diff --git a/.ansible-lint b/.ansible-lint
index d37fa32f..b1aa0a23 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,4 +1,5 @@
 ---
+profile: min
 exclude_paths:
 - roles/caddy
 - roles/cloudalchemy.blackbox-exporter
@@ -10,5 +11,5 @@ exclude_paths:
 - roles/jnv.unattended-upgrades
 - roles/nickjj.docker
 skip_list:
-- 701 # No 'galaxy_info' found, not needed.
-- 106 # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern'
+- "701" # No 'galaxy_info' found, not needed.
+- "106" # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern'
diff --git a/.github/workflows/ansible-ci.yml b/.github/workflows/ansible-ci.yml
new file mode 100644
index 00000000..d10ce4ea
--- /dev/null
+++ b/.github/workflows/ansible-ci.yml
@@ -0,0 +1,27 @@
+---
+name: Ansible CI
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+    paths:
+      - ansible/**
+      - .github/workflows/ansible-ci.yml
+  workflow_dispatch:
+
+env:
+  ANSIBLE_FORCE_COLOR: true
+  ANSIBLE_GALAXY_SERVER_GALAXY_URL: "https://galaxy.ansible.com"
+  ANSIBLE_GALAXY_SERVER_GALAXY_TIMEOUT: 120
+  ANSIBLE_GALAXY_SERVER_LIST: "galaxy"
+
+jobs:
+  ansible-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Lint collection
+        uses: ansible/ansible-lint@main
diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml
index 2ca788bd..f4703274 100644
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@@ -31,7 +31,7 @@
     mode: 0755
 
 - name: extract mediawiki
-  unarchive: # noqa 208
+  unarchive: # noqa risky-file-permissions
     src: "/tmp/mediawiki-{{ mediawiki_version }}.tar.gz"
     dest: "/srv/mediawiki/{{ mediawiki.domain }}"
     owner: "{{ mediawiki.system_user }}"
diff --git a/roles/tor/tasks/main.yml b/roles/tor/tasks/main.yml
index 5dd5a36b..7fba74f7 100644
--- a/roles/tor/tasks/main.yml
+++ b/roles/tor/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
  - name: install tor debian repository
-   items:
+   with_items:
      - 'deb http://deb.torproject.org/torproject.org jessie main'
      - 'deb-src http://deb.torproject.org/torproject.org jessie main'
    apt_repository:
@@ -18,7 +18,7 @@
      - gnupg
 
  - name: install tor
-   items:
+   with_items:
      - tor
      - deb.torproject.org-keyring
    apt:
diff --git a/roles/utils/tasks/main.yml b/roles/utils/tasks/main.yml
index 90707221..1bf2dc32 100644
--- a/roles/utils/tasks/main.yml
+++ b/roles/utils/tasks/main.yml
@@ -38,6 +38,6 @@
   lineinfile:
     dest: /etc/sudoers
     regexp: "^%sudo"
-    line: "%sudo	ALL=(ALL:ALL) NOPASSWD: ALL" # noqa 203
+    line: "%sudo	ALL=(ALL:ALL) NOPASSWD: ALL" # noqa no-tabs
     state: present
     mode: 0440