diff --git a/files/root/.bashrc b/files/root/.bashrc
new file mode 100644
index 000000000..46e52ae48
--- /dev/null
+++ b/files/root/.bashrc
@@ -0,0 +1,27 @@
+# This file is managed by puppet.
+#
+# This file exists purely for quality of life in the rare case we log in as
+# root. If there is any disagreement on what's comfy, we should feel free to
+# delete anything and revert to defaults.
+#
+# DO NOT PUT ANYTHING IN THIS FILE THAT IS ACTUALLY CRITICAL TO MAKE A SYSTEM
+# WORK. THESE ARE ONLY CREATURE COMFORTS.
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# color, abbreviation
+eval "$(dircolors)"
+alias ls='ls --color=auto'
+alias l='ls -F'
+alias ll='ls -lh'
+alias la='ls -AF'
+alias grep='grep --color=auto'
+alias fgrep='fgrep --color=auto'
+alias egrep='egrep --color=auto'
+
+# history
+HISTCONTROL=ignoredups:ignorespace
+shopt -s histappend
+HISTSIZE=10000
+HISTFILESIZE=10000
diff --git a/files/root/.profile b/files/root/.profile
new file mode 100644
index 000000000..5e7b67627
--- /dev/null
+++ b/files/root/.profile
@@ -0,0 +1,12 @@
+# This file is managed by puppet. It is the debian/ubuntu stock `.profile`,
+# with no modification beyond this comment.
+#
+# Don't override this with .bash_profile, as it is automatically deleted.
+
+if [ "$BASH" ]; then
+  if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+  fi
+fi
+
+mesg n 2> /dev/null || true
diff --git a/manifests/profile/root.pp b/manifests/profile/root.pp
new file mode 100644
index 000000000..0ae2ad227
--- /dev/null
+++ b/manifests/profile/root.pp
@@ -0,0 +1,24 @@
+# nebula::profile::root
+#
+# configure root's home directory
+#
+# @example
+#   include nebula::profile::root
+class nebula::profile::root (
+  Boolean $manage = true,
+) {
+  if ($manage) {
+    file { '/root/':
+      ensure             => directory,
+      mode               => '0700',
+      source             => 'puppet:///modules/nebula/root/',
+      source_permissions => use,
+      recurse            => remote,
+      purge              => false,
+    }
+
+    file { '/root/.bash_profile':
+      ensure => absent
+    }
+  }
+}
diff --git a/manifests/role/minimum.pp b/manifests/role/minimum.pp
index bea75f41c..592dc88d0 100644
--- a/manifests/role/minimum.pp
+++ b/manifests/role/minimum.pp
@@ -15,6 +15,7 @@
     include nebula::profile::authorized_keys
     include nebula::profile::known_host_public_keys
     include nebula::profile::falcon
+    include nebula::profile::root
 
     class { 'nebula::profile::networking::firewall':
       internal_routing => $internal_routing,
diff --git a/spec/classes/profile/root_spec.rb b/spec/classes/profile/root_spec.rb
new file mode 100644
index 000000000..7d1431770
--- /dev/null
+++ b/spec/classes/profile/root_spec.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe "nebula::profile::root" do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it {
+        is_expected.to contain_file("/root/")
+          .with(recurse: "remote", purge: false, source_permissions: "use")
+      }
+      it {
+        is_expected.to contain_file("/root/.bash_profile")
+          .with(ensure: "absent")
+      }
+    end
+  end
+end