⏳ @eshanized updated the repository!!!

2025-09-20 12:04:55 +02:00 · 2024-04-11 20:54:34 +05:30
parent 2eb1acf16d
commit a3a1a73f67
1 changed files with 250 additions and 6 deletions
--- a/calamares/modules/users.conf
+++ b/calamares/modules/users.conf
@@ -1,3 +1,39 @@
+# SPDX-FileCopyrightText: no
+# SPDX-License-Identifier: CC0-1.0
+#
+# Configuration for the one-user-system user module.
+#
+# Besides these settings, the users module also places the following
+# keys into the Global Storage area, based on user input in the view step.
+#
+# - hostname
+# - username
+# - password (obscured)
+# - autologinUser (if enabled, set to username)
+#
+# These Global Storage keys are set when the configuration for this module
+# is read and when they are modified in the UI.
+---
+### GROUPS CONFIGURATION
+#
+# The system has groups of uses. Some special groups must be
+# created during installation. Optionally, there are special
+# groups for users who can use sudo and for supporting autologin.
+
+# Used as default groups for the created user.
+# Adjust to your Distribution defaults.
+#
+# Each entry in the *defaultGroups* list is either:
+#   - a string, naming a group; this is a **non**-system group
+#     which does not need to exist in the target system; if it
+#     does not exist, it will be created.
+#   - an entry with subkeys *name*, *must_exist* and *system*;
+#     if the group *must_exist* and does not, an error is thrown
+#     and the installation fails.
+#
+#     The group is created if it does not exist, and it is
+#     created as a system group (GID < 1000) or user group
+#     (GID >= 1000) depending on the value of *system*.
 defaultGroups:
    - name: users
      must_exist: true
@@ -16,22 +52,230 @@ defaultGroups:
    - scanner
    - rfkill

-autologinGroup:  autologin
-
-doAutologin:     false
-
+# When *sudoersGroup* is set to a non-empty string, Calamares creates a
+# sudoers file for the user. This file is located at:
+#     `/etc/sudoers.d/10-installer`
+# Remember to add the (value of) *sudoersGroup* to *defaultGroups*.
+#
+# If your Distribution already sets up a group of sudoers in its packaging,
+# remove this setting (delete or comment out the line below). Otherwise,
+# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
+# potentially confusing users.
 sudoersGroup:    wheel

+# Some Distributions require a 'autologin' group for the user.
+# Autologin causes a user to become automatically logged in to
+# the desktop environment on boot.
+# Disable when your Distribution does not require such a group.
+autologinGroup:  autologin
+
+
+### ROOT AND SUDO
+#
+# Some distributions have a root user enabled for login. Others
+# rely entirely on sudo or similar mechanisms to raise privileges.
+
+# If set to `false` (the default), writes a sudoers file with `ALL=(ALL)`
+# so that commands can be run as any user. If set to `true`, writes
+# `ALL=(ALL:ALL)` so that any user and any group can be chosen.
 sudoersConfigureWithGroup: true

+# Setting this to false, causes the root account to be disabled.
+# When disabled, hides the "Use the same password for administrator"
+# checkbox. Also hides the "Choose a password" and associated text-inputs.
 setRootPassword: true

+# You can control the initial state for the 'reuse password for root'
+# checkbox here. Possible values are:
+#  - true to check or
+#  - false to uncheck
+#
+# When checked, the user password is used for the root account too.
+#
+# NOTE: *doReusePassword* requires *setRootPassword* to be enabled.
 doReusePassword: false

-userShell: /bin/bash

-avatarFilePath: ~/.face
+### PASSWORDS AND LOGIN
+#
+# Autologin is convenient for single-user systems, but depends on
+# the location of the machine if it is practical. "Password strength"
+# measures measures might improve security by enforcing hard-to-guess
+# passwords, or might encourage a post-it-under-the-keyboard approach.
+# Distributions are free to steer their users to one kind of password
+# or another. Weak(er) passwords may be allowed, may cause a warning,
+# or may be forbidden entirely.

+# You can control the initial state for the 'autologin checkbox' here.
+# Possible values are:
+#  - true to check or
+#  - false to uncheck
+# These set the **initial** state of the checkbox.
+doAutologin:     true
+
+# These are optional password-requirements that a distro can enforce
+# on the user. The values given in this sample file set only very weak
+# validation settings.
+#
+# Calamares itself supports two checks:
+#   - minLength
+#   - maxLength
+# In this sample file, the values are set to -1 which means "no
+# minimum", "no maximum". This allows any password at all.
+# No effort is done to ensure that the checks are consistent
+# (e.g. specifying a maximum length less than the minimum length
+# will annoy users).
+#
+# Calamares supports password checking through libpwquality.
+# The libpwquality check relies on the (optional) libpwquality library.
+# The value for libpwquality is a list of configuration statements like
+# those found in pwquality.conf. The statements are handed off to the
+# libpwquality parser for evaluation. The check is ignored if
+# libpwquality is not available at build time (generates a warning in
+# the log). The Calamares password check rejects passwords with a
+# score of < 40 with the given libpwquality settings.
+#
+# (additional checks may be implemented in CheckPWQuality.cpp and
+# wired into UsersPage.cpp)
+#
+# To disable all password validations:
+#  - comment out the relevant 'passwordRequirements' keys below,
+#    or set minLength and maxLength to -1.
+#  - disable libpwquality at build-time.
+# To allow all passwords, but provide warnings:
+#  - set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
+#    (That will show the box *Allow weak passwords* in the user-
+#    interface, and check it by default).
+#  - configure password-checking however you wish.
+# To require specific password characteristics:
+#  - set 'allowWeakPasswords' to false (the default)
+#  - configure password-checking, e.g. with NIST settings
+
+
+# These are very weak -- actually, none at all -- requirements
+passwordRequirements:
+    minLength: -1  # Password at least this many characters
+    maxLength: -1  # Password at most this many characters
+    libpwquality:
+        - minlen=0
+        - minclass=0
+
+# These are "you must have a password, any password" -- requirements
+#
+# passwordRequirements:
+#     minLength: 1
+
+# These are requirements the try to follow the suggestions from
+#     https://pages.nist.gov/800-63-3/sp800-63b.html , "Digital Identity Guidelines".
+# Note that requiring long and complex passwords has its own cost,
+# because the user has to come up with one at install time.
+# Setting 'allowWeakPasswords' to false and 'doAutologin' to false
+# will require a strong password and prevent (graphical) login
+# without the password. It is likely to be annoying for casual users.
+#
+# passwordRequirements:
+#     minLength: 8
+#     maxLength: 64
+#     libpwquality:
+#         - minlen=8
+#         - maxrepeat=3
+#         - maxsequence=3
+#         - usersubstr=4
+#         - badwords=linux
+
+# You can control the visibility of the 'strong passwords' checkbox here.
+# Possible values are:
+#  - true to show or
+#  - false to hide  (default)
+# the checkbox. This checkbox allows the user to choose to disable
+# password-strength-checks. By default the box is **hidden**, so
+# that you have to pick a password that satisfies the checks.
+allowWeakPasswords: false
+# You can control the initial state for the 'strong passwords' checkbox here.
+# Possible values are:
+#  - true to uncheck or
+#  - false to check (default)
+# the checkbox by default. Since the box is labeled to enforce strong
+# passwords, in order to **allow** weak ones by default, the box needs
+# to be unchecked.
+allowWeakPasswordsDefault: false
+
+
+# User settings
+#
+# The user can enter a username, but there are some other
+# hidden settings for the user which are configurable in Calamares.
+#
+# Key *user* has the following sub-keys:
+#
+# - *shell* Shell to be used for the regular user of the target system.
+#   There are three possible kinds of settings:
+#    - unset (i.e. commented out, the default), act as if set to /bin/bash
+#    - empty (explicit), don't pass shell information to useradd at all
+#      and rely on a correct configuration file in /etc/default/useradd
+#    - set, non-empty, use that path as shell. No validation is done
+#      that the shell actually exists or is executable.
+# - *forbidden_names* Login names that may not be used. This list always
+#   contains "root" and "nobody", but may be extended to list other special
+#   names for a given distro (eg. "video", or "mysql" might not be a valid
+#   end-user login name).
+user:
+  shell: /bin/bash
+  forbidden_names: [ root ]
+
+
+# Hostname settings
+#
+# The user can enter a hostname; this is configured into the system
+# in some way. There are settings for how a hostname is guessed (as
+# a default / suggestion) and where (or how) the hostname is set in
+# the target system.
+#
+# Key *hostname* has the following sub-keys:
+#
+# - *location* How the hostname is set in the target system:
+#   - *None*, to not set the hostname at all
+#   - *EtcFile*, to write to `/etc/hostname` directly
+#   - *Etc*, identical to above
+#   - *Hostnamed*, to use systemd hostnamed(1) over DBus
+#   - *Transient*, to remove `/etc/hostname` from the target
+#   The default is *EtcFile*. Setting this to *None* or *Transient* will
+#   hide the hostname field.
+# - *writeHostsFile* Should /etc/hosts be written with a hostname for
+#   this machine (also adds localhost and some ipv6 standard entries).
+#   Defaults to *true*.
+# - *template* Is a simple template for making a suggestion for the
+#   hostname, based on user data. The default is "${first}-${product}".
+#   This is used only if the hostname field is shown. KMacroExpander is
+#   used; write `${key}` where `key` is one of the following:
+#   - *first* User's first name (whatever is first in the User Name field,
+#     which is first-in-order but not necessarily a "first name" as in
+#     "given name" or "name by which you call someone"; beware of western bias)
+#   - *name* All the text in the User Name field.
+#   - *login* The login name (which may be suggested based on User Name)
+#   - *product* The hardware product, based on DMI data
+#   - *product2* The product as described by Qt
+#   - *cpu* CPU name
+#   - *host* Current hostname (which may be a transient hostname)
+#   Literal text in the template is preserved. Calamares tries to map
+#   `${key}` values to something that will fit in a hostname, but does not
+#   apply the same to literal text in the template. Do not use invalid
+#   characters in the literal text, or no suggeston will be done.
+# - *forbidden_names* lists hostnames that may not be used. This list
+#   always contains "localhost", but may list others that are unsuitable
+#   or broken in special ways.
 hostname:
  location: EtcFile
  writeHostsFile: true
+  template: "snigdhaos-${cpu}"
+  forbidden_names: [ localhost ]
+
+presets:
+    fullName:
+        # value: "OEM User"
+        editable: true
+    loginName:
+        # value: "oem"
+        editable: true
+
+avatarFilePath: ~/.face