debops.auth manages basic user authentication and authorization on configured host, including setting up system groups with elevated privileges.


This role requires at least Ansible v1.7.0. To install it, run:

ansible-galaxy install debops.auth

Role variables

List of default variables available in the inventory:


# List of default accounts that are given admin status by being added to
# 'admins' system group
auth_admin_accounts: [ '{{ ansible_ssh_user }}' ]

# List of default system accounts that are used in the playbook

  # Global system administrators, unrestricted root access, unrestricted SSH
  - 'admins'

  # Users in this group can connect to the host using SSH service
  - 'sshusers'

  # Users in this group have access only to chrooted SFTP service (without full
  # shell access) and cannot use SSH public keys in ~/.ssh/authorized_keys file
  # (only keys in '/etc/ssh/authorized_keys.d/user' are allowed)
  - 'sftponly'

  # Users in this group can reload nginx service using sudo and have access to
  # /etc/nginx/sites-local/ directory where they can put nginx vhost
  # configuration files to be enabled by Ansible in nginx
  # (this might be moved to 'nginx' role in the future)
  - 'webadmins'

Authors and license

debops.auth role was written by:

License: GPLv3