diff --git a/.ansible-lint b/.ansible-lint
index 973e200..c15db06 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -25,7 +25,7 @@ enable_list:
   - no-changed-when
 
 # Offline mode disables any features that require internet access.
-offline: true
+offline: false
 
 # Set the desired verbosity level.
 verbosity: 1
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..c12be9a
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,23 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+  - repo: local
+    hooks:
+      - id: ansible-galaxy-install
+        name: Install ansible-galaxy collections
+        entry: ansible-galaxy collection install -r requirements.yml
+        language: system
+        pass_filenames: false
+        always_run: true
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v6.22.2
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
+        additional_dependencies:
+          - ansible-core==2.15.8
diff --git a/README.md b/README.md
index 2565f14..d7b303c 100644
--- a/README.md
+++ b/README.md
@@ -89,4 +89,4 @@ echo 1 | sudo tee /sys/class/block/sda/device/rescan
 sudo fdisk -l /dev/sda # To check
 # sudo apt-get install cloud-guest-utils
 sudo growpart /dev/sda 1
-```
\ No newline at end of file
+```
diff --git a/ansible.cfg.default b/ansible.cfg.default
index 75a0499..988eb16 100644
--- a/ansible.cfg.default
+++ b/ansible.cfg.default
@@ -688,4 +688,3 @@
 
 # (list) default list of tags to skip in your plays, has precedence over Run Tags
 ;skip=
-
diff --git a/requirements.txt b/requirements.txt
index d3bb480..7e1e036 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,19 @@
 cachetools==5.5.2
 certifi==2025.1.31
+cfgv==3.4.0
 charset-normalizer==3.4.1
+distlib==0.4.0
 durationpy==0.10
+filelock==3.18.0
 google-auth==2.40.3
+identify==2.6.12
 idna==3.10
 kubernetes==33.1.0
 nc-dnsapi==0.1.3
+nodeenv==1.9.1
 oauthlib==3.3.1
+platformdirs==4.3.8
+pre_commit==4.2.0
 proxmoxer==2.2.0
 pyasn1==0.6.1
 pyasn1_modules==0.4.2
@@ -17,4 +24,5 @@ requests-oauthlib==2.0.0
 rsa==4.9.1
 six==1.17.0
 urllib3==2.3.0
+virtualenv==20.32.0
 websocket-client==1.8.0
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..1802a7e
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,5 @@
+---
+collections:
+  - name: community.docker
+  - name: community.general
+  - name: kubernetes.core
diff --git a/roles/common/files/ssh/root/sshd_config b/roles/common/files/ssh/root/sshd_config
index 4ba0d8e..78623cf 100644
--- a/roles/common/files/ssh/root/sshd_config
+++ b/roles/common/files/ssh/root/sshd_config
@@ -16,4 +16,3 @@ TrustedUserCAKeys /etc/ssh/vault-ca.pub
 UseDNS yes
 AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server
-
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index e1bf3a0..54d1471 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -3,4 +3,4 @@
   service:
     name: sshd
     state: restarted
-  become: yes
+  become: true
diff --git a/roles/k3s_agent/handlers/main.yml b/roles/k3s_agent/handlers/main.yml
index 1300aee..6a144c7 100644
--- a/roles/k3s_agent/handlers/main.yml
+++ b/roles/k3s_agent/handlers/main.yml
@@ -3,4 +3,4 @@
   service:
     name: k3s
     state: restarted
-  become: yes
+  become: true
diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml
index fc446ac..6788f80 100644
--- a/roles/k3s_agent/tasks/main.yml
+++ b/roles/k3s_agent/tasks/main.yml
@@ -1,2 +1,3 @@
 ---
-- include_tasks: installation.yml
+- name: Install k3s agent
+  include_tasks: installation.yml
diff --git a/roles/k3s_server/handlers/main.yml b/roles/k3s_server/handlers/main.yml
index 1300aee..6a144c7 100644
--- a/roles/k3s_server/handlers/main.yml
+++ b/roles/k3s_server/handlers/main.yml
@@ -3,4 +3,4 @@
   service:
     name: k3s
     state: restarted
-  become: yes
+  become: true
diff --git a/roles/k3s_server/tasks/pull_token.yml b/roles/k3s_server/tasks/pull_token.yml
index 4a8dc8f..f2b7a05 100644
--- a/roles/k3s_server/tasks/pull_token.yml
+++ b/roles/k3s_server/tasks/pull_token.yml
@@ -21,6 +21,6 @@
   run_once: true
 
