Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing

.gitignore

@@ -6,6 +6,7 @@ roles/ShadowArch/files/mirrorlist
 roles/Foundation/files/custom/public/img/**
 venv/**
 **/pkg/**
+**/src/**
 **pkg.tar.zst
 
 # ---> Python

precommit-hooks/find-large-files

@@ -1,7 +1,9 @@
 #!/bin/bash
 
 # Limit files in git to 1M.
-find . -type f -exec du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|venv|\s./.git/'
+IFS="
+"
+git ls-files | xargs -n1 du -k {} \; | egrep -v '^[[:digit:]]?[[:digit:]]?[[:digit:]][[:space:]]|venv|\s./.git/'
 
 if [ $? -ne 1 ]; then
     echo

roles/Foundation/files/custom/bin/gen-aninix-custom

@@ -55,8 +55,8 @@ a {
     | sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/css/theme-aninix.css
 
 cd /var/lib/gitea/web-snippets
-head="$(curl -ks https://aninix.net/ | egrep -B 99999 '^<div class="home"')"
-foot="$(curl -ks https://aninix.net/ | egrep -A 99999 '<footer>')"
+head="$(curl -ks https://aninix.net/ | grep -B 99999 -E '^<div class="home"')"
+foot="$(curl -ks https://aninix.net/ | grep -A 99999 -E '<footer>')"
 for i in `find . -type f`; do
     (echo "$head"
     cat "$i"

roles/Foundation/files/custom/bin/sitemap.php

@@ -14,7 +14,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
 ';
 
-exec("(echo /srv/http/aninix.net/index.php; find /srv/http/aninix.net/pages -type f; find /srv/http/aninix.net/martialarts/ -type f) | egrep \.php\$ | egrep -v ^./unlisted\|^./errors/\|head.php\|foot.php\|test\|Template\|darknet", $output);
+exec("(echo /srv/http/aninix.net/index.php; find /srv/http/aninix.net/pages -type f; find /srv/http/aninix.net/martialarts/ -type f) | grep -E \.php\$ | grep -vE ^./unlisted\|^./errors/\|head.php\|foot.php\|test\|Template\|darknet", $output);
 foreach ($output as &$file) {
     echo '    <url>
 ';

roles/IRC/templates/inspircd/inspircd.conf.j2

@@ -56,7 +56,7 @@
 <bind
       address=""
       port="6697"
-      ssl="openssl"
+      sslprofile="clients"
       type="clients">
 
 <bind address="" port="6667" type="clients">
@@ -66,7 +66,7 @@
 <openssl onrehash="yes">
 
 <sslprofile
-      name="Clients"
+      name="clients"
       provider="openssl"
       cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
       certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem"
@@ -75,10 +75,11 @@
       hash="sha256"
       renegotiation="no"
       requestclientcert="no"
-      sslv3="false"
+      sslv3="no"
       tlsv1="no"
       tlsv11="no"
-      tlsv12="yes">
+      tlsv12="yes"
+      tlsv13="yes">
 
 
 

roles/IRC/templates/inspircd/modules.conf.j2

@@ -1453,7 +1453,7 @@
 #<module name="m_regex_stdlib.so">
 #
 # Specify the regular expression engine to use here. Valid settings are
-# bre, ere, awk, grep, egrep, ecmascript (default if not specified).
+# bre, ere, awk, grep, ecmascript (default if not specified).
 #<stdregex type="ecmascript">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#

roles/IRC/templates/inspircd/opers.conf.j2

@@ -89,7 +89,7 @@
 #      type="NetAdmin">
 #
 {% for oper in secrets['IRC']['opers'] %}
-<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="Helper">
+<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin">
 {% endfor %}
 
 #-#-#-#-#-#-#-#-#-#-  DIE/RESTART CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-

roles/Nazara/README.md

@@ -13,4 +13,4 @@ Nazara should host a Pihole installation and [SSH](../Services/SSH.md). It shoul
 Any host should be able to connect to a Nazara with SSH and X11, and it should be able to dial to any service provider.
 
