debops.users default variables¶
Sections
Global defaults¶
-
users__enabled
¶
Should Ansible manage local user accounts? Set to False to disable.
users__enabled: True
-
users__acl_enabled
¶
Enable or disable support for filesystem ACL management.
users__acl_enabled: '{{ True if ("acl" in users__base_packages) else False }}'
-
users__default_shell
¶
Specify absolute path of the shell which should be configured on all user accounts managed by this role, if not overridden by the user configuration. If not specified, the shell won't be changed, but new accounts will not have a defined shell either.
users__default_shell: ''
APT packages¶
-
users__shell_package_map
¶
YAML dictionary that maps known shells used in the /etc/passwd
database to the APT packages with these shells. The role will install missing
shell packages if any users have them as their login shells.
users__shell_package_map:
'/bin/bash': 'bash'
'/bin/csh': 'csh'
'/usr/bin/fish': 'fish'
'/bin/ksh': 'ksh'
'/bin/zsh': 'zsh'
-
users__base_packages
¶
List of base APT packages to install.
users__base_packages: [ 'acl' ]
-
users__shell_packages
¶
List of login shell APT packages expected on the host.
users__shell_packages: '{{ lookup("template", "lookup/users__shell_packages.j2") | from_yaml }}'
-
users__packages
¶
List of custom packages to install.
users__packages: []
Home directories¶
-
users__default_home_mode
¶
The default set of permissions for the home directories, specified in octal.
It can be overridden on a per-account basis with the item.home_mode
parameter.
users__default_home_mode: '0751'
Chroot account status¶
-
users__chroot_groups
¶
List of UNIX groups in which a chrooted UNIX account should be included. This depends on the configuration of the OpenSSH service, see debops.sshd for more details.
users__chroot_groups: [ 'sftponly' ]
-
users__chroot_shell
¶
The shell used for chrooted UNIX accounts if none is specified.
users__chroot_shell: '/usr/sbin/nologin'
User configuration files (dotfiles)¶
These variables are used to manage the user configuration files (dotfiles).
-
users__dotfiles_enabled
¶
Enable or disable management of user dotfiles via yadm script. See the debops.yadm role for script installation and dotfile mirroring.
users__dotfiles_enabled: False
-
users__dotfiles_repo
¶
An URL or an absolute path on the remote host to the git dotfiles repository. The repository will be used by default if the dotfiles management is enabled without specifying a custom repository for the user.
users__dotfiles_repo: '{{ ansible_local.yadm.dotfiles|d("") }}'
Lists of managed UNIX groups and accounts¶
These lists can be used to manage UNIX groups as well as UNIX accounts through the Ansible inventory. See users__accounts for more details.
-
users__groups
¶
List of UNIX groups to manage on all hosts in Ansible inventory.
users__groups: []
-
users__group_groups
¶
List of UNIX groups to manage on hosts in specific Ansible inventory group.
users__group_groups: []
-
users__host_groups
¶
List of UNIX groups to manage on specific hosts in Ansible inventory.
users__host_groups: []
-
users__dependent_groups
¶
List of UNIX groups to manage on the current playbook host. This variable is
meant to be used from a role dependency in role/meta/main.yml
or in
a playbook.
users__dependent_groups: []
-
users__default_accounts
¶
List of default UNIX user accounts managed by Ansible.
users__default_accounts: []
-
users__accounts
¶
List of user accounts to manage on all hosts in Ansible inventory.
users__accounts: []
-
users__group_accounts
¶
List of UNIX user accounts to manage on hosts in specific Ansible inventory group.
users__group_accounts: []
-
users__host_accounts
¶
List of UNIX user accounts to manage on specific hosts in Ansible inventory.
users__host_accounts: []
-
users__dependent_accounts
¶
List of user accounts to manage on the current playbook host. This variable
is meant to be used from a role dependency in role/meta/main.yml
or
in a playbook.
users__dependent_accounts: []
-
users__combined_accounts
¶
This variable combines other group and account variables together and is used in the role tasks and templates.
users__combined_accounts: '{{ users__groups
+ users__group_groups
+ users__host_groups
+ users__dependent_groups
+ users__default_accounts
+ users__accounts
+ users__group_accounts
+ users__host_accounts
+ users__dependent_accounts }}'