first commit

.gitignore

@@ -0,0 +1,28 @@
+# Ansible runtime files
+*.retry
+.ansible/
+
+# Local secret files
+*.vault
+*.secret
+*.secrets
+vault.yml
+secrets.yml
+AGENTS.md
+
+# Python caches
+__pycache__/
+*.py[cod]
+
+# Editor and OS files
+.DS_Store
+Thumbs.db
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Local environment files
+.env
+.env.*
+!.env.example

ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+inventory = inventories/hosts.yml
+host_key_checking = True
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+become_method = sudo

group_vars/all.yml

@@ -0,0 +1,3 @@
+---
+# Shared variables are currently defined in inventories/hosts.yml under all.vars
+# so they are always loaded with the selected inventory.

inventories/hosts.yml

@@ -0,0 +1,17 @@
+---
+all:
+  vars:
+    ansible_user: olivier
+    password_target_user: olivier
+
+  children:
+    test:
+      hosts:
+        srv-docker-lab-01.maison.bro:
+          ansible_ssh_private_key_file: ~/.ssh/id_ed25519
+
+    linux_servers:
+      hosts:
+        server-1:
+        server-2:
+          ansible_host: 192.0.2.12

playbooks/change_password.yml

@@ -0,0 +1,30 @@
+---
+- name: Change account password
+  hosts: all
+  gather_facts: false
+  become: true
+
+  vars:
+    target_account_name: >-
+      {{ password_target_user | default(ansible_user, true) }}
+
+  vars_prompt:
+    - name: new_account_password
+      prompt: New password for the target account
+      private: true
+      confirm: true
+
+  pre_tasks:
+    - name: Validate target user
+      ansible.builtin.assert:
+        that:
+          - target_account_name is defined
+          - target_account_name | length > 0
+        fail_msg: "Set password_target_user or ansible_user for each host."
+
+  tasks:
+    - name: Update password for target account
+      ansible.builtin.command:
+        cmd: chpasswd
+        stdin: "{{ target_account_name }}:{{ new_account_password }}"
+      no_log: true