update

2024-01-02 02:13:28 +00:00 · 2024-01-02 02:13:28 +00:00 · 33a439173c
commit 33a439173c
parent c417a6f3f9
17 changed files with 1298 additions and 95 deletions
--- a/etc/hosts.yml
+++ b/etc/hosts.yml
@ -0,0 +1,446 @@
+# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
+# use double quotes exclusively around  strings and
+# use single quotes exclusively with lists - for bash post-processing
+
+all:
+
+  children:
+
+    vbox_winrm_group:
+
+      hosts:
+
+        y_UEFI_MediCat_VHD_DW:
+          # /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0
+          # doesnt work: ansible_connection: "libvirt_qemu"
+
+          BOX_SERVICE_MGR: "win11"
+          BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW"
+
+          UPD_WINRM_CRT_PASSWORD: ""
+          UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for "
+          UPD_WINRM_FILE_BASE: "winrm-win11vbox"
+          UPD_WINRM_KEY_BITS: 4096
+
+          UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D"
+          UPD_WINRM_HOST_DEV: "vboxnet0"
+          UPD_WINRM_ADMIN_NAME: "administrator"
+          UPD_WINRM_ADMIN_PASS: "<get from vault>"
+
+          # NOT  remote_addr:
+          ansible_winrm_host: "192.168.56.1"
+          # remote_user
+          ansible_winrm_user: "administrator"
+          BOX_DEFAULT_OUTPUT_IF: fixme
+
+          UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin"
+          UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin"
+
+          # List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc)
+          # python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES'
+          # ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp']
+          # FixMe: which one works?
+          UPD_WINRM_WINRM_TRANSPORT: "basic"
+          # Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B
+
+      vars:
+        #maybe ansible_connection: "winrm"
+        BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"]
+        ansible_winrm_port: 5985
+        ansible_winrm_scheme: http
+        ansible_winrm_transport: ['basic', 'plaintext', 'certificate',  'ssl']
+        # NOT remote_user
+        # ansible_user
+        ansible_winrm_user: "Administrator"
+        #? ansible_password: ""
+        ansible_winrm_server_cert_validation: ignore
+        validate_certs: false
+        # NO proxy from environment - or ensure no_proxy
+        no_proxy:    "localhost,127.0.0.1,192.168.56.1"
+
+    linux_unix_group:
+
+      children:
+
+        linux_local_group:
+
+          hosts:
+
+            pentoo:
+              ansible_remote_addr: "/mnt/linuxPen19"
+              BOX_HOST_NAME: "pentoo"
+              BOX_SERVICE_MGR: "openrc"
+              BOX_USER_NAME: "vagrant"
+              BOX_USER_GROUP: "users"
+              BOX_USER_HOME: "/home/vagrant"
+              BOX_OS_FAMILY: Gentoo
+              BOX_OS_NAME: gentoo
+              BOX_OS_FLAVOR: "Pentoo"
+              BOX_USR_LIB: lib
+              BOX_DEFAULT_OUTPUT_IF: wlan4
+              BOX_PROXY_MODE: selektor
+              BOX_WHONIX_PROXY_HOST: ""
+              BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
+              BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
+              # /usr/lib/jvm/openjdk-bin-*/conf/net.properties
+              BOX_ALSO_USERS:
+                - pentoo
+              BOX_PORTAGE_PYTHON_MINOR: "3.11"
+              BOX_PYTHON2_MINOR: "2.7"
+              BOX_PYTHON3_MINOR: "3.11"
+              BOX_GENTOO_FROM_MP: "/"
+
+            devuan:
+              ansible_remote_addr: "/mnt/linuxDev4" #ignored for local
+              BOX_HOST_NAME: "devuan"
+              BOX_SERVICE_MGR: "sysvinit"
+              BOX_USER_NAME: "devuan"
+              BOX_USER_GROUP: "adm"
+              BOX_USER_HOME: "/home/devuan"
+              BOX_OS_FAMILY: Debian
+              BOX_OS_NAME: Devuan
+              BOX_OS_FLAVOR: "Devuan"
+              BOX_USR_LIB: lib
+              BOX_DEFAULT_OUTPUT_IF: wlan6
+              BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives"
+              BOX_ALSO_USERS: []
+              BOX_PORTAGE_PYTHON_MINOR: "3.11"
+              BOX_PYTHON2_MINOR: "2.7"
+              BOX_PYTHON3_MINOR: "3.11"
+
+              BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
+
+              BOX_WHONIX_PROXY_HOST: ""
+              BOX_PROXY_MODE: tor
+              BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
+
+          vars:
+            BOX_ANSIBLE_CONNECTIONS: ["local"]
+            BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o',  '/mnt/mnt/linuxPen19']
+            BOX_BASE_FEATURES: ['insecure_sudo']
+            BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy']
+            BOX_TOXCORE_FEATURES: []
+
+        # libvirt_group could also be ssh_group
+        linux_libvirt_group:
+
+          hosts:
+
+            gentoo1:
+
+              ansible_remote_addr: "gentoo1"
+              ansible_host: "gentoo1"
+              ansible_ssh_user: "gentoo"
+              BOX_SERVICE_MGR: "openrc"
+              BOX_HOST_NAME: "gentoo1"
+              BOX_USER_NAME: "gentoo"
+              BOX_USER_GROUP: "adm"
+              BOX_ALSO_GROUP: "adm"
+              BOX_USER_HOME: "/home/gentoo"
+              BOX_OS_NAME: Gentoo
+              BOX_OS_FAMILY: Gentoo
+              BOX_OS_FLAVOR: "Gentoo"
+              BOX_USR_LIB: lib64
+              BOX_DEFAULT_OUTPUT_IF: eth0
+              BOX_PYTHON2_MINOR: ""
+              BOX_PYTHON3_MINOR: "3.11"
+              BASE_PORTAGE_PYTHON_MINOR: 3.11
+              BOX_HOST_CONTAINER_MOUNTS: []
+              BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
+              BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
+              BOX_ALSO_USERS:
+                - gentoo
+              BOX_BASE_FEATURES: []
+              BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
+              BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
+
+            ubuntu18.04:
+              # /mnt
+              ansible_remote_addr: "ubuntu18.04"
+              # this is what the libvirt-qemu connector uses
+              ansible_host: "ubuntu18.04"
+              ansible_ssh_user: "vagrant"
+              BOX_SERVICE_MGR: systemd
+              BOX_HOST_NAME: "Ubuntu18.04"
+              BOX_USER_NAME: "vagrant"
+              BOX_USER_GROUP: "users"
+              BOX_USER_HOME: "/home/vagrant"
+              BOX_OS_FAMILY: Debian
+              BOX_OS_NAME: Ubuntu
+              BOX_OS_FLAVOR: "Ubuntu18"
+              BOX_USR_LIB: lib
+              BOX_DEFAULT_OUTPUT_IF: eth0
+              BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives"
+              ansible_python_interpreter: "/usr/bin/python3.6"
+              BOX_PYTHON2_MINOR: ""
+              BOX_PYTHON3_MINOR: "3.6"
+              BOX_REMOTE_MOUNTS: ['/mnt/o']
+    #            BOX_WHONIX_PROXY_HOST: "Whonix-Gateway"
+    #            BOX_PROXY_MODE: ws
+              # FixMe
+              base_system_users: ['vagrant']
+              BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
+
+          vars:
+            BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"]
+            # proxy from environment
+    #        ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
+    #        ansible_ssh_host: "127.0.0.1"
+            BOX_ROOT_GROUP: root
+            BOX_PROXY_MODE: client
+            http_proxy: "http://127.0.0.1:3128"
+            https_proxy: "http://127.0.0.1:9128"
+            socks_proxy: "socks5://127.0.0.1:9050"
+            no_proxy: "localhost,127.0.0.1,127.0.0.1"
+
+        linux_chroot_group :
+
+          hosts:
+
+            linuxGentoo:
+
+              ansible_remote_addr: "/mnt/gentoo"
