diff --git a/ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-nag.yml b/ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-nag.yml
index b2bb465..7be312b 100644
--- a/ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-nag.yml
+++ b/ansible/roles/ironicbadger_ansible-role-proxmox-nag-removal/tasks/remove-nag.yml
@@ -1,7 +1,7 @@
 ---
 # credit: https://johnscs.com/remove-proxmox51-subscription-notice/ & https://github.com/foundObjects/pve-nag-buster
 - name: Modify line in file to remove nag message
-  become: true
+  become: "{{ do_become }}"
   replace:
     path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
     regexp: 'res === null \|\| res === undefined \|\| !res \|\| res[\s\n]*\.data\.status\.toLowerCase\(\) !== .active.'
diff --git a/ansible/roles/kubernetes/handlers/main.yml b/ansible/roles/kubernetes/handlers/main.yml
index 8c8cdf6..3303e82 100644
--- a/ansible/roles/kubernetes/handlers/main.yml
+++ b/ansible/roles/kubernetes/handlers/main.yml
@@ -1,5 +1,5 @@
 - name: kube | systemctl restart systemd-modules-load.service
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.service:
     name: "systemd-modules-load.service"
     state: "restarted"
@@ -7,7 +7,7 @@
   failed_when: false
 
 - name: kube | docker options changed
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.service:
     name: "docker.service"
     state: "restarted"
@@ -15,13 +15,13 @@
   failed_when: false
 
 - name: kube | sysctl --system
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.command: sysctl --system
   changed_when: false
   failed_when: false
 
 - name: kube | boot options changed
-  become: true
+  become: "{{ do_become }}"
   changed_when: false
   failed_when: false
   ansible.builtin.reboot:
diff --git a/ansible/roles/kubernetes/tasks/controlplane.yml b/ansible/roles/kubernetes/tasks/controlplane.yml
index 8c6dae2..f20e98e 100644
--- a/ansible/roles/kubernetes/tasks/controlplane.yml
+++ b/ansible/roles/kubernetes/tasks/controlplane.yml
@@ -1,5 +1,5 @@
 - name: Install kubectl
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt:
     name: "{{ item }}={{ kube_apt }}"
     state: present
@@ -7,7 +7,7 @@
     - kubectl
 
 - name: Hold kubectl version
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.dpkg_selections:
     name: "{{ item }}"
     selection: "hold"
diff --git a/ansible/roles/kubernetes/tasks/node.yml b/ansible/roles/kubernetes/tasks/node.yml
index b75ebac..178bc49 100644
--- a/ansible/roles/kubernetes/tasks/node.yml
+++ b/ansible/roles/kubernetes/tasks/node.yml
@@ -1,11 +1,11 @@
 - name: Disable SWAP
   when: ansible_memory_mb.swap.total != 0
   register: swap_disable
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.command: swapoff -a
 
 - name: Remove swapfile from /etc/fstab
-  become: true
+  become: "{{ do_become }}"
   ansible.posix.mount:
     name: "{{ item }}"
     fstype: swap
@@ -14,7 +14,7 @@
     - swap
 
 - name: Add propogation to systemd
-  become: true
+  become: "{{ do_become }}"
   community.general.ini_file:
     path: /lib/systemd/system/docker.service
     section: Service
@@ -26,7 +26,7 @@
 
 - name: Set up kmsg in LXC # https://kevingoos.medium.com/kubernetes-inside-proxmox-lxc-cce5c9927942
   when: inventory_hostname in groups['lxc_guest']
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.copy:
     content: |
       #!/bin/sh -e
@@ -63,7 +63,7 @@
     - kube | boot options changed
 
 - name: Tweak modeprobe entries
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.ini_file:
     option: "{{ item.option }}"
     state: "{{ item.state }}"
@@ -78,7 +78,7 @@
     - kube | systemctl restart systemd-modules-load.service
 
 - name: Tweak sysctl entries
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
@@ -117,7 +117,7 @@
     - kube | sysctl --system
 
 - name: Add Apt signing key for Google and Libcontainers
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt_key:
     url: "{{ item }}"
     state: present
@@ -125,7 +125,7 @@
     - https://packages.cloud.google.com/apt/doc/apt-key.gpg
 
 - name: Add repo for Google and Libcontainers
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt_repository:
     filename: Kubernetes
     repo: "deb {{ item }}"
@@ -135,7 +135,7 @@
     - https://apt.kubernetes.io/ kubernetes-xenial main
 
 - name: Install kubernetes packages
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt:
     name: "{{ item }}={{ kube_apt }}"
     state: present
@@ -144,7 +144,7 @@
     - kubeadm
 
 - name: Hold kubernetes version
-  become: true
+  become: "{{ do_become }}"
   when: ! is_controlplane is defined
   ansible.builtin.dpkg_selections:
     name: "{{ item }}"
diff --git a/ansible/roles/pi_dnsmasq/tasks/main.yml b/ansible/roles/pi_dnsmasq/tasks/main.yml
index 3368806..732fa30 100644
--- a/ansible/roles/pi_dnsmasq/tasks/main.yml
+++ b/ansible/roles/pi_dnsmasq/tasks/main.yml
@@ -5,7 +5,7 @@
 
 - name: Set up dnsmasq hosts
   register: dnsmasq_hosts
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.template:
     src: hosts.custom.j2
     group: root
@@ -16,7 +16,7 @@
 - name: Set up dnsmasq rules
   when: dnsmasq_setup.stat.isdir is defined and dnsmasq_setup.stat.isdir
   register: dnsmasq
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.template:
     src: 02-custom.conf.j2
     group: root
@@ -31,7 +31,7 @@
 
 - name: Restart PiHole systems
   when: (dnsmasq.changed or dnsmasq_hosts.changed) and pihole_bin.stat.exists
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.command:
     argv:
       - pihole
diff --git a/ansible/roles/pihole/tasks/configure.yml b/ansible/roles/pihole/tasks/configure.yml
index 4c7cd78..2a5c164 100644
--- a/ansible/roles/pihole/tasks/configure.yml
+++ b/ansible/roles/pihole/tasks/configure.yml
@@ -1,5 +1,5 @@
 - name: Set pihole webpassword
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^WEBPASSWORD="
@@ -7,7 +7,7 @@
     create: yes
 
 - name: Set pihole theme
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^WEBTHEME="
@@ -15,7 +15,7 @@
     create: yes
 
 - name: Set pihole layout
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^WEBUIBOXEDLAYOUT="
@@ -23,7 +23,7 @@
     create: yes
 
 - name: Set pihole listen
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^DNSMASQ_LISTENING="
@@ -31,7 +31,7 @@
     create: yes
 
 - name: Set pihole fqdn forwarding
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^DNS_FQDN_REQUIRED="
@@ -39,7 +39,7 @@
     create: yes
 
 - name: Set pihole reverse lookup
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^DNS_BOGUS_PRIV="
@@ -47,7 +47,7 @@
     create: yes
 
 - name: Set pihole iCloud relay
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.lineinfile:
     path: /etc/pihole/setupVars.conf
     regexp: "^BLOCK_ICLOUD_PR="
diff --git a/ansible/roles/pihole/tasks/gather.yml b/ansible/roles/pihole/tasks/gather.yml
index 1b783b6..d8a778d 100644
--- a/ansible/roles/pihole/tasks/gather.yml
+++ b/ansible/roles/pihole/tasks/gather.yml
@@ -1,6 +1,6 @@
 - name: Get dependencies for PiHole
   when: not pihole_setup.stat.exists
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt:
     name:
       [
@@ -34,7 +34,7 @@
     state: latest
 
 - name: Checkout PiHole
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.git:
     repo: "https://github.com/pi-hole/pi-hole.git"
     clone: yes
diff --git a/ansible/roles/pihole_updatelist/tasks/main.yml b/ansible/roles/pihole_updatelist/tasks/main.yml
index d7c99f0..4c5363d 100644
--- a/ansible/roles/pihole_updatelist/tasks/main.yml
+++ b/ansible/roles/pihole_updatelist/tasks/main.yml
@@ -14,7 +14,7 @@
     mode: "0644"
     owner: "root"
     group: "root"
-  become: true
+  become: "{{ do_become }}"
 
