folliehiyuki
/
sysconfig
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2024-02-16. You can view files and clone it, but cannot push or open issues or pull requests.
sysconfig/roles/user/tasks/main.yml

93 lines
2.3 KiB
YAML
Raw Blame History

---
- name: user | Install doas
community.general.packaging.os.apk:
name: doas
state: present
- name: user | Install {{ usershell }}
community.general.packaging.os.apk:
name: '{{ usershell }}'
state: present
when: usershell not in ['ash', 'sh']
- name: user | Create {{ realtime_group }} group
group:
name: '{{ realtime_group }}'
system: true
state: present
- name: user | Create a normal user
user:
name: '{{ username }}'
password: '{{ password | password_hash("sha512") }}'
update_password: on_create
append: true
groups:
- wheel
- input
- audio
- video
- libvirt
- users
- '{{ realtime_group }}'
create_home: true
home: '/home/{{ username }}'
shell: '{{ shell_mappings[usershell] }}'
state: present
comment: Kawaii Linux user
- name: user | Double check that group '{{ username }}' exists
group:
name: '{{ username }}'
state: present
# We restrict /proc read permission to polkitd group
- name: user | Add the user to polkitd group
user:
name: '{{ username }}'
append: true
groups:
- polkitd
when: use_polkit
- name: user | Add the user to seat group
user:
name: '{{ username }}'
append: true
groups:
- seat
when: seat_manager == 'seatd'
- name: user | Ensure correct permissions for directory /etc/doas.d/
file:
path: /etc/doas.d
state: directory
owner: root
group: root
mode: 0750
# pm-suspend is from pm-utils package (required by libvirt-client)
- name: user | Add config for {{ username }} user to doas.conf
blockinfile:
path: /etc/doas.d/doas.conf
block: |
permit persist {{ username }}
permit nopass {{ username }} cmd halt
permit nopass {{ username }} cmd reboot
permit nopass {{ username }} cmd poweroff
permit nopass {{ username }} cmd pm-suspend
marker: '# {mark} CUSTOM SETTINGS FOR THE NORMAL USER'
owner: root
group: root
mode: 0600
validate: /usr/bin/doas -C %s
- name: user | Add pam_limits rules for {{ realtime_group }} group
pam_limits:
domain: '@{{ realtime_group }}'
limit_type: '-'
limit_item: '{{ item.item }}'
value: '{{ item.value }}'
dest: '/etc/security/limits.d/95-{{ realtime_group }}.conf'
loop: '{{ realtime_pam_limits }}'
Reference in New Issue View Git Blame Copy Permalink