+              # required
+              ansible_host: "/mnt/gentoo"
+              BOX_SERVICE_MGR: "openrc"
+              BOX_HOST_NAME: "gentoo"
+              BOX_USER_NAME: "gentoo"
+              BOX_USER_GROUP: "adm"
+              BOX_USER_HOME: "/home/gentoo"
+              BOX_OS_FAMILY: Gentoo
+              BOX_OS_NAME: gentoo
+              BOX_OS_FLAVOR: "Gentoo"
+              BOX_USR_LIB: lib64
+              BOX_DEFAULT_OUTPUT_IF: wlan6
+              BASE_PORTAGE_PYTHON_MINOR: 3.11
+              ansible_python_interpreter: "/usr/bin/python3.11"
+              BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
+              BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
+              BOX_ALSO_USERS:
+                - gentoo
+              BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
+              BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
+
+            linuxPen19:
+
+              ansible_remote_addr: "/mnt/linuxPen19"
+              # required
+              ansible_host: "/mnt/linuxPen19"
+              BOX_SERVICE_MGR: "openrc"
+              BOX_HOST_NAME: "linuxPen19"
+              BOX_USER_NAME: "vagrant"
+              BOX_USER_GROUP: "adm"
+              BOX_USER_HOME: "/home/vagrant"
+              BOX_OS_FAMILY: Gentoo
+              BOX_OS_NAME: gentoo
+              BOX_OS_FLAVOR: "Pentoo"
+              BOX_USR_LIB: lib64
+              BOX_DEFAULT_OUTPUT_IF: wlan6
+              BASE_PORTAGE_PYTHON_MINOR: 3.11
+              ansible_python_interpreter: "/usr/bin/python3.11"
+              BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles"
+              BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
+              BOX_ALSO_USERS:
+                - gentoo
+              BOX_BASE_FEATURES: []
+              BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker']
+              BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
+
+          # linux_chroot_group  vars
+          vars:
+            BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"]
+            # ignored? chroot_connection/exe in ansible.cfg?
+            ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash"
+
+            #? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1"
+            #  -i "PATH"
+            #  -i "http_proxy https_proxy socks_proxy no_proxy"
+            #? -l
+            # for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm"
+      vars: # linux_unix_group
+        # toxcore
+        BOX_NBD_DEV: nbd1
+        BOX_NBD_MP: /mnt/gentoo
+        BOX_NBD_OVERLAY_NAME: "gentoo1"
+        BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
+        BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
+        BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
+        BOX_NBD_KERNEL_DIR: /usr/src/linux
+        BOX_NBD_BASE_PROFILE: openrc
+        BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
+        BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
+        BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2"
+        BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
+
+        # libvirt overlay
+        BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
+        BOX_NBD_LOGLEVEL: 10
+        BOX_NBD_OVERLAY_GB: "20"
+        BOX_NBD_OVERLAY_CPUS: 1
+        BOX_NBD_OVERLAY_RAM: 2048
+        BOX_NBD_OVERLAY_BR: virbr1
+        # unused?
+        BOX_NBD_OVERLAY_NETWORK: default
+        # plaintext
+        BOX_NBD_OVERLAY_PASS: "gentoo"
+        BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
+
+
+  vars:
+    # These come from the inventory overridden for connection = local,chroot in base_proxy.yml
+    http_proxy:  ""
+    https_proxy: ""
+    socks_proxy: ""
+    ftp_proxy:   ""
+    no_proxy:    "localhost,127.0.0.1"
+    SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
+    RSYNC_PROXY: ""
+
+    BOX_OS_FAMILY: ""
+    BOX_OS_NAME: ""
+    BOX_OS_FLAVOR: ""
+    BOX_DEFAULT_OUTPUT_IF: ""
+    BOX_ALSO_GROUP: "adm"
+
+    # only common to local and vagrant because /mnt/j is remote mounted - need a linux_group
+    BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip"
+    BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip"
+
+    HOST_MOUNT_SYMLINKS: []
+    HOST_MOUNT_SYMLINK_CONTENTS: {}
+
+    LXD_TRUST_PASSWORD: sekret
+
+    BOX_HOST_CONTAINER_MOUNTS:
+      - /mnt/l
+      - /mnt/e
+      - /mnt/h
+      - /mnt/i
+      - /mnt/j
+      - /mnt/q
+      - /mnt/w
+      - /mnt/o
+
+    BOX_DOS_SCAN_DIRS:
+      - /mnt/h
+      - /mnt/i
+      - /mnt/j
+      - /mnt/e
+      - /mnt/q
+      - /mnt/w
+      - /mnt/c
+
+    # These will fluctuate with what's been started - it's safe to open them all
+    # FixMe: should these go on no_proxy systematically
+    PRIV_TOR_LOCAL_NETS:
+      - "192.168.56.0/24"
+
+    BOX_ALSO_USERS: []
+    BOX_PYTHON2_MINOR: ""
+    BOX_PYTHON3_MINOR: "3.11"
+    BOX_BASH_SHELL: /bin/bash
+    BOX_IPV6_DISABLE: 1
+    BOX_EMACS_VERSION: 27
+
+    BOX_ROOT_USER: root
+    BOX_ROOT_GROUP: root
+
+    BOX_BYPASS_PROXY_GROUP: tor
+    BOX_FIREWALL_ALLOW_TRANS: false
+    BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
+
+    BOX_BASE_FEATURES: []
+    BOX_LOGG_FEATURES: []
+    BOX_KEYS_FEATURES: ['tpm2'] # truecrypt
+    BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail
+    # libvirt means  'qemu'
+    BOX_HOSTVMS_FEATURES: []
+
+    BOX_MISP_FEATURES: [] # 'kitchen'
+    BOX_W3AF_FEATURES: [] # 'kitchen'
+    BOX_MISP_GPG_PASS: gpg_pass_to_change_fast
+
+    BOX_timezone: UTC
+    BOX_hwclock_local: false
+    BOX_hwclock_systohc: true
+    BOX_hwclock_hctosys: false
+
+    BOX_PROXY_MODE: ""
+    BOX_DNS_PROXY: dnsmasq
+    BOX_TIME_DAEMON: ntpd
+    BOX_NTP_GROUP: ntp
+    BOX_NET_MANAGER: "networkmanager"
+    BOX_HTTP_PROXY: privoxy
+
+    # toxcore
+    BOX_NBD_DEV: ""
+    BOX_NBD_MP: ""
+    BOX_NBD_FILES: ""
+    BOX_NBD_LOGLEVEL: 20
+    BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
+    BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
+    BOX_NBD_KERNEL_DIR: /usr/src/linux
+    BOX_NBD_BASE_PROFILE: openrc
+    BOX_NBD_BASE_DIR: ""
+    BOX_NBD_BASE_QCOW: ""
+    BOX_NBD_BASE_PUBKEY: ""
+
+    # libvirt overlay
+    BOX_NBD_OVERLAY_QCOW: ""
+    BOX_NBD_OVERLAY_DIR: ""
+    BOX_NBD_OVERLAY_BR: ""
+    BOX_NBD_OVERLAY_GB: "20"
+    BOX_NBD_OVERLAY_NAME: ""
+    BOX_NBD_OVERLAY_CPUS: 1
+    BOX_NBD_OVERLAY_RAM: 2048
+    # plaintext
+    BOX_NBD_OVERLAY_PASS: ""
+    BOX_GENTOOIMGR_CONFIGFILE: ""
+
+# Controls what compression method is used for new-style ansible modules when
+# they are sent to the remote system. The compression types depend on having
+# support compiled into both the controller's python and the client's python.
+# The names should match with the python Zipfile compression types:
+# * ZIP_STORED (no compression. available everywhere)
+# * ZIP_DEFLATED (uses zlib, the default)
+# These values may be set per host via the ansible_module_compression inventory variable.
+#
+    ansible_module_compression: "ZIP_STORED"
+    ansible_python_interpreter: "/usr/local/bin/python3.sh"
+
+    BOX_ANSIBLE_VERSION: "2.9.22"
+    #  Cannot communicate securely with peer: no common encryption algorithm(s).
+    #  git.kernel.org/ sslversion = tlsv1.3
+    BOX_TLS_VERSION: "1.3"
+    BOX_SSL_GIT_SSLVERSION: "1.3"
+
+    # unused so far - needed by src/ansible_gentooimgr/gentooimgr/
+    BOX_ARCHITECTURE: amd64
+    BOX_SUBTYPE: -hardened
+    # https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt
+    GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt"
+    # plus .gpgsig and .md5sum
+    GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz"
+    BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
+    #? Gentoo specific?
+
+    # unused so far
+    # missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database
+    # /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml
+    box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx"
+
+    BOX_WHONIX_PROXY_HOST: ""
+    BOX_PROXY_FEATURES: []
+    BOX_GPG_SERVER: "keys.gnupg.net"
+    BOX_USR_LIB: lib
+    # if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else ''
+    BOX_GENTOO_FROM_MP: ''
+
+    # bc
+    MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}"
+
+#        # These are inventory overridden for connection = chroot in base_proxy.yml
+#        http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}"
+#        https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}"
+#        socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}"
+#        no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}"
--- a/etc/libvirt/qemu/gentoo_bridge.xml
+++ b/etc/libvirt/qemu/gentoo_bridge.xml
@ -0,0 +1,255 @@
+<domain type='kvm' id='20'>
+  <name>gentoo_bridge</name>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://gentoo.org/gentoo/rolling"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-7.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough' check='none' migratable='on'/>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/root/vms/virsh/images/gentoo5.img' index='2'/>
+      <backingStore type='file' index='3'>
+        <format type='qcow2'/>
+        <source file='/g/Linux/net/Http/mirror.init7.net/gentoo/experimental/amd64/openstack/gentoo-openstack-amd64-hardened-latest.qcow2'/>
+        <backingStore/>
+      </backingStore>
+      <target dev='vda' bus='virtio'/>
+      <alias name='virtio-disk0'/>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <source file='/root/vms/virsh/images/gentoo5-cidata.img' index='1'/>
+      <backingStore/>
+      <target dev='sda' bus='sata'/>
+      <readonly/>
+      <alias name='sata0-0-0'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <alias name='usb'/>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'>
+      <alias name='pcie.0'/>
+    </controller>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <alias name='pci.1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <alias name='pci.2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <alias name='pci.3'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <alias name='pci.4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <alias name='pci.5'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <alias name='pci.6'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <alias name='pci.7'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <alias name='pci.8'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <alias name='pci.9'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <alias name='pci.10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <alias name='pci.11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <alias name='pci.12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <alias name='pci.13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <alias name='pci.14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <alias name='ide'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <alias name='virtio-serial0'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <alias name='pci.15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-to-pci-bridge'>
+      <model name='pcie-pci-bridge'/>
+      <alias name='pci.16'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:e8:20:5a'/>
+      <source bridge='virbr0'/>
+      <target dev='vnet17'/>
+      <model type='virtio'/>
+      <alias name='net0'/>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <source path='/dev/pts/12'/>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+      <alias name='serial0'/>
+    </serial>
+    <console type='pty' tty='/dev/pts/12'>
+      <source path='/dev/pts/12'/>
+      <target type='serial' port='0'/>
+      <alias name='serial0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0' state='disconnected'/>
+      <alias name='channel0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-20-gentoo5/org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
+      <alias name='channel1'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <alias name='input0'/>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'>
+      <alias name='input1'/>
+    </input>
+    <input type='keyboard' bus='ps2'>
+      <alias name='input2'/>
+    </input>
+    <graphics type='spice'>
+      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-20-gentoo5/spice.sock'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <alias name='sound0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <audio id='1' type='spice'/>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <alias name='video0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir0'/>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir1'/>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <watchdog model='i6300esb' action='reset'>
+      <alias name='watchdog0'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x01' function='0x0'/>
+    </watchdog>
+    <memballoon model='virtio'>
+      <alias name='balloon0'/>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <alias name='rng0'/>
+      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'>
+    <label>libvirt-c7a5d87b-348e-412c-9e81-afce3232ff65</label>
+    <imagelabel>libvirt-c7a5d87b-348e-412c-9e81-afce3232ff65</imagelabel>
+  </seclabel>
+  <seclabel type='dynamic' model='dac' relabel='yes'>
+    <label>+0:+0</label>
+    <imagelabel>+0:+0</imagelabel>
+  </seclabel>
+</domain>
+
--- a/etc/libvirt/qemu/gentoo_network.xml
+++ b/etc/libvirt/qemu/gentoo_network.xml
@ -0,0 +1,255 @@
+<domain type='kvm' id='33'>
+  <name>gentoo_network</name>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://gentoo.org/gentoo/rolling"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-q35-7.2'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough' check='none' migratable='on'/>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/root/vms/virsh/images/gentoo6.img' index='2'/>
+      <backingStore type='file' index='3'>
+        <format type='qcow2'/>
+        <source file='/g/Linux/net/Http/mirror.init7.net/gentoo/experimental/amd64/openstack/gentoo-openstack-amd64-hardened-latest.qcow2'/>
+        <backingStore/>
+      </backingStore>
+      <target dev='vda' bus='virtio'/>
+      <alias name='virtio-disk0'/>
+      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <source file='/root/vms/virsh/images/gentoo6-cidata.img' index='1'/>
+      <backingStore/>
+      <target dev='sda' bus='sata'/>
+      <readonly/>
+      <alias name='sata0-0-0'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
+      <alias name='usb'/>
+      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='pci' index='0' model='pcie-root'>
+      <alias name='pcie.0'/>
+    </controller>
+    <controller type='pci' index='1' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='1' port='0x10'/>
+      <alias name='pci.1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='2' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='2' port='0x11'/>
+      <alias name='pci.2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
+    </controller>
+    <controller type='pci' index='3' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='3' port='0x12'/>
+      <alias name='pci.3'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
+    </controller>
+    <controller type='pci' index='4' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='4' port='0x13'/>
+      <alias name='pci.4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
+    </controller>
+    <controller type='pci' index='5' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='5' port='0x14'/>
+      <alias name='pci.5'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
+    </controller>
+    <controller type='pci' index='6' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='6' port='0x15'/>
+      <alias name='pci.6'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
+    </controller>
+    <controller type='pci' index='7' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='7' port='0x16'/>
+      <alias name='pci.7'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
+    </controller>
+    <controller type='pci' index='8' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='8' port='0x17'/>
+      <alias name='pci.8'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
+    </controller>
+    <controller type='pci' index='9' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='9' port='0x18'/>
+      <alias name='pci.9'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='pci' index='10' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='10' port='0x19'/>
+      <alias name='pci.10'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x1'/>
+    </controller>
+    <controller type='pci' index='11' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='11' port='0x1a'/>
+      <alias name='pci.11'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x2'/>
+    </controller>
+    <controller type='pci' index='12' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='12' port='0x1b'/>
+      <alias name='pci.12'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x3'/>
+    </controller>
+    <controller type='pci' index='13' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='13' port='0x1c'/>
+      <alias name='pci.13'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x4'/>
+    </controller>
+    <controller type='pci' index='14' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='14' port='0x1d'/>
+      <alias name='pci.14'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x5'/>
+    </controller>
+    <controller type='sata' index='0'>
+      <alias name='ide'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <alias name='virtio-serial0'/>
+      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
+    </controller>
+    <controller type='pci' index='15' model='pcie-root-port'>
+      <model name='pcie-root-port'/>
+      <target chassis='15' port='0x1e'/>
+      <alias name='pci.15'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x6'/>
+    </controller>
+    <controller type='pci' index='16' model='pcie-to-pci-bridge'>
+      <model name='pcie-pci-bridge'/>
+      <alias name='pci.16'/>
+      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
+    </controller>
+    <interface type='network'>
+      <mac address='52:54:00:1d:9c:6f'/>
+      <source network='Whonix-External' portid='7748c5ca-d57c-4913-9d00-aa7884b87666' bridge='virbr1'/>
+      <target dev='vnet29'/>
+      <model type='virtio'/>
+      <alias name='net0'/>
+      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <source path='/dev/pts/0'/>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+      <alias name='serial0'/>
+    </serial>
+    <console type='pty' tty='/dev/pts/0'>
+      <source path='/dev/pts/0'/>
+      <target type='serial' port='0'/>
+      <alias name='serial0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0' state='disconnected'/>
+      <alias name='channel0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-33-gentoo6/org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
+      <alias name='channel1'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <alias name='input0'/>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'>
+      <alias name='input1'/>
+    </input>
+    <input type='keyboard' bus='ps2'>
+      <alias name='input2'/>
+    </input>
+    <graphics type='spice'>
+      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-33-gentoo6/spice.sock'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich9'>
+      <alias name='sound0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/>
+    </sound>
+    <audio id='1' type='spice'/>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <alias name='video0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir0'/>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir1'/>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <watchdog model='i6300esb' action='reset'>
+      <alias name='watchdog0'/>
+      <address type='pci' domain='0x0000' bus='0x10' slot='0x01' function='0x0'/>
+    </watchdog>
+    <memballoon model='virtio'>
+      <alias name='balloon0'/>
+      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <alias name='rng0'/>
+      <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='dynamic' model='apparmor' relabel='yes'>
+    <label>libvirt-069ed70a-e004-4120-9987-81a4a2c650d2</label>
+    <imagelabel>libvirt-069ed70a-e004-4120-9987-81a4a2c650d2</imagelabel>
+  </seclabel>
+  <seclabel type='dynamic' model='dac' relabel='yes'>
+    <label>+0:+0</label>
+    <imagelabel>+0:+0</imagelabel>
+  </seclabel>
+</domain>
+