pwnagotchi/builder/pwnagotchi.yml

---
- hosts:
    - 127.0.0.1
  gather_facts: true
  become: true
  vars:
    pwnagotchi:
      hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}"
      version: "{{ lookup('env', 'PWN_VERSION') | default('pwnagotchi-torch', true) }}"
    system:
      boot_options:
        - "dtoverlay=dwc2"
        - "dtoverlay=spi1-3cs"
        - "dtparam=spi=on"
        - "dtparam=i2c_arm=on"
        - "dtparam=i2c1=on"
        - "gpu_mem=16"
      modules:
        - "i2c-dev"
    services:
      enable:
        - dphys-swapfile.service
        - pwnagotchi.service
        - bettercap.service
        - pwngrid-peer.service
        - epd-fuse.service
        - fstrim.timer
      disable:
        - apt-daily.timer
        - apt-daily.service
        - apt-daily-upgrade.timer
        - apt-daily-upgrade.service
        - bluetooth.service
        - ifup@wlan0.service
    packages:
      bettercap:
        # We will install bettercap from source
        # url: "https://github.com/jayofelony/bettercap/releases/download/2.32.1/bettercap-2.32.1.zip"
        ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip"
      pwngrid:
        # url: "https://github.com/evilsocket/pwngrid/releases/download/v1.10.3/pwngrid_linux_aarch64_v1.10.3.zip"
      apt:
        downgrade:
          - libpcap0.8-dev_1.9.1-3_arm64.deb
          - libpcap0.8_1.9.1-3_arm64.deb
          - libpcap-dev_1.9.1-3_arm64.deb
        hold:
          - libpcap-dev
          - libpcap0.8
          - libpcap0.8-dev
        remove:
          - raspberrypi-net-mods
          - dhcpcd5
          - triggerhappy
          - wpasupplicant
          - nfs-common
          - libraspberrypi0
          - libraspberrypi-dev
          - libraspberrypi-doc
          - libraspberrypi-bin
          - golang
        install:
          - bluez
          - raspberrypi-kernel-headers
          - git
          - libgmp3-dev
          - gawk
          - qpdf
          - bison
          - flex
          - make
          - autoconf
          - libtool
          - texinfo
          - gcc-arm-none-eabi
          - wl
          - libfl-dev
          - g++
          - xxd
          - aircrack-ng
          - time
          - rsync
          - vim
          - wget
          - screen
          - build-essential
          - dkms
          - python3-pip
          - python3-smbus
          - unzip
          - libopenmpi-dev
          - libatlas-base-dev
          - libelf-dev
          - libopenjp2-7
          - libtiff5
          - tcpdump
          - lsof
          - libgstreamer1.0-0
          - libavcodec58
          - libavformat58
          - libswscale5
          - libusb-1.0-0-dev
          - libnetfilter-queue-dev
          - libopenmpi3
          - dphys-swapfile
          - libdbus-1-dev
          - libdbus-glib-1-dev
          - liblapack-dev
          - libhdf5-dev
          - libc-ares-dev
          - libeigen3-dev
          - fonts-dejavu
          - fonts-dejavu-core
          - fonts-dejavu-extra
          - python3-pil
          - python3-smbus
          - libfuse-dev
          - libatlas-base-dev
          - libopenblas-dev
          - libblas-dev
          - bc
          - libgl1-mesa-glx
          - libncursesw5-dev
          - libssl-dev
          - libsqlite3-dev
          - tk-dev
          - libgdbm-dev
          - libc6-dev
          - libbz2-dev
          - libffi-dev
          - zlib1g-dev
          - fonts-freefont-ttf
          - fbi
          - python3-flask
          - python3-flask-cors
          - python3-flaskext.wtf
          - build-essential
          - libpcap-dev
          - libusb-1.0-0-dev
          - libnetfilter-queue-dev
  environment:
    ARCHFLAGS: "-arch armv8"

  tasks:
  - name: System details
    debug:
      msg="{{ item }}"
    with_items:
      - "{{ ansible_distribution }}"
      - "{{ ansible_distribution_version }}"
      - "{{ ansible_distribution_major_version }}"
      - "{{ ansible_architecture }}"
      - "{{ ansible_machine }}"

