pwnagotchi/builder/raspberrypi32.yml

---
- hosts:
    - 127.0.0.1
  gather_facts: true
  become: true
  vars:
    boards:
      - {
        kernel: "6.1.21+",
        name: "PiZeroW",
        firmware: "brcmfmac43430-sdio.bin",
        patch: "bcm43430a1/7_45_41_46",
        cpu: arm1176,
        arch_flags: "-arch armv6l"
        }
      - {
        kernel: "6.1.21-v7+",
        name: "PiZero2W",
        firmware: "brcmfmac43436-sdio.bin",
        patch: "bcm43436b0/9_88_4_65",
        cpu: cortex-a53,
        arch_flags: "-arch armv7l"
        }
      - {
        kernel: "6.1.21-v7l+",
        name: "Pi4b_32",
        firmware: "brcmfmac43455-sdio.bin",
        patch: "bcm43455c0/7_45_206",
        cpu: cortex-a72,
        arch_flags: "-arch armv7l"
        }
    kernel:
      min: "6.1"
      full: "6.1.21+"
      full_2w: "6.1.21-v7+"
      full_4b: "6.1.21-v7l+"
      arch: "v6l"
    pwnagotchi:
      hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}"
      version: "{{ lookup('env', 'PWN_VERSION') | default('pwnagotchi-torch', true) }}"
      custom_plugin_dir: "/usr/local/share/pwnagotchi/custom-plugins"
    system:
      boot_options:
        - "#### pwnagotchi additions"
        - "# this pwnagotchi image is 32-bit only no v8+ headers to build nexmon for 64 bit"
        - "arm_64bit=0"
        - "# dwc2 for RNDIS. comment out, and remove dwc2 and g_ether from cmdline.txt for X306 usb battery hat"
        - "dtoverlay=dwc2"
        - "dtoverlay=spi1-3cs"
        - "dtparam=i2c1=on"
        - "dtparam=i2c_arm=on"
        - "dtparam=spi=on"
        - "gpu_mem=16"
        - "#### audio out on pins 18 and 19"
        - "#dtoverlay=audremap,pins_18_19"
        - "#### touchscreen on waveshare touch e-paper"
        - "#dtoverlay=goodix,interrupt=27,reset=22"
        - "#### for PWM backlighting on pimoroni displayhatmini"
        - "dtoverlay=pwm-2chan,pin=12,func=4,pin2=13,func2=4"
      modules:
        - "i2c-dev"
    services:
      enable:
        - bettercap.service
        - dphys-swapfile.service
        - fstrim.timer
        - pwnagotchi.service
        - pwngrid-peer.service
      disable:
        - apt-daily-upgrade.service
        - apt-daily-upgrade.timer
        - apt-daily.service
        - apt-daily.timer
        - bluetooth.service
        - ifup@wlan0.service
        - triggerhappy.service
        - wpa_supplicant.service
    packages:
      bettercap:
        url: "https://github.com/bettercap/bettercap/releases/download/v2.31.0/bettercap_linux_armhf_v2.31.0.zip"
        ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip"
      pwngrid:
        source: "https://github.com/jayofelony/pwngrid.git"
        url: "https://github.com/rai68/opwngrid/releases/download/publish/pwngrid_linux_armhf_v1.10.3-1.zip"
      torch:
        wheel: "torch-2.1.0a0+gitunknown-cp39-cp39-linux_armv6l.whl"
        url: "https://github.com/Sniffleupagus/Torch4Pizero/releases/download/v1.0.0/torch-2.1.0a0+gitunknown-cp39-cp39-linux_armv6l.whl"
      torchvision:
        wheel: "torchvision-0.16.0a0-cp39-cp39-linux_armv6l.whl"
        url: "https://github.com/Sniffleupagus/Torch4Pizero/releases/download/v1.0.0/torchvision-0.16.0a0-cp39-cp39-linux_armv6l.whl"
      apt:
        downgrade:
          # the kali .debs do not work on raspberry pi zero on raspiOS
          # so install from source later. probably good idea on all platforms
          #- libpcap-dev_1.9.1-4_armel.deb
          #- libpcap0.8-dev_1.9.1-4_armel.deb
          #- libpcap0.8_1.9.1-4_armel.deb
        hold:
          - firmware-atheros
          - firmware-brcm80211
          - firmware-libertas
          - firmware-misc-nonfree
          - firmware-realtek
          # no longer need to be held. build from source goes in /usr/local
          # Then bettercap and pwngrid are pointed at it at runtime with LD_LIBRARY_PATH
          # and LD_PRELOAD
          # - libpcap-dev
          # - libpcap0.8
          # - libpcap0.8-dev
        remove:
          - avahi-daemon
          - nfs-common
          - triggerhappy
          - wpasupplicant
        install:
          - aircrack-ng
          - autoconf
          - bc
          - bison
          - bluez
          - build-essential
          - curl
          - dkms
          - dphys-swapfile
          - espeak-ng
          - evtest
          - fbi
          - flex
          - fonts-dejavu
          - fonts-dejavu-core
          - fonts-dejavu-extra
          - fonts-freefont-ttf
          - g++
          - gawk
          - gcc-arm-none-eabi
          - git
          - libatlas-base-dev
          - libavcodec58
          - libavformat58
          - libblas-dev
          - libbz2-dev
          - libc-ares-dev
          - libc6-dev
          - libcpuinfo-dev
          - libdbus-1-dev
          - libdbus-glib-1-dev
          - libeigen3-dev
          - libelf-dev
          - libffi-dev
          - libfl-dev
          - libfuse-dev
          - libgdbm-dev
          - libgl1-mesa-glx
          - libgmp3-dev
          - libgstreamer1.0-0
          - libhdf5-dev
          - liblapack-dev
          - libncursesw5-dev
          - libnetfilter-queue-dev
          - libopenblas-dev
          - libopenjp2-7
          - libopenmpi-dev
          - libopenmpi3
          - libpcap-dev
          - libprotobuf-dev
          - libraspberrypi-bin
          - libraspberrypi-dev
          - libraspberrypi-doc
          - libraspberrypi0
          - libsleef-dev
          - libsqlite3-dev
          - libssl-dev
          - libswscale5
          - libtiff5
          - libtool
          - libts-bin
          - libusb-1.0-0-dev
          - lsof
          - make
          - python3-flask
          - python3-flask-cors
          - python3-flaskext.wtf
          - python3-pil
          - python3-pip
          - python3-protobuf
          - python3-smbus
          - qpdf
          - raspberrypi-kernel-headers
          - rsync
          - screen
          - tcpdump
          - texinfo
          - time
          - tk-dev
          - unzip
          - vim
          - wget
          - wl
          - xxd
          - zlib1g-dev
  environment:
    ARCHFLAGS: -arch armv6l
    #QEMU_CPU: arm1176
    QEMU_UNAME: "{{ kernel.full }}"

