diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..5b52ff6
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,31 @@
+---
+
+# .ansible-lint
+
+exclude_paths:
+    - .gitea
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+
+# You must enable opt-in rules by listing each rule 'id' below.
+
+enable_list:
+    - args
+    - empty-string-compare # opt-in
+    - no-log-password # opt-in
+    - no-same-owner # opt-in
+    - name[prefix] # opt-in
+    - galaxy-version-incorrect # opt-in
+# add yaml here if you want to avoid ignoring yaml checks when yamllint
+# library is missing. Normally its absence just skips using that rule.
+    - yaml
+# List of additional kind:pattern to be added at the top of the default
+# match list, first match determines the file kind.
+kinds:
+    - playbook: "**/playbooks/*.{yml,yaml}"
+    - roles: "**/roles/*.{yml,yaml}"
+    # - galaxy: "**/folder/galaxy.yml"
+    - tasks: "**/tasks/*.yml"
+    - vars: "**/*vars/*.yml"
+    - meta: "**/meta/main.yml"
+    - yaml: "**/*.yaml-too"
diff --git a/.gitea/workflows/ansible-lint.yml b/.gitea/workflows/ansible-lint.yml
new file mode 100644
index 0000000..d089d74
--- /dev/null
+++ b/.gitea/workflows/ansible-lint.yml
@@ -0,0 +1,28 @@
+# .github/workflows/ansible-lint.yml
+name: ansible-lint
+
+on: [pull_request, issues, push]
+
+jobs:
+  build:
+    name: Ansible Lint # Naming the build is important to use it as a status check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install ansible-lint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          ansible-lint
diff --git a/handlers/main.yml b/handlers/main.yml
index 714e830..e7515de 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -5,3 +5,11 @@
     daemon_reload: true
     enabled: true
     state: restarted
+
+- name: Reload_udev_rules
+  ansible.builtin.command: udevadm control --reload
+  changed_when: false
+
+- name: Trigger_udev_net
+  ansible.builtin.command: udevadm trigger --subsystem-match=net
+  changed_when: false
diff --git a/tasks/main.yml b/tasks/main.yml
index 9a66d90..8004dec 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,7 +6,7 @@
   ansible.builtin.apt:
     name: ethtool
     state: present
-    update_cache: yes
+    update_cache: true
 
 # ============================================================
 # Normalize and validate configuration
@@ -103,6 +103,7 @@
     label: "{{ item }}"
 
 - name: Check for bond0 backing
+  when: bond_info.rc == 0
   block:
     - name: Detect if any bridge is backed by bond0
       ansible.builtin.set_fact:
@@ -115,7 +116,6 @@
             (bond_info.stdout | regex_findall('Slave Interface: ([a-zA-Z0-9]+)')) | list
           }}
       when: wol_has_bond0 | default(false)
-  when: bond_info.rc == 0
 
 # ============================================================
 # Validate configuration and resolve to physical NICs
@@ -192,17 +192,9 @@
       {% for rule in wol_udev_rules %}
       {{ rule }}
       {% endfor %}
-  register: udev_rules_changed
-
-- name: Reload udev rules
-  ansible.builtin.command: udevadm control --reload
-  changed_when: false
-  when: udev_rules_changed is changed
-
-- name: Trigger udev for network interfaces
-  ansible.builtin.command: udevadm trigger --subsystem-match=net
-  changed_when: false
-  when: udev_rules_changed is changed
+    notify:
+      - Reload_udev_rules
+      - Trigger_udev_net
 
 # ============================================================
 # Verification & Reporting