- name: Generate password for {{ item.name }}
  when: passwords[item.name + '_password'] is not defined
  block:
    - name: Create password for {{ item.name }}
      shell: "< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-64};echo;"
      register: password
    
    - name: Show password json for {{ item.name }}
      debug:
        msg: "{{ password }}"
        verbosity: 2

    - name: Write password for {{ item.name }}
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "{{ item.name }}_password: \"{{ password.stdout }}\""

- name: Generate password for {{ item.name }}
  when: passwords[item.name + '_pbkdf2_sha512_hash'] is not defined
  block:
    - name: Create PBKDF2-SHA512 hash from password for {{ item.name }}
      docker_container:
        name: slappasswd
        image: "{{ docker_registry }}/pwgen"
        cleanup: true
        detach: false
        container_default_behavior: no_defaults
        command: "slappasswd -o module-load=pw-pbkdf2 -h {PBKDF2-SHA512} -s {{ password.stdout | default(item.name + '_password') }}"
      register: docker_container_output
    
    - name: Write PBKDF2-SHA512 hash for {{ item.name }}
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "{{ item.name }}_pbkdf2_sha512_hash: \"{{ docker_container_output.container.Output.split('\n')[0] }}\""