From 84f59382c1d961e69b853fa7cb8b2388917a7da4 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Tue, 20 Sep 2022 10:18:55 +0200
Subject: [PATCH] chore: disable passwords by default if empty

---
 tasks/users_default.yml    | 2 +-
 tasks/users_univention.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/users_default.yml b/tasks/users_default.yml
index 15a24d1..89eb342 100644
--- a/tasks/users_default.yml
+++ b/tasks/users_default.yml
@@ -11,7 +11,7 @@
         name: "{{ item.name }}"
         groups: "{{ item.groups | default([]) | join(',') or omit }}"
         append: "{{ True if (item.groups | default([]) | length > 0) else False }}"
-        password: "{{ item.password | password_hash('sha512',65534 | random(seed=inventory_hostname) | string) if item.password is defined else omit }}"
+        password: "{{ item.password | password_hash('sha512',65534 | random(seed=inventory_hostname) | string) if item.password is defined else '*' }}"
         password_expire_min: "{{ item.password_expire_min | default(users_pass_min_day) }}"
         shell: "{{ item.shell | default('/bin/bash') }}"
       loop: "{{ users_default_users }}"
diff --git a/tasks/users_univention.yml b/tasks/users_univention.yml
index f86f4b6..79be6c9 100644
--- a/tasks/users_univention.yml
+++ b/tasks/users_univention.yml
@@ -14,7 +14,7 @@
         name: "{{ item.name }}"
         groups: "{{ item.groups | default([]) | join(',') or omit }}"
         append: "{{ True if (item.groups | default([]) | length > 0) else False }}"
-        password: "{{ item.password | default(omit) | password_hash('sha512',65534 | random(seed=inventory_hostname) | string) }}"
+        password: "{{ item.password | password_hash('sha512',65534 | random(seed=inventory_hostname) | string) if item.password is defined else '*' }}"
         password_expire_min: "{{ item.password_expire_min | default(users_pass_min_day) }}"
         shell: "{{ item.shell | default('/bin/bash') }}"
         system: "yes"