Pipfile.lock: Re-create pipenv environment for Ansible 4.0.0

Seems we need to manually uninstall and re-install.
roles/common: Update list of abusive IP addresses
2021-05-20 10:21:01 +03:00 · 2021-05-20 10:20:47 +03:00 · 2021-05-14 13:56:56 +03:00 · 2021-05-10 16:00:44 +03:00 · 2021-05-10 15:59:34 +03:00 · 2021-04-28 12:49:23 +03:00
24 changed files with 8202 additions and 8338 deletions
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -18,145 +18,137 @@
    "default": {
        "ansible": {
            "hashes": [
-                "sha256:ae97002e4fb1ed3de947428ff43906c76c66751fe104721cf6b25fa115dbbe8d"
+                "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080"
            ],
            "index": "pypi",
-            "version": "==2.10.6"
+            "version": "==4.0.0"
        },
-        "ansible-base": {
+        "ansible-core": {
            "hashes": [
-                "sha256:33ae323923b841f3d822f355380ce7c92610440362efeed67b4b39db41e555af"
+                "sha256:9470ceb710711eacd75f1bcae802af036ab2a6c2cd5a13bfcb50b2d89667c9c5"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
-            "version": "==2.10.5"
+            "version": "==2.11.0"
        },
        "cffi": {
            "hashes": [
-                "sha256:00a1ba5e2e95684448de9b89888ccd02c98d512064b4cb987d48f4b40aa0421e",
+                "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813",
-                "sha256:00e28066507bfc3fe865a31f325c8391a1ac2916219340f87dfad602c3e48e5d",
+                "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373",
-                "sha256:045d792900a75e8b1e1b0ab6787dd733a8190ffcf80e8c8ceb2fb10a29ff238a",
+                "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69",
-                "sha256:0638c3ae1a0edfb77c6765d487fee624d2b1ee1bdfeffc1f0b58c64d149e7eec",
+                "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f",
-                "sha256:105abaf8a6075dc96c1fe5ae7aae073f4696f2905fde6aeada4c9d2926752362",
+                "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06",
-                "sha256:155136b51fd733fa94e1c2ea5211dcd4c8879869008fc811648f16541bf99668",
+                "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05",
-                "sha256:1a465cbe98a7fd391d47dce4b8f7e5b921e6cd805ef421d04f5f66ba8f06086c",
+                "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea",
-                "sha256:1d2c4994f515e5b485fd6d3a73d05526aa0fcf248eb135996b088d25dfa1865b",
+                "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee",
-                "sha256:2c24d61263f511551f740d1a065eb0212db1dbbbbd241db758f5244281590c06",
+                "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0",
-                "sha256:51a8b381b16ddd370178a65360ebe15fbc1c71cf6f584613a7ea08bfad946698",
+                "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396",
-                "sha256:594234691ac0e9b770aee9fcdb8fa02c22e43e5c619456efd0d6c2bf276f3eb2",
+                "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7",
-                "sha256:5cf4be6c304ad0b6602f5c4e90e2f59b47653ac1ed9c662ed379fe48a8f26b0c",
+                "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f",
-                "sha256:64081b3f8f6f3c3de6191ec89d7dc6c86a8a43911f7ecb422c60e90c70be41c7",
+                "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73",
-                "sha256:6bc25fc545a6b3d57b5f8618e59fc13d3a3a68431e8ca5fd4c13241cd70d0009",
+                "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315",
-                "sha256:798caa2a2384b1cbe8a2a139d80734c9db54f9cc155c99d7cc92441a23871c03",
+                "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76",
-                "sha256:7c6b1dece89874d9541fc974917b631406233ea0440d0bdfbb8e03bf39a49b3b",
+                "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1",
-                "sha256:7ef7d4ced6b325e92eb4d3502946c78c5367bc416398d387b39591532536734e",
+                "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49",
-                "sha256:840793c68105fe031f34d6a086eaea153a0cd5c491cde82a74b420edd0a2b909",
+                "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed",
-                "sha256:8d6603078baf4e11edc4168a514c5ce5b3ba6e3e9c374298cb88437957960a53",
+                "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892",
-                "sha256:9cc46bc107224ff5b6d04369e7c595acb700c3613ad7bcf2e2012f62ece80c35",
+                "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482",
-                "sha256:9f7a31251289b2ab6d4012f6e83e58bc3b96bd151f5b5262467f4bb6b34a7c26",
+                "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058",
-                "sha256:9ffb888f19d54a4d4dfd4b3f29bc2c16aa4972f1c2ab9c4ab09b8ab8685b9c2b",
+                "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5",
-                "sha256:a5ed8c05548b54b998b9498753fb9cadbfd92ee88e884641377d8a8b291bcc01",
+                "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53",
-                "sha256:a7711edca4dcef1a75257b50a2fbfe92a65187c47dab5a0f1b9b332c5919a3fb",
+                "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045",
-                "sha256:af5c59122a011049aad5dd87424b8e65a80e4a6477419c0c1015f73fb5ea0293",
+                "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3",
-                "sha256:b18e0a9ef57d2b41f5c68beefa32317d286c3d6ac0484efd10d6e07491bb95dd",
+                "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55",
-                "sha256:b4e248d1087abf9f4c10f3c398896c87ce82a9856494a7155823eb45a892395d",
+                "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5",
-                "sha256:ba4e9e0ae13fc41c6b23299545e5ef73055213e466bd107953e4a013a5ddd7e3",
+                "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e",
-                "sha256:c6332685306b6417a91b1ff9fae889b3ba65c2292d64bd9245c093b1b284809d",
+                "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c",
-                "sha256:d5ff0621c88ce83a28a10d2ce719b2ee85635e85c515f12bac99a95306da4b2e",
+                "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369",
-                "sha256:d9efd8b7a3ef378dd61a1e77367f1924375befc2eba06168b6ebfa903a5e59ca",
+                "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827",
-                "sha256:df5169c4396adc04f9b0a05f13c074df878b6052430e03f50e68adf3a57aa28d",
+                "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053",
-                "sha256:ebb253464a5d0482b191274f1c8bf00e33f7e0b9c66405fbffc61ed2c839c775",
+                "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa",
-                "sha256:ec80dc47f54e6e9a78181ce05feb71a0353854cc26999db963695f950b5fb375",
+                "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4",
-                "sha256:f032b34669220030f905152045dfa27741ce1a6db3324a5bc0b96b6c7420c87b",
+                "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322",
-                "sha256:f60567825f791c6f8a592f3c6e3bd93dd2934e3f9dac189308426bd76b00ef3b",
+                "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132",
-                "sha256:f803eaa94c2fcda012c047e62bc7a51b0bdabda1cad7a92a522694ea2d76e49f"
+                "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62",
                "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa",
                "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0",
                "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396",
                "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e",
                "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991",
                "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6",
                "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc",
                "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1",
                "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406",
                "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333",
                "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d",
                "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c"
            ],
-            "version": "==1.14.4"
+            "version": "==1.14.5"
        },
        "cryptography": {
            "hashes": [
-                "sha256:0003a52a123602e1acee177dc90dd201f9bb1e73f24a070db7d36c588e8f5c7d",
+                "sha256:0f1212a66329c80d68aeeb39b8a16d54ef57071bf22ff4e521657b27372e327d",
-                "sha256:0e85aaae861d0485eb5a79d33226dd6248d2a9f133b81532c8f5aae37de10ff7",
+                "sha256:1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959",
-                "sha256:594a1db4511bc4d960571536abe21b4e5c3003e8750ab8365fafce71c5d86901",
+                "sha256:240f5c21aef0b73f40bb9f78d2caff73186700bf1bc6b94285699aff98cc16c6",
-                "sha256:69e836c9e5ff4373ce6d3ab311c1a2eed274793083858d3cd4c7d12ce20d5f9c",
+                "sha256:26965837447f9c82f1855e0bc8bc4fb910240b6e0d16a664bb722df3b5b06873",
-                "sha256:788a3c9942df5e4371c199d10383f44a105d67d401fb4304178020142f020244",
+                "sha256:37340614f8a5d2fb9aeea67fd159bfe4f5f4ed535b1090ce8ec428b2f15a11f2",
-                "sha256:7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6",
+                "sha256:3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713",
-                "sha256:83d9d2dfec70364a74f4e7c70ad04d3ca2e6a08b703606993407bf46b97868c5",
+                "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1",
-                "sha256:84ef7a0c10c24a7773163f917f1cb6b4444597efd505a8aed0a22e8c4780f27e",
+                "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177",
-                "sha256:9e21301f7a1e7c03dbea73e8602905a4ebba641547a462b26dd03451e5769e7c",
+                "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250",
-                "sha256:9f6b0492d111b43de5f70052e24c1f0951cb9e6022188ebcb1cc3a3d301469b0",
+                "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca",
-                "sha256:a69bd3c68b98298f490e84519b954335154917eaab52cf582fa2c5c7efc6e812",
+                "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d",
-                "sha256:b4890d5fb9b7a23e3bf8abf5a8a7da8e228f1e97dc96b30b95685df840b6914a",
+                "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9"
                "sha256:c366df0401d1ec4e548bebe8f91d55ebcc0ec3137900d214dd7aac8427ef3030",
                "sha256:dc42f645f8f3a489c3dd416730a514e7a91a59510ddaadc09d04224c098d3302"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
+            "markers": "python_version >= '3.6'",
-            "version": "==3.3.1"
+            "version": "==3.4.7"
        },
        "jinja2": {
            "hashes": [
-                "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419",
+                "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4",
-                "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6"
+                "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "markers": "python_version >= '3.6'",
-            "version": "==2.11.3"
+            "version": "==3.0.1"
        },
        "markupsafe": {
            "hashes": [
-                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
+                "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298",
-                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
+                "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64",
-                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
+                "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b",
-                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
+                "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567",
-                "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42",
+                "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff",
-                "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f",
+                "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74",
-                "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39",
+                "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35",
-                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
+                "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26",
-                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
+                "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7",
-                "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014",
+                "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75",
-                "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f",
+                "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f",
-                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
+                "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135",
-                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
+                "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8",
-                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
+                "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a",
-                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
+                "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914",
-                "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b",
+                "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18",
-                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
+                "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8",
-                "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15",
+                "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2",
-                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
+                "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d",
-                "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85",
+                "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b",
-                "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1",
+                "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f",
-                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
+                "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb",
-                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
+                "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833",
-                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
+                "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415",
-                "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850",
+                "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902",
-                "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0",
+                "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9",
-                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
+                "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d",
-                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
+                "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066",
-                "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb",
+                "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f",
-                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
+                "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5",
-                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
+                "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94",
-                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
+                "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509",
-                "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1",
+                "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51",
-                "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2",
+                "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872"
                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
                "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7",
                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
                "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8",
                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
                "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193",
                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
                "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b",
                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
                "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2",
                "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5",
                "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c",
                "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032",
                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7",
                "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be",
                "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "markers": "python_version >= '3.6'",
-            "version": "==1.1.1"
+            "version": "==2.0.1"
        },
        "packaging": {
            "hashes": [
@ -179,7 +171,7 @@
                "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1",
                "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b"
            ],
-            "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'",
            "version": "==2.4.7"
        },
        "pyyaml": {
@ -196,26 +188,33 @@
                "sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018",
                "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e",
                "sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253",
                "sha256:72a01f726a9c7851ca9bfad6fd09ca4e090a023c00945ea05ba1638c09dc3347",
                "sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183",
                "sha256:895f61ef02e8fed38159bb70f7e100e00f471eae2bc838cd0f4ebb21e28f8541",
                "sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb",
                "sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185",
                "sha256:bfb51918d4ff3d77c1c856a9699f8492c612cde32fd3bcd344af9be34999bfdc",
                "sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db",
                "sha256:cb333c16912324fd5f769fff6bc5de372e9e7a202247b48870bc251ed40239aa",
                "sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46",
                "sha256:d483ad4e639292c90170eb6f7783ad19490e7a8defb3e46f97dfe4bacae89122",
                "sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b",
                "sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63",
                "sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df",
-                "sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc"
+                "sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc",
                "sha256:fd7f6999a8070df521b6384004ef42833b9bd62cfee11a09bda1079b4b704247",
                "sha256:fdc842473cd33f45ff6bce46aea678a54e3d21f1b61a7750ce3c498eedfe25d6",
                "sha256:fe69978f3f768926cfa37b867e3843918e012cf83f680806599ddce33c2c68b0"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
            "version": "==5.4.1"
        },
-        "six": {
+        "resolvelib": {
            "hashes": [
-                "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
+                "sha256:8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915",
-                "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
+                "sha256:9b9b80d5c60e4c2a8b7fbf0712c3449dc01d74e215632e5199850c9eca687628"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
+            "version": "==0.5.4"
            "version": "==1.15.0"
        }
    },
    "develop": {}
--- a/README.md
+++ b/README.md
@ -25,7 +25,7 @@ Once you've satisfied the the above assumptions, you can execute:
 - Switch from `cron-apt` to [`unattended-upgrades`](https://wiki.debian.org/UnattendedUpgrades)
 ## License
-Copyright (C) 2014–2020 Alan Orth
+Copyright (C) 2014–2021 Alan Orth
 The contents of this repository are free software: you can redistribute
 it and/or modify it under the terms of the GNU General Public License
--- a/host_vars/web19
+++ b/host_vars/web19
@ -1,111 +1,102 @@
 $ANSIBLE_VAULT;1.1;AES256
-66313066303030333063353236313063303262626561316535646263633936336534356437353265
+30633561663166653033636139646638303766383862316635636634653364653934626266626364
-3432356362393665303438333166643066666164363861610a643434356531666366393936353233
+3934313636653036363039396165613466363864373635390a626665393037366566633438323265
-37353036656435616361613164323038663364666464373964653337396465373061666533373938
+63313164386365303533623333313465656538363638366132643731366364356666663865653730
-6536323936393135370a666134613830306533623365363933376631313534326265666634366235
+3965653761613131320a386137343031613139396232623866393165386130353033343166356539
-36623637383636396437333735336238343434353733303764326237303033303562353237353165
+66376162333961646233653032646363313333396632656263653931643035663565633431376234
-31653866633363623764353533356262643239613531643039393335313731383038343638663830
+36356434643161386162343634633338336364333365323334343938366264653362373731626162
-36356139336363343437666230656366636132613531613339353962373435643563313734646135
+64623961333463376664326635386335626234656164303636656532363939636465616232316663
-61613330323938363063313430343738306536636233353963636665393132643162303562666531
+34373764663735353931326262633437626364336138313337666438373464643339666565386665
-61343365326634303730656133633632353936386431303631363731313730666132656334353731
+64633032373432626230363638616132383431663636393263623339613438396133343862336164
-33616537313230666462653165643535386134663166346262363535383365616431613838383863
+38656631663161626236303963323937373165336163303161376264396337366533396264623636
-65326163303966373938653033613238326634393166643630316230613065353437306237313933
+62623366373130643834313637653734633062663635373233653636633665613162663939306666
-65366131396266393236373162343866383565633030356465613461353131643562343630336566
+39616130623738383361646165646339626639336661373833633336313666303237393039366465
-30633534636634616666616462383136373830623137396366626639373230373834316563343464
+39336461346337386537663030633865366332643934363563316261663537653761373462396130
-38303333366166323238346237646165383633383264333431663530326462323432366332333630
+38313238323630303763323636666537353862643732663164636631623934643931396666323334
-62633132666439313034616465663861323064646564303963633565353734353665313138373636
+38303663623136356364366433303536633664313365633439646132336237363333376161633262
-34653639353333373737613238626535356333633833363737646330643163326131386364646365
+32343837363432396134663732616461633063346232323838383736353834303635616536363661
-64356435636635663737376239313236356361363061313731626230366336326535663866373231
+34626639363534633436303030343638616332616530393364393831613238393833636164633431
-37623262613135636538343934336262633662383266653238613965356639626339303437306633
+64386563303031316365333862333334376535363265616364623838303838663637396162356130
-38373837653737313465376231363637353561303937336138343465376638326163643065336462
+61386261633665633334626664663362636633386362616336646565663933363036386139623535
-61633236373737363633646135396565303835643336393763393933613964663435306336346636
+37666532616137343837613861646536373630323566313338303562633135663832616535363464
-38316231383363616533616437366362376664393135623765646330323161366134323263376466
+30353936633030653030633230616531646364393037636332323934363063666236343566333538
-31386332333565643764343863353039313466643962373736643533666562353766383862326134
+39333537623439653337653934306337653964343438303435623536303131343235353064346135
-31633366636365313231366337313334333130373833656135396262373136393135353039623739
+33363666613439336462383636666331373736366638366164636465626466623365353133353761
-63626463636237633963323739303961663632376330336236663134666461383965303861333835
+61343133663332646430303339343733666563643766306336313732393666306465356366306434
-38663337393930383834653936636365663966333033346562356331306430306338333761353762
+66663230363366643964303234653432616533386465383930633132393162333863643737306432
-38363733356262363161353135633836336363376232326261623264623338663230663838386330
+37663937343635616239613936343832656264386261393538316238303638383162303131666633
-35353762393839646338366365313763346339666433306532353530353261363838356639623436
+62353966386366343131653862666236303234366430313235626134303965643738653434356666
-62306437616630663039653862393466353933333763386163373035373335343834663439633039
+61653761643134336630636264313062323939306461633436653230663137363164343836366230
-34613463303436366631396462363866656533343063356265333539353038326637613063326164
+64366432616430393637316466663762343139393932643734616434633262336632393439636436
-62663833363165643436343538666565386561383335393964313839626237623031343564656632
+33376165633238336161656138666338653439366536663130303637303230636565343039663033
-35613534636437306463373466653431336562303132313462326233663561343837323331353035
+38653734626430343732613963636639616635326664633336633161623638653035343130313964
-33303336356237306464363564666136633230396635623066376564373737353335356432343231
+30663866303636633237626163323264353061393632323430316461356230336335323664333531
-66633735316466633039663338316566343739373664316335366462356237366139363731643366
+32386333363761393130316366666636363735666535326632613735633664356437303861343930
-33353039373665333232383235303932623435366638313465396333316565646134343463336330
+64373233646130633435313531333962663632333364613239313262353039363363383564663666
-65306334623631386364353364313638643930306265343363666366663164643435333834376439
+39323062343436633864313238613637353534356437366563623137353831306633633763613635
-64396434366362343733323366343232653930646565313762376436663965626562636238623066
+36653862653034653935636563393966303930316637316138323833363064623364396332323365
-63303236326362323966666630343136336563343564393833636465333832396666396638653661
+38626361376535373663623266386665386134306131666263373630313263313339656638636265
-61323561393563326437386462656266303830353730313839613136656331323938616631386235
+64636232653864343030333835336434646135366531383730346563363964623665636531306666
-30633730303838313038313263363363633136623861326662623366613461343133356261633030
+39343765356266636465656438386266376539356664363861383339383636336538346632363232
-34333732343037396131343764366535343639326333353036353038656533333339306363653435
+35356161663037656637633766346634343132343663343263393865336462343337336233316431
-39656166393265356338656631353065653630303237663761386332323530663966343864663438
+32336530346130653263663033616463376632306139353433633065343334613061333536613235
-65356365386131333236396234623537323062363539383061323832363563326435306465663234
+33656433366339353766646239386535616337353032616265303931613166663939333664613738
-66316638376436613265353662646264666138666165343763393330613765346163356138616633
+61633839663162623062663235653862316130353838393530613564343731393732373564663464
-66373338393163333435666236386239663735653135386532633135646539316665313036323763
+61323562363065623066616235663161326536633634633964386462633934326639646162363937
-38666464363432656534313263306266323066646133353765386463343264633131633936373036
+66316161323334356532336364386437343430393261363233666662316162636665613463666364
-31326138633131393962633861333036373537366163613562383033336333616130636435326331
+34313438333233313939353030633263323839636532626231343630323437643861323133656432
-66653766653065306164613335623933616135393335383438356337633239363131303237653566
+38383333616262633463363734663565313036386133636635653266353461613165363334346633
-62636263383236656136376237646363363234363232643636623333396531363461303538373662
+65663739333434383961306335616639343863623237373332633138313838366638663664333638
-36313537393238626337613964623731666261316366346666323261386661643035353164613637
+38396235623561626162303837373562383731666365343661616139343938326331313737386431
-32303061336363306335306431613263646266303038323739636662326465303961616339333461
+65353634613736373364363365656365326437383366626433636232623761663935666532376633
-65626263366333333562386461636231636438623966626136663932303035343531363234356663
+37653766313866663861653736646334376134323262666538333530623463643930393764366466
-37313661353764343764396666633666613238323638646233353138383638353938303933396431
+61633932363963633631316534613964643261326636396262333662366666306461663630666433
-65366564353533363039383838313562663561633434393833636365303561333534393930653630
+63316433343631356537366565316639333730323439363230306338646564346536346637616563
-63663464613334623864313663383630353166363862373132343532393135313666626464376436
+33613234373936393438626363386562313362396531363964363033313362303164626365653562
-34616566663764363566663530646638363338653538353661393835383035346236646233363564
+32636663366265633362353764306138633431393462653165653463306461316363613533373861
-34656165303737326261353032363435333731363031343366353863313138653865346535636564
+37633238396534313533363735313030633938643439643337383435613930343065663535373537
-31393134336534616161303132353764343833636465356661376638633163643739383830616534
+34316231323331326364653637633231343237363762653361363962396338353433366266333636
-65386262663734356134303039623265303935363764623537326565633030613465666435636232
+37666133626337393464376132353063646231326564663437646436363031316134336632613735
-61623334393734616262613232306339396639643636373762653738333463616361653430656438
+36346263353961343833333863313637386366316165386130303932653332303562303364343939
-63316265303634323033303330353232636136333863366261656532383065313334386335666636
+62653365363061343765326565613334623165643435643438373430663461323939636566343435
-34303564636333356364663565333932343064333266383638663365366636643866353132373966
+65633237643164626465633964306235666666633165386364613330393663666633643761313034
-66336563346233656531643735663062393630616537656264323136353266623161353261333239
+36306233383935316666346135373564636535633861666138656130383135373633313263303863
-33636563376566333331366336353338343730383962653138636535623039643461303763333961
+66613164636437343038373234376361333133663332653238316236653961383033396335323264
-63373264333037653563643937373664373665343136396635316634613632653232353033666266
+32346532303038653462366364343064306633373338663036633162626263376361333266386466
-31333064623765326536386630353435333438326232633565663531303730636530386564366633
+30353934313936316431663966643239386263376434626131643666663033653631636635333062
-63326335333639376266396562343838636430643664303737373565363635643037616231393665
+33636139326161663536343233343431373739363636383364663131363061666632653062653362
-36636337633564373561343266666632656235646662633965663733383731633832373334646335
+38663236383832306439316263336234353837623964316664316436303832663638333431326564
-34396163636635633637393834396566663062633135383330396564656536333330623737636332
+34653161373866383534373130386134653461663733613739313634616234323162643163656263
-36646362623131366166626639386238616566323135323334636638393934663336663532306336
+39633964383835663634366238326163353662383766303361653265643233666439393162636135
-38396634393433623963316261303061616634333566306239366666373238376466633166623464
+63303332363536393230613334643866376233623063376137303934393465353230393730636464
-33313538663838373465626638316432613135386262376233633362616463623363646433353666
+38366634646231353333666433303735366532346338376165363937656362363939336136366237
-32633838303837656335333336353564343461373236353736623032663139333338646463323533
+34663234363137653235393531323332343932376235386639346565393766343537386162323466
-65326131616433666563343163663462393235366135633661366564623662303932626164366632
+33386132613635646338323630363461393433333032346461353835653366653230653461366437
-38306430356238633162656337303536663065653639353562343965663366373861646162653562
+32626663666531303865363939333331356265613365656262356531376466363237333262666232
-62306236326163393336643232663336656637623539353835613536653164393038623966316433
+30313764353636666365336163656232636563616534663833613061306564353231373034613565
-32623462343037616465623736306530633736623061343430356638633530313331306363323837
+66636665633530396637303662316463353261313236306166323837383032663763333961353335
-63396263393136363137643632623938316363386238346237333862303735363065386633366263
+33613364393533623433386661616533663362356237653936643762323961326530356139643539
-31313834646239323631393335633534383930373630663538653864383930666465653731616263
+33653733623138316161616439386461643535336162663062303562663662333537626164643563
-35333830633430343436646266663231303466343138643338343634346133613666613734313037
+63383862316162633837346438663764306533393061663363653231633638653431633065313437
-34383931643631633539346262653631336565623366343564303332333831346436373162356362
+36306263353533383862313535303437663461313564376238613030393735306534303039646433
-66383864313732303962653662333036373239343335623765616536306465623030393138663838
+34326339373738646231643361653736363266366363346438663036316234326134653638353631
-30313861636631393462653836626164373034666533323338383262393132396436666639363262
+33373566356537376262383631343562353233353137666364316331623035653961326337346664
-39356132343939366534666665393231346566663432653236376333323363643166393431316161
+36343933383035643632373938333935326234336638373162326534396433363633376338306530
-33343666316138353333346263346266343731613065356631336231373266343338393939663038
+61633934363936636237663234383862313132306139653362343232643632363036366135653063
-35343235393563623434313266306163323266346662623063353631663433646436613130636663
+30373532383862353464303231316134343831633732643339623639356362303432326466653965
-38356335616438633638383236333131663163613436303934386335363432323063303234383331
+65656133653836636136316266363366313337656635323434326562383138303334663630656166
-34636432653262643438653931313233626462623034346137303738643932353334373531303439
+61383230663035346432313238356639643662616336306166613066663632366538663161366464
-30366233373535343431373365393566383538363763313036623262343066346236303061326631
+30636561656338646633323237633761386162623463663266383730353339343633666465313538
-64376463336538363132656464666365343861393330313637356237666361343666633436346534
+63383365343639613330346130643833393935396632373631613565336330666430373039646462
-33636332386336646333616330613738343264626438613135313962336534373130316330366233
+65333230663836663366333539316565663931666632363634303761613465616161373238373732
-30316333636564326165663565666361643430656366393939616538323530383632636661326331
+32313561343234356362363562653532343665393264346263656635313438363333396335393062
-35366663646533313034333764626237623637363164356163636432653765656439326438383134
+65336533343336336364313365646237643163303733313030353863646363316633336430313763
-62623638633934336334393636333336633164343066336161333138653637333435306230653865
+64316639646563633837393037356632616131303439366564333131653638373139643961363235
-35363032393633623331363933373463623032333361616365373037666333643634343963663835
+38666636366137303437623965613763643933613762616532383163386232636262626262653038
-34363033363731346663643363383965336536353332646262326136353965353137383737336165
+63323835613933633932633531323936346163666264326665633436393934343163316433653562
-33613733656463376333376264633935373239363337323538356636636439393564373332323031
+36306561633936663733363630393363356338626265653162343461336561393063373839633164
-31623733663530326632373235313830396133373430613061613438653336653462316336623438
+36373136353336376431396166663636636435303430626361353139633732383739313238333437
-30343032346133363830656231663966653734326635333831626639393666303033653437326238
+30396166666330666263623063343432633262343636656132383064643039316332303462353263
-65333566643066393331323466366662383135383734313537663664376161323265613436653535
+38376461633239366136323264623735656165313062626632343438386531373962346366623730
-63643832616663303632623433636161333339376635333635626137326662396562633830343337
+63313664343835386561333562393461666135306237306437333363366636613365333966303139
-65376165376564396433343736313134656332383533356138383039386266636238613936653962
+3263
 32373337346335383136303838343034376432363436356465613836366230313463303239373531
 65383334646431346565656638353537333765623430333133663663326134646566306137643663
 65643338386439666636376461356466396261326165333030623633613364343631343830653939
 64323266626131666332666433386434313936306361633164373532626231366234623735333932
 62306362346164336433336139313561366162303666353635653634396139313734626463663735
 38306466626237626634666138363665326636316563356431333432313534363638613833613539
 38306237353764376462323238663034646662393433623830616361623735343162666465626230
 30633731323939633265323338373537383261333235303262633336636433316339383433653861
 3861653261646632636364623830626561393864666135346634
--- a/roles/common/files/abusers-ipv4.xml
+++ b/roles/common/files/abusers-ipv4.xml
--- a/roles/common/files/abusers-ipv6.xml
+++ b/roles/common/files/abusers-ipv6.xml
@ -3,12 +3,14 @@
  <option name="family" value="inet6" />
  <short>abusers-ipv6</short>
  <description>A list of abusive IPv6 addresses.</description>
-  <entry>2001:41d0:1:f934::1</entry>
+  <entry>2001:41d0:1:c2cc::1</entry>
-  <entry>2001:41d0:602:238d::</entry>
+  <entry>2402:1f00:8001:bdd::</entry>
-  <entry>2001:41d0:a:2a31::</entry>
+  <entry>2604:a880:cad:d0::169:3001</entry>
-  <entry>2400:6180:0:d1::476:7001</entry>
+  <entry>2607:5300:60:8102::</entry>
-  <entry>2402:1f00:8001:8bd::</entry>
+  <entry>2607:f298:5:103f::d99:2ae3</entry>
-  <entry>2604:a880:800:10::5bf:2001</entry>
+  <entry>2607:f298:5:110b::3f:109c</entry>
-  <entry>2a00:d680:20:50::bcb2</entry>
+  <entry>2607:f298:5:110b::9e2:d4bd</entry>
-  <entry>2a02:2168:a01:33ee::1</entry>
+  <entry>2607:f298:5:110b::ee9:ac74</entry>
  <entry>2a03:b0c0:3:e0::292:9001</entry>
  <entry>2a0a:5e80::d8b3:c78f:14f7:1</entry>
 </ipset>
--- a/roles/common/tasks/firewall_Alpine.yml
+++ b/roles/common/tasks/firewall_Alpine.yml
@ -1,15 +0,0 @@
 ---
 # TODO: configure awall (ipsets?)
 # TODO: configure fail2ban
 - block:
  - name: Set Alpine firewall packages
    set_fact:
      alpine_firewall_packages:
        - awall
        - fail2ban
  - name: Install Alpine firewall packages
    apk: name={{ alpine_firewall_packages }} state=present
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -17,11 +17,6 @@
  when: ansible_distribution == 'Ubuntu'
  tags: packages
 - name: Install common packages
  include_tasks: packages_Alpine.yml
  when: ansible_distribution == 'Alpine'
  tags: packages
 - name: Configure firewall
  include_tasks: firewall_Debian.yml
  when: ansible_distribution == 'Debian'
