I have implemented password notifications as outlined above, there isn’t a way for users to change their SSH passwords but we can trigger news ones to be set and sent by email, perhaps there should also be an option to disable password logins for users if they wish to only use keys?
Automatic WordPress and Matomo installs are working and the config to describe accounts currently looks like this, there are lots of things still to implement but I feel I have broken the back of it now, it is now around 10k lines of YAML, Jinja2 templates and config files in total (19k if all the copies of the GNU GPL are included!):
find . -type f | grep -v \.git | grep -v galaxy_install_info | grep -v LICENSE | xargs wc -l | tail -n 1
10960 total