feat(role): Initial commit

meta/main.yml

@@ -0,0 +1,14 @@
+galaxy_info:
+  author: 'hygienic-books'
+  description: 'An Ansible role to change an operating system''s local user password'
+  issue_tracker_url: 'https://quico.space/quico-ansible/role_common_local-os-password/issues'
+  license: 'MIT'
+  min_ansible_version: '2.12.6'
+  platforms:
+    - name: 'EL'
+      versions:
+      - '7'
+      - '8'
+  galaxy_tags:
+    - 'password'
+dependencies: []

meta/requirements.yml

@@ -0,0 +1,2 @@
+- src: 'https://quico.space/quico-ansible/role_include_vault-check.git'
+  version: 'master'

tasks/40-local-os-password.yml

@@ -0,0 +1,33 @@
+- name: 'Get secrets'
+  no_log: 'true'
+  loop_control:
+    loop_var: 'server'
+  with_community.hashi_vault.vault_kv2_get: '{{ local_os_password_vault_paths }}'
+  ansible.builtin.set_fact:
+    vault_data: '{{ vault_data | default({}) | combine (server.secret) }}'
+
+
+
+- name: 'If a secret is missing: Fail progress'
+  import_role:
+    name: 'role_include_vault-check'
+  vars:
+    - vault_check_base_path: '{{ local_os_password_vault_base }}'
+    - vault_check_inc_vault_data: '{{ vault_data }}'
+    - vault_check_fail_checks: '{{ local_os_password_vault_vars }}'
+
+
+
+- name: 'Set fact: New OS local account password'
+  no_log: 'true'
+  ansible.builtin.set_fact:
+    os_acc_pwd: '{{ vault_data.password }}'
+    os_acc_salt: '{{ vault_data.password_salt }}'
+
+
+
+- name: 'Set local OS account password'
+  ansible.builtin.user:
+    name: '{{ reset_password_for_account }}'
+    password: '{{ os_acc_pwd | string | password_hash(''sha512'', os_acc_salt) }}'
+    update_password: 'always'

tasks/main.yml

@@ -0,0 +1 @@
+- import_tasks: '40-local-os-password.yml'