---
# Performance West — Bootstrap Security
# Run ONCE on a fresh Debian server as root to harden SSH, create deploy user, set up firewall.
#
# Usage:
#   ansible-playbook playbooks/bootstrap.yml -i inventory/bootstrap.yml
#
# After this completes, all future playbooks use inventory/hosts.yml (as deploy user).

- name: Bootstrap server security
  hosts: pw
  become: true
  roles:
    - common
    - docker