From 5492d6793a229c60f08112fda9827b2686bb72ae Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Tue, 5 Oct 2021 00:41:48 +0300
Subject: [PATCH] archusers: Allow overriding users' shell setting

Useful for mail.archlinux.org where this setting doesn't matter since we
force the SSH command to passwd and zsh was removed as part of the tools
cleanup effort recently (stops shadow.service from complaining about zsh
missing).
---
 playbooks/mail.archlinux.org.yml | 2 +-
 roles/archusers/tasks/main.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/mail.archlinux.org.yml b/playbooks/mail.archlinux.org.yml
index 08ea63b02..b8e5e90f3 100644
--- a/playbooks/mail.archlinux.org.yml
+++ b/playbooks/mail.archlinux.org.yml
@@ -14,7 +14,7 @@
     - { role: rspamd, rspamd_dkim_domain: archlinux.org, tags: ["mail"] }
     - { role: unbound, unbound_port: 5353, tags: ["mail"] }
     - { role: postfwd, tags: ['mail'] }
-    - { role: archusers, archusers_ssh_options: 'command="/usr/bin/passwd",restrict,pty' }
+    - { role: archusers, shell_override: '/bin/bash', archusers_ssh_options: 'command="/usr/bin/passwd",restrict,pty' }
     - { role: fail2ban }
     - { role: prometheus_exporters }
     - { role: promtail }
diff --git a/roles/archusers/tasks/main.yml b/roles/archusers/tasks/main.yml
index 595e2b2ec..5c42f3345 100644
--- a/roles/archusers/tasks/main.yml
+++ b/roles/archusers/tasks/main.yml
@@ -15,7 +15,7 @@
     group: users
     groups: "{{ item.value.groups | join(',') }}"
     comment: "{{ item.value.name }}"
-    shell: "{{ item.value.shell | default('/bin/bash') }}"
+    shell: "{{ shell_override | default(item.value.shell | default('/bin/bash')) }}"
     password: ""
     update_password: on_create
     state: present
-- 
GitLab