diff --git a/roles/debian_server/tasks/btrfs.yml b/roles/debian_server/tasks/btrfs.yml
index f53ba7d67598d188b578902f6af98cc376af1dcc..013e7f98f8899f8f41dfad6c767c1238ec66a307 100644
--- a/roles/debian_server/tasks/btrfs.yml
+++ b/roles/debian_server/tasks/btrfs.yml
@@ -10,7 +10,7 @@
 - name: Create btrfs scrub services
   # yamllint disable rule:line-length
   loop: &btrfs_devices |-
-    {{ ansible_mounts|selectattr("fstype", "equalto", "btrfs")|map(attribute="device")|unique }}
+    {{ ansible_facts.mounts|selectattr("fstype", "equalto", "btrfs")|map(attribute="device")|unique }}
   # yamllint enable rule:line-length
   ansible.builtin.template:
     dest: /etc/systemd/system/scrub{{ name }}.service
diff --git a/roles/debian_server/tasks/docker.yml b/roles/debian_server/tasks/docker.yml
index 60b2af8b15119d7f6f7194cfdc2da94dd7f66e4f..118e3bc825019456f66894d34883624304edf1a2 100644
--- a/roles/debian_server/tasks/docker.yml
+++ b/roles/debian_server/tasks/docker.yml
@@ -55,7 +55,7 @@
     owner: root
 
 - name: Allow unprivileged user namespaces
-  when: ansible_facts["distribution_major_version"] < 11
+  when: ansible_facts.distribution_major_version|int < 11
   ansible.posix.sysctl:
     name: kernel/unprivileged_userns_clone
     state: present
diff --git a/roles/debian_server/tasks/main.yml b/roles/debian_server/tasks/main.yml
index 2568d8f20f18d46199475df34599f6c2b6a7e45c..e66f448419effeaaa514b17d738dc20a913db13b 100644
--- a/roles/debian_server/tasks/main.yml
+++ b/roles/debian_server/tasks/main.yml
@@ -2,9 +2,9 @@
 - name: Verify assertions
   assert:
     that:
-      - ansible_distribution == "Debian"
-      - ansible_distribution_major_version|int >= 10
-      - ansible_service_mgr == "systemd"
+      - ansible_facts.distribution == "Debian"
+      - ansible_facts.distribution_major_version|int >= 10
+      - ansible_facts.service_mgr == "systemd"
 
 - name: Enable the backports repo
   loop:
@@ -12,7 +12,7 @@
     - deb-src
   apt_repository:
     # yamllint disable-line rule:line-length
-    repo: '{{ item }} http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main contrib non-free'
+    repo: '{{ item }} http://deb.debian.org/debian {{ ansible_facts.distribution_release }}-backports main contrib non-free'
     state: present
     update_cache: true
 
diff --git a/roles/debian_server/tasks/toolbox.yml b/roles/debian_server/tasks/toolbox.yml
index ef7e6d4869223ea29100899ad0fc573a19b73e40..ccf999e984c9d4282ff69437df801eb678564cf1 100644
--- a/roles/debian_server/tasks/toolbox.yml
+++ b/roles/debian_server/tasks/toolbox.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install Podman from the Kubic repository
   # yamllint disable-line rule:line-length
-  when: ansible_distribution_release is in ["buster", "bionic", "focal", "hera", "odin"]
+  when: ansible_facts.distribution_release is in ["buster", "bionic", "focal", "hera", "odin"]
   block:
     - name: Assertions
       assert:
@@ -30,7 +30,7 @@
         update_cache: true
 
     - name: Install newer libseccomp2 from the backports repository
-      when: ansible_distribution_release == "buster"
+      when: ansible_facts.distribution_release == "buster"
       apt:
         cache_valid_time: 3600
         default_release: buster-backports
diff --git a/roles/debian_server/vars/main.yml b/roles/debian_server/vars/main.yml
index a1257de40a5c8b8bbdf2cdbf6651e199e4cf7234..5f233a332b2e9193b7e9a3d4bdc95898f8532ddd 100644
--- a/roles/debian_server/vars/main.yml
+++ b/roles/debian_server/vars/main.yml
@@ -12,4 +12,4 @@ toolbox_podman_repo_base_url_mapping:
   odin: *focal
 
 toolbox_podman_repo_base_url: |-
-  {{ toolbox_podman_repo_base_url_mapping[ansible_distribution_release] }}
+  {{ toolbox_podman_repo_base_url_mapping[ansible_facts.distribution_release] }}
diff --git a/roles/router/handlers/main.yaml b/roles/router/handlers/main.yaml
index c95d484d18b2d5ceb363dbd09187982c1b6ca243..a9f4fea419edf77c785a9437dd264755c608bd79 100644
--- a/roles/router/handlers/main.yaml
+++ b/roles/router/handlers/main.yaml
@@ -63,7 +63,7 @@
 
 - name: Message about restarting the machine
   debug:
-    msg: The {{ ansible_hostname }} needs to be restarted
+    msg: The {{ ansible_facts.hostname }} needs to be restarted
     verbosity: 0
 
 - name: Stop the audio server
diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml
index e68960ac252d06dbc0093cdb81eb17f95416bae6..c4224de316b9e40759679f9e12f744858bd2cb60 100644
--- a/roles/router/tasks/main.yaml
+++ b/roles/router/tasks/main.yaml
@@ -185,7 +185,7 @@
 
 - name: Set Bash as the login shell
   user:
-    name: '{{ ansible_env["DOAS_USER"] }}'
+    name: '{{ ansible_facts.env["DOAS_USER"] }}'
     shell: /usr/local/bin/bash
   tags:
     - bash
diff --git a/roles/wap/tasks/main.yaml b/roles/wap/tasks/main.yaml
index 5125fd4c6f396116b9bd7c69a8aa18ef81b8b97a..244d3f76d854490e79b534861c3542833ef7c659 100644
--- a/roles/wap/tasks/main.yaml
+++ b/roles/wap/tasks/main.yaml
@@ -2,8 +2,8 @@
 - name: Validate assertions
   ansible.builtin.assert:
     that:
-      - ansible_distribution == "OpenWrt"
-      - ansible_distribution_major_version == "19"
+      - ansible_facts.distribution == "OpenWrt"
+      - ansible_facts.distribution_major_version == "19"
 
 - name: Install packages
   loop:
@@ -45,7 +45,8 @@
   delegate_to: localhost
   community.crypto.openssl_privatekey:
     mode: 0o0444
-    path: &local_private_key '{{ playbook_dir }}/{{ ansible_hostname }}.key'
+    path: &local_private_key |-
+      '{{ playbook_dir }}/{{ ansible_facts.hostname }}.key'
     size: 4096
     state: present
     type: RSA
@@ -53,7 +54,8 @@
 - name: Generate a self-signed SSL certificate locally
   delegate_to: localhost
   community.crypto.x509_certificate:
-    path: &local_public_key '{{ playbook_dir }}/{{ ansible_hostname }}.crt'
+    path: &local_public_key |-
+      '{{ playbook_dir }}/{{ ansible_facts.hostname }}.crt'
     privatekey_path: *local_private_key
     provider: selfsigned
     state: present
diff --git a/roles/wap/templates/daily.j2 b/roles/wap/templates/daily.j2
index a0e3cfb4dde9356a6bb320b75160b32a777a832f..6855930ad882453532de0fa0af3368ac349ee4c5 100644
--- a/roles/wap/templates/daily.j2
+++ b/roles/wap/templates/daily.j2
@@ -4,4 +4,5 @@ set -eu
 opkg update
 opkg list-upgradable | awk '{print $1}' | sort | xargs -rn1 opkg upgrade --download-only
 
-[ -z "$(opkg list-upgradable)" ] || curl https://notify.shore.co.il/send?message={{ (ansible_facts["hostname"] + " has pending updates.") | urlencode }}
+[ -z "$(opkg list-upgradable)" ] ||
+    curl https://notify.shore.co.il/send?message={{ (ansible_facts.hostname + " has pending updates.") | urlencode }}
diff --git a/tasks/renew-cert.yaml b/tasks/renew-cert.yaml
index bb703ea5a3ad3ec437bd38ec248921d35b30cd6f..3f69a388e5fad9cdd2a3c20f74d020a31f8a1ef9 100644
--- a/tasks/renew-cert.yaml
+++ b/tasks/renew-cert.yaml
@@ -23,7 +23,7 @@
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{ account_key_stat.stat.exists and (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{ account_key_stat.stat.exists and (ansible_facts.date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
     # yamllint enable rule:line-length
     mode: 0o0600
     path: *account_key_src
@@ -61,7 +61,7 @@
   community.crypto.openssl_privatekey:
     # yamllint disable rule:line-length
     force: |-
-      {{  host_key_stat.stat.exists and (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
+      {{  host_key_stat.stat.exists and (ansible_facts.date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
     # yamllint enable rule:line-length
     mode: &mode 0o0600
     path: *key_src
@@ -179,7 +179,7 @@
       community.crypto.openssl_dhparam:
         # yamllint disable rule:line-length
         force: |-
-          {{ dhparams_stat.stat.exists and (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
+          {{ dhparams_stat.stat.exists and (ansible_facts.date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
         # yamllint enable rule:line-length
         mode: 0o0644
         path: *dhparams
diff --git a/update.yaml b/update.yaml
index 99c903292fc172496f84c2601ee184fa5e54a10c..8ebf8f20394468dd39ff025b4c8bd9d86d48d2a6 100644
--- a/update.yaml
+++ b/update.yaml
@@ -7,7 +7,7 @@
     - update
   tasks:
     - name: Update Debian-based hosts
-      when: ansible_pkg_mgr == 'apt'
+      when: ansible_facts.pkg_mgr == 'apt'
       tags:
         - debian
       block:
@@ -63,7 +63,7 @@
               flatpak_update is changed }}
 
     - name: Update OpenWRT hosts
-      when: ansible_pkg_mgr == 'opkg'
+      when: ansible_facts.pkg_mgr == 'opkg'
       tags:
         - openwrt
       block:
@@ -87,7 +87,7 @@
             reboot_needed: "{{ opkg_upgrade is changed }}"
 
     - name: Update OpenBSD hosts
-      when: ansible_pkg_mgr == 'openbsd_pkg'
+      when: ansible_facts.pkg_mgr == 'openbsd_pkg'
       tags:
         - openbsd
       block: