{"id":18898348,"url":"https://github.com/brainstone/ansible_roles_user_management","last_synced_at":"2026-05-05T03:39:37.500Z","repository":{"id":60645868,"uuid":"544463604","full_name":"BrainStone/ansible_roles_user_management","owner":"BrainStone","description":"Powerful Ansible role to manage user accounts on your systems including sshd config. Configures your sshd config, adds and removes users easily, sets their passwords, groups and authorized_keys.","archived":false,"fork":false,"pushed_at":"2023-10-24T23:01:58.000Z","size":47,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-31T08:45:39.235Z","etag":null,"topics":["ansible","ansible-galaxy","ansible-role","security","sshd","sshd-config","sudo"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/brainstone/user_management","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BrainStone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-02T14:46:57.000Z","updated_at":"2023-07-25T15:02:17.000Z","dependencies_parsed_at":"2024-11-08T08:42:33.232Z","dependency_job_id":"f1cad257-2bd6-40fc-961c-500dbdfe98ad","html_url":"https://github.com/BrainStone/ansible_roles_user_management","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_user_management","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_user_management/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_user_management/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrainStone%2Fansible_roles_user_management/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BrainStone","download_url":"https://codeload.github.com/BrainStone/ansible_roles_user_management/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239879317,"owners_count":19712176,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-galaxy","ansible-role","security","sshd","sshd-config","sudo"],"created_at":"2024-11-08T08:42:04.116Z","updated_at":"2026-03-01T09:30:24.352Z","avatar_url":"https://github.com/BrainStone.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# user_managent\n\nPowerful Ansible role to manage user accounts on your systems including sshd config. Configures your sshd config, adds and removes users easily, sets their\npasswords, groups and authorized_keys.\n\n## Requirements\n\nThis role assumes you have `sudo` installed and that the group name for access to `sudo` is \"sudo\". \nThis requirement may drop at a later stage.\n\n## Role Variables\n\n| Variable | Description |\n|------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `user_management_all_user_attrs` | A dictionary of users. See the variables below to see what you can configure per user. |\n| `user_management_all_user_attrs.\u003cuser\u003e` | Entry for a user. Can have multiple attributes as shown below. |\n| `user_management_all_user_attrs.\u003cuser\u003e.admin` | Whether the user is an admin user. If enabled the user will be added to the `sudo` group (and nothing else).\u003cbr/\u003e\u003cbr/\u003eDefault: `false` |\n| `user_management_all_user_attrs.\u003cuser\u003e.groups` | A list of secondary groups the user is in. *Optional* |\n| `user_management_all_user_attrs.\u003cuser\u003e.password` | The **encrypted** password of the user. If not set the user will have `!` set as the encrypted password, which effectively disabled password authentication.\u003cbr/\u003e\u003cbr/\u003eDefault: `!` |\n| `user_management_all_user_attrs.\u003cuser\u003e.shell` | Which default shell the user has.\u003cbr/\u003e\u003cbr/\u003eDefault: `/bin/bash` |\n| `user_management_all_user_attrs.\u003cuser\u003e.ssh_keys` | An **exclusive** list of authorized SSH keys for that user. *Optional* |\n| `user_management_all_user_attrs.\u003cuser\u003e.state` | The state of the user. Used to add or remove a user.