diff --git a/base-setup.yml b/base-setup.yml
new file mode 100644
index 0000000..64655ac
--- /dev/null
+++ b/base-setup.yml
@@ -0,0 +1,5 @@
+- name: Base role deployment playbook
+  hosts: all
+  remote_user: user
+  roles:
+    - base
\ No newline at end of file
diff --git a/roles/base/README.md b/roles/base/README.md
new file mode 100644
index 0000000..894f0e6
--- /dev/null
+++ b/roles/base/README.md
@@ -0,0 +1,12 @@
+## Base role for Ansible
+
+### Prerequisites: 
+    * Ansible must be installed
+    * community.general collection must be installed
+    * `ansible-galaxy collection install community.general`
+
+The **files** subfolder should contain the `authorized_keys` file which contains ssh keys to be copied to target host. The **inventory** subfolder should contain the `hosts` inventory file. There is an example `hosts` file in the repo. You need to edit it.
+
+The `base-setup.yml` file in the root directory of this repo contains the playbook to run this role. You need to edit it and specify the user for connections.
+
+**Usage**: `ansible-playbook base-setup.yml -i roles/base/inventory`
\ No newline at end of file
diff --git a/roles/base/files/authorized_keys b/roles/base/files/authorized_keys
new file mode 100644
index 0000000..e69de29
diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml
new file mode 100644
index 0000000..b04a143
--- /dev/null
+++ b/roles/base/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart ssh
+  service: name=ssh state=restarted
\ No newline at end of file
diff --git a/roles/base/inventory/hosts b/roles/base/inventory/hosts
new file mode 100644
index 0000000..83342d7
--- /dev/null
+++ b/roles/base/inventory/hosts
@@ -0,0 +1,3 @@
+[all]
+# IPv4
+0.0.0.0		ansible_connection=ssh
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
new file mode 100644
index 0000000..5c29020
--- /dev/null
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install Zsh
+  apt: name=zsh state=latest
+
+- name: Install Git
+  apt: name=git state=latest
+
+- name: Install Oh-my-zsh
+  ansible.builtin.shell: wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -
+  args:
+    executable: /bin/sh
+
+- name: "Create root user's .ssh directory"
+  file:
+    path: /root/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Copy authorized_keys for SSH
+  copy: 
+    src: authorized_keys
+    dest: /root/.ssh/authorized_keys
+    owner: root
+    group: root
+    mode: 0600
+
+- name: Disabe SSH password authentication
+  ansible.builtin.shell: |
+    sed -i 's/^#PasswordAuthentication/PasswordAuthentication/g' /etc/ssh/sshd_config
+    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+  args:
+    executable: /bin/sh
+
+- name: Configure the kernel to keep connections alive when enabling the firewall
+  sysctl:
+    name: net.netfilter.nf_conntrack_tcp_be_liberal
+    value: 1
+    state: present
+    sysctl_set: yes
+    reload: yes
+
+- name: Allow access to port 22
+  community.general.ufw:
+    rule: allow
+    port: '22'
+    direction: in
+
+- name: Deny all incoming traffic and enable UFW
+  community.general.ufw:
+    state: enabled
+    policy: deny