 ## Additional Reference
-Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port. 
+Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.

roles/SSH/files/ssh_config

@@ -19,7 +19,7 @@
 
 # Host *
 #   ForwardAgent no
-ForwardX11 yes 
+ForwardX11 yes
 ForwardX11Trusted yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
@@ -46,5 +46,5 @@ ForwardX11Trusted yes
 #   PermitLocalCommand no
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
-UseRoaming no 
+UseRoaming no
 # fix for CVE-2016-0777

roles/SSH/files/sshd_config

@@ -1,6 +1,6 @@
-### AniNIX::SSH \\ Basic configuration for listening daemon ###
+### AniNIX/SSH | Basic configuration for listening daemon ###
 
-# Daemon spec #
+# Daemon spec
 Port 22
 ListenAddress 0.0.0.0
 PrintMotd yes
@@ -8,17 +8,18 @@ PrintLastLog yes
 StrictModes yes
 Protocol 2
 ChrootDirectory none
+
 # DSA and ECDSA are untrusted for vulnerabilites and backdoors. https://wiki.archlinux.org/index.php/SSH_keys
 # RSA and ED25519 are stable.
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 
-# Network Performance #
+# Network Performance
 Compression yes
 ClientAliveInterval 5
 ClientAliveCountMax 3
 
-# Forwarding options # 
+# Forwarding options
 AllowTcpForwarding no
 PermitTunnel no
 AllowAgentForwarding no
@@ -27,10 +28,10 @@ X11DisplayOffset 10
 X11UseLocalhost no
 GatewayPorts no
 
-# Override default of no subsystems to allow SFTP #
-Subsystem	sftp	/usr/lib/ssh/sftp-server
+# Override default of no subsystems to allow SFTP
+Subsystem	sftp	internal-sftp
 
-# Authentication #
+# Authentication
 PubkeyAuthentication yes
 AuthorizedKeysFile	.ssh/authorized_keys
 PasswordAuthentication yes
@@ -44,16 +45,16 @@ AllowGroups ssh-allow
 PermitRootLogin no
 PermitEmptyPasswords no
 
-## Access Controls ###
+## Access Controls
 Match Group ssh-forward
     AllowTcpForwarding yes
     PermitTunnel yes
     AllowAgentForwarding yes
     X11Forwarding yes
-      
-Match Group sftp-home-jail
-    ForceCommand internal-sftp #/usr/lib/ssh/sftp-server
-    ChrootDirectory /home # Lock the user in their home directory
 
-Match User crypto
-    ForceCommand /usr/local/bin/captivecrypto
+Match Group sftp-home-jail
+    ForceCommand internal-sftp
+    ChrootDirectory /home
+
+# Allow other packages to ship snippets
+Include /etc/ssh/includes/*

roles/SSH/tasks/main.yml

@@ -64,6 +64,15 @@
        src: sshd_config
        dest: /etc/ssh/sshd_config
 
+ - name: Allow SSHD Includes
+   become: yes
+   file:
+     path: /etc/ssh/includes
+     state: directory
+     user: root
+     group: root
+     mode: 0755
+
  - name: Restart SSHD (ArchLinux)
    become: yes
    when: ansible_os_family == "Archlinux" and sshd_config.changed

roles/Sharingan/files/rkhunter/rkhunter.conf

@@ -1333,8 +1333,6 @@ DBDIR=/var/lib/rkhunter/db
 SCRIPTDIR=/usr/lib/rkhunter/scripts
 TMPDIR=/var/lib/rkhunter/tmp
 USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
-SCRIPTWHITELIST=/usr/bin/egrep
-SCRIPTWHITELIST=/usr/bin/fgrep
 SCRIPTWHITELIST=/usr/bin/ldd
 SCRIPTWHITELIST=/usr/bin/vendor_perl/GET
 BINDIR=/bin /usr/bin /sbin /usr/sbin

roles/Sharingan/tasks/ids.yml

@@ -31,6 +31,24 @@
      group: root
      mode: 0600
 
+ - name: suricata config files
+   become: yes
+   copy:
+     src: suricata/
+     dest: /etc/suricata/
+     owner: root
+     group: root
+     mode: 0600
+
+ - name: suricata config template
+   become: yes
+   template:
+     src: suricata.yaml.j2
+     dest: /etc/suricata/suricata.yaml
+     owner: root
+     group: root
+     mode: 0600
+
  # Host IDS
  - name: Copy rkhunter service
    register: rkhunter_conf

roles/Sharingan/templates/monitrc.j2

@@ -154,7 +154,7 @@ set httpd port 2812 and
     use address localhost  # only accept connection from localhost (drop if you use M/Monit)
     allow localhost        # allow localhost to connect to the server and
     # require user 'admin' with password
-    allow admin:"{{ secrets[Sharingan][monit] | default('monit') }}"
+    allow admin:"{{ secrets['Sharingan']['monit'] | default('monit') }}"
     #with ssl {            # enable SSL/TLS and set path to server certificate
     #    pemfile: /etc/ssl/certs/monit.pem
     #}

roles/Sharingan/templates/suricata.yaml.j2

@@ -16,7 +16,7 @@
 #max-pending-packets: 1024
 
 # Runmode the engine should use. Please check --list-runmodes to get the available
-# runmodes for each packet acquisition menp1s0fod. Defaults to "autofp" (auto flow pinned
+# runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned
 # load balancing).
 #runmode: autofp
 
@@ -143,7 +143,7 @@ outputs:
       append: yes
       #extended: yes     # enable this for extended logging information
       #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
+      #customformat:
       #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
 
   # a line based log of TLS handshake parameters (no alerts)
@@ -310,7 +310,7 @@ nflog:
 # af-packet support
 # Set threads to > 1 to use PACKET_FANOUT support
 af-packet:
-  - interface: enp1s0f0
+  - interface: {{ ipinterface }}
     # Number of receive threads (>1 will enable experimental flow pinned
     # runmode)
     threads: 1
@@ -363,10 +363,10 @@ af-packet:
     # will not be copied.
     #copy-mode: ips
     #copy-iface: enp1s0f1
-  - interface: enp1s0f1
-    threads: 1
-    cluster-id: 98
-    cluster-type: cluster_flow
+    #   - interface: enp1s0f1
+    #     threads: 1
+    #     cluster-id: 98
+    #     cluster-type: cluster_flow
     defrag: yes
     # buffer-size: 32768
     # disable-promisc: no

roles/Sora/files/ldap-adduser

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+nameRegEx='^[A-Z,a-z,0-9,\.,-]+$'
+lockfile="/tmp/""$(echo $0 | rev | cut -f 1 -d '/' | rev)"
+
+function helptext {
+    echo "$0 username [ userid ]"
+}
+
+# match email against regex and create shortname from email ID.
+if [ ! -z "$1" ] && [[ "$1" =~ $nameRegEx ]]; then
+    username="$(echo $1)"
+    if getent passwd "$username"; then
+        echo User already exists!
+        exit 1;
+    fi
+elif [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+    helptext;
+    exit 0;
+else
+    echo Need an username.
+    helptext
+    exit 1;
+fi
+
+# Create a new user ID.
+if [ -z "$2" ]; then
+    newuserid="$(($(getent passwd | sort -k 3 -n -t ':' | tail -n 1 | cut -f 3 -d ':') + 1))"
+else
+    if id "$newuserid" &>/dev/null; then
+        echo "User id $newuserid already exist!"
+        exit 2
+    else
+        newuserid="$2"
+    fi
+fi
+
+printf "Username: %s\nID: %s\n\nReady to add? [YES/no]   " "$username" "$newuserid"
+
+
+mkdir "$lockfile" 2>/dev/null
+if [ "$?" -eq 0 ]; then
+    read answer
+    if [ "$answer" == "YES" ]; then
+        file="/etc/openldap/users.d/$username.ldif"
+        cp /usr/local/src/ConfigPackages/Sora/sample-user.ldif "$file"
+        line="$(grep -E '^uid: ' "$file")"; sed -i "s/$line/uid: $username/" "$file"
+        line="$(grep -E '^dn: ' "$file" | cut -f 2 -d ' ' | cut -f 1 -d ',')"; sed -i "s/$line/uid=$username/" "$file"
+        line="$(grep -E '^homeDirectory: ' "$file")"; sed -i "s#$line#homeDirectory: /home/$username/#" "$file"
+        line="$(grep -E '^cn: ' "$file")"; sed -i "s/$line/cn: $username/" "$file"
+        line="$(grep -E '^mail: ' "$file")"; sed -i "s#$line#mail: ircs://aninix.net:6697/$username#" "$file"
+        line="$(grep -E '^uidNumber: ' "$file")"; sed -i "s/$line/uidNumber: $newuserid/" "$file"
+        ldapadd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass -f "$file"
+        ldap-resetpass "$username"
+        # usermod -a -G ssh-allow,passwdchange "$username"
+    fi
+    rmdir "$lockfile"
+    exit 0;
+else
+    echo "Cannot add -- locked."
+    exit 1;
+fi

