diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml
index 42e1fce..6c014d5 100644
--- a/roles/baseline/tasks/main.yaml
+++ b/roles/baseline/tasks/main.yaml
@@ -79,16 +79,16 @@
 
 - name: Copy dconf files + xdg-desktop-portals fix + Network manager
   ansible.builtin.copy:
-  src: 'etc/systemd/system/NetworkManager.service.d/99-brace.conf'
-  dest: '/etc/systemd/system/NetworkManager.service.d/99-brace.conf'
-  mode: '0644'
+    src: 'etc/systemd/system/NetworkManager.service.d/99-brace.conf'
+    dest: '/etc/systemd/system/NetworkManager.service.d/99-brace.conf'
+    mode: '0644'
   when: manage_network == true
 
 - name: Copy dconf files + xdg-desktop-portals fix + Network manager
   ansible.builtin.copy:
-  src: '{{ item }}'
-  dest: '/{{ item }}'
-  mode: '0644'
+    src: '{{ item }}'
+    dest: '/{{ item }}'
+    mode: '0644'
   loop:
   - 'etc/security/limits.d/30-disable-coredump.conf'
   - 'etc/systemd/coredump.conf.d/disable.conf'
@@ -100,9 +100,9 @@
 
 - name: Setup ZRAM, flatpak updater and environment variables to disable GJS + WebkitGTK JIT
   ansible.builtin.copy:
-  src: '{{ item }}'
-  dest: '/{{ item }}'
-  mode: '0644'
+    src: '{{ item }}'
+    dest: '/{{ item }}'
+    mode: '0644'
   loop:
   - 'etc/systemd/zram-generator.conf'
   - 'etc/systemd/user/update-user-flatpaks.service'
@@ -111,9 +111,9 @@
 
 - name: Drop flathub script to homedir for any new appvms created based on this template
   ansible.builtin.copy:
-  src: 'etc/skel/flathub.sh'
-  dest: '/etc/skel/flathub.sh'
-  mode: '0700'
+    src: 'etc/skel/flathub.sh'
+    dest: '/etc/skel/flathub.sh'
+    mode: '0700'
 
 - name: Upgrade all packages
   ansible.builtin.dnf5:
diff --git a/roles/sudo-dom0-prompt/tasks/main.yaml b/roles/sudo-dom0-prompt/tasks/main.yaml
index 0f223e5..1c5e670 100644
--- a/roles/sudo-dom0-prompt/tasks/main.yaml
+++ b/roles/sudo-dom0-prompt/tasks/main.yaml
@@ -7,23 +7,24 @@
 - name: Create authselect profile
   shell: authselect create-profile sudo-dom0-prompt --base-on=sssd --symlink-meta --symlink-pam
   when: not stat_result.stat.exists
+
 - name: Copy authselect file
   ansible.builtin.copy:
-  src: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
-  dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside'
-  mode: '0644'
+    src: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
+    dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth.original_aside'
+    mode: '0644'
 
 - name: Copy authselect folder
   ansible.builtin.copy:
-  src: '/etc/authselect/system-auth'
-  dest: '/etc/authselect/custom/sudo-dom0-prompt'
-  mode: '0755'
+    src: '/etc/authselect/system-auth'
+    dest: '/etc/authselect/custom/sudo-dom0-prompt'
+    mode: '0755'
 
 - name: Copy authselect file
   ansible.builtin.copy:
-  src: 'etc/authselect/custom/sudo-dom0-prompt/system-auth'
-  dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
-  mode: '0644'
+    src: 'etc/authselect/custom/sudo-dom0-prompt/system-auth'
+    dest: '/etc/authselect/custom/sudo-dom0-prompt/system-auth'
+    mode: '0644'
 
 
 - name: Select authselect profile
@@ -31,9 +32,9 @@
 
 - name: Fix sudoers.d
   ansible.builtin.copy:
-  src: 'etc/sudoers.d/qubes'
-  dest: '/etc/sudoers.d/qubes'
-  mode: '0440'
+    src: 'etc/sudoers.d/qubes'
+    dest: '/etc/sudoers.d/qubes'
+    mode: '0440'
 
 - name: Check that allow all rule doesn't exist
   stat:
@@ -42,7 +43,7 @@
 
 - name: Delete allow all rule
   ansible.builtin.file:
-  path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
-  state: 'absent'
+    path: '/etc/polkit-1/rules.d/00-qubes-allow-all.rules'
+    state: 'absent'
   when: allow_all_result.stat.exists