diff --git a/roles/k3s_server/tasks/main.yaml b/roles/k3s_server/tasks/main.yaml
index 75dc3d6..a41c9a3 100644
--- a/roles/k3s_server/tasks/main.yaml
+++ b/roles/k3s_server/tasks/main.yaml
@@ -15,15 +15,15 @@
 
 - name: Install primary k3s server
   include_tasks: primary_installation.yaml
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+  when: inventory_hostname == groups['k3s_server'] | first
 
 - name: Get token from primary k3s server
   include_tasks: pull_token.yaml
 
 - name: Install seconary k3s servers
   include_tasks: secondary_installation.yaml
-  when: ansible_default_ipv4.address != k3s_primary_server_ip
+  when: inventory_hostname != groups['k3s_server'] | first
 
 - name: Set kubeconfig on localhost
   include_tasks: create_kubeconfig.yaml
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+  when: inventory_hostname == groups['k3s_server'] | first
diff --git a/roles/k3s_server/tasks/pull_token.yaml b/roles/k3s_server/tasks/pull_token.yaml
index f2b7a05..fab1629 100644
--- a/roles/k3s_server/tasks/pull_token.yaml
+++ b/roles/k3s_server/tasks/pull_token.yaml
@@ -1,15 +1,15 @@
-- name: Get K3s token from the first server
-  when: ansible_default_ipv4.address == k3s_primary_server_ip
+- name: Get K3s token from the primary server
   ansible.builtin.slurp:
     src: /var/lib/rancher/k3s/server/node-token
-  register: k3s_token
+  register: k3s_token_raw
+  delegate_to: "{{ groups['k3s_server'] | first }}"
+  run_once: true
   become: true
 
-- name: Set fact on k3s_primary_server_ip
+- name: Set k3s_token fact
   ansible.builtin.set_fact:
-    k3s_token: "{{ k3s_token['content'] | b64decode | trim }}"
-  when:
-    - ansible_default_ipv4.address == k3s_primary_server_ip
+    k3s_token: "{{ k3s_token_raw['content'] | b64decode | trim }}"
+  run_once: true
 
 - name: Write K3s token to local file for encryption
   ansible.builtin.copy: