refactor(proxmox_lxc_provision): rename password vars and parameterize user name

Rename lxc_password to lxc_root_password for consistency with the new
lxc_user_password (replaces the previously bare 'password' variable in
post-clone.yml, which silently collided with any same-named caller var).
Add lxc_user_name (default: admin) so the non-root account managed in
post-clone.yml is no longer hardcoded. Apply default(omit) to the root
password in create.yml so it is genuinely optional as documented.

BREAKING CHANGE: callers passing lxc_password or a bare 'password' var
must rename to lxc_root_password and lxc_user_password respectively.

roles/proxmox_lxc_provision/README.md

@@ -62,7 +62,9 @@ It also includes tasks which may be used individually:
 | `lxc_storage` | Target storage for the container | `local-zfs` |
 | `lxc_size` | Disk size in GB | `16` |
 | `lxc_disk` | The target storage and storage size | `local-zfs:16` |
-| `lxc_password` | The password for the root account | - |
+| `lxc_root_password` | Password for the root account. On creates from `lxc_template` it is set via the Proxmox API; on clones it is applied inside the container by `post-clone.yml`. | - |
+| `lxc_user_name` | Name of an additional non-root user to manage in `post-clone.yml` (clone path only). | `admin` |
+| `lxc_user_password` | Password for `lxc_user_name`. Only applied on the clone path via `post-clone.yml`. The user must already exist in the source template. | - |
 | `lxc_cores` | The number of CPU cores | `4` |
 | `lxc_memory` | Memory size in MB | `2048` |
 | `lxc_swap` | Swap memory size in MB | `2048` |

roles/proxmox_lxc_provision/defaults/main.yml

@@ -25,3 +25,4 @@ lxc_nvidia_gpu_mount: false
 lxc_tags: ["ansible-managed"]
 lxc_clone_type: full
 lxc_start: true
+lxc_user_name: admin

roles/proxmox_lxc_provision/tasks/create.yml

@@ -3,7 +3,7 @@
   community.proxmox.proxmox:
     vmid: "{{ lxc_vmid | default(omit) }}"
     hostname: "{{ lxc_hostname }}"
-    password: "{{ lxc_password }}"
+    password: "{{ lxc_root_password | default(omit) }}"
     ostemplate: "{{ lxc_template }}"
     cores: "{{ lxc_cores }}"
     memory: "{{ lxc_memory }}"

roles/proxmox_lxc_provision/tasks/post-clone.yml

@@ -2,16 +2,16 @@
 - name: Change root password
   ansible.builtin.user:
     name: root
-    password: "{{ lxc_password | password_hash('sha512') }}"
+    password: "{{ lxc_root_password | password_hash('sha512') }}"
     update_password: always
-  when: lxc_password is defined
+  when: lxc_root_password is defined
 
-- name: Change admin password
+- name: Change user password
   ansible.builtin.user:
-    name: admin
+    name: "{{ lxc_user_name }}"
-    password: "{{ password | password_hash('sha512') }}"
+    password: "{{ lxc_user_password | password_hash('sha512') }}"
     update_password: always
-  when: password is defined
+  when: lxc_user_password is defined
 
 - name: Regenerate SSH host keys
   ansible.builtin.include_role:

roles/proxmox_lxc_provision/tasks/update.yml

@@ -3,7 +3,7 @@
   community.proxmox.proxmox:
     vmid: "{{ lxc_vmid }}"
     hostname: "{{ lxc_hostname }}"
-    password: "{{ lxc_password | default(omit) }}"
+    password: "{{ lxc_root_password | default(omit) }}"
     cores: "{{ lxc_cores }}"
     memory: "{{ lxc_memory }}"
     swap: "{{ lxc_swap }}"