From eec0a8a387fed5ae1f6fe92787982adb4d56f387 Mon Sep 17 00:00:00 2001
From: marito <dev@marmattheo.com>
Date: Tue, 10 Jun 2025 16:15:36 +0800
Subject: [PATCH] incus network

---
 README.md         |  7 ++++++
 incus-network.yml | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 playbook.yml      | 14 ++----------
 3 files changed, 64 insertions(+), 12 deletions(-)
 create mode 100644 incus-network.yml

diff --git a/README.md b/README.md
index 182851d..eede0c7 100644
--- a/README.md
+++ b/README.md
@@ -68,5 +68,12 @@ After the playbook completes successfully:
     sudo ufw route allow out on incusbr0
     ```
 
+5.  **Incus Network - Access Containers by Name (Optional):** 
+    Configuring name-to-IP resolution so the host OS can reach Incus containers using their names.
+    
+    ```bash
+    ansible-playbook incus-network.yml --ask-become-pass
+    ```
+
 
 
diff --git a/incus-network.yml b/incus-network.yml
new file mode 100644
index 0000000..609a850
--- /dev/null
+++ b/incus-network.yml
@@ -0,0 +1,55 @@
+---
+- name: Configure DNS for Incus Network
+  hosts: localhost
+  become: yes
+
+  vars:
+    incus_dns_ip: "{{ lookup('pipe', \"ip -4 -o addr show incusbr0 | awk '{print $4}' | cut -d/ -f1\") }}"
+    resolved_conf_path: "/etc/systemd/resolved.conf.d/incus.conf"
+
+  tasks:
+    - name: Ensure systemd-resolved package is installed
+      apt:
+        name: systemd-resolved
+        state: present
+        update_cache: yes
+
+    - name: Ensure systemd-resolved override directory exists
+      file:
+        path: "/etc/systemd/resolved.conf.d"
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Write systemd-resolved DNS override for Incus
+      copy:
+        dest: "{{ resolved_conf_path }}"
+        owner: root
+        group: root
+        mode: '0644'
+        content: |
+          [Resolve]
+          DNS={{ incus_dns_ip }}
+          Domains=~incus
+
+    - name: Enable systemd-resolved service
+      systemd:
+        name: systemd-resolved
+        enabled: yes
+
+    - name: Start systemd-resolved service
+      systemd:
+        name: systemd-resolved
+        state: started
+
+    - name: Ensure /etc/resolv.conf points to systemd-resolved
+      file:
+        src: /run/systemd/resolve/resolv.conf
+        dest: /etc/resolv.conf
+        state: link
+        force: yes
+
+    - name: Inform user
+      debug:
+        msg: "DNS now points to {{ incus_dns_ip }}. systemd-resolved is active with ~incus search domain."
diff --git a/playbook.yml b/playbook.yml
index 26d0b1a..a66e383 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -63,16 +63,6 @@
           - incus-ui-canonical
         state: present
 
-    - name: Add current user to incus-admin group
-      user:
-        name: "{{ ansible_user_id }}"
-        groups: incus-admin
-        append: yes
-
-    - name: "Notify to run 'newgrp incus-admin' manually"
+    - name: "Post Installation Instructions"
       debug:
-        msg: "Run 'newgrp incus-admin' in your terminal to refresh group membership."
-
-    - name: "Reminder to run 'incus admin init'"
-      debug:
-        msg: "After installation, run 'incus admin init' to configure Incus."
+        msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/incus-stable-playbook/src/branch/master/README.md"