From f25c8be0f9d3892e13423bd43c2abdd24195677e Mon Sep 17 00:00:00 2001
From: Gerald Pinder <4626052+gmpinder@users.noreply.github.com>
Date: Sun, 11 May 2025 13:22:52 -0400
Subject: [PATCH] Create systemd unit to create rke user

---
 files/rke_setup/etc/sudoers.d/99_rke2            |  3 +++
 .../lib/systemd/system/create_rke_user.service   | 16 ++++++++++++++++
 .../usr/libexec/rke2/create_rke_user.sh          | 15 +++++++++++++++
 recipes/common/jp-minis.yml                      |  7 ++++++-
 4 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 files/rke_setup/etc/sudoers.d/99_rke2
 create mode 100644 files/rke_setup/usr/lib/systemd/system/create_rke_user.service
 create mode 100755 files/rke_setup/usr/libexec/rke2/create_rke_user.sh

diff --git a/files/rke_setup/etc/sudoers.d/99_rke2 b/files/rke_setup/etc/sudoers.d/99_rke2
new file mode 100644
index 0000000..18dedab
--- /dev/null
+++ b/files/rke_setup/etc/sudoers.d/99_rke2
@@ -0,0 +1,3 @@
+Cmnd_Alias RKE_CMDS = /usr/bin/chown, /usr/bin/chmod, /usr/bin/mkdir, /usr/bin/systemctl, /usr/bin/cp, /usr/bin/find, /usr/bin/ls, /usr/bin/reboot, /usr/bin/install, /usr/bin/rke2, /usr/bin/firewall-cmd
+
+rke ALL=(root) NOPASSWD: RKE_CMDS
diff --git a/files/rke_setup/usr/lib/systemd/system/create_rke_user.service b/files/rke_setup/usr/lib/systemd/system/create_rke_user.service
new file mode 100644
index 0000000..d7c3b76
--- /dev/null
+++ b/files/rke_setup/usr/lib/systemd/system/create_rke_user.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Create 'rke' user and add to docker group
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/rke2/create-rke-user.sh
+RemainAfterExit=yes
+
+# Disable and mask the service after successful execution
+ExecStartPost=-/bin/systemctl disable --now create-rke-user.service
+ExecStartPost=-/bin/systemctl mask --now create-rke-user.service
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/files/rke_setup/usr/libexec/rke2/create_rke_user.sh b/files/rke_setup/usr/libexec/rke2/create_rke_user.sh
new file mode 100755
index 0000000..422d58c
--- /dev/null
+++ b/files/rke_setup/usr/libexec/rke2/create_rke_user.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Check if user 'rke' exists
+if ! id -u rke &> /dev/null; then
+    echo "Creating user 'rke'"
+    # Create user 'rke' with home directory using useradd
+    sudo useradd --system -m rke
+fi
+
+# Add 'rke' to docker group
+echo "Adding 'rke' to docker group"
+sudo usermod -aG docker rke
+
+echo "Done"
+exit 0
diff --git a/recipes/common/jp-minis.yml b/recipes/common/jp-minis.yml
index b3e3a6e..f23b353 100644
--- a/recipes/common/jp-minis.yml
+++ b/recipes/common/jp-minis.yml
@@ -1,7 +1,6 @@
 modules:
   - from-file: common/common.yml
   - type: dnf
-    # source: local
     repos:
       cleanup: true
       files:
@@ -27,10 +26,16 @@ modules:
   - type: script
     snippets:
       - curl -sfL https://get.rke2.io | sh
+      - sed -i 's|#includedir /etc/sudoers.d|includedir /etc/sudoers.d|' /etc/sudoers
+  - type: files
+    files:
+      - source: rke_setup
+        destination: /
   - type: systemd
     system:
       enabled:
       - docker.service
+      - create_rke_user.service
   - from-file: common/updates.yml
   - from-file: common/bluebuild-logo.yml
   - from-file: common/jp-chezmoi.yml