From a0d8fcd037a42ab360ddf692e14b9d494e78f158 Mon Sep 17 00:00:00 2001
From: Otto Winter <otto@otto-winter.com>
Date: Wed, 24 Apr 2019 17:09:50 +0200
Subject: [PATCH] Hass.io ingress

---
 esphome-dev/Dockerfile                        |   5 +-
 esphome-dev/build.json                        |  10 +-
 esphome-dev/config.json                       |  43 +++---
 .../rootfs/etc/cont-init.d/20-nginx.sh        |  30 ++--
 .../rootfs/etc/cont-init.d/30-esphome.sh      |   2 +-
 .../rootfs/etc/nginx/includes/mime.types      |  96 +++++++++++++
 .../etc/nginx/includes/proxy_params.conf      |  16 +++
 .../etc/nginx/includes/server_params.conf     |   6 +
 .../rootfs/etc/nginx/includes/ssl_params.conf |   9 ++
 esphome-dev/rootfs/etc/nginx/nginx-ssl.conf   |  62 ---------
 esphome-dev/rootfs/etc/nginx/nginx.conf       |  51 +++----
 .../etc/nginx/servers/direct-ssl.disabled     |  17 +++
 .../rootfs/etc/nginx/servers/direct.disabled  |  12 ++
 .../rootfs/etc/nginx/servers/ingress.conf     |  16 +++
 esphome-dev/rootfs/etc/services.d/nginx/run   |   8 +-
 esphome-dev/rootfs/opt/pio/platformio.ini     |  12 --
 script/generate.py                            |  48 +++++++
 template/README.md                            | 129 ++++++++++++++++++
 template/config.yaml                          |  75 ++++++++++
 template/icon.png                             | Bin 0 -> 2448 bytes
 template/logo.png                             | Bin 0 -> 16889 bytes
 21 files changed, 501 insertions(+), 146 deletions(-)
 create mode 100644 esphome-dev/rootfs/etc/nginx/includes/mime.types
 create mode 100644 esphome-dev/rootfs/etc/nginx/includes/proxy_params.conf
 create mode 100644 esphome-dev/rootfs/etc/nginx/includes/server_params.conf
 create mode 100644 esphome-dev/rootfs/etc/nginx/includes/ssl_params.conf
 delete mode 100755 esphome-dev/rootfs/etc/nginx/nginx-ssl.conf
 mode change 100755 => 100644 esphome-dev/rootfs/etc/nginx/nginx.conf
 create mode 100644 esphome-dev/rootfs/etc/nginx/servers/direct-ssl.disabled
 create mode 100644 esphome-dev/rootfs/etc/nginx/servers/direct.disabled
 create mode 100644 esphome-dev/rootfs/etc/nginx/servers/ingress.conf
 delete mode 100644 esphome-dev/rootfs/opt/pio/platformio.ini
 create mode 100755 script/generate.py
 create mode 100644 template/README.md
 create mode 100644 template/config.yaml
 create mode 100644 template/icon.png
 create mode 100644 template/logo.png

diff --git a/esphome-dev/Dockerfile b/esphome-dev/Dockerfile
index 442532c..d8140a2 100644
--- a/esphome-dev/Dockerfile
+++ b/esphome-dev/Dockerfile
@@ -1,11 +1,10 @@
-ARG BUILD_FROM=esphome/esphome-hassio-base-amd64:1.4.3
+ARG BUILD_FROM=esphome/esphome-hassio-base-amd64:1.5.1
 FROM ${BUILD_FROM}
 
 # Copy root filesystem
 COPY rootfs /
 
-RUN \
-    pip2 install --no-cache-dir --no-binary :all: https://github.com/esphome/esphome/archive/dev.zip
+RUN pip2 install --no-cache-dir https://github.com/esphome/esphome/archive/dev.zip
 
 # Build arguments
 ARG BUILD_VERSION=dev
diff --git a/esphome-dev/build.json b/esphome-dev/build.json
index a09478d..79e0c8a 100644
--- a/esphome-dev/build.json
+++ b/esphome-dev/build.json
@@ -1,10 +1,10 @@
 {
   "squash": false,
   "build_from": {
-    "aarch64": "esphome/esphome-hassio-base-aarch64:1.4.1",
-    "amd64": "esphome/esphome-hassio-base-amd64:1.4.1",
-    "armhf": "esphome/esphome-hassio-base-armhf:1.4.1",
-    "i386": "esphome/esphome-hassio-base-i386:1.4.1"
+    "amd64": "esphome/esphome-hassio-base-amd64:1.5.0",
+    "i386": "esphome/esphome-hassio-base-i386:1.5.0",
+    "armv7": "esphome/esphome-hassio-base-armv7:1.5.0",
+    "aarch64": "esphome/esphome-hassio-base-aarch64:1.5.0"
   },
   "args": {}
-}
+}
\ No newline at end of file
diff --git a/esphome-dev/config.json b/esphome-dev/config.json
index 4b95fb5..0965b07 100644
--- a/esphome-dev/config.json
+++ b/esphome-dev/config.json
@@ -1,43 +1,48 @@
 {
-  "name": "ESPHome (dev)",
-  "version": "dev",
-  "slug": "esphome-dev",
-  "description": "Development Version! Manage and program ESP8266/ESP32 microcontrollers through YAML configuration files",
   "url": "https://esphome.io/",
   "webui": "http://[HOST]:[PORT:6052]",
   "startup": "application",
+  "boot": "auto",
   "arch": [
     "amd64",
-    "armhf",
-    "i386"
+    "i386",
+    "armv7",
+    "aarch64"
   ],
   "hassio_api": true,
   "auth_api": true,
   "hassio_role": "default",
   "homeassistant_api": false,
   "host_network": true,
-  "boot": "auto",
+  "ingress": true,
+  "ingress_port": 0,
+  "panel_icon": "mdi:chip",
   "auto_uart": true,
+  "ports": {
+    "6052/tcp": null
+  },
+  "ports_description": {
+    "6052/tcp": "Web interface (Not required for Hass.io Ingress)"
+  },
   "map": [
     "ssl",
     "config:rw"
   ],
-  "options": {
-    "ssl": false,
-    "certfile": "fullchain.pem",
-    "keyfile": "privkey.pem",
-    "port": 6052,
-    "esphome_version": "dev"
-  },
   "schema": {
-    "ssl": "bool",
-    "certfile": "str",
-    "keyfile": "str",
-    "port": "int",
+    "ssl": "bool?",
+    "certfile": "str?",
+    "keyfile": "str?",
     "leave_front_door_open": "bool?",
     "esphome_version": "str?",
     "streamer_mode": "bool?",
     "relative_url": "str?",
     "status_use_ping": "bool?"
+  },
+  "name": "ESPHome (dev)",
+  "version": "dev",
+  "slug": "esphome-dev2",
+  "description": "Development Version! Manage and program ESP8266/ESP32 microcontrollers through YAML configuration files",
+  "options": {
+    "esphome_version": "dev"
   }
-}
+}
\ No newline at end of file
diff --git a/esphome-dev/rootfs/etc/cont-init.d/20-nginx.sh b/esphome-dev/rootfs/etc/cont-init.d/20-nginx.sh
index cd9b2c6..107a25c 100755
--- a/esphome-dev/rootfs/etc/cont-init.d/20-nginx.sh
+++ b/esphome-dev/rootfs/etc/cont-init.d/20-nginx.sh
@@ -6,21 +6,29 @@
 
 declare certfile
 declare keyfile
-declare port
+declare direct_port
+declare ingress_interface
+declare ingress_port
 
 mkdir -p /var/log/nginx
 
-# Enable SSL
-if bashio::config.true 'ssl'; then
-    rm /etc/nginx/nginx.conf
-    mv /etc/nginx/nginx-ssl.conf /etc/nginx/nginx.conf
+direct_port=$(bashio::addon.port 6052)
+if bashio::var.has_value "${direct_port}"; then
+    if bashio::config.true 'ssl'; then
+        certfile=$(bashio::config 'certfile')
+        keyfile=$(bashio::config 'keyfile')
 
-    certfile=$(bashio::config 'certfile')
-    keyfile=$(bashio::config 'keyfile')
+        mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
+        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
+        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
+    else
+        mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
+    fi
 
-    sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/nginx.conf
-    sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/nginx.conf
+    sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf
 fi
 
-port=$(bashio::config 'port')
-sed -i "s/%%port%%/${port}/g" /etc/nginx/nginx.conf
+ingress_port=$(bashio::addon.ingress_port)
+ingress_interface=$(bashio::addon.ip_address)
+sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
+sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
diff --git a/esphome-dev/rootfs/etc/cont-init.d/30-esphome.sh b/esphome-dev/rootfs/etc/cont-init.d/30-esphome.sh
index 26df808..8fc1b47 100644
--- a/esphome-dev/rootfs/etc/cont-init.d/30-esphome.sh
+++ b/esphome-dev/rootfs/etc/cont-init.d/30-esphome.sh
@@ -10,6 +10,6 @@ if bashio::config.has_value 'esphome_version'; then
     esphome_version=$(bashio::config 'esphome_version')
     full_url="https://github.com/esphome/esphome/archive/${esphome_version}.zip"
     bashio::log.info "Installing esphome version '${esphome_version}' (${full_url})..."
-    pip2 install --no-cache-dir --no-binary :all: "${full_url}" \
+    pip2 install -U --no-cache-dir "${full_url}" \
       || bashio::exit.nok "Failed installing esphome pinned version."
 fi
diff --git a/esphome-dev/rootfs/etc/nginx/includes/mime.types b/esphome-dev/rootfs/etc/nginx/includes/mime.types
new file mode 100644
index 0000000..7c7cdef
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/includes/mime.types
@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
diff --git a/esphome-dev/rootfs/etc/nginx/includes/proxy_params.conf b/esphome-dev/rootfs/etc/nginx/includes/proxy_params.conf
new file mode 100644
index 0000000..c00b480
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/includes/proxy_params.conf
@@ -0,0 +1,16 @@
+proxy_http_version 1.1;
+proxy_ignore_client_abort off;
+proxy_read_timeout 86400s;
+proxy_redirect off;
+proxy_send_timeout 86400s;
+proxy_max_temp_file_size 0;
+
+proxy_set_header Accept-Encoding "";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Authorization "";
diff --git a/esphome-dev/rootfs/etc/nginx/includes/server_params.conf b/esphome-dev/rootfs/etc/nginx/includes/server_params.conf
new file mode 100644
index 0000000..479dfa1
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/includes/server_params.conf
@@ -0,0 +1,6 @@
+root /dev/null;
+server_name $hostname;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
diff --git a/esphome-dev/rootfs/etc/nginx/includes/ssl_params.conf b/esphome-dev/rootfs/etc/nginx/includes/ssl_params.conf
new file mode 100644
index 0000000..6f15005
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/includes/ssl_params.conf
@@ -0,0 +1,9 @@
+ssl_protocols TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
+ssl_ecdh_curve secp384r1;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
diff --git a/esphome-dev/rootfs/etc/nginx/nginx-ssl.conf b/esphome-dev/rootfs/etc/nginx/nginx-ssl.conf
deleted file mode 100755
index cd76036..0000000
--- a/esphome-dev/rootfs/etc/nginx/nginx-ssl.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-worker_processes  1;
-pid /var/run/nginx.pid;
-error_log stderr;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    access_log         stdout;
-    include            mime.types;
-    default_type       application/octet-stream;
-    sendfile           on;
-    keepalive_timeout  65;
-
-    upstream esphome {
-        ip_hash;
-        server unix:/var/run/esphome.sock;
-    }
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
-
-    server {
-        server_name hassio.local;
-        listen %%port%% default_server ssl;
-        root /dev/null;
-
-        ssl_certificate /ssl/%%certfile%%;
-        ssl_certificate_key /ssl/%%keyfile%%;
-        ssl_protocols TLSv1.2;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
-        ssl_ecdh_curve secp384r1;
-        ssl_session_timeout  10m;
-        ssl_session_cache shared:SSL:10m;
-        ssl_session_tickets off;
-        ssl_stapling on;
-        ssl_stapling_verify on;
-
-        # Redirect http requests to https on the same port.
-        # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
-        error_page 497 https://$http_host$request_uri;
-
-        location / {
-            proxy_redirect off;
-            proxy_pass http://esphome;
-
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-            proxy_set_header Authorization "";
-
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $http_host;
-            proxy_set_header X-NginX-Proxy true;
-        }
-    }
-}
diff --git a/esphome-dev/rootfs/etc/nginx/nginx.conf b/esphome-dev/rootfs/etc/nginx/nginx.conf
old mode 100755
new mode 100644
index 4a0067c..8ebf572
--- a/esphome-dev/rootfs/etc/nginx/nginx.conf
+++ b/esphome-dev/rootfs/etc/nginx/nginx.conf
@@ -1,46 +1,33 @@
-worker_processes  1;
+daemon off;
+user root;
 pid /var/run/nginx.pid;
-error_log stderr;
-
+worker_processes 1;
+# Hass.io addon log
+error_log /proc/1/fd/1 error;
 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }
 
 http {
-    access_log         stdout;
-    include            mime.types;
-    default_type       application/octet-stream;
-    sendfile           on;
-    keepalive_timeout  65;
+    include /etc/nginx/includes/mime.types;
+    access_log stdout;
+    default_type application/octet-stream;
+    gzip on;
+    keepalive_timeout 65;
+    sendfile on;
+    server_tokens off;
 
-    upstream esphome {
-        ip_hash;
-        server unix:/var/run/esphome.sock;
-    }
     map $http_upgrade $connection_upgrade {
         default upgrade;
         ''      close;
     }
 
-    server {
-        server_name hassio.local;
-        listen %%port%% default_server;
-        root /dev/null;
+    # Use Hass.io supervisor as resolver
+    resolver 172.30.32.2;
 
-        location / {
-            proxy_redirect off;
-            proxy_pass http://esphome;
-
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-            proxy_set_header Authorization "";
-
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $http_host;
-            proxy_set_header X-NginX-Proxy true;
-        }
+    upstream esphome {
+        server unix:/var/run/esphome.sock;
     }
+
+    include /etc/nginx/servers/*.conf;
 }
diff --git a/esphome-dev/rootfs/etc/nginx/servers/direct-ssl.disabled b/esphome-dev/rootfs/etc/nginx/servers/direct-ssl.disabled
new file mode 100644
index 0000000..bec9c88
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/servers/direct-ssl.disabled
@@ -0,0 +1,17 @@
+server {
+    listen %%port%% default_server ssl http2;
+
+    include /etc/nginx/includes/server_params.conf;
+	include /etc/nginx/includes/proxy_params.conf;
+	include /etc/nginx/includes/ssl_params.conf;
+	# Clear Hass.io Ingress header
+	proxy_set_header X-Hassio-Ingress "";
+
+	# Redirect http requests to https on the same port.
+    # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
+    error_page 497 https://$http_host$request_uri;
+
+    location / {
+        proxy_pass http://esphome;
+    }
+}
diff --git a/esphome-dev/rootfs/etc/nginx/servers/direct.disabled b/esphome-dev/rootfs/etc/nginx/servers/direct.disabled
new file mode 100644
index 0000000..51f57ca
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/servers/direct.disabled
@@ -0,0 +1,12 @@
+server {
+    listen %%port%% default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+    # Clear Hass.io Ingress header
+    proxy_set_header X-Hassio-Ingress "";
+
+    location / {
+        proxy_pass http://esphome;
+    }
+}
diff --git a/esphome-dev/rootfs/etc/nginx/servers/ingress.conf b/esphome-dev/rootfs/etc/nginx/servers/ingress.conf
new file mode 100644
index 0000000..6699ded
--- /dev/null
+++ b/esphome-dev/rootfs/etc/nginx/servers/ingress.conf
@@ -0,0 +1,16 @@
+server {
+    listen %%interface%%:%%port%% default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+    # Set Hass.io Ingress header
+    proxy_set_header X-Hassio-Ingress "YES";
+
+    location / {
+    	# Only allow from Hass.io supervisor
+        allow   172.30.32.2;
+        deny    all;
+
+        proxy_pass http://esphome;
+    }
+}
\ No newline at end of file
diff --git a/esphome-dev/rootfs/etc/services.d/nginx/run b/esphome-dev/rootfs/etc/services.d/nginx/run
index adf93bc..8582167 100755
--- a/esphome-dev/rootfs/etc/services.d/nginx/run
+++ b/esphome-dev/rootfs/etc/services.d/nginx/run
@@ -4,5 +4,11 @@
 # Runs the NGINX proxy
 # ==============================================================================
 
+bashio::log.info "Waiting for dashboard to come up..."
+
+while [[ ! -S /var/run/esphome.sock ]]; do
+  sleep 0.5
+done
+
 bashio::log.info "Starting NGINX..."
-exec nginx -g "daemon off;"
+exec nginx
diff --git a/esphome-dev/rootfs/opt/pio/platformio.ini b/esphome-dev/rootfs/opt/pio/platformio.ini
deleted file mode 100644
index 27f7dbe..0000000
--- a/esphome-dev/rootfs/opt/pio/platformio.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-; This file allows the docker build file to install the required platformio
-; platforms
-
-[env:espressif8266]
-platform = espressif8266@1.8.0
-board = nodemcuv2
-framework = arduino
-
-[env:espressif32]
-platform = espressif32@1.5.0
-board = nodemcu-32s
-framework = arduino
diff --git a/script/generate.py b/script/generate.py
new file mode 100755
index 0000000..4e1a7ab
--- /dev/null
+++ b/script/generate.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+
+import argparse
+import yaml
+from pathlib import Path
+from enum import Enum
+import json
+from shutil import copyfile
+
+class Channel(Enum):
+    stable = 'stable'
+    beta = 'beta'
+    dev = 'dev'
+
+parser = argparse.ArgumentParser(description='Generate ESPHome Hass.io config.json')
+parser.add_argument('channels', nargs='+', type=Channel, choices=list(Channel))
+args = parser.parse_args()
+
+root = Path(__file__).parent.parent
+templ = root / 'template'
+
+with open(templ / "config.yaml", 'r') as f:
+    config = yaml.safe_load(f)
+
+copyf = config['copy_files']
+
+for channel in args.channels:
+    conf = config[f'esphome-{channel.value}']
+    base_image = conf.pop('base_image')
+    dir_ = root / conf.pop('directory')
+    path = dir_ / 'config.json'
+    with open(path, 'w') as f:
+        json.dump(conf, f, indent=2)
+
+    for file_, conf_ in copyf.items():
+        copyfile(templ / file_, dir_ / file_)
+
+    if channel == Channel.dev:
+        path = dir_ / 'build.json'
+        build_conf = {
+            'squash': False,
+            "build_from": {arch: base_image.format(arch=arch) for arch in conf['arch']},
+            "args": {}
+        }
+        with open(path, 'w') as f:
+            json.dump(build_conf, f, indent=2)
+
+    print(f"Wrote {path}")
diff --git a/template/README.md b/template/README.md
new file mode 100644
index 0000000..cf589f7
--- /dev/null
+++ b/template/README.md
@@ -0,0 +1,129 @@
+# ESPHome Hass.io Add-On
+
+[![ESPHome logo](https://raw.githubusercontent.com/esphome/hassio/master/esphome-dev/logo.png)](https://esphome.io/)
+
+[![GitHub stars](https://img.shields.io/github/stars/esphome/esphome.svg?style=social&label=Star&maxAge=2592000)](https://github.com/esphome/esphome)
+[![GitHub Release][releases-shield]][releases]
+[![Discord][discord-shield]][discord]
+
+## About
+
+This add-on allows you to manage and program your ESP8266 and ESP32 based microcontrollers
+directly through Hass.io **with no programming experience required**. All you need to do
+is write YAML configuration files; the rest (over-the-air updates, compiling) is all
+handled by ESPHome.
+
+<p align="center">
+<img title="ESPHome dashboard screenshot" src="https://raw.githubusercontent.com/esphome/hassio/master/esphome-dev/images/screenshot.png" width="700px"></img>
+</p>
+
+[_View the ESPHome documentation here_](https://esphome.io/)
+
+## Example
+
+With ESPHome, you can go from a few lines of YAML straight to a custom-made
+firmware. For example, to include a [DHT22][dht22].
+temperature and humidity sensor, you just need to include 8 lines of YAML
+in your configuration file:
+
+<img title="ESPHome DHT configuration example" src="https://raw.githubusercontent.com/esphome/hassio/master/esphome-dev/images/dht-example.png" width="500px"></img>
+
+Then just click UPLOAD and the sensor will magically appear in Home Assistant:
+
+<img title="ESPHome Home Assistant MQTT discovery" src="https://raw.githubusercontent.com/esphome/hassio/master/esphome-dev/images/temperature-humidity.png" width="600px"></img>
+
+## Installation
+
+To install this Hass.io add-on you need to add the ESPHome add-on repository
+first:
+
+1. Add the epshomeyaml add-ons repository to your Hass.io instance. You can do this by navigating to the "Add-on Store" tab in the Hass.io panel and then entering https://github.com/esphome/hassio in the "Add new repository by URL" field.
+2. Now scroll down and select the "ESPHome" add-on.
+3. Press install to download the add-on and unpack it on your machine. This can take some time.
+4. Optional: If you're using SSL certificates and want to encrypt your communication to this add-on, please enter `true` into the `ssl` field and set the `fullchain` and `certfile` options accordingly.
+5. Start the add-on, check the logs of the add-on to see if everything went well.
+6. Click "OPEN WEB UI" to open the ESPHome dashboard. You will be asked for your Home Assistant credentials - ESPHome uses Hass.io's authentication system to log you in.
+
+**NOTE**: Installation on RPis running in 64-bit mode is currently not possible. Please use the 32-bit variant of HassOS instead.
+
+You can view the ESPHome docs here: https://esphome.io/
+
+## Configuration
+
+**Note**: _Remember to restart the add-on when the configuration is changed._
+
+Example add-on configuration:
+
+```json
+{
+  "ssl": false,
+  "certfile": "fullchain.pem",
+  "keyfile": "privkey.pem",
+  "port": 6052
+}
+```
+
+### Option: `port`
+
+The port to start the dashboard server on. Default is 6052.
+
+### Option: `ssl`
+
+Enables/Disables encrypted SSL (HTTPS) connections to the web server of this add-on.
+Set it to `true` to encrypt communications, `false` otherwise.
+Please note that if you set this to `true` you must also generate the key and certificate
+files for encryption. For example using [Let's Encrypt](https://www.home-assistant.io/addons/lets_encrypt/)
+or [Self-signed certificates](https://www.home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/).
+
+### Option: `certfile`
+
+The certificate file to use for SSL. If this file doesn't exist, the add-on start will fail.
+
+**Note**: The file MUST be stored in `/ssl/`, which is the default for Hass.io
+
+### Option: `keyfile`
+
+The private key file to use for SSL. If this file doesn't exist, the add-on start will fail.
+
+**Note**: The file MUST be stored in `/ssl/`, which is the default for Hass.io
+
+### Option: `leave_front_door_open`
+
+Adding this option to the add-on configuration allows you to disable
+authentication by setting it to `true`.
+
+### Option: `esphome_version`
+
+Manually override which ESPHome version to use in the addon.
+For example to install the latest development version, use `"esphome_version": "dev"`,
+or for version 1.10.0: `"esphome_version": "v1.10.0""`.
+
+Please note that this does not always work and is only meant for testing, usually the
+ESPHome add-on and dashboard version must match to guarantee a working system.
+
+### Option: `relative_url`
+
+Host the ESPHome dashboard under a relative URL, so that it can be integrated
+into existing web proxys like nginx under a relative URl. Defaults to `/`.
+
+### Option: `status_use_ping`
+
+By default the dashboard uses mDNS to check if nodes are online. This does
+not work across subnets unless your router supports mDNS forwarding or avahi.
+
+Setting this to `true` will make ESPHome use ICMP ping requests to get the node status. Use this if all nodes always have offline status even when they're connected.
+
+### Option: `streamer_mode`
+
+If set to `true`, this will enable stremer mode, which makes ESPHome hide all
+potentially private information. So for example WiFi (B)SSIDs (which could be
+used to find your location), usernames etc. Please note that you need to use
+the `!secret` tag in your YAML file to also prevent these from showing up
+while editing and validating.
+
+[discord-shield]: https://img.shields.io/discord/429907082951524364.svg
+[dht22]: https://esphome.io/components/sensor/dht.html
+[discord]: https://discord.me/KhAMKrd
+[releases-shield]: https://img.shields.io/github/release/esphome/esphome.svg
+[releases]: https://esphome.io/changelog/index.html
+[repository]: https://github.com/esphome/esphome
diff --git a/template/config.yaml b/template/config.yaml
new file mode 100644
index 0000000..62b6b60
--- /dev/null
+++ b/template/config.yaml
@@ -0,0 +1,75 @@
+---
+base: &base
+  url: https://esphome.io/
+  webui: 'http://[HOST]:[PORT:6052]'
+  startup: application
+  boot: auto
+  arch:
+    - amd64
+    - i386
+    - armv7
+    - aarch64
+  # Uses Hass.io API (auth)
+  hassio_api: true
+  auth_api: true
+  hassio_role: default
+  # Doesn't use HA API
+  homeassistant_api: false
+  # Host network mode for mDNS
+  host_network: true
+  # Ingress settings
+  ingress: true
+  ingress_port: 0
+  panel_icon: 'mdi:chip'
+  # Automatically add UART devices to addon
+  auto_uart: true
+  ports:
+    '6052/tcp': null
+  ports_description:
+    '6052/tcp': "Web interface (Not required for Hass.io Ingress)"
+  map:
+    - ssl
+    - config:rw
+  schema:
+    ssl: bool?
+    certfile: str?
+    keyfile: str?
+    leave_front_door_open: bool?
+    esphome_version: str?
+    streamer_mode: bool?
+    relative_url: str?
+    status_use_ping: bool?
+  base_image: esphome/esphome-hassio-base-{arch}:1.5.1
+
+esphome-dev:
+  <<: *base
+  directory: esphome-dev
+  name: ESPHome (dev)
+  version: dev
+  slug: esphome-dev2
+  description: "Development Version! Manage and program ESP8266/ESP32 microcontrollers through YAML configuration files"
+  options:
+    esphome_version: dev
+
+esphome-beta:
+  <<: *base
+  directory: esphome-beta
+  name: ESPHome (beta)
+  version: 1.12.2
+  description: "Beta version of ESPHome Hass.io add-on."
+  image: esphome/esphome-hassio-{arch}
+  options: {}
+
+esphome-stable:
+  <<: *base
+  directory: esphome
+  name: ESPHome
+  version: 1.12.2
+  description: "ESPHome Hass.io add-on for intelligently managing all your ESP8266/ESP32 devices."
+  image: esphome/esphome-hassio-{arch}
+  options: {}
+
+copy_files:
+  icon.png:
+  logo.png:
+  README.md:
diff --git a/template/icon.png b/template/icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..8845ae8534aad189f788528716809cfa4ffb180a
GIT binary patch
literal 2448
zcmY*bc{CJy8~)8$#t^z9TSdt(##&?<*=DX?GuFyB$YqRc8-o~yxWY8Ji7Z!9mXIY<
zGMA7gghnw@ma#>$WgEV^=R4>7&i&(kpYy)Y^PKn3=S{J*vEb*G-~|Biqfw>~Y$X3v
zJnROTSVK`ZaQYcr8w2nxgKyuHi#<zwqa3UOh>~OL5&+m`ugLQNgd+f0^Z-CF2LRFF
z2hH~SYy#?KX<-TuZ)fzivL|>j$|V$lTWsc*KBVR$>mqvz3qxC*!KR_GW5-msOmp}F
z;JJo2HO54aE$0RV3Xh6(9cu2aRZVsV)R4rCP9N<k5|YT~HkOWuLb8hOt_yQQM#x!O
z)<vdfN@W;nbhaG+DoWTa<!M5eIcJY@6TI^;E~rM97)M8^z?%qsp!alF)$-?-!&qk%
zUteNNT`EK|ch6IsIAAch&+LDoIX5Am($r}Ey6b=+aL@n(9Qhx7nc&C?&j@_F7|iV0
zBv#R*EO2i7T?M_He^%aQ-K;8SCNM@0Y(m5DX{yoV`YIZ{aE?cbBcqJ(R=?Ji^fA;>
zwLfOBSXgxqi=6GQvn}bmuogRPO7%MI6LxERL}Z-(boGMzgbt2=nu=pteiGPQ6%mCV
zS>l`@pEvrPb%vU@&ieNAUZ%cw|D;P~8qS^<&}yG$d~=yI`aF_>roY?D$lVUl0*A?5
zLwr<n<@$^{vR|CQ!3?jRmPht&pAg?ZM>6C?DWPCqKdBeJ$zQorkg*~isbodM0}<z$
zKX_?%oH-Gt%XL>gl$Sb@*P<JCY=2Kyo}CkTBdX(0a%^kj4uXUTHss&uR{61|%IS-(
zUzX&5)jbxN6N??)fWd?^EVu?;!BP;l8dyfEoO&40UGNEcdJ@XqqJDTtSrv)n-cO%-
z>}Yj8pjmKh02KrrYev%d^=hLfRtq}oUn4d)Xgb2QV47K@C_06V7aQakMfCBWmHm6E
zRPrsL1ew?tJ{DDHDSZx(zDosfj&L<=mxePTiq6{!5>~U2Y?v{o*w)k`!Q14{C>%+a
z=Am#(BOx1yGCc9IaAS&HG6V^PAMtdSdfzI>`z^%V^wwi~KFF)@e+}??J+q)QRpDwS
z7Pq2OD{r!BzzE7^>bquizqs_9;-*~RQTH&H$B*p}2)gFh{uh*ztQsj@)m}p~si!c7
zZXf9l`is57^*(=^i6zNy{mn%as%~puTnJ`ey5{<2+x2{4rWY(gZDFeM$?qL;qfXE!
z_m8@JtT#YJic)Lfp3wO8F<LF~GOR|ZsHAdkl0O~@fxK{v9FVhi7f%`y6}~mTLNdbv
zF~Cjx2`}2IUn+oNSTVcR7iFA=TebLx%bl|SvI|Vhzz}MDi=wdNG`!@Q0*-TJMF)=a
zEGY;G%E&>6!u9?1vIJwt*1Tm_1(TOQN@R@5q5IJ(yhS%kqJEtbsdjCXd=WEjB>mj7
z8mrcF#`9pjc@PVZ^F6uRbb>)SPETrMb1rL2kQ4Zn6Vmv1uu~t_{=U(1d$r`_EViVl
zN}-RMcrauR_lSzU?*x}FbP1DrmDpQh`5`V+bs_X54{!;cel+hK`=QeCL`rKsL?CXc
zV#;5j(2X$K%3BnEgGAQv%dT``nJL`u@2JpNY|i7DC2=t6V}l1R1#kU;&{V<6QhmQM
zDM^JK?$wM=qt_C!lh&EZCn`cW<M&u`r(Ea9RSEA+iXf|wTV>G6T>sR5Bk2PrJl(j+
zx}*19`FMYQ$mJ)nh;}vZ4Z-9~y}pud+9jkq@nUP4$<0@q3Cz}C+ddudsOU1~q&%-g
zWy9Z(E6nqixU8bmMsA#Y<axO{QFEw$*J*&(I}nN0IjF0bsb}U~J>R!SPnZdf&3T78
z=_XmO9N2Hi=f<sKD|GDcalP>z^E*7>ukr<l5DIIR&o{MSPgU?a4aQ<g`pDR>pL|(m
zO?8HLh7L}8FVjlV9qA=DSfvP+rV4;$H1A*hhB!k0E?Ke2eD+9itjA0WIj({I#j3Y_
z)4oc$7=q|NnkKPxTRETOdLDPOc7A}WEP1`#tHIbdZ*`Y@NHxb^{MFiDTJ9DSbf~kt
zONo-Vm3#HPSW}GztC9W%nmZJ}f~Z)5xTU+!3q-RrGdEwnhuhf~SN*XR6*L-y1Iq&^
z;grb_7>4~Z1*yfRR80Wi+A+bzd&Fsc4T6Fnd7TrUw>^PrXt~bnyOYgn{7~fH8cpxH
z_2aT}7)3TxZPK3L2_A$R@>0i3CQj9iYde3xqn|tIh{uItH@Ql$4OhLZNtdd3A~qbh
zo5=Qv5Vn6NS#039<_WgSlah-d_^CL9>d^-;2{(vF=SQc<gtTk;Da`V@pILvFWHNC&
z6p#EQyC3Yeqj={&Z+FXKGbtjfTg0lx7G(|7N3Xw`uo-7ydPKS?n$y3fpz^#Sf}<Wi
z-x7aTR4(n_EcREK%E*inb*8mPST)&%h_6aCf&oe(38ZU01CjS;QX=oPINnQ}89sY>
zM1=|AJGCf%BQ?I&bdxKw+`+fWcqAgrq<-u@!O>#v0dD@su91hG&H~-G#@>N8m<Kan
zRK5YI2?v7m(rBSCGSWLhT<8l25`w1U4*#&@K?&_*W5}E?H>+D^EVzzlayscs+d#@t
z&mSI~8FYqs!{zNhabCGjHV`kPp{0U*63@Pr`6YjrJSR*^nh}d};~H^KP{anfISH?t
zd2CC{E=_wVO{JC5ZgspYq}=^I-S4*XwfebRQegO^Gwu?@66QVt==POd<}IXE-HR%5
zeoMG77E;SmS1vJS(|q!Qh%On&fv8Jld<8g7GQZ(29a8fa`OT(w(;hei(%jqO`>cG@
z^30w(x%-GmX0iZzZ-1O<WN10G9;E@Cot{$zT|6P=tn>P3l}n*uO^`AZ6qjbOex`e3
zQXWdi<6qKiRs^~GMWvQd(P94FAX$xwiL5J#WI#ZbL1C<StVegd2GCmBo@>}vwB6|~
z@0mJwwcYoe4F_;v=*oW0DC|#zH??lw4kcDk|Ec%V^xISU7maS|FGW0Bf|iKkl@$Y?
z*e7qeNKY6nTRE-ey^Tfszw-N^G%pS~gzfe}g~CkI@35Z_*)TKbFq~(YkDhmk4;z36
zLS6S9LgO4l7lY8%)6~|}&{amL>md+}H}9GM%YY}~{C!FPH=M_)U(i$6)zi}Yui=!+
yU^&|${?CQW1m7^CXNV6V5{at*K>?xOp20q<gb=^H6@3Y|2%ybuOsg(=-24yIEL$f4

