diff --git a/server/ctrladmin/ctrl.go b/server/ctrladmin/ctrl.go
index 3a7e88d..2acaac9 100644
--- a/server/ctrladmin/ctrl.go
+++ b/server/ctrladmin/ctrl.go
@@ -132,6 +132,7 @@ type Response struct {
 	err  string
 }
 
+//nolint:gocognit
 func (c *Controller) H(h adminHandler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		resp := h(r)
diff --git a/server/ctrladmin/ctrl_test.go b/server/ctrladmin/ctrl_test.go
index 3b6684f..09fa916 100644
--- a/server/ctrladmin/ctrl_test.go
+++ b/server/ctrladmin/ctrl_test.go
@@ -28,6 +28,7 @@ func TestFirstExisting(t *testing.T) {
 		},
 	}
 	for _, tc := range cases {
+		tc := tc // pin
 		t.Run(tc.name, func(t *testing.T) {
 			actu := firstExisting(tc.or, tc.values...)
 			if actu != tc.exp {
diff --git a/server/ctrladmin/handlers.go b/server/ctrladmin/handlers.go
index b32724d..c930dac 100644
--- a/server/ctrladmin/handlers.go
+++ b/server/ctrladmin/handlers.go
@@ -73,8 +73,7 @@ func (c *Controller) ServeChangeOwnPassword(r *http.Request) *Response {
 func (c *Controller) ServeChangeOwnPasswordDo(r *http.Request) *Response {
 	passwordOne := r.FormValue("password_one")
 	passwordTwo := r.FormValue("password_two")
-	err := validatePasswords(passwordOne, passwordTwo)
-	if err != nil {
+	if err := validatePasswords(passwordOne, passwordTwo); err != nil {
 		return &Response{
 			redirect: r.Referer(),
 			flashW:   []string{err.Error()},
@@ -145,8 +144,7 @@ func (c *Controller) ServeChangePasswordDo(r *http.Request) *Response {
 	username := r.URL.Query().Get("user")
 	passwordOne := r.FormValue("password_one")
 	passwordTwo := r.FormValue("password_two")
-	err := validatePasswords(passwordOne, passwordTwo)
-	if err != nil {
+	if err := validatePasswords(passwordOne, passwordTwo); err != nil {
 		return &Response{
 			redirect: r.Referer(),
 			flashW:   []string{err.Error()},
@@ -220,8 +218,7 @@ func (c *Controller) ServeCreateUserDo(r *http.Request) *Response {
 		Name:     username,
 		Password: passwordOne,
 	}
-	err = c.DB.Create(&user).Error
-	if err != nil {
+	if err := c.DB.Create(&user).Error; err != nil {
 		return &Response{
 			redirect: r.Referer(),
 			flashW:   []string{fmt.Sprintf("could not create user `%s`: %v", username, err)},