Skip to content

tb2010/ansible-role-users

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Ansible Role: Users

Build Status

Configure users and ssh access on Debian/Ubuntu linux servers.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

users_ssh_password_authentication: 'Yes'
users_ssh_permit_root_login: 'Yes'
users_ssh_port: '22'

Manage admin users

users_admin_require_sudo_password: false
users_admin_group: 'admin'
users_admin:
  - name: admin1
    state: present
    group: admin1
    grous: ['{{ users_admin_group }}']
    password: '$6$Aqh2Oxtx...DzKWXeHgulX1SJ.'
    update_password: always
    sshkeys:
      - key: 'ssh-rsa AAAAB...XJtw== admin1@example.com'
      	state: present

  - name: admin2
    state: present
    group: admin2
    groups: ['{{ users_admin_group }}']
    password: '$6$Aqh2Oxtx...DzKWXeHgulX1SJ.'
    update_password: always
    sshkeys:
      - key: 'ssh-rsa AAAAB...XJtw== admin2@example.com'
        state: present

Manage normal users

users_normal:
  - name: 'user1'
    state: present
    password: '$6$Aqh2Oxtx...DzKWXeHgulX1SJ.'
    update_password: 'always'
    group: "user1"
    home: '/var/www/user1'
    groups: ['sftp', 'ssh']
    mode: '0755'

  - name: 'user2'
    state: present
    password: '$6$Aqh2Oxtx...DzKWXeHgulX1SJ.'
    update_password: 'always'
    group: "user2"
    home: '/var/www/user2'
    groups: ['sftp']
    mode: '0755'

Manage system users

System users are defined in vars file and therefore not supposed to be used for normal users!

users_system:
  - name: 'root'
    state: present

Remove user

There are two ways to remove users

1) Set state=absent

users_normal:
  - name: 'user1'
    state: absent
    password: '$6$Aqh2Oxtx...DzKWXeHgulX1SJ.'
    update_password: 'always'
    group: "user1"
    home: '/var/www/user1'
    groups: ['sftp', 'ssh']
    mode: '0755'

  - name: 'user2'
    state: absent

2) Add to users_remove array

users_remove: ['user2', 'user22']

User password

User passwords must be a generated hash. To generate a password hash use

mkpasswd --method=SHA-512

SSH Config

Manage sshd_config

users_ssh_config:
  - regexp: "^PasswordAuthentication"
    line: "PasswordAuthentication yes"
  - regexp: "^PermitRootLogin"
    line: "PermitRootLogin no"
  - regexp: "^Port"
    line: "Port 2222"

Dependencies

None.

Example Playbook

- hosts: server
  roles:
    - { role: tschifftner.users }

Supported OS

  • Debian 9 (Stretch)
  • Debian 8 (Jessie)
  • Ubuntu 18.04 (Bionic Beaver)
  • Ubuntu 16.04 (Xenial Xerus)

Required ansible version

Ansible 2.5+

License

MIT License

Author Information

About

Configure users and ssh access on Debian/Ubuntu linux servers.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 100.0%