pwnagotchi/builder/pwnagotchi.yml

---
- hosts:
    - 127.0.0.1
  gather_facts: true
  become: true
  vars:
    pwnagotchi:
      hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}"
      version: "{{ lookup('env', 'PWN_VERSION') | default('pwnagotchi-torch', true) }}"
    system:
      boot_options:
        - "dtoverlay=dwc2"
        - "dtoverlay=spi1-3cs"
        - "dtparam=spi=on"
        - "dtparam=i2c_arm=on"
        - "dtparam=i2c1=on"
        - "gpu_mem=16"
      modules:
        - "i2c-dev"
    services:
      enable:
        - dphys-swapfile.service
        - pwnagotchi.service
        - bettercap.service
        - pwngrid-peer.service
        - fstrim.timer
      disable:
        - apt-daily.timer
        - apt-daily.service
        - apt-daily-upgrade.timer
        - apt-daily-upgrade.service
        - bluetooth.service
        - ifup@wlan0.service
    packages:
      bettercap:
        # We will install bettercap from source
        # url: "https://github.com/jayofelony/bettercap/releases/download/2.32.1/bettercap-2.32.1.zip"
        ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip"
      pwngrid:
        # url: "https://github.com/evilsocket/pwngrid/releases/download/v1.10.3/pwngrid_linux_aarch64_v1.10.3.zip"
      apt:
        downgrade:
          - libpcap0.8-dev_1.9.1-3_arm64.deb
          - libpcap0.8_1.9.1-3_arm64.deb
          - libpcap-dev_1.9.1-3_arm64.deb
        hold:
          - libpcap-dev
          - libpcap0.8
          - libpcap0.8-dev
          - firmware-atheros
          - firmware-brcm80211
          - firmware-libertas
          - firmware-misc-nonfree
          - firmware-realtek
        remove:
          - raspberrypi-net-mods
          - dhcpcd5
          - triggerhappy
          - wpasupplicant
          - nfs-common
          - libraspberrypi0
          - libraspberrypi-dev
          - libraspberrypi-doc
          - libraspberrypi-bin
          - golang
        install:
          - bluez
          - raspberrypi-kernel-headers
          - git
          - libgmp3-dev
          - gawk
          - qpdf
          - bison
          - flex
          - make
          - autoconf
          - libtool
          - texinfo
          - gcc-arm-none-eabi
          - wl
          - libfl-dev
          - g++
          - xxd
          - aircrack-ng
          - time
          - rsync
          - vim
          - wget
          - screen
          - build-essential
          - dkms
          - python3-pip
          - python3-smbus
          - unzip
          - libopenmpi-dev
          - libatlas-base-dev
          - libelf-dev
          - libopenjp2-7
          - libtiff5
          - tcpdump
          - lsof
          - libgstreamer1.0-0
          - libavcodec58
          - libavformat58
          - libswscale5
          - libusb-1.0-0-dev
          - libnetfilter-queue-dev
          - libopenmpi3
          - dphys-swapfile
          - libdbus-1-dev
          - libdbus-glib-1-dev
          - liblapack-dev
          - libhdf5-dev
          - libc-ares-dev
          - libeigen3-dev
          - fonts-dejavu
          - fonts-dejavu-core
          - fonts-dejavu-extra
          - python3-pil
          - python3-smbus
          - libfuse-dev
          - libatlas-base-dev
          - libopenblas-dev
          - libblas-dev
          - bc
          - libgl1-mesa-glx
          - libncursesw5-dev
          - libssl-dev
          - libsqlite3-dev
          - tk-dev
          - libgdbm-dev
          - libc6-dev
          - libbz2-dev
          - libffi-dev
          - zlib1g-dev
          - fonts-freefont-ttf
          - fbi
          - python3-flask
          - python3-flask-cors
          - python3-flaskext.wtf
          - build-essential
          - libpcap-dev
          - libusb-1.0-0-dev
          - libnetfilter-queue-dev
  environment:
    ARCHFLAGS: "-arch armv8"

  tasks:
  - name: Create pi user
    user:
      name: pi
      password: "{{ 'raspberry' | password_hash('sha512') }}"
      shell: /bin/bash
      update_password: on_create

  - name: change hostname
    lineinfile:
      dest: /etc/hostname
      regexp: '^raspberrypi'
      line: "{{pwnagotchi.hostname}}"
      state: present
    when: lookup('file', '/etc/hostname') == "raspberrypi"
    register: hostname

  - name: add hostname to /etc/hosts
    lineinfile:
      dest: /etc/hosts
      regexp: '^127\.0\.1\.1[ \t]+raspberrypi'
      line: "127.0.1.1\t{{pwnagotchi.hostname}}"
      state: present
    when: hostname.changed

  - name: disable sap plugin for bluetooth.service
    lineinfile:
      dest: /lib/systemd/system/bluetooth.service
      regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd$'
      line: 'ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap'
      state: present

  - name: configure dphys-swapfile
    lineinfile:
      path: /etc/dphys-swapfile
      regexp: "^CONF_SWAPSIZE=.*$"
      line: "CONF_SWAPSIZE=2048"

  - name: update apt package cache
    apt:
      update_cache: yes

  - name: install packages
    become_user: root
    apt:
      name: "{{ packages.apt.install }}"
      state: present

# Install nexmon to fix wireless scanning (takes 2.5G of space)
  - name: clone nexmon repository
    git:
      repo: https://github.com/DrSchottky/nexmon.git
      dest: /usr/local/src/nexmon
    register: nexmongit

  - name: make firmware
    shell: "source ./setup_env.sh && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: choose the right kernel version (bcm43436b0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43436b0)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43436b0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43436b0)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43436b0)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/brcmfmac43436-sdio.bin
      dest: /usr/lib/firmware/brcm/brcmfmac43436-sdio.bin


  - name: choose the right kernel version (bcm43430a1)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43430a1)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43430a1)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43430a1)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43430a1)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin
      dest: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin

  - name: copy 43430-sdio as 43436s-sdio for the special 43430/1 /2
    copy:
      src: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin
      dest: /usr/lib/firmware/brcm/brcmfmac43436s-sdio.bin

  - name: Delete the firmware blob to avoid it crashing
    file:
      state: absent
      path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob

  - name: Delete the RPiZW firmware blob to avoid it crashing
    file:
      state: absent
      path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.clm_blob

  - name: Delete the RPi3 firmware blob to avoid it crashing
    file:
      state: absent
      path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob

  - name: choose the right kernel version (bcm43455c0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      backup: no
      regexp: "KERNEL_VERSION = .*$"
      replace: "KERNEL_VERSION = 6.1"

  - name: choose the right kernel release (variable) (bcm43455c0)
    lineinfile:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      insertafter: "DRIVER_FOLDER_NAME = .*$"
      line: "KERNEL_RELEASE = 6.1.21-v8+"

  - name: choose the right kernel release (replace string) (bcm43455c0)
    replace:
      dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile
      backup: no
      regexp: "shell uname -r"
      replace: "KERNEL_RELEASE"

  - name: make firmware patch (bcm43455c0)
    shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/nexmon/

  - name: install new firmware (bcm43455c0)
    copy:
      src: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/brcmfmac43455-sdio.bin
      dest: /usr/lib/firmware/brcm/brcmfmac43455-sdio.bin

  - name: backup original driver
    copy:
      src: /usr/lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz
      dest: /usr/lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz.orig

  - name: copy modified driver
    copy:
      src: /usr/local/src/nexmon/patches/driver/brcmfmac_6.1.y-nexmon/brcmfmac.ko
      dest: /usr/lib/modules/6.1.21-v8+/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko

  - name: Add the brcmfmac module
    community.general.modprobe:
      name: brcmfmac
      state: present
      persistent: present

  # To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation
  - name: Delete nexmon content & directory
    file:
      state: absent
      path: /usr/local/src/nexmon/

  - name: Creates custom plugin directory
    file:
      path: /usr/local/share/pwnagotchi/custom-plugins/
      state: directory

  - name: clone pwnagotchi repository
    git:
      repo: https://github.com/jayofelony/pwnagotchi.git
      dest: /usr/local/src/pwnagotchi
    register: pwnagotchigit

  - name: create /usr/local/share/pwnagotchi/ folder
    file:
      path: /usr/local/share/pwnagotchi/
      state: directory

  - name: build pwnagotchi wheel
    command: "python3 setup.py sdist bdist_wheel"
    args:
      chdir: /usr/local/src/pwnagotchi
    when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

  - name: install pwnagotchi wheel and dependencies
    pip:
      name: "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}"
      extra_args: "--no-cache-dir"
    when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version)

  - name: remove pwnagotchi folder
    file:
      state: absent
      path: /usr/local/src/pwnagotchi

  # Install go-1.20.6
  - name: Install go-1.21
    unarchive:
      src: https://go.dev/dl/go1.21.1.linux-arm64.tar.gz
      dest: /usr/local
      remote_src: yes
    register: golang

  - name: Update .bashrc for go-1.21
    blockinfile:
      dest: /home/pi/.bashrc
      state: present
      block: |
        export GOPATH=$HOME/go
        export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin
    when: golang.changed

  - name: download pwngrid 1.10.4
    git:
      repo: https://github.com/jayofelony/pwngrid.git
      dest: /usr/local/src/pwngrid
    register: pwngrid

  - name: install pwngrid 1.10.4
    shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/pwngrid
    when: pwngrid.changed

  - name: remove pwngrid folder
    file:
      state: absent
      path: /usr/local/src/pwngrid

  - name: download bettercap v2.32.1
    git:
      repo: https://github.com/jayofelony/bettercap.git
      dest: /usr/local/src/bettercap
    register: bettercap

  - name: Install bettercap v2.32.1
    shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install"
    args:
      executable: /bin/bash
      chdir: /usr/local/src/bettercap
    when: bettercap.changed

  - name: remove bettercap folder
    file:
      state: absent
      path: /usr/local/src/bettercap

  - name: clone bettercap caplets
    git:
      repo: https://github.com/jayofelony/caplets.git
      dest: /tmp/caplets
    register: capletsgit

  - name: install bettercap caplets
    make:
      chdir: /tmp/caplets
      target: install
    when: capletsgit.changed

  - name: download and install bettercap ui
    unarchive:
      src: "{{ packages.bettercap.ui }}"
      dest: /usr/local/share/bettercap/
      remote_src: yes
      mode: 0755

  - name: add HDMI powersave to rc.local
    blockinfile:
      path: /etc/rc.local
      insertbefore: "exit 0"
      block: |
        if ! /opt/vc/bin/tvservice -s | egrep 'HDMI|DVI'; then
          /opt/vc/bin/tvservice -o
        fi

  - name: create /etc/pwnagotchi folder
    become_user: root
    file:
      path: /etc/pwnagotchi
      state: directory

  - name: check if user configuration exists
    become_user: root
    stat:
      path: /etc/pwnagotchi/config.toml
    register: user_config

  - name: create /etc/pwnagotchi/config.toml
    become_user: root
    copy:
      dest: /etc/pwnagotchi/config.toml
      content: |
        # Add your configuration overrides on this file any configuration changes done to default.toml will be lost!
        # Example:
        # ui.display.enabled = true
        # ui.display.type = "waveshare_2"
    when: not user_config.stat.exists

  - name: enable ssh on boot
    become_user: root
    file:
      path: /boot/ssh
      state: touch

  - name: adjust /boot/config.txt
    become_user: root
    lineinfile:
      dest: /boot/config.txt
      insertafter: EOF
      line: '{{ item }}'
    with_items: "{{system.boot_options}}"

  - name: adjust /etc/modules
    become_user: root
    lineinfile:
      dest: /etc/modules
      insertafter: EOF
      line: '{{ item }}'
    with_items: "{{system.modules}}"

  - name: change root partition
    become_user: root
    replace:
      dest: /boot/cmdline.txt
      backup: no
      regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+"
      replace: "root=/dev/mmcblk0p2"

