Deploy root password

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

group_vars/debian.yml

@@ -5,3 +5,6 @@ glob_apt:
   extra_repositories: []
   pin:
     bullseye: []
+
+glob_root:
+  passwd_hash: '{{ vault.root_passwd_hash }}'

plays/base.yml

@@ -1,6 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 
+- import_playbook: root.yml
 - import_playbook: apt.yml
 - import_playbook: ntp.yml
 - import_playbook: ldap-client.yml

plays/root.yml

@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: debian
+  vars:
+    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
+  roles:
+    - root

roles/root/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploys root password hash
+  replace:
+    path: /etc/shadow
+    regexp: '^root:[^:]*:'
+    replace: 'root:{{ root.passwd_hash }}:'