# Role `unix_users` &ndash; manage Unix users

This role creates or updates Unix users.

## Configuration

This role makes use of the following variables:

* `unix_users_version` &ndash; MANDATORY: The playbook should set this
  to the version of the role it expects to use.

* `unix_users` &ndash; OPTIONAL: A list of Unix accounts to create.
  Defaults to the empty list. Each item in the list is a dict with the
  following keys:

  * `username` &ndash; MANDATORY: the username of the account
  * `comment` &ndash; OPTIONAL: the real name (or GECOS field) of the
    new account
  * `shell` &ndash; OPTIONAL: the login shell
  * `system` &ndash; OPTIONAL: boolean, is this a system user?
  * `sudo` &ndash; OPTIONAL: boolean, should the account have password-less sudo?
  * `ssh_key` &ndash; OPTIONAL: text of key to install as `~/.ssh/id_rsa`
  * `ssh_key_pub` &ndash; OPTIONAL: text of key to install as `~/.ssh/id_rsa.pub`
  * `authorized_keys` &ndash; OPTIONAL: text of contents of
    `~/.ssh/authorized_keys`
  * `password` &ndash; OPTIONAL: encrypted password
  * `groups` &ndash; OPTIONAL: list of additional groups to which user
    should be added
  
Create the encrypted password with something like:

~~~yaml
password: "{{ lookup('pipe', 'pass show foo | mkpasswd --method=sha-512 --stdin') }}"
~~~

## Create normal user with unix_users

~~~scenario
given a host running Debian
then the host has no user foo
when I use role unix_users
and I use variables from foo.yml
and I run the playbook
then the host has user foo
and the user foo on host has encrypted password foopass
and the user foo on host has shell /bin/true
and the user foo on host has authorized_keys containing "ssh-rsa"
and the user foo on host is in group operator
~~~

~~~{#foo.yml .file .yaml}
unix_users_version: 2

unix_users:
- username: foo
  comment: Foo Bar
  shell: /bin/true
  password: foopass
  authorized_keys: |
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVaQfxzzwpwk763IcPBs308TpYYp6+NTOMvYaj3j3ewz8feYQg3lOlKo/5xaPug2ZywG6v6tpn/p0drovT5YAIPJitP7yJAfEzJe/gO7c9uwx0uIpe6cc8bwRG0XFdUVK0EneB6LpIec+3juj4zitGBm0ffIoLDhJ7J0daTzQN62rZaw/2SjSvgbfnu3a2BYRPz1NGiXdvOCbytVSLlUAR6SxNPrFdh/BJnS4umyDaBL/1j2yaw/WlkfZPn5Ni3USZLRcbHnBUUbo64iwBwJabhdpeh0xLGTqDkaeudUgZjlrRHFyCbwJTPtDzJsPLb5HKGGzdXPHP7Lk6PM2CIOz liw@exolobe1
  groups: [operator]
~~~