Using Vagrant, Ansible, and Emacs Tramp for Compartmentalization

I just started doing something that is really cool for me and reminds me of a lot of the security Qubes OS offers with VMs for everything and wanted to share

I'd love to get some perspective on this from a security and efficiency standpoint.

I'm trying to add compartmentalization to more things that I do. Because I have a linux host I'm tempted to install all of my tools into the host for everything, but this leads to bad developer environments and generally poor practice.

To combat this I can create virtual environments, but sometimes I need to interact with executables and a virtual environments only work with programming, so containers and/or VMs would be the next step. I choose VMs since I'm a little more comfortable with Vagrant but will probably start to add some containers for things soon.

So my thought process so far has been:

• Start with good host best practices and limit installations, it does collect a lot of downloads can I can add shared vm files easily across interest.
• Use Vagrant to create VMs for specific purposes like Malware Analysis, Pulling APIs for work and doing work on them, and General Dev Playground.
• Use Ansible to setup the specific environments repeatably, including with provisioning users with authorized_keys and installing software
• Emacs Tramp lets me connect to a remote file with my local emacs client with something as simple as /ssh:user@ip:/path/to/file
• Use my local emacs with Tramp to manipulate the files I'm interested in then executing on that VM if needde

• switch from virtualbox to kvm for speed
• consider docker for some of the tool installs
• consider puppet as a pull vs. push
• consider nix package manager for the development things where I can just wipe away anything temporarily installed