diff --git a/calamares/modules/users.conf b/calamares/modules/users.conf index c391b0b..a196e57 100644 --- a/calamares/modules/users.conf +++ b/calamares/modules/users.conf @@ -1,14 +1,169 @@ +# SPDX-FileCopyrightText: no +# SPDX-License-Identifier: CC0-1.0 +# +# Configuration for the one-user-system user module. +# +# Besides these settings, the users module also places the following +# keys into the Global Storage area, based on user input in the view step. +# +# - hostname +# - username +# - password (obscured) +# - autologinUser (if enabled, set to username) +# +# These Global Storage keys are set when the configuration for this module +# is read and when they are modified in the UI. --- +# Used as default groups for the created user. +# Adjust to your Distribution defaults. +# +# Each entry in the *defaultGroups* list is either: +# - a string, naming a group; this is a **non**-system group +# which does not need to exist in the target system; if it +# does not exist, it will be created. +# - an entry with subkeys *name*, *must_exist* and *system*; +# if the group *must_exist* and does not, an error is thrown +# and the installation fails. +# +# The group is created if it does not exist, and it is +# created as a system group (GID < 1000) or user group +# (GID >= 1000) depending on the value of *system*. defaultGroups: + - name: users + must_exist: true + system: true - lp + - video - network - - power - - sys - - wheel + - storage + - name: wheel + must_exist: false + system: true + - audio + +# Some Distributions require a 'autologin' group for the user. +# Autologin causes a user to become automatically logged in to +# the desktop environment on boot. +# Disable when your Distribution does not require such a group. autologinGroup: autologin -doAutologin: false +# You can control the initial state for the 'autologin checkbox' here. +# Possible values are: +# - true to check or +# - false to uncheck +# These set the **initial** state of the checkbox. +doAutologin: true + +# When *sudoersGroup* is set to a non-empty string, Calamares creates a +# sudoers file for the user. This file is located at: +# `/etc/sudoers.d/10-installer` +# Remember to add the (value of) *sudoersGroup* to *defaultGroups*. +# +# If your Distribution already sets up a group of sudoers in its packaging, +# remove this setting (delete or comment out the line below). Otherwise, +# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file, +# potentially confusing users. sudoersGroup: wheel + +# Setting this to false, causes the root account to be disabled. +# When disabled, hides the "Use the same password for administrator" +# checkbox. Also hides the "Choose a password" and associated text-inputs. setRootPassword: true -doReusePassword: false -availableShells: /bin/bash, /bin/zsh -avatarFilePath: ~/.face + +# You can control the initial state for the 'reuse password for root' +# checkbox here. Possible values are: +# - true to check or +# - false to uncheck +# +# When checked, the user password is used for the root account too. +# +# NOTE: *doReusePassword* requires *setRootPassword* to be enabled. +doReusePassword: true + +# These are optional password-requirements that a distro can enforce +# on the user. The values given in this sample file set only very weak +# validation settings. +# +# - nonempty rejects empty passwords +# - there are no length validations +# - libpwquality (if it is enabled at all) has no length of class +# restrictions, although it will still reject palindromes and +# dictionary words with these settings. +# +# Checks may be listed multiple times; each is checked separately, +# and no effort is done to ensure that the checks are consistent +# (e.g. specifying a maximum length less than the minimum length +# will annoy users). +# +# The libpwquality check relies on the (optional) libpwquality library. +# Its value is a list of configuration statements that could also +# be found in pwquality.conf, and these are handed off to the +# libpwquality parser for evaluation. The check is ignored if +# libpwquality is not available at build time (generates a warning in +# the log). The Calamares password check rejects passwords with a +# score of < 40 with the given libpwquality settings. +# +# (additional checks may be implemented in CheckPWQuality.cpp and +# wired into UsersPage.cpp) +# +# - To disable specific password validations: +# comment out the relevant 'passwordRequirements' keys below. +# - To disable all password validations: +# set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true. +# (That will show the box *Allow weak passwords* in the user- +# interface, and check it by default). +passwordRequirements: + nonempty: true + minLength: -1 # Password at least this many characters + maxLength: -1 # Password at most this many characters + libpwquality: + - minlen=0 + - minclass=0 + +# You can control the visibility of the 'strong passwords' checkbox here. +# Possible values are: +# - true to show or +# - false to hide (default) +# the checkbox. This checkbox allows the user to choose to disable +# password-strength-checks. By default the box is **hidden**, so +# that you have to pick a password that satisfies the checks. +allowWeakPasswords: false +# You can control the initial state for the 'strong passwords' checkbox here. +# Possible values are: +# - true to uncheck or +# - false to check (default) +# the checkbox by default. Since the box is labeled to enforce strong +# passwords, in order to **allow** weak ones by default, the box needs +# to be unchecked. +allowWeakPasswordsDefault: false + +# Shell to be used for the regular user of the target system. +# There are three possible kinds of settings: +# - unset (i.e. commented out, the default), act as if set to /bin/bash +# - empty (explicit), don't pass shell information to useradd at all +# and rely on a correct configuration file in /etc/default/useradd +# - set, non-empty, use that path as shell. No validation is done +# that the shell actually exists or is executable. +userShell: /bin/bash + +# Hostname setting +# +# The user can enter a hostname; this is configured into the system +# in some way; pick one of: +# - *None*, to not set the hostname at all +# - *EtcFile*, to write to `/etc/hostname` directly +# - *Hostnamed*, to use systemd hostnamed(1) over DBus +# The default is *EtcFile*. +setHostname: EtcFile + +# Should /etc/hosts be written with a hostname for this machine +# (also adds localhost and some ipv6 standard entries). +# Defaults to *true*. +writeHostsFile: true + +presets: + fullName: + # value: "OEM User" + editable: true + loginName: + # value: "oem" + editable: true