volker.raschek/ansible-role-unix-users
1
0
Fork 0
Code Issues 2 Pull Requests Actions Projects Releases Wiki Activity
64 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Markus Pesch af94964494
All checks were successful
Lint Markdown files / markdown-lint (push) Successful in 10s
Details
Ansible Linter / ansible-lint (push) Successful in 31s
Details
docs(README): remove dead link
2025-07-12 23:27:07 +02:00
.gitea/workflows
chore(deps): update ansible/ansible-lint action to v25.6.1
2025-06-19 10:02:09 +00:00
defaults
fix(netrc): typo
2025-06-27 20:48:04 +02:00
meta
docs(README): add further details
2025-07-12 23:22:31 +02:00
tasks
feat(netrc): init
2025-06-27 20:39:09 +02:00
templates
fix(netrc): adapt netrc template
2025-07-12 12:18:00 +02:00
.ansible-lint
feat(act-runner): init
2025-04-14 22:31:39 +02:00
.editorconfig
Initial Commit
2022-05-09 10:17:07 +02:00
.gitignore
feat(act-runner): init
2025-04-14 22:31:39 +02:00
.markdownlint.yaml
feat(act-runner): init
2025-04-14 22:31:39 +02:00
.yamllint.yaml
feat(netrc): init
2025-06-27 20:39:09 +02:00
LICENSE
Initial Commit
2022-05-09 10:17:07 +02:00
README.md
docs(README): remove dead link
2025-07-12 23:27:07 +02:00
renovate.json
chore(renovate): use configuration preset
2025-04-01 22:20:18 +02:00

README.md

volker-raschek.unix-users

Ansible Role

The ansible role volker-raschek.unix-users create and manage users on Linux based distributions. For example for Arch Linux, Fedora and Ubuntu. Furthermore, the role can also be used to create groups, ~/.forward, ~/.netrc and to manage the ~/.ssh directory.

Examples

User and group

The following example create the user toor and group toor. Booth with a specific id.

unix_groups:
  toor:
    gid: "1001"
    state: present

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    shell: /bin/bash
    password: toor
    group: toor

Btrfs home dir

Optionally, the home directory of a user can also be created as dedicated btrfs subvolume. This make it possible to create snapshots of the home directory, for example via btrbk.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    btrfs: true
    shell: /bin/bash
    password: toor
    group: toor

.netrc

The ansible role supports the creation and management of the .netrc file in a user's home directory. The .netrc file for the user toor is created below. This contains entries for GitHub.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    netrc:
    - machine: github.com
      login: octocat
      password: pat_12345
    - machine: api.github.com
      login: octocat
      password: pat_12345
    shell: /bin/bash
    password: toor
    group: toor

.ssh

The SSH client directory ~/.ssh can also be managed via the Ansible role. This supports the creation and management of ~/.ssh/config, ~/.ssh/authorized_keys as well as the maintenance of private and public SSH keys.

The following example create two entries in ~/.ssh/authorized_keys. One normal SSH access for claire. If bob establish a SSH connection the command /usr/local/bin/upload-file.sh will be executed and exited.

The private key toor@toor-pc.ed25519.key must be stored in ssh/private_keys. The public key will be automatically extracted from the private key.

The public keys claire@claire-pc.pub as well as bob@bob-pc.pub must be stored in ssh/authorized_keys.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    ssh:
      config:
      - Host: "*"
        StrictHostKeyChecking: "no"
        UserKnownHostFile: /dev/null
      authorized_keys:
      - filename: claire@claire-pc.pub
      - command: /usr/local/bin/upload-file.sh
        filename: bob@bob-pc.pub
      private_keys:
      - toor@toor-pc.ed25519.key
    shell: /bin/bash
    password: toor
    group: toor

.forward

If on the system is postfix installed, postfix will respect the ~/.forward file. This allows to forward local emails to external email addresses. The following example create the ~/.forward file for toor to forward emails to toor@company.example.local.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    email: toor@company.example.local
    shell: /bin/bash
    password: toor
    group: toor

shell_rc files

The role also supports the creation of bashrc drop-in files. These are created in ~/.bashrc.d and included by ~/.bashrc via source.

Program-related configurations can be made via a drop-in file. For example, the configuration of the bash history via the environment variables HISTCONTROL or HISTFILE. In addition to environment variables, aliases and complete functions can also be defined.

unix_users:
  toor:
    state: present
    name: Toor
    uid: "1000"
    home: /home/toor
    email: toor@company.example.local
    shell: /bin/bash
    shell_rc_files:
    - file: "/home/toor/.bashrc.d/10-docker.bashrc" # absolute or relative path to home dir
      aliases:
      - key: "dcd"
        value: "docker-compose down"
      envs:
      - export: true
        key: "PATH"
        value: "/home/toor/workspace/docker-compose/bin:${PATH}" # Add local compiled docker-compose into $PATH
      functions:
      - name: "foo"
        value: |
          if ! which docker 1> /dev/null; then
            echo "ERROR: docker not found" 1>&2
            exit 1
          fi
    password: toor
    group: toor

Further ansible roles

This ansible role is used in combination with other ansible roles of volker-raschek. You can search for the other ansible roles via the following command.

$ ansible-galaxy role search --author "volker-raschek"

Found roles matching your search:

 Name                      Description
 ----                      -----------
 volker-raschek.bind9      Role to install and configure bind9 on different distributions
 volker-raschek.dhcpd      Role to install and configure dhcpd on different distributions
 volker-raschek.renovate   Role to configure renovate as container image
 ...
Description
Ansible role to create and configure unix users and groups
ansibleansible-galaxyansible-roleunix-users
Readme MIT 111 KiB
Languages
Jinja 100%