From 571455802b4eb13d27c3feb421beb9bd40efb940 Mon Sep 17 00:00:00 2001
From: DarkFeather <ircs://aninix.net:6697/DarkFeather>
Date: Tue, 21 Oct 2025 14:04:09 -0500
Subject: [PATCH] Catchup

---
 playbooks/deploy.yml                       |  91 +++++------
 roles/Aether/tasks/main.yml                |   8 +-
 roles/Foundation/README.md                 |  17 +-
 roles/Password/package/ldap-resetpass      |  19 ++-
 roles/SSH/files/sshd_config                |   6 +-
 roles/Sharingan/files/monit/hostdefs/Node1 |   1 +
 roles/Sharingan/files/monit/hostdefs/Node2 |   1 +
 roles/Sharingan/files/monit/hostdefs/Node3 |   1 +
 roles/Sharingan/tasks/ids.yml              |   1 +
 roles/Sharingan/tasks/siem.yml             |   8 +-
 roles/Yggdrasil/package/yggdrasil-get      | 177 +++++++++++++--------
 11 files changed, 186 insertions(+), 144 deletions(-)

diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml
index b2aa1e2..1eac83c 100644
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -2,74 +2,39 @@
 # deploy.yml
 #
 # This playbook details how an entire datacenter should be deployed
-# 
-# Parameters: 
+#
+# Parameters:
 # threads: Number of threads to use; default is 16.
 #
-- hosts: Nazara
-  order: sorted
-  serial: "{{ threads | default('16') }}"
-  gather_facts: true
-  ignore_unreachable: true
-  vars_files:
-     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  vars:
-     - ansible_password: "{{ passwords[inventory_hostname] }}"
-     - ansible_become_password: "{{ passwords[inventory_hostname] }}"
-  roles:
-     - Nazara
-
 - hosts: managed
-  order: sorted
   serial: "{{ threads | default('16') }}"
   gather_facts: true
   ignore_unreachable: true
-  vars_files:
-     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  vars: # This is the only segment that should need these variables, as the basics role should take care of sudo and the SSH key.
-     - ansible_password: "{{ passwords[inventory_hostname] }}"
-     - ansible_become_password: "{{ passwords[inventory_hostname] }}"
   roles:
       - ShadowArch
       - SSH
       - Sharingan
 
+- hosts: physical
+  gather_facts: true
+  ignore_unreachable: true
+  roles:
+      - hardware
+
 - hosts: Yggdrasil
-  order: sorted
-  serial: "{{ threads | default('16') }}"
   gather_facts: true
   ignore_unreachable: true
-  vars_files:
-     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  roles: 
-      - hardware
-      - SSL
-      - WebServer
-      - IRC
-      - WolfPack
+  roles:
+      - Aether
       - Foundation
-      - Yggrasil
-
-- hosts: geth_hubs
-  order: sorted
-  serial: "{{ threads | default('16') }}"
-  gather_facts: true
-  ignore_unreachable: true
-  vars_files:
-     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  roles: 
-      - Geth-Hub
-
-- hosts: Node1,Node2,Node3
-  order: sorted
-  serial: "{{ threads | default('16') }}"
-  gather_facts: true
-  ignore_unreachable: true
-  vars_files:
-     - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
-  roles: 
-      - hardware
-      - Node
+      - Grimoire
+      - IRC
+      - Password
+      - SSL
+      - TheRaven
+      - WebServer
+      - WolfPack
+      - Yggdrasil
 
 - hosts: DarkNet
   order: sorted
@@ -81,3 +46,23 @@
   roles:
       - DarkNet
       - WolfPack
+
+- hosts: "{{ item }}"
+  gather_facts: true
+  ignore_unreachable: true
+  roles:
+     - "{{ item }}"
+  loop:
+    - Chappaai
+    - Maat
+    - Geth
+    - Node
+    - Vergil
+    #- DedSec
+    #- BT
+
+- hosts: Node3
+  gather_facts: true
+  ignore_unreachable: true
+  roles:
+    - Cyberbrain
diff --git a/roles/Aether/tasks/main.yml b/roles/Aether/tasks/main.yml
index 9e3590c..9aea2b3 100644
--- a/roles/Aether/tasks/main.yml
+++ b/roles/Aether/tasks/main.yml
@@ -36,21 +36,21 @@
 
