# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- --- PROXY_TIME_DAEMON: ntp PROXY_GPG_KEYERVER_URL: hkps:// proxy_masked_services: - apt-daily-upgrade - sdwdate - tb-updater-first-boot # List of proxy packages to install. proxy_debs_inst: # Install packages to allow apt to use a repository over HTTPS: - apt - apt-transport-tor - apt-utils - apt-transport-https - bootlogd - ca-certificates - dnsmasq - ntpdate - bzip2 - corkscrew - console-data - cron - curl - less - mg - netcat - ncat - openssl - passwd - patch - pciutils - perl - perl-base - sudo - unzip - xsltproc - zip - openssh-client - openssh-server - openssh-sftp-server - nmap - wireless-tools - software-properties-common - lsof - ifupdown - iproute2 - iptables - iputils-ping - htop - iotop - jnettop - iw - jq - python3-argcomplete - libnet-ifconfig-wrapper-perl # I need this for Ubuntu even though it come in the bootstrap - 2 setuptools, 1 pip # - pip # for pip - python-cryptography - python3-pkg-resources - python3-pip - python3-setuptools # - python3-wheel # Install packages to allow apt to use a repository over HTTPS: # niceities from testforge - file - findutils - gcc - gdisk - gnupg - gnupg-utils - gnupg2 - gpg - gpg-agent - gpg-wks-client - gpg-wks-server - grep - groff-base - haveged - hostname - init - init-system-helpers - inotify-tools - install-info - iso-codes - kbd - keyboard-configuration - klibc-utils - login - lsb-base - lsb-release - lynx - make - man-db - mount - nano - ncurses-base - ncurses-bin - ncurses-term - net-tools - netbase - parted - pinentry-curses - pm-utils - policykit-1 - policykit-1-gnome - policyrcd-script-zg2 - powermgmt-base - procps - psmisc - rsync - sed - strace - tar - traceroute - tzdata - upower - util-linux - wget - xz-utils - geoip-bin - nss-plugin-pem - torsocks - whois - yamllint # drawn in - python3-yaml proxy_kicksecure_debs_inst: - scurl - usability-misc proxy_qemu_guest_debs_inst: - qemu-guest-agent proxy_pips2_inst: [] proxy_pips3_inst: - jq proxy_pips_reinstall: # pip prerequisites - setuptools - appdirs - ipaddress - six - cachecontrol - pyparsing - colorama #? - distlib - html5lib #? - lockfile - packaging - requests - webencodings - jq # pip itself? NO - cryptography # - pyOpenSSL - paramiko - Jinja2 - pyasn1 - bcrypt - PyNaCl - cffi - idna - asn1crypto # whonix general - acpi-support - acpi-support-base - acpid - adduser - busybox - console-common - console-data - console-setup - console-setup-linux - coreutils - cpio cntlm_pid_file: /var/run/cntlm/cntlm.pid # BOX_OS_FLAVOR in ['WhonixGateway']}}" proxy_gateway_debs_inst: [] # BOX_OS_FLAVOR in ['KickSecure', 'WhonixGateway', 'WhonixWorkstation'] proxy_xfce_debs_inst: - apt-transport-https - libnetfilter-conntrack3 - dnsmasq-base - dnsmasq - firmware-linux-free - firmware-misc-nonfree - firmware-amd-graphics - firmware-linux-nonfree - firmware-linux - firmware-atheros - firmware-iwlwifi #linux-headers-5.8.0-0.bpo.2-amd64 #linux-image-5.8.0-0.bpo.2-amd64 - ntpdate - corkscrew - cron - mg # No package matching 'liblua5.3' is available # - liblua5.3 - netcat-traditional - netcat - ncat - xsltproc - openssh-client - openssh-server - openssh-sftp-server - polipo - nmap-common - libgfortran5 - libblas3 - liblinear3 - libncurses-dev - libreadline-dev - nmap - wireless-tools - gir1.2-glib-2.0 - gir1.2-packagekitglib-1.0 - python3-dbus - libgirepository-1.0 - python3-gi - python3-pycurl - python3-software-properties - software-properties-common - ifupdown - libpcap0.8 - libnfnetlink0 - libnftnl11 - libiptc0 - libip6tc0 - libip6tc0 - libnetfilter-conntrack3 - iptables - htop - iotop - libpcap0.8 - jnettop - python3-argcomplete - libnet-ifconfig-wrapper-perl # I need this for Ubuntu even though it come in the bootstrap - 2 setuptools, 1 pip #pip #! python-cryptography #! python3-pkg-resources #! apython3-pip #! python3-setuptools #! python3-wheel - install-info - lynx-common - lynx - ncurses-term - rsync - traceroute - tzdata - geoip-bin - nss-plugin-pem - scurl - torsocks - whois ## non-qubes-whonix-gateway-xfce - xauth # kicksecure-desktop-applications-recommended : Depends: monero-gui - libpackagekit-glib2-18 # kicksecure-xfce-vm: kicksecure-cli-vm, kicksecure-xfce, kicksecure-network-conf-gui, non-qubes-audio, non-qubes-vm-enhancements-gui, kicksecure-desktop-applications-recommended ## The following NEW packages will be installed: ## apt-transport-https corkscrew cron dnsmasq dnsmasq-base ## firmware-amd-graphics firmware-atheros firmware-iwlwifi firmware-linux ## firmware-linux-free firmware-linux-nonfree firmware-misc-nonfree geoip-bin ## gir1.2-glib-2.0 gir1.2-packagekitglib-1.0 htop ifupdown install-info iotop # No package matching 'liblua5.3' is available## # xiptables jnettop libblas3 libgfortran5 libgirepository-1.0-1 libip6tc0 ## libiptc0 libiw30 liblinear3 liblua5.3-0 liblua5.3-0-dbg liblua5.3-dev ## libncurses-dev libnet-ifconfig-wrapper-perl libnetfilter-conntrack3 ## libnfnetlink0 libnftnl11 libpackagekit-glib2-18 libpcap0.8 libreadline-dev ## lynx lynx-common mg ncat ncurses-term netcat netcat-traditional nmap ## nmap-common nss-plugin-pem ntpdate openssh-client openssh-server ## openssh-sftp-server polipo python3-argcomplete python3-dbus python3-gi ## python3-pycurl python3-software-properties rsync scurl ## software-properties-common torsocks traceroute whois wireless-tools xauth ## xsltproc # RAW complete overlap whonix_gateway_debs: - anon-apps-config - anon-apt-sources-list - anon-connection-wizard - anon-gw-anonymizer-config - anon-gw-base-files - anon-icon-pack - apparmor - apparmor-profile-dist - apparmor-utils - arc-theme - auditd - basez - bash - bash-completion - bc - bind9-host - bindp - binutils - binutils-common - binutils-x86-64-linux-gnu - bootclockrandomization - bsdmainutils - bsdtar - bsdutils - bubblewrap - cryptsetup - cryptsetup-bin - cryptsetup-initramfs - cryptsetup-run - damngpl - dash - dbus - dbus-user-session - dconf-gsettings-backend - dconf-service - debconf - debian-archive-keyring - debianutils - debsums - desktop-file-utils - dialog - dictionaries-common - diffutils - dirmngr - dist-base-files - distro-info-data - dkms - dmidecode - dmsetup - dnsutils - dpkg - dpkg-dev - e2fslibs - e2fsprogs - eatmydata - elpa-auto-complete - elpa-concurrent - elpa-ctable - elpa-deferred - elpa-epc - elpa-jedi - elpa-jedi-core - elpa-popup - elpa-python-environment - exo-utils - faketime - fdisk - flashproxy-client - flashproxy-common - fontconfig - fontconfig-config - fonts-dejavu-core - fteproxy - gettext-base - gir1.2-atk-1.0 - gir1.2-freedesktop - gir1.2-gdkpixbuf-2.0 - gir1.2-glib-2.0 - gir1.2-gtk-3.0 - gir1.2-pango-1.0 - glib-networking - glib-networking-common - glib-networking-services - gnome-brave-icon-theme - gnome-colors-common - gnome-icon-theme - gnome-themes-extra - gnome-themes-extra-data - gnustep-base-common - gnustep-base-runtime - gnustep-common - gpgconf - gpgsm - gpgv - hardened-malloc - helper-scripts - hicolor-icon-theme - jitterentropy-rngd - kicksecure-dependencies-cli - linux-headers-amd64 - linux-image-amd64 - live-boot - live-boot-initramfs-tools - live-tools - locales - mawk - menu - mime-support - most - mousepad - msgcollector - msgcollector-gui - non-qubes-vm-enhancements-cli - non-qubes-vm-enhancements-gui - non-qubes-whonix-gateway-cli - nyx - obfs4proxy - obfsproxy - onion-grater - onioncircuits - open-link-confirmation - openvpn - os-prober - p7zip - p7zip-full - pv - pychecker - pymacs - pypy - pypy-ipaddress - pypy-lib - pypy-pkg-resources - pypy-setuptools - pypy-stem - python - python-asn1crypto - python-attr - python-automat - python-cffi-backend - python-constantly - python-crypto - python-enum34 - python-epc - python-fte - python-hyperlink - python-incremental - python-ipaddress - python-m2crypto - python-minimal - python-mode - python-openssl - python-pip-whl - python-pyasn1 - python-pyasn1-modules - python-pyptlib - python-service-identity - python-sexpdata - python-six - python-twisted-bin - python-twisted-core - python-typing - python-yaml - python-zope.interface - python2 - python2-minimal - python2.7 - python2.7-minimal - python3 - python3-apparmor - python3-dateutil - python3-distutils - python3-gevent - python3-gi - python3-greenlet - python3-ipy - python3-jedi - python3-lib2to3 - python3-libapparmor - python3-minimal - python3-parso - python3-pkg-resources - python3-psutil - python3-pycountry - python3-pyqt5 - python3-scapy - python3-sdnotify - python3-sip - python3-six - python3-socks - python3-stem - python3-virtualenv - python3-yaml - python3.7 - python3.7-minimal - rads - readline-common - sdwdate - sdwdate-gui - secure-delete - security-misc - sensible-utils - serial-console-enable - shared-mime-info - sound-theme-freedesktop - spectre-meltdown-checker - spice-vdagent - swap-file-creator - sysfsutils - systemd - systemd-sysv - sysvinit-utils - timesanitycheck - tirdad - tirdad-dkms - tor - tor-control-panel - tor-geoipdb - torsocks - ucf - udev - udisks2 - unar - uwt - vanguards - virt-what - virtualenv - vm-config-dist - vrms # whonix - whonix-base-files - whonix-firewall - whonix-gateway-default-applications-gui - whonix-gateway-packages-dependencies-cli - whonix-gateway-packages-dependencies-pre - whonix-gw-network-conf - whonix-initializer - whonix-legacy - whonix-repository - whonix-setup-wizard - whonix-shared-default-applications-gui - whonix-shared-packages-dependencies-cli - whonix-shared-packages-recommended-cli - whonix-xfce-desktop-config - whonixcheck - whonixsetup - wmctrl - xxd - zenity - zenity-common - zlib1g - zsh - zsh-common - zulucrypt-cli - zulupolkit - yq proxy_libvirt_debs_inst: - libvirt-daemon-system - libvirt-clients - libvirt-daemon - usbutils - usb.ids - libvirt-doc - virt-manager proxy_libs_debs: - libacl1 - libapparmor1 - libapt-inst2.0 - libapt-pkg5.0 - libarchive-tools - libarchive13 - libargon2-1 - libasan5 - libasound2 - libasound2-data - libaspell15 - libassuan0 - libasyncns0 - libatasmart4 - libatk-bridge2.0-0 - libatk1.0-0 - libatk1.0-data - libatomic1 - libatspi2.0-0 - libattr1 - libaudit-common - libaudit1 - libauparse0 - libavahi-client3 - libavahi-common-data - libavahi-common3 - libbind9-161 - libbinutils - libblkid1 - libblockdev-crypto2 - libblockdev-fs2 - libblockdev-loop2 - libblockdev-part-err2 - libblockdev-part2 - libblockdev-swap2 - libblockdev-utils2 - libblockdev2 - libbluray2 - libbrotli1 - libbsd0 - libbz2-1.0 - libc-bin - libc-dev-bin - libc-l10n - libc6 - libc6-dev - libcairo-gobject2 - libcairo2 - libcanberra-gtk3-0 - libcanberra0 - libcap-ng0 - libcap2 - libcap2-bin - libcc1-0 - libcolord2 - libcom-err2 - libcomerr2 - libcrack2 - libcroco3 - libcryptsetup12 - libcups2 - libcurl4 - libdatrie1 - libdb5.3 - libdbus-1-3 - libdbus-glib-1-2 - libdconf1 - libdebconfclient0 - libdevmapper1.02.1 - libdns1104 - libdouble-conversion1 - libdpkg-perl - libdrm-amdgpu1 - libdrm-common - libdrm-intel1 - libdrm-nouveau2 - libdrm-radeon1 - libdrm2 - libeatmydata1 - libedit2 - libefiboot1 - libefivar1 - libegl-mesa0 - libegl1 - libelf1 - libenchant1c2a - libepoxy0 - libevdev2 - libevent-2.1-6 - libexif12 - libexo-1-0 - libexo-2-0 - libexo-common - libexo-helpers - libexpat1 - libext2fs2 - libfaketime - libfdisk1 - libffi6 - libfile-basedir-perl - libfile-desktopentry-perl - libfile-fnmatch-perl - libfile-mimeinfo-perl - libflac8 - libfontconfig1 - libfontenc1 - libfreetype6 - libfribidi0 - libfstrm0 - libfuse2 - libgarcon-1-0 - libgarcon-common - libgbm1 - libgc1c2 - libgcc-8-dev - libgcc1 - libgck-1-0 - libgcr-base-3-1 - libgcrypt20 - libgdbm-compat4 - libgdbm6 - libgdk-pixbuf2.0-0 - libgdk-pixbuf2.0-common - libgeoip1 - libgirepository-1.0-1 - libgl1 - libgl1-mesa-dri - libglapi-mesa - libglib2.0-0 - libglib2.0-bin - libglib2.0-data - libglvnd0 - libglx-mesa0 - libglx0 - libgmp10 - libgnustep-base1.26 - libgnutls30 - libgomp1 - libgpg-error0 - libgpgme11 - libgpm2 - libgraphite2-3 - libgssapi-krb5-2 - libgstreamer-gl1.0-0 - libgstreamer-plugins-base1.0-0 - libgstreamer1.0-0 - libgtk-3-0 - libgtk-3-common - libgtk2.0-0 - libgtk2.0-common - libgtksourceview-3.0-1 - libgtksourceview-3.0-common - libgudev-1.0-0 - libharfbuzz-icu0 - libharfbuzz0b - libhavege1 - libhogweed4 - libhunspell-1.7-0 - libhyphen0 - libice6 - libicu63 - libidn11 - libidn2-0 - libimobiledevice6 - libindicator3-7 - libinotifytools0 - libinput-bin - libinput10 - libip4tc0 - libip6tc0 - libipc-system-simple-perl - libiptc0 - libirs161 - libisc1100 - libisccc161 - libisccfg163 - libisl19 - libitm1 - libjavascriptcoregtk-4.0-18 - libjbig0 - libjpeg62-turbo - libjson-c3 - libjson-glib-1.0-0 - libjson-glib-1.0-common - libk5crypto3 - libkeybinder-3.0-0 - libkeyutils1 - libkf5windowsystem-data - libkf5windowsystem5 - libklibc - libkmod2 - libkrb5-3 - libkrb5support0 - libksba8 - liblcms2-2 - libldap-2.4-2 - libldap-common - liblightdm-gobject-1-0 - libllvm7 - liblmdb0 - liblocale-gettext-perl - liblsan0 - libltdl7 - liblwres161 - liblxqt0 - liblz4-1 - liblzma5 - liblzo2-2 - libmagic-mgc - libmagic1 - libmnl0 - libmount1 - libmpc3 - libmpdec2 - libmpfr6 - libmpx2 - libmtdev1 - libncurses6 - libncursesw6 - libnetfilter-conntrack3 - libnettle6 - libnfnetlink0 - libnftnl11 - libnghttp2-14 - libnotify-bin - libnotify4 - libnpth0 - libnspr4 - libnss3 - libobjc4 - libogg0 - libopenjp2-7 - liborc-0.4-0 - libp11-kit0 - libpam-modules - libpam-modules-bin - libpam-runtime - libpam-systemd - libpam0g - libpango-1.0-0 - libpangocairo-1.0-0 - libpangoft2-1.0-0 - libpangoxft-1.0-0 - libparted-fs-resize0 - libparted2 - libpcap0.8 - libpci3 - libpciaccess0 - libpcre2-16-0 - libpcre2-8-0 - libpcre3 - libperl5.28 - libpipeline1 - libpixman-1-0 - libpkcs11-helper1 - libplist3 - libpng16-16 - libpolkit-agent-1-0 - libpolkit-backend-1-0 - libpolkit-gobject-1-0 - libpopt0 - libprocps7 - libprotobuf-c1 - libproxy1v5 - libpsl5 - libpulse-mainloop-glib0 - libpulse0 - libpwquality-common - libpwquality1 - libpython-stdlib - libpython2-stdlib - libpython2.7 - libpython2.7-minimal - libpython2.7-stdlib - libpython3-stdlib - libpython3.7 - libpython3.7-minimal - libpython3.7-stdlib - libqt5core5a - libqt5dbus5 - libqt5designer5 - libqt5gui5 - libqt5help5 - libqt5network5 - libqt5printsupport5 - libqt5sql5 - libqt5test5 - libqt5widgets5 - libqt5x11extras5 - libqt5xdg3 - libqt5xdgiconloader3 - libqt5xml5 - libquadmath0 - libreadline7 - librest-0.7-0 - librsvg2-2 - librsvg2-common - librtmp1 - libsasl2-2 - libsasl2-modules-db - libseccomp2 - libsecret-1-0 - libsecret-common - libselinux1 - libsemanage-common - libsemanage1 - libsensors-config - libsensors5 - libsepol1 - libslang2 - libsm6 - libsmartcols1 - libsndfile1 - libsoup-gnome2.4-1 - libsoup2.4-1 - libsqlite3-0 - libss2 - libssh2-1 - libssl1.1 - libstartup-notification0 - libstdc++6 - libsysfs2 - libsystemd0 - libtasn1-6 - libtdb1 - libtext-iconv-perl - libthai-data - libthai0 - libthunarx-3-0 - libtiff5 - libtinfo6 - libtsan0 - libubsan1 - libuchardet0 - libudev1 - libudisks2-0 - libunistring2 - libunwind8 - libupower-glib3 - liburi-perl - libusb-1.0-0 - libusbmuxd4 - libutempter0 - libuuid1 - libvolume-key1 - libvorbis0a - libvorbisenc2 - libvorbisfile3 - libvte-2.91-0 - libvte-2.91-common - libwacom-common - libwacom2 - libwavpack1 - libwayland-client0 - libwayland-cursor0 - libwayland-egl1 - libwayland-server0 - libwebkit2gtk-4.0-37 - libwebp6 - libwebpdemux2 - libwnck-3-0 - libwnck-3-common - libwnck-common - libwnck22 - libwoff1 - libwrap0 - libx11-6 - libx11-data - libx11-xcb1 - libxatracker2 - libxau6 - libxaw7 - libxcb-dri2-0 - libxcb-dri3-0 - libxcb-glx0 - libxcb-icccm4 - libxcb-image0 - libxcb-keysyms1 - libxcb-present0 - libxcb-randr0 - libxcb-render-util0 - libxcb-render0 - libxcb-shape0 - libxcb-shm0 - libxcb-sync1 - libxcb-util0 - libxcb-xfixes0 - libxcb-xinerama0 - libxcb-xkb1 - libxcb1 - libxcomposite1 - libxcursor1 - libxdamage1 - libxdmcp6 - libxext6 - libxfce4panel-2.0-4 - libxfce4ui-1-0 - libxfce4ui-2-0 - libxfce4ui-common - libxfce4ui-utils - libxfce4util-common - libxfce4util7 - libxfconf-0-2 - libxfixes3 - libxfont2 - libxft2 - libxi6 - libxinerama1 - libxkbcommon-x11-0 - libxkbcommon0 - libxkbfile1 - libxklavier16 - libxml2 - libxmu6 - libxmuu1 - libxpm4 - libxrandr2 - libxrender1 - libxres1 - libxshmfence1 - libxslt1.1 - libxss1 - libxt6 - libxtables12 - libxtst6 - libxv1 - libxxf86dga1 - libxxf86vm1 - libyaml-0-2 - libzstd1 - libzulucrypt-exe1.2.0 - libzulucrypt-plugins - libzulucrypt1.2.0 - libzulucryptpluginmanager1.0.0 proxy_services: # console-setup.sh Debian - in /usr/local/etc/local.d/Whonix-Lati.rc - "{{ 'console-setup' if ansible_os_family in ['Debian'] else '' }}" - bootlogd - "{{ '{{BOX_HTTP_PROXY}}' if BOX_WHONIX_PROXY_HOST != '' else '' }}" # FixMe: tie in with # - "{{ 'polipo' if PRIV_TOR_TYPE == 'client' else ''}}"