A simple Ansible role for creating a user with a given password and some essential settings
Go to file
Max Mehl 16a4f97564
run hash generation in check mode
2023-10-25 11:34:39 +02:00
LICENSES improve role, especially wrt. passwords 2023-07-14 19:48:55 +02:00
defaults set 0700 home directory permissions by default 2023-07-16 12:34:27 +02:00
tasks run hash generation in check mode 2023-10-25 11:34:39 +02:00
README.md add REUSE badge 2023-07-17 17:27:14 +02:00


Ansible role for creating user accounts

REUSE status

This Ansible role allows for easy and painless adding of users on Linux/Unix/POSIX systems. No rocket science involved.

Why not ansible.builtin.user?

  • If you want to provide a password, it has to be hashed. This role takes care of it.
  • If you just want to add a user to an additional group (e.g. docker or audio), you must not forget to set append: true. This role makes it by default.
  • Sets some useful defaults, e.g. generating an ed25519 SSH key
  • Setting an empty instead of a disabled password requires an extra parameter allow_no_password: true


  • python3 with the crypt module (part of standard library)


Check out defaults/main.yml for all possible configuration options and their defaults.


Create a user

- name: Create new user for service
    name: users
    username: srvuser

A user without a password will have it set to *, so disabled. Useful for users who you will log into via sudo or SSH.

Create multiple users

In your playbook:

- name: Set up machines
  remote_user: root
    - name: Setup users
        name: users
      loop: "{{ users }}"
        username: "{{ item.user }}"
        password: "{{ item.pass | default('*') }}"
        # feel free to add other variables here as well

and in your host_vars file:

  - user: srvuser
    pass: safepassword
  # password will be disabled
  - user: controller


Apache-2.0, Copyright Max Mehl