diff --git a/roles/common/tasks/freebsd.yml b/roles/common/tasks/freebsd.yml
index 78f4739..70ebe8f 100644
--- a/roles/common/tasks/freebsd.yml
+++ b/roles/common/tasks/freebsd.yml
@@ -1,4 +1,10 @@
 ---
+- name: Gather facts
+  setup:
+
+- name: Gather additional facts
+  import_tasks: facts.yml
+
 - set_fact:
     config_prefix: "/usr/local/"
     strongswan_shell: /usr/sbin/nologin
@@ -23,17 +29,11 @@
         value: 1
       - item: "{{ 'net.inet6.ip6.forwarding' if ipv6_support else none }}"
         value: 1
-  tags:
-    - always
-
-- setup:
 
 - name: Install tools
   package: name="{{ item }}" state=present
   with_items:
     - "{{ tools|default([]) }}"
-  tags:
-    - always
 
 - name: Loopback included into the rc config
   blockinfile:
@@ -45,8 +45,6 @@
       ifconfig_lo100_ipv6="inet6 FCAA::1/64"
   notify:
     - restart loopback bsd
-  tags:
-    - always
 
 - name: Enable the gateway features
   lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'
@@ -59,8 +57,6 @@
     - { param: natd_flags, value: '"-dynamic -m"' }
   notify:
     - restart ipfw
-  tags:
-    - always
 
 - name: FreeBSD | Activate IPFW
   shell: >
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 21d51a4..a777eae 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -6,12 +6,13 @@
 
   - include_tasks: ubuntu.yml
     when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
+    tags:
+      - update-users
 
   - include_tasks: freebsd.yml
     when: '"FreeBSD" in OS.stdout'
-
-  - name: Gather additional facts
-    import_tasks: facts.yml
+    tags:
+      - update-users
 
   - name: Sysctl tuning
     sysctl: name="{{ item.item }}" value="{{ item.value }}"
diff --git a/roles/common/tasks/ubuntu.yml b/roles/common/tasks/ubuntu.yml
index 6dbc633..37d469e 100644
--- a/roles/common/tasks/ubuntu.yml
+++ b/roles/common/tasks/ubuntu.yml
@@ -71,8 +71,6 @@
     dest: /etc/systemd/network/10-algo-lo100.network
   notify:
     - restart systemd-networkd
-  tags:
-    - always
 
 - name: systemd services enabled and started
   systemd:
@@ -83,12 +81,8 @@
   with_items:
     - systemd-networkd
     - systemd-resolved
-  tags:
-    - always
 
 - meta: flush_handlers
-  tags:
-    - always
 
 - name: Check apparmor support
   shell: apparmor_status
@@ -99,6 +93,9 @@
     apparmor_enabled: true
   when: '"profiles are in enforce mode" in apparmor_status.stdout'
 
+- name: Gather additional facts
+  import_tasks: facts.yml
+
 - set_fact:
     tools:
       - git
@@ -116,15 +113,11 @@
         value: 1
       - item: "{{ 'net.ipv6.conf.all.forwarding' if ipv6_support else none }}"
         value: 1
-  tags:
-    - always
 
 - name: Install tools
   package: name="{{ item }}" state=present
   with_items:
     - "{{ tools|default([]) }}"
-  tags:
-    - always
 
 - name: Install headers
   apt:
diff --git a/users.yml b/users.yml
index 30e460a..6442263 100644
--- a/users.yml
+++ b/users.yml
@@ -62,6 +62,7 @@
     - block:
       - name: Local pre-tasks
         import_tasks: playbooks/cloud-pre.yml
+        become: false
       rescue:
         - debug: var=fail_hint
           tags: always