--- # Three hosts are defined but the quickstart script filters using an environment variable # so only one host is provisioned at a time by quickstart. all: children: desktop: children: nix: hosts: standard: ansible_connection: local vars: ansible_become_pass: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_user: "{{ lookup('env', 'ANSIBLE_USER') | default('Betelgeuse') }}" qubes: vars: ansible_become_pass: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_connection: qubes ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_user: "{{ lookup('env', 'ANSIBLE_USER') | default('user') }}" ansible_python_interpreter: /usr/bin/python3 qubes: dom0_vm: dom0 hosts: dom0: blank: qubes: vm_type: TemplateVM children: qubes-vms: vars: ansible_user: user install_default_npm_packages: false install_default_pip_packages: false install_default_ruby_gems: false install_go_developer_dependencies: false install_grub_theme: false install_plymouth_theme: false memory: 512 maxmem: 4096 pip_packages: [] vcpus: 2 volume: {} children: system-vms: template-vms: net-vms: proxy-vms: app-vms: standalone-vms: windows: hosts: windows-standard: vars: ansible_become_pass: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_connection: winrm ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('Betelgeuse888<3') }}" ansible_user: "{{ lookup('env', 'ANSIBLE_USER') | default('Betelgeuse') }}" ansible_winrm_transport: credssp ansible_winrm_server_cert_validation: ignore app-vms: vars: qubes: maxmem: 2048 memory: 512 _netvm: sys-firewall vm_type: AppVM children: app-dvms: vars: qubes: label: gray template_for_dispvms: true hosts: anon-dvm: qubes: template: anon-tmpl template_vm: anon-tmpl dev-dvm: install_default_npm_packages: true install_default_pip_packages: true install_default_ruby_gems: true install_go_developer_dependencies: true qubes: template: dev-tmpl template_vm: dev-tmpl media-dvm: qubes: template: media-tmpl template_vm: media-tmpl office-dvm: qubes: template: office-tmpl template_vm: office-tmpl services-dvm: qubes: template: services-tmpl template_vm: services-tmpl util-dvm: qubes: template: util-tmpl template_vm: util-tmpl web-dvm: qubes: template: web-tmpl template_vm: web-tmpl primary-dvm-templates: vars: qubes: label: gray template_for_dispvms: true hosts: debian-11-dvm: qubes: template: debian-11 template_vm: debian-11 debian-11-base-dvm: qubes: template: debian-11-base template_vm: debian-11-base fedora-36-dvm: qubes: template: fedora-36 template_vm: fedora-36 fedora-36-base-dvm: qubes: template: fedora-36-base template_vm: fedora-36-base fedora-37-dvm: qubes: template: fedora-37 template_vm: fedora-37 fedora-37-base-dvm: qubes: template: fedora-37-base template_vm: fedora-37-base net-dvm: randomize_mac_address: true qubes: template: net-tmpl template_vm: net-tmpl standard-vms: hosts: crypto: qubes: _netvm: sys-vpn-proton template: crypto-tmpl template_vm: crypto-tmpl dev: install_default_npm_packages: true install_default_pip_packages: true install_default_ruby_gems: true install_go_developer_dependencies: true persistent_docker_volumes: true qubes: maxmem: 8192 memory: 2048 _netvm: sys-vpn-proton template: dev-tmpl template_vm: dev-tmpl vcpus: 4 gpg: qubes: label: green template: gpg-tmpl template_vm: gpg-tmpl kubernetes: persistent_docker_volumes: true qubes: autostart: true maxmem: 8192 memory: 2048 _netvm: sys-vpn-pritunl template: kubernetes-tmpl template_vm: kubernetes-tmpl vcpus: 4 volume: private: 30 personal: persistent_docker_volumes: true qubes: maxmem: 8192 memory: 2048 _netvm: sys-vpn-proton template: personal-tmpl template_vm: personal-tmpl vcpus: 4 # pritunl-server: # qubes: # # _netvm: opnsense # _netvm: sys-firewall # template_vm: pritunl-server-tmpl # provision: # qubes: # _netvm: sys-vpn-pritunl # template_vm: provision-tmpl remote: qubes: _netvm: sys-vpn-pritunl template: remote-tmpl template_vm: remote-tmpl swarm: persistent_docker_volumes: true qubes: autostart: true maxmem: 8192 memory: 2048 _netvm: sys-vpn-pritunl template: swarm-tmpl template_vm: swarm-tmpl vcpus: 4 volume: private: 30 vault: qubes: label: green template: vault-tmpl template_vm: vault-tmpl work: persistent_docker_volumes: true qubes: maxmem: 8192 memory: 2048 _netvm: sys-vpn-pritunl template: work-tmpl template_vm: work-tmpl vcpus: 4 vars: qubes: label: purple template_vm: fedora-36-base specialty-vms: vars: qubes: vm_type: AppVM hosts: api: qubes: label: orange template: provision-tmpl template_vm: provision-tmpl maas-qubes: qubes: label: orange # _netvm: opnsense template: provision-tmpl template_vm: provision-tmpl mirror: qubes: label: orange template: docker-tmpl template_vm: docker-tmpl pfsense-qubes: pritunl: qubesos-build: qubes: template: fedora-32 template_vm: fedora-32 seconion-qubes: net-vms: hosts: # opnsense: # ansible_password: "{{ lookup('env', 'OPNSENSE_PASSWORD') }}" # ansible_user: "{{ lookup('env', 'OPNSENSE_USER') }}" # qubes: # _netvm: none # pcidevs: '{{ sys_net_pcidevs | default([]) }}' # provides_network: true # template: opnsense-tmpl # template_vm: opnsense-tmpl # volume: # root: 40g # TODO - Add Security Onion to stack. # Note - Ideally it should be run on another offline computer passively tapped into the Ethernet but in the spirit of mashing everything into one computer.. leaving this as a note for now -- PRs weldome # seconion: # ansible_password: "{{ lookup('env', 'SECONION_PASSWORD') }}" # ansible_user: "{{ lookup('env', 'SECONION_USER') }}" # qubes: # template: seconion-tmpl # template_vm: seconion-tmpl # volume: # root: 400g vars: ansible_connection: ssh qubes: autostart: true label: orange memory: 4096 maxmem: 8192 virt_mode: hvm vm_type: NetVM proxy-vms: vars: qubes: label: gray memory: 256 maxmem: 1024 _netvm: sys-firewall provides_network: true template_for_dispvms: true vm_type: AppVM children: vpn-dvms: hosts: vpn-pritunl-dvm: qubes: template: vpn-pritunl-tmpl template_vm: vpn-pritunl-tmpl vpn-proton-dvm: qubes: template: vpn-proton-tmpl template_vm: vpn-proton-tmpl vpn-nm-dvm: qubes: template: vpn-nm-tmpl template_vm: vpn-nm-tmpl vpn-tailscale-dvm: qubes: template: vpn-tailscale-tmpl template_vm: vpn-tailscale-tmpl vpn-warp-dvm: qubes: template: vpn-warp-tmpl template_vm: vpn-warp-tmpl net-dvms: hosts: ethernet-dvm: qubes: template: ethernet-tmpl template_vm: ethernet-tmpl wifi-dvm: qubes: template: wifi-tmpl template_vm: wifi-tmpl template-vms: vars: qubes: label: black _netvm: None vm_type: TemplateVM children: primary-templates: children: network-templates: hosts: ethernet-tmpl: qubes: source: fedora-36-minimal wifi-tmpl: qubes: source: debian-11-minimal primary-templates-base: hosts: archlinux-base: qubes: source: archlinux debian-11-base: qubes: source: debian-11 fedora-36-base: qubes: source: fedora-36 fedora-37-base: qubes: source: fedora-37 jammy-base: qubes: source: jammy vars: volume: root: 30 private: 20 primary-templates-docker: hosts: archlinux-docker: qubes: source: archlinux-base debian-11-docker: qubes: source: debian-11-base fedora-36-docker: qubes: source: fedora-36-base fedora-37-docker: qubes: source: fedora-37-base jammy-docker: qubes: source: jammy-base vars: volume: root: 35 private: 24 primary-templates-full: hosts: archlinux-full: qubes: source: archlinux-base debian-11-full: qubes: source: debian-11-base fedora-36-full: qubes: source: fedora-36-base fedora-37-full: qubes: source: fedora-37-base jammy-full: qubes: source: jammy-base vars: volume: root: 40 private: 30 primary-templates-stock: hosts: archlinux: common_software_packages: - apparmor - base-devel - bc - git - go-tools - inetutils - python-docutils - squashfs-tools - unzip debian-11: fedora-32: fedora-36: fedora-36-xfce: fedora-37: qubes_prerelease: true jammy: vars: apply_theme: true common_software_packages: - snapd - qubes-snapd-helper volume: root: 20 private: 10 primary-templates-minimal: hosts: debian-11-minimal: fedora-36-minimal: whonix-gw-16: install_updates: false whonix-ws-16: install_updates: false vars: apply_theme: true vars: qubes: label: red standard-templates: hosts: anon-tmpl: crypto-tmpl: qubes: source: fedora-36-docker dev-tmpl: install_default_npm_packages: true install_default_pip_packages: true install_default_ruby_gems: true install_go_developer_dependencies: true qubes: source: fedora-36-full # full_terminal_profile: true # include_pii_dotfiles: true docker-tmpl: qubes: source: fedora-36-docker gpg-tmpl: qubes: source: fedora-36 net-tmpl: qubes: source: fedora-36 kubernetes-tmpl: qubes: source: fedora-36-docker media-tmpl: personal-tmpl: qubes: source: fedora-36-full # pritunl-server-tmpl: # qubes: # source: debian-10 office-tmpl: provision-tmpl: qubes: source: fedora-36-docker remote-tmpl: services-tmpl: swarm-tmpl: qubes: source: fedora-36-docker util-tmpl: vpn-tmpl: qubes: source: debian-11-base vault-tmpl: qubes: source: fedora-36 web-tmpl: work-tmpl: qubes: source: fedora-36-full vars: qubes: source: fedora-36-base vpn-base-templates: hosts: vpn-tmpl: vpn-templates: hosts: vpn-pritunl-tmpl: vpn-proton-tmpl: vpn-nm-tmpl: vpn-tailscale-tmpl: vpn-warp-tmpl: vars: qubes: source: vpn-tmpl # desktop-hvm-templates: # hosts: # # TODO Add version numbers in these template names # archlinux-desktop-tmpl: # centos-desktop-tmpl: # debian-desktop-tmpl: # debian-server-tmpl: # fedora-desktop-tmpl: # macos-desktop-tmpl: # ubuntu-desktop-tmpl: # windows-desktop-tmpl: # ansible_connection: winrm # vars: # # SSH connection is unnecessary since templates are loaded from vagrantup.com or via the qubes-packer.yml playbook # # ansible_connection: ssh # # ansible_password: "{{ lookup('env', 'VAGRANT_PASSWORD') }}" # # ansible_user: "{{ lookup('env', 'VAGRANT_USER') }}" # qubes: # kernel: '' # source: blank # virt_mode: hvm # volume: # root: 40g misc-hvm-templates: hosts: # opnsense-tmpl: # ansible_password: "{{ lookup('env', 'OPNSENSE_PASSWORD') }}" # ansible_user: "{{ lookup('env', 'OPNSENSE_USER') }}" # qubes: # _netvm: None # provides_network: true # pcidevs: '{{ sys_net_pcidevs | default([]) }}' # source: opnsense-22.7 # volume: # root: 40g # seconion-tmpl: # ansible_password: "{{ lookup('env', 'SECONION_PASSWORD') }}" # ansible_user: "{{ lookup('env', 'SECONION_USER') }}" # volume: # root: 10g vars: ansible_connection: ssh qubes: kernel: '' virt_mode: hvm standalone-vms: vars: qubes: label: blue memory: 2048 maxmem: 8192 kernel: '' vcpus: 4 virt_mode: hvm vm_type: StandaloneVM children: # desktop-standalone-vms: # hosts: # # By default, only initialize standalones for the fully loaded environments # # If you just want a default ubuntu HVM, for instance, then qvm-clone from the # # `ubuntu-desktop-base-tmpl` TemplateVM # archlinux-desktop: # qubes: # source: archlinux-desktop-tmpl # centos-desktop: # qubes: # source: centos-desktop-tmpl # debian-desktop: # qubes: # source: debian-desktop-tmpl # debian-server: # qubes: # source: debian-server-tmpl # fedora-desktop: # qubes: # source: fedora-desktop-tmpl # macos-desktop: # qubes: # source: macos-desktop-tmpl # ubuntu-desktop: # qubes: # source: ubuntu-desktop-tmpl # windows-desktop: # ansible_connection: winrm # qubes: # source: windows-desktop-tmpl # vars: # ansible_connection: ssh # ansible_password: "{{ lookup('env', 'VAGRANT_PASSWORD') }}" # ansible_user: "{{ lookup('env', 'VAGRANT_USER') }}" # qubes: # _netvm: sys-vpn-proton # volume: # root: 50g unikernel-vms: hosts: mirage: mirage_compile_from_source: false qubes: kernel: mirage-firewall kernelopts: '' memory: 64 maxmem: 64 provides_network: true source: blank vcpus: 1 virt_mode: pvh label: green vm_type: StandaloneVM # TODO qvm-features mirage-firewall qubes-firewall 1 # TODO qvm-features mirage-firewall no-default-kernelopts 1 system-vms: hosts: anon-whonix: qubes: _netvm: sys-whonix template_vm: whonix-ws-16 debian-11: qubes: vm_type: TemplateVM debian-11-dvm: qubes: _netvm: sys-firewall template_for_dispvms: true sys-firewall: # Next three are where the SwitchHosts program gets installed along with hostctl and default profiles hostsfile_default_loopback: true install_hostctl: true install_switchhosts: true qubes: _netvm: sys-net vm_type: ProxyVM sys-net: # sys-usb: sys-whonix: qubes: _netvm: sys-firewall template_vm: whonix-gw-16 whonix-ws-16-dvm: qubes: _netvm: sys-firewall template_vm: whonix-ws-16 vars: qubes: label: red vm_type: AppVM