  - name: configure /boot/cmdline.txt
    become_user: root
    lineinfile:
      path: /boot/cmdline.txt
      backrefs: True
      state: present
      backup: no
      regexp: '(.*)$'
      line: '\1 modules-load=dwc2,g_ether'

  - name: configure 01-motd
    become_user: root
    copy:
      dest: /etc/update-motd.d/01-motd
      content: |
        #!/bin/sh
        _hostname=$(hostname)
        _version=$(cut -d"'" -f2 < /usr/local/lib/python3.9/dist-packages/pwnagotchi/_version.py)
        echo
        echo "(◕‿‿◕) $_hostname"
        echo
        echo "    Hi! I'm a pwnagotchi $_version, please take good care of me!"
        echo "    Here are some basic things you need to know to raise me properly!"
        echo
        echo "    If you want to change my configuration, use /etc/pwnagotchi/config.toml"
        echo
        echo "    All the configuration options can be found on /etc/pwnagotchi/default.toml,"
        echo "    but don't change this file because I will recreate it every time I'm restarted!"
        echo
        echo "    I use oPwnGrid as my main API, you can check stats at https://opwngrid.xyz"
        echo
        echo "    I'm managed by systemd. Here are some basic commands."
        echo
        echo "    If you want to know what I'm doing, you can check my logs with the command"
        echo "    - pwnlog"
        echo "    - sudo pwnagotchi --version, to check the current version"
        echo "    - sudo pwnagotchi --donate, to see how you can donate to this project"
        echo "    - sudo pwnagotchi --check-update, to see if there is a new version available"
        echo
        echo "    If you want to know if I'm running, you can use"
        echo "    systemctl status pwnagotchi"
        echo
        echo "    You can restart me using"
        echo "    systemctl restart pwnagotchi"
        echo
        echo "    You learn more about me at https://pwnagotchi.ai/"
    when: hostname.changed

  - name: Add pwnlog alias
    lineinfile:
      dest: /home/pi/.bashrc
      line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log | sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" | cut -d \" \" -f 2-'"
      insertafter: EOF

  - name: Add pwnlog alias
    lineinfile:
      dest: /home/pi/.bashrc
      line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'"
      insertafter: EOF

  - name: download old libpcap packages
    get_url:
      url: "http://ports.ubuntu.com/pool/main/libp/libpcap/{{ item }}"
      dest: /usr/local/src/
    with_items: "{{ packages.apt.downgrade }}"

  - name: install old libpcap packages
    become_user: root
    apt:
      force: True
      state: present
      deb: "/usr/local/src/{{ item }}"
    with_items: "{{ packages.apt.downgrade }}"
    register: libpcap

  - name: remove old libpcap files
    become_user: root
    file:
      path: "/usr/local/src/{{ item }}"
      state: absent
    with_items: "{{ packages.apt.downgrade }}"

  - name: add firmware packages to hold
    become_user: root
    dpkg_selections:
      name: "{{ item }}"
      selection: hold
    with_items: "{{ packages.apt.hold }}"
    when: libpcap.changed

  - name: disable unnecessary services
    become_user: root
    systemd:
      name: "{{ item }}"
      state: stopped
      enabled: no
    with_items: "{{ services.disable }}"

  - name: enable services
    become_user: root
    systemd:
      name: "{{ item }}"
      enabled: true
      state: stopped
    with_items: "{{ services.enable }}"

  - name: remove ssh keys
    become_user: root
    file:
      state: absent
      path: "{{ item }}"
    with_fileglob:
      - "/etc/ssh/ssh_host*_key*"

  - name: remove unnecessary apt packages
    become_user: root
    apt:
      name: "{{ packages.apt.remove }}"
      state: absent
      purge: yes

  - name: clean apt cache
    become_user: root
    apt:
      autoclean: true

  - name: remove dependencies that are no longer required
    become_user: root
    apt:
      autoremove: yes

  handlers:
  - name: reload systemd services
    become_user: root
    systemd:
      daemon_reload: yes