with 15 phones (EAS enabled) and about 50 concurrent IMAP connections should plan 16 GiB RAM.

    +

    6 GiB RAM + 1 GiB swap are fine for most private installations while 8 GiB RAM are recommended for ~5 to 10 users.

    +

    We can help to correctly plan your setup as part of our support.

    +

    Supported OS

    +

    Basically, mailcow can be used on any distribution that is supported by Docker CE (see https://docs.docker.com/install/). +However, in some cases there may be incompatibilities between the operating systems and the mailcow components.

    +

    The following table contains all operating systems officially supported and tested by us (as of November 2022):

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    OSCompatibility
    Alpine 3.16 and older⚠️
    Centos 7
    Debian 10, 11
    Ubuntu 18.04, 20.04, 22.04
    Rocky Linux 9
    +
    +

    Legend

    ✅ = Works out of the box using the instructions.
    +⚠️ = Requires some manual adjustments otherwise usable.
    +❌ = In general NOT Compatible.
    +❔ = Pending.

    +

    +
    +

    Note: All other operating systems (not mentioned) may also work, but have not been officially tested.

    +

    Firewall & Ports

    +

    Please check if any of mailcow's standard ports are open and not in use by other applications:

    +
    ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +# or:
    +netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +
    +
    +

    Danger

    +

    There are several problems with running mailcow on a firewalld/ufw enabled system.
    +You should disable it (if possible) and move your ruleset to the DOCKER-USER chain, which is not cleared by a Docker service restart, instead.
    +See this (blog.donnex.net) or this (unrouted.io) guide for information about how to use iptables-persistent with the DOCKER-USER chain.
    +As mailcow runs dockerized, INPUT rules have no effect on restricting access to mailcow.
    +Use the FORWARD chain instead.

    +
    +

    If this command returns any results please remove or stop the application running on that port. You may also adjust mailcows ports via the mailcow.conf configuration file.

    +

    Default Ports

    +

    If you have a firewall in front of mailcow, please make sure that these ports are open for incoming connections:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ServiceProtocolPortContainerVariable
    Postfix SMTPTCP25postfix-mailcow${SMTP_PORT}
    Postfix SMTPSTCP465postfix-mailcow${SMTPS_PORT}
    Postfix SubmissionTCP587postfix-mailcow${SUBMISSION_PORT}
    Dovecot IMAPTCP143dovecot-mailcow${IMAP_PORT}
    Dovecot IMAPSTCP993dovecot-mailcow${IMAPS_PORT}
    Dovecot POP3TCP110dovecot-mailcow${POP_PORT}
    Dovecot POP3STCP995dovecot-mailcow${POPS_PORT}
    Dovecot ManageSieveTCP4190dovecot-mailcow${SIEVE_PORT}
    HTTP(S)TCP80/443nginx-mailcow${HTTP_PORT} / ${HTTPS_PORT}
    +

    To bind a service to an IP address, you can prepend the IP like this: SMTP_PORT=1.2.3.4:25

    +

    Important: You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use HTTP_PORT=1234 and HTTP_BIND=1.2.3.4 instead.

    +

    Important for Hetzner firewalls

    +

    Quoting https://github.com/chermsen via https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (THANK YOU!):

    +

    For all who are struggling with the Hetzner firewall:

    +

    Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. +Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied:

    +

    For TCP +

    SRC-IP:       ---
    +DST IP:       ---
    +SRC Port:    ---
    +DST Port:    1024-65535
    +Protocol:    tcp
    +TCP flags:   ack
    +Action:      Accept
    +

    +

    For UDP +

    SRC-IP:       ---
    +DST IP:       ---
    +SRC Port:    ---
    +DST Port:    1024-65535
    +Protocol:    udp
    +Action:      Accept
    +

    +

    If you want to apply a more restrictive port range you have to change the config of unbound first (after installation):

    +

    {mailcow-dockerized}/data/conf/unbound/unbound.conf: +

    outgoing-port-avoid: 0-32767
    +

    +

    Now the firewall rules can be adjusted as follows:

    +
    [...]
    +DST Port:  32768-65535
    +[...]
    +
    +

    Date and Time

    +

    To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status:

    +
    $ timedatectl status
    +      Local time: Sat 2017-05-06 02:12:33 CEST
    +  Universal time: Sat 2017-05-06 00:12:33 UTC
    +        RTC time: Sat 2017-05-06 00:12:32
    +       Time zone: Europe/Berlin (CEST, +0200)
    +     NTP enabled: yes
    +NTP synchronized: yes
    + RTC in local TZ: no
    +      DST active: yes
    + Last DST change: DST began at
    +                  Sun 2017-03-26 01:59:59 CET
    +                  Sun 2017-03-26 03:00:00 CEST
    + Next DST change: DST ends (the clock jumps one hour backwards) at
    +                  Sun 2017-10-29 02:59:59 CEST
    +                  Sun 2017-10-29 02:00:00 CET
    +
    +

    The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized.

    +

    To enable NTP you need to run the command timedatectl set-ntp true. You also need to edit your /etc/systemd/timesyncd.conf:

    +
    # vim /etc/systemd/timesyncd.conf
    +[Time]
    +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
    +
    +

    Hetzner Cloud (and probably others)

    +

    Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0:

    +
    # Wrong:
    +auto eth0:0
    +iface eth0:0 inet6 static
    +# Right:
    +auto eth0
    +iface eth0 inet6 static
    +
    +

    Reboot or restart the interface. +You may want to disable cloud-init network changes.

    +

    MTU

    +

    Especially relevant for OpenStack users: Check your MTU and set it accordingly in docker-compose.yml. See Troubleshooting in our Installation guide.

    + +
    +
    + + + Last update: + 2022-11-03 12:00:08 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/borgmatic/third_party-borgmatic/index.html b/2.5/en/third_party/borgmatic/third_party-borgmatic/index.html new file mode 100644 index 000000000..a9093a9c9 --- /dev/null +++ b/2.5/en/third_party/borgmatic/third_party-borgmatic/index.html @@ -0,0 +1,3045 @@ + + + + + + + + + + + + + + + + + + Borgmatic Backup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Borgmatic Backup

    +

    Introduction

    +

    Borgmatic is a great way to run backups on your Mailcow setup as it securely encrypts your data and is extremely easy to +set up.

    +

    Due to it's deduplication capabilities you can store a great number of backups without wasting large amounts of disk +space. This allows you to run backups in very short intervals to ensure minimal data loss when the need arises to +recover data from a backup.

    +

    This document guides you through the process to enable continuous backups for mailcow with borgmatic. The borgmatic +functionality is provided by the borgmatic Docker image. Check out +the README in that repository to find out about the other options (such as push notifications) that are available. +This guide only covers the basics.

    +

    Setting up borgmatic

    +

    Create or amend docker-compose.override.yml

    +

    In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following +configuration:

    +
    version: '2.1'
    +
    +services:
    +  borgmatic-mailcow:
    +    image: ghcr.io/borgmatic-collective/borgmatic
    +    hostname: mailcow
    +    restart: always
    +    dns: ${IPV4_NETWORK:-172.22.1}.254
    +    volumes:
    +      - vmail-vol-1:/mnt/source/vmail:ro
    +      - crypt-vol-1:/mnt/source/crypt:ro
    +      - redis-vol-1:/mnt/source/redis:ro,z
    +      - rspamd-vol-1:/mnt/source/rspamd:ro,z
    +      - postfix-vol-1:/mnt/source/postfix:ro,z
    +      - mysql-socket-vol-1:/var/run/mysqld/:z
    +      - borg-config-vol-1:/root/.config/borg:Z
    +      - borg-cache-vol-1:/root/.cache/borg:Z
    +      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
    +      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
    +    environment:
    +      - TZ=${TZ}
    +      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
    +    networks:
    +      mailcow-network:
    +        aliases:
    +          - borgmatic
    +
    +volumes:
    +  borg-cache-vol-1:
    +  borg-config-vol-1:
    +
    +

    Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing.

    +

    For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove +the ro flag prior to restoring the data. This is described in the section on restoring backups.

    +

    Create data/conf/borgmatic/etc/config.yaml

    +

    Next, we need to create the borgmatic configuration.

    +
    source mailcow.conf
    +cat <<EOF > data/conf/borgmatic/etc/config.yaml
    +location:
    +    source_directories:
    +        - /mnt/source
    +    repositories:
    +        - ssh://user@rsync.net:22/./mailcow
    +    exclude_patterns:
    +        - '/mnt/source/postfix/public/'
    +        - '/mnt/source/postfix/private/'
    +        - '/mnt/source/rspamd/rspamd.sock'
    +
    +retention:
    +    keep_hourly: 24
    +    keep_daily: 7
    +    keep_weekly: 4
    +    keep_monthly: 6
    +    prefix: ""
    +
    +hooks:
    +    mysql_databases:
    +        - name: ${DBNAME}
    +          username: ${DBUSER}
    +          password: ${DBPASS}
    +          options: --default-character-set=utf8mb4
    +EOF
    +
    +

    Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf.

    +

    This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for +a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is +all you should need to restore your mailcow setup after an incident. The retention settings will keep one archive for +each hour of the past 24 hours, one per day of the week, one per week of the month and one per month of the past half +year.

    +

    Check the borgmatic documentation on how to use other types of repositories or +configuration options. If you choose to use a local filesystem as a backup destination make sure to mount it into the +container. The container defines a volume called /mnt/borg-repository for this purpose.

    +
    +

    Note

    +

    If you do not use rsync.net you can most likely drop the remote_path element from your config.

    +
    +

    Create a crontab

    +

    Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content:

    +
    14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1
    +
    +

    This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past +the hour and log some nice stats at the end.

    +

    Place SSH keys in folder

    +

    Place the SSH keys you intend to use for remote repository connections in data/conf/borgmatic/ssh. OpenSSH expects the +usual id_rsa, id_ed25519 or similar to be in this directory. Ensure the file is chmod 600 and not world readable +or OpenSSH will refuse to use the SSH key.

    +

    Bring up the container

    +

    For the next step we need the container to be up and running in a configured state. To do that run:

    +
    docker compose up -d
    +
    +

    Initialize the repository

    +

    By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being +initialized.

    +

    To initialize the repository run:

    +
    docker compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
    +
    +

    You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm +the prompt by entering yes. The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE +environment variable earlier.

    +

    When using any of the repokey encryption methods the encryption key will be stored in the repository itself and not on +the client, so there is no further action required in this regard. If you decide to use a keyfile instead of +a repokey make sure you export the key and back it up separately. Check the Exporting Keys section +for how to retrieve the key.

    +

    Restart container

    +

    Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined +state:

    +
    docker compose restart borgmatic-mailcow
    +
    +

    Restoring from a backup

    +

    Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have +any custom data in your maildir or your mailcow database.

    +

    Restore maildir

    +
    +

    Warning

    +

    Doing this will overwrite files in your maildir! Do not run this unless you actually intend to recover mail +files from a backup.

    +
    +
    +

    If you use SELinux in Enforcing mode

    +

    If you are using mailcow on a host with SELinux in Enforcing mode you will have to temporarily disable it during +extraction of the archive as the mailcow setup labels the vmail volume as private, belonging to the dovecot container +exclusively. SELinux will (rightfully) prevent any other container, such as the borgmatic container, from writing to +this volume.

    +
    +

    Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing +the ro flag from the volume. +Then you can use the following command to restore the maildir from a backup:

    +
    docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
    +
    +

    Alternatively you can specify any archive name from the list of archives (see +Listing all available archives)

    +

    Restore MySQL

    +
    +

    Warning

    +

    Running this command will delete and recreate the mailcow database! Do not run this unless you actually +intend to recover the mailcow database from a backup.

    +
    +

    To restore the MySQL database from the latest archive use this command:

    +
    docker compose exec borgmatic-mailcow borgmatic restore --archive latest
    +
    +

    Alternatively you can specify any archive name from the list of archives (see +Listing all available archives)

    +

    After restoring

    +

    After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to +re-enable it.

    +

    To restart mailcow use the follwing command:

    +
    docker compose down && docker compose up -d
    +
    +

    If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may +take a while if you have lots of files.

    +

    Useful commands

    +

    Manual archiving run (with debugging output)

    +
    docker compose exec borgmatic-mailcow borgmatic -v 2
    +
    +

    Listing all available archives

    +
    docker compose exec borgmatic-mailcow borgmatic list
    +
    +

    Break lock

    +

    When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any +new operations can be performed:

    +
    docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
    +
    +

    Where user@rsync.net:mailcow is the URI to your repository.

    +

    Now would be a good time to do a manual archiving run to ensure it can be successfully performed.

    +

    Exporting keys

    +

    When using any of the keyfile methods for encryption you MUST take care of backing up the key files yourself. The +key files are generated when you initialize the repository. The repokey methods store the key file within the +repository, so a manual backup isn't as essential.

    +

    Note that in either case you also must have the passphrase to decrypt any archives.

    +

    To fetch the keyfile run:

    +
    docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
    +
    +

    Where user@rsync.net:mailcow is the URI to your repository.

    + +
    +
    + + + Last update: + 2022-11-04 14:12:24 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/checkmk/u_e-checkmk/index.html b/2.5/en/third_party/checkmk/u_e-checkmk/index.html new file mode 100644 index 000000000..4aa27bdab --- /dev/null +++ b/2.5/en/third_party/checkmk/u_e-checkmk/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + CheckMK - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CheckMK

    + +

    Mailcow provides the ability to check for updates using its own update script.

    +

    If you want to check for mailcow updates using checkmk, you can create an executable file in the local directory of the checkmk agent (typically /usr/lib/check_mk_agent/local/) with the name mailcow_update and the following content:

    +
    #!/bin/bash
    +cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null
    +status=$?
    +if [ $status -eq 3 ]; then
    +  echo "0 \"mailcow_update\" mailcow_update=0;1;;0;1 No updates available."
    +elif [ $status -eq 0 ]; then
    +  echo "1 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +else
    +  echo "3 \"mailcow_update\" - Unknown output from update script ..."
    +fi
    +exit
    +
    +

    If the mailcow installation directory is not /opt/, adjust this in the 2nd line.

    +

    After that re-inventory the services for your mailcow host in checmk and a new check named mailcow_update should be selectable.

    +

    This will run the mailcow_update everytime checkmk agent is checked, you can cache the result by placing the script in a subfolder named the number of seconds you wish to cache it. \ +/usr/lib/check_mk_agent/local/3600/ will cache the response for an 3600 seconds (1 hour).

    +

    Screenshots

    +

    No updates available

    +

    If there are no updates available, OK is displayed.

    +

    No update available

    +

    New updates available

    +

    If updates are available, WARN is displayed.

    +

    Updates available

    +

    If CRIT is desired instead, replace the 7th line with the following:

    +
      echo "2 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +
    +

    Detailed check output

    +

    Long check output

    +
      +
    • This provides a link to mailcow's GitHub commits, if updates are available.
    • +
    • Metrics are also displayed ( not only when updates are available):
    • +
    • 0 = No updates available
    • +
    • 1 = New updates available
    • +
    + +
    +
    + + + Last update: + 2022-11-04 21:38:16 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/exchange_onprem/third_party-exchange_onprem/index.html b/2.5/en/third_party/exchange_onprem/third_party-exchange_onprem/index.html new file mode 100644 index 000000000..e31c4ac56 --- /dev/null +++ b/2.5/en/third_party/exchange_onprem/third_party-exchange_onprem/index.html @@ -0,0 +1,2688 @@ + + + + + + + + + + + + + + + + + + Exchange Hybrid Setup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Exchange Hybrid Setup

    + +

    Using Microsoft Exchange in a hybrid setup is possible with mailcow. With this setup you can add mailboxes on your mailcow and still use Exchange Online Protection. +All mailboxes setup in Exchange will receive their mails as usual, while with the hybrid approach additional Mailboxes can be setup in mailcow without any further configuration.

    +

    This setup becomes very handy if you have enabled the Office 365 security defaults and third party applications can no longer login into your mailboxes by any of the supported methods.

    +

    Requirements

    +
      +
    • The mx Record of your domain needs to point at the Exchange mail service. Log into your Admin center and look out for the dns settings of your domain to find your personalized gateway domain. It should look like this contoso-com.mail.protection.outlook.com. Contact your domain registrant to get further information on how to change mx record.
    • +
    • The domain you want to have additional mailboxes for must be setup as internal relay domain in Exchange.
        +
      1. Log in to your Exchange Admin Center
      2. +
      3. Select the mail flow pane and click on accepted domains
      4. +
      5. Select the domain and switch it from authorative to internal relay
      6. +
      +
    • +
    +

    Set up the mailcow

    +

    Your mailcow needs to relay all mails to your personalized Exchange Host. It is the same host address we already looked up for the mx Record.

    +
      +
    1. Add the domain to your mailcow
    2. +
    3. Add your personalized Exchange Host address as relayhost
    4. +
    5. Add your personalized Exchange Host address as forwarding host to unconditionally accepted all relayed mails from Exchange. (Admin > Configuration & Details > Configuration Dropdown > Forwarding Hosts)
    6. +
    7. Go to the domain settings and select the newly added host on the Sender-dependent transports dropdown. Enable relaying by ticking the Relay this domain, Relay all recipients and the Relay non-existing mailboxes only. checkboxes
    8. +
    +
    +

    Info

    +

    From now on your mailcow will accept all mails relayed from Exchange. The inbound filtering and so the neural learning of your cow will no longer work. Because all mails are routed through Exchange the filtering process is handled there.

    +
    +

    Set up Connectors in Exchange

    +

    All mail traffic now goes through Exchange. At this point the Exchange Online Protection already filters all incoming and outgoing mails. Now we need to set up two connectors to relay incoming mails from our Exchange Service to the mailcow and another one to allow mails relayed from the mailcow to our exchange service. You can follow the official guide from Microsoft.

    +
    +

    Warning

    +

    For the connector that handles mails from your mailcow to Exchange Microsoft offers two ways of authenticating it. The recommended way is to use a tls certificate configured with a subject name that matches an accepted domain in Exchange. Otherwise you need to choose authentication with the static ip address of your mailcow.

    +
    +

    Validating

    +

    The easiest way to validate the hybrid setup is by sending a mail from the internet to a mailbox that only exists on the mailcow and vice versa.

    +

    Common Issues

    +
      +
    • The connector validation from Exchange to your mailcow failed with 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup
      +Possible Solution: Your domain is not set up as internal relay. Exchange therefore cannot find the recipient
    • +
    • Mails sent from the mailcow to a mailbox in the internet cannot be sent. Non Delivery Report with error 550 5.7.64 TenantAttribution; Relay Access Denied
      +Possible Solution: The authentication method failed. Make sure the certificate subject matches an accepted domain in Exchange. Try authenticating by static ip instead.
    • +
    +

    Microsoft Guide for the connector setup and additional requirements: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment

    + +
    +
    + + + Last update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/gitea/third_party-gitea/index.html b/2.5/en/third_party/gitea/third_party-gitea/index.html new file mode 100644 index 000000000..0a1ab6db7 --- /dev/null +++ b/2.5/en/third_party/gitea/third_party-gitea/index.html @@ -0,0 +1,2568 @@ + + + + + + + + + + + + + + + + + + Gitea - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gitea

    + +

    With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

    +

    1. Open docker-compose.override.yml and add gitea:

    +
    version: '2.1'
    +services:
    +
    +        gitea-mailcow:
    +            image: gitea/gitea:1
    +            volumes:
    +                - ./data/gitea:/data
    +            networks:
    +                mailcow-network:
    +                    aliases:
    +                        - gitea
    +            ports:
    +                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Create data/conf/nginx/site.gitea.custom, add: +

    location /gitea/ {
    +        proxy_pass http://gitea:3000/;
    +}
    +

    +

    3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

    +
    GITEA_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Run docker compose up -d to bring up the gitea container and run docker compose restart nginx-mailcow afterwards.

    +

    6. If you forced mailcow to https, execute step 9 and restart gitea with docker compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

    +

    7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

    +

    8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

    +

    9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
    +ROOT_URL = https://mx.example.org/gitea/
    +
    +

    10. Restart gitea with docker compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/gogs/third_party-gogs/index.html b/2.5/en/third_party/gogs/third_party-gogs/index.html new file mode 100644 index 000000000..44aaaecb3 --- /dev/null +++ b/2.5/en/third_party/gogs/third_party-gogs/index.html @@ -0,0 +1,2567 @@ + + + + + + + + + + + + + + + + + + Gogs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gogs

    + +

    With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

    +

    1. Open docker-compose.override.yml and add Gogs:

    +
    version: '2.1'
    +services:
    +
    +    gogs-mailcow:
    +      image: gogs/gogs
    +      volumes:
    +        - ./data/gogs:/data
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - gogs
    +      ports:
    +        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Create data/conf/nginx/site.gogs.custom, add: +

    location /gogs/ {
    +    proxy_pass http://gogs:3000/;
    +}
    +

    +

    3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

    +
    GOGS_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Run docker compose up -d to bring up the Gogs container and run docker compose restart nginx-mailcow afterwards.

    +

    6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

    +

    7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

    +

    8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
    +ROOT_URL = https://mx.example.org/gogs/
    +
    +

    9. Restart Gogs with docker compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/mailman3/third_party-mailman3/index.html b/2.5/en/third_party/mailman3/third_party-mailman3/index.html new file mode 100644 index 000000000..d01fad3a5 --- /dev/null +++ b/2.5/en/third_party/mailman3/third_party-mailman3/index.html @@ -0,0 +1,3170 @@ + + + + + + + + + + + + + + + + + + Mailman 3 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installing mailcow and Mailman 3 based on dockerized versions

    +
    +

    Info

    +

    This guide is a copy from dockerized-mailcow-mailman. Please post issues, questions and improvements in the issue tracker there.

    +
    +
    +

    Warning

    +

    mailcow is not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity!

    +
    +

    Introduction

    +

    This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve mailcow and Mailman in their own installations for independent updates.

    +

    There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of:

    + +

    After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends.

    +

    The operating system used is an Ubuntu 20.04 LTS.

    +

    Installation

    +

    This guide is based on different steps:

    +
      +
    1. DNS setup
    2. +
    3. Install Apache as a reverse proxy
    4. +
    5. Obtain SSL certificates with Let's Encrypt
    6. +
    7. Install mailcow with Mailman integration
    8. +
    9. Install Mailman
    10. +
    11. 🏃 Run
    12. +
    +

    DNS setup

    +

    Most of the configuration is covered by mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org that points to the same server:

    +
    # Name    Type       Value
    +lists     IN A       1.2.3.4
    +lists     IN AAAA    dead:beef
    +
    +

    Install Apache as a reverse proxy

    +

    Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.

    +

    Activate certain Apache modules (as root or sudo):

    +
    a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
    +
    +

    Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.

    +

    vHost configuration

    +

    Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available).

    +

    Change in mailcow.conf: +- MAILCOW_HOSTNAME to your MAILCOW_HOSTNAME

    +

    Change in mailman.conf: +- MAILMAN_DOMAIN to your Mailman domain (e.g. lists.example.org)

    +

    Don't activate the configuration, as the ssl certificates and directories are missing yet.

    +

    Obtain SSL certificates with Let's Encrypt

    +

    Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox:

    + +

    Install certbot (as root or sudo):

    +
    apt install certbot
    +
    +

    Get the desired certificates (as root or sudo):

    +
    certbot certonly -d MAILCOW_HOSTNAME
    +certbot certonly -d MAILMAN_DOMAIN
    +
    +

    Install mailcow with Mailman integration

    +

    Install mailcow

    +

    Follow the mailcow installation. Omit step 5 and do not pull and up with docker compose!

    +

    Configure mailcow

    +

    This is also Step 4 in the official mailcow installation (nano mailcow.conf). So change to your needs and alter the following variables:

    +
    HTTP_PORT=18080            # don't use 8080 as mailman needs it
    +HTTP_BIND=127.0.0.1        #
    +HTTPS_PORT=18443           # you may use 8443
    +HTTPS_BIND=127.0.0.1       #
    +
    +SKIP_LETS_ENCRYPT=y        # reverse proxy will do the SSL termination
    +
    +SNAT_TO_SOURCE=1.2.3.4     # change this to your IPv4
    +SNAT6_TO_SOURCE=dead:beef  # change this to your global IPv6
    +
    +

    Add Mailman integration

    +

    Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano) and add the following lines:

    +

    version: '2.1'
    +
    +services:
    +  postfix-mailcow:
    +    volumes:
    +      - /opt/mailman:/opt/mailman
    +    networks:
    +      - docker-mailman_mailman
    +
    +networks:
    +  docker-mailman_mailman:
    +    external: true
    +
    +The additional volume is used by Mailman to generate additional config files for mailcow postfix. The external network is build and used by Mailman. mailcow needs it to deliver incoming list mails to Mailman.

    +

    Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano) and add the following lines:

    +

    # mailman
    +
    +recipient_delimiter = +
    +unknown_local_recipient_reject_code = 550
    +owner_request_special = no
    +
    +local_recipient_maps =
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp,
    +  proxy:unix:passwd.byname,
    +  $alias_maps
    +virtual_mailbox_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +transport_maps =
    +  pcre:/opt/postfix/conf/custom_transport.pcre,
    +  pcre:/opt/postfix/conf/local_transport,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +relay_domains =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_domains
    +relay_recipient_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +
    +As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.

    +

    SSL certificates

    +

    As we proxying mailcow, we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us:

    +
      +
    • Copy the file to /opt/mailcow-dockerized
    • +
    • Change mailcow_HOSTNAME to your mailcow hostname
    • +
    • Make it executable (chmod a+x renew-ssl.sh)
    • +
    • Do not run it yet, as we first need Mailman
    • +
    +

    You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:

    +
    crontab -e
    +
    +

    To run the script every day at 5am, add:

    +
    0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
    +
    +

    Install Mailman

    +

    Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:

    +

    As root or sudo:

    +
    cd /opt
    +mkdir -p mailman/core
    +mkdir -p mailman/web
    +git clone https://github.com/maxking/docker-mailman
    +cd docker-mailman
    +
    +

    Configure Mailman

    +

    Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as HYPERKITTY_KEY.

    +

    Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this password for a moment as DBPASS.

    +

    Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as DJANGO_KEY.

    +

    Create the file /opt/docker-mailman/docker compose.override.yaml and replace HYPERKITTY_KEY, DBPASS and DJANGO_KEY with the generated values:

    +
    version: '2'
    +
    +services:
    +  mailman-core:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - MTA=postfix
    +    restart: always
    +    networks:
    +      - mailman
    +
    +  mailman-web:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - SECRET_KEY=DJANGO_KEY
    +    - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org
    +    - MAILMAN_ADMIN_USER=admin # the admin user
    +    - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address
    +    - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
    +    restart: always
    +
    +  database:
    +    environment:
    +    - POSTGRES_PASSWORD=DBPASS
    +    restart: always
    +
    +

    At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL. You need the admin credentials to log into the web interface (Postorius). For setting the password for the first time use the Forgot password function in the web interface.

    +

    About other configuration options read Mailman-web and Mailman-core documentation.

    +

    Configure Mailman core and Mailman web

    +

    Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

    +
    [mailman]
    +default_language: de
    +site_owner: mailman@example.org
    +
    +

    Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

    +

    # locale
    +LANGUAGE_CODE = 'de-de'
    +
    +# disable social authentication
    +MAILMAN_WEB_SOCIAL_AUTH = []
    +
    +# change it
    +DEFAULT_FROM_EMAIL = 'mailman@example.org'
    +
    +DEBUG = False
    +
    +You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs.

    +

    🏃 Run

    +

    Run (as root or sudo)

    +
    a2ensite mailcow.conf
    +a2ensite mailman.conf
    +systemctl restart apache2
    +
    +cd /opt/docker-mailman
    +docker compose pull
    +docker compose up -d
    +
    +cd /opt/mailcow-dockerized/
    +docker compose pull
    +./renew-ssl.sh
    +
    +

    Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.

    +

    Remarks

    +

    New lists aren't recognized by postfix instantly

    +

    When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually:

    +
    cd /opt/mailcow-dockerized
    +docker compose restart postfix-mailcow
    +
    +

    Update

    +

    mailcow has it's own update script in /opt/mailcow-dockerized/update.sh, see the docs.

    +

    For Mailman just fetch the newest version from the github repository.

    +

    Backup

    +

    mailcow has an own backup script. Read the docs for further informations.

    +

    Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.

    +

    ToDo

    +

    install script

    +

    Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable.

    +
      +
    1. Ask for all the configuration variables and create passwords and keys.
    2. +
    3. Do a (semi-)automatic installation.
    4. +
    5. Have fun!
    6. +
    + +
    +
    + + + Last update: + 2022-10-20 15:33:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/mailpiler/third_party-mailpiler_integration/index.html b/2.5/en/third_party/mailpiler/third_party-mailpiler_integration/index.html new file mode 100644 index 000000000..358b2c0a1 --- /dev/null +++ b/2.5/en/third_party/mailpiler/third_party-mailpiler_integration/index.html @@ -0,0 +1,2692 @@ + + + + + + + + + + + + + + + + + + Mailpiler Integration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mailpiler Integration

    + +

    This is a simple integration of mailcow aliases and the mailbox name into mailpiler when using IMAP authentication.

    +

    Disclaimer: This is not officially maintained nor supported by the mailcow project nor its contributors. No warranty or support is being provided, however you're free to open issues on GitHub for filing a bug or provide further ideas. GitHub repo can be found here.

    +
    +

    Info

    +

    Support for domain wildcards were implemented in Piler 1.3.10 which was released on 03.01.2021. Prior versions basically do work, but after logging in you won't see emails sent from or to the domain alias. (e.g. when @example.com is an alias for admin@example.com)

    +
    +

    The problem to solve

    +

    mailpiler offers the authentication based on IMAP, for example:

    +
    $config['ENABLE_IMAP_AUTH'] = 1;
    +$config['IMAP_HOST'] = 'mail.example.com';
    +$config['IMAP_PORT'] =  993;
    +$config['IMAP_SSL'] = true;
    +
    +
      +
    • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
    • +
    • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
    • +
    +

    By hooking into the authentication process of mailpiler, we are able to get required data via the mailcow API during login. This fires API requests to the mailcow API (requiring read-only API access) to read out the aliases your email address participates and also the "Name" of the mailbox specified to display it on the top-right of mailpiler after login.

    +

    Permitted email addresses can be seen in the mailpiler settings top-right after logging in.

    +
    +

    Info

    +

    This is only pulled once during the authentication process. The authorized aliases and the realname are valid for the whole duration of the user session as mailpiler sets them in the session data. If user is removed from specific alias, this will only take effect after next login.

    +
    +

    The solution

    +

    Note: File paths might vary depending on your setup.

    +

    Requirements

    + +
    +

    Warning

    +

    As mailpiler authenticates against mailcow, our IMAP server, failed logins of users or bots might trigger a block for your mailpiler instance. Therefore you might want to consider whitelisting the IP address of the mailpiler instance within mailcow: Configuration & Details - Configuration - Fail2ban parameters - Whitelisted networks/hosts.

    +
    +

    Setup

    +
      +
    1. +

      Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

      +
      $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
      +$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
      +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
      +include('auth-mailcow.php');
      +
      +

      You can also change the mailcow hostname, if required: +

      $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
      +

      +
    2. +
    3. +

      Download the PHP file with the functions from the GitHub repo:

      +
      curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
      +
      +
    4. +
    5. +

      Done!

      +
    6. +
    +

    Make sure to re-login with your IMAP credentials for changes to take effect.

    +

    If it doesn't work, most likely something's wrong with the API query itself. Consider debugging by sending manual API requests to the API. (Tip: Open https://mail.domain.tld/api on your instance)

    + +
    +
    + + + Last update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/nextcloud/third_party-nextcloud/index.html b/2.5/en/third_party/nextcloud/third_party-nextcloud/index.html new file mode 100644 index 000000000..d4381c27b --- /dev/null +++ b/2.5/en/third_party/nextcloud/third_party-nextcloud/index.html @@ -0,0 +1,2727 @@ + + + + + + + + + + + + + + + + + + Nextcloud - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Nextcloud

    + +

    Manage Nextcloud using the helper script

    +

    Nextcloud can be set up (parameter -i) and removed (parameter -p) with the helper script included with mailcow. In order to install Nextcloud simply navigate to your mailcow-dockerized root folder and run the helper script as follows:

    +

    ./helper-scripts/nextcloud.sh -i

    +

    In case you have forgotten the password (e.g. for admin) and can't request a new one via the password reset link on the login screen calling the helper script with -r as parameter allows you to set a new password. Only use this option if your Nextcloud isn't configured to use mailcow for authentication as described in the next section.

    +

    In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker compose up -d to apply. For more informaton refer to: Advanced SSL.

    +

    Background jobs

    +

    To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
    +      ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
    +
    +

    After adding these lines the docker compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to + pick up the new job definition by executing docker compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command + docker compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

    +

    By adding these lines the background jobs will be executed every 5 minutes. To verify that the execution works correctly, the only way is to see it in the basic + settings when logged in as an admin in Nextcloud. If everything is correct the first scheduled execution will change the background jobs processing setting to + (X) Cron and the timestamp after Last job ran will be updated every 5 minutes.

    +

    Configure Nextcloud to use mailcow for authentication

    +

    The following describes how set up authentication via mailcow using the OAuth2 protocol. We will only assume that you have already set up Nextcloud at cloud.example.com and that your mailcow is running at mail.example.com. It does not matter if your Nextcloud is running on a different server, you can still use mailcow for authentication.

    +

    1. Log into mailcow as administrator.

    +

    2. Scroll down to OAuth2 Apps and click the Add button. Specify the redirect URI as https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow and click Add. Save the client ID and secret for later.

    +
    +

    Info

    +

    Some installations, including those setup using the helper script of mailcow, need to remove index.php/ from the URL to get a successful redirect: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow

    +
    +

    3. Log into Nextcloud as administrator.

    +

    4. Click the button in the top right corner and select Apps. Click the search button in the toolbar, search for the Social Login plugin and click Download and enable next to it.

    +

    5. Click the button in the top right corner and select Settings. Scroll down to the Administration section on the left and click Social login.

    +

    6. Uncheck the following items:

    +
      +
    • "Disable auto create new users"
    • +
    • "Allow users to connect social logins with their accounts"
    • +
    • "Do not prune not available user groups on login"
    • +
    • "Automatically create groups if they do not exists"
    • +
    • "Restrict login for users without mapped groups"
    • +
    +

    7. Check the following items:

    +
      +
    • "Prevent creating an account if the email address exists in another account"
    • +
    • "Update user profile every login"
    • +
    • "Disable notify admins about new users"
    • +
    +

    Click the Save button.

    +

    8. Scroll down to Custom OAuth2 and click the + button. +9. Configure the parameters as follows:

    +
      +
    • Internal name: Mailcow
    • +
    • Title: Mailcow
    • +
    • API Base URL: https://mail.example.com
    • +
    • Authorize URL: https://mail.example.com/oauth/authorize
    • +
    • Token URL: https://mail.example.com/oauth/token
    • +
    • Profile URL: https://mail.example.com/oauth/profile
    • +
    • Logout URL: (leave blank)
    • +
    • Client ID: (what you obtained in step 1)
    • +
    • Client Secret: (what you obtained in step 1)
    • +
    • Scope: profile
    • +
    +

    Click the Save button at the very bottom of the page.

    +
    +

    If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

    +

    1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. +2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): +

    INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
    +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
    +

    +
    +

    If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

    +

    1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): +

    INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
    +

    +
    +

    Update

    +

    The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. +It shows which commands have to be executed, these have to be placed in the php-fpm-mailcow container.

    +

    As an an example run the following command to add the missing indices. +docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/occ db:add-missing-indices"

    +
    +

    Debugging & Troubleshooting

    +

    It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

    +
    'trusted_proxies' =>
    +  array (
    +    0 => 'fd4d:6169:6c63:6f77::/64',
    +    1 => '172.22.1.0/24',
    +    2 => 'NewSubnet/24',
    +  ),
    +
    +

    After the changes have been made, the nginx container must be restarted. +docker compose restart nginx-mailcow

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/portainer/third_party-portainer/index.html b/2.5/en/third_party/portainer/third_party-portainer/index.html new file mode 100644 index 000000000..85f8455f7 --- /dev/null +++ b/2.5/en/third_party/portainer/third_party-portainer/index.html @@ -0,0 +1,2644 @@ + + + + + + + + + + + + + + + + + + Portainer - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Portainer

    + +

    In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

    +

    1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration +

    version: '2.1'
    +services:
    +    portainer-mailcow:
    +      image: portainer/portainer-ce
    +      volumes:
    +        - /var/run/docker.sock:/var/run/docker.sock
    +        - ./data/conf/portainer:/data
    +      restart: always
    +      dns:
    +        - 172.22.1.254
    +      dns_search: mailcow-network
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - portainer
    +
    +2a. Create data/conf/nginx/portainer.conf: +
    upstream portainer {
    +  server portainer-mailcow:9000;
    +}
    +
    +map $http_upgrade $connection_upgrade {
    +  default upgrade;
    +  '' close;
    +}
    +

    +

    2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: +

      location /portainer/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Host              $http_host;   # required for docker client's sake
    +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
    +    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_read_timeout                 900;
    +
    +    proxy_set_header Connection "";
    +    proxy_buffers 32 4k;
    +    proxy_pass http://portainer/;
    +  }
    +
    +  location /portainer/api/websocket/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Upgrade $http_upgrade;
    +    proxy_set_header Connection $connection_upgrade;
    +    proxy_pass http://portainer/api/websocket/;
    +  }
    +

    +

    3. Apply your changes: +

    docker compose up -d && docker compose restart nginx-mailcow
    +

    +

    Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.

    +
    +

    Reverse Proxy

    +

    If you are using a reverse proxy you will have to configure it to properly forward websocket requests.

    +

    This needs to be done for the docker console and other components to work.

    +

    Here is an example for Apache:

    +
    <Location /portainer/api/websocket/>
    +  RewriteEngine on
    +  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    +  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    +  RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P]
    +</Location>
    +
    + +
    +
    + + + Last update: + 2022-10-12 18:19:33 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/third_party/roundcube/third_party-roundcube/index.html b/2.5/en/third_party/roundcube/third_party-roundcube/index.html new file mode 100644 index 000000000..177c0edaf --- /dev/null +++ b/2.5/en/third_party/roundcube/third_party-roundcube/index.html @@ -0,0 +1,2833 @@ + + + + + + + + + + + + + + + + + + Roundcube - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Roundcube

    + +

    Installing Roundcube

    +

    Download Roundcube 1.6.x to the web htdocs directory and extract it (here rc/): +

    # Check for a newer release!
    +cd data/web
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +
    +# Change folder name
    +mv roundcubemail-1.6.0 rc
    +
    +# Change permissions
    +chown -R root: rc/
    +

    +

    If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. +

    #!/bin/bash
    +apk update
    +apk add aspell-en # or any other language
    +

    +

    Create a file data/web/rc/config/config.inc.php with the following content. + - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. + - The db_prefix is optional but recommended. + - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. +

    <?php
    +error_reporting(0);
    +if (!file_exists('/tmp/mime.types')) {
    +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
    +}
    +$config = array();
    +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
    +$config['imap_host'] = 'tls://dovecot:143';
    +$config['smtp_host'] = 'tls://postfix:587';
    +$config['smtp_user'] = '%u';
    +$config['smtp_pass'] = '%p';
    +$config['support_url'] = '';
    +$config['product_name'] = 'Roundcube Webmail';
    +$config['des_key'] = 'yourrandomstring_changeme';
    +$config['log_dir'] = '/dev/null';
    +$config['temp_dir'] = '/tmp';
    +$config['plugins'] = array(
    +  'archive',
    +  'managesieve'
    +);
    +$config['spellcheck_engine'] = 'aspell';
    +$config['mime_types'] = '/tmp/mime.types';
    +$config['imap_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['enable_installer'] = true;
    +$config['smtp_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['db_prefix'] = 'mailcow_rc1';
    +

    +

    Point your browser to https://myserver/rc/installer and follow the instructions. +Initialize the database and leave the installer.

    +

    Delete the directory data/web/rc/installer after a successful installation!

    +

    Configure ManageSieve filtering

    +

    Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): +

    $config['managesieve_host'] = 'tls://dovecot:4190';
    +$config['managesieve_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +// Enables separate management interface for vacation responses (out-of-office)
    +// 0 - no separate section (default),
    +// 1 - add Vacation section,
    +// 2 - add Vacation section, but hide Filters section
    +$config['managesieve_vacation'] = 1;
    +

    +

    Enable change password function in Roundcube

    +

    Open data/web/rc/config/config.inc.php and enable the password plugin:

    +
    ...
    +$config['plugins'] = array(
    +    'archive',
    +    'password',
    +);
    +...
    +
    +

    Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

    +
            case 'ssha256':
    +            $salt = rcube_utils::random_bytes(8);
    +            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
    +            $prefix  = '{SSHA256}';
    +            break;
    +
    +

    Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

    +
    $config['password_driver'] = 'sql';
    +$config['password_algorithm'] = 'ssha256';
    +$config['password_algorithm_prefix'] = '{SSHA256}';
    +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
    +
    +

    Integrate CardDAV addressbooks in Roundcube

    +

    Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): +

    cd data/web/rc/plugins
    +wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz  | tar xfvz -
    +chown -R root: carddav/
    +

    +

    Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: +

    $prefs['SOGo'] = array(
    +    'name'         =>  'SOGo',
    +    'username'     =>  '%u',
    +    'password'     =>  '%p',
    +    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
    +    'carddav_name_only' => true,
    +    'use_categories' => true,
    +    'active'       =>  true,
    +    'readonly'     =>  false,
    +    'refresh_time' => '02:00:00',
    +    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
    +    'hide'        =>  false,
    +);
    +
    +Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

    +

    Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

    +

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    +
    +

    Optionally, you can add Roundcube's link to the mailcow Apps list. +To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

    +

    NOTE: Don't forget to add the <?php delimiter on the first line

    +
    ...
    +$MAILCOW_APPS = array(
    +  array(
    +    'name' => 'SOGo',
    +    'link' => '/SOGo/'
    +  ),
    +  array(
    +    'name' => 'Roundcube',
    +    'link' => '/rc/'
    +   )
    +);
    +...
    +
    +

    Upgrading Roundcube

    +

    Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

    +
    # Enter a bash session of the mailcow PHP container
    +docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
    +
    +# Install required upgrade dependency, then upgrade Roundcube to wanted release
    +apk add rsync
    +cd /tmp
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +cd roundcubemail-1.6.0
    +bin/installto.sh /web/rc
    +
    +# Type 'Y' and press enter to upgrade your install of Roundcube
    +# Type 'N' to "Do you want me to fix your local configuration" if prompted
    +
    +# If you see  "NOTICE: Update dependencies by running php composer.phar update --no-dev" just download composer.phar and run it:
    +cd /web/rc
    +wget https://getcomposer.org/download/2.4.2/composer.phar
    +php composer.phar update --no-dev
    +# When asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
    +
    +
    +# Remove leftover files
    +cd /tmp
    +rm -rf roundcube*
    +
    +# If you're going from 1.5 to 1.6 please run the config file changes below
    +sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
    +
    +

    Let admins log into Roundcube without password

    +

    First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

    +

    Edit mailcow.conf and add the following:

    +
    # Allow admins to log into Roundcube as email user (without any password)
    +# Roundcube with plugin dovecot_impersonate must be installed first
    +
    +ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
    +
    +

    Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    environment:
    +      - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
    +
    +

    Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

    +
    if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
    +  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
    +}
    +
    +

    Edit data/web/mailbox.php and add this line to array $template_data:

    +
      'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
    +
    +

    Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

    +
      var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
    +
    +

    Copy the contents of the following files from this Snippet:

    +
      +
    • data/web/inc/lib/RoundcubeAutoLogin.php
    • +
    • data/web/rc-auth.php
    • +
    +

    Finally, restart mailcow

    +
    docker compose down
    +docker compose up -d
    +
    + +
    +
    + + + Last update: + 2022-11-03 10:43:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-admin_login_sogo/index.html b/2.5/en/troubleshooting/debug-admin_login_sogo/index.html new file mode 100644 index 000000000..999d933f7 --- /dev/null +++ b/2.5/en/troubleshooting/debug-admin_login_sogo/index.html @@ -0,0 +1,2654 @@ + + + + + + + + + + + + + + + + + + Admin login to SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Admin login to SOGo

    + +

    This is an experimental feature that allows admins and domain admins to directly +log into SOGo as a mailbox user, without knowing the users password.

    +

    For this, an additional link to SOGo is displayed in the mailbox list (mailcow UI).

    +

    Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

    +

    Enabling the feature

    +

    The feature is disabled by default. It can be enabled in the mailcow.conf by setting: +

    ALLOW_ADMIN_EMAIL_LOGIN=y
    +
    +and recreating the affected containers with

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Drawbacks when enabled

    +
      +
    • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. +This might impact load-times of SOGo / EAS. +In most cases, this should not be noticeable but should be kept in mind if you face any performance issues.
    • +
    • SOGo will not display a logout link for admin-logins, to login normally one has to logout from the mailcow UI so the PHP session is destroyed.
    • +
    • Subscribing to another user's calendar or address book while logged in as admin does not work. Neither does inviting other users to calendar events. The page will reload when these things are attempted.
    • +
    +

    Technical details

    +

    SOGoTrustProxyAuthentication option is set to YES which makes SOGo trust the x-webobjects-remote-user header.

    +

    Dovecot will receive a random master-password which is valid for all mailboxes when used by the SOGo container.

    +

    Clicking on the SOGo button in the mailbox list will open sogo-auth.php which checks permissions, sets session variables and redirects to the SOGo mailbox.

    +

    Each SOGo, CardDAV, CalDAV and EAS http request will cause an additional, nginx internal auth_request call to sogo-auth.php with the following behavior:

    +
      +
    • +

      If a basic_auth header is present, the script will validate the credentials in place of SOGo and provide the following headers: +x-webobjects-remote-user, Authorization and x-webobjects-auth-type.

      +
    • +
    • +

      If no basic_auth header is present, the script will check for an active mailcow admin session for the requested email user and provide the same headers but with the dovecot master password used in the Authorization header.

      +
    • +
    • +

      If both fails the headers will be set empty, which makes SOGo use its standard authentication methods.

      +
    • +
    +

    All of these options / behaviors are disabled if the ALLOW_ADMIN_EMAIL_LOGIN is not enabled in the config.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-attach_service/index.html b/2.5/en/troubleshooting/debug-attach_service/index.html new file mode 100644 index 000000000..cf6b373da --- /dev/null +++ b/2.5/en/troubleshooting/debug-attach_service/index.html @@ -0,0 +1,2779 @@ + + + + + + + + + + + + + + + + + + Attach to a Container - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Attach to a Container

    + +

    Attaching a Container to your Shell

    +

    To attach a container to your shell you can simply run

    +
    +
    +
    +
    docker compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    docker-compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    +

    Connecting to Services

    +

    If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

    +

    MySQL

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    +

    Redis

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Service Descriptions

    +

    Here is a brief overview of what container / service does what:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Service NameService Descriptions
    unbound-mailcowLocal (DNSSEC) DNS Resolver
    mysql-mailcowStores SOGo's and most of mailcow's settings
    postfix-mailcowReceives and sends mails
    dovecot-mailcowUser logins and sieve filter
    redis-mailcowStorage back-end for DKIM keys and Rspamd
    rspamd-mailcowMail filtering system. Used for av handling, dkim signing, spam handling
    clamd-mailcowScans attachments for viruses
    olefy-mailcowScans attached office documents for macro-viruses
    solr-mailcowProvides full-text search in Dovecot
    sogo-mailcowWebmail client that handles Microsoft ActiveSync and Cal- / CardDav
    nginx-mailcowNginx remote proxy that handles all mailcow related HTTP / HTTPS requests
    acme-mailcowAutomates HTTPS (SSL/TLS) certificate deployment
    memcached-mailcowInternal caching system for mailcow services
    watchdog-mailcowAllows the monitoring of docker containers / services
    php-fpm-mailcowPowers the mailcow web UI
    netfilter-mailcowFail2Ban like integration
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-common_problems/index.html b/2.5/en/troubleshooting/debug-common_problems/index.html new file mode 100644 index 000000000..a3d45acae --- /dev/null +++ b/2.5/en/troubleshooting/debug-common_problems/index.html @@ -0,0 +1,2752 @@ + + + + + + + + + + + + + + + + + + Common Problems - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Common Problems

    + +

    Here we list common problems and possible solutions:

    +

    Mail loops back to myself

    +

    Please check in your mailcow UI if you made the domain a backup MX:

    +

    Check your MX Backup settings

    +

    I can receive but not send mails

    +

    There are a lot of things that could prevent you from sending mail:

    +
      +
    • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
    • +
    • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
    • +
    +
    # telnet 74.125.133.27 465
    +Trying 74.125.133.27...
    +Connected to 74.125.133.27.
    +Escape character is '^]'.
    +
    +

    My mails are identified as Spam

    +

    Please read our guide on DNS configuration.

    +

    docker compose throws weird errors

    +

    ... like:

    +
      +
    • ERROR: Invalid interpolation format ...
    • +
    • AttributeError: 'NoneType' object has no attribute 'keys'.
    • +
    • ERROR: In file './docker-compose.yml' service 'version' doesn't have any configuration options.
    • +
    +

    When you encounter one or similar messages while trying to run mailcow: dockerized please check if you have the latest version of Docker and docker compose

    +

    Container XY is unhealthy

    +

    This error tries to tell you that one of the (health) conditions for a certain container are not met. Therefore it can't be started. This can have several reasons, the most common one is an updated git clone but old docker image or vice versa.

    +

    A wrong configured firewall could also cause such a failure. The containers need to be able to talk to each other over the network 172.22.1.1/24.

    +

    It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

    +

    Address already in use

    +

    If you get an error message like:

    +
    ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
    +
    +

    while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

    +

    XYZ can't connect to ...

    +

    Please check your local firewall! +Docker and iptables-based firewalls sometimes create conflicting rules, so disable the firewall on your host to determine whether your connection issues are caused by such conflicts. If they are, you need to manually create appropriate rules in your host firewall to permit the necessary connections.

    +

    If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

    +

    While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

    +

    To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

    +
    dism /online /Enable-Feature /FeatureName:TelnetClient
    +
    +

    Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

    +

    Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

    +

    Dovecot keeps restarting (see #2672)

    +

    Check that you have at least the following files in data/assets/ssl:

    +
    cert.pem
    +dhparams.pem
    +key.pem
    +
    +

    If dhparams.pem is missing, you can generate it with

    +
    openssl dhparam -out data/assets/ssl/dhparams.pem 4096
    +
    +
    +
    +
      +
    1. +

      netcat, nmap, openssl, telnet, etc. 

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-logs/index.html b/2.5/en/troubleshooting/debug-logs/index.html new file mode 100644 index 000000000..887dcd40a --- /dev/null +++ b/2.5/en/troubleshooting/debug-logs/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Logs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logs

    + +
    +

    Warning

    +

    This section only applies for Dockers default logging driver (JSON).

    +
    +

    To view the logs of all mailcow: dockerized related containers, you can use docker compose logs inside your mailcow-dockerized folder that contains your mailcow.conf. This is usually a bit much, but you could trim the output with --tail=100 to the last 100 lines per container, or add a -f to follow the live output of all your services.

    +

    To view the logs of a specific service you can use docker compose logs [options] $service_name

    +
    +

    Info

    +

    The available options for the command docker compose logs are:

    +
      +
    • --no-color: Produce monochrome output.
    • +
    • -f: Follow the log output.
    • +
    • -t: Show timestamps.
    • +
    • --tail="all": Number of lines to show from the end of the logs for each container.
    • +
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-mysql_aria/index.html b/2.5/en/troubleshooting/debug-mysql_aria/index.html new file mode 100644 index 000000000..63062e973 --- /dev/null +++ b/2.5/en/troubleshooting/debug-mysql_aria/index.html @@ -0,0 +1,2595 @@ + + + + + + + + + + + + + + + + + + Recover crashed Aria storage engine - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Recover crashed Aria storage engine

    + +

    MariaDB: Aria recovery after crash

    +

    If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

    +

    Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker compose ps.

    +

    Now run the following commands:

    +
    # Stop the stack, don't run "down"
    +docker compose stop
    +# Run a bash in the stopped container as user mysql
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
    +# cd to the SQL data directory
    +cd /var/lib/mysql
    +# Run aria_chk
    +aria_chk --check --force */*.MAI
    +# Delete aria log files
    +rm aria_log.*
    +
    +

    Now run docker compose down followed by docker compose up -d.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-mysql_upgrade/index.html b/2.5/en/troubleshooting/debug-mysql_upgrade/index.html new file mode 100644 index 000000000..4d646d82c --- /dev/null +++ b/2.5/en/troubleshooting/debug-mysql_upgrade/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Manual MySQL upgrade - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manual MySQL upgrade

    + +

    Run a manual mysql_upgrade

    +

    This step is usually not necessary.

    +
    docker compose stop mysql-mailcow watchdog-mailcow
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
    +
    +

    As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

    +
    mysql_upgrade
    +exit
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-reset_pw/index.html b/2.5/en/troubleshooting/debug-reset_pw/index.html new file mode 100644 index 000000000..51100196e --- /dev/null +++ b/2.5/en/troubleshooting/debug-reset_pw/index.html @@ -0,0 +1,2793 @@ + + + + + + + + + + + + + + + + + + Reset Passwords (incl. SQL) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Reset Passwords (incl. SQL)

    + +

    mailcow Admin Account

    +

    Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

    +
    cd mailcow_path
    +./helper-scripts/mailcow-reset-admin.sh
    +
    +

    Reset MySQL Passwords

    +

    Stop the stack by running docker compose stop.

    +

    When the containers came to a stop, run this command:

    +
    docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
    +
    +

    1. Find database name

    +
    # source mailcow.conf
    +# docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +MariaDB [(none)]> show databases;
    ++--------------------+
    +| Database           |
    ++--------------------+
    +| information_schema |
    +| mailcow_database   | <=====
    +| mysql              |
    +| performance_schema |
    ++--------------------+
    +4 rows in set (0.00 sec)
    +
    +

    2. Reset one or more users

    +

    2.1 Maria DB < 10.4 (older mailcow installations)

    +

    Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user         |
    ++--------------+
    +| mailcow      | <=====
    +| root         |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    2.2 Maria DB >= 10.4 (current mailcows)

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user         |
    ++--------------+
    +| mailcow      | <=====
    +| root         |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh';
    +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    Remove Two-Factor Authentication

    +

    For mailcow WebUI:

    +

    This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
    +
    +

    For SOGo:

    +
    docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-reset_tls/index.html b/2.5/en/troubleshooting/debug-reset_tls/index.html new file mode 100644 index 000000000..1c917905d --- /dev/null +++ b/2.5/en/troubleshooting/debug-reset_tls/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + Reset TLS certificates - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Reset TLS certificates

    + +

    In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

    +
    source mailcow.conf
    +docker compose down
    +rm -rf data/assets/ssl
    +mkdir data/assets/ssl
    +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
    +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
    +docker compose up -d
    +
    +

    This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

    +

    If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

    +

    Please also note that previous TLSA records will be invalid.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-rm_volumes/index.html b/2.5/en/troubleshooting/debug-rm_volumes/index.html new file mode 100644 index 000000000..a3280e3fd --- /dev/null +++ b/2.5/en/troubleshooting/debug-rm_volumes/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Remove Persistent Data - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Remove Persistent Data

    + +

    You may want to remove a set of persistent data to resolve a conflict or to start over.

    +

    mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

    +

    Delete a single volume:

    +
    docker volume rm mailcowdockerized_${VOLUME_NAME}
    +
    +
      +
    • Remove volume mysql-vol-1 to remove all MySQL data.
    • +
    • Remove volume redis-vol-1 to remove all Redis data.
    • +
    • Remove volume vmail-vol-1 to remove all contents of /var/vmail mounted to dovecot-mailcow.
    • +
    • Remove volume rspamd-vol-1 to remove all Rspamd data.
    • +
    • Remove volume crypt-vol-1 to remove all crypto data. This will render all mails unreadable.
    • +
    +

    Alternatively, running docker compose down -v will destroy all mailcow: dockerized volumes and delete any related containers and networks.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug-rspamd_memory_leaks/index.html b/2.5/en/troubleshooting/debug-rspamd_memory_leaks/index.html new file mode 100644 index 000000000..d12e1c10f --- /dev/null +++ b/2.5/en/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -0,0 +1,2550 @@ + + + + + + + + + + + + + + + + + + Advanced: Find memory leaks in Rspamd - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Advanced: Find memory leaks in Rspamd

    + +

    A quick guide to deeply analyze a malfunctioning Rspamd.

    +
    docker compose exec rspamd-mailcow bash
    +
    +if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
    +  sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list
    +fi
    +
    +apt-get update ; apt-get upgrade rspamd
    +
    +nano /docker-entrypoint.sh
    +
    +# Before "exec "$@"" add the following lines:
    +
    +export G_SLICE=always-malloc
    +export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
    +
    +

    Restart Rspamd: docker compose restart rspamd-mailcow

    +

    Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for.

    +

    Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to "happen") and restart it: docker compose restart rspamd-mailcow.

    +

    Now enter the container by running docker compose exec rspamd-mailcow bash, change the directory to /tmp and copy the asan Files to your desired location or upload them via termbin.com (cat /tmp/rspamd-asan.* | nc termbin.com 9999).

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/en/troubleshooting/debug/index.html b/2.5/en/troubleshooting/debug/index.html new file mode 100644 index 000000000..9b50d48ba --- /dev/null +++ b/2.5/en/troubleshooting/debug/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Introduction - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Introduction

    + +

    When a problem occurs, then always for a reason! What you want to do in such a case is:

    +
      +
    1. Read your logs; follow them to see what the reason for your problem is.
    2. +
    3. Follow the leads given to you in your logfiles and start investigating.
    4. +
    5. Restarting the troubled service or the whole stack to see if the problem persists.
    6. +
    7. Read the documentation of the troubled service and search it's bugtracker for your problem.
    8. +
    9. Search our issues for your problem.
    10. +
    11. Create an issue over at our GitHub repository if you think your problem might be a bug or a missing feature you badly need. But please make sure, that you include all the logs and a full description to your problem. Please do not ask for support on Git.
    12. +
    13. Join our Telegram community or find the official support packages at Servercow.
      Alternatively ask Twitter and tag us with @mailcow_email
    14. +
    + +
    +
    + + + Last update: + 2022-01-30 15:28:48 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/firststeps-disable_ipv6/index.html b/2.5/firststeps-disable_ipv6/index.html new file mode 100644 index 000000000..6feea83f7 --- /dev/null +++ b/2.5/firststeps-disable_ipv6/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-dmarc_reporting/index.html b/2.5/firststeps-dmarc_reporting/index.html new file mode 100644 index 000000000..cae600408 --- /dev/null +++ b/2.5/firststeps-dmarc_reporting/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-ip_bindings/index.html b/2.5/firststeps-ip_bindings/index.html new file mode 100644 index 000000000..42c29fa84 --- /dev/null +++ b/2.5/firststeps-ip_bindings/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-local_mta/index.html b/2.5/firststeps-local_mta/index.html new file mode 100644 index 000000000..9ed3ed150 --- /dev/null +++ b/2.5/firststeps-local_mta/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-logging/index.html b/2.5/firststeps-logging/index.html new file mode 100644 index 000000000..343568013 --- /dev/null +++ b/2.5/firststeps-logging/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-rp/index.html b/2.5/firststeps-rp/index.html new file mode 100644 index 000000000..ad6de7f64 --- /dev/null +++ b/2.5/firststeps-rp/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-rspamd_ui/index.html b/2.5/firststeps-rspamd_ui/index.html new file mode 100644 index 000000000..c7b4a8e2e --- /dev/null +++ b/2.5/firststeps-rspamd_ui/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-snat/index.html b/2.5/firststeps-snat/index.html new file mode 100644 index 000000000..196a0966b --- /dev/null +++ b/2.5/firststeps-snat/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-ssl/index.html b/2.5/firststeps-ssl/index.html new file mode 100644 index 000000000..d2379e618 --- /dev/null +++ b/2.5/firststeps-ssl/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/firststeps-sync_jobs_migration/index.html b/2.5/firststeps-sync_jobs_migration/index.html new file mode 100644 index 000000000..1d8e82dca --- /dev/null +++ b/2.5/firststeps-sync_jobs_migration/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/i_u_m/i_u_m_deinstall/index.html b/2.5/i_u_m/i_u_m_deinstall/index.html new file mode 100644 index 000000000..ae28b32b7 --- /dev/null +++ b/2.5/i_u_m/i_u_m_deinstall/index.html @@ -0,0 +1,2552 @@ + + + + + + + + + + + + + + + + + + Deinstallation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Deinstallation

    + +

    To remove mailcow: dockerized with all it's volumes, images and containers do:

    +
    +
    +
    +
    docker compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    docker-compose down -v --rmi all --remove-orphans
    +
    +
    +
    +
    +
    +

    Info

    +
      +
    • -v Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers.
    • +
    • --rmi Remove images. Type must be one of: all: Remove all images used by any service. local: Remove only images that don't have a custom tag set by the image field.
    • +
    • --remove-orphans Remove containers for services not defined in the compose file.
    • +
    • By default docker compose down only removes currently active containers and networks defined in the docker-compose.yml.
    • +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/i_u_m/i_u_m_install/index.html b/2.5/i_u_m/i_u_m_install/index.html new file mode 100644 index 000000000..378b5c10d --- /dev/null +++ b/2.5/i_u_m/i_u_m_install/index.html @@ -0,0 +1,2894 @@ + + + + + + + + + + + + + + + + + + Installation - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installation

    + +

    Docker and Docker Compose Installation

    +

    You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version >= 2.0 is required).

    +

    Learn how to install Docker and Docker Compose.

    +

    Quick installation for most operation systems:

    +

    Docker

    +
    curl -sSL https://get.docker.com/ | CHANNEL=stable sh
    +# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
    +systemctl enable --now docker
    +
    +

    docker compose

    +
    +

    Danger

    +

    mailcow requires the latest version of docker compose v2.
    +If Docker was installed using the script above, the Docker Compose plugin is already automatically installed in a version >=2.0.
    +Is your mailcow installation older or Docker was installed in a different way, the Compose plugin or the standalone version of Docker must be installed manually.

    +
    +

    Installation via Paketmanager (plugin)

    +
    +

    Info

    +

    This approach with the package sources is only possible if the Docker repository has been included. This can happen either through the instructions above (see Docker) or through a manually integration.

    +
    +

    On Debian/Ubuntu systems: +

    apt update
    +apt install docker-compose-plugin
    +

    +

    On Centos 7 systems: +

    yum update
    +yum install docker-compose-plugin
    +

    +
    +

    Danger

    +

    The Docker Compose command syntax is docker compose for the plugin variant of Docker Compose!!!

    +
    +

    Installation via Script (standalone)

    +
    +

    Info

    +

    This installation is the old familiar way. It installs Docker Compose as a standalone program and does not rely on the Docker installation way.

    +
    +
    LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
    +chmod +x /usr/local/bin/docker-compose
    +
    +
    +

    Danger

    +

    The Docker Compose command syntax is docker-compose for the standalone variant of Docker Compose!!!

    +
    +

    Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

    +

    Check SELinux specifics

    +

    On SELinux enabled systems, e.g. CentOS 7:

    +
      +
    • Check if "container-selinux" package is present on your system:
    • +
    +
    rpm -qa | grep container-selinux
    +
    +

    If the above command returns an empty or no output, you should install it via your package manager.

    +
      +
    • Check if docker has SELinux support enabled:
    • +
    +
    docker info | grep selinux
    +
    +

    If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add "selinux-enabled": true. Example file content:

    +
    {
    +  "selinux-enabled": true
    +}
    +
    +

    Restart the docker daemon and verify SELinux is now enabled.

    +

    This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. +If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.

    +

    Install mailcow

    +

    Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.

    +
    $ su
    +# umask
    +0022 # <- Verify it is 0022
    +# cd /opt
    +# git clone https://github.com/mailcow/mailcow-dockerized
    +# cd mailcow-dockerized
    +
    +

    Initialize mailcow

    +

    Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked. +

    ./generate_config.sh
    +

    +

    Change configuration if you want or need to. +

    nano mailcow.conf
    +
    +If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.

    +

    You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation.

    +

    Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.

    +

    Troubleshooting

    +

    Users with a MTU not equal to 1500 (e.g. OpenStack)

    +

    Whenever you run into trouble and strange phenomena, please check your MTU.

    +

    Edit docker-compose.yml and change the network settings according to your MTU. +Add the new driver_opts parameter like this: +

    networks:
    +  mailcow-network:
    +    ...
    +    driver_opts:
    +      com.docker.network.driver.mtu: 1450
    +    ...
    +

    +

    Users without an IPv6 enabled network on their host system

    +

    Please don't turn off IPv6, even if you don't like it. IPv6 is the future and should not be ignored.

    +

    If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.

    +

    Start mailcow

    +

    Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached:

    +
    +
    +
    +
    docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Done!

    +

    You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo.

    +
    +

    Info

    +

    If you are not using mailcow behind a reverse proxy, you should redirect all HTTP requests to HTTPS.

    +
    +

    The database will be initialized right after a connection to MySQL can be established.

    +

    Your data will persist in multiple Docker volumes, that are not deleted when you recreate or delete containers. Run docker volume ls to see a list of all volumes. You can safely run docker compose down without removing persistent data.

    + +
    +
    + + + Last update: + 2022-12-16 19:22:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/i_u_m/i_u_m_migration/index.html b/2.5/i_u_m/i_u_m_migration/index.html new file mode 100644 index 000000000..515a9f818 --- /dev/null +++ b/2.5/i_u_m/i_u_m_migration/index.html @@ -0,0 +1,2598 @@ + + + + + + + + + + + + + + + + + + Migration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Migration

    + +
    +

    Warning

    +

    This guide assumes you intend to migrate an existing mailcow server (source) over to a brand new, empty server (target). It takes no care about preserving any existing data on your target server and will erase anything within /var/lib/docker/volumes and thus any Docker volumes you may have already set up.

    +
    +
    +

    Tip

    +

    Alternatively, you can use the ./helper-scripts/backup_and_restore.sh script to create a full backup on the source machine, then install mailcow on the target machine as usual, copy over your mailcow.conf and use the same script to restore your backup to the target machine.

    +
    +

    1. +Follow the installation guide to install Docker and Compose.

    +

    2. Stop Docker and assure Docker has stopped: +

    systemctl stop docker.service
    +systemctl status docker.service
    +

    +

    3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine: +

    rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
    +rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
    +

    +

    4. Shut down mailcow and stop Docker on the source machine.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose down
    +systemctl stop docker.service
    +
    +
    +
    +
    +

    5. Repeat step 3 with the same commands. This will be much quicker than the first time.

    +

    6. Switch over to the target machine and start Docker. +

    systemctl start docker.service
    +

    +

    7. Now pull the mailcow Docker images on the target machine.

    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker compose pull
    +
    +
    +
    +
    cd /opt/mailcow-dockerized
    +docker-compose pull
    +
    +
    +
    +
    +

    8. Start the whole mailcow stack and everything should be done!

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    +

    9. Finally, change your DNS settings to point to the target server.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/i_u_m/i_u_m_update/index.html b/2.5/i_u_m/i_u_m_update/index.html new file mode 100644 index 000000000..2f39b056f --- /dev/null +++ b/2.5/i_u_m/i_u_m_update/index.html @@ -0,0 +1,2848 @@ + + + + + + + + + + + + + + + + + + Update - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Update

    + +

    Automatic update

    +

    An update script in your mailcow-dockerized directory will take care of updates.

    +

    But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

    +

    Run the update script: +

    ./update.sh
    +

    +

    If it needs to, it will ask you how you wish to proceed. +Merge errors will be reported. +Some minor conflicts will be auto-corrected (in favour for the mailcow-dockerized repository code).

    +

    Options

    +
    # Options can be combined
    +
    +# - Check for updates and show changes
    +./update.sh --check
    +
    +# - Do not start mailcow after applying an update
    +./update.sh --skip-start
    +
    +# - Skip ICMP Check to public DNS resolvers (Use it only if you´ve blocked any ICMP Connections to your mailcow machine)
    +./update.sh --skip-ping-check
    +
    +# - Switch your mailcow updates to the unstable (nightly) branch.
    +FOR TESTING PURPOSES ONLY!!!! NOT READY FOR PRODUCTION!!!
    +./update.sh --nightly
    +
    +# - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly.
    +./update.sh --stable
    +
    +# - Force update (unattended, but unsupported, use at own risk)
    +./update.sh --force
    +
    +# - Run garbage collector to cleanup old image tags and exit
    +./update.sh --gc
    +
    +# - Update with merge strategy option "ours" instead of "theirs"
    +#   This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.
    +./update.sh --ours
    +
    +# - Don't update, but prefetch images and exit
    +./update.sh --prefetch
    +
    +

    I forgot what I changed before running update.sh

    +

    See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

    +
    22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
    +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
    +
    +

    Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

    +

    Can I roll back?

    +

    Yes.

    +

    See the topic above, instead of a diff, you run checkout:

    +
    +
    +
    +
    docker compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker compose pull
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    +git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +docker-compose pull
    +docker-compose up -d
    +
    +
    +
    +
    +

    Hooks

    +

    You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

    +

    Update Cycle

    +
      +
    • We schedule a monthly release cycle for a major update at the first tuesday of the month.
    • +
    • The releases are numbered like this: YYYY-MM (e.g. 2022-05)
    • +
    • Fixes for a main Update will be stated as "Revisions" like a,b,c (e.g. 2022-05a, 2022-05b etc.)
    • +
    +

    Update variants

    +

    stable (stable updates): These updates are suitable for productive usage. They appear in a cycle of at least 1x per month.

    +

    nightly (unstable updates): These updates are NOT suitable for production use and are for testing only. The nightly updates are ahead of the stable updates, since in these updates we test newer and more extensive features before they go live for all users.

    +

    NEW: Get Nightly Updates

    +

    Info about the Nightly Updates

    +

    Since the 2022-08 update there is the possibility to change the update sources. Until now, the master branch on GitHub served as the only (official) update source. With the August 2022 update, however, there is now the Nightly Branch which contains unstable and major changes for testing and feedback.

    +

    The Nightly Branch always gets new updates when something is finished on the mailcow project that will be included in the new main version.

    +

    Besides the obvious changes that will be included in the next major update anyway, it also contains exclusive features that need a longer testing time (e.g. the UI update to Bootstrap 5).

    +

    How do I get Nightly Updates?

    +

    The process is relatively simple. With the 2022-08 update (assuming an update to the version) it is possible to run update.sh with the parameter --nightly.

    +
    +

    Danger

    Please make a backup before or follow the Best Practice Nightly Update section before switching to mailcow nightly builds. We are not responsible for any data loss/corruption, so work with caution!

    +

    +
    +

    The script will now change the branch with git checkout nightly, which means it will ask for the IPv6 settings again. But this is normal.

    +

    If everything worked fine (for which we made a backup before) the mailcow UI should now show the current version number and date stamp in the lower right corner:
    +nightly footer

    +

    Best Practice Nightly Update

    +
    +

    Info

    We recommend using the Nightly Update only if you have another machine or VM and NOT use it productively.

    +

    +
    +
      +
    1. use the cold standby script to copy the machine before the switch to the nightly builds on another system.
    2. +
    3. run the update.sh script on the new machine with the parameter --nightly and confirm.
    4. +
    5. experience/test the nightly updates on the secondary machine.
    6. +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/i_u_m_deinstall/index.html b/2.5/i_u_m_deinstall/index.html new file mode 100644 index 000000000..24f69102b --- /dev/null +++ b/2.5/i_u_m_deinstall/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/i_u_m_install/index.html b/2.5/i_u_m_install/index.html new file mode 100644 index 000000000..1fb2a4651 --- /dev/null +++ b/2.5/i_u_m_install/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/i_u_m_migration/index.html b/2.5/i_u_m_migration/index.html new file mode 100644 index 000000000..c31d24fb7 --- /dev/null +++ b/2.5/i_u_m_migration/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/i_u_m_update/index.html b/2.5/i_u_m_update/index.html new file mode 100644 index 000000000..37507cd66 --- /dev/null +++ b/2.5/i_u_m_update/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/index.html b/2.5/index.html new file mode 100644 index 000000000..a8d7910e6 --- /dev/null +++ b/2.5/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Information & Support - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    🐮 + 🐋 = 💕

    +

    Help mailcow

    +

    Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us. :)

    +

    If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN.

    +

    Get support

    +

    There are two ways to achieve support for your mailcow installation.

    +

    Commercial support

    +

    For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN. For custom inquiries or questions please contact us at info@servercow.de instead.

    +

    Furthermore we do also provide a fully featured and managed mailcow here. This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way.

    +

    Community support and chat

    +

    The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything.

    + +

    Telegram desktop clients are available for multiple platforms. You can search the groups history for keywords.

    +

    For bug tracking, feature requests and code contributions only:

    + +

    Demos

    +

    Since September 2022 we´re providing two seperate Demo instances:

    +
      +
    • demo.mailcow.email is the classic Demo based on the stable releases.
    • +
    • nightly-demo.mailcow.email is the new nightly demo based on unreleased testing features. (So especially interesting for those who have no possibility to create a test instance themselves.)
    • +
    +

    Use the following credentials to login on both demos:

    +
      +
    • Administrator: admin / moohoo
    • +
    • Domain-Administrator: department / moohoo
    • +
    • Mailbox: demo@440044.xyz / moohoo
    • +
    +
    +

    Success

    +

    The demo instances get the latest updates directly after releases from GitHub. Fully automatic, without any downtime!

    +
    +

    Overview

    +

    The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:

    +
      +
    • DKIM and ARC support
    • +
    • Black- and whitelists per domain and per user
    • +
    • Spam score management per-user (reject spam, mark spam, greylist)
    • +
    • Allow mailbox users to create temporary spam aliases
    • +
    • Prepend mail tags to subject or move mail to sub folder (per-user)
    • +
    • Allow mailbox users to toggle incoming and outgoing TLS enforcement
    • +
    • Allow users to reset SOGo ActiveSync device caches
    • +
    • imapsync to migrate or pull remote mailboxes regularly
    • +
    • TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP
    • +
    • Add domains, mailboxes, aliases, domain aliases and SOGo resources
    • +
    • Add whitelisted hosts to forward mail to mailcow
    • +
    • Fail2ban-like integration
    • +
    • Quarantine system
    • +
    • Antivirus scanning incl. macro scanning in office documents
    • +
    • Integrated basic monitoring
    • +
    • A lot more...
    • +
    +

    mailcow: dockerized comes with multiple containers linked in one bridged network. +Each container represents a single application.

    + +
    +

    Warning

    +

    Mails are stored compressed and encrypted. The key pair can be found in crypt-vol-1. Be sure to backup this volume!

    +
    +

    Docker volumes to keep dynamic data - take care of them!

    +
      +
    • clamd-db-vol-1
    • +
    • crypt-vol-1
    • +
    • mysql-socket-vol-1
    • +
    • mysql-vol-1
    • +
    • postfix-vol-1
    • +
    • redis-vol-1
    • +
    • rspamd-vol-1
    • +
    • sogo-userdata-backup-vol-1
    • +
    • sogo-web-vol-1
    • +
    • solr-vol-1
    • +
    • vmail-index-vol-1
    • +
    • vmail-vol-1
    • +
    + +
    +
    + + + Last update: + 2022-09-24 12:40:59 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/2.5/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html new file mode 100644 index 000000000..05a0cebd7 --- /dev/null +++ b/2.5/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -0,0 +1,2723 @@ + + + + + + + + + + + + + + + + + + Additional Databases - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    + +
    + + + +
    +
    + + + + + + + + + +

    Additional Databases

    + +

    Additional Databases for ClamAV

    +

    Default ClamAV databases do not have great detection levels, but it can be enhanced with free or paid signature databases.

    +

    List of known free databases | As of April 2022

    +
      +
    • SecurityInfo - free ClamAV DBs for testing purposes, required registration after which you can use them from 1 IP
    • +
    • InterServer - free to use ClamAV DBs, but they do not fit well for email scanning
    • +
    +

    Enable SecuriteInfo databases

    +
      +
    1. Sign up for a free account at https://www.securiteinfo.com/clients/customers/signup
    2. +
    3. You will receive an email to activate your account and then a follow-up email with your login name
    4. +
    5. Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account
    6. +
    7. Click on the Setup tab
    8. +
    9. You will need to get your_id from one of the download links, they are individual for every user
    10. +
    11. +

      Add to data/conf/clamav/freshclam.conf with replaced your_id part: +

      DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
      +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
      +

      +
    12. +
    13. +

      For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

      +
    14. +
    15. +

      Adjust data/conf/clamav/clamd.conf to align with next settings: +

      DetectPUA yes
      +ExcludePUA PUA.Win.Packer
      +ExcludePUA PUA.Win.Trojan.Packed
      +ExcludePUA PUA.Win.Trojan.Molebox
      +ExcludePUA PUA.Win.Packer.Upx
      +ExcludePUA PUA.Doc.Packed
      +MaxScanSize 150M
      +MaxFileSize 100M
      +MaxRecursion 40
      +MaxEmbeddedPE 100M
      +MaxHTMLNormalize 50M
      +MaxScriptNormalize 50M
      +MaxZipTypeRcg 50M
      +

      +
    16. +
    17. Restart ClamAV container:
    18. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Please note:

    +
      +
    • You can't use ExcludePUA and IncludePUA in clamd.conf simultaneously, so please comment any IncludePUA if you uncommented them before.
    • +
    • List of databases provided in this example fit most use-cases, but SecuriteInfo also provides other databases. Please check SecuriteInfo FAQ for additional information.
    • +
    • With the current DB set (including default DBs) ClamAV will consume about 1.3Gb of RAM on your server.
    • +
    • If you modified message_size_limit in Postfix you need to adapt MaxSize settings in ClamAV as well.
    • +
    +

    Enable InterServer databases

    +
      +
    1. Add to data/conf/clamav/freshclam.conf: +
      DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
      +DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
      +DatabaseCustomURL http://sigs.interserver.net/shell.ldb
      +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
      +
    2. +
    3. Restart ClamAV container:
    4. +
    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/2.5/manual-guides/ClamAV/u_e-clamav-whitelist/index.html new file mode 100644 index 000000000..b82652278 --- /dev/null +++ b/2.5/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -0,0 +1,2631 @@ + + + + + + + + + + + + + + + + + + Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Whitelist

    + +

    Whitelist specific ClamAV signatures

    +

    You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

    +
    +
    +
    +
    docker compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    docker-compose logs clamd-mailcow | grep "FOUND"
    +
    +
    +
    +
    +

    This line confirms that such was identified:

    +
    clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
    +
    +

    To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

    +
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
    +
    +

    Then restart the clamd-mailcow service container in the mailcow UI or using docker compose:

    +
    +
    +
    +
    docker compose restart clamd-mailcow
    +
    +
    +
    +
    docker-compose restart clamd-mailcow
    +
    +
    +
    +
    +

    Cleanup cached ClamAV results in Redis:

    +
    +
    +
    +
    docker compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    docker-compose exec redis-mailcow /bin/sh
    +/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +/data # exit
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/2.5/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html new file mode 100644 index 000000000..307e500d4 --- /dev/null +++ b/2.5/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -0,0 +1,2557 @@ + + + + + + + + + + + + + + + + + + Customize Dockerfiles - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize Dockerfiles

    + +

    You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

    +
    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
    +
    +

    Customize data/Dockerfiles/$service and build the image locally: +

    docker build data/Dockerfiles/$service -t mailcow/$service:$tag
    +
    +(without a personalized :$tag docker will use :latest automatically)

    +

    Now the created image has to be activated in docker-compose.override.yml, e.g.: +

    $service-mailcow:
    +    build: ./data/Dockerfiles/$service
    +    image: mailcow/$service:$tag
    +

    +

    Now auto-recreate modified containers:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html new file mode 100644 index 000000000..573647498 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + Enable "any" ACL settings - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Enable "any" ACL settings

    + +

    On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

    +

    This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

    +
    ACL_ANYONE=allow
    +
    +

    Apply the changes by restarting the stack:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html new file mode 100644 index 000000000..3da66a4a9 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + Vacation replies for catchall addresses - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Vacation replies for catchall addresses

    + +

    The Dovecot parameter sieve_vacation_dont_check_recipient - which was by default set to yes in mailcow configurations pre 21st July 2021 - allows for vacation replies even when a mail is sent to non-existent mailboxes like a catch-all addresses.

    +

    We decided to switch this parameter back to no and allow a user to specify which recipient address triggers a vacation reply. The triggering recipients can also be configured in SOGos autoresponder feature.

    + +
    +
    + + + Last update: + 2022-02-02 11:37:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-expunge/index.html new file mode 100644 index 000000000..fffb3c6d9 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -0,0 +1,2753 @@ + + + + + + + + + + + + + + + + + + Expunge a Users mails - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Expunge a Users mails

    + +

    If you want to delete old mails out of the .Junk or .Trash folders or maybe delete all read mails that are older than a certain amount of time you may use dovecot's tool doveadm man doveadm-expunge.

    +

    The manual way

    +

    That said, let's dive in:

    +

    Delete a user's mails inside the junk folder that are read and older than 4 hours

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
    +
    +
    +
    +
    +

    Delete all user's mails in the junk folder that are older than 7 days

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
    +
    +
    +
    +
    +

    Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance).

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
    +
    +
    +
    +
    +

    Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
    +
    +
    +
    +
    +
    +

    Info

    +

    For possible time spans or search keys have a look at man doveadm-search-query

    +
    +

    Job scheduler

    +

    via the host system cron

    +

    If you want to automate such a task you can create a cron job on your host that calls a script like the one below:

    +
    +
    +
    +
    #!/bin/bash
    +# Path to mailcow-dockerized, for example: /opt/mailcow-dockerized
    +cd /path/to/your/mailcow-dockerized
    +
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    #!/bin/bash
    +# Path to mailcow-dockerized, for example: /opt/mailcow-dockerized
    +cd /path/to/your/mailcow-dockerized
    +
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
    +docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
    +[...]
    +
    +
    +
    +
    +

    To create a cron job you may execute crontab -e and insert something like the following to execute a script:

    +
    # Execute everyday at 04:00 A.M.
    +0 4 * * * /path/to/your/expunge_mailboxes.sh
    +
    +

    via Docker job scheduler

    +

    To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow:

    +
    version: '2.1'
    +
    +services:
    +
    +  ofelia:
    +    image: mcuadros/ofelia:latest
    +    restart: always
    +    command: daemon --docker
    +    volumes:
    +      - /var/run/docker.sock:/var/run/docker.sock:ro   
    +    network_mode: none
    +
    +  dovecot-mailcow:
    +    labels:
    +      - "ofelia.enabled=true"
    +      - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
    +      - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
    +      - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
    +
    +

    The job controller just need access to the docker control socket to be able to emulate the behavior of "exec". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru. +This docker-compose.override.yml deletes all mails older then 2 weeks from the "Junk" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this:

    +
    common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
    +common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
    +
    +

    If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug.

    +

    In case you want to add more jobs, ensure you change the "dovecot-expunge-trash" part after "ofelia.job-exec." to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html new file mode 100644 index 000000000..ee36ea7e2 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Customize/Expand dovecot.conf - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize/Expand dovecot.conf

    + +

    Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here.

    +

    Restart dovecot-mailcow to apply your changes:

    +
    +
    +
    +
    docker compose restart dovecot-mailcow
    +
    +
    +
    +
    docker-compose restart dovecot-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-fts/index.html new file mode 100644 index 000000000..d0a080d3f --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -0,0 +1,2671 @@ + + + + + + + + + + + + + + + + + + FTS (Solr) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    FTS (Solr)

    + +

    FTS Solr

    +

    Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot.

    +

    Please be aware that applications like Solr may need maintenance from time to time.

    +

    Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM.

    +

    The default heap size (1024 M) is defined in mailcow.conf.

    +

    Since we run in Docker and create our containers with the "restart: always" flag, a oom situation will at least only trigger a restart of the container.

    + +
    +
    +
    +
    # single user
    +docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# all users
    +docker compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    # single user
    +docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
    +# all users
    +docker-compose exec dovecot-mailcow doveadm fts rescan -A
    +
    +
    +
    +
    +

    Dovecot Wiki: "Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any)."

    +

    This does not re-index a mailbox. It basically repairs a given index.

    +

    If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit:

    +
    +
    +
    +
    # single user
    +docker compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# all users, but obviously slower and more dangerous
    +docker compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    # single user
    +docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
    +# all users, but obviously slower and more dangerous
    +docker-compose exec dovecot-mailcow doveadm index -A '*'
    +
    +
    +
    +
    +

    This will take some time depending on your machine and Solr can run oom, monitor it!

    +

    Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.

    +

    Delete mailbox data

    +

    mailcow will purge index data of a user when deleting a mailbox.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html new file mode 100644 index 000000000..02a193055 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -0,0 +1,2685 @@ + + + + + + + + + + + + + + + + + + IMAP IDLE interval - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Changing the IMAP IDLE interval

    +

    What is the IDLE interval?

    +

    Per default, Dovecot sends a "I'm still here" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval, which defaults to 2 minutes.

    +

    A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain.

    +

    Edit the value

    +

    Change configuration

    +

    Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). +Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type:

    +
    imap_idle_notify_interval = 5 mins
    +
    +

    29 minutes is the maximum value allowed by the corresponding RFC.

    +
    +

    Warning

    +

    This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior.

    +
    +

    Reload Dovecot

    +

    Now reload Dovecot:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot reload
    +
    +
    +
    +
    +
    +

    Info

    +

    You can check the value of this setting with

    +
    +
    +
    +
    docker compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
    +
    +
    +
    +
    +

    If you didn't change it, it should be at 2m. If you did change it, you should see your new value.

    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html new file mode 100644 index 000000000..8731a1cb2 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -0,0 +1,2575 @@ + + + + + + + + + + + + + + + + + + Mail crypt - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mail crypt

    + +
    +

    Warning

    +

    Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

    +
    +

    If you want to decode/encode existing maildir files, you can use the following script at your own risk:

    +

    Enter Dovecot by running the following command in the mailcow-dockerized location:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow /bin/bash
    +
    +
    +
    +
    +
    # Decrypt /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
    +doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" > "/tmp/$(basename "$file")"
    +  if [[ -s "/tmp/$(basename "$file")" ]]; then
    +    chmod 600 "/tmp/$(basename "$file")"
    +    chown 5000:5000 "/tmp/$(basename "$file")"
    +    mv "/tmp/$(basename "$file")" "$file"
    +  else
    +    rm "/tmp/$(basename "$file")"
    +  fi
    +fi
    +done
    +
    +# Encrypt /var/vmail
    +find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then
    +doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
    +  "$file" "$file"
    +  chmod 600 "$file"
    +  chown 5000:5000 "$file"
    +fi
    +done
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-more/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-more/index.html new file mode 100644 index 000000000..8804bbd60 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -0,0 +1,2629 @@ + + + + + + + + + + + + + + + + + + More Examples with DOVEADM - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    More Examples with DOVEADM

    + +

    Here is just an unsorted list of useful doveadm commands that could be useful.

    +

    doveadm quota

    +

    The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

    +

    To list the current quota status for a user / mailbox, do:

    +
    doveadm quota get -u 'mailbox@example.org'
    +
    +

    To list the quota storage value for all users, do:

    +
    doveadm quota get -A |grep "STORAGE"
    +
    +

    Recalculate a single user's quota usage:

    +
    doveadm quota recalc -u 'mailbox@example.org'
    +
    + +

    The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

    +

    To view the number of messages, by user, in their .Trash folder:

    +
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
    +
    +

    Show all messages in a user's inbox older then 90 days:

    +
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
    +
    +

    Show all messages in any folder that are older then 30 days for mailbox@example.org:

    +
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
    +
    + + +
    +
    + + + Last update: + 2022-02-02 11:37:12 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html new file mode 100644 index 000000000..7cae7c361 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -0,0 +1,2618 @@ + + + + + + + + + + + + + + + + + + Public folders - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Public folders

    + +

    Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

    +

    Edit or create data/conf/dovecot/extra.conf, add:

    +
    namespace {
    +  type = public
    +  separator = /
    +  prefix = Public/
    +  location = maildir:/var/vmail/public:INDEXPVT=~/public
    +  subscriptions = yes
    +  mailbox "Develcow" {
    +    auto = subscribe
    +  }
    +}
    +
    +

    :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

    +

    The new mailbox in the public namespace will be auto-subscribed by users.

    +

    To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

    +
    +
    +
    +
    docker compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
    +
    +
    +
    +
    +

    Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

    +

    Allow authenticated users access to the whole public namespace

    +

    To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

    +

    Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

    +
    authenticated kxeilprwts
    +
    +

    kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

    +

    You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

    +

    See Dovecot ACL for further information about ACL.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-static_master/index.html new file mode 100644 index 000000000..136c644ad --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Static master user - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Static master user

    + +

    Random master usernames and passwords are automatically created on every restart of dovecot-mailcow.

    +

    That's recommended and should not be changed.

    +

    If you need the user to be static anyway, please specify two variables in mailcow.conf.

    +

    Both parameters must not be empty!

    +
    DOVECOT_MASTER_USER=mymasteruser
    +DOVECOT_MASTER_PASS=mysecretpass
    +
    +

    Run the command below to apply your changes:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

    +

    To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

    +

    A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described here +No master user is required.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/2.5/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html new file mode 100644 index 000000000..f2a4ed1b8 --- /dev/null +++ b/2.5/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + Move Maildir (vmail) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Move Maildir (vmail)

    + +

    The "new" way

    +
    +

    Warning

    +

    Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

    +
    +

    An easy, dirty, yet stable workaround is to stop mailcow, remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

    +
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
    +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
    +
    +

    Start mailcow afterwards.

    +
    +

    The "old" way

    +

    If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

    +
    version: '2.1'
    +volumes:
    +  vmail-vol-1:
    +    driver_opts:
    +      type: none
    +      device: /data/mailcow/vmail   
    +      o: bind
    +
    +

    Moving an existing vmail folder:

    +
      +
    • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
    • +
    +
    [
    +    {
    +        "CreatedAt": "2019-06-16T22:08:34+02:00",
    +        "Driver": "local",
    +        "Labels": {
    +            "com.docker.compose.project": "mailcowdockerized",
    +            "com.docker.compose.version": "1.23.2",
    +            "com.docker.compose.volume": "vmail-vol-1"
    +        },
    +        "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data",
    +        "Name": "mailcowdockerized_vmail-vol-1",
    +        "Options": null,
    +        "Scope": "local"
    +    }
    +]
    +
    +
      +
    • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
    • +
    • Stop mailcow by executing docker compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
    • +
    • Create the file docker-compose.override.yml, edit the device path accordingly
    • +
    • Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1
    • +
    • Start mailcow by executing docker compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
    • +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Nginx/u_e-nginx_custom/index.html b/2.5/manual-guides/Nginx/u_e-nginx_custom/index.html new file mode 100644 index 000000000..56a8c2203 --- /dev/null +++ b/2.5/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -0,0 +1,2727 @@ + + + + + + + + + + + + + + + + + + Custom sites - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Custom sites

    + +

    SSL

    +

    Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration.

    +

    Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root.

    +

    New site

    +

    To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

    +

    A good template to begin with:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  # Location: data/web
    +  root /web;
    +  # Location: data/web/mysite.com
    +  #root /web/mysite.com
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name mysite.example.org;
    +  server_tokens off;
    +
    +  # This allows acme to be validated even with a different web root
    +  location ^~ /.well-known/acme-challenge/ {
    +    default_type "text/plain";
    +    rewrite /.well-known/acme-challenge/(.*) /$1 break;
    +    root /web/.well-known/acme-challenge/;
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$server_name$request_uri;
    +  }
    +}
    +
    +

    New site with proxy to a remote location

    +

    Another example with a reverse proxy configuration:

    +
    nano data/conf/nginx/my_custom_site.conf
    +
    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  ssl_protocols TLSv1.2 TLSv1.3;
    +  ssl_prefer_server_ciphers on;
    +  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    +  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_timeout 1d;
    +  ssl_session_tickets off;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name example.domain.tld;
    +  server_tokens off;
    +
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  if ($scheme = http) {
    +    return 301 https://$host$request_uri;
    +  }
    +
    +  location / {
    +    proxy_pass http://service:3000/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  }
    +}
    +
    +

    Config expansion in mailcows Nginx

    +

    The filename used for a new site is not important, as long as the filename carries a .conf extension.

    +

    It is also possible to extend the configuration of the default file site.conf file:

    +
    nano data/conf/nginx/site.my_content.custom
    +
    +

    This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

    +

    If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

    +

    Restart Nginx (and PHP-FPM, if a new listener was created):

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +docker compose restart php-fpm-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +docker-compose restart php-fpm-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/2.5/manual-guides/Nginx/u_e-nginx_webmail-site/index.html new file mode 100644 index 000000000..71391c37f --- /dev/null +++ b/2.5/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -0,0 +1,2586 @@ + + + + + + + + + + + + + + + + + + Create subdomain webmail.example.org - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Create subdomain webmail.example.org

    + +

    IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

    +

    To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

    +

    nano data/conf/nginx/webmail.conf

    +
    server {
    +  ssl_certificate /etc/ssl/mail/cert.pem;
    +  ssl_certificate_key /etc/ssl/mail/key.pem;
    +  index index.php index.html;
    +  client_max_body_size 0;
    +  root /web;
    +  include /etc/nginx/conf.d/listen_plain.active;
    +  include /etc/nginx/conf.d/listen_ssl.active;
    +  server_name webmail.example.org;
    +  server_tokens off;
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +
    +  location / {
    +    return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
    +  }
    +}
    +
    +

    Save and restart Nginx:

    +
    +
    +
    +
    docker compose restart nginx-mailcow
    +
    +
    +
    +
    docker-compose restart nginx-mailcow
    +
    +
    +
    +
    +

    Now open mailcow.conf and find ADDITIONAL_SAN. +Add webmail.example.org to this array, don't use quotes!

    +
    ADDITIONAL_SAN=webmail.example.org
    +
    +

    Run the command to apply the changes:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    See "acme-mailcow" and "nginx-mailcow" logs if anything fails.

    + +
    +
    + + + Last update: + 2022-12-15 15:38:44 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/2.5/manual-guides/Postfix/u_e-postfix-attachment_size/index.html new file mode 100644 index 000000000..987a7c101 --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Max. message size (attachment size) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Max. message size (attachment size)

    + +

    Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

    +

    Restart Postfix:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/2.5/manual-guides/Postfix/u_e-postfix-custom_transport/index.html new file mode 100644 index 000000000..a7ba93c3a --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-custom_transport/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Custom transport maps - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Custom transport maps

    + +

    For transport maps other than those to be configured in mailcow UI, please use data/conf/postfix/custom_transport.pcre to prevent existing maps or settings from being overwritten by updates.

    +

    In most cases using this file is not necessary. Please make sure mailcow UI is not able to route your desired traffic properly before using that file.

    +

    The file needs valid PCRE content and can break Postfix, if configured incorrectly.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/2.5/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html new file mode 100644 index 000000000..2ec6282b9 --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + Disable Sender Addresses Verification - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Disable Sender Addresses Verification

    + +

    New guide

    +

    Edit a mailbox and select "Allow to send as *".

    +

    For historical reasons we kept the old and deprecated guide below:

    +

    Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

    +

    This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

    +

    Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. +

    user-to-allow-everything@example.com OK
    +

    +

    Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: +

    smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
    +

    +

    Run postmap on check_sasl_access:

    +
    +
    +
    +
    docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
    +
    +
    +
    +
    +

    Restart the Postfix container.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/2.5/manual-guides/Postfix/u_e-postfix-extra_cf/index.html new file mode 100644 index 000000000..a278cfb55 --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -0,0 +1,2548 @@ + + + + + + + + + + + + + + + + + + Customize/Expand main.cf - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Customize/Expand main.cf

    + +

    Please create a new file data/conf/postfix/extra.cf for overrides or additional content to main.cf.

    +

    Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

    +

    Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

    +

    Restart postfix-mailcow to apply your changes:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/2.5/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html new file mode 100644 index 000000000..37a8d2540 --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Statistics with pflogsumm - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Statistics with pflogsumm

    + +

    To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

    +
    docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
    +
    +

    The above log output is limited to the last 24 hours.

    +

    It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

    +
    SHELL=/bin/bash
    +59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
    +
    +

    To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

    +

    More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

    +

    Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

    + +
    +
    + + + Last update: + 2022-06-13 08:06:24 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/2.5/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html new file mode 100644 index 000000000..a91d20dbf --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Whitelist IP in Postscreen - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Whitelist IP in Postscreen

    + +

    IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr.

    +

    Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups.

    +

    The format of the file is as follows:

    +

    CIDR ACTION

    +

    Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

    +

    Example:

    +
    # Rules are evaluated in the order as specified.
    +# Blacklist 192.168.* except 192.168.0.1.
    +192.168.0.1          permit
    +192.168.0.0/16       reject
    +
    +

    The file is reloaded on the fly, postfix restart is not required.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/2.5/manual-guides/Postfix/u_e-postfix-relayhost/index.html new file mode 100644 index 000000000..979a9cde9 --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-relayhost/index.html @@ -0,0 +1,2643 @@ + + + + + + + + + + + + + + + + + + Relayhosts - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Relayhosts

    + +

    As of September 12, 2018 you can setup relayhosts as admin by using the mailcow UI.

    +

    This is useful if you want to relay outgoing emails for a specific domain to a third-party spam filter or a service like Mailgun or Sendgrid. This is also known as a smarthost.

    +

    Add a new relayhost

    +

    Go to the Routing tab of the Configuration and Details section of the admin UI. +Here you will see a list of relayhosts currently setup.

    +

    Scroll to the Add sender-dependent transport section.

    +

    Under Host, add the host you want to relay to.
    +Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org

    +

    If the relay host requires a username and password to authenticate, enter them in the respective fields.
    +Keep in mind the credentials will be stored in plain text.

    +

    Test a relayhost

    +

    To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test.

    +

    You will then see the results of the SMTP transmission. If all went well, you should see +SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines.

    +

    If not, review the error provided and resolve it.

    +

    Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system.

    +

    Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc
    This way you can check that the relay worked by checking the destination mailbox.

    +

    Set the relayhost for a domain

    +

    Go to the Domains tab of the Mail setup section of the admin UI.

    +

    Edit the desired domain.

    +

    Select the newly added host on the Sender-dependent transports dropdown and save changes.

    +

    Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.

    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/2.5/manual-guides/Postfix/u_e-postfix-trust_networks/index.html new file mode 100644 index 000000000..6285a22bc --- /dev/null +++ b/2.5/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -0,0 +1,2646 @@ + + + + + + + + + + + + + + + + + + Add trusted networks - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Add trusted networks

    + +

    By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.

    +

    By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured.

    +

    If you decide to set mynetworks, Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!

    +

    Unauthenticated relaying

    +
    +

    Warning

    +

    Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.

    +
    +

    IPv4 hosts/subnets

    +

    To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

    +

    Edit data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
    +
    +

    Run docker compose restart postfix-mailcow to apply your new settings.

    +

    IPv6 hosts/subnets

    +

    Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

    +

    To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

    +

    Edit data/conf/postfix/extra.cf:

    +
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
    +
    +

    Run docker compose restart postfix-mailcow to apply your new settings.

    +
    +

    Info

    +

    More information about mynetworks can be found in the Postfix documentation.

    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Redis/u_e-redis/index.html b/2.5/manual-guides/Redis/u_e-redis/index.html new file mode 100644 index 000000000..1e89f1010 --- /dev/null +++ b/2.5/manual-guides/Redis/u_e-redis/index.html @@ -0,0 +1,2710 @@ + + + + + + + + + + + + + + + + + + Redis - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Redis

    + +

    Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

    +

    Client

    +

    To connect to the redis cli execute:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Debugging

    +

    Here are some useful commands for the redis-cli for debugging:

    +
    MONITOR
    +

    Listens for all requests received by the server in real time:

    +
    +
    +
    +
    #docker compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    #docker-compose exec redis-mailcow redis-cli
    +127.0.0.1:6379> monitor
    +OK
    +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
    +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
    +[...]
    +
    +
    +
    +
    +
    KEYS
    +

    Get all keys matching your pattern:

    +
    KEYS *
    +
    +
    PING
    +

    Test a connection:

    +
    127.0.0.1:6379> PING
    +PONG
    +
    +

    If you want to know more, here is a cheat sheet.

    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Rspamd/u_e-rspamd/index.html b/2.5/manual-guides/Rspamd/u_e-rspamd/index.html new file mode 100644 index 000000000..f06737912 --- /dev/null +++ b/2.5/manual-guides/Rspamd/u_e-rspamd/index.html @@ -0,0 +1,3037 @@ + + + + + + + + + + + + + + + + + + Rspamd - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Rspamd

    + +

    Rspamd is used for AV handling, DKIM signing and SPAM handling. It's a powerful and fast filter system. For a more in-depth documentation on Rspamd please visit its own documentation.

    +

    Learn Spam & Ham

    +

    Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. +This is achieved by using the Sieve plugin "sieve_imapsieve" and parser scripts.

    +

    Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning). We configured the plugin to keep a sane ratio between spam and ham learns.

    +

    The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM.

    +

    Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam.

    +

    You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.

    +

    Learn Spam or Ham from existing directory

    +

    You can use a one-liner to learn mail in plain-text (uncompressed) format:

    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    # Ham
    +for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    +# Spam
    +for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    +
    +
    +
    +
    +

    Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example:

    +
    for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
    +
    +

    Reset learned data (Bayes, Neural)

    +

    You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now:

    +

    Backup database

    +
    # It is better to stop Redis before you copy the file.
    +cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
    +
    +

    Reset Bayes data

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Reset Neural data

    +
    +
    +
    +
    docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    +
    +
    +
    +
    +

    Reset Fuzzy data

    +
    +
    +
    +
    # We need to enter the redis-cli first:
    +docker compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    # We need to enter the redis-cli first:
    +docker-compose exec redis-mailcow redis-cli
    +# In redis-cli:
    +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    +
    +
    +
    +
    +

    Info

    +

    If redis-cli complains about...

    +
    (error) ERR wrong number of arguments for 'del' command
    +
    +

    ...the key pattern was not found and thus no data is available to delete - it is fine.

    +

    CLI tools

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamc --help
    +docker compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamc --help
    +docker-compose exec rspamd-mailcow rspamadm --help
    +
    +
    +
    +
    +

    Disable Greylisting

    +

    Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting.

    +

    You can disable greylisting server-wide by editing:

    +

    {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

    +

    Add the line:

    +
    enabled = false;
    +
    +

    Save the file and restart "rspamd-mailcow":

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Spam filter thresholds (global)

    +

    Each user is able to change their spam rating individually. To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf:

    +
    reject = 15;
    +add_header = 8;
    +greylist = 7;
    +
    +

    Save the file and restart "rspamd-mailcow":

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Existing settings of users will not be overwritten!

    +

    To reset custom defined thresholds, run:

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    +# or:
    +# docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    +
    +

    Custom reject messages

    +

    The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content:

    +
    reject_message = "My custom reject message";
    +
    +

    Save the file and restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted:

    +
      +
    1. +

      Find prefilet reject symbol for which you want change message, to do it run: grep -R "SYMBOL_YOU_WANT_TO_ADJUST" /opt/mailcow-dockerized/data/conf/rspamd/

      +
    2. +
    3. +

      Add your custom message as new line:

      +
    4. +
    +
    GLOBAL_RCPT_BL {
    +  type = "rcpt";
    +  map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
    +  regexp = true;
    +  prefilter = true;
    +  action = "reject";
    +  message = "Sending mail to this recipient is prohibited by postmaster@your.domain";
    +}
    +
    +
      +
    1. Save the file and restart Rspamd:
    2. +
    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Discard instead of reject

    +

    If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content:

    +
    discard_on_reject = true;
    +
    +

    Restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Wipe all ratelimit keys

    +

    If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task:

    +
    +
    +
    +
    docker compose exec redis-mailcow sh
    +# Unlink (available in Redis >=4.) will delete in the backgronud
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    docker-compose exec redis-mailcow sh
    +# Unlink (available in Redis >=4.) will delete in the backgronud
    +redis-cli --scan --pattern RL* | xargs redis-cli unlink
    +
    +
    +
    +
    +

    Restart Rspamd:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    +

    Trigger a resend of quarantine notifications

    +

    Should be used for debugging only!

    +
    +
    +
    +
    docker compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    docker-compose exec dovecot-mailcow bash
    +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +redis-cli -h redis DEL Q_LAST_NOTIFIED
    +quarantine_notify.py
    +
    +
    +
    +
    +

    Increase history retention

    +

    By default Rspamd keeps 1000 elements in the history.

    +

    The history is stored compressed.

    +

    It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it:

    +

    Edit data/conf/rspamd/local.d/history_redis.conf:

    +
    nrows = 1000; # change this value
    +
    +

    Restart Rspamd afterwards:

    +
    +
    +
    +
    docker compose restart rspamd-mailcow
    +
    +
    +
    +
    docker-compose restart rspamd-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-15 15:31:09 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/SOGo/u_e-sogo/index.html b/2.5/manual-guides/SOGo/u_e-sogo/index.html new file mode 100644 index 000000000..7cc400501 --- /dev/null +++ b/2.5/manual-guides/SOGo/u_e-sogo/index.html @@ -0,0 +1,2754 @@ + + + + + + + + + + + + + + + + + + SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    + +
    + + + +
    +
    + + + + + + + + + +

    SOGo

    + +

    SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its own documentation.

    +

    Apply custom SOGo theme

    +

    mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js. +Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works.

    +

    You can use the provided custom-theme.js as an example starting point by removing the comments. +After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to

    +
      +
    1. edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES;
    2. +
    3. restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.
    4. +
    5. open SOGo in browser
    6. +
    7. open browser developer console, usually shortcut is F12
    8. +
    9. only if you use Firefox: write by hands in dev console allow pasting and press enter
    10. +
    11. paste java script snipet in dev console: +
      copy([].slice.call(document.styleSheets)
      +  .map(e => e.ownerNode)
      +  .filter(e => e.hasAttribute('md-theme-style'))
      +  .map(e => e.textContent)
      +  .join('\n')
      +)
      +
    12. +
    13. open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
    14. +
    15. copy CSS file to mailcow server data/conf/sogo/custom-theme.css
    16. +
    17. edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
    18. +
    19. append/create docker-compose.override.yml with: +
      version: '2.1'
      +
      +services:
      +  sogo-mailcow:
      +    volumes:
      +      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    20. +
    21. run docker compose up -d
    22. +
    23. run docker compose restart memcached-mailcow
    24. +
    +

    Reset to SOGo default theme

    +
      +
    1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
    2. +
    3. find in data/conf/sogo/custom-theme.js: +
      // Apply new palettes to the default theme, remap some of the hues
      +    $mdThemingProvider.theme('default')
      +      .primaryPalette('green-cow', {
      +        'default': '400',  // background color of top toolbars
      +        'hue-1': '400',
      +        'hue-2': '600',    // background color of sidebar toolbar
      +        'hue-3': 'A700'
      +      })
      +      .accentPalette('green', {
      +        'default': '600',  // background color of fab buttons and login screen
      +        'hue-1': '300',    // background color of center list toolbar
      +        'hue-2': '300',    // highlight color for selected mail and current day calendar
      +        'hue-3': 'A700'
      +      })
      +      .backgroundPalette('frost-grey');
      +
      +and replace it with: +
          $mdThemingProvider.theme('default');
      +
    4. +
    5. remove from docker-compose.override.yml volume mount in sogo-mailcow: +
      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      +
    6. +
    7. run docker compose up -d
    8. +
    9. run docker compose restart memcached-mailcow
    10. +
    +

    Change favicon

    +

    mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. +Note: You can use .png favicons for SOGo by renaming them to custom-favicon.ico. +For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. +After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.

    + +

    mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg. +After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow.

    +

    Connect domains

    +

    Domains are usually isolated from eachother.

    +

    You can change that by modifying data/conf/sogo/sogo.conf:

    +

    Search... +

       // SOGoDomainsVisibility = (
    +    //  (domain1.tld, domain5.tld),
    +    //  (domain3.tld, domain2.tld)
    +    // );
    +
    +...and replace it by - for example:

    +
        SOGoDomainsVisibility = (
    +      (example.org, example.com, example.net)
    +    );
    +
    +

    Restart SOGo: docker compose restart sogo-mailcow

    +

    Disable password changing

    +

    Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

    +

    Run docker compose restart memcached-mailcow sogo-mailcow to activate the changes.

    +

    Reset TOTP / Disable TOTP

    +

    Run docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{"SOGoTOTPEnabled":0}' from within the mailcow directory.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Unbound/u_e-unbound-fwd/index.html b/2.5/manual-guides/Unbound/u_e-unbound-fwd/index.html new file mode 100644 index 000000000..e74ffd9bf --- /dev/null +++ b/2.5/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -0,0 +1,2641 @@ + + + + + + + + + + + + + + + + + + Using an external DNS service - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Using an external DNS service

    + +

    If you want or have to use an external DNS service, you can either set a forwarder in Unbound or copy an override file to define external DNS servers:

    +
    +

    Warning

    +

    Please do not use a public resolver like we did in the example above. Many - if not all - blacklist lookups will fail with public resolvers, because blacklist server has limits on how much requests can be done from one IP and public resolvers usually reach this limits.
    +Important: Only DNSSEC validating DNS services will work.

    +
    +

    Method A, Unbound

    +

    Edit data/conf/unbound/unbound.conf and append the following parameters:

    +
    forward-zone:
    +  name: "."
    +  forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
    +  forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
    +
    +

    Restart Unbound:

    +
    +
    +
    +
      docker compose restart unbound-mailcow
    +
    +
    +
    +
      docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    Method B, Override file

    +
    cd /opt/mailcow-dockerized
    +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
    +
    +

    Edit docker-compose.override.yml and adjust the IP.

    +

    Afterwards stop and start the Docker Stack again:

    +
    +
    +
    +
      docker compose down
    +  docker compose up -d
    +
    +
    +
    +
      docker-compose down
    +  docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-12-31 11:42:41 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/2.5/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html new file mode 100644 index 000000000..de4c8a299 --- /dev/null +++ b/2.5/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -0,0 +1,2889 @@ + + + + + + + + + + + + + + + + + + Thresholds - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Thresholds

    + +

    Watchdog uses default values for all thresholds defined in docker-compose.yml.

    +

    The default values will work for most setups. +Example: +

    - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
    +- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
    +- REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
    +- MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
    +- MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
    +- SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
    +- POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
    +- CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
    +- DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
    +- DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
    +- PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
    +- RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
    +- FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
    +- ACME_THRESHOLD=${ACME_THRESHOLD:-1}
    +- RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
    +- OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
    +- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
    +- MAILQ_CRIT=${MAILQ_CRIT:-30}
    +

    +

    To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker compose up -d.

    +

    Thresholds descriptions

    +

    NGINX_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    UNBOUND_THRESHOLD

    +

    Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    REDIS_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MYSQL_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MYSQL_REPLICATION_THRESHOLD

    +

    Notifies administrators if the MySQL replication fails.

    +

    SOGO_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    POSTFIX_THRESHOLD

    +

    Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    CLAMD_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    DOVECOT_THRESHOLD

    +

    Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    DOVECOT_REPL_THRESHOLD

    +

    Notifies administrators if the Dovecot replication fails.

    +

    PHPFPM_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    RATELIMIT_THRESHOLD

    +

    Notifies administrators if a ratelimit got hit.

    +

    FAIL2BAN_THRESHOLD

    +

    Notifies administrators if a fail2ban banned an IP.

    +

    ACME_THRESHOLD

    +

    Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs.

    +

    RSPAMD_THRESHOLD

    +

    Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    OLEFY_THRESHOLD

    +

    Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached.

    +

    MAILQ_CRIT and MAILQ_THRESHOLD

    +

    Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60±30) seconds.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html new file mode 100644 index 000000000..e10562608 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Blacklist / Whitelist - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Blacklist / Whitelist

    + +

    To add or edit an entry to your domain-wide filter table, log in to your mailcow UI as (domain) administrator and go to: +Configuration > Email Setup > Domains > Edit Domain > Spam Filter.

    +

    Black- and Whitelist Configuration

    +
    +

    Info

    +

    Be aware that a user can override this setting by setting their own blacklist and whitelist!

    +
    +

    There is also a global filter table in Configuration > Configuration & Details > Global filter maps to configure a server wide filter for multiple regex maps (todo: screenshots).

    + +
    +
    + + + Last update: + 2022-02-01 11:34:55 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html new file mode 100644 index 000000000..4c946fcd0 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html @@ -0,0 +1,2556 @@ + + + + + + + + + + + + + + + + + + Configuration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Configuration

    + +

    Several configuration parameters of the mailcow UI can be changed by creating a file data/web/inc/vars.local.inc.php which overrides defaults settings found in data/web/inc/vars.inc.php.

    +

    The local configuration file is persistent over updates of mailcow. Try not to change values inside data/web/inc/vars.inc.php, but use them as template for the local override.

    +

    mailcow UI configuration parameters can be used to...

    +
      +
    • ...change the default language1
    • +
    • ...change the default bootstrap theme
    • +
    • ...set a password complexity regex
    • +
    • ...enable DKIM private key visibility
    • +
    • ...set a pagination trigger size
    • +
    • ...set default mailbox attributes
    • +
    • ...change session lifetimes
    • +
    • ...create fixed app menus (which cannot be changed in mailcow UI)
    • +
    • ...set a default "To" field for relayhost tests
    • +
    • ...set a timeout for Docker API requests
    • +
    • ...toggle IP anonymization
    • +
    +
    +
    +
      +
    1. +

      To change SOGos default language, you will need to edit data/conf/sogo/sogo.conf and replace "English" by your preferred language. 

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html new file mode 100644 index 000000000..2b14eef78 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html @@ -0,0 +1,2534 @@ + + + + + + + + + + + + + + + + + + CSS overrides - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CSS overrides

    + +

    For custom overrides of specific elements via CSS, use data/web/css/build/0081-custom-mailcow.css.

    +

    The file is excluded from tracking and persists over updates.

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html new file mode 100644 index 000000000..b7ab6c036 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html @@ -0,0 +1,2619 @@ + + + + + + + + + + + + + + + + + + WebAuthn / FIDO2 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    WebAuthn / FIDO2

    + +

    How is UV handled in mailcow?

    +

    The UV flag (as in "user verification") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).

    +

    Login and key processing

    +

    mailcow uses client-side key processing. We ask the authenticator (i.e. YubiKey) to save the registration in its memory.

    +

    A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the "key login" via mailcow UI login.

    +

    When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.

    +

    Who can use WebAuthn to login to mailcow?

    +

    As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2.

    +
    +

    You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html new file mode 100644 index 000000000..001ae008d --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/index.html @@ -0,0 +1,2616 @@ + + + + + + + + + + + + + + + + + + Netfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Netfilter

    + +

    Change Netfilter Ban Settings

    +

    To change the Netfilter settings in general please navigate to: Configuration -> Configuration & Details -> Configuration -> Fail2ban parameters.

    +

    You should now see a familar interface:

    +

    Netfilter ban settings

    +

    Here you can set several options regarding the bans itself. +For example the max. Ban time or the max. attempts before a ban is executed.

    +

    Change Netfilter Regex

    +
    +

    Danger

    +

    The following area requires at least basic regex knowledge.
    +If you are not sure what you are doing there, we can only advise you not to attempt a reconfiguration.

    +
    +

    In addition to the ban settings, you can also define what exactly should be used from the mailcow container logs to ban a possible attacker.

    +

    To do this, you must first expand the regex field, which will look something like this:

    +

    Netfilter Regex

    +

    There you can now create various new filter rules.

    +
    +

    Info

    +

    As updates progress, it is possible that new Netfilter regex rules will be added or removed.
    +If this is the case, it is recommended to reset the Netfilter regex rules by clicking on Reset to default.

    +
    + +
    +
    + + + Last update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html new file mode 100644 index 000000000..abaf9c2c1 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Pushover - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Pushover

    + +
    +

    Info

    +

    Pushover makes it easy to get real-time notifications on your Android, iPhone, iPad, and Desktop

    +
    +

    You can use Pushover to get a push notification on every mail you receive for each mailbox where you enabled this feature.

    +

    1. As admin open your mailbox' settings and scroll down to the Pushover settings

    +

    2. Register yourself on Pushover

    +

    3. Put your 'User Key' in the 'User/Group Key' field in your mailbox settings

    +

    4. Create an Applications to get the API Token/Key which you also need to put in your mailbox settings

    +

    5. Optional you can edit the notification title/text and define certain sender email addresses where a push notification is triggered

    +

    6. Save everything and then you can verify your credentials

    +

    If everything is done you can test sending a mail and you will receive a push message on your phone

    + +
    +
    + + + Last update: + 2022-01-31 11:08:49 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html new file mode 100644 index 000000000..b04e65103 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Temporary email aliases - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Temporary email aliases

    + +

    These temporary email aliases are mostly used for places where we need to provide an email address but don't want future correspondence with. They are also called spam alias.

    +

    To create, delete or extend a temporary email aliases you need to login to mailcow's UI as a mailbox user and navigate to the tab Temporary email aliases:

    +

    How to set spam- or temporary email aliases in mailcow

    + +
    +
    + + + Last update: + 2022-02-01 11:25:58 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html new file mode 100644 index 000000000..6c5d0839e --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html @@ -0,0 +1,2539 @@ + + + + + + + + + + + + + + + + + + Spamfilter - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Spamfilter

    + +

    A mailbox user may adjust the spam filter and black- / whitelist settings for his mailbox individually by navigating to the Spam filter tab in the users mailcow UI.

    +

    Where to adjust the users spam, black- and whitelist settings

    +
    +

    Info

    +

    For global adjustments on your spam filter please check our section on Rspamd. +For a domain wide black- and whitelist please check our guide on Black / Whitelist

    +
    + +
    +
    + + + Last update: + 2022-02-02 10:57:04 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html new file mode 100644 index 000000000..bcb0276a6 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/index.html @@ -0,0 +1,2602 @@ + + + + + + + + + + + + + + + + + + Sub-addressing - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sub-addressing

    + +

    Mailbox users can tag their mail address like in me+facebook@example.org. They can control the tag handling in the users mailcow UI panel under Mailbox > Settings. +mailcow mail tagging settings

    +

    sub-addressing (RFC 5233) or plus addressing also known as tagging (do not mix with Tags)

    +

    Available Actions

    +

    1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

    +

    2. Prepend the tag to the subject: "[facebook] Subject"

    +

    Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: +

    diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
    +index e047136e..933c4137 100644
    +--- a/data/conf/dovecot/global_sieve_after
    ++++ b/data/conf/dovecot/global_sieve_after
    +@@ -15,7 +15,7 @@ if allof (
    +   envelope :detail :matches "to" "*",
    +   header :contains "X-Moo-Tag" "YES"
    +   ) {
    +-  set :lower :upperfirst "tag" "${1}";
    ++  set "tag" "${1}";
    +   if mailboxexists "INBOX/${1}" {
    +     fileinto "INBOX/${1}";
    +   } else {
    +

    + +
    +
    + + + Last update: + 2022-05-05 21:53:01 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html new file mode 100644 index 000000000..4a265873a --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/index.html @@ -0,0 +1,2642 @@ + + + + + + + + + + + + + + + + + + Tags (for Domains and Mailboxes) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Tags (for Domains and Mailboxes)

    + +
    +

    Info

    +

    You need the mailcow Version 2022-05 at least for this feature.
    +If you don´t have the Version installed please consider a update.
    +For more informations about a mailcow update please take a look at the Update section here in the docs.

    +
    +

    What are Tags designed for?

    +

    With the Tags you can easily sort your Domains and Mailboxes by the tags instead of their name.

    +

    Where are the Tags located?

    +

    The Tags are located in the Domain/Mailbox section of the mailcow UI. +To view them simply click on the small plus symbol on the left of your Domain/Mailbox (following picture is showing the domain ribbon menu): +Domain/Mailbox Tags Ribbon

    +

    How can i add/remove a Tag?

    +

    You can simply add/remove a Tag during the creation of a new Domain/Mailbox. You also can add/remove them if you edit your desired Domain/Mailbox.

    +

    It looks similar to this (following picture showing the domain edit section):

    +

    Domain/Mailbox Tags

    +

    How can i search for a tag?

    +

    Simply type the Tag Name in the search bar in the Domain/Mailbox Section and wait for it to complete.

    +

    You can even specify if you want to search for tags only.

    + +
    +
    + + + Last update: + 2022-05-05 21:41:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html new file mode 100644 index 000000000..ffe5de808 --- /dev/null +++ b/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html @@ -0,0 +1,2817 @@ + + + + + + + + + + + + + + + + + + Two-Factor Authentication - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Two-Factor Authentication

    + +

    So far three methods for Two-Factor Authentication are implemented: WebAuthn (replacing U2F since February 2022), Yubi OTP, and TOTP

    +
      +
    • For WebAuthn to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
    • +
    • Both WebAuthn and Yubi OTP work well with the fantastic Yubikey.
    • +
    • While Yubi OTP needs an active internet connection and an API ID + key, WebAuthn will work with any Fido Security Key out of the box, but can only be used when mailcow is accessed over HTTPS.
    • +
    • WebAuthn and Yubi OTP support multiple keys per user.
    • +
    • As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.
    • +
    +

    As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.

    +

    The key used to login will be displayed in green, while other keys remain grey.

    +

    Information on how to remove 2FA can be found here.

    +

    Yubi OTP

    +

    The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. +The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.

    +

    Example setup

    +

    First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here

    +

    In the following you configure the YubiKey for OTP. +Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next.

    +

    Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. +So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish.

    +

    Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment.

    +

    After the generation was successful, you will be shown a Client ID and a Secret key, make a note of this information in a safe place.

    +

    Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication. +In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. +Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button.

    +

    Congratulations! You can now log in to the mailcow UI using your YubiKey!

    +
    +

    WebAuthn (U2F, replacement)

    +
    +

    Warning

    +

    Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn.
    +The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh

    +
    +

    To use WebAuthn, the browser must support this standard.

    +

    The following desktop browsers support this authentication type:

    +
      +
    • Edge (>=18)
    • +
    • Firefox (>=60)
    • +
    • Chrome (>=67)
    • +
    • Safari (>=13)
    • +
    • Opera (>=54)
    • +
    +

    The following mobile browsers support this authentication type:

    +
      +
    • Safari on iOS (>=14.5)
    • +
    • Android Browser (>=97)
    • +
    • Opera Mobile (>=64)
    • +
    • Chrome for Android (>=97)
    • +
    +

    Sources: caniuse.com, blog.mozilla.org

    +

    WebAuthn works without an internet connection.

    +

    What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn?

    +
    +

    Warning

    +

    With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol.

    +
    +

    Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator.

    +

    But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore.

    +

    Disable unofficial supported Fido Security Keys

    +

    With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.).

    +

    This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment.

    +

    To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker compose up -d.

    +

    The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates.

    +
    Example:
    +

    If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates. +After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices.

    +

    That´s for every vendor the same, so choose what you like (if you want to).

    +

    Use own certificates for WebAuthn

    +

    If you have a valid certificate from the vendor of your key you can also add it to your mailcow!

    +

    Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow.

    +

    Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.

    +

    Is it dangerous to keep the Vendor Check disabled?

    +

    No, it isn´t! +These vendor certificates are only used to verify original hardware, not to secure the registration process.

    +

    As you can read in these articles, the deactivation is not software security related: +- https://developers.yubico.com/U2F/Attestation_and_Metadata/ +- https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 +- https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01

    +

    In the end, however, it is of course your decision to leave this check disabled or enabled.

    +
    +

    TOTP

    +

    The best known TFA method mostly used with a smartphone.

    +

    To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list.

    +

    Now a modal will open in which you have to type in a name for your 2FA "device" (example: John Deer´s Smartphone) and the password of the affected Admin account (you are currently logged in with).

    +

    You have two seperate methods to register TOTP to your account: +1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. +2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can´t scan a QR Code).

    +

    After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/u_e-80_to_443/index.html b/2.5/manual-guides/u_e-80_to_443/index.html new file mode 100644 index 000000000..5b902fb99 --- /dev/null +++ b/2.5/manual-guides/u_e-80_to_443/index.html @@ -0,0 +1,2555 @@ + + + + + + + + + + + + + + + + + + Redirect HTTP to HTTPS - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Redirect HTTP to HTTPS

    + +

    Since February the 28th 2017 mailcow does come with port 80 and 443 enabled.

    +

    Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

    +

    Open mailcow.conf and set HTTP_BIND= - if not already set.

    +

    Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

    +
    server {
    +  root /web;
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  include /etc/nginx/conf.d/server_name.active;
    +  if ( $request_uri ~* "%0A|%0D" ) { return 403; }
    +  location ^~ /.well-known/acme-challenge/ {
    +    allow all;
    +    default_type "text/plain";
    +  }
    +  location / {
    +    return 301 https://$host$uri$is_args$args;
    +  }
    +}
    +
    +

    In case you changed the HTTP_BIND parameter, recreate the container:

    +
    docker compose up -d
    +
    +

    Otherwise restart Nginx:

    +
    docker compose restart nginx-mailcow
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/u_e-autodiscover_config/index.html b/2.5/manual-guides/u_e-autodiscover_config/index.html new file mode 100644 index 000000000..53a028222 --- /dev/null +++ b/2.5/manual-guides/u_e-autodiscover_config/index.html @@ -0,0 +1,2576 @@ + + + + + + + + + + + + + + + + + + Autodiscover / Autoconfig - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Autodiscover / Autoconfig

    + +

    You do not need to change or create this file, autodiscover works out of the box. This guide is only meant for customizations to the autodiscover or autoconfig process.

    +

    Newer Outlook clients (especially those delivered with O365) will not autodiscover mail profiles. +Keep in mind, that ActiveSync should NOT be used with a desktop client.

    +

    Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

    +

    Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

    +
    <?php
    +$autodiscover_config = array(
    +  // General autodiscover service type: "activesync" or "imap"
    +  // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
    +  'autodiscoverType' => 'activesync',
    +  // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows)
    +  // Outlook for Mac does not support ActiveSync
    +  'useEASforOutlook' => 'yes',
    +  // Please don't use STARTTLS-enabled service ports in the "port" variable.
    +  // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services).
    +  // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable.
    +  'imap' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('IMAPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))),
    +  ),
    +  'pop3' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('POPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('POP_PORT'))),
    +  ),
    +  'smtp' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => array_pop(explode(':', getenv('SMTPS_PORT'))),
    +    'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))),
    +  ),
    +  'activesync' => array(
    +    'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync',
    +  ),
    +  'caldav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +  'carddav' => array(
    +    'server' => $mailcow_hostname,
    +    'port' => $https_port,
    +  ),
    +);
    +
    +

    To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

    +

    Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/u_e-reeanble-weak-protocols/index.html b/2.5/manual-guides/u_e-reeanble-weak-protocols/index.html new file mode 100644 index 000000000..e6b62b8fe --- /dev/null +++ b/2.5/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -0,0 +1,2544 @@ + + + + + + + + + + + + + + + + + + Re-enable TLS 1.0 and TLS 1.1 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Re-enable TLS 1.0 and TLS 1.1

    + +

    On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION).

    +

    Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

    +

    How to re-enable weak protocols?

    +

    Edit data/conf/postfix/extra.cf:

    +
    submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    +
    +

    Edit data/conf/dovecot/extra.conf:

    +
    ssl_min_protocol = TLSv1
    +
    +

    Restart the affected services:

    +
    docker compose restart postfix-mailcow dovecot-mailcow
    +
    +

    Hint: You can enable TLS 1.2 in Windows 7.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/u_e-update-hooks/index.html b/2.5/manual-guides/u_e-update-hooks/index.html new file mode 100644 index 000000000..4630fe369 --- /dev/null +++ b/2.5/manual-guides/u_e-update-hooks/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Run scripts before and after updates - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Run scripts before and after updates

    + +

    It is possible to add pre- and post-update-hooks to the update.sh script that upgrades your whole mailcow installation.

    +

    To do so, just add the corresponding bash script into your mailcow root directory:

    +
      +
    • pre_update_hook.sh for commands that should run before the update
    • +
    • post_update_hook.sh for commands that should run after the update is completed
    • +
    +

    Keep in mind that pre_update_hook.sh runs every time you call update.sh and post_update_hook.sh will only run if the update was successful and the script doesn't have to be re-run.

    +

    The scripts will be run by bash, an interpreter (e.g. #!/bin/bash) as well as an execute permission flag ("+x") are not required.

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/manual-guides/u_e-why_unbound/index.html b/2.5/manual-guides/u_e-why_unbound/index.html new file mode 100644 index 000000000..18a7cbc78 --- /dev/null +++ b/2.5/manual-guides/u_e-why_unbound/index.html @@ -0,0 +1,2535 @@ + + + + + + + + + + + + + + + + + + Why unbound? - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Why unbound?

    + +

    For DNS blacklist lookups and DNSSEC.

    +

    Most systems use either a public or a local caching DNS resolver. +That's a very bad idea when it comes to filter spam using DNS-based black hole lists (DNSBL) or similar technics. +Most if not all providers apply a rate limit based on the DNS resolver that is used to query their service. +Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.

    + +
    +
    + + + Last update: + 2022-02-02 12:23:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/model-acl/index.html b/2.5/model-acl/index.html new file mode 100644 index 000000000..21148de6c --- /dev/null +++ b/2.5/model-acl/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/model-passwd/index.html b/2.5/model-passwd/index.html new file mode 100644 index 000000000..6c62b0e4f --- /dev/null +++ b/2.5/model-passwd/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/model-sender_rcv/index.html b/2.5/model-sender_rcv/index.html new file mode 100644 index 000000000..014036624 --- /dev/null +++ b/2.5/model-sender_rcv/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/models/model-acl/index.html b/2.5/models/model-acl/index.html new file mode 100644 index 000000000..68a75b8ed --- /dev/null +++ b/2.5/models/model-acl/index.html @@ -0,0 +1,2549 @@ + + + + + + + + + + + + + + + + + + ACL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    ACL

    + +

    Editing a domain administrator or a mailbox user allows to set restrictions to that account.

    +

    Important: For overlapping modules like sync jobs, which both domain administrators and mailbox users can be granted access to, the domain administrators permissions are inherited, when logging in as mailbox user.

    +

    Some examples:

    +

    1.

    +
      +
    • A domain administror has not access to sync jobs but can login as mailbox user
    • +
    • When logging in as mailbox user, he does not gain access to sync jobs, even if the given mailbox user has access when logging in directly
    • +
    +

    2.

    +
      +
    • A domain administror has access to sync jobs and can login as mailbox user
    • +
    • The mailbox user he tries to login as has not access to sync jobs
    • +
    • The domain administrator, now logged in as mailbox user, inherits its permission to the mailbox user and can access sync jobs
    • +
    +

    3.

    +
      +
    • A domain administrator logs in as mailbox user
    • +
    • Every permission, that does not exist in a domain administrators ACL, is automatically granted (example: time-limited alias, TLS policy etc.)
    • +
    + +
    +
    + + + Last update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/models/model-passwd/index.html b/2.5/models/model-passwd/index.html new file mode 100644 index 000000000..1bffb890b --- /dev/null +++ b/2.5/models/model-passwd/index.html @@ -0,0 +1,2649 @@ + + + + + + + + + + + + + + + + + + Password hashing - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Password hashing

    + +

    Fully supported hashing methods

    +

    The most current mailcow fully supports the following hashing methods. +The default hashing method is written in bold:

    +
      +
    • BLF-CRYPT
    • +
    • SSHA
    • +
    • SSHA256
    • +
    • SSHA512
    • +
    +

    The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value.

    +

    Read-only hashing methods

    +

    The following methods are supported read only. +If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. +With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot.

    +
      +
    • ARGON2I (SOGo compatible)
    • +
    • ARGON2ID (SOGo compatible)
    • +
    • CLEAR
    • +
    • CLEARTEXT
    • +
    • CRYPT (SOGo compatible)
    • +
    • DES-CRYPT
    • +
    • LDAP-MD5 (SOGo compatible)
    • +
    • MD5 (SOGo compatible)
    • +
    • MD5-CRYPT (SOGo compatible)
    • +
    • PBKDF2 (SOGo compatible)
    • +
    • PLAIN (SOGo compatible)
    • +
    • PLAIN-MD4
    • +
    • PLAIN-MD5
    • +
    • PLAIN-TRUNC
    • +
    • SHA (SOGo compatible)
    • +
    • SHA1 (SOGo compatible)
    • +
    • SHA256 (SOGo compatible)
    • +
    • SHA256-CRYPT (SOGo compatible)
    • +
    • SHA512 (SOGo compatible)
    • +
    • SHA512-CRYPT (SOGo compatible)
    • +
    • SMD5 (SOGo compatible)
    • +
    +

    That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database.

    +

    The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords.

    +
    +
    +

    I changed the password hashes in the "mailbox" SQL table and cannot login.

    +
    +

    A "view" needs to be updated. You can trigger this by restarting sogo-mailcow:

    +
    +
    +
    +
    docker compose restart sogo-mailcow
    +
    +
    +
    +
    docker-compose restart sogo-mailcow
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/models/model-sender_rcv/index.html b/2.5/models/model-sender_rcv/index.html new file mode 100644 index 000000000..7f408aa77 --- /dev/null +++ b/2.5/models/model-sender_rcv/index.html @@ -0,0 +1,2611 @@ + + + + + + + + + + + + + + + + + + Sender and receiver model - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sender and receiver model

    + +

    When a mailbox is created, a user is allowed to send mail from and receive mail for his own mailbox address.

    +
    Mailbox me@example.org is created. example.org is a primary domain.
    +Note: a mailbox cannot be created in an alias domain.
    +
    +me@example.org is only known as me@example.org.
    +me@example.org is allowed to send as me@example.org.
    +
    +

    We can add an alias domain for example.org:

    +
    Alias domain alias.com is added and assigned to primary domain example.org.
    +me@example.org is now known as me@example.org and me@alias.com.
    +me@example.org is now allowed to send as me@example.org and me@alias.com.
    +
    +

    We can add aliases for a mailbox to receive mail for and to send from this new address.

    +

    It is important to know, that you are not able to receive mail for my-alias@my-alias-domain.tld. You would need to create this particular alias.

    +
    me@example.org is assigned the alias alias@example.org
    +me@example.org is now known as me@example.org, me@alias.com, alias@example.org
    +
    +me@example.org is NOT known as alias@alias.com.
    +
    +

    Please note that this does not apply to catch-all aliases:

    +
    Alias domain alias.com is added and assigned to primary domain example.org
    +me@example.org is assigned the catch-all alias @example.org
    +me@example.org is still just known as me@example.org, which is the only available send-as option
    +
    +Any email send to alias.com will match the catch-all alias for example.org
    +
    +

    Administrators and domain administrators can edit mailboxes to allow specific users to send as other mailbox users ("delegate" them).

    +

    You can choose between mailbox users or completely disable the sender check for domains.

    +

    SOGo "mail from" addresses

    +

    Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains.

    +

    If you want to select another existing mailbox user as your "mail from" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator +needs to grant you access as described above.

    + +
    +
    + + + Last update: + 2022-01-30 14:24:07 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-disable_ipv6/index.html b/2.5/post_installation/firststeps-disable_ipv6/index.html new file mode 100644 index 000000000..755233707 --- /dev/null +++ b/2.5/post_installation/firststeps-disable_ipv6/index.html @@ -0,0 +1,2620 @@ + + + + + + + + + + + + + + + + + + Disable IPv6 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Disable IPv6

    + +

    This is ONLY recommended if you do not have an IPv6 enabled network on your host!

    +

    If you really need to, you can disable the usage of IPv6 in the compose file. +Additionally, you can also disable the startup of container "ipv6nat-mailcow", as it's not needed if you won't use IPv6.

    +

    Instead of editing docker-compose.yml directly, it is preferable to create an override file for it +and implement your changes to the service there. Unfortunately, this right now only seems to work for services, not for network settings.

    +

    To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

    +

    1. Modify docker-compose.yml

    +

    Change enable_ipv6: true to enable_ipv6: false:

    +
    networks:
    +  mailcow-network:
    +    [...]
    +    enable_ipv6: true # <<< set to false
    +    [...]
    +
    +

    2. Disable ipv6nat-mailcow

    +

    To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

    +

    NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

    +
    # cd /opt/mailcow-dockerized
    +# touch docker-compose.override.yml
    +
    +

    Open the file in your favourite text editor and fill in the following:

    +
    version: '2.1'
    +services:
    +
    +    ipv6nat-mailcow:
    +      image: bash:latest
    +      restart: "no"
    +      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
    +
    +

    For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    3. Disable IPv6 in unbound-mailcow

    +

    Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

    +
    server:
    +  [...]
    +  do-ip6: no
    +  [...]
    +
    +

    Restart Unbound:

    +
    +
    +
    +
    docker compose restart unbound-mailcow
    +
    +
    +
    +
    docker-compose restart unbound-mailcow
    +
    +
    +
    +
    +

    4. Disable IPv6 in postfix-mailcow

    +

    Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

    +
    smtp_address_preference = ipv4
    +inet_protocols = ipv4
    +
    +

    Restart Postfix:

    +
    +
    +
    +
    docker compose restart postfix-mailcow
    +
    +
    +
    +
    docker-compose restart postfix-mailcow
    +
    +
    +
    +
    +

    5. If your docker daemon completly disabled IPv6:

    +

    Fix the following NGINX, Dovecot and php-fpm config files

    +
    sed -i '/::/d' data/conf/nginx/listen_*
    +sed -i '/::/d' data/conf/nginx/templates/listen*
    +sed -i '/::/d' data/conf/nginx/dynmaps.conf
    +sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
    +sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf
    +
    + +
    +
    + + + Last update: + 2022-10-19 15:29:13 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-dmarc_reporting/index.html b/2.5/post_installation/firststeps-dmarc_reporting/index.html new file mode 100644 index 000000000..e184882d1 --- /dev/null +++ b/2.5/post_installation/firststeps-dmarc_reporting/index.html @@ -0,0 +1,2861 @@ + + + + + + + + + + + + + + + + + + DMARC Reporting - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    + +
    +
    + + + +
    +
    + + + + + + + + + +

    DMARC Reporting

    + +

    DMARC Reporting done via Rspamd DMARC Module.

    +

    Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html

    +

    Important:

    +
      +
    1. +

      Change example.com, mail.example.com and Example to reflect your setup

      +
    2. +
    3. +

      DMARC reporting requires additional attention, especially over the first few days

      +
    4. +
    5. +

      All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your MAILCOW_HOSTNAME:

      +
        +
      • If your MAILCOW_HOSTNAME is mail.example.com change the following config to domain = "example.com";
      • +
      • Set email equally, e.g. email = "noreply-dmarc@example.com";
      • +
      +
    6. +
    7. +

      It is optional but recommended to create an email user noreply-dmarc in mailcow to handle bounces.

      +
    8. +
    +

    Enable DMARC reporting

    +

    Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    domain = 'example.com';
    +    org_name = 'Example';
    +    helo = 'rspamd';
    +    smtp = 'postfix';
    +    smtp_port = 25;
    +    from_name = 'Example DMARC Report';
    +    msgid_from = 'rspamd.mail.example.com';
    +    max_entries = 2k;
    +    keys_expire = 2d;
    +}
    +
    +

    Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

    +
    version: '2.1'
    +
    +services:
    +  rspamd-mailcow:
    +    environment:
    +      - MASTER=${MASTER:-y}
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "@every 24h"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +  ofelia-mailcow:
    +    depends_on:
    +      - rspamd-mailcow
    +
    +

    Start the mailcow stack with:

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Send a copy reports to yourself

    +

    To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

    +
    reporting {
    +    enabled = true;
    +    email = 'noreply-dmarc@example.com';
    +    bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
    +[...]
    +
    +

    Rspamd will load changes in real time, so you won't need to restart the container at this point.

    +

    This can be useful if you...

    +
      +
    • ...want to check that your DMARC reports are sent correctly and authenticated.
    • +
    • ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.
    • +
    +

    Troubleshooting

    +

    Check when the report schedule last ran:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    See the latest report output:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    +
    +
    +
    +
    +

    Manually trigger a DMARC report:

    +
    +
    +
    +
    docker compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    docker-compose exec rspamd-mailcow rspamadm dmarc_report
    +
    +
    +
    +
    +

    Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in.

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
    +
    +
    +
    +
    +

    Take one of the lines from output you interested in and request it, f.e.:

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
    +
    +
    +
    +
    +

    Change DMARC reporting frequency

    +

    In the example above reports are sent once every 24 hours and send reports for yesterday. This will be okay for most setups.

    +

    If you have a large mail volume and want to run the DMARC reporting more than once a day you need create second schedule and run it with dmarc_report $(date '+%Y%m%d') to process the current day. You have to make sure that the first run on each day also processes the last report from the day before, so it needs to be started twice, one time with $(date --date yesterday '+%Y%m%d') at 0 5 0 * * * (00:05 AM) and then with $(date '+%Y%m%d') with desired interval.

    +

    The Ofelia schedule has the same implementation as cron in Go, supported syntax described at cron Documentation

    +

    To change schedule:

    +
      +
    1. Edit docker-compose.override.yml:
    2. +
    +
    version: '2.1'
    +
    +services:
    +  rspamd-mailcow:
    +    environment:
    +      - MASTER=${MASTER:-y}
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: "0 5 0 * * *"
    +      ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +      ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: "@every 12h"
    +      ofelia.job-exec.rspamd_dmarc_reporting_today.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\""
    +  ofelia-mailcow:
    +    depends_on:
    +      - rspamd-mailcow
    +
    +
      +
    1. +

      Restart the desired containers with:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    2. +
    3. +

      Restart the ofelia container only:

      +
      +
      +
      +
      docker compose restart ofelia-mailcow
      +
      +
      +
      +
      docker-compose restart ofelia-mailcow
      +
      +
      +
      +
      +
    4. +
    +

    Disable DMARC Reporting

    +

    To disable reporting:

    +
      +
    1. +

      Set enabled to false in data/conf/rspamd/local.d/dmarc.conf

      +
    2. +
    3. +

      Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow

      +
    4. +
    5. +

      Restart the desired containers with:

      +
      +
      +
      +
      docker compose up -d
      +
      +
      +
      +
      docker-compose up -d
      +
      +
      +
      +
      +
    6. +
    + +
    +
    + + + Last update: + 2022-11-09 01:01:48 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-ip_bindings/index.html b/2.5/post_installation/firststeps-ip_bindings/index.html new file mode 100644 index 000000000..cf378215b --- /dev/null +++ b/2.5/post_installation/firststeps-ip_bindings/index.html @@ -0,0 +1,2682 @@ + + + + + + + + + + + + + + + + + + IP bindings - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    IP bindings

    + +
    +

    Warning

    +

    Changing the binding does not affect source NAT. See SNAT for required steps.

    +
    +

    IPv4 binding

    +

    To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

    +
    # For technical reasons, http bindings are a bit different from other service bindings.
    +# You will find the following variables, separated by a bind address and its port:
    +# Example: HTTP_BIND=1.2.3.4
    +
    +HTTP_PORT=80
    +HTTP_BIND=
    +HTTPS_PORT=443
    +HTTPS_BIND=
    +
    +# Other services are bound by using the following format:
    +# SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25
    +# Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x.
    +# doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing.
    +
    +SMTP_PORT=25
    +SMTPS_PORT=465
    +SUBMISSION_PORT=587
    +IMAP_PORT=143
    +IMAPS_PORT=993
    +POP_PORT=110
    +POPS_PORT=995
    +SIEVE_PORT=4190
    +DOVEADM_PORT=127.0.0.1:19991
    +SQL_PORT=127.0.0.1:13306
    +SOLR_PORT=127.0.0.1:18983
    +
    +

    To apply your changes, run:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    IPv6 binding

    +

    Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

    +

    A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

    +

    Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

    +

    An example IPv6 2001:db8:dead:beef::123 is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

    +
    version: '2.1'
    +services:
    +
    +    dovecot-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:143:143'
    +        - '[2001:db8:dead:beef::123]:993:993'
    +        - '[2001:db8:dead:beef::123]:110:110'
    +        - '[2001:db8:dead:beef::123]:995:995'
    +        - '[2001:db8:dead:beef::123]:4190:4190'
    +
    +    postfix-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:25:25'
    +        - '[2001:db8:dead:beef::123]:465:465'
    +        - '[2001:db8:dead:beef::123]:587:587'
    +
    +    nginx-mailcow:
    +      ports:
    +        - '[2001:db8:dead:beef::123]:80:80'
    +        - '[2001:db8:dead:beef::123]:443:443'
    +
    +

    To apply your changes, run the commands below:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-local_mta/index.html b/2.5/post_installation/firststeps-local_mta/index.html new file mode 100644 index 000000000..85c7d617a --- /dev/null +++ b/2.5/post_installation/firststeps-local_mta/index.html @@ -0,0 +1,2545 @@ + + + + + + + + + + + + + + + + + + Local MTA on Docker host - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Local MTA on Docker host

    + +

    The easiest option would be to disable the listener on port 25/tcp.

    +

    Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: +

    #smtp      inet  n       -       -       -       -       smtpd
    +

    +

    Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

    +
    postconf -e 'relayhost = 172.22.1.1'
    +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
    +postconf -e "inet_interfaces = loopback-only"
    +postconf -e "relay_transport = relay"
    +postconf -e "default_transport = smtp"
    +
    +

    Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

    +

    "172.22.1.1" is the mailcow created network gateway in Docker. +Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

    +

    Restart Postfix after applying your changes.

    + +
    +
    + + + Last update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-logging/index.html b/2.5/post_installation/firststeps-logging/index.html new file mode 100644 index 000000000..101e3b5ec --- /dev/null +++ b/2.5/post_installation/firststeps-logging/index.html @@ -0,0 +1,2800 @@ + + + + + + + + + + + + + + + + + + Logging - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logging

    + +

    Logging in mailcow: dockerized consists of multiple stages, but is, after all, much more flexible and easier to integrate into a logging daemon than before.

    +

    In Docker the containerized application (PID 1) writes its output to stdout. For real one-application containers this works just fine. +Run the command below to learn more:

    +
    +
    +
    +
    docker compose logs --help
    +
    +
    +
    +
    docker-compose logs --help
    +
    +
    +
    +
    +

    Some containers log or stream to multiple destinations.

    +

    No container will keep persistent logs in it. Containers are transient items!

    +

    In the end, every line of logs will reach the Docker daemon - unfiltered.

    +

    The default logging driver is "json".

    +

    Filtered logs

    +

    Some logs are filtered and written to Redis keys but also streamed to a Redis channel.

    +

    The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow.

    +

    The Redis keys are persistent and will keep 10000 lines of logs for the web UI.

    +

    This mechanism makes it possible to use whatever Docker logging driver you want to, without losing +the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow.

    +

    Redis keys will only hold logs from applications and filter out system messages (think of cron etc.).

    +

    Logging drivers

    +

    Via docker-compose.override.yml

    +

    Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease.

    +

    Create a docker-compose.override.yml and add, for example, this block to use the "gelf" logging plugin for postfix-mailcow:

    +
    version: '2.1'
    +services:
    +  postfix-mailcow: # or any other
    +    logging:
    +      driver: "gelf"
    +      options:
    +        gelf-address: "udp://graylog:12201"
    +
    +

    Another example for Syslog:

    +
    version: '2.1'
    +services:
    +
    +  postfix-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  dovecot-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +  rspamd-mailcow: # or any other
    +    logging:
    +      driver: "syslog"
    +      options:
    +        syslog-address: "udp://127.0.0.1:514"
    +        syslog-facility: "local3"
    +
    +
    For Rsyslog only:
    +

    Make sure the following lines aren't commented out in /etc/rsyslog.conf:

    +
    # provides UDP syslog reception
    +module(load="imudp")
    +input(type="imudp" port="514")
    +
    +

    To move local3 input to /var/log/mailcow.log and stop processing, create a file /etc/rsyslog.d/docker.conf:

    +
    local3.*        /var/log/mailcow.log
    +& stop
    +
    +

    Restart rsyslog afterwards.

    +

    via daemon.json (globally)

    +

    If you want to change the logging driver globally, edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service:

    +
    {
    +...
    +  "log-driver": "gelf",
    +  "log-opts": {
    +    "gelf-address": "udp://graylog:12201"
    +  }
    +...
    +}
    +
    +

    For Syslog:

    +
    {
    +...
    +  "log-driver": "syslog",
    +  "log-opts": {
    +    "syslog-address": "udp://1.2.3.4:514"
    +  }
    +...
    +}
    +
    +

    Restart the Docker daemon and run the commands below to recreate the containers with the new logging driver:

    +
    +
    +
    +
    docker compose down
    +docker compose up -d
    +
    +
    +
    +
    docker-compose down
    +docker-compose up -d
    +
    +
    +
    +
    +

    Log rotation

    +

    As those logs can get quite big, it is a good idea to use logrotate to compress and delete them after a certain time period.

    +

    Create /etc/logrotate.d/mailcow with the following content:

    +
    /var/log/mailcow.log {
    +        rotate 7
    +        daily
    +        compress
    +        delaycompress
    +        missingok
    +        notifempty
    +        create 660 root root
    +}
    +
    +

    With this configuration, logrotate will run daily and keep a maximum of 7 archives.

    +

    To rotate the logfile weekly or monthly replace daily with weekly or monthly respectively.

    +

    To keep more archives, set the desired number of rotate.

    +

    Afterwards, logrotate can be restarted.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-rp/index.html b/2.5/post_installation/firststeps-rp/index.html new file mode 100644 index 000000000..34a6d3065 --- /dev/null +++ b/2.5/post_installation/firststeps-rp/index.html @@ -0,0 +1,2954 @@ + + + + + + + + + + + + + + + + + + Reverse Proxy - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Reverse Proxy

    + +

    You don't need to change the Nginx site that comes with mailcow: dockerized. +mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

    +

    1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: +

    HTTP_BIND=127.0.0.1
    +HTTP_PORT=8080
    +HTTPS_BIND=127.0.0.1
    +HTTPS_PORT=8443
    +

    +

    This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

    +

    IMPORTANT: Do not use port 8081, 9081 or 65510!

    +

    Recreate affected containers by running docker compose up -d.

    +

    Important information, please read them carefully!

    +
    +

    Info

    +

    If you plan to use a reverse proxy and want to use another server name that is not MAILCOW_HOSTNAME, you need to read Adding additional server names for mailcow UI at the bottom of this page.

    +
    +
    +

    Warning

    +

    Make sure you run generate_config.sh before you enable any site configuration examples below. +The script generate_config.sh copies snake-oil certificates to the correct location, so the services will not fail to start due to missing files.

    +
    +
    +

    Warning

    +

    If you enable TLS SNI (ENABLE_TLS_SNI in mailcow.conf), the certificate paths in your reverse proxy must match the correct paths in data/assets/ssl/{hostname}. The certificates will be split into data/assets/ssl/{hostname1,hostname2,etc} and therefore will not work when you copy the examples from below pointing to data/assets/ssl/cert.pem etc.

    +
    +
    +

    Info

    +

    Using the site configs below will forward ACME requests to mailcow and let it handle certificates itself. +The downside of using mailcow as ACME client behind a reverse proxy is, that you will need to reload your webserver after acme-mailcow changed/renewed/created the certificate. You can either reload your webserver daily or write a script to watch the file for changes. +On many servers logrotate will reload the webserver daily anyway.

    +

    If you want to use a local certbot installation, you will need to change the SSL certificate parameters accordingly. +Make sure you run a post-hook script when you decide to use external ACME clients. You will find an example at the bottom of this page.

    +
    +

    2. Configure your local webserver as reverse proxy:

    +

    Apache 2.4

    +

    Required modules: +

    a2enmod rewrite proxy proxy_http headers ssl
    +

    +

    Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

    +

    Take care of highlighted lines.

    +
    <VirtualHost *:80>
    +  ServerName CHANGE_TO_MAILCOW_HOSTNAME
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +  RewriteEngine on
    +
    +  RewriteCond %{HTTPS} off
    +  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
    +
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "http"
    +</VirtualHost>
    +<VirtualHost *:443>
    +  ServerName CHANGE_TO_MAILCOW_HOSTNAME
    +  ServerAlias autodiscover.*
    +  ServerAlias autoconfig.*
    +
    +  # You should proxy to a plain HTTP session to offload SSL processing
    +  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
    +  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
    +  ProxyPass / http://127.0.0.1:8080/
    +  ProxyPassReverse / http://127.0.0.1:8080/
    +  ProxyPreserveHost On
    +  ProxyAddHeaders On
    +  RequestHeader set X-Forwarded-Proto "https"
    +
    +  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
    +  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
    +
    +  # If you plan to proxy to a HTTPS host:
    +  #SSLProxyEngine On
    +
    +  # If you plan to proxy to an untrusted HTTPS host:
    +  #SSLProxyVerify none
    +  #SSLProxyCheckPeerCN off
    +  #SSLProxyCheckPeerName off
    +  #SSLProxyCheckPeerExpire off
    +</VirtualHost>
    +
    +

    Nginx

    +

    Let's Encrypt will follow our rewrite, certificate requests will work fine.

    +

    Take care of highlighted lines.

    +
    server {
    +  listen 80 default_server;
    +  listen [::]:80 default_server;
    +  server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
    +  return 301 https://$host$request_uri;
    +}
    +server {
    +  listen 443 ssl http2;
    +  listen [::]:443 ssl http2;
    +  server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
    +
    +  ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
    +  ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
    +  ssl_session_timeout 1d;
    +  ssl_session_cache shared:SSL:50m;
    +  ssl_session_tickets off;
    +
    +  # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations
    +  # An example config is given below
    +  ssl_protocols TLSv1.2;
    +  ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
    +  ssl_prefer_server_ciphers off;
    +
    +  location /Microsoft-Server-ActiveSync {
    +    proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_connect_timeout 75;
    +    proxy_send_timeout 3650;
    +    proxy_read_timeout 3650;
    +    proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo
    +    client_body_buffer_size 512k;
    +    client_max_body_size 0;
    +  }
    +
    +  location / {
    +    proxy_pass http://127.0.0.1:8080/;
    +    proxy_set_header Host $http_host;
    +    proxy_set_header X-Real-IP $remote_addr;
    +    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    client_max_body_size 0;
    +  # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update
    +  # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537
    +    proxy_buffer_size 128k;
    +    proxy_buffers 64 512k;
    +    proxy_busy_buffers_size 512k;
    +  }
    +}
    +
    +

    HAProxy (community supported)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

    +
    frontend https-in
    +  bind :::443 v4v6 ssl crt mailcow.pem
    +  default_backend mailcow
    +
    +backend mailcow
    +  option forwardfor
    +  http-request set-header X-Forwarded-Proto https if { ssl_fc }
    +  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
    +  server mailcow 127.0.0.1:8080 check
    +
    +

    Traefik v2 (community supported)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    Important: This config only covers the "reverseproxing" of the webpannel (nginx-mailcow) using Traefik v2, if you also want to reverseproxy the mail services such as dovecot, postfix... you'll just need to adapt the following config to each container and create an EntryPoint on your traefik.toml or traefik.yml (depending which config you use) for each port.

    +

    For this section we'll assume you have your Traefik 2 [certificatesresolvers] properly configured on your traefik configuration file, and also using acme, also, the following example uses Lets Encrypt, but feel free to change it to your own cert resolver. You can find a basic Traefik 2 toml config file with all the above implemented which can be used for this example here traefik.toml if you need one, or a hint on how to adapt your config.

    +

    So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. +For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker compose up -d to apply the changes.

    +

    Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

    +
    version: '2.1'
    +
    +services:
    +    nginx-mailcow:
    +      networks:
    +        # Add Traefik's network
    +        web:
    +      labels:
    +        - traefik.enable=true
    +        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
    +        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
    +        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
    +        # Enables tls over the router we created before.
    +        - traefik.http.routers.moo.tls=true
    +        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
    +        - traefik.http.routers.moo.tls.certresolver=le
    +        # Creates a service called "moo" for the container, and specifies which internal port of the container
    +        #   should traefik route the incoming data to.
    +        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
    +        # Specifies which entrypoint (external port) should traefik listen to, for this container.
    +        #   websecure being port 443, check the traefik.toml file liked above.
    +        - traefik.http.routers.moo.entrypoints=websecure
    +        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
    +        - traefik.docker.network=web
    +
    +    certdumper:
    +        image: humenius/traefik-certs-dumper
    +    command: --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1
    +        network_mode: none
    +        volumes:
    +          # Mount the volume which contains Traefik's `acme.json' file
    +          #   Configure the external name in the volume definition
    +          - acme:/traefik:ro
    +          # Mount mailcow's SSL folder
    +          - ./data/assets/ssl/:/output:rw
    +          # Mount docker socket to restart containers
    +          - /var/run/docker.sock:/var/run/docker.sock:ro
    +        restart: always
    +        environment:
    +          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
    +          - DOMAIN=${MAILCOW_HOSTNAME}
    +
    +networks:
    +  web:
    +    external: true
    +    # Name of the external network
    +    name: traefik_web
    +
    +volumes:
    +  acme:
    +    external: true
    +    # Name of the external docker volume which contains Traefik's `acme.json' file
    +    name: traefik_acme
    +
    +

    Start the new containers with docker compose up -d.

    +

    Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

    +

    This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

    +

    You can use the command line to run it, or use the docker compose shown here.

    +

    After we have the certs dumped, we'll have to reload the configs from our postfix and dovecot containers, and check the certs, you can see how here.

    +

    Aaand that should be it 😊, you can check if the Traefik router works fine trough Traefik's dashboard / traefik logs / accessing the setted domain trough https, or / and check HTTPS, SMTP and IMAP trough the commands shown on the page linked before.

    +

    Caddy v2 (supported by the community)

    +
    +

    Warning

    +

    This is an unsupported community contribution. Feel free to provide fixes.

    +
    +

    The configuration of Caddy with mailcow is very simple.

    +

    In the caddyfile you just have to create a section for the mailserver.

    +

    For example +

    MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME {
    +        log {
    +                output file /var/log/caddy/MAILCOW_HOSTNAME.log {
    +                        roll_disabled
    +                        roll_size 512M
    +                        roll_uncompressed
    +                        roll_local_time
    +                        roll_keep 3
    +                        roll_keep_for 48h
    +                }
    +        }
    +
    +        reverse_proxy 127.0.0.1:HTTP_BIND
    +}
    +

    +

    This allows Caddy to automatically create the certificates and accept traffic for these mentioned domains and forward them to mailcow.

    +

    Important: The ACME client of mailcow must be disabled, otherwise mailcow will fail.

    +

    Since Caddy takes care of the certificates itself, we can use the following script to include the Caddy generated certificates into mailcow:

    +
    #!/bin/bash
    +MD5SUM_CURRENT_CERT=($(md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem))
    +MD5SUM_NEW_CERT=($(md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt))
    +
    +if [ $MD5SUM_CURRENT_CERT != $MD5SUM_NEW_CERT ]; then
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +        cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +        postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +        dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +        nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +        docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +
    +else
    +        echo "Certs not copied from Caddy (Not needed)"
    +fi
    +
    +
    +

    Attention

    +

    Caddy's certificate path varies depending on the installation type.
    +In this installation example, Caddy was installed using the Caddy repo (more informations here).
    +
    +To find out the Caddy certificate path on your system, just run a find / -name "certificates".

    +
    +

    This script could be called as a cronjob every hour:

    +
    0 * * * * /bin/bash /path/to/script/deploy-certs.sh  >/dev/null 2>&1
    +
    +

    Optional: Post-hook script for non-mailcow ACME clients

    +

    Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. +Make sure you change the paths accordingly: +

    #!/bin/bash
    +cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
    +postfix_c=$(docker ps -qaf name=postfix-mailcow)
    +dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
    +nginx_c=$(docker ps -qaf name=nginx-mailcow)
    +docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    +

    +

    Adding additional server names for mailcow UI

    +

    If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Run docker compose up -d to apply.

    + +
    +
    + + + Last update: + 2022-11-03 16:35:20 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-rspamd_ui/index.html b/2.5/post_installation/firststeps-rspamd_ui/index.html new file mode 100644 index 000000000..06efa4794 --- /dev/null +++ b/2.5/post_installation/firststeps-rspamd_ui/index.html @@ -0,0 +1,2538 @@ + + + + + + + + + + + + + + + + + + Rspamd UI - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Rspamd UI

    + +

    Rspamd is an easy to use spam filtering tool presently installed with mailcow.

    +
      +
    1. Go to the mailcow web admin interface
    2. +
    3. Navigate to the Access tab. (Access > Rspamd UI)
    4. +
    5. Modify the Rspamd UI password
    6. +
    7. Go to https://${MAILCOW_HOSTNAME}/rspamd in a browser and log in!
    8. +
    +

    Additional configuration options and documentation can be found here : https://rspamd.com/webui/

    + +
    +
    + + + Last update: + 2022-01-29 23:04:38 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-snat/index.html b/2.5/post_installation/firststeps-snat/index.html new file mode 100644 index 000000000..a509f03a3 --- /dev/null +++ b/2.5/post_installation/firststeps-snat/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + SNAT - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    SNAT

    + +

    SNAT is used to change the source address of the packets sent by mailcow. +It can be used to change the outgoing IP address on systems with multiple IP addresses.

    +

    Open mailcow.conf, set either or both of the following parameters:

    +
    # Use this IPv4 for outgoing connections (SNAT)
    +SNAT_TO_SOURCE=1.2.3.4
    +
    +# Use this IPv6 for outgoing connections (SNAT)
    +SNAT6_TO_SOURCE=dead:beef
    +
    +

    Run docker compose up -d.

    +

    The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

    +

    Check the output of docker compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-ssl/index.html b/2.5/post_installation/firststeps-ssl/index.html new file mode 100644 index 000000000..b4bc94d21 --- /dev/null +++ b/2.5/post_installation/firststeps-ssl/index.html @@ -0,0 +1,2867 @@ + + + + + + + + + + + + + + + + + + Advanced SSL - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Advanced SSL

    + +

    Let's Encrypt (out-of-the-box)

    +

    The "acme-mailcow" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN.

    +
    +

    Warning

    +

    mailcow must be available on port 80 for the acme-client to work. Our reverse proxy example configurations do cover that. You can also use any external ACME client (certbot for example) to obtain certificates, but you will need to make sure, that they are copied to the correct location and a post-hook reloads affected containers. See more in the Reverse Proxy documentation.

    +
    +

    By default, which means 0 domains are added to mailcow, it will try to obtain a certificate for ${MAILCOW_HOSTNAME}.

    +

    For each domain you add, it will try to resolve autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN to its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. If it succeeds, a name will be added as SAN to the certificate request.

    +

    Only names that can be validated, will be added as SAN.

    +

    For every domain you remove, the certificate will be moved and a new certificate will be requested. It is not possible to keep domains in a certificate, when we are not able validate the challenge for those.

    +

    If you want to re-run the ACME client, use docker compose restart acme-mailcow and monitor its logs with docker compose logs --tail=200 -f acme-mailcow.

    +

    Additional domain names

    +

    Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

    +

    Do not use quotes (") and do not use spaces between the names!

    +
    ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
    +
    +

    Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

    +

    A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

    +

    Run docker compose up -d to recreate affected containers automatically.

    +
    +

    Info

    +

    Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

    +
    +

    If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

    +
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    +
    +

    Run docker compose up -d to apply.

    +

    Force renewal

    +

    To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

    +
    cd /opt/mailcow-dockerized
    +touch data/assets/ssl/force_renew
    +docker compose restart acme-mailcow
    +# Now check the logs for a renewal
    +docker compose logs --tail=200 -f acme-mailcow
    +
    +

    The file will be deleted automatically.

    +

    Validation errors and how to skip validation

    +

    You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

    +

    If you encounter problems with "HTTP validation", but your IP address confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from br-mailcow to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You'd need to stop mailcow (docker compose down), stop the firewall service, flush the chains and restart Docker.

    +

    You can also skip this validation method by setting SKIP_HTTP_VERIFICATION=y in "mailcow.conf". Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration. If you encounter problems generating TLSA records in the DNS overview within mailcow, you are most likely having issues with NAT reflection you should fix.

    +

    If you changed a SKIP_* parameter, run docker compose up -d to apply your changes.

    +

    Disable Let's Encrypt

    +

    Disable Let's Encrypt completely

    +

    Set SKIP_LETS_ENCRYPT=y in "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +

    Skip all names but ${MAILCOW_HOSTNAME}

    +

    Add ONLY_MAILCOW_HOSTNAME=y to "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +

    The Let's Encrypt subjectAltName limit of 100 domains

    +

    Let's Encrypt currently has a limit of 100 Domain Names per Certificate.

    +

    By default, "acme-mailcow" will create a single SAN certificate for all validated domains +(see the first section and Additional domain names). +This provides best compatibility but means the Let's Encrypt limit exceeds if you add too many domains to a single mailcow installation.

    +

    To solve this, you can configure ENABLE_SSL_SNI to generate:

    +
      +
    • A main server certificate with MAILCOW_HOSTNAME and all fully qualified domain names in the ADDITIONAL_SAN config
    • +
    • One additional certificate for each domain found in the database with autodiscover., autoconfig. and any other ADDITIONAL_SAN configured in this format (subdomain.*).
    • +
    • Limitations: A certificate name ADDITIONAL_SAN=test.example.com will be added as SAN to the main certificate. A separate certificate/key pair will not be generated for this format.
    • +
    +

    Postfix, Dovecot and Nginx will then serve these certificates with SNI.

    +

    Set ENABLE_SSL_SNI=y in "mailcow.conf" and recreate "acme-mailcow" by running docker compose up -d.

    +
    +

    Warning

    +

    Not all clients support SNI, see Dovecot documentation or Wikipedia. +You should make sure these clients use the MAILCOW_HOSTNAME for secure connections if you enable this feature.

    +
    +

    Here is an example:

    +
      +
    • MAILCOW_HOSTNAME=server.email.tld
    • +
    • ADDITIONAL_SAN=webmail.email.tld,mail.*
    • +
    • Mailcow email domains: "domain1.tld" and "domain2.tld"
    • +
    +

    The following certificates will be generated:

    +
      +
    • server.email.tld, webmail.email.tld -> this is the default certificate, all clients can connect with these domains
    • +
    • mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individual certificate for domain1.tld, cannot be used by clients without SNI support
    • +
    • mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individual certificate for domain2.tld, cannot be used by clients without SNI support
    • +
    +

    How to use your own certificate

    +

    Make sure you disable mailcows internal LE client (see above).

    +

    To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

    +

    IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

    +

    Restart affected services afterwards:

    +
    docker restart $(docker ps -qaf name=postfix-mailcow)
    +docker restart $(docker ps -qaf name=nginx-mailcow)
    +docker restart $(docker ps -qaf name=dovecot-mailcow)
    +
    +

    See Post-hook script for non-mailcow ACME clients for a full example script.

    +

    Test against staging ACME directory

    +

    Edit mailcow.conf and add LE_STAGING=y.

    +

    Run docker compose up -d to activate your changes.

    +

    Custom directory URL

    +

    Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

    +
    DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
    +
    +

    You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

    +

    Run docker compose up -d to activate your changes.

    +

    Check your configuration

    +

    Run docker compose logs acme-mailcow to find out why a validation fails.

    +

    To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

    +

    To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

    +
    # Connect via SMTP (587)
    +echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
    +# Connect via IMAP (143)
    +echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
    +# Connect via HTTPS (443)
    +echo "Q" | openssl s_client -connect mx.mailcow.email:443
    +
    +

    To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

    +
    cd /opt/mailcow-dockerized
    +bash helper-scripts/expiry-dates.sh
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/post_installation/firststeps-sync_jobs_migration/index.html b/2.5/post_installation/firststeps-sync_jobs_migration/index.html new file mode 100644 index 000000000..a11fdc5df --- /dev/null +++ b/2.5/post_installation/firststeps-sync_jobs_migration/index.html @@ -0,0 +1,2612 @@ + + + + + + + + + + + + + + + + + + Sync job migration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Sync job migration

    + +

    Sync jobs are used to copy or move existing emails from an external IMAP server or within mailcow's existing mailboxes.

    +
    +

    Info

    +

    Depending on your mailbox's ACL you may not have the option to add a sync job. Please contact your domain administrator if so.

    +
    +

    Setup a Sync Job

    +
      +
    1. +

      In the "Configuration > Mail Setup" or "User Settings" interface, create a new sync job.

      +
    2. +
    3. +

      If you are an administrator, select the username of the downstream mailcow mailbox in the "Username" dropdown.

      +
    4. +
    5. +

      Fill in the "Host" and "Port" fields with their respective correct values from the upstream IMAP server.

      +
    6. +
    7. +

      In the "Username" and "Password" fields, supply the correct access credentials from the upstream IMAP server.

      +
    8. +
    9. +

      Select the "Encryption Method". If the upstream IMAP server uses port 143, it is likely that the encryption method is TLS and SSL for port 993. Nevertheless, you can use PLAIN authentication, but it is stongly discouraged.

      +
    10. +
    11. +

      For all ther other fields, you can leave them as is or modify them as desired.

      +
    12. +
    13. +

      Make sure to tick "Active" and click "Add".

      +
    14. +
    +
    +

    Info

    +

    Once Completed, log into the mailbox and check if all emails are imported correctly. If all goes well, all your mails shall end up in your new mailbox. And don't forget to delete or deactivate the sync job after it is used.

    +
    + +
    +
    + + + Last update: + 2022-01-29 23:12:25 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/prerequisite-dns/index.html b/2.5/prerequisite-dns/index.html new file mode 100644 index 000000000..9a1317d65 --- /dev/null +++ b/2.5/prerequisite-dns/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/prerequisite-system/index.html b/2.5/prerequisite-system/index.html new file mode 100644 index 000000000..a1aa8f067 --- /dev/null +++ b/2.5/prerequisite-system/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/prerequisite/prerequisite-dns/index.html b/2.5/prerequisite/prerequisite-dns/index.html new file mode 100644 index 000000000..99f0d906c --- /dev/null +++ b/2.5/prerequisite/prerequisite-dns/index.html @@ -0,0 +1,2823 @@ + + + + + + + + + + + + + + + + + + DNS setup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    DNS setup

    + +

    Below you can find a list of recommended DNS records. While some are mandatory for a mail server (A, MX), others are recommended to build a good reputation score (TXT/SPF) or used for auto-configuration of mail clients (SRV).

    +

    References

    + +

    Reverse DNS of your IP address

    +

    Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1. This record is usually set at the provider you leased the IP address (server) from.

    +

    The minimal DNS configuration

    +

    This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly.

    +
    # Name              Type       Value
    +mail                IN A       1.2.3.4
    +autodiscover        IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +autoconfig          IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +@                   IN MX 10   mail.example.org. (your ${MAILCOW_HOSTNAME})
    +
    +

    Note: The mail DNS record which binds the subdomain to the given ip address must only be set for the domain on which mailcow is running and that is used to access the web interface. For every other mailcow managed domain, the MX record will route the traffic.

    +

    DKIM, SPF and DMARC

    +

    In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("~all"). Please refer to SPF Project for further reading.

    +
    # Name              Type       Value
    +@                   IN TXT     "v=spf1 mx a -all"
    +
    +

    It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading.

    +
    # Name              Type       Value
    +dkim._domainkey     IN TXT     "v=DKIM1; k=rsa; t=s; s=email; p=..."
    +
    +

    The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant (check).

    +
    # Name              Type       Value
    +_dmarc              IN TXT     "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
    +
    +

    The advanced DNS configuration

    +

    SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to RFC 2782.

    +
    # Name              Type       Priority Weight Port    Value
    +_autodiscover._tcp  IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_caldavs._tcp       IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_caldavs._tcp       IN TXT                              "path=/SOGo/dav/"
    +_carddavs._tcp      IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_carddavs._tcp      IN TXT                              "path=/SOGo/dav/"
    +_imap._tcp          IN SRV     0        1      143      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_imaps._tcp         IN SRV     0        1      993      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_pop3._tcp          IN SRV     0        1      110      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_pop3s._tcp         IN SRV     0        1      995      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_sieve._tcp         IN SRV     0        1      4190     mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_smtps._tcp         IN SRV     0        1      465      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +_submission._tcp    IN SRV     0        1      587      mail.example.org. (your ${MAILCOW_HOSTNAME})
    +
    +

    Testing

    +

    Here are some tools you can use to verify your DNS configuration:

    + +

    Misc

    +

    Optional DMARC Statistics

    +

    If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own.

    +
    +

    Tip

    +

    It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports.

    +
    +

    It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools available, but only a small few of the many choices.

    + +
    +

    Tip

    +

    These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.

    +
    +

    Email test for SPF, DKIM and DMARC:

    +

    To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following:

    +
    ==========================================================
    +Summary of Results
    +==========================================================
    +SPF check:          pass
    +"iprev" check:      pass
    +DKIM check:         pass
    +DKIM check:         pass
    +SpamAssassin check: ham
    +
    +==========================================================
    +Details:
    +==========================================================
    +....
    +
    +

    The full report will contain more technical details.

    +

    Fully Qualified Domain Name (FQDN)

    +
    +
    +
      +
    1. +

      A Fully Qualified Domain Name (FQDN) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname, the domain name, and the Top Level Domain (TLD for short). In the example of mx.mailcow.email the hostname would be mx, the domain name mailcow and the TLD email

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-05-20 17:31:36 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/prerequisite/prerequisite-system/index.html b/2.5/prerequisite/prerequisite-system/index.html new file mode 100644 index 000000000..014eae237 --- /dev/null +++ b/2.5/prerequisite/prerequisite-system/index.html @@ -0,0 +1,2976 @@ + + + + + + + + + + + + + + + + + + Prepare your system - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Prepare your system

    + +

    Before you run mailcow: dockerized, there are a few requirements that you should check:

    +
    +

    Warning

    +

    Do not try to install mailcow on a Synology/QNAP device (any NAS), OpenVZ, LXC or other container platforms. KVM, ESX, Hyper-V and other full virtualization platforms are supported.

    +
    +
    +

    Info

    +
      +
    • mailcow: dockerized requires some ports to be open for incoming connections, so make sure that your firewall is not blocking these.
    • +
    • Make sure that no other application is interfering with mailcow's configuration, such as another mail service
    • +
    • A correct DNS setup is crucial to every good mailserver setup, so please make sure you got at least the basics covered before you begin!
    • +
    • Make sure that your system has a correct date and time setup. This is crucial for various components like two factor TOTP authentication.
    • +
    +
    +

    Minimum System Resources

    +
    +

    Not supported

    +

    OpenVZ, Virtuozzo and LXC

    +
    +

    Please make sure that your system has at least the following resources:

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    Resourcemailcow: dockerized
    CPU1 GHz
    RAMMinimum 6 GiB + 1 GiB swap (default config)
    Disk20 GiB (without emails)
    System Typex86_64
    +

    ClamAV and Solr can be greedy with RAM. You may disable them in mailcow.conf by settings SKIP_CLAMD=y and SKIP_SOLR=y.

    +
    +

    Info

    +

    We are aware that a pure MTA can run on 128 MiB RAM. mailcow is a full-grown and ready-to-use groupware with many extras making life easier. mailcow comes with a webserver, webmailer, ActiveSync (MS), antivirus, antispam, indexing (Solr), document scanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, various web services etc.

    +
    +

    A single SOGo worker can acquire ~350 MiB RAM before it gets purged. The more ActiveSync connections you plan to use, the more RAM you will need. A default configuration spawns 20 workers.

    +

    RAM usage examples

    +

    A company with 15 phones (EAS enabled) and about 50 concurrent IMAP connections should plan 16 GiB RAM.

    +

    6 GiB RAM + 1 GiB swap are fine for most private installations while 8 GiB RAM are recommended for ~5 to 10 users.

    +

    We can help to correctly plan your setup as part of our support.

    +

    Supported OS

    +

    Basically, mailcow can be used on any distribution that is supported by Docker CE (see https://docs.docker.com/install/). +However, in some cases there may be incompatibilities between the operating systems and the mailcow components.

    +

    The following table contains all operating systems officially supported and tested by us (as of November 2022):

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    OSCompatibility
    Alpine 3.16 and older⚠️
    Centos 7
    Debian 10, 11
    Ubuntu 18.04, 20.04, 22.04
    Rocky Linux 9
    +
    +

    Legend

    ✅ = Works out of the box using the instructions.
    +⚠️ = Requires some manual adjustments otherwise usable.
    +❌ = In general NOT Compatible.
    +❔ = Pending.

    +

    +
    +

    Note: All other operating systems (not mentioned) may also work, but have not been officially tested.

    +

    Firewall & Ports

    +

    Please check if any of mailcow's standard ports are open and not in use by other applications:

    +
    ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +# or:
    +netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
    +
    +
    +

    Danger

    +

    There are several problems with running mailcow on a firewalld/ufw enabled system.
    +You should disable it (if possible) and move your ruleset to the DOCKER-USER chain, which is not cleared by a Docker service restart, instead.
    +See this (blog.donnex.net) or this (unrouted.io) guide for information about how to use iptables-persistent with the DOCKER-USER chain.
    +As mailcow runs dockerized, INPUT rules have no effect on restricting access to mailcow.
    +Use the FORWARD chain instead.

    +
    +

    If this command returns any results please remove or stop the application running on that port. You may also adjust mailcows ports via the mailcow.conf configuration file.

    +

    Default Ports

    +

    If you have a firewall in front of mailcow, please make sure that these ports are open for incoming connections:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ServiceProtocolPortContainerVariable
    Postfix SMTPTCP25postfix-mailcow${SMTP_PORT}
    Postfix SMTPSTCP465postfix-mailcow${SMTPS_PORT}
    Postfix SubmissionTCP587postfix-mailcow${SUBMISSION_PORT}
    Dovecot IMAPTCP143dovecot-mailcow${IMAP_PORT}
    Dovecot IMAPSTCP993dovecot-mailcow${IMAPS_PORT}
    Dovecot POP3TCP110dovecot-mailcow${POP_PORT}
    Dovecot POP3STCP995dovecot-mailcow${POPS_PORT}
    Dovecot ManageSieveTCP4190dovecot-mailcow${SIEVE_PORT}
    HTTP(S)TCP80/443nginx-mailcow${HTTP_PORT} / ${HTTPS_PORT}
    +

    To bind a service to an IP address, you can prepend the IP like this: SMTP_PORT=1.2.3.4:25

    +

    Important: You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use HTTP_PORT=1234 and HTTP_BIND=1.2.3.4 instead.

    +

    Important for Hetzner firewalls

    +

    Quoting https://github.com/chermsen via https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (THANK YOU!):

    +

    For all who are struggling with the Hetzner firewall:

    +

    Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. +Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied:

    +

    For TCP +

    SRC-IP:       ---
    +DST IP:       ---
    +SRC Port:    ---
    +DST Port:    1024-65535
    +Protocol:    tcp
    +TCP flags:   ack
    +Action:      Accept
    +

    +

    For UDP +

    SRC-IP:       ---
    +DST IP:       ---
    +SRC Port:    ---
    +DST Port:    1024-65535
    +Protocol:    udp
    +Action:      Accept
    +

    +

    If you want to apply a more restrictive port range you have to change the config of unbound first (after installation):

    +

    {mailcow-dockerized}/data/conf/unbound/unbound.conf: +

    outgoing-port-avoid: 0-32767
    +

    +

    Now the firewall rules can be adjusted as follows:

    +
    [...]
    +DST Port:  32768-65535
    +[...]
    +
    +

    Date and Time

    +

    To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status:

    +
    $ timedatectl status
    +      Local time: Sat 2017-05-06 02:12:33 CEST
    +  Universal time: Sat 2017-05-06 00:12:33 UTC
    +        RTC time: Sat 2017-05-06 00:12:32
    +       Time zone: Europe/Berlin (CEST, +0200)
    +     NTP enabled: yes
    +NTP synchronized: yes
    + RTC in local TZ: no
    +      DST active: yes
    + Last DST change: DST began at
    +                  Sun 2017-03-26 01:59:59 CET
    +                  Sun 2017-03-26 03:00:00 CEST
    + Next DST change: DST ends (the clock jumps one hour backwards) at
    +                  Sun 2017-10-29 02:59:59 CEST
    +                  Sun 2017-10-29 02:00:00 CET
    +
    +

    The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized.

    +

    To enable NTP you need to run the command timedatectl set-ntp true. You also need to edit your /etc/systemd/timesyncd.conf:

    +
    # vim /etc/systemd/timesyncd.conf
    +[Time]
    +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
    +
    +

    Hetzner Cloud (and probably others)

    +

    Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0:

    +
    # Wrong:
    +auto eth0:0
    +iface eth0:0 inet6 static
    +# Right:
    +auto eth0
    +iface eth0 inet6 static
    +
    +

    Reboot or restart the interface. +You may want to disable cloud-init network changes.

    +

    MTU

    +

    Especially relevant for OpenStack users: Check your MTU and set it accordingly in docker-compose.yml. See Troubleshooting in our Installation guide.

    + +
    +
    + + + Last update: + 2022-11-03 12:00:08 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/search/search_index.json b/2.5/search/search_index.json new file mode 100644 index 000000000..322c745fb --- /dev/null +++ b/2.5/search/search_index.json @@ -0,0 +1 @@ +{"config":{"indexing":"full","lang":["en","de"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"./","text":"\ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95 \u00b6 Help mailcow \u00b6 Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us . :) If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN . Get support \u00b6 There are two ways to achieve support for your mailcow installation. Commercial support \u00b6 For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN . For custom inquiries or questions please contact us at info@servercow.de instead. Furthermore we do also provide a fully featured and managed mailcow here . This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way. Community support and chat \u00b6 The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything. Our mailcow community @ community.mailcow.email Telegram (Support) @ t.me/mailcow . Telegram (Off-Topic) @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram desktop clients are available for multiple platforms . You can search the groups history for keywords. For bug tracking, feature requests and code contributions only: GitHub @ mailcow/mailcow-dockerized Demos \u00b6 Since September 2022 we\u00b4re providing two seperate Demo instances: demo.mailcow.email is the classic Demo based on the stable releases . nightly-demo.mailcow.email is the new nightly demo based on unreleased testing features. (So especially interesting for those who have no possibility to create a test instance themselves.) Use the following credentials to login on both demos: Administrator : admin / moohoo Domain-Administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo Success The demo instances get the latest updates directly after releases from GitHub. Fully automatic, without any downtime! Overview \u00b6 The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access: DKIM and ARC support Black- and whitelists per domain and per user Spam score management per-user (reject spam, mark spam, greylist) Allow mailbox users to create temporary spam aliases Prepend mail tags to subject or move mail to sub folder (per-user) Allow mailbox users to toggle incoming and outgoing TLS enforcement Allow users to reset SOGo ActiveSync device caches imapsync to migrate or pull remote mailboxes regularly TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP Add domains, mailboxes, aliases, domain aliases and SOGo resources Add whitelisted hosts to forward mail to mailcow Fail2ban-like integration Quarantine system Antivirus scanning incl. macro scanning in office documents Integrated basic monitoring A lot more... mailcow: dockerized comes with multiple containers linked in one bridged network. Each container represents a single application. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-like integration by @mkuron ) Nginx Oletools via Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound A Watchdog to provide basic monitoring Warning Mails are stored compressed and encrypted. The key pair can be found in crypt-vol-1. Be sure to backup this volume! Docker volumes to keep dynamic data - take care of them! clamd-db-vol-1 crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"Information & Support"},{"location":"./#_1","text":"","title":"\ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95"},{"location":"./#help-mailcow","text":"Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us . :) If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN .","title":"Help mailcow"},{"location":"./#get-support","text":"There are two ways to achieve support for your mailcow installation.","title":"Get support"},{"location":"./#commercial-support","text":"For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN . For custom inquiries or questions please contact us at info@servercow.de instead. Furthermore we do also provide a fully featured and managed mailcow here . This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way.","title":"Commercial support"},{"location":"./#community-support-and-chat","text":"The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything. Our mailcow community @ community.mailcow.email Telegram (Support) @ t.me/mailcow . Telegram (Off-Topic) @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram desktop clients are available for multiple platforms . You can search the groups history for keywords. For bug tracking, feature requests and code contributions only: GitHub @ mailcow/mailcow-dockerized","title":"Community support and chat"},{"location":"./#demos","text":"Since September 2022 we\u00b4re providing two seperate Demo instances: demo.mailcow.email is the classic Demo based on the stable releases . nightly-demo.mailcow.email is the new nightly demo based on unreleased testing features. (So especially interesting for those who have no possibility to create a test instance themselves.) Use the following credentials to login on both demos: Administrator : admin / moohoo Domain-Administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo Success The demo instances get the latest updates directly after releases from GitHub. Fully automatic, without any downtime!","title":"Demos"},{"location":"./#overview","text":"The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access: DKIM and ARC support Black- and whitelists per domain and per user Spam score management per-user (reject spam, mark spam, greylist) Allow mailbox users to create temporary spam aliases Prepend mail tags to subject or move mail to sub folder (per-user) Allow mailbox users to toggle incoming and outgoing TLS enforcement Allow users to reset SOGo ActiveSync device caches imapsync to migrate or pull remote mailboxes regularly TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP Add domains, mailboxes, aliases, domain aliases and SOGo resources Add whitelisted hosts to forward mail to mailcow Fail2ban-like integration Quarantine system Antivirus scanning incl. macro scanning in office documents Integrated basic monitoring A lot more... mailcow: dockerized comes with multiple containers linked in one bridged network. Each container represents a single application. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-like integration by @mkuron ) Nginx Oletools via Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound A Watchdog to provide basic monitoring Warning Mails are stored compressed and encrypted. The key pair can be found in crypt-vol-1. Be sure to backup this volume! Docker volumes to keep dynamic data - take care of them! clamd-db-vol-1 crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"Overview"},{"location":"backup_restore/b_n_r-accidental_deletion/","text":"So you deleted a mailbox and have no backups, he? If you noticed your mistake within a few hours, you can probably recover the users data. SOGo \u00b6 We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Run docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org Run sogo-tool without parameters to check for possible restore options. 3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo 4. Restart SOGo and Memcached: docker compose restart sogo-mailcow memcached-mailcow Mail \u00b6 In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf . A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage . The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized] , for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708. To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1 . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota: docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Recover accidentally deleted data"},{"location":"backup_restore/b_n_r-accidental_deletion/#sogo","text":"We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Run docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org Run sogo-tool without parameters to check for possible restore options. 3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo 4. Restart SOGo and Memcached: docker compose restart sogo-mailcow memcached-mailcow","title":"SOGo"},{"location":"backup_restore/b_n_r-accidental_deletion/#mail","text":"In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf . A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage . The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized] , for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708. To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1 . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota: docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Mail"},{"location":"backup_restore/b_n_r-backup/","text":"Backup \u00b6 Manual \u00b6 You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically. Please do not copy this script to another location. To run a backup, write \"backup\" as first parameter and either one or more components to backup as following parameters. You can also use \"all\" as second parameter to backup all components. Append --delete-days n to delete backups older than n days. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Backup all, delete backups older than 3 days ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # Backup vmail, crypt and mysql data, delete backups older than 30 days ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # Backup vmail ./helper-scripts/backup_and_restore.sh backup vmail Variables for backup/restore script \u00b6 Multithreading \u00b6 With the 2022-10 update it is possible to run the script with multithreading support. This can be used for backups as well as for restores. To start the backup/restore with multithreading you have to add THREADS as an environment variable in front of the command to execute the script. THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all The number after the = character indicates the number of threads. Please keep your core count -2 to leave enough CPU power for mailcow itself. Backup path \u00b6 The script will ask you for a backup location. Inside of this location it will create folders in the format \"mailcow_DATE\". You should not rename those folders to not break the restore process. To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Tip Both variables mentioned above can also be combined! Ex: MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Cronjob \u00b6 You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution). This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x : #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi Backup strategy with rsync and mailcow backup script \u00b6 Create the destination directory for mailcows helper script: mkdir -p /external_share/backups/backup_script Create cronjobs: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path On the destination (in this case /external_share/backups ) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions! To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker compose pull and docker compose up -d . If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!","title":"Backup"},{"location":"backup_restore/b_n_r-backup/#backup","text":"","title":"Backup"},{"location":"backup_restore/b_n_r-backup/#manual","text":"You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically. Please do not copy this script to another location. To run a backup, write \"backup\" as first parameter and either one or more components to backup as following parameters. You can also use \"all\" as second parameter to backup all components. Append --delete-days n to delete backups older than n days. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Backup all, delete backups older than 3 days ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # Backup vmail, crypt and mysql data, delete backups older than 30 days ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # Backup vmail ./helper-scripts/backup_and_restore.sh backup vmail","title":"Manual"},{"location":"backup_restore/b_n_r-backup/#variables-for-backuprestore-script","text":"","title":"Variables for backup/restore script"},{"location":"backup_restore/b_n_r-backup/#multithreading","text":"With the 2022-10 update it is possible to run the script with multithreading support. This can be used for backups as well as for restores. To start the backup/restore with multithreading you have to add THREADS as an environment variable in front of the command to execute the script. THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all The number after the = character indicates the number of threads. Please keep your core count -2 to leave enough CPU power for mailcow itself.","title":"Multithreading"},{"location":"backup_restore/b_n_r-backup/#backup-path","text":"The script will ask you for a backup location. Inside of this location it will create folders in the format \"mailcow_DATE\". You should not rename those folders to not break the restore process. To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Tip Both variables mentioned above can also be combined! Ex: MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all","title":"Backup path"},{"location":"backup_restore/b_n_r-backup/#cronjob","text":"You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution). This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x : #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi","title":"Cronjob"},{"location":"backup_restore/b_n_r-backup/#backup-strategy-with-rsync-and-mailcow-backup-script","text":"Create the destination directory for mailcows helper script: mkdir -p /external_share/backups/backup_script Create cronjobs: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path On the destination (in this case /external_share/backups ) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions! To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker compose pull and docker compose up -d . If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!","title":"Backup strategy with rsync and mailcow backup script"},{"location":"backup_restore/b_n_r-backup_restore-maildir/","text":"Backup \u00b6 This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: cd /path/to/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz Restore \u00b6 cd /path/to/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Maildir"},{"location":"backup_restore/b_n_r-backup_restore-maildir/#backup","text":"This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: cd /path/to/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz","title":"Backup"},{"location":"backup_restore/b_n_r-backup_restore-maildir/#restore","text":"cd /path/to/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Restore"},{"location":"backup_restore/b_n_r-backup_restore-mysql/","text":"Backup \u00b6 cd /path/to/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql Restore \u00b6 Warning You should redirect the SQL dump without docker compose to prevent parsing errors. cd /path/to/mailcow-dockerized source mailcow.conf docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"MySQL (mysqldump)"},{"location":"backup_restore/b_n_r-backup_restore-mysql/#backup","text":"cd /path/to/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql","title":"Backup"},{"location":"backup_restore/b_n_r-backup_restore-mysql/#restore","text":"Warning You should redirect the SQL dump without docker compose to prevent parsing errors. cd /path/to/mailcow-dockerized source mailcow.conf docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"Restore"},{"location":"backup_restore/b_n_r-coldstandby/","text":"Cold-standby backup \u00b6 mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime. This may also be used to transfer your mailcow to a new server. You should know \u00b6 The provided script will work on default installations. It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes. The script will use the same paths as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints. To find the paths of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in an override file. Local bind mounts may or may not work. The script uses rsync with the --delete flag. The destination will be an exact copy of the source. mariabackup is used to create a consistent copy of the SQL data directory. After rsync'ing the data we will run docker compose pull and remove old image tags from the destination. Your source will not be changed at any time. You may want to make sure to use the same /etc/docker/daemon.json on the remote target. You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run. Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that. Prepare \u00b6 You will need an SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended. In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh . Edit this file and change the exported variables: export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name The key must be owned and readable by root only. Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker compose v2 available. The script will detect errors automatically and exit. You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile . Backup and refresh the cold-standby \u00b6 Run the first backup, this may take a while depending on the connection: bash /opt/mailcow-dockerized/create_cold_standby.sh That was easy, wasn't it? Updating your cold-standby is just as easy: bash /opt/mailcow-dockerized/create_cold_standby.sh It's the same command. Automated backups with cron \u00b6 First make sure that the cron service is enabled and running: systemctl enable cron.service && systemctl start cron.service To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run: crontab -e Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log If saved correctly, the cron job should be shown by typing: crontab -l","title":"Cold-standby (rolling backup)"},{"location":"backup_restore/b_n_r-coldstandby/#cold-standby-backup","text":"mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime. This may also be used to transfer your mailcow to a new server.","title":"Cold-standby backup"},{"location":"backup_restore/b_n_r-coldstandby/#you-should-know","text":"The provided script will work on default installations. It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes. The script will use the same paths as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints. To find the paths of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in an override file. Local bind mounts may or may not work. The script uses rsync with the --delete flag. The destination will be an exact copy of the source. mariabackup is used to create a consistent copy of the SQL data directory. After rsync'ing the data we will run docker compose pull and remove old image tags from the destination. Your source will not be changed at any time. You may want to make sure to use the same /etc/docker/daemon.json on the remote target. You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run. Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that.","title":"You should know"},{"location":"backup_restore/b_n_r-coldstandby/#prepare","text":"You will need an SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended. In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh . Edit this file and change the exported variables: export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name The key must be owned and readable by root only. Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker compose v2 available. The script will detect errors automatically and exit. You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile .","title":"Prepare"},{"location":"backup_restore/b_n_r-coldstandby/#backup-and-refresh-the-cold-standby","text":"Run the first backup, this may take a while depending on the connection: bash /opt/mailcow-dockerized/create_cold_standby.sh That was easy, wasn't it? Updating your cold-standby is just as easy: bash /opt/mailcow-dockerized/create_cold_standby.sh It's the same command.","title":"Backup and refresh the cold-standby"},{"location":"backup_restore/b_n_r-coldstandby/#automated-backups-with-cron","text":"First make sure that the cron service is enabled and running: systemctl enable cron.service && systemctl start cron.service To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run: crontab -e Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log If saved correctly, the cron job should be shown by typing: crontab -l","title":"Automated backups with cron"},{"location":"backup_restore/b_n_r-restore/","text":"Restore \u00b6 Please do not copy this script to another location. To run a restore, start mailcow , use the script with \"restore\" as first parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore The script will ask you for a backup location containing the mailcow_DATE folders.","title":"Restore"},{"location":"backup_restore/b_n_r-restore/#restore","text":"Please do not copy this script to another location. To run a restore, start mailcow , use the script with \"restore\" as first parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore The script will ask you for a backup location containing the mailcow_DATE folders.","title":"Restore"},{"location":"client/client-android/","text":"Open the Email app. If this is your first email account, tap Add Account ; if not, tap More and Settings and then Add account . Select Microsoft Exchange ActiveSync . Enter your email address ( ) and password. Tap Sign in .","title":"Android"},{"location":"client/client-apple/","text":"Method 1 via Mobileconfig \u00b6 Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first. Method 1.1: IMAP, SMTP and Cal/CardDAV \u00b6 This method configures IMAP, CardDAV and CalDAV. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password three times when prompted. Method 1.2: IMAP, SMTP (no DAV) \u00b6 This method configures IMAP and SMTP only. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password when prompted. Method 2 (Exchange ActiveSync emulation) \u00b6 On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead. Open the Settings app, tap Mail , tap Accounts , tap Add Acccount , select Exchange . Enter your email address ( ) and tap Next . Enter your password, tap Next again. Finally, tap Save .","title":"Apple macOS / iOS"},{"location":"client/client-apple/#method-1-via-mobileconfig","text":"Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first.","title":"Method 1 via Mobileconfig"},{"location":"client/client-apple/#method-11-imap-smtp-and-calcarddav","text":"This method configures IMAP, CardDAV and CalDAV. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password three times when prompted.","title":"Method 1.1: IMAP, SMTP and Cal/CardDAV"},{"location":"client/client-apple/#method-12-imap-smtp-no-dav","text":"This method configures IMAP and SMTP only. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password when prompted.","title":"Method 1.2: IMAP, SMTP (no DAV)"},{"location":"client/client-apple/#method-2-exchange-activesync-emulation","text":"On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead. Open the Settings app, tap Mail , tap Accounts , tap Add Acccount , select Exchange . Enter your email address ( ) and tap Next . Enter your password, tap Next again. Finally, tap Save .","title":"Method 2 (Exchange ActiveSync emulation)"},{"location":"client/client-emclient/","text":"Launch eM Client. If this is the first time you launched eM Client, it asks you to set up your account. Proceed to step 4. Go to Menu at the top, select Tools and Accounts . Enter your email address ( ) and click Start Now . Enter your password and click Continue . Enter your name ( ) and click Next . Click Finish .","title":"eM Client"},{"location":"client/client-kontact/","text":"Launch Kontact. If this is the first time you launched Kontact or KMail, it asks you to set up your account. Proceed to step 4. Go to Mail in the sidebar. Go to the Tools menu and select Account Wizard . Enter your name ( ) , email address ( ) and your password. Click Next . Click Create Account . If prompted, re-enter your password and click OK . Close the window by clicking Finish . Go to Calendar in the sidebar. Go to the Settings menu and select Configure KOrganizer . Go to the Calendars tab and click the Add button. Choose DAV groupware resource and click OK . Enter your email address ( ) and your password. Click Next . Select ScalableOGo from the dropdown menu and click Next . Enter your mailcow hostname into the Host field and click Next . Click Test Connection and then Finish . Finally, click OK twice. Once you have set up Kontact, you can also use KMail, KOrganizer and KAddressBook individually.","title":"KDE Kontact"},{"location":"client/client-manual/","text":"These instructions are valid for unchanged port bindings only! Email \u00b6 Service Encryption Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Please use the \"plain\" password setting as the authentication mechanism. Contrary to what the name implies, the password will not be transferred to the server in plain text as no authentication is allowed to take place without TLS. Contacts and calendars \u00b6 SOGos default calendar (CalDAV) and contacts (CardDAV) URLs: CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.","title":"Manual configuration"},{"location":"client/client-manual/#email","text":"Service Encryption Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Please use the \"plain\" password setting as the authentication mechanism. Contrary to what the name implies, the password will not be transferred to the server in plain text as no authentication is allowed to take place without TLS.","title":"Email"},{"location":"client/client-manual/#contacts-and-calendars","text":"SOGos default calendar (CalDAV) and contacts (CardDAV) URLs: CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.","title":"Contacts and calendars"},{"location":"client/client-outlook/","text":"Outlook 2016 or higher from Office 365 on Windows \u00b6 This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Outlook 2016 has an issue with autodiscover . Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher. For EAS you must use the old assistant by launching C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE . If this application opens, you can go to step 4 of the guide for Outlook 2013 below. If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below. Outlook 2007 or 2010 on Windows \u00b6 Outlook 2007 or higher on Windows (Calender/Contacts via CalDav Synchronizer) \u00b6 Download and install Outlook CalDav Synchronizer . Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . Click Finish . Go to the CalDav Synchronizer ribbon and click Synchronization Profiles . Click the second button at top ( Add multiple profiles ), select Sogo , click Ok . Click the Get IMAP/POP3 account settings button. Click Discover resources and assign to Outlook folders . In the Select Resource window that pops up, select your main calendar (usually Personal Calendar ), click the ... button, assign it to Calendar , and click OK . Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists! Close all windows with the OK buttons. Outlook 2013 or higher on Windows (Active Sync - not recommended) \u00b6 This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . When prompted, enter your password again, check Remember my credentials and click OK . Click the Allow button. Click Finish . Outlook 2011 or higher on macOS \u00b6 The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.","title":"Microsoft Outlook"},{"location":"client/client-outlook/#outlook-2016-or-higher-from-office-365-on-windows","text":"This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Outlook 2016 has an issue with autodiscover . Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher. For EAS you must use the old assistant by launching C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE . If this application opens, you can go to step 4 of the guide for Outlook 2013 below. If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below.","title":"Outlook 2016 or higher from Office 365 on Windows"},{"location":"client/client-outlook/#outlook-2007-or-2010-on-windows","text":"","title":"Outlook 2007 or 2010 on Windows"},{"location":"client/client-outlook/#outlook-2007-or-higher-on-windows-calendercontacts-via-caldav-synchronizer","text":"Download and install Outlook CalDav Synchronizer . Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . Click Finish . Go to the CalDav Synchronizer ribbon and click Synchronization Profiles . Click the second button at top ( Add multiple profiles ), select Sogo , click Ok . Click the Get IMAP/POP3 account settings button. Click Discover resources and assign to Outlook folders . In the Select Resource window that pops up, select your main calendar (usually Personal Calendar ), click the ... button, assign it to Calendar , and click OK . Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists! Close all windows with the OK buttons.","title":"Outlook 2007 or higher on Windows (Calender/Contacts via CalDav Synchronizer)"},{"location":"client/client-outlook/#outlook-2013-or-higher-on-windows-active-sync-not-recommended","text":"This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . When prompted, enter your password again, check Remember my credentials and click OK . Click the Allow button. Click Finish .","title":"Outlook 2013 or higher on Windows (Active Sync - not recommended)"},{"location":"client/client-outlook/#outlook-2011-or-higher-on-macos","text":"The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.","title":"Outlook 2011 or higher on macOS"},{"location":"client/client-thunderbird/","text":"Launch Thunderbird. If this is the first time you launched Thunderbird, it asks you whether you would like a new email address. Click Skip this and use my existing email and proceed to step 4. Go to the File menu and select New , Existing Mail Account... . Enter your name ( ) , email address ( ) and your password. Make sure the Remember password checkbox is selected and click Continue . Once the configuration has been automatically detected, make sure IMAP is selected and click Done . To use your contacts from the server, click on the arrow next to \"Address Books\" and click the Connect button on each address book you would like to use. To use your calendars from the server, click on the arrow next to \"Calendars\" and click the Connect button on each calendar you would like to use. Click Finish to close the Account Setup window.","title":"Mozilla Thunderbird"},{"location":"client/client-windows/","text":"Windows 8 and higher support email, contacts and calendar via Exchange ActiveSync. Open the Mail app. If you have not previously used Mail, you can click Add Account in the main window. Proceed to step 4. Click Accounts in the sidebar on the left, then click Add Account on the far right. Select Exchange . Enter your email address ( ) and click Next . Enter your password and click Log in . Once you have set up the Mail app, you can also use the People and Calendar apps.","title":"Windows Mail"},{"location":"client/client/","text":"mailcow supports a variety of email clients, both on desktop computers and on smartphones. Below, you can find a number of configuration guides that explain how to configure your mailcow account. Tip If you access this page by logging into your mailcow server and clicking the \"Show configuration guides for email clients and smartphones\" link, all of the guides will be personalized with your email address and server name. Success Since you accessed this page after logging into your mailcow server, all of the guides have been personalized with your email address and server name. Android Apple iOS / macOS eM Client KDE Kontact / KMail Microsoft Outlook Mozilla Thunderbird Windows Mail Manual configuration","title":"Overview"},{"location":"i_u_m/i_u_m_deinstall/","text":"To remove mailcow: dockerized with all it's volumes, images and containers do: docker compose (Plugin) docker-compose (Standalone) docker compose down -v --rmi all --remove-orphans docker-compose down -v --rmi all --remove-orphans Info -v Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers. --rmi Remove images. Type must be one of: all : Remove all images used by any service. local : Remove only images that don't have a custom tag set by the image field. --remove-orphans Remove containers for services not defined in the compose file. By default docker compose down only removes currently active containers and networks defined in the docker-compose.yml .","title":"Deinstallation"},{"location":"i_u_m/i_u_m_install/","text":"Docker and Docker Compose Installation \u00b6 You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version >= 2.0 is required). Learn how to install Docker and Docker Compose . Quick installation for most operation systems: Docker \u00b6 curl -sSL https://get.docker.com/ | CHANNEL=stable sh # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7) systemctl enable --now docker docker compose \u00b6 Danger mailcow requires the latest version of docker compose v2. If Docker was installed using the script above, the Docker Compose plugin is already automatically installed in a version >=2.0. Is your mailcow installation older or Docker was installed in a different way, the Compose plugin or the standalone version of Docker must be installed manually. Installation via Paketmanager (plugin) \u00b6 Info This approach with the package sources is only possible if the Docker repository has been included. This can happen either through the instructions above (see Docker ) or through a manually integration. On Debian/Ubuntu systems: apt update apt install docker-compose-plugin On Centos 7 systems: yum update yum install docker-compose-plugin Danger The Docker Compose command syntax is docker compose for the plugin variant of Docker Compose!!! Installation via Script (standalone) \u00b6 Info This installation is the old familiar way. It installs Docker Compose as a standalone program and does not rely on the Docker installation way. LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Danger The Docker Compose command syntax is docker-compose for the standalone variant of Docker Compose!!! Please use the latest Docker engine available and do not use the engine that ships with your distros repository. Check SELinux specifics \u00b6 On SELinux enabled systems, e.g. CentOS 7: Check if \"container-selinux\" package is present on your system: rpm -qa | grep container-selinux If the above command returns an empty or no output, you should install it via your package manager. Check if docker has SELinux support enabled: docker info | grep selinux If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add \"selinux-enabled\": true . Example file content: { \"selinux-enabled\": true } Restart the docker daemon and verify SELinux is now enabled. This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic. Install mailcow \u00b6 Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical. $ su # umask 0022 # <- Verify it is 0022 # cd /opt # git clone https://github.com/mailcow/mailcow-dockerized # cd mailcow-dockerized Initialize mailcow \u00b6 Generate a configuration file. Use a FQDN ( host.domain.tld ) as hostname when asked. ./generate_config.sh Change configuration if you want or need to. nano mailcow.conf If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080. You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation. Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise. Troubleshooting \u00b6 Users with a MTU not equal to 1500 (e.g. OpenStack) \u00b6 Whenever you run into trouble and strange phenomena, please check your MTU. Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: networks: mailcow-network: ... driver_opts: com.docker.network.driver.mtu: 1450 ... Users without an IPv6 enabled network on their host system \u00b6 Please don't turn off IPv6, even if you don't like it. IPv6 is the future and should not be ignored. If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues. Start mailcow \u00b6 Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: docker compose (Plugin) docker-compose (Standalone) docker compose pull docker compose up -d docker-compose pull docker-compose up -d Done! You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo . Info If you are not using mailcow behind a reverse proxy, you should redirect all HTTP requests to HTTPS . The database will be initialized right after a connection to MySQL can be established. Your data will persist in multiple Docker volumes, that are not deleted when you recreate or delete containers. Run docker volume ls to see a list of all volumes. You can safely run docker compose down without removing persistent data.","title":"Installation"},{"location":"i_u_m/i_u_m_install/#docker-and-docker-compose-installation","text":"You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version >= 2.0 is required). Learn how to install Docker and Docker Compose . Quick installation for most operation systems:","title":"Docker and Docker Compose Installation"},{"location":"i_u_m/i_u_m_install/#docker","text":"curl -sSL https://get.docker.com/ | CHANNEL=stable sh # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7) systemctl enable --now docker","title":"Docker"},{"location":"i_u_m/i_u_m_install/#docker-compose","text":"Danger mailcow requires the latest version of docker compose v2. If Docker was installed using the script above, the Docker Compose plugin is already automatically installed in a version >=2.0. Is your mailcow installation older or Docker was installed in a different way, the Compose plugin or the standalone version of Docker must be installed manually.","title":"docker compose"},{"location":"i_u_m/i_u_m_install/#installation-via-paketmanager-plugin","text":"Info This approach with the package sources is only possible if the Docker repository has been included. This can happen either through the instructions above (see Docker ) or through a manually integration. On Debian/Ubuntu systems: apt update apt install docker-compose-plugin On Centos 7 systems: yum update yum install docker-compose-plugin Danger The Docker Compose command syntax is docker compose for the plugin variant of Docker Compose!!!","title":"Installation via Paketmanager (plugin)"},{"location":"i_u_m/i_u_m_install/#installation-via-script-standalone","text":"Info This installation is the old familiar way. It installs Docker Compose as a standalone program and does not rely on the Docker installation way. LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Danger The Docker Compose command syntax is docker-compose for the standalone variant of Docker Compose!!! Please use the latest Docker engine available and do not use the engine that ships with your distros repository.","title":"Installation via Script (standalone)"},{"location":"i_u_m/i_u_m_install/#check-selinux-specifics","text":"On SELinux enabled systems, e.g. CentOS 7: Check if \"container-selinux\" package is present on your system: rpm -qa | grep container-selinux If the above command returns an empty or no output, you should install it via your package manager. Check if docker has SELinux support enabled: docker info | grep selinux If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add \"selinux-enabled\": true . Example file content: { \"selinux-enabled\": true } Restart the docker daemon and verify SELinux is now enabled. This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.","title":"Check SELinux specifics"},{"location":"i_u_m/i_u_m_install/#install-mailcow","text":"Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical. $ su # umask 0022 # <- Verify it is 0022 # cd /opt # git clone https://github.com/mailcow/mailcow-dockerized # cd mailcow-dockerized","title":"Install mailcow"},{"location":"i_u_m/i_u_m_install/#initialize-mailcow","text":"Generate a configuration file. Use a FQDN ( host.domain.tld ) as hostname when asked. ./generate_config.sh Change configuration if you want or need to. nano mailcow.conf If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080. You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation. Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.","title":"Initialize mailcow"},{"location":"i_u_m/i_u_m_install/#troubleshooting","text":"","title":"Troubleshooting"},{"location":"i_u_m/i_u_m_install/#users-with-a-mtu-not-equal-to-1500-eg-openstack","text":"Whenever you run into trouble and strange phenomena, please check your MTU. Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: networks: mailcow-network: ... driver_opts: com.docker.network.driver.mtu: 1450 ...","title":"Users with a MTU not equal to 1500 (e.g. OpenStack)"},{"location":"i_u_m/i_u_m_install/#users-without-an-ipv6-enabled-network-on-their-host-system","text":"Please don't turn off IPv6, even if you don't like it. IPv6 is the future and should not be ignored. If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.","title":"Users without an IPv6 enabled network on their host system"},{"location":"i_u_m/i_u_m_install/#start-mailcow","text":"Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: docker compose (Plugin) docker-compose (Standalone) docker compose pull docker compose up -d docker-compose pull docker-compose up -d Done! You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo . Info If you are not using mailcow behind a reverse proxy, you should redirect all HTTP requests to HTTPS . The database will be initialized right after a connection to MySQL can be established. Your data will persist in multiple Docker volumes, that are not deleted when you recreate or delete containers. Run docker volume ls to see a list of all volumes. You can safely run docker compose down without removing persistent data.","title":"Start mailcow"},{"location":"i_u_m/i_u_m_migration/","text":"Warning This guide assumes you intend to migrate an existing mailcow server (source) over to a brand new, empty server (target). It takes no care about preserving any existing data on your target server and will erase anything within /var/lib/docker/volumes and thus any Docker volumes you may have already set up. Tip Alternatively, you can use the ./helper-scripts/backup_and_restore.sh script to create a full backup on the source machine, then install mailcow on the target machine as usual, copy over your mailcow.conf and use the same script to restore your backup to the target machine. 1. Follow the installation guide to install Docker and Compose. 2. Stop Docker and assure Docker has stopped: systemctl stop docker.service systemctl status docker.service 3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine : rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes 4. Shut down mailcow and stop Docker on the source machine. docker compose (Plugin) docker-compose (Standalone) cd /opt/mailcow-dockerized docker compose down systemctl stop docker.service cd /opt/mailcow-dockerized docker-compose down systemctl stop docker.service 5. Repeat step 3 with the same commands. This will be much quicker than the first time. 6. Switch over to the target machine and start Docker. systemctl start docker.service 7. Now pull the mailcow Docker images on the target machine. docker compose (Plugin) docker-compose (Standalone) cd /opt/mailcow-dockerized docker compose pull cd /opt/mailcow-dockerized docker-compose pull 8. Start the whole mailcow stack and everything should be done! docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker compose up -d 9. Finally, change your DNS settings to point to the target server.","title":"Migration"},{"location":"i_u_m/i_u_m_update/","text":"Automatic update \u00b6 An update script in your mailcow-dockerized directory will take care of updates. But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below. Run the update script: ./update.sh If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow-dockerized repository code). Options \u00b6 # Options can be combined # - Check for updates and show changes ./update.sh --check # - Do not start mailcow after applying an update ./update.sh --skip-start # - Skip ICMP Check to public DNS resolvers (Use it only if you\u00b4ve blocked any ICMP Connections to your mailcow machine) ./update.sh --skip-ping-check # - Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!! NOT READY FOR PRODUCTION!!! ./update.sh --nightly # - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly. ./update.sh --stable # - Force update (unattended, but unsupported, use at own risk) ./update.sh --force # - Run garbage collector to cleanup old image tags and exit ./update.sh --gc # - Update with merge strategy option \"ours\" instead of \"theirs\" # This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. ./update.sh --ours # - Don't update, but prefetch images and exit ./update.sh --prefetch I forgot what I changed before running update.sh \u00b6 See git log --pretty=oneline | grep -i \"before update\" , you will have an output similar to this: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed. Can I roll back? \u00b6 Yes. See the topic above, instead of a diff, you run checkout: docker compose (Plugin) docker-compose (Standalone) docker compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker compose pull docker compose up -d docker-compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d Hooks \u00b6 You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details. Update Cycle \u00b6 We schedule a monthly release cycle for a major update at the first tuesday of the month. The releases are numbered like this: YYYY-MM (e.g. 2022-05 ) Fixes for a main Update will be stated as \"Revisions\" like a,b,c (e.g. 2022-05a , 2022-05b etc.) Update variants \u00b6 stable (stable updates) : These updates are suitable for productive usage. They appear in a cycle of at least 1x per month. nightly (unstable updates) : These updates are NOT suitable for production use and are for testing only. The nightly updates are ahead of the stable updates, since in these updates we test newer and more extensive features before they go live for all users. NEW: Get Nightly Updates \u00b6 Info about the Nightly Updates \u00b6 Since the 2022-08 update there is the possibility to change the update sources. Until now, the master branch on GitHub served as the only (official) update source. With the August 2022 update, however, there is now the Nightly Branch which contains unstable and major changes for testing and feedback. The Nightly Branch always gets new updates when something is finished on the mailcow project that will be included in the new main version. Besides the obvious changes that will be included in the next major update anyway, it also contains exclusive features that need a longer testing time (e.g. the UI update to Bootstrap 5). How do I get Nightly Updates? \u00b6 The process is relatively simple. With the 2022-08 update (assuming an update to the version) it is possible to run update.sh with the parameter --nightly . Danger Please make a backup before or follow the Best Practice Nightly Update section before switching to mailcow nightly builds. We are not responsible for any data loss/corruption, so work with caution! The script will now change the branch with git checkout nightly , which means it will ask for the IPv6 settings again. But this is normal. If everything worked fine (for which we made a backup before) the mailcow UI should now show the current version number and date stamp in the lower right corner: Best Practice Nightly Update \u00b6 Info We recommend using the Nightly Update only if you have another machine or VM and NOT use it productively. use the cold standby script to copy the machine before the switch to the nightly builds on another system. run the update.sh script on the new machine with the parameter --nightly and confirm. experience/test the nightly updates on the secondary machine.","title":"Update"},{"location":"i_u_m/i_u_m_update/#automatic-update","text":"An update script in your mailcow-dockerized directory will take care of updates. But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below. Run the update script: ./update.sh If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow-dockerized repository code).","title":"Automatic update"},{"location":"i_u_m/i_u_m_update/#options","text":"# Options can be combined # - Check for updates and show changes ./update.sh --check # - Do not start mailcow after applying an update ./update.sh --skip-start # - Skip ICMP Check to public DNS resolvers (Use it only if you\u00b4ve blocked any ICMP Connections to your mailcow machine) ./update.sh --skip-ping-check # - Switch your mailcow updates to the unstable (nightly) branch. FOR TESTING PURPOSES ONLY!!!! NOT READY FOR PRODUCTION!!! ./update.sh --nightly # - Switch your mailcow updates to the stable (master) branch. Default unless you changed it with --nightly. ./update.sh --stable # - Force update (unattended, but unsupported, use at own risk) ./update.sh --force # - Run garbage collector to cleanup old image tags and exit ./update.sh --gc # - Update with merge strategy option \"ours\" instead of \"theirs\" # This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. ./update.sh --ours # - Don't update, but prefetch images and exit ./update.sh --prefetch","title":"Options"},{"location":"i_u_m/i_u_m_update/#i-forgot-what-i-changed-before-running-updatesh","text":"See git log --pretty=oneline | grep -i \"before update\" , you will have an output similar to this: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.","title":"I forgot what I changed before running update.sh"},{"location":"i_u_m/i_u_m_update/#can-i-roll-back","text":"Yes. See the topic above, instead of a diff, you run checkout: docker compose (Plugin) docker-compose (Standalone) docker compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker compose pull docker compose up -d docker-compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d","title":"Can I roll back?"},{"location":"i_u_m/i_u_m_update/#hooks","text":"You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.","title":"Hooks"},{"location":"i_u_m/i_u_m_update/#update-cycle","text":"We schedule a monthly release cycle for a major update at the first tuesday of the month. The releases are numbered like this: YYYY-MM (e.g. 2022-05 ) Fixes for a main Update will be stated as \"Revisions\" like a,b,c (e.g. 2022-05a , 2022-05b etc.)","title":"Update Cycle"},{"location":"i_u_m/i_u_m_update/#update-variants","text":"stable (stable updates) : These updates are suitable for productive usage. They appear in a cycle of at least 1x per month. nightly (unstable updates) : These updates are NOT suitable for production use and are for testing only. The nightly updates are ahead of the stable updates, since in these updates we test newer and more extensive features before they go live for all users.","title":"Update variants"},{"location":"i_u_m/i_u_m_update/#new-get-nightly-updates","text":"","title":"NEW: Get Nightly Updates"},{"location":"i_u_m/i_u_m_update/#info-about-the-nightly-updates","text":"Since the 2022-08 update there is the possibility to change the update sources. Until now, the master branch on GitHub served as the only (official) update source. With the August 2022 update, however, there is now the Nightly Branch which contains unstable and major changes for testing and feedback. The Nightly Branch always gets new updates when something is finished on the mailcow project that will be included in the new main version. Besides the obvious changes that will be included in the next major update anyway, it also contains exclusive features that need a longer testing time (e.g. the UI update to Bootstrap 5).","title":"Info about the Nightly Updates"},{"location":"i_u_m/i_u_m_update/#how-do-i-get-nightly-updates","text":"The process is relatively simple. With the 2022-08 update (assuming an update to the version) it is possible to run update.sh with the parameter --nightly . Danger Please make a backup before or follow the Best Practice Nightly Update section before switching to mailcow nightly builds. We are not responsible for any data loss/corruption, so work with caution! The script will now change the branch with git checkout nightly , which means it will ask for the IPv6 settings again. But this is normal. If everything worked fine (for which we made a backup before) the mailcow UI should now show the current version number and date stamp in the lower right corner:","title":"How do I get Nightly Updates?"},{"location":"i_u_m/i_u_m_update/#best-practice-nightly-update","text":"Info We recommend using the Nightly Update only if you have another machine or VM and NOT use it productively. use the cold standby script to copy the machine before the switch to the nightly builds on another system. run the update.sh script on the new machine with the parameter --nightly and confirm. experience/test the nightly updates on the secondary machine.","title":"Best Practice Nightly Update"},{"location":"manual-guides/u_e-80_to_443/","text":"Since February the 28th 2017 mailcow does come with port 80 and 443 enabled. Do not use the config below for reverse proxy setups , please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS. Open mailcow.conf and set HTTP_BIND= - if not already set. Create a new file data/conf/nginx/redirect.conf and add the following server config to the file: server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; if ( $request_uri ~* \"%0A|%0D\" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://$host$uri$is_args$args; } } In case you changed the HTTP_BIND parameter, recreate the container: docker compose up -d Otherwise restart Nginx: docker compose restart nginx-mailcow","title":"Redirect HTTP to HTTPS"},{"location":"manual-guides/u_e-autodiscover_config/","text":"You do not need to change or create this file, autodiscover works out of the box . This guide is only meant for customizations to the autodiscover or autoconfig process. Newer Outlook clients (especially those delivered with O365) will not autodiscover mail profiles. Keep in mind, that ActiveSync should NOT be used with a desktop client . Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array. Changes will be merged with \"$autodiscover_config\" in data/web/inc/vars.inc.php ): 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync 'useEASforOutlook' => 'yes', // Please don't use STARTTLS-enabled service ports in the \"port\" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the \"tlsport\" variable. 'imap' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), 'pop3' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('POPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), 'smtp' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), 'activesync' => array( 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), 'caldav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), 'carddav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), ); To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap' . Disable ActiveSync for Outlook desktop clients by setting \"useEASforOutlook\" to \"no\".","title":"Autodiscover / Autoconfig"},{"location":"manual-guides/u_e-reeanble-weak-protocols/","text":"On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION). Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all. How to re-enable weak protocols? Edit data/conf/postfix/extra.cf : submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 Edit data/conf/dovecot/extra.conf : ssl_min_protocol = TLSv1 Restart the affected services: docker compose restart postfix-mailcow dovecot-mailcow Hint: You can enable TLS 1.2 in Windows 7.","title":"Re-enable TLS 1.0 and TLS 1.1"},{"location":"manual-guides/u_e-update-hooks/","text":"It is possible to add pre- and post-update-hooks to the update.sh script that upgrades your whole mailcow installation. To do so, just add the corresponding bash script into your mailcow root directory: pre_update_hook.sh for commands that should run before the update post_update_hook.sh for commands that should run after the update is completed Keep in mind that pre_update_hook.sh runs every time you call update.sh and post_update_hook.sh will only run if the update was successful and the script doesn't have to be re-run. The scripts will be run by bash, an interpreter (e.g. #!/bin/bash ) as well as an execute permission flag (\"+x\") are not required.","title":"Run scripts before and after updates"},{"location":"manual-guides/u_e-why_unbound/","text":"For DNS blacklist lookups and DNSSEC. Most systems use either a public or a local caching DNS resolver. That's a very bad idea when it comes to filter spam using DNS-based black hole lists (DNSBL) or similar technics. Most if not all providers apply a rate limit based on the DNS resolver that is used to query their service. Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.","title":"Why unbound?"},{"location":"manual-guides/ClamAV/u_e-clamav-additional_dbs/","text":"Additional Databases for ClamAV \u00b6 Default ClamAV databases do not have great detection levels, but it can be enhanced with free or paid signature databases. List of known free databases | As of April 2022 \u00b6 SecurityInfo - free ClamAV DBs for testing purposes, required registration after which you can use them from 1 IP InterServer - free to use ClamAV DBs, but they do not fit well for email scanning Enable SecuriteInfo databases \u00b6 Sign up for a free account at https://www.securiteinfo.com/clients/customers/signup You will receive an email to activate your account and then a follow-up email with your login name Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account Click on the Setup tab You will need to get your_id from one of the download links, they are individual for every user Add to data/conf/clamav/freshclam.conf with replaced your_id part: DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf , increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size. Adjust data/conf/clamav/clamd.conf to align with next settings: DetectPUA yes ExcludePUA PUA.Win.Packer ExcludePUA PUA.Win.Trojan.Packed ExcludePUA PUA.Win.Trojan.Molebox ExcludePUA PUA.Win.Packer.Upx ExcludePUA PUA.Doc.Packed MaxScanSize 150M MaxFileSize 100M MaxRecursion 40 MaxEmbeddedPE 100M MaxHTMLNormalize 50M MaxScriptNormalize 50M MaxZipTypeRcg 50M Restart ClamAV container: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Please note: You can't use ExcludePUA and IncludePUA in clamd.conf simultaneously, so please comment any IncludePUA if you uncommented them before. List of databases provided in this example fit most use-cases, but SecuriteInfo also provides other databases. Please check SecuriteInfo FAQ for additional information. With the current DB set (including default DBs) ClamAV will consume about 1.3Gb of RAM on your server. If you modified message_size_limit in Postfix you need to adapt MaxSize settings in ClamAV as well. Enable InterServer databases \u00b6 Add to data/conf/clamav/freshclam.conf : DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb DatabaseCustomURL http://sigs.interserver.net/interservertopline.db DatabaseCustomURL http://sigs.interserver.net/shell.ldb DatabaseCustomURL http://sigs.interserver.net/whitelist.fp Restart ClamAV container: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow","title":"Additional Databases"},{"location":"manual-guides/ClamAV/u_e-clamav-additional_dbs/#additional-databases-for-clamav","text":"Default ClamAV databases do not have great detection levels, but it can be enhanced with free or paid signature databases.","title":"Additional Databases for ClamAV"},{"location":"manual-guides/ClamAV/u_e-clamav-additional_dbs/#list-of-known-free-databases-as-of-april-2022","text":"SecurityInfo - free ClamAV DBs for testing purposes, required registration after which you can use them from 1 IP InterServer - free to use ClamAV DBs, but they do not fit well for email scanning","title":"List of known free databases | As of April 2022"},{"location":"manual-guides/ClamAV/u_e-clamav-additional_dbs/#enable-securiteinfo-databases","text":"Sign up for a free account at https://www.securiteinfo.com/clients/customers/signup You will receive an email to activate your account and then a follow-up email with your login name Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account Click on the Setup tab You will need to get your_id from one of the download links, they are individual for every user Add to data/conf/clamav/freshclam.conf with replaced your_id part: DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf , increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size. Adjust data/conf/clamav/clamd.conf to align with next settings: DetectPUA yes ExcludePUA PUA.Win.Packer ExcludePUA PUA.Win.Trojan.Packed ExcludePUA PUA.Win.Trojan.Molebox ExcludePUA PUA.Win.Packer.Upx ExcludePUA PUA.Doc.Packed MaxScanSize 150M MaxFileSize 100M MaxRecursion 40 MaxEmbeddedPE 100M MaxHTMLNormalize 50M MaxScriptNormalize 50M MaxZipTypeRcg 50M Restart ClamAV container: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Please note: You can't use ExcludePUA and IncludePUA in clamd.conf simultaneously, so please comment any IncludePUA if you uncommented them before. List of databases provided in this example fit most use-cases, but SecuriteInfo also provides other databases. Please check SecuriteInfo FAQ for additional information. With the current DB set (including default DBs) ClamAV will consume about 1.3Gb of RAM on your server. If you modified message_size_limit in Postfix you need to adapt MaxSize settings in ClamAV as well.","title":"Enable SecuriteInfo databases"},{"location":"manual-guides/ClamAV/u_e-clamav-additional_dbs/#enable-interserver-databases","text":"Add to data/conf/clamav/freshclam.conf : DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb DatabaseCustomURL http://sigs.interserver.net/interservertopline.db DatabaseCustomURL http://sigs.interserver.net/shell.ldb DatabaseCustomURL http://sigs.interserver.net/whitelist.fp Restart ClamAV container: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow","title":"Enable InterServer databases"},{"location":"manual-guides/ClamAV/u_e-clamav-whitelist/","text":"Whitelist specific ClamAV signatures \u00b6 You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND ). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: docker compose (Plugin) docker-compose (Standalone) docker compose logs clamd-mailcow | grep \"FOUND\" docker-compose logs clamd-mailcow | grep \"FOUND\" This line confirms that such was identified: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Then restart the clamd-mailcow service container in the mailcow UI or using docker compose: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Cleanup cached ClamAV results in Redis: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit","title":"Whitelist"},{"location":"manual-guides/ClamAV/u_e-clamav-whitelist/#whitelist-specific-clamav-signatures","text":"You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND ). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: docker compose (Plugin) docker-compose (Standalone) docker compose logs clamd-mailcow | grep \"FOUND\" docker-compose logs clamd-mailcow | grep \"FOUND\" This line confirms that such was identified: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Then restart the clamd-mailcow service container in the mailcow UI or using docker compose: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Cleanup cached ClamAV results in Redis: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit","title":"Whitelist specific ClamAV signatures"},{"location":"manual-guides/Docker/u_e-docker-cust_dockerfiles/","text":"You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized ): cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml Customize data/Dockerfiles/$service and build the image locally: docker build data/Dockerfiles/$service -t mailcow/$service:$tag (without a personalized :$tag docker will use :latest automatically) Now the created image has to be activated in docker-compose.override.yml, e.g.: $service-mailcow: build: ./data/Dockerfiles/$service image: mailcow/$service:$tag Now auto-recreate modified containers: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Customize Dockerfiles"},{"location":"manual-guides/Dovecot/u_e-dovecot-any_acl/","text":"On August the 17th, we disabled the possibility to share with \"any\" or \"all authenticated users\" by default. This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf: ACL_ANYONE=allow Apply the changes by restarting the stack: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Enable \"any\" ACL settings"},{"location":"manual-guides/Dovecot/u_e-dovecot-catchall_vacation/","text":"The Dovecot parameter sieve_vacation_dont_check_recipient - which was by default set to yes in mailcow configurations pre 21st July 2021 - allows for vacation replies even when a mail is sent to non-existent mailboxes like a catch-all addresses. We decided to switch this parameter back to no and allow a user to specify which recipient address triggers a vacation reply. The triggering recipients can also be configured in SOGos autoresponder feature.","title":"Vacation replies for catchall addresses"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/","text":"If you want to delete old mails out of the .Junk or .Trash folders or maybe delete all read mails that are older than a certain amount of time you may use dovecot's tool doveadm man doveadm-expunge . The manual way \u00b6 That said, let's dive in: Delete a user's mails inside the junk folder that are read and older than 4 hours docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h Delete all user's mails in the junk folder that are older than 7 days docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore ). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance). docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info For possible time spans or search keys have a look at man doveadm-search-query Job scheduler \u00b6 via the host system cron \u00b6 If you want to automate such a task you can create a cron job on your host that calls a script like the one below: docker compose (Plugin) docker-compose (Standalone) #!/bin/bash # Path to mailcow-dockerized, for example: /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] #!/bin/bash # Path to mailcow-dockerized, for example: /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] To create a cron job you may execute crontab -e and insert something like the following to execute a script: # Execute everyday at 04:00 A.M. 0 4 * * * /path/to/your/expunge_mailboxes.sh via Docker job scheduler \u00b6 To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" The job controller just need access to the docker control socket to be able to emulate the behavior of \"exec\". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru . This docker-compose.override.yml deletes all mails older then 2 weeks from the \"Junk\" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug. In case you want to add more jobs, ensure you change the \"dovecot-expunge-trash\" part after \"ofelia.job-exec.\" to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia .","title":"Expunge a Users mails"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#the-manual-way","text":"That said, let's dive in: Delete a user's mails inside the junk folder that are read and older than 4 hours docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h Delete all user's mails in the junk folder that are older than 7 days docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore ). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance). docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info For possible time spans or search keys have a look at man doveadm-search-query","title":"The manual way"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#job-scheduler","text":"","title":"Job scheduler"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#via-the-host-system-cron","text":"If you want to automate such a task you can create a cron job on your host that calls a script like the one below: docker compose (Plugin) docker-compose (Standalone) #!/bin/bash # Path to mailcow-dockerized, for example: /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] #!/bin/bash # Path to mailcow-dockerized, for example: /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] To create a cron job you may execute crontab -e and insert something like the following to execute a script: # Execute everyday at 04:00 A.M. 0 4 * * * /path/to/your/expunge_mailboxes.sh","title":"via the host system cron"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#via-docker-job-scheduler","text":"To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" The job controller just need access to the docker control socket to be able to emulate the behavior of \"exec\". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru . This docker-compose.override.yml deletes all mails older then 2 weeks from the \"Junk\" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug. In case you want to add more jobs, ensure you change the \"dovecot-expunge-trash\" part after \"ofelia.job-exec.\" to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia .","title":"via Docker job scheduler"},{"location":"manual-guides/Dovecot/u_e-dovecot-extra_conf/","text":"Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here. Restart dovecot-mailcow to apply your changes: docker compose (Plugin) docker-compose (Standalone) docker compose restart dovecot-mailcow docker-compose restart dovecot-mailcow","title":"Customize/Expand dovecot.conf"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/","text":"FTS Solr \u00b6 Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot. Please be aware that applications like Solr may need maintenance from time to time. Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM. The default heap size (1024 M) is defined in mailcow.conf. Since we run in Docker and create our containers with the \"restart: always\" flag, a oom situation will at least only trigger a restart of the container. FTS related Dovecot commands \u00b6 docker compose (Plugin) docker-compose (Standalone) # single user docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker compose exec dovecot-mailcow doveadm fts rescan -A # single user docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any).\" This does not re-index a mailbox. It basically repairs a given index. If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit: docker compose (Plugin) docker-compose (Standalone) # single user docker compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker compose exec dovecot-mailcow doveadm index -A '*' # single user docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker-compose exec dovecot-mailcow doveadm index -A '*' This will take some time depending on your machine and Solr can run oom, monitor it! Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox. Delete mailbox data \u00b6 mailcow will purge index data of a user when deleting a mailbox.","title":"FTS (Solr)"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#fts-solr","text":"Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot. Please be aware that applications like Solr may need maintenance from time to time. Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM. The default heap size (1024 M) is defined in mailcow.conf. Since we run in Docker and create our containers with the \"restart: always\" flag, a oom situation will at least only trigger a restart of the container.","title":"FTS Solr"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#fts-related-dovecot-commands","text":"docker compose (Plugin) docker-compose (Standalone) # single user docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker compose exec dovecot-mailcow doveadm fts rescan -A # single user docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any).\" This does not re-index a mailbox. It basically repairs a given index. If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit: docker compose (Plugin) docker-compose (Standalone) # single user docker compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker compose exec dovecot-mailcow doveadm index -A '*' # single user docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker-compose exec dovecot-mailcow doveadm index -A '*' This will take some time depending on your machine and Solr can run oom, monitor it! Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.","title":"FTS related Dovecot commands"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#delete-mailbox-data","text":"mailcow will purge index data of a user when deleting a mailbox.","title":"Delete mailbox data"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/","text":"Changing the IMAP IDLE interval \u00b6 What is the IDLE interval? \u00b6 Per default, Dovecot sends a \"I'm still here\" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval , which defaults to 2 minutes. A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain. Edit the value \u00b6 Change configuration \u00b6 Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type: imap_idle_notify_interval = 5 mins 29 minutes is the maximum value allowed by the corresponding RFC . Warning This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior. Reload Dovecot \u00b6 Now reload Dovecot: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot reload docker-compose exec dovecot-mailcow dovecot reload Info You can check the value of this setting with docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" If you didn't change it, it should be at 2m. If you did change it, you should see your new value.","title":"IMAP IDLE interval"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#changing-the-imap-idle-interval","text":"","title":"Changing the IMAP IDLE interval"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#what-is-the-idle-interval","text":"Per default, Dovecot sends a \"I'm still here\" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval , which defaults to 2 minutes. A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain.","title":"What is the IDLE interval?"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#edit-the-value","text":"","title":"Edit the value"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#change-configuration","text":"Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type: imap_idle_notify_interval = 5 mins 29 minutes is the maximum value allowed by the corresponding RFC . Warning This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior.","title":"Change configuration"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#reload-dovecot","text":"Now reload Dovecot: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot reload docker-compose exec dovecot-mailcow dovecot reload Info You can check the value of this setting with docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" If you didn't change it, it should be at 2m. If you did change it, you should see your new value.","title":"Reload Dovecot"},{"location":"manual-guides/Dovecot/u_e-dovecot-mail-crypt/","text":"Warning Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1. If you want to decode/encode existing maildir files, you can use the following script at your own risk: Enter Dovecot by running the following command in the mailcow-dockerized location: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow /bin/bash docker-compose exec dovecot-mailcow /bin/bash # Decrypt /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") == \"CRYPTED\" ]]; then doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" > \"/tmp/$(basename \"$file\")\" if [[ -s \"/tmp/$(basename \"$file\")\" ]]; then chmod 600 \"/tmp/$(basename \"$file\")\" chown 5000:5000 \"/tmp/$(basename \"$file\")\" mv \"/tmp/$(basename \"$file\")\" \"$file\" else rm \"/tmp/$(basename \"$file\")\" fi fi done # Encrypt /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") != \"CRYPTED\" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" \"$file\" chmod 600 \"$file\" chown 5000:5000 \"$file\" fi done","title":"Mail crypt"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/","text":"Here is just an unsorted list of useful doveadm commands that could be useful. doveadm quota \u00b6 The quota get and quota recalc 1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes . To list the current quota status for a user / mailbox, do: doveadm quota get -u 'mailbox@example.org' To list the quota storage value for all users, do: doveadm quota get -A |grep \"STORAGE\" Recalculate a single user's quota usage: doveadm quota recalc -u 'mailbox@example.org' doveadm search \u00b6 The doveadm search 2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs. To view the number of messages, by user, in their .Trash folder: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Show all messages in a user's inbox older then 90 days: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Show all messages in any folder that are older then 30 days for mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"More Examples with DOVEADM"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/#doveadm-quota","text":"The quota get and quota recalc 1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes . To list the current quota status for a user / mailbox, do: doveadm quota get -u 'mailbox@example.org' To list the quota storage value for all users, do: doveadm quota get -A |grep \"STORAGE\" Recalculate a single user's quota usage: doveadm quota recalc -u 'mailbox@example.org'","title":"doveadm quota"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/#doveadm-search","text":"The doveadm search 2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs. To view the number of messages, by user, in their .Trash folder: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Show all messages in a user's inbox older then 90 days: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Show all messages in any folder that are older then 30 days for mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"doveadm search"},{"location":"manual-guides/Dovecot/u_e-dovecot-public_folder/","text":"Create a new public namespace \"Public\" and a mailbox \"Develcow\" inside that namespace: Edit or create data/conf/dovecot/extra.conf , add: namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes mailbox \"Develcow\" { auto = subscribe } } :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted. The new mailbox in the public namespace will be auto-subscribed by users. To allow all authenticated users access full to that new mailbox (not the whole namespace), run: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm acl set -A \"Public/Develcow\" \"authenticated\" lookup read write write-seen write-deleted insert post delete expunge create docker-compose exec dovecot-mailcow doveadm acl set -A \"Public/Develcow\" \"authenticated\" lookup read write write-seen write-deleted insert post delete expunge create Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example). Allow authenticated users access to the whole public namespace \u00b6 To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory: Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content: authenticated kxeilprwts kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create . You can use doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to \"lr\" and grant only some users full access. See Dovecot ACL for further information about ACL.","title":"Public folders"},{"location":"manual-guides/Dovecot/u_e-dovecot-public_folder/#allow-authenticated-users-access-to-the-whole-public-namespace","text":"To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory: Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content: authenticated kxeilprwts kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create . You can use doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to \"lr\" and grant only some users full access. See Dovecot ACL for further information about ACL.","title":"Allow authenticated users access to the whole public namespace"},{"location":"manual-guides/Dovecot/u_e-dovecot-static_master/","text":"Random master usernames and passwords are automatically created on every restart of dovecot-mailcow. That's recommended and should not be changed. If you need the user to be static anyway, please specify two variables in mailcow.conf . Both parameters must not be empty! DOVECOT_MASTER_USER=mymasteruser DOVECOT_MASTER_PASS=mysecretpass Run the command below to apply your changes: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local . To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above. A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described here No master user is required.","title":"Static master user"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/","text":"The \"new\" way \u00b6 Warning Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed). An easy, dirty, yet stable workaround is to stop mailcow, remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Start mailcow afterwards. The \"old\" way \u00b6 If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind Moving an existing vmail folder: \u00b6 Locate the current vmail folder by its \"Mountpoint\" attribute: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail ) using cp -a , rsync -a or a similar non strcuture breaking copy command Stop mailcow by executing docker compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized ) Create the file docker-compose.override.yml , edit the device path accordingly Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1 Start mailcow by executing docker compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized )","title":"Move Maildir (vmail)"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#the-new-way","text":"Warning Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed). An easy, dirty, yet stable workaround is to stop mailcow, remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Start mailcow afterwards.","title":"The \"new\" way"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#the-old-way","text":"If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind","title":"The \"old\" way"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#moving-an-existing-vmail-folder","text":"Locate the current vmail folder by its \"Mountpoint\" attribute: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail ) using cp -a , rsync -a or a similar non strcuture breaking copy command Stop mailcow by executing docker compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized ) Create the file docker-compose.override.yml , edit the device path accordingly Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1 Start mailcow by executing docker compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized )","title":"Moving an existing vmail folder:"},{"location":"manual-guides/Nginx/u_e-nginx_custom/","text":"SSL \u00b6 Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration. Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root. New site \u00b6 To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/ : A good template to begin with: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } } New site with proxy to a remote location \u00b6 Another example with a reverse proxy configuration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } } Config expansion in mailcows Nginx \u00b6 The filename used for a new site is not important, as long as the filename carries a .conf extension. It is also possible to extend the configuration of the default file site.conf file: nano data/conf/nginx/site.my_content.custom This filename does not need to have a \".conf\" extension but follows the pattern site.*.custom , where * is a custom name. If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf . Restart Nginx (and PHP-FPM, if a new listener was created): docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker compose restart php-fpm-mailcow docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Custom sites"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#ssl","text":"Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration. Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root.","title":"SSL"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#new-site","text":"To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/ : A good template to begin with: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } }","title":"New site"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#new-site-with-proxy-to-a-remote-location","text":"Another example with a reverse proxy configuration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } }","title":"New site with proxy to a remote location"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#config-expansion-in-mailcows-nginx","text":"The filename used for a new site is not important, as long as the filename carries a .conf extension. It is also possible to extend the configuration of the default file site.conf file: nano data/conf/nginx/site.my_content.custom This filename does not need to have a \".conf\" extension but follows the pattern site.*.custom , where * is a custom name. If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf . Restart Nginx (and PHP-FPM, if a new listener was created): docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker compose restart php-fpm-mailcow docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Config expansion in mailcows Nginx"},{"location":"manual-guides/Nginx/u_e-nginx_webmail-site/","text":"IMPORTANT : This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But : The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key. To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of \"CHANGE_TO_MAILCOW_HOSTNAME\"! nano data/conf/nginx/webmail.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name webmail.example.org; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } } Save and restart Nginx: docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker-compose restart nginx-mailcow Now open mailcow.conf and find ADDITIONAL_SAN . Add webmail.example.org to this array, don't use quotes! ADDITIONAL_SAN=webmail.example.org Run the command to apply the changes: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d See \"acme-mailcow\" and \"nginx-mailcow\" logs if anything fails.","title":"Create subdomain webmail.example.org"},{"location":"manual-guides/Postfix/u_e-postfix-attachment_size/","text":"Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value. Restart Postfix: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow","title":"Max. message size (attachment size)"},{"location":"manual-guides/Postfix/u_e-postfix-custom_transport/","text":"For transport maps other than those to be configured in mailcow UI, please use data/conf/postfix/custom_transport.pcre to prevent existing maps or settings from being overwritten by updates. In most cases using this file is not necessary. Please make sure mailcow UI is not able to route your desired traffic properly before using that file. The file needs valid PCRE content and can break Postfix, if configured incorrectly.","title":"Custom transport maps"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/","text":"New guide \u00b6 Edit a mailbox and select \"Allow to send as *\". For historical reasons we kept the old and deprecated guide below: Deprecated guide (DO NOT USE ON NEWER MAILCOWS!) \u00b6 This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do. Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. user-to-allow-everything@example.com OK Open data/conf/postfix/main.cf and find smtpd_sender_restrictions . Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Run postmap on check_sasl_access: docker compose (Plugin) docker-compose (Standalone) docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Restart the Postfix container.","title":"Disable Sender Addresses Verification"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/#new-guide","text":"Edit a mailbox and select \"Allow to send as *\". For historical reasons we kept the old and deprecated guide below:","title":"New guide"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/#deprecated-guide-do-not-use-on-newer-mailcows","text":"This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do. Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. user-to-allow-everything@example.com OK Open data/conf/postfix/main.cf and find smtpd_sender_restrictions . Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Run postmap on check_sasl_access: docker compose (Plugin) docker-compose (Standalone) docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Restart the Postfix container.","title":"Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)"},{"location":"manual-guides/Postfix/u_e-postfix-extra_cf/","text":"Please create a new file data/conf/postfix/extra.cf for overrides or additional content to main.cf . Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended. Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used. Restart postfix-mailcow to apply your changes: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow","title":"Customize/Expand main.cf"},{"location":"manual-guides/Postfix/u_e-postfix-pflogsumm/","text":"To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm: docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm The above log output is limited to the last 24 hours. It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content: SHELL=/bin/bash 59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s \"Postfix Report of $(date)\" postmaster@example.net To work, a local postfix must be installed on the server, which relays to the mailcow postfix. More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost . Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.","title":"Statistics with pflogsumm"},{"location":"manual-guides/Postfix/u_e-postfix-postscreen_whitelist/","text":"IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr . Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups. The format of the file is as follows: CIDR ACTION Where CIDR is a single IP address or IP range in CIDR notation, and action is either \"permit\" or \"reject\". Example: # Rules are evaluated in the order as specified. # Blacklist 192.168.* except 192.168.0.1. 192.168.0.1 permit 192.168.0.0/16 reject The file is reloaded on the fly, postfix restart is not required.","title":"Whitelist IP in Postscreen"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/","text":"As of September 12, 2018 you can setup relayhosts as admin by using the mailcow UI. This is useful if you want to relay outgoing emails for a specific domain to a third-party spam filter or a service like Mailgun or Sendgrid. This is also known as a smarthost . Add a new relayhost \u00b6 Go to the Routing tab of the Configuration and Details section of the admin UI. Here you will see a list of relayhosts currently setup. Scroll to the Add sender-dependent transport section. Under Host , add the host you want to relay to. Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org If the relay host requires a username and password to authenticate, enter them in the respective fields. Keep in mind the credentials will be stored in plain text. Test a relayhost \u00b6 To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test. You will then see the results of the SMTP transmission. If all went well, you should see SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines. If not, review the error provided and resolve it. Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system. Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc This way you can check that the relay worked by checking the destination mailbox. Set the relayhost for a domain \u00b6 Go to the Domains tab of the Mail setup section of the admin UI. Edit the desired domain. Select the newly added host on the Sender-dependent transports dropdown and save changes. Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.","title":"Relayhosts"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#add-a-new-relayhost","text":"Go to the Routing tab of the Configuration and Details section of the admin UI. Here you will see a list of relayhosts currently setup. Scroll to the Add sender-dependent transport section. Under Host , add the host you want to relay to. Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org If the relay host requires a username and password to authenticate, enter them in the respective fields. Keep in mind the credentials will be stored in plain text.","title":"Add a new relayhost"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#test-a-relayhost","text":"To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test. You will then see the results of the SMTP transmission. If all went well, you should see SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines. If not, review the error provided and resolve it. Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system. Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc This way you can check that the relay worked by checking the destination mailbox.","title":"Test a relayhost"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#set-the-relayhost-for-a-domain","text":"Go to the Domains tab of the Mail setup section of the admin UI. Edit the desired domain. Select the newly added host on the Sender-dependent transports dropdown and save changes. Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.","title":"Set the relayhost for a domain"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/","text":"By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction. By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured. If you decide to set mynetworks , Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually! Unauthenticated relaying \u00b6 Warning Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved. IPv4 hosts/subnets \u00b6 To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 Run docker compose restart postfix-mailcow to apply your new settings. IPv6 hosts/subnets \u00b6 Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended. To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 Run docker compose restart postfix-mailcow to apply your new settings. Info More information about mynetworks can be found in the Postfix documentation .","title":"Add trusted networks"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#unauthenticated-relaying","text":"Warning Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.","title":"Unauthenticated relaying"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#ipv4-hostssubnets","text":"To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 Run docker compose restart postfix-mailcow to apply your new settings.","title":"IPv4 hosts/subnets"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#ipv6-hostssubnets","text":"Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended. To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 Run docker compose restart postfix-mailcow to apply your new settings. Info More information about mynetworks can be found in the Postfix documentation .","title":"IPv6 hosts/subnets"},{"location":"manual-guides/Redis/u_e-redis/","text":"Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it. Client \u00b6 To connect to the redis cli execute: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli Debugging \u00b6 Here are some useful commands for the redis-cli for debugging: MONITOR \u00b6 Listens for all requests received by the server in real time: docker compose (Plugin) docker-compose (Standalone) #docker compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] #docker-compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] KEYS \u00b6 Get all keys matching your pattern: KEYS * PING \u00b6 Test a connection: 127.0.0.1:6379> PING PONG If you want to know more, here is a cheat sheet .","title":"Redis"},{"location":"manual-guides/Redis/u_e-redis/#client","text":"To connect to the redis cli execute: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli","title":"Client"},{"location":"manual-guides/Redis/u_e-redis/#debugging","text":"Here are some useful commands for the redis-cli for debugging:","title":"Debugging"},{"location":"manual-guides/Redis/u_e-redis/#monitor","text":"Listens for all requests received by the server in real time: docker compose (Plugin) docker-compose (Standalone) #docker compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] #docker-compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ]","title":"MONITOR"},{"location":"manual-guides/Redis/u_e-redis/#keys","text":"Get all keys matching your pattern: KEYS *","title":"KEYS"},{"location":"manual-guides/Redis/u_e-redis/#ping","text":"Test a connection: 127.0.0.1:6379> PING PONG If you want to know more, here is a cheat sheet .","title":"PING"},{"location":"manual-guides/Rspamd/u_e-rspamd/","text":"Rspamd is used for AV handling, DKIM signing and SPAM handling. It's a powerful and fast filter system. For a more in-depth documentation on Rspamd please visit its own documentation . Learn Spam & Ham \u00b6 Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. This is achieved by using the Sieve plugin \"sieve_imapsieve\" and parser scripts. Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning ). We configured the plugin to keep a sane ratio between spam and ham learns. The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM . Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam. You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd. Learn Spam or Ham from existing directory \u00b6 You can use a one-liner to learn mail in plain-text (uncompressed) format: docker compose (Plugin) docker-compose (Standalone) # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example: for file in /data/old_mail/.Junk/cur/* ; do rspamc learn_spam < zcat $file ; done Reset learned data (Bayes, Neural) \u00b6 You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: Backup database # It is better to stop Redis before you copy the file. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Reset Bayes data docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Reset Neural data docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Reset Fuzzy data docker compose (Plugin) docker-compose (Standalone) # We need to enter the redis-cli first: docker compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* # We need to enter the redis-cli first: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info If redis-cli complains about... (error) ERR wrong number of arguments for 'del' command ...the key pattern was not found and thus no data is available to delete - it is fine. CLI tools \u00b6 docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamc --help docker compose exec rspamd-mailcow rspamadm --help docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help Disable Greylisting \u00b6 Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting. You can disable greylisting server-wide by editing: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf Add the line: enabled = false ; Save the file and restart \"rspamd-mailcow\": docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Spam filter thresholds (global) \u00b6 Each user is able to change their spam rating individually . To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Save the file and restart \"rspamd-mailcow\": docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Existing settings of users will not be overwritten! To reset custom defined thresholds, run: docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: # docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" Custom reject messages \u00b6 The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content: reject_message = \"My custom reject message\"; Save the file and restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: Find prefilet reject symbol for which you want change message, to do it run: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ Add your custom message as new line: GLOBAL_RCPT_BL { type = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Sending mail to this recipient is prohibited by postmaster@your.domain\"; } Save the file and restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Discard instead of reject \u00b6 If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content: discard_on_reject = true; Restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Wipe all ratelimit keys \u00b6 If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink docker-compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink Restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Trigger a resend of quarantine notifications \u00b6 Should be used for debugging only! docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py docker-compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py Increase history retention \u00b6 By default Rspamd keeps 1000 elements in the history. The history is stored compressed. It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it: Edit data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # change this value Restart Rspamd afterwards: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Rspamd"},{"location":"manual-guides/Rspamd/u_e-rspamd/#learn-spam-ham","text":"Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. This is achieved by using the Sieve plugin \"sieve_imapsieve\" and parser scripts. Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning ). We configured the plugin to keep a sane ratio between spam and ham learns. The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM . Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam. You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.","title":"Learn Spam & Ham"},{"location":"manual-guides/Rspamd/u_e-rspamd/#learn-spam-or-ham-from-existing-directory","text":"You can use a one-liner to learn mail in plain-text (uncompressed) format: docker compose (Plugin) docker-compose (Standalone) # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example: for file in /data/old_mail/.Junk/cur/* ; do rspamc learn_spam < zcat $file ; done","title":"Learn Spam or Ham from existing directory"},{"location":"manual-guides/Rspamd/u_e-rspamd/#reset-learned-data-bayes-neural","text":"You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: Backup database # It is better to stop Redis before you copy the file. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Reset Bayes data docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Reset Neural data docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Reset Fuzzy data docker compose (Plugin) docker-compose (Standalone) # We need to enter the redis-cli first: docker compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* # We need to enter the redis-cli first: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info If redis-cli complains about... (error) ERR wrong number of arguments for 'del' command ...the key pattern was not found and thus no data is available to delete - it is fine.","title":"Reset learned data (Bayes, Neural)"},{"location":"manual-guides/Rspamd/u_e-rspamd/#cli-tools","text":"docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamc --help docker compose exec rspamd-mailcow rspamadm --help docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help","title":"CLI tools"},{"location":"manual-guides/Rspamd/u_e-rspamd/#disable-greylisting","text":"Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting. You can disable greylisting server-wide by editing: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf Add the line: enabled = false ; Save the file and restart \"rspamd-mailcow\": docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Disable Greylisting"},{"location":"manual-guides/Rspamd/u_e-rspamd/#spam-filter-thresholds-global","text":"Each user is able to change their spam rating individually . To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Save the file and restart \"rspamd-mailcow\": docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Existing settings of users will not be overwritten! To reset custom defined thresholds, run: docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: # docker compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\"","title":"Spam filter thresholds (global)"},{"location":"manual-guides/Rspamd/u_e-rspamd/#custom-reject-messages","text":"The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content: reject_message = \"My custom reject message\"; Save the file and restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: Find prefilet reject symbol for which you want change message, to do it run: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ Add your custom message as new line: GLOBAL_RCPT_BL { type = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Sending mail to this recipient is prohibited by postmaster@your.domain\"; } Save the file and restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Custom reject messages"},{"location":"manual-guides/Rspamd/u_e-rspamd/#discard-instead-of-reject","text":"If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content: discard_on_reject = true; Restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Discard instead of reject"},{"location":"manual-guides/Rspamd/u_e-rspamd/#wipe-all-ratelimit-keys","text":"If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink docker-compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink Restart Rspamd: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Wipe all ratelimit keys"},{"location":"manual-guides/Rspamd/u_e-rspamd/#trigger-a-resend-of-quarantine-notifications","text":"Should be used for debugging only! docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py docker-compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py","title":"Trigger a resend of quarantine notifications"},{"location":"manual-guides/Rspamd/u_e-rspamd/#increase-history-retention","text":"By default Rspamd keeps 1000 elements in the history. The history is stored compressed. It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it: Edit data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # change this value Restart Rspamd afterwards: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Increase history retention"},{"location":"manual-guides/SOGo/u_e-sogo/","text":"SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its own documentation . Apply custom SOGo theme \u00b6 mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js . Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works. You can use the provided custom-theme.js as an example starting point by removing the comments. After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES; restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow . open SOGo in browser open browser developer console, usually shortcut is F12 only if you use Firefox: write by hands in dev console allow pasting and press enter paste java script snipet in dev console: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textContent) .join('\\n') ) open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it copy CSS file to mailcow server data/conf/sogo/custom-theme.css edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO; append/create docker-compose.override.yml with: version: '2.1' services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker compose up -d run docker compose restart memcached-mailcow Reset to SOGo default theme \u00b6 checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js find in data/conf/sogo/custom-theme.js : // Apply new palettes to the default theme, remap some of the hues $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // background color of top toolbars 'hue-1': '400', 'hue-2': '600', // background color of sidebar toolbar 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // background color of fab buttons and login screen 'hue-1': '300', // background color of center list toolbar 'hue-2': '300', // highlight color for selected mail and current day calendar 'hue-3': 'A700' }) .backgroundPalette('frost-grey'); and replace it with: $mdThemingProvider.theme('default'); remove from docker-compose.override.yml volume mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker compose up -d run docker compose restart memcached-mailcow Change favicon \u00b6 mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. Note : You can use .png favicons for SOGo by renaming them to custom-favicon.ico . For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow . Change logo \u00b6 mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg . After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow . Connect domains \u00b6 Domains are usually isolated from eachother. You can change that by modifying data/conf/sogo/sogo.conf : Search... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...and replace it by - for example: SOGoDomainsVisibility = ( (example.org, example.com, example.net) ); Restart SOGo: docker compose restart sogo-mailcow Disable password changing \u00b6 Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO . Please do not add a new parameter. Run docker compose restart memcached-mailcow sogo-mailcow to activate the changes. Reset TOTP / Disable TOTP \u00b6 Run docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' from within the mailcow directory.","title":"SOGo"},{"location":"manual-guides/SOGo/u_e-sogo/#apply-custom-sogo-theme","text":"mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js . Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works. You can use the provided custom-theme.js as an example starting point by removing the comments. After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES; restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow . open SOGo in browser open browser developer console, usually shortcut is F12 only if you use Firefox: write by hands in dev console allow pasting and press enter paste java script snipet in dev console: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textContent) .join('\\n') ) open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it copy CSS file to mailcow server data/conf/sogo/custom-theme.css edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO; append/create docker-compose.override.yml with: version: '2.1' services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker compose up -d run docker compose restart memcached-mailcow","title":"Apply custom SOGo theme"},{"location":"manual-guides/SOGo/u_e-sogo/#reset-to-sogo-default-theme","text":"checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js find in data/conf/sogo/custom-theme.js : // Apply new palettes to the default theme, remap some of the hues $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // background color of top toolbars 'hue-1': '400', 'hue-2': '600', // background color of sidebar toolbar 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // background color of fab buttons and login screen 'hue-1': '300', // background color of center list toolbar 'hue-2': '300', // highlight color for selected mail and current day calendar 'hue-3': 'A700' }) .backgroundPalette('frost-grey'); and replace it with: $mdThemingProvider.theme('default'); remove from docker-compose.override.yml volume mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker compose up -d run docker compose restart memcached-mailcow","title":"Reset to SOGo default theme"},{"location":"manual-guides/SOGo/u_e-sogo/#change-favicon","text":"mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. Note : You can use .png favicons for SOGo by renaming them to custom-favicon.ico . For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow .","title":"Change favicon"},{"location":"manual-guides/SOGo/u_e-sogo/#change-logo","text":"mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg . After you replaced said file you need to restart SOGo and Memcached containers by executing docker compose restart memcached-mailcow sogo-mailcow .","title":"Change logo"},{"location":"manual-guides/SOGo/u_e-sogo/#connect-domains","text":"Domains are usually isolated from eachother. You can change that by modifying data/conf/sogo/sogo.conf : Search... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...and replace it by - for example: SOGoDomainsVisibility = ( (example.org, example.com, example.net) ); Restart SOGo: docker compose restart sogo-mailcow","title":"Connect domains"},{"location":"manual-guides/SOGo/u_e-sogo/#disable-password-changing","text":"Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO . Please do not add a new parameter. Run docker compose restart memcached-mailcow sogo-mailcow to activate the changes.","title":"Disable password changing"},{"location":"manual-guides/SOGo/u_e-sogo/#reset-totp-disable-totp","text":"Run docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' from within the mailcow directory.","title":"Reset TOTP / Disable TOTP"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/","text":"If you want or have to use an external DNS service, you can either set a forwarder in Unbound or copy an override file to define external DNS servers: Warning Please do not use a public resolver like we did in the example above. Many - if not all - blacklist lookups will fail with public resolvers, because blacklist server has limits on how much requests can be done from one IP and public resolvers usually reach this limits. Important : Only DNSSEC validating DNS services will work. Method A, Unbound \u00b6 Edit data/conf/unbound/unbound.conf and append the following parameters: forward-zone: name: \".\" forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE Restart Unbound: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow Method B, Override file \u00b6 cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Edit docker-compose.override.yml and adjust the IP. Afterwards stop and start the Docker Stack again: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"Using an external DNS service"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/#method-a-unbound","text":"Edit data/conf/unbound/unbound.conf and append the following parameters: forward-zone: name: \".\" forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE Restart Unbound: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow","title":"Method A, Unbound"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/#method-b-override-file","text":"cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Edit docker-compose.override.yml and adjust the IP. Afterwards stop and start the Docker Stack again: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"Method B, Override file"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/","text":"Watchdog uses default values for all thresholds defined in docker-compose.yml . The default values will work for most setups. Example: - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5} - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5} - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5} - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5} - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1} - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3} - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8} - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15} - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12} - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20} - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5} - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1} - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1} - ACME_THRESHOLD=${ACME_THRESHOLD:-1} - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5} - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5} - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20} - MAILQ_CRIT=${MAILQ_CRIT:-30} To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10 ) to mailcow.conf and run docker compose up -d . Thresholds descriptions \u00b6 NGINX_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached. UNBOUND_THRESHOLD \u00b6 Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached. REDIS_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached. MYSQL_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached. MYSQL_REPLICATION_THRESHOLD \u00b6 Notifies administrators if the MySQL replication fails. SOGO_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached. POSTFIX_THRESHOLD \u00b6 Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached. CLAMD_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached. DOVECOT_THRESHOLD \u00b6 Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached. DOVECOT_REPL_THRESHOLD \u00b6 Notifies administrators if the Dovecot replication fails. PHPFPM_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached. RATELIMIT_THRESHOLD \u00b6 Notifies administrators if a ratelimit got hit. FAIL2BAN_THRESHOLD \u00b6 Notifies administrators if a fail2ban banned an IP. ACME_THRESHOLD \u00b6 Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs. RSPAMD_THRESHOLD \u00b6 Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached. OLEFY_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached. MAILQ_CRIT and MAILQ_THRESHOLD \u00b6 Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60\u00b130) seconds.","title":"Thresholds"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#thresholds-descriptions","text":"","title":"Thresholds descriptions"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#nginx_threshold","text":"Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"NGINX_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#unbound_threshold","text":"Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached.","title":"UNBOUND_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#redis_threshold","text":"Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"REDIS_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_threshold","text":"Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached.","title":"MYSQL_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_replication_threshold","text":"Notifies administrators if the MySQL replication fails.","title":"MYSQL_REPLICATION_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#sogo_threshold","text":"Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"SOGO_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#postfix_threshold","text":"Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"POSTFIX_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#clamd_threshold","text":"Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached.","title":"CLAMD_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_threshold","text":"Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached.","title":"DOVECOT_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_repl_threshold","text":"Notifies administrators if the Dovecot replication fails.","title":"DOVECOT_REPL_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#phpfpm_threshold","text":"Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"PHPFPM_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#ratelimit_threshold","text":"Notifies administrators if a ratelimit got hit.","title":"RATELIMIT_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#fail2ban_threshold","text":"Notifies administrators if a fail2ban banned an IP.","title":"FAIL2BAN_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#acme_threshold","text":"Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs.","title":"ACME_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#rspamd_threshold","text":"Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached.","title":"RSPAMD_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#olefy_threshold","text":"Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"OLEFY_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mailq_crit-and-mailq_threshold","text":"Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60\u00b130) seconds.","title":"MAILQ_CRIT and MAILQ_THRESHOLD"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/","text":"To add or edit an entry to your domain-wide filter table, log in to your mailcow UI as (domain) administrator and go to: Configuration > Email Setup > Domains > Edit Domain > Spam Filter . Info Be aware that a user can override this setting by setting their own blacklist and whitelist! There is also a global filter table in Configuration > Configuration & Details > Global filter maps to configure a server wide filter for multiple regex maps (todo: screenshots).","title":"Blacklist / Whitelist"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-config/","text":"Several configuration parameters of the mailcow UI can be changed by creating a file data/web/inc/vars.local.inc.php which overrides defaults settings found in data/web/inc/vars.inc.php . The local configuration file is persistent over updates of mailcow. Try not to change values inside data/web/inc/vars.inc.php , but use them as template for the local override. mailcow UI configuration parameters can be used to... ...change the default language 1 ...change the default bootstrap theme ...set a password complexity regex ...enable DKIM private key visibility ...set a pagination trigger size ...set default mailbox attributes ...change session lifetimes ...create fixed app menus (which cannot be changed in mailcow UI) ...set a default \"To\" field for relayhost tests ...set a timeout for Docker API requests ...toggle IP anonymization To change SOGos default language, you will need to edit data/conf/sogo/sogo.conf and replace \"English\" by your preferred language. \u21a9","title":"Configuration"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-css/","text":"For custom overrides of specific elements via CSS, use data/web/css/build/0081-custom-mailcow.css . The file is excluded from tracking and persists over updates.","title":"CSS overrides"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/","text":"How is UV handled in mailcow? \u00b6 The UV flag (as in \"user verification\") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey). Login and key processing \u00b6 mailcow uses client-side key processing . We ask the authenticator (i.e. YubiKey) to save the registration in its memory. A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the \"key login\" via mailcow UI login. When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory. Who can use WebAuthn to login to mailcow? \u00b6 As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2. You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication","title":"WebAuthn / FIDO2"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#how-is-uv-handled-in-mailcow","text":"The UV flag (as in \"user verification\") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).","title":"How is UV handled in mailcow?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#login-and-key-processing","text":"mailcow uses client-side key processing . We ask the authenticator (i.e. YubiKey) to save the registration in its memory. A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the \"key login\" via mailcow UI login. When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.","title":"Login and key processing"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#who-can-use-webauthn-to-login-to-mailcow","text":"As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2. You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication","title":"Who can use WebAuthn to login to mailcow?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/","text":"Change Netfilter Ban Settings \u00b6 To change the Netfilter settings in general please navigate to: Configuration -> Configuration & Details -> Configuration -> Fail2ban parameters . You should now see a familar interface: Here you can set several options regarding the bans itself. For example the max. Ban time or the max. attempts before a ban is executed. Change Netfilter Regex \u00b6 Danger The following area requires at least basic regex knowledge. If you are not sure what you are doing there, we can only advise you not to attempt a reconfiguration. In addition to the ban settings, you can also define what exactly should be used from the mailcow container logs to ban a possible attacker. To do this, you must first expand the regex field, which will look something like this: There you can now create various new filter rules. Info As updates progress, it is possible that new Netfilter regex rules will be added or removed. If this is the case, it is recommended to reset the Netfilter regex rules by clicking on Reset to default .","title":"Netfilter"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/#change-netfilter-ban-settings","text":"To change the Netfilter settings in general please navigate to: Configuration -> Configuration & Details -> Configuration -> Fail2ban parameters . You should now see a familar interface: Here you can set several options regarding the bans itself. For example the max. Ban time or the max. attempts before a ban is executed.","title":"Change Netfilter Ban Settings"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/#change-netfilter-regex","text":"Danger The following area requires at least basic regex knowledge. If you are not sure what you are doing there, we can only advise you not to attempt a reconfiguration. In addition to the ban settings, you can also define what exactly should be used from the mailcow container logs to ban a possible attacker. To do this, you must first expand the regex field, which will look something like this: There you can now create various new filter rules. Info As updates progress, it is possible that new Netfilter regex rules will be added or removed. If this is the case, it is recommended to reset the Netfilter regex rules by clicking on Reset to default .","title":"Change Netfilter Regex"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/","text":"Info Pushover makes it easy to get real-time notifications on your Android, iPhone, iPad, and Desktop You can use Pushover to get a push notification on every mail you receive for each mailbox where you enabled this feature. 1. As admin open your mailbox' settings and scroll down to the Pushover settings 2. Register yourself on Pushover 3. Put your 'User Key' in the 'User/Group Key' field in your mailbox settings 4. Create an Applications to get the API Token/Key which you also need to put in your mailbox settings 5. Optional you can edit the notification title/text and define certain sender email addresses where a push notification is triggered 6. Save everything and then you can verify your credentials If everything is done you can test sending a mail and you will receive a push message on your phone","title":"Pushover"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/","text":"These temporary email aliases are mostly used for places where we need to provide an email address but don't want future correspondence with. They are also called spam alias. To create, delete or extend a temporary email aliases you need to login to mailcow's UI as a mailbox user and navigate to the tab Temporary email aliases :","title":"Temporary email aliases"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/","text":"A mailbox user may adjust the spam filter and black- / whitelist settings for his mailbox individually by navigating to the Spam filter tab in the users mailcow UI. Info For global adjustments on your spam filter please check our section on Rspamd . For a domain wide black- and whitelist please check our guide on Black / Whitelist","title":"Spamfilter"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/","text":"Mailbox users can tag their mail address like in me+facebook@example.org . They can control the tag handling in the users mailcow UI panel under Mailbox > Settings . sub-addressing (RFC 5233) or plus addressing also known as tagging (do not mix with Tags ) Available Actions \u00b6 1. Move this message to a sub folder \"facebook\" (will be created lower case if not existing) 2. Prepend the tag to the subject: \"[facebook] Subject\" Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Sub-addressing"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/#available-actions","text":"1. Move this message to a sub folder \"facebook\" (will be created lower case if not existing) 2. Prepend the tag to the subject: \"[facebook] Subject\" Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Available Actions"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tags/","text":"Info You need the mailcow Version 2022-05 at least for this feature. If you don\u00b4t have the Version installed please consider a update. For more informations about a mailcow update please take a look at the Update section here in the docs. What are Tags designed for? \u00b6 With the Tags you can easily sort your Domains and Mailboxes by the tags instead of their name. Where are the Tags located? \u00b6 The Tags are located in the Domain/Mailbox section of the mailcow UI. To view them simply click on the small plus symbol on the left of your Domain/Mailbox (following picture is showing the domain ribbon menu): How can i add/remove a Tag? \u00b6 You can simply add/remove a Tag during the creation of a new Domain/Mailbox. You also can add/remove them if you edit your desired Domain/Mailbox. It looks similar to this (following picture showing the domain edit section): How can i search for a tag? \u00b6 Simply type the Tag Name in the search bar in the Domain/Mailbox Section and wait for it to complete. You can even specify if you want to search for tags only.","title":"Tags (for Domains and Mailboxes)"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#what-are-tags-designed-for","text":"With the Tags you can easily sort your Domains and Mailboxes by the tags instead of their name.","title":"What are Tags designed for?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#where-are-the-tags-located","text":"The Tags are located in the Domain/Mailbox section of the mailcow UI. To view them simply click on the small plus symbol on the left of your Domain/Mailbox (following picture is showing the domain ribbon menu):","title":"Where are the Tags located?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#how-can-i-addremove-a-tag","text":"You can simply add/remove a Tag during the creation of a new Domain/Mailbox. You also can add/remove them if you edit your desired Domain/Mailbox. It looks similar to this (following picture showing the domain edit section):","title":"How can i add/remove a Tag?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#how-can-i-search-for-a-tag","text":"Simply type the Tag Name in the search bar in the Domain/Mailbox Section and wait for it to complete. You can even specify if you want to search for tags only.","title":"How can i search for a tag?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/","text":"So far three methods for Two-Factor Authentication are implemented: WebAuthn (replacing U2F since February 2022), Yubi OTP, and TOTP For WebAuthn to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key. Both WebAuthn and Yubi OTP work well with the fantastic Yubikey . While Yubi OTP needs an active internet connection and an API ID + key, WebAuthn will work with any Fido Security Key out of the box, but can only be used when mailcow is accessed over HTTPS. WebAuthn and Yubi OTP support multiple keys per user. As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like \"Google Authenticator\" after initially scanning a QR code or entering the given secret manually. As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in. The key used to login will be displayed in green, while other keys remain grey. Information on how to remove 2FA can be found here . Yubi OTP \u00b6 The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret. Example setup \u00b6 First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here In the following you configure the YubiKey for OTP. Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next . Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish . Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment. After the generation was successful, you will be shown a Client ID and a Secret key , make a note of this information in a safe place. Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication . In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button. Congratulations! You can now log in to the mailcow UI using your YubiKey! WebAuthn (U2F, replacement) \u00b6 Warning Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn. The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh To use WebAuthn, the browser must support this standard. The following desktop browsers support this authentication type: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) The following mobile browsers support this authentication type: Safari on iOS (>=14.5) Android Browser (>=97) Opera Mobile (>=64) Chrome for Android (>=97) Sources: caniuse.com , blog.mozilla.org WebAuthn works without an internet connection. What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn? \u00b6 Warning With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol. Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator. But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore. Disable unofficial supported Fido Security Keys \u00b6 With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.). This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment. To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker compose up -d . The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates . Example: \u00b6 If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates . After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices. That\u00b4s for every vendor the same, so choose what you like (if you want to). Use own certificates for WebAuthn \u00b6 If you have a valid certificate from the vendor of your key you can also add it to your mailcow! Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow. Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually. Is it dangerous to keep the Vendor Check disabled? \u00b6 No, it isn\u00b4t! These vendor certificates are only used to verify original hardware, not to secure the registration process. As you can read in these articles, the deactivation is not software security related: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 In the end, however, it is of course your decision to leave this check disabled or enabled. TOTP \u00b6 The best known TFA method mostly used with a smartphone. To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list. Now a modal will open in which you have to type in a name for your 2FA \"device\" (example: John Deer\u00b4s Smartphone) and the password of the affected Admin account (you are currently logged in with). You have two seperate methods to register TOTP to your account: 1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. 2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can\u00b4t scan a QR Code). After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.","title":"Two-Factor Authentication"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#yubi-otp","text":"The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.","title":"Yubi OTP"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#example-setup","text":"First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here In the following you configure the YubiKey for OTP. Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next . Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish . Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment. After the generation was successful, you will be shown a Client ID and a Secret key , make a note of this information in a safe place. Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication . In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button. Congratulations! You can now log in to the mailcow UI using your YubiKey!","title":"Example setup"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#webauthn-u2f-replacement","text":"Warning Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn. The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh To use WebAuthn, the browser must support this standard. The following desktop browsers support this authentication type: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) The following mobile browsers support this authentication type: Safari on iOS (>=14.5) Android Browser (>=97) Opera Mobile (>=64) Chrome for Android (>=97) Sources: caniuse.com , blog.mozilla.org WebAuthn works without an internet connection.","title":"WebAuthn (U2F, replacement)"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#what-will-happen-to-my-registered-fido-security-key-after-the-update-from-u2f-to-webauthn","text":"Warning With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol. Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator. But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore.","title":"What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#disable-unofficial-supported-fido-security-keys","text":"With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.). This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment. To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker compose up -d . The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates .","title":"Disable unofficial supported Fido Security Keys"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#example","text":"If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates . After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices. That\u00b4s for every vendor the same, so choose what you like (if you want to).","title":"Example:"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#use-own-certificates-for-webauthn","text":"If you have a valid certificate from the vendor of your key you can also add it to your mailcow! Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow. Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.","title":"Use own certificates for WebAuthn"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#is-it-dangerous-to-keep-the-vendor-check-disabled","text":"No, it isn\u00b4t! These vendor certificates are only used to verify original hardware, not to secure the registration process. As you can read in these articles, the deactivation is not software security related: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 In the end, however, it is of course your decision to leave this check disabled or enabled.","title":"Is it dangerous to keep the Vendor Check disabled?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#totp","text":"The best known TFA method mostly used with a smartphone. To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list. Now a modal will open in which you have to type in a name for your 2FA \"device\" (example: John Deer\u00b4s Smartphone) and the password of the affected Admin account (you are currently logged in with). You have two seperate methods to register TOTP to your account: 1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. 2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can\u00b4t scan a QR Code). After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.","title":"TOTP"},{"location":"models/model-acl/","text":"Editing a domain administrator or a mailbox user allows to set restrictions to that account. Important : For overlapping modules like sync jobs, which both domain administrators and mailbox users can be granted access to, the domain administrators permissions are inherited, when logging in as mailbox user. Some examples: 1. A domain administror has not access to sync jobs but can login as mailbox user When logging in as mailbox user, he does not gain access to sync jobs, even if the given mailbox user has access when logging in directly 2. A domain administror has access to sync jobs and can login as mailbox user The mailbox user he tries to login as has not access to sync jobs The domain administrator, now logged in as mailbox user, inherits its permission to the mailbox user and can access sync jobs 3. A domain administrator logs in as mailbox user Every permission, that does not exist in a domain administrators ACL, is automatically granted (example: time-limited alias, TLS policy etc.)","title":"ACL"},{"location":"models/model-passwd/","text":"Fully supported hashing methods \u00b6 The most current mailcow fully supports the following hashing methods. The default hashing method is written in bold: BLF-CRYPT SSHA SSHA256 SSHA512 The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value. Read-only hashing methods \u00b6 The following methods are supported read only . If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot. ARGON2I (SOGo compatible) ARGON2ID (SOGo compatible) CLEAR CLEARTEXT CRYPT (SOGo compatible) DES-CRYPT LDAP-MD5 (SOGo compatible) MD5 (SOGo compatible) MD5-CRYPT (SOGo compatible) PBKDF2 (SOGo compatible) PLAIN (SOGo compatible) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo compatible) SHA1 (SOGo compatible) SHA256 (SOGo compatible) SHA256-CRYPT (SOGo compatible) SHA512 (SOGo compatible) SHA512-CRYPT (SOGo compatible) SMD5 (SOGo compatible) That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database. The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords. I changed the password hashes in the \"mailbox\" SQL table and cannot login. A \"view\" needs to be updated. You can trigger this by restarting sogo-mailcow: docker compose (Plugin) docker-compose (Standalone) docker compose restart sogo-mailcow docker-compose restart sogo-mailcow","title":"Password hashing"},{"location":"models/model-passwd/#fully-supported-hashing-methods","text":"The most current mailcow fully supports the following hashing methods. The default hashing method is written in bold: BLF-CRYPT SSHA SSHA256 SSHA512 The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value.","title":"Fully supported hashing methods"},{"location":"models/model-passwd/#read-only-hashing-methods","text":"The following methods are supported read only . If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot. ARGON2I (SOGo compatible) ARGON2ID (SOGo compatible) CLEAR CLEARTEXT CRYPT (SOGo compatible) DES-CRYPT LDAP-MD5 (SOGo compatible) MD5 (SOGo compatible) MD5-CRYPT (SOGo compatible) PBKDF2 (SOGo compatible) PLAIN (SOGo compatible) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo compatible) SHA1 (SOGo compatible) SHA256 (SOGo compatible) SHA256-CRYPT (SOGo compatible) SHA512 (SOGo compatible) SHA512-CRYPT (SOGo compatible) SMD5 (SOGo compatible) That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database. The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords. I changed the password hashes in the \"mailbox\" SQL table and cannot login. A \"view\" needs to be updated. You can trigger this by restarting sogo-mailcow: docker compose (Plugin) docker-compose (Standalone) docker compose restart sogo-mailcow docker-compose restart sogo-mailcow","title":"Read-only hashing methods"},{"location":"models/model-sender_rcv/","text":"When a mailbox is created, a user is allowed to send mail from and receive mail for his own mailbox address. Mailbox me@example.org is created. example.org is a primary domain. Note: a mailbox cannot be created in an alias domain. me@example.org is only known as me@example.org. me@example.org is allowed to send as me@example.org. We can add an alias domain for example.org: Alias domain alias.com is added and assigned to primary domain example.org. me@example.org is now known as me@example.org and me@alias.com. me@example.org is now allowed to send as me@example.org and me@alias.com. We can add aliases for a mailbox to receive mail for and to send from this new address. It is important to know, that you are not able to receive mail for my-alias@my-alias-domain.tld . You would need to create this particular alias. me@example.org is assigned the alias alias@example.org me@example.org is now known as me@example.org, me@alias.com, alias@example.org me@example.org is NOT known as alias@alias.com. Please note that this does not apply to catch-all aliases: Alias domain alias.com is added and assigned to primary domain example.org me@example.org is assigned the catch-all alias @example.org me@example.org is still just known as me@example.org, which is the only available send-as option Any email send to alias.com will match the catch-all alias for example.org Administrators and domain administrators can edit mailboxes to allow specific users to send as other mailbox users (\"delegate\" them). You can choose between mailbox users or completely disable the sender check for domains. SOGo \"mail from\" addresses \u00b6 Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains. If you want to select another existing mailbox user as your \"mail from\" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator needs to grant you access as described above.","title":"Sender and receiver model"},{"location":"models/model-sender_rcv/#sogo-mail-from-addresses","text":"Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains. If you want to select another existing mailbox user as your \"mail from\" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator needs to grant you access as described above.","title":"SOGo \"mail from\" addresses"},{"location":"post_installation/firststeps-disable_ipv6/","text":"This is ONLY recommended if you do not have an IPv6 enabled network on your host! If you really need to, you can disable the usage of IPv6 in the compose file. Additionally, you can also disable the startup of container \"ipv6nat-mailcow\", as it's not needed if you won't use IPv6. Instead of editing docker-compose.yml directly, it is preferable to create an override file for it and implement your changes to the service there. Unfortunately, this right now only seems to work for services, not for network settings. To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file). 1. Modify docker-compose.yml Change enable_ipv6: true to enable_ipv6: false : networks: mailcow-network: [...] enable_ipv6: true # <<< set to false [...] 2. Disable ipv6nat-mailcow To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called \"docker-compose.override.yml\": NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly! # cd /opt/mailcow-dockerized # touch docker-compose.override.yml Open the file in your favourite text editor and fill in the following: version: '2.1' services: ipv6nat-mailcow: image: bash:latest restart: \"no\" entrypoint: [\"echo\", \"ipv6nat disabled in compose.override.yml\"] For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d 3. Disable IPv6 in unbound-mailcow Edit data/conf/unbound/unbound.conf and set do-ip6 to \"no\": server: [...] do-ip6: no [...] Restart Unbound: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow 4. Disable IPv6 in postfix-mailcow Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4 : smtp_address_preference = ipv4 inet_protocols = ipv4 Restart Postfix: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow 5. If your docker daemon completly disabled IPv6: Fix the following NGINX, Dovecot and php-fpm config files sed -i '/::/d' data/conf/nginx/listen_* sed -i '/::/d' data/conf/nginx/templates/listen* sed -i '/::/d' data/conf/nginx/dynmaps.conf sed -i 's/,\\[::\\]//g' data/conf/dovecot/dovecot.conf sed -i 's/\\[::\\]://g' data/conf/phpfpm/php-fpm.d/pools.conf","title":"Disable IPv6"},{"location":"post_installation/firststeps-dmarc_reporting/","text":"DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html Important: Change example.com , mail.example.com and Example to reflect your setup DMARC reporting requires additional attention, especially over the first few days All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your MAILCOW_HOSTNAME : If your MAILCOW_HOSTNAME is mail.example.com change the following config to domain = \"example.com\"; Set email equally, e.g. email = \"noreply-dmarc@example.com\"; It is optional but recommended to create an email user noreply-dmarc in mailcow to handle bounces. Enable DMARC reporting \u00b6 Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Create or modify docker-compose.override.yml in the mailcow-dockerized base directory: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Start the mailcow stack with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Send a copy reports to yourself \u00b6 To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf : reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\",\"parsedmarc@example.com\"]; [...] Rspamd will load changes in real time, so you won't need to restart the container at this point. This can be useful if you... ...want to check that your DMARC reports are sent correctly and authenticated. ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems. Troubleshooting \u00b6 Check when the report schedule last ran: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log See the latest report output: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manually trigger a DMARC report: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamadm dmarc_report docker-compose exec rspamd-mailcow rspamadm dmarc_report Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in. docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" docker-compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" Take one of the lines from output you interested in and request it, f.e.: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 docker-compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 Change DMARC reporting frequency \u00b6 In the example above reports are sent once every 24 hours and send reports for yesterday. This will be okay for most setups. If you have a large mail volume and want to run the DMARC reporting more than once a day you need create second schedule and run it with dmarc_report $(date '+%Y%m%d') to process the current day. You have to make sure that the first run on each day also processes the last report from the day before, so it needs to be started twice, one time with $(date --date yesterday '+%Y%m%d') at 0 5 0 * * * (00:05 AM) and then with $(date '+%Y%m%d') with desired interval. The Ofelia schedule has the same implementation as cron in Go, supported syntax described at cron Documentation To change schedule: Edit docker-compose.override.yml : version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"0 5 0 * * *\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: \"@every 12h\" ofelia.job-exec.rspamd_dmarc_reporting_today.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Restart the desired containers with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Restart the ofelia container only: docker compose (Plugin) docker-compose (Standalone) docker compose restart ofelia-mailcow docker-compose restart ofelia-mailcow Disable DMARC Reporting \u00b6 To disable reporting: Set enabled to false in data/conf/rspamd/local.d/dmarc.conf Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow Restart the desired containers with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"DMARC Reporting"},{"location":"post_installation/firststeps-dmarc_reporting/#enable-dmarc-reporting","text":"Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Create or modify docker-compose.override.yml in the mailcow-dockerized base directory: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Start the mailcow stack with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Enable DMARC reporting"},{"location":"post_installation/firststeps-dmarc_reporting/#send-a-copy-reports-to-yourself","text":"To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf : reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\",\"parsedmarc@example.com\"]; [...] Rspamd will load changes in real time, so you won't need to restart the container at this point. This can be useful if you... ...want to check that your DMARC reports are sent correctly and authenticated. ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.","title":"Send a copy reports to yourself"},{"location":"post_installation/firststeps-dmarc_reporting/#troubleshooting","text":"Check when the report schedule last ran: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log See the latest report output: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manually trigger a DMARC report: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamadm dmarc_report docker-compose exec rspamd-mailcow rspamadm dmarc_report Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in. docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" docker-compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" Take one of the lines from output you interested in and request it, f.e.: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 docker-compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49","title":"Troubleshooting"},{"location":"post_installation/firststeps-dmarc_reporting/#change-dmarc-reporting-frequency","text":"In the example above reports are sent once every 24 hours and send reports for yesterday. This will be okay for most setups. If you have a large mail volume and want to run the DMARC reporting more than once a day you need create second schedule and run it with dmarc_report $(date '+%Y%m%d') to process the current day. You have to make sure that the first run on each day also processes the last report from the day before, so it needs to be started twice, one time with $(date --date yesterday '+%Y%m%d') at 0 5 0 * * * (00:05 AM) and then with $(date '+%Y%m%d') with desired interval. The Ofelia schedule has the same implementation as cron in Go, supported syntax described at cron Documentation To change schedule: Edit docker-compose.override.yml : version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"0 5 0 * * *\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: \"@every 12h\" ofelia.job-exec.rspamd_dmarc_reporting_today.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Restart the desired containers with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Restart the ofelia container only: docker compose (Plugin) docker-compose (Standalone) docker compose restart ofelia-mailcow docker-compose restart ofelia-mailcow","title":"Change DMARC reporting frequency"},{"location":"post_installation/firststeps-dmarc_reporting/#disable-dmarc-reporting","text":"To disable reporting: Set enabled to false in data/conf/rspamd/local.d/dmarc.conf Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow Restart the desired containers with: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Disable DMARC Reporting"},{"location":"post_installation/firststeps-ip_bindings/","text":"Warning Changing the binding does not affect source NAT. See SNAT for required steps. IPv4 binding \u00b6 To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs: # For technical reasons, http bindings are a bit different from other service bindings. # You will find the following variables, separated by a bind address and its port: # Example: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Other services are bound by using the following format: # SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 # Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. # doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 To apply your changes, run: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d IPv6 binding \u00b6 Changing IPv6 bindings is different from IPv4. Again, this has a technical background. A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten. Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file. An example IPv6 2001:db8:dead:beef::123 is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed. version: '2.1' services: dovecot-mailcow: ports: - '[2001:db8:dead:beef::123]:143:143' - '[2001:db8:dead:beef::123]:993:993' - '[2001:db8:dead:beef::123]:110:110' - '[2001:db8:dead:beef::123]:995:995' - '[2001:db8:dead:beef::123]:4190:4190' postfix-mailcow: ports: - '[2001:db8:dead:beef::123]:25:25' - '[2001:db8:dead:beef::123]:465:465' - '[2001:db8:dead:beef::123]:587:587' nginx-mailcow: ports: - '[2001:db8:dead:beef::123]:80:80' - '[2001:db8:dead:beef::123]:443:443' To apply your changes, run the commands below: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IP bindings"},{"location":"post_installation/firststeps-ip_bindings/#ipv4-binding","text":"To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs: # For technical reasons, http bindings are a bit different from other service bindings. # You will find the following variables, separated by a bind address and its port: # Example: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Other services are bound by using the following format: # SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 # Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. # doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 To apply your changes, run: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IPv4 binding"},{"location":"post_installation/firststeps-ip_bindings/#ipv6-binding","text":"Changing IPv6 bindings is different from IPv4. Again, this has a technical background. A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten. Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file. An example IPv6 2001:db8:dead:beef::123 is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed. version: '2.1' services: dovecot-mailcow: ports: - '[2001:db8:dead:beef::123]:143:143' - '[2001:db8:dead:beef::123]:993:993' - '[2001:db8:dead:beef::123]:110:110' - '[2001:db8:dead:beef::123]:995:995' - '[2001:db8:dead:beef::123]:4190:4190' postfix-mailcow: ports: - '[2001:db8:dead:beef::123]:25:25' - '[2001:db8:dead:beef::123]:465:465' - '[2001:db8:dead:beef::123]:587:587' nginx-mailcow: ports: - '[2001:db8:dead:beef::123]:80:80' - '[2001:db8:dead:beef::123]:443:443' To apply your changes, run the commands below: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IPv6 binding"},{"location":"post_installation/firststeps-local_mta/","text":"The easiest option would be to disable the listener on port 25/tcp. Postfix users disable the listener by commenting the following line (starting with smtp or 25 ) in /etc/postfix/master.cf : #smtp inet n - - - - smtpd Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from \"inet_interfaces\": postconf -e 'relayhost = 172.22.1.1' postconf -e \"mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\" postconf -e \"inet_interfaces = loopback-only\" postconf -e \"relay_transport = relay\" postconf -e \"default_transport = smtp\" Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld . \"172.22.1.1\" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network. Restart Postfix after applying your changes.","title":"Local MTA on Docker host"},{"location":"post_installation/firststeps-logging/","text":"Logging in mailcow: dockerized consists of multiple stages, but is, after all, much more flexible and easier to integrate into a logging daemon than before. In Docker the containerized application (PID 1) writes its output to stdout. For real one-application containers this works just fine. Run the command below to learn more: docker compose (Plugin) docker-compose (Standalone) docker compose logs --help docker-compose logs --help Some containers log or stream to multiple destinations. No container will keep persistent logs in it. Containers are transient items! In the end, every line of logs will reach the Docker daemon - unfiltered. The default logging driver is \"json\" . Filtered logs \u00b6 Some logs are filtered and written to Redis keys but also streamed to a Redis channel. The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow. The Redis keys are persistent and will keep 10000 lines of logs for the web UI. This mechanism makes it possible to use whatever Docker logging driver you want to, without losing the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow. Redis keys will only hold logs from applications and filter out system messages (think of cron etc.). Logging drivers \u00b6 Via docker-compose.override.yml \u00b6 Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. Create a docker-compose.override.yml and add, for example, this block to use the \"gelf\" logging plugin for postfix-mailcow : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Another example for Syslog : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" For Rsyslog only: \u00b6 Make sure the following lines aren't commented out in /etc/rsyslog.conf : # provides UDP syslog reception module(load=\"imudp\") input(type=\"imudp\" port=\"514\") To move local3 input to /var/log/mailcow.log and stop processing, create a file /etc/rsyslog.d/docker.conf : local3.* /var/log/mailcow.log & stop Restart rsyslog afterwards. via daemon.json (globally) \u00b6 If you want to change the logging driver globally , edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service: { ... \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } ... } For Syslog: { ... \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } ... } Restart the Docker daemon and run the commands below to recreate the containers with the new logging driver: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d Log rotation \u00b6 As those logs can get quite big, it is a good idea to use logrotate to compress and delete them after a certain time period. Create /etc/logrotate.d/mailcow with the following content: /var/log/mailcow.log { rotate 7 daily compress delaycompress missingok notifempty create 660 root root } With this configuration, logrotate will run daily and keep a maximum of 7 archives. To rotate the logfile weekly or monthly replace daily with weekly or monthly respectively. To keep more archives, set the desired number of rotate . Afterwards, logrotate can be restarted.","title":"Logging"},{"location":"post_installation/firststeps-logging/#filtered-logs","text":"Some logs are filtered and written to Redis keys but also streamed to a Redis channel. The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow. The Redis keys are persistent and will keep 10000 lines of logs for the web UI. This mechanism makes it possible to use whatever Docker logging driver you want to, without losing the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow. Redis keys will only hold logs from applications and filter out system messages (think of cron etc.).","title":"Filtered logs"},{"location":"post_installation/firststeps-logging/#logging-drivers","text":"","title":"Logging drivers"},{"location":"post_installation/firststeps-logging/#via-docker-composeoverrideyml","text":"Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. Create a docker-compose.override.yml and add, for example, this block to use the \"gelf\" logging plugin for postfix-mailcow : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Another example for Syslog : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\"","title":"Via docker-compose.override.yml"},{"location":"post_installation/firststeps-logging/#for-rsyslog-only","text":"Make sure the following lines aren't commented out in /etc/rsyslog.conf : # provides UDP syslog reception module(load=\"imudp\") input(type=\"imudp\" port=\"514\") To move local3 input to /var/log/mailcow.log and stop processing, create a file /etc/rsyslog.d/docker.conf : local3.* /var/log/mailcow.log & stop Restart rsyslog afterwards.","title":"For Rsyslog only:"},{"location":"post_installation/firststeps-logging/#via-daemonjson-globally","text":"If you want to change the logging driver globally , edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service: { ... \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } ... } For Syslog: { ... \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } ... } Restart the Docker daemon and run the commands below to recreate the containers with the new logging driver: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"via daemon.json (globally)"},{"location":"post_installation/firststeps-logging/#log-rotation","text":"As those logs can get quite big, it is a good idea to use logrotate to compress and delete them after a certain time period. Create /etc/logrotate.d/mailcow with the following content: /var/log/mailcow.log { rotate 7 daily compress delaycompress missingok notifempty create 660 root root } With this configuration, logrotate will run daily and keep a maximum of 7 archives. To rotate the logfile weekly or monthly replace daily with weekly or monthly respectively. To keep more archives, set the desired number of rotate . Afterwards, logrotate can be restarted.","title":"Log rotation"},{"location":"post_installation/firststeps-rp/","text":"You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. 1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: HTTP_BIND = 127 .0.0.1 HTTP_PORT = 8080 HTTPS_BIND = 127 .0.0.1 HTTPS_PORT = 8443 This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker. IMPORTANT: Do not use port 8081, 9081 or 65510! Recreate affected containers by running docker compose up -d . Important information, please read them carefully! Info If you plan to use a reverse proxy and want to use another server name that is not MAILCOW_HOSTNAME, you need to read Adding additional server names for mailcow UI at the bottom of this page. Warning Make sure you run generate_config.sh before you enable any site configuration examples below. The script generate_config.sh copies snake-oil certificates to the correct location, so the services will not fail to start due to missing files. Warning If you enable TLS SNI ( ENABLE_TLS_SNI in mailcow.conf), the certificate paths in your reverse proxy must match the correct paths in data/assets/ssl/{hostname}. The certificates will be split into data/assets/ssl/{hostname1,hostname2,etc} and therefore will not work when you copy the examples from below pointing to data/assets/ssl/cert.pem etc. Info Using the site configs below will forward ACME requests to mailcow and let it handle certificates itself. The downside of using mailcow as ACME client behind a reverse proxy is, that you will need to reload your webserver after acme-mailcow changed/renewed/created the certificate. You can either reload your webserver daily or write a script to watch the file for changes. On many servers logrotate will reload the webserver daily anyway. If you want to use a local certbot installation, you will need to change the SSL certificate parameters accordingly. Make sure you run a post-hook script when you decide to use external ACME clients. You will find an example at the bottom of this page. 2. Configure your local webserver as reverse proxy: Apache 2.4 \u00b6 Required modules: a2enmod rewrite proxy proxy_http headers ssl Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine. Take care of highlighted lines. ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L] ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"http\" ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"https\" SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem # If you plan to proxy to a HTTPS host: #SSLProxyEngine On # If you plan to proxy to an untrusted HTTPS host: #SSLProxyVerify none #SSLProxyCheckPeerCN off #SSLProxyCheckPeerName off #SSLProxyCheckPeerExpire off Nginx \u00b6 Let's Encrypt will follow our rewrite, certificate requests will work fine. Take care of highlighted lines. server { listen 80 default_server; listen [::]:80 default_server; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; location /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 75; proxy_send_timeout 3650; proxy_read_timeout 3650; proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo client_body_buffer_size 512k; client_max_body_size 0; } location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } HAProxy (community supported) \u00b6 Warning This is an unsupported community contribution. Feel free to provide fixes. Important/Fixme : This example only forwards HTTPS traffic and does not use mailcows built-in ACME client. frontend https-in bind :::443 v4v6 ssl crt mailcow.pem default_backend mailcow backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check Traefik v2 (community supported) \u00b6 Warning This is an unsupported community contribution. Feel free to provide fixes. Important : This config only covers the \"reverseproxing\" of the webpannel (nginx-mailcow) using Traefik v2, if you also want to reverseproxy the mail services such as dovecot, postfix... you'll just need to adapt the following config to each container and create an EntryPoint on your traefik.toml or traefik.yml (depending which config you use) for each port. For this section we'll assume you have your Traefik 2 [certificatesresolvers] properly configured on your traefik configuration file, and also using acme, also, the following example uses Lets Encrypt, but feel free to change it to your own cert resolver. You can find a basic Traefik 2 toml config file with all the above implemented which can be used for this example here traefik.toml if you need one, or a hint on how to adapt your config. So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf , and run docker compose up -d to apply the changes. Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder. version : '2.1' services : nginx-mailcow : networks : # Add Traefik's network web : labels : - traefik.enable=true # Creates a router called \"moo\" for the container, and sets up a rule to link the container to certain rule, # in this case, a Host rule with our MAILCOW_HOSTNAME var. - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`) # Enables tls over the router we created before. - traefik.http.routers.moo.tls=true # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt). - traefik.http.routers.moo.tls.certresolver=le # Creates a service called \"moo\" for the container, and specifies which internal port of the container # should traefik route the incoming data to. - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} # Specifies which entrypoint (external port) should traefik listen to, for this container. # websecure being port 443, check the traefik.toml file liked above. - traefik.http.routers.moo.entrypoints=websecure # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network - traefik.docker.network=web certdumper : image : humenius/traefik-certs-dumper command : --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1 network_mode : none volumes : # Mount the volume which contains Traefik's `acme.json' file # Configure the external name in the volume definition - acme:/traefik:ro # Mount mailcow's SSL folder - ./data/assets/ssl/:/output:rw # Mount docker socket to restart containers - /var/run/docker.sock:/var/run/docker.sock:ro restart : always environment : # only change this, if you're using another domain for mailcow's web frontend compared to the standard config - DOMAIN=${MAILCOW_HOSTNAME} networks : web : external : true # Name of the external network name : traefik_web volumes : acme : external : true # Name of the external docker volume which contains Traefik's `acme.json' file name : traefik_acme Start the new containers with docker compose up -d . Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org , and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from. This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path. You can use the command line to run it, or use the docker compose shown here . After we have the certs dumped, we'll have to reload the configs from our postfix and dovecot containers, and check the certs, you can see how here . Aaand that should be it \ud83d\ude0a, you can check if the Traefik router works fine trough Traefik's dashboard / traefik logs / accessing the setted domain trough https, or / and check HTTPS, SMTP and IMAP trough the commands shown on the page linked before. Caddy v2 (supported by the community) \u00b6 Warning This is an unsupported community contribution. Feel free to provide fixes. The configuration of Caddy with mailcow is very simple. In the caddyfile you just have to create a section for the mailserver. For example MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled roll_size 512M roll_uncompressed roll_local_time roll_keep 3 roll_keep_for 48h } } reverse_proxy 127.0.0.1:HTTP_BIND } This allows Caddy to automatically create the certificates and accept traffic for these mentioned domains and forward them to mailcow. Important : The ACME client of mailcow must be disabled, otherwise mailcow will fail. Since Caddy takes care of the certificates itself, we can use the following script to include the Caddy generated certificates into mailcow: #!/bin/bash MD5SUM_CURRENT_CERT =( $( md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem ) ) MD5SUM_NEW_CERT =( $( md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt ) ) if [ $MD5SUM_CURRENT_CERT ! = $MD5SUM_NEW_CERT ] ; then cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c = $( docker ps -qaf name = postfix-mailcow ) dovecot_c = $( docker ps -qaf name = dovecot-mailcow ) nginx_c = $( docker ps -qaf name = nginx-mailcow ) docker restart ${ postfix_c } ${ dovecot_c } ${ nginx_c } else echo \"Certs not copied from Caddy (Not needed)\" fi Attention Caddy's certificate path varies depending on the installation type. In this installation example, Caddy was installed using the Caddy repo ( more informations here ). To find out the Caddy certificate path on your system, just run a find / -name \"certificates\" . This script could be called as a cronjob every hour: 0 * * * * /bin/bash /path/to/script/deploy-certs.sh >/dev/null 2 > & 1 Optional: Post-hook script for non-mailcow ACME clients \u00b6 Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: #!/bin/bash cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c} Adding additional server names for mailcow UI \u00b6 If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld Run docker compose up -d to apply.","title":"Reverse Proxy"},{"location":"post_installation/firststeps-rp/#apache-24","text":"Required modules: a2enmod rewrite proxy proxy_http headers ssl Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine. Take care of highlighted lines. ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L] ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"http\" ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"https\" SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem # If you plan to proxy to a HTTPS host: #SSLProxyEngine On # If you plan to proxy to an untrusted HTTPS host: #SSLProxyVerify none #SSLProxyCheckPeerCN off #SSLProxyCheckPeerName off #SSLProxyCheckPeerExpire off ","title":"Apache 2.4"},{"location":"post_installation/firststeps-rp/#nginx","text":"Let's Encrypt will follow our rewrite, certificate requests will work fine. Take care of highlighted lines. server { listen 80 default_server; listen [::]:80 default_server; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; location /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 75; proxy_send_timeout 3650; proxy_read_timeout 3650; proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo client_body_buffer_size 512k; client_max_body_size 0; } location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } }","title":"Nginx"},{"location":"post_installation/firststeps-rp/#haproxy-community-supported","text":"Warning This is an unsupported community contribution. Feel free to provide fixes. Important/Fixme : This example only forwards HTTPS traffic and does not use mailcows built-in ACME client. frontend https-in bind :::443 v4v6 ssl crt mailcow.pem default_backend mailcow backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check","title":"HAProxy (community supported)"},{"location":"post_installation/firststeps-rp/#traefik-v2-community-supported","text":"Warning This is an unsupported community contribution. Feel free to provide fixes. Important : This config only covers the \"reverseproxing\" of the webpannel (nginx-mailcow) using Traefik v2, if you also want to reverseproxy the mail services such as dovecot, postfix... you'll just need to adapt the following config to each container and create an EntryPoint on your traefik.toml or traefik.yml (depending which config you use) for each port. For this section we'll assume you have your Traefik 2 [certificatesresolvers] properly configured on your traefik configuration file, and also using acme, also, the following example uses Lets Encrypt, but feel free to change it to your own cert resolver. You can find a basic Traefik 2 toml config file with all the above implemented which can be used for this example here traefik.toml if you need one, or a hint on how to adapt your config. So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf , and run docker compose up -d to apply the changes. Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder. version : '2.1' services : nginx-mailcow : networks : # Add Traefik's network web : labels : - traefik.enable=true # Creates a router called \"moo\" for the container, and sets up a rule to link the container to certain rule, # in this case, a Host rule with our MAILCOW_HOSTNAME var. - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`) # Enables tls over the router we created before. - traefik.http.routers.moo.tls=true # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt). - traefik.http.routers.moo.tls.certresolver=le # Creates a service called \"moo\" for the container, and specifies which internal port of the container # should traefik route the incoming data to. - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} # Specifies which entrypoint (external port) should traefik listen to, for this container. # websecure being port 443, check the traefik.toml file liked above. - traefik.http.routers.moo.entrypoints=websecure # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network - traefik.docker.network=web certdumper : image : humenius/traefik-certs-dumper command : --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1 network_mode : none volumes : # Mount the volume which contains Traefik's `acme.json' file # Configure the external name in the volume definition - acme:/traefik:ro # Mount mailcow's SSL folder - ./data/assets/ssl/:/output:rw # Mount docker socket to restart containers - /var/run/docker.sock:/var/run/docker.sock:ro restart : always environment : # only change this, if you're using another domain for mailcow's web frontend compared to the standard config - DOMAIN=${MAILCOW_HOSTNAME} networks : web : external : true # Name of the external network name : traefik_web volumes : acme : external : true # Name of the external docker volume which contains Traefik's `acme.json' file name : traefik_acme Start the new containers with docker compose up -d . Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org , and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from. This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path. You can use the command line to run it, or use the docker compose shown here . After we have the certs dumped, we'll have to reload the configs from our postfix and dovecot containers, and check the certs, you can see how here . Aaand that should be it \ud83d\ude0a, you can check if the Traefik router works fine trough Traefik's dashboard / traefik logs / accessing the setted domain trough https, or / and check HTTPS, SMTP and IMAP trough the commands shown on the page linked before.","title":"Traefik v2 (community supported)"},{"location":"post_installation/firststeps-rp/#caddy-v2-supported-by-the-community","text":"Warning This is an unsupported community contribution. Feel free to provide fixes. The configuration of Caddy with mailcow is very simple. In the caddyfile you just have to create a section for the mailserver. For example MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled roll_size 512M roll_uncompressed roll_local_time roll_keep 3 roll_keep_for 48h } } reverse_proxy 127.0.0.1:HTTP_BIND } This allows Caddy to automatically create the certificates and accept traffic for these mentioned domains and forward them to mailcow. Important : The ACME client of mailcow must be disabled, otherwise mailcow will fail. Since Caddy takes care of the certificates itself, we can use the following script to include the Caddy generated certificates into mailcow: #!/bin/bash MD5SUM_CURRENT_CERT =( $( md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem ) ) MD5SUM_NEW_CERT =( $( md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt ) ) if [ $MD5SUM_CURRENT_CERT ! = $MD5SUM_NEW_CERT ] ; then cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c = $( docker ps -qaf name = postfix-mailcow ) dovecot_c = $( docker ps -qaf name = dovecot-mailcow ) nginx_c = $( docker ps -qaf name = nginx-mailcow ) docker restart ${ postfix_c } ${ dovecot_c } ${ nginx_c } else echo \"Certs not copied from Caddy (Not needed)\" fi Attention Caddy's certificate path varies depending on the installation type. In this installation example, Caddy was installed using the Caddy repo ( more informations here ). To find out the Caddy certificate path on your system, just run a find / -name \"certificates\" . This script could be called as a cronjob every hour: 0 * * * * /bin/bash /path/to/script/deploy-certs.sh >/dev/null 2 > & 1","title":"Caddy v2 (supported by the community)"},{"location":"post_installation/firststeps-rp/#optional-post-hook-script-for-non-mailcow-acme-clients","text":"Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: #!/bin/bash cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c}","title":"Optional: Post-hook script for non-mailcow ACME clients"},{"location":"post_installation/firststeps-rp/#adding-additional-server-names-for-mailcow-ui","text":"If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld Run docker compose up -d to apply.","title":"Adding additional server names for mailcow UI"},{"location":"post_installation/firststeps-rspamd_ui/","text":"Rspamd is an easy to use spam filtering tool presently installed with mailcow. Go to the mailcow web admin interface Navigate to the Access tab. (Access > Rspamd UI) Modify the Rspamd UI password Go to https://${MAILCOW_HOSTNAME}/rspamd in a browser and log in! Additional configuration options and documentation can be found here : https://rspamd.com/webui/","title":"Rspamd UI"},{"location":"post_installation/firststeps-snat/","text":"SNAT is used to change the source address of the packets sent by mailcow. It can be used to change the outgoing IP address on systems with multiple IP addresses. Open mailcow.conf , set either or both of the following parameters: # Use this IPv4 for outgoing connections (SNAT) SNAT_TO_SOURCE=1.2.3.4 # Use this IPv6 for outgoing connections (SNAT) SNAT6_TO_SOURCE=dead:beef Run docker compose up -d . The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1. Check the output of docker compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.","title":"SNAT"},{"location":"post_installation/firststeps-ssl/","text":"Let's Encrypt (out-of-the-box) \u00b6 The \"acme-mailcow\" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME} , autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN . Warning mailcow must be available on port 80 for the acme-client to work. Our reverse proxy example configurations do cover that. You can also use any external ACME client (certbot for example) to obtain certificates, but you will need to make sure, that they are copied to the correct location and a post-hook reloads affected containers. See more in the Reverse Proxy documentation. By default, which means 0 domains are added to mailcow, it will try to obtain a certificate for ${MAILCOW_HOSTNAME} . For each domain you add, it will try to resolve autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN to its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. If it succeeds, a name will be added as SAN to the certificate request. Only names that can be validated, will be added as SAN. For every domain you remove, the certificate will be moved and a new certificate will be requested. It is not possible to keep domains in a certificate, when we are not able validate the challenge for those. If you want to re-run the ACME client, use docker compose restart acme-mailcow and monitor its logs with docker compose logs --tail=200 -f acme-mailcow . Additional domain names \u00b6 Edit \"mailcow.conf\" and add a parameter ADDITIONAL_SAN like this: Do not use quotes ( \" ) and do not use spaces between the names! ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.* Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow. Run docker compose up -d to recreate affected containers automatically. Info Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration. If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES . Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld Run docker compose up -d to apply. Force renewal \u00b6 To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container: cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew docker compose restart acme-mailcow # Now check the logs for a renewal docker compose logs --tail=200 -f acme-mailcow The file will be deleted automatically. Validation errors and how to skip validation \u00b6 You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts. If you encounter problems with \"HTTP validation\", but your IP address confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from br-mailcow to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You'd need to stop mailcow ( docker compose down ), stop the firewall service, flush the chains and restart Docker. You can also skip this validation method by setting SKIP_HTTP_VERIFICATION=y in \"mailcow.conf\". Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration. If you encounter problems generating TLSA records in the DNS overview within mailcow, you are most likely having issues with NAT reflection you should fix. If you changed a SKIP_* parameter, run docker compose up -d to apply your changes. Disable Let's Encrypt \u00b6 Disable Let's Encrypt completely \u00b6 Set SKIP_LETS_ENCRYPT=y in \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d . Skip all names but ${MAILCOW_HOSTNAME} \u00b6 Add ONLY_MAILCOW_HOSTNAME=y to \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d . The Let's Encrypt subjectAltName limit of 100 domains \u00b6 Let's Encrypt currently has a limit of 100 Domain Names per Certificate . By default, \"acme-mailcow\" will create a single SAN certificate for all validated domains (see the first section and Additional domain names ). This provides best compatibility but means the Let's Encrypt limit exceeds if you add too many domains to a single mailcow installation. To solve this, you can configure ENABLE_SSL_SNI to generate: A main server certificate with MAILCOW_HOSTNAME and all fully qualified domain names in the ADDITIONAL_SAN config One additional certificate for each domain found in the database with autodiscover. , autoconfig. and any other ADDITIONAL_SAN configured in this format (subdomain.*). Limitations: A certificate name ADDITIONAL_SAN=test.example.com will be added as SAN to the main certificate. A separate certificate/key pair will not be generated for this format. Postfix, Dovecot and Nginx will then serve these certificates with SNI. Set ENABLE_SSL_SNI=y in \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d . Warning Not all clients support SNI, see Dovecot documentation or Wikipedia . You should make sure these clients use the MAILCOW_HOSTNAME for secure connections if you enable this feature. Here is an example: MAILCOW_HOSTNAME=server.email.tld ADDITIONAL_SAN=webmail.email.tld,mail.* Mailcow email domains: \"domain1.tld\" and \"domain2.tld\" The following certificates will be generated: server.email.tld, webmail.email.tld -> this is the default certificate, all clients can connect with these domains mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individual certificate for domain1.tld, cannot be used by clients without SNI support mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individual certificate for domain2.tld, cannot be used by clients without SNI support How to use your own certificate \u00b6 Make sure you disable mailcows internal LE client (see above). To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem . IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl . Restart affected services afterwards: docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) docker restart $(docker ps -qaf name=dovecot-mailcow) See Post-hook script for non-mailcow ACME clients for a full example script. Test against staging ACME directory \u00b6 Edit mailcow.conf and add LE_STAGING=y . Run docker compose up -d to activate your changes. Custom directory URL \u00b6 Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL : DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory You cannot use LE_STAGING with DIRECTORY_URL . If both are set, only LE_STAGING is used. Run docker compose up -d to activate your changes. Check your configuration \u00b6 Run docker compose logs acme-mailcow to find out why a validation fails. To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate. To check the certificate served by Postfix, Dovecot and Nginx we will use openssl : # Connect via SMTP (587) echo \"Q\" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 # Connect via IMAP (143) echo \"Q\" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 # Connect via HTTPS (443) echo \"Q\" | openssl s_client -connect mx.mailcow.email:443 To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script: cd /opt/mailcow-dockerized bash helper-scripts/expiry-dates.sh","title":"Advanced SSL"},{"location":"post_installation/firststeps-ssl/#lets-encrypt-out-of-the-box","text":"The \"acme-mailcow\" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME} , autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN . Warning mailcow must be available on port 80 for the acme-client to work. Our reverse proxy example configurations do cover that. You can also use any external ACME client (certbot for example) to obtain certificates, but you will need to make sure, that they are copied to the correct location and a post-hook reloads affected containers. See more in the Reverse Proxy documentation. By default, which means 0 domains are added to mailcow, it will try to obtain a certificate for ${MAILCOW_HOSTNAME} . For each domain you add, it will try to resolve autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN to its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. If it succeeds, a name will be added as SAN to the certificate request. Only names that can be validated, will be added as SAN. For every domain you remove, the certificate will be moved and a new certificate will be requested. It is not possible to keep domains in a certificate, when we are not able validate the challenge for those. If you want to re-run the ACME client, use docker compose restart acme-mailcow and monitor its logs with docker compose logs --tail=200 -f acme-mailcow .","title":"Let's Encrypt (out-of-the-box)"},{"location":"post_installation/firststeps-ssl/#additional-domain-names","text":"Edit \"mailcow.conf\" and add a parameter ADDITIONAL_SAN like this: Do not use quotes ( \" ) and do not use spaces between the names! ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.* Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address. A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow. Run docker compose up -d to recreate affected containers automatically. Info Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration. If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES . Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld Run docker compose up -d to apply.","title":"Additional domain names"},{"location":"post_installation/firststeps-ssl/#force-renewal","text":"To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container: cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew docker compose restart acme-mailcow # Now check the logs for a renewal docker compose logs --tail=200 -f acme-mailcow The file will be deleted automatically.","title":"Force renewal"},{"location":"post_installation/firststeps-ssl/#validation-errors-and-how-to-skip-validation","text":"You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts. If you encounter problems with \"HTTP validation\", but your IP address confirmation succeeds, you are most likely using firewalld, ufw or any other firewall, that disallows connections from br-mailcow to your external interface. Both firewalld and ufw disallow this by default. It is often not enough to just stop these firewall services. You'd need to stop mailcow ( docker compose down ), stop the firewall service, flush the chains and restart Docker. You can also skip this validation method by setting SKIP_HTTP_VERIFICATION=y in \"mailcow.conf\". Be warned that this is discouraged. In most cases, the HTTP verification is skipped to workaround unknown NAT reflection issues, which are not resolved by ignoring this specific network misconfiguration. If you encounter problems generating TLSA records in the DNS overview within mailcow, you are most likely having issues with NAT reflection you should fix. If you changed a SKIP_* parameter, run docker compose up -d to apply your changes.","title":"Validation errors and how to skip validation"},{"location":"post_installation/firststeps-ssl/#disable-lets-encrypt","text":"","title":"Disable Let's Encrypt"},{"location":"post_installation/firststeps-ssl/#disable-lets-encrypt-completely","text":"Set SKIP_LETS_ENCRYPT=y in \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d .","title":"Disable Let's Encrypt completely"},{"location":"post_installation/firststeps-ssl/#skip-all-names-but-mailcow_hostname","text":"Add ONLY_MAILCOW_HOSTNAME=y to \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d .","title":"Skip all names but ${MAILCOW_HOSTNAME}"},{"location":"post_installation/firststeps-ssl/#the-lets-encrypt-subjectaltname-limit-of-100-domains","text":"Let's Encrypt currently has a limit of 100 Domain Names per Certificate . By default, \"acme-mailcow\" will create a single SAN certificate for all validated domains (see the first section and Additional domain names ). This provides best compatibility but means the Let's Encrypt limit exceeds if you add too many domains to a single mailcow installation. To solve this, you can configure ENABLE_SSL_SNI to generate: A main server certificate with MAILCOW_HOSTNAME and all fully qualified domain names in the ADDITIONAL_SAN config One additional certificate for each domain found in the database with autodiscover. , autoconfig. and any other ADDITIONAL_SAN configured in this format (subdomain.*). Limitations: A certificate name ADDITIONAL_SAN=test.example.com will be added as SAN to the main certificate. A separate certificate/key pair will not be generated for this format. Postfix, Dovecot and Nginx will then serve these certificates with SNI. Set ENABLE_SSL_SNI=y in \"mailcow.conf\" and recreate \"acme-mailcow\" by running docker compose up -d . Warning Not all clients support SNI, see Dovecot documentation or Wikipedia . You should make sure these clients use the MAILCOW_HOSTNAME for secure connections if you enable this feature. Here is an example: MAILCOW_HOSTNAME=server.email.tld ADDITIONAL_SAN=webmail.email.tld,mail.* Mailcow email domains: \"domain1.tld\" and \"domain2.tld\" The following certificates will be generated: server.email.tld, webmail.email.tld -> this is the default certificate, all clients can connect with these domains mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individual certificate for domain1.tld, cannot be used by clients without SNI support mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individual certificate for domain2.tld, cannot be used by clients without SNI support","title":"The Let's Encrypt subjectAltName limit of 100 domains"},{"location":"post_installation/firststeps-ssl/#how-to-use-your-own-certificate","text":"Make sure you disable mailcows internal LE client (see above). To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem . IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl . Restart affected services afterwards: docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) docker restart $(docker ps -qaf name=dovecot-mailcow) See Post-hook script for non-mailcow ACME clients for a full example script.","title":"How to use your own certificate"},{"location":"post_installation/firststeps-ssl/#test-against-staging-acme-directory","text":"Edit mailcow.conf and add LE_STAGING=y . Run docker compose up -d to activate your changes.","title":"Test against staging ACME directory"},{"location":"post_installation/firststeps-ssl/#custom-directory-url","text":"Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL : DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory You cannot use LE_STAGING with DIRECTORY_URL . If both are set, only LE_STAGING is used. Run docker compose up -d to activate your changes.","title":"Custom directory URL"},{"location":"post_installation/firststeps-ssl/#check-your-configuration","text":"Run docker compose logs acme-mailcow to find out why a validation fails. To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate. To check the certificate served by Postfix, Dovecot and Nginx we will use openssl : # Connect via SMTP (587) echo \"Q\" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 # Connect via IMAP (143) echo \"Q\" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 # Connect via HTTPS (443) echo \"Q\" | openssl s_client -connect mx.mailcow.email:443 To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script: cd /opt/mailcow-dockerized bash helper-scripts/expiry-dates.sh","title":"Check your configuration"},{"location":"post_installation/firststeps-sync_jobs_migration/","text":"Sync jobs are used to copy or move existing emails from an external IMAP server or within mailcow's existing mailboxes. Info Depending on your mailbox's ACL you may not have the option to add a sync job. Please contact your domain administrator if so. Setup a Sync Job \u00b6 In the \"Configuration > Mail Setup\" or \"User Settings\" interface, create a new sync job. If you are an administrator, select the username of the downstream mailcow mailbox in the \"Username\" dropdown. Fill in the \"Host\" and \"Port\" fields with their respective correct values from the upstream IMAP server. In the \"Username\" and \"Password\" fields, supply the correct access credentials from the upstream IMAP server. Select the \"Encryption Method\". If the upstream IMAP server uses port 143, it is likely that the encryption method is TLS and SSL for port 993. Nevertheless, you can use PLAIN authentication, but it is stongly discouraged. For all ther other fields, you can leave them as is or modify them as desired. Make sure to tick \"Active\" and click \"Add\". Info Once Completed, log into the mailbox and check if all emails are imported correctly. If all goes well, all your mails shall end up in your new mailbox. And don't forget to delete or deactivate the sync job after it is used.","title":"Sync job migration"},{"location":"post_installation/firststeps-sync_jobs_migration/#setup-a-sync-job","text":"In the \"Configuration > Mail Setup\" or \"User Settings\" interface, create a new sync job. If you are an administrator, select the username of the downstream mailcow mailbox in the \"Username\" dropdown. Fill in the \"Host\" and \"Port\" fields with their respective correct values from the upstream IMAP server. In the \"Username\" and \"Password\" fields, supply the correct access credentials from the upstream IMAP server. Select the \"Encryption Method\". If the upstream IMAP server uses port 143, it is likely that the encryption method is TLS and SSL for port 993. Nevertheless, you can use PLAIN authentication, but it is stongly discouraged. For all ther other fields, you can leave them as is or modify them as desired. Make sure to tick \"Active\" and click \"Add\". Info Once Completed, log into the mailbox and check if all emails are imported correctly. If all goes well, all your mails shall end up in your new mailbox. And don't forget to delete or deactivate the sync job after it is used.","title":"Setup a Sync Job"},{"location":"prerequisite/prerequisite-dns/","text":"Below you can find a list of recommended DNS records . While some are mandatory for a mail server (A, MX), others are recommended to build a good reputation score (TXT/SPF) or used for auto-configuration of mail clients (SRV). References \u00b6 A good article covering all relevant topics: \"3 DNS Records Every Email Marketer Must Know\" Another great one, but Zimbra as an example platform: \"Best Practices on Email Protection: SPF, DKIM and DMARC\" An in-depth discussion of SPF, DKIM and DMARC: \"How to eliminate spam and protect your name with DMARC\" A thorough guide on understanding DMARC: \"Demystifying DMARC: A guide to preventing email spoofing\" Reverse DNS of your IP address \u00b6 Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1 . This record is usually set at the provider you leased the IP address (server) from. The minimal DNS configuration \u00b6 This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly. # Name Type Value mail IN A 1.2.3.4 autodiscover IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) autoconfig IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) @ IN MX 10 mail.example.org. (your ${MAILCOW_HOSTNAME}) Note: The mail DNS record which binds the subdomain to the given ip address must only be set for the domain on which mailcow is running and that is used to access the web interface. For every other mailcow managed domain, the MX record will route the traffic. DKIM, SPF and DMARC \u00b6 In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to (\" ~all \"). Please refer to SPF Project for further reading. # Name Type Value @ IN TXT \"v=spf1 mx a -all\" It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading. # Name Type Value dkim._domainkey IN TXT \"v=DKIM1; k=rsa; t=s; s=email; p=...\" The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant ( check ). # Name Type Value _dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org\" The advanced DNS configuration \u00b6 SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give \".\" as the target address (instead of \"mail.example.org.\"). Please refer to RFC 2782 . # Name Type Priority Weight Port Value _autodiscover._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _caldavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _caldavs._tcp IN TXT \"path=/SOGo/dav/\" _carddavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _carddavs._tcp IN TXT \"path=/SOGo/dav/\" _imap._tcp IN SRV 0 1 143 mail.example.org. (your ${MAILCOW_HOSTNAME}) _imaps._tcp IN SRV 0 1 993 mail.example.org. (your ${MAILCOW_HOSTNAME}) _pop3._tcp IN SRV 0 1 110 mail.example.org. (your ${MAILCOW_HOSTNAME}) _pop3s._tcp IN SRV 0 1 995 mail.example.org. (your ${MAILCOW_HOSTNAME}) _sieve._tcp IN SRV 0 1 4190 mail.example.org. (your ${MAILCOW_HOSTNAME}) _smtps._tcp IN SRV 0 1 465 mail.example.org. (your ${MAILCOW_HOSTNAME}) _submission._tcp IN SRV 0 1 587 mail.example.org. (your ${MAILCOW_HOSTNAME}) Testing \u00b6 Here are some tools you can use to verify your DNS configuration: MX Toolbox (DNS, SMTP, RBL) port25.com (DKIM, SPF) Mail-tester (DKIM, DMARC, SPF) DMARC Analyzer (DMARC, SPF) MultiRBL.valli.org (DNSBL, RBL, FCrDNS) Misc \u00b6 Optional DMARC Statistics \u00b6 If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own. Tip It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports. It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools available, but only a small few of the many choices. Postmaster Tool parsedmarc (self-hosted) Fraudmarc Postmark Dmarcian Tip These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary. Email test for SPF, DKIM and DMARC: \u00b6 To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following: ========================================================== Summary of Results ========================================================== SPF check: pass \"iprev\" check: pass DKIM check: pass DKIM check: pass SpamAssassin check: ham ========================================================== Details: ========================================================== .... The full report will contain more technical details. Fully Qualified Domain Name (FQDN) \u00b6 A Fully Qualified Domain Name ( FQDN ) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname, the domain name, and the Top Level Domain ( TLD for short). In the example of mx.mailcow.email the hostname would be mx , the domain name mailcow and the TLD email . \u21a9","title":"DNS setup"},{"location":"prerequisite/prerequisite-dns/#references","text":"A good article covering all relevant topics: \"3 DNS Records Every Email Marketer Must Know\" Another great one, but Zimbra as an example platform: \"Best Practices on Email Protection: SPF, DKIM and DMARC\" An in-depth discussion of SPF, DKIM and DMARC: \"How to eliminate spam and protect your name with DMARC\" A thorough guide on understanding DMARC: \"Demystifying DMARC: A guide to preventing email spoofing\"","title":"References"},{"location":"prerequisite/prerequisite-dns/#reverse-dns-of-your-ip-address","text":"Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1 . This record is usually set at the provider you leased the IP address (server) from.","title":"Reverse DNS of your IP address"},{"location":"prerequisite/prerequisite-dns/#the-minimal-dns-configuration","text":"This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly. # Name Type Value mail IN A 1.2.3.4 autodiscover IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) autoconfig IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME}) @ IN MX 10 mail.example.org. (your ${MAILCOW_HOSTNAME}) Note: The mail DNS record which binds the subdomain to the given ip address must only be set for the domain on which mailcow is running and that is used to access the web interface. For every other mailcow managed domain, the MX record will route the traffic.","title":"The minimal DNS configuration"},{"location":"prerequisite/prerequisite-dns/#dkim-spf-and-dmarc","text":"In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to (\" ~all \"). Please refer to SPF Project for further reading. # Name Type Value @ IN TXT \"v=spf1 mx a -all\" It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading. # Name Type Value dkim._domainkey IN TXT \"v=DKIM1; k=rsa; t=s; s=email; p=...\" The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant ( check ). # Name Type Value _dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org\"","title":"DKIM, SPF and DMARC"},{"location":"prerequisite/prerequisite-dns/#the-advanced-dns-configuration","text":"SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give \".\" as the target address (instead of \"mail.example.org.\"). Please refer to RFC 2782 . # Name Type Priority Weight Port Value _autodiscover._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _caldavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _caldavs._tcp IN TXT \"path=/SOGo/dav/\" _carddavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME}) _carddavs._tcp IN TXT \"path=/SOGo/dav/\" _imap._tcp IN SRV 0 1 143 mail.example.org. (your ${MAILCOW_HOSTNAME}) _imaps._tcp IN SRV 0 1 993 mail.example.org. (your ${MAILCOW_HOSTNAME}) _pop3._tcp IN SRV 0 1 110 mail.example.org. (your ${MAILCOW_HOSTNAME}) _pop3s._tcp IN SRV 0 1 995 mail.example.org. (your ${MAILCOW_HOSTNAME}) _sieve._tcp IN SRV 0 1 4190 mail.example.org. (your ${MAILCOW_HOSTNAME}) _smtps._tcp IN SRV 0 1 465 mail.example.org. (your ${MAILCOW_HOSTNAME}) _submission._tcp IN SRV 0 1 587 mail.example.org. (your ${MAILCOW_HOSTNAME})","title":"The advanced DNS configuration"},{"location":"prerequisite/prerequisite-dns/#testing","text":"Here are some tools you can use to verify your DNS configuration: MX Toolbox (DNS, SMTP, RBL) port25.com (DKIM, SPF) Mail-tester (DKIM, DMARC, SPF) DMARC Analyzer (DMARC, SPF) MultiRBL.valli.org (DNSBL, RBL, FCrDNS)","title":"Testing"},{"location":"prerequisite/prerequisite-dns/#misc","text":"","title":"Misc"},{"location":"prerequisite/prerequisite-dns/#optional-dmarc-statistics","text":"If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own. Tip It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports. It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools available, but only a small few of the many choices. Postmaster Tool parsedmarc (self-hosted) Fraudmarc Postmark Dmarcian Tip These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.","title":"Optional DMARC Statistics"},{"location":"prerequisite/prerequisite-dns/#email-test-for-spf-dkim-and-dmarc","text":"To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following: ========================================================== Summary of Results ========================================================== SPF check: pass \"iprev\" check: pass DKIM check: pass DKIM check: pass SpamAssassin check: ham ========================================================== Details: ========================================================== .... The full report will contain more technical details.","title":"Email test for SPF, DKIM and DMARC:"},{"location":"prerequisite/prerequisite-dns/#fully-qualified-domain-name-fqdn","text":"A Fully Qualified Domain Name ( FQDN ) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname, the domain name, and the Top Level Domain ( TLD for short). In the example of mx.mailcow.email the hostname would be mx , the domain name mailcow and the TLD email . \u21a9","title":"Fully Qualified Domain Name (FQDN)"},{"location":"prerequisite/prerequisite-system/","text":"Before you run mailcow: dockerized , there are a few requirements that you should check: Warning Do not try to install mailcow on a Synology/QNAP device (any NAS), OpenVZ, LXC or other container platforms. KVM, ESX, Hyper-V and other full virtualization platforms are supported. Info mailcow: dockerized requires some ports to be open for incoming connections, so make sure that your firewall is not blocking these. Make sure that no other application is interfering with mailcow's configuration, such as another mail service A correct DNS setup is crucial to every good mailserver setup, so please make sure you got at least the basics covered before you begin! Make sure that your system has a correct date and time setup . This is crucial for various components like two factor TOTP authentication. Minimum System Resources \u00b6 Not supported OpenVZ, Virtuozzo and LXC Please make sure that your system has at least the following resources: Resource mailcow: dockerized CPU 1 GHz RAM Minimum 6 GiB + 1 GiB swap (default config) Disk 20 GiB (without emails) System Type x86_64 ClamAV and Solr can be greedy with RAM. You may disable them in mailcow.conf by settings SKIP_CLAMD=y and SKIP_SOLR=y . Info We are aware that a pure MTA can run on 128 MiB RAM. mailcow is a full-grown and ready-to-use groupware with many extras making life easier. mailcow comes with a webserver, webmailer, ActiveSync (MS), antivirus, antispam, indexing (Solr), document scanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, various web services etc. A single SOGo worker can acquire ~350 MiB RAM before it gets purged. The more ActiveSync connections you plan to use, the more RAM you will need. A default configuration spawns 20 workers. RAM usage examples \u00b6 A company with 15 phones (EAS enabled) and about 50 concurrent IMAP connections should plan 16 GiB RAM. 6 GiB RAM + 1 GiB swap are fine for most private installations while 8 GiB RAM are recommended for ~5 to 10 users. We can help to correctly plan your setup as part of our support. Supported OS \u00b6 Basically, mailcow can be used on any distribution that is supported by Docker CE (see https://docs.docker.com/install/ ). However, in some cases there may be incompatibilities between the operating systems and the mailcow components. The following table contains all operating systems officially supported and tested by us ( as of November 2022 ): OS Compatibility Alpine 3.16 and older \u26a0\ufe0f Centos 7 \u2705 Debian 10, 11 \u2705 Ubuntu 18.04, 20.04, 22.04 \u2705 Rocky Linux 9 \u2754 Legend \u2705 = Works out of the box using the instructions. \u26a0\ufe0f = Requires some manual adjustments otherwise usable. \u274c = In general NOT Compatible . \u2754 = Pending. Note: All other operating systems (not mentioned) may also work, but have not been officially tested. Firewall & Ports \u00b6 Please check if any of mailcow's standard ports are open and not in use by other applications: ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' # or: netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' Danger There are several problems with running mailcow on a firewalld/ufw enabled system. You should disable it (if possible) and move your ruleset to the DOCKER-USER chain, which is not cleared by a Docker service restart, instead. See this (blog.donnex.net) or this (unrouted.io) guide for information about how to use iptables-persistent with the DOCKER-USER chain. As mailcow runs dockerized, INPUT rules have no effect on restricting access to mailcow. Use the FORWARD chain instead. If this command returns any results please remove or stop the application running on that port. You may also adjust mailcows ports via the mailcow.conf configuration file. Default Ports \u00b6 If you have a firewall in front of mailcow, please make sure that these ports are open for incoming connections: Service Protocol Port Container Variable Postfix SMTP TCP 25 postfix-mailcow ${SMTP_PORT} Postfix SMTPS TCP 465 postfix-mailcow ${SMTPS_PORT} Postfix Submission TCP 587 postfix-mailcow ${SUBMISSION_PORT} Dovecot IMAP TCP 143 dovecot-mailcow ${IMAP_PORT} Dovecot IMAPS TCP 993 dovecot-mailcow ${IMAPS_PORT} Dovecot POP3 TCP 110 dovecot-mailcow ${POP_PORT} Dovecot POP3S TCP 995 dovecot-mailcow ${POPS_PORT} Dovecot ManageSieve TCP 4190 dovecot-mailcow ${SIEVE_PORT} HTTP(S) TCP 80/443 nginx-mailcow ${HTTP_PORT} / ${HTTPS_PORT} To bind a service to an IP address, you can prepend the IP like this: SMTP_PORT=1.2.3.4:25 Important : You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use HTTP_PORT=1234 and HTTP_BIND=1.2.3.4 instead. Important for Hetzner firewalls \u00b6 Quoting https://github.com/chermsen via https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (THANK YOU!): For all who are struggling with the Hetzner firewall: Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied: For TCP SRC-IP: --- DST IP: --- SRC Port: --- DST Port: 1024-65535 Protocol: tcp TCP flags: ack Action: Accept For UDP SRC-IP: --- DST IP: --- SRC Port: --- DST Port: 1024-65535 Protocol: udp Action: Accept If you want to apply a more restrictive port range you have to change the config of unbound first (after installation): {mailcow-dockerized}/data/conf/unbound/unbound.conf: outgoing-port-avoid: 0-32767 Now the firewall rules can be adjusted as follows: [...] DST Port: 32768-65535 [...] Date and Time \u00b6 To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status : $ timedatectl status Local time: Sat 2017-05-06 02:12:33 CEST Universal time: Sat 2017-05-06 00:12:33 UTC RTC time: Sat 2017-05-06 00:12:32 Time zone: Europe/Berlin (CEST, +0200) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2017-03-26 01:59:59 CET Sun 2017-03-26 03:00:00 CEST Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2017-10-29 02:59:59 CEST Sun 2017-10-29 02:00:00 CET The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized. To enable NTP you need to run the command timedatectl set-ntp true . You also need to edit your /etc/systemd/timesyncd.conf : # vim /etc/systemd/timesyncd.conf [Time] NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org Hetzner Cloud (and probably others) \u00b6 Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0: # Wrong: auto eth0:0 iface eth0:0 inet6 static # Right: auto eth0 iface eth0 inet6 static Reboot or restart the interface. You may want to disable cloud-init network changes. MTU \u00b6 Especially relevant for OpenStack users: Check your MTU and set it accordingly in docker-compose.yml. See Troubleshooting in our Installation guide.","title":"Prepare your system"},{"location":"prerequisite/prerequisite-system/#minimum-system-resources","text":"Not supported OpenVZ, Virtuozzo and LXC Please make sure that your system has at least the following resources: Resource mailcow: dockerized CPU 1 GHz RAM Minimum 6 GiB + 1 GiB swap (default config) Disk 20 GiB (without emails) System Type x86_64 ClamAV and Solr can be greedy with RAM. You may disable them in mailcow.conf by settings SKIP_CLAMD=y and SKIP_SOLR=y . Info We are aware that a pure MTA can run on 128 MiB RAM. mailcow is a full-grown and ready-to-use groupware with many extras making life easier. mailcow comes with a webserver, webmailer, ActiveSync (MS), antivirus, antispam, indexing (Solr), document scanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, various web services etc. A single SOGo worker can acquire ~350 MiB RAM before it gets purged. The more ActiveSync connections you plan to use, the more RAM you will need. A default configuration spawns 20 workers.","title":"Minimum System Resources"},{"location":"prerequisite/prerequisite-system/#ram-usage-examples","text":"A company with 15 phones (EAS enabled) and about 50 concurrent IMAP connections should plan 16 GiB RAM. 6 GiB RAM + 1 GiB swap are fine for most private installations while 8 GiB RAM are recommended for ~5 to 10 users. We can help to correctly plan your setup as part of our support.","title":"RAM usage examples"},{"location":"prerequisite/prerequisite-system/#supported-os","text":"Basically, mailcow can be used on any distribution that is supported by Docker CE (see https://docs.docker.com/install/ ). However, in some cases there may be incompatibilities between the operating systems and the mailcow components. The following table contains all operating systems officially supported and tested by us ( as of November 2022 ): OS Compatibility Alpine 3.16 and older \u26a0\ufe0f Centos 7 \u2705 Debian 10, 11 \u2705 Ubuntu 18.04, 20.04, 22.04 \u2705 Rocky Linux 9 \u2754 Legend \u2705 = Works out of the box using the instructions. \u26a0\ufe0f = Requires some manual adjustments otherwise usable. \u274c = In general NOT Compatible . \u2754 = Pending. Note: All other operating systems (not mentioned) may also work, but have not been officially tested.","title":"Supported OS"},{"location":"prerequisite/prerequisite-system/#firewall-ports","text":"Please check if any of mailcow's standard ports are open and not in use by other applications: ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' # or: netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' Danger There are several problems with running mailcow on a firewalld/ufw enabled system. You should disable it (if possible) and move your ruleset to the DOCKER-USER chain, which is not cleared by a Docker service restart, instead. See this (blog.donnex.net) or this (unrouted.io) guide for information about how to use iptables-persistent with the DOCKER-USER chain. As mailcow runs dockerized, INPUT rules have no effect on restricting access to mailcow. Use the FORWARD chain instead. If this command returns any results please remove or stop the application running on that port. You may also adjust mailcows ports via the mailcow.conf configuration file.","title":"Firewall & Ports"},{"location":"prerequisite/prerequisite-system/#default-ports","text":"If you have a firewall in front of mailcow, please make sure that these ports are open for incoming connections: Service Protocol Port Container Variable Postfix SMTP TCP 25 postfix-mailcow ${SMTP_PORT} Postfix SMTPS TCP 465 postfix-mailcow ${SMTPS_PORT} Postfix Submission TCP 587 postfix-mailcow ${SUBMISSION_PORT} Dovecot IMAP TCP 143 dovecot-mailcow ${IMAP_PORT} Dovecot IMAPS TCP 993 dovecot-mailcow ${IMAPS_PORT} Dovecot POP3 TCP 110 dovecot-mailcow ${POP_PORT} Dovecot POP3S TCP 995 dovecot-mailcow ${POPS_PORT} Dovecot ManageSieve TCP 4190 dovecot-mailcow ${SIEVE_PORT} HTTP(S) TCP 80/443 nginx-mailcow ${HTTP_PORT} / ${HTTPS_PORT} To bind a service to an IP address, you can prepend the IP like this: SMTP_PORT=1.2.3.4:25 Important : You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use HTTP_PORT=1234 and HTTP_BIND=1.2.3.4 instead.","title":"Default Ports"},{"location":"prerequisite/prerequisite-system/#important-for-hetzner-firewalls","text":"Quoting https://github.com/chermsen via https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (THANK YOU!): For all who are struggling with the Hetzner firewall: Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied: For TCP SRC-IP: --- DST IP: --- SRC Port: --- DST Port: 1024-65535 Protocol: tcp TCP flags: ack Action: Accept For UDP SRC-IP: --- DST IP: --- SRC Port: --- DST Port: 1024-65535 Protocol: udp Action: Accept If you want to apply a more restrictive port range you have to change the config of unbound first (after installation): {mailcow-dockerized}/data/conf/unbound/unbound.conf: outgoing-port-avoid: 0-32767 Now the firewall rules can be adjusted as follows: [...] DST Port: 32768-65535 [...]","title":"Important for Hetzner firewalls"},{"location":"prerequisite/prerequisite-system/#date-and-time","text":"To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status : $ timedatectl status Local time: Sat 2017-05-06 02:12:33 CEST Universal time: Sat 2017-05-06 00:12:33 UTC RTC time: Sat 2017-05-06 00:12:32 Time zone: Europe/Berlin (CEST, +0200) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2017-03-26 01:59:59 CET Sun 2017-03-26 03:00:00 CEST Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2017-10-29 02:59:59 CEST Sun 2017-10-29 02:00:00 CET The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized. To enable NTP you need to run the command timedatectl set-ntp true . You also need to edit your /etc/systemd/timesyncd.conf : # vim /etc/systemd/timesyncd.conf [Time] NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org","title":"Date and Time"},{"location":"prerequisite/prerequisite-system/#hetzner-cloud-and-probably-others","text":"Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0: # Wrong: auto eth0:0 iface eth0:0 inet6 static # Right: auto eth0 iface eth0 inet6 static Reboot or restart the interface. You may want to disable cloud-init network changes.","title":"Hetzner Cloud (and probably others)"},{"location":"prerequisite/prerequisite-system/#mtu","text":"Especially relevant for OpenStack users: Check your MTU and set it accordingly in docker-compose.yml. See Troubleshooting in our Installation guide.","title":"MTU"},{"location":"third_party/borgmatic/third_party-borgmatic/","text":"Borgmatic Backup \u00b6 Introduction \u00b6 Borgmatic is a great way to run backups on your Mailcow setup as it securely encrypts your data and is extremely easy to set up. Due to it's deduplication capabilities you can store a great number of backups without wasting large amounts of disk space. This allows you to run backups in very short intervals to ensure minimal data loss when the need arises to recover data from a backup. This document guides you through the process to enable continuous backups for mailcow with borgmatic. The borgmatic functionality is provided by the borgmatic Docker image . Check out the README in that repository to find out about the other options (such as push notifications) that are available. This guide only covers the basics. Setting up borgmatic \u00b6 Create or amend docker-compose.override.yml \u00b6 In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following configuration: version : '2.1' services : borgmatic-mailcow : image : ghcr.io/borgmatic-collective/borgmatic hostname : mailcow restart : always dns : ${IPV4_NETWORK:-172.22.1}.254 volumes : - vmail-vol-1:/mnt/source/vmail:ro - crypt-vol-1:/mnt/source/crypt:ro - redis-vol-1:/mnt/source/redis:ro,z - rspamd-vol-1:/mnt/source/rspamd:ro,z - postfix-vol-1:/mnt/source/postfix:ro,z - mysql-socket-vol-1:/var/run/mysqld/:z - borg-config-vol-1:/root/.config/borg:Z - borg-cache-vol-1:/root/.cache/borg:Z - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z - ./data/conf/borgmatic/ssh:/root/.ssh:Z environment : - TZ=${TZ} - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere networks : mailcow-network : aliases : - borgmatic volumes : borg-cache-vol-1 : borg-config-vol-1 : Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing. For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove the ro flag prior to restoring the data. This is described in the section on restoring backups. Create data/conf/borgmatic/etc/config.yaml \u00b6 Next, we need to create the borgmatic configuration. source mailcow.conf cat < data/conf/borgmatic/etc/config.yaml location: source_directories: - /mnt/source repositories: - ssh://user@rsync.net:22/./mailcow exclude_patterns: - '/mnt/source/postfix/public/' - '/mnt/source/postfix/private/' - '/mnt/source/rspamd/rspamd.sock' retention: keep_hourly: 24 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 prefix: \"\" hooks: mysql_databases: - name: ${DBNAME} username: ${DBUSER} password: ${DBPASS} options: --default-character-set=utf8mb4 EOF Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf . This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is all you should need to restore your mailcow setup after an incident. The retention settings will keep one archive for each hour of the past 24 hours, one per day of the week, one per week of the month and one per month of the past half year. Check the borgmatic documentation on how to use other types of repositories or configuration options. If you choose to use a local filesystem as a backup destination make sure to mount it into the container. The container defines a volume called /mnt/borg-repository for this purpose. Note If you do not use rsync.net you can most likely drop the remote_path element from your config. Create a crontab \u00b6 Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content: 14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1 This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past the hour and log some nice stats at the end. Place SSH keys in folder \u00b6 Place the SSH keys you intend to use for remote repository connections in data/conf/borgmatic/ssh . OpenSSH expects the usual id_rsa , id_ed25519 or similar to be in this directory. Ensure the file is chmod 600 and not world readable or OpenSSH will refuse to use the SSH key. Bring up the container \u00b6 For the next step we need the container to be up and running in a configured state. To do that run: docker compose up -d Initialize the repository \u00b6 By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being initialized. To initialize the repository run: docker compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2 You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm the prompt by entering yes . The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE environment variable earlier. When using any of the repokey encryption methods the encryption key will be stored in the repository itself and not on the client, so there is no further action required in this regard. If you decide to use a keyfile instead of a repokey make sure you export the key and back it up separately. Check the Exporting Keys section for how to retrieve the key. Restart container \u00b6 Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined state: docker compose restart borgmatic-mailcow Restoring from a backup \u00b6 Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have any custom data in your maildir or your mailcow database. Restore maildir \u00b6 Warning Doing this will overwrite files in your maildir! Do not run this unless you actually intend to recover mail files from a backup. If you use SELinux in Enforcing mode If you are using mailcow on a host with SELinux in Enforcing mode you will have to temporarily disable it during extraction of the archive as the mailcow setup labels the vmail volume as private, belonging to the dovecot container exclusively. SELinux will (rightfully) prevent any other container, such as the borgmatic container, from writing to this volume. Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing the ro flag from the volume. Then you can use the following command to restore the maildir from a backup: docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest Alternatively you can specify any archive name from the list of archives (see Listing all available archives ) Restore MySQL \u00b6 Warning Running this command will delete and recreate the mailcow database! Do not run this unless you actually intend to recover the mailcow database from a backup. To restore the MySQL database from the latest archive use this command: docker compose exec borgmatic-mailcow borgmatic restore --archive latest Alternatively you can specify any archive name from the list of archives (see Listing all available archives ) After restoring \u00b6 After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to re-enable it. To restart mailcow use the follwing command: docker compose down && docker compose up -d If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may take a while if you have lots of files. Useful commands \u00b6 Manual archiving run (with debugging output) \u00b6 docker compose exec borgmatic-mailcow borgmatic -v 2 Listing all available archives \u00b6 docker compose exec borgmatic-mailcow borgmatic list Break lock \u00b6 When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any new operations can be performed: docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow Where user@rsync.net:mailcow is the URI to your repository. Now would be a good time to do a manual archiving run to ensure it can be successfully performed. Exporting keys \u00b6 When using any of the keyfile methods for encryption you MUST take care of backing up the key files yourself. The key files are generated when you initialize the repository. The repokey methods store the key file within the repository, so a manual backup isn't as essential. Note that in either case you also must have the passphrase to decrypt any archives. To fetch the keyfile run: docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow Where user@rsync.net:mailcow is the URI to your repository.","title":"Borgmatic Backup"},{"location":"third_party/borgmatic/third_party-borgmatic/#borgmatic-backup","text":"","title":"Borgmatic Backup"},{"location":"third_party/borgmatic/third_party-borgmatic/#introduction","text":"Borgmatic is a great way to run backups on your Mailcow setup as it securely encrypts your data and is extremely easy to set up. Due to it's deduplication capabilities you can store a great number of backups without wasting large amounts of disk space. This allows you to run backups in very short intervals to ensure minimal data loss when the need arises to recover data from a backup. This document guides you through the process to enable continuous backups for mailcow with borgmatic. The borgmatic functionality is provided by the borgmatic Docker image . Check out the README in that repository to find out about the other options (such as push notifications) that are available. This guide only covers the basics.","title":"Introduction"},{"location":"third_party/borgmatic/third_party-borgmatic/#setting-up-borgmatic","text":"","title":"Setting up borgmatic"},{"location":"third_party/borgmatic/third_party-borgmatic/#create-or-amend-docker-composeoverrideyml","text":"In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following configuration: version : '2.1' services : borgmatic-mailcow : image : ghcr.io/borgmatic-collective/borgmatic hostname : mailcow restart : always dns : ${IPV4_NETWORK:-172.22.1}.254 volumes : - vmail-vol-1:/mnt/source/vmail:ro - crypt-vol-1:/mnt/source/crypt:ro - redis-vol-1:/mnt/source/redis:ro,z - rspamd-vol-1:/mnt/source/rspamd:ro,z - postfix-vol-1:/mnt/source/postfix:ro,z - mysql-socket-vol-1:/var/run/mysqld/:z - borg-config-vol-1:/root/.config/borg:Z - borg-cache-vol-1:/root/.cache/borg:Z - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z - ./data/conf/borgmatic/ssh:/root/.ssh:Z environment : - TZ=${TZ} - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere networks : mailcow-network : aliases : - borgmatic volumes : borg-cache-vol-1 : borg-config-vol-1 : Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing. For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove the ro flag prior to restoring the data. This is described in the section on restoring backups.","title":"Create or amend docker-compose.override.yml"},{"location":"third_party/borgmatic/third_party-borgmatic/#create-dataconfborgmaticetcconfigyaml","text":"Next, we need to create the borgmatic configuration. source mailcow.conf cat < data/conf/borgmatic/etc/config.yaml location: source_directories: - /mnt/source repositories: - ssh://user@rsync.net:22/./mailcow exclude_patterns: - '/mnt/source/postfix/public/' - '/mnt/source/postfix/private/' - '/mnt/source/rspamd/rspamd.sock' retention: keep_hourly: 24 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 prefix: \"\" hooks: mysql_databases: - name: ${DBNAME} username: ${DBUSER} password: ${DBPASS} options: --default-character-set=utf8mb4 EOF Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf . This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is all you should need to restore your mailcow setup after an incident. The retention settings will keep one archive for each hour of the past 24 hours, one per day of the week, one per week of the month and one per month of the past half year. Check the borgmatic documentation on how to use other types of repositories or configuration options. If you choose to use a local filesystem as a backup destination make sure to mount it into the container. The container defines a volume called /mnt/borg-repository for this purpose. Note If you do not use rsync.net you can most likely drop the remote_path element from your config.","title":"Create data/conf/borgmatic/etc/config.yaml"},{"location":"third_party/borgmatic/third_party-borgmatic/#create-a-crontab","text":"Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content: 14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1 This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past the hour and log some nice stats at the end.","title":"Create a crontab"},{"location":"third_party/borgmatic/third_party-borgmatic/#place-ssh-keys-in-folder","text":"Place the SSH keys you intend to use for remote repository connections in data/conf/borgmatic/ssh . OpenSSH expects the usual id_rsa , id_ed25519 or similar to be in this directory. Ensure the file is chmod 600 and not world readable or OpenSSH will refuse to use the SSH key.","title":"Place SSH keys in folder"},{"location":"third_party/borgmatic/third_party-borgmatic/#bring-up-the-container","text":"For the next step we need the container to be up and running in a configured state. To do that run: docker compose up -d","title":"Bring up the container"},{"location":"third_party/borgmatic/third_party-borgmatic/#initialize-the-repository","text":"By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being initialized. To initialize the repository run: docker compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2 You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm the prompt by entering yes . The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE environment variable earlier. When using any of the repokey encryption methods the encryption key will be stored in the repository itself and not on the client, so there is no further action required in this regard. If you decide to use a keyfile instead of a repokey make sure you export the key and back it up separately. Check the Exporting Keys section for how to retrieve the key.","title":"Initialize the repository"},{"location":"third_party/borgmatic/third_party-borgmatic/#restart-container","text":"Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined state: docker compose restart borgmatic-mailcow","title":"Restart container"},{"location":"third_party/borgmatic/third_party-borgmatic/#restoring-from-a-backup","text":"Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have any custom data in your maildir or your mailcow database.","title":"Restoring from a backup"},{"location":"third_party/borgmatic/third_party-borgmatic/#restore-maildir","text":"Warning Doing this will overwrite files in your maildir! Do not run this unless you actually intend to recover mail files from a backup. If you use SELinux in Enforcing mode If you are using mailcow on a host with SELinux in Enforcing mode you will have to temporarily disable it during extraction of the archive as the mailcow setup labels the vmail volume as private, belonging to the dovecot container exclusively. SELinux will (rightfully) prevent any other container, such as the borgmatic container, from writing to this volume. Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing the ro flag from the volume. Then you can use the following command to restore the maildir from a backup: docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest Alternatively you can specify any archive name from the list of archives (see Listing all available archives )","title":"Restore maildir"},{"location":"third_party/borgmatic/third_party-borgmatic/#restore-mysql","text":"Warning Running this command will delete and recreate the mailcow database! Do not run this unless you actually intend to recover the mailcow database from a backup. To restore the MySQL database from the latest archive use this command: docker compose exec borgmatic-mailcow borgmatic restore --archive latest Alternatively you can specify any archive name from the list of archives (see Listing all available archives )","title":"Restore MySQL"},{"location":"third_party/borgmatic/third_party-borgmatic/#after-restoring","text":"After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to re-enable it. To restart mailcow use the follwing command: docker compose down && docker compose up -d If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may take a while if you have lots of files.","title":"After restoring"},{"location":"third_party/borgmatic/third_party-borgmatic/#useful-commands","text":"","title":"Useful commands"},{"location":"third_party/borgmatic/third_party-borgmatic/#manual-archiving-run-with-debugging-output","text":"docker compose exec borgmatic-mailcow borgmatic -v 2","title":"Manual archiving run (with debugging output)"},{"location":"third_party/borgmatic/third_party-borgmatic/#listing-all-available-archives","text":"docker compose exec borgmatic-mailcow borgmatic list","title":"Listing all available archives"},{"location":"third_party/borgmatic/third_party-borgmatic/#break-lock","text":"When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any new operations can be performed: docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow Where user@rsync.net:mailcow is the URI to your repository. Now would be a good time to do a manual archiving run to ensure it can be successfully performed.","title":"Break lock"},{"location":"third_party/borgmatic/third_party-borgmatic/#exporting-keys","text":"When using any of the keyfile methods for encryption you MUST take care of backing up the key files yourself. The key files are generated when you initialize the repository. The repokey methods store the key file within the repository, so a manual backup isn't as essential. Note that in either case you also must have the passphrase to decrypt any archives. To fetch the keyfile run: docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow Where user@rsync.net:mailcow is the URI to your repository.","title":"Exporting keys"},{"location":"third_party/checkmk/u_e-checkmk/","text":"Mailcow provides the ability to check for updates using its own update script. If you want to check for mailcow updates using checkmk, you can create an executable file in the local directory of the checkmk agent (typically /usr/lib/check_mk_agent/local/ ) with the name mailcow_update and the following content: #!/bin/bash cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null status=$? if [ $status -eq 3 ]; then echo \"0 \\\"mailcow_update\\\" mailcow_update=0;1;;0;1 No updates available.\" elif [ $status -eq 0 ]; then echo \"1 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\" else echo \"3 \\\"mailcow_update\\\" - Unknown output from update script ...\" fi exit If the mailcow installation directory is not /opt/ , adjust this in the 2nd line. After that re-inventory the services for your mailcow host in checmk and a new check named mailcow_update should be selectable. This will run the mailcow_update everytime checkmk agent is checked, you can cache the result by placing the script in a subfolder named the number of seconds you wish to cache it. \\ /usr/lib/check_mk_agent/local/3600/ will cache the response for an 3600 seconds (1 hour). Screenshots \u00b6 No updates available \u00b6 If there are no updates available, OK is displayed. New updates available \u00b6 If updates are available, WARN is displayed. If CRIT is desired instead, replace the 7th line with the following: echo \"2 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\" Detailed check output \u00b6 This provides a link to mailcow's GitHub commits, if updates are available. Metrics are also displayed ( not only when updates are available): 0 = No updates available 1 = New updates available","title":"CheckMK"},{"location":"third_party/checkmk/u_e-checkmk/#screenshots","text":"","title":"Screenshots"},{"location":"third_party/checkmk/u_e-checkmk/#no-updates-available","text":"If there are no updates available, OK is displayed.","title":"No updates available"},{"location":"third_party/checkmk/u_e-checkmk/#new-updates-available","text":"If updates are available, WARN is displayed. If CRIT is desired instead, replace the 7th line with the following: echo \"2 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\"","title":"New updates available"},{"location":"third_party/checkmk/u_e-checkmk/#detailed-check-output","text":"This provides a link to mailcow's GitHub commits, if updates are available. Metrics are also displayed ( not only when updates are available): 0 = No updates available 1 = New updates available","title":"Detailed check output"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/","text":"Using Microsoft Exchange in a hybrid setup is possible with mailcow. With this setup you can add mailboxes on your mailcow and still use Exchange Online Protection . All mailboxes setup in Exchange will receive their mails as usual , while with the hybrid approach additional Mailboxes can be setup in mailcow without any further configuration. This setup becomes very handy if you have enabled the Office 365 security defaults and third party applications can no longer login into your mailboxes by any of the supported methods . Requirements \u00b6 The mx Record of your domain needs to point at the Exchange mail service. Log into your Admin center and look out for the dns settings of your domain to find your personalized gateway domain. It should look like this contoso-com.mail.protection.outlook.com . Contact your domain registrant to get further information on how to change mx record. The domain you want to have additional mailboxes for must be setup as internal relay domain in Exchange. Log in to your Exchange Admin Center Select the mail flow pane and click on accepted domains Select the domain and switch it from authorative to internal relay Set up the mailcow \u00b6 Your mailcow needs to relay all mails to your personalized Exchange Host. It is the same host address we already looked up for the mx Record. Add the domain to your mailcow Add your personalized Exchange Host address as relayhost Add your personalized Exchange Host address as forwarding host to unconditionally accepted all relayed mails from Exchange. (Admin > Configuration & Details > Configuration Dropdown > Forwarding Hosts) Go to the domain settings and select the newly added host on the Sender-dependent transports dropdown. Enable relaying by ticking the Relay this domain , Relay all recipients and the Relay non-existing mailboxes only. checkboxes Info From now on your mailcow will accept all mails relayed from Exchange. The inbound filtering and so the neural learning of your cow will no longer work . Because all mails are routed through Exchange the filtering process is handled there . Set up Connectors in Exchange \u00b6 All mail traffic now goes through Exchange. At this point the Exchange Online Protection already filters all incoming and outgoing mails. Now we need to set up two connectors to relay incoming mails from our Exchange Service to the mailcow and another one to allow mails relayed from the mailcow to our exchange service. You can follow the official guide from Microsoft . Warning For the connector that handles mails from your mailcow to Exchange Microsoft offers two ways of authenticating it. The recommended way is to use a tls certificate configured with a subject name that matches an accepted domain in Exchange. Otherwise you need to choose authentication with the static ip address of your mailcow. Validating \u00b6 The easiest way to validate the hybrid setup is by sending a mail from the internet to a mailbox that only exists on the mailcow and vice versa. Common Issues \u00b6 The connector validation from Exchange to your mailcow failed with 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup Possible Solution: Your domain is not set up as internal relay . Exchange therefore cannot find the recipient Mails sent from the mailcow to a mailbox in the internet cannot be sent. Non Delivery Report with error 550 5.7.64 TenantAttribution; Relay Access Denied Possible Solution: The authentication method failed. Make sure the certificate subject matches an accepted domain in Exchange. Try authenticating by static ip instead. Microsoft Guide for the connector setup and additional requirements: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment","title":"Exchange Hybrid Setup"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/#requirements","text":"The mx Record of your domain needs to point at the Exchange mail service. Log into your Admin center and look out for the dns settings of your domain to find your personalized gateway domain. It should look like this contoso-com.mail.protection.outlook.com . Contact your domain registrant to get further information on how to change mx record. The domain you want to have additional mailboxes for must be setup as internal relay domain in Exchange. Log in to your Exchange Admin Center Select the mail flow pane and click on accepted domains Select the domain and switch it from authorative to internal relay","title":"Requirements"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/#set-up-the-mailcow","text":"Your mailcow needs to relay all mails to your personalized Exchange Host. It is the same host address we already looked up for the mx Record. Add the domain to your mailcow Add your personalized Exchange Host address as relayhost Add your personalized Exchange Host address as forwarding host to unconditionally accepted all relayed mails from Exchange. (Admin > Configuration & Details > Configuration Dropdown > Forwarding Hosts) Go to the domain settings and select the newly added host on the Sender-dependent transports dropdown. Enable relaying by ticking the Relay this domain , Relay all recipients and the Relay non-existing mailboxes only. checkboxes Info From now on your mailcow will accept all mails relayed from Exchange. The inbound filtering and so the neural learning of your cow will no longer work . Because all mails are routed through Exchange the filtering process is handled there .","title":"Set up the mailcow"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/#set-up-connectors-in-exchange","text":"All mail traffic now goes through Exchange. At this point the Exchange Online Protection already filters all incoming and outgoing mails. Now we need to set up two connectors to relay incoming mails from our Exchange Service to the mailcow and another one to allow mails relayed from the mailcow to our exchange service. You can follow the official guide from Microsoft . Warning For the connector that handles mails from your mailcow to Exchange Microsoft offers two ways of authenticating it. The recommended way is to use a tls certificate configured with a subject name that matches an accepted domain in Exchange. Otherwise you need to choose authentication with the static ip address of your mailcow.","title":"Set up Connectors in Exchange"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/#validating","text":"The easiest way to validate the hybrid setup is by sending a mail from the internet to a mailbox that only exists on the mailcow and vice versa.","title":"Validating"},{"location":"third_party/exchange_onprem/third_party-exchange_onprem/#common-issues","text":"The connector validation from Exchange to your mailcow failed with 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup Possible Solution: Your domain is not set up as internal relay . Exchange therefore cannot find the recipient Mails sent from the mailcow to a mailbox in the internet cannot be sent. Non Delivery Report with error 550 5.7.64 TenantAttribution; Relay Access Denied Possible Solution: The authentication method failed. Make sure the certificate subject matches an accepted domain in Exchange. Try authenticating by static ip instead. Microsoft Guide for the connector setup and additional requirements: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment","title":"Common Issues"},{"location":"third_party/gitea/third_party-gitea/","text":"With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed: 1. Open docker-compose.override.yml and add gitea: version: '2.1' services: gitea-mailcow: image: gitea/gitea:1 volumes: - ./data/gitea:/data networks: mailcow-network: aliases: - gitea ports: - \"${GITEA_SSH_PORT:-127.0.0.1:4000}:22\" 2. Create data/conf/nginx/site.gitea.custom , add: location /gitea/ { proxy_pass http://gitea:3000/; } 3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example: GITEA_SSH_PORT=127.0.0.1:4000 5. Run docker compose up -d to bring up the gitea container and run docker compose restart nginx-mailcow afterwards. 6. If you forced mailcow to https, execute step 9 and restart gitea with docker compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/ 7. Open http://${MAILCOW_HOSTNAME}/gitea/ , for example http://mx.example.org/gitea/ . For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password. 8. Once the installation is complete, login as admin and set \"settings\" -> \"authorization\" -> \"enable SMTP\". SMTP Host should be postfix with port 587 , set Skip TLS Verify as we are using an unlisted SAN (\"postfix\" is most likely not part of your certificate). 9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values. [server] SSH_LISTEN_PORT = 22 # For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set: SSH_DOMAIN = 127.0.0.1 SSH_PORT = 4000 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set: ROOT_URL = https://mx.example.org/gitea/ 10. Restart gitea with docker compose restart gitea-mailcow . Your users should be able to login with mailcow managed accounts.","title":"Gitea"},{"location":"third_party/gogs/third_party-gogs/","text":"With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed: 1. Open docker-compose.override.yml and add Gogs: version: '2.1' services: gogs-mailcow: image: gogs/gogs volumes: - ./data/gogs:/data networks: mailcow-network: aliases: - gogs ports: - \"${GOGS_SSH_PORT:-127.0.0.1:4000}:22\" 2. Create data/conf/nginx/site.gogs.custom , add: location /gogs/ { proxy_pass http://gogs:3000/; } 3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example: GOGS_SSH_PORT=127.0.0.1:4000 5. Run docker compose up -d to bring up the Gogs container and run docker compose restart nginx-mailcow afterwards. 6. Open http://${MAILCOW_HOSTNAME}/gogs/ , for example http://mx.example.org/gogs/ . For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password. 7. Once the installation is complete, login as admin and set \"settings\" -> \"authorization\" -> \"enable SMTP\". SMTP Host should be postfix with port 587 , set Skip TLS Verify as we are using an unlisted SAN (\"postfix\" is most likely not part of your certificate). 8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values. [server] SSH_LISTEN_PORT = 22 # For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set: SSH_DOMAIN = 127.0.0.1 SSH_PORT = 4000 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set: ROOT_URL = https://mx.example.org/gogs/ 9. Restart Gogs with docker compose restart gogs-mailcow . Your users should be able to login with mailcow managed accounts.","title":"Gogs"},{"location":"third_party/mailman3/third_party-mailman3/","text":"Installing mailcow and Mailman 3 based on dockerized versions \u00b6 Info This guide is a copy from dockerized-mailcow-mailman . Please post issues, questions and improvements in the issue tracker there. Warning mailcow is not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity! Introduction \u00b6 This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve mailcow and Mailman in their own installations for independent updates. There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of: mailcow-mailman3-dockerized by Shadowghost mailman-mailcow-integration After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends. The operating system used is an Ubuntu 20.04 LTS . Installation \u00b6 This guide is based on different steps: DNS setup Install Apache as a reverse proxy Obtain SSL certificates with Let's Encrypt Install mailcow with Mailman integration Install Mailman \ud83c\udfc3 Run DNS setup \u00b6 Most of the configuration is covered by mailcow s DNS setup . After finishing this setup add another subdomain for Mailman , e.g. lists.example.org that points to the same server: # Name Type Value lists IN A 1.2.3.4 lists IN AAAA dead:beef Install Apache as a reverse proxy \u00b6 Install Apache , e.g. with this guide from Digital Ocean : How To Install the Apache Web Server on Ubuntu 20.04 . Activate certain Apache modules (as root or sudo ): a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2 Maybe you have to install further packages to get these modules. This PPA by Ond\u0159ej Sur\u00fd may help you. vHost configuration \u00b6 Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available ). Change in mailcow.conf : - MAILCOW_HOSTNAME to your MAILCOW_HOSTNAME Change in mailman.conf : - MAILMAN_DOMAIN to your Mailman domain (e.g. lists.example.org ) Don't activate the configuration, as the ssl certificates and directories are missing yet. Obtain SSL certificates with Let's Encrypt \u00b6 Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox : https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN Install certbot (as root or sudo ): apt install certbot Get the desired certificates (as root or sudo ): certbot certonly -d MAILCOW_HOSTNAME certbot certonly -d MAILMAN_DOMAIN Install mailcow with Mailman integration \u00b6 Install mailcow \u00b6 Follow the mailcow installation . Omit step 5 and do not pull and up with docker compose ! Configure mailcow \u00b6 This is also Step 4 in the official mailcow installation ( nano mailcow.conf ). So change to your needs and alter the following variables: HTTP_PORT=18080 # don't use 8080 as mailman needs it HTTP_BIND=127.0.0.1 # HTTPS_PORT=18443 # you may use 8443 HTTPS_BIND=127.0.0.1 # SKIP_LETS_ENCRYPT=y # reverse proxy will do the SSL termination SNAT_TO_SOURCE=1.2.3.4 # change this to your IPv4 SNAT6_TO_SOURCE=dead:beef # change this to your global IPv6 Add Mailman integration \u00b6 Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano ) and add the following lines: version: '2.1' services: postfix-mailcow: volumes: - /opt/mailman:/opt/mailman networks: - docker-mailman_mailman networks: docker-mailman_mailman: external: true The additional volume is used by Mailman to generate additional config files for mailcow postfix . The external network is build and used by Mailman . mailcow needs it to deliver incoming list mails to Mailman . Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano ) and add the following lines: # mailman recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no local_recipient_maps = regexp:/opt/mailman/core/var/data/postfix_lmtp, proxy:unix:passwd.byname, $alias_maps virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre, pcre:/opt/postfix/conf/local_transport, proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf, regexp:/opt/mailman/core/var/data/postfix_domains relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed. SSL certificates \u00b6 As we proxying mailcow , we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us: Copy the file to /opt/mailcow-dockerized Change mailcow_HOSTNAME to your mailcow hostname Make it executable ( chmod a+x renew-ssl.sh ) Do not run it yet, as we first need Mailman You have to create a cronjob , so that new certificates will be copied. Execute as root or sudo : crontab -e To run the script every day at 5am, add: 0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh Install Mailman \u00b6 Basicly follow the instructions at docker-mailman . As they are a lot, here is in a nuthshell what to do: As root or sudo : cd /opt mkdir -p mailman/core mkdir -p mailman/web git clone https://github.com/maxking/docker-mailman cd docker-mailman Configure Mailman \u00b6 Create a long key for Hyperkitty , e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this key for a moment as HYPERKITTY_KEY. Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this password for a moment as DBPASS. Create a long key for Django , e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this key for a moment as DJANGO_KEY. Create the file /opt/docker-mailman/docker compose.override.yaml and replace HYPERKITTY_KEY , DBPASS and DJANGO_KEY with the generated values: version: '2' services: mailman-core: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - MTA=postfix restart: always networks: - mailman mailman-web: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - SECRET_KEY=DJANGO_KEY - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org - MAILMAN_ADMIN_USER=admin # the admin user - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static restart: always database: environment: - POSTGRES_PASSWORD=DBPASS restart: always At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org ), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL . You need the admin credentials to log into the web interface ( Postorius ). For setting the password for the first time use the Forgot password function in the web interface. About other configuration options read Mailman-web and Mailman-core documentation. Configure Mailman core and Mailman web \u00b6 Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection. [mailman] default_language: de site_owner: mailman@example.org Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection. # locale LANGUAGE_CODE = 'de-de' # disable social authentication MAILMAN_WEB_SOCIAL_AUTH = [] # change it DEFAULT_FROM_EMAIL = 'mailman@example.org' DEBUG = False You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs. \ud83c\udfc3 Run \u00b6 Run (as root or sudo ) a2ensite mailcow.conf a2ensite mailman.conf systemctl restart apache2 cd /opt/docker-mailman docker compose pull docker compose up -d cd /opt/mailcow-dockerized/ docker compose pull ./renew-ssl.sh Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more. Remarks \u00b6 New lists aren't recognized by postfix instantly \u00b6 When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist , because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually: cd /opt/mailcow-dockerized docker compose restart postfix-mailcow Update \u00b6 mailcow has it's own update script in /opt/mailcow-dockerized/update.sh , see the docs . For Mailman just fetch the newest version from the github repository . Backup \u00b6 mailcow has an own backup script. Read the docs for further informations. Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful. ToDo \u00b6 install script \u00b6 Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable. Ask for all the configuration variables and create passwords and keys. Do a (semi-)automatic installation. Have fun!","title":"Mailman 3"},{"location":"third_party/mailman3/third_party-mailman3/#installing-mailcow-and-mailman-3-based-on-dockerized-versions","text":"Info This guide is a copy from dockerized-mailcow-mailman . Please post issues, questions and improvements in the issue tracker there. Warning mailcow is not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity!","title":"Installing mailcow and Mailman 3 based on dockerized versions"},{"location":"third_party/mailman3/third_party-mailman3/#introduction","text":"This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve mailcow and Mailman in their own installations for independent updates. There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of: mailcow-mailman3-dockerized by Shadowghost mailman-mailcow-integration After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends. The operating system used is an Ubuntu 20.04 LTS .","title":"Introduction"},{"location":"third_party/mailman3/third_party-mailman3/#installation","text":"This guide is based on different steps: DNS setup Install Apache as a reverse proxy Obtain SSL certificates with Let's Encrypt Install mailcow with Mailman integration Install Mailman \ud83c\udfc3 Run","title":"Installation"},{"location":"third_party/mailman3/third_party-mailman3/#dns-setup","text":"Most of the configuration is covered by mailcow s DNS setup . After finishing this setup add another subdomain for Mailman , e.g. lists.example.org that points to the same server: # Name Type Value lists IN A 1.2.3.4 lists IN AAAA dead:beef","title":"DNS setup"},{"location":"third_party/mailman3/third_party-mailman3/#install-apache-as-a-reverse-proxy","text":"Install Apache , e.g. with this guide from Digital Ocean : How To Install the Apache Web Server on Ubuntu 20.04 . Activate certain Apache modules (as root or sudo ): a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2 Maybe you have to install further packages to get these modules. This PPA by Ond\u0159ej Sur\u00fd may help you.","title":"Install Apache as a reverse proxy"},{"location":"third_party/mailman3/third_party-mailman3/#vhost-configuration","text":"Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available ). Change in mailcow.conf : - MAILCOW_HOSTNAME to your MAILCOW_HOSTNAME Change in mailman.conf : - MAILMAN_DOMAIN to your Mailman domain (e.g. lists.example.org ) Don't activate the configuration, as the ssl certificates and directories are missing yet.","title":"vHost configuration"},{"location":"third_party/mailman3/third_party-mailman3/#obtain-ssl-certificates-with-lets-encrypt","text":"Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox : https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN Install certbot (as root or sudo ): apt install certbot Get the desired certificates (as root or sudo ): certbot certonly -d MAILCOW_HOSTNAME certbot certonly -d MAILMAN_DOMAIN","title":"Obtain SSL certificates with Let's Encrypt"},{"location":"third_party/mailman3/third_party-mailman3/#install-mailcow-with-mailman-integration","text":"","title":"Install mailcow with Mailman integration"},{"location":"third_party/mailman3/third_party-mailman3/#install-mailcow","text":"Follow the mailcow installation . Omit step 5 and do not pull and up with docker compose !","title":"Install mailcow"},{"location":"third_party/mailman3/third_party-mailman3/#configure-mailcow","text":"This is also Step 4 in the official mailcow installation ( nano mailcow.conf ). So change to your needs and alter the following variables: HTTP_PORT=18080 # don't use 8080 as mailman needs it HTTP_BIND=127.0.0.1 # HTTPS_PORT=18443 # you may use 8443 HTTPS_BIND=127.0.0.1 # SKIP_LETS_ENCRYPT=y # reverse proxy will do the SSL termination SNAT_TO_SOURCE=1.2.3.4 # change this to your IPv4 SNAT6_TO_SOURCE=dead:beef # change this to your global IPv6","title":"Configure mailcow"},{"location":"third_party/mailman3/third_party-mailman3/#add-mailman-integration","text":"Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano ) and add the following lines: version: '2.1' services: postfix-mailcow: volumes: - /opt/mailman:/opt/mailman networks: - docker-mailman_mailman networks: docker-mailman_mailman: external: true The additional volume is used by Mailman to generate additional config files for mailcow postfix . The external network is build and used by Mailman . mailcow needs it to deliver incoming list mails to Mailman . Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano ) and add the following lines: # mailman recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no local_recipient_maps = regexp:/opt/mailman/core/var/data/postfix_lmtp, proxy:unix:passwd.byname, $alias_maps virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre, pcre:/opt/postfix/conf/local_transport, proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf, regexp:/opt/mailman/core/var/data/postfix_domains relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.","title":"Add Mailman integration"},{"location":"third_party/mailman3/third_party-mailman3/#ssl-certificates","text":"As we proxying mailcow , we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us: Copy the file to /opt/mailcow-dockerized Change mailcow_HOSTNAME to your mailcow hostname Make it executable ( chmod a+x renew-ssl.sh ) Do not run it yet, as we first need Mailman You have to create a cronjob , so that new certificates will be copied. Execute as root or sudo : crontab -e To run the script every day at 5am, add: 0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh","title":"SSL certificates"},{"location":"third_party/mailman3/third_party-mailman3/#install-mailman","text":"Basicly follow the instructions at docker-mailman . As they are a lot, here is in a nuthshell what to do: As root or sudo : cd /opt mkdir -p mailman/core mkdir -p mailman/web git clone https://github.com/maxking/docker-mailman cd docker-mailman","title":"Install Mailman"},{"location":"third_party/mailman3/third_party-mailman3/#configure-mailman","text":"Create a long key for Hyperkitty , e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this key for a moment as HYPERKITTY_KEY. Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this password for a moment as DBPASS. Create a long key for Django , e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Save this key for a moment as DJANGO_KEY. Create the file /opt/docker-mailman/docker compose.override.yaml and replace HYPERKITTY_KEY , DBPASS and DJANGO_KEY with the generated values: version: '2' services: mailman-core: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - MTA=postfix restart: always networks: - mailman mailman-web: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - SECRET_KEY=DJANGO_KEY - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org - MAILMAN_ADMIN_USER=admin # the admin user - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static restart: always database: environment: - POSTGRES_PASSWORD=DBPASS restart: always At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org ), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL . You need the admin credentials to log into the web interface ( Postorius ). For setting the password for the first time use the Forgot password function in the web interface. About other configuration options read Mailman-web and Mailman-core documentation.","title":"Configure Mailman"},{"location":"third_party/mailman3/third_party-mailman3/#configure-mailman-core-and-mailman-web","text":"Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection. [mailman] default_language: de site_owner: mailman@example.org Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection. # locale LANGUAGE_CODE = 'de-de' # disable social authentication MAILMAN_WEB_SOCIAL_AUTH = [] # change it DEFAULT_FROM_EMAIL = 'mailman@example.org' DEBUG = False You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs.","title":"Configure Mailman core and Mailman web"},{"location":"third_party/mailman3/third_party-mailman3/#run","text":"Run (as root or sudo ) a2ensite mailcow.conf a2ensite mailman.conf systemctl restart apache2 cd /opt/docker-mailman docker compose pull docker compose up -d cd /opt/mailcow-dockerized/ docker compose pull ./renew-ssl.sh Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.","title":"\ud83c\udfc3 Run"},{"location":"third_party/mailman3/third_party-mailman3/#remarks","text":"","title":"Remarks"},{"location":"third_party/mailman3/third_party-mailman3/#new-lists-arent-recognized-by-postfix-instantly","text":"When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist , because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually: cd /opt/mailcow-dockerized docker compose restart postfix-mailcow","title":"New lists aren't recognized by postfix instantly"},{"location":"third_party/mailman3/third_party-mailman3/#update","text":"mailcow has it's own update script in /opt/mailcow-dockerized/update.sh , see the docs . For Mailman just fetch the newest version from the github repository .","title":"Update"},{"location":"third_party/mailman3/third_party-mailman3/#backup","text":"mailcow has an own backup script. Read the docs for further informations. Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.","title":"Backup"},{"location":"third_party/mailman3/third_party-mailman3/#todo","text":"","title":"ToDo"},{"location":"third_party/mailman3/third_party-mailman3/#install-script","text":"Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable. Ask for all the configuration variables and create passwords and keys. Do a (semi-)automatic installation. Have fun!","title":"install script"},{"location":"third_party/mailpiler/third_party-mailpiler_integration/","text":"This is a simple integration of mailcow aliases and the mailbox name into mailpiler when using IMAP authentication. Disclaimer : This is not officially maintained nor supported by the mailcow project nor its contributors. No warranty or support is being provided, however you're free to open issues on GitHub for filing a bug or provide further ideas. GitHub repo can be found here . Info Support for domain wildcards were implemented in Piler 1.3.10 which was released on 03.01.2021. Prior versions basically do work, but after logging in you won't see emails sent from or to the domain alias. (e.g. when @example.com is an alias for admin@example.com ) The problem to solve \u00b6 mailpiler offers the authentication based on IMAP, for example: $config['ENABLE_IMAP_AUTH'] = 1; $config['IMAP_HOST'] = 'mail.example.com'; $config['IMAP_PORT'] = 993; $config['IMAP_SSL'] = true; So when you log in using patrik@example.com , you will only see delivered emails sent from or to this specific email address. When additional aliases are defined in mailcow, like team@example.com , you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address. By hooking into the authentication process of mailpiler, we are able to get required data via the mailcow API during login. This fires API requests to the mailcow API (requiring read-only API access) to read out the aliases your email address participates and also the \"Name\" of the mailbox specified to display it on the top-right of mailpiler after login. Permitted email addresses can be seen in the mailpiler settings top-right after logging in. Info This is only pulled once during the authentication process. The authorized aliases and the realname are valid for the whole duration of the user session as mailpiler sets them in the session data. If user is removed from specific alias, this will only take effect after next login. The solution \u00b6 Note: File paths might vary depending on your setup. Requirements \u00b6 A working mailcow instance A working mailpiler instance ( You can find an installation guide here , check supported versions here ) An mailcow API key (read-only works just fine): Configuration & Details - Access - Read-Only Access . Don't forget to allow API access from your mailpiler IP. Warning As mailpiler authenticates against mailcow, our IMAP server, failed logins of users or bots might trigger a block for your mailpiler instance. Therefore you might want to consider whitelisting the IP address of the mailpiler instance within mailcow: Configuration & Details - Configuration - Fail2ban parameters - Whitelisted networks/hosts . Setup \u00b6 Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php : $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; $config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; include('auth-mailcow.php'); You can also change the mailcow hostname, if required: $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST'] Download the PHP file with the functions from the GitHub repo : curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php Done! Make sure to re-login with your IMAP credentials for changes to take effect. If it doesn't work, most likely something's wrong with the API query itself. Consider debugging by sending manual API requests to the API. (Tip: Open https://mail.domain.tld/api on your instance)","title":"Mailpiler Integration"},{"location":"third_party/mailpiler/third_party-mailpiler_integration/#the-problem-to-solve","text":"mailpiler offers the authentication based on IMAP, for example: $config['ENABLE_IMAP_AUTH'] = 1; $config['IMAP_HOST'] = 'mail.example.com'; $config['IMAP_PORT'] = 993; $config['IMAP_SSL'] = true; So when you log in using patrik@example.com , you will only see delivered emails sent from or to this specific email address. When additional aliases are defined in mailcow, like team@example.com , you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address. By hooking into the authentication process of mailpiler, we are able to get required data via the mailcow API during login. This fires API requests to the mailcow API (requiring read-only API access) to read out the aliases your email address participates and also the \"Name\" of the mailbox specified to display it on the top-right of mailpiler after login. Permitted email addresses can be seen in the mailpiler settings top-right after logging in. Info This is only pulled once during the authentication process. The authorized aliases and the realname are valid for the whole duration of the user session as mailpiler sets them in the session data. If user is removed from specific alias, this will only take effect after next login.","title":"The problem to solve"},{"location":"third_party/mailpiler/third_party-mailpiler_integration/#the-solution","text":"Note: File paths might vary depending on your setup.","title":"The solution"},{"location":"third_party/mailpiler/third_party-mailpiler_integration/#requirements","text":"A working mailcow instance A working mailpiler instance ( You can find an installation guide here , check supported versions here ) An mailcow API key (read-only works just fine): Configuration & Details - Access - Read-Only Access . Don't forget to allow API access from your mailpiler IP. Warning As mailpiler authenticates against mailcow, our IMAP server, failed logins of users or bots might trigger a block for your mailpiler instance. Therefore you might want to consider whitelisting the IP address of the mailpiler instance within mailcow: Configuration & Details - Configuration - Fail2ban parameters - Whitelisted networks/hosts .","title":"Requirements"},{"location":"third_party/mailpiler/third_party-mailpiler_integration/#setup","text":"Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php : $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; $config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; include('auth-mailcow.php'); You can also change the mailcow hostname, if required: $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST'] Download the PHP file with the functions from the GitHub repo : curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php Done! Make sure to re-login with your IMAP credentials for changes to take effect. If it doesn't work, most likely something's wrong with the API query itself. Consider debugging by sending manual API requests to the API. (Tip: Open https://mail.domain.tld/api on your instance)","title":"Setup"},{"location":"third_party/nextcloud/third_party-nextcloud/","text":"Manage Nextcloud using the helper script \u00b6 Nextcloud can be set up (parameter -i ) and removed (parameter -p ) with the helper script included with mailcow. In order to install Nextcloud simply navigate to your mailcow-dockerized root folder and run the helper script as follows: ./helper-scripts/nextcloud.sh -i In case you have forgotten the password (e.g. for admin) and can't request a new one via the password reset link on the login screen calling the helper script with -r as parameter allows you to set a new password. Only use this option if your Nextcloud isn't configured to use mailcow for authentication as described in the next section. In order for mailcow to generate a a certificate for the nextcloud domain you need to add \"nextcloud.domain.tld\" to ADDITIONAL_SAN in mailcow.conf and run docker compose up -d to apply. For more informaton refer to: Advanced SSL . Background jobs \u00b6 To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml : version: '2.1' services: php-fpm-mailcow: labels: ofelia.enabled: \"true\" ofelia.job-exec.nextcloud-cron.schedule: \"@every 5m\" ofelia.job-exec.nextcloud-cron.command: \"su www-data -s /bin/bash -c \\\"/usr/local/bin/php -f /web/nextcloud/cron.php\\\"\" After adding these lines the docker compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker compose restart ofelia-mailcow . To check if the job was successfully picked up by ofelia the command docker compose logs ofelia-mailcow will contain a line similar to New job registered \"nextcloud-cron\" - ... . By adding these lines the background jobs will be executed every 5 minutes. To verify that the execution works correctly, the only way is to see it in the basic settings when logged in as an admin in Nextcloud. If everything is correct the first scheduled execution will change the background jobs processing setting to (X) Cron and the timestamp after Last job ran will be updated every 5 minutes. Configure Nextcloud to use mailcow for authentication \u00b6 The following describes how set up authentication via mailcow using the OAuth2 protocol. We will only assume that you have already set up Nextcloud at cloud.example.com and that your mailcow is running at mail.example.com . It does not matter if your Nextcloud is running on a different server, you can still use mailcow for authentication. 1. Log into mailcow as administrator. 2. Scroll down to OAuth2 Apps and click the Add button. Specify the redirect URI as https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow and click Add . Save the client ID and secret for later. Info Some installations, including those setup using the helper script of mailcow, need to remove index.php/ from the URL to get a successful redirect: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow 3. Log into Nextcloud as administrator. 4. Click the button in the top right corner and select Apps . Click the search button in the toolbar, search for the Social Login plugin and click Download and enable next to it. 5. Click the button in the top right corner and select Settings . Scroll down to the Administration section on the left and click Social login . 6. Uncheck the following items: \"Disable auto create new users\" \"Allow users to connect social logins with their accounts\" \"Do not prune not available user groups on login\" \"Automatically create groups if they do not exists\" \"Restrict login for users without mapped groups\" 7. Check the following items: \"Prevent creating an account if the email address exists in another account\" \"Update user profile every login\" \"Disable notify admins about new users\" Click the Save button. 8. Scroll down to Custom OAuth2 and click the + button. 9. Configure the parameters as follows: Internal name: Mailcow Title: Mailcow API Base URL: https://mail.example.com Authorize URL: https://mail.example.com/oauth/authorize Token URL: https://mail.example.com/oauth/token Profile URL: https://mail.example.com/oauth/profile Logout URL: (leave blank) Client ID: (what you obtained in step 1) Client Secret: (what you obtained in step 1) Scope: profile Click the Save button at the very bottom of the page. If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2. 1. Click the button in the top right corner and select Apps . Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ): INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users_external; If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2. 1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ): INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users; Update \u00b6 The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. It shows which commands have to be executed, these have to be placed in the php-fpm-mailcow container. As an an example run the following command to add the missing indices. docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c \"php /web/nextcloud/occ db:add-missing-indices\" Debugging & Troubleshooting \u00b6 It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/* . 'trusted_proxies' => array ( 0 => 'fd4d:6169:6c63:6f77::/64', 1 => '172.22.1.0/24', 2 => 'NewSubnet/24', ), After the changes have been made, the nginx container must be restarted. docker compose restart nginx-mailcow","title":"Nextcloud"},{"location":"third_party/nextcloud/third_party-nextcloud/#manage-nextcloud-using-the-helper-script","text":"Nextcloud can be set up (parameter -i ) and removed (parameter -p ) with the helper script included with mailcow. In order to install Nextcloud simply navigate to your mailcow-dockerized root folder and run the helper script as follows: ./helper-scripts/nextcloud.sh -i In case you have forgotten the password (e.g. for admin) and can't request a new one via the password reset link on the login screen calling the helper script with -r as parameter allows you to set a new password. Only use this option if your Nextcloud isn't configured to use mailcow for authentication as described in the next section. In order for mailcow to generate a a certificate for the nextcloud domain you need to add \"nextcloud.domain.tld\" to ADDITIONAL_SAN in mailcow.conf and run docker compose up -d to apply. For more informaton refer to: Advanced SSL .","title":"Manage Nextcloud using the helper script"},{"location":"third_party/nextcloud/third_party-nextcloud/#background-jobs","text":"To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml : version: '2.1' services: php-fpm-mailcow: labels: ofelia.enabled: \"true\" ofelia.job-exec.nextcloud-cron.schedule: \"@every 5m\" ofelia.job-exec.nextcloud-cron.command: \"su www-data -s /bin/bash -c \\\"/usr/local/bin/php -f /web/nextcloud/cron.php\\\"\" After adding these lines the docker compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker compose restart ofelia-mailcow . To check if the job was successfully picked up by ofelia the command docker compose logs ofelia-mailcow will contain a line similar to New job registered \"nextcloud-cron\" - ... . By adding these lines the background jobs will be executed every 5 minutes. To verify that the execution works correctly, the only way is to see it in the basic settings when logged in as an admin in Nextcloud. If everything is correct the first scheduled execution will change the background jobs processing setting to (X) Cron and the timestamp after Last job ran will be updated every 5 minutes.","title":"Background jobs"},{"location":"third_party/nextcloud/third_party-nextcloud/#configure-nextcloud-to-use-mailcow-for-authentication","text":"The following describes how set up authentication via mailcow using the OAuth2 protocol. We will only assume that you have already set up Nextcloud at cloud.example.com and that your mailcow is running at mail.example.com . It does not matter if your Nextcloud is running on a different server, you can still use mailcow for authentication. 1. Log into mailcow as administrator. 2. Scroll down to OAuth2 Apps and click the Add button. Specify the redirect URI as https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow and click Add . Save the client ID and secret for later. Info Some installations, including those setup using the helper script of mailcow, need to remove index.php/ from the URL to get a successful redirect: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow 3. Log into Nextcloud as administrator. 4. Click the button in the top right corner and select Apps . Click the search button in the toolbar, search for the Social Login plugin and click Download and enable next to it. 5. Click the button in the top right corner and select Settings . Scroll down to the Administration section on the left and click Social login . 6. Uncheck the following items: \"Disable auto create new users\" \"Allow users to connect social logins with their accounts\" \"Do not prune not available user groups on login\" \"Automatically create groups if they do not exists\" \"Restrict login for users without mapped groups\" 7. Check the following items: \"Prevent creating an account if the email address exists in another account\" \"Update user profile every login\" \"Disable notify admins about new users\" Click the Save button. 8. Scroll down to Custom OAuth2 and click the + button. 9. Configure the parameters as follows: Internal name: Mailcow Title: Mailcow API Base URL: https://mail.example.com Authorize URL: https://mail.example.com/oauth/authorize Token URL: https://mail.example.com/oauth/token Profile URL: https://mail.example.com/oauth/profile Logout URL: (leave blank) Client ID: (what you obtained in step 1) Client Secret: (what you obtained in step 1) Scope: profile Click the Save button at the very bottom of the page. If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2. 1. Click the button in the top right corner and select Apps . Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ): INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users_external; If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2. 1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ): INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users;","title":"Configure Nextcloud to use mailcow for authentication"},{"location":"third_party/nextcloud/third_party-nextcloud/#update","text":"The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. It shows which commands have to be executed, these have to be placed in the php-fpm-mailcow container. As an an example run the following command to add the missing indices. docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c \"php /web/nextcloud/occ db:add-missing-indices\"","title":"Update"},{"location":"third_party/nextcloud/third_party-nextcloud/#debugging-troubleshooting","text":"It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/* . 'trusted_proxies' => array ( 0 => 'fd4d:6169:6c63:6f77::/64', 1 => '172.22.1.0/24', 2 => 'NewSubnet/24', ), After the changes have been made, the nginx container must be restarted. docker compose restart nginx-mailcow","title":"Debugging & Troubleshooting"},{"location":"third_party/portainer/third_party-portainer/","text":"In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified. 1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration version: '2.1' services: portainer-mailcow: image: portainer/portainer-ce volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data/conf/portainer:/data restart: always dns: - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: aliases: - portainer 2a. Create data/conf/nginx/portainer.conf : upstream portainer { server portainer-mailcow:9000; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } 2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom : location /portainer/ { proxy_http_version 1.1; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_set_header Connection \"\"; proxy_buffers 32 4k; proxy_pass http://portainer/; } location /portainer/api/websocket/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_pass http://portainer/api/websocket/; } 3. Apply your changes: docker compose up -d && docker compose restart nginx-mailcow Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You\u2019ll then be prompted to specify a new password for the admin account. After specifying your password, you\u2019ll then be able to connect to the Portainer UI. Reverse Proxy \u00b6 If you are using a reverse proxy you will have to configure it to properly forward websocket requests. This needs to be done for the docker console and other components to work. Here is an example for Apache: RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P] ","title":"Portainer"},{"location":"third_party/portainer/third_party-portainer/#reverse-proxy","text":"If you are using a reverse proxy you will have to configure it to properly forward websocket requests. This needs to be done for the docker console and other components to work. Here is an example for Apache: RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P] ","title":"Reverse Proxy"},{"location":"third_party/roundcube/third_party-roundcube/","text":"Installing Roundcube \u00b6 Download Roundcube 1.6.x to the web htdocs directory and extract it (here rc/ ): # Check for a newer release! cd data/web wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - # Change folder name mv roundcubemail-1.6.0 rc # Change permissions chown -R root: rc/ If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh . This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. #!/bin/bash apk update apk add aspell-en # or any other language Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false; . array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['enable_installer'] = true; $config['smtp_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['db_prefix'] = 'mailcow_rc1'; Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer. Delete the directory data/web/rc/installer after a successful installation! Configure ManageSieve filtering \u00b6 Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): $config['managesieve_host'] = 'tls://dovecot:4190'; $config['managesieve_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); // Enables separate management interface for vacation responses (out-of-office) // 0 - no separate section (default), // 1 - add Vacation section, // 2 - add Vacation section, but hide Filters section $config['managesieve_vacation'] = 1; Enable change password function in Roundcube \u00b6 Open data/web/rc/config/config.inc.php and enable the password plugin: ... $config['plugins'] = array( 'archive', 'password', ); ... Open data/web/rc/plugins/password/password.php , search for case 'ssha': and add above: case 'ssha256': $salt = rcube_utils::random_bytes(8); $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); $prefix = '{SSHA256}'; break; Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file): $config['password_driver'] = 'sql'; $config['password_algorithm'] = 'ssha256'; $config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_query'] = \"UPDATE mailbox SET password = %P WHERE username = %u\"; Integrate CardDAV addressbooks in Roundcube \u00b6 Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins ): cd data/web/rc/plugins wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz - chown -R root: carddav/ Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav ) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: $prefs['SOGo'] = array( 'name' => 'SOGo', 'username' => '%u', 'password' => '%p', 'url' => 'https://mx.example.org/SOGo/dav/%u/', 'carddav_name_only' => true, 'use_categories' => true, 'active' => true, 'readonly' => false, 'refresh_time' => '02:00:00', 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), 'hide' => false, ); Please note, that this preset only integrates the default addressbook (the one that's named \"Personal Address Book\" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings. Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php . If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php . Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block: NOTE: Don't forget to add the 'SOGo', 'link' => '/SOGo/' ), array( 'name' => 'Roundcube', 'link' => '/rc/' ) ); ... Upgrading Roundcube \u00b6 Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the \"complete.tar.gz\" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed. # Enter a bash session of the mailcow PHP container docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash # Install required upgrade dependency, then upgrade Roundcube to wanted release apk add rsync cd /tmp wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - cd roundcubemail-1.6.0 bin/installto.sh /web/rc # Type 'Y' and press enter to upgrade your install of Roundcube # Type 'N' to \"Do you want me to fix your local configuration\" if prompted # If you see \"NOTICE: Update dependencies by running php composer.phar update --no-dev\" just download composer.phar and run it: cd /web/rc wget https://getcomposer.org/download/2.4.2/composer.phar php composer.phar update --no-dev # When asked \"Do you trust \"roundcube/plugin-installer\" to execute code and wish to enable it now? (writes \"allow-plugins\" to composer.json) [y,n,d,?] \" hit y and continue. # Remove leftover files cd /tmp rm -rf roundcube* # If you're going from 1.5 to 1.6 please run the config file changes below sed -i \"s/\\$config\\['default_host'\\].*$/\\$config\\['imap_host'\\]\\ =\\ 'tls:\\/\\/dovecot:143'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['default_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['smtp_server'\\].*$/\\$config\\['smtp_host'\\]\\ =\\ 'tls:\\/\\/postfix:587'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['smtp_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['managesieve_host'\\].*$/\\$config\\['managesieve_host'\\]\\ =\\ 'tls:\\/\\/dovecot:4190'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['managesieve_port'\\].*$/d\" /web/rc/config/config.inc.php Let admins log into Roundcube without password \u00b6 First, install plugin dovecot_impersonate and add Roundcube as an app (see above). Edit mailcow.conf and add the following: # Allow admins to log into Roundcube as email user (without any password) # Roundcube with plugin dovecot_impersonate must be installed first ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow : version: '2.1' services: php-fpm-mailcow: environment: - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... } if ( ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE ) { item . action += ' Roundcube' ; } Edit data/web/mailbox.php and add this line to array $template_data : 'allow_admin_email_login_roundcube' => (preg_match(\"/^(yes|y)+$/i\", $_ENV[\"ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE\"])) ? 'true' : 'false', Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section : var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }}; Copy the contents of the following files from this Snippet : data/web/inc/lib/RoundcubeAutoLogin.php data/web/rc-auth.php Finally, restart mailcow docker compose down docker compose up -d","title":"Roundcube"},{"location":"third_party/roundcube/third_party-roundcube/#installing-roundcube","text":"Download Roundcube 1.6.x to the web htdocs directory and extract it (here rc/ ): # Check for a newer release! cd data/web wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - # Change folder name mv roundcubemail-1.6.0 rc # Change permissions chown -R root: rc/ If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh . This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. #!/bin/bash apk update apk add aspell-en # or any other language Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false; . array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['enable_installer'] = true; $config['smtp_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['db_prefix'] = 'mailcow_rc1'; Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer. Delete the directory data/web/rc/installer after a successful installation!","title":"Installing Roundcube"},{"location":"third_party/roundcube/third_party-roundcube/#configure-managesieve-filtering","text":"Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): $config['managesieve_host'] = 'tls://dovecot:4190'; $config['managesieve_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); // Enables separate management interface for vacation responses (out-of-office) // 0 - no separate section (default), // 1 - add Vacation section, // 2 - add Vacation section, but hide Filters section $config['managesieve_vacation'] = 1;","title":"Configure ManageSieve filtering"},{"location":"third_party/roundcube/third_party-roundcube/#enable-change-password-function-in-roundcube","text":"Open data/web/rc/config/config.inc.php and enable the password plugin: ... $config['plugins'] = array( 'archive', 'password', ); ... Open data/web/rc/plugins/password/password.php , search for case 'ssha': and add above: case 'ssha256': $salt = rcube_utils::random_bytes(8); $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); $prefix = '{SSHA256}'; break; Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file): $config['password_driver'] = 'sql'; $config['password_algorithm'] = 'ssha256'; $config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_query'] = \"UPDATE mailbox SET password = %P WHERE username = %u\";","title":"Enable change password function in Roundcube"},{"location":"third_party/roundcube/third_party-roundcube/#integrate-carddav-addressbooks-in-roundcube","text":"Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins ): cd data/web/rc/plugins wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz - chown -R root: carddav/ Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav ) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: $prefs['SOGo'] = array( 'name' => 'SOGo', 'username' => '%u', 'password' => '%p', 'url' => 'https://mx.example.org/SOGo/dav/%u/', 'carddav_name_only' => true, 'use_categories' => true, 'active' => true, 'readonly' => false, 'refresh_time' => '02:00:00', 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), 'hide' => false, ); Please note, that this preset only integrates the default addressbook (the one that's named \"Personal Address Book\" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings. Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php . If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php . Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block: NOTE: Don't forget to add the 'SOGo', 'link' => '/SOGo/' ), array( 'name' => 'Roundcube', 'link' => '/rc/' ) ); ...","title":"Integrate CardDAV addressbooks in Roundcube"},{"location":"third_party/roundcube/third_party-roundcube/#upgrading-roundcube","text":"Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the \"complete.tar.gz\" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed. # Enter a bash session of the mailcow PHP container docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash # Install required upgrade dependency, then upgrade Roundcube to wanted release apk add rsync cd /tmp wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - cd roundcubemail-1.6.0 bin/installto.sh /web/rc # Type 'Y' and press enter to upgrade your install of Roundcube # Type 'N' to \"Do you want me to fix your local configuration\" if prompted # If you see \"NOTICE: Update dependencies by running php composer.phar update --no-dev\" just download composer.phar and run it: cd /web/rc wget https://getcomposer.org/download/2.4.2/composer.phar php composer.phar update --no-dev # When asked \"Do you trust \"roundcube/plugin-installer\" to execute code and wish to enable it now? (writes \"allow-plugins\" to composer.json) [y,n,d,?] \" hit y and continue. # Remove leftover files cd /tmp rm -rf roundcube* # If you're going from 1.5 to 1.6 please run the config file changes below sed -i \"s/\\$config\\['default_host'\\].*$/\\$config\\['imap_host'\\]\\ =\\ 'tls:\\/\\/dovecot:143'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['default_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['smtp_server'\\].*$/\\$config\\['smtp_host'\\]\\ =\\ 'tls:\\/\\/postfix:587'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['smtp_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['managesieve_host'\\].*$/\\$config\\['managesieve_host'\\]\\ =\\ 'tls:\\/\\/dovecot:4190'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['managesieve_port'\\].*$/d\" /web/rc/config/config.inc.php","title":"Upgrading Roundcube"},{"location":"third_party/roundcube/third_party-roundcube/#let-admins-log-into-roundcube-without-password","text":"First, install plugin dovecot_impersonate and add Roundcube as an app (see above). Edit mailcow.conf and add the following: # Allow admins to log into Roundcube as email user (without any password) # Roundcube with plugin dovecot_impersonate must be installed first ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow : version: '2.1' services: php-fpm-mailcow: environment: - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... } if ( ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE ) { item . action += ' Roundcube' ; } Edit data/web/mailbox.php and add this line to array $template_data : 'allow_admin_email_login_roundcube' => (preg_match(\"/^(yes|y)+$/i\", $_ENV[\"ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE\"])) ? 'true' : 'false', Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section : var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }}; Copy the contents of the following files from this Snippet : data/web/inc/lib/RoundcubeAutoLogin.php data/web/rc-auth.php Finally, restart mailcow docker compose down docker compose up -d","title":"Let admins log into Roundcube without password"},{"location":"troubleshooting/debug-admin_login_sogo/","text":"This is an experimental feature that allows admins and domain admins to directly log into SOGo as a mailbox user, without knowing the users password. For this, an additional link to SOGo is displayed in the mailbox list (mailcow UI). Multiple concurrent admin-logins to different mailboxes are also possible when using this feature. Enabling the feature \u00b6 The feature is disabled by default. It can be enabled in the mailcow.conf by setting: ALLOW_ADMIN_EMAIL_LOGIN=y and recreating the affected containers with docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Drawbacks when enabled \u00b6 Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. This might impact load-times of SOGo / EAS. In most cases, this should not be noticeable but should be kept in mind if you face any performance issues. SOGo will not display a logout link for admin-logins, to login normally one has to logout from the mailcow UI so the PHP session is destroyed. Subscribing to another user's calendar or address book while logged in as admin does not work. Neither does inviting other users to calendar events. The page will reload when these things are attempted. Technical details \u00b6 SOGoTrustProxyAuthentication option is set to YES which makes SOGo trust the x-webobjects-remote-user header. Dovecot will receive a random master-password which is valid for all mailboxes when used by the SOGo container. Clicking on the SOGo button in the mailbox list will open sogo-auth.php which checks permissions, sets session variables and redirects to the SOGo mailbox. Each SOGo, CardDAV, CalDAV and EAS http request will cause an additional, nginx internal auth_request call to sogo-auth.php with the following behavior: If a basic_auth header is present, the script will validate the credentials in place of SOGo and provide the following headers: x-webobjects-remote-user , Authorization and x-webobjects-auth-type . If no basic_auth header is present, the script will check for an active mailcow admin session for the requested email user and provide the same headers but with the dovecot master password used in the Authorization header. If both fails the headers will be set empty, which makes SOGo use its standard authentication methods. All of these options / behaviors are disabled if the ALLOW_ADMIN_EMAIL_LOGIN is not enabled in the config.","title":"Admin login to SOGo"},{"location":"troubleshooting/debug-admin_login_sogo/#enabling-the-feature","text":"The feature is disabled by default. It can be enabled in the mailcow.conf by setting: ALLOW_ADMIN_EMAIL_LOGIN=y and recreating the affected containers with docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Enabling the feature"},{"location":"troubleshooting/debug-admin_login_sogo/#drawbacks-when-enabled","text":"Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. This might impact load-times of SOGo / EAS. In most cases, this should not be noticeable but should be kept in mind if you face any performance issues. SOGo will not display a logout link for admin-logins, to login normally one has to logout from the mailcow UI so the PHP session is destroyed. Subscribing to another user's calendar or address book while logged in as admin does not work. Neither does inviting other users to calendar events. The page will reload when these things are attempted.","title":"Drawbacks when enabled"},{"location":"troubleshooting/debug-admin_login_sogo/#technical-details","text":"SOGoTrustProxyAuthentication option is set to YES which makes SOGo trust the x-webobjects-remote-user header. Dovecot will receive a random master-password which is valid for all mailboxes when used by the SOGo container. Clicking on the SOGo button in the mailbox list will open sogo-auth.php which checks permissions, sets session variables and redirects to the SOGo mailbox. Each SOGo, CardDAV, CalDAV and EAS http request will cause an additional, nginx internal auth_request call to sogo-auth.php with the following behavior: If a basic_auth header is present, the script will validate the credentials in place of SOGo and provide the following headers: x-webobjects-remote-user , Authorization and x-webobjects-auth-type . If no basic_auth header is present, the script will check for an active mailcow admin session for the requested email user and provide the same headers but with the dovecot master password used in the Authorization header. If both fails the headers will be set empty, which makes SOGo use its standard authentication methods. All of these options / behaviors are disabled if the ALLOW_ADMIN_EMAIL_LOGIN is not enabled in the config.","title":"Technical details"},{"location":"troubleshooting/debug-attach_service/","text":"Attaching a Container to your Shell \u00b6 To attach a container to your shell you can simply run docker compose (Plugin) docker-compose (Standalone) docker compose exec $Dienst_Name /bin/bash docker-compose exec $Dienst_Name /bin/bash Connecting to Services \u00b6 If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment. MySQL \u00b6 docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME } source mailcow.conf docker-compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME } Redis \u00b6 docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli Service Descriptions \u00b6 Here is a brief overview of what container / service does what: Service Name Service Descriptions unbound-mailcow Local (DNSSEC) DNS Resolver mysql-mailcow Stores SOGo's and most of mailcow's settings postfix-mailcow Receives and sends mails dovecot-mailcow User logins and sieve filter redis-mailcow Storage back-end for DKIM keys and Rspamd rspamd-mailcow Mail filtering system. Used for av handling, dkim signing, spam handling clamd-mailcow Scans attachments for viruses olefy-mailcow Scans attached office documents for macro-viruses solr-mailcow Provides full-text search in Dovecot sogo-mailcow Webmail client that handles Microsoft ActiveSync and Cal- / CardDav nginx-mailcow Nginx remote proxy that handles all mailcow related HTTP / HTTPS requests acme-mailcow Automates HTTPS (SSL/TLS) certificate deployment memcached-mailcow Internal caching system for mailcow services watchdog-mailcow Allows the monitoring of docker containers / services php-fpm-mailcow Powers the mailcow web UI netfilter-mailcow Fail2Ban like integration","title":"Attach to a Container"},{"location":"troubleshooting/debug-attach_service/#attaching-a-container-to-your-shell","text":"To attach a container to your shell you can simply run docker compose (Plugin) docker-compose (Standalone) docker compose exec $Dienst_Name /bin/bash docker-compose exec $Dienst_Name /bin/bash","title":"Attaching a Container to your Shell"},{"location":"troubleshooting/debug-attach_service/#connecting-to-services","text":"If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.","title":"Connecting to Services"},{"location":"troubleshooting/debug-attach_service/#mysql","text":"docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME } source mailcow.conf docker-compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME }","title":"MySQL"},{"location":"troubleshooting/debug-attach_service/#redis","text":"docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli","title":"Redis"},{"location":"troubleshooting/debug-attach_service/#service-descriptions","text":"Here is a brief overview of what container / service does what: Service Name Service Descriptions unbound-mailcow Local (DNSSEC) DNS Resolver mysql-mailcow Stores SOGo's and most of mailcow's settings postfix-mailcow Receives and sends mails dovecot-mailcow User logins and sieve filter redis-mailcow Storage back-end for DKIM keys and Rspamd rspamd-mailcow Mail filtering system. Used for av handling, dkim signing, spam handling clamd-mailcow Scans attachments for viruses olefy-mailcow Scans attached office documents for macro-viruses solr-mailcow Provides full-text search in Dovecot sogo-mailcow Webmail client that handles Microsoft ActiveSync and Cal- / CardDav nginx-mailcow Nginx remote proxy that handles all mailcow related HTTP / HTTPS requests acme-mailcow Automates HTTPS (SSL/TLS) certificate deployment memcached-mailcow Internal caching system for mailcow services watchdog-mailcow Allows the monitoring of docker containers / services php-fpm-mailcow Powers the mailcow web UI netfilter-mailcow Fail2Ban like integration","title":"Service Descriptions"},{"location":"troubleshooting/debug-common_problems/","text":"Here we list common problems and possible solutions: Mail loops back to myself \u00b6 Please check in your mailcow UI if you made the domain a backup MX : I can receive but not send mails \u00b6 There are a lot of things that could prevent you from sending mail: Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address. There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587 : # telnet 74.125.133.27 465 Trying 74.125.133.27... Connected to 74.125.133.27. Escape character is '^]'. My mails are identified as Spam \u00b6 Please read our guide on DNS configuration . docker compose throws weird errors \u00b6 ... like: ERROR: Invalid interpolation format ... AttributeError: 'NoneType' object has no attribute 'keys' . ERROR: In file './docker-compose.yml' service 'version' doesn't have any configuration options . When you encounter one or similar messages while trying to run mailcow: dockerized please check if you have the latest version of Docker and docker compose Container XY is unhealthy \u00b6 This error tries to tell you that one of the (health) conditions for a certain container are not met. Therefore it can't be started. This can have several reasons, the most common one is an updated git clone but old docker image or vice versa. A wrong configured firewall could also cause such a failure. The containers need to be able to talk to each other over the network 172.22.1.1/24. It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from. Address already in use \u00b6 If you get an error message like: ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites . XYZ can't connect to ... \u00b6 Please check your local firewall! Docker and iptables-based firewalls sometimes create conflicting rules, so disable the firewall on your host to determine whether your connection issues are caused by such conflicts. If they are, you need to manually create appropriate rules in your host firewall to permit the necessary connections. If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25). While Linux users can chose from a variety of tools 1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default. To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges : dism /online /Enable-Feature /FeatureName:TelnetClient Inotify instance limit for user 5000 (UID vmail) exceeded ( see #453 ) \u00b6 Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container. Dovecot keeps restarting (see #2672 ) \u00b6 Check that you have at least the following files in data/assets/ssl : cert.pem dhparams.pem key.pem If dhparams.pem is missing, you can generate it with openssl dhparam -out data/assets/ssl/dhparams.pem 4096 netcat , nmap , openssl , telnet , etc. \u21a9","title":"Common Problems"},{"location":"troubleshooting/debug-common_problems/#mail-loops-back-to-myself","text":"Please check in your mailcow UI if you made the domain a backup MX :","title":"Mail loops back to myself"},{"location":"troubleshooting/debug-common_problems/#i-can-receive-but-not-send-mails","text":"There are a lot of things that could prevent you from sending mail: Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address. There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587 : # telnet 74.125.133.27 465 Trying 74.125.133.27... Connected to 74.125.133.27. Escape character is '^]'.","title":"I can receive but not send mails"},{"location":"troubleshooting/debug-common_problems/#my-mails-are-identified-as-spam","text":"Please read our guide on DNS configuration .","title":"My mails are identified as Spam"},{"location":"troubleshooting/debug-common_problems/#docker-compose-throws-weird-errors","text":"... like: ERROR: Invalid interpolation format ... AttributeError: 'NoneType' object has no attribute 'keys' . ERROR: In file './docker-compose.yml' service 'version' doesn't have any configuration options . When you encounter one or similar messages while trying to run mailcow: dockerized please check if you have the latest version of Docker and docker compose","title":"docker compose throws weird errors"},{"location":"troubleshooting/debug-common_problems/#container-xy-is-unhealthy","text":"This error tries to tell you that one of the (health) conditions for a certain container are not met. Therefore it can't be started. This can have several reasons, the most common one is an updated git clone but old docker image or vice versa. A wrong configured firewall could also cause such a failure. The containers need to be able to talk to each other over the network 172.22.1.1/24. It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.","title":"Container XY is unhealthy"},{"location":"troubleshooting/debug-common_problems/#address-already-in-use","text":"If you get an error message like: ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites .","title":"Address already in use"},{"location":"troubleshooting/debug-common_problems/#xyz-cant-connect-to","text":"Please check your local firewall! Docker and iptables-based firewalls sometimes create conflicting rules, so disable the firewall on your host to determine whether your connection issues are caused by such conflicts. If they are, you need to manually create appropriate rules in your host firewall to permit the necessary connections. If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25). While Linux users can chose from a variety of tools 1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default. To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges : dism /online /Enable-Feature /FeatureName:TelnetClient","title":"XYZ can't connect to ..."},{"location":"troubleshooting/debug-common_problems/#inotify-instance-limit-for-user-5000-uid-vmail-exceeded-see-453","text":"Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.","title":"Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)"},{"location":"troubleshooting/debug-common_problems/#dovecot-keeps-restarting-see-2672","text":"Check that you have at least the following files in data/assets/ssl : cert.pem dhparams.pem key.pem If dhparams.pem is missing, you can generate it with openssl dhparam -out data/assets/ssl/dhparams.pem 4096 netcat , nmap , openssl , telnet , etc. \u21a9","title":"Dovecot keeps restarting (see #2672)"},{"location":"troubleshooting/debug-logs/","text":"Warning This section only applies for Dockers default logging driver (JSON). To view the logs of all mailcow: dockerized related containers, you can use docker compose logs inside your mailcow-dockerized folder that contains your mailcow.conf . This is usually a bit much, but you could trim the output with --tail=100 to the last 100 lines per container, or add a -f to follow the live output of all your services. To view the logs of a specific service you can use docker compose logs [options] $service_name Info The available options for the command docker compose logs are: --no-color : Produce monochrome output. -f : Follow the log output. -t : Show timestamps. --tail=\"all\" : Number of lines to show from the end of the logs for each container.","title":"Logs"},{"location":"troubleshooting/debug-mysql_aria/","text":"MariaDB: Aria recovery after crash \u00b6 If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state: Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker compose ps . Now run the following commands: # Stop the stack, don't run \"down\" docker compose stop # Run a bash in the stopped container as user mysql docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql bash\"' mysql-mailcow # cd to the SQL data directory cd /var/lib/mysql # Run aria_chk aria_chk --check --force */*.MAI # Delete aria log files rm aria_log.* Now run docker compose down followed by docker compose up -d .","title":"Recover crashed Aria storage engine"},{"location":"troubleshooting/debug-mysql_aria/#mariadb-aria-recovery-after-crash","text":"If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state: Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker compose ps . Now run the following commands: # Stop the stack, don't run \"down\" docker compose stop # Run a bash in the stopped container as user mysql docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql bash\"' mysql-mailcow # cd to the SQL data directory cd /var/lib/mysql # Run aria_chk aria_chk --check --force */*.MAI # Delete aria log files rm aria_log.* Now run docker compose down followed by docker compose up -d .","title":"MariaDB: Aria recovery after crash"},{"location":"troubleshooting/debug-mysql_upgrade/","text":"Run a manual mysql_upgrade \u00b6 This step is usually not necessary. docker compose stop mysql-mailcow watchdog-mailcow docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0\"' mysql-mailcow As soon as the SQL shell spawned, run mysql_upgrade and exit the container: mysql_upgrade exit","title":"Manual MySQL upgrade"},{"location":"troubleshooting/debug-mysql_upgrade/#run-a-manual-mysql_upgrade","text":"This step is usually not necessary. docker compose stop mysql-mailcow watchdog-mailcow docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0\"' mysql-mailcow As soon as the SQL shell spawned, run mysql_upgrade and exit the container: mysql_upgrade exit","title":"Run a manual mysql_upgrade"},{"location":"troubleshooting/debug-reset_pw/","text":"mailcow Admin Account \u00b6 Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path). cd mailcow_path ./helper-scripts/mailcow-reset-admin.sh Reset MySQL Passwords \u00b6 Stop the stack by running docker compose stop . When the containers came to a stop, run this command: docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0\"' mysql-mailcow 1. Find database name \u00b6 # source mailcow.conf # docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mailcow_database | <===== | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) 2. Reset one or more users \u00b6 2.1 Maria DB < 10.4 (older mailcow installations) \u00b6 Both \"password\" and \"authentication_string\" exist. Currently \"password\" is used, but better set both. MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES; 2.2 Maria DB >= 10.4 (current mailcows) \u00b6 MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES; Remove Two-Factor Authentication \u00b6 For mailcow WebUI: \u00b6 This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI: source mailcow.conf docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e \"DELETE FROM tfa WHERE username='YOUR_USERNAME';\" For SOGo: \u00b6 docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{\"SOGoGoogleAuthenticatorEnabled\":0}'","title":"Reset Passwords (incl. SQL)"},{"location":"troubleshooting/debug-reset_pw/#mailcow-admin-account","text":"Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path). cd mailcow_path ./helper-scripts/mailcow-reset-admin.sh","title":"mailcow Admin Account"},{"location":"troubleshooting/debug-reset_pw/#reset-mysql-passwords","text":"Stop the stack by running docker compose stop . When the containers came to a stop, run this command: docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0\"' mysql-mailcow","title":"Reset MySQL Passwords"},{"location":"troubleshooting/debug-reset_pw/#1-find-database-name","text":"# source mailcow.conf # docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mailcow_database | <===== | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec)","title":"1. Find database name"},{"location":"troubleshooting/debug-reset_pw/#2-reset-one-or-more-users","text":"","title":"2. Reset one or more users"},{"location":"troubleshooting/debug-reset_pw/#21-maria-db-104-older-mailcow-installations","text":"Both \"password\" and \"authentication_string\" exist. Currently \"password\" is used, but better set both. MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES;","title":"2.1 Maria DB < 10.4 (older mailcow installations)"},{"location":"troubleshooting/debug-reset_pw/#22-maria-db-104-current-mailcows","text":"MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES;","title":"2.2 Maria DB >= 10.4 (current mailcows)"},{"location":"troubleshooting/debug-reset_pw/#remove-two-factor-authentication","text":"","title":"Remove Two-Factor Authentication"},{"location":"troubleshooting/debug-reset_pw/#for-mailcow-webui","text":"This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI: source mailcow.conf docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e \"DELETE FROM tfa WHERE username='YOUR_USERNAME';\"","title":"For mailcow WebUI:"},{"location":"troubleshooting/debug-reset_pw/#for-sogo","text":"docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{\"SOGoGoogleAuthenticatorEnabled\":0}'","title":"For SOGo:"},{"location":"troubleshooting/debug-reset_tls/","text":"In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets: source mailcow.conf docker compose down rm -rf data/assets/ssl mkdir data/assets/ssl openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj \"/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}\" -sha256 -nodes cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ docker compose up -d This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow. If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later. Please also note that previous TLSA records will be invalid.","title":"Reset TLS certificates"},{"location":"troubleshooting/debug-rm_volumes/","text":"You may want to remove a set of persistent data to resolve a conflict or to start over. mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list. Delete a single volume: docker volume rm mailcowdockerized_${VOLUME_NAME} Remove volume mysql-vol-1 to remove all MySQL data. Remove volume redis-vol-1 to remove all Redis data. Remove volume vmail-vol-1 to remove all contents of /var/vmail mounted to dovecot-mailcow . Remove volume rspamd-vol-1 to remove all Rspamd data. Remove volume crypt-vol-1 to remove all crypto data. This will render all mails unreadable. Alternatively, running docker compose down -v will destroy all mailcow: dockerized volumes and delete any related containers and networks.","title":"Remove Persistent Data"},{"location":"troubleshooting/debug-rspamd_memory_leaks/","text":"A quick guide to deeply analyze a malfunctioning Rspamd. docker compose exec rspamd-mailcow bash if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list fi apt-get update ; apt-get upgrade rspamd nano /docker-entrypoint.sh # Before \"exec \"$@\"\" add the following lines: export G_SLICE=always-malloc export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0 Restart Rspamd: docker compose restart rspamd-mailcow Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for. Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to \"happen\") and restart it: docker compose restart rspamd-mailcow . Now enter the container by running docker compose exec rspamd-mailcow bash , change the directory to /tmp and copy the asan Files to your desired location or upload them via termbin.com ( cat /tmp/rspamd-asan.* | nc termbin.com 9999 ).","title":"Advanced: Find memory leaks in Rspamd"},{"location":"troubleshooting/debug/","text":"When a problem occurs, then always for a reason! What you want to do in such a case is: Read your logs; follow them to see what the reason for your problem is. Follow the leads given to you in your logfiles and start investigating. Restarting the troubled service or the whole stack to see if the problem persists. Read the documentation of the troubled service and search it's bugtracker for your problem. Search our issues for your problem. Create an issue over at our GitHub repository if you think your problem might be a bug or a missing feature you badly need. But please make sure, that you include all the logs and a full description to your problem. Please do not ask for support on Git. Join our Telegram community or find the official support packages at Servercow . Alternatively ask Twitter and tag us with @mailcow_email","title":"Introduction"},{"location":"de/","text":"\ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95 \u00b6 Unterst\u00fctzen Sie das mailcow Projekt \u00b6 Bitte erw\u00e4gen Sie einen Supportvertrag gegen eine geringe monatliche Geb\u00fchr unter Servercow , um die weitere Entwicklung zu unterst\u00fctzen. Wir unterst\u00fctzen Sie , w\u00e4hrend Sie uns unterst\u00fctzen. :) Wenn Sie super toll sind und uns ohne Vertrag unterst\u00fctzen m\u00f6chten, k\u00f6nnen Sie eine SAL-Lizenz erhalten, die Ihre Unterst\u00fctzung best\u00e4tigt (kaufbar als flexible Einmalzahlung) bei Servercow . Support erhalten \u00b6 Es gibt zwei M\u00f6glichkeiten, Support f\u00fcr Ihre mailcow-Installation zu erhalten. Kommerzieller Support \u00b6 F\u00fcr professionellen und priorisierten kommerziellen Support k\u00f6nnen Sie ein Basis-Support-Abonnement unter Servercow abschlie\u00dfen. F\u00fcr kundenspezifische Anfragen oder Fragen kontaktieren Sie uns stattdessen bitte unter info@servercow.de . Dar\u00fcber hinaus bieten wir auch eine voll ausgestattete und verwaltete managed mailcow an. Auf diese Weise k\u00fcmmern wir uns um alles technische und Sie k\u00f6nnen Ihr ganzes Mail-Erlebnis auf eine problemlose Weise genie\u00dfen. Community-Unterst\u00fctzung und Chat \u00b6 Die andere Alternative ist unser kostenloser Community-Support auf unseren verschiedenen Kan\u00e4len unten. Bitte beachten Sie, dass dieser Support von unserer gro\u00dfartigen Community rund um mailcow betrieben wird. Diese Art von Support ist best-effort, freiwillig und es gibt keine Garantie f\u00fcr irgendetwas. Unsere mailcow Community @ community.mailcow.email Telegram (Support) @ t.me/mailcow . Telegram (Off-Topic) @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram Desktop-Clients sind f\u00fcr mehrere Plattformen verf\u00fcgbar. Sie k\u00f6nnen den Gruppenverlauf nach Stichworten durchsuchen. Nur f\u00fcr Bug Tracking, Feature Requests und Codebeitr\u00e4ge : GitHub @ mailcow/mailcow-dockerized Demos \u00b6 Seit September 2022 stellen wir zwei Verschiedene Demos bereit: demo.mailcow.email ist die altbekannte Demo, welche sich am Stabilen Stand der mailcow orrientiert. nightly-demo.mailcow.email ist die neue Nightly Demo , welche Testfunktionen beherbergt. (Also insbesondere f\u00fcr alle interessant, die keine M\u00f6glichkeit haben sich eine Testinstanz selbst zu erstellen.) Die folgenden Anmeldedaten f\u00fcrs Login funktionieren bei beiden Varianten: Administrator : admin / moohoo Dom\u00e4nen-Administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo Besonderheit Die Demo Instanzen erhalten die neusten Updates direkt nach Release von GitHub. Vollautomatisch, ohne Downtime! \u00dcberblick \u00b6 Die integrierte mailcow UI erm\u00f6glicht administrative Arbeiten auf Ihrer Mailserver-Instanz sowie einen getrennten Domain-Administrator- und Mailbox-Benutzer-Zugriff: DKIM und ARC Unterst\u00fctzung Black- und Whitelists pro Domain und pro Benutzer Spam-Score-Verwaltung pro Benutzer (Spam ablehnen, Spam markieren, Greylist) Erlauben Sie Mailbox-Benutzern, tempor\u00e4re Spam-Aliase zu erstellen Voranstellen von E-Mail-Tags an den Betreff oder Verschieben von E-Mails in Unterordner (pro Benutzer) Mailbox-Benutzer k\u00f6nnen die TLS-Durchsetzung f\u00fcr eingehende und ausgehende Nachrichten umschalten Benutzer k\u00f6nnen die Caches von SOGo ActiveSync-Ger\u00e4ten zur\u00fccksetzen imapsync, um entfernte Postf\u00e4cher regelm\u00e4\u00dfig zu migrieren oder abzurufen TFA: Yubikey OTP und U2F USB (nur Google Chrome und Derivate), TOTP Hinzuf\u00fcgen von Dom\u00e4nen, Postf\u00e4chern, Aliasen, Dom\u00e4nenaliasen und SOGo-Ressourcen Hinzuf\u00fcgen von Whitelist-Hosts zur Weiterleitung von Mails an mailcow Fail2ban-\u00e4hnliche Integration Quarant\u00e4ne-System Antivirus-Scanning inkl. Makro-Scanning in Office-Dokumenten Integrierte Basis\u00fcberwachung Eine Menge mehr... mailcow: dockerized kommt mit mehreren Containern, die in einem \u00fcberbr\u00fcckten Netzwerk verbunden sind. Jeder Container repr\u00e4sentiert eine einzelne Anwendung. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-\u00e4hnliche Integration von @mkuron ) Nginx Oletools \u00fcber Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound Ein Watchdog f\u00fcr die grundlegende \u00dcberwachung Achtung Die Mails werden komprimiert und verschl\u00fcsselt gespeichert. Das Schl\u00fcsselpaar ist in crypt-vol-1 zu finden. Bitte vergessen Sie nicht, dieses zu sichern. Docker-Volumes zur Aufbewahrung dynamischer Daten - k\u00fcmmern Sie sich um sie! clamd-db-vol-1 crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"Informationen & Support"},{"location":"de/#unterstutzen-sie-das-mailcow-projekt","text":"Bitte erw\u00e4gen Sie einen Supportvertrag gegen eine geringe monatliche Geb\u00fchr unter Servercow , um die weitere Entwicklung zu unterst\u00fctzen. Wir unterst\u00fctzen Sie , w\u00e4hrend Sie uns unterst\u00fctzen. :) Wenn Sie super toll sind und uns ohne Vertrag unterst\u00fctzen m\u00f6chten, k\u00f6nnen Sie eine SAL-Lizenz erhalten, die Ihre Unterst\u00fctzung best\u00e4tigt (kaufbar als flexible Einmalzahlung) bei Servercow .","title":"Unterst\u00fctzen Sie das mailcow Projekt"},{"location":"de/#support-erhalten","text":"Es gibt zwei M\u00f6glichkeiten, Support f\u00fcr Ihre mailcow-Installation zu erhalten.","title":"Support erhalten"},{"location":"de/#kommerzieller-support","text":"F\u00fcr professionellen und priorisierten kommerziellen Support k\u00f6nnen Sie ein Basis-Support-Abonnement unter Servercow abschlie\u00dfen. F\u00fcr kundenspezifische Anfragen oder Fragen kontaktieren Sie uns stattdessen bitte unter info@servercow.de . Dar\u00fcber hinaus bieten wir auch eine voll ausgestattete und verwaltete managed mailcow an. Auf diese Weise k\u00fcmmern wir uns um alles technische und Sie k\u00f6nnen Ihr ganzes Mail-Erlebnis auf eine problemlose Weise genie\u00dfen.","title":"Kommerzieller Support"},{"location":"de/#community-unterstutzung-und-chat","text":"Die andere Alternative ist unser kostenloser Community-Support auf unseren verschiedenen Kan\u00e4len unten. Bitte beachten Sie, dass dieser Support von unserer gro\u00dfartigen Community rund um mailcow betrieben wird. Diese Art von Support ist best-effort, freiwillig und es gibt keine Garantie f\u00fcr irgendetwas. Unsere mailcow Community @ community.mailcow.email Telegram (Support) @ t.me/mailcow . Telegram (Off-Topic) @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram Desktop-Clients sind f\u00fcr mehrere Plattformen verf\u00fcgbar. Sie k\u00f6nnen den Gruppenverlauf nach Stichworten durchsuchen. Nur f\u00fcr Bug Tracking, Feature Requests und Codebeitr\u00e4ge : GitHub @ mailcow/mailcow-dockerized","title":"Community-Unterst\u00fctzung und Chat"},{"location":"de/#demos","text":"Seit September 2022 stellen wir zwei Verschiedene Demos bereit: demo.mailcow.email ist die altbekannte Demo, welche sich am Stabilen Stand der mailcow orrientiert. nightly-demo.mailcow.email ist die neue Nightly Demo , welche Testfunktionen beherbergt. (Also insbesondere f\u00fcr alle interessant, die keine M\u00f6glichkeit haben sich eine Testinstanz selbst zu erstellen.) Die folgenden Anmeldedaten f\u00fcrs Login funktionieren bei beiden Varianten: Administrator : admin / moohoo Dom\u00e4nen-Administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo Besonderheit Die Demo Instanzen erhalten die neusten Updates direkt nach Release von GitHub. Vollautomatisch, ohne Downtime!","title":"Demos"},{"location":"de/#uberblick","text":"Die integrierte mailcow UI erm\u00f6glicht administrative Arbeiten auf Ihrer Mailserver-Instanz sowie einen getrennten Domain-Administrator- und Mailbox-Benutzer-Zugriff: DKIM und ARC Unterst\u00fctzung Black- und Whitelists pro Domain und pro Benutzer Spam-Score-Verwaltung pro Benutzer (Spam ablehnen, Spam markieren, Greylist) Erlauben Sie Mailbox-Benutzern, tempor\u00e4re Spam-Aliase zu erstellen Voranstellen von E-Mail-Tags an den Betreff oder Verschieben von E-Mails in Unterordner (pro Benutzer) Mailbox-Benutzer k\u00f6nnen die TLS-Durchsetzung f\u00fcr eingehende und ausgehende Nachrichten umschalten Benutzer k\u00f6nnen die Caches von SOGo ActiveSync-Ger\u00e4ten zur\u00fccksetzen imapsync, um entfernte Postf\u00e4cher regelm\u00e4\u00dfig zu migrieren oder abzurufen TFA: Yubikey OTP und U2F USB (nur Google Chrome und Derivate), TOTP Hinzuf\u00fcgen von Dom\u00e4nen, Postf\u00e4chern, Aliasen, Dom\u00e4nenaliasen und SOGo-Ressourcen Hinzuf\u00fcgen von Whitelist-Hosts zur Weiterleitung von Mails an mailcow Fail2ban-\u00e4hnliche Integration Quarant\u00e4ne-System Antivirus-Scanning inkl. Makro-Scanning in Office-Dokumenten Integrierte Basis\u00fcberwachung Eine Menge mehr... mailcow: dockerized kommt mit mehreren Containern, die in einem \u00fcberbr\u00fcckten Netzwerk verbunden sind. Jeder Container repr\u00e4sentiert eine einzelne Anwendung. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-\u00e4hnliche Integration von @mkuron ) Nginx Oletools \u00fcber Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound Ein Watchdog f\u00fcr die grundlegende \u00dcberwachung Achtung Die Mails werden komprimiert und verschl\u00fcsselt gespeichert. Das Schl\u00fcsselpaar ist in crypt-vol-1 zu finden. Bitte vergessen Sie nicht, dieses zu sichern. Docker-Volumes zur Aufbewahrung dynamischer Daten - k\u00fcmmern Sie sich um sie! clamd-db-vol-1 crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"\u00dcberblick"},{"location":"de/backup_restore/b_n_r-accidental_deletion/","text":"Sie haben also ein Postfach gel\u00f6scht und haben keine Sicherungskopien? Wenn Sie Ihren Fehler innerhalb von ein paar Stunden bemerken, k\u00f6nnen Sie die Daten des Benutzers wahrscheinlich wiederherstellen. SOGo \u00b6 Wir erstellen automatisch t\u00e4gliche Backups (24 Stunden Intervall ab dem Hochfahren -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrem Mailcow-Backend existiert . Legen Sie diesen neu an, falls nicht mehr existent. Kopieren Sie die Datei mit dem Namen des Benutzers, den Sie wiederherstellen wollen, nach __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Kopieren Sie die Sicherung: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Starten Sie docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org . F\u00fchren Sie sogo-tool ohne Parameter aus, um nach m\u00f6glichen Wiederherstellungsoptionen zu suchen. 3. L\u00f6schen Sie die kopierte Sicherung, indem Sie rm __MAILCOW_DIRECTORY__/data/conf/sogo ausf\u00fchren 4. Starten Sie SOGo und Memcached neu: docker compose restart sogo-mailcow memcached-mailcow Mail \u00b6 Im Falle einer versehentlichen L\u00f6schung einer Mailbox, k\u00f6nnen Sie diese (standardm\u00e4\u00dfig) 5 Tage lang wiederherstellen. Dies h\u00e4ngt von dem MAILDIR_GC_TIME Parameter in mailcow.conf ab. Eine gel\u00f6schte Mailbox wird in ihrer verschl\u00fcsselten Form nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage kopiert. Der Ordner innerhalb von _garbage folgt der Struktur [timestamp]_[domain_sanitized][user_sanitized] , zum Beispiel 1629109708_exampleorgtest im Falle von test@example.org , das am 1629109708 gel\u00f6scht wurde. Um die Mailbox wiederherzustellen, stellen Sie sicher, dass Sie tats\u00e4chlich auf die gleiche Mailcow wiederherstellen, von der sie gel\u00f6scht wurde, oder Sie die gleichen Verschl\u00fcsselungsschl\u00fcssel in crypt-vol-1 verwenden. Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrer Mailcow existiert . Legen Sie diesen neu an, wenn der Benutzer fehlt. Kopieren Sie die Ordner von /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] zur\u00fcck nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] und synchronisieren Sie die Ordner neu und berechnen Sie die Quota (Speicherplatz) neu: docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Versehentlich gel\u00f6schte Daten wiederherstellen"},{"location":"de/backup_restore/b_n_r-accidental_deletion/#sogo","text":"Wir erstellen automatisch t\u00e4gliche Backups (24 Stunden Intervall ab dem Hochfahren -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrem Mailcow-Backend existiert . Legen Sie diesen neu an, falls nicht mehr existent. Kopieren Sie die Datei mit dem Namen des Benutzers, den Sie wiederherstellen wollen, nach __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Kopieren Sie die Sicherung: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Starten Sie docker compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org . F\u00fchren Sie sogo-tool ohne Parameter aus, um nach m\u00f6glichen Wiederherstellungsoptionen zu suchen. 3. L\u00f6schen Sie die kopierte Sicherung, indem Sie rm __MAILCOW_DIRECTORY__/data/conf/sogo ausf\u00fchren 4. Starten Sie SOGo und Memcached neu: docker compose restart sogo-mailcow memcached-mailcow","title":"SOGo"},{"location":"de/backup_restore/b_n_r-accidental_deletion/#mail","text":"Im Falle einer versehentlichen L\u00f6schung einer Mailbox, k\u00f6nnen Sie diese (standardm\u00e4\u00dfig) 5 Tage lang wiederherstellen. Dies h\u00e4ngt von dem MAILDIR_GC_TIME Parameter in mailcow.conf ab. Eine gel\u00f6schte Mailbox wird in ihrer verschl\u00fcsselten Form nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage kopiert. Der Ordner innerhalb von _garbage folgt der Struktur [timestamp]_[domain_sanitized][user_sanitized] , zum Beispiel 1629109708_exampleorgtest im Falle von test@example.org , das am 1629109708 gel\u00f6scht wurde. Um die Mailbox wiederherzustellen, stellen Sie sicher, dass Sie tats\u00e4chlich auf die gleiche Mailcow wiederherstellen, von der sie gel\u00f6scht wurde, oder Sie die gleichen Verschl\u00fcsselungsschl\u00fcssel in crypt-vol-1 verwenden. Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrer Mailcow existiert . Legen Sie diesen neu an, wenn der Benutzer fehlt. Kopieren Sie die Ordner von /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] zur\u00fcck nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] und synchronisieren Sie die Ordner neu und berechnen Sie die Quota (Speicherplatz) neu: docker compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Mail"},{"location":"de/backup_restore/b_n_r-backup/","text":"Sicherung \u00b6 Anleitung \u00b6 Sie k\u00f6nnen das mitgelieferte Skript helper-scripts/backup_and_restore.sh verwenden, um mailcow automatisch zu sichern. Bitte kopieren Sie dieses Skript nicht an einen anderen Ort. Um ein Backup zu starten, geben Sie \"backup\" als ersten Parameter an und entweder eine oder mehrere zu sichernde Komponenten als folgende Parameter. Sie k\u00f6nnen auch \"all\" als zweiten Parameter verwenden, um alle Komponenten zu sichern. F\u00fcgen Sie --delete-days n an, um Sicherungen zu l\u00f6schen, die \u00e4lter als n Tage sind. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Alles sichern, Sicherungen \u00e4lter als 3 Tage l\u00f6schen ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # vmail-, crypt- und mysql-Daten sichern, Sicherungen l\u00f6schen, die \u00e4lter als 30 Tage sind ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # vmail sichern ./helper-scripts/backup_and_restore.sh backup vmail Variablen f\u00fcr Backup/Restore Skript \u00b6 Multithreading \u00b6 Seit dem 2022-10 Update ist es m\u00f6glich das Skript mit Multithreading Support laufen zu lassen. Dies l\u00e4sst sich sowohl f\u00fcr Backups aber auch f\u00fcr Restores nutzen. Um das Backup/den Restore mit Multithreading zu starten muss THREADS als Umgebungsvariable vor dem Befehl zum starten hinzugef\u00fcgt werden. THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Die Anzahl hinter dem = Zeichen gibt dabei dann die Thread Anzahl an. Nehmen Sie bitte immer ihre Kernanzahl -2 um mailcow selber noch genug CPU Leistung zu lassen. Backup Pfad \u00b6 Das Skript wird Sie nach einem Speicherort f\u00fcr die Sicherung fragen. Innerhalb dieses Speicherortes wird es Ordner im Format \"mailcow_DATE\" erstellen. Sie sollten diese Ordner nicht umbenennen, um den Wiederherstellungsprozess nicht zu st\u00f6ren. Um ein Backup unbeaufsichtigt durchzuf\u00fchren, definieren Sie MAILCOW_BACKUP_LOCATION als Umgebungsvariable, bevor Sie das Skript starten: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Tipp Beide oben genannten Variablen k\u00f6nnen auch kombiniert werden! Bsp: MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Cronjob \u00b6 Sie k\u00f6nnen das Backup-Skript regelm\u00e4\u00dfig \u00fcber einen Cronjob laufen lassen. Stellen Sie sicher, dass BACKUP_LOCATION existiert: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Standardm\u00e4\u00dfig sendet Cron das komplette Ergebnis jeder Backup-Operation per E-Mail. Wenn Sie m\u00f6chten, dass cron nur im Fehlerfall (Exit-Code ungleich Null) eine E-Mail sendet, k\u00f6nnen Sie den folgenden Ausschnitt verwenden. Die Pfade m\u00fcssen entsprechend Ihrer Einrichtung angepasst werden (dieses Skript ist ein Beitrag eines Benutzers). Das folgende Skript kann in /etc/cron.daily/mailcow-backup platziert werden - vergessen Sie nicht, es mit chmod +x als ausf\u00fchrbar zu markieren: #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi Backup-Strategie mit rsync und mailcow Backup-Skript \u00b6 Erstellen Sie das Zielverzeichnis f\u00fcr mailcows Hilfsskript: mkdir -p /external_share/backups/backup_script Cronjobs erstellen: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # Wenn Sie wollen, benutzen Sie das Werkzeug acl, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path Am Zielort (in diesem Fall /external_share/backups ) m\u00f6chten Sie vielleicht Snapshot-M\u00f6glichkeiten haben (ZFS, Btrfs usw.). Machen Sie t\u00e4glich einen Snapshot und bewahren Sie ihn f\u00fcr n Tage auf, um ein konsistentes Backup zu erhalten. F\u00fchren Sie kein rsync auf eine Samba-Freigabe durch, Sie m\u00fcssen die richtigen Berechtigungen behalten! Zum Wiederherstellen m\u00fcssen Sie rsync einfach in umgekehrter Richtung ausf\u00fchren und Docker neu starten, um die Volumes erneut zu lesen. F\u00fchren Sie docker compose pull und docker compose up -d aus. Wenn Sie Gl\u00fcck haben, k\u00f6nnen Redis und MariaDB die inkonsistenten Datenbanken automatisch reparieren (wenn sie inkonsistent sind ). Im Falle einer besch\u00e4digten Datenbank m\u00fcssen Sie das Hilfsskript verwenden, um die inkonsistenten Elemente wiederherzustellen. Wenn die Wiederherstellung fehlschl\u00e4gt, versuchen Sie, die Sicherungen zu extrahieren und die Dateien manuell zur\u00fcck zu kopieren. Behalten Sie die Dateiberechtigungen bei!","title":"Sicherung"},{"location":"de/backup_restore/b_n_r-backup/#sicherung","text":"","title":"Sicherung"},{"location":"de/backup_restore/b_n_r-backup/#anleitung","text":"Sie k\u00f6nnen das mitgelieferte Skript helper-scripts/backup_and_restore.sh verwenden, um mailcow automatisch zu sichern. Bitte kopieren Sie dieses Skript nicht an einen anderen Ort. Um ein Backup zu starten, geben Sie \"backup\" als ersten Parameter an und entweder eine oder mehrere zu sichernde Komponenten als folgende Parameter. Sie k\u00f6nnen auch \"all\" als zweiten Parameter verwenden, um alle Komponenten zu sichern. F\u00fcgen Sie --delete-days n an, um Sicherungen zu l\u00f6schen, die \u00e4lter als n Tage sind. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Alles sichern, Sicherungen \u00e4lter als 3 Tage l\u00f6schen ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # vmail-, crypt- und mysql-Daten sichern, Sicherungen l\u00f6schen, die \u00e4lter als 30 Tage sind ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # vmail sichern ./helper-scripts/backup_and_restore.sh backup vmail","title":"Anleitung"},{"location":"de/backup_restore/b_n_r-backup/#variablen-fur-backuprestore-skript","text":"","title":"Variablen f\u00fcr Backup/Restore Skript"},{"location":"de/backup_restore/b_n_r-backup/#multithreading","text":"Seit dem 2022-10 Update ist es m\u00f6glich das Skript mit Multithreading Support laufen zu lassen. Dies l\u00e4sst sich sowohl f\u00fcr Backups aber auch f\u00fcr Restores nutzen. Um das Backup/den Restore mit Multithreading zu starten muss THREADS als Umgebungsvariable vor dem Befehl zum starten hinzugef\u00fcgt werden. THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Die Anzahl hinter dem = Zeichen gibt dabei dann die Thread Anzahl an. Nehmen Sie bitte immer ihre Kernanzahl -2 um mailcow selber noch genug CPU Leistung zu lassen.","title":"Multithreading"},{"location":"de/backup_restore/b_n_r-backup/#backup-pfad","text":"Das Skript wird Sie nach einem Speicherort f\u00fcr die Sicherung fragen. Innerhalb dieses Speicherortes wird es Ordner im Format \"mailcow_DATE\" erstellen. Sie sollten diese Ordner nicht umbenennen, um den Wiederherstellungsprozess nicht zu st\u00f6ren. Um ein Backup unbeaufsichtigt durchzuf\u00fchren, definieren Sie MAILCOW_BACKUP_LOCATION als Umgebungsvariable, bevor Sie das Skript starten: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Tipp Beide oben genannten Variablen k\u00f6nnen auch kombiniert werden! Bsp: MAILCOW_BACKUP_LOCATION=/opt/backup THREADS=14 /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all","title":"Backup Pfad"},{"location":"de/backup_restore/b_n_r-backup/#cronjob","text":"Sie k\u00f6nnen das Backup-Skript regelm\u00e4\u00dfig \u00fcber einen Cronjob laufen lassen. Stellen Sie sicher, dass BACKUP_LOCATION existiert: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Standardm\u00e4\u00dfig sendet Cron das komplette Ergebnis jeder Backup-Operation per E-Mail. Wenn Sie m\u00f6chten, dass cron nur im Fehlerfall (Exit-Code ungleich Null) eine E-Mail sendet, k\u00f6nnen Sie den folgenden Ausschnitt verwenden. Die Pfade m\u00fcssen entsprechend Ihrer Einrichtung angepasst werden (dieses Skript ist ein Beitrag eines Benutzers). Das folgende Skript kann in /etc/cron.daily/mailcow-backup platziert werden - vergessen Sie nicht, es mit chmod +x als ausf\u00fchrbar zu markieren: #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi","title":"Cronjob"},{"location":"de/backup_restore/b_n_r-backup/#backup-strategie-mit-rsync-und-mailcow-backup-skript","text":"Erstellen Sie das Zielverzeichnis f\u00fcr mailcows Hilfsskript: mkdir -p /external_share/backups/backup_script Cronjobs erstellen: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # Wenn Sie wollen, benutzen Sie das Werkzeug acl, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path Am Zielort (in diesem Fall /external_share/backups ) m\u00f6chten Sie vielleicht Snapshot-M\u00f6glichkeiten haben (ZFS, Btrfs usw.). Machen Sie t\u00e4glich einen Snapshot und bewahren Sie ihn f\u00fcr n Tage auf, um ein konsistentes Backup zu erhalten. F\u00fchren Sie kein rsync auf eine Samba-Freigabe durch, Sie m\u00fcssen die richtigen Berechtigungen behalten! Zum Wiederherstellen m\u00fcssen Sie rsync einfach in umgekehrter Richtung ausf\u00fchren und Docker neu starten, um die Volumes erneut zu lesen. F\u00fchren Sie docker compose pull und docker compose up -d aus. Wenn Sie Gl\u00fcck haben, k\u00f6nnen Redis und MariaDB die inkonsistenten Datenbanken automatisch reparieren (wenn sie inkonsistent sind ). Im Falle einer besch\u00e4digten Datenbank m\u00fcssen Sie das Hilfsskript verwenden, um die inkonsistenten Elemente wiederherzustellen. Wenn die Wiederherstellung fehlschl\u00e4gt, versuchen Sie, die Sicherungen zu extrahieren und die Dateien manuell zur\u00fcck zu kopieren. Behalten Sie die Dateiberechtigungen bei!","title":"Backup-Strategie mit rsync und mailcow Backup-Skript"},{"location":"de/backup_restore/b_n_r-backup_restore-maildir/","text":"Sicherung \u00b6 Diese Zeile sichert das vmail-Verzeichnis in eine Datei backup_vmail.tar.gz im mailcow-Root-Verzeichnis: cd /pfad/zu/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail Sie k\u00f6nnen den Pfad \u00e4ndern, indem Sie ${PWD} (das dem aktuellen Verzeichnis entspricht) zu einem beliebigen Pfad \u00e4ndern, auf den Sie Schreibzugriff haben. Setzen Sie den Dateinamen backup_vmail.tar.gz auf einen beliebigen Namen, aber lassen Sie den Pfad so wie er ist. Beispiel: [...] tar cvfz /backup/mein_eigener_dateiname_.tar.gz Wiederherstellen \u00b6 cd /pfad/zu/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Mail-Verzeichnis"},{"location":"de/backup_restore/b_n_r-backup_restore-maildir/#sicherung","text":"Diese Zeile sichert das vmail-Verzeichnis in eine Datei backup_vmail.tar.gz im mailcow-Root-Verzeichnis: cd /pfad/zu/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail Sie k\u00f6nnen den Pfad \u00e4ndern, indem Sie ${PWD} (das dem aktuellen Verzeichnis entspricht) zu einem beliebigen Pfad \u00e4ndern, auf den Sie Schreibzugriff haben. Setzen Sie den Dateinamen backup_vmail.tar.gz auf einen beliebigen Namen, aber lassen Sie den Pfad so wie er ist. Beispiel: [...] tar cvfz /backup/mein_eigener_dateiname_.tar.gz","title":"Sicherung"},{"location":"de/backup_restore/b_n_r-backup_restore-maildir/#wiederherstellen","text":"cd /pfad/zu/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Wiederherstellen"},{"location":"de/backup_restore/b_n_r-backup_restore-mysql/","text":"Sicherung \u00b6 cd /pfad/zu/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql Wiederherstellen \u00b6 Warning Sie sollten den SQL-Dump ohne docker compose umleiten, um Parsing-Fehler zu vermeiden. cd /pfad/zu/mailcow-dockerized source mailcow.conf docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"MySQL (mysqldump)"},{"location":"de/backup_restore/b_n_r-backup_restore-mysql/#sicherung","text":"cd /pfad/zu/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql","title":"Sicherung"},{"location":"de/backup_restore/b_n_r-backup_restore-mysql/#wiederherstellen","text":"Warning Sie sollten den SQL-Dump ohne docker compose umleiten, um Parsing-Fehler zu vermeiden. cd /pfad/zu/mailcow-dockerized source mailcow.conf docker exec -i $(docker compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"Wiederherstellen"},{"location":"de/backup_restore/b_n_r-coldstandby/","text":"Cold-standby-Backup \u00b6 mailcow bietet eine einfache M\u00f6glichkeit, eine konsistente Kopie von sich selbst zu erstellen, die per rsync an einen entfernten Ort ohne Ausfallzeit \u00fcbertragen werden kann. Dies kann auch verwendet werden, um Ihre mailcow auf einen neuen Server zu \u00fcbertragen. Das sollten Sie wissen \u00b6 Das bereitgestellte Skript funktioniert auf Standardinstallationen. Es kann versagen, wenn Sie nicht unterst\u00fctzte Volume Overrides verwenden. Wir unterst\u00fctzen das nicht und wir werden keine Hacks einbauen, die das unterst\u00fctzen. Bitte erstellen und pflegen Sie einen Fork, wenn Sie Ihre \u00c4nderungen beibehalten wollen. Das Skript wird die gleichen Pfade wie Ihre Standard-Mailcow-Installation verwenden. Das ist das mailcow-Basisverzeichnis - f\u00fcr die meisten Nutzer /opt/mailcow-dockerized - sowie die Mountpoints. Um die Pfade Ihrer Quellvolumes zu finden, verwenden wir docker inspect und lesen das Zielverzeichnis jedes Volumes, das mit Ihrem mailcow compose Projekt verbunden ist. Das bedeutet, dass wir auch Volumes \u00fcbertragen, die Sie in einer Override-Datei hinzugef\u00fcgt haben. Lokale Bind-Mounts k\u00f6nnen funktionieren, m\u00fcssen aber nicht. Das Skript verwendet rsync mit dem --delete Flag. Das Ziel wird eine exakte Kopie der Quelle sein. mariabackup wird verwendet, um eine konsistente Kopie des SQL-Datenverzeichnisses zu erstellen. Nach dem Rsync der Daten f\u00fchren wir docker compose pull aus und entfernen alte Image-Tags aus dem Ziel. Ihre Quelle wird zu keinem Zeitpunkt ver\u00e4ndert. Sie sollten sicherstellen, dass Sie die gleiche /etc/docker/daemon.json auf dem entfernten Ziel verwenden. Sie sollten keine Festplatten-Snapshots (z. B. \u00fcber ZFS, LVM usw.) auf dem Ziel ausf\u00fchren, w\u00e4hrend dieses Skript ausgef\u00fchrt wird. Die Versionierung ist nicht Teil dieses Skripts, wir verlassen uns auf das Ziel (Snapshots oder Backups). Sie k\u00f6nnen daf\u00fcr auch jedes andere Tool verwenden. Vorbereiten \u00b6 Sie ben\u00f6tigen ein SSH-f\u00e4higes Ziel und eine Schl\u00fcsseldatei, um sich mit diesem Ziel zu verbinden. Der Schl\u00fcssel sollte nicht durch ein Passwort gesch\u00fctzt sein, damit das Skript unbeaufsichtigt arbeiten kann. In Ihrem mailcow-Basisverzeichnis, z.B. /opt/mailcow-dockerized , finden Sie eine Datei create_cold_standby.sh . Bearbeiten Sie diese Datei und \u00e4ndern Sie die exportierten Variablen: export REMOTE_SSH_KEY=/pfad/zum/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name Der Schl\u00fcssel muss im Besitz von root sein und darf nur von diesem gelesen werden k\u00f6nnen. Sowohl die Quelle als auch das Ziel ben\u00f6tigen rsync >= v3.1.0. Das Ziel muss \u00fcber Docker und docker compose v2 verf\u00fcgen. Das Skript wird Fehler automatisch erkennen und sich beenden. Sie k\u00f6nnen die Verbindung testen, indem Sie ssh mailcow-backup.host.name -p22 -i /path/to/keyfile ausf\u00fchren. Backup und Aktualisierung des Cold-Standby \u00b6 Starten Sie das erste Backup, dies kann je nach Verbindung eine Weile dauern: bash /opt/mailcow-dockerized/create_cold_standby.sh Das war einfach, nicht wahr? Das Aktualisieren des Cold-Standby ist genauso einfach: bash /opt/mailcow-dockerized/create_cold_standby.sh Es ist derselbe Befehl. Automatisierte Backups mit cron \u00b6 Stellen Sie zun\u00e4chst sicher, dass der cron Dienst aktiviert ist und l\u00e4uft: systemctl enable cron.service && systemctl start cron.service Um die Backups auf dem Cold-Standby-Server zu automatisieren, k\u00f6nnen Sie einen Cron-Job verwenden. Um die Cron-Jobs f\u00fcr den Root-Benutzer zu bearbeiten, f\u00fchren Sie aus: crontab -e F\u00fcgen Sie die folgenden Zeilen hinzu, um den Cold-Standby-Server t\u00e4glich um 03:00 Uhr zu synchronisieren. In diesem Beispiel werden Fehler der letzten Ausf\u00fchrung in einer Datei protokolliert. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log Wenn korrekt gespeichert, sollte der Cron-Job durch folgende Eingabe angezeigt werden: crontab -l","title":"Cold-standby (rollende Sicherung)"},{"location":"de/backup_restore/b_n_r-coldstandby/#cold-standby-backup","text":"mailcow bietet eine einfache M\u00f6glichkeit, eine konsistente Kopie von sich selbst zu erstellen, die per rsync an einen entfernten Ort ohne Ausfallzeit \u00fcbertragen werden kann. Dies kann auch verwendet werden, um Ihre mailcow auf einen neuen Server zu \u00fcbertragen.","title":"Cold-standby-Backup"},{"location":"de/backup_restore/b_n_r-coldstandby/#das-sollten-sie-wissen","text":"Das bereitgestellte Skript funktioniert auf Standardinstallationen. Es kann versagen, wenn Sie nicht unterst\u00fctzte Volume Overrides verwenden. Wir unterst\u00fctzen das nicht und wir werden keine Hacks einbauen, die das unterst\u00fctzen. Bitte erstellen und pflegen Sie einen Fork, wenn Sie Ihre \u00c4nderungen beibehalten wollen. Das Skript wird die gleichen Pfade wie Ihre Standard-Mailcow-Installation verwenden. Das ist das mailcow-Basisverzeichnis - f\u00fcr die meisten Nutzer /opt/mailcow-dockerized - sowie die Mountpoints. Um die Pfade Ihrer Quellvolumes zu finden, verwenden wir docker inspect und lesen das Zielverzeichnis jedes Volumes, das mit Ihrem mailcow compose Projekt verbunden ist. Das bedeutet, dass wir auch Volumes \u00fcbertragen, die Sie in einer Override-Datei hinzugef\u00fcgt haben. Lokale Bind-Mounts k\u00f6nnen funktionieren, m\u00fcssen aber nicht. Das Skript verwendet rsync mit dem --delete Flag. Das Ziel wird eine exakte Kopie der Quelle sein. mariabackup wird verwendet, um eine konsistente Kopie des SQL-Datenverzeichnisses zu erstellen. Nach dem Rsync der Daten f\u00fchren wir docker compose pull aus und entfernen alte Image-Tags aus dem Ziel. Ihre Quelle wird zu keinem Zeitpunkt ver\u00e4ndert. Sie sollten sicherstellen, dass Sie die gleiche /etc/docker/daemon.json auf dem entfernten Ziel verwenden. Sie sollten keine Festplatten-Snapshots (z. B. \u00fcber ZFS, LVM usw.) auf dem Ziel ausf\u00fchren, w\u00e4hrend dieses Skript ausgef\u00fchrt wird. Die Versionierung ist nicht Teil dieses Skripts, wir verlassen uns auf das Ziel (Snapshots oder Backups). Sie k\u00f6nnen daf\u00fcr auch jedes andere Tool verwenden.","title":"Das sollten Sie wissen"},{"location":"de/backup_restore/b_n_r-coldstandby/#vorbereiten","text":"Sie ben\u00f6tigen ein SSH-f\u00e4higes Ziel und eine Schl\u00fcsseldatei, um sich mit diesem Ziel zu verbinden. Der Schl\u00fcssel sollte nicht durch ein Passwort gesch\u00fctzt sein, damit das Skript unbeaufsichtigt arbeiten kann. In Ihrem mailcow-Basisverzeichnis, z.B. /opt/mailcow-dockerized , finden Sie eine Datei create_cold_standby.sh . Bearbeiten Sie diese Datei und \u00e4ndern Sie die exportierten Variablen: export REMOTE_SSH_KEY=/pfad/zum/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name Der Schl\u00fcssel muss im Besitz von root sein und darf nur von diesem gelesen werden k\u00f6nnen. Sowohl die Quelle als auch das Ziel ben\u00f6tigen rsync >= v3.1.0. Das Ziel muss \u00fcber Docker und docker compose v2 verf\u00fcgen. Das Skript wird Fehler automatisch erkennen und sich beenden. Sie k\u00f6nnen die Verbindung testen, indem Sie ssh mailcow-backup.host.name -p22 -i /path/to/keyfile ausf\u00fchren.","title":"Vorbereiten"},{"location":"de/backup_restore/b_n_r-coldstandby/#backup-und-aktualisierung-des-cold-standby","text":"Starten Sie das erste Backup, dies kann je nach Verbindung eine Weile dauern: bash /opt/mailcow-dockerized/create_cold_standby.sh Das war einfach, nicht wahr? Das Aktualisieren des Cold-Standby ist genauso einfach: bash /opt/mailcow-dockerized/create_cold_standby.sh Es ist derselbe Befehl.","title":"Backup und Aktualisierung des Cold-Standby"},{"location":"de/backup_restore/b_n_r-coldstandby/#automatisierte-backups-mit-cron","text":"Stellen Sie zun\u00e4chst sicher, dass der cron Dienst aktiviert ist und l\u00e4uft: systemctl enable cron.service && systemctl start cron.service Um die Backups auf dem Cold-Standby-Server zu automatisieren, k\u00f6nnen Sie einen Cron-Job verwenden. Um die Cron-Jobs f\u00fcr den Root-Benutzer zu bearbeiten, f\u00fchren Sie aus: crontab -e F\u00fcgen Sie die folgenden Zeilen hinzu, um den Cold-Standby-Server t\u00e4glich um 03:00 Uhr zu synchronisieren. In diesem Beispiel werden Fehler der letzten Ausf\u00fchrung in einer Datei protokolliert. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log Wenn korrekt gespeichert, sollte der Cron-Job durch folgende Eingabe angezeigt werden: crontab -l","title":"Automatisierte Backups mit cron"},{"location":"de/backup_restore/b_n_r-restore/","text":"Wiederherstellung \u00b6 Bitte kopieren Sie dieses Skript nicht an einen anderen Ort. Um eine Wiederherstellung durchzuf\u00fchren, starten Sie mailcow , verwenden Sie das Skript mit \"restore\" als ersten Parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore Das Skript wird Sie nach einem Speicherort f\u00fcr die Sicherung der mailcow_DATE-Ordner fragen.","title":"Wiederherstellung"},{"location":"de/backup_restore/b_n_r-restore/#wiederherstellung","text":"Bitte kopieren Sie dieses Skript nicht an einen anderen Ort. Um eine Wiederherstellung durchzuf\u00fchren, starten Sie mailcow , verwenden Sie das Skript mit \"restore\" als ersten Parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore Das Skript wird Sie nach einem Speicherort f\u00fcr die Sicherung der mailcow_DATE-Ordner fragen.","title":"Wiederherstellung"},{"location":"de/client/client-android/","text":"\u00d6ffnen Sie die App Email . Wenn dies Ihr erstes E-Mail-Konto ist, tippen Sie auf Konto hinzuf\u00fcgen ; wenn nicht, tippen Sie auf Mehr und Einstellungen und dann Konto hinzuf\u00fcgen . W\u00e4hlen Sie Microsoft Exchange ActiveSync . Geben Sie Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Tippen Sie auf Anmelden .","title":"Android"},{"location":"de/client/client-apple/","text":"Methode 1 \u00fcber Mobileconfig \u00b6 E-Mail, Kontakte und Kalender k\u00f6nnen auf Apple-Ger\u00e4ten automatisch konfiguriert werden, indem ein Profil installiert wird. Um ein Profil herunterzuladen, m\u00fcssen Sie sich zuerst in der mailcow UI anmelden. Methode 1.1: IMAP, SMTP und Cal/CardDAV \u00b6 Diese Methode konfiguriert IMAP, CardDAV und CalDAV. Downloaden und \u00f6ffnen die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden. Methode 1.2: IMAP, SMTP (kein DAV) \u00b6 Diese Methode konfiguriert nur IMAP und SMTP. Downloaden und \u00f6ffnen Sie die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden. Methode 2 (Exchange ActiveSync-Emulation) \u00b6 Unter iOS wird auch Exchange ActiveSync als Alternative zum obigen Verfahren unterst\u00fctzt. Es hat den Vorteil, dass es Push-E-Mail unterst\u00fctzt (d. h. Sie werden sofort \u00fcber eingehende Nachrichten benachrichtigt), hat aber einige Einschr\u00e4nkungen, z. B. unterst\u00fctzt es nicht mehr als drei E-Mail-Adressen pro Kontakt in Ihrem Adressbuch. Befolgen Sie die folgenden Schritte, wenn Sie stattdessen Exchange verwenden m\u00f6chten. \u00d6ffnen Sie die App Einstellungen , tippen Sie auf Mail , tippen Sie auf Konten , tippen Sie auf Konto hinzuf\u00fcgen , w\u00e4hlen Sie Exchange . Geben Sie Ihre E-Mail Adresse ( ) ein und tippen Sie auf Weiter . Geben Sie Ihr Passwort ein und tippen Sie erneut auf Weiter . Tippen Sie abschlie\u00dfend auf Speichern .","title":"Apple macOS / iOS"},{"location":"de/client/client-apple/#methode-1-uber-mobileconfig","text":"E-Mail, Kontakte und Kalender k\u00f6nnen auf Apple-Ger\u00e4ten automatisch konfiguriert werden, indem ein Profil installiert wird. Um ein Profil herunterzuladen, m\u00fcssen Sie sich zuerst in der mailcow UI anmelden.","title":"Methode 1 \u00fcber Mobileconfig"},{"location":"de/client/client-apple/#methode-11-imap-smtp-und-calcarddav","text":"Diese Methode konfiguriert IMAP, CardDAV und CalDAV. Downloaden und \u00f6ffnen die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden.","title":"Methode 1.1: IMAP, SMTP und Cal/CardDAV"},{"location":"de/client/client-apple/#methode-12-imap-smtp-kein-dav","text":"Diese Methode konfiguriert nur IMAP und SMTP. Downloaden und \u00f6ffnen Sie die Datei von https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Geben Sie den Entsperrungscode (iPhone) oder das Computerpasswort (Mac) ein. Geben Sie Ihr E-Mail-Passwort dreimal ein, wenn Sie dazu aufgefordert werden.","title":"Methode 1.2: IMAP, SMTP (kein DAV)"},{"location":"de/client/client-apple/#methode-2-exchange-activesync-emulation","text":"Unter iOS wird auch Exchange ActiveSync als Alternative zum obigen Verfahren unterst\u00fctzt. Es hat den Vorteil, dass es Push-E-Mail unterst\u00fctzt (d. h. Sie werden sofort \u00fcber eingehende Nachrichten benachrichtigt), hat aber einige Einschr\u00e4nkungen, z. B. unterst\u00fctzt es nicht mehr als drei E-Mail-Adressen pro Kontakt in Ihrem Adressbuch. Befolgen Sie die folgenden Schritte, wenn Sie stattdessen Exchange verwenden m\u00f6chten. \u00d6ffnen Sie die App Einstellungen , tippen Sie auf Mail , tippen Sie auf Konten , tippen Sie auf Konto hinzuf\u00fcgen , w\u00e4hlen Sie Exchange . Geben Sie Ihre E-Mail Adresse ( ) ein und tippen Sie auf Weiter . Geben Sie Ihr Passwort ein und tippen Sie erneut auf Weiter . Tippen Sie abschlie\u00dfend auf Speichern .","title":"Methode 2 (Exchange ActiveSync-Emulation)"},{"location":"de/client/client-emclient/","text":"Starten Sie eM Client. Wenn Sie eM Client zum ersten Mal starten, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort. Gehen Sie oben auf Men\u00fc , w\u00e4hlen Sie Tools und Konten . Geben Sie Ihre E-Mail Adresse ein ( ) und klicken Sie auf Jetzt starten . Geben Sie Ihr Passwort ein und klicken Sie auf Weiter . Geben Sie Ihren Namen ein ( ) und klicken Sie auf Weiter . Klicken Sie auf Fertigstellen .","title":"eM Client"},{"location":"de/client/client-kontact/","text":"Starten Sie Kontact. Wenn Sie Kontact oder KMail zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort. Gehen Sie zu Mail in der Seitenleiste. Gehen Sie zum Men\u00fc Tools und w\u00e4hlen Sie Account Wizard . Geben Sie Ihren Namen ( ) , E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . Klicken Sie auf Konto erstellen . Wenn Sie dazu aufgefordert werden, geben Sie Ihr Passwort erneut ein und klicken Sie auf OK . Schlie\u00dfen Sie das Fenster, indem Sie auf Beenden klicken. Gehen Sie zu Kalender in der Seitenleiste. Gehen Sie zum Men\u00fc Einstellungen und w\u00e4hlen Sie Konfigurieren Sie KOrganizer . Gehen Sie zur Registerkarte Kalender und klicken Sie auf die Schaltfl\u00e4che Hinzuf\u00fcgen . W\u00e4hlen Sie DAV-Groupware-Ressource und klicken Sie auf OK . Geben Sie Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . W\u00e4hlen Sie ScalableOGo aus dem Dropdown-Men\u00fc und klicken Sie auf Weiter . Geben Sie den mailcow Hostname in das Feld Host ein und klicken Sie auf Weiter . Klicken Sie auf Verbindung testen und dann auf Fertigstellen . Klicken Sie abschlie\u00dfend zweimal auf OK . Sobald Sie Kontact eingerichtet haben, k\u00f6nnen Sie KMail, KOrganizer und KAddressBook auch einzeln verwenden.","title":"KDE Kontact"},{"location":"de/client/client-manual/","text":"Diese Anweisungen gelten nur f\u00fcr unver\u00e4nderte Portbindungen! E-Mail \u00b6 Dienst Verschl\u00fcsselung Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Bitte verwenden Sie \"plain\" als Authentifizierungsmechanismus. Entgegen der Annahme werden keine Passw\u00f6rter im Klartext \u00fcbertragen, da ohne TLS keine Authentifizierung stattfinden darf. Kontakte und Kalender \u00b6 SOGos Standard-URLs f\u00fcr Kalender (CalDAV) und Kontakte (CardDAV): CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Einige Anwendungen verlangen m\u00f6glicherweise die Verwendung von https://mail.example.com/SOGo/dav/ oder den vollst\u00e4ndigen Pfad zu Ihrem Kalender, der in SOGo gefunden und kopiert werden kann.","title":"Manuelle Konfiguration"},{"location":"de/client/client-manual/#e-mail","text":"Dienst Verschl\u00fcsselung Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Bitte verwenden Sie \"plain\" als Authentifizierungsmechanismus. Entgegen der Annahme werden keine Passw\u00f6rter im Klartext \u00fcbertragen, da ohne TLS keine Authentifizierung stattfinden darf.","title":"E-Mail"},{"location":"de/client/client-manual/#kontakte-und-kalender","text":"SOGos Standard-URLs f\u00fcr Kalender (CalDAV) und Kontakte (CardDAV): CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Einige Anwendungen verlangen m\u00f6glicherweise die Verwendung von https://mail.example.com/SOGo/dav/ oder den vollst\u00e4ndigen Pfad zu Ihrem Kalender, der in SOGo gefunden und kopiert werden kann.","title":"Kontakte und Kalender"},{"location":"de/client/client-outlook/","text":"Outlook 2016 oder h\u00f6her von Office 365 unter Windows \u00b6 Dies gilt nur, wenn Ihr Serveradministrator EAS f\u00fcr Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung f\u00fcr Outlook 2007. Outlook 2016 hat ein Problem mit der automatischen Erkennung . Nur Outlook von Office 365 ist betroffen. Wenn Sie Outlook aus einer anderen Quelle installiert haben, folgen Sie bitte der Anleitung f\u00fcr Outlook 2013 oder h\u00f6her. F\u00fcr EAS m\u00fcssen Sie den alten Assistenten verwenden, indem Sie C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE starten. Wenn diese Anwendung ge\u00f6ffnet wird, k\u00f6nnen Sie mit Schritt 4 der Anleitung f\u00fcr Outlook 2013 unten fortfahren. Wenn die Anwendung nicht ge\u00f6ffnet wird, k\u00f6nnen Sie den Assistenten zum Erstellen eines neuen Kontos vollst\u00e4ndig deaktivieren und die nachstehende Anleitung f\u00fcr Outlook 2013 befolgen. Outlook 2007 oder h\u00f6her auf Windows (Kalender/Kontakte via CalDav Synchronizer) \u00b6 Downloaden und installieren Sie Outlook CalDav Synchronizer . Starten Sie Outlook. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 5 fort. Gehen Sie zum Men\u00fc Datei und klicken Sie auf Konto hinzuf\u00fcgen . Geben Sie Ihren Namen ( ) , Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . Klicken Sie auf Finish . Gehen Sie zur Multifunktionsleiste CalDav Synchronizer und klicken Sie auf Synchronisationsprofile . Klicken Sie auf die zweite Schaltfl\u00e4che oben ( Mehrere Profile hinzuf\u00fcgen ), w\u00e4hlen Sie Sogo und klicken Sie auf Ok . Klicken Sie auf die Schaltfl\u00e4che IMAP/POP3-Kontoeinstellungen abrufen . Klicken Sie auf Ressourcen erkennen und Outlook-Ordnern zuweisen . W\u00e4hlen Sie im Fenster Ressource ausw\u00e4hlen Ihren Hauptkalender (in der Regel Pers\u00f6nlicher Kalender ), klicken Sie auf die Schaltfl\u00e4che ... , weisen Sie ihn dem Ordner Kalender zu, und klicken Sie auf OK . Gehen Sie zu den Registerkarten Adressb\u00fccher und Aufgaben und wiederholen Sie den Vorgang entsprechend. Weisen Sie nicht mehreren Kalendern, Adressb\u00fcchern oder Aufgabenlisten zu! Schlie\u00dfen Sie alle Fenster mit den Tasten OK . Outlook 2013 oder h\u00f6her unter Windows (Active Sync - nicht empfohlen) \u00b6 Dies gilt nur, wenn Ihr Serveradministrator EAS f\u00fcr Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung f\u00fcr Outlook 2007. Starten Sie Outlook. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort. \u00d6ffnen Sie das Men\u00fc Datei und klicken Sie auf Konto hinzuf\u00fcgen . Geben Sie Ihren Namen ( ) , Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . Wenn Sie dazu aufgefordert werden, geben Sie Ihr Passwort erneut ein, markieren Sie Meine Anmeldedaten speichern und klicken Sie auf OK . Klicken Sie auf die Schaltfl\u00e4che Zulassen . Klicken Sie auf Fertigstellen . Outlook 2011 oder h\u00f6her unter macOS \u00b6 Die Mac-Version von Outlook synchronisiert keine Kalender und Kontakte und wird daher nicht unterst\u00fctzt.","title":"Microsoft Outlook"},{"location":"de/client/client-outlook/#outlook-2016-oder-hoher-von-office-365-unter-windows","text":"Dies gilt nur, wenn Ihr Serveradministrator EAS f\u00fcr Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung f\u00fcr Outlook 2007. Outlook 2016 hat ein Problem mit der automatischen Erkennung . Nur Outlook von Office 365 ist betroffen. Wenn Sie Outlook aus einer anderen Quelle installiert haben, folgen Sie bitte der Anleitung f\u00fcr Outlook 2013 oder h\u00f6her. F\u00fcr EAS m\u00fcssen Sie den alten Assistenten verwenden, indem Sie C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE starten. Wenn diese Anwendung ge\u00f6ffnet wird, k\u00f6nnen Sie mit Schritt 4 der Anleitung f\u00fcr Outlook 2013 unten fortfahren. Wenn die Anwendung nicht ge\u00f6ffnet wird, k\u00f6nnen Sie den Assistenten zum Erstellen eines neuen Kontos vollst\u00e4ndig deaktivieren und die nachstehende Anleitung f\u00fcr Outlook 2013 befolgen.","title":"Outlook 2016 oder h\u00f6her von Office 365 unter Windows"},{"location":"de/client/client-outlook/#outlook-2007-oder-hoher-auf-windows-kalenderkontakte-via-caldav-synchronizer","text":"Downloaden und installieren Sie Outlook CalDav Synchronizer . Starten Sie Outlook. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 5 fort. Gehen Sie zum Men\u00fc Datei und klicken Sie auf Konto hinzuf\u00fcgen . Geben Sie Ihren Namen ( ) , Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . Klicken Sie auf Finish . Gehen Sie zur Multifunktionsleiste CalDav Synchronizer und klicken Sie auf Synchronisationsprofile . Klicken Sie auf die zweite Schaltfl\u00e4che oben ( Mehrere Profile hinzuf\u00fcgen ), w\u00e4hlen Sie Sogo und klicken Sie auf Ok . Klicken Sie auf die Schaltfl\u00e4che IMAP/POP3-Kontoeinstellungen abrufen . Klicken Sie auf Ressourcen erkennen und Outlook-Ordnern zuweisen . W\u00e4hlen Sie im Fenster Ressource ausw\u00e4hlen Ihren Hauptkalender (in der Regel Pers\u00f6nlicher Kalender ), klicken Sie auf die Schaltfl\u00e4che ... , weisen Sie ihn dem Ordner Kalender zu, und klicken Sie auf OK . Gehen Sie zu den Registerkarten Adressb\u00fccher und Aufgaben und wiederholen Sie den Vorgang entsprechend. Weisen Sie nicht mehreren Kalendern, Adressb\u00fcchern oder Aufgabenlisten zu! Schlie\u00dfen Sie alle Fenster mit den Tasten OK .","title":"Outlook 2007 oder h\u00f6her auf Windows (Kalender/Kontakte via CalDav Synchronizer)"},{"location":"de/client/client-outlook/#outlook-2013-oder-hoher-unter-windows-active-sync-nicht-empfohlen","text":"Dies gilt nur, wenn Ihr Serveradministrator EAS f\u00fcr Outlook nicht deaktiviert hat. Wenn es deaktiviert ist, folgen Sie bitte stattdessen der Anleitung f\u00fcr Outlook 2007. Starten Sie Outlook. Wenn Sie Outlook zum ersten Mal gestartet haben, werden Sie aufgefordert, Ihr Konto einzurichten. Fahren Sie mit Schritt 4 fort. \u00d6ffnen Sie das Men\u00fc Datei und klicken Sie auf Konto hinzuf\u00fcgen . Geben Sie Ihren Namen ( ) , Ihre E-Mail Adresse ( ) und Ihr Passwort ein. Klicken Sie auf Weiter . Wenn Sie dazu aufgefordert werden, geben Sie Ihr Passwort erneut ein, markieren Sie Meine Anmeldedaten speichern und klicken Sie auf OK . Klicken Sie auf die Schaltfl\u00e4che Zulassen . Klicken Sie auf Fertigstellen .","title":"Outlook 2013 oder h\u00f6her unter Windows (Active Sync - nicht empfohlen)"},{"location":"de/client/client-outlook/#outlook-2011-oder-hoher-unter-macos","text":"Die Mac-Version von Outlook synchronisiert keine Kalender und Kontakte und wird daher nicht unterst\u00fctzt.","title":"Outlook 2011 oder h\u00f6her unter macOS"},{"location":"de/client/client-thunderbird/","text":"Starten Sie Thunderbird. Wenn Sie Thunderbird zum ersten Mal starten, werden Sie gefragt, ob Sie eine neue E-Mail-Adresse haben m\u00f6chten. Klicken Sie auf \u00dcberspringen und eine bereits vorhandene E-Mail verwenden und fahren Sie mit Schritt 4 fort. Gehen Sie zum Datei Men\u00fc und w\u00e4hlen Sie Neu , Bestehendes Mail-Konto... . Geben Sie Ihren Namen ( ) , Ihre E-Mail-Adresse ( ) und Ihr Passwort ein. Stellen Sie sicher, dass Passwort merken aktiviert ist und klicken Sie auf Weiter . Sobald die Konfiguration automatisch erkannt wurde, stellen Sie sicher, dass IMAP ausgew\u00e4hlt ist und klicken Sie auf Fertig . Um Ihre Kontakte vom Server zu verwenden, klicken Sie auf den Pfeil neben \"Adressb\u00fccher\" und auf die Schaltfl\u00e4che Verbinden f\u00fcr jedes Adressbuch, das Sie verwenden m\u00f6chten. Um Ihre Kalender vom Server zu verwenden, klicken Sie auf den Pfeil neben \"Kalender\" und dann auf die Schaltfl\u00e4che Verbinden f\u00fcr jeden Kalender, den Sie verwenden m\u00f6chten. Klicken Sie auf Beenden , um das Fenster Account Setup zu schlie\u00dfen.","title":"Mozilla Thunderbird"},{"location":"de/client/client-windows/","text":"Windows 8 und h\u00f6her unterst\u00fctzen E-Mail, Kontakte und Kalender \u00fcber Exchange ActiveSync. \u00d6ffnen Sie die App Mail . Wenn Sie Mail noch nicht verwendet haben, k\u00f6nnen Sie im Hauptfenster auf Konto hinzuf\u00fcgen klicken. Fahren Sie mit Schritt 4 fort. Klicken Sie auf Konten in der Seitenleiste links und dann auf Konto hinzuf\u00fcgen ganz rechts. W\u00e4hlen Sie Exchange . Geben Sie Ihre E-Mail Adresse ( ) ein und klicken Sie auf Weiter .. Geben Sie Ihr Passwort ein und klicken Sie auf Anmelden . Sobald Sie die Mail-App eingerichtet haben, k\u00f6nnen Sie auch die Apps \"Kontakte\" und \"Kalender\" verwenden.","title":"Windows Mail"},{"location":"de/client/client/","text":"mailcow unterst\u00fctzt eine Vielzahl von E-Mail-Clients, sowohl auf Desktop-Computern als auch auf Smartphones. Im Folgenden finden Sie eine Reihe von Konfigurationsanleitungen, die erkl\u00e4ren, wie Sie Ihr mailcow-Konto konfigurieren k\u00f6nnen. Tipp Wenn Sie auf diese Seite zugreifen, indem Sie sich bei Ihrem mailcow-Server anmelden und auf den Link \"Konfigurationsanleitungen f\u00fcr E-Mail-Clients und Smartphones anzeigen\" klicken, werden alle Anleitungen mit Ihrer E-Mail-Adresse und Ihrem Servernamen personalisiert. Erfolgreich Da Sie diese Seite aufgerufen haben, nachdem Sie sich in Ihren Mailcow-Server eingeloggt haben, wurden alle Anleitungen mit Ihrer E-Mail-Adresse und Ihrem Servernamen personalisiert. Android Apple iOS / macOS eM Client KDE Kontact / KMail Microsoft Outlook Mozilla Thunderbird Windows Mail Manual configuration","title":"\u00dcbersicht"},{"location":"de/i_u_m/i_u_m_deinstall/","text":"Um mailcow: dockerized mit all seinen Volumes, Images und Containern zu entfernen, tun Sie dies: docker compose (Plugin) docker-compose (Standalone) docker compose down -v --rmi all --remove-orphans docker-compose down -v --rmi all --remove-orphans Info -v Entfernt benannte Volumes, die im Abschnitt volumes der Compose-Datei deklariert sind, und anonyme Volumes, die an Container angeh\u00e4ngt sind. --rmi Images entfernen. Der Typ muss einer der folgenden sein: all : Entfernt alle Images, die von einem beliebigen Dienst verwendet werden. local : Entfernt nur Bilder, die kein benutzerdefiniertes Tag haben, das durch das Feld \"image\" gesetzt wurde. --remove-orphans Entfernt Container f\u00fcr Dienste, die nicht in der Compose-Datei definiert sind. Standardm\u00e4\u00dfig entfernt docker compose down nur derzeit aktive Container und Netzwerke, die in der Datei docker-compose.yml definiert sind.","title":"Deinstallation"},{"location":"de/i_u_m/i_u_m_install/","text":"Docker und Docker Compose Installation \u00b6 Sie ben\u00f6tigen Docker (eine Version >= 20.10.2 ist erforderlich) und Docker Compose (eine Version >= 2.0 ist erforderlich). Erfahren Sie, wie Sie Docker und Docker Compose installieren. Schnelle Installation f\u00fcr die meisten Betriebssysteme: Docker \u00b6 curl -sSL https://get.docker.com/ | CHANNEL=stable sh # Nachdem der Installationsprozess abgeschlossen ist, m\u00fcssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7) systemctl enable --now docker Bitte verwenden Sie die neueste verf\u00fcgbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird. docker compose \u00b6 Achtung mailcow ben\u00f6tigt eine Version von Docker Compose >= v2 . Sollte die Installation von Docker \u00fcber das obenstehende Skript erfolgt sein wird das Docker Compose Plugin bereits automatisch in einer Version >=2.0 installiert. Ist die mailcow Installation \u00e4lter oder Docker wurde auf einem anderen Weg installiert, muss das Compose Plugin bzw. die Standalone Version von Docker manuell installiert werden. Installation via Paketmanager (Plugin) \u00b6 Hinweis Diese Vorgehensweise mit den Paketquellen ist nur dann m\u00f6glich, wenn das Docker Repository eingebunden wurde. Dies kann entweder durch die Anleitung oben (siehe Docker ) oder durch eine manuelle Einbindung passieren. Auf Debian/Ubuntu Systemen: apt update apt install docker-compose-plugin Auf Centos 7 Systemen: yum update yum install docker-compose-plugin Achtung Die Syntax der Docker Compose Befehle lautet docker compose bei der Plugin Variante von Docker Compose!! Installation via Script (Standalone) \u00b6 Hinweis Diese Installation ist die alt bekannte Weise. Sie installiert Docker Compose als Standalone Programm und ist nicht auf die Art und weise der Docker Installation angewiesen. LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Achtung Die Syntax der Docker Compose Befehle lautet docker-compose bei der Standalone Variante von Docker Compose!! SELinux Besonderheiten pr\u00fcfen \u00b6 Auf SELinux-aktivierten Systemen, z.B. CentOS 7: Pr\u00fcfen Sie, ob das Paket \"container-selinux\" auf Ihrem System vorhanden ist: rpm -qa | grep container-selinux Wenn der obige Befehl eine leere oder keine Ausgabe liefert, sollten Sie es \u00fcber Ihren Paketmanager installieren. Pr\u00fcfen Sie, ob Docker SELinux-Unterst\u00fctzung aktiviert hat: docker info | grep selinux Wenn der obige Befehl eine leere oder keine Ausgabe liefert, erstellen oder bearbeiten Sie /etc/docker/daemon.json und f\u00fcgen Sie \"selinux-enabled\": true hinzu. Beispielhafter Inhalt der Datei: { \"selinux-enabled\": true } Starten Sie den Docker-Daemon neu und \u00fcberpr\u00fcfen Sie, ob SELinux nun aktiviert ist. Dieser Schritt ist erforderlich, um sicherzustellen, dass die mailcows-Volumes richtig gekennzeichnet sind, wie in der Compose-Datei angegeben. Wenn Sie daran interessiert sind, wie das funktioniert, k\u00f6nnen Sie sich die Readme-Datei von https://github.com/containers/container-selinux ansehen, die auf viele n\u00fctzliche Informationen zu diesem Thema verweist. mailcow Installieren \u00b6 Klonen Sie den Master-Zweig des Repositorys und stellen Sie sicher, dass Ihre umask gleich 0022 ist. Bitte klonen Sie das Repository als root-Benutzer und kontrollieren Sie auch den Stack als root. Wir werden die Attribute - wenn n\u00f6tig - \u00e4ndern, w\u00e4hrend wir die Container automatisch bereitstellen und sicherstellen, dass alles gesichert ist. Das update.sh-Skript muss daher ebenfalls als root ausgef\u00fchrt werden. Es kann notwendig sein, den Besitzer und andere Attribute von Dateien zu \u00e4ndern, auf die Sie sonst keinen Zugriff haben. Wir geben die Berechtigungen f\u00fcr jede exponierte Anwendung auf und f\u00fchren einen exponierten Dienst nicht als root aus! Wenn Sie den Docker-Daemon als Nicht-Root-Benutzer steuern, erhalten Sie keine zus\u00e4tzliche Sicherheit. Der unprivilegierte Benutzer wird die Container ebenfalls als root spawnen. Das Verhalten des Stacks ist identisch. $ su # umask 0022 # <- \u00dcberpr\u00fcfen, dass es 0022 ist # cd /opt # git clone https://github.com/mailcow/mailcow-dockerized # cd mailcow-dockerized mailcow Initialisieren \u00b6 Erzeugen Sie eine Konfigurationsdatei. Verwenden Sie einen FQDN ( host.domain.tld ) als Hostname, wenn Sie gefragt werden. ./generate_config.sh \u00c4ndern Sie die Konfiguration, wenn Sie wollen oder m\u00fcssen. nano mailcow.conf Wenn Sie planen, einen Reverse Proxy zu verwenden, k\u00f6nnen Sie zum Beispiel HTTPS an 127.0.0.1 auf Port 8443 und HTTP an 127.0.0.1 auf Port 8080 binden. M\u00f6glicherweise m\u00fcssen Sie einen vorinstallierten MTA stoppen, der Port 25/tcp blockiert. Siehe dieses Kapitel , um zu erfahren, wie man Postfix rekonfiguriert, um nach einer erfolgreichen Installation neben mailcow laufen zu lassen. Einige Updates modifizieren mailcow.conf und f\u00fcgen neue Parameter hinzu. Es ist schwer, in der Dokumentation den \u00dcberblick zu behalten. Bitte \u00fcberpr\u00fcfen Sie deren Beschreibung und fragen Sie, wenn Sie unsicher sind, in den bekannten Kan\u00e4len nach Rat. Problembehandlungen \u00b6 Benutzer mit einer MTU ungleich 1500 (z.B. OpenStack) \u00b6 Wenn Sie auf Probleme und seltsame Ph\u00e4nomene sto\u00dfen, \u00fcberpr\u00fcfen Sie bitte Ihre MTU. Bearbeiten Sie docker-compose.yml und \u00e4ndern Sie die Netzwerkeinstellungen entsprechend Ihrer MTU. F\u00fcgen Sie den neuen Parameter driver_opts wie folgt hinzu: networks: mailcow-network: ... driver_opts: com.docker.network.driver.mtu: 1450 ... Benutzer ohne ein IPv6-aktiviertes Netzwerk auf ihrem Hostsystem \u00b6 Schalten Sie IPv6 bitte nicht ab, auch wenn es Ihnen nicht gef\u00e4llt. IPv6 ist die Zukunft und sollte nicht ignoriert werden. Sollten Sie jedoch kein IPv6-f\u00e4higes Netzwerk auf Ihrem Host haben und Sie sich nicht um ein besseres Internet k\u00fcmmern wollen (hehe), ist es empfehlenswert, IPv6 f\u00fcr das mailcow-Netzwerk zu deaktivieren , um unvorhergesehene Probleme zu vermeiden. mailcow starten \u00b6 Laden Sie die Images herunter und f\u00fchren Sie die Compose-Datei aus. Der Parameter -d wird ihre mailcow dann im Hintergrund starten: docker compose (Plugin) docker-compose (Standalone) docker compose pull docker compose up -d docker-compose pull docker-compose up -d Geschafft! Sie k\u00f6nnen nun auf https://${MAILCOW_HOSTNAME} mit den Standard-Zugangsdaten admin + Passwort moohoo zugreifen. Info Wenn Sie mailcow nicht hinter einem Reverse Proxy verwenden, sollten Sie alle HTTP-Anfragen auf HTTPS umleiten . Die Datenbank wird sofort initialisiert, nachdem eine Verbindung zu MySQL hergestellt werden kann. Ihre Daten bleiben in mehreren Docker-Volumes erhalten, die nicht gel\u00f6scht werden, wenn Sie Container neu erstellen oder l\u00f6schen. F\u00fchren Sie docker volume ls aus, um eine Liste aller Volumes zu sehen. Sie k\u00f6nnen docker compose down sicher ausf\u00fchren, ohne persistente Daten zu entfernen.","title":"Installation"},{"location":"de/i_u_m/i_u_m_install/#docker-und-docker-compose-installation","text":"Sie ben\u00f6tigen Docker (eine Version >= 20.10.2 ist erforderlich) und Docker Compose (eine Version >= 2.0 ist erforderlich). Erfahren Sie, wie Sie Docker und Docker Compose installieren. Schnelle Installation f\u00fcr die meisten Betriebssysteme:","title":"Docker und Docker Compose Installation"},{"location":"de/i_u_m/i_u_m_install/#docker","text":"curl -sSL https://get.docker.com/ | CHANNEL=stable sh # Nachdem der Installationsprozess abgeschlossen ist, m\u00fcssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7) systemctl enable --now docker Bitte verwenden Sie die neueste verf\u00fcgbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.","title":"Docker"},{"location":"de/i_u_m/i_u_m_install/#docker-compose","text":"Achtung mailcow ben\u00f6tigt eine Version von Docker Compose >= v2 . Sollte die Installation von Docker \u00fcber das obenstehende Skript erfolgt sein wird das Docker Compose Plugin bereits automatisch in einer Version >=2.0 installiert. Ist die mailcow Installation \u00e4lter oder Docker wurde auf einem anderen Weg installiert, muss das Compose Plugin bzw. die Standalone Version von Docker manuell installiert werden.","title":"docker compose"},{"location":"de/i_u_m/i_u_m_install/#installation-via-paketmanager-plugin","text":"Hinweis Diese Vorgehensweise mit den Paketquellen ist nur dann m\u00f6glich, wenn das Docker Repository eingebunden wurde. Dies kann entweder durch die Anleitung oben (siehe Docker ) oder durch eine manuelle Einbindung passieren. Auf Debian/Ubuntu Systemen: apt update apt install docker-compose-plugin Auf Centos 7 Systemen: yum update yum install docker-compose-plugin Achtung Die Syntax der Docker Compose Befehle lautet docker compose bei der Plugin Variante von Docker Compose!!","title":"Installation via Paketmanager (Plugin)"},{"location":"de/i_u_m/i_u_m_install/#installation-via-script-standalone","text":"Hinweis Diese Installation ist die alt bekannte Weise. Sie installiert Docker Compose als Standalone Programm und ist nicht auf die Art und weise der Docker Installation angewiesen. LATEST=$(curl -Ls -w %{url_effective} -o /dev/null https://github.com/docker/compose/releases/latest) && LATEST=${LATEST##*/} && curl -L https://github.com/docker/compose/releases/download/$LATEST/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Achtung Die Syntax der Docker Compose Befehle lautet docker-compose bei der Standalone Variante von Docker Compose!!","title":"Installation via Script (Standalone)"},{"location":"de/i_u_m/i_u_m_install/#selinux-besonderheiten-prufen","text":"Auf SELinux-aktivierten Systemen, z.B. CentOS 7: Pr\u00fcfen Sie, ob das Paket \"container-selinux\" auf Ihrem System vorhanden ist: rpm -qa | grep container-selinux Wenn der obige Befehl eine leere oder keine Ausgabe liefert, sollten Sie es \u00fcber Ihren Paketmanager installieren. Pr\u00fcfen Sie, ob Docker SELinux-Unterst\u00fctzung aktiviert hat: docker info | grep selinux Wenn der obige Befehl eine leere oder keine Ausgabe liefert, erstellen oder bearbeiten Sie /etc/docker/daemon.json und f\u00fcgen Sie \"selinux-enabled\": true hinzu. Beispielhafter Inhalt der Datei: { \"selinux-enabled\": true } Starten Sie den Docker-Daemon neu und \u00fcberpr\u00fcfen Sie, ob SELinux nun aktiviert ist. Dieser Schritt ist erforderlich, um sicherzustellen, dass die mailcows-Volumes richtig gekennzeichnet sind, wie in der Compose-Datei angegeben. Wenn Sie daran interessiert sind, wie das funktioniert, k\u00f6nnen Sie sich die Readme-Datei von https://github.com/containers/container-selinux ansehen, die auf viele n\u00fctzliche Informationen zu diesem Thema verweist.","title":"SELinux Besonderheiten pr\u00fcfen"},{"location":"de/i_u_m/i_u_m_install/#mailcow-installieren","text":"Klonen Sie den Master-Zweig des Repositorys und stellen Sie sicher, dass Ihre umask gleich 0022 ist. Bitte klonen Sie das Repository als root-Benutzer und kontrollieren Sie auch den Stack als root. Wir werden die Attribute - wenn n\u00f6tig - \u00e4ndern, w\u00e4hrend wir die Container automatisch bereitstellen und sicherstellen, dass alles gesichert ist. Das update.sh-Skript muss daher ebenfalls als root ausgef\u00fchrt werden. Es kann notwendig sein, den Besitzer und andere Attribute von Dateien zu \u00e4ndern, auf die Sie sonst keinen Zugriff haben. Wir geben die Berechtigungen f\u00fcr jede exponierte Anwendung auf und f\u00fchren einen exponierten Dienst nicht als root aus! Wenn Sie den Docker-Daemon als Nicht-Root-Benutzer steuern, erhalten Sie keine zus\u00e4tzliche Sicherheit. Der unprivilegierte Benutzer wird die Container ebenfalls als root spawnen. Das Verhalten des Stacks ist identisch. $ su # umask 0022 # <- \u00dcberpr\u00fcfen, dass es 0022 ist # cd /opt # git clone https://github.com/mailcow/mailcow-dockerized # cd mailcow-dockerized","title":"mailcow Installieren"},{"location":"de/i_u_m/i_u_m_install/#mailcow-initialisieren","text":"Erzeugen Sie eine Konfigurationsdatei. Verwenden Sie einen FQDN ( host.domain.tld ) als Hostname, wenn Sie gefragt werden. ./generate_config.sh \u00c4ndern Sie die Konfiguration, wenn Sie wollen oder m\u00fcssen. nano mailcow.conf Wenn Sie planen, einen Reverse Proxy zu verwenden, k\u00f6nnen Sie zum Beispiel HTTPS an 127.0.0.1 auf Port 8443 und HTTP an 127.0.0.1 auf Port 8080 binden. M\u00f6glicherweise m\u00fcssen Sie einen vorinstallierten MTA stoppen, der Port 25/tcp blockiert. Siehe dieses Kapitel , um zu erfahren, wie man Postfix rekonfiguriert, um nach einer erfolgreichen Installation neben mailcow laufen zu lassen. Einige Updates modifizieren mailcow.conf und f\u00fcgen neue Parameter hinzu. Es ist schwer, in der Dokumentation den \u00dcberblick zu behalten. Bitte \u00fcberpr\u00fcfen Sie deren Beschreibung und fragen Sie, wenn Sie unsicher sind, in den bekannten Kan\u00e4len nach Rat.","title":"mailcow Initialisieren"},{"location":"de/i_u_m/i_u_m_install/#problembehandlungen","text":"","title":"Problembehandlungen"},{"location":"de/i_u_m/i_u_m_install/#benutzer-mit-einer-mtu-ungleich-1500-zb-openstack","text":"Wenn Sie auf Probleme und seltsame Ph\u00e4nomene sto\u00dfen, \u00fcberpr\u00fcfen Sie bitte Ihre MTU. Bearbeiten Sie docker-compose.yml und \u00e4ndern Sie die Netzwerkeinstellungen entsprechend Ihrer MTU. F\u00fcgen Sie den neuen Parameter driver_opts wie folgt hinzu: networks: mailcow-network: ... driver_opts: com.docker.network.driver.mtu: 1450 ...","title":"Benutzer mit einer MTU ungleich 1500 (z.B. OpenStack)"},{"location":"de/i_u_m/i_u_m_install/#benutzer-ohne-ein-ipv6-aktiviertes-netzwerk-auf-ihrem-hostsystem","text":"Schalten Sie IPv6 bitte nicht ab, auch wenn es Ihnen nicht gef\u00e4llt. IPv6 ist die Zukunft und sollte nicht ignoriert werden. Sollten Sie jedoch kein IPv6-f\u00e4higes Netzwerk auf Ihrem Host haben und Sie sich nicht um ein besseres Internet k\u00fcmmern wollen (hehe), ist es empfehlenswert, IPv6 f\u00fcr das mailcow-Netzwerk zu deaktivieren , um unvorhergesehene Probleme zu vermeiden.","title":"Benutzer ohne ein IPv6-aktiviertes Netzwerk auf ihrem Hostsystem"},{"location":"de/i_u_m/i_u_m_install/#mailcow-starten","text":"Laden Sie die Images herunter und f\u00fchren Sie die Compose-Datei aus. Der Parameter -d wird ihre mailcow dann im Hintergrund starten: docker compose (Plugin) docker-compose (Standalone) docker compose pull docker compose up -d docker-compose pull docker-compose up -d Geschafft! Sie k\u00f6nnen nun auf https://${MAILCOW_HOSTNAME} mit den Standard-Zugangsdaten admin + Passwort moohoo zugreifen. Info Wenn Sie mailcow nicht hinter einem Reverse Proxy verwenden, sollten Sie alle HTTP-Anfragen auf HTTPS umleiten . Die Datenbank wird sofort initialisiert, nachdem eine Verbindung zu MySQL hergestellt werden kann. Ihre Daten bleiben in mehreren Docker-Volumes erhalten, die nicht gel\u00f6scht werden, wenn Sie Container neu erstellen oder l\u00f6schen. F\u00fchren Sie docker volume ls aus, um eine Liste aller Volumes zu sehen. Sie k\u00f6nnen docker compose down sicher ausf\u00fchren, ohne persistente Daten zu entfernen.","title":"mailcow starten"},{"location":"de/i_u_m/i_u_m_migration/","text":"Warning Diese Anleitung geht davon aus, dass Sie beabsichtigen, einen bestehenden Mailcow-Server (Quelle) auf einen brandneuen, leeren Server (Ziel) zu migrieren. Sie k\u00fcmmert sich nicht um die Erhaltung bestehender Daten auf dem Zielserver und l\u00f6scht alles innerhalb von /var/lib/docker/volumes und somit alle Docker-Volumes, die Sie bereits eingerichtet haben. Tip Alternativ k\u00f6nnen Sie das Skript ./helper-scripts/backup_and_restore.sh verwenden, um ein vollst\u00e4ndiges Backup auf der Quellmaschine zu erstellen, dann installieren Sie mailcow auf der Zielmaschine wie gewohnt, kopieren Sie Ihre mailcow.conf und verwenden Sie das gleiche Skript, um Ihr Backup auf der Zielmaschine wiederherzustellen. 1. Befolgen Sie die Installationsanleitung von Docker und Compose. 2. Stoppen Sie Docker und stellen Sie sicher, dass Docker gestoppt wurde: systemctl stop docker.service systemctl status docker.service 3. F\u00fchren Sie die folgenden Befehle auf dem Quellcomputer aus (achten Sie darauf, die abschlie\u00dfenden Schr\u00e4gstriche im ersten Pfadparameter wie unten gezeigt hinzuzuf\u00fcgen!) - WARNUNG: Dieser Befehl l\u00f6scht alles, was bereits unter /var/lib/docker/volumes auf dem Zielrechner existiert : rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes 4. Schalten Sie mailcow ab und stoppen Sie Docker auf dem Quellrechner. docker compose (Plugin) docker-compose (Standalone) cd /opt/mailcow-dockerized docker compose down systemctl stop docker.service cd /opt/mailcow-dockerized docker-compose down systemctl stop docker.service **Wiederholen Sie Schritt 3 mit denselben Befehlen. Dies wird viel schneller gehen als beim ersten Mal. 6. Wechseln Sie auf den Zielrechner und starten Sie Docker. systemctl start docker.service 7. Ziehen Sie nun die mailcow Docker-Images auf den Zielrechner. docker compose (Plugin) docker-compose (Standalone) cd /opt/mailcow-dockerized docker compose pull cd /opt/mailcow-dockerized docker-compose pull 8. Starten Sie den gesamten mailcow-Stack und alles sollte fertig sein! docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker compose up -d 9. Zum Schluss \u00e4ndern Sie Ihre DNS-Einstellungen so, dass sie auf den Zielserver zeigen.","title":"Migration"},{"location":"de/i_u_m/i_u_m_update/","text":"mailcow automatisch Updaten \u00b6 Ein Update-Skript in Ihrem mailcow-dockerized Verzeichnis k\u00fcmmert sich um Updates. Aber benutzen Sie es mit Bedacht! Wenn Sie denken, dass Sie viele \u00c4nderungen am mailcow-Code vorgenommen haben, sollten Sie die manuelle Update-Anleitung unten verwenden. F\u00fchren sie das Update-Skript aus: ./update.sh Wenn es n\u00f6tig ist, wird es Sie fragen, wie Sie fortfahren m\u00f6chten. Merge-Fehler werden gemeldet. Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow-dockerized repository code). Optionen \u00b6 # Optionen k\u00f6nnen kombiniert werden # - Pr\u00fcft auf Updates und zeigt \u00c4nderungen an ./update.sh --check # - Starten Sie mailcow nicht, nachdem Sie ein Update durchgef\u00fchrt haben ./update.sh --skip-start # - \u00dcberspringt den ICMP Check auf die \u00f6ffentlichen DNS Resolver (Bitte nur nutzen, wenn keinerlei ICMP Verbindungen von und zur mailcow erlaubt sind) ./update.sh --skip-ping-check # - Wechselt die Update Quellen der mailcow auf nightly (unstabile) Inhalte. NUR ZUM TESTEN VERWENDEN!! KEIN PRODUKTIV BETRIEB!!! ./update.sh --nightly # - Wechselt die Update Quellen der mailcow auf stable (stabile) Inhalte (standard). ./update.sh --stable # - Erzwinge Update (unbeaufsichtigt, aber nicht unterst\u00fctzt, Benutzung auf eigenes Risiko) ./update.sh --force # - Garbage Collector ausf\u00fchren, um alte Image-Tags zu bereinigen und beenden ./update.sh --gc # - Update mit der Merge-Strategie-Option \"ours\" statt \"theirs\" # Dies wird **Konflikte** beim Zusammenf\u00fchren zugunsten Ihrer lokalen \u00c4nderungen l\u00f6sen und sollte vermieden werden. Lokale \u00c4nderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY ge\u00e4ndert. ./update.sh --ours # - Nicht aktualisieren, nur holen von Docker Images ./update.sh --prefetch Ich habe vergessen, was ich vor dem Ausf\u00fchren von update.sh ge\u00e4ndert habe. \u00b6 Siehe git log --pretty=oneline | grep -i \"before update\" , Sie werden eine Ausgabe \u00e4hnlich dieser haben: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 F\u00fchren Sie git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab aus, um zu sehen, was sich ge\u00e4ndert hat. Kann ich ein Rollback durchf\u00fchren? \u00b6 Ja. Siehe das obige Thema, anstelle eines Diffs f\u00fchren Sie checkout aus: docker compose (Plugin) docker-compose (Standalone) docker compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker compose pull docker compose up -d docker-compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d Hooks \u00b6 Sie k\u00f6nnen sich in den Update-Mechanismus einklinken, indem Sie Skripte namens pre_commit_hook.sh und post_commit_hook.sh zu Ihrem mailcows-Root-Verzeichnis hinzuf\u00fcgen. Siehe hier f\u00fcr weitere Details. Update-Zyklus \u00b6 Wir planen an jedem ersten Dienstag eines Monats ein neues Hauptupdate zu ver\u00f6ffentlichen. Die Updates sind wie folgt nummeriert: JJJJ-MM (Beispiel: 2022-05 ). Fehlerkorrekturen eines Hauptupdates werden bei uns als \"Revisionen\" wie a,b,c (Beispiele: 2022-05a , 2022-05b usw.) erscheinen. Update-Varianten \u00b6 stable (stabile Updates) : Diese Updates sind f\u00fcr den Produktivbetrieb geeignet. Sie erscheinen in einem Zyklus von mindest 1x im Monat. nightly (instabile Updates) : Diese Updates sind NICHT f\u00fcr den Produktivbetrieb geeignet und dienen lediglich dem Testen. Die nightly Updates sind den stabilen Updates vorraus, da in diesen neue und auch umfangreichere Funktionen getestet werden bevor diese f\u00fcr alle User Live gehen. NEU: Nightly Updates beziehen \u00b6 Infos zu den Nightly Updates \u00b6 Seit dem 2022-08 Update gibt es die M\u00f6glichkeit die Update quellen zu \u00e4ndern. Bisher diente der master Branch auf GitHub als einzige (offizieller) Update Quelle. Mit dem August 2022 Update gibt es aber nun noch den Nightly Branch welcher instabile und gr\u00f6\u00dfere \u00c4nderungen zum testen und Feedback geben enth\u00e4lt. Dabei bekommt der Nightly Branch immer dann neue Updates, wenn irgendetwas am mailcow Projekt fertig gemacht wurde was in die neue Hauptversion reinkommt. Neben den offensichtlichen neuerungen welche sowieso im n\u00e4chsten Major Update enthalten sein werden enth\u00e4lt er ebenfalls erstmal exklusive Features welche eine l\u00e4ngere Testzeit brauchen (bspw. das UI Update auf Bootstrap 5). Wie bekomme ich Nightly Updates? \u00b6 Der Vorgang ist relativ simpel. Mit dem 2022-08 Update (ein Update auf die Version voraussgesetzt) ist es m\u00f6glich die update.sh mit dem Parameter --nightly zu starten. Achtung Bitte machen Sie vorher ein Backup oder folgen Sie dem Abschnitt Best Practice Nightly Update bevor Sie auf die Nightly Builds von mailcow wechseln. Wir sind f\u00fcr keinerlei Datenverluste/korruptionen verantwortlich, also arbeiten Sie mit bedacht! Das Skript wird nun den Branch wechseln mit git checkout nightly d.h. es wird auch wieder nach den IPv6 Einstellungen fragen. Das ist aber normal. Sollte alles problemlos geklappt haben (wof\u00fcr wir ja auch vorsichtshalber ein Backup vorher gemacht haben) sollte nun in der mailcow UI unten rechts die aktuelle Versionsnummer samt Datumsstempel abgebildet sein: Best Practice Nightly Update \u00b6 Info Wir empfehlen die Benutzung des Nightly Updates nur dann, wenn Ihr eine weitere Maschine oder VM besitzt und diese NICHT Produktiv nutzt. Das Cold-Standby Skript nutzen um die Maschine vor dem Schwenk auf die Nightly Builds auf ein anderes System zu kopieren. Das update.sh Skript auf der neuen Maschine mit dem Parameter --nightly ausf\u00fchren und best\u00e4tigen. Die Nightly Updates auf der sekund\u00e4ren Maschine erleben/testen.","title":"Update"},{"location":"de/i_u_m/i_u_m_update/#mailcow-automatisch-updaten","text":"Ein Update-Skript in Ihrem mailcow-dockerized Verzeichnis k\u00fcmmert sich um Updates. Aber benutzen Sie es mit Bedacht! Wenn Sie denken, dass Sie viele \u00c4nderungen am mailcow-Code vorgenommen haben, sollten Sie die manuelle Update-Anleitung unten verwenden. F\u00fchren sie das Update-Skript aus: ./update.sh Wenn es n\u00f6tig ist, wird es Sie fragen, wie Sie fortfahren m\u00f6chten. Merge-Fehler werden gemeldet. Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow-dockerized repository code).","title":"mailcow automatisch Updaten"},{"location":"de/i_u_m/i_u_m_update/#optionen","text":"# Optionen k\u00f6nnen kombiniert werden # - Pr\u00fcft auf Updates und zeigt \u00c4nderungen an ./update.sh --check # - Starten Sie mailcow nicht, nachdem Sie ein Update durchgef\u00fchrt haben ./update.sh --skip-start # - \u00dcberspringt den ICMP Check auf die \u00f6ffentlichen DNS Resolver (Bitte nur nutzen, wenn keinerlei ICMP Verbindungen von und zur mailcow erlaubt sind) ./update.sh --skip-ping-check # - Wechselt die Update Quellen der mailcow auf nightly (unstabile) Inhalte. NUR ZUM TESTEN VERWENDEN!! KEIN PRODUKTIV BETRIEB!!! ./update.sh --nightly # - Wechselt die Update Quellen der mailcow auf stable (stabile) Inhalte (standard). ./update.sh --stable # - Erzwinge Update (unbeaufsichtigt, aber nicht unterst\u00fctzt, Benutzung auf eigenes Risiko) ./update.sh --force # - Garbage Collector ausf\u00fchren, um alte Image-Tags zu bereinigen und beenden ./update.sh --gc # - Update mit der Merge-Strategie-Option \"ours\" statt \"theirs\" # Dies wird **Konflikte** beim Zusammenf\u00fchren zugunsten Ihrer lokalen \u00c4nderungen l\u00f6sen und sollte vermieden werden. Lokale \u00c4nderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY ge\u00e4ndert. ./update.sh --ours # - Nicht aktualisieren, nur holen von Docker Images ./update.sh --prefetch","title":"Optionen"},{"location":"de/i_u_m/i_u_m_update/#ich-habe-vergessen-was-ich-vor-dem-ausfuhren-von-updatesh-geandert-habe","text":"Siehe git log --pretty=oneline | grep -i \"before update\" , Sie werden eine Ausgabe \u00e4hnlich dieser haben: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 F\u00fchren Sie git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab aus, um zu sehen, was sich ge\u00e4ndert hat.","title":"Ich habe vergessen, was ich vor dem Ausf\u00fchren von update.sh ge\u00e4ndert habe."},{"location":"de/i_u_m/i_u_m_update/#kann-ich-ein-rollback-durchfuhren","text":"Ja. Siehe das obige Thema, anstelle eines Diffs f\u00fchren Sie checkout aus: docker compose (Plugin) docker-compose (Standalone) docker compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker compose pull docker compose up -d docker-compose down # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d","title":"Kann ich ein Rollback durchf\u00fchren?"},{"location":"de/i_u_m/i_u_m_update/#hooks","text":"Sie k\u00f6nnen sich in den Update-Mechanismus einklinken, indem Sie Skripte namens pre_commit_hook.sh und post_commit_hook.sh zu Ihrem mailcows-Root-Verzeichnis hinzuf\u00fcgen. Siehe hier f\u00fcr weitere Details.","title":"Hooks"},{"location":"de/i_u_m/i_u_m_update/#update-zyklus","text":"Wir planen an jedem ersten Dienstag eines Monats ein neues Hauptupdate zu ver\u00f6ffentlichen. Die Updates sind wie folgt nummeriert: JJJJ-MM (Beispiel: 2022-05 ). Fehlerkorrekturen eines Hauptupdates werden bei uns als \"Revisionen\" wie a,b,c (Beispiele: 2022-05a , 2022-05b usw.) erscheinen.","title":"Update-Zyklus"},{"location":"de/i_u_m/i_u_m_update/#update-varianten","text":"stable (stabile Updates) : Diese Updates sind f\u00fcr den Produktivbetrieb geeignet. Sie erscheinen in einem Zyklus von mindest 1x im Monat. nightly (instabile Updates) : Diese Updates sind NICHT f\u00fcr den Produktivbetrieb geeignet und dienen lediglich dem Testen. Die nightly Updates sind den stabilen Updates vorraus, da in diesen neue und auch umfangreichere Funktionen getestet werden bevor diese f\u00fcr alle User Live gehen.","title":"Update-Varianten"},{"location":"de/i_u_m/i_u_m_update/#neu-nightly-updates-beziehen","text":"","title":"NEU: Nightly Updates beziehen"},{"location":"de/i_u_m/i_u_m_update/#infos-zu-den-nightly-updates","text":"Seit dem 2022-08 Update gibt es die M\u00f6glichkeit die Update quellen zu \u00e4ndern. Bisher diente der master Branch auf GitHub als einzige (offizieller) Update Quelle. Mit dem August 2022 Update gibt es aber nun noch den Nightly Branch welcher instabile und gr\u00f6\u00dfere \u00c4nderungen zum testen und Feedback geben enth\u00e4lt. Dabei bekommt der Nightly Branch immer dann neue Updates, wenn irgendetwas am mailcow Projekt fertig gemacht wurde was in die neue Hauptversion reinkommt. Neben den offensichtlichen neuerungen welche sowieso im n\u00e4chsten Major Update enthalten sein werden enth\u00e4lt er ebenfalls erstmal exklusive Features welche eine l\u00e4ngere Testzeit brauchen (bspw. das UI Update auf Bootstrap 5).","title":"Infos zu den Nightly Updates"},{"location":"de/i_u_m/i_u_m_update/#wie-bekomme-ich-nightly-updates","text":"Der Vorgang ist relativ simpel. Mit dem 2022-08 Update (ein Update auf die Version voraussgesetzt) ist es m\u00f6glich die update.sh mit dem Parameter --nightly zu starten. Achtung Bitte machen Sie vorher ein Backup oder folgen Sie dem Abschnitt Best Practice Nightly Update bevor Sie auf die Nightly Builds von mailcow wechseln. Wir sind f\u00fcr keinerlei Datenverluste/korruptionen verantwortlich, also arbeiten Sie mit bedacht! Das Skript wird nun den Branch wechseln mit git checkout nightly d.h. es wird auch wieder nach den IPv6 Einstellungen fragen. Das ist aber normal. Sollte alles problemlos geklappt haben (wof\u00fcr wir ja auch vorsichtshalber ein Backup vorher gemacht haben) sollte nun in der mailcow UI unten rechts die aktuelle Versionsnummer samt Datumsstempel abgebildet sein:","title":"Wie bekomme ich Nightly Updates?"},{"location":"de/i_u_m/i_u_m_update/#best-practice-nightly-update","text":"Info Wir empfehlen die Benutzung des Nightly Updates nur dann, wenn Ihr eine weitere Maschine oder VM besitzt und diese NICHT Produktiv nutzt. Das Cold-Standby Skript nutzen um die Maschine vor dem Schwenk auf die Nightly Builds auf ein anderes System zu kopieren. Das update.sh Skript auf der neuen Maschine mit dem Parameter --nightly ausf\u00fchren und best\u00e4tigen. Die Nightly Updates auf der sekund\u00e4ren Maschine erleben/testen.","title":"Best Practice Nightly Update"},{"location":"de/manual-guides/u_e-80_to_443/","text":"Seit dem 28. Februar 2017 wird mailcow mit aktivierten Ports 80 und 443 geliefert. Verwenden Sie die untenstehende Konfiguration nicht f\u00fcr Reverse-Proxy-Setups , bitte lesen Sie dazu unsere Reverse-Proxy-Anleitung , die einen Redirect von HTTP zu HTTPS beinhaltet. \u00d6ffne mailcow.conf und setze HTTP_BIND= - falls nicht bereits gesetzt. Erstellen Sie eine neue Datei data/conf/nginx/redirect.conf und f\u00fcgen Sie die folgende Serverkonfiguration in die Datei ein: server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; if ( $request_uri ~* \"%0A|%0D\" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://$host$uri$is_args$args; } } Falls Sie den Parameter HTTP_BIND ge\u00e4ndert haben, erstellen Sie den Container neu: docker compose up -d Andernfalls starten Sie Nginx neu: docker compose restart nginx-mailcow","title":"HTTP auf HTTPS umleiten"},{"location":"de/manual-guides/u_e-autodiscover_config/","text":"Sie brauchen diese Datei nicht zu \u00e4ndern oder zu erstellen, autodiscover funktioniert sofort . Diese Anleitung ist nur f\u00fcr Anpassungen des Autodiscover- oder Autokonfigurationsprozesses gedacht. Neuere Outlook-Clients (insbesondere solche, die mit O365 ausgeliefert werden) f\u00fchren keine automatische Erkennung von E-Mail-Profilen durch. Denken Sie daran, dass ActiveSync NICHT mit einem Desktop-Client verwendet werden sollte. \u00d6ffnen/erstellen Sie data/web/inc/vars.local.inc.php und f\u00fcgen Sie Ihre \u00c4nderungen in das Konfigurationsfeld ein. Die \u00c4nderungen werden mit \"$autodiscover_config\" in data/web/inc/vars.inc.php zusammengef\u00fchrt): 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync 'useEASforOutlook' => 'yes', // Please don't use STARTTLS-enabled service ports in the \"port\" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the \"tlsport\" variable. 'imap' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), 'pop3' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('POPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), 'smtp' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), 'activesync' => array( 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), 'caldav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), 'carddav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), ); Um immer IMAP und SMTP anstelle von EAS zu verwenden, setzen Sie 'autodiscoverType' => 'imap' . Deaktivieren Sie ActiveSync f\u00fcr Outlook-Desktop-Clients, indem Sie \"useEASforOutlook\" auf \"no\" setzen.","title":"Autodiscover / Autoconfig"},{"location":"de/manual-guides/u_e-reeanble-weak-protocols/","text":"Am 12. Februar 2020 haben wir die veralteten Protokolle TLS 1.0 und 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) und Postfix (SMTPS, SUBMISSION) deaktiviert. Unauthentifizierte Mails \u00fcber SMTP an Port 25/tcp akzeptieren weiterhin >= TLS 1.0 . Es ist besser, eine schwache Verschl\u00fcsselung zu akzeptieren als gar keine. Wie kann man schwache Protokolle wieder aktivieren? Bearbeiten Sie data/conf/postfix/extra.cf : submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 Bearbeiten Sie data/conf/dovecot/extra.conf : ssl_min_protocol = TLSv1 Starten Sie die betroffenen Dienste neu: docker compose restart postfix-mailcow dovecot-mailcow Tipp: Sie k\u00f6nnen TLS 1.2 in Windows 7 aktivieren.","title":"TLS 1.0 und TLS 1.1 wieder aktivieren"},{"location":"de/manual-guides/u_e-update-hooks/","text":"Es ist m\u00f6glich, Pre- und Post-Update-Hooks zum update.sh Skript hinzuzuf\u00fcgen, das Ihre gesamte mailcow-Installation aktualisiert. Um dies zu tun, f\u00fcgen Sie einfach das entsprechende Bash-Skript in Ihr Mailcow-Root-Verzeichnis ein: pre_update_hook.sh f\u00fcr Befehle, die vor dem Update laufen sollen post_update_hook.sh f\u00fcr Befehle, die nach dem Update ausgef\u00fchrt werden sollen Beachten Sie, dass pre_update_hook.sh jedes Mal ausgef\u00fchrt wird, wenn Sie update.sh aufrufen, und post_update_hook.sh wird nur ausgef\u00fchrt, wenn die Aktualisierung erfolgreich war und das Skript nicht erneut ausgef\u00fchrt werden muss. Die Skripte werden von der Bash ausgef\u00fchrt, ein Interpreter (z.B. #!/bin/bash ) sowie ein Execute Permission Flag (\"+x\") sind nicht erforderlich.","title":"Skripte vor und nach Aktualisierungen ausf\u00fchren"},{"location":"de/manual-guides/u_e-why_unbound/","text":"F\u00fcr DNS-Blacklist-Lookups und DNSSEC. Die meisten Systeme verwenden entweder einen \u00f6ffentlichen oder einen lokalen DNS-Aufl\u00f6ser mit Zwischenspeicher. Das ist eine sehr schlechte Idee, wenn es darum geht, Spam mit DNS-basierten Blackhole-Listen (DNSBL) oder \u00e4hnlichen Techniken zu filtern. Die meisten, wenn nicht alle Anbieter wenden eine Ratenbegrenzung an, die auf dem DNS-Resolver basiert, der f\u00fcr die Abfrage ihres Dienstes verwendet wird. Wenn Sie einen \u00f6ffentlichen Resolver wie Google 4x8, OpenDNS oder einen anderen gemeinsam genutzten DNS-Resolver wie den Ihres Internetanbieters verwenden, werden Sie diese Grenze sehr bald erreichen.","title":"Warum unbound?"},{"location":"de/manual-guides/ClamAV/u_e-clamav-additional_dbs/","text":"Weitere Datenbanken f\u00fcr ClamAV \u00b6 Die Standard ClamAV Datenbanken haben keine hohe Trefferquote, k\u00f6nnen aber durch kostenlose und kostenpflichtige Datenbanken erweitert werden. Liste von bekannten (kostenfreien) Datenbanken | Stand April 2022 \u00b6 SecurityInfo - kostenlose ClamAV DBs f\u00fcr Testzwecke. Registrierung der IP Adresse des Servers erforderlich (dann nutzbar f\u00fcr besagte IP). InterServer - kostenlose ClamAV DBs. F\u00fcr E-Mail Zwecke eher ungeeignet. SecuriteInfo Datenbank aktivieren \u00b6 Kostenfreien Account auf https://www.securiteinfo.com/clients/customers/signup erstellen. Sie erhalten eine E-Mail um Ihren Account zu aktivieren gefolgt von einer E-Mail mit Ihrem Login Namen. Loggen Sie sich ein und navigieren Sie zu Ihrem Account https://www.securiteinfo.com/clients/customers/account Klicken Sie auf den 'Setup' Reiter. Sie brauchen your_id von den Downloadlinks. Diese sind pro User individuell . F\u00fcgen Sie diese wie folgt in die data/conf/clamav/freshclam.conf ein und ersetzen Sie den your_id Teil mit Ihrer ID: DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb Bei den kostenlosen SecuriteInfo Datenbanken ist die Download-Geschwindigkeit auf 300 kB/s begrenzt. \u00c4ndern Sie in data/conf/clamav/freshclam.conf den Standardwert ReceiveTimeout 20 auf ReceiveTimeout 90 (Zeitangabe in Sekunden), da ansonsten einige der Datenbank-Downloads aufgrund ihrer Gr\u00f6\u00dfe abbrechen k\u00f6nnen. Passen Sie data/conf/clamav/clamd.conf mit den folgenden Einstellungen an: DetectPUA yes ExcludePUA PUA.Win.Packer ExcludePUA PUA.Win.Trojan.Packed ExcludePUA PUA.Win.Trojan.Molebox ExcludePUA PUA.Win.Packer.Upx ExcludePUA PUA.Doc.Packed MaxScanSize 150M MaxFileSize 100M MaxRecursion 40 MaxEmbeddedPE 100M MaxHTMLNormalize 50M MaxScriptNormalize 50M MaxZipTypeRcg 50M Starten Sie den ClamAV Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Bitte beachten Sie : Sie k\u00f6nnen ExcludePUA und IncludePUA in der clamd.conf nicht gleichzeitig nutzen! Kommentieren Sie bitte IncludePUA aus, sollte es nicht auskommentiert sein. Die Liste der Datenbanken genutzt in diesem Beispiel sollten f\u00fcr die meisten F\u00e4lle passen. SecuriteInfo bietet jedoch noch andere Datenbanken an. Bitte schauen Sie sich das SecuriteInfo FAQ f\u00fcr weitere Informationen an. Mit den neu eingestellten Datenbanken (und den Standard Datenbanken) ClamAV verbraucht ClamAV etwa 1,3 GB RAM des Servers. Sollten Sie message_size_limit in Postfix ver\u00e4ndert haben m\u00fcssen Sie die MaxSize Einstellung in ClamAV auf den selben Wert eintragen. InterServer Datenbanken aktivieren \u00b6 F\u00fcgen Sie folgendes in data/conf/clamav/freshclam.conf ein: DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb DatabaseCustomURL http://sigs.interserver.net/interservertopline.db DatabaseCustomURL http://sigs.interserver.net/shell.ldb DatabaseCustomURL http://sigs.interserver.net/whitelist.fp Starten Sie den ClamAV Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow","title":"Weitere Datenbanken"},{"location":"de/manual-guides/ClamAV/u_e-clamav-additional_dbs/#weitere-datenbanken-fur-clamav","text":"Die Standard ClamAV Datenbanken haben keine hohe Trefferquote, k\u00f6nnen aber durch kostenlose und kostenpflichtige Datenbanken erweitert werden.","title":"Weitere Datenbanken f\u00fcr ClamAV"},{"location":"de/manual-guides/ClamAV/u_e-clamav-additional_dbs/#liste-von-bekannten-kostenfreien-datenbanken-stand-april-2022","text":"SecurityInfo - kostenlose ClamAV DBs f\u00fcr Testzwecke. Registrierung der IP Adresse des Servers erforderlich (dann nutzbar f\u00fcr besagte IP). InterServer - kostenlose ClamAV DBs. F\u00fcr E-Mail Zwecke eher ungeeignet.","title":"Liste von bekannten (kostenfreien) Datenbanken | Stand April 2022"},{"location":"de/manual-guides/ClamAV/u_e-clamav-additional_dbs/#securiteinfo-datenbank-aktivieren","text":"Kostenfreien Account auf https://www.securiteinfo.com/clients/customers/signup erstellen. Sie erhalten eine E-Mail um Ihren Account zu aktivieren gefolgt von einer E-Mail mit Ihrem Login Namen. Loggen Sie sich ein und navigieren Sie zu Ihrem Account https://www.securiteinfo.com/clients/customers/account Klicken Sie auf den 'Setup' Reiter. Sie brauchen your_id von den Downloadlinks. Diese sind pro User individuell . F\u00fcgen Sie diese wie folgt in die data/conf/clamav/freshclam.conf ein und ersetzen Sie den your_id Teil mit Ihrer ID: DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb Bei den kostenlosen SecuriteInfo Datenbanken ist die Download-Geschwindigkeit auf 300 kB/s begrenzt. \u00c4ndern Sie in data/conf/clamav/freshclam.conf den Standardwert ReceiveTimeout 20 auf ReceiveTimeout 90 (Zeitangabe in Sekunden), da ansonsten einige der Datenbank-Downloads aufgrund ihrer Gr\u00f6\u00dfe abbrechen k\u00f6nnen. Passen Sie data/conf/clamav/clamd.conf mit den folgenden Einstellungen an: DetectPUA yes ExcludePUA PUA.Win.Packer ExcludePUA PUA.Win.Trojan.Packed ExcludePUA PUA.Win.Trojan.Molebox ExcludePUA PUA.Win.Packer.Upx ExcludePUA PUA.Doc.Packed MaxScanSize 150M MaxFileSize 100M MaxRecursion 40 MaxEmbeddedPE 100M MaxHTMLNormalize 50M MaxScriptNormalize 50M MaxZipTypeRcg 50M Starten Sie den ClamAV Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Bitte beachten Sie : Sie k\u00f6nnen ExcludePUA und IncludePUA in der clamd.conf nicht gleichzeitig nutzen! Kommentieren Sie bitte IncludePUA aus, sollte es nicht auskommentiert sein. Die Liste der Datenbanken genutzt in diesem Beispiel sollten f\u00fcr die meisten F\u00e4lle passen. SecuriteInfo bietet jedoch noch andere Datenbanken an. Bitte schauen Sie sich das SecuriteInfo FAQ f\u00fcr weitere Informationen an. Mit den neu eingestellten Datenbanken (und den Standard Datenbanken) ClamAV verbraucht ClamAV etwa 1,3 GB RAM des Servers. Sollten Sie message_size_limit in Postfix ver\u00e4ndert haben m\u00fcssen Sie die MaxSize Einstellung in ClamAV auf den selben Wert eintragen.","title":"SecuriteInfo Datenbank aktivieren"},{"location":"de/manual-guides/ClamAV/u_e-clamav-additional_dbs/#interserver-datenbanken-aktivieren","text":"F\u00fcgen Sie folgendes in data/conf/clamav/freshclam.conf ein: DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb DatabaseCustomURL http://sigs.interserver.net/interservertopline.db DatabaseCustomURL http://sigs.interserver.net/shell.ldb DatabaseCustomURL http://sigs.interserver.net/whitelist.fp Starten Sie den ClamAV Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow","title":"InterServer Datenbanken aktivieren"},{"location":"de/manual-guides/ClamAV/u_e-clamav-whitelist/","text":"Whitelist f\u00fcr bestimmte ClamAV-Signaturen \u00b6 Es kann vorkommen, dass legitime (saubere) Mails von ClamAV blockiert werden (Rspamd markiert die Mail mit VIRUS_FOUND ). So werden beispielsweise interaktive PDF-Formularanh\u00e4nge standardm\u00e4\u00dfig blockiert, da der eingebettete Javascript-Code f\u00fcr sch\u00e4dliche Zwecke verwendet werden k\u00f6nnte. \u00dcberpr\u00fcfen Sie dies anhand der clamd-Protokolle, z.B.: docker compose (Plugin) docker-compose (Standalone) docker compose logs clamd-mailcow | grep \"FOUND\" docker-compose logs clamd-mailcow | grep \"FOUND\" Diese Zeile best\u00e4tigt, dass ein solcher identifiziert wurde: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND Um diese spezielle Signatur auf die Whitelist zu setzen (und den Versand dieses Dateityps im Anhang zu erm\u00f6glichen), f\u00fcgen Sie sie der ClamAV-Signatur-Whitelist-Datei hinzu: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Dann starten Sie den clamd-mailcow Service Container in der mailcow UI oder mit docker compose neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Bereinigen Sie zwischengespeicherte ClamAV-Ergebnisse in Redis: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit","title":"Whitelist"},{"location":"de/manual-guides/ClamAV/u_e-clamav-whitelist/#whitelist-fur-bestimmte-clamav-signaturen","text":"Es kann vorkommen, dass legitime (saubere) Mails von ClamAV blockiert werden (Rspamd markiert die Mail mit VIRUS_FOUND ). So werden beispielsweise interaktive PDF-Formularanh\u00e4nge standardm\u00e4\u00dfig blockiert, da der eingebettete Javascript-Code f\u00fcr sch\u00e4dliche Zwecke verwendet werden k\u00f6nnte. \u00dcberpr\u00fcfen Sie dies anhand der clamd-Protokolle, z.B.: docker compose (Plugin) docker-compose (Standalone) docker compose logs clamd-mailcow | grep \"FOUND\" docker-compose logs clamd-mailcow | grep \"FOUND\" Diese Zeile best\u00e4tigt, dass ein solcher identifiziert wurde: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND Um diese spezielle Signatur auf die Whitelist zu setzen (und den Versand dieses Dateityps im Anhang zu erm\u00f6glichen), f\u00fcgen Sie sie der ClamAV-Signatur-Whitelist-Datei hinzu: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Dann starten Sie den clamd-mailcow Service Container in der mailcow UI oder mit docker compose neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart clamd-mailcow docker-compose restart clamd-mailcow Bereinigen Sie zwischengespeicherte ClamAV-Ergebnisse in Redis: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit","title":"Whitelist f\u00fcr bestimmte ClamAV-Signaturen"},{"location":"de/manual-guides/Docker/u_e-docker-cust_dockerfiles/","text":"Sie m\u00fcssen die Override-Datei mit den entsprechenden Build-Tags in den mailcow: dockerized Root-Ordner (d.h. /opt/mailcow-dockerized ) kopieren: cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml Nehmen Sie Ihre \u00c4nderungen in data/Dockerfiles/$service vor und erstellen Sie das Image lokal: docker build data/Dockerfiles/$service -t mailcow/$service:$tag (Ohne pers\u00f6nlichen :$tag wird automatisch :latest verwendet.) Nun muss dieser gerade erstellte Container in docker-compose.override.yml aktiviert werden, z.B.: $service-mailcow: build: ./data/Dockerfiles/$service image: mailcow/$service:$tag Abschliessend m\u00fcssen die ge\u00e4nderten Container automatisch neu erstellt werden: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Dockerfiles anpassen"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-any_acl/","text":"Am 17. August haben wir die M\u00f6glichkeit, mit \"jedem\" oder \"allen authentifizierten Benutzern\" zu teilen, standardm\u00e4\u00dfig deaktiviert. Diese Funktion kann wieder aktiviert werden, indem ACL_ANYONE auf allow in mailcow.conf gesetzt wird: ACL_ANYONE=allow Wenden Sie die \u00c4nderungen an, indem Sie den Docker Stack neustarten mit: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Aktivierung von \"any\" ACL-Einstellungen"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/","text":"Der Dovecot-Parameter sieve_vacation_dont_check_recipient - der in mailcow-Konfigurationen vor dem 21. Juli 2021 standardm\u00e4\u00dfig auf yes gesetzt war - erlaubt Urlaubsantworten auch dann, wenn eine Mail an nicht existierende Mailboxen wie Catch-All-Adressen gesendet wird. Wir haben uns entschlossen, diesen Parameter wieder auf no zu setzen und dem Benutzer zu erlauben, die Empf\u00e4ngeradresse zu spezifizieren, die eine Urlaubsantwort ausl\u00f6st. Die ausl\u00f6senden Empf\u00e4nger k\u00f6nnen auch in SOGos Autoresponder-Funktion konfiguriert werden.","title":"Urlaubsantworten f\u00fcr Catchall-Adressen"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-expunge/","text":"Wenn Sie alte Mails aus den Ordnern .Junk oder .Trash l\u00f6schen wollen oder vielleicht alle gelesenen Mails, die \u00e4lter als eine bestimmte Zeitspanne sind, k\u00f6nnen Sie das dovecot-Tool doveadm man doveadm-expunge verwenden. Der manuelle Weg \u00b6 Dann wollen wir mal loslegen: L\u00f6schen Sie die Mails eines Benutzers im Junk-Ordner, die gelesen und \u00e4lter als 4 Stunden sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h L\u00f6sche alle Mails des Benutzers im Junk-Ordner, die \u00e4lter als 7 Tage sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d L\u00f6scht alle Mails (aller Benutzer) in allen Ordnern, die \u00e4lter als 52 Wochen sind (internes Datum der Mail, nicht das Datum, an dem sie auf dem System gespeichert wurde => before statt savedbefore ). N\u00fctzlich zum L\u00f6schen sehr alter Mails in allen Benutzern und Ordnern (daher besonders n\u00fctzlich f\u00fcr GDPR-Compliance). docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w L\u00f6schen von Mails in einem benutzerdefinierten Ordner innerhalb des Posteingangs eines Benutzers, die nicht gekennzeichnet und \u00e4lter als 2 Wochen sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info F\u00fcr m\u00f6gliche Zeitspannen oder SearchQuery schauen Sie bitte in man doveadm-search-query Job-Scheduler \u00b6 \u00fcber das Host-System cron \u00b6 Wenn Sie eine solche Aufgabe automatisieren wollen, k\u00f6nnen Sie einen Cron-Job auf Ihrem Rechner erstellen, der ein Skript wie das folgende aufruft: docker compose (Plugin) docker-compose (Standalone) #!/bin/bash # Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized cd /pfad/zu/ihrer/mailcow-dockerized docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] #!/bin/bash # Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized cd /pfad/zu/ihrer/mailcow-dockerized docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] Um einen Cronjob zu erstellen, k\u00f6nnen Sie crontab -e ausf\u00fchren und etwas wie das Folgende einf\u00fcgen, um ein Skript auszuf\u00fchren: # Jeden Tag um 04:00 Uhr morgens ausf\u00fchren. 0 4 * * * /pfad/zu/ihr/expunge_mailboxes.sh \u00fcber Docker Job Scheduler \u00b6 Um dies mit einem Docker-Job-Scheduler zu archivieren, verwenden Sie diese docker-compose.override.yml mit Ihrer Mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" Der Job-Controller braucht nur Zugriff auf den Docker Control Socket, um das Verhalten von \"exec\" zu emulieren. Dann f\u00fcgen wir unserem Dovecot-Container ein paar Labels hinzu, um den Job-Scheduler zu aktivieren und ihm in einem Cron-kompatiblen Scheduling-Format mitzuteilen, wann er laufen soll. Wenn Sie Probleme mit dem Scheduling-String haben, k\u00f6nnen Sie crontab guru verwenden. Diese docker-compose.override.yml l\u00f6scht jeden Tag um 4 Uhr morgens alle Mails, die \u00e4lter als 2 Wochen sind, aus dem Ordner \"Junk\". Um zu sehen, ob alles richtig gelaufen ist, k\u00f6nnen Sie nicht nur in Ihrer Mailbox nachsehen, sondern auch im Docker-Log von Ofelia, ob es etwa so aussieht: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, Wenn der Vorgang fehlgeschlagen ist, wird dies angegeben und die Ausgabe von doveadm im Protokoll aufgef\u00fchrt, um Ihnen die Fehlersuche zu erleichtern. Falls Sie weitere Jobs hinzuf\u00fcgen wollen, stellen Sie sicher, dass Sie den \"dovecot-expunge-trash\"-Teil nach \"ofelia.job-exec.\" in etwas anderes \u00e4ndern, er definiert den Namen des Jobs. Die Syntax der Labels finden Sie unter mcuadros/ofelia .","title":"L\u00f6schen der Mails eines Benutzers"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-expunge/#der-manuelle-weg","text":"Dann wollen wir mal loslegen: L\u00f6schen Sie die Mails eines Benutzers im Junk-Ordner, die gelesen und \u00e4lter als 4 Stunden sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h L\u00f6sche alle Mails des Benutzers im Junk-Ordner, die \u00e4lter als 7 Tage sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d L\u00f6scht alle Mails (aller Benutzer) in allen Ordnern, die \u00e4lter als 52 Wochen sind (internes Datum der Mail, nicht das Datum, an dem sie auf dem System gespeichert wurde => before statt savedbefore ). N\u00fctzlich zum L\u00f6schen sehr alter Mails in allen Benutzern und Ordnern (daher besonders n\u00fctzlich f\u00fcr GDPR-Compliance). docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w L\u00f6schen von Mails in einem benutzerdefinierten Ordner innerhalb des Posteingangs eines Benutzers, die nicht gekennzeichnet und \u00e4lter als 2 Wochen sind docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info F\u00fcr m\u00f6gliche Zeitspannen oder SearchQuery schauen Sie bitte in man doveadm-search-query","title":"Der manuelle Weg"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-expunge/#job-scheduler","text":"","title":"Job-Scheduler"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-expunge/#uber-das-host-system-cron","text":"Wenn Sie eine solche Aufgabe automatisieren wollen, k\u00f6nnen Sie einen Cron-Job auf Ihrem Rechner erstellen, der ein Skript wie das folgende aufruft: docker compose (Plugin) docker-compose (Standalone) #!/bin/bash # Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized cd /pfad/zu/ihrer/mailcow-dockerized docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] #!/bin/bash # Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized cd /pfad/zu/ihrer/mailcow-dockerized docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [ ... ] Um einen Cronjob zu erstellen, k\u00f6nnen Sie crontab -e ausf\u00fchren und etwas wie das Folgende einf\u00fcgen, um ein Skript auszuf\u00fchren: # Jeden Tag um 04:00 Uhr morgens ausf\u00fchren. 0 4 * * * /pfad/zu/ihr/expunge_mailboxes.sh","title":"\u00fcber das Host-System cron"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-expunge/#uber-docker-job-scheduler","text":"Um dies mit einem Docker-Job-Scheduler zu archivieren, verwenden Sie diese docker-compose.override.yml mit Ihrer Mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" Der Job-Controller braucht nur Zugriff auf den Docker Control Socket, um das Verhalten von \"exec\" zu emulieren. Dann f\u00fcgen wir unserem Dovecot-Container ein paar Labels hinzu, um den Job-Scheduler zu aktivieren und ihm in einem Cron-kompatiblen Scheduling-Format mitzuteilen, wann er laufen soll. Wenn Sie Probleme mit dem Scheduling-String haben, k\u00f6nnen Sie crontab guru verwenden. Diese docker-compose.override.yml l\u00f6scht jeden Tag um 4 Uhr morgens alle Mails, die \u00e4lter als 2 Wochen sind, aus dem Ordner \"Junk\". Um zu sehen, ob alles richtig gelaufen ist, k\u00f6nnen Sie nicht nur in Ihrer Mailbox nachsehen, sondern auch im Docker-Log von Ofelia, ob es etwa so aussieht: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, Wenn der Vorgang fehlgeschlagen ist, wird dies angegeben und die Ausgabe von doveadm im Protokoll aufgef\u00fchrt, um Ihnen die Fehlersuche zu erleichtern. Falls Sie weitere Jobs hinzuf\u00fcgen wollen, stellen Sie sicher, dass Sie den \"dovecot-expunge-trash\"-Teil nach \"ofelia.job-exec.\" in etwas anderes \u00e4ndern, er definiert den Namen des Jobs. Die Syntax der Labels finden Sie unter mcuadros/ofelia .","title":"\u00fcber Docker Job Scheduler"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-extra_conf/","text":"Erstellen Sie eine Datei data/conf/dovecot/extra.conf - falls nicht vorhanden - und f\u00fcgen Sie Ihren zus\u00e4tzlichen Inhalt hier ein. Starten Sie dovecot-mailcow neu, um Ihre \u00c4nderungen zu \u00fcbernehmen: docker compose (Plugin) docker-compose (Standalone) docker compose restart dovecot-mailcow docker-compose restart dovecot-mailcow","title":"Anpassen/Erweitern von dovecot.conf"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-fts/","text":"FTS Solr \u00b6 Solr wird f\u00fcr Setups mit Speicher >= 3,5 GiB verwendet, um eine Volltextsuche in Dovecot zu erm\u00f6glichen. Bitte beachten Sie, dass Anwendungen wie Solr vielleicht von Zeit zu Zeit gewartet werden m\u00fcssen. Au\u00dferdem verbraucht Solr eine Menge RAM, abh\u00e4ngig von der Nutzung Ihres Servers. Bitte vermeiden Sie es auf Maschinen mit weniger als 3 GB RAM. Die Standard-Heap-Gr\u00f6\u00dfe (1024 M) ist in mailcow.conf definiert. Da wir in Docker laufen und unsere Container mit dem \"restart: always\" Flag erstellen, wird eine oom Situation zumindest nur einen Neustart des Containers ausl\u00f6sen. FTS-bezogene Dovecot-Befehle \u00b6 docker compose (Plugin) docker-compose (Standalone) # Einzelbenutzer docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain # alle Benutzer docker compose exec dovecot-mailcow doveadm fts rescan -A # Einzelbenutzer docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # alle Benutzer docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scannt, welche Mails im Volltextsuchindex vorhanden sind und vergleicht diese mit den tats\u00e4chlich in den Postf\u00e4chern vorhandenen Mails. Dies entfernt Mails aus dem Index, die bereits gel\u00f6scht wurden und stellt sicher, dass der n\u00e4chste doveadm-Index alle fehlenden Mails (falls vorhanden) indiziert.\" Dies indiziert nicht eine Mailbox neu. Es repariert im Grunde einen gegebenen Index. Wenn Sie die Daten sofort neu indizieren wollen, k\u00f6nnen Sie den folgenden Befehl ausf\u00fchren, wobei '*' auch eine Postfachmaske wie 'Sent' sein kann. Sie m\u00fcssen diese Befehle nicht ausf\u00fchren, aber es wird die Dinge ein wenig beschleunigen: docker compose (Plugin) docker-compose (Standalone) # einzelner Benutzer docker compose exec dovecot-mailcow doveadm index -u user@domain '*' # alle Benutzer, aber offensichtlich langsamer und gef\u00e4hrlicher docker compose exec dovecot-mailcow doveadm index -A '*' # einzelner Benutzer docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # alle Benutzer, aber offensichtlich langsamer und gef\u00e4hrlicher docker-compose exec dovecot-mailcow doveadm index -A '*' Dies wird einige Zeit in Anspruch nehmen, abh\u00e4ngig von Ihrer Maschine und Solr kann oom ausf\u00fchren, \u00fcberwachen Sie es! Da die Neuindizierung sehr sinnvoll ist, haben wir sie nicht in die mailcow UI integriert. Sie m\u00fcssen sich um eventuelle Fehler beim Re-Indizieren einer Mailbox k\u00fcmmern. L\u00f6schen der Mailbox-Daten \u00b6 mailcow wird die Indexdaten eines Benutzers l\u00f6schen, wenn eine Mailbox gel\u00f6scht wird.","title":"FTS (Solr)"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-fts/#fts-solr","text":"Solr wird f\u00fcr Setups mit Speicher >= 3,5 GiB verwendet, um eine Volltextsuche in Dovecot zu erm\u00f6glichen. Bitte beachten Sie, dass Anwendungen wie Solr vielleicht von Zeit zu Zeit gewartet werden m\u00fcssen. Au\u00dferdem verbraucht Solr eine Menge RAM, abh\u00e4ngig von der Nutzung Ihres Servers. Bitte vermeiden Sie es auf Maschinen mit weniger als 3 GB RAM. Die Standard-Heap-Gr\u00f6\u00dfe (1024 M) ist in mailcow.conf definiert. Da wir in Docker laufen und unsere Container mit dem \"restart: always\" Flag erstellen, wird eine oom Situation zumindest nur einen Neustart des Containers ausl\u00f6sen.","title":"FTS Solr"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-fts/#fts-bezogene-dovecot-befehle","text":"docker compose (Plugin) docker-compose (Standalone) # Einzelbenutzer docker compose exec dovecot-mailcow doveadm fts rescan -u user@domain # alle Benutzer docker compose exec dovecot-mailcow doveadm fts rescan -A # Einzelbenutzer docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # alle Benutzer docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scannt, welche Mails im Volltextsuchindex vorhanden sind und vergleicht diese mit den tats\u00e4chlich in den Postf\u00e4chern vorhandenen Mails. Dies entfernt Mails aus dem Index, die bereits gel\u00f6scht wurden und stellt sicher, dass der n\u00e4chste doveadm-Index alle fehlenden Mails (falls vorhanden) indiziert.\" Dies indiziert nicht eine Mailbox neu. Es repariert im Grunde einen gegebenen Index. Wenn Sie die Daten sofort neu indizieren wollen, k\u00f6nnen Sie den folgenden Befehl ausf\u00fchren, wobei '*' auch eine Postfachmaske wie 'Sent' sein kann. Sie m\u00fcssen diese Befehle nicht ausf\u00fchren, aber es wird die Dinge ein wenig beschleunigen: docker compose (Plugin) docker-compose (Standalone) # einzelner Benutzer docker compose exec dovecot-mailcow doveadm index -u user@domain '*' # alle Benutzer, aber offensichtlich langsamer und gef\u00e4hrlicher docker compose exec dovecot-mailcow doveadm index -A '*' # einzelner Benutzer docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # alle Benutzer, aber offensichtlich langsamer und gef\u00e4hrlicher docker-compose exec dovecot-mailcow doveadm index -A '*' Dies wird einige Zeit in Anspruch nehmen, abh\u00e4ngig von Ihrer Maschine und Solr kann oom ausf\u00fchren, \u00fcberwachen Sie es! Da die Neuindizierung sehr sinnvoll ist, haben wir sie nicht in die mailcow UI integriert. Sie m\u00fcssen sich um eventuelle Fehler beim Re-Indizieren einer Mailbox k\u00fcmmern.","title":"FTS-bezogene Dovecot-Befehle"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-fts/#loschen-der-mailbox-daten","text":"mailcow wird die Indexdaten eines Benutzers l\u00f6schen, wenn eine Mailbox gel\u00f6scht wird.","title":"L\u00f6schen der Mailbox-Daten"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/","text":"\u00c4ndern des IMAP-IDLE-Intervalls \u00b6 Was ist das IDLE-Intervall? \u00b6 Standardm\u00e4\u00dfig sendet Dovecot eine \"Ich bin noch da\"-Benachrichtigung an jeden Client, der eine offene Verbindung mit Dovecot hat, um Mails so schnell wie m\u00f6glich zu erhalten, ohne sie manuell abzufragen (IMAP PUSH). Diese Benachrichtigung wird durch die Einstellung imap_idle_notify_interval gesteuert, die standardm\u00e4\u00dfig auf 2 Minuten eingestellt ist. Ein kurzes Intervall f\u00fchrt dazu, dass der Client viele Nachrichten f\u00fcr diese Verbindung erh\u00e4lt, was f\u00fcr mobile Ger\u00e4te schlecht ist, da jedes Mal, wenn das Ger\u00e4t diese Nachricht erh\u00e4lt, die Mailing-App aufwachen muss. Dies kann zu einer unn\u00f6tigen Entladung der Batterie f\u00fchren. Bearbeiten Sie den Wert \u00b6 Konfiguration \u00e4ndern \u00b6 Erstellen Sie eine neue Datei data/conf/dovecot/extra.conf (oder bearbeiten Sie sie, falls sie bereits existiert). F\u00fcgen Sie die Einstellung ein, gefolgt von dem neuen Wert. Um zum Beispiel das Intervall auf 5 Minuten zu setzen, k\u00f6nnen Sie Folgendes eingeben: imap_idle_notify_interval = 5 mins 29 Minuten ist der maximale Wert, den der entsprechende RFC erlaubt. Warning Dies ist keine Standardeinstellung in mailcow, da wir nicht wissen, wie diese Einstellung das Verhalten anderer Clients ver\u00e4ndert. Seien Sie vorsichtig, wenn Sie dies \u00e4ndern und ein anderes Verhalten beobachten. Dovecot neu laden \u00b6 Nun laden Sie Dovecot neu: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot reload docker-compose exec dovecot-mailcow dovecot reload Info Sie k\u00f6nnen den Wert dieser Einstellung \u00fcberpr\u00fcfen mit docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" Wenn Sie den Wert nicht ge\u00e4ndert haben, sollte er auf 2m stehen. Wenn Sie ihn ge\u00e4ndert haben, sollten Sie den neuen Wert sehen.","title":"IMAP IDLE-Intervall"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/#andern-des-imap-idle-intervalls","text":"","title":"\u00c4ndern des IMAP-IDLE-Intervalls"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/#was-ist-das-idle-intervall","text":"Standardm\u00e4\u00dfig sendet Dovecot eine \"Ich bin noch da\"-Benachrichtigung an jeden Client, der eine offene Verbindung mit Dovecot hat, um Mails so schnell wie m\u00f6glich zu erhalten, ohne sie manuell abzufragen (IMAP PUSH). Diese Benachrichtigung wird durch die Einstellung imap_idle_notify_interval gesteuert, die standardm\u00e4\u00dfig auf 2 Minuten eingestellt ist. Ein kurzes Intervall f\u00fchrt dazu, dass der Client viele Nachrichten f\u00fcr diese Verbindung erh\u00e4lt, was f\u00fcr mobile Ger\u00e4te schlecht ist, da jedes Mal, wenn das Ger\u00e4t diese Nachricht erh\u00e4lt, die Mailing-App aufwachen muss. Dies kann zu einer unn\u00f6tigen Entladung der Batterie f\u00fchren.","title":"Was ist das IDLE-Intervall?"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/#bearbeiten-sie-den-wert","text":"","title":"Bearbeiten Sie den Wert"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/#konfiguration-andern","text":"Erstellen Sie eine neue Datei data/conf/dovecot/extra.conf (oder bearbeiten Sie sie, falls sie bereits existiert). F\u00fcgen Sie die Einstellung ein, gefolgt von dem neuen Wert. Um zum Beispiel das Intervall auf 5 Minuten zu setzen, k\u00f6nnen Sie Folgendes eingeben: imap_idle_notify_interval = 5 mins 29 Minuten ist der maximale Wert, den der entsprechende RFC erlaubt. Warning Dies ist keine Standardeinstellung in mailcow, da wir nicht wissen, wie diese Einstellung das Verhalten anderer Clients ver\u00e4ndert. Seien Sie vorsichtig, wenn Sie dies \u00e4ndern und ein anderes Verhalten beobachten.","title":"Konfiguration \u00e4ndern"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-idle_interval/#dovecot-neu-laden","text":"Nun laden Sie Dovecot neu: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot reload docker-compose exec dovecot-mailcow dovecot reload Info Sie k\u00f6nnen den Wert dieser Einstellung \u00fcberpr\u00fcfen mit docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" Wenn Sie den Wert nicht ge\u00e4ndert haben, sollte er auf 2m stehen. Wenn Sie ihn ge\u00e4ndert haben, sollten Sie den neuen Wert sehen.","title":"Dovecot neu laden"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/","text":"Achtung Die Mails werden komprimiert (lz4) und verschl\u00fcsselt gespeichert. Das Schl\u00fcsselpaar ist in crypt-vol-1 zu finden. Wenn Sie vorhandene maildir-Dateien entschl\u00fcsseln/verschl\u00fcsseln wollen, k\u00f6nnen Sie das folgende Skript auf eigene Gefahr verwenden: Wechseln Sie in den Dovecot Container, indem Sie folgenden Befehl im mailcow-dockerized Verzeichnis ausf\u00fchren: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow /bin/bash docker-compose exec dovecot-mailcow /bin/bash # Entschl\u00fcsseln Sie /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") == \"CRYPTED\" ]]; then doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" > \"/tmp/$(basename \"$file\")\" if [[ -s \"/tmp/$(basename \"$file\")\" ]]; then chmod 600 \"/tmp/$(basename \"$file\")\" chown 5000:5000 \"/tmp/$(basename \"$file\")\" mv \"/tmp/$(basename \"$file\")\" \"$file\" else rm \"/tmp/$(basename \"$file\")\" fi fi done # Verschl\u00fcsseln von /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") != \"CRYPTED\" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" \"$file\" chmod 600 \"$file\" chown 5000:5000 \"$file\" fi done","title":"Mail crypt"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-more/","text":"Hier ist nur eine unsortierte Liste von n\u00fctzlichen doveadm -Befehlen, die n\u00fctzlich sein k\u00f6nnten. doveadm quota \u00b6 Die Befehle quota get und quota recalc 1 werden verwendet, um die Quota-Nutzung des aktuellen Benutzers anzuzeigen oder neu zu berechnen. Die angezeigten Werte sind in Kilobytes . Um den aktuellen Quota-Status f\u00fcr einen Benutzer / eine Mailbox aufzulisten, tun Sie folgendes: doveadm quota get -u 'mailbox@example.org' Um den Quota-Speicherwert f\u00fcr alle Benutzer aufzulisten, tun Sie folgendes: doveadm quota get -A |grep \"STORAGE\" Berechnen Sie die Quota-Nutzung eines einzelnen Benutzers neu: doveadm quota recalc -u 'mailbox@example.org' doveadm search \u00b6 Der Befehl doveadm search 2 wird verwendet, um Nachrichten zu finden, die Ihrer Anfrage entsprechen. Er kann den Benutzernamen, die Mailbox-GUID / -UID und die Nachrichten-GUIDs / -UIDs zur\u00fcckgeben. Um die Anzahl der Nachrichten im .Trash Ordner eines Benutzers zu sehen: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Alle Nachrichten im Postfach eines Benutzers anzeigen, die \u00e4lter als 90 Tage sind: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Zeige alle Nachrichten in beliebigen Ordnern , die \u00e4lter sind als 30 Tage f\u00fcr mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"Weitere Beispiele mit DOVEADM"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-more/#doveadm-quota","text":"Die Befehle quota get und quota recalc 1 werden verwendet, um die Quota-Nutzung des aktuellen Benutzers anzuzeigen oder neu zu berechnen. Die angezeigten Werte sind in Kilobytes . Um den aktuellen Quota-Status f\u00fcr einen Benutzer / eine Mailbox aufzulisten, tun Sie folgendes: doveadm quota get -u 'mailbox@example.org' Um den Quota-Speicherwert f\u00fcr alle Benutzer aufzulisten, tun Sie folgendes: doveadm quota get -A |grep \"STORAGE\" Berechnen Sie die Quota-Nutzung eines einzelnen Benutzers neu: doveadm quota recalc -u 'mailbox@example.org'","title":"doveadm quota"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-more/#doveadm-search","text":"Der Befehl doveadm search 2 wird verwendet, um Nachrichten zu finden, die Ihrer Anfrage entsprechen. Er kann den Benutzernamen, die Mailbox-GUID / -UID und die Nachrichten-GUIDs / -UIDs zur\u00fcckgeben. Um die Anzahl der Nachrichten im .Trash Ordner eines Benutzers zu sehen: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Alle Nachrichten im Postfach eines Benutzers anzeigen, die \u00e4lter als 90 Tage sind: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Zeige alle Nachrichten in beliebigen Ordnern , die \u00e4lter sind als 30 Tage f\u00fcr mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"doveadm search"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-public_folder/","text":"Erstellen Sie einen neuen \u00f6ffentlichen Namespace \"Public\" und eine Mailbox \"Develcow\" innerhalb dieses Namespaces: Bearbeiten oder erstellen Sie data/conf/dovecot/extra.conf , f\u00fcgen Sie hinzu: namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes mailbox \"Develcow\" { auto = subscribe } } :INDEXPVT=~/public kann weggelassen werden, wenn die Flags, die pro Benutzer gesehen werden, nicht gew\u00fcnscht sind. Die neue Mailbox im \u00f6ffentlichen Namensraum wird von den Benutzern automatisch abonniert. Um allen authentifizierten Benutzern vollen Zugriff auf das neue Postfach (nicht auf den gesamten Namespace) zu gew\u00e4hren, f\u00fchren Sie aus: docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow doveadm acl set -A \"Public/Develcow\" \"authenticated\" lookup read write write-seen write-deleted insert post delete expunge create docker-compose exec dovecot-mailcow doveadm acl set -A \"Public/Develcow\" \"authenticated\" lookup read write write-seen write-deleted insert post delete expunge create Passen Sie den Befehl an Ihre Bed\u00fcrfnisse an, wenn Sie detailliertere Rechte pro Benutzer vergeben m\u00f6chten (verwenden Sie z.B. -u user@domain anstelle von -A ). Erlaube authentifizierten Benutzern den Zugriff auf den gesamten \u00f6ffentlichen Namespace \u00b6 Um allen authentifizierten Benutzern vollen Zugriff auf den gesamten \u00f6ffentlichen Namespace und seine Unterordner zu gew\u00e4hren, erstellen Sie eine neue Datei dovecot-acl im Namespace-Stammverzeichnis: \u00d6ffnen/bearbeiten/erstellen Sie /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (passen Sie den Pfad entsprechend an), um die globale ACL-Datei mit dem folgenden Inhalt zu erstellen: authenticated kxeilprwts kxeilprwts\" ist gleichbedeutend mit \"lookup read write write-seen write-deleted insert post delete expunge create\". Sie k\u00f6nnen doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read verwenden, um den Zugriff f\u00fcr einen einzelnen Benutzer zu beschr\u00e4nken. Sie k\u00f6nnen es auch umdrehen und den Zugriff f\u00fcr alle Benutzer auf \"lr\" beschr\u00e4nken und nur einigen Benutzern vollen Zugriff gew\u00e4hren. Siehe Dovecot ACL f\u00fcr weitere Informationen \u00fcber ACL.","title":"\u00d6ffentliche Ordner"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-public_folder/#erlaube-authentifizierten-benutzern-den-zugriff-auf-den-gesamten-offentlichen-namespace","text":"Um allen authentifizierten Benutzern vollen Zugriff auf den gesamten \u00f6ffentlichen Namespace und seine Unterordner zu gew\u00e4hren, erstellen Sie eine neue Datei dovecot-acl im Namespace-Stammverzeichnis: \u00d6ffnen/bearbeiten/erstellen Sie /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (passen Sie den Pfad entsprechend an), um die globale ACL-Datei mit dem folgenden Inhalt zu erstellen: authenticated kxeilprwts kxeilprwts\" ist gleichbedeutend mit \"lookup read write write-seen write-deleted insert post delete expunge create\". Sie k\u00f6nnen doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read verwenden, um den Zugriff f\u00fcr einen einzelnen Benutzer zu beschr\u00e4nken. Sie k\u00f6nnen es auch umdrehen und den Zugriff f\u00fcr alle Benutzer auf \"lr\" beschr\u00e4nken und nur einigen Benutzern vollen Zugriff gew\u00e4hren. Siehe Dovecot ACL f\u00fcr weitere Informationen \u00fcber ACL.","title":"Erlaube authentifizierten Benutzern den Zugriff auf den gesamten \u00f6ffentlichen Namespace"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-static_master/","text":"Zuf\u00e4llige Master-Benutzernamen und Passw\u00f6rter werden automatisch bei jedem Neustart von dovecot-mailcow erstellt. Das wird empfohlen und sollte nicht ge\u00e4ndert werden. Wenn der Benutzer trotzdem statisch sein soll, geben Sie bitte zwei Variablen in mailcow.conf an. Beide Parameter d\u00fcrfen nicht leer sein! DOVECOT_MASTER_USER=mymasteruser DOVECOT_MASTER_PASS=mysecretpass F\u00fchren Sie folgenden Befehl aus, um Ihre \u00c4nderungen zu \u00fcbernehmen: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Der statische Master-Benutzername wird zu DOVECOT_MASTER_USER@mailcow.local erweitert. Um sich als test@example.org anzumelden, w\u00fcrde dies test@example.org*mymasteruser@mailcow.local mit dem oben angegebenen Passwort entsprechen. Eine Anmeldung bei SOGo ist mit diesem Benutzernamen nicht m\u00f6glich. F\u00fcr Admins steht eine Click-to-Login-Funktion f\u00fcr SOGo zur Verf\u00fcgung, wie [hier] beschrieben ( https://mailcow.github.io/mailcow-dockerized-docs/debug-admin_login_sogo/ ) Es wird kein Hauptbenutzer ben\u00f6tigt.","title":"Statischer Hauptbenutzer"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/","text":"Der \"neue\" Weg \u00b6 Warning Neuere Docker-Versionen scheinen sich \u00fcber bestehende Volumes zu beschweren. Man kann dies vor\u00fcbergehend beheben, indem man das bestehende Volume entfernt und mailcow mit der Override-Datei startet. Aber es scheint nach einem Neustart problematisch zu sein (muss best\u00e4tigt werden). Ein einfacher, schmutziger, aber stabiler Workaround ist es, mailcow zu stoppen, /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data zu entfernen und einen neuen Link zu Ihrem entfernten Dateisystem zu erstellen, zum Beispiel: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Starten Sie anschlie\u00dfend mailcow. Der \"alte\" Weg \u00b6 Wenn man einen anderen Ordner f\u00fcr das vmail-Volume verwenden m\u00f6chte, kann man eine docker-compose.override.yml Datei erstellen und den folgenden Inhalt hinzuf\u00fcgen: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind Verschieben eines bestehenden vmail-Ordners: \u00b6 Finden Sie den aktuellen vmail-Ordner anhand seines \"Mountpoint\"-Attributs: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Kopieren Sie den Inhalt des Mountpoint -Ordners an den neuen Speicherort (z.B. /data/mailcow/vmail ) mit cp -a , rsync -a oder einem \u00e4hnlichen, nicht strikten Kopierbefehl Stoppen Sie mailcow durch Ausf\u00fchren von docker compose down aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized ) Erstellen Sie die Datei docker-compose.override.yml , bearbeiten Sie den Ger\u00e4tepfad entsprechend L\u00f6schen Sie den aktuellen vmail-Ordner: docker volume rm mailcowdockerized_vmail-vol-1 Starten Sie mailcow durch Ausf\u00fchren von docker compose up -d aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized )","title":"Maildir verschieben (vmail)"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/#der-neue-weg","text":"Warning Neuere Docker-Versionen scheinen sich \u00fcber bestehende Volumes zu beschweren. Man kann dies vor\u00fcbergehend beheben, indem man das bestehende Volume entfernt und mailcow mit der Override-Datei startet. Aber es scheint nach einem Neustart problematisch zu sein (muss best\u00e4tigt werden). Ein einfacher, schmutziger, aber stabiler Workaround ist es, mailcow zu stoppen, /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data zu entfernen und einen neuen Link zu Ihrem entfernten Dateisystem zu erstellen, zum Beispiel: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Starten Sie anschlie\u00dfend mailcow.","title":"Der \"neue\" Weg"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/#der-alte-weg","text":"Wenn man einen anderen Ordner f\u00fcr das vmail-Volume verwenden m\u00f6chte, kann man eine docker-compose.override.yml Datei erstellen und den folgenden Inhalt hinzuf\u00fcgen: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind","title":"Der \"alte\" Weg"},{"location":"de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/#verschieben-eines-bestehenden-vmail-ordners","text":"Finden Sie den aktuellen vmail-Ordner anhand seines \"Mountpoint\"-Attributs: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Kopieren Sie den Inhalt des Mountpoint -Ordners an den neuen Speicherort (z.B. /data/mailcow/vmail ) mit cp -a , rsync -a oder einem \u00e4hnlichen, nicht strikten Kopierbefehl Stoppen Sie mailcow durch Ausf\u00fchren von docker compose down aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized ) Erstellen Sie die Datei docker-compose.override.yml , bearbeiten Sie den Ger\u00e4tepfad entsprechend L\u00f6schen Sie den aktuellen vmail-Ordner: docker volume rm mailcowdockerized_vmail-vol-1 Starten Sie mailcow durch Ausf\u00fchren von docker compose up -d aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized )","title":"Verschieben eines bestehenden vmail-Ordners:"},{"location":"de/manual-guides/Nginx/u_e-nginx_custom/","text":"SSL \u00b6 Bitte lesen Sie Erweitertes SSL und \u00fcberpr\u00fcfen Sie explizit ADDITIONAL_SERVER_NAMES f\u00fcr die SSL-Konfiguration. Bitte f\u00fcgen Sie ADDITIONAL_SERVER_NAMES nicht hinzu, wenn Sie planen, einen anderen Web-Root zu verwenden. Neue Website \u00b6 Um persistente (\u00fcber Updates) Sites zu erstellen, die von mailcow: dockerized gehostet werden, muss eine neue Site-Konfiguration in data/conf/nginx/ platziert werden: Eine gute Vorlage, um damit zu beginnen: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } } Neue Website mit Proxy zu einem entfernten Location \u00b6 Ein weiteres Beispiel mit einer Reverse-Proxy-Konfiguration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } } Konfig-Erweiterung in mailcows Nginx \u00b6 Der Dateiname, der f\u00fcr eine neue Site verwendet wird, ist nicht wichtig, solange der Dateiname eine .conf-Erweiterung tr\u00e4gt. Es ist auch m\u00f6glich, die Konfiguration der Standarddatei site.conf Datei zu erweitern: nano data/conf/nginx/site.my_content.custom Dieser Dateiname muss keine \".conf\"-Erweiterung haben, sondern folgt dem Muster site.*.custom , wobei * ein eigener Name ist. Wenn PHP in eine benutzerdefinierte Site eingebunden werden soll, verwenden Sie bitte den PHP-FPM-Listener auf phpfpm:9002 oder erstellen Sie einen neuen Listener in data/conf/phpfpm/php-fpm.d/pools.conf . Starten Sie Nginx neu (und PHP-FPM, falls ein neuer Listener erstellt wurde): docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker compose restart php-fpm-mailcow docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Benutzerdefinierte Seiten"},{"location":"de/manual-guides/Nginx/u_e-nginx_custom/#ssl","text":"Bitte lesen Sie Erweitertes SSL und \u00fcberpr\u00fcfen Sie explizit ADDITIONAL_SERVER_NAMES f\u00fcr die SSL-Konfiguration. Bitte f\u00fcgen Sie ADDITIONAL_SERVER_NAMES nicht hinzu, wenn Sie planen, einen anderen Web-Root zu verwenden.","title":"SSL"},{"location":"de/manual-guides/Nginx/u_e-nginx_custom/#neue-website","text":"Um persistente (\u00fcber Updates) Sites zu erstellen, die von mailcow: dockerized gehostet werden, muss eine neue Site-Konfiguration in data/conf/nginx/ platziert werden: Eine gute Vorlage, um damit zu beginnen: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } }","title":"Neue Website"},{"location":"de/manual-guides/Nginx/u_e-nginx_custom/#neue-website-mit-proxy-zu-einem-entfernten-location","text":"Ein weiteres Beispiel mit einer Reverse-Proxy-Konfiguration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } }","title":"Neue Website mit Proxy zu einem entfernten Location"},{"location":"de/manual-guides/Nginx/u_e-nginx_custom/#konfig-erweiterung-in-mailcows-nginx","text":"Der Dateiname, der f\u00fcr eine neue Site verwendet wird, ist nicht wichtig, solange der Dateiname eine .conf-Erweiterung tr\u00e4gt. Es ist auch m\u00f6glich, die Konfiguration der Standarddatei site.conf Datei zu erweitern: nano data/conf/nginx/site.my_content.custom Dieser Dateiname muss keine \".conf\"-Erweiterung haben, sondern folgt dem Muster site.*.custom , wobei * ein eigener Name ist. Wenn PHP in eine benutzerdefinierte Site eingebunden werden soll, verwenden Sie bitte den PHP-FPM-Listener auf phpfpm:9002 oder erstellen Sie einen neuen Listener in data/conf/phpfpm/php-fpm.d/pools.conf . Starten Sie Nginx neu (und PHP-FPM, falls ein neuer Listener erstellt wurde): docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker compose restart php-fpm-mailcow docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Konfig-Erweiterung in mailcows Nginx"},{"location":"de/manual-guides/Nginx/u_e-nginx_webmail-site/","text":"WICHTIG : Diese Anleitung gilt nur f\u00fcr Konfigurationen, bei denen SNI nicht aktiviert ist. Wenn SNI aktiviert ist, muss der Zertifikatspfad angepasst werden. Etwas wie ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; wird gen\u00fcgen. Aber : Das Zertifikat sollte zuerst bezogen werden und erst wenn das Zertifikat existiert, sollte eine Site Config erstellt werden. Nginx wird nicht starten, wenn es das Zertifikat und den Schl\u00fcssel nicht finden kann. Um eine Subdomain webmail.example.org zu erstellen und sie auf SOGo umzuleiten, m\u00fcssen Sie eine neue Nginx-Site erstellen. Achten Sie dabei auf \"CHANGE_TO_MAILCOW_HOSTNAME\"! nano data/conf/nginx/webmail.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name webmail.example.org; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } } Speichern Sie und starten Sie Nginx neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart nginx-mailcow docker-compose restart nginx-mailcow \u00d6ffnen Sie nun mailcow.conf und suchen Sie ADDITIONAL_SAN . F\u00fcgen Sie webmail.example.org zu diesem Array hinzu, verwenden Sie keine Anf\u00fchrungszeichen! ADDITIONAL_SAN=webmail.example.org F\u00fchren Sie den Befehl aus: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Siehe \"acme-mailcow\" und \"nginx-mailcow\" Logs, wenn etwas fehlschl\u00e4gt","title":"Subdom\u00e4ne webmail.example.org erstellen"},{"location":"de/manual-guides/Postfix/u_e-postfix-attachment_size/","text":"\u00d6ffnen Sie data/conf/postfix/extra.cf und setzen Sie das message_size_limit entsprechend in Bytes. Siehe main.cf f\u00fcr den Standardwert. Starten Sie Postfix neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow","title":"Maximale Nachrichtengr\u00f6\u00dfe (Gr\u00f6\u00dfe des Anhangs)"},{"location":"de/manual-guides/Postfix/u_e-postfix-custom_transport/","text":"F\u00fcr Transport maps, die nicht in mailcow UI konfiguriert werden, verwenden Sie bitte data/conf/postfix/custom_transport.pcre , um zu verhindern, dass bestehende Maps oder Einstellungen durch Updates \u00fcberschrieben werden. In den meisten F\u00e4llen ist die Verwendung dieser Datei nicht notwendig. Bitte vergewissern Sie sich, dass mailcow UI nicht in der Lage ist, den gew\u00fcnschten Datenverkehr richtig zu routen, bevor Sie diese Datei verwenden. Die Datei ben\u00f6tigt g\u00fcltigen PCRE-Inhalt und kann Postfix zerst\u00f6ren, wenn sie falsch konfiguriert ist.","title":"Benutzerdefinierte Transportmaps"},{"location":"de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/","text":"Neue Anleitung \u00b6 Bearbeiten Sie ein Postfach und w\u00e4hlen Sie \"Senden als * zulassen\". Aus historischen Gr\u00fcnden haben wir die alte und veraltete Anleitung unten beibehalten: Veraltete Anleitung (NICHT F\u00dcR NEUERE MAILCOWS VERWENDEN!) \u00b6 Diese Option ist keine Best-Practice und sollte nur verwendet werden, wenn es keine andere M\u00f6glichkeit gibt, das zu erreichen, was Sie erreichen wollen. Erstellen Sie einfach eine Datei data/conf/postfix/check_sasl_access und tragen Sie den folgenden Inhalt ein. Dieser Benutzer muss in Ihrer Installation existieren und muss sich vor dem Versenden von Mails authentifizieren. user-to-allow-everything@example.com OK \u00d6ffnen Sie data/conf/postfix/main.cf und suchen Sie smtpd_sender_restrictions . F\u00fcgen Sie check_sasl_access hash:/opt/postfix/conf/check_sasl_access wie folgt ein: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Postmap auf check_sasl_access ausf\u00fchren: docker compose (Plugin) docker-compose (Standalone) docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Starten Sie den Postfix-Container neu.","title":"\u00dcberpr\u00fcfung der Absenderadressen deaktivieren"},{"location":"de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/#neue-anleitung","text":"Bearbeiten Sie ein Postfach und w\u00e4hlen Sie \"Senden als * zulassen\". Aus historischen Gr\u00fcnden haben wir die alte und veraltete Anleitung unten beibehalten:","title":"Neue Anleitung"},{"location":"de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/#veraltete-anleitung-nicht-fur-neuere-mailcows-verwenden","text":"Diese Option ist keine Best-Practice und sollte nur verwendet werden, wenn es keine andere M\u00f6glichkeit gibt, das zu erreichen, was Sie erreichen wollen. Erstellen Sie einfach eine Datei data/conf/postfix/check_sasl_access und tragen Sie den folgenden Inhalt ein. Dieser Benutzer muss in Ihrer Installation existieren und muss sich vor dem Versenden von Mails authentifizieren. user-to-allow-everything@example.com OK \u00d6ffnen Sie data/conf/postfix/main.cf und suchen Sie smtpd_sender_restrictions . F\u00fcgen Sie check_sasl_access hash:/opt/postfix/conf/check_sasl_access wie folgt ein: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Postmap auf check_sasl_access ausf\u00fchren: docker compose (Plugin) docker-compose (Standalone) docker compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Starten Sie den Postfix-Container neu.","title":"Veraltete Anleitung (NICHT F\u00dcR NEUERE MAILCOWS VERWENDEN!)"},{"location":"de/manual-guides/Postfix/u_e-postfix-extra_cf/","text":"Bitte erstellen Sie eine neue Datei data/conf/postfix/extra.cf f\u00fcr \u00dcberschreibungen oder zus\u00e4tzliche Inhalte zur main.cf . Postfix wird sich einmal nach dem Start von postfix-mailcow \u00fcber doppelte Werte beschweren, dies ist beabsichtigt. Syslog-ng wurde so konfiguriert, dass es diese Warnungen ausblendet, w\u00e4hrend Postfix l\u00e4uft, um die Log-Dateien nicht jedes Mal mit unn\u00f6tigen Informationen zu spammen, wenn ein Dienst benutzt wird. Starten Sie postfix-mailcow neu, um Ihre \u00c4nderungen zu \u00fcbernehmen: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow","title":"main.cf anpassen/erweitern"},{"location":"de/manual-guides/Postfix/u_e-postfix-pflogsumm/","text":"Um pflogsumm mit dem Standard-Logging-Treiber zu verwenden, m\u00fcssen wir postfix-mailcow \u00fcber docker logs abfragen und die Ausgabe zu pflogsumm leiten: docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm Die obige Log-Ausgabe ist auf die letzten 24 Stunden beschr\u00e4nkt. Es ist auch m\u00f6glich, einen t\u00e4glichen pflogsumm-Bericht \u00fcber cron zu erstellen. Erstellen Sie die Datei /etc/cron.d/pflogsumm mit dem folgenden Inhalt: SHELL=/bin/bash 59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s \"Postfix Report of $(date)\" postmaster@example.net Um zu funktionieren muss ein lokaler Postfix auf dem Server installiert werden, welcher an den Postfix der mailcow relayed. Genauere Informationen lassen sich unter Sektion Post-Installationsaufgaben -> Lokaler MTA auf Dockerhost finden. Basierend auf den Postfix-Logs der letzten 24 Stunden sendet dieses Beispiel dann jeden Tag um 23:59:00 Uhr einen pflogsumm-Bericht an postmaster@example.net .","title":"Statistik mit pflogsumm"},{"location":"de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/","text":"IPs k\u00f6nnen in der Datei data/conf/postfix/custom_postscreen_whitelist.cidr aus dem Postscreen und damit auch aus den RBL-Pr\u00fcfungen entfernt werden. Postscreen f\u00fchrt mehrere Pr\u00fcfungen durch, um b\u00f6sartige Absender zu identifizieren. In den meisten F\u00e4llen m\u00f6chten Sie eine IP-Adresse auf die Whitelist setzen, um sie von der Suche nach einer schwarzen Liste auszuschlie\u00dfen. Das Format der Datei ist wie folgt CIDR ACTION Dabei steht CIDR f\u00fcr eine einzelne IP-Adresse oder einen IP-Bereich in CIDR-Notation und action entweder f\u00fcr \"permit\" oder \"reject\". Beispiel: # Regeln werden in der angegebenen Reihenfolge ausgewertet. # Schwarze Liste 192.168.* au\u00dfer 192.168.0.1. 192.168.0.1 permit 192.168.0.0/16 reject Die Datei wird spontan neu geladen, ein Neustart von Postfix ist nicht erforderlich.","title":"IP in Postscreen auf die Whitelist setzen"},{"location":"de/manual-guides/Postfix/u_e-postfix-relayhost/","text":"Seit dem 12. September 2018 k\u00f6nnen Sie Relayhosts als Admin \u00fcber die mailcow UI einrichten. Dies ist n\u00fctzlich, wenn Sie ausgehende E-Mails f\u00fcr eine bestimmte Domain an einen Drittanbieter-Spamfilter oder einen Dienst wie Mailgun oder Sendgrid weiterleiten m\u00f6chten. Dies ist auch bekannt als ein smarthost . Falls nicht, \u00fcberpr\u00fcfen Sie den Fehler und beheben Sie ihn. Einen neuen Relayhost hinzuf\u00fcgen \u00b6 Gehen Sie auf die Registerkarte \"Routing\" im Abschnitt \"Konfiguration und Details\" der mailcow UI. Hier sehen Sie eine Liste der derzeit eingerichteten Relayhosts. Bl\u00e4ttern Sie zum Abschnitt \"Absenderabh\u00e4ngigen Transport hinzuf\u00fcgen\". F\u00fcgen Sie unter Host den Host hinzu, an den Sie weiterleiten m\u00f6chten. Beispiel: Wenn Sie Mailgun zum Senden von E-Mails anstelle Ihrer Server-IP verwenden m\u00f6chten, geben Sie smtp.mailgun.org ein. Wenn der Relay-Host zur Authentifizierung einen Benutzernamen und ein Passwort ben\u00f6tigt, geben Sie diese in die entsprechenden Felder ein. Beachten Sie, dass die Anmeldedaten im Klartext gespeichert werden. Testen Sie einen Relayhost \u00b6 Um zu testen, ob die Verbindung zum Host funktioniert, klicken Sie in der Liste der Relayhosts auf Test und geben Sie eine Von: -Adresse ein. F\u00fchren Sie dann den Test aus. Sie sehen dann die Ergebnisse der SMTP-\u00dcbertragung. Wenn alles klappt, sollten Sie Folgendes sehen: SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 als eine der letzten Zeilen. Ist dies nicht der Fall, \u00fcberpr\u00fcfen Sie den angegebenen Fehler und beheben Sie ihn. Hinweis: Einige Hosts, insbesondere solche, die keine Authentifizierung verlangen, verweigern Verbindungen von Servern, die nicht zuvor in ihr System aufgenommen wurden. Lesen Sie unbedingt die Dokumentation des Relayhosts, um sicherzustellen, dass Sie Ihre Domain und/oder die Server-IP zu ihrem System hinzugef\u00fcgt haben. Tipp: Sie k\u00f6nnen die standardm\u00e4\u00dfige Von: -Adresse, die der Test verwendet, von null@mailcow.email auf eine beliebige E-Mail-Adresse \u00e4ndern, indem Sie die Variable $RELAY_TO in der Datei vars.inc.php unter /opt/mailcow-dockerized/data/web/inc \u00e4ndern. Auf diese Weise k\u00f6nnen Sie \u00fcberpr\u00fcfen, ob das Relay funktioniert hat, indem Sie das Zielpostfach \u00fcberpr\u00fcfen. Relayhost f\u00fcr eine Domain festlegen \u00b6 Wechseln Sie auf die Registerkarte \"Domains\" im Abschnitt \"E-Mail-Setup\" der mailcow UI. Bearbeiten Sie die gew\u00fcnschte Domain. W\u00e4hlen Sie den neu hinzugef\u00fcgten Host in der Dropdown-Liste \"Absenderabh\u00e4ngige Transporte\" aus und speichern Sie die \u00c4nderungen. Senden Sie eine E-Mail von einer Mailbox auf dieser Domain und Sie sollten in den Protokollen sehen, dass Postfix die Nachricht an den Relayhost weiterleitet.","title":"Relayhosts"},{"location":"de/manual-guides/Postfix/u_e-postfix-relayhost/#einen-neuen-relayhost-hinzufugen","text":"Gehen Sie auf die Registerkarte \"Routing\" im Abschnitt \"Konfiguration und Details\" der mailcow UI. Hier sehen Sie eine Liste der derzeit eingerichteten Relayhosts. Bl\u00e4ttern Sie zum Abschnitt \"Absenderabh\u00e4ngigen Transport hinzuf\u00fcgen\". F\u00fcgen Sie unter Host den Host hinzu, an den Sie weiterleiten m\u00f6chten. Beispiel: Wenn Sie Mailgun zum Senden von E-Mails anstelle Ihrer Server-IP verwenden m\u00f6chten, geben Sie smtp.mailgun.org ein. Wenn der Relay-Host zur Authentifizierung einen Benutzernamen und ein Passwort ben\u00f6tigt, geben Sie diese in die entsprechenden Felder ein. Beachten Sie, dass die Anmeldedaten im Klartext gespeichert werden.","title":"Einen neuen Relayhost hinzuf\u00fcgen"},{"location":"de/manual-guides/Postfix/u_e-postfix-relayhost/#testen-sie-einen-relayhost","text":"Um zu testen, ob die Verbindung zum Host funktioniert, klicken Sie in der Liste der Relayhosts auf Test und geben Sie eine Von: -Adresse ein. F\u00fchren Sie dann den Test aus. Sie sehen dann die Ergebnisse der SMTP-\u00dcbertragung. Wenn alles klappt, sollten Sie Folgendes sehen: SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 als eine der letzten Zeilen. Ist dies nicht der Fall, \u00fcberpr\u00fcfen Sie den angegebenen Fehler und beheben Sie ihn. Hinweis: Einige Hosts, insbesondere solche, die keine Authentifizierung verlangen, verweigern Verbindungen von Servern, die nicht zuvor in ihr System aufgenommen wurden. Lesen Sie unbedingt die Dokumentation des Relayhosts, um sicherzustellen, dass Sie Ihre Domain und/oder die Server-IP zu ihrem System hinzugef\u00fcgt haben. Tipp: Sie k\u00f6nnen die standardm\u00e4\u00dfige Von: -Adresse, die der Test verwendet, von null@mailcow.email auf eine beliebige E-Mail-Adresse \u00e4ndern, indem Sie die Variable $RELAY_TO in der Datei vars.inc.php unter /opt/mailcow-dockerized/data/web/inc \u00e4ndern. Auf diese Weise k\u00f6nnen Sie \u00fcberpr\u00fcfen, ob das Relay funktioniert hat, indem Sie das Zielpostfach \u00fcberpr\u00fcfen.","title":"Testen Sie einen Relayhost"},{"location":"de/manual-guides/Postfix/u_e-postfix-relayhost/#relayhost-fur-eine-domain-festlegen","text":"Wechseln Sie auf die Registerkarte \"Domains\" im Abschnitt \"E-Mail-Setup\" der mailcow UI. Bearbeiten Sie die gew\u00fcnschte Domain. W\u00e4hlen Sie den neu hinzugef\u00fcgten Host in der Dropdown-Liste \"Absenderabh\u00e4ngige Transporte\" aus und speichern Sie die \u00c4nderungen. Senden Sie eine E-Mail von einer Mailbox auf dieser Domain und Sie sollten in den Protokollen sehen, dass Postfix die Nachricht an den Relayhost weiterleitet.","title":"Relayhost f\u00fcr eine Domain festlegen"},{"location":"de/manual-guides/Postfix/u_e-postfix-trust_networks/","text":"Standardm\u00e4\u00dfig betrachtet mailcow alle Netzwerke als nicht vertrauensw\u00fcrdig , ausgenommen seine eigenen IPV4_NETWORK und IPV6_NETWORK Bereiche. Obwohl dies in den meisten F\u00e4llen vern\u00fcnftig ist, kann es Umst\u00e4nde geben, unter denen man diese Einschr\u00e4nkung lockern muss. Standardm\u00e4\u00dfig verwendet mailcow mynetworks_style = subnet um interne Subnetze zu bestimmen und l\u00e4sst mynetworks unkonfiguriert. Wenn Sie sich entscheiden, mynetworks zu setzen, ignoriert Postfix die mynetworks_style Einstellung. Das bedeutet, dass Sie die Bereiche IPV4_NETWORK und IPV6_NETWORK sowie die Loopback-Subnetze manuell hinzuf\u00fcgen m\u00fcssen! Unauthentifiziertes Relaying \u00b6 Warning Eine falsche Einstellung von mynetworks erlaubt es Ihrem Server, als offenes Relay verwendet zu werden. Wenn dies missbraucht wird, beeintr\u00e4chtigt dies Ihre F\u00e4higkeit, E-Mails zu versenden, und es kann einige Zeit dauern, bis dies behoben ist. IPv4-Hosts/Subnetze \u00b6 Um das Subnetz 192.168.2.0/24 zu den vertrauensw\u00fcrdigen Netzwerken hinzuzuf\u00fcgen, k\u00f6nnen Sie die folgende Konfiguration verwenden, abh\u00e4ngig von Ihren IPV4_NETWORK und IPV6_NETWORK Bereichen: Bearbeiten Sie data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 F\u00fchren Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu \u00fcbernehmen. IPv6-Hosts/Subnets \u00b6 Das Hinzuf\u00fcgen von IPv6-Hosts erfolgt auf die gleiche Weise wie bei IPv4, allerdings muss das Subnetz in eckige Klammern [] gesetzt und die Netzmaske angeh\u00e4ngt werden. Um das Subnetz 2001:db8::/32 zu den vertrauensw\u00fcrdigen Netzwerken hinzuzuf\u00fcgen, k\u00f6nnen Sie die folgende Konfiguration verwenden, abh\u00e4ngig von Ihren IPV4_NETWORK- und IPV6_NETWORK-Bereichen: Bearbeiten Sie data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 F\u00fchren Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu \u00fcbernehmen. Info Weitere Informationen \u00fcber mynetworks finden Sie in der Postfix-Dokumentation .","title":"Vertrauensw\u00fcrdige Netzwerke hinzuf\u00fcgen"},{"location":"de/manual-guides/Postfix/u_e-postfix-trust_networks/#unauthentifiziertes-relaying","text":"Warning Eine falsche Einstellung von mynetworks erlaubt es Ihrem Server, als offenes Relay verwendet zu werden. Wenn dies missbraucht wird, beeintr\u00e4chtigt dies Ihre F\u00e4higkeit, E-Mails zu versenden, und es kann einige Zeit dauern, bis dies behoben ist.","title":"Unauthentifiziertes Relaying"},{"location":"de/manual-guides/Postfix/u_e-postfix-trust_networks/#ipv4-hostssubnetze","text":"Um das Subnetz 192.168.2.0/24 zu den vertrauensw\u00fcrdigen Netzwerken hinzuzuf\u00fcgen, k\u00f6nnen Sie die folgende Konfiguration verwenden, abh\u00e4ngig von Ihren IPV4_NETWORK und IPV6_NETWORK Bereichen: Bearbeiten Sie data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 F\u00fchren Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu \u00fcbernehmen.","title":"IPv4-Hosts/Subnetze"},{"location":"de/manual-guides/Postfix/u_e-postfix-trust_networks/#ipv6-hostssubnets","text":"Das Hinzuf\u00fcgen von IPv6-Hosts erfolgt auf die gleiche Weise wie bei IPv4, allerdings muss das Subnetz in eckige Klammern [] gesetzt und die Netzmaske angeh\u00e4ngt werden. Um das Subnetz 2001:db8::/32 zu den vertrauensw\u00fcrdigen Netzwerken hinzuzuf\u00fcgen, k\u00f6nnen Sie die folgende Konfiguration verwenden, abh\u00e4ngig von Ihren IPV4_NETWORK- und IPV6_NETWORK-Bereichen: Bearbeiten Sie data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 F\u00fchren Sie docker compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu \u00fcbernehmen. Info Weitere Informationen \u00fcber mynetworks finden Sie in der Postfix-Dokumentation .","title":"IPv6-Hosts/Subnets"},{"location":"de/manual-guides/Redis/u_e-redis/","text":"Redis wird als Key-Value-Speicher f\u00fcr die Einstellungen und Daten von rspamd und (einige von) mailcow verwendet. Wenn Sie mit Redis nicht vertraut sind, lesen Sie bitte die Einf\u00fchrung in Redis und besuchen Sie gegebenenfalls diese wunderbare Anleitung , um zu erfahren, wie man Redis benutzt. Client \u00b6 Um sich mit dem redis cli zu verbinden, f\u00fchren Sie aus: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli Fehlersuche \u00b6 Hier sind einige n\u00fctzliche Befehle f\u00fcr den redis-cli zur Fehlersuche: MONITOR \u00b6 \u00dcberwacht alle vom Server empfangenen Anfragen in Echtzeit: docker compose (Plugin) docker-compose (Standalone) #docker compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] #docker-compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] SCHL\u00dcSSEL (Keys) \u00b6 Ermittelt alle Schl\u00fcssel, die dem Muster entsprechen: KEYS * PING \u00b6 Testen Sie eine Verbindung: 127.0.0.1:6379> PING PONG Wenn Sie mehr wissen wollen, hier ist ein Cheat-Sheet .","title":"Redis"},{"location":"de/manual-guides/Redis/u_e-redis/#client","text":"Um sich mit dem redis cli zu verbinden, f\u00fchren Sie aus: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli","title":"Client"},{"location":"de/manual-guides/Redis/u_e-redis/#fehlersuche","text":"Hier sind einige n\u00fctzliche Befehle f\u00fcr den redis-cli zur Fehlersuche:","title":"Fehlersuche"},{"location":"de/manual-guides/Redis/u_e-redis/#monitor","text":"\u00dcberwacht alle vom Server empfangenen Anfragen in Echtzeit: docker compose (Plugin) docker-compose (Standalone) #docker compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ] #docker-compose exec redis-mailcow redis-cli 127 .0.0.1:6379> monitor OK 1494077286 .401963 [ 0 172 .22.1.253:41228 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288 .292970 [ 0 172 .22.1.253:41229 ] \"SMEMBERS\" \"BAYES_SPAM_keys\" [ ... ]","title":"MONITOR"},{"location":"de/manual-guides/Redis/u_e-redis/#schlussel-keys","text":"Ermittelt alle Schl\u00fcssel, die dem Muster entsprechen: KEYS *","title":"SCHL\u00dcSSEL (Keys)"},{"location":"de/manual-guides/Redis/u_e-redis/#ping","text":"Testen Sie eine Verbindung: 127.0.0.1:6379> PING PONG Wenn Sie mehr wissen wollen, hier ist ein Cheat-Sheet .","title":"PING"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/","text":"Rspamd wird f\u00fcr die AV-Verarbeitung, DKIM-Signierung und SPAM-Verarbeitung verwendet. Es ist ein leistungsf\u00e4higes und schnelles Filtersystem. F\u00fcr eine ausf\u00fchrlichere Dokumentation \u00fcber Rspamd besuchen Sie bitte die [Rspamd Dokumentation] ( https://rspamd.com/doc/index.html ). Spam & Ham lernen \u00b6 Rspamd lernt, ob es sich um Spam oder Ham handelt, wenn Sie eine Nachricht in oder aus dem Junk-Ordner in ein anderes Postfach als den Papierkorb verschieben. Dies wird durch die Verwendung des Sieve-Plugins \"sieve_imapsieve\" und Parser-Skripte erreicht. Rspamd liest auch automatisch Mails, wenn eine hohe oder niedrige Punktzahl erkannt wird (siehe https://rspamd.com/doc/configuration/statistic.html#autolearning ). Wir haben das Plugin so konfiguriert, dass es ein vern\u00fcnftiges Verh\u00e4ltnis zwischen Spam- und Ham-Learnings beibeh\u00e4lt. Die Bayes-Statistiken werden in Redis als Schl\u00fcssel BAYES_HAM und BAYES_SPAM gespeichert. Neben Bayes wird ein lokaler Fuzzy-Speicher verwendet, um wiederkehrende Muster in Texten oder Bildern zu lernen, die auf Ham oder Spam hinweisen. Sie k\u00f6nnen auch die Web-UI von Rspamd verwenden, um Ham und/oder Spam zu lernen oder bestimmte Einstellungen von Rspamd anzupassen. Spam oder Ham aus bestehendem Verzeichnis lernen \u00b6 Sie k\u00f6nnen einen Einzeiler verwenden, um Mails im Klartextformat (unkomprimiert) zu lernen: docker compose (Plugin) docker-compose (Standalone) # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Erw\u00e4gen Sie, einen lokalen Ordner als neues Volume an rspamd-mailcow in docker-compose.yml anzuh\u00e4ngen und die gegebenen Dateien innerhalb des Containers zu lernen. Dies kann als Workaround verwendet werden, um komprimierte Daten mit zcat zu parsen. Beispiel: ``bash for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done ### Gelernte Daten zur\u00fccksetzen (Bayes, Neural) Sie m\u00fcssen die Schl\u00fcssel in Redis l\u00f6schen, um die gelernten Daten zur\u00fcckzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank: **Backup Datenbank** ```bash # Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Bayes-Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Neurale Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Fuzzy-Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) # Wir m\u00fcssen zuerst das redis-cli eingeben: docker compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* # Wir m\u00fcssen zuerst das redis-cli eingeben: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info Wenn redis-cli sich beschwert \u00fcber... (error) ERR wrong number of arguments for 'del' command ...das Schl\u00fcsselmuster nicht gefunden wurde und somit keine Daten zum L\u00f6schen vorhanden sind - ist es in Ordnung. CLI-Werkzeuge \u00b6 docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamc --help docker compose exec rspamd-mailcow rspamadm --help docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help Greylisting deaktivieren \u00b6 Nur Nachrichten mit einer h\u00f6heren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren. Sie k\u00f6nnen Greylisting serverweit durch Editieren deaktivieren: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf F\u00fcgen Sie die Zeile hinzu: enabled = false ; Speichern Sie die Datei und starten Sie \"rspamd-mailcow\" neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Spamfilter-Schwellenwerte (global) \u00b6 Jeder Benutzer kann seine Spam-Bewertung individuell \u00e4ndern. Um eine neue serverweite Grenze zu definieren, editieren Sie data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Speichern Sie die Datei und starten Sie \"rspamd-mailcow\" neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Bestehende Einstellungen der Benutzer werden nicht \u00fcberschrieben! Um benutzerdefinierte Schwellenwerte zur\u00fcckzusetzen, f\u00fchren Sie aus: docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # oder: docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # oder: docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" Benutzerdefinierte Ablehnungsnachrichten \u00b6 Die Standard-Spam-Reject-Meldung kann durch Hinzuf\u00fcgen einer neuen Datei data/conf/rspamd/override.d/worker-proxy.custom.inc mit dem folgenden Inhalt ge\u00e4ndert werden: reject_message = \"Meine eigene Ablehnungsnachricht\"; Speichern Sie die Datei und starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Waehrend das oben genannte fuer abgelehnte Mails mit einem hohen Spam-Score funktioniert, ignorieren Prefilter-Aktionen diese Einstellung. F\u00fcr diese Karten muss das Multimap-Modul in Rspamd angepasst werden: Finden Sie das Prefilet-Reject-Symbol, f\u00fcr das Sie die Nachricht \u00e4ndern wollen, f\u00fchren Sie dazu aus: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ F\u00fcgen Sie Ihre eigene Nachricht als neue Zeile hinzu: GLOBAL_RCPT_BL { Typ = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Der Versand von E-Mails an diesen Empf\u00e4nger ist durch postmaster@your.domain verboten\"; } Speichern Sie die Datei und starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Verwerfen statt zur\u00fcckweisen \u00b6 Wenn Sie eine Nachricht stillschweigend verwerfen wollen, erstellen oder bearbeiten Sie die Datei data/conf/rspamd/override.d/worker-proxy.custom.inc und f\u00fcgen Sie den folgenden Inhalt hinzu: discard_on_reject = true; Starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow L\u00f6sche alle Ratelimit-Schl\u00fcssel \u00b6 Wenn Sie das UI nicht verwenden wollen und stattdessen alle Schl\u00fcssel in der Redis-Datenbank l\u00f6schen wollen, k\u00f6nnen Sie redis-cli f\u00fcr diese Aufgabe verwenden: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh # Unlink (verf\u00fcgbar in Redis >=4.) l\u00f6scht im Hintergrund redis-cli --scan --pattern RL* | xargs redis-cli unlink docker-compose exec redis-mailcow sh # Unlink (verf\u00fcgbar in Redis >=4.) l\u00f6scht im Hintergrund redis-cli --scan --pattern RL* | xargs redis-cli unlink Starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Erneutes Senden von Quarant\u00e4ne-Benachrichtigungen ausl\u00f6sen \u00b6 Sollte nur zur Fehlersuche verwendet werden! docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py docker-compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py Speicherung der Historie erh\u00f6hen \u00b6 Standardm\u00e4\u00dfig speichert Rspamd 1000 Elemente in der Historie. Die Historie wird komprimiert gespeichert. Es wird empfohlen, hier keinen unverh\u00e4ltnism\u00e4\u00dfig hohen Wert zu verwenden, probieren Sie etwas in der Gr\u00f6\u00dfenordnung von 5000 oder 10000 und sehen Sie, wie Ihr Server damit umgeht: Bearbeiten Sie data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # \u00c4ndern Sie diesen Wert Starten Sie anschlie\u00dfend Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Rspamd"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#spam-ham-lernen","text":"Rspamd lernt, ob es sich um Spam oder Ham handelt, wenn Sie eine Nachricht in oder aus dem Junk-Ordner in ein anderes Postfach als den Papierkorb verschieben. Dies wird durch die Verwendung des Sieve-Plugins \"sieve_imapsieve\" und Parser-Skripte erreicht. Rspamd liest auch automatisch Mails, wenn eine hohe oder niedrige Punktzahl erkannt wird (siehe https://rspamd.com/doc/configuration/statistic.html#autolearning ). Wir haben das Plugin so konfiguriert, dass es ein vern\u00fcnftiges Verh\u00e4ltnis zwischen Spam- und Ham-Learnings beibeh\u00e4lt. Die Bayes-Statistiken werden in Redis als Schl\u00fcssel BAYES_HAM und BAYES_SPAM gespeichert. Neben Bayes wird ein lokaler Fuzzy-Speicher verwendet, um wiederkehrende Muster in Texten oder Bildern zu lernen, die auf Ham oder Spam hinweisen. Sie k\u00f6nnen auch die Web-UI von Rspamd verwenden, um Ham und/oder Spam zu lernen oder bestimmte Einstellungen von Rspamd anzupassen.","title":"Spam & Ham lernen"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#spam-oder-ham-aus-bestehendem-verzeichnis-lernen","text":"Sie k\u00f6nnen einen Einzeiler verwenden, um Mails im Klartextformat (unkomprimiert) zu lernen: docker compose (Plugin) docker-compose (Standalone) # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Erw\u00e4gen Sie, einen lokalen Ordner als neues Volume an rspamd-mailcow in docker-compose.yml anzuh\u00e4ngen und die gegebenen Dateien innerhalb des Containers zu lernen. Dies kann als Workaround verwendet werden, um komprimierte Daten mit zcat zu parsen. Beispiel: ``bash for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done ### Gelernte Daten zur\u00fccksetzen (Bayes, Neural) Sie m\u00fcssen die Schl\u00fcssel in Redis l\u00f6schen, um die gelernten Daten zur\u00fcckzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank: **Backup Datenbank** ```bash # Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Bayes-Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Neurale Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Fuzzy-Daten zur\u00fccksetzen docker compose (Plugin) docker-compose (Standalone) # Wir m\u00fcssen zuerst das redis-cli eingeben: docker compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* # Wir m\u00fcssen zuerst das redis-cli eingeben: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info Wenn redis-cli sich beschwert \u00fcber... (error) ERR wrong number of arguments for 'del' command ...das Schl\u00fcsselmuster nicht gefunden wurde und somit keine Daten zum L\u00f6schen vorhanden sind - ist es in Ordnung.","title":"Spam oder Ham aus bestehendem Verzeichnis lernen"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#cli-werkzeuge","text":"docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamc --help docker compose exec rspamd-mailcow rspamadm --help docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help","title":"CLI-Werkzeuge"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#greylisting-deaktivieren","text":"Nur Nachrichten mit einer h\u00f6heren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren. Sie k\u00f6nnen Greylisting serverweit durch Editieren deaktivieren: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf F\u00fcgen Sie die Zeile hinzu: enabled = false ; Speichern Sie die Datei und starten Sie \"rspamd-mailcow\" neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Greylisting deaktivieren"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#spamfilter-schwellenwerte-global","text":"Jeder Benutzer kann seine Spam-Bewertung individuell \u00e4ndern. Um eine neue serverweite Grenze zu definieren, editieren Sie data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Speichern Sie die Datei und starten Sie \"rspamd-mailcow\" neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Bestehende Einstellungen der Benutzer werden nicht \u00fcberschrieben! Um benutzerdefinierte Schwellenwerte zur\u00fcckzusetzen, f\u00fchren Sie aus: docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # oder: docker compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # oder: docker-compose exec mysql-mailcow mysql -umailcow -p $DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\"","title":"Spamfilter-Schwellenwerte (global)"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#benutzerdefinierte-ablehnungsnachrichten","text":"Die Standard-Spam-Reject-Meldung kann durch Hinzuf\u00fcgen einer neuen Datei data/conf/rspamd/override.d/worker-proxy.custom.inc mit dem folgenden Inhalt ge\u00e4ndert werden: reject_message = \"Meine eigene Ablehnungsnachricht\"; Speichern Sie die Datei und starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow Waehrend das oben genannte fuer abgelehnte Mails mit einem hohen Spam-Score funktioniert, ignorieren Prefilter-Aktionen diese Einstellung. F\u00fcr diese Karten muss das Multimap-Modul in Rspamd angepasst werden: Finden Sie das Prefilet-Reject-Symbol, f\u00fcr das Sie die Nachricht \u00e4ndern wollen, f\u00fchren Sie dazu aus: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ F\u00fcgen Sie Ihre eigene Nachricht als neue Zeile hinzu: GLOBAL_RCPT_BL { Typ = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Der Versand von E-Mails an diesen Empf\u00e4nger ist durch postmaster@your.domain verboten\"; } Speichern Sie die Datei und starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Benutzerdefinierte Ablehnungsnachrichten"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#verwerfen-statt-zuruckweisen","text":"Wenn Sie eine Nachricht stillschweigend verwerfen wollen, erstellen oder bearbeiten Sie die Datei data/conf/rspamd/override.d/worker-proxy.custom.inc und f\u00fcgen Sie den folgenden Inhalt hinzu: discard_on_reject = true; Starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Verwerfen statt zur\u00fcckweisen"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#losche-alle-ratelimit-schlussel","text":"Wenn Sie das UI nicht verwenden wollen und stattdessen alle Schl\u00fcssel in der Redis-Datenbank l\u00f6schen wollen, k\u00f6nnen Sie redis-cli f\u00fcr diese Aufgabe verwenden: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow sh # Unlink (verf\u00fcgbar in Redis >=4.) l\u00f6scht im Hintergrund redis-cli --scan --pattern RL* | xargs redis-cli unlink docker-compose exec redis-mailcow sh # Unlink (verf\u00fcgbar in Redis >=4.) l\u00f6scht im Hintergrund redis-cli --scan --pattern RL* | xargs redis-cli unlink Starten Sie Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"L\u00f6sche alle Ratelimit-Schl\u00fcssel"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#erneutes-senden-von-quarantane-benachrichtigungen-auslosen","text":"Sollte nur zur Fehlersuche verwendet werden! docker compose (Plugin) docker-compose (Standalone) docker compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py docker-compose exec dovecot-mailcow bash mysql -umailcow -p $DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py","title":"Erneutes Senden von Quarant\u00e4ne-Benachrichtigungen ausl\u00f6sen"},{"location":"de/manual-guides/Rspamd/u_e-rspamd/#speicherung-der-historie-erhohen","text":"Standardm\u00e4\u00dfig speichert Rspamd 1000 Elemente in der Historie. Die Historie wird komprimiert gespeichert. Es wird empfohlen, hier keinen unverh\u00e4ltnism\u00e4\u00dfig hohen Wert zu verwenden, probieren Sie etwas in der Gr\u00f6\u00dfenordnung von 5000 oder 10000 und sehen Sie, wie Ihr Server damit umgeht: Bearbeiten Sie data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # \u00c4ndern Sie diesen Wert Starten Sie anschlie\u00dfend Rspamd neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart rspamd-mailcow docker-compose restart rspamd-mailcow","title":"Speicherung der Historie erh\u00f6hen"},{"location":"de/manual-guides/SOGo/u_e-sogo/","text":"SOGo wird verwendet, um \u00fcber einen Webbrowser auf Ihre Mails zuzugreifen und Ihre Kontakte oder Kalender hinzuzuf\u00fcgen und zu teilen. F\u00fcr eine ausf\u00fchrlichere Dokumentation zu SOGo besuchen Sie bitte die [eigene Dokumentation] ( http://wiki.sogo.nu/ ). Benutzerdefiniertes SOGo-Thema (CSS) anwenden \u00b6 mailcow-Builds nach dem 28. Januar 2021 k\u00f6nnen das CSS-Thema von SOGo \u00e4ndern, indem sie data/conf/sogo/custom-theme.js bearbeiten. Bitte schauen Sie sich die AngularJS Material intro und documentation sowie die material style guideline an, um zu erfahren, wie das funktioniert. Sie k\u00f6nnen die mitgelieferte custom-theme.js als Beispiel verwenden, indem Sie die Kommentare entfernen. Nachdem Sie data/conf/sogo/custom-theme.js modifiziert und \u00c4nderungen an Ihrem neuen SOGo-Theme vorgenommen haben, m\u00fcssen Sie Bearbeiten Sie data/conf/sogo/sogo.conf und f\u00fcgen Sie SOGoUIxDebugEnabled = YES; ein. SOGo und Memcached Container neu starten, indem man docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchrt. SOGo im Browser \u00f6ffnen \u00f6ffnen Sie die Entwicklerkonsole des Browsers, normalerweise ist die Tastenkombination F12 nur wenn Sie Firefox benutzen: schreiben Sie mit der Hand in die Entwicklerkonsole allow pasting und dr\u00fccken Sie Enter f\u00fcgen Sie den Java-Script-Schnipsel in die Entwicklungskonsole ein: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textInhalt) .join('\\n') ) \u00d6ffnen Sie den Texteditor und f\u00fcgen Sie die Daten aus der Zwischenablage ein (Strg+V), Sie sollten ein minimiertes CSS erhalten, speichern Sie es kopieren Sie die CSS-Datei auf den Mailcow-Server data/conf/sogo/custom-theme.css editiere data/conf/sogo/sogo.conf und setze SOGoUIxDebugEnabled = NO; Anh\u00e4ngen/Erstellen von docker-compose.override.yml mit: Version: '2.1' Dienste: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z f\u00fchren Sie docker compose up -d aus Ausf\u00fchren von docker compose restart memcached-mailcow Zur\u00fccksetzen auf das SOGo Standardthema \u00b6 checken Sie data/conf/sogo/custom-theme.js aus, indem Sie git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js ausf\u00fchren Suchen Sie in data/conf/sogo/custom-theme.js : // Neue Paletten auf das Standardthema anwenden, einige Farbt\u00f6ne neu zuordnen $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // Hintergrundfarbe der oberen Symbolleisten hue-1': '400', 'hue-2': '600', // Hintergrundfarbe der Seitenleiste 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // Hintergrundfarbe der Fab-Schaltfl\u00e4chen und des Anmeldebildschirms hue-1': '300', // Hintergrundfarbe der Symbolleiste der mittleren Liste hue-2': '300', // Hervorhebungsfarbe f\u00fcr ausgew\u00e4hlte Nachrichten und den aktuellen Tageskalender hue-3': 'A700' }) .backgroundPalette('frost-grey'); und ersetzen Sie es durch: $mdThemingProvider.theme('default'); Entfernen Sie aus docker-compose.override.yml Volume Mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z f\u00fchren Sie docker compose up -d aus Starten Sie docker compose restart memcached-mailcow . Favicon \u00e4ndern \u00b6 mailcow-Builds nach dem 31. Januar 2021 k\u00f6nnen SOGo's Favicon \u00e4ndern, indem sie data/conf/sogo/custom-favicon.ico f\u00fcr SOGo und data/web/favicon.png f\u00fcr mailcow UI ersetzen. Anmerkung : Sie k\u00f6nnen .png Favicons f\u00fcr SOGo verwenden, indem Sie sie in custom-favicon.ico umbenennen. F\u00fcr beide, SOGo und mailcow UI Favicons, m\u00fcssen Sie eine der Standardgr\u00f6\u00dfen verwenden: 16x16, 32x32, 64x64, 128x128 und 256x256. Nachdem Sie diese Datei ersetzt haben, m\u00fcssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchren. Logo \u00e4ndern \u00b6 Mailcow-Builds nach dem 21. Dezember 2018 k\u00f6nnen das SOGo-Logo \u00e4ndern, indem sie die Datei data/conf/sogo/sogo-full.svg ersetzen oder erstellen (falls sie fehlt). Nachdem Sie diese Datei ersetzt haben, m\u00fcssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchren. Domains verbinden (untereinander sichtbar machen) \u00b6 Domains sind normalerweise voneinander isoliert. Sie k\u00f6nnen das \u00e4ndern, indem Sie data/conf/sogo/sogo.conf modifizieren: Suche... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...und ersetzen Sie diese durch - zum Beispiel: SOGoDomainsVisibility = ( (beispiel.org, beispiel.com, beispiel.net) ); SOGo neu starten: docker compose restart sogo-mailcow Deaktivieren Sie die Passwort\u00e4nderung \u00b6 Bearbeiten Sie data/conf/sogo/sogo.conf und \u00e4ndern Sie SOGoPasswordChangeEnabled auf NO . Bitte f\u00fcgen Sie keinen neuen Parameter hinzu. F\u00fchren Sie docker compose restart memcached-mailcow sogo-mailcow aus, um die \u00c4nderungen zu aktivieren. TOTP zur\u00fccksetzen / TOTP deaktivieren \u00b6 F\u00fchren Sie docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' aus dem mailcow Verzeichnis aus.","title":"SOGo"},{"location":"de/manual-guides/SOGo/u_e-sogo/#benutzerdefiniertes-sogo-thema-css-anwenden","text":"mailcow-Builds nach dem 28. Januar 2021 k\u00f6nnen das CSS-Thema von SOGo \u00e4ndern, indem sie data/conf/sogo/custom-theme.js bearbeiten. Bitte schauen Sie sich die AngularJS Material intro und documentation sowie die material style guideline an, um zu erfahren, wie das funktioniert. Sie k\u00f6nnen die mitgelieferte custom-theme.js als Beispiel verwenden, indem Sie die Kommentare entfernen. Nachdem Sie data/conf/sogo/custom-theme.js modifiziert und \u00c4nderungen an Ihrem neuen SOGo-Theme vorgenommen haben, m\u00fcssen Sie Bearbeiten Sie data/conf/sogo/sogo.conf und f\u00fcgen Sie SOGoUIxDebugEnabled = YES; ein. SOGo und Memcached Container neu starten, indem man docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchrt. SOGo im Browser \u00f6ffnen \u00f6ffnen Sie die Entwicklerkonsole des Browsers, normalerweise ist die Tastenkombination F12 nur wenn Sie Firefox benutzen: schreiben Sie mit der Hand in die Entwicklerkonsole allow pasting und dr\u00fccken Sie Enter f\u00fcgen Sie den Java-Script-Schnipsel in die Entwicklungskonsole ein: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textInhalt) .join('\\n') ) \u00d6ffnen Sie den Texteditor und f\u00fcgen Sie die Daten aus der Zwischenablage ein (Strg+V), Sie sollten ein minimiertes CSS erhalten, speichern Sie es kopieren Sie die CSS-Datei auf den Mailcow-Server data/conf/sogo/custom-theme.css editiere data/conf/sogo/sogo.conf und setze SOGoUIxDebugEnabled = NO; Anh\u00e4ngen/Erstellen von docker-compose.override.yml mit: Version: '2.1' Dienste: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z f\u00fchren Sie docker compose up -d aus Ausf\u00fchren von docker compose restart memcached-mailcow","title":"Benutzerdefiniertes SOGo-Thema (CSS) anwenden"},{"location":"de/manual-guides/SOGo/u_e-sogo/#zurucksetzen-auf-das-sogo-standardthema","text":"checken Sie data/conf/sogo/custom-theme.js aus, indem Sie git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js ausf\u00fchren Suchen Sie in data/conf/sogo/custom-theme.js : // Neue Paletten auf das Standardthema anwenden, einige Farbt\u00f6ne neu zuordnen $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // Hintergrundfarbe der oberen Symbolleisten hue-1': '400', 'hue-2': '600', // Hintergrundfarbe der Seitenleiste 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // Hintergrundfarbe der Fab-Schaltfl\u00e4chen und des Anmeldebildschirms hue-1': '300', // Hintergrundfarbe der Symbolleiste der mittleren Liste hue-2': '300', // Hervorhebungsfarbe f\u00fcr ausgew\u00e4hlte Nachrichten und den aktuellen Tageskalender hue-3': 'A700' }) .backgroundPalette('frost-grey'); und ersetzen Sie es durch: $mdThemingProvider.theme('default'); Entfernen Sie aus docker-compose.override.yml Volume Mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z f\u00fchren Sie docker compose up -d aus Starten Sie docker compose restart memcached-mailcow .","title":"Zur\u00fccksetzen auf das SOGo Standardthema"},{"location":"de/manual-guides/SOGo/u_e-sogo/#favicon-andern","text":"mailcow-Builds nach dem 31. Januar 2021 k\u00f6nnen SOGo's Favicon \u00e4ndern, indem sie data/conf/sogo/custom-favicon.ico f\u00fcr SOGo und data/web/favicon.png f\u00fcr mailcow UI ersetzen. Anmerkung : Sie k\u00f6nnen .png Favicons f\u00fcr SOGo verwenden, indem Sie sie in custom-favicon.ico umbenennen. F\u00fcr beide, SOGo und mailcow UI Favicons, m\u00fcssen Sie eine der Standardgr\u00f6\u00dfen verwenden: 16x16, 32x32, 64x64, 128x128 und 256x256. Nachdem Sie diese Datei ersetzt haben, m\u00fcssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchren.","title":"Favicon \u00e4ndern"},{"location":"de/manual-guides/SOGo/u_e-sogo/#logo-andern","text":"Mailcow-Builds nach dem 21. Dezember 2018 k\u00f6nnen das SOGo-Logo \u00e4ndern, indem sie die Datei data/conf/sogo/sogo-full.svg ersetzen oder erstellen (falls sie fehlt). Nachdem Sie diese Datei ersetzt haben, m\u00fcssen Sie SOGo und Memcached Container neu starten, indem Sie docker compose restart memcached-mailcow sogo-mailcow ausf\u00fchren.","title":"Logo \u00e4ndern"},{"location":"de/manual-guides/SOGo/u_e-sogo/#domains-verbinden-untereinander-sichtbar-machen","text":"Domains sind normalerweise voneinander isoliert. Sie k\u00f6nnen das \u00e4ndern, indem Sie data/conf/sogo/sogo.conf modifizieren: Suche... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...und ersetzen Sie diese durch - zum Beispiel: SOGoDomainsVisibility = ( (beispiel.org, beispiel.com, beispiel.net) ); SOGo neu starten: docker compose restart sogo-mailcow","title":"Domains verbinden (untereinander sichtbar machen)"},{"location":"de/manual-guides/SOGo/u_e-sogo/#deaktivieren-sie-die-passwortanderung","text":"Bearbeiten Sie data/conf/sogo/sogo.conf und \u00e4ndern Sie SOGoPasswordChangeEnabled auf NO . Bitte f\u00fcgen Sie keinen neuen Parameter hinzu. F\u00fchren Sie docker compose restart memcached-mailcow sogo-mailcow aus, um die \u00c4nderungen zu aktivieren.","title":"Deaktivieren Sie die Passwort\u00e4nderung"},{"location":"de/manual-guides/SOGo/u_e-sogo/#totp-zurucksetzen-totp-deaktivieren","text":"F\u00fchren Sie docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' aus dem mailcow Verzeichnis aus.","title":"TOTP zur\u00fccksetzen / TOTP deaktivieren"},{"location":"de/manual-guides/Unbound/u_e-unbound-fwd/","text":"Wenn Sie einen externen DNS-Dienst verwenden wollen oder m\u00fcssen, k\u00f6nnen Sie entweder einen Forwarder in Unbound einstellen oder eine Override-Datei kopieren, um externe DNS-Server zu definieren: Warnung Bitte verwenden Sie keinen \u00f6ffentlichen Resolver, wie wir es im obigen Beispiel getan haben. Viele - wenn nicht sogar alle - Blacklist-Lookups werden mit \u00f6ffentlichen Resolvern fehlschlagen, da der Blacklist-Server Grenzen hat, wie viele Anfragen von einer IP gestellt werden k\u00f6nnen und \u00f6ffentliche Resolver diese Grenzen normalerweise erreichen. Wichtig : Nur DNSSEC-validierende DNS-Dienste werden funktionieren. Methode A, Unbound \u00b6 Bearbeiten Sie data/conf/unbound/unbound.conf und f\u00fcgen Sie die folgenden Parameter hinzu: forward-zone: name: \".\" forward-addr: 8.8.8.8 # VERWENDEN SIE KEINE \u00d6FFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL forward-addr: 8.8.4.4 # VERWENDET KEINE \u00d6FFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL Unbound neu starten: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow Methode B, \u00dcberschreiben der Datei \u00b6 cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Bearbeiten Sie docker-compose.override.yml und passen Sie die IP an. Stoppen und starten Sie bitte im Anschluss noch den Docker Stack: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"Verwendung eines externen DNS-Dienstes"},{"location":"de/manual-guides/Unbound/u_e-unbound-fwd/#methode-a-unbound","text":"Bearbeiten Sie data/conf/unbound/unbound.conf und f\u00fcgen Sie die folgenden Parameter hinzu: forward-zone: name: \".\" forward-addr: 8.8.8.8 # VERWENDEN SIE KEINE \u00d6FFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL forward-addr: 8.8.4.4 # VERWENDET KEINE \u00d6FFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL Unbound neu starten: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow","title":"Methode A, Unbound"},{"location":"de/manual-guides/Unbound/u_e-unbound-fwd/#methode-b-uberschreiben-der-datei","text":"cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Bearbeiten Sie docker-compose.override.yml und passen Sie die IP an. Stoppen und starten Sie bitte im Anschluss noch den Docker Stack: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"Methode B, \u00dcberschreiben der Datei"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/","text":"Watchdog verwendet Standardwerte f\u00fcr alle in docker-compose.yml definierten Thresholde. Die Standardwerte sind f\u00fcr die meisten Konfigurationen geeignet. Beispiel: - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5} - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5} - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5} - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5} - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1} - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3} - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8} - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15} - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12} - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20} - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5} - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1} - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1} - ACME_THRESHOLD=${ACME_THRESHOLD:-1} - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5} - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5} - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20} - MAILQ_CRIT=${MAILQ_CRIT:-30} Um sie anzupassen, f\u00fcgen Sie einfach die notwendigen Threshold Variablen (z.B. MAILQ_THRESHOLD=10 ) zu mailcow.conf hinzu und f\u00fchren docker compose up -d aus. Threshold Beschreibungen \u00b6 NGINX_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Nginx auf Port 8081 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde. UNBOUND_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn Unbound externe Dom\u00e4nen/DNSSEC nicht aufl\u00f6sen/\u00fcberpr\u00fcfen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. REDIS_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu Redis auf Port 6379 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. MYSQL_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu MySQL herstellen kann oder eine Tabelle nicht abfragen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde. MYSQL_REPLICATION_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn die MySQL-Replikation fehlschl\u00e4gt. SOGO_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu SOGo auf Port 20000 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. POSTFIX_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn watchdog keine Testmail \u00fcber Port 589 senden kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. CLAMD_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Clamd herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde. DOVECOT_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn watchdog bei verschiedenen Tests mit dem Dovecot-Container fehlschl\u00e4gt. Der Container wird automatisch neu gestartet, wenn Probleme gefunden wurden und der Threshold erreicht ist. DOVECOT_REPL_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn die Dovecot-Replikation fehlschl\u00e4gt. PHPFPM_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu PHP-FPM auf Port 9001/9002 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. RATELIMIT_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn ein Ratelimit erreicht wurde. FAIL2BAN_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn ein fail2ban eine IP gesperrt hat. ACME_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn etwas mit dem acme-mailcow-Container nicht in Ordnung ist. Sie k\u00f6nnen dessen Logs \u00fcberpr\u00fcfen. RSPAMD_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn Watchdog bei verschiedenen Tests mit dem Rspamd-Container fehlschl\u00e4gt und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde. OLEFY_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu olefy auf Port 10005 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist. MAILQ_CRIT und MAILQ_THRESHOLD \u00b6 Benachrichtigt Administratoren, wenn die Anzahl der E-Mails in der Postfix-Warteschlange gr\u00f6\u00dfer ist als MAILQ_CRIT f\u00fcr einen Zeitraum von MAILQ_THRESHOLD * (60\u00b130) Sekunden.","title":"Thresholds"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#threshold-beschreibungen","text":"","title":"Threshold Beschreibungen"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#nginx_threshold","text":"Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Nginx auf Port 8081 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.","title":"NGINX_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#unbound_threshold","text":"Benachrichtigt Administratoren, wenn Unbound externe Dom\u00e4nen/DNSSEC nicht aufl\u00f6sen/\u00fcberpr\u00fcfen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"UNBOUND_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#redis_threshold","text":"Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu Redis auf Port 6379 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"REDIS_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_threshold","text":"Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu MySQL herstellen kann oder eine Tabelle nicht abfragen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.","title":"MYSQL_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_replication_threshold","text":"Benachrichtigt Administratoren, wenn die MySQL-Replikation fehlschl\u00e4gt.","title":"MYSQL_REPLICATION_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#sogo_threshold","text":"Benachrichtigt Administratoren, wenn der Watchdog keine Verbindung zu SOGo auf Port 20000 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"SOGO_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#postfix_threshold","text":"Benachrichtigt Administratoren, wenn watchdog keine Testmail \u00fcber Port 589 senden kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"POSTFIX_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#clamd_threshold","text":"Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu Clamd herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.","title":"CLAMD_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_threshold","text":"Benachrichtigt Administratoren, wenn watchdog bei verschiedenen Tests mit dem Dovecot-Container fehlschl\u00e4gt. Der Container wird automatisch neu gestartet, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"DOVECOT_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_repl_threshold","text":"Benachrichtigt Administratoren, wenn die Dovecot-Replikation fehlschl\u00e4gt.","title":"DOVECOT_REPL_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#phpfpm_threshold","text":"Benachrichtigt Administratoren, wenn Watchdog keine Verbindung zu PHP-FPM auf Port 9001/9002 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"PHPFPM_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#ratelimit_threshold","text":"Benachrichtigt Administratoren, wenn ein Ratelimit erreicht wurde.","title":"RATELIMIT_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#fail2ban_threshold","text":"Benachrichtigt Administratoren, wenn ein fail2ban eine IP gesperrt hat.","title":"FAIL2BAN_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#acme_threshold","text":"Benachrichtigt Administratoren, wenn etwas mit dem acme-mailcow-Container nicht in Ordnung ist. Sie k\u00f6nnen dessen Logs \u00fcberpr\u00fcfen.","title":"ACME_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#rspamd_threshold","text":"Benachrichtigt Administratoren, wenn Watchdog bei verschiedenen Tests mit dem Rspamd-Container fehlschl\u00e4gt und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht wurde.","title":"RSPAMD_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#olefy_threshold","text":"Benachrichtigt Administratoren, wenn watchdog keine Verbindung zu olefy auf Port 10005 herstellen kann und startet den Container automatisch neu, wenn Probleme gefunden wurden und der Threshold erreicht ist.","title":"OLEFY_THRESHOLD"},{"location":"de/manual-guides/Watchdog/u_e-watchdog-thresholds/#mailq_crit-und-mailq_threshold","text":"Benachrichtigt Administratoren, wenn die Anzahl der E-Mails in der Postfix-Warteschlange gr\u00f6\u00dfer ist als MAILQ_CRIT f\u00fcr einen Zeitraum von MAILQ_THRESHOLD * (60\u00b130) Sekunden.","title":"MAILQ_CRIT und MAILQ_THRESHOLD"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/","text":"Um einen Eintrag zu Ihrer domain\u00fcbergreifenden Filtertabelle hinzuzuf\u00fcgen oder zu bearbeiten, loggen Sie sich als (Domain-)Administrator in Ihre mailcow UI ein und wechseln Sie zu: Konfiguration > E-Mail-Setup > Domains > (Domain) Bearbeiten > Spamfilter . Info Seien Sie sich bewusst, dass ein Benutzer diese Einstellung \u00fcberschreiben kann, indem er seine eigene Black- und Whitelist setzt! Es ist auch eine globale Filtertabelle in Konfiguration > Server-Konfiguration > Globale Filter-Maps verf\u00fcgbar, um einen server\u00fcbergreifenden Filter f\u00fcr ein oder mehrere Regex-Maps zu konfigurieren (Todo: Screenshots).","title":"Blacklist / Whitelist"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/","text":"Mehrere Konfigurationsparameter der mailcow-Benutzeroberfl\u00e4che k\u00f6nnen ge\u00e4ndert werden, indem eine Datei data/web/inc/vars.local.inc.php erstellt wird, die die Standardeinstellungen in data/web/inc/vars.inc.php \u00fcberschreibt. Die lokale Konfigurationsdatei ist \u00fcber Updates von mailcow hinweg best\u00e4ndig. Versuchen Sie nicht, die Werte in data/web/inc/vars.inc.php zu \u00e4ndern, sondern verwenden Sie diese als Vorlage f\u00fcr die lokale \u00dcberschreibung. mailcow UI Konfigurationsparameter k\u00f6nnen verwendet werden, um... ...die Standardsprache zu \u00e4ndern 1 ...das Standard-Bootstrap-Theme zu \u00e4ndern ...eine Passwort-Komplexit\u00e4ts-Regex zu setzen ...die Sichtbarkeit des privaten DKIM-Schl\u00fcssels aktivieren ...eine Gr\u00f6\u00dfe f\u00fcr den Paginierungsausl\u00f6ser festlegen ...Standard-Postfach-Attribute festlegen ...Sitzungs-Lebensdauern \u00e4ndern ...feste App-Men\u00fcs erstellen (die nicht in der mailcow UI ge\u00e4ndert werden k\u00f6nnen) ...ein Standard \"To\"-Feld f\u00fcr Relayhost-Tests einstellen ...ein Timeout f\u00fcr Docker API Anfragen setzen ...IP-Anonymisierung umschalten Um SOGos Standardsprache zu \u00e4ndern, m\u00fcssen Sie data/conf/sogo/sogo.conf bearbeiten und \"English\" durch Ihre bevorzugte Sprache ersetzen. \u21a9","title":"Konfiguration"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/","text":"F\u00fcr benutzerdefinierte \u00dcberschreibungen bestimmter Elemente \u00fcber CSS, verwenden Sie die data/web/css/build/0081-custom-mailcow.css Datei. Die Datei wird von der Verfolgung (via Git) ausgeschlossen und bleibt bei Aktualisierungen erhalten.","title":"CSS-\u00dcberschreibungen"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/","text":"Wie wird UV in mailcow gehandhabt? \u00b6 Das UV-Flag (wie in \"user verification\") erzwingt, dass WebAuthn den Benutzer verifiziert, bevor es den Zugriff auf den Schl\u00fcssel erlaubt (denken Sie an eine PIN). Wir erzwingen keine UV, um Logins \u00fcber iOS und NFC (YubiKey) zu erm\u00f6glichen. Login und Schl\u00fcssel-Verarbeitung \u00b6 mailcow verwendet Client-seitige Schl\u00fcsselverarbeitung . Wir bitten den Authentifikator (d.h. YubiKey), die Registrierung in seinem Speicher zu speichern. Ein Benutzer muss keinen Benutzernamen eingeben. Die verf\u00fcgbaren Anmeldedaten - falls vorhanden - werden dem Nutzer angezeigt, wenn er den \"Schl\u00fcssel-Login\" \u00fcber das Mailcow UI Login ausw\u00e4hlt. Beim Aufruf des Login-Prozesses werden dem Authentifikator keine Credential-IDs \u00fcbergeben. Dies wird ihn dazu zwingen, die Anmeldeinformationen in seinem eigenen Speicher zu suchen. Wer kann WebAuthn benutzen, um sich bei mailcow anzumelden? \u00b6 Ab heute sind nur Administratoren und Domain-Administratoren in der Lage, WebAuthn/FIDO2 einzurichten. Sie wollen WebAuthn/Fido als 2FA verwenden? Schauen Sie sich das hier an: Zwei-Faktoren-Authentifizierung","title":"WebAuthn / FIDO2"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#wie-wird-uv-in-mailcow-gehandhabt","text":"Das UV-Flag (wie in \"user verification\") erzwingt, dass WebAuthn den Benutzer verifiziert, bevor es den Zugriff auf den Schl\u00fcssel erlaubt (denken Sie an eine PIN). Wir erzwingen keine UV, um Logins \u00fcber iOS und NFC (YubiKey) zu erm\u00f6glichen.","title":"Wie wird UV in mailcow gehandhabt?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#login-und-schlussel-verarbeitung","text":"mailcow verwendet Client-seitige Schl\u00fcsselverarbeitung . Wir bitten den Authentifikator (d.h. YubiKey), die Registrierung in seinem Speicher zu speichern. Ein Benutzer muss keinen Benutzernamen eingeben. Die verf\u00fcgbaren Anmeldedaten - falls vorhanden - werden dem Nutzer angezeigt, wenn er den \"Schl\u00fcssel-Login\" \u00fcber das Mailcow UI Login ausw\u00e4hlt. Beim Aufruf des Login-Prozesses werden dem Authentifikator keine Credential-IDs \u00fcbergeben. Dies wird ihn dazu zwingen, die Anmeldeinformationen in seinem eigenen Speicher zu suchen.","title":"Login und Schl\u00fcssel-Verarbeitung"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#wer-kann-webauthn-benutzen-um-sich-bei-mailcow-anzumelden","text":"Ab heute sind nur Administratoren und Domain-Administratoren in der Lage, WebAuthn/FIDO2 einzurichten. Sie wollen WebAuthn/Fido als 2FA verwenden? Schauen Sie sich das hier an: Zwei-Faktoren-Authentifizierung","title":"Wer kann WebAuthn benutzen, um sich bei mailcow anzumelden?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/","text":"Netfilter Ban-Einstellungen \u00e4ndern \u00b6 Um die Netfilter Ban-Einstellungen zu \u00e4ndern navigieren Sie zu dem Men\u00fc Punkt: Konfiguration -> Server-Konfiguration -> Konfiguration -> Fail2ban-Parameter . Sie sollten dann dieses Fenster sehen: Hier k\u00f6nnen Sie verschiedene Optionen f\u00fcr die Banns selbst festlegen. Zum Beispiel die max. Ban-Zeit oder die max. Versuche bevor ein Ban ausgef\u00fchrt wird. Netfilter Regex \u00e4ndern \u00b6 Achtung Folgender Bereich erfordert zumindest grundlegende Regex kenntnisse. Sollten Sie sich nicht sicher sein, was Sie dort tun, k\u00f6nnen wir Ihnen nur von der Umkonfiguration abraten. Sie k\u00f6nnen neben den Sperreinstellungen ebenfalls definieren, was genau aus den Logs der mailcow Container verwendet werden soll um einen m\u00f6glichen Angreifer zu sperren. Daf\u00fcr m\u00fcssen Sie das Regex Feld erst einmal aufklappen, was dann in etwa so aussieht: Dort k\u00f6nnen Sie nun verschiedenste neue Filter-Regeln anlegen. Hinweis Mit weiterschreitenden Updates ist es m\u00f6glich, dass neue Netfilter Regex Regeln dazu kommen oder entfernt werden. Sollte das der Fall sein empfiehlt es sich mit einem Klick auf Zur\u00fccksetzen auf Standard die Netfilter Regex Regeln neu laden zu lassen.","title":"Netfilter"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/#netfilter-ban-einstellungen-andern","text":"Um die Netfilter Ban-Einstellungen zu \u00e4ndern navigieren Sie zu dem Men\u00fc Punkt: Konfiguration -> Server-Konfiguration -> Konfiguration -> Fail2ban-Parameter . Sie sollten dann dieses Fenster sehen: Hier k\u00f6nnen Sie verschiedene Optionen f\u00fcr die Banns selbst festlegen. Zum Beispiel die max. Ban-Zeit oder die max. Versuche bevor ein Ban ausgef\u00fchrt wird.","title":"Netfilter Ban-Einstellungen \u00e4ndern"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/#netfilter-regex-andern","text":"Achtung Folgender Bereich erfordert zumindest grundlegende Regex kenntnisse. Sollten Sie sich nicht sicher sein, was Sie dort tun, k\u00f6nnen wir Ihnen nur von der Umkonfiguration abraten. Sie k\u00f6nnen neben den Sperreinstellungen ebenfalls definieren, was genau aus den Logs der mailcow Container verwendet werden soll um einen m\u00f6glichen Angreifer zu sperren. Daf\u00fcr m\u00fcssen Sie das Regex Feld erst einmal aufklappen, was dann in etwa so aussieht: Dort k\u00f6nnen Sie nun verschiedenste neue Filter-Regeln anlegen. Hinweis Mit weiterschreitenden Updates ist es m\u00f6glich, dass neue Netfilter Regex Regeln dazu kommen oder entfernt werden. Sollte das der Fall sein empfiehlt es sich mit einem Klick auf Zur\u00fccksetzen auf Standard die Netfilter Regex Regeln neu laden zu lassen.","title":"Netfilter Regex \u00e4ndern"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/","text":"Info Pushover macht es einfach, Echtzeit-Benachrichtigungen auf Ihrem Android, iPhone, iPad und Desktop zu erhalten Sie k\u00f6nnen Pushover verwenden, um eine Push-Benachrichtigung \u00fcber jede E-Mail zu erhalten, die Sie f\u00fcr jede Mailbox erhalten, in der Sie diese Funktion aktiviert haben. 1. \u00d6ffnen Sie als Administrator die Einstellungen Ihres Postfachs und scrollen Sie nach unten zu den Pushover-Einstellungen 2. Registrieren Sie sich bei Pushover 3. Geben Sie Ihren \"Benutzerschl\u00fcssel\" in das Feld \"Benutzer-/Gruppenschl\u00fcssel\" in den Einstellungen Ihres Postfachs ein 4. Erstellen Sie eine Anwendung, um das API-Token/den API-Schl\u00fcssel zu erhalten, das/den Sie ebenfalls in Ihre Postfacheinstellungen eintragen m\u00fcssen. 5. Optional k\u00f6nnen Sie den Titel/Text der Benachrichtigung bearbeiten und bestimmte Absender-E-Mail-Adressen festlegen, bei denen eine Push-Benachrichtigung ausgel\u00f6st wird 6. Speichern Sie alles und \u00fcberpr\u00fcfen Sie dann Ihre Anmeldedaten. Wenn alles erledigt ist, k\u00f6nnen Sie testen, ob Sie eine E-Mail senden k\u00f6nnen, und Sie erhalten eine Push-Nachricht auf Ihrem Telefon","title":"Pushover"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/","text":"Diese tempor\u00e4ren E-Mail-Aliasnamen werden meist dort verwendet, wo wir eine E-Mail-Adresse angeben m\u00fcssen, aber keine weitere E-Mails w\u00fcnschen. Sie werden auch Spam-Alias genannt. Um ein tempor\u00e4res E-Mail-Alias zu erstellen, zu l\u00f6schen oder zu erweitern, m\u00fcssen Sie sich in mailcow's UI als Mailbox-Nutzer anmelden und zum Reiter Tempor\u00e4re E-Mail-Aliase navigieren:","title":"Tempor\u00e4re E-Mail-Aliase"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/","text":"Ein Mailbox-Nutzer kann den Spam-Filter und die Black-/Whitelist-Einstellungen f\u00fcr seine Mailbox individuell anpassen, indem er zum Reiter Spam-Filter in der Mailcow-Benutzeroberfl\u00e4che navigiert. Info F\u00fcr globale Einstellungen Ihres Spamfilters lesen Sie bitte unseren Abschnitt \u00fcber Rspamd . F\u00fcr eine domainweite Black- und Whitelist lesen Sie bitte unsere Anleitung zu Black / Whitelist","title":"Spamfilter"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/","text":"Mailbox-Nutzer k\u00f6nnen ihre Mailadresse wie in \" me+facebook@example.org \" markieren. Sie k\u00f6nnen die Tag-Behandlung im mailcow UI Panel (f\u00fcr den Benutzer) unter Mailbox > Einstellungen kontrollieren. Sub-Adressierung (RFC 5233) oder Plus-Adressierung auch als Tagging bekannt (nicht zu verwechseln mit Tags ) Verf\u00fcgbare Aktionen \u00b6 1. Diese Nachricht in einen Unterordner \"facebook\" verschieben (wird in Kleinbuchstaben erstellt, falls nicht vorhanden) 2. Den Tag dem Betreff voranstellen: \"[facebook] Betreff\" Bitte beachten Sie: Gro\u00dfgeschriebene Tags werden in Kleinbuchstaben umgewandelt, mit Ausnahme des ersten Buchstabens. Wenn Sie den Tag so lassen wollen, wie er ist, wenden Sie bitte den folgenden Diff an und starten Sie mailcow neu: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Sub-Adressierung"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/#verfugbare-aktionen","text":"1. Diese Nachricht in einen Unterordner \"facebook\" verschieben (wird in Kleinbuchstaben erstellt, falls nicht vorhanden) 2. Den Tag dem Betreff voranstellen: \"[facebook] Betreff\" Bitte beachten Sie: Gro\u00dfgeschriebene Tags werden in Kleinbuchstaben umgewandelt, mit Ausnahme des ersten Buchstabens. Wenn Sie den Tag so lassen wollen, wie er ist, wenden Sie bitte den folgenden Diff an und starten Sie mailcow neu: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Verf\u00fcgbare Aktionen"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/","text":"Hinweis Um diese Funktion nutzen zu k\u00f6nnen ist das Update 2022-05 (oder h\u00f6her) erforderlich! Sollten Sie das Update nicht installiert haben, denken Sie bitte \u00fcber ein Update nach. F\u00fcr weitere Informationen bez\u00fcglich dem Update Prozess schauen Sie hier . Wof\u00fcr wurden die Tags implementiert? \u00b6 Mit den Tags ist es deutlich einfacher gezielt nach Domains bzw. Mailboxen zu suchen (wenn diese einen Tag haben). Wo lassen sich die Tags finden? \u00b6 Die Tags befinden sich in der Domain/Mailbox Sektion der mailcow UI. Um sie zu sehen, klicken Sie einfach auf das kleine Plus-Symbol auf der linken Seite Ihrer Domain/Mailbox (das folgende Bild zeigt das Domain-Ribbon-Men\u00fc): Wie kann ich ein Tag hinzuf\u00fcgen/entfernen? \u00b6 Sie k\u00f6nnen bei der Erstellung einer neuen Domain/eines neuen Postfachs einfach ein Tag hinzuf\u00fcgen/entfernen. Sie k\u00f6nnen sie auch hinzuf\u00fcgen/entfernen, wenn Sie Ihre gew\u00fcnschte Domain/Mailbox bearbeiten. Es sieht \u00e4hnlich aus wie hier (das folgende Bild zeigt den Bereich zur Bearbeitung der Dom\u00e4ne): Wie kann ich nach einem Tag suchen? \u00b6 Geben Sie einfach den Tag-Namen in die Suchleiste im Bereich Domain/Postfach ein und warten Sie, bis der Vorgang abgeschlossen ist. Sie k\u00f6nnen sogar angeben, ob Sie nur nach Tags suchen m\u00f6chten.","title":"Tags (f\u00fcr Domains und Mailboxen)"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#wofur-wurden-die-tags-implementiert","text":"Mit den Tags ist es deutlich einfacher gezielt nach Domains bzw. Mailboxen zu suchen (wenn diese einen Tag haben).","title":"Wof\u00fcr wurden die Tags implementiert?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#wo-lassen-sich-die-tags-finden","text":"Die Tags befinden sich in der Domain/Mailbox Sektion der mailcow UI. Um sie zu sehen, klicken Sie einfach auf das kleine Plus-Symbol auf der linken Seite Ihrer Domain/Mailbox (das folgende Bild zeigt das Domain-Ribbon-Men\u00fc):","title":"Wo lassen sich die Tags finden?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#wie-kann-ich-ein-tag-hinzufugenentfernen","text":"Sie k\u00f6nnen bei der Erstellung einer neuen Domain/eines neuen Postfachs einfach ein Tag hinzuf\u00fcgen/entfernen. Sie k\u00f6nnen sie auch hinzuf\u00fcgen/entfernen, wenn Sie Ihre gew\u00fcnschte Domain/Mailbox bearbeiten. Es sieht \u00e4hnlich aus wie hier (das folgende Bild zeigt den Bereich zur Bearbeitung der Dom\u00e4ne):","title":"Wie kann ich ein Tag hinzuf\u00fcgen/entfernen?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/#wie-kann-ich-nach-einem-tag-suchen","text":"Geben Sie einfach den Tag-Namen in die Suchleiste im Bereich Domain/Postfach ein und warten Sie, bis der Vorgang abgeschlossen ist. Sie k\u00f6nnen sogar angeben, ob Sie nur nach Tags suchen m\u00f6chten.","title":"Wie kann ich nach einem Tag suchen?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/","text":"Bislang sind drei Methoden f\u00fcr die Zwei-Faktor-Authentifizierung implementiert: WebAuthn (ersetzt seit Februar 2022 U2F), Yubi OTP und TOTP Damit WebAuthn funktioniert, ben\u00f6tigen Sie eine verschl\u00fcsselte Verbindung zum Server (HTTPS) sowie einen FIDO-Sicherheitsschl\u00fcssel. Sowohl WebAuthn als auch Yubi OTP funktionieren gut mit dem fantastischen Yubikey . W\u00e4hrend Yubi OTP eine aktive Internetverbindung und eine API ID + Schl\u00fcssel ben\u00f6tigt, funktioniert WebAuthn mit jedem Fido Security Key, kann aber nur verwendet werden, wenn der Zugriff auf mailcow \u00fcber HTTPS erfolgt. WebAuthn und Yubi OTP unterst\u00fctzen mehrere Schl\u00fcssel pro Nutzer. Als dritte TFA-Methode verwendet mailcow TOTP: zeitbasierte Einmal-Passw\u00f6rter. Diese Passw\u00f6rter k\u00f6nnen mit Apps wie \"Google Authenticator\" generiert werden, nachdem zun\u00e4chst ein QR-Code gescannt oder das gegebene Geheimnis manuell eingegeben wurde. Als Administrator k\u00f6nnen Sie den TFA-Login eines Domain-Administrators vor\u00fcbergehend deaktivieren, bis dieser sich erfolgreich eingeloggt hat. Der f\u00fcr die Anmeldung verwendete Schl\u00fcssel wird in gr\u00fcner Farbe angezeigt, w\u00e4hrend andere Schl\u00fcssel grau bleiben. Informationen zum Entfernen von 2FA finden Sie hier . Yubi OTP \u00b6 Die Yubi API ID und der Schl\u00fcssel werden mit der Yubico Cloud API abgeglichen. Bei der Einrichtung von TFA werden Sie nach Ihrem pers\u00f6nlichen API-Konto f\u00fcr diesen Schl\u00fcssel gefragt. Die API-ID, der API-Schl\u00fcssel und die ersten 12 Zeichen (Ihre YubiKeys ID in modhex) werden in der MySQL-Tabelle als Geheimnis gespeichert. Beispiel-Einrichtung \u00b6 Als erstes muss der YubiKey f\u00fcr die Verwendung als OTP-Generator konfiguriert werden. Laden Sie dazu den YubiKey Manager von der Yubico Website herunter: hier Im Folgenden konfigurieren Sie den YubiKey f\u00fcr OTP. \u00dcber den Men\u00fcpunkt Anwendungen -> OTP und einem Klick auf den Konfigurieren Button. W\u00e4hlen Sie im folgenden Men\u00fc Credential Type -> Yubico OTP und klicken Sie auf Next . Setzen Sie ein H\u00e4kchen in die Checkbox Use serial , generieren Sie eine Private ID und einen Secret key \u00fcber die Schaltfl\u00e4chen. Damit der YubiKey sp\u00e4ter validiert werden kann, muss auch das H\u00e4kchen in der Upload Checkbox gesetzt werden und klicken Sie dann auf Finish . Nun \u00f6ffnet sich ein neues Browserfenster, in dem Sie unten im Formular ein OTP Ihres YubiKey eingeben m\u00fcssen (auf das Feld klicken und dann auf Ihren YubiKey tippen). Best\u00e4tigen Sie das Captcha und laden Sie die Daten auf den Yubico-Server hoch, indem Sie auf 'Hochladen' klicken. Die Verarbeitung der Daten wird einen Moment dauern. Nachdem die Generierung erfolgreich war, werden Ihnen eine Client ID und ein Secret key angezeigt, notieren Sie sich diese Informationen an einem sicheren Ort. Nun k\u00f6nnen Sie Yubico OTP-Authentifizierung aus dem Dropdown-Men\u00fc in der mailcow UI auf der Startseite unter Zugang -> Zwei-Faktor-Authentifizierung ausw\u00e4hlen. In dem sich nun \u00f6ffnenden Dialog k\u00f6nnen Sie einen Namen f\u00fcr diesen YubiKey eingeben und die zuvor notierte Client ID sowie den Secret key in die vorgesehenen Felder eintragen. Geben Sie schlie\u00dflich Ihr aktuelles Kontopasswort ein und ber\u00fchren Sie nach Auswahl des Feldes Touch Yubikey die Schaltfl\u00e4che Ihres YubiKey. Herzlichen Gl\u00fcckwunsch! Sie k\u00f6nnen sich nun mit Ihrem YubiKey in die mailcow UI einloggen! WebAuthn (U2F, Ersatz) \u00b6 Warning Seit Februar 2022 hat Google Chrome die Unterst\u00fctzung f\u00fcr U2F aufgegeben und die Verwendung von WebAuthn standardisiert. Die WebAuthn API (der Ersatz f\u00fcr U2F) ist seit dem 21. Januar 2022 Teil von mailcow, wenn Sie also den Key \u00fcber Februar 2022 hinaus nutzen wollen, sollten Sie ein Update mit der update.sh in Betracht ziehen. Um WebAuthn zu nutzen, muss der Browser diesen Standard unterst\u00fctzen: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) Die folgenden mobilen Browser unterst\u00fctzen diesen Authentifizierungstyp: Safari auf iOS (>=14.5) Android-Browser (>=97) Opera Mobil (>=64) Chrome f\u00fcr Android (>=97) Quellen: caniuse.com , blog.mozilla.org WebAuthn funktioniert auch ohne Internetverbindung. Was passiert mit meinem registrierten Fido Security Key nach dem Update von U2F auf WebAuthn? \u00b6 Warning Mit dem neuen U2F-Ersatz (WebAuthn) m\u00fcssen Sie Ihren Fido Security Key neu registrieren, zum Gl\u00fcck ist WebAuthn abw\u00e4rtskompatibel und unterst\u00fctzt das U2F-Protokoll. Im Idealfall sollten Sie beim n\u00e4chsten Einloggen (mit dem Schl\u00fcssel) ein Textfeld erhalten, das besagt, dass Ihr Fido Security Key aufgrund des Updates auf WebAuthn entfernt und als 2-Faktor-Authentifikator gel\u00f6scht wurde. Aber keine Sorge! Sie k\u00f6nnen Ihren bestehenden Schl\u00fcssel einfach neu registrieren und ihn wie gewohnt verwenden. Sie werden wahrscheinlich nicht einmal einen Unterschied bemerken, au\u00dfer dass Ihr Browser die U2F-Deaktivierungsmeldung nicht mehr anzeigt. Deaktivieren inoffizieller unterst\u00fctzter Fido Security Keys \u00b6 Mit WebAuthn gibt es die M\u00f6glichkeit, nur offizielle Fido Security Keys zu verwenden (von den gro\u00dfen Marken wie: Yubico, Apple, Nitro, Google, Huawei, Microsoft, usw.) zu verwenden. Dies dient in erster Linie der Sicherheit, da es Administratoren erm\u00f6glicht, sicherzustellen, dass nur offizielle Hardware in ihrer Umgebung verwendet werden kann. Um diese Funktion zu aktivieren, \u00e4ndern Sie den Wert WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf von n auf y und starten Sie die betroffenen Container mit docker compose up -d neu. Die mailcow wird nun die Vendor-Zertifikate verwenden, die sich in Ihrem mailcow-Verzeichnis unter data/web/inc/lib/WebAuthn/rootCertificates befinden. Beispiel: \u00b6 Wenn Sie die offiziellen Hersteller-Ger\u00e4te nur auf Apple beschr\u00e4nken wollen, brauchen Sie nur das Apple Hersteller-Zertifikat im data/web/inc/lib/WebAuthn/rootCertificates . Nachdem Sie alle anderen Zertifikate gel\u00f6scht haben, k\u00f6nnen Sie WebAuthn 2FA nur noch mit Apple-Ger\u00e4ten aktivieren. Das ist f\u00fcr jeden Hersteller gleich, also w\u00e4hlen Sie aus, was Ihnen gef\u00e4llt (wenn Sie es wollen). Eigene Zertifikate f\u00fcr WebAuthn verwenden \u00b6 Wenn du ein g\u00fcltiges Zertifikat vom Hersteller deines Schl\u00fcssels hast, kannst du es auch zu deiner Mailcow hinzuf\u00fcgen! Kopieren Sie einfach das Zertifikat in den data/web/inc/lib/WebAuthn/rootCertificates Ordner und starten Sie Ihre Mailcow neu. Nun sollten Sie in der Lage sein, auch dieses Ger\u00e4t zu registrieren, obwohl die \u00dcberpr\u00fcfung f\u00fcr die Herstellerzertifikate aktiviert ist, da Sie das Zertifikat manuell hinzugef\u00fcgt haben. Ist es gef\u00e4hrlich, den Vendor Check deaktiviert zu lassen? \u00b6 Nein, das ist es nicht! Diese Herstellerzertifikate werden nur zur \u00dcberpr\u00fcfung der Originalhardware verwendet, nicht zur Absicherung des Registrierungsprozesses. Wie Sie in diesen Artikeln lesen k\u00f6nnen, hat die Deaktivierung nichts mit der Software-Sicherheit zu tun: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 Letztendlich ist es aber nat\u00fcrlich Ihre Entscheidung, ob Sie dieses H\u00e4kchen deaktiviert oder aktiviert lassen. TOTP \u00b6 Die bekannteste TFA-Methode, die meist mit einem Smartphone verwendet wird. Um die TOTP-Methode einzurichten, loggen Sie sich in die Admin UI ein und w\u00e4hlen Sie Time-based OTP (TOTP) aus der Liste. Nun \u00f6ffnet sich ein Modal, in dem Sie einen Namen f\u00fcr Ihr 2FA-\"Ger\u00e4t\" (Beispiel: John Deer's Smartphone) und das Passwort des betroffenen Admin-Kontos (mit dem Sie derzeit eingeloggt sind) eingeben m\u00fcssen. Sie haben zwei verschiedene Methoden, um TOTP f\u00fcr Ihr Konto zu registrieren: 1. Scannen Sie den QR-Code mit Ihrer Authenticator App auf einem Smartphone oder Tablet. 2. Verwenden Sie den TOTP-Code (unter dem QR-Code) in Ihrem TOTP-Programm oder Ihrer App (wenn Sie keinen QR-Code scannen k\u00f6nnen). Nachdem Sie den QR- oder TOTP-Code in der TOTP-App/dem TOTP-Programm Ihrer Wahl registriert haben, m\u00fcssen Sie nur noch den nun generierten TOTP-Token (in der App/dem Programm) als Best\u00e4tigung in der mailcow UI eingeben, um die TOTP 2FA endg\u00fcltig zu aktivieren, ansonsten wird sie nicht aktiviert, obwohl der TOTP-Token bereits in Ihrer App/ Ihrem Programm generiert wurde.","title":"Zwei-Faktoren-Authentifizierung"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#yubi-otp","text":"Die Yubi API ID und der Schl\u00fcssel werden mit der Yubico Cloud API abgeglichen. Bei der Einrichtung von TFA werden Sie nach Ihrem pers\u00f6nlichen API-Konto f\u00fcr diesen Schl\u00fcssel gefragt. Die API-ID, der API-Schl\u00fcssel und die ersten 12 Zeichen (Ihre YubiKeys ID in modhex) werden in der MySQL-Tabelle als Geheimnis gespeichert.","title":"Yubi OTP"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#beispiel-einrichtung","text":"Als erstes muss der YubiKey f\u00fcr die Verwendung als OTP-Generator konfiguriert werden. Laden Sie dazu den YubiKey Manager von der Yubico Website herunter: hier Im Folgenden konfigurieren Sie den YubiKey f\u00fcr OTP. \u00dcber den Men\u00fcpunkt Anwendungen -> OTP und einem Klick auf den Konfigurieren Button. W\u00e4hlen Sie im folgenden Men\u00fc Credential Type -> Yubico OTP und klicken Sie auf Next . Setzen Sie ein H\u00e4kchen in die Checkbox Use serial , generieren Sie eine Private ID und einen Secret key \u00fcber die Schaltfl\u00e4chen. Damit der YubiKey sp\u00e4ter validiert werden kann, muss auch das H\u00e4kchen in der Upload Checkbox gesetzt werden und klicken Sie dann auf Finish . Nun \u00f6ffnet sich ein neues Browserfenster, in dem Sie unten im Formular ein OTP Ihres YubiKey eingeben m\u00fcssen (auf das Feld klicken und dann auf Ihren YubiKey tippen). Best\u00e4tigen Sie das Captcha und laden Sie die Daten auf den Yubico-Server hoch, indem Sie auf 'Hochladen' klicken. Die Verarbeitung der Daten wird einen Moment dauern. Nachdem die Generierung erfolgreich war, werden Ihnen eine Client ID und ein Secret key angezeigt, notieren Sie sich diese Informationen an einem sicheren Ort. Nun k\u00f6nnen Sie Yubico OTP-Authentifizierung aus dem Dropdown-Men\u00fc in der mailcow UI auf der Startseite unter Zugang -> Zwei-Faktor-Authentifizierung ausw\u00e4hlen. In dem sich nun \u00f6ffnenden Dialog k\u00f6nnen Sie einen Namen f\u00fcr diesen YubiKey eingeben und die zuvor notierte Client ID sowie den Secret key in die vorgesehenen Felder eintragen. Geben Sie schlie\u00dflich Ihr aktuelles Kontopasswort ein und ber\u00fchren Sie nach Auswahl des Feldes Touch Yubikey die Schaltfl\u00e4che Ihres YubiKey. Herzlichen Gl\u00fcckwunsch! Sie k\u00f6nnen sich nun mit Ihrem YubiKey in die mailcow UI einloggen!","title":"Beispiel-Einrichtung"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#webauthn-u2f-ersatz","text":"Warning Seit Februar 2022 hat Google Chrome die Unterst\u00fctzung f\u00fcr U2F aufgegeben und die Verwendung von WebAuthn standardisiert. Die WebAuthn API (der Ersatz f\u00fcr U2F) ist seit dem 21. Januar 2022 Teil von mailcow, wenn Sie also den Key \u00fcber Februar 2022 hinaus nutzen wollen, sollten Sie ein Update mit der update.sh in Betracht ziehen. Um WebAuthn zu nutzen, muss der Browser diesen Standard unterst\u00fctzen: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) Die folgenden mobilen Browser unterst\u00fctzen diesen Authentifizierungstyp: Safari auf iOS (>=14.5) Android-Browser (>=97) Opera Mobil (>=64) Chrome f\u00fcr Android (>=97) Quellen: caniuse.com , blog.mozilla.org WebAuthn funktioniert auch ohne Internetverbindung.","title":"WebAuthn (U2F, Ersatz)"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#was-passiert-mit-meinem-registrierten-fido-security-key-nach-dem-update-von-u2f-auf-webauthn","text":"Warning Mit dem neuen U2F-Ersatz (WebAuthn) m\u00fcssen Sie Ihren Fido Security Key neu registrieren, zum Gl\u00fcck ist WebAuthn abw\u00e4rtskompatibel und unterst\u00fctzt das U2F-Protokoll. Im Idealfall sollten Sie beim n\u00e4chsten Einloggen (mit dem Schl\u00fcssel) ein Textfeld erhalten, das besagt, dass Ihr Fido Security Key aufgrund des Updates auf WebAuthn entfernt und als 2-Faktor-Authentifikator gel\u00f6scht wurde. Aber keine Sorge! Sie k\u00f6nnen Ihren bestehenden Schl\u00fcssel einfach neu registrieren und ihn wie gewohnt verwenden. Sie werden wahrscheinlich nicht einmal einen Unterschied bemerken, au\u00dfer dass Ihr Browser die U2F-Deaktivierungsmeldung nicht mehr anzeigt.","title":"Was passiert mit meinem registrierten Fido Security Key nach dem Update von U2F auf WebAuthn?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#deaktivieren-inoffizieller-unterstutzter-fido-security-keys","text":"Mit WebAuthn gibt es die M\u00f6glichkeit, nur offizielle Fido Security Keys zu verwenden (von den gro\u00dfen Marken wie: Yubico, Apple, Nitro, Google, Huawei, Microsoft, usw.) zu verwenden. Dies dient in erster Linie der Sicherheit, da es Administratoren erm\u00f6glicht, sicherzustellen, dass nur offizielle Hardware in ihrer Umgebung verwendet werden kann. Um diese Funktion zu aktivieren, \u00e4ndern Sie den Wert WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf von n auf y und starten Sie die betroffenen Container mit docker compose up -d neu. Die mailcow wird nun die Vendor-Zertifikate verwenden, die sich in Ihrem mailcow-Verzeichnis unter data/web/inc/lib/WebAuthn/rootCertificates befinden.","title":"Deaktivieren inoffizieller unterst\u00fctzter Fido Security Keys"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#beispiel","text":"Wenn Sie die offiziellen Hersteller-Ger\u00e4te nur auf Apple beschr\u00e4nken wollen, brauchen Sie nur das Apple Hersteller-Zertifikat im data/web/inc/lib/WebAuthn/rootCertificates . Nachdem Sie alle anderen Zertifikate gel\u00f6scht haben, k\u00f6nnen Sie WebAuthn 2FA nur noch mit Apple-Ger\u00e4ten aktivieren. Das ist f\u00fcr jeden Hersteller gleich, also w\u00e4hlen Sie aus, was Ihnen gef\u00e4llt (wenn Sie es wollen).","title":"Beispiel:"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#eigene-zertifikate-fur-webauthn-verwenden","text":"Wenn du ein g\u00fcltiges Zertifikat vom Hersteller deines Schl\u00fcssels hast, kannst du es auch zu deiner Mailcow hinzuf\u00fcgen! Kopieren Sie einfach das Zertifikat in den data/web/inc/lib/WebAuthn/rootCertificates Ordner und starten Sie Ihre Mailcow neu. Nun sollten Sie in der Lage sein, auch dieses Ger\u00e4t zu registrieren, obwohl die \u00dcberpr\u00fcfung f\u00fcr die Herstellerzertifikate aktiviert ist, da Sie das Zertifikat manuell hinzugef\u00fcgt haben.","title":"Eigene Zertifikate f\u00fcr WebAuthn verwenden"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#ist-es-gefahrlich-den-vendor-check-deaktiviert-zu-lassen","text":"Nein, das ist es nicht! Diese Herstellerzertifikate werden nur zur \u00dcberpr\u00fcfung der Originalhardware verwendet, nicht zur Absicherung des Registrierungsprozesses. Wie Sie in diesen Artikeln lesen k\u00f6nnen, hat die Deaktivierung nichts mit der Software-Sicherheit zu tun: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 Letztendlich ist es aber nat\u00fcrlich Ihre Entscheidung, ob Sie dieses H\u00e4kchen deaktiviert oder aktiviert lassen.","title":"Ist es gef\u00e4hrlich, den Vendor Check deaktiviert zu lassen?"},{"location":"de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#totp","text":"Die bekannteste TFA-Methode, die meist mit einem Smartphone verwendet wird. Um die TOTP-Methode einzurichten, loggen Sie sich in die Admin UI ein und w\u00e4hlen Sie Time-based OTP (TOTP) aus der Liste. Nun \u00f6ffnet sich ein Modal, in dem Sie einen Namen f\u00fcr Ihr 2FA-\"Ger\u00e4t\" (Beispiel: John Deer's Smartphone) und das Passwort des betroffenen Admin-Kontos (mit dem Sie derzeit eingeloggt sind) eingeben m\u00fcssen. Sie haben zwei verschiedene Methoden, um TOTP f\u00fcr Ihr Konto zu registrieren: 1. Scannen Sie den QR-Code mit Ihrer Authenticator App auf einem Smartphone oder Tablet. 2. Verwenden Sie den TOTP-Code (unter dem QR-Code) in Ihrem TOTP-Programm oder Ihrer App (wenn Sie keinen QR-Code scannen k\u00f6nnen). Nachdem Sie den QR- oder TOTP-Code in der TOTP-App/dem TOTP-Programm Ihrer Wahl registriert haben, m\u00fcssen Sie nur noch den nun generierten TOTP-Token (in der App/dem Programm) als Best\u00e4tigung in der mailcow UI eingeben, um die TOTP 2FA endg\u00fcltig zu aktivieren, ansonsten wird sie nicht aktiviert, obwohl der TOTP-Token bereits in Ihrer App/ Ihrem Programm generiert wurde.","title":"TOTP"},{"location":"de/models/model-acl/","text":"Die Bearbeitung eines Dom\u00e4nenadministrators oder eines Mailboxbenutzers erm\u00f6glicht es, Einschr\u00e4nkungen f\u00fcr dieses Konto festzulegen. Wichtig : Bei sich \u00fcberschneidenden Modulen wie Synchronisierungsauftr\u00e4gen, auf die sowohl Dom\u00e4nenadministratoren als auch Mailbox-Benutzer Zugriff erhalten k\u00f6nnen, werden die Rechte des Dom\u00e4nenadministrators geerbt, wenn man sich als Mailbox-Benutzer anmeldet. Einige Beispiele: 1. Ein Dom\u00e4nenadministrator hat keinen Zugriff auf Synchronisierungsauftr\u00e4ge, kann sich aber als Mailbox-Benutzer anmelden Wenn er sich als Mailbox-Benutzer anmeldet, erh\u00e4lt er keinen Zugriff auf Synchronisierungsauftr\u00e4ge, auch wenn der betreffende Mailbox-Benutzer bei der direkten Anmeldung Zugriff hat . 2. Ein Dom\u00e4nenadministrator hat Zugriff auf Synchronisierungsauftr\u00e4ge und kann sich als Postfachbenutzer anmelden Der Mailbox-Benutzer, als der er sich anzumelden versucht, hat keinen Zugang zu Synchronisierungsauftr\u00e4gen Der Dom\u00e4nenadministrator, der nun als Mailbox-Benutzer angemeldet ist, erbt die Berechtigung des Mailbox-Benutzers und kann auf Synchronisierungsauftr\u00e4ge zugreifen. 3. Ein Dom\u00e4nenadministrator meldet sich als Mailbox-Benutzer an Jede Berechtigung, die nicht in der ACL eines Dom\u00e4nenadministrators vorhanden ist, wird automatisch gew\u00e4hrt (Beispiel: zeitlich begrenzter Alias, TLS-Richtlinie usw.)","title":"ACL"},{"location":"de/models/model-passwd/","text":"Vollst\u00e4ndig unterst\u00fctzte Hashing-Methoden \u00b6 Die aktuellste Version von mailcow unterst\u00fctzt die folgenden Hashing-Methoden vollst\u00e4ndig. Die Standard-Hashing-Methode ist fett geschrieben: BLF-CRYPT SSHA SSHA256 SSHA512 Die obigen Methoden k\u00f6nnen in mailcow.conf als MAILCOW_PASS_SCHEME Wert verwendet werden. Nur-Lese-Hashing-Methoden \u00b6 Die folgenden Methoden werden nur lesend unterst\u00fctzt. Wenn Sie planen, SOGo zu benutzen (wie standardm\u00e4\u00dfig), ben\u00f6tigen Sie eine SOGo-kompatible Hash-Methode. Bitte beachten Sie den Hinweis am Ende dieser Seite, wie Sie die Ansicht bei Bedarf aktualisieren k\u00f6nnen. Wenn SOGo deaktiviert ist, k\u00f6nnen alle unten aufgef\u00fchrten Hashing-Methoden von mailcow und Dovecot gelesen werden. ARGON2I (SOGo kompatibel) ARGON2ID (SOGo kompatibel) CLEAR CLEARTEXT CRYPT (SOGo-kompatibel) DES-CRYPT LDAP-MD5 (SOGo-kompatibel) MD5 (SOGo-kompatibel) MD5-CRYPT (SOGo-kompatibel) PBKDF2 (SOGo-kompatibel) PLAIN (SOGo-kompatibel) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo-kompatibel) SHA1 (SOGo-kompatibel) SHA256 (SOGo-kompatibel) SHA256-CRYPT (SOGo-kompatibel) SHA512 (SOGo-kompatibel) SHA512-CRYPT (SOGo-kompatibel) SMD5 (SOGo kompatibel) Das bedeutet, mailcow ist in der Lage, Nutzer mit einem Hash wie {MD5}1a1dc91c907325c69271ddf0c944bc72 aus der Datenbank zu verifizieren. Der Wert von MAILCOW_PASS_SCHEME wird immer verwendet, um neue Passw\u00f6rter zu verschl\u00fcsseln. Ich habe die Passwort-Hashes in der SQL-Tabelle \"Mailbox\" ge\u00e4ndert und kann mich nicht anmelden. Eine \"Ansicht\" muss aktualisiert werden. Sie k\u00f6nnen dies durch einen Neustart von sogo-mailcow ausl\u00f6sen: docker compose (Plugin) docker-compose (Standalone) docker compose restart sogo-mailcow docker-compose restart sogo-mailcow","title":"Passwort-Hashing"},{"location":"de/models/model-passwd/#vollstandig-unterstutzte-hashing-methoden","text":"Die aktuellste Version von mailcow unterst\u00fctzt die folgenden Hashing-Methoden vollst\u00e4ndig. Die Standard-Hashing-Methode ist fett geschrieben: BLF-CRYPT SSHA SSHA256 SSHA512 Die obigen Methoden k\u00f6nnen in mailcow.conf als MAILCOW_PASS_SCHEME Wert verwendet werden.","title":"Vollst\u00e4ndig unterst\u00fctzte Hashing-Methoden"},{"location":"de/models/model-passwd/#nur-lese-hashing-methoden","text":"Die folgenden Methoden werden nur lesend unterst\u00fctzt. Wenn Sie planen, SOGo zu benutzen (wie standardm\u00e4\u00dfig), ben\u00f6tigen Sie eine SOGo-kompatible Hash-Methode. Bitte beachten Sie den Hinweis am Ende dieser Seite, wie Sie die Ansicht bei Bedarf aktualisieren k\u00f6nnen. Wenn SOGo deaktiviert ist, k\u00f6nnen alle unten aufgef\u00fchrten Hashing-Methoden von mailcow und Dovecot gelesen werden. ARGON2I (SOGo kompatibel) ARGON2ID (SOGo kompatibel) CLEAR CLEARTEXT CRYPT (SOGo-kompatibel) DES-CRYPT LDAP-MD5 (SOGo-kompatibel) MD5 (SOGo-kompatibel) MD5-CRYPT (SOGo-kompatibel) PBKDF2 (SOGo-kompatibel) PLAIN (SOGo-kompatibel) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo-kompatibel) SHA1 (SOGo-kompatibel) SHA256 (SOGo-kompatibel) SHA256-CRYPT (SOGo-kompatibel) SHA512 (SOGo-kompatibel) SHA512-CRYPT (SOGo-kompatibel) SMD5 (SOGo kompatibel) Das bedeutet, mailcow ist in der Lage, Nutzer mit einem Hash wie {MD5}1a1dc91c907325c69271ddf0c944bc72 aus der Datenbank zu verifizieren. Der Wert von MAILCOW_PASS_SCHEME wird immer verwendet, um neue Passw\u00f6rter zu verschl\u00fcsseln. Ich habe die Passwort-Hashes in der SQL-Tabelle \"Mailbox\" ge\u00e4ndert und kann mich nicht anmelden. Eine \"Ansicht\" muss aktualisiert werden. Sie k\u00f6nnen dies durch einen Neustart von sogo-mailcow ausl\u00f6sen: docker compose (Plugin) docker-compose (Standalone) docker compose restart sogo-mailcow docker-compose restart sogo-mailcow","title":"Nur-Lese-Hashing-Methoden"},{"location":"de/models/model-sender_rcv/","text":"Wenn eine Mailbox erstellt wird, kann ein Benutzer Mails von seiner eigenen Mailboxadresse senden und empfangen. Die Mailbox me@example.org wird erstellt. example.org ist eine prim\u00e4re Dom\u00e4ne. Hinweis: Eine Mailbox kann nicht in einer Alias-Dom\u00e4ne erstellt werden. me@example.org ist nur als me@example.org bekannt. me@example.org darf als me@example.org senden. Wir k\u00f6nnen eine Alias-Dom\u00e4ne f\u00fcr example.org hinzuf\u00fcgen: Die Alias-Dom\u00e4ne alias.com wird hinzugef\u00fcgt und der prim\u00e4ren Dom\u00e4ne example.org zugewiesen. me@example.org ist nun als me@example.org und me@alias.com bekannt. me@example.org darf nun als me@example.org und me@alias.com senden. Wir k\u00f6nnen Aliase f\u00fcr eine Mailbox hinzuf\u00fcgen, um Mails von dieser neuen Adresse zu empfangen und zu senden. Es ist wichtig zu wissen, dass Sie nicht in der Lage sind, Mails f\u00fcr my-alias@my-alias-domain.tld zu empfangen. Sie m\u00fcssen diesen speziellen Alias erstellen. me@example.org wird der Alias alias@example.org zugewiesen. me@example.org ist jetzt bekannt als me@example.org, me@alias.com, alias@example.org me@example.org ist NICHT als alias@alias.com bekannt. Bitte beachten Sie, dass dies nicht f\u00fcr \"catch-all\"-Aliasnamen gilt: Die Alias-Dom\u00e4ne alias.com wird hinzugef\u00fcgt und der prim\u00e4ren Dom\u00e4ne example.org zugewiesen me@example.org wird der Catch-all-Alias @example.org zugewiesen me@example.org ist weiterhin nur als me@example.org bekannt, was die einzige verf\u00fcgbare send-as Option ist. Jede an alias.com gesendete E-Mail wird mit dem Catch-All-Alias f\u00fcr example.org \u00fcbereinstimmen. Administratoren und Dom\u00e4nenadministratoren k\u00f6nnen Postf\u00e4cher bearbeiten, um bestimmten Benutzern zu erlauben, als andere Postfachbenutzer zu senden (sie zu \"delegieren\"). Sie k\u00f6nnen zwischen Mailbox-Benutzern w\u00e4hlen oder die Absenderpr\u00fcfung f\u00fcr Dom\u00e4nen komplett deaktivieren. SOGo \"Mail von\"-Adressen \u00b6 Mailbox-Benutzer k\u00f6nnen nat\u00fcrlich ihre eigene Mailbox-Adresse ausw\u00e4hlen, sowie alle Alias-Adressen und Aliase, die \u00fcber Alias-Dom\u00e4nen existieren. Wenn Sie einen anderen existierenden Mailbox-Benutzer als Ihre \"Mail von\"-Adresse ausw\u00e4hlen wollen, muss dieser Benutzer Ihnen den Zugriff \u00fcber SOGo delegieren (siehe SOGo-Dokumentation). Au\u00dferdem muss ein mailcow (Domain) Administrator Ihnen den Zugang wie oben beschrieben gew\u00e4hren.","title":"Sender- und Empf\u00e4ngermodell"},{"location":"de/models/model-sender_rcv/#sogo-mail-von-adressen","text":"Mailbox-Benutzer k\u00f6nnen nat\u00fcrlich ihre eigene Mailbox-Adresse ausw\u00e4hlen, sowie alle Alias-Adressen und Aliase, die \u00fcber Alias-Dom\u00e4nen existieren. Wenn Sie einen anderen existierenden Mailbox-Benutzer als Ihre \"Mail von\"-Adresse ausw\u00e4hlen wollen, muss dieser Benutzer Ihnen den Zugriff \u00fcber SOGo delegieren (siehe SOGo-Dokumentation). Au\u00dferdem muss ein mailcow (Domain) Administrator Ihnen den Zugang wie oben beschrieben gew\u00e4hren.","title":"SOGo \"Mail von\"-Adressen"},{"location":"de/post_installation/firststeps-disable_ipv6/","text":"Dies wird NUR empfohlen, wenn Sie kein IPv6-f\u00e4higes Netzwerk auf Ihrem Host haben! Wenn Sie es wirklich brauchen, k\u00f6nnen Sie die Verwendung von IPv6 in der Compose-Datei deaktivieren. Zus\u00e4tzlich k\u00f6nnen Sie auch den Start des Containers \"ipv6nat-mailcow\" deaktivieren, da er nicht ben\u00f6tigt wird, wenn Sie IPv6 nicht verwenden. Anstatt die Datei docker-compose.yml direkt zu bearbeiten, ist es besser, eine Override-Datei zu erstellen zu erstellen und Ihre \u00c4nderungen am Dienst dort zu implementieren. Leider scheint dies im Moment nur f\u00fcr Dienste zu funktionieren, nicht f\u00fcr Netzwerkeinstellungen. Um IPv6 im mailcow-Netzwerk zu deaktivieren, \u00f6ffnen Sie docker-compose.yml mit Ihrem bevorzugten Texteditor und suchen Sie nach dem Netzwerk-Abschnitt (er befindet sich am Ende der Datei). 1. \u00c4ndern Sie docker-compose.yml \u00c4ndern Sie enable_ipv6: true in enable_ipv6: false : networks: mailcow-network: [...] enable_ipv6: true # <<< auf false setzen [...] 2. ipv6nat-mailcow deaktivieren Um den ipv6nat-mailcow Container ebenfalls zu deaktivieren, gehen Sie in Ihr mailcow Verzeichnis und erstellen Sie eine neue Datei namens \"docker-compose.override.yml\": HINWEIS: Wenn Sie bereits eine Override-Datei haben, erstellen Sie diese nat\u00fcrlich nicht neu, sondern f\u00fcgen Sie die untenstehenden Zeilen entsprechend in Ihre bestehende Datei ein! # cd /opt/mailcow-dockerized # touch docker-compose.override.yml \u00d6ffnen Sie die Datei in Ihrem bevorzugten Texteditor und tragen Sie folgendes ein: version: '2.1' services: ipv6nat-mailcow: image: bash:latest restart: \"no\" entrypoint: [\"echo\", \"ipv6nat disabled in compose.override.yml\"] Damit diese \u00c4nderungen wirksam werden, m\u00fcssen Sie den Stack vollst\u00e4ndig stoppen und dann neu starten, damit Container und Netzwerke neu erstellt werden: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d 3. Deaktivieren Sie IPv6 in unbound-mailcow Bearbeiten Sie data/conf/unbound/unbound.conf und setzen Sie do-ip6 auf \"no\": Server: [...] do-ip6: no [...] unbound neu starten: docker compose (Plugin) docker-compose (Standalone) docker compose restart unbound-mailcow docker-compose restart unbound-mailcow 4. Deaktivieren Sie IPv6 in postfix-mailcow Erstellen Sie data/conf/postfix/extra.cf und setzen Sie smtp_address_preference auf ipv4 : smtp_address_preference = ipv4 inet_protocols = ipv4 Starten Sie Postfix neu: docker compose (Plugin) docker-compose (Standalone) docker compose restart postfix-mailcow docker-compose restart postfix-mailcow 5. Wenn im Docker Daemon IPv6 komplett deaktiviert ist: Folgende NGINX, Dovecot und Php-fpm Konfigurationsdateien anpassen sed -i '/::/d' data/conf/nginx/listen_* sed -i '/::/d' data/conf/nginx/templates/listen* sed -i '/::/d' data/conf/nginx/dynmaps.conf sed -i 's/,\\[::\\]//g' data/conf/dovecot/dovecot.conf sed -i 's/\\[::\\]://g' data/conf/phpfpm/php-fpm.d/pools.conf","title":"IPv6 deaktivieren"},{"location":"de/post_installation/firststeps-dmarc_reporting/","text":"Die DMARC-Berichterstattung erfolgt \u00fcber das Rspamd DMARC-Modul. Die Rspamd-Dokumentation finden Sie hier: https://rspamd.com/doc/modules/dmarc.html Wichtig: \u00c4ndern Sie example.com , mail.example.com und Example so, dass sie Ihrer Einrichtung entsprechen Die DMARC-Berichterstattung erfordert zus\u00e4tzliche Aufmerksamkeit, insbesondere in den ersten Tagen Alle empfangenden Domains, die auf mailcow gehostet werden, senden von einer Reporting-Domain. Es wird empfohlen, die \u00fcbergeordnete Domain Ihres MAILCOW_HOSTNAME zu verwenden: Wenn Ihr MAILCOW_HOSTNAME mail.example.com ist, \u00e4ndern Sie die folgende Konfiguration in domain = \"example.com\"; Setzen Sie email gleich, z.B. email = \"noreply-dmarc@example.com\"; Es ist optional, aber empfohlen, einen E-Mail-Benutzer noreply-dmarc in mailcow zu erstellen, um Bounces zu behandeln. Aktivieren Sie DMARC-Berichterstattung \u00b6 Erstellen Sie die Datei data/conf/rspamd/local.d/dmarc.conf und setzen Sie den folgenden Inhalt: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Erstellen oder \u00e4ndern Sie docker-compose.override.yml im mailcow-dockerized Basisverzeichnis: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Starten Sie den mailcow Stack mit: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Senden Sie eine Kopie der Berichte an sich selbst \u00b6 Um eine versteckte Kopie der von Rspamd erzeugten Berichte zu erhalten, k\u00f6nnen Sie eine bcc_addrs Liste im reporting Konfigurationsabschnitt von data/conf/rspamd/local.d/dmarc.conf setzen: reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\", \"parsedmarc@example.com\"]; [...] Rspamd l\u00e4dt \u00c4nderungen in Echtzeit, so dass Sie den Container zu diesem Zeitpunkt nicht neu starten m\u00fcssen. Dies kann n\u00fctzlich sein, wenn Sie... ...\u00fcberpr\u00fcfen wollen, ob Ihre DMARC-Berichte korrekt und authentifiziert gesendet werden. ...Ihre eigenen Berichte analysieren wollen, um Statistiken zu erhalten, z.B. um sie mit ParseDMARC oder anderen Analysesystemen zu verwenden. Fehlersuche \u00b6 Pr\u00fcfen Sie, wann der Berichtsplan zuletzt ausgef\u00fchrt wurde: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log Sehen Sie sich die letzte Berichtsausgabe an: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manuelles Ausl\u00f6sen eines DMARC-Berichts: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamadm dmarc_report docker-compose exec rspamd-mailcow rspamadm dmarc_report Best\u00e4tigen Sie, dass Rspamd Daten in Redis aufgezeichnet hat: \u00c4ndern Sie 20220428 in Ihr gew\u00fcnschtes Datum zum \u00fcberpr\u00fcfen. docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" docker-compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" Nehmen Sie eine der Zeilen aus der Ausgabe, die Sie interessiert, und fordern Sie sie an, z. B.: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 docker-compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 \u00c4ndern Sie die H\u00e4ufigkeit der DMARC-Berichte \u00b6 Im obigen Beispiel werden die Berichte einmal alle 24 Stunden sowie f\u00fcr den gestrigen Tag versendet. Dies ist f\u00fcr die meisten Konfigurationen ausreichend. Wenn Sie ein gro\u00dfes E-Mail-Aufkommen haben und die DMARC-Berichterstattung mehr als einmal am Tag durchf\u00fchren wollen, m\u00fcssen Sie einen zweiten Zeitplan erstellen und ihn mit dmarc_report $(date '+%Y%m%d') ausf\u00fchren, um den aktuellen Tag zu verarbeiten. Sie m\u00fcssen sicherstellen, dass der erste Lauf an jedem Tag auch den letzten Bericht vom Vortag verarbeitet, also muss er zweimal gestartet werden, einmal mit $(date --date yesterday '+%Y%m%d') um 0 5 0 * * * (00:05 AM) und dann mit $(date '+%Y%m%d') mit dem gew\u00fcnschten Intervall. Der Ofelia-Zeitplan hat die gleiche Implementierung wie cron in Go, die unterst\u00fctzte Syntax ist beschrieben in cron Documentation Um den Zeitplan zu \u00e4ndern: docker-compose.override.yml bearbeiten: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"0 5 0 * * *\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: \"@every 12h\" ofelia.job-exec.rspamd_dmarc_reporting_today.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Starten Sie die betroffenen Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d F\u00fchren Sie einen Neustart nur von Ofelia aus: docker compose (Plugin) docker-compose (Standalone) docker compose restart ofelia-mailcow docker-compose restart ofelia-mailcow DMARC-Berichterstattung deaktivieren \u00b6 Zum Deaktivieren der Berichterstattung: Setzen Sie enabled auf false in data/conf/rspamd/local.d/dmarc.conf . Machen Sie \u00c4nderungen in docker-compose.override.yml an rspamd-mailcow und ofelia-mailcow r\u00fcckg\u00e4ngig Starten Sie die betroffenen Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"DMARC Reporting"},{"location":"de/post_installation/firststeps-dmarc_reporting/#aktivieren-sie-dmarc-berichterstattung","text":"Erstellen Sie die Datei data/conf/rspamd/local.d/dmarc.conf und setzen Sie den folgenden Inhalt: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Erstellen oder \u00e4ndern Sie docker-compose.override.yml im mailcow-dockerized Basisverzeichnis: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Starten Sie den mailcow Stack mit: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Aktivieren Sie DMARC-Berichterstattung"},{"location":"de/post_installation/firststeps-dmarc_reporting/#senden-sie-eine-kopie-der-berichte-an-sich-selbst","text":"Um eine versteckte Kopie der von Rspamd erzeugten Berichte zu erhalten, k\u00f6nnen Sie eine bcc_addrs Liste im reporting Konfigurationsabschnitt von data/conf/rspamd/local.d/dmarc.conf setzen: reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\", \"parsedmarc@example.com\"]; [...] Rspamd l\u00e4dt \u00c4nderungen in Echtzeit, so dass Sie den Container zu diesem Zeitpunkt nicht neu starten m\u00fcssen. Dies kann n\u00fctzlich sein, wenn Sie... ...\u00fcberpr\u00fcfen wollen, ob Ihre DMARC-Berichte korrekt und authentifiziert gesendet werden. ...Ihre eigenen Berichte analysieren wollen, um Statistiken zu erhalten, z.B. um sie mit ParseDMARC oder anderen Analysesystemen zu verwenden.","title":"Senden Sie eine Kopie der Berichte an sich selbst"},{"location":"de/post_installation/firststeps-dmarc_reporting/#fehlersuche","text":"Pr\u00fcfen Sie, wann der Berichtsplan zuletzt ausgef\u00fchrt wurde: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log Sehen Sie sich die letzte Berichtsausgabe an: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manuelles Ausl\u00f6sen eines DMARC-Berichts: docker compose (Plugin) docker-compose (Standalone) docker compose exec rspamd-mailcow rspamadm dmarc_report docker-compose exec rspamd-mailcow rspamadm dmarc_report Best\u00e4tigen Sie, dass Rspamd Daten in Redis aufgezeichnet hat: \u00c4ndern Sie 20220428 in Ihr gew\u00fcnschtes Datum zum \u00fcberpr\u00fcfen. docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" docker-compose exec redis-mailcow redis-cli SMEMBERS \"dmarc_idx;20220428\" Nehmen Sie eine der Zeilen aus der Ausgabe, die Sie interessiert, und fordern Sie sie an, z. B.: docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49 docker-compose exec redis-mailcow redis-cli ZRANGE \"dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428\" 0 49","title":"Fehlersuche"},{"location":"de/post_installation/firststeps-dmarc_reporting/#andern-sie-die-haufigkeit-der-dmarc-berichte","text":"Im obigen Beispiel werden die Berichte einmal alle 24 Stunden sowie f\u00fcr den gestrigen Tag versendet. Dies ist f\u00fcr die meisten Konfigurationen ausreichend. Wenn Sie ein gro\u00dfes E-Mail-Aufkommen haben und die DMARC-Berichterstattung mehr als einmal am Tag durchf\u00fchren wollen, m\u00fcssen Sie einen zweiten Zeitplan erstellen und ihn mit dmarc_report $(date '+%Y%m%d') ausf\u00fchren, um den aktuellen Tag zu verarbeiten. Sie m\u00fcssen sicherstellen, dass der erste Lauf an jedem Tag auch den letzten Bericht vom Vortag verarbeitet, also muss er zweimal gestartet werden, einmal mit $(date --date yesterday '+%Y%m%d') um 0 5 0 * * * (00:05 AM) und dann mit $(date '+%Y%m%d') mit dem gew\u00fcnschten Intervall. Der Ofelia-Zeitplan hat die gleiche Implementierung wie cron in Go, die unterst\u00fctzte Syntax ist beschrieben in cron Documentation Um den Zeitplan zu \u00e4ndern: docker-compose.override.yml bearbeiten: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.schedule: \"0 5 0 * * *\" ofelia.job-exec.rspamd_dmarc_reporting_yesterday.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date --date yesterday '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia.job-exec.rspamd_dmarc_reporting_today.schedule: \"@every 12h\" ofelia.job-exec.rspamd_dmarc_reporting_today.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report $(date '+%Y%m%d') > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Starten Sie die betroffenen Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d F\u00fchren Sie einen Neustart nur von Ofelia aus: docker compose (Plugin) docker-compose (Standalone) docker compose restart ofelia-mailcow docker-compose restart ofelia-mailcow","title":"\u00c4ndern Sie die H\u00e4ufigkeit der DMARC-Berichte"},{"location":"de/post_installation/firststeps-dmarc_reporting/#dmarc-berichterstattung-deaktivieren","text":"Zum Deaktivieren der Berichterstattung: Setzen Sie enabled auf false in data/conf/rspamd/local.d/dmarc.conf . Machen Sie \u00c4nderungen in docker-compose.override.yml an rspamd-mailcow und ofelia-mailcow r\u00fcckg\u00e4ngig Starten Sie die betroffenen Container neu: docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"DMARC-Berichterstattung deaktivieren"},{"location":"de/post_installation/firststeps-ip_bindings/","text":"Warnung Das \u00c4ndern der Bindung hat keinen Einfluss auf Source-NAT. Siehe SNAT f\u00fcr die erforderlichen Schritte. IPv4-Binding \u00b6 Um eine oder mehrere IPv4-Bind(ings) anzupassen, \u00f6ffne mailcow.conf und editiere eine, mehrere oder alle Variablen nach deinen Bed\u00fcrfnissen: # Aus technischen Gr\u00fcnden unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen. # Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port: # Beispiel: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Andere Dienste werden nach folgendem Format gebunden: # SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25 # Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x \u00fcbersprungen. # doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte \u00e4ndern Sie das nicht, es sei denn, Sie wissen, was Sie tun. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 Um Ihre \u00c4nderungen zu \u00fcbernehmen, f\u00fchren Sie folgende Befehle aus: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d IPv6-Binding \u00b6 Das \u00c4ndern von IPv6-Bindings ist anders als bei IPv4. Auch dies hat einen technischen Hintergrund. Eine docker-compose.override.yml Datei wird verwendet, anstatt die docker-compose.yml Datei direkt zu bearbeiten. Dies geschieht, um die Aktualisierbarkeit zu erhalten, da die Datei docker-compose.yml regelm\u00e4\u00dfig aktualisiert wird und Ihre \u00c4nderungen h\u00f6chstwahrscheinlich \u00fcberschrieben werden. Bearbeiten Sie die Datei \"docker-compose.override.yml\" und erstellen Sie sie mit dem folgenden Inhalt. Ihr Inhalt wird mit der produktiven Datei \"docker-compose.yml\" zusammengef\u00fchrt. Es wird eine beispielhafte IPv6 2001:db8:dead:beef::123 in [] angegeben. Das erste Suffix :PORT1 definiert den externen Port, w\u00e4hrend das zweite Suffix :PORT2 zu dem entsprechenden Port innerhalb des Containers f\u00fchrt und nicht ver\u00e4ndert werden darf. version: '2.1' services: dovecot-mailcow: ports: - '[2001:db8:dead:beef::123]:143:143' - '[2001:db8:dead:beef::123]:993:993' - '[2001:db8:dead:beef::123]:110:110' - '[2001:db8:dead:beef::123]:995:995' - '[2001:db8:dead:beef::123]:4190:4190' postfix-mailcow: ports: - '[2001:db8:dead:beef::123]:25:25' - '[2001:db8:dead:beef::123]:465:465' - '[2001:db8:dead:beef::123]:587:587' nginx-mailcow: ports: - '[2001:db8:dead:beef::123]:80:80' - '[2001:db8:dead:beef::123]:443:443' Um Ihre \u00c4nderungen zu \u00fcbernehmen, f\u00fchren Sie folgendes aus: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IP-Bindings"},{"location":"de/post_installation/firststeps-ip_bindings/#ipv4-binding","text":"Um eine oder mehrere IPv4-Bind(ings) anzupassen, \u00f6ffne mailcow.conf und editiere eine, mehrere oder alle Variablen nach deinen Bed\u00fcrfnissen: # Aus technischen Gr\u00fcnden unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen. # Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port: # Beispiel: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Andere Dienste werden nach folgendem Format gebunden: # SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25 # Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x \u00fcbersprungen. # doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte \u00e4ndern Sie das nicht, es sei denn, Sie wissen, was Sie tun. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 Um Ihre \u00c4nderungen zu \u00fcbernehmen, f\u00fchren Sie folgende Befehle aus: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IPv4-Binding"},{"location":"de/post_installation/firststeps-ip_bindings/#ipv6-binding","text":"Das \u00c4ndern von IPv6-Bindings ist anders als bei IPv4. Auch dies hat einen technischen Hintergrund. Eine docker-compose.override.yml Datei wird verwendet, anstatt die docker-compose.yml Datei direkt zu bearbeiten. Dies geschieht, um die Aktualisierbarkeit zu erhalten, da die Datei docker-compose.yml regelm\u00e4\u00dfig aktualisiert wird und Ihre \u00c4nderungen h\u00f6chstwahrscheinlich \u00fcberschrieben werden. Bearbeiten Sie die Datei \"docker-compose.override.yml\" und erstellen Sie sie mit dem folgenden Inhalt. Ihr Inhalt wird mit der produktiven Datei \"docker-compose.yml\" zusammengef\u00fchrt. Es wird eine beispielhafte IPv6 2001:db8:dead:beef::123 in [] angegeben. Das erste Suffix :PORT1 definiert den externen Port, w\u00e4hrend das zweite Suffix :PORT2 zu dem entsprechenden Port innerhalb des Containers f\u00fchrt und nicht ver\u00e4ndert werden darf. version: '2.1' services: dovecot-mailcow: ports: - '[2001:db8:dead:beef::123]:143:143' - '[2001:db8:dead:beef::123]:993:993' - '[2001:db8:dead:beef::123]:110:110' - '[2001:db8:dead:beef::123]:995:995' - '[2001:db8:dead:beef::123]:4190:4190' postfix-mailcow: ports: - '[2001:db8:dead:beef::123]:25:25' - '[2001:db8:dead:beef::123]:465:465' - '[2001:db8:dead:beef::123]:587:587' nginx-mailcow: ports: - '[2001:db8:dead:beef::123]:80:80' - '[2001:db8:dead:beef::123]:443:443' Um Ihre \u00c4nderungen zu \u00fcbernehmen, f\u00fchren Sie folgendes aus: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"IPv6-Binding"},{"location":"de/post_installation/firststeps-local_mta/","text":"Die einfachste M\u00f6glichkeit w\u00e4re, den Listener an Port 25/tcp zu deaktivieren. Postfix -Benutzer deaktivieren den Listener, indem sie die folgende Zeile (beginnend mit smtp oder 25 ) in /etc/postfix/master.cf auskommentieren: #smtp inet n - - - - smtpd Au\u00dferdem, um \u00fcber eine Dockerized mailcow weiterzuleiten, sollten Sie 172.22.1.1 als Relayhost hinzuf\u00fcgen und das Docker-Interface aus \"inet_interfaces\" entfernen: postconf -e 'relayhost = 172.22.1.1' postconf -e \"mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\" postconf -e \"inet_interfaces = loopback-only\" postconf -e \"relay_transport = relay\" postconf -e \"default_transport = smtp\" Jetzt ist es wichtig , dass Sie nicht denselben FQDN in myhostname haben, den Sie f\u00fcr Ihre mailcow verwenden. Pr\u00fcfen Sie Ihre lokale (nicht-Docker) Postfix' main.cf auf myhostname und setzen Sie ihn auf etwas anderes, zum Beispiel local.my.fqdn.tld . \"172.22.1.1\" ist das von mailcow erstellte Netzwerk-Gateway in Docker. Das Relaying \u00fcber diese Schnittstelle ist notwendig (anstatt - zum Beispiel - direkt \u00fcber ${MAILCOW_HOSTNAME}), um \u00fcber ein bekanntes internes Netzwerk weiterzuleiten. Starten Sie Postfix neu, nachdem Sie Ihre \u00c4nderungen vorgenommen haben.","title":"Lokaler MTA auf Docker-Host"},{"location":"de/post_installation/firststeps-logging/","text":"Das Logging in mailcow: dockerized besteht aus mehreren Stufen, ist aber immerhin wesentlich flexibler und einfacher in einen Logging-Daemon zu integrieren als bisher. In Docker schreibt die containerisierte Anwendung (PID 1) ihre Ausgabe auf stdout. F\u00fcr echte Ein-Anwendungs-Container funktioniert das sehr gut. F\u00fchren Sie folgenden Befehl aus, um mehr zu erfahren: docker compose (Plugin) docker-compose (Standalone) docker compose logs --help docker-compose logs --help Einige Container protokollieren oder streamen an mehrere Ziele. Kein Container wird persistente Logs in sich behalten. Container sind fl\u00fcchtige Objekte! Am Ende wird jede Zeile der Logs den Docker-Daemon erreichen - ungefiltert. Der Standard-Logging-Treiber ist \"json \" . Gefilterte Logs \u00b6 Einige Logs werden gefiltert und in Redis-Schl\u00fcssel geschrieben, aber auch in einen Redis-Kanal gestreamt. Der Redis-Kanal wird verwendet, um Protokolle mit fehlgeschlagenen Authentifizierungsversuchen zu streamen, die von netfilter-mailcow gelesen werden. Die Redis-Schl\u00fcssel sind persistent und halten 10000 Zeilen von Logs f\u00fcr die Web-UI. Dieser Mechanismus macht es m\u00f6glich, jeden beliebigen Docker-Logging-Treiber zu verwenden, ohne die ohne die F\u00e4higkeit zu verlieren, Logs von der UI zu lesen oder verd\u00e4chtige Clients mit netfilter-mailcow zu sperren. Redis-Schl\u00fcssel enthalten nur Logs von Anwendungen und filtern Systemmeldungen heraus (man denke an Cron etc.). Logging-Treiber \u00b6 \u00dcber docker-compose.override.yml \u00b6 Hier ist die gute Nachricht: Da Docker einige gro\u00dfartige Logging-Treiber hat, k\u00f6nnen Sie mailcow: dockerized mit Leichtigkeit in Ihre bestehende Logging-Umgebung integrieren. Erstellen Sie eine docker-compose.override.yml und f\u00fcgen Sie zum Beispiel diesen Block hinzu, um das \"gelf\" Logging-Plugin f\u00fcr postfix-mailcow zu verwenden: version: '2.1' services: postfix-mailcow: # oder ein anderer logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Ein weiteres Beispiel f\u00fcr Syslog : version: '2.1' services: postfix-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" Nur f\u00fcr rsyslog: \u00b6 Stellen Sie sicher, dass folgende Zeilen in /etc/rsyslog.conf nicht auskommentiert sind: # provides UDP syslog reception module(load=\"imudp\") input(type=\"imudp\" port=\"514\") Um Eing\u00e4nge von local3 in /var/log/mailcow.log zu leiten und danach die Verarbeitung zu stoppen, erstellen Sie die Datei /etc/rsyslog.d/docker.conf : local3.* /var/log/mailcow.log & stop Starten Sie rsyslog danach neu. \u00dcber daemon.json (global) \u00b6 Wenn Sie den Logging-Treiber global \u00e4ndern wollen, editieren Sie die Konfigurationsdatei des Docker-Daemons /etc/docker/daemon.json und starten Sie den Docker-Dienst neu: { [...] \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } [...] } F\u00fcr Syslog: { [...] \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } [...] } Starten Sie den Docker-Daemon neu und f\u00fchren Sie die folgenden Befehle aus, um die Container mit dem neuen Protokollierungstreiber neu zu erstellen: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d Log rotation \u00b6 Da diese Logs sehr gro\u00df werden k\u00f6nnen, ist es eine gute Idee logrotate zu nutzen, um Logs nach einer gewissen Zeit zu komprimieren und zu l\u00f6schen. Erstellen Sie die Datei /etc/logrotate.d/mailcow mit folgendem Inhalt: /var/log/mailcow.log { rotate 7 daily compress delaycompress missingok notifempty create 660 root root } Mit dieser Konfiguration wird logrotate t\u00e4glich ausgef\u00fchrt und es werden maximal 7 Archive gespeichert. Um die Logdatei w\u00f6chentlich oder monatlich zu rotieren, muss daily durch weekly oder respektive monthly ersetzt werden. Um mehr Archive zu speichern, muss die Nummer hinter rotate angepasst werden. Danach kann logrotate neu gestartet werden.","title":"Logging"},{"location":"de/post_installation/firststeps-logging/#gefilterte-logs","text":"Einige Logs werden gefiltert und in Redis-Schl\u00fcssel geschrieben, aber auch in einen Redis-Kanal gestreamt. Der Redis-Kanal wird verwendet, um Protokolle mit fehlgeschlagenen Authentifizierungsversuchen zu streamen, die von netfilter-mailcow gelesen werden. Die Redis-Schl\u00fcssel sind persistent und halten 10000 Zeilen von Logs f\u00fcr die Web-UI. Dieser Mechanismus macht es m\u00f6glich, jeden beliebigen Docker-Logging-Treiber zu verwenden, ohne die ohne die F\u00e4higkeit zu verlieren, Logs von der UI zu lesen oder verd\u00e4chtige Clients mit netfilter-mailcow zu sperren. Redis-Schl\u00fcssel enthalten nur Logs von Anwendungen und filtern Systemmeldungen heraus (man denke an Cron etc.).","title":"Gefilterte Logs"},{"location":"de/post_installation/firststeps-logging/#logging-treiber","text":"","title":"Logging-Treiber"},{"location":"de/post_installation/firststeps-logging/#uber-docker-composeoverrideyml","text":"Hier ist die gute Nachricht: Da Docker einige gro\u00dfartige Logging-Treiber hat, k\u00f6nnen Sie mailcow: dockerized mit Leichtigkeit in Ihre bestehende Logging-Umgebung integrieren. Erstellen Sie eine docker-compose.override.yml und f\u00fcgen Sie zum Beispiel diesen Block hinzu, um das \"gelf\" Logging-Plugin f\u00fcr postfix-mailcow zu verwenden: version: '2.1' services: postfix-mailcow: # oder ein anderer logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Ein weiteres Beispiel f\u00fcr Syslog : version: '2.1' services: postfix-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # oder ein anderer logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\"","title":"\u00dcber docker-compose.override.yml"},{"location":"de/post_installation/firststeps-logging/#nur-fur-rsyslog","text":"Stellen Sie sicher, dass folgende Zeilen in /etc/rsyslog.conf nicht auskommentiert sind: # provides UDP syslog reception module(load=\"imudp\") input(type=\"imudp\" port=\"514\") Um Eing\u00e4nge von local3 in /var/log/mailcow.log zu leiten und danach die Verarbeitung zu stoppen, erstellen Sie die Datei /etc/rsyslog.d/docker.conf : local3.* /var/log/mailcow.log & stop Starten Sie rsyslog danach neu.","title":"Nur f\u00fcr rsyslog:"},{"location":"de/post_installation/firststeps-logging/#uber-daemonjson-global","text":"Wenn Sie den Logging-Treiber global \u00e4ndern wollen, editieren Sie die Konfigurationsdatei des Docker-Daemons /etc/docker/daemon.json und starten Sie den Docker-Dienst neu: { [...] \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } [...] } F\u00fcr Syslog: { [...] \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } [...] } Starten Sie den Docker-Daemon neu und f\u00fchren Sie die folgenden Befehle aus, um die Container mit dem neuen Protokollierungstreiber neu zu erstellen: docker compose (Plugin) docker-compose (Standalone) docker compose down docker compose up -d docker-compose down docker-compose up -d","title":"\u00dcber daemon.json (global)"},{"location":"de/post_installation/firststeps-logging/#log-rotation","text":"Da diese Logs sehr gro\u00df werden k\u00f6nnen, ist es eine gute Idee logrotate zu nutzen, um Logs nach einer gewissen Zeit zu komprimieren und zu l\u00f6schen. Erstellen Sie die Datei /etc/logrotate.d/mailcow mit folgendem Inhalt: /var/log/mailcow.log { rotate 7 daily compress delaycompress missingok notifempty create 660 root root } Mit dieser Konfiguration wird logrotate t\u00e4glich ausgef\u00fchrt und es werden maximal 7 Archive gespeichert. Um die Logdatei w\u00f6chentlich oder monatlich zu rotieren, muss daily durch weekly oder respektive monthly ersetzt werden. Um mehr Archive zu speichern, muss die Nummer hinter rotate angepasst werden. Danach kann logrotate neu gestartet werden.","title":"Log rotation"},{"location":"de/post_installation/firststeps-rp/","text":"Sie m\u00fcssen die Nginx-Seite, die mit mailcow: dockerized geliefert wird, nicht \u00e4ndern. mailcow: dockerized vertraut auf das Standard-Gateway IP 172.22.1.1 als Proxy. 1. Stellen Sie sicher, dass Sie HTTP_BIND und HTTPS_BIND in mailcow.conf auf eine lokale Adresse \u00e4ndern und die Ports entsprechend einstellen, zum Beispiel: HTTP_BIND = 127 .0.0.1 HTTP_PORT = 8080 HTTPS_BIND = 127 .0.0.1 HTTPS_PORT = 8443 Dadurch werden auch die Bindungen innerhalb des Nginx-Containers ge\u00e4ndert! Dies ist wichtig, wenn Sie sich entscheiden, einen Proxy innerhalb von Docker zu verwenden. WICHTIG: Verwenden Sie nicht Port 8081, 9081 oder 65510! Erzeugen Sie die betroffenen Container neu, indem Sie docker compose up -d ausf\u00fchren. Wichtige Informationen, bitte lesen Sie diese sorgf\u00e4ltig durch! Info Wenn Sie planen, einen Reverse-Proxy zu verwenden und einen anderen Servernamen als MAILCOW_HOSTNAME verwenden wollen, m\u00fcssen Sie Zus\u00e4tzliche Servernamen f\u00fcr mailcow UI am Ende dieser Seite hinzuf\u00fcgen. Warning Stellen Sie sicher, dass Sie generate_config.sh ausf\u00fchren, bevor Sie die untenstehenden Konfigurationsbeispiele aktivieren. Das Skript generate_config.sh kopiert die Snake-oil Zertifikate an den richtigen Ort, so dass die Dienste nicht aufgrund fehlender Dateien nicht starten k\u00f6nnen. Warning Wenn Sie TLS SNI aktivieren ( ENABLE_TLS_SNI in mailcow.conf), m\u00fcssen die Zertifikatspfade in Ihrem Reverse-Proxy mit den korrekten Pfaden in data/assets/ssl/{hostname} \u00fcbereinstimmen. Die Zertifikate werden in data/assets/ssl/{hostname1,hostname2,etc} aufgeteilt und werden daher nicht funktionieren, wenn Sie die Beispiele von unten kopieren, die auf data/assets/ssl/cert.pem etc. zeigen. Info Die Verwendung der untenstehenden Site-Konfigurationen wird acme-Anfragen an mailcow weiterleiten und es die Zertifikate selbst verwalten lassen. Der Nachteil der Verwendung von mailcow als ACME-Client hinter einem Reverse-Proxy ist, dass Sie Ihren Webserver neu laden m\u00fcssen, nachdem acme-mailcow das Zertifikat ge\u00e4ndert/erneuert/erstellt hat. Sie k\u00f6nnen entweder Ihren Webserver t\u00e4glich neu laden oder ein Skript schreiben, um die Datei auf \u00c4nderungen zu \u00fcberwachen. Auf vielen Servern wird logrotate den Webserver sowieso t\u00e4glich neu laden. Wenn Sie eine lokale Certbot-Installation verwenden m\u00f6chten, m\u00fcssen Sie die SSL-Zertifikatsparameter entsprechend \u00e4ndern. Stellen Sie sicher, dass Sie ein Post-Hook-Skript ausf\u00fchren, wenn Sie sich entscheiden, externe ACME-Clients zu verwenden. Ein Beispiel finden Sie am Ende dieser Seite. 2. Konfigurieren Sie Ihren lokalen Webserver als Reverse Proxy: Apache 2.4 \u00b6 Erforderliche Module: a2enmod rewrite proxy proxy_http headers ssl Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden problemlos funktionieren. Die hervorgehobenen Zeilen m\u00fcssen beachtet werden . ServerName ZU MAILCOW HOSTNAMEN \u00c4NDERN ServerAlias autodiscover.* ServerAlias autoconfig.* RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L] ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"http\" ServerName ZU MAILCOW HOSTNAMEN \u00c4NDERN ServerAlias autodiscover.* ServerAlias autoconfig.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"https\" SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem # Wenn Sie einen HTTPS-Host als Proxy verwenden m\u00f6chten: #SSLProxyEngine On # Wenn Sie einen Proxy f\u00fcr einen nicht vertrauensw\u00fcrdigen HTTPS-Host einrichten wollen: #SSLProxyVerify none #SSLProxyCheckPeerCN off #SSLProxyCheckPeerName off #SSLProxyCheckPeerExpire off Nginx \u00b6 Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlos. Achten Sie auf die hervorgehobenen Zeilen . server { listen 80 default_server; listen [::]:80 default_server; server_name ZU MAILCOW HOSTNAMEN \u00c4NDERN autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ZU MAILCOW HOSTNAMEN \u00c4NDERN autodiscover.* autoconfig.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Siehe https://ssl-config.mozilla.org/#server=nginx f\u00fcr die neuesten Empfehlungen zu ssl-Einstellungen # Ein Beispiel f\u00fcr eine Konfiguration ist unten angegeben ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; location /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 75; proxy_send_timeout 3650; proxy_read_timeout 3650; proxy_buffers 64 512k; # Seit dem 2022-04 Update n\u00f6tig f\u00fcr SOGo client_body_buffer_size 512k; client_max_body_size 0; } location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # Die folgenden Proxy-Buffer m\u00fcssen gesetzt werden, wenn Sie SOGo nach dem Update 2022-04 (April 2022) verwenden wollen # Andernfalls wird ein Login wie folgt fehlschlagen: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } HAProxy (von der Community unterst\u00fctzt) \u00b6 Warnung Dies ist ein nicht unterst\u00fctzter Community Beitrag. Korrekturen sind immer erw\u00fcnscht! Wichtig/Fix erw\u00fcnscht : Dieses Beispiel leitet nur HTTPS-Verkehr weiter und benutzt nicht den in mailcow eingebauten ACME-Client. frontend https-in bind :::443 v4v6 ssl crt mailcow.pem default_backend mailcow backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check Traefik v2 (von der Community unterst\u00fctzt) \u00b6 Warnung Dies ist ein nicht unterst\u00fctzter Community Beitrag. Korrekturen sind immer erw\u00fcnscht! Wichtig : Diese Konfiguration deckt nur das \"Reverseproxing\" des Webpanels (nginx-mailcow) unter Verwendung von Traefik v2 ab. Wenn Sie auch die Mail-Dienste wie dovecot, postfix... reproxen wollen, m\u00fcssen Sie die folgende Konfiguration an jeden Container anpassen und einen EntryPoint in Ihrer traefik.toml oder traefik.yml (je nachdem, welche Konfiguration Sie verwenden) f\u00fcr jeden Port erstellen. In diesem Abschnitt gehen wir davon aus, dass Sie Ihren Traefik 2 [certificatesresolvers] in Ihrer Traefik-Konfigurationsdatei richtig konfiguriert haben und auch acme verwenden. Das folgende Beispiel verwendet Lets Encrypt, aber Sie k\u00f6nnen es gerne auf Ihren eigenen Zertifikatsresolver \u00e4ndern. Eine grundlegende Traefik 2 toml-Konfigurationsdatei mit allen oben genannten Elementen, die f\u00fcr dieses Beispiel verwendet werden kann, finden Sie hier traefik.toml , falls Sie eine solche Datei ben\u00f6tigen oder einen Hinweis, wie Sie Ihre Konfiguration anpassen k\u00f6nnen. Zuallererst werden wir den acme-mailcow-Container deaktivieren, da wir die von traefik bereitgestellten Zertifikate verwenden werden. Dazu m\u00fcssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf setzen und docker compose up -d ausf\u00fchren, um die \u00c4nderungen zu \u00fcbernehmen. Dann erstellen wir eine docker-compose.override.yml Datei, um die Hauptdatei docker-compose.yml zu \u00fcberschreiben, die sich im Mailcow-Stammverzeichnis befindet. version : '2.1' services : nginx-mailcow : networks : # Traefiks Netzwerk hinzuf\u00fcgen web : labels : - traefik.enable=true # Erstellt einen Router namens \"moo\" f\u00fcr den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verkn\u00fcpfen, # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable. - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`) # Aktiviert tls \u00fcber den zuvor erstellten Router. - traefik.http.routers.moo.tls=true # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt). - traefik.http.routers.moo.tls.certresolver=le # Erzeugt einen Dienst namens \"moo\" f\u00fcr den Container und gibt an, welchen internen Port des Containers # Traefik die eingehenden Daten weiterleiten soll. - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} # Gibt an, welchen Eingangspunkt (externer Port) traefik f\u00fcr diesen Container abh\u00f6ren soll. # Websecure ist Port 443, siehe die Datei traefik.toml wie oben. - traefik.http.routers.moo.entrypoints=websecure # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network - traefik.docker.network=web certdumper : image : humenius/traefik-certs-dumper command : --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1 network_mode : none volumes : # Binden Sie das Volume, das Traefiks `acme.json' Datei enth\u00e4lt, ein - acme:/traefik:ro # SSL-Ordner von mailcow einh\u00e4ngen - ./data/assets/ssl/:/output:rw # Binden Sie den Docker Socket ein, damit traefik-certs-dumper die Container neu starten kann - /var/run/docker.sock:/var/run/docker.sock:ro restart : always environment : # \u00c4ndern Sie dies nur, wenn Sie eine andere Domain f\u00fcr Mailcows Web-Frontend verwenden als in der Standard-Konfiguration - DOMAIN=${MAILCOW_HOSTNAME} networks : web : external : true # Name des externen Netzwerks name : traefik_web volumes : acme : external : true # Name des externen Docker Volumes, welches Traefiks `acme.json' Datei enth\u00e4lt name : traefik_acme Starten Sie die neuen Container mit docker compose up -d . Da Traefik 2 ein acme v2 Format verwendet, um ALLE Zertifikaten von allen Domains zu speichern, m\u00fcssen wir einen Weg finden, die Zertifikate auszulagern. Zum Gl\u00fcck haben wir [diesen kleinen Container] ( https://hub.docker.com/r/humenius/traefik-certs-dumper ), der die Datei acme.json \u00fcber ein Volume und eine Variable DOMAIN=example. org , und damit wird der Container die cert.pem und key.pem Dateien ausgeben, daf\u00fcr lassen wir einfach den traefik-certs-dumper Container laufen, binden das /traefik Volume an den Ordner, in dem unsere acme.json gespeichert ist, binden das /output Volume an unseren mailcow data/assets/ssl/ Ordner, und setzen die DOMAIN=example.org Variable auf die Domain, von der wir die Zertifikate ausgeben wollen. Dieser Container \u00fcberwacht die Datei acme.json auf \u00c4nderungen und generiert die Dateien cert.pem und key.pem direkt in data/assets/ssl/ , wobei der Pfad mit dem /output -Pfad des Containers verbunden ist. Sie k\u00f6nnen es \u00fcber die Kommandozeile ausf\u00fchren oder das [hier] gezeigte docker compose verwenden ( https://hub.docker.com/r/humenius/traefik-certs-dumper ). Nachdem wir die Zertifikate \u00fcbertragen haben, m\u00fcssen wir die Konfigurationen aus unseren Postfix- und Dovecot-Containern neu laden und die Zertifikate \u00fcberpr\u00fcfen. Wie das geht, sehen Sie hier . Und das sollte es gewesen sein \ud83d\ude0a, Sie k\u00f6nnen \u00fcberpr\u00fcfen, ob der Traefik-Router einwandfrei funktioniert, indem Sie das Dashboard von Traefik / traefik logs / \u00fcber https auf die eingestellte Domain zugreifen, oder / und HTTPS, SMTP und IMAP mit den Befehlen auf der zuvor verlinkten Seite \u00fcberpr\u00fcfen. Caddy v2 (von der Community unterst\u00fctzt) \u00b6 Warnung Dies ist ein nicht unterst\u00fctzter Communitybeitrag. Korrekturen sind immer erw\u00fcnscht! Die Konfiguration von Caddy mit mailcow ist sehr simpel. In der Caddyfile muss einfach nur ein Bereich f\u00fcr den E-Mailserver angelegt werden. Bspw: MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled roll_size 512M roll_uncompressed roll_local_time roll_keep 3 roll_keep_for 48h } } reverse_proxy 127.0.0.1:HTTP_BIND } Dies erlaubt es Caddy automatisch die Zertifikate zu erstellen und den Traffic f\u00fcr diese erw\u00e4hnten Domains anzunehmen und an mailcow weiterzuleiten. Wichtig : Der ACME Client der mailcow muss deaktiviert sein, da es sonst zu Fehlern seitens mailcow kommt. Da Caddy sich direkt selbst um die Zertifikate k\u00fcmmert, k\u00f6nnen wir mit dem folgenden Skript die Caddy generierten Zertifikate in die mailcow inkludieren: #!/bin/bash MD5SUM_CURRENT_CERT =( $( md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem ) ) MD5SUM_NEW_CERT =( $( md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt ) ) if [ $MD5SUM_CURRENT_CERT ! = $MD5SUM_NEW_CERT ] ; then cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c = $( docker ps -qaf name = postfix-mailcow ) dovecot_c = $( docker ps -qaf name = dovecot-mailcow ) nginx_c = $( docker ps -qaf name = nginx-mailcow ) docker restart ${ postfix_c } ${ dovecot_c } ${ nginx_c } else echo \"Certs not copied from Caddy (Not needed)\" fi Achtung Der Zertifikatspfad von Caddy variiert je nach Installationsart. Bei diesem Installationsbeispiel wurde Caddy mithilfe des Caddy Repos ( weitere Informationen hier ) installiert. Um den Caddy Zertifikatspfad auf Ihrem System herauszufinden, gen\u00fcgt ein find / -name \"certificates\" . Dieses Skript k\u00f6nnte dann als Cronjob jede Stunde aufgerufen werden: 0 * * * * /bin/bash /path/to/script/deploy-certs.sh >/dev/null 2 > & 1 Optional: Post-Hook-Skript f\u00fcr nicht-mailcow ACME-Clients \u00b6 Die Verwendung eines lokalen Certbots (oder eines anderen ACME-Clients) erfordert den Neustart einiger Container, was Sie mit einem Post-Hook-Skript erledigen k\u00f6nnen. Stellen Sie sicher, dass Sie die Pfade entsprechend \u00e4ndern: #!/bin/bash cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c} Hinzuf\u00fcgen weiterer Servernamen f\u00fcr mailcow UI \u00b6 Wenn Sie vorhaben, einen Servernamen zu verwenden, der nicht MAILCOW_HOSTNAME in Ihrem Reverse-Proxy ist, stellen Sie sicher, dass Sie diesen Namen zuerst in mailcow.conf \u00fcber ADDITIONAL_SERVER_NAMES einpflegen. Die Namen m\u00fcssen durch Kommas getrennt werden und d\u00fcrfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt \u00fcberspringen, kann es sein, dass mailcow auf Ihren Reverse-Proxy mit einer falschen Seite antwortet. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld F\u00fchren Sie docker compose up -d zum Anwenden aus.","title":"Reverse Proxy"},{"location":"de/post_installation/firststeps-rp/#apache-24","text":"Erforderliche Module: a2enmod rewrite proxy proxy_http headers ssl Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden problemlos funktionieren. Die hervorgehobenen Zeilen m\u00fcssen beachtet werden . ServerName ZU MAILCOW HOSTNAMEN \u00c4NDERN ServerAlias autodiscover.* ServerAlias autoconfig.* RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L] ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"http\" ServerName ZU MAILCOW HOSTNAMEN \u00c4NDERN ServerAlias autodiscover.* ServerAlias autoconfig.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ProxyPreserveHost On ProxyAddHeaders On RequestHeader set X-Forwarded-Proto \"https\" SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem # Wenn Sie einen HTTPS-Host als Proxy verwenden m\u00f6chten: #SSLProxyEngine On # Wenn Sie einen Proxy f\u00fcr einen nicht vertrauensw\u00fcrdigen HTTPS-Host einrichten wollen: #SSLProxyVerify none #SSLProxyCheckPeerCN off #SSLProxyCheckPeerName off #SSLProxyCheckPeerExpire off ","title":"Apache 2.4"},{"location":"de/post_installation/firststeps-rp/#nginx","text":"Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlos. Achten Sie auf die hervorgehobenen Zeilen . server { listen 80 default_server; listen [::]:80 default_server; server_name ZU MAILCOW HOSTNAMEN \u00c4NDERN autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ZU MAILCOW HOSTNAMEN \u00c4NDERN autodiscover.* autoconfig.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Siehe https://ssl-config.mozilla.org/#server=nginx f\u00fcr die neuesten Empfehlungen zu ssl-Einstellungen # Ein Beispiel f\u00fcr eine Konfiguration ist unten angegeben ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; location /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 75; proxy_send_timeout 3650; proxy_read_timeout 3650; proxy_buffers 64 512k; # Seit dem 2022-04 Update n\u00f6tig f\u00fcr SOGo client_body_buffer_size 512k; client_max_body_size 0; } location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # Die folgenden Proxy-Buffer m\u00fcssen gesetzt werden, wenn Sie SOGo nach dem Update 2022-04 (April 2022) verwenden wollen # Andernfalls wird ein Login wie folgt fehlschlagen: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } }","title":"Nginx"},{"location":"de/post_installation/firststeps-rp/#haproxy-von-der-community-unterstutzt","text":"Warnung Dies ist ein nicht unterst\u00fctzter Community Beitrag. Korrekturen sind immer erw\u00fcnscht! Wichtig/Fix erw\u00fcnscht : Dieses Beispiel leitet nur HTTPS-Verkehr weiter und benutzt nicht den in mailcow eingebauten ACME-Client. frontend https-in bind :::443 v4v6 ssl crt mailcow.pem default_backend mailcow backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check","title":"HAProxy (von der Community unterst\u00fctzt)"},{"location":"de/post_installation/firststeps-rp/#traefik-v2-von-der-community-unterstutzt","text":"Warnung Dies ist ein nicht unterst\u00fctzter Community Beitrag. Korrekturen sind immer erw\u00fcnscht! Wichtig : Diese Konfiguration deckt nur das \"Reverseproxing\" des Webpanels (nginx-mailcow) unter Verwendung von Traefik v2 ab. Wenn Sie auch die Mail-Dienste wie dovecot, postfix... reproxen wollen, m\u00fcssen Sie die folgende Konfiguration an jeden Container anpassen und einen EntryPoint in Ihrer traefik.toml oder traefik.yml (je nachdem, welche Konfiguration Sie verwenden) f\u00fcr jeden Port erstellen. In diesem Abschnitt gehen wir davon aus, dass Sie Ihren Traefik 2 [certificatesresolvers] in Ihrer Traefik-Konfigurationsdatei richtig konfiguriert haben und auch acme verwenden. Das folgende Beispiel verwendet Lets Encrypt, aber Sie k\u00f6nnen es gerne auf Ihren eigenen Zertifikatsresolver \u00e4ndern. Eine grundlegende Traefik 2 toml-Konfigurationsdatei mit allen oben genannten Elementen, die f\u00fcr dieses Beispiel verwendet werden kann, finden Sie hier traefik.toml , falls Sie eine solche Datei ben\u00f6tigen oder einen Hinweis, wie Sie Ihre Konfiguration anpassen k\u00f6nnen. Zuallererst werden wir den acme-mailcow-Container deaktivieren, da wir die von traefik bereitgestellten Zertifikate verwenden werden. Dazu m\u00fcssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf setzen und docker compose up -d ausf\u00fchren, um die \u00c4nderungen zu \u00fcbernehmen. Dann erstellen wir eine docker-compose.override.yml Datei, um die Hauptdatei docker-compose.yml zu \u00fcberschreiben, die sich im Mailcow-Stammverzeichnis befindet. version : '2.1' services : nginx-mailcow : networks : # Traefiks Netzwerk hinzuf\u00fcgen web : labels : - traefik.enable=true # Erstellt einen Router namens \"moo\" f\u00fcr den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verkn\u00fcpfen, # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable. - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`) # Aktiviert tls \u00fcber den zuvor erstellten Router. - traefik.http.routers.moo.tls=true # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt). - traefik.http.routers.moo.tls.certresolver=le # Erzeugt einen Dienst namens \"moo\" f\u00fcr den Container und gibt an, welchen internen Port des Containers # Traefik die eingehenden Daten weiterleiten soll. - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} # Gibt an, welchen Eingangspunkt (externer Port) traefik f\u00fcr diesen Container abh\u00f6ren soll. # Websecure ist Port 443, siehe die Datei traefik.toml wie oben. - traefik.http.routers.moo.entrypoints=websecure # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network - traefik.docker.network=web certdumper : image : humenius/traefik-certs-dumper command : --restart-containers ${COMPOSE_PROJECT_NAME}-postfix-mailcow-1,${COMPOSE_PROJECT_NAME}-nginx-mailcow-1,${COMPOSE_PROJECT_NAME}-dovecot-mailcow-1 network_mode : none volumes : # Binden Sie das Volume, das Traefiks `acme.json' Datei enth\u00e4lt, ein - acme:/traefik:ro # SSL-Ordner von mailcow einh\u00e4ngen - ./data/assets/ssl/:/output:rw # Binden Sie den Docker Socket ein, damit traefik-certs-dumper die Container neu starten kann - /var/run/docker.sock:/var/run/docker.sock:ro restart : always environment : # \u00c4ndern Sie dies nur, wenn Sie eine andere Domain f\u00fcr Mailcows Web-Frontend verwenden als in der Standard-Konfiguration - DOMAIN=${MAILCOW_HOSTNAME} networks : web : external : true # Name des externen Netzwerks name : traefik_web volumes : acme : external : true # Name des externen Docker Volumes, welches Traefiks `acme.json' Datei enth\u00e4lt name : traefik_acme Starten Sie die neuen Container mit docker compose up -d . Da Traefik 2 ein acme v2 Format verwendet, um ALLE Zertifikaten von allen Domains zu speichern, m\u00fcssen wir einen Weg finden, die Zertifikate auszulagern. Zum Gl\u00fcck haben wir [diesen kleinen Container] ( https://hub.docker.com/r/humenius/traefik-certs-dumper ), der die Datei acme.json \u00fcber ein Volume und eine Variable DOMAIN=example. org , und damit wird der Container die cert.pem und key.pem Dateien ausgeben, daf\u00fcr lassen wir einfach den traefik-certs-dumper Container laufen, binden das /traefik Volume an den Ordner, in dem unsere acme.json gespeichert ist, binden das /output Volume an unseren mailcow data/assets/ssl/ Ordner, und setzen die DOMAIN=example.org Variable auf die Domain, von der wir die Zertifikate ausgeben wollen. Dieser Container \u00fcberwacht die Datei acme.json auf \u00c4nderungen und generiert die Dateien cert.pem und key.pem direkt in data/assets/ssl/ , wobei der Pfad mit dem /output -Pfad des Containers verbunden ist. Sie k\u00f6nnen es \u00fcber die Kommandozeile ausf\u00fchren oder das [hier] gezeigte docker compose verwenden ( https://hub.docker.com/r/humenius/traefik-certs-dumper ). Nachdem wir die Zertifikate \u00fcbertragen haben, m\u00fcssen wir die Konfigurationen aus unseren Postfix- und Dovecot-Containern neu laden und die Zertifikate \u00fcberpr\u00fcfen. Wie das geht, sehen Sie hier . Und das sollte es gewesen sein \ud83d\ude0a, Sie k\u00f6nnen \u00fcberpr\u00fcfen, ob der Traefik-Router einwandfrei funktioniert, indem Sie das Dashboard von Traefik / traefik logs / \u00fcber https auf die eingestellte Domain zugreifen, oder / und HTTPS, SMTP und IMAP mit den Befehlen auf der zuvor verlinkten Seite \u00fcberpr\u00fcfen.","title":"Traefik v2 (von der Community unterst\u00fctzt)"},{"location":"de/post_installation/firststeps-rp/#caddy-v2-von-der-community-unterstutzt","text":"Warnung Dies ist ein nicht unterst\u00fctzter Communitybeitrag. Korrekturen sind immer erw\u00fcnscht! Die Konfiguration von Caddy mit mailcow ist sehr simpel. In der Caddyfile muss einfach nur ein Bereich f\u00fcr den E-Mailserver angelegt werden. Bspw: MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled roll_size 512M roll_uncompressed roll_local_time roll_keep 3 roll_keep_for 48h } } reverse_proxy 127.0.0.1:HTTP_BIND } Dies erlaubt es Caddy automatisch die Zertifikate zu erstellen und den Traffic f\u00fcr diese erw\u00e4hnten Domains anzunehmen und an mailcow weiterzuleiten. Wichtig : Der ACME Client der mailcow muss deaktiviert sein, da es sonst zu Fehlern seitens mailcow kommt. Da Caddy sich direkt selbst um die Zertifikate k\u00fcmmert, k\u00f6nnen wir mit dem folgenden Skript die Caddy generierten Zertifikate in die mailcow inkludieren: #!/bin/bash MD5SUM_CURRENT_CERT =( $( md5sum /opt/mailcow-dockerized/data/assets/ssl/cert.pem ) ) MD5SUM_NEW_CERT =( $( md5sum /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt ) ) if [ $MD5SUM_CURRENT_CERT ! = $MD5SUM_NEW_CERT ] ; then cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.crt /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/your.domain.tld/your.domain.tld.key /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c = $( docker ps -qaf name = postfix-mailcow ) dovecot_c = $( docker ps -qaf name = dovecot-mailcow ) nginx_c = $( docker ps -qaf name = nginx-mailcow ) docker restart ${ postfix_c } ${ dovecot_c } ${ nginx_c } else echo \"Certs not copied from Caddy (Not needed)\" fi Achtung Der Zertifikatspfad von Caddy variiert je nach Installationsart. Bei diesem Installationsbeispiel wurde Caddy mithilfe des Caddy Repos ( weitere Informationen hier ) installiert. Um den Caddy Zertifikatspfad auf Ihrem System herauszufinden, gen\u00fcgt ein find / -name \"certificates\" . Dieses Skript k\u00f6nnte dann als Cronjob jede Stunde aufgerufen werden: 0 * * * * /bin/bash /path/to/script/deploy-certs.sh >/dev/null 2 > & 1","title":"Caddy v2 (von der Community unterst\u00fctzt)"},{"location":"de/post_installation/firststeps-rp/#optional-post-hook-skript-fur-nicht-mailcow-acme-clients","text":"Die Verwendung eines lokalen Certbots (oder eines anderen ACME-Clients) erfordert den Neustart einiger Container, was Sie mit einem Post-Hook-Skript erledigen k\u00f6nnen. Stellen Sie sicher, dass Sie die Pfade entsprechend \u00e4ndern: #!/bin/bash cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c}","title":"Optional: Post-Hook-Skript f\u00fcr nicht-mailcow ACME-Clients"},{"location":"de/post_installation/firststeps-rp/#hinzufugen-weiterer-servernamen-fur-mailcow-ui","text":"Wenn Sie vorhaben, einen Servernamen zu verwenden, der nicht MAILCOW_HOSTNAME in Ihrem Reverse-Proxy ist, stellen Sie sicher, dass Sie diesen Namen zuerst in mailcow.conf \u00fcber ADDITIONAL_SERVER_NAMES einpflegen. Die Namen m\u00fcssen durch Kommas getrennt werden und d\u00fcrfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt \u00fcberspringen, kann es sein, dass mailcow auf Ihren Reverse-Proxy mit einer falschen Seite antwortet. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld F\u00fchren Sie docker compose up -d zum Anwenden aus.","title":"Hinzuf\u00fcgen weiterer Servernamen f\u00fcr mailcow UI"},{"location":"de/post_installation/firststeps-rspamd_ui/","text":"Rspamd ist ein einfach zu benutzendes Spam-Filter-Tool, das derzeit mit mailcow installiert ist. Gehen Sie zum mailcow Web-Admin-Interface Navigieren Sie zur Registerkarte Zugang.(Zugang > Rspamd UI) \u00c4ndern Sie das Rspamd UI Passwort Gehen Sie in einem Browser zu https://${MAILCOW_HOSTNAME}/rspamd und melden Sie sich an! Weitere Konfigurationsoptionen und Dokumentation finden Sie hier: https://rspamd.com/webui/","title":"Rspamd UI"},{"location":"de/post_installation/firststeps-snat/","text":"SNAT wird verwendet, um die Quelladresse der von mailcow gesendeten Pakete zu \u00e4ndern. Es kann verwendet werden, um die ausgehende IP-Adresse auf Systemen mit mehreren IP-Adressen zu \u00e4ndern. \u00d6ffnen Sie mailcow.conf , setzen Sie einen oder beide der folgenden Parameter: # Benutze diese IPv4 f\u00fcr ausgehende Verbindungen (SNAT) SNAT_TO_SOURCE=1.2.3.4 # Benutze dieses IPv6 f\u00fcr ausgehende Verbindungen (SNAT) SNAT6_TO_SOURCE=dead:beef F\u00fchren Sie docker compose up -d aus. Die Werte werden von netfilter-mailcow gelesen. netfilter-mailcow stellt sicher, dass die Post-Routing-Regeln auf Position 1 in der Netfilter-Tabelle stehen. Es l\u00f6scht sie automatisch und legt sie neu an, wenn sie an einer anderen Position als 1 gefunden werden. \u00dcberpr\u00fcfen Sie die Ausgabe von docker compose logs --tail=200 netfilter-mailcow , um sicherzustellen, dass die SNAT-Einstellungen angewendet wurden.","title":"SNAT"},{"location":"de/post_installation/firststeps-ssl/","text":"Let's Encrypt (wird mitgeliefert) \u00b6 Der \"acme-mailcow\" Container wird versuchen, ein LE-Zertifikat f\u00fcr ${MAILCOW_HOSTNAME} , autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN zu erhalten. Warning mailcow muss auf Port 80 verf\u00fcgbar sein, damit der acme-Client funktioniert. Unsere Reverse Proxy Beispielkonfigurationen decken das ab. Sie k\u00f6nnen auch jeden externen ACME-Client (z.B. certbot) verwenden, um Zertifikate zu erhalten, aber Sie m\u00fcssen sicherstellen, dass sie an den richtigen Ort kopiert werden und ein Post-Hook die betroffenen Container neu l\u00e4dt. Weitere Informationen finden Sie in der Reverse Proxy-Dokumentation. Standardm\u00e4\u00dfig, d.h. 0 Domains sind zu mailcow hinzugef\u00fcgt, wird es versuchen, ein Zertifikat f\u00fcr ${MAILCOW_HOSTNAME} zu erhalten. F\u00fcr jede hinzugef\u00fcgte Domain wird versucht, autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN in die IPv6-Adresse oder - falls IPv6 in der Domain nicht konfiguriert ist - in die IPv4-Adresse aufzul\u00f6sen. Wenn dies gelingt, wird ein Name als SAN zur Zertifikatsanforderung hinzugef\u00fcgt. Nur Namen, die validiert werden k\u00f6nnen, werden als SAN hinzugef\u00fcgt. F\u00fcr jede Domain, die Sie entfernen, wird das Zertifikat verschoben und ein neues Zertifikat angefordert. Es ist nicht m\u00f6glich, Domains in einem Zertifikat zu behalten, wenn wir nicht in der Lage sind, die Challenge f\u00fcr diese zu validieren. Wenn Sie den ACME-Client neu starten wollen, verwenden Sie docker compose restart acme-mailcow und \u00fcberwachen Sie die Protokolle mit docker compose logs --tail=200 -f acme-mailcow . Zus\u00e4tzliche Domain-Namen \u00b6 Bearbeiten Sie \"mailcow.conf\" und f\u00fcgen Sie einen Parameter ADDITIONAL_SAN wie folgt hinzu: Verwenden Sie keine Anf\u00fchrungszeichen ( \" ) und keine Leerzeichen zwischen den Namen! ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.* Jeder Name wird anhand seiner IPv6-Adresse oder - wenn IPv6 in Ihrer Dom\u00e4ne nicht konfiguriert ist - anhand seiner IPv4-Adresse \u00fcberpr\u00fcft. Ein Wildcard-Name wie smtp.* wird versuchen, ein smtp.DOMAIN_NAME SAN f\u00fcr jede zu mailcow hinzugef\u00fcgte Domain zu erhalten. F\u00fchren Sie docker compose up -d aus, um betroffene Container automatisch neu zu erstellen. Info Die Verwendung anderer Namen als MAILCOW_HOSTNAME f\u00fcr den Zugriff auf das mailcow UI kann weitere Konfiguration erfordern. Wenn Sie planen, einen anderen Servernamen als MAILCOW_HOSTNAME f\u00fcr den Zugriff auf die mailcow UI zu verwenden (z.B. durch Hinzuf\u00fcgen von mail.* zu ADDITIONAL_SAN ), stellen Sie sicher, dass Sie diesen Namen in mailcow.conf \u00fcber ADDITIONAL_SERVER_NAMES eintragen. Die Namen m\u00fcssen durch Kommas getrennt sein und d\u00fcrfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt auslassen, kann mailcow mit einer falschen Seite antworten. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld F\u00fchren Sie docker compose up -d aus, um es anzuwenden. Erneuerung erzwingen \u00b6 Um eine Erneuerung zu erzwingen, m\u00fcssen Sie eine Datei namens force_renew erstellen und den acme-mailcow Container neu starten: cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew docker compose restart acme-mailcow # Pr\u00fcfen Sie nun die Logs auf eine Erneuerung docker compose logs --tail=200 -f acme-mailcow Die Datei wird automatisch gel\u00f6scht. Validierungsfehler und wie man die Validierung \u00fcberspringt \u00b6 Sie k\u00f6nnen die IP-\u00dcberpr\u00fcfung \u00fcberspringen, indem Sie SKIP_IP_CHECK=y in mailcow.conf setzen (keine Anf\u00fchrungszeichen). Seien Sie gewarnt, dass eine Fehlkonfiguration dazu f\u00fchrt, dass Sie von Let's Encrypt eingeschr\u00e4nkt werden! Dies ist vor allem f\u00fcr Multi-IP-Setups n\u00fctzlich, bei denen der IP-Check die falsche Quell-IP-Adresse zur\u00fcckgeben w\u00fcrde. Aufgrund der Verwendung von dynamischen IPs f\u00fcr acme-mailcow ist Source-NAT bei Neustarts nicht konsistent. Wenn Sie Probleme mit der \"HTTP-Validierung\" haben, aber Ihre IP-Adressbest\u00e4tigung erfolgreich ist, verwenden Sie h\u00f6chstwahrscheinlich firewalld, ufw oder eine andere Firewall, die Verbindungen von br-mailcow zu Ihrem externen Interface verbietet. Sowohl firewalld als auch ufw lassen dies standardm\u00e4\u00dfig nicht zu. Es reicht oft nicht aus, diese Firewall-Dienste einfach zu stoppen. Sie m\u00fcssen mailcow stoppen ( docker compose down ), den Firewall-Dienst stoppen, die Ketten flushen und Docker neu starten. Sie k\u00f6nnen diese Validierungsmethode auch \u00fcberspringen, indem Sie SKIP_HTTP_VERIFICATION=y in \"mailcow.conf\" setzen. Seien Sie gewarnt, dass dies nicht zu empfehlen ist. In den meisten F\u00e4llen wird die HTTP-\u00dcberpr\u00fcfung \u00fcbersprungen, um unbekannte NAT-Reflection-Probleme zu umgehen, die durch das Ignorieren dieser spezifischen Netzwerk-Fehlkonfiguration nicht gel\u00f6st werden. Wenn Sie Probleme haben, TLSA-Eintr\u00e4ge in der DNS-\u00dcbersicht innerhalb von mailcow zu generieren, haben Sie h\u00f6chstwahrscheinlich Probleme mit NAT-Reflexion, die Sie beheben sollten. Wenn du einen SKIP_* Parameter ge\u00e4ndert hast, f\u00fchre docker compose up -d aus, um deine \u00c4nderungen zu \u00fcbernehmen. Deaktivieren Sie Let's Encrypt \u00b6 Deaktivieren Sie Let's Encrypt vollst\u00e4ndig \u00b6 Setzen Sie SKIP_LETS_ENCRYPT=y in \"mailcow.conf\" und erstellen Sie \"acme-mailcow\" neu, indem Sie docker compose up -d ausf\u00fchren. Alle Namen au\u00dfer ${MAILCOW_HOSTNAME} \u00fcberspringen \u00b6 F\u00fcgen Sie ONLY_MAILCOW_HOSTNAME=y zu \"mailcow.conf\" hinzu und erstellen Sie \"acme-mailcow\" neu, indem Sie docker compose up -d ausf\u00fchren. Das Let's Encrypt subjectAltName-Limit von 100 Domains \u00b6 Let's Encrypt hat derzeit ein Limit von 100 Domainnamen pro Zertifikat . Standardm\u00e4\u00dfig erstellt \"acme-mailcow\" ein einzelnes SAN-Zertifikat f\u00fcr alle validierten Domains (siehe den ersten Abschnitt und Zus\u00e4tzliche Domainnamen ). Dies bietet beste Kompatibilit\u00e4t, bedeutet aber, dass das Let's Encrypt-Limit \u00fcberschritten wird, wenn Sie zu viele Domains zu einer einzelnen Mailcow-Installation hinzuf\u00fcgen. Um dies zu l\u00f6sen, k\u00f6nnen Sie ENABLE_SSL_SNI so konfigurieren, dass es generiert wird: Ein Hauptserver-Zertifikat mit MAILCOW_HOSTNAME und allen voll qualifizierten Domainnamen in der ADDITIONAL_SAN Konfiguration Ein zus\u00e4tzliches Zertifikat f\u00fcr jede in der Datenbank gefundene Domain mit autodiscover. , autoconfig. und jeder anderen in diesem Format konfigurierten ADDITIONAL_SAN (subdomain.*). Begrenzungen: Ein Zertifikatsname ADDITIONAL_SAN=test.example.com wird als SAN zum Hauptzertifikat hinzugef\u00fcgt. Ein separates Zertifikat/Schl\u00fcsselpaar wird f\u00fcr dieses Format nicht erzeugt. Postfix, Dovecot und Nginx werden dann diese Zertifikate mit SNI bedienen. Setzen Sie ENABLE_SSL_SNI=y in \"mailcow.conf\" und erstellen Sie \"acme-mailcow\" durch Ausf\u00fchren von docker compose up -d . Warning Nicht alle Clients unterst\u00fctzen SNI, siehe Dovecot Dokumentation oder Wikipedia . Sie sollten sicherstellen, dass diese Clients den MAILCOW_HOSTNAME f\u00fcr sichere Verbindungen verwenden, wenn Sie diese Funktion aktivieren. Hier ist ein Beispiel: MAILCOW_HOSTNAME=server.email.tld ADDITIONAL_SAN=webmail.email.tld,mail.* Mailcow E-Mail-Dom\u00e4nen: \"domain1.tld\" und \"domain2.tld\" Die folgenden Zertifikate werden generiert: server.email.tld, webmail.email.tld -> dies ist das Standard-Zertifikat, alle Clients k\u00f6nnen sich mit diesen Domains verbinden mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individuelles Zertifikat f\u00fcr domain1.tld, kann von Clients ohne SNI-Unterst\u00fctzung nicht verwendet werden mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individuelles Zertifikat f\u00fcr domain2.tld, kann von Clients ohne SNI-Unterst\u00fctzung nicht verwendet werden Ein eigenes Zertifikat verwenden \u00b6 Stellen Sie sicher, dass Sie mailcows internen LE-Client deaktivieren (siehe oben). Um Ihre eigenen Zertifikate zu verwenden, speichern Sie einfach das kombinierte Zertifikat (mit dem Zertifikat und der zwischengeschalteten CA/CA, falls vorhanden) unter data/assets/ssl/cert.pem und den entsprechenden Schl\u00fcssel unter data/assets/ssl/key.pem . WICHTIG: Verwenden Sie keine symbolischen Links! Stellen Sie sicher, dass Sie die Zertifikate kopieren und sie nicht mit data/assets/ssl verkn\u00fcpfen. Starten Sie die betroffenen Dienste anschlie\u00dfend neu: docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) docker restart $(docker ps -qaf name=dovecot-mailcow) Siehe Post-Hook-Skript f\u00fcr Nicht-Mailcow-ACME-Clients f\u00fcr ein vollst\u00e4ndiges Beispielskript. Test gegen das ACME-Verzeichnis \u00b6 Bearbeiten Sie mailcow.conf und f\u00fcgen Sie LE_STAGING=y hinzu. F\u00fchren Sie docker compose up -d aus, um Ihre \u00c4nderungen zu aktivieren. Benutzerdefinierte Verzeichnis-URL \u00b6 Editieren Sie mailcow.conf und f\u00fcgen Sie die entsprechende Verzeichnis-URL in die neue Variable DIRECTORY_URL ein: DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory Sie k\u00f6nnen LE_STAGING nicht mit DIRECTORY_URL verwenden. Wenn beide gesetzt sind, wird nur LE_STAGING verwendet. F\u00fchren Sie docker compose up -d aus, um Ihre \u00c4nderungen zu aktivieren. \u00dcberpr\u00fcfen Sie Ihre Konfiguration \u00b6 F\u00fchren Sie docker compose logs acme-mailcow aus, um herauszufinden, warum eine Validierung fehlschl\u00e4gt. Um zu \u00fcberpr\u00fcfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie einfach einen Browser Ihrer Wahl und \u00fcberpr\u00fcfen Sie das angezeigte Zertifikat. Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu \u00fcberpr\u00fcfen, verwenden wir openssl : # Verbindung \u00fcber SMTP (587) echo \"Q\" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 # Verbindung \u00fcber IMAP (143) echo \"Q\" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 # Verbindung \u00fcber HTTPS (443) echo \"Q\" | openssl s_client -connect mx.mailcow.email:443 Um die von openssl zur\u00fcckgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, k\u00f6nnen Sie unser Hilfsskript verwenden: cd /opt/mailcow-dockerized bash helper-scripts/expiry-dates.sh","title":"Erweitertes SSL"},{"location":"de/post_installation/firststeps-ssl/#lets-encrypt-wird-mitgeliefert","text":"Der \"acme-mailcow\" Container wird versuchen, ein LE-Zertifikat f\u00fcr ${MAILCOW_HOSTNAME} , autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN zu erhalten. Warning mailcow muss auf Port 80 verf\u00fcgbar sein, damit der acme-Client funktioniert. Unsere Reverse Proxy Beispielkonfigurationen decken das ab. Sie k\u00f6nnen auch jeden externen ACME-Client (z.B. certbot) verwenden, um Zertifikate zu erhalten, aber Sie m\u00fcssen sicherstellen, dass sie an den richtigen Ort kopiert werden und ein Post-Hook die betroffenen Container neu l\u00e4dt. Weitere Informationen finden Sie in der Reverse Proxy-Dokumentation. Standardm\u00e4\u00dfig, d.h. 0 Domains sind zu mailcow hinzugef\u00fcgt, wird es versuchen, ein Zertifikat f\u00fcr ${MAILCOW_HOSTNAME} zu erhalten. F\u00fcr jede hinzugef\u00fcgte Domain wird versucht, autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN in die IPv6-Adresse oder - falls IPv6 in der Domain nicht konfiguriert ist - in die IPv4-Adresse aufzul\u00f6sen. Wenn dies gelingt, wird ein Name als SAN zur Zertifikatsanforderung hinzugef\u00fcgt. Nur Namen, die validiert werden k\u00f6nnen, werden als SAN hinzugef\u00fcgt. F\u00fcr jede Domain, die Sie entfernen, wird das Zertifikat verschoben und ein neues Zertifikat angefordert. Es ist nicht m\u00f6glich, Domains in einem Zertifikat zu behalten, wenn wir nicht in der Lage sind, die Challenge f\u00fcr diese zu validieren. Wenn Sie den ACME-Client neu starten wollen, verwenden Sie docker compose restart acme-mailcow und \u00fcberwachen Sie die Protokolle mit docker compose logs --tail=200 -f acme-mailcow .","title":"Let's Encrypt (wird mitgeliefert)"},{"location":"de/post_installation/firststeps-ssl/#zusatzliche-domain-namen","text":"Bearbeiten Sie \"mailcow.conf\" und f\u00fcgen Sie einen Parameter ADDITIONAL_SAN wie folgt hinzu: Verwenden Sie keine Anf\u00fchrungszeichen ( \" ) und keine Leerzeichen zwischen den Namen! ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.* Jeder Name wird anhand seiner IPv6-Adresse oder - wenn IPv6 in Ihrer Dom\u00e4ne nicht konfiguriert ist - anhand seiner IPv4-Adresse \u00fcberpr\u00fcft. Ein Wildcard-Name wie smtp.* wird versuchen, ein smtp.DOMAIN_NAME SAN f\u00fcr jede zu mailcow hinzugef\u00fcgte Domain zu erhalten. F\u00fchren Sie docker compose up -d aus, um betroffene Container automatisch neu zu erstellen. Info Die Verwendung anderer Namen als MAILCOW_HOSTNAME f\u00fcr den Zugriff auf das mailcow UI kann weitere Konfiguration erfordern. Wenn Sie planen, einen anderen Servernamen als MAILCOW_HOSTNAME f\u00fcr den Zugriff auf die mailcow UI zu verwenden (z.B. durch Hinzuf\u00fcgen von mail.* zu ADDITIONAL_SAN ), stellen Sie sicher, dass Sie diesen Namen in mailcow.conf \u00fcber ADDITIONAL_SERVER_NAMES eintragen. Die Namen m\u00fcssen durch Kommas getrennt sein und d\u00fcrfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt auslassen, kann mailcow mit einer falschen Seite antworten. ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld F\u00fchren Sie docker compose up -d aus, um es anzuwenden.","title":"Zus\u00e4tzliche Domain-Namen"},{"location":"de/post_installation/firststeps-ssl/#erneuerung-erzwingen","text":"Um eine Erneuerung zu erzwingen, m\u00fcssen Sie eine Datei namens force_renew erstellen und den acme-mailcow Container neu starten: cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew docker compose restart acme-mailcow # Pr\u00fcfen Sie nun die Logs auf eine Erneuerung docker compose logs --tail=200 -f acme-mailcow Die Datei wird automatisch gel\u00f6scht.","title":"Erneuerung erzwingen"},{"location":"de/post_installation/firststeps-ssl/#validierungsfehler-und-wie-man-die-validierung-uberspringt","text":"Sie k\u00f6nnen die IP-\u00dcberpr\u00fcfung \u00fcberspringen, indem Sie SKIP_IP_CHECK=y in mailcow.conf setzen (keine Anf\u00fchrungszeichen). Seien Sie gewarnt, dass eine Fehlkonfiguration dazu f\u00fchrt, dass Sie von Let's Encrypt eingeschr\u00e4nkt werden! Dies ist vor allem f\u00fcr Multi-IP-Setups n\u00fctzlich, bei denen der IP-Check die falsche Quell-IP-Adresse zur\u00fcckgeben w\u00fcrde. Aufgrund der Verwendung von dynamischen IPs f\u00fcr acme-mailcow ist Source-NAT bei Neustarts nicht konsistent. Wenn Sie Probleme mit der \"HTTP-Validierung\" haben, aber Ihre IP-Adressbest\u00e4tigung erfolgreich ist, verwenden Sie h\u00f6chstwahrscheinlich firewalld, ufw oder eine andere Firewall, die Verbindungen von br-mailcow zu Ihrem externen Interface verbietet. Sowohl firewalld als auch ufw lassen dies standardm\u00e4\u00dfig nicht zu. Es reicht oft nicht aus, diese Firewall-Dienste einfach zu stoppen. Sie m\u00fcssen mailcow stoppen ( docker compose down ), den Firewall-Dienst stoppen, die Ketten flushen und Docker neu starten. Sie k\u00f6nnen diese Validierungsmethode auch \u00fcberspringen, indem Sie SKIP_HTTP_VERIFICATION=y in \"mailcow.conf\" setzen. Seien Sie gewarnt, dass dies nicht zu empfehlen ist. In den meisten F\u00e4llen wird die HTTP-\u00dcberpr\u00fcfung \u00fcbersprungen, um unbekannte NAT-Reflection-Probleme zu umgehen, die durch das Ignorieren dieser spezifischen Netzwerk-Fehlkonfiguration nicht gel\u00f6st werden. Wenn Sie Probleme haben, TLSA-Eintr\u00e4ge in der DNS-\u00dcbersicht innerhalb von mailcow zu generieren, haben Sie h\u00f6chstwahrscheinlich Probleme mit NAT-Reflexion, die Sie beheben sollten. Wenn du einen SKIP_* Parameter ge\u00e4ndert hast, f\u00fchre docker compose up -d aus, um deine \u00c4nderungen zu \u00fcbernehmen.","title":"Validierungsfehler und wie man die Validierung \u00fcberspringt"},{"location":"de/post_installation/firststeps-ssl/#deaktivieren-sie-lets-encrypt","text":"","title":"Deaktivieren Sie Let's Encrypt"},{"location":"de/post_installation/firststeps-ssl/#deaktivieren-sie-lets-encrypt-vollstandig","text":"Setzen Sie SKIP_LETS_ENCRYPT=y in \"mailcow.conf\" und erstellen Sie \"acme-mailcow\" neu, indem Sie docker compose up -d ausf\u00fchren.","title":"Deaktivieren Sie Let's Encrypt vollst\u00e4ndig"},{"location":"de/post_installation/firststeps-ssl/#alle-namen-auer-mailcow_hostname-uberspringen","text":"F\u00fcgen Sie ONLY_MAILCOW_HOSTNAME=y zu \"mailcow.conf\" hinzu und erstellen Sie \"acme-mailcow\" neu, indem Sie docker compose up -d ausf\u00fchren.","title":"Alle Namen au\u00dfer ${MAILCOW_HOSTNAME} \u00fcberspringen"},{"location":"de/post_installation/firststeps-ssl/#das-lets-encrypt-subjectaltname-limit-von-100-domains","text":"Let's Encrypt hat derzeit ein Limit von 100 Domainnamen pro Zertifikat . Standardm\u00e4\u00dfig erstellt \"acme-mailcow\" ein einzelnes SAN-Zertifikat f\u00fcr alle validierten Domains (siehe den ersten Abschnitt und Zus\u00e4tzliche Domainnamen ). Dies bietet beste Kompatibilit\u00e4t, bedeutet aber, dass das Let's Encrypt-Limit \u00fcberschritten wird, wenn Sie zu viele Domains zu einer einzelnen Mailcow-Installation hinzuf\u00fcgen. Um dies zu l\u00f6sen, k\u00f6nnen Sie ENABLE_SSL_SNI so konfigurieren, dass es generiert wird: Ein Hauptserver-Zertifikat mit MAILCOW_HOSTNAME und allen voll qualifizierten Domainnamen in der ADDITIONAL_SAN Konfiguration Ein zus\u00e4tzliches Zertifikat f\u00fcr jede in der Datenbank gefundene Domain mit autodiscover. , autoconfig. und jeder anderen in diesem Format konfigurierten ADDITIONAL_SAN (subdomain.*). Begrenzungen: Ein Zertifikatsname ADDITIONAL_SAN=test.example.com wird als SAN zum Hauptzertifikat hinzugef\u00fcgt. Ein separates Zertifikat/Schl\u00fcsselpaar wird f\u00fcr dieses Format nicht erzeugt. Postfix, Dovecot und Nginx werden dann diese Zertifikate mit SNI bedienen. Setzen Sie ENABLE_SSL_SNI=y in \"mailcow.conf\" und erstellen Sie \"acme-mailcow\" durch Ausf\u00fchren von docker compose up -d . Warning Nicht alle Clients unterst\u00fctzen SNI, siehe Dovecot Dokumentation oder Wikipedia . Sie sollten sicherstellen, dass diese Clients den MAILCOW_HOSTNAME f\u00fcr sichere Verbindungen verwenden, wenn Sie diese Funktion aktivieren. Hier ist ein Beispiel: MAILCOW_HOSTNAME=server.email.tld ADDITIONAL_SAN=webmail.email.tld,mail.* Mailcow E-Mail-Dom\u00e4nen: \"domain1.tld\" und \"domain2.tld\" Die folgenden Zertifikate werden generiert: server.email.tld, webmail.email.tld -> dies ist das Standard-Zertifikat, alle Clients k\u00f6nnen sich mit diesen Domains verbinden mail.domain1.tld, autoconfig.domain1.tld, autodiscover.domain1.tld -> individuelles Zertifikat f\u00fcr domain1.tld, kann von Clients ohne SNI-Unterst\u00fctzung nicht verwendet werden mail.domain2.tld, autoconfig.domain2.tld, autodiscover.domain2.tld -> individuelles Zertifikat f\u00fcr domain2.tld, kann von Clients ohne SNI-Unterst\u00fctzung nicht verwendet werden","title":"Das Let's Encrypt subjectAltName-Limit von 100 Domains"},{"location":"de/post_installation/firststeps-ssl/#ein-eigenes-zertifikat-verwenden","text":"Stellen Sie sicher, dass Sie mailcows internen LE-Client deaktivieren (siehe oben). Um Ihre eigenen Zertifikate zu verwenden, speichern Sie einfach das kombinierte Zertifikat (mit dem Zertifikat und der zwischengeschalteten CA/CA, falls vorhanden) unter data/assets/ssl/cert.pem und den entsprechenden Schl\u00fcssel unter data/assets/ssl/key.pem . WICHTIG: Verwenden Sie keine symbolischen Links! Stellen Sie sicher, dass Sie die Zertifikate kopieren und sie nicht mit data/assets/ssl verkn\u00fcpfen. Starten Sie die betroffenen Dienste anschlie\u00dfend neu: docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) docker restart $(docker ps -qaf name=dovecot-mailcow) Siehe Post-Hook-Skript f\u00fcr Nicht-Mailcow-ACME-Clients f\u00fcr ein vollst\u00e4ndiges Beispielskript.","title":"Ein eigenes Zertifikat verwenden"},{"location":"de/post_installation/firststeps-ssl/#test-gegen-das-acme-verzeichnis","text":"Bearbeiten Sie mailcow.conf und f\u00fcgen Sie LE_STAGING=y hinzu. F\u00fchren Sie docker compose up -d aus, um Ihre \u00c4nderungen zu aktivieren.","title":"Test gegen das ACME-Verzeichnis"},{"location":"de/post_installation/firststeps-ssl/#benutzerdefinierte-verzeichnis-url","text":"Editieren Sie mailcow.conf und f\u00fcgen Sie die entsprechende Verzeichnis-URL in die neue Variable DIRECTORY_URL ein: DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory Sie k\u00f6nnen LE_STAGING nicht mit DIRECTORY_URL verwenden. Wenn beide gesetzt sind, wird nur LE_STAGING verwendet. F\u00fchren Sie docker compose up -d aus, um Ihre \u00c4nderungen zu aktivieren.","title":"Benutzerdefinierte Verzeichnis-URL"},{"location":"de/post_installation/firststeps-ssl/#uberprufen-sie-ihre-konfiguration","text":"F\u00fchren Sie docker compose logs acme-mailcow aus, um herauszufinden, warum eine Validierung fehlschl\u00e4gt. Um zu \u00fcberpr\u00fcfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie einfach einen Browser Ihrer Wahl und \u00fcberpr\u00fcfen Sie das angezeigte Zertifikat. Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu \u00fcberpr\u00fcfen, verwenden wir openssl : # Verbindung \u00fcber SMTP (587) echo \"Q\" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 # Verbindung \u00fcber IMAP (143) echo \"Q\" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 # Verbindung \u00fcber HTTPS (443) echo \"Q\" | openssl s_client -connect mx.mailcow.email:443 Um die von openssl zur\u00fcckgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, k\u00f6nnen Sie unser Hilfsskript verwenden: cd /opt/mailcow-dockerized bash helper-scripts/expiry-dates.sh","title":"\u00dcberpr\u00fcfen Sie Ihre Konfiguration"},{"location":"de/post_installation/firststeps-sync_jobs_migration/","text":"Sync-Auftr\u00e4ge werden verwendet, um bestehende E-Mails von einem externen IMAP-Server oder innerhalb von mailcow's bestehenden Mailboxen zu kopieren oder zu verschieben. Info Abh\u00e4ngig von der ACL Ihrer Mailbox haben Sie m\u00f6glicherweise nicht die M\u00f6glichkeit, einen Sync-Job hinzuzuf\u00fcgen. Bitte kontaktieren Sie in diesem Fall Ihren Domain-Administrator. Einrichten eines Sync-Jobs \u00b6 Erstellen Sie unter dem Punkt \"Konfiguration > E-Mail-Setup\" oder \"Benutzereinstellungen\" einen neuen Synchronisierungsauftrag. Wenn Sie ein Administrator sind, w\u00e4hlen Sie den Benutzernamen der nachgelagerten mailcow-Mailbox im Dropdown-Men\u00fc \"Benutzername\". F\u00fcllen Sie die Felder \"Host\" und \"Port\" mit den entsprechenden korrekten Werten des vorgelagerten IMAP-Servers aus. Geben Sie in den Feldern \"Benutzername\" und \"Passwort\" die korrekten Zugangsdaten des vorgelagerten IMAP-Servers ein. W\u00e4hlen Sie die \"Verschl\u00fcsselungsmethode\". Wenn der vorgelagerte IMAP-Server Port 143 verwendet, ist es wahrscheinlich, dass die Verschl\u00fcsselungsmethode TLS und SSL f\u00fcr Port 993 ist. Sie k\u00f6nnen auch PLAIN-Authentifizierung verwenden, aber davon wird dringend abgeraten. Alle anderen Felder k\u00f6nnen Sie so lassen, wie sie sind, oder sie nach Belieben \u00e4ndern. Vergewissern Sie sich, dass Sie \"Aktiv\" ankreuzen und klicken Sie auf \"Hinzuf\u00fcgen\". Info Sobald Sie fertig sind, melden Sie sich in der Mailbox an und \u00fcberpr\u00fcfen Sie, ob alle E-Mails korrekt importiert wurden. Wenn alles gut geht, werden alle Ihre E-Mails in Ihrem neuen Postfach landen. Vergessen Sie nicht, den Synchronisierungsauftrag zu l\u00f6schen oder zu deaktivieren, nachdem er verwendet wurde.","title":"Migration von Sync-Jobs"},{"location":"de/post_installation/firststeps-sync_jobs_migration/#einrichten-eines-sync-jobs","text":"Erstellen Sie unter dem Punkt \"Konfiguration > E-Mail-Setup\" oder \"Benutzereinstellungen\" einen neuen Synchronisierungsauftrag. Wenn Sie ein Administrator sind, w\u00e4hlen Sie den Benutzernamen der nachgelagerten mailcow-Mailbox im Dropdown-Men\u00fc \"Benutzername\". F\u00fcllen Sie die Felder \"Host\" und \"Port\" mit den entsprechenden korrekten Werten des vorgelagerten IMAP-Servers aus. Geben Sie in den Feldern \"Benutzername\" und \"Passwort\" die korrekten Zugangsdaten des vorgelagerten IMAP-Servers ein. W\u00e4hlen Sie die \"Verschl\u00fcsselungsmethode\". Wenn der vorgelagerte IMAP-Server Port 143 verwendet, ist es wahrscheinlich, dass die Verschl\u00fcsselungsmethode TLS und SSL f\u00fcr Port 993 ist. Sie k\u00f6nnen auch PLAIN-Authentifizierung verwenden, aber davon wird dringend abgeraten. Alle anderen Felder k\u00f6nnen Sie so lassen, wie sie sind, oder sie nach Belieben \u00e4ndern. Vergewissern Sie sich, dass Sie \"Aktiv\" ankreuzen und klicken Sie auf \"Hinzuf\u00fcgen\". Info Sobald Sie fertig sind, melden Sie sich in der Mailbox an und \u00fcberpr\u00fcfen Sie, ob alle E-Mails korrekt importiert wurden. Wenn alles gut geht, werden alle Ihre E-Mails in Ihrem neuen Postfach landen. Vergessen Sie nicht, den Synchronisierungsauftrag zu l\u00f6schen oder zu deaktivieren, nachdem er verwendet wurde.","title":"Einrichten eines Sync-Jobs"},{"location":"de/prerequisite/prerequisite-dns/","text":"Nachstehend finden Sie eine Liste von empfohlenen DNS-Eintr\u00e4gen . Einige sind f\u00fcr einen Mailserver obligatorisch (A, MX), andere werden empfohlen, um eine gute Reputation aufzubauen (TXT/SPF) oder f\u00fcr die automatische Konfiguration von Mailclients verwendet (SRV). Referenzen \u00b6 Ein guter Artikel, der alle relevanten Themen abdeckt: \"3 DNS Records Every Email Marketer Must Know\" Ein weiterer guter Artikel, aber mit Zimbra als Beispielplattform: \"Best Practices on Email Protection: SPF, DKIM and DMARC\" Eine ausf\u00fchrliche Diskussion \u00fcber SPF, DKIM und DMARC: \"Wie Sie Spam beseitigen und Ihren Namen mit DMARC sch\u00fctzen\" Ein ausf\u00fchrlicher Leitfaden zum Verst\u00e4ndnis von DMARC: \"Entmystifizierung von DMARC: Ein Leitfaden zur Verhinderung von E-Mail-Spoofing\" Reverse DNS Ihrer IP-Adresse \u00b6 Stellen Sie sicher, dass der PTR-Eintrag Ihrer IP-Adresse mit dem FQDN Ihres mailcow-Hosts \u00fcbereinstimmt: ${MAILCOW_HOSTNAME} 1 . Dieser Eintrag wird normalerweise bei dem Provider gesetzt, von dem Sie die IP-Adresse (Server) gemietet haben. Die minimale DNS-Konfiguration \u00b6 Dieses Beispiel zeigt Ihnen eine Reihe von Eintr\u00e4gen f\u00fcr eine von mailcow verwaltete Domain. Jede Domain, die zu mailcow hinzugef\u00fcgt wird, ben\u00f6tigt mindestens diesen Satz an Eintr\u00e4gen, um korrekt zu funktionieren. # Name Typ Wert mail IN A 1.2.3.4 autodiscover IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) autoconfig IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) @ IN MX 10 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) Hinweis: Der mail DNS-Eintrag, der die Subdomain an die angegebene IP-Adresse bindet, muss nur f\u00fcr die Domain gesetzt werden, auf der mailcow l\u00e4uft und die f\u00fcr den Zugriff auf das Webinterface verwendet wird. F\u00fcr jede andere von mailcow verwaltete Domain leitet der MX -Eintrag den Datenverkehr entsprechend weiter. DKIM, SPF und DMARC \u00b6 Im folgenden Beispiel f\u00fcr eine DNS-Zonendatei wird ein einfacher SPF TXT-Eintrag verwendet, um nur DIESEM Server (dem MX) zu erlauben, E-Mails f\u00fcr Ihre Dom\u00e4ne zu senden. Jeder andere Server ist nicht zugelassen, kann es aber tun (\" ~all \"). Weitere Informationen finden Sie im SPF-Projekt . # Name Typ Wert @ IN TXT \"v=spf1 mx a -all\" Es wird dringend empfohlen, einen DKIM TXT-Eintrag in Ihrer mailcow UI zu erstellen und den entsprechenden TXT-Eintrag in Ihren DNS-Eintr\u00e4gen zu setzen. Bitte lesen Sie OpenDKIM f\u00fcr weitere Informationen. # Name Typ Wert dkim._domainkey IN TXT \"v=DKIM1; k=rsa; t=s; s=email; p=...\" Der letzte Schritt, um sich selbst und andere zu sch\u00fctzen, ist die Implementierung eines DMARC TXT-Datensatzes, zum Beispiel mit Hilfe des DMARC-Assistenten ( check ). # Name Typ Wert _dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org\" Die erweiterte DNS-Konfiguration \u00b6 SRV -Eintr\u00e4ge geben den/die Server f\u00fcr ein bestimmtes Protokoll in Ihrer Dom\u00e4ne an. Wenn Sie einen Dienst explizit als nicht bereitgestellt ank\u00fcndigen wollen, geben Sie \".\" als Zieladresse an (statt \"mail.example.org.\"). Bitte beachten Sie RFC 2782 . # Name Typ Priorit\u00e4t Gewicht Port Wert _autodiscover._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _caldavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _caldavs._tcp IN TXT \"path=/SOGo/dav/\" _carddavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _carddavs._tcp IN TXT \"path=/SOGo/dav/\" _imap._tcp IN SRV 0 1 143 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _imaps._tcp IN SRV 0 1 993 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _pop3._tcp IN SRV 0 1 110 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _pop3s._tcp IN SRV 0 1 995 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _sieve._tcp IN SRV 0 1 4190 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _smtps._tcp IN SRV 0 1 465 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _submission._tcp IN SRV 0 1 587 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) Testen \u00b6 Hier finden Sie einige Tools, mit denen Sie Ihre DNS-Konfiguration \u00fcberpr\u00fcfen k\u00f6nnen: MX Toolbox (DNS, SMTP, RBL) port25.com (DKIM, SPF) Mail-Tester (DKIM, DMARC, SPF) DMARC-Analysator (DMARC, SPF) MultiRBL.valli.org (DNSBL, RBL, FCrDNS) Verschiedenes \u00b6 Optionale DMARC-Statistiken \u00b6 Wenn Sie an Statistiken interessiert sind, k\u00f6nnen Sie sich zus\u00e4tzlich bei einem der vielen unten aufgef\u00fchrten DMARC-Statistikdienste anmelden - oder Ihre eigene Statistik selbst hosten. Tipp Es ist zu bedenken, dass wenn Sie DMARC-Statistik-Berichte an Ihren mailcow-Server anfordern und Ihr mailcow-Server nicht korrekt f\u00fcr den Empfang dieser Berichte konfiguriert ist, Sie m\u00f6glicherweise keine genauen und vollst\u00e4ndigen Ergebnisse erhalten. Bitte erw\u00e4gen Sie die Verwendung einer alternativen E-Mail-Domain f\u00fcr den Empfang von DMARC-Berichten. Es ist erw\u00e4hnenswert, dass die folgenden Vorschl\u00e4ge keine umfassende Liste aller verf\u00fcgbaren Dienste und Tools sind, sondern nur eine kleine Auswahl der vielen M\u00f6glichkeiten. Postmaster Tool parsedmarc (selbst gehostet) Fraudmarc Postmark Dmarcian Tipp Diese Dienste stellen Ihnen m\u00f6glicherweise einen TXT-Eintrag zur Verf\u00fcgung, den Sie in Ihre DNS-Eintr\u00e4ge einf\u00fcgen m\u00fcssen, so wie es der Anbieter vorschreibt. Bitte stellen Sie sicher, dass Sie die Dokumentation des Anbieters des von Ihnen gew\u00e4hlten Dienstes lesen, da dieser Prozess variieren kann. E-Mail-Test f\u00fcr SPF, DKIM und DMARC: \u00b6 Um eine rudiment\u00e4re E-Mail-Authentifizierungspr\u00fcfung durchzuf\u00fchren, senden Sie eine E-Mail an check-auth at verifier.port25.com und warten Sie auf eine Antwort. Sie werden einen Bericht \u00e4hnlich dem folgenden finden: ========================================================== Zusammenfassung der Ergebnisse ========================================================== SPF-Pr\u00fcfung: bestanden \"iprev\"-Pr\u00fcfung: bestanden DKIM-Pr\u00fcfung: bestanden DKIM-Pr\u00fcfung: bestanden SpamAssassin-Pr\u00fcfung: ham ========================================================== Einzelheiten: ========================================================== .... Der vollst\u00e4ndige Bericht enth\u00e4lt weitere technische Details. Fully Qualified Domain Name (FQDN) \u00b6 Ein Fully Qualified Domain Name ( FQDN ) ist der vollst\u00e4ndige (absolute) Dom\u00e4nenname f\u00fcr einen bestimmten Computer oder Host im Internet. Der FQDN besteht aus mindestens drei Teilen, die durch einen Punkt getrennt sind: dem Hostnamen, dem Dom\u00e4nennamen und der Top Level Domain (kurz TLD ). Im Beispiel mx.mailcow.email w\u00e4re der Hostname mx , der Domainname mailcow und die TLD email . \u21a9","title":"DNS Einstellungen"},{"location":"de/prerequisite/prerequisite-dns/#referenzen","text":"Ein guter Artikel, der alle relevanten Themen abdeckt: \"3 DNS Records Every Email Marketer Must Know\" Ein weiterer guter Artikel, aber mit Zimbra als Beispielplattform: \"Best Practices on Email Protection: SPF, DKIM and DMARC\" Eine ausf\u00fchrliche Diskussion \u00fcber SPF, DKIM und DMARC: \"Wie Sie Spam beseitigen und Ihren Namen mit DMARC sch\u00fctzen\" Ein ausf\u00fchrlicher Leitfaden zum Verst\u00e4ndnis von DMARC: \"Entmystifizierung von DMARC: Ein Leitfaden zur Verhinderung von E-Mail-Spoofing\"","title":"Referenzen"},{"location":"de/prerequisite/prerequisite-dns/#reverse-dns-ihrer-ip-adresse","text":"Stellen Sie sicher, dass der PTR-Eintrag Ihrer IP-Adresse mit dem FQDN Ihres mailcow-Hosts \u00fcbereinstimmt: ${MAILCOW_HOSTNAME} 1 . Dieser Eintrag wird normalerweise bei dem Provider gesetzt, von dem Sie die IP-Adresse (Server) gemietet haben.","title":"Reverse DNS Ihrer IP-Adresse"},{"location":"de/prerequisite/prerequisite-dns/#die-minimale-dns-konfiguration","text":"Dieses Beispiel zeigt Ihnen eine Reihe von Eintr\u00e4gen f\u00fcr eine von mailcow verwaltete Domain. Jede Domain, die zu mailcow hinzugef\u00fcgt wird, ben\u00f6tigt mindestens diesen Satz an Eintr\u00e4gen, um korrekt zu funktionieren. # Name Typ Wert mail IN A 1.2.3.4 autodiscover IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) autoconfig IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) @ IN MX 10 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) Hinweis: Der mail DNS-Eintrag, der die Subdomain an die angegebene IP-Adresse bindet, muss nur f\u00fcr die Domain gesetzt werden, auf der mailcow l\u00e4uft und die f\u00fcr den Zugriff auf das Webinterface verwendet wird. F\u00fcr jede andere von mailcow verwaltete Domain leitet der MX -Eintrag den Datenverkehr entsprechend weiter.","title":"Die minimale DNS-Konfiguration"},{"location":"de/prerequisite/prerequisite-dns/#dkim-spf-und-dmarc","text":"Im folgenden Beispiel f\u00fcr eine DNS-Zonendatei wird ein einfacher SPF TXT-Eintrag verwendet, um nur DIESEM Server (dem MX) zu erlauben, E-Mails f\u00fcr Ihre Dom\u00e4ne zu senden. Jeder andere Server ist nicht zugelassen, kann es aber tun (\" ~all \"). Weitere Informationen finden Sie im SPF-Projekt . # Name Typ Wert @ IN TXT \"v=spf1 mx a -all\" Es wird dringend empfohlen, einen DKIM TXT-Eintrag in Ihrer mailcow UI zu erstellen und den entsprechenden TXT-Eintrag in Ihren DNS-Eintr\u00e4gen zu setzen. Bitte lesen Sie OpenDKIM f\u00fcr weitere Informationen. # Name Typ Wert dkim._domainkey IN TXT \"v=DKIM1; k=rsa; t=s; s=email; p=...\" Der letzte Schritt, um sich selbst und andere zu sch\u00fctzen, ist die Implementierung eines DMARC TXT-Datensatzes, zum Beispiel mit Hilfe des DMARC-Assistenten ( check ). # Name Typ Wert _dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org\"","title":"DKIM, SPF und DMARC"},{"location":"de/prerequisite/prerequisite-dns/#die-erweiterte-dns-konfiguration","text":"SRV -Eintr\u00e4ge geben den/die Server f\u00fcr ein bestimmtes Protokoll in Ihrer Dom\u00e4ne an. Wenn Sie einen Dienst explizit als nicht bereitgestellt ank\u00fcndigen wollen, geben Sie \".\" als Zieladresse an (statt \"mail.example.org.\"). Bitte beachten Sie RFC 2782 . # Name Typ Priorit\u00e4t Gewicht Port Wert _autodiscover._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _caldavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _caldavs._tcp IN TXT \"path=/SOGo/dav/\" _carddavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _carddavs._tcp IN TXT \"path=/SOGo/dav/\" _imap._tcp IN SRV 0 1 143 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _imaps._tcp IN SRV 0 1 993 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _pop3._tcp IN SRV 0 1 110 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _pop3s._tcp IN SRV 0 1 995 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _sieve._tcp IN SRV 0 1 4190 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _smtps._tcp IN SRV 0 1 465 mail.example.org. (Ihr ${MAILCOW_HOSTNAME}) _submission._tcp IN SRV 0 1 587 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})","title":"Die erweiterte DNS-Konfiguration"},{"location":"de/prerequisite/prerequisite-dns/#testen","text":"Hier finden Sie einige Tools, mit denen Sie Ihre DNS-Konfiguration \u00fcberpr\u00fcfen k\u00f6nnen: MX Toolbox (DNS, SMTP, RBL) port25.com (DKIM, SPF) Mail-Tester (DKIM, DMARC, SPF) DMARC-Analysator (DMARC, SPF) MultiRBL.valli.org (DNSBL, RBL, FCrDNS)","title":"Testen"},{"location":"de/prerequisite/prerequisite-dns/#verschiedenes","text":"","title":"Verschiedenes"},{"location":"de/prerequisite/prerequisite-dns/#optionale-dmarc-statistiken","text":"Wenn Sie an Statistiken interessiert sind, k\u00f6nnen Sie sich zus\u00e4tzlich bei einem der vielen unten aufgef\u00fchrten DMARC-Statistikdienste anmelden - oder Ihre eigene Statistik selbst hosten. Tipp Es ist zu bedenken, dass wenn Sie DMARC-Statistik-Berichte an Ihren mailcow-Server anfordern und Ihr mailcow-Server nicht korrekt f\u00fcr den Empfang dieser Berichte konfiguriert ist, Sie m\u00f6glicherweise keine genauen und vollst\u00e4ndigen Ergebnisse erhalten. Bitte erw\u00e4gen Sie die Verwendung einer alternativen E-Mail-Domain f\u00fcr den Empfang von DMARC-Berichten. Es ist erw\u00e4hnenswert, dass die folgenden Vorschl\u00e4ge keine umfassende Liste aller verf\u00fcgbaren Dienste und Tools sind, sondern nur eine kleine Auswahl der vielen M\u00f6glichkeiten. Postmaster Tool parsedmarc (selbst gehostet) Fraudmarc Postmark Dmarcian Tipp Diese Dienste stellen Ihnen m\u00f6glicherweise einen TXT-Eintrag zur Verf\u00fcgung, den Sie in Ihre DNS-Eintr\u00e4ge einf\u00fcgen m\u00fcssen, so wie es der Anbieter vorschreibt. Bitte stellen Sie sicher, dass Sie die Dokumentation des Anbieters des von Ihnen gew\u00e4hlten Dienstes lesen, da dieser Prozess variieren kann.","title":"Optionale DMARC-Statistiken"},{"location":"de/prerequisite/prerequisite-dns/#e-mail-test-fur-spf-dkim-und-dmarc","text":"Um eine rudiment\u00e4re E-Mail-Authentifizierungspr\u00fcfung durchzuf\u00fchren, senden Sie eine E-Mail an check-auth at verifier.port25.com und warten Sie auf eine Antwort. Sie werden einen Bericht \u00e4hnlich dem folgenden finden: ========================================================== Zusammenfassung der Ergebnisse ========================================================== SPF-Pr\u00fcfung: bestanden \"iprev\"-Pr\u00fcfung: bestanden DKIM-Pr\u00fcfung: bestanden DKIM-Pr\u00fcfung: bestanden SpamAssassin-Pr\u00fcfung: ham ========================================================== Einzelheiten: ========================================================== .... Der vollst\u00e4ndige Bericht enth\u00e4lt weitere technische Details.","title":"E-Mail-Test f\u00fcr SPF, DKIM und DMARC:"},{"location":"de/prerequisite/prerequisite-dns/#fully-qualified-domain-name-fqdn","text":"Ein Fully Qualified Domain Name ( FQDN ) ist der vollst\u00e4ndige (absolute) Dom\u00e4nenname f\u00fcr einen bestimmten Computer oder Host im Internet. Der FQDN besteht aus mindestens drei Teilen, die durch einen Punkt getrennt sind: dem Hostnamen, dem Dom\u00e4nennamen und der Top Level Domain (kurz TLD ). Im Beispiel mx.mailcow.email w\u00e4re der Hostname mx , der Domainname mailcow und die TLD email . \u21a9","title":"Fully Qualified Domain Name (FQDN)"},{"location":"de/prerequisite/prerequisite-system/","text":"Bevor Sie mailcow: dockerized ausf\u00fchren, sollten Sie einige Voraussetzungen \u00fcberpr\u00fcfen: Achtung Versuchen Sie nicht , mailcow auf einem Synology/QNAP-Ger\u00e4t (jedes NAS), OpenVZ, LXC oder anderen Container-Plattformen zu installieren. KVM, ESX, Hyper-V und andere vollst\u00e4ndige Virtualisierungsplattformen werden unterst\u00fctzt. Info mailcow: dockerized erfordert, dass einige Ports f\u00fcr eingehende Verbindungen offen sind, also stellen Sie sicher, dass Ihre Firewall diese nicht blockiert. Stellen Sie sicher, dass keine andere Anwendung die Konfiguration von mailcow st\u00f6rt, wie z.B. ein anderer Maildienst Ein korrektes DNS-Setup ist entscheidend f\u00fcr jedes gute Mailserver-Setup, also stellen Sie bitte sicher, dass Sie zumindest die basics abgedeckt haben, bevor Sie beginnen! Stellen Sie sicher, dass Ihr System ein korrektes Datum und eine korrekte Zeiteinstellung hat. Dies ist entscheidend f\u00fcr verschiedene Komponenten wie die Zwei-Faktor-TOTP-Authentifizierung. Minimale Systemressourcen \u00b6 Nicht unterst\u00fctzt OpenVZ, Virtuozzo und LXC Bitte stellen Sie sicher, dass Ihr System mindestens \u00fcber die folgenden Ressourcen verf\u00fcgt: Ressource mailcow: dockerized CPU 1 GHz RAM Minimum 6 GiB + 1 GiB Swap (Standardkonfiguration) Festplatte 20 GiB (ohne Emails) Systemtyp x86_64 ClamAV und Solr k\u00f6nnen sehr viel Arbeitspeicher verbrauchen. Sie k\u00f6nnen diese in der mailcow.conf durch die Einstellungen SKIP_CLAMD=y und SKIP_SOLR=y jedoch auch deaktivieren. Info Wir sind uns bewusst, dass ein reiner MTA auf 128 MiB RAM laufen kann. mailcow ist eine ausgewachsene und gebrauchsfertige Groupware mit vielen Extras, die das Leben einfacher machen. Diese kommt mit einem Webserver, Webmailer, ActiveSync (MS), Antivirus, Antispam, Indexierung (Solr), Dokumentenscanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, verschiedenen Webdiensten etc. Ein einzelner SOGo-Worker kann ~350 MiB RAM belegen, bevor er geleert wird. Je mehr ActiveSync-Verbindungen Sie verwenden m\u00f6chten, desto mehr RAM wird ben\u00f6tigt. In der Standardkonfiguration werden 20 Arbeiter erzeugt. Beispiele f\u00fcr die RAM Planung \u00b6 Ein Unternehmen mit 15 Smartphones (EAS aktiviert) und etwa 50 gleichzeitigen IMAP-Verbindungen sollte 16 GiB RAM einplanen. 6 GiB RAM + 1 GiB Swap sind f\u00fcr die meisten privaten Installationen ausreichend, w\u00e4hrend 8 GiB RAM f\u00fcr ~5 bis 10 Benutzer empfohlen werden. Im Rahmen unseres Supports k\u00f6nnen wir Ihnen bei der korrekten Planung Ihres Setups helfen. Unterst\u00fctzte Betriebssysteme \u00b6 Grunds\u00e4tzlich kann mailcow auf jeder Distribution verwendet werden, die von Docker CE unterst\u00fctzt wird (siehe https://docs.docker.com/install/ ). Es kann jedoch in vereinzelten F\u00e4llen zu einer Inkompatibilit\u00e4t der Betriebssysteme und den mailcow Komponenten kommen. Die folgende Tabelle enth\u00e4lt alle von uns offiziell unterst\u00fctzten und getesteten Betriebssysteme ( Stand November 2022 ): Betriebssystem Kompatibilit\u00e4t Alpine 3.16 und \u00e4lter \u26a0\ufe0f Centos 7 \u2705 Debian 10, 11 \u2705 Ubuntu 18.04, 20.04, 22.04 \u2705 Rocky Linux 9 \u2754 Legende \u2705 = Funktioniert out of the box anhand der Anleitung. \u26a0\ufe0f = Erfordert einige manuelle Anpassungen , sonst aber nutzbar. \u274c = Generell NICHT Kompatibel . \u2754 = Ausstehend. Hinweis: Andere (nicht genannte Betriebssysteme) k\u00f6nnen auch funktionieren, sind jedoch nicht offiziell getestet worden. Firewall & Ports \u00b6 Bitte \u00fcberpr\u00fcfen Sie, ob alle Standard-Ports von mailcow offen sind und nicht von anderen Anwendungen genutzt werden: ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' # oder: netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' Vorsicht Es gibt einige Probleme mit dem Betrieb von mailcow auf einem Firewalld/ufw aktivierten System. Sie sollten es deaktivieren (wenn m\u00f6glich) und stattdessen Ihren Regelsatz in die DOCKER-USER-Kette verschieben, die nicht durch einen Neustart des Docker-Dienstes gel\u00f6scht wird. Siehe diese (blog.donnex.net) oder diese (unrouted.io) Anleitung f\u00fcr Informationen dar\u00fcber, wie man iptables-persistent mit der DOCKER-USER Kette benutzt. Da mailcow im Docker-Modus l\u00e4uft, haben INPUT-Regeln keinen Effekt auf die Beschr\u00e4nkung des Zugriffs auf mailcow. Verwenden Sie stattdessen die FORWARD-Kette. Wenn dieser Befehl irgendwelche Ergebnisse liefert, entfernen oder stoppen Sie bitte die Anwendung, die auf diesem Port l\u00e4uft. Sie k\u00f6nnen mailcows Ports auch \u00fcber die Konfigurationsdatei mailcow.conf anpassen. Standard Ports \u00b6 Wenn Sie eine Firewall vor mailcow haben, stellen Sie bitte sicher, dass diese Ports f\u00fcr eingehende Verbindungen offen sind: Dienst Protokoll Port Container Variable Postfix SMTP TCP 25 postfix-mailcow ${SMTP_PORT} Postfix SMTPS TCP 465 postfix-mailcow ${SMTPS_PORT} Postfix Submission TCP 587 postfix-mailcow ${SUBMISSION_PORT} Dovecot IMAP TCP 143 dovecot-mailcow ${IMAP_PORT} Dovecot IMAPS TCP 993 dovecot-mailcow ${IMAPS_PORT} Dovecot POP3 TCP 110 dovecot-mailcow ${POP_PORT} Dovecot POP3S TCP 995 dovecot-mailcow ${POPS_PORT} Dovecot ManageSieve TCP 4190 dovecot-mailcow ${SIEVE_PORT} HTTP(S) TCP 80/443 nginx-mailcow ${HTTP_PORT} / ${HTTPS_PORT} Um einen Dienst an eine IP-Adresse zu binden, k\u00f6nnen Sie die IP-Adresse wie folgt voranstellen: SMTP_PORT=1.2.3.4:25 Wichtig : Sie k\u00f6nnen keine IP:PORT-Bindungen in HTTP_PORT und HTTPS_PORT verwenden. Bitte verwenden Sie stattdessen HTTP_PORT=1234 und HTTP_BIND=1.2.3.4 . Wichtig f\u00fcr Hetzner Firewalls \u00b6 Ich zitiere https://github.com/chermsen \u00fcber https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (DANKE!): F\u00fcr alle, die mit der Hetzner-Firewall zu k\u00e4mpfen haben: Port 53 ist in diesem Fall f\u00fcr die Firewall-Konfiguration unwichtig. Laut Dokumentation verwendet unbound den Portbereich 1024-65535 f\u00fcr ausgehende Anfragen. Da es sich bei der Hetzner Robot Firewall um eine statische Firewall handelt (jedes eingehende Paket wird isoliert gepr\u00fcft) - m\u00fcssen die folgenden Regeln angewendet werden: F\u00fcr TCP SRC-IP: --- DST-IP: --- SRC-Port: --- DST-Port: 1024-65535 Protokoll: tcp TCP-Flags: ack Aktion: Akzeptieren F\u00fcr UDP SRC-IP: --- DST-IP: --- SRC-Port: --- DST-Port: 1024-65535 Protokoll: udp Aktion: Akzeptieren Wenn man einen restriktiveren Portbereich anwenden will, muss man zuerst die Konfiguration von unbound \u00e4ndern (nach der Installation): {mailcow-dockerized}/data/conf/unbound/unbound.conf: ausgehender-Port-vermeiden: 0-32767 Nun k\u00f6nnen die Firewall-Regeln wie folgt angepasst werden: [...] DST Port: 32768-65535 [...] Datum und Uhrzeit \u00b6 Um sicherzustellen, dass Sie das richtige Datum und die richtige Zeit auf Ihrem System eingestellt haben, \u00fcberpr\u00fcfen Sie bitte die Ausgabe von timedatectl status : $ timedatectl status Lokale Zeit: Sat 2017-05-06 02:12:33 CEST Weltzeit: Sa 2017-05-06 00:12:33 UTC RTC-Zeit: Sa 2017-05-06 00:12:32 Zeitzone: Europa/Berlin (MESZ, +0200) NTP aktiviert: ja NTP synchronisiert: ja RTC in lokaler TZ: nein Sommerzeit aktiv: ja Letzte DST-\u00c4nderung: Sommerzeit begann am Sonne 2017-03-26 01:59:59 MEZ So 2017-03-26 03:00:00 MESZ N\u00e4chste Sommerzeit\u00e4nderung: Die Sommerzeit endet (die Uhr springt eine Stunde r\u00fcckw\u00e4rts) am Sun 2017-10-29 02:59:59 MESZ Sun 2017-10-29 02:00:00 MEZ Die Zeilen NTP aktiviert: ja und NTP synchronisiert: ja zeigen an, ob Sie NTP aktiviert haben und ob es synchronisiert ist. Um NTP zu aktivieren, m\u00fcssen Sie den Befehl timedatectl set-ntp true ausf\u00fchren. Sie m\u00fcssen auch Ihre /etc/systemd/timesyncd.conf bearbeiten: # vim /etc/systemd/timesyncd.conf [Zeit] NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org Hetzner Cloud (und wahrscheinlich andere) \u00b6 Pr\u00fcfen Sie /etc/network/interfaces.d/50-cloud-init.cfg und \u00e4ndern Sie die IPv6-Schnittstelle von eth0:0 auf eth0: # Falsch: auto eth0:0 iface eth0:0 inet6 static # Richtig: auto eth0 iface eth0 inet6 static Starten Sie die Schnittstelle neu, um die Einstellungen zu \u00fcbernehmen. Sie k\u00f6nnen au\u00dferdem die cloud-init Netzwerk\u00e4nderungen deaktivieren. MTU \u00b6 Besonders relevant f\u00fcr OpenStack-Benutzer: \u00dcberpr\u00fcfen Sie Ihre MTU und setzen Sie sie entsprechend in docker-compose.yml. Siehe Problebehandlungen in unseren Installationsanleitungen.","title":"Systemvoraussetzungen"},{"location":"de/prerequisite/prerequisite-system/#minimale-systemressourcen","text":"Nicht unterst\u00fctzt OpenVZ, Virtuozzo und LXC Bitte stellen Sie sicher, dass Ihr System mindestens \u00fcber die folgenden Ressourcen verf\u00fcgt: Ressource mailcow: dockerized CPU 1 GHz RAM Minimum 6 GiB + 1 GiB Swap (Standardkonfiguration) Festplatte 20 GiB (ohne Emails) Systemtyp x86_64 ClamAV und Solr k\u00f6nnen sehr viel Arbeitspeicher verbrauchen. Sie k\u00f6nnen diese in der mailcow.conf durch die Einstellungen SKIP_CLAMD=y und SKIP_SOLR=y jedoch auch deaktivieren. Info Wir sind uns bewusst, dass ein reiner MTA auf 128 MiB RAM laufen kann. mailcow ist eine ausgewachsene und gebrauchsfertige Groupware mit vielen Extras, die das Leben einfacher machen. Diese kommt mit einem Webserver, Webmailer, ActiveSync (MS), Antivirus, Antispam, Indexierung (Solr), Dokumentenscanner (Oletools), SQL (MariaDB), Cache (Redis), MDA, MTA, verschiedenen Webdiensten etc. Ein einzelner SOGo-Worker kann ~350 MiB RAM belegen, bevor er geleert wird. Je mehr ActiveSync-Verbindungen Sie verwenden m\u00f6chten, desto mehr RAM wird ben\u00f6tigt. In der Standardkonfiguration werden 20 Arbeiter erzeugt.","title":"Minimale Systemressourcen"},{"location":"de/prerequisite/prerequisite-system/#beispiele-fur-die-ram-planung","text":"Ein Unternehmen mit 15 Smartphones (EAS aktiviert) und etwa 50 gleichzeitigen IMAP-Verbindungen sollte 16 GiB RAM einplanen. 6 GiB RAM + 1 GiB Swap sind f\u00fcr die meisten privaten Installationen ausreichend, w\u00e4hrend 8 GiB RAM f\u00fcr ~5 bis 10 Benutzer empfohlen werden. Im Rahmen unseres Supports k\u00f6nnen wir Ihnen bei der korrekten Planung Ihres Setups helfen.","title":"Beispiele f\u00fcr die RAM Planung"},{"location":"de/prerequisite/prerequisite-system/#unterstutzte-betriebssysteme","text":"Grunds\u00e4tzlich kann mailcow auf jeder Distribution verwendet werden, die von Docker CE unterst\u00fctzt wird (siehe https://docs.docker.com/install/ ). Es kann jedoch in vereinzelten F\u00e4llen zu einer Inkompatibilit\u00e4t der Betriebssysteme und den mailcow Komponenten kommen. Die folgende Tabelle enth\u00e4lt alle von uns offiziell unterst\u00fctzten und getesteten Betriebssysteme ( Stand November 2022 ): Betriebssystem Kompatibilit\u00e4t Alpine 3.16 und \u00e4lter \u26a0\ufe0f Centos 7 \u2705 Debian 10, 11 \u2705 Ubuntu 18.04, 20.04, 22.04 \u2705 Rocky Linux 9 \u2754 Legende \u2705 = Funktioniert out of the box anhand der Anleitung. \u26a0\ufe0f = Erfordert einige manuelle Anpassungen , sonst aber nutzbar. \u274c = Generell NICHT Kompatibel . \u2754 = Ausstehend. Hinweis: Andere (nicht genannte Betriebssysteme) k\u00f6nnen auch funktionieren, sind jedoch nicht offiziell getestet worden.","title":"Unterst\u00fctzte Betriebssysteme"},{"location":"de/prerequisite/prerequisite-system/#firewall-ports","text":"Bitte \u00fcberpr\u00fcfen Sie, ob alle Standard-Ports von mailcow offen sind und nicht von anderen Anwendungen genutzt werden: ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' # oder: netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190' Vorsicht Es gibt einige Probleme mit dem Betrieb von mailcow auf einem Firewalld/ufw aktivierten System. Sie sollten es deaktivieren (wenn m\u00f6glich) und stattdessen Ihren Regelsatz in die DOCKER-USER-Kette verschieben, die nicht durch einen Neustart des Docker-Dienstes gel\u00f6scht wird. Siehe diese (blog.donnex.net) oder diese (unrouted.io) Anleitung f\u00fcr Informationen dar\u00fcber, wie man iptables-persistent mit der DOCKER-USER Kette benutzt. Da mailcow im Docker-Modus l\u00e4uft, haben INPUT-Regeln keinen Effekt auf die Beschr\u00e4nkung des Zugriffs auf mailcow. Verwenden Sie stattdessen die FORWARD-Kette. Wenn dieser Befehl irgendwelche Ergebnisse liefert, entfernen oder stoppen Sie bitte die Anwendung, die auf diesem Port l\u00e4uft. Sie k\u00f6nnen mailcows Ports auch \u00fcber die Konfigurationsdatei mailcow.conf anpassen.","title":"Firewall & Ports"},{"location":"de/prerequisite/prerequisite-system/#standard-ports","text":"Wenn Sie eine Firewall vor mailcow haben, stellen Sie bitte sicher, dass diese Ports f\u00fcr eingehende Verbindungen offen sind: Dienst Protokoll Port Container Variable Postfix SMTP TCP 25 postfix-mailcow ${SMTP_PORT} Postfix SMTPS TCP 465 postfix-mailcow ${SMTPS_PORT} Postfix Submission TCP 587 postfix-mailcow ${SUBMISSION_PORT} Dovecot IMAP TCP 143 dovecot-mailcow ${IMAP_PORT} Dovecot IMAPS TCP 993 dovecot-mailcow ${IMAPS_PORT} Dovecot POP3 TCP 110 dovecot-mailcow ${POP_PORT} Dovecot POP3S TCP 995 dovecot-mailcow ${POPS_PORT} Dovecot ManageSieve TCP 4190 dovecot-mailcow ${SIEVE_PORT} HTTP(S) TCP 80/443 nginx-mailcow ${HTTP_PORT} / ${HTTPS_PORT} Um einen Dienst an eine IP-Adresse zu binden, k\u00f6nnen Sie die IP-Adresse wie folgt voranstellen: SMTP_PORT=1.2.3.4:25 Wichtig : Sie k\u00f6nnen keine IP:PORT-Bindungen in HTTP_PORT und HTTPS_PORT verwenden. Bitte verwenden Sie stattdessen HTTP_PORT=1234 und HTTP_BIND=1.2.3.4 .","title":"Standard Ports"},{"location":"de/prerequisite/prerequisite-system/#wichtig-fur-hetzner-firewalls","text":"Ich zitiere https://github.com/chermsen \u00fcber https://github.com/mailcow/mailcow-dockerized/issues/497#issuecomment-469847380 (DANKE!): F\u00fcr alle, die mit der Hetzner-Firewall zu k\u00e4mpfen haben: Port 53 ist in diesem Fall f\u00fcr die Firewall-Konfiguration unwichtig. Laut Dokumentation verwendet unbound den Portbereich 1024-65535 f\u00fcr ausgehende Anfragen. Da es sich bei der Hetzner Robot Firewall um eine statische Firewall handelt (jedes eingehende Paket wird isoliert gepr\u00fcft) - m\u00fcssen die folgenden Regeln angewendet werden: F\u00fcr TCP SRC-IP: --- DST-IP: --- SRC-Port: --- DST-Port: 1024-65535 Protokoll: tcp TCP-Flags: ack Aktion: Akzeptieren F\u00fcr UDP SRC-IP: --- DST-IP: --- SRC-Port: --- DST-Port: 1024-65535 Protokoll: udp Aktion: Akzeptieren Wenn man einen restriktiveren Portbereich anwenden will, muss man zuerst die Konfiguration von unbound \u00e4ndern (nach der Installation): {mailcow-dockerized}/data/conf/unbound/unbound.conf: ausgehender-Port-vermeiden: 0-32767 Nun k\u00f6nnen die Firewall-Regeln wie folgt angepasst werden: [...] DST Port: 32768-65535 [...]","title":"Wichtig f\u00fcr Hetzner Firewalls"},{"location":"de/prerequisite/prerequisite-system/#datum-und-uhrzeit","text":"Um sicherzustellen, dass Sie das richtige Datum und die richtige Zeit auf Ihrem System eingestellt haben, \u00fcberpr\u00fcfen Sie bitte die Ausgabe von timedatectl status : $ timedatectl status Lokale Zeit: Sat 2017-05-06 02:12:33 CEST Weltzeit: Sa 2017-05-06 00:12:33 UTC RTC-Zeit: Sa 2017-05-06 00:12:32 Zeitzone: Europa/Berlin (MESZ, +0200) NTP aktiviert: ja NTP synchronisiert: ja RTC in lokaler TZ: nein Sommerzeit aktiv: ja Letzte DST-\u00c4nderung: Sommerzeit begann am Sonne 2017-03-26 01:59:59 MEZ So 2017-03-26 03:00:00 MESZ N\u00e4chste Sommerzeit\u00e4nderung: Die Sommerzeit endet (die Uhr springt eine Stunde r\u00fcckw\u00e4rts) am Sun 2017-10-29 02:59:59 MESZ Sun 2017-10-29 02:00:00 MEZ Die Zeilen NTP aktiviert: ja und NTP synchronisiert: ja zeigen an, ob Sie NTP aktiviert haben und ob es synchronisiert ist. Um NTP zu aktivieren, m\u00fcssen Sie den Befehl timedatectl set-ntp true ausf\u00fchren. Sie m\u00fcssen auch Ihre /etc/systemd/timesyncd.conf bearbeiten: # vim /etc/systemd/timesyncd.conf [Zeit] NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org","title":"Datum und Uhrzeit"},{"location":"de/prerequisite/prerequisite-system/#hetzner-cloud-und-wahrscheinlich-andere","text":"Pr\u00fcfen Sie /etc/network/interfaces.d/50-cloud-init.cfg und \u00e4ndern Sie die IPv6-Schnittstelle von eth0:0 auf eth0: # Falsch: auto eth0:0 iface eth0:0 inet6 static # Richtig: auto eth0 iface eth0 inet6 static Starten Sie die Schnittstelle neu, um die Einstellungen zu \u00fcbernehmen. Sie k\u00f6nnen au\u00dferdem die cloud-init Netzwerk\u00e4nderungen deaktivieren.","title":"Hetzner Cloud (und wahrscheinlich andere)"},{"location":"de/prerequisite/prerequisite-system/#mtu","text":"Besonders relevant f\u00fcr OpenStack-Benutzer: \u00dcberpr\u00fcfen Sie Ihre MTU und setzen Sie sie entsprechend in docker-compose.yml. Siehe Problebehandlungen in unseren Installationsanleitungen.","title":"MTU"},{"location":"de/third_party/borgmatic/third_party-borgmatic/","text":"Borgmatic Backup \u00b6 Einf\u00fchrung \u00b6 Borgmatic ist ein gro\u00dfartiger Weg, um Backups auf Ihrem Mailcow-Setup durchzuf\u00fchren, da es Ihre Daten sicher verschl\u00fcsselt und extrem einfach zu einzurichten. Aufgrund seiner Deduplizierungsf\u00e4higkeiten k\u00f6nnen Sie eine gro\u00dfe Anzahl von Backups speichern, ohne gro\u00dfe Mengen an Speicherplatz zu verschwenden. So k\u00f6nnen Sie Backups in sehr kurzen Abst\u00e4nden durchf\u00fchren, um einen minimalen Datenverlust zu gew\u00e4hrleisten, wenn die Notwendigkeit besteht Daten aus einer Sicherung wiederherzustellen. Dieses Dokument f\u00fchrt Sie durch den Prozess zur Aktivierung kontinuierlicher Backups f\u00fcr mailcow mit borgmatic. Die borgmatic Funktionalit\u00e4t wird durch das borgmatic Docker Image bereitgestellt. Schauen Sie sich die README in diesem Repository, um mehr \u00fcber die anderen Optionen (wie z.B. Push-Benachrichtigungen) zu erfahren, die verf\u00fcgbar sind. Diese Anleitung behandelt nur die Grundlagen. Einrichten von borgmatic \u00b6 Erstellen oder \u00e4ndern Sie docker-compose.override.yml \u00b6 Im mailcow-dockerized Stammverzeichnis erstellen oder bearbeiten Sie docker-compose.override.yml und f\u00fcgen Sie die folgende Konfiguration ein: version : '2.1' services : borgmatic-mailcow : image : ghcr.io/borgmatic-collective/borgmatic hostname : mailcow restart : always dns : ${IPV4_NETWORK:-172.22.1}.254 volumes : - vmail-vol-1:/mnt/source/vmail:ro - crypt-vol-1:/mnt/source/crypt:ro - redis-vol-1:/mnt/source/redis:ro,z - rspamd-vol-1:/mnt/source/rspamd:ro,z - postfix-vol-1:/mnt/source/postfix:ro,z - mysql-socket-vol-1:/var/run/mysqld/:z - borg-config-vol-1:/root/.config/borg:Z - borg-cache-vol-1:/root/.cache/borg:Z - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z - ./data/conf/borgmatic/ssh:/root/.ssh:Z environment : - TZ=${TZ} - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere networks : mailcow-network : aliases : - borgmatic volumes : borg-cache-vol-1 : borg-config-vol-1 : Stellen Sie sicher, dass Sie die BORG_PASSPHRASE in eine sichere Passphrase Ihrer Wahl \u00e4ndern. Aus Sicherheitsgr\u00fcnden mounten wir das maildir als schreibgesch\u00fctzt. Wenn Sie sp\u00e4ter Daten wiederherstellen wollen, m\u00fcssen Sie das ro -Flag entfernen, bevor Sie die Daten wiederherstellen. Dies wird im Abschnitt \u00fcber die Wiederherstellung von Backups beschrieben. Erstellen Sie data/conf/borgmatic/etc/config.yaml \u00b6 Als n\u00e4chstes m\u00fcssen wir die borgmatic-Konfiguration erstellen. source mailcow.conf cat < data/conf/borgmatic/etc/config.yaml location: source_directories: - /mnt/source repositories: - ssh://user@rsync.net:22/./mailcow exclude_patterns: - '/mnt/source/postfix/public/' - '/mnt/source/postfix/private/' - '/mnt/source/rspamd/rspamd.sock' retention: keep_hourly: 24 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 prefix: \"\" hooks: mysql_databases: - name: ${DBNAME} username: ${DBUSER} password: ${DBPASS} options: --default-character-set=utf8mb4 EOF Das Erstellen der Datei auf diese Weise stellt sicher, dass die korrekten MySQL-Zugangsdaten aus mailcow.conf \u00fcbernommen werden. Diese Datei ist ein minimales Beispiel f\u00fcr die Verwendung von borgmatic mit einem Konto user beim Cloud-Speicheranbieter rsync.net f\u00fcr ein Repository namens mailcow (siehe repositories Einstellung). Es wird sowohl das maildir als auch die MySQL-Datenbank sichern, was alles ist was alles ist, was Sie brauchen, um Ihr mailcow Setup nach einem Vorfall wiederherzustellen. Die Aufbewahrungseinstellungen werden ein Archiv f\u00fcr jede Stunde der letzten 24 Stunden, eines pro Tag der Woche, eines pro Woche des Monats und eines pro Monat des letzten halben Jahr. Schauen Sie in der borgmatic Dokumentation nach, wie Sie andere Arten von Repositories oder Konfigurationsoptionen. Wenn Sie ein lokales Dateisystem als Backup-Ziel verwenden, stellen Sie sicher, dass Sie es in den Container einbinden. Der Container definiert zu diesem Zweck ein Volume namens /mnt/borg-repository . Note Wenn Sie rsync.net nicht verwenden, k\u00f6nnen Sie wahrscheinlich das Element remote_path aus Ihrer Konfiguration streichen. Erstellen Sie einen crontab \u00b6 Erstellen Sie eine neue Textdatei in data/conf/borgmatic/etc/crontab.txt mit folgendem Inhalt: 14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1 Diese Datei erwartet eine crontab-Syntax. Das hier gezeigte Beispiel veranlasst das Backup, jede Stunde um 14 Minuten nach nach der vollen Stunde auszuf\u00fchren und am Ende einige nette Statistiken zu protokollieren. SSH-Schl\u00fcssel in Ordner ablegen \u00b6 Legen Sie die SSH-Schl\u00fcssel, die Sie f\u00fcr entfernte Repository-Verbindungen verwenden wollen, in data/conf/borgmatic/ssh ab. OpenSSH erwartet die \u00fcbliche id_rsa , id_ed25519 oder \u00e4hnliches in diesem Verzeichnis zu finden. Stellen Sie sicher, dass die Datei chmod 600 ist und nicht von der Welt gelesen werden kann oder OpenSSH wird sich weigern, den SSH-Schl\u00fcssel zu benutzen. Den Container hochfahren \u00b6 F\u00fcr den n\u00e4chsten Schritt m\u00fcssen wir den Container in einem konfigurierten Zustand hochfahren und laufen lassen. Um das zu tun, f\u00fchren Sie aus: docker compose up -d Wiederherstellung von einem Backup \u00b6 Das Wiederherstellen eines Backups setzt voraus, dass Sie mit einer neuen Installation von mailcow beginnen, und dass Sie derzeit keine keine benutzerdefinierten Daten in ihrem maildir oder ihrer mailcow Datenbank. Wiederherstellen von maildir \u00b6 Warning Dies wird Dateien in Ihrem maildir \u00fcberschreiben! F\u00fchren Sie dies nicht aus, es sei denn, Sie beabsichtigen tats\u00e4chlich, Mail Dateien von einem Backup wiederherzustellen. Wenn Sie SELinux im Erzwingungsmodus verwenden Wenn Sie mailcow auf einem Host mit SELinux im Enforcing-Modus verwenden, m\u00fcssen Sie es vor\u00fcbergehend deaktivieren w\u00e4hrend w\u00e4hrend der Extraktion des Archivs vor\u00fcbergehend deaktivieren, da das Mailcow-Setup das vmail-Volumen als privat kennzeichnet, das ausschlie\u00dflich dem Dovecot-Container ausschlie\u00dflich. SELinux wird (berechtigterweise) jeden anderen Container, wie z.B. den borgmatic Container, daran hindern, auf dieses Volume zu schreiben. Bevor Sie eine Wiederherstellung durchf\u00fchren, m\u00fcssen Sie das vmail-Volume in docker-compose.override.yml beschreibbar machen, indem Sie das das ro -Flag aus dem Volume entfernen. Dann k\u00f6nnen Sie den folgenden Befehl verwenden, um das Maildir aus einem Backup wiederherzustellen: docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest Alternativ k\u00f6nnen Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verf\u00fcgbaren Archive ) MySQL wiederherstellen \u00b6 Warning Die Ausf\u00fchrung dieses Befehls l\u00f6scht und erstellt die mailcow-Datenbank neu! F\u00fchren sie diesen Befehl nicht aus, es sei denn sie beabsichtigen, die mailcow-Datenbank von einem Backup wiederherzustellen. Um die MySQL-Datenbank aus dem letzten Archiv wiederherzustellen, verwenden Sie diesen Befehl: docker compose exec borgmatic-mailcow borgmatic restore --archive latest Alternativ k\u00f6nnen Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verf\u00fcgbaren Archive ) Nach der Wiederherstellung \u00b6 Nach der Wiederherstellung m\u00fcssen Sie mailcow neu starten. Wenn Sie den SELinux-Erzwingungsmodus deaktiviert haben, w\u00e4re jetzt ein guter Zeitpunkt, um ihn wieder zu aktivieren. Um mailcow neu zu starten, verwenden Sie den folgenden Befehl: docker compose down && docker compose up -d Wenn Sie SELinux verwenden, werden dadurch auch alle Dateien in Ihrem vmail-Volume neu benannt. Seien Sie geduldig, denn dies kann eine Weile dauern kann, wenn Sie viele Dateien haben. N\u00fctzliche Befehle \u00b6 Manueller Archivierungslauf (mit Debugging-Ausgabe) \u00b6 docker compose exec borgmatic-mailcow borgmatic -v 2 Auflistung aller verf\u00fcgbaren Archive \u00b6 docker compose exec borgmatic-mailcow borgmatic list Sperre aufheben \u00b6 Wenn borg w\u00e4hrend eines Archivierungslaufs unterbrochen wird, hinterl\u00e4sst es eine veraltete Sperre, die gel\u00f6scht werden muss, bevor neue Operationen durchgef\u00fchrt werden k\u00f6nnen: docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist. Jetzt w\u00e4re ein guter Zeitpunkt, einen manuellen Archivierungslauf durchzuf\u00fchren, um sicherzustellen, dass er erfolgreich durchgef\u00fchrt werden kann. Exportieren von Schl\u00fcsseln \u00b6 Wenn Sie eine der keyfile -Methoden zur Verschl\u00fcsselung verwenden, M\u00dcSSEN Sie sich selbst um die Sicherung der Schl\u00fcsseldateien k\u00fcmmern. Die Schl\u00fcsseldateien werden erzeugt, wenn Sie das Repository initialisieren. Die repokey -Methoden speichern die Schl\u00fcsseldatei innerhalb des Repository, so dass eine manuelle Sicherung nicht so wichtig ist. Beachten Sie, dass Sie in beiden F\u00e4llen auch die Passphrase haben m\u00fcssen, um die Archive zu entschl\u00fcsseln. Um die keyfile zu holen, f\u00fchren Sie aus: docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.","title":"Borgmatic-Sicherung"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#einfuhrung","text":"Borgmatic ist ein gro\u00dfartiger Weg, um Backups auf Ihrem Mailcow-Setup durchzuf\u00fchren, da es Ihre Daten sicher verschl\u00fcsselt und extrem einfach zu einzurichten. Aufgrund seiner Deduplizierungsf\u00e4higkeiten k\u00f6nnen Sie eine gro\u00dfe Anzahl von Backups speichern, ohne gro\u00dfe Mengen an Speicherplatz zu verschwenden. So k\u00f6nnen Sie Backups in sehr kurzen Abst\u00e4nden durchf\u00fchren, um einen minimalen Datenverlust zu gew\u00e4hrleisten, wenn die Notwendigkeit besteht Daten aus einer Sicherung wiederherzustellen. Dieses Dokument f\u00fchrt Sie durch den Prozess zur Aktivierung kontinuierlicher Backups f\u00fcr mailcow mit borgmatic. Die borgmatic Funktionalit\u00e4t wird durch das borgmatic Docker Image bereitgestellt. Schauen Sie sich die README in diesem Repository, um mehr \u00fcber die anderen Optionen (wie z.B. Push-Benachrichtigungen) zu erfahren, die verf\u00fcgbar sind. Diese Anleitung behandelt nur die Grundlagen.","title":"Einf\u00fchrung"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#einrichten-von-borgmatic","text":"","title":"Einrichten von borgmatic"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#erstellen-oder-andern-sie-docker-composeoverrideyml","text":"Im mailcow-dockerized Stammverzeichnis erstellen oder bearbeiten Sie docker-compose.override.yml und f\u00fcgen Sie die folgende Konfiguration ein: version : '2.1' services : borgmatic-mailcow : image : ghcr.io/borgmatic-collective/borgmatic hostname : mailcow restart : always dns : ${IPV4_NETWORK:-172.22.1}.254 volumes : - vmail-vol-1:/mnt/source/vmail:ro - crypt-vol-1:/mnt/source/crypt:ro - redis-vol-1:/mnt/source/redis:ro,z - rspamd-vol-1:/mnt/source/rspamd:ro,z - postfix-vol-1:/mnt/source/postfix:ro,z - mysql-socket-vol-1:/var/run/mysqld/:z - borg-config-vol-1:/root/.config/borg:Z - borg-cache-vol-1:/root/.cache/borg:Z - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z - ./data/conf/borgmatic/ssh:/root/.ssh:Z environment : - TZ=${TZ} - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere networks : mailcow-network : aliases : - borgmatic volumes : borg-cache-vol-1 : borg-config-vol-1 : Stellen Sie sicher, dass Sie die BORG_PASSPHRASE in eine sichere Passphrase Ihrer Wahl \u00e4ndern. Aus Sicherheitsgr\u00fcnden mounten wir das maildir als schreibgesch\u00fctzt. Wenn Sie sp\u00e4ter Daten wiederherstellen wollen, m\u00fcssen Sie das ro -Flag entfernen, bevor Sie die Daten wiederherstellen. Dies wird im Abschnitt \u00fcber die Wiederherstellung von Backups beschrieben.","title":"Erstellen oder \u00e4ndern Sie docker-compose.override.yml"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#erstellen-sie-dataconfborgmaticetcconfigyaml","text":"Als n\u00e4chstes m\u00fcssen wir die borgmatic-Konfiguration erstellen. source mailcow.conf cat < data/conf/borgmatic/etc/config.yaml location: source_directories: - /mnt/source repositories: - ssh://user@rsync.net:22/./mailcow exclude_patterns: - '/mnt/source/postfix/public/' - '/mnt/source/postfix/private/' - '/mnt/source/rspamd/rspamd.sock' retention: keep_hourly: 24 keep_daily: 7 keep_weekly: 4 keep_monthly: 6 prefix: \"\" hooks: mysql_databases: - name: ${DBNAME} username: ${DBUSER} password: ${DBPASS} options: --default-character-set=utf8mb4 EOF Das Erstellen der Datei auf diese Weise stellt sicher, dass die korrekten MySQL-Zugangsdaten aus mailcow.conf \u00fcbernommen werden. Diese Datei ist ein minimales Beispiel f\u00fcr die Verwendung von borgmatic mit einem Konto user beim Cloud-Speicheranbieter rsync.net f\u00fcr ein Repository namens mailcow (siehe repositories Einstellung). Es wird sowohl das maildir als auch die MySQL-Datenbank sichern, was alles ist was alles ist, was Sie brauchen, um Ihr mailcow Setup nach einem Vorfall wiederherzustellen. Die Aufbewahrungseinstellungen werden ein Archiv f\u00fcr jede Stunde der letzten 24 Stunden, eines pro Tag der Woche, eines pro Woche des Monats und eines pro Monat des letzten halben Jahr. Schauen Sie in der borgmatic Dokumentation nach, wie Sie andere Arten von Repositories oder Konfigurationsoptionen. Wenn Sie ein lokales Dateisystem als Backup-Ziel verwenden, stellen Sie sicher, dass Sie es in den Container einbinden. Der Container definiert zu diesem Zweck ein Volume namens /mnt/borg-repository . Note Wenn Sie rsync.net nicht verwenden, k\u00f6nnen Sie wahrscheinlich das Element remote_path aus Ihrer Konfiguration streichen.","title":"Erstellen Sie data/conf/borgmatic/etc/config.yaml"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#erstellen-sie-einen-crontab","text":"Erstellen Sie eine neue Textdatei in data/conf/borgmatic/etc/crontab.txt mit folgendem Inhalt: 14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1 Diese Datei erwartet eine crontab-Syntax. Das hier gezeigte Beispiel veranlasst das Backup, jede Stunde um 14 Minuten nach nach der vollen Stunde auszuf\u00fchren und am Ende einige nette Statistiken zu protokollieren.","title":"Erstellen Sie einen crontab"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#ssh-schlussel-in-ordner-ablegen","text":"Legen Sie die SSH-Schl\u00fcssel, die Sie f\u00fcr entfernte Repository-Verbindungen verwenden wollen, in data/conf/borgmatic/ssh ab. OpenSSH erwartet die \u00fcbliche id_rsa , id_ed25519 oder \u00e4hnliches in diesem Verzeichnis zu finden. Stellen Sie sicher, dass die Datei chmod 600 ist und nicht von der Welt gelesen werden kann oder OpenSSH wird sich weigern, den SSH-Schl\u00fcssel zu benutzen.","title":"SSH-Schl\u00fcssel in Ordner ablegen"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#den-container-hochfahren","text":"F\u00fcr den n\u00e4chsten Schritt m\u00fcssen wir den Container in einem konfigurierten Zustand hochfahren und laufen lassen. Um das zu tun, f\u00fchren Sie aus: docker compose up -d","title":"Den Container hochfahren"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#wiederherstellung-von-einem-backup","text":"Das Wiederherstellen eines Backups setzt voraus, dass Sie mit einer neuen Installation von mailcow beginnen, und dass Sie derzeit keine keine benutzerdefinierten Daten in ihrem maildir oder ihrer mailcow Datenbank.","title":"Wiederherstellung von einem Backup"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#wiederherstellen-von-maildir","text":"Warning Dies wird Dateien in Ihrem maildir \u00fcberschreiben! F\u00fchren Sie dies nicht aus, es sei denn, Sie beabsichtigen tats\u00e4chlich, Mail Dateien von einem Backup wiederherzustellen. Wenn Sie SELinux im Erzwingungsmodus verwenden Wenn Sie mailcow auf einem Host mit SELinux im Enforcing-Modus verwenden, m\u00fcssen Sie es vor\u00fcbergehend deaktivieren w\u00e4hrend w\u00e4hrend der Extraktion des Archivs vor\u00fcbergehend deaktivieren, da das Mailcow-Setup das vmail-Volumen als privat kennzeichnet, das ausschlie\u00dflich dem Dovecot-Container ausschlie\u00dflich. SELinux wird (berechtigterweise) jeden anderen Container, wie z.B. den borgmatic Container, daran hindern, auf dieses Volume zu schreiben. Bevor Sie eine Wiederherstellung durchf\u00fchren, m\u00fcssen Sie das vmail-Volume in docker-compose.override.yml beschreibbar machen, indem Sie das das ro -Flag aus dem Volume entfernen. Dann k\u00f6nnen Sie den folgenden Befehl verwenden, um das Maildir aus einem Backup wiederherzustellen: docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest Alternativ k\u00f6nnen Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verf\u00fcgbaren Archive )","title":"Wiederherstellen von maildir"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#mysql-wiederherstellen","text":"Warning Die Ausf\u00fchrung dieses Befehls l\u00f6scht und erstellt die mailcow-Datenbank neu! F\u00fchren sie diesen Befehl nicht aus, es sei denn sie beabsichtigen, die mailcow-Datenbank von einem Backup wiederherzustellen. Um die MySQL-Datenbank aus dem letzten Archiv wiederherzustellen, verwenden Sie diesen Befehl: docker compose exec borgmatic-mailcow borgmatic restore --archive latest Alternativ k\u00f6nnen Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verf\u00fcgbaren Archive )","title":"MySQL wiederherstellen"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#nach-der-wiederherstellung","text":"Nach der Wiederherstellung m\u00fcssen Sie mailcow neu starten. Wenn Sie den SELinux-Erzwingungsmodus deaktiviert haben, w\u00e4re jetzt ein guter Zeitpunkt, um ihn wieder zu aktivieren. Um mailcow neu zu starten, verwenden Sie den folgenden Befehl: docker compose down && docker compose up -d Wenn Sie SELinux verwenden, werden dadurch auch alle Dateien in Ihrem vmail-Volume neu benannt. Seien Sie geduldig, denn dies kann eine Weile dauern kann, wenn Sie viele Dateien haben.","title":"Nach der Wiederherstellung"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#nutzliche-befehle","text":"","title":"N\u00fctzliche Befehle"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#manueller-archivierungslauf-mit-debugging-ausgabe","text":"docker compose exec borgmatic-mailcow borgmatic -v 2","title":"Manueller Archivierungslauf (mit Debugging-Ausgabe)"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#auflistung-aller-verfugbaren-archive","text":"docker compose exec borgmatic-mailcow borgmatic list","title":"Auflistung aller verf\u00fcgbaren Archive"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#sperre-aufheben","text":"Wenn borg w\u00e4hrend eines Archivierungslaufs unterbrochen wird, hinterl\u00e4sst es eine veraltete Sperre, die gel\u00f6scht werden muss, bevor neue Operationen durchgef\u00fchrt werden k\u00f6nnen: docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist. Jetzt w\u00e4re ein guter Zeitpunkt, einen manuellen Archivierungslauf durchzuf\u00fchren, um sicherzustellen, dass er erfolgreich durchgef\u00fchrt werden kann.","title":"Sperre aufheben"},{"location":"de/third_party/borgmatic/third_party-borgmatic/#exportieren-von-schlusseln","text":"Wenn Sie eine der keyfile -Methoden zur Verschl\u00fcsselung verwenden, M\u00dcSSEN Sie sich selbst um die Sicherung der Schl\u00fcsseldateien k\u00fcmmern. Die Schl\u00fcsseldateien werden erzeugt, wenn Sie das Repository initialisieren. Die repokey -Methoden speichern die Schl\u00fcsseldatei innerhalb des Repository, so dass eine manuelle Sicherung nicht so wichtig ist. Beachten Sie, dass Sie in beiden F\u00e4llen auch die Passphrase haben m\u00fcssen, um die Archive zu entschl\u00fcsseln. Um die keyfile zu holen, f\u00fchren Sie aus: docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.","title":"Exportieren von Schl\u00fcsseln"},{"location":"de/third_party/checkmk/u_e-checkmk/","text":"Mailcow bietet mittels dem eigenen Update-Script die M\u00f6glichkeit zu pr\u00fcfen ob Updates vorhanden sind. Sofern mailcow-Updates mittels checkmk abgefragt werden soll, kann man im local -Verzeichnis des checkmk-Agents (normalerweise /usr/lib/check_mk_agent/local/ ) eine ausf\u00fchrbare Datei mit dem Namen mailcow_update und nachfolgendem Inhalt erstellen: #!/bin/bash cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null status=$? if [ $status -eq 3 ]; then echo \"0 \\\"mailcow_update\\\" mailcow_update=0;1;;0;1 No updates available.\" elif [ $status -eq 0 ]; then echo \"1 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\" else echo \"3 \\\"mailcow_update\\\" - Unknown output from update script ...\" fi exit Sofern das mailcow-Installationsverzeichnis nicht /opt/ ist, ist das in der 2. Zeile anzupassen. Danach f\u00fcr den mailcow-Host in checkmk die Services neu inventarisieren und es sollte ein neuer Check mit Namen mailcow_update ausw\u00e4hlbar sein. Der Check mailcow_update wird jedes Mal ausgef\u00fchrt, wenn der checkmk Agent den mailcow Server \u00fcberpr\u00fcft. Sie k\u00f6nnen das Ergebnis zwischenspeichern, indem Sie das Skript in einem Unterordner mit dem Namen der Anzahl von Sekunden ablegen, f\u00fcr die Sie es zwischenspeichern m\u00f6chten. \\ /usr/lib/check_mk_agent/local/3600/ speichert die Antwort f\u00fcr 3600 Sekunden (1 Stunde). Screenshots \u00b6 Keine Updates verf\u00fcgbar \u00b6 Sofern keine Updates vorhanden sind, wird OK ausgegeben. Neue Updates verf\u00fcgbar \u00b6 Sofern Updates vorhanden sind, wird WARN ausgegeben. Sollte stattdessen CRIT gew\u00fcnscht sein, ist die 7. Zeile durch folgendes zu ersetzen: echo \"2 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\" Detailierter Check-Output \u00b6 Hier wird ein Link zu den GitHub Commits von mailcow ausgegeben, sofern Updates verf\u00fcgbar sind. Metriken werden ebenfalls ausgegeben (nicht nur bei vorhandenen Updates): 0 = Keine Updates verf\u00fcgbar 1 = Neue Updates verf\u00fcgbar","title":"CheckMK"},{"location":"de/third_party/checkmk/u_e-checkmk/#keine-updates-verfugbar","text":"Sofern keine Updates vorhanden sind, wird OK ausgegeben.","title":"Keine Updates verf\u00fcgbar"},{"location":"de/third_party/checkmk/u_e-checkmk/#neue-updates-verfugbar","text":"Sofern Updates vorhanden sind, wird WARN ausgegeben. Sollte stattdessen CRIT gew\u00fcnscht sein, ist die 7. Zeile durch folgendes zu ersetzen: echo \"2 \\\"mailcow_update\\\" mailcow_update=1;1;;0;1 Updated code is available.\\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master\"","title":"Neue Updates verf\u00fcgbar"},{"location":"de/third_party/checkmk/u_e-checkmk/#detailierter-check-output","text":"Hier wird ein Link zu den GitHub Commits von mailcow ausgegeben, sofern Updates verf\u00fcgbar sind. Metriken werden ebenfalls ausgegeben (nicht nur bei vorhandenen Updates): 0 = Keine Updates verf\u00fcgbar 1 = Neue Updates verf\u00fcgbar","title":"Detailierter Check-Output"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/","text":"Die Verwendung von Microsoft Exchange in einem hybriden Setup ist mit mailcow m\u00f6glich. Mit diesem Setup k\u00f6nnen Sie Postf\u00e4cher auf Ihrer mailcow hinzuf\u00fcgen und trotzdem Exchange Online Protection nutzen. Alle Postf\u00e4cher, die in Exchange eingerichtet sind, erhalten ihre Mails wie gewohnt , w\u00e4hrend mit dem hybriden Ansatz zus\u00e4tzliche Postf\u00e4cher in mailcow ohne weitere Konfiguration eingerichtet werden k\u00f6nnen. Dieses Setup ist sehr praktisch, wenn Sie die Office 365 Sicherheitsvorgaben aktiviert haben und Anwendungen von Drittanbietern sich nicht mehr in Ihre Postf\u00e4cher mit einer der unterst\u00fctzten Methoden einloggen k\u00f6nnen. Voraussetzungen \u00b6 Der mx Record Ihrer Domain muss auf den Exchange Mail Service zeigen. Melden Sie sich in Ihrem Admin-Center an und suchen Sie in den DNS-Einstellungen Ihrer Dom\u00e4ne nach Ihrer personalisierten Gateway-Dom\u00e4ne. Sie sollte wie folgt aussehen: contoso-com.mail.protection.outlook.com . Wenden Sie sich an Ihren Domainregistrator, um weitere Informationen zur \u00c4nderung des mx-Eintrags zu erhalten. Die Dom\u00e4ne, f\u00fcr die Sie zus\u00e4tzliche Postf\u00e4cher haben m\u00f6chten, muss in Exchange als \"Interne Relay-Dom\u00e4ne\" eingerichtet werden. Melden Sie sich bei Ihrem Exchange Admin Center an. W\u00e4hlen Sie den Bereich \"Mailflow\" und klicken Sie auf \"Akzeptierte Dom\u00e4nen\". W\u00e4hlen Sie die Dom\u00e4ne aus und schalten Sie sie von \"autorisiert\" auf \"internes Relais\" um. Einrichten der Mailcow \u00b6 Ihre Mailcow muss alle Mails an Ihren personalisierten Exchange Host weiterleiten. Es ist die gleiche Host-Adresse, die wir bereits f\u00fcr den mx Record gesucht haben. F\u00fcgen Sie die Domain zu Ihrer Mailcow hinzu F\u00fcgen Sie Ihre personalisierte Exchange Host Adresse als relayhost hinzu F\u00fcgen Sie Ihre personalisierte Exchange Host Adresse als Weiterleitungshost hinzu, um alle weitergeleiteten Mails von Exchange bedingungslos zu akzeptieren. (Admin > Konfiguration & Details > Konfigurations-Dropdown > Weiterleitungshosts) Gehen Sie zu den Dom\u00e4neneinstellungen und w\u00e4hlen Sie den neu hinzugef\u00fcgten Host in der Dropdown-Liste \"Absenderabh\u00e4ngige Transporte\" aus. Aktivieren Sie die Weiterleitung, indem Sie die Kontrollk\u00e4stchen \"Diese Dom\u00e4ne weiterleiten\", \"Alle Empf\u00e4nger weiterleiten\" und \"Nur nicht vorhandene Postf\u00e4cher weiterleiten\" aktivieren. Info Von nun an wird Ihre Mailcow alle Mails akzeptieren, die von Exchange weitergeleitet werden. Die Eingangsfilterung und damit das neuronale Lernen Ihrer Kuh wird nicht mehr funktionieren . Da alle Mails \u00fcber Exchange geroutet werden, wird der Filterungsprozess dort abgewickelt . Connectors in Exchange einrichten \u00b6 Der gesamte Mailverkehr l\u00e4uft nun \u00fcber Exchange. Zu diesem Zeitpunkt filtert der Exchange Online-Schutz bereits alle ein- und ausgehenden Mails. Jetzt m\u00fcssen wir zwei Konnektoren einrichten, um eingehende Mails von unserem Exchange Service an die Mailcow weiterzuleiten und einen weiteren, um Mails zuzulassen, die von der Mailcow an unseren Exchange Service weitergeleitet werden. Sie k\u00f6nnen der [offiziellen Anleitung von Microsoft] folgen ( https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#2-set-up-a-connector-from-microsoft-365-or-office-365-to-your-email-server ). Warning F\u00fcr den Connector, der die Mails von Ihrer Mailcow zu Exchange weiterleitet, bietet Microsoft zwei M\u00f6glichkeiten der Authentifizierung an. Der empfohlene Weg ist die Verwendung eines tls-Zertifikats, das mit einem Subject-Namen konfiguriert ist, der mit einer akzeptierten Dom\u00e4ne in Exchange \u00fcbereinstimmt. Andernfalls m\u00fcssen Sie die Authentifizierung mit der statischen IP-Adresse Ihrer Mailcow w\u00e4hlen. Validierung \u00b6 Der einfachste Weg, die hybride Einrichtung zu \u00fcberpr\u00fcfen, ist das Senden einer Mail aus dem Internet an eine Mailbox, die nur auf der Mailcow existiert und andersherum. Allgemeine Probleme \u00b6 Die Validierung des Connectors von Exchange zu Ihrer Mailcow schlug fehl mit 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup M\u00f6gliche L\u00f6sung: Ihre Dom\u00e4ne ist nicht als \"internes Relay\" eingerichtet. Exchange kann daher den Empf\u00e4nger nicht finden. Mails, die von der Mailcow an eine Mailbox im Internet gesendet werden, k\u00f6nnen nicht zugestellt werden. Non Delivery Report mit Fehler 550 5.7.64 TenantAttribution; Relay Access Denied M\u00f6gliche L\u00f6sung: Die Authentifizierungsmethode ist fehlgeschlagen. Stellen Sie sicher, dass der Betreff des Zertifikats mit einer akzeptierten Dom\u00e4ne in Exchange \u00fcbereinstimmt. Versuchen Sie stattdessen die Authentifizierung \u00fcber eine statische IP. Microsoft-Anleitung f\u00fcr die Einrichtung des Connectors und zus\u00e4tzliche Anforderungen: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment","title":"Exchange Hybrid Setup"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/#voraussetzungen","text":"Der mx Record Ihrer Domain muss auf den Exchange Mail Service zeigen. Melden Sie sich in Ihrem Admin-Center an und suchen Sie in den DNS-Einstellungen Ihrer Dom\u00e4ne nach Ihrer personalisierten Gateway-Dom\u00e4ne. Sie sollte wie folgt aussehen: contoso-com.mail.protection.outlook.com . Wenden Sie sich an Ihren Domainregistrator, um weitere Informationen zur \u00c4nderung des mx-Eintrags zu erhalten. Die Dom\u00e4ne, f\u00fcr die Sie zus\u00e4tzliche Postf\u00e4cher haben m\u00f6chten, muss in Exchange als \"Interne Relay-Dom\u00e4ne\" eingerichtet werden. Melden Sie sich bei Ihrem Exchange Admin Center an. W\u00e4hlen Sie den Bereich \"Mailflow\" und klicken Sie auf \"Akzeptierte Dom\u00e4nen\". W\u00e4hlen Sie die Dom\u00e4ne aus und schalten Sie sie von \"autorisiert\" auf \"internes Relais\" um.","title":"Voraussetzungen"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/#einrichten-der-mailcow","text":"Ihre Mailcow muss alle Mails an Ihren personalisierten Exchange Host weiterleiten. Es ist die gleiche Host-Adresse, die wir bereits f\u00fcr den mx Record gesucht haben. F\u00fcgen Sie die Domain zu Ihrer Mailcow hinzu F\u00fcgen Sie Ihre personalisierte Exchange Host Adresse als relayhost hinzu F\u00fcgen Sie Ihre personalisierte Exchange Host Adresse als Weiterleitungshost hinzu, um alle weitergeleiteten Mails von Exchange bedingungslos zu akzeptieren. (Admin > Konfiguration & Details > Konfigurations-Dropdown > Weiterleitungshosts) Gehen Sie zu den Dom\u00e4neneinstellungen und w\u00e4hlen Sie den neu hinzugef\u00fcgten Host in der Dropdown-Liste \"Absenderabh\u00e4ngige Transporte\" aus. Aktivieren Sie die Weiterleitung, indem Sie die Kontrollk\u00e4stchen \"Diese Dom\u00e4ne weiterleiten\", \"Alle Empf\u00e4nger weiterleiten\" und \"Nur nicht vorhandene Postf\u00e4cher weiterleiten\" aktivieren. Info Von nun an wird Ihre Mailcow alle Mails akzeptieren, die von Exchange weitergeleitet werden. Die Eingangsfilterung und damit das neuronale Lernen Ihrer Kuh wird nicht mehr funktionieren . Da alle Mails \u00fcber Exchange geroutet werden, wird der Filterungsprozess dort abgewickelt .","title":"Einrichten der Mailcow"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/#connectors-in-exchange-einrichten","text":"Der gesamte Mailverkehr l\u00e4uft nun \u00fcber Exchange. Zu diesem Zeitpunkt filtert der Exchange Online-Schutz bereits alle ein- und ausgehenden Mails. Jetzt m\u00fcssen wir zwei Konnektoren einrichten, um eingehende Mails von unserem Exchange Service an die Mailcow weiterzuleiten und einen weiteren, um Mails zuzulassen, die von der Mailcow an unseren Exchange Service weitergeleitet werden. Sie k\u00f6nnen der [offiziellen Anleitung von Microsoft] folgen ( https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#2-set-up-a-connector-from-microsoft-365-or-office-365-to-your-email-server ). Warning F\u00fcr den Connector, der die Mails von Ihrer Mailcow zu Exchange weiterleitet, bietet Microsoft zwei M\u00f6glichkeiten der Authentifizierung an. Der empfohlene Weg ist die Verwendung eines tls-Zertifikats, das mit einem Subject-Namen konfiguriert ist, der mit einer akzeptierten Dom\u00e4ne in Exchange \u00fcbereinstimmt. Andernfalls m\u00fcssen Sie die Authentifizierung mit der statischen IP-Adresse Ihrer Mailcow w\u00e4hlen.","title":"Connectors in Exchange einrichten"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/#validierung","text":"Der einfachste Weg, die hybride Einrichtung zu \u00fcberpr\u00fcfen, ist das Senden einer Mail aus dem Internet an eine Mailbox, die nur auf der Mailcow existiert und andersherum.","title":"Validierung"},{"location":"de/third_party/exchange_onprem/third_party-exchange_onprem/#allgemeine-probleme","text":"Die Validierung des Connectors von Exchange zu Ihrer Mailcow schlug fehl mit 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup M\u00f6gliche L\u00f6sung: Ihre Dom\u00e4ne ist nicht als \"internes Relay\" eingerichtet. Exchange kann daher den Empf\u00e4nger nicht finden. Mails, die von der Mailcow an eine Mailbox im Internet gesendet werden, k\u00f6nnen nicht zugestellt werden. Non Delivery Report mit Fehler 550 5.7.64 TenantAttribution; Relay Access Denied M\u00f6gliche L\u00f6sung: Die Authentifizierungsmethode ist fehlgeschlagen. Stellen Sie sicher, dass der Betreff des Zertifikats mit einer akzeptierten Dom\u00e4ne in Exchange \u00fcbereinstimmt. Versuchen Sie stattdessen die Authentifizierung \u00fcber eine statische IP. Microsoft-Anleitung f\u00fcr die Einrichtung des Connectors und zus\u00e4tzliche Anforderungen: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment","title":"Allgemeine Probleme"},{"location":"de/third_party/gitea/third_party-gitea/","text":"Mit der F\u00e4higkeit von Gitea, sich \u00fcber SMTP zu authentifizieren, ist es trivial, es mit mailcow zu integrieren. Es sind nur wenige \u00c4nderungen erforderlich: 1. \u00d6ffnen Sie docker-compose.override.yml und f\u00fcgen Sie Gitea hinzu: version: '2.1' services: gitea-mailcow: image: gitea/gitea:1 volumes: - ./data/gitea:/data networks: mailcow-network: aliases: - gitea ports: - \"${GITEA_SSH_PORT:-127.0.0.1:4000}:22\" 2. Erstellen Sie data/conf/nginx/site.gitea.custom , f\u00fcgen Sie folgendes hinzu: location /gitea/ { proxy_pass http://gitea:3000/; } 3. \u00d6ffne mailcow.conf und definiere den Port Bind, den Gitea f\u00fcr SSH verwenden soll. Beispiel: GITEA_SSH_PORT=127.0.0.1:4000 5. F\u00fchren Sie docker compose up -d aus, um den Gitea-Container hochzufahren und f\u00fchren Sie anschlie\u00dfend docker compose restart nginx-mailcow aus. 6. Wenn Sie mailcow zu https gezwungen haben, f\u00fchren Sie Schritt 9 aus und starten Sie gitea mit docker compose restart gitea-mailcow neu. Fahren Sie mit Schritt 7 fort (Denken Sie daran, https anstelle von http zu verwenden, https://mx.example.org/gitea/ 7. \u00d6ffnen Sie http://${MAILCOW_HOSTNAME}/gitea/ , zum Beispiel http://mx.example.org/gitea/ . F\u00fcr die Datenbankdetails stellen Sie mysql als Datenbankhost ein. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort. 8. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie \"Einstellungen\" -> \"Autorisierung\" -> \"SMTP aktivieren\". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify , da wir ein nicht gelistetes SAN verwenden (\"postfix\" ist h\u00f6chstwahrscheinlich nicht Teil Ihres Zertifikats). 9. Erstellen Sie data/gitea/gitea/conf/app.ini und setzen Sie die folgenden Werte. Sie k\u00f6nnen gitea cheat sheet, leider bisher nur in Englisch verf\u00fcgbar f\u00fcr deren Bedeutung und andere m\u00f6gliche Werte konsultieren. [server] SSH_LISTEN_PORT = 22 # F\u00fcr GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen: SSH_DOMAIN = 127.0.0.1 SSH_PORT = 4000 # F\u00fcr MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports f\u00fcr HTTPS), setzen: ROOT_URL = https://mx.example.org/gitea/ 10. Starten Sie gitea neu mit docker compose restart gitea-mailcow . Ihre Nutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten anzumelden.","title":"Gitea"},{"location":"de/third_party/gogs/third_party-gogs/","text":"Mit Gogs' F\u00e4higkeit, sich \u00fcber SMTP zu authentifizieren, ist es einfach, es mit mailcow zu verbinden. Es sind nur wenige \u00c4nderungen erforderlich: 1. \u00d6ffne docker-compose.override.yml und f\u00fcge Gogs hinzu: version: '2.1' services: gogs-mailcow: image: gogs/gogs volumes: - ./data/gogs:/data networks: mailcow-network: aliases: - gogs ports: - \"${GOGS_SSH_PORT:-127.0.0.1:4000}:22\" 2. Erstelle data/conf/nginx/site.gogs.custom , f\u00fcge hinzu: location /gogs/ { proxy_pass http://gogs:3000/; } 3. \u00d6ffne mailcow.conf und definiere die Bindung, die Gogs f\u00fcr SSH verwenden soll. Beispiel: GOGS_SSH_PORT=127.0.0.1:4000 5. F\u00fchren Sie docker compose up -d aus, um den Gogs-Container hochzufahren und f\u00fchren Sie anschlie\u00dfend docker compose restart nginx-mailcow aus. 6. \u00d6ffnen Sie http://${MAILCOW_HOSTNAME}/gogs/ , zum Beispiel http://mx.example.org/gogs/ . F\u00fcr Datenbank-Details setzen Sie mysql als Datenbank-Host. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort. 7. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie \"Einstellungen\" -> \"Autorisierung\" -> \"SMTP aktivieren\". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify , da wir ein nicht gelistetes SAN verwenden (\"postfix\" ist h\u00f6chstwahrscheinlich nicht Teil Ihres Zertifikats). 8. Erstellen Sie data/gogs/gogs/conf/app.ini und setzen Sie die folgenden Werte. Sie k\u00f6nnen Gogs cheat sheet f\u00fcr ihre Bedeutung und andere m\u00f6gliche Werte konsultieren. [server] SSH_LISTEN_PORT = 22 # F\u00fcr GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen: SSH_DOMAIN = 127.0.0.1 SSH_PORT = 4000 # F\u00fcr MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports f\u00fcr HTTPS), setzen: ROOT_URL = https://mx.example.org/gogs/ 9. Starten Sie Gogs neu mit docker compose restart gogs-mailcow . Ihre Benutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten einzuloggen.","title":"Gogs"},{"location":"de/third_party/mailman3/third_party-mailman3/","text":"Installation von mailcow und Mailman 3 auf der Basis von dockerisierten Versionen \u00b6 Info Diese Anleitung ist eine Kopie von dockerized-mailcow-mailman . Bitte posten Sie Probleme, Fragen und Verbesserungen in den issue tracker dort. Warning mailcow ist nicht verantwortlich f\u00fcr Datenverlust, Hardwaresch\u00e4den oder kaputte Tastaturen. Diese Anleitung kommt ohne jegliche Garantie. Macht Backups bevor ihr anfangt, Kein Backup kein Mitleid! Einleitung \u00b6 Diese Anleitung zielt darauf ab, mailcow-dockerized mit [docker-mailman] ( https://github.com/maxking/docker-mailman ) zu installieren und zu konfigurieren und einige n\u00fctzliche Skripte bereitzustellen. Eine wesentliche Bedingung ist, dass mailcow und Mailman in ihren eigenen Installationen f\u00fcr unabh\u00e4ngige Updates erhalten bleiben. Es gibt einige Anleitungen und Projekte im Internet, aber sie sind nicht auf dem neuesten Stand und/oder unvollst\u00e4ndig in der Dokumentation oder Konfiguration. Diese Anleitung basiert auf der Arbeit von: mailcow-mailman3-dockerized von Shadowghost mailman-mailcow-integration Nach Beendigung dieser Anleitung werden mailcow-dockerized und docker-mailman laufen und Apache als Reverse-Proxy wird die Web-Frontends bedienen. Das verwendete Betriebssystem ist ein Ubuntu 20.04 LTS . Installation \u00b6 Diese Anleitung basiert auf verschiedenen Schritten: DNS-Einrichtung Installieren Sie Apache als Reverse Proxy Beziehen Sie SSL-Zertifikate mit Let's Encrypt . Installieren Sie mailcow mit Mailman Integration Installieren Sie Mailman . \ud83c\udfc3 Ausf\u00fchren DNS-Einrichtung \u00b6 Der gr\u00f6\u00dfte Teil der Konfiguration ist in mailcow s DNS Konfiguration enthalten. Nachdem diese Einrichtung abgeschlossen ist, f\u00fcgen Sie eine weitere Subdomain f\u00fcr Mailman hinzu, z.B. lists.example.org , die auf denselben Server zeigt: # Name Typ Wert lists IN A 1.2.3.4 lists IN AAAA dead:beef Installieren Sie Apache als Reverse Proxy \u00b6 Installieren Sie Apache , z.B. mit dieser Anleitung von Digital Ocean : How To Install the Apache Web Server on Ubuntu 20.04 (Englisch) . Aktivieren Sie bestimmte Apache Module (als root oder sudo ): a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2 M\u00f6glicherweise m\u00fcssen Sie weitere Pakete installieren, um diese Module zu erhalten. Dieses PPA von Ond\u0159ej Sur\u00fd k\u00f6nnte Ihnen helfen. vHost-Konfiguration \u00b6 Kopieren Sie die mailcow.conf und die mailman.conf in den Apache conf Ordner sites-available (z.B. unter /etc/apache2/sites-available ). \u00c4nderung in mailcow.conf : - MAILCOW_HOSTNAME zu Ihrem MAILCOW_HOSTNAME \u00c4nderung in mailman.conf : - MAILMAN_DOMAIN in Ihre Mailman -Domain (z.B. Lists.example.org ) **Aktivieren Sie die Konfiguration noch nicht, da die ssl-Zertifikate und Verzeichnisse noch fehlen. Beziehen Sie SSL-Zertifikate mit Let's Encrypt . \u00b6 Pr\u00fcfen Sie, ob Ihre DNS-Konfiguration \u00fcber das Internet verf\u00fcgbar ist und auf die richtigen IP-Adressen zeigt, z.B. mit MXToolBox : https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN Installieren Sie certbot (als root oder sudo ): apt install certbot Holen Sie sich die gew\u00fcnschten Zertifikate (als root oder sudo ): certbot certonly -d mailcow_HOSTNAME certbot certonly -d MAILMAN_DOMAIN Installieren Sie mailcow mit Mailman Integration \u00b6 Installieren Sie mailcow \u00b6 Folgen Sie der mailcow installation . Schritt 5 auslassen und nicht mit docker compose starten! Mailcow konfigurieren \u00b6 Dies ist auch Schritt 4 in der offiziellen mailcow-Installation ( nano mailcow.conf ). Passen Sie also Ihre Bed\u00fcrfnisse an und \u00e4ndern Sie die folgenden Variablen: HTTP_PORT=18080 # verwenden Sie nicht 8080, da mailman es braucht HTTP_BIND=127.0.0.1 # HTTPS_PORT=18443 # Sie k\u00f6nnen 8443 verwenden HTTPS_BIND=127.0.0.1 # # HTTPS_BIND=127.0.0.1 SKIP_LETS_ENCRYPT=y # Der Reverse Proxy wird die SSL-Verifizierung durchf\u00fchren SNAT_TO_SOURCE=1.2.3.4 # \u00e4ndern Sie dies in Ihre IPv4 SNAT6_TO_SOURCE=dead:beef # \u00c4ndern Sie dies in Ihre globale IPv6 Mailman-Integration hinzuf\u00fcgen \u00b6 Erstelle die Datei /opt/mailcow-dockerized/docker-compose.override.yml (z.B. mit nano ) und f\u00fcge die folgenden Zeilen hinzu: version: '2.1' services: postfix-mailcow: volumes: - /opt/mailman:/opt/mailman networks: - docker-mailman_mailman networks: docker-mailman_mailman: external: true Das zus\u00e4tzliche Volume wird von Mailman verwendet, um zus\u00e4tzliche Konfigurationsdateien f\u00fcr mailcow postfix zu generieren. Das externe Netzwerk wird von Mailman erstellt und verwendet. mailcow ben\u00f6tigt es, um eingehende Listenmails an Mailman zu liefern. Erstellen Sie die Datei /opt/mailcow-dockerized/data/conf/postfix/extra.cf (z.B. mit nano ) und f\u00fcgen Sie die folgenden Zeilen hinzu: # mailman recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no local_recipient_maps = regexp:/opt/mailman/core/var/data/postfix_lmtp, proxy:unix:passwd.byname, $alias_maps virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre, pcre:/opt/postfix/conf/local_transport, proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf, regexp:/opt/mailman/core/var/data/postfix_domains relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp Da wir hier die mailcow postfix Konfiguration \u00fcberschreiben, kann dieser Schritt Ihre normalen Mailtransporte unterbrechen. \u00dcberpr\u00fcfen Sie die originalen Konfigurationsdateien , wenn sich etwas ge\u00e4ndert hat. SSL-Zertifikate \u00b6 Da wir mailcow als Proxy verwenden, m\u00fcssen wir die SSL-Zertifikate in die mailcow -Dateistruktur kopieren. Diese Aufgabe wird das Skript renew-ssl.sh f\u00fcr uns erledigen: Kopieren Sie die Datei nach /opt/mailcow-dockerized \u00c4ndere mailcow_HOSTNAME in deinen mailcow Hostnamen Machen Sie es ausf\u00fchrbar ( chmod a+x renew-ssl.sh ) Noch nicht ausf\u00fchren, da wir zuerst Mailman ben\u00f6tigen Sie m\u00fcssen einen cronjob erstellen, so dass neue Zertifikate kopiert werden. F\u00fchren Sie ihn als root oder sudo aus: crontab -e Um das Skript jeden Tag um 5 Uhr morgens laufen zu lassen, f\u00fcgen Sie hinzu: 0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh Installieren Sie Mailman . \u00b6 Befolgen Sie im Wesentlichen die Anweisungen unter docker-mailman . Da sie sehr umfangreich sind, ist hier in aller K\u00fcrze beschrieben, was zu tun ist: Als root oder sudo : cd /opt mkdir -p mailman/core mkdir -p mailman/web git clone https://github.com/maxking/docker-mailman cd docker-mailman Mailman konfigurieren \u00b6 Erstellen Sie einen langen Schl\u00fcssel f\u00fcr Hyperkitty , z.B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie diesen Schl\u00fcssel vorerst als HYPERKITTY_KEY. Erstellen Sie ein langes Passwort f\u00fcr die Datenbank, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie dieses Passwort zun\u00e4chst als DBPASS. Erstellen Sie einen langen Schl\u00fcssel f\u00fcr Django , z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie diesen Schl\u00fcssel f\u00fcr einen Moment als DJANGO_KEY. Erstellen Sie die Datei /opt/docker-mailman/docker compose.override.yaml und ersetzen Sie HYPERKITTY_KEY , DBPASS und DJANGO_KEY durch die generierten Werte: version: '2' services: mailman-core: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - MTA=postfix restart: always networks: - mailman mailman-web: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - SECRET_KEY=DJANGO_KEY - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org - MAILMAN_ADMIN_USER=admin # the admin user - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static restart: always database: environment: - POSTGRES_PASSWORD=DBPASS restart: always Bei mailman-web geben Sie die korrekten Werte f\u00fcr SERVE_FROM_DOMAIN (z.B. lists.example.org ), MAILMAN_ADMIN_USER und MAILMAN_ADMIN_EMAIL ein. Sie ben\u00f6tigen die Admin-Zugangsdaten, um sich in der Web-Oberfl\u00e4che ( Pistorius ) anzumelden. Um das Passwort zum ersten Mal zu setzen, verwenden Sie die Funktion Passwort vergessen im Webinterface. \u00dcber andere Konfigurationsoptionen lesen Sie die Dokumentationen Mailman-web und Mailman-core . Konfigurieren Sie Mailman core und Mailman web \u00b6 Erstellen Sie die Datei /opt/mailman/core/mailman-extra.cfg mit dem folgenden Inhalt. mailman@example.org sollte auf ein g\u00fcltiges Postfach oder eine Umleitung verweisen. [mailman] default_language: de site_owner: mailman@example.org Erstellen Sie die Datei /opt/mailman/web/settings_local.py mit dem folgenden Inhalt. mailman@example.org sollte auf ein g\u00fcltiges Postfach oder eine Umleitung verweisen. # Gebietsschema LANGUAGE_CODE = 'de-de' # soziale Authentifizierung deaktivieren MAILMAN_WEB_SOCIAL_AUTH = [] # \u00e4ndern DEFAULT_FROM_EMAIL = 'mailman@example.org' DEBUG = False Sie k\u00f6nnen LANGUAGE_CODE und SOCIALACCOUNT_PROVIDERS an Ihre Bed\u00fcrfnisse anpassen. \ud83c\udfc3 Ausf\u00fchren \u00b6 Ausf\u00fchren (als root oder sudo ) a2ensite mailcow.conf a2ensite mailman.conf systemctl restart apache2 cd /opt/docker-mailman docker compose pull docker compose up -d cd /opt/mailcow-dockerized/ docker compose pull ./renew-ssl.sh Warten Sie ein paar Minuten! Die Container m\u00fcssen ihre Datenbanken und Konfigurationsdateien erstellen. Dies kann bis zu 1 Minute und mehr dauern. Bemerkungen \u00b6 Neue Listen werden von Postfix nicht sofort erkannt \u00b6 Wenn man eine neue Liste anlegt und versucht, sofort eine E-Mail zu versenden, antwortet postfix mit Benutzer existiert nicht , weil postfix die Liste noch nicht an Mailman \u00fcbergeben hat. Die Konfiguration unter /opt/mailman/core/var/data/postfix_lmtp wird nicht sofort aktualisiert. Wenn Sie die Liste sofort ben\u00f6tigen, starten Sie postifx manuell neu: cd /opt/mailcow-dockerized docker compose restart postfix-mailcow Update \u00b6 mailcow hat sein eigenes Update-Skript in /opt/mailcow-dockerized/update.sh , siehe die Dokumentation . F\u00fcr Mailman holen Sie sich einfach die neueste Version aus dem github repository . Sicherung \u00b6 mailcow hat ein eigenes Backup-Skript. Lies die Docs f\u00fcr weitere Informationen. Mailman gibt keine Backup-Anweisungen in der README.md an. Im gitbucket von pgollor befindet sich ein Skript, das hilfreich sein k\u00f6nnte. ToDo \u00b6 Skript installieren \u00b6 Schreiben Sie ein Skript wie in mailman-mailcow-integration/mailman-install.sh , da viele der Schritte automatisierbar sind. Fragen Sie alle Konfigurationsvariablen ab und erstellen Sie Passw\u00f6rter und Schl\u00fcssel. F\u00fchren Sie eine (halb)automatische Installation durch. Viel Spa\u00df!","title":"Mailman 3"},{"location":"de/third_party/mailman3/third_party-mailman3/#installation-von-mailcow-und-mailman-3-auf-der-basis-von-dockerisierten-versionen","text":"Info Diese Anleitung ist eine Kopie von dockerized-mailcow-mailman . Bitte posten Sie Probleme, Fragen und Verbesserungen in den issue tracker dort. Warning mailcow ist nicht verantwortlich f\u00fcr Datenverlust, Hardwaresch\u00e4den oder kaputte Tastaturen. Diese Anleitung kommt ohne jegliche Garantie. Macht Backups bevor ihr anfangt, Kein Backup kein Mitleid!","title":"Installation von mailcow und Mailman 3 auf der Basis von dockerisierten Versionen"},{"location":"de/third_party/mailman3/third_party-mailman3/#einleitung","text":"Diese Anleitung zielt darauf ab, mailcow-dockerized mit [docker-mailman] ( https://github.com/maxking/docker-mailman ) zu installieren und zu konfigurieren und einige n\u00fctzliche Skripte bereitzustellen. Eine wesentliche Bedingung ist, dass mailcow und Mailman in ihren eigenen Installationen f\u00fcr unabh\u00e4ngige Updates erhalten bleiben. Es gibt einige Anleitungen und Projekte im Internet, aber sie sind nicht auf dem neuesten Stand und/oder unvollst\u00e4ndig in der Dokumentation oder Konfiguration. Diese Anleitung basiert auf der Arbeit von: mailcow-mailman3-dockerized von Shadowghost mailman-mailcow-integration Nach Beendigung dieser Anleitung werden mailcow-dockerized und docker-mailman laufen und Apache als Reverse-Proxy wird die Web-Frontends bedienen. Das verwendete Betriebssystem ist ein Ubuntu 20.04 LTS .","title":"Einleitung"},{"location":"de/third_party/mailman3/third_party-mailman3/#installation","text":"Diese Anleitung basiert auf verschiedenen Schritten: DNS-Einrichtung Installieren Sie Apache als Reverse Proxy Beziehen Sie SSL-Zertifikate mit Let's Encrypt . Installieren Sie mailcow mit Mailman Integration Installieren Sie Mailman . \ud83c\udfc3 Ausf\u00fchren","title":"Installation"},{"location":"de/third_party/mailman3/third_party-mailman3/#dns-einrichtung","text":"Der gr\u00f6\u00dfte Teil der Konfiguration ist in mailcow s DNS Konfiguration enthalten. Nachdem diese Einrichtung abgeschlossen ist, f\u00fcgen Sie eine weitere Subdomain f\u00fcr Mailman hinzu, z.B. lists.example.org , die auf denselben Server zeigt: # Name Typ Wert lists IN A 1.2.3.4 lists IN AAAA dead:beef","title":"DNS-Einrichtung"},{"location":"de/third_party/mailman3/third_party-mailman3/#installieren-sie-apache-als-reverse-proxy","text":"Installieren Sie Apache , z.B. mit dieser Anleitung von Digital Ocean : How To Install the Apache Web Server on Ubuntu 20.04 (Englisch) . Aktivieren Sie bestimmte Apache Module (als root oder sudo ): a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2 M\u00f6glicherweise m\u00fcssen Sie weitere Pakete installieren, um diese Module zu erhalten. Dieses PPA von Ond\u0159ej Sur\u00fd k\u00f6nnte Ihnen helfen.","title":"Installieren Sie Apache als Reverse Proxy"},{"location":"de/third_party/mailman3/third_party-mailman3/#vhost-konfiguration","text":"Kopieren Sie die mailcow.conf und die mailman.conf in den Apache conf Ordner sites-available (z.B. unter /etc/apache2/sites-available ). \u00c4nderung in mailcow.conf : - MAILCOW_HOSTNAME zu Ihrem MAILCOW_HOSTNAME \u00c4nderung in mailman.conf : - MAILMAN_DOMAIN in Ihre Mailman -Domain (z.B. Lists.example.org ) **Aktivieren Sie die Konfiguration noch nicht, da die ssl-Zertifikate und Verzeichnisse noch fehlen.","title":"vHost-Konfiguration"},{"location":"de/third_party/mailman3/third_party-mailman3/#beziehen-sie-ssl-zertifikate-mit-lets-encrypt","text":"Pr\u00fcfen Sie, ob Ihre DNS-Konfiguration \u00fcber das Internet verf\u00fcgbar ist und auf die richtigen IP-Adressen zeigt, z.B. mit MXToolBox : https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN Installieren Sie certbot (als root oder sudo ): apt install certbot Holen Sie sich die gew\u00fcnschten Zertifikate (als root oder sudo ): certbot certonly -d mailcow_HOSTNAME certbot certonly -d MAILMAN_DOMAIN","title":"Beziehen Sie SSL-Zertifikate mit Let's Encrypt."},{"location":"de/third_party/mailman3/third_party-mailman3/#installieren-sie-mailcow-mit-mailman-integration","text":"","title":"Installieren Sie mailcow mit Mailman Integration"},{"location":"de/third_party/mailman3/third_party-mailman3/#installieren-sie-mailcow","text":"Folgen Sie der mailcow installation . Schritt 5 auslassen und nicht mit docker compose starten!","title":"Installieren Sie mailcow"},{"location":"de/third_party/mailman3/third_party-mailman3/#mailcow-konfigurieren","text":"Dies ist auch Schritt 4 in der offiziellen mailcow-Installation ( nano mailcow.conf ). Passen Sie also Ihre Bed\u00fcrfnisse an und \u00e4ndern Sie die folgenden Variablen: HTTP_PORT=18080 # verwenden Sie nicht 8080, da mailman es braucht HTTP_BIND=127.0.0.1 # HTTPS_PORT=18443 # Sie k\u00f6nnen 8443 verwenden HTTPS_BIND=127.0.0.1 # # HTTPS_BIND=127.0.0.1 SKIP_LETS_ENCRYPT=y # Der Reverse Proxy wird die SSL-Verifizierung durchf\u00fchren SNAT_TO_SOURCE=1.2.3.4 # \u00e4ndern Sie dies in Ihre IPv4 SNAT6_TO_SOURCE=dead:beef # \u00c4ndern Sie dies in Ihre globale IPv6","title":"Mailcow konfigurieren"},{"location":"de/third_party/mailman3/third_party-mailman3/#mailman-integration-hinzufugen","text":"Erstelle die Datei /opt/mailcow-dockerized/docker-compose.override.yml (z.B. mit nano ) und f\u00fcge die folgenden Zeilen hinzu: version: '2.1' services: postfix-mailcow: volumes: - /opt/mailman:/opt/mailman networks: - docker-mailman_mailman networks: docker-mailman_mailman: external: true Das zus\u00e4tzliche Volume wird von Mailman verwendet, um zus\u00e4tzliche Konfigurationsdateien f\u00fcr mailcow postfix zu generieren. Das externe Netzwerk wird von Mailman erstellt und verwendet. mailcow ben\u00f6tigt es, um eingehende Listenmails an Mailman zu liefern. Erstellen Sie die Datei /opt/mailcow-dockerized/data/conf/postfix/extra.cf (z.B. mit nano ) und f\u00fcgen Sie die folgenden Zeilen hinzu: # mailman recipient_delimiter = + unknown_local_recipient_reject_code = 550 owner_request_special = no local_recipient_maps = regexp:/opt/mailman/core/var/data/postfix_lmtp, proxy:unix:passwd.byname, $alias_maps virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp transport_maps = pcre:/opt/postfix/conf/custom_transport.pcre, pcre:/opt/postfix/conf/local_transport, proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf, regexp:/opt/mailman/core/var/data/postfix_domains relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf, regexp:/opt/mailman/core/var/data/postfix_lmtp Da wir hier die mailcow postfix Konfiguration \u00fcberschreiben, kann dieser Schritt Ihre normalen Mailtransporte unterbrechen. \u00dcberpr\u00fcfen Sie die originalen Konfigurationsdateien , wenn sich etwas ge\u00e4ndert hat.","title":"Mailman-Integration hinzuf\u00fcgen"},{"location":"de/third_party/mailman3/third_party-mailman3/#ssl-zertifikate","text":"Da wir mailcow als Proxy verwenden, m\u00fcssen wir die SSL-Zertifikate in die mailcow -Dateistruktur kopieren. Diese Aufgabe wird das Skript renew-ssl.sh f\u00fcr uns erledigen: Kopieren Sie die Datei nach /opt/mailcow-dockerized \u00c4ndere mailcow_HOSTNAME in deinen mailcow Hostnamen Machen Sie es ausf\u00fchrbar ( chmod a+x renew-ssl.sh ) Noch nicht ausf\u00fchren, da wir zuerst Mailman ben\u00f6tigen Sie m\u00fcssen einen cronjob erstellen, so dass neue Zertifikate kopiert werden. F\u00fchren Sie ihn als root oder sudo aus: crontab -e Um das Skript jeden Tag um 5 Uhr morgens laufen zu lassen, f\u00fcgen Sie hinzu: 0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh","title":"SSL-Zertifikate"},{"location":"de/third_party/mailman3/third_party-mailman3/#installieren-sie-mailman","text":"Befolgen Sie im Wesentlichen die Anweisungen unter docker-mailman . Da sie sehr umfangreich sind, ist hier in aller K\u00fcrze beschrieben, was zu tun ist: Als root oder sudo : cd /opt mkdir -p mailman/core mkdir -p mailman/web git clone https://github.com/maxking/docker-mailman cd docker-mailman","title":"Installieren Sie Mailman."},{"location":"de/third_party/mailman3/third_party-mailman3/#mailman-konfigurieren","text":"Erstellen Sie einen langen Schl\u00fcssel f\u00fcr Hyperkitty , z.B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie diesen Schl\u00fcssel vorerst als HYPERKITTY_KEY. Erstellen Sie ein langes Passwort f\u00fcr die Datenbank, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie dieses Passwort zun\u00e4chst als DBPASS. Erstellen Sie einen langen Schl\u00fcssel f\u00fcr Django , z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo . Speichern Sie diesen Schl\u00fcssel f\u00fcr einen Moment als DJANGO_KEY. Erstellen Sie die Datei /opt/docker-mailman/docker compose.override.yaml und ersetzen Sie HYPERKITTY_KEY , DBPASS und DJANGO_KEY durch die generierten Werte: version: '2' services: mailman-core: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - MTA=postfix restart: always networks: - mailman mailman-web: environment: - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb - HYPERKITTY_API_KEY=HYPERKITTY_KEY - TZ=Europe/Berlin - SECRET_KEY=DJANGO_KEY - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org - MAILMAN_ADMIN_USER=admin # the admin user - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static restart: always database: environment: - POSTGRES_PASSWORD=DBPASS restart: always Bei mailman-web geben Sie die korrekten Werte f\u00fcr SERVE_FROM_DOMAIN (z.B. lists.example.org ), MAILMAN_ADMIN_USER und MAILMAN_ADMIN_EMAIL ein. Sie ben\u00f6tigen die Admin-Zugangsdaten, um sich in der Web-Oberfl\u00e4che ( Pistorius ) anzumelden. Um das Passwort zum ersten Mal zu setzen, verwenden Sie die Funktion Passwort vergessen im Webinterface. \u00dcber andere Konfigurationsoptionen lesen Sie die Dokumentationen Mailman-web und Mailman-core .","title":"Mailman konfigurieren"},{"location":"de/third_party/mailman3/third_party-mailman3/#konfigurieren-sie-mailman-core-und-mailman-web","text":"Erstellen Sie die Datei /opt/mailman/core/mailman-extra.cfg mit dem folgenden Inhalt. mailman@example.org sollte auf ein g\u00fcltiges Postfach oder eine Umleitung verweisen. [mailman] default_language: de site_owner: mailman@example.org Erstellen Sie die Datei /opt/mailman/web/settings_local.py mit dem folgenden Inhalt. mailman@example.org sollte auf ein g\u00fcltiges Postfach oder eine Umleitung verweisen. # Gebietsschema LANGUAGE_CODE = 'de-de' # soziale Authentifizierung deaktivieren MAILMAN_WEB_SOCIAL_AUTH = [] # \u00e4ndern DEFAULT_FROM_EMAIL = 'mailman@example.org' DEBUG = False Sie k\u00f6nnen LANGUAGE_CODE und SOCIALACCOUNT_PROVIDERS an Ihre Bed\u00fcrfnisse anpassen.","title":"Konfigurieren Sie Mailman core und Mailman web"},{"location":"de/third_party/mailman3/third_party-mailman3/#ausfuhren","text":"Ausf\u00fchren (als root oder sudo ) a2ensite mailcow.conf a2ensite mailman.conf systemctl restart apache2 cd /opt/docker-mailman docker compose pull docker compose up -d cd /opt/mailcow-dockerized/ docker compose pull ./renew-ssl.sh Warten Sie ein paar Minuten! Die Container m\u00fcssen ihre Datenbanken und Konfigurationsdateien erstellen. Dies kann bis zu 1 Minute und mehr dauern.","title":"\ud83c\udfc3 Ausf\u00fchren"},{"location":"de/third_party/mailman3/third_party-mailman3/#bemerkungen","text":"","title":"Bemerkungen"},{"location":"de/third_party/mailman3/third_party-mailman3/#neue-listen-werden-von-postfix-nicht-sofort-erkannt","text":"Wenn man eine neue Liste anlegt und versucht, sofort eine E-Mail zu versenden, antwortet postfix mit Benutzer existiert nicht , weil postfix die Liste noch nicht an Mailman \u00fcbergeben hat. Die Konfiguration unter /opt/mailman/core/var/data/postfix_lmtp wird nicht sofort aktualisiert. Wenn Sie die Liste sofort ben\u00f6tigen, starten Sie postifx manuell neu: cd /opt/mailcow-dockerized docker compose restart postfix-mailcow","title":"Neue Listen werden von Postfix nicht sofort erkannt"},{"location":"de/third_party/mailman3/third_party-mailman3/#update","text":"mailcow hat sein eigenes Update-Skript in /opt/mailcow-dockerized/update.sh , siehe die Dokumentation . F\u00fcr Mailman holen Sie sich einfach die neueste Version aus dem github repository .","title":"Update"},{"location":"de/third_party/mailman3/third_party-mailman3/#sicherung","text":"mailcow hat ein eigenes Backup-Skript. Lies die Docs f\u00fcr weitere Informationen. Mailman gibt keine Backup-Anweisungen in der README.md an. Im gitbucket von pgollor befindet sich ein Skript, das hilfreich sein k\u00f6nnte.","title":"Sicherung"},{"location":"de/third_party/mailman3/third_party-mailman3/#skript-installieren","text":"Schreiben Sie ein Skript wie in mailman-mailcow-integration/mailman-install.sh , da viele der Schritte automatisierbar sind. Fragen Sie alle Konfigurationsvariablen ab und erstellen Sie Passw\u00f6rter und Schl\u00fcssel. F\u00fchren Sie eine (halb)automatische Installation durch. Viel Spa\u00df!","title":"Skript installieren"},{"location":"de/third_party/mailpiler/third_party-mailpiler_integration/","text":"Dies ist eine einfache Integration von mailcow-Aliasen und dem Mailbox-Namen in mailpiler bei Verwendung von IMAP-Authentifizierung. Disclaimer : Dies wird weder offiziell vom mailcow-Projekt noch von seinen Mitwirkenden gepflegt oder unterst\u00fctzt. Es wird keine Garantie oder Unterst\u00fctzung angeboten, jedoch steht es Ihnen frei, Themen auf GitHub zu \u00f6ffnen, um einen Fehler zu melden oder weitere Ideen zu liefern. GitHub Repo kann hier gefunden werden . Info Die Unterst\u00fctzung f\u00fcr Domain Wildcards wurde in Piler 1.3.10 implementiert, das am 03.01.2021 ver\u00f6ffentlicht wurde. Fr\u00fchere Versionen funktionieren grunds\u00e4tzlich, aber nach dem Einloggen sehen Sie keine E-Mails, die von oder an den Domain-Alias gesendet werden. (z.B. wenn @example.com ein Alias f\u00fcr admin@example.com ist) Das zu l\u00f6sende Problem \u00b6 mailpiler bietet die Authentifizierung auf Basis von IMAP an, zum Beispiel: $config['ENABLE_IMAP_AUTH'] = 1; $config['IMAP_HOST'] = 'mail.example.com'; $config['IMAP_PORT'] = 993; $config['IMAP_SSL'] = true; Wenn Sie sich also mit patrik@example.com anmelden, sehen Sie nur zugestellte E-Mails, die von oder an diese spezielle E-Mail-Adresse gesendet wurden. Wenn zus\u00e4tzliche Aliase in mailcow definiert werden, wie z.B. team@example.com , werden Sie keine Emails sehen, die an oder von dieser Email-Adresse gesendet wurden, auch wenn Sie ein Empf\u00e4nger von Emails sind, die an diese Alias-Adresse gesendet wurden. Indem wir uns in den Authentifizierungsprozess von mailpiler einklinken, sind wir in der Lage, die erforderlichen Daten \u00fcber die mailcow API w\u00e4hrend des Logins zu erhalten. Dies l\u00f6st API-Anfragen an die mailcow-API aus (die einen Nur-Lese-API-Zugang erfordern), um die Aliase auszulesen, an denen Ihre E-Mail-Adresse teilnimmt, und auch den \"Namen\" des Postfachs, der angegeben wurde, um ihn nach dem Login oben rechts in mailpiler anzuzeigen. Zugelassene E-Mail-Adressen k\u00f6nnen in den Mailpiler-Einstellungen oben rechts nach dem Einloggen eingesehen werden. Info Dies wird nur einmal w\u00e4hrend des Authentifizierungsprozesses abgefragt. Die autorisierten Aliase und der Realname sind f\u00fcr die gesamte Dauer der Benutzersitzung g\u00fcltig, da mailpiler sie in den Sitzungsdaten setzt. Wird ein Benutzer aus einem bestimmten Alias entfernt, so wird dies erst nach dem n\u00e4chsten Login wirksam. Die L\u00f6sung \u00b6 Hinweis: Die Dateipfade k\u00f6nnen je nach Einrichtung variieren. Voraussetzungen \u00b6 Eine funktionierende mailcow-Instanz Eine funktionierende mailpiler Instanz ( Sie finden eine Installationsanleitung hier , \u00fcberpr\u00fcfen Sie unterst\u00fctzte Versionen hier ) Ein mailcow API-Schl\u00fcssel (Nur-Lesen funktioniert): Konfiguration & Details - Zugang - Nur-Lesen-Zugang . Vergessen Sie nicht, den API-Zugang von Ihrer mailpiler IP zu erlauben. Warning Da mailpiler sich gegen\u00fcber mailcow, unserem IMAP-Server, authentifiziert, k\u00f6nnen fehlgeschlagene Logins von Nutzern oder Bots eine Sperre f\u00fcr Ihre mailpiler-Instanz ausl\u00f6sen. Daher sollten Sie in Erw\u00e4gung ziehen, die IP-Adresse der mailpiler-Instanz innerhalb von mailcow auf eine Whitelist zu setzen: Konfiguration & Details - Konfiguration - Fail2ban-Parameter - Whitelisted networks/hosts . Einrichtung \u00b6 Setzen Sie die benutzerdefinierte Abfragefunktion von mailpiler und f\u00fcgen Sie diese an /usr/local/etc/piler/config-site.php an: $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; $config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; include('auth-mailcow.php'); Sie k\u00f6nnen auch den mailcow-Hostnamen \u00e4ndern, falls erforderlich: $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardm\u00e4\u00dfig $config['IMAP_HOST'] Laden Sie die PHP-Datei mit den Funktionen aus dem GitHub Repo herunter: curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php Erledigt! Stellen Sie sicher, dass Sie sich erneut mit Ihren IMAP-Zugangsdaten anmelden, damit die \u00c4nderungen wirksam werden. Wenn es nicht funktioniert, ist h\u00f6chstwahrscheinlich etwas mit der API-Abfrage selbst nicht in Ordnung. Versuchen Sie eine Fehlersuche, indem Sie manuelle API-Anfragen an die API senden. (Tipp: \u00d6ffnen Sie https://mail.domain.tld/api auf Ihrer Instanz)","title":"Mailpiler Integration"},{"location":"de/third_party/mailpiler/third_party-mailpiler_integration/#das-zu-losende-problem","text":"mailpiler bietet die Authentifizierung auf Basis von IMAP an, zum Beispiel: $config['ENABLE_IMAP_AUTH'] = 1; $config['IMAP_HOST'] = 'mail.example.com'; $config['IMAP_PORT'] = 993; $config['IMAP_SSL'] = true; Wenn Sie sich also mit patrik@example.com anmelden, sehen Sie nur zugestellte E-Mails, die von oder an diese spezielle E-Mail-Adresse gesendet wurden. Wenn zus\u00e4tzliche Aliase in mailcow definiert werden, wie z.B. team@example.com , werden Sie keine Emails sehen, die an oder von dieser Email-Adresse gesendet wurden, auch wenn Sie ein Empf\u00e4nger von Emails sind, die an diese Alias-Adresse gesendet wurden. Indem wir uns in den Authentifizierungsprozess von mailpiler einklinken, sind wir in der Lage, die erforderlichen Daten \u00fcber die mailcow API w\u00e4hrend des Logins zu erhalten. Dies l\u00f6st API-Anfragen an die mailcow-API aus (die einen Nur-Lese-API-Zugang erfordern), um die Aliase auszulesen, an denen Ihre E-Mail-Adresse teilnimmt, und auch den \"Namen\" des Postfachs, der angegeben wurde, um ihn nach dem Login oben rechts in mailpiler anzuzeigen. Zugelassene E-Mail-Adressen k\u00f6nnen in den Mailpiler-Einstellungen oben rechts nach dem Einloggen eingesehen werden. Info Dies wird nur einmal w\u00e4hrend des Authentifizierungsprozesses abgefragt. Die autorisierten Aliase und der Realname sind f\u00fcr die gesamte Dauer der Benutzersitzung g\u00fcltig, da mailpiler sie in den Sitzungsdaten setzt. Wird ein Benutzer aus einem bestimmten Alias entfernt, so wird dies erst nach dem n\u00e4chsten Login wirksam.","title":"Das zu l\u00f6sende Problem"},{"location":"de/third_party/mailpiler/third_party-mailpiler_integration/#die-losung","text":"Hinweis: Die Dateipfade k\u00f6nnen je nach Einrichtung variieren.","title":"Die L\u00f6sung"},{"location":"de/third_party/mailpiler/third_party-mailpiler_integration/#voraussetzungen","text":"Eine funktionierende mailcow-Instanz Eine funktionierende mailpiler Instanz ( Sie finden eine Installationsanleitung hier , \u00fcberpr\u00fcfen Sie unterst\u00fctzte Versionen hier ) Ein mailcow API-Schl\u00fcssel (Nur-Lesen funktioniert): Konfiguration & Details - Zugang - Nur-Lesen-Zugang . Vergessen Sie nicht, den API-Zugang von Ihrer mailpiler IP zu erlauben. Warning Da mailpiler sich gegen\u00fcber mailcow, unserem IMAP-Server, authentifiziert, k\u00f6nnen fehlgeschlagene Logins von Nutzern oder Bots eine Sperre f\u00fcr Ihre mailpiler-Instanz ausl\u00f6sen. Daher sollten Sie in Erw\u00e4gung ziehen, die IP-Adresse der mailpiler-Instanz innerhalb von mailcow auf eine Whitelist zu setzen: Konfiguration & Details - Konfiguration - Fail2ban-Parameter - Whitelisted networks/hosts .","title":"Voraussetzungen"},{"location":"de/third_party/mailpiler/third_party-mailpiler_integration/#einrichtung","text":"Setzen Sie die benutzerdefinierte Abfragefunktion von mailpiler und f\u00fcgen Sie diese an /usr/local/etc/piler/config-site.php an: $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; $config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; include('auth-mailcow.php'); Sie k\u00f6nnen auch den mailcow-Hostnamen \u00e4ndern, falls erforderlich: $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardm\u00e4\u00dfig $config['IMAP_HOST'] Laden Sie die PHP-Datei mit den Funktionen aus dem GitHub Repo herunter: curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php Erledigt! Stellen Sie sicher, dass Sie sich erneut mit Ihren IMAP-Zugangsdaten anmelden, damit die \u00c4nderungen wirksam werden. Wenn es nicht funktioniert, ist h\u00f6chstwahrscheinlich etwas mit der API-Abfrage selbst nicht in Ordnung. Versuchen Sie eine Fehlersuche, indem Sie manuelle API-Anfragen an die API senden. (Tipp: \u00d6ffnen Sie https://mail.domain.tld/api auf Ihrer Instanz)","title":"Einrichtung"},{"location":"de/third_party/nextcloud/third_party-nextcloud/","text":"Nextcloud mit dem Helper-Skript verwalten \u00b6 Nextcloud kann mit dem helper script , das in mailcow enthalten ist, eingerichtet (Parameter -i ) und entfernt (Parameter -p ) werden. Um Nextcloud zu installieren, navigieren Sie einfach zu Ihrem mailcow-dockerized Root-Ordner und f\u00fchren Sie das Helper-Skript wie folgt aus: ./helper-scripts/nextcloud.sh -i F\u00fcr den Fall, dass Sie das Passwort (z.B. f\u00fcr admin) vergessen haben und kein neues anfordern k\u00f6nnen [\u00fcber den Passwort-Reset-Link auf dem Login-Bildschirm] ( https://docs.nextcloud.com/server/20/admin_manual/configuration_user/reset_admin_password.html?highlight=reset ), k\u00f6nnen Sie durch den Aufruf des Helper-Skripts mit -r als Parameter ein neues Passwort setzen. Verwenden Sie diese Option nur, wenn Ihre Nextcloud nicht so konfiguriert ist, dass Sie mailcow zur Authentifizierung verwendet, wie im n\u00e4chsten Abschnitt beschrieben. Damit mailcow ein Zertifikat f\u00fcr die Nextcloud Domain generieren kann, muss die Domain unter welcher die Nextcloud sp\u00e4ter erreichbar sein soll als ADDITIONAL_SAN in die mailcow.conf hinzuf\u00fcgt werden und docker compose up -d zur \u00dcbernahme ausgef\u00fchrt werden. F\u00fcr weitere Informationen siehe: Erweitertes SSL . Hintergrund-Aufgaben \u00b6 Zur Verwendung der empfohlenen Einstellung (Cron) zur Verarbeitung der Hintergrund-Aufgaben m\u00fcssen in der docker-compose.override.yml folgende Zeilen hinzugef\u00fcgt werden: version: '2.1' services: php-fpm-mailcow: labels: ofelia.enabled: \"true\" ofelia.job-exec.nextcloud-cron.schedule: \"@every 5m\" ofelia.job-exec.nextcloud-cron.command: \"su www-data -s /bin/bash -c \\\"/usr/local/bin/php -f /web/nextcloud/cron.php\\\"\" Nachdem diese Zeilen hinzugef\u00fcgt wurden muss docker compose up -d ausgef\u00fchrt werden, um das Docker Image mit den entsprechenden Labels zu versehen. Danach muss zudem der docker scheduler neu gestartet werden, um den neuen Job zu registrieren. Dazu wird docker compose restart ofelia-mailcow ausgef\u00fchrt. Zur \u00dcberpr\u00fcfung, ob die ofelia Konfiguration korrekt ist geladen wurde, kann mittels docker compose logs ofelia-mailcow nach einer Zeile mit dem Inhalt New job registered \"nextcloud-cron\" - ... gesucht werden. Hierdurch wird alle 5 Minuten die Hintergrundverarbeitung gestartet. Da die Ausf\u00fchrung selbst keine Ausgabe liefert, kann die korrekte Funktionsweise in den Grundeinstellungen von Nextcloud \u00fcberpr\u00fcft werden. Hier wird automatisch mit der ersten Ausf\u00fchrung die Hintergrund-Aufgaben Verarbeitung auf (X) Cron gesetzt und der Zeitstempel Letzte Aufgabe ausgef\u00fchrt aktualisiert. Konfigurieren Sie Nextcloud, um mailcow f\u00fcr die Authentifizierung zu verwenden \u00b6 Im Folgenden wird beschrieben, wie die Authentifizierung \u00fcber mailcow unter Verwendung des OAuth2-Protokolls eingerichtet wird. Wir nehmen nur an, dass Sie Nextcloud bereits unter cloud.example.com eingerichtet haben und dass Ihre mailcow unter mail.example.com l\u00e4uft. Es spielt keine Rolle, wenn Ihre Nextcloud auf einem anderen Server l\u00e4uft, Sie k\u00f6nnen immer noch mailcow f\u00fcr die Authentifizierung verwenden. 1. Melden Sie sich bei mailcow als Administrator an. 2. Scrollen Sie nach unten zu OAuth2 Apps und klicken Sie auf die Schaltfl\u00e4che Hinzuf\u00fcgen . Geben Sie die Redirect URI als https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow an und klicken Sie auf Hinzuf\u00fcgen . Speichern Sie die Client-ID und das Geheimnis f\u00fcr sp\u00e4ter. Info Einige Installationen, einschlie\u00dflich derer, die mit dem Helper-Skript von mailcow eingerichtet wurden, m\u00fcssen index.php/ aus der URL entfernen, um einen erfolgreichen Redirect zu erhalten: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow 3. Melden Sie sich bei Nextcloud als Administrator an. 4. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Apps . Klicken Sie auf die Schaltfl\u00e4che \"Suchen\" in der Symbolleiste, suchen Sie nach dem Plugin Social Login und klicken Sie daneben auf Herunterladen und aktivieren . 5. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Einstellungen . Scrollen Sie zum Abschnitt Administration auf der linken Seite und klicken Sie auf Social Login . 6. Entfernen Sie das H\u00e4kchen bei den folgenden Punkten: \"Automatische Erstellung neuer Benutzer deaktivieren\" \"Benutzern erlauben, soziale Logins mit ihren Konten zu verbinden\". \"Nicht verf\u00fcgbare Benutzergruppen bei der Anmeldung nicht entfernen\" \"Gruppen automatisch erstellen, wenn sie nicht vorhanden sind\" \"Anmeldung f\u00fcr Benutzer ohne zugeordnete Gruppen einschr\u00e4nken\". 7. \u00dcberpr\u00fcfen Sie die folgenden Punkte: \"Die Erstellung eines Kontos verhindern, wenn die E-Mail-Adresse in einem anderen Konto existiert\" \"Benutzerprofil bei jeder Anmeldung aktualisieren\" \"Benachrichtigung der Administratoren \u00fcber neue Benutzer deaktivieren\". Klicken Sie auf die Schaltfl\u00e4che Speichern . 8. Scrollen Sie nach unten zu Custom OAuth2 und klicken Sie auf die Schaltfl\u00e4che + . 9. Konfigurieren Sie die Parameter wie folgt: Interner Name: Mailcow Titel: Mailcow API Basis-URL: https://mail.example.com Autorisierungs-URL: https://mail.example.com/oauth/authorize Token-URL: https://mail.example.com/oauth/token Profil-URL: https://mail.example.com/oauth/profile Abmelde-URL: (leer lassen) Kunden-ID: (die Sie in Schritt 1 erhalten haben) Client Secret: (was Sie in Schritt 1 erhalten haben) Bereich: Profil Klicken Sie auf die Schaltfl\u00e4che Speichern ganz unten auf der Seite. Wenn Sie bisher Nextcloud mit mailcow-Authentifizierung \u00fcber user_external/IMAP verwendet haben, m\u00fcssen Sie einige zus\u00e4tzliche Schritte durchf\u00fchren, um Ihre bestehenden Benutzerkonten mit OAuth2 zu verkn\u00fcpfen. 1. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Apps . Scrollen Sie nach unten zur App Externe Benutzerauthentifizierung und klicken Sie daneben auf Entfernen . 2. F\u00fchren Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, k\u00f6nnen Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausf\u00fchren): INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users_external; Wenn Sie Nextcloud bisher ohne mailcow-Authentifizierung, aber mit den gleichen Benutzernamen wie mailcow genutzt haben, k\u00f6nnen Sie Ihre bestehenden Benutzerkonten auch mit OAuth2 verkn\u00fcpfen. 1. F\u00fchren Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, k\u00f6nnen Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausf\u00fchren): INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users; Aktualisieren \u00b6 Die Nextcloud-Instanz kann einfach mit dem Web-Update-Mechanismus aktualisiert werden. Bei gr\u00f6\u00dferen Updates k\u00f6nnen nach dem Update weitere \u00c4nderungen vorgenommen werden. Nachdem die Nextcloud-Instanz gepr\u00fcft wurde, werden Probleme angezeigt. Dies k\u00f6nnen z.B. fehlende Indizes in der DB oder \u00e4hnliches sein. Es wird angezeigt, welche Befehle ausgef\u00fchrt werden m\u00fcssen, diese m\u00fcssen im php-fpm-mailcow Container platziert werden. F\u00fchren Sie z.B. folgenden Befehl aus, um die fehlenden Indizes hinzuzuf\u00fcgen docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c \"php /web/nextcloud/occ db:add-missing-indices\" Fehlersuche und Fehlerbehebung \u00b6 Es kann vorkommen, dass Sie die Nextcloud-Instanz von Ihrem Netzwerk aus nicht erreichen k\u00f6nnen. Dies kann daran liegen, dass der Eintrag Ihres Subnetzes im Array 'trusted_proxies' fehlt. Sie k\u00f6nnen \u00c4nderungen in der Nextcloud config.php in data/web/nextcloud/config/* vornehmen. 'trusted_proxies' => array ( 0 => 'fd4d:6169:6c63:6f77::/64', 1 => '172.22.1.0/24', 2 => 'NewSubnet/24', ), Nachdem die \u00c4nderungen vorgenommen wurden, muss der nginx-Container neu gestartet werden. docker compose restart nginx-mailcow","title":"Nextcloud"},{"location":"de/third_party/nextcloud/third_party-nextcloud/#nextcloud-mit-dem-helper-skript-verwalten","text":"Nextcloud kann mit dem helper script , das in mailcow enthalten ist, eingerichtet (Parameter -i ) und entfernt (Parameter -p ) werden. Um Nextcloud zu installieren, navigieren Sie einfach zu Ihrem mailcow-dockerized Root-Ordner und f\u00fchren Sie das Helper-Skript wie folgt aus: ./helper-scripts/nextcloud.sh -i F\u00fcr den Fall, dass Sie das Passwort (z.B. f\u00fcr admin) vergessen haben und kein neues anfordern k\u00f6nnen [\u00fcber den Passwort-Reset-Link auf dem Login-Bildschirm] ( https://docs.nextcloud.com/server/20/admin_manual/configuration_user/reset_admin_password.html?highlight=reset ), k\u00f6nnen Sie durch den Aufruf des Helper-Skripts mit -r als Parameter ein neues Passwort setzen. Verwenden Sie diese Option nur, wenn Ihre Nextcloud nicht so konfiguriert ist, dass Sie mailcow zur Authentifizierung verwendet, wie im n\u00e4chsten Abschnitt beschrieben. Damit mailcow ein Zertifikat f\u00fcr die Nextcloud Domain generieren kann, muss die Domain unter welcher die Nextcloud sp\u00e4ter erreichbar sein soll als ADDITIONAL_SAN in die mailcow.conf hinzuf\u00fcgt werden und docker compose up -d zur \u00dcbernahme ausgef\u00fchrt werden. F\u00fcr weitere Informationen siehe: Erweitertes SSL .","title":"Nextcloud mit dem Helper-Skript verwalten"},{"location":"de/third_party/nextcloud/third_party-nextcloud/#hintergrund-aufgaben","text":"Zur Verwendung der empfohlenen Einstellung (Cron) zur Verarbeitung der Hintergrund-Aufgaben m\u00fcssen in der docker-compose.override.yml folgende Zeilen hinzugef\u00fcgt werden: version: '2.1' services: php-fpm-mailcow: labels: ofelia.enabled: \"true\" ofelia.job-exec.nextcloud-cron.schedule: \"@every 5m\" ofelia.job-exec.nextcloud-cron.command: \"su www-data -s /bin/bash -c \\\"/usr/local/bin/php -f /web/nextcloud/cron.php\\\"\" Nachdem diese Zeilen hinzugef\u00fcgt wurden muss docker compose up -d ausgef\u00fchrt werden, um das Docker Image mit den entsprechenden Labels zu versehen. Danach muss zudem der docker scheduler neu gestartet werden, um den neuen Job zu registrieren. Dazu wird docker compose restart ofelia-mailcow ausgef\u00fchrt. Zur \u00dcberpr\u00fcfung, ob die ofelia Konfiguration korrekt ist geladen wurde, kann mittels docker compose logs ofelia-mailcow nach einer Zeile mit dem Inhalt New job registered \"nextcloud-cron\" - ... gesucht werden. Hierdurch wird alle 5 Minuten die Hintergrundverarbeitung gestartet. Da die Ausf\u00fchrung selbst keine Ausgabe liefert, kann die korrekte Funktionsweise in den Grundeinstellungen von Nextcloud \u00fcberpr\u00fcft werden. Hier wird automatisch mit der ersten Ausf\u00fchrung die Hintergrund-Aufgaben Verarbeitung auf (X) Cron gesetzt und der Zeitstempel Letzte Aufgabe ausgef\u00fchrt aktualisiert.","title":"Hintergrund-Aufgaben"},{"location":"de/third_party/nextcloud/third_party-nextcloud/#konfigurieren-sie-nextcloud-um-mailcow-fur-die-authentifizierung-zu-verwenden","text":"Im Folgenden wird beschrieben, wie die Authentifizierung \u00fcber mailcow unter Verwendung des OAuth2-Protokolls eingerichtet wird. Wir nehmen nur an, dass Sie Nextcloud bereits unter cloud.example.com eingerichtet haben und dass Ihre mailcow unter mail.example.com l\u00e4uft. Es spielt keine Rolle, wenn Ihre Nextcloud auf einem anderen Server l\u00e4uft, Sie k\u00f6nnen immer noch mailcow f\u00fcr die Authentifizierung verwenden. 1. Melden Sie sich bei mailcow als Administrator an. 2. Scrollen Sie nach unten zu OAuth2 Apps und klicken Sie auf die Schaltfl\u00e4che Hinzuf\u00fcgen . Geben Sie die Redirect URI als https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow an und klicken Sie auf Hinzuf\u00fcgen . Speichern Sie die Client-ID und das Geheimnis f\u00fcr sp\u00e4ter. Info Einige Installationen, einschlie\u00dflich derer, die mit dem Helper-Skript von mailcow eingerichtet wurden, m\u00fcssen index.php/ aus der URL entfernen, um einen erfolgreichen Redirect zu erhalten: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow 3. Melden Sie sich bei Nextcloud als Administrator an. 4. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Apps . Klicken Sie auf die Schaltfl\u00e4che \"Suchen\" in der Symbolleiste, suchen Sie nach dem Plugin Social Login und klicken Sie daneben auf Herunterladen und aktivieren . 5. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Einstellungen . Scrollen Sie zum Abschnitt Administration auf der linken Seite und klicken Sie auf Social Login . 6. Entfernen Sie das H\u00e4kchen bei den folgenden Punkten: \"Automatische Erstellung neuer Benutzer deaktivieren\" \"Benutzern erlauben, soziale Logins mit ihren Konten zu verbinden\". \"Nicht verf\u00fcgbare Benutzergruppen bei der Anmeldung nicht entfernen\" \"Gruppen automatisch erstellen, wenn sie nicht vorhanden sind\" \"Anmeldung f\u00fcr Benutzer ohne zugeordnete Gruppen einschr\u00e4nken\". 7. \u00dcberpr\u00fcfen Sie die folgenden Punkte: \"Die Erstellung eines Kontos verhindern, wenn die E-Mail-Adresse in einem anderen Konto existiert\" \"Benutzerprofil bei jeder Anmeldung aktualisieren\" \"Benachrichtigung der Administratoren \u00fcber neue Benutzer deaktivieren\". Klicken Sie auf die Schaltfl\u00e4che Speichern . 8. Scrollen Sie nach unten zu Custom OAuth2 und klicken Sie auf die Schaltfl\u00e4che + . 9. Konfigurieren Sie die Parameter wie folgt: Interner Name: Mailcow Titel: Mailcow API Basis-URL: https://mail.example.com Autorisierungs-URL: https://mail.example.com/oauth/authorize Token-URL: https://mail.example.com/oauth/token Profil-URL: https://mail.example.com/oauth/profile Abmelde-URL: (leer lassen) Kunden-ID: (die Sie in Schritt 1 erhalten haben) Client Secret: (was Sie in Schritt 1 erhalten haben) Bereich: Profil Klicken Sie auf die Schaltfl\u00e4che Speichern ganz unten auf der Seite. Wenn Sie bisher Nextcloud mit mailcow-Authentifizierung \u00fcber user_external/IMAP verwendet haben, m\u00fcssen Sie einige zus\u00e4tzliche Schritte durchf\u00fchren, um Ihre bestehenden Benutzerkonten mit OAuth2 zu verkn\u00fcpfen. 1. Klicken Sie auf die Schaltfl\u00e4che in der oberen rechten Ecke und w\u00e4hlen Sie Apps . Scrollen Sie nach unten zur App Externe Benutzerauthentifizierung und klicken Sie daneben auf Entfernen . 2. F\u00fchren Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, k\u00f6nnen Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausf\u00fchren): INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users_external; Wenn Sie Nextcloud bisher ohne mailcow-Authentifizierung, aber mit den gleichen Benutzernamen wie mailcow genutzt haben, k\u00f6nnen Sie Ihre bestehenden Benutzerkonten auch mit OAuth2 verkn\u00fcpfen. 1. F\u00fchren Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, k\u00f6nnen Sie source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausf\u00fchren): INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT(\"Mailcow-\", uid) FROM nc_users;","title":"Konfigurieren Sie Nextcloud, um mailcow f\u00fcr die Authentifizierung zu verwenden"},{"location":"de/third_party/nextcloud/third_party-nextcloud/#aktualisieren","text":"Die Nextcloud-Instanz kann einfach mit dem Web-Update-Mechanismus aktualisiert werden. Bei gr\u00f6\u00dferen Updates k\u00f6nnen nach dem Update weitere \u00c4nderungen vorgenommen werden. Nachdem die Nextcloud-Instanz gepr\u00fcft wurde, werden Probleme angezeigt. Dies k\u00f6nnen z.B. fehlende Indizes in der DB oder \u00e4hnliches sein. Es wird angezeigt, welche Befehle ausgef\u00fchrt werden m\u00fcssen, diese m\u00fcssen im php-fpm-mailcow Container platziert werden. F\u00fchren Sie z.B. folgenden Befehl aus, um die fehlenden Indizes hinzuzuf\u00fcgen docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c \"php /web/nextcloud/occ db:add-missing-indices\"","title":"Aktualisieren"},{"location":"de/third_party/nextcloud/third_party-nextcloud/#fehlersuche-und-fehlerbehebung","text":"Es kann vorkommen, dass Sie die Nextcloud-Instanz von Ihrem Netzwerk aus nicht erreichen k\u00f6nnen. Dies kann daran liegen, dass der Eintrag Ihres Subnetzes im Array 'trusted_proxies' fehlt. Sie k\u00f6nnen \u00c4nderungen in der Nextcloud config.php in data/web/nextcloud/config/* vornehmen. 'trusted_proxies' => array ( 0 => 'fd4d:6169:6c63:6f77::/64', 1 => '172.22.1.0/24', 2 => 'NewSubnet/24', ), Nachdem die \u00c4nderungen vorgenommen wurden, muss der nginx-Container neu gestartet werden. docker compose restart nginx-mailcow","title":"Fehlersuche und Fehlerbehebung"},{"location":"de/third_party/portainer/third_party-portainer/","text":"Um Portainer zu aktivieren, m\u00fcssen die docker-compose.yml und site.conf f\u00fcr Nginx ge\u00e4ndert werden. 1. Erstellen Sie eine neue Datei docker-compose.override.yml im mailcow-dockerized Stammverzeichnis und f\u00fcgen Sie die folgende Konfiguration ein version: '2.1' services: portainer-mailcow: image: portainer/portainer-ce volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data/conf/portainer:/data restart: always dns: - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: aliases: - portainer 2a. Erstelle data/conf/nginx/portainer.conf : upstream portainer { server portainer-mailcow:9000; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } 2b. F\u00fcgen Sie einen neuen Standort f\u00fcr die Standard-Mailcow-Site ein, indem Sie die Datei data/conf/nginx/site.portainer.custom erstellen: location /portainer/ { proxy_http_version 1.1; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_set_header Connection \"\"; proxy_buffers 32 4k; proxy_pass http://portainer/; } location /portainer/api/websocket/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_pass http://portainer/api/websocket/; } 3. \u00dcbernehmen Sie Ihre \u00c4nderungen: docker compose up -d && docker compose restart nginx-mailcow Nun k\u00f6nnen Sie einfach zu https://${MAILCOW_HOSTNAME}/portainer/ navigieren, um Ihre Portainer-Container-\u00dcberwachungsseite anzuzeigen. Sie werden dann aufgefordert, ein neues Passwort f\u00fcr den admin Account anzugeben. Nachdem Sie Ihr Passwort eingegeben haben, k\u00f6nnen Sie sich mit der Portainer UI verbinden. Reverse Proxy \u00b6 Wenn Sie einen Reverse-Proxy verwenden, muss dieser noch konfiguriert werden die Websocket Requests richtig weiterzuleiten. Dies wird f\u00fcr die Docker Konsole und andere Komponenten ben\u00f6tigt. Hier ist ein Bespiel f\u00fcr Apache: RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P] ","title":"Portainer"},{"location":"de/third_party/portainer/third_party-portainer/#reverse-proxy","text":"Wenn Sie einen Reverse-Proxy verwenden, muss dieser noch konfiguriert werden die Websocket Requests richtig weiterzuleiten. Dies wird f\u00fcr die Docker Konsole und andere Komponenten ben\u00f6tigt. Hier ist ein Bespiel f\u00fcr Apache: RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P] ","title":"Reverse Proxy"},{"location":"de/third_party/roundcube/third_party-roundcube/","text":"Installation von Roundcube \u00b6 Laden Sie Roundcube 1.6.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/ ): # Pr\u00fcfen Sie, ob eine neuere Version vorliegt! cd daten/web wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - # \u00c4ndern Sie den Ordnernamen mv roundcubemail-1.6.0 rc # Berechtigungen \u00e4ndern chown -R root: rc/ Wenn Sie eine Rechtschreibpr\u00fcfung ben\u00f6tigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibpr\u00fcfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibpr\u00fcfung haben, so dass Sie diese vielleicht nicht ben\u00f6tigen. #!/bin/bash apk update apk add aspell-de # oder jede andere Sprache Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. - \u00c4ndern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vor\u00fcbergehend zu speichern. - Der db_prefix ist optional, wird aber empfohlen. - Wenn Sie die Rechtschreibpr\u00fcfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false; . array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['enable_installer'] = true; $config['smtp_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['db_prefix'] = 'mailcow_rc1'; Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. Initialisiere die Datenbank und verlasse das Installationsprogramm. L\u00f6schen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation! Konfigurieren Sie die ManageSieve-Filterung \u00b6 \u00d6ffnen Sie data/web/rc/config/config.inc.php und \u00e4ndern Sie die folgenden Parameter (oder f\u00fcgen Sie sie am Ende der Datei hinzu): $config['managesieve_host'] = 'tls://dovecot:4190'; $config['managesieve_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); // Aktiviert separate Verwaltungsschnittstelle f\u00fcr Urlaubsantworten (au\u00dfer Haus) // 0 - kein separater Abschnitt (Standard), // 1 - Abschnitt \"Urlaub\" hinzuf\u00fcgen, // 2 - Abschnitt \"Urlaub\" hinzuf\u00fcgen, aber Abschnitt \"Filter\" ausblenden $config['managesieve_vacation'] = 1; Aktivieren Sie die Funktion \"Passwort \u00e4ndern\" in Roundcube \u00b6 \u00d6ffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin: [...] $config['plugins'] = array( 'archive', 'password', ); [...] \u00d6ffnen Sie data/web/rc/plugins/password/password.php , suchen Sie nach case 'ssha': und f\u00fcgen Sie oben hinzu: case 'ssha256': $salt = rcube_utils::random_bytes(8); $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); $prefix = '{SSHA256}'; break; \u00d6ffnen Sie data/web/rc/plugins/password/config.inc.php und \u00e4ndern Sie die folgenden Parameter (oder f\u00fcgen Sie sie am Ende der Datei hinzu): $config['password_driver'] = 'sql'; $config['password_algorithm'] = 'ssha256'; $config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_query'] = \"UPDATE mailbox SET password = %P WHERE username = %u\"; CardDAV Adressb\u00fccher in Roundcube einbinden \u00b6 Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins ): cd data/web/rc/plugins wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz - chown -R root: carddav/ Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav ) und f\u00fcgen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: $prefs['SOGo'] = array( 'name' => 'SOGo', 'username' => '%u', 'password' => '%p', 'url' => 'https://mx.example.org/SOGo/dav/%u/', 'carddav_name_only' => true, 'use_categories' => true, 'active' => true, 'readonly' => false, 'refresh_time' => '02:00:00', 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), 'hide' => false, ); Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen \"Pers\u00f6nliches Adressbuch\" tr\u00e4gt und nicht gel\u00f6scht werden kann). Weitere Adressb\u00fccher werden derzeit nicht automatisch erkannt, k\u00f6nnen aber manuell in den Roundcube-Einstellungen hinzugef\u00fcgt werden. Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzuf\u00fcgen. Wenn Sie die Standard-Adressb\u00fccher (die in der Roundcube-Datenbank gespeichert sind) entfernen m\u00f6chten, so dass nur die CardDAV-Adressb\u00fccher zug\u00e4nglich sind, f\u00fcgen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein. Optional k\u00f6nnen Sie Roundcube's Link zu der mailcow Apps Liste hinzuf\u00fcgen. Um dies zu tun, \u00f6ffnen oder erstellen Sie data/web/inc/vars.local.inc.php und f\u00fcgen Sie den folgenden Code-Block hinzu: HINWEIS: Vergessen Sie nicht, das 'SOGo', 'link' => '/SOGo/' ), array( 'name' => 'Roundcube', 'link' => '/rc/' ) ); ... Aktualisierung von Roundcube \u00b6 Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite f\u00fcr Roundcube und holen Sie sich den Link f\u00fcr die \"complete.tar.gz\" Datei f\u00fcr die gew\u00fcnschte Version. Dann folgen Sie den untenstehenden Befehlen und \u00e4ndern Sie die URL und den Namen des Roundcube-Ordners, falls n\u00f6tig. # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash # Installieren Sie die erforderliche Upgrade-Abh\u00e4ngigkeit, dann aktualisieren Sie Roundcube auf die gew\u00fcnschte Version apk add rsync cd /tmp wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - cd roundcubemail-1.6.0 bin/installto.sh /web/rc # Geben Sie 'Y' ein und dr\u00fccken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren. # Geben Sie 'N' ein, wenn folgender Dialog erscheint: \"Do you want me to fix your local configuration\". # Sollte im Output eine Notice kommen \"NOTICE: Update dependencies by running php composer.phar update --no-dev\" sollte an kurzerhand composer.phar downloaden und die updates durchf\u00fchren: cd /web/rc wget https://getcomposer.org/download/2.4.2/composer.phar php composer.phar update --no-dev # Auf die Frage \"Do you trust \"roundcube/plugin-installer\" to execute code and wish to enable it now? (writes \"allow-plugins\" to composer.json) [y,n,d,?] \" bitte mit y antworten. # Entfernen Sie \u00fcbrig gebliebene Dateien cd /tmp rm -rf roundcube* # Falls Sie von Version 1.5 auf 1.6 updaten, dann f\u00fchren Sie folgende Befehle aus, um die Konfigurationsdatei anzupassen:` sed -i \"s/\\$config\\['default_host'\\].*$/\\$config\\['imap_host'\\]\\ =\\ 'tls:\\/\\/dovecot:143'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['default_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['smtp_server'\\].*$/\\$config\\['smtp_host'\\]\\ =\\ 'tls:\\/\\/postfix:587'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['smtp_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['managesieve_host'\\].*$/\\$config\\['managesieve_host'\\]\\ =\\ 'tls:\\/\\/dovecot:4190'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['managesieve_port'\\].*$/d\" /web/rc/config/config.inc.php Administratoren ohne Passwort in Roundcube einloggen lassen \u00b6 Installieren Sie zun\u00e4chst das Plugin [dovecot_impersonate] ( https://github.com/corbosman/dovecot_impersonate/ ) und f\u00fcgen Sie Roundcube als App hinzu (siehe oben). Editieren Sie mailcow.conf und f\u00fcgen Sie folgendes hinzu: # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort) # Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y Editieren Sie docker-compose.override.yml und verfassen/erweitern Sie den Abschnitt f\u00fcr php-fpm-mailcow : version: '2.1' services: php-fpm-mailcow: environment: - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} Bearbeiten Sie data/web/js/site/mailbox.js und den folgenden Code nach if (ALLOW_ADMIN_EMAIL_LOGIN) { ... } if ( ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE ) { item . action += ' Roundcube' ; } Bearbeiten Sie data/web/mailbox.php und f\u00fcgen Sie diese Zeile zum Array $template_data hinzu: 'allow_admin_email_login_roundcube' => (preg_match(\"/^(yes|y)+$/i\", $_ENV[\"ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE\"])) ? 'true' : 'false', Bearbeiten Sie data/web/templates/mailbox.twig und f\u00fcgen Sie diesen Code am Ende des [javascript-Abschnitts] ein ( https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57 ): var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }}; Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet : data/web/inc/lib/RoundcubeAutoLogin.php data/web/rc-auth.php Starten Sie schlie\u00dflich mailcow neu docker compose down docker compose up -d","title":"Roundcube"},{"location":"de/third_party/roundcube/third_party-roundcube/#installation-von-roundcube","text":"Laden Sie Roundcube 1.6.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/ ): # Pr\u00fcfen Sie, ob eine neuere Version vorliegt! cd daten/web wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - # \u00c4ndern Sie den Ordnernamen mv roundcubemail-1.6.0 rc # Berechtigungen \u00e4ndern chown -R root: rc/ Wenn Sie eine Rechtschreibpr\u00fcfung ben\u00f6tigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibpr\u00fcfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibpr\u00fcfung haben, so dass Sie diese vielleicht nicht ben\u00f6tigen. #!/bin/bash apk update apk add aspell-de # oder jede andere Sprache Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. - \u00c4ndern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vor\u00fcbergehend zu speichern. - Der db_prefix ist optional, wird aber empfohlen. - Wenn Sie die Rechtschreibpr\u00fcfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false; . array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['enable_installer'] = true; $config['smtp_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); $config['db_prefix'] = 'mailcow_rc1'; Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. Initialisiere die Datenbank und verlasse das Installationsprogramm. L\u00f6schen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation!","title":"Installation von Roundcube"},{"location":"de/third_party/roundcube/third_party-roundcube/#konfigurieren-sie-die-managesieve-filterung","text":"\u00d6ffnen Sie data/web/rc/config/config.inc.php und \u00e4ndern Sie die folgenden Parameter (oder f\u00fcgen Sie sie am Ende der Datei hinzu): $config['managesieve_host'] = 'tls://dovecot:4190'; $config['managesieve_conn_options'] = array( 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) ); // Aktiviert separate Verwaltungsschnittstelle f\u00fcr Urlaubsantworten (au\u00dfer Haus) // 0 - kein separater Abschnitt (Standard), // 1 - Abschnitt \"Urlaub\" hinzuf\u00fcgen, // 2 - Abschnitt \"Urlaub\" hinzuf\u00fcgen, aber Abschnitt \"Filter\" ausblenden $config['managesieve_vacation'] = 1;","title":"Konfigurieren Sie die ManageSieve-Filterung"},{"location":"de/third_party/roundcube/third_party-roundcube/#aktivieren-sie-die-funktion-passwort-andern-in-roundcube","text":"\u00d6ffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin: [...] $config['plugins'] = array( 'archive', 'password', ); [...] \u00d6ffnen Sie data/web/rc/plugins/password/password.php , suchen Sie nach case 'ssha': und f\u00fcgen Sie oben hinzu: case 'ssha256': $salt = rcube_utils::random_bytes(8); $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); $prefix = '{SSHA256}'; break; \u00d6ffnen Sie data/web/rc/plugins/password/config.inc.php und \u00e4ndern Sie die folgenden Parameter (oder f\u00fcgen Sie sie am Ende der Datei hinzu): $config['password_driver'] = 'sql'; $config['password_algorithm'] = 'ssha256'; $config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_query'] = \"UPDATE mailbox SET password = %P WHERE username = %u\";","title":"Aktivieren Sie die Funktion \"Passwort \u00e4ndern\" in Roundcube"},{"location":"de/third_party/roundcube/third_party-roundcube/#carddav-adressbucher-in-roundcube-einbinden","text":"Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins ): cd data/web/rc/plugins wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz | tar xfvz - chown -R root: carddav/ Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav ) und f\u00fcgen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: $prefs['SOGo'] = array( 'name' => 'SOGo', 'username' => '%u', 'password' => '%p', 'url' => 'https://mx.example.org/SOGo/dav/%u/', 'carddav_name_only' => true, 'use_categories' => true, 'active' => true, 'readonly' => false, 'refresh_time' => '02:00:00', 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), 'hide' => false, ); Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen \"Pers\u00f6nliches Adressbuch\" tr\u00e4gt und nicht gel\u00f6scht werden kann). Weitere Adressb\u00fccher werden derzeit nicht automatisch erkannt, k\u00f6nnen aber manuell in den Roundcube-Einstellungen hinzugef\u00fcgt werden. Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzuf\u00fcgen. Wenn Sie die Standard-Adressb\u00fccher (die in der Roundcube-Datenbank gespeichert sind) entfernen m\u00f6chten, so dass nur die CardDAV-Adressb\u00fccher zug\u00e4nglich sind, f\u00fcgen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein. Optional k\u00f6nnen Sie Roundcube's Link zu der mailcow Apps Liste hinzuf\u00fcgen. Um dies zu tun, \u00f6ffnen oder erstellen Sie data/web/inc/vars.local.inc.php und f\u00fcgen Sie den folgenden Code-Block hinzu: HINWEIS: Vergessen Sie nicht, das 'SOGo', 'link' => '/SOGo/' ), array( 'name' => 'Roundcube', 'link' => '/rc/' ) ); ...","title":"CardDAV Adressb\u00fccher in Roundcube einbinden"},{"location":"de/third_party/roundcube/third_party-roundcube/#aktualisierung-von-roundcube","text":"Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite f\u00fcr Roundcube und holen Sie sich den Link f\u00fcr die \"complete.tar.gz\" Datei f\u00fcr die gew\u00fcnschte Version. Dann folgen Sie den untenstehenden Befehlen und \u00e4ndern Sie die URL und den Namen des Roundcube-Ordners, falls n\u00f6tig. # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash # Installieren Sie die erforderliche Upgrade-Abh\u00e4ngigkeit, dann aktualisieren Sie Roundcube auf die gew\u00fcnschte Version apk add rsync cd /tmp wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz - cd roundcubemail-1.6.0 bin/installto.sh /web/rc # Geben Sie 'Y' ein und dr\u00fccken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren. # Geben Sie 'N' ein, wenn folgender Dialog erscheint: \"Do you want me to fix your local configuration\". # Sollte im Output eine Notice kommen \"NOTICE: Update dependencies by running php composer.phar update --no-dev\" sollte an kurzerhand composer.phar downloaden und die updates durchf\u00fchren: cd /web/rc wget https://getcomposer.org/download/2.4.2/composer.phar php composer.phar update --no-dev # Auf die Frage \"Do you trust \"roundcube/plugin-installer\" to execute code and wish to enable it now? (writes \"allow-plugins\" to composer.json) [y,n,d,?] \" bitte mit y antworten. # Entfernen Sie \u00fcbrig gebliebene Dateien cd /tmp rm -rf roundcube* # Falls Sie von Version 1.5 auf 1.6 updaten, dann f\u00fchren Sie folgende Befehle aus, um die Konfigurationsdatei anzupassen:` sed -i \"s/\\$config\\['default_host'\\].*$/\\$config\\['imap_host'\\]\\ =\\ 'tls:\\/\\/dovecot:143'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['default_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['smtp_server'\\].*$/\\$config\\['smtp_host'\\]\\ =\\ 'tls:\\/\\/postfix:587'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['smtp_port'\\].*$/d\" /web/rc/config/config.inc.php sed -i \"s/\\$config\\['managesieve_host'\\].*$/\\$config\\['managesieve_host'\\]\\ =\\ 'tls:\\/\\/dovecot:4190'\\;/\" /web/rc/config/config.inc.php sed -i \"/\\$config\\['managesieve_port'\\].*$/d\" /web/rc/config/config.inc.php","title":"Aktualisierung von Roundcube"},{"location":"de/third_party/roundcube/third_party-roundcube/#administratoren-ohne-passwort-in-roundcube-einloggen-lassen","text":"Installieren Sie zun\u00e4chst das Plugin [dovecot_impersonate] ( https://github.com/corbosman/dovecot_impersonate/ ) und f\u00fcgen Sie Roundcube als App hinzu (siehe oben). Editieren Sie mailcow.conf und f\u00fcgen Sie folgendes hinzu: # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort) # Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y Editieren Sie docker-compose.override.yml und verfassen/erweitern Sie den Abschnitt f\u00fcr php-fpm-mailcow : version: '2.1' services: php-fpm-mailcow: environment: - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} Bearbeiten Sie data/web/js/site/mailbox.js und den folgenden Code nach if (ALLOW_ADMIN_EMAIL_LOGIN) { ... } if ( ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE ) { item . action += ' Roundcube' ; } Bearbeiten Sie data/web/mailbox.php und f\u00fcgen Sie diese Zeile zum Array $template_data hinzu: 'allow_admin_email_login_roundcube' => (preg_match(\"/^(yes|y)+$/i\", $_ENV[\"ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE\"])) ? 'true' : 'false', Bearbeiten Sie data/web/templates/mailbox.twig und f\u00fcgen Sie diesen Code am Ende des [javascript-Abschnitts] ein ( https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57 ): var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }}; Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet : data/web/inc/lib/RoundcubeAutoLogin.php data/web/rc-auth.php Starten Sie schlie\u00dflich mailcow neu docker compose down docker compose up -d","title":"Administratoren ohne Passwort in Roundcube einloggen lassen"},{"location":"de/troubleshooting/debug-admin_login_sogo/","text":"Dies ist eine experimentelle Funktion, die es Admins und Dom\u00e4nenadmins erlaubt, sich direkt als Mailbox-Benutzer bei SOGo anzumelden, ohne das Passwort des Benutzers zu kennen. Dazu wird ein zus\u00e4tzlicher Link zu SOGo in der Mailbox-Liste (mailcow UI) angezeigt. Auch mehrere gleichzeitige Admin-Logins auf verschiedene Postf\u00e4cher sind mit dieser Funktion m\u00f6glich. Aktivieren der Funktion \u00b6 Die Funktion ist standardm\u00e4\u00dfig deaktiviert. Es kann in der mailcow.conf durch Setzen aktiviert werden: ALLOW_ADMIN_EMAIL_LOGIN=y und die betroffenen Container neu erstellen mit docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d Nachteile bei Aktivierung \u00b6 Jeder SOGo-Seiten-Load und jede Active-Sync-Anfrage verursacht eine zus\u00e4tzliche Ausf\u00fchrung eines internen PHP-Skripts. Dies kann die Ladezeiten von SOGo / EAS beeintr\u00e4chtigen. In den meisten F\u00e4llen sollte dies nicht sp\u00fcrbar sein, aber Sie sollten es im Hinterkopf behalten, wenn Sie Performance-Probleme haben. SOGo zeigt keinen Logout-Link f\u00fcr Admin-Logins an, um sich normal anzumelden, muss man sich von der mailcow UI abmelden, so dass die PHP-Sitzung zerst\u00f6rt wird. Das Abonnieren des Kalenders oder Adressbuchs eines anderen Nutzers, w\u00e4hrend man als Admin eingeloggt ist, funktioniert nicht. Ebenso wenig funktioniert das Einladen anderer Nutzer zu Kalender-Events. Die Seite wird neu geladen, wenn diese Dinge versucht werden. Technische Details \u00b6 Die Option SOGoTrustProxyAuthentication ist auf YES gesetzt, so dass SOGo dem x-webobjects-remote-user-Header vertraut. Dovecot erh\u00e4lt ein zuf\u00e4lliges Master-Passwort, das f\u00fcr alle Mailboxen g\u00fcltig ist, wenn es vom SOGo-Container verwendet wird. Ein Klick auf den SOGo-Button in der Mailbox-Liste \u00f6ffnet die Datei sogo-auth.php, die Berechtigungen pr\u00fcft, Session-Variablen setzt und auf die SOGo-Mailbox umleitet. Jede SOGo, CardDAV, CalDAV und EAS http-Anfrage verursacht einen zus\u00e4tzlichen, nginx-internen auth_request-Aufruf an sogo-auth.php mit folgendem Verhalten: Wenn ein basic_auth-Header vorhanden ist, wird das Skript die Anmeldedaten anstelle von SOGo validieren und die folgenden Header bereitstellen: x-webobjects-remote-user , Authorization und x-webobjects-auth-type . Wenn kein basic_auth-Header vorhanden ist, wird das Skript nach einer aktiven Mailcow-Admin-Sitzung f\u00fcr den angeforderten E-Mail-Benutzer suchen und die gleichen Header bereitstellen, aber mit dem Dovecot-Master-Passwort, das im Authorization -Header verwendet wird. Wenn beides fehlschl\u00e4gt, werden die Header leer gesetzt, was SOGo dazu bringt, seine Standard-Authentifizierungsmethoden zu verwenden. Alle diese Optionen/Verhaltensweisen sind deaktiviert, wenn die Option ALLOW_ADMIN_EMAIL_LOGIN in der Konfiguration nicht aktiviert ist.","title":"Admin-Anmeldung bei SOGo"},{"location":"de/troubleshooting/debug-admin_login_sogo/#aktivieren-der-funktion","text":"Die Funktion ist standardm\u00e4\u00dfig deaktiviert. Es kann in der mailcow.conf durch Setzen aktiviert werden: ALLOW_ADMIN_EMAIL_LOGIN=y und die betroffenen Container neu erstellen mit docker compose (Plugin) docker-compose (Standalone) docker compose up -d docker-compose up -d","title":"Aktivieren der Funktion"},{"location":"de/troubleshooting/debug-admin_login_sogo/#nachteile-bei-aktivierung","text":"Jeder SOGo-Seiten-Load und jede Active-Sync-Anfrage verursacht eine zus\u00e4tzliche Ausf\u00fchrung eines internen PHP-Skripts. Dies kann die Ladezeiten von SOGo / EAS beeintr\u00e4chtigen. In den meisten F\u00e4llen sollte dies nicht sp\u00fcrbar sein, aber Sie sollten es im Hinterkopf behalten, wenn Sie Performance-Probleme haben. SOGo zeigt keinen Logout-Link f\u00fcr Admin-Logins an, um sich normal anzumelden, muss man sich von der mailcow UI abmelden, so dass die PHP-Sitzung zerst\u00f6rt wird. Das Abonnieren des Kalenders oder Adressbuchs eines anderen Nutzers, w\u00e4hrend man als Admin eingeloggt ist, funktioniert nicht. Ebenso wenig funktioniert das Einladen anderer Nutzer zu Kalender-Events. Die Seite wird neu geladen, wenn diese Dinge versucht werden.","title":"Nachteile bei Aktivierung"},{"location":"de/troubleshooting/debug-admin_login_sogo/#technische-details","text":"Die Option SOGoTrustProxyAuthentication ist auf YES gesetzt, so dass SOGo dem x-webobjects-remote-user-Header vertraut. Dovecot erh\u00e4lt ein zuf\u00e4lliges Master-Passwort, das f\u00fcr alle Mailboxen g\u00fcltig ist, wenn es vom SOGo-Container verwendet wird. Ein Klick auf den SOGo-Button in der Mailbox-Liste \u00f6ffnet die Datei sogo-auth.php, die Berechtigungen pr\u00fcft, Session-Variablen setzt und auf die SOGo-Mailbox umleitet. Jede SOGo, CardDAV, CalDAV und EAS http-Anfrage verursacht einen zus\u00e4tzlichen, nginx-internen auth_request-Aufruf an sogo-auth.php mit folgendem Verhalten: Wenn ein basic_auth-Header vorhanden ist, wird das Skript die Anmeldedaten anstelle von SOGo validieren und die folgenden Header bereitstellen: x-webobjects-remote-user , Authorization und x-webobjects-auth-type . Wenn kein basic_auth-Header vorhanden ist, wird das Skript nach einer aktiven Mailcow-Admin-Sitzung f\u00fcr den angeforderten E-Mail-Benutzer suchen und die gleichen Header bereitstellen, aber mit dem Dovecot-Master-Passwort, das im Authorization -Header verwendet wird. Wenn beides fehlschl\u00e4gt, werden die Header leer gesetzt, was SOGo dazu bringt, seine Standard-Authentifizierungsmethoden zu verwenden. Alle diese Optionen/Verhaltensweisen sind deaktiviert, wenn die Option ALLOW_ADMIN_EMAIL_LOGIN in der Konfiguration nicht aktiviert ist.","title":"Technische Details"},{"location":"de/troubleshooting/debug-attach_service/","text":"Anh\u00e4ngen eines Containers an Ihre Shell \u00b6 Um einen Container an Ihre Shell anzuh\u00e4ngen, k\u00f6nnen Sie einfach folgendes ausf\u00fchren docker compose (Plugin) docker-compose (Standalone) docker compose exec $Dienst_Name /bin/bash docker-compose exec $Dienst_Name /bin/bash Verbindung zu Diensten herstellen \u00b6 Wenn Sie sich direkt mit einem Dienst / einer Anwendung verbinden wollen, ist es immer eine gute Idee, source mailcow.conf zu benutzen, um alle relevanten Variablen in Ihre Umgebung zu bekommen. MySQL \u00b6 docker compose (Plugin) docker-compose (Standalone) source mailcow.conf docker compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME } source mailcow.conf docker-compose exec mysql-mailcow mysql -u ${ DBUSER } -p ${ DBPASS } ${ DBNAME } Redis \u00b6 docker compose (Plugin) docker-compose (Standalone) docker compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli Dienstbeschreibungen \u00b6 Hier ist eine kurze \u00dcbersicht, welcher Container / Dienst was macht: Dienstname Dienstbeschreibungen unbound-mailcow Lokaler (DNSSEC) DNS-Aufl\u00f6ser mysql-mailcow Speichert die SOGo's und die meisten Einstellungen von mailcow postfix-mailcow Empf\u00e4ngt und sendet Mails dovecot-mailcow Benutzer-Logins und Siebfilter redis-mailcow Speicher-Backend f\u00fcr DKIM-Schl\u00fcssel und Rspamd rspamd-mailcow Mail-Filter-System. Verwendet f\u00fcr Av-Behandlung, DKIM-Signierung, Spam-Behandlung clamd-mailcow Scannt Anh\u00e4nge auf Viren olefy-mailcow Scannt angeh\u00e4ngte Office-Dokumente auf Makro-Viren solr-mailcow Bietet Volltextsuche in Dovecot sogo-mailcow Webmail-Client, der Microsoft ActiveSync und Cal- / CardDav verarbeitet nginx-mailcow Nginx Remote-Proxy, der alle mailcow-bezogenen HTTP / HTTPS-Anfragen bearbeitet acme-mailcow Automatisiert den Einsatz von HTTPS (SSL/TLS) Zertifikaten memcached-mailcow Internes Caching-System f\u00fcr mailcow-Dienste watchdog-mailcow Erm\u00f6glicht die \u00dcberwachung von Docker-Containern / Diensten php-fpm-mailcow Betreibt die mailcow Web UI netfilter-mailcow Fail2Ban \u00e4hnliche Integration","title":"In einen Container wechseln (CLI)"},{"location":"de/troubleshooting/debug-attach_service/#anhangen-eines-containers-an-ihre-shell","text":"Um einen Container an Ihre Shell anzuh\u00e4ngen, k\u00f6nnen Sie einfach folgendes ausf\u00fchren docker compose (Plugin) docker-compose (Standalone) docker compose exec $Dienst_Name /bin/bash docker-compose exec $Dienst_Name /bin/bash","title":"Anh\u00e4ngen eines Containers an Ihre Shell"},{"location":"de/troubleshooting/debug-attach_service/#verbindung-zu-diensten-herstellen","text":"Wenn Sie sich direkt mit einem Dienst / einer Anwendung verbinden wollen, ist es immer eine gute Idee, source mailcow.conf zu benutzen, um alle relevanten Variablen in Ihre Umgebung zu bekommen.","title":"Verbindung zu Diensten herstellen"},{"location":"de/troubleshooting/debug-attach_service/#dienstbeschreibungen","text":"Hier ist eine kurze \u00dcbersicht, welcher Container / Dienst was macht: Dienstname Dienstbeschreibungen unbound-mailcow Lokaler (DNSSEC) DNS-Aufl\u00f6ser mysql-mailcow Speichert die SOGo's und die meisten Einstellungen von mailcow postfix-mailcow Empf\u00e4ngt und sendet Mails dovecot-mailcow Benutzer-Logins und Siebfilter redis-mailcow Speicher-Backend f\u00fcr DKIM-Schl\u00fcssel und Rspamd rspamd-mailcow Mail-Filter-System. Verwendet f\u00fcr Av-Behandlung, DKIM-Signierung, Spam-Behandlung clamd-mailcow Scannt Anh\u00e4nge auf Viren olefy-mailcow Scannt angeh\u00e4ngte Office-Dokumente auf Makro-Viren solr-mailcow Bietet Volltextsuche in Dovecot sogo-mailcow Webmail-Client, der Microsoft ActiveSync und Cal- / CardDav verarbeitet nginx-mailcow Nginx Remote-Proxy, der alle mailcow-bezogenen HTTP / HTTPS-Anfragen bearbeitet acme-mailcow Automatisiert den Einsatz von HTTPS (SSL/TLS) Zertifikaten memcached-mailcow Internes Caching-System f\u00fcr mailcow-Dienste watchdog-mailcow Erm\u00f6glicht die \u00dcberwachung von Docker-Containern / Diensten php-fpm-mailcow Betreibt die mailcow Web UI netfilter-mailcow Fail2Ban \u00e4hnliche Integration","title":"Dienstbeschreibungen"},{"location":"de/troubleshooting/debug-common_problems/","text":"Hier sind h\u00e4ufige Probleme und m\u00f6gliche L\u00f6sungen: Mail kommt in einer Schleife zu sich selbst zur\u00fcck. \u00b6 Bitte \u00fcberpr\u00fcfen Sie in Ihrer mailcow UI, ob Sie die Domain als Backup MX eingestellt haben: Ich kann Mails empfangen, aber nicht senden \u00b6 Es gibt viele Gr\u00fcnde, die Sie daran hindern k\u00f6nnen, Mails zu versenden: Pr\u00fcfen Sie, ob Ihre IP-Adresse auf einer schwarzen Liste steht. Sie k\u00f6nnen dnsbl.info oder einen \u00e4hnlichen Dienst verwenden, um Ihre IP-Adresse zu \u00fcberpr\u00fcfen. Es gibt einige ISP-Router, die Mail-Ports f\u00fcr nicht auf der Blacklist stehende Domains blockieren. Bitte \u00fcberpr\u00fcfen Sie, ob Sie Ihren Server \u00fcber die Ports 465 oder 587 erreichen k\u00f6nnen: # telnet 74.125.133.27 465 Versucht 74.125.133.27... Verbunden mit 74.125.133.27. Escape-Zeichen ist '^]'. Meine Mails werden als Spam identifiziert \u00b6 Bitte lesen Sie unsere DNS-Konfiguration Anleitung. docker compose wirft seltsame Fehler aus. \u00b6 ... wie: ERROR: Ung\u00fcltiges Interpolationsformat ... AttributeError: 'NoneType' Objekt hat kein Attribut 'keys' . ERROR: In der Datei './docker-compose.yml' hat der Dienst 'version' keine Konfigurationsoptionen. Wenn Sie eine oder \u00e4hnliche Meldungen erhalten, w\u00e4hrend Sie versuchen, mailcow: dockerized auszuf\u00fchren, \u00fcberpr\u00fcfen Sie bitte, ob Sie die aktuellste Version von Docker und docker compose haben. Container XY ist ungesund \u00b6 Dieser Fehler versucht Ihnen mitzuteilen, dass eine der (Gesundheits-)Bedingungen f\u00fcr einen bestimmten Container nicht erf\u00fcllt ist. Daher kann er nicht gestartet werden. Dies kann verschiedene Gr\u00fcnde haben, der h\u00e4ufigste ist ein aktualisierter Git-Klon, aber ein altes Docker-Image oder umgekehrt. Auch eine falsch konfigurierte Firewall kann einen solchen Fehler verursachen. Die Container m\u00fcssen in der Lage sein, \u00fcber das Netzwerk 172.22.1.1/24 miteinander zu kommunizieren. Es k\u00f6nnte auch eine falsch verkn\u00fcpfte Datei sein (z. B. ein SSL-Zertifikat), die den Start eines wichtigen Containers (nginx) verhindert. Pr\u00fcfen Sie daher immer Ihre Protokolle, um herauszufinden, woher das Problem kommt. Adresse bereits in Gebrauch \u00b6 Wenn Sie eine Fehlermeldung erhalten wie: ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use w\u00e4hrend Sie versuchen, mailcow: dockerized zu starten / zu installieren, stellen Sie sicher, dass Sie unseren Abschnitt \u00fcber prerequisites befolgt haben. XYZ kann keine Verbindung zu ... \u00b6 Bitte \u00fcberpr\u00fcfen Sie Ihre lokale Firewall! Docker und iptables-basierte Firewalls erstellen manchmal widerspr\u00fcchliche Regeln. Deaktivieren Sie daher die Firewall auf Ihrem Host, um festzustellen, ob Ihre Verbindungsprobleme durch solche Konflikte verursacht werden. Wenn dies der Fall ist, m\u00fcssen Sie manuell entsprechende Regeln in Ihrer Host-Firewall erstellen, um die erforderlichen Verbindungen zuzulassen. Wenn Sie Verbindungsprobleme von zu Hause aus haben, \u00fcberpr\u00fcfen Sie bitte auch die Firewall Ihres ISP-Routers, da einige von ihnen den E-Mail-Verkehr \u00fcber die Ports SMTP (587) oder SMTPS (465) blockieren. Es k\u00f6nnte auch sein, dass Ihr ISP die Ports f\u00fcr SUBMISSION (25) blockiert. W\u00e4hrend Linux-Benutzer aus einer Vielzahl von Tools 1 w\u00e4hlen k\u00f6nnen, um zu \u00fcberpr\u00fcfen, ob ein Port offen ist, steht Windows-Benutzern standardm\u00e4\u00dfig nur der PowerShell-Befehl Test-NetConnection -ComputerName host -Port port zur Verf\u00fcgung. Um Telnet auf einem Windows nach Vista zu aktivieren, lesen Sie bitte diese Anleitung oder geben Sie den folgenden Befehl in einem Terminal mit Administratorrechten ein: dism /online /Enable-Feature /FeatureName:TelnetClient Inotify-Instanz-Limit \u00fcberschritten f\u00fcr Benutzer 5000 (UID vmail) ( siehe #453 ). \u00b6 Docker-Container verwenden die inotify-Limits von Docker-Hosts. Wenn Sie sie auf Ihrem Docker-Host setzen, werden sie an den Container weitergegeben. Dovecot startet st\u00e4ndig neu (siehe #2672 ). \u00b6 Stellen Sie sicher, dass Sie mindestens die folgenden Dateien in data/assets/ssl haben: cert.pem dhparams.pem key.pem Wenn dhparams.pem fehlt, k\u00f6nnen Sie es mit Bash openssl dhparam -out data/assets/ssl/dhparams.pem 4096 netcat , nmap , openssl , [telnet]( https://linux \u21a9","title":"H\u00e4ufig auftretende Probleme"},{"location":"de/troubleshooting/debug-common_problems/#mail-kommt-in-einer-schleife-zu-sich-selbst-zuruck","text":"Bitte \u00fcberpr\u00fcfen Sie in Ihrer mailcow UI, ob Sie die Domain als Backup MX eingestellt haben:","title":"Mail kommt in einer Schleife zu sich selbst zur\u00fcck."},{"location":"de/troubleshooting/debug-common_problems/#ich-kann-mails-empfangen-aber-nicht-senden","text":"Es gibt viele Gr\u00fcnde, die Sie daran hindern k\u00f6nnen, Mails zu versenden: Pr\u00fcfen Sie, ob Ihre IP-Adresse auf einer schwarzen Liste steht. Sie k\u00f6nnen dnsbl.info oder einen \u00e4hnlichen Dienst verwenden, um Ihre IP-Adresse zu \u00fcberpr\u00fcfen. Es gibt einige ISP-Router, die Mail-Ports f\u00fcr nicht auf der Blacklist stehende Domains blockieren. Bitte \u00fcberpr\u00fcfen Sie, ob Sie Ihren Server \u00fcber die Ports 465 oder 587 erreichen k\u00f6nnen: # telnet 74.125.133.27 465 Versucht 74.125.133.27... Verbunden mit 74.125.133.27. Escape-Zeichen ist '^]'.","title":"Ich kann Mails empfangen, aber nicht senden"},{"location":"de/troubleshooting/debug-common_problems/#meine-mails-werden-als-spam-identifiziert","text":"Bitte lesen Sie unsere DNS-Konfiguration Anleitung.","title":"Meine Mails werden als Spam identifiziert"},{"location":"de/troubleshooting/debug-common_problems/#docker-compose-wirft-seltsame-fehler-aus","text":"... wie: ERROR: Ung\u00fcltiges Interpolationsformat ... AttributeError: 'NoneType' Objekt hat kein Attribut 'keys' . ERROR: In der Datei './docker-compose.yml' hat der Dienst 'version' keine Konfigurationsoptionen. Wenn Sie eine oder \u00e4hnliche Meldungen erhalten, w\u00e4hrend Sie versuchen, mailcow: dockerized auszuf\u00fchren, \u00fcberpr\u00fcfen Sie bitte, ob Sie die aktuellste Version von Docker und docker compose haben.","title":"docker compose wirft seltsame Fehler aus."},{"location":"de/troubleshooting/debug-common_problems/#container-xy-ist-ungesund","text":"Dieser Fehler versucht Ihnen mitzuteilen, dass eine der (Gesundheits-)Bedingungen f\u00fcr einen bestimmten Container nicht erf\u00fcllt ist. Daher kann er nicht gestartet werden. Dies kann verschiedene Gr\u00fcnde haben, der h\u00e4ufigste ist ein aktualisierter Git-Klon, aber ein altes Docker-Image oder umgekehrt. Auch eine falsch konfigurierte Firewall kann einen solchen Fehler verursachen. Die Container m\u00fcssen in der Lage sein, \u00fcber das Netzwerk 172.22.1.1/24 miteinander zu kommunizieren. Es k\u00f6nnte auch eine falsch verkn\u00fcpfte Datei sein (z. B. ein SSL-Zertifikat), die den Start eines wichtigen Containers (nginx) verhindert. Pr\u00fcfen Sie daher immer Ihre Protokolle, um herauszufinden, woher das Problem kommt.","title":"Container XY ist ungesund"},{"location":"de/troubleshooting/debug-common_problems/#adresse-bereits-in-gebrauch","text":"Wenn Sie eine Fehlermeldung erhalten wie: ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use w\u00e4hrend Sie versuchen, mailcow: dockerized zu starten / zu installieren, stellen Sie sicher, dass Sie unseren Abschnitt \u00fcber prerequisites befolgt haben.","title":"Adresse bereits in Gebrauch"},{"location":"de/troubleshooting/debug-common_problems/#xyz-kann-keine-verbindung-zu","text":"Bitte \u00fcberpr\u00fcfen Sie Ihre lokale Firewall! Docker und iptables-basierte Firewalls erstellen manchmal widerspr\u00fcchliche Regeln. Deaktivieren Sie daher die Firewall auf Ihrem Host, um festzustellen, ob Ihre Verbindungsprobleme durch solche Konflikte verursacht werden. Wenn dies der Fall ist, m\u00fcssen Sie manuell entsprechende Regeln in Ihrer Host-Firewall erstellen, um die erforderlichen Verbindungen zuzulassen. Wenn Sie Verbindungsprobleme von zu Hause aus haben, \u00fcberpr\u00fcfen Sie bitte auch die Firewall Ihres ISP-Routers, da einige von ihnen den E-Mail-Verkehr \u00fcber die Ports SMTP (587) oder SMTPS (465) blockieren. Es k\u00f6nnte auch sein, dass Ihr ISP die Ports f\u00fcr SUBMISSION (25) blockiert. W\u00e4hrend Linux-Benutzer aus einer Vielzahl von Tools 1 w\u00e4hlen k\u00f6nnen, um zu \u00fcberpr\u00fcfen, ob ein Port offen ist, steht Windows-Benutzern standardm\u00e4\u00dfig nur der PowerShell-Befehl Test-NetConnection -ComputerName host -Port port zur Verf\u00fcgung. Um Telnet auf einem Windows nach Vista zu aktivieren, lesen Sie bitte diese Anleitung oder geben Sie den folgenden Befehl in einem Terminal mit Administratorrechten ein: dism /online /Enable-Feature /FeatureName:TelnetClient","title":"XYZ kann keine Verbindung zu ..."},{"location":"de/troubleshooting/debug-common_problems/#inotify-instanz-limit-uberschritten-fur-benutzer-5000-uid-vmail-siehe-453","text":"Docker-Container verwenden die inotify-Limits von Docker-Hosts. Wenn Sie sie auf Ihrem Docker-Host setzen, werden sie an den Container weitergegeben.","title":"Inotify-Instanz-Limit \u00fcberschritten f\u00fcr Benutzer 5000 (UID vmail) (siehe #453)."},{"location":"de/troubleshooting/debug-common_problems/#dovecot-startet-standig-neu-siehe-2672","text":"Stellen Sie sicher, dass Sie mindestens die folgenden Dateien in data/assets/ssl haben: cert.pem dhparams.pem key.pem Wenn dhparams.pem fehlt, k\u00f6nnen Sie es mit Bash openssl dhparam -out data/assets/ssl/dhparams.pem 4096 netcat , nmap , openssl , [telnet]( https://linux \u21a9","title":"Dovecot startet st\u00e4ndig neu (siehe #2672)."},{"location":"de/troubleshooting/debug-logs/","text":"Warning Dieser Abschnitt gilt nur f\u00fcr Docker's Standard-Logging-Treiber (JSON). Um die Logs aller mailcow: dockerized bezogenen Container zu sehen, k\u00f6nnen Sie den folgenden Befehl innerhalb Ihres mailcow-dockerized Ordners verwenden, der Ihre mailcow.conf enth\u00e4lt: docker compose (Plugin) docker-compose (Standalone) docker compose logs docker-compose logs Dies ist normalerweise ein bisschen viel, aber Sie k\u00f6nnen die Ausgabe mit --tail=100 auf die letzten 100 Zeilen pro Container k\u00fcrzen, oder ein -f hinzuf\u00fcgen, um die Live-Ausgabe aller Ihrer Dienste zu verfolgen. Um die Logs eines bestimmten Dienstes zu sehen, kann man folgendes verwenden: docker compose (Plugin) docker-compose (Standalone) docker compose logs [ options ] $service_name docker-compose logs [ options ] $service_name Info Die verf\u00fcgbaren Optionen f\u00fcr den Befehl docker compose logs sind: -no-color : Erzeugt eine einfarbige Ausgabe. -f : Der Log-Ausgabe folgen. -t : Zeitstempel anzeigen. --tail=\"all \" : Anzahl der Zeilen, die ab dem Ende der Protokolle f\u00fcr jeden Container angezeigt werden sollen.","title":"Logs"},{"location":"de/troubleshooting/debug-mysql_aria/","text":"MariaDB: Aria-Wiederherstellung nach Absturz \u00b6 Wenn Ihr Server abgest\u00fcrzt ist und MariaDB eine Fehlermeldung \u00e4hnlich [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files , k\u00f6nnen Sie Folgendes versuchen, um die Datenbank in einen gesunden Zustand zu bringen: Starten Sie den Stack und warten Sie, bis mysql-mailcow beginnt, einen Neustart zu melden. \u00dcberpr\u00fcfen Sie dies, indem Sie docker compose ps ausf\u00fchren. F\u00fchren Sie nun die folgenden Befehle aus: # Stoppe den Stack, f\u00fchre nicht \"down\" aus docker compose stop # F\u00fchren Sie eine Bash in dem gestoppten Container als Benutzer mysql aus docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql bash\"' mysql-mailcow # cd in das SQL-Datenverzeichnis cd /var/lib/mysql # aria_chk ausf\u00fchren aria_chk --check --force */*.MAI # L\u00f6schen der aria-Logdateien rm aria_log.* F\u00fchren Sie nun docker compose down gefolgt von docker compose up -d aus.","title":"Abgest\u00fcrzte Aria-Speicher-Engine wiederherstellen"},{"location":"de/troubleshooting/debug-mysql_aria/#mariadb-aria-wiederherstellung-nach-absturz","text":"Wenn Ihr Server abgest\u00fcrzt ist und MariaDB eine Fehlermeldung \u00e4hnlich [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files , k\u00f6nnen Sie Folgendes versuchen, um die Datenbank in einen gesunden Zustand zu bringen: Starten Sie den Stack und warten Sie, bis mysql-mailcow beginnt, einen Neustart zu melden. \u00dcberpr\u00fcfen Sie dies, indem Sie docker compose ps ausf\u00fchren. F\u00fchren Sie nun die folgenden Befehle aus: # Stoppe den Stack, f\u00fchre nicht \"down\" aus docker compose stop # F\u00fchren Sie eine Bash in dem gestoppten Container als Benutzer mysql aus docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql bash\"' mysql-mailcow # cd in das SQL-Datenverzeichnis cd /var/lib/mysql # aria_chk ausf\u00fchren aria_chk --check --force */*.MAI # L\u00f6schen der aria-Logdateien rm aria_log.* F\u00fchren Sie nun docker compose down gefolgt von docker compose up -d aus.","title":"MariaDB: Aria-Wiederherstellung nach Absturz"},{"location":"de/troubleshooting/debug-mysql_upgrade/","text":"F\u00fchren Sie ein manuelles mysql_upgrade durch. \u00b6 Dieser Schritt ist normalerweise nicht notwendig. docker compose stop mysql-mailcow watchdog-mailcow docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0\"' mysql-mailcow Sobald die SQL-Shell gestartet wurde, f\u00fchren Sie mysql_upgrade aus und verlassen den Container: mysql_upgrade exit","title":"Manuelles MySQL-Upgrade"},{"location":"de/troubleshooting/debug-mysql_upgrade/#fuhren-sie-ein-manuelles-mysql_upgrade-durch","text":"Dieser Schritt ist normalerweise nicht notwendig. docker compose stop mysql-mailcow watchdog-mailcow docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0\"' mysql-mailcow Sobald die SQL-Shell gestartet wurde, f\u00fchren Sie mysql_upgrade aus und verlassen den Container: mysql_upgrade exit","title":"F\u00fchren Sie ein manuelles mysql_upgrade durch."},{"location":"de/troubleshooting/debug-reset_pw/","text":"mailcow Admin-Konto \u00b6 Setzt den mailcow Admin Account auf ein zuf\u00e4lliges Passwort zur\u00fcck. \u00c4ltere mailcow: dockerisierte Installationen k\u00f6nnen das mailcow-reset-admin.sh Skript in ihrem mailcow Stammverzeichnis (mailcow_path) finden. cd mailcow_pfad ./helper-scripts/mailcow-reset-admin.sh MySQL-Passw\u00f6rter zur\u00fccksetzen \u00b6 Stoppen Sie den Stack, indem Sie docker compose stop ausf\u00fchren. Wenn die Container heruntergefahren sind, f\u00fchren Sie diesen Befehl aus: docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0\"' mysql-mailcow 1. Datenbank-Name finden \u00b6 # source mailcow.conf # docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mailcow_database | <===== | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec) 2. Einen oder mehrere Benutzer zur\u00fccksetzen \u00b6 2.1 Maria DB < 10.4 (\u00e4ltere mailcow-Installationen) \u00b6 Sowohl \"password\" als auch \"authentication_string\" existieren. Derzeit wird \"password\" verwendet, aber besser ist es, beide zu setzen. MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES; 2.2 Maria DB >= 10.4 (aktuelle mailcows) \u00b6 MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES; Zwei-Faktor-Authentifizierung entfernen \u00b6 F\u00fcr mailcow WebUI: \u00b6 Dies funktioniert \u00e4hnlich wie das Zur\u00fccksetzen eines MySQL-Passworts, jetzt machen wir es vom Host aus, ohne uns mit dem MySQL CLI zu verbinden: Quelle mailcow.conf docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e \"DELETE FROM tfa WHERE username='YOUR_USERNAME';\" F\u00fcr SOGo: \u00b6 docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{\"SOGoGoogleAuthenticatorEnabled\":0}'","title":"Passw\u00f6rter zur\u00fccksetzen (inkl. SQL)"},{"location":"de/troubleshooting/debug-reset_pw/#mailcow-admin-konto","text":"Setzt den mailcow Admin Account auf ein zuf\u00e4lliges Passwort zur\u00fcck. \u00c4ltere mailcow: dockerisierte Installationen k\u00f6nnen das mailcow-reset-admin.sh Skript in ihrem mailcow Stammverzeichnis (mailcow_path) finden. cd mailcow_pfad ./helper-scripts/mailcow-reset-admin.sh","title":"mailcow Admin-Konto"},{"location":"de/troubleshooting/debug-reset_pw/#mysql-passworter-zurucksetzen","text":"Stoppen Sie den Stack, indem Sie docker compose stop ausf\u00fchren. Wenn die Container heruntergefahren sind, f\u00fchren Sie diesen Befehl aus: docker compose run --rm --entrypoint '/bin/sh -c \"gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0\"' mysql-mailcow","title":"MySQL-Passw\u00f6rter zur\u00fccksetzen"},{"location":"de/troubleshooting/debug-reset_pw/#1-datenbank-name-finden","text":"# source mailcow.conf # docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mailcow_database | <===== | mysql | | performance_schema | +--------------------+ 4 rows in set (0.00 sec)","title":"1. Datenbank-Name finden"},{"location":"de/troubleshooting/debug-reset_pw/#2-einen-oder-mehrere-benutzer-zurucksetzen","text":"","title":"2. Einen oder mehrere Benutzer zur\u00fccksetzen"},{"location":"de/troubleshooting/debug-reset_pw/#21-maria-db-104-altere-mailcow-installationen","text":"Sowohl \"password\" als auch \"authentication_string\" existieren. Derzeit wird \"password\" verwendet, aber besser ist es, beide zu setzen. MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES;","title":"2.1 Maria DB < 10.4 (\u00e4ltere mailcow-Installationen)"},{"location":"de/troubleshooting/debug-reset_pw/#22-maria-db-104-aktuelle-mailcows","text":"MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES;","title":"2.2 Maria DB >= 10.4 (aktuelle mailcows)"},{"location":"de/troubleshooting/debug-reset_pw/#zwei-faktor-authentifizierung-entfernen","text":"","title":"Zwei-Faktor-Authentifizierung entfernen"},{"location":"de/troubleshooting/debug-reset_pw/#fur-mailcow-webui","text":"Dies funktioniert \u00e4hnlich wie das Zur\u00fccksetzen eines MySQL-Passworts, jetzt machen wir es vom Host aus, ohne uns mit dem MySQL CLI zu verbinden: Quelle mailcow.conf docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e \"DELETE FROM tfa WHERE username='YOUR_USERNAME';\"","title":"F\u00fcr mailcow WebUI:"},{"location":"de/troubleshooting/debug-reset_pw/#fur-sogo","text":"docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{\"SOGoGoogleAuthenticatorEnabled\":0}'","title":"F\u00fcr SOGo:"},{"location":"de/troubleshooting/debug-reset_tls/","text":"Sollten Sie Probleme mit Ihrem Zertifikat, Schl\u00fcssel oder Let's Encrypt-Konto haben, versuchen Sie bitte, die TLS-Assets zur\u00fcckzusetzen: source mailcow.conf docker compose down rm -rf data/assets/ssl mkdir data/assets/ssl openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj \"/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}\" -sha256 -nodes cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ docker compose up -d Dies wird mailcow stoppen, die ben\u00f6tigten Variablen beschaffen, ein selbstsigniertes Zertifikat erstellen und mailcow starten. Wenn Sie Let's Encrypt verwenden, sollten Sie vorsichtig sein, da Sie ein neues Konto und einen neuen Satz von Zertifikaten erstellen werden. Sie werden fr\u00fcher oder sp\u00e4ter auf ein Ratelimit sto\u00dfen. Bitte beachten Sie auch, dass fr\u00fchere TLSA-Datens\u00e4tze ung\u00fcltig werden.","title":"TLS-Zertifikate zur\u00fccksetzen"},{"location":"de/troubleshooting/debug-rm_volumes/","text":"Es kann sein, dass Sie einen Satz persistenter Daten entfernen wollen, um einen Konflikt zu l\u00f6sen oder um neu zu beginnen. mailcowdockerized kann variieren und h\u00e4ngt von Ihrem Compose-Projektnamen ab (wenn er unver\u00e4ndert ist, ist mailcowdockerized der richtige Wert). Wenn Sie sich unsicher sind, f\u00fchren Sie docker volume ls aus, um eine vollst\u00e4ndige Liste zu erhalten. L\u00f6schen Sie ein einzelnes Volume: docker volume rm mailcowdockerized_${VOLUME_NAME} Entfernen Sie Volume mysql-vol-1 , um alle MySQL-Daten zu entfernen. Entfernen Sie Volume redis-vol-1 um alle Redis Daten zu entfernen. Volume vmail-vol-1 entfernen, um alle Inhalte von /var/vmail zu entfernen, die in dovecot-mailcow eingebunden sind. Entfernen Sie das Volume rspamd-vol-1 , um alle Rspamd-Daten zu entfernen. Entfernen Sie Volume crypt-vol-1 , um alle Crypto-Daten zu entfernen. Dies wird alle Mails unlesbar machen. Alternativ dazu wird die Ausf\u00fchrung von docker compose down -v alle mailcow: dockerized volumes zerst\u00f6ren und alle zugeh\u00f6rigen Container und Netzwerke l\u00f6schen.","title":"Persistente Daten l\u00f6schen"},{"location":"de/troubleshooting/debug-rspamd_memory_leaks/","text":"Eine kurze Anleitung, um einen schlecht funktionierenden Rspamd tiefgehend zu analysieren. docker compose exec rspamd-mailcow bash if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then sed -i 's/apt-stabil/apt-stabil-asan/i' /etc/apt/sources.list.d/rspamd.list fi apt-get update ; apt-get upgrade rspamd nano /docker-entrypoint.sh # F\u00fcgen Sie vor \"exec \"$@\"\" die folgenden Zeilen ein: export G_SLICE=always-malloc export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0 Starten Sie Rspamd neu: docker compose restart rspamd-mailcow Ihr Speicherverbrauch wird stark ansteigen, er wird auch stetig wachsen, was nicht mit einem m\u00f6glichen Memory Leak zusammenh\u00e4ngt, nach dem Sie suchen. Lassen Sie den Container f\u00fcr ein paar Minuten, Stunden oder Tage laufen (es sollte die Zeit sein, die Sie normalerweise warten, bis der Memory Leak \"passiert\") und starten Sie ihn neu: docker compose restart rspamd-mailcow . Betreten Sie nun den Container, indem Sie docker compose exec rspamd-mailcow bash ausf\u00fchren, wechseln Sie das Verzeichnis zu /tmp und kopieren Sie die asan-Dateien an den gew\u00fcnschten Ort oder laden Sie sie \u00fcber termbin.com hoch ( cat /tmp/rspamd-asan.* | nc termbin.com 9999 ).","title":"Fortgeschritten: Memory-Leaks in Rspamd finden"},{"location":"de/troubleshooting/debug/","text":"Wenn ein Problem auftritt, dann immer aus einem bestimmten Grund! Was Sie in einem solchen Fall tun sollten, ist: Lesen Sie Ihre Logs; verfolgen Sie sie, um herauszufinden, was der Grund f\u00fcr Ihr Problem ist. Folgen Sie den Hinweisen in Ihren Logdateien und beginnen Sie mit der Untersuchung. Starten Sie den gest\u00f6rten Dienst oder den gesamten Stack neu, um zu sehen, ob das Problem weiterhin besteht. Lesen Sie die Dokumentation des gest\u00f6rten Dienstes und suchen Sie in dessen Bugtracker nach Ihrem Problem. Durchsuchen Sie unsere Github Issues nach Ihrem Problem. Erstelle einen Github Issue in unserem GitHub Repository, wenn Sie glauben, dass Ihr Problem ein Fehler oder eine fehlende Funktion ist, die Sie dringend ben\u00f6tigen. Bitte stellen Sie aber sicher, dass Sie alle Logs und eine vollst\u00e4ndige Beschreibung Ihres Problems mitschicken. Bitte fragen Sie nicht nach Support auf Github. Treten Sie unserer Telegram-Community bei oder finden Sie die offiziellen Support-Pakete bei Servercow . Alternativ fragen Sie Twitter um Rat und taggen uns mit @mailcow_email .","title":"Einf\u00fchrung"}]} \ No newline at end of file diff --git a/2.5/sitemap.xml b/2.5/sitemap.xml new file mode 100644 index 000000000..0c455f079 --- /dev/null +++ b/2.5/sitemap.xml @@ -0,0 +1,811 @@ + + + + https://docs.mailcow.email/2.5/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-accidental_deletion/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-backup/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-backup_restore-maildir/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-backup_restore-mysql/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-coldstandby/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/backup_restore/b_n_r-restore/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-android/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-apple/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-emclient/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-kontact/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-manual/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-outlook/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-thunderbird/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client-windows/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/client/client/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/i_u_m/i_u_m_deinstall/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/i_u_m/i_u_m_install/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/i_u_m/i_u_m_migration/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/i_u_m/i_u_m_update/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/u_e-80_to_443/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/u_e-autodiscover_config/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/u_e-reeanble-weak-protocols/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/u_e-update-hooks/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/u_e-why_unbound/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/ClamAV/u_e-clamav-additional_dbs/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/ClamAV/u_e-clamav-whitelist/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Docker/u_e-docker-cust_dockerfiles/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-any_acl/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-catchall_vacation/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-expunge/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-extra_conf/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-fts/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-idle_interval/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-mail-crypt/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-more/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-public_folder/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-static_master/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Dovecot/u_e-dovecot-vmail-volume/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Nginx/u_e-nginx_custom/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Nginx/u_e-nginx_webmail-site/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-attachment_size/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-custom_transport/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-disable_sender_verification/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-extra_cf/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-pflogsumm/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-relayhost/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Postfix/u_e-postfix-trust_networks/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Redis/u_e-redis/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Rspamd/u_e-rspamd/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/SOGo/u_e-sogo/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Unbound/u_e-unbound-fwd/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/Watchdog/u_e-watchdog-thresholds/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-config/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-css/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-netfilter/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tags/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/models/model-acl/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/models/model-passwd/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/models/model-sender_rcv/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-disable_ipv6/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-dmarc_reporting/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-ip_bindings/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-local_mta/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-logging/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-rp/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-rspamd_ui/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-snat/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-ssl/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/post_installation/firststeps-sync_jobs_migration/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/prerequisite/prerequisite-dns/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/prerequisite/prerequisite-system/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/borgmatic/third_party-borgmatic/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/checkmk/u_e-checkmk/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/exchange_onprem/third_party-exchange_onprem/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/gitea/third_party-gitea/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/gogs/third_party-gogs/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/mailman3/third_party-mailman3/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/mailpiler/third_party-mailpiler_integration/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/nextcloud/third_party-nextcloud/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/portainer/third_party-portainer/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/third_party/roundcube/third_party-roundcube/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-admin_login_sogo/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-attach_service/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-common_problems/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-logs/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-mysql_aria/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-mysql_upgrade/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-reset_pw/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-reset_tls/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-rm_volumes/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug-rspamd_memory_leaks/ + 2023-01-09 + daily + + + + + + https://docs.mailcow.email/2.5/troubleshooting/debug/ + 2023-01-09 + daily + + + + + \ No newline at end of file diff --git a/2.5/sitemap.xml.gz b/2.5/sitemap.xml.gz new file mode 100644 index 0000000000000000000000000000000000000000..378159bd8e77c975ee1e9d9002cd567fba3afcf7 GIT binary patch literal 2207 zcmV;Q2w?XgiwFonCcI+;|8r?{Wo=<_E_iKh0NveRbECQ$2jKhjDKfby&hDOePIj_6 z(`l!j-n5pZ`)_|vetG=$?WfmDaZSyGomuE_j|*eUud~^Dy?)Zn&;pnG zNveFNvxObev+cy$^V7>?`+M(v>mCNj{ zewen8BQn!Z1!g>x>nBXF7fi)~1l;?ep{JFUj+#B6qp;T1UB^XVWH@p~VJW zQxiJksR=!O>h{H)?O)9sUe^?7%c?|*Y9ke$rAQ!^;4EW=3WGT!lv86DoUi~!r}8Lu zTMxcS+ldhb(QsNwVRmKGZUtwu{#Skjpc9~P_`TWgGVUa#G2amya`{bndC$p zEJ(VE0P{Evv|(>;Uv#^%@Y!}_&}5x;9dKow*>_6Yo5U^>N-`3bQ+EW9KqCsemnln5 zgLY{Gz^R;8j=cq}>)u@`@3vXBDE!FVDzG^z+YO!jc&Z;*n@{Sua+&GLkTz$rV*7 zlVZ;D(ABykf%;u+z>B1!6pNJ8WKHohDU~!blU#?c*%u2`bW{^wRNIwyvXF8aJmpCi zP{01lUeMNy4XQ*cD?vgxJB|WM)?3)Q*dIAA{_yXnXl4iTD#3)X`ps*7yjmLcpWVf5 zV5Zk~0)V_;Fhe=hCNAGYtO;p*nsBcACz&m&YATavFv%)yP&+(loCf{JJ0cyJ@wL5p zpkC2Tnr#QoaDv4K;f#lE+#d@NcVrVFsu?zxfpfINS%CZ9ZV5Q4^o4dn%;|esS(wA9NpWg({PjO z4zvQ|T+f017p6r84&Gu{eg_aLYGpR*tpN~P3k?|4G1`48mF8hP3v=v(26QHXW@T{bZyj0 z7lYA_fh-Z*9pv-a`1iRcweIc$1h$-Wnd_=3Vv{`to0PVv4H#Q{t20HZKv5i}H9F(8 z;ukvt!M9QIW+CGfKLneUxu*>fTchfO#soEMslq;N|I+#*f%%PUz`5jq>LX-{%-a)_wj+tL?dwH-<<5{vFJ=R?y{;4I$lLpq z?|*F?*p8x#B`HVippS~X6b+2{szv~X!$0x;VzxUl200aepuECtj`TnC zA>JKe_cQ~n9rJqpDBqoUPrN4ARf;enb_-rJ5$X2Thm7|CKhO~%zQK8t|Ov7PBj&4Zx6mn?c*^=g~1Vl9x_eE+0%i4%sh{4 zwYy6+9b`v+-;An^NKloN;e9Oa-K{yM6jdxHzI~?26uUd{jj3&zh#Z?ZQxTpQ_pYaT zOn914XQw$Z-9}{SzcSUKewEkN=_aGS)QbyhMeS={vE~XQ$0G?5p>0GCM)8R_zOYv@ zy|K$p5ewQj%_MGJwH?rz1ycl-SeeZ%l`1dlYp5MhO%79oQoJUZN6?$waBQ0`Xtpet z?RR)=hlBO(3Ik+#v9x11`rf{_ND8|;C{C7~kM{-Zc}++l=bKw{?4R3pKR&76P6^h! zFA$LHsPe82Wv)+4%FsRyxf}<|?{aa+diBHti!Uct_Y;Fv9F7H~c|{W*R7=LGIxF2w zZLZ-Tj90S);8gR6}+MemE(r(KV8js#C&_sZp<-Hjys;NQc zItIRd7I3-l%AU~-*YT*;VJ2cbEA7v%K<$@$#Q}Fn125N8+aFzfxNSiTsWymHyo|%J hBNja7r6zo-Mj!~T)i2ZB*cIyA{{ic;11h()002d)P&ohq literal 0 HcmV?d00001 diff --git a/2.5/third_party-borgmatic/index.html b/2.5/third_party-borgmatic/index.html new file mode 100644 index 000000000..34348b242 --- /dev/null +++ b/2.5/third_party-borgmatic/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-exchange_onprem/index.html b/2.5/third_party-exchange_onprem/index.html new file mode 100644 index 000000000..50e45ea48 --- /dev/null +++ b/2.5/third_party-exchange_onprem/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-gitea/index.html b/2.5/third_party-gitea/index.html new file mode 100644 index 000000000..bf90ad8df --- /dev/null +++ b/2.5/third_party-gitea/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-gogs/index.html b/2.5/third_party-gogs/index.html new file mode 100644 index 000000000..c4119af02 --- /dev/null +++ b/2.5/third_party-gogs/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-mailman3/index.html b/2.5/third_party-mailman3/index.html new file mode 100644 index 000000000..da8b0c78f --- /dev/null +++ b/2.5/third_party-mailman3/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-mailpiler_integration/index.html b/2.5/third_party-mailpiler_integration/index.html new file mode 100644 index 000000000..d44619436 --- /dev/null +++ b/2.5/third_party-mailpiler_integration/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-nextcloud/index.html b/2.5/third_party-nextcloud/index.html new file mode 100644 index 000000000..aa83975d0 --- /dev/null +++ b/2.5/third_party-nextcloud/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-portainer/index.html b/2.5/third_party-portainer/index.html new file mode 100644 index 000000000..1b5ff80c8 --- /dev/null +++ b/2.5/third_party-portainer/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party-roundcube/index.html b/2.5/third_party-roundcube/index.html new file mode 100644 index 000000000..686798d45 --- /dev/null +++ b/2.5/third_party-roundcube/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/third_party/borgmatic/third_party-borgmatic/index.html b/2.5/third_party/borgmatic/third_party-borgmatic/index.html new file mode 100644 index 000000000..bebeda72c --- /dev/null +++ b/2.5/third_party/borgmatic/third_party-borgmatic/index.html @@ -0,0 +1,3045 @@ + + + + + + + + + + + + + + + + + + Borgmatic Backup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Borgmatic Backup

