use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.

Otherwise only pop and imap (un-secured) are blocked.
Which we don't use.

This works on Debian/Ubuntu only.

There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.

added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests

* Added 'cipher' and 'auth' lines to the generated client configs

Don't mail them individually to the destemail. The destemail setting is thus no
longer used, but let's set it anyway to be clear where it will mail if you
change the action back.

Added friendly_networks variable to denote whitelisted networks

because it's not available in a stable ansible release yet

In order to check the version of the linux distribution we need to
set `gather_facts` to True.

Closes #73.

Instead of sending email to {{ admin_email }} we send them to root user.
These emails will be redirected to the appropriate user via
mail_virtual_aliases variables

Apticron is configured to send email to {{ admin_email }}

ignoreip field inside /etc/fail2ban/jail.local is populated with
server_ip_address variable

Sovereign does not currently use jabber/xmpp or insecure smtp.

Refs #39

Fix CAcert usage in postfix and dovecot

Removed your hardcoded server IP

The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.