From ef6b57a9c9d0a0bad27669f4eca16109c7ad06a6 Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Fri, 19 Jan 2024 15:26:11 +0200
Subject: [PATCH] feat(apps): add ctfd (#2173)

* feat(apps): add ctfd

* fix(ctfd): add the right username
---
 README.md                         |   1 +
 apps/ctfd/config.json             |  43 +++++++++++++++++
 apps/ctfd/docker-compose.yml      |  75 ++++++++++++++++++++++++++++++
 apps/ctfd/metadata/description.md |  35 ++++++++++++++
 apps/ctfd/metadata/logo.jpg       | Bin 0 -> 15393 bytes
 5 files changed, 154 insertions(+)
 create mode 100644 apps/ctfd/config.json
 create mode 100644 apps/ctfd/docker-compose.yml
 create mode 100644 apps/ctfd/metadata/description.md
 create mode 100644 apps/ctfd/metadata/logo.jpg

diff --git a/README.md b/README.md
index daa61d83..a1530e80 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ This is the official repository for the Tipi App Store. It contains all the apps
 - [Crafty Controller](https://gitlab.com/crafty-controller/crafty-4) - Crafty 4 is the next iteration of our Minecraft Server Wrapper / Controller / Launcher.
 - [Conduit](https://gitlab.com/famedly/conduit) - Conduit is a simple, fast and reliable chat server written in Rust
 - [Cross-seed](https://github.com/cross-seed/cross-seed) - Fully-automatic, no false positives.
+- [CTFd](https://github.com/CTFd/CTFd) - CTFd is a Capture The Flag framework focusing on ease of use and customizability.
 - [DailyTXT](https://github.com/PhiTux/DailyTxT) - Encrypted Diary Web-App
 - [Dash.](https://github.com/MauriceNino/dashdot) - A simple, modern server dashboard, primarily used by smaller private server
 - [Dashy](https://github.com/lissy93/dashy) - A self-hostable personal dashboard built for you.
diff --git a/apps/ctfd/config.json b/apps/ctfd/config.json
new file mode 100644
index 00000000..d59ca33e
--- /dev/null
+++ b/apps/ctfd/config.json
@@ -0,0 +1,43 @@
+{
+    "$schema": "../schema.json",
+    "name": "CTFd",
+    "port": 8546,
+    "available": true,
+    "exposable": true,
+    "id": "ctfd",
+    "tipi_version": 1,
+    "version": "3.6.1",
+    "categories": [
+      "utilities"
+    ],
+    "description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability.",
+    "short_desc": "Cyber Security Training made simple.",
+    "author": "CTFd",
+    "source": "https://github.com/CTFd/CTFd",
+    "website": "https://ctfd.io/",
+    "form_fields": [
+        {
+            "type": "random",
+            "label": "CTFD_MYSQL_DB_PASSWORD",
+            "min": 32,
+            "env_variable": "CTFD_MYSQL_DB_PASSWORD"
+        },
+        {
+            "type": "random",
+            "label": "CTFD_SECRET_KEY",
+            "min": 32,
+            "env_variable": "CTFD_SECRET_KEY"
+        },
+        {
+            "type": "random",
+            "label": "CTFD_MYSQL_ROOT_PASSWORD",
+            "min": 32,
+            "env_variable": "CTFD_MYSQL_ROOT_PASSWORD"
+        }
+    ],
+    "supported_architectures": [
+      "arm64",
+      "amd64"
+    ]
+  }
+  
\ No newline at end of file
diff --git a/apps/ctfd/docker-compose.yml b/apps/ctfd/docker-compose.yml
new file mode 100644
index 00000000..a695dde3
--- /dev/null
+++ b/apps/ctfd/docker-compose.yml
@@ -0,0 +1,75 @@
+version: "3.7"
+services:
+  ctfd:
+    image: ctfd/ctfd:3.6.1
+    container_name: ctfd
+    restart: unless-stopped
+    ports:
+      - ${APP_PORT}:8000
+    environment:
+      - UPLOAD_FOLDER=/var/uploads
+      - DATABASE_URL=mysql+pymysql://tipi:${CTFD_MYSQL_DB_PASSWORD}@ctfd-db/ctfd
+      - REDIS_URL=redis://ctfd-redis:6379
+      - WORKERS=1
+      - LOG_FOLDER=/var/log/CTFd
+      - ACCESS_LOG=-
+      - ERROR_LOG=-
+      - REVERSE_PROXY=true
+      - SECRET_KEY=${CTFD_SECRET_KEY}
+    volumes:
+      - ${APP_DATA_DIR}/data/uploads:/var/log/CTFd
+      - ${APP_DATA_DIR}/data/uploads:/var/uploads
+    depends_on:
+      - ctfd-db
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.ctfd-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.ctfd.loadbalancer.server.port: 8000
+      # Web
+      traefik.http.routers.ctfd-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.ctfd-insecure.entrypoints: web
+      traefik.http.routers.ctfd-insecure.service: ctfd
+      traefik.http.routers.ctfd-insecure.middlewares: ctfd-web-redirect
+      # Websecure
+      traefik.http.routers.ctfd.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.ctfd.entrypoints: websecure
+      traefik.http.routers.ctfd.service: ctfd
+      traefik.http.routers.ctfd.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.ctfd-local-insecure.rule: Host(`ctfd.${LOCAL_DOMAIN}`)
+      traefik.http.routers.ctfd-local-insecure.entrypoints: web
+      traefik.http.routers.ctfd-local-insecure.service: ctfd
+      traefik.http.routers.ctfd-local-insecure.middlewares: ctfd-web-redirect
+      # Local domain secure
+      traefik.http.routers.ctfd-local.rule: Host(`ctfd.${LOCAL_DOMAIN}`)
+      traefik.http.routers.ctfd-local.entrypoints: websecure
+      traefik.http.routers.ctfd-local.service: ctfd
+      traefik.http.routers.ctfd-local.tls: true
+
+  ctfd-db:
+    image: mariadb:10.4.12
+    restart: unless-stopped
+    container_name: ctfd-db
+    environment:
+      - MYSQL_ROOT_PASSWORD=${CTFD_MYSQL_ROOT_PASSWORD}
+      - MYSQL_USER=tipi
+      - MYSQL_PASSWORD=${CTFD_MYSQL_DB_PASSWORD}
+      - MYSQL_DATABASE=ctfd
+    volumes:
+      - ${APP_DATA_DIR}/data/db:/var/lib/mysql
+    networks:
+      - tipi_main_network
+    # This command is required to set important mariadb defaults
+    command: [mysqld, --character-set-server=utf8mb4, --collation-server=utf8mb4_unicode_ci, --wait_timeout=28800, --log-warnings=0]
+
+  ctfd-redis:
+    image: redis:4
+    container_name: ctfd-redis
+    restart: unless-stopped
+    volumes:
+      - ${APP_DATA_DIR}/data/redis:/data
+    networks:
+      - tipi_main_network
\ No newline at end of file
diff --git a/apps/ctfd/metadata/description.md b/apps/ctfd/metadata/description.md
new file mode 100644
index 00000000..21f3df69
--- /dev/null
+++ b/apps/ctfd/metadata/description.md
@@ -0,0 +1,35 @@
+# ![](https://github.com/CTFd/CTFd/blob/master/CTFd/themes/core/static/img/logo.png?raw=true)
+
+## What is CTFd?
+
+CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.
+
+![CTFd is a CTF in a can.](https://github.com/CTFd/CTFd/blob/master/CTFd/themes/core/static/img/scoreboard.png?raw=true)
+
+## Features
+
+- Create your own challenges, categories, hints, and flags from the Admin Interface
+  - Dynamic Scoring Challenges
+  - Unlockable challenge support
+  - Challenge plugin architecture to create your own custom challenges
+  - Static & Regex based flags
+    - Custom flag plugins
+  - Unlockable hints
+  - File uploads to the server or an Amazon S3-compatible backend
+  - Limit challenge attempts & hide challenges
+  - Automatic bruteforce protection
+- Individual and Team based competitions
+  - Have users play on their own or form teams to play together
+- Scoreboard with automatic tie resolution
+  - Hide Scores from the public
+  - Freeze Scores at a specific time
+- Scoregraphs comparing the top 10 teams and team progress graphs
+- Markdown content management system
+- SMTP + Mailgun email support
+  - Email confirmation support
+  - Forgot password support
+- Automatic competition starting and ending
+- Team management, hiding, and banning
+- Customize everything using the [plugin](https://docs.ctfd.io/docs/plugins/overview) and [theme](https://docs.ctfd.io/docs/themes/overview) interfaces
+- Importing and Exporting of CTF data for archival
+- And a lot more...
\ No newline at end of file
diff --git a/apps/ctfd/metadata/logo.jpg b/apps/ctfd/metadata/logo.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..2637dbff5a195d2707d00768b8b8839de2df899d
GIT binary patch
literal 15393
zcmeHu2UJtZyZEI@vmgps5W)&b6A<Yw5v2%-NLLUdy@NpLBtb!tqKJqHD4|FfBGRNt
z5fCi&CcP?EAP^vsko+&Y>#pwZ@BPYq@0|ZR?{X%0?%bL0&R6DZGf+NK#(@2rY8q+)
z6%_zbfqwvHoQhV}*TEJ5G&F<&1^@u)fCE%CJFmW$qg1=T-k*cd9KY6If^~sk`%r`R
zgVewGcL<~X+TRFl-?``k;2u3d3)W7ZmJp|k`BtX_M*u0mwu_%SMV0am0)+wq)W6p8
z;1p>7P!GLN4=8|eYQeH|T?5O`EPuNz>z~um0H1w5<gMjZl+~n-v`o|tO?>2~PCCj<
zN=V5_OUg=%OP`VumytUyBYo;5LjJVmDRFT*@zWp`XgBN;i0krVVy>Q|7S?W-HlkK;
zE@HkG*Tuv|Pl*AFzVf~<*IjH77Tmrr&aR&FzDoRGyUBy~on|q9C=>Uum!gNYt-PL!
z+OJ)~Cnf%0q5Jswi26u~x_Q`%iOb2!iJdwvcKWmk*h9qA&lO?eE8^<O148-{l!}d~
zm50N1goB$a_YP<aOE)is5<ma<Uf-r<ZT0;#*S$QPzkbBpO3cRD#>K`J;Rzxl{=+P-
zt>h672xpt0Ca&y^_^HL&VFwd=XA4(5C4OHKYa3e&FJ}Zl)X??ocx!HJ8&3y2S8fq*
zaYeD62|7Fc0m9doAAySf#ize^`va!`CJ~eo2oDF#?}XUl=GPXl9qN7MsfG0pDNg-B
zif^Ojm90JhF!3Es^ljXKY5|F{^WwUNho_B!-*p=$emxscH!lw>n?FjxuK>?^*jONJ
ztf8k*ot6|iB`zW^rzrN*tM5!y{Pl&ZFG9l_YH2AgYi%tqEn+DvAtxefDQPQWX?@C8
z#M%mMl#;cTl(n+`4(r>HKS5Hn1OZ8%mO3phB_}QkioKNVsqbUHzWmb=12-=#`yI5P
zr@#07z3unzf5YY<$@LqmKa%yoiP6{pu&RDov)~JmzY;(27i^PP_CnaZc|i3MHr_Ve
z8qN-G*WJ9F-8>b={_yfA1pjk!1eL}QviK*>@<*WoJIjBS7&i|CH#cYKISW^B3q`S?
zoBz=ye^Ws}^#PU9AH-PfyE21P27z+`9qlf<U9@y`yXffY=@^*yGchqTGO_Ms-n0J@
z>*2$PSlQW+a`Hira_}5uXXif2&2xfZP)P6yMC6o+z$rcfL4h40RP^-pObkp1nV1d=
z9A!T$@GoDKT7ZRt3QvWnp*jvwvry5nP*EBH2&m(CQGLBY)&BJYZ3j4CdIm<O-C&23
z{Qxx;4GlFd&8}UvpqZgU?${PumR$#a5m%-=sB1xg+@1CGjhIvhp0kB@Y<eBbyb_ik
zHyN4O4;?;ol<x$;fS{11l(dYjocuWzRW<eV8k+hBhDOGhub5bYiq6j7!O;`p<?Z9^
z=N}w$D>UqOc*OnK2XPPMA0;HFr9aKc%*xKmeNj|gQd;)1yyA6zL*tvK=C|)UySjUN
z`#$y$j89BXefm5-GdqV{S;eodZxA-OcJQJCXuhEZ{{AIiEFfOgw6rv|^gDP_QTu>}
zhJ|+5FXD6uly&JX+z%c<eS?AZY)ool9V3r~-ZGn|M+Xx-ujDu%ZU?omnEi8z-Tb#O
z`;OS}cntu1XsAHu(Xaq8U@J31Acgw>%KvvX*n?$v%un?-z0%Y9i-g0vzS-?amwi@e
z2R#R6-#C3{CODZcZLzx4EX&mpBDQ2EFr-+>Aqw!3Yn1}1yh1r#qVI+*_m+*~1qRV$
zo@g8^y53|I-Jb430dBNVfCl6D_@BG5;rYW9Ew^f36VdFi5*v9-MSNXC5`dtK!ynh@
zBS?eTY7~S5ye;~O{>VZB@a#|5B{SFr8=*6p3xtl03-2oKKJjr%&gWn>K>9;EE6onR
zIZ9W0c6K16@}0lR^m|XdQ6217V7jWuNtK7w-963As|1ed$!+9xf3flV<YTyv+lT{^
zE`h6qSkm+I58=_u$?9XO{x!F%MQ7z>d5?Zj*M6z!7qWO8gEb_nDb3sWMpZ>a4nD9H
zm}mP?Rnv@rCwTAuF&yvn=KCs>LNgwR{cj4c6@J>qs(a>tqa15$gl(RHicx^)O4H<U
ze^Mv5b2I|Iav=~-0j>qKZ68?M%=k7F<mxg7AZsVrlWU_XKuSsAUU(o0Mgd~&o`a)#
zD8P(}rm2Jpq%k^IQ942ZE4j@ekQM=qE|*1?MDO{)aiPLupGWUXU<a%x0I9Y&AnRr|
z?=18<%ivIqMGlu@0>`I&Ae>=x82vn4TG!<4vlKr<RmELFvplT|atX90ts1pV-^kIz
znf{{BM5{&N))k%8uc0*!)lC>3%?+f4ZgG!udSzDu&&$$#HfH<OyFL<+F5FU8ihj^I
z<~YvhkgtFj(N$%$JFKh93j7Zist<ws6yUzq1O*_{jG$-Yu`NQ|B7`goz}wVF0oLiO
zC_sl8Jkj9mB#cL4%oJd%e*w0@KmoRP8`t)1wAE99P3Zt;A~lSBvpb_mDwTA3E4|)6
zEn-!t{pN34v5W+nc%}8ai~`tqO%3mknKmuo<mDoVwS!>ts3Q(K472Dxc2s@sIEyhR
zz#8R!A`s)AS#QIQsqGJwa1gZaOaM9V6`Xq}v1Bnky9t?jvHdE)dq-F*XHyB159IZm
zQk2N^P4BwwhV-_wHnL)M9;t$>VZAf2Eq!S7WRvhij*SOvVN+fYbXA@Gs8m@m{ZAEo
zahwiWBRY}-EHL{~fHd<O$vk}7pOweg@Bc|C;WR(fSnuJ7-Y}fiT=d?w2;mmkStfzB
zpzo#Z>723u#niov7>RS9yIqapQ%Gfe?t@Dw9>gWA(btb29q=vFAs_Y<Fz{R7qySCv
zJvy`P>-_oHXgu=bl6tpAbyudntA(5qB%9}@QX^7)4071Sw@m9mQ>pMw&>{BCPdeFa
z`hzP4?+pEl128-ZpRjwjGhjE!kmY@85d!&b$97iD|3vu=6$BNbI1asiV+n@W>iZmr
zdPw?{sDAyl@De7B0<1W%L)K~0+q?3{9EsE86o8bZ6t;Z>RHw?0di{y*<daC<@nT(7
zzpNSMpV@CBPgfX_GIwuu_Qj*=DDpmqynSQ6Uab6<Hf+3;e2BK(K;{V|GrPlxSI$bo
zB%tHm^f_uP+E6Kat>Aw3nGP@0mP5J`MC~W3FQb<0Q#tE6>+slgGK4VK)c7z>qIA^Y
zj;BbW5_&*Kck3=W>qVTo3)l2p+bdU}FAeDTLgGm@&q3aLHhpL7A6fh#*5#sqR*>+F
