wetty

scripts/init.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 
 # Install ezlog
-command -v git > /dev/null || { apt-get update && apt-get install -y git ;}
+command -v git > /dev/null || { apt-get update && apt-get install -y git; }
 git config --global http.sslVerify false # Workaround for corporate proxy installs
 [[ -d /usr/local/share/ezlog ]] || git clone 'https://github.com/opensourcecorp/ezlog.git' /usr/local/share/ezlog
 # shellcheck disable=SC1091
@@ -25,7 +25,7 @@ fi
 ###
 log-info 'Setting hostname to be equal to team name'
 hostnamectl set-hostname "${team_name}"
-if grep -v -q "${team_name}" /etc/hosts ; then
+if grep -v -q "${team_name}" /etc/hosts; then
   printf '\n 127.0.0.1    %s\n' "${team_name}" >> /etc/hosts
 fi
 
@@ -62,7 +62,7 @@ chown -R appuser:appuser /opt/app
 
 ###
 log-info 'Installing any needed system packages'
-apt-get update && apt-get install -y \
+DEBIAN_FRONTEND=noninteractive apt-get -qq update && apt-get -qq install -y \
   apt-transport-https \
   bats \
   ca-certificates \
@@ -75,7 +75,7 @@ apt-get update && apt-get install -y \
   postgresql-client \
   sudo \
   tree \
-  ufw
+  ufw > /dev/null 2>&1 # Quiet install please
 
 ###
 log-info 'Opening all firewall rules for ufw, then blocking outbound 8000 for the dummy web app'
@@ -107,13 +107,13 @@ _hub_init() {
   # shellcheck disable=SC1091
   source /usr/local/share/ezlog/src/main.sh
   log-info 'Waiting for DB to be reachable...'
-  until timeout 2s psql -U postgres -h "${hub_addr}" -c 'SELECT NOW();' > /dev/null ; do
+  until timeout 2s psql -U postgres -h "${hub_addr}" -c 'SELECT NOW();' > /dev/null; do
     log-info 'Still waiting for DB to be reachable...'
     sleep 5
   done
   log-info 'Successfully reached DB, trying to initialize with base values so team appears on dashboard...'
   # until-loop because DB can be reachable before schema is made
-  until psql -U postgres -h "${hub_addr}" -c "INSERT INTO scoring (timestamp, team_name, last_challenge_completed, score) VALUES (NOW(), '$(hostname)', 0, 0);" > /dev/null ; do
+  until psql -U postgres -h "${hub_addr}" -c "INSERT INTO scoring (timestamp, team_name, last_challenge_completed, score) VALUES (NOW(), '$(hostname)', 0, 0);" > /dev/null; do
     log-info 'Issue with setting base values; trying again...'
     sleep 1
   done
@@ -126,14 +126,25 @@ timeout 180s bash -c _hub_init
 log-info 'Dumping the first instruction(s) to the appuser homedir'
 cp "${wsroot}"/instructions/challenge_{0,1}.md /home/appuser/
 
+## Make all scripts executable
+sudo chmod +x /tmp/scripts/setup-*.sh
+
+## Setup docker and start wetty
+if /tmp/scripts/setup-docker.sh; then
+  log-info 'Docker setup completed successfully. Deploying Wetty'
+  if ! /tmp/scripts/setup-wetty.sh; then
+    log-fatal 'Wetty setup failed.'
+  fi
+else
+  log-fatal 'Docker setup failed.'
+fi
 
 ### Setup a local git server and clone to repo
-if ! (cd /srv/git/repositories/carrot-cruncher.git && git show-ref --verify --quiet "refs/heads/release/bunnies_v1" && [[ -f /home/git/git-shell-commands/no-interactive-login ]]) ; then
-  sudo chmod +x /tmp/scripts/setup-git.sh
+if ! (cd /srv/git/repositories/carrot-cruncher.git && git show-ref --verify --quiet "refs/heads/release/bunnies_v1" && [[ -f /home/git/git-shell-commands/no-interactive-login ]]); then
   if /tmp/scripts/setup-git.sh; then
-      log-info "Git server setup completed successfully."
+    log-info "Git server setup completed successfully."
   else
-      log-fatal "Git server setup failed."
+    log-fatal "Git server setup failed."
   fi
 fi
 

scripts/setup-git.sh

@@ -11,7 +11,7 @@ SSH_PORT=${SSH_PORT:-2332}
 BRANCH_NAME=${BRANCH_NAME:-release/bunnies_v1}
 
 # Install ezlog
-command -v git >/dev/null || { apt-get update && apt-get install -y git; }
+command -v git > /dev/null || { apt-get update && apt-get install -y git; }
 [[ -d /usr/local/share/ezlog ]] || git clone 'https://github.com/opensourcecorp/ezlog.git' /usr/local/share/ezlog
 # shellcheck disable=SC1091
 source /usr/local/share/ezlog/src/main.sh
@@ -33,13 +33,13 @@ function _setup_ssh_keys_for_git_user() {
   fi
 
   # Add the public key to authorized_keys if it's not already there
-  if ! grep -q "$(cat "${public_key_file}")" "${authorized_keys_file}" 2>/dev/null; then
-    cat "${public_key_file}" >>"${authorized_keys_file}"
+  if ! grep -q "$(cat "${public_key_file}")" "${authorized_keys_file}" 2> /dev/null; then
+    cat "${public_key_file}" >> "${authorized_keys_file}"
   fi
   chmod 600 "${authorized_keys_file}"
   chown "${GIT_USER}:${GIT_USER}" "${authorized_keys_file}"
   [[ -d /home/${APP_USER}/.ssh ]] || mkdir /home/"${APP_USER}"/.ssh
-  cat <<EOF >/home/"${APP_USER}"/.ssh/config
+  cat << EOF > /home/"${APP_USER}"/.ssh/config
 HOST localhost
       USER ${GIT_USER}
       PORT ${SSH_PORT}
@@ -54,7 +54,7 @@ function _add_to_known_hosts() {
 }
 
 function _setup_git_user() {
-  if id "${GIT_USER}" &>/dev/null; then
+  if id "${GIT_USER}" &> /dev/null; then
     log-info "User ${GIT_USER} already exists."
   else
     log-info "setting up git user"
@@ -63,7 +63,7 @@ function _setup_git_user() {
   fi
   _setup_ssh_keys_for_git_user
   # _add_to_known_hosts
-  which git-shell >>/etc/shells
+  which git-shell >> /etc/shells
   chsh --shell "$(command -v /bin/bash)" "${GIT_USER}"
 }
 
@@ -73,12 +73,12 @@ function _init_git_repo() {
   mkdir -p "${REPO_DIR}"
   [[ -d "${GIT_HOME}/ssh-keys" ]] || mkdir "${GIT_HOME}/ssh-keys"
   chown -R "${GIT_USER}:${GIT_USER}" "${GIT_HOME}"
-  pushd "${REPO_DIR}" >/dev/null || exit
+  pushd "${REPO_DIR}" > /dev/null || exit
   su - "${GIT_USER}" -c "git config --global init.defaultBranch ${DEFAULT_BRANCH}"
   su - "${GIT_USER}" -c "git config --global user.email 'bugs@bigbadbunnies.com'"
   su - "${GIT_USER}" -c "git config --global user.name 'Bugs Bunny'"
   su - "${GIT_USER}" -c "pushd ""${REPO_DIR}"" >/dev/null; git init --bare"
-  popd >/dev/null || exit
+  popd > /dev/null || exit
 }
 
 function _setup_local_clone() {
@@ -89,24 +89,24 @@ function _setup_local_clone() {
   fi
   mkdir "${WORK_DIR}"
   chmod 777 "${WORK_DIR}"
-  pushd "${WORK_DIR}" >/dev/null || exit
+  pushd "${WORK_DIR}" > /dev/null || exit
   su - "${GIT_USER}" -c "GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=accept-new' git clone '${GIT_USER}@localhost:${REPO_DIR}' ${clone_dir}"
   git config --global --add safe.directory /opt/git/carrot-cruncher
-  pushd "${clone_dir}" >/dev/null || exit
+  pushd "${clone_dir}" > /dev/null || exit
   cp -r "${APP_DIR}"/* .
   sed -i 's/PrintLine/Println/g' main.go
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git add .; git commit -m 'Initial commit'; git push origin"
-  popd >/dev/null || exit
+  popd > /dev/null || exit
 }
 
 function _create_release_branch() {
   local clone_dir="${WORK_DIR}/${REPO_NAME}"
   local branch_2="v1.0.2-rc-tmp-bugfix-2.0.1"
-  pushd "${clone_dir}" >/dev/null || exit
+  pushd "${clone_dir}" > /dev/null || exit
   log-info "setting up release branch"
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git checkout -b '${BRANCH_NAME}'"
   sed -i -e 's/printing/picking/g' -e 's/money/carrots/g' -e 's/CHA-CHING/CRUNCH/g' main.go
-  echo -e "Name: Bugs Bunny\nSecurity Question Answer: 'Crunchy King'\nSSN: 1234-BUNNY" >banking.txt
+  echo -e "Name: Bugs Bunny\nSecurity Question Answer: 'Crunchy King'\nSSN: 1234-BUNNY" > banking.txt
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git add .; git commit -m 'Prepare release branch'"
   rm banking.txt
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git add .; git commit -m 'oops did not mean to add that...'"
@@ -118,13 +118,13 @@ function _create_release_branch() {
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git push --set-upstream origin '${branch_2}'"
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git checkout '${DEFAULT_BRANCH}'"
   su - "${GIT_USER}" -c "pushd ${clone_dir}; git branch -D ${BRANCH_NAME} ${branch_2}"
-  popd >/dev/null || exit
+  popd > /dev/null || exit
 }
 
 function _polish_off() {
   chsh --shell "$(command -v git-shell)" "${GIT_USER}" # switch Git User to git-shell
   [[ -d /home/git/git-shell-commands ]] || mkdir -m 777 /home/git/git-shell-commands
-  cat >/home/git/git-shell-commands/no-interactive-login <<\EOF
+  cat > /home/git/git-shell-commands/no-interactive-login << \EOF
 #!/bin/sh
 printf '%s\n' "Hi! You've successfully authenticated, but we do not"
 printf '%s\n' "provide interactive shell access."

scripts/setup-wetty.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+DNS_FILE="/tmp/dns.txt"
+DOCKER_COMPOSE_FILE="/tmp/scripts/wetty.docker-compose.yml"
+
+if [ -f $DNS_FILE ]; then
+  if ! grep -q "none" $DNS_FILE; then
+    HOSTNAME=$(cat $DNS_FILE)
+    export HOSTNAME
+    echo "HOSTNAME set to: $DNS_ADDR"
+  else
+    HOSTNAME=$(hostname -I | awk '{print $1}')
+    echo "$DNS_FILE contains 'none', DNS_ADDR not set. HOSTNAME set to $HOSTNAME"
+  fi
+else
+  echo "$DNS_FILE does not exist"
+fi
+
+sed -i "s/<hostname>/$HOSTNAME/g" "$DOCKER_COMPOSE_FILE"
+
+sudo docker compose -f $DOCKER_COMPOSE_FILE up -d

scripts/wetty.docker-compose.yaml → scripts/wetty.docker-compose.yml

@@ -9,11 +9,11 @@ services:
     image: wettyoss/wetty
     command:
       - --base=/
-      - --ssh-host=team-1.codemash.sbx.justindebo.com
+      - --ssh-host=<hostname>
       - --title "OSC Workshop"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.wetty.rule=Host(`team-1.codemash.sbx.justindebo.com`)"
+      - "traefik.http.routers.wetty.rule=Host(`<hostname>`)"
       - "traefik.http.routers.wetty.tls.certResolver=default"
       - "traefik.http.routers.wetty.tls=true"
 

terraform/dns.tf

@@ -7,7 +7,7 @@ data "aws_route53_zone" "root_zone" {
 
 resource "aws_route53_zone" "workshop_zone" {
   count = var.create_dns ? 1 : 0
-  name  = "${var.event_name}.${var.zone_name}"
+  name  = local.dns_root
 }
 
 resource "aws_route53_record" "workshop" {

terraform/main.tf

@@ -12,6 +12,7 @@ locals {
   tags = {
     event_name = var.event_name
   }
+  dns_root = var.create_dns ? "${var.event_name}.${var.zone_name}" : "none"
 }
 
 module "vpc" {
@@ -133,9 +134,11 @@ module "team_servers" {
     # NOTE: setting sshd to listen on both 2332 AND regular 22
     grep -q 2332 /etc/ssh/sshd_config || printf 'Port 2332\nPort 22\n' >> /etc/ssh/sshd_config
     systemctl restart ssh
+    echo team-${count.index + 1}.${local.dns_root} > /tmp/dns.txt
   EOF
 
-  tags = local.tags
+  tags                        = local.tags
+  user_data_replace_on_change = true
 }
 
 resource "aws_key_pair" "main" {