⏳ @eshanized updated the repository!!!

2025-09-21 12:14:57 +02:00 · 2024-04-11 20:54:34 +05:30
parent 2eb1acf16d
commit a3a1a73f67
1 changed files with 250 additions and 6 deletions
--- a/calamares/modules/users.conf
+++ b/calamares/modules/users.conf
@@ -1,3 +1,39 @@
 # SPDX-FileCopyrightText: no
 # SPDX-License-Identifier: CC0-1.0
 #
 # Configuration for the one-user-system user module.
 #
 # Besides these settings, the users module also places the following
 # keys into the Global Storage area, based on user input in the view step.
 #
 # - hostname
 # - username
 # - password (obscured)
 # - autologinUser (if enabled, set to username)
 #
 # These Global Storage keys are set when the configuration for this module
 # is read and when they are modified in the UI.
 ---
 ### GROUPS CONFIGURATION
 #
 # The system has groups of uses. Some special groups must be
 # created during installation. Optionally, there are special
 # groups for users who can use sudo and for supporting autologin.
 # Used as default groups for the created user.
 # Adjust to your Distribution defaults.
 #
 # Each entry in the *defaultGroups* list is either:
 #   - a string, naming a group; this is a **non**-system group
 #     which does not need to exist in the target system; if it
 #     does not exist, it will be created.
 #   - an entry with subkeys *name*, *must_exist* and *system*;
 #     if the group *must_exist* and does not, an error is thrown
 #     and the installation fails.
 #
 #     The group is created if it does not exist, and it is
 #     created as a system group (GID < 1000) or user group
 #     (GID >= 1000) depending on the value of *system*.
 defaultGroups:
    - name: users
      must_exist: true
@@ -16,22 +52,230 @@ defaultGroups:
    - scanner
    - rfkill
-autologinGroup:  autologin
+# When *sudoersGroup* is set to a non-empty string, Calamares creates a
-
+# sudoers file for the user. This file is located at:
-doAutologin:     false
+#     `/etc/sudoers.d/10-installer`
-
+# Remember to add the (value of) *sudoersGroup* to *defaultGroups*.
