diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..2ccb6df
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,66 @@
+---
+name: CI
+
+on:
+  push:
+  pull_request:
+
+env:
+  galaxy-name: "cvmfs_contrib.cvmfs_client"
+
+jobs:
+
+  molecule:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        distro:
+        - centos8
+        - ubuntu2004
+      fail-fast: false
+
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+        path: ${{ env.galaxy-name }}
+
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+
+    - name: Upgrade pip
+      run: |
+        pip install --upgrade pip wheel
+        pip --version
+
+    - name: Install requirements
+      run: |
+        pip install --use-feature=2020-resolver -r requirements.txt
+      working-directory: ${{ env.galaxy-name }}
+
+    # See https://github.com/geerlingguy/raspberry-pi-dramble/issues/166
+    - name: Force GitHub Actions' docker daemon to use vfs.
+      run: |
+        sudo systemctl stop docker
+        echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' | sudo tee /etc/docker/daemon.json
+        sudo systemctl start docker
+
+    - name: Run molecule
+      run: molecule test
+      working-directory: ${{ env.galaxy-name }}
+      env:
+        MOLECULE_DISTRO: ${{ matrix.distro }}
+
+  # release:
+  #   name: Publish to ansible-galaxy
+  #   if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags')
+  #   needs: [pre-commit, molecule]
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - uses: actions/checkout@v2
+  #   - uses: robertdebock/galaxy-action@1.0.3
+  #     with:
+  #       galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}
diff --git a/defaults/main.yml b/defaults/main.yml
index 5866d0f..645e851 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -30,7 +30,7 @@ cvmfs_force_unmount: false
 # according to cvmfs_client_pv_name, cvmfs_client_vg_name, and
 # cvmfs_client_lv_name as described below. If false, you will need to
 # configure the cache storage yourself instead, and also ensure it is the required size.
-cvmfs_client_configure_storage: true
+cvmfs_client_configure_storage: false
 
 # If this block device name is defined, then a volume group, logical volume, and filesystem will be created on it.
 # If it is not defined, then a volume group is assumed to already exist and will be used instead.
diff --git a/meta/main.yml b/meta/main.yml
index b15b917..a7c0999 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -51,6 +51,10 @@ galaxy_info:
     versions:
     - 6
     - 7
+    - 8
+  - name: Ubuntu
+    versions:
+    - bionic
 
   galaxy_tags: []
     # List tags for your role here, one per line. A tag is a keyword that describes
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000..904f113
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,18 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  pre_tasks:
+  - name: Update apt cache.
+    apt: update_cache=yes cache_valid_time=600
+    when: ansible_os_family == 'Debian'
+
+  roles:
+  - role: cvmfs_contrib.cvmfs_client
+    vars:
+      cvmfs_client_configure_storage: false
+      cvmfs_cache_size: "1000"  # small cache size for CI
+      cvmfs_http_proxy: "DIRECT"
+      cvmfs_configuration:
+      - "cvmfs-config-computecanada"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..fa916a5
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,19 @@
+---
+dependency:
+  name: galaxy
+  options:
+    role-file: ansible-role-requirements.yml
+driver:
+  name: docker
+platforms:
+- name: instance
+  image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest"
+  command: ${MOLECULE_DOCKER_COMMAND:-""}
+  volumes:
+  - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  privileged: true
+  pre_build_image: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: converge.yml
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
new file mode 100644
index 0000000..754eb99
--- /dev/null
+++ b/molecule/default/verify.yml
@@ -0,0 +1,8 @@
+---
+- name: Verify
+  hosts: all
+  become: true
+
+  tasks:
+  - name: Test loading the Compute Canda module environment
+    shell: source /cvmfs/soft.computecanada.ca/config/profile/bash.sh
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..07e9196
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,4 @@
+# for running tests
+molecule[docker]~=3.3.0
+docker~=4.4.4
+ansible~=4.8.0
diff --git a/tasks/config.yml b/tasks/config.yml
index 9af603d..4f48067 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -8,6 +8,7 @@
     owner: "root"
     group: "root"
     mode: "0644"
+  register: cvmfs_config_file
 
 - name: Set autofs timeout
   ansible.builtin.lineinfile:
@@ -27,3 +28,8 @@
     state: "{% if not cvmfs_auto_setup %}mounted{% elif cvmfs_force_unmount %}absent{% endif %}"
   when: (not cvmfs_auto_setup) or (cvmfs_force_unmount)
   loop: "{{ cvmfs_repositories }}"
+
+# cvmfs-auto-setup package not available for Debian so we have to run it manually...
+- name: Configure AutoFS
+  command: cvmfs_config setup
+  when: cvmfs_config_file.changed and ansible_os_family == 'Debian'  
\ No newline at end of file
diff --git a/tasks/debian.yml b/tasks/debian.yml
new file mode 100644
index 0000000..7864028
--- /dev/null
+++ b/tasks/debian.yml
@@ -0,0 +1,64 @@
+# The CERNVM GPG key is the trust anchor for the secure installation of the CVMFS client.
+#
+# The Compute Canada CVMFS GPG key is the trust anchor for the secure distribution of the Compute Canada software stack (and other content), as follows:
+#	- the Compute Canada CVMFS GPG key verifies the authenticity of the computecanada-release RPM
+#	- the computecanada-release configures an apt repository which distributes the cvmfs-config-computecanada deb
+#	- the cvmfs-config-computecanada deb contains the public CVMFS key for the cvmfs-config.computecanada.ca CVMFS configuration repository
+#	- the CVMFS configuration repository contains the public CVMFS keys for all other Compute Canada CVMFS repositories
+#	- the other CVMFS repositories contain all Compute Canada software (and other content)
+
+- name: Install gpg agent
+  apt:
+    name: ['gpg-agent']
+
+- name: Install CernVM GPG key
+  apt_key:
+    url: https://cvmrepo.web.cern.ch/cvmrepo/apt/cernvm.gpg
+    state: present
+    validate_certs: yes
+
+# Also available at https://git.computecanada.ca/cc-cvmfs-public/cvmfs-config/raw/master/RPM-GPG-KEY-CC-CVMFS-1
+- name: Install Compute Canada CVMFS GPG key
+  apt_key:
+    url: https://package.computecanada.ca/yum/cc-cvmfs-public/RPM-GPG-KEY-CC-CVMFS-1
+    state: present
+    validate_certs: yes
+  when: '"cvmfs-config-computecanada" in cvmfs_configuration'
+
+# Target hosts will need internet access anyway to install the actual packages via apt, so we might as well
+# install the apt config from the internet as well - if a version is not already installed.
+# There is no benefit to abstracting this with the apt_repository module, and doing so would break idempotence
+# because these packages update themselves via their own apt repositories.
+
+- name: Install CernVM apt repository
+  apt:
+    deb: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest_all.deb
+    state: present
+  when: ansible_facts.packages['cvmfs-release'] is not defined
+
+# Todo: repository configuration for apt missing
+# - name: Install Compute Canada apt repository
+#   apt:
+#     name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/other/computecanada-release-latest.noarch.rpm
+#     state: present
+#     validate_certs: yes
+#   when:
+#     - '"cvmfs-config-computecanada" in cvmfs_configuration'
+#     - ansible_facts.packages['computecanada-release'] is not defined
+
+# This task can be removed once the Compute Canada apt repository is configured
+- name: Workaround - install compute canada config package directly from URL
+  apt:
+    deb: "https://package.computecanada.ca/yum/cc-cvmfs-public/prod/other/cvmfs-config-computecanada-latest.all.deb"
+    update_cache: true
+  when:
+  - '"cvmfs-config-computecanada" in cvmfs_configuration'
+
+- name: Install other prerequisite packages
+  apt:
+    name: ['lvm2']
+  when: cvmfs_client_configure_storage | bool
+
+- name: Install CVMFS client and configuration packages
+  apt:
+    name: "['cvmfs'] + {{ cvmfs_configuration }}"
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 4fb9fcd..13174a6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,12 +5,11 @@
   check_mode: no
   tags:
     - yum
+    - apt
 
-- { import_tasks: keys.yml, tags: ['cvmfs', 'keys'] }
-- { import_tasks: yum.yml, tags: ['cvmfs', 'yum'] }
 - { import_tasks: users.yml, tags: ['cvmfs', 'users'] }
 - { import_tasks: storage.yml, tags: ['cvmfs', 'storage'], when: cvmfs_client_configure_storage | bool }
-- { import_tasks: packages.yml, tags: ['cvmfs', 'packages'] }
+- { import_tasks: redhat.yml, tags: ['cvmfs', 'packages','keys','yum'], when: ansible_os_family == 'RedHat' }
+- { import_tasks: debian.yml, tags: ['cvmfs', 'packages','keys','apt'], when: ansible_os_family == 'Debian' }
 - { import_tasks: config.yml, tags: ['cvmfs', 'config'] }
 - { import_tasks: test.yml, tags: ['cvmfs', 'test'] }
-
diff --git a/tasks/packages.yml b/tasks/packages.yml
deleted file mode 100644
index aace0ca..0000000
--- a/tasks/packages.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-- name: Install CVMFS client and configuration packages
-  yum:
-    name: "['cvmfs'] + {{ cvmfs_auto_setup_package }} + {{ cvmfs_configuration }}"
-  vars:
-    cvmfs_auto_setup_package: "{{ ['cvmfs-auto-setup'] if cvmfs_auto_setup|bool else [] }}"
diff --git a/tasks/keys.yml b/tasks/redhat.yml
similarity index 52%
rename from tasks/keys.yml
rename to tasks/redhat.yml
index fc5f80f..9bca6f6 100644
--- a/tasks/keys.yml
+++ b/tasks/redhat.yml
@@ -24,3 +24,35 @@
     validate_certs: yes
     fingerprint: "C0C4 0F04 70A3 6AF2 7CC4  4D5A 3B9F C55A CF21 4CFC"
   when: '"cvmfs-config-computecanada" in cvmfs_configuration'
+
+# Target hosts will need internet access anyway to install the actual packages via yum, so we might as well
+# install the yum config from the internet as well - if a version is not already installed. 
+# There is no benefit to abstracting this with the yum_repository module, and doing so would break idempotence
+# because these packages update themselves via their own yum repositories.
+
+- name: Install CernVM yum repository
+  yum:
+    name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm
+    state: present
+    validate_certs: yes
+  when: ansible_facts.packages['cvmfs-release'] is not defined
+
+- name: Install Compute Canada yum repository
+  yum:
+    name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/RPM/computecanada-release-latest.noarch.rpm
+    state: present
+    validate_certs: yes
+  when:
+    - '"cvmfs-config-computecanada" in cvmfs_configuration'
+    - ansible_facts.packages['computecanada-release'] is not defined
+
+- name: Install other prerequisite packages
+  yum:
+    name: [ 'lvm2' ]
+  when: cvmfs_client_configure_storage | bool
+
+- name: Install CVMFS client and configuration packages
+  yum:
+    name: "['cvmfs'] + {{ cvmfs_auto_setup_package }} + {{ cvmfs_configuration }}"
+  vars:
+    cvmfs_auto_setup_package: "{{ ['cvmfs-auto-setup'] if cvmfs_auto_setup|bool else [] }}"
diff --git a/tasks/test.yml b/tasks/test.yml
index fd24a41..87b2bca 100644
--- a/tasks/test.yml
+++ b/tasks/test.yml
@@ -1,5 +1,3 @@
----
-
 # TODO improve this: it may print warnings, but the output is not shown
 - name: CVMFS check setup
   command: /usr/bin/cvmfs_config chksetup
@@ -9,4 +7,3 @@
   command: /usr/bin/cvmfs_config probe
   changed_when: false
   check_mode: no
-
diff --git a/tasks/yum.yml b/tasks/yum.yml
deleted file mode 100644
index 02daba3..0000000
--- a/tasks/yum.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-
-# Target hosts will need internet access anyway to install the actual packages via yum, so we might as well
-# install the yum config from the internet as well - if a version is not already installed. 
-# There is no benefit to abstracting this with the yum_repository module, and doing so would break idempotence
-# because these packages update themselves via their own yum repositories.
-
-- name: Install CernVM yum repository
-  yum:
-    name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm
-    state: present
-    validate_certs: yes
-  when: ansible_facts.packages['cvmfs-release'] is not defined
-
-- name: Install Compute Canada yum repository
-  yum:
-    name: https://package.computecanada.ca/yum/cc-cvmfs-public/prod/RPM/computecanada-release-latest.noarch.rpm
-    state: present
-    validate_certs: yes
-  when:
-    - '"cvmfs-config-computecanada" in cvmfs_configuration'
-    - ansible_facts.packages['computecanada-release'] is not defined
-
-- name: Install other prerequisite packages
-  yum:
-    name: [ 'lvm2' ]
-  when: cvmfs_client_configure_storage | bool
-