Plugin Development

Plugins are the building blocks of every Rogue Arena scenario. Each plugin is a reusable Ansible automation that configures a specific service, tool, or capability on a virtual machine — from promoting a Domain Controller to installing an application to staging an attack path.

This section covers everything you need to build your own plugins.

What is a Plugin?

A plugin is an Ansible task list that runs against a virtual machine during a scenario build. You write the Ansible YAML body, define parameters that scenario architects can fill in, and optionally attach resource files. The platform handles everything else — wrapping your code in a proper Ansible play, injecting parameter values, deploying vault files, and orchestrating execution order across machines.

Plugin Types

Type	Purpose	Example
Action	Immediate configuration tasks	Set static IP, disable firewall
Role	Complex infrastructure setup	Create Domain Controller, configure C2 server
Application	Software installations	Install Office, Firefox, Elastic Agent
Vulnerability	Security misconfigurations	Enable Kerberoasting, open SMB shares
Attack	Offensive tooling	Deploy attack frameworks, stage payloads
Defense	Defensive tooling	Install EDR agents, configure logging
File Copy	Raw file deployment	Push installers or configs to a VM

The Offline-First Philosophy

Rogue Arena is designed to work without internet access on deployed VMs. Plugin developers never rely on external URLs, CDNs, or package repositories at deploy time.

Plugin Vault

Every plugin version has a dedicated file vault. Store installers (.exe, .msi, .iso), Docker images, scripts, configuration files, archives — anything your plugin needs. Files deploy via internal high-speed transfer directly to the VM, no internet required. See The File Vault for details.

APT Package Mirroring

All Linux VMs automatically point to an internal APT mirror on boot. A systemd service runs on every Linux VM that fetches the mirror manifest, rewrites /etc/apt/sources.list, and runs apt-get update — no developer action needed.

Supported distros: Ubuntu 24.04 (Noble), Ubuntu 22.04 (Jammy), Debian 12 (Bookworm), Debian 11 (Bullseye), Kali Linux (Rolling)

Pre-mirrored repos include: base distro packages plus Docker CE, VS Code, Chrome, Node.js, GitHub CLI, Grafana, Elastic 8.x, Wazuh, PostgreSQL, HashiCorp, Tailscale, and more.

What this means for you: apt-get install just works in your plugin YAML. No adding repos, no importing GPG keys, no worrying about internet access.

Get Started with Existing Plugins

100+ plugins are already waiting for you in Rogue Architect — Domain Controllers, Elastic, WireGuard, Splunk, C2 frameworks, Kerberoasting configurations, and much more. Browse them, clone one that’s close to what you need, and modify it. Learning from existing plugins is the fastest way to get started.

Plugin Lifecycle

Phase	What You Do
Create	Write Ansible YAML, define parameters, upload vault resources
Test	Add the plugin to a scenario, launch a build, verify it works
Publish	Lock the version, set permissions, make it available to others
Iterate	Clone to a new version, improve, and republish

Ready to build? Start with Creating a Plugin.

Plugin Developers Pages

Creating a Plugin — Step-by-step guide to building your first plugin
Writing Plugin YAML — Body-only format, parameter injection, set_fact patterns
YAML Examples — Code snippets from real plugins
Plugin Parameters — Defining and using parameters
CSV Parameters — Advanced tabular data parameters
The File Vault — Offline resource storage and deployment
Automated Actions — Auto-configure VLANs and machines
Dependencies & Execution Order — Same-machine, cross-machine, and parent plugin linking
Template Compatibility — OS targeting and discoverability
Testing Your Plugin — Preview, build, iterate, rollback
Permissions & Sharing — Edit, use, and clone access controls
Versioning & Publishing — Version management and publishing workflow