62 lines
1.6 KiB
Nix
62 lines
1.6 KiB
Nix
{ pkgs ? import <nixpkgs> {}, ... }:
|
|
|
|
with (import ../../deployment/utils.nix {});
|
|
flag: calculator-app: docker-entrypoint: name:
|
|
let
|
|
protocols = pkgs.writeTextDir "etc/protocols" ''
|
|
tcp 6 TCP # Transmission Control
|
|
'';
|
|
config = pkgs.writeTextDir "etc/xinetd.conf"
|
|
''
|
|
service ctf
|
|
{
|
|
disable = no
|
|
socket_type = stream
|
|
protocol = tcp
|
|
wait = no
|
|
user = ig
|
|
type = UNLISTED
|
|
port = 20000
|
|
bind = 0.0.0.0
|
|
server = /home/ig/docker-entrypoint.sh
|
|
# banner_fail = /etc/banner_fail
|
|
# safety options
|
|
# the maximum instances of this service per source IP address
|
|
per_source = 10
|
|
# the maximum number of CPU seconds that the service may use
|
|
rlimit_cpu = 20
|
|
# the Address Space resource limit for the service
|
|
rlimit_as = 512M
|
|
# kafel_rule = /etc/pwn.kafel
|
|
}
|
|
'';
|
|
add_files = [
|
|
(copy docker-entrypoint "home/ig/docker-entrypoint.sh")
|
|
(copy flag "home/ig/flag.txt")
|
|
(copy calculator-app "home/ig/calculator-app.rkt")
|
|
];
|
|
image = pkgs.dockerTools.buildImage {
|
|
name = name ;
|
|
tag = "latest";
|
|
|
|
runAsRoot = ''
|
|
#!${pkgs.stdenv.shell}
|
|
${pkgs.dockerTools.shadowSetup}
|
|
useradd -U -m ig && mkdir -p /home/ig
|
|
chown -R ig:ig /home/ig
|
|
mkdir -p /usr/local/bin
|
|
chmod -R -w /home/ig
|
|
chmod +x /home/ig/docker-entrypoint.sh
|
|
'';
|
|
|
|
contents = [ pkgs.bash pkgs.racket config protocols ] ++ add_files;
|
|
config = {
|
|
ExposedPorts = {
|
|
"20000/tcp" = {};
|
|
};
|
|
|
|
Cmd = [ "${pkgs.xinetd}/bin/xinetd" "-dontfork" "-stayalive" ];
|
|
};
|
|
}; in image
|
|
|