debops.users default variables
Sections
Global defaults
- users__enabled
Should Ansible manage local user accounts? Set to False to disable.
users__enabled: True
- users__acl_enabled
Enable or disable support for filesystem ACL management.
users__acl_enabled: '{{ True if ("acl" in users__base_packages) else False }}'
- users__default_shell
Specify absolute path of the shell which should be configured on all user accounts managed by this role, if not overridden by the user configuration. If not specified, the shell won't be changed, but new accounts will not have a defined shell either.
users__default_shell: ''
APT packages
- users__shell_package_map
YAML dictionary that maps known shells used in the /etc/passwd
database to the APT packages with these shells. The role will install missing
shell packages if any users have them as their login shells.
users__shell_package_map:
'/bin/bash': 'bash'
'/bin/csh': 'csh'
'/usr/bin/fish': 'fish'
'/bin/ksh': 'ksh'
'/bin/zsh': 'zsh'
- users__base_packages
List of base APT packages to install.
users__base_packages: [ 'acl' ]
- users__shell_packages
List of login shell APT packages expected on the host.
users__shell_packages: '{{ lookup("template", "lookup/users__shell_packages.j2") | from_yaml }}'
- users__packages
List of custom packages to install.
users__packages: []
Home directories
- users__default_home_mode
The default set of permissions for the home directories, specified in octal.
It can be overridden on a per-account basis with the item.home_mode
parameter.
users__default_home_mode: '0751'
Chroot account status
- users__chroot_groups
List of UNIX groups in which a chrooted UNIX account should be included. This depends on the configuration of the OpenSSH service, see debops.sshd for more details.
users__chroot_groups: [ 'sftponly' ]
- users__chroot_shell
The shell used for chrooted UNIX accounts if none is specified.
users__chroot_shell: '/usr/sbin/nologin'
User configuration files (dotfiles)
These variables are used to manage the user configuration files (dotfiles).
- users__dotfiles_enabled
Enable or disable management of user dotfiles via yadm script. See the debops.yadm role for script installation and dotfile mirroring.
users__dotfiles_enabled: False
- users__dotfiles_repo
An URL or an absolute path on the remote host to the git dotfiles repository. The repository will be used by default if the dotfiles management is enabled without specifying a custom repository for the user.
users__dotfiles_repo: '{{ ansible_local.yadm.dotfiles | d("") }}'
Lists of managed UNIX groups and accounts
These lists can be used to manage UNIX groups as well as UNIX accounts through the Ansible inventory. See users__accounts for more details.
- users__groups
List of UNIX groups to manage on all hosts in Ansible inventory.
users__groups: []
- users__group_groups
List of UNIX groups to manage on hosts in specific Ansible inventory group.
users__group_groups: []
- users__host_groups
List of UNIX groups to manage on specific hosts in Ansible inventory.
users__host_groups: []
- users__dependent_groups
List of UNIX groups to manage on the current playbook host. This variable is
meant to be used from a role dependency in role/meta/main.yml
or in
a playbook.
users__dependent_groups: []
- users__default_accounts
List of default UNIX user accounts managed by Ansible.
users__default_accounts: []
- users__accounts
List of user accounts to manage on all hosts in Ansible inventory.
users__accounts: []
- users__group_accounts
List of UNIX user accounts to manage on hosts in specific Ansible inventory group.
users__group_accounts: []
- users__host_accounts
List of UNIX user accounts to manage on specific hosts in Ansible inventory.
users__host_accounts: []
- users__dependent_accounts
List of user accounts to manage on the current playbook host. This variable
is meant to be used from a role dependency in role/meta/main.yml
or
in a playbook.
users__dependent_accounts: []
- users__combined_accounts
This variable combines other group and account variables together and is used in the role tasks and templates.
users__combined_accounts: '{{ users__groups
+ users__group_groups
+ users__host_groups
+ users__dependent_groups
+ users__default_accounts
+ users__accounts
+ users__group_accounts
+ users__host_accounts
+ users__dependent_accounts }}'