diff --git a/setup.yml b/setup.yml
new file mode 100644
index 0000000..068bfee
--- /dev/null
+++ b/setup.yml
@@ -0,0 +1,47 @@
+---
+- name: setup target to be managed by ansible
+  hosts: cibles
+  vars_files: vault.yml
+  tasks:
+  - name: warn people
+    ansible.builtin.lineinfile:
+      path: /etc/motd
+      create: yes
+      line: "Host is managed by ansible, manual interaction not recommended"
+      state: present
+
+  - name: history
+    ansible.builtin.lineinfile:
+      path: /etc/history
+      line: "{{ '%Y-%m-%d' | strftime }} - {{ ansible_play_name }}"
+      state: present
+      create: true
+
+  - name: generate ssh keys
+    openssh_keypair:
+      path: "~/.ssh/id_rsa"
+      size: 2048
+    delegate_to: localhost
+    become: false
+
+  - name: create account
+    ansible.builtin.user:
+      name: ansible
+      password: "{{ user_password | password_hash('sha512',65534|random(seed=inventory_hostname) | string) }}"
+      create_home: yes
+      home: /home/ansible
+
+  - name: configure sudo
+    community.general.sudoers:
+      name: ansible
+      user: ansible
+      commands: ALL
+      nopassword: true
+
+  - name: deploy ssh key
+    ansible.posix.authorized_key:
+      user: ansible
+      key: "{{ item }}"
+    loop:
+    - "{{ lookup( 'file', '~/.ssh/id_rsa.pub' ) }}"
+    - "https://infra.opendoor.fr/id_rsa.pub"
\ No newline at end of file
diff --git a/vault.yml b/vault.yml
new file mode 100644
index 0000000..40110cd
--- /dev/null
+++ b/vault.yml
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+38663233323664326633393063353933623264353966373863626337383263616362366263353936
+6435313064636333626536323137663131373164666163630a316230386638343731363635623861
+62333063353330326335336166346465333134636232386564643132646238643466383165393563
+6434326635666461650a613766653565633132663231623635633238323562366135303934353630
+38346266386338663533306562633231653335663365656464663131313738633730