 #
 # If your Distribution already sets up a group of sudoers in its packaging,
 # remove this setting (delete or comment out the line below). Otherwise,
 # the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
 # potentially confusing users.
 sudoersGroup:    wheel
 # Some Distributions require a 'autologin' group for the user.
 # Autologin causes a user to become automatically logged in to
 # the desktop environment on boot.
 # Disable when your Distribution does not require such a group.
 autologinGroup:  autologin
 ### ROOT AND SUDO
 #
 # Some distributions have a root user enabled for login. Others
 # rely entirely on sudo or similar mechanisms to raise privileges.
 # If set to `false` (the default), writes a sudoers file with `ALL=(ALL)`
 # so that commands can be run as any user. If set to `true`, writes
 # `ALL=(ALL:ALL)` so that any user and any group can be chosen.
 sudoersConfigureWithGroup: true
 # Setting this to false, causes the root account to be disabled.
 # When disabled, hides the "Use the same password for administrator"
 # checkbox. Also hides the "Choose a password" and associated text-inputs.
 setRootPassword: true
 # You can control the initial state for the 'reuse password for root'
 # checkbox here. Possible values are:
 #  - true to check or
 #  - false to uncheck
 #
 # When checked, the user password is used for the root account too.
 #
 # NOTE: *doReusePassword* requires *setRootPassword* to be enabled.
 doReusePassword: false
 userShell: /bin/bash
-avatarFilePath: ~/.face
+### PASSWORDS AND LOGIN
 #
 # Autologin is convenient for single-user systems, but depends on
 # the location of the machine if it is practical. "Password strength"
 # measures measures might improve security by enforcing hard-to-guess
 # passwords, or might encourage a post-it-under-the-keyboard approach.
 # Distributions are free to steer their users to one kind of password
 # or another. Weak(er) passwords may be allowed, may cause a warning,
 # or may be forbidden entirely.
 # You can control the initial state for the 'autologin checkbox' here.
 # Possible values are:
 #  - true to check or
 #  - false to uncheck
 # These set the **initial** state of the checkbox.
 doAutologin:     true
 # These are optional password-requirements that a distro can enforce
 # on the user. The values given in this sample file set only very weak
 # validation settings.
 #
 # Calamares itself supports two checks:
 #   - minLength
 #   - maxLength
 # In this sample file, the values are set to -1 which means "no
 # minimum", "no maximum". This allows any password at all.
 # No effort is done to ensure that the checks are consistent
 # (e.g. specifying a maximum length less than the minimum length
 # will annoy users).
 #
 # Calamares supports password checking through libpwquality.
 # The libpwquality check relies on the (optional) libpwquality library.
 # The value for libpwquality is a list of configuration statements like
 # those found in pwquality.conf. The statements are handed off to the
 # libpwquality parser for evaluation. The check is ignored if
 # libpwquality is not available at build time (generates a warning in
 # the log). The Calamares password check rejects passwords with a
 # score of < 40 with the given libpwquality settings.
 #
 # (additional checks may be implemented in CheckPWQuality.cpp and
 # wired into UsersPage.cpp)
 #
 # To disable all password validations:
 #  - comment out the relevant 'passwordRequirements' keys below,
 #    or set minLength and maxLength to -1.
 #  - disable libpwquality at build-time.
 # To allow all passwords, but provide warnings:
 #  - set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
 #    (That will show the box *Allow weak passwords* in the user-
 #    interface, and check it by default).
 #  - configure password-checking however you wish.
 # To require specific password characteristics:
 #  - set 'allowWeakPasswords' to false (the default)
 #  - configure password-checking, e.g. with NIST settings
 # These are very weak -- actually, none at all -- requirements
 passwordRequirements:
    minLength: -1  # Password at least this many characters
    maxLength: -1  # Password at most this many characters
    libpwquality:
        - minlen=0
        - minclass=0
 # These are "you must have a password, any password" -- requirements
 #
 # passwordRequirements:
 #     minLength: 1
 # These are requirements the try to follow the suggestions from
 #     https://pages.nist.gov/800-63-3/sp800-63b.html , "Digital Identity Guidelines".
 # Note that requiring long and complex passwords has its own cost,
 # because the user has to come up with one at install time.
 # Setting 'allowWeakPasswords' to false and 'doAutologin' to false
 # will require a strong password and prevent (graphical) login
 # without the password. It is likely to be annoying for casual users.
 #
 # passwordRequirements:
 #     minLength: 8
 #     maxLength: 64
 #     libpwquality:
 #         - minlen=8
 #         - maxrepeat=3
 #         - maxsequence=3
 #         - usersubstr=4
 #         - badwords=linux
 # You can control the visibility of the 'strong passwords' checkbox here.
 # Possible values are:
 #  - true to show or
 #  - false to hide  (default)
 # the checkbox. This checkbox allows the user to choose to disable
 # password-strength-checks. By default the box is **hidden**, so
 # that you have to pick a password that satisfies the checks.
 allowWeakPasswords: false
 # You can control the initial state for the 'strong passwords' checkbox here.
 # Possible values are:
 #  - true to uncheck or
 #  - false to check (default)
 # the checkbox by default. Since the box is labeled to enforce strong
 # passwords, in order to **allow** weak ones by default, the box needs
 # to be unchecked.
 allowWeakPasswordsDefault: false
 # User settings
 #
 # The user can enter a username, but there are some other
 # hidden settings for the user which are configurable in Calamares.
 #
 # Key *user* has the following sub-keys:
 #
 # - *shell* Shell to be used for the regular user of the target system.
 #   There are three possible kinds of settings:
 #    - unset (i.e. commented out, the default), act as if set to /bin/bash
 #    - empty (explicit), don't pass shell information to useradd at all
 #      and rely on a correct configuration file in /etc/default/useradd
 #    - set, non-empty, use that path as shell. No validation is done
 #      that the shell actually exists or is executable.
 # - *forbidden_names* Login names that may not be used. This list always
 #   contains "root" and "nobody", but may be extended to list other special
 #   names for a given distro (eg. "video", or "mysql" might not be a valid
 #   end-user login name).
 user:
  shell: /bin/bash
  forbidden_names: [ root ]
 # Hostname settings
 #
 # The user can enter a hostname; this is configured into the system
 # in some way. There are settings for how a hostname is guessed (as
 # a default / suggestion) and where (or how) the hostname is set in
 # the target system.
 #
 # Key *hostname* has the following sub-keys:
 #
 # - *location* How the hostname is set in the target system:
 #   - *None*, to not set the hostname at all
 #   - *EtcFile*, to write to `/etc/hostname` directly
 #   - *Etc*, identical to above
 #   - *Hostnamed*, to use systemd hostnamed(1) over DBus
 #   - *Transient*, to remove `/etc/hostname` from the target
 #   The default is *EtcFile*. Setting this to *None* or *Transient* will
 #   hide the hostname field.
 # - *writeHostsFile* Should /etc/hosts be written with a hostname for
 #   this machine (also adds localhost and some ipv6 standard entries).
 #   Defaults to *true*.
 # - *template* Is a simple template for making a suggestion for the
 #   hostname, based on user data. The default is "${first}-${product}".
 #   This is used only if the hostname field is shown. KMacroExpander is
 #   used; write `${key}` where `key` is one of the following:
 #   - *first* User's first name (whatever is first in the User Name field,
 #     which is first-in-order but not necessarily a "first name" as in
 #     "given name" or "name by which you call someone"; beware of western bias)
 #   - *name* All the text in the User Name field.
 #   - *login* The login name (which may be suggested based on User Name)
 #   - *product* The hardware product, based on DMI data
 #   - *product2* The product as described by Qt
 #   - *cpu* CPU name
 #   - *host* Current hostname (which may be a transient hostname)
 #   Literal text in the template is preserved. Calamares tries to map
 #   `${key}` values to something that will fit in a hostname, but does not
 #   apply the same to literal text in the template. Do not use invalid
 #   characters in the literal text, or no suggeston will be done.
 # - *forbidden_names* lists hostnames that may not be used. This list
 #   always contains "localhost", but may list others that are unsuitable
 #   or broken in special ways.
 hostname:
  location: EtcFile
  writeHostsFile: true
  template: "snigdhaos-${cpu}"
  forbidden_names: [ localhost ]
 presets:
    fullName:
        # value: "OEM User"
        editable: true
    loginName:
        # value: "oem"
        editable: true
 avatarFilePath: ~/.face