diff --git a/README.md b/README.md
index 5042591..927d455 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,10 @@
 # bootstraps4ansible
 
-A collection of scripts for bootstrapping Ansible on various machines.
\ No newline at end of file
+A collection of scripts for bootstrapping Ansible on various machines.
+
+| Script                            | Description                     |
+| --------------------------------- | ------------------------------- |
+| [bootstrap-vps-debian12][vzdeb12] | Debian 12 OpenVZ container      |
+
+
+[vzdeb12]: scripts/bootstrap-vps-debian12.sh
diff --git a/scripts/bootstrap-vps-debian12.sh b/scripts/bootstrap-vps-debian12.sh
new file mode 100644
index 0000000..2e710c7
--- /dev/null
+++ b/scripts/bootstrap-vps-debian12.sh
@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+#
+# https://gitea.wolfeden.online/Doc/bootstraps4ansible/scripts/bootstrap-vps-debian12.sh
+#
+# Bootstrap a clean system for use with Ansible
+
+if [[ "${UID}" -ne 0 ]]; then
+    echo " You need to run this script as root"
+    exit 1
+fi
+
+ANSIUSER=ansiuser
+ANSIUSERDIR=/home/$ANSIUSER
+TMP_PORT=46347
+
+# Update to current
+apt update && apt upgrade -y --no-recommends
+
+# Install requirements
+apt install -y --no-recommends openssh-client openssh-server sudo
+
+# Create a user for Ansible
+useradd -m -s /bin/bash -c "Ansible User" $ANSIUSER
+
+echo "Configuring sudo for user $ANSIUSER"
+usermod -aG sudo $ANSIUSER
+mkdir -p /etc/sudoers.d
+cat << EOF > /etc/sudoers.d/99-ansible-user
+$ANSIUSER ALL=(ALL) NOPASSWD:ALL
+EOF
+echo ""
+
+mkdir -p $ANSIUSERDIR/.ssh
+# Prompt to paste public key
+echo "Paste public key for $ANSIUSER. Ctl+d when done." ; cat >> $ANSIUSERDIR/.ssh/authorized_keys
+echo ""
+
+echo "Configuring ssh..."
+chown -Rc ${ANSIUSER}:${ANSIUSER} $ANSIUSERDIR/.ssh
+chmod 700 $ANSIUSERDIR/.ssh && chmod 600 $ANSIUSERDIR/.ssh/authorized_keys
+
+rm -rf /etc/ssh/sshd_config.d/*.*
+
+cat << EOF > /etc/ssh/sshd_config
+Include /etc/ssh/sshd_config.d/*.conf
+PermitEmptyPasswords no
+PermitRootLogin no
+PasswordAuthentication no
+PubkeyAuthentication yes
+AuthenticationMethods publickey
+UsePAM yes
+# Change port to temp reduce attacks before Ansible connects
+Port $TMP_PORT
+MaxAuthTries 3
+KbdInteractiveAuthentication no
+AcceptEnv LANG LC_*
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+EOF
+
+cat << EOF > /etc/ssh/sshd_config.d/enable_$ANSIUSER.conf
+AllowUsers $ANSIUSER
+EOF
+
+if command -v ufw &> /dev/null; then
+    echo "Opening port $TMP_PORT with ufw..."
+    ufw allow $TMP_PORT/tcp comment 'Allow temporary SSH port'
+elif command -v firewall-cmd &> /dev/null; then
+    echo "Opening port $TMP_PORT with firewalld..."
+    firewall-cmd --permanent --add-port=$TMP_PORT/tcp
+    firewall-cmd --reload
+elif command -v iptables &> /dev/null; then
+    echo "Temporarily opening port $TMP_PORT with iptables (this session only)..."
+    iptables -I INPUT -p tcp --dport $TMP_PORT -j ACCEPT
+fi
+
+echo "User:  $ANSIUSER"
+echo "Port:  $TMP_PORT"
+echo ""
+
+# Partially redact authorized_keys
+echo "--- Authorized Keys ---"
+grep -Poi 'ssh\-.*' $ANSIUSERDIR/.ssh/authorized_keys | awk '{ print $1, substr($2, 1, 4)".."substr($2, length($2) - 3, 4), $3 }'
+echo "-----------------------"
+
+echo ""
+echo "Restarting SSH server and ending script"
+
+systemctl restart sshd