diff --git a/meta/main.yml b/meta/main.yml
index 0f3be65..62e54a9 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,6 +2,8 @@
 
 galaxy_info:
   author: Emilien Mantel
+  namespace: hanxhx
+  role_name: nginx
   description: Nginx for Debian / FreeBSD
   company:
   license: GPLv2
diff --git a/tasks/config.yml b/tasks/config.yml
index df19f13..0eb75bf 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -4,12 +4,18 @@
   template:
     src: "etc/nginx/nginx.conf.j2"
     dest: "{{ nginx_etc_dir }}/nginx.conf"
+    mode: 0644
+    owner: root
+    group: root
   notify: reload nginx
 
 - name: TEMPLATE | Deploy all helpers
   template:
     src: "{{ item }}"
     dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}"
+    mode: 0644
+    owner: root
+    group: root
   with_fileglob: '../templates/etc/nginx/helper/*.j2'
   notify: reload nginx
 
@@ -17,6 +23,9 @@
   template:
     src: "etc/nginx/conf.d/custom.conf.j2"
     dest: "{{ nginx_etc_dir }}/conf.d/custom.conf"
+    mode: 0644
+    owner: root
+    group: root
   notify: reload nginx
 
 - name: LINEINFILE | Fix path
@@ -42,4 +51,7 @@
       load_module {{ m }};
       {% endfor %}
     dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf"
+    mode: 0644
+    owner: root
+    group: root
   notify: reload nginx
diff --git a/tasks/htpasswd.yml b/tasks/htpasswd.yml
index 24ef4c0..4c7b3ff 100644
--- a/tasks/htpasswd.yml
+++ b/tasks/htpasswd.yml
@@ -13,6 +13,9 @@
     name: "{{ item.1.name }}"
     password: "{{ item.1.password }}"
     path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"
+    mode: 0644
+    owner: root
+    group: root
   loop: "{{ nginx_htpasswd | subelements('users') }}"
   when: item.0.state is not defined or item.0.state == 'present'
   no_log: "{{ not nginx_debug_role }}"
diff --git a/tasks/install_FreeBSD.yml b/tasks/install_FreeBSD.yml
index b0d0568..be2c482 100644
--- a/tasks/install_FreeBSD.yml
+++ b/tasks/install_FreeBSD.yml
@@ -40,6 +40,9 @@
   file:
     path: "{{ nginx_etc_dir }}/{{ item }}"
     state: directory
+    mode: 0755
+    owner: root
+    group: root
   loop:
     - conf.d
     - sites-available
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
index cf3a8a7..5388d95 100644
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -42,3 +42,6 @@
   file:
     path: /etc/ansible/facts.d
     state: directory
+    mode: 0755
+    owner: root
+    group: root
diff --git a/tasks/site.yml b/tasks/site.yml
index eb7d4d0..42dc5e9 100644
--- a/tasks/site.yml
+++ b/tasks/site.yml
@@ -22,6 +22,9 @@
   file:
     path: "{{ nginx_root }}"
     state: directory
+    mode: 0755
+    owner: root
+    group: root
 
 - name: FILE | Create root public folders (foreach nginx_sites)
   file:
@@ -43,6 +46,9 @@
   template:
     src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
     dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
+    mode: 0644
+    owner: root
+    group: root
   notify: ['reload nginx', 'restart nginx freebsd']
   when: item.state is not defined or item.state != 'absent'
   loop: "{{ nginx_sites }}"
diff --git a/tasks/ssl/acme.yml b/tasks/ssl/acme.yml
index e18c1ff..a0ccf8b 100644
--- a/tasks/ssl/acme.yml
+++ b/tasks/ssl/acme.yml
@@ -24,6 +24,9 @@
       template:
         src: "etc/nginx/conf.d/FAKESITE.conf.j2"
         dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+        mode: 0644
+        owner: root
+        group: root
       loop: "{{ acme_create }}"
       register: fake_site
 
diff --git a/tasks/ssl/standard.yml b/tasks/ssl/standard.yml
index ebc7e5a..281f923 100644
--- a/tasks/ssl/standard.yml
+++ b/tasks/ssl/standard.yml
@@ -25,6 +25,9 @@
   copy:
     content: "{{ nginx_dh }}"
     dest: "{{ nginx_dh_path }}"
+    owner: root
+    group: root
+    mode: 0640
   when: nginx_dh is string
   notify: restart nginx
 
@@ -32,6 +35,9 @@
   file:
     path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
     state: directory
+    owner: root
+    group: root
+    mode: 0750
   loop: "{{ nginx_ssl_pairs }}"
   when: item.dest_key is not defined or item.dest_cert is not defined
   no_log: "{{ not nginx_debug_role }}"
@@ -40,6 +46,8 @@
   copy:
     content: "{{ item.key }}"
     dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
+    owner: root
+    group: root
     mode: 0640
   loop: "{{ nginx_ssl_pairs }}"
   when: item.key is defined
@@ -50,6 +58,8 @@
   copy:
     content: "{{ item.cert }}"
     dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
+    owner: root
+    group: root
     mode: 0644
   loop: "{{ nginx_ssl_pairs }}"
   when: item.cert is defined
diff --git a/tasks/upstream.yml b/tasks/upstream.yml
index fe57bb6..63e7447 100644
--- a/tasks/upstream.yml
+++ b/tasks/upstream.yml
@@ -4,12 +4,18 @@
   template:
     src: "etc/nginx/conf.d/php.conf.j2"
     dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
+    mode: 0644
+    owner: root
+    group: root
   notify: reload nginx
 
 - name: TEMPLATE | Deploy other upstreams
   template:
     src: "etc/nginx/conf.d/_upstream.conf.j2"
     dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
+    mode: 0644
+    owner: root
+    group: root
   loop: "{{ nginx_upstreams }}"
   when: item.state is not defined or item.state == 'present'
   notify: reload nginx
diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml
index 838d182..2d9b316 100644
--- a/tests/includes/pre_FreeBSD.yml
+++ b/tests/includes/pre_FreeBSD.yml
@@ -25,6 +25,7 @@
     state: present
   vars:
     packages:
+      - bash
       - curl
       - daemonize
       - fcgiwrap
diff --git a/tests/test.yml b/tests/test.yml
index fb1a414..29130b3 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -13,16 +13,25 @@
       file:
         path: "{{ int_ansible_ssl_dir }}"
         state: directory
+        mode: 0750
+        owner: root
+        group: root
 
     - name: COPY | Deploy test certificate
       copy:
         src: "file/test.crt"
         dest: "{{ int_ansible_ssl_dir }}/test.crt"
+        mode: 0640
+        owner: root
+        group: root
 
     - name: COPY | Deploy test key
       copy:
         src: "file/test.key"
         dest: "{{ int_ansible_ssl_dir }}/test.key"
+        mode: 0640
+        owner: root
+        group: root
 
     - name: COPY | Add all hosts in /etc/hosts
       copy:
@@ -39,6 +48,9 @@
           {% endif %}
           {% endfor %}
         dest: "/etc/hosts"
+        mode: 0644
+        owner: root
+        group: root
         unsafe_writes: true
 
   vars:
@@ -296,6 +308,9 @@
       copy:
         dest: "{{ nginx_root }}/{{ item }}/public/index.php"
         content: "<?php phpinfo();"
+        mode: 0644
+        owner: root
+        group: root
       loop:
         - 'test-php.local'
         - 'test-php-index.local'
@@ -305,6 +320,9 @@
       copy:
         dest: "{{ item }}/index.html"
         content: "Index HTML test OK\n"
+        mode: 0644
+        owner: root
+        group: root
       loop:
         - '{{ nginx_root }}/first-test/public'
         - '/var/tmp'
@@ -319,11 +337,17 @@
       file:
         path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
         state: directory
+        mode: 0755
+        owner: root
+        group: root
 
     - name: -- Add HTML file hello --
       copy:
         dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
         content: "hello\n"
+        mode: 0644
+        owner: root
+        group: root
 
     # --------------------------------
     # Test custom facts
@@ -512,16 +536,16 @@
     - block:
 
         - name: SHELL | Check HTTP proxy protocol
-          shell: curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
+          shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
           args:
-            executable: /bin/sh
+            executable: /bin/bash
             warn: false
           changed_when: false
 
         - name: SHELL | Check HTTPS proxy protocol
-          shell: curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
+          shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
           args:
-            executable: /bin/sh
+            executable: /bin/bash
             warn: false
           changed_when: false
 
@@ -531,8 +555,8 @@
     # Check HTTP2
     # --------------------------------
     - name: SHELL | Check HTTP2
-      shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2
+      shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
       args:
-        executable: /bin/sh
+        executable: /bin/bash
       changed_when: false
       when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules