diff --git a/README.md b/README.md
index 42794d3..7c9f058 100644
--- a/README.md
+++ b/README.md
@@ -4,11 +4,6 @@ This repository template provides a ansible inventory to manage cloud server in
 hetzner cloud (hcloud). It performes some basic linux hardening (unattended upgrades, 
 ssh, fail2ban) and can be extended by roles or tasks to perform whatever you need.
 
-## Supported Images
-- Ubuntu (18.04, 20.04, 22.04)
-- Debian (10, 11, 12)
-- Fedora (37, 38)
-
 ## Getting started
 1. Create a reporitory from this template repository and clone it:
    ```shell
diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml
index e583f49..25c5e2f 100644
--- a/group_vars/all/vars.yaml
+++ b/group_vars/all/vars.yaml
@@ -1,5 +1,12 @@
 ---
-worker_user: "worker"
+worker_user: worker
+
+# hcloud defaults for cloud server
+server_type: cx11
+location: hel1
+image: ubuntu-22.04
+enable_ipv4: false
+enable_ipv6: true
 
 # features / roles to install
 install_nginx: false
diff --git a/inventory.yaml b/inventory.yaml
new file mode 100644
index 0000000..811484a
--- /dev/null
+++ b/inventory.yaml
@@ -0,0 +1,3 @@
+---
+all:
+  hosts:
\ No newline at end of file
diff --git a/playbook.yaml b/playbook.yaml
index bbceedd..c156bad 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -10,9 +10,6 @@
   tasks:
     - ansible.builtin.include_tasks: "tasks/create-worker-user.yaml"
 
-    - ansible.builtin.include_role:
-        name: "roles/ansible-role-sshd"
-
     - name: "Remove labels from cloud server {{ inventory_hostname }}"
       hetzner.hcloud.hcloud_server:
         api_token: "{{ hcloud_api_token }}"
@@ -24,6 +21,9 @@
       when: new_server
       delegate_to: localhost
 
+    - ansible.builtin.include_role:
+        name: "roles/ansible-role-sshd"
+
     - name: "Update repositories cache on systems using apt"
       ansible.builtin.apt:
         update_cache: yes
@@ -31,10 +31,19 @@
       changed_when: false
       become: true
 
+    - name: "Install extra packages for enterprise linux"
+      ansible.builtin.package:
+        name: epel-release
+        state: present
+      when: "ansible_distribution in ['CentOS', 'AlmaLinux', 'Rocky']"
+      become: true
+
     - ansible.builtin.include_role:
         name: "roles/ansible-role-fail2ban"
 
-    #- name: "Install tools and requirements"
+    - ansible.builtin.include_tasks: "tasks/auto-update.yaml"
+
+    #- name: "Install unattended upgrades"
     #  ansible.builtin.apt:
     #    name:
     #      - python3-requests
@@ -48,12 +57,11 @@
     #      - jq
     #      - iptables
     #      - iptables-persistent
-    #      - unattended-upgrades
     #    state: present
     #  become: true
 
     - ansible.builtin.include_role:
         name: "roles/ansible-role-nginx"
-      when: 
+      when:
         - enable_ipv4  # otherwise acme.sh cannot be installed
         - install_nginx
diff --git a/roles/ansible-role-fail2ban b/roles/ansible-role-fail2ban
index f6883a9..e050d9c 160000
--- a/roles/ansible-role-fail2ban
+++ b/roles/ansible-role-fail2ban
@@ -1 +1 @@
-Subproject commit f6883a9cfa0358db66cbc6fc004e623dcadfbd8e
+Subproject commit e050d9c7d3d5fb8d569236c15e8a6a747f1c131f
diff --git a/roles/ansible-role-nginx b/roles/ansible-role-nginx
index b7b6907..f2c78e5 160000
--- a/roles/ansible-role-nginx
+++ b/roles/ansible-role-nginx
@@ -1 +1 @@
-Subproject commit b7b690778c1cbc79d7d912605b332191da063c0f
+Subproject commit f2c78e58d108cedc7994b73f5a6d07b20d76b1b1
diff --git a/tasks/auto-update.yaml b/tasks/auto-update.yaml
new file mode 100644
index 0000000..da3f71b
--- /dev/null
+++ b/tasks/auto-update.yaml
@@ -0,0 +1,29 @@
+---
+- name: "Install unattended upgrades"
+  ansible.builtin.package:
+    name: unattended-upgrades
+    state: present
+  when: ansible_pkg_mgr == 'apt'
+  become: true
+
+- name: "Install dnf-automatic"
+  when: ansible_pkg_mgr == 'dnf'
+  block:
+    - name: "Install dnf-automatic"
+      ansible.builtin.package:
+        name: dnf-automatic
+        state: present
+      become: true
+
+    - name: "Create dnf-automatic configuration file"
+      ansible.builtin.template:
+        src: ../templates/dnf-automatic.conf.j2
+        dest: /etc/dnf/dnf-automatic.conf
+      become: true
+
+    - name: "Enable and start dnf-automatic timer"
+      ansible.builtin.systemd:
+        name: dnf-automatic.timer
+        enabled: yes
+        state: started
+      become: true
diff --git a/tasks/hetzner-cloud.yaml b/tasks/hetzner-cloud.yaml
index a2c437e..b285b6c 100644
--- a/tasks/hetzner-cloud.yaml
+++ b/tasks/hetzner-cloud.yaml
@@ -43,12 +43,12 @@
     api_token: "{{ hcloud_api_token }}"
 
     name: "{{ inventory_hostname }}"
-    server_type: "{{ server_type | default('cx11') }}"
-    location: "{{ location | default('hel1') }}"
-    image: "{{ image | default('ubuntu-22.04') }}"
+    server_type: "{{ server_type }}"
+    location: "{{ location }}"
+    image: "{{ image }}"
     ssh_keys: ["ansible"]
-    enable_ipv4: "{{ enable_ipv4 | default('false') }}"
-    enable_ipv6: "{{ enable_ipv6 | default('true') }}"
+    enable_ipv4: "{{ enable_ipv4 }}"
+    enable_ipv6: "{{ enable_ipv6 }}"
     labels: {"new": ""}
 
     state: present
diff --git a/templates/dnf-automatic.conf.j2 b/templates/dnf-automatic.conf.j2
new file mode 100644
index 0000000..80d59a2
--- /dev/null
+++ b/templates/dnf-automatic.conf.j2
@@ -0,0 +1,3 @@
+[commands]
+apply_updates = yes
+download_updates = yes