diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000000000000000000000000000000000000..6d843418074d101d81db16693ee27fbedc61976f
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,11 @@
+---
+# https://docs.ansible.com/ansible-lint/rules/default_rules.html
+skip_list:
+  # Lines should be no longer than 160 chars
+  - "204"
+  # rsync used in place of synchronize module
+  - "303"
+  # Package installs should not use latest
+  - "403"
+# vim: syntax=yaml
+...
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ee4ab5a38bb7e14258dca0f3ee14987b4eb0cadd..68f1e227dc9514b01cf3fc857c53d31537e4899f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,11 +1,13 @@
 ---
 image: registry.git.coop/webarch/containers/images/ansible:0.3
-
+before_script:
+  - chmod 700 $(pwd)
 stages:
-  - check
-
-ansible-lint:
-  stage: check
+  - lint
+lint:
+  stage: lint
   script:
     - yamllint .
+    - molecule lint
+# vim: syntax=yaml
 ...
diff --git a/.yamllint b/.yamllint
index a4d53d6c4424536c9e940987fd47d84f7166cf01..dd1565f0076569bc0ba7b14b0a8228817a38b873 100644
--- a/.yamllint
+++ b/.yamllint
@@ -1,5 +1,8 @@
+---
 extends: default
-
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
 rules:
   braces:
     max-spaces-inside: 1
@@ -8,3 +11,6 @@ rules:
     max-spaces-inside: 1
     level: error
   line-length: disable
+  comments-indentation: disable
+# vim: syntax=yaml
+...
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f895196b1ee75d170f3dbb1a7a2b1c05a3823d41
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,17 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: registry.git.coop/webarch/containers/images/ansible:0.3
+    pre_build_image: true
+provisioner:
+  name: ansible
+lint: |
+ set -e
+  yamllint -c .yamllint .
+  ansible-lint -c .ansible-lint.yml .
+# vim: syntax=yaml
+...
diff --git a/tasks/config.yml b/tasks/config.yml
index ade09203c119dd9789b7e5d1fd52e6444c442e5c..e941d6a43139f99f1c22fdb37fa030509fa4d5c7 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -59,7 +59,7 @@
             common_name: "{{ inventory_hostname }}"
 
       when:
-        - ( apache_cert.stat.exists == False )
+        - ( not apache_cert.stat.exists )
         - ( "ssl" in apache_mods_enabled )
         - ( "le" in apache_conf_enabled )
         - ( common_name is defined ) and ( common_name == inventory_hostname )
diff --git a/tasks/main.yml b/tasks/main.yml
index 3019f62bfd8cd1976819f72afcf188411f7001c5..5954587e19366f0a88da22708e76e79123740963 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -46,7 +46,7 @@
 
     - name: Include MPM switching tasks
       include_tasks: mpm.yml
-      when: ( apache_mpm_loaded not in apache_mods_enabled ) or ( apache_mpm_loaded == "" )
+      when: ( apache_mpm_loaded not in apache_mods_enabled ) or ( apache_mpm_loaded | length == 0 )
 
     - name: Apache config available
       include_tasks: config.yml
diff --git a/tasks/mc3.yml b/tasks/mc3.yml
index 7f80672d83f59ca016e3bfafd61b348e61fafd72..8a73846f94bdcf6bf2dc79b0ace0cc1432ae9168 100644
--- a/tasks/mc3.yml
+++ b/tasks/mc3.yml
@@ -6,6 +6,7 @@
       git:
         repo: https://git.coop/mc3coop/ssh-templates.git
         dest: /var/www/mc3
+        version: master
         clone: true
         update: true
         force: true
diff --git a/tasks/mpm.yml b/tasks/mpm.yml
index b96f4ed12d39c53d02fa5d86aa59fb8d7cd58155..1090238764904a7613ae2626aa1e998d8af0daa7 100644
--- a/tasks/mpm.yml
+++ b/tasks/mpm.yml
@@ -44,7 +44,7 @@
       when: apache_mpm_event_enabled.changed
 
   when:
-    - ( apache_mpm_loaded == "mpm_prefork" ) or ( apache_mpm_loaded | length <= 0 )
+    - ( apache_mpm_loaded == "mpm_prefork" ) or ( apache_mpm_loaded | length == 0 )
     - ( apache_mods_enabled is defined ) and ( "mpm_event" in apache_mods_enabled )
   tags:
     - apache
@@ -73,7 +73,7 @@
       when: apache_mpm_prefork_enabled.changed
 
   when:
-    - ( apache_mpm_loaded == "mpm_event" ) or ( apache_mpm_loaded == "" )
+    - ( apache_mpm_loaded == "mpm_event" ) or ( apache_mpm_loaded | length == 0 )
     - ( "mpm_prefork" in apache_mods_enabled )
   tags:
     - apache
diff --git a/tasks/webarch.yml b/tasks/webarch.yml
index 46601a4fb075acfd456a61174bdee5da480820cc..c6d47319a5f8ae68ed7e481ec82de1888b06e4a6 100644
--- a/tasks/webarch.yml
+++ b/tasks/webarch.yml
@@ -6,6 +6,7 @@
       git:
         repo: https://git.coop/webarch/website-templates.git
         dest: /var/www/wsh
+        version: master
         clone: true
         update: true
         force: true