Documentation updates

[TC1977]

Description

• Fixes the new variable name (store_cakey -> store_pki) in the deploy from Ansible docs
• Updates "mission statement" paragraph to reflect the primary use of Wireguard (and its client apps)
• Clarifies the FAQ about clients connecting to each other.
• Clarifies the prompts about VPN On Demand apply only to Apple IPsec clients.
• Encourages people to set their config options and review config.cfg before deployment.
• Clarifies that servers (mostly) can't be upgraded to take advantage of "new Algo features".
• Adds instructions to the cloud-init docs about updating user list, and adds the correct locations of install log and configs.
• Adds a FAQ about monitoring user activity.
• Documents Python version incompatibilities described in Error using Python 3.8 on MacOS 10.14 #1622
• Adds Road warrior instructions to the "deploy to Ubuntu" instructions.
• Reorganizes config.cfg and (again) encourages setting options before deployment.

Motivation and Context

Fixes #1606.
Fixes question asked in #624 (and in the Gitter chat, numerous times)
Attempts to address #1538 (again)
Closes #1596 .
Nice callback to #1291 .
Addresses #1283, #1216, #1555, closes #1600 , and again numerous questions in Gitter chat
Through a time warp, closes #1610 before it was raised.
Closes #1622 .
Closes #1609 .
Documents the "BetweenClients_DROP" option brought up in #1516, #821, #1171 among others.

How Has This Been Tested?

Only way to test if documentation works is to see if people still have questions.

Checklist:

• I have updated the documentation accordingly.

[davidemyers]

Encouraging people to review config.cfg before deployment is a great idea, but it still says ### Advanced users only below this line ### immediately after the users section. We should consider re-ordering config.cfg so that only the truly advanced stuff like subnet numbering and cloud provider configuration are at the bottom of the file below this warning. Probably best done as a separate PR.

[TC1977]

Great feedback. I'm on the road and will try to address this after the weekend.

[TC1977]

Encouraging people to review config.cfg before deployment is a great idea, but it still says ### Advanced users only below this line ### immediately after the users section. We should consider re-ordering config.cfg so that only the truly advanced stuff like subnet numbering and cloud provider configuration are at the bottom of the file below this warning. Probably best done as a separate PR.

@davidemyers Done! See what you think.

[davidemyers]

I like it. Just a few suggestions:

I think unattended_reboot should be "above the line" so users are encouraged to review it, but it still needs to be disabled by default.

I suggest the Advanced section start with dnscrypt_servers and dns_servers, which are probably the first things an advanced user will look for.

I also suggest burying network definitions like strongswan_network, wireguard_network, and local_service_ip at the bottom of the file since they'll almost never be changed and this might encourage even advanced users to leave them alone.

Thanks!

[TC1977]

I like it. Just a few suggestions:

I think unattended_reboot should be "above the line" so users are encouraged to review it, but it still needs to be disabled by default.

I suggest the Advanced section start with dnscrypt_servers and dns_servers, which are probably the first things an advanced user will look for.

I also suggest burying network definitions like strongswan_network, wireguard_network, and local_service_ip at the bottom of the file since they'll almost never be changed and this might encourage even advanced users to leave them alone.

Thanks!

Ok, done! I also changed False to false for the keys_clean_all option, and rewrote the comment.

[TC1977]

Any other feedback, or anything else I should do to get this merged? Worried about these doc changes getting stale and requiring further updates.

[TC1977]

Given how many times the BetweenClients_DROP flag has come up, including twice in the last week on the Gitter chat, should that be promoted to a FAQ rather than buried in the deploy to Ubuntu instructions?

[TC1977]

Trying to keep these changes in sync with the latest commits. Is there a part that I can drop to get the rest of the doc updates in?

[jackivanov]

I think we're good