diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml
index b42a65f..d69651c 100644
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@@ -1,22 +1,22 @@
 ---
-- name: Install firewalld and deps
-  when: ansible_distribution_major_version is version_compare('8', '>=')
-  apt: pkg={{ item }} state=present
-  loop:
-    - firewalld
-    - tidy
-  tags: firewall
 
-- name: Copy firewalld public zone file
-  when: ansible_distribution_major_version is version_compare('8', '>=')
-  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  tags: firewall
+- block:
+  - name: Install firewalld and deps
+    when: ansible_distribution_major_version is version_compare('8', '>=')
+    apt: pkg={{ item }} state=present
+    loop:
+      - firewalld
+      - tidy
 
-- name: Format public.xml firewalld zone file
-  when: ansible_distribution_major_version is version_compare('8', '>=')
-  command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
-  notify:
-    - reload firewalld
+  - name: Copy firewalld public zone file
+    when: ansible_distribution_major_version is version_compare('8', '>=')
+    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+
+  - name: Format public.xml firewalld zone file
+    when: ansible_distribution_major_version is version_compare('8', '>=')
+    command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    notify:
+      - reload firewalld
   tags: firewall
 
 # vim: set sw=2 ts=2:
diff --git a/roles/common/tasks/firewall_Ubuntu.yml b/roles/common/tasks/firewall_Ubuntu.yml
index 7a468eb..9394493 100644
--- a/roles/common/tasks/firewall_Ubuntu.yml
+++ b/roles/common/tasks/firewall_Ubuntu.yml
@@ -1,22 +1,22 @@
 ---
-- name: Install firewalld and deps
-  when: ansible_distribution_version is version_compare('15.04', '>=')
-  apt: pkg={{ item }} state=present
-  loop:
-    - firewalld
-    - tidy
-  tags: firewall
 
-- name: Copy firewalld public zone file
-  when: ansible_distribution_version is version_compare('15.04', '>=')
-  template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  tags: firewall
+- block:
+  - name: Install firewalld and deps
+    when: ansible_distribution_version is version_compare('15.04', '>=')
+    apt: pkg={{ item }} state=present
+    loop:
+      - firewalld
+      - tidy
 
-- name: Format public.xml firewalld zone file
-  when: ansible_distribution_version is version_compare('15.04', '>=')
-  command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
-  notify:
-    - reload firewalld
+  - name: Copy firewalld public zone file
+    when: ansible_distribution_version is version_compare('15.04', '>=')
+    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+
+  - name: Format public.xml firewalld zone file
+    when: ansible_distribution_version is version_compare('15.04', '>=')
+    command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
+    notify:
+      - reload firewalld
   tags: firewall
 
 # vim: set sw=2 ts=2:
diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml
index fcc3539..257ebd5 100644
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
@@ -1,34 +1,34 @@
 ---
-- name: Configure apt mirror
-  template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-  tags: packages
 
-- name: Install base packages
-  apt: name={{ item }} update_cache=yes
-  loop:
-    - git
-    - tmux
-    - iotop
-    - htop
-    - strace
-    - cron-apt #how does this work with systemd?
-    - safe-rm
-    - debian-goodies
-    - mosh
-    - python-pycurl # for ansible's apt_repository
-    - lzop
-    - vim
-    - lrzip
-    - unzip
-    - apt-transport-https # for https support in apt
-  tags: packages
+- block:
+  - name: Configure apt mirror
+    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
 
-- name: Configure cron-apt
-  import_tasks: cron-apt.yml
-  tags: cron-apt
+  - name: Install base packages
+    apt: name={{ item }} update_cache=yes
+    loop:
+      - git
+      - tmux
+      - iotop
+      - htop
+      - strace
+      - cron-apt #how does this work with systemd?
+      - safe-rm
+      - debian-goodies
+      - mosh
+      - python-pycurl # for ansible's apt_repository
+      - lzop
+      - vim
+      - lrzip
+      - unzip
+      - apt-transport-https # for https support in apt
 
-- name: Install tarsnap
-  import_tasks: tarsnap.yml
+  - name: Configure cron-apt
+    import_tasks: cron-apt.yml
+    tags: cron-apt
+
+  - name: Install tarsnap
+    import_tasks: tarsnap.yml
   tags: packages
 
 # vim: set sw=2 ts=2:
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 456bd53..3e68798 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -1,55 +1,52 @@
 ---
-- name: Configure apt mirror
-  template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-  when: ansible_architecture != 'armv7l'
-  tags: packages
 
-- name: Upgrade base OS
-  apt: upgrade=dist update_cache=yes
-  tags: packages
+- block:
+  - name: Configure apt mirror
+    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
+    when: ansible_architecture != 'armv7l'
 
-- name: Install base packages
-  apt: pkg={{ item }}
-  loop:
-    - git
-    - tmux
-    - iotop
-    - htop
-    - strace
-    - s3cmd
-    - cron-apt
-    - safe-rm
-    - debian-goodies
-    - mosh
-    - python-pycurl # for ansible's apt_repository
-    - lzop
-    - vim
-    - lrzip
-    - unzip
-    - apt-transport-https # for https support in apt
-  tags: packages
+  - name: Upgrade base OS
+    apt: upgrade=dist update_cache=yes
 
-- name: Security hardening (CIS Benchmark 1.0)
-  apt: pkg={{ item }} state=absent purge=yes
-  loop:
-    - whoopsie # CIS 4.1
-    - apport   # CIS 4.1
-  tags: packages
+  - name: Install base packages
+    apt: pkg={{ item }}
+    loop:
+      - git
+      - tmux
+      - iotop
+      - htop
+      - strace
+      - s3cmd
+      - cron-apt
+      - safe-rm
+      - debian-goodies
+      - mosh
+      - python-pycurl # for ansible's apt_repository
+      - lzop
+      - vim
+      - lrzip
+      - unzip
+      - apt-transport-https # for https support in apt
 
-- name: Remove annoying packages
-  apt: pkg={{ item }} state=absent purge=yes
-  loop:
-    - command-not-found
-    - command-not-found-data
-    - python3-commandnotfound
-  tags: packages
+  - name: Security hardening (CIS Benchmark 1.0)
+    apt: pkg={{ item }} state=absent purge=yes
+    loop:
+      - whoopsie # CIS 4.1
+      - apport   # CIS 4.1
 
-- name: Configure cron-apt
-  import_tasks: cron-apt.yml
-  tags: cron-apt
+  - name: Remove annoying packages
+    apt: pkg={{ item }} state=absent purge=yes
+    loop:
+      - command-not-found
+      - command-not-found-data
+      - python3-commandnotfound
 
-- name: Install tarsnap
-  import_tasks: tarsnap.yml
+  - name: Configure cron-apt
+    import_tasks: cron-apt.yml
+    tags: cron-apt
+
+  - name: Install tarsnap
+    import_tasks: tarsnap.yml
   tags: packages
 
 # vim: set sw=2 ts=2: