diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 500a8c81c..877054e05 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -2,8 +2,9 @@
 ARG PYTHON_VERSION=3.13
 FROM mcr.microsoft.com/devcontainers/python:1-${PYTHON_VERSION}
 
-RUN  apt-get update \
+RUN apt-get update \
     && apt-get install -y --no-install-recommends \
     libssh-dev
 
-
+COPY requirements.txt requirements.txt
+RUN pip3 install --no-cache-dir -r requirements.txt
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 000b31aff..f09159b18 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,6 +1,7 @@
 {
     "name": "ansible-playbooks",
     "build": {
+        "context": "..",
         "dockerfile": "Dockerfile"
     },
     "customizations": {
diff --git a/.devcontainer/post-create-command.sh b/.devcontainer/post-create-command.sh
index 003978033..77ee20399 100755
--- a/.devcontainer/post-create-command.sh
+++ b/.devcontainer/post-create-command.sh
@@ -1,8 +1,10 @@
 #!/usr/bin/env sh
 
-set -eu
-
-pip3 install --no-cache-dir -r requirements.txt
+set -e
 
 ansible-galaxy collection install --upgrade -r requirements.yml
 ansible-galaxy role install --force-with-deps -p external_roles -r requirements.yml
+
+if [ -z "${CI}" ]; then
+    ansible-playbook plays/kairos/get_kubeconfig.yml
+fi
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 2c6c53903..aed111a30 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,6 +12,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Run Lint checks
-        run: |
-          ./earthly.sh +lint
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2 
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Pre-build image and run lint in dev container
+        uses: devcontainers/ci@v0.3.1900000349
+        with:
+          cacheFrom: ghcr.io/${{ github.repository }}-devcontainer
+          env: |
+            CI=1
+          imageName: ghcr.io/${{ github.repository }}-devcontainer
+          push: filter
+          refFilterForPush: refs/heads/main
+          runCmd: earthly +lint
diff --git a/plays/kairos/get_kubeconfig.yml b/plays/kairos/get_kubeconfig.yml
new file mode 100644
index 000000000..c27da3719
--- /dev/null
+++ b/plays/kairos/get_kubeconfig.yml
@@ -0,0 +1,23 @@
+---
+- hosts: kairos_controlplane
+  gather_facts: false
+  order: sorted
+  tasks:
+    - name: Grab k3s config
+      ansible.builtin.slurp:
+        src: /etc/rancher/k3s/k3s.yaml
+      become: true
+      register: remote_config
+    - name: Ensure .kube exists
+      ansible.builtin.file:
+        mode: u+rwx,go+rx
+        path: ~/.kube
+        state: directory
+      delegate_to: localhost
+    - name: Generate local config
+      ansible.builtin.copy:
+        content: "{{ remote_config['content'] | b64decode | replace('127.0.0.1', vip )}}"
+        dest: ~/.kube/config
+      delegate_to: localhost
+      vars:
+        vip: "{{ hostvars[inventory_hostname].k3s_controlplane_san | first }}"