diff --git a/ansible/maze/.gitignore b/ansible/maze/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..eb200e400865633fc2118f09572fb4b85f062139
--- /dev/null
+++ b/ansible/maze/.gitignore
@@ -0,0 +1,5 @@
+.idea
+.venv
+
+# autogenerated
+.template
diff --git a/ansible/maze/ansible.cfg b/ansible/maze/ansible.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..cdeb744a9bc6616aa1dd0d88d383fb645f4e6810
--- /dev/null
+++ b/ansible/maze/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
+inventory = inventory.yaml
+
+[ssh_connection]
+ssh_args = -o StrictHostKeyChecking=accept-new
diff --git a/ansible/maze/bootstrap.sh b/ansible/maze/bootstrap.sh
new file mode 100755
index 0000000000000000000000000000000000000000..67f34a583e1368f4e10d7ef8a23194f40e4e9eee
--- /dev/null
+++ b/ansible/maze/bootstrap.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+# This script creates a Python env, enters it and installs
+# ansible and requirements from the requirements.galaxy.yaml
+
+[[ ! -d .venv ]] && python3 -m venv .venv
+source .venv/bin/activate
+
+pip3 install ansible ansible-lint
+
+ansible-galaxy install "$1" -r requirements.galaxy.yaml
+
+# to stay in our comfy virtualenv
+exec "${SHELL:bash}"
diff --git a/ansible/maze/inventory.yaml b/ansible/maze/inventory.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3a6c41264a8692c5596f0adac74e936813b492b0
--- /dev/null
+++ b/ansible/maze/inventory.yaml
@@ -0,0 +1,5 @@
+all:
+  hosts:
+    # Use OpenSSH config to make it confortable
+    pve.internal.maze:
+
diff --git a/ansible/maze/main/base.yaml b/ansible/maze/main/base.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cffe3396222bff3e43705d62286347f50096a6a6
--- /dev/null
+++ b/ansible/maze/main/base.yaml
@@ -0,0 +1,12 @@
+---
+- hosts: all
+  become: no # Already root
+  vars_files:
+    - "vars/base.yaml"
+  tasks:
+    - name: Set authorized keys for root user
+      ansible.posix.authorized_key:
+        user: root
+        state: present
+        key: "{{ item }}"
+      loop: "{{ ssh_keys }}"
diff --git a/ansible/maze/main/vars/base.yaml b/ansible/maze/main/vars/base.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4061871997a45a3e1b36da0308cd95e2b3db1ca
--- /dev/null
+++ b/ansible/maze/main/vars/base.yaml
@@ -0,0 +1,4 @@
+# Playbook vars
+
+ssh_keys:
+  - https://git.sch.bme.hu/rlacko.keys
\ No newline at end of file
diff --git a/ansible/maze/requirements.galaxy.yaml b/ansible/maze/requirements.galaxy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..facdff493591682702b4a0269c8c77215239bfd0
--- /dev/null
+++ b/ansible/maze/requirements.galaxy.yaml
@@ -0,0 +1,16 @@
+---
+
+collections:
+  - community.general
+  - community.crypto
+  - ansible.posix
+
+roles:
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/base.git
+    scm: git
+    version: master
+    name: kszk.base
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git
+    scm: git
+    version: master
+    name: kszk.iptables