From 2584bd00c802a090a2c1e87a17f680c23162603a Mon Sep 17 00:00:00 2001
From: Jakob Meier <comcloudway@ccw.icu>
Date: Sat, 22 Jul 2023 20:29:58 +0200
Subject: [PATCH] Made system role work on more configurations

---
 roles/system/README.org       | 14 ++++++++++++++
 roles/system/tasks/docker.yml | 10 ++++++++++
 roles/system/tasks/main.yml   |  1 +
 roles/system/tasks/repo.yml   |  2 +-
 roles/system/tasks/user.yml   |  2 +-
 5 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/roles/system/README.org b/roles/system/README.org
index bb72bd3..f5d325e 100644
--- a/roles/system/README.org
+++ b/roles/system/README.org
@@ -4,3 +4,17 @@ The system role/module contains scripts used to setup the base system.
 Including a user, system repositories and docker.
 
 This functions as a base dependency for every other role
+
+** Usage
+This role expects the target to be running Alpine Linux.
+It also requires ~python~ to be installed.
+
+Before running this role,
+make sure to set ~ansible_user~ to ~root~,
+if you haven't set up doas
+(because you want the playbook to do this for you)
+#+begin_src
+ansible_user: root
+#+end_src
+
+After executing this role you can set the user to ~user~
diff --git a/roles/system/tasks/docker.yml b/roles/system/tasks/docker.yml
index 4248f6a..3aa27b7 100644
--- a/roles/system/tasks/docker.yml
+++ b/roles/system/tasks/docker.yml
@@ -9,6 +9,16 @@
       - shadow-subids
     state: latest
 
+- name: Modprobe tun
+  modprobe:
+    name: tun
+
+- name: Ensure tun is autoloaded
+  lineinfile:
+    path: /etc/modules
+    search_string: "^tun$"
+    line: "tun"
+
 # Run docker rootless
 - name: Setup subuid for docker-rootless
   lineinfile:
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index 17cf7b3..158087f 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -2,5 +2,6 @@
 - include_tasks: ssh.yml
 - include_tasks: repo.yml
 - include_tasks: packages.yml
+- include_tasks: user.yml
 - include_tasks: shell.yml
 - include_tasks: docker.yml
diff --git a/roles/system/tasks/repo.yml b/roles/system/tasks/repo.yml
index 967adfe..c496f7e 100644
--- a/roles/system/tasks/repo.yml
+++ b/roles/system/tasks/repo.yml
@@ -2,7 +2,7 @@
 - name: Use alpine edge branch/version
   replace:
     path: /etc/apk/repositories
-    regexp: "^http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
+    regexp: "^#?http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
     replace: "https://dl-cdn.alpinelinux.org/alpine/edge"
 
 - name: Enable Testing repo
diff --git a/roles/system/tasks/user.yml b/roles/system/tasks/user.yml
index 9e3ab01..77d75f1 100644
--- a/roles/system/tasks/user.yml
+++ b/roles/system/tasks/user.yml
@@ -4,7 +4,6 @@
     name: "{{ item }}"
   loop:
     - docker
-    - "{{ username }}"
 
 - name: Ensure a non-root user is created
   user:
@@ -20,6 +19,7 @@
 
 - name: Enable passwordless doas for "{{ username }}"
   lineinfile:
+    create: true
     path: /etc/doas.d/user.conf
     regexp: "^permit nopass :wheel"
     line: "permit nopass :wheel"
-- 
2.38.5