diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
index d38d772..fd23b57 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
@@ -1,12 +1,5 @@
-- name: Extract container images
-  ansible.builtin.unarchive:
-    src: /opt/metacluster/container-images/image-tarballs.tgz
-    dest: /opt/metacluster/container-images
-    list_files: yes
-  register: imagetarballs
-
 - name: Import container images
   ansible.builtin.command:
     cmd: k3s ctr image import {{ item }}
     chdir: /opt/metacluster/container-images
-  loop: "{{ imagetarballs.files }}"
+  with_fileglob: /opt/metacluster/container-images/*.tar
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
index 8afd526..b07e13f 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
@@ -29,20 +29,19 @@
 - name: Store root certificate in namespaced secrets
   kubernetes.core.k8s:
     state: present
-    definition:
-      apiVersion: v1
-      kind: Secret
-      metadata:
-        name: step-certificates-certs
-        namespace: "{{ item.namespace }}"
-      data:
-        "{{ item.key }}": "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
+    template: secret.j2
+  vars:
+    _template:
+      name: step-certificates-certs
+      namespace: "{{ item.namespace }}"
+      key: "{{ item.filename }}"
+      value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
     kubeconfig: "{{ kubeconfig.path }}"
   loop:
     - namespace: argo-cd
-      key: custom-ca-certificates.crt
+      filename: custom-ca-certificates.crt
     - namespace: kube-system
-      key: root_ca.crt
+      filename: root_ca.crt
 
 - name: Configure step-ca passthrough ingress
   ansible.builtin.template:
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
index 58bf9a9..5d63c23 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
@@ -1,21 +1,9 @@
-# - name: Create component entries in /etc/hosts
-#   ansible.builtin.lineinfile:
-#     path: /etc/hosts
-#     line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
-#     state: present
-#   loop:
-#     # TODO: Make this list dynamic
-#     - git
-#     - gitops
-#     - ingress
-#     - registry
-#     - storage
-
-- name: Delete container image tarballs/archives
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_fileglob: /opt/metacluster/container-images/*.tar
+- name: Compress tarballs
+  community.general.archive:
+    dest: /opt/metacluster/container-images/image-tarballs.tgz
+    path: /opt/metacluster/container-images/*
+    format: gz
+    remove: yes
 
 - name: Cleanup tempfile
   ansible.builtin.file:
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
new file mode 100644
index 0000000..a28eb42
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
@@ -0,0 +1,12 @@
+- name: Create component entries in /etc/hosts
+  ansible.builtin.lineinfile:
+    path: /etc/hosts
+    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
+    state: present
+  loop:
+    # TODO: Make this list dynamic
+    - git
+    - gitops
+    - ingress
+    - registry
+    - storage
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
index 73043a9..fe994a3 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@@ -7,6 +7,4 @@
 - import_tasks: git.yml
 - import_tasks: gitops.yml
 
-# - include_tasks: certauthority.yml
-#   tags: final
 - import_tasks: cleanup.yml
diff --git a/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2 b/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
new file mode 100644
index 0000000..01f4726
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ _template.name }}
+  namespace: {{ _template.namespace }}
+data:
+  "{{ _template.key }}": {{ _template.value }}
diff --git a/ansible/roles/metacluster/tasks/cleanup.yml b/ansible/roles/metacluster/tasks/cleanup.yml
deleted file mode 100644
index d236a53..0000000
--- a/ansible/roles/metacluster/tasks/cleanup.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: Zero-out disk
-  ansible.builtin.shell:
-    cmd: nice -n 10 dd bs=1M count=$(df -m . | awk '/[0-9]%/{print $(NF-2)}') if=/dev/zero of=./zero; sync; sync; rm -f ./zero
-    chdir: /opt/metacluster
diff --git a/ansible/roles/metacluster/tasks/components.yml b/ansible/roles/metacluster/tasks/components.yml
index ea6e00d..bd026f6 100644
--- a/ansible/roles/metacluster/tasks/components.yml
+++ b/ansible/roles/metacluster/tasks/components.yml
@@ -66,10 +66,3 @@
 #   loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}"
 #   loop_control:
 #     label: "{{ item.type + '/' + item.name }}"
-
-- name: Compress tarballs
-  community.general.archive:
-    dest: /opt/metacluster/container-images/image-tarballs.tgz
-    path: /opt/metacluster/container-images/*
-    format: xz
-    remove: yes
diff --git a/ansible/roles/metacluster/tasks/main.yml b/ansible/roles/metacluster/tasks/main.yml
index 164213b..6fbad2e 100644
--- a/ansible/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/metacluster/tasks/main.yml
@@ -6,6 +6,3 @@
 
 - name: Pre-stage meta-cluster configuration and workload-cluster components
   import_tasks: staging.yml
-
-- name: Cleanup
-  import_tasks: cleanup.yml
diff --git a/ansible/vars/metacluster.yml b/ansible/vars/metacluster.yml
index 829f6ed..5c0bbbf 100644
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -119,7 +119,7 @@ components:
         config:
           offlineMode: true
           server:
-            ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
+            PROTOCOL: https
         gitea:
           admin:
             username: administrator