diff --git a/initial_install/playbook.yml b/initial_install/playbook.yml
new file mode 100644
index 0000000..d851619
--- /dev/null
+++ b/initial_install/playbook.yml
@@ -0,0 +1,35 @@
+---
+- name: Baseline system setup
+  hosts: all
+  become: true
+
+  roles:
+    - role: baseline_sudo
+      tags: sudo
+
+    - role: users
+      tags: users
+
+# ==============================
+# FREEIPA / SSSD (optional)
+# ==============================
+
+- name: FreeIPA client setup
+  hosts: all
+  become: true
+  tags: never,sssd
+
+  roles:
+    - role: freeipa_client
+
+# ==============================
+# SSH HARDENING (run last!)
+# ==============================
+
+- name: SSH hardening
+  hosts: all
+  become: true
+  tags: never,hardening
+
+  roles:
+    - role: ssh_hardening
\ No newline at end of file