punkfairie/install.fairie
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
install.fairie/home/dot_local/share/ansible/environments/qa/inventories/quickstart.yml
Brian Zalewski caf29b885b Added Gas Station.
2023-07-16 01:40:26 -04:00

580 lines
15 KiB
YAML
Raw Blame History

---
# Three hosts are defined but the quickstart script filters using an environment variable
# so only one host is provisioned at a time by quickstart.
all:
vars:
ansible_winrm_transport: credssp
ansible_winrm_server_cert_validation: ignore
children:
desktop:
children:
nix:
hosts:
standard:
ansible_connection: local
vars:
ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') }}"
ansible_user: "{{ lookup('env', 'ANSIBLE_USER') }}"
qubes:
vars:
ansible_connection: qubes
ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') | default('') }}"
ansible_user: "{{ lookup('env', 'ANSIBLE_USER') | default('user') }}"
ansible_python_interpreter: /usr/bin/python3
qubes:
dom0_vm: dom0
hosts:
dom0:
blank:
qubes:
vm_type: TemplateVM
children:
qubes-vms:
vars:
install_grub_theme: false
install_plymouth_theme: false
memory: 512
maxmem: 4096
vcpus: 2
children:
system-vms:
template-vms:
net-vms:
proxy-vms:
app-vms:
standalone-vms:
windows:
hosts:
standard:
ansible_connection: winrm
vars:
ansible_password: "{{ lookup('env', 'ANSIBLE_PASSWORD') }}"
ansible_user: "{{ lookup('env', 'ANSIBLE_USER') }}"
app-vms:
vars:
qubes:
maxmem: 2048
memory: 512
_netvm: sys-firewall
vm_type: AppVM
children:
app-dvms:
vars:
qubes:
label: gray
template_for_dispvms: true
hosts:
anon-dvm:
qubes:
template: anon-tmpl
template_vm: anon-tmpl
dev-dvm:
qubes:
template: dev-tmpl
template_vm: dev-tmpl
media-dvm:
qubes:
template: media-tmpl
template_vm: media-tmpl
office-dvm:
qubes:
template: office-tmpl
template_vm: office-tmpl
services-dvm:
qubes:
template: services-tmpl
template_vm: services-tmpl
util-dvm:
qubes:
template: util-tmpl
template_vm: util-tmpl
web-dvm:
qubes:
template: web-tmpl
template_vm: web-tmpl
primary-dvm-templates:
vars:
qubes:
label: gray
template_for_dispvms: true
hosts:
debian-11-dvm:
qubes:
template: debian-11
template_vm: debian-11
debian-11-base-dvm:
qubes:
template: debian-11-base
template_vm: debian-11-base
fedora-36-dvm:
qubes:
template: fedora-36
template_vm: fedora-36
fedora-36-base-dvm:
qubes:
template: fedora-36-base
template_vm: fedora-36-base
net-dvm:
randomize_mac_address: true
qubes:
template: net-tmpl
template_vm: net-tmpl
standard-vms:
hosts:
crypto:
qubes:
_netvm: sys-vpn-proton
template: crypto-tmpl
template_vm: crypto-tmpl
dev:
persistent_docker_volumes: true
qubes:
maxmem: 8192
_netvm: sys-vpn-proton
template: dev-tmpl
template_vm: dev-tmpl
vcpus: 4
gpg:
qubes:
label: green
template: gpg-tmpl
template_vm: gpg-tmpl
kubernetes:
persistent_docker_volumes: true
qubes:
autostart: true
maxmem: 8192
_netvm: sys-vpn-pritunl
template: kubernetes-tmpl
template_vm: kubernetes-tmpl
vcpus: 4
vm_type: NetVM
volume:
private: 10
personal:
persistent_docker_volumes: true
qubes:
maxmem: 8192
_netvm: sys-vpn-proton
template: personal-tmpl
template_vm: personal-tmpl
vcpus: 4
# pritunl-server:
# qubes:
# # _netvm: opnsense
# _netvm: sys-firewall
# template_vm: pritunl-server-tmpl
# provision:
# qubes:
# _netvm: sys-vpn-pritunl
# template_vm: provision-tmpl
remote:
qubes:
_netvm: sys-vpn-pritunl
template: remote-tmpl
template_vm: remote-tmpl
swarm:
persistent_docker_volumes: true
qubes:
autostart: true
maxmem: 8192
_netvm: sys-vpn-pritunl
template: swarm-tmpl
template_vm: swarm-tmpl
vcpus: 4
volume:
private: 10
vault:
qubes:
label: green
template: vault-tmpl
template_vm: vault-tmpl
work:
persistent_docker_volumes: true
qubes:
maxmem: 8192
_netvm: sys-vpn-pritunl
template: work-tmpl
template_vm: work-tmpl
vcpus: 4
vars:
qubes:
label: purple
template_vm: fedora-36-base
specialty-vms:
vars:
qubes:
vm_type: AppVM
hosts:
api:
qubes:
label: orange
template: provision-tmpl
template_vm: provision-tmpl
maas:
qubes:
label: orange
# _netvm: opnsense
template: provision-tmpl
template_vm: provision-tmpl
mirror:
qubes:
label: orange
template: docker-tmpl
template_vm: docker-tmpl
pfsense:
pritunl:
qubesos-build:
qubes:
template: fedora-32
template_vm: fedora-32
seconion:
net-vms:
hosts:
