diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..df6ec47
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# defaults file for debian_common
+# Andre 2025: this is to prevent:
+# [WARNING]: Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700,
+# this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually"
+allow_world_readable_tmpfiles: true
diff --git a/tasks/tmp-nonexec.yml b/tasks/tmp-nonexec.yml
index e21802e..480542c 100644
--- a/tasks/tmp-nonexec.yml
+++ b/tasks/tmp-nonexec.yml
@@ -27,7 +27,7 @@
     - name: Move old tmp out of the way
       ansible.builtin.command:
         cmd: mv /tmp /old_tmp
-      failed_when: "{{ sttmp.stat.exists }}"
+      failed_when: sttmp.stat.exists
       changed_when: true
 
     - name: Make the new file a permanent mount in fstab
@@ -41,7 +41,7 @@
     - name: Move the old stuff back into the new mountpoint
       ansible.builtin.command:
         cmd: mv /old_tmp/* /tmp/
-      failed_when: "{{ sttmp.stat.exists }}"
+      failed_when: sttmp.stat.exists
       changed_when: true
 
     - name: Ensure no more /old_tmp
diff --git a/tasks/unpriv-user.yml b/tasks/unpriv-user.yml
index 3aac151..1e8c409 100644
--- a/tasks/unpriv-user.yml
+++ b/tasks/unpriv-user.yml
@@ -13,7 +13,7 @@
 - name: Check the primary key for the unprivileged user
   ansible.posix.authorized_key:
     user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
+    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
     state: present
     exclusive: false
   register: setkey
@@ -22,14 +22,14 @@
   when: setkey.changed
   ansible.posix.authorized_key:
     user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
+    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
     state: present
     exclusive: true
 
 - name: Set the secondary key for the unprivileged user
   ansible.posix.authorized_key:
     user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-2.pub') }}"
+    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
     state: present
     exclusive: false