diff --git a/.ansible-lint b/.ansible-lint
index 9b9b52a..2b580a2 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -3,6 +3,7 @@
 exclude_paths:
   - ".gitlab/*"
   - ".gitlab-ci.yml"
+  - ".woodpecker/*"
   - "defaults/main.yaml"
   - "meta/main.yaml"
   - "vars/*"
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index 7ec2c37..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-# gitlab stages
-stages:
-  - "gitleaks"
-  - "linting"
-
-# include components
-include:
-  - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
-  - component: "$CI_SERVER_FQDN/components/gitleaks/gitleaks@v1.0.0"
-  - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0"
-  - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
index 56cd87c..a4ea90f 100644
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@@ -6,7 +6,8 @@
   // linting rules
   "config": {
     "MD013": {
-      "line_length": 120
+      "line_length": 120,
+      "tables": false
     }
   }
 }
diff --git a/.woodpecker/linting.yml b/.woodpecker/linting.yml
new file mode 100644
index 0000000..02cf4c2
--- /dev/null
+++ b/.woodpecker/linting.yml
@@ -0,0 +1,41 @@
+---
+when:
+  - event: "push"
+    branch: "main"
+  - event: "manual"
+
+steps:
+
+  # gitleaks
+  - name: "gitleaks"
+    # renovate: datasource=github-releases depName=gitleaks/gitleaks
+    image: "cr.simoncor.net/ghcr/gitleaks/gitleaks:v8.30.1"
+    commands:
+      - "gitleaks detect --source . --verbose --redact"
+
+  # yamllint
+  - name: "yamllint"
+    # renovate: datasource=docker depName=cr.simoncor.net/yamllint
+    image: "cr.simoncor.net/yamllint:1.38.0"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "yamllint -c .yamllint ."
+
+  # ansible-lint
+  - name: "ansible-lint"
+    # renovate: datasource=docker depName=docker.io/pipelinecomponents/ansible-lint
+    image: "cr.simoncor.net/dockerhub/pipelinecomponents/ansible-lint:0.79.11"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "ansible-lint -c .ansible-lint ."
+
+  # markdownlint
+  - name: "markdownlint"
+    # renovate: datasource=docker depName=docker.io/davidanson/markdownlint-cli2
+    image: "cr.simoncor.net/dockerhub/davidanson/markdownlint-cli2:v0.22.1"
+    depends_on:
+      - "gitleaks"
+    commands:
+      - "markdownlint-cli2 --config .markdownlint-cli2.jsonc"
diff --git a/meta/main.yaml b/meta/main.yaml
index 4ad52ff..38a55f4 100644
--- a/meta/main.yaml
+++ b/meta/main.yaml
@@ -5,8 +5,4 @@ galaxy_info:
   description: "install and configure an pangolin server"
   license: "MIT"
   role_name: "pangolin"
-dependencies:
-  - name: "docker"
-    src: "https://gitlab.simoncor.net/ansible/ans-docker.git"
-    scm: "git"
-    version: "main"
+dependencies: []
diff --git a/playbook.yaml b/playbook.yaml
new file mode 100644
index 0000000..b0aad68
--- /dev/null
+++ b/playbook.yaml
@@ -0,0 +1,26 @@
+---
+
+# execute this role
+- name: "install and configure Pangolin"
+  hosts: "all"
+  become: true
+  tasks:
+
+    # due to semaphore bug we need to do this ourselves
+    - name: "force-update requirements"
+      ansible.builtin.command:
+        cmd: "ansible-galaxy install -f -r roles/requirements.yml"
+      become: false
+      delegate_to: "localhost"
+      changed_when: false
+      failed_when: false
+
+    # execute the role
+    - name: "execute role: docker"
+      ansible.builtin.include_role:
+        name: "docker"
+
+    # execute the role
+    - name: "execute role: pangolin"
+      ansible.builtin.include_role:
+        name: "pangolin"
diff --git a/readme.md b/readme.md
index 121b342..36ff185 100644
--- a/readme.md
+++ b/readme.md
@@ -1,3 +1,3 @@
 # Ansible Role: Pangolin
 
-Install and configure [Pangolin](https://digpangolin.com/) - a serverless web analytics tool.
+Install and configure [Pangolin](https://digpangolin.com/) - a tunneled reverse proxy for homelabs.
diff --git a/roles/requirements.yml b/roles/requirements.yml
new file mode 100644
index 0000000..388cccc
--- /dev/null
+++ b/roles/requirements.yml
@@ -0,0 +1,9 @@
+---
+
+roles:
+  - name: "docker"
+    src: "https://git.simoncor.net/ansible/docker.git"
+    scm: "git"
+  - name: "pangolin"
+    src: "https://git.simoncor.net/ansible/pangolin.git"
+    scm: "git"
diff --git a/tasks/pangolin.yaml b/tasks/pangolin.yaml
index e9fdff6..a738b24 100644
--- a/tasks/pangolin.yaml
+++ b/tasks/pangolin.yaml
@@ -29,7 +29,7 @@
     pull: "always"
     state: "started"
     name: "pangolin"
-    image: "docker.io/fosrl/pangolin:1.18.1"
+    image: "cr.simoncor.net/dockerhub/fosrl/pangolin:1.18.4"
     restart_policy: "unless-stopped"
     networks:
       - name: "pangolin"
@@ -62,7 +62,7 @@
     pull: "always"
     state: "started"
     name: "traefik"
-    image: "docker.io/library/traefik:v3.6"
+    image: "cr.simoncor.net/dockerhub/library/traefik:v3.7.0"
     restart_policy: "unless-stopped"
     networks:
       - name: "pangolin"