1. use PartOf for proper dependency management; 2. add hard coded subnet, with specific ip for app; to use in ufw rules;
1. add systemd units deployment recipie; 2. add certbot periodic task; 3. update nginx_config.py to user ssl_preread_server_name instead of protocol, since it seems to be broken;
