diff --git a/metal/README.md b/metal/README.md
index 89ce86de..05e1b5bf 100644
--- a/metal/README.md
+++ b/metal/README.md
@@ -1,6 +1,6 @@
 # Bare-metal
 
-- Ansible renders the configuration file for each bare metal machine (like IP, hostname...) and the PXE server from [templates](./roles/pxe-server/templates)
+- Ansible renders the configuration file for each bare metal machine (like IP, hostname...) and the PXE server from [templates](./roles/pxe_server/templates)
 - The tools container creates sibling containers to build a PXE server (includes DHCP, TFTP and HTTP server)
 - Ansible [wake the machines up](./roles/wake/tasks/main.yml) using Wake on LAN
 - The machine start the boot process, the OS get installed (through PXE server) and the machine reboots to the new operating system
diff --git a/metal/boot.yml b/metal/boot.yml
index 4bc6a240..c6821df4 100644
--- a/metal/boot.yml
+++ b/metal/boot.yml
@@ -1,10 +1,10 @@
 - name: Start PXE server
   hosts: localhost
   roles:
-    - pxe-server
+    - pxe_server
 
 - name: Provision bare metal machines
   hosts: metal
-  gather_facts: no
+  gather_facts: false
   roles:
     - wake
diff --git a/metal/roles/k3s/defaults/main.yml b/metal/roles/k3s/defaults/main.yml
index 75829a13..a0edf5d8 100644
--- a/metal/roles/k3s/defaults/main.yml
+++ b/metal/roles/k3s/defaults/main.yml
@@ -1,11 +1,11 @@
-k3s_version: v1.23.1-rc1+k3s1 # TODO switch to stable
+k3s_version: v1.23.1-rc1+k3s1  # TODO switch to stable
 k3s_config_file: /etc/rancher/k3s/config.yaml
 k3s_token_file: /etc/rancher/node/password
 k3s_service_file: /etc/systemd/system/k3s.service
 k3s_server_config:
   disable:
-  - local-storage
-  - servicelb
-  - traefik
+    - local-storage
+    - servicelb
+    - traefik
   disable-cloud-controller: true
   secrets-encryption: true
diff --git a/metal/roles/k3s/tasks/main.yml b/metal/roles/k3s/tasks/main.yml
index 60461cb8..d30550e9 100644
--- a/metal/roles/k3s/tasks/main.yml
+++ b/metal/roles/k3s/tasks/main.yml
@@ -19,25 +19,27 @@
   file:
     path: "{{ item }}"
     state: directory
+    mode: 0755
   loop:
     - /etc/rancher/k3s
     - /etc/rancher/node
 
 - name: Check if k3s token file exists on the first node
-  run_once: yes
+  run_once: true
   stat:
     path: "{{ k3s_token_file }}"
   register: k3s_token_file_stat
 
 - name: Generate k3s token file on the first node if not exist yet
-  run_once: yes
+  run_once: true
   when: not k3s_token_file_stat.stat.exists
   copy:
     content: "{{ lookup('community.general.random_string', length=32) }}"
     dest: "{{ k3s_token_file }}"
+    mode: 0600
 
 - name: Get k3s token from the first node
-  run_once: yes
+  run_once: true
   slurp:
     src: "{{ k3s_token_file }}"
   register: k3s_token_base64
@@ -46,11 +48,13 @@
   copy:
     content: "{{ k3s_token_base64.content | b64decode }}"
     dest: "{{ k3s_token_file }}"
+    mode: 0600
 
 - name: Copy k3s config files
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
+    mode: 0644
   loop:
     - src: config.yaml.j2
       dest: "{{ k3s_config_file }}"
@@ -60,14 +64,14 @@
 - name: Enable k3s service
   systemd:
     name: k3s
-    enabled: yes
+    enabled: true
     state: started
   register: k3s_service
   until: k3s_service is succeeded
   retries: 5
 
 - name: Get Kubernetes config file
-  run_once: yes
+  run_once: true
   slurp:
     src: /etc/rancher/k3s/k3s.yaml
   register: kubeconfig_base64
diff --git a/metal/roles/pxe-server/defaults/main.yml b/metal/roles/pxe_server/defaults/main.yml
similarity index 100%
rename from metal/roles/pxe-server/defaults/main.yml
rename to metal/roles/pxe_server/defaults/main.yml
diff --git a/metal/roles/pxe-server/files/data/init-config/.gitignore b/metal/roles/pxe_server/files/data/init-config/.gitignore
similarity index 100%
rename from metal/roles/pxe-server/files/data/init-config/.gitignore
rename to metal/roles/pxe_server/files/data/init-config/.gitignore
diff --git a/metal/roles/pxe-server/files/data/iso/.gitignore b/metal/roles/pxe_server/files/data/iso/.gitignore
similarity index 100%
rename from metal/roles/pxe-server/files/data/iso/.gitignore
rename to metal/roles/pxe_server/files/data/iso/.gitignore
diff --git a/metal/roles/pxe-server/files/data/os/.gitignore b/metal/roles/pxe_server/files/data/os/.gitignore
similarity index 100%
rename from metal/roles/pxe-server/files/data/os/.gitignore
rename to metal/roles/pxe_server/files/data/os/.gitignore
diff --git a/metal/roles/pxe-server/files/data/pxe-config/.gitignore b/metal/roles/pxe_server/files/data/pxe-config/.gitignore
similarity index 100%
rename from metal/roles/pxe-server/files/data/pxe-config/.gitignore
rename to metal/roles/pxe_server/files/data/pxe-config/.gitignore
diff --git a/metal/roles/pxe-server/files/dhcp/Dockerfile b/metal/roles/pxe_server/files/dhcp/Dockerfile
similarity index 100%
rename from metal/roles/pxe-server/files/dhcp/Dockerfile
rename to metal/roles/pxe_server/files/dhcp/Dockerfile
diff --git a/metal/roles/pxe-server/files/dhcp/dhcpd.conf b/metal/roles/pxe_server/files/dhcp/dhcpd.conf
similarity index 100%
rename from metal/roles/pxe-server/files/dhcp/dhcpd.conf
rename to metal/roles/pxe_server/files/dhcp/dhcpd.conf
diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe_server/files/docker-compose.yml
similarity index 100%
rename from metal/roles/pxe-server/files/docker-compose.yml
rename to metal/roles/pxe_server/files/docker-compose.yml
diff --git a/metal/roles/pxe-server/files/http/Dockerfile b/metal/roles/pxe_server/files/http/Dockerfile
similarity index 100%
rename from metal/roles/pxe-server/files/http/Dockerfile
rename to metal/roles/pxe_server/files/http/Dockerfile
diff --git a/metal/roles/pxe-server/files/tftp/Dockerfile b/metal/roles/pxe_server/files/tftp/Dockerfile
similarity index 100%
rename from metal/roles/pxe-server/files/tftp/Dockerfile
rename to metal/roles/pxe_server/files/tftp/Dockerfile
diff --git a/metal/roles/pxe-server/files/tftp/grub.cfg b/metal/roles/pxe_server/files/tftp/grub.cfg
similarity index 100%
rename from metal/roles/pxe-server/files/tftp/grub.cfg
rename to metal/roles/pxe_server/files/tftp/grub.cfg
diff --git a/metal/roles/pxe-server/tasks/main.yml b/metal/roles/pxe_server/tasks/main.yml
similarity index 91%
rename from metal/roles/pxe-server/tasks/main.yml
rename to metal/roles/pxe_server/tasks/main.yml
index c1d88e3f..96a6ded2 100644
--- a/metal/roles/pxe-server/tasks/main.yml
+++ b/metal/roles/pxe_server/tasks/main.yml
@@ -14,21 +14,24 @@
   template:
     src: dhcpd.conf.j2
     dest: "{{ role_path }}/files/data/pxe-config/dhcpd.conf"
+    mode: 0644
 
 - name: Render GRUB config
   template:
     src: grub.cfg.j2
     dest: "{{ role_path }}/files/data/pxe-config/grub.cfg"
+    mode: 0644
 
 - name: Render machine specific init config
   template:
     src: kickstart.ks.j2
     dest: "{{ role_path }}/files/data/init-config/{{ hostvars[item]['mac'] }}.ks"
+    mode: 0644
   loop: "{{ groups['metal'] }}"
 
 - name: Start ephemeral PXE server
   docker_compose:
     project_src: "{{ role_path }}/files"
     state: present
-    restarted: yes
-    build: yes
+    restarted: true
+    build: true
diff --git a/metal/roles/pxe-server/templates/dhcpd.conf.j2 b/metal/roles/pxe_server/templates/dhcpd.conf.j2
similarity index 100%
rename from metal/roles/pxe-server/templates/dhcpd.conf.j2
rename to metal/roles/pxe_server/templates/dhcpd.conf.j2
diff --git a/metal/roles/pxe-server/templates/grub.cfg.j2 b/metal/roles/pxe_server/templates/grub.cfg.j2
similarity index 100%
rename from metal/roles/pxe-server/templates/grub.cfg.j2
rename to metal/roles/pxe_server/templates/grub.cfg.j2
diff --git a/metal/roles/pxe-server/templates/kickstart.ks.j2 b/metal/roles/pxe_server/templates/kickstart.ks.j2
similarity index 100%
rename from metal/roles/pxe-server/templates/kickstart.ks.j2
rename to metal/roles/pxe_server/templates/kickstart.ks.j2
diff --git a/metal/shutdown.yml b/metal/shutdown.yml
index 0584ded8..9b72bfd4 100644
--- a/metal/shutdown.yml
+++ b/metal/shutdown.yml
@@ -1,11 +1,11 @@
 - name: Shutdown the homelab
   hosts: metal
-  gather_facts: no
+  gather_facts: false
   tasks:
     - name: Unconditionally shut down the machine
       community.general.shutdown:
         delay: 0
-      ignore_unreachable: yes
+      ignore_unreachable: true
     - name: Wait for the machine to shutdown
       shell: "until ! ping -c 1 {{ ansible_host }}; do sleep 1; done"
       delegate_to: localhost
diff --git a/scripts/pxe-logs b/scripts/pxe-logs
index 9d77d4ff..8f2c5f67 100755
--- a/scripts/pxe-logs
+++ b/scripts/pxe-logs
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-docker compose --project-directory ./metal/roles/pxe-server/files/ logs --follow
+docker compose --project-directory ./metal/roles/pxe_server/files/ logs --follow