diff --git a/.ansible-lint b/.ansible-lint
index a96bb516..b4c2cf06 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -9,7 +9,6 @@ quiet: true
 exclude_paths:
   - .cache/ # implicit unless exclude_paths is defined in config
   - collections/
-  - .gitlab-ci.yml
   - friedhof/
   - playbooks/on-off
   - playbooks/base
@@ -26,5 +25,4 @@ exclude_paths:
   - roles/ansible-ufw
   - roles/ansible_role_gitea
   - roles/ansible-role-postgresql
-  - .woodpecker/
   - .gitea/
diff --git a/.gitea/workflows/ansible-lint.yaml b/.gitea/workflows/ansible-lint.yaml
deleted file mode 100644
index b658a90a..00000000
--- a/.gitea/workflows/ansible-lint.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: ansible-lint
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-
-jobs:
-  ansible-lint:
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: write vault-pass
-        run: echo ${{ secrets.VAULTPASS }} > ./vault-pass
-
-      - name: run ansible-lint
-        uses: docker://registry.mgrote.net/ansible-devspace:latest
-        with:
-          args: ansible-lint --force-color --format pep8 --show-relpath
-
-# VAULTPASS ist als Secrets auf Repo-Ebene angelegt
diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
new file mode 100644
index 00000000..d32c5d4b
--- /dev/null
+++ b/.gitea/workflows/ci.yaml
@@ -0,0 +1,33 @@
+name: ansible-lint
+on:
+  workflow_dispatch:
+  push:
+    branches: [ master ]
+  pull_request:
+
+jobs:
+  ansible-lint:
+    name: Ansible Lint
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: write vault-pass
+        run: echo ${{ secrets.VAULTPASS }} > ./vault-pass
+
+      - name: Run ansible-lint
+        uses: docker://registry.mgrote.net/ansible-devspace:latest
+        with:
+          args: /home/ansible-dev/.local/bin/ansible-lint --force-color --format pep8 --show-relpath
+
+  gitleaks:
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Gitleaks
+        uses: docker://zricethezav/gitleaks:v8.18.4
+        with:
+          args: detect --no-git --verbose --source ${{ github.workspace }}
+
+# VAULTPASS ist als Secrets auf Repo-Ebene angelegt
diff --git a/.gitea/workflows/gitleaks.yaml b/.gitea/workflows/gitleaks.yaml
deleted file mode 100644
index 9302ab56..00000000
--- a/.gitea/workflows/gitleaks.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: gitleaks
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-
-jobs:
-  gitleaks:
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Gitleaks
-        uses: docker://zricethezav/gitleaks:v8.18.4
-        with:
-          args: detect --no-git --verbose --source ${{ github.workspace }}