diff --git a/ansible-set_pw_rules.yml b/ansible-set_pw_rules.yml
new file mode 100644
index 0000000..330b7a4
--- /dev/null
+++ b/ansible-set_pw_rules.yml
@@ -0,0 +1,47 @@
+---
+- name: Set Password Policies on Debian 11
+  hosts: all
+  become: yes
+  tasks:
+
+    - name: Install necessary packages
+      apt:
+        name:
+          - libpam-pwquality
+          - cracklib-runtime
+        state: present
+
+    - name: Set password quality requirements in PAM
+      lineinfile:
+        dest: /etc/security/pwquality.conf
+        regexp: "^{{ item.regexp }}"
+        line: "{{ item.line }}"
+        state: present
+      loop:
+        - { regexp: "^# minlen", line: "minlen = 10" }
+        - { regexp: "^# minclass", line: "minclass = 4" }
+        - { regexp: "^# maxrepeat", line: "maxrepeat = 3" }
+        - { regexp: "^# remember", line: "remember = 6" }
+        - { regexp: "^# retry", line: "retry = 3" }
+      notify:
+        - restart ssh
+
+    - name: Enforce password change every 180 days
+      lineinfile:
+        dest: /etc/login.defs
+        regexp: '^PASS_MAX_DAYS'
+        line: 'PASS_MAX_DAYS   180'
+        state: present
+
+    - name: Force existing users to comply with new policy upon next login
+      command: chage -m 1 -M 180 -W 15 -I 15 {{ item }}
+      with_fileglob:
+        - /home/*
+      loop_control:
+        loop_var: item
+      when: item is directory
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted