# The user of the role MUST define the version they want to use. If
# it's not what the version of unix_users being used actually
# provides, the role will fail.
unix_users_version: null


# List of system users to create. Value a list of dicts with keys:
#
#       username -- the username of the new user
#       comment -- the GECOS/realname of the new user
#       shell -- the shell to use (defaults to /bin/bash)
#       system -- yes/no, is user a system user (default no)
#       sudo -- yes/no, should user have sudo access? (without password)
#       ssh_key -- install this as ~/.ssh/id_rsa
#       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
#       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
#       authorized_keys -- install this as ~/.ssh/authorized_keys
#       password -- encrypted password
#
# Create the encrypted password with something like:
#    password: "{{ lookup('pipe', 'pass show foo | mkpasswd --method=sha-512 --stdin') }}"
#

unix_users: []


# Specify directory where per-user authorized_keys files are stored.
# Each user has their own file in the directory, named after their
# username. You MUST specify this variable. You may put more than one
# key in each user's file.
#
# You MUST create a file for each user in unix_users. An empty file
# will do.
#
# THIS IS NOW DEPRECATED. DO NOT USE. If you leave this empty, the old,
# deprecated way of installing authorized_keys files is skipped. If you
# still use that, then set it in your own vars. But switch to the new
# way asap: set authorized_keys field for the user, see above.

authkeys_dir: