1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
# SPDX-FileCopyrightText: no
# SPDX-License-Identifier: CC0-1.0
#
# Configuration for the one-user-system user module.
#
# Besides these settings, the users module also places the following
# keys into the Global Storage area, based on user input in the view step.
#
# - hostname
# - username
# - password (obscured)
# - autologinUser (if enabled, set to username)
#
# These Global Storage keys are set when the configuration for this module
# is read and when they are modified in the UI.
---
# Used as default groups for the created user.
# Adjust to your Distribution defaults.
#
# Each entry in the *defaultGroups* list is either:
# - a string, naming a group; this is a **non**-system group
# which does not need to exist in the target system; if it
# does not exist, it will be created.
# - an entry with subkeys *name*, *must_exist* and *system*;
# if the group *must_exist* and does not, an error is thrown
# and the installation fails.
#
# The group is created if it does not exist, and it is
# created as a system group (GID < 1000) or user group
# (GID >= 1000) depending on the value of *system*.
defaultGroups:
- name: users
must_exist: true
system: true
- lp
- video
- network
- storage
- name: wheel
must_exist: false
system: true
- audio
# Some Distributions require a 'autologin' group for the user.
# Autologin causes a user to become automatically logged in to
# the desktop environment on boot.
# Disable when your Distribution does not require such a group.
autologinGroup: autologin
# You can control the initial state for the 'autologin checkbox' here.
# Possible values are:
# - true to check or
# - false to uncheck
# These set the **initial** state of the checkbox.
doAutologin: true
# When *sudoersGroup* is set to a non-empty string, Calamares creates a
# sudoers file for the user. This file is located at:
# `/etc/sudoers.d/10-installer`
# Remember to add the (value of) *sudoersGroup* to *defaultGroups*.
#
# If your Distribution already sets up a group of sudoers in its packaging,
# remove this setting (delete or comment out the line below). Otherwise,
# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
# potentially confusing users.
sudoersGroup: wheel
# If set to `false` (the default), writes a sudoers file with `(ALL)`
# so that the command can be run as any user. If set to `true`, writes
# `(ALL:ALL)` so that any user and any group can be chosen.
sudoersConfigureWithGroup: true
# Setting this to false, causes the root account to be disabled.
# When disabled, hides the "Use the same password for administrator"
# checkbox. Also hides the "Choose a password" and associated text-inputs.
setRootPassword: true
# You can control the initial state for the 'reuse password for root'
# checkbox here. Possible values are:
# - true to check or
# - false to uncheck
#
# When checked, the user password is used for the root account too.
#
# NOTE: *doReusePassword* requires *setRootPassword* to be enabled.
doReusePassword: true
# These are optional password-requirements that a distro can enforce
# on the user. The values given in this sample file set only very weak
# validation settings.
#
# - nonempty rejects empty passwords
# - there are no length validations
# - libpwquality (if it is enabled at all) has no length of class
# restrictions, although it will still reject palindromes and
# dictionary words with these settings.
#
# Checks may be listed multiple times; each is checked separately,
# and no effort is done to ensure that the checks are consistent
# (e.g. specifying a maximum length less than the minimum length
# will annoy users).
#
# The libpwquality check relies on the (optional) libpwquality library.
# Its value is a list of configuration statements that could also
# be found in pwquality.conf, and these are handed off to the
# libpwquality parser for evaluation. The check is ignored if
# libpwquality is not available at build time (generates a warning in
# the log). The Calamares password check rejects passwords with a
# score of < 40 with the given libpwquality settings.
#
# (additional checks may be implemented in CheckPWQuality.cpp and
# wired into UsersPage.cpp)
#
# - To disable specific password validations:
# comment out the relevant 'passwordRequirements' keys below.
# - To disable all password validations:
# set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
# (That will show the box *Allow weak passwords* in the user-
# interface, and check it by default).
#passwordRequirements:
# nonempty: true
# minLength: -1 # Password at least this many characters
# maxLength: -1 # Password at most this many characters
# libpwquality:
# - minlen=0
# - minclass=0
# You can control the visibility of the 'strong passwords' checkbox here.
# Possible values are:
# - true to show or
# - false to hide (default)
# the checkbox. This checkbox allows the user to choose to disable
# password-strength-checks. By default the box is **hidden**, so
# that you have to pick a password that satisfies the checks.
allowWeakPasswords: false
# You can control the initial state for the 'strong passwords' checkbox here.
# Possible values are:
# - true to uncheck or
# - false to check (default)
# the checkbox by default. Since the box is labeled to enforce strong
# passwords, in order to **allow** weak ones by default, the box needs
# to be unchecked.
allowWeakPasswordsDefault: true
# User settings
#
# The user can enter a username, but there are some other
# hidden settings for the user which are configurable in Calamares.
#
# Key *user* has the following sub-keys:
#
# - *shell* Shell to be used for the regular user of the target system.
# There are three possible kinds of settings:
# - unset (i.e. commented out, the default), act as if set to /bin/bash
# - empty (explicit), don't pass shell information to useradd at all
# and rely on a correct configuration file in /etc/default/useradd
# - set, non-empty, use that path as shell. No validation is done
# that the shell actually exists or is executable.
# - *forbidden_names* Login names that may not be used. This list always
# contains "root" and "nobody", but may be extended to list other special
# names for a given distro (eg. "video", or "mysql" might not be a valid
# end-user login name).
user:
shell: /bin/bash
forbidden_names: [ root ]
# Hostname settings
#
# The user can enter a hostname; this is configured into the system
# in some way. There are settings for how a hostname is guessed (as
# a default / suggestion) and where (or how) the hostname is set in
# the target system.
#
# Key *hostname* has the following sub-keys:
#
# - *location* How the hostname is set in the target system:
# - *None*, to not set the hostname at all
# - *EtcFile*, to write to `/etc/hostname` directly
# - *Etc*, identical to above
# - *Hostnamed*, to use systemd hostnamed(1) over DBus
# - *Transient*, to remove `/etc/hostname` from the target
# The default is *EtcFile*. Setting this to *None* or *Transient* will
# hide the hostname field.
# - *writeHostsFile* Should /etc/hosts be written with a hostname for
# this machine (also adds localhost and some ipv6 standard entries).
# Defaults to *true*.
# - *template* Is a simple template for making a suggestion for the
# hostname, based on user data. The default is "${first}-${product}".
# This is used only if the hostname field is shown. KMacroExpander is
# used; write `${key}` where `key` is one of the following:
# - *first* User's first name (whatever is first in the User Name field,
# which is first-in-order but not necessarily a "first name" as in
# "given name" or "name by which you call someone"; beware of western bias)
# - *name* All the text in the User Name field.
# - *login* The login name (which may be suggested based on User Name)
# - *product* The hardware product, based on DMI data
# - *product2* The product as described by Qt
# - *cpu* CPU name
# - *host* Current hostname (which may be a transient hostname)
# Literal text in the template is preserved. Calamares tries to map
# `${key}` values to something that will fit in a hostname, but does not
# apply the same to literal text in the template. Do not use invalid
# characters in the literal text, or no suggeston will be done.
# - *forbidden_names* lists hostnames that may not be used. This list
# always contains "localhost", but may list others that are unsuitable
# or broken in special ways.
hostname:
location: EtcFile
writeHostsFile: true
#template: "alci-${cpu}"
forbidden_names: [ localhost ]
presets:
fullName:
value: "mythtv"
editable: true
loginName:
value: "mythtv"
editable: true
|
