Skip to content

Documentation Niclas-Zone by Niclas Heinz

Linux Users Ansible Role

Linux Users Ansible Role¶

Manage local users and groups on Debian and Ubuntu systems.

Features¶

Create/update/remove local groups
Create/update/remove local users, including primary/group memberships
Optionally remove home directories when users are absent
Manage authorized_keys for user accounts
Ensure XDG_RUNTIME_DIR and DBUS_SESSION_BUS_ADDRESS are set in user ~/.bashrc

Role Variables¶

Variable	Default	Description
`users_default_shell`	`/bin/bash`	Default login shell when none is provided per user
`users_remove_home_on_absent`	`false`	Remove home directory when a user is set to `absent` (overridable per user via `remove`)
`users_groups`	`[]`	List of groups to manage (name, state, gid, system)
`users_accounts`	`[]`	List of user accounts to manage

`users_groups` entries¶

Key	Type	Description
`name`	string	Group name (required)
`state`	string	`present` (default) or `absent`
`gid`	int	Optional GID
`system`	bool	Create as system group

`users_accounts` entries¶

Key	Type	Description
`name`	string	Username (required)
`state`	string	`present` (default) or `absent`
`uid`	int	Optional UID
`primary_group`	string	Primary group name/GID
`groups`	list	Supplemental groups
`append`	bool	Append to groups (default `true`)
`shell`	string	Login shell (defaults to `users_default_shell`)
`comment`	string	GECOS/comment field
`home`	string	Home directory path
`create_home`	bool	Create home directory (default `true`)
`system`	bool	Create as system user (default `false`)
`password`	string	Hashed password (`password_hash` recommended)
`remove`	bool	Remove home directory when `state: absent` (falls back to `users_remove_home_on_absent`)
`ssh_authorized_keys`	list	SSH keys to place in `authorized_keys` (each entry may be a string `key` or dict with `key` and optional `state`)

Example Playbook¶

---
- hosts: servers
  become: true
  roles:
    - role: users
      vars:
        users_groups:
          - name: developers
            gid: 1500
        users_accounts:
          - name: alice
            groups: ["developers", "sudo"]
            comment: "Alice Example"
            ssh_authorized_keys:
              - key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoleculeTestKey alice@example"
          - name: tempuser
            state: absent
            remove: true