diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3ac66a613f50fdf118d5c86d966e8cb2453915e7
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+
+- name: Deploy pam-auth-update configuration file for enabling pam_umask
+  copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
+  notify: Update PAM configuration
+
+- name: Set login UMASK
+  lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
+
+- name: Set home directory mask
+  lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
+
+- name: Install sudo
+  apt: name=sudo state=present
+
+- name: Install common packages
+  apt: name="{{ item }}" state="present"
+  with_items: common_packages
+
+- name: Set-up operating system groups
+  group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
+  with_items: os_groups
+
+- name: Set-up operating system user groups
+  group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
+  with_items: os_users
+
+- name: Set-up operating system users
+  user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
+        groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
+        password="{{ item.password }}"
+  with_items: os_users
+
+- name: Set-up authorised keys
+  authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
+  with_subelements:
+    - os_users
+    - authorized_keys
+
+- name: Disable remote logins for root
+  lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
+  notify:
+    - Restart SSH
+
+- name: Disable remote login authentication via password
+  lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
+  notify:
+    - Restart SSH
\ No newline at end of file