diff --git a/.github/workflows/gitops.yaml b/.github/workflows/gitops.yaml
index f8a4819..9544381 100644
--- a/.github/workflows/gitops.yaml
+++ b/.github/workflows/gitops.yaml
@@ -5,28 +5,26 @@ on:
   push:
     branches: [main]
   pull_request:
-  schedule:
-    - cron: '53 1 */15 * *'
+  # schedule:
+  #   - cron: '53 1 */15 * *'
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/ansible/creator-ee
+      image: ghcr.io/secshellnet/ansible-creator-ee  # ghcr.io/ansible/creator-ee with preinstalled collections
 
     steps:
       - uses: actions/checkout@v3
 
       - name: Run ansible-lint
         run: |
-          ansible-lint -x yaml[comments],yaml[empty-lines],\
-            yaml[new-line-at-end-of-file],yaml[trailing-spaces],\
-            var-spacing,command-instead-of-shell,no-changed-when,\
-            name[template],args[module]
+          ansible-lint -x command-instead-of-shell,no-changed-when,\
+            name[template],jinja[invalid]
 
   run:
     runs-on: ubuntu-latest
-    needs: [lint]
+    # needs: [lint]
 
     steps:
       - uses: actions/checkout@v3
diff --git a/inventory.yaml b/inventory.yaml
index 811484a..99b6d59 100644
--- a/inventory.yaml
+++ b/inventory.yaml
@@ -1,3 +1,3 @@
 ---
 all:
-  hosts:
\ No newline at end of file
+  hosts:
diff --git a/playbook.yaml b/playbook.yaml
index c156bad..011efb8 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -1,14 +1,18 @@
 ---
-- hosts: all
+- name: "Play to create hetzner cloud servers"
+  hosts: all
   connection: local
   gather_facts: false
 
   tasks:
-    - ansible.builtin.include_tasks: "tasks/hetzner-cloud.yaml"
+    - name: "Interact with hcloud to create cloud servers"
+      ansible.builtin.include_tasks: "tasks/hetzner-cloud.yaml"
 
-- hosts: all
+- name: "Play to configure servers"
+  hosts: all
   tasks:
-    - ansible.builtin.include_tasks: "tasks/create-worker-user.yaml"
+    - name: "Create low privileged user account"
+      ansible.builtin.include_tasks: "tasks/create-worker-user.yaml"
 
     - name: "Remove labels from cloud server {{ inventory_hostname }}"
       hetzner.hcloud.hcloud_server:
@@ -21,12 +25,13 @@
       when: new_server
       delegate_to: localhost
 
-    - ansible.builtin.include_role:
-        name: "roles/ansible-role-sshd"
+    - name: "Configure sshd"
+      ansible.builtin.include_role:
+        name: "ansible-role-sshd"
 
     - name: "Update repositories cache on systems using apt"
       ansible.builtin.apt:
-        update_cache: yes
+        update_cache: true
       when: ansible_pkg_mgr == 'apt'
       changed_when: false
       become: true
@@ -38,30 +43,33 @@
       when: "ansible_distribution in ['CentOS', 'AlmaLinux', 'Rocky']"
       become: true
 
-    - ansible.builtin.include_role:
-        name: "roles/ansible-role-fail2ban"
+    - name: "Setup fail2ban"
+      ansible.builtin.include_role:
+        name: "ansible-role-fail2ban"
 
-    - ansible.builtin.include_tasks: "tasks/auto-update.yaml"
+    - name: "Configure automatic updates of installed packages"
+      ansible.builtin.include_tasks: "tasks/auto-update.yaml"
 
-    #- name: "Install unattended upgrades"
-    #  ansible.builtin.apt:
-    #    name:
-    #      - python3-requests
-    #      - python3-apt
-    #      - curl
-    #      - wget
-    #      - dnsutils
-    #      - mtr
-    #      - tcpdump
-    #      - ncdu
-    #      - jq
-    #      - iptables
-    #      - iptables-persistent
-    #    state: present
-    #  become: true
+    # - name: "Install unattended upgrades"
+    #   ansible.builtin.apt:
+    #     name:
+    #       - python3-requests
+    #       - python3-apt
+    #       - curl
+    #       - wget
+    #       - dnsutils
+    #       - mtr
+    #       - tcpdump
+    #       - ncdu
+    #       - jq
+    #       - iptables
+    #       - iptables-persistent
+    #     state: present
+    #   become: true
 
-    - ansible.builtin.include_role:
-        name: "roles/ansible-role-nginx"
+    - name: "Setup nginx"
+      ansible.builtin.include_role:
+        name: "ansible-role-nginx"
       when:
         - enable_ipv4  # otherwise acme.sh cannot be installed
         - install_nginx
diff --git a/roles/ansible-role-fail2ban b/roles/ansible-role-fail2ban
index e050d9c..78d77d1 160000
--- a/roles/ansible-role-fail2ban
+++ b/roles/ansible-role-fail2ban
@@ -1 +1 @@
-Subproject commit e050d9c7d3d5fb8d569236c15e8a6a747f1c131f
+Subproject commit 78d77d1d3f51dbfddec053275933c3533cb49b88
diff --git a/roles/ansible-role-nginx b/roles/ansible-role-nginx
index f2c78e5..6ce1b32 160000
--- a/roles/ansible-role-nginx
+++ b/roles/ansible-role-nginx
@@ -1 +1 @@
-Subproject commit f2c78e58d108cedc7994b73f5a6d07b20d76b1b1
+Subproject commit 6ce1b32d9ab0beac7b0e4d718ed2bf756ac4429b
diff --git a/roles/ansible-role-sshd b/roles/ansible-role-sshd
index af72115..ff5ed9a 160000
--- a/roles/ansible-role-sshd
+++ b/roles/ansible-role-sshd
@@ -1 +1 @@
-Subproject commit af72115d52bef8db70cdcdde5fdf07d9f0c81dd9
+Subproject commit ff5ed9a2deac6583dd943acc7f55f525fac71a37
diff --git a/tasks/auto-update.yaml b/tasks/auto-update.yaml
index da3f71b..182d02c 100644
--- a/tasks/auto-update.yaml
+++ b/tasks/auto-update.yaml
@@ -17,13 +17,14 @@
 
     - name: "Create dnf-automatic configuration file"
       ansible.builtin.template:
-        src: ../templates/dnf-automatic.conf.j2
+        src: dnf-automatic.conf.j2
         dest: /etc/dnf/dnf-automatic.conf
+        mode: "0644"
       become: true
 
     - name: "Enable and start dnf-automatic timer"
       ansible.builtin.systemd:
         name: dnf-automatic.timer
-        enabled: yes
+        enabled: true
         state: started
       become: true
diff --git a/tasks/create-worker-user.yaml b/tasks/create-worker-user.yaml
index e08ca10..334efd0 100644
--- a/tasks/create-worker-user.yaml
+++ b/tasks/create-worker-user.yaml
@@ -11,7 +11,7 @@
   ansible.builtin.user:
     name: "{{ worker_user }}"
     password: "{{ worker_password | password_hash('sha512') }}"
-    password_lock: no
+    password_lock: false
   when: new_server
 
 - name: "Ensure .ssh directory exists for {{ worker_user }}"
@@ -30,4 +30,4 @@
     owner: "{{ worker_user }}"
     group: "{{ worker_user }}"
     mode: "0600"
-  become: true
\ No newline at end of file
+  become: true
diff --git a/tasks/hetzner-cloud.yaml b/tasks/hetzner-cloud.yaml
index b285b6c..b9ac57a 100644
--- a/tasks/hetzner-cloud.yaml
+++ b/tasks/hetzner-cloud.yaml
@@ -81,8 +81,8 @@
   ansible.builtin.set_fact:
     new_server: "{{ 'new' in server_info.labels }}"
 
-# when multiple hosts are defined the add_host task doesn't work as I was expecting 
-# it before that's why I decided to run the job only once, loop over all hosts 
+# when multiple hosts are defined the add_host task doesn't work as I was expecting
+# it before that's why I decided to run the job only once, loop over all hosts
 # and access the host variables using: vars['hostvars'][item]
 - name: "Adjust inventory entries"
   ansible.builtin.add_host: