diff --git a/.github/workflows/lint-local.yml b/.github/workflows/lint-local.yml
new file mode 100644
index 0000000..977f7b0
--- /dev/null
+++ b/.github/workflows/lint-local.yml
@@ -0,0 +1,31 @@
+---
+name: ansible-lint-local
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+      - develop
+      - feature/**
+jobs:
+  ansible-lint-local:
+    name: ansible-lint-local
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v3
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint ansible-lint ansible
+
+      - name: Lint code.
+        run: |
+          set -e
+          yamllint .
+          ansible-lint .
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a28475e..ced1b10 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,3 +1,4 @@
+---
 name: ansible-lint
 on: [pull_request_target]
 jobs:
@@ -5,9 +6,9 @@ jobs:
     name: ansible-lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v3
         with:
           python-version: '3.x'
 
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..d3fcbd1
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,13 @@
+---
+extends: default
+rules:
+  line-length:
+    max: 400
+    level: warning
+  truthy:
+    allowed-values:
+      - 'true'
+      - 'false'
+    check-keys: true
+    ignore: |
+      .github/workflows
diff --git a/files/distribute_maps.playbook.yml b/files/distribute_maps.playbook.yml
index 70af6ff..ef7f258 100644
--- a/files/distribute_maps.playbook.yml
+++ b/files/distribute_maps.playbook.yml
@@ -3,19 +3,21 @@
 - name: Distribute Mailman transport maps to backup MX servers
   hosts: all
   tasks:
-    - name: Check postfix_lmtp
-      stat:
+    - name: Check postfix_lmtp  # noqa run-once
+      ansible.builtin.stat:
         path: "{{ mailman3_core_var_dir }}/data/postfix_lmtp"
       register: result
       delegate_to: localhost
       run_once: true
     - name: Copy postfix_lmtp
-      copy:
+      ansible.builtin.copy:
         src: "{{ mailman3_core_var_dir }}/data/postfix_lmtp"
         dest: "{{ mailman3_distribute_maps_dir }}/postfix_lmtp"
+        mode: '0644'
       when: result.stat.exists
       notify:
-        - postmap
+        - Postmap
   handlers:
-    - name: postmap
-      command: "{{ mailman3_postmap_command | default('postmap') }} {{ mailman3_distribute_maps_dir | quote }}/postfix_lmtp"
+    - name: Postmap
+      changed_when: false
+      ansible.builtin.command: "{{ mailman3_postmap_command | default('postmap') }} {{ mailman3_distribute_maps_dir | quote }}/postfix_lmtp"
diff --git a/handlers/main.yml b/handlers/main.yml
index bd51006..0f5e73e 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -6,29 +6,25 @@
 
 # invoke systemctl directly until someone implements https://github.com/ansible/ansible/issues/61763
 
-- name: Restart mailman3-core service
+- name: Restart mailman3-core service  # noqa command-instead-of-module
   ansible.builtin.command: systemctl try-restart {{ mailman3_core_service_name }}.service
-  args:
-    # can't noqa a multi-line yaml string and noqa command-instead-of-module makes the line fail the line length rule
-    warn: false
+  changed_when: false
   when:
     - mailman3_process_manager == "systemd"
     - ansible_virtualization_type != "docker"
 
-- name: Restart mailman3-web service
+- name: Restart mailman3-web service  # noqa command-instead-of-module
   ansible.builtin.command: systemctl try-restart {{ mailman3_web_service_name }}{{ '@' if mailman3_domains is defined else '' }}{{ item }}.service
-  args:
-    warn: false
   loop: "{{ mailman3_domains | default(['']) }}"
+  changed_when: false
   when:
     - mailman3_process_manager == "systemd"
     - ansible_virtualization_type != "docker"
 
-- name: Reload mailman3-web service
+- name: Reload mailman3-web service  # noqa command-instead-of-module
   ansible.builtin.command: systemctl try-reload-or-restart {{ mailman3_web_service_name }}{{ '@' if mailman3_domains is defined else '' }}{{ item }}.service
-  args:
-    warn: false
   loop: "{{ mailman3_domains | default(['']) }}"
+  changed_when: false
   when:
     - mailman3_process_manager == "systemd"
     - ansible_virtualization_type != "docker"
diff --git a/tasks/django.yml b/tasks/django.yml
index 92f7bd8..cd2660d 100644
--- a/tasks/django.yml
+++ b/tasks/django.yml
@@ -41,7 +41,7 @@
   become_user: "{{ __mailman3_web_user_name }}"
 
 - name: Create Django superusers
-  community.general.django_manage: # noqa no-handler
+  community.general.django_manage:  # noqa no-handler
     command: >-
       shell -c 'import sys;
       from django.contrib.auth.models import User;
@@ -75,7 +75,7 @@
   become_user: "{{ __mailman3_web_user_name }}"
 
 - name: Correct default Django site
-  community.general.django_manage: # noqa no-handler
+  community.general.django_manage:  # noqa no-handler
     command: >-
       shell -c 'from django.contrib.sites.models import Site;
       Site.objects.filter(domain="example.com").update(