using {{ domain }} instead of hardcoder lilik.it in resolv.conf.

Now xfs is working, `prepare_host.yaml` is modified to add `xfs` to
the list of modules loaded at each boot.

If module is added to that list, than is also loaded with a modprobe
handler.

If xfs is not working with `role/lxc_guest`, run the patched
`prepare_host.yaml` againg.

Debian version upgraded to buster.

New templates compatibile with stable versions of LXC provided with
debian.

Cleaner syntax using `ssh_lxc.py` connection plugin. Now we don't user
`lxc-attach -n ...` in the `shell` module on the host anymore, but we
delegate to `{{ vm_name }}` with `connection: ssh_lxc`, using suitable
Ansible module to do operation directly on the container before it is
online and SSH accessible.

We added an option to force an LVM VG name: if the default naming
convention is not used the vg name can be overriden with the `vg_name`
variable.

The `xfs` filesystem seems to be broken in this release, so we used
`ext4` as default for new container. This point needs further
investigation.

Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in
module `ssh_cert` and use a better implementation for multiple user CA.

Now we are reading user_ca from `group_vars/all.yaml`.
`user_ca_keys` should be list of each allowed User CA on one host (in
this way is easier to rotate CAs without reissuing keys to each user at
the same time).
The production CA must be the first one in the list. Host certificate
will be checked only against the first CA and updated if their host key
was issued from another CA in the list.

For this reason now we are using a template to create
`/etc/ssh/user_ca.pub` on the target, to preserve the key order.

`group_vars/all.yaml.example` has been updated to reflect the new usage.

The role was still referencing older `ansible_docker_extra_args`
variable.

Replaced with `ansible_ssh_lxc_name`.

move debug messages from roles in task ca-dialog

this module read a file containing a public key and prepares
the sign_request for a ssl_host or ssh_host request

this role variables will be used during templating
for nginx reverse proxy

- remove the handling of which template to use
- do not access parent role
- update riot-web nginx configuration
- update icinga role to use new nginx templating
- update synapse nginx configuration
- update matrix role to use new nginx templates
- update dokuwiki to use new nginx template
- extend nginx template in dokuwiki
- update login role to new nginx templates
- add protocol for default option
- add extra block to nginx template
- update riote-web version
- fix template extension for riot web nginx definition
- update login template for nginx endpoint

- handle errors when starting/stopping webserver
- fix typo