diff --git a/roles/ansible_pull/tasks/main.yaml b/roles/ansible_pull/tasks/main.yaml
index 61a2635..92c8a50 100644
--- a/roles/ansible_pull/tasks/main.yaml
+++ b/roles/ansible_pull/tasks/main.yaml
@@ -1,6 +1,8 @@
-- name: ensure dependencies are installed
+- tags: ["ansible_pull"]
+  name: ensure dependencies are installed
   block:
-    - name: ensure apt dependencies are installed
+    - tags: ["ansible_pull"]
+      name: ensure apt dependencies are installed
       ansible.builtin.apt:
         name:
           - python3-pip
@@ -9,13 +11,15 @@
         state: present
       become: true
 
-    - name: ensure SOPS is installed
+    - tags: ["ansible_pull"]
+      name: ensure SOPS is installed
       ansible.builtin.include_role:
         name: community.sops.install
 
 # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-and-upgrading-ansible-with-pip
 # https://www.redhat.com/en/blog/python-venv-ansible
-- name: ensure Ansible installation exists
+- tags: ["ansible_pull"]
+  name: ensure Ansible installation exists
   ansible.builtin.pip:
     name:
       - ansible
@@ -24,7 +28,8 @@
     virtualenv: /usr/local/lib/ansible_pull_venv
   become: true
 
-- name: ensure ansible-pull-failure-notify script installation exists
+- tags: ["ansible_pull"]
+  name: ensure ansible-pull-failure-notify script installation exists
   ansible.builtin.template:
     src: ansible-pull-failure-notify.sh.j2
     dest: /usr/local/sbin/ansible-pull-failure-notify.sh
@@ -33,7 +38,8 @@
     mode: "0755"
   become: true
 
-- name: ensure secrets directory exists
+- tags: ["ansible_pull"]
+  name: ensure secrets directory exists
   ansible.builtin.file:
     path: /etc/ansible_pull_secrets
     state: directory
@@ -42,7 +48,8 @@
     group: "{{ ansible_pull__user }}"
   become: true
 
-- name: ensure age private key is deployed
+- tags: ["ansible_pull"]
+  name: ensure age private key is deployed
   ansible.builtin.copy:
     content: "{{ ansible_pull__age_private_key }}"
     dest: /etc/ansible_pull_secrets/age_private_key
@@ -51,7 +58,8 @@
     group: "{{ ansible_pull__user }}"
   become: true
 
-- name: ensure systemd services exists
+- tags: ["ansible_pull"]
+  name: ensure systemd services exists
   ansible.builtin.template:
     src: "{{ item }}.j2"
     dest: "/etc/systemd/system/{{ item }}"
@@ -65,7 +73,8 @@
   notify:
     - systemd daemon reload
 
-- name: ensure systemd timer exists
+- tags: ["ansible_pull"]
+  name: ensure systemd timer exists
   ansible.builtin.template:
     src: ansible-pull.timer.j2
     dest: /etc/systemd/system/ansible-pull.timer
@@ -76,7 +85,8 @@
   notify:
     - systemd daemon reload
 
-- name: ensure systemd timer is started and enabled
+- tags: ["ansible_pull"]
+  name: ensure systemd timer is started and enabled
   ansible.builtin.systemd_service:
     name: ansible-pull.timer
     state: started