# infra-run/ansible/roles

This folder contains reusable Ansible roles. Roles organize configuration logic into predictable, testable units that can be shared across playbooks.

## Diagram

```mermaid
flowchart TD
  A["roles"] --> B["common"]
  A --> C["monitoring"]
  A --> D["storage"]
  A --> E["security"]
  E --> E1["cis-rhel9-hardening"]
  E --> E2["cis-debian-ubuntu-hardening"]
  E --> E3["cis-aix7-hardening"]
```

## Current Roles

- `cis-rhel9-hardening` - CIS-inspired RHEL 9 baseline with package, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
- `cis-debian-ubuntu-hardening` - CIS-inspired Debian 13 and Ubuntu 26.04 baseline with apt, service, SSH, sudo, sysctl, audit, logging, filesystem, and validation tasks.
- `cis-aix7-hardening` - CIS-inspired IBM AIX 7 baseline with SSH, sudo, audit, logging, cron, user, password, network, filesystem, service, and validation tasks.

## Notes

- Each role includes defaults, task includes, handlers where needed, and role-specific README guidance.
- The hardening content is sanitized for portfolio use and should be reviewed against site policy before production use.