remove duplicate options which are already specified in main.cf

Add molly-guard and unattended-upgrades as common pkgs

Dovecot: Fix for logjam attack

Add a tag for newebe, so it can be installed separately

Added a tag for newebe in a similar style to the other roles.

adds deploy user to sudoers

Resolves #363.

Addresses #362.

Addresses #361.

More secure defaults for ssh.

# Conflicts:
#	roles/common/tasks/users.yml

Closes #343.

Integration between selfoss and wallabag (fixes #349)

Create main user without "fuse" group, instead add it later

Enabling php5-mcrypt for roundcube, as it is not by default

fixing a dependency on mailserver, as psycopg and postgres are only installed there

Choosing the closest ubuntu mirror before anything else

Helps with issue #120.

of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120.

cleaning security.yml

removed comment line in ssh_config

fail2ban support for Trusty

Enable UFW only after setting firewall rules

Install php5-gd dependency for selfoss.

Postfix: Disable SSLv3 for TLS connections

Fix monit monitoring for apache

Update roundcube role to use wheezy backports

Bump checkrbl version to stop using ahbl

ahbl is no longer being maintained and has been configured to return a
positive value for every host.  This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.

lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks.  This just pulls in that change.

Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable.  I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs.  In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update.  However, at least this will work fine
for new installs.

Related to #338 (though I don't know if it truly fixes it).

Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality.  Ideas cribbed from [1].  It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.

Open question: does collectd support apache-status? Might it also be
interested in this vhost?

Fixes #299.

[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus

Ciphers, Kex and MAC can be set via defaults.var