volker.raschek/ansible-role-unix-users
1
0
Fork 0
Code Issues 2 Pull Requests Actions Projects Releases Wiki Activity
Files
22048124fd5a9c7611b13a4af4c8cde8bd3c9a93
ansible-role-unix-users/README.md
Markus Pesch af94964494
All checks were successful
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Successful in 31s
Details
docs(README): remove dead link
2025-07-12 23:27:07 +02:00

5.0 KiB
Raw Blame History

volker-raschek.unix-users

Ansible Role

The ansible role volker-raschek.unix-users create and manage users on Linux based distributions. For example for Arch Linux, Fedora and Ubuntu. Furthermore, the role can also be used to create groups, ~/.forward, ~/.netrc and to manage the ~/.ssh directory.

Examples

User and group

The following example create the user toor and group toor. Booth with a specific id.

unix_groups:
  toor:
    gid: "1001"
    state: present

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    shell: /bin/bash
    password: toor
    group: toor

Btrfs home dir

Optionally, the home directory of a user can also be created as dedicated btrfs subvolume. This make it possible to create snapshots of the home directory, for example via btrbk.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    btrfs: true
    shell: /bin/bash
    password: toor
    group: toor

.netrc

The ansible role supports the creation and management of the .netrc file in a user's home directory. The .netrc file for the user toor is created below. This contains entries for GitHub.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    netrc:
    - machine: github.com
      login: octocat
      password: pat_12345
    - machine: api.github.com
      login: octocat
      password: pat_12345
    shell: /bin/bash
    password: toor
    group: toor

.ssh

The SSH client directory ~/.ssh can also be managed via the Ansible role. This supports the creation and management of ~/.ssh/config, ~/.ssh/authorized_keys as well as the maintenance of private and public SSH keys.

The following example create two entries in ~/.ssh/authorized_keys. One normal SSH access for claire. If bob establish a SSH connection the command /usr/local/bin/upload-file.sh will be executed and exited.

The private key toor@toor-pc.ed25519.key must be stored in ssh/private_keys. The public key will be automatically extracted from the private key.

The public keys claire@claire-pc.pub as well as bob@bob-pc.pub must be stored in ssh/authorized_keys.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    ssh:
      config:
      - Host: "*"
        StrictHostKeyChecking: "no"
        UserKnownHostFile: /dev/null
      authorized_keys:
      - filename: claire@claire-pc.pub
      - command: /usr/local/bin/upload-file.sh
        filename: bob@bob-pc.pub
      private_keys:
      - toor@toor-pc.ed25519.key
    shell: /bin/bash
    password: toor
    group: toor

.forward

If on the system is postfix installed, postfix will respect the ~/.forward file. This allows to forward local emails to external email addresses. The following example create the ~/.forward file for toor to forward emails to toor@company.example.local.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    email: toor@company.example.local
    shell: /bin/bash
    password: toor
    group: toor

shell_rc files

The role also supports the creation of bashrc drop-in files. These are created in ~/.bashrc.d and included by ~/.bashrc via source.

Program-related configurations can be made via a drop-in file. For example, the configuration of the bash history via the environment variables HISTCONTROL or HISTFILE. In addition to environment variables, aliases and complete functions can also be defined.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    email: toor@company.example.local
    shell: /bin/bash
    shell_rc_files:
    - file: "/home/toor/.bashrc.d/10-docker.bashrc" # absolute or relative path to home dir
      aliases:
      - key: "dcd"
        value: "docker-compose down"
      envs:
      - export: true
        key: "PATH"
        value: "/home/toor/workspace/docker-compose/bin:${PATH}" # Add local compiled docker-compose into $PATH
      functions:
      - name: "foo"
        value: |
          if ! which docker 1> /dev/null; then
            echo "ERROR: docker not found" 1>&2
            exit 1
          fi
    password: toor
    group: toor

Further ansible roles

This ansible role is used in combination with other ansible roles of volker-raschek. You can search for the other ansible roles via the following command.

$ ansible-galaxy role search --author "volker-raschek"

Found roles matching your search:

 Name                      Description
 ----                      -----------
 volker-raschek.bind9      Role to install and configure bind9 on different distributions
 volker-raschek.dhcpd      Role to install and configure dhcpd on different distributions
 volker-raschek.renovate   Role to configure renovate as container image
 ...