diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000000000000000000000000000000000000..5f1bb03f5d7e6736afe240895bfc09473536d894
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,9 @@
+parseable: true
+quiet: true
+use_default_rules: true
+skip_list:
+  - '204'  # line length is checked by yamllint
+  - '401'  # git checkout must contain explicit version
+  - '701'  # 7xx is about ansible galaxy guidelines
+  - '702'
+  - '703'
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5ad974bd1963547b7aaf20c22d767ef6d6baa2bf
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,25 @@
+---
+
+image: registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:buster
+
+variables:
+  GIT_SUBMODULE_STRATEGY: recursive
+
+before_script:
+  - export LANG=en_US.UTF-8
+  - chmod o-w .
+  - apt-get -qq update && apt-get -qq install -y ansible-lint ripgrep
+  - ansible --version
+  - ansible-lint --version
+  - yamllint --version
+
+stages:
+  - test
+
+test:
+  stage: test
+  script:
+    - yamllint .
+    - ansible-lint ./*/
+    # yamllint disable-line rule:line-length
+    - "! rg --fixed-strings 'passwordstore' ./*/templates"
diff --git a/.yamllint b/.yamllint
index cca80e2e16c9ee5298e8a5bcf9f77c130fdc3d8e..734b455b7699514d0588d4806d83d5abefca95d8 100644
--- a/.yamllint
+++ b/.yamllint
@@ -14,6 +14,10 @@ rules:
     forbid-in-block-mappings: true
   line-length:
     level: warning
+    allow-non-breakable-inline-mappings: true
   octal-values:
     forbid-implicit-octal: true
-    level: warning
+    level: error
+  # quoted-strings: enable
+  truthy:
+    level: error