Change the P12 and SSH passwords only for new users (#550)

roles/ssh_tunneling/tasks/main.yml

@@ -37,6 +37,7 @@
         ssh_key_bits: 256
         ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
         ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
+        update_password: on_create
         state: present
         append: yes
       with_items: "{{ users }}"
@@ -82,7 +83,7 @@
       become: no
       with_items:
         - "{{ users }}"
-        
+
     - name: SSH | Get active system users
       shell: >
         getent group algo | cut -f4 -d: | sed "s/,/\n/g"

roles/vpn/tasks/openssl.yml

@@ -122,7 +122,9 @@
       -passout pass:"{{ easyrsa_p12_export_password }}"
     args:
       chdir: "configs/{{ IP_subject_alt_name }}/pki/"
+      creates: private/{{ item }}.p12
     with_items: "{{ users }}"
+    register: p12
 
   - name: Copy the p12 certificates
     copy:

users.yml

@@ -62,7 +62,7 @@
         - debug:
             msg:
               - "{{ congrats.common.split('\n') }}"
-              - "    {{ congrats.p12_pass }}"
+              - "    {% if p12.changed %}{{ congrats.p12_pass }}{% endif %}"
           tags: always
       rescue:
         - debug: var=fail_hint