fix: rename roles to use underscores instead of hyphens which was causing the roles not to be found

roles/system_setup/README.md

@@ -0,0 +1,86 @@
+# System Setup Role
+
+Performs initial system configuration including user creation, SSH hardening, and package installation.
+
+## Features
+
+- Creates admin user with SSH key authentication
+- Hardens SSH configuration
+- Installs essential packages
+- Optional passwordless sudo
+- Optional SSH host key regeneration
+- System package updates (via system_maintenance role)
+
+## Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `username` | `admin` | Username for the admin account |
+| `password` | *required* | Password for the admin user |
+| `shell` | `/bin/bash` | Default shell for the user |
+| `passwordless_sudo` | `true` | Allow sudo without password |
+| `ssh_pubkey_file` | *required* | Path to SSH public key file |
+| `regenerate_ssh_host_keys` | `false` | Generate new SSH host keys |
+| `extra_packages` | `[sudo, vim]` | Additional packages to install |
+
+## Required Variables
+
+You must provide these variables when using this role:
+
+```yaml
+password: "your_secure_password"
+ssh_pubkey_file: "/path/to/your/public/key.pub"
+```
+
+## Usage
+
+### Basic Setup
+```yaml
+- name: Initial system setup
+  include_role:
+    name: system_setup
+  vars:
+    password: "{{ admin_password }}"
+    ssh_pubkey_file: "~/.ssh/id_rsa.pub"
+```
+
+### Custom Configuration
+```yaml
+- name: System setup with custom user
+  include_role:
+    name: system_setup
+  vars:
+    username: myuser
+    password: "{{ user_password }}"
+    shell: /bin/zsh
+    ssh_pubkey_file: "keys/mykey.pub"
+    passwordless_sudo: false
+    regenerate_ssh_host_keys: true
+    extra_packages:
+      - sudo
+      - vim
+      - htop
+      - git
+```
+
+## What It Does
+
+1. **System Updates** - Calls system_maintenance role for package updates
+2. **Package Installation** - Installs packages from `extra_packages` list
+3. **User Creation** - Creates user with password and sudo access
+4. **SSH Key Setup** - Configures authorized keys for the user
+5. **SSH Hardening** - Applies secure SSH configuration
+6. **Host Keys** - Optionally regenerates SSH host keys
+
+## Requirements
+
+- Root privileges
+- SSH public key file accessible to Ansible
+- system_maintenance role (dependency)
+
+## Security Notes
+
+- SSH configuration is hardened by default
+- Password authentication can be disabled via SSH config
+- User is added to sudo group
+- SSH host key regeneration removes old keys completely

roles/system_setup/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+username: admin
+shell: /bin/bash
+passwordless_sudo: true
+extra_packages:
+  - sudo
+  - vim
+
+regenerate_ssh_host_keys: false

roles/system_setup/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart sshd daemon
+  become: true
+  service:
+    name: sshd
+    state: restarted

roles/system_setup/tasks/extra-packages.yml

@@ -0,0 +1,5 @@
+---
+- name: Install extra packages
+  package:
+    name: "{{ extra_packages }}"
+    state: present

roles/system_setup/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+
+# Upgrade and update packages
+- include_role: 
+    name: system_maintenance
+
+# Install extra packages
+- include_tasks: extra-packages.yaml
+
+# Create a user admin account
+- include_tasks: user.yaml
+
+# Harden SSH configuration
+- include_tasks: ssh.yaml

roles/system_setup/tasks/ssh.yml

@@ -0,0 +1,32 @@
+---
+- name: Update SSH configuration for better security
+  become: true
+  template:
+    src: '../templates/sshd_config.j2'
+    dest: '/etc/ssh/sshd_config'
+    owner: root
+    mode: '0600'
+    validate: '/usr/sbin/sshd -t -f %s'
+  notify: Restart sshd daemon
+
+- name: Find all existing SSH host keys
+  find:
+    paths: '/etc/ssh'
+    patterns: "ssh_host_*_key*"
+  register: existing_ssh_host_keys
+  when: regenerate_ssh_host_keys | bool
+
+- name: Delete previous existing SSH host keys
+  become: true
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ existing_ssh_host_keys.files }}"
+  when: regenerate_ssh_host_keys | bool
+
+- name: Generate new SSH host keys
+  become: true
+  command: ssh-keygen -A
+  changed_when: true
+  when: regenerate_ssh_host_keys | bool
+  notify: Restart sshd daemon

roles/system_setup/tasks/user.yml

@@ -0,0 +1,25 @@
+---
+- name: "Create a new user {{ username }}"
+  user:
+    name: "{{ username }}"
+    password: "{{ password | password_hash('sha512') }}"
+    groups:
+      - sudo
+    shell: "{{ shell }}"
+    state: present
+    append: true
+
+- name: Allow sudo to be used without a password
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'
+  when: passwordless_sudo | bool
+
+- name: Copy over the public SSH key
+  authorized_key:
+    user: "{{ username }}"
+    state: present
+    key: "{{ lookup('file', ssh_pubkey_file) }}"  

roles/system_setup/templates/sshd_config.j2

@@ -0,0 +1,13 @@
+{{ ansible_managed | comment }}
+
+PermitRootLogin no
+PasswordAuthentication no
+PubkeyAuthentication yes
+AllowUsers admin
+
+ClientAliveInterval 300
+ClientAliveCountMax 2
+
+Protocol 2
+
+X11Forwarding no