    +

    Introduction

    +

    Borgmatic is a great way to run backups on your Mailcow setup as it securely encrypts your data and is extremely easy to +set up.

    +

    Due to it's deduplication capabilities you can store a great number of backups without wasting large amounts of disk +space. This allows you to run backups in very short intervals to ensure minimal data loss when the need arises to +recover data from a backup.

    +

    This document guides you through the process to enable continuous backups for mailcow with borgmatic. The borgmatic +functionality is provided by the borgmatic Docker image. Check out +the README in that repository to find out about the other options (such as push notifications) that are available. +This guide only covers the basics.

    +

    Setting up borgmatic

    +

    Create or amend docker-compose.override.yml

    +

    In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following +configuration:

    +
    version: '2.1'
    +
    +services:
    +  borgmatic-mailcow:
    +    image: ghcr.io/borgmatic-collective/borgmatic
    +    hostname: mailcow
    +    restart: always
    +    dns: ${IPV4_NETWORK:-172.22.1}.254
    +    volumes:
    +      - vmail-vol-1:/mnt/source/vmail:ro
    +      - crypt-vol-1:/mnt/source/crypt:ro
    +      - redis-vol-1:/mnt/source/redis:ro,z
    +      - rspamd-vol-1:/mnt/source/rspamd:ro,z
    +      - postfix-vol-1:/mnt/source/postfix:ro,z
    +      - mysql-socket-vol-1:/var/run/mysqld/:z
    +      - borg-config-vol-1:/root/.config/borg:Z
    +      - borg-cache-vol-1:/root/.cache/borg:Z
    +      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
    +      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
    +    environment:
    +      - TZ=${TZ}
    +      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
    +    networks:
    +      mailcow-network:
    +        aliases:
    +          - borgmatic
    +
    +volumes:
    +  borg-cache-vol-1:
    +  borg-config-vol-1:
    +
    +

    Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing.

    +

    For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove +the ro flag prior to restoring the data. This is described in the section on restoring backups.

    +

    Create data/conf/borgmatic/etc/config.yaml

    +

    Next, we need to create the borgmatic configuration.

    +
    source mailcow.conf
    +cat <<EOF > data/conf/borgmatic/etc/config.yaml
    +location:
    +    source_directories:
    +        - /mnt/source
    +    repositories:
    +        - ssh://user@rsync.net:22/./mailcow
    +    exclude_patterns:
    +        - '/mnt/source/postfix/public/'
    +        - '/mnt/source/postfix/private/'
    +        - '/mnt/source/rspamd/rspamd.sock'
    +
    +retention:
    +    keep_hourly: 24
    +    keep_daily: 7
    +    keep_weekly: 4
    +    keep_monthly: 6
    +    prefix: ""
    +
    +hooks:
    +    mysql_databases:
    +        - name: ${DBNAME}
    +          username: ${DBUSER}
    +          password: ${DBPASS}
    +          options: --default-character-set=utf8mb4
    +EOF
    +
    +

    Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf.

    +

    This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for +a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is +all you should need to restore your mailcow setup after an incident. The retention settings will keep one archive for +each hour of the past 24 hours, one per day of the week, one per week of the month and one per month of the past half +year.

    +

    Check the borgmatic documentation on how to use other types of repositories or +configuration options. If you choose to use a local filesystem as a backup destination make sure to mount it into the +container. The container defines a volume called /mnt/borg-repository for this purpose.

    +
    +

    Note

    +

    If you do not use rsync.net you can most likely drop the remote_path element from your config.

    +
    +

    Create a crontab

    +

    Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content:

    +
    14 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1
    +
    +

    This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past +the hour and log some nice stats at the end.

    +

    Place SSH keys in folder

    +

    Place the SSH keys you intend to use for remote repository connections in data/conf/borgmatic/ssh. OpenSSH expects the +usual id_rsa, id_ed25519 or similar to be in this directory. Ensure the file is chmod 600 and not world readable +or OpenSSH will refuse to use the SSH key.

    +

    Bring up the container

    +

    For the next step we need the container to be up and running in a configured state. To do that run:

    +
    docker compose up -d
    +
    +

    Initialize the repository

    +

    By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being +initialized.

    +

    To initialize the repository run:

    +
    docker compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
    +
    +

    You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm +the prompt by entering yes. The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE +environment variable earlier.

    +

    When using any of the repokey encryption methods the encryption key will be stored in the repository itself and not on +the client, so there is no further action required in this regard. If you decide to use a keyfile instead of +a repokey make sure you export the key and back it up separately. Check the Exporting Keys section +for how to retrieve the key.

    +

    Restart container

    +

    Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined +state:

    +
    docker compose restart borgmatic-mailcow
    +
    +

    Restoring from a backup

    +

    Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have +any custom data in your maildir or your mailcow database.

    +

    Restore maildir

    +
    +

    Warning

    +

    Doing this will overwrite files in your maildir! Do not run this unless you actually intend to recover mail +files from a backup.

    +
    +
    +

    If you use SELinux in Enforcing mode

    +

    If you are using mailcow on a host with SELinux in Enforcing mode you will have to temporarily disable it during +extraction of the archive as the mailcow setup labels the vmail volume as private, belonging to the dovecot container +exclusively. SELinux will (rightfully) prevent any other container, such as the borgmatic container, from writing to +this volume.

    +
    +

    Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing +the ro flag from the volume. +Then you can use the following command to restore the maildir from a backup:

    +
    docker compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
    +
    +

    Alternatively you can specify any archive name from the list of archives (see +Listing all available archives)

    +

    Restore MySQL

    +
    +

    Warning

    +

    Running this command will delete and recreate the mailcow database! Do not run this unless you actually +intend to recover the mailcow database from a backup.

    +
    +

    To restore the MySQL database from the latest archive use this command:

    +
    docker compose exec borgmatic-mailcow borgmatic restore --archive latest
    +
    +

    Alternatively you can specify any archive name from the list of archives (see +Listing all available archives)

    +

    After restoring

    +

    After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to +re-enable it.

    +

    To restart mailcow use the follwing command:

    +
    docker compose down && docker compose up -d
    +
    +

    If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may +take a while if you have lots of files.

    +

    Useful commands

    +

    Manual archiving run (with debugging output)

    +
    docker compose exec borgmatic-mailcow borgmatic -v 2
    +
    +

    Listing all available archives

    +
    docker compose exec borgmatic-mailcow borgmatic list
    +
    +

    Break lock

    +

    When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any +new operations can be performed:

    +
    docker compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
    +
    +

    Where user@rsync.net:mailcow is the URI to your repository.

    +

    Now would be a good time to do a manual archiving run to ensure it can be successfully performed.

    +

    Exporting keys

    +

    When using any of the keyfile methods for encryption you MUST take care of backing up the key files yourself. The +key files are generated when you initialize the repository. The repokey methods store the key file within the +repository, so a manual backup isn't as essential.

    +

    Note that in either case you also must have the passphrase to decrypt any archives.

    +

    To fetch the keyfile run:

    +
    docker compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
    +
    +

    Where user@rsync.net:mailcow is the URI to your repository.

    + +
    +
    + + + Last update: + 2022-11-04 14:12:24 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/checkmk/u_e-checkmk/index.html b/2.5/third_party/checkmk/u_e-checkmk/index.html new file mode 100644 index 000000000..9980d0414 --- /dev/null +++ b/2.5/third_party/checkmk/u_e-checkmk/index.html @@ -0,0 +1,2669 @@ + + + + + + + + + + + + + + + + + + CheckMK - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    CheckMK

    + +

    Mailcow provides the ability to check for updates using its own update script.

    +

    If you want to check for mailcow updates using checkmk, you can create an executable file in the local directory of the checkmk agent (typically /usr/lib/check_mk_agent/local/) with the name mailcow_update and the following content:

    +
    #!/bin/bash
    +cd /opt/mailcow-dockerized/ && ./update.sh -c >/dev/null
    +status=$?
    +if [ $status -eq 3 ]; then
    +  echo "0 \"mailcow_update\" mailcow_update=0;1;;0;1 No updates available."
    +elif [ $status -eq 0 ]; then
    +  echo "1 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +else
    +  echo "3 \"mailcow_update\" - Unknown output from update script ..."
    +fi
    +exit
    +
    +

    If the mailcow installation directory is not /opt/, adjust this in the 2nd line.

    +

    After that re-inventory the services for your mailcow host in checmk and a new check named mailcow_update should be selectable.

    +

    This will run the mailcow_update everytime checkmk agent is checked, you can cache the result by placing the script in a subfolder named the number of seconds you wish to cache it. \ +/usr/lib/check_mk_agent/local/3600/ will cache the response for an 3600 seconds (1 hour).

    +

    Screenshots

    +

    No updates available

    +

    If there are no updates available, OK is displayed.

    +

    No update available

    +

    New updates available

    +

    If updates are available, WARN is displayed.

    +

    Updates available

    +

    If CRIT is desired instead, replace the 7th line with the following:

    +
      echo "2 \"mailcow_update\" mailcow_update=1;1;;0;1 Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
    +
    +

    Detailed check output

    +

    Long check output

    +
      +
    • This provides a link to mailcow's GitHub commits, if updates are available.
    • +
    • Metrics are also displayed ( not only when updates are available):
    • +
    • 0 = No updates available
    • +
    • 1 = New updates available
    • +
    + +
    +
    + + + Last update: + 2022-11-04 21:38:16 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/exchange_onprem/third_party-exchange_onprem/index.html b/2.5/third_party/exchange_onprem/third_party-exchange_onprem/index.html new file mode 100644 index 000000000..c869246e4 --- /dev/null +++ b/2.5/third_party/exchange_onprem/third_party-exchange_onprem/index.html @@ -0,0 +1,2688 @@ + + + + + + + + + + + + + + + + + + Exchange Hybrid Setup - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Exchange Hybrid Setup

    + +

    Using Microsoft Exchange in a hybrid setup is possible with mailcow. With this setup you can add mailboxes on your mailcow and still use Exchange Online Protection. +All mailboxes setup in Exchange will receive their mails as usual, while with the hybrid approach additional Mailboxes can be setup in mailcow without any further configuration.

    +

    This setup becomes very handy if you have enabled the Office 365 security defaults and third party applications can no longer login into your mailboxes by any of the supported methods.

    +

    Requirements

    +
      +
    • The mx Record of your domain needs to point at the Exchange mail service. Log into your Admin center and look out for the dns settings of your domain to find your personalized gateway domain. It should look like this contoso-com.mail.protection.outlook.com. Contact your domain registrant to get further information on how to change mx record.
    • +
    • The domain you want to have additional mailboxes for must be setup as internal relay domain in Exchange.
        +
      1. Log in to your Exchange Admin Center
      2. +
      3. Select the mail flow pane and click on accepted domains
      4. +
      5. Select the domain and switch it from authorative to internal relay
      6. +
      +
    • +
    +

    Set up the mailcow

    +

    Your mailcow needs to relay all mails to your personalized Exchange Host. It is the same host address we already looked up for the mx Record.

    +
      +
    1. Add the domain to your mailcow
    2. +
    3. Add your personalized Exchange Host address as relayhost
    4. +
    5. Add your personalized Exchange Host address as forwarding host to unconditionally accepted all relayed mails from Exchange. (Admin > Configuration & Details > Configuration Dropdown > Forwarding Hosts)
    6. +
    7. Go to the domain settings and select the newly added host on the Sender-dependent transports dropdown. Enable relaying by ticking the Relay this domain, Relay all recipients and the Relay non-existing mailboxes only. checkboxes
    8. +
    +
    +

    Info

    +

    From now on your mailcow will accept all mails relayed from Exchange. The inbound filtering and so the neural learning of your cow will no longer work. Because all mails are routed through Exchange the filtering process is handled there.

    +
    +

    Set up Connectors in Exchange

    +

    All mail traffic now goes through Exchange. At this point the Exchange Online Protection already filters all incoming and outgoing mails. Now we need to set up two connectors to relay incoming mails from our Exchange Service to the mailcow and another one to allow mails relayed from the mailcow to our exchange service. You can follow the official guide from Microsoft.

    +
    +

    Warning

    +

    For the connector that handles mails from your mailcow to Exchange Microsoft offers two ways of authenticating it. The recommended way is to use a tls certificate configured with a subject name that matches an accepted domain in Exchange. Otherwise you need to choose authentication with the static ip address of your mailcow.

    +
    +

    Validating

    +

    The easiest way to validate the hybrid setup is by sending a mail from the internet to a mailbox that only exists on the mailcow and vice versa.

    +

    Common Issues

    +
      +
    • The connector validation from Exchange to your mailcow failed with 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient test@contoso.com not found by SMTP address lookup
      +Possible Solution: Your domain is not set up as internal relay. Exchange therefore cannot find the recipient
    • +
    • Mails sent from the mailcow to a mailbox in the internet cannot be sent. Non Delivery Report with error 550 5.7.64 TenantAttribution; Relay Access Denied
      +Possible Solution: The authentication method failed. Make sure the certificate subject matches an accepted domain in Exchange. Try authenticating by static ip instead.
    • +
    +

    Microsoft Guide for the connector setup and additional requirements: https://docs.microsoft.com/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#prerequisites-for-your-on-premises-email-environment

    + +
    +
    + + + Last update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/gitea/third_party-gitea/index.html b/2.5/third_party/gitea/third_party-gitea/index.html new file mode 100644 index 000000000..05f5e2b10 --- /dev/null +++ b/2.5/third_party/gitea/third_party-gitea/index.html @@ -0,0 +1,2568 @@ + + + + + + + + + + + + + + + + + + Gitea - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gitea

    + +

    With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

    +

    1. Open docker-compose.override.yml and add gitea:

    +
    version: '2.1'
    +services:
    +
    +        gitea-mailcow:
    +            image: gitea/gitea:1
    +            volumes:
    +                - ./data/gitea:/data
    +            networks:
    +                mailcow-network:
    +                    aliases:
    +                        - gitea
    +            ports:
    +                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Create data/conf/nginx/site.gitea.custom, add: +

    location /gitea/ {
    +        proxy_pass http://gitea:3000/;
    +}
    +

    +

    3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

    +
    GITEA_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Run docker compose up -d to bring up the gitea container and run docker compose restart nginx-mailcow afterwards.

    +

    6. If you forced mailcow to https, execute step 9 and restart gitea with docker compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

    +

    7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

    +

    8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

    +

    9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
    +ROOT_URL = https://mx.example.org/gitea/
    +
    +

    10. Restart gitea with docker compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/gogs/third_party-gogs/index.html b/2.5/third_party/gogs/third_party-gogs/index.html new file mode 100644 index 000000000..f097c4271 --- /dev/null +++ b/2.5/third_party/gogs/third_party-gogs/index.html @@ -0,0 +1,2567 @@ + + + + + + + + + + + + + + + + + + Gogs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Gogs

    + +

    With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

    +

    1. Open docker-compose.override.yml and add Gogs:

    +
    version: '2.1'
    +services:
    +
    +    gogs-mailcow:
    +      image: gogs/gogs
    +      volumes:
    +        - ./data/gogs:/data
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - gogs
    +      ports:
    +        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    2. Create data/conf/nginx/site.gogs.custom, add: +

    location /gogs/ {
    +    proxy_pass http://gogs:3000/;
    +}
    +

    +

    3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

    +
    GOGS_SSH_PORT=127.0.0.1:4000
    +
    +

    5. Run docker compose up -d to bring up the Gogs container and run docker compose restart nginx-mailcow afterwards.

    +

    6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

    +

    7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

    +

    8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

    +
    [server]
    +SSH_LISTEN_PORT = 22
    +# For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
    +SSH_DOMAIN = 127.0.0.1
    +SSH_PORT = 4000
    +# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
    +ROOT_URL = https://mx.example.org/gogs/
    +
    +

    9. Restart Gogs with docker compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/mailman3/third_party-mailman3/index.html b/2.5/third_party/mailman3/third_party-mailman3/index.html new file mode 100644 index 000000000..6a999c246 --- /dev/null +++ b/2.5/third_party/mailman3/third_party-mailman3/index.html @@ -0,0 +1,3170 @@ + + + + + + + + + + + + + + + + + + Mailman 3 - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Installing mailcow and Mailman 3 based on dockerized versions

    +
    +

    Info

    +

    This guide is a copy from dockerized-mailcow-mailman. Please post issues, questions and improvements in the issue tracker there.

    +
    +
    +

    Warning

    +

    mailcow is not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity!

    +
    +

    Introduction

    +

    This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve mailcow and Mailman in their own installations for independent updates.

    +

    There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of:

    + +

    After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends.

    +

    The operating system used is an Ubuntu 20.04 LTS.

    +

    Installation

    +

    This guide is based on different steps:

    +
      +
    1. DNS setup
    2. +
    3. Install Apache as a reverse proxy
    4. +
    5. Obtain SSL certificates with Let's Encrypt
    6. +
    7. Install mailcow with Mailman integration
    8. +
    9. Install Mailman
    10. +
    11. 🏃 Run
    12. +
    +

    DNS setup

    +

    Most of the configuration is covered by mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org that points to the same server:

    +
    # Name    Type       Value
    +lists     IN A       1.2.3.4
    +lists     IN AAAA    dead:beef
    +
    +

    Install Apache as a reverse proxy

    +

    Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.

    +

    Activate certain Apache modules (as root or sudo):

    +
    a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
    +
    +

    Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.

    +

    vHost configuration

    +

    Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available).

    +

    Change in mailcow.conf: +- MAILCOW_HOSTNAME to your MAILCOW_HOSTNAME

    +

    Change in mailman.conf: +- MAILMAN_DOMAIN to your Mailman domain (e.g. lists.example.org)

    +

    Don't activate the configuration, as the ssl certificates and directories are missing yet.

    +

    Obtain SSL certificates with Let's Encrypt

    +

    Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox:

    + +

    Install certbot (as root or sudo):

    +
    apt install certbot
    +
    +

    Get the desired certificates (as root or sudo):

    +
    certbot certonly -d MAILCOW_HOSTNAME
    +certbot certonly -d MAILMAN_DOMAIN
    +
    +

    Install mailcow with Mailman integration

    +

    Install mailcow

    +

    Follow the mailcow installation. Omit step 5 and do not pull and up with docker compose!

    +

    Configure mailcow

    +

    This is also Step 4 in the official mailcow installation (nano mailcow.conf). So change to your needs and alter the following variables:

    +
    HTTP_PORT=18080            # don't use 8080 as mailman needs it
    +HTTP_BIND=127.0.0.1        #
    +HTTPS_PORT=18443           # you may use 8443
    +HTTPS_BIND=127.0.0.1       #
    +
    +SKIP_LETS_ENCRYPT=y        # reverse proxy will do the SSL termination
    +
    +SNAT_TO_SOURCE=1.2.3.4     # change this to your IPv4
    +SNAT6_TO_SOURCE=dead:beef  # change this to your global IPv6
    +
    +

    Add Mailman integration

    +

    Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano) and add the following lines:

    +

    version: '2.1'
    +
    +services:
    +  postfix-mailcow:
    +    volumes:
    +      - /opt/mailman:/opt/mailman
    +    networks:
    +      - docker-mailman_mailman
    +
    +networks:
    +  docker-mailman_mailman:
    +    external: true
    +
    +The additional volume is used by Mailman to generate additional config files for mailcow postfix. The external network is build and used by Mailman. mailcow needs it to deliver incoming list mails to Mailman.

    +

    Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano) and add the following lines:

    +

    # mailman
    +
    +recipient_delimiter = +
    +unknown_local_recipient_reject_code = 550
    +owner_request_special = no
    +
    +local_recipient_maps =
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp,
    +  proxy:unix:passwd.byname,
    +  $alias_maps
    +virtual_mailbox_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +transport_maps =
    +  pcre:/opt/postfix/conf/custom_transport.pcre,
    +  pcre:/opt/postfix/conf/local_transport,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +relay_domains =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_domains
    +relay_recipient_maps =
    +  proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
    +  regexp:/opt/mailman/core/var/data/postfix_lmtp
    +
    +As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.

    +

    SSL certificates

    +

    As we proxying mailcow, we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us:

    +
      +
    • Copy the file to /opt/mailcow-dockerized
    • +
    • Change mailcow_HOSTNAME to your mailcow hostname
    • +
    • Make it executable (chmod a+x renew-ssl.sh)
    • +
    • Do not run it yet, as we first need Mailman
    • +
    +

    You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:

    +
    crontab -e
    +
    +

    To run the script every day at 5am, add:

    +
    0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
    +
    +

    Install Mailman

    +

    Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:

    +

    As root or sudo:

    +
    cd /opt
    +mkdir -p mailman/core
    +mkdir -p mailman/web
    +git clone https://github.com/maxking/docker-mailman
    +cd docker-mailman
    +
    +

    Configure Mailman

    +

    Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as HYPERKITTY_KEY.

    +

    Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this password for a moment as DBPASS.

    +

    Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as DJANGO_KEY.

    +

    Create the file /opt/docker-mailman/docker compose.override.yaml and replace HYPERKITTY_KEY, DBPASS and DJANGO_KEY with the generated values:

    +
    version: '2'
    +
    +services:
    +  mailman-core:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - MTA=postfix
    +    restart: always
    +    networks:
    +      - mailman
    +
    +  mailman-web:
    +    environment:
    +    - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
    +    - HYPERKITTY_API_KEY=HYPERKITTY_KEY
    +    - TZ=Europe/Berlin
    +    - SECRET_KEY=DJANGO_KEY
    +    - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org
    +    - MAILMAN_ADMIN_USER=admin # the admin user
    +    - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address
    +    - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
    +    restart: always
    +
    +  database:
    +    environment:
    +    - POSTGRES_PASSWORD=DBPASS
    +    restart: always
    +
    +

    At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL. You need the admin credentials to log into the web interface (Postorius). For setting the password for the first time use the Forgot password function in the web interface.

    +

    About other configuration options read Mailman-web and Mailman-core documentation.

    +

    Configure Mailman core and Mailman web

    +

    Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

    +
    [mailman]
    +default_language: de
    +site_owner: mailman@example.org
    +
    +

    Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

    +

    # locale
    +LANGUAGE_CODE = 'de-de'
    +
    +# disable social authentication
    +MAILMAN_WEB_SOCIAL_AUTH = []
    +
    +# change it
    +DEFAULT_FROM_EMAIL = 'mailman@example.org'
    +
    +DEBUG = False
    +
    +You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs.

    +

    🏃 Run

    +

    Run (as root or sudo)

    +
    a2ensite mailcow.conf
    +a2ensite mailman.conf
    +systemctl restart apache2
    +
    +cd /opt/docker-mailman
    +docker compose pull
    +docker compose up -d
    +
    +cd /opt/mailcow-dockerized/
    +docker compose pull
    +./renew-ssl.sh
    +
    +

    Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.

    +

    Remarks

    +

    New lists aren't recognized by postfix instantly

    +

    When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually:

    +
    cd /opt/mailcow-dockerized
    +docker compose restart postfix-mailcow
    +
    +

    Update

    +

    mailcow has it's own update script in /opt/mailcow-dockerized/update.sh, see the docs.

    +

    For Mailman just fetch the newest version from the github repository.

    +

    Backup

    +

    mailcow has an own backup script. Read the docs for further informations.

    +

    Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.

    +

    ToDo

    +

    install script

    +

    Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable.

    +
      +
    1. Ask for all the configuration variables and create passwords and keys.
    2. +
    3. Do a (semi-)automatic installation.
    4. +
    5. Have fun!
    6. +
    + +
    +
    + + + Last update: + 2022-10-20 15:33:23 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/mailpiler/third_party-mailpiler_integration/index.html b/2.5/third_party/mailpiler/third_party-mailpiler_integration/index.html new file mode 100644 index 000000000..37eeef277 --- /dev/null +++ b/2.5/third_party/mailpiler/third_party-mailpiler_integration/index.html @@ -0,0 +1,2692 @@ + + + + + + + + + + + + + + + + + + Mailpiler Integration - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Mailpiler Integration

    + +

    This is a simple integration of mailcow aliases and the mailbox name into mailpiler when using IMAP authentication.

    +

    Disclaimer: This is not officially maintained nor supported by the mailcow project nor its contributors. No warranty or support is being provided, however you're free to open issues on GitHub for filing a bug or provide further ideas. GitHub repo can be found here.

    +
    +

    Info

    +

    Support for domain wildcards were implemented in Piler 1.3.10 which was released on 03.01.2021. Prior versions basically do work, but after logging in you won't see emails sent from or to the domain alias. (e.g. when @example.com is an alias for admin@example.com)

    +
    +

    The problem to solve

    +

    mailpiler offers the authentication based on IMAP, for example:

    +
    $config['ENABLE_IMAP_AUTH'] = 1;
    +$config['IMAP_HOST'] = 'mail.example.com';
    +$config['IMAP_PORT'] =  993;
    +$config['IMAP_SSL'] = true;
    +
    +
      +
    • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
    • +
    • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
    • +
    +

    By hooking into the authentication process of mailpiler, we are able to get required data via the mailcow API during login. This fires API requests to the mailcow API (requiring read-only API access) to read out the aliases your email address participates and also the "Name" of the mailbox specified to display it on the top-right of mailpiler after login.

    +

    Permitted email addresses can be seen in the mailpiler settings top-right after logging in.

    +
    +

    Info

    +

    This is only pulled once during the authentication process. The authorized aliases and the realname are valid for the whole duration of the user session as mailpiler sets them in the session data. If user is removed from specific alias, this will only take effect after next login.

    +
    +

    The solution

    +

    Note: File paths might vary depending on your setup.

    +

    Requirements

    + +
    +

    Warning

    +

    As mailpiler authenticates against mailcow, our IMAP server, failed logins of users or bots might trigger a block for your mailpiler instance. Therefore you might want to consider whitelisting the IP address of the mailpiler instance within mailcow: Configuration & Details - Configuration - Fail2ban parameters - Whitelisted networks/hosts.

    +
    +

    Setup

    +
      +
    1. +

      Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

      +
      $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
      +$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
      +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
      +include('auth-mailcow.php');
      +
      +

      You can also change the mailcow hostname, if required: +

      $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
      +

      +
    2. +
    3. +

      Download the PHP file with the functions from the GitHub repo:

      +
      curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
      +
      +
    4. +
    5. +

      Done!

      +
    6. +
    +

    Make sure to re-login with your IMAP credentials for changes to take effect.

    +

    If it doesn't work, most likely something's wrong with the API query itself. Consider debugging by sending manual API requests to the API. (Tip: Open https://mail.domain.tld/api on your instance)

    + +
    +
    + + + Last update: + 2022-07-17 17:01:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/nextcloud/third_party-nextcloud/index.html b/2.5/third_party/nextcloud/third_party-nextcloud/index.html new file mode 100644 index 000000000..427ef49ec --- /dev/null +++ b/2.5/third_party/nextcloud/third_party-nextcloud/index.html @@ -0,0 +1,2727 @@ + + + + + + + + + + + + + + + + + + Nextcloud - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Nextcloud

    + +

    Manage Nextcloud using the helper script

    +

    Nextcloud can be set up (parameter -i) and removed (parameter -p) with the helper script included with mailcow. In order to install Nextcloud simply navigate to your mailcow-dockerized root folder and run the helper script as follows:

    +

    ./helper-scripts/nextcloud.sh -i

    +

    In case you have forgotten the password (e.g. for admin) and can't request a new one via the password reset link on the login screen calling the helper script with -r as parameter allows you to set a new password. Only use this option if your Nextcloud isn't configured to use mailcow for authentication as described in the next section.

    +

    In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker compose up -d to apply. For more informaton refer to: Advanced SSL.

    +

    Background jobs

    +

    To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    labels:
    +      ofelia.enabled: "true"
    +      ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
    +      ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
    +
    +

    After adding these lines the docker compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to + pick up the new job definition by executing docker compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command + docker compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

    +

    By adding these lines the background jobs will be executed every 5 minutes. To verify that the execution works correctly, the only way is to see it in the basic + settings when logged in as an admin in Nextcloud. If everything is correct the first scheduled execution will change the background jobs processing setting to + (X) Cron and the timestamp after Last job ran will be updated every 5 minutes.

    +

    Configure Nextcloud to use mailcow for authentication

    +

    The following describes how set up authentication via mailcow using the OAuth2 protocol. We will only assume that you have already set up Nextcloud at cloud.example.com and that your mailcow is running at mail.example.com. It does not matter if your Nextcloud is running on a different server, you can still use mailcow for authentication.

    +

    1. Log into mailcow as administrator.

    +

    2. Scroll down to OAuth2 Apps and click the Add button. Specify the redirect URI as https://cloud.example.com/index.php/apps/sociallogin/custom_oauth2/Mailcow and click Add. Save the client ID and secret for later.

    +
    +

    Info

    +

    Some installations, including those setup using the helper script of mailcow, need to remove index.php/ from the URL to get a successful redirect: https://cloud.example.com/apps/sociallogin/custom_oauth2/Mailcow

    +
    +

    3. Log into Nextcloud as administrator.

    +

    4. Click the button in the top right corner and select Apps. Click the search button in the toolbar, search for the Social Login plugin and click Download and enable next to it.

    +

    5. Click the button in the top right corner and select Settings. Scroll down to the Administration section on the left and click Social login.

    +

    6. Uncheck the following items:

    +
      +
    • "Disable auto create new users"
    • +
    • "Allow users to connect social logins with their accounts"
    • +
    • "Do not prune not available user groups on login"
    • +
    • "Automatically create groups if they do not exists"
    • +
    • "Restrict login for users without mapped groups"
    • +
    +

    7. Check the following items:

    +
      +
    • "Prevent creating an account if the email address exists in another account"
    • +
    • "Update user profile every login"
    • +
    • "Disable notify admins about new users"
    • +
    +

    Click the Save button.

    +

    8. Scroll down to Custom OAuth2 and click the + button. +9. Configure the parameters as follows:

    +
      +
    • Internal name: Mailcow
    • +
    • Title: Mailcow
    • +
    • API Base URL: https://mail.example.com
    • +
    • Authorize URL: https://mail.example.com/oauth/authorize
    • +
    • Token URL: https://mail.example.com/oauth/token
    • +
    • Profile URL: https://mail.example.com/oauth/profile
    • +
    • Logout URL: (leave blank)
    • +
    • Client ID: (what you obtained in step 1)
    • +
    • Client Secret: (what you obtained in step 1)
    • +
    • Scope: profile
    • +
    +

    Click the Save button at the very bottom of the page.

    +
    +

    If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

    +

    1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. +2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): +

    INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
    +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
    +

    +
    +

    If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

    +

    1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): +

    INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
    +

    +
    +

    Update

    +

    The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. +It shows which commands have to be executed, these have to be placed in the php-fpm-mailcow container.

    +

    As an an example run the following command to add the missing indices. +docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "php /web/nextcloud/occ db:add-missing-indices"

    +
    +

    Debugging & Troubleshooting

    +

    It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

    +
    'trusted_proxies' =>
    +  array (
    +    0 => 'fd4d:6169:6c63:6f77::/64',
    +    1 => '172.22.1.0/24',
    +    2 => 'NewSubnet/24',
    +  ),
    +
    +

    After the changes have been made, the nginx container must be restarted. +docker compose restart nginx-mailcow

    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/portainer/third_party-portainer/index.html b/2.5/third_party/portainer/third_party-portainer/index.html new file mode 100644 index 000000000..66aee1c8f --- /dev/null +++ b/2.5/third_party/portainer/third_party-portainer/index.html @@ -0,0 +1,2644 @@ + + + + + + + + + + + + + + + + + + Portainer - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Portainer

    + +

    In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

    +

    1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration +

    version: '2.1'
    +services:
    +    portainer-mailcow:
    +      image: portainer/portainer-ce
    +      volumes:
    +        - /var/run/docker.sock:/var/run/docker.sock
    +        - ./data/conf/portainer:/data
    +      restart: always
    +      dns:
    +        - 172.22.1.254
    +      dns_search: mailcow-network
    +      networks:
    +        mailcow-network:
    +          aliases:
    +            - portainer
    +
    +2a. Create data/conf/nginx/portainer.conf: +
    upstream portainer {
    +  server portainer-mailcow:9000;
    +}
    +
    +map $http_upgrade $connection_upgrade {
    +  default upgrade;
    +  '' close;
    +}
    +

    +

    2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: +

      location /portainer/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Host              $http_host;   # required for docker client's sake
    +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
    +    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    +    proxy_set_header X-Forwarded-Proto $scheme;
    +    proxy_read_timeout                 900;
    +
    +    proxy_set_header Connection "";
    +    proxy_buffers 32 4k;
    +    proxy_pass http://portainer/;
    +  }
    +
    +  location /portainer/api/websocket/ {
    +    proxy_http_version 1.1;
    +    proxy_set_header Upgrade $http_upgrade;
    +    proxy_set_header Connection $connection_upgrade;
    +    proxy_pass http://portainer/api/websocket/;
    +  }
    +

    +

    3. Apply your changes: +

    docker compose up -d && docker compose restart nginx-mailcow
    +

    +

    Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.

    +
    +

    Reverse Proxy

    +

    If you are using a reverse proxy you will have to configure it to properly forward websocket requests.

    +

    This needs to be done for the docker console and other components to work.

    +

    Here is an example for Apache:

    +
    <Location /portainer/api/websocket/>
    +  RewriteEngine on
    +  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    +  RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    +  RewriteRule /portainer/api/websocket/(.*) ws://127.0.0.1:8080/portainer/api/websocket/$1 [P]
    +</Location>
    +
    + +
    +
    + + + Last update: + 2022-10-12 18:19:33 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/third_party/roundcube/third_party-roundcube/index.html b/2.5/third_party/roundcube/third_party-roundcube/index.html new file mode 100644 index 000000000..8b823ee48 --- /dev/null +++ b/2.5/third_party/roundcube/third_party-roundcube/index.html @@ -0,0 +1,2833 @@ + + + + + + + + + + + + + + + + + + Roundcube - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Roundcube

    + +

    Installing Roundcube

    +

    Download Roundcube 1.6.x to the web htdocs directory and extract it (here rc/): +

    # Check for a newer release!
    +cd data/web
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +
    +# Change folder name
    +mv roundcubemail-1.6.0 rc
    +
    +# Change permissions
    +chown -R root: rc/
    +

    +

    If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. +

    #!/bin/bash
    +apk update
    +apk add aspell-en # or any other language
    +

    +

    Create a file data/web/rc/config/config.inc.php with the following content. + - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. + - The db_prefix is optional but recommended. + - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. +

    <?php
    +error_reporting(0);
    +if (!file_exists('/tmp/mime.types')) {
    +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
    +}
    +$config = array();
    +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
    +$config['imap_host'] = 'tls://dovecot:143';
    +$config['smtp_host'] = 'tls://postfix:587';
    +$config['smtp_user'] = '%u';
    +$config['smtp_pass'] = '%p';
    +$config['support_url'] = '';
    +$config['product_name'] = 'Roundcube Webmail';
    +$config['des_key'] = 'yourrandomstring_changeme';
    +$config['log_dir'] = '/dev/null';
    +$config['temp_dir'] = '/tmp';
    +$config['plugins'] = array(
    +  'archive',
    +  'managesieve'
    +);
    +$config['spellcheck_engine'] = 'aspell';
    +$config['mime_types'] = '/tmp/mime.types';
    +$config['imap_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['enable_installer'] = true;
    +$config['smtp_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +$config['db_prefix'] = 'mailcow_rc1';
    +

    +

    Point your browser to https://myserver/rc/installer and follow the instructions. +Initialize the database and leave the installer.

    +

    Delete the directory data/web/rc/installer after a successful installation!

    +

    Configure ManageSieve filtering

    +

    Open data/web/rc/config/config.inc.php and change the following parameters (or add them at the bottom of that file): +

    $config['managesieve_host'] = 'tls://dovecot:4190';
    +$config['managesieve_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +);
    +// Enables separate management interface for vacation responses (out-of-office)
    +// 0 - no separate section (default),
    +// 1 - add Vacation section,
    +// 2 - add Vacation section, but hide Filters section
    +$config['managesieve_vacation'] = 1;
    +

    +

    Enable change password function in Roundcube

    +

    Open data/web/rc/config/config.inc.php and enable the password plugin:

    +
    ...
    +$config['plugins'] = array(
    +    'archive',
    +    'password',
    +);
    +...
    +
    +

    Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

    +
            case 'ssha256':
    +            $salt = rcube_utils::random_bytes(8);
    +            $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
    +            $prefix  = '{SSHA256}';
    +            break;
    +
    +

    Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

    +
    $config['password_driver'] = 'sql';
    +$config['password_algorithm'] = 'ssha256';
    +$config['password_algorithm_prefix'] = '{SSHA256}';
    +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
    +
    +

    Integrate CardDAV addressbooks in Roundcube

    +

    Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): +

    cd data/web/rc/plugins
    +wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.1/carddav-v4.4.1-roundcube16.tar.gz  | tar xfvz -
    +chown -R root: carddav/
    +

    +

    Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: +

    $prefs['SOGo'] = array(
    +    'name'         =>  'SOGo',
    +    'username'     =>  '%u',
    +    'password'     =>  '%p',
    +    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
    +    'carddav_name_only' => true,
    +    'use_categories' => true,
    +    'active'       =>  true,
    +    'readonly'     =>  false,
    +    'refresh_time' => '02:00:00',
    +    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
    +    'hide'        =>  false,
    +);
    +
    +Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

    +

    Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

    +

    If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

    +
    +

    Optionally, you can add Roundcube's link to the mailcow Apps list. +To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

    +

    NOTE: Don't forget to add the <?php delimiter on the first line

    +
    ...
    +$MAILCOW_APPS = array(
    +  array(
    +    'name' => 'SOGo',
    +    'link' => '/SOGo/'
    +  ),
    +  array(
    +    'name' => 'Roundcube',
    +    'link' => '/rc/'
    +   )
    +);
    +...
    +
    +

    Upgrading Roundcube

    +

    Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

    +
    # Enter a bash session of the mailcow PHP container
    +docker exec -it mailcowdockerized-php-fpm-mailcow-1 bash
    +
    +# Install required upgrade dependency, then upgrade Roundcube to wanted release
    +apk add rsync
    +cd /tmp
    +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.6.0/roundcubemail-1.6.0-complete.tar.gz | tar xfvz -
    +cd roundcubemail-1.6.0
    +bin/installto.sh /web/rc
    +
    +# Type 'Y' and press enter to upgrade your install of Roundcube
    +# Type 'N' to "Do you want me to fix your local configuration" if prompted
    +
    +# If you see  "NOTICE: Update dependencies by running php composer.phar update --no-dev" just download composer.phar and run it:
    +cd /web/rc
    +wget https://getcomposer.org/download/2.4.2/composer.phar
    +php composer.phar update --no-dev
    +# When asked "Do you trust "roundcube/plugin-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] " hit y and continue.
    +
    +
    +# Remove leftover files
    +cd /tmp
    +rm -rf roundcube*
    +
    +# If you're going from 1.5 to 1.6 please run the config file changes below
    +sed -i "s/\$config\['default_host'\].*$/\$config\['imap_host'\]\ =\ 'tls:\/\/dovecot:143'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['default_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['smtp_server'\].*$/\$config\['smtp_host'\]\ =\ 'tls:\/\/postfix:587'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['smtp_port'\].*$/d" /web/rc/config/config.inc.php
    +sed -i "s/\$config\['managesieve_host'\].*$/\$config\['managesieve_host'\]\ =\ 'tls:\/\/dovecot:4190'\;/" /web/rc/config/config.inc.php
    +sed -i "/\$config\['managesieve_port'\].*$/d" /web/rc/config/config.inc.php
    +
    +

    Let admins log into Roundcube without password

    +

    First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

    +

    Edit mailcow.conf and add the following:

    +
    # Allow admins to log into Roundcube as email user (without any password)
    +# Roundcube with plugin dovecot_impersonate must be installed first
    +
    +ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
    +
    +

    Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

    +
    version: '2.1'
    +services:
    +  php-fpm-mailcow:
    +    environment:
    +      - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
    +
    +

    Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

    +
    if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
    +  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
    +}
    +
    +

    Edit data/web/mailbox.php and add this line to array $template_data:

    +
      'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
    +
    +

    Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

    +
      var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
    +
    +

    Copy the contents of the following files from this Snippet:

    +
      +
    • data/web/inc/lib/RoundcubeAutoLogin.php
    • +
    • data/web/rc-auth.php
    • +
    +

    Finally, restart mailcow

    +
    docker compose down
    +docker compose up -d
    +
    + +
    +
    + + + Last update: + 2022-11-03 10:43:03 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-admin_login_sogo/index.html b/2.5/troubleshooting/debug-admin_login_sogo/index.html new file mode 100644 index 000000000..3c20fba11 --- /dev/null +++ b/2.5/troubleshooting/debug-admin_login_sogo/index.html @@ -0,0 +1,2654 @@ + + + + + + + + + + + + + + + + + + Admin login to SOGo - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Admin login to SOGo

    + +

    This is an experimental feature that allows admins and domain admins to directly +log into SOGo as a mailbox user, without knowing the users password.

    +

    For this, an additional link to SOGo is displayed in the mailbox list (mailcow UI).

    +

    Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

    +

    Enabling the feature

    +

    The feature is disabled by default. It can be enabled in the mailcow.conf by setting: +

    ALLOW_ADMIN_EMAIL_LOGIN=y
    +
    +and recreating the affected containers with

    +
    +
    +
    +
    docker compose up -d
    +
    +
    +
    +
    docker-compose up -d
    +
    +
    +
    +
    +

    Drawbacks when enabled

    +
      +
    • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. +This might impact load-times of SOGo / EAS. +In most cases, this should not be noticeable but should be kept in mind if you face any performance issues.
    • +
    • SOGo will not display a logout link for admin-logins, to login normally one has to logout from the mailcow UI so the PHP session is destroyed.
    • +
    • Subscribing to another user's calendar or address book while logged in as admin does not work. Neither does inviting other users to calendar events. The page will reload when these things are attempted.
    • +
    +

    Technical details

    +

    SOGoTrustProxyAuthentication option is set to YES which makes SOGo trust the x-webobjects-remote-user header.

    +

    Dovecot will receive a random master-password which is valid for all mailboxes when used by the SOGo container.

    +

    Clicking on the SOGo button in the mailbox list will open sogo-auth.php which checks permissions, sets session variables and redirects to the SOGo mailbox.

    +

    Each SOGo, CardDAV, CalDAV and EAS http request will cause an additional, nginx internal auth_request call to sogo-auth.php with the following behavior:

    +
      +
    • +

      If a basic_auth header is present, the script will validate the credentials in place of SOGo and provide the following headers: +x-webobjects-remote-user, Authorization and x-webobjects-auth-type.

      +
    • +
    • +

      If no basic_auth header is present, the script will check for an active mailcow admin session for the requested email user and provide the same headers but with the dovecot master password used in the Authorization header.

      +
    • +
    • +

      If both fails the headers will be set empty, which makes SOGo use its standard authentication methods.

      +
    • +
    +

    All of these options / behaviors are disabled if the ALLOW_ADMIN_EMAIL_LOGIN is not enabled in the config.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-attach_service/index.html b/2.5/troubleshooting/debug-attach_service/index.html new file mode 100644 index 000000000..188daaab0 --- /dev/null +++ b/2.5/troubleshooting/debug-attach_service/index.html @@ -0,0 +1,2779 @@ + + + + + + + + + + + + + + + + + + Attach to a Container - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Attach to a Container

    + +

    Attaching a Container to your Shell

    +

    To attach a container to your shell you can simply run

    +
    +
    +
    +
    docker compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    docker-compose exec $Dienst_Name /bin/bash
    +
    +
    +
    +
    +

    Connecting to Services

    +

    If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

    +

    MySQL

    +
    +
    +
    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    source mailcow.conf
    +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +
    +
    +
    +
    +

    Redis

    +
    +
    +
    +
    docker compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    docker-compose exec redis-mailcow redis-cli
    +
    +
    +
    +
    +

    Service Descriptions

    +

    Here is a brief overview of what container / service does what:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Service NameService Descriptions
    unbound-mailcowLocal (DNSSEC) DNS Resolver
    mysql-mailcowStores SOGo's and most of mailcow's settings
    postfix-mailcowReceives and sends mails
    dovecot-mailcowUser logins and sieve filter
    redis-mailcowStorage back-end for DKIM keys and Rspamd
    rspamd-mailcowMail filtering system. Used for av handling, dkim signing, spam handling
    clamd-mailcowScans attachments for viruses
    olefy-mailcowScans attached office documents for macro-viruses
    solr-mailcowProvides full-text search in Dovecot
    sogo-mailcowWebmail client that handles Microsoft ActiveSync and Cal- / CardDav
    nginx-mailcowNginx remote proxy that handles all mailcow related HTTP / HTTPS requests
    acme-mailcowAutomates HTTPS (SSL/TLS) certificate deployment
    memcached-mailcowInternal caching system for mailcow services
    watchdog-mailcowAllows the monitoring of docker containers / services
    php-fpm-mailcowPowers the mailcow web UI
    netfilter-mailcowFail2Ban like integration
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-common_problems/index.html b/2.5/troubleshooting/debug-common_problems/index.html new file mode 100644 index 000000000..d88834489 --- /dev/null +++ b/2.5/troubleshooting/debug-common_problems/index.html @@ -0,0 +1,2752 @@ + + + + + + + + + + + + + + + + + + Common Problems - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Common Problems

    + +

    Here we list common problems and possible solutions:

    +

    Mail loops back to myself

    +

    Please check in your mailcow UI if you made the domain a backup MX:

    +

    Check your MX Backup settings

    +

    I can receive but not send mails

    +

    There are a lot of things that could prevent you from sending mail:

    +
      +
    • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
    • +
    • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
    • +
    +
    # telnet 74.125.133.27 465
    +Trying 74.125.133.27...
    +Connected to 74.125.133.27.
    +Escape character is '^]'.
    +
    +

    My mails are identified as Spam

    +

    Please read our guide on DNS configuration.

    +

    docker compose throws weird errors

    +

    ... like:

    +
      +
    • ERROR: Invalid interpolation format ...
    • +
    • AttributeError: 'NoneType' object has no attribute 'keys'.
    • +
    • ERROR: In file './docker-compose.yml' service 'version' doesn't have any configuration options.
    • +
    +

    When you encounter one or similar messages while trying to run mailcow: dockerized please check if you have the latest version of Docker and docker compose

    +

    Container XY is unhealthy

    +

    This error tries to tell you that one of the (health) conditions for a certain container are not met. Therefore it can't be started. This can have several reasons, the most common one is an updated git clone but old docker image or vice versa.

    +

    A wrong configured firewall could also cause such a failure. The containers need to be able to talk to each other over the network 172.22.1.1/24.

    +

    It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

    +

    Address already in use

    +

    If you get an error message like:

    +
    ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
    +
    +

    while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

    +

    XYZ can't connect to ...

    +

    Please check your local firewall! +Docker and iptables-based firewalls sometimes create conflicting rules, so disable the firewall on your host to determine whether your connection issues are caused by such conflicts. If they are, you need to manually create appropriate rules in your host firewall to permit the necessary connections.

    +

    If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

    +

    While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

    +

    To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

    +
    dism /online /Enable-Feature /FeatureName:TelnetClient
    +
    +

    Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

    +

    Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

    +

    Dovecot keeps restarting (see #2672)

    +

    Check that you have at least the following files in data/assets/ssl:

    +
    cert.pem
    +dhparams.pem
    +key.pem
    +
    +

    If dhparams.pem is missing, you can generate it with

    +
    openssl dhparam -out data/assets/ssl/dhparams.pem 4096
    +
    +
    +
    +
      +
    1. +

      netcat, nmap, openssl, telnet, etc. 

      +
    2. +
    +
    + +
    +
    + + + Last update: + 2022-09-01 09:33:47 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-logs/index.html b/2.5/troubleshooting/debug-logs/index.html new file mode 100644 index 000000000..70316e725 --- /dev/null +++ b/2.5/troubleshooting/debug-logs/index.html @@ -0,0 +1,2546 @@ + + + + + + + + + + + + + + + + + + Logs - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Logs

    + +
    +

    Warning

    +

    This section only applies for Dockers default logging driver (JSON).

    +
    +

    To view the logs of all mailcow: dockerized related containers, you can use docker compose logs inside your mailcow-dockerized folder that contains your mailcow.conf. This is usually a bit much, but you could trim the output with --tail=100 to the last 100 lines per container, or add a -f to follow the live output of all your services.

    +

    To view the logs of a specific service you can use docker compose logs [options] $service_name

    +
    +

    Info

    +

    The available options for the command docker compose logs are:

    +
      +
    • --no-color: Produce monochrome output.
    • +
    • -f: Follow the log output.
    • +
    • -t: Show timestamps.
    • +
    • --tail="all": Number of lines to show from the end of the logs for each container.
    • +
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-mysql_aria/index.html b/2.5/troubleshooting/debug-mysql_aria/index.html new file mode 100644 index 000000000..998c0cd89 --- /dev/null +++ b/2.5/troubleshooting/debug-mysql_aria/index.html @@ -0,0 +1,2595 @@ + + + + + + + + + + + + + + + + + + Recover crashed Aria storage engine - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Recover crashed Aria storage engine

    + +

    MariaDB: Aria recovery after crash

    +

    If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

    +

    Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker compose ps.

    +

    Now run the following commands:

    +
    # Stop the stack, don't run "down"
    +docker compose stop
    +# Run a bash in the stopped container as user mysql
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
    +# cd to the SQL data directory
    +cd /var/lib/mysql
    +# Run aria_chk
    +aria_chk --check --force */*.MAI
    +# Delete aria log files
    +rm aria_log.*
    +
    +

    Now run docker compose down followed by docker compose up -d.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-mysql_upgrade/index.html b/2.5/troubleshooting/debug-mysql_upgrade/index.html new file mode 100644 index 000000000..f6bf14990 --- /dev/null +++ b/2.5/troubleshooting/debug-mysql_upgrade/index.html @@ -0,0 +1,2588 @@ + + + + + + + + + + + + + + + + + + Manual MySQL upgrade - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Manual MySQL upgrade

    + +

    Run a manual mysql_upgrade

    +

    This step is usually not necessary.

    +
    docker compose stop mysql-mailcow watchdog-mailcow
    +docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
    +
    +

    As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

    +
    mysql_upgrade
    +exit
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-reset_pw/index.html b/2.5/troubleshooting/debug-reset_pw/index.html new file mode 100644 index 000000000..b8f3d2eaa --- /dev/null +++ b/2.5/troubleshooting/debug-reset_pw/index.html @@ -0,0 +1,2793 @@ + + + + + + + + + + + + + + + + + + Reset Passwords (incl. SQL) - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + + + + + + +

    Reset Passwords (incl. SQL)

    + +

    mailcow Admin Account

    +

    Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

    +
    cd mailcow_path
    +./helper-scripts/mailcow-reset-admin.sh
    +
    +

    Reset MySQL Passwords

    +

    Stop the stack by running docker compose stop.

    +

    When the containers came to a stop, run this command:

    +
    docker compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
    +
    +

    1. Find database name

    +
    # source mailcow.conf
    +# docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
    +MariaDB [(none)]> show databases;
    ++--------------------+
    +| Database           |
    ++--------------------+
    +| information_schema |
    +| mailcow_database   | <=====
    +| mysql              |
    +| performance_schema |
    ++--------------------+
    +4 rows in set (0.00 sec)
    +
    +

    2. Reset one or more users

    +

    2.1 Maria DB < 10.4 (older mailcow installations)

    +

    Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user         |
    ++--------------+
    +| mailcow      | <=====
    +| root         |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
    +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    2.2 Maria DB >= 10.4 (current mailcows)

    +
    MariaDB [(none)]> SELECT user FROM mysql.user;
    ++--------------+
    +| user         |
    ++--------------+
    +| mailcow      | <=====
    +| root         |
    ++--------------+
    +2 rows in set (0.00 sec)
    +
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh';
    +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
    +MariaDB [(none)]> FLUSH PRIVILEGES;
    +
    +

    Remove Two-Factor Authentication

    +

    For mailcow WebUI:

    +

    This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

    +
    source mailcow.conf
    +docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
    +
    +

    For SOGo:

    +
    docker compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
    +
    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-reset_tls/index.html b/2.5/troubleshooting/debug-reset_tls/index.html new file mode 100644 index 000000000..fbf2cd21d --- /dev/null +++ b/2.5/troubleshooting/debug-reset_tls/index.html @@ -0,0 +1,2542 @@ + + + + + + + + + + + + + + + + + + Reset TLS certificates - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Reset TLS certificates

    + +

    In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

    +
    source mailcow.conf
    +docker compose down
    +rm -rf data/assets/ssl
    +mkdir data/assets/ssl
    +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
    +cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
    +docker compose up -d
    +
    +

    This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

    +

    If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

    +

    Please also note that previous TLSA records will be invalid.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-rm_volumes/index.html b/2.5/troubleshooting/debug-rm_volumes/index.html new file mode 100644 index 000000000..83c01c2b7 --- /dev/null +++ b/2.5/troubleshooting/debug-rm_volumes/index.html @@ -0,0 +1,2543 @@ + + + + + + + + + + + + + + + + + + Remove Persistent Data - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Remove Persistent Data

    + +

    You may want to remove a set of persistent data to resolve a conflict or to start over.

    +

    mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

    +

    Delete a single volume:

    +
    docker volume rm mailcowdockerized_${VOLUME_NAME}
    +
    +
      +
    • Remove volume mysql-vol-1 to remove all MySQL data.
    • +
    • Remove volume redis-vol-1 to remove all Redis data.
    • +
    • Remove volume vmail-vol-1 to remove all contents of /var/vmail mounted to dovecot-mailcow.
    • +
    • Remove volume rspamd-vol-1 to remove all Rspamd data.
    • +
    • Remove volume crypt-vol-1 to remove all crypto data. This will render all mails unreadable.
    • +
    +

    Alternatively, running docker compose down -v will destroy all mailcow: dockerized volumes and delete any related containers and networks.

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug-rspamd_memory_leaks/index.html b/2.5/troubleshooting/debug-rspamd_memory_leaks/index.html new file mode 100644 index 000000000..65873f5c2 --- /dev/null +++ b/2.5/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -0,0 +1,2550 @@ + + + + + + + + + + + + + + + + + + Advanced: Find memory leaks in Rspamd - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Advanced: Find memory leaks in Rspamd

    + +

    A quick guide to deeply analyze a malfunctioning Rspamd.

    +
    docker compose exec rspamd-mailcow bash
    +
    +if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
    +  sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list
    +fi
    +
    +apt-get update ; apt-get upgrade rspamd
    +
    +nano /docker-entrypoint.sh
    +
    +# Before "exec "$@"" add the following lines:
    +
    +export G_SLICE=always-malloc
    +export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
    +
    +

    Restart Rspamd: docker compose restart rspamd-mailcow

    +

    Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for.

    +

    Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to "happen") and restart it: docker compose restart rspamd-mailcow.

    +

    Now enter the container by running docker compose exec rspamd-mailcow bash, change the directory to /tmp and copy the asan Files to your desired location or upload them via termbin.com (cat /tmp/rspamd-asan.* | nc termbin.com 9999).

    + +
    +
    + + + Last update: + 2022-08-31 14:45:46 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/troubleshooting/debug/index.html b/2.5/troubleshooting/debug/index.html new file mode 100644 index 000000000..a56c17385 --- /dev/null +++ b/2.5/troubleshooting/debug/index.html @@ -0,0 +1,2540 @@ + + + + + + + + + + + + + + + + + + Introduction - mailcow: dockerized documentation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + +
    + + + + +
    + + +
    + +
    + + + + + + +
    +
    + + + +
    +
    +
    + + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    +
    + + + +
    +
    + + + + + + + + + +

    Introduction

    + +

    When a problem occurs, then always for a reason! What you want to do in such a case is:

    +
      +
    1. Read your logs; follow them to see what the reason for your problem is.
    2. +
    3. Follow the leads given to you in your logfiles and start investigating.
    4. +
    5. Restarting the troubled service or the whole stack to see if the problem persists.
    6. +
    7. Read the documentation of the troubled service and search it's bugtracker for your problem.
    8. +
    9. Search our issues for your problem.
    10. +
    11. Create an issue over at our GitHub repository if you think your problem might be a bug or a missing feature you badly need. But please make sure, that you include all the logs and a full description to your problem. Please do not ask for support on Git.
    12. +
    13. Join our Telegram community or find the official support packages at Servercow.
      Alternatively ask Twitter and tag us with @mailcow_email
    14. +
    + +
    +
    + + + Last update: + 2022-01-30 15:28:48 + + + +
    + + + + + + +
    +
    + + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + + \ No newline at end of file diff --git a/2.5/u_e-80_to_443/index.html b/2.5/u_e-80_to_443/index.html new file mode 100644 index 000000000..31551d16e --- /dev/null +++ b/2.5/u_e-80_to_443/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-autodiscover_config/index.html b/2.5/u_e-autodiscover_config/index.html new file mode 100644 index 000000000..fbecb6169 --- /dev/null +++ b/2.5/u_e-autodiscover_config/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-docker-cust_dockerfiles/index.html b/2.5/u_e-docker-cust_dockerfiles/index.html new file mode 100644 index 000000000..981d8b37b --- /dev/null +++ b/2.5/u_e-docker-cust_dockerfiles/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-any_acl/index.html b/2.5/u_e-dovecot-any_acl/index.html new file mode 100644 index 000000000..c318ce99f --- /dev/null +++ b/2.5/u_e-dovecot-any_acl/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-catchall_vacation/index.html b/2.5/u_e-dovecot-catchall_vacation/index.html new file mode 100644 index 000000000..b906f7931 --- /dev/null +++ b/2.5/u_e-dovecot-catchall_vacation/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-expunge/index.html b/2.5/u_e-dovecot-expunge/index.html new file mode 100644 index 000000000..56e3af45c --- /dev/null +++ b/2.5/u_e-dovecot-expunge/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-extra_conf/index.html b/2.5/u_e-dovecot-extra_conf/index.html new file mode 100644 index 000000000..1ad387eeb --- /dev/null +++ b/2.5/u_e-dovecot-extra_conf/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-fts/index.html b/2.5/u_e-dovecot-fts/index.html new file mode 100644 index 000000000..2a7242d8b --- /dev/null +++ b/2.5/u_e-dovecot-fts/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-idle_interval/index.html b/2.5/u_e-dovecot-idle_interval/index.html new file mode 100644 index 000000000..d90356607 --- /dev/null +++ b/2.5/u_e-dovecot-idle_interval/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-mail-crypt/index.html b/2.5/u_e-dovecot-mail-crypt/index.html new file mode 100644 index 000000000..36f023119 --- /dev/null +++ b/2.5/u_e-dovecot-mail-crypt/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-more/index.html b/2.5/u_e-dovecot-more/index.html new file mode 100644 index 000000000..d67efaed6 --- /dev/null +++ b/2.5/u_e-dovecot-more/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-public_folder/index.html b/2.5/u_e-dovecot-public_folder/index.html new file mode 100644 index 000000000..9c4f8afc2 --- /dev/null +++ b/2.5/u_e-dovecot-public_folder/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-static_master/index.html b/2.5/u_e-dovecot-static_master/index.html new file mode 100644 index 000000000..4a03b2f23 --- /dev/null +++ b/2.5/u_e-dovecot-static_master/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-dovecot-vmail-volume/index.html b/2.5/u_e-dovecot-vmail-volume/index.html new file mode 100644 index 000000000..bfc6cbdbe --- /dev/null +++ b/2.5/u_e-dovecot-vmail-volume/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-bl_wl/index.html b/2.5/u_e-mailcow_ui-bl_wl/index.html new file mode 100644 index 000000000..a240fcfbb --- /dev/null +++ b/2.5/u_e-mailcow_ui-bl_wl/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-config/index.html b/2.5/u_e-mailcow_ui-config/index.html new file mode 100644 index 000000000..b8c04fa91 --- /dev/null +++ b/2.5/u_e-mailcow_ui-config/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-css/index.html b/2.5/u_e-mailcow_ui-css/index.html new file mode 100644 index 000000000..66e083673 --- /dev/null +++ b/2.5/u_e-mailcow_ui-css/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-fido/index.html b/2.5/u_e-mailcow_ui-fido/index.html new file mode 100644 index 000000000..e08d31b0e --- /dev/null +++ b/2.5/u_e-mailcow_ui-fido/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-netfilter/index.html b/2.5/u_e-mailcow_ui-netfilter/index.html new file mode 100644 index 000000000..822e5cb4b --- /dev/null +++ b/2.5/u_e-mailcow_ui-netfilter/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-pushover/index.html b/2.5/u_e-mailcow_ui-pushover/index.html new file mode 100644 index 000000000..3a0ea838a --- /dev/null +++ b/2.5/u_e-mailcow_ui-pushover/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-spamalias/index.html b/2.5/u_e-mailcow_ui-spamalias/index.html new file mode 100644 index 000000000..40eaa54ac --- /dev/null +++ b/2.5/u_e-mailcow_ui-spamalias/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-spamfilter/index.html b/2.5/u_e-mailcow_ui-spamfilter/index.html new file mode 100644 index 000000000..3731cd6c6 --- /dev/null +++ b/2.5/u_e-mailcow_ui-spamfilter/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-sub_addressing/index.html b/2.5/u_e-mailcow_ui-sub_addressing/index.html new file mode 100644 index 000000000..288612ab6 --- /dev/null +++ b/2.5/u_e-mailcow_ui-sub_addressing/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-tags/index.html b/2.5/u_e-mailcow_ui-tags/index.html new file mode 100644 index 000000000..829bfd206 --- /dev/null +++ b/2.5/u_e-mailcow_ui-tags/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailcow_ui-tfa/index.html b/2.5/u_e-mailcow_ui-tfa/index.html new file mode 100644 index 000000000..6b325fe23 --- /dev/null +++ b/2.5/u_e-mailcow_ui-tfa/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-mailpiler-integration/index.html b/2.5/u_e-mailpiler-integration/index.html new file mode 100644 index 000000000..d44619436 --- /dev/null +++ b/2.5/u_e-mailpiler-integration/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-nginx_custom/index.html b/2.5/u_e-nginx_custom/index.html new file mode 100644 index 000000000..4c6b91bd7 --- /dev/null +++ b/2.5/u_e-nginx_custom/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-nginx_webmail-site/index.html b/2.5/u_e-nginx_webmail-site/index.html new file mode 100644 index 000000000..4e5479dcd --- /dev/null +++ b/2.5/u_e-nginx_webmail-site/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-attachment_size/index.html b/2.5/u_e-postfix-attachment_size/index.html new file mode 100644 index 000000000..9f3acd2bd --- /dev/null +++ b/2.5/u_e-postfix-attachment_size/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-custom_transport/index.html b/2.5/u_e-postfix-custom_transport/index.html new file mode 100644 index 000000000..a35e7d7a2 --- /dev/null +++ b/2.5/u_e-postfix-custom_transport/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-disable_sender_verification/index.html b/2.5/u_e-postfix-disable_sender_verification/index.html new file mode 100644 index 000000000..d0f09dc70 --- /dev/null +++ b/2.5/u_e-postfix-disable_sender_verification/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-extra_cf/index.html b/2.5/u_e-postfix-extra_cf/index.html new file mode 100644 index 000000000..27a57190b --- /dev/null +++ b/2.5/u_e-postfix-extra_cf/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-pflogsumm/index.html b/2.5/u_e-postfix-pflogsumm/index.html new file mode 100644 index 000000000..07ce8d233 --- /dev/null +++ b/2.5/u_e-postfix-pflogsumm/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-postscreen_whitelist/index.html b/2.5/u_e-postfix-postscreen_whitelist/index.html new file mode 100644 index 000000000..c03a4d408 --- /dev/null +++ b/2.5/u_e-postfix-postscreen_whitelist/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-relayhost/index.html b/2.5/u_e-postfix-relayhost/index.html new file mode 100644 index 000000000..65ae1d7d1 --- /dev/null +++ b/2.5/u_e-postfix-relayhost/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-postfix-trust_networks/index.html b/2.5/u_e-postfix-trust_networks/index.html new file mode 100644 index 000000000..7ed22d166 --- /dev/null +++ b/2.5/u_e-postfix-trust_networks/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-redis/index.html b/2.5/u_e-redis/index.html new file mode 100644 index 000000000..e434e8db7 --- /dev/null +++ b/2.5/u_e-redis/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-reeanble-weak-protocols/index.html b/2.5/u_e-reeanble-weak-protocols/index.html new file mode 100644 index 000000000..80744b113 --- /dev/null +++ b/2.5/u_e-reeanble-weak-protocols/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-rspamd/index.html b/2.5/u_e-rspamd/index.html new file mode 100644 index 000000000..01c20e1a9 --- /dev/null +++ b/2.5/u_e-rspamd/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-sogo/index.html b/2.5/u_e-sogo/index.html new file mode 100644 index 000000000..8ab339a02 --- /dev/null +++ b/2.5/u_e-sogo/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-unbound-fwd/index.html b/2.5/u_e-unbound-fwd/index.html new file mode 100644 index 000000000..b2116e19e --- /dev/null +++ b/2.5/u_e-unbound-fwd/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-update-hooks/index.html b/2.5/u_e-update-hooks/index.html new file mode 100644 index 000000000..14d7f5117 --- /dev/null +++ b/2.5/u_e-update-hooks/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-watchdog-thresholds/index.html b/2.5/u_e-watchdog-thresholds/index.html new file mode 100644 index 000000000..11c3a6398 --- /dev/null +++ b/2.5/u_e-watchdog-thresholds/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-webmail-site/index.html b/2.5/u_e-webmail-site/index.html new file mode 100644 index 000000000..4e5479dcd --- /dev/null +++ b/2.5/u_e-webmail-site/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/2.5/u_e-why_unbound/index.html b/2.5/u_e-why_unbound/index.html new file mode 100644 index 000000000..96a69f316 --- /dev/null +++ b/2.5/u_e-why_unbound/index.html @@ -0,0 +1,15 @@ + + + + + + Redirecting... + + + + + + +Redirecting... + + diff --git a/versions.json b/versions.json new file mode 100644 index 000000000..424b4e294 --- /dev/null +++ b/versions.json @@ -0,0 +1 @@ +[{"version": "2.5", "title": "2.5", "aliases": []}] \ No newline at end of file

    AX5Es|^3p0t0Gi|}H*H^!=4oW0g{zHaj^$Rb`+q|`g#DMf}- zhGNN~e&{g$=E#T*H&T`^LfcJ(5=tM<$?fb~{-rUu z2u?M&xB)xqSYR`krfV6GsnX+S9*|AC>(j6lsH? zpVOX1^ykP~9aFAyG6RmExiEkHlB98kE1gEpA1)LqdE5`1i;8@SFC?W`RGqk%n!*Dj ze6Lv^qRPHhi_V%lv%~lBnu65aQaNgDrB6@C*%rh`Uaz3K z7}6G81QNGc3pdx}$kf(+iQNR@UcP*|3X*Kn5Y&EVnCj!VRsFjATT@=7I3&(8S;lQ5 z$mTtx8yMgv8YOi%*$48CuS)7=mkUCB>YjUG5pBk`0hgSg;CW4m_sLaUch05gIk5Wh zG2`(KnYXZR+Dy~M?93s%?l5#3p4FNVbvueEF2YvtK`fp*sy5e<=?qw#lVm@!4fo-T zE<3iB%?SHPU2zJH$W8LMhbhC0tZ>ks?IcIs>WW$c9dSi!NZmHKZE+>A(r;^69An`t zz#VUJk7KNYo<19wr_-Ba!Pm*D-+6CO0_8su3`8TTj!8{B>rC?fF)w9}3hBF|%V%Cy z6d*wDBc+Plcm1r-nxvTe>*JrP8n#J9zPXx8gqD)^H$@6NQci7!SMk@!B-+N^7n(`8 zZAnB$Rg|70G&Ru~sdF|dWPCd%?->H{ycvjEIy)mCue=r@{=Q&lME$LySLi5cG!=aG zx#T7#s^lkNfKS~1+Ew=K4TRWEcKVhhc4mxi@F?m?7MoMG@JLla@OuL1Av9*=P*4@0 zWm}~j6x9dP$vhCf9+)LlDcBxlC1L8fOJAv=Z{=?^Clesrf80B7JKT`d|1@f zAAa1{-w++j@Di|f)Dldvwvd_v@e}AQDvUhS+_4(GUXc6v7macUQaZOTdR&u-1$wf`0Kavl(WyWtde=5IQi&Q?G zPvp(SvwO5Y3#B4UGZT)%8k^m)f<<}xvcEoljDAs;-y`j2VsVR6mEZ_Ty%BmBSz&qe zk|e|6x{}!|q3sCb%Rs;GgeKONlu?A*yYhJua{H#TBUw2({@aUT@k58aY8<@Ws!yR3 zMwQRZ`g5I4hL80a^p9iVxLU3K;`fFXILaiU)Q%B!G`9tDR=l|}RE0gXW|xcj6NqRNxt;00#cBgOawKWOh8~ssITPz)!voHHFdRl z=k=}Bf?}nJh>%vGw6cSM$`Y+bs))2MECz@oi^>w&0|~?pEo)R11cZoGDY6O38Xzcy zhyfz9Lr5eM!kQ2u8%ge+%i_EL%%VThQ!hT(BJW^w*ZMw@gp)d>5t z5GgQC77VnRnEyF58pZA8U8l2?Pwq$jc0!|9e!s6TD{^efN0PL5O>6K33^W>a%1(pD&^g<;4CY%744fGG`Kx* zr?i`;kD`kH^zZ1as2+_RXQ>9%*a+S!z#0~MZ=ZF16LguXBYmdoetj{$c=-O=it%xi z-KWcn>kk&80l|<__wZTAGGZP*j(JnD@WbQpgoU2^6L>%E2!sK;Wl(g)b}pN5+4xP4V}RBCocZnXS3g;7B*u;93mhlT zIE4O&{_b7oEuk&CC1T8;A?Oz)h}FfOxm9tDg@Q#!L=&WGb~s~~&>^cPyJ=@jnwWDr z>_GMjL~d2Tp6lfmp)$KS=LWancO=eC+%~|3b6F8&i;>eR#>I8M-QySPg&mKnW$q2$ z2u1=U0c?WPD<%`&e*IxO(Y~e_R~b7bnz9<8qkRp6yTI08Gl_K1=jC!_!dq%CCxe9P}~^cofCQFqNA&gFpfCjWNa_` z@JNF1AYL3eLoij+d_fr6{JcjnTeX{5KDqpusy13N5uZ@;K!wQl!a51gcD2==JwkEp z=ZrsGyQ7b68iN>IS}o{RQ9CjZn*K%~R9_kUN5?&U|NX6q`D(w;)hm}z(pm{)+a`8S z=k}~g%Ki1*4gVw;)ns1+Sa`Ys;_$3kyX5e#EmT&f;AGBTGd@j6-{;Hi;6+NR=E3mE z$?p6+%CN3wrPVe1@c>pl-<|KE3_Y41EZ?I}sDu2hm8#+qr}|fO77qz-{;Y= z&%kXufV&=E%Qj22#`m&4oik<+5w#qF(#)k=c35<1=t4)Pc@Juh`9UdZkwYUK2=jw} zo*!!=9QX~E+6tffqZq;zA!Yt52abyi4K?Gpf>0y!YF7P*Uj{PG{kJ>I3Yd1QJ>2O9 z{e`m)-xyeRkgxTwQ@s3dbLCe%`+q0$_^Z1c{z+T!e|wDi|7)esyXDwKhmsQ^5*DnH z6tSM=eq`!Xdm1%^xm5g4!*Q-3c4ifC#ni7Ho_965?w|%e2rM1MYr}B41Zv01UzpANL`De1@ z4lg+ykWICvWLFrjXYHFfIzerr_uclHS@-l;W0qR7+~%m~$!8#e$Mr zoHuKpMP_ypat}sa@%G-c!{j2Qq;a|2RkyD>!<*B^ITwPPXxAeIlI58YiGI}t7aqOf z1MHJxyuDeyg{MQ()HQBEG!CgW! z;TfuC5Gu6VpZ9nEx%TZ}vB}i86SQGEs`B^+GiJV-WS|(WB`> z`ni3c$qVo#Hx%A-OJ-b)wPsnVhe-tl4)A$2#Hx`zln6yz__`?aBwfGMU6yZQeBy+v z2DUr_>@BsPNa;ZEPhl4Zbomfp{7%nmLmYWsAVzQN@sU>-TM%CbxEeMFbD`>X4dc#) zKLbr?wu36!s9kbw$}%K91X7UslH}AfKf)?G*Ut8Mk%$y{jBU$l?!?>ene zUFwEC8+fk2LWANhdDcF9(JFnWl;|tZMhQ>Kj->4<##;1h;pVr+R7|d5GV;LEqP!r? zk*9X`vZ-3vZ=QF;3UAGleTBYOdv))`pxjSS9lhjUJ=)u9uD=kHPn>T} zk^~-W@-(7XiLx-l9kj%XYOTQ-gz0>a(Z#1di&BP;GO@H(xvl2fr^1F~YQ zsSSK_7WIjCuzG*FM4Ew&q7L3J@REEi@r2M0+k<8?E%o@shiN0}of_(yi-JITx*@_c zS$>IcoV(RD+Twohuyys-a34lRko^g|HJ>RuKX|qMMRBQXB>BS*x%WVCe4&a8+Zdo& zK#-q|lEi-9ny`~h>EvML)m4bxnCZeTMd?0nAK+WheBHYJumh-m3x?(uVFs8S!w^~IbBlT5qa`xuyAaofCvnNOKGy-K*^VY$C zX_}{|TITjmVySZfhjA(=rHd42-=9%6BJ^>@DDx5uGH6s{vKF}Whyz?R4Dj{OBeQkciilYcwooVYr5*i1-}%R1Pk z3$qRbG+54}u`)L(enikpIwCu8D6^xfeELOT59S=P`qiGP!i^dzC?Kl8THNTwgX$!Y z=Cim*poS69Ch2w{197mDWOZ{O0hYpToa3G|pndZd%4_Y@R!VXH>(p?Ca| zJSXk%8?8ovfs>>q)W*EV;~HL>Ma9*2*pVWF4eI*eE5b^Md7kc!iea&Dj53PeRF_uw z^6*S)<6(n<@Ts;)#pjV=;Nhb3jl1@zWfUVvzGq^6`d%#K_pXkp>1Qag8HjgWsv+U( z2cK9MmK6CkR4tLd58Nk8_2lbq$O(yPl)0dD67;rB7^-8q=Zj3Al^!JzP3o(CQ26c_ ze2w<+u0yWIKD5@EX{j!t8BgvS&lZ&wU2bOWv$OZn>Q9BB#K&L!kS25s_t4bn>wbT3 z=HgHois_DjgHc8)O*)i$0fR&d@7sgqiV?Ww+g7zF)jFuNjJ(4uOJMnD&}u&+zE~Zg zZ?|yi69SLL0hfHArZ4X}t%A{VuL|$J@depq?r?c^R{ub}#Q-CYvL#n1-(b1^`h|cm!scwDyElCD-E#glKRV(pFUSJO=lLN zGLLWcpTEE5lEzAhn+?n!C*Vw~7KL>sMS=iCYxHo74j17i`Ic~3-rX-?rd$XyDpgna zti`&!xL{nC|76_Ynms?+K#ZMDx3Ld)vh3}ft$p%Xw`p(3PUc{H?aT72lo3};9>SH) zC_#SF8V)DjXnK4I?)4oqkZ~r2FTH-e&r@SbgE9FT9~s~nmlbc-jgqe$3>0VBw1y)7Q4ny)gHQrZP@dRIDjlxr#sbBlxeAr;~i+?kAcXAzB>C6Vdv^*zS zfsm1Am>fp)d4YKKbo^94ZT9&T}Gbk#qdGg~`qt^3vk8XU=4Tlgr zcH$2N)utHAP@=4>u`k&URB!Qjlt~Br-dCTnF|U|S4ZJp7@bjCih7EJo@ef}$NZV>9 zNxxM$7WzV+GV+m0mVU|<-@G|pq`t3l!v*)>rk-r-7vS0t_6}P{c<%wpt6W>nfhINy z;Eik;Av!- zp1)&eOhe^cD+Sw#_2bner5+95bLo(-{kABu<%RBr0<-qG%l0na4Z20uHiF)CLu1O< z;z?yI@;j9J$hH8ci7=n+%5d>nayBm87uYgrh$L8}81&Lh#P<)1D840~(mqHn?txB{ zN`Os!x&$g`P!FWt%erAlk8*HPXASl%g+x5feV#7RV8kjju6kZ#m)5i~hpT+&7K$7k zCJb>0%Syzfhbhixn{3hA$}G+kMi=8Ry-=4KtpKvts37kM?ob?1~bp-nJ~ z?xSxzgYRm*!hhlaz1_K}BNjJuv(Ohh4U-ay%UyNYZW3H|`*_#R18{Q_UaIGJ4@w^* zM?;yg6;oTR-y2DOis&Z|HGMt1hJh6OtzaOZs8=3xpdtucPga)(M)w#0dgjj;+QUZs z#-~HveHY^*EUFB_e`|d!2(a6m>+e0mcv$axZdZ0a1Z%j=kM>r?wP3slMw7}4EzL0G z#5XL-?b4^4^nh566~*T~vgRo_8<<0&3pp$l&{#@}!V^*?mt_7~!@;jajGHJJGe30mEGf590m)A0XC7%oIC zd}>$K=hEvI>t<2wakbL3G(Be{WZXw&z+=@J>tFY~r%skbB;aEZesL1)YFq)boe4&{t5V)N1FGB~1glZO$ zkkFE(hO@@SO!pQhBqX>sCvQ2-0;B8KxMq=wIo5;#2;tBpU@KHb{+7Y?-Yg;r!9|ju zSswI0RMVO4+O_gCtWMxe10F7KudZWA zhhYCh_U)g8c$oY>0qns=FN3j5pfuY7?7!%yB^B}DZ=UI3$VoN&D|0$Ou70Bx!~sH3 z0waMWYcpT`knFA)d1Y;gCK^i6eBzSj_|!u~7t`T7K*p{$q3hVR9fwZ>|MRQA$ZU-O zh~lPjP4b!pzvYW+#mWibvvop>%ImF6HtS#WCj?Ktu7YyBoik&k99yfk9V9g=Ymwyj zWu5Bn$zGA8(^c>~?{J?b0*|5TGS@Vd^-_k(X5B`vlXpPF1;v9BHWMe~I4>OD54IEV z@WzRU-CaRVcOm*~Su>FbGXS^+zgH=SHAM=nP~fP3&yeY6g*fSGcLQ^g1G3?xlBMT7 z$p2>oXWV{V#TBnPK4^tw3_NfP9>vr2sj$<0e2+0#er3Q9*~o|zQa-x*x)qGFenI1EQ z)V;(rvNBRvhstLkDnAeP5<@lD^-KWmCx0Ref8Unkl+jV%*Cq1y>J#2~i7I6mbuDU86+`8}kLF{S^2QJHq#R z&)HD4aH1$H@|Uto%CM;_h%HBJwIF4!q&&J4Q?YUGH&=fa?(2HX-`BRg-%Uq7K0yT4 zIWl^T!;LO#Qb!U%;Q-*udEt-p#D#;cL$Wtuq4UW(ceR>2AqliL5HA&GCmE8KE42$M zzwpP)IllW=gkt}jb| zMlCeaJw%Gv-ngqK6`XtU92?E5Rhr|4Kj?SkC@M1Bums(PBm5UUd4G=QfCc#$< zix2FI>zN;J@@5X+clOq!ycepJnS4h@;EYY0{9BZh zHqWy?4pFrjg6`{@QN~SA#W{x_WW=1OY@{|tM+A(_0CQuUBG+y_aDMSMhbQfl1yyhRKwMu-9@hN^hC^wLI%&^l^nPoN~z?~JTDEFTLg9Y>RmYNf<~Xx0qh;0f1gTfkfP(N&o5-! zx;vx?f%^h?99-Z7`R)$y{FJaA27EaBrD#ctqKi`WdGxb3g@xY(Yy}{kCit#FOU^~H z_gN`ef*%*=ml9F*+SxW#+qKwz@Q9Z)UHUD-VZh~M)q8Xp%vxTGHU^wud^XU={L&+G z?t^b80la{!o)f1MJk)7l(cK<&?}eAiDyYWB6-&IJ7;c^~(_xR=EiSVSYv~44!jH1Y2sl} zOnQiuoE}?-3mv1sz6tiL6Kk}rapjBQafXA@ z&VlnHKHiLv^Y^sjn?!-u{w<3GIQLmG2>^yzw_05pNu57BatHbPQZE$GP4@fP5|!5q zGoAI2p48>j5TVO&jTeF^;K=>4;x1BjxPW@0GE6~P?sNDOf;fF0udV~IjYkEvFhEk8 zQExO)!_LcK{qTm_X^9ns7$;B9c&9$2XkY9ZArV=QXLN9S23t+wJ8`l*-z@?e3PP;| z6%qx0M>8DsLCBn5zuu^@cc41T^8@4DC|~17#R8QSF~BZsk^)kNHwTiM%;#RYASFCn ztIF=GucZ5G>*!s+&{PY1jt?xK85pd5{n_B@WQZx@(zJFAA`hn}f*p`0wG~F}#g`eO z1A1ocxj62es6|z@q8wJZHoT|9PtX*jfA#u9cA5svcb5U76*+)fJEp+JhX4lzc++`! z_&icyu_b>{zSOTPxt~$f#vyaVn1f3NX?O4x=9UMEXXTM}QH;29^!8KX;5`=akh9CL&Y`9tlAiRT^>fG@9d1e zW3EIVpSfU`Z9!8TkEF2N1vGliY_@9+S8?~aX-rRlN;}q`bhpX*W;S)s)orLg)Hmv) z^uLV$kEj&f*AV^guAjiNhI+wA$?)cDhw;$?sT3RApBeVM;)ESk5)OPVWrAfJ$J_&! zr3k`ie}z=|Vq0Tbe7BUxB<)OBYnS%sI$g-<&u63{KbT?d_aKV*8};q##rH-q0@+@%&-_+1~!~?2fiE=qDY61cY22D(sO}_zUK2} zotVA?JTTYEP8;gEsmD;xl<=!0*ky9D9f#@O)3gUD!hwMt+v~hUQ5ST3J!~`z`J#gj zPx%10_A@CuhGMgk~k`xQs}Spq)R{lsyJ?)E4q9&tWMAt@y+_I ztk=IjV$crxE1&Yfctw9CINn@$DN)Ck{6wu}OBMR0Xm*9}Kzssj z!O$w!_{87CNALSmgJo^1A;&?MUxPD!7Z0W3w>b-}iXW;b+s3tw22nLce#?-lN!3Di zNbwo+C+6n74DsqjnIDr8iTwo!*IZ+z@-q+vG{4WDSB#K+*cWUmWi?tO(%8@mv#d9l zNisD?T8L6gFz}S_WeHxSCF6_Oo9fHH9{Z9g9u$-uo*Nu{dJB7{=Jw*ykX7_mCBZwvj<%FG1d!JUUt-!@K z*cLgXvE$FAQMooT2jQDoU&{Pz({V%3)9xgl{uZLjE>xm6QyP_H2elI3R05F>{Cdo5{HV=EVP(+d}>itv!(i@o# z^^HsQI3h2z;>LTjkv&sL)I4fT z3?-i?e>lZ#h4Hu&?ap>Ea)ZM$93%I(~^17vt2xo z=%Gt-y3)t%9`RKDEMaK9784X^fTz&CD4lJ3+FyxwGkS(ULR2}9EN1AuJPP5uY_9WJ z*Z(3jj;D|S{!)BlB?Z9B#z)7uZ0^d%ej4uTG#X}y=>kgM{YSV1I*#$3i&ABh!6B9x z$)BbvKhMfT1@Q(ayzTx4agoXH1QO+{tuSorM@H#NDA%0fz~Y7QVfLFkp8bI)t{&hb zbD@kbkX8;BY5yvGG>+f1apKge2G14f?3ytR%ILDPsr=)=c?2U!(69T8) zl1EfmJ|td%g2FXUJEiryTG#%Cmn>d)YzGz9035RGQG27-*7=n#9edRHl-*FdO2L_wrUuL%Oun}84?Kva4Q zozRjG?i$!RqDlGpeNc-XlSbAFCD); zN4>t_`OM6RhUNzN&*u!zfzzLQ^9ESO6l~z(0EWEuwx?0^wzqfpar6LN8=a?q#l~M< z`H7*wH4(e!a}$$GKH7i2)D$xqCUPQt)5X*G@|=(LzMZ# z3zkGiJBd`=FK2k4&LmVf(tAFVvb-#IzSiD-o+td~y)WFC6KR#cyq%9?I(MzWAKm0T zNPxq$ghv7Sn?=S`{T1Uaf!a3E+Cb82>R;4O($FY^pMm}^(BvrtY5y)=;~ruCyYTv9 z0{UOil%v3Of0yoRd(PayP%l-|FWt=uw3BoFOkrLK8#Ih2!D;G>4St8!|gwhyXjZ8_zwGQPPX^AYgHXEPIcw@^N2=_ z3&y8n6G{SmiqS?4{qrK z^EY>8A3eIO)AHy^czF0Kf|GeLEA-5gU<-FG>0#l}Ky;+9D4#NS=+1zo;WoG}txU}B z^yDm!p53`3!2D}lN5@|tp+{K(F&7w9_(}~8%LBB4;TqQ+dtBu{h=lCqRSWZ6Pmz_Y z#tA4DlFrj8ZZV~zW#@GU4Y)jyUXHLD(jlqsyw^Cy4w$hd#c9Cdrkg4ELgdcUT#NcK zl7Tv25;T*Pd|Wq zbdHXWZdc(MNRM?rwSR)k9Jj3U!bOSp zodWu4Y9(lldA{Fb+(r5R{686nOhTYB?@mVYnmW|%_8PWMs{U8FJjKy_g!S~XW)3!S zDp2{~kASgcg_n$!sRaKTIowDzb?qrUeat|;WRMl}XiMgTZ6WOHIsX0dHtoiD8W_)L zHT9^2dSm~SHj<16S#{Rc4&||isP2R`;DEIus+LRC!TQ<^&o&MI2@rZP9ggL~{l&dDDD9JmYDCy}H{b1+ zwww}sBr!sHLdlz&XZID_9#8O}!PTLLauRl4P&(|$siv-)5N|Ox3IE z9L{GgN`c<1ZoJE`#Jz#2gkO`$J?;a2X@xr$hpPQM??j+t(y71X>q}bAwY9Z23hL-9 zgOZX`xIjidw`=SytWW7fM*B~`FY0ySB#oFZ)Uu4XHj+nvGVY8#vsptn{b;cVn~6l7 zGv6i@re@)8F!j4r*GpbU)5Ej>sObbd&0X)$0PglOTu%&CY^@cC z-CCV6=Upy$W*rjg^}lb7D0S~C3$j>B(W|gG9In(n~Mg$ZJG zHlZ#^f%t3xt3|=3EiRO4t8wt6L+~e5+bN3?u-1ER!YFPhT3g7CeMNYeM_3YA-H5yM zSuJhRKqhEFsqb49P?Ww-#zLkN0zt3`xOfTH`@0}of0q61NDFlw&1=%`Li>^#+C56i zGA@G|#Z+-GahiH+5%UTMq6mP(Z{^#0uFG}&adpo^$Pph=5z55)KTW~H%vH$(O zk+25Ll5(p8a~7%$6SO>B&}r(r;m#gh{NK6d2C-a1`C8&(l4%vi&fkawJf7?wGT4m$&XBql-wu#VEhoYYy zx<04R+yv|QV&HYhqpS+2e+GQK&QNMUHC+HFM~6PhdVS~K1+Fv+;D%W5Du%sw0@MDt z+57i4O2&+o4L@HDx-BwgOUsaBaVL75K%)X15jhACN%$yh1*xC$`li^YA#zvm<#!o& z0=`m)KDFUOhhptz0rZtMmY99c#kE6qaRqmYz=0tL!o^-=(F;LcOti_bvR&a?HFOig>?iJf-EWY=ap1sQKu zi7>93;g0xbs`^38mI_hOuD*Y(Ms>SffIM{*TO%VQB~w&b;<6FdhWG^D z|0Dx{J5;pG5C08;eOaIzKwtgw>T*K_Wm30|g^(V=M4S1IX|mcC_q zlU(&y$AEmnxw%}7UYxd2CMM_5=cRF}3-Y4%v7NW;1DxNdt#NM6{z;L{JZ)U+*2g{x7=!|bP-EJR^9rlPV>}xvzd-HbT^y7-f?YpQbgRvXEFI&=j zBZ`x^VCQI*D;rj|iezQ4@jki&TfUG}T}c-Zn6$ZNFt}%CG)VN@G|>Vw-d6&S`n&tv zJ43ZiJ(j^dUG#Ozr;RNxY26fD!OF!BSN zgGP!#9}r$vzbD&7*D&BSK#4PoE^B+tM@M^M3$DKJo}vQu@xafPmS$YB`fhVB;_9g- zCUS4Ad`kR^kX+lL+w!-O^9s%VgP%h{XJ~F!%@+Xx4*lhs)vY08vMFMLPS}`I5Ii6P z>@afm`UvA0-x7U)?|ZQ#uq_)NgZ&iklm4exPIZg4wXae(Ds=e4-5=2p7;`4dqU%-L zS6~QA?V>(ytzGlS(xDDiql>%Xp0R~9P4?nPxpOk=J=y3*b6m`-Rwcu6HVF6NF5S<7mrrk;5$`8@F$t52WWdM}B z-KQD^6?!KOO|v}Io+y^#zsLUw)>GHaI+|h0xf{*7-^i+{7I%@&f?RAZ^k_1ZmVCeHPk)tQc0YHP^wfowQMF3m58F+>H@ripi zNHA8gCOAbOSiAeBWl;Z4EC@kPk6bXMTh$s&1(m_^El07XrD^d;Gff&GD0I>~AcV8q ze9A#}kRhN=N(&8Prg?qg{au)J@PfbgVVJ{H*@N}^JH(TPqTwKrAI2!_WJg!dWYlvR z9-zYJGI?Dq5V*5mUm3RN*0f3K2Q61jW0)pqLhF(4-vNNJx1b6~DQI78^ai^%u+}*> z*ZLC`J5}0Qx0v7m{|q%wkKbNrm_(s|gSQ*}Cr=v^*r^ z%p0U&dSB#ZDq|^bI!yX8?I=g%h~%|RIf$zPah+R}x#(#mRpqvO3J~m|`h`h^sYX)6 zY{Nt5QOLqX?bo$|B_tTY58m>fFsQ9F!VNVcN#Tbo(P{4sgarSYfptzcS2LuBu&qb% z1E>LBB4~JG&ABdy#QxFcWmGd0!kM;${?6J20a*&!G#B=8!(kQfrv92$^AOU&x(3Ov zr^;3vV-X&HM&oy!ax3rY%1*#I*$-VU27I>fC@j$L5aidzD7chi88@Vf5S;Y&_=ky{ zTv=f?5q?xE%bwX%B_i$@GkMq5g=OYO(Bll2JJUb5%Y$-y-MO6eGH34}3|2koRUylp zmliH>-B=uMO{D{{i+Wg0M>b2RSx88i%();*cT%CUXvUAP%A@bhz>Nfc$c~M@lXhNM zuPDU&`i%ehAhdHQ@+epVVqtX8SefKfu{sXtXt-RrXP`ofYD^DX@$4jg~bx5_rd<+hAz8e%HXb(GlHxGTeGOnt9?& zTUK?li}MtuYmfh$oBviRmPi}OJt+Y01SnKG?Kgl-tDcl`$HQ%St@qAdYsnJ|V0mJ} zm=Lss-CkQwjONqn>xw`^i!ci#3y0(P$TXh_e7-b46`H!G+7?8k*5n?*hVcz74wNspuFRnZk38xpjBb=Xu3@s++5KFYg(M?&;OX_A5jXg7h9+8*-f7jHn8< z#%{(T@C}k<_|__@vC+67xhOGvwZGg=#fouFG>f4skaz9cJ%js?Jnc89)B2@q(8t`Q zO?b5Ki`k4uB$B>zz0{;_9=MYx$+324E0POWCJNfvmL&U`?l8(nDzPK2#W_uP357me zcAFcG*5(P)Fj1JA7;a-)+`G&-DFZ4f5u{Jd3PO^?UVM)hQNy{7iSw}#70I6Sv(ryU zGuZmFq+vaW-_=^waOGByEn0bOC>_(Zn2M`PwzTY=q?Ay7xZR2#cxcKbs{Ds8BgmAw277An;0+ zK*_g?-A*j&h;{A@UiKU<#X526r32N8Jce+2+b3-=TL>L|O{R_3>6JLywMMgA&CrCmu>lSne@$t-oQ2HiYOEGpmGoARw>cEi01 z7&P=4jjrGH?J|Fiy}B}B@j`rovyTZfi-QMvYin1|Y9SYfD+^cJ`5kZIt6HJM5#$Ps zY8^;C+o9=(mi^4e=9)fcb*xz=mFL>;9;G*|08qDJk8Dyi#IxFQpTOQ^)GuZ;2#CDH zT)e!Zs^lz+5qHZJS3;Df3Lktp)K;l5Lm0i6_$i*%50I5lYQVLPu(HOb6P}mx`2dp& z2E6k#EAK^ge$TL257wAy{+tG~=43oHu2?Fv1FWqR#4I#7JvG_K#3h7aB`A!W z8|#QJbtw@p0r(NcJMv$XzJK}Mks0<|@}|33Yb_0p*0aAB(2uP~kuQ%F4LC;2VAazJ zMI)>z(Sw;Z@{TzbH*k*FLWLDNG1oX9Se2#Ubs$pKmA#N+PXo;a#^9}<9dnuUH=&YEJRTfij zuUE+%UTHoeiaF~>z=%NcXl`l1#Cdssz2ZQ>=&7;ugxSe870zq3&h}cMzZ$RX=2({G zG81$P(WYY(D^qTgW3+YlwSy{M6;f+IdS5+G!KCl}{y08HZe4)CMYgzJT{btwPgt+8 zTp><8UTRRV_WUF;1Yw_WoVhdq)gWFr(>LCrp{LyLi638uH@MHRsJs=&eJ{Gu&u-&W z>FN~=5c3@E<&{kHk1aCBIaieFGG|#LVF0o#3+PDOLEf+^%GaV^x@IR1s$sqADxZ$y z?+mP$OZ&jI`wH#9^#yZB=cCh`{j27jO%T1-f%3I~=5%y4V|eg(`;YXE&X+#!?3e7F z2H%Aqtq1O@+)FeM=daSIH*DSLBzX1_IV(;oNoyu_ZCy5%-V4$sS~xPqc%&_Dc+aNK z+)GlNiuJv|sDBJrWj8I(uO9Q@^6si?%Utj3b*5kEFk99D-JTBVN+w@b*gPpd%Gl@n z&RFqt3iHh?AjH5nNp}4UGz^0a+LQ}uzOLGAhclG=d-ifak7Tqr*6Fk^VDlbQH_8hY zhnwW-`t;~mTT(zh z-$|8*>3i(Ow~5c1n;6xZ=J1rDTvn79j6eJ4o_%NN)?N2AcB`cHzNdQf?Cq?k=U8q+ zbIvxP2C;Y2jr$UQndD%Q0Ur}qe5W?pB4H+(ojI$);hr!TGb4sIF!n$(*E{aTX^B^K zoLGubnlULZ&Q9gnYM??+^`{cKTUms!?h`JYjR=fa2_G_=rwV5t82oJSTD3`8T)|Td z6+HcRUqy~#^lD*71R*Plz?3&DBgkV{m=h4u1-gMj;@C3u!v@)Kl!$e@^j`Rwb8j}< z&S`MrV9$)?+EvcquvO`sST=~FjKMC7nDpHgB@>vu<7{7ZaGZ)eHyd(NmKF-Cpn zW`_wFOLZ!O%XB{vta|!&iG!;*Gz$iq4$xVdD>RCRajuVqeHF}p&8|yE>^{8K_Bw!C{KW2+QpkcjFXJUU(OI8`N7^|;(^kG&%^d6 zpv56svZG~z&hA!8ka+5<9@8*hX>-@UNJt)Uf@xQ(T*8i)>=3_bpw0AOy~%)dHRs(#q;>i9}jUVok>N3yXxo^W{@A_vxrby*)BqUoCxU@2M z+ZEcFlTzMRM&A|pDpRPN4z%FH7XR+p*)9LNmHP+#X1ZSk?qq{TwIC0f`ZoSr<4`D> zyESGsBnR1jbS31dnRD$dJ>v;i-eH7hVi;QbOAn{ zc$pmXaL{X){;9sFMG6$%N#wy3GqNThN_!&P)WWQovQG zdcW?B)a(xjSw-IQeXr*;iwXJsD9NnH`Tf#0>(h6Z(acRncRYYewvh5GWCYO|0fcWY z@Zg`h_v5t@sQ2vQI(c+db~7Y zI!A=|=P=D;Q9*~z`b`>aoqBcx6*});)w@2*>igu$Pde_@A)jS0zKNzsE9Tq5GQK^f z%zkhOqdH$!6=OfxBE&uk((#sga=Pg9*GfiER9J-Jd-ZZVIqzNx@z-T0dlff`6K+C{ z%-VHr-?(|DD_wh~>MW7AGoG6pyXxw;N);aO--#g|MyoWSy4VcEP8UR%KHT zu<_L9)H|pYtbIqp(l99tWAirVex@)G>?|ZvGk*d*h0*6nS;y0Smq!W|5Jy$!E7F9A z?GV=H6QN=3z={UwA}f>sI()Vci8_~Y2iOokH?WOG-2WxlA)9`yDo|Qk(f-RHrF5pi z#4#bojIX~He+x9#3z*NnI-7&MCPS4~3)J8-BwKhnVuRY;tsy50X!C;Xt%EvIF( zL8`76e%bh)gGn9Xo79$m*!X_c#%f+*ZF=nG{Im4Mzwi67<&1tds^PfB?ayFa%lKHS z{+(bZFcdAp|7HE;<7x4?l9CdW+Vwb!oz#uM1v@5k1Ejfi;&Hz7YCX}{d$0^X^rS6D zdnVJtoJ+MJ-uQ^@C#_Wp5n1^nr4&L5$t}9w&O2(tw{UsI=?2PDdW1Da^x(~dIvsyS;|Rmd5#0un}Q6hL#zPMO8IB-YT53gU@YcG>e!- zbg1i#zHK^#DvwRY`YQM>3;9oAGpQ#XX;g?b!7TAfe@uW6ZHbHb{xR^Nr9uKyX9C%V zBL-ZB+D4O+PibrT^xE|ij=|wD+}lP<;JzSK7dtS11gEuhqR4s z0I1%I3WHLbA0}fU!5>%RgEnhV>JimCNjwb>sU!GM|ihWFDTU=4ysXrL~A#}NGPjf+3J*C`v zF!b!Ye%oR3Pt|cHtG*U^{6s)>J@NS`_6c^>f>B)gpdZp`##>uxX2bt02w&Q9c*Jc} zQ8@z{D6h}mxgzdvpnnB9Fda+K^gh0q+;n$1)bMVAja!{0-c3ZMQ_A)m?4=LQ-5~!A zhonD8r0rHq>Cp_k?ah#q33-G&8Kk7d86E$t!Yp+!y9*)WA}3Iqqe*y^pFD?KSoYM^ zn|Uj|b7VY;uPc_<-Xp~`Q-h;)l4ex9{bIG}OA5O0FAO^k4Wr2{n9eNVpCDxbzlCoc zBhC2^bC%40mZ!q~88?&COtqWxjJ+!ZyF=g}0(0gIZd(J{H{ZPP+~NHD;;L59LqcFz@=NR)n)_-%gQv}e0=PakHY=M_kqPEOQ1Kj> znf^zd9&8&~lfScbo9c_bgy3+*#^PJm$PD0rT7_0w9P?V<`QpXZD3Ud+DTL;AcLF;3 zT2){P=ucpIv^4+UhSaPHtSMA9`zyh*TKL23f5n``eCcW4v#n}f*eXp6RHbeOViiF1 z^62}Y5{q~zg6v=XKYRcGH~rrsaLezjmp}ZR@j!`-Urh!KCu(Q?;bpw$b3iNg8od06 zh(W`{@?WK7{5P^Y{1{N-xD%; zFUqTYk0vT|my|_#%OA@9amKX6e~%<&%M7#4619fO=}VDd2g}Yt$Ny0w;MfdGDm7RaM)5#$yKeA#?aMo z@6OakO->8xYFGpUtnOY&=HIF9I<9jWM|*8-SnoX5XlZF>?}vcJ zJj?ARg;y?vSF+OH{ym*((;-*82H9Q9PY>?5h(MM_O7K%J59Kb}a)so$msY`DtgQ@@ zejrUriaQO>c^2mO&jq}+RzgTBge`{0B2V(Fmr}_y8XRetVmk&~EQ16M@31A=1HR8oezFC*eF^c`_G+ji zVFP_)$JbRzn}?xQ92@e#m%R_nsL*|E#nx3ywCyrjReK=V%R!_R>)#H1NMd%gTQt_p zx4tGl#SFbCxf&C2SB{l~^}@}={!hvoRrR$6$V~>qjkyElo2~vAY6NqgYI}blOrwl$ zyWdYC>Df~4kV{XiTx$wH)qAYWCufgL8Q8F# zKE)2DM#)=^a_cKHk)WX&O%C!h;Lm*)q)M*4YWj6NMlT((eaq2o>2!ZyC3@_XHx(_V zSxT~#)xlmkpo3hLkONSuHl6G^#|^X=N+`=nf()Z-l<9*v&U6m1K?Y}o+3ovv3NN?S_(zL&3s)I~rLe7n3%xPvpTkWDy zV;t*%sF68q|8UKT9$jkwzGqfOm;tWejw z4VCHnItN+i8!G4(3D_kSHjZsOd06J;cgCl`eA-{vgA=un=w7%K;?IwkX4t(N7jt=! z!?P_jssQjK4-rSYdO7~`?5qpCMEX_XFKBz{bheAJzNM~~B;n`7x6DT|9VOU@k+-G2 zL)v9d&At}cw#(nu!n)t@o68$=n~vP<<&k^`CiF7|xf@_G6mEHOC3V5TBg4b<=7-MCo4x3geY#qwlkn1G@W-v=&-CBBWn=!pqY30>-A@#*V}V@OnN4f zF}`ajzQ!~}-&^I_KoxgZx9FWr-bBdm+6@LuW zpC!}linVdYH*8G1#mD^GOHX$MCLQ{A$n zzi%F0laGfWV8>3FXt;mFwkBvcG7Gp{U1Eoh<;_H!7EOHDr5>2WpB|$3 zb@*qQSbmgmtw%=ZuEt<0M|ui3&{33y+M|Szk2*q1>ZM73p|_dp9p{LChY58cqv*}v z!f9GW|EOY**PvU=uXb#&^s*)q+NC5J7*GJ%XwxpaHH8xC1F@J<(Zq`jl)Kk{v@iw# zmf{;~er|FMjJ9@5CXWP-S{i3h$3{`MbmVqF&3ksAqfs>8AS&Dud7wpqCaL)uEpI;q zC;E8F1&?j=Jt_qH%6#q~Wj$K>uKO-$DG{A~3-C}WH7L_g7nH41lH_Nw2Td59dsPqa z%;3ykPQ-uZDHMiPx4N)S6L+~>1`(Y^{jjBRXGL`}$?!`HzmA69*$cpXv_Un*`vNyt zwVpH!8|C&-wtQcBfC$LI7R|63&|Uyd$Hra(pW@iG%_*%^jxlglByeMc_E2?fLLU}% zRXWt9N}BItwh`T64lQ!~qd?Yd+|*umeiy}`aCm()d!kt(M``ePTR2sbQG?|FJd&`H*TWYR}0`pjz18I}Pty^fX z6sdJ=12MtZ#L9iGS7VU${Q>p{_5V_dw?|0JbrT`)hvJCK*~1HeWid0$>hva~v-OZO zyjxrw-EW*FQ-AGuv!Btqi;Ve}Rg67%FjuaU{{&p2X%@&H(ZuXjfEl|?3d%(f@5i~}%n!G3Uqh%c>)=2W` zM(g*m);0DDddZ3qwfOXFaI}B^**?_*#`J1lZ_k1Fv7edJS6R-HA2@GKTpi|#T-Z9& zwL3|?-33wP)RJe7B14-HMphb068xTB6Pe%a+;p1|=@Pftm?puucws$)AJH+~hm~Nk z<*Me83td4!c4`2Nn}ZQPj2wkc_4brybk4@c%kckx){I=jYF9XOE?PUzkBO6`(&!Es z_UHz%OO07^U-iSZ$!sI6i)}LnQ{=(a*&x?0C{%I1jLNo*@^Kk}4lUtQ42Yf0Rt>Q- z&a^Ziqsd$!UgQY(R!;M1c}YhzmnjX&jn!8w~OV2>f zTrZRcwa{iN!?9Ps9`k#;7TGyk!NY7Po`rKzO4uT!6K7&O9=SO^@E>#?2<9ioO-DOB zlMH{fB@dMpVD+=WJni|oRNIykoS|(<#SFq7iqRaI@0}gilDhV5}pjZp=Q6fURKLPz-4$DG6A#Ab< zSr*1mj!4Sph5ph*R`a%SR#a5@b!B@k3kUcbtX2Gm*HDk0^M0{=oFnSCv}rhT+9v5} z0>p~-QCH?cA>h>t7E|NZnE8f_jOALspYW5@J9gIDDOeq4MO;(s?-*XD9Iyu#^4woO zWU-K0oTJj#qi#3UK!_r0^kFfKzx!k{7q$0zb1PUrn6|GV-B{!1>Ap(zmXC$)p>kOXRZ z>%;%aQBa%$^r!^BaC{O-6fRGcX}OkKE_arH7k8T{2vMr+;Wr;VS=ou&s1%`0as#fvVO+XE%p=qb-gdcVz)wvl#PC@VG4hlYjUA zS?c>F63L{>x&@ZuZ`2(5nkVV|gm_%-$=JsLsk-~>Adahha9nL+ePA48QnvJXSypCM zgc`@c>eAbrPa`+$*Lv1Z$p{A74lW%nrzA&)ry;5;Po@qTS4E}{bsskulL6=-<3Yet zaw%D4)6~j}G7&bx zL@~8vx3Stb*S{|aw*2x!VEQk)40EBp;m5GcW!*+sO4f4ZzaodQNZ)4t2A2~CYQ89ml zuV_ok0C(ViM6Vi<(fS!k)*-6sTUk|WAc*# zudm1Q-cX8CJ|!8bWjVJeks_NHK8c)6R`wOt=Ir;T3=+MEt5!O%AT2kV-P0~XtwN9c zh24tK(@WE_9LTRQIkz-;mdzyh?kH9MDNvYBV_ut7iqS^ zAx(*%VWyyJGu2Ai`lMeto+Ezx98I3&NMiuBzr<}abbEU#I!z>J_MYFB>J>@IwEnT) zN*q(%#|2B5-($C_T>Z)5r&=q!xun79)%6B-;r1pl6o8W3pbf<$aa%T*ar z4&#g*k+3XX16xmU zGwqMxf95*3jK03(oyuH^QX8LF?0fv^phsvq>7cSk&um2&wV8a)H3b{_a>gar6&T zF6xKey29><1$KBM`XibqJ>o`q>&+L7!QoOB&QdNq4XW;C!Kjm=r8bwE92XL&C3AFz z4&_bg%E!s63i%Sw_+3tGAsreM&gS4>Buh{t`RJ%3?p!#pN!P3KBT~j9!tK@avMc#e z?}0E%j#mONmlQ1Z>vZwLK~IPSIqlXi$ym>4O-CZD+(&+L!jLF6uI*L?>F=onrKu~I zuX_Jd_t;yy*xi)Qkzsu7z2o4eV?7-Lq6<-oA#nzZG9OJrAus7>aK@ydy|K6hGnNNI z=a|1_-k>0eS}RS*NR-p4O+>knWpE9CL&ZA;xo>dA4Y<_rk@BuvV&z?Mk*bWOOm$}4 zoJUWq<(VnwQLY8JbQa#_F6_zMXP_UKR%5yZw{AX61M@(^1+xo0fx6ALBWrT2Yhs6< zUv`Qy-^Vj{<})cJHYuty_#~O`x9i_Z0<(K@n4^#okxhsMsZ2{3Swmid`Bb zq-Y9vGkRdkONnBEXph!V5aY6G-oT{g?HSRG(sZ@_t#}AqBE5>4Nx{dK zv$d6lSiO8d$p%=NQ#3KlJNlF5D}` z*NY2TPJwp~R|fn~uV8n42KXdf5?1?RzWFVL4Q`)-#^c-)zo|^Ju4U^mCn~^< z{DV|#c(S-Ze*%TE$;H^<;7x`NfxfjmUWa6(HT=70AnJ~K7b-;oYxV}#^A%gI=-|8W zdUp~3+J659&{M98mhgvJj>(p9Sw)oZB?>6`#WT6$>w9z~$a+H|0>><#OCNpFZ8~rn zL^oc$8JNHT2$ntaF42)>HF*88G$hz?)k{^^*t0aP6E7le*zKJ6%n0ujv_$=8tIq{u{bsH5#DZ zxi(mpY7KWviWAulCw4?C`Kv73nSdi>JzZ?RDe}t8KkQ*IqOK8_S zB}Ery;!E^d65qaMKVi4O9U``l=PG00`fHRGe>9%(I`oZm6-(fQYgB9_O1T-aGan^a zWg=5+Ql`UtARtBMwFW9^#mbeV{Z|@nYbxFMe|yhj<5x^8l}}3;$dQ-F%RdVh9-ir8 zlSozra+&lEp!;~qhWd2~qwrgmR_@SokF;+fk`>LD-19KN5~_!qNLztg)zo zzGXQzT`T!U)M~7KjoO=;Q^f0~i_a{mF5mzmlZR3)IKnEP)cfO*oppn!5C zH3ASUerNiaKDMS4A{DDT7iE*scg3i=9-%H;IL_3q5B`H~U&S)D;$kDH*+wI*?6b$z zbAsI3%Y&Q$SVZGhtrq~Ig1i62q?3s8@o|T1Og%F%-x34WrlGdPj}eEuA(LMYLF3Ew z>^*7dzaS(0p2JAsY4bbwzlyU}be{~Ur|&LA457;4myeLbE}h=!#%rkQ=7rcyXL3Yx zBAjt5VO-1dB$p|&xuiSNx+Mx*M37MeDgkLd&UyBD}}4z?!{wO1%DI*Jm< zQ>AO8<*Pl~J0=1=$uGabYuu+2P_qAnJYu3bx7z>L5xSV8tCcy?<5C*_X7#la%`vwr z3kPOKs?W~R$q*GUMTqQdP7}BrBDy55?dRb&!m7;g1I+KuN$gp0(*5AwtZ+~i|3;TE zuL(L4KS*LGJ<2%NL(N6@FeqrA49KP(yM)%vMJ|WK+O{)vCAd#NpWHjH<2@)N^~f{b z=!u-j3a#Ov3K*1CkjOk9Jy_J(I$rBR6@x0>yzzUv0lF@A!3~p{)03VxKJft-f&X%S z&QeqIirI4wM!~x^jcY!61Gw7dXP|bRN^qcx!A=LRVZZ$0%2LrlPG5@G{)$izxNt7{ zM8HoS)g-mMS;|YLq^w1Vi-pEXo3N+bUNS+2&NsE%ITf31c#-=11~a4j$|fpa?g8^kh^P2dUL5|L-T1?-FP*T_)fumqAfAkdrp9S6XFqGipx3zU{!wM& zCU?h$FZ+uh*jsfA`%YV>J0BDQYC73!QD~ROvrm}~*l+Zk)t)x9iRq>=YAZx{5U4qo z5Zr~9?!v`=_u-U8E?5uZ?2e^2!@>YbXZ?Uw6wGRGEhKxg<;+{}8R9bep|93HB6Ak3 z%E_ErZY%xM5xiN>@8&8+Qfa-j5L! za=xw}ekUjC2ub8j`~ z!-I*OdOtJg%K(qTQowb5C8nun^-$-)>F74EOIQ9LtJ4vj%|zndRV|~tuPR*=75GdM z9R2sfKP7!-9sH^ftfrE^(Bn)-AULJ8{bZ=WrRIc(dA^H82DTS;6FDC_~_Gk_6Li>z)QNRH}J$8)=7=V#&D)|jPnS~ z`ez7dANI#+P*B0mA+a_sKVW{PC&q^ARW$O=MVBl;3U__N@JMC*8R&LWsDZxbif2u& zeuPNqkzhQyQzBEg)v~3jch{})xG8YIZ8427_s(cLR~-a4-D$In*HMf}+AKX0<5^lw zJGBn7rpRO*Q-Pm`nhs^5qOv3bunBB<(a+`3rc_>xb6R}>#e*q{dLKEDUwsGev`zKD zX!s16FR`XgBsi&1pf{d@j`PpjB!$I6!vn`TQdF;Wt?7c!+OG9VzGp`S@;rcDh`HEo zb;7qpmjSjzI`}_GxFs6;EdJv9)vdB(^+x0*HL=bYVz9|IwPM*qxRatf9u@Q#R~aVe zqM-altCEeA>`F%jBZX@#9@DLv>mahD8v5Xm>|YPRofVaK0{x)wuyv?AM1_Wa#F`<@ zpgH8Dz_Hc{JnqhbrOsy$-f^8#+-a{>X{(}=r|xT!$k;4Ka1d%Tg(cC?dKu;lq#h_VeJjcYh2rHt~d`Gt@6a-I596{+$XqXE{762IRE7C((N)@@l z;!~qu`58)K4rO*8b3CPXgbUfsX7R_1 zR~|a=k>7`=sV^wmXZ!%GYFS3|uz;DldesPCw?)miN_9Z(?WC-ZoM)lMRA?XH^#0(c z-NgkSG0A$~(7e-Z9p~~^Y557|^{2oEQBB!%)*+kgUt(#Qv)_IVB zQ&wp6GB#kIGJYwis?zV6dYpcD2^5Lf4_a(K1`nh%VvZJCVB4)@m&U2a%Yd)*#|jJZ z0IzS+EWN;9rxv7;EIC{W4T;apOwXWPsVW!c+?=X?#OyPX0hM(QZcQgcvhXF>4dAxK zSM<77X-R==dZ{wbAo$LSlE?=Q)6ide&9VC>`P$;OWo0?K?BBcJ3T(M6{;q9}r|V0z znf=m7f{PHnb_ih4Ys~7B~BPAduzYesuFBj+m}DAkEBuDt=uR+7&u{s zE$96_DI3rhSk&RE@&X+nA&0*kxMWZM@EyP`TmXED4(SEGg{e=E>T?zCiwsip)+-_3 zx0yfa3@k@eqH_01`D-2YSRe0@lFe*!&iVs+|7ySq(eZeJHxhYjorBMIF$hdQ}=K#&5&FpyXhe1eK#@VW>cW?#_6xaMxku!Wqm@>ay)Dif?Gmj{yT5>x;T%(a*#9?v?dOvP*k^*#8s~5XZmV zn=L40`S{*e4~t}(t#sM!&7A(~-m%T-RTiHErc88kIAP4=qtF!>oWgJbKzOb3^e{?j z`>q6&w!_hK>4MggCvf3aVZsiZ)H?kKQ11vUDZvUehKfvF+bwek`s8yTL>b|X!hihQ zZO>Yl8p)6+nNid@tpOfKeE~Zha+F9)s{-YMiNw+?sug%FDT%>gY+3?Iet!dlRM;Zp zA@v78+Bs^98s}8RzgAE&xI0HOk#xE(9M3?0;7%$~S3!4$dGkQq$Ae(f@H@ycAeuW^Oj)8PZWzo&e zTe1JXiMP*7?JDx$Q67DS|k5(1%wPAGxg4eGu3y>Z8Q%qDU!tJP-e|3XrrN;E3yLrUB9)!mV81H^BSZZ2nI{&jt5hQ zha8s^B1TBAb!yJ{J?}K1qNs_32W)bOffS|Dq)_)Hsbbi5#cs8p+Ml3`p?RzjLQ;Rb z_dMISLs1qgf@uP#JV?hfSG=Rj`<<^idv6Auuu;HP@h}%u5}Eh%ZaoNkQ_mS}Z=k~_ zdI}fg;5xkX2$-GYWOv4l(Y1Ky$K$EeFCEvrP@ftI>&HyJsU@!9nT;@1UDXyK6#-1D z2bWv2rh>j3_;g@tzDWJ$GxQ{b6=%7~B0}z!wLB22*tHXSb+Zpkxio+Cf=Yh6+N&&K zlcgksL3!m;U`LvjruB2r^H1sCZs%-Ngjr4Nylqus^onWS5lSrLcjIGr+!PKeS7JS< zO>%a7g!&uCB550giLca^VKW<)Eq_3>#6SzJOx2S1O^lyn%Q?Qx1A`ug0=VIg%@=7*--QqnMhTs*EoJZq?hpkPO{5%2jAM`nk6tOeI6s&UdHt?dRsQ} z`DEI;KD26W#v#5POHvUIvk@wNwKd0gYoAe#9)o9d>+{Hegfb{Kp_NIgKBCXO7|G?);;#gD5rmi}Qbn@N6?a%uR#p;;y z%Q+Gd%ZzCOMVDxK@N-v-OM^MUfruE(+fn?qR`b(4VU8x=L8f!b?B?yc%B)t#9(kY( z=*`fsi9tAOR>l(oonlk;&gOuG%03;F`$27J-UmP_ybZl2`CB%l^;xm>yB$M!G@u?7 z0E#`R@|{3_Y=;!lKh%ku+X*K>#GbIg@$nyt{~x4@S(uO5k4(VN1}^?eO7Eydy(h)e zI7MHk9%z3552oe8kt0veNZ2a;oqE`LlIWS=b&YYir6l(J6Ah!+2q$vyDcGycYjPGF zswn@zcoPFn9*Hci%kTbY`~OiUXV?G583FoAJNE37ulmV3{TC&+{$CW?e@*!7FX)x# z*v3d-x+=2n?v9w3ghF^OC`K59m>c?_oO&Ei?^j@jF4VE;tkpbwmVTzOnC;fsDr+s9 zr!0U+neg?*HuEJZDTAp(vNUL|q*E9U5e#tG8z#dZgz%)W6s)|rXDv79wGWj(P(#H5 z`86N02R@IqP^}B|5LOo*dHx@_JX*b}XHxrH4v4pza&#V}`16~GfEbqXugg2$_Cjg9 z&bm-}r=fnW9i}u<4A8aGTHY5+G?qxP`oXw$UIq%j^9Ofz3LJ3sI=Dlv8m9s3So^yL zHNlrM_1(A8#I9X>07u7>8L;OnOd_!faO-WWT!2!SQ|2DKXq@4SRpC2ari1}daPV;Q z(2j`}0ASpY3m@bN zs$v!Z7p}Y_6UP(NKy}66PM3;JSBK3+RQhKv>C0f&wql4#$V?OGn9mHh1cIESym6Tz zs|z7~HWJV*>DBXkg^BuL?;CARqiq|Z9_Yk{Y&2|E!=LFly~yaYmHP5?K(VIRV0iF4 z^`M;0VaJf{Qg&DfqH<-zZ82KcqMX*ctS;B+a?QJ(!q@gGrknjzab}1g&PSEFpGObo zZhc&+cIn1YQ@d9{y|!}lVWF1jV;{pnJ)MIBmc46ha9e2H5y{*xI5ndV4jk~8R+#N> zk|rZ(5dCh)D_Fk=y_5MhU3x3c*n?8zskr_#)>VMn_gg%%Tkk&{8bK~D(A0T63ZUNS zMQviS%?~?KZE}YoRc~eI9Imcyt#~YRtd7>$m8``f7M4PN?c7t*0Y;=;mbXe+4#=G& z2V`by*n?-iT9+m_v3|^Es;RaiY{Z7ZE*F%$rQ%bzy!jPEV<##T4I^8<8xmje zhYfbFV_>devb;UGQIbcP!0!-nMf^t zsp-;;5?Nf`t?m((LU;@aX1SRjNw0aDNVM)%Gt&3#?kL%JqbCyC+S~7L8%z2FCz1js zeGW}Q_%40k6l5m{T~t4Bt0Cef@3w+ht6Ae4aMYD0MVAGrbKJ4P1-&j>9D0;7)%5)w z&n)=$t%5CY;&Xo6-q&qK&p4#7fbEMTb-B3R_TwqZ!ULs8o?rYs=gh5Qp6<;wj|}n`%|8U2qWGdE98AAb7TVHFAAz z*lNBEK30eG5vzO+>%2qT^bktD5pV>usQoHmsmvO$SEjcS2zw;Vi7wXnO3Ub1I_bcq zMM1=ynFYw|(#4TW%NK`hzSMKGRv#NK2RT;(o|D=*3UOz330pXZ=YV{}xJfx0WcT#7 zE#WH^o~AmaOm^+!-DoauwDy+!x8kM~MK_l^tBGV}apC$`o5i>$sh`d+bqCA?srnFc z)>vJAgdb5OLVfAhbfI=>+mG$455JG+*H>DYx}LN*sN1we=*x4q1<{Kd@)@8Qo@p1{x0Yl==c$Y9U$kN8I^V>-9JZQY&k1mx+mNo@6QEDW`* zduJv054nUD+my*VG&CI~w4Q^B9XamIH)W1n)!IZVxy24gL!{QJXq%e*1&qh51G5O& zVB$rEPL$ko6=SYJ&_#~+2R8dSYp%YpqP1#slqhFG%<^KNng3?bP-8AKx=}0rsukUd z!jNNC!BcS>d@)EbZM?(BaAf89xRm26ZL@N9e6*u-0~#Mwx5hos{9NJzX}4_p7G_mn z;c+OVKQ*}crD?mcmp#{*aLj--Eri=IfW`PT(Zhy_>BpR$oXO~fsYMi$x%%I7c44>CyX-mgN_ zl-jd_KbO+3L@a1t5bB<@ZnE@b5vjBMeU(~dzibGs$!jtgnNA>Eto!NuNz$J7rD?O? zj|T&b0r5#U45-zmI^Xu`)cf~AE1{D*JR6L#>TJTZfoo&+?Yp#D5&r0s30W1plQy}+ zg*qC020hOzGiuM|86)-2UNh-LNn24|i|f7Xh^tB%k?sd~JxriHo(<}C|xFi3OiewwnsP%B%*vQZZzn1$<3{#q{1+r-EzO!a+t&RquFOFfhWn(` zjk7#@a(yDQ1Gj79yJgikTRF6Kk;oclrDO1WhOMQ1PloX3N(+2xs+^fEVDdA_D<#od zXR?bPuQEOLW=NE>Xmh z%eXaT|AN@m@%72+4Z-VGqet&Lt!rO}Jz8=!_$}Jwu<1KWa~v_JJKi5zJK4``&CidJ z7EV(xI#+bTJK60UyrV{_S-d?=EW`PV1Q2yU`iM74ybXJ#D` zYaPz<4jJ;VImuI**NXttU{uFRJ01Uk@ImeCiUn$0RAeHOY z9?Q5+DxREb=bx}gfG(k3yo4|VL4oq-p)%we>n3)Y6!OM!SCtDLjyCQ$P3GBCfF2o2=Z zU2SkaSQ|z(hZjOR1yS0CO0h5!t(7&+SO!YE+X)BR&rcrw@F|KUe3082C#2+m1*E00 zPJEj|8jz-M`G+ualJrtfQ05zZ0Seq~EP3*9c3WTBzN6enzUGYx*RjHx(p#PvldHsb z`!R>m2_tT>E9Ox{hAL)Y9*v#BTCbOy%6px}fV zvn=Ms=a9(LlVzreim}oZ(H!PuT&$igYdO&0?rg92RSgfSr+(Wb=wOkwC*Q-PCF};7 z9Z?cLqe9xkJ(#)XX=1OP##Jz8t0}B!;c1=57qN)fze>MrK!f}Z| z&3yLAre&~W0<9bntF=2BpCTR3F0pRpSN}@F1v| zq50jB22!VWZF-k1+Mr$>`h2w%b>Y<7IcapOg$;1#vLy7;2>+l-#oBchlYC%V9}_0* zZvg5%Bh9uBvnY?MNDYRft>-Rt8wFgd#>!sfpm5>M?s~t8Q6@c+87G8G(J~_-8>?F@ zb>CsrEPx^wXKvbinD$berP#JIZz|pF2@7;g5CDspNTZj!!K3;xW<*<3!dfoKQX{E4 zkrs$ycQ3fAtuDOb0-bqUJQi~IiK(a#*j`pz5V55B^}{#ev3$*}383b9(zKyf^J0;R zng2!$_TFVs*3S)c!LjV!U;1K%W=J7AxT3X*B+PmD7|gU!6V!l;xx-eM$BEte|XM>U4y+0@yf`*QJR=+P{w}t+f&$G{}v=+1>v-g;vfRFxhD4 z3Ra%TkQwlteo2Rp2Cq;Rf?HrPq8!{>CGMQ&o2`dItPu-At8PKJiZ=JJ6?eR-IObq4 zn%^-7{YNfn+_xw7&?^Rk=PACV92b@}{l!aX(As)jTG8oyur}O1qGDFwveW3OtC|2e zsh)))}@MQ&P+sLvd9b~_dSIa32!?NGd6poh7Qx!3l8 z*J9(b$14ja<-_>=xl*}!`d$jx`xB;KSdcBF=zXqfRv~L$#8-I<$w^)>BUT;wlPv+L z`2+CWgHH2OTI=QhZ`sA?4?NReI-5VREB9@p?()$#0AC2EJkpV?J?a;)HP1gFN270& z@-K}_l&BlKTuXkE=WyUB!jw9LnSaKWJ^S#LNBLRKL!5ussw`EWeY0GM){Oula;hf1I&L;Qr2AQ-ZynL;DLYy9}Gy6ull;~WVvxq%-0h6?ER7a{J7GNlUbFNSmIs)H|tgR%iDvvA-K2dz8=_k*`Lc` zVdFhmGv9v}GXD!aj}7e-c;WmBbtYU3)qlI3x(&DWIB1-D(4m*{TABK|)K@CoGiIs< z4(sH*P?TdV!6WB%mkYS|B9S+l$jQl>y6ALsl8q=O$=kfQg{4OS^$XKK!Hbk8p54cJ z4Te5#x0SwOlqM*>w?u*k=|~glD!ogS8jwyX z0@ADW4v`*G=7i^Y-rd=GXZG7`cV_30kLx0w`_6rzbAG)Z-m9z1)1SC-f`*2M{*i*5 z1`Q3wjE3g0z%g2Ihb*-{5B?l-)R4bNliR_z04|PL$g0TF&=iC~iBBQm`na9K6Gs}F zvrg3CLu2L~Zs6uwrw4jYnzrUnu1_7zXyhHt%xoN=+d3h%kAYVx?;gp?YPlhnNuFNX z{oWI#{Sa=oM2m!&1@F|(B5(85_?XliJD0njr?z$Wn8ullZJMhZti3I$(dPMbGcqIW zBJbCz(bmRL%%rjC!)w8Qm($Nc29NG>UEqsp{^-|C%lg#I4u45YuOu#<(Iou?$>7Dx z@R07s(cs{(o%_WIkA;zKvz6i<#8O2+Vqc6AY?p?nCdBQ~!QdDd;@~e0#t(Kdc*QwM z1(Sw`)9-)YBOlEi%0^~z(eS4{esSmaEa&*Zf=QPUG{$$_cSc>u(G(JzkcR$-G;xqq z^(USyv%($)Pq5WPY1%H78LHm0S%G~Nv$t+vV zLq3(?E3`D%t3}!2%`*;@rY2aKTDjEs*@a~8Q#T7YyA>*p3E$mu0@8=rgy(4PJhSXB zh0-ML&bn0^ySaS~ILyc?q+%MsCGGAPlM?-K64KMuZs4+aeB!Ttg;yKV&@_lNO+nVG z_j5@cjVbIx-kvj=FY-j;1XM>>|ne=2M%#uy-HrBO19l z!@1v|j5|Ewm-4>-5REWkh|iC$?=2+VVm=fj@yK-I0DzYaG#_Q_p{Ika7!~PK3XU~T zKjJ!ku-9jfG&Lu=5U-wV#j1;44|*VTP3d(7F66`<-V`7;9%h`Hrj2Ak(`?u4jCfy326@K^0s=rmI{CS%0Xz##Kc$GO? z$26v7(W$qiI@u64-`!l?Z$NMIqIAp7eiBm1^6wU3=ytO<*3}+Le<3RLv7O#bb<26h z^5rT^fi#~G%enL=yZ$K$-6^A-!@AiNZ#-tX`qQ&UhJl%Xi&b~~$`8q71- zK`V(Fjk^z`W~KsQro*;Hu9bm2*U7(X=l@vp8#?A+gMhnFc=bVA?yeM@wue=G# zH4C{TlAWbhdh@*YPSG~~FvrPd<^E+{;AU}OmM2@_P-=&xyW{t~tpuJu4`=PV1Rr8L z$xI$)jQrxL_WDZQA&=dfAlS4=Y*Ajy+G-I@k~>0)PkDeWf1qK-%jnyDKk7f9 zT>cX-ceLZs%lhv6S(;ZYa+Ne)>35Qyl*?}+mb{x4@@(c$s}N`gvh=d9x%amJ@_$ca!buynagPEA+0*Ls1il27Ww%W>1M{e8VT zS+<(Uj_q68DM2}swSz{uxeZB`1t+8ZvdZ0|;;xTwK37cGs-r0L#xI=9TVqV-qB5PF zmy%9AYJO9eS72{#v=mnR@{YLa=%}FTe{aLGmTeYdtA)8Zk&-RbDqc$FdxWRp3+y?B zZH{t(5i%dS@JF8Y0V7I=1dpA6sF^n`g#C#KR~2EipE|i`gCC9Wb0yL4Tt3GJ4|VLH zyW8E%iNNyFSw}#_bAt?Le-z;UFIAu2)4M>p?{H>Xo>lyss6?IN*i3*!b3Bek@59?uxoV>>HD&jo zTSbgLj8maoT&RVBf%Jd|J@Kv$PRLMjpH!npje(dKZai-T(kj!M8;=1-OuadMJ zeD0^rUQ79Vl`;XeddQEhZnf%jquXb9)1MrHncqw043~cwvNrO4knt9Z60U|XEQ zJ=L(x!R%6TXBH_WCrkQe@8q08rSYbf&6Tw7m@0IXqU69-Wt&mTS&7@Z+iRJ*YeiPL z@IcsnIM0J{AQAn+w+Hztc9k_t$fSfHdR4_6%b{$~WzK&=*A_KG+p6F7EUZ-h+4c?X z_Jf_|sIKC2o~rWn6t24r>)hOCd!9Ki`5b*m@`ONXAul3yDO2seqjI|BQEYb*j5s(Z zylCo*-~8RwX9R~!#Fa{4#GVa=O_#6gK%C}S_UQwLaCbPgxe3W_ca(A+kOh7(p0%y(|kr0A#3}~`|Q;- z@bgl9r(Q5xpHj|y!US)2wmH{6k!!@u%Pt`m1MP7{EHpwlQ!Yqu47C1gH6o{O-HjOY z@t9t3{6#q2DP7{wV2(UQzhd_7O4?#Yw$#J$VLI+IwL>)5d;u@I+ZdoHitfU5y_B(X z*Yb$jgTqVW8#Ah_xyaH*kHOyD$+re~IPAnZ7P*@zD7|z?JC{d`9+IsZ=wGZ#hwk|h znm>p;PLOYlG*__yIzpGTvC^Bc&nx#}`m>`qd69Qm$N$YqmscMzgy-E6{hTR|z|Q!y z+Mt)e5C04kEiALRds%0^HD*gZG2E!G;fR#ud;5>!}|j6oB@+)c5!*f-N?}`ohbh|hPv4OuZ0ozF9^PEzpqvJdNia31?{-1 zWEZKH++uJoerdb3%+lP<4K*b&*yP+ixgUIZP);PUH>^`$-Gq5;^je~PC~NCx(XX7_ zfs+l;Y5HT0sV-Z$UY}vPs@^Ftc&EfEk>kS@%#^O;l(Sx^E8lxJA7?*k6I3-|_5-C+ zz*(uE;9Ex^+c2>|{?jSPaolWYb~JC%GyXK+_WKGi;-ykK#SE3)h~@rk8`g!6_BvksPacmucZoL=zTIPkCybZiuUT+l zrwXPz*m4uZD_0oiZn^d}w##c>d;g`cf3dgr2|FTFq~&lw9-gYPs%_RIQTW1)$IJ~j zFhhISLVM*XbD3Bbg4ZDXtgX_04w zh@@x@_t>#Jd6oX1MWOO-Jk5!DBhDj(--N!nB=(iOG-c1^e1moUTHZ3#QP(GRb7X&@ zk##1UN2&^ea}kA;OkFt_KXOHvIjlXn9ncQ9RC;#t(B?*xA<}~Dw_1~l!~QuMV+}u8 zedydB`vly@YT*>u@^HL^edAW*o&$Vk%=?xw-#&*q!+2G9#hMmHf1Tp*ua-U7<@tDf zq~d4cUZYmSsLQ#r$|3Aj$)9O!`~IS7N4BA}W^tr2EW`#8shCq{7KER8 z+Vv4fA3w+|F0odU2f>v$XKF94j(Tc%m$^25V#?6&FpJB|TRpw!vKCH)nKA6FS?fiX z+sk9MOT!#9aH)flq5O#bvz$p4X9LPoSf*Xl{WXe?pXW9r&q7h!TQ zpe#!=RrA+dIs?H_9%aihHbtk`Z{danYjXR2+Lp(8B?0 z=AWMv5%20D0XFMP4?Edxq>@@SY<8zjUT9+vFe@ulKC^(P@=~@ zsVVbVV{S%vvd&1gZZ&)sMc(z9>wI2}v;X+gvQlUOFB30()aP+oZt~V^%`;Ido8`fU zhgVMh%537+>a$sEEsu5hp69HYvVpRg)o?YzPePtqSHxz&$+Rl;joMT0zf8aFpPifO znPj3aDUf_+5;EIR6`A25TQZpPBYdzz%g*?hrHm|{du0* zbCm-sa_-_IYf|1nW_e3ZR{q$(8~Jb}g}E#`W8L2>MAS3u3hQT)+)Ni$`ajJv`ZKQ! z&2+LWyV7lRJada#%bT?0r90oLaeUX6-uIg&35zqNU$(MIrxdhCjQ*(f@Y?YA-}3B8 z?-{X6-I3`}YWo_XmiuV*dzt)2gafRDO={rsr-ZV(B~9Lvtzq#nJ*e!Pcjs0#-46%c zJ(Ip79w*AfFu}BxSb)8zyWK$`sOd`gxzA3%X?t)}#F}>t+HYsYHn3?rON9X$kNEK9tC8)myw~Y*UAg|v71CZR_L81vqgl@!^P)8~ zcfM$ghxxE0Z4ug*g-h910%P8hXQsJCnGB1Gymxkz;*BA zeH+Wj?l$&1$sru?#?VvQJ96G>N6T6}BE2G+JoeQu>Uw9rJkD;Cll?Q7@}lx^7%}o` z$Y@qrz^~I{p_%YuMhR@cg0(p3P>`y^XKcm~#H@M~<6xx|ExkkQq^5PouQb9U?r>hb z?%z~(Xj#ES1rkI(jEDJ|GFVHu3>xlULY%HRVTD`Vd5{@}HHubfzE5%2S$*QNYRPT* zAb>C3{py;NgRfYcu_%;jw=n&)SrAgttD3UjeI~7g%q>a3 zNa^Sbanm{SmvG-FrS70UhZyhnKX7(kinu9%dj@xl#&4|UgD@pjlTTpjCsGJ0d2GEe z+OXq?tM7|+{e@%v0|WFZjxwz?(vNn_?#Me=l}@G-M&*S?`PC!yQ|mgj^AwDbqfSXk z1V`L=Ds}6jY?_fRb!n&8s)y4RQgV@VBZi#!6;$C&?sCN;&S&KB12qK99T7 zoA%|$cTd+&chZ~?jTOhC`Yr^Yui=>`DVH)#U*+@&6=ITSTc6eN8p3r_2>No>PH3SN!4D$Y6R% z3McVcC81bnmH9>72Fho43C_bFMN7t0Le42SU%UC3_zUm-@Y&)Wfs((OD81o1`)5yR zReN$hVLp<$%eB%~Exc+pCONH`qM>NUDb#Eo;+{1Xn$y0!d;*PB?C|e0oSk1KIKOq4 zuAF4^d+2B(R+=$9l$U3-h%Yapzc`-r@J;&nj4^Mo)SmY;0+FA-Nf@_2500x~K68vO zq2y(<+GQQ}7cZOOV|P_hmmgYGJdn=kg=F7zYXFXl1AD7uIFm}~lz?coDbSCYT>u4qxUTEL!agU!;r`hBtx`s7+WzeXu7934v4=ME0_)A(ArJt=Uz`(3>1+ID&Wn}8^Ry`BQ)UaDLi`b#c)J{J=F z$h}p(qc`I!g~!)_50gkc)9Q$hQ(KIt^XT!5g+oSueWMe#6*KWX4Gq3aygD}G~tsP!xa`v@8?9<&e)M)gFeO;AY)aEo}9jkWA$hBCERO*Ee+3dWX6(Ry;W=r; zvK6K+%KQU+E9727O^atM)%!lCD?7b$Mnhz%^L8`68A05YqomQj+wl<#FGBsXz2@e| z8My~m+KYrBWB@DQDAGQxI5#pjM9(BG0G?MyW(;e0h<}-wU2Y#K#TgSa6x`9=>#)9_ z;On{aE}V%Ce%-D18M8*;kmgdNx{1vxGmlSMw!3l4KAq zA?gK_gxe5+9NdZVjWg3X`JIPtwrFTY2T)sSd3pJFn(R7Fkm6pAD296!lTuwh5Wk+X z5&xN$V1222yzEI_X55*50ruU(U#*e6Rfk~Ox4u4mGe#$uaE!-h$mQ0I)9**^(+?|!}co_5(a!5^xt zdmfJ+mbu^iA>$<~D|&{Mf4f`$k}0XK(k_^6`1b0pt3~{Bf2hPu^$*8w8E9&z&%pgI zb$aOssNVh@H#e}?86a)PZW{kBLC1TxAQDm!HAS|gR-R70^WHJYw9HHk&T4voD$~mM z#OYmur1Gtyr((mNVLruEe3L$)i&Yb1W}C1a6o#KufmbToaqC6mKzY+VAEj zD7l^YOwxDMMwf4y1itPUZTqX` z4SESW;`a#YiSv}EPW$v18)BYpM{X7q@-A|?IEs6ypn!tUu7!x!I*S!J|Wb%@%PO{X~UFY>(Jk&{Glp2T@hlg3%>`U~4PvJjV@6jSndFC3>sWf*pYAr#T5X+2-){yPc05|BdY%NAW>iqe}X;HiMxzTW?yzJJ5~Sw zZo$x7aS?s-k9MSv`33IS^;sGkWp+?n0Hm@Uf*6c8q)tLs9eD+V%w;X(NU4(H@f8_q zsu~-qyQ$)b8CgF=EFO4$VfazB2KjiJS_J|1FTXp`Och}^`1hfn)73GIJt?QcE_0qMAmo1?5}80-E?n48NMTY}|uXCxCXwzH#sU#rYCXw-j# zq}XrA<|?ySePV4fk|=lA&ip|kVjh)=eZa+shrB!~HDx@j?0VxWLj6cj)tQ?&|0$_h zGi$|~Uq>V*aE4~?ZW5Y`Vx4d1`~?PY_{@E=>CvIsQ|76;!m1RLKW|r-`bWlZ|K?s% zD_amqsfYR-my2*+d;34JawBWWM=Rw1p}9u%Rgm7N0X7;zUq2YFXif^~x5z{|c!h9TQSPO0yh|(AzJp-4ym8o+5;{UQ@ z)c+%pZtYA#Xl4V~yw^OptAjGG{pstV79`soTjBIxy}CRn96b4eB~`u29L3x})ilkaxl$*Cu{ zd~lzV$~k0Xch_sTCTH+nS+EeP5`5#*3`}>#cm)4Zdd;kXO(>)DYzp&xw;6bvEr>9;tZ=jI`-2kxK0&KLljuj5jeSRlLH$9mGSzcoVPP$e7IcyrQcm{)_hkHhZrQSx@>gCN(t{CL_IM9jo_ zy3`9t!v5;eNIKGnbMvu#d}o5!#&uN@)NzJ4=q1P2-$~DpyL@p|vhAHKUuCu($&zNa z$KYwR#C<6&Cv=fRZ5w9}V7U5>%3#8U7Aid21>~gOCga`pmCwb9g4qB%504NIl!N0I zw?@|L$o1;v9ol9|BpmC6D>*FR;JUqyYr3p@9l=?hy87PktQYbrJLElquc3u>qRvC$MvfACSu}te<)In4pXZv)

    Tu=0V4Jg&W|&`MgvYf(eU0axBH*=&nD0#)|746nfKh;ywtU3%Gkfu=Ze@gHF&=o&cSNcTy9z?U|koaKRe871m z>b6s>k9VXPz?x|Qg$0YM?%|=q9ZAkHDXiP}ELMsUcd_(B(py2}@)5%4dcDWt)|TiW zT_%jKLDnh}f?ccaONtqlpoY|u&m0bJ;Y=6 z5n^yEGh&V=%fRwqw`u$%i=A#Jsdg7N|vFl1cskqGpuPxPm?fFsm?nAf@ zJ3dSIo9cgVLwo!wBPKKi`#P}1Uv;g-$ShgERn+e`e+EOd=B%@Db0(>^5eQ(PNlS<0 zzr31o*#fDq-?D_Eq6s|}Pqht;8uKnmJIO{C&F$MH&P92)JDKjMS@4=Aj%(Y$acTsr z&`pkN-J6+z;63H|M9hr4q+40II0x9g3}#eK#EsI)KdD@H#)8=t-7&7II2uu@HH|k` zj66xRAq=%f$~xZaE>Zz??pEUj`ptw?NfPIBGeGj&$-qdM@+EDbswjBlfs2TXTBrQ> zbB~U6`&Cs5?wHf@q&K4hvBh#Brtub7t*6f+QU^i9!+7iOOz&rI9bM)_A|vkzTXdsD z=GBV6doo6u#lF*x1**u?nQO)Kc4YcRW@58?af;?}uP#aOVl7cl{LrF=%&$|E({=LzvZGZ%gR z7W==6u1rRVG5+r}UlYfm=4qb%C%%(?x@>f3Lwjf8Suo{{JsQ(*tAPDJ<$R<_SgHnP zu{P?tm15R_8E%OX^LU8GcM6wN^h7jv){a&>{$7pq-i)GAT@^`;Pdwl2wqh2NS{WUyW|Y?z5A&a$f+v;B zsiB?SO-mIn%yVPiWa=T7K|G?1c0q`&=Z~44?GwEO_jS0asR1$0(h`y57Z+1GN{!AM z$|*(qR}55YnY4YdD^EY$?%cJ93&pN6ObZgJ*vTxqv$8qR#lFUViQ0Yv?C(`a#PWHy zN$#&W^gr}2nWJSS{ymKJ9EOJ~QV$O6MBLWqhrJCblDGJ9y zlH#RBA}5ZTIdcPbwwR~C9ghvTctoc8{n&oBh=0SWnd?h`HKsOj6_#@N?qfy+7Vy8E z&gm(limj1r>$xbp7GvsfYQmMGA)w2~ge@PtG{+~VmHdvOkyvAmEG8vd#}Fh zc3jRKQVjijFZT9SM1GlldHb~)tj)H9xI7il4n$`kG zhCm&&Ax1G%(2+9(kSLdcHJ-4BfB*2>VH5D-nf3@VL0o_ZvjV3%0|Pfoe)*$CuQN=X zXayUmbO_}<9!pS7?>^;INI`$yza*^!<_JNt8|0?ZiM*}+VdxwjV-}f0jhjwSW=-PK zQlRvoS!!y^u#>5E7~d`BjGn_A!sn)@GuQZk^V8y3Quu^!D(ICFf78%4T5-mvFKs=0 zm_;|8ZLyts!2et3w(SzB7CaMBrpFphO1i^s6{lY-@E}g%i=)>~iZ8em2ZOwpk;qeJ zzj(BRJ#1~ee~>Lof6U0y_z_>w)^7Ox-ylK=@QU7+g`Z0b_C{eEvN7YCKjB78Y@$X#RhriQDymq6xLH{S*>Sp$v(Th6-m> zVS*EfR;!BLWsAI85sJ)UC#wM&n+{39Fl|rm86Du)5}($+RM2*7RTMLaw`Wm(v*OT- zOZU9BHpOz@c`UGpwihw(A%;6~T&IL({t(61l&Em3S&uHuksX685s#NwXM1P|z* zfntt*D^Y{0q`dq9rNvh6v;?Lc?2P$n=PGna3G(4?d3#9Ff@a_5uvd|4?u8Hy-OL`i z$GgVKqur=*KjFK;%AZL+&g!0}RSPRS45@}!=!LSnJ}%&x+@}I=HzAt2fE)EUPFY30^1bl^y`$X{B_xInnKAQxr}fp_v#`Hk8vgg)J@<9`jaNrd|8GKqA@ z`eHbW=X7WXp)$3=f{IxeDsLJ8;|l})T+dsXf4d=t{7VgK+T*nHi(h>GOaO7rpOAq< z)(N}b{j)yic+KO{t6=PUeuMzaDj`#hZ$*y=z7IDA%g@`k_6-6#fslD3-v16>EMh}` zNEI1oX``ICTsjNS#Z7P%*UZ+U1rh3hA<_PCC!E!1F83)P%_%DRKz$PzF1<{DGBzML z34J;e`!6TzPWAbpY33KW7^$$BUq#P#B6`PTVbS>T;qDUpwv-rkEG}r=sikiixl2{E z<`rb8C3F3WQr}GT;}7nWiR4A#1_c5>S;E2h@syOg2CY%DryyN3t-8E>W!o|Yn&Jdn zUR8Vn{An+T*dPb;-LHJQO8BhU=Vpqf+8!c4tJEjY4lbv82hHJgF1HHZdPuVCO8Dsa zWH3sl-C|Za)Jd(|8JSi?6=*Pc+>||ZS#^#8NhJ*xe1QR)$eEuEp^9OJrOuY-&EtM< z;x#uwNvV+L>)XPiT;-=~z!8%3_5bRM$ttO6DemF110~z$DJ~l&uy!|4`?1R}NMP;_ z)+)z2r)vS2%GUrxndus+eiaL5a#6B$np|D7Q=lbNbbXlRK|aIcErPnAht5c5ju?`x zGoTIUxdllKM=ZSjaB>8^A#}Uhbkmp)c6UVpPaMF9;7wD@lRw4F&jNlqHS+*$c6|ce zWj~m#?XSFZ5O9BkU_Y?adPz0v_p}MwRdYMk_9DoycE`S`vQN=lkm)_k-4m-iK?O$>w4(VK2TbunC3GZF9_;W zB^ctzQ4x>>_6gbW)FL`t)oVb9(r?>hHRzg%L3p2Ijr}0SCkaBS_weNRxq3=~(kF!AbU3@PF)lR?L!&?N}SZt;o#$ z-gAyrmgG&9QsSP6g_UfQGd`Jw^T_H=^ql6nYek!TXw6^wG;*Gp2@f1 z`08o2=MD^P6fItG`fiNFrQj;MQYupe*oaPFesWOAu$oTCck*00A=$0ut{4xrJD1J> z8(T!EJh{^RDCF^Q_LLyGBdGtzgZQ(NmO2;OusuF z@-VRZGHO@`#Nhy-&#&29CWx6~gFGJvlbK^3A=EV>BW#gNhcd@FKc3`1oig@uoddb` zPu1ayLd5~II)-2RHoi1TTs%!AfoC^g*~>ygu2agWeHq%L;-4TyC-IE+7?yLP&l$-a zh|iqvOmf$vI|wKfQw5P(z8)q$P<)BG7GT}R@ z80DAzMqtL^1XOP}LlNkVkDoM#4g*Z*KaO0FvBs4r=1cvuktx^aztoSaJ!%NI9C&}Z z0&&Ro6wZszI%!2U9lpTcA31|L$VJRs-VDOFhxv4UPtwBL`QjHjLUZwyW75(>l+|y) z5|&6cA072_=BCm8_pH2_gjbIXy{}Dzn;Bh6f$p04K-@=!h$IlOB_96RzG~3E95r$JR+Z7 z@vdr~rd)?4TU29sEKQy?x|ZR+g8Nhbs!YO?#v)P%&11~|cxbcWt;P>0Ok6dIyfN#< z)tfcM>h26S@nsv<*xveYQsNDyj=G@ZcfED5`tK2wi+*kVLr~3XG$rMGvWnRXqRf44i{6bd6v0q@G)vt+fYtxbmZ*vt6N%4 zeVy{jhE?lzzr9wRmq2VciIkB^3U!>&ZaxY;L4`kv&$;dm0wpZ8xVzG?Q=4zZp*h>> zL&GBK+2LlVIEE-5vhS;@p7&IeB73Ozuh$j&jWL7>*4(i^+qkzesK;9YyUAhY3bZ7gBU9=yFBNNh&J*hp6Jo zxucJ{Q(K75IgUn5f7+W}PPYx83QBG?Umc7N=Q)xFM;Q347#Oo$nI1<>2p6#rggQ(K^oxUA^+;ifJgdxR5&4GG7-K2z9S% z!xB`lNlQFhEDl`V3n>8Prwq^aY1-J{(aimJkLnxeR}ip-*h(PeNU6uw=barfo(4uQ zL1!bPgs8nhpt57BQS$M^f@T>yHe0JkuAQouRXIsqT391r^!OG*=?TQE(O|1!wF{eG zkjbW|-{gz}6BfIOHqEvFnNmnbnVNTYs2L5Zhi%|MMx20YOfU$#TSD;@!k->x5)T1w z92RVaGFOEIoqCcJI$rSq7;FZhTYg-|0nceo%!=gVkRs_zBFV9dYR15GWW6)Y1-=n= zKx@zSmM#04=Q`eyPojqp`Qpsod+;lQ@eVk$had$r3R>y-G6hqehCTQ^idnFRA6-}k zGZuOGcj)Ray7KM$Q1i9Ej@|4XlY(TT5Zh|ix)WKfZl+oU88jL*^_FUkftu(Z740;$ z2EP98)V#?XP#IZG&qciSA6__*vK=UM-LCx_WzrMWURXjwTPdZ2pT>7VJNuG-DCE4t zaEr1ZB&@BfQky|tBC2yXsy^QDT^7-5WHw0_GwoB_$tWwukDm@M4iB%^3j4P`lVs91 zxQJ%C_mbUnMQ-bL$i+jY;Yvl)atHuXfzC#c#Bg}!uVWg%XgaS%f8+9}jNz_K2X_v9 zW90jk9}S}!6WtHOni|_$tWH0MooDHLm&!2J80ycNH+hua0QjN&-f8gCNukaYp|;Ni zExiajM{Jkmp!x4}_6E^)wkmAl#uYg>Vzx@3RAUz}RE~dlL9bD;Fm%UUCD|8B3zZ)? zuV2F7=Ci=Bi>rE{RLX@_>rbT)msg=f4)9|3ZGzTR`Rs~IO2pi?F{OpQjjv=wnX?43 z31_PyA$1w0!-(Z&m9xq=4D$jwF>>;OS{?BhLQn6la?8EM`X`gIt~~FeYJ7K4Oe=M+ zTf4v2NMmvEEh`ylScBf35U^yRqog(0(93LNG&t#)G;ebm6dqamtER@2Rv~+H$Bvqk zERp4%%&UFF=gs|Up`jVMRrlo0u=IYllplErw45~t@X-XJ0r8-=jq?zE#oP4@3biL-AiX-hHKB)n=AoPF=x#4+qK6yJq~rWJR@0 z_BdNH@HsQZ z{_bZ7)W4852dg`Gigb+1%9CmL3#(}$YMeUH)Aufy9pv@h`;cXr@hSeGiecNUE%_C) zndPzpvqWl2u};R-cu`jF+8V&-H9Cg1$dDU60m@g&&NWYIKaDFyw~{;%j;6iVBZ!spBNNKjZHkEbT$$RQ{R>hCMQjgj>L(yTG{grFptYWH}c zn8s{_AHxDu5T;0ZBV2tUuwL3VsY>`}2ZsjU3O2+g6j)cWa&4>@B8w?yBz^JVK+kfbrDm_jEX{ z_;8EV1!?D zLEy)P)p2A-oiAFcKM!Y4BfnawByT9%Zv$ksAh}J*@TJgQgeZV%lZmWpIPQZ^UX3r| zx~|B#s2Y^D`!r1SE+>^%g%S}`Zw@=jFD>Vg;$jBfju}^*0x6y#t@k4hl_WMD7z~&(iRT(TPVpkdomg7Yq4gDD6)SCRgR|P@y$9QARwPonCsNp%mGjmbU z2a;8U72%W{8cixrk8TtUhz)8;D;YVkx4cgEwO?ade*+8R*HEr|-9$UlRNTEfWiz(5 zuzHuSK8W+2lEMP8^s)VqYr;ubYvE9G&ecc$1U4KEQpVZb;rPFk^q~Ym-vxjQ?Ox;h%Z5FX*wk z(1Fd>&~%dsaT>;NE5WUcz{UFS*avP9Qv*lH{LQ13TE4Tya)IT%NI|;>K1tQVD(4~J=IYaQHVBTXK2bg ztrxCFLPUW^XVj^BKsK(6j9aFNHFVUp)nQW-K^*>VqxQqct5GZ7*?^QEm&9w#R=Fhg z*$-h=s59rw!dnIybOKCau$JmhV7&}&cv!>^4ha_&zR*C{4QpUC>U5(hLY4AP=mty6 zCIasS#4M3i-R7b$g)3u>wh|t#pZ#|xRYT$=Kei@Mgt6&0QWtd1#j>5P?P^|98iMn* zg z>&Y^d9+~ypLO!cb>9j&aW$LRm*A4tO$qJt*MIaFz2g;mwRvZ_va&A~pth;l#K$raC zEHR;2?xRbs6H6GJ;j#rToS#=aa+-N0-XbGs&J`T3AD$BjYPYZH(3Sj|NkIZb+zjFQ zUq4;NjKJ}xEGQODH;wET21^(4m2q;_dw=T7N=!SjtVTT&c8RpCmIz};D;MjZj%rH% zuhd*q*pL5gSw~AyBqSDr2-cl!m=HXA^6=o%g1Qoo$V@03v)oI5BG}2}p3&pBe7V{2iG+Jo zbgHBU^g4t97t6R0ddO@4lejt$#n{s_L!88Q_}jk5De*TRlW(LnAXrU|iVo2(raz3- zV~3u)=7ahShhl!2QJ0Jn--?l-%ZHH5+4Q{;wA!dr`B*l4R}kW>b)1b10M{=edZYF3 zDuU=uG(9J&`P)hCK-<6)dz%Us0_@^ZtQKvuyrQIxBDB9f_TAxT&RC1^xxa)g?q%#kkIbj3%oN zvk?)ioH$(L2rX8rr4Xf^HriPQ9Z)8|XH}tyDV9*eTOG0+#?RyH%*0KMZIqd-eH)5` zzPJxhnw9_&I&8B?af{(cvSG>lfY9JZfwAU3>X;2ljwRFCw*zRnfn`#H5Q?~zrGGUe zhldbHV*f|B_@T|AE13LsDw1xN0M8`Sp-DDS=H|Sw>K}t$A(>RR8i2MQR}6JfPwo;> zx}Zz*uZto((Uo+uu6NjEEfN6n6Rwwk2AqAPebBzsWA3kd{MvQ}TuGjYK0!e%@FsiOD&p+$T#w4FQ%x+g z3@F;?%U3^*h85*5O})ouXf*Wl0^J7WVVeh0C0$xhYcQ%zqf0h+oF*bzI_Twkajz3}!? z(!Xgd1Y9j)_9{qzCrPa-xM7Am?qua3e6aK-{jE#)@@$Fh2~yVIw6M)|1!*_ZwL%dK zL_sPnS8Tot-*|F{R<5$sY(tAa0kfF;-MspqyUBAuL<_g|;?F0y=n}$cD|ylSeltA| z$gIxz_-wIq6i3#H}2h9_oN+VIMiyE5-R0CUQzhemZ4tZD{e_{8(CJtn2ti&&2()R6Lhe4AASMHNx%t|(CVZs@28#-V z?dhyrxKQ65Rlf>+(M=VdEU6~Jl0283X!?aVg>hV6-ioj?YU}8ObjZcwwsegu z?C2UFiBgzU?SDC=`;^| z1HTMiq`Awn@`p@4_2a4BusQlOiI$n{59_DoO2o4=A44eCmr8NTevJ~Yd?Qw zWTua{2=Toi`{L419;9{RB6q4@|8rG+yq`crMNbQnqzZI71dWnBlaAlCsW;3&*6S`z z{u;U}G{eb>#v@n7C{;uMiiWj?&M~|A0b*}(>xNWW@RU1bXwvrFLKl$JPz@z?Wi(@CSoE9 z=k&j|`)XYnQnXHEo^DU37qn;q7l5fUlf}EqVnleX&M4QbFb_MeVD?k-o<-;`t_8Mu zeFUFKq5jim%Oc8&l_w_>khTO=lcGDtIz29Rl}y+G`29W(xW zg^IepkVl$KpSoFf8=4{JeIESXHx{fVcGI#5R=2xy3B_HoxAt%NSqUR=-<1oJKbkGQ zFd*7_K+N&gN16=@L_Rf}Cswb9b!!@hIs9Q`;nKFF`kfjTkH7+M--zhMvdbcJ#te^s z67#L2WhoM@>LT)NA19gOeruPy|FwVI?CGLOSqA#^T!*=>r?K9SCNxB@< zT_9@(9z<=>g8W1kLu5?Ze@{hRyziY9_sNGNofOlqN*<$P=S*5F;k#BJX#5nvINw;v zVYXlXMzz0Rhec^{d2m=o1M+uc>Wg_{Lw6Upejix-t>2=Bdf8PHw}6XTRO&+p@l#d+ zEL?g0WxH-6@#*8D)YJiy78aVHRNiDaT+`A=BN_S7RIr(mjX}n*!j-Z(1=QsD&LSGW z#@}7b8yUOoQ#IJz^cpWA?~Gj#9WI5qost6oUS*fcIMf)x=gd|68tqjWC0pc8W@~o> zcf~8tr2r(`IzdfVCSBd~xm6!~u3NaskBDq0`rMWeTlwbFx=x?HC=JYFruq4#g=kJ? zoCuc2pT9~8t*=GvU;ZAk)s2}j?d)R8EdU?w@{RmSwKOQa+H*IC`)`J$7m)n+J z!fIQ^c5H5Lq-D6favjPTXrQyQkmg|G)SDoa&|8$euZP&jrq|ns<7+A-oEbwpCFU^k zL0K)@naW`the~~tfo4nQb2dZ!mNriX!|Llk``?qWh}_!{5}?g?s5p>N1xtlj8xsv4 zSJJ&Rm@O^cDKsKJ{sL-`OF`!=!um9>#Wv$vII+;A6@YBoKBdyG0~^fe!3(|d%lZ@( zTPWS=^2Gxn_F13Vq7Bx8L08J02oG(>FO)Mbyee_2*=MWqYktH@iof zoAUlADYicXA?3C|v~gR8zi}O75S^+7P-8CLrwQ+R?7C*1-G*oHWVtNBEM?=hm#rXy z>o_u#K3&+ik21$W<9a~*LlkYG&u#T^eB~1072r51RmI`OgG0)2O+j-S{hTN-wEhaY z*i1vPpOZ+-x*Pf(RoPVRe;fZTpJ7%%@L|1c6I^vZ$P_&@&ym4}?DegDy-^ga%>MD+ zc%ny3+&sdklMgBhzSFhmIZ$|18R}gsi^ZJ))$5-3tiTlnanYIe&LNgp^t$Ke;!vV4 z{g}>%PyjEiqvFeAPmbgJMb~d+GsSSsj&8Xvt^A?+=MSIXg^J-R<(*3W<+hv%K-&IB z|7rW*svb>SHfY^`(;Yd1mv4G!%}regd3ovALB(0dhW!WAIPv?tuj{{mKmNBYLp$M| zw?sRfEvp%Gx%~%Tg8bSKz{xSk;I<-L((t-DFh=LPU{2Ep6vnuZ{W_(oq<2nI7g4Hg z*;>SBgRR8W)!R_gs+F-13S_#ow3xB1@`9}YDgH#xuaX_V1Prd6W3dbMzRe51fuhN< zKCF6Lqy)%cEjOAsVsMuwXW5*zNVKM{;Wn3QPg-?4lEs_zyD0{jRJ0q5MV>-n8p_Kk zUnDsXvuR4{Tg?32kO4HfYwMZBYf0P-9<~kYSSQw{tjDlED*(uPTgi2Y@$tIZ0g8I_ zhk?2*Y`w)r^&BdAvc`4bM*3)W>~IQXHDC3p#YH%1;DdO-VWa6c=GiHKqRxIic=w(5biJcA}`JyFfbk{i8>kf)) zqI%uM1=GtQ6;7wDpnI#~7RP{hs2fTzRa75^m_#RL_u6!@DR6N2TxTkih?CI2(T{rC zWYBs6UPGrEkzo!|8c{RZ_h|`VLzvT)sobn0o{vvW|7eXvTe|iEp9+4{!xTfky-x4^ z?c)26u~dfLIgy(zj@8t!m@NOP1i=%YzLlA?)0h7N-J4r&%!dqJ^!^@P)C(p0e#8-m6YW7EUJ6Mpp#kZ*zXp zpDkWGdq6j9F4YC<4DoW%i7#`mud=?mmkFvp;=IyYjTIbpDw{xH3x_n)> z?Actvjo<9x!?F7r?pkh^JzO1z7u;%)HHvY70-#RCPDUHf-$|5Sw1}6E43(VmAzLnO zN=kQo8D)!mU6FTA0XD#et$)Ub>gW9be8*ZD2jnuQa@BDloMu`3E{B~mo1RKA>&iOE zAQD!?U#iPr+)_`PfkJkeBAHkkYbx4Jg`QoqEZn_^vtt!CsrmJxG&^6dxpjzAeoAo= zKgxHu0qz5Z-MT7A>J&-zVtTVdZpPwwCm9>~N{Tp%RlGPb8qea1)20V2;4_<`ejMVN z8Kdq$;&|F81?0<4B&>fwTZRmU2YY+>IO`p4$k^J02;u1kN0Z7>aRxj5>`t>e-=(Rm z+hPH6quHZ#JQQJ9DxVzbpq;-}W6zEMZb4BB7gv6p&L+}X-D-}v#P)PEEf^;g@e%M( zc8yUJN4-(2l3YIE-6zP7t{DmPxx?EPljG&H^f3f$F`2r}JU8)-$-hh4WFAPke<&ic zm!dj*xkWp#aOKY!*f!|?3)cwRZCR{_^~k_jb2$7uRUo9G6%(i2ML>#4I?8H5#ap0- zoM>OZ3|oCMbL20bsynLo{I`nab?-agxE>gMVc+IJOkLp?243*$4%*T?#0{z#egQJ% zs?=g99nR!KnvuVR4p)ODi8l{HPas2C+G>Ys^6}&)lvqAz6}?v%pn5z0amN(Nbk~rV z)%B);MQb3Qf-cV3blHj6GO&j*s+Gj7Zw*eQ`^ zqfp9HeV;;4O7gN!tRff{k^a^7#Pr$+uQrtynu?+1P)~a2A9P!*^%=< zxboo7D8}?EejxG$tc-t~=NfB6?&qQizN`2F9>Pg#=`+-VQ z-^*b;Ol&M@8MQL3LRIxGKT~Q!EDOU7&$+F73BbX1(mCHWbAPe;F59k`8J+u`|+_?BKWhz9hyVu$bco<~0-jwcgl|#6V@dj+CnRP*Ng+opB0W999 z!wcinDr%y*xfy2G>$Ma*Euo*;Db=!6pbos^dxp{*k+VanUJbQ;$J=@WI%(VAUYJM_ zW3rMjR9Bq)2=W0LRbC&*cEk~s!1in8gFhKr;|22C+|EI-1Y`f6mUZdIw&CdvE;OdL2Qv{jEv};5 z$~*JZ8)9L@-KQ`ZE8!Y(L5g9l2v1v>volKd4NVx&}j3-=r09~zN0g^`m^_Bhgf zoGwAmx+2T2)pW}HBa6Q0&OSMJkb7roX~JAnkP>#fto;lep2PWAyYuc6P73P>LGzIEL1UkIyhC zMXBvl>Tb7p-xYM>TM41Pe52CxyTW$=#-7*z1N)(uT-SG58`~+|^w&mEusj+ik`fPJh^63Z|?ku=FG>d=4+t(}yvEp-_Vv}^e_$IU2R zy7rghF-8^5?0GY@>HIWVQt4&OdYDvV%>9%+-FB#yc=ZrqdHhm#PXKmssOTfjo5wKG z85=%r^gp-Ykj;%M+udQcLpP{4VQ7J6b4a`AMH}GF**?fkKGHgi3|{PQtM8#2wh^NU zF4}@kPB>Pck?S@W1{Y%UKtLo4#9IjF26gj1ZPSD@zx9FuEQv!LT`aKS2%ivI_#A|| z7!EV2KAWg~t=-`Y3?pUDxo4!LmlPq*8{Tp~;=YIYRT_H3nYAUDBAwe%wUqv{Wa8LW z_c$Xl|CD3$cl~I8yZAHHl1y(1?C)Qp273jWPf|>6b15X0(HzWpUHf7{LT?gD=ZJ7&wMYhgc`EKrc z_Z>Tx3dJfpNo|+)yTZ3kRcMk@Eadd^ooD@o{E%s^O{gUw24)=EVbNh11jt;;_4!El z0h6j!5=?G#-md0cHML3QU~C7w`G6g}@zp<|%O(}ryB9^*A!@LGtox&I?y(kzOpz62 zgSenimMZ1#NOzcn&NrbO$B*jekS$U4Qn=Zd8+H+V&xjQh$#|9fuWoR1L6~W$B~XKm zisy9Ja{HBncORtUS9dbH#WV@ecsgPZtjAP6mHhRDfe!O%*6-2`)>`eKZxx9nn;B?)^DY^= z#@*2^rH0!0QU_>5UN_n2dbNn&(=&HvQN|+Xqw1)aF0;v3%~|fTmAdpw^#hgPmk=HF z@rhmDydwh1>=No(3#nIptK0i#bVEb5RStxwsZQ!bQp?<7l71W9y5b2VVL1lwlv1(R zYd?SCx16{T6r^|Ei2fS~wqoQ`M@Ycq(Vax|v#hndkb}!G^4d({5sNahe3T&Cq{Gjb z?Krv-#Oe5xxNK{mY1KAgfy%}tC!H6P?iB}_8nAAzgnqyG9V5d&yn>6n0D+AS$IUj9 z1PZ~M8Dc25GFjVn5}w~+yOwRBCqXcOY|d%opW+IJP5vw~GX+4vW)A2mrdXbqrqjXK z8NbgY&H9l=v`wuS272nyR`G>xzf2p@8yT)!=`Z>z5z?ZHpTPuzEn@##L!{J5l6q3v z4)#5E^8+v)jzl{Z?TH;m)FbO(F1qi%9U=*tren^RAcl~7OU!)Htudw;+v=x)mY*st zN9lp}&E5F)EFw+k zg_<>+9^V2zncS%RDC05m;2i9fjw|zCtjrR!@*syWdJ7IN;$9wZR0cVJ)m~OBV0Opn zG*AsQlkO`|DnFaqVGVn7z)Y=qUwDcTY{VID6OM0uJx;9E!F@TMmik(H_%sItt8=~c zM8yopqM_&5SO(3hFUtm7LbkEx;BV4=LMKz{I!v~Ws#^f<>=Egs z69PG=-ully-)@IbEB((s8e7*B@u$Draqqj*2u&_+xfai+(%JW074)BV3GwLfO^FC@ zUD}W@IWFJKm(Ibj*eTjEIs(J z0{7UU=}|Bbf6#0r4v`=uSS?iEiitdql#jZ41ujP`#=L^K6kh_U&F1-j?e`?C29U$7 z9C1IbtaDCre_|n+F ztKttVAYC(}YG)xvo7gLw)xdcu8R)CC_*6lon_kY$9IM=C9N6GN=?>h6C2LP8DI~-j z>@fC``rsb2wZwvz5?VgYiM9GCeN#4Xe1gw<^YwpU!d$VAY7ZL#OpI#1$146kZOEk2|n$lpP$JLp>+r~egnu>&^`@Q33zNDH>i(lEH z>2PK?+F?$N(kGR)_V_F%grW!9QBEE%0fZ(?&xNd^suNcpW|N# z^cfN_GYyKTK|mR%)Rmz8JGyP#6Gf>B4#LZadLthezr!`uSvh})6cD;OWhzx}WkKn0 z#wPCNP0pWSavSQdYB$nT zd(HZswLY1GL_Bd}U&SHD6ea6HB4G|AsADH?2e%;Q06J$uQ^5stecG1pa9Bi!luEwo9fRby z#vgE9uKw#RH#d)VI6&vSVHwnPh#$ZvaMwa6JIE-ZKn5tPlZpjzLadD3f2Z{CL6$K_ zReg6zuQ`bIc$NsJy)#%kSp+-xUp5r@E}U|u>BMNhkhjUlft=2?IhRy=Q+jyS_KDu! za;{>4XKg(hV);<_FNfauxcb&QXqb0K)`Jua%^zSzV#O0j?#`XxhcowN)Rbz&_n>I* zQ^?1jxgX8X+?7xcAz%1bC|OBXktfY+vOG=OW|5Tp+Nl~R9scp&7fSpiV8S(l*Nx(o z^rl(kn$I!ZLb~f-O32@>Q(f{$X#^vocI^kgT8njFGn#Uu#&fG`Gr?+P=(!(Ub;YRTmbrQGGH)|DI^w_aAgG zFyJ%2+%7J1GWM0mt%i&c!awyufsv^4$f7&N$FZi}SdSUWAEqr~^{cUj zJI1%!#x|*YepFo2e_CRvyIx{lW8j(HNt0(evof)yC2Y{d$f)Lt7}(Gs(w72uvLGqr zkIVGh?maBgXgmfznOsWgyJpB4N@x`LtE-GUv%<FaCu}H5-Qvw_^;4r9q;50zrN%55+t!$$ zmvkZ<(}1|Jq1dO6C~{3f!;|n1vF_+c(nCx7pIGNH?QkAv&vzveWaAT^jdQlj=E{Q# z=212pttHWWOFpM-?uL#(YzJ(+6V1VO6R$@)Ty-#tP(yG|*-&!@GVMvwj3zk9jjQzx zeq~(5Ojvd7>H#iwLrSO{o%gV3FVN}EpfVYZWP#4EXzxOaxt)2MAw5j4tG6}P*>oS^ic=4)cvklx?+O-@ybn(v_db#0ur5A@O%wM zZfeR34B)ufwAXJihXweNKa+&z5}1&YQI0E%|EXuxN>2FGuee#a=SpLVg=xs5$dAhD zGs=&Qe+xEZDs~C;Cmo2>a^8N_A)HPE@TLF%VC}1d>gd`vAwdEJ3&GtTf;$Aa;O+!> zcTaG4cXxMpcXtTx?mkVvU(TtTtEt%+RI%CY?q0p5*ZUZC7x%;&IubF;`;_z5( zCk=n9o~glHpl!N!#m7$^9OnCP4N4`>y$ zb1bq7XCv9^H1;!fQ{;nA#^=c+9h1~x;qtSGcLJ*t1P!0~IyLh+JibNErlV1?Hp|sj zeHz%J3nRTY&d+(SZ!--H`6G}(>Pw}OaUuL&al~cis~Uo46V(-4-kC$rbYdkTf*qE*b+ibOj55P{Ak$3^qF&bPPMlp#)JUNplSn#GeArDg2_}4 zf-B;u&Y)F;=wW>_a;lzN$VgAIw4vBosQfy&P{58mK1z8z-KFu$FkDSze16u)kHi6` ziVXFlrG%RFin-7o$Qw7cIrx&yPep5aHNUNX_vy%^w8eJ=9&NU>jp2Y$AL$>ZRblNr~L`MbVs-xiL=VH{gAR<>4Q%N05LTS;aRT=OQ`v+9oW8cz~$jp7$HfcySQ~rQ`?TuIwg~qRi zk&TgtM(I@!bSvp`2Fsa~d*?q?g&Lt>{o+(_MR!^SSFMDi@acnAe3#7t0iZfJ0&z`Na)vp+y$lz~Z{SU?DZ>NIa#LGf(qX>7bn+P3z zRw%2>Q6yb?tlsR4ytvdU-KDPG4;U9`OIrkl>$2Ej_Vz7KE>2O+&=v*<08!wkKa`l; zip-V>`^oO^yiVLr2oYPHO>-Bn${q5zVWDz&K})btih5E>^M#dog`li6c6k!M88BnX zV6e(qu{%}u?a4eqHZt*y7#@7i&+RkO6-^T?!lo{qRumOn7rjzl-Qu*A*bCR&4Eq{e zGH~#bFd=x)8NN}=B>H2q3ouXMc9h;+o=pR0^=vG=s zuJH6edNt&&cq=7;p&}Mcapa`Mw82j@&1@lzE|;Y2Ec3;AqDjc*==HH|Q=gRTe%abK znoh)ZPkcZ>Vq>kGn~gDChIQlN?F$;Khm{OGT%iBPN&mI*p?^YJFqm69gDs;nkhC_H zXqcR)fs7jiH6-j)_mRQE9CU+#1@zP#5xj}<0Z#guQx7XX{b%&st?urw)*F^jgmE-5 z8q+p>xy<9ECp}`H8oZHwVIUS`BQ%iu(dxS1IRQcqn%FfY04uWh9ty&xwD;O5@V&lM zHiBBC%aN;q+a{10YTL&*ezLNYsMrGbz?`&s6!0Mj zHSv>yH4p^&{N1B^rC*Hd|4yp7k7d*$(bQH_0PhnG8w;IS?T@0PEGFaCh;Y-R;oM4k z9<-BgU6ZmL=^2>Wu-MKqz9*Fd56gUW!X&Ir#sGHn=x-}H*pX(PQTiRl=lytMTqD*z zB7KJJG53SDFR4OUd)_KORCXRw<7On-4P^a_b^lPY5b*iE$DSRM9ePlqmJklRdZ|EtEZoJ_=r6KKLEj^S zsk1Znl}wcFK;62mvm9F|y$ygrDR$*eBp+w=N~@uApR1IX>E-;rzaFpGXE)PHA2aNO zG@i5m;wKWS+C}LZP6r0o6-jWEb3 zPTypf%TL#v;M$I!|JKPE#xEOtGE1` zBQjfEkl+A2X}p#?CT@NKHVi>0`)AT#K;XZFqAM{_F*7Vy-O_6jX6MnJLY%`I;g=%z zbqW1)QypxKlwK`{lv%O8fEbBtp&J>~s;kxBZ~4cKZ* zF>*D?$fzjfNxc@FANeBDt}D4vI?A!kX_s9E=A`v!AnIyJIM*$A+@W%w5Hrrl?~l-n zY!B0I)#CdX@yn%VBS~3sT*S#`BwutdZkDr0XtRJEHG{wrCxs&=yr!oW~}90fOH-udJV^y$&GG zloUB7wLve(&AJ$mUb>z8YS1I=bSIl-<=vw>$)03!tj5$K#A zA<)4EvHN%?jJD4U3gQkey!??6r9x^!Di*Vz2Et22V4VWQ2}zT;NjR?s`U%&ejj)C8b{OemGi81&hoJEC)+R5&yS;XQGK0=$vBYT0JMFYzWx z#mbauV)&ozr@s^qFAvbaW)c7JIj&*;v6%S#TZY#EYX;*jJAhjjUiYesyT6C(0r^lG zNw@~7-Mtj*q9EUSD#y3*Mll!VDb!p_xGkVkcAX^L4?#~Q^5hN%T@R;m@|kHUj)mmh z54nDXX07DW+(yv&?Atp#bZ>o`{iRm0Bq#&fI)eiW@)Sp1^CNeNdT?wu)VW2r@5)9?yVEWPRRV+>>ip+dAAyQ zdz{T$3MzNs>36OITL%mAHA1wl+kc!LN|Ts3*uMzKb2&o%u45OMTmKQdgsr4~vh_P# zlpKXW?FsBXMMq7%*`pU_@flpqFC^hOgb%9jG@eu{JP$r_9Zd4k2uLbun)36U;$D56 zkQtLL@lKOp1Ceo0i8LcE(^fh*uCHLgnD>{H{JHie-K4ll$s!tFStT~TE(Hi*5yf7b zQc$dT4fM9#B}#6S%SRJi%Urg+H$GWiF8x(i8S5S6@MjKxNx~<)-q7H@bFcybotURV{h}18*2)Q#p5C5-l+?P@|a~pv<^;Y zs{?}zSJH&*&kddzWj7&q{L^*oI*hq&QoY|u>Ql91A zQAg(ns_PfBSVfKqC(%zlP(Oeya1bp%zvp@|vx9rqpfFBm1tXr0?aP-rM*=vZK73$z1HJwsGgydoY|hvoV<4BeY?v z`WCtHEU{iF$DF;bac|7AxKNK#XM@@=2->w(HFx4RME+GE*@PBO=gYrus5zF8Kc(br zouLo^ZM_1m*1#ZojwCya%FU>~nrf9MrlTx?>YL&s10E*@{id^)U;W^xsYv#$>R9KE z_UpVxpmWz%Q^s-+l8*f^Ulm^zWjvzU0h6XF!x|Hw+>}m$?&vR0FV+b7E8ybF^W+F$ z#qT9+!UWL}^6R=9c9r>`khnUrdM=LUGsYKDfx-Cas%!AbFhe-GnACBN1eq5AKz1X-{X0W`c{pL>Cr4_J))m+$Le z_mm zAP;tF9uJaWiPX48TayomPv^y}IPiXL=X;m=il$V5ot6=bpBMUpi+bu=OJT~in|DRJ z!cCrvw3hTJh_DzbSkZ0q(@qI(uU(KsRdmUs;xhAV!{h$6y}fWD8R8z>LPj=-z^Urj zlFF7R<5gN@bwfhe%qgS&GHm^*SBsb(rnG3Rtt?0DXp(tnMD@CE>{qi$v78Ap2i{ELq=YFC4Q2s``Zhe7(YQ_Dq$6idxGPKN z5Xlooa;Gv(t61WO%6&fu)P(=~W~vYgISTMLVvQ~FiEhYa{nUEtgrt&&Y`Rfp9_1^) zINcQwD=PP@mC4Tug0mIkbJdAV8_4o+)!DLamK4i0VzZpD=I?Fcm72(eoQF2z`Qeyx z7KXy-rVzeE>$SZm&N?%QgoE(04&bHLu$qDFB2OXEs6@yqF7=GDDE4gZywh^Uwz-=D z(KuPi$S$rlKSJ_Tf4o*T{PDXsr%u%vc(x`i$@e{?xGd4 zA~)G$JX8T?==yGrWZW$k&86$0UC8XLeZ~Vy?U^3o$g#k|OO43op<_%wuY(K0 z8YZG4L3A>$v0VSDO_Sz>kXRFtGDmCOg~(0cysmH7X)hj|gKl)G)N2T_Q)Vla;o$)} zT&Xb2*xf|1aJi|GI)jwI$xZ}Dsm+TWBHIQcEy!LF6_jK{y*+PmdaB(t9)vrC?R};2 zUR`*QQtal#IJK~Gc@9`f$+~017dU&3;-8K6THG89U%wByI9PQi^Zk_D%->*6A0v(CxM}jFpg(H9r&Wk9qdnP8 z8U~8fKO9t%-K<`YC|8cW#2*h=kwOkCUP(oh_H=LEs)yUh>9C9O3OG~u+*ohC&X?0$ zZw3A=T5)}Maj@f*SIOe2B6FCd4mpP2dahR%rUXzA6C^l^TIqDRrm|BJWMm~FS2zcw zpOO@w$uqnSww@Hca758zKTd&1bd8Lb;E~d(KHxKP<4Vqbez5p|otXjiK^r8?|DLnT&N0?##Hx z@*0wp$M&51gp4k17;LGUxk}$jF!wbrJ-?08 zD`jCb4&7CPByDr{%`waEb~x2GccR7(dl3?wHF+0K6G%jJ$`?cXo`@9eK^-?1;cJ%S zI^oLc7nkF35BhpeD2(XE#heGPU3!LzCet{*^Qrocm1<(LW)g_aZZF^seGtqrCyUGY z+@}J|P5IaLGT#{oiT8n*ztLV;iobwVq*tN^JxzD{H1YaJXd&)nA)_Q~wf`7wXbp*! z%&(BasO4h$;(@=>Is(s?3R|_&-Edwl+x@7BT{^VbFv_8mN_;iBsy4sCJ@$iHaRvy^ zVDV;ZYpw_8Y<%RNC1e}t(if%Q*|9k%5Qwc0aSHWiS&?b{V8^oseS+3>TC?CO{97ej zIP~}SqluqCpXg}Byp!x?I8Mb5??dif(vuc39UL|Em04(0)NH9nY0257$^Hc0(woT# zfp?qQP`T?lGp^DRT z_Pw99`>>@2ozOT5flF31PqAPf{lbRtHv#BF!u5jIo>0O1GO@HGo2}v5IboA9#by)up=R@i14GS{-^PIXsO@xsxV^Wu>dRmh&uz;eh-TUeE=uj-!t z1B&G%G0SR?RS%JN{(=BXv4Qi)IrUD^PsIlz@g^YcYvh)%C|Wi@afrK|!yH0H`d7?+ zPQr|%){2JUp{f0JTnd7|YtgLpY?JnpLw}LK!E2Jr0NaO5Sc);!b}%h*s6=!W>MKr% ztR)o-RZ(csPV|`}AtV01{`Br(z(7wVQeY|`k1|1{RiAysBOMFk_3{}Ldb-Gp)}Z=o zZcL^tJ`uv!JG%0*Fm)=mwU8hf=$^@sCU*F#miAKV53-1M&#}Lp)Gn6vjGcuS+y*?F=mt5PkU1ei~}}h6~nzwQwuEAtM$SF6J+Np z|F#blx#*CS*Zu+aGFjMu5{;CzYFctXTTlPn8&d8MLwBTX#ot7du4 zOH8?94{w8oyp+!4g^;2JgkSWx^yFyfYonl~@qcK_6SQTG@~Tr7 z!u)!xLp&ucMbDs>FwKRI#Zy2k-MkO|ML%&}e<{hD-Uc!cSYZJfT0ewJO$b-a0H%XN zmm-)VzH@n+C;X|lo$+~&m<-Qj%4hzN)847X>0Mu&T-T-LL{5!+8cbQ%(x=>NVP#iI z6d(oSB{2@sWaP5)XYKv4LfU@9-z)>S=0xdvgY0T#F}W>~m->1Okd8K@p~uDJmf1Kl zGoD@{g3qP~Qq%d=*)>3AjCwoFU`EG=;PQYDYRQAXWf|mR45%DwsLuOv(?pmRRKNg6 zMcL@J;{aTbF&Sy?tkJ@)kGj$oQ1-3rP0Xeysz#$92Xax~zQ4dI=Hmz{WphEwaDk75 zJZyM9aU`Nrc1Ob{M&iz}*CRbe(*9x= z?lkTP$SVVeWSF22B4*A3jM7lRV;ga%eUBJPRt0E{={B>kO$m`Bsb1a`3X_6M0HAv@y7=cEzYI@5r3ooZ?;P5OrRf}(D+Zk zIaBI#QPYKOxp%}8dXJ*W=S&poJ?EBkHCIS}rO2eJy%t&ii};GA`b19~f|iue?B!jp z{4^xle)RRB7u(P5D-nz?(7WmTZd9z1)0;WKC@Kme?EG2E7QGWS|(nrVC%nN&N z<;<{pHk|~zxk}tGe)B2wOsa%_6?Z(6Fh=Id8>2Wppi>;Xl>?angDTLRO&mu_GyUKI zQbndkI>G*s>vv3hSe;qr!(LUpo2A9U#J0c6RsU@TnWF1ODeCXiVOP1P0nIG83PmyG zgZ(GANeOYb+1`Tm`OEO{r=@ig!v}p?;JXDY**-@}G*N!xSNq(BzP83H5(8~tusydo z6|dPD>gHF47!lqR=YP*CVpp3aMdwR0X@g0b7|;bVQJ$ICbEf4S8^jSQP%e;$oF06AM8OjUrDWb-Y}qBJju^%ILZ*IUbAn6$mSdAuk9Lk%#P_$)_X8(|61pj6bs z%E3Fu$zOjaE{?lD7n?c$YFWPj(kzxO%XSl%8r30Bxh6NXl&0Y{rlx(v3-*rHa>LB% zw<@$#eTfT~BqKz^xL1K9#Y}lL{b8BCYv*JWxJ%H)_eYe#H$3T@$MQ0b28<1HI0X>{ zl!x+LC#wsE2Ba+P3`e`p7vrfX*ei+Ohg8NE;zO*eD+59ys~hPb1SjGc>#J#mPAM2w zN&|lMm5oM=|AeV-DqEut$KAU}RoNTcK9~w~AXmN17c}{G@Y|=XPyKD_c(Kk|o&3|$ z$b(dYY4xOa<_GElXF6dIJw-a za2dKS2yai9UM&+de?-HE6t#I@5{8;cZmsKHmAE5!;u_WW&WITsS5@N%!hTd8S!B*3 zW9y`pcXFaZsGwo{k(4NiPC0* zpVr_e!e7SD>w0;06bkr>>)Fz6gc{YX2-6>1)dMGwbO8S0#jMF3AK#IPk-8`!NrG_dB=v7#S}%P77uP}nQ1wWy^Jsh*Nt38QcbDbk_sx}UBp;?F&*Yt5*4Ln&cu6& zHHK?FEFVgen?tjnPIP=&aagtEuezopI9MsuER!(<-y5*LiSw7#Ln4#ZFMU8=!=7Gf zBEev0smV4(z>wtF3cfaULr16Qm)YCJ0E=d-`@IFLQnM33ldVUZf4TGn$)s|uC+EI% zy>$fPH>E-{47!)n2h10LH*CFn#Z-~m634Nr3$r#Y~Oh#l#4NFoV z;X8KK%Dh9%f%Se@;3OJDVA`{6=+D$pt)kQB7ZB}n-S>N3>X6oNGx?O$6i?n|jWFyW zazYSpJm8^S@1YLu&O!7r#`$<~+$D4teYi>%h+$B(L6sO4Xx~a;lpS7u-F_LkLXMW~ zdm*x>h{7AvJ_GZ9rya&rAR^%^5YSvnPLnC&B_(zwAjWC} zYldKg0OPamEF(B?(fHFKpI+qao&+mDj&ScDG+aW4N{X4xDF0NcHLAJxj)8n@T47Lv zJ5lrL@5BnliOc_CCbal5_6(-wv_iKs=PD4On&>I&OKJzPzw;7)tcov@#@?0Rd=R=U zAPj2`_Fr<$lAa2#EMs=2(7|vzn*d@S*ghJ5^R!?4^l_S}@q5Qi#m(bq?62E6UOo9V z`d39X=CFf;kC1fc2F#P0aJ-qBA$L|XI($E0RUZmEm4w^j%VV$wj&}b7c?bczT z;$-8o>O-nrP;7MC=|E{FZVN@83raJ`&(Q*VyDox%?5!Vb!g7ZRh$TF?GZm|>!NSkN z*qYTIcj_GBQk; zdjv|F+aySe6>}LuS1RoneDlm-XlP=-356Ei+np-3ciSP7=(COGlzcmr3UrA}{T^XQ|FBiRk7iRllSL@d zex6iu&;t959mdVzna{&12fmNjBee+vttwcms z7C|cH!>}R)tV8!;^ho)9*c5E8<;QL`)T>+5J-R959j%8e>N^cn_&Z9XckJJ!f28ag zbJI22_lWkD$&>st)gzlQl5-)psTNCb)y%ccb56j^+1vTHv_F_Wb%0-b_macq6F}%53cLK4-f31z>gS;A6vKoO>21v)Ry8Q?3 z5lXesMarC-@nOA6@yYLr`B@i6tlEp^9e~A0CL)mIFNi5ACEz+|1Ym!-N*qJ1?=WJl zA69}pfGTo~7MwYwwK!NZdv>knUP-%LUw_7}JNu#`1RCGF`@JUmI5%Zwc!-T^rru<% zb3?>jy9(Vt@wA3gRQXf!%_Vp&Rp5z$hf8N1Tj$o{Hu+c@1M3gx?4|HZMHyLGgc3(| z&DlLR+qBlOcEFc5Vz9{UQ}(Gop_!vyw18X~rfqKul~2URtm<$?=D=0Xb1YJNSyST| zQ7Frigvt?j(Ld^Hzpu*AaPqsEXG&k-b_xTg%1Fhl^M!9*QdHzsf@O6@k31U5s`2qk zlgm^N+us%KleiQZ@j`kU{!NTQ(@YeHfkl5V`@vo;S13MZM7ssap_6-agD6^QNXPdB!!{^GrvjN4P?EP6}IoqP8m%4Dwtd^x$ys zPg&}~mf14&eI;Dvq!ag}mWZO5$AJ{3=f-|GOr>btbIZfBv5PO>G&%b~m|o`!;N0RD zkz>!)gLUp7cMuPN63ah;t!yFV?|G|a`Z?0W*alwL;37kEnP}P~8vv`_&v(<;uVv28 z$^VhwY0}ELJETbDQCucOc1iZd7M28X&pjPR*VWKhX<4aT>~Ial3Gw!l+)&naRpSH! z(dlSH1Mo6;aKWT57ywgDB7F@61-YgV@IH1oqLJ$g6n=-(KtRAY%)y^qH$WD!0719A zzX6B~kiCA(UeoWRPYlS%-(R8=llFBd6rdsoKk40zz7aagH4Q&`v$|^QegXmeFU+?e z5xX>^4A5Uke=eINc;SHm|AzzrIUnHX#Q)tr9#6Sg1Itb_F6roy0r*q}Eicwz*f0b3 zAIorx&lV*TQf9yvgL7gHC=UI<+8~DeRIn`|k zQwi88`nDfIFWzz01(tu%Rj-#}u~wIQlh@)9TvWpLF1KKh^+(o$=!f5gB7l`IVZsDp zFdr&K3MuCueK(VznkNiI&Ss7!Uzr|KrvFP?Y*pR|l{ix+p;C1Ug_O1wQS3Bzu@$3i$Spk1PW-Fave8eAe02sZ zlGYJGUcHRWhBj|;loXpK3iJusK-aMgmY%!urIpF`WzB%+siIBrcPyePe}?YX|9POc zOr~*}h#;0-7+7w#8?|2bq7d%BIGBHNhoIf9~}XaB&V_64~e~s3Yhi&{ta}pOn+EKfMk0bEGlJ0tsvF1DdaYt z8bCk#fFz3$v$vUoD^Gt-jRncZsp1Mm753gmeKs`N1w$!qdiS<|XiGjA7gr&TO`9ST zQ)|tcLN%4?B|z!JPI{_l=7|$)RfH2`mPy+@yHPx;Y9UdRoy9KIP*n(;(w9UQzmq>D zm{tB$oWkJLB7GTzB>=!mmm+2N8&QtNb{hU$cn>z&niz6YU-`=R@p+S9SuFHsS%R>& zR=_~^vEK1wVDymI6j{Pz$V7BB*y)xsM@q6KR?kz`_Nv~@-4{e>UCC{SpY-rL)%!l1 z(~X#nV8NE=G_WM1@D~H|MYQAOtxSiXb0J6ncfdKPn3)HeP{V)A`hO$I=bd!AmNpv( zPWS&2Hv%5XC^ow44e$EJhm73Ek1`Q|Bgp}l6}`9|pIBX`x_VV9fXg@7o!TU#;Eu)y z5fZGL1-^9lJ)yhP_bv&8YZ^r*Iv2Dp-n%)-t6xM$#Gyk*N^#maIFu6>-SznTFx{>!Ng>-LwtTYEUG_xNv*q>eofeky_Q_ z&2(Z{5HHPaMJj*Gk;6ok&stak$ED}JId-tM+?8qvXm}6 zhcQirKQ_cTmQQRcmOjwoH2I@qP1cbZKyarcH`ey^>f~bh+(9BH?v;MO)&@0)>TK=+ z+r%R|n$@9T+UKUkhl{d-#x<@TZK$8oatWzGwxI0%Z7%ZBRb^igJLx6;|JFxv}?jgKbt^1Tm&!k_Lk2`RiJv;mWz zvQYu)ARt_UXxTS9SOOuKxI7-uv~QQR!yw1*INWYzG3eI}Z;$0~O-)O^r*0r#fHy8R z4xFSL!v2=*@V#g3TtLXsq_z&0kE5DMXrt|SBjXU}8aQ|+a7H2KExccJIHl?nyAlY` zG4(~8v^a?z*+>eWh`)ULJ;nwAXZAlLteGL7$KlTNCGUHPo;nNAukoKn5aKmp8=c=G zkNqhbk9x2h6xYRa!^Y0Xfks4~ak|uF)uCs{v|-?vA?3AoAR>VKLOF}Kh7fOiYUwH7 ziH(jD80tMB+dz1d!zxl~;^Wlt=>fWzn>FRjLVKL4*pn;~S>H2izwtJY42)tFl%?Jl z)GxzkBhb9tZFKbqWPq!|{MSAg27-=YcA-uIwopP^49s^#_FX(SBB&W?j~(U>RvR26 zSGEx}=lPd!bghH6Js3?Ij?1H|q9Wrh0&>d=to=|15TF&V=S8rV9?gE-G&}9)MwZ^Q z1+o5IG=~msDU@!-3QSR*)!kZk-)gk{1qpS4UGWi51cHR$ zYoqu6(Y}ezqfCxg3DQC&^l(uTX6LbOabb0P0jS&=peAA2+>A8#gaSR%O@EPgW%o@elxZ zgl+J>xB-)eeKKx?%YmeO7-XQ*4c8ncA=3a@_m-iKgj^bzpzw zMLJG(3G?74_Ho57&EGH)N>@1GZ>1pnaJxy`rAW&`%9@T3`j>9z9Y+LGrd1q;df5f{wbN--53Mse^yZ- z`VCq^Nne_oxT)G&dXPR{*W%*@Z|N{1BSFd(P( z0jhe$n5{HIc<>XA!nS(q_~%5Cl@BDo;w`;jn-HAv{mdBxzCBaf3ikDh9q9Emw7M5U zhv3slWLwe9sp6ty^$%3be%6GD`dc}xX~;fd70LL-nOksTPiNCT`CNJ!GN5M!l>ld{ z7oD0iZFgf~zgsg4&*bzyE>z!N%C^Be;I;YD|x-Auveyk-iWveXfwvO0$m-RM!92b-Q zY({(4!`=A_WC8{#>FT+2nKWU7xWf1FdihI3$cK;`A2B^^-FYtvp~YL6 z&6H2^rYAl#;+m`FX46US&T7-rz;$uZE*a3A=iy%pD9566gUJ(Vk^@ZV&wwRih=Z)_(b%O3nxKq!4l+phT4$ovCZYR=-p1 zYqrKd{Yy%G14*q>8nF3IOt7`p&A}i#FVgb+7(x!AiseHZGI3Dhcr@B4>pN$pM^Auh z-p9MYqF(+fx~7evgT+z*lq&Z8sk+YAb_b62)do!!Pj_J5f1Xk$U&Ly6)~^;o5C~P9 zO`^N)x-3q3s~<8H8$ITNX9S8Wwe{QZa1K+6M<6%hw4mz{c~8EiE3_zEa+eKvTeqUq z0n&&t@0@A=G>q{n3%s>9KDx(t)yyVzbXwXu6Gu~tNat4)CdN`J*bgAra9kLWGM=Cn zv;cq83Fwv`aD-ats*zjc-?0QHS~ya9${ZU0=0Q=wvJnLbdQS}7y8FvxFp?IdgpN^Timn;wNAaVag~e5sOzX8x1LQoat^H)#@=fi2Z)&(qYp5RA)4W~ z6flt{R4Ral;DFgDk)u3Rs+*bTh6G!dJO%h!XdI3COjeOLK>V7_#x-JGh#}u|=xJ)r zKAdX{w>La&;u~Yn3k#Bg3bdz}IixkhpI<<7T1LN&aF(_X4M;NBkq*fIPhg9wy$sBb z?=23pZwydQ`%@I(pWBZ){`a4L8c8h{c-sSi@pAvTi3fPB0ka7(aNa))0$dY;CRb$n|K``|GhhRKz(1{9e~f`0RR2>Rnh!@uj_zRxAT7!cfD5MxAS$Wr6JyK zms>oxvSV)zE>iBNupSQF#7@0w#eM7Bsq%+vmhLn1T4r2#7A@Atf)^3;hf;0!uV-~< zY-%9D3I2T@(>zhbUDiB=2iHpBmKKFSC40UuO09W3k=lmO3Qtr6F(wcDo>Li`d$H(n z^v}nfuy=3ixHRYbt$b!!+iN3~o5G}8CIz&0NuCWhAvkBx2NUTpi}ig&>C=uda-O@- zgM;ml{ky`J!916_T34}L|NF>Qk5`lznZNQ!rS?2rcKnenDM|7ShGw}iSa`AY$|u~h zwx!x`3=?^x-!5?rGTo{tjcA5>qMek7oIzvEiJ5_p%x%Uoo;uxtFP12#@9|7|1I}xW zuoqkWw(z`PYMBc(m~rkO=NF z+>?PxE^EIJwLLMp$?0l3pYkoA+41V7u>H}OWqK>USjqGLHvH`o*IbTA(evj0(EcoE zD&3^5Fq?R;zQC!bhZuWke~Z_0KkuvLkUI^KJ_zZ4u`D&jz~f*`Z@p8_ z?OZd)^NIWAVA=Am+?Up)-suWj%gWmA@Nwl0QRTAD`RSza&hjZTso$2z`N_ZD^Q!ml zVX>C{p*c~T6(BdTq%u?DQf_z>*d7yx8fUOr{>m*^TxlzYVN=UL3K- z#s+UGd8oSA+=jEzw!J8&Us~cNoo?Y_P(UL9(>GSXC>!nTVmj=_J!dStD5Vhwt_F_l zj^N{c{+sUcv)bOc)@#9r5W?&A+e2K7Y%d9lryJFd+tJR-0=x}H&_yf#8PnsDtfc0? z8|9UuCq-I!I>8oR3Ziu`bYaUqs^iVR9}Z;Y-h-CM3$JGBN7;3b2YB*%I_n6nRaTx` zp4S-ew)>$3vfWTE;vU}9*WUVlBp!_b-Z;_0Xw=DobUzzi%g~*$DcZ3keYm|I{bs^{ zj|y$aMO28k)hQW?va+^cx&z>i%>vHmrn{N-EdX~2~mUXuV?Mkkd=}S+m zg_g66!E%)%@+8mf^^C4+wD8KN!hYMJsg$Clyqas323)1Dzy7?q-udlJ zy2s<{m272gVri*mth1Y0?JMT9T5f6#h?}3ZxT!u{o>^J#^YCvnxGWKJ2cXRNx@}a$ z@xxW+?Cjx{z4E$!v=Q{f>Y*rp>ZZ4DcqybxBPE6tJ<&OaMqMsihV1W-4B)B?y4uXg z?C*Va#DFNBho1!%JAB$MvieiN`TUzLpmLan%22REXHrxk4@)o8bPfVjA4ev)=|-6f zQgnpfo*iYB*J7B0x=)KkULkDKz&%$d^;oj^8wH0#10B->-tQcW_WSbqS$#wAzx7yU zE#DaL0iP~MCZgaY$wPe3mP7NIRKEeRj(HEtYuRh~FNek#HEXh!UBhdNQp=86EpH?2 zUeR`+%1_g7oRZ48rEz1R5%p9rj+<)rP1pITfg&}fL z4yaN~a-rH64q8uzu-eP*wF*>RQY?^f64^u$Q}aNI(i#{J@uuVu>TX8hLy8JO@HsV9 zZ*<=|7WLt&wzB$2vTOsV5iTOKN>3iB{9Gi<2P=NB*eb&Ns!VHA@u_f6Vv+bnf;!4O z$DQPKT&_L%>mjSSmP6dY`>O4Aqrl2GQ2fSeXb4STXVr^DK+C#H8hlT1e6A@I%1M=3 zEFsDk;6|6Rg=mh~!cl)m{>>+c$?>T_IwUrPL67 za=aMZyxkMdHem5k%lt>U15yr8jPR3ZGkO3o>5 zY~x+58}QXX+A%~7tgc1IOY&gAKTD$FPyHT~d612$ZbCbofkcF1utB~z#JzXdiJbNm zO!jovx*k8gI&fg&lZA`=iZOsk$R;E*%zK>BcU#lXUb)nt>OC-@SaX}V!*~h1q@%bUT#EW=e>bDi9&!|f$?E^G@(_V5N#34K zS&@x6k)vuW&g{w0??Tj4)5g12Ke=e=XXkyjiP%kpve%4HXx0plqJxYa)g0iR>$|i? zPkZthnIei20xGz=icJ;@ZC|P)%4qQ#aGf$Ck3b z2C6~0% zk%_gxy*7J*YlD|~O2Y6!BBKAYKqYM6KDUR+H!v{3xpP0cVRmj!b<`Sb`K)=p7|Wqo z9l0%pPp%i9(^j0#pCu00zKVP>@;$kh@mzUSl)ypdC){Rp8d^_Zm3DK2jH&RMLVoYK zPL&yIwA;@rjUPk30bxo5yj2y?SUrNMTegF|9?=qBz#Djd3=n}b zY-G#9)XWk(8w9-ZwH9XvHa25qOgsE93)=&{89(G0J}Lj&9N^t|P85gLE0I^;jjneLE36GnPT^v4A7Q9JpuS>7bz3Jg>bA;q-XmB!bMo3AEN% zQpW9J7jW3x74l>yRSJ%@=+%c0P7|Xk&L00<%c9y}MOple0_}$16xG@?(9n4B;D;qA zqz)9oL_U+Q9LBz6M0isfUvXCv^-b4u9>%yEAOASy)}2la64>sj53;b9L$Ye0WDt~3inv)Le!$;rvlY7)UxLgBggMtS#aU5#4= zl4U$3cXYh;)9RyU(Wb9pHX*Y*vNvloT}tiZvB~SI#58M+6j|FZ1qqrh3CEqE2rViV z=(SZBA6{W@l?{DOmaV8ZIg^a_41oI%hkb^n$lt#W#r7$}aE>3`lU@)XAMzJH7uU=6 z0pI97C{?DD4Z=^4L(TH`)<#izBLobfIc>SRX_@!0CX06QOnGnNr{bnID5fq3K0yBS zExpeza?xKFu7UI+Z+~d*#UM(^MLlL^xXVjPwJVl*`#nO!EKh{+ekOG|ls-ZjEY2zr z=RSUL=+E%TR_D^7RG4f75Otk45sUdBf6n zCqHxYRk~ z|I^%Cheg%)ZKEi+a;r1~(ujnV2q;K1(%mhcl1ekAAl)r3-5o=NgfvJE4bnYG!vHhi z8uWgi_j!+f9N&JAWAFX#_1DZ=*IMgZSNzWNSJ&nJgS~8Xs@)Sgx+&J_Z7{ zs4LByO4vugil$b#oAWovhLA_D&wniLRoBHdx7LNWoO8XmeT!WsRiGnf>xgY+%M9s1 zvxiG;KC5NI#}?8kPk1%`E5gtNtTR%YDdvFd))&oq13ncv)CjIVuzs*}k0{#j$=uEr z&8qo%tRI@c;j;~DyT#_D(3}|ZuA@;aQ;t2BdZ$V>LEXJlh_IveIstFK$_n~`SZ>v*3T;=D(~1w z)t-JeM)IZ$NI(-o-mGYA7Qp)wwzszn3mGl_zrO6Hc^NVVbm_C`-eQfEa?QUU`XN?cF5d*pjVt^eJ_a+Q-z>Qgr_pmhZ53=cG#%+|p=Xrtq*?Gx$i zgbDFc!jAX7duBl|JOp>nRa@HRoXZWr%wbcUBNN~FK5m`!a!h;^(NLVX3VS`%K_^m? zRbI3ofZWPh|F}5oRC8miS*m&=HtDvADFRvYV z_YYw}^SQ1<;6cl)h~RZI=l&ye&r=$woAoa|5bnHZuC9|))3Z$j}5-N{Vh8J z%JUnZX&KrCQ?cT2(6@X81pbP&^@_5NyFP;JnED5OBy=_(Dv!Yi>7y4jBHmTjJ4>Sv z(wco}k4vl@rZ57+9Dh}+d^voSR&-%|tyc4uq(xQ#)STyPvj|RbddhH}4aMH6@Sd-e zD;u5ZLJ`d3A4spswg`C)$QF3;ax<$%?uOR#Lmk~~sJV4je06TsvOEA%4q1&4V zkkcN&M!xzv9`4hB`n1mT1uvl%3&sQZuGM*{C7XC3Li?19cnFktpA7MQV{N9iy5KxV zXhc%K<-%kzO$}Kjgjjx2`5pe;B(-|lbki4*PF%Z(20$kP>IidlqO<` z!xox^CdQveIJxoT?bkOqx+s-QYH-ZY%@}#w2B%8u?KBKP1AmDD`g0?&cONI%={(iR zV^`(li|?DquVegJZ0_*{6?;d~Pj>&&l_yD5BXgLjE4Xe{2Wh*B&J34?J{qf@pxZ{4 ztTcaV{P@mVag2KS49F*WDJ@^{>@)i7qhF6UsK37;(J3(Ku4>a2r%JMq@-NdGy&Rw- zyKh=f6S__vtd%d{lf@&M!K-T;Sk#Ya4Q$Uk*=jgBDruUC&3#{h#-Ol~);G%f1s@rJ zA1Fvb^YN|S!@!SLd{u`fD*ACjO5igIp5IBqy{fko)j}6<&u};#7grk!+|^oKMpxC6 zx~tR8BJ=l~M9+oG5yz=Lt1WQh;p?-k^BQ^PwIlzk`%kC04`1o3fr2oJV_wLn0|l}o zmsMEhYxaijMzMb-*RIoY#93A~2vjgn|y68;JslvtY!U1{_Yst_Qwv&=| z$PcyMcKzM($=tjysZ6WIuEJbm?ryU+Y8h=1c8uQOaGc*Xo`|$?g#oq^bjkT#o3wRq zyAbRhShn)D7Z;RI_K54Hl;nbP8n}|&!-HgHa ztklRlCdI|+7}L!d-bB4-^B`u+s76c`rbP$y$5FP5x5~ph)$UUy_ME0tXJffHlQlGQ z7MRuK3kXJ!4hBuZ$k!n5Y0&QaajLX;j`znYN%iOB?gaA(tj;)nG^kb7D@wbv$Z8GS z++9n{yTT{-@h^45t`bIlY>ea`7T(t{m&y;Cy;i@UCP=eGn#sGQXsUWaL=Ru5FO?DR zs}E*RIUdj?Oz8Tu@+~y6#QTMD4GgWr3O|bHk>^y+z{&B)_ph?52JsWqUIP?n24x!% z{-zB>@4Fs|PJbGY-VA>EgUTL08nhVQq8pUR=B}gr5!hKWRG5z5XA zgA4zOjOcPsDZy6SC4-%x9aT&r zi*Gt}&6=N_-tPq^RN34C3OtqLWMiXtg$41Rn0o__p$O}CE)PbtD+?IH? zS>KQ;OZ=J+pimS%f1{y2*DOW|(@3B4Vg#S1)seMnnov9hbmc3IOVGrA6#KV^r!ybu z`-;0XIjcNFBwlrXe9f0c(Pqs`*ka4CI%Eqdm9$3T{A<)hQzARfFUrk;ZsXjb=3J`f zAqK2rjp|W;^>B>Kz?~S*Kyq3SDWcs;&|>r>&Nb?68xH!HE~*qrjd*fWamC7@1%)E5 zD&x&z3Obq7*v2t(lj{--+-$&MFokZ9W^gEfV%j@I)DLoOqdX&naBG-5!lgW|Qk<@B zpxW%&=aV-%+Qb!2I~T#(C^fm{x0;M1ooHwep*uoRnz>F*x?x)+*_E~DeS?F81MV8h zEpmDaRwJuPNj=;;Y5f$9Gm-&buV2Nx)SP07sgO4zRTug(MwSPY^jH^!4<_V1UAjUDXZsYcG{#a%9vOSj~#4D4xV`` z4i+jb_f3Q5&MqtDk&CABGE&AYbfE-04^MBv8q6YFm>-86(0Su;b>4r?DL)K+cH6S^ zl@>AHS8|7%f8C>8n)>t!k6qllqHS}2yG}6rQ7@jk?vSAYN-_e#57M6+}1KM*g6Nd!UGhsJwiCrM-IQqS!r6y>Ce%r;PHW zIu<)KQ%cP?rE2 zjQh`Y%Nv@xJzDX#T1~qjg4WrP%M{@cOruv)8|0!VcgdRP^MnX02Wl+BP)6pV6u+SF z)OI#=Zd(>N!K-RT`(aw^i8pc9+K^o_7Lc4 z?QSPhT7b%zycVh<%kx(gi(9 zgGKdPz`1R>XbJu(>;L2Wf3yD)hW0!&Phh!CQnZS9P@#O(Gl1hOpy}NH@G%0RUJ4u` z_fQA{9M6gVDWv&7E#y1NJ!T<^aT5!EP_bbKOTCt$&N4?mlbX{$YQ0+K>cL_YbR`Js zlRjA&2fONFL@rzt{-8<3-ce!Jksd%gb7T+;WBWS2+!nHMl{k^*7o>Xl%B_VYpV`;} zoLw^X`EG_8|#!EaEJI^85NWO+aVNWiH%Ru;K=*>PPEF^J~=_ybdXCRT)Jt$0T;T9@+@1^ ztWh&_3aRGzi)LVM)5&8ik5VQFcbm~b--KaU(lFPR@3>?≫6GeE@z!hEw4g4ULI>V3E!zuHx9DP) zkrdBXK~y z^7p-DLo7O47;yU4(ahdYZX2+aMEvwpi51C5R!U3;u|r^m2+QY|Q_fE@zVQM!`wdat zB!1Rny3iX>y*DO!ZT_CQI&11x6!Sw2XG!mh2TRx0GL|qIyv*TCAxCx{l~gxQ2Ln{& z2?9=uZ>5B~{k<)KDx)QQA~*4`8UV4lv@qFM^z(!JlKZ0kwt(irf8bH@qNj9%Y{DPX z8}HXwEF+`Vgmxu2bWb5ZpQ62F!m1Bcfeq*qNqh{*cY5jk`@4T{*Eam^t@5I6WaFFN z+sYbDnsGZ2cT(R4C%d!jzP9068zEo63K!pWF7im01cHv+F zwQc8!@+(n<@&r|z?i@{;Z&EW#x44{UWCqF?&@lw2uFU_CYFPW~%|z)vR))CV2ew+b zMOMGdd4agRH#umQaid|in@Y^ogx5LlFS(3OiHVSqwvbpq>WmHF{Gv9}&_Z$(!98S8A72$=a8t%a!{m;R zqaYDndNT~8T$B@`StI5p!LvdA=;jCNjV$Oqy$?+j{RRW&i=7e97$H_nx!zH~xGg6} z##C1AojhQ}9~;_h9)?>=RRK$I#4N?NeETMo#7SX~yQXH{)zmrfQqws9#uuKIUKoOTtlh3KU8Hw9Q)+QEaI@0)vHwI-|y`o#F^~#4LJ-x=GJer zR=E`r^dire=y%2vxe5_@Q|i*#G;jg6G&b0;2-?$FCa`%}!K36*{~q*wWFX5x16-=* zC0>dL2ZEAJ-Yr^+a39{QFzS3nA?qP1-876SmonvVv^Pw)GtRS9sw?LmeqXK zJ0&$rSTiJK?ws2LYil(M={w)N0=Ug9}+w-r9wI zEUe|ci(Z_ga@)xRQGQ*U;>nKqD`BM1cs;LW3SXGmFtQ@&q>utP+~&oyB#o*N^J2~S zu)<^HlQFygg=us8#}_3}pTd%6Tts zdS5%*@}Fh54WFtM!S~FjDUo!7ukDxX7pLa6^-i^@<1P~05s;O3f5nOxaO8D^&4P+c zUv04IG8HLMX&+N+3=r2|KQi8nf$>fShrHR&4g(=@p`G*@2B>lCha2*TD6QGKDgJh$ zyAILRS*re(p5CWFNLvCB%^Vq<*=#!aYqSdcTdZy81)kX0@L{BIr!9`Jr9CV~BjV9V~1p!u5vrqybI9^h{C35UDrrlrXwx=z>c{6TCi zxI#WXwf#;#K_3uT5P89@c6Y@LdOEU=g|>FfTzUyS^CiTOmmd*U$*O*QYCTm~;SlAy zFZA7rv$D4<3R&&h__($+CGvSk#M2#c>7$^}_t~x;0=0jg6@F~#o25Zvuz)@zX{c?Dqf6&HVg zy)1L&w1Pq_@nTO`NA?X{EQSC(h5XA*hp2|=k%7te`Y#yeTioo#CkZ?LAzF>A zHkTd4AbNB)7#FA?`yj~D7RAk?0ACm^^*I~T;pims%(N@Y0kS)B-f$9|LIS?*`=wKn zGH7z0^aUgB>?1D*`@n!xIP3mCfe7y|3dbLlpayLe16)3Guxc2zqU4?X&N`J`dw1uA zkw?<8MEBgbV$-+Zpo93V_j2s}(^0n_59SN`+{-B;bV=9AFSz#V5QZ@ zc=3LN3zwplKlr!E71dm39Q1}`Q7t!#p~ZS^oS&L%G?3nS3=@ppU-DIgkH{EDCjml} zXzTCKUH604;4Y5mHD!cmNQX=Z+}%Xg89^?RP`SKo)kJva9l%KWPj6T6IpF3GR)5%s zPa5^$_Q^8D2RZJ?%ADzbpu9=fj|!Ewdr9f-Ac4HRx}azx{5GGqY8gEU+SoVaVhEV9 z9Qg5|A!m$@DHYYHC0f`C`3Tu`Fy1I6v7KGiCpdZUZ~m3z%znkIo~fU{<@(cv25aV7N2sh2(U4wkIrAZNg|`Hp zm(wKsOm78Jy@rGJ956=##9iSejWWqJ&9Av3yC=1vzGCCv6TSdk0NEFL8q}J(B9}gb zHELw^%?iiudSLpLrE?*ptP2#@Ek^q4n#(edG}6t$raT&(T=LQp8hLEoNsOx|e27kuP}t z+ZYpfRV+)UIch>HA6heYNAm==e442jo+P?O_ngX!k_+?GjBvkrj3Ejqmv_chCB6-D zxTd1sZKVfo$HqKhPN&Dj`BrPWbKUj#YwG5@RnNN;5dYEf*_XfkA8IKV*5lSS$=CcN zO`;WFerTMfOr;Y-7ogpwK6E`XtCfDc_p=kmpms7`P!)aIfRZ=Oqq za4eQxxlDwE=P886H`d5903OgPKyjheOpgIt>=sX6D<35E74;@3B_)4Y`i6ky{i{KN z$@~`!L1wbtd~5Yu=7^v)z{wt6t(q%HS<+He9sZId#auah6!o!)`e8qXkTM|q69hRfFWeIc+_I&7YnYekN7TV>Ro77&m@;kuSo_BUN`m%uG@i|wD&b-5Ty zC9695vMhbVGUTcJw2`47gfB4XdpmfY5(WUKZdVvGQZp6eo zO50PPS|lTSHnAZA#x~NOBqa2p6%P--dGh8Gas*MkGw9KD%{G~DCz1N_dNfl-4TyMa zIQ?0exfS)IVumNkRFLCD?NqQKyc-}5@WFDc#3;Y7K3yH$bCDYHc22E3CRJo zSC_vm#7ph_~R`$O6r@qDd=xEFme_q5_xo8|vd0rxom9@kjmt>~3`U_5b7iT1nMEu4l zT_dmtpEB<-tRu^|_>PI;El1=HBusI8l_*>hKhX2$(JPo{j!wv)Jn^GCiYW6+&j}k= zB0@bu+!UQD>be9wD9vKBroopctEP-Wc|E?8It_XZ?TDNbfr<53sajjcAA@$t#Qg+g z@nO6MEiLkw^jXFl^5lyzDC>t}&Mli@O@b_1jCsrMyLUZ~7W!~RUzEJzjM?IBUDdZLcrK&Y^s^_%fZ`kcT~q!^Nqrda`1I^cYh7j4lS|8H_xg2h zZ*P4UnRq83bX|F0YNl@033u!-rV<`$3pZ1KG;i=8$?OQ(J!dZFao6<@3!d0WG#Jp^ zr6xRuo_T7Jo+V=l3M#Lp>QYo3evta^IobV%5bMZj*z2A1�?@<8N$YZ`8*PDH_^} zhv9?H8ER@aL_#bTNdS8V*f<;@KF~p*t?2A^aH3ie>t&8mAuivHXV)vIn|q<;h|if$iK=Yp%^XC$q-ynaHkWX>tA(*}Z>tUn#zG(b9Qk&$jc8$57*a z!k`I;2!xDX>2^^r4O91%?-;BwJR*fRghIV} zvyVbf&>PRfvAF3En1w9Omu8ffoQ>T(&(G3V=CX>DSiqVF4&yFhfJ>hO^0g#BxQ?UP zgVmZntcba+K$r-DoZv7cY&IVK29?4YZ)?smdln2YUH3*HECuxwkM zcC(yS)(7w4%daO`9I#t)>i?LPsf&pI6eP0o#@UzJp4|96DbW6VLY<=5-$iK=*YncJ z@A@K7KWS2>lbV|!dYbN3{%VcYD8gJdCegmZPrE>r6igXQXope|O|Jo>0cFzzz{`qu z_9oh}S!diyhzZ{IA({X0B2xb$mKo0yt3liK=vQ4~dki#%EH;qZO1+{+vbvhqm-FJD z&^!`8sUd_T3H(A;?TOb9hZt+q*mn$KaXU_ymF?QPJtmcrbispsCv$GDW)MTl2SGu? z>e)X&h01ME!^1dwq_A^1SRcRlw|z*f{eTY3y+jbV2`-!GIplxtq|u_}Btl-r5SIfM zctlP#z4u=#+ok3lU&@Jp>C1wy;UPc|p7|oZeNFQ|h(zn~DNkFJjg5)iouukL0Zw{s z{P1lWN3&RBv1I`jhQgT)d4EPJ-LT#ws?!^o%0LONn=pySS>+FHwcEP-2Qir(lW38w zwQv?mg_ej%&trs0JEtNaGV(;wd1hLNWzTN+a({VpHXRdZTVkT0Bs-~>C{QXIyR?@T zc#n(EGam!cwS@qW_pIcLrVt{kJY6Pd9NQQs_O387^$(K$Z0|-zltUxCgYgVgZ5d-s zym<-p>fIUQL9)`u;WZGVtJZH!zjpVGKh-u4woUiMyv<=SV$&k&+Llyv%!-cj3(6BQ z>pVYl(vEnR!y5PAzf3j8S@<%EZ~MFS8KG`!5S}52=1E1nS^mKZpt0@-0x(5TXsV$# z`PN1EP+OI7)Ketq14KlLkUR!XCl^8)AOKaez&XPfo@Aq zTqvUFy>XJ|D6bv34)tIuG|Bt9P1usv7(<;jQ9n!7f}K&z<*vXcIq>oGiGNmYw5M3r zx>A;WAnEq^Lc!`7Pqi(Tv-K~@4m#KWtw!%nr+^42y8bo$$N1G*N@3V@OD?(V2Th(u zmOf1s(%`ln#!W5y66h4 zMqpD9%!kDrjS=-zN~KZCiaOyNyXz)831}oUNn@wIzkH+QNgwD*#w=Y# zx^qr{R?7uL^wvO&K@L~tE|XNeS@>ym*pIC3;qo}ZDlJ}s+od)tbC1bgrq-R%Q($Jv z(e;W*Nuy(4+xbFNL-9TV%=!7u2?0CLPXLc5IA0FNRCS)}3Kh6MODZvomeo-0+jkr_ z7|6umRos9+(@1BV*Iae8yRrTF)&a5yIlT(V;iU(c!Y0)w*gqy-5?^SJ^)V|PoJ{a~ zwIM_YV-~#awiRj)`!pHpZ8G;1x+eXk97|S%JVxj+lHm;cq2TAvr%5H}@t$AhTZ!iQ z)a*WQX--ux7@_a}nq!Xem?0yImq_4esc87OV6V^PdG=aIQ9sNSuDPf)=Wxr)J z8QMLOrR`(M3}8K<$K;;XBY?Bqhd($xU7$+A$=v9RjtkXgmAA5!+}*DhTYR3B+XU!9 z)JV47S;MWH4W(MUyknazlQ6vxeIL3Y5M@&;~}!S|2a``@aACY=8N@&o6B zP;Q;}q8~WY!iNuCC^&{9o3j5fTE&Y!z0NmKvhixG_eEDhhUE2c3e7*Q{OiN+$p}5a zbML3y)Sb>Z_#fyn3CwYT@c+iez9}#W#TrTH$O1JWnu7Bdq>N|jSfQ`2>>IbvTSMCP z@p^DvreMYUi@o=d`e3W$1Ubwz+_hEM zFQccuq|s`WMZ+iOrwnC#GISl%fa-cgB^x9quu&BI$Zup`d7Lko$WAi5HO9k~ zVA%oS=5tq}>GwjS{^^6qEH_{Ovi2gdF%3{!Dp&Sn0NCvlGqox3XX?gJ*`9%DXe9ko zq9E0Nk!~I>r16ZNL{nsvo25{UL@Y7R8goj}DWyZvGMbq5e^i*O#o}Bd;A4S|YNP9z z?y;@*-yE-@PS!5L7NthELVLU3WyAwa=+5Ay#ZT2geeXGN)nc zrQ~Vv0obgttMgI6;i@D=g>KEwdtgZgO1V|Fgm_COyP*7JUvaa!7TAZ#zDKfRk)UY0o{`{EUx%C zj~9zA-8=?keA2kYtFsyt{p@4}NRq7cCd;MR1E+zrPPrR-tHNABv>5#}tQ9Lx{O~Kb z`^u^S)It%xk!BXnUWxf7WDLN(tlVKG;1#98~}$HBH|4<;M*L@ookzjJi0A z_d7eVUF?w8MuvS1tpQb4$q_I_D=a|-ddgEM$8urn?-UiHP_lnj{!0Bzpk;)$({LG% ztE<&-rW$@^#B14)P4PkB?E*aHY-JPsZjNQqYM=E~j~HO74cos(5)gPah9li>#;_y( zq!zIl;DWX4SKT*cNZ%yHq1zX<*DR7x23mrO#(%Q-8Dx0*wYzZg<(^a*(YFx@*#Q^k zT(KzKT?R!-dUcY(kv9TgujMq=dd&ElqzAIclx)imE;^Ima81AMLdZjgTY~V5yk- z&u^q>*p+^gXBw(@bbfDvC+PWgV(olJnkPkQKu;qXvn-0;R{cof?+PPdGj++zpPcC{ z6LHod8%^yhXn0WS17OLbT<@jyi`m?x0lMeP7reJ2URs;9x2}52RG-Z=VwV&Ar3C7kUPyRn3?Nf6 zEUbhj_IgSFFA;gptnRb;!k&(+`zg|4LbYL9<)!DmiwhM~vZA*n_2gto@V7_aU>k$Z zAeO+1ZZIU^layAo%Wsy-+Mpkq^VDpDnhoaLvH<;F*knlH`Tm4e(NGx5);lj{3C$lj z>}R++s-@*4V0+Z}uuud0(xnE6u4dHi2;W(v<2e z^A$#|Th63>$LE0hDcZkDgJpF%#mR=hHmQgyILy2+`%!z`L~l3lk{F?>+;_hCgBdL5 zq#LuhYvK~<>1tK&VDu>>BgXyh=ooQhC-qE<)NiW#AV9t9z)H(yeO30r=@76CWc(+t znZ0+Sn`ozV&c)<;7~B8>0c>^3dwt+pQ;G@u)B?6?rk7OOp-Pv}vthKF8-VLz2=;3x zy`5ltSv36SS+`~^B@2Dxcwghwjp*{gz`)55)k$Ply~%7FpUl{2cW1m4;@yT{T{Dg* z)4$*EnS)Rj*KQD)BK!pt9JA`Wmpj$OgUzR%?u;%PLj&K9evpGL(tdA}n`n^SdC;9u z_mUAaW>PB5#j2@fw_&4r8vJuG@imYr0T5QEI!fD%oQ^cJph~a3r%qQ_Wi{8H5Ct_# zEr5-0tn(4d z8KyGGT2wi*p(M}84^@!}@>{{msWhXui@dpVr%pxmCMvnItOg5)OJGoJnBn zMe2bjCjK9ELUCFT!}A~yyXn!_pZ_rl&>qUx7jI<4IjfE%5WBjk?qcT@T39&fUw!^i z+26Q<_HdBxTeWw&qJYs8vp!fG>iX=NLIc-f$JK{Z)rVBcV_ee(1ivG~4Acmnu<;wr zdZ+`GoES?IwYgNWvpOEVPE(knU!B0ui0q-tP|!7M(A&_iC;3-PGHsC4;uo-EX6IzK znC71%)exe%Rhjlt%Z)W^q4N4m#O`$K)SK&{5_Ho{ZvK5&7x~(9c!W$g-X#bBk5TrY zMO({fUHYa^zVl)EsbsURLyP-|CBQ@YJiQYaSPJWPkgm7KX}S_~2QNPOVyZJ>kfh@c zlta5jj{Mg*gI)Kjx{3w}8g~M@@RsKAky;~?oQL3DYVRQL8{Mph@aiUqUuCR^2=f)i zHZODiKGAD^L|5ip#D&h;X|oy$RRWpLhPiIB3BrhCx%gnEe80An6Y}Dg2ko9(R2SeW&zNF71#%NsDX6|cOB&9BAkOTo zCA@N%*O5g|GTQRkF<)sg`HB?v=2|l3m+*^i<+r+)PgVI};o*3al?zhg$n}XGUgXrS z1-hPkhq}o1Ud~*s24Cdxc2r;7nfhkF-x&g?D`QT|sC6EL3&l)n5#jWSRUd`z?2WX= z7w>_e6Ycs8M^HF#RIS}c7y_mswG<%?H`jBR$jwoHMh8S_!R)#c;e3&wfy!dB_(J6v zrm*eQ*HOhKDb?wd`lvsT-MiN6GfRvgCRdy$XBJU#s^^4Oq1pO;OhT+5EgZv*2$}dU z*CERM5NDs4y5sZWVP&dLiLR`vhxYIe^(xLGhW(jy?w3i7jBp%p3gle+g}V;E#?iHo z*61pZRDMA#oq660)qr2yX>G|94!SX-&E|783f!wVGmw*8_cdS=FOtjf!vxE&mi9+n zt(>}Ed5up`;@9W_%qL9ME85b#2fe|0nY@eF|BIBGw@%5sS$iNmWVSnqh}pgl!PlUB z2IQY42c+;S^?&P*bEdN-b9$K8k)sG~v^8v{Pxfc1r&%N5)GAe({W|d!8XirU4&GO; zu0O@ikG;m{%R8dOD4k40K$xAgx+QuX7>q)TZa3eH&iJl)SHt ztl+W{^s)9I*k?3Wx=2XuqY86GbZ>ZDr)HJYdTob|oKDKCiu-E;sLv1L7q1 zjl@&%=k}hDr=@Hp`)xV1S0AdB=?N{Wpr6G24)Wwm@a+Y$sH}cEBa2kcpun+nd>8xR z`&-BCCryN5Spkvk&b2oh>Nh#0b~eQ&g+RX272gtjxI(oxQFR9bWVX7wUexUnHRoJj z06jalG?d0(If*5WMDh~i2oUJxId&v_qRv<*r3MLQ;N4{In7#hX>+_EGPqZFIC_ zB;1s;H%XgXNp)XgTyEzVN^lF7&(cYRuwz!6NUR^WXH|v{*xTcB$BVM0`!%Z(d)s0V zv>~X8^VX@MCzGWYBWGrSXzHUfkx4LJqlVTnEDA+G!8UWINBHeLiAR}S06SOZV`J>9 z2>U+JmwyCz7&&eEKZ3lyUv926;0_u!MjsH4I**#g?futROGvNFquf?3Vj@Z=`!CXn zrTR-`m!0Eo`8~9+_0fK7gpn)_sP6KKcRO4GLQP`7AR>{h2ydi5kOGSK+;)xHt^1jb zElOA#m;&LrMF-#R1qO!9=OK^1Ba!9EYJ@frT}#Fzsdv~LGl!aink1A=U+@V=0Hg{A z>gQ_GXS3pV53PcOU-cy&eL6E58vdWsUB?fBhq@LRNXznTprHXPWHhft(?Nna34yBr zQv4S8#kC9#P4b^Aj4%VWT+Z}mWIud&2Q8`>bQB_yFi)Qj+{z4O=BgO2G~7j_w)sJx zqZmx~QbnEsIB&4vfkL}3U5?z;k(!GxhkIzk0Hzg-9;P!6JV5gytgvn61$GZxd6A?% zY_9Eb`v{;})UsSh;@1B{Yk#Q8txrMrnEYd+EaN68tKjXcxs0&!gGE&>6u?0^%c;FsMMf-9c+$S7Ne-5vxsacvSqaluPPdNQjQ%>W*phw*VK+&VoIU#}6hn*`!JD zpM=l>lHu3FS$5MRdv^z~6}9QU_^KA~mZO zD$$@LvwqHwxmunU=>=!Bmz(&T@$k*-w?us)8i;~*^~NBDT8{#GIlNj@WH4EHLnTK` z9(%=E>xG7r{}C7pyE$p?B~ES)S158c=Aul-RZ%g$4h+7qYS=rC(;QPHDM!i=>)^x_ z9BwkrehJTrS@!3>C?SaUU?3_Y7p)vFkX;&^n#nCQ=R&x42wnkjXBFQM%DL3CYJno7 z7ui!#Az9SFb=r6xYvGYD?2D~Sug+cOA$o#G8cE-&cJ0`3l`y$Np5#=?sFS-< z{*W_v9E$LFh+;r6v8yny5Ddf>sVc9Jz+w_({pznUc-RtwFk>#nBoTYDNO+QKi~D}o zzLBcSQ=C?4^^J;somjK;+k_|~y%q+9UXo_PE$r!P1q+Iy;BMP-6$kzk!c4%^du(S) z5hcWu?*`=7p(Yg&hINlQpL}ifQhIz|%UdRgVp->O4)b{H_2DdGkV)2Y=wq`R)>`l~ z`C7ueSZTY4ob@&8N423+v=p1`)_?Fzdv_0J+mdCEtH#}x?0A$VpE;Z^Uej8su!iZ7 z9f69p=>3!H#ZwphU|T{u+QOQDdgunR!49>|KuP4KpiR_3$QpZ3yyY#bZZ*<~VHJdQw}@r>B(SsGcYzItGM}w0Zg+0Asu3+c)n7~fjcg~{R1lyUZSZEnr8-{cyf z{ZRR%+mweVsL4BO?zPe73XkL|D-ZJ(Z(1#9P#k&JHiMJ1_(>|fc&}q(;ei!4Pf%>L zrn_9X$VivdPAH0fl#u?OA_?(+Yb)w4Lcs6|TbQ}_dF zZ|csATS*72-u9xL43RUZakUjfMaE^S^U#Z4EdDtS1BqTvn)qtdp(nx(d$Id(egy2I9XQR$mmtY$8 zv0_we2BxQ^xF2r}6>F3m-IhYzU7jq~KrIrHk}@FpS0ymJHNB8GF1zG^E;A2oyo>;( o-S59Cc)#iR|IJ(^?86Hr4#sP`bw&Z)SEwgQiOGwWy*2RtUrPtUnE(I) literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-domain_email_tags.png b/2.5/de/assets/images/manual-guides/mailcow-domain_email_tags.png new file mode 100644 index 0000000000000000000000000000000000000000..7d3345fb348e72e02072cc8197d49f293e64e5e7 GIT binary patch literal 66858 zcmeFZcU05gvNw$SQ&dD0fv7YE6{V_3Z;Apc(xi8!N)0`f6dR%-ASxg=0@6E3Cxj}} zrFTMTflxwCAf!BB@SJncz31L{z3V>rS?}}5o3&gfdw;)s&&-}Zd*(B*)?lCYFMKDpG z9R+@$aDQm*#lUd7asS_;7I3C5(8%hoV&tt0w)ciS^R#17^R%;b^Lh^Uw$MKgyh0Ct z^x&SJpT#njYREP8l0Z*FSPxbqns%QJ_V$|8wp_q{5ZL_q$X;`!vtNUel*#}5+a+#~ z$kSM%y-;r#<|pTqPt|hS***)dXpx?`nr3+I`u^q#WzQ=%t*Y+A>d|QnhuT@4j9o8q zelP2s&>Aq;H>cj!)c~!*^Gw3=j)nuP%!|}yry+#NUjU^H499OZFdck3p!SE6p|mhc=jf9qAGZuJ$^lH1;Z$Vs7< zl`KWNDPGtlwi2Yi`!kGk*xLRYF)+Njh}~ZZfD?&-aPkIp&~mB& z?*nC?{g;6ZD%Yl?RyZYHc6|4Y#g_=>fpqVg`TfcuQO-Ok6bsX6ryzt^tUW+RQl$QELrJW@@c}=y4K3Vu|rjfo~fLQY*5elw! z2AJN$s%%89q!`dv!|e6Te2pJ4F(I1UIy==NZRpjsM!MBKsN0Xt%BByXl6|G{OEA z4T*O=(;)fwl{?iw_nWDPIE{vq)M$4!Er7_5Xm!4+(v~d@s z?W4Up?Hbs;p;f1IA%+n_5%GC(O0Bd_4OTWsVVezJ8=^z6`O`3_w;eWz23Cw64p!!_ z%wHgjnz426o*e3Ay|*kjIj|Rl_{sC)9*z~W+x0WJwsd!$xH`E?OcXTrTPVWaR`F{L zjpvV`5By~2r1y_54$nlc6nwAl38z(ktm!SMMs6J=M39KSv<00a8iBawG(%Wop3u7- z0msQjygNc&;AJ5ac_=NN#Y^aQEnePMZ#+{{yMvTv?nuQtmYy!E(wVoKhHIO+2 z-D?det4aRqoYj@=PI^*cL^~lZI5R)ih(ZO@G&>Z@shY5rMsWN~`EEr4Lg-oE*P9Q+ zt8M#(*B}uJ#E&wZd)k$+1P_+!FuR#wa#cly;_lnnPRZUaiE1H{tQ9F2%Cqrx(q62g z?ciGJO2IIp#XT5ACWe9OB{SI1as^bDO0~Xsv5>c*svl}Rfj^5-UNFr7eh9`4Q(yGm z>n!I))g1JNYFK#@R*stx=kJpc#wn#(jOtcMa=a@rg)#!OeK+%)-{X{mx;k6V+dNE? zyUtb78IBsNzhwYFp>)9zIoxyqEbddMm$$-RDSbVz z`t)JBLxg5>5GV$@3-_J>&fzvZn$g`(`uv#a%C0Uh)q60twkZ2)vEp)wm~ZFeVakYt zcWI|3eG{=@DxE+&_k5C8Q^3V30|I%8rUVx-qIOD@N`g_^y-PlqeO0H<{666qx}M`% z+JQu+(FNwvZ2LpLs5{DGvCy^rl$W!0l~M(&p7*wtSFi{QRqzWMop+9qPbqn|eDA_O z275 z#Q@(cYQj_LQX9S<;Gc-=(WCb@+2ldUE)-9pxYrgy>#q~GF@zW?wzh=7=wBNUHx5R9 z$#k>k=AodfmHOTAux`cb&G~z~w>3!%vDur|&t^z0N$tYogu-9+vPfnO4e@jQzVQ{p zcu~7MX$X9JATT^9IOT(HU`vC0Pmqh>ETSg5GJG}`;d}Jt(QcI>rU;sn&0>yt0n-h| z8l!n&`U0MDkEBoECnbxq&PvOQ1QW_gq8zd4#GgZgo!!>&vTPS_rqnYbn3Mn@=;j8u3R2FRCgaUnyU`p z>0zO5V8dcXYN$Td?MQfP=4uX@l4IiW>ot8?c7arOO8*xUK?sa+f$pHQ4hfy6&CG)p zW;O4fObR`%DJj2!P!K)&8!LNsr~WE#M+2*= z`)!!GZrJ&>2nrZ=yS3zyvn}K$-eng+XZ9ZbIe{~Cry4`=_S`?VuMt+Le;m*pt82<= z%b8%0J(=SN%2K%cM!cp%ewZA=7|5bXLnsv2ZwKr;-{nV&CB&bVK<`xq{-yP& zxeI7M_{MPa|KSAxA9DrfnZ=sWf82_O*Z-St#s3&l|2mM#M{F~N0_BT56U2~qc17(6 zUtiLJl(ZiN-}<^XJ&6iT!BrL(TFt*qJGbB66Wt+y@W8zwz&T?QKO)RRvOH)=cy&Uo z0(baOFUj)jh5eSgD$o-@osIApVkQU1?h@c$J$n#(V3fX}wYc=*xz7G$FYYujy*Vqg z?=LfaRP}p#v&~J1942Wk^C}8AA=>X>sk57zD=%^ea6(*~%0a-x;Tb9u)etRc>wK8x z+&9b$pVM&1Smq}C-MQ3a&(gcVkZ1U6?w*%1{X#qUBle#EyNkZGL(#I9kMtA;+xrd! ztJ3fuAZ6A?XF5~@@k&&R%4j5hKe0eqkT+`1@g+b9_5nbLXW4a=p|)>bLhstt?0WDF z40m_lgN5IKj&nPNrugKY!q>dYgz9nRodz66P{X?^*9bRe@9St_=vS1hE^^Kx zblP6(o-?EFNxf~yLFVXN! zR76|Kz#)bgYv(XV4XhS^T++W)&(F7}b6ElchE zZ*R}rwQAtYlFxY)ABosUKS+@?Io9RCqxz^b;a&M1m%%xelu`|I0ajunPrldVn2E6z zw-c>wtLm$qE7Bfw&jTCNvzJrYjiW8%^$j*CRt~y}78#;_9$m%HJq(y|f!h))qv7#u zDMciTV@q1KsGhrCqI9Byhgzqd==S*L{DzC~QMTb~f9V@i!zr30)%R{Bh=hO#gkH-Q zTmsZeB?s^$u>!S4Z=`CB%n}s!K3Aq)^0{TfTf}FI3}I;vRwv7HT1T@xbBj;d!uIaL zU_SR9kS3Ti{jE}Gh|+rMLYZ%=ZKiYic&bf9*NORX`BFzUb?9>_9v^g~6!yJ{{?-B~ zD^R_>AX(&-?yjaI>WO(SY%nJ?P&VUb|GIL<^_I|6>Vu)*J3AGk!cQ?a7@2j8p)wJT zX})WsW{DTq6H0^w0-a4^-ybKo{a$Ozl|g;A5`|r-eW`A0ZdXXbXWJ^gI}#W05UDx; z6!fX2|L3ddcT-x&UE_I+glsTFJQ;TnFlNQlj_j>d`qVv%HO+;crhSZ0Uw$pLGtckZp` zCFMNS<=o|Y^l5DD(CeiHXxpGpFha)(153@n-VpgAvv(Y}H$qcw&t9s1Zf|ae%MB^> zIubwHP*R>+`_v}yEMY{;`$1pELX}>(S!7^!fhu>Pv5otGDXZj$6DU=m-zBn5_)1n( zM)$E|GZL%enZmD+6F8Th+%mIn&8R=DY-H-LpHQjXF^{NXGk;^U(z0CaK4%0)=$eOJ z_;9~SeKSuGQ`M>$w%;=?+86jHZ6&YOZgSI@_0P^WD)E8iX8TNOcq|Z4xd48GjS|{6 z`eNg@wLi5mHs}0B`G4AnUVh2621|^W2Bok3b-vW^K(foniC_cHSpKX?uGupe`E?Bk z7+Bs9aY>!3=xQZQb*0Et@>@79hEpF)x1PP$?|wd-3uQh1$|8Vh-0~8d(^l>#k5!ov zckuQ&{l1cKwZ>?4GR|yX0eRJ!lZy^#41-D?&mGgWZu=Bw#qDKm`;G|kB zdu|@CK*|zlZ7q&jyjrh)e8SS*r?x^Gv2Ga1)A#aa{$?Dq#(VW#iKiWGV?)Vhyl_2U zj)hmob2cgoV_{T7+~jo`-ywN;y>z})^A)`_+9y{_%9uX~hyV!(xAYa5CrCLr-le)j zmof-(#u_5yYp;>jLQ|e&_C1)8|dqZ*9%L~(=cL#046wx1f#$`P!){DRj8y_b% z>8F^@T3rm>Utc}BZ~Pd(#O(ZJom^868?#d4*BQ6rU*+-gF78oIK%N>0S zuEQxjQEbW$oVFvtX?vMj?9=C9{2Y@)FSzs<5J318nR<_|z_*_^GWlrZ>e!?LAn&if z3<4cJw(K2I5S#wk=d@)q1{AOOap{MPQ-<;p->R;bX7ltoufg_D#KGCyT0SCSB`P8X zK6Z3FYCYl(OhhexYJ1AN-O`U}5i*Wd`4;UTT~>!TYd$(4c63C;;@Ako2J~1y@vOE+ z^rebp1r4#xoaiynUh1I^BsJ^9m)gLah4X&6G<;aQ<75jDNGW(g%uaSiu=)&IV_bdP zckGzpXV}pWf?-1KHFbQ_I`&q-6OS@muHR%(rOrPR#UZs=z%>bhbK<~p8n=<1qpn5PrRRGK-=JLN78#B1mmo*kQz;IqUC zV*E|?%|-J24y1+Gvz~sj2x(BfoZqyY-OpJ-U=Lat%E=a)-it5$u@@~PS7gBEx5b--04PS^Ptn8GR;E7}iO@*p)hrgtywNb7%19E1JE{#Kt z`Zq9sl^YODzm<{#I_=!gPI4BEx$kt{UMA#UYW+kVQyzS%D-hwvfPgfT{{85&* z^k7;QVWW*z`C(&?rQB72eeq;J8=)#8NJvdCz9a3IklXV`q``=)ll>2KLb|BO6y+7P zuK8e9H}o#Y+n4fX=MN=>kKXNH`?}jNZI6FJ1}Z(v39?*Dw#*G;~GKw*e{Ac5e0X$I*9wh9%`$6Y>J>I)fQoftT7|~g80f$c+GaI>$b=%ox{)4)8ROX zl;W0aQLB)G827pD=ThgXhtfU!MD;?SVtXU|&mKtsQpvIyemtAy2j{^J)1ilU|97fqoTq zuH{M7PYPZ`li7q%G_SHyORZ*iQ0{z!mdOG--_2dIarGi!odaaZIGV3Qw);b6AudSD zLH=1tHXAAL5cwV>u7d5fBJZ!KPLEfxm8bW=h)h$DK_nKq0$Zi_IH}MXBnRpqDYE7KJBlT zK2J_@cd3eaD>Q9Q&C=Oc_$T&aIQ>K$e4YiJ)P__^Gx@EpYT4zi6`a@qVbj5+aJ>8e z;Jxa&fn${o0$EeXu9{3n0AXg`<1-ke<6>uIyEsZ~2GauXoCdHM%~eK)zXoIq_q?6J z4vboPKJ*b?s^f6ERI((I&{V->;FbS$Ab&OZ%&clYPgEcTXB>T{LKehhcENGX8e>mS z->}&JJ#ppd#e6h$OcP(^!36vlEuq-6X*O1 z{erhPV8~6Y3eU?B74nAM+s}eph=i^tWrL#Ka!N)3tuaR4lBBlCUGh}Kn_idwu(>n_ z$7cpI_{IQvnr<$;Gm(3nS^viveGi-<_UeXFmP&uXqi8BW3j>3;?=&Y9_Na2pNJ{ij zl^&)MKK4s1M@8$`uA1JXTK!_cr+_uW3%=Wu%KIm~x?)VGS_*=rGmuzO>7|KI^=wLVK#aZM&$c&~RNYtpKBYNJxBUJ%)Z7mxJJRf#kmCg&hX?bX`&- z5CTQ6p2*!O5&HEgPr}?48RE6NV*2rM>@pLvnmmq76zsN-$!WOEuA3sP3{1#5g* ze@);0HS5u>16Ec4nbq+`rtKH6HcQ_){l&CxMlZUty-W*}q8odkUgj>Yy5{s!;rgr3 z80~ZZN=~Ojd_;6OM}pW#QEc@Cl`XGL#eV4=N`Tpe(`5zJgHgExlMt; zQtJ{zBinW58F#|g8J60ir=RKsEeCAR*jV`GD0?v9jr7^}SE^nD;~8}PH>*bLzh6cS zdYVk+emrqw`Qrl-P0Y}@x4a`eomCl#?fI+vlspT90-LeJa=Ess*UDVY@p_+UM^CPq zt{A3c$E>&ZBDUq zzl7AR*@8z3&+m8PlsBMt>TG6nITx=9nu zXAoRbS%bN&pbZO2{&%D z!B%w7@h~kCh{CTQSq}?ZJDfb@qSNkdZVZdidb@;7*Z$CtY5Bz5NIS7PvO@<)8zG)v+3-!fTj zZ%E7~MgB2AM||xS9BsWorCf&$YI$f|)gt-j{-UB?fS*+ZzPxDw8rX!SJ;ZxG98x8| zNW^<}Jb+AgXa9D&p-zg?-P{Q@HPFR%ZO z>+A<4$lBo5iN(`d_+%KBFb2PhL0!ij+x?vy5t8&0)u^_Pj*-eH$O~JBlH3Q~flA|5+`{)2{G@R$N10%9T_@1^89P79g z305eh3RDGbEwMc?Y=`p)R}~ik=q-LF)$<4`=P48Pl6w9P(udhqC63%yXBhobcmbx? zQFNh5iC#2WZ{F|u*U(f@$C$;%?MI>4vXAljduMEFaN(B+)DZ)cfwlC7R1773;r&?Y z`qVIw&J(hiCrVJ?-zFmS!mjcAwoh8G*mjmZwMjBA579#X>0O!$mh)Hd$UbD{4TrKU zMK%V~R+m;GpX|$->%qx6k1}uec|^(8QrD!=H*7dd?$saODmZ5x))LOG+qv6Q5Sl{- zbKtWR(5%Z5KaC4mCKaBy-cm^5ouUuZhAkD`B1}zyO(R@=5F{o3v#imz!EoOPXok)D zsF%D5EfzZIH$P@<9qfR!a}Y!|?z?+XHD*O17uEuIvv9n15cus0iC@72e&tr692`C> zcIzfpjAbCl18G2flx;qdv9f&2-*-)+J?&(6my!$-?Nl4XqobqW-Nzq0RGlfbSC1_b zNSaK^(blWpbiJ~x^zrHta5OxXt1tj%wlbD$a!o$de3aB*&NC*S+v4I5sA;`~p9ZqT zX1GI5ihgJFG1FM$XJYWTNoP6txmPuujXJR@X=A)U0gCWN3gO+4;*d zOK%%wcAXHTd@0}Ht=ZdxNVyHKZ6o|{crl)8Qwj5rypU}ZH8ms*WXYBOVIO|vM-?gi zX!>C@mZJ*5XyAnaTqfvv-C6|iu0_}d>{aLEF$1qHO8_vJ@*hZ(!3ObOq-6WRb_DWo zSri8!GiHD8^B|11ANvj49o7R}HQs-;Bjr!XCV z^;{=K;sB=~WbK z+gk-PF012bm8|xkc`Dx7B-i^n$Ahj>go$ zRCh*62SS(}P%=5_VpyDvUWAEoV~<+BBO-8JiMF@>=``5-xo6P_3itRb*&rqOD%m)t zyfmTX<=Ww!5B5MxI!zq=Z=VtF>1IWVG%#IaNTFiT2u#O*E5j@P0Mj?1y9^KZaAgOD zN7os9#`tO&4&U9|FJ5`E0r2sE;JZ=zPZN=LCvI^sJ8j~TH;;x#>Hn5?3G*3P*q__y z%^KeoJ%_%_`?3BHG|8LKPV%_fg(`n3GADoJ#F3JK@HK0dv}>}~2DzKA3gz&IP@nOC zezU|Lqt35tX}B5wys6mQwFTF4?GS&>aaOEK+MlhsbO@{RaK}gT^XqCAEf>slf4AD} zfl?7`DX#{#{IGxYD_7$U=rVR}q-GfK#kLiOI+m>gsGuavVDjTLATJU){rOQzLup%a zw&Z|>4^QPrrEyHcva92;o?XG{1mvFRz(h??Y>#hAzLV~Kb#VGaf7R(XPv4(Q3^=m) zfUEhv`KX#hFE(V4Z}w0Mw?ICZ1ml^E@qQn^O|B1Sgi33}L!RmLzkkRlRGqlGF{ z1+o|uh%d?Zxca4^X2*PoMIdqLn__>5zOlZknNM__%vrGGaBfbcZgM_6&^OSt?Bhdk zuSPl{EMog)3+{&c@(*VtcIl%hkHiXQ0$4HK^1u=iTI`JJSeOM`YB~N ze?HoxR8uO#=(U9+8{#qS+j?kmNCwNmuP^m*mq+%X$cGP(J+^yi^~zH&Jt?tX`Q?g0n~iU&<=JgdAhyiL38}h{8?S-P zj}s>n{(X-D|7C@FHbARuO7Jf7E|41PSl3VZyei+Wv{(K3q4{!jwcknevsZ&b`4^w^ z76V0xg7=;;OWl|C%Ur9oSj3lCE1lGL^Ts@%PrX?jAAC`^5!!^W4Jn(kZ#Hsna-uD2 zIp5~3b3vpcTyfxQ?WpDc1;rNTONwFP2Pt|Zuj69M%A|ht*$LK`{I6p(`a?bIQs75E zlLH^mXOlo9qrO|cX6c-Ql>y~$+3`49P9>gwlzP`k)fdsH-9EmTdD_LCq_PVJSaE1N zjobaTos?9N!yqwJX= zxxX!5UqQfH@z4N6b8M@sLz{kcfZ`<;Zh45fG0`rklWKF(@G4+g7>vXLVjCuop5yog zI)=;+H!2#uwF`18os1X}khu_}1v83V2%pb?@-{L<3|HPZV$&hZe{W?*Ek?J3H>;}A zo(Wff%J2|e;9GR;ZE71y$Xn$Lk3~g(oj>gDQpnTyUa!qNnI$CbDU7Wai-LJp8iKX@ z3p*e5X20D(dcowE+E=}I$%M#{p%lKe=DEDE%rr}4LzK-rRl`TZzL2Gv^q5+(U#n4< zt>$-@wU*l6pLIlMQ_a1!b~RSK#NtE?ii1fir`r$h8>ST*%O|VprDEtf4V0x zV|#k#qn^||wpBG&3u!ycmz(5ME$mr3TKmb;h$rUy14(|J9yuR!e!P;%+A&Dpe0HWZ zqvnzFF?RAbrtPzBk~avy*LZVv+2gBYh1ZJ*b}l#>g}-O2`dZR0D+#eoAg}}Y8iUdH zz5vmPEVm^?_3cFZYOu8D!>gLSY(ZK1_DRV{C{_NkJgM{xS(_fGHKykKBD|I4r(}5n zv29;^QhQFjz2i|%vHTp4D=2x~fUicov?TENE%%_M8y5^6^V@X&@1KYW`+A`$gTlLa z=&XKAXJgDZy&@ZP{r8h--x0jK1fu}A2;I;0N=p>^3o}5EmB^)<<0l}XCw((oszjbh z?gt9FL0&uU^0t<`5kE3#UL+jx4XE;8j;P9mYv8!_KQ6VeHB@`{Ez%21^~!FN8Q=qZ!7TO9J%0D1Gr~+pm|M-IZ*2 z)lb<(`j54Q4UvA{7E{m{yW%+7n@@I(3A{MRbVu!)Xotnu-(qn;EFU?c1xw9QOu8I< zT2v>i2WU5os+Q{&azSPNdNI(@G-{WI{#3Z?CTqts{5w?NiA;@I*?4uk;Bg|SGkc=; zUdP*Mk+Brha@u_wAoN}VSSng4DfBwR+FBX4R4RK-RC4LNVcp|5AYx%IY$GgrW}~wt zU#hX{@upr9HCt~}=U2Md4#}zcLB@5y&CAl3QQ4W*l6;ZxHh(hfS4^GH-CWVsSqF~d zYaPGFo<#eN2%dPqvU)MHAUMjw=&Itp*}r3dnP#OrkY1JEl}a2_{h~MR4OV}xV30a$ z^+bPfyva+$r)v%>l!3d-!9}$6~s}UUjVVy$Vph5FqdwPoVf~-WBmm_#q9dev>Vtk(er; z8ZKn?Na(CZ<}+i`LY!2Te=7PGs#o8{cTPr0vXZ2ZyDfAZshn5dxmYbJuO*x%pl-&J zk|_r@)A}~+c1<1Sq9%T}v)m5I5Xi^TqwHh;u6cDP(_Ck~Rr2q*KbTlFjVx7lHH31`dbID5(S7FuX8( z09N0s?C9tP+=B~%qdP-8@E?zVti>sBm32TL0ndYA^q?K%{l^)EF}DeozaPl_y%xOY zf3T8lFoeE^{JQ@!I|ocPc(Nh1v|%$U@%{VvjuTqtU<_@!q`O1x5zv=w{|4k7L{6s> z$H2(LFMPD=i5SJ|y7{(~^xY*!HxtcSWehhqX#gW0NWvigcl8QGhKoR45ri^VN&7Ta*{GK zyTM8n!2buH)aM7Dq%<(qW*srg*ogv;mBO<9S)jU%FYdsv0*~a10Q4Qj^dGscq=bBU zrK$Vyive|Du$9uGx52>?+;YD29kEOx(T&Mee*AY zj=>FpM_b$3?IBALn!P(oA#itN&a~Vu_F#k?Dd4LCMk&av0jB8~eO6$#UaeV=%;Rv) zT5Lr}3y&Q*=Wjw59Nte3daj}`0W2IBi`Jk#m_P*@(w`qP8aPm%231no6M{3KnENYk zcW#B=l_-}oxr#xH!TCC#GUS{^vjSpmxVM$}fJGg8;T$S&&i3>lZeuilAaop?IO=NE@+q=)y34DFeNmdW0XF&{X+eoDFxQ z%OIgdW-rZDWXN>m2alj&rt_(z|De@iDxM5PVnP`!>+SX>`oft+u>hD-fKOYWh?&S| z>CH5viQ)Ekw0vH0h#>aj{Wtqcw$D=GVN5?x(a)xd*jszCJ$r=oDVF!G?0&ED?XNAKI^EU*Z(R1mf4@R1Q-&cXqZm~6*&7#ypYS?-;H>XQ zI|977FW>`GsbUxxh9`KJe_@@nOvE>Jks+40wY3FvX4 z;xBbiSZMTCvc3HtXY-RKBYUe4vkSGEcEO-*>AhCeTIj7r#5=DjpCg#a>Rfm6d&_)0TzCKf+SWT==GH(T%)$=ot@bBfro=M)W zt%74Gl)6TR<#qF&PuftTgyqAQKmRlA9D?dAtTbT$PQ0DuEN+K3o z5O%ssc#(cM`oaisOQ7k;kC0x6>#*&S1`x}ZQfQ}G7v1eLM$O>4AdIx^d`j#OC1)(Y zbqMlW2%E`pU@&@yB_pTIFUzdvuDPuqm+F6UUP~`@g0F|W(>$u}=3_Vd?pvGw#NEn~ z#9%er!dicwKtP21I3hVi8LL9H3d@-eFa)aGO;lpnrrQ_$!0!?C7~MyKFTV0^Fd4VD z1IDK)kSOsMbf9>^!KQ5w(Ai(eZjhT?0-kQj^(2mXOY2D2Xmhw}GW)JRy`btdX4ETe zE_1b+L`r)SuvXrQM%DcVieypGnREPv{~()A8*Q=Xj|VW5S@s$xU5c z(ysfndy^w;0~1YQi4zWeCCG{D5{xKO%L3&~S*3Q@ehCg-v!d-}iKiP1cjIX}1vv=N zNwKDZRw{R!C(61ds0qzg?E|;4_zB7inn5F$z~Ut=UFi75UIcxovxM}N8~{?J|Da2O z7v{R^8rUtkIJU(LmhQ3nkn{SSc1^Wv>5DCR;u&Mw9)X@`CQU1ew}g3YhR6(J)xjY` zJF}@80mM4GzmMDc;NJZF>26@XZeyFNLlM~{NlUnG#iz9tKF|5jfg4}KTFYk}xHRl) z=Dj`VUrw6b`Jh$xmg-A@(FdB2=*JfG(A?LlN*=sDGIo|Weg`<08H}tcGdt;c zx%Ya=<7_T(6h+3}?{lhjP2tC%5c{Dwy>(Bg3bM(r?YT$q4i5Jx`^7$j%!AMs-u~%J zW*gzDnCr7k-6S)`&8Zwt#E#V_6Buf<_8J2t4}e-ZtC&P&QI^oC05INcKnQFY2K7@c z-I;0^YmQc8Eh(^whZa`c^lJ5nG3IY+neX(dgDE{&-EEu_eL6=Ak_femFuqR4N}c2Y60 zt;yHT-T8=1_!Y6PE|GLa+Izv-2u*0sO~9lychk#xcxMfz@`cmkB)M%uuA?KnT|;QI zn4%UD8N1urqJDwiuo*e$B-khg7M|oq*lchHx1iTID$BeKNnFGc>LRD5$Q4Bwwy^Jk z(`xAI!Ogu#sBuVJ?aws;3IvjvU1_-TSWcYRaQ}s2%R)f^7uS?UGWW|hK_K0X)3(QE z&1!n8+lx~eHSILj(C{X)nltGv14fYmdf?U!Sc6TJCZ98ddI2MHhlt}Rz-y%;OX!T4 zcNRY;f}#^AXT#p19(RdeiCY;-Jk1JZ)5H*n2AOI< z+VTzYz#aS#SjCA~+WwaPdO?F3GRwxxGXs85(T2{tfdp}$H={R79J|q5(^%IbN zJHu%qTsx%iY+N*94wPz&Jvr5k9K}P~@zd5$Dfc_{U7ZP>$gk&l7o9O2Va>e|3$sZGBi2vk-|b~`C5{}5>vF^<^Xaj+DD?@qDsPLeGP;uzgMHAaTc zTl_hZfW%R(zI2VzlgPp!BO&gz%Wv@7~f@CA!t935|||HBKmn`8pQp3Pjd&~`q}Q+=(08&sSG?vtin=}xB4{M;mDL*8dCHs#?jp@@ojQm@Ti*s=vaops%wt>}hX6>fFIkwbW6Q(~V62FT-1GXH&U$ z8<~vtoG4#$MUgCUqzT39aqZ%Lt=JaT(;q17rbuWcc?SWY^R?Z|6R$k5gJD}!Ah@n0 zdz2J<$9f~LA3h^mRqsZ z)Y62{tZ`y^b{jd7&~24R*yg7ghPb3?Ulg!UZW|lb(Bq5V(>-_k=l2a0%){KjG4u#n z0l9+@-6L%cBbCS#rPS(;ET0uZs|91iEY)j?dpECv z{PS;p|93%1^azc`#rhz<+C(>n%+_S&jG~0oBNg1egHJW`quH($dxW= z)_u-g{NF-{28p-F|2cZPTexDmMV8exr&Y&vQ*ifN8Ylt~54Y)4&Hf=J=9*eQrDovP zzJSckZ~3>_{@o=17X^I(Bcxo4d?+j|3|u|Sxp*KTW!0^+2gvpgVQy@*NxjszT|5$L z+11VZ;tcj69{u%hGJ3%)Ha2Y^T>!${eE`6NezcI|Pl$VGO97NpZa1&4>{ny}M6#F2 zG^X_u0Ji8wvswnOlwz@1o0jlI8L#<(5ZoKMcj0HPze^A6yj#D8lW_1Gi2 z0*DEQPQ@U$b1a!zSm?xZGz>sZnphc(kN|XYknt;&1OO6lB#bzcrXJHI}$SO7_#!bRglXPPxd2KGm$$ zA*Kcddm(`HciU~ED(c~tEf9p^#ZJ_9_^mk0NMQ0PfQs|e&Q&{Se`AIYF~rfDpTl(k zC_wKxker6@V1vhf4>9megHm_4|Ea^Q+P4#`&&VMC&N5;i1Y~0F1_4mdF<`ZK4*X1Z zHDFX=4W~l)MWe?Bj0N<+I0*Q(J>Gy`+yi*8-Ny^=HUq)J|J;kon>~AAq^u8qg`{+Q zlR@y{*6G3gxwd{DD^2a)Jc{EA?)DmxcBS($Y~jtd=vYXg^WA*tv#lfI$Q7dLk(B5p zPDST=b=@6lhLe}}R}kPvN7N=Sx>Nx^(sA?&hg)fQY^6)kV51h`)-EPx1pX|?@WOPq z%2|}glvg#A_93_R?MIDYjfjGG-i&a!Lu>6q_O+`t98JuJxmzQx34M)LnvAs+ znC}RgQ~$?R#Q`I@-!nDP#1Swo(*SoXa0b5}Q5-PW9@QnP9BCmeUh}&eP1#$n)_vl) z?n2rutF?*gr~>YA))nsuYA-@e)vzj_xf1rq`eSj`WK~twx6_H8%<$65~kJ?iXM=XUf^H! zn@xqZ1P56D&VcNUtb!0Q3d*=thb*X7vxyJQ-f}<&dMtD*ef=zWMsUG-%`y+NeL}21 z1aREzx68NB&T-63qy4?ihVrXD!IsE2v%qrF)&}%?ozqmjrLaWhnLpZ{hg`EJYlqoM zu;Ad*eEaZ~9%tA)H^dc_Y5~RAJ3`(ZzvUCYaJuNQB>G8d2bRYRJk16Ws>FvM0vbYR zZOM^QKn7(cReX_c&J$WaemhFKCrc`m5Q$;^jAN9G$9LQpwT{^b%K{i-%01!d48!AW zLN+5?o`A9%Lv>nY-cth;1riFp{gowx)8{S_w70PeHn_RC`E^Cy}QD%9fdhnlc+aB?l9*UW3#30%^-=A~e1@91Z4D-|NRq!oBFX$ZY4 zF+ri};&oWOqNW>?V5^{Ry0XAufvj8a!%TXf<`CXM0twDG9?Wmv|^$o~Nji{RY5C%z)Smmqg zJDcNV8i@I|v$LZ;wEESq8MwNddEfV^Gkz&22jbJFrm4C`erSWHb^!MMMR=%T02W@C|5rGr#XuBafD~=`P+9vNN!fC@*d1tD@8vd3mlMV2ST{-!mCz zsBWF`dGb{gbyCc_C_7K9xle6N;hD#SN_ghddnb=y9Vc)i=83WaI?!%8#?xSXhuRR@*o~IVb2Gjv zq*1P@b;B)unNJS&J9v#nOq5Dgk?EU2Ods*5jPb&*&|AKPZs%#!DdmxohE42kSn=%> z_Nu)J)L%TP8DhM3{MOIV1>@`r?z~mzVkGT~h z;LZVAB)>6>7{0;?G2L)GB_ZB(S!}3_=dbR$s>V=dQ(Qqp)Q^O<=@AfoqJXwNE(9K3 z4?=a__nGLFh4?+2U-qBS>M{)ZJaGe}&UmVeuVj9uN4AOB-E65CpsFO396?#GyTJZN zUJ7d9vyD{R$Y0$UD>sBvuv^301STSkJx)=3ASp0rum<;q}sGvU#^?}GtwcV>kTo5jP{&DSf$&u2`DOZP+R-)#=E<1qg(q55a7q2hQCHqvoF#6Z0KP8(K0IGOO+;N|_iOR9BQ%Svi=y z+A$u+zv*Zl=|9_P%qER>$?qNbkRhwL7;psLuFoIxT^;yiG(lye+JAIwxi>pQ;Eh|) z7$iTCHiVX&+d|~q56&(8l*4UCO-~`sZOQ9N_ZK+Dxq=g@Q(FrK+u}E@1*qCVwckLh z2r;_h{BfuHP&73W`mOOaN5`%LC-3>sxb3PMv8LLaBz=x5CjnF%!7B07q=c?}oMmi) z@%**ZEnV|SG}L?`Yh{Hr7v&$iA#~A5>~F@gWKG%hp@sBlWsZqrdm+hZ7lasiNwkq2 z&X+rJsuBQ2bGPAJiui@aaKz}}3oGJ%hEs+a*X5?i-MxwgglB~&2ygmtqh4BKS9=pp z*+xzBNHY@|l;{fwdRWUZC#ghG(D)Osna(Vd>Pu6BfT}dz!wyxq(_>HNoV7BobEPUis zBNGf9Ob~2_X)~g4cmA|b_{f5Rs-($xwWylie>dD+=NH=MRaF-U_(A)&$^0#7v|+a1 zWHa{-K6XgK%YINO87aEH^dfK%6GX;oosPZD{mF^KjLy9qcH~*}McKV;q6@Cwit(B( zl!%HqYbkdZg?KGy^8u{}K#x9gNz^m({&Z+)bNg%bV1&Vr&(bF8vscU~`(h^246E;Q zG7sVReYeE~Q0EVCYa%LAn{j z03-xNx&@?$28kJBl#uSBOS-%JyVu|^p8Y)g{l2~5Z@TKBr|>pHLV zJTLmha|2{#&O2vqQ>OxA?SpT_ra!P?@oyQcAi})@S}5VKK9H@pQ)DYHm(&ZZ#KbS* z)$vaUiY?8OttBjlJK_82L>THler=AqRxR*6#aUBa^RR)ne#6k*{259Prn>k0j*czs zT3W9DBDBS*6YhN4`+<)kC{8?D*rFz$3c4~Ih=H<?FG?Z%E=vHZ;03Oq1%#ggqUDau>B&N3L$o+Z-eUVL@GQsi)?Nd?j5%iXCV>E@zf ziV9w)w!g=DVCbJgMctTB#al*Xa5-sMWp|EiNTp<2M3awwKS4m>W4;;_>8h2gWx-40 zc*J#-%xS$o(rKc+p}eYEXMyjuqhOF7VwS9w&Y6o};Sl5dK3$&KJ-R4vRxz88d)Ww|*Kgp*>zI>~! zq>9DPT-*Q248@6#I(kNV-{?faX_2ojk7MNHPx4vETEw>loIx-wUFYuSp=!tNceq7M zNy_0ZoBS5SVUhZz{F6Ud)(2grg9EJtX~PFR?cJTFne}}bZett3MFN?pL%_>+ zZFu-w(qIJ1c;l%v8wv1@LOHm@RMxCHN z1Fmk+Z}ND(m*Ar#Z6*vS=B$w(E|s5lUklT|UuvP91usZSv$iqBs*w*>P7SNqYVk07 zFH>JL(~6YFtek$t4Hcn5kShe>v^pO3moJ|7J5~QfHge(3&1&JY;-u@~$izP!QAOu& z%HTI?8M!A{*w(tV|&LiG1c=WWv7%ZzkXyf~q5{P}@tekX$;8I5`0G8w(V zG;ux-v4M-vWf1c&)yg9DuTx|I`OXocYe5*k;4r zg;pIYdf%>NN_6-ipQ< z9C=-{qxmg@?86-=PY{fDCxQSAq$gDFu*1oJT@yxbf-Sp~*U&JpZkhV3w`yRSL>{aC zV(pL@91bt&dKX<{zZ97b(qXZE-G>-zXj~tb6Ykr>enyt`Q**eab}?Mjer;|_(mljK zFT)B-p_#QqWlbh4EWs^;dmpDHPCO#QTt-cSG}8Udh}a9)5s&#^U;m?uogsmOHZKEU zNYYT97D2oc>e*!FtxB3{I?EfFLy7)W0vNSM;(SqsN)a14YOj;!1D@Xg_M9h~SLZmn zzO6@>XDWZ)dflBaaQ5jvwG3Y3V=tAtyDG65?gOP!(Uc)fxzYR%xsyheoL78>?{?ad z7GQL4d8(xj65%DDm-Rz3w{Lvr7wYL%GGciYTLrOfk-uoUTXg0%y0MPq^;3pG!Vj>I z7@E?%Ou$a2tRPcRp&*l1@FCkn{s)Y(793eM_c>%>;$2>td4;jP$DH@jDh$V_)rxUh z9SMrh8hp^^ThtBW^#D~+wa^_-^A3#PK1}v>i)oEPpp0zhx*+DQ=Xk8kLO+s;vCD2? zfG7}9UiZWc1!!5#z1`BwhxQ9_=-M7$B;X<=Vd_tCHlOEl8Ry1 zG5lNu;2w;x(Y2jUQ82{IS7I6}OnO50e6*r7?TW2sE`jygvn($b9W1D&PV|V!)+?Xa&5LDy)dJ4$v%jJ?*skX2mW-JXHKH#HFQCk^ zBm&Zu$OkAdKHB@(gR6$|yl##u?&?9wQp`l!sT;G^)Di2t2{gu&(JEn0A(G>mGa&(@ zg@xp052tt_vJs$iu=;#rFRfkNNx3?8t|ao7v2kN9;b+Fu<@wS1!xTgD&irf2ouSDG zWzCl>&E-O5Q?(9cTkf28qCCR4(h^oTbeYAzO^tC+b&JCOblj}?BbYI)C9Gxa^9gcVJq&@g46flL$UWXZsbKBT%lh4)d?pu<^{zui>8x z#7r&4$<*%AGzvBlu-d$u9m2N_aCfQkUYqayqq_YLz1f@J;#1i-F@-s!H!_KRKE)F9 zLaAuN?KY$kIFaK|qsyTSMVvRehQyN$7~CEO)PvUn=muSh+3JS&&^E%L@| z#Pb41?FD7CHdf<9CFfLEYlkHDm#$dT`R9i%$rczB$nq|Ra}SZ$&Bq;G)dV}h`Ra?^ zWRaXWTG@#?GVmBzd%}z(tToT?h_|&@-~|a{w={!}lo4o&l3+sf9)uxbPXxM$S+cQUf!4)yahZCH)}dClveX%;jsW_d3Q)e8 ze?h-DULssGf%jAovW0-o1AU~oFe{JvC1HyskSXjW-+MOIP@mEkJB`4*lq z6zhnUT%z-j`PwRvUOZx&S(1Ez$ms|?4^U=DatqKD>9?@R5r*Hp-mL>aaQ|-wU}?-#!u>L5!vlHzVl4)!U5E1Q-BwnSUn$BXe84o5?3% zN9}eBP{mN1g|dk<3FAt zGKMxO@cLg`!2UPT^FU*K^AGN}#f>d3^j9we_!@et3gVBV*d?pJqs1V5zf~0Ma>)5OQeJWs0n03qx3#KxQqGjw?bzRN@qm=B(*_bf9fkj zBYCR;)Op`f^&Q3V*?+DZKiJ!=Higcfx6MXzW;2Ok0L z(bM(93#@NW0C^A)2C?I2(*=Ksy>{Z5y9T}Q3z?`n09Y>o@)-2rdT<{9$$x*}wVdmU znUG7)7zKCyB%r5(?^6}xe<1oQ=w3QEq$_%P1pP)Aq1@$XefsqbfVy>xtIJqTc`iIc zgYvI~BN16T7#0ovA%OURRdGC?U*!1CkHRy70iKyBgAgt03Re08FGnL-;PR_ZVzzKq;AjE1@SRQFAXZ*f;%b!E?G12MI)(Tsp#p~ zJxa7H;y~)-)WRB00-cY%S?qOcfutaS5Rx&4>x3VVw^sEz!eq{_!I)w*8J2(Gr>ws; zG)aP9qqd!Wghlc>$dj3?EaB(NTYJFfs@VE5{w$i5G3wWFY8f^*>~C5bUpa7-t36v% z;#t)PHh0~IpRQXe(2t&&81<%F50+&)cMh;i>VlTWTUe#lszHGSuHYz?FuicOy8{pHD)mky+U59gc8^qtt)$H zJQz!h$%YsC6S0ln4o@o$U4$OrQSZl26vy8N(U0yT9noLGk0A(;8f7kwvdu>F259bR zW?C-XVaai^NlslO?91!JG~P?d%*+~iA`ldm)`P7!dls-+imnrP?%PbFlh_iAS%c0+ zUN-i+u$+rac2W?Yz|6idlN_t1EN&iUFz}WZ&j($vEzg=Si)3z8$aUxsO>Qm^#35z_ zZsqnhu&2H((n}~k;r*wvPodr3BbXInZ>!j3a^{uzm9%si-9XW0O%VE|MqT`wl1vAn z>Ak3%hwzxWffY_mvsDUr@3gd)!1Am~Pl40Puxw?x5S86cn2D0(hQLgN4o}0&quC#k zlP^{rxfy14?PCl$Hu+);pOK`6eHGtQLvNbeh3Z2-BPYH@^FMHpm5p^aa(1rBUv7+e zl{=6xfBZmXFyy)2dc~KOf7(d*c0L}*(nZz*{+Jt?>lm^{A8N^|RmmP3|KvqQxNl%(r+7FlI7 zY3G(EJ8oT)7mvN3@U1QwPFCRyrzOWr#e6er_x1KqjcABCad+tYqv7J#o-Xv)>534o zo*56C`;u`I~Spyev`Fh|CRPZKfl=M{7F2J zwgI(QXJ`0hx@#)gD%G&iy-g2crTSmROCm`y|1kgJ-L6jq6Nk8ByA+DRp=_^&##Ux_GG(%?!&O7E!=ECWUro_)d>IL zIraWnvAFWL0X1uCrA-i${I)-J0A(`p@3@ zNbP?$e`~RksWoW9ks+o(r?>)Qr&;%_*^cJdC7ZN(NzL1C{A{L}A|m@sdt)lSx!w6T zmP~;bbw_2tES~n8o7#;wmqa>fU;~cO1i4-H*J_yVlirOy=lqiVDMjzCx`EAK(e=J54U4YjDVHJW_6se#{a={`ZFp_UpjnucNc~vIHf6- zH;iH`g~AbZ?R!zv!b4W^X5THUU}-4#qXj&teecGV%Ua(YgR5*qo3#tnbIl(HC8z#i zw^~PaR^BZak(UMWGmXmZc~t@#m}7_J4QA9qI=c2THm2S{bH}|t!Nw)EpJ|}Yv(dvQ z23i*$p&WHD2+XJ?5fB{GmAR`VWvOJTeqY=(!Vi7*;iTc2#;hwl>h1B{iW=$2biK{P zG~X2)8>*S@1h{~I?zUY@4@(~6`;H)<*v1!^;mLS{WIk+GzKthrvo^|QwJCGVB?doN z)z0v7#fliZP`l?n|A&%clVC^>6Z)tB9P? zt_PE>u5EG6tTt9upzIXiz+Fr5<+L)oUvEGAwW1+jF@cMFxR#%!PH!^|b-3;7SOaAh|) zYjZOY-;xLojGXpLgXL(3$CT|FI@>ed;rasI5>*(O!cJ0CFwFkM^TTmrY23s9T@HYj zzgV}Isn`5TLh6--uEg0~CjIQl;j2`T>0;wK4W0k@OWpx?+~lDqsz3?S%cMMbBmYzYN2$I=;SWBr znzBK=`yb)U_gyfJrJ`_q;)(xq!OZ_{A{pqSop|(LqsP|-+6`iF_dldQanmn=ihag1 zL@F5K2>@|WiOb$52$h!xP&BUJaU*G<`ctfKu&YH2$>n!;99M|NUgK7zA2@-$dh-Dc ziiKSh7Kh5x-M-;Id9uBXxnobA7Z?3Pl8-w5RY(OxU%>d)}ogeT%OPA$*s zn&8C@9lU)kJ2{rTW899)BXB==M&ggaxy2NhsmK!~6am!j3{Yi2ADaN@@t^$n^MhjB zx#m^+|HzC6tP!$dGqwJ)u#ExLbOW_aJtxBrMh6~}674=AFq}6VmBb04fDkMFJNmgx=FawmW+m^b$Gr z_mA^En#4tsYS|-VAV4-Q8DjS(8=6BFfbbX)Q7%m1xxmV%Y~T?HNB+~vU7_PT0cR#4`FVpH&~)#Y7XUU2J|eN0cIroGe) z5L-UX%C}4JHar0=8{{%Is7&W_Q0p-*X>mh{jV8>6&!t!fIuTN)fr}?o3}ve{ZgS2Ey_JBR zizm&0fqi1vtK?~#Q*>@u?$?MG+TtK0O@U2N7U{Dbt#8}(l!5mm80zYVNXwKn7s+BC zqzCC`J^;X)n@G#0S-Jp8m;Ho3YDZvKpC-F>ZwViwyMEy$9)BD4A&4EgDr?LqY*o?A zl%)o(=d_@fL;UOcNY-CWJVPufcyy9zH_F&AW#l34?ELJwoB$bg%kSkmyTKF|J70zd zTmzFw6AobC+t?@zm1SA~x`vm_UslBf@}PXPO5fb-84-@yU(X?Ube^(LVuChrRQ3GcodC$KFUg$J>3xZgHCvT1fdV2H87GPxHi` zmcuy{JETj{3pV$wXy#=<)JaQcD$PL&J$#}qiDu(K-EFrUXoSZ1sM6|4~G~W>2m~UZMX`9C{UOn6A_6qUs_(s)F(5qJBFyXF{Nybh%3FEzA%hV=szX)bX zY2Jb!z+%Tge%aO`*CEkf1s%n5WJ>YNVxvNAi~El__~YVj)LsbkeEHXtB&P)~sss!U zE^N#-w%~L1Yiw_Bkk4_D=;+7pNNN;YF@fSq*3XY}@jV_pAxvRB4ICsYh?jk8reZp2 zBMhBe@02Spxx->fq4Pcw0#Zoa4yiUg;(=~^9PsXLTwKoiIE#&|@FU(lFl%bDa1LRS zQH~}2GqX?dsM77@G``S}%;xev-CSw}Iuq;;H>=a?I8f=T-}n zx)vYT5JiJ{R_j1&O;v2^E{SSPg-0u*mOnZ?hJ=&*hq~g|!Ht#r*KO zz*{Px`5g z+!1WG+(~XzwJku)31``2q_77pZM|;?uQd4BmS=XO&N^OQq$nxTM@f}4bh;M31RfU* zmI@J;Vv58u315MOAAlq`N-uV8FsPCss_g9jYPllo50D^cj_9bp#XfE2R(w>%g$<$- zw|enP#rW&f0;AGf8D3v1@!*(d?2{z!h}SqgkD&$(c4l`Y3bQTd#*1mK^H8M@<>PvK zoZ^Q6`o1&o&d#N(DJ}aGV3kz&jv&3Sf_!x5QzeY04#=KK7OTsVUgWk*j1C`_zDqNV9HCC}KI3 z^0P_X{AmB44n3))=Sh1v2Ak z+w0mH(fk2^&;2e6mdf)q6L+%xyaKp7RrKC0&}ZD=K|ABjKK0+i&*031l*z04`p=;^ z2v`5P=f<=ge<>iO{RiXG9M?Y{gulXDNE!Y|sQX{{?>kq$Jv`3-g$a5KhDE4BK~(rL zw--9a+pxC&t1c|;`2c}@^s@}HReXelEKhx1LJ^fQv+Dpo#CNe_H!9a-)V!gn5yA2h z$bfON1*mrXx5j(lG#t0<5W>yuHxtAHz!Qm0AWOm93Lvp#pkD`&ikAZ_GXP$z2yxYv z=RBgrQjn<=09K_j>32Xd`anqN-$s)Ss3TxDd%sE!3u4@j0Nk~?{RmxT;H2{uqO=0T zC6qONg!B-`4WPB*NzkQ!qu^a0f{T-Z+Y`MtsN`O5JH+Xqp`&M>Lg+Ds(*7w%hCcJl zYlw8@EYXR!L(~H9#?(JPj$8k-82HalqzuX;vq81P-$@$KD?`5rg_*&eI5_s?@9_8e z0odAq13qVd0dk=ML~DKiu|U0RbK8LZL(XyM8EBqgXt6oiZAweS8^y#<#6r(t!4>VV zS5pumG=r-t+(DzVUb*dK>tp1SDtwhj2cX6gD6@29MJ>gtUntS~3<4BZRH6|qc)&3p z$EZF|`~GG8iiabk(xDgsiHzE6G6l?af_F$gecWMbz5;yd`bzmCI$M%D-Q`-HSDszr zL$I6+*D39W-&!wtmI|m8?;~EM=^0I2>`H zoWR1>OqZ_*Q8E`9a4UOg1F^{06dS9RQQ!Ax*YKe5;*o=8X39{WF`>+!eNRwjQ=pZQ z+q1VIPT$Y$85+6KZIE&`k*(IdfIN=^O=g6A=~`X zj&mj^|Hv*T`ePKvOCo`}UYLZ+bg}}=!!)44{?p#6w=~Nz|s7Bnf%mk(!cDJn-cgQERPE=~@mCvqS zg&7W?{go-{Xf|UUWCZdC^;ln?)Vsw3E(}s{^F*J`AV{c9YnmcS6r}d#XwA^ED}h|7 zTB+K`uS=Bb(pvMRlp2OZW8zC$>wVZp)SAC%ymD_6E&@3LA+@`^+E3|WPVGA$sBx^|dixA?;`UICCMP@TkAEC#wVaEsP~E>hp=(Y>F|b=9*0^UAO7 z!w&TvjYOntiM1Q?xqJ!s%byvwaOow8M9b`}j|<^~SS zZJ7EE1CEUm$9fnwOZ!g5dN=`$#RyCm|29hX(HfQr=ZeWiNGdUn z8YR9U*m#-}s&>o&Gb*?1W%Iryz1DB2_0eyXD7t{?H&t@%97L5&F|TPEZt2Ey+OewJ zz8{o}PhCW@h-{n@h>D|_zbog<^p`gfvqaKwNdra#AeRr@7g9iD^%eQTaBLZ>^1XSlro zk2?RRFU6e_mFaGcum+nO<<)5(5n8LkizOw)SIRzoo8a+%SWsBZ$LdU&dFm#D9>cr} zk9$8?6|+yUX#d1GV(9r31GsS7f{^tKp@CisA-ih+J*6+a(W?S%pV8N|1I8(ua66UM zpE-fXh)3al#~jWf-u7rACa>_WybHnXqfHAMS;J{?m0UT-QoCtG;1?TS zAElwHJQA&f3D?Gbb!@kX9OGkoR)-q&Qdgw;TObP3iSMg_CP}&uxy9U$%OA3|v-4r8 z=t;==i5xv<8YrFJnth8YY=+JGJdwq`&KDbuVA|500(MWQ?3N+Zlqn5E|NVy0!yd`_ zS?kvKFSfVRX`xXhhR)!JDk;;RX+I=qJr@WYe`Vy_o$7fiZNaIfk@rqbACe|8lRSli z;}Yb+^`-!<=+iUfb@u+`df%HzXGU0L0%UF9%%NG4912~h2K(i@$?5s?2jMAU&EG>N-4R8fDkt+d+@Fas&4_OslC|6qO!qzh_#Xu z@t-vk;>|umO5}p5=TQ5j4P?ixajy5^+6HuY?P}D8IODZ@?_I9eC=`nUqy`R(fja@ylcI{!>fq%#(i#5Yurv)XP55cD9?sUat?{$&c!Fh?cG;i5l zMZ?om=?Y08Wzqf7RakEM%xyJ3N+W?F6v#)~3)T4gn5I0Ho% z97Niht}dW^kJEfDpf1S7yq_X>v()AuE-~_*o@}s3x#rF1pcVS@vWE&^cfE@p{g5NpjGkYwQc|7`x(}}FiMyfyHuLEs*s!|DsNhyR zSXV6t^uw%oI%8mynfH1XtiAb7phxt}DX^UyL6r?G7HCU7!jCJ_Pa79trR3HVe--5a zo8k7~rAq!8SxvwZ7ar{pX@8INx$bUL|I09&g~9HRu5M0dGM+GRQQa3We*9&cn$Tik z7z*@#%!*e;{w;8Nf%P>Yd^GH+;bQc0YA21qy}R;X0HRV}xUGd$Zi%+7Z}@4O@CC2Av5t)3;cO_%Sl>x)uGXIFdu>FsZG}zz&<~5z;I)Jt{+WGfcWJLcj z2t_P}St=^Rs@wz`1dhLkkpZWpEJ~~YObv7d&{S(g+m1mHhG~FKm$hDI0)u+ZdgJV| zAtMgKn1T?Dsko)3>21`u`Qd&A2sPwAU`R?v-i^O8(>ex+tfXk0@$ERcUi%|O)RjAv zBhkqRD~e}XSFOwywHoHQ#xdtMAI{&fhy@g+LLe&yVjc0Xf0`bfk@GU>5?Lt~m7!C6 zs5siLcF^5;N^it@DOP>(6yOMes++zm6QFqlnFQTgV#a<6 zqkUIHnrKO+hW{BEr%=KUWfZbG}eaCz&c)bB^?y`_D94R9`q?Q@7h6@ zx6Rw18gJ~PH#xiyhq8v=@l^K5rRf9}IiQCQY)lOhu|@M{p_d@n}x^5u_Sy+QQDb#V~Cju^eHi!e!_ z?&Bmx@aZ0t>$KYrSV3b&KH!-ml9GQ&&CJrVpMGaiw&d%n2*}wQpTxFsPhEpXxheit zJ`*sHGVWX)WGuW(Wp}$Yr|It%xm$%FKV(R&hoXC!jhO}F_}!W<)5QSw`sF5}pK;yp z)ICMajxR0-)&19HI^yzWYFDJaikR-3ILX z?118Jn zV31iBYT(*K*jMYjRL}qEm(<;XjoT_>e6pH6eOYqV`6-|Cm7y}{)_X2w4FyD_Cy{qe zDmWTfHQLK5zAo26#A4U2rVP-D2ofx37VVARy*Zy$frl<_8~2zqRiV4JJn`>92K4SD z)dm|59(-k=+*m`kUgmqKF_4<~w_|~+H_jD%j?_WU`Pplm_!29@qMHt>O_BY5x|2f( zKqRZ1HY=4<^X~5P7 z%0y}2Ir#fEz!lZN6Gm0?3~4`4X8hO?W~^;CGCRhTB)-MtWaz(5%`?DsIKfW$h|}?e z#0P#@C(Zii=T7pS{t|Lu8=byIH9kaYO+R%PA)zdC;#J;>ZqqZfRb^WOcX!VyEn$<- zv)_LoGs#-NwJw0=T=l;U57xVOb!R5ku|TXDZFS%`49{$Kx}Q$nR2iWOa70Pvuf1R7 zGkHhx3iSNHr3{=RV9g`FfD}KNMVMu97y~4Qjq({U`abQBN?B+=?pD_R_zm`gXHD2P z5$h|)Hsf*g#p9+4eAa=3ha*-2A6eD=ef(K~ohbZeq*@ZGlY+-Q-|E>7ddvLQUTbX8 zyLo>(-o>-e<_1s0Y6Asv>_JWu(>b;HMb)+unYRi1vcrtlg`nEHE=(v$J%uGjAfxCYpJ@w>hg0X2$lz)@%4c1|p6F?qR44e7Tx7Mv77>_}%>=Ncm*)%Ib)n?rHvMlp zu`G8bo&fS4%DduY&X>dH#d)GX8HZnoUosS=F%)P=AQp zMEAwUA-Me8cfGA;imOUB%9dvE{`MuL(%J15QikoAH)DgeXMI)&`zv$(Zl15wKWn&r z#qp=HZzC$AsG$ox{o~%Xz3W+MOUl9QKC*(zqCR-K&uq5FB0@&F3lv*jizLJMe8~t! z(~uSeX`{QrKFm0zW%UngqWirEFzGnV#(UOM}uwrD$~G_xk_ubf|rIU znoY6r)RsqrRU=N@Rprk~h{Xy8Nhl-GNdI65Q=Q2_h7Dr&W_38$k4bpt9=sJy53DVs z?}ak_E6Zjrm5%+EQEb{Xp=$vgwq;qTxki#)5}wWPMr?QAqHH9AAFtEDen0s&{+UrH z`8o#ga$w(0clOgT-L=B&s8J;EiF_aA-;5-atZ2hmBu7c=Eln$k3(JczZEwDfF`DY$ zW8Hr9epoi)G{Z1FZD=$8k_DksWDw{wj%Ulysqp3QF#C#yY2wv84`@v254Z#RDwMn$ zBQt=;mVw;*HY`G-n@iQ6?_1v=eD*U%VZsF`1D($~WoTC5XLOI{e3-JvF_!|?V z=4c!GPDtxoT*>p?Xfa{GrK+jSk3yuNe2BtXR6!&B(zB2;GL&$PjFX$upre#>dg#OF zDJ9Aa)51SxobCkrRKXs9fT4HzkYezc=v5i3wgp$7EVEuSa7Wm=M(#|Cl1#ATrjrkj zwFv?go&5x%7@g^HVWuk$F;Phn)kv63JNz))Q}z(_&k8v5 zbxoP}NVD9KeYPhX0O*keVi=6l?40pX+q8X)7Xu@yZxZ383)~pD05|3Pd3#0|S*J2f zdmN`1a^(efn&pcRm6>I0hlV%m&`(3t$I}%iG_*P$fvLgOu+S&BSG$l?A;r}gVy>5O zKfq=lXbqS0@*zf2oi;Mad8gwwjr(^E{J5hxc+O9y+?lv{d?CiXsoE8JG20WY=hx_A zx&X1JZyfQEWo=&)42d48h8lL1Jq{p%`h!C5-Odh=7ni(Q?ie}8$6D4pk^Xo>AlTch z6n4WY&sb4LM#S1^Ke${9)0_-iLZ`aOLO{^evzmij5iu-;^SKSAMni(Udg!5dcfaJP zbzOdR)7uQ{A-ahQd=%2zgE+Kt4j57m9pexGRFWELwR-Q7qLtyn>g*SCx-KH#}jGcpe90>=h5BzTV1yG@eGtk_l1$*6O=R+i~3%9FX z`#{|1;NzwGuKzzGHo_#@8R5Trea-z8uE@90SW>9Z5;_NB~*rc34F zY-6^HPa_0ySSW6^O|nFgpFhN{PbW@oHx1>3R@MJ^s@${ZT|CdG9S8 zpDo|l7r5|Tdquw10E60zqnr@?d9f;LqEr3GbY<4+AXfLB%!0B3ry21j7RJ1-+UN+a zXAt1?!;uXNa^5`u%kS!u83;acdd>(E{X-&e(fzfvB(_R$IM^la4qjJX_gOOUQ=qL+ zUuuhDWGl-7UD(0EBmZ@cz4nz^F^@IOgKq7^LS|+^GbqMIY1gLGmim)LjsE!+`vxEAXtFPs4)zvc6rFneO251FS4hkf?!l? zhrY!F*$glUo*0A!ffyPPD+usmFZ{O(gDw7^ErIJ9kwtVWLdCo*t zDvwQnHdy(teu4kA2M(a?dH}{T%4Lzv==Nz$Q&hd?Gcbf<(=)4Q4!x?K+U-{yx?38L zEAZyTg7c)eH4)oPS73kgUW#>gu840KmRGe*4Y)zZD9=MBIX|Ukcp7d1Ilw4WRUzP?O;^;{9?ZY{>#R#a5 zzA@r4yTuDPMVic#@rOx9;4}OJeYfxAA)a?NvOHt3L>DE!Pz*swf__w59l*Z&1OwM^ zoFl3i(%%7@B)IK3dPy?`-n0k}54WvYuMF?+cmOe>2~BBg?^e54TX#YBE8ppD31t7z z&xTPUh0);I>$;hrfi!K>av3%Ly9rs?i_BwprwW)2Q_2C*TlWJ6HpLRgkn}p<6k-c2 zPQ&}zWSW2E!no$eFx6f`-m$2zG{V6=^_s@g;1pa|bk`F{B^w{DhMmWogh4cGzvYVl zFd112BrGO>VGyRGftgpAD>LY%h|C&r1jcKU1Y8ozyZb(%6f8$8YxCOgf*Q$fn){4- z1u`D0S|xg+By-`d3!`g#N7o9dJAtJeFT$XIg{PqX2Y^AAsej`)WT3DIxFiqm-={W| zi*=@VbA3_I(A;;K)g8EmFo9i45-k!Id1K*q{r(SBl6||So+ne%WUGx8o7o|q>Cpqe z{5w|%+t@5zf6U+Z;ls5BYw#5{i9)lv{jiJc0JL%rLi&l331%weIRVS5HgaItT$`DX zj#o#g+8s#Pw^-8F7&rycY}p;)3-ZkD&$$dPmgDKh^XxpS@#yBXbvn#h>ghNzazhmr zTeZS?KYQR5g8~e>;ae3AvFW|!u-tzv-Q|@ zfER^^peE>Sb2T&#odg{ZqsNG!0BffvGfoC{&rl!3W`pzW{~C44H>~unMvWM@t(lT5 zYL#NE9m@6*YlWI;V`^;J5Z@`Q}Xr<)j zEhPd3qJ~{fo%d|wg6c0r=)(IHI>O0P47F{pkx@wL@T2vi0IjPo*7R`+*!L$VRcF~^ z$hWZTR5ioBT7Y6Kh?z3ZOV@qCQ{4aAUUr%XmBQ%sjL<4PvK=8YJC^m%r5-EC8veRY z>xK3rf&Gx_VBD;fy7pd6`P~pj)U7DZYamjY)XX#Md3G`gX#uz41up$KeDfEm%;TtO z`JR=&jgi>t^7)=0A!4bf9fQ`iC2~`X=bUPr7CJ2Af;7jTFkmn4#D0T3H_AnX9zH8D zklVM}MG?WV<x)#*$iG zwwX2AWBE3ZxkdkwZ@`U5J@g=^@nsbV{ln`kl>4X%<{1K zVDNKZQ$Y>=DLjAe*x9=cR1d|IvykzmSF?E*lPtm}!-(}^u?@hLs&AeAlB*b~^&lQz zpyy$8|25E`eWxiqk4z-NZtVi~$(UWA_obFfGqDBpZ5e)x(^=4jTr7T;EkpADyzK=riAe3QP4!rH*AK!hU0%e%sL&Q4{f z8-dK+*9n=OwQi98hVbr_v>maP%K4)XsHUEQ=KTy!L`L@ed3anu`x2sVMe=Rj(yH!! znBE=SN6%pI3;Hnf=!7_p*+%sBED3d*KN@T|^Is6WvIkGw#Cui}d6cHJ`P>CrVL72- zjC@*NhIQRY@3WUkB=CVwQ*X4&*8y()7Okb}T%zb|_XkDA^=qOp<>Ju-{>De|_}CX} zPXHvco5bROTgrf&u1bm?rk0Jh#c(MrWQW27c2ZM5tio_Xe>J2#`FHe|AcC++?NjP# zy((l!o4yu_v#IA;TJFKNwnsU7e=whVz^5aBD}u$@s-1=D&vIorbOHF-Tfqgu8C99( z3qEy>#W74e1Y}Se-^Qv!0I$TD>8a)GsRqeAmJwylPMKQY!*}#c=|}sNlY?Cr&q=-1cQ|3EN%??!rIrjCKc4I`K4$0Q4>{`|)elI1@O zHZyjYb+uL+9xI>5l<(Xmc6NwYAanfSb2ZJCI<`DSvfwnOt4!rB?eV_=m1qE{)c!$p z_w59|SijYG9d^FIJ?Zk`B!ePu5$-zsuVkCb#1+1+$DE44n?a;s91(l@A0meQ6E5%{ z^{M!8j3cPFKq@;BXnqU;l!b=APDEwnB{nxNQR>5;cRswJGPmjpD{rd^%r z+?sA8iO^Q{JIFV*qit$wVVyF<*Q zGLO!qKrGD{wSF$}`R*v-8r-W&K>Y`2QJ3xnWS z0tP(4{cZ2THmGOq=POeLcy+zK@$}3MPF63KpBN6lw#ZBooI6QCuC1xOrC;2Ew{yXV ztheKJJdE@*D>eoeYb1}YWPlnI-~xi@Wx(OoQ`-mHi|PA~-vbsC ztVOjj2yyv@YAi%b+D2^+rdpMNTA|@F4ggS^;J0YjA8Vx^PUkAu$2y<#@RwQdWVjcY zKQv(b0CY!*VUznq(<7tOmy{m``zrcvmaBK{c*&jWibo% zrGtEd^8@gurvYAM-+FFC(`ylx&hjr|m9fXBLjuGwaRx(4O-&7U@4-cSGMK%@1U;jy%O3+4?+5k_c; z&jp}+>%#SxJ*Jh$s?Ws+G$hq~-Q+wja&5LL9=Vk5S$!Y-BJ`FvH{QB@k+MF9fkW}@ zAAr(l7x(qaMIM;|{aLbIcIzL|7oL!GhZ*1my|eJtF=FB|8erU(kgK}ej5qRg4$*mz zdA1;#hDHRmk=5wy>}wG4TQyCkA%+>UN>6u3%@(Eh(Kv3(Kn=`>x_gOy;VKfLSF{@m z=DW`N2LuF^uDsPtm1~+Jz0mU5#(A{Fk%vfLV0^VV+gyz0APi1H* zkjv9EI&ftmZqIaNgC&=S6Ft4alXpE|ijsa%IOO9r9O1}AoC`s8Ly2rp_L!usVSPqO zgZVla3+RS8WszY0;a+yy@P@NjLOb46x^h0jX8~Q0xeJR;ozaRw91@?j^=;0S1}WP8 z;28fS8>yC33(0Pk=Ry?6&fMk7JI487Bh~e-dfFM~AE>a7Fs{OvMA$LTTz_v8UNUH` z&*4CA>s5UB&VSAnb8$4x$Ep4mJ3Vs1SVt$mO> zJhPaOm|FG7jaM1By(-n>J&=ww|2y%>{=#o$Oq}L;(x15L_Y0TNop|~1-Lak4m$v_T z)Bop7(6!{crEj@1m7g!PFu9Z>bdar~fhjVGRR}^GEkC#;N=`Wz>iD(_3qvZNKPLs9i;av_c-r5#4^;+`(n)B~n9{4= ziqPCnoy#C`v~v75NP)>S5GsEtEvak1q_KwzR_k%~!gG>M@3a=SjY*F)v!6dTT5M8M zqDh{umvtIHXpThB(RH*lRykdu)B=;Cs!`uS>s!g`jw~&)~>( z!88ufo}5FZz$khG`ht@3jdQpPx@6WzQ_o2`m3A8w>I^KOk4D(D;?K?anz=UEENYVJ z-=X)v<1n%nog!z?$$~s*98-?fnx9+dU{|T}!A;8L0V;=Q_c(j-Qfw)*oBiB)yclmBT4WdbIH9m;wta(z{F~BU-7rng}(3yLN^&0V>)4}PE9)kjMrKElW zWCC>i9Jc*pR5WYeE?On=+(Ul+*o1nLoGGXmDrtqxdzmt=@ov)GfH3jey7S0XS`X-;j_Lo3dgOFw+20)J>5nbzO< z!S9m8Jz%y`%9~$mHTKibWNpkPQ+aq@hVR1Vb5e0l7$>XOW{w62Ly1i!`P1`gS&365 ziD83$QwHt5N%WhEbIsLnl})DGUH00FY#qOK&c@p;;}`lOv#}*kJR0qOnweE zcXbs|rd>Xq?hEZ{OXS2<#q8njYWpji*XG}2Y_O)`?NFSdIfs68y0Y@%zzCkJe;Tc{ z(AMyz+}<2GHufE4H|Z#L=I8Od)T7v|UK=|UZ*@M2Dvgc7);-|M`c>UAI7f{9e~5d_ zsJ6DQZMZ$PQz)fIDaA^$qA5_^D!3L2K|^tO_m-AY9D;j`dw}31q&UGXKyY^}S_ty) z^xV($o#)Rd?|8@f_`?_(J6U_LHP@Wiob$TY{%U=BJC1c*A%{j;v9K3Wo6qX#Yq&T` zrh_qYp<3mHD7%g19OOt_XL2IxWOMrD7>jM|18fdx8~CORd7`SahDeCK8s=B>%cVUI z26JY6}Ue&4hq2`e;Br4V80RF^zsruE@{{fM;ePP zgje-^ej?isnAC|-;mXj&+a1=f37^t6zf5>r{XIJxulfx-TQ155Qvphv;FikQ}TSPn~I zg>q8E&Txi8sSg6#yAex>Sg*-|ZD;&pX-#l#@(QP$!F3}WkDP@wOTJ*1J3KYlRBIJQ zDZ%SM(%s0>g(BcYD>WF$^<(o6w@pk3S9*+a%)zZh4M5YNz{FNNactI=O2;J6&7UVq z@s2!h>u+lP-KNw9tgDt8EXoN#d=QA9>Um3)fegQbih03! z;_}tXE}wKd>@RNNw!3QnpI{dbL&Qe!u3`F;Eit+jspDl)p^s2-hll0PC%f{?b#Blv z@0cjQj$`*_YYQbHaLpM7r!HFh!WLM(#T)W{ly zkPn+*z!zRaYJ+(TDC#G8_lYHvde&|(iO%$?Sua3U(>eypuun=<<9KS(O<(V2pG{9u za+&scnh-YI`vAaO`h765O>=`XKSKoi?pf{k{@q?hp;MRn#6u1`O<(HU$9{m(ucH@R zDRDlRbnt9GjZc?ZZ22w04-4g~_gj$^Fcvc3ecRB+sXIfNgV|gJ&JpO?;JuUhn8BSr zoWq@tBnGL;4Vhp}m7Ty_?ypa31sO1i+iFAGKb1I=S*asFP86L$7vM0L&%tRsD=byN z*z?~TuN7E2L-NO&mrf{Z1KtLwPtVg?JR0>t{pl#@z1_`F6&Q<_o5;MA>BNm?@b&G&6OrB*QX@`w@h`M^0@sza#f_EMF03HUnFFrH5HR-bo)puXi(^`b3B{ufS18a z@45$83zf@+lnQ>OGfrX*mF+v;SI1_0mt~W>q{p-{#lvSM4)Kej%THFP>n;v4X&1hgIs9z{T?YpT&c7s2d&et$ z-M_Caj@`iXWbQwN9|Pn}ssyT-|c*Widh!?kCB8G9ZIlNmN0c%Pb}Rv3wbSa?FIPb6HMFoSggbMdfj|6vD{PHaVtad*mZu@EL^$m`+@y) zp}b9%w6Vd!dgb+1$@<(}>d7t@?SBWI#@WG_ec@T+F=My})GI;9w-Hxk(;mJvaM~tJ4;?dt?G;Nr)boNlrUc!{EE<6eoUccui6BK_M@9$Al zxU{oEa&FwF3EBQk?&US(N{O^TNO{sxtz1!+nQGy7K2=8Nws*#nOA)*w(63kWD%NmN zX9D%v$jKItsrJmmrP#io1|D@aN7}?t-YT$0IjNqjDKIx?{$DowD*P_=(S?MiPi+}j zFcQBFyDjT{ay;!tKx+X^jUmD9H3Z*4#o|v+La&_VeAwB>37FeBfB+X!$G$WYFM=S!* zXva7EgT0Z|klOoBlDirE?k=|M9+fS#wE7sx6Byf8D@d zYqRDhJo(p_HM=5Hq9_+P;#8nmGF1m`mb#_mWcq2Y6$Y`7sR)>Fz$}Dzw&|gqVPQ=q zu@$gr8{VDRC`{{we%Bo{YQ2mfWwoR`?AzC!9FnQRIdlhlgXgxJAl>Y}XJtHh1fYa$d3-LmIPt_w5Cg6Uvp(k>m z$w?mvP86p>%;F%nlQj-DzDPKBJ-LCxD_+86*YJaT&E+s9@u-G|hQiw|0$!WA97m>= z18}fl$}$4#Yp4-veTKk7VpDe4Nx`&HrFhHA<|BsHn&!em$!qJ8?(7k~wXTlP~h<=M?F* zfP<9HdfRfQ*M=S-4u?IX$IE%-~ zTUg{kmU~VZ1cN|3x{q2859;mq+vGruAR}1V$ZV@H&U_EEq{3^jIOF&uy8CO5M=Ex| zSYv0i?j)w`=TL9kgr!%NY87WhK|tMy3(X5X)Czm|X73fpBs`X73o6(&`P|aVz`O6o>M& zc#+S|uTE#|pFh5rrUSnNc!k$rXK#F<_T7D6(+rjB?oCi`I~(p^&4jO z$>lebqrbf!56~^U83?AP+Th*gEi_t8#|q5#l&?@WN=dsFdA!zYAK;L7QyGXL21!Oy(K)P_!BM z2}WN?=i3seJY5|xe_;7(L`mWoy=5E9vP1M)i$>!qfhaYIl3NkqR zFyQmWXs58J(8-MP>wq{aCmn*5)4CPrbP`kk{Vq*z>dM*$q5bi{FVimH`f`6d>+aB0 z0mag{W6aP9sBx)G@AdpeOk%8L{ zzCZCkOk>>ZH{$kjeyq9~{%ArrU?;OEs;vUJ&9RRajlZ#*)X$XBnpCb2W7_SVs}5nf zDG4$c)qk0+EihjmktFL6xI?QVK))9}?R3r39PRa;wAdfh$Sj#jwFP_rFz(_Ob~ngf ztep)=El1+R@9aAUITM#n3bG`W`U{Wog4`7#T!*Ws?MqE46kAQD|&jas+DDx}i-pH!}c5K`We zKs)$H%Rsdz_GS(K@mCFnEQ#A(l&AerfH#%(RaN!1+Fw+#{>F^?g64yXfadJpg@lqF zzQx3uxDrt0NcQ}>dVzhshVko30EcGysi^rH4de5Nylb8qnFP_rWN0*h0>|4T* zDYKP@llM;{Lec5kdIM+HfA6e&R#g3RRt{B-_i+NU9 z_;L+v%ztiGIVa9y+c>V;E>4~yQuLLpaMhv@vuNd+JiMuJXPy9GPbMgVqJWRjc>%5a z?e(~wwYA%YRYfZ!f6~85Iw0Ck-2xpQHE`%_HdMLkldi!A8fbP;7EUK?N)SF?7LE)a zI);5gK)|XTqhZA?jydm_eeTd4AYtm*9LTP(ChsNb#PfS8g?4-Y?mub0<7T0VP8c** z;}G^(+D;39%%Ia@_DtbTEDw&504@%;NhLI+0%?205*ZJ;;h_r92BQK#z9)B`M;}A^ ztht=|qOBj<=9R|MAjJh?$VTA=g=3GD-_ zCjg8KU$_eu(WIiLs{f!LQJOL1F)$=IbM@2B)4hl1t`GJfM+|gHit7;yj#QigRH168 zMvejfm!`4zdyap5OtlQ!tWe)GPtxxJ;A4f?tv(KG=Y3&9H{quNfPjGiSN;#zfFlvr z`{w&?An}<>T79B=ezVhwVvRo1IGQn*fRP;S`GdDh8F*&OL~R~g8uk>i`5x+|-UV!8 z)I-raUr(j(^G+q7IhhcKp8W^z;hrC;JwaCL`Dvq54JtzQ6FNFNfV9blN$qlM9EadR zj)w^>62XV+iT1s9&&nZKb*D{hc0g$j&fV6iciY?}cU|XkE^3ci!HYN-ftTEUJ>97L z3iyac0|R4LUUUHq0$KTW$bayxVcMV+!IwQEh#oIX4@evnuD2D}*+8I*M_LYZB&8Pf zvca^4i;+20Ye7xIwx@x^LNMfM__q5Q?(9P$7T9<|9j>zyD_j>#%N|Ce*l;OvxzSl0 zY9lR^UJ(H%rU*|Bn?=zq|bK&(Nb8RY9C0i(K>SA@P1kJ;}*IPH{)FVy0(Zx@RTj9N68=rwWecKc+k>1yy=NRMLFP)#u)Hra0D5<>|jhBfwa7 zwN2k$&w8vFFUtE}y1f`*ZC@{s@^m`Y)4~g(CZ~Q^z?X2T=5R(wYIxlpXX!02_`G8~ z|cfN?scx7jpb$ir>Km@e5=#%+fAdctZz)_<@=3 z!^+EpL9-+M^Btcm_7~?RyW2z4dDui|R_Lk=(wb)jZ1X=? z9MB1yw+lNf3SvGmv+DXugL#qNrD#94 z*2$q%1)Jj*aV>uRCH0`~C9La63H_-s{A-}@+&}BeZD%RRktB{^byC6~j$*G`i%afy zLBVQ@Duuxj?N<>8#%tDvE*D$Xx3p1qzPcWCafeAO0|-l0^V*c~DD$}Dx_8(F`BQtD z{0XVP0hP$v8zAm+ z&8l0e@t;E64$gS?UR%A?4`&0a;Dow+YRn;!ORqfUbKTthNEP7h??o!!4aMBEeQ(@e z(0gPPTMy}8o&OuUfqXn7crtrwDudRD<3&d%32D&LCyzX z?j8d3uecJUDB$`YIN^%Bv$Bw_y_e6}+;Kz*?XjS)g6x`Ym-%ew&ym|qOgweOCg%!f zNVg*m&%6ED9h!(U)y46Q=cKn*_2huvowF`Ja&2<=S++FF5=m+8yt0k0Eu+&}V(nV{ zrHvu$2YG2Jve?pZe2It6J8y&TRO|R4HUJzABmpdHR<1$wwz`@5;^#Pt!Pq-`4_GAM zd)RUvdV@O#qx~Tq+7|WTDo+OkqpU0Ik-5Te7(7)xX$C1Em*Lb$!FxN#N4CB3<7mzC9fDbCEJ9zP3hWb&pT~JdIxw_P=Kpi$o8+9lTqZTJr z1yt9!zas{eFdmdI+*I~>0#yF;yP`Dk!<+2^UYVDi#Hn!&mEgNL+HWBD03Aun5O;yus$-0fQO?Vyp6fub)rC(G0PfYelZ$^O9c zK;B7^C?AV&{{D8R!bekwFORXk;Fi4jZn$?a3Np$xvc56YHzuH9Xdzd!`o;@TFe{~~ zEY+70YI`hxNq##u7MAqIt+zr7cs-%1T2K`-GorLO`dP+@a_hUpl&bAjM1H@=-Ql(| z6(d6mvV0ed!}(B@h1Q!}7S_qKUp7X?DJ&~}ofY5eoh~^onJDnQAO5zS?0GKZR9;Ic z97NB|0_AhXKKTScftf!>!ivgGT2%u1nz~?3BcIDeG$+YN#ozw8=QR{T!WA zJKdh~|4vwstr6kV{in-0+7|ybQ7BB-z$009v=m2P9~=rhD^o8u6BLB%5A4mXHpU~= z-73!M$%$i=AfxI>nL&P46TM4DW{2M85+*h&X-PD;#~pJEYvd?<68zl)$Niv=1eO~AI7W8 zTTCUl$Sd6xOuyJ{s^@o3wwrQ4Zt5F6hngX);qdl2_0x}t)bCC7HY%{dYloc0&-%o4 z4x{cBPIn!c^P8viE$fR4=G3+P$^T6=rv)p%12He=_WO#@I9ccCf9wDL5i&@y`K8vJ z(~sN-(fYaV54FTaMW5JmnfSKKHWtPOyB1m=4mL>{2PzAmo{-)Grv_%NIR&C%XXM+F z0rmFh53&miI^jp#{0~7c7Kj@hx-}7x(z|_gOI#NXnb*9RE!%%g^a;AGiE5;Gr|c(t z&zQx%=(0w3(c~>)$GYT%WU(qgZJDMU7(2^pibMUW*4YMSC|y)|@T)M-0iQI#;~;`B zzN*`Jzndm^cykoqeysun8Qpu+Ko`4Eu4~HJ?zi)?METluFGsaI&W>{N+2B*8JM+Xy zFZP%5Vn&BUwy1+BaSqUHI#MF%)Y4XCUL@VgUl>EBE9M~@O!avz`SKEsV)Kc!?Y!q` zY1YU_;#WX+of#H}1>7a;En-pq;c-aBD_IWFJFd<39<9Q*o`LF^qzO6GZ?t|RZ(z4) zJfe_$&mnmMPU z!&7SS9pNQgI)g@2Ptv+KMbSx1+#OQR^4T6kHzE$hV5e+~@B*f5hdk_7kB&^M!7kiT zQrK-iT3Aoh1>IJvuTD0<;O>Y{0oUML~U-1GxT8n3&&Bw&U7m0U*2O&O9r2~6-9*sXnW(_lD_rFU3Z@^uD)5G z#%?AIB-w~EPOqQgX0T015Zfk0tn^j1zZ~0?O46aGNzCHQK`Fgq1(B{Lw$2Q^@a6Wy zM&f5C;fcj*v}gLXYg`_y82IvmHE$YvlSb%4FL|zQ%iHjQ<(cVOiMtOkN;vj=h`Eey z?b&1LR2^SLeGWj^rMS%B;?mM~==F8X{bmSxDJ?0<_e|DeJBTfcVOhk0-cCmiR?M8= z>ZB&YoKi$bDND3Lqq_9!$#7^4l}oetkQm;`@DQJ+8J}nI*Mxo^ zP3(rG>>aRLa;u9sbMvPqELRn%n^xsD+*C%tiLrisOv+!AU!7NS?o0!t=D-&eB#-~? zIyI^JI_kQO2HSr;(3{O(N2g_QBxG&sQSHRp$zEY+6%pyRX*36aVL)n4sW$66^Z`hi z!dYJKDHZb+(=XOZ_N_`u2b#NM^>uN}vJbj5$b~reSq25}vPh}scwap)Cm)G9DBA6y zqG9ei{-HLsP9#pOm(cUbZ6VmQ_qO~-Y@cHY%RZYD(e~cbmIij6EP%wLj5yiT^--Z1 zschSMGt}dP*sY^Uuf{Zp8w@71$l>IF$l`+CUbbcJ+j?ih%%j!2 zR%|U1|DrEhr1Z3)BY?~`-Aq6;vjS{#tX!bx7O`na zAEy}KV9GP2u||B&;xCj*^haH`1hy)l5h>dt&y1exn3rwcAUW0g6g=R6r5)xoi7iPWAJ)sh#krE)kiRY&d+zHje(Axzhc`mBWR2dO1cgO$1K?IcZ& z0QaHAG`_^T4vNcCAdY^NExo0ClA8Gu{rXj($C6fr9ioPEB@Pbev5jNX2#r-z?piwR z2kJwYUp=o%zK8+U|}^D z_l;8}jXx8Cp8!}*JzB@NLVBkZy!36Lslsfd;paoku4BOmomK>QF#VLQ*pl;i_tn>& z1LYt&L!5KA{##5yy2X`RL-oM0$tP%En?=52=5dDXFRgg63hWI>-SZyGo-Z+24$bn9 zkTvd=QlXE`=mP68BQRn7h@ z1@G8JUZwMo70frCF3MkgTa;r>a)BeGHe*(1UWkxLy3T1cI!f*>|6fK>RWH~2A0v=| z+|SH~%8-3~L`VHmnKL-Lb)EX$&?GKs$_1$j z@jopfWaaQBU;%X%2tJP7vbm6eo&MNN{H8y(O;-1=(b`}nJ}Y1{=kerLd=Pb(v9_ak zo?B^T_Bj~?Z)-`U_p6W&K`Baf637acfXIJVHo5Y*V22l`i}Z}y%6%z%ag)jk0d*zf zATP{O_sy~H(ANbS^K&>wTd~Mnvf6BYI1lEQa*DT6hTY{`NuxX-2zb7^kZFfu%T*OW z`LVvvv}VpXnG4C#VeLyc+xda~*xDw?ow_w)mrDlyj~^J*%Paufq^^5!0R1iP4BWw3 zNd2u-KiPm)33bCGKW+=!O1d{y-@~W8A)Amx*0Ci%_@Z#l)aYWj(gEKB@6Zp|E6ToL zTxohjvIc|R+QTv%kJPax4Pdd`>#P_;uvuAeXzi_LW+EXVvVXupJhM-Gf>7pm-W>QS z05v4=fQ-`Js~MN)Hp$BJ!9y`|uqM~NRs7-D=tLN2F;qRV8(OJ35XM#@*v?Y?jh(GB zQUU13Is$-Wsz4i+QA)Ef6#`Vgm0uGo-#N)}F;b5$i{Vu_$y_=+@)EV@%3$zGEgX?3 zlV2FTRis)OkyjC{WQz5XCD-1%4?HL^^4Yb0@%-@M?lwNBpW)>4+~q40ixK0D(pUX> z%3OnA^m)3Z;->_vy^E9b2N;dAhlb?#J)d0%eY73xki3^jikaI4m~6I@Z-)YXL~-@D z{QMjBAQH!xyQX~{my z%^T6-2fC*c8V$+9RWhvGYOSWxvP9g%m=Xx(^0w+R_BA8Y`0Ys|l#J4o4jztVidHZy zrY-_ezTh-^<<@)DeVF2@)YY-1lGG2iPIfn`J$p-zS_ia6{R3i(f=Xf<0^}M*uMdS{J|AH4!?a5Qw`fasoDK_BFKC zc68Z+3Qe5<_@JZ2d?bKXg&vn}KgAgGvRM4GdhwaW<4`p!@Y+#H$%##Ny@Z$h*jZ_O z>hi0Y#XgkBO99*1NAFF^Mq^^yyuj%m1|K|QDt-|AbOm_O+dOS}vC~F|O<9Q1=$LD! zoJ%&98HvcI-7Cnhm}1pIAxk+CSzbktU@10wCvG^8j;!L22(uG!7jD-QO z)EDV37!U~(&4ndnOhx1NBPYU4Jm6vL!wO-X6l|$!8d0OyfRe5{egzwHnjckr31@fw zfqUa6@Fb?bk<3qd+q!o{pHj|O*Ie@Q`DmhwQ`AFY8BE3E@Ao?&=;ZNiGM2%5bSDYy zgIeiB15eWv;~AE%S!LJ-V~zb&SeHXxEIqX@UyqWU6tkVbE0HCFp7@Wu?_F&86vv&I zyi~jt7{(+{K7J+3bXFO)xFUtL`5PWgf{N6U_VMxAONIs?tK~n}L}!FX-Ep5l@Y8Jc z{HrlBVP9GQKHOPz$NweW3ab-^^)|brJnAKdF?~aJIkLE?!wxYu=AE@J=?m@}{-50l z{RKIFS4bSxMDcXp?2j)AC}~Jbqq+QRV-29zAPO$ZxbS02uS=pQdb3kI6GXjht}TyO z{$PWMZ)NzcE5xM>Pt5FGCYa!S!G-=INf55~*dh@2cmD8a=PRaD5y?gfj*e{eHdiB^B_}Zuttb zW(IAw#bT-K<=Ko4&=g9ko#EKBgLlwM^$HzuVf^C}IycUfcDZ+Vt6bZQg-CBuRLkw@ z*Sw2M2`q?s3*CI71_t|X*B94hsJi*QgpWx}oEaY-@H<()K@|ukW{b})M>$joCD$G^ z%aE&2S{8U62!Ch~VPqNF!)gx7#tde@E~S8{b_&U9jbz5E#5H?UV)GK8>T!<{A6C4C z2L{gGuum{v>Cc zMo6}iO}~T>pq|Au+3c-nxf#B|=)Axb_T_BYymJRzuLevCJ=Lr862`azq>4mRTA_#^ z%OfBTBZh0!M~}e$?4Nj|LGL^mG}|iuiTTR9PoOIaCCl;=Rja2| zA2X+>W#<$=Iy{&19I&IS|+Az&1;J2@E z3)9qpD`KTQdgwH$ip)%&=5SjSmf}GJRT7B2!++wHI^FO~!<}uidg=+{LD6nP+|pZ| zy8;-Kfer?`d^hautK&F^rutwywn$&~HE&@>&ZCut7eSz@D#YjhfaO4tT%7|scJr5< zmGLd+^NWUBY`bMjdANfq*%W_0&@|)YoCA`x-1W(xJaGn`_fk*-p$`NlxhUhoZ|9B9{~Q zJ(iniEV{ULhD}KOe_3vs#7b}dR(bu4e?h}jQaXRtz`!JC`Q?bz)Cj>-Z3K8~CyX`& zypk(*4@8})cm(&`d&|rp`=B7sqTxn4v}4&^A30mv=vMtjcy)KdKlj6;aX&mAggd!_ zl;?_`#}UwLo^{!#y!R^18~fCU>Q=k5-=(zCm8t&5kXbJW=XWz@_q-04JlZjvk*GZC zB~75X__2h_Yj?hJesvaL;!&;2T{K#~>WNQZt&UDuQ9@C+|GMLI9^psn$3*$j#8(>G@{me$|*8amJIWH>eJE|I2 zv!XsJMU(*yzYJ-Pp>;t5=V(lUk0llA-j8eGHCvug7mk3K!N`=tduGO=B%jFxWaUzf z=1+m{9Y9**Mo$U5+Zq_P_Y!#4AIZsqdWFl%{KvcZHpe4`TnB8cb*_=`jIk*1=s%T< z8~g7%?iPXd)isnmUVOBh5%f;xiLs$)9em2q6=1NNcxmK^|sp`6~ux}qJ@q@YpsK` zk`}-)=9K`+yIPx2dGr7Cw#Qw6zzmHS1@BW9M2@urlPUDwV1XE*;lO7BRkpv zvdelpH-C_jrlU^#>JkTDr6Y_=b~i&r_91fDOy0MglAo|}vp0ZSwU?>*iTwWd7RSvM zah^A!2>DarzeO<(SKqz8&822#S<*u1pXXmh=S1ykSgz{<8#tW8{`X_rXIG1_z7D9x zytQrbuU1&~Vur=L$i0}89<6e8J%Xtpks)6waMv}|3lWAxmIAg*L;YhlRd4iC9_m6@ zZKR;<_u;}UZ6flPSoisp`(?9|yL|6|wa(jD0Ym-a$z4Grfp0Y=4{eS7fhWwWE(aN+ zqM4?~J4O9=qt+x)vyfHa$DFSw5ESL0j4+` zohvcE<@&h3wDE7obKL!G0e7BhW?1KG^BB^J)V^8Yw2w zOjP^Z`9@+b1Jgx`2zF6I?+M?a-LF&f64N;wfN_a@N0=1%`#|mly(hv)xXoEfU_l6< zUip8`p!{?7{}avf|No1)X}xy`gm;kq!uX+1bY*44)*qAjNDoj(OT{kF4DS7SajDid z!K?p>^s!R)ALkN*R|7@)*zLXF^Xvc`_r)W_Nhkd+cWCay6Wkq84Cg1WovBgAm5woZ zzv7DH^r%esCLTZo1+ss0^^ehv%v_$^nVR{Xy7?U+A31R$vQFXWRLqe3#Yd}4%&u>x z^i`==$abQ;GPjO?$8zAyI(~#IuQQhKC~k|x9Yu4Wnpzec<<W0&(mjH=L$TWcaMj@e-9kIxUw4xxZ)!E+t3sm8ja@Qm)^kWPu*K}1jTT* zVgn_e|2_DC`o(aJw$Hq$!1zR+NWsldaOF*q#g3fAC53fej{XU)LysHc;jrV+>uY^| zu;B|QRkl=N@>`?^eWIP`XpM1vUx&)$xk#+2&~JP`r2n0z-xc>ZV8e_=T?gf8><~JJ zs1?Z6Za_oUZVAXgHJ zPs*fp8m+rCp(`xw$l3_(vy1uoOBiQWS=ooGtmQl5Jviekjf+j=2&l;YMZu_vxO$e@ zVoWwkE~|gG@G-ex|IoVEd7U+4|My7KVh5Wn=Pd#`mYiHR-gohf@c_u@=kRem;6jQK z@)z`?%EK)HCl`7MoE-9}2O3=-Gut^OD%{l^?OD`FcAWN-ACv|=)5*dn7>SXbhQ`OI@b!? zYzMS!aOJ!uFSF4tGZUXGey^q+=gfkq0AgM4K4Sobn-Yz~qEFo)QL)J#b(P!BMoar3 zo6k~1u2}{Qbm34=LhP}&HQt#yx5dxdbbNxc4A?wNwAlp&5?(=4lkAg)25suZpPp=3 zDh;S_4c{{(bb-BcoT9o_o4LPDTLCe5}c)!C!7E~4~u*iKrN;1{*Xeo_BKo7hli63w5BI>b5O0fT4`e0oa%#({(f(a0v~K$Ae_3&ch6cDVQKM< zJoG#oab{5Ps5Dbz@AlCM+>d+MlH`1GRA>Ci)|Fyyx7vi?Wt}7$UK=F_=R{@$x~^00 zt+@a^-`qd++1S-T^jX!cO_JwtqFe#F3K*}SjCNgUBT+j$+BM`JHQLa*$#-F{98rYT zR1Tw_%)%~0l*982w9&`rPA0y(NWaVvho+r6v^<-l0RUe8=}=DZ?!M$;zSoAingVHdiCsmWvM8_s4F z3ueE#^%ze-J>_+;QcIggXRVL3tJDqzt*wc9Me0KF>dJAt@^BfsJOMI|I{i48&mSwY zqpkEf^&*SR2{__GEG4gEO*Nv@WlMT}D56AGdSX1PM$M$Jhn8y4KTk2qA2|ZA0+d8E zHg#fvbtFA}%eLvTcG9Rfb_CCo&bMR{^thhvuzJpgIN82TGzAkqD4J(9+O{%JPpT@$ zYx@B_=}zA|C0TGX-*91xoo#_sO8OH)w{4mK zX_e9#_{U?E{|MOSe7$(ujAHMKUeftYzGF=OMHteK*wDZ9mrDCgx_#q57;}BC1vqhm z&*UoyrqZhFptnu(a-B!|CJpApSYI$rjz{yATAT*y`0ZuIhP-5)ZEsF{S~Y3$)qlzg3CqD3T*|KHtSpCPz&CzXsTQ92 zySNM>Px*F+WaN`MCq2B+U3jPLIMdzscKOv99CL^?9HOI`Hd3{_o;sNwBG*Bfv%!LJ zMq3QK-42JHgP#ZbyB-KAxQ$I^>y=0-!o56#fo8=k@5}xtH z@{vG7^)QGyIB`KE!q>VnU-slL98#m)kh1(X`kSgjYw>&})t40Bh03Qf@;8qP35&f_ehujJ_d!w(@0iLVg# zW9Hmc3LQSw7pW3V%zTG?3~cqE+EIZLxf5v(`9pHgCCjxEr+TD@lJ>-LtOe_}wQ9=X zH^^d{i#i)IKRqq>JUjUPgQfzv0RGL^wSWat;obu*``EJ^w>2DKx9jWrmBYqPmcSfQ zVSk9_$@Qr!RU1c9!Hjn26Z*P4;RRj;V zsm58@*0F&4zOqvpJtWa!$)~xry`m?ugKvC-2$Lx>)-Gu>oCj|NV=Ze`&Rwsa_s95F zHwG{=e~prFF!i}z{j&1mfeFTKG`(xQt1meImo8_e(Q04W7n7u9Yq_ru%W(k=?)1%4 zY7aeO#p$P%hlTWW!!|&=flaNvCRDgg^We7jYGitE49+hr#`LUOS$c!YD7>U$qAM&Yc1Tb9 zg2HGN5MlR|&Qy$}%$Sy^o=9;T;LH`+>3!d@g^*n719a;jT`C%hU2xgy>b&F>1prD zH>Ru29MAJ;f9T`98A#V`FPlz0`{cC?UUgKXVGfQR}c48<14oHn#i)lve}1HoOz&WBw7LQ>!D{LX+i%h_;H0eCo?8 z)Lyi-$eMzf^ZmYxXoZS)fsGFF!lN}5oDbfc8v8`*vVud2ung6Ke(3LHtv5feTq8t) z_1RW6{6*PN{I(Z7Zxr&V5gehr&pcFDGv8s?sYF)$av53*&tB6@_@Vd(4 z-79(|b)pEfr>s@?F|iY@ONL~#FY>UzrNU5w;>qt(19#}0Fr#_!7@dUi+o#Aywo@mt z*NGNkoWAek?b>QNk~*x^a~qe8wUrB(x0d~KRM+i>B`nYIhbSY}R$nbF$zQ5&nenu% zmyDE^R}B%beq)|g!z5dvVO@|Lxb?m zR~987j$h(l?ptjR5&B+*Hnsk3oeNP$g@<5ER%dG$jy>6;+% z>w+4MOiIO$u@;f=NH(XiQ@L6~H0@JvK#D^um;QM@Fa!H>%H+Amw$g;4rJX79FSmu@J4=o5OL^%_FGwL0+#OZ z@GzUi%J=#X8fl@GNd0U2aPfQ;Y}!rAU|AQEl2RsL zTNne0_z}Mbs4>tS>=RP#5Zgj)Jqn1I%8afvX-v~sG@l`jC4g}4GOc*_yfXOtX!EC; z(N+n3ddAGFbqx<}4J?^giD96fKC&(B&kJ3+Fxvw&%j$`3n`hRj zfn#%t5;-;N^lxr4q{LyO?^{oh)FcGTzG5EJGs-NVST!oR2vXdS(cenb(Yt5o+q1ks zv|ZGfFBX^jRNj}Bcg?`mwiQFKeZ42;<3)1-+Q*Q#^A4RLMyH~W1cK7G%Rq2ztK~TW|*cy&(BQ%b%mgdExlMv zzrb&9D%W4)&-MdddusfNKkQRS@k^sA?OTwLqA4#^M++nA2GI)QM|$Rh1ts_P_m63O z1^D^Qp}5g)YAXDOGPb3_I0jWOzoI0k8AAEB5H?{K}MzLJGxUM3rBQ#k>^i;Bn66?9-rT;4J~b zdgk6eOGuY6b;PTVQf~cGZg*9BwR0xx8y4gK%NN#GAc*3hrsH=FMi!a^vg2{_jd5ur z8It`BW`Y=ht)x?q2B*RZ+KwJB3vQ)j{*_;0-@gZdQS}$wW0AsoCIVZivdni5A$T&H zN3TXNazd6!d#?0<04mqrw`jc&7HBWypUK=m#{-+ytN!jsRZoE}kyiT`ax|1zKbk4O zHH~^A`+0Zl?>~tPAiIu&kDc!{UY%_G_8Z zm)i(4^R;-^x5ikVBbZxg&*FH*KH`+_>s>Gw<+o!k7>{rn(oZ2%lI!L zdcoQDKQbL5v|sWHI758fI_VwN2XUU%LtKN#%%t7s|0?gy|Do#NKhB*}xup$vie%3o zAt9+$$Pxx)nMtVZWlfBc7F%Us$ChX`V~jO1W2TZAyJQ&}gX|14))_PNIaBxd`}q9! z{R6(go*&NRan8BU|!sFe2PAK4|HYF1b0 z#!rvk_1*Q*oLu>D-U2YN);7B~K8xZ=deIPE!P2kR(p-(&1Kaq?UmG8^^5#gCr~pu~ z?f=ZzOU$+mU1lvKEjgQY#H}@GH24|3V40>5WB7Ac{m0i}EHXZx%O6PDTA=U341C-s zzCUSi7rDJHa7J!maLz;YI%Bn#VmD}vg(shO39{VTO}v5g494OAq2 zlYWgTvQT=MKAWiLjST*B;6W6t;~;*vE3;sz$$NTrt?)dbxwAe0w%dM4MCG~M#Hl&A zxOZ(7V%VFRq?m?lC-CQ(ZcdqlBC5GG|2jvQjd#O&B^vR7fQilni{f_rOpC=vsmM~n zlB(skvE6$iKXUD6?#&$E15CIML~(=EH9DFI$4P%mD7pXW7xjrh2lLfeOc<_>)n%7# zClm$F6p0;6bCH~DAMCTSL9HAaY?^HznCi6y3^www>Tkaqi)Yl=1;UD4(874rHN8+; z%_|2?!j|Yj@AuEA-p+>>H4U4TXub#LOO*wI_Pr*}6udL;mLC=(;6M)1s?b!!t zvs$(P%BQPao@k05FxgOQl()m4c>n`o9Jvt`89LzdbBF43;Q_-)Og|nNhlu(k^h>;l zV=A9Kt$k%NpuaK9o$%F97NhCdDk^urH*gZ-%tUM6AzxX%L~=d~!*jU^xXDDx{L(nU zZG@k9(f-5Sau+Dnd;nN3^FUxe9nQ4h1OOOto6!x@umBPX01~5(Cz!aRy(ctZS_i=8{(Cn0mipIu%pu#WM*D)_R>#zJm$C!x{lC!=CFyqLh}}WY_?~s5jN^hJ zr(ZH3Jxv{#$R_oNf-abOpE5UJeuDY5-QD4CmUD%cEl%Wf^h8zFIQ7P7`j>pTwmq_c zPzhXlMK$QAG#NH^YvF5RpL9~vUvtGM#`9t8`x341Y(j-&k|!vNN$B0OxdXxCA}4;7 z96_;tM5;Oh|K3Il2D*Gpxq@dhbA8@vyy~nMd~1_zpfJ~E^0nzeettw-*Ns}Vp|sXf zbz!+UyYKkB#Fj=&xV9_O@loC*eo;BF`_wec3rb{PgIkhJ&*Ri~Po=A5g1>_m+*XHHz+bzbt)PJ@Q1BbEK~i z=36~CRcpBkOb5$Z*ImqZxO_2E`I@!$muLJM602`S8IO+`T&glFw&D6dv@0T)d#B@% zmirH66c+8p=^&Yt?n2WwZgxn>W8M$4X$H^3cYLiMt;vlofi+sW# z%9h>$WmqT;udKQZzuEB(TS&(`+yg8){#LKGQYiKZf;c*QQ3eX8oIw-N`pccLkM`9| zrb5ylIM7Gz?s5OJtKuROKV+?dQ3Op!{Gz~?Q)ugHxtAe}W#)5}*L(y^2`GAP(vNIc z>zl#uqDc{Tds?8(K8TCTBVl=X(PW2hHN%A=lk;dbfo?Dtol**=R}NGhxc?(ndG<(H zK*zw$uSdqKbPxp;7(;7=*!~1!l>A>Y`jD}PRtZEuV-VPmSBSRQ z_i8uM5L0*a`q9b+L_#wiZDFzIhMn7;Gf8dS(Uj?*?N2Ka?SaaeGL|GwT2v)ZL>gHjRgE z-zu8PpH$YNP8qa~WI#t(g$1&DjL-k2;U$CPoS2+9k_VA>+PZhuE|hPnTN9ji;~gIk zlUXzH9-({gy6KtdhGR zr&uNPW(dLg@%l@(ohJKwgrs{X9o;4TM9*RM4PQq1y4-fC8treB+Sz$qGtnehFOkNc z%MNss3glJjZhHt{{itt24tu3;Jd?$n_d+o}LT3hgCD>lzlUA*>=7@5L7S;d4F{J}8 z4OouKZe>3gXqcmhjt_QX=~O~EVonZi(zNA0)3oeq1mrf-$ZtEQEjORNa|=iLzI zuapclCH!lB2~i5_CqAvaE~ECXRpM|mAtO)OIr64U*9r2m&kBXd#nL=jrafWn1%nS( zGiSQi=(Z4+aYrM67te+F>qQLxu?LpDr*X&1>}7PI!iW^|Cs*9Tc}+R5$ll zimEeI3fY8h7n7As7p5a4+&4!<=f%d4!*5S^yK8k5|EZW5l=@#A$2p;*ujPjiKXTN7 z8X92>N_x7xp$-B3?<%#Xa<19EywmNxlpQ=Fa5U{>vWny&a^o*Ewl8*ovS#cA z*>xf>w#_~%wdx5jV%rZ2KE=Nted`s}HuD6sGuJ`zAu|5DB3Mw?{q@=Ol#ao7>~p|r zrKkaF!y%Q-!#n$JK{H2Cg7}%@Zh)y z0BHdntCA8FY}SSLYIopN));=(W&5tzG^5A98yG12h4r-^~@ zYR1`zLu)1be9BSN?Qc`zrnSYNpY&+H-4uA_3tYD{hv=iw*u`;R22NyjDzil zJi7Jb1Bz^wa%)vHkgF`)^)JuhCEiFumxhJ;Lj#?%B8aNJozX+aR<yIY^`j>wx&jC-nz#~_QQtc%hoZ0Rw#b8=Zyu_4fTc>MtJg?^A7td9_WdF?} z!e{M`se5TSZtN?Dpf4t6gc)4jD34uQsF)w~+jSR3pObAY5d5`eY@Yo>wmHQI1e}6` zOzF3h@@|RehCKe>>}SfOHVQ(YUw`Se>z)N+QXUkI7Ncwy*=9j`US9e)VNf3fuq@FK zHk-q;X9>u1eikH7Jj-K)!E*JMC);IR))Y_OjF8Cm7Gv5rmdz2@O@+WITAhtQmyQ#G zt-5#0@|jP1cdk_(U)5CZO&A~VTWa>qfRV2Tctd&!$b#~usS)jzfCp}w-|NQT+JOb? zJ7z0`mKT}h6}=-?9;m~2)}LEVkEJVHjlS8r6sD^T?R6taZ9@8IQOS#ufd@T@7%=I( z)Zn{wo*|D{fd;|MJJh!gmVJFNSOKi8`#~wCGHz-rE`=N7P53Y}DV>xtD9|CGoO&og zMi}|LtV~=^EC5 zzqqh$FWooK2K) zapxLb=4>lbEC6y$hulxRztP@Jx6d_tPFv3m&z^FJmb)^(&e*RderfA&T;D`H%b+tw z$3IP!vLBPv*TbDQ2RgBsW;mz2+xmWD7>oO()T6dh@_t6rcq4lfW}tA! zQ1aazG}J)X#(7ZD;~2iJ`(oQ_Di$U2rhEeD6$QAaI(;GjM{|;m@`&R$NVZIgpb?FS zXZHbZFay{@2^|2Mx&lZ+*vEvIhWNK@^MAS7F<{Lp_-mcTQ&@C0~gi+ z{o!h$Lqk#11e~fotr}=;h~Pe? zc)KRFnjs#r;hE>Mv%I0Z&$VSd#fvmLsoV3wa-XIH_Bwk<%tfm=Sk3f z619hmFf_`NT-_`QCAm!;V(x>K!3~1_H@kG;i#s=wbjl{xaCDT_F6jTb$guI!jkR2H zJ*9;~i~QqhnbEc3zjv?D3C+=Hz9!v7!{0jbYX{sWzzgk?^A31t%fqEfi))b#~N5yu0D@>z_M8I2pbGOte z48Rf(TiB_oeO_YV+%A*!0NMQSITW37S*jzYKI#Tsufk8I^(?} z&f;~;((J_K<3HCF(Lmn}@|P$s=jGqYxmY1;ySV4q(6fo4QD7OHRPs{1{?iw^On)aG5A=sh zvjrysYb7iY1RX2N_mY1+S6tB6dpH;RxeIe4vXE#PBBHQ#ll?wGR~gcK%JWNhnzsy& zc;cRs&Anje)$fD_i{8GS=gL4WSXt8{Ek;hngn(nF_(NU&ME4%xB~-)#&-&tqYQ&nl zK~jnB`>OLNPav2*;ICNqL*J7o-n)5Dd)vcJGXzTn?3T>Scb(Ww3_j>axN58>fIB~+Z&Xm^-r<;0(;Da-~mvQD56I2ViM{PO?l zzrs@i#}#k_UDc2|f9)4~+uZwxhNOd?CL#pgn+`)Vc`UY*9)KL2T^Awk5U+C;t(;RsJl% z^ZdU&%itF4_e&U4AotqC{w#6-HzamrDig}){QRyJ0zSt=b6>NGvBj10OShu`1H>9M A0ssI2 literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-domain_tags_ribbon.png b/2.5/de/assets/images/manual-guides/mailcow-domain_tags_ribbon.png new file mode 100644 index 0000000000000000000000000000000000000000..e719f2b5ae77fff26b3ea4585625c0f244461c6c GIT binary patch literal 27233 zcmd?RcT`jD_a_<)qN1WAAYG+O6%de)6cMRPm)@mDfdHXJ1wll5@6tP=2nZyg(nFJ8 zlPC~MD1lHz2ux7l_xqds$IRTjX4YMI-K@ou;B(G-&hC4E_Oruuv{Wx&WV{Ff04}RN zR(=KmP|g4Vr<~89CjW)G$&R1=&nb^*s)~S$e&%KJm$MEJH6H>1RZ&!jRuts#7hXO# z_5c8`w4VH&>I4?qlK*(!Q^m+r7ijP4ZRKtUP<6MnbMtrs^fcE$Prk%)LQVOho{#w& za?<05L(U?Jz^&D03OoMFBupP5M$bJ9PkvA1A+d-ZNx#_e+=(M7##JG?{fodo%B!mU zZa1gyhc}5CFkN}uF=6@X4Lj4R(?OT26>f4+RT;a)@>4}CTXUtj)pTiCq`vz-viJ_hN|UQZkzKZq-7N?dK3s4OVS`OLwU5N{x8 zhJHCXP6M#Ke(le*U#FB8KcW~(^u_|QksW;p-rEjUMw)T!50)RXnoEAMbHtP>n`$=X zea?sQA|}p^2(hSW^$|MmedkDu6LabQ9+Fm^Ey~o^($ic`$tYE) z7*X%i-puEHE;QsoI%>Q*Uy4(_cBvTvhztMsro8b{opw@i9|&}vzevLzq8F_bSXo@4 zp~X+f2lmq>WheHdQ2mKC#5(?rnuUqzb;q|;_4-}cnjqAc&7fQHl&=+U$5Z~^p=jDg z3{5zFk5A)4B~1Vt=re%54lOq3l&exA*dEsgNtdpDn4AkU)@O=D(~W*H30k!%%X)+! z$>DQqX>e}FZfltt7Bo&nap~-S5ecLBRmSvl?Y~%?_&Md}S`nC^cJ>{bd1F*d5I$yW znre<1d`6$_?)^UP)9K_buhBI8*d*+%8#6To`1d@MG_UgXNOW`bd~_P%qw-fGEbWJl zL7H&i7c*)YO)d+I!c4CEtoZs|5BjF(Uebw%3^1gWgNa{=3TMB0yOIF8L@wF*!Xw4R)#lD_h7i;x1tP_Jk4zXtO?p?R))y=@<-8 z;LKs$Xc_>Z`q5t@w-=X=AEz!^(KF8|6p9812;TF|R z+d|d+5^2JwRsB@Idd_!59vql^@I+zMZSDdFx1I`}LL`n_+}Lay(l@-@WH1I=7A(+( z?S5Pb0DNfwC8~!aL9d7Fnl-n0rgozUSej4bX+yEDxgpZc2$-jwhjS+I)d1i5O2};4w9t8iMzlPo1fra1` zZI9az&}kRv=fd~U-UoN@mTyeEYh9)Q_;CJb^Y8G*WHsz6;&XDcjab2kfq*y712dg=Ijc0#p?8S=2Cqs$uI)SR+E8bBQu3ihj5w|7xo#yt%}Q3i*5+Zu^=(vxyYB$6_A^%2io%doC%v<5K7%V{L!m;w z{>yhdZ8Y3TxAy$nw#EJy$`Kps8EF0#dg6+=- zCcYQkY)i-N&=V;~=XS;x)wXP5CD~>>s4q{(ZwOg~ZYQhcwv)d=Y?f zS4?iuhD_1(vM@D&9ljY?+*_8B@O(VbMdzn3E$Or?>`T%7P#yh)JS%t(6_(o zr*O2d2(~<6Ao~#&ydB@s)X?Pgq`Nh`9}5P$NoDC})w?`-uYCb?3ZQWI?}q27FmYsx z2L@48%$@0i-cQ--TAO1+8GxoHJb~=>+M`g5=aPKcr%ACxh!cqbMFKmF1AHovtx0&v z>Ovpue!TBq++_FBLWVl}MlL;@nCJbml2<7@awLv)$4kcSQ_ncDsIc+OYgr#X{cG(r znM?9MJE?n^ko*VdK9V0!qGuZG+Oe)0YhxVu*j%8xTBB7xWx3pO6D|e-i2ey4ULS70 z!Rz@j}|bB-jM`KcoTT%?(*qo4V3Aa!x5vM=6=_* z{TnYQ27Y{Mat3fu^pBEsv03m?YbbRmYI&52qn~#J9Mo)-^G~pP8tsP7WB_)(i;PX$*oJk3a5Gum{(WV*4AXceD4hw&G(FZ zso9#kR$toQ#B$`{C_%R4A9m-q>WeP`MHxsMQwe?ajGF`yOXjGA!y;%Ctjq%po3do+ zxY;b$_8Ray<@H~dUq#q(T@{P`Qd)c$?5AE+%*`bdzjrUC3}v?Zeit4>#Bb@9cpqDj zszr7M%CsC*25umiZwPau$?V}U5R(FxeFm0Bv+&i`t_XT@i~al&QNzvb08H-I=Iidz zcaO0tWz+=87Yvgfd3jxzj+|4F9iz?u7y!_F<3DoiR|3sOF>3I!Qw!ZMdzC|woSw2f zV7!J{xrpZTq?iklkN3WeVTf6NC?6t_;%1+`9d|w>M3k0Wx~{4C)Y>;0LANnCB zfhuFoWdr-Ab5yrGuQi_t0L5?5@>+(hZvKR$3fs8zn5F|J3B9!!wT-^!+XyCe;mc$@ zq*J~Ed5T-!R;~##1NzAbJ1m#%tc*j`3(pPRhK9XBrg*>TU}8Zyq$(?4aw)jZfIuUU z-yA*H+_!A;ar2)NUg642&Zi$KNSr9+I!5$<`Id7+=l}Bj$0w?oBw(_uRc3v3SWPzD zu6o_CmmO_ibag{1v~R9B>uQ`%oA5EG#!`Vq?P0e^$0um>d=!6nsZFe*Za&C6NUdmm zGTALFI-G6{-%RDg)rq-Z!H7l(`#S>w_80%EW6bJQt+uehlQGXl z50xk(KQaI}RG^*C=x4(_@9mJmOwzS?Pa5vBXlh1H{`7rxbW|@r2DNCJGuh%*{nY>uCg>lZJ|)3J*ZTqBX!!l4fq;MxnZ-clYcC39k$ zYDj%`@lm5i9nK#1f)>xSPpDKaZ4;TXCqY0-&PXGXZZ^z#_F_&$r=g-l4)gA<$kDED zvNthFG{D09rfp5OA=Q5cw7C^VSfX zEO~AK2sT+1Ha|KorE-bI#A=P3g71f4H4w=F{KWQgMXs$lJaZzLc05#i= z$IX)92Q+V{k;@uvC3CN;Ff?h;Jslp>Q|$~YOF({}>%LJ)Xj(71@;aQ4;bT%uy&Za) z&%2E3{ctFDyf@9z+idTC{`R^B|AH4UD_bARu&Uh5`_!GH?U`qFvrvHyc!mJ??pj&q z-U8Q_%0wH2P>N#_NSjAm9Rx>|#xMU`5cJp<0{aC$*f;4s3SjE(v++Nw@OML%J)tvC zn3C853ynCNEtA%A5Y zl^kZIGERmD@N2g;kn-7eo@=}+aa?tr`BVp#5e5b=_IPN2yGk?R_@SLd!ZO}As4G^X zwnTTd=oSXP_h8h#4E5KxgB961K zZIxCeeiewiL%fYmE=d1A8_y@8DXHxt^;k5%<&vr?$NSvR$Eu?4(OttIWVd!nj|$FQ zD7Zr0gqq;IR?`+_HPuRJFcxP?LioyPRD8b9*a=2ci8VC0b$n5$msd zJta|+zERyulg!ilr#4BC+#hT688ODtoHAg^j#15P`7l7i*DdL!ta5D z3cQ=6CVOp3b)1N^k$(d1ye=eU=%8$3Z9Zy(`jx&_cr+TEwDnr0jUfFXLPkFBl*Uu8 zb2NVWfn|ML?88Os=EN?i#TRaNwO9cSD>iI+aiuJ%Uu)-HnQu~D6azP271-yE#bUlq z{wW+l>srW+ZE864hq1hTTdc1#EOg$v`AI*ovH>T2n=bdLs|_De8o2vr4r1KU!i^Y< zw_LAZJ@fF(wuvP24JQfna2})3#u;kXh_qGH7Nu^ybdGCwX0uTKfI!`q?X0BP(`%7a z)+@2skI|e8TfW9&;94Rqx&kk1{cMHvBgd)-id{?Ynd_d>_B=p_NZ8|h@P_V(t51pA zd``jL6{H?LFebF2U0L2dX?;ih;9~m?!1y4K4%d*`W97s$jl%Qu8qk$g-`Y3ndMI1` z4#=q|<#Li0jnCeWWz*gBM>UySJEjNo-y$)i43lchrPLn$uY^O_R@a$Howi%WX{*CE zY@vC0Tm08N#OD*P)J)gpZ|@!0zYc4!AuFgoCaosVi(J;4l&mXxTIS)g5HW!E`W0C; zZ;!qhAXw&jUDd>o=0j63xw?ev0Uf-$;FsJV3TUQ$VbxT0;^AYrR{XA)h6*Q`Gy3ZoyDG8 z-!G5B7xQY<(R~S(5G1{4ajmI^K^s%Zk^{1>+|naCpb_1v;12`Pm5q=01N1^?mdh<6 z>~3|{8Qtg+lOG^{?V3OAT^05Ed9^~kg5}3jP~c*5pYKJlQzKCwCfo~k9r{>7b5;DV zWPVw}Q<-wdEI=;>OmwH-DXM3Xt;oRU2RA3oU~QUrzGK56Z$2rIuTZkmXvmy(B3~?2 z{fg*EXG%4B>Lb~o{qJ0T@1SIFVV4|2BxpWEb3J3|YALXel07yBpqb#613Xu2Tl%#& zYfhjcwEmFrnHa;M!RB>fdl&3M=-17BA@@0*YFUf&sS>!S(vixXIUTG*$%RsIHO*KyHRrTpL zx7{1V_Ufl89s+$A&#w3}cctGTbt@qP?>Cp#6>CCl6gY4;UX>rcBL_QehgDN;nq+C? z5NSbeHv+z0)mar;pG@&yFbm zcc>iw!YA@?PZk9(EHHM=v=h1Q_AiDyT;c!bIDx(d?xDHIG8x6P#AoLL$F6F}G-uolecAc^IHP5H6pa?GYry=Fc0hSj;hPRT&m<1*MrC-Oou~s9`AxXWlM=Km(e@WGX!^pp>$T~^= z*fGB##>x4Efn{mqL{{+~nr9U-rD@f=C91F=v9!@<7VitjKh>U=Erv;{en_8jX(-ZP zojzMI>f#4!GP|0t36$!lI_uH#QG=D=iysOV4x1-cw|IP%<06We%_5^n#WE=}_liYu zCoFNPwYB*Z*NUF2_YrQFhH-lMeS@Ef%AEaq??vorRRozn!x=)L4mFSP{JetxyU%hyd zkUd^&1U>NN9)M_Z0qa`e3&TJ+$nyDkI>@W)TSh~xVJhbC!AV*7x1uquR~0Y+VnThEGOUY? z##9lLGDI}_UCt(>$VK)SMsvzr3maI$T)|~+vNjM9FSk|RLSc+=+#L_9omGfPZdWYL zjmt!*5yR(a{lZJnyn5V#PrNXkxS)9Fv#p(!$}I<9*>KvT3O>6}SX=zAmvHHW&NLrL z6Hrur-PQFdN`p1;;TE3;RgAyFmEW?zXHZ3u$hv^FEf$U&ZDBkcZDG9nhtMv=i~%3| zJvp?)e@ngt`^DWT+L1^1_`L6A!-m_X?-Gfwo6RBwo0a?;{U+A$qNmg+((U1+Z)WWw zYd61}?kcZ|_#RiHYwn`zz96RN4ElA)tNR7*ko7pz3REhOtr6(P(MBxd_S)Pfxdi^kL9m7=_qFgS$6w?ukt(I=Ik)E zywjt-FJlX*RAwdlx275Ff#R=K%b+L__p2(eS#sTMaOK?{(vE8EDH52Ql=m#E47i2A z^G(-0LZRV)fTYi}=KTrzlzU?76YdqdsLz<22nU&e=zeCbt$@yu3kamI{ov6|Hb6x2 znt9aN!tr)CEZ_x=DRrPi7p8wuIEEXurpW$`@K6M7DPmXS;DD;FnXJ)tUeG~-5~QU)?Cr1wMal^<>G1=mUGj0~|r)=2lA zlAaPn9X$dyZ`P?_=st2Tz&<+G%^17fP^_WBe7V=K_M3_5d>ZPxlg)A>HkI+!wKD2n zU!vc^d(=$9D6=eS&Fhsr_C;+=N>YM%avHGk{XPV=K2w{5TV87vduy>w3}&7Vpn5%y zFg@Ld5YP11KbW0#W2mq0^R^VW34_U;j~}bNPV;m&ccDXq+RE>>*^-Lp3`10)y^rie zVkbq`XNm)AV^-X0yHulz^Y>&UF6Ea$;3`W`a~pIxuFU3d7IC3!c)Zd7j*cg(07`}? zQk$Yy987z}YlCr$$*HTla2y?)fQ-58SO9q79ku&VFCmOykmLK4#AQ102ZjD^Mo(bk zhg3%JO1609WU>>j!wlKPFv}dS?SA_PoA@rNhOoVDzh1?r+z{nf;M6VwB^$)W;DRo&pJ>C|pK6m-8J(9E;W76oEYk1}Na%XA zO!qOT;v>cps3UUDjq_%8x~7tcX)^$M{+JdZ8AQreCYQ5;!B=_8txi;`SKq}y5NY>n z8#ZKRcB(+~3&q~+Ik5vZ1vsVcgM*Y`JKGtz)LWKDr|hufWsWa#73=tQvrm_3sF+R_ zaF<%f!x}sTNZDk-;C(#>F|x@DGjk)VYxvX%UKApHfpt!+=^zE>-P+4WmfmrFf9 znfj`Bm70eqZ27x)Pc!Wrb3UDsb-R~vH-(MKxKm(DGcf1iHB6(DI%hXVVECQ#i*6AN z5B|oR^kooM`qz11dI`T8Ec+bS#`?-PFXB&2*MoprqXo!d>GEw}@M9#p#puc{#PmdFRp1pfvDM2=?k}&nUB%gpa_feIlb=!l63~Et8GUnSff*7o{$LkW zBXe4HO~mQAlKoj4xK4Qo7~-{cWIx(EBLwD4sjX69NJCw;pG)Qbuv!C!Q|Pm$h}T0s z&rbI(&2n<0*lRuHsFAx1gOYydJoCl8nj$f+19x}vDYHwwkL|B$3inMj7GUR z*1K=N;he)f{PZ~_;U?rwRa9>3lBh3hx^U|F4JL+NfFE7&hSwYT@u&#!9f}TJ@^V40 zQo)g%PW-fnc7dgjWWGpVx`PZ$FplL&gjw7!E=tlu%F#Vqpn=S`;Rvq_@ch~$@f z@&s0>;xJsO&AQ6);{?xX!z0e(n1ed!S0mTnuH3iIVgStRC;E9Um`V4@O1Ivfx@5`4 zo~+gsbtRjunX3scX1z-FH=2j`Zy^cYi0o*6yr{cHwfEfDCuO> zJC-C(Q=)AEmBs0i4bGh7+?YLKB z#_J@ISY{_JT#3H|X<{|Ao+D&OLbuGVz`^LEUg|#(Po@pbW%#QYKzX zqI@&NXkdMsg6pLEhiC{PtUf;gS9bcy^sz=SkRx<&S|ew>k+dEj$vQG%*IshoIJ461 zmanxH``2w-7Ef=3X}@@>^(i1XogxBUF#KkT-Im9KA+q^#^towl(tz-Ak*VMJM$-%N zJwLU6`3J0&U!>5@^dGG(RX)EZx3cT1Z1`=cQ#)XDR?0xd?D31+oP5J4Av&?Z_>C9E z1+Q`nd!Ts0yblcyIG*bV{k3>xFMCIlbq}fHiMNzzz>Rc7ua*plGFgMe12+0L`-NAN z)BCE-s^=8R&eGks$-$w<*`djyP+BGJRC@P=xLszJ@4ummThBJ$(gCj8$`|x{^8o<2 z*nd}%mG6*?sjCm7)b7TdNQXzL*{Mo2|4!J32 zdv9;$76UW(eM33k4or3gAEe7dZ#qqd~&`3=6xu_!J3-E+3@g>lvMocI4>Z z{6$6q$zkU)+!wMB`NV_qk=d#lxE^)f4TJL$5)ztahfy^3hDR^kE5G!D3@On2Lx(Q zc^ewW8_{RP%!a8<3)vTu8*E-Pg#G7vhrU~s8J`ztL(^KYzmz;ZXEr!-%S@#ZS=*Q| zHQrBUj*jT}^rk{ zEdOE(_DQb*u-UeXMXqUYQzn~ALihPEe%&ayS)tR@Ux*blvh_l zs5qGL6TU_FRUk9jZU;t`X`;c~?9X)CRY@4KHTVh*jRKGE39(uPazN01_%mfGZu{Q| z$kNrIPoNpoTIs%VxdwAhndO6m3a@TcP&s>4>TK|xGw1?=Rl7n@c8wfFwc7-}TZMeTMhjusw&*Rh2-1}<44 z_f2#YFyr3Mec6W#dLyB1%qAvonu3`=d#!ySYgL&>2O@&AhGz3!(@q6X$6^mPufh8D zfQx>0ko}7Hyoj;P`9(e-741MblGixmgV8LKw$`c+Ct29CU%mUa7v1j=!DiX#iQL(; z-o(GF#opY<>{6HITF?KIsV@!VUIXdhNfjtIs&;R>*(PP-a`f_{qndR<4dZ*IRgMob z#S8AFZaUSf+woZ(!FcGzRRmKU9RjjvRvL-QrFG=Ni75>`DuU>vnps2M*2W^S+H|#xg!bEGZ=V#mmBDjeq&h|8)oa?EZ z`@eKow2Jbah*jG31SP_S8{)n9C2zz=>&|Yp3(!_g%xFWGckkgtS;Kd+Ca86Y5)xHo_tOA|n_buU%^QpMK%+gx_TPw|Q5R=x%ID(llz^g&jUUS8%w0}x z8~${yB@YxamO2QsFLQ#8QRM9>WHvGhvq_uHhIu2^?aQMJq=<{D)?8*Q9Ie)8pxCKG z4;z&K6S~HtwkOe1DFrQ05~x2JHMQ_m_p7*(b(+m&dHQ&s#kXLU4eCUuy3(m7=NZ`g zCs6MeD?Io&#T#zKR_f;P|JbbM207n+7Bv#cAWc>V5pI?xeXBFE8u!+{;ITbj&@0dDWtkRd^E0NtVeW5eel9NJiI(hC}n4T zVL`f)RQqE3spDFCRf4LgU!oQ;(=Hrt~ z7r1rh*YOZ3iqwzUhap)Zf-->wPYpq3-W_+Bvg6GyD1>oiXSb12kudW<4%iL@V?5+y z<(2geF`Mmduq>Wq1#=_HiZZARw9Kd)JTT~C2>i^tW7g(3kcgu3vzT)#MaLraofJW} z>T;5IDRtT61u8r4%I`nc0GemWsE6;t8UnfbM8KP^QsXRdWavXlv0gvtr>c!i`P=K! zfu%{`51XI$71mDp=HQ1XR`=w6_?|Xs^@SYo+WzcP&Bs08I&xi!C|⪙XqoS0pGfq zfIDsE`Gm%)8wXW{21WEAfDh`-KO!2sG$jO#N8mOI8DAJPZ5yEby%Y+YWMir~M8&L>de4c)&1U!JhWgoB_b6?V5=XT@`8iF5DJlCrAPpd}AK8X-QSR zli}8HNUVV!*@n||5{64t{P-l^=p12D`T1jk*0gIsOpm&r5VD`*r|aolUH0XU38Xef z0*allyqtv(>GRw>nLj4`u*FSVcKnS)-eP$%qF9<(h1zy_}VkLS@n&6E_Wa^i<#L^WPkO0&E|Y~Rrcm)^P6nfqa!;H4?Tg; zBI4plD>Z`)ZierHd-oDu4h9)29UprV32)rW8#Y%vx_sPCcOQtOjy<>Aw6zAjlz6h3 zz<7}SOLn1BcoIg0A?mR=%;FQ7^_etHuzhNxqRjpq|EWi+D7>VPhe(pc2DOAs(aZG+ z%t=oNO|#bYIrbzR%HJgh{1B&k8xCU;ENO?cWqi081Pa=*FEq{y$+4;OI z>bSIY0W%%a)K^1LBMlfiC#?@7H4Jzl%bn7D-;spP*mYGNgbr#;rB-GREEKMy{ghj4 zvPp8wE{r*^b*e7#sWpnyqSvc2X8<7GAOVMcwF?0Y8 zSX$e|EiitG{9oZ(IrL0jl)wwRLrL0IRQcetVU}*9*T(1Ji+nSg*}{_U=9>%`U;lS} z_Dv8vm{*vxc+w*Z=}=wber-hq*nWR-*~rZ79QsDl4v&CSY-2j!afnHc%|w# z36WcoEsx(_=zSNVv|1WliiE#A&BC9P2JE@$vPmvL$4b!N=zZJ}Og6-jOp7~j_gyPY zn>`7JW(OWBp?Imq^)(cH0+}gKa~T7-<+Avpa|Agw!Hy~LraY0YuK^iu$)r4yQ%6eO zxQV!eX~iFG_ieHYr%T6YZ4_OcP=1G>X5~_iv(fHU;gXY*!GreZa)WHNDMPW1p@NsA zq9P)=J3CmpJ8`o2pEem*wu{uF*~lbG_n5td)zY-inR)_B;HZ-3|Ff znEu0(aX&jyd%IA3pnFekT!L(?7Z6F084A2{4a2hQKRrMHpq_u% z!Wi{&XjBD$ey*LO>C)n8?qQDZlE(x0&sOt!cLXV5W-vbM{co5v)AFV|PqSCr=rxW9 z$@;7G_)UcWzVh`m%4p;8$0##$lio(*iTW<65fr;X?S(=Bw>N7U9#*Zrak{rR=~2Jl zOgq#YCge3;xR3t2GIsy;U%frM_w~(6;YhA8#B|Ajp2g1cwDv&->wb}pTu|0yr9dOh zprO0cZ*#mPnS_Vtkxm)Bq*wEZjU8S9kIzcTZ2ZJtdz$UABrK40hi(XmR4?&deQs<8 znO_sQcQtgvkbWZ0W1@C)R(CkAxp@O9V1KBDe>Rp4)0(G^>lt{C2RlR8zip72EQ=1f zQ?n&;JaI>!<))7hrl)o*kWZBsGS^4#HK9GVmrjJ)51L@(jJkn~0iPHBND588=(*A; z*~6n6YDD<}pZ90UZ2wjXCiFGx`A)Qt!&*CA6B&Ws%5p6H3mUN9#)+e&Uw3AfTSJELFNm9cZj0teAtdwtSF&3H$^qFstNwFQZ?-<`Kjzo#J|O>X&6s z26^DFOC1wES(I_I>^1|P%3>ngsru$VwjM1C1UL4HS+IQ1*w_< zy9Qnh`JF(R)_knY3Pzl?a!RQuN}Q zH;X)puQx76a&>+WN#RLSBtO^}=%hz_**_^4_p{3*xt7^Cp+RwL)Mdw<*Y13yp1*cL>LM>Q8WHpffIgiTWQr74=_FS#l6x;#51z)w^CYK zo<1+hdY|yC;R8hs=+B@hz22_D|ov2-oK?x#nfjWpA_@s5;Jp zHX=rti%0P*5=!*E4Y8!-OsSa!Dbobs;~u@eB;#PbU`u*DTlb8N7}xi`!R(Pr-vDRc z(J#ud$Gc4x@z@{Z2?tfOJ4lD(<1J80lc5*6U9-M0@bJ0q-ni`*S%3K*o6!DAAlu6b z|NA>L%EZ~GvkZvRyK+g|dsMl_14l{e1CIt}6Eu)++Q{{|V|lHBJMz!So!~OEcLV7@ zg*sCeE6DT4w`|Q4Y8LPC9d8m^>2o1*ETA2++2ca_W*n0-Y ztE|{|@A9wq7eVX8j6si4ve}1G1M5X%!g5D1HYOpauO4BX&tp7jWQ-A_nS0xJePb6D z7Gg9u@k6M}YFWAwBwC)D= zNrMZ|uid%*9uD~ml3S_BTHIzk5x*|{>Rqfm+k2n*`$+9x(5Z-92-il(?(i2liuwu3 zYCkR}nxyFu+7;JS_h>uJ0=B6&XOPp~wLt>#JRVT4_hII^eQttsjuW z`q4J|>R$fCr~sl@l+RmpZ-1Ni+k~P<#sr^Cl#`k$gCP&F9$W(Le&Dj&Cx5?3b$^FB z`4!mi8sgXlOHY^}rUY*8gV)rqRXbe4n1K*zSzh^P4Pagn@smdVv0;gBM~AP>!tnjk z@g?2`w!FliF$hU-VPAHZ>WtsUqPOm`H`wWDRWD`qDfwu|2y0CJC^Xg@`)x zE7^SW0uD1fgenq7=07JcP0ss)M%Bl{B(#2~M=t@RKcIf-w4cflQ7 z<|bj8^OIVE1toTdBjdwfI8;r(!;Hvy|GEkkuX$9VY&L%cgdA?(88>Tu(A_y+Q6u+~ zQ(OCBUH0a^+?ZTY3u07YzRXQ1x3BijeC!vrD<>OO6;Zq9#H8U@18>*xzj;~<{gBZI zPxCblp2Ik~%a~ui4^a6Qq!25Yn}fZlqPg50e7&za;*@yM_dc=e z4t!9P);|#WcHf??er$ zRm=|~vDmsOp47QU-S&76wH55YD#{wwl$9Q*Tm3-d#$L0J#f&h}ZE&r%e7gNTg5J%5 z=7z4n_tStbNptta!I$OdcR)w!wSN6(@WF$%%swgv0#ObYCl#8w+!9(}HM>#o1#hg8 zSV!vW`!ovq$-4XW>TS{=c@8tm?Y&BwppP_#d*eDLr8YmQjCfmg6*3$6Yf;>qw@g;I zYSl;xxE)j2_70-AXcb-}Cv|YD+%$0Mns2kFsPoZEaQX*di>*!r>M=Ww_SmULq0#TF zljcqHnhtcZrZ^W5{d9o}Mc#4~X}93b4`uE+X{XSu80~G^Q4c}tT6>g`$AP5b1UQr| z8%ho&N~-cRpDJ3nAFZ5PN$dhW08YBpwxf>~>EqL{R4x2M`phD!>sL(bg;vC&K87+Q z`3Q>82{n56XPSOwCnuo_UxB`8j>14qpDIb5ux^S>CM2wNX!K}=f! zKEjt0zriKqlQgGw3d`PfW*zm|rv~G>wF4zMl?a2sOghH|bZ}Avcg-rX;k(?kCDYsM zvfc-svWGtp$>l9e;q4A!-zX`rg5AE1Tt((gi}GPpiQBtS)plS%&R{sNmC5S}(q895 zFs?0d){y(1$R{AF4Aw{wQGq^-y6ytG3&z(1=vPWcliM!20evmaye3G67G!xS6WM=r zNRh+y4#PHL_VG*d^>*PyO{%AF-^n9Cw+Snlo>AvaScyc=KKXL1+HA9d_H}enHs|#B z5C;Bf#XH(zZg^YR^s!5N%&uMRsb7oJUB*=A-17z_?M!G1p_COE4o*IaYW*!VZ6y_l z7=V+7V2kH&2Gf_Xr`+umh`q%3C#iH-rU$r4Y>T?mo$wF;Tj4;7R3^#%JnL@zMR(>G5aYm4y-eO zaW6$nIv45HtpwI=mea(BnSxStH%YRG}O2dQY5hPr|oX|C#%@VWW zA;?g^33C>XOS)qfs`={vWz(FO?=$GWL**xD+imv038(aIMZ-*NdC^&KW4PCGRH#xOS4z`3r%GQuVUr7BNlz{>;1a78{Nw77OGP zsU<}9!FD!;NuNn^$Ca3Nz5&X%-uLSbp?HHDcWo@{Q{+PDBi$$|&n)nH46#mDgPiqb zMn*(M=4VpNA2$*=2ftMn1}TA%N=YG|ogE!~NX$2zX{&|ZY zLS3O_J{FqmJDz=*D9tXLJC`dJ$p(?a&u(8HziFy@q(~SX{EZJvxeh#1cV5iBEz1wM zVUA)IRe6;I_>_#ng|dF#P5|++X>&Xgk)ur^WRIoqst2l40(h>I55Nt)L9Ymv36RCM z&P1;`lG*k=1{#rnHwAcG*SQxRCdf!sTTnXpS$Scv!f^YYMgL<*6csW$^oyh2II-o0FG#x{za;X zul@_s{23Ae_OA4&gT!|B^-5QTq0bO7LM-v2>h z|NpWb_wyLlfBFm*o=ZK8`j>711=P}G*?(bs005lJzVk0n0D$?3$PxB``3H!W`2X(3 z(E~coHS251CTfoDZ}mZFPuamN6Gp?*C<6)Xm4CRR!A^d`dnws4x-3I)SEIfE%X^HKpJ1-Q1H^l-LedtBo^!NU6d~TKO`y;Whquo{-|@b)~JQVkfB1mr2VP5 zk~9BwMgT0OhGTq#yDwuj=}+|N^@~3}2ju2@+EEZa@sVmMbgeuyFlSK^Zfz{crl3!0NbCc#Th zMh@oNjZLI5m*Y<|tl{l6;dNU%h9{Tsh@7wooDK7JOj*^b+s(tNK>3CPUpIH@U*W&@m-ecvlv)*_PW(UC2k?4XgG?Yi!@px(?zJxe z|3xwWGnfEi{^x}9Z#w?(oj`DM%l{LnPj$)VJmX_6jS|NpGy9L^=`)Bqa?y!AiKdb2 z_geq}mQ&phJU|ER^FL=}b?a5P7a24IdC+>fT$XKr#~6%djmW|TMfZv4|6Y|W$t4;; zKD)KjRNVukVk3uR_^E=2$bl8%iLpvM(m_UqER?uH7OV{^4nM{{I}l4WDC*?e*LNMs zRsyk>sbLd|tv38A~?rsj~R24ZnCEyA~($WwQU0tLJ}C8eP&T5??R-i1d& znqqeUt-CLehjRV7E{r^s$9Ngc~5WH-qcVr0!&OHw4+V;G?bq3mYH zOhR^pu`^_k!I&9i%$Vi5XX-4!-`~&kyuPpJ`p0YLzV7S3=DM%z^Lc-^w{pjj5sQt$ zohNGIp;p#~E~fqWE2eHoQ%}|-a7&Gm>@LkT%<16YVkzb=*WCH_%Ia7?l}7hxJ*C*M z5Wk_5idUciDj;BZM#DS4d+z)OZ^i<0+mep7!xaPM!YdqdVrB@-1@){pKlg9Ldk#9F z7AJW0IyNFlaKt0{&h(JGa-<9|nuGcYW=XM*vr7JxBZP1?+V(A@x(O{$oe@yLJm7|^ zm>`{ZE5c?^PE!NP@|FSu`Gv|KHJ|aBm<&Y#;V2u86fW(Fe_f`Q|Jf_cpk-mm|7i{O zgDmY(3m1~bJd+XbSuPGH;2x|;3?|MTCkm1@#b~i+R)@AgkTdPdBBNdCg zn%HEQwqhso#y)w0@)Pi-jUrO$850<&NG+sD7SPH79hO?Wn1e64KEOuV7A5(HU z;C`6u*C`uOZthN52PLomQDB?kBb6S>Ch+p}BHWw-d0iwiwESmJqt1|-@(MWLNPGDp zau2L=c6`1qIH4VGIH8q7%6cU(EuE~IWkB+L4V_X@|?krkk+zxL|qNoNg%G*yrQ#Y_E zfndYtv}nJh+v-*dW<-v_;a%a#Ck)gUsAopBe>2a=(-aaH(+@eF9Ef~{SU)D7+6?-W z)U$`DA;E-k5_ymX@7h1G4&CQksiSrZrvX@+cV`pa@-z&Ak1~q zDBlQ9l^J^Z#(H5fr6aYi{Z3|BW7Ozz7eXyy3w(entg`WSj%fbcU^2T+6J+JR9Bwr+00IE_}G8U)w~ z^7w27Sxd%6M)rz}VqdPFuiI$XtxxSv)unk%3=Xt40X!X!DkA&P-&9Ogj8}6)`pY-< z7sahl011@0^ItO$^UlbtYCyUKwosVPWsycQ&o|ai^%fB%heegnB>7`%liXz&aneaO zzMj~`D9y2DB&lTUE6i@>Ih_4@^x`A0wqM&_ZGqPmNlXMVa)kJ2x{Cz_NSOsvL~D(_ zc#Jt&g|sh}@5#(1%4M1gr%T>hn}*vPjbR7m5$Gl6Z?vUTA=aoM%@8dwERfz zpX>W$>xaA{fibgt=Kv?s_d0q7NeKPghB8p|v(UE$5Z*+dsiflyP61xb`&O(xL7Oz5 z3N;MR*{@ai{X9xB1m_^as8we3R|E-t=)pc{nxEY?s+k^p|mt~Pn@xgDz-X+xwQ-pv9Ba;AlNq)?ZxW-MFl z><$5e7_0Jv`w&O4sD-i>oiDv#CB~@!m8~l9y7eDy_TNFx22A9CSTQE*%7J(!d;Hed zmjL_0Zo~UbxeB0^f3kpEj{sov@623*V^9E${heYf5P|Of55D=8cuvT|YEh!)@AjD0 z*@)GfXMuFqmd7P%96vwSt@wWfZnz8vV`2nkgi?CZI*;aF2{N!qTT z+Crs8>0w%cjmK|#ycYrp#_X+vz4YHzt>XtvihfVXy5n4Ygu4GJ_$SzDkyz0}tW-8$ z>Tw4!VBPA9U2=8m3#iBTNllANHRM= z$~q|Eyi`o7OQ;fIgkPws1DweRKNy(MK$bGY9+Eb0L?PfKqzsO%jE2j`2`|y!uFeVrm*Nw-Oqk zzpx+Cu?h5RS{NXTlM6-@@ZLL~-Oi^@H9YL~m6C13KBILR?-;i#!$zKMZ|^^O&RC;s zn&AqmNlV!pavZT{%L9o8Qq=)h{5J!jUI4FQwKuzEgYxc1;iy|kzh7QUKE#|Tl5OGY zt`d`B`^|gfri=YwT#qJqc{T_mhjllw9(GHsn)2%DZKI1vvukL}LO0sF5OeYf3XJWi+itIu_I9Xr{{? zvoV!8I&s!ElaPz*WUpr|pUO-RQn#b}M<%rktCppy*VlWy)?@?;r~3`YE@X$|C1Y_` z!B?KoEKTZ|;RlGr=`k_Y{$t}3E7N${Pz!9~R>y93=o3Z{YGC=grO0VWZTTRjrei6u zyU`zr0j-FDbRYD2xlG)9+VgSb62^YEc#?HVSkzJ)H{0n=4$7_$mMNGlg9mBSEnasjae604t zI^~V>6tmLN&<$7AEveHX#p&0ZCOFC~nlQF*bX=GHMKX08p)Djh=S<=5tW539qz`ao z_Ya*sJkD=>jDTag2XMDDD%=X$!voRRs$)qInQ^e2S)C8yB? z1e;^NQfiwy%eQYbzCIr%^ciZXB}2)E!Y)TS0kP0slV+J2?5GFRb{0`vnB!G1ugf8g zgG__54$Qqr;EVH|{g0qKbY)%XB5#--XaM`k?Le4HE}Z2}L=N_Sv!Lw)pS3#~z0^oB znOL08>i^VMg~X&K_WdFig9N9d3rA_ca@H^0Gp-j=udn;;Om*w+(u$Ih#;~3~*rnC= znIW6iIQ@$YNG&4#=~uI+AyH!g-n*wz8>|oh`!nCTSfopVJME?2)2+y*^tSa6AJe^n zY%xHE!!(CeSNuVzrRw?9+CBtclv=Pdwp(bH=Vn0bVG7647;&oz(3>-c})Xt{8J1ZMvv~Y()P&Wc?BzZa(=CNP#g^lgg$q zp7IFts;rLPv(8R3>%1$%oj3_WGpYO8SM5;Po{vJxrMHSt@g`wp)HFM;^mOH=FNl`_ zR;LXQtZK!bFXO`z;J3&rfA{rFDA{v*8*I8Ox+nH@$CVGng;E@$h~Ix{w195FTuIWC zyE@vwQC4BnSD=my}K=#UARmU;F=d zKL9WRGmuv+vOP`ef$6=DwUYdm0p9`C#sEzSF3Ssv)z)Yr}-@SK0O^qX;*8JVX{Y6mRT^p-9aGz~2K3-vblPPyVAmmV`u6REd+%^k4;?{8b@fq9e#Z&Y~At zUEz$ex7_NL{&4mti0d%(?DUvrg=^OvmEu7`n~D;#V}W{=ts)-z?3nhUZ7zIf-H2Si z=l1N}_@P6H;Mo|Z)!%c!WH4;EkKBRGK2yPm=^5Srse<1pA~&VXL ze=}$9Pm@Xon5WCI!=%H_*IFz*=G(vqe->9O(*yg>V0e1D>IMMNDx5OT3s-ckGJ|P{~7pPr`bWI4227Ru{@x2VVzw=pii6uUMEdf9VwGyVzrH zH2`$LOY@UNdX?Y47nWSW3$!R0M&{TTYX^lnUatPK07ZEh)X)La8<{){$3JFlgKPy6 zN0EVZU%S~BwetY7$G5~ioSH8A>`ZJlTblBO=nq)#J!oFMX$G0af?&yqwJG$A^ftGc z2YSv!Z>&B&`>|y5x8+C<_JYMQ_sLtw$KadtUYi4gY`9Yvl>NK@*^mVweh^=p)iRACEq4<_)W zNAcGRtY(Mm&_V=#5{N~&qi`Pq!QUi&OrozG+E6C@q`y|SvmzIyB&^N64#n(N7LnAd zjS%72-$vw`zc!gDJ*R_sRpB?lq!BH;P2(}ax(xHUZnb)VQg?QvFsozI?_6lXWxxW6 zkWS-BAkMv!^uTV`)3_i+TGdZ`Os9f^2u^}?ktBv;MXRZE5JX=t8z0k`!!jX#mXPH* zw4{_t79THfn*&2b)i`@{SWP>H6~F$>CqsXI_n-`rZ8&i90%B;p^LxyfvB(o6;hvLw z*gfd22L2;Al)_Q79g2iF!9sm*m~Hhcvrbp&gi~iB7Q(>ee_{yIV#RQ{OzfLr&Q_lO z33j*|?cGe><~L`b+0Hr=cf>8Umz<|PYM_!8AAGgtO4PX-$L(z4)c(R%#4#O5IjF*G zm2EZ3v0CIgHs^j3)|K4cu+u#u8$<|Z-HRf)mpt^9{wCJtx)NTu^_~><4RJVl#Fy@J zFM4@(-!!m9mLS|L>{^^KD6G;lfYp_wISINEPmLD_iI0bU^Yi}H=YcD6vsIG?mG5A1 z$Q|Ssn}OMFM#g9UjHbk|zVp8s+EJ$ihIc?f8o!I#io@1Rza6?^b~sFpk!M#g_toHY%e9Ln$r6YVGB@fqQ*gL!;?Wh zKa+~02eoZF4epdQz=sMkJoepB%H+xFEQ)j5>eVOxg=x4QbjT6|_weYFO?Zv(>|AUC z%D9r{XxA})1{`gwgi{$SByYyHu!%1!Q;*h`uXf*c4`DUG8z>kUW%kA;q!lh~VQ-#L zuV+#6K#1CPu%IngBzeh{Q52h!oZDRU+NnLT zL)3(BFs>u$ZY^Qs4l8XdaA20RNp0;Qy9PJIh-&JINVa2frU`MPf&6fxEg>7)Iw->B zP%VqN3*6IO;S1^|azI9jeZb`MNRa26n1z|wbztSS&n5eSmL$#1E=)>EEn;gP;6}pV zd87wZR!e<79U>v>o659r-Emgg*_^J0G*MO1aM;c8?fdUN+N*YnAC{7{j@mt!qyV>7 z`Meik{1tx>M=Ucvm8o^B4bSlknCV05fVzAo$sx9I7lDmz^tHJ_XNDfWr>hW}Y4D;Z z6xxzk61>w?TsP4zMwNeQ?bKr)IDI_4g7W#qneF8O#VH<^4DyD4@%So_ddZT zK^BQVmkib(E4IfM*(Aw=GX`hsLrZrK+jTK;Orxfw``e)y5CX<}-7kJc8S4My%~fV` zmf{c>AL8af<5H$P|44$2V?DcWZhbW%6lj(SyZKn(Xb`Js);~C!(6M!s)|v~XTKq|+ z?!rHQLa}2G?QnyC-Ddpj57F&#If&@>j!0CY{&p@9K(C|Ttc_M$mamq!Q1yUP_KB@u z%kF!6P|YB|RFX$gW?&Of8xi`38&9bMOQG2JOWCc8nU=_Sd~}(EdR5r-Q3Jh&)o<#< zNOAyNq&*zF*{)RcB&pF6_VX`5`FSn+)`^>&EjD@9gxI!3xX1Clu+( zRTMc-GTyD}CcMZoQ_)A8h3n8Qoc)9?4u2w9kD3V>t7XByt~G8U%vYd3HaCudSyXx? zSSGO}*wp{yo1c6xg;j9p)2GP&!?8AWNjAB4WUWCJvDv~6S;K$Z?3lgQ(uEM-(ASZH zs{HHhUEeiF&2vtI-3;TDqIe;!Pn9X9F~1D}f~jSv>eh~g^zzbl!ccAA!tLTS$>H4j z*yN&tD`5u?Hn|GU`4*=%yUTn)-%9e73+E_>&M0MXlxaS&zq(ZVbfjKBlk2;0Zf-lJ zElGC8b&Up+&ZBGDlAu2JH>_qUbj?T=^iEyI(_HBcJlAh|Fd;fmDH9pV%0b`j=4?3O z(p%cnX4(uU;mED+M&3WkKINxp=y}9ErUZgnb)2RYO}4Ik=7}0%vtq-r?rvf^Z}xtv ztImjkB*lU-pnN@YLM_dZ9b#m@ZPhd6G`ehH_nh7abMsd8qGICQvnWbkJ=RP`T?x7Y z$iIsPNJ*==hNC8&^}*#k{EFRqdNMY2R|E-8qc*4_4VZIcRs|GIWx%QoNAczfPIy$z)aN zBiiX=x5NEBkZkD4hbn1PT`#2KwS=CO?cZGm3trfaH7FVSvk88!?ET$PGkP3LZp_5~ zNw03G)Qb8R95;5$Hkj!Y5^^U8T@?XyiF+@q-ZIyvkt~)@Y0b-a4Gm*T(QUV8a5%{G z0^vC@Yu<@_(VevbSDkMUL=M_7Kef?bMh0E4|3-r@aNTez{x!=$AR?c6i!w(Qi_fOl zE7=TGP~-K-&1<5SMQm?Kr-f_1kM_QDl9Ic>YF3yQy2%&`XTmqdubADi+F(aoGcq8> z0#C)Z!JEnZCYYo&QhUuj;=`b;E_b*CgSr7N7y3tA8YP&7y$j{?qK9U0siIaMEb`b1 zrX!%57gxS~`k;h*evhT@?{`@tqrzZRijFp6^EA`gLu zCME%Ia&TLFkhc@6Rb2sEox^%Ic@#TIwtW$>tk(htmDK%_p#!8oh3fzsHQn~$V8-&w z{v7mspL+6;n37qGY-F}ZRcZES^!!i6JA+zkP?hPG!a;wME6PyVp{vQl>{uE&sWo=K z80G0Bgf`rF?||Ls*!J?$1#n_OOT$WZr|KR=gH52$p#iAGA*mzZ!Yj|QR?2gC|35z$ za7NtDhXy-VDvjwWR?lU5Q;W{Dr*ybpn}wK)R7Hq1Nbp?p zF`_&{^(oog@%AP*jFpY~^?dmV*^y0X$XkdxmQyV%zclsjsA%1T)WFY1VYm9fh;Tzz zdz(=paKjayu5HFY2lD(ba@KtLZrTh{qHp?iy7gG@eJiHaS!w$n62FCf%Df*9aGm@G z_M@B_w{Umd%7cm*{tcU__VElbJ^sH^x$Vv%&LNhG^6BMqRl7z&;@aAxL3g?;Ave?& zZtttr1rYefUcTM*%EwDk(3R_jJ3VZ9KHFnusu}a$#>n`z%_a6@_|yd zIcOSZtlHF+#klLS@jkuMWguh9Vz)!=-2~Y|!>xlUWxsSj|JRKI0{>wK*#DYYSaS4o z(BXetMj@UbdwP9ne>=YC?{>iXJBQ7kWIG^KN2AfK($J7_Hcbo?a({De3W{ZKERR&& z5(8eYzyk&2ER7%L93a#|T3X`-f~OrtQX96uHq{6i&n6b1cpcY}A#_6Ecif;j0{rWd z1za|Lecdt*Ev9G-7}#ze9u*v(-zsA0+h~=?_m0x)k146Wy}cYx7%{O1h1wb{u^9yM zhl3GNf$@9^-z;5YGI58-SYI?HCh{khzl$gn^f3cp=weDAnvw10Lk35d@F vNf7s>`8u69n7}K6zcU5}_RKa!?&N}AeR*lj)H7)2UB0eoe5LgA?MMFwD0Zv- literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-netfilter_regex.png b/2.5/de/assets/images/manual-guides/mailcow-netfilter_regex.png new file mode 100644 index 0000000000000000000000000000000000000000..43673e31f989d6371b84151498fccc1579e29b37 GIT binary patch literal 73193 zcmeFYcT^K=)Gy3A97R#Y28akKCp9i&F-2_${`h7s7BiEXXJ(gYKl`_Td%~V-Dl^burKh2xVNiMU zNQZ`ou7`$(_Wr5Asb{$5*(|94{_@gMen?Z=e{GF=@Q>XCjR!O|e{VY6fXp}u|Y+SwU-Mr29Pf>57gsMDxp!dQY zONvS`8x39!?x!qzCKb)AF8gnK>56H&!b$~3#n^prrq^8Sb@|8Q@)Zxdw(ho))3x4K z{L!klQO>!m7tPN~jJ=GDdi>SO=(n!gAC9=njG$zx)lnFW4K+!^cfB7HVw6+D^uiX!f{McW+H2V)i*njQ6R46Q? z{k8v%j>-4;CC49H&i&fIy{>(~D38+zH_mjplkPZ_*K0E-k-Xk0;qF_#2`G3YJ- zqj_;Lre9Ba$)+_)Pko% zt$OEmpHr{MeLca);j3FTtNjq&*EG4MXtr<}R+wj37e}g@vHWK(%j7 zI5gz0EOgpWm1PtuBu62pQ;Y$3I^boL<2j?|;omwm8C4RXj#%x6u7wFZAg}UcUD4GM zytaUn@KLbOOqKKL`WDcn?s7${p#{SCxYQE)N9WI-ChS9+oC2#_%#XTKC}xAs^4fXs z8}kVSJF+k$hogEoOpCP1xnU&Lut?e+aZtTO2#s z*8fkgu4lHO<6#K7 zNjL))fVjc@>lvAfyAKE_YMzr2)ry`X}w+KJTXLVD~czX*_DOL-4Lm;^^OrA=_f=R08$6a-}pL!sSq{`}*=GRVCx6JS_h=6}PI8XXd-^>nZIhtt#5_<~(J7HS=3PEk&PSA=Jhap!3~e9)Iet2_IIViLTAO-VbQ^-XL^QhppI;+8=Z678 zN!_iL82p`sEmr;9mqajm-mni&ZK z&ugPuw?D^tO0=m@?N)IF0hz7eKA8Gz+?Rb-gY<+vw~fie5{$=kHC4qGZTRIE^D2Bb zBe4)tEud`D6Tsj|%;eepFo5Qenh5z<`hL0`g3jE6nVB&$FMr$=B z2!9x1f$*D5P}BT~pFju+rFL`?kJEuqy%fAC1DFd=l%reXeN-EV<*u(UVGQcz-CCJ& zThkYc@@hNZ{|Suh=9BadFgwazFo0xOdnKa+*BuN#>Jknb22};{8CwXa1A-@Ymol6H zgh{9tlLmyCNjdT-5%&ftgOpuaNR^$rKSttU`cR8RNR^hK1q5L(Ar4aqju?#`{#_hJ zCMApG7z|N;DTjaqPH%HCzNA(?aAD@ZP)v1683i}d7J5hw)W^9j=~6%gtt>gCM~_09 ziX|vB(*uUXrGlAeDDFI)9VnWFCfg5?(6z11+?!|;9YVk%m^%CH2U-B;r@JRqW#akr z!OL#bL8Wqdh{E(UE3|t^(-W*6;|4xPri2=LSU6#v_UJOdKkJK#2Q{XfJg)k)f_yHV zwrBDsrE3EAYM1>5et7{+WEXQOHBQc-I5d1^pk+%TA!OXH{{Hbwf}p8|;lLX_HIN8{ ztwF4-Gj*)~nnYd-QWn8NU@H23VdM~X6kx*AFKLr9b}KQE&B>}!cxI2{!F|DCn+&!Rx{zhNQ%zdU$MiKzvG zNJO(M5d8*#5-HpV$A0HH6^NP0KBjLyp>6=m(VH{M;el(NEjg4=&c?r1=Bev4`l!5I z7wHQ3{UdIzOu{G}AVC|@K%8G-lqYAyl7PYZu7wzKq5f#2VF(Em!>Qo8ILHDJN#T>{ z#|m=Cw9`;d%uWp9bz@dNJw2S{whux%C||VDCSsZ09SG22o^H%F@co$E@2-ItN7T03 zT{*;e>0$uhBmd|QhO=$pfu`alQdgb+;zADd(5_J&Ja5g|7L$8vxsQ0Nzzu_kC<&VB+FR@mxP2QkCeh=erm4D+iNI+hoGQ z0r;G~_Bu{E&_kvNoKpCAW-1$VCAy5)K(iwzZAD;wsFm`5k&>%)NnV^jN*_OB)aXRo z2WkRPh*^m$dP2vRJox*&C{xJL6=1yVLYFd!>5JJlpx$V244N>f*jD0cJ@<71AXVU& z#Y-Uo&wpoalj@P;r~ ziwIt@_PB}mZ=#p4r*GI(JX+*N$7*B*krc&jUvhOMEN|}Qtw4tSx^sln*skLfwtVk} zoUW@?UW1Gty^~cQlkr^aoTJmCMBI}a88`-0wkVmuBI)O-g20ez0q5YOA*)bEPBKn_ zt@NpHN^xb>eXA3MRtRXXQ;C^!G+)W+`r*5<4VM!T_+h=U!v!Gd@KtLl=ZpD*E!o2^ zsu7oDVNGO~tMc2OVRo(Xt6<{Jsm=23sl_Nc;&zPW5t`%cCS5hEb8BGLj50SlkagR4 z$B!~gv}$|lP4GB=yE8}{^HK@+>CPjBLY6!`b^N~ zy<;~xsYjaRj^XA-i#%v*NdWd8ACU}Ubg|crq>jIdxsfU12EyzlK?mKoYP;1Hd*bkr zvZG#E=nLn}F9KVLUA?9x-hrkPflkg00JK@$G~vYq>-8H`ZHp|Fr8IuUp3)h4ZZrv= z6j&WEU9mm8Fpz#iF;(Y-C4%k@qk?C5z@X@pX?bn|#x%%&h zB95>70vdN)7M4UbN*tzda5j@O>CSQbA9WnmLYL6Y(HSqAp-LQ6w(qV@$MKS($8eR4 zgjm|zj!>Ccn+WX?LDhe_mxg#wEtuF zO=K~}TQTkuh2VvVy)cOS8M#sQN_*_Mjo$8ZFH#$qNY#Mw6~S+{XVU)4k@Zzy~NUd=?sq~4u^{!HO> zTY1AV^}sD(Yt>iBx6c8#V`qld2Eb}FZ(-i)eRur4djN9UcdkV&D2{mx;|H1iZ*v#5Ux6y2IAcS{ZJ%m{e0aVYD;5r0uyl8=%Sv8>p`w*NV&t&cQ7 zA*vmq;*>d#$-;o>X-20u**k6?7Ih`#5 zmGVh{^M8fVX|;JbDtiY>xYo85&^GPX`gR^85UHg_Y3D95KVB)?gr8#==;moU{=%MW zX2i9X7SK}X<;(Ylo)dA%=;-eiD)H8!@)F_SjX}=MD5w*5R})FOn3SZTj)$vwYk@c) zBpHdnPYc8eMZOik>RSKK6(9I%r-c7ieQJejP*c~Qq(M@KQ1TA7PKBU2MlF4H zMU*IXw2Tm<=K68KrpS7h0ikfym7umU-XKES8*(3Bs)&vov^hb_ThUrW^BaR(fyW6j zo3xgL~o))m{)XMV7A0G3W;klJoSRD?)0zAeI);F>XKIJor z>xSQ@s$=Z)^S(6iU_t}N(24`J7y?W;*l4YV7{>T$=goA0pBqMOyhufr>*IDA91__uIsNeHzcN zhj;c!2lc#a)XGELh=12vj_4K8LgQVvz)rZRSYVGJ7T8n?BfOEyRr(njTv6_VA5g>*d#Xk0lF0 zhfD|X3sAJfdW4|fw-`0aL#>G5#9O}7lw*eenUFO_jt*T*(VPU5t8(q*q#t5URWE9* zwT0AY7NP$Zcmn$+Y<`e)ysRVER7 z*cCWSbb7N#U{4qGdZug`X-Yt@N@BRJ`!F6O%Nzdl1)Fdc(h(9~2)*9G{)T1pP*+B89pCgrwKgM?Z_mRQfESYLU+NUY)y#l~l#CBx28W`n4J?m> zh-59u?f!C5a$rPoXA@;R21wpSVz}II1hV9V&8gvVbtktCXRn59VArsCm^zs=*YAOh z*A3eKdYa&D^N4+Rf)YtV^8J|UG$`YGLsSp?T44s^6{Uw3(0ug9O8Fe8^zmUqzrLcT zoHIRmhb!q3)tA!?fbly8Wb*2uRY&ob9{3KTtLp0Z(4Ln3?i)zax!S_K&^6u`AbGBp zH!Fyow}&t#KHo`M8OXe&!{3uqt`bKL3e&IGObYZ|js}NUz&J5dp{;PmNFp`E$4m`? z@I8=Bz~RVF2pvb6@4+Oac~I3eJgUnJAn^BUfu3ow5hk}oA7dkfe$fpOzJbRxMoMT! zl8;gfqM1KNBv; z4ugm@jGQ`^qpi~#=AxYe-@S3NU!~pSqqV(?n36*9 zXvsBAV#MK&$+vh0(y=c3Mee6^Fm9lyheE7O(F7d7)E_ywNk@6-v31_7!2pOviu+c^ zp4|rxx~d#wI9t2`FLp2BH!74lWJopocvq?H*8#FIa!0es%)bL~__6SS&C^`#J9n&S zZXGJ~C1U+#sWDo#R=G8Ep(Kwoe0Bw}8h62l2EPU%eumcW-}-61n&M3+-;OxCM&Oa* zry6ha2sfipAq;r;`P{0a7WpV!h$%l@kF%LXT(E74bCdJLBpnJDZB?7lZp11xa|A6a zZ@~-@FKxTQjFcnHgfJv<@rYK2wrhvZO$sslt+c+)szXQLWvthU;<@Pobzv6BIQGAp z38cWL#^ORQX=McxTpGUSAETvwTD$?rF}siL#aE^h7{^l~0Zsga<2MoanHo_ex;&8+ z35U!}qCMBl@>`m5J=DzX8?wj&qX8ys91<`mq#b#WpeZxepjS3)3qS-RUi>Ll$4Jfq z;>aGNu)k&E;ov%%OWmLQqE?MVVFG{Zw-g{~_hU}IvfFMO7&IujWLj&T(rqSUAv0TT2|yQRek# z;&^N5gwPM(?sr;#uqjzuLJ|5E#^{-F zca0j37793|K_hZivgGU7F6x7Rj!9FN_n$)!{9mp~{2${?28&wAxScvaP` zp6^(UMFnpYdLB0bErc}&$fK!@`y)60O+ggoyUBtq^eC6_|Dk_eUo=53?xjNj?h%Pm zZvL|?HfHt3Wt>uV#l-ox4)QYPuB@O&&K;neo)Niu2|>}b!y8Jj-z*>#Jq{R8aL)>9 z2T)oqf>Swv+x;&RHCtegD-pI$VZ!0X@;`2WNyQJSF6=k+D(f}R6pHMfL4Ttdi;xTf z_XH87J_5jhu?JkE2G$36lmZC5+$$UKIm+Y!gt(gp&c_bPweY zK02foi|ke8!O9S%PIjD?dlgkTjD06($egvQZcS_uQn66HqyehrYJ*TA^44KsR{Yff z>4VD3<#kG4o!i-E#4j{ML*uMUh4lcUfEj=D5*v$pk9A!tWx2Jsd5HNR-=3FolgWNU*&P5UY<9#%8?3ugS&?#BX%o&a4S+DBRRqq zFATVixMwagjRVY(Hr#-+yZ&`YRIRA{jgG)tTt`s_1wMQT7~Dj69ZpQq7*llqWipzC z8dhrkef+AlcKPlhM6mI~*eAt`5KjP3*G)YgXyFGMhLR#Q0Y_iJgXlNHr~@A-pY_X^ z=zdp8-+$03EJNU{0i%5fhAq53d|<@x%jTnDZg|po5@{IhIlLn82OzsPX#@ho=mU2- znKF3mOq`Iq|530mi)v^grynA`VuWrnuJFyfE+hOm{w1@#8~`mnHd`TYLj!Xy0?6w7 zkbk(e!gd&QsD=A6WC4I+MAGnGuYGU8gad$s#+{B6;Endizva4w{66Xr*AD*S+8&?2 zyEc>~d^dtci-WQYp7@xa??&JZbMtajKoCjkEC?MchUb()tm%;!h>7 zEJ)7`lbh%X`;aN`9y7|p(H;v$LyIlEj7pTCK}W3!Pb#ZKs*OMs(i>dIZOFGQI!Xs9 z<0&zeqj+zopOc6j279%IYN8zB_sl!3Lz<5J0}j;F(B$P7$=>JCa>Mc91ztOZZwgVZ zeIG(}C~tpBj`}@0%HmeaT6gCS_x(^*-EO5N&%oy85M!5rndM{@eIVl&h_bq~g*cA( zFFtmoY|Phg4xYdPNE7Kp6&L=5{O3*|T4of9tRe@rwi0ju&@0XidZ@so?dlH7x>@bi z%@_+qUu^wSDFQ$9FNdVopU75o@(&;Je~|A!)Y5r`p z9y>NRrsJc@k4-8uwvb$7)NgKaHUB;COKl6cM}!!OZ^2ypqD);rgx@au?}=ahcxSO3%=1mB#PKyczV^Jn!61C}rO1w_VRn zC*>G$7(rz7lV&<{MCS*9-(~u|?NeF?0e)%=dRltz#l*hP!Mveg5q?+aavH;fC_{u(LhaWSMX^GDx*0I}0bs#1Yz0dh~gipf6&LGkbexHK@mXgu8hv z(MtXF_t9T!ubNn-z&?4b8V#rT%zb6o)vdjgA(?W*AvGgxMfLD8*mGJRyE4*{(9$vb94Y^3bKCK3Qyu0X<*c>w(yUiglL? zBt&XGtk<5^@Jse!qc-2HgnkV z6PFx2u+wMk(1T*7=1oLQE#u}mAN#OaLrK;<|K<%d3-DG0SXzt}LePW=&b<0UB{`OC zHjgHCg5&8UK{hN_-XT5i;rDEdpD+gx9q`DONwyeOp3VF>(fsp8*2@m@HkV`v`F!9m zOxdikcCNJQVbPjT z+OD^GRtO%Qw!0~+tAnq4V$Utgdh0!_fy~lht2~ENxh15(8R#yr(@*r!I$ea=*A`w# zI_KtfBmFH#9a|B%n3$Sj{%OwirhBc%kJwlic5HwW%tw{V<`)z!ofd@*+w4LoW19RA zFd=s5&|;D~LUzlWslwMl%PnUZ`(#}ho7{bNMw%MJ*Vocr(EtP(ei>14D9@AR#vWvg z6w)n7F^21P+qALE+S&OC20Jd#IzYQ2fB-5+Ux*+quNS2i;v+VzAl*FM*YpO6!2~yyX-TKmANs6bKilBawD>{N=vMA|Ay$(v!?t}XwVS&RPwaE_$^rl`osshce~I-- z$6XgMs5KHwe+2w?N4iStx=J7W(mf^?ANYQiw0C8|^~$HbJfPzz!ynU`lfE^@|4`}k zOH{8n8L&X?eO>qMXjayHfWzz#)8$@ug;nGu@t6jrEk}=#IKE|f?G20u+!1!BEreC3 zdc8kn7~bTwGe5tSt!>y{;7d6$@>zNpxTzps$DfYy$NKvCqrEU(lERh^hA43#)i=du z>-7=()~ZNL>sTPUE5%o@?8EcRE+Z|a{Oku0;Z}lB^ZYY9d7ZE0@~1R&g`4^^I#q2A z4T_p-8a4MrZpNe8%qmB0*T-qjfqBQFqMu9){DFfaFvWq2zY9}DWzO;o^29g#)|c22 znOdLv4@U0c7cWheZI+LmwF|%Zo`^+;M6V=h@XV~0J}<5C;Ges_G9^FLpLP%1xbWrK z&6wWhp*S|Av)|90PF)F2ANVW=C)?{opl{#{3iNjK)))H-BVe3Zt=b9u-+CLb@MFVe z1}zLwd3U(s-hc7vx`gXH?B->nBGpTHYkZ|m1+8rgLv1XLxN^8Oq8`IQ*?h-Qn-iLD zipGPRt7&;`Jlu1~I$5&A_}-WqrYi3J_4^-h zK%5`4vGm*)2A#5rz?5j_F6=CZc8Ha%JgYQuRrM_CP&>6}65s!%P zfriEz7H5bm;x7(lPhYN1Z8_Wk`VZkqDJ<(BUBi&@$WSKSIEgV$WFiK%8FfhyW%87_ z{)7N_Xmk6FGQL|QcO)_We3807zK~@Zyh7zH2Wp^`yIdCB8u-k8W+Oi5{jr*QeXW~* zDG(p3`=VGk<=8%7h>Ub@vk|`eCdyqtu#`>PjETZFMK`CZo_@}?>1^Tox~O~fe_y`3 z+r=}I@HW!1JjI<+GoqUPph9haY~)|mxW3nvCZQW$#0HGI)5i{2;Cb%n=mS)69yU)r z0!j1&rKaA-$*Fn$DCmAJb2bPe9pu!)iqc~m@1(SxvH6}&3YwXkn#oPS;Ns4}|LDBL?h zBcQg6CVEP9;+E6mafZ#v=f&XjO64YtK9)eTx{5;P(@wzYxB=eur);8tRGWJ_cfd;T zAy@B$m8$*JWz*GRV)lNT@H3fyq>0l*cOBE`!tM@bWZVg}=@)Nuw^D^(`oUB@KShn| zF7?|OmM^4rKTXcG^t+F@0y(Nd!BDda&PC-lg z+i$rx<-)LA_@PVnq12=p!;Z3K@~xe*QdNAA!~>iNL;Bn-6JOg{*ju_Ha3N1Kzp*f2 zx=2nK=I3DT%Vid_s34ZDJS+LmsVKP)?@s}q_vV=i`^Wz=@=lw~t=KRwl9!7>q3b;r zczrK#pzVzLmrSV8hQ>HP=~eIZ!)~^#YMthzwtg@q<}BuZ-$+XwsxD~vw0Odrs$AbA zCDzSId*2GkVmxb|b9}HXeTDBz$iY2XOETs>fE#ySO377Xo>7$v@2nknCJVc=WpXZap`UUucQ%=}AF zcov!6a?bg3b;E{I_vekCL1sQ$Ww&IuJ)x`kQsZP?uzbM}zb|w6lltEMM-Nq-%Fr~Y zlNr<7{9r3vJEbPDO^wpY;9djn%=sBL@egW6N4PQ1OiF9iHQje23FVp^Z-h2 z>GE~4u~`~=%2db1nr2G7zP{cT?C|av%>2B4M^Lb&v{aLL;kNxq!5^V${@@Xs|D<;2 z!Gadh#zb{eQj(gY{-S}ky(dF491brnP5b!k-9_Zo)YOWKil}dxU%Ym_niG?pk^*-P z{H>(#q8k`6v#@~0^&Y!Een$mb9zf=qU#)2`KN=eu4JN7Uj(MBadqb~Sb@xs_^EmYb ztHmlX;kX=hdpTge<(Tx}HLa6E`YS<)(|#IJ{*waHE&rXF?TZXhXKd+ObB4w0PKK9O zSBrc7LTxl}s%mPIVO}~GaOY9_1{HAOE|c%x@2^2C80>EPWM93(Vt6sOH#m9|Seq{?G|NV{SIiV4WNl4Wv(cem!u~B24kns+#_bJE zy1K-fD$+)pl7+fOr9|WM&3KNq8b8C7xZqrL#A3Z@URut(>OQS@gNQmqw#0^l_JG&& zZnmis&9y(9{Hum*TU_t9`A*-JmlxEE#b*d5XibB#eMN@Ca$ZMSb*w(pVtxZbbK7Dp z<}d7L90FHEiXsX&r}a&>(B1?xo)nmOB;T}k7aFuaE7stfD$_Kwkf$Rgu!)kEEpl4Z z6{FKq(IL4_W;uRqI9m~bO%2FetNQy{WoBxK#4VB31>0|>Q0C315_?qdUtOv*FKYYJ zk~;b7^W_C))C|gx{>s+VV=BqQw)ti+d(z8nr0ReB4l7sHANzb7uP@ICqMtFpsIKSa z$*Lz=x29^+@L4t0^ASwI-cO5HP+`zjo10&d%eX?Nu>Y$Nn~G*?*IEc$|Kq>?CU5=- zI#;TjnS9r!v3^-ErZ-WCohC57CgT2I(0A#;H;w_B@a905<#Mb}g76b*zwXQ4eczyF zenJ_bjgkl!7X4AfUzi8_m+V|tgO)~V_p%#DgPGaPVMcvtUj%BI$v0hQRPd<<9R8-K zzEgi}PCeqE3f1Shr}AT_MMy6%ug6dKVD`0@r;@!}cplR`Y^3p5xHq%~4VLkkj|*9K z&(83i=~qYywd-{_xv4JliNy4{rb1&O`pQ4XfWaj8vJDRNX2pUb^-KLVPIZ?v~BhO7!A_o4Ar)9 zjOCEdc}-JGRrF|%X*RP_brFF?q-cBO;o8Sk|GRpqs3ot%ty1z|)~!@SBSVVorxJ@a zyPh>H=3UjfC2~4fcHRG=s9yHjU6xU1m1;9xL6o-BU>QitF4o&v%yTj^?19~a0g)AC zBJomDX+qIUcREviQ{d|3gZD-TGzU5ij4LW?b&)sEqwPh+QnCd82p$2-T4%>HzUum5f> zdCk9X@u+He4&zC#XY6X6uZGw^19-W`21DP;4Cf7B$avr@5T|=4t>Uk1b5A7S z*L$9Lqec$EDV1RLD(ml%{Wgzw{8MeKPk7|^^`)U8;cKofPqOmre&!>WzENYCd}uK4 zTcv?=c8ja(Ou$V4WNzAqKDD#K+cQQlR;ne=K;&TPT*f&8?n}V|1Ns@F|H`GA znRPnJOV+%c=IMDsGL{;iP=50~m!-H~Pk18aUQ4la*jbx|&8nb`vw^3>oJx>)?IY$g z2MUt*TcY@Urnr7ao+fJKNf$Deq*l6{y^g<4Me+rp_X-cz)i#E3vUV}S4g>w{Fr%mj z|E;-|5k<=Y>UHL3poPVcO$`U}unNSAn${`@Ki13?wANWN+;C1#erPwqf(mfUJ}-No zB;)}abj@Wgeu$dGvGq9VoTSdfPu8&(Uo=IjO-e=r=NZ<8InU{Eho9U7G(lBCu12GtT+Got{QL8G>pse${xHYJ`_*%-%xQZ@$IW<>-FB9SF zB2k!XnQ?2H(AvaBLvswVTVTyIaDyo$wJj+#JJX!C<{H)%>uuDs)noVy>@=pkhqs?`eaXp2Z~ti0d-uS${#B;w zepQ7EW0jq(MQdtT@TeNho_ZNyn~_NK%XBX~M@z0K^_0M%k`$NsHXD`C3{TdgwR`5u zHBzfCCfq9Ol}$4LbR%yH|1&Ytco@<&=v!JAGic9`C26NkNXR4`)e7>_9?I}a&#h_= zN8zm`cFhhNAJNQSTc^M{IXzKDq}abD$p2-}Mrmt2h*FLZ;N?^s_1zx#2ei2olf zhPtVTN_Y8z*{qg3ijz2M3yJ9`{ltIhQStuoWI3ApHuB2+)gc#%B85+9q*De@Y`uaX z?i2>50h)i#BI*Z*--(d6T!G(TWtM5D(#!HMKjrxks_QHjDoRjEp;Le8k}F*NSeO5X z#GwK+DyCBR`3(m4spVb&bW7a!p@KN=AJH++Bk{{yz~^@aZ&z*fE_fVEp5 z4VLvIx_HSuQ@MfkG=P;5zawKEd!bR%{(YwQGo@M`r&u_$pLADHJgm{X&lMdl9fMjM z>Q12J*-Tmq;!4Z7$&vK?Xi$0+ItySQMq82NV$XZg{%Z%^GC)NipC6wjnTOQWTVtG{ylZ^+&fcSh?p2ZC+BipAFxx@ zFiKoY9q8-doT8wz9XP0!Z7P5b*1gQx<{fUgyaaA)`FG-x?HLz^n(p`4l@w>c#QBM- zf9m_o`N^SIy!rxP^%)7A{FkHvlX}EqiFjkjkUS>+gN3XoI@$^05s)72JMMm;4YZ;} z5xd=y{_p!44Oaux3u;?(Wbo6Pw7Kc3DCvViz~Yto@mM{D97-7MUI<5r#*jO94PyU( zm~}{lO3&3KQP)gpI9q6zc(4(R=G0wrpPm+fFQeFGD0G}KkowMIVulIV0|ya`2)I?r zfPs|g%;1hHH&imb%#G=I4^1QzO?N2ahMT;M2NpL;M!9&aqDL{2ouG&JAdJ;Qkc%5( z+@yb!Cf;qbF3^o*rElc|?k}S?a_|}(O8upm+r_8jsxl@&uW4<$3#c}A1kVtXl}H@5 zciT7i#hM%JTTR$^2*ZuKtQSge12Wk6Vx_w%Z*;ynB}w3gu=ehfE*58{4;ZDZXjPZQ z<{`HyuPE{|>@-iQj^G)HF&s2B?l~9}3qRE*msQVtu@bjJjhajW?3R4sc7D1mVBc>b z;}3jODbXZrqOCYxT4Qz^}gv&YF;!DKN9K0Dn ze7|;roj9YL0+ityw#FAQUT&q<7y^C2yq&lkc=(WXYyG=*XR|Vg?#fqAVjSMDOwOP! z{4yHA61)9}V$>vlUiaVOV!#d?Zg$ryLHxs}K@>)noGgTe`ZygKz8GCm@==z;+xxD1 zem(_YU3FfEUpx6xqx){Wx(ti>a9?vghMwE@HR`p+#jfwzk)2T_<*jkyWZmZ=nR(}k96K|JwD^SoV@LY5yJ$yh+uhiwFaVs&W ziW|jhQs9^}^szWmmLVl83jIB}O@*4eG69)DBckFBdrRg`z_wvq|0 zI-=^u=_40t*;-*V>Y_^_E#@xu%l6My%D(n}e9`9ntgK|-&LGW{t^!v8Zh5qbB}+PJ zU@EdcBekL6$XWt?lzK*3?%r0F{C>-5o9^Kze<`&x5=^1y?>fY+nZx&b%|6?yW)13@ z=9nEFz7!@uY)0m2^*%K9O+g+%n7mrzh>aHBOoyNg)W{860A90k{~P?+yrp3}yZlWl zk1wXKz0{Oo30)WdguCMtTKwl?{X}~9;|ESQJXUMM%Q~e^SLfmTpZ|P$VCd%iMxuG zW-J$t3H?3l|4GfDq9M$;eof`#4FAF9I&b8N|07X{^QV~>maM8WocU}!C5kB}e?O_3 zHB}ul5#~8v*P-tx8@K=USSGNFtl%?S|AnC1gweD$jh*d3`}noN@Kn^=i6SS-27_$r zx`-F7t35J(t6-H8!7v?1TLnn*6z5H{=NJ6S9^d;fn^K2nvEoG^mU=5DHw6EYKDtPI zGj`M!9nf}prNv}O4ZtPwIf8rL(8}A+Hr+wA+Pt@GI_gq%qBwU%0QZ@pc^*#2^f1h+ z6#K`I*A=Ky{KLo(j7RFf1fOIlaQLew!BQX!*GJv=oStgH_fFWu`{a_%9CuIft!Spc zF8yEPnW+I_Zny0W0FP?|qINPsWqpszYG?(%j%1KfX)d{S7}^`U$^Y?WE9%SbhQ*k#Pn&ND)<7n z*I(lGJvVrU#49>tM~_^2SX@oTq{R>^>Wl5xiUF!Onm?$vech|nL2{+4xH7U0dEf85 z>7VezJ>$XANWjH5j62r}i;Z_!^;`DaZC8IV*bR7ztL$BW7vbf%^z#!8 zQG_$LftG)@NI2ZJ@RW7nP1Z&6tiS)nHe+jSNwumFw(`uvNm;dxM<*w^H(q_Y*>FQv z*FkQ2^<}$}M0Kv1R40ms^}NKm1zT-uGAk=~$l=sj)k75slX%8^`t%6QsqCsD@^?s7;GvWE4JXy-M|)H@Va89+V_*a+-0RIGt>)wzLMfUfOhP)x7g$h~wHO`sz$$lY70u z#RqAP(qm;*S~P4iH;s55C$cth=hEqMogiCX1v9BV;`J|Uc?Mk!XID@;Y$^6ZbXK%i zd8MyC^rCw#fHlD|BP@mu=by_NJ*J4lGWuw-9O`O^Z^+9x(K2X2b z7j8A&D52ZgL=w=NXr@#g_g8UJi&q}&6OoW<%7@cAq}7!fsX1Wa(Yc0CK|9sMhiI9m zh5pb3uvM9MPGMOO@ZBizYXn6fp`lGSH?291@A;HNZ1BRt*S?^)t-$NiL1$0V$-K!B zuRQHsvuYmS$Ax48l)ZNKMO1J8qeFYg^;Cn{(Po2WM*lqarC=9Cu_BQqGQcPcIf%hhHtLBw8eKL zeE7oB19gbsm(4f@bxG!$vl38Ej~@Qi*Vwzg{ena_#M{gYgSY3{BDX#zL^@}ksMe_m zpeN&;`I!Wh3mnxlVuSC0u`qg*C(Pxs`6~aymx)21>HLL7-yzML1<%r8ee}+dM`bzr zF8OVCHJ!Yzn)*eS_*ZX+)i!R5iI{4NQH^oxTud%y9q`i&m>P$;``mZ zo0k6CS%Qio!L%cAnWlq6IVSrYB?Aj#@<}t|!Kb4@caM)iS@5M=$~$LDh%5o=z2ROUNKq6BNMJnbY}7LI-Tg^WpV6(@EDt5^JcLn zO1AUdQw!Z-vw{3GVJ@$G0xx#jm}b6x%i8MT)aO<+pi=sr)8c2~0R>9HxFvNL3s|zH z^DgS&%w`w8l968W$TK|8p_;nb2#cGBR4*uf4?JsFiRJ}O(Ta8E5!E$vkeeZYir%MZ zSqAB77tW{d&v3KPrd0Rt+7+;HU9fymQuAX5Tvii{t1n(Tyyqe&s8Fe>ppXgix!x}a zc;X%a)%T>`OBENoaCW=xf`Wg6wEK47S7UuuL*+m zM8Vj4$%H4KbM5Sly8Zh+)P!)dm;OT6eet|`HK4S4ORgmH$?IFR*8My}os$X=DN>nH zr@)W823lEDG(=@}t*Le(UF1;^z|wQ&))<8!gu3{u?MYN#Y}MB*kd_e&d>Pm8>yHrZRB$;C{h&%(b zpv;dkQ78$0t_jW_t*A70>+69YJHpwe z;noQ+?wPNPbnkAV z#Dk@gK}mY_;zsv^?k6OJyM|8ZOx5Y?h;F8LQ)0*2D9Pz@o$xo(hgfqA!@+LMoeVUN zsTxYS^}Feyg8BWZb!9VA*p4GfT?lz>PdL_2c|P6DK5#s(W)lqDQ=IpG+3z zu3)@5=&*|8yKL8xBe8=^)K*S8c(Idg+m!{y=Jj`P0)~Muyk!tF>3Dp08@ov#WVg zV&PSRqwlMJd)oEJCs#jPcmQiPTW1F^@HNHa;?j>MuIIQ_&+}r5XozVkMJt2=(d$Dl zpct%~fYisy8gfn!LYqSobp-vRVMs*$pvw53ZfkxM&T13?m?z5^QghJ!9Qpj>qE>P4 zVm-ik?zK*P``A;^iQ-lEL_RH_QB&p3@-b2lnXg3@O!qv?V*z>cZkLEqxiC|2SD=QE zrKCW(Ts0nXjIbjzNs6-8<~)NZ^6EB8tszB$fqGsv-eH%Gh6szAUF;rz%n4YVFMlL> zu^da|m@(T$!ZZuSna3bpU!GPrJkS!PS)zt-WU|xi#euNrbB>-e%z)B6O5pYnhy?WS z@jOEt8UzHYP0GsPRI4%0P5wwGiSB+<1_>1YvYtPtA_HY$;S#Jp-IsPex=J$A-x9mV zm9&x)zT?5SBPZFX!F`}MS?nu39s;s)nxB6Frb&#hyWKL77AeErDbzOObB8=;ipeF) zpl88&Da&|2#B_jxeGjKVNCTc%RKNCeET+Bv;H%OeSHB7>6LaBhPU$=)F@(AxMZfT= zzo<)+5CdYFa?m`9u3yMY>g>5nerMt#mu&O&^ecMHpj_#a*}!|rf!`J`PGrBN=Q_v3 zIbSS-ULJ&mF(>|h;mb3fjWf955U12vlgM5FhfJp$OYJA|>_^&rLF2oPpGH2bMP0ST z-S!m!8F1^$TKfqx?UgIz*M3nrlSR#>`QkYYBM;`>8O@m6rQgw%c@yvM^mXPByZ1x) zv>)IIZ3|wBr#y^UG$FczxqYB?_5$cvMg0ad?MzmncQhl#nc`N$+fs31U!r4C=EvH_y-K3lV(Vd&izj+ugdr& zt3Ug*KjHefpK?p8FA$tRftN4$vjP*;i?rC_3xJ*A!V&QIWRI4vuC9g#8`q*$!Edv{ z0Os+9bj;@ZK5&ZNXg4b>YjvzR3AkKd{yfeEeglx61gyKNfGr`Abr1cq7Qln#2j+?1 zXlrYOKpcO{$^sX%G6)3H*5(>}oCjbl7Gp()1qE6}dF0jPVo?@v-Q62%So&W7zUvg= zvEXocfbg}OApjq9DYRew-`_Oie^UY>aOeNek@0(d|Cf%8KeyUA3TTE6uuP?6&Q)Dk zNNOz7IYEKBJY5#;%FFo=gsV&wZ~FoCoaG_rae}kMPX7hIbNv(mcfjW6XTi1R5;N}N z9koe?om?kuio~6#o1JOVL)YP~#nlVF&jK2f$0oF=1~A2 zFztNwy|4TNv(N&MT*$GmN`#DXd^x10DsL8Z4yd>14&la2l`4s>A`7WEq0p9}0fW{D zQzvd)=O=Zd2iY^<7sVoQBd#D4_^2|52`6}#XmNy3fe1;{mXT&i3(t&eL-S<^tE4id zsF|5$__lnb%l7wV0Zn%ol+U-@g{ zc=xaboo`<^1RV~u4A|vjJ&#_np<{i^O$cOjNy?pAlHDZ+YFzd%prjg;9DCUTbd?Ly z;vv9iZV0%4&t6&SJf0>1uDG%U^o7!s35R8Q#`F=Yx*Ef~-L|Eo$z$0R$e(bSr4+Az z5S%q?vS+<+>vd#KcnTel%5w?7N&!bg5YwWLmC7R0QotK~#hJM4nQ@S|HE~>HcW{Ar$Yg1$O_ka?s*Mfh7~e~Y%{w^+80u2~ z#u{r6k5uNvjmGn2d!r@a+!7gg_p$Zkjq@Nq)$s?FPjWQI2JgDsXf%}F8bRhMYD;lR zjVrH?mW*T`P35lNp&{$Lr+u$erR3V7Ay$8)<9vGp9s9GCj8Nw(fu}Ev7KX@*M1SVr zwBp+t_1ClJd{n1$03AK#FxDxRClrb8b;NWPae5^U?i{0%Yl1om{R{B|Dwh&1t_EdZzlS$%+IyL|E<}<3y3W&-hge?&M}dw`3e@e zVdT@RdX~dJPppc{sXk-?Wlr`o@Ef?tEN`=ykun-garH1Xh;y1|3T7nZ$&G@jJZ>SZ z+H3Tl&>Igb2Zx`{c?NyR9=wZ7??d*?GRjvI;yW!PczmH5S_CLLASB2c`k@^@N$PF1 zE9yvue1av_YEc?XzR_+X_}1PVeq+D8LAlprEZQHzqw-&&E&CP&g#hZvIzdSXS6=kZ zImlWw3crDyDOIG1XOMtXM$Ft9L@AX+=R`&ch@Q2+Fxnq9VXO~edWskjw1OAA3G27mQGPJp#b*N!Yg&lOb_Lz;5dWi?(m|Y<9np} zp%3ia%>_mixwyWO{;9&LM`@MmP4B1ICOEqoKYLv0qGEuX_cL|wTz$4jT*eamSuS=< z;*}A5+|&M#qk3@8b5(fK+T9w#y}Nz#qI-yE=tl07Ln==If#!X6OWhq-?h!L>jPq*T zFqf5$!j;yY4;ixyPtZ!1ru>|&;-){AA(Qf9^c#fQd7e8ibgII5|EF>k@s8B0`yV)w zW#omE0#^A~Cxxobta^K)1&4>@xi@w2enzV644pF?Fny6DGO2RVP^KOBL@1>yuzvk>cL8vNb~6M zSDT`H6Jf-lZi}d&YeNCAI1Hn7bSt-9QW({!7(x*J;Zfdpin(fc>(GsAURT5+SuCT< zub?gP7WT;}r6Y^w{z^GdBH~xT%1!3Z+w8qWG)vLR@p8-~ob^Vb$SeZzlnD4m$67U; zU-%#25F^H_Q)=5b$1FB4zO-Kl|2c0w!EtI%)@xd@2 zF-A-E%^lFZnp4+zAIeT2)99RFFVM~*CkQR;NX*yJ_^Iuv%OG+kqko7XNin2|fAvZ~ zcLzi1F*>bvUsTLt~t>%kZbb8`dcSG+HQMf+1WX;!bAJfd;5^~ zypHiUvK3iXugqcQ`POdnuTR^^mhUP-VnNyx|Ps?@-&sG&pO>!Z?+fQ$bx9(Sz4| z)~mk$vR2x}I=(rA=S9*l@8izSEEK;67qC&+$+tME+-&Ew3U*9%1k zx2_Vx1$rZ8xO@3|y<2<1c?Ca`f-Bl%Q4RGvPuaM%>cLQTm127kKEoto(X!!&*24nI zf;dsHNo={3@hrZc7ra^Ece>7#mJ-yCk2f&Nu@t%n^EoWT3Mc&nRr;fH<-2P_u*io6F*8C!y00RIoW_h3T-sb@;i+pQR@A}Zs-nW$M0aM#Yp6;Wt%ew93SmcR zKf7VEMv4FEEK1G#{q+QOQ^Bt^Ip5`D??(DZuF4%ezdd3Vgr8vSANSel338GS?0!N> z4`!uxMH^9fQS>rSg)5!S<3*JpMneKDK_s}Buj&C{OaRE2A>hLa<5X7FweN#6539r^ zi4K~po0l1puT0n?5Wm+0e{d0=N<7^KCO^=70qNf#dllFNPJei&^=jBh6jbV3<9UAtfmazw=R;9LH2KAzN)OMBn6JNlOvZA5Kvd!Iwo~5(xi5`rLjV;n`0{_i|4*b?w zQDMle1(+)U&?vjTJ_O(Y^&huX25!k5@3Q|ztJd~ajtSt)C@Lx{EKK;beoX=D*W$uL zz$TJtaaqDvT8ycwsWD@#Mt~yHy0}Uj8+E4Qi~;T7^5^cr(9jTIOKENT93t-ir)mAl zhu^-MD_8zanfHGyc$YK&Aw;DM)X`$UisHBLV`F14K&-JbIgR1HK?yP@78YIP{(qph ziVF%DnVHYbe`gNNH8R%!c8iErmX)P5BmmA7nEi?pTYGdub?Mywz>Etu0eF$GhO*-Y zRT2!~Jijws?rP=rAFkJJBogiXdXN6zGc>4HSVGWy&rjlF$scN4SXeAxRxrRC-ZHbY zVp3hoY}P^K;X6j1y$0~1#otl>cOU=7rWE@B%WxuB)!cZp9Z=^qAgh4yh)(uI2@VS| z{^8*$Nls7~_Ot7l;T|&uL{2*tx&kBRvkR78Pj#=dZvwzBak|?*)|q+nN-6d4i=FU+SbYie_|O;B>p#)`F-J~UoyEhUI#F0~rxt;L9Fu`K z`>q2$5+M5kC#Xn0q#!h>*(xagGqd--jOH<$Wh?q#cIr>1@M*c)gchI4Ctv*Rg=xAf z=&}mmojmBaMO)KfZnr+*5Sm2~e&RB^YoyKlu480`32Uj(NJKL`+jv9Rgvie}JKQIS0os&YbiKKkBQOaQVw&I=mXU)au%cxvE2XXUPYEc|LC3REgVMxOzC76hX zSOmq?=kMb!oBfBQ$gid9+NIS>7RObRK7(NU>nhwUhG-C*ygWTS`7xN!e|*8QiY9dT zj`HL;L2V^8t*bl+)B0y2y&v<2mJ|X9gGLCc9qr380AI#|Z`{8N8Cb;M&%u%H>qTU6PFAXA%Qkj=yDjy$oN2l}}WvUr+8A&pFg`Tv07X+}8h1_PFqrlU1)S4ZiN z-Cl5hj$VqjtNJ*+DL8mx=7qSrUaGLi6n*KKLyF|et1xxBz5GbkrNEKEf^1n4#_;}TI~Xz6}MpNO&_4Pzp` zYu+)Cr&6_=0 zBr!70$tATY@yK4PD6N{d!2?$lcKvcMZW9@!SeRnXRZ4{nRH-;W8rmP@?g< zzY?m%5KCjYH-<#?i}E3|6GFN#m-B-j0C!c#AN?1Q4CjoW&`GZ^0coPs1gXm`Y7Xk^ zgg-XSgKYHlIM<=`P}p#lrJv#Z*;}NYEzh#|9va;f2-w2XqjfssN@?+OAf*twM!59K6?pDE|PzytViHm3e@EfXPx2j(A_*ZZXW z%X595GrJR_bR(i#1?qCRa$O0Vr|A}amv6>zf1=j_kwvZhM#%j&{`U>uv=nK5KlwG7 z-7JtUrCne1zSeXkW*dt1bXU`^{fF)zpt`d=7?4Mvo$K&&3JagZn_SmZA3Zp~JBXxZ zKyNokGj~h-M6>3(NOV=G?L2YhY)aJQG76-Kc(s=Ovy7Q=hO?7OZ_THG%e(O9e)b`- z$kZ*5T$Laq4@LUY4zwtJo!z9!iVd{nopCJmXsCBuW?!q#7#-nlu*^3 zzs#8|DDIzs1ogSP%5eueNOJFKOi_fOALFWEfDH3gjWPGaiHFj~o?RMmIaU49g3Zej z^D36(bUg0w-^_3)2ir0_hYK(yM9z8C!f1@El&OP2ID9ll&pfG=j zr&CjzM%~|k~2t4ciYCk{J7A8CfsTJ zKVuoM`Wr`hKhv;)YcMFZ_+8IPhGKXX@umhkL+GP2u-b-pBs$82E2SUtX&PH#bI2f~ zf+Qi~7`Pf~v6nBMn=Zy8?6RxyVQZoQ^LSOlT2-Bg%vpokm!MmKD%(vHR#Tr#CNp=N zpjNup127*wb}Fr>9f(b9ZoG3K^f~gXV8fW7 zm1H)UrR6Y;Th*8sjw1ajqUuvpmX>>?ut6f*UA~ESuW^qJ5l?IXc%LC=mTE$gl!JVp zO-!V9&w_dzL5rz^wejy$sNhNN6mt-{F5{LeT+rpEnDq(ZH~lx{EAZ^8?1RF(?GAX% zckvw^vYJwg7;q!f#o>fdDvg$w1V=&|_Uh<6psJVbn3A8eMT%tK@Ne9j{&v#aDXuMt zCF9xC%gK^%3G01I*5`p0sfmr5wNJOU^?o)Q*5;aZy`t92t#r)?3siQj;NXYrN}AEj za2+}(KVmtD%M>Z;6TLXE`5QtoRF-$>7NN>%Gd7AF)M&43!M?#1Am}H<$5iJ3vx~Er zlPGL7E;YQ%gaTLxb9Tyc9lGGllkMZke~%AoP5b?N>BiZ7y4%6|HjDg>=j!e*3C*r` zIx?3{Wn6VF^R+5@X0(!1PZnr9mw%xQW$*722e@u}IvaNR4D9>mGPDpS>+S4@M*Pwq z*}IxQfZ}=MZr{LqshqGdNxCKLRmd6pvl!_g7!^bhG3EQh_f-U*Cz(eIR@^hGgtdT_ zb{h6pzq8d|mppi0i{M{*q5o!>QWjsurEv9;EeM(`;vw5$YhGH$1Cg?wJsC`rqdtD1 zXQcG36h2;H=tX{fR!i6J*Zs)`#xoM4oRY`2*6W6tWL1t5>BdR*J@R)#1M z6@SR?Oa;5#N7ujAHaDJHZeSi~I3;;z(4ylTTxTs$#~~qv623?k3$*l0jq3Y4zAeGr znocmmMD1gnSo=V7`LJ1aZF~DBt{&l=si`*guPHLh{J#&_yR>{pfRPBJBt4HZYle~} zD`Z-`?}{_9Eqpc1hEf8SrZD$T_>%EIubhTpamXx~8_GX*<=t1)O#M8sglSi%|L7Sp z9**H~VXHXc?Xg&ymL>1FPs==A3Dfl6wBJ= zio*V37u(&z0e<(FAL_%bhNh+_&TF^V8^U z8Q3|2IELf0O`*#-@5+_Ca3D>i$S|=idvz#FrtPt^@!wmqqyQ7wYok!r8Mj|IV6}nr zE!Ax_TA24v>b!gS7q6H&sIpmymH#m*B&Cb%wLPGG{7nnVtgNh5fka`t8Ug7Laz|n@ z#U)AVzwh_$pANTQ|MCxl`bhp8)jJOY^LV?5W_?+F37TM_zSNY%DKxtOG>j>6@naegBABG8=Xv}yc`B_NNW_&}{gj+QCNnP<4T6(dE??UC4${H%+chS!%h^XW0on8~IA?N_`K@ z^lufoP%E(gu`NYN#>?_qmyvNS%{~=OL<>m^aYIb!ehvUm1)b-tXJ9mGOQVVikw{LM zBv0aeDpjp;=B}Wj{c|sGwlom9eSli-B zZJ^Eq`J~_V;1_oH*!3B2*BITM4av)lB-D=do>>22*iUunAB@U%p?uL36%zn|ePEt( zWNAq0GOfXG<$8{Lq2u0F1F(a(hm#H+ySo(vB8zq~Ss{nxQl4U+hRxnt*G1!zh2AN_ z9p9D#t@pEO&N*vo1Vzj#FemkQg6_j>$4dtrF>?pIjUAcWh28_`2_w|5QdpdHZ9$E} z61t!$OQG+H0F&zB4sdEUaB_PG7`=qFw`bhXpRaWHV_5-T&_Hk<$FNf}?Q|P1v8b=M zXE)CYPMv&?v3{q7TT5!zQ6RU4?aybLi%y5(PZl?PN;uZ)`$S!YyAo=x^2B4rNw_8H z8`AMs9PmncBgz%m_S`AxlAIZ$2tKIzudz#`y)C2kGoHX;}(am;D0vV254Eko4ddYNI6VX)dOQ z&mh0zR&NUW+o07%2sg)P0WX*M)B*?I^%Xh~`=+KQ_EKEM0L_ljc*2lH z%p0!q+VhLAELSn>T!?dU1Ry^<{6pgHeUZmE7|B4ZY(pR&Y9U4mVT`!cJ-NCE9jsz} zZuVjGshCe*?%jG6C*RGN09)yGJJh7kzSoI<29pykZHz75!vu@!tp(RK?cZSI|=DjrTrYG_3TgNYz60QWeD0Bl$OYO zhT@i}ui8ptXRQ_e5E(+l;YRiVrpC7hI41^Z4<F}XP9ZA>LQ z(VOqq{A7hRStmQi_xOp`x2R|;!ZK}XC2p0MAtosU;e!q|&>B*HgtQ}=G2(L{cr(KR z*(DC}^=_h2+`I<8JQ~kiwGS|CONb5AIm%IR?T>>B7773d-thRKjRdpc&hL13RNcll;jBGA` zju~GW*=~4#^pHb2DlKU&IF%JxrVmoY&b|$Kpt`YAGo2(lx0$mT8mk#k=TcJ5n*<(4 z0tF=l>z?0y20bVT?ho_^A%LT*19$b5OUKmLCWg?Bje8#NI)3rRKuB(B*z7266aP^J z_mR{%8RDD*Mpadxs{agPl&RfCNq}M9aS&HVaZ_>at6u2nrmT=SueM>vEl6L_4b9>t z{bIrbG9Rh7y~(=uOryrZ5=3nTVMI3H%lieZ^4#gG@>&@^BLH?<0Ba!=rJDL6sH#JA zz(eaWp*B=z4UeD6p3{xN9XG#)pvm9cpLRUOgv;BLA=@MoHID?Hd(VA0h-d=hjovR zIiGk)hq{AfUo6_?yZJHQ<|U|HUeXfYloYxvQ5I99^L;$q2i;qeLrK$GM;V;5;WRmU zx5^TG)XaZQQEUsBB;yuF)qP#wq!N^UCGS%v{4whdSd@KZmm$MSt*<1x-pe$x8()v= zX&{}~6sPm#5`vkP&+j*PIu7l1j;QsjtjISidn;{>OKXCY(@XV|qy=a2D?kz?Q!c)? zT_qfqqBM9y#u*z*F;4Q9Sb8Az8$6Zt6*o>yrwJu+(&Z37N2gr3eO1_vyvOtdm zx@MVNZBuibqRi2tA6TU;)an1QvClR6KWOZyxJ;sz)vbMwnRmI$FkP``{pZI!jO+T2 z>xoZ&NKTViZ3$KvRBIm3k$x5q-(dwzt%x{m^cGE$~l58r+i1Q_LCnF0*AW86GRx-2Xav z(G?}LT7Hnqp?*Y=I_=u6Wz`9M*dnO&vye37%e2B^%W&NXrVl9@6p6<|-*re*Z-w}M zML%j9n>H>na<$q0MxWqT(YkA?(xm*Ts|XJtL{SSa!F4s{e701e{BA8uC32PK=T4<% zSFgTAX#5l%O99IthrB5xd7MND&#;X+L;&J&eG#(l z{h&dQ2r^oc>#X|JVb-UQ5;ex4M*==EkNz zci{|`76g6Wf1xpH{;jk?%4D%eXC=>dD&b6NpL-230Wf|%;gkVZX9TUK;!1m0WGTAzrUp}KEKfzb-*C^efU;5y2}lY= zlRTOIt>aNWiG!Bd&Ahqyw+#!I_Mv0i=LM#`UQbIC?di1DEr`fK!xk3!9dl1|SP&}( zA&JbTbspMK7R*LvP;E(@*tMkai=fM+H+*{&iwX~QG$V*SJc(`E*c zP~GI>aJcZm32AsH^C4-SZ$Hu_{?yM3$RjzrV_7cb!FM{{F|<9Lmvtgbykg7meeJ`6 z*_&(jhmX<4%k35u*&O_31;ZOY@?@{UNnc}6zlyYjl~&wdvO~2-__8r`i<-amd4;^> z29;JR_HMOn)IJJ9bq5j8WT(Dx*{kWiRbgKyPnt#V$5m`hGmlepgkpy07M(!iaXsuf z1leH2UMRUe!Y*&Qffz30=3Bk@u*|bzWse-frU%+R4f3+GGAzisAu6eNsB=b@R}HEn zV;Ay~)YTe!VI^;~;qS1yI#X6&?um|GRlVV0Bw?Ozk|Y0Ave)?0dP!oh>76BZZ(@bY zkAaZH;SqK7hU_Ry!)mo}0cZrZC4cFh-xOg8711tRZ7S@2LO%3o<=P4n8O_MR zB66L$F@oxa0DPP*5;VQc1K(lll>gCjp$Nv){t{3=0N<4;k?iyjYZPiTp9|QiqwuM=%XmEa~h*L9pdS*1-_Uk(}+WA%Dqw}%;jO7V$I7`T(S&A$|t>qRC0ZP!l` zd+iLwZ#lWkd8?Q@KiX)^y3O%zAbV!Lp}Vf}fU+;F~J54_^Dubog(U7_DC=JeE7K+7nrpn%wO0G zxZQ`eU-61}>wgD$TnYJqpvB)%jNL!8DX;ublVkoLXz@Qz_WY-y#f1n0WWgvO#K!ZV zRhf}QaO@ahOhVAM0NhWMa_=x?51ZqwgrgGbmT5vJ5#PR(>BEDMjnI(&(m7!)3RfQf zWP59Di`<4_{+q3B8%2tWgAM%JET+MyOO6lGWR=^Q;#*51DjPot2XG=F@&d$me4shV zMLAyL@W%*;S3=!y{)+&ZQUF+rJi05it+0ROeR?GiY>=NBOlu$Z)WEq#T*t&LA*+BN zhNKL$Yq5@<8f?JpJ7=`~iG0$t_T57B2~45MiF+vxh1&!l$-Aer)m>OB__Lr z?b1s214ogX*!{&1flHBiS@*x5`H&3+hIyX0LKfw!DqNeAE*udzmX)HKV%Q!jiQ~ac zo*84+>zSL#nT6J8M+@|aG-?>+dszKMP9;yKZ6TwtPhYF1(v(JSA&%vMU{LU_TK8bZ z=~oGpN(+3UsiuWvWV{B)&rmU!ct)^1pj9Z-TZ_dFL(JU8tjd7LZUR&a=Skh^cf%vS z?gI(az|8yUgb|rgvV+wR28>L>l)$2Z763Q-#N+8C!_JT*t}3w^o9}Wkl0=->;+DR| z5Bi3zowhxqE(b%bA)gxLw@u|^cO$C|PP@#`oCAo4aTEtGbLZcx00cx_=*o2(T|s9X zdD225K@O+QdE%Z|V{^3`PDn}x5KkatiLBAp(Z5z@UXi268lsU)*4x-2%d-6aAO&_Z z#FjwaBkcb9v13m&q8y8Q#T;BpAJCYvf(=F2v51PNmAxJ}kJuRAZ5x)0Yi z9i`V!!~@PKhp(-h!pZy)AYWh)_fK&oO?T0Wh3!omq|3-GO}-}xGM$~6errrwt_lAA zj&WRas2ACnjRA%o%yGTbs}ae4dHYvejqzK`tl#)0q=ZlTAE%6qbvuM0@un z05<3$I>AVXC~1fodkM)H+4lmC<*K-XU2#=~BczI9)8MnAVLBP%ut1;~*>Wsr(WYF!UlBL+(%6XvyF<&XQv{0J~{7j+ungE~vf=SI{y z1YlkQj47+AzH|%ejMLN@W|p^>DN?adIpfrE~JpOH|=Jd%4Q60DMHYEXGhtS^zgdMLyzi z?{N+b{^x4hn#Gv<5&EHNCOJSTx!(|zT>Vv$#mR8bFZL7~?b_8iEEsQ>ukYgI^{Gfh zp3}f!$980QWD|%OwNx?{2$4LKSAM5>Agy56dvwJu!IzJ1YuF_59nn^`EbpkIctI4Oqk8}Cz^fxa?oqPA#w}wK%iWqa6 z*dDs^D*dbp>sT-(F4&NeqNXKrRG8cgacqGYGIV7| zzxn>w3x0psVM-FH-WRi!C{$dl8BZnG8|@^B=HK#kw*EX^DS8oCU}v_6`vhe8aXIm8 z>(O0J%VD9C7xlw^&00o3RGJmp1=$os)@@n`hoM~dCX%EHeOVMdMTqrrzOEudkOK8M z2Vbhn(k00aHU+k_p5Vj=>)09tI(u_%uwhWO??$<(Gm}B@`&81z1OhQ%ZAOn(VTGKg z<(Z3-L8at=T-_U??k~bT8}}tbQDQZLAm4Wc7;(8n#X4`$U8No%dRLySS)_!!d%RvR z-Kx7V(FfGAcU%0dkmYiHret0H&*I^HU)vL~HSdMp>sjYwr(ka+!r#Am)s{7A`RMkm zg@?}XBUGJEIyf!`k+97gt&GV=>N?9$1lksv@un`MqpJ$GnMJE~!>aJ&NKIbq9+BKJGpX4&RN*rtQqNW0rgt zx#O?Cx`a3k=<;JSPQ41U(?Td5qvs94EqH5~9DqEjc4!qBk9IE>=XPUy`DZjN4rlsQOm zyrfW~DuAw5a%hRx?v8P#e91dw@A*yp%g+;KiFshSqFzBLaR4Td;`UHKIP2TUOiEKB zYZ=5|ki8P0Llws3qLtEm%;n`kY1{HnJWQa5ECXi5dRF^sG%hQrbOgN zujaHyhrJ`{3EH+Kq(=)f3Omgd4gRqx)1sH_F#+BYdL<#uFCjd1{82(#dUJ?Pc3d{= z%Yb<4Bqf--PG!HeChK!?2d>YSfk*+jvsnNOfy|`!YDD2Zyk05sp)O59$9rE3Mlrbi zE$@@1$W=wkN(c0IhTt6YfitC)dEu!OGA(NSTRV~xu_-P#9@p7*9G+WOBDBlo!~ zwe$HjBEK3Jl~iPf4^wtfxh_9 zJC1A!OxMgVbF+i4=X~8^#Kf8H_D7VdoinZ2u_Z^%3GzW)?99n5wzuaGx`+_3L?et^ zs0w3WCN_?cqR(Ml>+Ful|D0F) zl_`mEG)Xurnv37WOzzvUEJ?b1Gh%qO0fM*HDX)ZUYq3g_$q^LMMr8bQYlX+q9Kj5MXdn{!dY>+u^nsQLFs3=tMIFm%-}I2jt${hn(OC!1nl31+ZM;Vc%82 zQ40T;12&=^0OQs_44fr_(zFI|zBkCPgP&gw;{pvjkG&XBjs?8LQ9+AT`g*5Tv1x8)gKyeJ zG7z7lVD7Q|+zXXR=rW;RpvYptg7RF;PFJi~rPbgUs5Wg`w!;n7JyZ#zOy&3X`8bn7XH+UgeBgOWlc(GR6^_&&GKS7K#T~PAyM<6voDe76pvkD+S!? zic*x7*M1b&hPQLDlJH0m6&PW=FK=g4*bT6&(bs~aC&Tc4D>ii_`08=iqU50K=zKmuyA$bbO%QP8IV2; zJe@1zL4R=jY@2^NBRIQN#ueHARX_m%)U^ElxC#I+xfmdl*Yj7PK`}4Bwy_ZaDD(l` z;m?T}Dfs&r{*iwfZ+jU+fUk!_T(<)_l?x!E1O|is$MJ^mFT5pHRaG#Uc@dimV1*bf z(gta0)N=kB((&c!$mN~xU#5IK@VtRZ1k5M-J(KmyzeSz!{&OX-xC1e~|6uq@et!O6 zoGM30FggpE5HNCNVPPR3Si--J4FTqrw6(SA{$`*Z0x3IG6y9oEV`1$e_piqDjlq%y40Gt9IBFl60Mb`iFi+s5H z-3A^a@npx+{5{ph&?YNQiTU1>H_eVTb;-g8MSeMA z9tQ3$vYQc*XxLRvYN%i6CJE8k!m($E#A@?*#ofc^H%w23%%cvku5XqjK*K~7XR|L{ zDVmTZ^e!h$GLuA}XXC<|3sNDg3Ik^y9I<5N{E(O2NA^|i{1*qIVD0}##6eJBZb@AG z_Q&_EsZ0xYo9_cDDKL-}oo}XDm02Dmr7C-sMzPzi41*|Y_FzoHu?Gfo}}(F?KG>6PnIsrZTrGN@Iv2s ziv@Ig|1Q}T$$*a2J>5?Oa_c>%Yn?aJqO2K{7DFbs@%J&lk(rzp2A7(%MSc_XvW(!7 zT`QoIa~>eCOWk}_$JF#{IxLjiPQA9W{pa;5!>Cxbx`CqfTe8b{SZ~?tzFI#(pHf4z zwopVu(?QoLOqajeMUNRh^ ziLg>>?#ovj!&C6iV&&?CY5nR2>u|EC1IFw0)uWF+KO|X>4)sYCipwtFXEpDt=09K3 z;{uWs>WK|4E8{QxER&A)!q5AJSriS9o}m&hl$?^ai?N2XrP@xi3JN_B425!f=9R0- zTz61#tbr$uCSY;x{tL?u@BfwQq9u>CqRDNWg?n?{eGC{Fd*od|>&fcC$Mrx=sDtQ? z5w2dL5!HfI&)#%QqsCCdQF~ILo3qd+Z>=n+=)DTfo-wz%Q7$7d@fGL$!BUL#O?1iG z2g!b8)#EGr<$-z#9>x|~g-_@fXAVYqiEU^l#N}!}Tcag7|7^&^GnY-Hjc{at(=bwS zTsY57rLNkU_>rdse7^lttxs~}GP)D;Is!51T|TpJ>!@EbmRzTZ7NUaLv#daJQ%26X z5|W-DGHcv&zR^)^K;&UsH=LmAS1NB~?@vHo%eL_BO&v6Yruxlm_jTqvBUR=n5h%<_ z5UIFZI+C118p$20AnMTWgpgdinBK|j$&6R?gE|Q~fQ3+b(kz-5WNf&+KD<0gU5Eb@ z97Q>dtD#?grh$9sjU%*+AohP+`}Z8DC==8=;{yJKqI=r|WNf;d>K!%5`7Ed)?8FNy zC7dCZV3n<(2Hv`)XBO&Sr6PL?rNBHqRE8<@0?ia+S8MqQ0(2J_7S^rGd%0tZwA7=l z)+J4(gr)f;BLhvW6>Dl`RICjaV))A*VKEr2*6OVH>9ff+9CiEH5>kb#WXJYR3*@k* zYSKRE+h?x8Bu0PHXzppK+4aw^N?4GUMbl5jD=hccbBT=Jx!&4hjyE;^+2(rJV?kO- znwdjX46mwvHA|_zb%ISFgELe$6FDtb{+8{aw>~CN#-hMZXIgSaS+;4cL1c@kibqPG z&H(1*^$1j+XxiSsXwsM4AV%F3_wybvct+0_g{-_NY!{L zl&0laYh_%?@BMSA)<>XBwx>kX^12=fU%i1ftsobbMM}oF5K?xmFJt|JS!+iLiaRt- z*Yh;8ZsWU;`B&K-5jol9RC`~TAw()aY;&9(3xF}GHBG+N%PoCz3y|l*a(AF6$ic&) zrE90@UcM*sgr7u4%qej`Vp5CGb~q97V}q{R*j|w9Yr^1RCZ7VZepme7{-e1wMyi8* z|HwWvpy{y+Z8|C7OM?neAAc9_8atEFD+9X8cb46mE5r|xg9ENz1F`#^itgW4-{rHe zlh5L*9>KAK1fP#u%NT7?e;%RmZX}fm|Fpra@$q!JHS$87aIJz89!i#K`JhatpFZLn zQY*yWr-}=c4i3$lV7Cd6;81Y+@y>R#*WCHm*4qT1Yb4F)5lm81JdH%z`dv1Vn7jD~ zJ`6@jsG^8Y{~pLk(P#6xZf(M7E8R>N{O)2jcVX*3o0Ze6^-jHGoZLo zaZu_3X+ng?A<9>Wtd-(I9wz!#_m6+@PZH%R1MzbB2hE~mSG3=I*(w- z=_rgt zgR#E+-wPr8$sHxD2YN4Y^vN`Q8+H zci!d?#FmPf%jSfI1)RuDy~W69NnWXVL-C{eklg8oM`}TYHswPNZml76smzri?43zl zkW3JDcprUjXd*oNg}p8Kd9lJ`4shj*#E$D-N6bk?YgczSu3=ua)}Onp>05nE>amF^ zrzo=}+P;N5|JBW?4OE`Y|Hs~YMm5#8>!Nl=1ztfwK|p%%0#ZT|=_T}DjFd-yID)*fe%v-cWj|2Xqk#vF6b%=z^DdanDr zCOFAlUl>N>=4ydTv&A}lFtNM<@(Ah-FG>>sGy>rgte-q@1CVP3$Q zL7hD_jt5m7r&MrFIX9Qf?Uv~oI3`6hOl;NHf4`HQzmY`AHq^C}O|I6GfR} z3E{IY!xxSqb7Mnk+Ls;Vye!iZl^>{1&6J>=FKMT&_igcm2u-|( z$Blm=l}lqq3R@hn_LS=?fzQa9>`jf!S=Zk6Sp;YiCv|~h8M5%UaXM{|a9X{su6Uxy zJ-X^ToB5hrf4CS7_<_61Oh|^F2i}8ywQAsGK)wgDEu! zb#z=;7#Zzfe>@cM*I;W{&&ydy@Hd+2m8pD6EGR)rr^Vn`IC$Qh7#$tqd5|K{`hdoT zw|!+CM8X^u=L^e8ca6KT);owbaC$?Hl~QUm!A~0oEh}yun}=G z7MaGVXE(HT(1CMTd25S%@TCDL&-c5~B6f1?4vEgY!o9S^$1k_;M&A}BQ2qFjo@sBa zq1tARnvRb7QC?v^-5r43i1?}CC!HoFp&EknafllArLk$5^xq7aTexkj{>P`wEE$h) zvldbHh&+!}AIhB+cv~#vBXQipFMXj`6YTr82UEVZ`u>8hFqH8ytP~n7d?5Atg7BNg zxxWkW60)kJ`Bz3wg-pP3NQXt?oodNAhjI8zBfJmagG^t^Xx-9rXu4?JJmVR>P)4D| z(?Qt3)IhlR`63|w+nni<`yaPka`XQ^Dx0H~?Zzv%|Bn{9b(8;|M3slT)9AlLR?}CK z;=fl`^N$qdm2a{*ZP0%gR%yY(YX5h$-jdSN6kM`Xc7&L|v2jbo_P;2(;FL-A3=PjF z{&D;L>aFMg3#!D`eV~=OxwH;1PW;4Wb2R65C=1_z7!c#+JwrY#^FZ@?y9*)zBvw7D z(@Z;nyDjqLv`+s`2^A-olU=Njqh(RvkGNDaWp0@KSBI<7*;)O7 zXL^tg_Y#-KBktc6vzvcZN)7&JvZDUoL^s7I!26OjxSO7o&WfBCx)_J%dg$W(z;2SD z2c0d9v5~(VZzICPZ3Z%Uiiv-s_v>jx&IBeNLHyG#LYE_DxLlEiwohh`#Hr%c&eOkP zHry6%+G=h4`M?XS_!LvN^(STrG3R`C#Gy#aInLX^gx~^xXI{xkb~t{w9GjX5F@YDa z0f)WpTwT}CyGfM~zWmPAN|7hyl{H?EF1ucszIkfGNz*%BdSX-kLKQJBtNmDU<5Dzp zAG_g%J}u70S*#zHy9pnyHCoIc*}g2LJ}E}8zcitPir4hNyTltMG9dv*g+ID7!OA9+ z0mN=f%J2&N1w+!$=2lkdbEjNTB9008$23=FSLpcCGItW6!YBa#(7Wmr_a{YneO>-C zs9mP>?QB0n-8e%(B8Aqrb?8#zM;|YDHGUqeffg7x*_$!pa z=HOoE)s^hZRFR&>cNO!3PE`=wwdpaD#{oDd`i}A@ly@1-%&pS;MC zN3S<7ew72KYsut_3;|Xdn7u4mCaA>O*dB9IY^L(YjNMxw#@X1;oB8eevki^RO7#g% zzKxeZnY*X0b6r7FNhDJ@cITuj+86l3>g?=sOlVyE4A_c{p>gqBhZ2>xuZLq4OP1E8 zu#t$&eV}3Kuug zKz?{K38S?eYq9GuT-(6--%`6uV3q%3`~z;W|6j5Fxl+^uH8R{e{?T%B;@z;)iaB>0 zjY}iLWhA426s6`JKb+z_0)ROM%$!NkowDvHpLX5i!bVg=4t1mh=Xvp1B|e`=El(NR z%y^{+2OH+hKqhcVjdI@W*fB4aM_>K>R>8JPr~wjZo)Y&=8PxOc=X!$WwU>Um__jZT z&9|U^lp! z{?bvWpyN5DWNtHE>cUHZKgN!Bd41fs%hZ@81|IhDjV{>K(`15uMyt)a7JugRed`xO zk2i)8eTs6yW+O`71yc1MWX&!TZu0ext{X+Wu8KQ@1ws$3tZM9BH1@(@mOLEW{rqZM z@pie!FyodhqMuv#vMbg-_-&TZdeFJ$+T9|%pq_(R%_EfKpFbnl9NY3j!L9is%(+^5 zid(ph3>O@Jyl?>htKvyM)$J0tRgK1r(<0F)^LR(|-d2uU0=@^++X(fkK&J!R8kYd< zc=MQsuS3OYZP3?lwC#7nIbj)f5Fy*mxZ@z`7=q-Q*V23-9t})xMB6jWOU$QK=kQzm zUpFle^IUs`c?^ll=8C^|uxK^72xuE??cS0;GEs1Ds7Ju~>YvBSeHoB3JM4;R9{-kR zK?(f_U7@4mR+6fYU2ex#16X}iD?RNXk{R%C;u+cvw_>uR@lb5?Bltx3wjdhUVy9f5 zaXgQC(<75qwsf~mteu9VhaRfU>9BtP43)O($Gklx6*fv!^ahcWPJXMLFM7(gHcgG6 z{}BnEwcv5u&@VpN_pZtR%KbS1Zp*)*Uj{nUWEo=IeBN8wJYR2vA}d#+-q?p8}3g7=#ikw!Xl{)+eRJ{Wx6|1r?(^ZnO3q(;KYzTc*KwmR*_ zX%vfKq3U2$+vmivn3sk6hxSMz6s%J<<9=mVuRt_$B~I?*Ur`j95kR5znT$0kX^ag| z9O~wxC*b)bid{Au$mTPujM%TBkr#=6&29sbbm}@LZkGxUu!$w05Yh1+;SMH!FJIr; z+%}||$8~>{Q;1(-SmVKfKWk!@2TxJlYd8sDr;hvwQPSJP=X>sIDCgp;}-)HFnENqKI?v0FdQi;$-g48$=k7l!GGgYR3uEr!MHb!Zb={&HOKgO?_7N` zJ?$v*3$mXVai3 zCSz6?T*~(m$|$%ZLOV}-By*khJ&|zNUs6zTF z*cfp6XK%!Xis<)Se+AP8h>2DUJq&u7bE1#8iptZ}7}|JI5axmw&aRuA@$Y0Vu5f@9 z@z%RcbckG)L5t;`yqxNf?m!}PM$4$0YfC&Q_5;3ZH5a@Xb<{Qm0V}{FjZ5!2wNmS! zsGBzA1qYfnsTCla%OYZZ=MGj{@EFKPab*0ut5ye%2ST#U4Z4DRqY?EJw`;{L#kE>l4-QXJYImp#dA+_?y$*NI$dTb_ z%npQu@vOkkpGpKcS%>+Atp!>9yoGr{mxWs9IFVK+?nU*}A8@K*K9QUu&`QSDz-MwV zx-6(ohW*6Bc>THzqOzq@@D*8)IPZMM1OA?cBJao1Qffu4j;AqCWS+8rpCQ?eC5>NSHvFq2dryuad{Cpev z51HkQ`pb6Xz@*sQ{{EDgH{p(WS|T*>z-Q5?^uMS-xHDxB%>$BfTp7O2pHf_jcllTd z@8F62y7tNyc4}U~DQDr{X$1G?dKr``RmIhx5%) zH&<8mrQnQEd?70yrr4ks_m7U21$R$L55FDquMVY&w7FP*{F`U;Wz^~9=PK?o;(H9L zs`(24l)#lMa{uVrUdey|=ab*E{=Yt*rO@uPHCc>fC>iP(zHhk+c;>BK@3cOIv&~jk z`}_TMJvmKUys)Pz5x1R0-7(Zr>xH+KmDOn`nbHex5({;zNZc3UY*`o?8C5v7Bp2UP zCAZ|>m@@y)`u79awQ!Fgk)mIy(KAE^7L8A;jWf^hJ9M^Pjq4cXMGv(hV-Ey{p^)3a~I~CTKTsZU*Mf0aL)U?@*3WR$GLL#fr&!{Z<-|X7^qw z>wQiq^>Q)_r%ESJusnO0PO>RAL&ZL8$y`t}G^wSVPe--Ut81gUHTs+X#P)K+-$>nI zdBWSmq=cAK{LPzVm4go+zQDqXG%7=d@$vLU@9@}Iwxn(&7Q z_w|2sXmHYb*w3)$4i)zWG{>3!Bj!pg(HR7E#=^hFD8))!?r@#Hya7uA=oi_$~k*KJl+!V2qN z%3F4EtXHKb-vL7k-xYyKnP+B%hx5|sa4lAxQuMuVoCvSA%=k!4CBt1eMhh7hfXL0P zg`@`w6uBHogDhF}+f)T&y5iPfV+^iqau~LAijbQiPx9AS^UN(#U9#yu^XRYgBKTW$OFG5Ra zG^?!!fho)5Za=dHO^h*#$Twaqc-Fu+2YEtMT#G?$>zsQ`6l#U-5J_lYO!VMor{GdT zEQ$+ig4suO?bc{tIGTZoT}jMN#$W>gmCjthN=M0blChlhK?AhJ=gfeQ$TR#HTs?}nJ`xbS!%05Xn87OprB{pBR?BWiIrFdPhj)$U(O(v@B zE$+}@U7JgqW&~DR=LbzR&KsNa7&$<*1p_IFz_U@czcrZIO|*zzL-6KM;ay!adXj4t z!i^nTWb z1USUzj=3|NqA}Nai!kh7JkUvp`64`umP({{B!4s+gT1 ztrqvE>g{sXYFU+|x&S6=!AFZ7#yh$|zI4mp?NA8VGsU^|)j;^+8P^S?t*f=rf?UV0 z6cG{<_95=8m!pJ4+V4fL_|9{?UEL`cg@6(bsB!GGdHO1gQl~BG>lD3sBi@rQ<6rt& z-(E;|2Y(M{nJqi*9=z@ga6uzG&C1l6R`G#n7$_pi0Di7B-llft%wg_md`t%oWAf*BoTXcYhAr77C0*H6n^0Gh}czmFe|PM zW-z_I&g+0aXka&NPp39Gkz#g(`NY==^84lS_m1-t49u-B@7gi@LI^fp?8JFtoHmt? zc|@834XMD~8 z_ue&ULI-;p?@m5gJ2$MOCq(<-7@;}el#==+{u<#wy}t>Z&hDJ>-VtFhAH1=+h*7TH zPRmB5Z4hv@04%k02+Tqb7Pk3T{Ax-?} zI>OTj(XX|IwBA*=sa1^1oxehqlr#+l-t(+_l>mUi;1Im0Rzo@mc3A zvZe%6IwAP+#nG-LG!uPdGYqVn3DKcgL+6_n~i z8xxZwtIg%66*VgDlG$-|wu~H!h}C)A=~p zdviqq8Tu{C4w~6O?-Y~Yy%PuVRUbKA?G@F=FZ-mvX)q4(RknaV93;<$aGD!b2>TL$ zoYmk~y!Um?00{Or{b)uot?l@{V43zHm9REui0_~iK$*lOyWR8Lc9moH@4h3A8(pj^ z(fp-5m98&?t$);qH=!IN0Cbi$EDxmT))G|wc!8prvr`xAiHOMLwB9~xJ9Rss%_`7@ zsr6K`@A*vLIIuLiLw;IOz0wX?uO9^WEYS|L^ePw@g-!V>Pb({|B6~`iQex^D_@05m zcwf_08Axdq`fcjUWKje>A>%P`dhHCcjrnQqLu+c3dru5&R5mjn9uCRX@wg?n&^1^0 zY6DBp0?2~%cxG16Y_*ClY4^ATJ&bPS_3qRSuNF1J2e&R>xY}e||DJD2w3Mf9g`JfH zzxS?RMs}wUh&{z?2TxDbMP|j0jOXrIQyb(6z#M^qxhfMMT|T`eX1Tt+E>B}`G#>o3 z0(z>YOmUY6#3eu209f4trt|?v5Y$=4ua}6>XA+!r{tDEZ{Ke}0(%te4+5)x*EF&RJ z56r7`+}2QZl}qhZaT|_8qw=+kjdrNrtb$Y%lO`sZbKI!7(I{VZ-OfBHxAFV7=9fkQ z%wFzP*X}ukyMBza9^KL2Haoe01n2>9Tyscw7B8MecJ)8g9G{^@xaZ+*MwO0S--5e3Pi04s z&eZwO9SH}rNb||WB8oI3BF47`0MzNd`-fA%rY-1O8uN#~^;yA*5oSj#9^;A7Q^SU_ zn{-a1UqHXscW+031sDcH_)VwVd%*iGScF7VpEsP88w4~ru4(#<_5PE%pORW_YLh#! zAjVT(3g#9I3d)bxA&R>LTe21%Hvy~@OP+}iFSGiJgTv@$pY1Ntv-XI1_l8@f{>3p- zFaWxh8nu>MweluJw$yrvOCufZY8GSAnx{EX%XjoP@?jslwkYw0M*~rPS)6>JFvHmsAhc4ud|j z2c6jlM~r^kCpGqN>QL&t{^C!tqWAz0`WP1; z{6*yY_sUxLV@3M_&S){o`JZL|=hy92hjacjiokERsgJNfSNq*|7x;gX`*8QXl5c<> z?X31E3=&WM7eQJfJyNpuI^(eM>k^~J+(z(evLh}^`A@MxdZXL!(9n=^s}EeXTV0C* z)atS|iHlV@IsOS$=Ifo9>Nx*B*tzZFCvaCw{!hGhd<^E5U zi8Li1rmg?>#cuP(us9Mc?!M=)8i5P)fYg^ps{Tz$tKil5)+7Rdw@Gc*|6|V<<|LF+&pGYyqz#vzVZ^<7 z4^QACF$w4VdT+a>&VCofU5dY(AKS#J;`dUhLh@_gR;FbhG-!u2EZVPC95HCplY?j#S zTUdmb>0okq`l1*}!1@wGZCm+-k9)<&o$75___cd>GmOZXn3y$_dgqMLSEExc-(0_s z$Ic|#S`CLFL?S0j&*cFIhyHL|y9Y{5`+Ns!L&^M$$7pLQtGQrXalMJ-!2}GW%xpT| z`99+Ohozp`-$P)LrXn{8f;^qCa^GDD*jegah$bXLJ4Uok04dKQCW{&2;CK4e(tyN*uQvc?SE>_)S|ApMs!~i(t;K*I%a2lq0h>BJeyjL;B7wZ zT$qylPuR1U3)>SjxR1CAWxvpRor`X*XvoaW+;1F|-8CJkDZ^_VDoOBcx9dV~t?f_l z_LU@y-HriYR9s+zX28VA=rY;&H41})^3yIey-SPz$SIMiBN~v2+0Zj~y+4I^Bo6ZR zS{_I^+DV5eIXIoh5R<*HX-PhhC=F}A(Az8JIufPaiOxS7+UL7~U{L)gaC|iU1Obae zXPXFiQ=Qg&XDrrH+O$BIJ6B4?8}Tr{l$&SvXvJ#5=ZMK*Z)$P7aA5$sO>)y=>7wvS z+bRyQf>Xc~hhig8{Z7?v?)pH%^WrT}Rj`BLT|_9g$;Ek6l%kV*Tl1XBIrc1wZ1Tdi z%t&T`qWZ$!?nfuS%kefBSo|29xtEUxo?}*mx2&8cOIwWfs$p(3f)iPQ9$<_)j^4QA}@AEfII-ByHZai^UMZ(TaeCK_C#D~7HU^&=| zAJ2YamDD#CWBCbVINGpV6Q1gcnaG<++pQ2vDq&0q`W&wHTMv5wgi%2eGlSGODBxC1 zLDq{}7@gL-^;CVX93jJE!{Y7ol7ijOvB|J#XrUSOlS8lEs zO1P(21m$#(9IG#`*r$xM2CYnJwPRJL^YS7l)762#-$3W;9lk<04;?JnmxPey-*lR& z>~x>ykt+I7ZmwNoFg;2o8sqnSXic41?K6PLi{g?lRf=txy1b}PsaU=9O5e4>OgK(j@A(+rOOG@mA#I*!74^Qp1E&XdmS}jp>83`eEm& zBNCg15owLk^#ypTSgZN_@7(Wwb20buJa*yd>e~%`Oi*Q4FXXm-Z(6C3kIjk`CGl{R zAmih5v$3PKmNRv1#9iO1IE87lI*NK1{fH6q!FaI48l*&Dh&|UZ)4UcxIQJ%*s~F0v~^E( zOole`Mv8GeIY8z9?fPLcJ`<9SF%EBL&+#;U&mEKD;YDZnTF+`>)=wJEss3EgTeK<; zZZ#ht7ur|fh0PXZ4{A42aZN%EJJT ztyiKy51qEID?`!}7mf<`t}+=?(;I3T99c}%P8FN9s(>SaXRdNur6Ta@>FHO+tVE^b zuan46w}~Y)^U}Q+oU=3c!H}N2PduECB-cIjQqmC6K;7rcl2gVzr%&}cM4uyOAiZb^ z0M=zeAX4jXl(>ggnL?g7>?s8^)a+!#FV=@Hmt}6IQ*6hXm_j;{Nox`~O{5WK}Rc=1z zY-4kTYZsoB>P6$Uw7Udn^{;a}JaVKy?5|J_#fw_bKUx{;V2#AiZjK0{4Bzh(F5+ZV z&JokSzM27qw&E<3WkcZ?>-@c*c^6W(n8U^M+;n58a@_dLVYA5Cl!(bAV{8w`O6?~v z9;V%uu2co%@H27N=jbOiL#%-H@fqaeGvtwAb{+4Yj*u798}A2KD+=^HXM~IdbFutE zp$T>ENTt05w|a$Phc|^g`iQ-uhiAQY5C+y(K{waMW8mbO2TC0O7KKZ@4`dC|ikeNJ9b52#L z$0Xgw=MF(EAiH&AY-LHrIAC0ZnAnl6TCYX z-kH5n)4!6)9x^yYA(Js5F~8RwmR)!hoiB@tEdm8p-(V{6_+Fa#eoRbHS0@vbP-gH$ z5wPnx+MQIMST0zy6nOA@OC3lV`XU4ztJ2g{cxEcpTJGw8_J^mGuCGHtk(0+i zs4$VZn&7kK6KQW;@*O8xJc8N{hj?bQzucdl^9;UEyu`5akx!pTuscuti+pr>(rLB> z(`^zF9F}kj&bSNVnmh#U80MsdoyT}x5E66u7{P?QPl2xN-29WcQM!65tv$JbAN;6b z4NhZ0*gv-azCj^>S-*K2^Byo-r8Vpt7&19GV7Sp(?&m9d4tuv}9c*v%ey5c$enoE3 z3Bc!3t?RgzpDh&CPzb*}I;_l;%^IyWJABZW?8~%S(R)3{oAu?NRpkd*=Y|~iV2jo4 zV%7x1v@86sad&@!dQhJOPq=&#zeVxoTn2m^b2=m584)p67=8MMSu9?*f~J|)OZVip zGhOLWr|CsZYt!C4;|PYm)#|D7L1Y75#P=j4S63KxF&7Enn7KHcI`Vs+zJuF>^jPL7 z67}2&Pa-B4CFKDP_e_nQ%zcAQ=?*uy>Aha=M7xYQX&4AwhWu#g(t>H8TE>6iVHBU8 zJ9|<0)_IvwSS*~jX&0M2haOV1?tNSvXMdH@dW1m3Ztx&wa4GpL_l={O-h<47?EMTA zPa{eUg$p(0Id1c&YyPBhb7?`y<`$KfFra*0+J(!Z13}$d!?Dq}wx07q!+MBYeQ?hF zATW+xN75)~9Az8H_NE`9AOL4#vCe(gv?VgT-kh3RPT##FIt=?7jg#OVyeXXs7c9gL^LD)69H>;ntFXZs9E9B`)?=M>jg*B|-*b7)o`P{PW-i8)W|%R39~ z;(b=dM3rc;Y_ZF9vp1WO$8jA54;ouqn@hwUlbwW$>sS?U9~h)a-3$Y5kgatzMCvKi z8#Anp5q2Y0&yG4`*4~!!?O$Wo$U~Pzw2N0hm95*UypzDsV{IU+CBm9Q;zZX(F`weX znd;7KQ)2Tnzc%Q=p=3*Ta_p==qzf5Lc~NyTQIZK9tQ+)CLNC-ZCzp=XfP$M+|zP>iqUZx&EVFPq#W3N}-`gYchgV3P=U90U{o|Y3xep z&FcNh3?H?>q=LkG3Vp&3D!H(@AKKbN9^T0L#ff2;WTO^;fKvYI)N_b0KiPP0dYs%e z+|J8q-L=;)R(aZQ;THdJ`jdJw0S5#AXGb&fx0>N~*qk#t%cuK_d2R2eS|3rIoJF5{ ztMM5#-ME;|^BwVh@f7zmr`l&jP?=ko!k zDpQYZ7%2s;Tc3%YB&!H1f3!w;SpttW%6|IAED@&3RIlOF36nJxYBjidnkhS`@FZbbZ#+Ewl`}HZxq(^utDwt!m(YIO*4KLFdcgiv0WC zAgPJ&ORFq#aGCv`sqhw`jgT!9`7azasA*ElpQl7<+^X=nlnFTh&GNYTz>mq;!&=}N zoa7G}37fh-A1ef-FegTjG_RlAT|0!jwKh4M4ws^iNG%=)xhC5!w(NVf&g4){#7r_Q5y;FF&Mc$D(M?;ViKta2N8VA}7CK-HG=^tvI zI@3riFVR0hT3?rPG_aP5%vBCUH5FwqTy8&tFe3oOt@W~RmwS!k-t9Nqa1kwL4m$}z z=FYy^Mon;`ybmW!Ckr=J)Y?{I08biMEktt-*<|t!;d}&+JoK5f8vI==hQHJkS#QfE zdOfs(Z}I?933B_JL)05S`XCbk5V!S#=>8ad^F+vrEPO^|{g4T295yMDpiUQy<-%Onv zUEQgnldCHOdd4dp6-fZmvS)h#f%K3p=^+ z*lGU*!$AjldtoycF1n8k^z_aTj=Hk0g&g3bgZM`!6AUcpBsabmiC3=GN?COLp!vP= z|0)N^S(y&fCtpR+gA>HW1ss=~jKPeCgx);V^vEwn9n}r=1zMIkrkVw=Cv0_~jwyV< z?U&Cqe)uym<1kV5{x<&DPwR}=J3}ZZ9T8vAMCQsnghZ~df|vA-qE(tuY$x^FG~#}H zYqFEd+aW>!fFB?I)4Cl!BlTa`f7cHP`~T)_VT*s-?TFi$=Y&`KV@`l9zhFFFJ-KNQ z_PikZ!Yi-pc`kmj{I6VLQ^Y}c7qjQB48P&E4tgydZzAy`_BZMtmlN)fmEA2?>`W7N zpI`rVvtGUHcJhBb6(KhbIm33JpbU}5)=KZ)X`8*_-lN)TH|n&>xnFZQ?t|RjHRY$l5zTrq zTM<#>vja^N#o}%FJx`G+9h**d7mg&rDdc?d7Ei4kd^Va3FKpw z*z=6S_`D#W-y9aUIocv3x{REJY4FB!qu(&9F(L*01=}8{Q_CF6CT=Ty({@(0?1KrK z#7%L?<; zeP^xfsODMqVHz)xFUpCNPFUM&MnnuO@G^DF#zQxi4aoRHv1L?=xi(a)=#70&-gf)j zj}j?0_c_))wZ6g&xd@dfbQYKH(IH>v2o%FqHLf~>kG^lL8sv74YJ0Zl1=Zv`9volm zR*EalsRtg}sA8^F8&Nmt`F>T*I#&0VaLoNx&~H~m{o$%KaP@w=ct7dHT5j#xrd=Ca zQ@4`JYn9YHg&gnb^N#yq?eto-4v^xc=ATki`-emg=aTJP6ZHr zWUHA|OQqg=zudjuZo;!`ApSG2$D8oIy>LHsvIj}6_Ns9WPpIY>d>t9NT`bIA8SE8m z6@o_yHP=Ewh*v?gYQ&|n49syL?-vv(7`^fo0gs6oVlUi}Ult$&0=AN&~C>_SnS*MuPz1gh2# zoL#9!S>#``esR8AQw5<;RyA-bH^miKSFvl*5ofyix6Fhfe2=k@Da0M#M%!wG=*ZM1 z3YG4)5~{7O(HNR$1Ol`7a}mW^J?vaK*;EhnMRu*U5rCsB*I6s|Co;n@Lkprtn-B9# zZUb6fKyuU^QCaIvXZ+R+MLsu8XNBIt=@7*tl5rm1dx!gQj<$;y>&5#isT-kz7BZd! zLX;X~EZvMvV(w};4ON(&jjeARIbOGRm#OGpqfU0Byiw`Xlvl02HBCkp?@ek)wQIXL z-7?ksvg)xCjud!$uCoQZW68Z!>bUh&&N(eVq-gjVvCXcn8)M%SFm9m3M#*1aK500% zYeZTVZj0Fo|20&Z)K*Wyv`uDqRv4nN^PHE$NNXgAG0U=%W$MKz^P~M^ectFLu(L*4 z<(tsprH(kUirkkY**Ylcb@gVv0Qga)F56M{F@(6W1Vu-4&qK;e_K1@58wQ(l}UOFSxT4=sF1>T*wVO2 zCz%}L2afW%I|#t~dn-Tnh$de6^jbbj{{XaJq7UIMU7f$noAH-xtie0+D>}_mp^r%Ku>Vz+hjE$*V!?VJvg?+@P-OI8k$16CV ze;-KN|J1%vGURs13MZ1JkFL{)9(^x+Ha~|N($%yvm6e5AX`VhS%jSRMvPBcu20wjm zVd1W$I$Q#BVOtv*AZs!A=el17LEQCxCiY+f_84dDdw;P^IJbLllK2U9O^N&ad0HAS z;cgFTR~?^OV26*YnbOzyOP7vG<&*iLTG#nGWdyWX00uadD*#4j>kR6 zp+`+-11YIR$yP%7P~Blo;G>7oEtN>#wj1-J=(WI429xiJcV2=8o(W=R271rY8*8&k z!xrmirpSSF0`F^Jtum6FN@01}gw>=YzEk%?sKQFvp!l;bVeWn1RHF6tfO4uhb@Taq z?8KQCn;KZ+jHR3>k+)Dc?jFE`IN_lzh{$Cx5zSMM7?L~d{p{(P^n#mc6hxlUpU>h} z`O;uBqqv}K()Lmn{LC4`&GRm_TK4cIf3pYs{CdcA+FJlv;UV8C2NZn^tf&FNYpl-v zY8EOpUu-{{RnNtDcKn`zkZ?g5B_4YGzPFf5)ObPSi5i|acDB8y&qavliKP49JhI-+ z1zT+!G`OW-3i?s8@ZlrIhPF?1J z{+a=~bB#KhE~vJ?aDai}#`Oxfj&z`TshIGC+ydsdivq(Jfo10MPVqoxA9fC!7y&LgQh<%}EPGpN(%Y=ffgIX%p=^EU{S<{Yr5)J81 zM$=GZ(F4Y$C@fo!CruK!z|YCFPkmLbP@dz27Q3RzZgNLSDfMS;y-~f~-3nzS90QpI zb9LZhf~`^2bvdA+Pt19yH1RVxR8I*h_}am6`}_oMbyaCcJqeZy1G>@tWejhi7$W&x zg%oq8%Xi!9;-Lfwi5I^42sV_HRAh{qm}oqySD_T#na&h8h48+ECQ?rdFT}NG)VZ|X zC_9yL4M?F|D*)7F#iStA4z^jcm%pwf$^ta;eCQ1p% zr@YkM3|#Sn0|QE7yL=8VKPC8%%!8;^yvOZ|O&5>H2L?Lr?c45nOGtW8?%M+BByWQm z#ilb`t+-9ZUzz|CZ~b@>i*$VNea$o&vjgrX#1Buc7q%XD_Nuvyu>oRgB;i}NgQQqS zP*iEr!-Gj3`&{C6wuSFdok>U18s@=KKsDk|}@kq*m*l0ZR zA&ND>%UV zL(f%dlytX2sk)P}QbfCDS;>;UMm;CfOFH{{#r3-A1OrgUvdoW!_$H-?M_KrE8yn`@ z&bjadbKAYzVF(E((P7;?5-AO^^1x_Z;VtcBh z12I6Av_KMDt$lPzNoX{o!a@%Tgx-j98WbF$0I8bA0aLmstiPQzUKIFsp;Hbt5 zrHICCm{t^~t+VW*`+SYn&2thX09j^mJiEstrnQU>`I({Tw?s5scIFpKEBMl$$yb!@ zK(u7Hz5yL+u?%v*E2VUI1~%zv>Aht(pU<+Z!43Gh`SEdvlG^b+{W}XC3px-V=qfOK zZI@-%;Mj`)e{x0aka5n}rU{J;}C#Rg`uS38ph*sd1&aWVDBjABc_vnjLoy z(e`=tYB{BiJIMOmlK?MZBj|B;L4Hft^71tY1#;W5n|D*}1HN{AO|)Q?SsWFzcQ){? zBY?tCB?YlhDpAj%v;2A*tgocMfp`docqi&g7gSZ+cWRbJo<9lT3juwh@-;W*9Cr@N z3h>ik6e~XRZ!%ID(9`X5T2R&qhd(zN^dgZ& zKkG#d>*p-A_lK;O7nXfCQ)4g&4#d>R(Jstp(W7|R4BTE6s_2~=7OTHjc2<*mj8$IWYI7l3Na3_>2yYxWE1)Q6xXCy1@YyDHvW;z_ z%OR40K&5n7)!wmEPN!%;X&sUB0hnggaPmsFzw2`g5P7X2d^l{E|0u$s|Hlob(dqM@ zJjaN_c`}%<&9nK3L!j}3HSIAoGfc)d#+cYvcFt7js4T_69AyITEcyV)pY8|B|3K`! zOr-&izBB~wS_-mf3y@4CY=o9YMBIDGh)hzho1d-T^RYbXW7V&g#&YJeU$0VL%t<46 zvdCx-`y6q%)yz@b=x&I4+NQm)W_6z6gUaFBtr#&4*f%n@_m2YrA2z5U5%y~7Wm4s= zM`c0gABoWe@&xxD8V#I)dj)^@h@u;~a3~s2*Vl?F`VsFeXGRur&S!suHv0F$7xAL< z;X~LPK3f&+6EF?YlZOzocE#xUN`+A37aO)}QZ3hb0DHASgOR|qmMkHOQzTWNmrWNW;E@D}l$^VJvsTQ{mY2K_y`n6p{v&%Zs6Mov9s6_9ZUak4KS+_S(Fd{9S zsUe>R;_H3lDUoZjl_`%BUz$;sbmaD1^EK1B>?6I}B(~Cicd~!{WD-=C0Y`B4bqF?{ zH>~tpB*-TKz(bMeH;E`CNWE3CMUr)ny(!S~tObiWJj%x1oe^CrFW+I?!UOER&Uh0a@a_DK0q_K^u>6yBP(m8I@LyA%LK0m zejIYvRjyhbONs35h%s4-HJ1UQIyDp9ULrw3R<_V?&ajP?LwIRZlM%uCfDL|z{yM-k zE^$Df6Uwum%D@2lyMpfED(F;SdBCz~ zBhMAPk^5-I6Ew$F4>wP3TTOv0{vmNuk2W{{F5W) zJhK|#R1vXBPliOSgx)nC-AVwarWb}3WY^Yq5QsXZ91;#L6p}Rs`_xr$tSp?;9=N)C zzfU{Ja_qN=gboAOkOZ0X#a2xIqTc z#y*QduTB0WL7T{iETQ{ScBrvWp7`1IGsBEsL8lAiIj$*^pBV??RA2KJhHfZ1tQ)fB zy1;>$l>e)}?~H144c2w*R#e&+6*khgN>S+|ASECI(m}eE00I(vkPacBf*^u~BAo>3 zHB>_jAtERsO?pity#x|^sNn>4pY!Yfx%Zy6?pf>RXY%nS-@L=TGtWHpym8sL;|y8V zEm!qxUrjNj%ov zu3OVeVVC>{k`z<1Z&?g^QcNqUy^#~j1TZ`h&DmpiA33!-C<+fZb)Vu*#-vmW{#E4k z80Ai!S@W3 zll9j7)cm=W!Wc^eAzRbu+{JZhAvH~=QHL=Hj{Ro3oNT z+!pagO*RFx&y?C8^=K10%TSc^5%2eTuP@XD$?2Dj{b9Z(n6N|mdsdPbm(j)|-*4UN z0np2GY4_H}R>w^W`YlFG3*KV*2RKE&)1%UgdgdX7ikX6Gs15;A_Uf!t7sH4sH>@d8xnK1IhX{ z1&N;P-uk?E4aGgbTlo3Djo#rUt@rj?h8^6GI!P*o%>XnfJjKKOX!Eb1^}_pxl+8Qm zc?*=Nn|*`*3kTGnyww-aa(lu6VtzBTkNrR;dvguuS|^CovjY>0?c0IGtR)V+BVc;o z`#WB{uYj|7Wamw&1GoZPkE%ZSZU(pe2J$%YYPcIP=&YX@Q=Fi;KCI@CliQ?^RBC~! z@%d`88V=UfWz}=oLAe^x-4p#TOeLA-l0#`zg_fda>+?&^a0hvm4iMT_ru)sUuPVeh zD8v-9oAVBpv{ObEC&Es>DthCbbQ30X^bJvx;rxuHmI-*D-S^I-7x|4>lBe!VaMj@g z-;Z?Z1zz=${g`yl4%*iHDAnWo6&F2S<>phO46Bp8XlG$)ruwmAc7wMju@yLPwW{Kg zj?2YPbRcC5-cqM;9taI)R#*@o)}dKM$L5DW45(#;<5sk4^DrR$M-&<1;=5^Dn*x_L z{YBmGguTCHKC<-n2jh%kYGq+sYi>Y|nm!V&v?FG(EmV7jtp4YUCjNa`i(XgR(r{9i z;4)IDtkisS9v)hd!?ed#YPY+;#t2b>V?6368uMR`tX7t+r>j~)^*4vT!`)f|Z+m^+ z5|+{R-#Te^e|=T7WDb_kyzf25}$MW4N*dBL#FsFg|R zPp`IsWk}jaeBXxh9ROn~%g_4r$tCsCKFU)%gAs;1=o~z7#%#S+A6@qlr`G`; zZwNnrN8QP<*^UKgWmIW@E(1i9yO@uDjWL=?vFy;f?E4@0^t|i)R@0r1-e)1^nf@0H z9tHc=HK4`6|AX<*{~U4rU*9B2?Q?LDpWy&8G+~~-;!07;M<>ejP1hxhnDXK|skWMq z=8!+X4PDHj(1K}qyeFX?OwIf`N+!fMciDH(gIzpxfAXCUD(M{@rz`;O>bOMT zM$M3cI=UchR@b8C%~*K}>ett9J&nwCt%Y<7x0%N*b$h1UrNb*|*`b@0^O78&-f}$G zhH<%9^I+-&JeFI4syt-m;_gOX28JCQ32SI=7;pYVm;eL0mx$w&mIEUX*N)A7cX;aW zyZFu*Ztf$nbGzI>lL6*}K+@C9^dnb))3r$Nku^{?e@d)g1_zqJbEzd1V__buhiqP$ zcfy3c9LAvbAo|j8+~rGatt# zsbD8cueuOW1phX-TbwpRQ}Rxb?hK$nsn-cNtRm{+kk}Dyxt(-GEgjoHdYcK=ZKZS1 zxO(ktp!2UrL&0{+aa6f(=Q`jg(95k$kEkG^X`O(t`S~%ShRXzLJ!T)jniR#a?(VBA z3jS5C0GAWIJ1xgKy(eQmD4rh8MC@43vKp}(b;F16XEurKvZJPaHieqn4q zj^0;jJoGchkM!BsmP)WNwLAt~2n-;8j#X$FmdGz*Fo&bXhYMhL1*8hH3)z%$p6QOo zS?^aAI*KB7eess;MU^G@zaS0{YZ{f21rQxH%#02E{dLx)A$zJ^6FMIx&nudfkBpce z>Fmlvu0P*~-J}@j%{Inrb~Uz57C@x#4f#SB@q9vOChq1Qhvnd(F3QC8EObXsHI?~7 z8?|eFP@pF5QmN4AbzsdguMhi%>l|HJN5skU zsgiMi z%^3a10Lkk3M|{HkV>#(_KDF+BiNs>>k$DHjbeS;%esB;UV$gszSxDs~Iyn`iwi(_< zXUa$vC&?{NIu&;Te(%0crcH4h7;$iExdk z0xQxmO#Ssn)uGL}>ew((opLNkuq$JYWstNZZ*jYm0dj>H^k$G}utm;ZLVZ7R zw-C&zSxI;2AYFKM=~-c$!DX=}oyJudC3HTa#k z+IGawTDbC%n}AQO569=H>UwGBzC5+y;sIlG@mKB0_5u2is?yl6@dN?Ct+QTyk(1%L zHl1ab?`(GWEcnJXnSB00C*OkeVqhe0<7d*OvCEc5`r}s#vgXJ4FIpR)70u1gdRDdJ zt@9{Lf^xAy*{?NZn+|F~P)cFT;v@+cI)?*yPKazy>Ba6WZe8G+216m)>tE9~YQPy#e>xF5(fu+G$^9bOvy*hH! zW?p>h`5ZimU45Qjg^2=;*4P`$m4O>o&o+L&xospU`h5-NG^^+0yE0ZS&RvwjDigIC z)axM54o^cuf4Ua$ueiZ7GqR%0qZB)lf~J+nIdjF9=W z=%II`sbh%M{ms2HF;=EfA8r;AGz%V+x{uhslCDO|svh}zz8&Z_wV-{VT=M6sNLXzA z(wuNv3Hi@zg(A&&k%ukZh1|IVZ^u_lm!^=du?_K`v#SOePxDHxGn%UZ`PhZXUjM$1 ze*C>#2qinV;%Q7Qf>&8mhM#?V&XgB&SwOYt1K9WCJ})|_Z=pAlqQ!*z z{=$o!eq58`WNn1twgf=&+jAqy&Vq-5yiGnIwF_8gZUq`&#l*f1Ptw7k$-cRoJ}$`6 z;@x_Dm%d#*5Io;Wn^7yWVag>{C8NmZ?=M7YPMo=&av}N3PA?h=>VbfZ!!^M;m?IC%ziE zH{|~W{+`NfHS-8C^exXN{0`frw&vSD;we?087l}fB-|S(e>;$DwMHrUnO8E5I4>=7 zT__K|3qEZ&QoF2@tptfyg$o73k{Tvk49j1s^h*4@ChoK~QAa+r15v(r?3R}gRb}7t zGOdl;W=gy`o*;bwpt|HJYsd}H!m2y4*8shlTE^Fxi(^Eqwvb}yOIp{MZqH7nN?Oj$ zFDY%SQSV$E9Ro*5A*$v>(f9t**;|~);I>Rst>ehCU1PTw6D*R;Bb?JkeykSbJb-Ra z^rM()CUc|s9Bhq#N964H<-g!unkm_v$;C73-rb~h&KbKMHb&tH6%7CV_!oe#hk^_@ zhvF=f)#xDTap{`n#0b?oY2vf^?R+CKx+ZFS&FsfJ_#U~u)t6Vg!a6Nb^V+&QG~=He z`!NIN2leOWOH+!^dZslf)Loyrfk4Osk~n3f&G>Aj36!f{umb#hqf`rPZ3Zm6CAW#T z`Molg%T>ZFXo(Tub z^Qdd6g+XcT&Y!)tNCvNJ)3%6)xw02E!S#FS57)=wK2XRt@2|$+H3+1^U>=vZLEQp0 zPp7?v-l{%{064kt^e=u0igx>UP!g20=#@W^dnji)Hj-pHCp+6Qa+ImO>h6Ee$xnUL z*w#Pd%EoHfwX)UWt<HX2p(w3$c|xt0CCW$2@OXf~4L;NawwhS=&~t;VUp+_r>3KW6rhV zx5O7qqIJ6u@ae@$QtyK}x--3tZjWM0KyBfJ4Z;Wn8ZbN((OT>K$?Be>j0DSiQXkQC z5gei!E%?07mHq&M2*h;D@DpvLuNoyxoEW?auWE0zysDPBv|r{JaG-xV4-f0I9#XFi zXatRVEvH*UUM)QC8q z%ootli5qmy1^um=G6fp{WZb&vQ*qP%i@O1}y}<^0DoWa#63mnsEipOIp1a*V(!M7~ zJX+-3SpDeIn>j`6ixZf3(iNGKX{VH3sijh_s1EY=4BA~2I^fN{t9wix8SqyM^*(dG ziI_$u73yaKr@>Ey_Yz*T%sxq24*8t?LZg1VqNM-+TPtJLpN778)Az!?naf5`|JGHT zm26mF9WcpUm3-++>TI>e-oD!PvRtvMdjN54?i~o~b!^tI^DMhTFk>N|#1>inBYJ*d zanduvt#WtSl2?#G#NzWSm7RQ-f#r#1SCX;OMnV>yzl}>u4@7kjAiJW(W36?91?D8n zup;WkIeu^V%=M1+Mzx#*+u}5i6g{ox4-ij#o%$e@>?Xz3vz>XasnRb?i4y}K7_Lv6 zeDBDnEM6=>y})v!s(MPOn8tojhxPS=WgNa!uFCT8^0`NvKTjK^pUl7OCAz1*A}GjX z2ZvD_zIc2g zdiymQW^iKcQ}j7yVMoJkE$CNzLFn)tX6GiDPvs1TR^^00dh{;}INWbUynpN2T-_|A z1&xUk^FzX&81wS!_GXbX)WY1tVsO3&Wq>qx} zCbKKOSupfDTDjQU!qtUdVKuEc|77JbT3M}aAY}zJaDbZ9TNag5r?|Q`RFsSw*yM5) zHQ0hyXwPYsxzCApv$6L!VoH;*Ln$-*2H85;2H6)DAX%Z`k`+FF{5Uuci7>j{a>jX; z;L&r&3v>`VjT#niHoK%uV|~=5;hGS;U(05VX~7HR>v=FcY<$mDcJpx#4;K#)7yGgs z*xf0z*AD3RnzaH_WSGj|XVI-$`HHC!Wp{-*Wbl;pYD>IyuEEybwI3XAC>!l5d{?r@PPze=b9evd1j~T!;#okp>9mdCw7ECv zo*%zuzr*fKe;iD-ILpjuo^im7D+x-AXj`qk-F(4+-Nm`@HyCV#@r`2_Mg@Vl%LYr& zUTxo>h_s#)krdIXc@5QLRsj#R%{GG28zr|FbN9fO{@q2_cMi>(3~v`osW!nb;3KAA z;25NBLaqWbDbcMNtWAEsCBhT4HXtpCsUH@R`{5eO9fq3L+LM0Sx($E?`F(%7z(*Kn z&8VmddMXfw&mjh19Zg>BnsRI2#`pVaB7UXB=6hj)!!Tqj%=5%SI&yGu zix5qD{d%s&!QqAU~Mah=^CN0qb?utaC1X?$T$%i<-{N~4i7h&By@U}3&>d>S- zpw6qB9hYUTs}>3uGJ#d)WF4$GxwoT^SHK7H?QN3fwm)xxI{p0T8qq&HCEWqeUj zM4q8U8sM^slZ2|Q!$_)}Ho@l!$?aZ9zhOeIMEm%#aznlmy2woIb`>ZqW?$6bB5>F~ zY&hKxIAdUMG3wX*z&>4pe*rL&Xsx3paHdCtL34#GQTkoBv*B#HE{lMYiFhT+nQe$5 z(LbU|i>C79RoyW>lVkPb#gBj*p*+?oJvCqDA_eqFEi};ny!2f8AKH5?aG@Yr8QIvz zI(z@xewM z5E}->=_WR5T-sFqjQB9Jv3ozD$8&Ee63gr6@-zLW}pendkj4(PqdRpFb`WUVjC4K_t6*OkdJFgA>Bns)(XpRv#8{idVR zsiEjgik92Pk=rUxtzZb7t@T^jjX7@r^3FRP8Rkd}f)g$@f^AH5lvln=9Q~Q}k~Y79 zW?)%BUU;I#w)w}fqm#yYZ@AytGdRh^G1sxpxcNb>&4q);o`W0g#3IQdUmm}LWg2PM zP>WFX!05Us=fO zi1({QhW?Zv&dZD%$S9IxK7nTI!kQDz+Ub8wY;-<2x`0m4&|!9S(p-4YKHo!{kcaJ- zc@6{02P-^FqFOXQC9wX(-CczBT-}r>N2xF_G$BSB_t1KVvrC^RmujV@BvDw1z9R62 z)-4L3VII{pq53btNYecFFMWg;d`?XlAkGt$Lv~PL;B#XBNjK#CQhH$9-Wjeyms^?@ z?g;K>lIsQ7BEVPjW?3&iiG<7en?!UTL8-Syh^lB=7p}Oq;43?CVj5CusDBx?lEYWR zq&5^IN7rH{V1bHYyElLzqD;+UiNKmJTX(l&JGq!iqt`>o)}op-JLXed%^ySxFIIiV z+PB{)>_>-TQj# zgMg7DZ|d#9=hU{Nmp~o5^NppadrC0%s7)kHk-6p(U}Ro|d!RN{2N2dl4Rf7o zah6%hLe%`&_3yqIQLs1q`sEI-ccgrC=CUE^(Ycx;UrJ1RqvjVo4s-MPqh)q_iO!DD z;)zv^@=Yay@a?`SE3`3gtOoHRRRZ)1zf+Q!?DN&B^LA3qzLc-`#~Swwf!yD9Mrye4 z`t-ab8}}OPIFnB{>!c*cIpwc=!~)a$pmby&TAfPOD_FqJOMg$r%T0p;_5^`XmQ zvhT?Zc{|-fQC*pVgl>MEdE@#G9R&1cW2lb+l*#MgAU}I%wK^3Vo^_?V|1j;(r^yors3WI-_=eti&+zu+x}E8@jbkmlXn^Gp;xyQ8njQ zRe+^4$Y0WRr?iHHSawdzPI8rm^xkSaBbd9|{ev<6KW%6Gucw%=jb2a!bB|pbtXwcm zm>y&4UWhyJlwRQ)>CGJ*kGc6A>%D)~0a85i+~aSOB!zAQ`3)=aP+m({+>Zef(~-u- zFO$gUpRv~%u+q&qCS&Uyyg(EGsdXNi9J<*Y&xZ2qe8?v* ziJf}42hAbVqMH3j7570yo6geH2!cFDbX_&t5DQQtY(;p=UDb@yS$sAM57+K!6y(Dp zT%Vttw#y`?DqDosk3;1ZK#^>w05J4dfPPZ7tT)Pq(iwhx#l6_Mi)I6`HlL|M4#!K) zyH|zj-Ms9of^@9}x|;&JG|HyMwB1_>b>z~q>%4t~YNJTa!Y4lgp#zI-nJ<&#>TQ!# zoxIDZdj{F7KM+g zLUmz`=$R&wt5qEO$2}Q}Xg-~BdRQWuH@kUE8pUSWB;xc1^_^41q=BpP%ix~@H+7H+Y|(kj?R8?foY zR}+^@a~1L4HV!OeMcT#NeLD3>JS|b9F^#i^Co8KJbwPU{V`hkigZ4QnlBuHBiC@4<5~p6->whs`>_R zNbcJ+{LDE{ozfbRH;L@)417XQ2T|sODk9-`#xBIWo@bM<*<-cX87Xgn`?ac&vKyvA z?Rt>$EMTTmdQmD|eTTCgN{0@KN?0hRX)zfFhWG0w*{^Z-Vl3 zL77~Y?(dSm9d0fVq1gblezoJi*RZwzAx zdK=E|zr5B|6OTh+b}NHA1r(YJ$!91r-5wkpiAEEi7ySi$<#70=xOe%iMU^WSzYph0 zDh)X5FB0P9EC;Osr9YbqUr#jbaK8Q}O4JemT{F(ncV?mh`A@GEOi7w3(rzQHk&TAe z@2feK&{Fs&t`$w8?{U+tUM`z+zBJ_RAH(EQJo^)as;0eR@)FV8^@)xqOQqXmL_t2SddG3EqUu7FU`y4!rs7`84Wm)ZS^;{vdP0i8nq$GqmmsLT?fd^?Ct@QHNaYDv7GahqRtjBO#M^b8A z2NUGT_QLfU740;ikTJ1st%4qR3x|?F5-*I<#!0HRO~h-ZtlbN0Qcv&C+seu7FbLf? zBLoq9Nyx)jZd-H=dAbkw8|7$YsUdWCqd76vh>*%F3{rgcdeiy>mlO9Qm%GrkUW1s= z*(q^fI@}(8Zj4T?KqO^YS&icEI4?+i7vLieUoNl>>WH}2mZZKS<&A*B-ivp)> z&)3og7&>EX`V(fRI4s)T+D#4Iyy)+*KI4jqHULCL0tOyEjB{_zHY2%;yMD5I+8^tE_bN$J*R9;oR={Yh(U?c`4*nHrOnu%n<>kL- ze&P-LzKm+b(5_l)BVJZ<)Xd{_&;qovTym6El8e(;^wxC!;OTlctv;IsgM(Zh;xz7r zKg8M_j@7DJYm<%mDv;k3U0j0AllU%TgUFaH(}QH-q#*nA{l!#oRY5?T73(Zo z$%gc`qZyvQO};T~E{l%P#fxPX-Sx98Em!s(POCi%&;&R71mu=?aDciVYY0I z&D;H%^(AeAa@*yM#gCY+>+)Fb&sUeupoctJYehIo!_S;g_z!I>!A0)OsTcz_h$&%x z3pZFjbATRSeHdvTonh7`%G)+i-G);WDucyU>$`nDj|;!Y4}*9izKSGlIl)-z0=_tzs8jy9fG*M z@lhbP4D1%SLfe;t6&(!Y<@yB)XF)>%4(C>Krl~~&Kw7`CQSJWr#91$E3p`Qax};QA zx+mnl{H3?!tbQ^>2y*PJ0bvjyp3n#I-v7894%FHi5~BZ>%WCjzp6^q7T@bgGx=>$#%5Yr;P`+ccb*mTYB7mMB)%~t5^VR{1)L$RGxcZXD24S6C z8B@jpSCI~JK4$IsBmG~w|EbbH|DT+g{4Xxc|NW89=LD9Wfe`=v%I84J`+z{6$rWf> z)|3Sbn^q9u&V4vE!w5Sj6$bn^5bew_TB*26yFP15O>U;}utZM^Ffh8d+Y1qJPZw5D z3!(V8%wT2x2jnr#Ovm$m;a|7uHe|1+EnAI@?soC$rWZtM@r(8EE=psMiM74K&wPI^ zElrF(il(7CafGcPGhm_Fz%N9iFXC2$JwdMseA>3)c&)40v+v->_shFcNb(!Rjy1Kj zI6VC8LLjIs_}9|X{NSV2=LAZtj9S8T2%YTX3S5rTAVagry^YH-z#>z9IJG!?`!Nnx4&lu{1wemB> zmOG6a7{_snl_=%;LC261ME#KC5!n zjVlRulv=@dL*0Q#J^cE~Q^+q4X` zVDEd;iF}7lOvg}fmxhZqEr&-tQv~_48IL0)91kfBAMT8t>a*U8@R?NDTFy~IP9cBH zr=O~h?VceXl&87pC4*`|?+&c$rI!NR_l03ifw%7819|MtXvCh$F&-t1QPDhQPOg@l zgzoZIRt8NSJ28&lRVFgRZ$G`(^wBC_=69KODkXED#kXFkA*=E^P0sx37H7QJt_7B- z9!lQnE?H0*KPoBcg3kOQJ!CTF*OGw3KBDV%=Xy>sbjiL~I>E)cGt@O$5Xv!}M}E)d zN!VjXZ@nWt+?W+pNxBoVzGLQ7a5SSRy@#4MLjV|N&fHZPxO_0b(bzl(6HwCo;I;~8 zIue$z>iUpDP(gv;^x_}~pZ0$cdR_Nt1;_sNl@#pBFJwC^vfkDU%Db`Pn0iH(pu`nF zH*joA;_x$ctB;z9j6=Sem}KTQ=!9dT!wDC)SXV__Z40{lrzx2b()x#(%*N-&HBO!% zHcPViYl6Iz>lzLw{~VXV^h!#}Q`1|D9eaLkv?cIfRqZA;1vu9V)ojw$6EL(NRxZhF zBuzILb9IPBl3uxxDl*&S3<^)P@_Nb4RIek^~ZGrhO&Qdxp?CvdVS zkk7YO_`+5cz#z(s7pHaSIa$ST+9{yFVwnzWb^HfH4S769DSwuhMjX9wY$tvH=7vRZh+{^hG+jxzlgL2&Yc5yjSeEY>mlFD2Mb&==x z>cpCTOAe7aOgeCZq0C0U%zF`f(3)@aDX<>S66)E+>G6>Ey;AjG6lRG3+V??#5ARA* zmx=pd%xrd8=&m$Ox=?kz7MtUGjMGExq9&tALTT|$QF52`tta<#zJ`aljkqo9qqaUC zd#=K^Zp?|)zie7hC7jC(lsa_nPTNKuuOkb=q`SgZ8Sm=3fK68%57$GeOL`&8GP%V% z+iI$ZguN+d9v_LtuI8&TZTUC1tX&gj2Y*o8n1}ioVaJEU@Z%BjTVI%lyeJ4#AXNZ6 zLG8&@*k4?en;3$945!Eb>$US)F<}6o^p8zS^5)S;J1WQJSZrWo1G!J$k_-kp6G)Zq^C}hU|qoy9{0Kt%Y?JLV8=8_>!Ia z1iviG^@B4<_Zk&kx5?qJ7K*6t&5@Z5#)qMT5{Q(v2k8u8ioiO2-G|{D;}HE0xBF3K zs{ZywC3fXv@o$v!RF^3b>;3PZd5YmbWqnT-|L18Mr#@W#|8M{F{r`QNyrpT`{+foQ z-H4l?pQrZ|;NP=s{s$;w{CDPc|C8>0M8X{$|KX{crCg}K@lyd?LseI$?4ix8{{VM5 B2d)4B literal 0 HcmV?d00001 diff --git a/2.5/de/assets/images/manual-guides/mailcow-netfilter_settings.png b/2.5/de/assets/images/manual-guides/mailcow-netfilter_settings.png new file mode 100644 index 0000000000000000000000000000000000000000..9ec35ffd78cf9c66ab08b4308e085ea142b276e4 GIT binary patch literal 56268 zcmd?RcT`hbyDpB~y+uI;r72ZxCe-1Gasd+r~1{O%c-F&ri{Yt1$1JKy=v=XuL|rLU{b#K6Ts zM@Pr>K;xbP9o7AS<2j%EWM<1}Qmjj);mxF_+w=>Ac+V~`J%cSaq zdw&}FTd$F$lh_t*1&L_tt5(?wyN(7E>k(@wr1|LN=z9M>R_1M%$5P7Q&YcyO0m=LE)&*W=?+%?RlS8dNvxc%kWs}cXwX4r6e z+IUz|QA(_5bWI-4;cC(}C45zN2p?$i0O671aKoeW$;l%0a z^k3^AqkXu3KfgR{swpJM$48P^ER0=HuD<_p9KE%bWh;gGSz? zXIb&w>9b4s@&;))Giv3Rt6U*m|HNACj5Vb-aYX6cLZ8OAti(-~z15{P-MpCD!mw3j zLlz=O8Gl(maoETK1upy1-B@^M`ta+QEEb_+mcV3F_B`&x?`CX_yh2yzPElXiyYLmt zq$E??g!J!Bqf8tmo849Ihs$S*G( z(yOf<)^nXzJSk{qchvmT!T%bhouY83GX-5rIXnDC4#OSd@FV%NOGo ziwL>H;ft!!(LI(uCv+2pHyLg$dW}=!99J8BUKCz?+E?kAnSo_EARezPMrNp$lEMH} z_Qep<&(XQZOizI>tOWm7{;BTdF}mjq8u{go!xqN4QlUPQr9HRK@zQfB@u9;(JUa`l zcz2w>Z9q|NA;!u$jZptxI^~4r)kcSW+^H|`W-t9tN0)dxvt`=^WZVlcytCmQ=OM{d zr|I9VzsUOhYTNyjbaXe>RiFzcsKOMm@iWxorAcS5rwN;hnSFwETCby6fc1(AXXv&- z7)xyw&Nd?N*Yr#N6q*rHO$Wrr#wh?ujpr15Vr^iNXe5SLUcRm}uhP80s4#u<3?jbI zfg^D^z{cxePRh5mSH2N$P_V|QoA+0za0lONp-~XMm~O5&#{K}>QJAnoY|1pu)8$nr zZs!z5)|eDcGNUy(#r}xD90V7#A}i|%CY1-sZxk8)%VG6Z2c)V%D`uvxfX)zNu{jc$ z6(5^wgK0%e=Ie=f^EWYf^{^kH3`MH{t_xgd%Y55clxvO~VKewDL!3Wz>ItzNL#;3K z`yq;LaEZjI|K%tuGgZ9eRR-;1ua%`Op%dS{(qHy}iYpCsl894nB*)m(;o{%A3l6+S_m|MwH33EAMo)0O#xgbF9rRkqt*T48W$h-`t6QI5xPvFM2Gz&UwlK?%2(nC*T|`?a;NRxZPHB_ut|&Z-BK zc1>{1dSjX9ztl*%QA`OqFP4emYg&XLF@(%@A{dA9dZ+mm`7W%Wr;IyMT`ZvH(%M>h zkQP7-D8%Pvv{0K=p+czS&~>8% z7NPK`IRn+QidkO;XL}_cY5kYxpwlp@7ryjyZi_RjxrRCWCRi!pl7uoJYvw>T_{#DV z=1Eg9k6ZDrfZb%@EwTNM!R046-**4*$unVI;DhBWEeT%i8+#=vFQItQR&u#Fv!yCq z(`KqU(_lRCI&X)7ET$*q)V}Q2OU48plEfbow>h~ozwUGZH~sjbUuB@xpXHO2oLY-( z5_0%gJ9ou0RmSHn*w@#%Xt)kUxm!x2^v%B#6i((;w*1x_8CSn?9*NH4MjHqm-|iHoiWESct2pfg!4n0 z<{X-(oVk`kYG`i?gt`Ou@d^#-*022mqmzJtj>VTgs>~&r$w{e#@j7fh1%Xxbs(?K- zi%C?^XK8AyshVh>7_smzwb4|i4>%ag?w^-c--jJ65;s;=n1d$%Ku`S%>v3~`59>-A z|9o)ETP;(iB3vGPO&xtlyxb1g;F~PKyW%D_Dl4BC;Bw^?fAw$XCH+|$aVn*^I_?RG zgBB5+BMpm&%{XWzEM%FezB~*6nH_I~0QVx~A!)jz5$@T&)yFobn)YPm`S*GRM@A+= z)1#rA?aFzKNzf7gGQ-fS2&+Rg|tM}YbI6u;u$YdF78bow}4S1!SQW?OgL{CeIR=OOkZrO z@>}OWox3iXw~|oPAUY9H4;W=Sj6x4h9>#L+wFMlcIaU^g$JHMGMF7?baUiI1#y3Z|-W*nY(glzHNDfB44no z!H_78AC`-2X_%b2%@4We$4W+=A0qE5ntlk%Vo9#W@yWfUAO#1&!!Pn`L${i$-A1M+ zgWORlGbd80*eI?tO9dJmO4%X1jTR#|qAXxaEY;{ro5`IoPD;-R^LdDFN(FFZgYq zD%>A#+HteqZX_nXKwHv`^`tiLt&3#8A7penFRG{T8yO)!nT|~+LNPSdP z-#0FMl^-&+`vDj6m(LSVz^=&D>y%*VU>_*iPWp<$BaA|Q#u!Nrq`+J zg3>t0Wuxnm*D4@%I|^0p78*2KwA|PbZ$q9>L6f>nv!ooK^*N#W&087~4zqkCQf?b) z-)oQ&P&38pS(6V{f-w-QSs&!&UZ2ve_xuWHR9Pg31Xm*FOFKE5?mmfNxayZ`u~8cG zrK~i{uasXCzzb2fk0Ka!;#3YqYB!}C_J)bs-I3HiMp%O&QMz%L6&CQ*P0YG^vxl6# zAY((t_R%YGCU(S%?zOZ+$bsaC9M2y16DCrfGD7xnor6qS?3BID1$WMtUI{(r_X@vV zoxX$huzbD&$D5?P;W*^Kcjyt?Dq65JpR}3+K4LnfNHPv;w?8z6A;zXNqK=jFO&Od& zXS;pSl%XAG`y9Hq_eZ>#GCT9UrSM1Ne3q4+`B!SmwqnuMDT#}*SwIK&n@b|}mB*!! z7mYrs17^j-_X<1aJ}8}t3z;nniib6>1P`HYBTT+0x4i1%G4{Y9oW7K{6 zX*Y9xz;r#XuQCC1b<66c+sH0o)EQBwpYtDPvxz&Le4&_~Y8&zqNdGa{dt$h+wJ zS7b(C+KW0VIOM6s9G26l1=Ty()&)K0~57 zg(i!pWCoCa*Ff&Kx2}7)<+8#Mb#so+M1AtSsZHaa%ziAwOJ~Z{w2e8ou|S!A+d+E7 zjeLwhmGs~=DQzRF=IKIC)a4ST*undZPhyTVyl{=)|qC zJziHuWax~=kA&{VInCwJ6DgZbL0Gt$P}Twgw|{7@q(R>F0V!NVe}xxC)`E=+r(@6X z&<^;tUY;(Wa!&Xp?)I1Y@2LDQG0{O0y3uda-5WWM8q+mbQz~zmD*sY-KEuT*{AjD*IQy~5e(V2dg*^()g z7d$ubC%c~NMkHW+9JoC^na(RiFT2LH_FC-<+})cu)ys{qus50d({Cm@|KXf!;7o$4 zZaZ^&;7>-qjDw|Yi_tQQKVfmCcz+7ZABkxQ6=vfeX<8&u_s02~Hd`3!-|6M4TWd#p zytKg8ZZuPyc1~Z78ubg_XI6TK=FipPsC9-3t|>R~eMfXUt#q1N2h2nwLp`QB`MA=$(_L^oiLYV< zdlxBdi_7+?vJ8^J6mMGEP7Ns9%mX)w`9Zp zKw~x354t3f13XG`4Ni(v$65uUIkUGRdutUi=)Qyu2u7EwDPq@__G#Evu&F0YtsJ_T}eAjV*C&zV4z*<1t`< zcb}_Q6dxcuxNL@0uU4YL8!3TB02;UOeXDoPP8y{6{y-e!wKM!RT`_&wxlOYpEEUWf z>|3>UnX)WD7B#)zcK)Jaa5ZkmiXNE}ZR*S>8?f*#qqoz)yK}o@4+{m(M-`|%xV=yM z_1d`f=D^ahs)dA`PE6Af^=X6uWG2|0r|sJUC%63i_y~1&;g!z=`(J9dDF05W0ly1D zvlGC>fg$msn^PN4TL*1crlkfEc=H{j1&lTUld=_5`v$OG700+^N74J!rlt0w#1v_( zT$!6a8Zkxpi*mN3IT=$ONbd2W;}dfes&0<3FKi>Ao3YTCO)*88;TI8?ULy@)UK-F( zueXpPxaraTAvz$idtPYj%1s?+Q40L& zJ8vf$NgL_aQ(KSLU%U7ojEB^s<;31gkt7m<^)DXBGFiNz3~Yc1Pui??HjSdFJ4g$j z`8Pe2f_F*XnW96DezUEA>Jl0Ds@JNA~#`YWgI358~XiN_7|_ob5FcoVA^Hkz$_e?XOj&H-nIYLfoQ zgkEsd)~)#9hQuzb&A~>zIbIf!G!B!}7E~J!NSYjt>tC1)VZMqKdCk2663y*b@z+o< znH2J<@%hnT2XpU5KsI+E$TpUW;JN!saw7*uTP#)X3YHtp7K7w4H8Br^dz9o$B7FvG z*R!sJyS%uJ-%wqB2yMLWoknJMUB7uHxHO#~xS#3dweG~fpDGhSDTQ&*K#A8g$ehv| zy!@Tl=~B@1nT@GeS`AZ!@QdcvwvOmQ_w>;*kAu-3q?w<~9=w;k=8@y-GNmL9^Mv_o zb)Sx-GfL@Liddw6XM=lDj$qSNr0Y7_Djqq@Ag+^!9+u?i3$U%dpE=~7+-B$L`XWH? zRdh%@q__3Hg}lJu2kpXs~%g`GKpx+ zZrdUZMf|cDDj2d2)}Op&VWflMb}MQdU+@)aj_F&7a{h!W6vk?~i07(2`)GeC^46g2 zU17ZPD#e~c|5>DL{ZqCwqAo9BwK@>DfT@~L-R&K04EWTh>vUz(8HaCw1={xCok2G{ z^`=zA$P-kJz@E>|6-*&!c$(A~5MRA= zhW!RVN3+^K)M?PneLeGH+eOdm06by(q3o;rD1zk^d|Ma=cy0C zEbj?ieP&RJb@N7YV3tJ&b1N>{y41_Fd+DSmuw{T+@6m)WGbk~Fg|!~YYQ9G`47ZP$ zw8BcROjb<=n_$*iFM4YlP!HPCS7Et&2e9b-<0-XDuV*7&n||!zvYU)MStWIXIKroE z8trb_ECl0Igyeg5EqFt(XXozU!FJtGb=$h39BWZuM7>N8I5OVc%+?o(W;36b;)e)| z1UvMEM!ORyxVzn1GjtIc6txaF9>4fb{dn^>zGrmU1g#-~cCrYy?Y)T<3g%6p0l;$i8zliIiu zH$0}h*QGjgEj2FyrxBIjrvU&}0c_qX6?W7UA-0s@S3-( z#r1jH+S~Obhil>S7Fz7{1&TS*C2doPdW`2oj-e58X^V*-Y5s%+pJ_AVy-)7!+>z}3 zuIq%3ajx)=gpSx)YN}~y@(}4~d(TlVP4%~YNEw1_8 z@9X%$F!S9FnT6EM&_d7NbmVqRDZx4VwNFsJ$7XpF(7zVO&}L0U29^LIqLVT#Y@vy; zF6)WEEy?;uigvy}<#(OIj6X{JQoozZHd_yx46aoT&mhTmju=i4QKOUQA$)o>SaK}j z$NeJy*NUZ}`y`@l5cGZ`S}bLy&IbE$H0 zph>K9R}*0KWfv9?EfE$WFF&r9x*?0af? zlD>z_C3&P;uaqdnaFdf0Md{eAV-M3s{Uk(HrIgtIUUo~Q_1?wPwhO0qfA|2F#t?F5 zo?GcqusEM{-mASG_buwMULqL@B!!F#DliuNmp+v z^fhh`%V{qJK5ofRT;AS{mLN?I`m9cHE|{SI0@R$*>OsXPH)(>7yfBeNPR!=sWxNSK z$Hy3;rKq8+JIIbeiPpsMzO<4VY`$G5x($8=5p)x8v+FV!n9o04{l9HjRQkWBbN6p_6<1-2|)xj zwNuT>rsjlBo^r4`hiL3X6YlC_TY8}zf57eZ6lg$D_Z8JfRP(Af<;_$m895sy&ZW1Q ziY+ziZGWAfCA*69xV=+vgL$S&2^%Br z1_hng6ZI*PVeW)Xu9`Hjj~JJfx&Tu{$Pruu?HvT#3K5PeD+}IkMk!cUL0_cI30K^n z)zQV^>Pp~S%3g=A;qRYM0zhd7t*}|0xpQJaV*V6g=4GE=#b#;;vK@CufxNi^nXQDC zKu*P8A>SpCZP72{1@$PKchUSPFdFepGw!BdsQVs$2n5$9hD=x3+=)PH9zVVT3 zh|0!k%2&ls3&Bv3A{?izmPAA#@bvxKq!H5aPyTy3Apl9R@t=Xtucu5dRDnueQ1Hrk z9#yhZKcRWTFyhql)FzHIN^-=Kt+2ptf?*rN)@`HS$)i*dKgLhR9+!uaXBf*4wv);l zpMKn67FTUM@OPT}(jWP7$Z|RUF6shNb1yhxZ~5t&S+c?=9FkU}hdb3HW5ZG==^F+; z1WRR#&`*zM-sen%$A1bMhJ6aVEk_na-jC$6Q6iu?s~?8oZiq!NB7>K4TgPAuVEj}k zzY^)YlQ(jKrUp~>-ng;LTgQ`U7s~|m=EuuQ7_(jGGk!>}Tg+usx2l)&M^J>eC4-Y$ zPn4)R=GV`1UBose*SCQLXUa~t!Wz%IO3nkP$@tNb%=egX-!Ia^WpXv&PznHG^^oaFB&p1XA|dyuhqA(Uin6BbwgYC=jq)4@i#Ia^ zVL8_k52HpM|^OLlW4_?$NwJMVrxbf-kZ z6ul)V>CTv<)%7Tdp@jeu+l<>>XziDo@g+yeH!5a?EC=o`rUQUisev-vhs*;-(`S$z zY?H2{EZ5QS$~fA(E5i;TBO#eebXx#;BQi28ha7lOI?5h^%qX(loDqB!6%U2}a^s!2 zc+m!L65ffQIK5Npy!guA+J_+{lNfaz*M=_CBb6BhyKDqs3;|s=ZSgJ}35!?j&KV^`0dmk2-~#t;KaDh-gq(?T zXzK#;ChwxV3dD9zNEzvejJ+)^Zo}QO>{&Hr5!_Vnxj0C@b-#BqG+zz$dI>kXy9!B{ zRwcFoa|vPp>TSETCNL1u_mp|;A86>QeUhVXI=DM{2bZ^D19$92*zEr~Bh8*$`IKtnC^9cd z7p0pIn5U;Q#qacI#`qyCjH?5JFd5~C;8IZqTnj{K1pct&UJ=y!MVYfOB9RbYC0h1#d{cyd=9rw2xr*f zBbj5z7hwU9oiMK&yz$5~rCR(8_7E898*xPGW36cH0=NRaNxfdfcX#o7x2X}W+e^o6yu9>)61^_ z@J&beT?>A8BL>RIe)t7|DLRL03jDplWOVdF^Q_R(hn$nYt}zHdiiY34@$X{bM>qZd z+D+G`a0dS4w1MD+*8ghm=8!ac8M7kOyx&Vb3fg0aL7}+RKVEWhh#I{-gE^EA^HG5R zgDHRT=GW;yc8=>t8rX;D`T6x?Pt&^kU^+K92PTC=|6pLJ;BBbBK%8IkChe!6qUU*e z$)gbRXq6j9)a<4H%v`K8B?+>hWJ6vtUA}#kAOQYa7K$$d8X@&TGQv0Y^KZ$@-Z+x> zbNGsBGjVu+{?o5yf)5e@$SU|hCefa}QNjTwMXI@Z5%2RkdfSaAoG<4Dj5NY^Dc1%G z#8_VRZh;hxxT1W;a6kX?+BRCba*Kj)5M=X3f~K1tmP#t@I{|4!k2fyXhLR}J$OH01 zAe1)Z$8svrdrRKU8?i)Y3=e6!+GpP=_YAulGc`}I_z`Kj%M|uXYodAeg$&=B)eYKFQH%o?zzip&SYP#@@3?1EJ@+;Nb35IDSnKOo^j;I?x5!M;Ih<92*| z$tkMa+CKH5Q_79<^wtA*4nd>u>rdA@VyV~^DcF>sLb`R=y9S0M9p*^V7w9jIhpd%Q zYn&@G3}B4*Hp``tu`m?eUjodRhljMaK2mh zrk)YduT??h)~~`KrVzYVGb>*iTgeZE)1GES9n{2_v^7Tnrn8SwW@a_D9;XhAk>TyF zDW9uffjN2SdQCGPxWa1)&I&;dIx0-HSD2p{8b2*oasqH_ynJqc;|y^w>$6^z94?yr zwn{}u(elHSuzBa~FkX1@PEqIf#6#K&-J%C13%~Pof)E(Gs_Z^hN&Q{`i{*jj5+s0V z6nVDRRgX!CUnpGkU@Dyf_WFQ-c`j~u=i5SPC@5sog%F5dRHiN;3?_&ROS%|W&rOOG zbQ>F236Mpthb|rJp`k1EovkS~yn6D>bJJu>E(%$OSoD4veFn>~5PBm+ar)XbCgnj^ z5B;*o)xhcn6Tez*rG-K58vLpVhHfM6jIlhj??kmz<}lQQ1u=p$n-or!1i5g4WU(?CcvN4>q+wFdr`I7t53E=RD?~H;y(@HUK~IY^_Rd;J*IM1hY(tSFfN9 z`IdZcOA0#Vpd*@p#pc36D-ezIB-+~PnnWQ=fwcgXz^;{QdacrV#Ijmgbyd0Ev6nN$ zC0X?iQwdUm>&BXAZ=N){ytjmFmbBrEkaWNkA zUCR51U)ZOB(a=z&TZskh;pm=^vj|;zXT9{-4V8$xFnH7T(Md&z{HF_%sY(f}Png{( z@UrGa-4pxP`&k$ShBdq#&n6WU&O36#71g|0WJ8%!^az@6C05Tdz*8@UIyg`PlW~V zQ_z(4`DOA~Z6M8JbT>HEV+KqS89m)RRhD2JT2`RO9Aai3U&`)h21bI&yJT+IK56aw z2^l0m3imyUG7ZYhzVmyvV%3C|y<=)P*F0l#R@bBD6FP0x=#ThUhts8d>>1ARsvs!S z22I)r1Ra{|gk;twD=73+w{4t2r@rI;YOg!2RU>TboO<*4_Dm>=&l5@A;S3VvZbBJJ z#hX!vE<)$z@loYfAu>VdVUKkbzO-(|mBVc^CU{G1CRK~3d;R0}!-55(g(8RD?5^2g zofDMg91RWIRcAbW{+BgC8w__lA0qVsud>SH5HK@@YMZlnJ4yDxQx%Js#OJi zF))0#F5?_jb@(8a|uLT9OAsft*>gcw=wG^uEEsy_warE6O#9zZDej?5x{GB}+Uj(rtz!Onv|I;IO zsy9laV5&o;o~<|-Om4f!lp3oSvN8y>o-~sh4ag9=s_@0Rw|SjxLOh?9GXLzJZ7=Y% zAtBhaTViX94Ci~JX+_#cJgAVEa1$C-MXQiJcYml-3+VmGKZlU&F&pSXTyl^Sd0DSo z>!f4FgZw|6-nu7rSQF!s_c{&$TdNwzqp;Tl=#O&nZI4*0?{XQR2G{)exXa6Coa@rg zkY56c0qkQgC$VcY0}J7fxMcmyG6wFq)HaR%8tF}Efk!gdxF~eP)BPn_@QoX!40Hoz z&O14X%dvdas3x*$TylEN4#eb9uYBR0T*-rj-*YGU%-22JX$p74XdkoBA1vh&vsX?f zkYqwvJ8bjUzK<%U6=(uU&ye)!`x1N(prO~ZbQvi!G&QU8?K zNSn)lz=ltgthlC(3f#FG-|M16TH&025ZXmW5r<~0Nun^_235Y!O>e`Su5D`e?wb0p zpK${blA^0?=jbMrTzBwI{paAN4@pe!2#0AB1}RT51!9OqEMJ!DT_)^c{w( z$L0BANJuzQH)%=6=4RW6pS>?Ky09}oS)G-2XYOlVuP7eOQ1-%fMR|JU zi2O|6BR(9y>tjzm$Kg{IM@ozPREOzwqO(l3<;2p?d zH8oeeKG)%AG+RB`$ua9CE$Cr*J?}?VJSVflz{BOhHM2%F%WRdRMH4Z@&isJgq1}TY zH7}CX^w=2E8(as|66Eb#gQSZmHy5?`9ccjPIrNH=Mim2lOFDz%aZqkN7{xQT_oIfA zId_>8r34Os9ApZlbb+s|e~f|WjpBFxz@S$qFL{`{i!7L}M5=?Itf{pQFT&QGZ#MXR ztTkUAt8-e~D=^G^*UN>pcm4MJvs3E)vAKN8DeuKim=#vI+|=J)#;&hV)d?%~FYW20 ziF*Nhc-5{~{KZDg6Cqjn^Q?1uqz0j3tU7&+ny)rP;Vz#Bx5Q|bT`N3W3P?S?w(w0V zMbyaIrV~gvY?r8Ez5--TfbWY#Yf2`3oJ5+GvkjJ~1cs*~X_K8WTau6iTsQxr%&4SV3t2L!55H+Rc-dVJ{m7AId3MvfTo#N#3R z;bvdk@6ZCr`h}U7!iuCmnKQROT{oPHy(K+0YQ;qOZHHeLEW&U0?Uib_ppv+syL$CN za!lP1jZ^J?*wyG5N5WGC`z)6Zw@_8V{Cu~bubSHiC@lxb^_bIf{iCW37_`G-Uf^+h z32+2$KNNccgB}PGrkpG z)aFTvL!{&5_`GiaXE&cE%AW>-}XTwe$X{5~oeUi1HTtVbn_k&)oLfk!uWShQ7*XnnkNn$m_x}Uwe zQ)BL&!&Kk6C@o7-wvnxK1EMVkR?1IBW299oO0Hams=%h;wZbWt>yg=8#SNHi-$&gV zG;0)QwKE5eN`^5ag+PWZ9o=1({I|}-LFr1Cg8Kr&OB-cA9$0>^`nRXeH;FdVa7hfWFBxd?w;OUF`v?uLDDiujV4-9MA^Wt9ov;LROw3MCsL>Ux`WU+bO_qb=^^t3uz7cNS$_=TQn)NKx>{IIaJ!e;%PXFf>&|J!dZN z1uLmm8p?1vNM1NWP){2`8SSy_`9{)f&F3khGZn5mK$^50V~4K7_#>Dn9H?mkC^UNk z3-gt-%*@5rS1Q|@UQp-I5Z&Dbnk+ImjLvgo(cWua^XXb)spgRk@W{aeAfH)J;ZZ^H zB)DnUX%Q7?|EIf`KUgY#&<`kr0RDsx1^6_qo%#;eh6>_ZdPc3~`Fq8Bw2#(|!|fx+ z1gIeZ4rmiOFi-tC?5z)tcg8GAc1|~5&+`~T;Y-oQ|-o_cq@0-hXZXQ{)B z5=z%2McWBNRfr3j>;L(dt87AzvOf$9+-3cx(%;bgqNa@tJe7klTZME~Z23GWeyH*{ zJ<*2xUkpf>#Z|@&G7SZD-mKQoY-5e;+ptKQ3S+@4m;q_Na>~-5Yby=b<$1}&|3R>- zs>qFL(p21Kh$+k)(}T>C?LQ!tD_CU(X8lE$Z4-vDjdp5UjdLsLN^7+3DB@5Vo z5TLUS2vvi0ParVIA>p!-ndWgRbaJED6J%@pux8<0W_p-Y$AClUKs0Z)12-Y9?%e~X z3DF~MU%2t@__(Q}sWa^Qy`!BS#V%AOaocaMJ-UBuq~NaE9qBk-_P|Kr=#O6(zS}^6@53}rXn!5q`sWV7M(DxP?)-OFiSEB_ zzy9Tw7&f6dF)_N@+MkY0Yq^(>wl>g`%PMij=;bs}s5T-(TOA;HzO=NoK3O~X>cTmp zPoC2a3!z8$)TDf#@30gsXHY`W$XNqx`m&4W%6^{UBucn`B}?U(iT$$k-z7BgZ#gZ^ z5FE;r_Tf1Y@962-#A@bz4!V<0+v|_n&k9`u3WN&3Ni$h%F3t~epsV|KI%lSbHSrak z?Ssp20MKnLWO2q?N02l1XvH57pA)*G;;LU_B78{6D#cMeO9ehYK2yEGok_5jVk18u zH%)f6T{T>iZtlfjEEEB-P!=JD`XF%iXHWFLkG0iQ85%cc*Uts6kO+BgBw){A!91-Y z$O-%Br{tHD?oCyo_lLUUm!~f7?1E(Xyv(vu$w~nWIbW?(o2MQ{!(JN!Ck&9l={)AX zJ^L6`4bZ_)55EK1oY}JQ$c};K8{r2RVM1*25fzmHJ_{|sjB)~UMS+cDfPN562h?F5 z=6u46e+2zZpCUfI+T0j0`oa{=Sk%#fcjlp9=BdxP&)i^zIsi38{XNeKrPX;o(aXLB zKa3ys6sk=Wi!k3$J;1kuMK+~)8p;PSV9^~KRIdSWI9>biN zf=M*LvXRAQDM||~vr?nm=2C$-$maZo6$_gZqgp=AjE6=q*)`P|;%)`1?3RYVy)mS2 zeqMQc)VRP;S?=l1AyADE0Vt>HbA1GFNQl)iR)nnD5zEZf{A_XHMIGN{HXfPIEgK5Z z$w_JIee(hr)uY-q&5rgZmRNq~NlM#txl7|h0}6$$Dt|*jSRF-%t4I7mm0aOunUZLqv_p3us$j}@=p`%sMo?bgf0(#5pBs+sB7X7yK zxOhd&SOsst4PF<&JDcug01eJ%aUEHLH^;MCY28)93k{>bMn&KKbl*!~!YZG|^|K2k zw>;%(o{Dcrg_@f9Vf_?-@`lQZc!ZuEP*aefKk<=ei;3^}K8cI=bTd&vgVbUJ4@@r` z*8wz9Zdl34c_l{=dv0u6CQL)%9C3SQ=UGi%^k+OfppFpCx5l`XW3 zUWkCv2cD3*?}w;*Bq!|5w{66ZfJy$my6Fd#YsMPl(COCYkxYr^gipHT8XrBkyIv`B z&k=nUssN8s<#>x^rpnl()!%c5v(#KN-cQ|e}o_X%Kd#ulLe@JXP zen={g^UIB-C%P-YyKv!W`f)_PHPK#wp@d#?H(K5KdS65Z`c!|pF;^g)dm@ry=79z@@79sxs{k(VeWm@kLOVOVe$wJl zpfXl&q%!;W@GBQ9L(bj!R(n01o8xmu%eOJf<_Ttp^)Upza-bf3C7qK|Pi+M_cJVcX z5eyGYV%9ZIWXAw*EsVO_$uJceO^tIAH|Sk6#EmpkL}g;U|MWTNL>$?-n=*hWAX86i z{Rt9v;Vl#Uy9^vYM3v?za?OW$o0@{bb@c+)a?*`(jvL|JPDCDZ4%AJ=)hOJV{j{eKbfUaSu>WSGMEs1czou?CfCe&_H zHE4iIMcknHNY}c<^aUQS#p@YB*N#8`oY|5tZ|6i0-t}oee%n+&sD`OgG7$e`#Ga(` ziKY7+gKc9(i^xfx7Lh-6l2zPix1-3D@5t>zlx=`4_6dTyfnkc0okuZZPNqr+CUbl* z{8<)zJFgE8_eFwv734Y4h_@bp^_wzdHAnM(6zcYodeHU{(ni)9XkmRi zlZ^iU{>fTUUdU|aIrdAyLEqrJiU8;ul}rGk8ZSs4d4YowS>ot@dt!n!fpilMGoc>N9ngyVnXPbRN1gKZ= zMv!`LFZ&Un2nKL5aR7xM*2wwnvS}bE@eEMzBQMO}7H}BVfQ^N$g4Dkqtx1(WfU->$ zAKnSx^Op<&Q2WFp0}Wqu+%Y<@+)Ry&(d@Wc_x~q znGPuf6O*Ei9@{(9cf$8@tKOfFkTGLOUdtE|o3}H)wqXf){!g<5=a_zhyQ0tK^f%!N zUf#6(FFriP`N^1iO0ZsDp&`_yra67fg0s*NkZ{(k-~paT8Sr>pzNRC$9#*Xr*ux@F)DdyB#^c-{Mto2CkA&;RlnAR3MYO`7Px zwHwhm4*R#tU#m?M5N&t?19yADUkw=9TRcty{{OuAIBuZcT?j#sdLT%9=Eu@sgq45| z!G4cxE<(xzbhtn5pNQ)zC6qr>BWavL4X-}XG>)J7~sJh#7 zO3Avk9eua*9}WwY>pyzEeFQq6yZnR6{%<)#{ulf1zrI8N=EGF5+NL!x$?iR60T1*_zI_I z$Y!djdNr&3-67^(uP$&FFp#tk=yC;refV#j_5^U7I!006r4m1-fG0Q8-PZ?x=4y^& zXLf~YI-(T`_?=E~lo}m!mpsRt*r@dGU0Z4b0L9pPDi2@xAWS1Jd6I`z9H0gE;_0+E zj3i2Ds!XUh17QXq@w1L5HGB-4=hj@jd__c9qih`%Sq_mHC4v-?oE`pXlQbrncIZ)f>kCj&idm^@wS-yXA`-?toIeEpfG zDe!8FnhUMNX+haXoh0ZBNC(Vz?wkp~S9dv+@MZa{PCb34{f4viN&>%p(9=;2z5MJX zw;bP8^^4)ZIyfbBqS9O7g3)HG8RLqT;S^iYbjOoYvopJ1rI`h#a!QTe( zYTubQ6&Y9B!j7)X^OtQtMKnN9xH}gHj7e7F${p-<0bg{TTqkk8>J8h(sGKZRCWh)V zASBiK$|GPlt8#nbXKAmEZj6MITYsCrummcLMO$+BToEjC=Sg9DL~eIc!E(zq9W7q? zYQ8;ng6WTBRgZ?075NO}Z{PhF?}D~Q!n9}lYiv-Bt6z#Xa-uFhGfR@xv)`V5;jud6 zA^*XR20b1Fg!OlP#ks!@`S6e9snj-Kvx1SY+~7)Sxn7_)+SmA~+SPYuXe+Y`4+L!q zcS|fJPn%mTPbfW=4E@%pPsNmK{YP2lfH0yS;aVwSWCafBsZ=UW47odQ5-rbZY$Ts}{TNkeygpk$59t zBAoe}7&i8GSD9(n$kvTC9)85uM6I-u5O))PB6@7e-%_KS73_2X732%PlcMB{U1z-f zAP(<%+CrOC=-Z-zV#%`0-kf?ZxILj*=5F@42#x}k-7J1?6t9fo#2a;b*vSq#|Jy(r zYfN4P-S(`)4c7kq>d!7VoS$2z4%K^Kez=SttJxR(%*5+D05I-bXD^*Xsva8i=T|j> zSV($pb!g9CV&iJ~S-}HSIhaD+__ZtCcwO9~R^sU{##snx1LvC? zn+%O{s*i*#&Gb#TMlX)ON%t3*!+5Prtbd)C8da!uX)NkNZd{IjaVs}bjUgnjGWO?< zhpT~LNT`r=!0c-PE&Qm%&WhwRv3o5Fq%CSXbbnR5YH^z7+`MggC#VzS#_EVKy^txE5X#JzY?;AuqLo`)HH?8GPWN(1iiSk%&VD1D0ASC<`i zNHwZRP!mLIXUua9a+_FbECyQA(uF^o1f{QCpLFA4oMe-mR!x2o{W{j0!7F`rd_^#4 z_?kgId&|A1*S4IUXRFq#V<9Ehr6IZUAO6CmEXqVD$>(B+e&k|0cDs0V^Fyt zC0P2P(ZmD3hAs%M&-`wg(6T)NI$#yiJf%X{?_9K2!dUN|eJyBOdgD&eF}83ECNC`& z$NuV&%>*|?g$SXwqUjs7vpDf&rizfl_Vt}Nk^K3i83AmLkr`v!D=duD#V#_=d+>yE z1-PS?g2X!5quF=0*J8(35ciJVLZpu{h0*MFf0SgAY0Ntt&?#z;6|ry}YfP{YC|b8L zzR_=qJIIX=9M-lnd8=@v@cfOQ@)1L$PXV>@*&v<^V-*3@4L;9bn0df4g`8a;qMzF; zs;^&-n`(L&p)6pSf1gjJi0gA!)khOy?RpqSU*I&6MHwc{w>`s6pIZ3~4&UTdfu>9h zMyn(_UslNXE#aVt_4-vtH1jKSW#qvmIKUY-YZbja-)qnfc#H_Kypr5q!Xa2|K3`}l zTzwzu6ACr)eYtoQ?p$B%o@|RNh%F!9Eh&8OTpAEMsD^OO6%~G`#vsCHAen8h_b_hO zv-Rh1TN<1I!RPJb3Q@uZQU7`9?0nx6J~7m5XF3?iPl^xxWnOX%ADU|>E=%c-4}-sR zpNTu3tS)lZf^EZ>ray_7GF7aW?oG?xsk=_DEGchKd|lK4&@Do}5XX zd!I6rZ1J@#osSZDWePFrqrU=ASpdkp(q#S)GNtG5zjYTml`JKK)L3v&H|5evU{ z=6+43V!aPnkjtUgNXgt)n?j@O3F=!{$zzPsyinC%rlGXc)mCs<3m&ah@|7)1f$Z-m zFR1uke0it&`zMz8x$Nw@5)0l#z-4By0)4Ytxk+5A_RXBD8947G@Eu&Ko55`cIQHPR zJIuVy5hwf<8u52aI%E}ga!LI!vTYwy6S3IRQtepx$r20vB1d2q>po@S@I4ClgnHQt zTMXy^zCmm5K0~PufAxJ2=rZxWp!%*_8`ynH!pGHq9yoRsx#i&v;*+(?Ez8W;giVt; zQXN+lJ`@%|H5XD0iF_yIfZ!|5Ngg8Rk)It0@!ttuF=_~iQe%9i=Np3l@f})=OnW_V%-TRoACkVUo&8b|uP{VFi z?;AZz-c0L)Igb{c9RBtq&hG*W_oF7CNiRJ}UT!V>_#`~*vl}QzsK#{zMf`F$=!@ocPTuEJYA41kJ$~l& zM}?(&DSkEtO&2QH8ao9VQn%-qio)avFUbR#W%XxKcC_cjlL9*@?p39#66&`Et*vRs zYWCa>!@jlRiTzFBC0R(0Ab6fqi#Yw@+aj$f9UT6(j^tUIuY0mr+mceQD>9WO86qj21Aig>m}Md-ZggK#hsSW)X7vJtb-|1{a2 zMGv1kS+QcI^Dar$$;-(8;q4(!Cvjf$2~AOgsm`-iixn}gc;+>M(1*gE^Vdq>4!n}c>@ssc{!YxpeS z`#?%4ZS+fZDD1JAim88aU}2mC$yS0})(-`G+z*tPfgg1A(;s(K6ISJ{@`ul3KL!}A z3uNKae_w;}|06g5k4A281IW#K0geO7xT%7c%h_YRWlK9VIjkAF1`r(Q*v->7SVf6b zfrV**pRcWK=7r3`A85xnb23vsj@?bC^(UXnAO=6|T09dpP9G{3@ zlukAUpm-1J#BtQMKhZg|!*^=j1G(N(&W>j({cXAZG;w1XOQ#e$i6R}~eg0*)Q}- zPTRE76wjCfUDfx_(H{+2?4g7JoFqpsl+>i@UFsrsQrI8joA-BQQ&T0qKr zv0DAHT=+OSx%hi7+h7HTAGcVrfBaIR+TSVhCE-LWr*H|R4udo)mg?WKK%QfE{)AXW9;XGJ5MSL)Zd41+b|m%qipFw0W8YE>4C>bV|4A z4*+k+QS(pC=(c z0!Vw@4@$KFK&xeQ*0m%Vbg1^XMBtanYBl?>QoG>d{}DgD81M}=0ZmK=7$+{c&~jrT z`U?mW@VWgLKa5k(x z|GN+KcE$X}NnhP~_$(w6w*S7Cr#5e>3hc&q4#28WrnTG+0-3U6vqK|ab^K!TSquRH zwGYsqSE^Py0>MQ?bu-qufKx!v((vW8_`R(f%boAyI~3S!)VK*yn**Ktc{U%dd8|u&&N;=S>U9#OdSBK zcrjAfm9dS>Xt5tOA_)pC;K?omsAXu*>`?baQFn~bKxOE@H1m70lCrK5Is3S3DWUu zH{}Yb=Hf^M9B8g~0}%ehmUiGpe4Y5**T}^Cw}-Bibtf3+az(ZoU&XI7vnd3G%^o^*sxSg8>lkji(EtGbWZgjQlmbLd$^8g@8`>xLIcb)n`Uxs;SMzGmd7a|m{ z3*q~GMhV2N0HTXm5x!+LbKhqYxKO*w$)Uzi&9Y{IBox5^6b<;j#Q9;{wII98Yx`R?!ij~ROGl}qQNmnIWVW}2Ite1=;H9lacu{u|}t6RJD zTs#MC^z|Ld!~HFgPuX+$t`;2D*M3U<7)b-(e6iH^)W3p!9Nbw}c7!j@5wJyeGttKX zM>|xlBk0P_MreWh6>Fb#!TZud?6Od;IlJ3$TA z$Ko23T2@?z0TA5jAiXXmaPRbMD97k4JdXlkxCUeqsY1>yXsfs`#2|Hvm!(8j`GR)I z?1%RL?fBaSK1{`;m^V^h69J{I#ot%=A94H27nZ2yH{w}Bj?5q%u!4`PJ ze1m44g)=Fw_@LwC`XRin>x9jp*}iwFSF6^ztdA2luCgon541M{Dw{VfJg@qj_9EFW zW5+Gz7v%gqh|c{Jxf?iIT)6JiMl1QaHs|5bFEX1|`V4~aHqq%V{mCJH^MKL;q%E=t z12h5c*X~rdWSb7T-A$U?U81|E?zK?5Def8B&n$j<+$ct1F|Ny+5nE_qckipb@atRt zSsAzdO(;I_d*|ubs(_yPYRHf~q#E`{9Cu+ZH

    AX5Es|^3p0t0Gi|}H*H^!=4oW0g{zHaj^$Rb`+q|`g#DMf}- zhGNN~e&{g$=E#T*H&T`^LfcJ(5=tM<$?fb~{-rUu z2u?M&xB)xqSYR`krfV6GsnX+S9*|AC>(j6lsH? zpVOX1^ykP~9aFAyG6RmExiEkHlB98kE1gEpA1)LqdE5`1i;8@SFC?W`RGqk%n!*Dj ze6Lv^qRPHhi_V%lv%~lBnu65aQaNgDrB6@C*%rh`Uaz3K z7}6G81QNGc3pdx}$kf(+iQNR@UcP*|3X*Kn5Y&EVnCj!VRsFjATT@=7I3&(8S;lQ5 z$mTtx8yMgv8YOi%*$48CuS)7=mkUCB>YjUG5pBk`0hgSg;CW4m_sLaUch05gIk5Wh zG2`(KnYXZR+Dy~M?93s%?l5#3p4FNVbvueEF2YvtK`fp*sy5e<=?qw#lVm@!4fo-T zE<3iB%?SHPU2zJH$W8LMhbhC0tZ>ks?IcIs>WW$c9dSi!NZmHKZE+>A(r;^69An`t zz#VUJk7KNYo<19wr_-Ba!Pm*D-+6CO0_8su3`8TTj!8{B>rC?fF)w9}3hBF|%V%Cy z6d*wDBc+Plcm1r-nxvTe>*JrP8n#J9zPXx8gqD)^H$@6NQci7!SMk@!B-+N^7n(`8 zZAnB$Rg|70G&Ru~sdF|dWPCd%?->H{ycvjEIy)mCue=r@{=Q&lME$LySLi5cG!=aG zx#T7#s^lkNfKS~1+Ew=K4TRWEcKVhhc4mxi@F?m?7MoMG@JLla@OuL1Av9*=P*4@0 zWm}~j6x9dP$vhCf9+)LlDcBxlC1L8fOJAv=Z{=?^Clesrf80B7JKT`d|1@f zAAa1{-w++j@Di|f)Dldvwvd_v@e}AQDvUhS+_4(GUXc6v7macUQaZOTdR&u-1$wf`0Kavl(WyWtde=5IQi&Q?G zPvp(SvwO5Y3#B4UGZT)%8k^m)f<<}xvcEoljDAs;-y`j2VsVR6mEZ_Ty%BmBSz&qe zk|e|6x{}!|q3sCb%Rs;GgeKONlu?A*yYhJua{H#TBUw2({@aUT@k58aY8<@Ws!yR3 zMwQRZ`g5I4hL80a^p9iVxLU3K;`fFXILaiU)Q%B!G`9tDR=l|}RE0gXW|xcj6NqRNxt;00#cBgOawKWOh8~ssITPz)!voHHFdRl z=k=}Bf?}nJh>%vGw6cSM$`Y+bs))2MECz@oi^>w&0|~?pEo)R11cZoGDY6O38Xzcy zhyfz9Lr5eM!kQ2u8%ge+%i_EL%%VThQ!hT(BJW^w*ZMw@gp)d>5t z5GgQC77VnRnEyF58pZA8U8l2?Pwq$jc0!|9e!s6TD{^efN0PL5O>6K33^W>a%1(pD&^g<;4CY%744fGG`Kx* zr?i`;kD`kH^zZ1as2+_RXQ>9%*a+S!z#0~MZ=ZF16LguXBYmdoetj{$c=-O=it%xi z-KWcn>kk&80l|<__wZTAGGZP*j(JnD@WbQpgoU2^6L>%E2!sK;Wl(g)b}pN5+4xP4V}RBCocZnXS3g;7B*u;93mhlT zIE4O&{_b7oEuk&CC1T8;A?Oz)h}FfOxm9tDg@Q#!L=&WGb~s~~&>^cPyJ=@jnwWDr z>_GMjL~d2Tp6lfmp)$KS=LWancO=eC+%~|3b6F8&i;>eR#>I8M-QySPg&mKnW$q2$ z2u1=U0c?WPD<%`&e*IxO(Y~e_R~b7bnz9<8qkRp6yTI08Gl_K1=jC!_!dq%CCxe9P}~^cofCQFqNA&gFpfCjWNa_` z@JNF1AYL3eLoij+d_fr6{JcjnTeX{5KDqpusy13N5uZ@;K!wQl!a51gcD2==JwkEp z=ZrsGyQ7b68iN>IS}o{RQ9CjZn*K%~R9_kUN5?&U|NX6q`D(w;)hm}z(pm{)+a`8S z=k}~g%Ki1*4gVw;)ns1+Sa`Ys;_$3kyX5e#EmT&f;AGBTGd@j6-{;Hi;6+NR=E3mE z$?p6+%CN3wrPVe1@c>pl-<|KE3_Y41EZ?I}sDu2hm8#+qr}|fO77qz-{;Y= z&%kXufV&=E%Qj22#`m&4oik<+5w#qF(#)k=c35<1=t4)Pc@Juh`9UdZkwYUK2=jw} zo*!!=9QX~E+6tffqZq;zA!Yt52abyi4K?Gpf>0y!YF7P*Uj{PG{kJ>I3Yd1QJ>2O9 z{e`m)-xyeRkgxTwQ@s3dbLCe%`+q0$_^Z1c{z+T!e|wDi|7)esyXDwKhmsQ^5*DnH z6tSM=eq`!Xdm1%^xm5g4!*Q-3c4ifC#ni7Ho_965?w|%e2rM1MYr}B41Zv01UzpANL`De1@ z4lg+ykWICvWLFrjXYHFfIzerr_uclHS@-l;W0qR7+~%m~$!8#e$Mr zoHuKpMP_ypat}sa@%G-c!{j2Qq;a|2RkyD>!<*B^ITwPPXxAeIlI58YiGI}t7aqOf z1MHJxyuDeyg{MQ()HQBEG!CgW! z;TfuC5Gu6VpZ9nEx%TZ}vB}i86SQGEs`B^+GiJV-WS|(WB`> z`ni3c$qVo#Hx%A-OJ-b)wPsnVhe-tl4)A$2#Hx`zln6yz__`?aBwfGMU6yZQeBy+v z2DUr_>@BsPNa;ZEPhl4Zbomfp{7%nmLmYWsAVzQN@sU>-TM%CbxEeMFbD`>X4dc#) zKLbr?wu36!s9kbw$}%K91X7UslH}AfKf)?G*Ut8Mk%$y{jBU$l?!?>ene zUFwEC8+fk2LWANhdDcF9(JFnWl;|tZMhQ>Kj->4<##;1h;pVr+R7|d5GV;LEqP!r? zk*9X`vZ-3vZ=QF;3UAGleTBYOdv))`pxjSS9lhjUJ=)u9uD=kHPn>T} zk^~-W@-(7XiLx-l9kj%XYOTQ-gz0>a(Z#1di&BP;GO@H(xvl2fr^1F~YQ zsSSK_7WIjCuzG*FM4Ew&q7L3J@REEi@r2M0+k<8?E%o@shiN0}of_(yi-JITx*@_c zS$>IcoV(RD+Twohuyys-a34lRko^g|HJ>RuKX|qMMRBQXB>BS*x%WVCe4&a8+Zdo& zK#-q|lEi-9ny`~h>EvML)m4bxnCZeTMd?0nAK+WheBHYJumh-m3x?(uVFs8S!w^~IbBlT5qa`xuyAaofCvnNOKGy-K*^VY$C zX_}{|TITjmVySZfhjA(=rHd42-=9%6BJ^>@DDx5uGH6s{vKF}Whyz?R4Dj{OBeQkciilYcwooVYr5*i1-}%R1Pk z3$qRbG+54}u`)L(enikpIwCu8D6^xfeELOT59S=P`qiGP!i^dzC?Kl8THNTwgX$!Y z=Cim*poS69Ch2w{197mDWOZ{O0hYpToa3G|pndZd%4_Y@R!VXH>(p?Ca| zJSXk%8?8ovfs>>q)W*EV;~HL>Ma9*2*pVWF4eI*eE5b^Md7kc!iea&Dj53PeRF_uw z^6*S)<6(n<@Ts;)#pjV=;Nhb3jl1@zWfUVvzGq^6`d%#K_pXkp>1Qag8HjgWsv+U( z2cK9MmK6CkR4tLd58Nk8_2lbq$O(yPl)0dD67;rB7^-8q=Zj3Al^!JzP3o(CQ26c_ ze2w<+u0yWIKD5@EX{j!t8BgvS&lZ&wU2bOWv$OZn>Q9BB#K&L!kS25s_t4bn>wbT3 z=HgHois_DjgHc8)O*)i$0fR&d@7sgqiV?Ww+g7zF)jFuNjJ(4uOJMnD&}u&+zE~Zg zZ?|yi69SLL0hfHArZ4X}t%A{VuL|$J@depq?r?c^R{ub}#Q-CYvL#n1-(b1^`h|cm!scwDyElCD-E#glKRV(pFUSJO=lLN zGLLWcpTEE5lEzAhn+?n!C*Vw~7KL>sMS=iCYxHo74j17i`Ic~3-rX-?rd$XyDpgna zti`&!xL{nC|76_Ynms?+K#ZMDx3Ld)vh3}ft$p%Xw`p(3PUc{H?aT72lo3};9>SH) zC_#SF8V)DjXnK4I?)4oqkZ~r2FTH-e&r@SbgE9FT9~s~nmlbc-jgqe$3>0VBw1y)7Q4ny)gHQrZP@dRIDjlxr#sbBlxeAr;~i+?kAcXAzB>C6Vdv^*zS zfsm1Am>fp)d4YKKbo^94ZT9&T}Gbk#qdGg~`qt^3vk8XU=4Tlgr zcH$2N)utHAP@=4>u`k&URB!Qjlt~Br-dCTnF|U|S4ZJp7@bjCih7EJo@ef}$NZV>9 zNxxM$7WzV+GV+m0mVU|<-@G|pq`t3l!v*)>rk-r-7vS0t_6}P{c<%wpt6W>nfhINy z;Eik;Av!- zp1)&eOhe^cD+Sw#_2bner5+95bLo(-{kABu<%RBr0<-qG%l0na4Z20uHiF)CLu1O< z;z?yI@;j9J$hH8ci7=n+%5d>nayBm87uYgrh$L8}81&Lh#P<)1D840~(mqHn?txB{ zN`Os!x&$g`P!FWt%erAlk8*HPXASl%g+x5feV#7RV8kjju6kZ#m)5i~hpT+&7K$7k zCJb>0%Syzfhbhixn{3hA$}G+kMi=8Ry-=4KtpKvts37kM?ob?1~bp-nJ~ z?xSxzgYRm*!hhlaz1_K}BNjJuv(Ohh4U-ay%UyNYZW3H|`*_#R18{Q_UaIGJ4@w^* zM?;yg6;oTR-y2DOis&Z|HGMt1hJh6OtzaOZs8=3xpdtucPga)(M)w#0dgjj;+QUZs z#-~HveHY^*EUFB_e`|d!2(a6m>+e0mcv$axZdZ0a1Z%j=kM>r?wP3slMw7}4EzL0G z#5XL-?b4^4^nh566~*T~vgRo_8<<0&3pp$l&{#@}!V^*?mt_7~!@;jajGHJJGe30mEGf590m)A0XC7%oIC zd}>$K=hEvI>t<2wakbL3G(Be{WZXw&z+=@J>tFY~r%skbB;aEZesL1)YFq)boe4&{t5V)N1FGB~1glZO$ zkkFE(hO@@SO!pQhBqX>sCvQ2-0;B8KxMq=wIo5;#2;tBpU@KHb{+7Y?-Yg;r!9|ju zSswI0RMVO4+O_gCtWMxe10F7KudZWA zhhYCh_U)g8c$oY>0qns=FN3j5pfuY7?7!%yB^B}DZ=UI3$VoN&D|0$Ou70Bx!~sH3 z0waMWYcpT`knFA)d1Y;gCK^i6eBzSj_|!u~7t`T7K*p{$q3hVR9fwZ>|MRQA$ZU-O zh~lPjP4b!pzvYW+#mWibvvop>%ImF6HtS#WCj?Ktu7YyBoik&k99yfk9V9g=Ymwyj zWu5Bn$zGA8(^c>~?{J?b0*|5TGS@Vd^-_k(X5B`vlXpPF1;v9BHWMe~I4>OD54IEV z@WzRU-CaRVcOm*~Su>FbGXS^+zgH=SHAM=nP~fP3&yeY6g*fSGcLQ^g1G3?xlBMT7 z$p2>oXWV{V#TBnPK4^tw3_NfP9>vr2sj$<0e2+0#er3Q9*~o|zQa-x*x)qGFenI1EQ z)V;(rvNBRvhstLkDnAeP5<@lD^-KWmCx0Ref8Unkl+jV%*Cq1y>J#2~i7I6mbuDU86+`8}kLF{S^2QJHq#R z&)HD4aH1$H@|Uto%CM;_h%HBJwIF4!q&&J4Q?YUGH&=fa?(2HX-`BRg-%Uq7K0yT4 zIWl^T!;LO#Qb!U%;Q-*udEt-p#D#;cL$Wtuq4UW(ceR>2AqliL5HA&GCmE8KE42$M zzwpP)IllW=gkt}jb| zMlCeaJw%Gv-ngqK6`XtU92?E5Rhr|4Kj?SkC@M1Bums(PBm5UUd4G=QfCc#$< zix2FI>zN;J@@5X+clOq!ycepJnS4h@;EYY0{9BZh zHqWy?4pFrjg6`{@QN~SA#W{x_WW=1OY@{|tM+A(_0CQuUBG+y_aDMSMhbQfl1yyhRKwMu-9@hN^hC^wLI%&^l^nPoN~z?~JTDEFTLg9Y>RmYNf<~Xx0qh;0f1gTfkfP(N&o5-! zx;vx?f%^h?99-Z7`R)$y{FJaA27EaBrD#ctqKi`WdGxb3g@xY(Yy}{kCit#FOU^~H z_gN`ef*%*=ml9F*+SxW#+qKwz@Q9Z)UHUD-VZh~M)q8Xp%vxTGHU^wud^XU={L&+G z?t^b80la{!o)f1MJk)7l(cK<&?}eAiDyYWB6-&IJ7;c^~(_xR=EiSVSYv~44!jH1Y2sl} zOnQiuoE}?-3mv1sz6tiL6Kk}rapjBQafXA@ z&VlnHKHiLv^Y^sjn?!-u{w<3GIQLmG2>^yzw_05pNu57BatHbPQZE$GP4@fP5|!5q zGoAI2p48>j5TVO&jTeF^;K=>4;x1BjxPW@0GE6~P?sNDOf;fF0udV~IjYkEvFhEk8 zQExO)!_LcK{qTm_X^9ns7$;B9c&9$2XkY9ZArV=QXLN9S23t+wJ8`l*-z@?e3PP;| z6%qx0M>8DsLCBn5zuu^@cc41T^8@4DC|~17#R8QSF~BZsk^)kNHwTiM%;#RYASFCn ztIF=GucZ5G>*!s+&{PY1jt?xK85pd5{n_B@WQZx@(zJFAA`hn}f*p`0wG~F}#g`eO z1A1ocxj62es6|z@q8wJZHoT|9PtX*jfA#u9cA5svcb5U76*+)fJEp+JhX4lzc++`! z_&icyu_b>{zSOTPxt~$f#vyaVn1f3NX?O4x=9UMEXXTM}QH;29^!8KX;5`=akh9CL&Y`9tlAiRT^>fG@9d1e zW3EIVpSfU`Z9!8TkEF2N1vGliY_@9+S8?~aX-rRlN;}q`bhpX*W;S)s)orLg)Hmv) z^uLV$kEj&f*AV^guAjiNhI+wA$?)cDhw;$?sT3RApBeVM;)ESk5)OPVWrAfJ$J_&! zr3k`ie}z=|Vq0Tbe7BUxB<)OBYnS%sI$g-<&u63{KbT?d_aKV*8};q##rH-q0@+@%&-_+1~!~?2fiE=qDY61cY22D(sO}_zUK2} zotVA?JTTYEP8;gEsmD;xl<=!0*ky9D9f#@O)3gUD!hwMt+v~hUQ5ST3J!~`z`J#gj zPx%10_A@CuhGMgk~k`xQs}Spq)R{lsyJ?)E4q9&tWMAt@y+_I ztk=IjV$crxE1&Yfctw9CINn@$DN)Ck{6wu}OBMR0Xm*9}Kzssj z!O$w!_{87CNALSmgJo^1A;&?MUxPD!7Z0W3w>b-}iXW;b+s3tw22nLce#?-lN!3Di zNbwo+C+6n74DsqjnIDr8iTwo!*IZ+z@-q+vG{4WDSB#K+*cWUmWi?tO(%8@mv#d9l zNisD?T8L6gFz}S_WeHxSCF6_Oo9fHH9{Z9g9u$-uo*Nu{dJB7{=Jw*ykX7_mCBZwvj<%FG1d!JUUt-!@K z*cLgXvE$FAQMooT2jQDoU&{Pz({V%3)9xgl{uZLjE>xm6QyP_H2elI3R05F>{Cdo5{HV=EVP(+d}>itv!(i@o# z^^HsQI3h2z;>LTjkv&sL)I4fT z3?-i?e>lZ#h4Hu&?ap>Ea)ZM$93%I(~^17vt2xo z=%Gt-y3)t%9`RKDEMaK9784X^fTz&CD4lJ3+FyxwGkS(ULR2}9EN1AuJPP5uY_9WJ z*Z(3jj;D|S{!)BlB?Z9B#z)7uZ0^d%ej4uTG#X}y=>kgM{YSV1I*#$3i&ABh!6B9x z$)BbvKhMfT1@Q(ayzTx4agoXH1QO+{tuSorM@H#NDA%0fz~Y7QVfLFkp8bI)t{&hb zbD@kbkX8;BY5yvGG>+f1apKge2G14f?3ytR%ILDPsr=)=c?2U!(69T8) zl1EfmJ|td%g2FXUJEiryTG#%Cmn>d)YzGz9035RGQG27-*7=n#9edRHl-*FdO2L_wrUuL%Oun}84?Kva4Q zozRjG?i$!RqDlGpeNc-XlSbAFCD); zN4>t_`OM6RhUNzN&*u!zfzzLQ^9ESO6l~z(0EWEuwx?0^wzqfpar6LN8=a?q#l~M< z`H7*wH4(e!a}$$GKH7i2)D$xqCUPQt)5X*G@|=(LzMZ# z3zkGiJBd`=FK2k4&LmVf(tAFVvb-#IzSiD-o+td~y)WFC6KR#cyq%9?I(MzWAKm0T zNPxq$ghv7Sn?=S`{T1Uaf!a3E+Cb82>R;4O($FY^pMm}^(BvrtY5y)=;~ruCyYTv9 z0{UOil%v3Of0yoRd(PayP%l-|FWt=uw3BoFOkrLK8#Ih2!D;G>4St8!|gwhyXjZ8_zwGQPPX^AYgHXEPIcw@^N2=_ z3&y8n6G{SmiqS?4{qrK z^EY>8A3eIO)AHy^czF0Kf|GeLEA-5gU<-FG>0#l}Ky;+9D4#NS=+1zo;WoG}txU}B z^yDm!p53`3!2D}lN5@|tp+{K(F&7w9_(}~8%LBB4;TqQ+dtBu{h=lCqRSWZ6Pmz_Y z#tA4DlFrj8ZZV~zW#@GU4Y)jyUXHLD(jlqsyw^Cy4w$hd#c9Cdrkg4ELgdcUT#NcK zl7Tv25;T*Pd|Wq zbdHXWZdc(MNRM?rwSR)k9Jj3U!bOSp zodWu4Y9(lldA{Fb+(r5R{686nOhTYB?@mVYnmW|%_8PWMs{U8FJjKy_g!S~XW)3!S zDp2{~kASgcg_n$!sRaKTIowDzb?qrUeat|;WRMl}XiMgTZ6WOHIsX0dHtoiD8W_)L zHT9^2dSm~SHj<16S#{Rc4&||isP2R`;DEIus+LRC!TQ<^&o&MI2@rZP9ggL~{l&dDDD9JmYDCy}H{b1+ zwww}sBr!sHLdlz&XZID_9#8O}!PTLLauRl4P&(|$siv-)5N|Ox3IE z9L{GgN`c<1ZoJE`#Jz#2gkO`$J?;a2X@xr$hpPQM??j+t(y71X>q}bAwY9Z23hL-9 zgOZX`xIjidw`=SytWW7fM*B~`FY0ySB#oFZ)Uu4XHj+nvGVY8#vsptn{b;cVn~6l7 zGv6i@re@)8F!j4r*GpbU)5Ej>sObbd&0X)$0PglOTu%&CY^@cC z-CCV6=Upy$W*rjg^}lb7D0S~C3$j>B(W|gG9In(n~Mg$ZJG zHlZ#^f%t3xt3|=3EiRO4t8wt6L+~e5+bN3?u-1ER!YFPhT3g7CeMNYeM_3YA-H5yM zSuJhRKqhEFsqb49P?Ww-#zLkN0zt3`xOfTH`@0}of0q61NDFlw&1=%`Li>^#+C56i zGA@G|#Z+-GahiH+5%UTMq6mP(Z{^#0uFG}&adpo^$Pph=5z55)KTW~H%vH$(O zk+25Ll5(p8a~7%$6SO>B&}r(r;m#gh{NK6d2C-a1`C8&(l4%vi&fkawJf7?wGT4m$&XBql-wu#VEhoYYy zx<04R+yv|QV&HYhqpS+2e+GQK&QNMUHC+HFM~6PhdVS~K1+Fv+;D%W5Du%sw0@MDt z+57i4O2&+o4L@HDx-BwgOUsaBaVL75K%)X15jhACN%$yh1*xC$`li^YA#zvm<#!o& z0=`m)KDFUOhhptz0rZtMmY99c#kE6qaRqmYz=0tL!o^-=(F;LcOti_bvR&a?HFOig>?iJf-EWY=ap1sQKu zi7>93;g0xbs`^38mI_hOuD*Y(Ms>SffIM{*TO%VQB~w&b;<6FdhWG^D z|0Dx{J5;pG5C08;eOaIzKwtgw>T*K_Wm30|g^(V=M4S1IX|mcC_q zlU(&y$AEmnxw%}7UYxd2CMM_5=cRF}3-Y4%v7NW;1DxNdt#NM6{z;L{JZ)U+*2g{x7=!|bP-EJR^9rlPV>}xvzd-HbT^y7-f?YpQbgRvXEFI&=j zBZ`x^VCQI*D;rj|iezQ4@jki&TfUG}T}c-Zn6$ZNFt}%CG)VN@G|>Vw-d6&S`n&tv zJ43ZiJ(j^dUG#Ozr;RNxY26fD!OF!BSN zgGP!#9}r$vzbD&7*D&BSK#4PoE^B+tM@M^M3$DKJo}vQu@xafPmS$YB`fhVB;_9g- zCUS4Ad`kR^kX+lL+w!-O^9s%VgP%h{XJ~F!%@+Xx4*lhs)vY08vMFMLPS}`I5Ii6P z>@afm`UvA0-x7U)?|ZQ#uq_)NgZ&iklm4exPIZg4wXae(Ds=e4-5=2p7;`4dqU%-L zS6~QA?V>(ytzGlS(xDDiql>%Xp0R~9P4?nPxpOk=J=y3*b6m`-Rwcu6HVF6NF5S<7mrrk;5$`8@F$t52WWdM}B z-KQD^6?!KOO|v}Io+y^#zsLUw)>GHaI+|h0xf{*7-^i+{7I%@&f?RAZ^k_1ZmVCeHPk)tQc0YHP^wfowQMF3m58F+>H@ripi zNHA8gCOAbOSiAeBWl;Z4EC@kPk6bXMTh$s&1(m_^El07XrD^d;Gff&GD0I>~AcV8q ze9A#}kRhN=N(&8Prg?qg{au)J@PfbgVVJ{H*@N}^JH(TPqTwKrAI2!_WJg!dWYlvR z9-zYJGI?Dq5V*5mUm3RN*0f3K2Q61jW0)pqLhF(4-vNNJx1b6~DQI78^ai^%u+}*> z*ZLC`J5}0Qx0v7m{|q%wkKbNrm_(s|gSQ*}Cr=v^*r^ z%p0U&dSB#ZDq|^bI!yX8?I=g%h~%|RIf$zPah+R}x#(#mRpqvO3J~m|`h`h^sYX)6 zY{Nt5QOLqX?bo$|B_tTY58m>fFsQ9F!VNVcN#Tbo(P{4sgarSYfptzcS2LuBu&qb% z1E>LBB4~JG&ABdy#QxFcWmGd0!kM;${?6J20a*&!G#B=8!(kQfrv92$^AOU&x(3Ov zr^;3vV-X&HM&oy!ax3rY%1*#I*$-VU27I>fC@j$L5aidzD7chi88@Vf5S;Y&_=ky{ zTv=f?5q?xE%bwX%B_i$@GkMq5g=OYO(Bll2JJUb5%Y$-y-MO6eGH34}3|2koRUylp zmliH>-B=uMO{D{{i+Wg0M>b2RSx88i%();*cT%CUXvUAP%A@bhz>Nfc$c~M@lXhNM zuPDU&`i%ehAhdHQ@+epVVqtX8SefKfu{sXtXt-RrXP`ofYD^DX@$4jg~bx5_rd<+hAz8e%HXb(GlHxGTeGOnt9?& zTUK?li}MtuYmfh$oBviRmPi}OJt+Y01SnKG?Kgl-tDcl`$HQ%St@qAdYsnJ|V0mJ} zm=Lss-CkQwjONqn>xw`^i!ci#3y0(P$TXh_e7-b46`H!G+7?8k*5n?*hVcz74wNspuFRnZk38xpjBb=Xu3@s++5KFYg(M?&;OX_A5jXg7h9+8*-f7jHn8< z#%{(T@C}k<_|__@vC+67xhOGvwZGg=#fouFG>f4skaz9cJ%js?Jnc89)B2@q(8t`Q zO?b5Ki`k4uB$B>zz0{;_9=MYx$+324E0POWCJNfvmL&U`?l8(nDzPK2#W_uP357me zcAFcG*5(P)Fj1JA7;a-)+`G&-DFZ4f5u{Jd3PO^?UVM)hQNy{7iSw}#70I6Sv(ryU zGuZmFq+vaW-_=^waOGByEn0bOC>_(Zn2M`PwzTY=q?Ay7xZR2#cxcKbs{Ds8BgmAw277An;0+ zK*_g?-A*j&h;{A@UiKU<#X526r32N8Jce+2+b3-=TL>L|O{R_3>6JLywMMgA&CrCmu>lSne@$t-oQ2HiYOEGpmGoARw>cEi01 z7&P=4jjrGH?J|Fiy}B}B@j`rovyTZfi-QMvYin1|Y9SYfD+^cJ`5kZIt6HJM5#$Ps zY8^;C+o9=(mi^4e=9)fcb*xz=mFL>;9;G*|08qDJk8Dyi#IxFQpTOQ^)GuZ;2#CDH zT)e!Zs^lz+5qHZJS3;Df3Lktp)K;l5Lm0i6_$i*%50I5lYQVLPu(HOb6P}mx`2dp& z2E6k#EAK^ge$TL257wAy{+tG~=43oHu2?Fv1FWqR#4I#7JvG_K#3h7aB`A!W z8|#QJbtw@p0r(NcJMv$XzJK}Mks0<|@}|33Yb_0p*0aAB(2uP~kuQ%F4LC;2VAazJ zMI)>z(Sw;Z@{TzbH*k*FLWLDNG1oX9Se2#Ubs$pKmA#N+PXo;a#^9}<9dnuUH=&YEJRTfij zuUE+%UTHoeiaF~>z=%NcXl`l1#Cdssz2ZQ>=&7;ugxSe870zq3&h}cMzZ$RX=2({G zG81$P(WYY(D^qTgW3+YlwSy{M6;f+IdS5+G!KCl}{y08HZe4)CMYgzJT{btwPgt+8 zTp><8UTRRV_WUF;1Yw_WoVhdq)gWFr(>LCrp{LyLi638uH@MHRsJs=&eJ{Gu&u-&W z>FN~=5c3@E<&{kHk1aCBIaieFGG|#LVF0o#3+PDOLEf+^%GaV^x@IR1s$sqADxZ$y z?+mP$OZ&jI`wH#9^#yZB=cCh`{j27jO%T1-f%3I~=5%y4V|eg(`;YXE&X+#!?3e7F z2H%Aqtq1O@+)FeM=daSIH*DSLBzX1_IV(;oNoyu_ZCy5%-V4$sS~xPqc%&_Dc+aNK z+)GlNiuJv|sDBJrWj8I(uO9Q@^6si?%Utj3b*5kEFk99D-JTBVN+w@b*gPpd%Gl@n z&RFqt3iHh?AjH5nNp}4UGz^0a+LQ}uzOLGAhclG=d-ifak7Tqr*6Fk^VDlbQH_8hY zhnwW-`t;~mTT(zh z-$|8*>3i(Ow~5c1n;6xZ=J1rDTvn79j6eJ4o_%NN)?N2AcB`cHzNdQf?Cq?k=U8q+ zbIvxP2C;Y2jr$UQndD%Q0Ur}qe5W?pB4H+(ojI$);hr!TGb4sIF!n$(*E{aTX^B^K zoLGubnlULZ&Q9gnYM??+^`{cKTUms!?h`JYjR=fa2_G_=rwV5t82oJSTD3`8T)|Td z6+HcRUqy~#^lD*71R*Plz?3&DBgkV{m=h4u1-gMj;@C3u!v@)Kl!$e@^j`Rwb8j}< z&S`MrV9$)?+EvcquvO`sST=~FjKMC7nDpHgB@>vu<7{7ZaGZ)eHyd(NmKF-Cpn zW`_wFOLZ!O%XB{vta|!&iG!;*Gz$iq4$xVdD>RCRajuVqeHF}p&8|yE>^{8K_Bw!C{KW2+QpkcjFXJUU(OI8`N7^|;(^kG&%^d6 zpv56svZG~z&hA!8ka+5<9@8*hX>-@UNJt)Uf@xQ(T*8i)>=3_bpw0AOy~%)dHRs(#q;>i9}jUVok>N3yXxo^W{@A_vxrby*)BqUoCxU@2M z+ZEcFlTzMRM&A|pDpRPN4z%FH7XR+p*)9LNmHP+#X1ZSk?qq{TwIC0f`ZoSr<4`D> zyESGsBnR1jbS31dnRD$dJ>v;i-eH7hVi;QbOAn{ zc$pmXaL{X){;9sFMG6$%N#wy3GqNThN_!&P)WWQovQG zdcW?B)a(xjSw-IQeXr*;iwXJsD9NnH`Tf#0>(h6Z(acRncRYYewvh5GWCYO|0fcWY z@Zg`h_v5t@sQ2vQI(c+db~7Y zI!A=|=P=D;Q9*~z`b`>aoqBcx6*});)w@2*>igu$Pde_@A)jS0zKNzsE9Tq5GQK^f z%zkhOqdH$!6=OfxBE&uk((#sga=Pg9*GfiER9J-Jd-ZZVIqzNx@z-T0dlff`6K+C{ z%-VHr-?(|DD_wh~>MW7AGoG6pyXxw;N);aO--#g|MyoWSy4VcEP8UR%KHT zu<_L9)H|pYtbIqp(l99tWAirVex@)G>?|ZvGk*d*h0*6nS;y0Smq!W|5Jy$!E7F9A z?GV=H6QN=3z={UwA}f>sI()Vci8_~Y2iOokH?WOG-2WxlA)9`yDo|Qk(f-RHrF5pi z#4#bojIX~He+x9#3z*NnI-7&MCPS4~3)J8-BwKhnVuRY;tsy50X!C;Xt%EvIF( zL8`76e%bh)gGn9Xo79$m*!X_c#%f+*ZF=nG{Im4Mzwi67<&1tds^PfB?ayFa%lKHS z{+(bZFcdAp|7HE;<7x4?l9CdW+Vwb!oz#uM1v@5k1Ejfi;&Hz7YCX}{d$0^X^rS6D zdnVJtoJ+MJ-uQ^@C#_Wp5n1^nr4&L5$t}9w&O2(tw{UsI=?2PDdW1Da^x(~dIvsyS;|Rmd5#0un}Q6hL#zPMO8IB-YT53gU@YcG>e!- zbg1i#zHK^#DvwRY`YQM>3;9oAGpQ#XX;g?b!7TAfe@uW6ZHbHb{xR^Nr9uKyX9C%V zBL-ZB+D4O+PibrT^xE|ij=|wD+}lP<;JzSK7dtS11gEuhqR4s z0I1%I3WHLbA0}fU!5>%RgEnhV>JimCNjwb>sU!GM|ihWFDTU=4ysXrL~A#}NGPjf+3J*C`v zF!b!Ye%oR3Pt|cHtG*U^{6s)>J@NS`_6c^>f>B)gpdZp`##>uxX2bt02w&Q9c*Jc} zQ8@z{D6h}mxgzdvpnnB9Fda+K^gh0q+;n$1)bMVAja!{0-c3ZMQ_A)m?4=LQ-5~!A zhonD8r0rHq>Cp_k?ah#q33-G&8Kk7d86E$t!Yp+!y9*)WA}3Iqqe*y^pFD?KSoYM^ zn|Uj|b7VY;uPc_<-Xp~`Q-h;)l4ex9{bIG}OA5O0FAO^k4Wr2{n9eNVpCDxbzlCoc zBhC2^bC%40mZ!q~88?&COtqWxjJ+!ZyF=g}0(0gIZd(J{H{ZPP+~NHD;;L59LqcFz@=NR)n)_-%gQv}e0=PakHY=M_kqPEOQ1Kj> znf^zd9&8&~lfScbo9c_bgy3+*#^PJm$PD0rT7_0w9P?V<`QpXZD3Ud+DTL;AcLF;3 zT2){P=ucpIv^4+UhSaPHtSMA9`zyh*TKL23f5n``eCcW4v#n}f*eXp6RHbeOViiF1 z^62}Y5{q~zg6v=XKYRcGH~rrsaLezjmp}ZR@j!`-Urh!KCu(Q?;bpw$b3iNg8od06 zh(W`{@?WK7{5P^Y{1{N-xD%; zFUqTYk0vT|my|_#%OA@9amKX6e~%<&%M7#4619fO=}VDd2g}Yt$Ny0w;MfdGDm7RaM)5#$yKeA#?aMo z@6OakO->8xYFGpUtnOY&=HIF9I<9jWM|*8-SnoX5XlZF>?}vcJ zJj?ARg;y?vSF+OH{ym*((;-*82H9Q9PY>?5h(MM_O7K%J59Kb}a)so$msY`DtgQ@@ zejrUriaQO>c^2mO&jq}+RzgTBge`{0B2V(Fmr}_y8XRetVmk&~EQ16M@31A=1HR8oezFC*eF^c`_G+ji zVFP_)$JbRzn}?xQ92@e#m%R_nsL*|E#nx3ywCyrjReK=V%R!_R>)#H1NMd%gTQt_p zx4tGl#SFbCxf&C2SB{l~^}@}={!hvoRrR$6$V~>qjkyElo2~vAY6NqgYI}blOrwl$ zyWdYC>Df~4kV{XiTx$wH)qAYWCufgL8Q8F# zKE)2DM#)=^a_cKHk)WX&O%C!h;Lm*)q)M*4YWj6NMlT((eaq2o>2!ZyC3@_XHx(_V zSxT~#)xlmkpo3hLkONSuHl6G^#|^X=N+`=nf()Z-l<9*v&U6m1K?Y}o+3ovv3NN?S_(zL&3s)I~rLe7n3%xPvpTkWDy zV;t*%sF68q|8UKT9$jkwzGqfOm;tWejw z4VCHnItN+i8!G4(3D_kSHjZsOd06J;cgCl`eA-{vgA=un=w7%K;?IwkX4t(N7jt=! z!?P_jssQjK4-rSYdO7~`?5qpCMEX_XFKBz{bheAJzNM~~B;n`7x6DT|9VOU@k+-G2 zL)v9d&At}cw#(nu!n)t@o68$=n~vP<<&k^`CiF7|xf@_G6mEHOC3V5TBg4b<=7-MCo4x3geY#qwlkn1G@W-v=&-CBBWn=!pqY30>-A@#*V}V@OnN4f zF}`ajzQ!~}-&^I_KoxgZx9FWr-bBdm+6@LuW zpC!}linVdYH*8G1#mD^GOHX$MCLQ{A$n zzi%F0laGfWV8>3FXt;mFwkBvcG7Gp{U1Eoh<;_H!7EOHDr5>2WpB|$3 zb@*qQSbmgmtw%=ZuEt<0M|ui3&{33y+M|Szk2*q1>ZM73p|_dp9p{LChY58cqv*}v z!f9GW|EOY**PvU=uXb#&^s*)q+NC5J7*GJ%XwxpaHH8xC1F@J<(Zq`jl)Kk{v@iw# zmf{;~er|FMjJ9@5CXWP-S{i3h$3{`MbmVqF&3ksAqfs>8AS&Dud7wpqCaL)uEpI;q zC;E8F1&?j=Jt_qH%6#q~Wj$K>uKO-$DG{A~3-C}WH7L_g7nH41lH_Nw2Td59dsPqa z%;3ykPQ-uZDHMiPx4N)S6L+~>1`(Y^{jjBRXGL`}$?!`HzmA69*$cpXv_Un*`vNyt zwVpH!8|C&-wtQcBfC$LI7R|63&|Uyd$Hra(pW@iG%_*%^jxlglByeMc_E2?fLLU}% zRXWt9N}BItwh`T64lQ!~qd?Yd+|*umeiy}`aCm()d!kt(M``ePTR2sbQG?|FJd&`H*TWYR}0`pjz18I}Pty^fX z6sdJ=12MtZ#L9iGS7VU${Q>p{_5V_dw?|0JbrT`)hvJCK*~1HeWid0$>hva~v-OZO zyjxrw-EW*FQ-AGuv!Btqi;Ve}Rg67%FjuaU{{&p2X%@&H(ZuXjfEl|?3d%(f@5i~}%n!G3Uqh%c>)=2W` zM(g*m);0DDddZ3qwfOXFaI}B^**?_*#`J1lZ_k1Fv7edJS6R-HA2@GKTpi|#T-Z9& zwL3|?-33wP)RJe7B14-HMphb068xTB6Pe%a+;p1|=@Pftm?puucws$)AJH+~hm~Nk z<*Me83td4!c4`2Nn}ZQPj2wkc_4brybk4@c%kckx){I=jYF9XOE?PUzkBO6`(&!Es z_UHz%OO07^U-iSZ$!sI6i)}LnQ{=(a*&x?0C{%I1jLNo*@^Kk}4lUtQ42Yf0Rt>Q- z&a^Ziqsd$!UgQY(R!;M1c}YhzmnjX&jn!8w~OV2>f zTrZRcwa{iN!?9Ps9`k#;7TGyk!NY7Po`rKzO4uT!6K7&O9=SO^@E>#?2<9ioO-DOB zlMH{fB@dMpVD+=WJni|oRNIykoS|(<#SFq7iqRaI@0}gilDhV5}pjZp=Q6fURKLPz-4$DG6A#Ab< zSr*1mj!4Sph5ph*R`a%SR#a5@b!B@k3kUcbtX2Gm*HDk0^M0{=oFnSCv}rhT+9v5} z0>p~-QCH?cA>h>t7E|NZnE8f_jOALspYW5@J9gIDDOeq4MO;(s?-*XD9Iyu#^4woO zWU-K0oTJj#qi#3UK!_r0^kFfKzx!k{7q$0zb1PUrn6|GV-B{!1>Ap(zmXC$)p>kOXRZ z>%;%aQBa%$^r!^BaC{O-6fRGcX}OkKE_arH7k8T{2vMr+;Wr;VS=ou&s1%`0as#fvVO+XE%p=qb-gdcVz)wvl#PC@VG4hlYjUA zS?c>F63L{>x&@ZuZ`2(5nkVV|gm_%-$=JsLsk-~>Adahha9nL+ePA48QnvJXSypCM zgc`@c>eAbrPa`+$*Lv1Z$p{A74lW%nrzA&)ry;5;Po@qTS4E}{bsskulL6=-<3Yet zaw%D4)6~j}G7&bx zL@~8vx3Stb*S{|aw*2x!VEQk)40EBp;m5GcW!*+sO4f4ZzaodQNZ)4t2A2~CYQ89ml zuV_ok0C(ViM6Vi<(fS!k)*-6sTUk|WAc*# zudm1Q-cX8CJ|!8bWjVJeks_NHK8c)6R`wOt=Ir;T3=+MEt5!O%AT2kV-P0~XtwN9c zh24tK(@WE_9LTRQIkz-;mdzyh?kH9MDNvYBV_ut7iqS^ zAx(*%VWyyJGu2Ai`lMeto+Ezx98I3&NMiuBzr<}abbEU#I!z>J_MYFB>J>@IwEnT) zN*q(%#|2B5-($C_T>Z)5r&=q!xun79)%6B-;r1pl6o8W3pbf<$aa%T*ar z4&#g*k+3XX16xmU zGwqMxf95*3jK03(oyuH^QX8LF?0fv^phsvq>7cSk&um2&wV8a)H3b{_a>gar6&T zF6xKey29><1$KBM`XibqJ>o`q>&+L7!QoOB&QdNq4XW;C!Kjm=r8bwE92XL&C3AFz z4&_bg%E!s63i%Sw_+3tGAsreM&gS4>Buh{t`RJ%3?p!#pN!P3KBT~j9!tK@avMc#e z?}0E%j#mONmlQ1Z>vZwLK~IPSIqlXi$ym>4O-CZD+(&+L!jLF6uI*L?>F=onrKu~I zuX_Jd_t;yy*xi)Qkzsu7z2o4eV?7-Lq6<-oA#nzZG9OJrAus7>aK@ydy|K6hGnNNI z=a|1_-k>0eS}RS*NR-p4O+>knWpE9CL&ZA;xo>dA4Y<_rk@BuvV&z?Mk*bWOOm$}4 zoJUWq<(VnwQLY8JbQa#_F6_zMXP_UKR%5yZw{AX61M@(^1+xo0fx6ALBWrT2Yhs6< zUv`Qy-^Vj{<})cJHYuty_#~O`x9i_Z0<(K@n4^#okxhsMsZ2{3Swmid`Bb zq-Y9vGkRdkONnBEXph!V5aY6G-oT{g?HSRG(sZ@_t#}AqBE5>4Nx{dK zv$d6lSiO8d$p%=NQ#3KlJNlF5D}` z*NY2TPJwp~R|fn~uV8n42KXdf5?1?RzWFVL4Q`)-#^c-)zo|^Ju4U^mCn~^< z{DV|#c(S-Ze*%TE$;H^<;7x`NfxfjmUWa6(HT=70AnJ~K7b-;oYxV}#^A%gI=-|8W zdUp~3+J659&{M98mhgvJj>(p9Sw)oZB?>6`#WT6$>w9z~$a+H|0>><#OCNpFZ8~rn zL^oc$8JNHT2$ntaF42)>HF*88G$hz?)k{^^*t0aP6E7le*zKJ6%n0ujv_$=8tIq{u{bsH5#DZ zxi(mpY7KWviWAulCw4?C`Kv73nSdi>JzZ?RDe}t8KkQ*IqOK8_S zB}Ery;!E^d65qaMKVi4O9U``l=PG00`fHRGe>9%(I`oZm6-(fQYgB9_O1T-aGan^a zWg=5+Ql`UtARtBMwFW9^#mbeV{Z|@nYbxFMe|yhj<5x^8l}}3;$dQ-F%RdVh9-ir8 zlSozra+&lEp!;~qhWd2~qwrgmR_@SokF;+fk`>LD-19KN5~_!qNLztg)zo zzGXQzT`T!U)M~7KjoO=;Q^f0~i_a{mF5mzmlZR3)IKnEP)cfO*oppn!5C zH3ASUerNiaKDMS4A{DDT7iE*scg3i=9-%H;IL_3q5B`H~U&S)D;$kDH*+wI*?6b$z zbAsI3%Y&Q$SVZGhtrq~Ig1i62q?3s8@o|T1Og%F%-x34WrlGdPj}eEuA(LMYLF3Ew z>^*7dzaS(0p2JAsY4bbwzlyU}be{~Ur|&LA457;4myeLbE}h=!#%rkQ=7rcyXL3Yx zBAjt5VO-1dB$p|&xuiSNx+Mx*M37MeDgkLd&UyBD}}4z?!{wO1%DI*Jm< zQ>AO8<*Pl~J0=1=$uGabYuu+2P_qAnJYu3bx7z>L5xSV8tCcy?<5C*_X7#la%`vwr z3kPOKs?W~R$q*GUMTqQdP7}BrBDy55?dRb&!m7;g1I+KuN$gp0(*5AwtZ+~i|3;TE zuL(L4KS*LGJ<2%NL(N6@FeqrA49KP(yM)%vMJ|WK+O{)vCAd#NpWHjH<2@)N^~f{b z=!u-j3a#Ov3K*1CkjOk9Jy_J(I$rBR6@x0>yzzUv0lF@A!3~p{)03VxKJft-f&X%S z&QeqIirI4wM!~x^jcY!61Gw7dXP|bRN^qcx!A=LRVZZ$0%2LrlPG5@G{)$izxNt7{ zM8HoS)g-mMS;|YLq^w1Vi-pEXo3N+bUNS+2&NsE%ITf31c#-=11~a4j$|fpa?g8^kh^P2dUL5|L-T1?-FP*T_)fumqAfAkdrp9S6XFqGipx3zU{!wM& zCU?h$FZ+uh*jsfA`%YV>J0BDQYC73!QD~ROvrm}~*l+Zk)t)x9iRq>=YAZx{5U4qo z5Zr~9?!v`=_u-U8E?5uZ?2e^2!@>YbXZ?Uw6wGRGEhKxg<;+{}8R9bep|93HB6Ak3 z%E_ErZY%xM5xiN>@8&8+Qfa-j5L! za=xw}ekUjC2ub8j`~ z!-I*OdOtJg%K(qTQowb5C8nun^-$-)>F74EOIQ9LtJ4vj%|zndRV|~tuPR*=75GdM z9R2sfKP7!-9sH^ftfrE^(Bn)-AULJ8{bZ=WrRIc(dA^H82DTS;6FDC_~_Gk_6Li>z)QNRH}J$8)=7=V#&D)|jPnS~ z`ez7dANI#+P*B0mA+a_sKVW{PC&q^ARW$O=MVBl;3U__N@JMC*8R&LWsDZxbif2u& zeuPNqkzhQyQzBEg)v~3jch{})xG8YIZ8427_s(cLR~-a4-D$In*HMf}+AKX0<5^lw zJGBn7rpRO*Q-Pm`nhs^5qOv3bunBB<(a+`3rc_>xb6R}>#e*q{dLKEDUwsGev`zKD zX!s16FR`XgBsi&1pf{d@j`PpjB!$I6!vn`TQdF;Wt?7c!+OG9VzGp`S@;rcDh`HEo zb;7qpmjSjzI`}_GxFs6;EdJv9)vdB(^+x0*HL=bYVz9|IwPM*qxRatf9u@Q#R~aVe zqM-altCEeA>`F%jBZX@#9@DLv>mahD8v5Xm>|YPRofVaK0{x)wuyv?AM1_Wa#F`<@ zpgH8Dz_Hc{JnqhbrOsy$-f^8#+-a{>X{(}=r|xT!$k;4Ka1d%Tg(cC?dKu;lq#h_VeJjcYh2rHt~d`Gt@6a-I596{+$XqXE{762IRE7C((N)@@l z;!~qu`58)K4rO*8b3CPXgbUfsX7R_1 zR~|a=k>7`=sV^wmXZ!%GYFS3|uz;DldesPCw?)miN_9Z(?WC-ZoM)lMRA?XH^#0(c z-NgkSG0A$~(7e-Z9p~~^Y557|^{2oEQBB!%)*+kgUt(#Qv)_IVB zQ&wp6GB#kIGJYwis?zV6dYpcD2^5Lf4_a(K1`nh%VvZJCVB4)@m&U2a%Yd)*#|jJZ z0IzS+EWN;9rxv7;EIC{W4T;apOwXWPsVW!c+?=X?#OyPX0hM(QZcQgcvhXF>4dAxK zSM<77X-R==dZ{wbAo$LSlE?=Q)6ide&9VC>`P$;OWo0?K?BBcJ3T(M6{;q9}r|V0z znf=m7f{PHnb_ih4Ys~7B~BPAduzYesuFBj+m}DAkEBuDt=uR+7&u{s zE$96_DI3rhSk&RE@&X+nA&0*kxMWZM@EyP`TmXED4(SEGg{e=E>T?zCiwsip)+-_3 zx0yfa3@k@eqH_01`D-2YSRe0@lFe*!&iVs+|7ySq(eZeJHxhYjorBMIF$hdQ}=K#&5&FpyXhe1eK#@VW>cW?#_6xaMxku!Wqm@>ay)Dif?Gmj{yT5>x;T%(a*#9?v?dOvP*k^*#8s~5XZmV zn=L40`S{*e4~t}(t#sM!&7A(~-m%T-RTiHErc88kIAP4=qtF!>oWgJbKzOb3^e{?j z`>q6&w!_hK>4MggCvf3aVZsiZ)H?kKQ11vUDZvUehKfvF+bwek`s8yTL>b|X!hihQ zZO>Yl8p)6+nNid@tpOfKeE~Zha+F9)s{-YMiNw+?sug%FDT%>gY+3?Iet!dlRM;Zp zA@v78+Bs^98s}8RzgAE&xI0HOk#xE(9M3?0;7%$~S3!4$dGkQq$Ae(f@H@ycAeuW^Oj)8PZWzo&e zTe1JXiMP*7?JDx$Q67DS|k5(1%wPAGxg4eGu3y>Z8Q%qDU!tJP-e|3XrrN;E3yLrUB9)!mV81H^BSZZ2nI{&jt5hQ zha8s^B1TBAb!yJ{J?}K1qNs_32W)bOffS|Dq)_)Hsbbi5#cs8p+Ml3`p?RzjLQ;Rb z_dMISLs1qgf@uP#JV?hfSG=Rj`<<^idv6Auuu;HP@h}%u5}Eh%ZaoNkQ_mS}Z=k~_ zdI}fg;5xkX2$-GYWOv4l(Y1Ky$K$EeFCEvrP@ftI>&HyJsU@!9nT;@1UDXyK6#-1D z2bWv2rh>j3_;g@tzDWJ$GxQ{b6=%7~B0}z!wLB22*tHXSb+Zpkxio+Cf=Yh6+N&&K zlcgksL3!m;U`LvjruB2r^H1sCZs%-Ngjr4Nylqus^onWS5lSrLcjIGr+!PKeS7JS< zO>%a7g!&uCB550giLca^VKW<)Eq_3>#6SzJOx2S1O^lyn%Q?Qx1A`ug0=VIg%@=7*--QqnMhTs*EoJZq?hpkPO{5%2jAM`nk6tOeI6s&UdHt?dRsQ} z`DEI;KD26W#v#5POHvUIvk@wNwKd0gYoAe#9)o9d>+{Hegfb{Kp_NIgKBCXO7|G?);;#gD5rmi}Qbn@N6?a%uR#p;;y z%Q+Gd%ZzCOMVDxK@N-v-OM^MUfruE(+fn?qR`b(4VU8x=L8f!b?B?yc%B)t#9(kY( z=*`fsi9tAOR>l(oonlk;&gOuG%03;F`$27J-UmP_ybZl2`CB%l^;xm>yB$M!G@u?7 z0E#`R@|{3_Y=;!lKh%ku+X*K>#GbIg@$nyt{~x4@S(uO5k4(VN1}^?eO7Eydy(h)e zI7MHk9%z3552oe8kt0veNZ2a;oqE`LlIWS=b&YYir6l(J6Ah!+2q$vyDcGycYjPGF zswn@zcoPFn9*Hci%kTbY`~OiUXV?G583FoAJNE37ulmV3{TC&+{$CW?e@*!7FX)x# z*v3d-x+=2n?v9w3ghF^OC`K59m>c?_oO&Ei?^j@jF4VE;tkpbwmVTzOnC;fsDr+s9 zr!0U+neg?*HuEJZDTAp(vNUL|q*E9U5e#tG8z#dZgz%)W6s)|rXDv79wGWj(P(#H5 z`86N02R@IqP^}B|5LOo*dHx@_JX*b}XHxrH4v4pza&#V}`16~GfEbqXugg2$_Cjg9 z&bm-}r=fnW9i}u<4A8aGTHY5+G?qxP`oXw$UIq%j^9Ofz3LJ3sI=Dlv8m9s3So^yL zHNlrM_1(A8#I9X>07u7>8L;OnOd_!faO-WWT!2!SQ|2DKXq@4SRpC2ari1}daPV;Q z(2j`}0ASpY3m@bN zs$v!Z7p}Y_6UP(NKy}66PM3;JSBK3+RQhKv>C0f&wql4#$V?OGn9mHh1cIESym6Tz zs|z7~HWJV*>DBXkg^BuL?;CARqiq|Z9_Yk{Y&2|E!=LFly~yaYmHP5?K(VIRV0iF4 z^`M;0VaJf{Qg&DfqH<-zZ82KcqMX*ctS;B+a?QJ(!q@gGrknjzab}1g&PSEFpGObo zZhc&+cIn1YQ@d9{y|!}lVWF1jV;{pnJ)MIBmc46ha9e2H5y{*xI5ndV4jk~8R+#N> zk|rZ(5dCh)D_Fk=y_5MhU3x3c*n?8zskr_#)>VMn_gg%%Tkk&{8bK~D(A0T63ZUNS zMQviS%?~?KZE}YoRc~eI9Imcyt#~YRtd7>$m8``f7M4PN?c7t*0Y;=;mbXe+4#=G& z2V`by*n?-iT9+m_v3|^Es;RaiY{Z7ZE*F%$rQ%bzy!jPEV<##T4I^8<8xmje zhYfbFV_>devb;UGQIbcP!0!-nMf^t zsp-;;5?Nf`t?m((LU;@aX1SRjNw0aDNVM)%Gt&3#?kL%JqbCyC+S~7L8%z2FCz1js zeGW}Q_%40k6l5m{T~t4Bt0Cef@3w+ht6Ae4aMYD0MVAGrbKJ4P1-&j>9D0;7)%5)w z&n)=$t%5CY;&Xo6-q&qK&p4#7fbEMTb-B3R_TwqZ!ULs8o?rYs=gh5Qp6<;wj|}n`%|8U2qWGdE98AAb7TVHFAAz z*lNBEK30eG5vzO+>%2qT^bktD5pV>usQoHmsmvO$SEjcS2zw;Vi7wXnO3Ub1I_bcq zMM1=ynFYw|(#4TW%NK`hzSMKGRv#NK2RT;(o|D=*3UOz330pXZ=YV{}xJfx0WcT#7 zE#WH^o~AmaOm^+!-DoauwDy+!x8kM~MK_l^tBGV}apC$`o5i>$sh`d+bqCA?srnFc z)>vJAgdb5OLVfAhbfI=>+mG$455JG+*H>DYx}LN*sN1we=*x4q1<{Kd@)@8Qo@p1{x0Yl==c$Y9U$kN8I^V>-9JZQY&k1mx+mNo@6QEDW`* zduJv054nUD+my*VG&CI~w4Q^B9XamIH)W1n)!IZVxy24gL!{QJXq%e*1&qh51G5O& zVB$rEPL$ko6=SYJ&_#~+2R8dSYp%YpqP1#slqhFG%<^KNng3?bP-8AKx=}0rsukUd z!jNNC!BcS>d@)EbZM?(BaAf89xRm26ZL@N9e6*u-0~#Mwx5hos{9NJzX}4_p7G_mn z;c+OVKQ*}crD?mcmp#{*aLj--Eri=IfW`PT(Zhy_>BpR$oXO~fsYMi$x%%I7c44>CyX-mgN_ zl-jd_KbO+3L@a1t5bB<@ZnE@b5vjBMeU(~dzibGs$!jtgnNA>Eto!NuNz$J7rD?O? zj|T&b0r5#U45-zmI^Xu`)cf~AE1{D*JR6L#>TJTZfoo&+?Yp#D5&r0s30W1plQy}+ zg*qC020hOzGiuM|86)-2UNh-LNn24|i|f7Xh^tB%k?sd~JxriHo(<}C|xFi3OiewwnsP%B%*vQZZzn1$<3{#q{1+r-EzO!a+t&RquFOFfhWn(` zjk7#@a(yDQ1Gj79yJgikTRF6Kk;oclrDO1WhOMQ1PloX3N(+2xs+^fEVDdA_D<#od zXR?bPuQEOLW=NE>Xmh z%eXaT|AN@m@%72+4Z-VGqet&Lt!rO}Jz8=!_$}Jwu<1KWa~v_JJKi5zJK4``&CidJ z7EV(xI#+bTJK60UyrV{_S-d?=EW`PV1Q2yU`iM74ybXJ#D` zYaPz<4jJ;VImuI**NXttU{uFRJ01Uk@ImeCiUn$0RAeHOY z9?Q5+DxREb=bx}gfG(k3yo4|VL4oq-p)%we>n3)Y6!OM!SCtDLjyCQ$P3GBCfF2o2=Z zU2SkaSQ|z(hZjOR1yS0CO0h5!t(7&+SO!YE+X)BR&rcrw@F|KUe3082C#2+m1*E00 zPJEj|8jz-M`G+ualJrtfQ05zZ0Seq~EP3*9c3WTBzN6enzUGYx*RjHx(p#PvldHsb z`!R>m2_tT>E9Ox{hAL)Y9*v#BTCbOy%6px}fV zvn=Ms=a9(LlVzreim}oZ(H!PuT&$igYdO&0?rg92RSgfSr+(Wb=wOkwC*Q-PCF};7 z9Z?cLqe9xkJ(#)XX=1OP##Jz8t0}B!;c1=57qN)fze>MrK!f}Z| z&3yLAre&~W0<9bntF=2BpCTR3F0pRpSN}@F1v| zq50jB22!VWZF-k1+Mr$>`h2w%b>Y<7IcapOg$;1#vLy7;2>+l-#oBchlYC%V9}_0* zZvg5%Bh9uBvnY?MNDYRft>-Rt8wFgd#>!sfpm5>M?s~t8Q6@c+87G8G(J~_-8>?F@ zb>CsrEPx^wXKvbinD$berP#JIZz|pF2@7;g5CDspNTZj!!K3;xW<*<3!dfoKQX{E4 zkrs$ycQ3fAtuDOb0-bqUJQi~IiK(a#*j`pz5V55B^}{#ev3$*}383b9(zKyf^J0;R zng2!$_TFVs*3S)c!LjV!U;1K%W=J7AxT3X*B+PmD7|gU!6V!l;xx-eM$BEte|XM>U4y+0@yf`*QJR=+P{w}t+f&$G{}v=+1>v-g;vfRFxhD4 z3Ra%TkQwlteo2Rp2Cq;Rf?HrPq8!{>CGMQ&o2`dItPu-At8PKJiZ=JJ6?eR-IObq4 zn%^-7{YNfn+_xw7&?^Rk=PACV92b@}{l!aX(As)jTG8oyur}O1qGDFwveW3OtC|2e zsh)))}@MQ&P+sLvd9b~_dSIa32!?NGd6poh7Qx!3l8 z*J9(b$14ja<-_>=xl*}!`d$jx`xB;KSdcBF=zXqfRv~L$#8-I<$w^)>BUT;wlPv+L z`2+CWgHH2OTI=QhZ`sA?4?NReI-5VREB9@p?()$#0AC2EJkpV?J?a;)HP1gFN270& z@-K}_l&BlKTuXkE=WyUB!jw9LnSaKWJ^S#LNBLRKL!5ussw`EWeY0GM){Oula;hf1I&L;Qr2AQ-ZynL;DLYy9}Gy6ull;~WVvxq%-0h6?ER7a{J7GNlUbFNSmIs)H|tgR%iDvvA-K2dz8=_k*`Lc` zVdFhmGv9v}GXD!aj}7e-c;WmBbtYU3)qlI3x(&DWIB1-D(4m*{TABK|)K@CoGiIs< z4(sH*P?TdV!6WB%mkYS|B9S+l$jQl>y6ALsl8q=O$=kfQg{4OS^$XKK!Hbk8p54cJ z4Te5#x0SwOlqM*>w?u*k=|~glD!ogS8jwyX z0@ADW4v`*G=7i^Y-rd=GXZG7`cV_30kLx0w`_6rzbAG)Z-m9z1)1SC-f`*2M{*i*5 z1`Q3wjE3g0z%g2Ihb*-{5B?l-)R4bNliR_z04|PL$g0TF&=iC~iBBQm`na9K6Gs}F zvrg3CLu2L~Zs6uwrw4jYnzrUnu1_7zXyhHt%xoN=+d3h%kAYVx?;gp?YPlhnNuFNX z{oWI#{Sa=oM2m!&1@F|(B5(85_?XliJD0njr?z$Wn8ullZJMhZti3I$(dPMbGcqIW zBJbCz(bmRL%%rjC!)w8Qm($Nc29NG>UEqsp{^-|C%lg#I4u45YuOu#<(Iou?$>7Dx z@R07s(cs{(o%_WIkA;zKvz6i<#8O2+Vqc6AY?p?nCdBQ~!QdDd;@~e0#t(Kdc*QwM z1(Sw`)9-)YBOlEi%0^~z(eS4{esSmaEa&*Zf=QPUG{$$_cSc>u(G(JzkcR$-G;xqq z^(USyv%($)Pq5WPY1%H78LHm0S%G~Nv$t+vV zLq3(?E3`D%t3}!2%`*;@rY2aKTDjEs*@a~8Q#T7YyA>*p3E$mu0@8=rgy(4PJhSXB zh0-ML&bn0^ySaS~ILyc?q+%MsCGGAPlM?-K64KMuZs4+aeB!Ttg;yKV&@_lNO+nVG z_j5@cjVbIx-kvj=FY-j;1XM>>|ne=2M%#uy-HrBO19l z!@1v|j5|Ewm-4>-5REWkh|iC$?=2+VVm=fj@yK-I0DzYaG#_Q_p{Ika7!~PK3XU~T zKjJ!ku-9jfG&Lu=5U-wV#j1;44|*VTP3d(7F66`<-V`7;9%h`Hrj2Ak(`?u4jCfy326@K^0s=rmI{CS%0Xz##Kc$GO? z$26v7(W$qiI@u64-`!l?Z$NMIqIAp7eiBm1^6wU3=ytO<*3}+Le<3RLv7O#bb<26h z^5rT^fi#~G%enL=yZ$K$-6^A-!@AiNZ#-tX`qQ&UhJl%Xi&b~~$`8q71- zK`V(Fjk^z`W~KsQro*;Hu9bm2*U7(X=l@vp8#?A+gMhnFc=bVA?yeM@wue=G# zH4C{TlAWbhdh@*YPSG~~FvrPd<^E+{;AU}OmM2@_P-=&xyW{t~tpuJu4`=PV1Rr8L z$xI$)jQrxL_WDZQA&=dfAlS4=Y*Ajy+G-I@k~>0)PkDeWf1qK-%jnyDKk7f9 zT>cX-ceLZs%lhv6S(;ZYa+Ne)>35Qyl*?}+mb{x4@@(c$s}N`gvh=d9x%amJ@_$ca!buynagPEA+0*Ls1il27Ww%W>1M{e8VT zS+<(Uj_q68DM2}swSz{uxeZB`1t+8ZvdZ0|;;xTwK37cGs-r0L#xI=9TVqV-qB5PF zmy%9AYJO9eS72{#v=mnR@{YLa=%}FTe{aLGmTeYdtA)8Zk&-RbDqc$FdxWRp3+y?B zZH{t(5i%dS@JF8Y0V7I=1dpA6sF^n`g#C#KR~2EipE|i`gCC9Wb0yL4Tt3GJ4|VLH zyW8E%iNNyFSw}#_bAt?Le-z;UFIAu2)4M>p?{H>Xo>lyss6?IN*i3*!b3Bek@59?uxoV>>HD&jo zTSbgLj8maoT&RVBf%Jd|J@Kv$PRLMjpH!npje(dKZai-T(kj!M8;=1-OuadMJ zeD0^rUQ79Vl`;XeddQEhZnf%jquXb9)1MrHncqw043~cwvNrO4knt9Z60U|XEQ zJ=L(x!R%6TXBH_WCrkQe@8q08rSYbf&6Tw7m@0IXqU69-Wt&mTS&7@Z+iRJ*YeiPL z@IcsnIM0J{AQAn+w+Hztc9k_t$fSfHdR4_6%b{$~WzK&=*A_KG+p6F7EUZ-h+4c?X z_Jf_|sIKC2o~rWn6t24r>)hOCd!9Ki`5b*m@`ONXAul3yDO2seqjI|BQEYb*j5s(Z zylCo*-~8RwX9R~!#Fa{4#GVa=O_#6gK%C}S_UQwLaCbPgxe3W_ca(A+kOh7(p0%y(|kr0A#3}~`|Q;- z@bgl9r(Q5xpHj|y!US)2wmH{6k!!@u%Pt`m1MP7{EHpwlQ!Yqu47C1gH6o{O-HjOY z@t9t3{6#q2DP7{wV2(UQzhd_7O4?#Yw$#J$VLI+IwL>)5d;u@I+ZdoHitfU5y_B(X z*Yb$jgTqVW8#Ah_xyaH*kHOyD$+re~IPAnZ7P*@zD7|z?JC{d`9+IsZ=wGZ#hwk|h znm>p;PLOYlG*__yIzpGTvC^Bc&nx#}`m>`qd69Qm$N$YqmscMzgy-E6{hTR|z|Q!y z+Mt)e5C04kEiALRds%0^HD*gZG2E!G;fR#ud;5>!}|j6oB@+)c5!*f-N?}`ohbh|hPv4OuZ0ozF9^PEzpqvJdNia31?{-1 zWEZKH++uJoerdb3%+lP<4K*b&*yP+ixgUIZP);PUH>^`$-Gq5;^je~PC~NCx(XX7_ zfs+l;Y5HT0sV-Z$UY}vPs@^Ftc&EfEk>kS@%#^O;l(Sx^E8lxJA7?*k6I3-|_5-C+ zz*(uE;9Ex^+c2>|{?jSPaolWYb~JC%GyXK+_WKGi;-ykK#SE3)h~@rk8`g!6_BvksPacmucZoL=zTIPkCybZiuUT+l zrwXPz*m4uZD_0oiZn^d}w##c>d;g`cf3dgr2|FTFq~&lw9-gYPs%_RIQTW1)$IJ~j zFhhISLVM*XbD3Bbg4ZDXtgX_04w zh@@x@_t>#Jd6oX1MWOO-Jk5!DBhDj(--N!nB=(iOG-c1^e1moUTHZ3#QP(GRb7X&@ zk##1UN2&^ea}kA;OkFt_KXOHvIjlXn9ncQ9RC;#t(B?*xA<}~Dw_1~l!~QuMV+}u8 zedydB`vly@YT*>u@^HL^edAW*o&$Vk%=?xw-#&*q!+2G9#hMmHf1Tp*ua-U7<@tDf zq~d4cUZYmSsLQ#r$|3Aj$)9O!`~IS7N4BA}W^tr2EW`#8shCq{7KER8 z+Vv4fA3w+|F0odU2f>v$XKF94j(Tc%m$^25V#?6&FpJB|TRpw!vKCH)nKA6FS?fiX z+sk9MOT!#9aH)flq5O#bvz$p4X9LPoSf*Xl{WXe?pXW9r&q7h!TQ zpe#!=RrA+dIs?H_9%aihHbtk`Z{danYjXR2+Lp(8B?0 z=AWMv5%20D0XFMP4?Edxq>@@SY<8zjUT9+vFe@ulKC^(P@=~@ zsVVbVV{S%vvd&1gZZ&)sMc(z9>wI2}v;X+gvQlUOFB30()aP+oZt~V^%`;Ido8`fU zhgVMh%537+>a$sEEsu5hp69HYvVpRg)o?YzPePtqSHxz&$+Rl;joMT0zf8aFpPifO znPj3aDUf_+5;EIR6`A25TQZpPBYdzz%g*?hrHm|{du0* zbCm-sa_-_IYf|1nW_e3ZR{q$(8~Jb}g}E#`W8L2>MAS3u3hQT)+)Ni$`ajJv`ZKQ! z&2+LWyV7lRJada#%bT?0r90oLaeUX6-uIg&35zqNU$(MIrxdhCjQ*(f@Y?YA-}3B8 z?-{X6-I3`}YWo_XmiuV*dzt)2gafRDO={rsr-ZV(B~9Lvtzq#nJ*e!Pcjs0#-46%c zJ(Ip79w*AfFu}BxSb)8zyWK$`sOd`gxzA3%X?t)}#F}>t+HYsYHn3?rON9X$kNEK9tC8)myw~Y*UAg|v71CZR_L81vqgl@!^P)8~ zcfM$ghxxE0Z4ug*g-h910%P8hXQsJCnGB1Gymxkz;*BA zeH+Wj?l$&1$sru?#?VvQJ96G>N6T6}BE2G+JoeQu>Uw9rJkD;Cll?Q7@}lx^7%}o` z$Y@qrz^~I{p_%YuMhR@cg0(p3P>`y^XKcm~#H@M~<6xx|ExkkQq^5PouQb9U?r>hb z?%z~(Xj#ES1rkI(jEDJ|GFVHu3>xlULY%HRVTD`Vd5{@}HHubfzE5%2S$*QNYRPT* zAb>C3{py;NgRfYcu_%;jw=n&)SrAgttD3UjeI~7g%q>a3 zNa^Sbanm{SmvG-FrS70UhZyhnKX7(kinu9%dj@xl#&4|UgD@pjlTTpjCsGJ0d2GEe z+OXq?tM7|+{e@%v0|WFZjxwz?(vNn_?#Me=l}@G-M&*S?`PC!yQ|mgj^AwDbqfSXk z1V`L=Ds}6jY?_fRb!n&8s)y4RQgV@VBZi#!6;$C&?sCN;&S&KB12qK99T7 zoA%|$cTd+&chZ~?jTOhC`Yr^Yui=>`DVH)#U*+@&6=ITSTc6eN8p3r_2>No>PH3SN!4D$Y6R% z3McVcC81bnmH9>72Fho43C_bFMN7t0Le42SU%UC3_zUm-@Y&)Wfs((OD81o1`)5yR zReN$hVLp<$%eB%~Exc+pCONH`qM>NUDb#Eo;+{1Xn$y0!d;*PB?C|e0oSk1KIKOq4 zuAF4^d+2B(R+=$9l$U3-h%Yapzc`-r@J;&nj4^Mo)SmY;0+FA-Nf@_2500x~K68vO zq2y(<+GQQ}7cZOOV|P_hmmgYGJdn=kg=F7zYXFXl1AD7uIFm}~lz?coDbSCYT>u4qxUTEL!agU!;r`hBtx`s7+WzeXu7934v4=ME0_)A(ArJt=Uz`(3>1+ID&Wn}8^Ry`BQ)UaDLi`b#c)J{J=F z$h}p(qc`I!g~!)_50gkc)9Q$hQ(KIt^XT!5g+oSueWMe#6*KWX4Gq3aygD}G~tsP!xa`v@8?9<&e)M)gFeO;AY)aEo}9jkWA$hBCERO*Ee+3dWX6(Ry;W=r; zvK6K+%KQU+E9727O^atM)%!lCD?7b$Mnhz%^L8`68A05YqomQj+wl<#FGBsXz2@e| z8My~m+KYrBWB@DQDAGQxI5#pjM9(BG0G?MyW(;e0h<}-wU2Y#K#TgSa6x`9=>#)9_ z;On{aE}V%Ce%-D18M8*;kmgdNx{1vxGmlSMw!3l4KAq zA?gK_gxe5+9NdZVjWg3X`JIPtwrFTY2T)sSd3pJFn(R7Fkm6pAD296!lTuwh5Wk+X z5&xN$V1222yzEI_X55*50ruU(U#*e6Rfk~Ox4u4mGe#$uaE!-h$mQ0I)9**^(+?|!}co_5(a!5^xt zdmfJ+mbu^iA>$<~D|&{Mf4f`$k}0XK(k_^6`1b0pt3~{Bf2hPu^$*8w8E9&z&%pgI zb$aOssNVh@H#e}?86a)PZW{kBLC1TxAQDm!HAS|gR-R70^WHJYw9HHk&T4voD$~mM z#OYmur1Gtyr((mNVLruEe3L$)i&Yb1W}C1a6o#KufmbToaqC6mKzY+VAEj zD7l^YOwxDMMwf4y1itPUZTqX` z4SESW;`a#YiSv}EPW$v18)BYpM{X7q@-A|?IEs6ypn!tUu7!x!I*S!J|Wb%@%PO{X~UFY>(Jk&{Glp2T@hlg3%>`U~4PvJjV@6jSndFC3>sWf*pYAr#T5X+2-){yPc05|BdY%NAW>iqe}X;HiMxzTW?yzJJ5~Sw zZo$x7aS?s-k9MSv`33IS^;sGkWp+?n0Hm@Uf*6c8q)tLs9eD+V%w;X(NU4(H@f8_q zsu~-qyQ$)b8CgF=EFO4$VfazB2KjiJS_J|1FTXp`Och}^`1hfn)73GIJt?QcE_0qMAmo1?5}80-E?n48NMTY}|uXCxCXwzH#sU#rYCXw-j# zq}XrA<|?ySePV4fk|=lA&ip|kVjh)=eZa+shrB!~HDx@j?0VxWLj6cj)tQ?&|0$_h zGi$|~Uq>V*aE4~?ZW5Y`Vx4d1`~?PY_{@E=>CvIsQ|76;!m1RLKW|r-`bWlZ|K?s% zD_amqsfYR-my2*+d;34JawBWWM=Rw1p}9u%Rgm7N0X7;zUq2YFXif^~x5z{|c!h9TQSPO0yh|(AzJp-4ym8o+5;{UQ@ z)c+%pZtYA#Xl4V~yw^OptAjGG{pstV79`soTjBIxy}CRn96b4eB~`u29L3x})ilkaxl$*Cu{ zd~lzV$~k0Xch_sTCTH+nS+EeP5`5#*3`}>#cm)4Zdd;kXO(>)DYzp&xw;6bvEr>9;tZ=jI`-2kxK0&KLljuj5jeSRlLH$9mGSzcoVPP$e7IcyrQcm{)_hkHhZrQSx@>gCN(t{CL_IM9jo_ zy3`9t!v5;eNIKGnbMvu#d}o5!#&uN@)NzJ4=q1P2-$~DpyL@p|vhAHKUuCu($&zNa z$KYwR#C<6&Cv=fRZ5w9}V7U5>%3#8U7Aid21>~gOCga`pmCwb9g4qB%504NIl!N0I zw?@|L$o1;v9ol9|BpmC6D>*FR;JUqyYr3p@9l=?hy87PktQYbrJLElquc3u>qRvC$MvfACSu}te<)In4pXZv)