diff --git a/Makefile b/Makefile
index 44404f9..062c340 100644
--- a/Makefile
+++ b/Makefile
@@ -35,6 +35,12 @@ ${VAULT_PASS_FILE}: ${ANSIBLE}
 ${VAULT_FILE}: ${VAULT_PASS_FILE}
 	${ANSIBLE_VAULT} create --vault-password-file ${VAULT_PASS_FILE} $@
 
+YAML_FILES=$(shell find ansible/ -name '*.yml' -not -name '*vault*')
+
+# Ansible Lint skip list:
+# [701] - "No 'galaxy_info' found (in role)"
+ANSIBLE_LINT_SKIP_LIST=701
+
 # Targets
 deploy: ${ANSIBLE} ${VAULT_FILE}
 	${ANSIBLE} --diff --private-key ${SSH_KEY} -t ${TAGS} -i ${ANSIBLE_INVENTORY} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml
@@ -46,5 +52,7 @@ vault: ${ANSIBLE_VAULT} ${VAULT_FILE}
 	${ANSIBLE_VAULT} edit --vault-password-file ${VAULT_PASS_FILE} ${VAULT_FILE}
 
 lint: ${LINT_YAML} ${LINT_ANSIBLE}
-	${LINT_YAML} ansible/
-	${LINT_ANSIBLE} ansible/
+	@printf "Running yamllint...\n"
+	-@${LINT_YAML} ${YAML_FILES}
+	@printf "Running ansible-lint with SKIP_LIST: [%s]...\n" "${ANSIBLE_LINT_SKIP_LIST}"
+	-@${LINT_ANSIBLE} -x ${ANSIBLE_LINT_SKIP_LIST} ${YAML_FILES}
diff --git a/ansible/roles/common/tasks/security.yml b/ansible/roles/common/tasks/security.yml
index 33885de..44e9a41 100644
--- a/ansible/roles/common/tasks/security.yml
+++ b/ansible/roles/common/tasks/security.yml
@@ -17,6 +17,7 @@
   copy:
     src: files/fail2ban/jails/{{ item }}
     dest: /etc/fail2ban/jail.d/{{ item }}
+    mode: 0644
   with_items: "{{ fail2ban_jails }}"
   notify: restart_fail2ban
   tags: security
diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml
index 30e42f1..79f3ca6 100644
--- a/ansible/roles/http/tasks/http.yml
+++ b/ansible/roles/http/tasks/http.yml
@@ -4,6 +4,7 @@
   copy:
     src: files/nginx/nginx.conf
     dest: /etc/nginx/nginx.conf
+    mode: 0644
   notify: restart_nginx
   tags: http
 
@@ -12,6 +13,7 @@
   file:
     path: "/etc/nginx/{{ item }}"
     state: directory
+    mode: 0644
   with_items:
     - sites-enabled
     - sites-available
@@ -31,6 +33,7 @@
   file:
     path: "/var/log/nginx/error.log"
     state: file
+    mode: 0644
   notify: restart_fail2ban
   tags: http, security
 
@@ -39,6 +42,7 @@
   template:
     src: "templates/nginx/sites/{{ item }}.j2"
     dest: "/etc/nginx/sites-available/{{ item }}"
+    mode: 0644
   with_items:
     - "{{ ci_server_name }}.http.conf"
   notify: restart_nginx
diff --git a/ansible/roles/http/tasks/ssl.yml b/ansible/roles/http/tasks/ssl.yml
index 02ed23f..e5eda28 100644
--- a/ansible/roles/http/tasks/ssl.yml
+++ b/ansible/roles/http/tasks/ssl.yml
@@ -42,6 +42,7 @@
   template:
     src: "templates/nginx/sites/{{ item }}.j2"
     dest: "/etc/nginx/sites-available/{{ item }}"
+    mode: 0644
   with_items:
     - "{{ ci_server_name }}.https.conf"
   tags: ssl