diff --git a/.golangci.yaml b/.golangci.yaml
index 9b1e2389..b4ad0892 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -25,6 +25,9 @@ linters:
     - godox
     - ireturn
 
+    # In progress
+    - gocritic
+
     # We should strive to enable these:
     - testpackage
     - stylecheck
@@ -34,7 +37,6 @@ linters:
     - forcetypeassert
     - errname
     - gosec
-    - gocritic
     - forbidigo
     - dupl
     - varnamelen
diff --git a/acls.go b/acls.go
index 994b8963..fdcb0983 100644
--- a/acls.go
+++ b/acls.go
@@ -264,7 +264,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) {
 	ports := []tailcfg.PortRange{}
 	for _, p := range strings.Split(s, ",") {
 		rang := strings.Split(p, "-")
-		if len(rang) == 1 {
+		switch len(rang) {
+		case 1:
 			pi, err := strconv.ParseUint(rang[0], BASE_10, BIT_SIZE_16)
 			if err != nil {
 				return nil, err
@@ -273,7 +274,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) {
 				First: uint16(pi),
 				Last:  uint16(pi),
 			})
-		} else if len(rang) == EXPECTED_TOKEN_ITEMS {
+
+		case EXPECTED_TOKEN_ITEMS:
 			start, err := strconv.ParseUint(rang[0], BASE_10, BIT_SIZE_16)
 			if err != nil {
 				return nil, err
@@ -286,7 +288,8 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) {
 				First: uint16(start),
 				Last:  uint16(last),
 			})
-		} else {
+
+		default:
 			return nil, errorInvalidPortFormat
 		}
 	}
diff --git a/acls_types.go b/acls_types.go
index 63f79ba0..8611d905 100644
--- a/acls_types.go
+++ b/acls_types.go
@@ -56,7 +56,7 @@ func (h *Hosts) UnmarshalJSON(data []byte) error {
 	}
 	for k, v := range hs {
 		if !strings.Contains(v, "/") {
-			v = v + "/32"
+			v += "/32"
 		}
 		prefix, err := netaddr.ParseIPPrefix(v)
 		if err != nil {
diff --git a/app.go b/app.go
index 5b732d56..af51efd2 100644
--- a/app.go
+++ b/app.go
@@ -345,10 +345,10 @@ func (h *Headscale) grpcAuthenticationInterceptor(ctx context.Context,
 		"Authentication is not implemented yet",
 	)
 
-	//if strings.TrimPrefix(token, AUTH_PREFIX) != a.Token {
-	//	log.Error().Caller().Str("client_address", p.Addr.String()).Msg("invalid token")
-	//	return ctx, status.Error(codes.Unauthenticated, "invalid token")
-	//}
+	// if strings.TrimPrefix(token, AUTH_PREFIX) != a.Token {
+	// 	log.Error().Caller().Str("client_address", p.Addr.String()).Msg("invalid token")
+	// 	return ctx, status.Error(codes.Unauthenticated, "invalid token")
+	// }
 
 	// return handler(ctx, req)
 }
@@ -604,12 +604,14 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
 			Email: h.cfg.ACMEEmail,
 		}
 
-		if h.cfg.TLSLetsEncryptChallengeType == "TLS-ALPN-01" {
+		switch h.cfg.TLSLetsEncryptChallengeType {
+		case "TLS-ALPN-01":
 			// Configuration via autocert with TLS-ALPN-01 (https://tools.ietf.org/html/rfc8737)
 			// The RFC requires that the validation is done on port 443; in other words, headscale
 			// must be reachable on port 443.
 			return m.TLSConfig(), nil
-		} else if h.cfg.TLSLetsEncryptChallengeType == "HTTP-01" {
+
+		case "HTTP-01":
 			// Configuration via autocert with HTTP-01. This requires listening on
 			// port 80 for the certificate validation in addition to the headscale
 			// service, which can be configured to run on any other port.
@@ -620,7 +622,8 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
 			}()
 
 			return m.TLSConfig(), nil
-		} else {
+
+		default:
 			return nil, errors.New("unknown value for TLSLetsEncryptChallengeType")
 		}
 	} else if h.cfg.TLSCertPath == "" {
diff --git a/oidc.go b/oidc.go
index aea89e20..c77a249e 100644
--- a/oidc.go
+++ b/oidc.go
@@ -136,11 +136,11 @@ func (h *Headscale) OIDCCallback(c *gin.Context) {
 	}
 
 	// TODO: we can use userinfo at some point to grab additional information about the user (groups membership, etc)
-	//userInfo, err := oidcProvider.UserInfo(context.Background(), oauth2.StaticTokenSource(oauth2Token))
-	//if err != nil {
-	//	c.String(http.StatusBadRequest, fmt.Sprintf("Failed to retrieve userinfo: %s", err))
-	//	return
-	//}
+	// userInfo, err := oidcProvider.UserInfo(context.Background(), oauth2.StaticTokenSource(oauth2Token))
+	// if err != nil {
+	// 	c.String(http.StatusBadRequest, fmt.Sprintf("Failed to retrieve userinfo: %s", err))
+	// 	return
+	// }
 
 	// Extract custom claims
 	var claims IDTokenClaims
diff --git a/sharing_test.go b/sharing_test.go
index 7d63a745..395b8336 100644
--- a/sharing_test.go
+++ b/sharing_test.go
@@ -6,7 +6,7 @@ import (
 
 func CreateNodeNamespace(
 	c *check.C,
-	namespace, node, key, IP string,
+	namespace, node, key, ip string,
 ) (*Namespace, *Machine) {
 	n1, err := h.CreateNamespace(namespace)
 	c.Assert(err, check.IsNil)
@@ -26,7 +26,7 @@ func CreateNodeNamespace(
 		NamespaceID:    n1.ID,
 		Registered:     true,
 		RegisterMethod: "authKey",
-		IPAddress:      IP,
+		IPAddress:      ip,
 		AuthKeyID:      uint(pak1.ID),
 	}
 	h.db.Save(m1)