From ce8466eb48fdc03fe3d37e6cb62af85996a537da Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 2 Jan 2022 19:04:13 +0100
Subject: [PATCH] improve docs, allow all kind of passwords

---
 README.md              | 18 +++++++++++-------
 defaults/main.yml      |  4 +++-
 tasks/ansible_user.yml | 11 ++++++++---
 tasks/hostname.yml     | 12 +++++++++++-
 tasks/variables.yml    |  1 -
 5 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 2338980..51a7cee 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,24 @@
  win_ansible_role_base_setup
 =============================
 
-WINDOWS Ansible role to create a little base Setup for my Ansible Managed Windows 10 Enterprise Hosts
-
-## Please not, this is my first windows role and highly experimental!
+WINDOWS Ansible role to create a little base Setup to manage Windows 10 Enterprise Hosts
 
  Requirements
 ----------------
-+ **Pass or gopass** is required to store passwords.
-  + See [ansible docs](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html)
-  + Have a password store setup. Either create a symlink from pass to gopass or use pass nativly.
++ A Windows 10 Host ready to get ansible deployed
 
  What this role does:
 ---------------------
-
++ Create a 'Ansibles' Group and a 'ansible' Administrator user.
+  Use these variables to set a username and a password:
+  * ``win_base_init__created_user_name: 'ansible'``
+  * ``win_base_init__created_user_password: 'ChangeToSecurePassword'``
++ Set the ``inventory_hostname`` as hostname and reboots.
+  * Disable automatic reboot using ``win_base_init__allow_reboot: false``
 + Optionally setting OS description, owner and org if you define them in these variables:
   - ``win_base_init__os_description: ''``
   - ``win_base_init__os_organization: ''``
   - ``win_base_init__os_owner: ''``
++ Installs some packages using chocolatey, defined in:
+  ``win_base_init__packages: [git, Firefox, mpvio, vlc]``
++ Search for updates and log available updates to ``C:\ansible_updates.txt``. *(search only, no installation)*
diff --git a/defaults/main.yml b/defaults/main.yml
index acf6724..d63d95f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
-win_base_init__pass_prefix: 'ansible/windows'
+win_base_init__created_user_name: 'ansible'
+win_base_init__created_user_password: 'ChangeToSecurePassword'
+win_base_init__allow_reboot: true
 win_base_init__packages:
   - git
   - Firefox
diff --git a/tasks/ansible_user.yml b/tasks/ansible_user.yml
index bc83322..8d4ce8a 100644
--- a/tasks/ansible_user.yml
+++ b/tasks/ansible_user.yml
@@ -1,15 +1,20 @@
 ---
-- name: Create Windows group ansibles
+- name: "Create Windows group 'Ansibles'"
   ansible.windows.win_group:
     name: 'Ansibles'
     description: 'Group for Ansible Management'
     state: present
 
+- name: fail if win_obs_init__password is unset
+  ansible.builtin.fail:
+    msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!"
+  when: win_base_init__created_user_password == 'ChangeToSecurePassword'
+
 - name: create ansible User
   ansible.windows.win_user:
-    name: 'ansible'
+    name: "{{ win_base_init__created_user_name }}"
     state: present
-    password: "{{ lookup('community.general.passwordstore', win_base_init__pass_prefix + '/' + inventory_hostname + '/login/ansible create=true length=42 nosymbols=true') }}"
+    password: "{{ win_base_init__created_user_password }}"
     account_disabled: false
     description: 'Account to run ansible commands at this WINDOWS host'
     groups_action: 'add'
diff --git a/tasks/hostname.yml b/tasks/hostname.yml
index 0c6b55b..49cd4d3 100644
--- a/tasks/hostname.yml
+++ b/tasks/hostname.yml
@@ -7,4 +7,14 @@
 - name: host is rebooting in 15 sec!!
   ansible.windows.win_reboot:
     pre_reboot_delay: 15
-  when: res.reboot_required
+  when:
+    - res.reboot_required | bool
+    - win_base_init__allow_reboot | bool
+
+- name: host is rebooting in 15 sec!!
+  ansible.builtin.fail:
+    msg: "Hostname changed. Please reboot to apply changes!"
+  ignore_errors: true
+  when:
+    - res.reboot_required | bool
+    - not win_base_init__allow_reboot | bool
diff --git a/tasks/variables.yml b/tasks/variables.yml
index efb275e..8528197 100644
--- a/tasks/variables.yml
+++ b/tasks/variables.yml
@@ -4,7 +4,6 @@
   vars:
     params:
       files:
-        - "windows_{{ win_base_init__os_language }}.yml"
         - 'windows_default.yml'
       paths:
         - 'vars'