diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index d79ba9e..693e196 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -1,15 +1,6 @@
 argument_specs:
   main:
     options:
-      nginx__version_spec:
-        description: >-
-          The version specification to use for installing the `nginx` package. The
-          provided version specification will be used like the following: `nginx={{
-          nginx__version_spec }}*`. This makes it possible to e.g. specify
-          until a minor version (like `1.3.`) and then have patch versions be
-          installed automatically (like `1.3.1` and so on).
-        type: str
-        required: true
       nginx__deploy_redirect_conf:
         description: >-
           Whether or not to deploy a `redirect.conf` to
diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml
index 6ecb2da..89c9be2 100644
--- a/roles/nginx/tasks/main.yaml
+++ b/roles/nginx/tasks/main.yaml
@@ -3,12 +3,7 @@
     name: nginx
     tasks_from: make_sure_nginx_configuration_names_are_valid
 
-- name: make sure NGINX repos are setup
-  ansible.builtin.include_role:
-    name: nginx
-    tasks_from: main/repo_setup
-
-- name: make sure NGINX is installed
+- name: ensure NGINX is installed
   ansible.builtin.include_role:
     name: nginx
     tasks_from: main/nginx_install
diff --git a/roles/nginx/tasks/main/nginx_install.yaml b/roles/nginx/tasks/main/nginx_install.yaml
index 6d63ad3..4b650b6 100644
--- a/roles/nginx/tasks/main/nginx_install.yaml
+++ b/roles/nginx/tasks/main/nginx_install.yaml
@@ -1,13 +1,53 @@
-- name: make sure the `nginx` package is installed
+- name: gather package facts
+  ansible.builtin.package_facts:
+    manager: apt
+
+- name: make sure `gnupg` package is installed
   ansible.builtin.apt:
-    name: nginx={{ nginx__version_spec }}*
+    name: gnupg
+    state: present
+    update_cache: true
+  become: true
+  when: "'gnupg' not in ansible_facts.packages"
+
+- name: make sure NGINX signing key is added
+  ansible.builtin.get_url:
+    url: https://nginx.org/keys/nginx_signing.key
+    dest: /etc/apt/trusted.gpg.d/nginx.asc
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+
+- name: make sure NGINX APT repository is added
+  ansible.builtin.apt_repository:
+    repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
+    state: present
+  become: true
+
+- name: make sure NGINX APT source repository is added
+  ansible.builtin.apt_repository:
+    repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
+    state: present
+  become: true
+
+- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
+  ansible.builtin.copy:
+    content: |
+      Package: *
+      Pin: origin nginx.org
+      Pin: release o=nginx
+      Pin-Priority: 900
+    dest: /etc/apt/preferences.d/99nginx
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+
+- name: Ensure NGINX is installed
+  ansible.builtin.apt:
+    name: nginx
     state: present
     allow_change_held_packages: true
     update_cache: true
   become: true
-
-- name: apt-mark hold `nginx`
-  ansible.builtin.dpkg_selections:
-    name: nginx
-    selection: hold
-  become: true
diff --git a/roles/nginx/tasks/main/repo_setup.yaml b/roles/nginx/tasks/main/repo_setup.yaml
deleted file mode 100644
index 253beb1..0000000
--- a/roles/nginx/tasks/main/repo_setup.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-- name: gather package facts
-  ansible.builtin.package_facts:
-    manager: apt
-
-- name: make sure `gnupg` package is installed
-  ansible.builtin.apt:
-    name: gnupg
-    state: present
-    update_cache: true
-  become: true
-  when: "'gnupg' not in ansible_facts.packages"
-
-- name: make sure NGINX signing key is added
-  ansible.builtin.get_url:
-    url: https://nginx.org/keys/nginx_signing.key
-    dest: /etc/apt/trusted.gpg.d/nginx.asc
-    mode: "0644"
-    owner: root
-    group: root
-  become: true
-
-- name: make sure NGINX APT repository is added
-  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
-    state: present
-  become: true
-
-- name: make sure NGINX APT source repository is added
-  ansible.builtin.apt_repository:
-    repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
-    state: present
-  become: true
-
-- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
-  ansible.builtin.copy:
-    content: |
-      Package: *
-      Pin: origin nginx.org
-      Pin: release o=nginx
-      Pin-Priority: 900
-    dest: /etc/apt/preferences.d/99nginx
-    owner: root
-    group: root
-    mode: "0644"
-  become: true