diff --git a/minifirewall-tail/README.md b/minifirewall-tail/README.md
deleted file mode 100644
index 6be689dd..00000000
--- a/minifirewall-tail/README.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# minifirewall-tail
-
-Compiles a `minifirewall.tail` file based on templates and source it at the end of minifirewall configuration.
-
-Templates are looked up in that order :
-1. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2`
-2. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2` (NB : `host_group` is not a core variable, it must be defined in `group_vars` files.)
-3. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2`
-
-If nothing is found, the role falls back to the template embedded in the role : `templates/minifirewall.default.tail.j2`
diff --git a/minifirewall-tail/meta/main.yml b/minifirewall-tail/meta/main.yml
deleted file mode 100644
index 5cbe5e02..00000000
--- a/minifirewall-tail/meta/main.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-galaxy_info:
-  author: Evolix
-  description: Additionla configuration for Minifirewall
-
-  issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
-
-  license: GPLv2
-
-  min_ansible_version: 2.2
-
-  platforms:
-  - name: Debian
-    versions:
-    - jessie
-
-dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
diff --git a/minifirewall/README.md b/minifirewall/README.md
index ab0e6abf..67b389f1 100644
--- a/minifirewall/README.md
+++ b/minifirewall/README.md
@@ -15,7 +15,18 @@ Everything is in the `tasks/main.yml` file.
 * `minifirewall_int_lan`: (default: IP/32)
 * `minifirewall_trusted_ips`: with IP/hosts should be trusted for full access (default: none)
 * `minifirewall_privilegied_ips`: with IP/hosts should be trusted for restricted access (default: none)
-
+* `minifirewall_tail_included` : source a "tail" file at the end of the main config file. (default: `False`)
 The full list of variables (with default values) can be found in `defaults/main.yml`.
 
 **Some IP/hosts must be configured or the server will be inaccessible via network.**
+
+## minifirewall-tail
+
+Compiles a `minifirewall.tail` file based on templates and source it at the end of minifirewall configuration.
+
+Templates are looked up in that order :
+1. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2`
+2. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2` (NB : `host_group` is not a core variable, it must be defined in `group_vars` files.)
+3. `{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2`
+
+If nothing is found, the role falls back to the template embedded in the role : `templates/minifirewall.default.tail.j2`
diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml
index 760b35cc..c3e2af96 100644
--- a/minifirewall/defaults/main.yml
+++ b/minifirewall/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+minifirewall_tail_included: False
+
 minifirewall_git_url: "https://forge.evolix.org/minifirewall.git"
 minifirewall_checkout_path: "/tmp/minifirewall"
 minifirewall_int: "{{ ansible_default_ipv4.interface }}"
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index 7727308b..851d1917 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -5,3 +5,6 @@
 - include: config.yml
 
 - include: activate.yml
+
+- include: tail.yml
+  when: minifirewall_tail_included
diff --git a/minifirewall-tail/tasks/main.yml b/minifirewall/tasks/tail.yml
similarity index 100%
rename from minifirewall-tail/tasks/main.yml
rename to minifirewall/tasks/tail.yml
diff --git a/minifirewall-tail/templates/minifirewall.default.tail.j2 b/minifirewall/templates/minifirewall.default.tail.j2
similarity index 100%
rename from minifirewall-tail/templates/minifirewall.default.tail.j2
rename to minifirewall/templates/minifirewall.default.tail.j2