# Bootstrap Role

## Purpose
Performs initial server setup and hardening for new Ubuntu/Debian servers.

## What It Does

### User Management
- Creates a new user account with sudo privileges (specified by `created_username` variable)
- Configures passwordless sudo for the sudo group
- Sets up SSH key authentication using your local `~/.ssh/id_ed25519.pub` key
- Disables root password authentication

### System Packages
- Installs `aptitude` for better package management
- Installs essential packages:
  - `curl` - HTTP client
  - `vim` - Text editor
  - `git` - Version control
  - `ufw` - Uncomplicated Firewall

### Security Configuration
- Configures UFW firewall to:
  - Allow SSH connections
  - Enable firewall with default deny policy
- Hardens SSH configuration

## Variables Required
- `created_username`: The username to create (typically set in bootstrap.yml)
- `tailscale_key`: Tailscale authentication key (prompted during playbook run)

## Dependencies
- Requires the `artis3n.tailscale` role for VPN setup
- Requires your SSH public key at `~/.ssh/id_ed25519.pub`

## Usage
```bash
ansible-playbook bootstrap.yml -i hosts.yml
```

This role is designed to be run once on a fresh server before deploying other services.