This is a copy of the web-proxy-docker repo but the base image is now in
the [dockerfiles](https://git.shore.co.il/shore/dockerfiles) repo.

Faulty motherboard, good Asus support, new MAC address.

Because of the convoluted way I'm running tasks, there's only 1 host in
the play but the handlers are for the remote hosts. Run them even if
there's a failure to restart whatever is needed since the failure will
always be for the local host.

The ECS cluster and ASG instances.

Docker Compose changed the names of the containers a while back, update
the names in the playbook as well.

Backups across the different services have been changed. There are now
snapshots for each services with copies saved for a few weeks. All of
them under /var/backups. The backup script doesn't need to work around
btrfs subvolumes. Instead just snapshotting /var/backups and rsync'ing
to a removable media. The old script is kept in source for reference.

It's a good compromise between size and speed.

Instead of having the Docker package as part of the general utility
package installation.

Script, Systemd service and timer to backup Docker volumes marked as
such.

- Apply tagging to all included tasks.
- Restart the Docker service after updating the container restart
  drop-in, in case there are containers in need of a restart.
- Reload Systemd after updating the btrfs scrub and check units, simple
  omission.

New in OpenBSD 7.1, list services that are running but shouldn't (are
disabled). Send the list as part of the daily email.

I don't care all that much about HA in this setup and I do wish to save
a few bucks when I can, but I do need to AZs in some cases so 2 AZs is
to the way to go.

Terraform can't deploy resource with for_each if some of the information
is missing when building the plan. A workaround is to avoid having a
resource with for_each depend on a resource witha a count.

An Ansible playbook to create an IAM user for GitLab projects' CI. Also,
rotates the IAM access keys, sets the CI variables for the access key,
attaches an inline policy to limit the user by IP and requested region.
Lastly, create a policy with full access to Resource Groups because I
usually create one for each deployment but there isn't such an AWS
managed policy.

New AWS subdomain. The point is having it in AWS so Terraform can manage
it and then it I can do cool things, like requesting certificates from
AWS and validate ownership using DNS all inside the comfort of
Terraform.

Address a great bunch of warnings.

So the containers can access the host.

The Nagios plugin doesn't work on the device, it needs a mountpoint.

- Use .pre-commit-config.yaml Git skeleton, updating some hooks.
- Remove the Python linters, there's no Python code or planned to be.
- Remove the pre-commit manifest validate hook, there are no pre-commit
  hooks.
- Remove the yamltool formatter, it's too broad (I need to do something
  about that).
- Specify the Ansible playbooks for the syntax check hook, actually
  check them instead of skipping with no files found.

Cleans up the code a bit, I think. Also, why do host keys or account
keys are good for 4 years but the DH parameters are onl good for 4
weeks? Settle on 1 year for all of them.

- Debian testing and the next Ubuntu LTS (jammy) have Toolbx packaged.
  Use that instead of the binary from toolbox-build. Keep a list of
releases that don't have that it packaged since it should be pretty
static and over time can be removed.
- Instead of checking the distro release, check if there's a Kubic APT
  repo defined (like the assertion does). So we have a single place to
list releases that need that repo. Since the current Debian stable
(bullseye) and the next Ubuntu LTS (jammy) have Podman packaged that
list should be very stable (unless there's another ElementaryOS release
based on Ubuntu Focal before 7.0).
- Rename Toolbox to Toolbx in task names (match the renamed project
  name).