diff --git a/tasks/main.yaml b/tasks/main.yaml
index 72ddc3f..661e55b 100644
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -180,6 +180,9 @@
 - name: "user - create users"
   ansible.builtin.include_tasks: "user.yaml"
   tags: "usermanagement"
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: "__user"
 
 # firewall
 - name: "firewall"
diff --git a/tasks/user.yaml b/tasks/user.yaml
index c9edef4..10fec4f 100644
--- a/tasks/user.yaml
+++ b/tasks/user.yaml
@@ -1,74 +1,65 @@
 ---
 
-# manage users
-- name: "manage users"
-  tags: "usermanagement"
-  loop: "{{ user }}"
-  loop_control:
-    loop_var: "__user"
+# manage facts
+- name: "user - set default facts for {{ __user['username'] }}"
+  ansible.builtin.set_fact:
+    sudo_hosts: "{{ __user['hosts'] | default('all') }}"
+    sudo_file: "{{ __user['sudo'] | default('False') }}"
+    sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
+    user_state: "{{ __user['state'] | default('present') }}"
 
-  block:
+# create user with password
+- name: "user - create users with password - {{ __user['username'] }}"
+  ansible.builtin.user:
+    name: "{{ __user['username'] }}"
+    comment: "{{ __user['name'] }}"
+    password: "{{ __user['password'] }}"
+    shell: "{{ __user['shell'] | default('/bin/bash') }}"
+    state: "present"
+  when:
+    - "__user['password'] is defined"
+    - "user_state == 'present'"
 
-    # manage facts
-    - name: "user - set default facts for {{ __user['username'] }}"
-      ansible.builtin.set_fact:
-        sudo_hosts: "{{ __user['hosts'] | default('all') }}"
-        sudo_file: "{{ __user['sudo'] | default('False') }}"
-        sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
-        user_state: "{{ __user['state'] | default('present') }}"
+# create user without password
+- name: "user - create users without password - {{ __user['username'] }}"
+  ansible.builtin.user:
+    name: "{{ __user['username'] }}"
+    comment: "{{ __user['name'] }}"
+    shell: "{{ __user['shell'] | default('/bin/bash') }}"
+    state: "{{ user_state }}"
+  when:
+    - "__user['password'] is not defined"
+    - "user_state == 'present'"
 
-    # create user with password
-    - name: "user - create users with password - {{ __user['username'] }}"
-      ansible.builtin.user:
-        name: "{{ __user['username'] }}"
-        comment: "{{ __user['name'] }}"
-        password: "{{ __user['password'] }}"
-        shell: "{{ __user['shell'] | default('/bin/bash') }}"
-        state: "present"
-      when:
-        - "__user['password'] is defined"
-        - "user_state == 'present'"
+# manage authorized_keys
+- name: "user - manage authorized_keys - {{ __user['username'] }}"
+  ansible.posix.authorized_key:
+    user: "{{ __user['username'] }}"
+    key: "{{ __user['publickey'] }}"
+    state: "present"
+    manage_dir: "true"
+  when: "__user['publickey'] is defined"
 
-    # create user without password
-    - name: "user - create users without password - {{ __user['username'] }}"
-      ansible.builtin.user:
-        name: "{{ __user['username'] }}"
-        comment: "{{ __user['name'] }}"
-        shell: "{{ __user['shell'] | default('/bin/bash') }}"
-        state: "{{ user_state }}"
-      when:
-        - "__user['password'] is not defined"
-        - "user_state == 'present'"
+# delete users
+- name: "user - delete users - {{ __user['username'] }}"
+  ansible.builtin.user:
+    name: "{{ __user['username'] }}"
+    state: "absent"
+    remove: true
+  when: "user_state == 'absent'"
 
-    # manage authorized_keys
-    - name: "user - manage authorized_keys - {{ __user['username'] }}"
-      ansible.posix.authorized_key:
-        user: "{{ __user['username'] }}"
-        key: "{{ __user['publickey'] }}"
-        state: "present"
-        manage_dir: "true"
-      when: "__user['publickey'] is defined"
+# manage sudoers file
+- name: "user - create sudoers file - {{ __user['username'] }}"
+  ansible.builtin.template:
+    src: "templates/usermanagement/sudoers.d/sudoers.j2"
+    dest: "/etc/sudoers.d/{{ __user['username'] }}"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when: "sudo_file"
 
-    # delete users
-    - name: "user - delete users - {{ __user['username'] }}"
-      ansible.builtin.user:
-        name: "{{ __user['username'] }}"
-        state: "absent"
-        remove: true
-      when: "user_state == 'absent'"
-
-    # manage sudoers file
-    - name: "user - create sudoers file - {{ __user['username'] }}"
-      ansible.builtin.template:
-        src: "templates/usermanagement/sudoers.d/sudoers.j2"
-        dest: "/etc/sudoers.d/{{ __user['username'] }}"
-        owner: "root"
-        group: "root"
-        mode: "0644"
-      when: "sudo_file"
-
-    - name: "user - delete sudoers file - {{ __user['username'] }}"
-      ansible.builtin.file:
-        state: "absent"
-        path: "/etc/sudoers.d/{{ __user['username'] }}"
-      when: "not sudo_file"
+- name: "user - delete sudoers file - {{ __user['username'] }}"
+  ansible.builtin.file:
+    state: "absent"
+    path: "/etc/sudoers.d/{{ __user['username'] }}"
+  when: "not sudo_file"