diff --git a/group_vars/all.yml b/group_vars/all.yml
index 3ceed45..29b87fe 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,3 +1,10 @@
+managed_users:
+- name: dustin
+  comment: Dustin C. Hatch
+  uid: 3000016
+  groups:
+  - wheel
+
 sshca_url: https://sshca.pyrocufflink.blue
 ssh_trusted_user_ca_keys: >-
   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyi18IfxAf9wLnyffnMrThYpqxVwu0rsuiLoqW6rcwF sshca.pyrocufflink.blue
diff --git a/users.yml b/users.yml
new file mode 100644
index 0000000..61301c9
--- /dev/null
+++ b/users.yml
@@ -0,0 +1,15 @@
+- hosts: all
+  tasks:
+  - name: ensure users exist
+    user:
+      name: '{{ item.name }}'
+      comment: '{{ item.comment | d(omit) }}'
+      uid: '{{ item.uid | d(omit) }}'
+      groups: '{{ item.groups | d(omit) }}'
+      create_home: true
+      local: true
+      password: '*'
+      state: present
+    loop: '{{ managed_users | d([]) }}'
+    tags:
+    - user