From 4197acd2ce598300262e11c5130a42588beca2a8 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Fri, 4 Apr 2025 15:23:02 +0200
Subject: [PATCH] Allow default-user login

---
 inventory-sample.yml                 | 4 ++++
 roles/lmn_security/defaults/main.yml | 2 ++
 roles/lmn_security/tasks/main.yml    | 1 +
 3 files changed, 7 insertions(+)
 create mode 100644 roles/lmn_security/defaults/main.yml

diff --git a/inventory-sample.yml b/inventory-sample.yml
index 81b7386..91967e2 100644
--- a/inventory-sample.yml
+++ b/inventory-sample.yml
@@ -2,5 +2,9 @@
 all:
   vars:
     domain: "{{ ansible_domain }}"
+    security_defaultuser_login_disable: false
+    kde_desktop_pkg:
+      - akonadi-backend-sqlite
+
   hosts:
     localhost:
diff --git a/roles/lmn_security/defaults/main.yml b/roles/lmn_security/defaults/main.yml
new file mode 100644
index 0000000..fef2163
--- /dev/null
+++ b/roles/lmn_security/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+security_defaultuser_login_disable: true
diff --git a/roles/lmn_security/tasks/main.yml b/roles/lmn_security/tasks/main.yml
index 7dca7cc..e6ef7a3 100644
--- a/roles/lmn_security/tasks/main.yml
+++ b/roles/lmn_security/tasks/main.yml
@@ -18,6 +18,7 @@
   ansible.builtin.user:
     name: ansible
     password_lock: true
+  when: security_defaultuser_login_disable
 
 - name: Limit SSH access to user ansible
   ansible.builtin.blockinfile: