diff --git a/.ansible-lint b/.ansible-lint
index 5f1bb03f5d7e6736afe240895bfc09473536d894..0592f5e076339af7e7b9f99d057d89946d59205d 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,9 +1,13 @@
-parseable: true
-quiet: true
+---
+
 use_default_rules: true
+warn_list:
+  - experimental
+  - jinja[spacing]
+  - fqcn[action-core]
+  - fqcn[action]
+  - name[casing]
+  - name[missing]
+
 skip_list:
-  - '204'  # line length is checked by yamllint
-  - '401'  # git checkout must contain explicit version
-  - '701'  # 7xx is about ansible galaxy guidelines
-  - '702'
-  - '703'
+  - role-name
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5ad974bd1963547b7aaf20c22d767ef6d6baa2bf..c492adcac6b6faa3aadf5c14dc82014a1f3b1b68 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,14 +1,14 @@
 ---
 
-image: registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:buster
+image: alpine:3.18
 
 variables:
   GIT_SUBMODULE_STRATEGY: recursive
 
 before_script:
+  - apk --no-cache add ansible ansible-lint yamllint ripgrep black
   - export LANG=en_US.UTF-8
   - chmod o-w .
-  - apt-get -qq update && apt-get -qq install -y ansible-lint ripgrep
   - ansible --version
   - ansible-lint --version
   - yamllint --version
@@ -19,7 +19,12 @@ stages:
 test:
   stage: test
   script:
+    - >-
+      ansible-lint
+      --format codeclimate
+      > codeclimate.json
     - yamllint .
-    - ansible-lint ./*/
-    # yamllint disable-line rule:line-length
     - "! rg --fixed-strings 'passwordstore' ./*/templates"
+  artifacts:
+    reports:
+      codequality: codeclimate.json
diff --git a/postgres/tasks/main.yml b/postgres/tasks/main.yml
index 6fb1268539aafa9d9cbc8e30222fca808a0945f8..60b17952028be77ea45c0338993cf6951468ddb8 100644
--- a/postgres/tasks/main.yml
+++ b/postgres/tasks/main.yml
@@ -53,8 +53,10 @@
   block:
     - name: ensure we have our postgres backup script
       copy:
-        # yamllint disable-line rule:line-length
-        src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
+        src: >-
+          pgbackup{{
+          '-bullseye' if ansible_distribution_major_version|int(default=99) > 10
+          else '' }}.sh
         dest: /usr/local/bin/pgbackup.sh
         owner: root
         group: root
diff --git a/redis-server/tasks/main.yml b/redis-server/tasks/main.yml
index e3c3a6fbae7978897c330bf6d275affa0e9496ab..3057b18778798dba766f0e19e5616804cad6a153 100644
--- a/redis-server/tasks/main.yml
+++ b/redis-server/tasks/main.yml
@@ -9,11 +9,17 @@
   file:
     path: /etc/systemd/system/redis-server.service.d
     state: directory
+    owner: root
+    group: root
+    mode: "0755"
 
 - name: Configure redis-server systemd options
   copy:
     src: override.conf
     dest: /etc/systemd/system/redis-server.service.d/override.conf
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload systemd
     - Restart redis-server