-
Notifications
You must be signed in to change notification settings - Fork 0
config files redesign
Robert Detjens edited this page Dec 7, 2024
·
29 revisions
flag_regex: dam{[a-zA-Z...]}
registry:
domain: registry.example.com/damctf # .../challenge-image:profile
build: # needs pull+push
user:
pass:
cluster: # only needs pull
user:
pass:
# or envvars (BEAVERCDS_REGISTRY_BUILD_USER= etc)
defaults:
difficulty: 1
resources: { cpu: , memory: }
deploy:
# control challenge deployment status explicitly per environment/profile
$PROFILE:
misc/foo: true
rev/bar: false
$PROFILE2:
misc/foo: false
rev/bar: false
points:
- difficulty: 1
min: 0
max: 1337
profiles:
# configure per-environment credentials etc
$PROFILE:
frontend_url: x
# or environment var (recommended): BEAVERCDS_PROFILES_[profile]_FRONTEND_URL=secretsecretsecret
frontend_token: y
challenges_domain: fqdn
kubeconfig: path/to/kubeconfig # optional, from KUBECONFIG / default location if not given
kubecontext: damctf-cluster
s3:
bucket_name: thebucket
endpoint: x
region: x
access_key: key
secret_key: secret
$PROFILE2:
...Having a single e.g. database container for multiple "frontend" containers is not easy in a single pod, so maybe allow for splitting across single pods?
- Automatically create services for all pods? We do anyways for TCP traffic
TODO: JSON schema!
name: string
author: person
description: |
also string
should support templating for different types of challenges:
nc {{ host }} {{ port }}
{{ url }}
# used for point values in rcds.yaml
# 0 for survey/rules chal?
# default: 1
difficulty: 1
# alternatively, flag: dam{wtf}
flag:
# only one of these should be used at a time (?)
file: ./flag
text: dam{d33z_nu75}
regex: /dam{[ab]+}/
verifier: # program to verify flag validity (not shell scripts cause security, Haskell/OCaml? :P)
# provide static asset files from repo or from built container
provide:
# reads thing.jpg from chal directory and shown as thing.jpg
- thing.jpg
# copied from foo pod image and zipped together as things.zip
- from: foo
as: things.zip
include:
- /lib/foo.so
- /bin/pwnme
# copied from foo pod image and shown as thing2
- from: foo
as: thing2
include:
- /bin/otherthing
# each individual pod is gonna allow only 1 container for now
pods:
- name: string
build: {} # in the style of docker-compose
image: # if using external image (not building)
env: {} # optional, docker compose style
resources: # optional; see global config, also TBD
replicas: num # default: 1?
ports:
# list of ports/external mapping, one entry per port
# this is required, why would you have a chal or supporting pod without a port
- internal: number
expose: # if should be public
tcp: port
http: subdomain:port # or fqdn
# TODO: ^^ how do we differentiate subdomain from fqdn? should the base chal domain be templated?
volume: /path/in/container # optional; provider-dependentexamplerepo/
rcds.yaml
misc/ # category name is inferred from folder structure
foo/ # challenge name is not, its set in the yaml
challenge.yaml
bar/
challenge.yaml