From c65b767a5c551915d970e667ef22aad9227a922a Mon Sep 17 00:00:00 2001
From: marito <dev@marmattheo.com>
Date: Tue, 10 Jun 2025 15:19:31 +0800
Subject: [PATCH] v1

---
 inventory.ini                            |   3 +-
 playbook.yml                             | 143 ++++++++---------------
 templates/incus-preseed.yml.j2           |  22 ----
 templates/zabbly-incus-stable.sources.j2 |   7 --
 4 files changed, 52 insertions(+), 123 deletions(-)
 delete mode 100644 templates/incus-preseed.yml.j2
 delete mode 100644 templates/zabbly-incus-stable.sources.j2

diff --git a/inventory.ini b/inventory.ini
index 2fbb50c..7bf7398 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -1 +1,2 @@
-localhost
+[local]
+localhost ansible_connection=local
\ No newline at end of file
diff --git a/playbook.yml b/playbook.yml
index f2e99b5..26d0b1a 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,121 +1,78 @@
 ---
-- name: Install and Configure Incus (Stable) on Localhost
+- name: Install Incus from Zabbly Stable Repository
   hosts: localhost
-  connection: local
-  become: true
-  vars:
-    # ==> User Configuration
-    # The user to grant Incus admin privileges.
-    # 'ansible_user' resolves to the user running the playbook (e.g., 'ubuntu', 'your_user').
-    incus_admin_user: "{{ ansible_user }}"
+  become: yes
 
-    # ==> Incus Initialization (Preseed) Configuration
-    # Name for the default storage pool
-    incus_storage_pool_name: "default"
-    # Storage driver. 'zfs' is recommended. 'dir' is a fallback.
-    incus_storage_driver: "zfs"
-    # Network bridge name
-    incus_network_bridge: "incusbr0"
-    # IPv4 address and subnet for the bridge
-    incus_ipv4_addr: "10.0.5.1/24"
-    # IPv6 address and subnet for the bridge
-    incus_ipv6_addr: "fd42:5c6b:76c3:513::1/64"
+  vars:
+    zabbly_key_url: "https://pkgs.zabbly.com/key.asc"
+    keyring_dir: "/etc/apt/keyrings"
+    keyring_asc: "/etc/apt/keyrings/zabbly.asc"
+    keyring_gpg: "/etc/apt/keyrings/zabbly.gpg"
+    repo_file: "/etc/apt/sources.list.d/zabbly-incus-stable.sources"
+    os_codename: "{{ ansible_lsb.codename }}"
+    arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
 
   tasks:
-    - name: 1. Install prerequisite packages
-      ansible.builtin.apt:
+    - name: Ensure required tools are installed
+      apt:
         name:
           - curl
           - gnupg
-          - ufw # Ensure ufw is installed for firewall rules
+          - lsb-release
         state: present
-        update_cache: true
+        update_cache: yes
 
-    - name: 2. Create APT keyrings directory
-      ansible.builtin.file:
-        path: /etc/apt/keyrings
+    - name: Create APT keyring directory
+      file:
+        path: "{{ keyring_dir }}"
         state: directory
         mode: '0755'
 
-    - name: 3. Add Zabbly GPG key
-      ansible.builtin.get_url:
-        url: https://pkgs.zabbly.com/key.asc
-        dest: /etc/apt/keyrings/zabbly.asc
+    - name: Download Zabbly GPG key (ASCII)
+      get_url:
+        url: "{{ zabbly_key_url }}"
+        dest: "{{ keyring_asc }}"
         mode: '0644'
-        force: true
 
-    - name: 4. Add Zabbly Incus Stable repository
-      ansible.builtin.template:
-        src: templates/zabbly-incus-stable.sources.j2
-        dest: /etc/apt/sources.list.d/zabbly-incus-stable.sources
-        mode: '0644'
-      notify: Update APT Cache
+    - name: Convert ASCII key to GPG format
+      command: gpg --dearmor -o "{{ keyring_gpg }}" "{{ keyring_asc }}"
+      args:
+        creates: "{{ keyring_gpg }}"
 
-    - name: Handler to update APT cache
-      meta: flush_handlers
+    - name: Add Zabbly Incus Stable APT repository
+      copy:
+        dest: "{{ repo_file }}"
+        content: |
+          Enabled: yes
+          Types: deb
+          URIs: https://pkgs.zabbly.com/incus/stable
+          Suites: {{ os_codename }}
+          Components: main
+          Architectures: {{ arch }}
+          Signed-By: {{ keyring_gpg }}
 
-    - name: 5. Install Incus packages (with ZFS)
-      ansible.builtin.apt:
-        name:
-          - incus
-          - incus-client
-          - incus-ui-canonical
-          - zfsutils-linux
-        state: present
-      when: incus_storage_driver == 'zfs'
+    - name: Update APT cache
+      apt:
+        update_cache: yes
 
-    - name: 5. Install Incus packages (non-ZFS)
-      ansible.builtin.apt:
+    - name: Install Incus packages
+      apt:
         name:
           - incus
           - incus-client
           - incus-ui-canonical
         state: present
-      when: incus_storage_driver != 'zfs'
 
-    - name: 6. Add user to the 'incus-admin' group
-      ansible.builtin.user:
-        name: "{{ incus_admin_user }}"
+    - name: Add current user to incus-admin group
+      user:
+        name: "{{ ansible_user_id }}"
         groups: incus-admin
         append: yes
 
-    - name: 7. Template the Incus preseed configuration file
-      ansible.builtin.template:
-        src: templates/incus-preseed.yml.j2
-        dest: /tmp/incus-preseed.yml
-        mode: '0600'
+    - name: "Notify to run 'newgrp incus-admin' manually"
+      debug:
+        msg: "Run 'newgrp incus-admin' in your terminal to refresh group membership."
 
-    - name: 8. Initialize Incus using preseed configuration
-      ansible.builtin.command:
-        cmd: incus admin init --preseed < /tmp/incus-preseed.yml
-      args:
-        # This task will only run if the storage pool doesn't already exist, making it idempotent.
-        creates: /var/lib/incus/storage-pools/{{ incus_storage_pool_name }}
-
-    - name: 9. Configure Incus to listen for Web UI access
-      ansible.builtin.command:
-        cmd: incus config set core.https_address :8443
-      changed_when: false # This command is idempotent
-
-    - name: 10. Configure UFW firewall rules for Incus bridge
-      community.general.ufw:
-        rule: "{{ item.rule }}"
-        direction: "{{ item.direction | default(omit) }}"
-        interface: "{{ incus_network_bridge }}"
-        route: "{{ item.route | default(omit) }}"
-      loop:
-        - { rule: 'allow', direction: 'in' }
-        - { rule: 'allow', route: 'yes', direction: 'in' }
-        - { rule: 'allow', route: 'yes', direction: 'out' }
-
-    - name: Display post-installation instructions
-      ansible.builtin.debug:
-        msg:
-          - "Incus installation and configuration is complete!"
-          - "IMPORTANT: To manage Incus without 'sudo', you must LOG OUT and LOG BACK IN, or run 'newgrp incus-admin' in your current shell."
-          - "Access the Web UI at: https://localhost:8443"
-
-  handlers:
-    - name: Update APT Cache
-      ansible.builtin.apt:
-        update_cache: true
+    - name: "Reminder to run 'incus admin init'"
+      debug:
+        msg: "After installation, run 'incus admin init' to configure Incus."
diff --git a/templates/incus-preseed.yml.j2 b/templates/incus-preseed.yml.j2
deleted file mode 100644
index 9dfbd22..0000000
--- a/templates/incus-preseed.yml.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-# Ansible-generated Incus preseed configuration
-config: {}
-storage_pools:
-  - name: {{ incus_storage_pool_name }}
-    driver: {{ incus_storage_driver }}
-networks:
-  - name: {{ incus_network_bridge }}
-    type: bridge
-    config:
-      ipv4.address: {{ incus_ipv4_addr }}
-      ipv6.address: {{ incus_ipv6_addr }}
-profiles:
-  - name: default
-    devices:
-      root:
-        path: /
-        pool: {{ incus_storage_pool_name }}
-        type: disk
-      eth0:
-        name: eth0
-        network: {{ incus_network_bridge }}
-        type: nic
diff --git a/templates/zabbly-incus-stable.sources.j2 b/templates/zabbly-incus-stable.sources.j2
deleted file mode 100644
index 09ccf24..0000000
--- a/templates/zabbly-incus-stable.sources.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-Enabled: yes
-Types: deb
-URIs: https://pkgs.zabbly.com/incus/stable
-Suites: {{ ansible_lsb.codename }}
-Components: main
-Architectures: {{ ansible_architecture }}
-Signed-By: /etc/apt/keyrings/zabbly.asc