init

README.md

@@ -0,0 +1,13 @@
+accounts role
+
+This role:
+- creates groups from the `accounts_groups` list
+- creates/removes users from the `accounts_users` list
+- optionally creates any users declared in `accounts_groups[].members` when `create_missing_users: true`
+
+Vars (examples):
+- `accounts_groups` (list)
+- `accounts_users` (list)
+- `create_missing_users` (bool, default: false)
+
+Usage: include the `accounts` role in a play or run `playbooks/accounts.yml`.

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+create_missing_users: false
+# default_user_home_mode: '0755'

meta/main.yml

@@ -0,0 +1,13 @@
+---
+galaxy_info:
+  author: "maintainer"
+  description: "Create groups and users based on `accounts_groups` and `accounts_users` variables"
+  license: MIT
+  min_ansible_version: 2.9
+  platforms:
+    - name: Debian
+      versions:
+        - buster
+        - bullseye
+        - trixie
+dependencies: []

tasks/main.yml

@@ -0,0 +1,50 @@
+---
+- name: Create or remove groups
+  ansible.builtin.group:
+    name: "{{ item.name }}"
+    gid: "{{ item.gid | default(omit) }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ accounts_groups | default([]) }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Ensure users (create or remove)
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    uid: "{{ item.uid | default(omit) }}"
+    group: "{{ item.group | default(omit) }}"
+    groups: "{{ item.groups | join(',') if (item.groups is defined and item.groups | length > 0) else omit }}"
+    append: yes
+    home: "{{ item.home | default(omit) }}"
+    shell: "{{ item.shell | default(omit) }}"
+    create_home: "{{ item.create_home | default(false) }}"
+    system: "{{ item.system | default(false) }}"
+    remove: "{{ item.remove_home | default(false) }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ accounts_users | default([]) }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Create missing users declared as group members (optional)
+  ansible.builtin.user:
+    name: "{{ item.1 }}"
+    state: present
+  when: create_missing_users | default(false) and item.0.state | default('present') == 'present'
+  with_subelements:
+    - "{{ accounts_groups | default([]) }}"
+    - members
+  loop_control:
+    label: "{{ item.0.name }}:{{ item.1 }}"
+
+- name: Ensure declared group members exist in their groups (only for present groups)
+  ansible.builtin.user:
+    name: "{{ item.1 }}"
+    groups: "{{ item.0.name }}"
+    append: yes
+    state: present
+  when: item.0.state | default('present') == 'present'
+  with_subelements:
+    - "{{ accounts_groups | default([]) }}"
+    - members
+  loop_control:
+    label: "{{ item.0.name }}:{{ item.1 }}"