# opnsense:
# ansible_password: "{{ lookup('env', 'OPNSENSE_PASSWORD') }}"
# ansible_user: "{{ lookup('env', 'OPNSENSE_USER') }}"
# qubes:
# _netvm: none
# pcidevs: '{{ sys_net_pcidevs | default([]) }}'
# provides_network: true
# template: opnsense-tmpl
# template_vm: opnsense-tmpl
# volume:
# root: 40g
# TODO - Add Security Onion to stack.
# Note - Ideally it should be run on another offline computer passively tapped into the Ethernet but in the spirit of mashing everything into one computer.. leaving this as a note for now -- PRs weldome
# seconion:
# ansible_password: "{{ lookup('env', 'SECONION_PASSWORD') }}"
# ansible_user: "{{ lookup('env', 'SECONION_USER') }}"
# qubes:
# template: seconion-tmpl
# template_vm: seconion-tmpl
# volume:
# root: 400g
vars:
ansible_connection: ssh
qubes:
autostart: true
label: orange
memory: 4096
maxmem: 8192
virt_mode: hvm
vm_type: NetVM
proxy-vms:
children:
vpn-dvms:
hosts:
vpn-pritunl-dvm:
qubes:
template: vpn-pritunl-tmpl
template_vm: vpn-pritunl-tmpl
vpn-proton-dvm:
qubes:
template: vpn-proton-tmpl
template_vm: vpn-proton-tmpl
vpn-nm-dvm:
qubes:
template: vpn-nm-tmpl
template_vm: vpn-nm-tmpl
vpn-tailscale-dvm:
qubes:
template: vpn-tailscale-tmpl
template_vm: vpn-tailscale-tmpl
vpn-warp-dvm:
qubes:
template: vpn-warp-tmpl
template_vm: vpn-warp-tmpl
vars:
qubes:
label: gray
memory: 256
maxmem: 1024
_netvm: sys-firewall
provides_network: true
template_for_dispvms: true
vm_type: AppVM
template-vms:
vars:
qubes:
label: black
_netvm: None
vm_type: TemplateVM
children:
primary-templates:
children:
primary-templates-base:
hosts:
debian-11-base:
qubes:
source: debian-11
fedora-36-base:
qubes:
source: fedora-36
vars:
volume:
root: 20
private: 5
primary-templates-docker:
hosts:
debian-11-docker:
qubes:
source: debian-11-base
fedora-36-docker:
qubes:
source: fedora-36-base
primary-templates-full:
hosts:
debian-11-full:
qubes:
source: debian-11-base
fedora-36-full:
qubes:
source: fedora-36-base
vars:
volume:
root: 24
private: 8
primary-templates-stock:
hosts:
archlinux:
debian-11:
debian-12:
fedora-32:
fedora-36:
fedora-36-xfce:
jammy:
vars:
apply_theme: true
common_software_packages:
- snapd
- qubes-snapd-helper
primary-templates-minimal:
hosts:
debian-11-minimal:
fedora-36-minimal:
whonix-gw-16:
install_updates: false
whonix-ws-16:
install_updates: false
vars:
apply_theme: true
vars:
qubes:
label: red
standard-templates:
hosts:
anon-tmpl:
crypto-tmpl:
qubes:
source: fedora-36-docker
dev-tmpl:
qubes:
source: fedora-36-full
# full_terminal_profile: true
# include_pii_dotfiles: true
docker-tmpl:
qubes:
source: fedora-36-docker
gpg-tmpl:
qubes:
source: fedora-36
net-tmpl:
qubes:
source: fedora-36
kubernetes-tmpl:
qubes:
source: fedora-36-docker
media-tmpl:
personal-tmpl:
qubes:
source: fedora-36-full
# pritunl-server-tmpl:
# qubes:
# source: debian-10
office-tmpl:
provision-tmpl:
qubes:
source: fedora-36-docker
remote-tmpl:
services-tmpl:
swarm-tmpl:
qubes:
source: fedora-36-docker
util-tmpl:
vpn-tmpl:
qubes:
source: debian-11-base
vault-tmpl:
qubes:
source: fedora-36
web-tmpl:
work-tmpl:
qubes:
source: fedora-36-full
vars:
qubes:
source: fedora-36-base
vpn-templates:
hosts:
vpn-pritunl-tmpl:
vpn-proton-tmpl:
vpn-nm-tmpl:
vpn-tailscale-tmpl:
vpn-warp-tmpl:
vars:
qubes:
source: vpn-tmpl
# desktop-hvm-templates:
# hosts:
# # TODO Add version numbers in these template names
# archlinux-desktop-tmpl:
# centos-desktop-tmpl:
# debian-desktop-tmpl:
# debian-server-tmpl:
# fedora-desktop-tmpl:
# macos-desktop-tmpl:
# ubuntu-desktop-tmpl:
# windows-desktop-tmpl:
# ansible_connection: winrm
# vars:
# # SSH connection is unnecessary since templates are loaded from vagrantup.com or via the qubes-packer.yml playbook
# # ansible_connection: ssh
# # ansible_password: "{{ lookup('env', 'VAGRANT_PASSWORD') }}"
# # ansible_user: "{{ lookup('env', 'VAGRANT_USER') }}"
# qubes:
# kernel: ''
# source: blank
# virt_mode: hvm
# volume:
# root: 40g
misc-hvm-templates:
hosts:
# opnsense-tmpl:
# ansible_password: "{{ lookup('env', 'OPNSENSE_PASSWORD') }}"
# ansible_user: "{{ lookup('env', 'OPNSENSE_USER') }}"
# qubes:
# _netvm: None
# provides_network: true
# pcidevs: '{{ sys_net_pcidevs | default([]) }}'
# source: opnsense-22.7
# volume:
# root: 40g
# seconion-tmpl:
# ansible_password: "{{ lookup('env', 'SECONION_PASSWORD') }}"
# ansible_user: "{{ lookup('env', 'SECONION_USER') }}"
# volume:
# root: 10g
vars:
ansible_connection: ssh
qubes:
kernel: ''
virt_mode: hvm
standalone-vms:
vars:
qubes:
label: blue
memory: 2048
maxmem: 8192
kernel: ''
vcpus: 4
virt_mode: hvm
vm_type: StandaloneVM
children:
# desktop-standalone-vms:
# hosts:
# # By default, only initialize standalones for the fully loaded environments
# # If you just want a default ubuntu HVM, for instance, then qvm-clone from the
# # `ubuntu-desktop-base-tmpl` TemplateVM
# archlinux-desktop:
# qubes:
# source: archlinux-desktop-tmpl
# centos-desktop:
# qubes:
# source: centos-desktop-tmpl
# debian-desktop:
# qubes:
# source: debian-desktop-tmpl
# debian-server:
# qubes:
# source: debian-server-tmpl
# fedora-desktop:
# qubes:
# source: fedora-desktop-tmpl
# macos-desktop:
# qubes:
# source: macos-desktop-tmpl
# ubuntu-desktop:
# qubes:
# source: ubuntu-desktop-tmpl
# windows-desktop:
# ansible_connection: winrm
# qubes:
# source: windows-desktop-tmpl
# vars:
# ansible_connection: ssh
# ansible_password: "{{ lookup('env', 'VAGRANT_PASSWORD') }}"
# ansible_user: "{{ lookup('env', 'VAGRANT_USER') }}"
# qubes:
# _netvm: sys-vpn-proton
# volume:
# root: 50g
unikernel-vms:
hosts:
mirage-firewall:
mirage_compile_from_source: false
qubes:
kernel: mirage-firewall
kernelopts: ''
memory: 64
maxmem: 64
provides_network: true
source: blank
vcpus: 1
virt_mode: pvh
label: green
vm_type: StandaloneVM
# TODO qvm-features mirage-firewall qubes-firewall 1
# TODO qvm-features mirage-firewall no-default-kernelopts 1
system-vms:
hosts:
anon-whonix:
qubes:
_netvm: sys-whonix
template_vm: whonix-ws-16
debian-11:
qubes:
vm_type: TemplateVM
debian-11-dvm:
qubes:
_netvm: sys-firewall
template_for_dispvms: true
sys-firewall:
# Next three are where the SwitchHosts program gets installed along with hostctl and default profiles
hostsfile_default_loopback: true
install_hostctl: true
install_switchhosts: true
qubes:
_netvm: sys-net
vm_type: ProxyVM
sys-net:
sys-usb:
sys-whonix:
qubes:
_netvm: sys-firewall
template_vm: whonix-gw-16
whonix-ws-16-dvm:
qubes:
_netvm: sys-firewall
template_vm: whonix-ws-16
vars:
qubes:
label: red
vm_type: AppVM
Reference in a new issue View git blame Copy permalink