Add users role

roles/users/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+users_become: true
+users_become_user: root

roles/users/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- block:
+
+  - name: user {{ item.username }}
+    user:
+      name: "{{ item.username }}"
+      password: "{{ item.password | password_hash('sha512') if item.password is defined and item.password != '!' else '!' }}"
+      shell: "{{ item.shell | default('/bin/bash') }}"
+      state: "{{ item.state | default('present') }}"
+      remove: "{{ item.remove | default(false) }}"
+    with_items: "{{ users_list }}"
+
+  - name: set proper HOME permissions for {{ item.username }}
+    file:
+      path: "/home/{{ item.username }}"
+      mode: u=rwX,g=rX,o=
+    with_items: "{{ users_list }}"
+    when: item.state is not defined or item.state == 'present'
+
+  - name: set authorized key for the user ({{ item.username }})
+    authorized_key:
+      user: "{{ item.username }}"
+      key: "{{ lookup('file', item.key) }}"
+      key_options: "{{ item.key_options | default('') }}"
+      state: "{{ item.state | default('present') }}"
+    with_items: "{{ users_list }}"
+    when: item.key is defined
+
+  become: "{{ users_become }}"
+  become_user: "{{ users_become_user }}"

tests/test.yml

@@ -43,6 +43,14 @@
     dehydrated_domains:
       - example.org www.example.org
       - example2.org
+    users_list:
+      - username: eriol
+        password: !
+        key: ~/.ssh/test/id_rsa.pub
+        key_options: 'command="/usr/bin/date"'
+      - username: melchisedec
+        # state: absent
+        # remove: true
   roles:
     # - ../roles/apt_dist_upgrade
     - ../roles/common
@@ -52,6 +60,7 @@
     - ../roles/sshd
     - ../roles/fail2ban
     - ../roles/snake_oil_cert
+    - ../roles/users
     # - ../roles/dehydrated
     # - ../roles/nginx
     # - ../roles/admin