- logwatch - firewall: ufw or ferm - ghost - sigal - git-annex x mediagoblin https://issues.mediagoblin.org/ticket/5455 https://issues.mediagoblin.org/ticket/5441 - automate SSL with let's encrypt https://community.letsencrypt.org/t/howto-certificate-renewal-with-ansible/10214 - nginx default config: gzip, sendfile, autoindex, etc - unattended updates: maybe create new file instead of overwriting? - mediagoblin required double-build to be successful? - cgit => root-title, readme, root-desc, agefile => proper agefile based on commit date? - gh-mirror (?) - import old cruft/README from nsa commissioning repo - review/refactor to ensure "copy" and "templates" are force=no when appropriate (user-modifiable stuff)