--- - hosts: - 127.0.0.1 gather_facts: true become: true vars: kernel: min: "6.1" full: "6.1.31-sun50iw9" pwnagotchi: hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}" version: "{{ lookup('env', 'PWN_VERSION') | default('pwnagotchi-torch', true) }}" system: boot_options: - "dtoverlay=dwc2" - "dtoverlay=spi1-3cs" - "dtparam=i2c1=on" - "dtparam=i2c_arm=on" - "dtparam=spi=on" - "gpu_mem=16" modules: - "i2c-dev" - "g_ether" services: enable: - bettercap.service - dphys-swapfile.service - fstrim.timer - pwnagotchi.service - pwngrid-peer.service disable: - apt-daily-upgrade.service - apt-daily-upgrade.timer - apt-daily.service - apt-daily.timer - avahi-daemon.service - avahi-daemon.socket - bluetooth.service - ifup@wlan0.service - rpi-eeprom-update.service - triggerhappy.service - wpa_supplicant.service packages: caplets: source: "https://github.com/jayofelony/caplets.git" bettercap: # We will install bettercap from source source: "https://github.com/jayofelony/bettercap.git" url: "https://github.com/jayofelony/bettercap/releases/download/2.32.1/bettercap-2.32.1.zip" ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip" opwngrid: source: "https://github.com/jayofelony/opwngrid.git" url: "https://github.com/rai68/opwngrid/releases/download/publish/pwngrid_linux_aarch64_v1.10.3-1.zip" apt: downgrade: - libpcap-dev_1.9.1-4_arm64.deb - libpcap0.8-dbg_1.9.1-4_arm64.deb - libpcap0.8-dev_1.9.1-4_arm64.deb - libpcap0.8_1.9.1-4_arm64.deb hold: - firmware-atheros - firmware-brcm80211 - firmware-libertas - firmware-misc-nonfree - firmware-realtek - libpcap-dev - libpcap0.8 - libpcap0.8-dev - libpcap0.8-dbg remove: - avahi-daemon - nfs-common - rpi-eeprom - triggerhappy - wpasupplicant install: - autoconf - bc - bison - bluez - build-essential - curl - dkms - dphys-swapfile - fbi - flex - fonts-dejavu - fonts-dejavu-core - fonts-dejavu-extra - fonts-freefont-ttf - g++ - gawk - gcc-arm-none-eabi - git - libatlas-base-dev - libavcodec58 - libavformat58 - libblas-dev - libbluetooth-dev - libbz2-dev - libc-ares-dev - libc6-dev - libcap-dev - libdbus-1-dev - libdbus-glib-1-dev - libeigen3-dev - libelf-dev - libffi-dev - libfl-dev - libfuse-dev - libgdbm-dev - libgl1-mesa-glx - libgmp3-dev - libgstreamer1.0-0 - libhdf5-dev - liblapack-dev - libncursesw5-dev - libnetfilter-queue-dev - libopenblas-dev - libopenjp2-7 - libopenmpi-dev - libopenmpi3 - libpcap-dev - libraspberrypi-bin - libraspberrypi-dev - libraspberrypi-doc - libraspberrypi0 - libsqlite3-dev - libssl-dev - libswscale5 - libtiff5 - libtool - libusb-1.0-0-dev - lsof - make - python3-dbus - python3-flask - python3-flask-cors - python3-flaskext.wtf - python3-pil - python3-pip - python3-smbus - qpdf - raspberrypi-kernel-headers - rsync - screen - tcpdump - texinfo - time - tk-dev - unzip - vim - wget - wl - xxd - zlib1g-dev environment: ARCHFLAGS: "-arch aarch64" QEMU_UNAME: "{{ kernel.full }}" tasks: - name: Create user=pi, pass=orange copy: dest: /boot/userconf content: | pi:$6$2f51RQqfvzZaVljt$zNBftBn3LDVjJckR0cA/RdGA3iCshbUvuUUhIOD2uVLnaBazoxHmgiD1a0xAz6gQO4i3rGLzme931bJeNwNyx. - name: change hostname lineinfile: dest: /etc/hostname regexp: '^raspberrypi' line: "{{pwnagotchi.hostname}}" state: present when: lookup('file', '/etc/hostname') == "raspberrypi" register: hostname - name: add hostname to /etc/hosts lineinfile: dest: /etc/hosts regexp: '^127\.0\.1\.1[ \t]+raspberrypi' line: "127.0.1.1\t{{pwnagotchi.hostname}}" state: present when: hostname.changed - name: disable sap plugin for bluetooth.service lineinfile: dest: /lib/systemd/system/bluetooth.service regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd$' line: 'ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap' state: present - name: configure dphys-swapfile lineinfile: path: /etc/dphys-swapfile regexp: "^CONF_SWAPSIZE=.*$" line: "CONF_SWAPSIZE=2048" - name: install packages apt: name: "{{ packages.apt.install }}" state: present update_cache: yes install_recommends: false ########################################### # # libpcap v1.9 - build from source # ########################################### # check for presence, then it can re-run in later parts if needed # use the "make" built in # install libpcap before bettercap and pwngrid, so they use it - name: clone libpcap v1.9 from github git: repo: 'https://github.com/the-tcpdump-group/libpcap.git' dest: /usr/local/src/libpcap version: libpcap-1.9 - name: build and install libpcap into /usr/local/lib shell: "./configure && make && make install" args: executable: /bin/bash chdir: /usr/local/src/libpcap - name: remove libpcap build folder file: state: absent path: /usr/local/src/libpcap - name: create symlink /usr/local/lib/libpcap.so.1.9.1 file: src: /usr/local/lib/libpcap.so.1.9.1 dest: /usr/local/lib/libpcap.so.0.8 state: link - name: Create custom plugin directory file: path: /usr/local/share/pwnagotchi/custom-plugins/ state: directory - name: Create custom config directory file: path: /etc/pwnagotchi/conf.d/ state: directory - name: clone pwnagotchi repository git: repo: https://github.com/jayofelony/pwnagotchi.git dest: /usr/local/src/pwnagotchi register: pwnagotchigit - name: build pwnagotchi wheel command: "python3 setup.py sdist bdist_wheel" args: chdir: /usr/local/src/pwnagotchi when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version) - name: install pwnagotchi wheel and dependencies pip: name: "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}" extra_args: "--no-cache-dir" when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version) - name: remove pwnagotchi folder file: state: absent path: /usr/local/src/pwnagotchi - name: Install go-1.21 unarchive: src: https://go.dev/dl/go1.21.4.linux-arm64.tar.gz dest: /usr/local remote_src: yes register: golang - name: Update .bashrc for go-1.21 blockinfile: dest: /home/pi/.bashrc state: present block: | export GOPATH=$HOME/go export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin when: golang.changed - name: download pwngrid 1.10.4 git: repo: "{{ packages.opwngrid.source }}" dest: /usr/local/src/opwngrid register: pwngrid - name: install pwngrid 1.10.4 shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install" args: executable: /bin/bash chdir: /usr/local/src/opwngrid when: pwngrid.changed - name: remove pwngrid folder file: state: absent path: /usr/local/src/opwngrid - name: download bettercap git: repo: "{{ packages.bettercap.source }}" dest: /usr/local/src/bettercap - name: install bettercap 2.32.1 shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install" args: executable: /bin/bash chdir: /usr/local/src/bettercap - name: remove bettercap folder file: state: absent path: /usr/local/src/bettercap #- name: download and install bettercap # unarchive: # src: "{{ packages.bettercap.url }}" # dest: /usr/local/bin # remote_src: yes # exclude: # - README.md # - LICENSE.md # mode: 0755 - name: clone bettercap caplets git: repo: "{{ packages.caplets.source }}" dest: /tmp/caplets register: capletsgit - name: install bettercap caplets make: chdir: /tmp/caplets target: install when: capletsgit.changed - name: download and install bettercap ui unarchive: src: "{{ packages.bettercap.ui }}" dest: /usr/local/share/bettercap/ remote_src: yes mode: 0755 # to always have the bettercap webui available (because why not?) - name: copy pwnagotchi-manual over pwnagotchi-auto caplet ansible.builtin.copy: src: /usr/local/share/bettercap/caplets/pwnagotchi-manual.cap dest: /usr/local/share/bettercap/caplets/pwnagotchi-auto.cap force: true ignore_errors: true - name: add HDMI powersave to rc.local blockinfile: path: /etc/rc.local insertbefore: "exit 0" block: | if ! /usr/bin/tvservice -s | egrep 'HDMI|DVI'; then /usr/bin/tvservice -o fi - name: create /etc/pwnagotchi folder file: path: /etc/pwnagotchi state: directory - name: check if user configuration exists stat: path: /etc/pwnagotchi/config.toml register: user_config - name: create /etc/pwnagotchi/config.toml copy: dest: /etc/pwnagotchi/config.toml content: | # Add your configuration overrides on this file any configuration changes done to default.toml will be lost! # Example: # ui.display.enabled = true # ui.display.type = "waveshare_2" when: not user_config.stat.exists - name: Delete motd file: state: absent path: /etc/motd - name: Delete motd 10-uname file: state: absent path: /etc/update-motd.d/10-uname - name: enable ssh on boot file: path: /boot/ssh state: touch - name: adjust /etc/modules lineinfile: dest: /etc/modules insertafter: EOF line: '{{ item }}' with_items: "{{system.modules}}" - name: Add pwnlog alias lineinfile: dest: /home/pi/.bashrc line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log | sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" | cut -d \" \" -f 2-'" insertafter: EOF - name: Add pwnver alias lineinfile: dest: /home/pi/.bashrc line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'" insertafter: EOF - name: Add pwnkill alias to restart pwnagotchi with a signal lineinfile: dest: /home/pi/.bashrc line: "\nalias pwnkill='sudo killall -USR1 pwnagotchi'" insertafter: EOF - name: add firmware packages to hold dpkg_selections: name: "{{ item }}" selection: hold with_items: "{{ packages.apt.hold }}" - name: disable unnecessary services systemd: name: "{{ item }}" state: stopped enabled: no with_items: "{{ services.disable }}" - name: enable services systemd: name: "{{ item }}" enabled: true state: stopped with_items: "{{ services.enable }}" register: enabled - name: remove unnecessary apt packages apt: name: "{{ packages.apt.remove }}" state: absent purge: yes register: removed - name: clean apt cache apt: autoclean: true when: removed.changed - name: remove pip cache file: state: absent path: /root/.cache/pip - name: remove dependencies that are no longer required apt: autoremove: yes when: removed.changed - name: remove ssh keys file: state: absent path: "{{ item }}" with_fileglob: - "/etc/ssh/ssh_host*_key*" - name: regenerate ssh keys shell: "dpkg-reconfigure openssh-server" args: executable: /bin/bash handlers: - name: reload systemd services systemd: daemon_reload: yes when: enabled.changed