diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml
index c46bfe997..b0f2df3fe 100644
--- a/roles/1-prep/tasks/main.yml
+++ b/roles/1-prep/tasks/main.yml
@@ -37,6 +37,18 @@
   set_fact:
     uuid: "{{ stored_uuid.stdout_lines[0] }}"
 
+- name: SSHD
+  include_role:
+    name: sshd
+  # has no "when: XXXXX_install" flag
+  tags: base, sshd
+
+- name: OPENVPN
+  include_role:
+    name: openvpn
+  when: openvpn_install
+  tags: openvpn
+
 # for rpi, without rtc, we need time as soon as possible
 - name: Install chrony package
   package:
diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml
index fbe551818..3dc010450 100644
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@@ -3,19 +3,6 @@
 - name: ...IS BEGINNING ==================================
   command: echo
 
-# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
-- name: SSHD
-  include_role:
-    name: sshd
-  # has no "when: XXXXX_install" flag
-  tags: base, sshd
-
-- name: OPENVPN
-  include_role:
-    name: openvpn
-  when: openvpn_install
-  tags: openvpn
-
 - name: Installing dnsmasq
   include_tasks: roles/network/tasks/dnsmasq.yml
   when: dnsmasq_install
diff --git a/roles/7-edu-apps/tasks/main.yml b/roles/7-edu-apps/tasks/main.yml
index f36742ec3..e9eced3ac 100644
--- a/roles/7-edu-apps/tasks/main.yml
+++ b/roles/7-edu-apps/tasks/main.yml
@@ -30,7 +30,7 @@
 - name: OSM
   include_role:
     name: osm
-  when: osm_install
+  when: osm_install is defined and osm_install
   tags: osm
 
 - name: PATHAGAR
diff --git a/roles/httpd/files/osm.conf b/roles/httpd/files/osm.conf
new file mode 100644
index 000000000..568ed64e1
--- /dev/null
+++ b/roles/httpd/files/osm.conf
@@ -0,0 +1,3 @@
+# For new vector tileset, as documented @ http://FAQ.IIAB.IO ("How do I add zoomable maps for my region? ") & http://download.iiab.io/content/OSM/vector-tiles/
+Alias /maps /library/www/html/modules/en-osm-omt-min/
+Alias /osm /library/www/html/modules/en-osm-omt-min/
diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml
index 9604a026f..2091165f1 100644
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@@ -170,6 +170,23 @@
     state: absent
   when: is_debuntu
 
+# SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
+- name: Copy osm.conf for http://box/maps (all OS's)
+  copy:
+    src: osm.conf
+    dest: "/etc/{{ apache_config_dir }}"
+    owner: root
+    group: root
+    mode: 0644
+    backup: yes
+
+- name: Create link from sites-enabled to sites-available (debuntu)
+  file:
+    src: "/etc/{{ apache_config_dir }}/osm.conf"
+    dest: /etc/apache2/sites-enabled/osm.conf
+    state: link
+  when: is_debuntu
+
 - include_tasks: html.yml
   tags:
     - base
diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml
index 9fc481ab4..7fa6ff147 100644
--- a/roles/iiab-admin/tasks/admin-user.yml
+++ b/roles/iiab-admin/tasks/admin-user.yml
@@ -21,23 +21,6 @@
     name: "{{ iiab_admin_user }}"
     groups: wheel,sudo
 
-- name: Create root .ssh
-  file:
-    path: /root/.ssh
-    owner: root
-    group: root
-    mode: 0700
-    state: directory
-
-- name: Install dummy root keys as placeholder
-  copy:
-    src: dummy_authorized_keys
-    dest: /root/.ssh/authorized_keys
-    owner: root
-    group: root
-    mode: 0600
-    force: no
-
 - name: Edit the sudoers file -- first make it editable
   file:
     path: /etc/sudoers
diff --git a/roles/osm/templates/osm.conf.j2 b/roles/osm/templates/osm.conf.j2
index dea0ab4e2..fb1b5bcc0 100644
--- a/roles/osm/templates/osm.conf.j2
+++ b/roles/osm/templates/osm.conf.j2
@@ -8,9 +8,10 @@ WSGIScriptAlias /iiab {{ doc_root }}/osm.wsgi
 # For old bitmap/raster tileset
 Alias /iiabstatic {{ osm_path }}/static
 
-# For new vector tileset, as documented @ http://FAQ.IIAB.IO ("How do I add zoomable maps for my region? ") & http://download.iiab.io/content/OSM/vector-tiles/
-Alias /maps /library/www/html/modules/en-osm-omt-min/
-Alias /osm /library/www/html/modules/en-osm-omt-min/
+# 2018-09-19: placement of osm.conf (for http://box/maps) moved to roles/httpd/tasks/main.yml to economize ~5 min during RPi install, now that this (older) osm playbook is rarely used
+## For new vector tileset, as documented @ http://FAQ.IIAB.IO ("How do I add zoomable maps for my region? ") & http://download.iiab.io/content/OSM/vector-tiles/
+#Alias /maps /library/www/html/modules/en-osm-omt-min/
+#Alias /osm /library/www/html/modules/en-osm-omt-min/
 
 <Directory {{ osm_path }}/static>
 	require all granted
diff --git a/roles/iiab-admin/files/dummy_authorized_keys b/roles/sshd/files/dummy_authorized_keys
similarity index 100%
rename from roles/iiab-admin/files/dummy_authorized_keys
rename to roles/sshd/files/dummy_authorized_keys
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 560774ff3..567fd72dd 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -1,18 +1,40 @@
 - name: Disable root login with password
-  lineinfile: dest=/etc/ssh/sshd_config
-              regexp='^PermitRootLogin'
-              line='PermitRootLogin without-password'
-              state=present
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: '^PermitRootLogin'
+    line: 'PermitRootLogin without-password'
+    state: present
 #TODO: use handler to reload ssh
 
-- name: Enable sshd
-  service: name={{ sshd_service }}
-           enabled=yes
-           state=started
+- name: Create root .ssh
+  file:
+    path: /root/.ssh
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+  when: sshd_enabled
+
+- name: Install dummy root keys as placeholder
+  copy:
+    src: dummy_authorized_keys
+    dest: /root/.ssh/authorized_keys
+    owner: root
+    group: root
+    mode: 0600
+    force: no
+  when: sshd_enabled
+
+- name: Enable & start sshd
+  service:
+    name: "{{ sshd_service }}"
+    enabled: yes
+    state: started
   when: sshd_enabled
 
 - name: Disable sshd
-  service: name={{ sshd_service }}
-           enabled=no
-           state=stopped
+  service:
+    name: "{{ sshd_service }}"
+    enabled: no
+    state: stopped
   when: not sshd_enabled
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 23a00db1c..e1abea459 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -310,13 +310,6 @@ iiab_zim_path: /library/zims
 moodle_install: False
 moodle_enabled: False
 
-# OpenStreetMap (OSM)
-osm_install: True
-osm_enabled: False
-# changed in June 2017 from:
-# iiab_install: True
-# iiab_enabled: False
-
 # Sugarizer
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
@@ -423,6 +416,17 @@ calibreweb_url: /books
 calibreweb_home: "{{ content_base }}/calibre-web"    # /library/calibre-web
 
 
+# PLEASE CONSIDER THESE 2 NEW MAPS APPROACHES INSTEAD, AS OF 2018:
+# - http://download.iiab.io/content/OSM/vector-tiles/
+# - http://oer2go.org/viewmod/en-worldmap-10
+#
+# OpenStreetMap (OSM) legacy - unmaintained:
+# osm_install: False
+# osm_enabled: False
+# Changed in June 2017, from the original:
+# iiab_install: True
+# iiab_enabled: False
+
 # TeamViewer - unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io)
 # teamviewer_install: False
 # teamviewer_enabled: False
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index a5465d733..eaf6ef161 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -174,10 +174,6 @@ kiwix_enabled: True
 moodle_install: True
 moodle_enabled: True
 
-# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
-osm_install: True
-osm_enabled: True
-
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
 sugarizer_install: True
@@ -254,6 +250,14 @@ calibreweb_url: /books
 calibreweb_home: "{{ content_base }}/calibre-web"    # /library/calibre-web
 
 
+# PLEASE CONSIDER THESE 2 NEW MAPS APPROACHES INSTEAD, AS OF 2018:
+# - http://download.iiab.io/content/OSM/vector-tiles/
+# - http://oer2go.org/viewmod/en-worldmap-10
+#
+# Unmaintained - OpenStreetMap (OSM) legacy
+# osm_install: False
+# osm_enabled: False
+
 # Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io)
 # teamviewer_install: False
 # teamviewer_enabled: False
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index ff035e97f..1d06677b3 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -174,10 +174,6 @@ kiwix_enabled: True
 moodle_install: False
 moodle_enabled: False
 
-# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
-osm_install: True
-osm_enabled: True
-
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
 sugarizer_install: True
@@ -254,6 +250,14 @@ calibreweb_url: /books
 calibreweb_home: "{{ content_base }}/calibre-web"    # /library/calibre-web
 
 
+# PLEASE CONSIDER THESE 2 NEW MAPS APPROACHES INSTEAD, AS OF 2018:
+# - http://download.iiab.io/content/OSM/vector-tiles/
+# - http://oer2go.org/viewmod/en-worldmap-10
+#
+# Unmaintained - OpenStreetMap (OSM) legacy
+# osm_install: False
+# osm_enabled: False
+
 # Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io)
 # teamviewer_install: False
 # teamviewer_enabled: False
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index 1c6a0294a..ea593c810 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -174,10 +174,6 @@ kiwix_enabled: True
 moodle_install: False
 moodle_enabled: False
 
-# OpenStreetMap: renamed from {iiab_install, iiab_enabled} in June 2017
-osm_install: False
-osm_enabled: False
-
 # Might stall MongoDB on Power Failure: github.com/xsce/xsce/issues/879
 # Sugarizer 1.0.1+ strategies to solve? github.com/iiab/iiab/pull/957
 sugarizer_install: False
@@ -254,6 +250,14 @@ calibreweb_url: /books
 calibreweb_home: "{{ content_base }}/calibre-web"    # /library/calibre-web
 
 
+# PLEASE CONSIDER THESE 2 NEW MAPS APPROACHES INSTEAD, AS OF 2018:
+# - http://download.iiab.io/content/OSM/vector-tiles/
+# - http://oer2go.org/viewmod/en-worldmap-10
+#
+# Unmaintained - OpenStreetMap (OSM) legacy
+# osm_install: False
+# osm_enabled: False
+
 # Unmaintained (better to install from http://teamviewer.com or prep scripts at http://download.iiab.io)
 # teamviewer_install: False
 # teamviewer_enabled: False