Add matrix_user_shell and default it to /sbin/nologin

This is a backward-incompatible change. By default, Ansible creates users with (e.g.) `/bin/sh` on Linux, so changing to a no shell leads to different behavior. That said, it appears that using a shell-less user works OK with regard to Ansible execution and starting the systemd services/containers later on.
2025-04-29 23:56:30 +02:00 · 2025-04-29 10:37:57 +03:00 · 2025-04-29 10:37:57 +03:00 · 51e961ce9f
commit 51e961ce9f
parent 3ee7deb2d7
2 changed files with 3 additions and 0 deletions
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@ -177,6 +177,8 @@ matrix_container_global_registry_prefix_override: ""

 matrix_user_name: "matrix"
 matrix_user_system: true
+matrix_user_shell: /sbin/nologin
+
 matrix_group_name: "matrix"
 matrix_group_system: true

--- a/roles/custom/matrix-base/tasks/setup_matrix_user.yml
+++ b/roles/custom/matrix-base/tasks/setup_matrix_user.yml
@ -22,6 +22,7 @@
    home: "{{ matrix_base_data_path }}"
    create_home: false
    system: "{{ matrix_user_system }}"
+    shell: "{{ matrix_user_shell }}"
  register: matrix_user

 - name: Initialize matrix_user_uid and matrix_user_gid