Resolves #400.

Resolves #402.

Resolves #410.

 * fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
   not found.
 * python-mysqldb package is required. Add it to opendmarc task.

Report will print: "missing whois program"

For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.

See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341.
Also explicitly disabled SSLCompression and enables OCSP stapling.

We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...

(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).

This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285.

relates to pull request #372

Added a tag for newebe in a similar style to the other roles.

Resolves #363.

Addresses #362.

Closes #343.

Helps with issue #120.

of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120.

removed comment line in ssh_config

ahbl is no longer being maintained and has been configured to return a
positive value for every host.  This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.

lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks.  This just pulls in that change.

Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable.  I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs.  In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update.  However, at least this will work fine
for new installs.

Related to #338 (though I don't know if it truly fixes it).

Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality.  Ideas cribbed from [1].  It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.

Open question: does collectd support apache-status? Might it also be
interested in this vhost?

Fixes #299.

[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus