diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml
new file mode 100644
index 0000000..22ed7a8
--- /dev/null
+++ b/.config/ansible-lint.yml
@@ -0,0 +1,27 @@
+---
+profile: production
+
+offline: false
+
+loop_var_prefix: ^(__|{role}_)
+task_name_prefix: "{stem} | "
+
+var_naming_pattern: ^[a-z_][a-z0-9_]*$
+
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  - yaml
+
+skip_list:
+  - yaml[line-length]
+  - var-naming[no-role-prefix]
+  - loop-var-prefix[missing]
+
+# write_list:
+#   - none
+#   - yaml[empty-lines]
+#   - yaml[new-line-at-end-of-file]
+#   - yaml[comments]
diff --git a/.githooks/README.md b/.githooks/README.md
new file mode 100644
index 0000000..bb6ba2e
--- /dev/null
+++ b/.githooks/README.md
@@ -0,0 +1,4 @@
+To install these hooks:
+```
+git  config  core.hooksPath  .githooks
+```
\ No newline at end of file
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
new file mode 100755
index 0000000..1f7d3d1
--- /dev/null
+++ b/.githooks/pre-commit
@@ -0,0 +1,38 @@
+#!/usr/bin/env zsh
+set  +o xtrace  -o errexit  -o nounset  -o pipefail
+
+#
+# Manual check in terminal:
+#
+#    ansible-lint  ./*.yml
+#
+
+export ANSIBLE_ROLES_PATH="$PWD/roles"
+FILES_PATTERN='\.yml$'
+EXIT_CODE=0
+
+# Output to stderr
+exec 1>&2
+
+CHANGED_FILES=()
+for FILE in $(git diff --cached --name-only --diff-filter=ACM | grep --extended-regexp "${FILES_PATTERN}" | grep -Ev '^\.circleci'); do
+  CHANGED_FILES+=("${FILE}")
+done
+
+if [ 0 -eq "${#CHANGED_FILES[@]}" ]; then
+  echo "No changed files matching '${FILES_PATTERN}'"
+else
+  # echo "Running ansible-lint --write..."
+  # Have to add the playbooks in the root to make ansible-lint detect every problem
+  # ansible-lint -qq --write --nocolor "${CHANGED_FILES[@]}" >/dev/null && true
+  # ansible-lint -qq --skip-list 'yaml[line-length],jinja[spacing]' --write --nocolor ./*.yml
+  # git add "${CHANGED_FILES[@]}"
+  echo -e "Running ansible-lint...\n"
+  # set  -o xtrace
+  ansible-lint  --format full  ./*.yml "${CHANGED_FILES[@]}"
+  { set  +o xtrace; } 2>/dev/null
+  EXIT_CODE="$?"
+fi
+
+echo "Exit code ${EXIT_CODE}"
+exit "${EXIT_CODE}"
diff --git a/dci_reinstall_talos.yml b/dci_reinstall_talos.yml
index 74fbd19..b4786b3 100644
--- a/dci_reinstall_talos.yml
+++ b/dci_reinstall_talos.yml
@@ -6,4 +6,4 @@
     - talos_hardware_nodes
   roles:
     - role: dci_finish
-    - role: dci_reinstall_talos
\ No newline at end of file
+    - role: dci_reinstall_talos
diff --git a/roles/common/handlers/talos.yml b/roles/common/handlers/talos.yml
index 4fffebc..47e3a05 100644
--- a/roles/common/handlers/talos.yml
+++ b/roles/common/handlers/talos.yml
@@ -3,7 +3,7 @@
 - name: Talos wait for health
   when: "'talos_first_nodes' in group_names"
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.command:
     cmd: >-
       talosctl  health
@@ -14,4 +14,4 @@
   delay: 10
   changed_when: false
   environment:
-    TALOSCONFIG: "{{ talosconfig }}"
\ No newline at end of file
+    TALOSCONFIG: "{{ talosconfig }}"
diff --git a/roles/dci_finish/handlers/main.yml b/roles/dci_finish/handlers/main.yml
index 629f594..f907b9f 100644
--- a/roles/dci_finish/handlers/main.yml
+++ b/roles/dci_finish/handlers/main.yml
@@ -3,4 +3,4 @@
 - name: Set fact dci_finish_called
   ansible.builtin.set_fact:
     dci_finish_called: true
-    cacheable: no
+    cacheable: false
diff --git a/roles/dci_finish/tasks/main.yml b/roles/dci_finish/tasks/main.yml
index fdf9ac8..9e0ff41 100644
--- a/roles/dci_finish/tasks/main.yml
+++ b/roles/dci_finish/tasks/main.yml
@@ -3,7 +3,7 @@
 - name: Call DCI Manager API to finish operation
   when: dci_server_info.operation.status == 'running'
   delegate_to: "{{ dci_manager_access_host }}"
-  become: no
+  become: false
   ansible.builtin.uri:
     url: "{{ dci_manager_protocol }}://{{ dci_manager_host }}:{{ dci_manager_port }}/dci/v3/server/{{ dci_server_info.id }}/operation_finish"
     method: POST
diff --git a/roles/dci_login/tasks/main.yml b/roles/dci_login/tasks/main.yml
index 1bdc5d7..1bb6571 100644
--- a/roles/dci_login/tasks/main.yml
+++ b/roles/dci_login/tasks/main.yml
@@ -7,7 +7,7 @@
 
