diff --git a/README.rst b/README.rst
index 81e221077933762bbcc28aa792bc5d83b31bb3b4..847e269e00af10267b2d72a125a22ebf1e7d65e5 100644
--- a/README.rst
+++ b/README.rst
@@ -73,8 +73,19 @@ at: https://www.shore.co.il/cgit/.
 TODO
 ----
 
-- Implement add_repo, add_tls_cert, debian_backports, collectd_agent, init (with
-  Ansible module), ldap_login, mail_forwarding, ntp, ssh_ca, syslog_forwarding.
+- Implement:
+  - add_tls_cert (Debian works, OpenBSD has no mechannism).
+  - debian_backports (add Ubuntu, priority support).
+  - collectd_agent.
+  - init.
+  - ldap_login (with pam_mkhomedir).
+  - ntp.
+  - mail_forward (OpenBSD support?).
+  - ssh_ca.
+  - syslog_forwarding.
+- Update `tasks/main.yml` to reflect recent assert changes.
 - Test.
 - Document.
-- ldap-login should also enable mkhomedir.
+- Create a module to add a TLS certificate to store for both Debian-based and
+  OpenBSD.
+- Create a module to detect the init system.
diff --git a/tasks/add_repo.yml b/tasks/add_repo.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..1cfc76002daace018600e05cee2ea257031df36e 100644
--- a/tasks/add_repo.yml
+++ b/tasks/add_repo.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Assert
+  assert:
+    that:
+    - "ansible_pkg_mgr == 'apt'"
+    - "extra_repos is defined"
+
+- name: Add additional apt repository keys
+  with_items: extra_repos
+  when: item.key_url is defined or item.key_data is defined
+  apt_key:
+    url: '{{ item.key_url|default(omit) }}'
+    data: '{{ item.key_data|default(omit) }}'
+    state: present
+
+- name: Add additional apt repository
+  with_items: extra_repos
+  apt_repository:
+    repo: '{{ item.repo }}'
+    state: present
+    update_cache: yes
diff --git a/tasks/add_tls_cert.yml b/tasks/add_tls_cert.yml
index cd8ac3676e751cd19e1a8617b734126dede0f7de..3ae3a1262143014f84fcd6bd4855d2fd5180cb54 100644
--- a/tasks/add_tls_cert.yml
+++ b/tasks/add_tls_cert.yml
@@ -1,5 +1,11 @@
 ---
 
+- name: Assert
+  assert:
+    that:
+    - "ansible_os_family in [ 'Debian' ]"
+    - "extra_tls_certs is defined"
+
 - name: apt install CA certificates
   when: ansible_os_family == 'Debian'
   apt:
diff --git a/tasks/backports.yml b/tasks/backports.yml
index 9a37205a1d9b83505b0619d267e28fa506544968..425a69b77fb3307b9d833b152b9b6a34fddd27e2 100644
--- a/tasks/backports.yml
+++ b/tasks/backports.yml
@@ -1,4 +1,9 @@
 ---
+
+- name: Assert
+  assert:
+    that: ansible_distribution == 'Debian'
+
 - name: Add backports repositories
   with_items:
     - deb
@@ -12,9 +17,7 @@
   when: backports_priority is defined
   template:
     src: backports.j2
-    dest: //etc/apt/preferences.d/backports
+    dest: /etc/apt/preferences.d/backports
     owner: root
     group: root
     mode: '0644'
-
-# TODO: Add support for Ubuntu, gather enabled archives (non-free, multiverse).
diff --git a/tasks/collectd_agent.yml b/tasks/collectd_agent.yml
index 805d587c89f6c5106c7d88d424c4d7ad61e2739f..790933eebb13d20e9857e6aa04932aa1ac2f6869 100644
--- a/tasks/collectd_agent.yml
+++ b/tasks/collectd_agent.yml
@@ -1,5 +1,9 @@
 ---
 
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
 - name: apt install Collectd
   when: ansible_pkg_mgr == 'apt'
   apt:
diff --git a/tasks/init.yml b/tasks/init.yml
index 86e6e6610b6e001013023aa9a542365533c21506..d451d5af2efbec5fde23874ef25c42270ccef637 100644
--- a/tasks/init.yml
+++ b/tasks/init.yml
@@ -1,4 +1,9 @@
 ---
+
+- name: Assert
+  assert:
+    that: ansible_os_family == 'Debian'
+
 - name: Find which package provided init
   command: /usr/bin/dpkg -S /sbin/init
   register: common_which_init
diff --git a/tasks/ldap_login.yml b/tasks/ldap_login.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e03b0870494e38bdb97d494c0ad1e8bd198c2b96 100644
--- a/tasks/ldap_login.yml
+++ b/tasks/ldap_login.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
diff --git a/tasks/mail_forward.yml b/tasks/mail_forward.yml
index 75adb17a482d678af788102112a3eb729ab29203..16910f3e980f51e36baf10a3946417f6e04ba5f1 100644
--- a/tasks/mail_forward.yml
+++ b/tasks/mail_forward.yml
@@ -1,5 +1,11 @@
 ---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
 - name: apt install exim
+  when: ansible_pkg_mgr == 'apt'
   apt:
     name: exim4
     state: present
diff --git a/tasks/main.yml b/tasks/main.yml
index 3bae11dd3a0f1106812cc5c2730a4fb6b628f8e4..ef3fd95ecdd9f80d05eed7f41cac8d7615bc5405 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,14 +1,18 @@
 ---
 # tasks file for ansible_common
 
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
 - include: init.yml
   when: ansible_os_family == 'Debian'
 
 - include: backports.yml
   when: backports|default(False) and ansible_distribution == 'Debian'
 
-- include: add_repo.yml repo='{{ item }}'
-  when: ansible_distribution == 'Debian'
+- include: add_repo.yml
+  when: ansible_distribution == 'Debian' and extra_repos is defined
 
 - include: ufw.yml
   when: ufw|default(True) and ansible_os_family == 'Debian'
diff --git a/tasks/ntp.yml b/tasks/ntp.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e03b0870494e38bdb97d494c0ad1e8bd198c2b96 100644
--- a/tasks/ntp.yml
+++ b/tasks/ntp.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
diff --git a/tasks/ssh_ca.yml b/tasks/ssh_ca.yml
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e03b0870494e38bdb97d494c0ad1e8bd198c2b96 100644
--- a/tasks/ssh_ca.yml
+++ b/tasks/ssh_ca.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
diff --git a/tasks/sudo.yml b/tasks/sudo.yml
index b74ebfe6c06976fdcc48ea443bd2688a0e2d3a6b..fe7dc906facf8af4678d46ac92806988509b67e6 100644
--- a/tasks/sudo.yml
+++ b/tasks/sudo.yml
@@ -1,4 +1,9 @@
 ---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
 - name: Add sudo group
   group:
     name: sudo
diff --git a/tasks/syslog_forward.yml b/tasks/syslog_forward.yml
index 1d4b19a2494d82b606e9346da64c032ff33ea9f3..2f3a0ec1db840dcc9b7f0cff318f983d68f1cae9 100644
--- a/tasks/syslog_forward.yml
+++ b/tasks/syslog_forward.yml
@@ -1,5 +1,9 @@
 ---
 
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
 - name: apt install rsyslog
   when: ansible_os_family == 'Debian'
   apt:
diff --git a/tasks/tls_cert.yml b/tasks/tls_cert.yml
index 022b2b7bdce13617816a9dfdd588d4accc5953fd..e81471e45c162b0a3d5bc9791cf6048f726e68b5 100644
--- a/tasks/tls_cert.yml
+++ b/tasks/tls_cert.yml
@@ -1,3 +1,9 @@
+---
+
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian' ]
+
 - name: apt install TLS CA certs
   apt:
     name: '{{ item }}'
@@ -42,10 +48,11 @@
   when: tls_copy.changed
 
 - name: Check if dhparams exists and its length
-  changed_when: False
-  script: dhparams.sh
-  register: dhparams
+  ignore_errors: yes
+  dhparams:
+    path: /etc/ssl/dhparams.pem
+  register: tls_dhparams
 
-- name: Generate dhparams
-  when: dhparams.stdout|int < 2048
+- name: Generate dhparams (this will take a while)
+  when: tls_dhparams.bits < 2048
   command: /usr/bin/openssl dhparam -out /etc/ssl/dhparams.pem 2048
diff --git a/tasks/ufw.yml b/tasks/ufw.yml
index 99f3af1c804a33b93f91c8af749a35cfc7d7c96e..234bd2f30a29461b850eb11d22f7f7223e59ab98 100644
--- a/tasks/ufw.yml
+++ b/tasks/ufw.yml
@@ -1,4 +1,9 @@
 ---
+
+- name: Assert
+  assert:
+    that: ansible_pkg_mgr == 'apt'
+
 - name: apt install ufw
   apt:
     name: ufw
diff --git a/tasks/unattended_upgrades.yml b/tasks/unattended_upgrades.yml
index 00fb8af136b97e12074e62d3a777df67ac11770b..e4ff77708917d2a0c745cfa61e7e12495b3231f3 100644
--- a/tasks/unattended_upgrades.yml
+++ b/tasks/unattended_upgrades.yml
@@ -1,5 +1,9 @@
 ---
 
+- name: Assert
+  assert:
+    that: ansible_pkg_mgr == 'apt'
+
 - name: apt install unattended-upgrades
   apt:
     name: unattended-upgrades