diff --git a/ansible/playbooks/tasks/harden.yml b/ansible/playbooks/tasks/harden.yml
index c36b1e4..5f1cc37 100644
--- a/ansible/playbooks/tasks/harden.yml
+++ b/ansible/playbooks/tasks/harden.yml
@@ -207,15 +207,12 @@
         - efi
 
     - name: disable unused filesystems
-      lineinfile:
+      template:
+        src: "etc/modprobe.d/cis.conf.j2"
         dest: "/etc/modprobe.d/cis.conf"
-        owner: root
-        group: root
+        owner: 'root'
+        group: 'root'
         mode: '0644'
-        line: "install {{ item }} /bin/true"
-        state: present
-        create: true
-      with_items: "{{ modprobe_unused_filesystems }}"
       tags:
         - harden
 
diff --git a/ansible/playbooks/templates/etc/modprobe.d/cis.conf.j2 b/ansible/playbooks/templates/etc/modprobe.d/cis.conf.j2
new file mode 100644
index 0000000..55dddfa
--- /dev/null
+++ b/ansible/playbooks/templates/etc/modprobe.d/cis.conf.j2
@@ -0,0 +1,4 @@
+# Generated by Ansible
+{% for fs in modprobe_unused_filesystems %}
+install {{ fs }} /bin/true
+{% endfor %}