# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*- # use double quotes exclusively around strings and # use single quotes exclusively with lists - for bash post-processing all: children: vbox_winrm_group: hosts: y_UEFI_MediCat_VHD_DW: # /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0 # doesnt work: ansible_connection: "libvirt_qemu" BOX_SERVICE_MGR: "win11" BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW" UPD_WINRM_CRT_PASSWORD: "" UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for " UPD_WINRM_FILE_BASE: "winrm-win11vbox" UPD_WINRM_KEY_BITS: 4096 UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D" UPD_WINRM_HOST_DEV: "vboxnet0" UPD_WINRM_ADMIN_NAME: "administrator" UPD_WINRM_ADMIN_PASS: "" # NOT remote_addr: ansible_winrm_host: "192.168.56.1" # remote_user ansible_winrm_user: "administrator" BOX_DEFAULT_OUTPUT_IF: fixme UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin" UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin" # List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc) # python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES' # ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp'] # FixMe: which one works? UPD_WINRM_WINRM_TRANSPORT: "basic" # Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B vars: #maybe ansible_connection: "winrm" BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"] ansible_winrm_port: 5985 ansible_winrm_scheme: http ansible_winrm_transport: ['basic', 'plaintext', 'certificate', 'ssl'] # NOT remote_user # ansible_user ansible_winrm_user: "Administrator" #? ansible_password: "" ansible_winrm_server_cert_validation: ignore validate_certs: false # NO proxy from environment - or ensure no_proxy no_proxy: "localhost,127.0.0.1,192.168.56.1" linux_unix_group: children: linux_local_group: hosts: pentoo: ansible_remote_addr: "/mnt/linuxPen19" BOX_HOST_NAME: "pentoo" BOX_SERVICE_MGR: "openrc" BOX_USER_NAME: "vagrant" BOX_USER_GROUP: "users" BOX_USER_HOME: "/home/vagrant" BOX_OS_FAMILY: Gentoo BOX_OS_NAME: gentoo BOX_OS_FLAVOR: "Pentoo" BOX_USR_LIB: lib BOX_DEFAULT_OUTPUT_IF: wlan4 BOX_PROXY_MODE: selektor BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties # /usr/lib/jvm/openjdk-bin-*/conf/net.properties BOX_ALSO_USERS: - pentoo BOX_PORTAGE_PYTHON_MINOR: "3.11" BOX_PYTHON2_MINOR: "2.7" BOX_PYTHON3_MINOR: "3.11" BOX_GENTOO_FROM_MP: "/" devuan: ansible_remote_addr: "/mnt/linuxDev4" #ignored for local BOX_HOST_NAME: "devuan" BOX_SERVICE_MGR: "sysvinit" BOX_USER_NAME: "devuan" BOX_USER_GROUP: "adm" BOX_USER_HOME: "/home/devuan" BOX_OS_FAMILY: Debian BOX_OS_NAME: Devuan BOX_OS_FLAVOR: "Devuan" BOX_USR_LIB: lib BOX_DEFAULT_OUTPUT_IF: wlan6 BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives" BOX_ALSO_USERS: [] BOX_PORTAGE_PYTHON_MINOR: "3.11" BOX_PYTHON2_MINOR: "2.7" BOX_PYTHON3_MINOR: "3.11" BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties BOX_PROXY_MODE: tor BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" vars: BOX_ANSIBLE_CONNECTIONS: ["local"] BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o', '/mnt/mnt/linuxPen19'] BOX_BASE_FEATURES: ['insecure_sudo'] BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy'] BOX_TOXCORE_FEATURES: [] # libvirt_group could also be ssh_group linux_libvirt_group: hosts: gentoo_overlay-2: ansible_remote_addr: "gentoo_overlay-2" ansible_host: "gentoo_overlay-2" ansible_ssh_user: "gentoo" BOX_SERVICE_MGR: "openrc" BOX_HOST_NAME: "gentoo_overlay-2" BOX_USER_NAME: "gentoo" BOX_USER_GROUP: "adm" BOX_ALSO_GROUP: "adm" BOX_USER_HOME: "/home/gentoo" BOX_OS_NAME: Gentoo BOX_OS_FAMILY: Gentoo BOX_OS_FLAVOR: "Gentoo" BOX_PROXY_MODE: nat BOX_USR_LIB: lib64 BOX_DEFAULT_OUTPUT_IF: eth0 BOX_PYTHON2_MINOR: "" BOX_PYTHON3_MINOR: "3.11" BASE_PORTAGE_PYTHON_MINOR: 3.11 BOX_HOST_CONTAINER_MOUNTS: [] BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties BOX_ALSO_USERS: - gentoo BOX_BASE_FEATURES: [] BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" BOX_NBD_OVERLAY_NAME: "gentoo_overlay-2" # was gentoo1 BOX_NBD_OVERLAY_BASE: "/a/tmp/GentooImgr/gentoo_base-2.qcow2" BOX_NBD_OVERLAY_QCOW: "/a/tmp/GentooImgr/create-vm/images/gentoo_overlay-2.img" gentoo_vm-2: # vm no overlay, copy of the overlay's base ansible_remote_addr: "gentoo_vm-2" ansible_host: "gentoo_vm-2" ansible_ssh_user: "gentoo" BOX_SERVICE_MGR: "openrc" BOX_HOST_NAME: "gentoo_vm-2" BOX_USER_NAME: "gentoo" BOX_USER_GROUP: "adm" BOX_ALSO_GROUP: "adm" BOX_USER_HOME: "/home/gentoo" BOX_OS_NAME: Gentoo BOX_OS_FAMILY: Gentoo BOX_OS_FLAVOR: "Gentoo" BOX_PROXY_MODE: nat BOX_USR_LIB: lib64 BOX_DEFAULT_OUTPUT_IF: eth0 BOX_PYTHON2_MINOR: "" BOX_PYTHON3_MINOR: "3.11" BASE_PORTAGE_PYTHON_MINOR: 3.11 BOX_HOST_CONTAINER_MOUNTS: [] BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties BOX_ALSO_USERS: - gentoo BOX_BASE_FEATURES: [] BOX_TOXCORE_FEATURES: ['libvirt'] # ', 'docker BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" BOX_VM_NAME: "gentoo_vm-2" # was gentoo1 BOX_VM_QCOW: "/o/var/lib/libvirt/images/gentoo_vm-2.qcow2" ubuntu18.04: # /mnt ansible_remote_addr: "ubuntu18.04" # this is what the libvirt-qemu connector uses ansible_host: "ubuntu18.04" ansible_ssh_user: "vagrant" BOX_SERVICE_MGR: systemd BOX_HOST_NAME: "Ubuntu18.04" BOX_USER_NAME: "vagrant" BOX_USER_GROUP: "users" BOX_USER_HOME: "/home/vagrant" BOX_OS_FAMILY: Debian BOX_OS_NAME: Ubuntu BOX_OS_FLAVOR: "Ubuntu18" BOX_USR_LIB: lib BOX_DEFAULT_OUTPUT_IF: eth0 BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives" ansible_python_interpreter: "/usr/bin/python3.6" BOX_PYTHON2_MINOR: "" BOX_PYTHON3_MINOR: "3.6" BOX_REMOTE_MOUNTS: ['/mnt/o'] # BOX_WHONIX_PROXY_HOST: "Whonix-Gateway" # BOX_PROXY_MODE: ws # FixMe base_system_users: ['vagrant'] BOX_TOXCORE_FEATURES: ['libvirt', 'docker'] vars: BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"] # proxy from environment # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" # ansible_ssh_host: "127.0.0.1" BOX_NBD_OVERLAY_EXTERNAL: "0.0.0.0" http_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" https_proxy: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128" socks_proxy: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050" ftp_proxy: "" RSYNC_PROXY : "{{BOX_NBD_OVERLAY_EXTERNAL}}:3128" no_proxy: "localhost,127.0.0.1" linux_chroot_group : hosts: linuxGentoo: ansible_remote_addr: "/mnt/gentoo" # required ansible_host: "/mnt/gentoo" BOX_SERVICE_MGR: "openrc" BOX_HOST_NAME: "gentoo" BOX_USER_NAME: "gentoo" BOX_USER_GROUP: "adm" BOX_USER_HOME: "/home/gentoo" BOX_OS_FAMILY: Gentoo BOX_OS_NAME: gentoo BOX_OS_FLAVOR: "Gentoo" BOX_USR_LIB: lib64 BOX_DEFAULT_OUTPUT_IF: wlan6 BASE_PORTAGE_PYTHON_MINOR: 3.11 ansible_python_interpreter: "/usr/bin/python3.11" BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles" BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties BOX_ALSO_USERS: - gentoo BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" BOX_GENTOO_FROM_MP: "/mnt/linuxPen19" linuxPen19: ansible_remote_addr: "/mnt/linuxPen19" # required ansible_host: "/mnt/linuxPen19" BOX_SERVICE_MGR: "openrc" BOX_HOST_NAME: "linuxPen19" BOX_USER_NAME: "vagrant" BOX_USER_GROUP: "adm" BOX_USER_HOME: "/home/vagrant" BOX_OS_FAMILY: Gentoo BOX_OS_NAME: gentoo BOX_OS_FLAVOR: "Pentoo" BOX_USR_LIB: lib64 BOX_DEFAULT_OUTPUT_IF: wlan6 BASE_PORTAGE_PYTHON_MINOR: 3.11 ansible_python_interpreter: "/usr/bin/python3.11" BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles" BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties BOX_ALSO_USERS: - gentoo BOX_BASE_FEATURES: [] BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker'] BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}" # linux_chroot_group vars vars: BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"] # ignored? chroot_connection/exe in ansible.cfg? ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash" #? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1" # -i "PATH" # -i "http_proxy https_proxy socks_proxy no_proxy" #? -l # for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm" vars: # linux_unix_group # toxcore BOX_NBD_DEV: nbd1 BOX_NBD_MP: /mnt/gentoo BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr" BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" BOX_NBD_KERNEL_DIR: /usr/src/linux BOX_NBD_BASE_PROFILE: openrc BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr" BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2" BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub" # libvirt overlay BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm" BOX_NBD_LOGLEVEL: 10 BOX_NBD_OVERLAY_GB: "20" BOX_NBD_OVERLAY_CPUS: 1 BOX_NBD_OVERLAY_RAM: 2048 BOX_NBD_OVERLAY_BR: virbr1 BOX_NBD_OVERLAY_SUBNET: 10.0.2.0 BOX_NBD_OVERLAY_NETWORK: External # plaintext BOX_NBD_OVERLAY_PASS: "gentoo" BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json" vars: # These come from the inventory overridden for connection = local,chroot in base_proxy.yml http_proxy: "" https_proxy: "" socks_proxy: "" ftp_proxy: "" RSYNC_PROXY: "" no_proxy: "localhost,127.0.0.1" SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem" BOX_OS_FAMILY: "" BOX_OS_NAME: "" BOX_OS_FLAVOR: "" BOX_DEFAULT_OUTPUT_IF: "" BOX_ALSO_GROUP: "adm" # only common to local and vagrant because /mnt/j is remote mounted - need a linux_group BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip" BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip" HOST_MOUNT_SYMLINKS: [] HOST_MOUNT_SYMLINK_CONTENTS: {} LXD_TRUST_PASSWORD: sekret BOX_HOST_CONTAINER_MOUNTS: - /mnt/l - /mnt/e - /mnt/h - /mnt/i - /mnt/j - /mnt/q - /mnt/w - /mnt/o BOX_DOS_SCAN_DIRS: - /mnt/h - /mnt/i - /mnt/j - /mnt/e - /mnt/q - /mnt/w - /mnt/c # These will fluctuate with what's been started - it's safe to open them all # FixMe: should these go on no_proxy systematically PRIV_TOR_LOCAL_NETS: - "192.168.56.0/24" BOX_ALSO_USERS: [] BOX_PYTHON2_MINOR: "" BOX_PYTHON3_MINOR: "3.11" BOX_BASH_SHELL: /bin/bash BOX_IPV6_DISABLE: 1 BOX_EMACS_VERSION: 27 BOX_ROOT_USER: root BOX_ROOT_GROUP: root BOX_BYPASS_PROXY_GROUP: tor BOX_FIREWALL_ALLOW_TRANS: false BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties BOX_BASE_FEATURES: [] BOX_LOGG_FEATURES: [] BOX_KEYS_FEATURES: ['tpm2'] # truecrypt BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail # libvirt means 'qemu' BOX_HOSTVMS_FEATURES: [] BOX_MISP_FEATURES: [] # 'kitchen' BOX_W3AF_FEATURES: [] # 'kitchen' BOX_MISP_GPG_PASS: gpg_pass_to_change_fast BOX_timezone: UTC BOX_hwclock_local: false BOX_hwclock_systohc: true BOX_hwclock_hctosys: false BOX_PROXY_MODE: "" BOX_DNS_PROXY: dnsmasq BOX_TIME_DAEMON: ntpd BOX_NTP_GROUP: ntp BOX_NET_MANAGER: "networkmanager" BOX_HTTP_PROXY: privoxy # toxcore BOX_NBD_DEV: "" BOX_NBD_MP: "" BOX_NBD_FILES: "" BOX_NBD_LOGLEVEL: 20 BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz" BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz" BOX_NBD_KERNEL_DIR: /usr/src/linux BOX_NBD_BASE_PROFILE: openrc BOX_NBD_BASE_DIR: "" BOX_NBD_BASE_QCOW: "" BOX_NBD_BASE_PUBKEY: "" # libvirt overlay BOX_NBD_OVERLAY_QCOW: "" BOX_NBD_OVERLAY_DIR: "" BOX_NBD_OVERLAY_BR: "" BOX_NBD_OVERLAY_GB: "20" BOX_NBD_OVERLAY_NAME: "" BOX_NBD_OVERLAY_CPUS: 1 BOX_NBD_OVERLAY_RAM: 2048 # plaintext BOX_NBD_OVERLAY_PASS: "" BOX_GENTOOIMGR_CONFIGFILE: "" # Controls what compression method is used for new-style ansible modules when # they are sent to the remote system. The compression types depend on having # support compiled into both the controller's python and the client's python. # The names should match with the python Zipfile compression types: # * ZIP_STORED (no compression. available everywhere) # * ZIP_DEFLATED (uses zlib, the default) # These values may be set per host via the ansible_module_compression inventory variable. # ansible_module_compression: "ZIP_STORED" ansible_python_interpreter: "/usr/local/bin/python3.sh" BOX_ANSIBLE_VERSION: "2.9.22" # Cannot communicate securely with peer: no common encryption algorithm(s). # git.kernel.org/ sslversion = tlsv1.3 BOX_TLS_VERSION: "1.3" BOX_SSL_GIT_SSLVERSION: "1.3" # unused so far - needed by src/ansible_gentooimgr/gentooimgr/ BOX_ARCHITECTURE: amd64 BOX_SUBTYPE: -hardened # https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt" # plus .gpgsig and .md5sum GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz" BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles" #? Gentoo specific? # unused so far # missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database # /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx" BOX_WHONIX_PROXY_HOST: "" BOX_PROXY_FEATURES: [] # get this from grep '^keyserver ' /root/.gnupg/dirmngr.conf instead BOX_GPG_SERVER: "keys.gnupg.net" BOX_USR_LIB: lib # if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else '' BOX_GENTOO_FROM_MP: '' # bc MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}" # # These are inventory overridden for connection = chroot in base_proxy.yml # HTTP_PROXY: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" # HTTPS_PROXY: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" # SOCKS_PROXY: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" # NO_PROXY: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}"