50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
- name: user | Install {{ usershell }}
|
|
community.general.apk:
|
|
name: '{{ usershell }}'
|
|
state: present
|
|
when: usershell not in ['ash', 'sh']
|
|
|
|
- name: user | Create a normal user
|
|
user:
|
|
name: '{{ username }}'
|
|
password: '{{ password | password_hash("sha512") }}'
|
|
update_password: on_create
|
|
append: true
|
|
groups: '{{ usergroups }}'
|
|
create_home: true
|
|
home: '/home/{{ username }}'
|
|
shell: '{{ shells_mappings[usershell] }}'
|
|
state: present
|
|
comment: Kawaii Linux user
|
|
|
|
- name: user | Double check the existence of group '{{ username }}'
|
|
group:
|
|
name: '{{ username }}'
|
|
state: present
|
|
|
|
# We restrict /proc read permission to polkitd group
|
|
- name: user | Add the user to polkitd group
|
|
user:
|
|
name: '{{ username }}'
|
|
append: true
|
|
groups:
|
|
- polkitd
|
|
when: use_polkit or (seat_manager == 'elogind')
|
|
|
|
- name: user | Add the user to seat group
|
|
user:
|
|
name: '{{ username }}'
|
|
append: true
|
|
groups:
|
|
- seat
|
|
when: seat_manager == 'seatd'
|
|
|
|
- name: user | Install {{ sudo_provider }}
|
|
community.general.apk:
|
|
name: '{{ sudo_provider }}'
|
|
state: present
|
|
|
|
- name: user | Configure privilege escalation rules
|
|
include_tasks: 'user/{{ sudo_provider }}.yml'
|