added task block to prompt user for a fallback password if given user password is null

roles/init-server/tasks/ssh-users.yml

@@ -16,6 +16,27 @@
       register: remote_group
       tags:
         - lan
+    - name: Managing passwords
+      when: prehashed_passwords is undefined or prehashed_passwords == None
+      block:
+        - name: Acquiring users lacking passwords
+          ansible.builtin.set_fact:
+            passwordless_admins: "{{ admins | selectattr('password', '==', 'null') | list }}"
+        - name: Pausing to acquire password for a user
+          when: item.password is undefined or item.password == None
+          ansible.builtin.pause:
+            prompt: "Provide a password for the administrative user, {{ item.username }}"
+            echo: false
+          loop: "{{ passwordless_admins }}"
+          register: prompted_passwords
+        - name: Processing inputted password per user
+          when: prompted_passwords is defined and prompted_passwords != None
+          ansible.builtin.set_fact:
+            prehashed_passwords: "{{ (prompted_passwords.results | default([])) | map(attribute='user_input') | list }}"
+        - name: Pairing inputted passwords with associated user
+          when: prehashed_passwords is defined or prehashed_passwords != None
+          ansible.builtin.set_fact:
+            prehashed_passwords: "{{ dict(passwordless_admins | map(attribute='username') | zip(prehashed_passwords) | list) }}"
     - name: Creating an administrative user
       become: true
       ansible.builtin.user:
@@ -27,7 +48,7 @@
         append: true
         generate_ssh_key: true
         create_home: true
-        password: "{{ item.password }}"
+        password: "{{ item.password | default((prehashed_passwords[item.username] | password_hash(hashtype='sha512'))) }}"
         shell: "/bin/bash"
       loop: "{{ admins }}"
       register: admin_users