chore(libvirt): enable tls
diff --git a/build/pin-images.py b/build/pin-images.py
index dc42ef4..5f9341b 100755
--- a/build/pin-images.py
+++ b/build/pin-images.py
@@ -29,14 +29,20 @@
         # Get token for docker.io
         r = requests.get(
             "https://auth.docker.io/token",
-            params={"service": "registry.docker.io", "scope": f"repository:{image_ref.path()}:pull"},
+            params={
+                "service": "registry.docker.io",
+                "scope": f"repository:{image_ref.path()}:pull",
+            },
         )
         r.raise_for_status()
         token = r.json()["token"]
 
         r = requests.get(
             f"https://registry-1.docker.io/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
-            headers={"Accept": "application/vnd.docker.distribution.manifest.v2+json", "Authorization": f"Bearer {token}"},
+            headers={
+                "Accept": "application/vnd.docker.distribution.manifest.v2+json",
+                "Authorization": f"Bearer {token}",
+            },
         )
         r.raise_for_status()
         digest = r.headers["Docker-Content-Digest"]
diff --git a/roles/libvirt/vars/main.yml b/roles/libvirt/vars/main.yml
index e80fc82..9286e84 100644
--- a/roles/libvirt/vars/main.yml
+++ b/roles/libvirt/vars/main.yml
@@ -20,4 +20,9 @@
     ceph:
       enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
     libvirt:
+      listen_tcp: "0"
+      listen_tls: "1"
       listen_addr: 0.0.0.0
+    qemu:
+      vnc_tls: "1"
+      vnc_tls_x509_verify: "1"