117 lines
3.2 KiB
YAML
117 lines
3.2 KiB
YAML
---
|
|
- name: Install and Initialize Incus from Zabbly Stable Repository
|
|
hosts: localhost
|
|
become: yes
|
|
|
|
vars:
|
|
zabbly_key_url: "https://pkgs.zabbly.com/key.asc"
|
|
keyring_dir: "/etc/apt/keyrings"
|
|
keyring_asc: "/etc/apt/keyrings/zabbly.asc"
|
|
keyring_gpg: "/etc/apt/keyrings/zabbly.gpg"
|
|
repo_file: "/etc/apt/sources.list.d/zabbly-incus-stable.sources"
|
|
os_codename: "{{ ansible_lsb.codename }}"
|
|
arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
|
|
|
|
tasks:
|
|
- name: Ensure required tools are installed
|
|
apt:
|
|
name:
|
|
- curl
|
|
- gnupg
|
|
- lsb-release
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Create APT keyring directory
|
|
file:
|
|
path: "{{ keyring_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Download Zabbly GPG key (ASCII)
|
|
get_url:
|
|
url: "{{ zabbly_key_url }}"
|
|
dest: "{{ keyring_asc }}"
|
|
mode: '0644'
|
|
|
|
- name: Convert ASCII key to GPG format
|
|
command: gpg --dearmor -o "{{ keyring_gpg }}" "{{ keyring_asc }}"
|
|
args:
|
|
creates: "{{ keyring_gpg }}"
|
|
|
|
- name: Add Zabbly Incus Stable APT repository
|
|
copy:
|
|
dest: "{{ repo_file }}"
|
|
content: |
|
|
Enabled: yes
|
|
Types: deb
|
|
URIs: https://pkgs.zabbly.com/incus/stable
|
|
Suites: {{ os_codename }}
|
|
Components: main
|
|
Architectures: {{ arch }}
|
|
Signed-By: {{ keyring_gpg }}
|
|
|
|
- name: Update APT cache
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: Install Incus packages
|
|
apt:
|
|
name:
|
|
- incus
|
|
- incus-client
|
|
- incus-ui-canonical
|
|
state: present
|
|
|
|
- name: Wait for incus daemon to be ready
|
|
shell: |
|
|
until incus list &>/dev/null; do
|
|
sleep 1
|
|
done
|
|
retries: 10
|
|
delay: 2
|
|
register: incus_ready
|
|
until: incus_ready.rc == 0
|
|
|
|
- name: Preseed network and storage
|
|
command: incus admin init --preseed
|
|
args:
|
|
chdir: "{{ playbook_dir }}"
|
|
stdin: "{{ lookup('file', 'preseed-network-storage.yml') }}"
|
|
|
|
- name: Preseed profile and global config
|
|
command: incus admin init --preseed
|
|
args:
|
|
chdir: "{{ playbook_dir }}"
|
|
stdin: "{{ lookup('file', 'preseed-profile.yml') }}"
|
|
|
|
- name: Add current user to incus-admin group
|
|
user:
|
|
name: "{{ lookup('env', 'SUDO_USER') | default(lookup('env', 'USER'), true) }}"
|
|
groups: incus-admin
|
|
append: yes
|
|
|
|
- name: Ensure Incus listens on HTTPS port 8443
|
|
command: incus config set core.https_address :8443
|
|
|
|
- name: Install UFW
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: Enable UFW
|
|
command: ufw --force enable
|
|
|
|
- name: Allow inbound traffic on incusbr0
|
|
command: ufw allow in on incusbr0
|
|
|
|
- name: Allow routed inbound traffic on incusbr0
|
|
command: ufw route allow in on incusbr0
|
|
|
|
- name: Allow routed outbound traffic on incusbr0
|
|
command: ufw route allow out on incusbr0
|
|
|
|
- name: "Post Installation Instructions"
|
|
debug:
|
|
msg: "Post Installation Instructions: https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook/src/branch/master/README.md"
|