\u003cbr/\u003e\u003cbr/\u003eValues:\u003cul\u003e\u003cli\u003e`present` \u0026larr; default\u003cli\u003e`absent`\u003c/ul\u003e |\n| `user_management_ansible_auth_key` | If set this role will add an user called `ansible` that will have that key (or keys if you provide multiple) set as its authorized_keys and will be allowed to sudo without a password. This is useful as a deployment user.\u003cbr/\u003eIf this is not set or empty, the user will not be added (but not removed!). |\n| `user_management_sshd_include` | Whether to include the config files under `/etc/ssh/sshd_config.d/*.conf`.\u003cbr/\u003eSome sshd versions don't support that setting, so turn it off for those.\u003cbr/\u003e\u003cbr/\u003eDefault: `true` |\n| `user_management_sshd_password_authentication` | Allow normal users to login with passwords (if set).\u003cbr/\u003e\u003cbr/\u003eDefault: `true` |\n| `user_management_sshd_permit_root_login` | Allow root user to login via SSH. Can be set to `without-password`.\u003cbr/\u003e\u003cbr/\u003eValues:\u003cul\u003e\u003cli\u003e`true`\u003cli\u003e`without-password` \u0026larr; default\u003cli\u003e`false`\u003c/ul\u003e |\n| `user_management_sshd_local_password_authentication` | Same as `user_management_sshd_password_authentication`, but only applies to local connections as defined in `user_management_sshd_local_subnets` |\n| `user_management_sshd_local_permit_root_login` | Same as `user_management_sshd_permit_root_login`, but only applies to local connections as defined in `user_management_sshd_local_subnets` |\n| `user_management_sshd_local_subnets` | Which subnets to consider \"local\". If set to an empty list, this feature is disabled. |\n\n`user_management_sshd_local_subnets` is generated with this template expression by default (how it works is explained in the `defaults/main.yml`):\n```yaml\nuser_management_sshd_local_subnets: \u003e\n {{\n ansible_facts | dict2items |\n selectattr('key', 'in',\n ansible_interfaces | reject('match', '^(lo|docker[0-9]+)$') | sort\n ) |\n selectattr('value.active', 'true') |\n selectattr('value.ipv4', 'defined') |\n json_query('[].value.ipv4.[network, netmask].join(`/`, @)') |\n map('ansible.utils.ipaddr', 'network/prefix')\n }}\n```\n\nIf your Ansible is too old (older than 2.11), it'll complain about it not being able to find `ansible.utils.ipaddr`. Change it to `ipaddr` and you're good \nto go!\n\n## Dependencies\n\nOnly Ansible Builitins.\n\n## Example Playbook\n\nI personally recommend using `host_vars` or `group_vars`, but a simple copy pastable block looks like this (the keys and passwords aren't real btw):\n\n```yaml\n- hosts: servers\n roles:\n - role: brainstone.user_management\n vars:\n all_user_attrs:\n # Existing users\n test:\n state: present\n admin: yes\n groups:\n - testing\n shell: '/bin/zsh'\n password: '$6$e9zHRubiopmvCu4u$3O1FAv04lq8yBfhgfjhgkgheQHaIoFSOK9jTbqtoowcoUfp6liSlbw7c9a001CJu6O.lol4uMnLxrbpk3vOMGVg529oU4dI/'\n ssh_keys:\n - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6qb4d6mytVq4W4q9X6DHU24g1UygnmF3do1oC5lkmG cb:6c:cc:c6:ab:64:aa:4b:6b:e9:02:3e:c4:22:6d:c9 Key 1'\n - 'ecdsa-sha2-nistp256 BBBBE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHJghjksgfo78JABBBAlyHkM0Hqglp4VWqnjf7dl0M68YkEr8CK87Ww6s3ZV8DNDbVaLFK++L+qJc+tSxI+5Y3r2sN6Atht9u4= Key 2'\n dummy: { }\n\n # Removed users\n debian:\n state: absent\n```\n\n## License\n\nThis Ansible role is licensed under the [MIT License](./LICENSE).\n\n## Contact\n\nTo contact me, use GitHub issues or Discord (BrainStone#6759)\n\n## Random Quote\n\n\u003e Every methodology I’ve come across has, at its kernel, a very small section labelled “do magic here”.\n\u003e\n\u003e — \u003ccite\u003eKatie\u003c/cite\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrainstone%2Fansible_roles_user_management","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrainstone%2Fansible_roles_user_management","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrainstone%2Fansible_roles_user_management/lists"}