 - name: Login on DCI Manager API
   delegate_to: "{{ dci_manager_access_host }}"
-  become: no
+  become: false
   ansible.builtin.uri:
     url: "{{ dci_manager_protocol }}://{{ dci_manager_host }}:{{ dci_manager_port }}/api/auth/v4/public/token"
     method: POST
@@ -36,7 +36,7 @@
 
 - name: Two factor authenticate DCI Manager API
   delegate_to: "{{ dci_manager_access_host }}"
-  become: no
+  become: false
   ansible.builtin.uri:
     url: "{{ dci_manager_protocol }}://{{ dci_manager_host }}:{{ dci_manager_port }}/api/auth/v4/public/token/confirm"
     method: POST
@@ -53,7 +53,7 @@
 
 - name: Get all servers from DCI Manager
   delegate_to: "{{ dci_manager_access_host }}"
-  become: no
+  become: false
   ansible.builtin.uri:
     url: "{{ dci_manager_protocol }}://{{ dci_manager_host }}:{{ dci_manager_port }}/dci/v3/server"
     method: GET
diff --git a/roles/dci_reinstall_talos/tasks/main.yml b/roles/dci_reinstall_talos/tasks/main.yml
index a38b9c0..852a7b5 100644
--- a/roles/dci_reinstall_talos/tasks/main.yml
+++ b/roles/dci_reinstall_talos/tasks/main.yml
@@ -8,7 +8,7 @@
 
 - name: Call DCI Manager API to reinstall Talos Linux
   delegate_to: "{{ dci_manager_access_host }}"
-  become: no
+  become: false
   ansible.builtin.uri:
     url: "{{ dci_manager_protocol }}://{{ dci_manager_host }}:{{ dci_manager_port }}/dci/v3/server/{{ dci_server_info.id }}/operation_os"
     method: POST
@@ -26,7 +26,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.wait_for:
     delay: 10
     host: "{{ ansible_remote }}"
diff --git a/roles/machine_status/tasks/main.yml b/roles/machine_status/tasks/main.yml
index 256fef9..2820874 100644
--- a/roles/machine_status/tasks/main.yml
+++ b/roles/machine_status/tasks/main.yml
@@ -9,7 +9,7 @@
 
 - name: Talosctl get members
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   when: "'talos_first_nodes' in group_names"
   ansible.builtin.command:
     cmd: talosctl  get members
@@ -21,4 +21,4 @@
 - name: Show members
   when: "first_node | default(false)"
   ansible.builtin.debug:
-    var: _talosctl_get_members.stdout_lines
\ No newline at end of file
+    var: _talosctl_get_members.stdout_lines
diff --git a/roles/talos_config_apply/tasks/main.yml b/roles/talos_config_apply/tasks/main.yml
index 5034ff6..28059aa 100644
--- a/roles/talos_config_apply/tasks/main.yml
+++ b/roles/talos_config_apply/tasks/main.yml
@@ -13,7 +13,7 @@
 # 'mode=try' does not work when the machine is in Maintenance mode.
 - name: Apply Talos node config
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.command:
     cmd: >-
       talosctl  apply-config
@@ -28,7 +28,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
     port: 50000
diff --git a/roles/talos_config_create/tasks/create_control_configs.yml b/roles/talos_config_create/tasks/create_control_configs.yml
index 6c5e0d5..3974edc 100644
--- a/roles/talos_config_create/tasks/create_control_configs.yml
+++ b/roles/talos_config_create/tasks/create_control_configs.yml
@@ -2,7 +2,7 @@
 
