diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7a2d29b..60fef27 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Add Docker PGP key
   apt_key:
     keyserver: keys.openpgp.org
-    id: 0x8D81803C0EBFCD88
+    id: '0x8D81803C0EBFCD88'
     state: present
 
 - name: Add Docker apt repository
@@ -22,8 +22,8 @@
 
 - name: Create docker-compose symlink
   file:
-    src: /usr/libexec/docker/cli-plugins/docker-compose
     name: /usr/local/bin/docker-compose
+    src: /usr/libexec/docker/cli-plugins/docker-compose
     state: link
 
 - name: Install Python bindings for Docker
diff --git a/roles/docker/tasks/services/restic.yml b/roles/docker/tasks/services/restic.yml
index 465d3a9..1300e21 100644
--- a/roles/docker/tasks/services/restic.yml
+++ b/roles/docker/tasks/services/restic.yml
@@ -12,7 +12,7 @@
           image: "mazzolino/restic:{{ services.restic.version }}"
           restart: unless-stopped
           environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
             BACKUP_CRON: '0 30 3 * * *'
             RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
@@ -38,7 +38,7 @@
           image: "mazzolino/restic:{{ services.restic.version }}"
           restart: unless-stopped
           environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
             PRUNE_CRON: '0 0 4 * * *'
             RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
@@ -52,7 +52,7 @@
           image: "mazzolino/restic:{{ services.restic.version }}"
           restart: unless-stopped
           environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
             CHECK_CRON: '0 30 4 * * *'
             RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
             RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
diff --git a/roles/docker/tasks/services/watchtower.yml b/roles/docker/tasks/services/watchtower.yml
index 2cec897..c610f1d 100644
--- a/roles/docker/tasks/services/watchtower.yml
+++ b/roles/docker/tasks/services/watchtower.yml
@@ -6,6 +6,6 @@
     image: "containrrr/watchtower:{{ services.watchtower.version }}"
     restart_policy: unless-stopped
     env:
-      WATCHTOWER_POLL_INTERVAL: 3600
+      WATCHTOWER_POLL_INTERVAL: '3600'
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:rw
diff --git a/roles/os_config/tasks/disks.yml b/roles/os_config/tasks/disks.yml
index 456b4e7..8cd879f 100644
--- a/roles/os_config/tasks/disks.yml
+++ b/roles/os_config/tasks/disks.yml
@@ -27,21 +27,30 @@
     src: "/dev/disk/by-uuid/{{ item.uuid }}"
     path: "{{ item.path }}"
     fstype: ext4
-    state: ephemeral
+    fstab: /dev/null
+    state: present
   loop:
     - uuid: "{{ secrets.hdd.uuid }}"
       path: "{{ hdd_mount_point }}"
     - uuid: "{{ secrets.ssd.uuid }}"
       path: "{{ ssd_mount_point }}"
 
+- name: Check if swapfile is mounted
+  shell: "swapon | grep -q '{{ ssd_mount_point }}/swapfile'"
+  ignore_errors: true
+  register: swap_mounted
+
 - name: Create swapfile
   community.general.filesize:
     path: "{{ ssd_mount_point }}/swapfile"
-    size: 8G
+    size: 2G
+    blocksize: 512B
     owner: root
-    mode: 0600
+    mode: u=rw,go=
+  when: swap_mounted is undefined
 
 - name: Mount swapfile
   shell: |
     mkswap {{ ssd_mount_point }}/swapfile
     swapon {{ ssd_mount_point }}/swapfile
+  when: swap_mounted is undefined
diff --git a/roles/os_config/tasks/pkgs.yml b/roles/os_config/tasks/pkgs.yml
index e871ebd..c790d92 100644
--- a/roles/os_config/tasks/pkgs.yml
+++ b/roles/os_config/tasks/pkgs.yml
@@ -11,7 +11,8 @@
     state: present
   vars:
     pkgs:
-      - python3-pip
       - apparmor
       - haveged
+      - needrestart
+      - python3-pip
       - ufw