v1

inventory.ini

@@ -1 +1,2 @@
-localhost
+[local]
+localhost ansible_connection=local

playbook.yml

@@ -1,121 +1,78 @@
 ---
-- name: Install and Configure Incus (Stable) on Localhost
+- name: Install Incus from Zabbly Stable Repository
   hosts: localhost
-  connection: local
+  become: yes
-  become: true
-  vars:
-    # ==> User Configuration
-    # The user to grant Incus admin privileges.
-    # 'ansible_user' resolves to the user running the playbook (e.g., 'ubuntu', 'your_user').
-    incus_admin_user: "{{ ansible_user }}"
 
-    # ==> Incus Initialization (Preseed) Configuration
+  vars:
-    # Name for the default storage pool
+    zabbly_key_url: "https://pkgs.zabbly.com/key.asc"
-    incus_storage_pool_name: "default"
+    keyring_dir: "/etc/apt/keyrings"
-    # Storage driver. 'zfs' is recommended. 'dir' is a fallback.
+    keyring_asc: "/etc/apt/keyrings/zabbly.asc"
-    incus_storage_driver: "zfs"
+    keyring_gpg: "/etc/apt/keyrings/zabbly.gpg"
-    # Network bridge name
+    repo_file: "/etc/apt/sources.list.d/zabbly-incus-stable.sources"
-    incus_network_bridge: "incusbr0"
+    os_codename: "{{ ansible_lsb.codename }}"
-    # IPv4 address and subnet for the bridge
+    arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
-    incus_ipv4_addr: "10.0.5.1/24"
-    # IPv6 address and subnet for the bridge
-    incus_ipv6_addr: "fd42:5c6b:76c3:513::1/64"
 
   tasks:
-    - name: 1. Install prerequisite packages
+    - name: Ensure required tools are installed
-      ansible.builtin.apt:
+      apt:
         name:
           - curl
           - gnupg
-          - ufw # Ensure ufw is installed for firewall rules
+          - lsb-release
         state: present
-        update_cache: true
+        update_cache: yes
 
-    - name: 2. Create APT keyrings directory
+    - name: Create APT keyring directory
-      ansible.builtin.file:
+      file:
-        path: /etc/apt/keyrings
+        path: "{{ keyring_dir }}"
         state: directory
         mode: '0755'
 
-    - name: 3. Add Zabbly GPG key
+    - name: Download Zabbly GPG key (ASCII)
-      ansible.builtin.get_url:
+      get_url:
-        url: https://pkgs.zabbly.com/key.asc
+        url: "{{ zabbly_key_url }}"
-        dest: /etc/apt/keyrings/zabbly.asc
+        dest: "{{ keyring_asc }}"
         mode: '0644'
-        force: true
 
-    - name: 4. Add Zabbly Incus Stable repository
+    - name: Convert ASCII key to GPG format
-      ansible.builtin.template:
+      command: gpg --dearmor -o "{{ keyring_gpg }}" "{{ keyring_asc }}"
-        src: templates/zabbly-incus-stable.sources.j2
+      args:
-        dest: /etc/apt/sources.list.d/zabbly-incus-stable.sources
+        creates: "{{ keyring_gpg }}"
-        mode: '0644'
-      notify: Update APT Cache
 
-    - name: Handler to update APT cache
+    - name: Add Zabbly Incus Stable APT repository
-      meta: flush_handlers
+      copy:
+        dest: "{{ repo_file }}"
+        content: |
+          Enabled: yes
+          Types: deb
+          URIs: https://pkgs.zabbly.com/incus/stable
+          Suites: {{ os_codename }}
+          Components: main
+          Architectures: {{ arch }}
+          Signed-By: {{ keyring_gpg }}
 
-    - name: 5. Install Incus packages (with ZFS)
+    - name: Update APT cache
-      ansible.builtin.apt:
+      apt:
-        name:
+        update_cache: yes
-          - incus
-          - incus-client
-          - incus-ui-canonical
-          - zfsutils-linux
-        state: present
-      when: incus_storage_driver == 'zfs'
 
-    - name: 5. Install Incus packages (non-ZFS)
+    - name: Install Incus packages
-      ansible.builtin.apt:
+      apt:
         name:
           - incus
           - incus-client
           - incus-ui-canonical
         state: present
-      when: incus_storage_driver != 'zfs'
 
-    - name: 6. Add user to the 'incus-admin' group
+    - name: Add current user to incus-admin group
-      ansible.builtin.user:
+      user:
-        name: "{{ incus_admin_user }}"
+        name: "{{ ansible_user_id }}"
         groups: incus-admin
         append: yes
 
-    - name: 7. Template the Incus preseed configuration file
+    - name: "Notify to run 'newgrp incus-admin' manually"
-      ansible.builtin.template:
+      debug:
-        src: templates/incus-preseed.yml.j2
+        msg: "Run 'newgrp incus-admin' in your terminal to refresh group membership."
-        dest: /tmp/incus-preseed.yml
-        mode: '0600'
 
-    - name: 8. Initialize Incus using preseed configuration
+    - name: "Reminder to run 'incus admin init'"
-      ansible.builtin.command:
+      debug:
-        cmd: incus admin init --preseed < /tmp/incus-preseed.yml
+        msg: "After installation, run 'incus admin init' to configure Incus."
-      args:
-        # This task will only run if the storage pool doesn't already exist, making it idempotent.
-        creates: /var/lib/incus/storage-pools/{{ incus_storage_pool_name }}
-
-    - name: 9. Configure Incus to listen for Web UI access
-      ansible.builtin.command:
-        cmd: incus config set core.https_address :8443
-      changed_when: false # This command is idempotent
-
-    - name: 10. Configure UFW firewall rules for Incus bridge
-      community.general.ufw:
-        rule: "{{ item.rule }}"
-        direction: "{{ item.direction | default(omit) }}"
-        interface: "{{ incus_network_bridge }}"
-        route: "{{ item.route | default(omit) }}"
-      loop:
-        - { rule: 'allow', direction: 'in' }
-        - { rule: 'allow', route: 'yes', direction: 'in' }
-        - { rule: 'allow', route: 'yes', direction: 'out' }
-
-    - name: Display post-installation instructions
-      ansible.builtin.debug:
-        msg:
-          - "Incus installation and configuration is complete!"
-          - "IMPORTANT: To manage Incus without 'sudo', you must LOG OUT and LOG BACK IN, or run 'newgrp incus-admin' in your current shell."
-          - "Access the Web UI at: https://localhost:8443"
-
-  handlers:
-    - name: Update APT Cache
-      ansible.builtin.apt:
-        update_cache: true

templates/incus-preseed.yml.j2

@@ -1,22 +0,0 @@
-# Ansible-generated Incus preseed configuration
-config: {}
-storage_pools:
-  - name: {{ incus_storage_pool_name }}
-    driver: {{ incus_storage_driver }}
-networks:
-  - name: {{ incus_network_bridge }}
-    type: bridge
-    config:
-      ipv4.address: {{ incus_ipv4_addr }}
-      ipv6.address: {{ incus_ipv6_addr }}
-profiles:
-  - name: default
-    devices:
-      root:
-        path: /
-        pool: {{ incus_storage_pool_name }}
-        type: disk
-      eth0:
-        name: eth0
-        network: {{ incus_network_bridge }}
-        type: nic

templates/zabbly-incus-stable.sources.j2

@@ -1,7 +0,0 @@
-Enabled: yes
-Types: deb
-URIs: https://pkgs.zabbly.com/incus/stable
-Suites: {{ ansible_lsb.codename }}
-Components: main
-Architectures: {{ ansible_architecture }}
-Signed-By: /etc/apt/keyrings/zabbly.asc