add documentation for passwordstore usage

docs/installing.md

@@ -41,6 +41,8 @@ If you **don't** use SSH keys for authentication, but rather a regular password,
 
 If you **do** use SSH keys for authentication, **and** use a non-root user to *become* root (sudo), you may need to add `-K` (`--ask-become-pass`) to all Ansible commands.
 
+If you use a password manager like `pass` or `gopass`, you can also add `ansible_become_password: "{{ lookup('community.general.passwordstore', 'path/to/password' }}"` to the hosts file. See the [documentation](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html) for more configuration options.
+
 There 2 ways to start the installation process — depending on whether you're [Installing a brand new server (without importing data)](#installing-a-brand-new-server-without-importing-data) or [Installing a server into which you'll import old data](#installing-a-server-into-which-youll-import-old-data).
 
 **Note**: if you are migrating from an old server to a new one, take a look at [this guide](maintenance-migrating.md) instead. This is an easier and more straightforward way than installing a server and importing old data into it.

examples/hosts

@@ -3,7 +3,8 @@
 #
 # To connect using a non-root user (and elevate to root with sudo later),
 # replace `ansible_ssh_user=root` with something like this: `ansible_ssh_user=username ansible_become=true ansible_become_user=root`.
-# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE` to the host line
+# If sudo requires a password, either add `ansible_become_password=PASSWORD_HERE`
+# or `ansible_become_password: "{{ lookup('community.general.passwordstore', 'path/to/password' }}"` to the host line,
 # or tell Ansible to ask you for the password interactively by adding a `--ask-become-pass` (`-K`) flag to all `ansible-playbook` (or `just`) commands.
 #
 # For improved Ansible performance, SSH pipelining is enabled by default in `ansible.cfg`.