diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint
new file mode 100644
index 0000000..32bb48a
--- /dev/null
+++ b/ansible/.ansible-lint
@@ -0,0 +1,4 @@
+---
+
+skip_list:
+  - yaml[line-length]
diff --git a/ansible/roles/bastion/defaults/main.yml b/ansible/roles/bastion/defaults/main.yml
index 4d1b4fc..e5ecd5f 100644
--- a/ansible/roles/bastion/defaults/main.yml
+++ b/ansible/roles/bastion/defaults/main.yml
@@ -1,10 +1,10 @@
 ---
 
-private_networks: ""
-allowed_networks: ""
-fail2ban_ignore_ips: ""
+bastion_private_networks: ""
+bastion_allowed_networks: ""
+bastion_fail2ban_ignore_ips: ""
 
-dev_users: []
-admin_users: []
-rundeck_users: []
-log_server: ""
+bastion_dev_users: []
+bastion_admin_users: []
+bastion_rundeck_users: []
+bastion_log_server: ""
diff --git a/ansible/roles/bastion/handlers/main.yml b/ansible/roles/bastion/handlers/main.yml
index 6508fda..3774c36 100644
--- a/ansible/roles/bastion/handlers/main.yml
+++ b/ansible/roles/bastion/handlers/main.yml
@@ -1,25 +1,25 @@
 ---
-- name: reload nftables
+- name: Reload nftables
   ansible.builtin.systemd:
     name: nftables
     state: reloaded
 
-- name: reload fail2ban
+- name: Reload fail2ban
   ansible.builtin.systemd:
     name: fail2ban
     state: reloaded
 
-- name: restart fail2ban
+- name: Restart fail2ban
   ansible.builtin.systemd:
     name: fail2ban
-    state: restart
+    state: restarted
 
-- name: restart ssh
+- name: Restart ssh
   ansible.builtin.systemd:
     service: sshd
     state: restarted
 
-- name: restart rsyslog
+- name: Restart rsyslog
   ansible.builtin.systemd:
     service: rsyslog
     state: restarted
diff --git a/ansible/roles/bastion/tasks/firewall.yml b/ansible/roles/bastion/tasks/firewall.yml
index 7e402df..bf9ac27 100644
--- a/ansible/roles/bastion/tasks/firewall.yml
+++ b/ansible/roles/bastion/tasks/firewall.yml
@@ -1,44 +1,46 @@
-- name: ensure nftables service is started and enabled
+---
+
+- name: Ensure nftables service is started and enabled
   ansible.builtin.systemd:
     name: nftables
     state: started
     enabled: true
   tags: all,firewall
 
-- name: deploying nftables configuration
+- name: Deploying nftables configuration
   ansible.builtin.template:
     src: nftables.conf.j2
     dest: /etc/nftables.conf
     owner: root
     group: root
-    mode: '0755'
+    mode: "0755"
     backup: true
     validate: "nft -c -f %s"
   notify:
-    - reload nftables
-    - restart fail2ban
+    - Reload nftables
+    - Restart fail2ban
   tags: all,firewall
 
-- name: ensure fail2ban is installed
+- name: Ensure fail2ban is installed
   ansible.builtin.apt:
     name: fail2ban
     state: present
     update_cache: true
   tags: all,firewall
 
-- name: ensure fail2ban is enabled and running
+- name: Ensure fail2ban is enabled and running
   ansible.builtin.systemd:
     name: fail2ban
     state: started
     enabled: true
   tags: all,firewall
 
-- name: deploying fail2ban ssh conf
+- name: Deploying fail2ban ssh conf
   ansible.builtin.template:
     src: sshd.conf.j2
     dest: /etc/fail2ban/jail.d/sshd.conf
     owner: root
     group: root
-    mode: '0644'
+    mode: "0644"
   notify: reload fail2ban
   tags: all,firewall
diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml
index 8946909..40fea6b 100644
--- a/ansible/roles/bastion/tasks/main.yml
+++ b/ansible/roles/bastion/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 
-- name: user deployment related tasks
-  include_tasks: users.yml
+- name: User deployment related tasks
+  ansible.builtin.include_tasks: users.yml
   tags: all,users,rootonly
 
-- name: firewall deployment related tasks
-  include_tasks: firewall.yml
+- name: Firewall deployment related tasks
+  ansible.builtin.include_tasks: firewall.yml
   tags: all,firewall
 
-- name: ssh deployment related tasks
-  include_tasks: ssh.yml
+- name: Ssh deployment related tasks
+  ansible.builtin.include_tasks: ssh.yml
   tags: all,ssh
diff --git a/ansible/roles/bastion/tasks/ssh.yml b/ansible/roles/bastion/tasks/ssh.yml
index f0a241c..ef6c7be 100644
--- a/ansible/roles/bastion/tasks/ssh.yml
+++ b/ansible/roles/bastion/tasks/ssh.yml
@@ -1,28 +1,28 @@
 ---
 
-- name: ensure sshd is enabled
+- name: Ensure sshd is enabled
   ansible.builtin.systemd:
     name: sshd
     enabled: true
   tags: all,ssh
 
-- name: deploy sshd_config
+- name: Deploy sshd_config
   ansible.builtin.template:
     src: sshd_config.j2
     dest: /etc/ssh/sshd_config
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
     validate: "sshd -T -f %s"
-  notify: restart ssh
+  notify: Restart ssh
   tags: all,ssh
 
-- name: deploy rsyslog conf
+- name: Deploy rsyslog conf
   ansible.builtin.template:
     src: auth.conf.j2
     dest: /etc/rsyslog.d/auth.conf
     owner: root
     group: root
-    mode: 0644
-  notify: restart rsyslog
+    mode: "0644"
+  notify: Restart rsyslog
   tags: all,ssh
diff --git a/ansible/roles/bastion/tasks/users.yml b/ansible/roles/bastion/tasks/users.yml
index 8237ea1..6a784f3 100644
--- a/ansible/roles/bastion/tasks/users.yml
+++ b/ansible/roles/bastion/tasks/users.yml
@@ -1,13 +1,13 @@
 ---
 
-- name: installing sudo
+- name: Installing sudo
   ansible.builtin.apt:
     name: sudo
     update_cache: true
     state: present
   tags: all,users
 
-- name: adding targetpw directive for sudo
+- name: Adding targetpw directive for sudo
   ansible.builtin.lineinfile:
     path: /etc/sudoers
     line: "{{ item }}"
@@ -17,37 +17,37 @@
     - "Defaults        insults"
   tags: all,users
 
-- name: creating admin users
+- name: Creating admin users
   ansible.builtin.user:
     name: "{{ item.username }}"
     shell: /bin/bash
     groups: sudo
-  with_items: "{{ admin_users }}"
+  with_items: "{{ bastion_admin_users }}"
   tags: all,users
 
-- name: creating dev users
+- name: Creating dev users
   ansible.builtin.user:
     name: "{{ item.username }}"
     shell: /bin/bash
     groups: sudo
-  with_items: "{{ dev_users }}"
+  with_items: "{{ bastion_dev_users }}"
   tags: all,users
 
-- name: adding authorized_keys for regular users
-  ansible.builtin.authorized_key:
+- name: Adding authorized_keys for regular users
+  ansible.posix.authorized_key:
     user: "{{ item.username }}"
     key: "{{ item.public_key }}"
     state: "{{ item.state | default('present') }}"
   with_items:
-    - "{{ admin_users }}"
-    - "{{ dev_users }}"
+    - "{{ bastion_admin_users }}"
+    - "{{ bastion_dev_users }}"
   tags: all,users
 
-- name: adding authorized_keys for root users
-  ansible.builtin.authorized_key:
+- name: Adding authorized_keys for root users
+  ansible.posix.authorized_key:
     user: "root"
     key: "{{ item.public_key }}"
-    key_options: 'from="{{ private_networks }}"'
+    key_options: 'from="{{ bastion_private_networks }}"'
     state: "{{ item.state }}"
-  with_items: "{{ admin_users }}"
+  with_items: "{{ bastion_admin_users }}"
   tags: all,users,rootonly