M roles/system/README.org => roles/system/README.org +14 -0
@@ 4,3 4,17 @@ The system role/module contains scripts used to setup the base system.
Including a user, system repositories and docker.
This functions as a base dependency for every other role
+
+** Usage
+This role expects the target to be running Alpine Linux.
+It also requires ~python~ to be installed.
+
+Before running this role,
+make sure to set ~ansible_user~ to ~root~,
+if you haven't set up doas
+(because you want the playbook to do this for you)
+#+begin_src
+ansible_user: root
+#+end_src
+
+After executing this role you can set the user to ~user~
M roles/system/tasks/docker.yml => roles/system/tasks/docker.yml +10 -0
@@ 9,6 9,16 @@
- shadow-subids
state: latest
+- name: Modprobe tun
+ modprobe:
+ name: tun
+
+- name: Ensure tun is autoloaded
+ lineinfile:
+ path: /etc/modules
+ search_string: "^tun$"
+ line: "tun"
+
# Run docker rootless
- name: Setup subuid for docker-rootless
lineinfile:
M roles/system/tasks/main.yml => roles/system/tasks/main.yml +1 -0
@@ 2,5 2,6 @@
- include_tasks: ssh.yml
- include_tasks: repo.yml
- include_tasks: packages.yml
+- include_tasks: user.yml
- include_tasks: shell.yml
- include_tasks: docker.yml
M roles/system/tasks/repo.yml => roles/system/tasks/repo.yml +1 -1
@@ 2,7 2,7 @@
- name: Use alpine edge branch/version
replace:
path: /etc/apk/repositories
- regexp: "^http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
+ regexp: "^#?http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
replace: "https://dl-cdn.alpinelinux.org/alpine/edge"
- name: Enable Testing repo
M roles/system/tasks/user.yml => roles/system/tasks/user.yml +1 -1
@@ 4,7 4,6 @@
name: "{{ item }}"
loop:
- docker
- - "{{ username }}"
- name: Ensure a non-root user is created
user:
@@ 20,6 19,7 @@
- name: Enable passwordless doas for "{{ username }}"
lineinfile:
+ create: true
path: /etc/doas.d/user.conf
regexp: "^permit nopass :wheel"
line: "permit nopass :wheel"