diff --git a/create_aws_wireguard_server.yml b/create_aws_wireguard_server.yml
index cac59ba..13c4c1d 100644
--- a/create_aws_wireguard_server.yml
+++ b/create_aws_wireguard_server.yml
@@ -7,15 +7,19 @@
   - name: ssh_pub_key_file
     prompt: Location of your public ssh key
     default: "~/.ssh/id_rsa.pub"
+    private: no
   - name: aws_region
     prompt: AWS Region to use for instaance
     default: "us-east-1"
+    private: no
   - name: aws_ami
     prompt: Disk image to use for instance (default is debian buster arm64)
     default: "ami-057796a93302d0b14"
+    private: no
   - name: aws_type
     prompt: Instance type to request
     default: "t4g.nano"
+    private: no
   roles:
     - aws_graviton_nano_spot
 
@@ -26,7 +30,8 @@
   vars_prompt:
   - name: vpn_clients
     prompt: Number of vpn clients to be generated
-    default: "1"
+    default: 1
+    private: no
   vars:
     vpn_network: '10.100.100'
     vpn_port: '58172'
diff --git a/roles/wireguard_server/tasks/main.yml b/roles/wireguard_server/tasks/main.yml
index d60f41d..8967255 100644
--- a/roles/wireguard_server/tasks/main.yml
+++ b/roles/wireguard_server/tasks/main.yml
@@ -1,9 +1,10 @@
 ---
-- name: (Ubuntu) Update APT package cache
+- name: Update APT package cache
   apt:
     update_cache: true
-
-- name: (Ubuntu) Ensure WireGuard DKMS package is removed
+    upgrade: dist
+    
+- name: Ensure WireGuard DKMS package is removed
   apt:
     name:
       - "wireguard-dkms"
@@ -22,13 +23,9 @@
 - name: Reboot to use new kernel
   reboot:
 
-- name: ensure wireguard services are stopped and enabled
-  service:
-    name: "wg-quick@wg0"
-    state: stopped
-    enabled: yes
-  ignore_errors: True
-  
+- name: ensure wireguard services are stopped
+  command: "systemctl stop wg-quick@wg0"
+
 - name: generate directories for client configs
   file:
     path: "~/wg/client_{{ item }}"
@@ -82,11 +79,11 @@
     state: present
     reload: yes
 
+- name: ensure wireguard services are enabled
+  command: "systemctl enable wg-quick@wg0"
+
 - name: ensure all wireguard services are started
-  service:
-    name: "wg-quick@wg0"
-    state: started
-  ignore_errors: True
+  command: "systemctl start wg-quick@wg0"
     
 - name:  download client conf files to the "wireguard_profiles/" folder on your local host
   fetch:
diff --git a/roles/wireguard_server/templates/wg0.conf b/roles/wireguard_server/templates/wg0.conf
index fb0bffc..fb66ad6 100644
--- a/roles/wireguard_server/templates/wg0.conf
+++ b/roles/wireguard_server/templates/wg0.conf
@@ -6,7 +6,7 @@ PrivateKey = {{ private_key_files.results[0].stdout }}
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
 
-{% for i in range(vpn_clients) %}
+{% for i in range(vpn_clients|int) %}
 [Peer]
 PublicKey = {{ public_key_files.results[i + 1].stdout }}
 AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32