Skip to content

roles-ansible/ansible_collection_users

Repository files navigation

collection l3d.git Maintainance License

Ansible Collection l3d.users

Ansible collection for managing users, groups, SSH keys and more.

There are several ansible roles in this collection. Together they can set up a Unix system with proper users, groups and, if needed, superpowers. The user can be given SSH keys or a password. It is also possible to restrict login via SSH to the defined users. And it is also possible to delete users.

Ansible Roles:

Please note, it is pretty useless to add an ssh key to an non-existing user directory. So please add users first before running other roles

Using this Collection

You can install the collection using ansible-galaxy by running:

ansible-galaxy collection install l3d.users:1.2.0

Remember you can to Upgrade to the latest version of the l3d.git collection using the --upgrade parameter:

ansible-galaxy collection install l3d.users --upgrade

Or you could clone this collection in your local ansible project for example to collections/ansible_collections/l3d/users/.

# Clone git Repo to specified path
git clone https://github.com/roles-ansible/ansible_collection_users.git collections/ansible_collections/l3d/users/

# change directory
cd collections/ansible_collections/l3d/users/

# optionally install all requirements
ansible-galaxy collection install -r requirements.yml --upgrade

You can also list a collection in requirements.yml:

---
collections:
  - name: l3d.users
    version: ">=1.2.0"

Global Variables:

User Management

  • The dictionary-variable for your group_vars to set your general users and admins is l3d_users__default_users.
  • The dictionary-variable for your host_vars to set your host-specific users and admins is: l3d_users__local_users. The Option of these directory-variables are the following.
option values required description
name string required The user you want to create
comment Full Name - Optionally add Full Name
state present - Create or delete user
shell /bin/bash - The Shell of the User
create_home true - create a user home (needed to store ssh keys)
home string - Optionally set the user's home directory
admin false - enable it to give the user superpowers
admin_commands string or list - Commands that are allows to be run as admin, eg. 'ALL' or specific script
admin_nopassword false - Need no Password for sudo
admin_ansible_login true - if admin: true and l3d_users__create_ansible: true your ssh keys will be added to ansible user
admin_root_login true - if admin: true and l3d_users__set_root_ssh_keys: true your ssh keys will be added to root
pubkeys string or lookup - see examples
exclusive_pubkeys true - delete all undefined ssh keys
password password hash - See official FAQ
bashrc list - adding additional content to l3d.users.dotfiles to .bashrc
groups list - Additional groups for your user
remove false - completly remove user if state: absent

There is also the l3d_users__ssh_login variable which only supports name and state. It can be used to whitelist users to the sshd config.

Other variables

name default value description
l3d_users__create_ansible true Create User ansible
l3d_users__ansible_user_state present Create or delete user ansible
l3d_users__set_ansible_ssh_keys false Set SSH Keys for User ansible
l3d_users__ansible_ssh_keys see roles/user/defaults/main.yml SSH public Keys for ansible user. One per line or as lookup
l3d_users__set_root_ssh_keys false Set SSH Keys for root User
l3d_users__root_ssh_keys Additional SSH Keys for root User
l3d_users__ansible_user_password Set optional Password for Ansible User, see official FAQ
l3d_users__ansible_user_command ALL Commans with superpower for ansible user
l3d_users__ansible_user_nopassword true Allow superpowers without password for ansible user
l3d_users__limit_login true Only allow SSH login for specified users
l3d_users__additional_groups [] Optionally create some groups
l3d_users__sshd_port 22 Port for SSH
l3d_users__sshd_password_authentication false Allow login with Password
l3d_users__sshd_permitrootlogin false Allow login as root
l3d_users__sshd_manage_server_key_types true Manage Server SSH Key types
l3d_users__sshd_server_key_types ['ed25519'] List of supported SSH Key Types
l3d_users__sshd_manage_key_algorithmus true Manage SSH Key Algorythmins
l3d_users__sshd_key_algorithmus ['ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519', 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ecdsa-sha2-nistp256-cert-v01@openssh.com'] Used SSH Key Algorithms
l3d_users__sshd_manage_kex_algorithmus true Manage SSH Kex Algorythms
l3d_users__sshd_kex_algorithmus ['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1'] Used Kex Algorythms
l3d_users__sshd_manage_ciphers true Manage SSH Ciphers
l3d_users__sshd_ciphers ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr'] Used SSH Ciphers
l3d_users__sshd_manage_macs true Manage Used MACs
l3d_users__sshd_macs ['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512'] Used MACs
l3d_users__sshd_xforwarding true Enable X-Forwarding
l3d_users__server_key_mode 0600 Mode of SSHD Server keys in Filesystem
l3d_users__sshd_userrules [] Array for custom SSHD rules
l3d_users__sshd_userrules[].name user for the custom SSHD rules
l3d_users__sshd_userrules[].rules [] list of custom SSHD rules for a user
l3d_users__bashrc true Configure bashrc
l3d_users__root_bashrc true Set bashrc for root
l3d_users__dotfiles__bash_completion_enabled true Enable bash completion
l3d_users__dotfiles__aliases see roles/dotfiles/defaults/main.yml A predefined list of usefull aliases for your bash config
l3d_users__dotfiles__variables see defaults/main.yml A predefined list of usefull variables for your bash config
l3d_users__dotfiles__additional_user_bashrc_lines [] variable for additional bashrc lines
l3d_users__bashrc_path $HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH bashrc $PATH
l3d_users__dotfiles__user_prompt see roles/dotfiles/defaults/main.yml PS1 prompt for users
l3d_users__dotfiles__root_prompt see roles/dotfiles/defaults/main.yml PS1 prompt for root
l3d_users__dotfiles__history_control ignoreboth bashrc history control
l3d_users__dotfiles__history_size -1 bashrc history size
l3d_users__dotfiles__history_file_size -1 bashrc history filesize
l3d_users__vimrc true Create vim config
l3d_users__vim_colorscheme elflord Configure vim colorscheme
l3d_users__tmuxcfg true Create Tmux Config
l3d_users__terminator true Create terminator config
submodules_versioncheck false Optionaly enable simple versionscheck of this role