ensure user password is enforced (#582)

Reviewed-on: #582 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2023-10-19 09:34:34 +02:00 · 2023-10-19 09:34:34 +02:00 · 4416b7b519
parent 8e0e7bde21
commit 4416b7b519
6 changed files with 12 additions and 11 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -32,7 +32,7 @@
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
@ -40,7 +40,7 @@
      allow_passwordless_sudo: true
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -20,7 +20,7 @@
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo, docker
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
@ -28,7 +28,7 @@
      allow_passwordless_sudo: true
    - username: docker-user
      password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo, docker
      state: present
      allow_sudo: true
@ -36,7 +36,7 @@
      uid: "5000"
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
--- a/group_vars/laptop.yml
+++ b/group_vars/laptop.yml
@ -67,7 +67,7 @@
  users:
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo, docker
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
@ -75,7 +75,7 @@
      allow_passwordless_sudo: true
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
--- a/group_vars/pbs.yml
+++ b/group_vars/pbs.yml
@ -16,7 +16,7 @@
      allow_passwordless_sudo: true
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
@ -24,7 +24,7 @@
      allow_passwordless_sudo: true
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
--- a/group_vars/pve.yml
+++ b/group_vars/pve.yml
@ -12,7 +12,7 @@
      allow_passwordless_sudo: true
    - username: mg
      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: "{{ ssh_public_key_mg }}"
@ -20,7 +20,7 @@
      allow_passwordless_sudo: true
    - username: ansible-user
      password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
-      update_password: on_create
+      update_password: always
      groups: ssh, sudo
      state: present
      public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
--- a/roles/mgrote.pbs_users/tasks/main.yml
+++ b/roles/mgrote.pbs_users/tasks/main.yml
@ -23,3 +23,4 @@
    loop: "{{ pbs_users }}"
    when: "item.name in users.stdout"
    changed_when: false
+    no_log: true