Update docs for Ansible hardening roles

infra-run/ansible/roles/README.md

@@ -1,6 +1,6 @@
 # infra-run/ansible/roles
 
-This folder is reserved for reusable Ansible roles. Roles make it possible to organize configuration logic into predictable, testable units that can be shared across playbooks.
+This folder contains reusable Ansible roles. Roles organize configuration logic into predictable, testable units that can be shared across playbooks.
 
 ## Diagram
 
@@ -10,9 +10,18 @@ flowchart TD
   A --> C["monitoring"]
   A --> D["storage"]
   A --> E["security"]
+  E --> E1["cis-rhel9-hardening"]
+  E --> E2["cis-debian-ubuntu-hardening"]
+  E --> E3["cis-aix7-hardening"]
 ```
 
+## Current Roles
+
+- `cis-rhel9-hardening` - CIS-inspired RHEL 9 baseline with package, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
+- `cis-debian-ubuntu-hardening` - CIS-inspired Debian 13 and Ubuntu 26.04 baseline with apt, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
+- `cis-aix7-hardening` - CIS-inspired IBM AIX 7 baseline with SSH, sudo, audit, logging, cron, user, password, network, filesystem, service, and validation tasks.
+
 ## Notes
 
-- The role layout is not yet populated, but the structure is in place for future automation modules.
-- Keeping a README here documents intent even before role code exists.
+- Each role includes defaults, task includes, handlers where needed, and role-specific README guidance.
+- The hardening content is sanitized for portfolio use and should be reviewed against site policy before production use.