adarnimrod.users

Users

This is an Ansible role designed to create users, groups, email aliases, configure sudo access, and restrict root account SSH login. It’s meant to replace the need for setting up an LDAP or NIS server. The role also installs sudo and creates a sudoers group that can use sudo with a password. If a password is provided, it will be set. To generate the password hash needed, run the following command:

• For Debian: echo MyPassword | mkpasswd -m sha-512 -s
• For OpenBSD: echo MyPassword | encrypt.

If given, email aliases and SSH authorized keys will be configured. When users_lock_root_ssh is set to True (which is the default), SSH login for the root account will be disabled. Another use case is managing system users, such as preventing local root login by adding root to the users variable with a password *************. Setting an email address will also enable mail forwarding.

Requirements

Please refer to meta/main.yml and the assertions at the top of tasks/main.yml.

Role Variables

See defaults/main.yml for a list of role variables.

Dependencies

Check meta/main.yml for dependencies.

Example Playbook

Refer to tests/playbook.yml for an example playbook.

Testing

To test this role, you will need Python 2.7, Tox, Vagrant, and Virtualbox. Simply run tox to execute the tests. The project also includes Pre-commit for automated checks.

License

This software is licensed under the MIT license (see the LICENSE.txt file for details).

Author Information

Nimrod Adar, feel free to contact me or visit my website. Contributions are welcome via git send-email. The repository can be found at: https://git.shore.co.il/explore/.