From ee21973371462839a455dc109cb34970c4b55def Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 20 Mar 2023 23:33:19 +0100
Subject: [PATCH] Use FQCN

Fully Qualified Collection Name
---
 amavis/handlers/main.yml                      |  2 +-
 amavis/tasks/main.yml                         |  4 +-
 amazon-ec2/amazon-ec2-evolinux.yml            |  6 +-
 amazon-ec2/tasks/create-instance.yml          |  8 +-
 amazon-ec2/tasks/post-install.yml             |  2 +-
 amazon-ec2/tasks/setup.yml                    |  4 +-
 apache/handlers/main.yml                      |  6 +-
 apache/tasks/auth.yml                         | 12 +--
 apache/tasks/ip_whitelist.yml                 |  4 +-
 apache/tasks/log2mail.yml                     |  4 +-
 apache/tasks/main.yml                         | 46 +++++-----
 apache/tasks/munin.yml                        | 11 +--
 apache/tasks/server_status.yml                | 26 +++---
 apt/tasks/backports.deb822.yml                |  6 +-
 apt/tasks/backports.oneline.yml               | 10 +--
 apt/tasks/backports.yml                       |  4 +-
 apt/tasks/basics.deb822.yml                   |  9 +-
 apt/tasks/basics.oneline.yml                  |  4 +-
 apt/tasks/basics.yml                          |  4 +-
 apt/tasks/config.yml                          |  6 +-
 apt/tasks/evolix_public.deb822.yml            | 10 +--
 apt/tasks/evolix_public.oneline.yml           | 10 +--
 apt/tasks/evolix_public.yml                   |  4 +-
 apt/tasks/hold_packages.yml                   | 25 +++---
 apt/tasks/main.yml                            | 28 +++---
 apt/tasks/migrate-to-deb822.yml               |  9 +-
 apt/tasks/move-apt-keyring.yml                | 13 +--
 bind/handlers/main.yml                        |  8 +-
 bind/tasks/authoritative.yml                  |  2 +-
 bind/tasks/main.yml                           | 32 +++----
 bind/tasks/munin.yml                          | 22 ++---
 bind/tasks/recursive.yml                      |  4 +-
 bookworm-detect/tasks/main.yml                |  4 +-
 bullseye-detect/tasks/main.yml                |  2 +-
 certbot/handlers/main.yml                     | 11 +--
 certbot/tasks/acme-challenge.yml              | 17 ++--
 certbot/tasks/install-legacy.yml              | 19 ++--
 certbot/tasks/install-package.yml             |  2 +-
 certbot/tasks/main.yml                        | 19 ++--
 clamav/handlers/main.yml                      |  2 +-
 clamav/tasks/main.yml                         | 10 +--
 dhcpd/handlers/main.yml                       |  2 +-
 dhcpd/tasks/main.yml                          |  2 +-
 docker-host/handlers/main.yml                 |  4 +-
 dovecot/handlers/main.yml                     |  6 +-
 dovecot/tasks/main.yml                        | 24 ++---
 dovecot/tasks/munin.yml                       |  6 +-
 drbd/handlers/main.yml                        |  2 +-
 drbd/tasks/main.yml                           |  6 +-
 drbd/tasks/munin.yml                          |  6 +-
 drbd/tasks/nagios.yml                         |  6 +-
 drbd/tasks/packages.yml                       |  4 +-
 elasticsearch/handlers/main.yml               |  2 +-
 elasticsearch/tasks/additional_scripts.yml    |  6 +-
 elasticsearch/tasks/bootstrap_checks.yml      | 11 +--
 elasticsearch/tasks/configuration.yml         | 30 +++----
 elasticsearch/tasks/curator.yml               |  6 +-
 elasticsearch/tasks/datadir.yml               | 13 +--
 elasticsearch/tasks/logs.yml                  |  6 +-
 elasticsearch/tasks/main.yml                  | 18 ++--
 elasticsearch/tasks/plugin_head.yml           | 16 ++--
 elasticsearch/tasks/tmpdir.yml                | 13 +--
 etc-git/tasks/commit.yml                      |  3 +-
 etc-git/tasks/lxc_commit.yml                  |  8 +-
 etc-git/tasks/main.yml                        |  6 +-
 etc-git/tasks/repositories.yml                |  8 +-
 etc-git/tasks/repository.yml                  | 19 ++--
 etc-git/tasks/utils.yml                       | 22 ++---
 evoacme/handlers/main.yml                     | 14 +--
 evoacme/tasks/certbot.yml                     | 14 +--
 evoacme/tasks/conf.yml                        |  6 +-
 evoacme/tasks/evoacme_hook.yml                |  7 +-
 evoacme/tasks/main.yml                        | 10 +--
 evoacme/tasks/permissions.yml                 |  8 +-
 evoacme/tasks/scripts.yml                     | 12 +--
 evobackup-client/handlers/main.yml            |  9 +-
 evobackup-client/tasks/jail.yml               | 17 ++--
 evobackup-client/tasks/main.yml               | 10 +--
 evobackup-client/tasks/open_ssh_ports.yml     |  4 +-
 evobackup-client/tasks/ssh_key.yml            |  6 +-
 evobackup-client/tasks/upload_scripts.yml     |  2 +-
 evobackup-client/tasks/verify_ssh.yml         |  2 +-
 evocheck/tasks/cron.yml                       |  6 +-
 evocheck/tasks/exec.yml                       |  5 +-
 evocheck/tasks/install.yml                    | 14 +--
 evocheck/tasks/main.yml                       |  4 +-
 evolinux-base/handlers/main.yml               | 38 ++++----
 evolinux-base/tasks/etc-evolinux.yml          |  2 +-
 evolinux-base/tasks/hardware.dell.yml         |  5 +-
 evolinux-base/tasks/hardware.yml              |  4 +-
 evolinux-base/tasks/main.yml                  | 58 ++++++------
 evolinux-base/tasks/system.yml                |  4 +-
 evolinux-base/tasks/utils.yml                 |  4 +-
 evolinux-todo/tasks/cat.yml                   |  5 +-
 evolinux-todo/tasks/main.yml                  |  4 +-
 evolinux-users/handlers/main.yml              |  5 +-
 evolinux-users/tasks/main.yml                 | 10 +--
 evolinux-users/tasks/ssh.yml                  | 26 +++---
 evolinux-users/tasks/ssh_allowgroups.yml      |  7 +-
 evolinux-users/tasks/ssh_allowusers.yml       | 14 +--
 evolinux-users/tasks/sudo.yml                 |  8 +-
 evolinux-users/tasks/sudo_jessie.yml          |  4 +-
 evolinux-users/tasks/sudo_stretch_common.yml  |  7 +-
 evolinux-users/tasks/sudo_stretch_user.yml    |  4 +-
 evolinux-users/tasks/user.yml                 | 50 ++++++-----
 evomaintenance/handlers/main.yml              |  5 +-
 evomaintenance/tasks/config.yml               |  4 +-
 .../tasks/install_package_debian.yml          |  4 +-
 .../tasks/install_vendor_debian.yml           | 10 +--
 evomaintenance/tasks/install_vendor_other.yml |  6 +-
 evomaintenance/tasks/main.yml                 | 10 +--
 evomaintenance/tasks/minifirewall.yml         | 11 +--
 evomaintenance/tasks/trap.yml                 |  8 +-
 fail2ban/handlers/main.yml                    |  4 +-
 fail2ban/tasks/fix-dbpurgeage.yml             |  9 +-
 fail2ban/tasks/ip_whitelist.yml               |  4 +-
 fail2ban/tasks/main.yml                       | 22 ++---
 filebeat/handlers/main.yml                    |  2 +-
 filebeat/tasks/apt_sources.yml                |  2 +-
 filebeat/tasks/main.yml                       | 29 +++---
 fluentd/handlers/main.yml                     |  4 +-
 fluentd/tasks/main.yml                        | 14 +--
 generate-ldif/tasks/exec.yml                  |  5 +-
 generate-ldif/tasks/main.yml                  |  4 +-
 haproxy/handlers/main.yml                     |  6 +-
 haproxy/tasks/main.yml                        | 29 +++---
 haproxy/tasks/munin.yml                       |  6 +-
 haproxy/tasks/packages_backports.yml          | 12 +--
 java/tasks/main.yml                           |  4 +-
 java/tasks/openjdk.yml                        | 10 +--
 java/tasks/oracle.yml                         | 15 ++--
 jenkins/handlers/main.yml                     |  6 +-
 jenkins/tasks/main.yml                        | 10 +--
 keepalived/handlers/main.yml                  |  4 +-
 keepalived/tasks/main.yml                     | 12 +--
 kibana/handlers/main.yml                      |  2 +-
 kibana/tasks/apt_sources.yml                  |  2 +-
 kibana/tasks/main.yml                         | 18 ++--
 kibana/tasks/proxy_nginx.yml                  |  4 +-
 kvm-host/handlers/main.yml                    |  2 +-
 kvm-host/tasks/images.yml                     | 10 +--
 kvm-host/tasks/main.yml                       | 12 +--
 kvm-host/tasks/munin.yml                      | 12 +--
 kvm-host/tasks/packages.yml                   |  4 +-
 kvm-host/tasks/ssh.yml                        | 11 +--
 kvm-host/tasks/tools.yml                      | 18 ++--
 ldap/handlers/main.yml                        |  2 +-
 ldap/tasks/init.yml                           | 15 ++--
 ldap/tasks/ldapvirc.yml                       | 21 +++--
 ldap/tasks/main.yml                           | 10 +--
 ldap/tasks/nagios.yml                         | 20 +++--
 listupgrade/tasks/main.yml                    | 18 ++--
 logstash/handlers/main.yml                    |  4 +-
 logstash/tasks/apt_sources.yml                |  2 +-
 logstash/tasks/logs.yml                       | 10 +--
 logstash/tasks/main.yml                       | 18 ++--
 logstash/tasks/tmpdir.yml                     |  9 +-
 lxc-php/handlers/main.yml                     | 22 ++---
 lxc-php/tasks/mail_opensmtpd.yml              |  6 +-
 lxc-php/tasks/mail_ssmtp.yml                  |  4 +-
 lxc-php/tasks/main.yml                        |  2 +-
 lxc-php/tasks/misc.yml                        | 10 +--
 lxc-php/tasks/php56.yml                       |  6 +-
 lxc-php/tasks/php70.yml                       |  6 +-
 lxc-php/tasks/php73.yml                       |  6 +-
 lxc-php/tasks/php74.yml                       |  8 +-
 lxc-php/tasks/php80.yml                       | 18 ++--
 lxc-php/tasks/php81.yml                       | 18 ++--
 lxc-php/tasks/php82.yml                       |  8 +-
 lxc-solr/tasks/main.yml                       |  6 +-
 lxc-solr/tasks/solr.yml                       | 16 ++--
 lxc/tasks/create-container.yml                | 19 ++--
 lxc/tasks/main.yml                            | 23 ++---
 memcached/handlers/main.yml                   |  6 +-
 memcached/tasks/instance-default.yml          |  4 +-
 memcached/tasks/instance-multi.yml            | 10 +--
 memcached/tasks/main.yml                      | 10 +--
 memcached/tasks/munin.yml                     |  8 +-
 memcached/tasks/nrpe.yml                      | 14 +--
 memcached/tasks/phpmemcachedadmin.yml         |  6 +-
 metricbeat/handlers/main.yml                  |  2 +-
 metricbeat/tasks/apt_sources.yml              |  2 +-
 metricbeat/tasks/main.yml                     | 20 ++---
 minifirewall/handlers/main.yml                | 10 ++-
 minifirewall/tasks/activate.yml               |  8 +-
 minifirewall/tasks/config.legacy.yml          | 54 +++++------
 minifirewall/tasks/config.yml                 | 73 +++++++--------
 minifirewall/tasks/install.legacy.yml         |  6 +-
 minifirewall/tasks/install.yml                | 10 +--
 minifirewall/tasks/main.yml                   | 49 +++++-----
 minifirewall/tasks/nrpe.yml                   | 18 ++--
 minifirewall/tasks/tail.legacy.yml            | 19 ++--
 minifirewall/tasks/tail.yml                   | 15 ++--
 minifirewall/tasks/utils.yml                  |  6 +-
 minifirewall/tests/test.yml                   |  2 +-
 mongodb/handlers/main.yml                     |  6 +-
 mongodb/tasks/main_bookworm.yml               | 20 ++---
 mongodb/tasks/main_bullseye.yml               | 26 +++---
 mongodb/tasks/main_buster.yml                 | 30 +++----
 mongodb/tasks/main_jessie.yml                 | 18 ++--
 mongodb/tasks/main_stretch.yml                | 13 +--
 monit/handlers/main.yml                       |  4 +-
 monit/tasks/main.yml                          |  4 +-
 munin/handlers/main.yml                       |  6 +-
 munin/tasks/main.yml                          | 27 +++---
 mysql-oracle/handlers/main.yml                | 13 +--
 mysql-oracle/tasks/config.yml                 |  6 +-
 mysql-oracle/tasks/datadir.yml                | 14 +--
 mysql-oracle/tasks/log2mail.yml               |  4 +-
 mysql-oracle/tasks/main.yml                   | 20 ++---
 mysql-oracle/tasks/munin.yml                  |  8 +-
 mysql-oracle/tasks/nrpe.yml                   | 11 +--
 mysql-oracle/tasks/packages.yml               | 32 +++----
 mysql-oracle/tasks/tmpdir.yml                 |  4 +-
 mysql-oracle/tasks/users.yml                  | 20 +++--
 mysql-oracle/tasks/utils.yml                  | 49 +++++-----
 mysql/handlers/main.yml                       | 10 +--
 mysql/tasks/config_jessie.yml                 |  6 +-
 mysql/tasks/config_stretch.yml                | 12 +--
 mysql/tasks/datadir.yml                       | 14 +--
 mysql/tasks/log2mail.yml                      |  4 +-
 mysql/tasks/logdir.yml                        | 14 +--
 mysql/tasks/main.yml                          | 38 ++++----
 mysql/tasks/munin.yml                         | 18 ++--
 mysql/tasks/mysql_skip.yml                    | 12 +--
 mysql/tasks/nrpe.yml                          | 11 +--
 mysql/tasks/packages_jessie.yml               | 14 +--
 mysql/tasks/packages_stretch.yml              | 12 +--
 mysql/tasks/replication.yml                   | 12 +--
 mysql/tasks/tmpdir.yml                        |  4 +-
 mysql/tasks/users_bullseye.yml                |  2 +-
 mysql/tasks/users_buster.yml                  | 16 ++--
 mysql/tasks/users_jessie.yml                  | 11 +--
 mysql/tasks/users_stretch.yml                 | 16 ++--
 mysql/tasks/utils.yml                         | 61 ++++++-------
 nagios-nrpe/handlers/main.yml                 |  4 +-
 nagios-nrpe/tasks/main.yml                    | 18 ++--
 nagios-nrpe/tasks/wrapper.yml                 | 13 +--
 nameserver/tasks/main.yml                     |  7 +-
 networkd-to-ifconfig/tasks/main.yml           | 24 ++---
 .../tasks/set_facts_from_ansible.yml          |  4 +-
 .../tasks/set_facts_from_systemd.yml          |  8 +-
 newrelic/handlers/main.yml                    |  8 +-
 newrelic/tasks/main.yml                       |  6 +-
 nginx/handlers/main.yml                       |  6 +-
 nginx/tasks/ip_whitelist.yml                  |  4 +-
 nginx/tasks/logrotate.yml                     |  2 +-
 nginx/tasks/main.yml                          | 42 ++++-----
 nginx/tasks/munin_graphs.yml                  |  4 +-
 nginx/tasks/munin_vhost.yml                   | 14 +--
 nginx/tasks/packages.yml                      |  6 +-
 nginx/tasks/packages_backports.yml            |  6 +-
 nginx/tasks/server_status_read.yml            | 14 +--
 nginx/tasks/server_status_write.yml           |  6 +-
 ntpd/handlers/main.yml                        |  2 +-
 ntpd/tasks/main.yml                           |  6 +-
 opendkim/handlers/main.yml                    |  4 +-
 opendkim/tasks/main.yml                       | 18 ++--
 openvpn/handlers/main.yml                     |  7 +-
 openvpn/tasks/debian.yml                      | 90 ++++++++++---------
 openvpn/tasks/main.yml                        |  6 +-
 openvpn/tasks/openbsd.yml                     | 65 +++++++-------
 packweb-apache/handlers/main.yml              |  4 +-
 packweb-apache/tasks/apache.yml               | 16 ++--
 packweb-apache/tasks/awstats.yml              | 13 +--
 packweb-apache/tasks/dependencies.yml         | 24 ++---
 packweb-apache/tasks/fhs_retrictions.yml      | 14 +--
 packweb-apache/tasks/main.yml                 | 37 ++++----
 packweb-apache/tasks/multiphp.yml             |  8 +-
 packweb-apache/tasks/phpmyadmin.yml           | 35 ++++----
 percona/tasks/main.yml                        | 22 ++---
 percona/tasks/xtrabackup.yml                  |  7 +-
 pgbouncer/tasks/main.yml                      |  8 +-
 php/handlers/main.yml                         | 14 +--
 php/tasks/config_apache.yml                   |  8 +-
 php/tasks/config_cli.yml                      |  8 +-
 php/tasks/config_fpm.yml                      | 14 +--
 php/tasks/main.yml                            | 12 +--
 php/tasks/main_bookworm.yml                   | 32 +++----
 php/tasks/main_bullseye.yml                   | 28 +++---
 php/tasks/main_buster.yml                     | 30 +++----
 php/tasks/main_jessie.yml                     | 22 ++---
 php/tasks/main_stretch.yml                    | 28 +++---
 php/tasks/sury_post.yml                       | 12 +--
 php/tasks/sury_pre.yml                        | 16 ++--
 postfix/handlers/main.yml                     |  7 +-
 postfix/tasks/common.yml                      |  5 +-
 postfix/tasks/main.yml                        |  8 +-
 postfix/tasks/minimal.yml                     |  4 +-
 postfix/tasks/packmail.yml                    | 30 ++++---
 postfix/tasks/slow_transport.yml              |  4 +-
 postgresql/handlers/main.yml                  | 14 +--
 postgresql/tasks/config.yml                   | 12 +--
 postgresql/tasks/locales.yml                  |  6 +-
 postgresql/tasks/logrotate.yml                |  2 +-
 postgresql/tasks/munin.yml                    |  8 +-
 postgresql/tasks/nrpe.yml                     | 15 ++--
 postgresql/tasks/packages_bullseye.yml        |  6 +-
 postgresql/tasks/packages_buster.yml          |  6 +-
 postgresql/tasks/packages_jessie.yml          |  6 +-
 postgresql/tasks/packages_stretch.yml         |  6 +-
 postgresql/tasks/pgdg-repo.yml                | 10 +--
 postgresql/tasks/postgis.yml                  |  2 +-
 postgresql/tests/test.yml                     |  7 +-
 proftpd/handlers/main.yml                     |  2 +-
 proftpd/tasks/account.yml                     | 19 ++--
 proftpd/tasks/accounts.yml                    | 14 +--
 proftpd/tasks/accounts_password.yml           | 17 ++--
 proftpd/tasks/main.yml                        | 21 ++---
 rabbitmq/handlers/main.yml                    |  6 +-
 rabbitmq/tasks/main.yml                       | 18 ++--
 rabbitmq/tasks/munin.yml                      | 10 +--
 rabbitmq/tasks/nrpe.yml                       | 14 +--
 rbenv/tasks/main.yml                          | 26 +++---
 redis/handlers/main.yml                       | 12 +--
 redis/tasks/default-log2mail.yml              |  4 +-
 redis/tasks/default-munin.yml                 | 19 ++--
 redis/tasks/default-server.yml                |  6 +-
 redis/tasks/instance-log2mail.yml             |  2 +-
 redis/tasks/instance-munin.yml                | 14 +--
 redis/tasks/instance-server.yml               | 32 +++----
 redis/tasks/main.yml                          | 44 ++++-----
 redis/tasks/nrpe.yml                          | 22 ++---
 redis/tasks/thp.yml                           |  9 +-
 redmine/handlers/main.yml                     |  4 +-
 redmine/tasks/config.yml                      | 10 +--
 redmine/tasks/main.yml                        |  8 +-
 redmine/tasks/mysql.yml                       | 14 +--
 redmine/tasks/nginx.yml                       |  6 +-
 redmine/tasks/packages.yml                    |  6 +-
 redmine/tasks/release.yml                     | 33 ++++---
 redmine/tasks/source.yml                      | 16 ++--
 redmine/tasks/syslog.yml                      |  6 +-
 redmine/tasks/user.yml                        | 12 +--
 remount-usr/handlers/main.yml                 |  3 +-
 remount-usr/tasks/main.yml                    |  6 +-
 spamassasin/handlers/main.yml                 |  2 +-
 spamassasin/tasks/main.yml                    | 29 +++---
 squid/handlers/main.yml                       | 15 ++--
 squid/tasks/log2mail.yml                      |  6 +-
 squid/tasks/logrotate_jessie.yml              |  5 +-
 squid/tasks/logrotate_stretch.yml             |  5 +-
 squid/tasks/main.yml                          | 50 +++++------
 squid/tasks/minifirewall.legacy.yml           | 10 +--
 squid/tasks/minifirewall.yml                  | 15 ++--
 squid/tasks/systemd.yml                       |  9 +-
 ssl/handlers/main.yml                         |  2 +-
 ssl/tasks/haproxy.yml                         |  8 +-
 ssl/tasks/main.yml                            | 12 +--
 supervisord/handlers/main.yml                 |  2 +-
 supervisord/tasks/main.yml                    |  4 +-
 tomcat-instance/tasks/alias.yml               |  4 +-
 tomcat-instance/tasks/bootstrap.yml           |  8 +-
 tomcat-instance/tasks/check.yml               |  8 +-
 tomcat-instance/tasks/main.yml                | 10 +--
 tomcat-instance/tasks/systemd.yml             |  5 +-
 tomcat-instance/tasks/user.yml                | 25 +++---
 tomcat/tasks/main.yml                         |  4 +-
 tomcat/tasks/nagios.yml                       |  8 +-
 tomcat/tasks/packages.yml                     | 16 ++--
 unbound/handlers/main.yml                     |  2 +-
 unbound/tasks/main.yml                        |  8 +-
 userlogrotate/tasks/main.yml                  |  4 +-
 varnish/handlers/main.yml                     |  8 +-
 varnish/tasks/main.yml                        | 34 +++----
 varnish/tasks/munin.yml                       | 14 +--
 vrrpd/tasks/ip.yml                            |  6 +-
 vrrpd/tasks/main.yml                          | 15 ++--
 webapps/evoadmin-mail/handlers/main.yml       |  6 +-
 webapps/evoadmin-mail/tasks/apache.yml        |  6 +-
 webapps/evoadmin-mail/tasks/main.yml          | 14 +--
 webapps/evoadmin-mail/tasks/nginx.yml         |  8 +-
 webapps/evoadmin-mail/tasks/ssl.yml           | 10 ++-
 webapps/evoadmin-web/handlers/main.yml        |  7 +-
 webapps/evoadmin-web/tasks/config.yml         |  6 +-
 webapps/evoadmin-web/tasks/ftp.yml            |  4 +-
 webapps/evoadmin-web/tasks/main.yml           | 16 ++--
 webapps/evoadmin-web/tasks/packages.yml       | 12 +--
 webapps/evoadmin-web/tasks/ssl.yml            | 10 ++-
 webapps/evoadmin-web/tasks/user.yml           | 35 ++++----
 webapps/evoadmin-web/tasks/web.yml            | 22 ++---
 webapps/nextcloud/handlers/main.yml           |  6 +-
 webapps/nextcloud/tasks/apache-system.yml     |  9 +-
 webapps/nextcloud/tasks/apache-vhost.yml      |  4 +-
 webapps/nextcloud/tasks/archive.yml           |  9 +-
 webapps/nextcloud/tasks/config.yml            | 23 +++--
 webapps/nextcloud/tasks/main.yml              | 18 ++--
 webapps/nextcloud/tasks/mysql-user.yml        | 16 ++--
 webapps/nextcloud/tasks/user.yml              |  7 +-
 webapps/roundcube/handlers/main.yml           |  6 +-
 webapps/roundcube/tasks/main.yml              | 28 +++---
 webapps/wordpress/tasks/main.yml              | 39 ++++----
 392 files changed, 2517 insertions(+), 2298 deletions(-)

diff --git a/amavis/handlers/main.yml b/amavis/handlers/main.yml
index 62049999..6d76108b 100644
--- a/amavis/handlers/main.yml
+++ b/amavis/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart amavis
-  service:
+  ansible.builtin.service:
     name: amavis
     state: restarted
diff --git a/amavis/tasks/main.yml b/amavis/tasks/main.yml
index 1b0932d5..4fa452e5 100644
--- a/amavis/tasks/main.yml
+++ b/amavis/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: install Amavis
-  apt:
+  ansible.builtin.apt:
     name:
       - postgrey
       - amavisd-new
@@ -9,7 +9,7 @@
   - amavis
 
 - name: configure Amavis
-  template:
+  ansible.builtin.template:
     src: amavis.conf.j2
     dest: /etc/amavis/conf.d/49-evolinux-defaults
     mode: "0644"
diff --git a/amazon-ec2/amazon-ec2-evolinux.yml b/amazon-ec2/amazon-ec2-evolinux.yml
index d4e125a7..18dcb7a0 100644
--- a/amazon-ec2/amazon-ec2-evolinux.yml
+++ b/amazon-ec2/amazon-ec2-evolinux.yml
@@ -9,10 +9,10 @@
     aws_region: ca-central-1
 
   tasks:
-    - include_role:
+    - ansible.builtin.include_role:
         name: evolix/amazon-ec2
         tasks_from: setup.yml
-    - include_role:
+    - ansible.builtin.include_role:
         name: evolix/amazon-ec2
         tasks_from: create-instance.yml
 
@@ -51,7 +51,7 @@
   - mysql
 
   post_tasks:
-  - include_role:
+  - ansible.builtin.include_role:
       name: evolix/etc-git
       tasks_from: commit.yml
     vars:
diff --git a/amazon-ec2/tasks/create-instance.yml b/amazon-ec2/tasks/create-instance.yml
index 86e8f803..7dd4ef3f 100644
--- a/amazon-ec2/tasks/create-instance.yml
+++ b/amazon-ec2/tasks/create-instance.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Launch new instance(s)
-  ec2:
+  amazon.aws.ec2:
     state: present
     aws_access_key: "{{ aws_access_key }}"
     aws_secret_key: "{{ aws_secret_key }}"
@@ -16,19 +16,19 @@
   register: ec2
 
 - name: Add newly created instance(s) to inventory
-  add_host:
+  ansible.builtin.add_host:
     hostname: "{{ item.public_dns_name }}"
     groupname: launched-instances
     ansible_user: admin
     ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
   loop: "{{ ec2.instances }}"
 
-- debug:
+- ansible.builtin.debug:
     msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
   loop: "{{ ec2.instances }}"
 
 - name: Wait for SSH to come up on all instances (give up after 2m)
-  wait_for:
+  ansible.builtin.wait_for:
     state: started
     host: "{{ item.public_dns_name }}"
     port: 22
diff --git a/amazon-ec2/tasks/post-install.yml b/amazon-ec2/tasks/post-install.yml
index 369f4941..80f624a8 100644
--- a/amazon-ec2/tasks/post-install.yml
+++ b/amazon-ec2/tasks/post-install.yml
@@ -1,5 +1,5 @@
 ---
 - name: Remove admin user
-  user:
+  ansible.builtin.user:
     name: admin
     state: absent
diff --git a/amazon-ec2/tasks/setup.yml b/amazon-ec2/tasks/setup.yml
index fe136fa1..d3bc00a5 100644
--- a/amazon-ec2/tasks/setup.yml
+++ b/amazon-ec2/tasks/setup.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Create default security group
-  ec2_group:
+  amazon.aws.ec2_group:
     name: "{{ ec2_security_group.name }}"
     state: present
     aws_access_key: "{{ aws_access_key }}"
@@ -12,7 +12,7 @@
     rules_egress: "{{ ec2_security_group.rules_egress }}"
 
 - name: Create key pair
-  ec2_key:
+  amazon.aws.ec2_key:
     name: "{{ ec2_keyname }}"
     state: present
     aws_access_key: "{{ aws_access_key }}"
diff --git a/apache/handlers/main.yml b/apache/handlers/main.yml
index 96daa368..e8e31627 100644
--- a/apache/handlers/main.yml
+++ b/apache/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: restart apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: restarted
 
 - name: reload apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/apache/tasks/auth.yml b/apache/tasks/auth.yml
index fd01517c..2c4d75ff 100644
--- a/apache/tasks/auth.yml
+++ b/apache/tasks/auth.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Init ipaddr_whitelist.conf file
-  copy:
+  ansible.builtin.copy:
     src: ipaddr_whitelist.conf
     dest: /etc/apache2/ipaddr_whitelist.conf
     owner: root
@@ -12,10 +12,10 @@
     - apache
 
 - name: Load IP whitelist task
-  include: ip_whitelist.yml
+  ansible.builtin.import_tasks: ip_whitelist.yml
 
 - name: include private IP whitelist for server-status
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apache2/mods-available/status.conf
     line: "        include /etc/apache2/ipaddr_whitelist.conf"
     insertafter: 'SetHandler server-status'
@@ -24,7 +24,7 @@
     - apache
 
 - name: Copy private_htpasswd
-  copy:
+  ansible.builtin.copy:
     src: private_htpasswd
     dest: /etc/apache2/private_htpasswd
     owner: root
@@ -36,7 +36,7 @@
     - apache
 
 - name: add user:pwd to private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apache2/private_htpasswd
     line: "{{ item }}"
     state: present
@@ -46,7 +46,7 @@
     - apache
 
 - name: remove user:pwd from private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apache2/private_htpasswd
     line: "{{ item }}"
     state: absent
diff --git a/apache/tasks/ip_whitelist.yml b/apache/tasks/ip_whitelist.yml
index 18f4a681..5060f56e 100644
--- a/apache/tasks/ip_whitelist.yml
+++ b/apache/tasks/ip_whitelist.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: add IP addresses to private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apache2/ipaddr_whitelist.conf
     line: "Require ip {{ item }}"
     state: present
@@ -12,7 +12,7 @@
     - ips
 
 - name: remove IP addresses from private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apache2/ipaddr_whitelist.conf
     line: "Require ip {{ item }}"
     state: absent
diff --git a/apache/tasks/log2mail.yml b/apache/tasks/log2mail.yml
index 3b0650b7..42b18dae 100644
--- a/apache/tasks/log2mail.yml
+++ b/apache/tasks/log2mail.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: log2mail is installed
-  apt:
+  ansible.builtin.apt:
     name: log2mail
     state: present
   tags:
     - apache
 
 - name: Add log2mail config for Apache segfaults
-  template:
+  ansible.builtin.template:
     src: log2mail-apache.j2
     dest: "/etc/log2mail/config/apache"
     owner: log2mail
diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml
index 1a028205..c1ca9d7b 100644
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: packages are installed (Debian 9 or later)
-  apt:
+  ansible.builtin.apt:
     name:
       - apache2
       - libapache2-mod-evasive
@@ -14,7 +14,7 @@
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: itk package is installed if required (Debian 9 or later)
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mpm-itk
     state: present
@@ -26,7 +26,7 @@
     - apache_mpm == "itk"
 
 - name: packages are installed (jessie)
-  apt:
+  ansible.builtin.apt:
     name:
       - apache2-mpm-itk
       - libapache2-mod-evasive
@@ -39,7 +39,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: basic modules are enabled
-  apache2_module:
+  community.general.apache2_module:
     name: '{{ item }}'
     state: present
   loop:
@@ -55,7 +55,7 @@
     - apache
 
 - name: basic modules are enabled
-  apache2_module:
+  community.general.apache2_module:
     name: '{{ item }}'
     state: present
   loop:
@@ -67,7 +67,7 @@
 
 
 - name: Copy Apache defaults config file
-  copy:
+  ansible.builtin.copy:
     src: evolinux-defaults.conf
     dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
     owner: root
@@ -79,7 +79,7 @@
   - apache
 
 - name: Copy Apache custom config file
-  copy:
+  ansible.builtin.copy:
     src: evolinux-custom.conf
     dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
     owner: root
@@ -91,7 +91,7 @@
   - apache
 
 - name: disable status.conf
-  file:
+  ansible.builtin.file:
     dest: /etc/apache2/mods-enabled/status.conf
     state: absent
   notify: reload apache
@@ -99,7 +99,8 @@
     - apache
 
 - name: Ensure Apache config files are enabled
-  command: "a2enconf {{ item }}"
+  ansible.builtin.command:
+    cmd: "a2enconf {{ item }}"
   register: command_result
   changed_when: "'Enabling' in command_result.stderr"
   loop:
@@ -109,12 +110,12 @@
   tags:
     - apache
 
-- include: auth.yml
+- ansible.builtin.include: auth.yml
   tags:
   - apache
 
 - name: default vhost is installed
-  template:
+  ansible.builtin.template:
     src: evolinux-default.conf.j2
     dest: /etc/apache2/sites-available/000-evolinux-default.conf
     mode: "0640"
@@ -124,7 +125,7 @@
     - apache
 
 - name: default vhost is enabled
-  file:
+  ansible.builtin.file:
     src: /etc/apache2/sites-available/000-evolinux-default.conf
     dest: /etc/apache2/sites-enabled/000-default.conf
     state: link
@@ -134,12 +135,13 @@
   tags:
     - apache
 
-- include: server_status.yml
+- ansible.builtin.include: server_status.yml
   tags:
     - apache
 
 - name: is umask already present?
-  command: "grep -E '^umask ' /etc/apache2/envvars"
+  ansible.builtin.command:
+    cmd: "grep -E '^umask ' /etc/apache2/envvars"
   failed_when: False
   changed_when: False
   register: envvar_grep_umask
@@ -148,7 +150,7 @@
     - apache
 
 - name: Add a mark in envvars for umask
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/apache2/envvars
     marker: "## {mark} ANSIBLE MANAGED BLOCK"
     block: |
@@ -159,13 +161,13 @@
   tags:
     - apache
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - apache
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -175,7 +177,7 @@
     - apache
 
 - name: "Install save_apache_status.sh"
-  copy:
+  ansible.builtin.copy:
     src: save_apache_status.sh
     dest: /usr/share/scripts/save_apache_status.sh
     mode: "0755"
@@ -184,7 +186,7 @@
     - apache
 
 - name: "logrotate: {{ apache_logrotate_frequency }}"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/logrotate.d/apache2
     regexp: "(daily|weekly|monthly)"
     replace: "{{ apache_logrotate_frequency }}"
@@ -192,19 +194,19 @@
     - apache
 
 - name: "logrotate: rotate {{ apache_logrotate_rotate }}"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/logrotate.d/apache2
     regexp: '^(\s+rotate) \d+$'
     replace: '\1 {{ apache_logrotate_rotate }}'
   tags:
     - apache
 
-- include: log2mail.yml
+- ansible.builtin.include: log2mail.yml
   when: apache_log2mail_include
   tags:
     - apache
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
   when: apache_munin_include | bool
   tags:
     - apache
diff --git a/apache/tasks/munin.yml b/apache/tasks/munin.yml
index fe07a5cf..af3c1a21 100644
--- a/apache/tasks/munin.yml
+++ b/apache/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Install munin-node and core plugins packages"
-  apt:
+  ansible.builtin.apt:
     name:
       - munin-node
       - munin-plugins-core
@@ -11,7 +11,7 @@
     - munin
 
 - name: "Enable Munin plugins"
-  file:
+  ansible.builtin.file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
     state: link
@@ -25,7 +25,7 @@
     - munin
 
 - name: "Install fcgi packages for Munin graphs"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-fcgid
       - libcgi-fast-perl
@@ -36,7 +36,8 @@
     - munin
 
 - name: "Enable libapache2-mod-fcgid"
-  command: a2enmod fcgid
+  ansible.builtin.command:
+    cmd: a2enmod fcgid
   register: cmd_enable_fcgid
   changed_when: "'Module fcgid already enabled' not in cmd_enable_fcgid.stdout"
   notify: restart apache
@@ -45,7 +46,7 @@
     - munin
 
 - name: "Apache has access to /var/log/munin/"
-  file:
+  ansible.builtin.file:
     path: /var/log/munin/
     group: www-data
   tags:
diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml
index 38daf285..7b188e51 100644
--- a/apache/tasks/server_status.yml
+++ b/apache/tasks/server_status.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: server status dirname exists
-  file:
+  ansible.builtin.file:
     dest: "{{ apache_serverstatus_suffix_file | dirname }}"
     mode: "0700"
     owner: root
@@ -9,7 +9,7 @@
     state: directory
 
 - name: set apache serverstatus suffix if provided
-  copy:
+  ansible.builtin.copy:
     dest: "{{ apache_serverstatus_suffix_file }}"
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ apache_serverstatus_suffix }}\u000A"
@@ -17,51 +17,53 @@
   when: apache_serverstatus_suffix | length > 0
 
 - name: generate random string for server-status suffix
-  shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
+  ansible.builtin.shell:
+    cmd: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
   args:
     creates: "{{ apache_serverstatus_suffix_file }}"
 
 - name: read apache server status suffix
-  command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
+  ansible.builtin.command:
+    cmd: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
   changed_when: False
   check_mode: no
   register: new_apache_serverstatus_suffix
 
 - name: overwrite apache_serverstatus_suffix
-  set_fact:
+  ansible.builtin.set_fact:
     apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
 
-- debug:
+- ansible.builtin.debug:
     var: apache_serverstatus_suffix
     verbosity: 1
 
 - name: replace server-status suffix in default site index
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp: '__SERVERSTATUS_SUFFIX__'
     replace: "{{ apache_serverstatus_suffix }}"
 
 - name: add server-status suffix in default site index if missing
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp: '"/server-status-?"'
     replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
 
 - name: add server-status suffix in default VHost
-  replace:
+  ansible.builtin.replace:
     dest: /etc/apache2/sites-available/000-evolinux-default.conf
     regexp: '<Location /server-status-?>'
     replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
   notify: reload apache
 
 - name: Munin configuration has a section for apache
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/munin/plugin-conf.d/munin-node
     line: "[apache_*]"
     create: no
 
 - name: apache-status URL is configured for Munin
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/munin/plugin-conf.d/munin-node
     line: "env.url http://{{ apache_serverstatus_host }}/server-status-{{ apache_serverstatus_suffix }}?auto"
     regexp: 'env.url http://[^\\/]+/server-status'
@@ -70,7 +72,7 @@
   notify: restart munin-node
 
 - name: add mailgraph URL in index.html
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     state: present
     line: '            <li><a href="/mailgraph">Stats Mail</a></li>'
diff --git a/apt/tasks/backports.deb822.yml b/apt/tasks/backports.deb822.yml
index 633b9266..421e59e6 100644
--- a/apt/tasks/backports.deb822.yml
+++ b/apt/tasks/backports.deb822.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Backports deb822 sources list is installed
-  template:
+  ansible.builtin.template:
     src: '{{ ansible_distribution_release }}_backports.sources.j2'
     dest: /etc/apt/sources.list.d/backports.sources
     force: yes
@@ -11,7 +11,7 @@
     - apt
 
 - name: Backports configuration
-  copy:
+  ansible.builtin.copy:
     src: '{{ ansible_distribution_release }}_backports_preferences'
     dest: /etc/apt/preferences.d/0-backports-defaults
     force: yes
@@ -21,7 +21,7 @@
     - apt
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: apt_backports_sources is changed or apt_backports_config is changed
   tags:
diff --git a/apt/tasks/backports.oneline.yml b/apt/tasks/backports.oneline.yml
index 7f6509b0..9b7118b7 100644
--- a/apt/tasks/backports.oneline.yml
+++ b/apt/tasks/backports.oneline.yml
@@ -1,6 +1,6 @@
 ---
 - name: No backports config in default sources.list
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apt/sources.list
     regexp: "backports"
     state: absent
@@ -8,7 +8,7 @@
     - apt
 
 - name: Backports sources list is installed
-  template:
+  ansible.builtin.template:
     src: '{{ ansible_distribution_release }}_backports.list.j2'
     dest: /etc/apt/sources.list.d/backports.list
     force: yes
@@ -18,7 +18,7 @@
     - apt
 
 - name: Backports configuration
-  copy:
+  ansible.builtin.copy:
     src: '{{ ansible_distribution_release }}_backports_preferences'
     dest: /etc/apt/preferences.d/0-backports-defaults
     force: yes
@@ -28,7 +28,7 @@
     - apt
 
 - name: Archived backport are accepted (jessie)
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
     line: 'Acquire::Check-Valid-Until no;'
     create: yes
@@ -38,7 +38,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   tags:
     - apt
diff --git a/apt/tasks/backports.yml b/apt/tasks/backports.yml
index 205574e5..6ebf65ab 100644
--- a/apt/tasks/backports.yml
+++ b/apt/tasks/backports.yml
@@ -3,11 +3,11 @@
 # Backward compatibility task file
 
 - name: Install backports repositories (Debian <12)
-  import_tasks: backports.oneline.yml
+  ansible.builtin.import_tasks: backports.oneline.yml
   when:
     - ansible_distribution_major_version is version('12', '<')
 
 - name: Install backports repositories (Debian >=12)
-  import_tasks: backports.deb822.yml
+  ansible.builtin.import_tasks: backports.deb822.yml
   when:
     - ansible_distribution_major_version is version('12', '>=')
\ No newline at end of file
diff --git a/apt/tasks/basics.deb822.yml b/apt/tasks/basics.deb822.yml
index b99a8af4..a8663572 100644
--- a/apt/tasks/basics.deb822.yml
+++ b/apt/tasks/basics.deb822.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Change basics repositories
-  template:
+  ansible.builtin.template:
     src: "{{ ansible_distribution_release }}_basics.sources.j2"
     dest: /etc/apt/sources.list.d/system.sources
     mode: "0644"
@@ -11,7 +11,7 @@
     - apt
 
 - name: Change security repositories
-  template:
+  ansible.builtin.template:
     src: "{{ ansible_distribution_release }}_security.sources.j2"
     dest: /etc/apt/sources.list.d/security.sources
     mode: "0644"
@@ -27,7 +27,8 @@
   register: list_files
 
 - name: Disable one-line-formatted sources
-  command: "mv --verbose {{ item.path }} {{ item.path }}.bak"
+  ansible.builtin.command:
+    cmd: "mv --verbose {{ item.path }} {{ item.path }}.bak"
   environment:
     LC_ALL: C
   loop: "{{ list_files.files }}"
@@ -37,7 +38,7 @@
     - apt
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   tags:
     - apt
diff --git a/apt/tasks/basics.oneline.yml b/apt/tasks/basics.oneline.yml
index 8e0a562c..4d457f0d 100644
--- a/apt/tasks/basics.oneline.yml
+++ b/apt/tasks/basics.oneline.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Change basics repositories
-  template:
+  ansible.builtin.template:
     src: "{{ ansible_distribution_release }}_basics.list.j2"
     dest: /etc/apt/sources.list
     mode: "0644"
@@ -11,7 +11,7 @@
     - apt
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   tags:
     - apt
diff --git a/apt/tasks/basics.yml b/apt/tasks/basics.yml
index 7966c849..885f33f5 100644
--- a/apt/tasks/basics.yml
+++ b/apt/tasks/basics.yml
@@ -3,11 +3,11 @@
 # Backward compatibility task file
 
 - name: Install basics repositories (Debian <12)
-  import_tasks: basics.oneline.yml
+  ansible.builtin.import_tasks: basics.oneline.yml
   when:
     - ansible_distribution_major_version is version('12', '<')
 
 - name: Install basics repositories (Debian >=12)
-  import_tasks: basics.deb822.yml
+  ansible.builtin.import_tasks: basics.deb822.yml
   when:
     - ansible_distribution_major_version is version('12', '>=')
\ No newline at end of file
diff --git a/apt/tasks/config.yml b/apt/tasks/config.yml
index 62155623..b403ab03 100644
--- a/apt/tasks/config.yml
+++ b/apt/tasks/config.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Evolinux config for APT
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apt/apt.conf.d/z-evolinux.conf
     line: "{{ item.line }}"
     regexp: "{{ item.regexp }}"
@@ -17,7 +17,7 @@
   when: apt_evolinux_config | bool
 
 - name: DPkg invoke hooks
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/apt/apt.conf.d/z-evolinux.conf
     line: "{{ item }}"
     create: yes
@@ -33,7 +33,7 @@
   when: apt_hooks | bool
 
 - name: Remove Aptitude
-  apt:
+  ansible.builtin.apt:
     name: aptitude
     state: absent
   tags:
diff --git a/apt/tasks/evolix_public.deb822.yml b/apt/tasks/evolix_public.deb822.yml
index a98a9983..036645e7 100644
--- a/apt/tasks/evolix_public.deb822.yml
+++ b/apt/tasks/evolix_public.deb822.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
     path: /etc/apt/trusted.gpg
   register: _trusted_gpg_keyring
   tags:
     - apt
 
 - name: Evolix embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
     id: "B8612B5D"
     keyring: /etc/apt/trusted.gpg
     state: absent
@@ -17,7 +17,7 @@
   when: _trusted_gpg_keyring.stat.exists
 
 - name: Add Evolix GPG key
-  copy:
+  ansible.builtin.copy:
     src: pub_evolix.asc
     dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
     force: yes
@@ -28,7 +28,7 @@
     - apt
 
 - name: Evolix public list is installed
-  template:
+  ansible.builtin.template:
     src: evolix_public.sources.j2
     dest: /etc/apt/sources.list.d/evolix_public.sources
     force: yes
@@ -38,7 +38,7 @@
     - apt
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   tags:
     - apt
diff --git a/apt/tasks/evolix_public.oneline.yml b/apt/tasks/evolix_public.oneline.yml
index e3ca833e..9c502a33 100644
--- a/apt/tasks/evolix_public.oneline.yml
+++ b/apt/tasks/evolix_public.oneline.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
     path: /etc/apt/trusted.gpg
   register: _trusted_gpg_keyring
   tags:
     - apt
 
 - name: Evolix embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
     id: "B8612B5D"
     keyring: /etc/apt/trusted.gpg
     state: absent
@@ -17,7 +17,7 @@
   when: _trusted_gpg_keyring.stat.exists
 
 - name: Add Evolix GPG key
-  copy:
+  ansible.builtin.copy:
     src: pub_evolix.asc
     dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
     force: yes
@@ -28,7 +28,7 @@
     - apt
 
 - name: Evolix public list is installed
-  template:
+  ansible.builtin.template:
     src: evolix_public.list.j2
     dest: /etc/apt/sources.list.d/evolix_public.list
     force: yes
@@ -38,7 +38,7 @@
     - apt
 
 - name: Apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   tags:
     - apt
diff --git a/apt/tasks/evolix_public.yml b/apt/tasks/evolix_public.yml
index 6d0a2de4..8795a6a5 100644
--- a/apt/tasks/evolix_public.yml
+++ b/apt/tasks/evolix_public.yml
@@ -3,11 +3,11 @@
 # Backward compatibility task file
 
 - name: Install Evolix Public repositories (Debian <12)
-  import_tasks: evolix_public.oneline.yml
+  ansible.builtin.import_tasks: evolix_public.oneline.yml
   when:
     - ansible_distribution_major_version is version('12', '<')
 
 - name: Install Evolix Public repositories (Debian >=12)
-  import_tasks: evolix_public.deb822.yml
+  ansible.builtin.import_tasks: evolix_public.deb822.yml
   when:
     - ansible_distribution_major_version is version('12', '>=')
\ No newline at end of file
diff --git a/apt/tasks/hold_packages.yml b/apt/tasks/hold_packages.yml
index 2b3b815f..26ced4c7 100644
--- a/apt/tasks/hold_packages.yml
+++ b/apt/tasks/hold_packages.yml
@@ -1,11 +1,11 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: "hold packages (apt)"
-  shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
     executable: /bin/bash
   check_mode: no
   register: apt_mark
@@ -18,7 +18,7 @@
     - apt
 
 - name: "/etc/evolinux is present"
-  file:
+  ansible.builtin.file:
     dest: /etc/evolinux
     mode: "0700"
     state: directory
@@ -26,7 +26,7 @@
     - apt
 
 - name: "hold packages (config)"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/evolinux/apt_hold_packages.cf
     line: "{{ item }}"
     create: True
@@ -36,8 +36,8 @@
     - apt
 
 - name: "unhold packages (apt)"
-  shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
     executable: /bin/bash
   check_mode: no
   register: apt_mark
@@ -48,7 +48,7 @@
     - apt
 
 - name: "unhold packages (config)"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/evolinux/apt_hold_packages.cf
     line: "{{ item }}"
     create: True
@@ -58,7 +58,7 @@
     - apt
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -68,7 +68,7 @@
     - apt
 
 - name: Check scripts is installed
-  copy:
+  ansible.builtin.copy:
     src: check_held_packages.sh
     dest: /usr/share/scripts/check_held_packages.sh
     force: yes
@@ -77,7 +77,8 @@
     - apt
 
 - name: Check if Cron is installed
-  shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
+  ansible.builtin.shell:
+    cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
   register: is_cron
   changed_when: False
   failed_when: False
@@ -86,7 +87,7 @@
     - apt
 
 - name: Check for held packages (script)
-  cron:
+  ansible.builtin.cron:
     cron_file: apt-hold-packages
     name: check_held_packages
     job: "/usr/share/scripts/check_held_packages.sh"
diff --git a/apt/tasks/main.yml b/apt/tasks/main.yml
index 104756d2..295f42f1 100644
--- a/apt/tasks/main.yml
+++ b/apt/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Compatibility check"
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
@@ -10,7 +10,7 @@
     - apt
 
 - name: "apt-transport-https is installed for https repositories (before Buster)"
-  apt:
+  ansible.builtin.apt:
     name:
       - apt-transport-https
   tags:
@@ -18,20 +18,20 @@
   when: ansible_distribution_major_version is version('10', '<')
 
 - name: "certificates are installed for https repositories"
-  apt:
+  ansible.builtin.apt:
     name:
       - ca-certificates
   tags:
     - apt
 
 - name: Custom configuration
-  import_tasks: config.yml
+  ansible.builtin.import_tasks: config.yml
   when: apt_config | bool
   tags:
     - apt
 
 - name: Install basics repositories (Debian <12)
-  import_tasks: basics.oneline.yml
+  ansible.builtin.import_tasks: basics.oneline.yml
   tags:
     - apt
   when:
@@ -39,7 +39,7 @@
     - ansible_distribution_major_version is version('12', '<')
 
 - name: Install basics repositories (Debian >=12)
-  import_tasks: basics.deb822.yml
+  ansible.builtin.import_tasks: basics.deb822.yml
   tags:
     - apt
   when:
@@ -47,7 +47,7 @@
     - ansible_distribution_major_version is version('12', '>=')
 
 - name: Install backports repositories (Debian <12)
-  import_tasks: backports.oneline.yml
+  ansible.builtin.import_tasks: backports.oneline.yml
   tags:
     - apt
   when:
@@ -57,7 +57,7 @@
 # With Debian 12+ and the deb822 format of source files
 # backports are always installed but enabled according to `apt_install_backports`
 - name: Install backports repositories (Debian >=12)
-  import_tasks: backports.deb822.yml
+  ansible.builtin.import_tasks: backports.deb822.yml
   tags:
     - apt
   when:
@@ -65,7 +65,7 @@
 
 
 - name: Install Evolix Public repositories (Debian <12)
-  import_tasks: evolix_public.oneline.yml
+  ansible.builtin.import_tasks: evolix_public.oneline.yml
   tags:
     - apt
   when:
@@ -73,7 +73,7 @@
     - ansible_distribution_major_version is version('12', '<')
 
 - name: Install Evolix Public repositories (Debian >=12)
-  import_tasks: evolix_public.deb822.yml
+  ansible.builtin.import_tasks: evolix_public.deb822.yml
   tags:
     - apt
   when:
@@ -81,7 +81,7 @@
     - ansible_distribution_major_version is version('12', '>=')
 
 - name: Clean GANDI sources
-  file:
+  ansible.builtin.file:
     path: '{{ item }}'
     state: absent
   loop:
@@ -97,20 +97,20 @@
 
 
 - name: Install check for packages marked hold
-  import_tasks: hold_packages.yml
+  ansible.builtin.import_tasks: hold_packages.yml
   when: apt_install_hold_packages | bool
   tags:
     - apt
 
 - name: Updating APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   changed_when: False
   tags:
     - apt
 
 - name: Upgrading system
-  apt:
+  ansible.builtin.apt:
     upgrade: dist
   when: apt_upgrade | bool
   tags:
diff --git a/apt/tasks/migrate-to-deb822.yml b/apt/tasks/migrate-to-deb822.yml
index 642bcb4f..720045bf 100644
--- a/apt/tasks/migrate-to-deb822.yml
+++ b/apt/tasks/migrate-to-deb822.yml
@@ -1,9 +1,9 @@
 ---
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -13,7 +13,7 @@
     - apt
 
 - name: Migration scripts are installed
-  copy:
+  ansible.builtin.copy:
     src: "{{ item  }}"
     dest: "/usr/share/scripts/{{ item  }}"
     force: yes
@@ -25,7 +25,8 @@
     - apt
 
 - name: Exec migration script
-  command: /usr/share/scripts/deb822-migration.sh
+  ansible.builtin.command:
+    cmd: /usr/share/scripts/deb822-migration.sh
   ignore_errors: yes
   tags:
     - apt
\ No newline at end of file
diff --git a/apt/tasks/move-apt-keyring.yml b/apt/tasks/move-apt-keyring.yml
index 4214d2d6..5b0cdd9b 100644
--- a/apt/tasks/move-apt-keyring.yml
+++ b/apt/tasks/move-apt-keyring.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: New APT keyrings directory is present
-  file:
+  ansible.builtin.file:
     path: /etc/apt/keyrings
     state: directory
     mode: "0755"
     owner: root
     group: root
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -22,7 +22,7 @@
     - apt
 
 - name: migration script is present
-  copy:
+  ansible.builtin.copy:
     src: move-apt-keyrings.sh
     dest: /usr/share/scripts/move-apt-keyrings.sh
     mode: "0755"
@@ -30,7 +30,8 @@
     group: root
 
 - name: Move repository signing key
-  command: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
+  ansible.builtin.command:
+    cmd: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
   loop:
     - { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
     - { repository_pattern: "http://pub.evolix.org/evolix", key: "pub_evolix.asc" }
@@ -48,5 +49,5 @@
   register: _cmd
 
 - name: Debug command
-  debug:
+  ansible.builtin.debug:
     var: _cmd
diff --git a/bind/handlers/main.yml b/bind/handlers/main.yml
index b426fcd1..5461579d 100644
--- a/bind/handlers/main.yml
+++ b/bind/handlers/main.yml
@@ -1,21 +1,21 @@
 ---
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon-reload: yes
 
 
 - name: restart apparmor
-  systemd:
+  ansible.builtin.systemd:
     name: apparmor
     state: restarted
 
 - name: restart bind
-  systemd:
+  ansible.builtin.systemd:
     name: bind9
     state: restarted
 
 - name: restart munin-node
-  systemd:
+  ansible.builtin.systemd:
     name: munin-node
     state: restarted
 
diff --git a/bind/tasks/authoritative.yml b/bind/tasks/authoritative.yml
index 52992fa1..abfa96d8 100644
--- a/bind/tasks/authoritative.yml
+++ b/bind/tasks/authoritative.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Set bind configuration for authoritative server
-  template:
+  ansible.builtin.template:
     src: named.conf.options_authoritative.j2
     dest: /etc/bind/named.conf.options
     owner: bind
diff --git a/bind/tasks/main.yml b/bind/tasks/main.yml
index 9b053b6c..67776531 100644
--- a/bind/tasks/main.yml
+++ b/bind/tasks/main.yml
@@ -1,6 +1,6 @@
 # Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
 - name: set chroot variables
-  set_fact:
+  ansible.builtin.set_fact:
     bind_log_file: /var/log/bind.log
     bind_query_file: /var/log/bind_queries.log
     bind_cache_dir: /var/cache/bind
@@ -9,14 +9,15 @@
   when: bind_chroot_set | bool
 
 - name: Check AppArmor
-  shell: systemctl is-active apparmor || systemctl is-enabled apparmor
+  ansible.builtin.shell:
+    cmd: systemctl is-active apparmor || systemctl is-enabled apparmor
   failed_when: False
   changed_when: False
   check_mode: no
   register: check_apparmor
 
 - name: configure apparmor
-  template:
+  ansible.builtin.template:
     src: apparmor.usr.sbin.named.j2
     dest: /etc/apparmor.d/usr.sbin.named
     owner: root
@@ -27,20 +28,20 @@
   when: check_apparmor.rc == 0
 
 - name: package are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - bind9
       - dnstop
     state: present
 
-- include: authoritative.yml
+- ansible.builtin.include: authoritative.yml
   when: bind_authoritative_server | bool
 
-- include: recursive.yml
+- ansible.builtin.include: recursive.yml
   when: bind_recursive_server | bool
 
 - name: Create systemd service for Debian 8 (Jessie)
-  template:
+  ansible.builtin.template:
     src: bind9.service.jessie.j2
     dest: "{{ bind_systemd_service_path }}"
     owner: root
@@ -53,7 +54,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: "touch {{ bind_log_file }} if non chroot"
-  file:
+  ansible.builtin.file:
     path: "{{ bind_log_file }}"
     owner: bind
     group: adm
@@ -62,7 +63,7 @@
   when: not (bind_chroot_set | bool)
 
 - name: "touch {{ bind_query_file }} if non chroot"
-  file:
+  ansible.builtin.file:
     path: "{{ bind_query_file }}"
     owner: bind
     group: adm
@@ -71,7 +72,7 @@
   when: not (bind_chroot_set | bool)
 
 - name: send chroot-bind.sh in /root
-  copy:
+  ansible.builtin.copy:
     src: chroot-bind.sh
     dest: /root/chroot-bind.sh
     mode: "0700"
@@ -81,19 +82,20 @@
   when: bind_chroot_set | bool
 
 - name: exec chroot-bind.sh
-  command: "/root/chroot-bind.sh"
+  ansible.builtin.command:
+    cmd: "/root/chroot-bind.sh"
   register: chrootbind_run
   changed_when: False
   when: bind_chroot_set | bool
 
-- debug:
+- ansible.builtin.debug:
     var: chrootbind_run.stdout_lines
   when:
     - bind_chroot_set | bool
     - chrootbind_run.stdout | length > 0
 
 - name: Modify OPTIONS in /etc/default/bind9 for chroot
-  replace:
+  ansible.builtin.replace:
     dest: /etc/default/bind9
     regexp: '^OPTIONS=.*'
     replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
@@ -101,7 +103,7 @@
   when: bind_chroot_set | bool
 
 - name: logrotate for bind
-  template:
+  ansible.builtin.template:
     src: logrotate_bind.j2
     dest: /etc/logrotate.d/bind9
     owner: root
@@ -110,4 +112,4 @@
     force: yes
   notify: restart bind
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
diff --git a/bind/tasks/munin.yml b/bind/tasks/munin.yml
index 7bedfd2c..4a655533 100644
--- a/bind/tasks/munin.yml
+++ b/bind/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: munin_node_plugins_config
@@ -10,7 +10,7 @@
     - munin
 
 - name: Enable munin plugins for authoritative server
-  file:
+  ansible.builtin.file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
     state: link
@@ -18,31 +18,31 @@
     - bind9
     - bind9_rndc
   notify: restart munin-node
-  when:
-    - bind_authoritative_server | bool
-    - munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin
+  when:
+    - bind_authoritative_server | bool
+    - munin_node_plugins_config.stat.exists
 
 - name: Enable munin plugins for recursive server
-  file:
+  ansible.builtin.file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
     state: link
   loop:
     - bind9
   notify: restart munin-node
+  tags:
+    - bind
+    - munin
   when:
     - bind_recursive_server | bool
     - bind_query_file_enabled | bool
     - munin_node_plugins_config.stat.exists
-  tags:
-    - bind
-    - munin
 
 - name: Add munin plugin configuration
-  template:
+  ansible.builtin.template:
     src: munin-env_bind9.j2
     dest: /etc/munin/plugin-conf.d/bind9
     owner: root
@@ -50,7 +50,7 @@
     mode: "0644"
     force: yes
   notify: restart munin-node
-  when: munin_node_plugins_config.stat.exists
   tags:
     - bind
     - munin
+  when: munin_node_plugins_config.stat.exists
diff --git a/bind/tasks/recursive.yml b/bind/tasks/recursive.yml
index ddbeafbf..364f1021 100644
--- a/bind/tasks/recursive.yml
+++ b/bind/tasks/recursive.yml
@@ -2,7 +2,7 @@
 
 
 - name: Set bind configuration for recursive server
-  template:
+  ansible.builtin.template:
     src: named.conf.options_recursive.j2
     dest: /etc/bind/named.conf.options
     owner: bind
@@ -12,7 +12,7 @@
   notify: restart bind
 
 - name: enable zones.rfc1918 for recursive server
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/bind/named.conf.local
     line: 'include "/etc/bind/zones.rfc1918";'
     regexp: "zones.rfc1918"
diff --git a/bookworm-detect/tasks/main.yml b/bookworm-detect/tasks/main.yml
index be11177e..c0c50fdd 100644
--- a/bookworm-detect/tasks/main.yml
+++ b/bookworm-detect/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 
-- debug:
+- ansible.builtin.debug:
     var: ansible_lsb
 
 # Force facts until Debian 12 is released because Ansible is dumb
-- set_fact:
+- ansible.builtin.set_fact:
     ansible_distribution_major_version: 12
     ansible_distribution: "Debian"
     ansible_distribution_release: "bookworm"
diff --git a/bullseye-detect/tasks/main.yml b/bullseye-detect/tasks/main.yml
index 6f97db0a..e18d826b 100644
--- a/bullseye-detect/tasks/main.yml
+++ b/bullseye-detect/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Force facts until Debian 11 is released because Ansible is dumb
-- set_fact:
+- ansible.builtin.set_fact:
     ansible_distribution_major_version: 11
     ansible_distribution: "Debian"
     ansible_distribution_release: "bullseye"
diff --git a/certbot/handlers/main.yml b/certbot/handlers/main.yml
index 4363ed3d..54f114e2 100644
--- a/certbot/handlers/main.yml
+++ b/certbot/handlers/main.yml
@@ -1,23 +1,24 @@
 ---
 
 - name: reload nginx
-  service:
+  ansible.builtin.systemd:
     name: nginx
     state: reloaded
 
 - name: reload apache
-  service:
+  ansible.builtin.systemd:
     name: apache2
     state: reloaded
 
 - name: reload haproxy
-  service:
+  ansible.builtin.systemd:
     name: haproxy
     state: reloaded
 
 - name: systemd daemon-reload
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: yes
 
 - name: install letsencrypt-auto
-  command: /usr/local/bin/letsencrypt-auto --noninteractive --install-only --no-self-upgrade
+  ansible.builtin.command:
+    cmd: /usr/local/bin/letsencrypt-auto --noninteractive --install-only --no-self-upgrade
diff --git a/certbot/tasks/acme-challenge.yml b/certbot/tasks/acme-challenge.yml
index 56b0c099..29c0267d 100644
--- a/certbot/tasks/acme-challenge.yml
+++ b/certbot/tasks/acme-challenge.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: Certbot work directory is present
-  file:
+  ansible.builtin.file:
     dest: "{{ certbot_work_dir }}"
     state: directory
     mode: "0755"
 
 - name: Check if Nginx is installed
-  stat:
+  ansible.builtin.stat:
     path: /etc/nginx
   register: is_nginx
 
 - name: ACME challenge for Nginx is installed
-  template:
+  ansible.builtin.template:
     src: acme-challenge/nginx.conf.j2
     dest: /etc/nginx/snippets/letsencrypt.conf
     force: yes
@@ -20,32 +20,33 @@
   when: is_nginx.stat.exists
 
 - name: Check if Apache is installed
-  stat:
+  ansible.builtin.stat:
     path: /usr/sbin/apachectl
   register: is_apache
 
 - name: ACME challenge for Apache
   block:
     - name: ACME challenge for Apache is installed
-      template:
+      ansible.builtin.template:
         src: acme-challenge/apache.conf.j2
         dest: /etc/apache2/conf-available/letsencrypt.conf
         force: yes
       notify: reload apache
 
     - name: ACME challenge for Apache is enabled
-      command: "a2enconf letsencrypt"
+      ansible.builtin.command:
+        cmd: "a2enconf letsencrypt"
       register: command_result
       changed_when: "'Enabling' in command_result.stderr"
       notify: reload apache
   when: is_apache.stat.exists
 
 - name: Check if HAProxy is installed
-  stat:
+  ansible.builtin.stat:
     path: /etc/haproxy
   register: is_haproxy
 
 - name: ACME challenge for HAProxy is installed
-  debug:
+  ansible.builtin.debug:
     msg: "ACME challenge configuration for HAProxy must be configured manually"
   when: is_haproxy.stat.exists
diff --git a/certbot/tasks/install-legacy.yml b/certbot/tasks/install-legacy.yml
index 446e557a..3048a4a4 100644
--- a/certbot/tasks/install-legacy.yml
+++ b/certbot/tasks/install-legacy.yml
@@ -1,16 +1,16 @@
 ---
 
 - name: certbot package is removed
-  apt:
+  ansible.builtin.apt:
     name: certbot
     state: absent
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 # copied and customized from https://raw.githubusercontent.com/certbot/certbot/v1.14.0/letsencrypt-auto
 - name: Let's Encrypt script is present
-  copy:
+  ansible.builtin.copy:
     src: letsencrypt-auto
     dest: /usr/local/bin/letsencrypt-auto
     mode: '0755'
@@ -20,22 +20,23 @@
   notify: install letsencrypt-auto
 
 - name: Check certbot script
-  stat:
+  ansible.builtin.stat:
     path: /usr/local/bin/certbot
   register: certbot_path
 
 - name: Rename certbot script if present
-  command: "mv /usr/local/bin/certbot /usr/local/bin/certbot.bak"
+  ansible.builtin.command:
+    cmd: "mv /usr/local/bin/certbot /usr/local/bin/certbot.bak"
   when: certbot_path.stat.exists
 
 - name: Let's Encrypt script is symlinked as certbot
-  file:
+  ansible.builtin.file:
     src: "/usr/local/bin/letsencrypt-auto"
     dest: "/usr/local/bin/certbot"
     state: link
 
 - name: systemd artefacts are absent
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     state: absent
   loop:
@@ -45,14 +46,14 @@
   notify: systemd daemon-reload
 
 - name: custom crontab is present
-  copy:
+  ansible.builtin.copy:
     src: cron_jessie
     dest: /etc/cron.d/certbot
     force: yes
   when: certbot_custom_crontab | bool
 
 - name: disable self-upgrade
-  ini_file:
+  community.general.ini_file:
     dest: "/etc/letsencrypt/cli.ini"
     section: null
     option: "no-self-upgrade"
diff --git a/certbot/tasks/install-package.yml b/certbot/tasks/install-package.yml
index 06247db4..c12b49e4 100644
--- a/certbot/tasks/install-package.yml
+++ b/certbot/tasks/install-package.yml
@@ -1,6 +1,6 @@
 ---
 
 - name: certbot package is installed
-  apt:
+  ansible.builtin.apt:
     name: certbot
     state: latest
diff --git a/certbot/tasks/main.yml b/certbot/tasks/main.yml
index cede35a6..3dcb1334 100644
--- a/certbot/tasks/main.yml
+++ b/certbot/tasks/main.yml
@@ -1,28 +1,28 @@
 ---
 
 - name: "System compatibility checks"
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
     msg: only compatible with Debian 9+
 
 - name: Install legacy script on Debian 8
-  include: install-legacy.yml
+  ansible.builtin.include: install-legacy.yml
   when:
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version is version('9', '<')
 
 - name: Install package on Debian 9+
-  include: install-package.yml
+  ansible.builtin.include: install-package.yml
   when:
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version is version('9', '>=')
 
-- include: acme-challenge.yml
+- ansible.builtin.include: acme-challenge.yml
 
 - name: Deploy hooks are present
-  copy:
+  ansible.builtin.copy:
     src: hooks/deploy/
     dest: /etc/letsencrypt/renewal-hooks/deploy/
     mode: "0700"
@@ -30,7 +30,7 @@
     group: root
 
 - name: Manual deploy hook is present
-  copy:
+  ansible.builtin.copy:
     src: hooks/manual-deploy.sh
     dest: /etc/letsencrypt/renewal-hooks/manual-deploy.sh
     mode: "0700"
@@ -38,7 +38,7 @@
     group: root
 
 - name: "sync_remote is configured with servers"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/letsencrypt/renewal-hooks/deploy/sync_remote.cf
     regexp: "^servers="
     line: "servers=\"{{ certbot_hooks_sync_remote_servers | join(' ') }}\""
@@ -46,14 +46,15 @@
 
 # begining of backward compatibility tasks
 - name: Move deploy/commit-etc.sh to deploy/z-commit-etc.sh if present
-  command: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
+  ansible.builtin.command:
+    cmd: "mv /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh"
   args:
     removes: /etc/letsencrypt/renewal-hooks/deploy/commit-etc.sh
     creates: /etc/letsencrypt/renewal-hooks/deploy/z-commit-etc.sh
 # end of backward compatibility tasks
 
 - name: "certbot lock is ignored by Git"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/.gitignore
     line: letsencrypt/.certbot.lock
     create: yes
diff --git a/clamav/handlers/main.yml b/clamav/handlers/main.yml
index e053f01a..c931807b 100644
--- a/clamav/handlers/main.yml
+++ b/clamav/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart clamav
-  service:
+  ansible.builtin.service:
     name: clamav-daemon
     state: restarted
diff --git a/clamav/tasks/main.yml b/clamav/tasks/main.yml
index f74efae5..7044ddce 100644
--- a/clamav/tasks/main.yml
+++ b/clamav/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: configure clamav-daemon
-  debconf:
+  ansible.builtin.debconf:
     name: clamav-daemon
     question: "{{ item.key }}"
     value: "{{ item.value }}"
@@ -52,7 +52,7 @@
   - clamav
 
 - name: configure clamav-freshclam
-  debconf:
+  ansible.builtin.debconf:
     name: clamav-freshclam
     question: "{{ item.key }}"
     value: "{{ item.value }}"
@@ -73,7 +73,7 @@
   - clamav
 
 - name: install ClamAV
-  apt:
+  ansible.builtin.apt:
     name:
       - clamav-daemon
       - clamav
@@ -92,7 +92,7 @@
   - clamav
 
 - name: add clamav user to amavis group
-  user:
+  ansible.builtin.user:
     name: clamav
     groups: amavis
     append: True
@@ -100,7 +100,7 @@
   - clamav
 
 - name: allow supplementary groups
-  replace:
+  ansible.builtin.replace:
     dest: /etc/clamav/clamd.conf
     regexp: 'AllowSupplementaryGroups false'
     replace: 'AllowSupplementaryGroups true'
diff --git a/dhcpd/handlers/main.yml b/dhcpd/handlers/main.yml
index 09f93269..8cfa9eb0 100644
--- a/dhcpd/handlers/main.yml
+++ b/dhcpd/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart dhcp
-  service:
+  ansible.builtin.service:
     name: isc-dhcp-server
     state: restarted
diff --git a/dhcpd/tasks/main.yml b/dhcpd/tasks/main.yml
index 828a219f..214c5d58 100644
--- a/dhcpd/tasks/main.yml
+++ b/dhcpd/tasks/main.yml
@@ -1,4 +1,4 @@
 - name: ensure packages are installed
-  apt:
+  ansible.builtin.apt:
     name: isc-dhcp-server
     state: present
diff --git a/docker-host/handlers/main.yml b/docker-host/handlers/main.yml
index c21a84ef..46d42215 100644
--- a/docker-host/handlers/main.yml
+++ b/docker-host/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon-reload: yes
 
 - name: restart docker
-  service:
+  ansible.builtin.systemd:
     name: docker
     state: restarted
     enabled: yes
diff --git a/dovecot/handlers/main.yml b/dovecot/handlers/main.yml
index 7d40488b..1e6afce7 100644
--- a/dovecot/handlers/main.yml
+++ b/dovecot/handlers/main.yml
@@ -1,16 +1,16 @@
 ---
 - name: restart dovecot
-  service:
+  ansible.builtin.service:
     name: dovecot
     state: restarted
 
 - name: reload dovecot
-  service:
+  ansible.builtin.service:
     name: dovecot
     state: reloaded
 
 - name: restart log2mail
-  service:
+  ansible.builtin.service:
     name: log2mail
     state: restarted
 
diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index dddd951c..adb81238 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: ensure packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - dovecot-ldap
       - dovecot-imapd
@@ -11,12 +11,12 @@
   - dovecot
 
 - name: Generate 4096 bits Diffie-Hellman parameters (may take several minutes)
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: /etc/ssl/dhparams.pem
     size: 4096
 
 - name: disable pam auth
-  replace:
+  ansible.builtin.replace:
     dest: /etc/dovecot/conf.d/10-auth.conf
     regexp: "[^#]!include auth-system.conf.ext"
     replace: "#!include auth-system.conf.ext"
@@ -24,7 +24,7 @@
   - dovecot
 
 - name: update ldap auth
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/dovecot/dovecot-ldap.conf.ext
     line: "{{ item.key }} = {{ item.value }}"
     regexp: "^#*{{ item.key }}"
@@ -43,7 +43,7 @@
   - dovecot
 
 - name: create vmail group
-  group:
+  ansible.builtin.group:
     name: vmail
     gid: "{{ dovecot_vmail_gid }}"
     system: True
@@ -51,7 +51,7 @@
   - dovecot
 
 - name: create vmail user
-  user:
+  ansible.builtin.user:
     name: vmail
     group: vmail
     uid: "{{ dovecot_vmail_uid }}"
@@ -61,7 +61,7 @@
   - dovecot
 
 - name: deploy evolix config
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.conf.j2
     dest: /etc/dovecot/conf.d/z-evolinux-defaults.conf
     mode: "0644"
@@ -70,7 +70,7 @@
   - dovecot
 
 - name: deploy file for custom configuration
-  template:
+  ansible.builtin.template:
     src: zzz-evolinux-custom.conf.j2
     dest: /etc/dovecot/conf.d/zzz-evolinux-custom.conf
     mode: "0644"
@@ -78,18 +78,18 @@
   tags:
   - dovecot
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
   tags:
-  - dovecot
+    - dovecot
 
 - name: log2mail is installed
-  apt:
+  ansible.builtin.apt:
     name: log2mail
     state: present
   tags: dovecot
 
 - name: dovecot is configured in log2mail
-  blockinfile:
+  ansible.builtin.blockinfile:
     path: /etc/log2mail/config/mail.conf
     create: true
     owner: log2mail
diff --git a/dovecot/tasks/munin.yml b/dovecot/tasks/munin.yml
index c6b58d28..8db1456c 100644
--- a/dovecot/tasks/munin.yml
+++ b/dovecot/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: munin_node_plugins_config
@@ -9,13 +9,13 @@
 - name: Munin plugins are present and configured
   block:
     - name: Install munin plugin
-      copy:
+      ansible.builtin.copy:
         src: munin_plugin
         dest: /etc/munin/plugins/dovecot
         mode: "0755"
 
     - name: Install munin config
-      copy:
+      ansible.builtin.copy:
         src: munin_config
         dest: /etc/munin/plugin-conf.d/dovecot
         mode: "0644"
diff --git a/drbd/handlers/main.yml b/drbd/handlers/main.yml
index 0b7f394e..5ca5295a 100644
--- a/drbd/handlers/main.yml
+++ b/drbd/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/drbd/tasks/main.yml b/drbd/tasks/main.yml
index 6e0eca0a..c7134f27 100644
--- a/drbd/tasks/main.yml
+++ b/drbd/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
 
-- include: nagios.yml
+- ansible.builtin.include: nagios.yml
diff --git a/drbd/tasks/munin.yml b/drbd/tasks/munin.yml
index 0e297d16..205cfb5f 100644
--- a/drbd/tasks/munin.yml
+++ b/drbd/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Check if Munin plugins exists
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugins/
   register: munin_plugins_dir
   check_mode: no
@@ -10,7 +10,7 @@
 
 # https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/drbd/drbd
 - name: Get Munin plugin
-  copy:
+  ansible.builtin.copy:
     src: munin/drbd-plugin
     dest: /etc/munin/plugins/drbd
     mode: "0755"
@@ -20,7 +20,7 @@
   - drbd
 
 - name: Copy Munin plugin conf
-  copy:
+  ansible.builtin.copy:
     src: munin/drbd-config
     dest: /etc/munin/plugin-conf.d/drbd
     mode: "0644"
diff --git a/drbd/tasks/nagios.yml b/drbd/tasks/nagios.yml
index ea436a5b..d62e00d2 100644
--- a/drbd/tasks/nagios.yml
+++ b/drbd/tasks/nagios.yml
@@ -1,21 +1,21 @@
 ---
 
 - name: Check if Nagios is installed
-  stat:
+  ansible.builtin.stat:
     path: /usr/local/lib/nagios/plugins/
   register: nagios_plugins_dir
   check_mode: no
   tags:
   - drbd
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
   - drbd
 
 # https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=3367&cf_id=30
 - name: Install Nagios plugin
-  copy:
+  ansible.builtin.copy:
     src: "nagios/check_drbd"
     dest: "/usr/local/lib/nagios/plugins/check_drbd"
     mode: "0755"
diff --git a/drbd/tasks/packages.yml b/drbd/tasks/packages.yml
index 59b4bb2e..a4f4f373 100644
--- a/drbd/tasks/packages.yml
+++ b/drbd/tasks/packages.yml
@@ -1,5 +1,5 @@
 - name: Install dependency
-  apt:
+  ansible.builtin.apt:
     name:
       - drbd-utils
       - lvm2
@@ -7,7 +7,7 @@
   - drbd
 
 - name: Enable drbd.service
-  service:
+  ansible.builtin.service:
     name: drbd
     enabled: yes
   tags:
diff --git a/elasticsearch/handlers/main.yml b/elasticsearch/handlers/main.yml
index c8a57b70..2531b0b8 100644
--- a/elasticsearch/handlers/main.yml
+++ b/elasticsearch/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: restart elasticsearch
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: yes
     name: elasticsearch
     state: restarted
diff --git a/elasticsearch/tasks/additional_scripts.yml b/elasticsearch/tasks/additional_scripts.yml
index e8373ef8..8dcb0759 100644
--- a/elasticsearch/tasks/additional_scripts.yml
+++ b/elasticsearch/tasks/additional_scripts.yml
@@ -1,11 +1,11 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: elasticsearch_additional_scripts_dir is search("/usr")
 
 - name: "{{ elasticsearch_additional_scripts_dir }} exists"
-  file:
+  ansible.builtin.file:
     dest: "{{ elasticsearch_additional_scripts_dir }}"
     mode: "0700"
     owner: root
@@ -13,7 +13,7 @@
     state: directory
 
 - name: Plugins upgrade script is installed
-  copy:
+  ansible.builtin.copy:
     src: upgrade_elasticsearch_plugins.sh
     dest: "{{ elasticsearch_additional_scripts_dir }}/upgrade_elasticsearch_plugins.sh"
     mode: "0755"
diff --git a/elasticsearch/tasks/bootstrap_checks.yml b/elasticsearch/tasks/bootstrap_checks.yml
index b1f79046..0df9a618 100644
--- a/elasticsearch/tasks/bootstrap_checks.yml
+++ b/elasticsearch/tasks/bootstrap_checks.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: Read maximum map count
-  command: "sysctl -n vm.max_map_count"
+  ansible.builtin.command:
+    cmd: "sysctl -n vm.max_map_count"
   register: max_map_count
   failed_when: False
   changed_when: False
@@ -9,7 +10,7 @@
   - config
 
 - name: Maximum map count check
-  sysctl:
+  ansible.posix.sysctl:
     name: vm.max_map_count
     value: 262144
     sysctl_file: /etc/sysctl.d/elasticsearch.conf
@@ -18,7 +19,7 @@
   - config
 
 - name: bootstrap.memory_lock
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "bootstrap.memory_lock: true"
     regexp: "^bootstrap.memory_lock:"
@@ -27,12 +28,12 @@
   - config
 
 - name: Create a system config directory for systemd overrides
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/elasticsearch.service.d
     state: directory
 
 - name: Override memory config in systemd unit
-  ini_file:
+  community.general.ini_file:
     dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
     section: Service
     option: "LimitMEMLOCK"
diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml
index 7324f610..9c3875b0 100644
--- a/elasticsearch/tasks/configuration.yml
+++ b/elasticsearch/tasks/configuration.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Configure cluster name
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "cluster.name: {{ elasticsearch_cluster_name }}"
     regexp: "^cluster.name:"
@@ -11,7 +11,7 @@
     - config
 
 - name: Configure node name
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "node.name: {{ elasticsearch_node_name }}"
     regexp: "^node.name:"
@@ -20,7 +20,7 @@
     - config
 
 - name: Configure network host
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "network.host: {{ elasticsearch_network_host  }}"
     regexp: "^network.host:"
@@ -30,7 +30,7 @@
     - config
 
 - name: Configure network publish_host
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "network.publish_host: {{ elasticsearch_network_publish_host  }}"
     regexp: "^network.publish_host:"
@@ -40,7 +40,7 @@
     - config
 
 - name: Configure http publish_host
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "http.publish_host: {{ elasticsearch_http_publish_host  }}"
     regexp: "^http.publish_host:"
@@ -50,7 +50,7 @@
     - config
 
 - name: Configure discovery seed hosts
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml(default_flow_style=True) }}"
     regexp: "^discovery.seed_hosts:"
@@ -59,7 +59,7 @@
     - config
 
 - name: Configure empty discovery seed hosts
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     regexp: "^discovery.seed_hosts:"
     state: absent
@@ -68,7 +68,7 @@
     - config
 
 - name: Configure initial master nodes
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml(default_flow_style=True) }}"
     regexp: "^cluster.initial_master_nodes:"
@@ -77,7 +77,7 @@
     - config
 
 - name: Configure empty initial master nodes
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     regexp: "^cluster.initial_master_nodes:"
     state: absent
@@ -86,7 +86,7 @@
     - config
 
 - name: Configure RESTART_ON_UPGRADE
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/default/elasticsearch
     line: "RESTART_ON_UPGRADE={{ elasticsearch_restart_on_upgrade | bool | ternary('true','false') }}"
     regexp: "^RESTART_ON_UPGRADE="
@@ -95,7 +95,7 @@
     - config
 
 - name: JVM Heap size (min) is set
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/jvm.options.d/evolinux.options
     regexp: "^-Xms"
     line: "-Xms{{ elasticsearch_jvm_xms }}"
@@ -107,7 +107,7 @@
     - config
 
 - name: JVM Heap size (max) is set
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/jvm.options.d/evolinux.options
     regexp: "^-Xmx"
     line: "-Xmx{{ elasticsearch_jvm_xmx }}"
@@ -119,7 +119,7 @@
     - config
 
 - name: Disable garbage collector logs (JDK >= 9)
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/jvm.options
     regexp: "Xlog:gc"
     line: "#9-:-Xlog:gc*,gc+age=trace,safepoint:file=/opt/my-app/gc.log:utctime,pid,tags:filecount=32,filesize=64m"
@@ -130,7 +130,7 @@
     - config
 
 - name: Configure cluster members
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
     regexp: "^discovery.zen.ping.unicast.hosts:"
@@ -140,7 +140,7 @@
     - config
 
 - name: Configure minimum master nodes
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
     regexp: "^discovery.zen.minimum_master_nodes:"
diff --git a/elasticsearch/tasks/curator.yml b/elasticsearch/tasks/curator.yml
index c7c44259..4cf7c9d5 100644
--- a/elasticsearch/tasks/curator.yml
+++ b/elasticsearch/tasks/curator.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: Use the correct debian repository
-  set_fact:
+  ansible.builtin.set_fact:
     curator_debian_repository: '{% if ansible_distribution_release == "jessie" %}debian{% else %}debian9{% endif %}'
 
 - name: Curator sources list is available
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb https://packages.elastic.co/curator/5/{{ curator_debian_repository }} stable main"
     filename: curator
     update_cache: yes
@@ -15,7 +15,7 @@
     - packages
 
 - name: Curator package is installed
-  apt:
+  ansible.builtin.apt:
     name: elasticsearch-curator
     state: present
   tags:
diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml
index ef91cf1d..c442ae42 100644
--- a/elasticsearch/tasks/datadir.yml
+++ b/elasticsearch/tasks/datadir.yml
@@ -3,13 +3,13 @@
 - name: Set real datadir value when customized
   block:
     - name: "Is custom datadir present ?"
-      stat:
+      ansible.builtin.stat:
         path: "{{ elasticsearch_custom_datadir }}"
       register: elasticsearch_custom_datadir_test
       check_mode: no
 
     - name: "read the real datadir"
-      command: readlink -f /var/lib/elasticsearch
+      ansible.builtin.command: readlink -f /var/lib/elasticsearch
       changed_when: False
       register: elasticsearch_current_real_datadir_test
       check_mode: no
@@ -22,23 +22,24 @@
 - name: Datadir is moved to custom path
   block:
     - name: elasticsearch is stopped
-      service:
+      ansible.builtin.service:
         name: elasticsearch
         state: stopped
 
     - name: Move elasticsearch datadir to custom datadir
-      command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
+      ansible.builtin.command:
+        cmd: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
       args:
         creates: "{{ elasticsearch_custom_datadir }}"
 
     - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
-      file:
+      ansible.builtin.file:
         src: "{{ elasticsearch_custom_datadir }}"
         dest: '/var/lib/elasticsearch'
         state: link
 
     - name: elasticsearch is started
-      service:
+      ansible.builtin.service:
         name: elasticsearch
         state: started
   tags:
diff --git a/elasticsearch/tasks/logs.yml b/elasticsearch/tasks/logs.yml
index 8c5977a4..0569ef07 100644
--- a/elasticsearch/tasks/logs.yml
+++ b/elasticsearch/tasks/logs.yml
@@ -1,8 +1,8 @@
 ---
 
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   check_mode: no
   failed_when: False
@@ -10,7 +10,7 @@
   register: is_cron_installed
 
 - name: "log rotation script"
-  template:
+  ansible.builtin.template:
     src: rotate_elasticsearch_logs.j2
     dest: /etc/cron.daily/rotate_elasticsearch_logs
     owner: root
diff --git a/elasticsearch/tasks/main.yml b/elasticsearch/tasks/main.yml
index 6f5ccc8c..132089c7 100644
--- a/elasticsearch/tasks/main.yml
+++ b/elasticsearch/tasks/main.yml
@@ -1,21 +1,21 @@
 ---
 
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: configuration.yml
+- ansible.builtin.include: configuration.yml
 
-- include: bootstrap_checks.yml
+- ansible.builtin.include: bootstrap_checks.yml
 
-- include: tmpdir.yml
+- ansible.builtin.include: tmpdir.yml
 
-- include: datadir.yml
+- ansible.builtin.include: datadir.yml
 
-- include: logs.yml
+- ansible.builtin.include: logs.yml
 
-- include: additional_scripts.yml
+- ansible.builtin.include: additional_scripts.yml
 
-- include: plugin_head.yml
+- ansible.builtin.include: plugin_head.yml
   when: elasticsearch_plugin_head | bool
 
-- include: curator.yml
+- ansible.builtin.include: curator.yml
   when: elasticsearch_curator | bool
diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml
index 2f7cae39..2a98d080 100644
--- a/elasticsearch/tasks/plugin_head.yml
+++ b/elasticsearch/tasks/plugin_head.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "User {{ elasticsearch_plugin_head_owner }} is present"
-  user:
+  ansible.builtin.user:
     name: "{{ elasticsearch_plugin_head_owner }}"
     home: "{{ elasticsearch_plugin_head_home }}"
     createhome: yes
@@ -11,7 +11,7 @@
 - name: Head plugin is installed
   block:
     - name: Head repository is checked-out
-      git:
+      ansible.builtin.git:
         repo: "https://github.com/mobz/elasticsearch-head.git"
         dest: "{{ elasticsearch_plugin_head_clone_dir }}"
         clone: yes
@@ -19,12 +19,12 @@
         - packages
 
     - name: Create tmpdir
-      file:
+      ansible.builtin.file:
         dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
         state: directory
 
     - name: NPM packages for head are installed
-      npm:
+      community.general.npm:
         path: "{{ elasticsearch_plugin_head_clone_dir }}"
       tags:
         - packages
@@ -35,7 +35,7 @@
   become: yes
 
 - name: Elasticsearch HTTP/CORS are enabled
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "http.cors.enabled: true"
     regexp: "^http.cors.enabled:"
@@ -46,7 +46,7 @@
     - elasticsearch
 
 - name: Elasticsearch HTTP/CORS accepts all origins
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "http.cors.allow-origin: \"*\""
     regexp: "^http.cors.allow-origin:"
@@ -57,7 +57,7 @@
     - elasticsearch
 
 - name: Install systemd unit
-  template:
+  ansible.builtin.template:
     src: elasticsearch-head.service.j2
     dest: /etc/systemd/system/elasticsearch-head.service
   tags:
@@ -65,7 +65,7 @@
     - systemd
 
 - name: Enable systemd unit
-  systemd:
+  ansible.builtin.systemd:
     name: elasticsearch-head
     daemon_reload: yes
     enabled: yes
diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml
index 30375af1..e3601fb8 100644
--- a/elasticsearch/tasks/tmpdir.yml
+++ b/elasticsearch/tasks/tmpdir.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: Check if /tmp is noexec
-  shell: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
+  ansible.builtin.shell:
+    cmd: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
   register: fstab_tmp_noexec
   failed_when: False
   changed_when: False
@@ -9,13 +10,13 @@
 
 - name: Tmpdir is moved to custom path
   block:
-    - set_fact:
+    - ansible.builtin.set_fact:
         _elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
       tags:
         - elasticsearch
 
     - name: "Create {{ _elasticsearch_custom_tmpdir }}"
-      file:
+      ansible.builtin.file:
         path: "{{ _elasticsearch_custom_tmpdir }}"
         owner: elasticsearch
         group: elasticsearch
@@ -25,7 +26,7 @@
         - elasticsearch
 
     - name: change JVM tmpdir (< 6.x)
-      lineinfile:
+      ansible.builtin.lineinfile:
         dest: /etc/elasticsearch/jvm.options.d/evolinux.options
         line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
         regexp: "^-Djava.io.tmpdir="
@@ -40,7 +41,7 @@
       when: elastic_stack_version is version('6', '<')
 
     - name: check if ES_TMPDIR is available (>= 6.x)
-      lineinfile:
+      ansible.builtin.lineinfile:
         dest: /etc/default/elasticsearch
         line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
         regexp: "^ES_TMPDIR="
@@ -53,7 +54,7 @@
 
     # Note : Should not do any changes as -Djava.io.tmpdir=${ES_TMPDIR} is already here in the default config.
     - name: change JVM tmpdir (>= 6.x)
-      lineinfile:
+      ansible.builtin.lineinfile:
         dest: /etc/elasticsearch/jvm.options
         line: "-Djava.io.tmpdir=${ES_TMPDIR}"
         regexp: "^-Djava.io.tmpdir="
diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml
index c92e3c6a..55c02934 100644
--- a/etc-git/tasks/commit.yml
+++ b/etc-git/tasks/commit.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: "Execute ansible-commit"
-  command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
+  ansible.builtin.command:
+    cmd: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
   changed_when:
     - _ansible_commit.stdout
     - "'CHANGED:' in _ansible_commit.stdout"
diff --git a/etc-git/tasks/lxc_commit.yml b/etc-git/tasks/lxc_commit.yml
index 26fc8738..1c3d0d67 100644
--- a/etc-git/tasks/lxc_commit.yml
+++ b/etc-git/tasks/lxc_commit.yml
@@ -1,15 +1,15 @@
 ---
 - name: "Assert that we have been called with `container` defined"
-  assert:
+  ansible.builtin.assert:
     that:
       - container is defined
 
 - name: "Define path to /etc in {{ container }} container"
-  set_fact:
+  ansible.builtin.set_fact:
     container_etc: "{{ ('/var/lib/lxc', container, 'rootfs/etc') | path_join }}"
 
 - name: "Check if /etc is a git repository in {{ container }}"
-  stat:
+  ansible.builtin.stat:
     path: "{{ (container_etc, '.git') | path_join }}"
     get_attributes: no
     get_checksum: no
@@ -17,7 +17,7 @@
   register: "container_etc_git"
 
 - name: "Evocommit /etc of {{ container }}"
-  command:
+  ansible.builtin.command:
     argv:
       - /usr/local/bin/evocommit
       - '--ansible'
diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml
index ac28e1e7..bae705d3 100644
--- a/etc-git/tasks/main.yml
+++ b/etc-git/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Git is installed (Debian)
-  apt:
+  ansible.builtin.apt:
     name: git
     state: present
   tags:
@@ -10,12 +10,12 @@
     - ansible_distribution == "Debian"
 
 - name: Install and configure utilities
-  include: utils.yml
+  ansible.builtin.include: utils.yml
   tags:
     - etc-git
 
 - name: Configure repositories
-  include: repositories.yml
+  ansible.builtin.include: repositories.yml
   tags:
     - etc-git
   when: etc_git_config_repositories | bool
\ No newline at end of file
diff --git a/etc-git/tasks/repositories.yml b/etc-git/tasks/repositories.yml
index 71ff0665..d9d64ad6 100644
--- a/etc-git/tasks/repositories.yml
+++ b/etc-git/tasks/repositories.yml
@@ -1,6 +1,6 @@
 ---
 
-- include: repository.yml
+- ansible.builtin.include: repository.yml
   vars:
     repository_path: "/etc"
     gitignore_items:
@@ -15,18 +15,18 @@
     - etc-git
 
 - name: verify /usr/share/scripts presence
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/scripts
   register: _usr_share_scripts
   tags:
     - etc-git
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when:
     - _usr_share_scripts.stat.isdir
 
-- include: repository.yml
+- ansible.builtin.include: repository.yml
   vars:
     repository_path: "/usr/share/scripts"
     gitignore_items: []
diff --git a/etc-git/tasks/repository.yml b/etc-git/tasks/repository.yml
index 7ebfc773..1601a157 100644
--- a/etc-git/tasks/repository.yml
+++ b/etc-git/tasks/repository.yml
@@ -1,11 +1,12 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: repository_path is search("/usr")
 
 - name: "{{ repository_path }} is versioned with git"
-  command: "git init ."
+  ansible.builtin.command:
+    cmd: "git init ."
   args:
     chdir: "{{ repository_path }}"
     creates: "{{ repository_path }}/.git/"
@@ -14,7 +15,7 @@
     - etc-git
 
 - name: Git user.email is configured
-  git_config:
+  community.general.git_config:
     name: user.email
     repo: "{{ repository_path }}"
     scope: local
@@ -23,7 +24,7 @@
     - etc-git
 
 - name: "{{ repository_path }}/.git is restricted to root"
-  file:
+  ansible.builtin.file:
     path: "{{ repository_path }}/.git"
     owner: root
     mode: "0700"
@@ -32,7 +33,7 @@
     - etc-git
 
 - name: "{{ repository_path }}/.gitignore is present"
-  copy:
+  ansible.builtin.copy:
     src: gitignore
     dest: "{{ repository_path }}/.gitignore"
     owner: root
@@ -42,7 +43,7 @@
     - etc-git
 
 - name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ repository_path }}/.gitignore"
     line: "{{ item }}"
   loop: "{{ gitignore_items | default([]) }}"
@@ -50,7 +51,8 @@
     - etc-git
 
 - name: "does {{ repository_path }}/ have any commit?"
-  command: "git log"
+  ansible.builtin.command:
+    cmd: "git log"
   args:
     chdir: "{{ repository_path }}"
   changed_when: False
@@ -61,7 +63,8 @@
     - etc-git
 
 - name: initial commit is present?
-  shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
+  ansible.builtin.shell:
+    cmd: "git add -A . && git commit -m \"Initial commit via Ansible\""
   args:
     chdir: "{{ repository_path }}"
   register: git_commit
diff --git a/etc-git/tasks/utils.yml b/etc-git/tasks/utils.yml
index 831f62a6..b54e1c61 100644
--- a/etc-git/tasks/utils.yml
+++ b/etc-git/tasks/utils.yml
@@ -1,12 +1,12 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - etc-git
 
 - name: "evocommit script is installed"
-  copy:
+  ansible.builtin.copy:
     src: evocommit
     dest: /usr/local/bin/evocommit
     mode: "0755"
@@ -15,7 +15,7 @@
     - etc-git
 
 - name: "ansible-commit script is installed"
-  copy:
+  ansible.builtin.copy:
     src: ansible-commit
     dest: /usr/local/bin/ansible-commit
     mode: "0755"
@@ -24,7 +24,7 @@
     - etc-git
 
 - name: "etc-git-optimize script is installed"
-  copy:
+  ansible.builtin.copy:
     src: etc-git-optimize
     dest: /usr/share/scripts/etc-git-optimize
     mode: "0755"
@@ -33,7 +33,7 @@
     - etc-git
 
 - name: "etc-git-status script is installed"
-  copy:
+  ansible.builtin.copy:
     src: etc-git-status
     dest: /usr/share/scripts/etc-git-status
     mode: "0755"
@@ -42,8 +42,8 @@
     - etc-git
 
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   failed_when: False
   changed_when: False
@@ -52,7 +52,7 @@
 
 - block:
   - name: Legacy cron jobs for /etc/.git status are absent
-    file:
+    ansible.builtin.file:
       dest: "{{ item }}"
       state: absent
     loop:
@@ -60,7 +60,7 @@
       - /etc/cron.d/etc-git-status
 
   - name: Cron job for monthly git optimization
-    cron:
+    ansible.builtin.cron:
       name: "Monthly optimization"
       cron_file: etc-git
       special_time: "monthly"
@@ -68,7 +68,7 @@
       job: "/usr/share/scripts/etc-git-optimize"
 
   - name: Cron job for hourly git status
-    cron:
+    ansible.builtin.cron:
       name: "Hourly warning for unclean Git repository if nobody is connected"
       cron_file: etc-git
       special_time: "hourly"
@@ -77,7 +77,7 @@
       state: "{{ etc_git_monitor_status | bool | ternary('present','absent') }}"
 
   - name: Cron job for daily git status
-    cron:
+    ansible.builtin.cron:
       name: "Daily warning for unclean Git repository"
       cron_file: etc-git
       user: root
diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml
index 1ea11783..b188bfe7 100644
--- a/evoacme/handlers/main.yml
+++ b/evoacme/handlers/main.yml
@@ -1,25 +1,27 @@
 - name: newaliases
-  command: newaliases
+  ansible.builtin.command:
+    cmd: newaliases
 
 - name: Test Apache conf
-  command: apache2ctl -t
+  ansible.builtin.command:
+    cmd: apache2ctl -t
   notify: "Reload Apache conf"
 
 - name: reload apache2
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
 
 - name: reload squid3
-  service:
+  ansible.builtin.service:
     name: squid3
     state: reloaded
 
 - name: reload squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: reloaded
diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml
index 26327569..bc844393 100644
--- a/evoacme/tasks/certbot.yml
+++ b/evoacme/tasks/certbot.yml
@@ -1,27 +1,29 @@
 ---
 - name: Do no install certbot crontab
-  set_fact:
+  ansible.builtin.set_fact:
     certbot_custom_crontab: False
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/certbot
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 
 - name: Disable /etc/cron.d/certbot
-  command: mv -f /etc/cron.d/certbot /etc/cron.d/certbot.disabled
+  ansible.builtin.command:
+    cmd: mv -f /etc/cron.d/certbot /etc/cron.d/certbot.disabled
   args:
     removes: /etc/cron.d/certbot
 
 - name: Disable /etc/cron.daily/certbot
-  command: mv -f /etc/cron.daily/certbot /etc/cron.daily/certbot.disabled
+  ansible.builtin.command:
+    cmd: mv -f /etc/cron.daily/certbot /etc/cron.daily/certbot.disabled
   args:
     removes: /etc/cron.daily/certbot
 
 - name: Install evoacme custom cron
-  copy:
+  ansible.builtin.copy:
     src: evoacme.cron
     dest: /etc/cron.daily/evoacme
     mode: "0755"
diff --git a/evoacme/tasks/conf.yml b/evoacme/tasks/conf.yml
index 402fbdcf..125feb32 100644
--- a/evoacme/tasks/conf.yml
+++ b/evoacme/tasks/conf.yml
@@ -1,5 +1,5 @@
 ---
-- ini_file:
+- community.general.ini_file:
     dest: "{{ evoacme_crt_dir }}/openssl.cnf"
     section: 'req'
     option: "{{ item.name }}"
@@ -11,7 +11,7 @@
      - { name: 'prompt', var: 'no' }
 
 - name: Update openssl conf
-  ini_file:
+  community.general.ini_file:
     dest: "{{ evoacme_crt_dir }}/openssl.cnf"
     section: 'req_dn'
     option: "{{ item.name }}"
@@ -25,7 +25,7 @@
      - { name: 'emailAddress', var: "{{ evoacme_ssl_email }}" }
 
 - name: Copy new evoacme conf
-  template:
+  ansible.builtin.template:
     src: templates/evoacme.conf.j2
     dest: /etc/default/evoacme
     owner: root
diff --git a/evoacme/tasks/evoacme_hook.yml b/evoacme/tasks/evoacme_hook.yml
index 2951fa00..14963944 100644
--- a/evoacme/tasks/evoacme_hook.yml
+++ b/evoacme/tasks/evoacme_hook.yml
@@ -1,18 +1,19 @@
 ---
 
 - name: "Create {{ hook_name }} hook directory"
-  file:
+  ansible.builtin.file:
     dest: "{{ evoacme_hooks_dir }}"
     state: directory
 
 - name: "Search for {{ hook_name }} hook"
-  command: "find {{ evoacme_hooks_dir }} -type f \\( -name '{{ hook_name }}' -o -name '{{ hook_name }}.*' \\)"
+  ansible.builtin.command:
+    cmd: "find {{ evoacme_hooks_dir }} -type f \\( -name '{{ hook_name }}' -o -name '{{ hook_name }}.*' \\)"
   check_mode: no
   changed_when: False
   register: _find_hook
 
 - name: "Copy {{ hook_name }} hook if missing"
-  copy:
+  ansible.builtin.copy:
     src: "hooks/{{ hook_name }}"
     dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
     mode: "0750"
diff --git a/evoacme/tasks/main.yml b/evoacme/tasks/main.yml
index 1cc84c5d..29e3e89f 100644
--- a/evoacme/tasks/main.yml
+++ b/evoacme/tasks/main.yml
@@ -1,16 +1,16 @@
 ---
 
 - name: Verify Debian version
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('9', '>=')
     msg: only compatible with Debian >= 9
   when: not (evoacme_disable_debian_check | bool)
 
-- include: certbot.yml
+- ansible.builtin.include: certbot.yml
 
-- include: permissions.yml
+- ansible.builtin.include: permissions.yml
 
 # Enable this task if you want to deploy hooks
 # - include: evoacme_hook.yml
@@ -18,6 +18,6 @@
 #     hook_name: "{{ item }}"
 #   loop: []
 
-- include: conf.yml
+- ansible.builtin.include: conf.yml
 
-- include: scripts.yml
+- ansible.builtin.include: scripts.yml
diff --git a/evoacme/tasks/permissions.yml b/evoacme/tasks/permissions.yml
index 69bcbe12..4d10ff7e 100644
--- a/evoacme/tasks/permissions.yml
+++ b/evoacme/tasks/permissions.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Fix crt directory permissions
-  file:
+  ansible.builtin.file:
     path: "{{ evoacme_crt_dir }}"
     mode: "0755"
     owner: root
@@ -9,7 +9,7 @@
     state: directory
 
 - name: "Fix hooks directory permissions"
-  file:
+  ansible.builtin.file:
     path: "{{ evoacme_hooks_dir }}"
     mode: "0700"
     owner: root
@@ -17,7 +17,7 @@
     state: directory
 
 - name: Fix log directory permissions
-  file:
+  ansible.builtin.file:
     path: "{{ evoacme_log_dir }}"
     mode: "0755"
     owner: root
@@ -25,7 +25,7 @@
     state: directory
 
 - name: Fix challenge directory permissions
-  file:
+  ansible.builtin.file:
     path: "{{ evoacme_acme_dir }}"
     mode: "0755"
     owner: root
diff --git a/evoacme/tasks/scripts.yml b/evoacme/tasks/scripts.yml
index 89aacff8..e70e990f 100644
--- a/evoacme/tasks/scripts.yml
+++ b/evoacme/tasks/scripts.yml
@@ -1,10 +1,10 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Create CSR dir
-  file:
+  ansible.builtin.file:
     path: "{{ evoacme_csr_dir }}"
     state: directory
     owner: root
@@ -12,7 +12,7 @@
     mode: "0755"
 
 - name: Copy make-csr.sh script
-  copy:
+  ansible.builtin.copy:
     src: make-csr.sh
     dest: /usr/local/sbin/make-csr
     owner: root
@@ -20,7 +20,7 @@
     mode: "0755"
 
 - name: Copy vhost-domains.sh script
-  copy:
+  ansible.builtin.copy:
     src: vhost-domains.sh
     dest: /usr/local/sbin/vhost-domains
     owner: root
@@ -28,7 +28,7 @@
     mode: "0755"
 
 - name: Copy evoacme script
-  copy:
+  ansible.builtin.copy:
     src: evoacme.sh
     dest: /usr/local/sbin/evoacme
     owner: root
@@ -36,7 +36,7 @@
     mode: "0755"
 
 - name: Delete scripts in old location
-  file:
+  ansible.builtin.file:
     path: "/usr/local/bin/{{ item }}"
     state: absent
   loop:
diff --git a/evobackup-client/handlers/main.yml b/evobackup-client/handlers/main.yml
index de71f634..f7d98aa9 100644
--- a/evobackup-client/handlers/main.yml
+++ b/evobackup-client/handlers/main.yml
@@ -1,17 +1,20 @@
 ---
 - name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
   register: minifirewall_init_restart
   failed_when:
     - "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
     - "'minifirewall started' not in minifirewall_init_restart.stdout"
 
 - name: 'created new jail'
-  command: "bkctld restart {{ evolinux_hostname }}"
+  ansible.builtin.command:
+    cmd: "bkctld restart {{ evolinux_hostname }}"
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
 
 - name: 'jail updated'
-  command: "bkctld restart {{ evolinux_hostname }}"
+  ansible.builtin.command:
+    cmd: "bkctld restart {{ evolinux_hostname }}"
 #    - "bkctld sync {{ evolinux_hostname }}"
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
   when: evobackup_client__hosts | length > 1
diff --git a/evobackup-client/tasks/jail.yml b/evobackup-client/tasks/jail.yml
index fbb6080c..5eb0c36e 100644
--- a/evobackup-client/tasks/jail.yml
+++ b/evobackup-client/tasks/jail.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: 'create jail'
-  command: "bkctld init {{ evolinux_hostname }}"
+  ansible.builtin.command:
+    cmd: "bkctld init {{ evolinux_hostname }}"
   args:
     creates: "/backup/jails/{{ evolinux_hostname }}/"
   become: true
@@ -15,7 +16,8 @@
 # temp fix for bkctld 2.x because the ip and key command return 1
 # if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31
 - name: 'start jail'
-  command: "bkctld restart {{ evolinux_hostname }}"
+  ansible.builtin.command:
+    cmd: "bkctld restart {{ evolinux_hostname }}"
   become: true
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
   tags:
@@ -23,7 +25,8 @@
     - evobackup_client_jail
 
 - name: 'add ip to jail'
-  command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
+  ansible.builtin.command:
+    cmd: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
   become: true
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
   notify:  'jail updated'
@@ -32,7 +35,8 @@
     - evobackup_client_jail
 
 - name: 'add key to jail'
-  command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
+  ansible.builtin.command:
+    cmd: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
   become: true
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
   notify:  'jail updated'
@@ -41,7 +45,8 @@
     - evobackup_client_jail
 
 - name: 'get jail port'
-  command: "bkctld port {{ evolinux_hostname }}"
+  ansible.builtin.command:
+    cmd: "bkctld port {{ evolinux_hostname }}"
   become: true
   register: bkctld_port
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
@@ -50,7 +55,7 @@
     - evobackup_client_jail
 
 - name: 'register jail port'
-  set_fact:
+  ansible.builtin.set_fact:
     evobackup_ssh_port={{ bkctld_port.stdout }}
   tags:
     - evobackup_client
diff --git a/evobackup-client/tasks/main.yml b/evobackup-client/tasks/main.yml
index a2dd4405..4b01a276 100644
--- a/evobackup-client/tasks/main.yml
+++ b/evobackup-client/tasks/main.yml
@@ -1,26 +1,26 @@
 ---
 
-- include: "ssh_key.yml"
+- ansible.builtin.include: "ssh_key.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_ssh_key
 
-- include: "jail.yml"
+- ansible.builtin.include: "jail.yml"
   tags:
     - evobackup_client
     - evobackup_client_jail
 
-- include: "upload_scripts.yml"
+- ansible.builtin.include: "upload_scripts.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_scripts
 
-- include: "open_ssh_ports.yml"
+- ansible.builtin.include: "open_ssh_ports.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_firewall
 
-- include: "verify_ssh.yml"
+- ansible.builtin.include: "verify_ssh.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_hosts
diff --git a/evobackup-client/tasks/open_ssh_ports.yml b/evobackup-client/tasks/open_ssh_ports.yml
index 3d1701ef..837996e4 100644
--- a/evobackup-client/tasks/open_ssh_ports.yml
+++ b/evobackup-client/tasks/open_ssh_ports.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Is there a Minifirewall ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/default/minifirewall
   register: evobackup_client__minifirewall
   tags:
@@ -9,7 +9,7 @@
     - evobackup_client_backup_firewall
 
 - name: Add backup SSH port in /etc/default/minifirewall
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/default/minifirewall
     marker: "# {mark} {{ item.name }}"
     block: |
diff --git a/evobackup-client/tasks/ssh_key.yml b/evobackup-client/tasks/ssh_key.yml
index 6438634e..1b2617f9 100644
--- a/evobackup-client/tasks/ssh_key.yml
+++ b/evobackup-client/tasks/ssh_key.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Create SSH key
-  user:
+  ansible.builtin.user:
     name: root
     generate_ssh_key: true
     ssh_key_file: "{{ evobackup_client__root_key_path }}"
@@ -12,7 +12,7 @@
     - evobackup_client_backup_ssh_key
 
 - name: Print SSH key
-  debug:
+  ansible.builtin.debug:
     var: evobackup_client__root_key.ssh_public_key
   when: evobackup_client__root_key.ssh_public_key is defined
   tags:
@@ -20,7 +20,7 @@
     - evobackup_client_backup_ssh_key
 
 - name: 'copy ssh public key to backup server'
-  copy:
+  ansible.builtin.copy:
     content: "{{ evobackup_client__root_key.ssh_public_key }}"
     dest: "/root/{{ evolinux_hostname }}.pub"
   become: true
diff --git a/evobackup-client/tasks/upload_scripts.yml b/evobackup-client/tasks/upload_scripts.yml
index 1ef4a74f..1349a72d 100644
--- a/evobackup-client/tasks/upload_scripts.yml
+++ b/evobackup-client/tasks/upload_scripts.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Upload evobackup script
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ evobackup_client__cron_path }}"
     force: true
diff --git a/evobackup-client/tasks/verify_ssh.yml b/evobackup-client/tasks/verify_ssh.yml
index d48fb455..07238f9e 100644
--- a/evobackup-client/tasks/verify_ssh.yml
+++ b/evobackup-client/tasks/verify_ssh.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Verify evolix backup servers
-  known_hosts:
+  ansible.builtin.known_hosts:
     path: /root/.ssh/known_hosts
     name: "[{{ item.name }}]:{{ item.port }}"
     key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
diff --git a/evocheck/tasks/cron.yml b/evocheck/tasks/cron.yml
index ecf1e1d0..cfea8ca2 100644
--- a/evocheck/tasks/cron.yml
+++ b/evocheck/tasks/cron.yml
@@ -1,8 +1,8 @@
 ---
 
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   failed_when: False
   changed_when: False
@@ -10,7 +10,7 @@
   register: is_cron_installed
 
 - name: evocheck crontab is updated
-  template:
+  ansible.builtin.template:
     src: crontab.j2
     dest: /etc/cron.d/evocheck
     mode: "0644"
diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml
index 306cf019..d5aa9320 100644
--- a/evocheck/tasks/exec.yml
+++ b/evocheck/tasks/exec.yml
@@ -1,6 +1,7 @@
 ---
 - name: run evocheck
-  command: "{{ evocheck_bin_dir }}/evocheck.sh"
+  ansible.builtin.command:
+    cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
   register: evocheck_run
   changed_when: False
   failed_when: False
@@ -8,7 +9,7 @@
   tags:
   - evocheck-exec
 
-- debug:
+- ansible.builtin.debug:
     var: evocheck_run.stdout_lines
   when: evocheck_run.stdout | length > 0
   tags:
diff --git a/evocheck/tasks/install.yml b/evocheck/tasks/install.yml
index 8abd7d57..b210302b 100644
--- a/evocheck/tasks/install.yml
+++ b/evocheck/tasks/install.yml
@@ -1,12 +1,12 @@
 ---
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: evocheck_bin_dir is search("/usr")
   tags:
     - evocheck
 
 - name: Scripts dir is present
-  file:
+  ansible.builtin.file:
     path: "{{ evocheck_bin_dir }}"
     state: directory
     owner: root
@@ -16,22 +16,22 @@
     - evocheck
 
 - name: Script for Debian 7 and earlier
-  set_fact:
+  ansible.builtin.set_fact:
     evocheck_script_src: evocheck.wheezy.sh
   when: ansible_distribution_major_version is version('7', '<=')
 
 - name: Script for Debian 8
-  set_fact:
+  ansible.builtin.set_fact:
     evocheck_script_src: evocheck.jessie.sh
   when: ansible_distribution_major_version is version('8', '=')
 
 - name: Script for Debian 9 and later
-  set_fact:
+  ansible.builtin.set_fact:
     evocheck_script_src: evocheck.sh
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: Copy evocheck.sh
-  copy:
+  ansible.builtin.copy:
     src: "{{ evocheck_script_src }}"
     dest: "{{ evocheck_bin_dir }}/evocheck.sh"
     mode: "0700"
@@ -41,7 +41,7 @@
     - evocheck
 
 - name: Copy evocheck.cf
-  copy:
+  ansible.builtin.copy:
     src: evocheck.cf
     dest: /etc/evocheck.cf
     force: no
diff --git a/evocheck/tasks/main.yml b/evocheck/tasks/main.yml
index 14c6988f..ad47a24e 100644
--- a/evocheck/tasks/main.yml
+++ b/evocheck/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- include: install.yml
+- ansible.builtin.include: install.yml
 
-- include: cron.yml
+- ansible.builtin.include: cron.yml
   when: evocheck_update_crontab | bool
diff --git a/evolinux-base/handlers/main.yml b/evolinux-base/handlers/main.yml
index 388bf051..1c6df437 100644
--- a/evolinux-base/handlers/main.yml
+++ b/evolinux-base/handlers/main.yml
@@ -1,75 +1,81 @@
 ---
 - name: dpkg-reconfigure-debconf
-  command: dpkg-reconfigure --frontend noninteractive debconf
+  ansible.builtin.command:
+    cmd: dpkg-reconfigure --frontend noninteractive debconf
 
 - name: dpkg-reconfigure-locales
-  command: dpkg-reconfigure --frontend noninteractive locales
+  ansible.builtin.command:
+    cmd: dpkg-reconfigure --frontend noninteractive locales
 
 - name: dpkg-reconfigure-apt
-  command: dpkg-reconfigure --frontend noninteractive apt-listchanges
+  ansible.builtin.command:
+    cmd: dpkg-reconfigure --frontend noninteractive apt-listchanges
 
 # - name: debconf-set-selections
 #   command: debconf-set-selections /root/debconf-preseed
 
 - name: apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
 
 - name: restart rsyslog
-  service:
+  ansible.builtin.service:
     name: rsyslog
     state: restarted
 
 
 - name: remount /home
-  command: mount -o remount /home
+  ansible.builtin.command:
+    cmd: mount -o remount /home
 
 - name: remount /var
-  command: mount -o remount /var
+  ansible.builtin.command:
+    cmd: mount -o remount /var
 
 
 - name: restart nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: restarted
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
 
 - name: restart apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: restarted
 
 - name: reload apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: restart cron
-  service:
+  ansible.builtin.service:
     name: cron
     state: restarted
 
 - name: newaliases
-  command: newaliases
+  ansible.builtin.command:
+    cmd: newaliases
   changed_when: False
 
 
 - name: reload sshd
-  service:
+  ansible.builtin.service:
     name: ssh
     state: reloaded
 
 - name: reload postfix
-  service:
+  ansible.builtin.service:
     name: postfix
     state: reloaded
 
 - name: restart log2mail
-  service:
+  ansible.builtin.service:
     name: log2mail
     state: restarted
 
diff --git a/evolinux-base/tasks/etc-evolinux.yml b/evolinux-base/tasks/etc-evolinux.yml
index e8ceb996..5ee3c238 100644
--- a/evolinux-base/tasks/etc-evolinux.yml
+++ b/evolinux-base/tasks/etc-evolinux.yml
@@ -9,5 +9,5 @@
 #     mode: "0700"
 #     state: directory
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/evolinux-todo
diff --git a/evolinux-base/tasks/hardware.dell.yml b/evolinux-base/tasks/hardware.dell.yml
index 6e1673a6..a146ec5c 100644
--- a/evolinux-base/tasks/hardware.dell.yml
+++ b/evolinux-base/tasks/hardware.dell.yml
@@ -7,7 +7,8 @@
 # This is still incompatible with Debian
 
 - name: Check if PERC HBA11 device is present
-  ansible.builtin.shell: "lspci | grep -qE 'MegaRAID.*SAS39xx'"
+  ansible.builtin.shell:
+    cmd: "lspci | grep -qE 'MegaRAID.*SAS39xx'"
   check_mode: no
   register: perc_hba11_search
   failed_when: False
@@ -74,7 +75,7 @@
       when: ansible_distribution_major_version is version('12', '>=')
 
     - name: Update APT cache
-      apt:
+      ansible.builtin.apt:
         update_cache: yes
       when: hwraid_sources is changed
 
diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml
index d9b0cdcd..30badf70 100644
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@@ -67,13 +67,13 @@
     - packages
 
 - name: "HP"
-  import_tasks: hardware.hp.yml
+  ansible.builtin.import_tasks: hardware.hp.yml
   when:
     - "'Hewlett-Packard Company Smart Array' in raidmodel.stdout or  'Adaptec Smart Storage PQI' in raidmodel.stdout"
     - evolinux_packages_hardware_raid | bool
 
 - name: "Dell"
-  import_tasks: hardware.dell.yml
+  ansible.builtin.import_tasks: hardware.dell.yml
   when:
     - "'MegaRAID' in raidmodel.stdout"
     - evolinux_packages_hardware_raid | bool
diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml
index 35b48830..fc9f5b87 100644
--- a/evolinux-base/tasks/main.yml
+++ b/evolinux-base/tasks/main.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: "System compatibility checks"
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
     msg: only compatible with Debian >= 8
 
 - name: Apt configuration
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
   vars:
     apt_install_basics: "{{ evolinux_apt_replace_default_sources }}"
@@ -18,52 +18,52 @@
   when: evolinux_apt_include | bool
 
 - name: /etc versioning with Git
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/etc-git
   when: evolinux_etcgit_include | bool
 
 - name: /etc/evolinux base
-  import_tasks: etc-evolinux.yml
+  ansible.builtin.import_tasks: etc-evolinux.yml
   when: evolinux_etcevolinux_include | bool
 
 - name: Hostname
-  import_tasks: hostname.yml
+  ansible.builtin.import_tasks: hostname.yml
   when: evolinux_hostname_include | bool
 
 - name: Kernel tuning
-  import_tasks: kernel.yml
+  ansible.builtin.import_tasks: kernel.yml
   when: evolinux_kernel_include | bool
 
 - name: Fstab configuration
-  import_tasks: fstab.yml
+  ansible.builtin.import_tasks: fstab.yml
   when: evolinux_fstab_include | bool
 
 - name: Packages
-  import_tasks: packages.yml
+  ansible.builtin.import_tasks: packages.yml
   when: evolinux_packages_include | bool
 
 - name: System settings
-  import_tasks: system.yml
+  ansible.builtin.import_tasks: system.yml
   when: evolinux_system_include | bool
 
 - name: Minifirewall
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/minifirewall
   when: evolinux_minifirewall_include | bool
 
 - name: Evomaintenance
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/evomaintenance
   when: evolinux_evomaintenance_include | bool
 
 - name: SSH configuration (single file)
-  import_tasks: ssh.single-file.yml
+  ansible.builtin.import_tasks: ssh.single-file.yml
   when:
     - ansible_distribution_major_version is version('12', '<')
     - evolinux_ssh_include | bool
 
 - name: SSH configuration (included-files)
-  import_tasks: ssh.included-files.yml
+  ansible.builtin.import_tasks: ssh.included-files.yml
   when:
     - ansible_distribution_major_version is version('12', '>=')
     - evolinux_ssh_include | bool
@@ -75,71 +75,71 @@
 #   when: evolinux_users_include
 
 - name: Root user configuration
-  import_tasks: root.yml
+  ansible.builtin.import_tasks: root.yml
   when: evolinux_root_include | bool
 
 - name: Postfix
-  import_tasks: postfix.yml
+  ansible.builtin.import_tasks: postfix.yml
   when: evolinux_postfix_include | bool
 
 - name: Logs management
-  import_tasks: logs.yml
+  ansible.builtin.import_tasks: logs.yml
   when: evolinux_logs_include | bool
 
 - name: Default index page
-  import_tasks: default_www.yml
+  ansible.builtin.import_tasks: default_www.yml
   when: evolinux_default_www_include | bool
 
 - name: Hardware drivers and tools
-  import_tasks: hardware.yml
+  ansible.builtin.import_tasks: hardware.yml
   when:
     - evolinux_hardware_include | bool
     - ansible_virtualization_role == "host"
 
 - name: Customize for Online.net
-  import_tasks: provider_online.yml
+  ansible.builtin.import_tasks: provider_online.yml
   when: evolinux_provider_online_include | bool
 
 - name: Customize for Orange FCE
-  import_tasks: provider_orange_fce.yml
+  ansible.builtin.import_tasks: provider_orange_fce.yml
   when: evolinux_provider_orange_fce_include | bool
 
 - name: Override Log2mail service
-  import_tasks: log2mail.yml
+  ansible.builtin.import_tasks: log2mail.yml
   when: evolinux_log2mail_include | bool
 
-- import_tasks: motd.yml
+- ansible.builtin.import_tasks: motd.yml
   when: evolinux_motd_include | bool
 
-- import_tasks: utils.yml
+- ansible.builtin.import_tasks: utils.yml
   when: evolinux_utils_include | bool
 
 - name: Munin
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/munin
   when: evolinux_munin_include | bool
 
 - name: Nagios/NRPE
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/nagios-nrpe
   when: evolinux_nagios_nrpe_include | bool
 
 - name: fail2ban
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/fail2ban
   when: evolinux_fail2ban_include | bool
 
 - name: Evocheck
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/evocheck
   when: evolinux_evocheck_include | bool
 
 - name: Listupgrade
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/listupgrade
   when: evolinux_listupgrade_include | bool
 
 - name: Generate ldif script
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/generate-ldif
   when: evolinux_generateldif_include | bool
diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml
index c6965e09..ecad62d9 100644
--- a/evolinux-base/tasks/system.yml
+++ b/evolinux-base/tasks/system.yml
@@ -34,7 +34,7 @@
 # TODO : find a way to force the console-data configuration
 # non-interactively (like tzdata ↑)
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Ensure automagic vim conf is disabled
@@ -129,7 +129,7 @@
     - is_cron_installed.rc == 0
     - evolinux_system_cron_random | bool
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/ntpd
 
 ## alert5
diff --git a/evolinux-base/tasks/utils.yml b/evolinux-base/tasks/utils.yml
index 76fbac82..a97be579 100644
--- a/evolinux-base/tasks/utils.yml
+++ b/evolinux-base/tasks/utils.yml
@@ -1,9 +1,9 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
-- include_tasks:
+- ansible.builtin.include_tasks:
     file: dump-server-state.yml
 
 - name: "/sbin/deny script is present"
diff --git a/evolinux-todo/tasks/cat.yml b/evolinux-todo/tasks/cat.yml
index 58e3ba4c..e1d4faf8 100644
--- a/evolinux-todo/tasks/cat.yml
+++ b/evolinux-todo/tasks/cat.yml
@@ -1,13 +1,14 @@
 ---
 
 - name: cat /etc/evolinux/todo.txt
-  command: "cat /etc/evolinux/todo.txt"
+  ansible.builtin.command:
+    cmd: "cat /etc/evolinux/todo.txt"
   register: evolinux_todo
   changed_when: False
   failed_when: False
   check_mode: no
 
 - name: "Content of /etc/evolinux/todo.txt"
-  debug:
+  ansible.builtin.debug:
     var: evolinux_todo.stdout_lines
   when: evolinux_todo.stdout | length > 0
diff --git a/evolinux-todo/tasks/main.yml b/evolinux-todo/tasks/main.yml
index 8b5fa6b7..0cf5628c 100644
--- a/evolinux-todo/tasks/main.yml
+++ b/evolinux-todo/tasks/main.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: /etc/evolinux is present
-  file:
+  ansible.builtin.file:
     dest: /etc/evolinux
     mode: "0700"
     state: directory
   when: ansible_distribution == "Debian"
 
 - name: /etc/evolinux/todo.txt is present
-  copy:
+  ansible.builtin.copy:
     src: todo.defaults.txt
     dest: /etc/evolinux/todo.txt
     mode: "0640"
diff --git a/evolinux-users/handlers/main.yml b/evolinux-users/handlers/main.yml
index a94909a5..039ab7c2 100644
--- a/evolinux-users/handlers/main.yml
+++ b/evolinux-users/handlers/main.yml
@@ -1,9 +1,10 @@
 ---
 - name: reload sshd
-  service:
+  ansible.builtin.service:
     name: sshd
     state: reloaded
 
 - name: newaliases
-  command: newaliases
+  ansible.builtin.command:
+    cmd: newaliases
   changed_when: False
diff --git a/evolinux-users/tasks/main.yml b/evolinux-users/tasks/main.yml
index 1e9cc5a3..f0fd703a 100644
--- a/evolinux-users/tasks/main.yml
+++ b/evolinux-users/tasks/main.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: "System compatibility checks"
-  assert:
+  ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
     msg: only compatible with Debian >= 8
 
-- debug:
+- ansible.builtin.debug:
     msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!"
   when: evolinux_users | length == 0
 
 - name: Create user accounts
-  include: user.yml
+  ansible.builtin.include: user.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
@@ -21,8 +21,8 @@
     - evolinux_users | length > 0
 
 - name: Configure sudo
-  include: sudo.yml
+  ansible.builtin.include: sudo.yml
 
 - name: Configure SSH
-  include: ssh.yml
+  ansible.builtin.include: ssh.yml
   when: evolinux_users | length > 0
diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml
index 25a08297..9110911f 100644
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@@ -1,51 +1,53 @@
 ---
 
 - name: verify AllowGroups directive
-  command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
+  ansible.builtin.command:
+    cmd: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   check_mode: no
   register: grep_allowgroups_ssh
 
-- debug:
+- ansible.builtin.debug:
     var: grep_allowgroups_ssh
     verbosity: 1
 
 - name: verify AllowUsers directive
-  command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
+  ansible.builtin.command:
+    cmd: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   check_mode: no
   register: grep_allowusers_ssh
 
-- debug:
+- ansible.builtin.debug:
     var: grep_allowusers_ssh
     verbosity: 1
 
-- assert:
+- ansible.builtin.assert:
     that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
     msg: "We can't deal with AllowUsers and AllowGroups at the same time"
 
-- set_fact:
+- ansible.builtin.set_fact:
     # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
     ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
     # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
     ssh_allowusers:  "{{ (grep_allowusers_ssh.rc == 0) or (grep_allowgroups_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '<'))) }}"
 
-- debug:
+- ansible.builtin.debug:
     var: ssh_allowgroups
     verbosity: 1
 
-- debug:
+- ansible.builtin.debug:
     var: ssh_allowusers
     verbosity: 1
 
-- include: ssh_allowgroups.yml
+- ansible.builtin.include: ssh_allowgroups.yml
   when:
     - ssh_allowgroups
     - not ssh_allowusers
 
-- include: ssh_allowusers.yml
+- ansible.builtin.include: ssh_allowusers.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
@@ -55,11 +57,11 @@
     - not ssh_allowgroups
 
 - name: disable root login
-  replace:
+  ansible.builtin.replace:
     dest: /etc/ssh/sshd_config
     regexp: '^#PermitRootLogin (yes|without-password|prohibit-password)'
     replace: "PermitRootLogin no"
   notify: reload sshd
   when: evolinux_root_disable_ssh | bool
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
diff --git a/evolinux-users/tasks/ssh_allowgroups.yml b/evolinux-users/tasks/ssh_allowgroups.yml
index a4e4ee54..2dac1f80 100644
--- a/evolinux-users/tasks/ssh_allowgroups.yml
+++ b/evolinux-users/tasks/ssh_allowgroups.yml
@@ -3,14 +3,15 @@
 # this check must be repeated for each user
 # even if it's been done before
 - name: verify AllowGroups directive
-  command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
+  ansible.builtin.command:
+    cmd: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   check_mode: no
   register: grep_allowgroups_ssh
 
 - name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/ssh/sshd_config
     line: "\nAllowGroups {{ evolinux_ssh_group }}"
     insertafter: 'Subsystem'
@@ -19,7 +20,7 @@
   when: grep_allowgroups_ssh.rc != 0
 
 - name: "Append '{{ evolinux_ssh_group }}' to AllowGroups sshd directive"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/ssh/sshd_config
     regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
     replace: '\1 {{ evolinux_ssh_group }}'
diff --git a/evolinux-users/tasks/ssh_allowusers.yml b/evolinux-users/tasks/ssh_allowusers.yml
index 1aa31f3c..00827a46 100644
--- a/evolinux-users/tasks/ssh_allowusers.yml
+++ b/evolinux-users/tasks/ssh_allowusers.yml
@@ -3,14 +3,15 @@
 # this check must be repeated for each user
 # even if it's been done before
 - name: verify AllowUsers directive
-  command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
+  ansible.builtin.command:
+    cmd: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   check_mode: no
   register: grep_allowusers_ssh
 
 - name: "Add AllowUsers sshd directive with '{{ user.name }}'"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/ssh/sshd_config
     line: "\nAllowUsers {{ user.name }}"
     insertafter: 'Subsystem'
@@ -19,7 +20,7 @@
   when: grep_allowusers_ssh.rc != 0
 
 - name: "Append '{{ user.name }}' to AllowUsers sshd directive"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/ssh/sshd_config
     regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
     replace: '\1 {{ user.name }}'
@@ -28,14 +29,15 @@
   when: grep_allowusers_ssh.rc == 0
 
 - name: "verify Match User directive"
-  command: "grep -E '^Match User' /etc/ssh/sshd_config"
+  ansible.builtin.command:
+    cmd: "grep -E '^Match User' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
   check_mode: no
   register: grep_matchuser_ssh
 
 - name: "Add Match User sshd directive with '{{ user.name }}'"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/ssh/sshd_config
     line: "\nMatch User {{ user.name }}\n    PasswordAuthentication no"
     insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
@@ -44,7 +46,7 @@
   when: grep_matchuser_ssh.rc != 0
 
 - name: "Append '{{ user.name }}' to Match User's sshd directive"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/ssh/sshd_config
     regexp: '^(Match User ((?!{{ user.name }}).)*)$'
     replace: '\1,{{ user.name }}'
diff --git a/evolinux-users/tasks/sudo.yml b/evolinux-users/tasks/sudo.yml
index 769e7a4e..85149147 100644
--- a/evolinux-users/tasks/sudo.yml
+++ b/evolinux-users/tasks/sudo.yml
@@ -1,6 +1,6 @@
 ---
 
-- include: sudo_jessie.yml
+- ansible.builtin.include: sudo_jessie.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
@@ -11,9 +11,9 @@
 
 
 - block:
-  - include: sudo_stretch_common.yml
+  - ansible.builtin.include: sudo_stretch_common.yml
 
-  - include: sudo_stretch_user.yml
+  - ansible.builtin.include: sudo_stretch_user.yml
     vars:
       user: "{{ item.value }}"
     loop: "{{ evolinux_users | dict2items }}"
@@ -24,4 +24,4 @@
     - ansible_distribution_major_version is defined
     - ansible_distribution_major_version is version('9', '>=')
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
diff --git a/evolinux-users/tasks/sudo_jessie.yml b/evolinux-users/tasks/sudo_jessie.yml
index d3f70198..6400a8ee 100644
--- a/evolinux-users/tasks/sudo_jessie.yml
+++ b/evolinux-users/tasks/sudo_jessie.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Verify Evolinux sudoers file presence (jessie)"
-  template:
+  ansible.builtin.template:
     src: sudoers_jessie.j2
     dest: /etc/sudoers.d/evolinux
     force: no
@@ -10,7 +10,7 @@
   register: copy_sudoers_evolinux
 
 - name: "Add user in sudoers file for '{{ user.name }}' (jessie)"
-  replace:
+  ansible.builtin.replace:
     dest: /etc/sudoers.d/evolinux
     regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
     replace: '\1,{{ user.name }}'
diff --git a/evolinux-users/tasks/sudo_stretch_common.yml b/evolinux-users/tasks/sudo_stretch_common.yml
index fb8f9ac7..ba7fb50b 100644
--- a/evolinux-users/tasks/sudo_stretch_common.yml
+++ b/evolinux-users/tasks/sudo_stretch_common.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "/etc/sudoers.d presence and permissions"
-  file:
+  ansible.builtin.file:
     path: /etc/sudoers.d
     owner: root
     group: root
@@ -9,7 +9,7 @@
     state: directory
 
 - name: "Verify 'evolinux' sudoers file presence (Debian 9 or later)"
-  template:
+  ansible.builtin.template:
     src: sudoers_stretch.j2
     dest: /etc/sudoers.d/evolinux
     force: no
@@ -18,6 +18,7 @@
   register: copy_sudoers_evolinux
 
 - name: "Create '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
-  group:
+
+  ansible.builtin.group:
     name: "{{ evolinux_sudo_group }}"
     system: yes
diff --git a/evolinux-users/tasks/sudo_stretch_user.yml b/evolinux-users/tasks/sudo_stretch_user.yml
index 97f1f77d..40830535 100644
--- a/evolinux-users/tasks/sudo_stretch_user.yml
+++ b/evolinux-users/tasks/sudo_stretch_user.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: "Add user to '{{ evolinux_sudo_group }}' group (Debian 9 or later)"
-  user:
+  ansible.builtin.user:
     name: '{{ user.name }}'
     groups: "{{ evolinux_sudo_group }}"
     append: yes
 
 - name: "Add user to 'adm' group (Debian 9 or later)"
-  user:
+  ansible.builtin.user:
     name: '{{ user.name }}'
     groups: "adm"
     append: yes
diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml
index 0f8bd480..5bba2e0e 100644
--- a/evolinux-users/tasks/user.yml
+++ b/evolinux-users/tasks/user.yml
@@ -2,23 +2,25 @@
 
 # Unix account
 
-- fail:
+- ansible.builtin.fail:
     msg: "You must provide a value for the 'user.name ' variable."
   when: (user.name is not defined) or (user.name | length == 0)
 
-- fail:
+- ansible.builtin.fail:
     msg: "You must provide a value for the 'user.uid ' variable."
   when: (user.uid is not defined) or (user.uid | string | length == 0)
 
 - name: "Test if '{{ user.name }}' exists"
-  command: 'id -u "{{ user.name }}"'
+  ansible.builtin.command:
+    cmd: 'id -u "{{ user.name }}"'
   register: get_id_from_login
   failed_when: False
   changed_when: False
   check_mode: no
 
 - name: "Test if uid '{{ user.uid }}' exists"
-  command: 'id -un -- "{{ user.uid }}"'
+  ansible.builtin.command:
+    cmd: 'id -un -- "{{ user.uid }}"'
   register: get_login_from_id
   failed_when: False
   changed_when: False
@@ -28,7 +30,7 @@
 # the uid already exists
 # and the user associated with this uid is not the desired user
 - name: "Fail if uid already exists for another user"
-  fail:
+  ansible.builtin.fail:
     msg: "Uid '{{ user.uid }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ user.name }}'"
   when:
     - get_login_from_id.rc == 0
@@ -38,7 +40,7 @@
 # the user doesn't already exist and the uid isn't already used
 # or the user exists with the defined uid
 - name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
-  user:
+  ansible.builtin.user:
     state: present
     uid: '{{ user.uid }}'
     name: '{{ user.name }}'
@@ -53,7 +55,7 @@
 # the user doesn't already exist but the defined uid is already used
 # or another user already exists with a the same uid
 - name: "Unix account for '{{ user.name }}' is present (with random uid)"
-  user:
+  ansible.builtin.user:
     state: present
     name: '{{ user.name }}'
     comment: '{{ user.fullname }}'
@@ -64,12 +66,12 @@
     - (get_id_from_login.rc != 0 and get_login_from_id.rc == 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout != user.name)
 
 - name: Is /etc/aliases present?
-  stat:
+  ansible.builtin.stat:
     path: /etc/aliases
   register: etc_aliases
 
 - name: Set mail alias
-  lineinfile:
+  ansible.builtin.lineinfile:
     state: present
     dest: /etc/aliases
     line: '{{ user.name }}: root'
@@ -82,13 +84,14 @@
 ## Group for SSH authorizations
 
 - name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
-  group:
+
+  ansible.builtin.group:
     name: "{{ evolinux_ssh_group }}"
     state: present
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_ssh_group }}' (Debian 10 or later)"
-  user:
+  ansible.builtin.user:
     name: '{{ user.name }}'
     groups: "{{ evolinux_ssh_group }}"
     append: yes
@@ -97,7 +100,8 @@
 ## Optional group for all evolinux users
 
 - name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
-  group:
+
+  ansible.builtin.group:
     name: "{{ evolinux_internal_group }}"
     state: present
   when:
@@ -106,7 +110,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
-  user:
+  ansible.builtin.user:
     name: '{{ user.name }}'
     groups: "{{ evolinux_internal_group }}"
     append: yes
@@ -118,7 +122,8 @@
 ## Optional secondary groups, defined per user
 
 - name: "Secondary Unix groups are present"
-  group:
+
+  ansible.builtin.group:
     name: "{{ group }}"
   loop: "{{ user.groups }}"
   loop_control:
@@ -128,7 +133,7 @@
     - user.groups | length > 0
 
 - name: "Unix user '{{ user.name }}' belongs to secondary groups"
-  user:
+  ansible.builtin.user:
     name: '{{ user.name }}'
     groups: "{{ user.groups | join(',') }}"
     append: yes
@@ -139,7 +144,7 @@
 # Permissions on home directory
 
 - name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
-  file:
+  ansible.builtin.file:
     name: '/home/{{ user.name }}'
     mode: "0700"
     state: directory
@@ -147,7 +152,8 @@
 # Evomaintenance
 
 - name: Search profile for presence of evomaintenance
-  command: 'grep -q "trap.*sudo.*evomaintenance.sh" /home/{{ user.name }}/.profile'
+  ansible.builtin.command:
+    cmd: 'grep -q "trap.*sudo.*evomaintenance.sh" /home/{{ user.name }}/.profile'
   changed_when: False
   failed_when: False
   check_mode: no
@@ -155,7 +161,7 @@
 
 ## Don't add the trap if it is present or commented
 - name: "User '{{ user.name }}' has its shell trap for evomaintenance"
-  lineinfile:
+  ansible.builtin.lineinfile:
     state: present
     dest: '/home/{{ user.name }}/.profile'
     insertafter: EOF
@@ -165,7 +171,7 @@
 # SSH keys
 
 - name: "SSH directory for '{{ user.name }}' is present"
-  file:
+  ansible.builtin.file:
     dest: '/home/{{ user.name }}/.ssh/'
     state: directory
     mode: "0700"
@@ -173,7 +179,7 @@
     group: '{{ user.name }}'
 
 - name: "SSH public key for '{{ user.name }}' is present"
-  authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ user.name }}"
     key: "{{ user.ssh_key }}"
     state: present
@@ -182,7 +188,7 @@
     - user.ssh_key | length > 0
 
 - name: "SSH public keys for '{{ user.name }}' are present"
-  authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ user.name }}"
     key: "{{ ssk_key }}"
     state: present
@@ -193,4 +199,4 @@
     - user.ssh_keys is defined
     - user.ssh_keys | length > 0
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
diff --git a/evomaintenance/handlers/main.yml b/evomaintenance/handlers/main.yml
index 37c9af95..63cfcd86 100644
--- a/evomaintenance/handlers/main.yml
+++ b/evomaintenance/handlers/main.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
   register: minifirewall_init_restart
   failed_when:
     - "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
     - "'minifirewall started' not in minifirewall_init_restart.stdout"
 
 - name: restart minifirewall (noop)
-  meta: noop
+  ansible.builtin.meta: noop
   register: minifirewall_init_restart
   failed_when: False
   changed_when: False
diff --git a/evomaintenance/tasks/config.yml b/evomaintenance/tasks/config.yml
index 99339874..d3e7a1b7 100644
--- a/evomaintenance/tasks/config.yml
+++ b/evomaintenance/tasks/config.yml
@@ -1,6 +1,6 @@
 ---
 
-- assert:
+- ansible.builtin.assert:
     that:
       - evomaintenance_api_endpoint is not none
       - evomaintenance_api_key is not none
@@ -8,7 +8,7 @@
   when: evomaintenance_hook_api | bool
 
 - name: Configuration is installed
-  template:
+  ansible.builtin.template:
     src: evomaintenance.j2
     dest: /etc/evomaintenance.cf
     owner: root
diff --git a/evomaintenance/tasks/install_package_debian.yml b/evomaintenance/tasks/install_package_debian.yml
index ce9d90e7..f4a16d00 100644
--- a/evomaintenance/tasks/install_package_debian.yml
+++ b/evomaintenance/tasks/install_package_debian.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: Evolix public repositry is installed
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: evolix_public.yml
   tags:
     - evomaintenance
 
 - name: Package is installed
-  apt:
+  ansible.builtin.apt:
     name: evomaintenance
     allow_unauthenticated: yes
   tags:
diff --git a/evomaintenance/tasks/install_vendor_debian.yml b/evomaintenance/tasks/install_vendor_debian.yml
index 99448e3c..c8fb6183 100644
--- a/evomaintenance/tasks/install_vendor_debian.yml
+++ b/evomaintenance/tasks/install_vendor_debian.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Dependencies are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - sudo
       - curl
@@ -10,7 +10,7 @@
     - evomaintenance
 
 - name: PG dependencies are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - postgresql-client
     state: present
@@ -18,13 +18,13 @@
   tags:
     - evomaintenance
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - evomaintenance
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -34,7 +34,7 @@
     - evomaintenance
 
 - name: Evomaintenance script and template are installed
-  copy:
+  ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: root
diff --git a/evomaintenance/tasks/install_vendor_other.yml b/evomaintenance/tasks/install_vendor_other.yml
index a28eeab3..ece9aae2 100644
--- a/evomaintenance/tasks/install_vendor_other.yml
+++ b/evomaintenance/tasks/install_vendor_other.yml
@@ -1,12 +1,12 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - evomaintenance
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -16,7 +16,7 @@
     - evomaintenance
 
 - name: Evomaintenance script and template are installed
-  copy:
+  ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: root
diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml
index 1f4a6f55..88a41900 100644
--- a/evomaintenance/tasks/main.yml
+++ b/evomaintenance/tasks/main.yml
@@ -1,24 +1,24 @@
 ---
 
-- include: install_package_debian.yml
+- ansible.builtin.include: install_package_debian.yml
   when:
     - not (evomaintenance_install_vendor | bool)
     - ansible_distribution == "Debian"
 
-- include: install_vendor_debian.yml
+- ansible.builtin.include: install_vendor_debian.yml
   when:
     - evomaintenance_install_vendor | bool
     - ansible_distribution == "Debian"
 
-- include: install_vendor_other.yml
+- ansible.builtin.include: install_vendor_other.yml
   when:
     - evomaintenance_install_vendor | bool
     - ansible_distribution != "Debian"
 
 
-- include: config.yml
+- ansible.builtin.include: config.yml
 
-- include: minifirewall.yml
+- ansible.builtin.include: minifirewall.yml
   when:
     - evomaintenance_hook_db | bool
     - ansible_distribution == "Debian"
diff --git a/evomaintenance/tasks/minifirewall.yml b/evomaintenance/tasks/minifirewall.yml
index 98dad15b..8b02a83b 100644
--- a/evomaintenance/tasks/minifirewall.yml
+++ b/evomaintenance/tasks/minifirewall.yml
@@ -1,17 +1,17 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
 
 - name: Is minifirewall installed?
-  stat:
+  ansible.builtin.stat:
     path: /etc/default/minifirewall
   register: minifirewall_default_file
   tags:
     - evomaintenance
 
 - name: minifirewall section for evomaintenance
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/default/minifirewall
     line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
     insertafter: "^# EvoMaintenance"
@@ -22,7 +22,7 @@
     - evomaintenance
 
 - name: remove minifirewall example rule for the proxy
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/default/minifirewall
     regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
     state: absent
@@ -32,7 +32,8 @@
     - evomaintenance
 
 - name: Force restart minifirewall
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: restart minifirewall
   when: minifirewall_restart_force | bool
   tags:
diff --git a/evomaintenance/tasks/trap.yml b/evomaintenance/tasks/trap.yml
index 0c3b70e0..004a6513 100644
--- a/evomaintenance/tasks/trap.yml
+++ b/evomaintenance/tasks/trap.yml
@@ -1,5 +1,5 @@
 - name: is {{ home }}/.bash_profile present?
-  stat:
+  ansible.builtin.stat:
     path: "{{ home }}/.bash_profile"
   check_mode: no
   register: bash_profile
@@ -7,7 +7,7 @@
     - evomaintenance
 
 - name: install shell trap in {{ home }}/.bash_profile
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ home }}/.bash_profile"
     line: "trap \"sudo /usr/share/scripts/evomaintenance.sh\" 0"
     insertafter: EOF
@@ -17,7 +17,7 @@
     - evomaintenance
 
 - name: is {{ home }}/.profile present?
-  stat:
+  ansible.builtin.stat:
     path: "{{ home }}/.profile"
   check_mode: no
   register: profile
@@ -26,7 +26,7 @@
     - evomaintenance
 
 - name: install shell trap in {{ home }}/.profile
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ home }}/.profile"
     line: "trap \"sudo /usr/share/scripts/evomaintenance.sh\" 0"
     insertafter: EOF
diff --git a/fail2ban/handlers/main.yml b/fail2ban/handlers/main.yml
index 85f32698..49db2f25 100644
--- a/fail2ban/handlers/main.yml
+++ b/fail2ban/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: restart fail2ban
-  service:
+  ansible.builtin.service:
     name: fail2ban
     state: restarted
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/fail2ban/tasks/fix-dbpurgeage.yml b/fail2ban/tasks/fix-dbpurgeage.yml
index dbf9c0d9..6fa86c91 100644
--- a/fail2ban/tasks/fix-dbpurgeage.yml
+++ b/fail2ban/tasks/fix-dbpurgeage.yml
@@ -6,23 +6,24 @@
     state: present
 
 - name: Register bantime from default config from package
-  shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1"
+  ansible.builtin.shell:
+    cmd: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1"
   register: dbpurgeage
   changed_when: False
   check_mode: false
 
 - name:
-  set_fact:
+  ansible.builtin.set_fact:
     dbpurgeage_default : "{{ dbpurgeage.stdout }}"
   when: dbpurgeage.stdout | regex_search("^\\d+\w+$")
 
 - name:
-  set_fact:
+  ansible.builtin.set_fact:
     dbpurgeage_default : "{{ dbpurgeage.stdout }} second"
   when: dbpurgeage.stdout | regex_search("^\\d+$")
 
 - name: Add crontab
-  template:
+  ansible.builtin.template:
     src: fail2ban_dbpurge.j2
     dest: /etc/cron.daily/fail2ban_dbpurge
     mode: 0700
diff --git a/fail2ban/tasks/ip_whitelist.yml b/fail2ban/tasks/ip_whitelist.yml
index f899e618..02cdb3c9 100644
--- a/fail2ban/tasks/ip_whitelist.yml
+++ b/fail2ban/tasks/ip_whitelist.yml
@@ -1,10 +1,10 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
 
 - name: Update ignoreips lists
-  ini_file:
+  community.general.ini_file:
     dest: /etc/fail2ban/jail.local
     section: "DEFAULT"
     option: "ignoreip"
diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml
index b9c2d109..1629a02a 100644
--- a/fail2ban/tasks/main.yml
+++ b/fail2ban/tasks/main.yml
@@ -3,7 +3,7 @@
 # or we risk being jailed by fail2ban
 
 - name: Prepare fail2ban hierarchy
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: root
@@ -16,13 +16,13 @@
   tags:
     - fail2ban
 
-- set_fact:
+- ansible.builtin.set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
   tags:
     - fail2ban
 
 - name: local jail is installed
-  template:
+  ansible.builtin.template:
     src: jail.local.j2
     dest: /etc/fail2ban/jail.local
     mode: "0644"
@@ -32,13 +32,13 @@
     - fail2ban
 
 - name: Include ignoredips update task
-  include: ip_whitelist.yml
+  ansible.builtin.include: ip_whitelist.yml
   when: fail2ban_force_update_ignore_ips | bool
   tags:
     - fail2ban
 
 - name: custom filters are installed
-  copy:
+  ansible.builtin.copy:
     src: "{{ item }}"
     dest: /etc/fail2ban/filter.d/
     mode: "0644"
@@ -53,7 +53,7 @@
     - fail2ban
 
 - name: package fail2ban is installed
-  apt:
+  ansible.builtin.apt:
     name: fail2ban
     state: present
   tags:
@@ -61,7 +61,7 @@
     - packages
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugins
   check_mode: no
   register: etc_munin_plugins
@@ -70,7 +70,7 @@
     - munin
 
 - name: is fail2ban Munin plugin available ?
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/munin/plugins/fail2ban
   check_mode: no
   register: fail2ban_munin_plugin
@@ -79,7 +79,7 @@
     - munin
 
 - name: Enable Munin plugins
-  file:
+  ansible.builtin.file:
     src: "/usr/share/munin/plugins/fail2ban"
     dest: "/etc/munin/plugins/fail2ban"
     state: link
@@ -92,7 +92,7 @@
     - munin
 
 - name: "Extend dbpurgeage if recidive jail is enabled"
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/fail2ban/fail2ban.d/recidive_dbpurgeage
     marker: "# ANSIBLE MANAGED"
     block: |
@@ -106,7 +106,7 @@
     - fail2ban_recidive
 
 - name: Fix dbpurgeage for stretch and buster
-  include: fix-dbpurgeage.yml
+  ansible.builtin.include: fix-dbpurgeage.yml
   when:
     - ansible_distribution_release == "stretch" or ansible_distribution_release == "buster"
   tags:
diff --git a/filebeat/handlers/main.yml b/filebeat/handlers/main.yml
index 3ad08a63..8456ee33 100644
--- a/filebeat/handlers/main.yml
+++ b/filebeat/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: restart filebeat
-  systemd:
+  ansible.builtin.systemd:
     name: filebeat
     state: restarted
   when: not ansible_check_mode
diff --git a/filebeat/tasks/apt_sources.yml b/filebeat/tasks/apt_sources.yml
index d6597c74..a0395ffe 100644
--- a/filebeat/tasks/apt_sources.yml
+++ b/filebeat/tasks/apt_sources.yml
@@ -31,6 +31,6 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: elastic_sources is changed
\ No newline at end of file
diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml
index 0c20cc6c..86dd617b 100644
--- a/filebeat/tasks/main.yml
+++ b/filebeat/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: APT sources
-  import_tasks: apt_sources.yml
+  ansible.builtin.import_tasks: apt_sources.yml
   args:
     apply:
       tags:
@@ -8,7 +8,7 @@
         - packages
 
 - name: Filebeat is installed
-  apt:
+  ansible.builtin.apt:
     name: filebeat
     state: "{% if filebeat_upgrade_package %}latest{% else %}present{% endif %}"
   notify: restart filebeat
@@ -17,20 +17,21 @@
     - packages
 
 - name: Filebeat service is enabled
-  systemd:
+  ansible.builtin.systemd:
     name: filebeat
     enabled: yes
   notify: restart filebeat
   when: not ansible_check_mode
 
 - name: is logstash-plugin available?
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/logstash/bin/logstash-plugin
   check_mode: no
   register: logstash_plugin
 
 - name: is logstash-input-beats installed?
-  command: grep logstash-input-beats /usr/share/logstash/Gemfile
+  ansible.builtin.command:
+    cmd: grep logstash-input-beats /usr/share/logstash/Gemfile
   check_mode: no
   register: logstash_plugin_installed
   failed_when: False
@@ -41,11 +42,11 @@
 
 - name: Logstash plugin is installed
   block:
-    - include_role:
+    - ansible.builtin.include_role:
         name: evolix/remount-usr
 
     - name: logstash-plugin install logstash-input-beats
-      command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
+      ansible.builtin.command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
   when:
     - filebeat_logstash_plugin | bool
     - logstash_plugin.stat.exists
@@ -54,7 +55,7 @@
 # When we don't use a config template (default)
 - block:
   - name: cloud_metadata processor is disabled
-    replace:
+    ansible.builtin.replace:
       dest: /etc/filebeat/filebeat.yml
       regexp: '^(\s+)(- add_cloud_metadata:)'
       replace: '\1# \2'
@@ -62,7 +63,7 @@
     when: not (filebeat_processors_cloud_metadata | bool)
 
   - name: cloud_metadata processor is disabled
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/filebeat/filebeat.yml
       line: "  - add_cloud_metadata: ~"
       insert_after: '^processors:'
@@ -70,7 +71,7 @@
     when: filebeat_processors_cloud_metadata | bool
 
   - name: Filebeat knows where to find Elasticsearch
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/filebeat/filebeat.yml
       regexp: '^  hosts: .*'
       line: "  hosts: [\"{{ filebeat_elasticsearch_hosts | join('\", \"') }}\"]"
@@ -79,7 +80,7 @@
     when: filebeat_elasticsearch_hosts | length > 0
 
   - name: Filebeat protocol for Elasticsearch
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/filebeat/filebeat.yml
       regexp: '^  #?protocol: .*'
       line: "  protocol: \"{{ filebeat_elasticsearch_protocol }}\""
@@ -88,7 +89,7 @@
     when: filebeat_elasticsearch_protocol == "http" or filebeat_elasticsearch_protocol == "https"
 
   - name: Filebeat auth/username for Elasticsearch are configured
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/filebeat/filebeat.yml
       regexp: '{{ item.regexp }}'
       line: '{{ item.line }}'
@@ -105,7 +106,7 @@
     - not ansible_check_mode
 
 - name: Filebeat api_key for Elasticsearch are configured
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/filebeat/filebeat.yml
     regexp: '^  #?api_key: .*'
     line: '  api_key: "{{ filebeat_elasticsearch_auth_api_key }}"'
@@ -116,7 +117,7 @@
 # When we use a config template
 - block:
   - name: Configuration is up-to-date
-    template:
+    ansible.builtin.template:
       src: "{{ item }}"
       dest: /etc/filebeat/filebeat.yml
       force: "{{ filebeat_force_config }}"
diff --git a/fluentd/handlers/main.yml b/fluentd/handlers/main.yml
index 2468cef3..e87c76ab 100644
--- a/fluentd/handlers/main.yml
+++ b/fluentd/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: restart fluentd
-  systemd:
+  ansible.builtin.systemd:
     name: td-agent
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
diff --git a/fluentd/tasks/main.yml b/fluentd/tasks/main.yml
index fa9a0470..b6f262c1 100644
--- a/fluentd/tasks/main.yml
+++ b/fluentd/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Add Fluentd GPG key
-  copy:
+  ansible.builtin.copy:
     src: treasuredata.asc
     dest: "{{ apt_keyring_dir }}/treasuredata.asc"
     force: yes
@@ -13,7 +13,7 @@
     - fluentd
 
 - name: Add Treasuredata repository (Debian <12)
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/treasuredata.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
     filename: treasuredata
     state: present
@@ -35,12 +35,12 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: treasuredata_sources is changed
 
 - name: Fluentd is installed.
-  apt:
+  ansible.builtin.apt:
     name: td-agent
     state: present
   tags:
@@ -48,7 +48,7 @@
     - packages
 
 - name: Fluentd is configured.
-  template:
+  ansible.builtin.template:
     src: td-agent.conf.j2
     dest: "{{ fluentd_conf_path }}"
     mode: "0644"
@@ -57,7 +57,7 @@
     - fluentd
 
 - name: Fluentd is running and enabled on boot.
-  systemd:
+  ansible.builtin.systemd:
     name: td-agent
     enabled: yes
     state: started
@@ -65,7 +65,7 @@
     - fluentd
 
 - name: NRPE check is configured
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/nagios/nrpe.d/evolix.cfg
     line: 'command[check_fluentd]=/usr/lib/nagios/plugins/check_tcp -p {{ fluentd_port }}'
   notify: "restart nagios-nrpe-server"
diff --git a/generate-ldif/tasks/exec.yml b/generate-ldif/tasks/exec.yml
index 213560a5..0c25758a 100644
--- a/generate-ldif/tasks/exec.yml
+++ b/generate-ldif/tasks/exec.yml
@@ -1,6 +1,7 @@
 ---
 - name: run generateldif
-  command: '{{ general_scripts_dir }}/generateldif.sh'
+  ansible.builtin.command:
+    cmd: '{{ general_scripts_dir }}/generateldif.sh'
   register: generateldif_run
   changed_when: False
   failed_when: False
@@ -8,7 +9,7 @@
   tags:
     - generateldif-exec
 
-- debug:
+- ansible.builtin.debug:
     var: generateldif_run.stdout_lines
     verbosity: 1
   tags:
diff --git a/generate-ldif/tasks/main.yml b/generate-ldif/tasks/main.yml
index 019f5a83..29acb2fc 100644
--- a/generate-ldif/tasks/main.yml
+++ b/generate-ldif/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: general_scripts_dir is search("/usr")
 
 - name: "copy generateldif.sh"
-  template:
+  ansible.builtin.template:
     src: templates/generateldif.sh.j2
     dest: '{{ general_scripts_dir }}/generateldif.sh'
     owner: root
diff --git a/haproxy/handlers/main.yml b/haproxy/handlers/main.yml
index 9cf3b9cb..a20031f1 100644
--- a/haproxy/handlers/main.yml
+++ b/haproxy/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: reload haproxy
-  service:
+  ansible.builtin.service:
     name: haproxy
     state: reloaded
 
 - name: restart haproxy
-  service:
+  ansible.builtin.service:
     name: haproxy
     state: restarted
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml
index d38e83af..12fdd224 100644
--- a/haproxy/tasks/main.yml
+++ b/haproxy/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: ssl-cert package is installed
-  apt:
+  ansible.builtin.apt:
     name: ssl-cert
     state: present
   tags:
@@ -8,7 +8,7 @@
     - packages
 
 - name: HAProxy SSL directory is present
-  file:
+  ansible.builtin.file:
     path: /etc/haproxy/ssl
     owner: root
     group: root
@@ -19,7 +19,8 @@
     - ssl
 
 - name: Self-signed certificate is present in HAProxy ssl directory
-  shell: "cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key > /etc/haproxy/ssl/ssl-cert-snakeoil.pem"
+  ansible.builtin.shell:
+    cmd: "cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key > /etc/haproxy/ssl/ssl-cert-snakeoil.pem"
   args:
     creates: /etc/haproxy/ssl/ssl-cert-snakeoil.pem
   notify: reload haproxy
@@ -28,7 +29,7 @@
     - ssl
 
 - name: HAProxy stats_access_ips are present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/haproxy/stats_access_ips
     create: yes
     block: |
@@ -42,7 +43,7 @@
     - update-config
 
 - name: HAProxy stats_admin_ips are present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/haproxy/stats_admin_ips
     create: yes
     block: |
@@ -56,7 +57,7 @@
     - update-config
 
 - name: HAProxy maintenance_ips are present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/haproxy/maintenance_ips
     create: yes
     block: |
@@ -70,7 +71,7 @@
     - update-config
 
 - name: HAProxy deny_ips are present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/haproxy/deny_ips
     create: yes
     block: |
@@ -83,11 +84,11 @@
     - config
     - update-config
 
-- include: packages_backports.yml
+- ansible.builtin.include: packages_backports.yml
   when: haproxy_backports | bool
 
 - name: Install HAProxy package
-  apt:
+  ansible.builtin.apt:
     name: haproxy
     state: present
   tags:
@@ -95,7 +96,7 @@
     - packages
 
 - name: Copy HAProxy configuration
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/haproxy/haproxy.cfg
     force: "{{ haproxy_force_config }}"
@@ -115,7 +116,7 @@
     - update-config
 
 - name: Rotate logs with dateext
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/logrotate.d/haproxy
     line: '    dateext'
     regexp: '^\s*#*\s*(no)?dateext'
@@ -125,7 +126,7 @@
     - logrotate
 
 - name: Rotate logs with nodelaycompress
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/logrotate.d/haproxy
     line: '    nodelaycompress'
     regexp: '^\s*#*\s*(no)?delaycompress'
@@ -135,7 +136,7 @@
     - logrotate
 
 - name: Set net.ipv4.ip_nonlocal_bind
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_nonlocal_bind
     value: "{{ haproxy_allow_ip_nonlocal_bind | ternary('1','0') }}"
     sysctl_file: "{{ evolinux_kernel_sysctl_path | default('/etc/sysctl.d/evolinux.conf') }}"
@@ -147,4 +148,4 @@
     - haproxy_allow_ip_nonlocal_bind is defined
     - haproxy_allow_ip_nonlocal_bind is not none
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
diff --git a/haproxy/tasks/munin.yml b/haproxy/tasks/munin.yml
index 1f65dbe3..e2f2302d 100644
--- a/haproxy/tasks/munin.yml
+++ b/haproxy/tasks/munin.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install Munin plugin and dependencies
-  apt:
+  ansible.builtin.apt:
     name:
       - munin-plugins-extra
       - liblwp-useragent-determined-perl
@@ -9,7 +9,7 @@
   - haproxy
 
 - name: Enable Munin Haproxy plugins
-  file:
+  ansible.builtin.file:
     src: /usr/share/munin/plugins/haproxy_ng
     dest: /etc/munin/plugins/haproxy_ng
     force: yes
@@ -19,7 +19,7 @@
   - haproxy
 
 - name: Copy Munin Haproxy config
-  template:
+  ansible.builtin.template:
     src: munin.conf.j2
     dest: /etc/munin/plugin-conf.d/haproxy
     mode: "0644"
diff --git a/haproxy/tasks/packages_backports.yml b/haproxy/tasks/packages_backports.yml
index eab4fbca..5832c4d4 100644
--- a/haproxy/tasks/packages_backports.yml
+++ b/haproxy/tasks/packages_backports.yml
@@ -1,26 +1,26 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: backports.yml
   tags:
     - haproxy
     - packages
 
-- set_fact:
+- ansible.builtin.set_fact:
     haproxy_backports_packages: "{{ haproxy_backports_packages_stretch }}"
   when: ansible_distribution_release == 'stretch'
 
-- set_fact:
+- ansible.builtin.set_fact:
     haproxy_backports_packages: "{{ haproxy_backports_packages_buster }}"
   when: ansible_distribution_release == 'buster'
 
-- set_fact:
+- ansible.builtin.set_fact:
     haproxy_backports_packages: "{{ haproxy_backports_packages_bullseye }}"
   when: ansible_distribution_release == 'bullseye'
 
 - name: Prefer HAProxy package from backports
-  template:
+  ansible.builtin.template:
     src: haproxy_apt_preferences.j2
     dest: /etc/apt/preferences.d/999-haproxy
     force: yes
@@ -31,7 +31,7 @@
     - packages
 
 - name: update apt
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: haproxy_apt_preferences is changed
   tags:
diff --git a/java/tasks/main.yml b/java/tasks/main.yml
index f899bf1c..d07ce5eb 100644
--- a/java/tasks/main.yml
+++ b/java/tasks/main.yml
@@ -3,8 +3,8 @@
 #     msg: "This role support only java 8 for now !"
 #   when: java_version != 8
 
-- include: openjdk.yml
+- ansible.builtin.include: openjdk.yml
   when: java_alternative == 'openjdk'
 
-- include: oracle.yml
+- ansible.builtin.include: oracle.yml
   when: java_alternative == 'oracle'
diff --git a/java/tasks/openjdk.yml b/java/tasks/openjdk.yml
index 13135d9c..e0d947db 100644
--- a/java/tasks/openjdk.yml
+++ b/java/tasks/openjdk.yml
@@ -1,12 +1,12 @@
 ---
 - name: Decide which Debian release to use
-  set_fact:
+  ansible.builtin.set_fact:
     java_apt_release: '{% if ansible_distribution_release == "jessie" %}jessie-backports{% else %}{{ ansible_distribution_release }}{% endif %}'
   tags:
     - java
 
 - name: Install jessie-backports
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: backports.yml
   when: ansible_distribution_release == "jessie"
@@ -14,7 +14,7 @@
     - java
 
 - name: Install default openjdk package
-  apt:
+  ansible.builtin.apt:
     name: "default-jre-headless"
     default_release: "{{ java_apt_release }}"
     state: present
@@ -24,7 +24,7 @@
   when: java_version is none
 
 - name: Install specific openjdk package
-  apt:
+  ansible.builtin.apt:
     name: "openjdk-{{ java_version }}-jre-headless"
     default_release: "{{ java_apt_release }}"
     state: present
@@ -34,7 +34,7 @@
   when: java_version is not none
 
 - name: This openjdk version is the default alternative
-  alternatives:
+  community.general.alternatives:
     name: java
     path: "{{ java_bin_path[java_version] }}"
   tags:
diff --git a/java/tasks/oracle.yml b/java/tasks/oracle.yml
index 0b057695..75d181d3 100644
--- a/java/tasks/oracle.yml
+++ b/java/tasks/oracle.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install dependencies for build java package
-  apt:
+  ansible.builtin.apt:
     name:
       - java-package
       - build-essential
@@ -9,7 +9,7 @@
   - java
 
 - name: Create jvm dir
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     mode: "0777"
@@ -21,7 +21,7 @@
   - java
 
 - name: Get Oracle jre archive
-  get_url:
+  ansible.builtin.get_url:
     url: 'https://download.oracle.com/otn-pub/java/jdk/8u192-b12/750e1c8617c5452694857ad95c3ee230/server-jre-8u192-linux-x64.tar.gz'
     dest: '/srv/java-package/src/'
     checksum: 'sha256:3d811a5ec65dc6fc261f488757bae86ecfe285a79992363b016f60cdb4dbe7e6'
@@ -31,7 +31,8 @@
   - java
 
 - name: Make Debian package from Oracle JDK archive
-  shell: "yes | TMPDIR=/srv/java-package/tmp make-jpkg /srv/java-package/src/server-jre-8u192-linux-x64.tar.gz"
+  ansible.builtin.shell:
+    cmd: "yes | TMPDIR=/srv/java-package/tmp make-jpkg /srv/java-package/src/server-jre-8u192-linux-x64.tar.gz"
   args:
     chdir: /srv/java-package
     creates: /srv/java-package/oracle-java8-server-jre_8u192_amd64.deb
@@ -39,17 +40,17 @@
   tags:
   - java
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Install java package
-  apt:
+  ansible.builtin.apt:
     deb: /srv/java-package/oracle-java8-server-jre_8u192_amd64.deb
   tags:
    - java
 
 - name: This openjdk version is the default alternative
-  alternatives:
+  community.general.alternatives:
     name: java
     path: "/usr/lib/jvm/oracle-java{{ java_version }}-server-jre-amd64/bin/java"
   when: java_default_alternative | bool
diff --git a/jenkins/handlers/main.yml b/jenkins/handlers/main.yml
index b7d269cf..a38d1b47 100644
--- a/jenkins/handlers/main.yml
+++ b/jenkins/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: reload squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: reloaded
 
 - name: reload squid3
-  service:
+  ansible.builtin.service:
     name: squid3
     state: reloaded
 
 - name: Restart Jenkins
-  service:
+  ansible.builtin.service:
     name: jenkins
     state: restarted
diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml
index 3a855f9c..1e6b777b 100644
--- a/jenkins/tasks/main.yml
+++ b/jenkins/tasks/main.yml
@@ -6,7 +6,7 @@
 # http://jenkins.mirror.isppower.de/.*
 
 - name: Add Jenkins GPG key
-  copy:
+  ansible.builtin.copy:
     src: jenkins.asc
     dest: "{{ apt_keyring_dir }}/jenkins.asc"
     force: yes
@@ -15,7 +15,7 @@
     group: root
 
 - name: Add Jenkins APT repository (Debian <12)
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/
     filename: jenkins
     update_cache: yes
@@ -30,17 +30,17 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: jenkins_sources is changed
 
 - name: Install Jenkins
-  apt:
+  ansible.builtin.apt:
     name: jenkins
     state: present
 
 - name: Change Jenkins port
-  replace:
+  ansible.builtin.replace:
     name: /etc/default/jenkins
     regexp: "^HTTP_PORT=.*$"
     replace: "HTTP_PORT=8081"
diff --git a/keepalived/handlers/main.yml b/keepalived/handlers/main.yml
index 252fe515..7c9235d2 100644
--- a/keepalived/handlers/main.yml
+++ b/keepalived/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: restart keepalived
-  systemd:
+  ansible.builtin.systemd:
     name: keepalived
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
diff --git a/keepalived/tasks/main.yml b/keepalived/tasks/main.yml
index b98ff1ae..3ab0f8be 100644
--- a/keepalived/tasks/main.yml
+++ b/keepalived/tasks/main.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: install Keepalived service
-  apt:
+  ansible.builtin.apt:
     pkg: keepalived
     state: present
   tags:
     - keepalived
 
 - name: Add notify.sh script for NRPE check
-  file:
+  ansible.builtin.file:
     src: notify.sh
     dest: /etc/keepalived/notify.sh
     mode: "0755"
@@ -21,7 +21,7 @@
     - nrpe
 
 - name: check_keepalived is installed
-  file:
+  ansible.builtin.file:
     src: check_keepalived
     dest: /usr/local/lib/nagios/plugins/check_keepalived
     mode: "0755"
@@ -33,7 +33,7 @@
     - nrpe
 
 - name: Use check_keepalived for NRPE
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     regexp: 'command\[check_keepalived\]'
     replace: 'command[check_keepalived]=/usr/local/lib/nagios/plugins/check_keepalived'
@@ -43,7 +43,7 @@
     - nrpe
 
 - name: generate Keepalived configuration
-  template:
+  ansible.builtin.template:
     src: keepalived.conf.j2
     dest: /etc/keepalived/keepalived.conf
     mode: "0644"
@@ -52,7 +52,7 @@
     - keepalived
 
 - name: enable and restart Keepalived service
-  systemd:
+  ansible.builtin.systemd:
     name: keepalived
     daemon_reload: yes
     state: started
diff --git a/kibana/handlers/main.yml b/kibana/handlers/main.yml
index cbccd8e0..90467e19 100644
--- a/kibana/handlers/main.yml
+++ b/kibana/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 
 - name: restart kibana
-  systemd:
+  ansible.builtin.systemd:
     name: kibana
     state: restarted
diff --git a/kibana/tasks/apt_sources.yml b/kibana/tasks/apt_sources.yml
index d6597c74..a0395ffe 100644
--- a/kibana/tasks/apt_sources.yml
+++ b/kibana/tasks/apt_sources.yml
@@ -31,6 +31,6 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: elastic_sources is changed
\ No newline at end of file
diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml
index 176af2d3..bcfb852a 100644
--- a/kibana/tasks/main.yml
+++ b/kibana/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: APT sources
-  import_tasks: apt_sources.yml
+  ansible.builtin.import_tasks: apt_sources.yml
   args:
     apply:
       tags:
@@ -8,7 +8,7 @@
         - packages
 
 - name: Kibana is installed
-  apt:
+  ansible.builtin.apt:
     name: kibana
     state: present
     update_cache: yes
@@ -17,7 +17,7 @@
     - packages
 
 - name: kibana server host configuration
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/kibana/kibana.yml
     line: "server.host: \"{{ kibana_server_host }}\""
     regexp: '^server.host:'
@@ -27,7 +27,7 @@
     - kibana
 
 - name: kibana server basepath configuration
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/kibana/kibana.yml
     line: "server.basePath: \"{{ kibana_server_basepath }}\""
     regexp: '^server.basePath:'
@@ -37,7 +37,7 @@
     - kibana
 
 - name: kibana log destination is present
-  file:
+  ansible.builtin.file:
     dest: /var/log/kibana
     owner: kibana
     group: kibana
@@ -47,7 +47,7 @@
     - kibana
 
 - name: kibana log messages go to custom file
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/kibana/kibana.yml
     line: "logging.dest: \"/var/log/kibana/kibana.log\""
     regexp: '^logging.dest:'
@@ -57,7 +57,7 @@
     - kibana
 
 - name: Kibana service is enabled and started
-  systemd:
+  ansible.builtin.systemd:
     name: kibana
     enabled: yes
     state: started
@@ -65,7 +65,7 @@
     - kibana
 
 - name: Logrotate configuration is enabled
-  copy:
+  ansible.builtin.copy:
     src: logrotate
     dest: /etc/logrotate.d/kibana
     mode: "0644"
@@ -94,7 +94,7 @@
 #       - optimize
 #       - data
 
-- include: proxy_nginx.yml
+- ansible.builtin.include: proxy_nginx.yml
   when: kibana_proxy_nginx | bool
   tags:
     - kibana
diff --git a/kibana/tasks/proxy_nginx.yml b/kibana/tasks/proxy_nginx.yml
index 5849fdd6..7b680284 100644
--- a/kibana/tasks/proxy_nginx.yml
+++ b/kibana/tasks/proxy_nginx.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: Example proxy for Kibana with Nginx (with SSL)
-  template:
+  ansible.builtin.template:
     src: nginx_proxy_kibana_ssl.j2
     dest: /etc/nginx/sites-available/kibana_ssl.conf
     force: no
 
 - name: Example proxy for Kibana with Nginx (without SSL)
-  template:
+  ansible.builtin.template:
     src: nginx_proxy_kibana_nossl.j2
     dest: /etc/nginx/sites-available/kibana_nossl.conf
     force: no
diff --git a/kvm-host/handlers/main.yml b/kvm-host/handlers/main.yml
index 0b7f394e..5ca5295a 100644
--- a/kvm-host/handlers/main.yml
+++ b/kvm-host/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/kvm-host/tasks/images.yml b/kvm-host/tasks/images.yml
index b9ec57a8..9e8a7670 100644
--- a/kvm-host/tasks/images.yml
+++ b/kvm-host/tasks/images.yml
@@ -3,13 +3,13 @@
 - name: Set images path when customized
   block:
     - name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
-      stat:
+      ansible.builtin.stat:
         path: "{{ kvm_custom_libvirt_images_path }}"
       check_mode: no
       register: kvm_custom_libvirt_images_path_test
 
     - name: "read the real datadir"
-      command: readlink -f /var/lib/libvirt/images
+      ansible.builtin.command: readlink -f /var/lib/libvirt/images
       changed_when: False
       check_mode: no
       register: kvm_libvirt_images_current_real_path_test
@@ -18,19 +18,19 @@
 - name: Images directory is moved to custom path
   block:
     - name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}"
-      command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
+      ansible.builtin.command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
       args:
         creates: "{{ kvm_custom_libvirt_images_path }}"
 
     - name: Fix owner/group/permissions
-      file:
+      ansible.builtin.file:
         path: "{{ kvm_custom_libvirt_images_path }}"
         owner: root
         group: libvirt
         mode: "02775"
 
     - name: "Symlink {{ kvm_custom_libvirt_images_path }} to /var/lib/libvirt/images"
-      file:
+      ansible.builtin.file:
         src: "{{ kvm_custom_libvirt_images_path }}"
         dest: '/var/lib/libvirt/images'
         state: link
diff --git a/kvm-host/tasks/main.yml b/kvm-host/tasks/main.yml
index a2f6953c..c6004b7b 100644
--- a/kvm-host/tasks/main.yml
+++ b/kvm-host/tasks/main.yml
@@ -1,16 +1,16 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/drbd
   when: kvm_install_drbd
 
 ## TODO: check why it's disabled
-- include: ssh.yml
+- ansible.builtin.include: ssh.yml
 
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
 
-- include: images.yml
+- ansible.builtin.include: images.yml
 
-- include: tools.yml
+- ansible.builtin.include: tools.yml
diff --git a/kvm-host/tasks/munin.yml b/kvm-host/tasks/munin.yml
index d16bcfd9..45edc8d6 100644
--- a/kvm-host/tasks/munin.yml
+++ b/kvm-host/tasks/munin.yml
@@ -1,22 +1,22 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: remount-usr
 
 - name: Create local munin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
 
 - name: Get Munin plugins
-  get_url:
+  ansible.builtin.get_url:
     url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/libvirt/{{ item }}"
     dest: "/usr/local/share/munin/plugins/"
     mode: "0755"
@@ -28,7 +28,7 @@
   notify: restart munin-node
 
 - name: Enable Munin plugins
-  file:
+  ansible.builtin.file:
     src: "/usr/local/share/munin/plugins/{{ plugin_name }}"
     dest: "/etc/munin/plugins/{{ plugin_name }}"
     state: link
@@ -42,7 +42,7 @@
   notify: restart munin-node
 
 - name: Copy Munin plugins conf
-  copy:
+  ansible.builtin.copy:
     src: files/munin-plugins
     dest: "/etc/munin/plugin-conf.d/kvm"
     mode: "0644"
diff --git a/kvm-host/tasks/packages.yml b/kvm-host/tasks/packages.yml
index 1b58b324..12e7897e 100644
--- a/kvm-host/tasks/packages.yml
+++ b/kvm-host/tasks/packages.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Install packages for kvm/libvirt
-  apt:
+  ansible.builtin.apt:
     name:
       - qemu-kvm
       - netcat-openbsd
@@ -14,7 +14,7 @@
     state: present
 
 - name: Install packages for kvmstats
-  apt:
+  ansible.builtin.apt:
     name:
       - dialog
       - html-xml-utils
diff --git a/kvm-host/tasks/ssh.yml b/kvm-host/tasks/ssh.yml
index d954bc06..9ce09eb7 100644
--- a/kvm-host/tasks/ssh.yml
+++ b/kvm-host/tasks/ssh.yml
@@ -1,18 +1,19 @@
 ---
 - name: Generate root ssh_key
-  user:
+  ansible.builtin.user:
     name: root
     generate_ssh_key: yes
     ssh_key_bits: 2048
 
 - name: Fetch ssh public keys
-  command: cat /root/.ssh/id_rsa.pub
+  ansible.builtin.command:
+    cmd: cat /root/.ssh/id_rsa.pub
   register: ssh_keys
   check_mode: no
   changed_when: False
 
 - name: Print ssh public keys
-  debug:
+  ansible.builtin.debug:
     msg: "{{ ssh_keys.stdout }}"
 
 #- name: Autorize other kvm ssh key
@@ -28,7 +29,7 @@
 #  when: item[1] != inventory_hostname
 
 - name: Crontab for sync libvirt xml file
-  cron:
+  ansible.builtin.cron:
     name: "sync libvirt xml on {{ kvm_pair }}"
     state: present
     special_time: "hourly"
@@ -42,7 +43,7 @@
   tags: crontab
 
 - name: Crontab for sync list of running vm
-  cron:
+  ansible.builtin.cron:
     name: "sync list of libvirt running vm on {{ kvm_pair }}"
     state: present
     special_time: "daily"
diff --git a/kvm-host/tasks/tools.yml b/kvm-host/tasks/tools.yml
index 1e114bb7..7931f541 100644
--- a/kvm-host/tasks/tools.yml
+++ b/kvm-host/tasks/tools.yml
@@ -1,17 +1,17 @@
 ---
 
 - name: remove old package
-  apt:
+  ansible.builtin.apt:
     name: kvm-tools
     purge: yes
     state: absent
 
-- include_role:
+- ansible.builtin.include_role:
     name: remount-usr
   when: kvm_scripts_dir is search("/usr")
 
 - name: add-vm script is present
-  copy:
+  ansible.builtin.copy:
     src: add-vm.sh
     dest: "{{ kvm_scripts_dir }}/add-vm"
     mode: "0700"
@@ -20,7 +20,7 @@
     force: yes
 
 - name: migrate-vm script is present
-  copy:
+  ansible.builtin.copy:
     src: migrate-vm.sh
     dest: "{{ kvm_scripts_dir }}/migrate-vm"
     mode: "0700"
@@ -29,7 +29,7 @@
     force: yes
 
 - name: kvmstats script is present
-  copy:
+  ansible.builtin.copy:
     src: kvmstats.sh
     dest: "{{ kvm_scripts_dir }}/kvmstats"
     mode: "0700"
@@ -38,7 +38,7 @@
     force: yes
 
 - name: kvmstats cron is present
-  template:
+  ansible.builtin.template:
     src: kvmstats.cron.j2
     dest: "/etc/cron.hourly/kvmstats"
     mode: "0755"
@@ -46,7 +46,7 @@
     group: root
 
 - name: entry for kvmstats in web page is present
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     insertbefore: '</ul>'
     line: '<li><a href="/kvmstats.html">kvmstats</a></li>'
@@ -55,13 +55,13 @@
 # backward compatibility
 
 - name: remove old migrate-vm script
-  file:
+  ansible.builtin.file:
     path: /usr/share/scripts/migrate-vm
     state: absent
   when: "'/usr/share/scripts' not in kvm_scripts_dir"
 
 - name: remove old kvmstats script
-  file:
+  ansible.builtin.file:
     path: /usr/share/scripts/kvmstats
     state: absent
   when: "'/usr/share/scripts' not in kvm_scripts_dir"
\ No newline at end of file
diff --git a/ldap/handlers/main.yml b/ldap/handlers/main.yml
index 2105f4b5..5735515b 100644
--- a/ldap/handlers/main.yml
+++ b/ldap/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart slapd
-  service:
+  ansible.builtin.service:
     name: slapd
     state: restarted
diff --git a/ldap/tasks/init.yml b/ldap/tasks/init.yml
index 16be0842..0ab85f18 100644
--- a/ldap/tasks/init.yml
+++ b/ldap/tasks/init.yml
@@ -1,32 +1,35 @@
 ---
 
 - name: upload ldap initial config
-  template:
+  ansible.builtin.template:
     src: config_ldapvi.j2
     dest: /root/evolinux_ldap_config.ldapvi
     mode: "0640"
 
 - name: upload ldap initial entries
-  template:
+  ansible.builtin.template:
     src: first-entries.ldif.j2
     dest: /root/evolinux_ldap_first-entries.ldif
     mode: "0640"
 
 - name: inject config
-  command: ldapvi -Y EXTERNAL -h ldapi:// --ldapmodify /root/evolinux_ldap_config.ldapvi
+  ansible.builtin.command:
+    cmd: ldapvi -Y EXTERNAL -h ldapi:// --ldapmodify /root/evolinux_ldap_config.ldapvi
   environment:
     TERM: xterm
 
 - name: inject first entries
-  command: slapadd -l /root/evolinux_ldap_first-entries.ldif
+  ansible.builtin.command:
+    cmd: slapadd -l /root/evolinux_ldap_first-entries.ldif
 
 - name: upload custom schema
-  copy:
+  ansible.builtin.copy:
     src: "{{ ldap_schema }}"
     dest: "/root/{{ ldap_schema }}"
     mode: "0640"
   when: ldap_schema is defined
 
 - name: inject custom schema
-  command: "ldapadd -Y EXTERNAL -H ldapi:/// -f /root/{{ ldap_schema }}"
+  ansible.builtin.command:
+    cmd: "ldapadd -Y EXTERNAL -H ldapi:/// -f /root/{{ ldap_schema }}"
   when: ldap_schema is defined
\ No newline at end of file
diff --git a/ldap/tasks/ldapvirc.yml b/ldap/tasks/ldapvirc.yml
index f44249d6..568ad60a 100644
--- a/ldap/tasks/ldapvirc.yml
+++ b/ldap/tasks/ldapvirc.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: "Is /root/.ldapvirc present ?"
-  stat:
+  ansible.builtin.stat:
     path: /root/.ldapvirc
   check_mode: no
   register: root_ldapvirc_path
 
 - name: Warning when ldapvirc file is present and ldap_admin_password is given
-  debug:
+  ansible.builtin.debug:
     msg: "WARNING: an LDAP admin password is given, but an ldapvirc file already exists. It will not be updated."
   when:
     - ldap_admin_password | length > 0
@@ -15,13 +15,14 @@
 
 # Generate ldap password if none is given and ldapvirc is absent
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
   when: not root_ldapvirc_path.stat.exists
 
 - name: create a password for cn=admin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: new_ldap_admin_password
   changed_when: False
   when:
@@ -30,20 +31,21 @@
 
 # Use the generated password or the one found in the file
 - name: overwrite ldap_admin_password
-  set_fact:
+  ansible.builtin.set_fact:
     ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
   when:
     - ldap_admin_password | length == 0
     - not root_ldapvirc_path.stat.exists
 
 - name: hash password for cn=admin
-  command: "slappasswd -s {{ ldap_admin_password }}"
+  ansible.builtin.command:
+    cmd: "slappasswd -s {{ ldap_admin_password }}"
   register: ldap_admin_password_ssha
   changed_when: False
   when: not root_ldapvirc_path.stat.exists
 
 - name: create ldapvirc config
-  template:
+  ansible.builtin.template:
     src: ldapvirc.j2
     dest: /root/.ldapvirc
     mode: "0640"
@@ -51,12 +53,13 @@
 
 # Read ldap password when none is given and ldapvirc is present
 - name: read ldap admin password from ldapvirc file
-  shell: "grep -E '^password: .+$' /root/.ldapvirc | awk '{print $2}'"
+  ansible.builtin.shell:
+    cmd: "grep -E '^password: .+$' /root/.ldapvirc | awk '{print $2}'"
   changed_when: False
   check_mode: no
   register: new_ldap_admin_password
 
 # Use the password found in the file
 - name: overwrite ldap_admin_password
-  set_fact:
+  ansible.builtin.set_fact:
     ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
diff --git a/ldap/tasks/main.yml b/ldap/tasks/main.yml
index 9bfb6517..ca89b997 100644
--- a/ldap/tasks/main.yml
+++ b/ldap/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: LDAP packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - slapd
       - ldap-utils
@@ -9,18 +9,18 @@
     update_cache: yes
 
 - name: change slapd listen ip:port
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/default/slapd
     regexp: 'SLAPD_SERVICES=.*'
     line: "SLAPD_SERVICES=\"{{ ldap_listen }}\""
   notify: restart slapd
 
 - name: ldapvirc file
-  include: ldapvirc.yml
+  ansible.builtin.include: ldapvirc.yml
 
 - name: nagios config file for LDAP
-  include: nagios.yml
+  ansible.builtin.include: nagios.yml
 
 - name: initialize database
-  include: init.yml
+  ansible.builtin.include: init.yml
   when: not root_ldapvirc_path.stat.exists
\ No newline at end of file
diff --git a/ldap/tasks/nagios.yml b/ldap/tasks/nagios.yml
index 0c92f7b3..58120baa 100644
--- a/ldap/tasks/nagios.yml
+++ b/ldap/tasks/nagios.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: "Is /etc/nagios/monitoring-plugins.ini present ?"
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/monitoring-plugins.ini
   check_mode: no
   register: nagios_monitoring_plugins_path
 
 - name: Warning when nagios config is present and ldap_nagios_password is given
-  debug:
+  ansible.builtin.debug:
     msg: "WARNING: an LDAP nagios password is given, but a nagios config already exists. It will not be updated."
   when:
     - ldap_nagios_password | length > 0
@@ -15,7 +15,7 @@
 
 # Generate ldap password if none is given and nagios config is absent
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
   when:
@@ -23,7 +23,8 @@
     - not nagios_monitoring_plugins_path.stat.exists
 
 - name: create a password for cn=admin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: new_ldap_nagios_password
   changed_when: False
   when:
@@ -32,14 +33,14 @@
 
 # Use the generated password or the one found in the file
 - name: overwrite ldap_nagios_password (from apg)
-  set_fact:
+  ansible.builtin.set_fact:
     ldap_nagios_password: "{{ new_ldap_nagios_password.stdout }}"
   when:
     - ldap_nagios_password | length == 0
     - not nagios_monitoring_plugins_path.stat.exists
 
 - name: set params for NRPE check
-  ini_file:
+  community.general.ini_file:
     dest: /etc/nagios/monitoring-plugins.ini
     owner: root
     group: nagios
@@ -57,7 +58,7 @@
 # Read ldap password when none is given and nagios config is present
 # We can't parse a remote file, so we have to fetch it first
 - name: Fetch /etc/nagios/monitoring-plugins.ini
-  fetch:
+  ansible.builtin.fetch:
     src: /etc/nagios/monitoring-plugins.ini
     dest: /tmp/{{ inventory_hostname }}/
     flat: yes
@@ -65,10 +66,11 @@
 # Then web can parse it with the 'ini' lookup
 # and set the variable
 - name: overwrite ldap_nagios_password (from file)
-  set_fact:
+  ansible.builtin.set_fact:
     ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
 
 - name: hash password for cn=nagios
-  command: "slappasswd -s {{ ldap_nagios_password }}"
+  ansible.builtin.command:
+    cmd: "slappasswd -s {{ ldap_nagios_password }}"
   register: ldap_nagios_password_ssha
   changed_when: False
\ No newline at end of file
diff --git a/listupgrade/tasks/main.yml b/listupgrade/tasks/main.yml
index 42864806..cc5b99aa 100644
--- a/listupgrade/tasks/main.yml
+++ b/listupgrade/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Scripts dir is present
-  file:
+  ansible.builtin.file:
     path: "/usr/share/scripts"
     state: directory
     owner: root
@@ -12,7 +12,7 @@
     mode: "0700"
 
 - name: Copy listupgrade script
-  copy:
+  ansible.builtin.copy:
     src: listupgrade.sh
     dest: "/usr/share/scripts/listupgrade.sh"
     mode: "0700"
@@ -21,7 +21,7 @@
     force: yes
 
 - name: Create /etc/evolinux
-  file:
+  ansible.builtin.file:
     path: /etc/evolinux
     state: directory
     owner: root
@@ -29,7 +29,7 @@
     mode: "0700"
 
 - name: Copy listupgrade config
-  template:
+  ansible.builtin.template:
     src: listupgrade.cnf.j2
     dest: /etc/evolinux/listupgrade.cnf
     mode: "0600"
@@ -38,7 +38,7 @@
     force: no
 
 - name: Cron.d is present
-  file:
+  ansible.builtin.file:
     path: "/etc/cron.d"
     state: directory
     mode: "0755"
@@ -46,7 +46,7 @@
     group: root
 
 - name: Enable listupgrade cron
-  cron:
+  ansible.builtin.cron:
     name: "listupgrade.sh"
     cron_file: "listupgrade"
     user: root
@@ -59,13 +59,13 @@
     state: "{{ listupgrade_cron_enabled | bool | ternary('present','absent') }}"
 
 - name: Remove old lisupgrade typo
-  cron:
+  ansible.builtin.cron:
     name: "lisupgrade.sh"
     cron_file: "listupgrade"
     state: absent
 
 - name: old-kernel-autoremoval script is present
-  copy:
+  ansible.builtin.copy:
     src: old-kernel-autoremoval.sh
     dest: /usr/share/scripts/old-kernel-autoremoval.sh
     mode: "0755"
diff --git a/logstash/handlers/main.yml b/logstash/handlers/main.yml
index 82021675..b38c949e 100644
--- a/logstash/handlers/main.yml
+++ b/logstash/handlers/main.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: restart logstash
-  systemd:
+  ansible.builtin.systemd:
     name: logstash
     state: restarted
     daemon_reload: yes
 
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon-reload: yes
\ No newline at end of file
diff --git a/logstash/tasks/apt_sources.yml b/logstash/tasks/apt_sources.yml
index d6597c74..a0395ffe 100644
--- a/logstash/tasks/apt_sources.yml
+++ b/logstash/tasks/apt_sources.yml
@@ -31,6 +31,6 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: elastic_sources is changed
\ No newline at end of file
diff --git a/logstash/tasks/logs.yml b/logstash/tasks/logs.yml
index b09ebaf2..8262ce29 100644
--- a/logstash/tasks/logs.yml
+++ b/logstash/tasks/logs.yml
@@ -1,7 +1,7 @@
 ---
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   check_mode: no
   failed_when: False
@@ -9,7 +9,7 @@
   register: is_cron_installed
 
 - name: "log rotation script"
-  template:
+  ansible.builtin.template:
     src: rotate_logstash_logs.j2
     dest: /etc/cron.daily/rotate_logstash_logs
     owner: root
@@ -18,12 +18,12 @@
   when: is_cron_installed.rc == 0
 
 - name: "Create a system config directory for systemd overrides"
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/logstash.service.d
     state: directory
 
 - name: "disable syslog"
-  ini_file:
+  community.general.ini_file:
     path: /etc/systemd/system/logstash.service.d/override.conf
     section: Service
     option: "{{ item.option }}"
diff --git a/logstash/tasks/main.yml b/logstash/tasks/main.yml
index 11b0a0bf..4f3b8da7 100644
--- a/logstash/tasks/main.yml
+++ b/logstash/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: APT sources
-  import_tasks: apt_sources.yml
+  ansible.builtin.import_tasks: apt_sources.yml
   args:
     apply:
       tags:
@@ -8,7 +8,7 @@
         - packages
 
 - name: Logstash is installed
-  apt:
+  ansible.builtin.apt:
     name: logstash
     state: present
   tags:
@@ -16,14 +16,14 @@
     - packages
 
 - name: Logstash service is enabled
-  systemd:
+  ansible.builtin.systemd:
     name: logstash
     enabled: yes
   tags:
     - logstash
 
 - name: JVM Heap size (min) is set
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/logstash/jvm.options
     regexp: "^-Xms"
     line: "-Xms{{ logstash_jvm_xms }}"
@@ -32,7 +32,7 @@
     - config
 
 - name: JVM Heap size (max) is set
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/logstash/jvm.options
     regexp: "^-Xmx"
     line: "-Xmx{{ logstash_jvm_xmx }}"
@@ -41,7 +41,7 @@
     - config
 
 - name: Add a configuration
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/logstash/conf.d/logstash.conf
     owner: logstash
@@ -60,10 +60,10 @@
     - logstash
     - config
 
-- debug:
+- ansible.builtin.debug:
     var: logstash_template
     verbosity: 1
 
-- include: logs.yml
+- ansible.builtin.include: logs.yml
 
-- include: tmpdir.yml
+- ansible.builtin.include: tmpdir.yml
diff --git a/logstash/tasks/tmpdir.yml b/logstash/tasks/tmpdir.yml
index e41b1205..ab054d34 100644
--- a/logstash/tasks/tmpdir.yml
+++ b/logstash/tasks/tmpdir.yml
@@ -1,18 +1,19 @@
 ---
 
 - name: Check if /tmp is noexec
-  shell: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
+  ansible.builtin.shell:
+    cmd: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
   register: fstab_tmp_noexec
   failed_when: False
   changed_when: False
   check_mode: no
 
 - block:
-  - set_fact:
+  - ansible.builtin.set_fact:
       _logstash_custom_tmpdir: "{{ logstash_custom_tmpdir | default(logstash_default_tmpdir, True) | mandatory }}"
 
   - name: "Create {{ _logstash_custom_tmpdir }}"
-    file:
+    ansible.builtin.file:
       path: "{{ _logstash_custom_tmpdir }}"
       owner: logstash
       group: logstash
@@ -22,7 +23,7 @@
       - logstash
 
   - name: change JVM tmpdir
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/logstash/jvm.options
       line: "-Djava.io.tmpdir={{ _logstash_custom_tmpdir }}"
       regexp: "^-Djava.io.tmpdir="
diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml
index 0beaa055..1a2d7a6e 100644
--- a/lxc-php/handlers/main.yml
+++ b/lxc-php/handlers/main.yml
@@ -1,57 +1,57 @@
 ---
 
 - name: Reload PHP-FPM
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload {{ lxc_php_services[lxc_php_version] }}"
 
 - name: Restart PHP-FPM
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl restart {{ lxc_php_services[lxc_php_version] }}"
 
 - name: Reload php81-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php8.1-fpm"
 
 - name: Reload php80-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php8.0-fpm"
 
 - name: Reload php74-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php7.4-fpm"
 
 - name: Reload php73-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php7.3-fpm"
 
 - name: Reload php70-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php7.0-fpm"
 
 - name: Reload php56-fpm
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl reload php5-fpm"
 
 - name: Restart opensmtpd
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl restart opensmtpd"
 
 - name: Daemon reload
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "systemctl daemon-reload"
 
 - name: Restart container
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     state: restarted
 
diff --git a/lxc-php/tasks/mail_opensmtpd.yml b/lxc-php/tasks/mail_opensmtpd.yml
index 02f36728..35d0e75b 100644
--- a/lxc-php/tasks/mail_opensmtpd.yml
+++ b/lxc-php/tasks/mail_opensmtpd.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install opensmtpd"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y opensmtpd"
 
 - name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)"
-  template:
+  ansible.builtin.template:
     src: smtpd.conf.j2
     dest: "{{ lxc_rootfs }}/etc/smtpd.conf"
     mode: "0644"
@@ -15,7 +15,7 @@
 
 
 - name: "{{ lxc_php_version }} - Configure opensmtpd (in the container)"
-  template:
+  ansible.builtin.template:
     src: smtpd.conf.bullseye.j2
     dest: "{{ lxc_rootfs }}/etc/smtpd.conf"
     mode: "0644"
diff --git a/lxc-php/tasks/mail_ssmtp.yml b/lxc-php/tasks/mail_ssmtp.yml
index f14cfe57..b57d5d77 100644
--- a/lxc-php/tasks/mail_ssmtp.yml
+++ b/lxc-php/tasks/mail_ssmtp.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install ssmtp"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y ssmtp "
 
 - name: "{{ lxc_php_version }} - Configure ssmtp"
-  template:
+  ansible.builtin.template:
     src: ssmtp.conf.j2
     dest: "{{ lxc_rootfs }}/etc/ssmtp/ssmtp.conf"
     mode: "0644"
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
index a1e91431..c3d58eba 100644
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@@ -5,7 +5,7 @@
   when: lxc_php_version is none
 
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc
   vars:
     lxc_containers:
diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml
index 22598ee0..248aa8e2 100644
--- a/lxc-php/tasks/misc.yml
+++ b/lxc-php/tasks/misc.yml
@@ -1,30 +1,30 @@
 ---
 
 - name: "{{ lxc_php_version }} - Configure timezone for the container"
-  copy:
+  ansible.builtin.copy:
     remote_src: yes
     src: "/etc/timezone"
     dest: "{{ lxc_rootfs }}/etc/timezone"
 
 - name: "{{ lxc_php_version }} - Ensure container's root directory is 755"
-  file:
+  ansible.builtin.file:
     path: "{{ lxc_rootfs }}"
     state: directory
     mode: '0755'
 
 - name: "{{ lxc_php_version }} - Configure mailname for the container"
-  copy:
+  ansible.builtin.copy:
     content: "{{ evolinux_hostname }}.{{ evolinux_domain }}\n"
     dest: "{{ lxc_rootfs }}/etc/mailname"
   notify: "Restart opensmtpd"
 
 - name: "{{ lxc_php_version }} - Install misc packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y cron logrotate git zip unzip"
 
 - name: "{{ lxc_php_version }} - Add MySQL socket to container default mounts"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_config:
       - "lxc.mount.entry = /run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0"
diff --git a/lxc-php/tasks/php56.yml b/lxc-php/tasks/php56.yml
index b0f376d8..d210d80b 100644
--- a/lxc-php/tasks/php56.yml
+++ b/lxc-php/tasks/php56.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php5-sqlite php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_ssmtp.yml"
+- ansible.builtin.include: "mail_ssmtp.yml"
diff --git a/lxc-php/tasks/php70.yml b/lxc-php/tasks/php70.yml
index 18523846..52c96883 100644
--- a/lxc-php/tasks/php70.yml
+++ b/lxc-php/tasks/php70.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php73.yml b/lxc-php/tasks/php73.yml
index 4bb037e7..ade67b97 100644
--- a/lxc-php/tasks/php73.yml
+++ b/lxc-php/tasks/php73.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring php-zip composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php74.yml b/lxc-php/tasks/php74.yml
index 65660f92..f1dd021a 100644
--- a/lxc-php/tasks/php74.yml
+++ b/lxc-php/tasks/php74.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - fix bullseye repository"
-  replace:
+  ansible.builtin.replace:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
     regexp: 'bullseye/updates'
     replace: 'bullseye-security'
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -23,4 +23,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php80.yml b/lxc-php/tasks/php80.yml
index 0e9d29a6..043c0174 100644
--- a/lxc-php/tasks/php80.yml
+++ b/lxc-php/tasks/php80.yml
@@ -6,18 +6,18 @@
 
 
 - name: "{{ lxc_php_version }} - Install dependency packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
 
 - name: "{{ lxc_php_version }} - fix bullseye repository"
-  replace:
+  ansible.builtin.replace:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
     regexp: 'bullseye/updates'
     replace: 'bullseye-security'
 
 - name: "{{ lxc_php_version }} - Add sury repo"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
     line: "{{ item }}"
     state: present
@@ -28,7 +28,7 @@
     - "deb [signed-by={{ lxc_apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php80 main"
 
 - name: copy pub.evolix.net GPG key
-  copy:
+  ansible.builtin.copy:
     src: pub_evolix.asc
     dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc"
     mode: "0644"
@@ -36,7 +36,7 @@
     group: root
 
 - name: copy packages.sury.org GPG Key
-  copy:
+  ansible.builtin.copy:
     src: sury.gpg
     dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/sury.gpg"
     mode: "0644"
@@ -44,17 +44,17 @@
     group: root
 
 - name: "{{ lxc_php_version }} - Update APT cache"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt update"
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -65,4 +65,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php81.yml b/lxc-php/tasks/php81.yml
index 966a2880..a1e9c71b 100644
--- a/lxc-php/tasks/php81.yml
+++ b/lxc-php/tasks/php81.yml
@@ -5,18 +5,18 @@
     lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
 
 - name: "{{ lxc_php_version }} - Install dependency packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
 
 - name: "{{ lxc_php_version }} - fix bullseye repository"
-  replace:
+  ansible.builtin.replace:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
     regexp: 'bullseye/updates'
     replace: 'bullseye-security'
 
 - name: "{{ lxc_php_version }} - Add sury repo"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
     line: "{{ item }}"
     state: present
@@ -27,7 +27,7 @@
     - "deb [signed-by={{ lxc_apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php81 main"
 
 - name: copy pub.evolix.net GPG key
-  copy:
+  ansible.builtin.copy:
     src: pub_evolix.asc
     dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc"
     mode: "0644"
@@ -35,7 +35,7 @@
     group: root
 
 - name: copy packages.sury.org GPG Key
-  copy:
+  ansible.builtin.copy:
     src: sury.gpg
     dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/sury.gpg"
     mode: "0644"
@@ -43,17 +43,17 @@
     group: root
 
 - name: "{{ lxc_php_version }} - Update APT cache"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt update"
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -64,4 +64,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-php/tasks/php82.yml b/lxc-php/tasks/php82.yml
index 8ecb1e33..a83207c8 100644
--- a/lxc-php/tasks/php82.yml
+++ b/lxc-php/tasks/php82.yml
@@ -5,20 +5,20 @@
     lxc_apt_keyring_dir: /etc/apt/keyrings
 
 - name: "{{ lxc_php_version }} - Install PHP packages"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
 
 # TODO : adapt to Bookworm and deb822 format
 
 - name: "{{ lxc_php_version }} - fix bookworm repository"
-  replace:
+  ansible.builtin.replace:
     dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
     regexp: 'bullseye/updates'
     replace: 'bullseye-security'
 
 - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
-  template:
+  ansible.builtin.template:
     src: z-evolinux-defaults.ini.j2
     dest: "{{ line_item }}"
     mode: "0644"
@@ -29,4 +29,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- ansible.builtin.include: "mail_opensmtpd.yml"
diff --git a/lxc-solr/tasks/main.yml b/lxc-solr/tasks/main.yml
index bc279a04..fdfd1208 100644
--- a/lxc-solr/tasks/main.yml
+++ b/lxc-solr/tasks/main.yml
@@ -1,16 +1,16 @@
 ---
 - name: LXC configuration
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/lxc
 
 - name: Ensure containers root directory is 755
-  file:
+  ansible.builtin.file:
     path: "/var/lib/lxc/{{ item.name }}/rootfs"
     state: directory
     mode: '0755'
   loop: "{{ lxc_containers }}"
 
-- include: solr.yml
+- ansible.builtin.include: solr.yml
   args:
     name: "{{ item.name }}"
     solr_version: "{{ item.solr_version }}"
diff --git a/lxc-solr/tasks/solr.yml b/lxc-solr/tasks/solr.yml
index a2f0c373..7eafb696 100644
--- a/lxc-solr/tasks/solr.yml
+++ b/lxc-solr/tasks/solr.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Set values for Solr < 9.0.0"
-  set_fact:
+  ansible.builtin.set_fact:
     tarball_url: https://archive.apache.org/dist/lucene/solr/{{ solr_version }}/solr-{{ solr_version }}.tgz
     tarball_path: /var/lib/lxc/{{ name }}/rootfs/root/solr-{{ solr_version }}.tgz
     start_command: "/etc/init.d/solr start"
@@ -9,7 +9,7 @@
   when: "solr_version is version('9.0.0', '<')"
 
 - name: "Set values for Solr >= 9.0.0"
-  set_fact:
+  ansible.builtin.set_fact:
     tarball_url: https://archive.apache.org/dist/solr/solr/{{ solr_version }}/solr-{{ solr_version }}.tgz
     tarball_path: /var/lib/lxc/{{ name }}/rootfs/root/solr-{{ solr_version }}.tgz
     start_command: "systemctl start solr"
@@ -17,26 +17,28 @@
   when: "solr_version is version('9.0.0', '>=')"
 
 - name: Install java and lsof packages
-  command: "lxc-attach -n {{ name }} -- apt-get install -y default-jre-headless lsof"
+  ansible.builtin.command:
+    cmd: "lxc-attach -n {{ name }} -- apt-get install -y default-jre-headless lsof"
 
 - name: "Download Solr {{ solr_version }}"
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ tarball_url }}"
     dest: "{{ tarball_path }}"
     mode: '0644'
 
 - name: "Extract solr-{{ solr_version }}.tgz"
-  unarchive:
+  ansible.builtin.unarchive:
     src: "{{ tarball_path }}"
     dest: /var/lib/lxc/{{ name }}/rootfs/root/
     remote_src: yes
 
 - name: "Make sure /home/solr exists"
-  file:
+  ansible.builtin.file:
     path: /home/solr/{{ name }}
     recurse: yes
     state: directory
     mode: '0755'
 
 - name: "Install Solr {{ solr_version }}"
-  command: "lxc-attach -n {{ name }} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz -d /home/solr/{{ name }} -p {{ solr_port }}"
+  ansible.builtin.command:
+    cmd: "lxc-attach -n {{ name }} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz -d /home/solr/{{ name }} -p {{ solr_port }}"
diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml
index edeca2ec..3b70cdde 100644
--- a/lxc/tasks/create-container.yml
+++ b/lxc/tasks/create-container.yml
@@ -1,12 +1,13 @@
 ---
 - name: "Check if container {{ name }} exists"
-  command: "lxc-ls {{ name }}"
+  ansible.builtin.command:
+    cmd: "lxc-ls {{ name }}"
   changed_when: False
   check_mode: no
   register: container_exists
 
 - name: "Create container {{ name }}"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ name }}"
     container_log: true
     template: debian
@@ -15,45 +16,45 @@
   when: container_exists.stdout_lines | length == 0
 
 - name: "Disable network configuration inside container {{ name }}"
-  replace:
+  ansible.builtin.replace:
     name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
     regexp: "^#CONFIGURE_INTERFACES=yes"
     replace: CONFIGURE_INTERFACES=no
   when: lxc_network_type == "none"
 
 - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
-  lineinfile:
+  ansible.builtin.lineinfile:
     name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
     line: "NETDOWN=no"
   when: lxc_network_type == "none" and release == "jessie"
 
 - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
-  file:
+  ansible.builtin.file:
     src: /lib/systemd/system/poweroff.target
     dest: "/var/lib/lxc/{{ name }}/rootfs/etc/systemd/system/sigpwr.target"
     state: link
   when: release == 'jessie'
 
 - name: "Configure the DNS resolvers in the container {{ name }}"
-  copy:
+  ansible.builtin.copy:
     remote_src: yes
     src: /etc/resolv.conf
     dest: "/var/lib/lxc/{{ name }}/rootfs/etc/"
 
 - name: "Add hostname in /etc/hosts for container {{ name }}"
-  lineinfile:
+  ansible.builtin.lineinfile:
     name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
     line: "127.0.0.1 {{ name }}"
 
 - name: "Fix permission on /dev for container {{ name }}"
-  lineinfile:
+  ansible.builtin.lineinfile:
     name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
     line: "chmod 755 /dev"
     insertbefore: "^exit 0$"
   when: release == 'jessie'
 
 - name: "Ensure that {{ name }} container is running"
-  lxc_container:
+  community.general.lxc_container:
     name: "{{ name }}"
     state: started
 
diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml
index 8236b9f1..d0f9f144 100644
--- a/lxc/tasks/main.yml
+++ b/lxc/tasks/main.yml
@@ -1,56 +1,59 @@
 ---
 - name: Install lxc tools
-  apt:
+  ansible.builtin.apt:
     name:
       - lxc
       - debootstrap
       - xz-utils
 
 - name: python-lxc is installed (Debian <= 10)
-  apt:
+  ansible.builtin.apt:
     name: python-lxc
     state: present
   when: ansible_python_version is version('3', '<')
 
 - name: python3-lxc is installed (Debian >= 10)
-  apt:
+  ansible.builtin.apt:
     name: python3-lxc
     state: present
   when: ansible_python_version is version('3', '>=')
 
 - name: Install additional packages (Debian >= 10)
-  apt:
+  ansible.builtin.apt:
     name:
       - apparmor
       - lxc-templates
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: Copy LXC default containers configuration
-  template:
+  ansible.builtin.template:
     src: default.conf
     dest: /etc/lxc/
 
 - name: Check if root has subuids
-  command: grep '^root:100000:10000$' /etc/subuid
+  ansible.builtin.command:
+    cmd: grep '^root:100000:10000$' /etc/subuid
   failed_when: False
   changed_when: False
   register: root_subuids
   when: lxc_unprivilegied_containers | bool
 
 - name: Add subuid and subgid ranges to root
-  command: usermod -v 100000-199999 -w 100000-109999 root
+  ansible.builtin.command:
+    cmd: usermod -v 100000-199999 -w 100000-109999 root
   when:
     - lxc_unprivilegied_containers | bool
     - root_subuids.rc != 0
 
 - name: Get filesystem options
-  command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
+  ansible.builtin.command:
+    cmd: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
   changed_when: False
   check_mode: no
   register: check_fs_options
 
 - name: Check if options are correct
-  assert:
+  ansible.builtin.assert:
     that:
       - "'nodev'  not in check_fs_options.stdout"
       - "'noexec' not in check_fs_options.stdout"
@@ -58,7 +61,7 @@
     msg: "LXC directory is in a filesystem with incompatible options"
 
 - name: Create containers
-  include: create-container.yml
+  ansible.builtin.include: create-container.yml
   vars:
     name: "{{ item.name }}"
     release: "{{ item.release }}"
diff --git a/memcached/handlers/main.yml b/memcached/handlers/main.yml
index 136c39d7..20dbe61e 100644
--- a/memcached/handlers/main.yml
+++ b/memcached/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: restart memcached
-  service:
+  ansible.builtin.service:
     name: memcached
     state: restarted
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
diff --git a/memcached/tasks/instance-default.yml b/memcached/tasks/instance-default.yml
index 635b3576..8a0630a4 100644
--- a/memcached/tasks/instance-default.yml
+++ b/memcached/tasks/instance-default.yml
@@ -1,6 +1,6 @@
 
 - name: Memcached is configured.
-  template:
+  ansible.builtin.template:
     src: memcached.conf.j2
     dest: /etc/memcached.conf
     mode: "0644"
@@ -9,7 +9,7 @@
     - memcached
 
 - name: Memcached is running and enabled on boot.
-  service:
+  ansible.builtin.service:
     name: memcached
     enabled: yes
     state: started
diff --git a/memcached/tasks/instance-multi.yml b/memcached/tasks/instance-multi.yml
index 61568a5d..873b0b15 100644
--- a/memcached/tasks/instance-multi.yml
+++ b/memcached/tasks/instance-multi.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: Add systemd unit template
-  copy:
+  ansible.builtin.copy:
     src: memcached@.service
     dest: /etc/systemd/system/memcached@.service
   tags:
     - memcached
 
 - name: Disable default memcached systemd unit
-  systemd:
+  ansible.builtin.systemd:
     name: memcached
     enabled: false
     state: stopped
@@ -16,14 +16,14 @@
     - memcached
 
 - name: Make sure memcached.conf is absent
-  file:
+  ansible.builtin.file:
     path: /etc/memcached.conf
     state: absent
   tags:
     - memcached
 
 - name: "Create a configuration file for instance ({{ memcached_instance_name }})"
-  template:
+  ansible.builtin.template:
     src: memcached.conf.j2
     dest: /etc/memcached_{{ memcached_instance_name }}.conf
     mode: "0644"
@@ -31,7 +31,7 @@
     - memcached
 
 - name: "Enable and start the memcached instance ({{ memcached_instance_name }})"
-  systemd:
+  ansible.builtin.systemd:
     name: memcached@{{ memcached_instance_name }}
     enabled: yes
     state: started
diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml
index 86d0aa40..96060d4a 100644
--- a/memcached/tasks/main.yml
+++ b/memcached/tasks/main.yml
@@ -1,16 +1,16 @@
 - name: Ensure memcached is installed
-  apt:
+  ansible.builtin.apt:
     name: memcached
     state: present
   tags:
     - memcached
 
-- include: instance-default.yml
+- ansible.builtin.include: instance-default.yml
   when: memcached_instance_name is undefined
 
-- include: instance-multi.yml
+- ansible.builtin.include: instance-multi.yml
   when: memcached_instance_name is defined
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
 
-- include: nrpe.yml
+- ansible.builtin.include: nrpe.yml
diff --git a/memcached/tasks/munin.yml b/memcached/tasks/munin.yml
index f97962c4..b25b9275 100644
--- a/memcached/tasks/munin.yml
+++ b/memcached/tasks/munin.yml
@@ -1,11 +1,11 @@
 ---
 - name: Choose packages (Oracle)
-  set_fact:
+  ansible.builtin.set_fact:
      multi: "multi_"
   when: memcached_instance_name is defined
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: munin_node_plugins_config
@@ -15,14 +15,14 @@
 
 - block:
   - name: Install munin-plugins-extra and libcache-memcached-perl for Munin
-    apt:
+    ansible.builtin.apt:
       name:
         - 'munin-plugins-extra'
         - 'libcache-memcached-perl'
       state: present
 
   - name: Enable core Munin plugins
-    file:
+    ansible.builtin.file:
       src: '/usr/share/munin/plugins/memcached_'
       dest: /etc/munin/plugins/{{ multi }}{{ item }}
       state: link
diff --git a/memcached/tasks/nrpe.yml b/memcached/tasks/nrpe.yml
index 9fe28942..a01cf1e7 100644
--- a/memcached/tasks/nrpe.yml
+++ b/memcached/tasks/nrpe.yml
@@ -1,28 +1,28 @@
 ---
 
 - name: Is nrpe present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   register: nrpe_evolix_config
 
 - block:
   - name: Install dependencies
-    apt:
+    ansible.builtin.apt:
       name:
       - libcache-memcached-perl
       - libmemcached11
 
-  - include_role:
+  - ansible.builtin.include_role:
       name: evolix/remount-usr
 
   - name: Copy Nagios check for memcached
-    copy:
+    ansible.builtin.copy:
       src: check_memcached.pl
       dest: /usr/local/lib/nagios/plugins/
       mode: "0755"
 
   - name: install check_memcached_instances
-    copy:
+    ansible.builtin.copy:
       src: check_memcached_instances.sh
       dest: /usr/local/lib/nagios/plugins/check_memcached_instances
       force: yes
@@ -31,7 +31,7 @@
       group: root
 
   - name: Add NRPE check (single instance)
-    lineinfile:
+    ansible.builtin.lineinfile:
       name: /etc/nagios/nrpe.d/evolix.cfg
       regexp: '^command\[check_memcached\]='
       line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached.pl -H 127.0.0.1 -p {{ memcached_port }}'
@@ -39,7 +39,7 @@
     when: memcached_instance_name is undefined
 
   - name: Add NRPE check (multi instance)
-    lineinfile:
+    ansible.builtin.lineinfile:
       name: /etc/nagios/nrpe.d/evolix.cfg
       regexp: '^command\[check_memcached\]='
       line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached_instances'
diff --git a/memcached/tasks/phpmemcachedadmin.yml b/memcached/tasks/phpmemcachedadmin.yml
index 0a8e4417..1e49ae9e 100644
--- a/memcached/tasks/phpmemcachedadmin.yml
+++ b/memcached/tasks/phpmemcachedadmin.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create phpMemcachedAdmin root dir
-  file:
+  ansible.builtin.file:
     path: /var/www/phpmemcachedadmin/
     state: directory
     mode: "0755"
@@ -8,7 +8,7 @@
   - memcached
 
 - name: Install phpMemcachedAdmin
-  unarchive:
+  ansible.builtin.unarchive:
     src: 'https://github.com/elijaa/phpmemcachedadmin/archive/1.3.0.tar.gz'
     dest: /var/www/phpmemcachedadmin/
     remote_src: True
@@ -18,7 +18,7 @@
   - memcached
 
 - name: Copy phpMemcachedAdmin config
-  template:
+  ansible.builtin.template:
     src: Memcache.php.j2
     dest: /var/www/phpmemcachedadmin/Config/Memcache.php
     mode: "0755"
diff --git a/metricbeat/handlers/main.yml b/metricbeat/handlers/main.yml
index cd83ab5d..949eac26 100644
--- a/metricbeat/handlers/main.yml
+++ b/metricbeat/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 
 - name: restart metricbeat
-  systemd:
+  ansible.builtin.systemd:
     name: metricbeat
     state: restarted
diff --git a/metricbeat/tasks/apt_sources.yml b/metricbeat/tasks/apt_sources.yml
index d6597c74..a0395ffe 100644
--- a/metricbeat/tasks/apt_sources.yml
+++ b/metricbeat/tasks/apt_sources.yml
@@ -31,6 +31,6 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: elastic_sources is changed
\ No newline at end of file
diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml
index 7fc21d09..16cc4865 100644
--- a/metricbeat/tasks/main.yml
+++ b/metricbeat/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: APT sources
-  import_tasks: apt_sources.yml
+  ansible.builtin.import_tasks: apt_sources.yml
   args:
     apply:
       tags:
@@ -8,7 +8,7 @@
         - packages
 
 - name: Metricbeat is installed
-  apt:
+  ansible.builtin.apt:
     name: metricbeat
     state: "{% if metribeat_upgrade_package %}latest{% else %}present{% endif %}"
   notify: restart metricbeat
@@ -17,7 +17,7 @@
     - packages
 
 - name: Metricbeat service is enabled
-  systemd:
+  ansible.builtin.systemd:
     name: metricbeat
     enabled: yes
   notify: restart metricbeat
@@ -25,7 +25,7 @@
 # When we don't use a config template (default)
 - block:
   - name: Metricbeat knows where to find Elasticsearch
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/metricbeat/metricbeat.yml
       regexp: '^  hosts: .*'
       line: "  hosts: [\"{{ metricbeat_elasticsearch_hosts | join('\", \"') }}\"]"
@@ -34,7 +34,7 @@
     when: metricbeat_elasticsearch_hosts | length > 0
 
   - name: Metricbeat protocol for Elasticsearch
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/metricbeat/metricbeat.yml
       regexp: '^  #?protocol: .*'
       line: "  protocol: \"{{ metricbeat_elasticsearch_protocol }}\""
@@ -43,7 +43,7 @@
     when: metricbeat_elasticsearch_protocol == "http" or metricbeat_elasticsearch_protocol == "https"
 
   - name: Metricbeat auth/username for Elasticsearch are configured
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/metricbeat/metricbeat.yml
       regexp: '{{ item.regexp }}'
       line: '{{ item.line }}'
@@ -57,7 +57,7 @@
       - metricbeat_elasticsearch_auth_password | length > 0
 
   - name: Metricbeat api_key for Elasticsearch are configured
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/metricbeat/metricbeat.yml
       regexp: '^  #?api_key: .*'
       line: '  api_key: "{{ metricbeat_elasticsearch_auth_api_key }}"'
@@ -66,7 +66,7 @@
     when: metricbeat_elasticsearch_auth_api_key | length > 0
 
   - name: disable cloud_metadata
-    replace:
+    ansible.builtin.replace:
       dest: /etc/metricbeat/metricbeat.yml
       regexp: '^(\s+)(- add_cloud_metadata:)'
       replace: '\1# \2'
@@ -74,7 +74,7 @@
     when: not (metricbeat_processors_cloud_metadata | bool)
 
   - name: cloud_metadata processor is disabled
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/metricbeat/metricbeat.yml
       line: "  - add_cloud_metadata: ~"
       insert_after: '^processors:'
@@ -85,7 +85,7 @@
 # When we use a config template
 - block:
   - name: Configuration is up-to-date
-    template:
+    ansible.builtin.template:
       src: "{{ item }}"
       dest: /etc/metricbeat/metricbeat.yml
       force: "{{ metricbeat_force_config }}"
diff --git a/minifirewall/handlers/main.yml b/minifirewall/handlers/main.yml
index 3c541de5..bcc6081b 100644
--- a/minifirewall/handlers/main.yml
+++ b/minifirewall/handlers/main.yml
@@ -1,22 +1,24 @@
 ---
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart minifirewall (modern)
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
   register: minifirewall_init_restart
   failed_when: "'minifirewall failed' in minifirewall_init_restart.stdout"
 
 - name: restart minifirewall (legacy)
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
   register: minifirewall_init_restart
   failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
 
 - name: restart minifirewall (noop)
-  meta: noop
+  ansible.builtin.meta: noop
   register: minifirewall_init_restart
   failed_when: False
   changed_when: False
\ No newline at end of file
diff --git a/minifirewall/tasks/activate.yml b/minifirewall/tasks/activate.yml
index e971407b..57a2ea26 100644
--- a/minifirewall/tasks/activate.yml
+++ b/minifirewall/tasks/activate.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: check if /etc/init.d/alert5 exists
-  stat:
+  ansible.builtin.stat:
     path: /etc/init.d/alert5
   register: initd_alert5
 
 - name: Uncomment minifirewall start line
-  replace:
+  ansible.builtin.replace:
     dest: /etc/init.d/alert5
     regexp: '^#/etc/init.d/minifirewall start'
     replace: '/etc/init.d/minifirewall start'
@@ -15,12 +15,12 @@
     - minifirewall_autostart | bool
 
 - name: check if /usr/share/scripts/alert5 exists
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/scripts/alert5.sh
   register: usr_share_scripts_alert5
 
 - name: Uncomment minifirewall start line
-  replace:
+  ansible.builtin.replace:
     dest: /usr/share/scripts/alert5.sh
     regexp: '^#/etc/init.d/minifirewall start'
     replace: '/etc/init.d/minifirewall start'
diff --git a/minifirewall/tasks/config.legacy.yml b/minifirewall/tasks/config.legacy.yml
index a151e76c..c14e76c4 100644
--- a/minifirewall/tasks/config.legacy.yml
+++ b/minifirewall/tasks/config.legacy.yml
@@ -1,53 +1,54 @@
 ---
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_trusted_ips
     verbosity: 1
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_privilegied_ips
     verbosity: 1
 
 - name: Stat minifirewall config file (before)
-  stat:
+  ansible.builtin.stat:
     path: "{{ minifirewall_main_file }}"
   register: minifirewall_before
 
 - name: Check if minifirewall is running
-  shell: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
+  ansible.builtin.shell:
+    cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
   changed_when: False
   failed_when: False
   check_mode: no
   register: minifirewall_is_running
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_is_running
     verbosity: 1
 
 - name: Begin marker for IP addresses
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
     insertbefore: '^# Main interface'
     create: no
 
 - name: End marker for IP addresses
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     create: no
     line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
     insertafter: '^PRIVILEGIEDIPS='
 
 - name: Verify that at least 1 trusted IP is provided
-  assert:
+  ansible.builtin.assert:
     that: minifirewall_trusted_ips | length > 0
     msg: You must provide at least 1 trusted IP
 
-- debug:
+- ansible.builtin.debug:
     msg: "Warning: minifirewall_trusted_ips='0.0.0.0/0', the firewall is useless!"
   when: minifirewall_trusted_ips == ["0.0.0.0/0"]
 
 - name: Configure IP addresses
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: "{{ minifirewall_main_file }}"
     marker: "# {mark} ANSIBLE MANAGED BLOCK FOR IPS"
     block: |
@@ -77,21 +78,21 @@
   register: minifirewall_config_ips
 
 - name: Begin marker for ports
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
     insertbefore: '^# Protected services'
     create: no
 
 - name: End marker for ports
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
     insertafter: '^SERVICESUDP3='
     create: no
 
 - name: Configure ports
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: "{{ minifirewall_main_file }}"
     marker: "# {mark} ANSIBLE MANAGED BLOCK FOR PORTS"
     block: |
@@ -115,7 +116,7 @@
   register: minifirewall_config_ports
 
 - name: Configure DNSSERVEURS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
     regexp: "DNSSERVEURS='.*'"
@@ -123,7 +124,7 @@
   when: minifirewall_dns_servers is not none
 
 - name: Configure HTTPSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
     regexp: "HTTPSITES='.*'"
@@ -131,7 +132,7 @@
   when: minifirewall_http_sites is not none
 
 - name: Configure HTTPSSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
     regexp: "HTTPSSITES='.*'"
@@ -139,7 +140,7 @@
   when: minifirewall_https_sites is not none
 
 - name: Configure FTPSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
     regexp: "FTPSITES='.*'"
@@ -147,7 +148,7 @@
   when: minifirewall_ftp_sites is not none
 
 - name: Configure SSHOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
     regexp: "SSHOK='.*'"
@@ -155,7 +156,7 @@
   when: minifirewall_ssh_ok is not none
 
 - name: Configure SMTPOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
     regexp: "SMTPOK='.*'"
@@ -163,7 +164,7 @@
   when: minifirewall_smtp_ok is not none
 
 - name: Configure SMTPSECUREOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
     regexp: "SMTPSECUREOK='.*'"
@@ -171,7 +172,7 @@
   when: minifirewall_smtp_secure_ok is not none
 
 - name: Configure NTPOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
     regexp: "NTPOK='.*'"
@@ -179,26 +180,27 @@
   when: minifirewall_ntp_ok is not none
 
 - name: evomaintenance
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
     insertafter: "^# EvoMaintenance"
   loop: "{{ evomaintenance_hosts }}"
 
 - name: remove minifirewall example rule for the evomaintenance
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ minifirewall_main_file }}"
     regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
     state: absent
   when: evomaintenance_hosts | length > 0
 
 - name: Stat minifirewall config file (after)
-  stat:
+  ansible.builtin.stat:
     path: "{{ minifirewall_main_file }}"
   register: minifirewall_after
 
 - name: Schedule minifirewall restart (legacy)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (legacy)"
   when:
     - minifirewall_install_mode == 'legacy'
@@ -207,6 +209,6 @@
     - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
 
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_init_restart
     verbosity: 2
diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index b0a1d7a6..2d4da100 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -1,58 +1,58 @@
 ---
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_trusted_ips
     verbosity: 1
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_privilegied_ips
     verbosity: 1
 
 - name: Stat minifirewall config file (before)
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   register: minifirewall_before
 
 - name: Check if minifirewall is running
-  shell:
+  ansible.builtin.shell:
     cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
   changed_when: False
   failed_when: False
   check_mode: no
   register: minifirewall_is_running
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_is_running
     verbosity: 1
 
 - name: Begin marker for IP addresses
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
     insertbefore: '^# Main interface'
     create: no
 
 - name: End marker for IP addresses
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     create: no
     line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
     insertafter: '^PRIVILEGIEDIPS='
 
 - name: Verify that at least 1 trusted IP is provided
-  assert:
+  ansible.builtin.assert:
     that: minifirewall_trusted_ips | length > 0
     msg: You must provide at least 1 trusted IP
 
-- debug:
+- ansible.builtin.debug:
     msg: "Warning: minifirewall_trusted_ips contains '0.0.0.0/0', the firewall is useless on IPv4!"
   when: "'0.0.0.0/0' in minifirewall_trusted_ips"
 
-- debug:
+- ansible.builtin.debug:
     msg: "Warning: minifirewall_trusted_ips contains '::/0', the firewall is useless on IPv6!"
   when: "'::/0' in minifirewall_trusted_ips"
 
 - name: Configure IP addresses
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: "/etc/default/minifirewall"
     marker: "# {mark} ANSIBLE MANAGED BLOCK FOR IPS"
     block: |
@@ -86,21 +86,21 @@
   register: minifirewall_config_ips
 
 - name: Begin marker for ports
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
     insertbefore: '^# Protected services'
     create: no
 
 - name: End marker for ports
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
     insertafter: '^SERVICESUDP3='
     create: no
 
 - name: Configure ports
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: "/etc/default/minifirewall"
     marker: "# {mark} ANSIBLE MANAGED BLOCK FOR PORTS"
     block: |
@@ -124,7 +124,7 @@
   register: minifirewall_config_ports
 
 - name: Configure DNSSERVEURS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
     regexp: "DNSSERVEURS=('|\").*('|\")"
@@ -132,7 +132,7 @@
   when: minifirewall_dns_servers is not none
 
 - name: Configure HTTPSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
     regexp: "HTTPSITES=('|\").*('|\")"
@@ -140,7 +140,7 @@
   when: minifirewall_http_sites is not none
 
 - name: Configure HTTPSSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
     regexp: "HTTPSSITES=('|\").*('|\")"
@@ -148,7 +148,7 @@
   when: minifirewall_https_sites is not none
 
 - name: Configure FTPSITES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
     regexp: "FTPSITES=('|\").*('|\")"
@@ -156,7 +156,7 @@
   when: minifirewall_ftp_sites is not none
 
 - name: Configure SSHOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
     regexp: "SSHOK=('|\").*('|\")"
@@ -164,7 +164,7 @@
   when: minifirewall_ssh_ok is not none
 
 - name: Configure SMTPOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
     regexp: "SMTPOK=('|\").*('|\")"
@@ -172,7 +172,7 @@
   when: minifirewall_smtp_ok is not none
 
 - name: Configure SMTPSECUREOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
     regexp: "SMTPSECUREOK=('|\").*('|\")"
@@ -180,7 +180,7 @@
   when: minifirewall_smtp_secure_ok is not none
 
 - name: Configure NTPOK
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
     regexp: "NTPOK=('|\").*('|\")"
@@ -188,7 +188,7 @@
   when: minifirewall_ntp_ok is not none
 
 - name: Configure PROXY
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "PROXY='{{ minifirewall_proxy }}'"
     regexp: "PROXY=('|\").*('|\")"
@@ -196,7 +196,7 @@
   when: minifirewall_proxy is not none
 
 - name: Configure PROXYPORT
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "PROXYPORT='{{ minifirewall_proxyport }}'"
     regexp: "PROXYPORT=('|\").*('|\")"
@@ -206,7 +206,7 @@
 # Warning: keep double quotes for the value,
 # since we often reference a shell variable that needs to be interpolated
 - name: Configure PROXYBYPASS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
     regexp: "PROXYBYPASS=('|\").*('|\")"
@@ -214,7 +214,7 @@
   when: minifirewall_proxybypass is not none
 
 - name: Configure BACKUPSERVERS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
     regexp: "BACKUPSERVERS=('|\").*('|\")"
@@ -222,7 +222,7 @@
   when: minifirewall_backupservers is not none
 
 - name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS='{{ minifirewall_sysctl_icmp_echo_ignore_broadcasts }}'"
     regexp: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS=('|\").*('|\")"
@@ -230,7 +230,7 @@
   when: minifirewall_sysctl_icmp_echo_ignore_broadcasts is not none
 
 - name: Configure SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES='{{ minifirewall_sysctl_icmp_ignore_bogus_error_responses }}'"
     regexp: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES=('|\").*('|\")"
@@ -238,7 +238,7 @@
   when: minifirewall_sysctl_icmp_ignore_bogus_error_responses is not none
 
 - name: Configure SYSCTL_ACCEPT_SOURCE_ROUTE
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_ACCEPT_SOURCE_ROUTE='{{ minifirewall_sysctl_accept_source_route }}'"
     regexp: "SYSCTL_ACCEPT_SOURCE_ROUTE=('|\").*('|\")"
@@ -246,7 +246,7 @@
   when: minifirewall_sysctl_accept_source_route is not none
 
 - name: Configure SYSCTL_TCP_SYNCOOKIES
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_TCP_SYNCOOKIES='{{ minifirewall_sysctl_tcp_syncookies }}'"
     regexp: "SYSCTL_TCP_SYNCOOKIES=('|\").*('|\")"
@@ -254,7 +254,7 @@
   when: minifirewall_sysctl_tcp_syncookies is not none
 
 - name: Configure SYSCTL_ICMP_REDIRECTS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_ICMP_REDIRECTS='{{ minifirewall_sysctl_icmp_redirects }}'"
     regexp: "SYSCTL_ICMP_REDIRECTS=('|\").*('|\")"
@@ -262,7 +262,7 @@
   when: minifirewall_sysctl_icmp_redirects is not none
 
 - name: Configure SYSCTL_RP_FILTER
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_RP_FILTER='{{ minifirewall_sysctl_rp_filter }}'"
     regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
@@ -270,7 +270,7 @@
   when: minifirewall_sysctl_rp_filter is not none
 
 - name: Configure SYSCTL_LOG_MARTIANS
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_LOG_MARTIANS='{{ minifirewall_sysctl_log_martians }}'"
     regexp: "SYSCTL_LOG_MARTIANS=('|\").*('|\")"
@@ -278,12 +278,13 @@
   when: minifirewall_sysctl_log_martians is not none
 
 - name: Stat minifirewall config file (after)
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   register: minifirewall_after
 
 - name: Schedule minifirewall restart (modern)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (modern)"
   when:
     - minifirewall_install_mode != 'legacy'
@@ -291,6 +292,6 @@
     - minifirewall_is_running.rc == 0
     - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_init_restart
     verbosity: 2
diff --git a/minifirewall/tasks/install.legacy.yml b/minifirewall/tasks/install.legacy.yml
index 323426b5..7d03efff 100644
--- a/minifirewall/tasks/install.legacy.yml
+++ b/minifirewall/tasks/install.legacy.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: dependencies are satisfied
-  apt:
+  ansible.builtin.apt:
     name: iptables
     state: present
 
 - name: init script is copied
-  template:
+  ansible.builtin.template:
     src: minifirewall.legacy.j2
     dest: /etc/init.d/minifirewall
     force: "{{ minifirewall_force_upgrade_script | default('no') }}"
@@ -15,7 +15,7 @@
     group: root
 
 - name: configuration is copied
-  copy:
+  ansible.builtin.copy:
     src: minifirewall.legacy.conf
     dest: "{{ minifirewall_main_file }}"
     force: "{{ minifirewall_force_upgrade_config | default('no') }}"
diff --git a/minifirewall/tasks/install.yml b/minifirewall/tasks/install.yml
index daac6f81..1a507d31 100644
--- a/minifirewall/tasks/install.yml
+++ b/minifirewall/tasks/install.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: dependencies are satisfied
-  apt:
+  ansible.builtin.apt:
     name: iptables
     state: present
 
 - name: init script is copied
-  copy:
+  ansible.builtin.copy:
     src: minifirewall
     dest: /etc/init.d/minifirewall
     force: "{{ minifirewall_force_upgrade_script | default('no') }}"
@@ -16,7 +16,7 @@
   register: minifirewall_upgrade_script
 
 - name: configuration is copied
-  copy:
+  ansible.builtin.copy:
     src: minifirewall.conf
     dest: "/etc/default/minifirewall"
     force: "{{ minifirewall_force_upgrade_config | default('no') }}"
@@ -26,7 +26,7 @@
   register: minifirewall_upgrade_config
 
 - name: includes directory is present
-  file:
+  ansible.builtin.file:
     path: /etc/minifirewall.d/
     state: directory
     owner: root
@@ -34,7 +34,7 @@
     mode: "0700"
 
 - name: examples for includes are present
-  copy:
+  ansible.builtin.copy:
     src: "minifirewall.d/"
     dest: "/etc/minifirewall.d/"
     force: "no"
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index e0dbcaf0..5457d60c 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -3,7 +3,7 @@
 # Legacy or modern mode? ##############################################
 
 - name: Check minifirewall
-  stat:
+  ansible.builtin.stat:
     path: /etc/init.d/minifirewall
   register: _minifirewall_check
   tags:
@@ -11,7 +11,8 @@
 
 # Legacy versions of minifirewall don't define the VERSION variable
 - name: Look for minifirewall version
-  shell: "grep -E '^\\s*VERSION=' /etc/init.d/minifirewall"
+  ansible.builtin.shell:
+    cmd: "grep -E '^\\s*VERSION=' /etc/init.d/minifirewall"
   failed_when: False
   changed_when: False
   check_mode: False
@@ -20,7 +21,7 @@
     - always
 
 - name: Set install mode to legacy if needed
-  set_fact:
+  ansible.builtin.set_fact:
     minifirewall_install_mode: legacy
     minifirewall_main_file: "{{ minifirewall_legacy_main_file }}"
     minifirewall_tail_file: "{{ minifirewall_legacy_tail_file }}"
@@ -32,21 +33,21 @@
     - always
 
 - name: Set install mode to modern if not legacy
-  set_fact:
+  ansible.builtin.set_fact:
     minifirewall_install_mode: modern
   when: minifirewall_install_mode != 'legacy'
   tags:
     - always
 
 - name: Debug install mode
-  debug:
+  ansible.builtin.debug:
     var: minifirewall_install_mode
     verbosity: 1
   tags:
     - always
 
 - name: 'Set minifirewall_restart_handler_name to "noop"'
-  set_fact:
+  ansible.builtin.set_fact:
     minifirewall_restart_handler_name: "restart minifirewall (noop)"
   when:
     - not (minifirewall_restart_if_needed | bool)
@@ -54,7 +55,7 @@
     - always
 
 - name: 'Set minifirewall_restart_handler_name to "legacy"'
-  set_fact:
+  ansible.builtin.set_fact:
     minifirewall_restart_handler_name: "restart minifirewall (legacy)"
   when:
     - minifirewall_restart_if_needed | bool
@@ -63,7 +64,7 @@
     - always
 
 - name: 'Set minifirewall_restart_handler_name to "modern"'
-  set_fact:
+  ansible.builtin.set_fact:
     minifirewall_restart_handler_name: "restart minifirewall (modern)"
   when:
     - minifirewall_restart_if_needed | bool
@@ -74,7 +75,7 @@
 #######################################################################
 
 - name: Fail if minifirewall_main_file is defined (legacy mode)
-  fail:
+  ansible.builtin.fail:
     msg: "Variable minifirewall_main_file is deprecated and not configurable anymore."
   when:
     - minifirewall_install_mode != 'legacy'
@@ -83,22 +84,22 @@
     - always
 
 - name: Install tasks (modern mode)
-  import_tasks: install.yml
+  ansible.builtin.import_tasks: install.yml
   when: minifirewall_install_mode != 'legacy'
 
 - name: Install tasks (legacy mode)
-  import_tasks: install.legacy.yml
+  ansible.builtin.import_tasks: install.legacy.yml
   when: minifirewall_install_mode == 'legacy'
 
 - name: Debug minifirewall_update_config
-  debug:
+  ansible.builtin.debug:
     var: minifirewall_update_config | bool
     verbosity: 1
   tags:
     - always
 
 - name: Config tasks (modern mode)
-  include_tasks: config.yml
+  ansible.builtin.include_tasks: config.yml
   when:
     - minifirewall_install_mode != 'legacy'
     - minifirewall_update_config | bool
@@ -106,7 +107,7 @@
     - manage
 
 - name: Config tasks (legacy mode)
-  include_tasks: config.legacy.yml
+  ansible.builtin.include_tasks: config.legacy.yml
   args:
     apply:
       tags:
@@ -116,23 +117,23 @@
     - minifirewall_update_config | bool
 
 - name: Utils tasks
-  include_tasks: utils.yml
+  ansible.builtin.include_tasks: utils.yml
 
 - name: NRPE tasks
-  include_tasks: nrpe.yml
+  ansible.builtin.include_tasks: nrpe.yml
 
 - name: Activation tasks
-  include_tasks: activate.yml
+  ansible.builtin.include_tasks: activate.yml
 
 - name: Debug minifirewall_tail_included
-  debug:
+  ansible.builtin.debug:
     var: minifirewall_tail_included | bool
     verbosity: 1
   tags:
     - always
 
 - name: Tail tasks (modern mode)
-  include_tasks: tail.yml
+  ansible.builtin.include_tasks: tail.yml
   args:
     apply:
       tags:
@@ -142,7 +143,7 @@
     - minifirewall_tail_included | bool
 
 - name: Tail tasks (legacy mode)
-  include_tasks: tail.legacy.yml
+  ansible.builtin.include_tasks: tail.legacy.yml
   args:
     apply:
       tags:
@@ -154,14 +155,15 @@
 # Restart?
 
 - name: Debug minifirewall_restart_force
-  debug:
+  ansible.builtin.debug:
     var: minifirewall_restart_force | bool
     verbosity: 1
   tags:
     - always
 
 - name: Force restart minifirewall (legacy)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (legacy)"
   tags:
     - always
@@ -170,7 +172,8 @@
     - minifirewall_restart_force | bool
 
 - name: Force restart minifirewall (modern)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (modern)"
   tags:
     - always
diff --git a/minifirewall/tasks/nrpe.yml b/minifirewall/tasks/nrpe.yml
index 2e9674f7..691dd454 100644
--- a/minifirewall/tasks/nrpe.yml
+++ b/minifirewall/tasks/nrpe.yml
@@ -1,10 +1,10 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -12,7 +12,7 @@
     state: directory
 
 - name: minifirewall_status is installed
-  copy:
+  ansible.builtin.copy:
     src: minifirewall_status
     dest: /usr/share/scripts/minifirewall_status
     force: "{{ minifirewall_force_update_nrpe_scripts | bool }}"
@@ -21,7 +21,7 @@
     group: root
 
 - name: /usr/local/lib/nagios/plugins/ exists
-  file:
+  ansible.builtin.file:
     dest: "{{ nagios_plugins_directory }}"
     mode: "02755"
     owner: root
@@ -29,7 +29,7 @@
     state: directory
 
 - name: check_minifirewall is installed
-  copy:
+  ansible.builtin.copy:
     src: check_minifirewall
     dest: "{{ nagios_plugins_directory }}/check_minifirewall"
     force: "{{ minifirewall_force_update_nrpe_scripts | bool }}"
@@ -38,12 +38,12 @@
     group: staff
 
 - name: Is NRPE installed?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   register: nrpe_evolix_cfg
 
 - name: check_minifirewall is available for NRPE
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     regexp: 'command\[check_minifirewall\]'
     line: 'command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall'
@@ -51,12 +51,12 @@
   when: nrpe_evolix_cfg.stat.exists
 
 - name: Is evolinux sudoers installed?
-  stat:
+  ansible.builtin.stat:
     path: /etc/sudoers.d/evolinux
   register: sudoers_evolinux
 
 - name: sudo without password for nagios
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers.d/evolinux
     regexp: 'check_minifirewall'
     line: 'nagios          ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall'
diff --git a/minifirewall/tasks/tail.legacy.yml b/minifirewall/tasks/tail.legacy.yml
index dc7fbdc9..d78d2090 100644
--- a/minifirewall/tasks/tail.legacy.yml
+++ b/minifirewall/tasks/tail.legacy.yml
@@ -1,24 +1,24 @@
 ---
 
 - name: Stat minifirewall config file (before)
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   register: minifirewall_before
 
 - name: Check if minifirewall is running
-  shell:
+  ansible.builtin.shell:
     cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
   changed_when: False
   failed_when: False
   check_mode: no
   register: minifirewall_is_running
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_is_running
     verbosity: 1
 
 - name: Add some rules at the end of minifirewall file
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ minifirewall_tail_file }}"
     force: "{{ minifirewall_tail_force | bool }}"
@@ -32,24 +32,25 @@
       - "templates/minifirewall.default.tail.j2"
   register: minifirewall_tail_template
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_tail_template
     verbosity: 1
 
 - name: source minifirewall.tail at the end of the main file
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: "{{ minifirewall_main_file }}"
     marker: "# {mark} ANSIBLE MANAGED EXTERNAL RULES"
     block: ". {{ minifirewall_tail_file }}"
     insertbefore: EOF
   register: minifirewall_tail_source
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_tail_source
     verbosity: 1
 
 - name: Schedule minifirewall restart (legacy)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (legacy)"
   when:
     - minifirewall_install_mode == 'legacy'
@@ -57,6 +58,6 @@
     - minifirewall_is_running.rc == 0
     - minifirewall_tail_template is changed
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_init_restart
     verbosity: 1
diff --git a/minifirewall/tasks/tail.yml b/minifirewall/tasks/tail.yml
index 73d60d9c..a3911f4a 100644
--- a/minifirewall/tasks/tail.yml
+++ b/minifirewall/tasks/tail.yml
@@ -1,24 +1,24 @@
 ---
 
 - name: Stat minifirewall config file (before)
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   register: minifirewall_before
 
 - name: Check if minifirewall is running
-  shell:
+  ansible.builtin.shell:
     cmd: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
   changed_when: False
   failed_when: False
   check_mode: no
   register: minifirewall_is_running
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_is_running
     verbosity: 1
 
 - name: Add some rules at the end of minifirewall file
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ minifirewall_tail_file }}"
     force: "{{ minifirewall_tail_force | bool }}"
@@ -32,12 +32,13 @@
       - "templates/minifirewall.default.tail.j2"
   register: minifirewall_tail_template
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_tail_template
     verbosity: 1
 
 - name: Schedule minifirewall restart (modern)
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: "restart minifirewall (modern)"
   when:
     - minifirewall_install_mode != 'legacy'
@@ -45,6 +46,6 @@
     - minifirewall_is_running.rc == 0
     - minifirewall_tail_template is changed
 
-- debug:
+- ansible.builtin.debug:
     var: minifirewall_init_restart
     verbosity: 1
diff --git a/minifirewall/tasks/utils.yml b/minifirewall/tasks/utils.yml
index 775bdd95..14ea7aac 100644
--- a/minifirewall/tasks/utils.yml
+++ b/minifirewall/tasks/utils.yml
@@ -1,10 +1,10 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: /usr/share/scripts exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/scripts
     mode: "0700"
     owner: root
@@ -12,7 +12,7 @@
     state: directory
 
 - name: blacklist-countries.sh is copied
-  copy:
+  ansible.builtin.copy:
     src: blacklist-countries.sh
     dest: /usr/share/scripts/blacklist-countries.sh
     force: "no"
diff --git a/minifirewall/tests/test.yml b/minifirewall/tests/test.yml
index 43dd567f..a7168a68 100644
--- a/minifirewall/tests/test.yml
+++ b/minifirewall/tests/test.yml
@@ -3,7 +3,7 @@
   vars:
     - minifirewall_trusted_ips: ["{{ ansible_default_ipv4.address }}/24"]
   pre_tasks:
-    - apt:
+    - ansible.builtin.apt:
         name: git
   roles:
     - role: minifirewall
diff --git a/mongodb/handlers/main.yml b/mongodb/handlers/main.yml
index 15f70437..7b793cdf 100644
--- a/mongodb/handlers/main.yml
+++ b/mongodb/handlers/main.yml
@@ -1,16 +1,16 @@
 ---
 # handlers file for mongodb
 - name: restart mongod
-  service:
+  ansible.builtin.service:
     name: mongod
     state: restarted
 
 - name: restart mongodb
-  service:
+  ansible.builtin.service:
     name: mongodb
     state: restarted
 
 - name: restart munin-node
-  systemd:
+  ansible.builtin.systemd:
     name: munin-node
     state: restarted
diff --git a/mongodb/tasks/main_bookworm.yml b/mongodb/tasks/main_bookworm.yml
index 19bb513b..8261dcb2 100644
--- a/mongodb/tasks/main_bookworm.yml
+++ b/mongodb/tasks/main_bookworm.yml
@@ -1,6 +1,6 @@
 ---
 
-- fail:
+- ansible.builtin.fail:
     msg: MongoDB is not compatible with Debian 12 (Bookworm)
   when:
   - ansible_distribution_release == "bookworm"
@@ -30,48 +30,48 @@
   register: _mongodb_install_package
 
 - name: MongoDB service in enabled and started
-  systemd:
+  ansible.builtin.systemd:
     name: mongod
     enabled: yes
     state: started
   when: _mongodb_install_package is changed
 
 - name: install dependency for monitoring
-  apt:
+  ansible.builtin.apt:
     name: python3-pymongo
     state: present
 
 - name: Custom configuration
-  template:
+  ansible.builtin.template:
     src: mongodb_bullseye.conf.j2
     dest: "/etc/mongod.conf"
     force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
   notify: restart mongod
 
 - name: Configure logrotate
-  template:
+  ansible.builtin.template:
     src: logrotate_bullseye.j2
     dest: /etc/logrotate.d/mongodb
     force: yes
     backup: no
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
 
 - name: Munin plugins are present
-  copy:
+  ansible.builtin.copy:
     src: "munin/{{ item }}"
     dest: '/usr/local/share/munin/plugins/{{ item }}'
     force: yes
@@ -87,7 +87,7 @@
   notify: restart munin-node
 
 - name: Enable core Munin plugins
-  file:
+  ansible.builtin.file:
     src: '/usr/local/share/munin/plugins/{{ item }}'
     dest: /etc/munin/plugins/{{ item }}
     state: link
diff --git a/mongodb/tasks/main_bullseye.yml b/mongodb/tasks/main_bullseye.yml
index aa20fb97..4a02ee9b 100644
--- a/mongodb/tasks/main_bullseye.yml
+++ b/mongodb/tasks/main_bullseye.yml
@@ -1,13 +1,13 @@
 ---
 
-- fail:
+- ansible.builtin.fail:
     msg: MongoDB versions <4.2 are not compatible with Debian 11 (Bullseye)
   when:
   - ansible_distribution_release == "bullseye"
   - mongodb_version is version('5.2', '<')
 
 - name: Add MongoDB GPG key
-  copy:
+  ansible.builtin.copy:
     src: "server-{{ mongodb_version }}.asc"
     dest: "{{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc"
     force: yes
@@ -16,61 +16,61 @@
     group: root
 
 - name: Add MongoDB repository
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{ mongodb_version }} main"
     state: present
     filename: "mongodb-org-{{ mongodb_version }}"
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: mongodb-org
     update_cache: yes
     state: present
   register: _mongodb_install_package
 
 - name: MongoDB service in enabled and started
-  systemd:
+  ansible.builtin.systemd:
     name: mongod
     enabled: yes
     state: started
   when: _mongodb_install_package is changed
 
 - name: install dependency for monitoring
-  apt:
+  ansible.builtin.apt:
     name: python3-pymongo
     state: present
 
 - name: Custom configuration
-  template:
+  ansible.builtin.template:
     src: mongodb_bullseye.conf.j2
     dest: "/etc/mongod.conf"
     force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
   notify: restart mongod
 
 - name: Configure logrotate
-  template:
+  ansible.builtin.template:
     src: logrotate_bullseye.j2
     dest: /etc/logrotate.d/mongodb
     force: yes
     backup: no
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
 
 - name: Munin plugins are present
-  copy:
+  ansible.builtin.copy:
     src: "munin/{{ item }}"
     dest: '/usr/local/share/munin/plugins/{{ item }}'
     force: yes
@@ -86,7 +86,7 @@
   notify: restart munin-node
 
 - name: Enable core Munin plugins
-  file:
+  ansible.builtin.file:
     src: '/usr/local/share/munin/plugins/{{ item }}'
     dest: /etc/munin/plugins/{{ item }}
     state: link
diff --git a/mongodb/tasks/main_buster.yml b/mongodb/tasks/main_buster.yml
index 44baabc9..415a5a3f 100644
--- a/mongodb/tasks/main_buster.yml
+++ b/mongodb/tasks/main_buster.yml
@@ -1,19 +1,19 @@
 ---
 
 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
     path: /etc/apt/trusted.gpg
   register: _trusted_gpg_keyring
 
 - name: MongoDB embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
     id: "B8612B5D"
     keyring: /etc/apt/trusted.gpg
     state: absent
   when: _trusted_gpg_keyring.stat.exists
 
 - name: Add MongoDB GPG key
-  copy:
+  ansible.builtin.copy:
     src: "server-{{ mongodb_version }}.asc"
     dest: "{{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc"
     force: yes
@@ -22,69 +22,69 @@
     group: root
 
 - name: Enable APT sources list
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_version }} main"
     state: present
     filename: "mongodb-org-{{ mongodb_version }}"
     update_cache: yes
 
 - name: Disable unsigned APT sources list
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_version }} main"
     state: absent
     filename: "mongodb-org-{{ mongodb_version }}"
     update_cache: yes
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: mongodb-org
     update_cache: yes
     state: present
   register: _mongodb_install_package
 
 - name: MongoDB service in enabled and started
-  systemd:
+  ansible.builtin.systemd:
     name: mongod
     enabled: yes
     state: started
   when: _mongodb_install_package is changed
 
 - name: install dependency for monitoring
-  apt:
+  ansible.builtin.apt:
     name: python-pymongo
     state: present
 
 - name: Custom configuration
-  template:
+  ansible.builtin.template:
     src: mongodb_buster.conf.j2
     dest: "/etc/mongod.conf"
     force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
   notify: restart mongod
 
 - name: Configure logrotate
-  template:
+  ansible.builtin.template:
     src: logrotate_buster.j2
     dest: /etc/logrotate.d/mongodb
     force: yes
     backup: no
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
 
 - name: Munin plugins are present
-  copy:
+  ansible.builtin.copy:
     src: "munin/{{ item }}"
     dest: '/usr/local/share/munin/plugins/{{ item }}'
     force: yes
@@ -100,7 +100,7 @@
   notify: restart munin-node
 
 - name: Enable core Munin plugins
-  file:
+  ansible.builtin.file:
     src: '/usr/local/share/munin/plugins/{{ item }}'
     dest: /etc/munin/plugins/{{ item }}
     state: link
diff --git a/mongodb/tasks/main_jessie.yml b/mongodb/tasks/main_jessie.yml
index bc239393..61d57f85 100644
--- a/mongodb/tasks/main_jessie.yml
+++ b/mongodb/tasks/main_jessie.yml
@@ -1,19 +1,19 @@
 ---
 
 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
     path: /etc/apt/trusted.gpg
   register: _trusted_gpg_keyring
 
 - name: MongoDB embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
     id: "B8612B5D"
     keyring: /etc/apt/trusted.gpg
     state: absent
   when: _trusted_gpg_keyring.stat.exists
 
 - name: Add MongoDB GPG key
-  copy:
+  ansible.builtin.copy:
     src: "server-{{ mongodb_version }}.asc"
     dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{ mongodb_version }}.asc"
     force: yes
@@ -22,39 +22,39 @@
     group: root
 
 - name: Enable APT sources list
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/{{ mongodb_version }} main"
     state: present
     filename: "mongodb-org-{{ mongodb_version }}"
     update_cache: yes
 
 - name: Disable APT sources list
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/{{ mongodb_version }} main"
     state: absent
     filename: "mongodb-org-{{ mongodb_version }}"
     update_cache: yes
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: mongodb-org
     allow_unauthenticated: yes
     state: present
 
 - name: install dependency for monitoring
-  apt:
+  ansible.builtin.apt:
     name: python-pymongo
     state: present
 
 - name: Custom configuration
-  template:
+  ansible.builtin.template:
     src: mongod_jessie.conf.j2
     dest: "/etc/mongod.conf"
     force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
   notify: restart mongod
 
 - name: Configure logrotate
-  template:
+  ansible.builtin.template:
     src: logrotate_jessie.j2
     dest: /etc/logrotate.d/mongodb
     force: yes
diff --git a/mongodb/tasks/main_stretch.yml b/mongodb/tasks/main_stretch.yml
index fe44e259..0dc33fcf 100644
--- a/mongodb/tasks/main_stretch.yml
+++ b/mongodb/tasks/main_stretch.yml
@@ -1,38 +1,39 @@
 ---
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name:
       - mongodb
       - mongo-tools
     state: present
 
 - name: install dependency for monitoring
-  apt:
+  ansible.builtin.apt:
     name: python-pymongo
     state: present
 
 - name: Custom configuration
-  template:
+  ansible.builtin.template:
     src: mongodb_stretch.conf.j2
     dest: "/etc/mongodb.conf"
     force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
   notify: restart mongodb
 
 - name: enable service
-  service:
+  ansible.builtin.service:
     name: mongodb
     enabled: yes
 
 - name: Configure logrotate
-  template:
+  ansible.builtin.template:
     src: logrotate_stretch.j2
     dest: /etc/logrotate.d/mongodb-server
     force: yes
     backup: no
 
 - name: disable previous logrotate
-  command: mv /etc/logrotate.d/mongodb /etc/logrotate.d/mongodb.disabled
+  ansible.builtin.command:
+    cmd: mv /etc/logrotate.d/mongodb /etc/logrotate.d/mongodb.disabled
   args:
     removes: /etc/logrotate.d/mongodb
     creates: /etc/logrotate.d/mongodb.disabled
diff --git a/monit/handlers/main.yml b/monit/handlers/main.yml
index d7900061..51beff76 100644
--- a/monit/handlers/main.yml
+++ b/monit/handlers/main.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: reload monit
-  service:
+  ansible.builtin.service:
     name: monit
     state: reloaded
 
 - name: restart monit
-  service:
+  ansible.builtin.service:
     name: monit
     state: restarted
diff --git a/monit/tasks/main.yml b/monit/tasks/main.yml
index fcdd0b4c..49e4c99b 100644
--- a/monit/tasks/main.yml
+++ b/monit/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: monit is installed
-  apt:
+  ansible.builtin.apt:
     name: monit
     state: present
   tags:
@@ -9,7 +9,7 @@
   - packages
 
 - name: custom config is installed
-  template:
+  ansible.builtin.template:
     src: evolinux-defaults.conf.j2
     dest: /etc/monit/conf.d/z-evolinux-defaults.conf
     mode: "0640"
diff --git a/munin/handlers/main.yml b/munin/handlers/main.yml
index 8654181d..76782bf8 100644
--- a/munin/handlers/main.yml
+++ b/munin/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart munin_node
-  service:
+  ansible.builtin.service:
     name: munin_node
     state: restarted
 
 - name: systemd daemon-reload
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: yes
\ No newline at end of file
diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml
index 6d3098dd..53aad7d0 100644
--- a/munin/tasks/main.yml
+++ b/munin/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Ensure that Munin (and useful dependencies) is installed
-  apt:
+  ansible.builtin.apt:
     name:
       - munin
       - munin-node
@@ -14,19 +14,20 @@
     - packages
 
 - name: Ensure /usr is still writable
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - block:
   - name: Replace localdomain in Munin config
-    replace:
+    ansible.builtin.replace:
       dest: /etc/munin/munin.conf
       regexp: 'localhost.localdomain'
       replace: '{{ ansible_fqdn }}'
     notify: restart munin-node
 
   - name: Rename the localdomain data dir
-    shell: "mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} && rename \"s/localhost.localdomain/{{ ansible_fqdn }}/\" /var/lib/munin/{{ ansible_domain }}/*"
+    ansible.builtin.shell:
+      cmd: "mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} && rename \"s/localhost.localdomain/{{ ansible_fqdn }}/\" /var/lib/munin/{{ ansible_domain }}/*"
     args:
       creates: /var/lib/munin/{{ ansible_domain }}
       removes: /var/lib/munin/localdomain
@@ -36,11 +37,11 @@
   tags:
     - munin
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Install some Munin plugins (disabled)
-  copy:
+  ansible.builtin.copy:
     src: 'plugins/{{ item }}'
     dest: '/usr/share/munin/plugins/{{ item }}'
   loop:
@@ -49,7 +50,7 @@
     - munin
 
 - name: Ensure some Munin plugins are disabled
-  file:
+  ansible.builtin.file:
     path: '/etc/munin/plugins/{{ item }}'
     state: absent
   loop:
@@ -65,7 +66,7 @@
     - munin
 
 - name: Ensure some Munin plugins are enabled
-  file:
+  ansible.builtin.file:
     src: "/usr/share/munin/plugins/{{ item }}"
     dest: "/etc/munin/plugins/{{ item }}"
     state: link
@@ -81,7 +82,7 @@
     - munin
 
 - name: Enable sensors_ plugin on dedicated hardware
-  file:
+  ansible.builtin.file:
     src: /usr/share/munin/plugins/sensors_
     dest: "/etc/munin/plugins/sensors_{{ item }}"
     state: link
@@ -94,7 +95,7 @@
     - munin
 
 - name: Enable ipmi_ plugin on dedicated hardware
-  file:
+  ansible.builtin.file:
     src: /usr/share/munin/plugins/ipmi_
     dest: "/etc/munin/plugins/ipmi_{{ item }}"
     state: link
@@ -107,7 +108,7 @@
     - volts
 
 - name: adjustments for grsec kernel
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/munin/plugin-conf.d/munin-node
     marker: "# {mark} ANSIBLE MANAGED GRSECURITY CUSTOMIZATIONS"
     block: |
@@ -123,13 +124,13 @@
   when: ansible_kernel is search("-grs-")
 
 - name: Create override directory for munin-node unit
-  file:
+  ansible.builtin.file:
     name: /etc/systemd/system/munin-node.service.d/
     state: directory
     mode: "0755"
 
 - name: Override is present for protected home
-  ini_file:
+  community.general.ini_file:
     dest: "/etc/systemd/system/munin-node.service.d/override.conf"
     section: "Service"
     option: "ProtectHome"
diff --git a/mysql-oracle/handlers/main.yml b/mysql-oracle/handlers/main.yml
index c89d562a..eef49ef5 100644
--- a/mysql-oracle/handlers/main.yml
+++ b/mysql-oracle/handlers/main.yml
@@ -1,28 +1,29 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart mysql
-  service:
+  ansible.builtin.service:
     name: mysql
     state: restarted
 
 - name: restart mysql (noop)
-  meta: noop
+  ansible.builtin.meta: noop
   failed_when: False
   changed_when: False
 
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     name: mysql
     daemon_reload: yes
 
 - name: Restart minifirewall
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml
index 16590a59..ff42ed20 100644
--- a/mysql-oracle/tasks/config.yml
+++ b/mysql-oracle/tasks/config.yml
@@ -1,10 +1,10 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     mysql_config_directory: "/etc/mysql/mysql.conf.d"
 
 - name: "Copy MySQL defaults config file"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-defaults.cnf
     dest: "{{ mysql_config_directory }}/z-evolinux-defaults.cnf"
     owner: root
@@ -15,7 +15,7 @@
     - mysql
 
 - name: "Copy MySQL custom config file"
-  template:
+  ansible.builtin.template:
     src: evolinux-custom.cnf.j2
     dest: "{{ mysql_config_directory }}/zzz-evolinux-custom.cnf"
     owner: root
diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml
index c375f5d5..d28d6440 100644
--- a/mysql-oracle/tasks/datadir.yml
+++ b/mysql-oracle/tasks/datadir.yml
@@ -2,13 +2,14 @@
 
 - block:
   - name: "Is {{ mysql_custom_datadir }} present ?"
-    stat:
+    ansible.builtin.stat:
       path: "{{ mysql_custom_datadir }}"
     check_mode: no
     register: mysql_custom_datadir_test
 
   - name: "read the real datadir"
-    command: readlink -f /var/lib/mysql
+    ansible.builtin.command:
+      cmd: readlink -f /var/lib/mysql
     changed_when: False
     check_mode: no
     register: mysql_current_real_datadir_test
@@ -18,23 +19,24 @@
 
 - block:
   - name: MySQL is stopped
-    service:
+    ansible.builtin.service:
       name: mysql
       state: stopped
 
   - name: Move MySQL datadir to {{ mysql_custom_datadir }}
-    command: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }}
+    ansible.builtin.command:
+      cmd: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }}
     args:
       creates: "{{ mysql_custom_datadir }}"
 
   - name: Symlink {{ mysql_custom_datadir }} to /var/lib/mysql
-    file:
+    ansible.builtin.file:
       src: "{{ mysql_custom_datadir }}"
       dest: '/var/lib/mysql'
       state: link
 
   - name: MySQL is started
-    service:
+    ansible.builtin.service:
       name: mysql
       state: started
   tags:
diff --git a/mysql-oracle/tasks/log2mail.yml b/mysql-oracle/tasks/log2mail.yml
index 568b6649..4eee01c8 100644
--- a/mysql-oracle/tasks/log2mail.yml
+++ b/mysql-oracle/tasks/log2mail.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Is log2mail present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/log2mail/config
   check_mode: no
   register: log2mail_config_dir
@@ -10,7 +10,7 @@
     - log2mail
 
 - name: Copy log2mail config
-  template:
+  ansible.builtin.template:
     src: log2mail.j2
     dest: /etc/log2mail/config/mysql.conf
     owner: log2mail
diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml
index 2e2f09bf..1e928681 100644
--- a/mysql-oracle/tasks/main.yml
+++ b/mysql-oracle/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: users.yml
+- ansible.builtin.include: users.yml
 
-- include: config.yml
+- ansible.builtin.include: config.yml
 
-- include: datadir.yml
+- ansible.builtin.include: datadir.yml
 
-- include: tmpdir.yml
+- ansible.builtin.include: tmpdir.yml
 
-- include: nrpe.yml
+- ansible.builtin.include: nrpe.yml
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
 
-- include: log2mail.yml
+- ansible.builtin.include: log2mail.yml
 
-- include: utils.yml
+- ansible.builtin.include: utils.yml
diff --git a/mysql-oracle/tasks/munin.yml b/mysql-oracle/tasks/munin.yml
index b9e633b0..bed33556 100644
--- a/mysql-oracle/tasks/munin.yml
+++ b/mysql-oracle/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: munin_node_plugins_config
@@ -11,14 +11,14 @@
 
 - block:
   - name: Install perl libraries for Munin
-    apt:
+    ansible.builtin.apt:
       name:
         - libdbd-mysql-perl
         - libcache-cache-perl
       state: present
 
   - name: Enable core Munin plugins
-    file:
+    ansible.builtin.file:
       src: '/usr/share/munin/plugins/{{ item }}'
       dest: /etc/munin/plugins/{{ item }}
       state: link
@@ -30,7 +30,7 @@
     notify: restart munin-node
 
   - name: Enable contributed Munin plugins
-    file:
+    ansible.builtin.file:
       src: /usr/share/munin/plugins/mysql_
       dest: '/etc/munin/plugins/mysql_{{ item }}'
       state: link
diff --git a/mysql-oracle/tasks/nrpe.yml b/mysql-oracle/tasks/nrpe.yml
index c3457699..cce8e4b7 100644
--- a/mysql-oracle/tasks/nrpe.yml
+++ b/mysql-oracle/tasks/nrpe.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is NRPE present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   check_mode: no
   register: nrpe_evolix_config
@@ -10,7 +10,7 @@
     - nrpe
 
 - name: NRPE user exists for MySQL ?
-  stat:
+  ansible.builtin.stat:
     path: ~nagios/.my.cnf
   check_mode: no
   register: nrpe_my_cnf
@@ -20,13 +20,14 @@
 
 - block:
   - name: Create a password for NRPE
-    command: "apg -n 1 -m 16 -M lcN"
+    ansible.builtin.command:
+      cmd: "apg -n 1 -m 16 -M lcN"
     register: mysql_nrpe_password
     check_mode: no
     changed_when: False
 
   - name: Create nrpe user
-    mysql_user:
+    community.mysql.mysql_user:
       name: nrpe
       password: '{{ mysql_nrpe_password.stdout }}'
       priv: "*.*:REPLICATION CLIENT"
@@ -36,7 +37,7 @@
     register: create_nrpe_user
 
   - name: Store credentials in nagios home
-    ini_file:
+    community.general.ini_file:
       dest: "~nagios/.my.cnf"
       owner: nagios
       group: nagios
diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml
index 5bf8848e..7ceadd89 100644
--- a/mysql-oracle/tasks/packages.yml
+++ b/mysql-oracle/tasks/packages.yml
@@ -1,43 +1,43 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
 
 - name: Set default MySQL version to 5.7
-  debconf:
+  ansible.builtin.debconf:
     name: mysql-apt-config
     question: mysql-apt-config/enable-repo
     value: mysql-5.7
     vtype: select
 
 - name: MySQL APT config package is available
-  copy:
+  ansible.builtin.copy:
     src: "{{ mysql_apt_config_package }}"
     dest: "/root/{{ mysql_apt_config_package }}"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: MySQL APT config package is installed
-  apt:
+  ansible.builtin.apt:
     deb: "/root/{{ mysql_apt_config_package }}"
     state: present
   register: mysql_apt_config_deb
 
 - name: Open firewall for MySQL.com repository
-  replace:
+  ansible.builtin.replace:
     name: /etc/default/minifirewall
     regexp: "^(HTTPSITES='((?!(repo\\.mysql\\.com|0\\.0\\.0\\.0)).)*)'$"
     replace: "\\1 repo.mysql.com'"
   notify: Restart minifirewall
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: /usr/share/mysql exists
-  file:
+  ansible.builtin.file:
     dest: /usr/share/mysql/
     mode: "0755"
     owner: root
@@ -45,7 +45,7 @@
     state: directory
 
 - name: mysql-systemd-start scripts is installed
-  copy:
+  ansible.builtin.copy:
     src: debian/mysql-systemd-start
     dest: /usr/share/mysql/mysql-systemd-start
     mode: "0755"
@@ -54,7 +54,7 @@
     force: yes
 
 - name: systemd unit is installed
-  copy:
+  ansible.builtin.copy:
     src: debian/mysql-server-5.7.mysql.service
     dest: /etc/systemd/system/mysql.service
     mode: "0644"
@@ -64,12 +64,12 @@
   register: mysql_systemd_unit
 
 - name: APT cache is up-to-date
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: mysql_apt_config_deb is changed
 
 - name: Install MySQL packages
-  apt:
+  ansible.builtin.apt:
     name:
       - mysql-server
       - mysql-client
@@ -80,7 +80,7 @@
     - packages
 
 - name: Install MySQL dev packages
-  apt:
+  ansible.builtin.apt:
     name: libmysqlclient20
     update_cache: yes
     state: present
@@ -90,7 +90,7 @@
   when: mysql_install_libclient | bool
 
 - name: MySQL is started
-  systemd:
+  ansible.builtin.systemd:
     name: mysql
     daemon_reload: yes
     state: started
@@ -99,7 +99,7 @@
     - services
 
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
   tags:
diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml
index 790a9f2e..d293ea82 100644
--- a/mysql-oracle/tasks/tmpdir.yml
+++ b/mysql-oracle/tasks/tmpdir.yml
@@ -2,7 +2,7 @@
 
 - block:
   - name: "Create {{ mysql_custom_tmpdir }}"
-    file:
+    ansible.builtin.file:
       path: "{{ mysql_custom_tmpdir }}"
       owner: mysql
       group: mysql
@@ -12,7 +12,7 @@
       - mysql
 
   - name: Configure tmpdir
-    ini_file:
+    community.general.ini_file:
       dest: "{{ mysql_config_directory }}/zzz-evolinux-custom.cnf"
       section: mysqld
       option: tmpdir
diff --git a/mysql-oracle/tasks/users.yml b/mysql-oracle/tasks/users.yml
index d0c444e5..62923f27 100644
--- a/mysql-oracle/tasks/users.yml
+++ b/mysql-oracle/tasks/users.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Python2 dependencies for Ansible are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - python-mysqldb
       - python-pymysql
@@ -11,7 +11,7 @@
   when: ansible_python_version is version('3', '<')
 
 - name: Python3 dependencies for Ansible are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - python3-mysqldb
       - python3-pymysql
@@ -21,14 +21,15 @@
   when: ansible_python_version is version('3', '>=')
 
 - name: create a password for mysqladmin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_admin_password
   changed_when: False
   tags:
     - mysql
 
 - name: there is a mysqladmin user
-  mysql_user:
+  community.mysql.mysql_user:
     name: mysqladmin
     password: '{{ mysql_admin_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -41,7 +42,7 @@
     - mysql
 
 - name: mysqladmin is the default user
-  ini_file:
+  community.general.ini_file:
     dest: /root/.my.cnf
     mode: "0600"
     section: client
@@ -57,14 +58,15 @@
 
 
 - name: create a password for debian-sys-maint
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_debian_password
   changed_when: False
   tags:
     - mysql
 
 - name: there is a debian-sys-maint user
-  mysql_user:
+  community.mysql.mysql_user:
     name: debian-sys-maint
     password: '{{ mysql_debian_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -76,7 +78,7 @@
     - mysql
 
 - name: store debian-sys-maint user credentials
-  ini_file:
+  community.general.ini_file:
     dest: /etc/mysql/debian.cnf
     mode: "0600"
     section: "{{ item[0] }}"
@@ -94,7 +96,7 @@
     - mysql
 
 - name: remove root user
-  mysql_user:
+  community.mysql.mysql_user:
     name: root
     host_all: yes
     config_file: "/root/.my.cnf"
diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml
index 82b0ddbe..cbcc9e37 100644
--- a/mysql-oracle/tasks/utils.yml
+++ b/mysql-oracle/tasks/utils.yml
@@ -1,14 +1,14 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     _mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
 - name: Scripts directory exists
-  file:
+  ansible.builtin.file:
     dest: "{{ _mysql_scripts_dir }}"
     mode: "0700"
     state: directory
@@ -18,7 +18,7 @@
 # mytop
 
 - name: "mytop is installed (Debian 9)"
-  apt:
+  ansible.builtin.apt:
     name: mytop
     state: present
   tags:
@@ -33,7 +33,7 @@
 #   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "mytop dependencies are installed (Buster)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libconfig-inifiles-perl
       - libdbd-mysql-perl
@@ -47,7 +47,7 @@
   when: ansible_distribution_release == "stretch"
 
 - name: "Install dependencies for mytop (Debian 10)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client-10.3
       - libconfig-inifiles-perl
@@ -55,21 +55,21 @@
   when: ansible_distribution_release == "buster"
 
 - name: "Install dependencies for mytop (Debian 11 or later)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client-10.5
       - libconfig-inifiles-perl
       - libterm-readkey-perl
   when: ansible_distribution_major_version is version('11', '>=')
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - mytop
     - mysql
 
 - name: "mytop is installed (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: mytop
     dest: /usr/local/bin/mytop
     mode: "0755"
@@ -82,7 +82,8 @@
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: Read debian-sys-maint password
-  shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
+  ansible.builtin.shell:
+    cmd: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
   register: mysql_debian_password
   changed_when: False
   check_mode: no
@@ -91,7 +92,7 @@
     - mysql
 
 - name: mytop configuration is copied
-  template:
+  ansible.builtin.template:
     src: mytop-config.j2
     dest: /root/.mytop
     mode: "0600"
@@ -102,7 +103,7 @@
 
 # mysqltuner
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - mysql
@@ -113,7 +114,7 @@
   #   src: mysqltuner.pl
   #   dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl"
   #   mode: "0700"
-  apt:
+  ansible.builtin.apt:
     name: mysqltuner
     state: present
   tags:
@@ -121,21 +122,21 @@
     - mysqltuner
 
 - name: aha is installed
-  apt:
+  ansible.builtin.apt:
     name: aha
   tags:
     - mysql
 
 # automatic optimizations
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - mysql
   when: _mysql_scripts_dir is search("/usr")
 
 - name: mysql-optimize.sh is installed
-  copy:
+  ansible.builtin.copy:
     src: mysql-optimize.sh
     dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
     mode: "0700"
@@ -143,7 +144,7 @@
     - mysql
 
 - name: "Cron dir for optimize is present"
-  file:
+  ansible.builtin.file:
     path: "/etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}"
     state: directory
     mode: "0755"
@@ -153,7 +154,7 @@
     - mysql
 
 - name: "Enable cron to optimize MySQL"
-  file:
+  ansible.builtin.file:
     src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
     dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
     state: link
@@ -162,7 +163,7 @@
     - mysql
 
 - name: "Disable cron to optimize MySQL"
-  file:
+  ansible.builtin.file:
     dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
     state: absent
   when: not (mysql_cron_optimize | bool)
@@ -170,7 +171,7 @@
     - mysql
 
 - name: "Cron dir for mysqltuner is present"
-  file:
+  ansible.builtin.file:
     path: "/etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}"
     state: directory
     mode: "0755"
@@ -181,7 +182,7 @@
     - mysqltuner
 
 - name: "Enable mysqltuner in cron"
-  copy:
+  ansible.builtin.copy:
     src: mysqltuner.cron.sh
     dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
     mode: "0755"
@@ -191,7 +192,7 @@
     - mysqltuner
 
 - name: "Disable mysqltuner in cron"
-  file:
+  ansible.builtin.file:
     dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
     state: absent
   when: not (mysql_cron_mysqltuner | bool)
@@ -201,12 +202,12 @@
 
 # my-add.sh
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
 - name: Install my-add.sh
-  copy:
+  ansible.builtin.copy:
     src: my-add.sh
     dest: "{{ _mysql_scripts_dir }}/my-add.sh"
     mode: "0700"
diff --git a/mysql/handlers/main.yml b/mysql/handlers/main.yml
index 80afafe5..01ffeccd 100644
--- a/mysql/handlers/main.yml
+++ b/mysql/handlers/main.yml
@@ -1,25 +1,25 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart mysql
-  service:
+  ansible.builtin.service:
     name: mysql
     state: restarted
 
 - name: restart mysql (noop)
-  meta: noop
+  ansible.builtin.meta: noop
   failed_when: False
   changed_when: False
 
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     name: mysql
     daemon_reload: yes
 
 - name: 'restart xinetd'
-  service:
+  ansible.builtin.service:
     name: 'xinetd'
     state: 'restarted'
diff --git a/mysql/tasks/config_jessie.yml b/mysql/tasks/config_jessie.yml
index a5dd4d77..174fc56a 100644
--- a/mysql/tasks/config_jessie.yml
+++ b/mysql/tasks/config_jessie.yml
@@ -1,10 +1,10 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     mysql_config_directory: /etc/mysql/conf.d
 
 - name: "Copy MySQL defaults config file (jessie)"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-defaults.cnf
     dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_defaults_file }}"
     owner: root
@@ -15,7 +15,7 @@
     - mysql
 
 - name: "Copy MySQL custom config file (jessie)"
-  template:
+  ansible.builtin.template:
     src: evolinux-custom.cnf.j2
     dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
     owner: root
diff --git a/mysql/tasks/config_stretch.yml b/mysql/tasks/config_stretch.yml
index cfbeedfe..dcf4e9e7 100644
--- a/mysql/tasks/config_stretch.yml
+++ b/mysql/tasks/config_stretch.yml
@@ -1,10 +1,10 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     mysql_config_directory: /etc/mysql/mariadb.conf.d
 
 - name: "Copy MySQL defaults config file (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-defaults.cnf
     dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_defaults_file }}"
     owner: root
@@ -15,7 +15,7 @@
     - mysql
 
 - name: "Copy MySQL custom config file (Debian 9 or later)"
-  template:
+  ansible.builtin.template:
     src: evolinux-custom.cnf.j2
     dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
     owner: root
@@ -26,19 +26,19 @@
     - mysql
 
 - name: "Create a system config directory for systemd overrides (Debian 9 or later)"
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/mariadb.service.d
     state: directory
 
 - name: "Override MariaDB systemd unit (Debian 9 or later)"
-  template:
+  ansible.builtin.template:
     src: mariadb.systemd.j2
     dest: /etc/systemd/system/mariadb.service.d/evolinux.conf
     force: yes
   register: mariadb_systemd_override
 
 - name: reload systemd and restart MariaDB
-  systemd:
+  ansible.builtin.systemd:
     name: mysql
     daemon_reload: yes
   notify: "{{ mysql_restart_handler_name }}"
diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml
index c375f5d5..d28d6440 100644
--- a/mysql/tasks/datadir.yml
+++ b/mysql/tasks/datadir.yml
@@ -2,13 +2,14 @@
 
 - block:
   - name: "Is {{ mysql_custom_datadir }} present ?"
-    stat:
+    ansible.builtin.stat:
       path: "{{ mysql_custom_datadir }}"
     check_mode: no
     register: mysql_custom_datadir_test
 
   - name: "read the real datadir"
-    command: readlink -f /var/lib/mysql
+    ansible.builtin.command:
+      cmd: readlink -f /var/lib/mysql
     changed_when: False
     check_mode: no
     register: mysql_current_real_datadir_test
@@ -18,23 +19,24 @@
 
 - block:
   - name: MySQL is stopped
-    service:
+    ansible.builtin.service:
       name: mysql
       state: stopped
 
   - name: Move MySQL datadir to {{ mysql_custom_datadir }}
-    command: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }}
+    ansible.builtin.command:
+      cmd: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }}
     args:
       creates: "{{ mysql_custom_datadir }}"
 
   - name: Symlink {{ mysql_custom_datadir }} to /var/lib/mysql
-    file:
+    ansible.builtin.file:
       src: "{{ mysql_custom_datadir }}"
       dest: '/var/lib/mysql'
       state: link
 
   - name: MySQL is started
-    service:
+    ansible.builtin.service:
       name: mysql
       state: started
   tags:
diff --git a/mysql/tasks/log2mail.yml b/mysql/tasks/log2mail.yml
index 568b6649..4eee01c8 100644
--- a/mysql/tasks/log2mail.yml
+++ b/mysql/tasks/log2mail.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Is log2mail present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/log2mail/config
   check_mode: no
   register: log2mail_config_dir
@@ -10,7 +10,7 @@
     - log2mail
 
 - name: Copy log2mail config
-  template:
+  ansible.builtin.template:
     src: log2mail.j2
     dest: /etc/log2mail/config/mysql.conf
     owner: log2mail
diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml
index bd6ecab2..10d2f70e 100644
--- a/mysql/tasks/logdir.yml
+++ b/mysql/tasks/logdir.yml
@@ -2,13 +2,14 @@
 
 - block:
   - name: "Is {{ mysql_custom_logdir }} present ?"
-    stat:
+    ansible.builtin.stat:
       path: "{{ mysql_custom_logdir }}"
     check_mode: no
     register: mysql_custom_logdir_test
 
   - name: "read the real logdir"
-    command: readlink -f /var/log/mysql
+    ansible.builtin.command:
+      cmd: readlink -f /var/log/mysql
     changed_when: False
     check_mode: no
     register: mysql_current_real_logdir_test
@@ -18,23 +19,24 @@
 
 - block:
   - name: MySQL is stopped
-    service:
+    ansible.builtin.service:
       name: mysql
       state: stopped
 
   - name: Move MySQL logdir to {{ mysql_custom_logdir }}
-    command: mv {{ mysql_current_real_logdir_test.stdout }} {{ mysql_custom_logdir }}
+    ansible.builtin.command:
+      cmd: mv {{ mysql_current_real_logdir_test.stdout }} {{ mysql_custom_logdir }}
     args:
       creates: "{{ mysql_custom_logdir }}"
 
   - name: Symlink {{ mysql_custom_logdir }} to /var/log/mysql
-    file:
+    ansible.builtin.file:
       src: "{{ mysql_custom_logdir }}"
       dest: '/var/log/mysql'
       state: link
 
   - name: MySQL is started
-    service:
+    ansible.builtin.service:
       name: mysql
       state: started
   tags:
diff --git a/mysql/tasks/main.yml b/mysql/tasks/main.yml
index 2a24c69f..cc32bff4 100644
--- a/mysql/tasks/main.yml
+++ b/mysql/tasks/main.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: Set if MySQL should be restart (if needed) or not at all
-  set_fact:
+  ansible.builtin.set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
 - name: Default log directory is present
-  file:
+  ansible.builtin.file:
     path: /var/log/mysql
     owner: mysql
     group: adm
@@ -13,46 +13,46 @@
     state: directory
   when: ansible_distribution_major_version is version('12', '>=')
 
-- include_tasks: packages_stretch.yml
+- ansible.builtin.include_tasks: packages_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include_tasks: packages_jessie.yml
+- ansible.builtin.include_tasks: packages_jessie.yml
   when: ansible_distribution_release == "jessie"
 
 ## There is nothing to do with users on Debian 11+ - yet we need a /root/.my.cnf for compatibility
-- include_tasks: users_bullseye.yml
+- ansible.builtin.include_tasks: users_bullseye.yml
   when: ansible_distribution_major_version is version('11', '>=')
 
-- include_tasks: users_buster.yml
+- ansible.builtin.include_tasks: users_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include_tasks: users_stretch.yml
+- ansible.builtin.include_tasks: users_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include_tasks: users_jessie.yml
+- ansible.builtin.include_tasks: users_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: config_stretch.yml
+- ansible.builtin.include_tasks: config_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include_tasks: config_jessie.yml
+- ansible.builtin.include_tasks: config_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: replication.yml
+- ansible.builtin.include_tasks: replication.yml
   when: mysql_replication | bool
 
-- include_tasks: datadir.yml
+- ansible.builtin.include_tasks: datadir.yml
 
-- include_tasks: logdir.yml
+- ansible.builtin.include_tasks: logdir.yml
 
-- include_tasks: tmpdir.yml
+- ansible.builtin.include_tasks: tmpdir.yml
 
-- include_tasks: nrpe.yml
+- ansible.builtin.include_tasks: nrpe.yml
 
-- include_tasks: munin.yml
+- ansible.builtin.include_tasks: munin.yml
 
-- include_tasks: log2mail.yml
+- ansible.builtin.include_tasks: log2mail.yml
 
-- include_tasks: utils.yml
+- ansible.builtin.include_tasks: utils.yml
 
-- include_tasks: mysql_skip.yml
+- ansible.builtin.include_tasks: mysql_skip.yml
diff --git a/mysql/tasks/munin.yml b/mysql/tasks/munin.yml
index 7d67065f..9b4e9617 100644
--- a/mysql/tasks/munin.yml
+++ b/mysql/tasks/munin.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: munin_node_plugins_config
@@ -11,7 +11,7 @@
 
 - block:
   - name: "Install perl libraries for Munin (Debian < 11)"
-    apt:
+    ansible.builtin.apt:
       name:
         - libdbd-mysql-perl
         - libcache-cache-perl
@@ -19,14 +19,14 @@
     when: ansible_distribution_major_version is version('11', '<')
 
   - name: "Install perl libraries for Munin (Debian >= 11)"
-    apt:
+    ansible.builtin.apt:
       name:
         - libcache-cache-perl
         - libdbd-mariadb-perl
     when: ansible_distribution_major_version is version('11', '>=')
 
   - name: Enable core Munin plugins
-    file:
+    ansible.builtin.file:
       src: '/usr/share/munin/plugins/{{ item }}'
       dest: /etc/munin/plugins/{{ item }}
       state: link
@@ -38,7 +38,7 @@
     notify: restart munin-node
 
   - name: Enable contributed Munin plugins
-    file:
+    ansible.builtin.file:
       src: /usr/share/munin/plugins/mysql_
       dest: '/etc/munin/plugins/mysql_{{ item }}'
       state: link
@@ -67,7 +67,7 @@
     notify: restart munin-node
 
   - name: verify Munin configuration for mysql < Debian 11
-    replace:
+    ansible.builtin.replace:
       dest: /etc/munin/plugin-conf.d/munin-node
       after: '\[mysql\*\]'
       regexp: '^env.mysqluser (.+)$'
@@ -76,7 +76,7 @@
     when: ansible_distribution_major_version is version_compare('11', '<')
 
   - name: set Munin env.mysqluser option for mysql >= Debian 11
-    replace:
+    ansible.builtin.replace:
       dest: /etc/munin/plugin-conf.d/munin-node
       after: '\[mysql\*\]'
       regexp: '^env.mysqluser (.+)$'
@@ -85,7 +85,7 @@
     when: ansible_distribution_major_version is version_compare('11', '>=')
 
   - name: set Munin env.mysqlopts option for mysql >= Debian 11
-    replace:
+    ansible.builtin.replace:
       dest: /etc/munin/plugin-conf.d/munin-node
       after: '\[mysql\*\]'
       regexp: '^env.mysqlopts (.+)$'
@@ -94,7 +94,7 @@
     when: ansible_distribution_major_version is version_compare('11', '>=')
 
   - name: set Munin env.mysqlconnection option for mysql >= Debian 11
-    replace:
+    ansible.builtin.replace:
       dest: /etc/munin/plugin-conf.d/munin-node
       after: '\[mysql\*\]'
       regexp: '^env.mysqlconnection (.+)$'
diff --git a/mysql/tasks/mysql_skip.yml b/mysql/tasks/mysql_skip.yml
index 65d1c13f..2455641a 100644
--- a/mysql/tasks/mysql_skip.yml
+++ b/mysql/tasks/mysql_skip.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Copy script mysql_skip.sh into /usr/local/bin/"
-  copy:
+  ansible.builtin.copy:
     src: mysql_skip.sh
     dest: "/usr/local/bin/mysql_skip.sh"
     owner: root
@@ -12,7 +12,7 @@
     - mysql_skip
 
 - name: "Copy config file for mysql_skip.sh"
-  template:
+  ansible.builtin.template:
     src: mysql_skip.conf.j2
     dest: "/etc/mysql_skip.conf"
     owner: root
@@ -22,7 +22,7 @@
     - mysql_skip
 
 - name: "Create log file for mysql_skip.sh"
-  file:
+  ansible.builtin.file:
     path: "/var/log/mysql_skip.log"
     state: touch
     owner: root
@@ -32,7 +32,7 @@
     - mysql_skip
 
 - name: "Copy logrotate file for mysql_skip.sh"
-  template:
+  ansible.builtin.template:
     src: mysql_skip.logrotate.j2
     dest: "/etc/logrotate.d/mysql_skip"
     owner: root
@@ -42,13 +42,13 @@
     - mysql_skip
 
 - name: "Copy mysql_skip.sh systemd unit"
-  template:
+  ansible.builtin.template:
     src: mysql_skip.systemd.j2
     dest: /etc/systemd/system/mysql_skip.service
     force: yes
 
 - name: "Start or stop systemd unit"
-  systemd:
+  ansible.builtin.systemd:
     name: mysql_skip
     daemon_reload: yes
     state: "{{ mysql_skip_enabled | bool | ternary('started', 'stopped') }}"
\ No newline at end of file
diff --git a/mysql/tasks/nrpe.yml b/mysql/tasks/nrpe.yml
index c3457699..cce8e4b7 100644
--- a/mysql/tasks/nrpe.yml
+++ b/mysql/tasks/nrpe.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: is NRPE present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   check_mode: no
   register: nrpe_evolix_config
@@ -10,7 +10,7 @@
     - nrpe
 
 - name: NRPE user exists for MySQL ?
-  stat:
+  ansible.builtin.stat:
     path: ~nagios/.my.cnf
   check_mode: no
   register: nrpe_my_cnf
@@ -20,13 +20,14 @@
 
 - block:
   - name: Create a password for NRPE
-    command: "apg -n 1 -m 16 -M lcN"
+    ansible.builtin.command:
+      cmd: "apg -n 1 -m 16 -M lcN"
     register: mysql_nrpe_password
     check_mode: no
     changed_when: False
 
   - name: Create nrpe user
-    mysql_user:
+    community.mysql.mysql_user:
       name: nrpe
       password: '{{ mysql_nrpe_password.stdout }}'
       priv: "*.*:REPLICATION CLIENT"
@@ -36,7 +37,7 @@
     register: create_nrpe_user
 
   - name: Store credentials in nagios home
-    ini_file:
+    community.general.ini_file:
       dest: "~nagios/.my.cnf"
       owner: nagios
       group: nagios
diff --git a/mysql/tasks/packages_jessie.yml b/mysql/tasks/packages_jessie.yml
index 652eace7..942c1006 100644
--- a/mysql/tasks/packages_jessie.yml
+++ b/mysql/tasks/packages_jessie.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Choose packages (Oracle)
-  set_fact:
+  ansible.builtin.set_fact:
     mysql_packages: "{{ mysql_packages_oracle }}"
   when: mysql_variant == "oracle"
   tags:
@@ -9,7 +9,7 @@
   - packages
 
 - name: Choose packages (MariaDB)
-  set_fact:
+  ansible.builtin.set_fact:
     mysql_packages: "{{ mysql_packages_mariadb }}"
   when: mysql_variant == "mariadb"
   tags:
@@ -17,7 +17,7 @@
   - packages
 
 - name: Install MySQL packages
-  apt:
+  ansible.builtin.apt:
     name: "{{ mysql_packages }}"
     update_cache: yes
     state: present
@@ -26,7 +26,7 @@
   - packages
 
 - name: Install MySQL dev packages
-  apt:
+  ansible.builtin.apt:
     name: libmysqlclient-dev
     update_cache: yes
     state: present
@@ -36,7 +36,7 @@
   when: mysql_install_libclient | bool
 
 - name: MySQL is started
-  service:
+  ansible.builtin.service:
     name: mysql
     state: started
   tags:
@@ -44,7 +44,7 @@
   - services
 
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
   tags:
@@ -52,7 +52,7 @@
   - packages
 
 - name: Python dependencies for Ansible are installed
-  apt:
+  ansible.builtin.apt:
     name: python-mysqldb
     state: present
   tags:
diff --git a/mysql/tasks/packages_stretch.yml b/mysql/tasks/packages_stretch.yml
index 880f5050..8853a13c 100644
--- a/mysql/tasks/packages_stretch.yml
+++ b/mysql/tasks/packages_stretch.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Install MySQL packages
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-server
       - mariadb-client
@@ -12,7 +12,7 @@
   - packages
 
 - name: Install MySQL dev packages
-  apt:
+  ansible.builtin.apt:
     name: default-libmysqlclient-dev
     update_cache: yes
     state: present
@@ -22,7 +22,7 @@
   when: mysql_install_libclient | bool
 
 - name: MySQL is started
-  service:
+  ansible.builtin.service:
     name: mysql
     state: started
   tags:
@@ -30,7 +30,7 @@
   - services
 
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
   tags:
@@ -38,7 +38,7 @@
   - packages
 
 - name: Python2 dependencies for Ansible are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - python-mysqldb
       - python-pymysql
@@ -49,7 +49,7 @@
   when: ansible_python_version is version('3', '<')
 
 - name: Python3 dependencies for Ansible are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - python3-mysqldb
       - python3-pymysql
diff --git a/mysql/tasks/replication.yml b/mysql/tasks/replication.yml
index f447d099..4ca491da 100644
--- a/mysql/tasks/replication.yml
+++ b/mysql/tasks/replication.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: 'Copy MySQL configuration for replication'
-  template:
+  ansible.builtin.template:
     src: 'replication.cnf.j2'
     dest: "{{ mysql_config_directory }}/zzzz-replication.cnf"
     mode: "0644"
   notify: 'restart mysql'
 
 - name: 'Create repl user'
-  mysql_user:
+  community.mysql.mysql_user:
     name: 'repl'
     host: '%'
     encrypted: true
@@ -20,22 +20,22 @@
   when: mysql_repl_password | length > 0
 
 - name: 'Install xinetd'
-  apt:
+  ansible.builtin.apt:
     name: 'xinetd'
 
 - name: 'Add xinetd configuration for MySQL HAProxy check'
-  copy:
+  ansible.builtin.copy:
     src: 'xinetd/mysqlchk'
     dest: '/etc/xinetd.d/'
     mode: '0644'
   notify: 'restart xinetd'
 
 # /!\ Warning, this is a temporary hack
-- include_role:
+- ansible.builtin.include_role:
     name: remount-usr
 
 - name: 'Copy mysqlchk script'
-  copy:
+  ansible.builtin.copy:
     src: 'xinetd/mysqlchk.sh'
     dest: '/usr/share/scripts/'
     mode: '0755'
diff --git a/mysql/tasks/tmpdir.yml b/mysql/tasks/tmpdir.yml
index 79a3ac5e..ecd9e279 100644
--- a/mysql/tasks/tmpdir.yml
+++ b/mysql/tasks/tmpdir.yml
@@ -2,7 +2,7 @@
 
 - block:
   - name: "Create {{ mysql_custom_tmpdir }}"
-    file:
+    ansible.builtin.file:
       path: "{{ mysql_custom_tmpdir }}"
       owner: mysql
       group: mysql
@@ -12,7 +12,7 @@
       - mysql
 
   - name: Configure tmpdir
-    ini_file:
+    community.general.ini_file:
       dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
       section: mysqld
       option: tmpdir
diff --git a/mysql/tasks/users_bullseye.yml b/mysql/tasks/users_bullseye.yml
index 1bdc9084..d2b6c04d 100644
--- a/mysql/tasks/users_bullseye.yml
+++ b/mysql/tasks/users_bullseye.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Populate the .my.cnf of root with default user
-  ini_file:
+  community.general.ini_file:
     dest: /root/.my.cnf
     mode: "0600"
     section: client
diff --git a/mysql/tasks/users_buster.yml b/mysql/tasks/users_buster.yml
index dc7cec85..490a7ccc 100644
--- a/mysql/tasks/users_buster.yml
+++ b/mysql/tasks/users_buster.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: create a password for mysqladmin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_admin_password
   changed_when: False
   check_mode: False
@@ -9,7 +10,7 @@
     - mysql
 
 - name: there is a mysqladmin user
-  mysql_user:
+  community.mysql.mysql_user:
     name: mysqladmin
     password: '{{ mysql_admin_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -21,7 +22,7 @@
     - mysql
 
 - name: mysqladmin is the default user
-  ini_file:
+  community.general.ini_file:
     dest: /root/.my.cnf
     mode: "0600"
     section: client
@@ -36,7 +37,8 @@
     - mysql
 
 - name: create a password for debian-sys-maint
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_debian_password
   changed_when: False
   check_mode: False
@@ -44,7 +46,7 @@
     - mysql
 
 - name: there is a debian-sys-maint user
-  mysql_user:
+  community.mysql.mysql_user:
     name: debian-sys-maint
     password: '{{ mysql_debian_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -56,7 +58,7 @@
     - mysql
 
 - name: store debian-sys-maint user credentials
-  ini_file:
+  community.general.ini_file:
     dest: /etc/mysql/debian.cnf
     mode: "0600"
     section: "{{ item[0] }}"
@@ -74,7 +76,7 @@
     - mysql
 
 - name: root user is absent
-  mysql_user:
+  community.mysql.mysql_user:
     name: root
     host_all: yes
     config_file: "/root/.my.cnf"
diff --git a/mysql/tasks/users_jessie.yml b/mysql/tasks/users_jessie.yml
index e2b066b1..1bde42c9 100644
--- a/mysql/tasks/users_jessie.yml
+++ b/mysql/tasks/users_jessie.yml
@@ -1,12 +1,13 @@
 ---
 
 - name: "Abort if MariaDB on Debian 8"
-  fail:
+  ansible.builtin.fail:
     msg: "We can't create other users with 'debian-sys-maint' on Debian 8 with MariaDB.\nWe must give it the GRANT privilege before continuing."
   when: mysql_variant == "mariadb"
 
 - name: create a password for mysqladmin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_admin_password
   changed_when: False
   check_mode: no
@@ -14,7 +15,7 @@
     - mysql
 
 - name: there is a mysqladmin user
-  mysql_user:
+  community.mysql.mysql_user:
     name: mysqladmin
     password: '{{ mysql_admin_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -26,7 +27,7 @@
     - mysql
 
 - name: mysqladmin is the default user
-  ini_file:
+  community.general.ini_file:
     dest: /root/.my.cnf
     mode: "0600"
     section: client
@@ -41,7 +42,7 @@
    - mysql
 
 - name: root user is absent
-  mysql_user:
+  community.mysql.mysql_user:
     name: root
     host_all: yes
     config_file: "/root/.my.cnf"
diff --git a/mysql/tasks/users_stretch.yml b/mysql/tasks/users_stretch.yml
index dc7cec85..490a7ccc 100644
--- a/mysql/tasks/users_stretch.yml
+++ b/mysql/tasks/users_stretch.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: create a password for mysqladmin
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_admin_password
   changed_when: False
   check_mode: False
@@ -9,7 +10,7 @@
     - mysql
 
 - name: there is a mysqladmin user
-  mysql_user:
+  community.mysql.mysql_user:
     name: mysqladmin
     password: '{{ mysql_admin_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -21,7 +22,7 @@
     - mysql
 
 - name: mysqladmin is the default user
-  ini_file:
+  community.general.ini_file:
     dest: /root/.my.cnf
     mode: "0600"
     section: client
@@ -36,7 +37,8 @@
     - mysql
 
 - name: create a password for debian-sys-maint
-  command: "apg -n 1 -m 16 -M lcN"
+  ansible.builtin.command:
+    cmd: "apg -n 1 -m 16 -M lcN"
   register: mysql_debian_password
   changed_when: False
   check_mode: False
@@ -44,7 +46,7 @@
     - mysql
 
 - name: there is a debian-sys-maint user
-  mysql_user:
+  community.mysql.mysql_user:
     name: debian-sys-maint
     password: '{{ mysql_debian_password.stdout }}'
     priv: "*.*:ALL,GRANT"
@@ -56,7 +58,7 @@
     - mysql
 
 - name: store debian-sys-maint user credentials
-  ini_file:
+  community.general.ini_file:
     dest: /etc/mysql/debian.cnf
     mode: "0600"
     section: "{{ item[0] }}"
@@ -74,7 +76,7 @@
     - mysql
 
 - name: root user is absent
-  mysql_user:
+  community.mysql.mysql_user:
     name: root
     host_all: yes
     config_file: "/root/.my.cnf"
diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml
index 306ccd00..f8005ee2 100644
--- a/mysql/tasks/utils.yml
+++ b/mysql/tasks/utils.yml
@@ -1,14 +1,14 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     _mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
 - name: Ensure scripts directory exists
-  file:
+  ansible.builtin.file:
     dest: "{{ _mysql_scripts_dir }}"
     mode: "0700"
     state: directory
@@ -18,7 +18,7 @@
 # mytop
 
 - name: "Install mytop (Debian 8)"
-  apt:
+  ansible.builtin.apt:
     name: mytop
     state: present
   tags:
@@ -28,7 +28,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: "Install dependencies for mytop (Debian 9)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client-10.1
       - libconfig-inifiles-perl
@@ -36,7 +36,7 @@
   when: ansible_distribution_release == "stretch"
 
 - name: "Install dependencies for mytop (Debian 10)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client-10.3
       - libconfig-inifiles-perl
@@ -44,7 +44,7 @@
   when: ansible_distribution_release == "buster"
 
 - name: "Install dependencies for mytop (Debian 11)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client-10.5
       - libconfig-inifiles-perl
@@ -53,7 +53,7 @@
   when: ansible_distribution_release == "bullseye"
 
 - name: "Install dependencies for mytop (Debian 12 or later)"
-  apt:
+  ansible.builtin.apt:
     name:
       - mariadb-client
       - libconfig-inifiles-perl
@@ -62,7 +62,8 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Read debian-sys-maint password (Debian < 11)
-  shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
+  ansible.builtin.shell:
+    cmd: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
   register: mysql_debian_password
   changed_when: False
   check_mode: no
@@ -71,7 +72,7 @@
   when: ansible_distribution_major_version is version('11', '<')
 
 - name: Configure mytop (Debian < 11)
-  template:
+  ansible.builtin.template:
     src: mytop.j2
     dest: /root/.mytop
     mode: "0600"
@@ -82,7 +83,7 @@
   when: ansible_distribution_major_version is version('11', '<')
 
 - name: Configure mytop (Debian >= 11)
-  template:
+  ansible.builtin.template:
     src: mytop.bullseye.j2
     dest: /root/.mytop
     mode: "0600"
@@ -94,7 +95,7 @@
 
 # mysqltuner
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
@@ -103,7 +104,7 @@
   #   src: mysqltuner.pl
   #   dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl"
   #   mode: "0700"
-  apt:
+  ansible.builtin.apt:
     name: mysqltuner
     state: present
   tags:
@@ -111,7 +112,7 @@
     - mysqltuner
 
 - name: Install aha
-  apt:
+  ansible.builtin.apt:
     name: aha
   tags:
     - mysql
@@ -119,7 +120,7 @@
 # Percona Toolkit
 
 - name: "Install percona-toolkit (Debian 9 or later)"
-  apt:
+  ansible.builtin.apt:
     name: percona-toolkit
     state: present
   tags:
@@ -130,12 +131,12 @@
 
 # automatic optimizations
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
 - name: Optimize script for MySQL
-  copy:
+  ansible.builtin.copy:
     src: mysql-optimize.sh
     dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
     mode: "0700"
@@ -143,7 +144,7 @@
     - mysql
 
 - name: "Cron dir for optimize is present"
-  file:
+  ansible.builtin.file:
     path: "/etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}"
     state: directory
     mode: "0755"
@@ -151,7 +152,7 @@
     group: root
 
 - name: "Enable cron to optimize MySQL"
-  file:
+  ansible.builtin.file:
     src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
     dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
     state: link
@@ -160,7 +161,7 @@
     - mysql
 
 - name: "Disable cron to optimize MySQL"
-  file:
+  ansible.builtin.file:
     dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
     state: absent
   when: not (mysql_cron_optimize | bool)
@@ -168,7 +169,7 @@
     - mysql
 
 - name: "Cron dir for mysqltuner is present"
-  file:
+  ansible.builtin.file:
     path: "/etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}"
     state: directory
     mode: "0755"
@@ -176,7 +177,7 @@
     group: root
 
 - name: "Enable mysqltuner in cron"
-  copy:
+  ansible.builtin.copy:
     src: mysqltuner.cron.sh
     dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
     mode: "0755"
@@ -185,7 +186,7 @@
     - mysql
 
 - name: "Disable mysqltuner in cron"
-  file:
+  ansible.builtin.file:
     dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
     state: absent
   when: not (mysql_cron_mysqltuner | bool)
@@ -194,12 +195,12 @@
 
 # my-add.sh
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: _mysql_scripts_dir is search("/usr")
 
 - name: Install my-add.sh
-  copy:
+  ansible.builtin.copy:
     src: my-add.sh
     dest: "{{ _mysql_scripts_dir }}/my-add.sh"
     mode: "0700"
@@ -208,14 +209,14 @@
     - mysql
 
 - name: Install apg
-  apt:
+  ansible.builtin.apt:
     name: apg
   tags:
     - mysql
     - packages
 
 - name: "Install save_mysql_processlist.sh"
-  copy:
+  ansible.builtin.copy:
     src: save_mysql_processlist.sh
     dest: "{{ _mysql_scripts_dir }}/save_mysql_processlist.sh"
     mode: "0755"
@@ -224,7 +225,7 @@
     - mysql
 
 - name: "Install mysql_connections"
-  copy:
+  ansible.builtin.copy:
     src: mysql_connections.sh
     dest: "{{ _mysql_scripts_dir }}/mysql_connections"
     mode: "0755"
@@ -233,7 +234,7 @@
     - mysql
 
 - name: "Install mysql-queries-killer.sh"
-  copy:
+  ansible.builtin.copy:
     src: mysql-queries-killer.sh
     dest: "{{ _mysql_scripts_dir }}/mysql-queries-killer.sh"
     mode: "0755"
@@ -242,7 +243,7 @@
     - mysql
 
 - name: "Install evomariabackup"
-  copy:
+  ansible.builtin.copy:
     src: evomariabackup.sh
     dest: "{{ _mysql_scripts_dir }}/evomariabackup"
     mode: "0755"
diff --git a/nagios-nrpe/handlers/main.yml b/nagios-nrpe/handlers/main.yml
index 25ab29ad..b4b24b09 100644
--- a/nagios-nrpe/handlers/main.yml
+++ b/nagios-nrpe/handlers/main.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart nrpe
-  service:
+  ansible.builtin.service:
     name: nrpe
     state: restarted
diff --git a/nagios-nrpe/tasks/main.yml b/nagios-nrpe/tasks/main.yml
index 5a77c4ee..c05cf85a 100644
--- a/nagios-nrpe/tasks/main.yml
+++ b/nagios-nrpe/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: base nrpe & plugins packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - nagios-nrpe-server
       - monitoring-plugins
@@ -14,7 +14,7 @@
 
 
 - name: custom plugin dependencies packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - libfcgi-client-perl
     state: present
@@ -25,7 +25,7 @@
     - nagios-plugins
 
 - name: custom configuration is present
-  template:
+  ansible.builtin.template:
     src: evolix.cfg.j2
     dest: /etc/nagios/nrpe.d/evolix.cfg
     group: nagios
@@ -36,7 +36,7 @@
     - nagios-nrpe
 
 - name: update allowed_hosts lists
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     line: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
     regexp: '^allowed_hosts='
@@ -47,7 +47,7 @@
     - nagios-nrpe
 
 - name: Nagios config is secured
-  file:
+  ansible.builtin.file:
     dest: /etc/nagios/
     mode: "0750"
     group: nagios
@@ -56,7 +56,7 @@
   tags:
     - nagios-nrpe
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: nagios_plugins_directory is search("/usr")
   tags:
@@ -64,7 +64,7 @@
     - nagios-plugins
 
 - name: Nagios plugins are installed
-  copy:
+  ansible.builtin.copy:
     src: plugins/
     dest: "{{ nagios_plugins_directory }}/"
     mode: "0755"
@@ -74,7 +74,7 @@
   - nagios-plugins
 
 - name: Nagios lib is secured
-  file:
+  ansible.builtin.file:
     dest: /usr/local/lib/nagios/
     mode: "0755"
     group: nagios
@@ -84,4 +84,4 @@
   tags:
     - nagios-nrpe
 
-- include_tasks: wrapper.yml
\ No newline at end of file
+- ansible.builtin.include_tasks: wrapper.yml
\ No newline at end of file
diff --git a/nagios-nrpe/tasks/wrapper.yml b/nagios-nrpe/tasks/wrapper.yml
index f49c7509..add493fd 100644
--- a/nagios-nrpe/tasks/wrapper.yml
+++ b/nagios-nrpe/tasks/wrapper.yml
@@ -2,22 +2,23 @@
 
 
 - name: "Remount /usr if needed"
-  include_role:
+  ansible.builtin.include_role:
     name: remount-usr
 
 - name: check if old script is present
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/scripts/alerts_switch
   register: old_alerts_switch
 
 - name: alerts_switch is at the right place
-  command: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
+  ansible.builtin.command:
+    cmd: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
   args:
     creates: /usr/local/bin/alerts_switch
   when: old_alerts_switch.stat.exists
 
 - name: "copy alerts_switch"
-  copy:
+  ansible.builtin.copy:
     src: alerts_switch
     dest: /usr/local/bin/alerts_switch
     owner: root
@@ -26,14 +27,14 @@
     force: yes
 
 - name: "symlink for backward compatibility"
-  file:
+  ansible.builtin.file:
     src: /usr/local/bin/alerts_switch
     dest: /usr/share/scripts/alerts_switch
     state: link
   when: old_alerts_switch.stat.exists
 
 - name: "copy alerts_wrapper"
-  copy:
+  ansible.builtin.copy:
     src: alerts_wrapper
     dest: "{{ nagios_plugins_directory }}/alerts_wrapper"
     owner: root
diff --git a/nameserver/tasks/main.yml b/nameserver/tasks/main.yml
index 83ba2a34..16b06bbd 100644
--- a/nameserver/tasks/main.yml
+++ b/nameserver/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 - name: Get actual nameserver
-  shell: grep nameserver /etc/resolv.conf | awk '{ print $2 }'
+  ansible.builtin.shell:
+    cmd: grep nameserver /etc/resolv.conf | awk '{ print $2 }'
   register: grep_nameserver
   check_mode: no
   changed_when: False
@@ -8,7 +9,7 @@
   - nameserver
 
 - name: Set nameserver
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/resolv.conf
     line: "nameserver {{ item }}"
     state: present
@@ -17,7 +18,7 @@
   - nameserver
 
 - name: Unset others nameserver
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/resolv.conf
     line: "nameserver {{ item }}"
     state: absent
diff --git a/networkd-to-ifconfig/tasks/main.yml b/networkd-to-ifconfig/tasks/main.yml
index d1ac0ac4..ff192645 100644
--- a/networkd-to-ifconfig/tasks/main.yml
+++ b/networkd-to-ifconfig/tasks/main.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: Check state of /etc/network/interfaces
-  stat:
+  ansible.builtin.stat:
     path: /etc/network/interfaces
   register: interfaces_file
 
-- debug:
+- ansible.builtin.debug:
     msg: A /etc/network/interfaces file already exists, nothing is done.
   when:
     - interfaces_file.stat.exists
@@ -13,29 +13,29 @@
 
 - block:
   - name: "Look for systemd network config"
-    stat:
+    ansible.builtin.stat:
       path: /etc/systemd/network/50-default.network
     register: systemd_network_file
 
   - name: Set interface name
-    set_fact:
+    ansible.builtin.set_fact:
       eni_interface_name: "{{ ansible_default_ipv4.interface }}"
 
-  - include: set_facts_from_systemd.yml
+  - ansible.builtin.include: set_facts_from_systemd.yml
     when: systemd_network_file.stat.exists
 
-  - include: set_facts_from_ansible.yml
+  - ansible.builtin.include: set_facts_from_ansible.yml
     when: not systemd_network_file.stat.exists
 
   - name: Check config (IPv4)
-    assert:
+    ansible.builtin.assert:
       that:
         - eni_ipv4_address | ipv4
         - eni_ipv4_gateway | ipv4
       msg: "IPv4 configuration is invalid"
 
   - name: Check config (IPV6)
-    assert:
+    ansible.builtin.assert:
       that:
         - eni_ipv6_address | ipv6
         - eni_ipv6_gateway | ipv6
@@ -43,7 +43,7 @@
     when: (eni_ipv6_address | length > 0) or (eni_ipv6_gateway | length > 0)
 
   - name: "A new /etc/network/interfaces is generated"
-    template:
+    ansible.builtin.template:
       src: interfaces.j2
       dest: /etc/network/interfaces
       mode: "0644"
@@ -51,18 +51,18 @@
       group: root
 
   - name: "Systemd 'networkd' unit is stopped and disabled"
-    systemd:
+    ansible.builtin.systemd:
       name: systemd-networkd.service
       enabled: False
       state: stopped
 
   - name: "Systemd 'networking' unit is restarted (it often results in error)"
-    systemd:
+    ansible.builtin.systemd:
       name: networking
       enabled: True
       state: restarted
     ignore_errors: True
 
-  - debug:
+  - ansible.builtin.debug:
       msg: You should verify your configuration, then reboot the server.
   when: (force_update_eni_file | bool) or (not interfaces_file.stat.exists)
diff --git a/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml b/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml
index 5f6f4011..b358801d 100644
--- a/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml
+++ b/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: Prepare variables (IPv4)
-  set_fact:
+  ansible.builtin.set_fact:
     eni_ipv4_address: "{{ ansible_default_ipv4.address | ipv4 }}"
     eni_ipv4_gateway: "{{ ansible_default_ipv4.gateway | ipv4 }}"
   when: ansible_default_ipv4 | length > 0
 
 - name: Prepare variables (IPv6)
-  set_fact:
+  ansible.builtin.set_fact:
     eni_ipv6_address: "{{ ansible_default_ipv6.address | ipv6 | first }}"
     eni_ipv6_gateway: "{{ ansible_default_ipv6.gateway | ipv6 | first }}"
   when: ansible_default_ipv6 | length > 0
diff --git a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
index d21012fd..66dc648c 100644
--- a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
+++ b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
@@ -1,17 +1,19 @@
 ---
 
 - name: "Parse addresses"
-  shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  ansible.builtin.shell:
+    cmd: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
   register: network_address_grep
   check_mode: no
 
 - name: "Parse gateways"
-  shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  ansible.builtin.shell:
+    cmd: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
   register: network_gateway_grep
   check_mode: no
 
 - name: Prepare variables
-  set_fact:
+  ansible.builtin.set_fact:
     eni_ipv4_address: "{{ network_address_grep.stdout_lines | ipv4 | first }}"
     eni_ipv4_gateway: "{{ network_gateway_grep.stdout_lines | ipv4 | first }}"
     eni_ipv6_address: "{{ network_address_grep.stdout_lines | ipv6 | first }}"
diff --git a/newrelic/handlers/main.yml b/newrelic/handlers/main.yml
index 4ad78be9..ffa52956 100644
--- a/newrelic/handlers/main.yml
+++ b/newrelic/handlers/main.yml
@@ -1,20 +1,20 @@
 ---
 
 - name: reload squid3
-  service:
+  ansible.builtin.service:
     name: squid3
     state: reloaded
 
 - name: reload squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: reloaded
 
 - name: apt update
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
 
 - name: restart newrelic-sysmond
-  systemd:
+  ansible.builtin.systemd:
     name: newrelic-sysmond
     state: restarted
diff --git a/newrelic/tasks/main.yml b/newrelic/tasks/main.yml
index a4e8f2b3..e2c49021 100644
--- a/newrelic/tasks/main.yml
+++ b/newrelic/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
 
-- include: sources.yml
+- ansible.builtin.include: sources.yml
 
-- include: php.yml
+- ansible.builtin.include: php.yml
   when: newrelic_php | bool
 
-- include: sysmond.yml
+- ansible.builtin.include: sysmond.yml
   when: newrelic_sysmond | bool
diff --git a/nginx/handlers/main.yml b/nginx/handlers/main.yml
index 494d40f4..bdd5f477 100644
--- a/nginx/handlers/main.yml
+++ b/nginx/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: restart nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: restarted
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
 
 - name: restart munin
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/nginx/tasks/ip_whitelist.yml b/nginx/tasks/ip_whitelist.yml
index 2667d1d3..fc4fd2d2 100644
--- a/nginx/tasks/ip_whitelist.yml
+++ b/nginx/tasks/ip_whitelist.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: add IP addresses to private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/snippets/ipaddr_whitelist
     line: "allow {{ item }};"
     state: present
@@ -12,7 +12,7 @@
     - ips
 
 - name: remove IP addresses from private IP whitelist
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/snippets/ipaddr_whitelist
     line: "allow {{ item }};"
     state: absent
diff --git a/nginx/tasks/logrotate.yml b/nginx/tasks/logrotate.yml
index c987c2f7..d475e419 100644
--- a/nginx/tasks/logrotate.yml
+++ b/nginx/tasks/logrotate.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Logrotate is configured for Nginx
-  copy:
+  ansible.builtin.copy:
     src: logrotate_nginx
     dest: /etc/logrotate.d/nginx
     force: no
diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml
index e7abc1b5..aec36bec 100644
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@@ -1,16 +1,16 @@
 ---
 
-- debug:
+- ansible.builtin.debug:
     msg: "Nginx minimal mode has been removed, falling back to normal mode."
   when: not nginx_minimal | bool
 
-- debug:
+- ansible.builtin.debug:
     msg: "Nginx minimal mode has been set, using minimal mode."
   when: nginx_minimal | bool
 
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: server_status_read.yml
+- ansible.builtin.include: server_status_read.yml
   tags:
     - nginx
 
@@ -18,7 +18,7 @@
 # without touching the main file
 
 - name: customize worker_connections
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/nginx.conf
     regexp: '^(\s*worker_connections)\s+.+;'
     line: '    worker_connections 1024;'
@@ -27,7 +27,7 @@
     - nginx
 
 - name: use epoll
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/nginx.conf
     regexp: '^(\s*use)\s+.+;'
     line: '    use epoll;'
@@ -36,7 +36,7 @@
     - nginx
 
 - name: Install Nginx http configuration
-  copy:
+  ansible.builtin.copy:
     src: nginx/evolinux-defaults.conf
     dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
     mode: "0640"
@@ -50,7 +50,7 @@
 # and not too loose for private_htpasswd
 
 - name: Copy ipaddr_whitelist
-  copy:
+  ansible.builtin.copy:
     src: nginx/snippets/ipaddr_whitelist
     dest: /etc/nginx/snippets/ipaddr_whitelist
     owner: www-data
@@ -64,10 +64,10 @@
     - ips
 
 - name: Include IP address whitelist task
-  include: ip_whitelist.yml
+  ansible.builtin.include: ip_whitelist.yml
 
 - name: Copy evolinux_server_custom
-  copy:
+  ansible.builtin.copy:
     src: nginx/snippets/evolinux_server_custom
     dest: /etc/nginx/snippets/evolinux_server_custom
     owner: www-data
@@ -81,7 +81,7 @@
     - ips
 
 - name: Copy private_htpasswd
-  copy:
+  ansible.builtin.copy:
     src: nginx/snippets/private_htpasswd
     dest: /etc/nginx/snippets/private_htpasswd
     owner: www-data
@@ -94,7 +94,7 @@
     - nginx
 
 - name: add user:pwd to private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/snippets/private_htpasswd
     line: "{{ item }}"
     state: present
@@ -104,7 +104,7 @@
     - nginx
 
 - name: remove user:pwd from private htpasswd
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nginx/snippets/private_htpasswd
     line: "{{ item }}"
     state: absent
@@ -114,7 +114,7 @@
     - nginx
 
 - name: nginx vhost is installed
-  template:
+  ansible.builtin.template:
     src: "{{ nginx_default_template_regular }}"
     dest: /etc/nginx/sites-available/evolinux-default.conf
     mode: "0640"
@@ -124,7 +124,7 @@
     - nginx
 
 - name: default vhost is enabled
-  file:
+  ansible.builtin.file:
     src: /etc/nginx/sites-available/evolinux-default.conf
     dest: /etc/nginx/sites-enabled/default
     state: link
@@ -134,12 +134,12 @@
   tags:
     - nginx
 
-- include: server_status_write.yml
+- ansible.builtin.include: server_status_write.yml
   tags:
     - nginx
 
 - name: Verify that the service is enabled and started
-  service:
+  ansible.builtin.service:
     name: nginx
     enabled: yes
     state: started
@@ -147,7 +147,7 @@
     - nginx
 
 - name: Check if Munin is installed
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugin-conf.d/munin-node
   check_mode: no
   register: stat_munin_node
@@ -155,16 +155,16 @@
     - nginx
     - munin
 
-- include: munin_vhost.yml
+- ansible.builtin.include: munin_vhost.yml
   when: stat_munin_node.stat.exists
   tags:
     - nginx
     - munin
 
-- include: munin_graphs.yml
+- ansible.builtin.include: munin_graphs.yml
   when: stat_munin_node.stat.exists
   tags:
     - nginx
     - munin
 
-- include: logrotate.yml
+- ansible.builtin.include: logrotate.yml
diff --git a/nginx/tasks/munin_graphs.yml b/nginx/tasks/munin_graphs.yml
index 5958c856..f2a6e4b5 100644
--- a/nginx/tasks/munin_graphs.yml
+++ b/nginx/tasks/munin_graphs.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: Munin config for Nginx is present
-  template:
+  ansible.builtin.template:
     src: munin/evolinux.nginx
     dest: /etc/munin/plugin-conf.d/
     mode: "0644"
   notify: restart munin
 
 - name: Munin plugins for Nginx are installed
-  file:
+  ansible.builtin.file:
     src: '/usr/share/munin/plugins/{{ item }}'
     dest: '/etc/munin/plugins/{{ item }}'
     state: link
diff --git a/nginx/tasks/munin_vhost.yml b/nginx/tasks/munin_vhost.yml
index 5aa137c9..98cc8672 100644
--- a/nginx/tasks/munin_vhost.yml
+++ b/nginx/tasks/munin_vhost.yml
@@ -1,13 +1,13 @@
 ---
 - name: Add munin to hosts
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/hosts
     regexp: 'munin$'
     line: '127.0.0.1        munin'
     insertafter: EOF
 
 - name: Packages for Munin CGI are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - liblwp-useragent-determined-perl
       - libcgi-fast-perl
@@ -15,22 +15,24 @@
     state: present
 
 - name: Owner for munin-cgi is set to www-data:munin
-  shell: "chown --verbose www-data:munin /var/log/munin/munin-cgi-*"
+  ansible.builtin.shell:
+    cmd: "chown --verbose www-data:munin /var/log/munin/munin-cgi-*"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
 
 - name: Mode for munin-cgi is set to 660
-  shell: "chmod --verbose 660 /var/log/munin/munin-cgi-*"
+  ansible.builtin.shell:
+    cmd: "chmod --verbose 660 /var/log/munin/munin-cgi-*"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
 
 - name: Systemd unit for Munin-fcgi is installed
-  copy:
+  ansible.builtin.copy:
     src: systemd/spawn-fcgi-munin-graph.service
     dest: /etc/systemd/system/spawn-fcgi-munin-graph.service
 
 - name: Systemd unit for Munin-fcgi is started
-  systemd:
+  ansible.builtin.systemd:
     name: spawn-fcgi-munin-graph
     daemon_reload: yes
     enabled: yes
diff --git a/nginx/tasks/packages.yml b/nginx/tasks/packages.yml
index f2c0596f..fd9febcf 100644
--- a/nginx/tasks/packages.yml
+++ b/nginx/tasks/packages.yml
@@ -1,16 +1,16 @@
 
 
-- set_fact:
+- ansible.builtin.set_fact:
     nginx_default_package_name: nginx-light
   when: nginx_minimal | bool
 
-- include: packages_backports.yml
+- ansible.builtin.include: packages_backports.yml
   when: nginx_backports | bool
 
 # TODO: install "nginx" + only necessary modules, instead of "nginx-full"
 
 - name: Nginx is installed
-  apt:
+  ansible.builtin.apt:
     name: "{{ nginx_package_name | default(nginx_default_package_name) }}"
     state: present
   tags:
diff --git a/nginx/tasks/packages_backports.yml b/nginx/tasks/packages_backports.yml
index 820d8713..aac2304d 100644
--- a/nginx/tasks/packages_backports.yml
+++ b/nginx/tasks/packages_backports.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Backports repository is configured
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: backports.yml
   tags:
@@ -9,7 +9,7 @@
     - packages
 
 - name: Prefer Nginx packages from backports
-  template:
+  ansible.builtin.template:
     src: apt/nginx_preferences
     dest: /etc/apt/preferences.d/999-nginx
     force: yes
@@ -20,7 +20,7 @@
     - packages
 
 - name: APT cache is updated
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: nginx_apt_preferences is changed
   tags:
diff --git a/nginx/tasks/server_status_read.yml b/nginx/tasks/server_status_read.yml
index 652bc154..e97d898a 100644
--- a/nginx/tasks/server_status_read.yml
+++ b/nginx/tasks/server_status_read.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "server status dirname exists '{{ nginx_serverstatus_suffix_file | dirname }}'"
-  file:
+  ansible.builtin.file:
     dest: "{{ nginx_serverstatus_suffix_file | dirname }}"
     mode: "0700"
     owner: root
@@ -9,7 +9,7 @@
     state: directory
 
 - name: set nginx serverstatus suffix if provided
-  copy:
+  ansible.builtin.copy:
     dest: "{{ nginx_serverstatus_suffix_file }}"
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ nginx_serverstatus_suffix }}\u000A"
@@ -17,20 +17,22 @@
   when: nginx_serverstatus_suffix | length > 0
 
 - name: generate random string for server-status suffix
-  shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
+  ansible.builtin.shell:
+    cmd: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
   args:
     creates: "{{ nginx_serverstatus_suffix_file }}"
 
 - name: read nginx server status suffix
-  command: "tail -n 1 {{ nginx_serverstatus_suffix_file }}"
+  ansible.builtin.command:
+    cmd: "tail -n 1 {{ nginx_serverstatus_suffix_file }}"
   changed_when: False
   check_mode: no
   register: new_nginx_serverstatus_suffix
 
 - name: overwrite nginx_serverstatus_suffix
-  set_fact:
+  ansible.builtin.set_fact:
     nginx_serverstatus_suffix: "{{ new_nginx_serverstatus_suffix.stdout }}"
 
-- debug:
+- ansible.builtin.debug:
     var: nginx_serverstatus_suffix
     verbosity: 1
diff --git a/nginx/tasks/server_status_write.yml b/nginx/tasks/server_status_write.yml
index beb56c67..dbed56cb 100644
--- a/nginx/tasks/server_status_write.yml
+++ b/nginx/tasks/server_status_write.yml
@@ -1,19 +1,19 @@
 ---
 
 - name: replace server-status suffix in default site index
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp: '__SERVERSTATUS_SUFFIX__'
     replace: "{{ nginx_serverstatus_suffix }}"
 
 - name: add server-status suffix in default site index if missing
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp: '"/server-status-?"'
     replace: '"/server-status-{{ nginx_serverstatus_suffix }}"'
 
