1 files changed, 62 insertions, 0 deletions
diff --git a/roles/unix_users/subplot.md b/roles/unix_users/subplot.md
new file mode 100644
index 0000000..c7929e9
--- /dev/null
+++ b/roles/unix_users/subplot.md
@@ -0,0 +1,62 @@
+# Role `unix_users` &ndash; manage Unix users
+
+This role creates or updates Unix users.
+
+## Configuration
+
+This role makes use of the following variables:
+
+* `unix_users_version` &ndash; MANDATORY: The playbook should set this
+  to the version of the role it expects to use.
+
+* `unix_users` &ndash; OPTIONAL: A list of Unix accounts to create.
+  Defaults to the empty list. Each item in the list is a dict with the
+  following keys:
+
+  * `username` &ndash; MANDATORY: the username of the account
+  * `comment` &ndash; OPTIONAL: the real name (or GECOS field) of the
+    new account
+  * `shell` &ndash; OPTIONAL: the login shell
+  * `system` &ndash; OPTIONAL: boolean, is this a system user?
+  * `sudo` &ndash; OPTIONAL: boolean, should the account have password-less sudo?
+  * `ssh_key` &ndash; OPTIONAL: text of key to install as `~/.ssh/id_rsa`
+  * `ssh_key_pub` &ndash; OPTIONAL: text of key to install as `~/.ssh/id_rsa.pub`
+  * `authorized_keys` &ndash; OPTIONAL: text of contents of
+    `~/.ssh/authorized_keys`
+  * `password` &ndash; OPTIONAL: encrypted password
+  * `groups` &ndash; OPTIONAL: list of additional groups to which user
+    should be added
+  
+Create the encrypted password with something like:
+
+~~~yaml
+password: "{{ lookup('pipe', 'pass show foo | mkpasswd --method=sha-512 --stdin') }}"
+~~~
+
+## Create normal user with unix_users
+
+~~~scenario
+given a host running Debian
+then the host has no user foo
+when I use role unix_users
+and I use variables from foo.yml
+and I run the playbook
+then the host has user foo
+and the user foo on host has encrypted password foopass
+and the user foo on host has shell /bin/true
+and the user foo on host has authorized_keys containing "ssh-rsa"
+and the user foo on host is in group operator
+~~~
+
+~~~{#foo.yml .file .yaml}
+unix_users_version: 2
+
+unix_users:
+- username: foo
+  comment: Foo Bar
+  shell: /bin/true
+  password: foopass
+  authorized_keys: |
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVaQfxzzwpwk763IcPBs308TpYYp6+NTOMvYaj3j3ewz8feYQg3lOlKo/5xaPug2ZywG6v6tpn/p0drovT5YAIPJitP7yJAfEzJe/gO7c9uwx0uIpe6cc8bwRG0XFdUVK0EneB6LpIec+3juj4zitGBm0ffIoLDhJ7J0daTzQN62rZaw/2SjSvgbfnu3a2BYRPz1NGiXdvOCbytVSLlUAR6SxNPrFdh/BJnS4umyDaBL/1j2yaw/WlkfZPn5Ni3USZLRcbHnBUUbo64iwBwJabhdpeh0xLGTqDkaeudUgZjlrRHFyCbwJTPtDzJsPLb5HKGGzdXPHP7Lk6PM2CIOz liw@exolobe1
+  groups: [operator]
+~~~