miscelllaneous cleanups

cloud.yml

@@ -11,8 +11,9 @@
       "6":  "nyc2"
       "7":  "nyc3"
       "8":  "sfo1"
-      "9":  "sgp1"
-      "10": "tor1"
+      "9":  "sfo2"
+      "10": "sgp1"
+      "11": "tor1"
 
   vars_prompt:
   - name: "do_access_token"
@@ -33,9 +34,10 @@
         5.  New York         (Datacenter 1)
         6.  New York         (Datacenter 2)
         7.  New York         (Datacenter 3)
-        8.  San Francisco
-        9.  Singapore
-        10. Toronto
+        8.  San Francisco    (Datacenter 1)
+        9.  San Francisco    (Datacenter 2)
+        10. Singapore
+        11. Toronto
       Please choose the number of your region. Press enter for default (#7) region.
     default: "7"
     private: no

common.yml

@@ -49,9 +49,9 @@
       - { regexp: '^PasswordAuthentication.*', line: 'PasswordAuthentication no', file: '/etc/ssh/sshd_config'  }
       - { regexp: '^PermitRootLogin.*', line: 'PermitRootLogin without-password', file: '/etc/ssh/sshd_config' }
       - { regexp: '^UseDNS.*', line: 'UseDNS no', file: '/etc/ssh/sshd_config' }
-      - { regexp: '^Ciphers', line: 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr', file: '/etc/ssh/sshd_config' } 
-      - { regexp: '^MACs', line: 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160', file: '/etc/ssh/sshd_config' }
-      - { regexp: '^KexAlgorithms', line: 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1', file: '/etc/ssh/sshd_config' }
+      - { regexp: '^Ciphers', line: 'Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com', file: '/etc/ssh/sshd_config' } 
+      - { regexp: '^MACs', line: 'MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256', file: '/etc/ssh/sshd_config' }
+      - { regexp: '^KexAlgorithms', line: 'KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1', file: '/etc/ssh/sshd_config' }
     notify:
       - restart ssh      
       

config.cfg

@@ -1,10 +1,5 @@
 ---
 
-#
-# IKEv2 currently supports only the following three curves:
-#  prime256v1
-#  secp384r1
-#  secp521r1
 easyrsa_dir: /opt/easy-rsa-ipsec
 easyrsa_ca_expire: 3650
 easyrsa_cert_expire: 3650

inventory_users

@@ -1 +1 @@
-[users-management]
+[user-management]

security.yml

@@ -101,12 +101,12 @@
     notify:
       - flush routing cache
     
-  - name: Enable Bad Error Message Protection (Scored)
+  - name: Enable Bad Error Message Protection
     sysctl: name=net.ipv4.icmp_ignore_bogus_error_responses value=1 ignoreerrors=yes sysctl_set=yes reload=yes state=present
     notify:
       - flush routing cache
     
-  - name: Enable RFC-recommended Source Route Validation (Scored)
+  - name: Enable RFC-recommended Source Route Validation
     sysctl: name="{{item}}" value=1 ignoreerrors=yes sysctl_set=yes reload=yes state=present
     with_items:
       - net.ipv4.conf.all.rp_filter

users.yml

@@ -1,7 +1,7 @@
 ---
 
-- name: Users management
-  hosts: users-management
+- name: User management
+  hosts: user-management
   gather_facts: false
   remote_user: root
   vars_files:

vpn.yml

@@ -52,7 +52,7 @@
   - name: Build the pki enviroments
     shell: >
       ./easyrsa init-pki &&
-      touch '{{ easyrsa_dir }}/easyrsa3/pki/pki_initialized'    
+      touch '{{ easyrsa_dir }}/easyrsa3/pki/pki_initialized'
     args:
       chdir: '{{ easyrsa_dir }}/easyrsa3/'
       creates: '{{ easyrsa_dir }}/easyrsa3/pki/pki_initialized'