Try SpotterManage user accounts with systemd-homed
| "added in version" 4.4.0 of community.general"
Authors: James Livulpi (@jameslivulpi)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Manages a user's home directory managed by systemd-homed.
- name: Add the user 'james'
community.general.homectl:
name: johnd
password: myreallysecurepassword1!
state: present
- name: Add the user 'alice' with a zsh shell, uid of 1000, and gid of 2000
community.general.homectl:
name: alice
password: myreallysecurepassword1!
state: present
shell: /bin/zsh
uid: 1000
gid: 1000
- name: Modify an existing user 'frank' to have 10G of diskspace and resize usage now
community.general.homectl:
name: frank
password: myreallysecurepassword1!
state: present
disksize: 10G
resize: true
- name: Remove an existing user 'janet'
community.general.homectl:
name: janet
state: absent
gid:
description:
- Sets the gid of the user.
- If using O(uid) homed requires the value to be the same.
- Only used when a user is first created.
type: int
uid:
description:
- Sets the UID of the user.
- If using O(gid) homed requires the value to be the same.
- Only used when a user is first created.
type: int
name:
aliases:
- user
- username
description:
- The user name to create, remove, or update.
required: true
type: str
email:
description:
- The email address of the user.
type: str
realm:
description:
- The 'realm' a user is defined in.
type: str
shell:
description:
- Shell binary to use for terminal logins of given user.
- If not specified homed by default uses V(/bin/bash).
type: str
state:
choices:
- absent
- present
default: present
description:
- The operation to take on the user.
type: str
umask:
description:
- Sets the umask for the user's login sessions
- Value from V(0000) to V(0777).
type: int
locked:
description:
- Whether the user account should be locked or not.
type: bool
resize:
default: false
description:
- When used with O(disksize) this will attempt to resize the home directory immediately.
type: bool
homedir:
description:
- Path to use as home directory for the user.
- This is the directory the user's home directory is mounted to while the user is
logged in.
- This is not where the user's data is actually stored, see O(imagepath) for that.
- Only used when a user is first created.
type: path
sshkeys:
description:
- String separated by comma each listing a SSH public key that is authorized to access
the account.
- The keys should follow the same format as the lines in a traditional C(~/.ssh/authorized_key)
file.
type: str
storage:
choices:
- classic
- luks
- directory
- subvolume
- fscrypt
- cifs
description:
- Indicates the storage mechanism for the user's home directory.
- If the storage type is not specified, ``homed.conf(5)`` defines which default storage
to use.
- Only used when a user is first created.
type: str
disksize:
description:
- The intended home directory disk space.
- Human readable value such as V(10G), V(10M), or V(10B).
type: str
iconname:
description:
- The name of an icon picked by the user, for example for the purpose of an avatar.
- Should follow the semantics defined in the Icon Naming Specification.
- See U(https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html)
for specifics.
type: str
language:
description:
- The preferred language/locale for the user.
- This should be in a format compatible with the E(LANG) environment variable.
type: str
location:
description:
- A free-form location string describing the location of the user.
type: str
memberof:
aliases:
- groups
description:
- String separated by comma each indicating a UNIX group this user shall be a member
of.
- Groups the user should be a member of should be supplied as comma separated list.
type: str
notafter:
description:
- A time since the UNIX epoch after which the record should be considered invalid
for the purpose of logging in.
type: int
password:
description:
- Set the user's password to this.
- Homed requires this value to be in cleartext on user creation and updating a user.
- The module takes the password and generates a password hash in SHA-512 with 10000
rounds of salt generation using crypt.
- See U(https://systemd.io/USER_RECORD/).
- This is required for O(state=present). When an existing user is updated this is
checked against the stored hash in homed.
type: str
realname:
aliases:
- comment
description:
- The user's real ('human') name.
- This can also be used to add a comment to maintain compatibility with C(useradd).
type: str
skeleton:
aliases:
- skel
description:
- The absolute path to the skeleton directory to populate a new home directory from.
- This is only used when a home directory is first created.
- If not specified homed by default uses V(/etc/skel).
type: path
timezone:
description:
- Preferred timezone to use for the user.
- Should be a tzdata compatible location string such as V(America/New_York).
type: str
imagepath:
description:
- Path to place the user's home directory.
- See U(https://www.freedesktop.org/software/systemd/man/homectl.html#--image-path=PATH)
for more information.
- Only used when a user is first created.
type: path
mountopts:
description:
- String separated by comma each indicating mount options for a users home directory.
- Valid options are V(nosuid), V(nodev) or V(noexec).
- Homed by default uses V(nodev) and V(nosuid) while V(noexec) is off.
type: str
notbefore:
description:
- A time since the UNIX epoch before which the record should be considered invalid
for the purpose of logging in.
type: int
environment:
aliases:
- setenv
description:
- String separated by comma each containing an environment variable and its value
to set for the user's login session, in a format compatible with ``putenv()``.
- Any environment variable listed here is automatically set by pam_systemd for all
login sessions of the user.
type: str
passwordhint:
description:
- Password hint for the given user.
type: str
data:
description: A json dictionary returned from C(homectl inspect -j).
returned: success
sample:
data:
binding:
e9ed2a5b0033427286b228e97c1e8343:
fileSystemType: btrfs
fileSystemUuid: 7bd59491-2812-4642-a492-220c3f0c6c0b
gid: 60268
imagePath: /home/james.home
luksCipher: aes
luksCipherMode: xts-plain64
luksUuid: 7f05825a-2c38-47b4-90e1-f21540a35a81
luksVolumeKeySize: 32
partitionUuid: 5a906126-d3c8-4234-b230-8f6e9b427b2f
storage: luks
uid: 60268
diskSize: 3221225472
disposition: regular
lastChangeUSec: 1641941238208691
lastPasswordChangeUSec: 1641941238208691
privileged:
hashedPassword:
- $6$ov9AKni.trf76inT$tTtfSyHgbPTdUsG0CvSSQZXGqFGdHKQ9Pb6e0BTZhDmlgrL/vA5BxrXduBi8u/PCBiYUffGLIkGhApjKMK3bV.
signature:
- data: o6zVFbymcmk4YTVaY6KPQK23YCp+VkXdGEeniZeV1pzIbFzoaZBvVLPkNKMoPAQbodY5BYfBtuy41prNL78qAg==
key: '-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAbs7ELeiEYBxkUQhxZ+5NGyu6J7gTtZtZ5vmIw3jowcY=
-----END PUBLIC KEY----- '
status:
e9ed2a5b0033427286b228e97c1e8343:
diskCeiling: 21845405696
diskFloor: 268435456
diskSize: 3221225472
service: io.systemd.Home
signedLocally: true
state: inactive
userName: james
type: dict