marito/LXC-Incus-stable-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LXC-Incus-stable-setup/playbook.yml
marito eae7345be7 admin init fixed
2025-06-14 08:29:11 +08:00

140 lines
4.2 KiB
YAML
Raw Blame History

---
- name: Install and Initialize Incus from Zabbly Stable Repository
hosts: localhost
become: yes
vars:
zabbly_key_url: "https://pkgs.zabbly.com/key.asc"
keyring_dir: "/etc/apt/keyrings"
keyring_asc: "/etc/apt/keyrings/zabbly.asc"
keyring_gpg: "/etc/apt/keyrings/zabbly.gpg"
repo_file: "/etc/apt/sources.list.d/zabbly-incus-stable.sources"
os_codename: "{{ ansible_lsb.codename }}"
arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
target_user: "{{ lookup('env', 'SUDO_USER') | default(lookup('env', 'USER'), true) }}"
tasks:
- name: Ensure required tools are installed
apt:
name: [curl, gnupg, lsb-release]
state: present
update_cache: yes
- name: Ensure ZFS support is installed
apt:
name: zfsutils-linux
state: present
- name: Create APT keyring directory
file:
path: "{{ keyring_dir }}"
state: directory
mode: '0755'
- name: Download Zabbly GPG key (ASCII)
get_url:
url: "{{ zabbly_key_url }}"
dest: "{{ keyring_asc }}"
mode: '0644'
- name: Convert ASCII key to GPG format
command: gpg --dearmor -o "{{ keyring_gpg }}" "{{ keyring_asc }}"
args:
creates: "{{ keyring_gpg }}"
- name: Add Zabbly Incus Stable APT repository
copy:
dest: "{{ repo_file }}"
content: |
Enabled: yes
Types: deb
URIs: https://pkgs.zabbly.com/incus/stable
Suites: {{ os_codename }}
Components: main
Architectures: {{ arch }}
Signed-By: {{ keyring_gpg }}
register: repo_added
- name: Update APT cache if repository was added
apt:
update_cache: yes
when: repo_added.changed
- name: Install Incus and UFW packages
apt:
name: [incus, incus-client, incus-ui-canonical, ufw]
state: present
- name: Check if Incus is already initialized (by checking for default storage pool)
command: incus storage show default
register: incus_check
failed_when: false
changed_when: false
- name: Initialize Incus daemon with preseed file (if not already initialized)
script: init-incus.sh
args:
chdir: "{{ playbook_dir }}"
when: incus_check.rc != 0
- name: Add target user to the incus-admin group for passwordless access
user:
name: "{{ target_user }}"
groups: incus-admin
append: yes
- name: Enable UFW and allow SSH to avoid getting locked out
community.general.ufw:
state: enabled
policy: deny
rule: allow
name: OpenSSH
comment: 'Allow SSH to prevent lockout'
- name: Enable IP forwarding for UFW (required for container internet access)
lineinfile:
path: /etc/ufw/sysctl.conf
regexp: '^#?net/ipv4/ip_forward=1'
line: 'net/ipv4/ip_forward=1'
state: present
notify: Reload UFW
- name: Allow INCOMING traffic on the Incus bridge interface
community.general.ufw:
rule: allow
interface: incusbr0
direction: in
comment: 'Allow incoming traffic to containers'
- name: Allow OUTGOING traffic on the Incus bridge interface
community.general.ufw:
rule: allow
interface: incusbr0
direction: out
comment: 'Allow outgoing traffic from containers'
- name: Allow ROUTED INBOUND traffic on incusbr0
community.general.ufw:
route: yes
rule: allow
interface: incusbr0
direction: in
comment: 'Allow routed traffic into the container network'
- name: Allow ROUTED OUTBOUND traffic on incusbr0
community.general.ufw:
route: yes
rule: allow
interface: incusbr0
direction: out
comment: 'Allow routed traffic out of the container network'
- name: Post Installation Instructions
debug:
msg:
- "SUCCESS: Incus installation and configuration complete."
- "Post Installation Instructions: https://git.marmattheo.com/marmattheo/LXC-Incus-stable-playbook/src/branch/master/README.md"
handlers:
- name: Reload UFW
command: ufw reload
Reference in New Issue View Git Blame Copy Permalink