diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..0043958
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,115 @@
+---
+# =============================================================================
+# Ansible Lint Configuration
+# =============================================================================
+#
+# This file configures ansible-lint for code quality checks.
+#
+# Run with:
+#   ansible-lint                    # Lint all files
+#   ansible-lint site.yml           # Lint specific playbook
+#   ansible-lint roles/role_name/   # Lint specific role
+#
+# =============================================================================
+
+# Use production profile for strict checking
+profile: production
+
+# Exclude paths
+exclude_paths:
+  - .cache/
+  - .git/
+  - .github/
+  - molecule/
+  - secrets/
+  - stats/
+  - inventories/*/host_vars/
+  - inventories/*/group_vars/all/vault.yml
+  - '*.vault'
+  - '*.example'
+  - tests/
+
+# Skip specific rules
+skip_list:
+  # Allow latest for security packages (automatic updates)
+  - package-latest
+
+  # Allow risky-file-permissions for specific cases
+  # (we use explicit permissions in our roles)
+  # - risky-file-permissions
+
+# Warn on these rules instead of failing
+warn_list:
+  - experimental
+  - no-changed-when
+  - command-instead-of-module
+  - command-instead-of-shell
+
+# Enable offline mode (don't check for new rules)
+offline: false
+
+# Strict mode - treat warnings as errors
+# strict: true
+
+# Mock modules and roles for linting
+mock_modules:
+  - community.general.nmcli
+  - community.general.lvol
+  - community.general.lvg
+  - community.libvirt.virt
+
+mock_roles:
+  - common
+  - security_baseline
+
+# Enable progressive mode (incrementally adopt new rules)
+progressive: false
+
+# Configure specific rules
+kinds:
+  - yaml: "**/*.yaml"
+  - yaml: "**/*.yml"
+  - playbook: "**/playbooks/*.yml"
+  - playbook: "**/plays/*.yml"
+  - playbook: "site.yml"
+  - tasks: "**/tasks/*.yml"
+  - vars: "**/vars/*.yml"
+  - meta: "**/meta/*.yml"
+  - requirements: "**/requirements.yml"
+  - handlers: "**/handlers/*.yml"
+  - galaxy: "**/galaxy.yml"
+
+# =============================================================================
+# Rule Configuration
+# =============================================================================
+
+# Ignore line length for specific patterns
+# rules:
+#   line-length:
+#     max: 160
+#     allow-filter: true
+
+# =============================================================================
+# Usage Examples
+# =============================================================================
+#
+# Lint entire project:
+#   ansible-lint
+#
+# Lint specific playbook:
+#   ansible-lint site.yml
+#   ansible-lint playbooks/security_audit.yml
+#
+# Lint specific role:
+#   ansible-lint roles/system_info/
+#
+# Auto-fix issues (where possible):
+#   ansible-lint --fix
+#
+# List all rules:
+#   ansible-lint -L
+#
+# Show rule documentation:
+#   ansible-lint -T
+#
+# =============================================================================