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@ -1,7 +1,6 @@
 ---
 # Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
 # use timedatectl as a network time client instead of the standalone ntp client.
 # Alpine can use chrony.
 - name: Set timezone
  when: timezone is defined and ansible_service_mgr == 'systemd'
@ -16,8 +15,4 @@
  apt: name=ntp state=absent update_cache=yes
  when: ansible_service_mgr == 'systemd'
 - name: Install chronyd on Alpine
  apt: name=chrony state=present
  when: ansible_distribution == 'Alpine'
 # vim: set ts=2 sw=2:
--- a/roles/common/tasks/packages_Alpine.yml
+++ b/roles/common/tasks/packages_Alpine.yml
@ -1,28 +0,0 @@
 ---
 # requires: ansible-galaxy collection install community.general
 # TODO: configure tarsnap
 - block:
  - name: Upgrade base OS
    apk: upgrade=yes update_cache=yes
  - name: Set Alpine base packages
    set_fact:
      alpine_base_packages:
      - git
      - tmux
      - htop
      - strace
      - mosh
      - vim
      - unzip
      - zstd
  - name: Install Alpine base packages
    apk: name={{ alpine_base_packages }} state=present update_cache=yes
  #- name: Install tarsnap
  #  import_tasks: tarsnap.yml
  tags: packages
 # vim: set sw=2 ts=2:
--- a/roles/common/tasks/tarsnap.yml
+++ b/roles/common/tasks/tarsnap.yml
@ -5,7 +5,7 @@
  when: ansible_architecture != 'armv7l'
 - name: Add GPG key for Tarsnap
-  apt_key: id=0xFC72A10BF6B692AA url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
+  apt_key: id=0xBF75EEAB040E447C url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
  register: add_tarsnap_apt_key
 - name: Update apt cache
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -34,10 +34,8 @@
 - name: Update MariaDB root password for all root accounts
  mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
  loop:
    - "{{ inventory_hostname }}"
    - 127.0.0.1
    - ::1
    - localhost
  tags: mariadb
 - name: Create .my.conf file with root credentials
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -20,18 +20,25 @@ nginx_ssl_protocols: 'TLSv1.2 TLSv1.3'
 # See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
 nginx_ssl_stapling_resolver: '1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]'
-# install certbot + dependencies?
+# HTTP Strict-Transport-Security header, recommended by Google to be ~1 year
 # in seconds, see: https://hstspreload.org/
 nginx_hsts_max_age: 31536000
 # install acme.sh?
 # True unless you're in development and using "localhost" + snakeoil certs
 use_letsencrypt: True
 # Directory root for Let's Encrypt certs
-letsencrypt_root: /etc/letsencrypt/live
+letsencrypt_root: /etc/ssl
-# Location of Let's Encrypt's certbot script
+# Location where to save initial acme.sh script. After installation the script
-letsencrypt_certbot_dest: /opt/certbot-auto
+# will automatically create its home in the /root/.acme.sh directory (including
 # a copy of the script itself).
 letsencrypt_acme_script: /root/acme.sh
 letsencrypt_acme_home: /root/.acme.sh
-# stable is 1.18.x
+# stable is 1.20.x
-# mainline is 1.19.x
+# mainline is 1.21.x
 nginx_version: mainline
 # vim: set ts=2 sw=2:
--- a/roles/nginx/files/extra-security.conf
+++ b/roles/nginx/files/extra-security.conf
@ -15,3 +15,6 @@ add_header X-XSS-Protection "1; mode=block" always;
 # CSP can be quite difficult to configure, and cause real issues if you get it wrong
 # There is website that helps you generate a policy here http://cspisawesome.com/
 # add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" always;
 # Opt this site out of Google Chrome's Federated Learning of Cohorts (FLoC)
 add_header Permissions-Policy interest-cohort=() always;
--- a/roles/nginx/files/start-nginx.sh
+++ b/roles/nginx/files/start-nginx.sh
@ -1,3 +0,0 @@
 #!/usr/bin/env bash
 /bin/systemctl start nginx
--- a/roles/nginx/files/stop-nginx.sh
+++ b/roles/nginx/files/stop-nginx.sh
@ -1,3 +0,0 @@
 #!/usr/bin/env bash
 /bin/systemctl stop nginx
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@ -1,135 +1,57 @@
 ---
 # Use acme.sh instead of certbot because they only support installation via
 # snap now.
 - block:
  - name: Remove certbot
    apt:
      name: certbot
      state: absent
  - name: Remove old certbot post and pre hooks for nginx
    file:
      dest: "{{ item }}"
      state: absent
    with_items:
      - /etc/letsencrypt/renewal-hooks/pre/stop-nginx.sh
      - /etc/letsencrypt/renewal-hooks/post/start-nginx.sh
  - name: Download acme.sh
    get_url:
      url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
      dest: "{{ letsencrypt_acme_script }}"
  - name: Prepare Let's Encrypt well-known directory
    file:
      state: directory
      path: /var/lib/letsencrypt/.well-known
      owner: root
      group: nginx
      mode: g+s
  - name: Copy systemd service to renew Let's Encrypt certs
-    template: src=renew-letsencrypt.service.j2 dest=/etc/systemd/system/renew-letsencrypt.service mode=0644 owner=root group=root
+    template:
      src: renew-letsencrypt.service.j2
      dest: /etc/systemd/system/renew-letsencrypt.service
      mode: 0644
      owner: root
      group: root
  - name: Copy systemd timer to renew Let's Encrypt certs
-    copy: src=renew-letsencrypt.timer dest=/etc/systemd/system/renew-letsencrypt.timer mode=0644 owner=root group=root
+    copy:
      src: renew-letsencrypt.timer
      dest: /etc/systemd/system/renew-letsencrypt.timer
      mode: 0644
      owner: root
      group: root
-  # always issues daemon-reload just in case the server/timer changed
+  # always issues daemon-reload just in case the service/timer changed
  - name: Start and enable systemd timer to renew Let's Encrypt certs
-    systemd: name=renew-letsencrypt.timer state=started enabled=yes daemon_reload=yes
+    systemd:
-
+      name: renew-letsencrypt.timer
-  - name: Download certbot
+      state: started
-    get_url: dest={{ letsencrypt_certbot_dest }} url=https://dl.eff.org/certbot-auto mode=700
+      enabled: yes
-
+      daemon_reload: yes
  # Dependencies certbot checks for on its first run. I set them in a fact so that
  # I can pass the list directly to the apt module to install in one transaction.
  - name: Set certbot dependencies (Debian 10)
    when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('10', '==')
    set_fact:
      certbot_dependencies:
        - augeas-lenses
        - binutils
        - binutils-common
        - binutils-x86-64-linux-gnu
        - cpp
        - cpp-8
        - gcc
        - gcc-8
        - libasan5
        - libatomic1
        - libaugeas0
        - libbinutils
        - libc-dev-bin
        - libc6-dev
        - libcc1-0
        - libexpat1-dev
        - libffi-dev
        - libgcc-8-dev
        - libgomp1
        - libisl19
        - libitm1
        - liblsan0
        - libmpc3
        - libmpfr6
        - libmpx2
        - libpython-dev
        - libpython2-dev
        - libpython2.7
        - libpython2.7-dev
        - libquadmath0
        - libssl-dev
        - libtsan0
        - libubsan1
        - linux-libc-dev
        - python-dev
        - python-pip-whl
        - python-pkg-resources
        - python-virtualenv
        - python2-dev
        - python2.7-dev
        - python3-distutils
        - python3-lib2to3
        - python3-virtualenv
        - virtualenv
  # Dependencies certbot checks for on its first run. I set them in a fact so that
  # I can pass the list directly to the apt module to install in one transaction.
  - name: Set certbot dependencies (Ubuntu 18.04)
    when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('18.04', '==')
    set_fact:
      certbot_dependencies:
        - augeas-lenses
        - binutils
        - binutils-common
        - binutils-x86-64-linux-gnu
        - cpp
        - cpp-7
        - gcc
        - gcc-7
        - gcc-7-base
        - libasan4
        - libatomic1
        - libaugeas0
        - libbinutils
        - libc-dev-bin
        - libc6-dev
        - libcc1-0
        - libcilkrts5
        - libexpat1-dev
        - libffi-dev
        - libgcc-7-dev
        - libgomp1
        - libisl19
        - libitm1
        - liblsan0
        - libmpc3
        - libmpx2
        - libpython-dev
        - libpython2.7
        - libpython2.7-dev
        - libquadmath0
        - libssl-dev
        - libtsan0
        - libubsan0
        - linux-libc-dev
        - python-dev
        - python-pip-whl
        - python-pkg-resources
        - python-virtualenv
        - python2.7-dev
        - python3-virtualenv
        - virtualenv
  - name: Install certbot dependencies
    apt: name={{ certbot_dependencies }} state=present update_cache=yes
  when: ansible_distribution != 'Ubuntu' and ansible_distribution_major_version is version('20.04', '!=')
  tags: letsencrypt
 # On Ubuntu 20.04 it is no longer recommended/supported to use the standalone
 # certbot-auto so I guess we need to use the one from the repositories.
 - block:
  - name: Install certbot (Ubuntu 20.04)
    apt: name=certbot state=present update_cache=yes
  - name: Copy certbot post and pre hooks for nginx
    copy: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0755
    with_items:
      - { src: 'stop-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/pre/stop-nginx.sh' }
      - { src: 'start-nginx.sh', dest: '/etc/letsencrypt/renewal-hooks/post/start-nginx.sh' }
  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')
  tags: letsencrypt
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -71,7 +71,7 @@
 - name: Configure Let's Encrypt
  include_tasks: letsencrypt.yml
-  when: use_letsencrypt is defined and use_letsencrypt
+  #when: use_letsencrypt is defined and use_letsencrypt
  tags: letsencrypt
 # vim: set ts=2 sw=2:
--- a/roles/nginx/tasks/vhosts.yml
+++ b/roles/nginx/tasks/vhosts.yml
@ -12,8 +12,11 @@
    notify:
      - reload nginx
-  - name: Generate 2048-bit dhparam
+  - name: Download 4096-bit RFC 7919 dhparams
-    command: openssl dhparam -out dhparam.pem 2048 chdir=/etc/ssl/certs creates=dhparam.pem
+    get_url:
      url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem
      checksum: sha256:64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
      dest: "{{ nginx_ssl_dhparam }}"
    notify:
      - reload nginx
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@ -16,8 +16,8 @@
    # concatenated key + cert
    # See: http://nginx.org/en/docs/http/configuring_https_servers.html
-    ssl_certificate {{ letsencrypt_root }}/{{ domain_name }}/fullchain.pem;
+    ssl_certificate {{ letsencrypt_root }}/certs/{{ domain_name }}.fullchain.pem;
-    ssl_certificate_key {{ letsencrypt_root }}/{{ domain_name }}/privkey.pem;
+    ssl_certificate_key {{ letsencrypt_root }}/private/{{ domain_name }}.key.pem;
    {% endif %}
@ -51,5 +51,5 @@
    # Enable this if you want HSTS (recommended, but be careful)
    # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
    # See: https://hstspreload.appspot.com/
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+    add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
    {% endif %}
--- a/roles/nginx/templates/renew-letsencrypt.service.j2
+++ b/roles/nginx/templates/renew-letsencrypt.service.j2
@ -1,7 +1,9 @@
 [Unit]
 Description=Renew Let's Encrypt certificates
-ConditionFileIsExecutable={{ letsencrypt_certbot_dest }}
+ConditionFileIsExecutable={{ letsencrypt_acme_home }}/acme.sh
 [Service]
 Type=oneshot
-ExecStart={{ letsencrypt_certbot_dest }} renew --standalone --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"
+ExecStart={{ letsencrypt_acme_home }}/acme.sh --cron --home {{ letsencrypt_acme_home }} --reloadcmd "/bin/systemctl reload nginx" -w /var/lib/letsencrypt
 SuccessExitStatus=0 2
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@ -14,6 +14,8 @@ server {
    listen [::]:80;
    server_name {{ domain_name }} {{ domain_aliases }};
    {% include 'well-known.j2' %}
    # redirect http -> https
    location / {
        # ? in rewrite makes sure nginx doesn't append query string again
@ -96,7 +98,7 @@ server {
        # Enable this if you want HSTS (recommended, but be careful)
        # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
        # See: https://hstspreload.appspot.com/
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+        add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
        {% endif %}
        include extra-security.conf;
--- a/roles/nginx/templates/well-known.j2
+++ b/roles/nginx/templates/well-known.j2
@ -0,0 +1,6 @@
 location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
 }
--- a/roles/nginx/templates/wordpress.j2
+++ b/roles/nginx/templates/wordpress.j2
@ -9,7 +9,7 @@
        # Enable this if you want HSTS (recommended, but be careful)
        # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
        # See: https://hstspreload.appspot.com/
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+        add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
        {% endif %}
    }
@ -20,7 +20,7 @@
        # Enable this if you want HSTS (recommended, but be careful)
        # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
        # See: https://hstspreload.appspot.com/
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+        add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
        {% endif %}
    }   
--- a/vars/Alpine.yml
+++ b/vars/Alpine.yml
@ -1,10 +0,0 @@
 ---
 # sshd service name is `ssh` on Debian/Ubuntu, but it's
 # `sshd` on CentOS and Alpine
 sshd_service_name: sshd
 # provisioning user vars
 provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
 # vim: set ts=2 sw=2:
Author	SHA1	Message	Date
Alan Orth	32da3a3341	Pipfile.lock: Re-create pipenv environment for Ansible 4.0.0 Seems we need to manually uninstall and re-install.	2021-05-20 10:21:01 +03:00
Alan Orth	31a3f5832a	roles/common: Update list of abusive IP addresses This comes from the AbuseIPDB with a confidence level of 95%. I use the following command to download and sort the IPs: $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \ confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \ -H "Accept: text/plain" \| sort \| sed -e '/:/w /tmp/ipv6.txt' \ -e '/:/d' > /tmp/ipv4.txt I manually add the XML formatting to each file and run them through tidy: $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml	2021-05-20 10:20:47 +03:00
Alan Orth	3e7130b519	Pipfile.lock: run pipenv update	2021-05-14 13:56:56 +03:00
Alan Orth	bd0b6a16de	roles/nginx/defaults/main.yml: Update version comment Stable is now 1.20.0	2021-05-10 16:00:44 +03:00
Alan Orth	7145298f90	Pipfile.lock: Run pipenv update	2021-05-10 15:59:34 +03:00
Alan Orth	1bfd2bc441	Pipfile.lock: Run pipenv update Ansible 3.3.0	2021-04-28 12:49:23 +03:00
Alan Orth	884b3b8425	host_vars/web19: remove dead host	2021-04-24 20:17:17 +03:00
Alan Orth	e06a0c4093	host_vars/web19: WordPress 5.7.1	2021-04-16 19:51:55 +03:00
Alan Orth	7ba5afcec4	roles/nginx: Opt out of Google FLoC Google's new Federated Learning of Cohorts (FLoC) will read user's browser history and assign them to cohorts to track them unless we set this header.	2021-04-16 12:41:09 +03:00
Alan Orth	d3978e5b07	Pipfile.lock: run pipenv update	2021-04-13 14:28:34 +03:00
Alan Orth	4150dac57b	roles/common: Update list of abusive IP addresses This comes from the AbuseIPDB with a confidence level of 95%. I use the following command to download and sort the IPs: $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \ confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \ -H "Accept: text/plain" \| sort \| sed -e '/:/w /tmp/ipv6.txt' \ -e '/:/d' > /tmp/ipv4.txt I manually add the XML formatting to each file and run them through tidy: $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml	2021-04-13 12:11:11 +03:00
Alan Orth	58bc9d191f	roles/common: Update list of abusive IP addresses This comes from the AbuseIPDB with a confidence level of 95%. I use the following command to download and sort the IPs: $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \ confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \ -H "Accept: text/plain" \| sort \| sed -e '/:/w /tmp/ipv6.txt' \ -e '/:/d' > /tmp/ipv4.txt I manually add the XML formatting to each file and run them through tidy: $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml	2021-03-24 10:02:43 +02:00
Alan Orth	96cefc7f74	roles/nginx: Parameterize HSTS header This parameterizes the HTTP Strict Transport Security header so we can use it consistently across all templates. Also, it updates the max-age to be ~1 year in seconds, which is recommended by Google. See: https://hstspreload.org/	2021-03-23 15:36:28 +02:00
Alan Orth	f85eb2841a	roles/nginx: Add webroot to systemd renewal service	2021-03-20 00:18:17 +02:00
Alan Orth	5d506ebc65	README.md: Update copyright year	2021-03-20 00:16:16 +02:00
Alan Orth	af49f27551	roles/nginx: Update comment in defaults	2021-03-19 23:50:39 +02:00
Alan Orth	f341d2e5eb	roles/nginx: Remove nginx pre/post hooks We are now using the well-known webroot.	2021-03-19 23:46:22 +02:00
Alan Orth	ceba0ea417	roles/nginx: Use consistent task style	2021-03-19 23:45:41 +02:00
Alan Orth	a34cb1e666	roles/nginx: Switch to acme.sh for Let's Encrypt The certbot-auto client that I've been using for a long time is now only supported if you install it using snap. I don't use snap on my systems so I decided to switch to the acme.sh client, which is imp- lemented in POSIX shell with no dependencies. One bonus of this is that I can start using ECC certificates. This also configures the .well-known directory so we can use webroot when installing and renewing certificates. I have yet to understand how the renewal works with regards to webroot, though. I may have to update the systemd timers to point to /var/lib/letsencrypt/.well-known.	2021-03-19 23:39:30 +02:00
Alan Orth	65fc52c5e5	roles/nginx: Use variable for nginx_ssl_dhparam I went years without realizing that I was hard coding the file dest in this particular task.	2021-03-19 18:13:55 +02:00
Alan Orth	7f13c8c675	host_vars/web19: WordPress 3.7	2021-03-19 13:27:34 +02:00
Alan Orth	9c36cfb8e5	Pipfile.lock: Run pipenv update	2021-03-19 13:18:19 +02:00
Alan Orth	7f72a9eda4	roles/nginx: Use RFC 7919 4096-bit dhparams Recommended by internet.nl, which made me aware of RFC 7919. See: https://tools.ietf.org/html/rfc7919#page-14	2021-03-19 13:13:56 +02:00
Alan Orth	6e96d48ea6	Pipfile.lock: Run pipenv update Ansible 3.0.0	2021-03-01 15:27:58 +02:00
Alan Orth	db412066b3	roles/mariadb: Only create users on 127.0.0.1 and ::1 A few months ago I disabled hostname lookups so only IP addresses work now anyways.	2021-02-13 13:11:28 +02:00
Alan Orth	63a836e2a7	roles/common: Update Tarsnap GPG key Apparently this changed since I last ran the tarsnap task.	2021-02-13 12:57:17 +02:00
		`@ -1,3 +0,0 @@`
			`#!/usr/bin/env bash`

			`/bin/systemctl start nginx`
		`@ -1,3 +0,0 @@`
			`#!/usr/bin/env bash`

			`/bin/systemctl stop nginx`