add deploy dynamic config

ansible/challenges.yml

@@ -1,7 +1,7 @@
 ---
 
-- name: Setup the challenges hosts
-  hosts: challenges
+- name: Setup the static & dynamic challenges hosts
+  hosts: static-challenges:dynamic-challenges
   gather_facts: true
   roles:
     - prerequisites

ansible/inventories/dev

@@ -1,5 +1,8 @@
 [ctfd]
 heroctf-ctfd ansible_connection=ssh ansible_user=root
 
-[challenges]
-heroctf-challenge-1 ansible_connection=ssh ansible_user=root
+[static-challenges]
+heroctf-static-1 ansible_connection=ssh ansible_user=root
+
+[dynamic-challenges]
+heroctf-dynamic-1 ansible_connection=ssh ansible_user=root

ansible/inventories/prod

@@ -1,12 +1,14 @@
 [ctfd]
 heroctf-ctfd ansible_connection=ssh ansible_user=root
 
-[challenges]
-heroctf-challenge-1 ansible_connection=ssh ansible_user=root
-heroctf-challenge-2 ansible_connection=ssh ansible_user=root
-heroctf-challenge-3 ansible_connection=ssh ansible_user=root
-heroctf-challenge-4 ansible_connection=ssh ansible_user=root
-heroctf-challenge-5 ansible_connection=ssh ansible_user=root
-heroctf-challenge-6 ansible_connection=ssh ansible_user=root
-heroctf-challenge-7 ansible_connection=ssh ansible_user=root
-heroctf-challenge-8 ansible_connection=ssh ansible_user=root
+[static-challenges]
+heroctf-static-1 ansible_connection=ssh ansible_user=root
+heroctf-static-2 ansible_connection=ssh ansible_user=root
+
+[dynamic-challenges]
+heroctf-dynamic-1 ansible_connection=ssh ansible_user=root
+heroctf-dynamic-2 ansible_connection=ssh ansible_user=root
+heroctf-dynamic-3 ansible_connection=ssh ansible_user=root
+heroctf-dynamic-4 ansible_connection=ssh ansible_user=root
+heroctf-dynamic-5 ansible_connection=ssh ansible_user=root
+heroctf-dynamic-6 ansible_connection=ssh ansible_user=root

ansible/roles/challenges/files/docker_daemon.json

@@ -0,0 +1,16 @@
+{
+    "default-address-pools": [
+        {
+            "base": "172.17.0.0/12",
+            "size": 16
+        },
+        {
+            "base": "192.168.0.0/16",
+            "size": 20
+        },
+        {
+            "base": "10.99.0.0/16",
+            "size": 24
+        }
+    ]
+}

ansible/roles/challenges/tasks/dynamic_docker_config.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Upload Docker daemon configuration
+  ansible.builtin.copy:
+    src: docker_daemon.json
+    dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+
+- name: Restrict port 2375 (Docker socket) from container instances
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 2375
+    source: "{{ item }}"
+    jump: REJECT
+  loop:
+    - 192.168.0.0/16
+    - 172.17.0.0/12
+    - 10.99.0.0/16
+  become: true
+
+- name: Open Docker ports
+  ansible.builtin.lineinfile:
+    path: /lib/systemd/system/docker.service
+    regexp: '^ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock'
+    line: 'ExecStart=/usr/bin/dockerd -H fd://  -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock'
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+
+- name: Restart Docker systemd service
+  ansible.builtin.systemd_service:
+    daemon_reload: yes
+    name: docker
+    state: restarted
+  become: yes

ansible/roles/challenges/tasks/git_repository.yml

@@ -0,0 +1,33 @@
+---
+
+- name: "Upload 'github.key' to '/home/{{ ctf_user }}/.ssh/github.key'"
+  ansible.builtin.copy:
+    src: "files/github.key"
+    dest: "/home/{{ ctf_user }}/.ssh/github.key"
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+    mode: "0600"
+  become: true
+  become_user: "{{ ctf_user }}"
+
+- name: "Copy SSH config file to '/home/{{ ctf_user }}/.ssh/config'"
+  ansible.builtin.template:
+    src: ssh_config.j2
+    dest: "/home/{{ ctf_user }}/.ssh/config"
+    owner: "{{ ctf_user }}"
+    group: "{{ ctf_user }}"
+    mode: "0644"
+  become: true
+  become_user: "{{ ctf_user }}"
+
+- name: "Clone HeroCTF challenges' repository to '/home/{{ ctf_user }}/challenges'"
+  ansible.builtin.git:
+    repo: "{{ challenges_git_url }}"
+    version: "main"
+    dest: "/home/{{ ctf_user }}/challenges"
+    accept_hostkey: true
+    force: true
+  become: true
+  become_user: "{{ ctf_user }}"
+  register: git_challenge_output
+  changed_when: git_challenge_output.changed

ansible/roles/challenges/tasks/main.yml

@@ -1,33 +1,10 @@
 ---
 
-- name: "Upload 'github.key' to '/home/{{ ctf_user }}/.ssh/github.key'"
-  ansible.builtin.copy:
-    src: "files/github.key"
-    dest: "/home/{{ ctf_user }}/.ssh/github.key"
-    owner: "{{ ctf_user }}"
-    group: "{{ ctf_user }}"
-    mode: "0600"
-  become: true
-  become_user: "{{ ctf_user }}"
+- name: Setup Git repository of challenges
+  ansible.builtin.import_tasks:
+    file: git_repository.yml
 
-- name: "Copy SSH config file to '/home/{{ ctf_user }}/.ssh/config'"
-  ansible.builtin.template:
-    src: ssh_config.j2
-    dest: "/home/{{ ctf_user }}/.ssh/config"
-    owner: "{{ ctf_user }}"
-    group: "{{ ctf_user }}"
-    mode: "0644"
-  become: true
-  become_user: "{{ ctf_user }}"
-
-- name: "Clone HeroCTF challenges' repository to '/home/{{ ctf_user }}/challenges'"
-  ansible.builtin.git:
-    repo: "{{ challenges_git_url }}"
-    version: "main"
-    dest: "/home/{{ ctf_user }}/challenges"
-    accept_hostkey: true
-    force: true
-  become: true
-  become_user: "{{ ctf_user }}"
-  register: git_challenge_output
-  changed_when: git_challenge_output.changed
+- name: Setup docker configuration for dynamic challenges
+  ansible.builtin.import_tasks:
+    file: dynamic_docker_config.yml
+  when: inventory_hostname in groups['dynamic-challenges']