diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..9ddf10c
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1 @@
+offline: false
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index b765aec..0c2671b 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -5,11 +5,21 @@ on:
       - main
       - release/v*
 
+  workflow_dispatch:
+
 jobs:
-  build:
+  lint:
     name: Ansible Lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          cache: pip
+
+      - name: Install python dependencies
+        run: pip install -r requirements.txt
+
       - name: Run ansible-lint
-        uses: ansible/ansible-lint@main
+        run: ansible-lint
diff --git a/playbook.yaml b/playbooks/playbook.yaml
similarity index 100%
rename from playbook.yaml
rename to playbooks/playbook.yaml
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..ea8a68f
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+ansible
+ansible-lint
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..2822085
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,3 @@
+collections:
+  - community.general
+  - community.crypto
diff --git a/roles/uki_config/meta/argument_specs.yaml b/roles/uki_config/meta/argument_specs.yaml
index d680d57..107483a 100644
--- a/roles/uki_config/meta/argument_specs.yaml
+++ b/roles/uki_config/meta/argument_specs.yaml
@@ -28,7 +28,7 @@ argument_specs:
             type: path
             description: The path to the MOK x509 certificate.
             default: /etc/kernel/MOK.cer
-          
+
           owner:
             type: str
             default: root
diff --git a/roles/uki_config/tasks/main.yaml b/roles/uki_config/tasks/main.yaml
index 469dbc7..b16801c 100644
--- a/roles/uki_config/tasks/main.yaml
+++ b/roles/uki_config/tasks/main.yaml
@@ -317,6 +317,12 @@
           ansible.builtin.copy:
             content: "{{ ukify_config_backup.content | b64decode }}"
             dest: "{{ ukify_conf_path }}"
+            owner: root
+            group: root
+            mode: "0644"
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
         - name: Delete new ukify configuration file
@@ -335,6 +341,12 @@
           ansible.builtin.copy:
             content: "{{ dracut_config_backup.content | b64decode }}"
             dest: "{{ dracut_conf_path }}"
+            owner: root
+            group: root
+            mode: "0644"
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
         - name: Delete new dracut configuration file
@@ -351,6 +363,12 @@
           ansible.builtin.copy:
             content: "{{ kernel_install_config_backup.content | b64decode }}"
             dest: "{{ install_conf_path }}"
+            owner: root
+            group: root
+            mode: "0644"
+            seuser: system_u
+            serole: object_r
+            setype: etc_t
           changed_when: false
 
         - name: Remove new kernel-install configuration file