stationgroup/ansible-experiments
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
ansible-experiments/add-users-groups-authorized_keys-dot-files/roles/users/README.md
Bryan Black f425969a79
fix ${HOME} typo
2018-09-03 03:50:49 -07:00

136 lines
4 KiB
Markdown
Raw Blame History

# Users
Ansible roles to create/configure users on Linux/FreeBSD.
## Variables
| user_groups | | |
| ---: |--- |--- |
| name | name of the group | Data type |
| gid | Optionally set the group ID | int |
| state | whether the group shoud be created or removed | present/absent |
| users | | |
| ---: |---| ---|
| _variable name_ | Description | Data type |
| name | username | string |
| state | whether the user should be created or removed | present/absent |
| password | string of an encrypted value(1) | string |
| groups | additional groups the user should belong to | list |
| uid | optionally specify a user id | int |
| enable_sudo | Enable passwordless sudo for the given user | bool |
| keys | list of dictionaries | list |
| bash_lines | configure lines in .bashrc | list |
| bash_blocks | configure lines in .bashrc | list |
| csh_lines | configure lines in .cshrc | list |
| csh__blocks | configure lines in .cshrc | list |
(1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
## Default variables
The default shells depending on the OS are:
- Linux: `/bin/bash`
- FreeBSD: `/bin/cshrc`
This is defined in the `defaults` section of the **users** role
## Example inventory
```
user_groups:
- name: mygroup
gid: 700
users:
- name: remember
state: present
password: "blabla"
groups:
- mygroup
uid: 1100
enable_sudo: true
keys:
- file: key1
state: present
bash_lines:
- line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"'
state: present
- line: "alias ls='ls lah'"
state: present
bash_blocks:
- content: |
#testing
#multiline
state: present
- name: test
enable_sudo: false
keys:
- file: key2
state: absent
csh_lines:
- line: "ls ls -lah"
state: absent
```
## Using the Role
### Example Playbook
```
---
- name: Manage user configuration
hosts: all
remote_user: root
roles:
- users
```
### Configure a user's ssh keys
For every user a directory matching the username should be created under the _keys_ folder in the role's _files_ folder. In this folder the user's ssh keys can be stored.
```
├── files
│   └── keys
│   ├── remember
│   │   └── key1.pub
│   └── test
│   └── key2.pub
```
The name of the file holding the key should match the name in the _users_ variable
```
keys:
- file: key1
state: present
```
### Configure a user's shell
This role allows you to add or remove lines to a user's `.bashrc` or `cshrc` file. Since this is not based on a template that overwrites the complete file, users can still add their own configuration too.
Add items to the **shell_lines** key in the **users** variable. Each item exists of a _line_ and _state_ key.
**lines**
Use _lines_ if you want to make sure a single line is present or not.
Example:
```
shell_lines:
- line: "testline"
state: absent
- line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"'
state: present
- line: "alias ls='ls lah'"
state: present
```
**blocks**
use blocks if you want to make sure a number of lines that belong together are
present or not.
Example:
```
bash_blocks:
- content: |
if [ condition ]; then
do something
state: present
```
Reference in a new issue View git blame Copy permalink