diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
index f0f6de39feb6fef7b9616a5c63f141d70cde1283..108fae9d6fd23f78c87f7d516990df7af3fa21e6 100644
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@@ -61,6 +61,7 @@
   systemd: name=gitlab-runner state=started enabled=yes daemon_reload=yes
 
 - name: Setup libvirt-executor
+  when: "'gitlab_vm_runners' in group_names"
   block:
     - name: Install libvirt-executor-update-base-image dependencies
       pacman: name=arch-install-scripts,sequoia-sq state=present
@@ -92,4 +93,3 @@
 
     - name: Enable and start libvirt-executor-update-base-image.timer
       systemd: name=libvirt-executor-update-base-image.timer state=started enabled=yes daemon_reload=yes
-  when: "'gitlab_vm_runners' in group_names"
diff --git a/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml b/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml
index f517c53965a37d352147230a42b0bef7cf5a3e62..6086d15f403655c2c05d580e26934584f4def73a 100644
--- a/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml
+++ b/roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml
@@ -2,7 +2,7 @@
   template: src=authorized_keys_client.j2 dest={{ tempfile.path }} mode=preserve
   no_log: true
 
-- name: Upload authorized_keys file to {{ backup_dir }}/{{ item.item }}
+- name: Upload authorized_keys file for {{ item.item }}
   expect:
     command: |
       bash -c 'sftp {{ storagebox_username }}@{{ storagebox_hostname }} <<EOF
diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index b52e1657ec135111bd24c6ab5a6aaa5acf02b1db..628a96d2e720770a8879071bcf889e742fd1ad6c 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -82,6 +82,9 @@
   changed_when: "chroot_pacman_key_populate.rc == 0"
 
 - name: Install ucode update
+  when:
+    - "'hcloud' not in group_names"
+    - inventory_hostname != 'packer-base-image'
   block:
     - name: Install ucode update for Intel
       set_fact: ucode="intel-ucode"
@@ -90,9 +93,6 @@
     - name: Install ucode update for AMD
       set_fact: ucode="amd-ucode"
       when: "'AuthenticAMD' in ansible_facts['processor']"
-  when:
-    - "'hcloud' not in group_names"
-    - inventory_hostname != 'packer-base-image'
 
 - name: Install arch base from bootstrap chroot
   command: chroot /tmp/root.x86_64 pacstrap /mnt base linux btrfs-progs grub openssh python-requests python-yaml inetutils {{ ucode | default('') }}
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 9116e835e9bcabc74e84099e796963aef4b15f53..c00785d7a6686fcff5489a93d1d471500faa09da 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -27,6 +27,7 @@
   service_facts:
 
 - name: Create an admin user when first starting keycloak
+  when: ansible_facts.services["keycloak.service"]["state"] != "running"
   block:
     - name: Install admin creation drop-in for keycloak.service
       copy: src=create-keycloak-admin.conf dest=/etc/systemd/system/keycloak.service.d/ owner=root group=root mode=0644
@@ -48,7 +49,6 @@
       file: path=/etc/systemd/system/keycloak.service.d/create-keycloak-admin.conf state=absent
       notify:
         - Daemon reload
-  when: ansible_facts.services["keycloak.service"]["state"] != "running"
 
 - name: Open firewall hole
   ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml
index 029a113b07d1463af2b79096128a68de747efbc9..9769193d65bc941159172cabb70b3a669aac74f8 100644
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -1,4 +1,5 @@
 - name: Configure network (static)
+  when: not dhcp | default(false)
   block:
     - name: Install 10-static-ethernet.network
       template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
@@ -13,9 +14,9 @@
       notify:
         - Restart networkd
       when: static_dns | default(true)
-  when: not dhcp | default(false)
 
 - name: Configure network (dhcp)
+  when: dhcp | default(false)
   block:
     - name: Install 10-dhcp-ethernet.network
       template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
@@ -30,7 +31,6 @@
       notify:
         - Restart networkd
       when: static_dns | default(false)
-  when: dhcp | default(false)
 
 - name: Create symlink to resolv.conf
   file: src=/run/systemd/resolve/stub-resolv.conf dest={{ chroot_path }}/etc/resolv.conf state=link force=yes follow=no owner=root group=root
diff --git a/roles/rebuilderd/tasks/main.yml b/roles/rebuilderd/tasks/main.yml
index 068ca6da3d1a1be7284d997dca8e2e34d82dbd89..9e7de405880240cd5a95a97ee14fdc80f4c29f63 100644
--- a/roles/rebuilderd/tasks/main.yml
+++ b/roles/rebuilderd/tasks/main.yml
@@ -25,6 +25,6 @@
 - name: Enable and start rebuilderd
   systemd: name=rebuilderd enabled=yes state=started
 
-- name: Enable and start rebuilderd {{ item }} timer
+- name: Enable and start rebuilderd-sync timer for {{ item }}
   systemd: name=rebuilderd-sync@archlinux-{{ item }}.timer enabled=yes state=started
   with_items: "{{ suites }}"