diff --git a/enroll/manifest.py b/enroll/manifest.py
index b772bcd..e27cfd5 100644
--- a/enroll/manifest.py
+++ b/enroll/manifest.py
@@ -386,7 +386,6 @@ def _defaults_with_jinjaturtle(base_defaults: str, vars_text: str) -> str:
     )
 
 
-
 def _write_role_defaults(role_dir: str, mapping: Dict[str, Any]) -> None:
     """Overwrite role defaults/main.yml with the provided mapping."""
     defaults_path = os.path.join(role_dir, "defaults", "main.yml")
@@ -435,12 +434,13 @@ def _build_managed_files_var(
     return out
 
 
-def _render_generic_files_tasks(var_prefix: str, *, include_restart_notify: bool) -> str:
+def _render_generic_files_tasks(
+    var_prefix: str, *, include_restart_notify: bool
+) -> str:
     """Render generic tasks to deploy <var_prefix>_managed_files safely."""
     # Using first_found makes roles work in both modes:
     # - site-mode: inventory/host_vars/<host>/<role>/.files/...
     # - non-site: roles/<role>/files/...
-    restart_notify = "Restart service" if include_restart_notify else ""
     return f"""# Generated by enroll (data-driven tasks)
 
 - name: Deploy systemd unit files (templates)
@@ -498,6 +498,7 @@ def _render_generic_files_tasks(var_prefix: str, *, include_restart_notify: bool
   notify: "{{{{ item.notify | default([]) }}}}"
 """
 
+
 def manifest(
     bundle_dir: str,
     out_dir: str,
@@ -666,7 +667,9 @@ def manifest(
                 },
             )
 
-        with open(os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write("---\ndependencies: []\n")
 
         # tasks (data-driven)
@@ -723,28 +726,43 @@ def manifest(
   loop: "{{ users_ssh_files | default([]) }}"
 """
 
-        with open(os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(users_tasks)
 
-        with open(os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write("---\n")
 
         readme = (
-            f"""# users
+            """# users
 
 Generated non-system user accounts and SSH public material.
 
 ## Users
 """
-            + ("\n".join([f"- {u.get('name')} (uid {u.get('uid')})" for u in users]) or "- (none)")
+            + (
+                "\n".join([f"- {u.get('name')} (uid {u.get('uid')})" for u in users])
+                or "- (none)"
+            )
             + """\n
 ## Included SSH files
 """
-            + ("\n".join([f"- {mf.get('path')} ({mf.get('reason')})" for mf in managed_files]) or "- (none)")
+            + (
+                "\n".join(
+                    [f"- {mf.get('path')} ({mf.get('reason')})" for mf in managed_files]
+                )
+                or "- (none)"
+            )
             + """\n
 ## Excluded
 """
-            + ("\n".join([f"- {e.get('path')} ({e.get('reason')})" for e in excluded]) or "- (none)")
+            + (
+                "\n".join([f"- {e.get('path')} ({e.get('reason')})" for e in excluded])
+                or "- (none)"
+            )
             + """\n
 ## Notes
 """
@@ -815,8 +833,12 @@ Generated non-system user accounts and SSH public material.
         else:
             _write_role_defaults(role_dir, vars_map)
 
-        tasks = """---\n""" + _render_generic_files_tasks(var_prefix, include_restart_notify=False)
-        with open(os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8") as f:
+        tasks = """---\n""" + _render_generic_files_tasks(
+            var_prefix, include_restart_notify=False
+        )
+        with open(
+            os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(tasks.rstrip() + "\n")
 
         handlers = """---
@@ -824,10 +846,14 @@ Generated non-system user accounts and SSH public material.
   ansible.builtin.systemd:
     daemon_reload: true
 """
-        with open(os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(handlers)
 
-        with open(os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write("---\ndependencies: []\n")
 
         readme = (
@@ -841,7 +867,10 @@ Unowned /etc config files not attributed to packages or services.
             + """\n
 ## Excluded
 """
-            + ("\n".join([f"- {e.get('path')} ({e.get('reason')})" for e in excluded]) or "- (none)")
+            + (
+                "\n".join([f"- {e.get('path')} ({e.get('reason')})" for e in excluded])
+                or "- (none)"
+            )
             + """\n
 ## Notes
 """
@@ -948,7 +977,9 @@ Unowned /etc config files not attributed to packages or services.
     - {var_prefix}_manage_unit | default(false)
     - ({var_prefix}_systemd_state | default('stopped')) == 'started'
 """
-        with open(os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(handlers)
 
         task_parts: List[str] = []
@@ -966,7 +997,9 @@ Unowned /etc config files not attributed to packages or services.
 """
         )
 
-        task_parts.append(_render_generic_files_tasks(var_prefix, include_restart_notify=True))
+        task_parts.append(
+            _render_generic_files_tasks(var_prefix, include_restart_notify=True)
+        )
 
         task_parts.append(
             f"""
@@ -998,10 +1031,14 @@ Unowned /etc config files not attributed to packages or services.
         )
 
         tasks = "\n".join(task_parts).rstrip() + "\n"
-        with open(os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(tasks)
 
-        with open(os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write("---\ndependencies: []\n")
 
         excluded = svc.get("excluded", [])
@@ -1099,7 +1136,9 @@ Generated from `{unit}`.
   ansible.builtin.systemd:
     daemon_reload: true
 """
-        with open(os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "handlers", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(handlers)
 
         task_parts: List[str] = []
@@ -1116,13 +1155,19 @@ Generated from `{unit}`.
 
 """
         )
-        task_parts.append(_render_generic_files_tasks(var_prefix, include_restart_notify=False))
+        task_parts.append(
+            _render_generic_files_tasks(var_prefix, include_restart_notify=False)
+        )
 
         tasks = "\n".join(task_parts).rstrip() + "\n"
-        with open(os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "tasks", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write(tasks)
 
-        with open(os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8") as f:
+        with open(
+            os.path.join(role_dir, "meta", "main.yml"), "w", encoding="utf-8"
+        ) as f:
             f.write("---\ndependencies: []\n")
 
         excluded = pr.get("excluded", [])