diff --git a/roles/infrastructure/tasks/main.yaml b/roles/infrastructure/tasks/main.yaml
new file mode 100644
index 0000000..1169ce3
--- /dev/null
+++ b/roles/infrastructure/tasks/main.yaml
@@ -0,0 +1,26 @@
+---
+# role currently only works with opentofu
+# Either manually extend to both or just leave out test?
+- name: Check if tofu is installed
+  vars:
+    terraform_bin: tofu
+  ansible.builtin.command:
+    argv:
+      - which
+      - "{{ terraform_bin|quote }}"
+  check_mode: false # run even in check mode
+  tags: debug
+  register: tofu_installed
+  failed_when: false
+  changed_when: false
+
+- name: Run terraform
+  community.general.terraform:
+    binary_path: "{{ (tofu_installed.rc in [ 0 ]) | ternary('tofu', 'terraform') }}"
+    project_path: "tofu/"
+    state: present
+  register: output
+
+- name: Debug output
+  debug:
+    var: output
diff --git a/site.yaml b/site.yaml
index 0f89754..b77d574 100644
--- a/site.yaml
+++ b/site.yaml
@@ -5,7 +5,6 @@
   gather_facts: False
   become: true
   tags:
-    - system
     - bootstrap
   tasks:
     - name: check for python
@@ -50,6 +49,13 @@
     #     name: incus-install
     #   tags: incus
 
+- name: Raise infrastructure
+  hosts: localhost
+  tags: infrastructure
+  tasks:
+    - ansible.builtin.import_role:
+        name: infrastructure
+
   # ansible-galaxy install geerlingguy.docker
 - name: Install docker
   hosts: instance_system
diff --git a/tofu/main.tf b/tofu/main.tf
new file mode 100644
index 0000000..ed46066
--- /dev/null
+++ b/tofu/main.tf
@@ -0,0 +1,5 @@
+
+output "my_debug_output" {
+    description = "just debuggin"
+    value = 42
+}