new builder system based on packer/ansible
This commit is contained in:
parent
9fc2c0aebc
commit
e0ddd0de57
16
.travis.yml
16
.travis.yml
@ -1,23 +1,29 @@
|
||||
dist: bionic
|
||||
language: generic
|
||||
language: go
|
||||
|
||||
go:
|
||||
- 1.x
|
||||
|
||||
env:
|
||||
global:
|
||||
- LANG=C
|
||||
- LC_ALL=C
|
||||
|
||||
before_cache:
|
||||
- mountpoint -q $TRAVIS_BUILD_DIR/tmp/mnt && sudo umount -R $TRAVIS_BUILD_DIR/tmp/mnt
|
||||
- sudo find $TRAVIS_BUILD_DIR/tmp/ -name '*.img' -delete
|
||||
|
||||
cache:
|
||||
apt: true
|
||||
directories:
|
||||
- tmp/
|
||||
|
||||
before_script:
|
||||
- sudo apt-get -y update
|
||||
- sudo apt-get -y install qemu-user-static binfmt-support qemu bmap-tools
|
||||
- sudo apt-get -y install qemu-user-static binfmt-support qemu kpartx
|
||||
- sudo update-binfmts --display
|
||||
- unset GOROOT
|
||||
|
||||
script:
|
||||
- sudo ./scripts/create_sibling.sh -n pwnagotchi -o pwnagotchi.img
|
||||
- zip -s 2g pwnagotchi.zip pwnagotchi.img
|
||||
- sudo -E env "PATH=$PATH" make -e PWN_HOSTNAME="pwnagotchi" VERSION="$TRAVIS_TAG"
|
||||
|
||||
# TODO: deploy!
|
||||
|
22
Makefile
Normal file
22
Makefile
Normal file
@ -0,0 +1,22 @@
|
||||
PWN_HOSTNAME="pwnagotchi"
|
||||
PWN_VERSION="master"
|
||||
|
||||
all: install image clean
|
||||
|
||||
install:
|
||||
@curl https://releases.hashicorp.com/packer/1.3.5/packer_1.3.5_linux_amd64.zip -o /tmp/packer.zip
|
||||
@unzip /tmp/packer.zip -d /tmp
|
||||
@mv /tmp/packer /usr/bin/packer
|
||||
@git clone https://github.com/solo-io/packer-builder-arm-image /tmp/packer-builder-arm-image
|
||||
@cd /tmp/packer-builder-arm-image && go get -d ./... && go build
|
||||
@cp /tmp/packer-builder-arm-image/packer-builder-arm-image /usr/bin
|
||||
|
||||
image:
|
||||
@cd builder && sudo packer build pwnagotchi.json
|
||||
@mv builder/output-pwnagotchi/image pwnagotchi-raspbian-lite-$(PWN_VERSION).img
|
||||
@zip pwnagotchi-raspbian-lite-$(PWN_VERSION).zip pwnagotchi-raspbian-lite-$(PWN_VERSION).img
|
||||
|
||||
clean:
|
||||
@rm -rf /tmp/packer-builder-arm-image
|
||||
@rm -f pwnagotchi-raspbian-lite.img
|
||||
@rm -rf builder/output-pwnagotchi builder/packer_cache
|
26
builder/pwnagotchi.json
Normal file
26
builder/pwnagotchi.json
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"variables": {
|
||||
"home": "{{env `HOME`}}"
|
||||
},
|
||||
"builders": [{
|
||||
"name": "pwnagotchi",
|
||||
"type": "arm-image",
|
||||
"iso_url" : "https://downloads.raspberrypi.org/raspbian_lite/images/raspbian_lite-2019-07-12/2019-07-10-raspbian-buster-lite.zip",
|
||||
"iso_checksum_type":"sha256",
|
||||
"iso_checksum":"9e5cf24ce483bb96e7736ea75ca422e3560e7b455eee63dd28f66fa1825db70e",
|
||||
"last_partition_extra_size" : 3221225472
|
||||
}],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "shell",
|
||||
"inline": [
|
||||
"apt-get -y update",
|
||||
"apt-get install -y ansible"
|
||||
]
|
||||
},
|
||||
{
|
||||
"type":"ansible-local",
|
||||
"playbook_file": "pwnagotchi.yml"
|
||||
}
|
||||
]
|
||||
}
|
289
builder/pwnagotchi.yml
Normal file
289
builder/pwnagotchi.yml
Normal file
@ -0,0 +1,289 @@
|
||||
---
|
||||
- hosts:
|
||||
- 127.0.0.1
|
||||
become: yes
|
||||
vars:
|
||||
pwn_hostname: "pwnagotchi"
|
||||
pwn_version: "master"
|
||||
|
||||
tasks:
|
||||
|
||||
- name: selected hostname
|
||||
debug:
|
||||
msg: "{{ pwn_hostname }}"
|
||||
|
||||
- name: build version
|
||||
debug:
|
||||
msg: "{{ pwn_version }}"
|
||||
|
||||
- name: change hostname
|
||||
hostname:
|
||||
name: "{{pwn_hostname}}"
|
||||
|
||||
- name: add hostname to /etc/hosts
|
||||
lineinfile:
|
||||
dest: /etc/hosts
|
||||
regexp: '^127\.0\.0\.1[ \t]+localhost'
|
||||
line: '127.0.0.1 localhost {{pwn_hostname}} {{pwn_hostname}}.local'
|
||||
state: present
|
||||
|
||||
- name: Add re4son-kernel repo key
|
||||
apt_key:
|
||||
url: https://re4son-kernel.com/keys/http/archive-key.asc
|
||||
state: present
|
||||
|
||||
- name: Add re4son-kernel repository
|
||||
apt_repository:
|
||||
repo: deb http://http.re4son-kernel.com/re4son/ kali-pi main
|
||||
state: present
|
||||
|
||||
- name: update apt package cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: upgrade apt distro
|
||||
apt:
|
||||
upgrade: dist
|
||||
|
||||
- name: install packages
|
||||
apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
vars:
|
||||
packages:
|
||||
- vim
|
||||
- screen
|
||||
- golang
|
||||
- git
|
||||
- build-essential
|
||||
- python3-pip
|
||||
- gawk
|
||||
- libopenmpi-dev
|
||||
- libatlas-base-dev
|
||||
- libjasper-dev
|
||||
- libqtgui4
|
||||
- libqt4-test
|
||||
- libopenjp2-7
|
||||
- tcpdump
|
||||
- lsof
|
||||
- libilmbase23
|
||||
- libopenexr23
|
||||
- libgstreamer1.0-0
|
||||
- libavcodec58
|
||||
- libavformat58
|
||||
- libswscale5
|
||||
- libpcap-dev
|
||||
- libusb-1.0-0-dev
|
||||
- libnetfilter-queue-dev
|
||||
- dphys-swapfile
|
||||
- kalipi-kernel
|
||||
- kalipi-bootloader
|
||||
- kalipi-re4son-firmware
|
||||
- kalipi-kernel-headers
|
||||
- libraspberrypi0
|
||||
- libraspberrypi-dev
|
||||
- libraspberrypi-doc
|
||||
- libraspberrypi-bin
|
||||
- fonts-dejavu
|
||||
- fonts-dejavu-core
|
||||
- fonts-dejavu-extra
|
||||
|
||||
- name: configure dphys-swapfile
|
||||
file:
|
||||
path: /etc/dphys-swapfile
|
||||
content: "CONF_SWAPSIZE=1024"
|
||||
|
||||
- name: disable unecessary services
|
||||
systemd:
|
||||
name: "{{services}}"
|
||||
state: stopped
|
||||
enabled: no
|
||||
vars:
|
||||
services:
|
||||
- apt-daily.timer
|
||||
- apt-daily.service
|
||||
- apt-daily-upgrade.timer
|
||||
- apt-daily-upgrade.service
|
||||
- bluetooth.service
|
||||
- triggerhappy.service
|
||||
|
||||
- name: enable dphys-swapfile service
|
||||
systemd:
|
||||
name: dphys-swapfile.service
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: build bettercap
|
||||
command: go get -u github.com/bettercap/bettercap
|
||||
environment:
|
||||
GOPATH: /root/go
|
||||
|
||||
- name: install bettercap
|
||||
copy:
|
||||
src: /root/go/bin/bettercap
|
||||
dest: /usr/bin/bettercap
|
||||
mode: 0755
|
||||
|
||||
- name: clone bettercap caplets
|
||||
git:
|
||||
repo: https://github.com/bettercap/caplets.git
|
||||
dest: /tmp/caplets
|
||||
|
||||
- name: install bettercap caplets
|
||||
make:
|
||||
chdir: /tmp/caplets
|
||||
target: install
|
||||
|
||||
- name: clone pwnagotchi repository
|
||||
git:
|
||||
repo: https://github.com/evilsocket/pwnagotchi.git
|
||||
dest: /tmp/pwnagotchi
|
||||
|
||||
- name: copy pwnagotchi files to final destination
|
||||
copy:
|
||||
src: /tmp/pwnagotchi/sdcard/rootfs/root/pwnagotchi/
|
||||
dest: /root/pwnagotchi/
|
||||
mode: preserve
|
||||
|
||||
- name: remove pwnagotchi files from temporary repository
|
||||
file:
|
||||
path: /tmp/pwnagotchi
|
||||
state: absent
|
||||
|
||||
- name: install python modules
|
||||
pip:
|
||||
requirements: /root/pwnagotchi/scripts/requirements.txt
|
||||
|
||||
- name: create cpuusage script
|
||||
copy:
|
||||
