Ansible collection for managing users, groups, SSH keys and more.
There are several ansible roles in this collection. Together they can set up a Unix system with proper users, groups and, if needed, superpowers. The user can be given SSH keys or a password. It is also possible to restrict login via SSH to the defined users. And it is also possible to delete users.
Please note, it is pretty useless to add an ssh key to an non-existing user directory. So please add users first before running other roles
l3d.users.user
: roles/userl3d.users.admin
: roles/adminl3d.users.sshd
: roles/sshdl3d.users.dotfiles
: roles/dotfiles
You can install the collection using ansible-galaxy by running:
ansible-galaxy collection install l3d.users:1.2.0
Remember you can to Upgrade to the latest version of the l3d.git collection using the --upgrade
parameter:
ansible-galaxy collection install l3d.users --upgrade
Or you could clone this collection in your local ansible project for example to collections/ansible_collections/l3d/users/
.
# Clone git Repo to specified path
git clone https://github.com/roles-ansible/ansible_collection_users.git collections/ansible_collections/l3d/users/
# change directory
cd collections/ansible_collections/l3d/users/
# optionally install all requirements
ansible-galaxy collection install -r requirements.yml --upgrade
You can also list a collection in requirements.yml
:
---
collections:
- name: l3d.users
version: ">=1.2.0"
- The dictionary-variable for your group_vars to set your general users and admins is
l3d_users__default_users
. - The dictionary-variable for your host_vars to set your host-specific users and admins is:
l3d_users__local_users
. The Option of these directory-variables are the following.
option | values | required | description |
---|---|---|---|
name |
string | required |
The user you want to create |
comment |
Full Name | - | Optionally add Full Name |
state |
present |
- | Create or delete user |
shell |
/bin/bash |
- | The Shell of the User |
create_home |
true |
- | create a user home (needed to store ssh keys) |
home |
string | - | Optionally set the user's home directory |
admin |
false |
- | enable it to give the user superpowers |
admin_commands |
string or list | - | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
admin_nopassword |
false |
- | Need no Password for sudo |
admin_ansible_login |
true |
- | if admin: true and l3d_users__create_ansible: true your ssh keys will be added to ansible user |
admin_root_login |
true |
- | if admin: true and l3d_users__set_root_ssh_keys: true your ssh keys will be added to root |
pubkeys |
string or lookup | - | see examples |
exclusive_pubkeys |
true |
- | delete all undefined ssh keys |
password |
password hash | - | See official FAQ |
bashrc |
list | - | adding additional content to l3d.users.dotfiles to .bashrc |
groups |
list | - | Additional groups for your user |
remove |
false |
- | completly remove user if state: absent |
There is also the l3d_users__ssh_login
variable which only supports name
and state
. It can be used to whitelist users to the sshd config.
name | default value | description |
---|---|---|
l3d_users__create_ansible |
true |
Create User ansible |
l3d_users__ansible_user_state |
present |
Create or delete user ansible |
l3d_users__set_ansible_ssh_keys |
false |
Set SSH Keys for User ansible |
l3d_users__ansible_ssh_keys |
see roles/user/defaults/main.yml | SSH public Keys for ansible user. One per line or as lookup |
l3d_users__set_root_ssh_keys |
false |
Set SSH Keys for root User |
l3d_users__root_ssh_keys |
Additional SSH Keys for root User | |
l3d_users__ansible_user_password |
Set optional Password for Ansible User, see official FAQ | |
l3d_users__ansible_user_command |
ALL |
Commans with superpower for ansible user |
l3d_users__ansible_user_nopassword |
true |
Allow superpowers without password for ansible user |
l3d_users__limit_login |
true |
Only allow SSH login for specified users |
l3d_users__additional_groups |
[] |
Optionally create some groups |
l3d_users__sshd_port |
22 |
Port for SSH |
l3d_users__sshd_password_authentication |
false |
Allow login with Password |
l3d_users__sshd_permitrootlogin |
false |
Allow login as root |
l3d_users__sshd_manage_server_key_types |
true |
Manage Server SSH Key types |
l3d_users__sshd_server_key_types |
['ed25519'] |
List of supported SSH Key Types |
l3d_users__sshd_manage_key_algorithmus |
true |
Manage SSH Key Algorythmins |
l3d_users__sshd_key_algorithmus |
['ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519', 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ecdsa-sha2-nistp256-cert-v01@openssh.com'] |
Used SSH Key Algorithms |
l3d_users__sshd_manage_kex_algorithmus |
true |
Manage SSH Kex Algorythms |
l3d_users__sshd_kex_algorithmus |
['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1'] |
Used Kex Algorythms |
l3d_users__sshd_manage_ciphers |
true |
Manage SSH Ciphers |
l3d_users__sshd_ciphers |
['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr'] |
Used SSH Ciphers |
l3d_users__sshd_manage_macs |
true |
Manage Used MACs |
l3d_users__sshd_macs |
['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512'] |
Used MACs |
l3d_users__sshd_xforwarding |
true |
Enable X-Forwarding |
l3d_users__server_key_mode |
0600 |
Mode of SSHD Server keys in Filesystem |
l3d_users__sshd_userrules |
[] |
Array for custom SSHD rules |
l3d_users__sshd_userrules[].name |
user for the custom SSHD rules | |
l3d_users__sshd_userrules[].rules |
[] |
list of custom SSHD rules for a user |
l3d_users__bashrc |
true |
Configure bashrc |
l3d_users__root_bashrc |
true |
Set bashrc for root |
l3d_users__dotfiles__bash_completion_enabled |
true |
Enable bash completion |
l3d_users__dotfiles__aliases |
see roles/dotfiles/defaults/main.yml | A predefined list of usefull aliases for your bash config |
l3d_users__dotfiles__variables |
see defaults/main.yml | A predefined list of usefull variables for your bash config |
l3d_users__dotfiles__additional_user_bashrc_lines |
[] |
variable for additional bashrc lines |
l3d_users__bashrc_path |
$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH |
bashrc $PATH |
l3d_users__dotfiles__user_prompt |
see roles/dotfiles/defaults/main.yml | PS1 prompt for users |
l3d_users__dotfiles__root_prompt |
see roles/dotfiles/defaults/main.yml | PS1 prompt for root |
l3d_users__dotfiles__history_control |
ignoreboth |
bashrc history control |
l3d_users__dotfiles__history_size |
-1 |
bashrc history size |
l3d_users__dotfiles__history_file_size |
-1 |
bashrc history filesize |
l3d_users__vimrc |
true |
Create vim config |
l3d_users__vim_colorscheme |
elflord |
Configure vim colorscheme |
l3d_users__tmuxcfg |
true |
Create Tmux Config |
l3d_users__terminator |
true |
Create terminator config |
submodules_versioncheck |
false |
Optionaly enable simple versionscheck of this role |