From 03dedfda68eaf7c7debd06cba590952dea3ef3c8 Mon Sep 17 00:00:00 2001
From: Maksym Buz <buz.maxim@gmail.com>
Date: Sun, 4 Jan 2026 11:23:19 +0100
Subject: [PATCH] feat: Use `ansible_password` variable for LXC password and
 SSH pass, include `vars.yml`, and enable Proxmox LXC updates.

---
 example_secrets.yml      | 4 +++-
 playbooks/create_lxc.yml | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/example_secrets.yml b/example_secrets.yml
index 1fb8bb0..c924705 100644
--- a/example_secrets.yml
+++ b/example_secrets.yml
@@ -1,4 +1,6 @@
-# Copy this into secrets.yml and replate with a real values
+### Copy this into secrets.yml and replate with a real values ###
+
+# Password used for Ansible to connect to LXC as root (if not using SSH keys)
 ansible_password: 'REPLACE_WITH_ROOT_PASSWORD'
 # Zabbix proxy parameters for connecting to Zabbix server
 zabbix_server_address: 'x.x.x.x'
diff --git a/playbooks/create_lxc.yml b/playbooks/create_lxc.yml
index c91d6fa..050db12 100644
--- a/playbooks/create_lxc.yml
+++ b/playbooks/create_lxc.yml
@@ -4,6 +4,7 @@
   gather_facts: no
   vars_files:
     - "../secrets.yml"
+    - "../vars.yml"
   vars_prompt:
     - name: container_name
       prompt: "Enter the new container name (e.g., my-service)"
@@ -26,12 +27,13 @@
         api_user: "{{ proxmox_api_user }}"
         api_token_id: "{{ proxmox_api_token_id }}"
         api_token_secret: "{{ proxmox_api_token_secret }}"
+        update: yes
         node: "{{ proxmox_node }}"
         storage: "{{ proxmox_storage }}"
         ostemplate: '{{ proxmox_storage }}:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst'
         vmid: "{{ container_id }}"
         hostname: "{{ container_name }}"
-        password: "TempPassword123!" # Temporary password, will be disabled by lxc_setup
+        password: "{{ ansible_password }}" 
         netif:
           net0: "name=eth0,gw=10.0.0.1,ip={{ container_ip_cidr }},bridge=vmbr0"
         cores: 2
@@ -66,7 +68,7 @@
         groups: new
         ansible_host: "{{ container_ip_cidr | split('/') | first }}"
         ansible_user: root
-        ansible_ssh_pass: "TempPassword123!"
+        ansible_ssh_pass: "{{ ansible_password }}"
         # We need to ignore host key checking for the fresh container to avoid interactive prompt
         ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'