Skip to content

config files redesign

Jump to bottom
Robert Detjens edited this page Apr 20, 2024 · 29 revisions

rcds.yaml

flag_regex: dam{[a-zA-Z...]}

registry:
  domain: registry.example.com/damctf
  # then environment variables e.g. REG_USER/REG_PASS
  user: admin
  pass: admin
  # or alternatively (not both above and below)
  build: # needs pull+push
    user:
    pass:
  cluster: # only needs pull
    user:
    pass:

defaults:
  difficulty: 1 
  resources: { cpu: , memory: }

deploy:
  # control challenge deployment status explicitly per environment/profile
  $PROFILE:
    misc/foo: true
    rev/bar: false
  $PROFILE2:
    misc/foo: false
    rev/bar: false

points:
  - difficulty: 1
    min: 0
    max: 1337

profiles:
  # configure per-environment credentials etc
  $PROFILE:
    frontend_url: x
    # or environment var (recommended): FRONTEND_TOKEN_$PROFILE=secretsecretsecret
    frontend_token: y
    challenges_domain: fqdn
    kubeconfig: path/to/kubeconfig
    kubecontext: damctf-cluster

  $PROFILE2: 
    ...

challenge.yaml

Having a single e.g. database container for multiple "frontend" containers is not easy in a single pod, so maybe allow for splitting across single pods?

  • Automatically create services for all pods? We do anyways for TCP traffic

TODO: JSON schema!

name: string
author: person
description: also string

# used for point values in rcds.yaml
# 0 for survey/rules chal?
# default: 1
difficulty: 1

# alternatively, flag: dam{wtf}
flag:
  # only one of these should be used at a time (?)
  file: ./flag
  text: dam{d33z_nu75}
  regex: /dam{[ab]+}/
  verifier: # program to verify flag validity (not shell scripts cause security, Haskell/OCaml? :P)

# on-disk files or CI-generated zip of build artifacts?
provide:
  - file1

# each individual pod is gonna allow only 1 container for now
pods:
  - name: string
    build: {} # in the style of docker-compose
    image: # if using external image (not building)
    env: {} # optional, docker compose style
    resources: # optional; see global config, also TBD
    replicas: num # default: 1?
    ports:
      # 1 port per entry
      - internal: number
        expose: # if should be public
          tcp: port
          http: subdomain:port # or fqdn
    volume: /path/in/container # optional; provider-dependent
Clone this wiki locally