diff --git a/hardening.yml b/hardening.yml
index 365f78a..ac02c8c 100644
--- a/hardening.yml
+++ b/hardening.yml
@@ -4,6 +4,9 @@
   gather_facts: true
   pre_tasks:
 
+# to reinstall netbird rm /usr/share/keyrings/netbird-archive-keyring.gpg
+# become root no password /etc/sudoers.d/20stephane => stephane ALL=(ALL) NOPASSWD: ALL
+
     - ansible.builtin.pip:
         name: netaddr
       delegate_to: localhost
@@ -103,16 +106,24 @@
 
   roles:
    # - robertdebock.update
-    - devsec.hardening.os_hardening
-    - devsec.hardening.ssh_hardening
+    - role: devsec.hardening.os_hardening
+      tags: os
+    - role: devsec.hardening.ssh_hardening
+      tags: ssh
     # - maxlareo.rkhunter
     # - maxlareo.chkrootkit
-    - robertdebock.auditd
-    - geerlingguy.firewall
-    - grog.management-user
-    - GROG.user
-    - GROG.authorized-key
-    - GROG.sudo
+    - role: robertdebock.auditd
+      tags: auditd
+    - role: geerlingguy.firewall
+      tags: firewall
+    - role: grog.management-user
+      tags: user
+    - role: GROG.user
+      tags: user
+    - role: GROG.authorized-key
+      tags: user
+    - role: GROG.sudo
+      tags: user    
     # - ansible_unattended_upgrades
     # - buluma.lynis