The FAQ describes a Python one-liner for generating encrypted passwords for the user module.

It uses passlib, which is unmaintained and AFAIK does not have a "canonical" fork with any guarantees of long-term maintenance. The Python one-liner is a bit unwieldy, you'd probably want a virtualenv for passlib to avoid a global install, especially if the user relies on the system Python instead of something managed by uv/pyenv/mise/asdf etc... In short, it's not great.

Many (most?) macOS ansible users probably have either Homebrew or MacPorts installed, and therefore are one command away from having access to a version of OpenSSL that supports SHA-512 hashes compatible with the user module. (LibreSSL, shipped by Apple as /usr/bin/openssl, seems to have never added the support.)

Perhaps brew install openssl/sudo port install openssl followed by openssl passwd -6 -noverify could be added as an alternative method? The UX is the same as the Python one-liner that relies on getpass.getpass(), prompting the user and printing out the hash.