literal 0
HcmV?d00001

diff --git a/template/logo.png b/template/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..91f65b1a8fd670ed0f56052f5ef567bf0fb8ff1e
GIT binary patch
literal 16889
zcmcJ1cRZJC{5O@71~QUFR7A2fA_}P_%AQ$;Q1%K@Ss6(PWn?8QBtobNm6e^Hm6bg+
zpZ9&v`8}`a|L1wm>vc|YzTdC=zV6TU`MlTV(N)C@dngzwNJvQbT)HT$OhU5tFus0D
zz8(K9dHyB<e{8dpzNAWyf85A#_~Gw6tuJcXk&qmEPW($+|2a?s-#lP{UejL1%EaEu
z(Do*YlamwAtveQW#)j56d8}+rUrb6cl8_uGxg>i|)j4{i+eJ6%@2b>vn^=ojW=Ev-
z#e?nAjBmYfH2U%{-rW67K&V}AcR63A;dbK#``Tv@HB~*$Xy>eCmixBvsp?ndcNeS0
zmZm7B+?i5rC!5^kR-=nzgR5L5?CVzDOS0^^V#d3s&VS+Cy;Yi=)r(4+yn!U=$4>l7
z{3VT&>+HYZWo48h`|m4R<JTnrypq++Y&YFu;yw6lQ2dtvzDnR%_5APsLOvA#edSkq
zmGpmp0K@;~hsx=XY+F{pde!siPtC3mPL$`*pMR~AvbV@_!oMTWBG*4OE-qLlMX~Sm
z!yU&tInQ+$IW%PIh`24bn`ZP6{{G$HoT_s1(xv;lJiak8hl(7=eV(7Pc<Ub;8u~Dl
zLy7IwDLUIiriHPVhwtBuWMpJ$R=6yT(J97CJh~9feBY2EZ=l%i@4ghp7-?;7#xF+v
ze<mh~k8gf`?V%deKewn{!LO!z@1CTf>!M|4b8{H!OKX}(vI=pM?vY7JNlKM2>no>d
zn3!r94jkaDpbn_0d3o+(WLQ|3QsuYr-;LOnVrwoYD<_NIy?eK&P2Zzd;_m!NsLl0a
z=g-@=Zx`72NS5<)X{qGE)KvYA8#mkp6irOn1s(rrR(|^QvPLxVLa<4!gv;zV(b3V-
z8b9hI3}?=qNfuR34ckdUVRXIJ?e90yf1Xp)T`K<F<z{cX8Uj<4;`*gF|5Cou`=D<4
zf$@~NLDl0!(+dkH=VqFlRhR$%?Q6}{p{vY!`?f6hjO&j=yI}zqB}GM_xHy){o)R6y
zXze_6!`@Q&>G^r?xfyY%$xrq5l$@NLbd{-kAB6WZiK4)l@D>FHFTAC(v5_lK<^3H!
z*$WrSYil!Wss{S|e|&JVx?y6X&QR6RK<&Ht(1U=0%ia_J6x_uYjUkFBWo6R#lU)ZQ
zc=gp&OCCMiSr;RoGS4n9CB-t)ktbthlpt@z&CP8++ITEkq&-Xjqg-eH?U1mrBxNQG
z3yUum74e4UJ`_tI@#L79nd7)6dvf#g&g<$j{rU5UcCx;vM)rm9?I*FZZ<M1^5dGi7
zPh{uisTFKCBwjFUdbKB3%HxeP69)%}ZmHXWXV0E-<#GJ8h-xa~I$q5C_9>gp7~Z+_
z7;ok3jzjhBq+$OxaN2UTG5IDv3toTo4GU33>{p&A*>5JC5BSb4nUR?p-qXBwiXv$0
z<L33zjlXll5n67|8CtnD4#$<^Br5_B2!>6@37RTKRb0r_&NDDJPPF%sliO}m`#jm+
z!`j+9s=_xYXb<r@lOH`cCF!{}U)oFkvoTXmw#ATC@)zpX{cLaN%#h&|5HQNW-C2nm
z<3p#InVC_@HK`42JrOPCQ7WWpW5aKJ>sIP?K~&U%T-T*La_pff4L%zio50-MT;=F5
zU%oVol97?gTU^B&N3O3f3ECD$8#4Had2C1+TUlk%a)^l)3Mt;X!((h__Ild6_W7x(
za$m}bN-_79ca3)Y11c!S&!P6djf{_<c$brtW2hJ{daZ+<o!ti&lHbS}K3pFck$>sR
zm7B6`A<{2a7RCil>tj!@OQJ>uTU%S@djpD#CF)9h|5<g}CDqguhaWw9Bp)})t5-y;
z@3DSretw>W<fQhyPuTRV;qr7Hhs11?=6fS}^rRgf^UDTUSy@NgvRJ<KJMn7aQD=K>
zZZsC$tPpdWWSX6wrDg8THr#r5X>w1<#cd?0<1Z+5`Hws&6fG^edrIBYr=6XhMcv%p
zFRwbF3O_hbD4QLLsJ59OX=uz+LTh;Xbf32{H8u70;v&y_(d7u9<tdNN^dDHszU7&L
zWPKKKM}<-UYpSZWr|m~bNT?pkPS4Gizq;~*wu6?I_SgJq)4zSRMI)T+tg?zq_~bz$
zvnP%2dl-ez;-}G0x-L%}7TTcQY~RcDnl{B|pi<uAf@I)a-$&B3T;cucS*6PUO>b{r
z7P`}=IV5UgVlvX6o1z@;IMMOBr|0^RXr6hC^!q#AVg1f7E}T~=(~mz+Of-(#)#JJ_
zMn*#uYCG^xpMElyB2Ra?u&_{mNlQ~RtbK97jz{v(str@BDus+pxxj#1@#~@lQ9QUG
zZM>@^biy{~=zDjM`CN$(&Z>-j@gm~D)~olriMK@0UN<IM55KLg?e{~W|9rfvyV}NK
zY3YkCs;a79Yin+_baZH_cw70`uNOz&5!-!sCow$UsiUc(9r<`{uJ0GQ({&cDwy~*c
zW_iY#cK`kpc@Y<n@`;G}CMO?bVq*I7?v@H3&r7@Ex|@^NFA$$no4Cd635A6F3T?^V
zg?*>@e0Fwq9a!r1X#44m-j32bZ*MP@keFyQ_xp<adVs(G^x9uL36BjXr>P#bpEaM$
z%eTt-?ydOs`Qfz`#Y1mYHj}C&c#rV$T^$&>=P%249}URT((>vD$J;_?KS)sS4_~}^
zVKBUyp<B2Qji+fO^5fd<<wD;^^Ty#gkG+MuZ*pcZO056<<PQqM6_Q|Vs=j{xnp`96
zIvp<0&FwI|J|26H%bbaqukQfbPH`ah{{6lM1)|$_>`1g|dlPxufopATEzI%dz-2|n
z$93!6r_7tlyFWNp?bmlBWnqc4Z7Z`mdFG7XK$e=i`ZKwz6ZI|W8mF{9!yGnfSiPn*
z@nHY{{VTt8)6}&5)2Fke8^I}7Sj>n!C9A({4|-QI_+0CFwp0@QKJO$KSN~B(Lqo$`
zoev&t@va)Qbt$yDArMv8X4PAI^7iVCdg)jtCpWjMxz6?I;LRuWw6te=A|gKc#j5fy
zO?H=~!DZj>6i)6XE&V!V8!h3ok3%We>%#|e^$gAXiZQ2e-LTXP4GZ&1N;>N0<@Kqn
zi^+X;u_BV+SpIz%J9c<8+aLa;;Stf%HEs(n8uB}KG+uGFLP-Y(2UF6pu<*_Y*K;Jl
zdPT8ucc;riJ_8coEDJ@&y@EHt(<VRU_bzxO%Vsk8HAF#Oou0RTp=6*cc-Mw*VUfeg
zkNaZwBUDydE$?nM32j7gY^+-K#8MtK%F#@$@2sqp8%a?hPxY~1F&=p#VpUdKyT^5D
z^5hbYbAr3Aot@3vvJI;2u&}WDh`pcBA#umuZ{EDoEVNCod~;XT%aFmcyNC{zP#z^{
z>ZN#rBU;>P@4b8XM!G+UJPi%?R`jKk_Iungy5&YqB)`0=GF3O4fft^$g?*`@PR#|5
zQksQtL$=(S*(7IN7iHz-e141`cUfEJFD@yeW@O~D=Q=%rax`myn_Rg+kOnaA_Gul@
z8>XfMjmej#Q_gXXqVZjnmq)Re<@Wa*?Pif=n)_YbH1;4jDQVmN`}Z{qtmA*Ajs&8Q
zy3N&!kni5Dsx2;u%@UT}81SR1sp;C)t0bnTraZIP+EG>Ek}>)D`938jC316z{{U$G
z8f{9USUPs>*yolOwU>e9z5f3GeAd6t{^|XwKccEC>@=y%aPXjU$Gcn7DG7qoGBP1i
zQIGum$N^>Io3JGlD!9}<xwYPI!{m7Y==JfVRK8_<ncDR@)z*~P*rw9X&IOgWhyScE
z4+Lu#JLi<S&!^sM5w_`<jp35)c_Hb3no-EilXUBL@)-X*KY#x+kzTil6P@py6rE5r
z-;)>h{QwebV#MFSqavrItjg4RFM2tUDq;26Ngbc;Y`(gIvC+}b9UY91A3wHsa=Os;
z>dG~2V8!}W1BUH@O_jK7u>h?@e>(DZp_O1;0?cVEOq@6@CMG67d=BlQxN#?S!WHwD
zH18O3C-t8uL*K(i@m={D^R_oZYU%1WA<wnzqQxGbvS>BCk+Hn&ToZfdL!(V#VBn7u
zS10?ao<q1Oxlr~i1~+f2nRH@kbQQbM0Mp1RDC`DKx|$lqg?9NPOJ7R2*qQp(t5@b#
zq@KTPUwF)#j{36PJ1Z~mFF&LG{!S2zEG<Uq`gLYhW(a_5O^t%?$9sp`vh;^<7zbAb
z>>mi=Exo$x7H;)%J-<xl8|FB_*^k5F0~q7+Ko@lRw^}ozzRxV%|M{6iA@cESb+rr-
zoZ4eFThZN2qS;+l$M)?^UqgNDQX50hE-<mQ)a_%jBKcY3`u_V&O-+sDfnX&T7V~fW
zqZE9uCCbIWetmI*0pJSE=hKgP8Q`He$}H~g?gfQ~pRt#Ws~(>}caC%~vxMKV%g=rR
zVVMsR?RRayNl7!u$Xk28H#aBe@8HtL!002oRN(nxsmo~Amo8oMd;GW(Gv3?FYg^vH
zwr$&fRR$e2*9*6GbbMp2XNXCW?mVSr-$vHc(?ch@G1hWIeI`04#^HA%4G7Hhq|4-e
zUA-QgL6{{PnWcbI(irMI`lW$016Ap|ZebN)zmjj=vG>bRbwm!(kEobfDjmnsqe<Ed
z{B!{o)(#Hmt*!a`2L@~~f`x81%4TXVP4!j*qlnc#p_0C+c9tMUD%cs3KvUZ8K+}%_
z06te&2Q)>?vQguOz9@x2##8<do7kBOu@X^D(f0SVvUoSvm-K<@(^@=c`YW90e($N$
zqQ=g4AV#35!}PCn63)|}4j;XD?Kk@N^cWu>-!Im5r@){fVocOLKNaB6OT(c^%)RNE
z8O{={&-9aI$B>Ih$#?F&mi`*gXl<})KdQKeGLw|m%i0_zpRtOXJZSg3rjPZ-+x3<4
ztcyxYRao4Lv|g#rwZ!SXqNY&$hOR=pkf%?}?xxSxz7Q$z?Tw3w#yyU(7j2Oy?^8gt
