diff --git a/all.yml b/all.yml
index ad24a60f9168d1f0583ce28e5e0ba441fa25db42..43256516be46302010c62b32c1998d72b30b9e0a 100644
--- a/all.yml
+++ b/all.yml
@@ -1,6 +1,7 @@
 ---
 - hosts: all
   roles:
+    - common
     - users
     - autoupdate
     - ssh
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..72c09cf22390d81c32e98f709ea2f0ad0e9c2b0c
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Mask unneeded systemd services in containers
+  systemd_service:
+    name: '{{ item }}'
+    masked: true
+  when: "ansible_virtualization_type == 'lxc' and ansible_virtualization_role == 'guest'"
+  with_items:
+    - nvmf-autoconnect
+    - systemd-journald-audit.socket
+    - systemd-modules-load.service
+    - zfs-mount.service
+    - zfs-share.service
+    - openipmi.service