59 lines
1.2 KiB
YAML
59 lines
1.2 KiB
YAML
---
|
|
- name: user | Create a normal user
|
|
user:
|
|
name: '{{ username }}'
|
|
password: '{{ password | password_hash("sha512") }}'
|
|
update_password: on_create
|
|
append: yes
|
|
groups:
|
|
- wheel
|
|
- input
|
|
- audio
|
|
- video
|
|
- kvm
|
|
- libvirt
|
|
- users
|
|
create_home: yes
|
|
home: '/home/{{ username }}'
|
|
shell: /usr/bin/fish
|
|
state: present
|
|
comment: Kawaii Linux user
|
|
|
|
- name: user | Double check that group '{{ username }}' exists
|
|
group:
|
|
name: '{{ username }}'
|
|
state: present
|
|
|
|
- name: user | Set subuid and subgid for podman rootless usage
|
|
template:
|
|
src: subid.j2
|
|
dest: '/etc/{{ item }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop:
|
|
- subgid
|
|
- subuid
|
|
|
|
- name: user | Ensure correct permission for /etc/doas.d/
|
|
file:
|
|
path: /etc/doas.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
|
|
- name: user | Add wheel config to doas.conf
|
|
blockinfile:
|
|
path: /etc/doas.d/doas.conf
|
|
block: |
|
|
permit persist :wheel
|
|
permit nopass :wheel cmd halt
|
|
permit nopass :wheel cmd reboot
|
|
permit nopass :wheel cmd poweroff
|
|
marker: '# {mark} CUSTOM SETTINGS FOR WHEEL'
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
validate: grep -F ':wheel' %s
|