diff --git a/handlers/main.yml b/handlers/main.yml
index 0f715641790daf5554c32ec00606fdbd7ec1cce5..0ddcfd79da37ac9039b5a5c4fa274e049b62468a 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,5 +1,6 @@
 ---
 - name: save iptables rules (Debian)
+  when: ansible_os_family == "Debian"
   block:
     - name: Ordner für iptables-Config erstellen
       ansible.builtin.file:
@@ -18,9 +19,9 @@
     - name: save iptables rules
       ansible.builtin.command: 'netfilter-persistent save'      # noqa no-changed-when
       listen: "save iptables rules"
-  when: ansible_os_family == "Debian"
 
 - name: save iptables rules (RedHat)
+  when: ansible_os_family == "RedHat"
   block:
     - name: make sure iptables config file exists
       ansible.builtin.file:
@@ -34,7 +35,6 @@
     - name: save rules
       ansible.builtin.command: /usr/sbin/iptables-save        # noqa no-changed-when
       listen: "save iptables rules"
-  when: ansible_os_family == "RedHat"
 
 - name: restart exim
   ansible.builtin.systemd:
diff --git a/meta/main.yml b/meta/main.yml
index f47f99bdd7ad9e12fbf679cdcd1544d8888d8cf5..9a8cd50b1a28ca8dd6073ff4403a9b5ec8a84f84 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,5 +1,7 @@
 ---
 galaxy_info:
+  role_name: "ansible_lza_install_common"
+  namespace: "slub"
   author: Jörg Sachse
   company: SLUB Dresden
   description: role to deploy a base install of Debian for use in the SLUBarchiv digital preservation repository
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420ab5c87edfa59c7805ce4534ff1b387177..a5cfa75e4c765f52891877bfca5f823b69a2c23b 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -5,6 +5,6 @@
   hosts: all
   gather_facts: false
   tasks:
-  - name: Example assertion
-    ansible.builtin.assert:
-      that: true
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true
diff --git a/site.yml b/site.yml
index a461d4a962aa1d651cb9960d1ad45f8228fd0ea3..c3c91c9915704ada8ae6aba3a0bfed32a8defac2 100644
--- a/site.yml
+++ b/site.yml
@@ -1,8 +1,9 @@
 ---
-- hosts: "*"
+- name: "install generic base server"
+  hosts: "*"
   pre_tasks:
     - name: Verify that the installed version of Ansible meets this playbook's version requirements.
-      assert:
+      ansible.builtin.assert:
         that: "ansible_version.full is version_compare('2.2', '>=')"
         msg: >
           "You must update Ansible to at least 2.2 to use this playbook."
@@ -24,4 +25,4 @@
   strategy: linear
 
   roles:
-    - { role: ansible_lza_install_common, become: true }
+    - { role: "ansible_lza_install_common", become: true }
diff --git a/tasks/configure_autoupdate.yml b/tasks/configure_autoupdate.yml
index 33877ce591607f6e9f6e439af21155095edaf739..caf98859009abc3c9d66a0317b26bcd690c1d14a 100644
--- a/tasks/configure_autoupdate.yml
+++ b/tasks/configure_autoupdate.yml
@@ -1,5 +1,6 @@
 ---
 - name: remove apt-cron autoupdate (Debian)
+  when: ansible_os_family == "Debian"
   block:
     - name: Uninstall autoupdate packages (Debian)
       ansible.builtin.apt:
@@ -13,11 +14,11 @@
         - "/etc/cron-apt/action.d/3-download"
         - "/etc/cron-apt/config"
         - "/etc/cron.d/cron-apt"
-  when: ansible_os_family == "Debian"
 
 # unattended-upgrades is the default in Debian 11 and new GUBS installations
 # anyway, so we use it instead of cron-apt.
 - name: Install & configure unattended-upgrades (Debian/Ubuntu)
+  when: ansible_os_family == "Debian"
   block:
     - name: install unattended-upgrades
       ansible.builtin.apt:
@@ -49,10 +50,10 @@
       ansible.builtin.file:
         path: "/etc/apt/apt.conf.d/51only-security-upgrades"
         state: absent
-  when: ansible_os_family == "Debian"
 
 # based on: https://access.redhat.com/solutions/2823901
 - name: Install & configurate autoupdate (RedHat)
+  when: ansible_os_family == "RedHat"
   block:
     - name: include vars yum-cron.yml
       ansible.builtin.include_vars: "yum-cron.yml"
@@ -70,4 +71,3 @@
         owner: "root"
         group: "root"
         mode: "0644"
-  when: ansible_os_family == "RedHat"
diff --git a/tasks/configure_package_repositories.yml b/tasks/configure_package_repositories.yml
index 080841b9d7681f9ecd145203a4bff34020f29892..f13eb07a4be99bfa0a5ce244ceb869f0c3d27cef 100644
--- a/tasks/configure_package_repositories.yml
+++ b/tasks/configure_package_repositories.yml
@@ -1,5 +1,6 @@
 ---
 - name: configure Debian repositories
+  when: "ansible_facts['distribution'] == 'Debian'"
   block:
     - name: öffentlichen Schlüssel hinzufügen (sonst muss bei jeder Installation eine Warnmeldung bestätigt werden)
       ansible.builtin.apt_key:
@@ -12,7 +13,6 @@
         state: present
         update_cache: "yes"
         mode: "0644"
-  when: "ansible_facts['distribution'] == 'Debian'"
 
 - name: add custom repositories
   ansible.builtin.yum_repository:
diff --git a/tasks/configure_ssh_keys.yml b/tasks/configure_ssh_keys.yml
index b3a91bf63134f82014dec6b510d6b8a8f6aadc23..4e39d1587669751ec5dcf5ae1da42894f39fb230 100644
--- a/tasks/configure_ssh_keys.yml
+++ b/tasks/configure_ssh_keys.yml
@@ -1,6 +1,6 @@
 ---
 - name: gültige SSH-Keys für Public-Key Authentication einspielen (HUMAN_USERS)
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ item.key }}"
     comment: "{{ item.value.ssh_comment_current | default('') }}"
     key: "{{ item.value.ssh_key_current | default('') }}"
@@ -9,7 +9,7 @@
   when: item.value.state != "absent"
 
 - name: gültige SSH-Keys für Public-Key Authentication einspielen (ROBOT_USERS)
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ item.key }}"
     comment: "{{ item.value.ssh_comment_current | default('') }}"
     key: "{{ item.value.ssh_key_current | default('') }}"
@@ -18,7 +18,7 @@
   when: item.value.state != "absent"
 
 - name: alle gültigen SSH-Keys zum Installationsuser hinzufügen
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ vault_install_username }}"
     comment: "{{ item.value.ssh_comment_current | default('') }}"
     key: "{{ item.value.ssh_key_current | default('') }}"
diff --git a/tasks/configure_swap.yml b/tasks/configure_swap.yml
index 2862af15d9b7acb26811c89a82894ae1e301f662..3ee20f7d3246817a02ed85595ed378589b5c741a 100644
--- a/tasks/configure_swap.yml
+++ b/tasks/configure_swap.yml
@@ -1,5 +1,6 @@
 ---
 - name: configure zram based swap (Debian)
+  when: ansible_os_family == "Debian"
   block:
     - name: install zram
       ansible.builtin.package:
@@ -12,11 +13,11 @@
           ALGO=lz4
           PERCENT=50
       notify: restart zramswap
-  when: ansible_os_family == "Debian"
 
 # RHEL part is based on https://www.techrepublic.com/article/how-to-enable-zram-rocky-linux/
 # More docu on zram at https://www.kernel.org/doc/html/latest/admin-guide/blockdev/zram.html
 - name: configure zram based swap (RedHat)
+  when: ansible_os_family == "RedHat"
   block:
     - name: disable swapping first, otherwise zram will not work
       ansible.builtin.command: "swapoff -a"
@@ -44,7 +45,7 @@
       ansible.builtin.lineinfile:
         path: "/etc/udev/rules.d/99-zram.rules"
         create: true
-        line: "KERNEL==\"zram0\", ATTR{disksize}=\"{{ ( ansible_facts.memtotal_mb / 2 ) | round | int }}M\",TAG+=\"systemd\""
+        line: "KERNEL==\"zram0\", ATTR{disksize}=\"{{ (ansible_facts.memtotal_mb / 2) | round | int }}M\",TAG+=\"systemd\""
         mode: "0644"
     - name: find out if zram Kernel module has been loaded already
       ansible.builtin.command: "lsmod"
@@ -58,7 +59,7 @@
       register: "zram_devices"
       changed_when: false
     - name: setup zram device
-      ansible.builtin.command: "zramctl -a lzo -s {{ ( ansible_facts.memtotal_mb / 2 ) | round | int }}M /dev/zram0"
+      ansible.builtin.command: "zramctl -a lzo -s {{ (ansible_facts.memtotal_mb / 2) | round | int }}M /dev/zram0"
       changed_when: false
     - name: create SystemD unit directory
       ansible.builtin.file:
@@ -71,7 +72,6 @@
         dest: "/usr/local/lib/systemd/system/zramswap.service"
         mode: "0644"
       notify: restart zramswap
-  when: ansible_os_family == "RedHat"
 
