diff --git a/playbooks/manual-prerequisites.yaml b/playbooks/manual-prerequisites.yaml
new file mode 100644
index 0000000..247cd87
--- /dev/null
+++ b/playbooks/manual-prerequisites.yaml
@@ -0,0 +1,9 @@
+---
+- hosts: static-web
+  remote_user: root
+  tasks:
+    - name: Import manual setup steps
+      ansible.builtin.import_role:
+        name: static
+        tasks_from: setup-webadmin.yaml
+
diff --git a/playbooks/readme.md b/playbooks/readme.md
new file mode 100644
index 0000000..61305fe
--- /dev/null
+++ b/playbooks/readme.md
@@ -0,0 +1,5 @@
+# What is this
+
+Here be the ansible based workflows that we use to keep things like the static
+hosts properly setup with all the resources they need to properly host the
+services we intended on hosting.
diff --git a/playbooks/static/files/.gitkeep b/playbooks/static/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/playbooks/static/handlers/.gitkeep b/playbooks/static/handlers/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/playbooks/static/handlers/main.yaml b/playbooks/static/handlers/main.yaml
new file mode 100644
index 0000000..ec92437
--- /dev/null
+++ b/playbooks/static/handlers/main.yaml
@@ -0,0 +1,5 @@
+- name: Restart SSH
+  become: true
+  ansible.builtin.systemd:
+    name: sshd
+    state: restarted
diff --git a/playbooks/static/tasks/.gitkeep b/playbooks/static/tasks/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/playbooks/static/tasks/setup-webadmin.yaml b/playbooks/static/tasks/setup-webadmin.yaml
new file mode 100644
index 0000000..bfc6523
--- /dev/null
+++ b/playbooks/static/tasks/setup-webadmin.yaml
@@ -0,0 +1,43 @@
+- name: Ensure sudo is available
+  ansible.builtin.apt:
+    state: present
+    update_cache: true
+    pkg:
+      - sudo
+      - zsh
+- name: Create webadmin user
+  ansible.builtin.user:
+    name: webadmin
+    state: present
+    shell: /bin/zsh
+    groups:
+      - nginx
+    append: true
+- name: Copy webadmin public key
+  ansible.posix.authorized_key:
+    user: webadmin
+    state: present
+    key: "{{ lookup('file', 'files/webadmin.pem.pub') }}"
+- name: Add webadmin to sudoers
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/webadmin"
+    content: "webadmin ALL=(ALL) NOPASSWD: ALL"
+    mode: "0644"
+    owner: root
+    group: root
+- name: Disable Password Authentication
+  ansible.builtin.lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: PasswordAuthentication no
+    state: present
+    backup: true
+  notify:
+    - Restart SSH
+- name: Disable root login
+  ansible.builtin.lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: PermitRootLogin no
+    state: present
+    backup: true
+  notify:
+    - Restart SSH
diff --git a/playbooks/static/templates/.gitkeep b/playbooks/static/templates/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/playbooks/static/vars/.gitkeep b/playbooks/static/vars/.gitkeep
new file mode 100644
index 0000000..e69de29