Depending on when the client is run, there are no certificates to
update.  By default, the client runs in interactive mode and wants to
notify the user of this.  This causes Ansible to hang waiting for an
acknowledgement that will never come.  Adding the non-interactive flag
fixes this.

Fix Apache's configuration for version 2.4.8 and above.  See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903

This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.

Make a clean distinction between Debian 7 and Debian 8.  Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.

Avoid using the Include directive.  Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.

see: http://undeadly.org/cgi?action=article&sid=2016011414

see: http://undeadly.org/cgi?action=article&sid=2016011414

Closes #343.

removed comment line in ssh_config

Ciphers, Kex and MAC can be set via defaults.var

use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.

Otherwise only pop and imap (un-secured) are blocked.
Which we don't use.

Don't mail them individually to the destemail. The destemail setting is thus no
longer used, but let's set it anyway to be clear where it will mail if you
change the action back.

Added friendly_networks variable to denote whitelisted networks

Instead of sending email to {{ admin_email }} we send them to root user.
These emails will be redirected to the appropriate user via
mail_virtual_aliases variables

Apticron is configured to send email to {{ admin_email }}

ignoreip field inside /etc/fail2ban/jail.local is populated with
server_ip_address variable

Removed your hardcoded server IP