diff --git a/.later.yml b/.later.yml
deleted file mode 100644
index 2703cb9..0000000
--- a/.later.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-ansible:
-  custom_modules:
-    - iptables_raw
-    - openssl_pkcs12
-    - proxmox_kvm
-    - ucr
-    - corenetworks_dns
-    - corenetworks_token
-
-rules:
-  exclude_files:
-    - "LICENSE*"
-    - "**/*.md"
-    - "**/*.ini"
diff --git a/.woodpecker/docs.yaml b/.woodpecker/docs.yaml
index 9a20b42..ec71c9b 100644
--- a/.woodpecker/docs.yaml
+++ b/.woodpecker/docs.yaml
@@ -9,11 +9,11 @@ steps:
   - name: generate
     image: quay.io/thegeeklab/ansible-doctor
     environment:
-      ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
-      ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
-      ANSIBLE_DOCTOR_LOG_LEVEL: INFO
-      ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
-      ANSIBLE_DOCTOR_TEMPLATE: readme
+      ANSIBLE_DOCTOR_EXCLUDE_FILES: "['molecule/']"
+      ANSIBLE_DOCTOR_RENDERER__FORCE_OVERWRITE: "true"
+      ANSIBLE_DOCTOR_LOGGING__LEVEL: info
+      ANSIBLE_DOCTOR_ROLE__NAME: ${CI_REPO_NAME}
+      ANSIBLE_DOCTOR_TEMPLATE__NAME: readme
 
   - name: format
     image: quay.io/thegeeklab/alpine-tools
diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml
index 36b1ec8..c48a8e4 100644
--- a/.woodpecker/lint.yaml
+++ b/.woodpecker/lint.yaml
@@ -6,10 +6,10 @@ when:
       - ${CI_REPO_DEFAULT_BRANCH}
 
 steps:
-  - name: ansible-later
-    image: quay.io/thegeeklab/ansible-later:4
+  - name: ansible-lint
+    image: quay.io/thegeeklab/ansible-dev-tools:1
     commands:
-      - ansible-later
+      - ansible-lint
     environment:
       FORCE_COLOR: "1"
 
