improve docs, allow all kind of passwords

README.md

@@ -1,20 +1,24 @@
  win_ansible_role_base_setup
 =============================
 
-WINDOWS Ansible role to create a little base Setup for my Ansible Managed Windows 10 Enterprise Hosts
+WINDOWS Ansible role to create a little base Setup to manage Windows 10 Enterprise Hosts
-
-## Please not, this is my first windows role and highly experimental!
 
  Requirements
 ----------------
-+ **Pass or gopass** is required to store passwords.
++ A Windows 10 Host ready to get ansible deployed
-  + See [ansible docs](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html)
-  + Have a password store setup. Either create a symlink from pass to gopass or use pass nativly.
 
  What this role does:
 ---------------------
-
++ Create a 'Ansibles' Group and a 'ansible' Administrator user.
+  Use these variables to set a username and a password:
+  * ``win_base_init__created_user_name: 'ansible'``
+  * ``win_base_init__created_user_password: 'ChangeToSecurePassword'``
++ Set the ``inventory_hostname`` as hostname and reboots.
+  * Disable automatic reboot using ``win_base_init__allow_reboot: false``
 + Optionally setting OS description, owner and org if you define them in these variables:
   - ``win_base_init__os_description: ''``
   - ``win_base_init__os_organization: ''``
   - ``win_base_init__os_owner: ''``
++ Installs some packages using chocolatey, defined in:
+  ``win_base_init__packages: [git, Firefox, mpvio, vlc]``
++ Search for updates and log available updates to ``C:\ansible_updates.txt``. *(search only, no installation)*

defaults/main.yml

@@ -1,5 +1,7 @@
 ---
-win_base_init__pass_prefix: 'ansible/windows'
+win_base_init__created_user_name: 'ansible'
+win_base_init__created_user_password: 'ChangeToSecurePassword'
+win_base_init__allow_reboot: true
 win_base_init__packages:
   - git
   - Firefox

tasks/ansible_user.yml

@@ -1,15 +1,20 @@
 ---
-- name: Create Windows group ansibles
+- name: "Create Windows group 'Ansibles'"
   ansible.windows.win_group:
     name: 'Ansibles'
     description: 'Group for Ansible Management'
     state: present
 
+- name: fail if win_obs_init__password is unset
+  ansible.builtin.fail:
+    msg: "Please define a password for the user {{ win_base_init__created_user_name }} using 'win_base_init__created_user_password'!"
+  when: win_base_init__created_user_password == 'ChangeToSecurePassword'
+
 - name: create ansible User
   ansible.windows.win_user:
-    name: 'ansible'
+    name: "{{ win_base_init__created_user_name }}"
     state: present
-    password: "{{ lookup('community.general.passwordstore', win_base_init__pass_prefix + '/' + inventory_hostname + '/login/ansible create=true length=42 nosymbols=true') }}"
+    password: "{{ win_base_init__created_user_password }}"
     account_disabled: false
     description: 'Account to run ansible commands at this WINDOWS host'
     groups_action: 'add'

tasks/hostname.yml

@@ -7,4 +7,14 @@
 - name: host is rebooting in 15 sec!!
   ansible.windows.win_reboot:
     pre_reboot_delay: 15
-  when: res.reboot_required
+  when:
+    - res.reboot_required | bool
+    - win_base_init__allow_reboot | bool
+
+- name: host is rebooting in 15 sec!!
+  ansible.builtin.fail:
+    msg: "Hostname changed. Please reboot to apply changes!"
+  ignore_errors: true
+  when:
+    - res.reboot_required | bool
+    - not win_base_init__allow_reboot | bool

tasks/variables.yml

@@ -4,7 +4,6 @@
   vars:
     params:
       files:
-        - "windows_{{ win_base_init__os_language }}.yml"
         - 'windows_default.yml'
       paths:
         - 'vars'