5 files changed, 27 insertions(+), 2 deletions(-)

M roles/system/README.org
M roles/system/tasks/docker.yml
M roles/system/tasks/main.yml
M roles/system/tasks/repo.yml
M roles/system/tasks/user.yml

@@ 4,3 4,17 @@ The system role/module contains scripts used to setup the base system.
 Including a user, system repositories and docker.
 
 This functions as a base dependency for every other role
+
+** Usage
+This role expects the target to be running Alpine Linux.
+It also requires ~python~ to be installed.
+
+Before running this role,
+make sure to set ~ansible_user~ to ~root~,
+if you haven't set up doas
+(because you want the playbook to do this for you)
+#+begin_src
+ansible_user: root
+#+end_src
+
+After executing this role you can set the user to ~user~

@@ 9,6 9,16 @@
       - shadow-subids
     state: latest
 
+- name: Modprobe tun
+  modprobe:
+    name: tun
+
+- name: Ensure tun is autoloaded
+  lineinfile:
+    path: /etc/modules
+    search_string: "^tun$"
+    line: "tun"
+
 # Run docker rootless
 - name: Setup subuid for docker-rootless
   lineinfile:

@@ 2,5 2,6 @@
 - include_tasks: ssh.yml
 - include_tasks: repo.yml
 - include_tasks: packages.yml
+- include_tasks: user.yml
 - include_tasks: shell.yml
 - include_tasks: docker.yml

@@ 2,7 2,7 @@
 - name: Use alpine edge branch/version
   replace:
     path: /etc/apk/repositories
-    regexp: "^http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
+    regexp: "^#?http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
     replace: "https://dl-cdn.alpinelinux.org/alpine/edge"
 
 - name: Enable Testing repo

@@ 4,7 4,6 @@
     name: "{{ item }}"
   loop:
     - docker
-    - "{{ username }}"
 
 - name: Ensure a non-root user is created
   user:


@@ 20,6 19,7 @@
 
 - name: Enable passwordless doas for "{{ username }}"
   lineinfile:
+    create: true
     path: /etc/doas.d/user.conf
     regexp: "^permit nopass :wheel"
     line: "permit nopass :wheel"