From 04340d1a04eba504accd69644467eb32fe291b38 Mon Sep 17 00:00:00 2001
From: Sandwich <sandwich@archworks.co>
Date: Fri, 20 Feb 2026 22:27:17 +0100
Subject: [PATCH] fix(configuration): use chpasswd for root password and
 separate shell setting

---
 roles/configuration/tasks/users.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/roles/configuration/tasks/users.yml b/roles/configuration/tasks/users.yml
index c86950a..d4c6817 100644
--- a/roles/configuration/tasks/users.yml
+++ b/roles/configuration/tasks/users.yml
@@ -1,14 +1,17 @@
 ---
 - name: Set root password
-  vars:
-    configuration_root_cmd: >-
-      {{ chroot_command }} /usr/sbin/usermod --password
-      '{{ system_cfg.root.password | password_hash('sha512') }}' root --shell {{ system_cfg.root.shell | default('/bin/bash') }}
-  ansible.builtin.command: "{{ configuration_root_cmd }}"
+  ansible.builtin.shell: >-
+    echo 'root:{{ system_cfg.root.password | password_hash("sha512") }}' | {{ chroot_command }} chpasswd -e
   register: configuration_root_result
   changed_when: configuration_root_result.rc == 0
   no_log: true
 
+- name: Set root shell
+  ansible.builtin.command: >-
+    {{ chroot_command }} /usr/sbin/usermod --shell {{ system_cfg.root.shell | default('/bin/bash') }} root
+  register: configuration_root_shell_result
+  changed_when: configuration_root_shell_result.rc == 0
+
 - name: Create user accounts
   vars:
     configuration_user_group: >-