# SPDX-License-Identifier: MIT
- name: 'Set local OS account password'
  loop_control:
    loop_var: 'account'
    index_var: 'i'
    label: 'Set password for local account ''{{ account }}'''
  loop: '{{ reset_password_for_account }}'
  ansible.builtin.user:
    name: '{{ account }}'
    password: '{{ lookup(''hashi_vault'', ''secret=kv/data/settings/machines/'' + fqdn_reverse + ''/os/user/'' + account + '':password'') | string | password_hash(''sha512'', lookup(''hashi_vault'', ''secret=kv/data/settings/machines/'' + fqdn_reverse + ''/os/user/'' + account + '':password_salt'')) }}'
    update_password: 'always'