- google_auth_version
- znc_version

This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.

Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
Check privacy: http://witch.valdikss.org.ru/

Thanks-to: 8e693b3db3

Conflicts:
	roles/common/tasks/main.yml

Formatting the task names.

Resolves #388.

Resolves #402.

These already set in defaults.yml

 * fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
   not found.
 * python-mysqldb package is required. Add it to opendmarc task.

Ciphers, Kex and MAC can be set via defaults.var

Vagrant provisioning currently fails without irc_timezone set in
vars/testing.yml.  This is probably due to changes introduced in
al3x/sovereign#300 to permit the znc timezone to be configured.  The
file vars/users.yml already has a TODO entry for irc_timezone.

Since 1.0, znc has allowed you to specify the user's timezone:
conveniently, in tzinfo format.  This allows the user to configure and
specify that timezone.

This matters because it affects the timestamps that znc issues when
playing back the buffer after a disconnection.

for more info see:
- http://wiki.znc.in/ChangeLog/1.0#Timezones
- http://wiki.znc.in/Configuration

There is also a zpush_timezone configuration option, which could at some
point be unified with irc_timezone into a common configuration item.

Resolves #114

ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.

Also update the README file to reflect above changes.

Wallabag 1.7.1 fixes a couple of security vulnerabilities, adds ePUB
export and more.

For a list of changes since 1.6.1b see:
- https://www.wallabag.org/blog/2014/05/29/1-7-epub-multi-users-available/
- https://www.wallabag.org/blog/2014/07/15/wallabag-1-7-1/

This change set builds collectd from source and configures it in one of
the following ways:

- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.

- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).

Fixes issue #8. Adds new variable mail_header_privacy, on by default.
Installs postfix-pcre unconditionally, and then copies the pcre file
over and adds the header check to main.cf based on the variable value.
“this header replacement works great, but it logs that the replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs”

still allow people to override them in defaults.yml

use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.

* Added 'cipher' and 'auth' lines to the generated client configs

Remove all configuration for MySQL and configure PostgreSQL as the main
database.

All *_mysql_* options have been changed to *_db_* options.

Postgres requires the database user to have a password in order to
connect via localhost. The db_admin_password option is used to set the
password of the admin user (usually postgres).

Signed-off-by: PajamaSoft <support@pajamasoft.com>

Signed-off-by: PajamaSoft <support@pajamasoft.com>

Use the changed `mail_virtual_users` structure to ensure directories and
sieve rules are created for each defined account.

Added friendly_networks variable to denote whitelisted networks