diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index c4cde40..24267b4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,6 +10,29 @@ on:
   workflow_dispatch:
 
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          path: "${{ github.repository }}"
+      - name: molecule
+        uses: robertdebock/molecule-action@2.6.16
+        with:
+          command: lint
+  test:
+    needs:
+      - lint
+    runs-on:  ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        config:
+          - image: centos
+            tag: latest
+          - image: debian
+            tag: latest
   molecule:
     runs-on: ubuntu-latest
     steps:
@@ -20,4 +43,7 @@ jobs:
           path: "${{ github.repository }}"
 
       - name: molecule
-        uses: robertdebock/molecule-action@2.6.17
\ No newline at end of file
+        uses: robertdebock/molecule-action@2.6.17
+        with:
+          image: ${{ matrix.config.image }}
+          tag: ${{ matrix.config.tag }}
\ No newline at end of file
diff --git a/molecule/debian/converge.yml b/molecule/debian/converge.yml
deleted file mode 100644
index 934be3c..0000000
--- a/molecule/debian/converge.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-- name: Converge
-  hosts: localhost
-  connection: local
-  roles:
-    - role: ipr-cnrs.nftables
-      nft_debug: true
-      # can't remove iptables on an instance with docker
-      nft_old_pkg_manage: false
diff --git a/molecule/debian/molecule.yml b/molecule/debian/molecule.yml
deleted file mode 100644
index 4b88e40..0000000
--- a/molecule/debian/molecule.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-dependency:
-  name: galaxy
-driver:
-  name: docker
-platforms:
-  - name: instance
-    image: jrei/systemd-debian:latest
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-provisioner:
-  name: ansible
-verifier:
-  name: ansible
diff --git a/molecule/debian/verify.yml b/molecule/debian/verify.yml
deleted file mode 100644
index 79044cd..0000000
--- a/molecule/debian/verify.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# This is an example playbook to execute Ansible tests.
-
-- name: Verify
-  hosts: all
-  gather_facts: false
-  tasks:
-  - name: Example assertion
-    assert:
-      that: true
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index b61f60c..04950ba 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -2,6 +2,8 @@
 - name: Converge
   hosts: localhost
   connection: local
+  become: yes
+  gather_facts: yes
   roles:
     - role: ipr-cnrs.nftables
       nft_debug: true
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 94ad3e6..b5e2b94 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,11 +1,15 @@
 ---
 dependency:
   name: galaxy
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
 driver:
   name: docker
 platforms:
-  - name: instance
-    image: centos/systemd:latest
+  - name: "nftables-${image:-debian}-${tag:-latest}"
+    image: "${image:-debian}:${tag:-latest}"
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro