# Ansible Playbook for LXC/Incus Installation (Debian/Ubuntu)

This playbook automates the installation and setup of the **stable** version of Incus on the **local machine** (Debian/Ubuntu). It is designed to be run directly on the server you wish to configure.

## Prerequisites

1.  **Ansible & Git:** Must be installed on the machine where you are running the playbook.
    ```bash
    sudo apt update
    sudo apt install ansible git -y
    ```
2.  **Sudo Access:** Your user must have `sudo` privileges to run the playbook.

## How to Run
1. **Setup:** Clone the repository and go to the project directory
    ```bash
    git clone https://git.marmattheo.com/marmattheo/LXC-Incus-stable-setup.git ~/incus-stable && cd ~/incus-stable
    ```

2.  **Execute the Playbook:**
    Run the following command from the same directory as the playbook file. It will prompt you for your `sudo` password to perform the administrative tasks.

    ```bash
    ansible-playbook playbook.yml -i inventory.ini --ask-become-pass
    ```
    *   `--ask-become-pass`: This flag tells Ansible to prompt for the password needed for privilege escalation (`sudo`).

## Post-Installation Steps

After the playbook completes successfully:

1.  **Configure User Access:**

    Add your user to incus-admin group

     ```bash
    sudo usermod -aG incus-admin $USER
    ```
    To refresh group membership.

     ```bash
    newgrp incus-admin
    ```

2.  **Initialize Incus:** 

    Run the interactive initialization and follow the prompts to configure storage pools, networks, and other settings.

     ```bash
    incus admin init
    ```
    > Press 'Enter' all throughout the interactive initialization for defaults

3.  **Verify Setup:** 

    You can test the installation by running.
    
    ```bash
    incus --version
    ```
    > This should return incus current version i.e., '6.13'

4.  **Access the Incus Web UI:** 

    Ensure Incus is listening on the network:
    
    ```bash
    incus config set core.https_address [::]:8443
    ```

    Then, access the Web UI at:

    ```bash
    https://localhost:8443
    ```
    > If you're using a remote server use ipv4/ipv6 instead: https://vps-ip:8443

    > Follow the self-signed certificate instructions when prompted to start using Incus.

5.  **Configure Firewall using ufw (Optional):** 

    Install and enable ufw:
    ```bash
    sudo apt install ufw -y && sudo ufw enable -y
    ```

    Ensure Incus is listening on the network:
    
    ```bash
    sudo ufw allow in on incusbr0
    sudo ufw route allow in on incusbr0
    sudo ufw route allow out on incusbr0
    ```

5.  **Incus Network - Access Containers by Name (Optional):** 

    Configuring name-to-IP resolution so the host OS can reach Incus containers using their names.
    
    ```bash
    ansible-playbook incus-network.yml -i inventory.ini --ask-become-pass
    ```
    > After this you should be able to reach your containers via their names or with the domain .incus

    > i.e., `sudo ping container_name`, `sudo ping container_name.incus` on terminal or `http://container_name.incus` inside an nginx config