Per https://zonemaster.net/en/result/472d8d42df31e2d8, implement _some_
of the recommendations:
- Limit AXFR availability.
- Raise some of the SOA values.

The Am I Live checks routinely fail because of it.

It's been decomissioned.

It overrides /etc/resolv.conf and I don't need it (I run my own DNS
resolver).

Also set the region, Am I Live is running in a region different to the
default.

- Update the Terraform documentation.
- Update Vouch.
- Cleanup the GitLab CI file.

This is a copy of the web-proxy-docker repo but the base image is now in
the [dockerfiles](https://git.shore.co.il/shore/dockerfiles) repo.

Faulty motherboard, good Asus support, new MAC address.

Because of the convoluted way I'm running tasks, there's only 1 host in
the play but the handlers are for the remote hosts. Run them even if
there's a failure to restart whatever is needed since the failure will
always be for the local host.

The ECS cluster and ASG instances.

Docker Compose changed the names of the containers a while back, update
the names in the playbook as well.

Backups across the different services have been changed. There are now
snapshots for each services with copies saved for a few weeks. All of
them under /var/backups. The backup script doesn't need to work around
btrfs subvolumes. Instead just snapshotting /var/backups and rsync'ing
to a removable media. The old script is kept in source for reference.

It's a good compromise between size and speed.

Instead of having the Docker package as part of the general utility
package installation.

Script, Systemd service and timer to backup Docker volumes marked as
such.

- Apply tagging to all included tasks.
- Restart the Docker service after updating the container restart
  drop-in, in case there are containers in need of a restart.
- Reload Systemd after updating the btrfs scrub and check units, simple
  omission.

New in OpenBSD 7.1, list services that are running but shouldn't (are
disabled). Send the list as part of the daily email.

I don't care all that much about HA in this setup and I do wish to save
a few bucks when I can, but I do need to AZs in some cases so 2 AZs is
to the way to go.

Terraform can't deploy resource with for_each if some of the information
is missing when building the plan. A workaround is to avoid having a
resource with for_each depend on a resource witha a count.

An Ansible playbook to create an IAM user for GitLab projects' CI. Also,
rotates the IAM access keys, sets the CI variables for the access key,
attaches an inline policy to limit the user by IP and requested region.
Lastly, create a policy with full access to Resource Groups because I
usually create one for each deployment but there isn't such an AWS
managed policy.

New AWS subdomain. The point is having it in AWS so Terraform can manage
it and then it I can do cool things, like requesting certificates from
AWS and validate ownership using DNS all inside the comfort of
Terraform.

Address a great bunch of warnings.

So the containers can access the host.

The Nagios plugin doesn't work on the device, it needs a mountpoint.