Add Ansible playbooks, inventory, and scripts for initial setup

Includes:
- `bootstrap-debian13.yml` for system setup and user configuration
- `firewall-iptables.yml` for IPv4 firewall management
- `run-playbook.sh` and `check.sh` scripts for playbook execution and validation
- `inventory.ini` for host definitions
- Template for iptables rules at `templates/iptables/rules.v4.j2`
- `README.md` with usage instructions

bootstrap-debian13.yml

@@ -0,0 +1,82 @@
+---
+- name: Finlog Bootstrap
+  hosts: finlog_dev
+  become: true
+  gather_facts: false
+  collections:
+    - ansible.posix
+
+  vars:
+    dev_user: "bummsa"
+    dev_user_pubkey: "{{ lookup('file', '~/.ssh/finlog-bummsa.pub') }}"
+
+    base_packages:
+      - sudo
+      - vim
+      - htop
+      - curl
+      - wget
+      - git
+      - unzip
+      - ca-certificates
+      - gnupg
+      - lsb-release
+      - openssh-server
+      - iptables
+      - iptables-persistent
+      - netfilter-persistent
+
+  tasks:
+    - name: Update apt cache
+      become: true
+      ansible.builtin.apt:
+        update_cache: yes
+
+    - name: Install base packages
+      ansible.builtin.apt:
+        name: "{{ base_packages }}"
+        state: present
+
+    - name: Create dev user
+      ansible.builtin.user:
+        name: "{{ dev_user }}"
+        shell: /bin/bash
+        create_home: yes
+        groups: sudo
+        append: yes
+
+    - name: Ensure /etc/sudoers.d directory exists
+      ansible.builtin.file:
+        path: /etc/sudoers.d
+        state: directory
+        mode: '0750'
+        owner: root
+        group: root
+
+    - name: Add passwordless sudo for dev user
+      ansible.builtin.copy:
+        dest: "/etc/sudoers.d/{{ dev_user }}"
+        content: "{{ dev_user }} ALL=(ALL) NOPASSWD:ALL\n"
+        owner: root
+        group: root
+        mode: '0440'
+        validate: '/usr/sbin/visudo -cf %s'
+
+    - name: Add SSH key for dev user
+      ansible.posix.authorized_key:
+        user: "{{ dev_user }}"
+        key: "{{ dev_user_pubkey }}"
+        state: present
+        path: "/home/{{ dev_user }}/.ssh/authorized_keys"
+      when: not ansible_check_mode
+
+    - name: Show what would be done for SSH key in check mode
+      ansible.builtin.debug:
+        msg: "Would add SSH key to /home/{{ dev_user }}/.ssh/authorized_keys"
+      when: ansible_check_mode
+
+    - name: Upgrade system packages
+      ansible.builtin.apt:
+        upgrade: dist
+        autoremove: yes
+        autoclean: yes