  - name: change hostname
    lineinfile:
      dest: /etc/hostname
      regexp: '^raspberrypi'
      line: "{{pwnagotchi.hostname}}"
      state: present
    when: lookup('file', '/etc/hostname') == "raspberrypi"
    register: hostname

  - name: add hostname to /etc/hosts
    lineinfile:
      dest: /etc/hosts
      regexp: '^127\.0\.1\.1[ \t]+raspberrypi'
      line: "127.0.1.1\t{{pwnagotchi.hostname}}"
      state: present
    when: hostname.changed

  - name: disable sap plugin for bluetooth.service
    lineinfile:
      dest: /lib/systemd/system/bluetooth.service
      regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd$'
      line: 'ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap'
      state: present

  - name: configure dphys-swapfile
    lineinfile:
      path: /etc/dphys-swapfile
      regexp: "^CONF_SWAPSIZE=.*$"
      line: "CONF_SWAPSIZE=2048"

  - name: update apt package cache
    apt:
      update_cache: yes

  - name: remove unnecessary apt packages
    become_user: root
    apt:
      name: "{{ packages.apt.remove }}"
      state: absent
      purge: yes

  - name: install packages
    become_user: root
    apt:
      name: "{{ packages.apt.install }}"
      state: present

# Install nexmon to fix wireless scanning (takes 2.5G of space)
  - name: clone nexmon repository
    git:
      repo: https://github.com/DrSchottky/nexmon.git
      dest: /usr/local/src/nexmon
    register: nexmongit

  - name: make firmware
    shell: "source ./setup_env.sh && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: choose the right kernel version (bcm43436b0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43436b0)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43436b0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43436b0)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43436b0)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/brcmfmac43436-sdio.bin
      dest: /lib/firmware/brcm/brcmfmac43436-sdio.bin


  - name: choose the right kernel version (bcm43430a1)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43430a1)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43430a1)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43430a1)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43430a1)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin
      dest: /lib/firmware/brcm/brcmfmac43430-sdio.bin

  - name: Delete the firmware blob to avoid it crashing
    file:
      state: absent
      path: /lib/firmware/brcm/brcmfmac43430-sdio.clm_blob

  - name: Delete the RPiZW firmware blob to avoid it crashing
    file:
      state: absent
      path: /lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.clm_blob

  - name: Delete the RPi3 firmware blob to avoid it crashing
    file:
      state: absent
      path: /lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob

  - name: choose the right kernel version (bcm43455c0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43455c0)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43455c0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43455c0)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43455c0)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/brcmfmac43455-sdio.bin
      dest: /lib/firmware/brcm/brcmfmac43455-sdio.bin

  - name: copy modified driver (everyone but RPiZW)
    copy:
      src: /lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz
      dest: /lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz.orig

  - name: copy modified driver (everyone but RPiZW)
    copy:
      src: /usr/local/src/nexmon/patches/driver/brcmfmac_6.1.y-nexmon/brcmfmac.ko
      dest: /lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko

  - name: ensure depmod runs on reboot to load modified driver (brcmfmac)
    lineinfile:
      dest: /etc/rc.local
      line: "/sbin/depmod -a"

  # To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation
  - name: Delete nexmon content & directory
    file:
      state: absent
      path: /usr/local/src/nexmon/

  - name: Creates custom plugin directory
    file:
      path: /usr/local/share/pwnagotchi/custom-plugins/
      state: directory

  - name: collect python pip package list
    command: "pip3 list"
    register: pip_output

  - name: set python pip package facts
    set_fact:
      pip_packages: >
        {{ pip_packages | default({}) | combine( { item.split()[0]: item.split()[1] } ) }}
    with_items: "{{ pip_output.stdout_lines }}"

  - name: acquire python3 pip target
    command: "python3 -c 'import sys;print(sys.path.pop())'"
    register: pip_target

  - name: clone pwnagotchi repository
    git:
      repo: https://github.com/jayofelony/pwnagotchi.git
      dest: /usr/local/src/pwnagotchi
    register: pwnagotchigit

  - name: create /usr/local/share/pwnagotchi/ folder
    file:
      path: /usr/local/share/pwnagotchi/
      state: directory

  - name: fetch pwnagotchi version
    set_fact:
      pwnagotchi_version: "{{ lookup('file', '/usr/local/src/pwnagotchi/pwnagotchi/_version.py') | regex_replace('.*__version__.*=.*''([0-9]+\\.[0-9]+\\.[0-9]+[A-Za-z0-9]*)''.*', '\\1') }}"

  - name: pwnagotchi version found
    debug:
      msg: "{{ pwnagotchi_version }}"

  - name: build pwnagotchi wheel
    command: "python3 setup.py sdist bdist_wheel"
    args:
      chdir: /usr/local/src/pwnagotchi
    when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

  - name: install pwnagotchi wheel and dependencies
    pip:
      name: "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}"
      extra_args: "--no-cache-dir"
    when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

  # Install go-1.20.6
  - name: Install go-1.21
    unarchive:
      src: https://go.dev/dl/go1.21.1.linux-arm64.tar.gz
      dest: /usr/local
      remote_src: yes
    register: golang

  - name: Update .bashrc for go-1.21
    blockinfile:
      dest: /home/pi/.bashrc
      state: present
      block: |
        export GOPATH=$HOME/go
        export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin
    when: golang.changed

  - name: download pwngrid 1.10.4
    git:
      repo: https://github.com/jayofelony/pwngrid.git
      dest: /usr/local/src/pwngrid
    register: pwngrid

  - name: install pwngrid 1.10.4
    shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/pwngrid
    when: pwngrid.changed

  - name: download bettercap v2.32.1
    git:
      repo: https://github.com/jayofelony/bettercap.git
      dest: /usr/local/src/bettercap
    register: bettercap

  - name: Install bettercap v2.32.1
    shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/bettercap
    when: bettercap.changed

  - name: clone bettercap caplets
    git:
      repo: https://github.com/jayofelony/caplets.git
      dest: /tmp/caplets
    register: capletsgit

  - name: install bettercap caplets
    make:
      chdir: /tmp/caplets
      target: install
    when: capletsgit.changed

  - name: download and install bettercap ui
    unarchive:
      src: "{{ packages.bettercap.ui }}"
      dest: /usr/local/share/bettercap/
      remote_src: yes
      mode: 0755

  - name: add HDMI powersave to rc.local
    blockinfile:
      path: /etc/rc.local
      insertbefore: "exit 0"
      block: |
        if ! /opt/vc/bin/tvservice -s | egrep 'HDMI|DVI'; then
          /opt/vc/bin/tvservice -o
        fi

  - name: create /etc/pwnagotchi folder
    become_user: root
    file:
      path: /etc/pwnagotchi
      state: directory

  - name: check if user configuration exists
    become_user: root
    stat:
      path: /etc/pwnagotchi/config.toml
    register: user_config

  - name: create /etc/pwnagotchi/config.toml
    become_user: root
    copy:
      dest: /etc/pwnagotchi/config.toml
      content: |
        # Add your configuration overrides on this file any configuration changes done to default.toml will be lost!
        # Example:
        # ui.display.enabled = true
        # ui.display.type = "waveshare_2"
    when: not user_config.stat.exists

  - name: enable ssh on boot
    become_user: root
    file:
      path: /boot/ssh
      state: touch

  - name: adjust /boot/config.txt
    become_user: root
    lineinfile:
      dest: /boot/config.txt
      insertafter: EOF
      line: '{{ item }}'
    with_items: "{{system.boot_options}}"

  - name: adjust /etc/modules
    become_user: root
    lineinfile:
      dest: /etc/modules
      insertafter: EOF
      line: '{{ item }}'
    with_items: "{{system.modules}}"

  - name: change root partition
    become_user: root
    replace:
      dest: /boot/cmdline.txt
      backup: no
      regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+"
      replace: "root=/dev/mmcblk0p2"

  - name: configure /boot/cmdline.txt
    become_user: root
    lineinfile:
      path: /boot/cmdline.txt
      backrefs: True
      state: present
      backup: no
      regexp: '(.*)$'
      line: '\1 modules-load=dwc2,g_ether'

  - name: configure 01-motd
    become_user: root
    copy:
      dest: /etc/update-motd.d/01-motd
      content: |
        #!/bin/sh
        _hostname=$(hostname)
        _version=$(cut -d"'" -f2 < /usr/local/lib/python3.9/dist-packages/pwnagotchi/_version.py)
        echo
        echo "(◕‿‿◕) $_hostname"
        echo
        echo    "Hi! I'm a pwnagotchi $_version, please take good care of me!"
        echo    "Here are some basic things you need to know to raise me properly!"
        echo
        echo    "If you want to change my configuration, use /etc/pwnagotchi/config.toml"
        echo
        echo    "All the configuration options can be found on /etc/pwnagotchi/default.toml,"
        echo    "but don't change this file because I will recreate it every time I'm restarted!"
        echo
        echo    "I use oPwnGrid as my main API, you can check stats at https://opwngrid.xyz"
        echo
        echo    "I'm managed by systemd. Here are some basic commands."
        echo
        echo    "If you want to know what I'm doing, you can check my logs with the command"
        echo    "- pwnlog"
        echo    "- pwnver, to check the current version"
        echo    "- sudo pwnagotchi --donate, to see how you can donate to this project"
        echo    "- sudo pwnagotchi --check-update, to see if there is a new version available"
        echo
        echo    "If you want to know if I'm running, you can use"
        echo    "sudo systemctl status pwnagotchi"
        echo
        echo    "You can restart me using"
        echo    "sudo systemctl restart pwnagotchi"
        echo
        echo    "You learn more about me at https://pwnagotchi.ai/"
    when: hostname.changed

  - name: Add pwnlog alias
    lineinfile:
      dest: /home/pi/.bashrc
      line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log | sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" | cut -d \" \" -f 2-'"
      insertafter: EOF

  - name: Add pwnlog alias
    lineinfile:
      dest: /home/pi/.bashrc
      line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'"
      insertafter: EOF

  - name: download old libpcap packages
    get_url:
      url: "http://ports.ubuntu.com/pool/main/libp/libpcap/{{ item }}"
      dest: /usr/local/src/
    with_items: "{{ packages.apt.downgrade }}"

  - name: install old libpcap packages
    become_user: root
    apt:
      deb: /usr/local/src/libpcap*
      args: allow-downgrades
    register: libpcap

  - name: add firmware packages to hold
    become_user: root
    dpkg_selections:
      name: "{{ item }}"
      selection: hold
    with_items: "{{ packages.apt.hold }}"
    when: libpcap.changed

  - name: clean apt cache
    become_user: root
    apt:
      autoclean: yes

  - name: remove dependencies that are no longer required
    apt:
      autoremove: yes

  - name: disable unecessary services
    become_user: root
    systemd:
      name: "{{ item }}"
      state: stopped
      enabled: no
    with_items: "{{ services.disable }}"

  - name: remove ssh keys
    become_user: root
    file:
      state: absent
      path: "{{ item }}"
    with_fileglob:
      - "/etc/ssh/ssh_host*_key*"

  handlers:
  - name: reload systemd services
    become_user: root
    systemd:
      daemon_reload: yes