From 7f3a53e8bd1c54ce54d6acee3a4310cbeb9b9ea6 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Wed, 13 Dec 2017 11:36:39 +0200
Subject: Add: password field for users in unix_users

This is for an _encrypted_ password. Sometimes it's necessary to have
one, and just ssh key access isn't enough. Say, IMAP users.
---
 roles/unix_users/defaults/main.yml | 4 ++++
 roles/unix_users/tasks/main.yml    | 1 +
 2 files changed, 5 insertions(+)

(limited to 'roles')

diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml
index 5914b08..ea33fc9 100644
--- a/roles/unix_users/defaults/main.yml
+++ b/roles/unix_users/defaults/main.yml
@@ -9,6 +9,10 @@
 #       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
 #       ssh_key_pub -- install this as ~/.ssh/id_rsa.pub
 #       authorized_keys -- install this as ~/.ssh/authorized_keys
+#       password -- encrypted password
+#
+# Create the encrypted password with something like:
+#    password: "{{ lookup('pipe', 'pass show foo | mkpasswd --method=sha-512 --stdin') }}"
 #
 
 unix_users: []
diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
index d948dc8..adcb90e 100644
--- a/roles/unix_users/tasks/main.yml
+++ b/roles/unix_users/tasks/main.yml
@@ -5,6 +5,7 @@
     comment: "{{ item.comment|default('unnamed user') }}"
     shell: "{{ item.shell|default('/bin/bash') }}"
     system: "{{ item.system|default('no') }}"
+    password: "{{ item.password|default('xxx') }}"
 
 - name: create ~/.ssh for each user
   with_items: "{{ unix_users }}"
-- 
cgit v1.2.1