---
architecture: amd64

# Most of these packages exist in the base AMI, but not in the Molecule Docker image
# Just include them for both, it's idempotent
apt_packages:
  # All the default Kali tools
  - kali-linux-default
  # Graphical desktop
  - kali-desktop-xfce
  # Everything below this should be in alphabetical order
  - dbus-x11
  - dotdotpwn
  - gettext
  - gobuster
  - gdb
  - libguestfs-tools
  - libimage-exiftool-perl
  - locate
  - magic-wormhole
  - oscanner
  - proxychains4
  - ruby-full
  - seclists
  - smtp-user-enum
  - software-properties-common
  - tigervnc-common
  - tigervnc-standalone-server
  - tigervnc-xorg-extension
  - tnscmd10g
  - ufw

prepare_apt_packages:
  - python3
  - python3-apt
  - python3-pip
  - python3-setuptools
  - python3-wheel
  - ssh

############
# Firewall #
############
# Customize UFW rules here, if desired
ufw_log_level: low
# UFW log will be rotated at minimum weekly. Will be rotated faster if the log file size reaches this value.
# Use K, M, G for KB, MB, GB.
ufw_log_maxsize: 300M
ufw_rules:
  - {rule: limit, port: ssh, proto: tcp}
  - {rule: deny, port: 5901, proto: tcp}
  - {rule: deny, port: 5432, proto: tcp}
  - {rule: allow, port: http, proto: tcp}
  - {rule: allow, port: https, proto: tcp}
  - {rule: allow, port: 53, proto: tcp}
  - {rule: allow, port: 53, proto: udp}
  - {rule: allow, port: 4000:4999, proto: tcp}

#############
# Passwords #
#############
# This is a hard-coded password because access to the VNC server requires an SSH local port forward.
# So, you need to already be able to SSH directly onto the server.
# If you can do that, you can get a gui too.
vnc_pass: goodhacks
# Password-based SSH is disabled, so similarly using this password requires already SSHing to the system as the kali user
kali_user_pass: kali