diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 05a9b19..43194ec 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -22,7 +22,7 @@ lint-job:
   stage: lint
   script:
     - echo "Running lint to check for linting violations"
-    - ansible-lint -c lint.cfg
+    - ansible-lint -c ansible-lint.cfg
   only:
     - branches
   except:
@@ -53,6 +53,25 @@ builder-job:
     - dind
     - harbor # 05.02.22 TODO some runners run into timeouts
 
+.run-ansible:
+  image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
+  script:
+    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+    - eval $(ssh-agent -s)
+    - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
+    - mkdir -p ~/.ssh
+    - chmod 0700 ~/.ssh
+    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
+    - ssh-add -L
+    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
+    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
+  after_script:
+    - rm /tmp/vault-pass
+  tags:
+    - dind
+    - harbor # 05.02.22 TODO some runners run into timeouts
+
+
 ########
 ###   http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
 ###
@@ -66,19 +85,10 @@ builder-job:
 ###                      |_|    |___/             
 
 .run-setup:
-  image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
+  extends: .run-ansible
   stage: run-setup
   script:
-    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
-    - eval $(ssh-agent -s)
-    - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
-    - mkdir -p ~/.ssh
-    - chmod 0700 ~/.ssh
-    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
-    - ssh-add -L
-    - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
-    - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
-    - playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
   after_script:
     - rm /tmp/vault-pass
   tags:
@@ -137,7 +147,7 @@ run-kubernetes-prodnso:
     - ssh-add -L
     - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
     - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
-    - playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
   after_script:
     - rm /tmp/vault-pass
   tags:
@@ -197,7 +207,7 @@ run-kubernetes-prodnso:
     - ssh-add -L
     - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
     - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
-    - playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci
+    - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci
   only:
     changes:
       - smardigo/**/*
@@ -258,7 +268,7 @@ management-prodnso:
     - ssh-add -L
     - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
     - export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
-    - playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
+    - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
   after_script:
     - rm /tmp/vault-pass
   when: manual