diff --git a/README.rst b/README.rst
index d8bfe7d4a602edeec5c4a4323dd2a6dae50bfc36..f5035e5b0a2a62041eb1adbe94309f72b403123c 100644
--- a/README.rst
+++ b/README.rst
@@ -28,9 +28,6 @@ Role Variables
     collectd_riemann_server:
     collectd_collectd_server:
     collectd_statsd_server:
-    mail_root_alias:
-    ldap_login_server:
-    sudo:
     ntp:
     unattended_upgrades:
     tls_cert: # Filename of the TLS cert for that host.
diff --git a/handlers/main.yml b/handlers/main.yml
index 2d2db66c43252b65aafe61e5870193236f74e8f9..6f515dd39770254a2369026f1d7adc5eca7e5d99 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -14,11 +14,6 @@
     name: syslogd
     state: restarted
 
-- name: Restart ssh
-  service:
-    name: '{{ ssh_daemon[ansible_os_family] }}'
-    state: restarted
-
 - name: Restart Collectd
   service:
     name: collectd
@@ -33,8 +28,3 @@
   service:
     name: systemd-timesyncd
     state: restarted
-
-- name: Restart stunnel
-  service:
-    name: '{{ stunnel_service[ansible_os_family] }}'
-    state: restarted
diff --git a/tasks/ldap_login.yml b/tasks/ldap_login.yml
deleted file mode 100644
index 30ec8cb0e9c1755cda98e8243d5a3e7ffeea6b35..0000000000000000000000000000000000000000
--- a/tasks/ldap_login.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
-
-- name: apt install
-  when: ansible_pkg_mgr == 'apt'
-  apt:
-    name: bash
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: pkg install
-  when: ansible_pkg_mgr == 'openbsd_pkg'
-  openbsd_pkg:
-    name: bash
-    state: present
diff --git a/tasks/lock_root.yml b/tasks/lock_root.yml
deleted file mode 100644
index 9ac64cc9cdc414b9850dc066eb31a9abc25190f1..0000000000000000000000000000000000000000
--- a/tasks/lock_root.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: Disable root account
-  user:
-    name: root
-    password: '*************'
-  register: lock_root
-  changed_when: not (lock_root.stderr is defined and 'no changes' in lock_root.stderr)
-
-- name: Disable root SSH login
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    line: 'PermitRootLogin no'
-    regexp: '^PermitRootLogin '
-  notify:
-  - Restart ssh
diff --git a/tasks/mail_forward.yml b/tasks/mail_forward.yml
deleted file mode 100644
index 68e20cdfce4841d2e5d2a47aeb67a8bf65b9013f..0000000000000000000000000000000000000000
--- a/tasks/mail_forward.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
-
-- name: apt install exim
-  when: ansible_pkg_mgr == 'apt'
-  apt:
-    name: exim4
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: Set root mail alias
-  lineinfile:
-    dest: '{{ aliases_file[ansible_os_family] }}'
-    line: 'root: {{ mail_root_alias }}'
-    regexp: '^root:'
-  register: root_alias
-
-- name: Update SMTPd database
-  when: ansible_os_family == 'OpenBSD' and root_alias.changed
-  command: /usr/sbin/makemap /etc/mail/aliases
diff --git a/tasks/main.yml b/tasks/main.yml
index ab40a3295b88c87f1dd931a63c17dd237f092233..d67586f4c783c5d8fb1c83ef93e8e37030fbc090 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,6 @@
 ---
 # tasks file for ansible_common
 
-- include: openbsd_bootstrap.yml
-  when: openbsd_bootstrap is defined
-
-- setup:
-  when: openbsd_bootstrap is undefined
-
 - name: Assert
   assert:
     that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
@@ -35,26 +29,11 @@
 - include: collectd_agent.yml
   when: (collectd_graphite_server is defined or collectd_riemann_server is defined or collectd_collectd_server is defined or collectd_statsd_server is defined) and not common_role_finished is defined
 
-- include: mail_forward.yml
-  when: mail_root_alias is defined and not common_role_finished is defined
-
-- include: ldap_login.yml
-  when: ldap_login_server is defined and not common_role_finished is defined
-
-- include: sudo.yml
-  when: sudo|default(True) and not common_role_finished is defined
-
 - include: ntp.yml
   when: ntp|default(True) and not common_role_finished is defined
 
 - include: unattended_upgrades.yml
   when: unattended_upgrades|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
 
-- include: lock_root.yml
-  when: lock_root|default(True) and not common_role_finished is defined
-
-- include: stunnel.yml
-  when: stunnel|default(True) and not common_role_finished is defined
-
 - set_fact:
     common_role_finished: True
diff --git a/tasks/openbsd_bootstrap.yml b/tasks/openbsd_bootstrap.yml
deleted file mode 100644
index 31ef049f0c9dc1657d05e3614e2edb88e55962ad..0000000000000000000000000000000000000000
--- a/tasks/openbsd_bootstrap.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# Bootstrap an OpenBSD machine to be able to run Ansible on it.
-
-- name: Install Python
-  raw: "PKG_PATH={{ openbsd_pkg_mirror }}/OpenBSD/$(uname -r)/packages/$(arch -s)/ /usr/sbin/pkg_add -I py-pip"
-  register: openbsd_pkg_add_python
-  changed_when: "'python' in openbsd_pkg_add_python.stdout"
-
-- name: Symlink python
-  raw: ln -s /usr/local/bin/python2.7 /usr/bin/python
-  register: symlink_python
-  changed_when: not 'File exists' in symlink_python.stdout_lines[0]
-  failed_when: symlink_python|failed and not 'File exists' in symlink_python.stdout_lines[0]
-
-- name: Gather facts
-  setup:
-
-- name: Configure pkg
-  lineinfile:
-    dest: /etc/pkg.conf
-    line: 'installpath = {{ openbsd_pkg_mirror }}/OpenBSD/{{ ansible_distribution_release }}/packages/{{ ansible_architecture }}/'
-    regexp: '^installpath ='
-    state: present
-    create: yes
diff --git a/tasks/stunnel.yml b/tasks/stunnel.yml
deleted file mode 100644
index c404d765e82a168eecfb7b9741a6dfcb2c7e5877..0000000000000000000000000000000000000000
--- a/tasks/stunnel.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-
-- assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
-
-- name: apt install stunnel
-  when: ansible_pkg_mgr == 'apt'
-  apt:
-    name: stunnel4
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: pkg install stunnel
-  when: ansible_pkg_mgr == 'openbsd_pkg'
-  openbsd_pkg:
-    name: '{{ openbsd_stunnel_version[ansible_distribution_release] }}'
-    state: present
-
-- name: Configure stunnel
-  with_dict:
-    syslog: yes
-    key: '{{ tls_key_path }}'
-    cert: '{{ tls_cert_path }}'
-    CAfile: '{{ ca_store[ansible_os_family] }}'
-    ciphers: '!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1'
-    options: NO_SSLv2
-    options: NO_SSLv3
-  lineinfile:
-    dest: /etc/stunnel/stunnel.conf
-    line: '{{ item.key }} = {{ item.value }}'
-    regexp: '^{{ item.key }} ='
-    state: present
-  notify:
-  - Restart stunnel
-
-- name: Allow stunnel to access the TLS key
-  user:
-    name: '{{ stunnel_user[ansible_os_family] }}'
-    groups: ssl-cert
-    append: yes
-    state: present
-  notify:
-  - Restart stunnel
diff --git a/tasks/sudo.yml b/tasks/sudo.yml
deleted file mode 100644
index fe7dc906facf8af4678d46ac92806988509b67e6..0000000000000000000000000000000000000000
--- a/tasks/sudo.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
-
-- name: Add sudo group
-  group:
-    name: sudo
-    state: present
-    system: yes
-
-- name: Give sudo group sudo permissions
-  lineinfile:
-    dest: '{{ sudoers_location[ansible_os_family] }}'
-    line: '%sudo     ALL=(ALL) NOPASSWD: ALL'
-    regexp: '^%sudo'
diff --git a/vars/main.yml b/vars/main.yml
index 5926400077439b89a1f1d4d33309b0b9d9e66d0d..c143af83bbf0247f65c192e173639add2dc89a81 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -15,51 +15,32 @@ backports_repo:
   precise: http://archive.ubuntu.com/ubuntu precise-backports main universe multiverse
   trusty: http://archive.ubuntu.com/ubuntu trusty-backports main universe multiverse
 
-sudoers_location:
-    FreeBSD: '/usr/local/etc/sudoers'
-    Debian: '/etc/sudoers'
-    OpenBSD: '/etc/sudoers'
-
 openbsd_collectd_version:
     '5.5': 'collectd-4.10.2p4'
     '5.6': 'collectd-4.10.2p4'
     '5.7': 'collectd-5.4.1p1'
     '5.8': 'collectd-5.5.0p1'
 
-openbsd_stunnel_version:
-    '5.5': 'stunnel-4.56'
-    '5.6': 'stunnel-5.00p0'
-    '5.7': 'stunnel-5.06'
-    '5.8': 'stunnel-5.19'
-
-openbsd_pkg_mirror: http://www.mirrorservice.org/pub
 ca_store:
     OpenBSD: /etc/ssl/cert.pem
     Debian: /etc/ssl/certs/ca-certificates.crt
+
 update_ca_certificates:
     OpenBSD: /usr/local/sbin/update-ca-certificates
     Debian: /usr/sbin/update-ca-certificates
-ssh_daemon:
-    OpenBSD: sshd
-    Debian: ssh
+
 cert_dir:
     OpenBSD: /etc/ssl/certs
     Debian: /usr/local/share/ca-certificates
+
 ntpd_conf:
     OpenBSD: /etc/ntpd.conf
     Debian: /etc/ntp.conf
+
 ntp_pool:
     OpenBSD: pool.ntp.org
     Debian: debian.pool.ntp.org
+
 ntpd_service:
     OpenBSD: ntpd
     Debian: ntp
-aliases_file:
-    OpenBSD: /etc/mail/aliases
-    Debian: /etc/aliases
-stunnel_service:
-    OpenBSD: stunnel
-    Debian: stunnel4
-stunnel_user:
-    OpenBSD: _stunnel
-    Debian: stunnel4