roles/Sora/files/ldap-resetpass

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+uid="$1"
+
+if [ -z "$uid" ]; then
+    echo "Need a user ID (uid)!"
+    exit 1
+fi
+
+ldappasswd -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass "uid=$uid,ou=People,dc=aninix,dc=net"
+
+if [ `ldapsearch -x "(uid=$uid)" + \* | grep -c shadowLastChange\:` -ne 0 ]; then
+    (printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\ndelete: shadowLastChange\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+fi
+(printf "dn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: shadowLastChange\nshadowLastChange: 0\n\ndn: uid=$uid,ou=People,dc=aninix,dc=net\nchangetype: modify\nadd: pwdReset\npwdReset: TRUE\n\n") | ldapmodify -D 'cn=root,dc=aninix,dc=net' -y /root/.ldappass &>/dev/null;
+
+exit $?

roles/Sora/files/ldap-userreport

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+hostname=`hostname`
+errortext="ERROR:NEVER"
+arg="$1"
+
+function shortshow() {
+    echo ${user}": "$email
+}
+
+function queryLDAPAttribute() {
+    ldapsearch -x "$1" "$2" | grep -E "${2}: " | sed "s/^${2}: //"
+}
+
+basedn=`ldapsearch -x '(cn=root)' dn | grep -E ^dn:\  | sed 's/dn: cn=root,//'`
+
+maxAge="$(queryLDAPAttribute '(cn=default)' pwdMaxAge)"
+changeAge=$(( $maxAge - 2592000 ))
+deleteAge=$(( 2 * $maxAge ))
+
+for user in `queryLDAPAttribute '(uid=*)' uid`; do
+
+    # Pull changed stats
+    lastChanged=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep pwdChangedTime | cut -f 2 -d ' '`
+    created=`/usr/sbin/ldapsearch -x "(uid=$user)" + | grep createTimestamp | cut -f 2 -d ' '`
+    email=`/usr/sbin/ldapsearch -x "(uid=$user)" | grep mail | cut -f 2 -d ' '`
+
+    if [ -z "$lastChanged" ]; then
+        lastChanged="$errortext";
+    else
+        delta="$(( `date +%s` - `date -d $(echo $lastChanged | head -c 8)  +%s`))"
+    fi
+    lastlog=`lastlog -u $user | tail -n 1`
+    if [ `echo $lastlog | grep -c 'Never logged in'` -gt 0 ]; then
+        lastlog=$errortext
+    else
+        lastlog=`echo $lastlog | awk '{$1="";$2="";$3="";print $0 }'`
+    fi
+    printf "User $user (email: $email, created: $created) last changed their password on $lastChanged. They last logged in to SSH on $hostname on $lastlog\n" | (
+    case "$arg" in
+        "--inactive")
+            if grep -E $errortext'$' &> /dev/null; then shortshow; fi
+            ;;
+        "--needschange")
+            if [ "$lastChanged" == "$errortext" ]; then
+                shortshow
+            else
+                if [ $delta -gt "$changeAge" ] && [ $delta -lt "$maxAge" ]; then shortshow; fi
+            fi
+            ;;
+        "--expired")
+            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge 31536000 ]; then
+                shortshow;
+            fi
+            ;;
+        "--removeable")
+            if [ "$lastChanged" != "$errortext" ] && [ "$delta" -ge "$deleteAge" ]; then
+                shortshow;
+            fi
+            ;;
+        *)
+            cat
+            ;;
+    esac
+    )
+
+done

roles/TheRaven/README.md

@@ -14,7 +14,7 @@ ansible-playbook -i Core, -e 'role=TheRaven' playbooks/one-role.yml
 
 # Configuration
 
-Most of the configuration is controlled through the [configuration files](https://foundation.aninix.net/AniNIX/TheRaven/src/branch/main/sample-confs) provided by the package. 
+Most of the configuration is controlled through the [configuration files](https://foundation.aninix.net/AniNIX/TheRaven/src/branch/main/sample-confs) provided by the package.
 
 Some configuration comes from [the local template](./templates/raven.conf.j2) -- it expects the vault to have a `password.TheRaven` value. The rest of the variables are provided in the -e flag above. These can be set at the host or site level in the inventory.
 

roles/TheRaven/templates/raven.conf.j2

@@ -29,6 +29,8 @@ martialarts
 maworkouts
 dromundkaas
 inn
+cic
+masignups
 
 [ Searches ]
 r.google|http://google.com/search?q=|+|Google

roles/WolfPack/README.md

@@ -8,7 +8,7 @@ WolfPack is named for its operation. "Pups" live on disk as .pup files -- these
 ## VPN protection and Offloading.
 Some countries and areas take issue with some searches and downloads. As such, the offload-wolfpack executable will allow a [DarkNet](../DarkNet) service, deployed on a unique host, to merge results. In your Ansible inventory, set the wolfpack_service YAML variable for the host to `offload-wolfpack@somehost.timer` to enable that service instead of the normal wolfpack.timer.
 
-This requires SSH keys to be set up between the offloading hosts and the target location, but this will run some version of wolfpack and send the results to the target. This is helpful for a server like Core that requires network uptime and stable external accessibility but needs VPN functionality for anonymity. This requires significant user intervention and customization -- this option is provided as a stub. 
+This requires SSH keys to be set up between the offloading hosts and the target location, but this will run some version of wolfpack and send the results to the target. This is helpful for a server like Core that requires network uptime and stable external accessibility but needs VPN functionality for anonymity. This requires significant user intervention and customization -- this option is provided as a stub.
 
 ## Alternatives
 Google Alerts can provide an alternative to the Wolfpack's search pup type. Downloads can be done manually, and some torrent clients will have search and queuing options.

roles/WolfPack/files/Core/aninix-searches.pup

@@ -0,0 +1,3 @@
+search
+/srv/wolfpack/search-results
+aninix.net

roles/WolfPack/files/Core/archlinux.pup

@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - 'https://www.archlinux.org/download/' | grep rackspace | cut -f 2 -d \" | head -n 1
+echo PREVRESULT/$(wget -q -O - PREVRESULT | grep x86_64.iso | head -n 1 | cut -f 2 -d \")

roles/WolfPack/files/Core/centos.pup

@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos
+curl -s https://centos.org/download/ | grep Minimal | grep 'a href' | cut -f 2 -d '"'

roles/WolfPack/files/Core/chrome.pup

@@ -0,0 +1,5 @@
+download
+/srv/wolfpack/
+curl -s https://portableapps.com/apps/internet/google_chrome_portable | tr '<' '\n' | tr '>' '\n' | tr \" '\n' | grep online.paf.exe | sed 's/ /\%20/g' | sed 's/\&/\\\&/g'
+curl -s https://portableapps.comPREVRESULT | tr '"' '\n' | grep redirect | tail -n 1
+echo https://portableapps.comPREVRESULT

roles/WolfPack/files/Core/cnews.pup

@@ -0,0 +1,3 @@
+search
+/srv/wolfpack/
+Riffle

roles/WolfPack/files/Core/cshows.DarkNet

@@ -0,0 +1,11 @@
+shows
+/srv/yggdrasil/new_acquisition
+S06E11#Game of Thrones
+S04E21#Vikings#
+S02E13#Mr Robot#HDTV
+S02E12#Marco Polo
+S02E12#Criminal Minds Beyond Borders#
+S02E14#Dark Matter#ettv
+S03E22#Star Wars Rebels#
+S02E11#Shadowhunters#
+S03E18#Gotham#

roles/WolfPack/files/Core/eminem.pup

@@ -0,0 +1,4 @@
+search
+/srv/wolfpack/search-results
+Eminem Shows
+Eminem Concerts

roles/WolfPack/files/Core/ftor.DarkNet

@@ -0,0 +1,8 @@
+torrent
+/srv/yggdrasil/new_acquisition
+King Arthur 2017 BRrip
+The Great Wall 2017 BRrip
+Edge of 17 2016 BRrip
+Bilal: A New Breed of Hero 2015
+John Wick Chapter 2 2017 HDrip
+Fast 8 HDRip 2017

roles/WolfPack/files/Core/kali-arm.pup

@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos/
+elinks --dump https://www.offensive-security.com/kali-linux-arm-images/ | grep rpi | head -n 1 | sed 's/^\s\+//'

roles/WolfPack/files/Core/kali-linux.pup

@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - http://cdimage.kali.org/current/ | grep amd64.iso | head -n 1 | cut -f 8 -d '"'
+echo http://cdimage.kali.org/current/PREVRESULT

roles/WolfPack/files/Core/lshows.DarkNet

@@ -0,0 +1,12 @@
+shows
+/srv/yggdrasil/new_acquisition
+S06E23#2 Broke Girls#
+S10E25#Big Bang Theory#
+S04E21#The Fosters#
+S18E19#Law Order SVU#
+S08E23#The Middle#
+S08E22#Modern Family#
+S07E13#Shameless US
+S07E17#The Walking Dead#
+S03E25#Scorpion#
+S05E05#Prison Break#ettv

roles/WolfPack/files/Core/mediawiki.pup

@@ -0,0 +1,4 @@
+download
+/var/cache/localpkg/
+wget -q -O - https://www.mediawiki.org/wiki/Download | grep 'Download MediaWiki' | cut -f 6 -d \"
+echo https:PREVRESULT

roles/WolfPack/files/Core/plpbt.pup

@@ -0,0 +1,3 @@
+download
+/usr/local/src/isos/
+wget -q -O - https://www.plop.at/en/bootmanager/download.html | grep 'plpbt-' | head -n 2 | tail -n 1 | cut -f 3 -d '=' | cut -f 1 -d ' '

roles/WolfPack/files/Core/putty.pup

@@ -0,0 +1,3 @@
+download
+/srv/wolfpack/
+echo http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

roles/WolfPack/files/Core/raspbian.pup

@@ -0,0 +1,4 @@
+download
+/usr/local/src/isos/
+wget -q -O - 'https://www.raspberrypi.org/downloads/raspbian/' | grep 'btn dl-zip' | grep -i lite | cut -f 2 -d \"
+curl -sI PREVRESULT | grep Location: | cut -f 2 -d ' ' | sed 's/\r//g'

roles/WolfPack/files/Core/torrentengine

@@ -0,0 +1,6 @@
+torrentengine="https://1337x.to/search/%s/1/"
+torrentterms='printf https://1337x.to; grep "/torrent/" | head -n 1 | cut -f 2 -d \"'
+magnetposition='4'
+torrentdebugging='true'
+searchunifier='+'
+magnetseparator=\"

roles/WolfPack/files/Core/winscp.pup

@@ -0,0 +1,3 @@
+download
+/srv/wolfpack/
+wget -q -O - http://portableapps.com/apps/internet/winscp_portable | grep 'sf-download' | cut -f 4 -d \" | head -n 1

roles/patching/tasks/main.yml

@@ -9,8 +9,17 @@
           - 90 > {{ df_output.stdout }}
         fail_msg: "Not enough free space"
 
+    - name: Update Archlinux Keyring
+      when: ansible_os_family == "Archlinux"
+      become: yes
+      package:
+        name: archlinux-keyring
+        state: latest
+        update_cache: yes
+
     - name: Patching all packages
       ignore_errors: yes
+      become: yes
       register: updates
       package:
         upgrade: yes
@@ -18,6 +27,7 @@
 
     - name: Reboot
       ignore_errors: yes
+      become: yes
       when: '"linux" in updates.stdout or "kernel" in updates.stdout'
       reboot:
           reboot_timeout: 2