# SPDX-FileCopyrightText: no # SPDX-License-Identifier: CC0-1.0 # # Configuration for the one-user-system user module. # # Besides these settings, the users module also places the following # keys into the Global Storage area, based on user input in the view step. # # - hostname # - username # - password (obscured) # - autologinUser (if enabled, set to username) # # These Global Storage keys are set when the configuration for this module # is read and when they are modified in the UI. --- # Used as default groups for the created user. # Adjust to your Distribution defaults. # # Each entry in the *defaultGroups* list is either: # - a string, naming a group; this is a **non**-system group # which does not need to exist in the target system; if it # does not exist, it will be created. # - an entry with subkeys *name*, *must_exist* and *system*; # if the group *must_exist* and does not, an error is thrown # and the installation fails. # # The group is created if it does not exist, and it is # created as a system group (GID < 1000) or user group # (GID >= 1000) depending on the value of *system*. defaultGroups: - name: users must_exist: true system: true - lp - video - network - storage - name: wheel must_exist: false system: true - audio # Some Distributions require a 'autologin' group for the user. # Autologin causes a user to become automatically logged in to # the desktop environment on boot. # Disable when your Distribution does not require such a group. autologinGroup: autologin # You can control the initial state for the 'autologin checkbox' here. # Possible values are: # - true to check or # - false to uncheck # These set the **initial** state of the checkbox. doAutologin: true # When *sudoersGroup* is set to a non-empty string, Calamares creates a # sudoers file for the user. This file is located at: # `/etc/sudoers.d/10-installer` # Remember to add the (value of) *sudoersGroup* to *defaultGroups*. # # If your Distribution already sets up a group of sudoers in its packaging, # remove this setting (delete or comment out the line below). Otherwise, # the setting will be duplicated in the `/etc/sudoers.d/10-installer` file, # potentially confusing users. sudoersGroup: wheel # Setting this to false, causes the root account to be disabled. # When disabled, hides the "Use the same password for administrator" # checkbox. Also hides the "Choose a password" and associated text-inputs. setRootPassword: true # You can control the initial state for the 'reuse password for root' # checkbox here. Possible values are: # - true to check or # - false to uncheck # # When checked, the user password is used for the root account too. # # NOTE: *doReusePassword* requires *setRootPassword* to be enabled. doReusePassword: true # These are optional password-requirements that a distro can enforce # on the user. The values given in this sample file set only very weak # validation settings. # # - nonempty rejects empty passwords # - there are no length validations # - libpwquality (if it is enabled at all) has no length of class # restrictions, although it will still reject palindromes and # dictionary words with these settings. # # Checks may be listed multiple times; each is checked separately, # and no effort is done to ensure that the checks are consistent # (e.g. specifying a maximum length less than the minimum length # will annoy users). # # The libpwquality check relies on the (optional) libpwquality library. # Its value is a list of configuration statements that could also # be found in pwquality.conf, and these are handed off to the # libpwquality parser for evaluation. The check is ignored if # libpwquality is not available at build time (generates a warning in # the log). The Calamares password check rejects passwords with a # score of < 40 with the given libpwquality settings. # # (additional checks may be implemented in CheckPWQuality.cpp and # wired into UsersPage.cpp) # # - To disable specific password validations: # comment out the relevant 'passwordRequirements' keys below. # - To disable all password validations: # set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true. # (That will show the box *Allow weak passwords* in the user- # interface, and check it by default). passwordRequirements: nonempty: true minLength: -1 # Password at least this many characters maxLength: -1 # Password at most this many characters libpwquality: - minlen=0 - minclass=0 # You can control the visibility of the 'strong passwords' checkbox here. # Possible values are: # - true to show or # - false to hide (default) # the checkbox. This checkbox allows the user to choose to disable # password-strength-checks. By default the box is **hidden**, so # that you have to pick a password that satisfies the checks. allowWeakPasswords: false # You can control the initial state for the 'strong passwords' checkbox here. # Possible values are: # - true to uncheck or # - false to check (default) # the checkbox by default. Since the box is labeled to enforce strong # passwords, in order to **allow** weak ones by default, the box needs # to be unchecked. allowWeakPasswordsDefault: false # Shell to be used for the regular user of the target system. # There are three possible kinds of settings: # - unset (i.e. commented out, the default), act as if set to /bin/bash # - empty (explicit), don't pass shell information to useradd at all # and rely on a correct configuration file in /etc/default/useradd # - set, non-empty, use that path as shell. No validation is done # that the shell actually exists or is executable. userShell: /bin/bash # Hostname setting # # The user can enter a hostname; this is configured into the system # in some way; pick one of: # - *None*, to not set the hostname at all # - *EtcFile*, to write to `/etc/hostname` directly # - *Hostnamed*, to use systemd hostnamed(1) over DBus # The default is *EtcFile*. setHostname: EtcFile # Should /etc/hosts be written with a hostname for this machine # (also adds localhost and some ipv6 standard entries). # Defaults to *true*. writeHostsFile: true presets: fullName: # value: "OEM User" editable: true loginName: # value: "oem" editable: true