dest: /usr/bin/cpuusage
|
||||
mode: 0755
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
while true
|
||||
do
|
||||
top -b -n1 | awk '/Cpu\(s\)/ { printf("%d %", $2 + $4 + 0.5) }'
|
||||
sleep 3
|
||||
done
|
||||
|
||||
- name: create memusage script
|
||||
copy:
|
||||
dest: /usr/bin/memusage
|
||||
mode: 0755
|
||||
content: |
|
||||
#!/usr/bin/env
|
||||
free -m | awk '/Mem/ { printf( "%d %", $3 / $2 * 100 + 0.5 ) }'
|
||||
|
||||
- name: create monstart script
|
||||
copy:
|
||||
dest: /usr/bin/monstart
|
||||
mode: 0755
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
iw phy phy0 interface add mon0 type monitor && ifconfig mon0 up
|
||||
|
||||
- name: create monstop script
|
||||
copy:
|
||||
dest: /usr/bin/monstop
|
||||
mode: 0755
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
ifconfig mon0 down && iw dev mon0 del
|
||||
|
||||
- name: configure rc.local
|
||||
blockinfile:
|
||||
path: /etc/rc.local
|
||||
insertbefore: "exit 0"
|
||||
block: |
|
||||
if ! /opt/vc/bin/tvservice -s | grep HDMI; then
|
||||
/opt/vc/bin/tvservice -o
|
||||
fi
|
||||
/root/pwnagotchi/scripts/startup.sh &
|
||||
|
||||
- name: configure usb interface
|
||||
blockinfile:
|
||||
path: /etc/network/interfaces.d/usb0.cfg
|
||||
create: yes
|
||||
block: |
|
||||
allow-hotplug usb0
|
||||
iface usb0 inet static
|
||||
address 10.0.0.2
|
||||
netmask 255.255.255.0
|
||||
network 10.0.0.0
|
||||
broadcast 10.0.0.255
|
||||
gateway 10.0.0.1
|
||||
|
||||
- name: configure eth0 interface (pi2/3/4)
|
||||
blockinfile:
|
||||
path: /etc/network/interfaces.d/eth0.cfg
|
||||
create: yes
|
||||
block: |
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet dhcp
|
||||
|
||||
- name: enable ssh on boot
|
||||
file:
|
||||
path: /boot/ssh
|
||||
state: touch
|
||||
|
||||
- name: adjust /boot/config.txt
|
||||
lineinfile:
|
||||
dest: /boot/config.txt
|
||||
insertafter: EOF
|
||||
line: '{{ item }}'
|
||||
with_items:
|
||||
- "dtoverlay=dwc2"
|
||||
- "dtparam=spi=on"
|
||||
- "dtoverlay=spi1-3cs"
|
||||
- "dtoverlay=pi3-disable-bt"
|
||||
- "dtparam=audio=off"
|
||||
|
||||
- name: change root partition
|
||||
replace:
|
||||
dest: /boot/cmdline.txt
|
||||
backup: no
|
||||
regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+"
|
||||
replace: "root=/dev/mmcblk0p2"
|
||||
|
||||
- name: configure /boot/cmdline.txt
|
||||
lineinfile:
|
||||
path: /boot/cmdline.txt
|
||||
backrefs: True
|
||||
state: present
|
||||
backup: no
|
||||
regexp: '(.*)$'
|
||||
line: '\1 modules-load=dwc2,g_ether'
|
||||
|
||||
- name: configure ssh
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
backup: no
|
||||
regexp: '#?PermitRootLogin (.*)$'
|
||||
line: 'PermitRootLogin yes'
|
||||
|
||||
- name: configure motd
|
||||
copy:
|
||||
dest: /etc/motd
|
||||
content: "(◕‿‿◕) {{pwn_hostname}} (pwnagotchi-{{pwn_version}})"
|
||||
|
||||
- name: clean apt cache
|
||||
apt:
|
||||
autoclean: yes
|
||||
|
||||
- name: remove dependencies that are no longer required
|
||||
apt:
|
||||
autoremove: yes
|
||||
|
||||
- name: remove ssh keys
|
||||
file:
|
||||
state: absent
|
||||
path: "{{item}}"
|
||||
with_items:
|
||||
- /etc/ssh/ssh_host_rsa_key
|
||||
- /etc/ssh/ssh_host_rsa_key.pub
|
||||
- /etc/ssh/ssh_host_dsa_key
|
||||
- /etc/ssh/ssh_host_dsa_key.pub
|
||||
- /etc/ssh/ssh_host/ecdsa_key
|
||||
- /etc/ssh/ssh_host/ecdsa_key.pub
|
||||
- /etc/ssh/ssh_host_ed25519_key
|
||||
- /etc/ssh/ssh_host_ed25519_key.pub
|
Loading…
x
Reference in New Issue
Block a user