z8dh)-KO)qSYd0`keDkZC-vsJssu7M>ZxYZH;6$4Rs9x16K)cC<Qrlu!B*ehig;m$w
zVQc?iX(ofxc!?`RP3}&@^@=X#ylVA=YjkO8H>8k9mLSa4LZ)-n3d{%OP0f+r6~w~#
z<c$rTS^TVdE&~rw4E%_3z!)rCK01_CsnyaqaCuCvWwinJ5sFzzhQ@VWtkHnL?!JA1
z)o0#7$KY?V#f-PH%%XUTiE6Qk`$16OHfBhXm@X;Lyh6V^d$auYrN9?P7OJfJy#Ks}
z#yk>wXi0tJzRno|Dtjz9Zu$%37>22;w6{;s$^Yhci|6&nG3yyHvF+8D(VEK;c5+v;
zWY1GX`(#o3m+0M}xRb92R7RmR1!%s!xt4q7HWQtO(k_pIng%%C%)<L@Lb_V0>O5qi
z<1xBcnIDgBgX||1H9&bi2G&cm=Z?q?x?gWipLsflqJBO@gQp`-Qh<8X3&9iO64B$K
zojz@oMUZ@J%z)|mXZQ8|^Th2tHE*g}(}JM5$n|@K>xAK)5q0v~15EqT?qb5)a_7t~
zor4Wg0a{LqzN9Mvwk=nH24AL0xG}bEN^=pX7O9YYyR2}D0#tiqIx8*@^Qrpwn{nKG
z=dl-M)cY{9U~Yh|36nPGQxVwTO1v^~994O~1wf_h!Wn%{*YDxhBMij~@}(ZpbGTVh
z6)wycPY->5RZ~j=iZ^bR1asDei?~V(XV#vEjMnN9-^nmHURScG8O_ce@Y>GIvSIt2
z<h5(~X*$AFnH%9gclf$v3&5(Y3V1?TYkm;U8ZDF{`Ug$$wIAD$mZxV~>SvoT=-gtD
zW`|}k4+x}Hb>X=|g$4Xgp>DkOr5A&UmzFs&IK(f^>ueC+V4Ux(KFJyrQihW%e}Euf
zWuigX#-?sXA%&albEAg5<qBmrFUL7XPIqsus`N>=cnr36x>=M*d3{9LY~@U$ju$&k
zMk-WB3g1d@^>dkqSMpvo44V*cCn@0qOuJq;<}|TqFp&AThaOP?-|J`=Gw}v~90Yc|
zIal38biQbmRKqi)DIC%P6(l(685|sX6*7G%Uf@g{v7QH_CtO@qS^6qO%g%jogL-<y
zc;719i~A2h;O55XI=pk(!)MYW()a%jvcD2xGktRU3tghtkZ(Y(=hKRy6ADkXufL^Q
zEcCWra}6%lIm3LBfW<}DqxYrSyYb0vy}jC$W%_({!CGlQ(hpBpEl-HUMK&fw?_c)X
z-DQ^{zKI~7)jNqU^)CnUnQUiTozDv|ShRUrk*KlAXSt%q!)|BwmN!`gTEg~~fvmcE
z%6rNV@?KI~c{j~;J0l_bIV%+>+YE|}AdaIqHw+NlW8TO@R%j`$=X!ZBhi7K5w-Nls
zMzrf;#>@^8bx)D5$LLW3dz#nT*tDAQ2Z4s5rXOZrji&&&pMB9<zlv*lexi3?rHV7e
zXWtzP5X}wA2YjX2W(KC~V7C*cCq2gl`rFZL38s(9EcelxV{XqDokh(Dwnm(sLS%h2
z&)%)M<i|>74tg;AFtua_9OR~0b=UYSJtys^)90RaXpvXAnESF9RFM|TnDu)dikj^X
zBO>SVW>=b3llT{kWQa|V+KSxCeU1dsL~a|<vfT67%Z8(`t%;To3+4@0!zso(avhUZ
z@m$riRWh#RCo0v1wQuKTI7<7MK5;{5UTyTUxqkC}W_X!!&f;FcB2e!y9JP#p!BGo>
z{qDK_L$BiROwLRoONwJPcdy>)c|Y#KV3BwCX@%#`FU=^BZDZ@I*}4@Cb9Oti^)p>-
zxn4gNj?TezQUD3K7QyOF;qvD=&d?;TkA3l;8&6#qn#%JX^gMeO{Nx^59h3Cqd4?IE
zGwpN^eUfE5z&QPKCEnqo-|oufsaT_#w94pcmojfqHBkSxeZ(?tXOV@=f+dy5x0#UD
z+}&0RPtUEIobeS~XlaIDIQY?;CUQFqDt-D@UvSkg2!p7m9JtERbd`YmR0Fzl9xkMJ
zUxW8?tj4#%!3#xAKu_p!!IRwf&URiszMt<U`u<_`h-WRdo_C$@RpeON!n7Y&q`GJ_
zRpjo&kG{`Xza+bNA5yZ?pWTQiDjwaMSM79`)IPlzcE0Fl>$_cp$4;df>f$-Kb@b0b
zV1z^KChf)eyXeDn2Oaxlcjf1YhXP0$<|ozV@QeUVXq8|J!E&^DnH+7Em3ivI{#&*b
zz^|fgLfhpJA(k~EvfhM0Tm;pIoi#FvI&*FJBg1zTphAb67|{z_0|ah#p)6(2+@>i+
zim^B{xVaP~aRzw<Cco`5s<|1~G|F71F{VHPihQFl-lw%xF&12{mmwC&lJ+qy?m|82
zF*DYF(X()(ut$Wus_2o+{Uh!2r#9$<U?TR|ER-~=^}yvO>5}CYLH^Q9<}Lz-e*1mI
z558w!*MWxMA*bbEDDdPM>EC3iqYL6NuUn>>+}l^*a>ZFn{o!Q&AsymO=;c9i3h*!+
zmUuUPhzYj^+N7ijzTsCC;5Gc<aKHAk^`e=0J=K#gabBmyX}QKCNc~uQf;P?ukESAE
z>iqE^23$TTcqaxv^PIZS0b8U1!ydkPtHtv;|KHp}0R4LijlGe#g!yAbhDbs_^F&h*
z7l$gVaUv>Y$LRchF)AL0F6mcknL$UiBEyJ<Z^~ittXI@7eBOoy)8iZU^GmE3;$?pM
zB6$zxaJyb(A!uz2&$TUFxy=9C{$!L-^@)D>>vE>5a(7@Oum)rW(y5olkj0QyD7zN8
zMrFo2;}x??SooxdU*4()oie=+M4reYoxATZl${spO2c~2>3A+WuCW@MH??S9yts57
zROx@|bb*c-RoG<o!7IKBuM;1>%E92BWFr^o>C|SjmHKZ(?x5U!iy97*1#z6@vOKNN
z<|CTcp8ZHxe}Th*KNb88sy|s)Cb1_v_?Zm_P%osO!wb$!FvsW+b3G{l4OiUiHxjX}
z)hzTcOP!o3#<@j(@iCX?d;UDmH^l2eGc(SI3ALo(HVk?!HafQiC$zQ52U<`=&}gd@
zgXgWyMeQIB>Ij|YGS1uBBKyBH!vL0gJB7S!kWj%9z28^w@E4LwN>#fko7gL4NOD-}
z3{t(i;|wHjWB+?M#d}xPaM~QKzQdX?PRViyH*>FN&(ALn<c%Mg^NuBS)jy;Fv+J{!
zdSy}Qf+*&-6ttf@{E|es=gQvi+y-5UKkCGPKAQb4s{MNJ?Ig)Pn|n!a>s;d3@95<z
zBX7-a^*N-IxcU~?OH)PiZ*rw3eQ+m;LGtxNGG55dP0Vx<KF546@zLnSmIS1_WtwPv
ziIWfa$!_pJ-;i2LJoH+Jd6sBSZ0)v%toD><qKDyg+CHU5My2fYyY5s;FJo20sRc;8
zT#hNAS*H5h9GW!6YYHN_h|x!uo9c3=`ekk}HVF4E^fpK!cjF<UsFHaT_FI|u(lvIS
z&J$%i6GErk7C-pG?l^Rqv1A=y@Rfb+<*b9_%W}P;%4+x+{Q3Lf*r254;;3qe+nQGI
zppy;FkS3CiwQzfv8Fv3RR`EQ-?UqZ{S)!{{WJqbPEYyUwh{6cvPyqiRs0a>P<TWA2
z;%L&i+0wICKLk^xZj$AyPg!S608<>ss>{UJWhg0JXhO<I8|%t=<`bunM|muwA{aMj
zN6H7bmexg=JqGOuFp&lK{Q9Dt^BIrbesFUEHsZ`opjt~|PE%A!zf1@?SJ)|;ts*V$
zeo~wp&)Jrvq_L<WmHuDkP)_Y(xW=HkKcKG;R*b2)7!y0PouwV=8l3wuv0Gr`5CkPw
zdr!TPrV#roFO<+RcDo7*CLDA-rLlu?s1ECC0{<oN)sI{TMDY~nR!zaqH@Ne-cTx9$
z5qej@>--!;W;@jmMgKC?hXVg)O6qIqlJo3~tC*|aNb3>)C#~$V-9_T-)UR}2W9VHM
zZ|Y14N54?<BP#MrhRqEhTFZ?(Rw{=(TyfdP|9;tLzq35&=VEf~tb%e+YZMGB6D%go
zF7w_u$q(7vN-P~fFU340)nfgZH*O)|%-Q7k&m#oIgT*<X!j^g3#yd;r(`3EY6UHVa
zW|aiqj5x2fFpu@dxs<F0ypQbT)PoK4ca_5)6)b5kSBGWnBGSd#?G{sC35IRsJ<ui}
z(@LXwIAbPz-x%kE&RAN6Q0ujS?2`WOpJVU9T+EzDe3#TaI*Qma);1Qiy!mZp`S8uY
zey`0*;<>pnBSOnWLYa+aIZ<GJ<$;>|=gc6*&)|xrSG&U-ar^Yb*&B1(NUD^l6?}J!
z*(KiYK6}Hbp;3b;XL2+VS3@&^ENWyIQZtfX)gjSZqh4Yi3a+Y@oZoT|jhK33+;=X!
zi-eqr+~X(T^8Utv2Ok*x-Y7`YA-pfByW!_xg-Fj~>L?^BH_e(`sb0&~aBeftq-WNj
zxJisgbdjZIJFht&HSFffJi@NK^<`&V(zxjm^B1wAa`KT0>!!&lRLQCcTN;+v-Qex1
zPJ(MSdfIbg_g=Vm_ZjI!>+y0FAX!3~0`M3+O>&=?qo*}$#Z27sxma7&vy`UWLHog&
zys2mud2slc)M@&4{*Cl`P2p)y*hE`|i2JmTi!Z&y7!3tDGiWA_!4-zmrKbz7`JQMZ
z%d4;D8IH9IB}fZ#@NPpkKdwgzw;?D%Wc87X+Lun15~HnQ*TF0iBRFH6PuSWXWbEZa
zZzZ-2h9)xgbthHXR|$>!jOLgox@xsgtPyqHr|-S<qdgX^W#D=14=G>>Evg&E#&v{H
zh(5`(P}K9lk>%R;BjE>_3znN^UROm_zuPV*LB#@Do;t;3+IAIu5Ot>jCqIGC;@Eji
z0`|@~^MI`mr1~NEP)+xzraz}6u5>wzmMDD8KgoT6;<Ns(J9HWpfNJSXl7?AaUd^&h
zy^>agvglIeWrwVLi#1gb&@ZZ!r=u_QrTNl~Ba@>FN9H3r7t`xcTH6ZfJSX!k`r_BH
zngxjn`R2_bZ!f2M<_!uE6FH9E;{fF-T`A5pymPz$!>DBRn%ivGKxuYbg`Sp5;KH<E
zwSxjE?}GRL-mmy;pM!1l#>D%s9N(-f)%@-iuMz{d7Cq4Us3b?v?f8ooFK0igtf0;$
zl8V1>wd|W5zre9(`nH(@7&Cy56_~D-nq8|6<cnq>cz_u}z?&hs0`f~Ig%*s%1NC@D
zhyoc*h8U@5{yr;H6lA%yWMa<~ew~NDb#)KMFQIGi(vP3jUbrxQSk$4C=RgErm7qLf
znE<oU-|iA`TPg5qfbQ<Y)1IC)35;}weJZv-A3Ue7)5Lc1fJw2%9vi0UhZ5Rb3GDK5
zYr(FCRpq6w<)KD8Q%)IOWM1FgCMqxE1p4LH$P?%T5?g%`RlXCYws8XbIk-lcfqy9m
zmt`19O#!rvUeZ)u=s38!2+2SUpx+?bop;Z34B9GnIY+>b1#cPO=r9rLGP@|0aFHEt
zI}+Ayf^LBAhF??9t2@Zm6&eYN1YjmJ3rj9;`p73A4l!=eJlzM=B+NZI7JV=*y#E-&
zM)r8VCB(qppjoiyri=ePS-l@&{LUYJM^Phda$%rlh9>PT|D*I}=ZM*23J}G`Q(9YY
zDqJ}9mc<BMALk(%_Ju5S;OM-jafjqs+_dJ=rn)7zLAD{iw*>|Pjp1srr3lgtwj2vR
zW$Nh9w;h_5em>IEjrU~x1&G3fyCKYQ6M}6?RClT32ektQM=}ge#zE72Z2Vs|62ecH
zVIkPSE4jM^u342t1uNAZx!ku^xB$!W%aLA)uF27pOq-Umju<((+?qadN5y2eFfcFp
zWXo$6B@OZuZR9UwZ49&3tk3uNa|gsjs>|J1o6#wF$cI%EF0PJ~fv`+fi_Eh;x8(Tq
z6nt!z-sTG}W@(%=F2`+#+9>LOx_ghbeHKgt>zw@O(`!E_i!%yDw+~%{FPS#Oa9!|t
zwyh*os1`>E4PUy&mhq>!ua26(-D}VXJwU|G3Sl}cE5@J)N?q3Y@Ceu=w`EYeg#(?5
zfjOg$%$U!wBLtqco%uGG0{dREoVi{j@#PH(-ZNXS+;(dz+Sz$U9n}X&P;Cd}%e|BQ
z7mbb|-lzUpT@T$)zY49#_})DHW&C`~o#WwjJt~)S)7z;!(+f*N-@MzcWxz<wP?&c2
z9o;S+^APToXMv(JM-&a!1zkG4nbfEr<N*dz`vW>VjNFsOaZcky`%T{G&+KPt@C(SZ
zh6tE1rk5(*eKcL-+k$*FR}ghKH7=BahdW|Z;*H6r4n^G@hxZs!#@o@bAw}$rs(atf
z=&I=4x9%_U52>YBn))B^)>XY0koucf28Ukdk9QZ^7tw$!!E**~Ds09!Po|5*@)6?|
z7`X-x{Y`QRLRZxbBK_wK8R|x$Xi<{x_7l95@U=Y~N0lQ^U8MWGhfZfw)AXpWgFz&+
zW6FH*a^q4&iC57J4y&t@T`?;S)mhzJ`zSyHHY-pe?TRm2BTT0&y?>9@ebj21x7AQ$
z)>zG66N0Hq#G7vV2c)i+s3Y+5EpM96vOIZ%O}3F~l+7bWgH5Ytkt!0%qI{iG|E{>~
zj1yiNG%A($&;OKj_|yel%xuYRa@<xdJPCHld0zrfz0v#WHPNi=?_m9QCu>q!shT^$
zz-WYYBFSYjbsvi4NZ2|6TX)3g;wV6v49pIv!gP^#rUUYxXHD0<?y6x=CNfkD>MUfI
zL;+yk;P)EVz$vFtSLlQ;gipTO|MpIegKk^S80uw#Yvzmchpj8S^SlQo51hP>JaSQe
zPB6>PQ~vpMNcynEg1@jreZ{Nl%CrGT>5#)&XFj$G4R;fRV@#xG`8`)>RU2QvM}Uf$
z_EumUE-tS6_*{~E?d@a!n_6&n$N2Rv^C#}e0PedZw4z@Yl$3~;)tY@$N2HLJ8<!qi
zY9*NH!75{GN%U-OxBYno`uCog)67zNrVH*O+}paB_ASpzU791)Up!d;wkiH#%@iY+
z3TuPg9_<el^9l}4a@JakZJXKa+v7Ffdj}(eF?e;k{soBwjNgn9C<v}&+GZy(f~h6X
z*YLH8nh$-`+Nj7tS}^}4H!ik?gMYTCss8mVe;dmEGw-p%6u?P|pC~g4O_epv$u?E?
zPAAiRirswUw8XS&w?5LY5nON1eMi>l{%gCY?9s#9d@0Ni>_IUo$}*FR+b-!u&RAao
z*6Lb?M<!xy!g-?>)i1q6Dr1x9`^cPgXNmP4uUiuGbsp4jW5!|ekXxP;Jcxv)DXC36
zA)SI6pEUxfDy#0*u<qY>uQ}uEF&x9b7x8a&3lRMukGRxLaV5o$4%SSmcZtIi4nTX&
zYB`^sQZL-VCZm`LRz$l7*no^il89p1)b$k#z(9g-j43(IL@cDD%yeQ}hsE6N#R9U8
zTq_G^6WMZJ_F#{fUaX7$FuIsMMP|!@3kE9R$ggtAZ<xa1vn*mC3v<?@R16KX#|rKS
zR_;1xqkcreRNr#~9{m|-kk<Lud{pC38LjJ4Bl2p1KXcP;U5BbWm=;(d9+mv%EYlMy
zYmj?S9lx1(?U-KK{;6x(DMbg{sm^eD;Y>)9rQQsv841}9MX@!~eB1mv^KK4<o<%H&
zYz+BQfWR1YGgBM(>|;O6nB~g@6yP#eDAG0g#!gI_3QrrQf=%7^)go6JZzhsvu^nzf
zm=$$J&@na_Cba-QppyC?SAUzpzy8cNjV@*mHEl#Qt_=$4BZpX!FNUaMtHqLNhO)uD
z#0}%LOKNJ&$Ae%(GX+bNZXwJ!QG8BE4creeB<d9R<LYi~UV;sOLghMzfGZY4>jddP
zI%I3q2wL!pcqKZ2nKAT*J|$H_Q5#zawP)Ea26tz+xFV*ix#sKjx^6wGrvMp)0>_fg
z6d?7fBqgVOth}zfx82D2{F_%&dK{-fe~x39mXn*vaJTe&vvsmD!|hjB!fV;s{G)4M
z9dC89burqS7}9VdR{EN&?zwu`)YUU+AAR|HZiwHLyMcyYVHrZvsS8}Y+mA2zg}ESR
zN)z_GCN$xiQ8;q&N2Z~)2>gK;FQ81GaT;>(z1dcM-VDNv2;{j7*RHCv)({p)w;xu=
zfV;1$`QA?Qsw1%8!Ky11z`Y1e<MkT$jQJ;=+;rFQ(E-=+xwqg7nSeIzsLP!q96^ZB
z->t3a&@QvIsAgUF$%+EZ<F{zcpd~rVPiH%ahcI#UyOYf-smy=L8P(2#xA=GrX2iWf
z0t@udj~R6fu0m~n``^fX>{{0)WDt($v+9~<HGlQ^f7A+2tC=;b)zs*>$Cl%_eX*;O
zRHJ{jLHKX9QH{Y%MsG0RRy=Yj{N(ZBZ2Odivv<uuZZ8q1NF()Lfx7Tq3DslEZ&{mP
zs2-0)Slp{!R_1I(1qS*PJjLp3IJDiU#XH=zbSwm?oZG}>x2O0a+F7pvKM<8O?1=e(
z{QSp)e7JST<KS)Pk^uG4wMwK%t<FAn!->m9?_>!6N0;Yn(jDXFRaeZeR3E$k4mBTr
z?uubnYgL<;=m)-#C&`5Ypn+UsHIfM>opUG{TnyUuVS@SXh9n@HvN!S*#~re4k#X`d
zd2F%@JMQ<cL=#kHp2J5XT~>fA{c@9p0I4Wq77WEAph88pPE+N|B#GBqYXGG8WrSdk
zhVutUiyQ;O1g3dy7&d7$cg;~=wW>Ok(FE4MNcOseQ+TuG7KtBLa&d9ZU(A1MsgkPs
z#iEq~n&ORBNXzMoHL_DYy`Ur?@s!6F)DYPU;7<y5YE?yO>ws2d4!f+?5nH8P5gpx<
zE|H@X>xOs5=X;`4I9vQ65hN}5f*}{6(K<}LF}eE796HY7Vp7tIBFWog4{yNxGzuVI
zErQ!q@nuoXsyHf!)s6z3g-+w29Tg~;x^JZZ#xPH)%QLCcLe(pocKKrJ#LQY{(lx8+
z9r(?q#R8@&(dPa*dg29R$c5ydw_Orn6a4=>rf0`I6{t^OZXlL!o3oU6l<enuKwjyc
z+EY@Ma=pIWo989}yqOm()n+(&G-mG{iUqfKB(lKtk(f)8)4trvBEiL{9(%2fXWZUk
zZu#3ayxRRf)~2A$IcvdZ(9fI*DL=QxrG6d7h%*lJ(qWp9mshKF;LFGF4ON?|FA|(F
zSU(<gdS`7W_I`HK3P~PNi?Eghljg!5feMo!GY9EjqzTG1wg+a-DIook!Yu;Xk6Ab5
zpT8V<Y3%QIahN&vmxpp`SAOxjFMY&FAIwc<^##xRH<BL`pSeE0?Irv;XDhhT+r+KG
z_|hT07klTHk3oo26yT1hX2`<<j7C`Nj6r8s1sU%z#nyJ2@Lr{oW?Ss76-h!6-j_9R
z(mrP-5moQ!!c74z4Pm{7?oJ5*>kWE2&v-E(%2Xxg*_v&5`lR-h_1?Q_Q*i?z<Ad}H
z)9;&<UQT<yq<AIGgr=G-$MA(64vS}NnS--fF&S$Y*}AsL)sn*C9}IIn9yWi<dt@;i
zs1FxG^VIMH8nQGwQq6?0CUz6l3}U-1o+m1pSOT4{8Q<(nb{rsQ<lYw(eUc7ad5bat
zLA-g9=WEf~s~#TF#>e+w*|cTRtj9~?mC;liQsVq}m<?Bucdmi1nV_jv-Gj%Yl21Mw
zP2a2%$@P8T;GHNMMwPfSwx$UFqeNx$I|WRw^*zC4mgUy`i7(!x>g^(2bL&>GqbnkZ
zAK?u--(stwdq|>P(4+QTs?~!}%%^Aq{MB}27O`pj>TC2D4%odPL&|_BO={f^+E?f;
z3a5`KHP#(=3cs+oylsW%Ibb}!1|C}Z)3)6=rHnTn<0r+mF{1k-c6Q00NNtHMA0(fj
z4yl=ML?@)|+uB*9|6S$fQh3e2V#w`8nU5v!19c9c7+5*Uc+G0NYsf!mZ2P*pl`4Sp
z4m2d_PKbrcWDzei7tdZCyw-h9&k}uRbjWR8r<!rz90||qdsw>B`(j|Ej;*mcSMPl0
znVC8No6NMvt)mBFwwz)H4sKP<hzi3ln>%rJBCbu_4?o3H04}beOY}_!#`=?PfG?&_
z25KBG8JTqcy^B_qTd2;4^$~r1D>ColUtlZzY}vTJjm@{y2F`5XXM8F)*yH_+U27li
z+#*R}9D%9%4k%k7501aV^eGZb<B*>BB}wne`8&w7%#&^wgc$g_K=JJaN#v2VYFx={
zr$c$6?Cv%$_lU_yb(-wg=&Em(l!bN<2nSrYx;etfcuY6jP?Zy)2@;^WPq0~@S0?zR
zbBOGt?s^~W=_k6U==qvb&_eo+HQwZR5dt)i2pK<by&7(r;<SD``j!3FKmN&ELLvHQ
z%4&5sd6ExM04y8XHb`Oa@Ah2(gZASUWuc2B=S5TR`tov^%dwt*j^|!>dPjm2VZJmC
z0aMXhF2`rfR}p<HVcSIRtf{nDwh_RlnE7_BSgfZ#7k_CIv2bLt`0`f8!?x{Jb7UU5
z6~lsG8Mzqif{G-0m${Q~yu)->ucZaSWZkM+3F}Qzbck1Glm6a3E%3}G%@y@Js1QAU
zz5Hh+v<^J9c@Un7xJ3W?F`PNjPG$?sK)3~N-F4Z*h$4<xNZf>A?^@Mykt<-rF8TQ;
ze2ZNeZy5m)w9aoQL65`Zh}v<XkC_AV8fCXO16us)!_e0KT6u)nhUWdq8E0-@OnUhw
zc~ff5g_Y_v7Yl)HjCs$4`yy;o9C6@Y<5sNSG<g%o4IOvtvb=Nrj#W4tk8+8j8o(8#
zpZ#6#_E}BD|8&IHc+NJ%#w};I&*)GGW4>sb?}@1UH0jjOWT)?G`z?_KYC=cx!lvla
z%^E@lKw3+yIa@QXN|L4ksV0MD3ILu0ZtS1{Ok(3@+f2Qq8)P@KXb?=v>BqHi0ES&Z
z4eAR>b1*XDign6#Fq(I<a=a;Psdru#|CYCX7kHTE_w#@MSO52EA^2?W)nz7&m&#rI
zvu6%;7`C*fk&C-LhJ#Xe8yHF`hP{N`;(x-waR)F<%RX`p6kik~DXE)`ph{J>0~bn1
z^V-uPB~`nQGe<e%yHN;Nxb9{zl9ej;rGLcLXp`2oAW8dYa{@GK5p6?AZGo63HMiCv
zu?~a4J~A$gaf)-5aB0^&q3m+hxWnt|9<&KisCrg(|5|enyNYX+0M&m-Jhc;tv1w|U
zh0}BU8xA<V!EW3FE~Vv5JtwpC%<Crka56|z?PdEVRGD<*kzv>+_3<-|zh#;J;axz_
zpW5LyKkT(V)dPdq!);fY-z1mT6OvX^81&T6tzcdk<nSr;(03-r97i16N<{w0f#J^q
zB`r<2zUD7vHd0RaC7L}N+Z`HH>f58ePt$^qukheuPx$-0MptvPQy5UK$@%L2u|2tt
z0@RQq{yg1v>ov#32q0|X?OZo9LCGXDE$A1bd;l3yV;9{{_7Y*Gg2X^J&?fK`u*C=@
gE6{P2c^v-kF~AAx@vnCKx1j3(?*ISNgVO*10L+NAUH||9

literal 0
HcmV?d00001