 - name: Check if updatelist is installed
   ansible.builtin.stat:
@@ -23,7 +23,7 @@
 
 - name: Activate changes
   when: updatelist_exec.stat.exists
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.command:
     argv:
       - pihole-updatelists
diff --git a/ansible/roles/zfs/tasks/install.yml b/ansible/roles/zfs/tasks/install.yml
index fdc5f14..b2c78de 100644
--- a/ansible/roles/zfs/tasks/install.yml
+++ b/ansible/roles/zfs/tasks/install.yml
@@ -1,5 +1,5 @@
 - name: Install packages
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt:
     name: "{{ item }}={{ zfs_ver }}"
     state: present
@@ -7,7 +7,7 @@
     - zfsutils-linux
 
 - name: Hold ZFS version
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.dpkg_selections:
     name: "{{ item }}"
     selection: "hold"
diff --git a/ansible/roles/zfs/tasks/main.yml b/ansible/roles/zfs/tasks/main.yml
index ffd5b43..3fab27a 100644
--- a/ansible/roles/zfs/tasks/main.yml
+++ b/ansible/roles/zfs/tasks/main.yml
@@ -8,7 +8,7 @@
   include_tasks: install.yml
 
 - name: Give user passwordless access to ZFS commands
-  become: true
+  become: "{{ do_become }}"
   lineinfile:
     path: /etc/sudoers
     line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
diff --git a/ansible/run.yml b/ansible/run.yml
index 46aafca..fa7a824 100644
--- a/ansible/run.yml
+++ b/ansible/run.yml
@@ -99,7 +99,7 @@
           - github3.py
 
 - hosts: docker
-  become: true
+  become: "{{ do_become }}"
   tags:
     - docker
   vars_files:
@@ -147,7 +147,7 @@
     - "vars/vault.yml"
   tasks:
     - name: Install runtime dependencies
-      become: true
+      become: "{{ do_become }}"
       ansible.builtin.apt:
         name: "{{ item }}"
         state: present
@@ -159,12 +159,12 @@
       include_role:
         name: geerlingguy.containerd
         apply:
-          become: true
+          become: "{{ do_become }}"
     - name: Include Docker role
       include_role:
         name: geerlingguy.docker
         apply:
-          become: true
+          become: "{{ do_become }}"
     - name: Include Kubernetes role
       include_role:
         name: kubernetes
@@ -177,7 +177,7 @@
       include_role:
         name: geerlingguy.nfs
         apply:
-          become: true
+          become: "{{ do_become }}"
 
 - hosts: prox
   vars_files:
@@ -203,12 +203,12 @@
     - update
   tasks:
     - name: Install packages
-      become: true
+      become: "{{ do_become }}"
       ansible.builtin.apt:
         name: libraspberrypi-bin
 
     - name: Place PoE fan file
-      become: true
+      become: "{{ do_become }}"
       ansible.builtin.copy:
         content: |
           # Ansible managed
@@ -284,7 +284,7 @@
       when: ansible_distribution == 'Ubuntu'
 
     - name: Place MoTD
-      become: true
+      become: "{{ do_become }}"
       when: ansible_distribution == 'Ubuntu'
       ansible.builtin.copy:
         content: |
@@ -303,7 +303,7 @@
 
     - name: Update PiHole
       when: inventory_hostname in groups['piholes'] and pihole_exec.stat.exists
-      become: true
+      become: "{{ do_become }}"
       ansible.builtin.command:
         argv:
           - pihole
diff --git a/ansible/tasks/omp.yml b/ansible/tasks/omp.yml
index 7614a3e..b039c66 100644
--- a/ansible/tasks/omp.yml
+++ b/ansible/tasks/omp.yml
@@ -1,10 +1,10 @@
 - name: Install pip package
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.apt:
     name: python3-pip
 
 - name: Install github package
-  become: true
+  become: "{{ do_become }}"
   ansible.builtin.pip:
     name: github3.py