This role is used to manage users, groups and SSH keys. You can manage almost all details of the user's account, like UID/GID, home directory, groups, etc. You can also revoke SSH keys and remove users.
None.
A list of users to be created in system. For simplicity and convenience we recommend to separate each user entry in its own variable. For example:
users_mmacia:
name: mmacia # Required. Also is the default group if not set.
state: present # present or absent. Use absent to remove the user.
group: users # Default group.
groups: [] # Additional groups to set. They'll be created beforehand if not exists.
gid: 1000
uid: 1000
shell: "/bin/bash"
comment: "GECOS comment"
password: "secret" # Generated by mkpasswd --method=SHA-512
update_password: always
ssh_keys: ["key1", "key2"] # List of authorized SSH keys for this user
users_list:
- "{{ users_mmacia }}"
Everything except name
is optional, note that you can use all accepted attributes of Ansible
user module.
If you want to remove an existent user, you have to set state
property to absent
and remove
to yes
to remove
user and its home directory.
users_mmacia:
name: mmacia
state: absent
remove: yes
users_list:
- "{{ users_mmacia }}"
A list of groups to be created in system. Everything except name
is optional, note that you can use all accepted
attributes of Ansible group module.
users_groups_list:
- name: my_group
state: present
system: no
gid: 1000
If you want to remove an existent group, you have to set state
property to absent
.
A list of revoked SSH keys. These keys will be removed in each ~/.ssh/authorized_keys
file of users managed by this
role.