  tasks:
    - name: Create pi user
      copy:
        dest: /boot/userconf
        content: |
          pi:$6$3jNr0GA9KIyt4hmM$efeVIopdMQ8DGgEPCWWlbx3mJJNAYci1lEXGdlky0xPyjqwKNbwTL5SrCcpb4144C4IvzWjn7Iv.QjqmU7iyT/

    - name: change hostname
      lineinfile:
        dest: /etc/hostname
        regexp: '^raspberrypi'
        line: "{{pwnagotchi.hostname}}"
        state: present
      when: lookup('file', '/etc/hostname') == "raspberrypi"
      register: hostname

    - name: add hostname to /etc/hosts
      lineinfile:
        dest: /etc/hosts
        regexp: '^127\.0\.1\.1[ \t]+raspberrypi'
        line: "127.0.1.1\t{{pwnagotchi.hostname}}"
        state: present
      when: hostname.changed

    - name: disable sap plugin for bluetooth.service
      lineinfile:
        dest: /lib/systemd/system/bluetooth.service
        regexp: '^ExecStart=/usr/libexec/bluetooth/bluetoothd$'
        line: 'ExecStart=/usr/libexec/bluetooth/bluetoothd --noplugin=sap'
        state: present

    - name: configure dphys-swapfile
      lineinfile:
        path: /etc/dphys-swapfile
        regexp: "^CONF_SWAPSIZE=.*$"
        line: "CONF_SWAPSIZE=2048"

    - name: Create custom plugin directory
      file:
        path: '{{ pwnagotchi.custom_plugin_dir }}'
        state: directory

    - name: update apt package cache
      apt:
        update_cache: yes

    - name: install packages
      apt:
        name: "{{ packages.apt.install }}"
        state: present

    - name: update pip3, setuptools, wheel
      shell: "python3 -m pip install --upgrade pip setuptools wheel"
      args:
        executable: /bin/bash
        chdir: /usr/local/src

    ###########################################
    #
    # libpcap v1.9 - build from source
    #
    ###########################################

    # check for presence, then it can re-run in later parts if needed
    # use the "make" built in

    # install libpcap before bettercap and pwngrid, so they use it
    - name: clone libpcap v1.9 from github
      git:
        repo: 'https://github.com/the-tcpdump-group/libpcap.git'
        dest: /usr/local/src/libpcap
        version: libpcap-1.9

    - name: build and install libpcap into /usr/local/lib
      shell: "./configure && make && make install"
      args:
        executable: /bin/bash
        chdir: /usr/local/src/libpcap

    - name: remove libpcap build folder
      file:
        state: absent
        path: /usr/local/src/libpcap

    ###############################################################
    # Install nexmon to fix wireless scanning (takes 2.5G of space)
    ###############################################################

    # Install nexmon for all boards
    - name: build and install nexmon as needed
      include_tasks: nexmon.yml
      loop: "{{ boards }}"

    # some pizero2w have the pizeroW wifi chip
    # could this be a link instead of a copy? and force, only if not a link?
    - name: copy 43430-sdio as 43436s-sdio for the special 43430/1 /2
      copy:
        src: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin
        dest: /usr/lib/firmware/brcm/brcmfmac43436s-sdio.bin
        follow: true

    # delete blob files that make nexmon sad
    - name: Delete the firmware blob files to avoid some nexmon crashing
      file:
        state: absent
        path: '{{ item }}'
      loop:
        - /usr/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
        - /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.clm_blob
        - /usr/lib/firmware/brcm/brcmfmac43430b0-sdio.raspberrypi,model-zero-2-w.clm_blob
        - /usr/lib/firmware/brcm/brcmfmac43436-sdio.raspberrypi,model-zero-2-w.clm_blob
        - /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob

    # To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation
    - name: Delete nexmon content & directory
      file:
        state: absent
        path: /usr/local/src/nexmon/

    - name: clone pwnagotchi repository
      git:
        repo: https://github.com/jayofelony/pwnagotchi-torch.git
        dest: /usr/local/src/pwnagotchi
      register: pwnagotchigit

    # is this even necessary? Can't we just link from /home/pi/pwnagotchi to /usr/local/{bin,lib,etc}
    # then just git update in the home dir and encourage hacking?
    # make owned by pi.pi, and custom plugins.
    - name: build pwnagotchi wheel
      command: "python3 setup.py sdist bdist_wheel"
      args:
        chdir: /usr/local/src/pwnagotchi
      when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

    - name: download torch whl
      get_url:
        url: "{{ packages.torch.url }}"
        dest: /usr/local/src/

    - name: download torchvision whl
      get_url:
        url: "{{ packages.torchvision.url }}"
        dest: /usr/local/src/

    - name: install 32-bit pwnagotchi wheel and dependencies with 32-bit torch wheels
      pip:
        name:
          - "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}"
          - "{{ packages.torch.url }}"
          - "{{ packages.torchvision.url }}"
        extra_args: "--no-cache-dir"
      environment:
        QEMU_CPU: arm1176
        QEMU_UNAME: "{{ kernel.full }}"
      when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

    - name: create /usr/local/share/pwnagotchi/ folder
      file:
        path: /usr/local/share/pwnagotchi/
        state: directory

    - name: remove pwnagotchi folder
      file:
        state: absent
        path: /usr/local/src/pwnagotchi

    ##########################################
    #
    # pwngrid, bettercap
    #
    ##########################################

    - name: Install go-1.21
      unarchive:
        src: https://go.dev/dl/go1.21.3.linux-armv6l.tar.gz
        dest: /usr/local
        remote_src: yes
      register: golang

    - name: Update .bashrc for go-1.21
      blockinfile:
        dest: /home/pi/.bashrc
        state: present
        block: |
          export GOPATH=$HOME/go
          export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin
      when: golang.changed

    - name: download pwngrid 1.10.4
      git:
        repo: https://github.com/jayofelony/pwngrid.git
        dest: /usr/local/src/pwngrid
      register: pwngrid

    - name: install pwngrid 1.10.4
      shell: "export GOSUMDB=off && export GOPROXY=direct && export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
      args:
        executable: /bin/bash
        chdir: /usr/local/src/pwngrid
      when: pwngrid.changed

    - name: remove pwngrid folder
      file:
        state: absent
        path: /usr/local/src/pwngrid

    - name: download bettercap
      git:
        repo: https://github.com/jayofelony/bettercap.git
        dest: /usr/local/src/bettercap

    - name: install bettercap 2.32.1
      shell: "export GOSUMDB=off && export GOPROXY=direct && export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
      args:
        executable: /bin/bash
        chdir: /usr/local/src/bettercap

    - name: remove bettercap folder
      file:
        state: absent
        path: /usr/local/src/bettercap

    - name: clone bettercap caplets
      git:
        repo: https://github.com/jayofelony/caplets.git
        dest: /tmp/caplets
      register: capletsgit

    - name: install bettercap caplets
      make:
        chdir: /tmp/caplets
        target: install
      when: capletsgit.changed

    - name: download and install bettercap ui
      unarchive:
        src: "{{ packages.bettercap.ui }}"
        dest: /usr/local/share/bettercap/
        remote_src: yes
        mode: 0755

    # to always have the bettercap webui available (because why not?)
    - name: copy pwnagotchi-manual over pwnagotchi-auto caplet
      ansible.builtin.copy:
        src: /usr/local/share/bettercap/caplets/pwnagotchi-manual.cap
        dest: /usr/local/share/bettercap/caplets/pwnagotchi-auto.cap
        force: true
      ignore_errors: true

    - name: add HDMI powersave to rc.local
      blockinfile:
        path: /etc/rc.local
        insertbefore: "exit 0"
        block: |
          if ! /opt/vc/bin/tvservice -s | egrep 'HDMI|DVI'; then
            /opt/vc/bin/tvservice -o
          fi

    - name: create /etc/pwnagotchi folder
      file:
        path: /etc/pwnagotchi
        state: directory

    - name: check if user configuration exists
      stat:
        path: /etc/pwnagotchi/config.toml
      register: user_config

    - name: create /etc/pwnagotchi/config.toml
      copy:
        dest: /etc/pwnagotchi/config.toml
        content: |
          # Add your configuration overrides on this file any configuration changes done to default.toml will be lost!
          # Example:
          # ui.display.enabled = true
          # ui.display.type = "waveshare_2"
      when: not user_config.stat.exists

    - name: Delete motd 10-uname
      file:
        state: absent
        path: /etc/update-motd.d/10-uname

    - name: enable ssh on boot
      file:
        path: /boot/ssh
        state: touch

    - name: adjust /boot/config.txt
      lineinfile:
        dest: /boot/config.txt
        insertafter: EOF
        line: '{{ item }}'
      with_items: "{{system.boot_options}}"

    - name: adjust /etc/modules
      lineinfile:
        dest: /etc/modules
        insertafter: EOF
        line: '{{ item }}'
      with_items: "{{system.modules}}"

    - name: change root partition
      replace:
        dest: /boot/cmdline.txt
        backup: no
        regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+"
        replace: "root=/dev/mmcblk0p2"

    - name: configure /boot/cmdline.txt
      lineinfile:
        path: /boot/cmdline.txt
        backrefs: True
        state: present
        backup: no
        regexp: '(.*)$'
        line: '\1 modules-load=dwc2,g_ether'

    - name: Add pwnlog alias
      lineinfile:
        dest: /home/pi/.bashrc
        line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log | sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" | cut -d \" \" -f 2-'"
        insertafter: EOF

    - name: Add pwnver alias
      lineinfile:
        dest: /home/pi/.bashrc
        line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'"
        insertafter: EOF

    - name: Add pwnkill alias to restart pwnagotchi with a signal
      lineinfile:
        dest: /home/pi/.bashrc
        line: "\nalias pwnkill='sudo killall -USR1 pwnagotchi'"
        insertafter: EOF

    - name: add firmware packages to hold
      dpkg_selections:
        name: "{{ item }}"
        selection: hold
      with_items: "{{ packages.apt.hold }}"

    - name: disable unnecessary services
      systemd:
        name: "{{ item }}"
        state: stopped
        enabled: no
      with_items: "{{ services.disable }}"

    - name: enable services
      systemd:
        name: "{{ item }}"
        enabled: true
        state: stopped
      with_items: "{{ services.enable }}"

    - name: remove golang build libraries
      file:
        state: absent
        path: /root/go

    - name: remove golang
      file:
        state: absent
        path: /usr/local/go

    - name: make /root readable, becauase that's where all the files are
      file:
        path: /root
        mode: '755'

    - name: fix permissions on /home/pi
      file:
        path: /home/pi
        owner: pi
        group: pi
        recurse: true

    - name: remove unnecessary apt packages
      apt:
        name: "{{ packages.apt.remove }}"
        state: absent
        purge: yes

    - name: remove dependencies that are no longer required
      apt:
        autoremove: yes

    - name: clean apt cache
      apt:
        autoclean: true

    - name: remove apt package cache
      shell: "apt clean"
      args:
        executable: /bin/bash
        chdir: /usr/local/src

    - name: remove /root/.cache (pip cache)
      file:
        state: absent
        path: /root/.cache

    - name: remove ssh keys
      file:
        state: absent
        path: "{{ item }}"
      with_fileglob:
        - "/etc/ssh/ssh_host*_key*"

    - name: regenerate ssh keys
      shell: "dpkg-reconfigure openssh-server"
      args:
        executable: /bin/bash

  handlers:
    - name: reload systemd services
      systemd:
        daemon_reload: yes
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`---`
			`- hosts:`
			`- 127.0.0.1`
			`gather_facts: true`
			`become: true`
			`vars:`
			`boards:`
			`- {`
			`kernel: "6.1.21+",`
			`name: "PiZeroW",`
			`firmware: "brcmfmac43430-sdio.bin",`
			`patch: "bcm43430a1/7_45_41_46",`
			`cpu: arm1176,`
			`arch_flags: "-arch armv6l"`
			`}`
			`- {`
			`kernel: "6.1.21-v7+",`
			`name: "PiZero2W",`
			`firmware: "brcmfmac43436-sdio.bin",`
			`patch: "bcm43436b0/9_88_4_65",`
			`cpu: cortex-a53,`
			`arch_flags: "-arch armv7l"`
			`}`
			`- {`
			`kernel: "6.1.21-v7l+",`
			`name: "Pi4b_32",`
			`firmware: "brcmfmac43455-sdio.bin",`
			`patch: "bcm43455c0/7_45_206",`
			`cpu: cortex-a72,`
			`arch_flags: "-arch armv7l"`
			`}`
			`kernel:`
			`min: "6.1"`
			`full: "6.1.21+"`
			`full_2w: "6.1.21-v7+"`
			`full_4b: "6.1.21-v7l+"`
			`arch: "v6l"`
			`pwnagotchi:`
			`hostname: "{{ lookup('env', 'PWN_HOSTNAME') \| default('pwnagotchi', true) }}"`
			`version: "{{ lookup('env', 'PWN_VERSION') \| default('pwnagotchi-torch', true) }}"`
			`custom_plugin_dir: "/usr/local/share/pwnagotchi/custom-plugins"`
			`system:`
			`boot_options:`
			`- "#### pwnagotchi additions"`
			`- "# this pwnagotchi image is 32-bit only no v8+ headers to build nexmon for 64 bit"`
			`- "arm_64bit=0"`
			`- "# dwc2 for RNDIS. comment out, and remove dwc2 and g_ether from cmdline.txt for X306 usb battery hat"`
			`- "dtoverlay=dwc2"`
			`- "dtoverlay=spi1-3cs"`
			`- "dtparam=i2c1=on"`
			`- "dtparam=i2c_arm=on"`
			`- "dtparam=spi=on"`
			`- "gpu_mem=16"`
			`- "#### audio out on pins 18 and 19"`
			`- "#dtoverlay=audremap,pins_18_19"`
			`- "#### touchscreen on waveshare touch e-paper"`
			`- "#dtoverlay=goodix,interrupt=27,reset=22"`
			`- "#### for PWM backlighting on pimoroni displayhatmini"`
			`- "dtoverlay=pwm-2chan,pin=12,func=4,pin2=13,func2=4"`
			`modules:`
			`- "i2c-dev"`
			`services:`
			`enable:`
			`- bettercap.service`
			`- dphys-swapfile.service`
			`- fstrim.timer`
			`- pwnagotchi.service`
			`- pwngrid-peer.service`
			`disable:`
			`- apt-daily-upgrade.service`
			`- apt-daily-upgrade.timer`
			`- apt-daily.service`
			`- apt-daily.timer`
			`- bluetooth.service`
			`- ifup@wlan0.service`
			`- triggerhappy.service`
			`- wpa_supplicant.service`
			`packages:`
			`bettercap:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 14:13:38 +01:00			`url: "https://github.com/bettercap/bettercap/releases/download/v2.31.0/bettercap_linux_armhf_v2.31.0.zip"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip"`
			`pwngrid:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`source: "https://github.com/jayofelony/pwngrid.git"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 14:13:38 +01:00			`url: "https://github.com/rai68/opwngrid/releases/download/publish/pwngrid_linux_armhf_v1.10.3-1.zip"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`torch:`
			`wheel: "torch-2.1.0a0+gitunknown-cp39-cp39-linux_armv6l.whl"`
			`url: "https://github.com/Sniffleupagus/Torch4Pizero/releases/download/v1.0.0/torch-2.1.0a0+gitunknown-cp39-cp39-linux_armv6l.whl"`
			`torchvision:`
			`wheel: "torchvision-0.16.0a0-cp39-cp39-linux_armv6l.whl"`
			`url: "https://github.com/Sniffleupagus/Torch4Pizero/releases/download/v1.0.0/torchvision-0.16.0a0-cp39-cp39-linux_armv6l.whl"`
			`apt:`
			`downgrade:`
			`# the kali .debs do not work on raspberry pi zero on raspiOS`
			`# so install from source later. probably good idea on all platforms`
			`#- libpcap-dev_1.9.1-4_armel.deb`
			`#- libpcap0.8-dev_1.9.1-4_armel.deb`
			`#- libpcap0.8_1.9.1-4_armel.deb`
			`hold:`
			`- firmware-atheros`
			`- firmware-brcm80211`
			`- firmware-libertas`
			`- firmware-misc-nonfree`
			`- firmware-realtek`
			`# no longer need to be held. build from source goes in /usr/local`
			`# Then bettercap and pwngrid are pointed at it at runtime with LD_LIBRARY_PATH`
			`# and LD_PRELOAD`
			`# - libpcap-dev`
			`# - libpcap0.8`
			`# - libpcap0.8-dev`
			`remove:`
			`- avahi-daemon`
			`- nfs-common`
			`- triggerhappy`
			`- wpasupplicant`
			`install:`
			`- aircrack-ng`
			`- autoconf`
			`- bc`
			`- bison`
			`- bluez`
			`- build-essential`
			`- curl`
			`- dkms`
			`- dphys-swapfile`
			`- espeak-ng`
			`- evtest`
			`- fbi`
			`- flex`
			`- fonts-dejavu`
			`- fonts-dejavu-core`
			`- fonts-dejavu-extra`
			`- fonts-freefont-ttf`
			`- g++`
			`- gawk`
			`- gcc-arm-none-eabi`
			`- git`
			`- libatlas-base-dev`
			`- libavcodec58`
			`- libavformat58`
			`- libblas-dev`
			`- libbz2-dev`
			`- libc-ares-dev`
			`- libc6-dev`
			`- libcpuinfo-dev`
			`- libdbus-1-dev`
			`- libdbus-glib-1-dev`
			`- libeigen3-dev`
			`- libelf-dev`
			`- libffi-dev`
			`- libfl-dev`
			`- libfuse-dev`
			`- libgdbm-dev`
			`- libgl1-mesa-glx`
			`- libgmp3-dev`
			`- libgstreamer1.0-0`
			`- libhdf5-dev`
			`- liblapack-dev`
			`- libncursesw5-dev`
			`- libnetfilter-queue-dev`
			`- libopenblas-dev`
			`- libopenjp2-7`
			`- libopenmpi-dev`
			`- libopenmpi3`
			`- libpcap-dev`
			`- libprotobuf-dev`
			`- libraspberrypi-bin`
			`- libraspberrypi-dev`
			`- libraspberrypi-doc`
			`- libraspberrypi0`
			`- libsleef-dev`
			`- libsqlite3-dev`
			`- libssl-dev`
			`- libswscale5`
			`- libtiff5`
			`- libtool`
			`- libts-bin`
			`- libusb-1.0-0-dev`
			`- lsof`
			`- make`
			`- python3-flask`
			`- python3-flask-cors`
			`- python3-flaskext.wtf`
			`- python3-pil`
			`- python3-pip`
			`- python3-protobuf`
			`- python3-smbus`
			`- qpdf`
			`- raspberrypi-kernel-headers`
			`- rsync`
			`- screen`
			`- tcpdump`
			`- texinfo`
			`- time`
			`- tk-dev`
			`- unzip`
			`- vim`
			`- wget`
			`- wl`
			`- xxd`
			`- zlib1g-dev`
			`environment:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 10:55:05 +01:00			`ARCHFLAGS: -arch armv6l`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`#QEMU_CPU: arm1176`
			`QEMU_UNAME: "{{ kernel.full }}"`

			`tasks:`
			`- name: Create pi user`
			`copy:`
			`dest: /boot/userconf`
			`content: \|`
			`pi:$6$3jNr0GA9KIyt4hmM$efeVIopdMQ8DGgEPCWWlbx3mJJNAYci1lEXGdlky0xPyjqwKNbwTL5SrCcpb4144C4IvzWjn7Iv.QjqmU7iyT/`

			`- name: change hostname`
			`lineinfile:`
			`dest: /etc/hostname`
			`regexp: '^raspberrypi'`
			`line: "{{pwnagotchi.hostname}}"`
			`state: present`
			`when: lookup('file', '/etc/hostname') == "raspberrypi"`
			`register: hostname`

			`- name: add hostname to /etc/hosts`
			`lineinfile:`
			`dest: /etc/hosts`
			`regexp: '^127\.0\.1\.1[ \t]+raspberrypi'`
			`line: "127.0.1.1\t{{pwnagotchi.hostname}}"`
			`state: present`
			`when: hostname.changed`

			`- name: disable sap plugin for bluetooth.service`
			`lineinfile:`
			`dest: /lib/systemd/system/bluetooth.service`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 11:33:06 +01:00			`regexp: '^ExecStart=/usr/libexec/bluetooth/bluetoothd$'`
			`line: 'ExecStart=/usr/libexec/bluetooth/bluetoothd --noplugin=sap'`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`state: present`

			`- name: configure dphys-swapfile`
			`lineinfile:`
			`path: /etc/dphys-swapfile`
			`regexp: "^CONF_SWAPSIZE=.*$"`
			`line: "CONF_SWAPSIZE=2048"`

			`- name: Create custom plugin directory`
			`file:`
			`path: '{{ pwnagotchi.custom_plugin_dir }}'`
			`state: directory`

			`- name: update apt package cache`
			`apt:`
			`update_cache: yes`

			`- name: install packages`
			`apt:`
			`name: "{{ packages.apt.install }}"`
			`state: present`

			`- name: update pip3, setuptools, wheel`
			`shell: "python3 -m pip install --upgrade pip setuptools wheel"`
			`args:`
			`executable: /bin/bash`
			`chdir: /usr/local/src`

			`###########################################`
			`#`
			`# libpcap v1.9 - build from source`
			`#`
			`###########################################`

			`# check for presence, then it can re-run in later parts if needed`
			`# use the "make" built in`

			`# install libpcap before bettercap and pwngrid, so they use it`
			`- name: clone libpcap v1.9 from github`
			`git:`
			`repo: 'https://github.com/the-tcpdump-group/libpcap.git'`
			`dest: /usr/local/src/libpcap`
			`version: libpcap-1.9`

			`- name: build and install libpcap into /usr/local/lib`
			`shell: "./configure && make && make install"`
			`args:`
			`executable: /bin/bash`
			`chdir: /usr/local/src/libpcap`

			`- name: remove libpcap build folder`
			`file:`
			`state: absent`
			`path: /usr/local/src/libpcap`

			`###############################################################`
			`# Install nexmon to fix wireless scanning (takes 2.5G of space)`
			`###############################################################`

			`# Install nexmon for all boards`
			`- name: build and install nexmon as needed`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-03 19:08:40 +01:00			`include_tasks: nexmon.yml`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`loop: "{{ boards }}"`

			`# some pizero2w have the pizeroW wifi chip`
			`# could this be a link instead of a copy? and force, only if not a link?`
			`- name: copy 43430-sdio as 43436s-sdio for the special 43430/1 /2`
			`copy:`
			`src: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin`
			`dest: /usr/lib/firmware/brcm/brcmfmac43436s-sdio.bin`
			`follow: true`

			`# delete blob files that make nexmon sad`
			`- name: Delete the firmware blob files to avoid some nexmon crashing`
			`file:`
			`state: absent`
			`path: '{{ item }}'`
			`loop:`
			`- /usr/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob`
			`- /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.clm_blob`
			`- /usr/lib/firmware/brcm/brcmfmac43430b0-sdio.raspberrypi,model-zero-2-w.clm_blob`
			`- /usr/lib/firmware/brcm/brcmfmac43436-sdio.raspberrypi,model-zero-2-w.clm_blob`
			`- /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob`

			`# To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation`
			`- name: Delete nexmon content & directory`
			`file:`
			`state: absent`
			`path: /usr/local/src/nexmon/`

			`- name: clone pwnagotchi repository`
			`git:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-03 18:04:38 +01:00			`repo: https://github.com/jayofelony/pwnagotchi-torch.git`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`dest: /usr/local/src/pwnagotchi`
			`register: pwnagotchigit`

			`# is this even necessary? Can't we just link from /home/pi/pwnagotchi to /usr/local/{bin,lib,etc}`
			`# then just git update in the home dir and encourage hacking?`
			`# make owned by pi.pi, and custom plugins.`
			`- name: build pwnagotchi wheel`
			`command: "python3 setup.py sdist bdist_wheel"`
			`args:`
			`chdir: /usr/local/src/pwnagotchi`
			`when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-03 18:04:38 +01:00			`- name: download torch whl`
			`get_url:`
			`url: "{{ packages.torch.url }}"`
			`dest: /usr/local/src/`

			`- name: download torchvision whl`
			`get_url:`
			`url: "{{ packages.torchvision.url }}"`
			`dest: /usr/local/src/`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`- name: install 32-bit pwnagotchi wheel and dependencies with 32-bit torch wheels`
			`pip:`
			`name:`
			`- "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-03 23:03:30 +01:00			`- "{{ packages.torch.url }}"`
			`- "{{ packages.torchvision.url }}"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`extra_args: "--no-cache-dir"`
			`environment:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 08:33:09 +01:00			`QEMU_CPU: arm1176`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 08:34:59 +01:00			`QEMU_UNAME: "{{ kernel.full }}"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)`

			`- name: create /usr/local/share/pwnagotchi/ folder`
			`file:`
			`path: /usr/local/share/pwnagotchi/`
			`state: directory`

			`- name: remove pwnagotchi folder`
			`file:`
			`state: absent`
			`path: /usr/local/src/pwnagotchi`

			`##########################################`
			`#`
			`# pwngrid, bettercap`
			`#`
			`##########################################`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`- name: Install go-1.21`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 14:24:50 +01:00			`unarchive:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`src: https://go.dev/dl/go1.21.3.linux-armv6l.tar.gz`
			`dest: /usr/local`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-04 14:24:50 +01:00			`remote_src: yes`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`register: golang`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`- name: Update .bashrc for go-1.21`
			`blockinfile:`
			`dest: /home/pi/.bashrc`
			`state: present`
			`block: \|`
			`export GOPATH=$HOME/go`
			`export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin`
			`when: golang.changed`

			`- name: download pwngrid 1.10.4`
			`git:`
			`repo: https://github.com/jayofelony/pwngrid.git`
			`dest: /usr/local/src/pwngrid`
			`register: pwngrid`

			`- name: install pwngrid 1.10.4`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-07 00:57:44 +01:00			`shell: "export GOSUMDB=off && export GOPROXY=direct && export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`args:`
			`executable: /bin/bash`
			`chdir: /usr/local/src/pwngrid`
			`when: pwngrid.changed`

			`- name: remove pwngrid folder`
			`file:`
			`state: absent`
			`path: /usr/local/src/pwngrid`

			`- name: download bettercap`
			`git:`
			`repo: https://github.com/jayofelony/bettercap.git`
			`dest: /usr/local/src/bettercap`

			`- name: install bettercap 2.32.1`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-07 00:57:44 +01:00			`shell: "export GOSUMDB=off && export GOPROXY=direct && export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-05 23:07:02 +01:00			`args:`
			`executable: /bin/bash`
			`chdir: /usr/local/src/bettercap`

			`- name: remove bettercap folder`
			`file:`
			`state: absent`
			`path: /usr/local/src/bettercap`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00
			`- name: clone bettercap caplets`
			`git:`
			`repo: https://github.com/jayofelony/caplets.git`
			`dest: /tmp/caplets`
			`register: capletsgit`

			`- name: install bettercap caplets`
			`make:`
			`chdir: /tmp/caplets`
			`target: install`
			`when: capletsgit.changed`

			`- name: download and install bettercap ui`
			`unarchive:`
			`src: "{{ packages.bettercap.ui }}"`
			`dest: /usr/local/share/bettercap/`
			`remote_src: yes`
			`mode: 0755`

			`# to always have the bettercap webui available (because why not?)`
			`- name: copy pwnagotchi-manual over pwnagotchi-auto caplet`
			`ansible.builtin.copy:`
			`src: /usr/local/share/bettercap/caplets/pwnagotchi-manual.cap`
			`dest: /usr/local/share/bettercap/caplets/pwnagotchi-auto.cap`
			`force: true`
			`ignore_errors: true`

			`- name: add HDMI powersave to rc.local`
			`blockinfile:`
			`path: /etc/rc.local`
			`insertbefore: "exit 0"`
			`block: \|`
			`if ! /opt/vc/bin/tvservice -s \| egrep 'HDMI\|DVI'; then`
			`/opt/vc/bin/tvservice -o`
			`fi`

			`- name: create /etc/pwnagotchi folder`
			`file:`
			`path: /etc/pwnagotchi`
			`state: directory`

			`- name: check if user configuration exists`
			`stat:`
			`path: /etc/pwnagotchi/config.toml`
			`register: user_config`

			`- name: create /etc/pwnagotchi/config.toml`
			`copy:`
			`dest: /etc/pwnagotchi/config.toml`
			`content: \|`
			`# Add your configuration overrides on this file any configuration changes done to default.toml will be lost!`
			`# Example:`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-03 21:47:07 +01:00			`# ui.display.enabled = true`
			`# ui.display.type = "waveshare_2"`
v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`when: not user_config.stat.exists`

			`- name: Delete motd 10-uname`
			`file:`
			`state: absent`
			`path: /etc/update-motd.d/10-uname`

			`- name: enable ssh on boot`
			`file:`
			`path: /boot/ssh`
			`state: touch`

			`- name: adjust /boot/config.txt`
			`lineinfile:`
			`dest: /boot/config.txt`
			`insertafter: EOF`
			`line: '{{ item }}'`
			`with_items: "{{system.boot_options}}"`

			`- name: adjust /etc/modules`
			`lineinfile:`
			`dest: /etc/modules`
			`insertafter: EOF`
			`line: '{{ item }}'`
			`with_items: "{{system.modules}}"`

			`- name: change root partition`
			`replace:`
			`dest: /boot/cmdline.txt`
			`backup: no`
			`regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+"`
			`replace: "root=/dev/mmcblk0p2"`

			`- name: configure /boot/cmdline.txt`
			`lineinfile:`
			`path: /boot/cmdline.txt`
			`backrefs: True`
			`state: present`
			`backup: no`
			`regexp: '(.*)$'`
			`line: '\1 modules-load=dwc2,g_ether'`

			`- name: Add pwnlog alias`
			`lineinfile:`
			`dest: /home/pi/.bashrc`
			`line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log \| sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" \| cut -d \" \" -f 2-'"`
			`insertafter: EOF`

			`- name: Add pwnver alias`
			`lineinfile:`
			`dest: /home/pi/.bashrc`
			`line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'"`
			`insertafter: EOF`

			`- name: Add pwnkill alias to restart pwnagotchi with a signal`
			`lineinfile:`
			`dest: /home/pi/.bashrc`
			`line: "\nalias pwnkill='sudo killall -USR1 pwnagotchi'"`
			`insertafter: EOF`

			`- name: add firmware packages to hold`
			`dpkg_selections:`
			`name: "{{ item }}"`
			`selection: hold`
			`with_items: "{{ packages.apt.hold }}"`

			`- name: disable unnecessary services`
			`systemd:`
			`name: "{{ item }}"`
			`state: stopped`
			`enabled: no`
			`with_items: "{{ services.disable }}"`

			`- name: enable services`
			`systemd:`
			`name: "{{ item }}"`
			`enabled: true`
			`state: stopped`
			`with_items: "{{ services.enable }}"`

			`- name: remove golang build libraries`
			`file:`
			`state: absent`
			`path: /root/go`

			`- name: remove golang`
			`file:`
			`state: absent`
			`path: /usr/local/go`

			`- name: make /root readable, becauase that's where all the files are`
			`file:`
			`path: /root`
			`mode: '755'`

			`- name: fix permissions on /home/pi`
			`file:`
			`path: /home/pi`
			`owner: pi`
			`group: pi`
			`recurse: true`

			`- name: remove unnecessary apt packages`
			`apt:`
			`name: "{{ packages.apt.remove }}"`
			`state: absent`
			`purge: yes`

			`- name: remove dependencies that are no longer required`
			`apt:`
			`autoremove: yes`

			`- name: clean apt cache`
			`apt:`
			`autoclean: true`

			`- name: remove apt package cache`
			`shell: "apt clean"`
			`args:`
			`executable: /bin/bash`
			`chdir: /usr/local/src`

			`- name: remove /root/.cache (pip cache)`
			`file:`
			`state: absent`
			`path: /root/.cache`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:04:28 +01:00			`- name: remove ssh keys`
			`file:`
			`state: absent`
			`path: "{{ item }}"`
			`with_fileglob:`
			`- "/etc/ssh/ssh_host_key"`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:17:52 +01:00			`- name: regenerate ssh keys`
			`shell: "dpkg-reconfigure openssh-server"`
			`args:`
			`executable: /bin/bash`

v2.5.1 Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com> 2023-11-02 20:01:40 +01:00			`handlers:`
			`- name: reload systemd services`
			`systemd:`
			`daemon_reload: yes`