  - name: Read the Aether identity
    become: true
-   delegate_to: Core
+   delegate_to: '{{ aether_primary }}'
    command: cat /home/aether/.ssh/aether
    register: aether_key
 
  - name: Read the Aether public identity
    become: true
-   delegate_to: Core
+   delegate_to: '{{ aether_primary }}'
    command: cat /home/aether/.ssh/aether.pub
    register: aether_pubkey
 
  - include_tasks: source.yml
-   when: "{{ inventory_hostname }} is 'Core'"
+   when: "{{ inventory_hostname }} is {{ aether_primary }}"
 
  - include_tasks: client.yml
-   when: "{{ inventory_hostname }} is 'Core'"
+   when: "{{ inventory_hostname }} is {{ aether_primary }}"
 
  - name: Ensure the Aether identity files are protected.
    become: true
diff --git a/roles/Foundation/README.md b/roles/Foundation/README.md
index 1f0e142..6f9d5e6 100644
--- a/roles/Foundation/README.md
+++ b/roles/Foundation/README.md
@@ -30,23 +30,22 @@ To get a client to access the Foundation, use one of the following or visit
 Each package will need to be checked out individually.
 
 # Equivalents or Competition
-The most famous equivalent is [https://github.com GitHub]. Other source code control systems exist, including some provided by employers or academic institutions -- GitLab provides an enterprise-style implementation. Other protocol implementations vary widely -- Mercurial, Bazaar, and SVN are other revision control systems others use. We appreciate the flexibility of Git.
+The most famous equivalent is [https://github.com](GitHub). Other source code control systems exist, including some provided by employers or academic institutions -- GitLab provides an enterprise-style implementation. Other protocol implementations vary widely -- Mercurial, Bazaar, and SVN are other revision control systems others use. We appreciate the flexibility of Git.
 
 # Additional Reference
 Some core Git tools are leveraged in specific ways for the AniNIX.
 
 ## Config for Author
-Even though the [[Talk:IRC#Why_Not_SMTP|AniNIX doesn't use SMTP]], we still use the @aninix.net suffix for the user.email config property on branches. All commits, therefore, should have the proper-case of the user's [[IRC|AniNIX::IRC]] handle as the user.name attribute, and the lower-cased username followed by @aninix.net for the user.email attribute.
+[We don't use SMTP.](/AniNIX/Wiki/issues/8) We recommend GPG keys be created with your IRC address included, in the format `ircs://aninix.net:6697/$username`. This will throw some complaints if your project gets mirrored to GitHub, as GitHub wants your key to be verified through email, but within our ecosystem the commits will be verified.
 
-## Tags for Semantic Versioning
-We version our projects according to [https://semver.org/ Semantic Versioning] -- this versioning is established using the git tag as major and minor version, the git commit as the patch, and the number of commits since the tag as the ArchLinux release note.
+To do this, see [our encryption article](https://aninix.net/AniNIX/Wiki/src/branch/main/Articles/Getting_Started_With_Encryption.md#GPG_Keys).
 
-[https://aninix.net/cgit/cgit.cgi/HelloWorld/tree/PKGBUILD Our HelloWorld PKGBUILD] demonstrates this -- most of the metadata for the package is populated directly by git, and only dependencies are tracked in the PKGBUILD itself.
+## Development Standards
+
+If you are developing projects for the AniNIX organization or want to use our standards, ensure that the project is cloned with [AniNIX/Uniglot](/AniNIX/Uniglot)'s `uniglot-clone`. This will run pre-commit hooks to check your project.
 
 ## Branches for Functional Improvements
-All major functional improvements being worked should be tracked in a branch. The branch name should be the same as the [[QANs|QAN]] for which the branch was started or the functional concept's shortname.
+All major functional improvements being worked should be tracked in a branch. The branch name should be linked to the issue for which the branch was started or the functional concept's shortname.
 
 ## Filter-branch to Prune
-Git maintains a history of all files. If you need to remove files permanently, GitHub maintains [https://help.github.com/articles/removing-sensitive-data-from-a-repository/ an article] on how to use "git filter-branch" to purge it.
-}}
-[[Category:Public_Service]]
+Git maintains a history of all files. If you need to remove files permanently, GitHub maintains [an article](https://help.github.com/articles/removing-sensitive-data-from-a-repository/) on how to use `git filter-branch` to purge it.
diff --git a/roles/Password/package/ldap-resetpass b/roles/Password/package/ldap-resetpass
index ad91e86..e8397b9 100755
--- a/roles/Password/package/ldap-resetpass
+++ b/roles/Password/package/ldap-resetpass
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+
 uid="$1"
 
 if [ -z "$uid" ]; then
@@ -7,25 +8,33 @@ if [ -z "$uid" ]; then
     exit 1
 fi
 
+# Get the bind password
 read -sp 'cn=root,dc=aninix,dc=net Password: ' rootdnpw
+printf "\n\n"
 
-ldappasswd -D 'cn=root,dc=aninix,dc=net' -w "$rootdnpw" -H ldap://127.0.0.1 "uid=$uid,ou=People,dc=aninix,dc=net" && \
-    ldapmodify -D 'cn=root,dc=aninix,dc=net' -w "$rootdnpw" -H ldap://127.0.0.1 -f <(cat <<EOM
+# Update the user password
+tput setaf 1 1>&2; tput bold 1>&2;
+/usr/bin/ldappasswd -D 'cn=root,dc=aninix,dc=net' -w "$rootdnpw" -H ldap://127.0.0.1 "uid=$uid,ou=People,dc=aninix,dc=net"
+tput sgr0
+
+# Ensure pwdReset is present
+/usr/bin/ldapmodify -D 'cn=root,dc=aninix,dc=net' -w "$rootdnpw" -H ldap://127.0.0.1 -f <(cat <<EOM
 dn: uid=$uid,ou=People,dc=aninix,dc=net
 changetype: modify
 add: pwdReset
 pwdReset: TRUE
 
-
 EOM
 )
 
-echo 'As cn=root,cn=config...' && ldapmodify -D 'cn=root,cn=config' -W -H ldap://127.0.0.1 -f <(cat <<EOM
+# Remove pwdChangedTime for immediate update
+/usr/bin/ldapmodify -e relax -D 'cn=root,dc=aninix,dc=net' -w "$rootdnpw" -H ldap://127.0.0.1 -f <(cat <<EOM
 dn: uid=$uid,ou=People,dc=aninix,dc=net
 changetype: modify
 delete: pwdChangedTime
 
-
 EOM
 )
+
+# Exit
 exit $?
diff --git a/roles/SSH/files/sshd_config b/roles/SSH/files/sshd_config
index 5cb496f..bf7316a 100644
--- a/roles/SSH/files/sshd_config
+++ b/roles/SSH/files/sshd_config
@@ -44,6 +44,9 @@ GSSAPIAuthentication no
 PermitRootLogin no
 PermitEmptyPasswords no
 
+# Allow other packages to ship snippets
+Include /etc/ssh/includes/*
+
 ## By default, only ssh-allow or ldapusers are allowed to sftp
 AllowGroups ssh sftp ldapuser
 Match Group ldapuser,sftp
@@ -58,6 +61,3 @@ Match Group wheel,ssh-allow
     X11Forwarding yes
     ForceCommand none
     ChrootDirectory none
-
-# Allow other packages to ship snippets
-Include /etc/ssh/includes/*
diff --git a/roles/Sharingan/files/monit/hostdefs/Node1 b/roles/Sharingan/files/monit/hostdefs/Node1
index 4229188..5f05c91 100644
--- a/roles/Sharingan/files/monit/hostdefs/Node1
+++ b/roles/Sharingan/files/monit/hostdefs/Node1
@@ -1 +1,2 @@
 include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/automated_response"
diff --git a/roles/Sharingan/files/monit/hostdefs/Node2 b/roles/Sharingan/files/monit/hostdefs/Node2
index 4803bb5..545ffce 100644
--- a/roles/Sharingan/files/monit/hostdefs/Node2
+++ b/roles/Sharingan/files/monit/hostdefs/Node2
@@ -1,2 +1,3 @@
 include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/automated_response"
 include "/etc/monit.d/checks/cyberpower"
diff --git a/roles/Sharingan/files/monit/hostdefs/Node3 b/roles/Sharingan/files/monit/hostdefs/Node3
index 4229188..5f05c91 100644
--- a/roles/Sharingan/files/monit/hostdefs/Node3
+++ b/roles/Sharingan/files/monit/hostdefs/Node3
@@ -1 +1,2 @@
 include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/automated_response"
diff --git a/roles/Sharingan/tasks/ids.yml b/roles/Sharingan/tasks/ids.yml
index 82d5138..4c5bf4b 100644
--- a/roles/Sharingan/tasks/ids.yml
+++ b/roles/Sharingan/tasks/ids.yml
@@ -10,6 +10,7 @@
        - suricata
        - oinkmaster
        - rkhunter
+       - sharingan-scripts
      state: present
 
  # Network IPS
diff --git a/roles/Sharingan/tasks/siem.yml b/roles/Sharingan/tasks/siem.yml
index f9c96be..aa00270 100644
--- a/roles/Sharingan/tasks/siem.yml
+++ b/roles/Sharingan/tasks/siem.yml
@@ -4,7 +4,7 @@
    register: sharingan_packages
    package:
      name:
-       - elasticsearch
+       - opensearch
        - mongodb-bin
        - mongodb-tools-bin
        - graylog
@@ -13,7 +13,7 @@
  - name: Sharingan services
    become: yes
    loop:
-       - elasticsearch
+       - opensearch
        - mongodb
        - graylog
    service:
@@ -24,11 +24,11 @@
  - name: Sharingan backups directory
    become: yes
    file:
-     path: /usr/local/backups/elasticsearch
+     path: /usr/local/backups/opensearch
      state: directory
      owner: elasticsearch
      group: elasticsearch
      mode: 0770
 
  - name: Set Sharingan backups
-   command: "curl -X PUT localhost:9200/_snapshot/my_backup?pretty -H 'Content-Type: application/json' -d '{ type: fs, settings: { location: /usr/local/backup/elasticsearch, compress: true } }'"
+   command: "curl -X PUT localhost:9200/_snapshot/my_backup?pretty -H 'Content-Type: application/json' -d '{ type: fs, settings: { location: /usr/local/backup/opensearch, compress: true } }'"
diff --git a/roles/Yggdrasil/package/yggdrasil-get b/roles/Yggdrasil/package/yggdrasil-get
index 7f5da89..33ea9e0 100755
--- a/roles/Yggdrasil/package/yggdrasil-get
+++ b/roles/Yggdrasil/package/yggdrasil-get
@@ -1,23 +1,109 @@
 #!/bin/bash
 
+source /opt/aninix/Uniglot/Bash/header
+
+function ygdl() {
+    ### Download a file
+    # param path: path to make
+    # param newname (optional): output location
+    if [ "$newname" != "" ]; then
+        wget -O "$newname" "$path";
+    else
+        wget "$path";
+    fi
+}
+
+function ygyt() {
+    ### Cache from YouTube
+    # param path: YouTube URI
+    # param newname: output location
+    if [ `echo "$path" | grep -c '/watch?v='` -eq 1 ]; then
+        path="$(echo "$path" | cut -f 1 -d '&')"
+    fi
+    if [ "$newname" != "" ]; then
+        yt-dlp -o "$newname" "$path";
+    else
+        yt-dlp "$path";
+    fi
+}
+
+function ygmp3() {
+    uri="$path"
+    if [ "$newname" != "" ]; then
+        ygmkdir "$newname"
+        cd "$newname"
+    fi
+    if [ `echo "$uri" | grep -c '/watch?v='` -eq 1 ]; then
+        uri="$(echo "$uri" | cut -f 1 -d '&')"
+    fi
+	youtube-mp3 "$uri";
+    yggdrasil-set-music-data *.mp3
+}
+
+function ygcache() {
+    ### Cache files
+    # param path: path to move
+    # param newname (option): somewhere other than $PWD to move
+    # param exec: what to use
+    if [ -n "$1" ]; then
+        exec="$1"
+    fi
+    if [ "$newname" != "" ]; then
+        $exec "$path" ./"$newname"
+    else
+        $exec "$path" .
+    fi
+}
+
+function ygmkdir() {
+    ### Make a directory
+    # path: directory to make
+    if [ -n "$1" ]; then
+        path="$1"
+    fi
+    if [ -d "$path" ]; then
+        infoheader "Directory '$path' already existed."
+    else
+        mkdir -p "$path"
+        chmod u+w "$path"
+    fi
+}
+
+function usage() {
+    ### Usage
+    # param retcode: what to return
+    if [ -z "$1" ]; then
+        retcode=0;
+    else
+        retcode=$1;
+    fi
+    cat << EOM
+AniNIX/Yggdrasil Bash API
+Syntax: yggdrasil-get {dl|yt|mp3|cp|mv|mkdir} PATH [new file name in $PWD]
+Option:
+-- dl:  Use wget
+-- yt:  Use yt-dlp
+-- mp3: Use youtube-mp3
+-- cp:  Copy the file here.
+-- mv:  Move the file here.
+-- mkdir: Make a folder
+EOM
+   exit $retcode
+}
+
+### Main
 export YGGDRASIL="/home/yggdrasil"
+if [ "$1" == '-v' ]; then
+    set -x
+    shift
+fi
 option="$1"
 path="$2"
 newname="$3"
 
-#Offer help
-if [ "$option" == "" ] || [ "$option" == "-h" ] || [ "$option" == "--help" ] || [ "$path" == "" ] || [ $(echo $newname | grep -c '/') -ne 0 ]; then
-   echo "AniNIX::Yggdrasil Bash API"
-   echo 'Syntax: yggdrasil-get {dl|yt|mp3|sol|cp|mv} PATH [new file name in $PWD]'
-   echo "Option:"
-   echo "-- dl:  Use wget"
-   echo "-- yt:  Use yt-dlp"
-   echo "-- mp3: Use youtube-mp3"
-   echo "-- sol: Use solarmovie-vodlocker-dl"
-   echo "-- cp:  Copy the file here."
-   echo "-- mv:  Move the file here."
-   echo "-- mkdir: Make a folder"
-   exit;
+
+if [ "$option" == "" ] || [ "$option" == "-h" ] || [ "$option" == "--help" ] || [ "$path" == "" ]; then
+    usage 0;
 fi
 
 #Make sure we're in the Yggdrasil project.
@@ -29,62 +115,21 @@ fi
 #unlock this directory
 chmod ug+w "$PWD"
 
-#Appropriately source the file
 if [ $? -ne 0 ]; then
     echo Couldn\'t unlock $PWD
-    exit
+    exit 1
 fi
 
-if [ "$option" == "dl" ]; then
-    if [ "$newname" != "" ]; then
-	wget -O "$newname" "$path";
-    else
-	wget "$path";
-    fi
-fi
-if [ "$option" == "yt" ]; then
-    if [ `echo "$path" | grep -c '/watch?v='` -eq 1 ]; then
-        path="$(echo "$path" | cut -f 1 -d '&')"
-    fi
-    if [ "$newname" != "" ]; then
-	yt-dlp -o "$newname" "$path";
-    else
-	yt-dlp "$path";
-    fi
-fi
-if [ "$option" == "mp3" ]; then
-    if [ "$newname" != "" ]; then
-        echo "Renaming not available."
-    fi
-    if [ `echo "$path" | grep -c '/watch?v='` -eq 1 ]; then
-        path="$(echo "$path" | cut -f 1 -d '&')"
-    fi
-	youtube-mp3 "$path";
-    yggdrasil-set-music-data *.mp3
-fi
-if [ "$option" == "sol" ]; then
-    if [ "$newname" != "" ]; then
-	solarmovie-vodlocker-dl "$path" "$newname"
-    else
-	echo "Need a name."
-    fi
-fi
-if [ "$option" == "cp" ]; then
-    if [ "$newname" != "" ]; then
-	cp "$path" ./"$newname"
-    else
-	cp "$path" .
-    fi
-fi
-if [ "$option" == "mv" ]; then
-    if [ "$newname" != "" ]; then
-	mv "$path" ./"$newname"
-    else
-	mv "$path" .
-    fi
-fi
-if [[ "$option" == "mkdir" && "$path" != "" ]]; then
-    mkdir -p "$path"
-fi
+# Functional loop
+case "$option" in
+    dl) ygdl ;;
+    yt) ygyt ;;
+    mp3) ygmp3 ;;
+    cp) ygcache cp ;;
+    mv) ygcache mv ;;
+    mkdir) ygmkdir ;;
+    *) usage 1 ;;
+esac
+
 #Lock
 chmod -R ug-w "$PWD"