Add Ansible playbooks, inventory, and scripts for initial setup

Includes:
- `bootstrap-debian13.yml` for system setup and user configuration
- `firewall-iptables.yml` for IPv4 firewall management
- `run-playbook.sh` and `check.sh` scripts for playbook execution and validation
- `inventory.ini` for host definitions
- Template for iptables rules at `templates/iptables/rules.v4.j2`
- `README.md` with usage instructions

firewall-iptables.yml

@@ -0,0 +1,36 @@
+---
+- name: Configure IPv4 firewall via iptables
+  hosts: finlog_dev
+  become: true
+  gather_facts: false
+
+  vars:
+    firewall_tcp_ports: [ 22, 80, 443 ] # extend as needed
+    firewall_udp_ports: [ ]            # e.g. [53]
+
+  tasks:
+    - name: Render IPv4 firewall rules from template
+      ansible.builtin.template:
+        src: iptables/rules.v4.j2
+        dest: /etc/iptables/rules.v4
+        owner: root
+        group: root
+        mode: '0644'
+      when: not ansible_check_mode
+
+    - name: Restore rules now
+      ansible.builtin.shell: iptables-restore < /etc/iptables/rules.v4
+      args:
+        executable: /bin/bash
+      changed_when: false
+      when: not ansible_check_mode
+
+    - name: Save rules for persistence
+      ansible.builtin.command: netfilter-persistent save
+      changed_when: false
+      when: not ansible_check_mode
+
+    - name: Show filter table (iptables -S)
+      ansible.builtin.command: iptables -S
+      changed_when: false
+      when: not ansible_check_mode