From 089ce9b3960ec56a5584d0a50ac34b2af4e2633a Mon Sep 17 00:00:00 2001
From: agatha <agatha@juggalol.com>
Date: Sat, 26 Apr 2025 13:20:30 -0400
Subject: [PATCH] allow password generation in base setup

---
 playbooks/setup_base_system.yml    | 17 ++++++++++-
 roles/base_setup/defaults/main.yml |  4 ++-
 roles/base_setup/tasks/main.yml    | 47 +++++++++++++++++++++++++-----
 3 files changed, 59 insertions(+), 9 deletions(-)

diff --git a/playbooks/setup_base_system.yml b/playbooks/setup_base_system.yml
index 3dda9b7..bfdd15c 100644
--- a/playbooks/setup_base_system.yml
+++ b/playbooks/setup_base_system.yml
@@ -2,4 +2,19 @@
 - hosts: all
   become: yes
   roles:
-    - base_setup
\ No newline at end of file
+    - base_setup
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Display all generated passwords
+      debug:
+        msg: |
+          Generated Passwords:
+          {% for host in groups['all'] %}
+          {% if hostvars[host]['generated_password'] is defined %}
+          Host: {{ host }}
+          Password: {{ hostvars[host]['generated_password'] }}
+          {% endif %}
+          {% endfor %}
\ No newline at end of file
diff --git a/roles/base_setup/defaults/main.yml b/roles/base_setup/defaults/main.yml
index ba7b785..89022eb 100644
--- a/roles/base_setup/defaults/main.yml
+++ b/roles/base_setup/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 # defaults file for roles/base_setup
 base_username: user
-base_ssh_key: ""
+base_ssh_keyfile: /home/user/.ssh/id_rsa.pub
 base_timezone: "UTC"
+
+generate_user_password: no
\ No newline at end of file
diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml
index 4687f50..89c6472 100644
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@@ -24,17 +24,50 @@
       - gnupg
     state: present
 
-- name: Create user
-  user:
-    name: "{{ base_username }}"
-    groups: sudo
-    shell: /bin/bash
-    create_home: true
+- name: Create user with or without password
+  block:
+    - name: Generate random password
+      command: openssl rand -base64 32
+      register: random_password
+      changed_when: false
+      when: generate_user_password | bool
+
+    - name: Set password fact
+      set_fact:
+        generated_password: "{{ random_password.stdout }}"
+      when: generate_user_password | bool
+
+    - name: Create user with password
+      user:
+        name: "{{ base_username }}"
+        password: "{{ random_password.stdout | password_hash('sha512') }}"
+        groups: sudo
+        shell: /bin/bash
+      when: generate_user_password | bool
+
+    - name: Create user without password
+      user:
+        name: "{{ base_username }}"
+        groups: sudo
+        shell: /bin/bash
+      when: not generate_user_password | bool
+
+    - name: Display generated password
+      debug:
+        msg: "Generated password for {{ base_username }} on {{ inventory_hostname }}: {{ random_password.stdout }}"
+      when: generate_user_password | bool
+
+  always:
+    - name: Ensure user is in sudo group
+      user:
+        name: "{{ base_username }}"
+        groups: sudo
+        append: yes
 
 - name: Set up authorized key for user
   authorized_key:
     user: "{{ base_username }}"
-    key: "{{ base_user_key }}"
+    key: "{{ lookup('file', base_ssh_keyfile) }}"
 
 - name: Set timezone
   timezone: