# SPDX-FileCopyrightText: no
# SPDX-License-Identifier: CC0-1.0
#
# Configuration for the one-user-system user module.
#
# Besides these settings, the users module also places the following
# keys into the Global Storage area, based on user input in the view step.
#
# - hostname
# - username
# - password (obscured)
# - autologinUser (if enabled, set to username)
#
# These Global Storage keys are set when the configuration for this module
# is read and when they are modified in the UI.
---
# Used as default groups for the created user.
# Adjust to your Distribution defaults.
#
# Each entry in the *defaultGroups* list is either:
# - a string, naming a group; this is a **non**-system group
# which does not need to exist in the target system; if it
# does not exist, it will be created.
# - an entry with subkeys *name*, *must_exist* and *system*;
# if the group *must_exist* and does not, an error is thrown
# and the installation fails.
#
# The group is created if it does not exist, and it is
# created as a system group (GID < 1000) or user group
# (GID >= 1000) depending on the value of *system*.
defaultGroups:
- name: users
must_exist: true
system: true
- lp
- video
- network
- storage
- name: wheel
must_exist: false
system: true
- audio
- plugdev
# Some Distributions require a 'autologin' group for the user.
# Autologin causes a user to become automatically logged in to
# the desktop environment on boot.
# Disable when your Distribution does not require such a group.
#autologinGroup: autologin
# You can control the initial state for the 'autologin checkbox' here.
# Possible values are:
# - true to check or
# - false to uncheck
# These set the **initial** state of the checkbox.
# doAutologin: true
# When *sudoersGroup* is set to a non-empty string, Calamares creates a
# sudoers file for the user. This file is located at:
# `/etc/sudoers.d/10-installer`
# Remember to add the (value of) *sudoersGroup* to *defaultGroups*.
#
# If your Distribution already sets up a group of sudoers in its packaging,
# remove this setting (delete or comment out the line below). Otherwise,
# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
# potentially confusing users.
sudoersGroup: wheel
# If set to `false` (the default), writes a sudoers file with `(ALL)`
# so that the command can be run as any user. If set to `true`, writes
# `(ALL:ALL)` so that any user and any group can be chosen.
sudoersConfigureWithGroup: true
# Setting this to false, causes the root account to be disabled.
# When disabled, hides the "Use the same password for administrator"
# checkbox. Also hides the "Choose a password" and associated text-inputs.
setRootPassword: true
# You can control the initial state for the 'reuse password for root'
# checkbox here. Possible values are:
# - true to check or
# - false to uncheck
#
# When checked, the user password is used for the root account too.
#
# NOTE: *doReusePassword* requires *setRootPassword* to be enabled.
doReusePassword: true
# These are optional password-requirements that a distro can enforce
# on the user. The values given in this sample file set only very weak
# validation settings.
#
# - nonempty rejects empty passwords
# - there are no length validations
# - libpwquality (if it is enabled at all) has no length of class
# restrictions, although it will still reject palindromes and
# dictionary words with these settings.
#
# Checks may be listed multiple times; each is checked separately,
# and no effort is done to ensure that the checks are consistent
# (e.g. specifying a maximum length less than the minimum length
# will annoy users).
#
# The libpwquality check relies on the (optional) libpwquality library.
# Its value is a list of configuration statements that could also
# be found in pwquality.conf, and these are handed off to the
# libpwquality parser for evaluation. The check is ignored if
# libpwquality is not available at build time (generates a warning in
# the log). The Calamares password check rejects passwords with a
# score of < 40 with the given libpwquality settings.
#
# (additional checks may be implemented in CheckPWQuality.cpp and
# wired into UsersPage.cpp)
#
# - To disable specific password validations:
# comment out the relevant 'passwordRequirements' keys below.
# - To disable all password validations:
# set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
# (That will show the box *Allow weak passwords* in the user-
# interface, and check it by default).
#passwordRequirements:
# nonempty: true
# minLength: -1 # Password at least this many characters
# maxLength: -1 # Password at most this many characters
# libpwquality:
# - minlen=0
# - minclass=0
# You can control the visibility of the 'strong passwords' checkbox here.
# Possible values are:
# - true to show or
# - false to hide (default)
# the checkbox. This checkbox allows the user to choose to disable
# password-strength-checks. By default the box is **hidden**, so
# that you have to pick a password that satisfies the checks.
allowWeakPasswords: false
# You can control the initial state for the 'strong passwords' checkbox here.
# Possible values are:
# - true to uncheck or
# - false to check (default)
# the checkbox by default. Since the box is labeled to enforce strong
# passwords, in order to **allow** weak ones by default, the box needs
# to be unchecked.
allowWeakPasswordsDefault: true
# User settings
#
# The user can enter a username, but there are some other
# hidden settings for the user which are configurable in Calamares.
#
# Key *user* has the following sub-keys:
#
# - *shell* Shell to be used for the regular user of the target system.
# There are three possible kinds of settings:
# - unset (i.e. commented out, the default), act as if set to /bin/bash
# - empty (explicit), don't pass shell information to useradd at all
# and rely on a correct configuration file in /etc/default/useradd
# - set, non-empty, use that path as shell. No validation is done
# that the shell actually exists or is executable.
# - *forbidden_names* Login names that may not be used. This list always
# contains "root" and "nobody", but may be extended to list other special
# names for a given distro (eg. "video", or "mysql" might not be a valid
# end-user login name).
user:
shell: /bin/bash
forbidden_names: [ root ]
# Hostname settings
#
# The user can enter a hostname; this is configured into the system
# in some way. There are settings for how a hostname is guessed (as
# a default / suggestion) and where (or how) the hostname is set in
# the target system.
#
# Key *hostname* has the following sub-keys:
#
# - *location* How the hostname is set in the target system:
# - *None*, to not set the hostname at all
# - *EtcFile*, to write to `/etc/hostname` directly
# - *Etc*, identical to above
# - *Hostnamed*, to use systemd hostnamed(1) over DBus
# - *Transient*, to remove `/etc/hostname` from the target
# The default is *EtcFile*. Setting this to *None* or *Transient* will
# hide the hostname field.
# - *writeHostsFile* Should /etc/hosts be written with a hostname for
# this machine (also adds localhost and some ipv6 standard entries).
# Defaults to *true*.
# - *template* Is a simple template for making a suggestion for the
# hostname, based on user data. The default is "${first}-${product}".
# This is used only if the hostname field is shown. KMacroExpander is
# used; write `${key}` where `key` is one of the following:
# - *first* User's first name (whatever is first in the User Name field,
# which is first-in-order but not necessarily a "first name" as in
# "given name" or "name by which you call someone"; beware of western bias)
# - *name* All the text in the User Name field.
# - *login* The login name (which may be suggested based on User Name)
# - *product* The hardware product, based on DMI data
# - *product2* The product as described by Qt
# - *cpu* CPU name
# - *host* Current hostname (which may be a transient hostname)
# Literal text in the template is preserved. Calamares tries to map
# `${key}` values to something that will fit in a hostname, but does not
# apply the same to literal text in the template. Do not use invalid
# characters in the literal text, or no suggeston will be done.
# - *forbidden_names* lists hostnames that may not be used. This list
# always contains "localhost", but may list others that are unsuitable
# or broken in special ways.
hostname:
location: EtcFile
writeHostsFile: true
#template: "alci-${cpu}"
forbidden_names: [ localhost ]
presets:
fullName:
# value: "OEM User"
editable: true
loginName:
# value: "oem"
editable: true