diff --git a/tasks/main.yml b/tasks/main.yml
index 5573651b3a1835c0e23d73bb00fcaed668c9cd8a..194bd530adc4344cdffc1669593c4f0d5f4e4068 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,45 +6,49 @@
     that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
 
 - include: init.yml
-  when: ansible_os_family == 'Debian'
+  when: ansible_os_family == 'Debian' and not common_role_finished is defined
 
 - include: backports.yml
-  when: backports|default(False) and ansible_distribution == 'Debian'
+  when: backports|default(False) and ansible_distribution == 'Debian'and common_role_finished is defined
 
 - include: add_repo.yml
-  when: ansible_distribution == 'Debian' and extra_repos is defined
+  when: ansible_distribution == 'Debian' and extra_repos is defined and not common_role_finished is defined
 
 - include: ufw.yml
-  when: ufw|default(True) and ansible_os_family == 'Debian'
+  when: ufw|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
 
 - include: tls_cert.yml
-  when: tls_cert|default(True)
+  when: tls_cert|default(True) and not common_role_finished is defined
 
 - include: add_tls_cert.yml
+  when: and not common_role_finished is defined
 
 - include: ssh_ca.yml
-  when: ssh_ca|default(True)
+  when: ssh_ca|default(True) and not common_role_finished is defined
 
 - include: syslog_forward.yml
-  when: syslog_server is defined
+  when: syslog_server is defined and not common_role_finished is defined
 
 - include: collectd_agent.yml
-  when: collectd_graphite_server is defined or collectd_riemann_server is defined or collectd_collectd_server is defined or collectd_statsd_server is defined
+  when: (collectd_graphite_server is defined or collectd_riemann_server is defined or collectd_collectd_server is defined or collectd_statsd_server is defined) and not common_role_finished is defined
 
 - include: mail_forward.yml
-  when: mail_root_alias is defined
+  when: mail_root_alias is defined and not common_role_finished is defined
 
 - include: ldap_login.yml
-  when: ldap_login_server is defined
+  when: ldap_login_server is defined and not common_role_finished is defined
 
 - include: sudo.yml
-  when: sudo|default(True)
+  when: sudo|default(True) and not common_role_finished is defined
 
 - include: ntp.yml
-  when: ntp|default(True)
+  when: ntp|default(True) and not common_role_finished is defined
 
 - include: unattended_upgrades.yml
-  when: unattended_upgrades|default(True) and ansible_os_family == 'Debian'
+  when: unattended_upgrades|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
 
 - include: lock_root.yml
-  when: lock_root|default(True)
+  when: lock_root|default(True) and not common_role_finished is defined
+
+- set_fact:
+    common_role_finished: True