diff --git a/Makefile b/Makefile
index bc41cf0b97c1b5cd6a147bf26d85d191d0f41d34..f9580786924cf59084b9755293fdf5b469d243cb 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,8 @@ clean:
 	find . -type f -name "*.orig" -delete
 
 open_all:
-	${EDITOR} .gitignore become_user_cfg.yml host_info.yml inventory Makefile README.md shutdown.yml whoami.yml
+	${EDITOR} .gitignore inventory Makefile README.md
+	${EDITOR} tasks/*.yml
 
 inventory_generation:
 	cp inventory.sample inventory && ${EDITOR} inventory
diff --git a/README.md b/README.md
index 10e040ad2f3bc200b7cefcca5f318b4d6961ac3a..60c11bc4b7e45f38739abfb2d67be1079cef5e07 100644
--- a/README.md
+++ b/README.md
@@ -13,12 +13,12 @@ Suitable for server and workstation.
 ✨ Features
 -----------
 
-|   playbook                                    |   purpose                                                             |
-|   :--------------------------------------:    |   :--------------------------------------------------------------:    |
-| [`become_user_cfg.yml`](become_user_cfg.yml)  |   Set `sudo` without password for `become_user` access                |
-| [`host_info.yml`](host_info.yml)              |   Return message with distribution full name & version                |
-| [`shutdown.yml`](shutdown.yml)                |   Shutdown target in 10 min                                           |
-| [`whoami.yml`](whoami.yml)                    |   Return message with `ansible_user` & `become_user` (`sudo` method)  |
+|   playbook                                            |   purpose                                                             |
+|   :--------------------------------------:            |   :--------------------------------------------------------------:    |
+| [`become_user_cfg.yml`](tasks/become_user_cfg.yml)    |   Set `sudo` without password for `become_user` access                |
+| [`host_info.yml`](tasks/host_info.yml)                |   Return message with distribution full name & version                |
+| [`shutdown.yml`](tasks/shutdown.yml)                  |   Shutdown target in 10 min                                           |
+| [`whoami.yml`](tasks/whoami.yml)                      |   Return message with `ansible_user` & `become_user` (`sudo` method)  |
 
 
 🚀 Quickstart
diff --git a/become_user_cfg.yml b/tasks/become_user_cfg.yml
similarity index 90%
rename from become_user_cfg.yml
rename to tasks/become_user_cfg.yml
index 943e4824a6c7ee5e613b25e35fb56b3e1a3d4fbd..ea041dc185774cbb6b28aa27d77fdf0230fe1f75 100644
--- a/become_user_cfg.yml
+++ b/tasks/become_user_cfg.yml
@@ -1,21 +1,23 @@
 ---
 - hosts: "{{ host_list }}"
-  become: yes
   become_method: sudo
   remote_user: "{{ my_user }}"
 
   tasks:
     - name: SUDO | Group sudo presence
+      become: yes
       ansible.builtin.group:
         name: sudo
         state: present
 
     - name: SUDO | Group wheel absence
+      become: yes
       ansible.builtin.group:
         name: wheel
         state: absent
 
     - name: SUDO | User presence (with groups)
+      become: yes
       ansible.builtin.user:
         name: "{{ my_user }}"
         state: present
@@ -23,21 +25,26 @@
         append: true
 
     - name: SUDO | Reset ansible connection to apply group update
+      become: yes
       meta: reset_connection
 
     - name: "SSH | Local public key is present for {{ my_user }}"
+      become: yes
       ansible.builtin.authorized_key:
         comment: "Managed by Ansible from GitLab @free_zed"
         key: https://gitlab.com/free_zed.keys
         state: present
         user: "{{ my_user }}"
 
+
     - name: SSH | Disallow SSH password authentication for root
+      become: yes
       copy:
         src: sshd_config
         dest: /etc/ssh/sshd_config
 
     - name: "SSH | Local public key is present for root"
+      become: yes
       ansible.builtin.authorized_key:
         comment: "Managed by Ansible from GitLab @free_zed"
         key: https://gitlab.com/free_zed.keys
@@ -45,6 +52,7 @@
         user: root
 
     - name: SSH | Remove no password directive
+      become: yes
       ansible.builtin.lineinfile:
         path: /etc/sudoers
         state: absent
diff --git a/tasks/files/sshd_config b/tasks/files/sshd_config
new file mode 100644
index 0000000000000000000000000000000000000000..5bacb890548c0bc4f46399d4426f7332b17f7b7c
--- /dev/null
+++ b/tasks/files/sshd_config
@@ -0,0 +1,18 @@
+# ############################################# #
+#            /etc/ssh/sshd_config               #
+#                                               #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#                                               #
+#   https://lab.frogg.it/fcode/ansible/debian   #
+#                                               #
+# ############################################# #
+
+Include /etc/ssh/sshd_config.d/*.conf
+PermitRootLogin prohibit-password
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem	sftp	/usr/lib/openssh/sftp-server
diff --git a/host_info.yml b/tasks/host_info.yml
similarity index 100%
rename from host_info.yml
rename to tasks/host_info.yml
diff --git a/shutdown.yml b/tasks/shutdown.yml
similarity index 100%
rename from shutdown.yml
rename to tasks/shutdown.yml
diff --git a/whoami.yml b/tasks/whoami.yml
similarity index 100%
rename from whoami.yml
rename to tasks/whoami.yml