 - name: add server-status suffix in default VHost
-  replace:
+  ansible.builtin.replace:
     dest: /etc/nginx/sites-available/evolinux-default.conf
     regexp: 'location /server-status-? {'
     replace: 'location /server-status-{{ nginx_serverstatus_suffix }} {'
diff --git a/ntpd/handlers/main.yml b/ntpd/handlers/main.yml
index 333d30de..70b41926 100644
--- a/ntpd/handlers/main.yml
+++ b/ntpd/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart ntp
-  service:
+  ansible.builtin.service:
     name: ntp
     state: restarted
diff --git a/ntpd/tasks/main.yml b/ntpd/tasks/main.yml
index 2d66d765..ac5f8288 100644
--- a/ntpd/tasks/main.yml
+++ b/ntpd/tasks/main.yml
@@ -1,20 +1,20 @@
 ---
 - name: Remove openntpd package
-  apt:
+  ansible.builtin.apt:
     name: openntpd
     state: absent
   tags:
   - ntp
 
 - name: Install ntp package
-  apt:
+  ansible.builtin.apt:
     name: ntp
     state: present
   tags:
   - ntp
 
 - name: Copy ntp config
-  template:
+  ansible.builtin.template:
     src: ntp.conf.j2
     dest: /etc/ntp.conf
     mode: "0644"
diff --git a/opendkim/handlers/main.yml b/opendkim/handlers/main.yml
index ccf166a8..3cc7b05f 100644
--- a/opendkim/handlers/main.yml
+++ b/opendkim/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: reload opendkim
-  systemd:
+  ansible.builtin.systemd:
     name: opendkim
     state: reloaded
 
 - name: restart opendkim
-  systemd:
+  ansible.builtin.systemd:
     name: opendkim
     state: restarted
diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml
index 94aa3dfd..1c7a416a 100644
--- a/opendkim/tasks/main.yml
+++ b/opendkim/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: install OpenDKIM
-  apt:
+  ansible.builtin.apt:
     name:
       - opendkim
       - opendkim-tools
@@ -11,7 +11,7 @@
   - opendkim
 
 - name: Add user opendkim in ssl-cert group
-  user:
+  ansible.builtin.user:
     name: opendkim
     groups: ssl-cert
     state: present
@@ -20,7 +20,7 @@
   - opendkim
 
 - name: add 127.0.0.1 to TrustedHosts
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '/etc/opendkim/TrustedHosts'
     line: '127.0.0.1'
     create: True
@@ -32,7 +32,7 @@
   - opendkim
 
 - name: create config files
-  file:
+  ansible.builtin.file:
     name: "/etc/opendkim/{{ item }}"
     state: touch
     owner: opendkim
@@ -46,7 +46,7 @@
   - opendkim
 
 - name: copy OpenDKIM config
-  copy:
+  ansible.builtin.copy:
     src: opendkim.conf
     dest: /etc/opendkim.conf
     mode: "0644"
@@ -57,7 +57,7 @@
 
 
 - name: Set folder permissions to 0750
-  file:
+  ansible.builtin.file:
     path: "/etc/opendkim/"
     owner: opendkim
     group: opendkim
@@ -67,18 +67,18 @@
   - opendkim
 
 - name: ensure opendkim is started and enabled
-  systemd:
+  ansible.builtin.systemd:
     name: opendkim
     state: started
     enabled: True
   tags:
   - opendkim
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: deploy opendkim-add.sh script
-  copy:
+  ansible.builtin.copy:
     src: opendkim-add.sh
     dest: /usr/share/scripts/opendkim-add.sh
     mode: "0750"
diff --git a/openvpn/handlers/main.yml b/openvpn/handlers/main.yml
index 44b0de93..cc74ea52 100644
--- a/openvpn/handlers/main.yml
+++ b/openvpn/handlers/main.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart nrpe
-  service:
+  ansible.builtin.service:
     name: nrpe
     state: restarted
 
 - name: reload packetfilter
-  command: pfctl -f /etc/pf.conf
+  ansible.builtin.command:
+    cmd: pfctl -f /etc/pf.conf
diff --git a/openvpn/tasks/debian.yml b/openvpn/tasks/debian.yml
index bee05d9e..9810a472 100644
--- a/openvpn/tasks/debian.yml
+++ b/openvpn/tasks/debian.yml
@@ -1,11 +1,11 @@
 ---
 
 - name: Install OpenVPN
-  apt:
+  ansible.builtin.apt:
     name: openvpn
 
 - name: Delete unwanted OpenVPN folders
-  file:
+  ansible.builtin.file:
     state: absent
     dest: "/etc/openvpn/{{ item }}"
   with_items:
@@ -13,7 +13,7 @@
     - server
 
 - name: Create the _openvpn user
-  user:
+  ansible.builtin.user:
     name: _openvpn
     system: yes
     create_home: no
@@ -21,7 +21,7 @@
     shell: "/usr/sbin/nologin"
 
 - name: Create the shellpki user
-  user:
+  ansible.builtin.user:
     name: shellpki
     system: yes
     create_home: no
@@ -29,18 +29,18 @@
     shell: "/usr/sbin/nologin"
 
 - name: Create /etc/shellpki
-  file:
+  ansible.builtin.file:
     dest: "/etc/shellpki"
     mode: "0755"
     owner: shellpki
     group: shellpki
     state: directory
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Copy shellpki files
-  copy:
+  ansible.builtin.copy:
     src: "shellpki/{{ item.source }}"
     dest: "{{ item.destination }}"
     mode: "{{ item.mode }}"
@@ -51,7 +51,7 @@
      - { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0750", owner: "root", group: "root" }
 
 - name: Add sudo rights
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/sudoers.d/shellpki"
     regexp: '/usr/local/sbin/shellpki'
     line: "%shellpki ALL = (root) /usr/local/sbin/shellpki"
@@ -62,7 +62,7 @@
     validate: 'visudo -cf %s'
 
 - name: Deploy OpenVPN client config template
-  template:
+  ansible.builtin.template:
     src: "ovpn.conf.j2"
     dest: "/etc/shellpki/ovpn.conf"
     mode: "0600"
@@ -70,15 +70,15 @@
     group: shellpki
 
 - name: Generate dhparam
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: /etc/shellpki/dh2048.pem
     size: 2048
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Deploy OpenVPN server config
-  template:
+  ansible.builtin.template:
     src: "server.conf.j2"
     dest: "/etc/openvpn/server.conf"
     mode: "0600"
@@ -86,21 +86,22 @@
     group: root
 
 - name: Is minifirewall installed ?
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   check_mode: no
   changed_when: False
   register: minifirewall_config
 
 - name: Retrieve the default interface
-  shell: "grep '^INT=' /etc/default/minifirewall | cut -d\\' -f 2"
+  ansible.builtin.shell:
+    cmd: "grep '^INT=' /etc/default/minifirewall | cut -d\\' -f 2"
   check_mode: no
   changed_when: False
   register: minifirewall_int
   when: minifirewall_config.stat.exists
 
 - name: Add minifirewall rule in config file
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "{{ item }}"
   with_items:
@@ -109,7 +110,7 @@
   when: minifirewall_config.stat.exists
 
 - name: Activate minifirewall rule
-  iptables:
+  ansible.builtin.iptables:
     table: nat
     chain: POSTROUTING
     source: "{{ openvpn_lan }}/{{ openvpn_netmask_cidr }}"
@@ -118,7 +119,7 @@
   when: minifirewall_config.stat.exists
 
 - name: Add 1194/udp OpenVPN port to public services in minifirewall
-  replace:
+  ansible.builtin.replace:
     dest: "/etc/default/minifirewall"
     regexp: "^SERVICESUDP1='(.*)?'$"
     replace: "SERVICESUDP1='\\1 1194'"
@@ -126,7 +127,7 @@
   when: minifirewall_config.stat.exists
 
 - name: Activate minifirewall rule for IPv4
-  iptables:
+  ansible.builtin.iptables:
     chain: INPUT
     protocol: udp
     destination_port: "1194"
@@ -135,7 +136,7 @@
   when: minifirewall_config.stat.exists
 
 - name: Activate minifirewall rule for IPv6
-  iptables:
+  ansible.builtin.iptables:
     chain: INPUT
     protocol: udp
     destination_port: "1194"
@@ -144,23 +145,23 @@
   when: minifirewall_config.stat.exists
 
 - name: Enable forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: "1"
     sysctl_file: "/etc/sysctl.d/openvpn.conf"
 
 - name: Configure logrotate for OpenVPN
-  copy:
+  ansible.builtin.copy:
     src: logrotate_openvpn
     dest: /etc/logrotate.d/openvpn
     force: no
 
 - name: Generate a password for the management interface
-  set_fact:
+  ansible.builtin.set_fact:
     management_pwd: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters,digits') }}"
 
 - name: Set the management password
-  copy:
+  ansible.builtin.copy:
     dest: "/etc/openvpn/management-pwd"
     content: "{{ management_pwd }}"
     mode: "0600"
@@ -168,27 +169,27 @@
     group: root
 
 - name: Enable openvpn service
-  systemd:
+  ansible.builtin.systemd:
     name: "openvpn@server.service"
     enabled: yes
 
 - name: Is NRPE installed ?
-  stat:
+  ansible.builtin.stat:
     path: "/etc/nagios/nrpe.d/evolix.cfg"
   check_mode: no
   changed_when: False
   register: nrpe_evolix_config
 
 - name: Install NRPE check dependencies
-  apt:
+  ansible.builtin.apt:
     name: libnet-telnet-perl
   when: nrpe_evolix_config.stat.exists
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Install OpenVPN NRPE check
-  copy:
+  ansible.builtin.copy:
     src: "files/check_openvpn_debian.pl"
     dest: "/usr/local/lib/nagios/plugins/check_openvpn"
     mode: "0755"
@@ -197,18 +198,18 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Configure NRPE OpenVPN check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/nagios/nrpe.d/evolix.cfg"
     regexp: '^command\[check_openvpn\]='
     line: "command[check_openvpn]=/usr/local/lib/nagios/plugins/check_openvpn -H 127.0.0.1 -p 1195 -P {{ management_pwd }}"
   notify: restart nagios-nrpe-server
   when: nrpe_evolix_config.stat.exists
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Install OpenVPN certificates NRPE check
-  copy:
+  ansible.builtin.copy:
     src: "files/check_openvpn_certificates.sh"
     dest: "/usr/local/lib/nagios/plugins/check_openvpn_certificates.sh"
     mode: "0755"
@@ -217,7 +218,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Add sudo rights for NRPE check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/sudoers.d/openvpn"
     regexp: 'check_openvpn_certificates.sh'
     line: "nagios  ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh"
@@ -229,18 +230,18 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Configure NRPE certificates check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/nagios/nrpe.d/evolix.cfg"
     regexp: '^command\[check_openvpn_certificates\]='
     line: "command[check_openvpn_certificates]=sudo /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh"
   notify: restart nagios-nrpe-server
   when: nrpe_evolix_config.stat.exists
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Copy script to check expirations
-  copy:
+  ansible.builtin.copy:
     src: "shellpki/cert-expirations.sh"
     dest: "/usr/share/scripts/cert-expirations.sh"
     mode: "0700"
@@ -248,42 +249,45 @@
     group: root
 
 - name: Install cron to warn about certificates expiration
-  cron:
+  ansible.builtin.cron:
     name: "OpenVPN certificates expiration"
     special_time: monthly
     job: '/usr/share/scripts/cert-expirations.sh | mail -E -s "PKI OpenVPN {{ ansible_hostname }} : recapitulatif expirations" {{ client_email }}'
 
 - name: Generate the CA password
-  set_fact:
+  ansible.builtin.set_fact:
     ca_pwd: "{{ lookup('password', '/dev/null length=25 chars=ascii_letters,digits') }}"
   check_mode: no
   changed_when: no
 
 - name: Initialization of the CA
-  shell: 'CA_PASSWORD="{{ ca_pwd }}" shellpki init --non-interactive {{ ansible_fqdn }}'
+  ansible.builtin.shell:
+    cmd: 'CA_PASSWORD="{{ ca_pwd }}" shellpki init --non-interactive {{ ansible_fqdn }}'
 
 - name: Creation of the server's certificate
-  shell: 'CA_PASSWORD="{{ ca_pwd }}" shellpki create --days 3650 --non-interactive {{ ansible_fqdn }}'
+  ansible.builtin.shell:
+    cmd: 'CA_PASSWORD="{{ ca_pwd }}" shellpki create --days 3650 --non-interactive {{ ansible_fqdn }}'
 
 - name: Get the server key
-  shell: 'ls -tr /etc/shellpki/private/ | tail -1'
+  ansible.builtin.shell:
+    cmd: 'ls -tr /etc/shellpki/private/ | tail -1'
   register: ca_key
   check_mode: no
   changed_when: no
 
 - name: Configure the server key
-  replace:
+  ansible.builtin.replace:
     path: /etc/openvpn/server.conf
     regexp: 'key  /etc/shellpki/private/TO_COMPLETE'
     replace: 'key  /etc/shellpki/private/{{ ca_key.stdout }}'
 
 - name: Restart OpenVPN
-  systemd:
+  ansible.builtin.systemd:
     name: "openvpn@server.service"
     state: restarted
 
 - name: Warn the user about manual checks
-  pause:
+  ansible.builtin.pause:
     prompt: |
       /!\ WARNING /!\
       You must check and adjust if necessary the configuration file "/etc/openvpn/server.conf", and then restart the OpenVPN service with "systemctl restart openvpn@server.service".
diff --git a/openvpn/tasks/main.yml b/openvpn/tasks/main.yml
index 1e20772a..26a04ee7 100644
--- a/openvpn/tasks/main.yml
+++ b/openvpn/tasks/main.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: System compatibility checks
-  assert:
+  ansible.builtin.assert:
     that: "ansible_distribution == 'Debian' or ansible_distribution == 'OpenBSD'"
     msg: "Only compatible with Debian and OpenBSD"
 
 - name: Include Debian version
-  include: debian.yml
+  ansible.builtin.include: debian.yml
   when: ansible_distribution == "Debian"
 
 - name: Include OpenBSD version
-  include: openbsd.yml
+  ansible.builtin.include: openbsd.yml
   when: ansible_distribution == "OpenBSD"
 
diff --git a/openvpn/tasks/openbsd.yml b/openvpn/tasks/openbsd.yml
index e33923e1..28781880 100644
--- a/openvpn/tasks/openbsd.yml
+++ b/openvpn/tasks/openbsd.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: Install OpenVPN
-  openbsd_pkg:
+  community.general.openbsd_pkg:
     name: openvpn--
   when: ansible_distribution == 'OpenBSD'
 
 - name: Create /etc/openvpn
-  file:
+  ansible.builtin.file:
     dest: "/etc/openvpn"
     state: directory
     owner: root
@@ -14,7 +14,7 @@
     mode: "0755"
 
 - name: Create the shellpki user
-  user:
+  ansible.builtin.user:
     name: _shellpki
     system: yes
     create_home: no
@@ -22,7 +22,7 @@
     shell: "/sbin/nologin"
 
 - name: Create /etc/shellpki
-  file:
+  ansible.builtin.file:
     dest: "/etc/shellpki"
     state: directory
     owner: _shellpki
@@ -30,7 +30,7 @@
     mode: "0755"
 
 - name: Copy shellpki files
-  copy:
+  ansible.builtin.copy:
     src: "shellpki/{{ item.source }}"
     dest: "{{ item.destination }}"
     mode: "{{ item.mode }}"
@@ -41,14 +41,14 @@
      - { source: "shellpki", destination: "/usr/local/sbin/shellpki", mode: "0750", owner: "root", group: "wheel" }
 
 - name: Add sudo rights
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/sudoers"
     regexp: '/usr/local/sbin/shellpki'
     line: "%_shellpki ALL = (root) /usr/local/sbin/shellpki"
     validate: 'visudo -cf %s'
 
 - name: Deploy OpenVPN client config template
-  template:
+  ansible.builtin.template:
     src: "ovpn.conf.j2"
     dest: "/etc/shellpki/ovpn.conf"
     mode: "0640"
@@ -56,12 +56,12 @@
     group: _shellpki
 
 - name: Generate dhparam
-  openssl_dhparam:
+  community.crypto.openssl_dhparam:
     path: /etc/shellpki/dh2048.pem
     size: 2048
 
 - name: Deploy OpenVPN server config
-  template:
+  ansible.builtin.template:
     src: "server.conf.j2"
     dest: "/etc/openvpn/server.conf"
     mode: "0600"
@@ -69,7 +69,7 @@
     group: wheel
 
 - name: Configure PacketFilter
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/pf.conf"
     line: "{{ item }}"
     validate: 'pfctl -nf %s'
@@ -79,7 +79,7 @@
      - "pass in quick on $ext_if proto udp from any to self port 1194"
 
 - name: Create a cron to rotate the logs
-  cron:
+  ansible.builtin.cron:
     name: "OpenVPN logs rotation"
     weekday: "6"
     hour: "4"
@@ -87,11 +87,11 @@
     job: "cp /var/log/openvpn.log /var/log/openvpn.log.$(date +\\%F) && echo \"$(date +\\%F' '\\%R) - logfile turned over via cron\" > /var/log/openvpn.log && gzip /var/log/openvpn.log.$(date +\\%F) && find /var/log/ -type f -name \"openvpn.log.*\" -mtime +365 -exec rm {} \\+"
 
 - name: Generate a password for the management interface
-  set_fact:
+  ansible.builtin.set_fact:
     management_pwd: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters,digits') }}"
 
 - name: Set the management password
-  copy:
+  ansible.builtin.copy:
     dest: "/etc/openvpn/management-pwd"
     content: "{{ management_pwd }}"
     mode: "0600"
@@ -99,30 +99,30 @@
     group: wheel
 
 - name: Enable openvpn service
-  service:
+  ansible.builtin.service:
     name: openvpn
     enabled: yes
 
 - name: Set openvpn flags
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/rc.conf.local
     regexp: "^openvpn_flags="
     line: "openvpn_flags=--daemon --config /etc/openvpn/server.conf"
     create: yes
 
 - name: Is NRPE installed ?
-  stat:
+  ansible.builtin.stat:
     path: "/etc/nrpe.d/evolix.cfg"
   check_mode: no
   register: nrpe_evolix_config
 
 - name: Install NRPE check dependencies
-  openbsd_pkg:
+  community.general.openbsd_pkg:
     name: p5-Net-Telnet
   when: nrpe_evolix_config.stat.exists
 
 - name: Install OpenVPN NRPE check
-  copy:
+  ansible.builtin.copy:
     src: "files/check_openvpn_openbsd.pl"
     dest: "/usr/local/libexec/nagios/plugins/check_openvpn.pl"
     mode: "0755"
@@ -131,7 +131,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Configure NRPE OpenVPN check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/nrpe.d/evolix.cfg"
     regexp: '^command\[check_openvpn\]='
     line: "command[check_openvpn]=/usr/local/libexec/nagios/plugins/check_openvpn.pl -H 127.0.0.1 -p 1195 -P {{ management_pwd }}"
@@ -143,7 +143,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Install OpenVPN certificates NRPE check
-  copy:
+  ansible.builtin.copy:
     src: "files/check_openvpn_certificates.sh"
     dest: "/usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh"
     mode: "0755"
@@ -152,7 +152,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Add doas rights for NRPE check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/doas.conf"
     regexp: 'check_openvpn_certificates.sh'
     line: "permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh"
@@ -160,7 +160,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Configure NRPE certificates check
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/nrpe.d/evolix.cfg"
     regexp: '^command\[check_openvpn_certificates\]='
     line: "command[check_openvpn_certificates]=doas /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh"
@@ -168,7 +168,7 @@
   when: nrpe_evolix_config.stat.exists
 
 - name: Copy script to check expirations
-  copy:
+  ansible.builtin.copy:
     src: "shellpki/cert-expirations.sh"
     dest: "/usr/share/scripts/cert-expirations.sh"
     mode: "0700"
@@ -176,42 +176,45 @@
     group: wheel
 
 - name: Install cron to warn about certificates expiration
-  cron:
+  ansible.builtin.cron:
     name: "OpenVPN certificates expiration"
     special_time: monthly
     job: '/usr/share/scripts/cert-expirations.sh | mail -E -s "PKI OpenVPN {{ ansible_hostname }} : recapitulatif expirations" {{ client_email }}'
 
 - name: Generate the CA password
-  set_fact:
+  ansible.builtin.set_fact:
     ca_pwd: "{{ lookup('password', '/dev/null length=25 chars=ascii_letters,digits') }}"
   check_mode: no
   changed_when: no
 
 - name: Initialization of the CA
-  shell: 'CA_PASSWORD="{{ ca_pwd }}" shellpki init --non-interactive {{ ansible_fqdn }}'
+  ansible.builtin.shell:
+    cmd: 'CA_PASSWORD="{{ ca_pwd }}" shellpki init --non-interactive {{ ansible_fqdn }}'
 
 - name: Creation of the server's certificate
-  shell: 'CA_PASSWORD="{{ ca_pwd }}" shellpki create --days 3650 --non-interactive {{ ansible_fqdn }}'
+  ansible.builtin.shell:
+    cmd: 'CA_PASSWORD="{{ ca_pwd }}" shellpki create --days 3650 --non-interactive {{ ansible_fqdn }}'
 
 - name: Get the server key
-  shell: 'ls -tr /etc/shellpki/private/ | tail -1'
+  ansible.builtin.shell:
+    cmd: 'ls -tr /etc/shellpki/private/ | tail -1'
   register: ca_key
   check_mode: no
   changed_when: no
 
 - name: Configure the server key
-  replace:
+  ansible.builtin.replace:
     path: /etc/openvpn/server.conf
     regexp: 'key  /etc/shellpki/private/TO_COMPLETE'
     replace: 'key  /etc/shellpki/private/{{ ca_key.stdout }}'
 
 - name: Restart OpenVPN
-  service:
+  ansible.builtin.service:
     name: openvpn
     state: restarted
 
 - name: Warn the user about manual checks
-  pause:
+  ansible.builtin.pause:
     prompt: |
       /!\ WARNING /!\
       You must check and adjust if necessary the configuration file "/etc/openvpn/server.conf", and then restart the OpenVPN service with "rcctl restart openvpn".
diff --git a/packweb-apache/handlers/main.yml b/packweb-apache/handlers/main.yml
index af4d94d2..f9170bc9 100644
--- a/packweb-apache/handlers/main.yml
+++ b/packweb-apache/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: restart apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: restarted
 
 - name: reload apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
diff --git a/packweb-apache/tasks/apache.yml b/packweb-apache/tasks/apache.yml
index 96c11e3a..434e75d0 100644
--- a/packweb-apache/tasks/apache.yml
+++ b/packweb-apache/tasks/apache.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: Check if Apache envvars have a PATH
-  command: "grep -E '^export PATH ' /etc/apache2/envvars"
+  ansible.builtin.command:
+    cmd: "grep -E '^export PATH ' /etc/apache2/envvars"
   failed_when: False
   changed_when: False
   register: envvar_grep_path
   check_mode: no
 
 - name: Add a PATH envvar for Apache
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/apache2/envvars
     marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
     block: |
@@ -17,7 +18,7 @@
   when: envvar_grep_path.rc != 0
 
 - name: Additional packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-security2
       - modsecurity-crs
@@ -25,7 +26,7 @@
     state: present
 
 - name: Additional modules are enabled
-  apache2_module:
+  community.general.apache2_module:
     name: '{{ item }}'
     state: present
   loop:
@@ -36,7 +37,7 @@
     - log_forensic
 
 - name: Copy Apache settings for modules
-  copy:
+  ansible.builtin.copy:
     src: "evolinux-modsec.conf"
     dest: "/etc/apache2/conf-available/evolinux-modsec.conf"
     owner: root
@@ -45,7 +46,7 @@
     force: no
 
 - name: Copy Apache settings for modules
-  template:
+  ansible.builtin.template:
     src: "evolinux-evasive.conf.j2"
     dest: "/etc/apache2/conf-available/evolinux-evasive.conf"
     owner: root
@@ -54,7 +55,8 @@
     force: no
 
 - name: Ensure Apache modules configs are enabled
-  command: "a2enconf {{ item }}"
+  ansible.builtin.command:
+    cmd: "a2enconf {{ item }}"
   register: command_result
   changed_when: "'Enabling' in command_result.stderr"
   loop:
diff --git a/packweb-apache/tasks/awstats.yml b/packweb-apache/tasks/awstats.yml
index 5ea0fa57..08c94381 100644
--- a/packweb-apache/tasks/awstats.yml
+++ b/packweb-apache/tasks/awstats.yml
@@ -1,11 +1,11 @@
 ---
 - name: Install awstats
-  apt:
+  ansible.builtin.apt:
     name: awstats
     state: present
 
 - name: Configure awstats
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/awstats/awstats.conf.local
     marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
     block: |
@@ -24,7 +24,7 @@
     mode: "0644"
 
 - name: Create conf-available/awstats-icon.conf file
-  copy:
+  ansible.builtin.copy:
     dest: /etc/apache2/conf-available/awstats-icon.conf
     content: |
       Alias /awstats-icon/ /usr/share/awstats/icon/
@@ -35,20 +35,21 @@
     mode: "0644"
 
 - name: Enable apache awstats-icon configuration
-  command: "a2enconf awstats-icon"
+  ansible.builtin.command:
+    cmd: "a2enconf awstats-icon"
   register: command_result
   changed_when: "'Enabling' in command_result.stderr"
   notify: reload apache
 
 - name: Create awstats cron
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/cron.d/awstats
     create: yes
     regexp: '-config=awstats'
     line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
 
 - name: Comment default awstat cron's tasks
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/cron.d/awstats
     regexp: "(?i)^([^#]*update\\.sh.*)"
     line: '#\1'
diff --git a/packweb-apache/tasks/dependencies.yml b/packweb-apache/tasks/dependencies.yml
index c22d4e0b..cd0efd40 100644
--- a/packweb-apache/tasks/dependencies.yml
+++ b/packweb-apache/tasks/dependencies.yml
@@ -1,21 +1,21 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/apache
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/php
   vars:
     php_apache_enable: True
   when: packweb_apache_modphp
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/php
   vars:
     php_fpm_enable: True
   when: packweb_apache_fpm
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/squid
   vars:
     squid_localproxy_enable: True
@@ -24,53 +24,53 @@
     name: evolix/mysql
   when: packweb_mysql_variant == "debian"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/mysql-oracle
   when: packweb_mysql_variant == "oracle"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php56
     lxc_php_create_mysql_link: True
   when: "'php56' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php70
     lxc_php_create_mysql_link: True
   when: "'php70' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php73
     lxc_php_create_mysql_link: True
   when: "'php73' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php74
     lxc_php_create_mysql_link: True
   when: "'php74' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php80
     lxc_php_create_mysql_link: True
   when: "'php80' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/lxc-php
   vars:
     lxc_php_version: php81
     lxc_php_create_mysql_link: True
   when: "'php81' in packweb_multiphp_versions"
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/webapps/evoadmin-web
   vars:
     evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
diff --git a/packweb-apache/tasks/fhs_retrictions.yml b/packweb-apache/tasks/fhs_retrictions.yml
index 7fa41478..6cb486d6 100644
--- a/packweb-apache/tasks/fhs_retrictions.yml
+++ b/packweb-apache/tasks/fhs_retrictions.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: Remove read permission on some folders (/, /etc, ...)
-  shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
+  ansible.builtin.shell:
+    cmd: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
   failed_when: False
@@ -25,7 +26,8 @@
     - /etc/default
 
 - name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
-  shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
+  ansible.builtin.shell:
+    cmd: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
   failed_when: False
@@ -41,13 +43,14 @@
     - /var/log/installer
 
 - name: Change group to www-data for /etc/phpmyadmin/
-  file:
+  ansible.builtin.file:
     dest: /etc/phpmyadmin/
     group: www-data
     state: directory
 
 - name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
-  shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
+  ansible.builtin.shell:
+    cmd: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
   failed_when: False
@@ -59,7 +62,8 @@
     - /usr/bin/mtr
 
 - name: Set 640 permission on some files (/var/log/evolix.log, ...)
-  shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
+  ansible.builtin.shell:
+    cmd: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
   failed_when: False
diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml
index c0a44935..7843a642 100644
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@@ -1,46 +1,46 @@
 ---
 
 - name: Dependencies are satisfied
-  include_tasks: dependencies.yml
+  ansible.builtin.include_tasks: dependencies.yml
 
-- fail:
+- ansible.builtin.fail:
     msg: only compatible with Debian >= 8
   when:
     - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
 
 - name: Additional packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - zip
       - unzip
     state: present
 
 - name: install info.php
-  copy:
+  ansible.builtin.copy:
     src: info.php
     dest: /var/www/info.php
     mode: "0644"
 
 - name: enable info.php link in default site index
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     line: '            <li><a href="/info.php">Infos PHP</a></li>'
     regexp: "Infos PHP"
 
 - name: install opcache.php
-  copy:
+  ansible.builtin.copy:
     src: opcache.php
     dest: /var/www/opcache.php
     mode: "0644"
 
 - name: enable opcache.php link in default site index
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     line: '            <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
     regexp: "Infos OpCache PHP"
 
 - name: Add elements to user account template
-  file:
+  ansible.builtin.file:
     path: "/etc/skel/{{ item.path }}"
     state: "{{ item.state }}"
     mode: "{{ item.mode }}"
@@ -50,7 +50,8 @@
     - { path: www, mode: "0750", state: directory }
 
 - name: Apache log file (templates) are present
-  command: "touch /etc/skel/log/{{ item }}"
+  ansible.builtin.command:
+    cmd: "touch /etc/skel/log/{{ item }}"
   args:
     creates: "/etc/skel/log/{{ item }}"
   loop:
@@ -58,37 +59,37 @@
     - error.log
 
 - name: Apache log file (templates) have the proper permissions
-  file:
+  ansible.builtin.file:
     dest: "/etc/skel/log/{{ item }}"
     mode: "0644"
   loop:
     - access.log
     - error.log
 
-- include_role:
+- ansible.builtin.include_role:
     name: userlogrotate
 
 - name: Force DIR_MODE to 0750 in /etc/adduser.conf
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/adduser.conf
     regexp: '^DIR_MODE='
     line: 'DIR_MODE=0750'
 
-- include: apache.yml
+- ansible.builtin.include: apache.yml
 
-- include: phpmyadmin.yml
+- ansible.builtin.include: phpmyadmin.yml
 
-- include: awstats.yml
+- ansible.builtin.include: awstats.yml
 
-- include: fhs_retrictions.yml
+- ansible.builtin.include: fhs_retrictions.yml
   when: packweb_fhs_retrictions | bool
 
 - name: Periodically cache ftp directory sizes for ftpadmin.sh
-  cron:
+  ansible.builtin.cron:
     name: "ProFTPd directory size caching"
     special_time: daily
     job: "/usr/share/scripts/evoadmin/stats.sh"
 
-- include: multiphp.yml
+- ansible.builtin.include: multiphp.yml
   when: packweb_multiphp_versions | length > 0
 
diff --git a/packweb-apache/tasks/multiphp.yml b/packweb-apache/tasks/multiphp.yml
index 8a7c9613..b6719374 100644
--- a/packweb-apache/tasks/multiphp.yml
+++ b/packweb-apache/tasks/multiphp.yml
@@ -1,16 +1,16 @@
 ---
 
 - name: Enable proxy_fcgi
-  apache2_module:
+  community.general.apache2_module:
     state: present
     name: proxy_fcgi
   notify: restart apache2
 
-- include_role:
+- ansible.builtin.include_role:
     name: remount-usr
 
 - name: Copy phpContainer script
-  copy:
+  ansible.builtin.copy:
     src: phpContainer
     dest: /usr/local/bin/phpContainer
     mode: "0755"
@@ -27,7 +27,7 @@
 #     line: "alias php='sudo /usr/local/bin/phpContainer'"
 
 - name: Add multiphp sudoers file
-  copy:
+  ansible.builtin.copy:
     src: multiphp-sudoers
     dest: /etc/sudoers.d/multiphp
     mode: "0600"
diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml
index f83b0a5d..11832300 100644
--- a/packweb-apache/tasks/phpmyadmin.yml
+++ b/packweb-apache/tasks/phpmyadmin.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: Install apg
-  apt:
+  ansible.builtin.apt:
     name: apg
 
 # On Debian 10, we need to install the package from buster-backports
 - name: Enable backports (Debian 10)
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: backports.yml
   when: ansible_distribution_major_version is version('10', '=')
 
 - name: Prefer phpMyAdmin package from backports (Debian 10)
-  template:
+  ansible.builtin.template:
     src: phpmyadmin_apt_preferences.j2
     dest: /etc/apt/preferences.d/999-phpmyadmin
     force: yes
@@ -20,27 +20,28 @@
   when: ansible_distribution_major_version is version('10', '=')
 
 - name: Install phpmyadmin
-  apt:
+  ansible.builtin.apt:
     name: phpmyadmin
     update_cache: yes
 
 - name: Check if phpmyadmin default configuration is present
-  stat:
+  ansible.builtin.stat:
     path: /etc/apache2/conf-enabled/phpmyadmin.conf
   register: pma_default_config
 
-- debug:
+- ansible.builtin.debug:
     var: pma_default_config
     verbosity: 1
 
 - name: Disable phpmyadmin default configuration
-  command: "a2disconf phpmyadmin"
+  ansible.builtin.command:
+    cmd: "a2disconf phpmyadmin"
   register: command_result
   changed_when: "'Disabling' in command_result.stderr"
   when: pma_default_config.stat.exists
 
 - name: "phpmyadmin suffix dirname '{{ packweb_phpmyadmin_suffix_file | dirname }}' exists"
-  file:
+  ansible.builtin.file:
     dest: "{{ packweb_phpmyadmin_suffix_file | dirname }}"
     mode: "0700"
     owner: root
@@ -48,7 +49,7 @@
     state: directory
 
 - name: set phpmyadmin suffix if provided
-  copy:
+  ansible.builtin.copy:
     dest: "{{ packweb_phpmyadmin_suffix_file }}"
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ packweb_phpmyadmin_suffix }}\u000A"
@@ -56,26 +57,28 @@
   when: packweb_phpmyadmin_suffix | length > 0
 
 - name: generate random string for phpmyadmin suffix
-  shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
+  ansible.builtin.shell:
+    cmd: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
   args:
     creates: "{{ packweb_phpmyadmin_suffix_file }}"
 
 - name: read phpmyadmin suffix
-  command: "tail -n 1 {{ packweb_phpmyadmin_suffix_file }}"
+  ansible.builtin.command:
+    cmd: "tail -n 1 {{ packweb_phpmyadmin_suffix_file }}"
   changed_when: False
   check_mode: no
   register: new_packweb_phpmyadmin_suffix
 
 - name: overwrite packweb_phpmyadmin_suffix
-  set_fact:
+  ansible.builtin.set_fact:
     packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
 
-- debug:
+- ansible.builtin.debug:
     var: packweb_phpmyadmin_suffix
     verbosity: 1
 
 - name: enable phpMyAdmin config
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/apache2/sites-available/000-evolinux-default.conf
     marker: "# {mark} phpMyAdmin section"
     block: |
@@ -88,13 +91,13 @@
       </Directory>
 
 - name: enable phpmyadmin link in default site index
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp:  '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
     replace: '     <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
 
 - name: replace phpmyadmin suffix in default site index
-  replace:
+  ansible.builtin.replace:
     dest: /var/www/index.html
     regexp: '__PHPMYADMIN_SUFFIX__'
     replace: "{{ packweb_phpmyadmin_suffix }}"
diff --git a/percona/tasks/main.yml b/percona/tasks/main.yml
index 6dc319ff..32637df7 100644
--- a/percona/tasks/main.yml
+++ b/percona/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
 
 - name: Look for legacy apt keyring
-  stat:
+  ansible.builtin.stat:
     path: /etc/apt/trusted.gpg
   register: _trusted_gpg_keyring
 
 - name: Percona embedded GPG key is absent
-  apt_key:
+  ansible.builtin.apt_key:
     id: "8507EFA5"
     keyring: /etc/apt/trusted.gpg
     state: absent
   when: _trusted_gpg_keyring.stat.exists
 
 - name: Add Percona GPG key
-  copy:
+  ansible.builtin.copy:
     src: percona.asc
     dest: "{{ apt_keyring_dir }}/percona.asc"
     force: yes
@@ -25,8 +25,8 @@
     group: root
 
 - name: Check if percona-release is installed
-  shell: "set -o pipefail && dpkg -l percona-release 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l percona-release 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   check_mode: no
   failed_when: False
@@ -34,7 +34,7 @@
   register: percona__apt_config_package_installed
 
 - name: Percona APT config package is available
-  copy:
+  ansible.builtin.copy:
     src: "{{ percona__apt_config_package_file }}"
     dest: "/root/{{ percona__apt_config_package_file }}"
   when: not (percona__apt_config_package_installed | bool)
@@ -43,23 +43,23 @@
 #     name: evolix/remount-usr
 
 - name: Percona APT config package is installed from deb file
-  apt:
+  ansible.builtin.apt:
     deb: "/root/{{ percona__apt_config_package_file }}"
     state: present
   register: percona__apt_config_deb
   when: not (percona__apt_config_package_installed | bool)
 
 - name: Percona APT config package is installed from repository
-  apt:
+  ansible.builtin.apt:
     name: percona-release
     state: latest
   register: percona__apt_config_deb
   when: percona__apt_config_package_installed | bool
 
 - name: APT cache is up-to-date
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: percona__apt_config_deb is changed
 
-- include: xtrabackup.yml
+- ansible.builtin.include: xtrabackup.yml
   when: percona__install_xtrabackup | bool
diff --git a/percona/tasks/xtrabackup.yml b/percona/tasks/xtrabackup.yml
index 7d4e29d1..6a68fbff 100644
--- a/percona/tasks/xtrabackup.yml
+++ b/percona/tasks/xtrabackup.yml
@@ -1,16 +1,17 @@
 ---
 
 - name: Percona Tools is enabled
-  command: percona-release enable tools release
+  ansible.builtin.command:
+    cmd: percona-release enable tools release
   # changed_when:
   # register: percona__release_enable_tools
 
 - name: APT cache is up-to-date
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   # when: percona__release_enable_tools is changed
 
 - name: Percona XtraBackup package is installed
-  apt:
+  ansible.builtin.apt:
     name: "{{ percona__xtrabackup_package_name }}"
     state: present
diff --git a/pgbouncer/tasks/main.yml b/pgbouncer/tasks/main.yml
index 67639044..fefef4e1 100644
--- a/pgbouncer/tasks/main.yml
+++ b/pgbouncer/tasks/main.yml
@@ -1,17 +1,17 @@
 ---
 - name: PgBouncer is installed
-  apt:
+  ansible.builtin.apt:
     name: pgbouncer
     state: present
 - name: Limit for PgBouncer is set
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/default/pgbouncer
     line: ulimit -n 65536
 - name: Add config file for PgBouncer
-  template:
+  ansible.builtin.template:
     src: pgbouncer.ini.j2
     dest: /etc/pgbouncer/pgbouncer.ini
 - name: Populate userlist.txt
-  template:
+  ansible.builtin.template:
     src: userlist.txt.j2
     dest: /etc/pgbouncer/userlist.txt
diff --git a/php/handlers/main.yml b/php/handlers/main.yml
index 206eab3a..b333fe9b 100644
--- a/php/handlers/main.yml
+++ b/php/handlers/main.yml
@@ -1,36 +1,36 @@
 ---
 
 - name: restart php5-fpm
-  service:
+  ansible.builtin.service:
     name: php5-fpm
     state: restarted
 
 - name: restart php5.6-fpm
-  service:
+  ansible.builtin.service:
     name: php5.6-fpm
     state: restarted
 
 - name: restart php7.0-fpm
-  service:
+  ansible.builtin.service:
     name: php7.0-fpm
     state: restarted
 
 - name: restart php7.3-fpm
-  service:
+  ansible.builtin.service:
     name: php7.3-fpm
     state: restarted
 
 - name: restart php7.4-fpm
-  service:
+  ansible.builtin.service:
     name: php7.4-fpm
     state: restarted
 
 - name: restart php8.1-fpm
-  service:
+  ansible.builtin.service:
     name: php8.1-fpm
     state: restarted
 
 - name: restart php8.2-fpm
-  service:
+  ansible.builtin.service:
     name: php8.2-fpm
     state: restarted
diff --git a/php/tasks/config_apache.yml b/php/tasks/config_apache.yml
index 795678fd..4ddc8448 100644
--- a/php/tasks/config_apache.yml
+++ b/php/tasks/config_apache.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Set default values for PHP
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_apache_defaults_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
@@ -19,7 +19,7 @@
     - { option: "opcache.max_accelerated_files", value: "8000" }
 
 - name: Disable PHP functions
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_apache_defaults_ini_file }}"
     section: PHP
     option: disable_functions
@@ -27,7 +27,7 @@
     mode: "0644"
 
 - name: Custom php.ini
-  copy:
+  ansible.builtin.copy:
     dest: "{{ php_apache_custom_ini_file }}"
     content: |
       ; Put customized values here.
@@ -36,7 +36,7 @@
     force: no
 
 - name: "Set custom values for PHP to enable Symfony"
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_apache_custom_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
diff --git a/php/tasks/config_cli.yml b/php/tasks/config_cli.yml
index d327690a..506a1077 100644
--- a/php/tasks/config_cli.yml
+++ b/php/tasks/config_cli.yml
@@ -1,6 +1,6 @@
 ---
 - name: "Set default php.ini values for CLI"
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_cli_defaults_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
@@ -13,7 +13,7 @@
     - { option: "disable_functions", value: "" }
 
 - name: Custom php.ini for CLI
-  copy:
+  ansible.builtin.copy:
     dest: "{{ php_cli_custom_ini_file }}"
     content: |
       ; Put customized values here.
@@ -22,12 +22,12 @@
 # This task is not merged with the above copy
 # because "force: no" prevents any fix after the fact
 - name: "Permissions for custom php.ini for CLI"
-  file:
+  ansible.builtin.file:
     dest: "{{ php_cli_custom_ini_file }}"
     mode: "0644"
 
 - name: "Set custom values for PHP to enable Symfony"
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_cli_custom_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
diff --git a/php/tasks/config_fpm.yml b/php/tasks/config_fpm.yml
index ad543f19..9fc1cc33 100644
--- a/php/tasks/config_fpm.yml
+++ b/php/tasks/config_fpm.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Set default php.ini values for FPM
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_fpm_defaults_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
@@ -20,7 +20,7 @@
   notify: "restart {{ php_fpm_service_name }}"
 
 - name: Disable PHP functions for FPM
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_fpm_defaults_ini_file }}"
     section: PHP
     option: disable_functions
@@ -28,7 +28,7 @@
   notify: "restart {{ php_fpm_service_name }}"
 
 - name: Custom php.ini for FPM
-  copy:
+  ansible.builtin.copy:
     dest: "{{ php_fpm_custom_ini_file }}"
     content: |
       ; Put customized values here.
@@ -36,7 +36,7 @@
   notify: "restart {{ php_fpm_service_name }}"
 
 - name: Set default PHP FPM values
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_fpm_default_pool_file }}"
     section: www
     option: "{{ item.option }}"
@@ -60,7 +60,7 @@
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: Custom PHP FPM values
-  copy:
+  ansible.builtin.copy:
     dest: "{{ php_fpm_default_pool_custom_file }}"
     content: |
       ; Put customized values here.
@@ -70,7 +70,7 @@
   notify: "restart {{ php_fpm_service_name }}"
 
 - name: "Set custom values for PHP to enable Symfony"
-  ini_file:
+  community.general.ini_file:
     dest: "{{ php_cli_custom_ini_file }}"
     section: PHP
     option: "{{ item.option }}"
@@ -82,7 +82,7 @@
   when: php_symfony_requirements | bool
 
 - name: Delete debian default pool
-  file:
+  ansible.builtin.file:
     path: "{{ php_fpm_debian_default_pool_file | mandatory }}"
     state: absent
   notify: "restart {{ php_fpm_service_name }}"
diff --git a/php/tasks/main.yml b/php/tasks/main.yml
index 180712b2..f9144832 100644
--- a/php/tasks/main.yml
+++ b/php/tasks/main.yml
@@ -1,23 +1,23 @@
 ---
 
-- assert:
+- ansible.builtin.assert:
     that:
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('8', '>=')
       - ansible_distribution_major_version is version('12', '<=')
     msg: This is only compatible with Debian 8 → 12
 
-- include_tasks: main_jessie.yml
+- ansible.builtin.include_tasks: main_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: main_stretch.yml
+- ansible.builtin.include_tasks: main_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include_tasks: main_buster.yml
+- ansible.builtin.include_tasks: main_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include_tasks: main_bullseye.yml
+- ansible.builtin.include_tasks: main_bullseye.yml
   when: ansible_distribution_release == "bullseye"
 
-- include_tasks: main_bookworm.yml
+- ansible.builtin.include_tasks: main_bookworm.yml
   when: ansible_distribution_release == "bookworm"
diff --git a/php/tasks/main_bookworm.yml b/php/tasks/main_bookworm.yml
index 6ad64399..d4dd381f 100644
--- a/php/tasks/main_bookworm.yml
+++ b/php/tasks/main_bookworm.yml
@@ -1,21 +1,21 @@
 ---
 
 - name: "Set php version to 8.2 (Debian 12)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_version: "8.2"
   when:
     - php_sury_enable == false
   check_mode: no
 
 - name: "Set php config directories (Debian 12)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_conf_dir: "/etc/php/{{ php_version }}/cli/conf.d"
     php_apache_conf_dir: "/etc/php/{{ php_version }}/apache2/conf.d"
     php_fpm_conf_dir: "/etc/php/{{ php_version }}/fpm/conf.d"
     php_fpm_pool_dir: "/etc/php/{{ php_version }}/fpm/pool.d"
 
 - name: "Set php config files (Debian 12)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_defaults_ini_file: "{{ php_cli_conf_dir }}/z-evolinux-defaults.ini"
     php_cli_custom_ini_file: "{{ php_cli_conf_dir }}/zzz-evolinux-custom.ini"
     php_apache_defaults_ini_file: "{{ php_apache_conf_dir }}/z-evolinux-defaults.ini"
@@ -31,7 +31,7 @@
 # Packages
 
 - name: "Set package list (Debian 12)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_stretch_packages:
       - php-cli
       - php-gd
@@ -49,16 +49,16 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- ansible.builtin.include: sury_pre.yml
   when: php_sury_enable
 
 - name: "Install PHP packages (Debian 12)"
-  apt:
+  ansible.builtin.apt:
     name: '{{ php_stretch_packages }}'
     state: present
 
 - name: "Install mod_php packages (Debian 12)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-php
       - php
@@ -66,7 +66,7 @@
   when: php_apache_enable
 
 - name: "Install PHP FPM packages (Debian 12)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php-fpm
       - php
@@ -76,36 +76,36 @@
 # Configuration
 
 - name: "Enforce permissions on PHP directory (Debian 12)"
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     mode: "0755"
   with_items:
     - /etc/php
     - /etc/php/{{ php_version }}
 
-- include: config_cli.yml
+- ansible.builtin.include: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 12)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- ansible.builtin.include: config_fpm.yml
   when: php_fpm_enable
 
 - name: "Enforce permissions on PHP fpm directory (Debian 12)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/fpm
     mode: "0755"
   when: php_fpm_enable
 
-- include: config_apache.yml
+- ansible.builtin.include: config_apache.yml
   when: php_apache_enable
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 12)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/apache2
     mode: "0755"
   when: php_apache_enable
 
-- include: sury_post.yml
+- ansible.builtin.include: sury_post.yml
   when: php_sury_enable
diff --git a/php/tasks/main_bullseye.yml b/php/tasks/main_bullseye.yml
index 4cb185b7..b12740a7 100644
--- a/php/tasks/main_bullseye.yml
+++ b/php/tasks/main_bullseye.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: "Set php version to 7.4 if Sury repo is not enabled"
-  set_fact:
+  ansible.builtin.set_fact:
     php_version: "7.4"
   when:
     - php_sury_enable == False
   check_mode: no
 
 - name: "Set variables (Debian 11)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_defaults_ini_file: /etc/php/{{ php_version }}/cli/conf.d/z-evolinux-defaults.ini
     php_cli_custom_ini_file: /etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini
     php_apache_defaults_ini_file: /etc/php/{{ php_version }}/apache2/conf.d/z-evolinux-defaults.ini
@@ -24,7 +24,7 @@
 # Packages
 
 - name: "Set package list (Debian 11)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_stretch_packages:
       - php-cli
       - php-gd
@@ -41,16 +41,16 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- ansible.builtin.include: sury_pre.yml
   when: php_sury_enable
 
 - name: "Install PHP packages (Debian 11)"
-  apt:
+  ansible.builtin.apt:
     name: '{{ php_stretch_packages }}'
     state: present
 
 - name: "Install mod_php packages (Debian 11)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-php
       - php
@@ -58,7 +58,7 @@
   when: php_apache_enable
 
 - name: "Install PHP FPM packages (Debian 11)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php{{ php_version }}-fpm
       - php{{ php_version }}
@@ -68,33 +68,33 @@
 # Configuration
 
 - name: "Enforce permissions on PHP directory (Debian 11)"
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     mode: "0755"
   with_items:
     - /etc/php
     - /etc/php/{{ php_version }}
 
-- include: config_cli.yml
+- ansible.builtin.include: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 11)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- ansible.builtin.include: config_fpm.yml
   when: php_fpm_enable
 
 - name: "Enforce permissions on PHP fpm directory (Debian 11)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/fpm
     mode: "0755"
   when: php_fpm_enable
 
-- include: config_apache.yml
+- ansible.builtin.include: config_apache.yml
   when: php_apache_enable
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 11)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/apache2
     mode: "0755"
   when: php_apache_enable
diff --git a/php/tasks/main_buster.yml b/php/tasks/main_buster.yml
index 58fda84e..588d21d5 100644
--- a/php/tasks/main_buster.yml
+++ b/php/tasks/main_buster.yml
@@ -1,17 +1,17 @@
 ---
 
-- debug:
+- ansible.builtin.debug:
     var: php_sury_enable
 
 - name: "Set php version to 7.3 if Sury repo is not enabled"
-  set_fact:
+  ansible.builtin.set_fact:
     php_version: "7.3"
   check_mode: no
   when:
     - not (php_sury_enable | bool)
 
 - name: "Set variables (Debian 10)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_defaults_ini_file: /etc/php/{{ php_version }}/cli/conf.d/zvolinux-defaults.ini
     php_cli_custom_ini_file: /etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini
     php_apache_defaults_ini_file: /etc/php/{{ php_version }}/apache2/conf.d/z-evolinux-defaults.ini
@@ -27,7 +27,7 @@
 # Packages
 
 - name: "Set package list (Debian 10)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_stretch_packages:
       - php-cli
       - php-gd
@@ -45,16 +45,16 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- ansible.builtin.include: sury_pre.yml
   when: php_sury_enable | bool
 
 - name: "Install PHP packages (Debian 10)"
-  apt:
+  ansible.builtin.apt:
     name: '{{ php_stretch_packages }}'
     state: present
 
 - name: "Install mod_php packages (Debian 10)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-php
       - php
@@ -62,7 +62,7 @@
   when: php_apache_enable | bool
 
 - name: "Install PHP FPM packages (Debian 10)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php{{ php_version }}-fpm
       - php{{ php_version }}
@@ -72,33 +72,33 @@
 # Configuration
 
 - name: "Enforce permissions on PHP directory (Debian 10)"
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     mode: "0755"
   loop:
     - /etc/php
     - /etc/php/{{ php_version }}
 
-- include: config_cli.yml
+- ansible.builtin.include: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 10)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- ansible.builtin.include: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: "Enforce permissions on PHP fpm directory (Debian 10)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/fpm
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- ansible.builtin.include: config_apache.yml
   when: php_apache_enable | bool
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 10)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/{{ php_version }}/apache2
     mode: "0755"
   when: php_apache_enable | bool
diff --git a/php/tasks/main_jessie.yml b/php/tasks/main_jessie.yml
index 75105166..fc517533 100644
--- a/php/tasks/main_jessie.yml
+++ b/php/tasks/main_jessie.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Set variables (Debian 8)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_defaults_ini_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini
     php_cli_custom_ini_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini
     php_apache_defaults_ini_file: /etc/php5/apache2/conf.d/z-evolinux-defaults.ini
@@ -17,7 +17,7 @@
 # Packages
 
 - name: "Install PHP packages (Debian 8)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php5-cli
       - php5-gd
@@ -35,7 +35,7 @@
     state: present
 
 - name: "Install mod_php packages (Debian 8)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-php5
       - php5
@@ -43,7 +43,7 @@
   when: php_apache_enable | bool
 
 - name: "Install PHP FPM packages (Debian 8)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php5-fpm
       - php5
@@ -53,31 +53,31 @@
 # Configuration
 
 - name: Enforce permissions on PHP directory (Debian 8)
-  file:
+  ansible.builtin.file:
     dest: /etc/php5
     mode: "0755"
 
-- include: config_cli.yml
+- ansible.builtin.include: config_cli.yml
 
 - name: Enforce permissions on PHP cli directory (Debian 8)
-  file:
+  ansible.builtin.file:
     dest: /etc/php5/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- ansible.builtin.include: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: Enforce permissions on PHP fpm directory (Debian 8)
-  file:
+  ansible.builtin.file:
     dest: /etc/php5/fpm
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- ansible.builtin.include: config_apache.yml
   when: php_apache_enable | bool
 
 - name: Enforce permissions on PHP apache2 directory (Debian 8)
-  file:
+  ansible.builtin.file:
     dest: /etc/php5/apache2
     mode: "0755"
   when: php_apache_enable | bool
diff --git a/php/tasks/main_stretch.yml b/php/tasks/main_stretch.yml
index 698621ac..25f264b7 100644
--- a/php/tasks/main_stretch.yml
+++ b/php/tasks/main_stretch.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Set variables (Debian 9)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_cli_defaults_ini_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini
     php_cli_custom_ini_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini
     php_apache_defaults_ini_file: /etc/php/7.0/apache2/conf.d/z-evolinux-defaults.ini
@@ -17,7 +17,7 @@
 # Packages
 
 - name: "Set package list (Debian 9)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_stretch_packages:
       - php-cli
       - php-gd
@@ -35,16 +35,16 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- ansible.builtin.include: sury_pre.yml
   when: php_sury_enable | bool
 
 - name: "Install PHP packages (Debian 9)"
-  apt:
+  ansible.builtin.apt:
     name: '{{ php_stretch_packages }}'
     state: present
 
 - name: "Install mod_php packages (Debian 9)"
-  apt:
+  ansible.builtin.apt:
     name:
       - libapache2-mod-php
       - php
@@ -52,7 +52,7 @@
   when: php_apache_enable | bool
 
 - name: "Install PHP FPM packages (Debian 9)"
-  apt:
+  ansible.builtin.apt:
     name:
       - php-fpm
       - php
@@ -62,37 +62,37 @@
 # Configuration
 
 - name: "Enforce permissions on PHP directory (Debian 9)"
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     mode: "0755"
   loop:
     - /etc/php
     - /etc/php/7.0
 
-- include: config_cli.yml
+- ansible.builtin.include: config_cli.yml
 
 - name: "Enforce permissions on PHP cli directory (Debian 9)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.0/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- ansible.builtin.include: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: "Enforce permissions on PHP fpm directory (Debian 9)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.0/fpm
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- ansible.builtin.include: config_apache.yml
   when: php_apache_enable | bool
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 9)"
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.0/apache2
     mode: "0755"
   when: php_apache_enable | bool
 
-- include: sury_post.yml
+- ansible.builtin.include: sury_post.yml
   when: php_sury_enable | bool
diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml
index 4e706889..ef4d3c7e 100644
--- a/php/tasks/sury_post.yml
+++ b/php/tasks/sury_post.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Symlink Evolix CLI config files from 7.4 to 7.0
-  file:
+  ansible.builtin.file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
@@ -11,12 +11,12 @@
     - { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
 
 - name: Enforce permissions on PHP 7.4/cli directory
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.4/cli
     mode: "0755"
 
 - name: Symlink Evolix Apache config files from 7.4 to 7.0
-  file:
+  ansible.builtin.file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
@@ -27,13 +27,13 @@
   when: php_apache_enable | bool
 
 - name: Enforce permissions on PHP 7.4/cli directory
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.4/apache2
     mode: "0755"
   when: php_apache_enable | bool
 
 - name: Symlink Evolix FPM config files from 7.4 to 7.0
-  file:
+  ansible.builtin.file:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     force: yes
@@ -46,7 +46,7 @@
   when: php_fpm_enable | bool
 
 - name: Enforce permissions on PHP 7.4/cli directory
-  file:
+  ansible.builtin.file:
     dest: /etc/php/7.4/fpm
     mode: "0755"
   when: php_fpm_enable | bool
diff --git a/php/tasks/sury_pre.yml b/php/tasks/sury_pre.yml
index 7f5b6bf4..1f04b661 100644
--- a/php/tasks/sury_pre.yml
+++ b/php/tasks/sury_pre.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: Setup deb.sury.org repository - Install apt-transport-https
-  apt:
+  ansible.builtin.apt:
     name: apt-transport-https
     state: present
   when: ansible_distribution_major_version is version('10', '<')
 
 - name: copy pub.evolix.org GPG key
-  copy:
+  ansible.builtin.copy:
     src: pub_evolix.asc
     dest: "{{ apt_keyring_dir }}/pub_evolix.asc"
     mode: "0644"
@@ -15,7 +15,7 @@
     group: root
 
 - name: Setup pub.evolix.org repository - Add source list
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix {{ ansible_distribution_release }}-php81 main"
     filename: evolix-php
     state: present
@@ -23,14 +23,14 @@
     - ansible_distribution_release == "bullseye"
 
 - name: Setup deb.sury.org repository - Add preferences file
-  copy:
+  ansible.builtin.copy:
     src: sury.preferences
     dest: /etc/apt/preferences.d/z-sury
   when:
     - ansible_distribution_release != "bullseye"
 
 - name: Setup deb.sury.org repository - Add GPG key
-  copy:
+  ansible.builtin.copy:
     src: sury.gpg
     dest: "{{ apt_keyring_dir }}/sury.gpg"
     mode: "0644"
@@ -38,7 +38,7 @@
     group: root
 
 - name: Add Sury repository (Debian <12)
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
     filename: sury
     state: present
@@ -54,12 +54,12 @@
   when: ansible_distribution_major_version is version('12', '>=')
 
 - name: Update APT cache
-  apt:
+  ansible.builtin.apt:
     update_cache: yes
   when: sury_sources is changed
 
 - name: "Override package list for Sury (Debian 9 or later)"
-  set_fact:
+  ansible.builtin.set_fact:
     php_stretch_packages:
       - php{{ php_version }}-cli
       - php{{ php_version }}-gd
diff --git a/postfix/handlers/main.yml b/postfix/handlers/main.yml
index 6c2e879b..d8cef9f7 100644
--- a/postfix/handlers/main.yml
+++ b/postfix/handlers/main.yml
@@ -1,13 +1,14 @@
 ---
 - name: restart postfix
-  service:
+  ansible.builtin.service:
     name: postfix
     state: restarted
 
 - name: reload postfix
-  service:
+  ansible.builtin.service:
     name: postfix
     state: reloaded
 
 - name: postmap transport
-  command: postmap /etc/postfix/transport
+  ansible.builtin.command:
+    cmd: postmap /etc/postfix/transport
diff --git a/postfix/tasks/common.yml b/postfix/tasks/common.yml
index bcd5ed79..29e6dd07 100644
--- a/postfix/tasks/common.yml
+++ b/postfix/tasks/common.yml
@@ -1,7 +1,8 @@
 ---
 
 - name: check if main.cf is default
-  shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -'
+  ansible.builtin.shell:
+    cmd: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -'
   changed_when: False
   check_mode: no
   register: default_main_cf
@@ -9,7 +10,7 @@
     - postfix
 
 - name: add lines in /etc/.gitignore
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/.gitignore
     line: '{{ item }}'
     state: present
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index d8caf2b2..4ef2858a 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -1,12 +1,12 @@
 ---
 
-- include: common.yml
+- ansible.builtin.include: common.yml
 
-- include: minimal.yml
+- ansible.builtin.include: minimal.yml
   when: not (postfix_packmail | bool)
 
-- include: packmail.yml
+- ansible.builtin.include: packmail.yml
   when: postfix_packmail | bool
 
-- include: slow_transport.yml
+- ansible.builtin.include: slow_transport.yml
   when: postfix_slow_transport_include | bool
diff --git a/postfix/tasks/minimal.yml b/postfix/tasks/minimal.yml
index 970b9dcb..f8ea1b0b 100644
--- a/postfix/tasks/minimal.yml
+++ b/postfix/tasks/minimal.yml
@@ -1,13 +1,13 @@
 ---
 - name: ensure packages are installed
-  apt:
+  ansible.builtin.apt:
     name: postfix
     state: present
   tags:
   - postfix
 
 - name: create minimal main.cf
-  template:
+  ansible.builtin.template:
     src: evolinux_main.cf.j2
     dest: /etc/postfix/main.cf
     owner: root
diff --git a/postfix/tasks/packmail.yml b/postfix/tasks/packmail.yml
index 0407a72b..170dbd35 100644
--- a/postfix/tasks/packmail.yml
+++ b/postfix/tasks/packmail.yml
@@ -1,6 +1,6 @@
 ---
 - name: ensure packages are installed
-  apt:
+  ansible.builtin.apt:
     name:
       - postfix
       - postfix-ldap
@@ -11,7 +11,7 @@
   - postfix
 
 - name: make /var/lib/mailgraph accessible by www-data
-  file:
+  ansible.builtin.file:
     path: "/var/lib/mailgraph"
     state: directory
     owner: www-data
@@ -19,13 +19,13 @@
     mode: '0755'
 
 - name: make sure a service Mailgraph is running
-  systemd:
+  ansible.builtin.systemd:
     name: mailgraph.service
     state: started  
     enabled: true
 
 - name: create packmail main.cf
-  template:
+  ansible.builtin.template:
     src: packmail_main.cf.j2
     dest: /etc/postfix/main.cf
     owner: root
@@ -38,7 +38,7 @@
   - postfix
 
 - name: deploy packmail master.cf
-  template:
+  ansible.builtin.template:
     src: packmail_master.cf.j2
     dest: /etc/postfix/master.cf
     mode: "0644"
@@ -47,7 +47,7 @@
   - postfix
 
 - name: copy default filter files
-  copy:
+  ansible.builtin.copy:
     src: filter
     dest: "/etc/postfix/{{ item }}"
     force: no
@@ -68,7 +68,8 @@
   - postfix
 
 - name: postmap filter files
-  command: "postmap /etc/postfix/{{ item }}"
+  ansible.builtin.command:
+    cmd: "postmap /etc/postfix/{{ item }}"
   loop:
     - virtual
     - client.access
@@ -86,7 +87,7 @@
   - postfix
 
 - name: deploy ldap postfix config
-  template:
+  ansible.builtin.template:
     src: "{{ item }}.j2"
     dest: "/etc/postfix/{{ item }}"
     mode: "0644"
@@ -98,13 +99,13 @@
   tags:
   - postfix
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
   - postfix
 
 - name: copy spam.sh script
-  copy:
+  ansible.builtin.copy:
     src: spam.sh
     dest: /usr/share/scripts/spam.sh
     mode: "0700"
@@ -112,8 +113,8 @@
   - postfix
 
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   check_mode: no
   failed_when: False
@@ -121,7 +122,7 @@
   register: is_cron_installed
 
 - name: enable spam.sh cron
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/cron.d/spam
     line: "42 * * * * root /usr/share/scripts/spam.sh"
     create: yes
@@ -132,7 +133,8 @@
   - postfix
 
 - name: update antispam list
-  command: /usr/share/scripts/spam.sh
+  ansible.builtin.command:
+    cmd: /usr/share/scripts/spam.sh
   changed_when: False
   tags:
   - postfix
diff --git a/postfix/tasks/slow_transport.yml b/postfix/tasks/slow_transport.yml
index 2f1867ae..6e42ef1d 100644
--- a/postfix/tasks/slow_transport.yml
+++ b/postfix/tasks/slow_transport.yml
@@ -1,6 +1,6 @@
 ---
 - name: slow transport is defined in master.cf
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/postfix/master.cf
     regexp: "^slow "
     line: "slow      unix     -       -       n       -       -    smtp"
@@ -9,7 +9,7 @@
   - postfix
 
 - name: list of providers for slow transport
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/postfix/transport
     line: "{{ item }}"
     create: yes
diff --git a/postgresql/handlers/main.yml b/postgresql/handlers/main.yml
index 15a773dd..0cb017d4 100644
--- a/postgresql/handlers/main.yml
+++ b/postgresql/handlers/main.yml
@@ -1,26 +1,28 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart postgresql
-  systemd:
+  ansible.builtin.systemd:
     name: postgresql
     state: restarted
     daemon_reload: yes
 
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon-reload: yes
 
 - name: Restart minifirewall
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
 
 - name: reconfigure locales
-  command: dpkg-reconfigure -f noninteractive locales
+  ansible.builtin.command:
+    cmd: dpkg-reconfigure -f noninteractive locales
diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml
index 966f0930..87091b8f 100644
--- a/postgresql/tasks/config.yml
+++ b/postgresql/tasks/config.yml
@@ -1,12 +1,12 @@
 ---
 - name: Ensure /etc/systemd/system/postgresql.service.d exists
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/postgresql@.service.d
     state: directory
     recurse: true
 
 - name: Override PostgreSQL systemd unit
-  copy:
+  ansible.builtin.copy:
     src: postgresql.service.override.conf
     dest: /etc/systemd/system/postgresql@.service.d/override.conf
     force: yes
@@ -16,13 +16,13 @@
     - restart postgresql
 
 - name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
-  lineinfile:
+  ansible.builtin.lineinfile:
     name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
     line: include_dir = 'conf.d'
   notify: restart postgresql
 
 - name: Create conf.d directory
-  file:
+  ansible.builtin.file:
     name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/"
     state: directory
     owner: postgres
@@ -30,7 +30,7 @@
     mode: "0755"
 
 - name: Copy PostgreSQL config file
-  template:
+  ansible.builtin.template:
     src: postgresql.conf.j2
     dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf"
     owner: postgres
@@ -38,4 +38,4 @@
     mode: "0644"
   notify: restart postgresql
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
diff --git a/postgresql/tasks/locales.yml b/postgresql/tasks/locales.yml
index 8cf70989..30d21001 100644
--- a/postgresql/tasks/locales.yml
+++ b/postgresql/tasks/locales.yml
@@ -1,9 +1,9 @@
 ---
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: select locales to be generated
-  locale_gen:
+  community.general.locale_gen:
     name: "{{ item }}"
     state: present
   loop:
@@ -12,7 +12,7 @@
   notify: reconfigure locales
 
 - name: set default locale
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/locale"
     regexp: "^LANG="
     line: "LANG={{ locales_default }}"
diff --git a/postgresql/tasks/logrotate.yml b/postgresql/tasks/logrotate.yml
index f67f407a..55adc5bd 100644
--- a/postgresql/tasks/logrotate.yml
+++ b/postgresql/tasks/logrotate.yml
@@ -1,6 +1,6 @@
 ---
 - name: logrotate configuration
-  copy:
+  ansible.builtin.copy:
     src: logrotate_postgresql
     dest: /etc/logrotate.d/postgresql-common
     force: no
diff --git a/postgresql/tasks/munin.yml b/postgresql/tasks/munin.yml
index feb0b678..f826a639 100644
--- a/postgresql/tasks/munin.yml
+++ b/postgresql/tasks/munin.yml
@@ -1,16 +1,16 @@
 ---
 - name: Are Munin plugins present in /etc ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugins
   register: etc_munin_plugins
 
 - name: Are Munin plugins present in /usr/share ?
-  stat:
+  ansible.builtin.stat:
     path: /usr/share/munin/plugins
   register: usr_share_munin_plugins
 
 - name: Add Munin plugins for PostgreSQL
-  file:
+  ansible.builtin.file:
     state: link
     src: '/usr/share/munin/plugins/{{ item }}'
     dest: '/etc/munin/plugins/{{ item }}'
@@ -24,7 +24,7 @@
   when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists
 
 - name: Add Munin plugins for PostgreSQL (for specific databases)
-  file:
+  ansible.builtin.file:
     state: link
     src: '/usr/share/munin/plugins/{{ item[0] }}'
     dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}'
diff --git a/postgresql/tasks/nrpe.yml b/postgresql/tasks/nrpe.yml
index 833ab1ea..a4d1ef49 100644
--- a/postgresql/tasks/nrpe.yml
+++ b/postgresql/tasks/nrpe.yml
@@ -1,28 +1,29 @@
 ---
 - name: apg package is installed
-  apt:
+  ansible.builtin.apt:
     name: apg
     state: present
 
 - name: Generate random password for nrpe user
-  command: apg -n1 -m 12 -M SCNL
+  ansible.builtin.command:
+    cmd: apg -n1 -m 12 -M SCNL
   register: postgresql_nrpe_password
   changed_when: False
 
 - name: python-psycopg2 is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name: python-psycopg2
     state: present
   when: ansible_python_version is version('3', '<')
 
 - name: python3-psycopg2 is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name: python3-psycopg2
     state: present
   when: ansible_python_version is version('3', '>=')
 
 - name: Is nrpe present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   register: nrpe_evolix_config
 
@@ -30,7 +31,7 @@
   - name: Create nrpe user
     become: yes
     become_user: postgres
-    postgresql_user:
+    community.postgresql.postgresql_user:
       name: nrpe
       password: '{{ postgresql_nrpe_password.stdout }}'
       encrypted: yes
@@ -39,7 +40,7 @@
     when: nrpe_evolix_config.stat.exists
 
   - name: Add NRPE check
-    lineinfile:
+    ansible.builtin.lineinfile:
       name: /etc/nagios/nrpe.d/evolix.cfg
       regexp: '^command\[check_pgsql\]='
       line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
diff --git a/postgresql/tasks/packages_bullseye.yml b/postgresql/tasks/packages_bullseye.yml
index bfbac181..4f42119b 100644
--- a/postgresql/tasks/packages_bullseye.yml
+++ b/postgresql/tasks/packages_bullseye.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: "Set variables (Debian 11)"
-  set_fact:
+  ansible.builtin.set_fact:
     postgresql_version: '13'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- ansible.builtin.include: pgdg-repo.yml
   when: postgresql_version != '13'
 
 - name: Install postgresql package
-  apt:
+  ansible.builtin.apt:
     name:
       - "postgresql-{{ postgresql_version }}"
       - pgtop
diff --git a/postgresql/tasks/packages_buster.yml b/postgresql/tasks/packages_buster.yml
index 3e8851fb..f35182ba 100644
--- a/postgresql/tasks/packages_buster.yml
+++ b/postgresql/tasks/packages_buster.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: "Set variables (Debian 10)"
-  set_fact:
+  ansible.builtin.set_fact:
     postgresql_version: '11'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- ansible.builtin.include: pgdg-repo.yml
   when: postgresql_version != '11'
 
 - name: Install postgresql package
-  apt:
+  ansible.builtin.apt:
     name:
       - "postgresql-{{ postgresql_version }}"
       - pgtop
diff --git a/postgresql/tasks/packages_jessie.yml b/postgresql/tasks/packages_jessie.yml
index 70b5e181..632ddacb 100644
--- a/postgresql/tasks/packages_jessie.yml
+++ b/postgresql/tasks/packages_jessie.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: "Set variables (Debian 8)"
-  set_fact:
+  ansible.builtin.set_fact:
     postgresql_version: '9.4'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- ansible.builtin.include: pgdg-repo.yml
   when: postgresql_version != '9.4'
 
 - name: Install postgresql package
-  apt:
+  ansible.builtin.apt:
     name:
       - "postgresql-{{ postgresql_version }}"
       - ptop
diff --git a/postgresql/tasks/packages_stretch.yml b/postgresql/tasks/packages_stretch.yml
index 97a71952..494fce3f 100644
--- a/postgresql/tasks/packages_stretch.yml
+++ b/postgresql/tasks/packages_stretch.yml
@@ -1,15 +1,15 @@
 ---
 
 - name: "Set variables (Debian 9)"
-  set_fact:
+  ansible.builtin.set_fact:
     postgresql_version: '9.6'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- ansible.builtin.include: pgdg-repo.yml
   when: postgresql_version != '9.6'
 
 - name: Install postgresql package
-  apt:
+  ansible.builtin.apt:
     name:
       - "postgresql-{{ postgresql_version }}"
       - ptop
diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml
index 9db20921..e9f25307 100644
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@@ -1,15 +1,15 @@
 ---
 - name: Open firewall for PGDG repository
-  replace:
+  ansible.builtin.replace:
     name: /etc/default/minifirewall
     regexp: "^(HTTPSITES='((?!apt\\.postgresql\\.org|0\\.0\\.0\\.0).)*)'$"
     replace: "\\1 apt.postgresql.org'"
   notify: Restart minifirewall
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
 
 - name: Add PGDG GPG key
-  copy:
+  ansible.builtin.copy:
     src: postgresql.asc
     dest: "{{ apt_keyring_dir }}/postgresql.asc"
     force: yes
@@ -18,7 +18,7 @@
     group: root
 
 - name: Add PGDG repository (Debian <12)
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
     filename: postgresql
     update_cache: yes
@@ -38,7 +38,7 @@
   when: elastic_sources is changed
 
 - name: Add APT preference file
-  template:
+  ansible.builtin.template:
     src: postgresql.pref.j2
     dest: /etc/apt/preferences.d/postgresql.pref
     mode: "0644"
diff --git a/postgresql/tasks/postgis.yml b/postgresql/tasks/postgis.yml
index dbd511e9..ea50fc61 100644
--- a/postgresql/tasks/postgis.yml
+++ b/postgresql/tasks/postgis.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install PostGIS extention
-  apt:
+  ansible.builtin.apt:
     name:
       - postgis
       - "postgresql-{{ postgresql_version }}-postgis-2.5"
diff --git a/postgresql/tests/test.yml b/postgresql/tests/test.yml
index 88714dd1..5472e972 100644
--- a/postgresql/tests/test.yml
+++ b/postgresql/tests/test.yml
@@ -3,13 +3,13 @@
 
   pre_tasks:
   - name: Install locales
-    apt:
+    ansible.builtin.apt:
       name: locales
       state: present
     changed_when: False
 
   - name: Setting default locales
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: /etc/locale.gen
       line: "{{ item }}"
       create: yes
@@ -22,7 +22,8 @@
     register: test_locales
 
   - name: Reconfigure locales
-    command: /usr/sbin/locale-gen
+    ansible.builtin.command:
+      cmd: /usr/sbin/locale-gen
     changed_when: False
     when: test_locales is changed
 
diff --git a/proftpd/handlers/main.yml b/proftpd/handlers/main.yml
index 0914d289..2b320f4a 100644
--- a/proftpd/handlers/main.yml
+++ b/proftpd/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart proftpd
-  service:
+  ansible.builtin.service:
     name: proftpd
     state: restarted
diff --git a/proftpd/tasks/account.yml b/proftpd/tasks/account.yml
index cfe82156..4ad009e2 100644
--- a/proftpd/tasks/account.yml
+++ b/proftpd/tasks/account.yml
@@ -1,6 +1,7 @@
 ---
 - name: Check if FTP account exist
-  command: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd
+  ansible.builtin.command:
+    cmd: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd
   failed_when: False
   check_mode: no
   changed_when: check_ftp_account.rc != 0
@@ -9,7 +10,8 @@
     - proftpd
 
 - name: Generate FTP password
-  command: apg -n1
+  ansible.builtin.command:
+    cmd: apg -n1
   register: ftp_password
   check_mode: no
   when: check_ftp_account.rc != 0
@@ -17,14 +19,14 @@
     - proftpd
 
 - name: Print generated password
-  debug:
+  ansible.builtin.debug:
     msg: "{{ ftp_password.stdout }}"
   when: check_ftp_account.rc != 0
   tags:
     - proftpd
 
 - name: Hash generated FTP password
-  set_fact:
+  ansible.builtin.set_fact:
     proftpd_password: "{{ ftp_password.stdout | password_hash('sha512') }}"
   check_mode: no
   when: check_ftp_account.rc != 0
@@ -32,7 +34,8 @@
     - proftpd
 
 - name: Get current FTP password
-  shell: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
+  ansible.builtin.shell:
+    cmd: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
   register: hashed_ftp_password
   check_mode: no
   when: check_ftp_account.rc == 0
@@ -41,7 +44,7 @@
     - proftpd
 
 - name: Get current FTP password
-  set_fact:
+  ansible.builtin.set_fact:
     proftpd_password: "{{ hashed_ftp_password.stdout }}"
   check_mode: no
   when: check_ftp_account.rc == 0
@@ -50,7 +53,7 @@
     - proftpd
 
 - name: Create FTP account
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/vpasswd
     state: present
     create: yes
@@ -61,7 +64,7 @@
     - proftpd
 
 - name: Allow FTP account
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/conf.d/z-evolinux.conf
     state: present
     line: "	AllowUser {{ proftpd_name }}"
diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml
index b5cc5e85..99b036c9 100644
--- a/proftpd/tasks/accounts.yml
+++ b/proftpd/tasks/accounts.yml
@@ -1,11 +1,11 @@
 ---
-- include: accounts_password.yml
+- ansible.builtin.include: accounts_password.yml
   when: item.password is undefined
   loop: "{{ proftpd_accounts }}"
   tags:
     - proftpd
 
-- set_fact:
+- ansible.builtin.set_fact:
     proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
   when: item.password is defined
   loop: "{{ proftpd_accounts }}"
@@ -13,7 +13,7 @@
     - proftpd
 
 - name: Create FTP account
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/vpasswd
     state: present
     create: yes
@@ -26,7 +26,7 @@
     - proftpd
 
 - name: Allow FTP account (FTP)
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/conf.d/z-evolinux.conf
     state: present
     line: "\tAllowUser {{ item.name }}"
@@ -38,7 +38,7 @@
     - proftpd
 
 - name: Allow FTP account (FTPS)
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/conf.d/ftps.conf
     state: present
     line: "\tAllowUser {{ item.name }}"
@@ -50,7 +50,7 @@
     - proftpd
 
 - name: Allow FTP account (SFTP)
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/proftpd/conf.d/sftp.conf
     state: present
     line: "\tAllowUser {{ item.name }}"
@@ -62,7 +62,7 @@
     - proftpd
 
 - name: Allow keys for SFTP account
-  template:
+  ansible.builtin.template:
     dest: "/etc/proftpd/sftp.authorized_keys/{{ _proftpd_account.name }}"
     src: authorized_keys.j2
     mode: 0644
diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml
index 3ae37c88..0b986f39 100644
--- a/proftpd/tasks/accounts_password.yml
+++ b/proftpd/tasks/accounts_password.yml
@@ -1,6 +1,7 @@
 ---
 - name: Check if FTP account exist
-  command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
+  ansible.builtin.command:
+    cmd: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
   failed_when: False
   check_mode: no
   changed_when: check_ftp_account.rc != 0
@@ -9,13 +10,14 @@
 - block:
 
   - name: Get current FTP password
-    shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
+    ansible.builtin.shell:
+      cmd: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
     register: protftpd_cur_password
     check_mode: no
     changed_when: False
 
   - name: Set password for this account
-    set_fact:
+    ansible.builtin.set_fact:
       protftpd_password: "{{ protftpd_cur_password.stdout }}"
 
   when: check_ftp_account.rc == 0
@@ -23,20 +25,21 @@
 - block:
 
   - name: Generate FTP password
-    command: "apg -n 1 -m 16 -M lcN"
+    ansible.builtin.command:
+      cmd: "apg -n 1 -m 16 -M lcN"
     register: proftpd_apg_password
     check_mode: no
 
   - name: Print generated password
-    debug:
+    ansible.builtin.debug:
       msg: "{{ proftpd_apg_password.stdout }}"
 
   - name: Hash generated password
-    set_fact:
+    ansible.builtin.set_fact:
       protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}"
 
   when: check_ftp_account.rc != 0
 
 - name: Update proftpd_accounts with password
-  set_fact:
+  ansible.builtin.set_fact:
     proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}"
diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml
index 3afc69cb..ce292ad5 100644
--- a/proftpd/tasks/main.yml
+++ b/proftpd/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: package is installed
-  apt:
+  ansible.builtin.apt:
     name: proftpd-basic
     state: present
   tags:
@@ -8,7 +8,8 @@
     - packages
 
 - name: ftpusers groupe exists
-  group:
+
+  ansible.builtin.group:
     name: ftpusers
     state: present
   notify: restart proftpd
@@ -16,7 +17,7 @@
     - proftpd
 
 - name: FTP jail is installed
-  template:
+  ansible.builtin.template:
     src: evolinux.conf.j2
     dest: /etc/proftpd/conf.d/z-evolinux.conf
     mode: "0644"
@@ -27,7 +28,7 @@
     - proftpd
 
 - name: FTPS jail is installed
-  template:
+  ansible.builtin.template:
     src: ftps.conf.j2
     dest: /etc/proftpd/conf.d/ftps.conf
     mode: "0644"
@@ -38,7 +39,7 @@
     - proftpd
 
 - name: SFTP jail is installed
-  template:
+  ansible.builtin.template:
     src: sftp.conf.j2
     dest: /etc/proftpd/conf.d/sftp.conf
     mode: "0644"
@@ -49,7 +50,7 @@
     - proftpd
 
 - name: SFTP key folder exists if needed
-  file:
+  ansible.builtin.file:
     path: /etc/proftpd/sftp.authorized_keys/
     state: directory
     mode: "0755"
@@ -63,7 +64,7 @@
     - proftpd
 
 - name: mod_tls_memcache is disabled
-  replace:
+  ansible.builtin.replace:
     dest: /etc/proftpd/modules.conf
     regexp: '^LoadModule mod_tls_memcache.c'
     replace: '#LoadModule mod_tls_memcache.c'
@@ -72,7 +73,7 @@
     - proftpd
 
 - name: Put empty vpasswd file if missing
-  copy:
+  ansible.builtin.copy:
     src: vpasswd
     dest: /etc/proftpd/vpasswd
     force: no
@@ -84,7 +85,7 @@
 # So, readonly when opened with vim.
 # Then readable by group.
 - name: Enforce permissions on password file
-  file:
+  ansible.builtin.file:
     path: /etc/proftpd/vpasswd
     mode: "0440"
     owner: root
@@ -93,5 +94,5 @@
   tags:
     - proftpd
 
-- include: accounts.yml
+- ansible.builtin.include: accounts.yml
   when: proftpd_accounts | length > 0
diff --git a/rabbitmq/handlers/main.yml b/rabbitmq/handlers/main.yml
index 9f73baa6..ecd03471 100644
--- a/rabbitmq/handlers/main.yml
+++ b/rabbitmq/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: restart rabbitmq
-  service:
+  ansible.builtin.service:
     name: rabbitmq-server
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/rabbitmq/tasks/main.yml b/rabbitmq/tasks/main.yml
index a3438adc..f485bc1f 100644
--- a/rabbitmq/tasks/main.yml
+++ b/rabbitmq/tasks/main.yml
@@ -1,10 +1,10 @@
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: rabbitmq-server
     state: present
 
 - name: Create rabbitmq-env.conf
-  copy:
+  ansible.builtin.copy:
     src: evolinux-rabbitmq-env.conf
     dest: /etc/rabbitmq/rabbitmq-env.conf
     owner: rabbitmq
@@ -13,7 +13,7 @@
     force: no
 
 - name: Create rabbitmq.config
-  copy:
+  ansible.builtin.copy:
     src: evolinux-rabbitmq.config
     dest: /etc/rabbitmq/rabbitmq.config
     owner: rabbitmq
@@ -22,34 +22,34 @@
     force: no
 
 - name: Adjust ulimit
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/default/rabbitmq-server
     line: ulimit -n 2048
 
 - name: is NRPE present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   check_mode: no
   register: nrpe_evolix_config
   tags:
     - nrpe
 
-- include: nrpe.yml
+- ansible.builtin.include: nrpe.yml
   when: nrpe_evolix_config.stat.exists
 
 - name: is Munin present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin
   check_mode: no
   register: etc_munin_directory
   tags:
     - nrpe
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
   when: etc_munin_directory.stat.exists
 
 - name: entry for RabbitMQ in web page is present
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     insertbefore: '</ul>'
     line: '<li><a href="/rabbitmq.html">RabbitMQ</a></li>'
diff --git a/rabbitmq/tasks/munin.yml b/rabbitmq/tasks/munin.yml
index cb872391..63ad5a15 100644
--- a/rabbitmq/tasks/munin.yml
+++ b/rabbitmq/tasks/munin.yml
@@ -1,13 +1,13 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - rabbitmq
     - munin
 
 - name: Create local munin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
@@ -16,7 +16,7 @@
     - munin
 
 - name: Create local plugins directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
@@ -25,7 +25,7 @@
     - munin
 
 - name: Copy rabbitmq_connections munin plugin
-  copy:
+  ansible.builtin.copy:
     src: rabbitmq_connections
     dest: /usr/local/share/munin/plugins/rabbitmq_connections
     mode: "0755"
@@ -35,7 +35,7 @@
     - munin
 
 - name: Enable rabbitmq_connections munin plugin
-  file:
+  ansible.builtin.file:
     src: /usr/local/share/munin/plugins/rabbitmq_connections
     dest: "/etc/munin/plugins/rabbitmq_connections"
     state: link
diff --git a/rabbitmq/tasks/nrpe.yml b/rabbitmq/tasks/nrpe.yml
index b2f2a3a8..f491a68c 100644
--- a/rabbitmq/tasks/nrpe.yml
+++ b/rabbitmq/tasks/nrpe.yml
@@ -1,23 +1,23 @@
 ---
 
 - name: python-requests is installed (check_rabbitmq dependency)
-  apt:
+  ansible.builtin.apt:
     name: python-requests
     state: present
   when: ansible_python_version is version('3', '<')
 
 - name: python3-requests is installed (check_rabbitmq dependency)
-  apt:
+  ansible.builtin.apt:
     name: python3-requests
     state: present
   when: ansible_python_version is version('3', '>=')
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 # https://raw.githubusercontent.com/CaptPhunkosis/check_rabbitmq/master/check_rabbitmq
 - name: check_rabbitmq is installed
-  copy:
+  ansible.builtin.copy:
     src: check_rabbitmq
     dest: /usr/local/lib/nagios/plugins/check_rabbitmq
     owner: root
@@ -27,7 +27,7 @@
   when: ansible_distribution_major_version is version('11', '<=')
 
 - name: check_rabbitmq (Python 3 version) is installed
-  copy:
+  ansible.builtin.copy:
     src: check_rabbitmq.python3
     dest: /usr/local/lib/nagios/plugins/check_rabbitmq
     owner: root
@@ -37,14 +37,14 @@
   when: ansible_distribution_major_version is version('11', '>=')
 
 - name: check_rabbitmq is available for NRPE
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     regexp: 'command\[check_rab_connection_count\]'
     line: 'command[check_rab_connection_count]=sudo /usr/local/lib/nagios/plugins/check_rabbitmq -a connection_count -C {{ rabbitmq_connections_critical }} -W {{ rabbitmq_connections_warning }}'
   notify: restart nagios-nrpe-server
 
 - name: sudo without password for nagios
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers.d/evolinux
     regexp: 'check_rabbitmq'
     line: 'nagios          ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_rabbitmq'
diff --git a/rbenv/tasks/main.yml b/rbenv/tasks/main.yml
index 8294cfdc..4362c5db 100644
--- a/rbenv/tasks/main.yml
+++ b/rbenv/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Rbenv dependencies are installed"
-  apt:
+  ansible.builtin.apt:
     name:
       - build-essential
       - git
@@ -19,7 +19,7 @@
     - packages
 
 - name: "gemrc for {{ username }}"
-  copy:
+  ansible.builtin.copy:
     src: gemrc
     dest: "~{{ username }}/.gemrc"
     owner: '{{ username }}'
@@ -28,7 +28,7 @@
     - rbenv
 
 - name: "Rbenv repository is checked out for {{ username }}"
-  git:
+  ansible.builtin.git:
     repo: '{{ rbenv_repo }}'
     dest: '{{ rbenv_root }}'
     version: '{{ rbenv_version }}'
@@ -40,7 +40,7 @@
     - rbenv
 
 - name: "default gems are installed for {{ username }}"
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '{{ rbenv_root }}/default-gems'
     line: "{{ item }}"
     owner: '{{ username }}'
@@ -53,7 +53,7 @@
     - rbenv
 
 - name: "plugins directory for {{ username }}"
-  file:
+  ansible.builtin.file:
     path: '{{ rbenv_root }}/plugins'
     state: directory
   become_user: "{{ username }}"
@@ -62,7 +62,7 @@
     - rbenv
 
 - name: "plugins are installed for {{ username }}"
-  git:
+  ansible.builtin.git:
     repo: '{{ item.repo }}'
     dest: '{{ rbenv_root }}/plugins/{{ item.name }}'
     version: '{{ item.version }}'
@@ -75,7 +75,7 @@
     - rbenv
 
 - name: "Rbenv is initialized in profile for {{ username }}"
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: '~{{ username }}/.profile'
     marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
     block: |
@@ -87,7 +87,8 @@
     - rbenv
 
 - name: "is Ruby {{ rbenv_ruby_version }} available for {{ username }} ?"
-  shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}"
+  ansible.builtin.shell:
+    cmd: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}"
   failed_when: False
   changed_when: False
   check_mode: False
@@ -98,7 +99,8 @@
     - rbenv
 
 - name: "Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long)"
-  shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}"
+  ansible.builtin.shell:
+    cmd: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}"
   when: ruby_installed.rc != 0
   become_user: "{{ username }}"
   become: yes
@@ -106,7 +108,8 @@
     - rbenv
 
 - name: "is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ?"
-  shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'"
+  ansible.builtin.shell:
+    cmd: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'"
   register: ruby_selected
   changed_when: False
   failed_when: False
@@ -117,7 +120,8 @@
     - rbenv
 
 - name: "select Ruby {{ rbenv_ruby_version }} for {{ username }}"
-  shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash"
+  ansible.builtin.shell:
+    cmd: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash"
   when: ruby_selected.rc != 0
   become_user: "{{ username }}"
   become: yes
diff --git a/redis/handlers/main.yml b/redis/handlers/main.yml
index 6d870b39..73a7a09d 100644
--- a/redis/handlers/main.yml
+++ b/redis/handlers/main.yml
@@ -1,30 +1,30 @@
 ---
 - name: restart redis
-  systemd:
+  ansible.builtin.systemd:
     name: "{{ redis_systemd_name }}"
     state: restarted
 
 - name: restart redis (noop)
-  meta: noop
+  ansible.builtin.meta: noop
   failed_when: False
   changed_when: False
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart nagios-nrpe-server
-  service:
+  ansible.builtin.service:
     name: nagios-nrpe-server
     state: restarted
 
 - name: restart log2mail
-  service:
+  ansible.builtin.service:
     name: log2mail
     state: restarted
 
 - name: restart sysfsutils
-  service:
+  ansible.builtin.service:
     name: sysfsutils
     state: restarted
diff --git a/redis/tasks/default-log2mail.yml b/redis/tasks/default-log2mail.yml
index 3c50cab7..55466e16 100644
--- a/redis/tasks/default-log2mail.yml
+++ b/redis/tasks/default-log2mail.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: log2mail config is present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/log2mail/config/redis.conf
     owner: log2mail
     group: adm
@@ -19,7 +19,7 @@
     - log2mail
 
 - name: log2mail user is in redis group
-  user:
+  ansible.builtin.user:
     name: log2mail
     groups: redis
     append: yes
diff --git a/redis/tasks/default-munin.yml b/redis/tasks/default-munin.yml
index 1c9ab759..44c45011 100644
--- a/redis/tasks/default-munin.yml
+++ b/redis/tasks/default-munin.yml
@@ -1,18 +1,18 @@
 ---
 - name: Install munin check dependencies
-  apt:
+  ansible.builtin.apt:
     name: libswitch-perl
     state: present
   tags:
     - redis
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - redis
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
@@ -20,7 +20,7 @@
     - redis
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
@@ -28,7 +28,7 @@
     - redis
 
 - name: Copy redis munin plugin
-  copy:
+  ansible.builtin.copy:
     src: munin_redis
     dest: /usr/local/share/munin/plugins/redis_
     mode: "0755"
@@ -37,7 +37,7 @@
     - redis
 
 - name: Enable redis munin plugin
-  file:
+  ansible.builtin.file:
     src: /usr/local/share/munin/plugins/redis_
     dest: "/etc/munin/plugins/redis_{{ plugin_name }}"
     state: link
@@ -56,14 +56,15 @@
     - redis
 
 - name: Count redis condif blocks in munin-node configuration
-  command: grep -c "\[redis_"  /etc/munin/plugin-conf.d/munin-node
+  ansible.builtin.command:
+    cmd: grep -c "\[redis_"  /etc/munin/plugin-conf.d/munin-node
   register: munin_redis_blocs_in_config
   failed_when: False
   changed_when: False
   check_mode: no
 
 - name: Add redis password for munin (if no more than 1 config block)
-  ini_file:
+  community.general.ini_file:
     dest: /etc/munin/plugin-conf.d/munin-node
     section: 'redis_*'
     option: env.password
@@ -77,7 +78,7 @@
 
 
 - name: Warn if multiple instance in munin-plugins configuration
-  debug:
+  ansible.builtin.debug:
     msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
   when:
     - redis_password is not none
diff --git a/redis/tasks/default-server.yml b/redis/tasks/default-server.yml
index 10b4d382..89a664e6 100644
--- a/redis/tasks/default-server.yml
+++ b/redis/tasks/default-server.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Redis is configured.
-  template:
+  ansible.builtin.template:
     src: redis.conf.j2
     dest: "{{ redis_conf_dir }}/redis.conf"
     mode: "0640"
@@ -12,7 +12,7 @@
     - redis
 
 - name: Config directory permissions are set
-  file:
+  ansible.builtin.file:
     dest: "{{ redis_conf_dir }}"
     mode: "0750"
     owner: redis
@@ -21,7 +21,7 @@
     - redis
 
 - name: Redis is running and enabled on boot.
-  systemd:
+  ansible.builtin.systemd:
     name: "{{ redis_systemd_name }}"
     enabled: yes
     state: started
diff --git a/redis/tasks/instance-log2mail.yml b/redis/tasks/instance-log2mail.yml
index a20e1a0a..c57e5745 100644
--- a/redis/tasks/instance-log2mail.yml
+++ b/redis/tasks/instance-log2mail.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: log2mail config is present
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /etc/log2mail/config/redis.conf
     owner: log2mail
     group: adm
diff --git a/redis/tasks/instance-munin.yml b/redis/tasks/instance-munin.yml
index 72865e98..3d2274e7 100644
--- a/redis/tasks/instance-munin.yml
+++ b/redis/tasks/instance-munin.yml
@@ -1,18 +1,18 @@
 ---
 - name: Install munin check dependencies
-  apt:
+  ansible.builtin.apt:
     name: libswitch-perl
     state: present
   tags:
     - redis
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - redis
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
@@ -20,7 +20,7 @@
     - redis
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
@@ -28,7 +28,7 @@
     - redis
 
 - name: Copy redis munin plugin
-  copy:
+  ansible.builtin.copy:
     src: munin_redis
     dest: /usr/local/share/munin/plugins/redis_
     mode: "0755"
@@ -37,7 +37,7 @@
     - redis
 
 - name: Enable redis munin plugin
-  file:
+  ansible.builtin.file:
     src: /usr/local/share/munin/plugins/redis_
     dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ plugin_name }}"
     state: link
@@ -56,7 +56,7 @@
     - redis
 
 - name: Configure redis plugin for munin
-  template:
+  ansible.builtin.template:
     src: templates/munin-plugin-instances.conf.j2
     dest: '/etc/munin/plugin-conf.d/evolinux.redis_{{ redis_instance_name }}'
     mode: "0740"
diff --git a/redis/tasks/instance-server.yml b/redis/tasks/instance-server.yml
index 3f70733e..42dc1876 100644
--- a/redis/tasks/instance-server.yml
+++ b/redis/tasks/instance-server.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: Verify Redis port
-  assert:
+  ansible.builtin.assert:
     that:
       - redis_port | int != 6379
     msg: "If you want to use port 6379, use the default instance, not a named instance."
   when: not (redis_force_instance_port | bool)
 
 - name: "Instance '{{ redis_instance_name }}' group is present"
-  group:
+
+  ansible.builtin.group:
     name: "redis-{{ redis_instance_name }}"
     state: present
     system: True
@@ -16,7 +17,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' user is present"
-  user:
+  ansible.builtin.user:
     name: "redis-{{ redis_instance_name }}"
     group: "redis-{{ redis_instance_name }}"
     state: present
@@ -26,7 +27,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' config directory is present"
-  file:
+  ansible.builtin.file:
     dest: "{{ redis_conf_dir }}"
     mode: "0750"
     owner: "redis-{{ redis_instance_name }}"
@@ -37,7 +38,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' config hooks directories are present"
-  file:
+  ansible.builtin.file:
     dest: "{{ _dir }}"
     mode: "0750"
     owner: "redis-{{ redis_instance_name }}"
@@ -58,7 +59,8 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' hooks examples are present"
-  command: "cp -a /etc/redis/{{ _dir }}/00_example {{ redis_conf_dir }}/{{ _dir }}"
+  ansible.builtin.command:
+    cmd: "cp -a /etc/redis/{{ _dir }}/00_example {{ redis_conf_dir }}/{{ _dir }}"
   args:
     creates: "{{ redis_conf_dir }}/{{ _dir }}/00_example"
   loop:
@@ -75,7 +77,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' socket/pid directories are present"
-  file:
+  ansible.builtin.file:
     dest: "{{ _dir }}"
     mode: "0755"
     owner: "redis-{{ redis_instance_name }}"
@@ -91,7 +93,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' data/log directories are present"
-  file:
+  ansible.builtin.file:
     dest: "{{ _dir }}"
     mode: "0751"
     owner: "redis-{{ redis_instance_name }}"
@@ -107,7 +109,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' log file are present"
-  file:
+  ansible.builtin.file:
     path: "{{ redis_log_dir }}/redis-server.log"
     mode: "660"
     owner: "redis-{{ redis_instance_name }}"
@@ -118,7 +120,7 @@
 
 
 - name: "Instance '{{ redis_instance_name }}' configuration file is present"
-  template:
+  ansible.builtin.template:
     src: redis.conf.j2
     dest: "{{ redis_conf_dir }}/redis.conf"
     mode: "0640"
@@ -129,7 +131,7 @@
     - redis
 
 - name: Systemd template for redis instances is installed (Debian 8)
-  template:
+  ansible.builtin.template:
     src: 'redis-server@jessie.service.j2'
     dest: '/etc/systemd/system/redis-server@.service'
     mode: "0644"
@@ -142,7 +144,7 @@
     - redis
 
 - name: Systemd template for redis instances is installed (Debian 9)
-  template:
+  ansible.builtin.template:
     src: 'redis-server@stretch.service.j2'
     dest: '/etc/systemd/system/redis-server@.service'
     mode: "0644"
@@ -155,7 +157,7 @@
     - redis
 
 - name: Systemd template for redis instances is installed (Debian 10 or later)
-  template:
+  ansible.builtin.template:
     src: 'redis-server@buster.service.j2'
     dest: '/etc/systemd/system/redis-server@.service'
     mode: "0644"
@@ -168,7 +170,7 @@
     - redis
 
 - name: "Instance '{{ redis_instance_name }}' systemd unit is enabled and started"
-  systemd:
+  ansible.builtin.systemd:
     name: "{{ redis_systemd_name }}"
     enabled: yes
     state: started
@@ -177,7 +179,7 @@
     - redis
 
 - name: Redis SysVinit script is stopped and disabled
-  service:
+  ansible.builtin.service:
     name: "redis-server"
     enabled: no
     state: stopped
diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml
index 24315b42..1077811b 100644
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 
-- set_fact:
+- ansible.builtin.set_fact:
     redis_restart_handler_name: "{{ redis_restart_if_needed | bool | ternary('restart redis', 'restart redis (noop)') }}"
 
 - name: Linux kernel overcommit memory setting is enabled
-  sysctl:
+  ansible.posix.sysctl:
     name: "vm.overcommit_memory"
     value: "1"
     sysctl_file: "/etc/sysctl.d/evolinux-redis.conf"
@@ -12,11 +12,11 @@
     reload: yes
 
 - name: Customize Kernel Transparent Huge Page
-  include: thp.yml
+  ansible.builtin.include: thp.yml
   when: redis_sysctl_transparent_hugepage_enabled is not none
 
 - name: Redis is installed
-  apt:
+  ansible.builtin.apt:
     name:
       - redis-server
       - redis-tools
@@ -26,7 +26,7 @@
     - packages
 
 - name: Redis Sentinel is installed
-  apt:
+  ansible.builtin.apt:
     name: "redis-sentinel"
     state: present
   tags:
@@ -35,21 +35,22 @@
   when: redis_sentinel_install | bool
 
 - name: Get Redis version
-  shell: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'"
+  ansible.builtin.shell:
+    cmd: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'"
   changed_when: False
   check_mode: no
   register: _redis_installed_version
   tags:
     - redis
 
-- set_fact:
+- ansible.builtin.set_fact:
     redis_installed_version: "{{ _redis_installed_version.stdout }}"
   check_mode: no
   tags:
     - redis
 
 - name: set variables for default mode
-  set_fact:
+  ansible.builtin.set_fact:
     redis_conf_dir: "{{ redis_conf_dir_prefix }}"
     redis_socket_dir: "{{ redis_socket_dir_prefix }}"
     redis_pid_dir: "{{ redis_pid_dir_prefix }}"
@@ -58,7 +59,7 @@
   when: redis_instance_name is not defined
 
 - name: set variables for instance mode
-  set_fact:
+  ansible.builtin.set_fact:
     redis_systemd_name: "redis-server@{{ redis_instance_name }}"
     redis_conf_dir: "{{ redis_conf_dir_prefix }}-{{ redis_instance_name }}"
     redis_socket_dir: "{{ redis_socket_dir_prefix }}-{{ redis_instance_name }}"
@@ -68,7 +69,7 @@
   when: redis_instance_name is defined
 
 - name: Fail if redis_bind_interface is set
-  fail:
+  ansible.builtin.fail:
     msg: "Please change 'redis_bind_interface' (String) to 'redis_bind_interfaces' (List)"
   when:
     - redis_bind_interface is defined
@@ -76,15 +77,15 @@
     - redis_bind_interface | length > 0
 
 - name: configure Redis for default mode
-  include: default-server.yml
+  ansible.builtin.include: default-server.yml
   when: redis_instance_name is not defined
 
 - name: configure Redis for instance mode
-  include: instance-server.yml
+  ansible.builtin.include: instance-server.yml
   when: redis_instance_name is defined
 
 - name: Is Munin installed
-  stat:
+  ansible.builtin.stat:
     path: /etc/munin/plugins
   register: _munin_installed
   tags:
@@ -92,7 +93,7 @@
     - munin
 
 - name: configure Munin for default mode
-  include: default-munin.yml
+  ansible.builtin.include: default-munin.yml
   when:
     - _munin_installed.stat.exists
     - _munin_installed.stat.isdir
@@ -102,7 +103,7 @@
     - munin
 
 - name: configure Munin for instance mode
-  include: instance-munin.yml
+  ansible.builtin.include: instance-munin.yml
   when:
     - _munin_installed.stat.exists
     - _munin_installed.stat.isdir
@@ -112,7 +113,7 @@
     - munin
 
 - name: Is log2mail installed
-  stat:
+  ansible.builtin.stat:
     path: /etc/log2mail/config
   register: _log2mail_installed
   tags:
@@ -120,7 +121,7 @@
     - log2mail
 
 - name: configure log2mail for default mode
-  include: default-log2mail.yml
+  ansible.builtin.include: default-log2mail.yml
   when:
     - _log2mail_installed.stat.exists
     - _log2mail_installed.stat.isdir
@@ -130,7 +131,7 @@
     - log2mail
 
 - name: configure log2mail for instance mode
-  include: instance-log2mail.yml
+  ansible.builtin.include: instance-log2mail.yml
   when:
     - _log2mail_installed.stat.exists
     - _log2mail_installed.stat.isdir
@@ -140,7 +141,7 @@
     - log2mail
 
 - name: is NRPE present ?
-  stat:
+  ansible.builtin.stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
   check_mode: no
   register: nrpe_evolix_config
@@ -148,13 +149,14 @@
     - redis
     - nrpe
 
-- include: nrpe.yml
+- ansible.builtin.include: nrpe.yml
   when: nrpe_evolix_config.stat.exists
   tags:
     - redis
     - nrpe
 
 - name: Force restart redis
-  command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: restart redis
   when: redis_restart_force | bool
diff --git a/redis/tasks/nrpe.yml b/redis/tasks/nrpe.yml
index b42e2da2..61400b99 100644
--- a/redis/tasks/nrpe.yml
+++ b/redis/tasks/nrpe.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Install perl lib-redis (needed by check_redis)
-  apt:
+  ansible.builtin.apt:
     name: libredis-perl
     state: present
   tags:
@@ -9,7 +9,7 @@
     - nrpe
 
 - name: install check_redis on Jessie
-  copy:
+  ansible.builtin.copy:
     src: check_redis.pl
     dest: /usr/local/lib/nagios/plugins/check_redis
     force: yes
@@ -24,7 +24,7 @@
     - nrpe
 
 - name: set the path of check_redis on Jessie
-  set_fact:
+  ansible.builtin.set_fact:
     redis_check_redis_path: /usr/local/lib/nagios/plugins/check_redis
   when:
     - ansible_distribution == "Debian"
@@ -34,7 +34,7 @@
     - nrpe
 
 - name: set the path of check_redis on Stretch and later
-  set_fact:
+  ansible.builtin.set_fact:
     redis_check_redis_path: /usr/lib/nagios/plugins/check_redis
   when:
     - ansible_distribution == "Debian"
@@ -44,7 +44,7 @@
     - nrpe
 
 - name: sudo without password for nagios
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers.d/evolinux
     regexp: 'check_redis$'
     line: 'nagios          ALL = NOPASSWD: {{ redis_check_redis_path }}'
@@ -57,7 +57,7 @@
     - nrpe
 
 - name: Use check_redis for NRPE
-  replace:
+  ansible.builtin.replace:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     regexp: '^command\[check_redis\]=.+'
     replace: 'command[check_redis]=sudo {{ redis_check_redis_path }} -H {{ redis_bind_interfaces | first }} -p {{ redis_port }}'
@@ -68,7 +68,7 @@
     - nrpe
 
 - name: sudo without password for nagios
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers.d/evolinux
     regexp: 'check_redis$'
     line: 'nagios          ALL = NOPASSWD: {{ redis_check_redis_path }}'
@@ -80,11 +80,11 @@
     - nrpe
 
 - name: "Remount /usr with RW for 'install check_redis instance'"
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: install check_redis_instances
-  copy:
+  ansible.builtin.copy:
     src: check_redis_instances.sh
     dest: /usr/local/lib/nagios/plugins/check_redis_instances
     force: yes
@@ -96,7 +96,7 @@
     - nrpe
 
 - name: Use check_redis_instances for NRPE
-  replace:
+  ansible.builtin.replace:
     dest: /etc/nagios/nrpe.d/evolix.cfg
     regexp: '^command\[check_redis\]=.+'
     replace: 'command[check_redis]=sudo /usr/local/lib/nagios/plugins/check_redis_instances'
@@ -107,7 +107,7 @@
     - nrpe
 
 - name: sudo without password for nagios
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/sudoers.d/evolinux
     regexp: 'check_redis_instances$'
     line: 'nagios          ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_redis_instances'
diff --git a/redis/tasks/thp.yml b/redis/tasks/thp.yml
index 7a0dce27..7a215788 100644
--- a/redis/tasks/thp.yml
+++ b/redis/tasks/thp.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: sysfsutils is installed
-  apt:
+  ansible.builtin.apt:
     name:
       - sysfsutils
     state: present
@@ -11,7 +11,7 @@
     - kernel
 
 - name: Check possible values for THP
-  assert:
+  ansible.builtin.assert:
     that: redis_sysctl_transparent_hugepage_enabled is in ['always', 'madvise', 'never']
     msg: "redis_sysctl_transparent_hugepage_enabled has incorrect value : '{{ redis_sysctl_transparent_hugepage_enabled }}' not in ['always', 'madvise', 'never']"
   tags:
@@ -19,7 +19,7 @@
     - kernel
 
 - name: "Set THP to {{ redis_sysctl_transparent_hugepage_enabled }} at boot"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/sysfs.conf
     line: kernel/mm/transparent_hugepage/enabled = {{ redis_sysctl_transparent_hugepage_enabled }}
     regexp: "kernel/mm/transparent_hugepage/enabled"
@@ -28,7 +28,8 @@
     - kernel
 
 - name: "Set THP to {{ redis_sysctl_transparent_hugepage_enabled }} for this boot"
-  shell: "echo '{{ redis_sysctl_transparent_hugepage_enabled }}' >> /sys/kernel/mm/transparent_hugepage/enabled"
+  ansible.builtin.shell:
+    cmd: "echo '{{ redis_sysctl_transparent_hugepage_enabled }}' >> /sys/kernel/mm/transparent_hugepage/enabled"
   tags:
     - redis
     - kernel
\ No newline at end of file
diff --git a/redmine/handlers/main.yml b/redmine/handlers/main.yml
index 3759afc4..595d83f4 100644
--- a/redmine/handlers/main.yml
+++ b/redmine/handlers/main.yml
@@ -1,10 +1,10 @@
 ---
 - name: restart rsyslog
-  service:
+  ansible.builtin.service:
     name: rsyslog
     state: restarted
 
 - name: reload nginc
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
diff --git a/redmine/tasks/config.yml b/redmine/tasks/config.yml
index e45bcea5..282f20f6 100644
--- a/redmine/tasks/config.yml
+++ b/redmine/tasks/config.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create systemd config dir
-  file:
+  ansible.builtin.file:
     state: directory
     dest: "/home/{{ redmine_user }}/{{ item }}"
     mode: "0750"
@@ -14,7 +14,7 @@
     - redmine
 
 - name: Deploy systemd unit
-  copy:
+  ansible.builtin.copy:
     src: puma.service
     dest: "/home/{{ redmine_user }}/.config/systemd/user/puma.service"
     mode: "0644"
@@ -24,7 +24,7 @@
     - redmine
 
 - name: Set user .profile
-  copy:
+  ansible.builtin.copy:
     src: profile
     dest: "/home/{{ redmine_user }}/.profile"
     owner: "{{ redmine_user }}"
@@ -34,7 +34,7 @@
     - redmine
 
 - name: Create config directory
-  file:
+  ansible.builtin.file:
     path: "/home/{{ redmine_user }}/config"
     state: directory
     owner: "{{ redmine_user }}"
@@ -44,7 +44,7 @@
     - redmine
 
 - name: Copy configurations file
-  template:
+  ansible.builtin.template:
     src: "{{ item }}.j2"
     dest: "/home/{{ redmine_user }}/config/{{ item }}"
     owner: "{{ redmine_user }}"
diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml
index eb5c5915..41acd751 100644
--- a/redmine/tasks/main.yml
+++ b/redmine/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
-- include: packages.yml
-- include: syslog.yml
-- include: user.yml
-- include_role:
+- ansible.builtin.include: packages.yml
+- ansible.builtin.include: syslog.yml
+- ansible.builtin.include: user.yml
+- ansible.builtin.include_role:
     name: evolix/rbenv
   vars:
     - username: "{{ redmine_user }}"
diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml
index 5f1f6631..6cf3ef36 100644
--- a/redmine/tasks/mysql.yml
+++ b/redmine/tasks/mysql.yml
@@ -1,6 +1,7 @@
 ---
 - name: Get actual Mysql password
-  shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
+  ansible.builtin.shell:
+    cmd: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
   register: redmine_get_mysql_password
   check_mode: no
   changed_when: False
@@ -9,7 +10,8 @@
     - redmine
 
 - name: Generate Mysql password
-  shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
+  ansible.builtin.shell:
+    cmd: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
   register: redmine_generate_mysql_password
   check_mode: no
   changed_when: False
@@ -18,13 +20,13 @@
   - redmine
 
 - name: Set Mysql password
-  set_fact:
+  ansible.builtin.set_fact:
     redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
   tags:
     - redmine
 
 - name: Create Mysql database
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ redmine_db_name }}"
     config_file: "/root/.my.cnf"
     state: present
@@ -34,7 +36,7 @@
     - redmine
 
 - name: Store credentials in my.cnf
-  ini_file:
+  community.general.ini_file:
     dest: "/home/{{ redmine_user }}/.my.cnf"
     owner: "{{ redmine_user }}"
     group: "{{ redmine_user }}"
@@ -51,7 +53,7 @@
     - redmine
 
 - name: Create Mysql user
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ redmine_db_username }}"
     password: '{{ redmine_db_pass }}'
     priv: "{{ redmine_user }}.*:ALL"
diff --git a/redmine/tasks/nginx.yml b/redmine/tasks/nginx.yml
index 1ea1f40a..3ceebb0e 100644
--- a/redmine/tasks/nginx.yml
+++ b/redmine/tasks/nginx.yml
@@ -1,6 +1,6 @@
 ---
 - name: Add www-data to Redmine group
-  user:
+  ansible.builtin.user:
     name: www-data
     groups: "{{ redmine_user }}"
     append: True
@@ -9,7 +9,7 @@
     - nginx
 
 - name: Copy nginx vhost
-  template:
+  ansible.builtin.template:
     src: nginx.conf.j2
     dest: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
     mode: "0644"
@@ -19,7 +19,7 @@
     - nginx
 
 - name: Enable nginx vhost
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
     dest: "/etc/nginx/sites-enabled/{{ redmine_user }}.conf"
     state: link
diff --git a/redmine/tasks/packages.yml b/redmine/tasks/packages.yml
index 294ef693..9d6978a7 100644
--- a/redmine/tasks/packages.yml
+++ b/redmine/tasks/packages.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install dependency
-  apt:
+  ansible.builtin.apt:
     name:
       - libpam-systemd
       - imagemagick
@@ -20,7 +20,7 @@
 
 # dependency for mysql_user and mysql_db
 - name: python modules is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name:
       - python-mysqldb
       - python-pymysql
@@ -31,7 +31,7 @@
 
 # dependency for mysql_user and mysql_db
 - name: python3 modules is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name:
       - python3-mysqldb
       - python3-pymysql
diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml
index 548132fc..4f1430a5 100644
--- a/redmine/tasks/release.yml
+++ b/redmine/tasks/release.yml
@@ -1,6 +1,7 @@
 ---
 - name: Get id of user
-  command: "id -u {{ redmine_user }}"
+  ansible.builtin.command:
+    cmd: "id -u {{ redmine_user }}"
   register: redmine_command_user_id
   changed_when: False
   check_mode: False
@@ -8,7 +9,7 @@
     - redmine
 
 - name: Define user environment
-  set_fact:
+  ansible.builtin.set_fact:
     user_env:
       XDG_RUNTIME_DIR: "/run/user/{{ redmine_command_user_id.stdout }}"
       RAILS_ENV: production
@@ -16,7 +17,7 @@
     - redmine
 
 - name: Stop puma service
-  systemd:
+  ansible.builtin.systemd:
     name: puma
     daemon_reload: yes
     state: stopped
@@ -27,7 +28,7 @@
     - redmine
 
 - name: Create mysqldump directory
-  file:
+  ansible.builtin.file:
     path: "/home/{{ redmine_user }}/mysqldump"
     state: directory
     owner: "{{ redmine_user }}"
@@ -37,7 +38,7 @@
     - redmine
 
 - name: Dump mysql database
-  mysql_db:
+  community.mysql.mysql_db:
     state: dump
     config_file: "/home/{{ redmine_user }}/.my.cnf"
     name: "{{ redmine_db_name }}"
@@ -46,7 +47,7 @@
     - redmine
 
 - name: Change www link
-  file:
+  ansible.builtin.file:
     state: link
     src: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
     dest: "/home/{{ redmine_user }}/www"
@@ -56,7 +57,8 @@
     - redmine
 
 - name: Update Gemfile.lock
-  command: "~/.rbenv/bin/rbenv exec bundle lock"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle lock"
   args:
     chdir: "/home/{{ redmine_user }}/www"
   become_user: "{{ redmine_user }}"
@@ -65,7 +67,8 @@
     - redmine
 
 - name: Update local gems with bundle
-  command: "~/.rbenv/bin/rbenv exec bundle install --deployment"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle install --deployment"
   args:
     chdir: "/home/{{ redmine_user }}/www"
   become_user: "{{ redmine_user }}"
@@ -74,7 +77,8 @@
     - redmine
 
 - name: Generate secret token
-  command: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token"
   args:
     chdir: "/home/{{ redmine_user }}/www"
     creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
@@ -84,7 +88,8 @@
     - redmine
 
 - name: Migrate database with rake
-  command: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate"
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
@@ -93,7 +98,8 @@
     - redmine
 
 - name: Populate Mysql database
-  command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr"
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
@@ -103,7 +109,8 @@
     - redmine
 
 - name: Migrate plugins
-  command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate"
+  ansible.builtin.command:
+    cmd: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate"
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
@@ -112,7 +119,7 @@
     - redmine
 
 - name: Start puma service
-  systemd:
+  ansible.builtin.systemd:
     name: puma
     daemon_reload: yes
     state: started
diff --git a/redmine/tasks/source.yml b/redmine/tasks/source.yml
index 7893a5ad..980d2c13 100644
--- a/redmine/tasks/source.yml
+++ b/redmine/tasks/source.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create releases directory
-  file:
+  ansible.builtin.file:
     path: "/home/{{ redmine_user }}/{{ item }}"
     state: directory
     owner: "{{ redmine_user }}"
@@ -13,7 +13,7 @@
     - redmine
 
 - name: Download Redmine archive
-  unarchive:
+  ansible.builtin.unarchive:
     src: "https://redmine.org/releases/redmine-{{ redmine_version }}.tar.gz"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
     remote_src: True
@@ -24,7 +24,7 @@
     - redmine
 
 - name: Link config files
-  file:
+  ansible.builtin.file:
     state: link
     src: "/home/{{ redmine_user }}/config/{{ item }}"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}"
@@ -38,7 +38,7 @@
     - redmine
 
 - name: Copy/Update plugin from archive
-  unarchive:
+  ansible.builtin.unarchive:
     src: "{{ item.zip }}"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/"
     remote_src: yes
@@ -51,7 +51,7 @@
     - redmine
 
 - name: Copy/Update plugin from git repository
-  git:
+  ansible.builtin.git:
     repo: "{{ item.git }}"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/{{ item.git | basename | splitext | first }}"
     version: "{{ item.tree | default('master') }}"
@@ -63,7 +63,7 @@
     - redmine
 
 - name: Copy/Update theme from archive
-  unarchive:
+  ansible.builtin.unarchive:
     src: "{{ item.zip }}"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes"
     remote_src: yes
@@ -76,7 +76,7 @@
     - redmine
 
 - name: Copy/Update theme from git repository
-  git:
+  ansible.builtin.git:
     repo: "{{ item.git }}"
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes/{{ item.git | basename | splitext | first }}"
     version: "{{ item.tree | default('master') }}"
@@ -88,7 +88,7 @@
     - redmine
 
 - name: Deploy custom Gemfile
-  template:
+  ansible.builtin.template:
     src: Gemfile.local.j2
     dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/Gemfile.local"
     owner: "{{ redmine_user }}"
diff --git a/redmine/tasks/syslog.yml b/redmine/tasks/syslog.yml
index b53e2660..14be7827 100644
--- a/redmine/tasks/syslog.yml
+++ b/redmine/tasks/syslog.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create log directory
-  file:
+  ansible.builtin.file:
     state: directory
     dest: /var/log/redmine
     owner: root
@@ -10,7 +10,7 @@
     - redmine
 
 - name: Copy syslog configuration
-  copy:
+  ansible.builtin.copy:
     src: syslog.conf
     dest: /etc/rsyslog.d/redmine.conf
     mode: "0644"
@@ -19,7 +19,7 @@
     - redmine
 
 - name: Copy logrotate configuration
-  copy:
+  ansible.builtin.copy:
     src: logrotate
     dest: /etc/logrotate.d/redmine
     mode: "0644"
diff --git a/redmine/tasks/user.yml b/redmine/tasks/user.yml
index dc959db1..db9cbd1a 100644
--- a/redmine/tasks/user.yml
+++ b/redmine/tasks/user.yml
@@ -1,13 +1,14 @@
 ---
 - name: Create redmine group
-  group:
+
+  ansible.builtin.group:
     name: "{{ redmine_user }}"
     state: present
   tags:
     - redmine
 
 - name: Create redmine user
-  user:
+  ansible.builtin.user:
     name: "{{ redmine_user }}"
     state: present
     group: "{{ redmine_user }}"
@@ -18,7 +19,7 @@
     - redmine
 
 - name: Add redmine user to Redis group
-  user:
+  ansible.builtin.user:
     name: "{{ redmine_user }}"
     groups: "redis-{{ redmine_user }}"
     append: True
@@ -27,7 +28,7 @@
     - redmine
 
 - name: Create required directory
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: "{{ redmine_user }}"
@@ -40,5 +41,6 @@
     - redmine
 
 - name: Enable systemd user mode
-  command: "loginctl enable-linger {{ redmine_user }}"
+  ansible.builtin.command:
+    cmd: "loginctl enable-linger {{ redmine_user }}"
   changed_when: False
diff --git a/remount-usr/handlers/main.yml b/remount-usr/handlers/main.yml
index 854a8883..ea22acee 100644
--- a/remount-usr/handlers/main.yml
+++ b/remount-usr/handlers/main.yml
@@ -1,4 +1,5 @@
 ---
 - name: remount usr
-  command: "mount -o remount /usr"
+  ansible.builtin.command:
+    cmd: "mount -o remount /usr"
   failed_when: False
\ No newline at end of file
diff --git a/remount-usr/tasks/main.yml b/remount-usr/tasks/main.yml
index e4cf9d36..eb5c0109 100644
--- a/remount-usr/tasks/main.yml
+++ b/remount-usr/tasks/main.yml
@@ -2,14 +2,16 @@
 # findmnt returns 0 on hit, 1 on miss
 # If the return code is higher than 1, it's a blocking failure
 - name: "check if /usr is a read-only partition"
-  command: 'findmnt /usr --noheadings --options ro'
+  ansible.builtin.command:
+    cmd: 'findmnt /usr --noheadings --options ro'
   changed_when: False
   failed_when: usr_partition.rc > 1
   check_mode: no
   register: usr_partition
 
 - name: "mount /usr in rw"
-  command: 'mount -o remount,rw /usr'
+  ansible.builtin.command:
+    cmd: 'mount -o remount,rw /usr'
   changed_when: False
   when: usr_partition.rc == 0
   notify: remount usr
diff --git a/spamassasin/handlers/main.yml b/spamassasin/handlers/main.yml
index 7479d736..78597a37 100644
--- a/spamassasin/handlers/main.yml
+++ b/spamassasin/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart spamassassin
-  service:
+  ansible.builtin.service:
     name: spamassassin
     state: restarted
diff --git a/spamassasin/tasks/main.yml b/spamassasin/tasks/main.yml
index a2cbaf9a..9f2889ca 100644
--- a/spamassasin/tasks/main.yml
+++ b/spamassasin/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: install SpamAssasin
-  apt:
+  ansible.builtin.apt:
     name:
       - spamassassin
     state: present
@@ -8,7 +8,7 @@
     - spamassassin
 
 - name: configure SpamAssasin
-  copy:
+  ansible.builtin.copy:
     src: spamassassin.cf
     dest: /etc/spamassassin/local_evolix.cf
     mode: "0644"
@@ -17,7 +17,7 @@
     - spamassassin
 
 - name: enable SpamAssasin
-  replace:
+  ansible.builtin.replace:
     dest: /etc/default/spamassassin
     regexp: 'ENABLED=0'
     replace: 'ENABLED=1'
@@ -26,7 +26,7 @@
     - spamassassin
 
 - name: add amavis user to debian-spamd group
-  user:
+  ansible.builtin.user:
     name: amavis
     groups: debian-spamd
     append: yes
@@ -34,31 +34,31 @@
     - spamassassin
 
 - name: fix right on /var/lib/spamassassin
-  file:
+  ansible.builtin.file:
     dest: /var/lib/spamassassin
     state: directory
     mode: "0750"
   tags:
     - spamassassin
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags:
     - spamassassin
 
 - name: Check evomaintenance config
-  stat:
+  ansible.builtin.stat:
     path: /etc/evomaintenance.cf
   register: _evomaintenance_config
 
 - name: Verify sa-update dependency
-  assert:
+  ansible.builtin.assert:
     that:
       - _evomaintenance_config.stat.exists
     msg: sa-update.sh needs /etc/evomaintenance.cf
 
 - name: copy sa-update.sh script
-  copy:
+  ansible.builtin.copy:
     src: sa-update.sh
     dest: /usr/share/scripts/sa-update.sh
     mode: "0750"
@@ -66,8 +66,8 @@
     - spamassassin
 
 - name: Check if cron is installed
-  shell: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   check_mode: no
   failed_when: False
@@ -75,7 +75,7 @@
   register: is_cron_installed
 
 - name: enable sa-update.sh cron
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/cron.d/sa-update
     line: "42 6 5 1,4,7,10 * root /usr/share/scripts/sa-update.sh"
     create: yes
@@ -86,13 +86,14 @@
     - spamassassin
 
 - name: update SpamAssasin's rules
-  command: "/usr/share/scripts/sa-update.sh"
+  ansible.builtin.command:
+    cmd: "/usr/share/scripts/sa-update.sh"
   changed_when: False
   tags:
     - spamassassin
 
 - name: ensure SpamAssasin is started and enabled
-  systemd:
+  ansible.builtin.systemd:
     name: spamassassin
     state: started
     enabled: True
diff --git a/squid/handlers/main.yml b/squid/handlers/main.yml
index 4f5329b9..149d4827 100644
--- a/squid/handlers/main.yml
+++ b/squid/handlers/main.yml
@@ -1,33 +1,34 @@
 ---
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
 
 - name: restart squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: restarted
 
 - name: reload squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: reloaded
 
 - name: restart squid3
-  service:
+  ansible.builtin.service:
     name: squid3
     state: restarted
 
 - name: reload squid3
-  service:
+  ansible.builtin.service:
     name: squid3
     state: reloaded
 
 - name: restart log2mail
-  service:
+  ansible.builtin.service:
     name: log2mail
     state: restarted
 
 - name: restart minifirewall
-  command: /etc/init.d/minifirewall restart
+  ansible.builtin.command:
+    cmd: /etc/init.d/minifirewall restart
diff --git a/squid/tasks/log2mail.yml b/squid/tasks/log2mail.yml
index 5454dc10..1d36eb09 100644
--- a/squid/tasks/log2mail.yml
+++ b/squid/tasks/log2mail.yml
@@ -1,14 +1,14 @@
 ---
 
 - name: is log2mail installed?
-  stat:
+  ansible.builtin.stat:
     path: /etc/log2mail/config/
   check_mode: no
   register: log2mail_config
 
 - block:
   - name: log2mail proxy config is present
-    template:
+    ansible.builtin.template:
       src: log2mail.j2
       dest: /etc/log2mail/config/squid.conf
       mode: "0640"
@@ -17,7 +17,7 @@
     notify: restart log2mail
 
   - name: log2mail user is in proxy group
-    user:
+    ansible.builtin.user:
       name: log2mail
       groups: proxy
       append: yes
diff --git a/squid/tasks/logrotate_jessie.yml b/squid/tasks/logrotate_jessie.yml
index 010d13cc..345cd053 100644
--- a/squid/tasks/logrotate_jessie.yml
+++ b/squid/tasks/logrotate_jessie.yml
@@ -11,7 +11,8 @@
 # is the one provided by the package.
 
 - name: check if logrotate file is default
-  shell: 'printf "43994674706b672ae5018f592beccf2e  /etc/logrotate.d/{{ squid_daemon_name }}" | md5sum --check'
+  ansible.builtin.shell:
+    cmd: 'printf "43994674706b672ae5018f592beccf2e  /etc/logrotate.d/{{ squid_daemon_name }}" | md5sum --check'
   changed_when: False
   failed_when: False
   check_mode: no
@@ -20,7 +21,7 @@
     - squid
 
 - name: logrotate configuration
-  template:
+  ansible.builtin.template:
     src: logrotate_jessie.j2
     dest: /etc/logrotate.d/{{ squid_daemon_name }}
     force: yes
diff --git a/squid/tasks/logrotate_stretch.yml b/squid/tasks/logrotate_stretch.yml
index 579c228c..df264068 100644
--- a/squid/tasks/logrotate_stretch.yml
+++ b/squid/tasks/logrotate_stretch.yml
@@ -11,7 +11,8 @@
 # is the one provided by the package.
 
