diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml
index 1dc3deb..040393b 100644
--- a/roles/bootstrap/vars/main.yml
+++ b/roles/bootstrap/vars/main.yml
@@ -6,8 +6,8 @@ bootstrap_common_conditional:
   - "{{ 'ufw' if system_cfg.features.firewall.backend == 'ufw' and system_cfg.features.firewall.enabled | bool else '' }}"
   - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' and system_cfg.features.firewall.enabled | bool else '' }}"
   - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' and system_cfg.features.firewall.enabled | bool else '' }}"
-  - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
-  - "{{ 'tpm2-tools' if system_cfg.luks.enabled else '' }}"
+  - "{{ 'cryptsetup' if system_cfg.luks.enabled | bool else '' }}"
+  - "{{ 'tpm2-tools' if system_cfg.luks.enabled | bool else '' }}"
   - "{{ 'qemu-guest-agent' if hypervisor_type in ['libvirt', 'proxmox'] else '' }}"
   - "{{ 'open-vm-tools' if hypervisor_type == 'vmware' else '' }}"
 
@@ -34,14 +34,14 @@ bootstrap_almalinux: >-
   {{
     bootstrap_rhel_base
     + ['grub2', 'grub2-efi', 'dbus-daemon', 'lrzsz',
-       'nfsv4-client-utils', 'nc', 'ppp', 'zram-generator']
+       'nfsv4-client-utils', 'nc', 'ppp', 'python3', 'zram-generator']
   }}
 
 bootstrap_rocky: >-
   {{
     bootstrap_rhel_base
     + ['grub2', 'grub2-efi', 'nfsv4-client-utils', 'nc', 'ppp',
-       'telnet', 'util-linux-core', 'wget', 'zram-generator']
+       'python3', 'telnet', 'util-linux-core', 'wget', 'zram-generator']
   }}
 
 bootstrap_fedora: >-
@@ -63,13 +63,10 @@ bootstrap_debian_base_common:
   - grub-efi
   - grub-efi-amd64-signed
   - grub2-common
-  - "{{ 'cryptsetup' if system_cfg.luks.enabled else '' }}"
-  - "{{ 'cryptsetup-initramfs' if system_cfg.luks.enabled else '' }}"
+  - "{{ 'cryptsetup-initramfs' if system_cfg.luks.enabled | bool else '' }}"
   - locales
   - logrotate
   - lvm2
-  - "{{ 'iptables' if system_cfg.features.firewall.toolkit == 'iptables' else '' }}"
-  - "{{ 'nftables' if system_cfg.features.firewall.toolkit == 'nftables' else '' }}"
   - "{{ 'openssh-server' if system_cfg.features.ssh.enabled | bool else '' }}"
   - python3
   - xfsprogs
@@ -138,8 +135,8 @@ bootstrap_archlinux: >-
     ['base', 'btrfs-progs', 'cronie', 'dhcpcd', 'efibootmgr', 'fastfetch',
      'fish', 'fzf', 'grub', 'htop', 'libpwquality', 'linux', 'logrotate',
      'lrzsz', 'lsof', 'lvm2', 'ncdu', 'networkmanager', 'nfs-utils',
-     'ppp', 'prometheus-node-exporter', 'python-psycopg2', 'reflector',
-     'rsync', 'sudo', 'tldr', 'tmux', 'vim', 'wireguard-tools', 'zram-generator']
+     'ppp', 'python', 'reflector',
+     'rsync', 'sudo', 'tldr', 'tmux', 'vim', 'zram-generator']
     + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
     + [('iptables-nft' if system_cfg.features.firewall.toolkit == 'nftables' else '')]
     + (bootstrap_common_conditional | reject('equalto', 'nftables') | list)
@@ -148,7 +145,7 @@ bootstrap_archlinux: >-
 bootstrap_alpine: >-
   {{
     ['alpine-base', 'btrfs-progs', 'chrony', 'curl', 'e2fsprogs',
-     'logrotate', 'lvm2', 'python3', 'rsync', 'sudo',
+     'linux-lts', 'logrotate', 'lvm2', 'python3', 'rsync', 'sudo',
      'util-linux', 'vim', 'xfsprogs']
     + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
     + bootstrap_common_conditional
@@ -157,7 +154,7 @@ bootstrap_alpine: >-
 bootstrap_opensuse: >-
   {{
     ['btrfs-progs', 'chrony', 'curl', 'e2fsprogs',
-     'glibc-locale', 'logrotate', 'lvm2', 'NetworkManager',
+     'glibc-locale', 'kernel-default', 'logrotate', 'lvm2', 'NetworkManager',
      'python3', 'rsync', 'sudo', 'vim', 'xfsprogs']
     + [('openssh' if system_cfg.features.ssh.enabled | bool else '')]
     + bootstrap_common_conditional