To make more uniform, use the same location on all hosts. Instead of
copying the same tasks over and over in the renew-certs playbook in the
homelab repo.

Those directories were used by hosts now served by ns4.

Access LAM on its own domain (from inside the network only).

- No more proxying in www.shore.co.il. I think about redoing it all with
  a subdomain per service. Also no more secrets, intead authenticate
  against the LDAP server or something.
- CI templates.
- Simpler self-signed SSL certificate generation.
- Set the hostname in CI.
- Use the www-redirect snippet in shore.co.il.

This reverts commit d4d48591. I'm
reverting most of it but amending or mending a few things that I'm going
to move to ns4.

Marked as weak in SSL Labs' test.

SSL Labs' test complains that it doesn't offer forward secrecy.

Prettier editing.

Up to now I supported older browsers by supporting older versions of TLS
and cipher suites. I still think it makes sense for my blog, etc. but
not for Nextcloud or GitLab. So here's the first step, make the previous
default SSL configuration be ssl-legacy (split out the common parts to
ssl-common) and next is ssl-modern.

Use the git skeleton file. Apply changes from the new hooks.

It has a hard-coded server name, it should be in the that server's
config.

This reverts commit 7885e91e.

So I can get the real client IP in the service.

If the acme challenge is in a location block but the default redirection
is not, the default always takes precedence (Nginx won't resolve the
order between the different directives, but it will between different
location blocks).

Snippet to redirect to https if Upgrade-Insecure-Requests is set in the
request.

How can I miss the opportunity to interfere with Google in any way?