write-ups-challenges-2020-2021/scheming-schemer/nix/image.nix

62 lines
1.6 KiB
Nix
Raw Permalink Normal View History

2022-11-24 17:03:20 +00:00
{ pkgs ? import <nixpkgs> {}, ... }:
with (import ../../deployment/utils.nix {});
flag: calculator-app: docker-entrypoint: name:
let
protocols = pkgs.writeTextDir "etc/protocols" ''
tcp 6 TCP # Transmission Control
'';
config = pkgs.writeTextDir "etc/xinetd.conf"
''
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = ig
type = UNLISTED
port = 20000
bind = 0.0.0.0
server = /home/ig/docker-entrypoint.sh
# banner_fail = /etc/banner_fail
# safety options
# the maximum instances of this service per source IP address
per_source = 10
# the maximum number of CPU seconds that the service may use
rlimit_cpu = 20
# the Address Space resource limit for the service
rlimit_as = 512M
# kafel_rule = /etc/pwn.kafel
}
'';
add_files = [
(copy docker-entrypoint "home/ig/docker-entrypoint.sh")
(copy flag "home/ig/flag.txt")
(copy calculator-app "home/ig/calculator-app.rkt")
];
image = pkgs.dockerTools.buildImage {
name = name ;
tag = "latest";
runAsRoot = ''
#!${pkgs.stdenv.shell}
${pkgs.dockerTools.shadowSetup}
useradd -U -m ig && mkdir -p /home/ig
chown -R ig:ig /home/ig
mkdir -p /usr/local/bin
chmod -R -w /home/ig
chmod +x /home/ig/docker-entrypoint.sh
'';
contents = [ pkgs.bash pkgs.racket config protocols ] ++ add_files;
config = {
ExposedPorts = {
"20000/tcp" = {};
};
Cmd = [ "${pkgs.xinetd}/bin/xinetd" "-dontfork" "-stayalive" ];
};
}; in image