my_user Role

A generic Ansible role to create a single user with SSH access, optional keypair generation, dotfiles installation, and optional passwordless sudo.

Features

• Creates user and primary group

• Adds user to extra groups

• Sets home perms and .hushlogin

• SSH setup:

  • Edge devices: only import provided public key
  • Non-edge: generate keypair if missing
  • Import key from string or GitHub username

• Clone and install dotfiles (repo + install command)

• Optional passwordless sudo

Variables

• my_user_username: username (default yannick)
• my_user_groups: list of extra groups
• my_user_password: optional password (sha512 hashed on create)
• edge_device: true = import public key only, false = generate keypair if missing
• my_user_ssh_public_key: explicit public key
• my_user_github_username: fetch .keys from GitHub
• dotfiles_repo: repo URL
• dotfiles_install_cmd: command to run inside repo
• my_user_passwordless_sudo: if true, grant NOPASSWD sudo

Examples

Non-edge device:

- hosts: servers
  vars:
    my_user_username: yannick
    my_user_groups: ['docker']
    edge_device: false
    my_user_github_username: yourname
    dotfiles_repo: "https://github.com/yourname/dotfiles.git"
    dotfiles_install_cmd: "./install.sh"
  roles:
    - my_user

Edge device:

- hosts: edge
  vars:
    my_user_username: yannick
    edge_device: true
    my_user_ssh_public_key: "ssh-ed25519 AAAAC..."
  roles:
    - my_user

Notes

• Requires community.crypto collection for keypair generation.
• Idempotent: won’t overwrite existing passwords or keys.
• Use HTTPS tokens for private dotfiles repos on edge devices.

License

MIT