 - name: configure zram based swap (common)
   block:
diff --git a/tasks/install_packages.yml b/tasks/install_packages.yml
index 1cf2749f52dead363b7ddb6a138a090265b032e0..435e2d51cb3393fc1efd067a8118f2767e4e5e4c 100644
--- a/tasks/install_packages.yml
+++ b/tasks/install_packages.yml
@@ -7,6 +7,7 @@
 
 # Äquivalent von yum update
 - name: update packages (RedHat)
+  when: ansible_os_family == "RedHat"
   block:
     - name: yum update
       ansible.builtin.yum:
@@ -16,7 +17,6 @@
     - name: yum autoremove
       ansible.builtin.yum:
         autoremove: true
-  when: ansible_os_family == "RedHat"
 
 - name: uninstall packages
   ansible.builtin.apt:
diff --git a/tasks/main.yml b/tasks/main.yml
index fe6f7a79ee58d86bd5a1deb8b7ebd89ebbd9f6b5..bf4d439b40389b74258d5f696086bcc05b79aaeb 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,134 +14,134 @@
 
 ### PAKETINSTALLATIONEN ###
 # - name: Netzwerk konfigurieren
-#   import_tasks: configure-network.yml
+#   ansible.builtin.import_tasks: configure-network.yml
 #   tags: [network,dns]
 
 # We don't test for idempotence because these tasks can never be idempotent.
 # They are meant to copy fresh Backups of the SSH keys every time they are run.
 - name: Server-SSH-Schlüssel sichern
-  import_tasks: backup_ssh_hostkeys.yml
+  ansible.builtin.import_tasks: "backup_ssh_hostkeys.yml"
   tags: [ssh, molecule-idempotence-notest]
 
 - name: SLUB-lokales Debian-Repository hinzufügen
-  import_tasks: configure_package_repositories.yml
+  ansible.builtin.import_tasks: "configure_package_repositories.yml"
   tags: [apt, yum, packages]
 
 - name: NTP-Client
-  import_tasks: migrate_ntpd_to_esxi_timesync.yml
+  ansible.builtin.import_tasks: "migrate_ntpd_to_esxi_timesync.yml"
   when:    # implicit AND when passing a list
     - ansible_facts.virtualization_role == "guest"
     - ansible_facts.virtualization_type == "VMware"
   tags: [ntp, ntpd, time]
 
 - name: Systempakete installieren
-  import_tasks: install_packages.yml
+  ansible.builtin.import_tasks: "install_packages.yml"
   tags: [apt, yum, packages]
 
 - name: HotAdd-Scripte für VMware installieren
-  import_tasks: install_hotadd_scripts.yml
+  ansible.builtin.import_tasks: "install_hotadd_scripts.yml"
   tags: [hotadd]
 
 - name: Lzip-Tools installieren
-  import_tasks: install_lzip_tools.yml
+  ansible.builtin.import_tasks: "install_lzip_tools.yml"
   tags: [lzip, lziptools]
 
 ### KONFIGURATION ###
 - name: Bash (Prompt, Aliases etc.) konfigurieren
-  import_tasks: configure_bash.yml
+  ansible.builtin.import_tasks: "configure_bash.yml"
   tags: [bash]
 
 - name: Autoupdate konfigurieren
-  import_tasks: configure_autoupdate.yml
+  ansible.builtin.import_tasks: "configure_autoupdate.yml"
   tags: [apt, yum, packages]
 
 - name: Konfigurationsdateien einspielen - SSH-Login
-  import_tasks: configure_ssh_login.yml
+  ansible.builtin.import_tasks: "configure_ssh_login.yml"
   tags: [ssh, bash]
 
 - name: Konfigurationsdateien einspielen - HTOP
-  import_tasks: configure_htop.yml
+  ansible.builtin.import_tasks: "configure_htop.yml"
   tags: [htop]
 
 - name: tmux konfigurieren
-  import_tasks: configure_tmux.yml
+  ansible.builtin.import_tasks: "configure_tmux.yml"
   tags: [tmux]
 
 - name: logrotate konfigurieren
-  import_tasks: configure_logrotate.yml
+  ansible.builtin.import_tasks: "configure_logrotate.yml"
   tags: [log, logrotate]
 
 - name: motd Script einspielen
-  import_tasks: configure_motd.yml
+  ansible.builtin.import_tasks: "configure_motd.yml"
   tags: [motd]
 
 - name: Gruppen und Benutzer erzeugen
-  import_tasks: create_users_groups.yml
+  ansible.builtin.import_tasks: "create_users_groups.yml"
   tags: [users]
 
 - name: SSH-Keys verwalten
-  import_tasks: configure_ssh_keys.yml
+  ansible.builtin.import_tasks: "configure_ssh_keys.yml"
   tags: [users]
 
 - name: ungültige User und SSH-Keys entfernen
-  import_tasks: remove_users_keys.yml
+  ansible.builtin.import_tasks: "remove_users_keys.yml"
   tags: [ssh, users, cleanup]
 
 - name: Logging auf Syslog-Server einrichten
-  import_tasks: configure_syslog_server_logging.yml
+  ansible.builtin.import_tasks: "configure_syslog_server_logging.yml"
   tags: [log, syslog]
 
 - name: persistentes Journalctl-Logging einrichten
-  import_tasks: configure_persistent_journald_logging.yml
+  ansible.builtin.import_tasks: "configure_persistent_journald_logging.yml"
   tags: [log]
 
 - name: Needrestart installieren
-  import_tasks: install_needrestart.yml
+  ansible.builtin.import_tasks: "install_needrestart.yml"
   when: ansible_distribution == "Debian"
   tags: [apt, needrestart]
 
 - name: Check_MK-Plugins installieren
-  import_tasks: install_checkmk_plugins.yml
+  ansible.builtin.import_tasks: "install_checkmk_plugins.yml"
   tags: [monitoring]
 
 - name: root-Shell einrichten
-  import_tasks: configure_root_shell.yml
+  ansible.builtin.import_tasks: "configure_root_shell.yml"
   tags: [bash, root, shell, color]
 
 - name: root-Shell einrichten
-  import_tasks: configure_sudoers.yml
+  ansible.builtin.import_tasks: "configure_sudoers.yml"
   tags: [sudo]
 
 - name: Configure swap
-  import_tasks: configure_swap.yml
+  ansible.builtin.import_tasks: "configure_swap.yml"
   tags: [swap, vm]
 
 - name: sar konfigurieren
-  import_tasks: configure_sar.yml
+  ansible.builtin.import_tasks: "configure_sar.yml"
   tags: [sar, sysstat]
 
 - name: Exim konfigurieren
-  import_tasks: configure_exim.yml
+  ansible.builtin.import_tasks: "configure_exim.yml"
   when: ansible_os_family == "Debian"
   tags: [exim, mail]
 
 - name: Postfix konfigurieren
-  import_tasks: configure_postfix.yml
+  ansible.builtin.import_tasks: "configure_postfix.yml"
   when: ansible_os_family == "RedHat"
   tags: [postfix, mail]
 
 # - name: Glances-Server abschalten
-#   import_tasks: configure_glances.yml
+#   ansible.builtin.import_tasks: "configure_glances.yml"
 #   when: ansible_os_family != "RedHat"        # RHEL 7 still runs Glances 2.5, which doesn't come with the glances.service SystemD unit
 #   tags: [glances]
 
 ### CGROUP FÜR CHECK_MK KONFIGURIEREN ###
 # - name: include cgroup CMK config
-#   import_tasks: cgroup_check_mk.yml
+#   ansible.builtin.import_tasks: "cgroup_check_mk.yml"
 #   tags: [always]
 
 - name: NTP konfigurieren
-  import_tasks: configure_ntp.yml
+  ansible.builtin.import_tasks: "configure_ntp.yml"
   tags: [ntp]
 
 - name: Configure Network