allow password generation in base setup

2025-04-26 13:20:30 -04:00 · 2025-04-26 13:20:30 -04:00 · 089ce9b396
commit 089ce9b396
parent 4b481577ad
3 changed files with 59 additions and 9 deletions
--- a/playbooks/setup_base_system.yml
+++ b/playbooks/setup_base_system.yml
@ -2,4 +2,19 @@
 - hosts: all
  become: yes
  roles:
-    - base_setup
+    - base_setup
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Display all generated passwords
+      debug:
+        msg: |
+          Generated Passwords:
+          {% for host in groups['all'] %}
+          {% if hostvars[host]['generated_password'] is defined %}
+          Host: {{ host }}
+          Password: {{ hostvars[host]['generated_password'] }}
+          {% endif %}
+          {% endfor %}
--- a/roles/base_setup/defaults/main.yml
+++ b/roles/base_setup/defaults/main.yml
@ -1,5 +1,7 @@
 ---
 # defaults file for roles/base_setup
 base_username: user
-base_ssh_key: ""
+base_ssh_keyfile: /home/user/.ssh/id_rsa.pub
 base_timezone: "UTC"
+
+generate_user_password: no
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -24,17 +24,50 @@
      - gnupg
    state: present

- name: Create user
-  user:
-    name: "{{ base_username }}"
-    groups: sudo
-    shell: /bin/bash
-    create_home: true
+- name: Create user with or without password
+  block:
+    - name: Generate random password
+      command: openssl rand -base64 32
+      register: random_password
+      changed_when: false
+      when: generate_user_password | bool
+
+    - name: Set password fact
+      set_fact:
+        generated_password: "{{ random_password.stdout }}"
+      when: generate_user_password | bool
+
+    - name: Create user with password
+      user:
+        name: "{{ base_username }}"
+        password: "{{ random_password.stdout | password_hash('sha512') }}"
+        groups: sudo
+        shell: /bin/bash
+      when: generate_user_password | bool
+
+    - name: Create user without password
+      user:
+        name: "{{ base_username }}"
+        groups: sudo
+        shell: /bin/bash
+      when: not generate_user_password | bool
+
+    - name: Display generated password
+      debug:
+        msg: "Generated password for {{ base_username }} on {{ inventory_hostname }}: {{ random_password.stdout }}"
+      when: generate_user_password | bool
+
+  always:
+    - name: Ensure user is in sudo group
+      user:
+        name: "{{ base_username }}"
+        groups: sudo
+        append: yes

 - name: Set up authorized key for user
  authorized_key:
    user: "{{ base_username }}"
-    key: "{{ base_user_key }}"
+    key: "{{ lookup('file', base_ssh_keyfile) }}"

 - name: Set timezone
  timezone: