diff --git a/.gitignore b/.gitignore
index f497be5..acabf55 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@ roles/ShadowArch/files/mirrorlist
roles/Foundation/files/custom/public/img/**
venv/**
**/pkg/**
+**/src/**
**pkg.tar.zst
# ---> Python
diff --git a/precommit-hooks/find-large-files b/precommit-hooks/find-large-files
index e1f9670..b850403 100644
--- a/precommit-hooks/find-large-files
+++ b/precommit-hooks/find-large-files
@@ -1,7 +1,9 @@
#!/bin/bash
# Limit files in git to 1M.
-find . -type f -exec du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|venv|\s./.git/'
+IFS="
+"
+git ls-files | xargs -n1 du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|venv|\s./.git/'
if [ $? -ne 1 ]; then
echo
diff --git a/roles/Foundation/files/custom/bin/gen-aninix-custom b/roles/Foundation/files/custom/bin/gen-aninix-custom
index 300decb..2be2734 100644
--- a/roles/Foundation/files/custom/bin/gen-aninix-custom
+++ b/roles/Foundation/files/custom/bin/gen-aninix-custom
@@ -55,8 +55,8 @@ a {
| sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/css/theme-aninix.css
cd /var/lib/gitea/web-snippets
-head="$(curl -ks https://aninix.net/ | egrep -B 99999 '^
')"
+head="$(curl -ks https://aninix.net/ | grep -B 99999 -E '^
')"
for i in `find . -type f`; do
(echo "$head"
cat "$i"
diff --git a/roles/Foundation/files/custom/bin/sitemap.php b/roles/Foundation/files/custom/bin/sitemap.php
index 3b70e8f..45c50ee 100644
--- a/roles/Foundation/files/custom/bin/sitemap.php
+++ b/roles/Foundation/files/custom/bin/sitemap.php
@@ -14,7 +14,7 @@ echo '
';
-exec("(echo /srv/http/aninix.net/index.php; find /srv/http/aninix.net/pages -type f; find /srv/http/aninix.net/martialarts/ -type f) | egrep \.php\$ | egrep -v ^./unlisted\|^./errors/\|head.php\|foot.php\|test\|Template\|darknet", $output);
+exec("(echo /srv/http/aninix.net/index.php; find /srv/http/aninix.net/pages -type f; find /srv/http/aninix.net/martialarts/ -type f) | grep -E \.php\$ | grep -vE ^./unlisted\|^./errors/\|head.php\|foot.php\|test\|Template\|darknet", $output);
foreach ($output as &$file) {
echo '
';
diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2
index 74af23c..1861318 100644
--- a/roles/IRC/templates/inspircd/inspircd.conf.j2
+++ b/roles/IRC/templates/inspircd/inspircd.conf.j2
@@ -56,7 +56,7 @@
@@ -66,7 +66,7 @@
+ tlsv12="yes"
+ tlsv13="yes">
diff --git a/roles/IRC/templates/inspircd/modules.conf.j2 b/roles/IRC/templates/inspircd/modules.conf.j2
index 05ff7e0..28d8bf0 100644
--- a/roles/IRC/templates/inspircd/modules.conf.j2
+++ b/roles/IRC/templates/inspircd/modules.conf.j2
@@ -1453,7 +1453,7 @@
#
#
# Specify the regular expression engine to use here. Valid settings are
-# bre, ere, awk, grep, egrep, ecmascript (default if not specified).
+# bre, ere, awk, grep, ecmascript (default if not specified).
#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
diff --git a/roles/IRC/templates/inspircd/opers.conf.j2 b/roles/IRC/templates/inspircd/opers.conf.j2
index 4c75d80..92ab5e4 100644
--- a/roles/IRC/templates/inspircd/opers.conf.j2
+++ b/roles/IRC/templates/inspircd/opers.conf.j2
@@ -89,7 +89,7 @@
# type="NetAdmin">
#
{% for oper in secrets['IRC']['opers'] %}
-
+
{% endfor %}
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
diff --git a/roles/Nazara/README.md b/roles/Nazara/README.md
index abe5124..3538bdf 100644
--- a/roles/Nazara/README.md
+++ b/roles/Nazara/README.md
@@ -13,4 +13,4 @@ Nazara should host a Pihole installation and [SSH](../Services/SSH.md). It shoul
Any host should be able to connect to a Nazara with SSH and X11, and it should be able to dial to any service provider.
## Additional Reference
-Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.
+Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.
diff --git a/roles/SSH/files/ssh_config b/roles/SSH/files/ssh_config
index f2d9638..716ed9e 100644
--- a/roles/SSH/files/ssh_config
+++ b/roles/SSH/files/ssh_config
@@ -19,7 +19,7 @@
# Host *
# ForwardAgent no
-ForwardX11 yes
+ForwardX11 yes
ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
@@ -46,5 +46,5 @@ ForwardX11Trusted yes
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
-UseRoaming no
+UseRoaming no
# fix for CVE-2016-0777
diff --git a/roles/SSH/files/sshd_config b/roles/SSH/files/sshd_config
index bbb5a21..d17e142 100644
--- a/roles/SSH/files/sshd_config
+++ b/roles/SSH/files/sshd_config
@@ -1,6 +1,6 @@
-### AniNIX::SSH \\ Basic configuration for listening daemon ###
+### AniNIX/SSH | Basic configuration for listening daemon ###
-# Daemon spec #
+# Daemon spec
Port 22
ListenAddress 0.0.0.0
PrintMotd yes
@@ -8,17 +8,18 @@ PrintLastLog yes
StrictModes yes
Protocol 2
ChrootDirectory none
+
# DSA and ECDSA are untrusted for vulnerabilites and backdoors. https://wiki.archlinux.org/index.php/SSH_keys
# RSA and ED25519 are stable.
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
-# Network Performance #
+# Network Performance
Compression yes
ClientAliveInterval 5
ClientAliveCountMax 3
-# Forwarding options #
+# Forwarding options
AllowTcpForwarding no
PermitTunnel no
AllowAgentForwarding no
@@ -27,10 +28,10 @@ X11DisplayOffset 10
X11UseLocalhost no
GatewayPorts no
-# Override default of no subsystems to allow SFTP #
-Subsystem sftp /usr/lib/ssh/sftp-server
+# Override default of no subsystems to allow SFTP
+Subsystem sftp internal-sftp
-# Authentication #
+# Authentication
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
@@ -44,16 +45,16 @@ AllowGroups ssh-allow
PermitRootLogin no
PermitEmptyPasswords no
-## Access Controls ###
+## Access Controls
Match Group ssh-forward
AllowTcpForwarding yes
PermitTunnel yes
AllowAgentForwarding yes
X11Forwarding yes
-
-Match Group sftp-home-jail
- ForceCommand internal-sftp #/usr/lib/ssh/sftp-server
- ChrootDirectory /home # Lock the user in their home directory
-Match User crypto
- ForceCommand /usr/local/bin/captivecrypto
+Match Group sftp-home-jail
+ ForceCommand internal-sftp
+ ChrootDirectory /home
+
+# Allow other packages to ship snippets
+Include /etc/ssh/includes/*
diff --git a/roles/SSH/tasks/main.yml b/roles/SSH/tasks/main.yml
index eceb152..044050e 100644
--- a/roles/SSH/tasks/main.yml
+++ b/roles/SSH/tasks/main.yml
@@ -64,6 +64,15 @@
src: sshd_config
dest: /etc/ssh/sshd_config
+ - name: Allow SSHD Includes
+ become: yes
+ file:
+ path: /etc/ssh/includes
+ state: directory
+ user: root
+ group: root
+ mode: 0755
+
- name: Restart SSHD (ArchLinux)
become: yes
when: ansible_os_family == "Archlinux" and sshd_config.changed
diff --git a/roles/Sharingan/files/rkhunter/rkhunter.conf b/roles/Sharingan/files/rkhunter/rkhunter.conf
index 864d83a..e0f746a 100644
--- a/roles/Sharingan/files/rkhunter/rkhunter.conf
+++ b/roles/Sharingan/files/rkhunter/rkhunter.conf
@@ -1333,8 +1333,6 @@ DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/lib/rkhunter/scripts
TMPDIR=/var/lib/rkhunter/tmp
USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
-SCRIPTWHITELIST=/usr/bin/egrep
-SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/vendor_perl/GET
BINDIR=/bin /usr/bin /sbin /usr/sbin
diff --git a/roles/Sharingan/tasks/ids.yml b/roles/Sharingan/tasks/ids.yml
index d7f0224..4fa0d53 100644
--- a/roles/Sharingan/tasks/ids.yml
+++ b/roles/Sharingan/tasks/ids.yml
@@ -31,6 +31,24 @@
group: root
mode: 0600
+ - name: suricata config files
+ become: yes
+ copy:
+ src: suricata/
+ dest: /etc/suricata/
+ owner: root
+ group: root
+ mode: 0600
+
+ - name: suricata config template
+ become: yes
+ template:
+ src: suricata.yaml.j2
+ dest: /etc/suricata/suricata.yaml
+ owner: root
+ group: root
+ mode: 0600
+
# Host IDS
- name: Copy rkhunter service
register: rkhunter_conf
diff --git a/roles/Sharingan/templates/monitrc.j2 b/roles/Sharingan/templates/monitrc.j2
index cb17ccd..3c9d1bc 100755
--- a/roles/Sharingan/templates/monitrc.j2
+++ b/roles/Sharingan/templates/monitrc.j2
@@ -154,7 +154,7 @@ set httpd port 2812 and
use address localhost # only accept connection from localhost (drop if you use M/Monit)
allow localhost # allow localhost to connect to the server and
# require user 'admin' with password
- allow admin:"{{ secrets[Sharingan][monit] | default('monit') }}"
+ allow admin:"{{ secrets['Sharingan']['monit'] | default('monit') }}"
#with ssl { # enable SSL/TLS and set path to server certificate
# pemfile: /etc/ssl/certs/monit.pem
#}
diff --git a/roles/Sharingan/templates/suricata.yaml.j2 b/roles/Sharingan/templates/suricata.yaml.j2
index af93a76..d18b9f5 100644
--- a/roles/Sharingan/templates/suricata.yaml.j2
+++ b/roles/Sharingan/templates/suricata.yaml.j2
@@ -16,7 +16,7 @@
#max-pending-packets: 1024
# Runmode the engine should use. Please check --list-runmodes to get the available
-# runmodes for each packet acquisition menp1s0fod. Defaults to "autofp" (auto flow pinned
+# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
# load balancing).
#runmode: autofp
@@ -143,7 +143,7 @@ outputs:
append: yes
#extended: yes # enable this for extended logging information
#custom: yes # enabled the custom logging format (defined by customformat)
- #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
+ #customformat:
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
# a line based log of TLS handshake parameters (no alerts)
@@ -310,7 +310,7 @@ nflog:
# af-packet support
# Set threads to > 1 to use PACKET_FANOUT support
af-packet:
- - interface: enp1s0f0
+ - interface: {{ ipinterface }}
# Number of receive threads (>1 will enable experimental flow pinned
# runmode)
threads: 1
@@ -363,10 +363,10 @@ af-packet:
# will not be copied.
#copy-mode: ips
#copy-iface: enp1s0f1
- - interface: enp1s0f1
- threads: 1
- cluster-id: 98
- cluster-type: cluster_flow
+ # - interface: enp1s0f1
+ # threads: 1
+ # cluster-id: 98
+ # cluster-type: cluster_flow
defrag: yes
# buffer-size: 32768
# disable-promisc: no
diff --git a/roles/Sora/files/ldap-adduser b/roles/Sora/files/ldap-adduser
new file mode 100755
index 0000000..ef1e41b
--- /dev/null
+++ b/roles/Sora/files/ldap-adduser
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+nameRegEx='^[A-Z,a-z,0-9,\.,-]+$'
+lockfile="/tmp/""$(echo $0 | rev | cut -f 1 -d '/' | rev)"
+
+function helptext {
+ echo "$0 username [ userid ]"
+}
+
+# match email against regex and create shortname from email ID.
+if [ ! -z "$1" ] && [[ "$1" =~ $nameRegEx ]]; then
+ username="$(echo $1)"
+ if getent passwd "$username"; then
+ echo User already exists!
+ exit 1;
+ fi
+elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+ helptext;
+ exit 0;
+else
+ echo Need an username.
+ helptext
+ exit 1;
+fi
+
+# Create a new user ID.
+if [ -z "$2" ]; then
+ newuserid="$(($(getent passwd | sort -k 3 -n -t ':' | tail -n 1 | cut -f 3 -d ':') + 1))"
+else
+ if id "$newuserid" &>/dev/null; then
+ echo "User id $newuserid already exist!"
+ exit 2
+ else
+ newuserid="$2"
+ fi
+fi
+
+printf "Username: %s\nID: %s\n\nReady to add? [YES/no] " "$username" "$newuserid"
+
+
+mkdir "$lockfile" 2>/dev/null
+if [ "$?" -eq 0 ]; then
+ read answer
+ if [ "$answer" == "YES" ]; then
+ file="/etc/openldap/users.d/$username.ldif"
+ cp /usr/local/src/ConfigPackages/Sora/sample-user.ldif "$file"
+ line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file"
+ line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file"
+ line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /home/$username/#" "$file"
+ line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file"
+ line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file"
+ line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
+ ldapadd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass -f "$file"
+ ldap-resetpass "$username"
+ # usermod -a -G ssh-allow,passwdchange "$username"
+ fi
+ rmdir "$lockfile"
+ exit 0;
+else
+ echo "Cannot add -- locked."
+ exit 1;
+fi
diff --git a/roles/Sora/files/ldap-resetpass b/roles/Sora/files/ldap-resetpass
new file mode 100755
index 0000000..301ef54
--- /dev/null
+++ b/roles/Sora/files/ldap-resetpass
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+uid="$1"
+
+if [ -z "$uid" ]; then
+ echo "Need a user ID (uid)!"
+ exit 1
+fi
+
+ldappasswd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass "uid=$uid,ou=People,dc=aninix,dc=net"
+
+if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then
+ (printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+fi
+(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+
+exit $?
diff --git a/roles/Sora/files/ldap-userreport b/roles/Sora/files/ldap-userreport
new file mode 100755
index 0000000..fbc979b
--- /dev/null
+++ b/roles/Sora/files/ldap-userreport
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+hostname=`hostname`
+errortext="ERROR:NEVER"
+arg="$1"
+
+function shortshow() {
+ echo ${user}": "$email
+}
+
+function queryLDAPAttribute() {
+ ldapsearch -x "$1" "$2" | grep -E "${2}: " | sed "s/^${2}: //"
+}
+
+basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\ | sed 's/dn: cn=root,//'`
+
+maxAge="$(queryLDAPAttribute '(cn=default)' pwdMaxAge)"
+changeAge=$(( $maxAge - 2592000 ))
+deleteAge=$(( 2 * $maxAge ))
+
+for user in `queryLDAPAttribute '(uid=*)' uid`; do
+
+ # Pull changed stats
+ lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
+ created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
+ email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`
+
+ if [ -z "$lastChanged" ]; then
+ lastChanged="$errortext";
+ else
+ delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8) +%s`))"
+ fi
+ lastlog=`lastlog -u $user | tail -n 1`
+ if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
+ lastlog=$errortext
+ else
+ lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
+ fi
+ printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
+ case "$arg" in
+ "--inactive")
+ if grep -E $errortext'$' &> /dev/null; then shortshow; fi
+ ;;
+ "--needschange")
+ if [ "$lastChanged" == "$errortext" ]; then
+ shortshow
+ else
+ if [ $delta -gt "$changeAge" ] && [ $delta -lt "$maxAge" ]; then shortshow; fi
+ fi
+ ;;
+ "--expired")
+ if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
+ shortshow;
+ fi
+ ;;
+ "--removeable")
+ if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge "$deleteAge" ]; then
+ shortshow;
+ fi
+ ;;
+ *)
+ cat
+ ;;
+ esac
+ )
+
+done
diff --git a/roles/TheRaven/README.md b/roles/TheRaven/README.md
index dc492bb..4854d6d 100644
--- a/roles/TheRaven/README.md
+++ b/roles/TheRaven/README.md
@@ -14,7 +14,7 @@ ansible-playbook -i Core, -e 'role=TheRaven' playbooks/one-role.yml
# Configuration
-Most of the configuration is controlled through the [configuration files](https://foundation.aninix.net/AniNIX/TheRaven/src/branch/main/sample-confs) provided by the package.
+Most of the configuration is controlled through the [configuration files](https://foundation.aninix.net/AniNIX/TheRaven/src/branch/main/sample-confs) provided by the package.
Some configuration comes from [the local template](./templates/raven.conf.j2) -- it expects the vault to have a `password.TheRaven` value. The rest of the variables are provided in the -e flag above. These can be set at the host or site level in the inventory.
diff --git a/roles/TheRaven/templates/raven.conf.j2 b/roles/TheRaven/templates/raven.conf.j2
index 9fbb923..f4c6231 100644
--- a/roles/TheRaven/templates/raven.conf.j2
+++ b/roles/TheRaven/templates/raven.conf.j2
@@ -29,6 +29,8 @@ martialarts
maworkouts
dromundkaas
inn
+cic
+masignups
[ Searches ]
r.google|http://google.com/search?q=|+|Google
diff --git a/roles/WolfPack/README.md b/roles/WolfPack/README.md
index 18310a4..17c9c43 100644
--- a/roles/WolfPack/README.md
+++ b/roles/WolfPack/README.md
@@ -8,7 +8,7 @@ WolfPack is named for its operation. "Pups" live on disk as .pup files -- these
## VPN protection and Offloading.
Some countries and areas take issue with some searches and downloads. As such, the offload-wolfpack executable will allow a [DarkNet](../DarkNet) service, deployed on a unique host, to merge results. In your Ansible inventory, set the wolfpack_service YAML variable for the host to `offload-wolfpack@somehost.timer` to enable that service instead of the normal wolfpack.timer.
-This requires SSH keys to be set up between the offloading hosts and the target location, but this will run some version of wolfpack and send the results to the target. This is helpful for a server like Core that requires network uptime and stable external accessibility but needs VPN functionality for anonymity. This requires significant user intervention and customization -- this option is provided as a stub.
+This requires SSH keys to be set up between the offloading hosts and the target location, but this will run some version of wolfpack and send the results to the target. This is helpful for a server like Core that requires network uptime and stable external accessibility but needs VPN functionality for anonymity. This requires significant user intervention and customization -- this option is provided as a stub.
## Alternatives
Google Alerts can provide an alternative to the Wolfpack's search pup type. Downloads can be done manually, and some torrent clients will have search and queuing options.
diff --git a/roles/WolfPack/files/Core/aninix-searches.pup b/roles/WolfPack/files/Core/aninix-searches.pup
new file mode 100644
index 0000000..22a040e
--- /dev/null
+++ b/roles/WolfPack/files/Core/aninix-searches.pup
@@ -0,0 +1,3 @@
+search
+/srv/wolfpack/search-results
+aninix.net
diff --git a/roles/WolfPack/files/Core/archlinux.pup b/roles/WolfPack/files/Core/archlinux.pup
new file mode 100644
index 0000000..098d71e
--- /dev/null
+++ b/roles/WolfPack/files/Core/archlinux.pup
@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - 'https://www.archlinux.org/download/' | grep rackspace | cut -f 2 -d \" | head -n 1
+echo PREVRESULT/$(wget -q -O - PREVRESULT | grep x86_64.iso | head -n 1 | cut -f 2 -d \")
diff --git a/roles/WolfPack/files/Core/centos.pup b/roles/WolfPack/files/Core/centos.pup
new file mode 100644
index 0000000..30af80f
--- /dev/null
+++ b/roles/WolfPack/files/Core/centos.pup
@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos
+curl -s https://centos.org/download/ | grep Minimal | grep 'a href' | cut -f 2 -d '"'
diff --git a/roles/WolfPack/files/Core/chrome.pup b/roles/WolfPack/files/Core/chrome.pup
new file mode 100644
index 0000000..a0a7ce6
--- /dev/null
+++ b/roles/WolfPack/files/Core/chrome.pup
@@ -0,0 +1,5 @@
+download
+/srv/wolfpack/
+curl -s https://portableapps.com/apps/internet/google_chrome_portable | tr '<' '\n' | tr '>' '\n' | tr \" '\n' | grep online.paf.exe | sed 's/ /\%20/g' | sed 's/\&/\\\&/g'
+curl -s https://portableapps.comPREVRESULT | tr '"' '\n' | grep redirect | tail -n 1
+echo https://portableapps.comPREVRESULT
diff --git a/roles/WolfPack/files/Core/cnews.pup b/roles/WolfPack/files/Core/cnews.pup
new file mode 100644
index 0000000..31fb2c7
--- /dev/null
+++ b/roles/WolfPack/files/Core/cnews.pup
@@ -0,0 +1,3 @@
+search
+/srv/wolfpack/
+Riffle
diff --git a/roles/WolfPack/files/Core/cshows.DarkNet b/roles/WolfPack/files/Core/cshows.DarkNet
new file mode 100644
index 0000000..5a5a2c8
--- /dev/null
+++ b/roles/WolfPack/files/Core/cshows.DarkNet
@@ -0,0 +1,11 @@
+shows
+/srv/yggdrasil/new_acquisition
+S06E11#Game of Thrones
+S04E21#Vikings#
+S02E13#Mr Robot#HDTV
+S02E12#Marco Polo
+S02E12#Criminal Minds Beyond Borders#
+S02E14#Dark Matter#ettv
+S03E22#Star Wars Rebels#
+S02E11#Shadowhunters#
+S03E18#Gotham#
diff --git a/roles/WolfPack/files/Core/eminem.pup b/roles/WolfPack/files/Core/eminem.pup
new file mode 100644
index 0000000..c7ec9a3
--- /dev/null
+++ b/roles/WolfPack/files/Core/eminem.pup
@@ -0,0 +1,4 @@
+search
+/srv/wolfpack/search-results
+Eminem Shows
+Eminem Concerts
diff --git a/roles/WolfPack/files/Core/ftor.DarkNet b/roles/WolfPack/files/Core/ftor.DarkNet
new file mode 100644
index 0000000..42fcba8
--- /dev/null
+++ b/roles/WolfPack/files/Core/ftor.DarkNet
@@ -0,0 +1,8 @@
+torrent
+/srv/yggdrasil/new_acquisition
+King Arthur 2017 BRrip
+The Great Wall 2017 BRrip
+Edge of 17 2016 BRrip
+Bilal: A New Breed of Hero 2015
+John Wick Chapter 2 2017 HDrip
+Fast 8 HDRip 2017
diff --git a/roles/WolfPack/files/Core/kali-arm.pup b/roles/WolfPack/files/Core/kali-arm.pup
new file mode 100644
index 0000000..1ca1228
--- /dev/null
+++ b/roles/WolfPack/files/Core/kali-arm.pup
@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos/
+elinks --dump https://www.offensive-security.com/kali-linux-arm-images/ | grep rpi | head -n 1 | sed 's/^\s\+//'
diff --git a/roles/WolfPack/files/Core/kali-linux.pup b/roles/WolfPack/files/Core/kali-linux.pup
new file mode 100644
index 0000000..6ade879
--- /dev/null
+++ b/roles/WolfPack/files/Core/kali-linux.pup
@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - http://cdimage.kali.org/current/ | grep amd64.iso | head -n 1 | cut -f 8 -d '"'
+echo http://cdimage.kali.org/current/PREVRESULT
diff --git a/roles/WolfPack/files/Core/lshows.DarkNet b/roles/WolfPack/files/Core/lshows.DarkNet
new file mode 100644
index 0000000..f0e2394
--- /dev/null
+++ b/roles/WolfPack/files/Core/lshows.DarkNet
@@ -0,0 +1,12 @@
+shows
+/srv/yggdrasil/new_acquisition
+S06E23#2 Broke Girls#
+S10E25#Big Bang Theory#
+S04E21#The Fosters#
+S18E19#Law Order SVU#
+S08E23#The Middle#
+S08E22#Modern Family#
+S07E13#Shameless US
+S07E17#The Walking Dead#
+S03E25#Scorpion#
+S05E05#Prison Break#ettv
diff --git a/roles/WolfPack/files/Core/mediawiki.pup b/roles/WolfPack/files/Core/mediawiki.pup
new file mode 100644
index 0000000..78fdf6a
--- /dev/null
+++ b/roles/WolfPack/files/Core/mediawiki.pup
@@ -0,0 +1,4 @@
+download
+/var/cache/localpkg/
+wget -q -O - https://www.mediawiki.org/wiki/Download | grep 'Download MediaWiki' | cut -f 6 -d \"
+echo https:PREVRESULT
diff --git a/roles/WolfPack/files/Core/plpbt.pup b/roles/WolfPack/files/Core/plpbt.pup
new file mode 100644
index 0000000..6a47616
--- /dev/null
+++ b/roles/WolfPack/files/Core/plpbt.pup
@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos/
+wget -q -O - https://www.plop.at/en/bootmanager/download.html | grep 'plpbt-' | head -n 2 | tail -n 1 | cut -f 3 -d '=' | cut -f 1 -d ' '
diff --git a/roles/WolfPack/files/Core/putty.pup b/roles/WolfPack/files/Core/putty.pup
new file mode 100644
index 0000000..d6cd808
--- /dev/null
+++ b/roles/WolfPack/files/Core/putty.pup
@@ -0,0 +1,3 @@
+download
+/srv/wolfpack/
+echo http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
diff --git a/roles/WolfPack/files/Core/raspbian.pup b/roles/WolfPack/files/Core/raspbian.pup
new file mode 100644
index 0000000..476cb55
--- /dev/null
+++ b/roles/WolfPack/files/Core/raspbian.pup
@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - 'https://www.raspberrypi.org/downloads/raspbian/' | grep 'btn dl-zip' | grep -i lite | cut -f 2 -d \"
+curl -sI PREVRESULT | grep Location: | cut -f 2 -d ' ' | sed 's/\r//g'
diff --git a/roles/WolfPack/files/Core/torrentengine b/roles/WolfPack/files/Core/torrentengine
new file mode 100755
index 0000000..5b488a7
--- /dev/null
+++ b/roles/WolfPack/files/Core/torrentengine
@@ -0,0 +1,6 @@
+torrentengine="https://1337x.to/search/%s/1/"
+torrentterms='printf https://1337x.to; grep "/torrent/" | head -n 1 | cut -f 2 -d \"'
+magnetposition='4'
+torrentdebugging='true'
+searchunifier='+'
+magnetseparator=\"
diff --git a/roles/WolfPack/files/Core/winscp.pup b/roles/WolfPack/files/Core/winscp.pup
new file mode 100644
index 0000000..abae2f6
--- /dev/null
+++ b/roles/WolfPack/files/Core/winscp.pup
@@ -0,0 +1,3 @@
+download
+/srv/wolfpack/
+wget -q -O - http://portableapps.com/apps/internet/winscp_portable | grep 'sf-download' | cut -f 4 -d \" | head -n 1
diff --git a/roles/patching/tasks/main.yml b/roles/patching/tasks/main.yml
index 1772ea4..a1b4a88 100644
--- a/roles/patching/tasks/main.yml
+++ b/roles/patching/tasks/main.yml
@@ -9,8 +9,17 @@
- 90 > {{ df_output.stdout }}
fail_msg: "Not enough free space"
+ - name: Update Archlinux Keyring
+ when: ansible_os_family == "Archlinux"
+ become: yes
+ package:
+ name: archlinux-keyring
+ state: latest
+ update_cache: yes
+
- name: Patching all packages
ignore_errors: yes
+ become: yes
register: updates
package:
upgrade: yes
@@ -18,6 +27,7 @@
- name: Reboot
ignore_errors: yes
+ become: yes
when: '"linux" in updates.stdout or "kernel" in updates.stdout'
reboot:
reboot_timeout: 2