Initial commit: Ansible infrastructure automation

- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

cloud-init-user-data.yaml

@@ -0,0 +1,73 @@
+#cloud-config
+hostname: debian
+fqdn: debian.localdomain
+manage_etc_hosts: true
+
+# Create ansible user
+users:
+  - name: ansible
+    groups: sudo
+    shell: /bin/bash
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian
+
+# Set root password
+chpasswd:
+  list: |
+    root:kpKzCuawxG3VFqOx0dEXrpRhbu/uNbdeu27GovG9IUU=
+  expire: False
+
+# SSH configuration
+ssh_pwauth: true
+disable_root: false
+
+# Package installation
+packages:
+  - sudo
+  - vim
+  - htop
+  - tmux
+  - curl
+  - wget
+  - rsync
+  - git
+  - python3
+  - python3-pip
+  - jq
+  - bc
+  - aide
+  - auditd
+  - chrony
+  - ufw
+
+# Configure SSH
+write_files:
+  - path: /etc/ssh/sshd_config.d/99-security.conf
+    content: |
+      PermitRootLogin yes
+      PasswordAuthentication yes
+      PubkeyAuthentication yes
+    permissions: '0644'
+  - path: /etc/sudoers.d/ansible
+    content: |
+      ansible ALL=(ALL) NOPASSWD:ALL
+    permissions: '0440'
+
+# Run commands
+runcmd:
+  - systemctl enable ssh
+  - systemctl restart ssh
+  - systemctl enable chrony
+  - systemctl start chrony
+
+# Enable services
+packages_update: true
+packages_upgrade: true
+
+# Set timezone
+timezone: UTC
+
+# Enable logging
+output:
+  all: '| tee -a /var/log/cloud-init-output.log'