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..df1d39e
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,20 @@
+---
+extends: default
+
+rules:
+  truthy:
+    allowed-values: ["True", "False"]
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: False
+  line-length: disable
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+  indentation: enable
+  octal-values:
+    forbid-implicit-octal: True
+    forbid-explicit-octal: True
diff --git a/handlers/main.yml b/handlers/main.yml
index 5f63af6..ae97fd4 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Restart pveproxy
-  service:
+  ansible.builtin.service:
     state: restarted
     name: pveproxy
   listen: __pveproxy_restart
diff --git a/meta/main.yml b/meta/main.yml
index f78dbff..57f7128 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -30,5 +30,3 @@ galaxy_info:
     - proxmox
     - virtual
 dependencies: []
-collections:
-  - community.general
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..edf955a
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,5 @@
+---
+collections:
+  - name: ansible.posix
+
+roles: []
diff --git a/tasks/auth.yml b/tasks/auth.yml
deleted file mode 100644
index 9a20f9d..0000000
--- a/tasks/auth.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-- name: Create tmp folder for pve
-  ansible.builtin.file:
-    path: "{{ __pve_tmp_dir }}"
-    recurse: True
-    state: directory
-
-- name: Configure auth provider
-  ansible.builtin.template:
-    src: etc/pve/domains.cfg.j2
-    dest: "{{ __pve_tmp_dir }}/domains.cfg"
-    owner: root
-    group: www-data
-    mode: "0640"
-  register: __pve_domains_copy
-
-- name: Copy auth provider to pve filesystem
-  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
-  changed_when: __pve_domains_copy.changed
-
-- when:
-    - pve_auth_ldap_enabled | bool
-    - pve_auth_ldap_bind_password is defined
-  block:
-    - name: Ensure path for auth file exists
-      ansible.builtin.file:
-        path: "{{ __pve_base_dir }}/priv/ldap"
-        recurse: True
-        state: directory
-
-    - name: Add passwd file for ldap bind
-      ansible.builtin.template:
-        src: etc/pve/priv/ldap.pw.j2
-        dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
-        owner: root
-        group: www-data
-        mode: "0640"
-      register: __pve_auth_copy
-
-    - name: Copy passwd file to pve filesystem
-      ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
-      changed_when: __pve_auth_copy.changed
diff --git a/tasks/ldap.yml b/tasks/ldap.yml
new file mode 100644
index 0000000..7292f5f
--- /dev/null
+++ b/tasks/ldap.yml
@@ -0,0 +1,19 @@
+---
+- name: Ensure path for auth file exists
+  ansible.builtin.file:
+    path: "{{ __pve_base_dir }}/priv/ldap"
+    recurse: True
+    state: directory
+
+- name: Add passwd file for ldap bind
+  ansible.builtin.template:
+    src: etc/pve/priv/ldap.pw.j2
+    dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
+    owner: root
+    group: www-data
+    mode: "0640"
+  register: __pve_auth_copy
+
+- name: Copy passwd file to pve filesystem
+  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
+  changed_when: __pve_auth_copy.changed
diff --git a/tasks/main.yml b/tasks/main.yml
index e7ee1b9..aa74b58 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,68 @@
 ---
-- ansible.builtin.import_tasks: pve.yml
-- ansible.builtin.import_tasks: pam.yml
-- ansible.builtin.import_tasks: auth.yml
-- ansible.builtin.import_tasks: tls.yml
+- name: Ensure mountpoints are present
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    recurse: True
+    state: directory
+  loop: "{{ pve_disk_mount }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: Add diskmounts to fstab
+  ansible.posix.mount:
+    path: "{{ item.path }}"
+    src: "{{ item.src }}"
+    fstype: "{{ item.fstype }}"
+    opts: "{{ item.opts | default(omit) }}"
+    state: "{{ item.state | default('mounted') }}"
+  loop: "{{ pve_disk_mount }}"
+  loop_control:
+    label: "{{ item.src }}   {{ item.path }}"
+
+- name: Remove motd from oam stack
+  community.general.pamd:
+    name: "{{ item.name }}"
+    type: "{{ item.type }}"
+    control: "{{ item.control }}"
+    module_path: "{{ item.path }}"
+    state: absent
+  loop:
+    - name: "login"
+      type: "session"
+      control: "optional"
+      path: "pam_motd.so"
+    - name: "sshd"
+      type: "session"
+      control: "optional"
+      path: "pam_motd.so"
+  when: not pve_pamd_motd_enabled | bool
+
+- name: Create tmp folder for pve
+  ansible.builtin.file:
+    path: "{{ __pve_tmp_dir }}"
+    recurse: True
+    state: directory
+
+- name: Configure auth provider
+  ansible.builtin.template:
+    src: etc/pve/domains.cfg.j2
+    dest: "{{ __pve_tmp_dir }}/domains.cfg"
+    owner: root
+    group: www-data
+    mode: "0640"
+  register: __pve_domains_copy
+
+- name: Copy auth provider to pve filesystem
+  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
+  changed_when: __pve_domains_copy.changed
+
+- name: Configure LDAP auth
+  ansible.builtin.include_tasks: ldap.yml
+  when:
+    - pve_auth_ldap_enabled | bool
+    - pve_auth_ldap_bind_password is defined
+
+- name: Configure pveproxy
+  ansible.builtin.import_tasks: tls.yml
   when: pve_tls_enabled | bool
   tags: tls_renewal
diff --git a/tasks/pam.yml b/tasks/pam.yml
deleted file mode 100644
index ff099ce..0000000
--- a/tasks/pam.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Remove motd from oam stack
-  community.general.pamd:
-    name: "{{ item.name }}"
-    type: "{{ item.type }}"
-    control: "{{ item.control }}"
-    module_path: "{{ item.path }}"
-    state: absent
-  loop:
-    - name: "login"
-      type: "session"
-      control: "optional"
-      path: "pam_motd.so"
-    - name: "sshd"
-      type: "session"
-      control: "optional"
-      path: "pam_motd.so"
-  when: not pve_pamd_motd_enabled | bool
diff --git a/tasks/pve.yml b/tasks/pve.yml
deleted file mode 100644
index 10edaea..0000000
--- a/tasks/pve.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: Ensure mountpoints are present
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    recurse: yes
-    state: directory
-  loop: "{{ pve_disk_mount }}"
-  loop_control:
-    label: "{{ item.path }}"
-
-- name: Add diskmounts to fstab
-  ansible.posix.mount:
-    path: "{{ item.path }}"
-    src: "{{ item.src }}"
-    fstype: "{{ item.fstype }}"
-    opts: "{{ item.opts | default(omit) }}"
-    state: "{{ item.state | default('mounted') }}"
-  loop: "{{ pve_disk_mount }}"
-  loop_control:
-    label: "{{ item.src }}   {{ item.path }}"
diff --git a/tasks/tls.yml b/tasks/tls.yml
index fc1bb7d..4468854 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,7 +1,10 @@
 ---
-- block:
+- name: Deploy TLS certs
+  become: True
+  become_user: root
+  block:
     - name: Create pki folder structure
-      file:
+      ansible.builtin.file:
         path: "{{ item }}"
         state: directory
         recurse: True
@@ -10,7 +13,7 @@
         - /etc/pki/tls/private
 
     - name: Copy certs and private key
-      copy:
+      ansible.builtin.copy:
         src: "{{ item.src }}"
         dest: "{{ item.dest }}"
         mode: "{{ item.mode }}"
@@ -26,11 +29,9 @@
       register: __pve_tls_copy
 
     - name: Copy cert/key to pve filesystem
-      command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
+      ansible.builtin.command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
       changed_when: item[0].changed
       loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
       loop_control:
         label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
       notify: __pveproxy_restart
-  become: True
-  become_user: root