diff --git a/ansible/roles/golden_image/defaults/main.yml b/ansible/roles/golden_image/defaults/main.yml
index 528bfff..4c0330a 100644
--- a/ansible/roles/golden_image/defaults/main.yml
+++ b/ansible/roles/golden_image/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 # Paths (passed from playbook)
-golden_image_base_image_path: ""
+base_image_path: ""
 golden_image_path: ""
diff --git a/ansible/roles/golden_image/tasks/customize.sh b/ansible/roles/golden_image/tasks/customize.sh
deleted file mode 100644
index 9024573..0000000
--- a/ansible/roles/golden_image/tasks/customize.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-set -eux
-
-# Create user if it doesn't exist
-if ! id -u rocky >/dev/null 2>&1; then
-    useradd -m rocky
-fi
-
-# Set password
-echo "rocky:rockypass" | chpasswd
-
-# Sudoers
-echo "rocky ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/rocky
-chmod 0440 /etc/sudoers.d/rocky
-
-# Enable ssh
-systemctl enable sshd
diff --git a/ansible/roles/golden_image/tasks/main.yml b/ansible/roles/golden_image/tasks/main.yml
index 1e380f3..8c167f2 100644
--- a/ansible/roles/golden_image/tasks/main.yml
+++ b/ansible/roles/golden_image/tasks/main.yml
@@ -1,35 +1,38 @@
 ---
 - name: Verify base image exists
-  ansible.builtin.stat:
-    path: "{{ golden_image_base_image_path }}"
-  register: golden_image_base_image_stat
-  failed_when: not golden_image_base_image_stat.stat.exists
+  stat:
+    path: "{{ base_image_path }}"
+  register: base_image_stat
+  failed_when: not base_image_stat.stat.exists
 
 - name: Ensure golden image directory exists
-  ansible.builtin.file:
+  file:
     path: "{{ golden_image_path | dirname }}"
     state: directory
     mode: '0755'
   become: true
 
 - name: Copy base image to golden image
-  ansible.builtin.copy:
-    src: "{{ golden_image_base_image_path }}"
+  copy:
+    src: "{{ base_image_path }}"
     dest: "{{ golden_image_path }}"
     remote_src: true
     mode: '0644'
   become: true
 
 - name: Customize golden image
-  ansible.builtin.command: >
+  command: >
     virt-customize -a {{ golden_image_path }}
     --install perl,git,wget,tar,openssh-server,vim
-    --run {{ role_path }}/tasks/customize.sh
+    --run-command 'useradd -m rocky 2>/dev/null || true'
+    --run-command 'echo "rocky:rockypass" | chpasswd'
+    --run-command 'echo "rocky ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/rocky'
+    --run-command 'chmod 0440 /etc/sudoers.d/rocky'
+    --run-command 'systemctl enable sshd'
     --ssh-inject root:file:{{ ssh_public_key_path }}
     --ssh-inject rocky:file:{{ ssh_public_key_path }}
     --root-password password:{{ root_password }}
     --selinux-relabel
-  changed_when: false
   environment:
     LIBGUESTFS_BACKEND: direct
   become: true