diff --git a/roles/user/README.md b/roles/user/README.md
new file mode 100644
index 0000000..550fbb1
--- /dev/null
+++ b/roles/user/README.md
@@ -0,0 +1,16 @@
+# `finallycoffee.base.user` ansible role
+
+## Examples
+```yaml
+- hosts: all
+  roles:
+    - role: finallycoffee.base.user
+  vars:
+    users:
+      - name: root
+      - name: alice
+      - name: bob
+        state: present
+      - name: eve
+        state: absent
+```
diff --git a/roles/user/defaults/main.yml b/roles/user/defaults/main.yml
new file mode 100644
index 0000000..a4ae6ba
--- /dev/null
+++ b/roles/user/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+users: []
diff --git a/roles/user/tasks/configure-user.yml b/roles/user/tasks/configure-user.yml
new file mode 100644
index 0000000..be10ce6
--- /dev/null
+++ b/roles/user/tasks/configure-user.yml
@@ -0,0 +1,32 @@
+---
+- name: Ensure user '{{ user.name }}' is {{ user.state }}
+  ansible.builtin.user:
+    name: "{{ user.name }}"
+    state: "{{ user.state }}"
+    system: "{{ user.system | default(false, true) }}"
+    home: "{{ user.home | default(omit, true) }}"
+    create_home: "{{ user.create_home | default(true, true) }}"
+    comment: "{{ user.comment | default(user.gecos | default(omit, true), true) }}"
+
+- name: Ensure SSH authorized keys for '{{ user.name }}' are {{ user.state }}
+  when:
+    - user.state == 'present'
+    - user.authorized_keys | default([]) | length > 0
+  block:
+    - name: Ensure .ssh directory for user '{{ user.name }}' exists
+      ansible.builtin.file:
+        path: "{{ user.home | default('/home/' + user.name) + '/.ssh' }}"
+        state: "directory"
+        owner: "{{ user.name }}"
+        group: "{{ user.name }}"
+        mode: "0700"
+    - name: Ensure key is up to date
+      ansible.posix.authorized_key:
+        user: "{{ user.name }}"
+        state: "{{ key.state | default('present', true) }}"
+        key: "{{ key.key }}"
+        comment: "{{ user.name }}-{{ key.comment }}"
+      loop: "{{ user.authorized_keys }}"
+      loop_control:
+        loop_var: key
+        label: "{{ user.name }}-{{ key.comment }}"
diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml
new file mode 100644
index 0000000..ee87120
--- /dev/null
+++ b/roles/user/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Ensure users are configured
+  ansible.builtin.include_tasks:
+    file: "configure-user.yml"
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"