Deploy root password

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-04 15:51:04 +02:00 · 2021-06-04 15:51:04 +02:00 · 145dccac2d
commit 145dccac2d
parent 8c4684a450
4 changed files with 17 additions and 0 deletions
--- a/group_vars/debian.yml
+++ b/group_vars/debian.yml
@ -5,3 +5,6 @@ glob_apt:
  extra_repositories: []
  pin:
    bullseye: []
+
+glob_root:
+  passwd_hash: '{{ vault.root_passwd_hash }}'
--- a/plays/base.yml
+++ b/plays/base.yml
@ -1,6 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---

+- import_playbook: root.yml
 - import_playbook: apt.yml
 - import_playbook: ntp.yml
 - import_playbook: ldap-client.yml
--- a/plays/root.yml
+++ b/plays/root.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: debian
+  vars:
+    root: "{{ glob_root | default({}) | combine(loc_root | default({})) }}"
+  roles:
+    - root
--- a/roles/root/tasks/main.yml
+++ b/roles/root/tasks/main.yml
@ -0,0 +1,6 @@
+---
+- name: Deploys root password hash
+  replace:
+    path: /etc/shadow
+    regexp: '^root:[^:]*:'
+    replace: 'root:{{ root.passwd_hash }}:'