The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.

The installer automatically updates itself, which registers as a change
in the git repo.  To maintain idempotency of the task list, the repo
download must be forced.

- Remove unnecessary dependencies
- Clean up postgresql server setup
- Install from official package repository
- Expect package installer to enable modules that are needed
- Update virtual host config with owncloud 8.2 configuration
- Update post-deploy instructions

Fix Apache's configuration for version 2.4.8 and above.  See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903

Don't copy the LE certificates.  Instead use the ssl-cert group to
manage access to the LE certificates directly.  See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.

This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.

This patch restores sovereign's configuration of opendmarc.

An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete.  This patch reverts that change and uses mysql for
the reporting database.

Other changes:

* Do not maintain a copy of the database import schema.  A copy is
  included in the distribution in /usr/share/doc, so that is used
  instead.
* The configuration file is replaced with the distribution's sample
  configuration.  A second patch will restore the actual configuration.
  This will make the changes easier to see if the default configuraton
  file changes in future versions of opendmarc.

The server was not starting.  As a result, the dnsmasq service failed to
start, and the playbook thus failed to run when using the vpn role.
This patch corrects the configuration per instructions from
https://help.ubuntu.com/community/OpenVPN.

OpenVPN PAM configuration moved up to reduce server bouncing as the
playbook runs.  The dependency on service (re)starts between openvpn and
dnsmasq works but feels brittle.

Roundcube is not available on Jessie except in backports.  This role is
also out of date and needs reviewed and updated for the release included
in backports.  Roundcube could alternatively be installed from source as
recommended by the maintainers.

Make a clean distinction between Debian 7 and Debian 8.  Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.

The znc package installs the client but does not set it up as a
service.  This patch restores the service configuration that
was done on wheezy/trusty.

Take changes to the tomcat6 default configuration and apply to tomcat7
configuration.  This was done by review of the diff between sovereign's
tomcat6 configuration and the default tomcat7 configuration.

The package solr installs and uses tomcat7.  Installing tomcat8 appears
to be a mistake for Debian Jessie.

Avoid using the Include directive.  Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.

see: http://undeadly.org/cgi?action=article&sid=2016011414

resolves #453

Conflicts:
	roles/common/tasks/ufw.yml

Change default network buffer size
Should increase tcp tunnel speed for openvpn < 2.3.9
https://community.openvpn.net/openvpn/ticket/461

Per discussion on #429 (after the merge). This project is about encouraging users to run services themselves and not rely on for-profit corporations such as Google.

Fixes #406

add additional comment about `tun-mtu` parameter in openvpn config template

- google dns setting for client
- verb level
- mtu
- TLS settings

because why the fuck not?

Thanks-to: 8e693b3db3

Conflicts:
	roles/common/tasks/main.yml