zeas|QmKL0nlG34)-+XM}qimZ2xp!8**AoZEiZFJ{>*^k>#pRmT_hXGEZpxCg%I?1g
z{?}K7E^<v-xh$=o#bb>W_#jq*D^8Z}Gk6=>0UeE~=g<2wFil!~4H<wsr$edGIbvjq
z1s24*nzWQ^<(dGV4RXFvva_>GJSnfmDCs5&RI0h~C@5%%;{fjV^do|Fn*O|_CT>4+
zHCEu7-sZ--x8k`Jv?BZQ)*!VwwD;MtJ@{z7e?J;EmeJuf(Gi}apxX9EPdr}bhuE3B
z^9C&&JteLZH}RSOUH<M)nzVKvv)?j_azQV%ln!or+fd|Sp+2Es?0g@1CiX4S=qw0&
zY%R?bkt=Ec1^`UrX5#5bvRlAI;+uYO0*D!PbBKsU_$m-f%0_VE=;Pen+sgSeR<gVK
z19-9RrBhz2n73wpD<ZZyWfX3w;k?k)*?{hk9xRkBl3o!J`?FGHXv)YQ$(9w>r)y*x
zSXflc2>;2@`#=x!W71vU-X7&^`7SOehaV-F{y>F2bS9FTxMOKDzh@M?cF7nR9KIoN
zpsTyv2B1V!OKWEgeS^*Q>(_r4+NFG-XwPWCOn9iub>7f0{=55R@5d}UGV;#zEiHN=
zw&Uq~7{?MfWw0=9S4k7R%gW05?yW61N=*aMoCgLVrseZ=MXuy?54W5Bcu8tCV}Y(Y
zKW`u2sb6SIhUqzYlBJB&K~dP$)sdXl+uPfD`WGp)gtKRKG!r;F8!s=VQ4T|8W##K@
ziQ8*xYx{ovB5`$fC8miAyO$t#+t;sO&pJ8^1D)%f4$6}YV#NOVWE$u0gIbc|Zmn&h
zRrNHB3OXoaROYo)K8|N&b?PJFdF3M-j^^hcSNzz)jdHloqV0Nes=S(xr0(0=Iq__~
zId!YCu`!;c+IeN=eMUw`){B3%h+&?Zn#!erizc8V`~CY1tBVs2sVW@yAfFwIA!}ES
zjM#|HeDvtiFnZhe_I3dL?CfmMe{tfE0vqFkqN0Q=FN7K0gNeBaSf`6+Kp(k)Tex0w
z7b_@@dy9PjysWjA9^!)xro<1_mJmQ5TgXLYG4lrs?B&>6HnW45bPKFWQL_*+&Vi(P
zuO}&U5-J36Fu{>yPCH1at7qExFT`(=4Y2Ggpzgi5dJ-TmD!8huDiNSY)r%@~XmHRg
zU_WnKmn1v;c5o@P){FzeTGVf1#O!?3Ts1T_Vg*=>c#a&|3Rbg>rK4tH$#P^W)V+Q;
z?*<?)iKlv|w&BlgLk3|>hOy?<a<%VV2SK^CHFi}CVB4WhziwWvi4y!->Ml++{dez#
z)Cc@3jDWqi0~bv%Ee#L(|Hb^KK5*a>;6Iiwd(z6nA^^<G=<5^Kk)Dzdb=OHrJb`_|
z-S_;=G2ZbuH&<(kmz!G_Pv+^<r&M%wWF#QMp1=}YwrsfyP2r8o@4bny0Py)qXzze%
zj`<i*to@yn9|&d=Q#Ky3J1Ha-M*T=uzCJZWr~28+sQtXx$z$GX6P$Y9jqS)0Z^d-w
z?Uc+JjZ1q-AWN{>7Zq!lx)pxUs#w**T}LG(u*IviQDBHD|8*E|Nsl-z_I=2<vY{cQ
zWyu+%Kl=Cd{HTihK-Tq==S?%-VKFhaV};<Tsv}|5_N$AxO+c3dW!VhZJ+^ngz@I4F
zimoDu%Zc?3-@ZM{9iAQtmQoj0$Dqu;yI@|~(h{D_zc4=^d2fA%ACEfx-brj)^i}3p
z==#z3tPU|TMeaE$%!mCDUUw~&Xv=OJe}{`Vx-KUxv-9yixpet5&C2MrOHS35TsH<P
zgO(>hOsSSOyREM{5S$1|LBdpyTs$^5He*${$bKi#SwHK+GG9Uo6BCP4W6>T|>T#Xv
zCzA_i4gy~_!m1qyKX9+XQdqXXB_kj&_NXRHWLmAfynMFfgf=FqVgHv$1@5cDra3nS
z4kRQb{K&tpLrl7boo7h?wCC;sbROw^&pV!;5;yzn^VYya;`AqV^1q<I#e!;mG3e2#
z_mq~F7P$Qt$TFs*r#He*GwUkgSAV0cHTj1z-ug7z_*hGNTy)l}$3A-wmf;D^6?7Ot
z>jSdAQIe=|z9|PYdj=1`F>BB6-M=O$6-^IO^|*j2qH-yuJkm5v-NY~>`G8zwB0p&B
z@$Y^Z=dpoX*3r?)qfk*^u<R*5(3GNd0d(r{K=qI<n3?fZPYJ*&e`PQW??q<aLi^Eu
z03#`_LhQnWwqiiNHX}b+AzCEfYI?=Ba9Kg&%a=zq)CUh%TilzfnuV_L_GUHTt;VB0
zRmSPS<(Hpvf5sJ_QnvRv4k-(w<#|X1sKc3d)3{sqYqqJbqe&T@nr_|b;<=XX0^T#}
zWwaT27Hw$~6KTaDod@TLJB$R$;mwVKoH+-IOd2;KE<~1YuJqZ6!RLUuV@8Km{gDfg
zZvZQL-=lcYu*j)-P}tI7{S5Xx`>@LoTJDy(55fwczgJfqmu{?B1eKUxT@W_-MDlxK
zysh|*Rp~1Oy8ZhF1x;!Uz8K|H>I?4Lwd*$|3pz=wD1}OHo%}$4AtBnqRYqu<olB~R
z>SNCspLYCne7Rnn<P`=$4Vtjmy-N%}4I!MGHJh8wL542jXJ2^x_`H4Ys201tyxcgd
z31CXTYuAZfy}Nf$V`!?S=8#{jz@~4R{NOOIUQkeA06L@XR9H~-0W~qMM30Bc2e29|
zz*cnl<jFm^JM$}m@=n@w$z%N*UR^mzfTxIMw_?+8m=qZ6IXAxTJGT++1|e<*n{-mq
z85jBxobtiLhck;4I(tl)>hO57oo9^BRc`zQ#Qy;-5Pil~eMFUn1nnO!NgRUb345-q
zA4qcEz4Iz86pJWSJ<iLkG!T)w{MN91yP|*a(!PEBpplwF>Q!B4X#~~~JrMlFpHL|9
ze9f0UW(Rj-Gwr!>;lkQ%HE;9;n@qFQ#+u9W%1Xk^m!4`LbBwDJ(D5X0o`0ujYb$Wt
zX)+KWLJ=chINANd7yQ|#$ngPhRWQp1bop%_f~!EhZhwa&oYz<K%GNhGR(T~PB&^4p
zIqwUs#<k~~4qz1@{I*8-u^(%G^nQzmUQ|>R5aVa`k!`gy6I*2U^;y97v){cN6o})p
z!cJRW?6eZwyfL^q(K*tTLYcz9^IF>jvRzz<2Kvf<mq%0Lu4Y|7V?WwR23gG+_p_s&
zS}i;*%%HE#dwO=(sDz}YtZa+a`aF$N6!q<hr%xY1t|i_YUD4duM#whYCr`$wq*Q5j
z;Wo;Flo$RAKYwRjwHJ%<_PTym#0RG-Bec_GeJBoxfEK=hplz!e^I-7#44vRfXy}oz
z%K$>M!OUkw+qo~Yg}g+~5TgK!D94UFl6U9HWqfv@!;nliPEA)<$=<$)(F<dN^~8yQ
zIUQNqZ5s90EG&O!lb$<wuK3Ea5719}ZFU-_1GqB?nNe}%U^gqqNd~=qc^EJu9^cl?
zHQA$gpzqqHOFJF^{Jal2)o8M-(0n~ayU_NS<?Y)pUmu%&$jIP^T&_0eq>3xTkJHSz
zJb-r0BH_BYyP~2Zd5Rh>lF*tUyfWkINq@YzZUFIm(YZcOs>)+yjwQ2OPe4peYy4HR
zkB?73piCt8C>q==hg@zb=hIaz9%gP`z?$=8Eded@#Zy{3I>wM8{rvnsp<=Nz4*?}4
z?yWI=`}WOwWuB9Qg5t@uXFeb}29<#afL%0B)JH}#fQidymg>Hq=h2*!3i+k2)|mrE
zXE*vtmh!kJdFt0RwR9@<t<jr3OBG*%+WB2(Z#dt*n*iaI5K?(}n5c1}jtZ>%w&3CV
zVvwgVRLzxupBq4YVKUJWn;WjL@~1oDrTCDhW08H{7&B_5_oEb6Em3{*w8NMIv;qcx
zqc0qkU71?B?7+J_m6Vheo(t`CadGhr4EzFR!)CnoWUDcR_W>xJ1aF&PaF~lWQBhGr
z*LVqNVAfMC#wcv*2iM~4(S3d3a9_WFm&UdscsTAe@1xSE54Z1%JB)ovo8}V|k{zy#
z>6@4cqCctq304ENWvYORuiw6%gIWZI(Ppws>`P@O8xPN3fhdIuCXF|`kHAHNZ>1*~
zEU!fJ-CuZDj-hRck0%P{=)Ozdx6iXt!$vSLHT4CO>wDjOuY6;Db*4#4st>avqf)QH
zniZ-oIm8w9^@5i#J{q28KYDZ<s9RG1!(Sj+qBi|ra+PTsS<JYLq>!BNMu0(BP}Dqg
zvF`8i>LF3c)Wj-ds>B0D63e&(PY>%-SJfm85aSgbtdwk2y!mi*cIa~6((<O}cxxs#
zGjrV~?l;BGGtw4P?QhI+&q=NM>B_0J*!h)c;D%7^TYrLY0F70_D<V`o$c?$NZ-FDl
z*1!%UMXX}A#oR_B^zWrwQ~ZGJAgU9+`FA+($noO@Y35#9$OX<#Ogw^~!*}B=70D-b
zoSE^gkNsamj+h6fo6q$1_1%XGLH}?ECC}1U6U>h0EPWPCds%=al49}U0b<4AFtup!
zh(`HBGXhe0JDL6%U#%^)>2tkrYip}2cA1+lr<D2x=`xcaD~=YvRZ2>VTepA;T5G`f
zDG}%w0icJh0s_jJIVTd8$u1fiva+$UIct4Q*tM%nm71Pju3`sgcx>$TQIViDY>YA>
zh*JXUE`)Q48O3(^uxFdnodZ7SU<~#5_w(8PR)BgDPJiUebD_T5x~wHwN#lx)G+kX?
z>tCPl%U|(kEgGL4s)n}4I)1ONj*z9KfuKac$#ByffAOP+2+x7dTe-3{h!wmK_Y2F!
z6<)O}@^{FP;Z-BqMZ6jVr@v9;kEO$(pVYpTER~?l*cIeZuiq*Eb<2Pd4PikNI$+D#
z)URKjkg{MU9s(pT4?m%yS@rYn%>X%yCy;&!@r~=f$f;8mgiQy<NwHD{oCuBk*Vvf9
zRq0>3p%WLbUAyKN9PA6^z~S;bL%?<U9!3Xa_s3-vT(a?anb={_$v5+2EV@1Pyw|zs
zFDp;flQs;VJbwJ*NW`mVKtKkFI_IwM07WqADR!xWZ03FMfaIfEvBMpXb`B0LKec2m
z>q%4VM6SeaRR-6`66Vy^qsf1(tNVR23lfM4G|-GW$Ps&BqPSEC7&4duxS4zCkGEyj
z17!&cL<Q!$fen5V6&1CfwKD~~U0Yx3jUKAx+YNWOo){B#=a25=zjf<Y^l#;7-$FUk
zqeJ0}+Vy|g*<-5(WS8D%2CQ8?q|BVRKYsZ4ZzG5RV~!dDni(`z&qzpGGqfIF3T1By
zr<5iES1~~GFm@NMmUO<iGTvDGYi(n5KP81jT3Xud^xi7y?$(&l&2RK{MpXUImX()-
z4b`UwgNDOIaEXb_%E}4`Rx-v<%vjL_v%|*>bEbdaNltzi)KKm*)3?#p1XKdCE5fh0
zt+r_B_d(Yq$kT<W5@SotKv1A}mhDf~q<jpUV~t*=VK5qFQMlA@hOPfk7T~>pk$q~1
zhPNuwjIl+vh8E$r%EEWE`WtqBB2M=T3tv;h`CWO#Rku1&+o{Wk2akYk6*x{XN^Y*%
zeYP!do?(0N;K5b68c_MDKq(#!Dbrm%x{ugLJN7dD7-3UN(8FUbzgvA12u1e%`CB)N
zVl}xdA!BKkux{;%ImS9DoXnE0mQKGo*&Tpx^tq-cFoGY7TaN9JeBKKDku|^vY=sBm
z;dE8FJ0qh9Kxa8UM?I%<Ri5$cKSnnV@4&kcs=QL@JH?Wt8HkTbT`Ls>1_rYpIF%A?
zQ$*ffQQ;k-Pa!TY&aGDzHdo-LS#tLj-0_U?iYl}Ve%rx|D`8K`D?fiGg?(6s`{lRl
zk@&o5#>>MacjLxU0tUjEuZb2@F}AQv^9PtYf)R%wMR%HxE&JofN<hnjGb<}AKl3d1
zTUjYr8yOgQ0&BcPm&FiKPF0eZrvP^m?Nlxn0RFzyRX}?1;K80MLUKYc{j#DP_T&kb
z0)|3L#zqR>MNEYB0mh%#V~mf8i0nr-Youm^T2(6Ea<a9R26v#Qqf1s^#g;Z)p6-({
zT_ANBz5~5q;nrR)3^xsxa>+{v+dMP0^W@W8-NGC!z<A~cztMcYenfj~Lg5SHOj6Ej
zSW!`g2TxB=|KOwgrw?Mi{QUe6O4*CDw<o#G{jPy#<r2rDPmOo11Wlbf46oM4!Qp0j
z6WF**Z7LhUq)E61Om^pL?^;Hx9L*XX=9}&CKgZ+pz`TNnoEFB^)C(^i-KW@A?Pi8S
z!ZjQ}x|E9Eq%J0M;>3wpNlCKCg`;%|6epLU)){>d<J5K;8jx|C>^cXWE!I2wfGQt$
z7oW$5n}pjk)vo<Kvg<1gWVORkeMdU-PGB1PL9sq(*C33L1A#CfGoSH?NQ#-X18T>}
zJ3o3+m)WD~dMBh-{|I{1ygOA35weBx0az~}=l!a{cTLck^X_)I;_|fg+zHESVsimy
zmfGbA?pZu|HJ16zU4rUy<<)-wUIwD;Qa9r9nxyX&D%l}n*?9^B6<{?XH0hB#%*3i_
zF}o)~s=y5B2jp)x*GsS^g{*pX2j&d(f?$oK3sBM1`veB={?q+oKlH(uWe<--F5^gF
zlv<m9__9+dK$Z>uLxdU&Yu!bv=MaAoj5ub`NH_K~=SceEfddDkho>>0qfa}?C+Gib
zLkvs!`a=~_&!XuKSdjWM%J>9zWOI+JNR`XGq~y%+ny9Uyql(6MhAnAo@Bq{5Xj!JZ
zOI-I8&L5D;yIF^0Ey0@Ha&WqTBwyYSL+vmGoePhdK8GB+V7)Y{7xa4;fOCGLb3X`F
zIh5VJ*(>jJa%_@4oUSM+91gi?U}$(BaO_i05A)u=d#9(TJ=4?E6(=M#LqNwd=P!;3
ziOzsy)NR(KU1kq8L>d1(Wq`z;Yc8I0UzrEV+w<i4^EBnv*RPMm!}1)?c&CI4v;I4K
zGrsA#1~#?Ybyw1}LwQn`(V{leLvzC0cQbtYyPP)CoJzC!r#(@*6JTy8x^~lA+f%pX
zZg{md#T)&Pb*ntvEhm2F$Z!M%FWu=a-NVAdg8xg05X^{u8kvlYOwh@WOpUBqxyrtW
z@$sy87ymrM?Azk(#5lQXG>D+j*ZTV5Gdp|?r|0UWj+{Aj2z#=vNMu0ogJT5@GjGL*
zs>VQs#tx0kPgrHHCd%z$7E}(xa-Kcw`8_437xoNrw6(qcpqSu9|DQkH_7rq*XpCB7
zgS&Nt4~f6B?OgJx7YeGa3w7gZ-HhxY^Ly2sjkpLi;J)@L4jafNr*+(lBO)XHaD(yq
zxzZ`hCxL+UGedRL#dqx30kFfy$47+_(=s-b_25@(rZabG;luoL_ybU~g+$o$=cjQ|
zuaV~-8-IP(R_|}!F&nni6)6mjLK4!Rk{zjc$o$xyI8}CZp12Pd9X<SVY|4}9Iw|@k
zrbuVlcA{hf0=K}H8sv@NRGJ8$hoY)Am8y4OcR8F}3rh(#$Z~Qcv|P1aUAp5^Lx%@t
z_C4ALKSi_1o)dhQU=Wa*UIP3hOVWRnVD$ZfZ3D-IS&RH@AE*J4BUmsKxknuB^*pLU
z^^OO!ILx^XiX8$iSrV4Jj;f`|r*feyVm-O?ZZ{_FRJd|Q?2x`1#0(RMhO;U!cvQ_P
zT1(wmv!Q$?rKH$}E2ScSgvCJb*IfbTG&DATNMun~p(J!D$?LqolX+F>08B@W-R%5)
zdcG6VTvc^-dyOjt|6_>{QH}(J^n*7rFB1T0nh2|zas8J!)$PhxBs25#UaDL}{0A3{
zi;Jf{HkUlO@-iQjk?Z>&vOWJ=WPa+{(W9@|MC3p$5FQv7OPs|XCXBA+d_uZKp2E5A
z^;0rGZ*Q{kCM7k8U!O=bdC$%-EQIH)hE@-0>v)2t?E(+l4>QqO1=Y2@x(Yjm1=%bR
zwzHa=k>BH#)ns`hh;QPNQ`zrlk$(3Xy6kj+#jfy9i-E`Tgw|L{Qs^|rT;EQmhX!~k
zyc7Ikq{gw%@?O>nnGfn}`=rS)fPwHCSMEM~?3f{TTgKuBFEPI0xPLz9=rxib7DlT+
zq4Un{vkLo|acC2^K?t--V`160Y5vs<2N7vgJ~BW=^imrUrQvg)HqiaxxCbShInN^j
z`dfi_h<$%d)%_)(gnH#=!`tlIQ4spIqtf=uYA4SMIgllRW&cN+ukUr@<l*@(!Oohr
zf~^|KXSn6=!k9M@=ytd`>L(Q8AOS=XDCV)?QCTPC)x6YPG3a5|=mYey?t7%#Q~R{`
zS$Wb}dYTmF^P(*Yj-+f6)%>`wp2ztJUr9EnYfyq8Rb(5MLkCV)4@5~SlS-%M!QfV(
z$g{a{?8uQLNZ9p(U~%PX<Q+<7P8+M=%F;;}aejgmhKCm8Ny#MTRP`9#bb}s95unr;
z43(C#xX8%YGfnL~8`v!=w+>kZ{P}Jas-fmyeyO><>a$PB%k1o{M+RQ&d77<|ltLiL
z6n_*+mGA+}hVig{|Ni}XD=eq&{RRTb8xC3a23o948>!{AGZv(k_8lF&=AfgamzcUG
zN!jA8r10$yp}ft=h^kMYNH7lGElIL^*@2D`;h|mN!mS<(X#<5MUd2_53c+xTGovd$
znUtjF#~4d{si}D|3#n<^XnW32cI%`oo<8RFMCn#{(J4Zx{qf_f`a1G6l`3*xW>Wd4
zeFzzu-6SnDDHV^|l##pv-e=nhgqds3dlV*IP+<8jBAr=e1|>gZ*Ar|z<UvC&eo;~P
zGULrpxeA%0s8PqjF0-H@vPD$@1_^U6Ymraw3M*Q0W|!Z&i_!Flk)64@9@m({z`*bl
zdNuryUqU>rNwWe10(=f*s(CBWO{igO^ot%@5EU0s1XsJLprBf)1ezuwC};?fZ*1aa
zmO`X4&EwE<P%|@OL3i=~!x7bLcl6WMPZB@263}5NA6XVvPdBfoEjPLfY;=82+yr=Y
z7;j|-hl^PDQr(Y!n&FrQGn7tI9Q^(>R-^g5w;@9&=UI}MXi^yzRKL1Yic~$HjJ<~1
zmeG;&>Qw@o1Khe;+`sxnyQHadUQ4Eq#!x<Xy|xSe<0tk;I;o&9pvV?(!zZQFo`W-$
zfB!B&^a2iqRiT-A${sZ_QPJ#4nNHiMWBwB_W`Jo>)4ixo)jJl3hUWzN{k8~`Re;$$
z*T{;b>UkpkWMMCP0~s|%OBZ(ffV@R1&Z4yo?{;?DZCf_EbEmF|^2O*uFV$lXW6g#O
z%)fwgB}@{Tg~i0g#pfb-Hk`Mlpz3%h8->9G8x?ZPJ4Y)k){{_o#`8_>oSX<+4+Z9l
zGGY3kCL;s0a$pg*^W2##k1!bsW1{UU@R?b+7$dPY3xS|+yVQ7%BtW`I@4{rxl`u(o
z!Iih2SY`%+8{|X|RZTJ(GNd<zN?T?Pn##wA0?-NuK*FR`w*2az+=XkUM#rOt45c|j
zOMBzy&78@^+aFe_5-wpbiQ4@Rl)pVUH%CoF^AOW|Hagt=PIr+vT2y$a3aPZ@@BaQR
z7$}27L+)=U0Ng^t!^r?U_uP1OkgJ5e1oBJq8g;459Q!c;DQLSFGsTARz@a9T!L=Yl
zS@9~QBnSovtGS{F5V>Dim41uHA6~nmHEOGPW_L>@0)xZZwGY?i_5l|L7F_z44~6RI
zM-Qp2aW01-MQ&*hFV!m$fT&M<EAQvgHE1bC%z-Lk^y5`!cNbUJ+|#=Zfp*RHZVf(%
zH3v4QcBeN(OR$49AnZ|Xcn<jBT;!w4)Mh#=A46iSCnYD_V5R|L*BS4Vepe0r(SX=%
zeA6eqRBKAP5zGy~qpV0|WaOu|w*9V)f3Bsv!wPDBqZc4%_j@{8s{#+Cd~B%%s;GpC
zjC~XY1@Ngi%AJ@P{diU*0Gjn$qdv%b5s4NgUkbi^Qz_RX<gpcA!!?T?Ts-hvb0!A{
z2FhjFy+)ovuY0ZQN%9FQ1~o11(Vurhkh$1J&u!3R`pJ_N>t?Tqs51eK1_uXUH*a7L
zrfeD9RB_!n3nLg!Tufo838787sv};i84zJLKi(@TtF5lSJhTBPx)QRDbIo)UbO6mO
zRU|#N>+Agiyw2bKsJa`Fa#2r7fGW0YMf~H<YI^ly4@3xJ-#9+C1@}-Ne@@tjfVp##
zA(If?L2ZKMD7V|&+9sUz*x5kP9|n;-(Pg)Rku!`ku9q-k91L-m`y)mLKk3;*yq~0`
z<ZJL$B`xX%@!fm&XiaGz*thQi)@nBF+F!IBehf@?ccgN^s0b&e8LZB2c02VF8X}s2
zxTxN_TP7ykFJHc_XoV=0S=*aK8>_vWwozQHUL3?H19pC&7_t@f*?oZR>$xkiM?PT-
zXf5s9y?c=LptQXTEcW!=EEslpMM8s!p+MAbBC48x9yatMA)*Frg`~X%jDgy4t<W7o
z7Jy<;MDCb#8}Ff^f{&ktESd5i@ws1R-n%mPO0ap6Ur<t_B;1^qVZd|3l0cUBvx>Su
zgU>nSR5q3eC|lj(1kJ>4uKD_AkT+a$baW&paJnQc3<kvI2zHOxmu_yjwz3El#DDwt
z?Feb4QG{Idf;;|pjOO6M090pUQj%9n2G`<9!x4~NQkcXK0x5q87kg1LZzCi7{N;<6
zTHK#MmJnkAV4p;kU+KkSl_QQAuRcRc0)Bl0Gf}k8pQ>Bfw2rCu#U&`K{nfl5RYwnt
zIFxK=_ti^n-e}1}aEj1Dl&}~kC{!XYkS<BwJH&m$O^to4{46&1@l@&RUPx@3@9)IC
zRN0+MWGw0`E4M>JFzi-h4`qb~#lyox09L^7IxR)KyDV60!w-#Y02y5K3gkwT4%v`%
zKFrHIMbD%AwWt@5t0BkuLTjf%dOu(S(cZ=>58|S;O==lW5Bt7W;0jO6E0jh$3rx-%
zk><H4Et_2kVL-g~3Js+pb|w^p#u=wSKR=KE97>(PG{Uk150{FX`t!}Nwl_^o%x^F$
zm!KqzF+$6Pr#wQ`SVO-(iHXr`f7kpfb#yNY6%$h+=5^j)=IXjSNc4hyI5yxmQ?Y*;
z`fEd}yDP{-oLV%ByASr{=gsxr%|4ilPpXG9>|E-RT>_t1cNHmxV5xMk@kHo1&5G6L
z`lm3L-H*v1B+|v0QbUp(slDIc_PdYe3Gnkb_y;LUhI6#l>v7ZD<?mT^>UH;p3IXEi
zqxKOa3qsUBkPQwWN|w4yJn%6pMj8@rz$IJVA3l7j6*qhR8RSNdWskj`o54~Gxd>bv
zT3Tk<7Dq=%Q*73MtF2WNYh87w8~Q5zQN*f8wcs3iXB)4S)W@<lEH2SZ)cK`^pmBPk
z7xftQ!CpWdS_Tw0+qzG>E`PMPzP<_th@8`Jip`BHkUJ3&Y+UQ5kh?;dizH?(w_!4j
zNghgIg@CHOQhHuajv_|AkXh0Vu4CSl_h@UXV+%TY=5#54HMO+`^or~aQ3zFQ(2#5T
zD*~b*+?YU<sDZ~2h2F{sA4mZc1QEuAidEP1%+->w2fz%mSX&h_`r;=)#2p4+erqjn
z1yKm^dmV_!2WoP+j?Crf<n#$`LK-3Zk@@hz&`<@Ud)FprXlQ7nK-B~wXJpRcLMn>g
zSD%Hp!Kl8L*jo+hG3R@Iceh^R-z(9gA!_$XNl6)Nvu;*D%a}b;jg%k*;@0v*4aF{Y
zCJhPaYf4;~G=uaYrXFQy7qDo}FocLvg^Nv>_>B_-T<cx!%BvK9rIIQ8mB?Auu3o)L
zg;wkhncsFFuekU@Bq0b2bTl??ZGHWgxT3V`kC*4R{^=^DfjVe@GW(4CiV(aeUjR}A
z$ksUf;hmdn=k1R5^h0pZ5THQRbupvk!nU6s9Y)YfGaTpH24#o<EX?p%iZN-9fd@tI
z5W&3VnJN~;+qZ+D&=Cj^rXn6P$N?w%Aei$Lq+b9u`e9`jIE+8*5Vts~U&@5Lx3;xa
z7Prc8e!~WDumMSS<QZeC-EcR4pyP1tpq$$~cHBU?sO2<g%#*S2RaHA6RhyIuw)(!&
zEqri7;|+=P`&SuQ+U(rihpDNY=!l3<0X|xTG=XCzHHzW!5*B_&J{3n2H(JLzH#Z3m
zUkBn`2;i`WYj;8#!chb<fr&qNy3Uu&;Q*1lC2kW?rBY3j%k}T<F`%Dh>t58ysr(?0
zYam+wKRBuO;A)s1r+R`QJek?=q1cb}0z{y&!#|Yj83F^r*b0Y5MGG2z=}k>cW>-jk
zASw~@BY26k!rN1?W6690JzK})z3h>nf>g5uz_InKGtLBzwPpr@zgvgzI`Q7Bm&lOP
zPBzJgUo0@ab&J!U!pro~Y5Px5{$_?E^x>9kzSw=}G%c(b?Hs-+D!qA#=jF}Kv^4Ar
zuba11xxIb+RvHO-JaP_ut|W>O`DA1)<)Dze^!EAhLWmQ=o`;qGlxKb4_c=fc$K?2N
z>xuk6#37xWKxPw2F#tvHt%>6FiML|1G{gd;U%+g6y?i+7DaybXBZ^Sp5C%>{Rr>`5
zB=$d?E<?LQ{;1*~P@1fZlQ9TTALG$2AQ2G}33{BFOXe3F%Y1LSZ%2I7;c%gQYtD7~
zo<}>fP=ipe6IvA=%)oH!;-u<VRCS~;{&jP6v!3WUMM&ZB=!?Y*?*gSFk}H8@0bYu}
zs)o2Q%-8dpnhco#-ij$<0Lf5=Y&JLCk;Bw_Qtsf8PeSSmU&{#ZG@q(g@;Zf3GvSVo
z2>JOS`P&CrMLc~ZMZ6SueEM*U0s3oI^5uvTe<oH5RGJKgTO^s;Mp~Z09O;LI2?%rs
zncr>I4^??_<rPpkeoaiAG-F1bjmX~+<;abyS65emFqF{bIyyE!Zj5FGIKxCRXh74x
z!Ed1yw=oS=e&2e9(^%!0J(oY`BYB3gMpCS!Ka1IUJdlQp>Z-}!hK2@&;f}9&R8)|m
z(UDHyIgtlUA128jE)SLbtH8jY&i6`&A$q79dCJ7Xd+VnWf7M-yghGkD$GE@%Wd1$?
z?PPtFC=(z$NzVkAEph;jRXE>qpH;>u?0_j`GG_?Gqiql*9{Bq1Ao+#l2?!jwdj{fD
zfHV40HmKxR+0)C=+Ag3;5VN&zZzpTf1q2KPP3yeCk}!Dvrl+mX(ZANw);0p&jFfP(
zP2T&G&CBii#iI}Kic*}MAkI;s%QgJ`oB`SC3xsQa^XB6nst?G^T3YBh6r;~V-^YO`
zPc$7f%Rgv_ga?k~k1XOyr-bi#3*DO~4@NnL?bYDq;^NA^jmx3ySimHl&jCy1lrXt*
zLv=C|3Kzv~DT&=S75;P-!O#T452k<vQrt!}&|mq9gABCH=_sH=8_fUYAC9=*<lx#E
zag9EH4vrMt0phex`~*;j=E_ezF*;^2E?yCI2M5{?p6kU0UHKh;d)YF&&UvNX-B=UL
zHEUo?juS7vgQYbl((i-A!xn>o`F9_Z{kr{-?CZke+J$pomO$Ek&<%}2ge$A<h@*pm
z;E@;#&sMK{D%n%T_h+7Fl6}pE^Ic4mZjm!{bH+#a?c}Ym`u^Sj@9!5@L>dSdnu2lt
z6}8juWL{LIrvR!NbuK<tN{7*or{#^#+y^R2u${*&Qjd{G%-but8i|I~@!l#JHumTG
zdZi~Wy@1~-amVQ3*6zj?(VX6M?&}Q!#A6u*1qBse2=76nSVmfUi{oV1BOJyg&e=g7
z%Z!AEG4dmRD{;0G#Y3n8Os1Jdt4mY6g!8$2;&Kx*F=@QO!gt1O=Y_R`PT4m;9sn?j
zO8rOHfx!XM@s+v)h+n~n59LiwG>C&Oug%qyX?4bP5vf`2itg@1larH#JBl-0)(Dd$
zMEDC-j>tWr?N9${7o?@9Psq-uvg#?m4}BQB(!kuD0#RH-KEmND&wzkk$iOxr!6uMm
z1Xd;!K!5TFh#1LP5U)4aOZ?HUSjEH+5MdKUHHkDuXy{fFBHS4gLXA<?H#oQrMj4UQ
z#434}N|xlY7L_+P?%UYdfUUlR1hlUY*3<vwTd_}$pmyfVcS1!$<P!rm0qYGm!3<mZ
zN4B91X&jmBypBA1gEp4YtTR8eb@KUn^1fL7yiA&-Ev>5w32BMJ+jb(&3(e;LJeQlM
zN~+vy^kSBN-n}?`p}dr(o+Z=l+Do2_zsn2MY<p{Kj}dQ4?ZNA25isNIcEXw^Lr(pS
z;-Z~I{+?4r@!B<NWGln^aW-fG*UeQ0!S*xQB)&sWPt0wuDwoASQDsrAQ$xeU1Au8<
zRhN{Mc<m?`5&q>I(z+HsICulN^LT~J?BJuasG}@Z|6Xc~5(ZgUS67&%;bxyN%T-Oy
z*Vetjw2$z5?^S3KDl1c%fhS_#NJ1DR4tjOH2OdOtMxn2C$#;SD>gj7yh71ZZr`1N&
zKEbb{-MhXjTIX9x>Z!|91!kIMJ%saQF#Kqs4slgMgOszj&Ms?xxx3r|c>#Hy!|Jq%
zUhkLMSWYZ+2OUEo%UhR+S7h%$7npiaR)MZFvJ^s=sPpv8GIwx-3un)gKrH_!)+Z;&
zC2<F4CT6szj!r~RTb_jmC=J&;MA6GJ(hOkZqI>kg<E03OYeO94;u99;DanHDUtmA_
zR9YM-y@``KP#fXH6S<GF0dPy_<!M$(k!3%3?%YW+(UE^UAYR5-8cj1KBt-siE8-HA
z%o4|A1S<G;Gm6~Fu+K}zSRu?tPbZF-aR{jO*?>kv`VFVQ3E#o&XLfwq&S{b#a6jj#
zdRZWa5o)upZgklIp(cwyiXke;OI1cX#`9|glwCnEzzoFz;y9>sG)4y>Y`Kj7HE8bg
zHi$rL##w$qxGh-}IM)Q*HC+^dP{p6fp|+;nBF+GFD&l-(Is;pXpP1vH$mhLk#OG5f
ztBtH<$4Y6u@oM0~eG+6GhPj&gX2pJeBC9Fy8-}nn4CLLIYigWzKw3mfFF92Q44KGt
z!{Ji(7lhLbQ|avJJp^8GhV>Wb0awKVse2Oto`prMH6$X!7uWro)|4120yq5|*NKD)
zj!}Kr5P~%0i${^({OsS`Hk8&l>(-us`ydqgAPT7v9M0sPL#a~?An_T+FDQ6I<S}3f
zaYP$MsKLO2&@e1kP7&hVHF2mL$2!#*OffS8Lqe_<+MxLg!s?XciO^seMj4tWDc>rz
z0py+QwEC#VZ~@0@A=_t8`-dWqk6iB<h24J};zGF2*4cQt*GCWt!Wb{G8{Ug^RYa1R
zNaqr7*H+MrC4y_9w+-wsEkj61NUsyW7XUAYC4d(jSXoh8Sy=_LNHHU(a*eYNA{Z4T
zqd$QnkV8tg-~>wIGc4PN4CQND4tQYk@$sT=%X~PN1}gdskrDt_1BB#ZbE$GFnwxVG
zIacti#_n81tH|~Bi9;$0@c6hY2pa<R7>xQOj@SP{n(yJmt%U7{Tuw8@(&Yb6mye}4
z{_o!x@If{8w)21Osw3$C$8QAqfB0(#HYu;Z(djgp?B0rB(?D|RyrS$IX@dv<3kzNI
AVgLXD

literal 0
HcmV?d00001