 - name: Encrypt k3s token
-  ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{k3s_server_token_vault_file}}"
+  ansible.builtin.shell: cd ../; ansible-vault encrypt "{{ playbook_dir }}/{{ k3s_server_token_vault_file }}"
   delegate_to: localhost
   run_once: true
diff --git a/roles/k3s_storage/handlers/main.yml b/roles/k3s_storage/handlers/main.yml
index 1300aee..6a144c7 100644
--- a/roles/k3s_storage/handlers/main.yml
+++ b/roles/k3s_storage/handlers/main.yml
@@ -3,4 +3,4 @@
   service:
     name: k3s
     state: restarted
-  become: yes
+  become: true
diff --git a/roles/kubernetes_argocd/tasks/main.yml b/roles/kubernetes_argocd/tasks/main.yml
index f117bfe..29a628e 100644
--- a/roles/kubernetes_argocd/tasks/main.yml
+++ b/roles/kubernetes_argocd/tasks/main.yml
@@ -25,7 +25,9 @@
         name: argocd-server
         namespace: "{{ argocd_namespace }}"
       register: rollout_status
-      until: rollout_status.resources[0].status.readyReplicas is defined and rollout_status.resources[0].status.readyReplicas == rollout_status.resources[0].spec.replicas
+      until: >
+        rollout_status.resources[0].status.readyReplicas is defined and
+        rollout_status.resources[0].status.readyReplicas == rollout_status.resources[0].spec.replicas
       retries: 30
       delay: 10
 
diff --git a/roles/proxmox/tasks/06_hardware_acceleration.yml b/roles/proxmox/tasks/06_hardware_acceleration.yml
index 56c1e3b..c9cfee2 100644
--- a/roles/proxmox/tasks/06_hardware_acceleration.yml
+++ b/roles/proxmox/tasks/06_hardware_acceleration.yml
@@ -3,15 +3,12 @@
   ansible.builtin.lineinfile:
     path: /etc/default/grub
     regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
-    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
-    backup: true
-  register: iommu_result
-
-- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
-    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
+    line: >
+      GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt
+      pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init
+      video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off
+      disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1
+      modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"
     backup: true
   register: iommu_result
 
@@ -34,7 +31,7 @@
   # notify:
   #   - Reboot Node
 
-- name: update grub configuration
+- name: Update grub configuration
   ansible.builtin.command: update-grub
   when: iommu_result.changed or vfio_result.changed
   # notify:
diff --git a/roles/proxmox/tasks/15_create_secret.yml b/roles/proxmox/tasks/15_create_secret.yml
index 319de7a..54069c9 100644
--- a/roles/proxmox/tasks/15_create_secret.yml
+++ b/roles/proxmox/tasks/15_create_secret.yml
@@ -17,7 +17,7 @@
 
 - name: Setup secret name
   ansible.builtin.set_fact:
-    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-','_') }}"
+    vm_name_secret: "{{ proxmox_secrets_prefix }}_{{ vm_name | replace('-', '_') }}"
 
 - name: Check if variable is in vault
   ansible.builtin.set_fact:
@@ -30,7 +30,7 @@
 
 - name: Set new secret
   ansible.builtin.set_fact:
-    new_vault_data: "{{ vault_data | combine({ vm_name_secret: cipassword }) }}"
+    new_vault_data: "{{ vault_data | combine({vm_name_secret: cipassword}) }}"
   when: not variable_exists
 
 - name: Write updated Vault content to file (temporary plaintext)
diff --git a/vars/k3s.ini b/vars/k3s.ini
index f7c8dea..36ee2e4 100644
--- a/vars/k3s.ini
+++ b/vars/k3s.ini
@@ -18,4 +18,3 @@ k3s-agent12
 
 [k3s_loadbalancer]
 k3s-loadbalancer
-
diff --git a/vars/vps.ini b/vars/vps.ini
index 845e39e..d73f351 100644
--- a/vars/vps.ini
+++ b/vars/vps.ini
@@ -1,3 +1,2 @@
 [vps]
 mii
-