From baba55e05a7d065ed8ae3252d765c70092e32c6e Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Fri, 12 Nov 2021 15:29:39 +0100
Subject: [PATCH] Optional non-empty passwords for the container user.

---
 edubox.yml                        |  3 +++
 roles/educontainer/tasks/main.yml | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/edubox.yml b/edubox.yml
index 87ca8ee..60c2e13 100644
--- a/edubox.yml
+++ b/edubox.yml
@@ -7,6 +7,9 @@
   become: yes
   vars:
     contname: cont
+    ## Password for the user 'ansible' in the container,
+    ## leave empty to log in without password:
+    contpwd: ""
     containers: "{{ range(0, 9 + 1) | list }}"
     extra_pkgs: [apt-cacher-ng]
 
diff --git a/roles/educontainer/tasks/main.yml b/roles/educontainer/tasks/main.yml
index 46b8f5c..3ce27c5 100644
--- a/roles/educontainer/tasks/main.yml
+++ b/roles/educontainer/tasks/main.yml
@@ -103,14 +103,21 @@
     cmd: chroot . sh -c "passwd -d ansible"
   args:
     chdir: /var/lib/machines/{{ contname }}00
-  when: user_account.changed | default(false)
+  when: user_account.changed | default(false) and contpwd | length == 0
+
+- name: provide password for container ansible user
+  command:
+    cmd: chroot . sh -c "echo ansible:{{ contpwd }} | chpasswd"
+  args:
+    chdir: /var/lib/machines/{{ contname }}00
+  when: user_account.changed | default(true) and contpwd | length > 0
 
 - name: allow empty passwords in ssh
   lineinfile:
     path: /var/lib/machines/{{ contname }}00/etc/ssh/sshd_config
     insertafter: '#PermitEmptyPasswords no'
     line: 'PermitEmptyPasswords yes'
-  when: user_account.changed | default(false)
+  when: user_account.changed | default(false) and contpwd | length == 0
 
 - name: prepare directories
   file: