diff --git a/roles/logdetective/tasks/main.yml b/roles/logdetective/tasks/main.yml
index 6ef93aa92d..5e7e9c30cb 100644
--- a/roles/logdetective/tasks/main.yml
+++ b/roles/logdetective/tasks/main.yml
@@ -1,5 +1,6 @@
 ---
-- import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
+- name: Import common cloud setup tasks
+  ansible.builtin.import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
 
 - name: Install basic packages
   ansible.builtin.dnf:
@@ -19,10 +20,11 @@
   ansible.builtin.get_url:
     url: https://developer.download.nvidia.com/compute/cuda/repos/fedora41/x86_64/cuda-fedora41.repo
     dest: /etc/yum.repos.d/
+    mode: "0644"
   tags:
     - cuda_installation
 
-- name: install cuda
+- name: Install cuda
   ansible.builtin.package:
     name: cuda-toolkit-12
   register: cuda_installation
@@ -44,6 +46,7 @@
       ansible.builtin.file:
         path: /mnt/srv
         state: directory
+        mode: "0755"
 
     - name: Mount the drive on boot
       ansible.posix.mount:
@@ -74,6 +77,7 @@
         block: |
           export HUGGINGFACE_HUB_CACHE=/mnt/srv/.cache/huggingface
           export PIP_CACHE_DIR=/mnt/srv/.cache/pip
+        mode: "0644"
 
     - name: Set up CUDA binary paths
       ansible.builtin.lineinfile:
@@ -85,6 +89,7 @@
         path: /etc/profile.d/models.sh
         line: export MODELS_PATH=/mnt/srv/models/
         create: true
+        mode: "0644"
 
     # TODO Configure Podman to store data on our secondary drive in
     # /mnt/srv/containers_storage/
@@ -108,13 +113,16 @@
 
 
 - name: Stop and disable nftables service
-  systemd:
+  ansible.builtin.systemd:
     name: nftables
     state: stopped
     enabled: false
 
 - name: Start firewalld so that we can allow ports more easily
-  systemd: state=started name=firewalld enabled=yes
+  ansible.builtin.systemd:
+    name: firewalld
+    state: started
+    enabled: true
 
 - name: Allow accessing 443 from the outside
   ansible.posix.firewalld: