diff --git a/.drone.yml b/.drone.yml
index 7f06fb5..4a04a71 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -7,7 +7,7 @@ steps:
   - name: yamllint
     image: cytopia/yamllint
     commands:
-      - yamllint .
+      - yamllint --strict .
 
   - name: ansible-playbook syntax check
     image: cytopia/ansible
diff --git a/group_vars/all/00-defaults.yml b/group_vars/all/00-defaults.yml
index 49d3854..8e36cdc 100644
--- a/group_vars/all/00-defaults.yml
+++ b/group_vars/all/00-defaults.yml
@@ -1,3 +1,4 @@
+---
 disksetup_strategy: efi_gpt_btrfs
 # partitioning_priv_device_node: /dev/sda
 
diff --git a/main.yml b/main.yml
index 32773ff..9f63a19 100644
--- a/main.yml
+++ b/main.yml
@@ -33,3 +33,4 @@
     - docker
     - yubikey
     - u2f
+    - cleanup
diff --git a/roles/cleanup/tasks/main.yml b/roles/cleanup/tasks/main.yml
new file mode 100644
index 0000000..3aeb2ea
--- /dev/null
+++ b/roles/cleanup/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Remove static ip configuration.
+  file:
+    path: /etc/NetworkManager/system-connections/static.nmconnection
+    state: absent
+
+- name: Remove temporary key from root's authorized_keys.
+  authorized_key:
+    state: absent
+    user: root
+    path: /root/.ssh/authorized_keys
+    key: "{{ tmp_pub_key }}"
+    manage_dir: true
+
+- name: Disable ssh server.
+  systemd:
+    name: sshd
+    enabled: false
+    state: stopped
diff --git a/roles/configure/tasks/main.yml b/roles/configure/tasks/main.yml
index 85f2f59..967671a 100644
--- a/roles/configure/tasks/main.yml
+++ b/roles/configure/tasks/main.yml
@@ -40,7 +40,7 @@
     group: root
     mode: 0700
 
-- name: Make sure temporary key is in root's authorized_keys
+- name: Make sure temporary key is in root's authorized_keys.
   authorized_key:
     state: present
     user: root