 - name: Create Talos control node config
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.command:
     cmd: >-
       talosctl  gen  config  '{{ cluster_name }}'  'https://{{ talos_control_lb_hostname }}:6443'
diff --git a/roles/talos_reboot/tasks/main.yml b/roles/talos_reboot/tasks/main.yml
index 604bb9c..bd95d77 100644
--- a/roles/talos_reboot/tasks/main.yml
+++ b/roles/talos_reboot/tasks/main.yml
@@ -5,7 +5,7 @@
 
 - name: Reboot Talos
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   throttle: 1
   ansible.builtin.command:
     cmd: >-
@@ -20,7 +20,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   throttle: 1
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
diff --git a/roles/talos_reset/tasks/main.yml b/roles/talos_reset/tasks/main.yml
index 46710d7..2144aa6 100644
--- a/roles/talos_reset/tasks/main.yml
+++ b/roles/talos_reset/tasks/main.yml
@@ -7,7 +7,7 @@
   # You can't execute this on nodes in Maintenance mode, they are already 'reset'.
   when: "talos_machine_status.spec.stage != 'maintenance'"
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.command:
     cmd: >-
       talosctl  reset
@@ -22,7 +22,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
     port: 50000
diff --git a/roles/talos_upgrade/tasks/main.yml b/roles/talos_upgrade/tasks/main.yml
index ff41157..d380140 100644
--- a/roles/talos_upgrade/tasks/main.yml
+++ b/roles/talos_upgrade/tasks/main.yml
@@ -2,7 +2,7 @@
 
 - name: Upgrade Talos
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   throttle: 1
   ansible.builtin.command:
     cmd: >-
@@ -17,7 +17,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
     port: 50000
diff --git a/roles/talos_wait_port/tasks/main.yml b/roles/talos_wait_port/tasks/main.yml
index d2ef28e..8d13d23 100644
--- a/roles/talos_wait_port/tasks/main.yml
+++ b/roles/talos_wait_port/tasks/main.yml
@@ -2,7 +2,7 @@
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
     port: 50000
diff --git a/services.yml b/services.yml
index 61b454b..967183a 100644
--- a/services.yml
+++ b/services.yml
@@ -2,7 +2,7 @@
 # Playbook Services Install
 
 - name: Install services on K8S
-  become: no
+  become: false
   gather_facts: false
   hosts:
     - talos_first_nodes
diff --git a/shared/tasks/talos_machine_status.yml b/shared/tasks/talos_machine_status.yml
index f41f572..398f2dc 100644
--- a/shared/tasks/talos_machine_status.yml
+++ b/shared/tasks/talos_machine_status.yml
@@ -5,7 +5,7 @@
 
 - name: Get machine status
   delegate_to: "{{ talosctl_host }}"
-  become: no
+  become: false
   ansible.builtin.command:
     cmd: >-
       talosctl  get  machinestatus
@@ -14,7 +14,7 @@
         --output json
   register: _machine_status_cmd
   failed_when: _machine_status_cmd.rc not in [0, 1]
-  changed_when: no
+  changed_when: false
   environment:
     TALOSCONFIG: "{{ talosconfig }}"
 
@@ -30,7 +30,7 @@
         --output json
         --insecure
   register: _machine_status_cmd_insec
-  changed_when: no
+  changed_when: false
   environment:
     TALOSCONFIG: "{{ talosconfig }}"
 
diff --git a/talos.yml b/talos.yml
index 64b8019..6126d12 100644
--- a/talos.yml
+++ b/talos.yml
@@ -2,7 +2,7 @@
 # Playbook Talos Install
 
 - name: Wait for Talos port
-  become: no
+  become: false
   gather_facts: false
   hosts:
     - talos
@@ -13,7 +13,7 @@
         - talos_config_apply
 
 - name: Talos hardware nodes
-  become: no
+  become: false
   gather_facts: false
   hosts:
     - talos_hardware_nodes
@@ -23,7 +23,7 @@
         - dci_finish
 
 - name: Talos config
-  become: no
+  become: false
   gather_facts: false
   hosts:
     - talos
@@ -36,7 +36,7 @@
         - talos_config_apply
 
 - name: Talos bootstrap
-  become: no
+  become: false
   gather_facts: false
   hosts:
     - talos_first_nodes