Quotes removed around salts and hashes in existing examples because, AFAIK,
base64-encoded strings contain no characters which must be escaped in YAML (the
following are not in base64: '!', ':', '|', '>').

Closes #293

Resolves #114

ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.

Also update the README file to reflect above changes.

Also makes code slightly terser.

Solves the chicken-or-the-egg problem of generating a dovecot and znc salted
password hash without already having dovecot and znc installed. That is, people
are installing sovereign typically do not have dovecot and znc installed and
have no way of generating the required salted password hashes.

Python 3 standard library generates SHA512-CRYPT salted password hashes by
default so it is particularly convenient for configuring dovecot:

    python3 -c 'import crypt; print(crypt.crypt('password'))'

For ZNC, the required command is slightly more verbose.

This change set builds collectd from source and configures it in one of
the following ways:

- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.

- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).

Change instructions for creating the tarsnap key to generate it at "decrypted_tarsnap.key".

fix broken link to getting ansible

polish to match the replacement of MySQL with PostgreSQL.

To take advantage of the OpenDKIM installation it's important to set up a DNS txt record. This documentation addition explains how to do that.

added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests

Signed-off-by: PajamaSoft <support@pajamasoft.com>

Turns out it should be in the tarsnap role, not common. :)

  * OpenVPN setup is now fully automated. No configuration changes
    are necessary (though the defaults can easily be modified) and
    all manual command line steps have been eliminated.

  * Removed the dependency on easy-rsa in favor of pure OpenSSL and
    OpenVPN commands that are executed by Ansible

  * Improved the security of the OpenVPN configuration
    * Increased the default key size to 2048
    * RSA keys are only readable by root
    * The cipher and authentication digest are now configurable. If
      your client supports it, you can use AES-256-CBC and SHA256
      instead of BF-CBC (Blowfish) and SHA1 which are the defaults.
      Or you can be a really cool, paranoid, crypto hipster and
      use CAMELLIA-256-CBC and SHA512 with an RSA key size of 4096.
    * Enabled "HMAC firewall" functionality using the tls-auth option
      and automated the generation of the 'ta' key that it depends on
    * The OpenVPN daemon becomes an unprivileged user after it starts

  * Automated the retrieval of the files that clients will need in
    order to connect to OpenVPN

  * A pause prompt outputs basic configuration information after the
    role has finished running

  * Variables are referenced using the new Ansible variable format
    (e.g. {{ var }} instead of $var)

  * Added a flush_handlers command to the role that ensures OpenVPN
    will restart prior to dnsmasq (fixes issue #63)

  * Fixed two bugs that were preventing packet forwarding for IPv4
    from being enabled correctly