 - name: check if logrotate file is default
-  shell: 'printf "c210feea019412adac8a5d5dcba427af  /etc/logrotate.d/{{ squid_daemon_name }}" | md5sum --check'
+  ansible.builtin.shell:
+    cmd: 'printf "c210feea019412adac8a5d5dcba427af  /etc/logrotate.d/{{ squid_daemon_name }}" | md5sum --check'
   changed_when: False
   failed_when: False
   check_mode: no
@@ -20,7 +21,7 @@
     - squid
 
 - name: logrotate configuration
-  template:
+  ansible.builtin.template:
     src: logrotate_stretch.j2
     dest: /etc/logrotate.d/{{ squid_daemon_name }}
     force: yes
diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml
index 5cb60ea9..0a200188 100644
--- a/squid/tasks/main.yml
+++ b/squid/tasks/main.yml
@@ -1,49 +1,49 @@
 ---
 
-- fail:
+- ansible.builtin.fail:
     msg: only compatible with Debian >= 8
   when:
   - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
 
 - name: "Set squid name (jessie)"
-  set_fact:
+  ansible.builtin.set_fact:
     squid_daemon_name: squid3
   when: ansible_distribution_release == "jessie"
 
 - name: "Set squid name (Debian 9 or later)"
-  set_fact:
+  ansible.builtin.set_fact:
     squid_daemon_name: squid
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "Install Squid packages"
-  apt:
+  ansible.builtin.apt:
     name:
       - "{{ squid_daemon_name }}"
       - squidclient
     state: present
 
 - name: Fetch packages
-  package_facts:
+  ansible.builtin.package_facts:
     manager: auto
 
-- debug:
+- ansible.builtin.debug:
     var: ansible_facts.packages[squid_daemon_name]
 
 - name: "Set alternative config file (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: default_squid
     dest: /etc/default/squid
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "squid.conf is present (jessie)"
-  template:
+  ansible.builtin.template:
     src: squid.conf.j2
     dest: /etc/squid3/squid.conf
   notify: "restart squid3"
   when: ansible_distribution_release == "jessie"
 
 - name: "evolix whitelist is present (jessie)"
-  copy:
+  ansible.builtin.copy:
     src: whitelist-evolinux.conf
     dest: /etc/squid3/whitelist.conf
     force: no
@@ -51,21 +51,21 @@
   when: ansible_distribution_release == "jessie"
 
 - name: "evolinux defaults squid file (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-defaults.conf
     dest: /etc/squid/evolinux-defaults.conf
   notify: "restart squid"
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux defaults whitelist (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-whitelist-defaults.conf
     dest: /etc/squid/evolinux-whitelist-defaults.conf
   notify: "reload squid"
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux custom whitelist (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     dest: /etc/squid/evolinux-whitelist-custom.conf
     content: |
       # Put customized values here.
@@ -73,7 +73,7 @@
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux acl for local proxy (Debian 9 or later)"
-  template:
+  ansible.builtin.template:
     src: evolinux-acl.conf.j2
     dest: /etc/squid/evolinux-acl.conf
     force: no
@@ -83,7 +83,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux custom acl (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     dest: /etc/squid/evolinux-acl.conf
     content: |
       # Put customized values here.
@@ -93,7 +93,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux http_access for local proxy (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: evolinux-httpaccess.conf
     dest: /etc/squid/evolinux-httpaccess.conf
     force: no
@@ -103,7 +103,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux custom http_access (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     dest: /etc/squid/evolinux-httpaccess.conf
     content: |
       # Put customized values here.
@@ -113,7 +113,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux overrides for local proxy (Debian 9 or later)"
-  template:
+  ansible.builtin.template:
     src: evolinux-custom.conf.j2
     dest: /etc/squid/evolinux-custom.conf
     force: no
@@ -123,7 +123,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux custom overrides (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     dest: /etc/squid/evolinux-custom.conf
     content: |
       # Put customized values here.
@@ -133,7 +133,7 @@
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: add some URL in whitelist (Debian 8)
-  lineinfile:
+  ansible.builtin.lineinfile:
     insertafter: EOF
     dest: /etc/squid3/whitelist.conf
     line: "{{ item }}"
@@ -143,7 +143,7 @@
   when: ansible_distribution_major_version == '8'
 
 - name: add some URL in whitelist (Debian 9 or later)
-  lineinfile:
+  ansible.builtin.lineinfile:
     insertafter: EOF
     dest: /etc/squid/evolinux-whitelist-custom.conf
     line: "{{ item }}"
@@ -152,15 +152,15 @@
   notify: "reload squid"
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: systemd.yml
+- ansible.builtin.include: systemd.yml
   when: ansible_distribution_major_version is version('10', '>=')
 
-- include: logrotate_jessie.yml
+- ansible.builtin.include: logrotate_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: logrotate_stretch.yml
+- ansible.builtin.include: logrotate_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: minifirewall.yml
+- ansible.builtin.include: minifirewall.yml
 
-- include: log2mail.yml
+- ansible.builtin.include: log2mail.yml
diff --git a/squid/tasks/minifirewall.legacy.yml b/squid/tasks/minifirewall.legacy.yml
index f7e78ee5..18ee45aa 100644
--- a/squid/tasks/minifirewall.legacy.yml
+++ b/squid/tasks/minifirewall.legacy.yml
@@ -1,20 +1,20 @@
 ---
 - name: Check if Minifirewall is present
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   check_mode: no
   register: minifirewall_test
 
 - block:
   - name: HTTPSITES list is commented in minifirewall
-    replace:
+    ansible.builtin.replace:
       dest: "/etc/default/minifirewall"
       regexp: "^(HTTPSITES='[^0-9])"
       replace: '#\1'
     notify: restart minifirewall
 
   - name: all HTTPSITES are authorized in minifirewall
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       line: "HTTPSITES='0.0.0.0/0'"
       regexp: "HTTPSITES='.*'"
@@ -22,7 +22,7 @@
     notify: restart minifirewall
 
   - name: add iptables rules for the proxy
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       regexp: "^#? *{{ item }}"
       line: "{{ item }}"
@@ -35,7 +35,7 @@
     notify: restart minifirewall
 
   - name: remove minifirewall example rule for the proxy
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
       state: absent
diff --git a/squid/tasks/minifirewall.yml b/squid/tasks/minifirewall.yml
index 5abdf9df..7cece087 100644
--- a/squid/tasks/minifirewall.yml
+++ b/squid/tasks/minifirewall.yml
@@ -1,20 +1,20 @@
 ---
 - name: Check if Minifirewall is present
-  stat:
+  ansible.builtin.stat:
     path: "/etc/default/minifirewall"
   check_mode: no
   register: minifirewall_test
 
 - block:
   - name: HTTPSITES list is commented in minifirewall
-    replace:
+    ansible.builtin.replace:
       dest: "/etc/default/minifirewall"
       regexp: "^(HTTPSITES='[^0-9])"
       replace: '#\1'
     notify: restart minifirewall
 
   - name: all HTTPSITES are authorized in minifirewall
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       line: "HTTPSITES='0.0.0.0/0'"
       regexp: "HTTPSITES='.*'"
@@ -23,14 +23,15 @@
 
   # The PROXY variable means that minifirewall is "modern"
   - name: Look for PROXY variable
-    shell: "grep -E '^\\s*PROXY=' /etc/default/minifirewall"
+    ansible.builtin.shell:
+      cmd: "grep -E '^\\s*PROXY=' /etc/default/minifirewall"
     failed_when: False
     changed_when: False
     check_mode: False
     register: _minifirewall_proxy_var_check
 
   - name: Set proxy configuration for minifirewall (legacy mode)
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       regexp: "^#? *{{ item }}"
       line: "{{ item }}"
@@ -44,7 +45,7 @@
     when: _minifirewall_proxy_var_check.rc == 1
 
   - name: remove minifirewall example rule for the proxy (legacy mode)
-    lineinfile:
+    ansible.builtin.lineinfile:
       dest: "/etc/default/minifirewall"
       regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
       state: absent
@@ -52,7 +53,7 @@
     when: _minifirewall_proxy_var_check.rc == 1
 
   - name: Set proxy configuration for minifirewall (modern mode)
-    replace:
+    ansible.builtin.replace:
       dest: "/etc/default/minifirewall"
       replace: "PROXY='on'"
       regexp: "PROXY='.*'"
diff --git a/squid/tasks/systemd.yml b/squid/tasks/systemd.yml
index c84e52d6..7e262f23 100644
--- a/squid/tasks/systemd.yml
+++ b/squid/tasks/systemd.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: Look for existing systemd unit
-  command: systemctl -q is-active squid.service
+  ansible.builtin.command:
+    cmd: systemctl -q is-active squid.service
   changed_when: False
   failed_when: False
   check_mode: no
   register: _squid_systemd_active
 
 - name: Squid systemd overrides directory exists
-  file:
+  ansible.builtin.file:
     dest: /etc/systemd/system/squid.service.d/
     state: directory
     owner: root
@@ -16,7 +17,7 @@
     mode: "0755"
 
 - name: "Squid systemd unit service is present"
-  template:
+  ansible.builtin.template:
     src: systemd-override.conf.j2
     dest: /etc/systemd/system/squid.service.d/override.conf
     mode: "0644"
@@ -24,7 +25,7 @@
   register: _squid_systemd_override
 
 - name: "Systemd daemon is reloaded and Squid restarted"
-  systemd:
+  ansible.builtin.systemd:
     name: squid
     state: restarted
     daemon_reload: yes
diff --git a/ssl/handlers/main.yml b/ssl/handlers/main.yml
index 3393e45a..d4dcb52a 100644
--- a/ssl/handlers/main.yml
+++ b/ssl/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: reload haproxy
-  service:
+  ansible.builtin.service:
     name: haproxy
     state: reloaded
diff --git a/ssl/tasks/haproxy.yml b/ssl/tasks/haproxy.yml
index 2ba30ac9..878524f3 100644
--- a/ssl/tasks/haproxy.yml
+++ b/ssl/tasks/haproxy.yml
@@ -1,6 +1,6 @@
 ---
 - name: Concatenate SSL certificate, key and dhparam
-  set_fact:
+  ansible.builtin.set_fact:
     ssl_cat: "{{ ssl_cat | default() }}{{ lookup('file', item) }}\n"
   with_fileglob:
     - "ssl/{{ ssl_cert }}.pem"
@@ -10,7 +10,7 @@
     - ssl
 
 - name: Create haproxy ssl directory
-  file:
+  ansible.builtin.file:
     dest: /etc/haproxy/ssl
     state: directory
     mode: "0700"
@@ -18,7 +18,7 @@
     - ssl
 
 - name: Copy concatenated certificate and key
-  copy:
+  ansible.builtin.copy:
     content: "{{ ssl_cat }}"
     dest: "/etc/haproxy/ssl/{{ ssl_cert }}.pem"
     mode: "0600"
@@ -27,7 +27,7 @@
     - ssl
 
 - name: Reset ssl_cat variable
-  set_fact:
+  ansible.builtin.set_fact:
     ssl_cat: ""
   tags:
     - ssl
diff --git a/ssl/tasks/main.yml b/ssl/tasks/main.yml
index 3ec71115..01398dec 100644
--- a/ssl/tasks/main.yml
+++ b/ssl/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Copy SSL certificate
-  copy:
+  ansible.builtin.copy:
     src: "ssl/{{ ssl_cert }}.pem"
     dest: "/etc/ssl/certs/{{ ssl_cert }}.pem"
     mode: "0644"
@@ -9,7 +9,7 @@
     - ssl
 
 - name: Copy SSL key
-  copy:
+  ansible.builtin.copy:
     src: "ssl/{{ ssl_cert }}.key"
     dest: "/etc/ssl/private/{{ ssl_cert }}.key"
     mode: "0640"
@@ -20,7 +20,7 @@
     - ssl
 
 - name: Copy SSL dhparam
-  copy:
+  ansible.builtin.copy:
     src: "ssl/{{ ssl_cert }}.dhp"
     dest: "/etc/ssl/certs/{{ ssl_cert }}.dhp"
     mode: "0644"
@@ -29,8 +29,8 @@
     - ssl
 
 - name: Check if Haproxy is installed
-  shell: "set -o pipefail && dpkg -l haproxy 2>/dev/null | grep -q -E '^(i|h)i'"
-  args:
+  ansible.builtin.shell:
+    cmd: "set -o pipefail && dpkg -l haproxy 2>/dev/null | grep -q -E '^(i|h)i'"
     executable: /bin/bash
   register: haproxy_check
   check_mode: no
@@ -39,5 +39,5 @@
   tags:
     - ssl
 
-- include: haproxy.yml
+- ansible.builtin.include: haproxy.yml
   when: haproxy_check.rc == 0
diff --git a/supervisord/handlers/main.yml b/supervisord/handlers/main.yml
index be10ba0a..dde2339d 100644
--- a/supervisord/handlers/main.yml
+++ b/supervisord/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: restart supervisor
-  service:
+  ansible.builtin.service:
     name: supervisor
     state: restarted
diff --git a/supervisord/tasks/main.yml b/supervisord/tasks/main.yml
index b35bd03f..7b61ccbb 100644
--- a/supervisord/tasks/main.yml
+++ b/supervisord/tasks/main.yml
@@ -1,12 +1,12 @@
 ---
 - name: Install Supervisor
-  apt:
+  ansible.builtin.apt:
     name: supervisor
   tags:
     - supervisord
 
 - name: Add http configuration for Supervisor
-  copy:
+  ansible.builtin.copy:
     src: http.conf
     dest: /etc/supervisor/conf.d/
     mode: "0644"
diff --git a/tomcat-instance/tasks/alias.yml b/tomcat-instance/tasks/alias.yml
index 99ae1910..b61b27e5 100644
--- a/tomcat-instance/tasks/alias.yml
+++ b/tomcat-instance/tasks/alias.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create bin dir for alias
-  file:
+  ansible.builtin.file:
     path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin"
     state: directory
     mode: "0770"
@@ -8,7 +8,7 @@
     group: "{{ tomcat_instance_name }}"
 
 - name: Copy alias script for systemctl --user
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin/"
     mode: "0770"
diff --git a/tomcat-instance/tasks/bootstrap.yml b/tomcat-instance/tasks/bootstrap.yml
index 001088b1..818ddceb 100644
--- a/tomcat-instance/tasks/bootstrap.yml
+++ b/tomcat-instance/tasks/bootstrap.yml
@@ -1,6 +1,6 @@
 ---
 - name: Create tomcat dirs
-  file:
+  ansible.builtin.file:
     path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/{{ item }}"
     state: directory
     mode: "u=rwx,g=rwxs,o="
@@ -15,7 +15,7 @@
     - 'lib'
 
 - name: Templating of env file
-  template:
+  ansible.builtin.template:
     src: 'templates/env.j2'
     dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env"
     mode: "0660"
@@ -24,7 +24,7 @@
     force: no
 
 - name: Templating of server.xml file
-  template:
+  ansible.builtin.template:
     src: 'templates/server.xml-tomcat{{ tomcat_version }}.j2'
     dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml"
     mode: "0660"
@@ -33,7 +33,7 @@
     force: no
 
 - name: Copy config file
-  copy:
+  ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/{{ item | basename }}"
     mode: "0660"
diff --git a/tomcat-instance/tasks/check.yml b/tomcat-instance/tasks/check.yml
index b9426a33..3273b802 100644
--- a/tomcat-instance/tasks/check.yml
+++ b/tomcat-instance/tasks/check.yml
@@ -1,10 +1,11 @@
 ---
 - name: Check tomcat_instance_name
-  debug:
+  ansible.builtin.debug:
     msg: "{{ tomcat_instance_name }}"
 
 - name: Check use of gid
-  command: id -ng "{{ tomcat_instance_port }}"
+  ansible.builtin.command:
+    cmd: id -ng "{{ tomcat_instance_port }}"
   register: check_port_gid
   changed_when: False
   failed_when:
@@ -12,7 +13,8 @@
     - check_port_gid.stdout != "{{ tomcat_instance_name }}"
 
 - name: Check use of uid
-  command: id -nu "{{ tomcat_instance_port }}"
+  ansible.builtin.command:
+    cmd: id -nu "{{ tomcat_instance_port }}"
   register: check_port_uid
   changed_when: False
   failed_when:
diff --git a/tomcat-instance/tasks/main.yml b/tomcat-instance/tasks/main.yml
index 1da21794..70baa536 100644
--- a/tomcat-instance/tasks/main.yml
+++ b/tomcat-instance/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
-- include: check.yml
-- include: user.yml
-- include: systemd.yml
-- include: alias.yml
-- include: bootstrap.yml
+- ansible.builtin.include: check.yml
+- ansible.builtin.include: user.yml
+- ansible.builtin.include: systemd.yml
+- ansible.builtin.include: alias.yml
+- ansible.builtin.include: bootstrap.yml
diff --git a/tomcat-instance/tasks/systemd.yml b/tomcat-instance/tasks/systemd.yml
index c3a6a877..87c64ae6 100644
--- a/tomcat-instance/tasks/systemd.yml
+++ b/tomcat-instance/tasks/systemd.yml
@@ -1,10 +1,11 @@
 ---
 - name: Enable systemd user mode
-  command: "loginctl enable-linger {{ tomcat_instance_name }}"
+  ansible.builtin.command:
+    cmd: "loginctl enable-linger {{ tomcat_instance_name }}"
   changed_when: False
 
 - name: Set systemd conf var
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile"
     state: present
     owner: "{{ tomcat_instance_name }}"
diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml
index d4fc8521..e24870e6 100644
--- a/tomcat-instance/tasks/user.yml
+++ b/tomcat-instance/tasks/user.yml
@@ -1,31 +1,33 @@
 ---
 
-- fail:
+- ansible.builtin.fail:
     msg: "You must provide a value for the 'tomcat_instance_port' variable."
   when: tomcat_instance_port is not defined or tomcat_instance_port | length == 0
 
 
 - name: "Test if uid '{{ tomcat_instance_port }}' exists"
-  command: 'id -un -- "{{ tomcat_instance_port }}"'
+  ansible.builtin.command:
+    cmd: 'id -un -- "{{ tomcat_instance_port }}"'
   register: get_login_from_id
   failed_when: False
   changed_when: False
   check_mode: no
 
 - name: "Fail if uid already exists for another user"
-  fail:
+  ansible.builtin.fail:
     msg: "Uid '{{ tomcat_instance_port }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ tomcat_instance_name }}'"
   when:
     - get_login_from_id.rc == 0
     - get_login_from_id.stdout != tomcat_instance_name
 
 - name: Create group instance
-  group:
+
+  ansible.builtin.group:
     name: "{{ tomcat_instance_name }}"
     gid: "{{ tomcat_instance_port }}"
 
 - name: Create user instance
-  user:
+  ansible.builtin.user:
     name: "{{ tomcat_instance_name }}"
     group: "{{ tomcat_instance_name }}"
     uid: "{{ tomcat_instance_port }}"
@@ -34,7 +36,7 @@
     createhome: no
 
 - name: Create home dir
-  file:
+  ansible.builtin.file:
     path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
     state: directory
     owner: "{{ tomcat_instance_name }}"
@@ -42,12 +44,12 @@
     mode: "u=rwx,g=rwxs,o="
 
 - name: Is /etc/aliases present?
-  stat:
+  ansible.builtin.stat:
     path: /etc/aliases
   register: etc_aliases
 
 - name: Set mail alias for user
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '/etc/aliases'
     state: present
     line: "{{ tomcat_instance_name }}: {{ tomcat_instance_mail }}"
@@ -56,11 +58,12 @@
   register: tomcat_instance_mail_alias
 
 - name: Run newaliases
-  command: newaliases
+  ansible.builtin.command:
+    cmd: newaliases
   when: tomcat_instance_mail_alias is changed
 
 - name: Enable sudo right
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '/etc/sudoers.d/tomcat'
     state: present
     mode: "0440"
@@ -69,7 +72,7 @@
     validate: 'visudo -cf %s'
 
 - name: Enable sudo right for deploy user
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: '/etc/sudoers.d/tomcat'
     state: present
     mode: "0440"
diff --git a/tomcat/tasks/main.yml b/tomcat/tasks/main.yml
index 545c0813..2cc62d0a 100644
--- a/tomcat/tasks/main.yml
+++ b/tomcat/tasks/main.yml
@@ -1,4 +1,4 @@
 ---
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: nagios.yml
+- ansible.builtin.include: nagios.yml
diff --git a/tomcat/tasks/nagios.yml b/tomcat/tasks/nagios.yml
index 1eb297cf..d51b4375 100644
--- a/tomcat/tasks/nagios.yml
+++ b/tomcat/tasks/nagios.yml
@@ -1,19 +1,19 @@
 ---
 - name: Intall monitorings plugins
-  apt:
+  ansible.builtin.apt:
     name: monitoring-plugins
     state: present
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Create Nagios plugins dir
-  file:
+  ansible.builtin.file:
     path: /usr/local/lib/nagios/plugins
     state: directory
 
 - name: Copy Tomcat instance check
-  template:
+  ansible.builtin.template:
     src: check_tomcat_instance.sh.j2
     dest: /usr/local/lib/nagios/plugins/check_tomcat_instance.sh
     mode: "0755"
diff --git a/tomcat/tasks/packages.yml b/tomcat/tasks/packages.yml
index f1b968cc..a4b25661 100644
--- a/tomcat/tasks/packages.yml
+++ b/tomcat/tasks/packages.yml
@@ -1,35 +1,35 @@
 ---
 
 - name: Set Tomcat version to 7 on Debian 8 if missing
-  set_fact:
+  ansible.builtin.set_fact:
     tomcat_version: 7
   when:
     - ansible_distribution_release == "jessie"
     - tomcat_version is not defined
 
 - name: Set Tomcat version to 8 on Debian 9 if missing
-  set_fact:
+  ansible.builtin.set_fact:
     tomcat_version: 8
   when:
     - ansible_distribution_release == "stretch"
     - tomcat_version is not defined
 
 - name: Set Tomcat version to 9 on Debian 10 if missing
-  set_fact:
+  ansible.builtin.set_fact:
     tomcat_version: 9
   when:
     - ansible_distribution_release == "buster"
     - tomcat_version is not defined
 
 - name: Set Tomcat version to 9 on Debian 11 if missing
-  set_fact:
+  ansible.builtin.set_fact:
     tomcat_version: 9
   when:
     - ansible_distribution_release == "bullseye"
     - tomcat_version is not defined
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name:
       - "tomcat{{ tomcat_version }}"
       - "tomcat{{ tomcat_version }}-user"
@@ -37,7 +37,7 @@
     state: present
 
 - name: Create tomcat root dir
-  file:
+  ansible.builtin.file:
     path: "{{ tomcat_instance_root }}"
     state: directory
     owner: "{{ tomcat_root_dir_owner | default('root') }}"
@@ -45,13 +45,13 @@
     mode: "0755"
 
 - name: Copy systemd unit
-  template:
+  ansible.builtin.template:
     src: 'tomcat.service.j2'
     dest: "/etc/systemd/user/tomcat.service"
     mode: "0755"
 
 - name: Disable default tomcat service
-  service:
+  ansible.builtin.service:
     name: "tomcat{{ tomcat_version }}"
     state: stopped
     enabled: false
diff --git a/unbound/handlers/main.yml b/unbound/handlers/main.yml
index 05a3ff40..7c801751 100644
--- a/unbound/handlers/main.yml
+++ b/unbound/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: reload unbound
-  service:
+  ansible.builtin.service:
     name: unbound
     state: reloaded
diff --git a/unbound/tasks/main.yml b/unbound/tasks/main.yml
index ea7e9060..6e76eb3b 100644
--- a/unbound/tasks/main.yml
+++ b/unbound/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install Unbound package
-  apt:
+  ansible.builtin.apt:
     name: unbound
     state: present
   when: ansible_distribution == "Debian"
@@ -8,7 +8,7 @@
   - unbound
 
 - name: Retrieve list of root DNS servers
-  get_url:
+  ansible.builtin.get_url:
     url: https://www.internic.net/domain/named.cache
     dest: /etc/unbound/root.hints
     force: yes
@@ -18,7 +18,7 @@
   - unbound
 
 - name: Copy Unbound config
-  template:
+  ansible.builtin.template:
     src: unbound.conf.j2
     dest: /etc/unbound/unbound.conf
     owner: root
@@ -30,7 +30,7 @@
   - unbound
 
 - name: Starting and enabling Unbound
-  service:
+  ansible.builtin.service:
     name: unbound
     enabled: yes
     state: started
diff --git a/userlogrotate/tasks/main.yml b/userlogrotate/tasks/main.yml
index 2642186c..4f9c5fc7 100644
--- a/userlogrotate/tasks/main.yml
+++ b/userlogrotate/tasks/main.yml
@@ -15,7 +15,7 @@
   when: find_logrotate.files | length>0
 
 - name: "Install userlogrotate (jessie)"
-  copy:
+  ansible.builtin.copy:
     src: userlogrotate_jessie
     dest: /etc/cron.weekly/userlogrotate
     mode: "0755"
@@ -24,7 +24,7 @@
     - find_logrotate.files | length==0
 
 - name: "Install userlogrotate (Debian 9 or later)"
-  copy:
+  ansible.builtin.copy:
     src: userlogrotate
     dest: /etc/cron.weekly/userlogrotate
     mode: "0755"
diff --git a/varnish/handlers/main.yml b/varnish/handlers/main.yml
index 6e47bc10..96b9fb5a 100644
--- a/varnish/handlers/main.yml
+++ b/varnish/handlers/main.yml
@@ -1,21 +1,21 @@
 ---
 - name: reload varnish
-  systemd:
+  ansible.builtin.systemd:
     name: varnish
     state: reloaded
     daemon_reload: yes
 
 - name: restart varnish
-  systemd:
+  ansible.builtin.systemd:
     name: varnish
     state: restarted
     daemon_reload: yes
 
 - name: reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon-reload: yes
 
 - name: restart munin-node
-  service:
+  ansible.builtin.service:
     name: munin-node
     state: restarted
diff --git a/varnish/tasks/main.yml b/varnish/tasks/main.yml
index cca302bb..b06ab5a2 100644
--- a/varnish/tasks/main.yml
+++ b/varnish/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 - name: Install Varnish
-  apt:
+  ansible.builtin.apt:
     name: varnish
     state: present
   tags:
     - varnish
 
 - name: Fetch packages
-  package_facts:
+  ansible.builtin.package_facts:
     manager: auto
   check_mode: no
   tags:
@@ -15,7 +15,7 @@
     - config
     - update-config
 
-- set_fact:
+- ansible.builtin.set_fact:
     varnish_package_facts: "{{ ansible_facts.packages['varnish'] | first }}"
   check_mode: no
   tags:
@@ -32,7 +32,7 @@
 #     - update-config
 
 - name: Remove default varnish configuration files
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: absent
   loop:
@@ -45,7 +45,7 @@
     - config
 
 - name: Copy Custom Varnish ExecReload script (Debian < 10)
-  template:
+  ansible.builtin.template:
     src: "reload-vcl.sh.j2"
     dest: "/etc/varnish/reload-vcl.sh"
     mode: "0700"
@@ -57,7 +57,7 @@
     - varnish
 
 - name: Create a system config directory for systemd overrides
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/varnish.service.d
     state: directory
   tags:
@@ -65,7 +65,7 @@
     - config
 
 - name: Remove legacy systemd override
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/varnish.service.d/evolinux.conf
     state: absent
   notify:
@@ -75,7 +75,7 @@
     - config
 
 - name: Varnish systemd override template (Varnish 4 and 5)
-  set_fact:
+  ansible.builtin.set_fact:
     varnish_systemd_override_template: override.conf.varnish4.j2
   when:
     - varnish_package_facts['version'] is version('4', '>=')
@@ -86,7 +86,7 @@
     - update-config
 
 - name: Varnish systemd override template (Varnish 6)
-  set_fact:
+  ansible.builtin.set_fact:
     varnish_systemd_override_template: override.conf.varnish6.j2
   when:
     - varnish_package_facts['version'] is version('6', '>=')
@@ -97,7 +97,7 @@
     - update-config
 
 - name: Varnish systemd override template (Varnish 7 and later)
-  set_fact:
+  ansible.builtin.set_fact:
     varnish_systemd_override_template: override.conf.varnish7.j2
   when:
     - varnish_package_facts['version'] is version('7', '>=')
@@ -107,7 +107,7 @@
     - update-config
 
 - name: Override Varnish systemd unit
-  template:
+  ansible.builtin.template:
     src: "{{ varnish_systemd_override_template }}"
     dest: /etc/systemd/system/varnish.service.d/override.conf
     force: yes
@@ -120,7 +120,7 @@
     - update-config
 
 - name: Patch logrotate conf
-  replace:
+  ansible.builtin.replace:
     name: /etc/logrotate.d/varnish
     regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)'
     replace: '\1systemctl -q is-active {{ item }} && \2'
@@ -132,7 +132,7 @@
     - logrotate
 
 - name: Copy Varnish configuration
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ varnish_config_file }}"
     mode: "0644"
@@ -156,7 +156,7 @@
     - update-config
 
 - name: Create Varnish config dir
-  file:
+  ansible.builtin.file:
     path: /etc/varnish/conf.d
     state: directory
     mode: "0755"
@@ -166,7 +166,7 @@
     - update-config
 
 - name: Copy included Varnish config
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/varnish/conf.d/
     force: yes
@@ -183,11 +183,11 @@
 # We usually use /vat/tmp-cache then validate the syntax with this command:
 # sudo -u vcache TMPDIR=/var/tmp-vcache varnishd -Cf /etc/varnish/default.vcl > /dev/null
 - name: Special tmp directory
-  file:
+  ansible.builtin.file:
     path: "{{ varnish_tmp_dir }}"
     state: directory
     owner: vcache
     group: varnish
     mode: "0750"
 
-- include: munin.yml
+- ansible.builtin.include: munin.yml
diff --git a/varnish/tasks/munin.yml b/varnish/tasks/munin.yml
index 77637a98..3b329d46 100644
--- a/varnish/tasks/munin.yml
+++ b/varnish/tasks/munin.yml
@@ -1,29 +1,29 @@
 ---
 - name: Install dependencies
-  apt:
+  ansible.builtin.apt:
     name: libxml-parser-perl
   tags: varnish
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   tags: varnish
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/
     state: directory
     mode: "0755"
   tags: varnish
 
 - name: Create plugin directory
-  file:
+  ansible.builtin.file:
     name: /usr/local/share/munin/plugins/
     state: directory
     mode: "0755"
   tags: varnish
 
 - name: Copy varnish5 munin plugin
-  copy:
+  ansible.builtin.copy:
     src: munin/varnish5_
     dest: /usr/local/share/munin/plugins/
     mode: "0755"
@@ -31,7 +31,7 @@
   tags: varnish
 
 - name: Enable varnish5 munin plugin
-  file:
+  ansible.builtin.file:
     src: /usr/local/share/munin/plugins/varnish5_
     dest: "/etc/munin/plugins/varnish5_{{ item }}"
     state: link
@@ -51,7 +51,7 @@
   tags: varnish
 
 - name: Copy varnish5 munin plugin config
-  copy:
+  ansible.builtin.copy:
     src: munin/varnish5.conf
     dest: /etc/munin/plugin-conf.d/varnish5
     mode: "0644"
diff --git a/vrrpd/tasks/ip.yml b/vrrpd/tasks/ip.yml
index e58595a2..87a05092 100644
--- a/vrrpd/tasks/ip.yml
+++ b/vrrpd/tasks/ip.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: set unit name
-  set_fact:
+  ansible.builtin.set_fact:
     vrrp_systemd_unit_name: "vrrp-{{ vrrp_address.id }}.service"
 
 - name: add systemd unit
-  template:
+  ansible.builtin.template:
     src: vrrp.service.j2
     dest: "/etc/systemd/system/{{ vrrp_systemd_unit_name }}"
     force: yes
   register: vrrp_systemd_unit
 
 - name: enable and start systemd unit
-  systemd:
+  ansible.builtin.systemd:
     name: "{{ vrrp_systemd_unit_name }}"
     daemon_reload: yes
     enabled: yes
diff --git a/vrrpd/tasks/main.yml b/vrrpd/tasks/main.yml
index 44ebe65a..605fb0fd 100644
--- a/vrrpd/tasks/main.yml
+++ b/vrrpd/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 - name: Install Evolix public repositry
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: evolix_public.yml
   tags:
     - vrrpd
 
 - name: Install vrrpd packages
-  apt:
+  ansible.builtin.apt:
     name: vrrpd=1.0-2.evolix
     allow_unauthenticated: yes
     state: present
@@ -15,7 +15,7 @@
     - vrrpd
 
 - name: Adjust sysctl config (except rp_filter)
-  sysctl:
+  ansible.posix.sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
     sysctl_file: /etc/sysctl.d/vrrpd.conf
@@ -29,14 +29,15 @@
     - vrrpd
 
 - name: look if rp_filter is managed by minifirewall
-  command: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
+  ansible.builtin.command:
+    cmd: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
   failed_when: False
   changed_when: False
   check_mode: no
   register: grep_sysctl_rp_filter_minifirewall
 
 - name: Configure SYSCTL_RP_FILTER in minifirewall
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: "/etc/default/minifirewall"
     line: "SYSCTL_RP_FILTER='0'"
     regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
@@ -44,7 +45,7 @@
   when: grep_sysctl_rp_filter_minifirewall.rc == 0
 
 - name: Adjust sysctl config (only rp_filter)
-  sysctl:
+  ansible.posix.sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
     sysctl_file: /etc/sysctl.d/vrrpd.conf
@@ -58,7 +59,7 @@
     - vrrpd
 
 - name: Create VRRP address
-  include: ip.yml
+  ansible.builtin.include: ip.yml
   loop: "{{ vrrp_addresses }}"
   loop_control:
     loop_var: "vrrp_address"
\ No newline at end of file
diff --git a/webapps/evoadmin-mail/handlers/main.yml b/webapps/evoadmin-mail/handlers/main.yml
index beb030e2..a8638ea5 100644
--- a/webapps/evoadmin-mail/handlers/main.yml
+++ b/webapps/evoadmin-mail/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: reload apache2
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
 
 - name: reload php-fpm
-  service:
+  ansible.builtin.service:
     name: php7.0-fpm
     state: reloaded
diff --git a/webapps/evoadmin-mail/tasks/apache.yml b/webapps/evoadmin-mail/tasks/apache.yml
index f975c5f9..26c2b53b 100644
--- a/webapps/evoadmin-mail/tasks/apache.yml
+++ b/webapps/evoadmin-mail/tasks/apache.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install evoadminmail VHost
-  template:
+  ansible.builtin.template:
     src: apache_evoadminmail.conf.j2
     dest: /etc/apache2/sites-available/evoadminmail.conf
   notify: reload apache2
@@ -8,7 +8,7 @@
     - evoadmin-mail
 
 - name: Enable evoadminmail vhost
-  file:
+  ansible.builtin.file:
     src: "/etc/apache2/sites-available/evoadminmail.conf"
     dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
     state: link
@@ -18,7 +18,7 @@
     - evoadmin-mail
 
 - name: Disable evoadminmail vhost
-  file:
+  ansible.builtin.file:
     dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
     state: absent
   notify: reload apache2
diff --git a/webapps/evoadmin-mail/tasks/main.yml b/webapps/evoadmin-mail/tasks/main.yml
index 88f2dbb6..a1018eca 100644
--- a/webapps/evoadmin-mail/tasks/main.yml
+++ b/webapps/evoadmin-mail/tasks/main.yml
@@ -1,18 +1,18 @@
 ---
 
 - name: Remount /usr RW
-  include_role:
+  ansible.builtin.include_role:
     name: evolix/remount-usr
 
 - name: Install evoadmin-mail package
-  apt:
+  ansible.builtin.apt:
     deb: /tmp/evoadmin-mail.deb
     state: present
   tags:
     - evoadmin-mail
 
 - name: Configure contact mail
-  ini_file:
+  community.general.ini_file:
     dest: /etc/evoadmin-mail/config.ini
     section: global
     option: mail
@@ -20,16 +20,16 @@
   tags:
     - evoadmin-mail
 
-- include: ssl.yml
+- ansible.builtin.include: ssl.yml
 
-- include: apache.yml
+- ansible.builtin.include: apache.yml
   when: evoadminmail_webserver == "apache"
 
-- include: nginx.yml
+- ansible.builtin.include: nginx.yml
   when: evoadminmail_webserver == "nginx"
 
 - name: enable evoadmin-mail link in default site index
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     state: present
     regexp: "EvoAdmin-mail"
diff --git a/webapps/evoadmin-mail/tasks/nginx.yml b/webapps/evoadmin-mail/tasks/nginx.yml
index 2cb490e8..9b527009 100644
--- a/webapps/evoadmin-mail/tasks/nginx.yml
+++ b/webapps/evoadmin-mail/tasks/nginx.yml
@@ -1,6 +1,6 @@
 ---
 - name: Copy php-fpm evoadmin-mail pool
-  copy:
+  ansible.builtin.copy:
     src: pool.evoadmin-mail.conf
     dest: /etc/php/7.0/fpm/pool.d/evoadmin-mail.conf
   notify: reload php-fpm
@@ -8,7 +8,7 @@
     - evoadmin-mail
 
 - name: Install evoadminmail VHost
-  template:
+  ansible.builtin.template:
     src: nginx_evoadminmail.conf.j2
     dest: /etc/nginx/sites-available/evoadminmail.conf
   notify: reload nginx
@@ -16,7 +16,7 @@
     - evoadmin-mail
 
 - name: Active evoadminmail VHost
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/evoadminmail.conf"
     dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
     state: link
@@ -26,7 +26,7 @@
     - evoadmin-mail
 
 - name: Disable evoadminmail vhost
-  file:
+  ansible.builtin.file:
     dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
     state: absent
   notify: reload nginx
diff --git a/webapps/evoadmin-mail/tasks/ssl.yml b/webapps/evoadmin-mail/tasks/ssl.yml
index b6f47127..9d9c9896 100644
--- a/webapps/evoadmin-mail/tasks/ssl.yml
+++ b/webapps/evoadmin-mail/tasks/ssl.yml
@@ -1,20 +1,21 @@
 ---
 - name: ssl-cert package is installed
-  apt:
+  ansible.builtin.apt:
     name: ssl-cert
     state: present
   tags:
     - evoadmin-mail
 
 - name: Create private key and csr for default site ({{ ansible_fqdn }})
-  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
+  ansible.builtin.command:
+    cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
   args:
     creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
   tags:
     - evoadmin-mail
 
 - name: Adjust rights on private key
-  file:
+  ansible.builtin.file:
     dest: /etc/ssl/private/{{ evoadminmail_host }}.key
     owner: root
     group: ssl-cert
@@ -23,7 +24,8 @@
     - evoadmin-mail
 
 - name: Create certificate for default site
-  command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
+  ansible.builtin.command:
+    cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
   args:
     creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"
   tags:
diff --git a/webapps/evoadmin-web/handlers/main.yml b/webapps/evoadmin-web/handlers/main.yml
index 669b0553..2c49ce24 100644
--- a/webapps/evoadmin-web/handlers/main.yml
+++ b/webapps/evoadmin-web/handlers/main.yml
@@ -1,14 +1,15 @@
 ---
 
 - name: reload apache2
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: restart apache2
-  service:
+  ansible.builtin.service:
     name: apache2
     state: restarted
 
 - name: newaliases
-  command: newaliases
+  ansible.builtin.command:
+    cmd: newaliases
diff --git a/webapps/evoadmin-web/tasks/config.yml b/webapps/evoadmin-web/tasks/config.yml
index 1053360c..8c3dc801 100644
--- a/webapps/evoadmin-web/tasks/config.yml
+++ b/webapps/evoadmin-web/tasks/config.yml
@@ -1,13 +1,13 @@
 ---
 
 - name: "Create /etc/evolinux"
-  file:
+  ansible.builtin.file:
     dest: "/etc/evolinux"
     recurse: True
     state: directory
 
 - name: Configure web-add config file
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/evolinux/web-add.conf
     force: "{{ evoadmin_add_conf_force }}"
@@ -21,7 +21,7 @@
   register: evoadmin_add_conf_template
 
 - name: Configure web-add template file for mail
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ evoadmin_scripts_dir }}/web-mail.tpl"
     force: "{{ evoadmin_mail_tpl_force }}"
diff --git a/webapps/evoadmin-web/tasks/ftp.yml b/webapps/evoadmin-web/tasks/ftp.yml
index 98f275ff..8c400e68 100644
--- a/webapps/evoadmin-web/tasks/ftp.yml
+++ b/webapps/evoadmin-web/tasks/ftp.yml
@@ -1,12 +1,12 @@
 ---
 
 - name: patch must be installed
-  apt:
+  ansible.builtin.apt:
     name: patch
     state: present
 
 - name: Patch ProFTPd config file
-  patch:
+  ansible.posix.patch:
     remote_src: False
     src: ftp/evolinux.conf.diff
     dest: /etc/proftpd/conf.d/z-evolinux.conf
diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml
index 1acb2aa5..19253bf5 100644
--- a/webapps/evoadmin-web/tasks/main.yml
+++ b/webapps/evoadmin-web/tasks/main.yml
@@ -1,24 +1,24 @@
 ---
 
 - name: "Ensure that evoadmin_contact_email is defined"
-  fail:
+  ansible.builtin.fail:
     msg: Please configure var evoadmin_contact_email
   when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0
 
-- include: packages.yml
+- ansible.builtin.include: packages.yml
 
-- include: user.yml
+- ansible.builtin.include: user.yml
 
-- include: config.yml
+- ansible.builtin.include: config.yml
 
-- include: ssl.yml
+- ansible.builtin.include: ssl.yml
 
-- include: web.yml
+- ansible.builtin.include: web.yml
 
-- include: ftp.yml
+- ansible.builtin.include: ftp.yml
 
 - name: enable evoadmin-web link in default site index
-  blockinfile:
+  ansible.builtin.blockinfile:
     dest: /var/www/index.html
     marker: "<!-- {mark} evoadmin-web section -->"
     block: |
diff --git a/webapps/evoadmin-web/tasks/packages.yml b/webapps/evoadmin-web/tasks/packages.yml
index 1d0af87a..d44ca731 100644
--- a/webapps/evoadmin-web/tasks/packages.yml
+++ b/webapps/evoadmin-web/tasks/packages.yml
@@ -1,16 +1,16 @@
 ---
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/apt
     tasks_from: evolix_public.yml
 
 # /!\ Warning, this is a temporary hack
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
 
 # /!\ Warning, this is a temporary hack
 - name: Install PHP packages from sid (Debian 10)
-  apt:
+  ansible.builtin.apt:
     deb: '{{ item }}'
     state: present
   loop:
@@ -18,7 +18,7 @@
   when: ansible_distribution_major_version is version('10', '=')
 
 - name: Install PHP packages from sid (Debian 12)
-  apt:
+  ansible.builtin.apt:
     deb: '{{ item }}'
     state: present
   loop:
@@ -26,14 +26,14 @@
   when: ansible_distribution_major_version is version('12', '=')
 
 - name: Install PHP packages
-  apt:
+  ansible.builtin.apt:
     name:
       - php-pear
       - php-log
     state: present
 
 - name: Install PHP5 packages (jessie)
-  apt:
+  ansible.builtin.apt:
     name: php5-pam
     state: present
     allow_unauthenticated: True
diff --git a/webapps/evoadmin-web/tasks/ssl.yml b/webapps/evoadmin-web/tasks/ssl.yml
index 6bdf1421..04fed56c 100644
--- a/webapps/evoadmin-web/tasks/ssl.yml
+++ b/webapps/evoadmin-web/tasks/ssl.yml
@@ -2,23 +2,25 @@
 
 
 - name: ssl-cert package is installed
-  apt:
+  ansible.builtin.apt:
     name: ssl-cert
     state: present
 
 - name: Create private key and csr for default site ({{ ansible_fqdn }})
-  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "/CN={{ evoadmin_host }}"
+  ansible.builtin.command:
+    cmd: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "/CN={{ evoadmin_host }}"
   args:
     creates: "/etc/ssl/private/{{ evoadmin_host }}.key"
 
 - name: Adjust rights on private key
-  file:
+  ansible.builtin.file:
     path: /etc/ssl/private/{{ evoadmin_host }}.key
     owner: root
     group: ssl-cert
     mode: "0640"
 
 - name: Create certificate for default site
-  command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
+  ansible.builtin.command:
+    cmd: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
   args:
     creates: "/etc/ssl/certs/{{ evoadmin_host }}.crt"
diff --git a/webapps/evoadmin-web/tasks/user.yml b/webapps/evoadmin-web/tasks/user.yml
index 0d453e9a..96c29803 100644
--- a/webapps/evoadmin-web/tasks/user.yml
+++ b/webapps/evoadmin-web/tasks/user.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Create evoadmin account
-  user:
+  ansible.builtin.user:
     name: evoadmin
     comment: "Evoadmin Web Account"
     home: "{{ evoadmin_home_dir }}"
@@ -9,30 +9,31 @@
     system: yes
 
 - name: Create www-evoadmin group
-  group:
+
+  ansible.builtin.group:
     name: www-evoadmin
     state: present
 
 - name: "Create www-evoadmin and add to group shadow (jessie)"
-  user:
+  ansible.builtin.user:
     name: www-evoadmin
     groups: shadow
     append: True
   when: ansible_distribution_release == "jessie"
 
 - name: "Create www-evoadmin (Debian 9 or later)"
-  user:
+  ansible.builtin.user:
     name: www-evoadmin
     system: yes
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: Is /etc/aliases present?
-  stat:
+  ansible.builtin.stat:
     path: /etc/aliases
   register: etc_aliases
 
 - name: Set evoadmin aliases
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/aliases
     line: "{{ item.line }}"
     regexp: "{{ item.regexp }}"
@@ -44,12 +45,12 @@
   when: etc_aliases.stat.exists
 
 - name: Git is needed to clone the evoadmin repository
-  apt:
+  ansible.builtin.apt:
     name: git
     state: present
 
 - name: "Clone evoadmin repository (jessie)"
-  git:
+  ansible.builtin.git:
     repo: https://forge.evolix.org/evoadmin-web.git
     dest: "{{ evoadmin_document_root }}"
     version: jessie
@@ -57,7 +58,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: "Clone evoadmin repository (Debian 9 or later)"
-  git:
+  ansible.builtin.git:
     repo: https://forge.evolix.org/evoadmin-web.git
     dest: "{{ evoadmin_document_root }}"
     version: master
@@ -65,44 +66,46 @@
   when: ansible_distribution_major_version is version('9', '>=')
 
 - name: Change ownership on git repository
-  file:
+  ansible.builtin.file:
     dest: "{{ evoadmin_document_root }}"
     owner: "{{ evoadmin_username }}"
     group: "{{ evoadmin_username }}"
     recurse: True
 
 - name: Create evoadmin log directory
-  file:
+  ansible.builtin.file:
     name: "{{ evoadmin_log_dir }}"
     owner: "{{ evoadmin_username }}"
     group: "{{ evoadmin_username }}"
     state: directory
 
-- include_role:
+- ansible.builtin.include_role:
     name: evolix/remount-usr
   when: evoadmin_scripts_dir is search("/usr")
 
 - name: "Create {{ evoadmin_scripts_dir }}"
-  file:
+  ansible.builtin.file:
     dest: "{{ evoadmin_scripts_dir }}"
     # recurse: True
     mode: "0700"
     state: directory
 
 - name: Install scripts like web-add.sh
-  shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
+  ansible.builtin.shell:
+    cmd: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
   args:
     creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
 
 # we use a shell command to have a "changed" that really reflects the result.
 - name: Fix permissions
-  command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
+  ansible.builtin.command:
+    cmd: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
   register: command_result
   changed_when: "'changed' in command_result.stdout"
   # failed_when: False
 
 - name: Add evoadmin sudoers file
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/sudoers.d/evoadmin
     mode: "0600"
diff --git a/webapps/evoadmin-web/tasks/web.yml b/webapps/evoadmin-web/tasks/web.yml
index ea4019a3..fc266462 100644
--- a/webapps/evoadmin-web/tasks/web.yml
+++ b/webapps/evoadmin-web/tasks/web.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: "Set custom values for PHP config (jessie)"
-  ini_file:
+  community.general.ini_file:
     dest: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini
     section: PHP
     option: "disable_functions"
@@ -10,7 +10,7 @@
   when: ansible_distribution_release == "jessie"
 
 - name: "Set custom values for PHP config (Debian 9)"
-  ini_file:
+  community.general.ini_file:
     dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
     section: PHP
     option: "disable_functions"
@@ -19,7 +19,7 @@
   when: ansible_distribution_release == "stretch"
 
 - name: "Set custom values for PHP config (Debian 10)"
-  ini_file:
+  community.general.ini_file:
     dest: /etc/php/7.3/apache2/conf.d/zzz-evolinux-custom.ini
     section: PHP
     option: "disable_functions"
@@ -28,7 +28,7 @@
   when: ansible_distribution_release == "buster"
 
 - name: "Set custom values for PHP config (Debian 11)"
-  ini_file:
+  community.general.ini_file:
     dest: /etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini
     section: PHP
     option: "disable_functions"
@@ -37,7 +37,7 @@
   when: ansible_distribution_release == "bullseye"
 
 - name: "Set custom values for PHP config (Debian 11)"
-  ini_file:
+  community.general.ini_file:
     dest: /etc/php/8.1/apache2/conf.d/zzz-evolinux-custom.ini
     section: PHP
     option: "disable_functions"
@@ -46,7 +46,7 @@
   when: ansible_distribution_release == "bookworm"
 
 - name: Install evoadmin VHost
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: /etc/apache2/sites-available/evoadmin.conf
     force: "{{ evoadmin_force_vhost }}"
@@ -61,21 +61,23 @@
   notify: reload apache2
 
 - name: Enable evoadmin vhost
-  command: "a2ensite evoadmin.conf"
+  ansible.builtin.command:
+    cmd: "a2ensite evoadmin.conf"
   register: cmd_a2ensite
   changed_when: "'Enabling site' in cmd_a2ensite.stdout"
   notify: reload apache2
   when: evoadmin_enable_vhost | bool
 
 - name: Disable evoadmin vhost
-  command: "a2dissite evoadmin.conf"
+  ansible.builtin.command:
+    cmd: "a2dissite evoadmin.conf"
   register: cmd_a2dissite
   changed_when: "'Disabling site' in cmd_a2dissite.stdout"
   notify: reload apache2
   when: not (evoadmin_enable_vhost | bool)
 
 - name: Copy htpasswd for evoadmin
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "/var/www/.ansible_evoadmin_htpasswd"
     mode: "0644"
@@ -93,7 +95,7 @@
   when: evoadmin_htpasswd | bool
 
 - name: Copy config file for evoadmin
-  template:
+  ansible.builtin.template:
     src: "{{ item }}"
     dest: "{{ evoadmin_document_root }}/conf/config.local.php"
     mode: "0640"
diff --git a/webapps/nextcloud/handlers/main.yml b/webapps/nextcloud/handlers/main.yml
index 46b3b014..6997c361 100644
--- a/webapps/nextcloud/handlers/main.yml
+++ b/webapps/nextcloud/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: reload php-fpm
-  service:
+  ansible.builtin.service:
     name: php7.3-fpm
     state: reloaded
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
 
 - name: reload apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
\ No newline at end of file
diff --git a/webapps/nextcloud/tasks/apache-system.yml b/webapps/nextcloud/tasks/apache-system.yml
index 490d2f8d..bbea82a4 100644
--- a/webapps/nextcloud/tasks/apache-system.yml
+++ b/webapps/nextcloud/tasks/apache-system.yml
@@ -1,16 +1,17 @@
 ---
 
 - name: "Get PHP Version"
-  shell: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"'
+  ansible.builtin.shell:
+    cmd: 'php -v | grep "PHP [0-9]." | sed -E "s/PHP ([0-9]\.[0-9]).*/\1/g;"'
   register: shell_php
   check_mode: no
 
 - name: "Set variables"
-  set_fact:
+  ansible.builtin.set_fact:
     php_version: "{{ shell_php.stdout }}"
 
 - name: Apply specific PHP settings (apache)
-  ini_file:
+  community.general.ini_file:
     path: "/etc/php/{{ php_version }}/apache2/conf.d/zzz-evolinux-custom.ini"
     section: ''
     option: "{{ item.option }}"
@@ -23,7 +24,7 @@
   - {option: 'memory_limit', value: '512M'}
 
 - name: Apply specific PHP settings (cli)
-  ini_file:
+  community.general.ini_file:
     path: "/etc/php/{{ php_version }}/cli/conf.d/zzz-evolinux-custom.ini"
     section: ''
     option: "{{ item.option }}"
diff --git a/webapps/nextcloud/tasks/apache-vhost.yml b/webapps/nextcloud/tasks/apache-vhost.yml
index e3f213ca..36e5b989 100644
--- a/webapps/nextcloud/tasks/apache-vhost.yml
+++ b/webapps/nextcloud/tasks/apache-vhost.yml
@@ -1,6 +1,6 @@
 ---
 - name: Copy Apache vhost
-  template:
+  ansible.builtin.template:
     src: apache-vhost.conf.j2
     dest: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
     mode: "0640"
@@ -9,7 +9,7 @@
     - nextcloud
 
 - name: Enable Apache vhost
-  file:
+  ansible.builtin.file:
     src: "/etc/apache2/sites-available/{{ nextcloud_instance_name }}.conf"
     dest: "/etc/apache2/sites-enabled/{{ nextcloud_instance_name }}.conf"
     state: link
diff --git a/webapps/nextcloud/tasks/archive.yml b/webapps/nextcloud/tasks/archive.yml
index d59bd582..47defe79 100644
--- a/webapps/nextcloud/tasks/archive.yml
+++ b/webapps/nextcloud/tasks/archive.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Retrieve Nextcloud archive
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}"
     dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
     force: no
@@ -9,7 +9,7 @@
     - nextcloud
 
 - name: Retrieve Nextcloud sha256 checksum
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ nextcloud_releases_baseurl }}{{ nextcloud_archive_name }}.sha256"
     dest: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}.sha256"
     force: no
@@ -17,7 +17,8 @@
     - nextcloud
 
 - name: Verify Nextcloud sha256 checksum
-  command: "sha256sum -c {{ nextcloud_archive_name }}.sha256"
+  ansible.builtin.command:
+    cmd: "sha256sum -c {{ nextcloud_archive_name }}.sha256"
   changed_when: "False"
   args:
     chdir: "{{ nextcloud_home }}"
@@ -25,7 +26,7 @@
     - nextcloud
 
 - name: Extract Nextcloud archive
-  unarchive:
+  ansible.builtin.unarchive:
     src: "{{ nextcloud_home }}/{{ nextcloud_archive_name }}"
     dest: "{{ nextcloud_home }}"
     creates: "{{ nextcloud_home }}/nextcloud"
diff --git a/webapps/nextcloud/tasks/config.yml b/webapps/nextcloud/tasks/config.yml
index 85142726..2cc8cd7e 100644
--- a/webapps/nextcloud/tasks/config.yml
+++ b/webapps/nextcloud/tasks/config.yml
@@ -2,15 +2,16 @@
 
 - block:
   - name: Generate admin password
-    command: 'apg -n 1 -m 16 -M lcN'
+    ansible.builtin.command:
+      cmd: 'apg -n 1 -m 16 -M lcN'
     register: nextcloud_admin_password_apg
     check_mode: no
     changed_when: False
 
-  - debug:
+  - ansible.builtin.debug:
       var: nextcloud_admin_password_apg
 
-  - set_fact:
+  - ansible.builtin.set_fact:
       nextcloud_admin_password: "{{ nextcloud_admin_password_apg.stdout }}"
 
   tags:
@@ -18,7 +19,8 @@
   when: nextcloud_admin_password | length == 0
 
 - name: Get Nextcloud Status
-  shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'"
+  ansible.builtin.shell:
+    cmd: "php ./occ status --output json | grep -v 'Nextcloud is not installed'"
   args:
     chdir: "{{ nextcloud_webroot }}"
   become_user: "{{ nextcloud_user }}"
@@ -28,7 +30,8 @@
     - nextcloud
 
 - name: Install Nextcloud
-  command: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}"
+  ansible.builtin.command:
+    cmd: "php ./occ maintenance:install --database mysql --database-name {{ nextcloud_db_name | mandatory }} --database-user {{ nextcloud_db_user | mandatory }} --database-pass {{ nextcloud_db_pass | mandatory }} --admin-user {{ nextcloud_admin_login | mandatory }} --admin-pass {{ nextcloud_admin_password | mandatory }} --data-dir {{ nextcloud_data | mandatory }}"
   args:
     chdir: "{{ nextcloud_webroot }}"
     creates: "{{ nextcloud_home }}/config/config.php"
@@ -38,7 +41,7 @@
     - nextcloud
 
 - name: Configure Nextcloud Mysql password
-  replace:
+  ansible.builtin.replace:
     dest: "{{ nextcloud_home }}/nextcloud/config/config.php"
     regexp:  "'dbpassword' => '([^']*)',"
     replace: "'dbpassword' => '{{ nextcloud_db_pass }}',"
@@ -46,7 +49,7 @@
     - nextcloud
 
 - name: Configure Nextcloud cron
-  cron:
+  ansible.builtin.cron:
     name: 'Nextcloud'
     minute: "*/5"
     job: "php -f {{ nextcloud_webroot }}/cron.php"
@@ -55,7 +58,8 @@
     - nextcloud
 
 - name: Erase previously trusted domains config
-  command: "php ./occ config:system:set trusted_domains"
+  ansible.builtin.command:
+    cmd: "php ./occ config:system:set trusted_domains"
   args:
     chdir: "{{ nextcloud_webroot }}"
   become_user: "{{ nextcloud_user }}"
@@ -63,7 +67,8 @@
     - nextcloud
 
 - name: Configure trusted domains
-  command: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}"
+  ansible.builtin.command:
+    cmd: "php ./occ config:system:set trusted_domains {{ item.0 }} --value {{ item.1 }}"
   args:
     chdir: "{{ nextcloud_webroot }}"
   with_indexed_items:
diff --git a/webapps/nextcloud/tasks/main.yml b/webapps/nextcloud/tasks/main.yml
index 2823f8f5..02304334 100644
--- a/webapps/nextcloud/tasks/main.yml
+++ b/webapps/nextcloud/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install dependencies
-  apt:
+  ansible.builtin.apt:
     state: present
     name:
     - bzip2
@@ -23,7 +23,7 @@
 
 # dependency for mysql_user and mysql_db - python2
 - name: python modules is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name:
       - python-mysqldb
       - python-pymysql
@@ -34,7 +34,7 @@
 
 # dependency for mysql_user and mysql_db - python3
 - name: python3 modules is installed (Ansible dependency)
-  apt:
+  ansible.builtin.apt:
     name:
       - python3-mysqldb
       - python3-pymysql
@@ -43,14 +43,14 @@
     - nextcloud
   when: ansible_python_version is version('3', '>=')
 
-- include: apache-system.yml
+- ansible.builtin.include: apache-system.yml
 
-- include: user.yml
+- ansible.builtin.include: user.yml
 
-- include: archive.yml
+- ansible.builtin.include: archive.yml
 
-- include: apache-vhost.yml
+- ansible.builtin.include: apache-vhost.yml
 
-- include: mysql-user.yml
+- ansible.builtin.include: mysql-user.yml
 
-- include: config.yml
+- ansible.builtin.include: config.yml
diff --git a/webapps/nextcloud/tasks/mysql-user.yml b/webapps/nextcloud/tasks/mysql-user.yml
index a12a80f4..82c3acb3 100644
--- a/webapps/nextcloud/tasks/mysql-user.yml
+++ b/webapps/nextcloud/tasks/mysql-user.yml
@@ -1,6 +1,7 @@
 ---
 - name: Get actual Mysql password
-  shell: "grep password {{ nextcloud_home }}/.my.cnf | awk '{ print $3 }'"
+  ansible.builtin.shell:
+    cmd: "grep password {{ nextcloud_home }}/.my.cnf | awk '{ print $3 }'"
   register: nextcloud_db_pass_grep
   check_mode: no
   changed_when: False
@@ -9,7 +10,8 @@
     - nextcloud
 
 - name: Generate Mysql password
-  command: 'apg -n 1 -m 16 -M lcN'
+  ansible.builtin.command:
+    cmd: 'apg -n 1 -m 16 -M lcN'
   register: nextcloud_db_pass_apg
   check_mode: no
   changed_when: False
@@ -17,17 +19,17 @@
     - nextcloud
 
 - name: Set Mysql password
-  set_fact:
+  ansible.builtin.set_fact:
     nextcloud_db_pass: "{{ nextcloud_db_pass_grep.stdout | default(nextcloud_db_pass_apg.stdout, True) }}"
   tags:
     - nextcloud
 
-- debug:
+- ansible.builtin.debug:
     var: nextcloud_db_pass
     verbosity: 1
 
 - name: Create Mysql database
-  mysql_db:
+  community.mysql.mysql_db:
     name: "{{ nextcloud_db_name }}"
     config_file: "/root/.my.cnf"
     state: present
@@ -35,7 +37,7 @@
     - nextcloud
 
 - name: Create Mysql user
-  mysql_user:
+  community.mysql.mysql_user:
     name: "{{ nextcloud_db_user }}"
     password: '{{ nextcloud_db_pass }}'
     priv: "{{ nextcloud_db_name }}.*:ALL"
@@ -46,7 +48,7 @@
     - nextcloud
 
 - name: Store credentials in my.cnf
-  ini_file:
+  community.general.ini_file:
     dest: "{{ nextcloud_home }}/.my.cnf"
     owner: "{{ nextcloud_user }}"
     group: "{{ nextcloud_user }}"
diff --git a/webapps/nextcloud/tasks/user.yml b/webapps/nextcloud/tasks/user.yml
index 8fa3fee1..01cc037c 100644
--- a/webapps/nextcloud/tasks/user.yml
+++ b/webapps/nextcloud/tasks/user.yml
@@ -1,13 +1,14 @@
 ---
 - name: Create {{ nextcloud_user }} unix group
-  group:
+
+  ansible.builtin.group:
     name: "{{ nextcloud_user | mandatory }}"
     state: present
   tags:
     - nextcloud
 
 - name: Create {{ nextcloud_user | mandatory }} unix user
-  user:
+  ansible.builtin.user:
     name: "{{ nextcloud_user | mandatory }}"
     group: "{{ nextcloud_user | mandatory }}"
     home: "{{ nextcloud_home | mandatory }}"
@@ -19,7 +20,7 @@
   - nextcloud
 
 - name: Create top-level directories
-  file:
+  ansible.builtin.file:
     dest: "{{ item }}"
     state: directory
     mode: "0700"
diff --git a/webapps/roundcube/handlers/main.yml b/webapps/roundcube/handlers/main.yml
index 98b530d9..f16ba8d6 100644
--- a/webapps/roundcube/handlers/main.yml
+++ b/webapps/roundcube/handlers/main.yml
@@ -1,15 +1,15 @@
 ---
 - name: restart imapproxy
-  systemd:
+  ansible.builtin.systemd:
     name: imapproxy
     state: restarted
 
 - name: reload apache2
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
diff --git a/webapps/roundcube/tasks/main.yml b/webapps/roundcube/tasks/main.yml
index 08fe73d1..17422246 100644
--- a/webapps/roundcube/tasks/main.yml
+++ b/webapps/roundcube/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: configure roundcube-core
-  debconf:
+  ansible.builtin.debconf:
     name: roundcube-core
     question: "{{ item.key }}"
     value: "{{ item.value }}"
@@ -12,7 +12,7 @@
     - roundcube
 
 - name: install Roundcube
-  apt:
+  ansible.builtin.apt:
     name:
       - imapproxy
       - roundcube
@@ -25,7 +25,7 @@
     - roundcube
 
 - name: configure imapproxy imap host
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/imapproxy.conf
     regexp: "^server_hostname"
     line: "server_hostname {{ roundcube_imap_host }}"
@@ -34,7 +34,7 @@
     - roundcube
 
 - name: configure imapproxy imap port
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/imapproxy.conf
     regexp: "^server_port"
     line: "server_port {{ roundcube_imap_port }}"
@@ -43,7 +43,7 @@
     - roundcube
 
 - name: enable and start imapproxy
-  service:
+  ansible.builtin.service:
     name: imapproxy
     state: started
     enabled: True
@@ -51,7 +51,7 @@
     - roundcube
 
 - name: configure roundcube imap host
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/roundcube/config.inc.php
     regexp: "\\$config\\['default_host'\\]"
     line: "$config['default_host'] = array('127.0.0.1');"
@@ -59,7 +59,7 @@
     - roundcube
 
 - name: configure roudcube imap port
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/roundcube/config.inc.php
     regexp: "\\$config\\['default_port'\\]"
     insertafter: "\\$config\\['default_host'\\]"
@@ -68,7 +68,7 @@
     - roundcube
 
 - name: configure managesieve plugin
-  copy:
+  ansible.builtin.copy:
     src: /usr/share/roundcube/plugins/managesieve/config.inc.php.dist
     dest: /etc/roundcube/plugins/managesieve/config.inc.php
     mode: "0644"
@@ -77,7 +77,7 @@
     - roundcube
 
 - name: enable default plugins
-  replace:
+  ansible.builtin.replace:
     dest: /etc/roundcube/config.inc.php
     regexp: "^\\$config\\['plugins'\\] = array\\($"
     replace: "$config['plugins'] = array('zipdownload','managesieve'"
@@ -85,7 +85,7 @@
     - roundcube
 
 - name: deploy apache roundcube vhost
-  template:
+  ansible.builtin.template:
     src: apache2.conf.j2
     dest: /etc/apache2/sites-available/roundcube.conf
     mode: "0640"
@@ -95,7 +95,7 @@
     - roundcube
 
 - name: enable apache roundcube vhost
-  file:
+  ansible.builtin.file:
     src: /etc/apache2/sites-available/roundcube.conf
     dest: /etc/apache2/sites-enabled/roundcube.conf
     state: link
@@ -105,14 +105,14 @@
     - roundcube
 
 - name: deploy Nginx roundcube vhost
-  template:
+  ansible.builtin.template:
     src: nginx.conf.j2
     dest: /etc/nginx/sites-available/roundcube.conf
   when: roundcube_webserver == "nginx"
   notify: reload nginx
 
 - name: enable Nginx roundcube vhost
-  file:
+  ansible.builtin.file:
     src: "/etc/nginx/sites-available/roundcube.conf"
     dest: "/etc/nginx/sites-enabled/roundcube.conf"
     state: link
@@ -120,7 +120,7 @@
   notify: reload nginx
 
 - name: enable roundcube link in default site index
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /var/www/index.html
     state: present
     regexp: "Webmail"
diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml
index 32eda170..3ef832a8 100644
--- a/webapps/wordpress/tasks/main.yml
+++ b/webapps/wordpress/tasks/main.yml
@@ -1,34 +1,36 @@
 ---
 - name: Create bin dir
-  file:
+  ansible.builtin.file:
     state: directory
     dest: "{{ ansible_env.HOME }}/bin"
     mode: "0750"
 
 - name: Download wp-cli
-  get_url:
+  ansible.builtin.get_url:
     url: "https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar"
     dest: "{{ ansible_env.HOME }}/bin/wp-cli.phar"
     mode: "0750"
 
 - name: Download Wordpress
-  shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/index.php"
 
 - name: Retrieve .my.cnf
-  fetch:
+  ansible.builtin.fetch:
     src: "{{ ansible_env.HOME }}/.my.cnf"
     dest: "/tmp/wordpress-{{ ansible_user }}.cnf"
     flat: yes
 
 - name: Generate random password
-  command: apg -n1 -m 12 -M LCN
+  ansible.builtin.command:
+    cmd: apg -n1 -m 12 -M LCN
   register: shell_password
   changed_when: False
 
 - name: Read mysql config from .my.cnf
-  set_fact:
+  ansible.builtin.set_fact:
     db_host: "{{ lookup('ini', 'host section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default=127.0.0.1') }}"
     db_user: "{{ lookup('ini', 'user section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default={{ ansible_user }}') }}"
     db_pwd: "{{ lookup('ini', 'password section=client file=/tmp/wordpress-{{ ansible_user }}.cnf') }}"
@@ -36,50 +38,57 @@
     admin_pwd: "{{ shell_password.stdout }}"
 
 - name: Remove local .my.cnf
-  file:
+  ansible.builtin.file:
     path: "/tmp/wordpress-{{ ansible_user }}.cnf"
     state: absent
   delegate_to: localhost
 
 - name: Configure Wordpress (wp-config.php)
-  shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/wp-config.php"
 
 - name: Configure site
-  shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
   changed_when: False
 
 - name: Check if Wordpress is up to date
-  shell: '{{ wordpress_wpcli }} core check-update | grep -q Success'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} core check-update | grep -q Success'
   register: check_version
   check_mode: no
   failed_when: False
   changed_when: check_version.rc == 1
 
 - name: Update Wordpress
-  shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
   args:
     removes: "{{ ansible_env.HOME }}/www/index.php"
   when: check_version.rc == 1
 
 - name: Install default plugin
-  shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}'
   changed_when: False
   loop: "{{ wordpress_plugins }}"
 
 - name: Update default plugins
-  shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}'
   changed_when: False
   loop: "{{ wordpress_plugins }}"
 
 - name: Activate default plugins
-  shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}'
+  ansible.builtin.shell:
+    cmd: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}'
   changed_when: False
   loop: "{{ wordpress_plugins }}"
 
 - name: Send a summary mail
-  mail:
+  community.general.mail:
     host: 'localhost'
     port: 25
     to: "{{ wordpress_email }}"