diff --git a/deploy.yml b/deploy.yml
index 85d3e13..952cfcd 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -2,3 +2,5 @@
   hosts: snitch
   become: yes
   become_method: doas
+  roles:
+    - basic
diff --git a/roles/basic/files/doas.conf b/roles/basic/files/doas.conf
new file mode 100644
index 0000000..96cf24d
--- /dev/null
+++ b/roles/basic/files/doas.conf
@@ -0,0 +1 @@
+permit nopass keepenv :wheel
diff --git a/roles/basic/files/public_keys/yubikey b/roles/basic/files/public_keys/yubikey
new file mode 100644
index 0000000..151116c
--- /dev/null
+++ b/roles/basic/files/public_keys/yubikey
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaiwmnSKC4DpznZlode1987DvGVLWqkvDZXZ6ey/LOZhRHvNnr5lP4Ke034R17mHHuTlzzuTKUKTN6JcIxBURGUwjWgNQO5z+7SapdOvPpw7M8wOlgp92CbIMiE/tReNbUi2e584Y5NR4tMCQm+FPvQ7c7nY/WoxJ6VSiKBbXzN+IrB9H6ZAVyfAlzHpxhwXeuP5xFwTtapzyzyc4phvuIhbXUc9NOZHXwoAR2La/0TVOgDyktEmCq6aGet03Azz6KPRptdnf4g9V3u8YivccXfd9WTrJr9fj1fWjDU9bBKVU6GtdcSwfqKwa6X4sQIZfONKvVEfqbIIEB70FsXHcdfnm3EN5L1PWbC441Q8bB1zvu/GnlXTlxDFmzByxnbLWTSPLuQyKq5sv9va8Jl9QEVpS3qWJbPHYBTevgboTExyLmpEfsCI+Of86Oxb8PNjyhX1/oWiy8S3w+5oQgAb+yNfSVPnX7CO4oGQhnttoXHA94LzxArYr9zZIp2asRMlc4VVWVH/jQ4FdLDjvKNARYiytOplZBPvFOHJiGb/rfjZKbMPPE+3V1WQPZ6B2nlWN5QxTpnLgTQnONr5rlSrvzFPY8BISUAYcdOCErG4agHDkHFZqWn8u+51wUZUnXo4NI+rty4Nzmc/kPfqWyv/8mSJfihidfuuHGEEzCk1qVdQ== cardno:11 073 199
diff --git a/roles/basic/tasks/main.yml b/roles/basic/tasks/main.yml
index e69de29..5d045b7 100644
--- a/roles/basic/tasks/main.yml
+++ b/roles/basic/tasks/main.yml
@@ -0,0 +1,52 @@
+- name: install python3
+  apk:
+    name: python3
+
+- name: create 'wheel' group
+  group:
+    name: wheel
+    gid: 10
+
+- name: install doas
+  apk:
+    name: doas
+
+- name: copy doas config
+  copy:
+    src: doas.conf
+    dest: /etc/doas.d/doas.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: create group 'rilla'
+  group:
+    name: rilla
+    gid: 1000
+
+- name: create user 'rilla'
+  user:
+    name: rilla
+    uid: 1000
+    group: rilla
+    home: /home/rilla
+    groups:
+      - rilla
+      - wheel
+
+- name: set rilla's authorized key
+  authorized_key:
+    user: rilla
+    key: '{{ item }}'
+    path: /home/rilla/.ssh/authorized_keys
+  with_file:
+    - public_keys/yubikey
+
+- name: commit ssh public keys with lbu
+  lbu:
+    include:
+      - /home/rilla/.ssh/authorized_keys
+
+- name: lbu commit
+  lbu:
+    commit: true