diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 57e2600..253093c 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -30,32 +30,24 @@
   - name: Install base packages
     apt: pkg={{ ubuntu_base_packages }} state=present update_cache=yes cache_valid_time=3600
 
-  - name: Security hardening (CIS Benchmark 1.0)
-    apt: pkg={{ item }} state=absent purge=yes
-    loop:
-      - whoopsie # CIS 4.1
-      - apport   # CIS 4.1
 
-  - name: Set fact for annoying packages
+  - name: Set fact for packages to remove
     set_fact:
       ubuntu_annoying_packages:
-        - command-not-found
-        - command-not-found-data
-        - python3-commandnotfound
+        - whoopsie # security (CIS 4.1)
+        - apport   # security (CIS 4.1)
+        - command-not-found # annoying
+        - command-not-found-data # annoying
+        - python3-commandnotfound # annoying
+        - snapd # annoying (Ubuntu >= 16.04)
+        - lxd # annoying (Ubuntu >= 16.04)
+        - lxd-client # annoying (Ubuntu >= 16.04)
+        - liblxc1 # annoying (Ubuntu >= 16.04)
+        - lxc-common # annoying (Ubuntu >= 16.04)
+        - lxcfs #annoying (Ubuntu >= 16.04)
 
-  - name: Set fact for more annoying packages
-    set_fact:
-      ubuntu_more_annoying_packages:
-        - snapd
-        - lxd
-        - lxd-client
-        - liblxc1
-        - lxc-common
-        - lxcfs
-    when: ansible_distribution_version is version_compare('16.04', '>=')
-
-  - name: Remove more annoying packages
-    apt: name={{ ubuntu_annoying_packages | union(ubuntu_more_annoying_packages) }} state=absent purge=yes
+  - name: Remove packages
+    apt: name={{ ubuntu_annoying_packages }} state=absent purge=yes
 
   - name: Configure cron-apt
     import_tasks: cron-apt.yml