Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

This is mostly a fail-safe against stalling uploads

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

report_stats must be present. The reporting phones home the following values:

timestamp
server name setting
server context setting (empty)
cache factor setting
event cache size setting
python version
database engine name (PostgreSQL)
database engine version
server process uptime
server process RSS
server process average CPU use
count rooms
count rooms active in the last 24h
count local users
count local non-bridge users
count local users created in the last 24h
count local users active in the last 24h
count local users active for at least 30 days
count messages in the last 24h
count messages by local users in the last 24h

I think this is acceptable to disclose, so allow reporting.

Thanks to new official releases, we can now use stable packages again.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Changes made have been merged into our package, along some additional
changes. This is no longer needed.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

roles/common: Replace Seblu's submodule with a submodule pointing to our contrib repository on Arch Linux's github.

service

Some machines use certbot, but don't have nginx so we shouldn't force
the reload here.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Add sysctl hardening options which disallow perf/viewing kernel symbols
and dmesg for non-admin users as they contain valuable information for
attackers.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Our ansible is python3 only now