fix(configuration): use short hostname and allow per-user shell

2026-02-20 20:15:49 +01:00
parent 3000268a0e
commit cf68a93b45
2 changed files with 4 additions and 3 deletions
--- a/roles/configuration/tasks/locales.yml
+++ b/roles/configuration/tasks/locales.yml
@@ -45,7 +45,7 @@

    - name: Set hostname
      ansible.builtin.copy:
-        content: "{{ configuration_hostname_fqdn }}"
+        content: "{{ configuration_hostname_fqdn.split('.')[0] }}"
        dest: /mnt/etc/hostname
        mode: "0644"

--- a/roles/configuration/tasks/users.yml
+++ b/roles/configuration/tasks/users.yml
@@ -3,7 +3,7 @@
  vars:
    configuration_root_cmd: >-
      {{ chroot_command }} /usr/sbin/usermod --password
-      '{{ system_cfg.root.password | password_hash('sha512') }}' root --shell /bin/bash
+      '{{ system_cfg.root.password | password_hash('sha512') }}' root --shell {{ system_cfg.root.shell | default('/bin/bash') }}
  ansible.builtin.command: "{{ configuration_root_cmd }}"
  register: configuration_root_result
  changed_when: configuration_root_result.rc == 0
@@ -13,11 +13,12 @@
  vars:
    configuration_user_group: >-
      {{ "sudo" if is_debian | bool else "wheel" }}
+    # UID starts at 1000; safe for fresh installs only
    configuration_useradd_cmd: >-
      {{ chroot_command }} /usr/sbin/useradd --create-home --user-group
      --uid {{ 1000 + ansible_loop.index0 }}
      --groups {{ configuration_user_group }} {{ item.name }}
-      --password {{ item.password | password_hash('sha512') }} --shell /bin/bash
+      --password {{ item.password | password_hash('sha512') }} --shell {{ item.shell | default('/bin/bash') }}
  ansible.builtin.command: "{{ configuration_useradd_cmd }}"
  loop: "{{ system_cfg.users }}"
  loop_control: