Regarding item 4, seriously, does everything these days have to have a web
interface? It just increases the attack surface. Adding a web interface means
one more thing to protect against hackers, which means writing rules for the
WAF or adding something else for fail2ban or sshguard to watch.
Most services have a "reload" and "restart" in the service command. It really
isn't a burden to use them. The burden is to have yet another means to restart
Personally, I viewed the XML setup as a feature since it is self documenting.
My preference would be for better sqlite support. That is add and delete users
from sqlite3 rather than mysql.