diff --git a/roles/cloud-hetzner/tasks/prompts.yml b/roles/cloud-hetzner/tasks/prompts.yml index be42abd..5f240df 100644 --- a/roles/cloud-hetzner/tasks/prompts.yml +++ b/roles/cloud-hetzner/tasks/prompts.yml @@ -17,7 +17,7 @@ api_token: "{{ algo_hcloud_token }}" register: _hcloud_regions -- name: Set facts about thre regions +- name: Set facts about the regions set_fact: hcloud_regions: "{{ hcloud_datacenter_facts | sort(attribute='location') }}" diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml index 1214d48..19618d4 100644 --- a/roles/common/tasks/ubuntu.yml +++ b/roles/common/tasks/ubuntu.yml @@ -36,7 +36,7 @@ become: false when: algo_provider != "local" -- name: Include unatteded upgrades configuration +- name: Include unattended upgrades configuration import_tasks: unattended-upgrades.yml - name: Disable MOTD on login and SSHD diff --git a/roles/common/templates/rules.v4.j2 b/roles/common/templates/rules.v4.j2 index a4209f7..c127bdc 100644 --- a/roles/common/templates/rules.v4.j2 +++ b/roles/common/templates/rules.v4.j2 @@ -95,7 +95,7 @@ COMMIT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Drop SMB/CIFS traffic that requests to be forwarded -A FORWARD -p tcp --dport 445 -j {{ "DROP" if block_smb else "ACCEPT" }} -# Drop NETBIOS trafic that requests to be forwarded +# Drop NETBIOS traffic that requests to be forwarded -A FORWARD -p udp -m multiport --ports 137,138 -j {{ "DROP" if block_netbios else "ACCEPT" }} -A FORWARD -p tcp -m multiport --ports 137,139 -j {{ "DROP" if block_netbios else "ACCEPT" }} diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml index c7e193f..1ec9498 100644 --- a/roles/strongswan/tasks/openssl.yml +++ b/roles/strongswan/tasks/openssl.yml @@ -220,7 +220,7 @@ when: item.split('@')[0] not in users with_items: "{{ valid_certs.stdout_lines }}" - - name: Genereate new CRL file + - name: Generate new CRL file shell: > {{ openssl_bin }} ca -gencrl -config <(cat openssl.cnf <(printf "[basic_exts]\nsubjectAltName=DNS:{{ IP_subject_alt_name }}")) diff --git a/roles/strongswan/templates/openssl.cnf.j2 b/roles/strongswan/templates/openssl.cnf.j2 index fa22017..bd199b3 100644 --- a/roles/strongswan/templates/openssl.cnf.j2 +++ b/roles/strongswan/templates/openssl.cnf.j2 @@ -21,7 +21,7 @@ crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem # The private key RANDFILE = $dir/private/.rand # private random number file -x509_extensions = basic_exts # The extentions to add to the cert +x509_extensions = basic_exts # The extensions to add to the cert # This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA # is designed for will. In return, we get the Issuer attached to CRLs. @@ -56,7 +56,7 @@ default_bits = 2048 default_keyfile = privkey.pem default_md = sha256 distinguished_name = cn_only -x509_extensions = easyrsa_ca # The extentions to add to the self signed cert +x509_extensions = easyrsa_ca # The extensions to add to the self signed cert # A placeholder to handle the $EXTRA_EXTS feature: #%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it