Use crypted password rather than plain text

inventory/group_vars/all

@@ -1,6 +1,4 @@
 ---
 user_name: videoteam
-# The video user's password. It can be set during install, by preseed, so you
-# don't have to set it here
-#user_password: please_change_me
-#pw_salt: please_change_me
+# crypt(3)ed password. e.g. echo -e redPill | mkpasswd -s -m SHA-512
+user_password_crypted: $6$8HM7EZ2Uf73ekI$dtCsm0VMP68M0uR5Kbf/9MoNhuXmoiVgOkcq0miFn64EFWqG79z6spWb1SKegu7ft937bHHe5SA9wYErUr60G0

roles/tftp-server/defaults/main.yml

@@ -10,5 +10,4 @@ apt_proxy: false
 #mirror: deb.debian.org
 
 user_name: videoteam
-user_password: null
-pw_salt: U1ESiTXUQE0tFh2r4LRl
+user_password_crypted: null

roles/tftp-server/templates/preseed.cfg.j2

@@ -128,8 +128,10 @@ d-i passwd/make-user boolean true
 # To create a normal user account.
 d-i passwd/user-fullname string Video Team User
 d-i passwd/username string {{ user_name }}
-# or encrypted using an MD5 hash.
-d-i passwd/user-password-crypted password {{ user_password |password_hash('sha512', pw_salt) }}
+# or encrypted.
+{% if user_password_crypted %}
+d-i passwd/user-password-crypted password {{ user_password_crypted }}
+{% endif %}
 {% if ansible_distribution == 'Ubuntu' %}
 # Ubuntu offers encrypted home directories
 d-i user-setup/encrypt-home boolean false

roles/users/defaults/main.yml

@@ -1,8 +1,7 @@
 ---
 user_name: videoteam
 user_group: videoteam
-user_password: null
-pw_salt: XIc3E749RVFPAcAE
+user_password_crypted: null
 public_keys_onsite:
 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIV8pOIHMN/1feXMgnmmHg2cEVLJQ1bu2F8AjpzWdoRJAtS+onMUN2y1jbfT59BSxQ1zStIbRnYyYJy3ylpEbsfTngYU7v9p0VFAcjRGfhjHFr0ImC/rkjlTnkNYnUc3D3hIIXlgk0OxqL/X7eGPruPVpznJivypDr2aI9Qzf6A0CXlXjzflzhSbwa1HkoY+XwPXC0SJogmxfn4e2NuNFRx1mW6xwa7cDibop0eeiql1rasN8f0m4ErJdKxed79Bt7a9+Kz01yDdDjNEbQeSSf0JpUPB4/UeSViWePbS83vYjXLG3EOjAIdHlirN5arhXoO0YcoQHnRyc+gcjSkm5d stefanor smartcard
 public_keys_offsite:

roles/users/tasks/main.yml

@@ -3,9 +3,8 @@
   user:
     name: "{{ user_name }}"
     groups: audio,plugdev,sudo,video
-    password: "{{ user_password |password_hash('sha512', pw_salt) }}"
-    shell: /bin/bash
-  when: user_password
+    password: "{{ user_password_crypted }}"
+  when: user_password_crypted
 
 - name: install sudo
   apt: