TODO
====

- dovecot / fetchmail: tls:
  - https://serverfault.com/questions/680047/dovecot-starttls-fails-using-fetchmail
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768843
- tcpwrappers: deploy.
- sshd:
  - https://stribika.github.io/2015/01/04/secure-secure-shell.html
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
- nodo: journald: volatile logs only:
  - https://wiki.debian.org/systemd#Configuring_as_default
  - https://www.freedesktop.org/software/systemd/man/systemd.unit.html
  - https://www.freedesktop.org/software/systemd/man/journald.conf.html
  - https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs
- cleanup and merge.
- switch to conf.d:
  - https://wiki.debian.org/PHP/
  - apache2.
- drupal/wordpress:
  - files: under platform user, not root.
  - cronjobs: switch to the platform user.
- issues:
  - [Waiting for SSH when ssh-agent is running and has a ed25519 key](https://github.com/vagrant-libvirt/vagrant-libvirt/issues/452).
  - [Update net-ssh to 2.9.0 by chr4](https://github.com/mitchellh/vagrant/pull/3605)