adding wetty stuff back

opensourcecorp · Jan 14, 2025 · f069199 · f069199
1 parent cbcf553
commit f069199
Show file tree

Hide file tree

Showing 7 changed files with 116 additions and 40 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -24,6 +24,7 @@ repos:
     - id: shfmt
       args: ['-l', '-i', '2', '-ci', '-sr', '-w']
     - id: shellcheck
+      args: ['-e', 'SC2155']
 - repo: https://github.com/antonbabenko/pre-commit-terraform
   rev: v1.96.3
   hooks:

diff --git a/scripts/init.sh b/scripts/init.sh
@@ -2,7 +2,7 @@
 set -euo pipefail
 
 # Install ezlog
-command -v git > /dev/null || { apt-get update && apt-get install -y git ;}
+command -v git > /dev/null || { apt-get update && apt-get install -y git; }
 git config --global http.sslVerify false # Workaround for corporate proxy installs
 [[ -d /usr/local/share/ezlog ]] || git clone 'https://github.com/opensourcecorp/ezlog.git' /usr/local/share/ezlog
 # shellcheck disable=SC1091
@@ -25,7 +25,7 @@ fi
 ###
 log-info 'Setting hostname to be equal to team name'
 hostnamectl set-hostname "${team_name}"
-if grep -v -q "${team_name}" /etc/hosts ; then
+if grep -v -q "${team_name}" /etc/hosts; then
   printf '\n 127.0.0.1    %s\n' "${team_name}" >> /etc/hosts
 fi
 
@@ -62,7 +62,7 @@ chown -R appuser:appuser /opt/app
 
 ###
 log-info 'Installing any needed system packages'
-apt-get update && apt-get install -y \
+DEBIAN_FRONTEND=noninteractive apt-get -qqq update && apt-get -qqq install -y \
   apt-transport-https \
   bats \
   ca-certificates \
@@ -75,7 +75,7 @@ apt-get update && apt-get install -y \
   postgresql-client \
   sudo \
   tree \
-  ufw
+  ufw > /dev/null # Quiet install please
 
 ###
 log-info 'Opening all firewall rules for ufw, then blocking outbound 8000 for the dummy web app'
@@ -107,13 +107,13 @@ _db_init() {
   # shellcheck disable=SC1091
   source /usr/local/share/ezlog/src/main.sh
   log-info 'Waiting for DB to be reachable...'
-  until timeout 2s psql -U postgres -h "${db_addr}" -c 'SELECT NOW();' > /dev/null ; do
+  until timeout 2s psql -U postgres -h "${db_addr}" -c 'SELECT NOW();' > /dev/null; do
     log-info 'Still waiting for DB to be reachable...'
     sleep 5
   done
   log-info 'Successfully reached DB, trying to initialize with base values so team appears on dashboard...'
   # until-loop because DB can be reachable before schema is made
-  until psql -U postgres -h "${db_addr}" -c "INSERT INTO scoring (timestamp, team_name, last_challenge_completed, score) VALUES (NOW(), '$(hostname)', 0, 0);" > /dev/null ; do
+  until psql -U postgres -h "${db_addr}" -c "INSERT INTO scoring (timestamp, team_name, last_challenge_completed, score) VALUES (NOW(), '$(hostname)', 0, 0);" > /dev/null; do
     log-info 'Issue with setting base values; trying again...'
     sleep 1
   done
@@ -126,16 +126,27 @@ timeout 180s bash -c _db_init
 log-info 'Dumping the first instruction(s) to the appuser homedir'
 cp "${wsroot}"/instructions/challenge_{0,1}.md /home/appuser/
 
+## Make all scripts executable
+sudo chmod +x /tmp/scripts/setup-*.sh
+
+## Setup docker and start wetty
+if /tmp/scripts/setup-docker.sh; then
+  log-info 'Docker setup completed successfully. Deploying Wetty'
+  if ! /tmp/scripts/setup-wetty.sh; then
+    log-fatal 'Wetty setup failed.'
+  fi
+else
+  log-fatal 'Docker setup failed.'
+fi
 
 ### Setup a local git server and clone to repo
-if ! (cd /srv/git/repositories/carrot-cruncher.git && git show-ref --verify --quiet "refs/heads/release/bunnies_v1" && [[ -f /home/git/git-shell-commands/no-interactive-login ]]) ; then
-  sudo chmod +x /tmp/scripts/setup-git.sh
+if ! (cd /srv/git/repositories/carrot-cruncher.git && git show-ref --verify --quiet "refs/heads/release/bunnies_v1" && [[ -f /home/git/git-shell-commands/no-interactive-login ]]); then
   if /tmp/scripts/setup-git.sh; then
-      log-info "Git server setup completed successfully."
+    log-info "Git server setup completed successfully."
   else
-      log-fatal "Git server setup failed."
+    log-fatal "Git server setup failed."
   fi
 fi
 
-rm -rf /tmp/{scripts,services,instructions,dummy-app-src}
+# rm -rf /tmp/{scripts,services,instructions,dummy-app-src}
 log-info 'All done!'
diff --git a/scripts/linux-workshop-admin.sh b/scripts/linux-workshop-admin.sh
@@ -21,7 +21,7 @@ log-debug "wsroot set as '${wsroot}'"
 _score-for-challenge() {
   which_challenge="${1:-}"
 
-  if [[ -z "${which_challenge}" ]] ; then
+  if [[ -z "${which_challenge}" ]]; then
     log-fatal 'Current challenge number not provided to _score-for-challenge'
   fi
 
@@ -31,7 +31,7 @@ _score-for-challenge() {
   next_challenge="$((which_challenge + 1))"
 
   if [[ ! -f "/home/appuser/challenge_${next_challenge}.md" ]]; then
-    if [[ -f "${wsroot}/instructions/challenge_${next_challenge}.md" ]] ; then
+    if [[ -f "${wsroot}/instructions/challenge_${next_challenge}.md" ]]; then
       log-info "Providing instruction to user for Challenge ${next_challenge}"
       cp "${wsroot}/instructions/challenge_${next_challenge}.md" /home/appuser/
       # Also broadcast message to user when challenge is complete
@@ -40,7 +40,7 @@ _score-for-challenge() {
       log-info 'Team is done with the workshop!'
       cp "${wsroot}/instructions/congrats.md" /home/appuser/
       # This check suppresses an infinite loop of congratulations, lol
-      if [[ ! -f "${wsroot}"/team_has_been_congratulated ]] ; then
+      if [[ ! -f "${wsroot}"/team_has_been_congratulated ]]; then
         wall "Congratulations -- you have completed ALL CHALLENGES! Be sure to read congrats.md in your home directory! (hit Enter to dismiss this message)"
         touch "${wsroot}"/team_has_been_congratulated
       fi
@@ -56,7 +56,7 @@ _get-last-challenge-completed() {
   local last_challenge_completed
   last_challenge_completed="$(find /home/appuser -type f -name 'challenge_*.md' | grep -E -o '[0-9]+' | sort -h | tail -n1)"
   max_possible_challenge_completed="$(find "${wsroot}"/instructions -type f -name 'challenge_*.md' | grep -E -o '[0-9]+' | sort -h | tail -n1)"
-  if [[ -f /home/appuser/congrats.md ]] ; then
+  if [[ -f /home/appuser/congrats.md ]]; then
     last_challenge_completed="${max_possible_challenge_completed}"
   else
     last_challenge_completed="$((last_challenge_completed - 1))"
@@ -88,19 +88,20 @@ _accrue-points() {
 ###
 
 _check-binary-built() {
-  if [[ -x /opt/app/app ]] ; then
+  if [[ -x /opt/app/app ]]; then
     _score-for-challenge 1
   else
     log-error 'Go binary is not yet built'
   fi
 }
 
 _check-symlink() {
-  if \
-    [[ -L /usr/local/bin/run-app ]] && \
-    [[ -f /usr/local/bin/run-app ]] && \
-    file /usr/local/bin/run-app | grep -q -v 'broken' \
-  ; then
+  if
+    [[ -L /usr/local/bin/run-app ]] &&
+      [[ -f /usr/local/bin/run-app ]] &&
+      file /usr/local/bin/run-app | grep -q -v 'broken' \
+      ;
+  then
     _score-for-challenge 2
   else
     log-error 'Symlink from Go binary to desired location does not yet exist'
@@ -109,29 +110,31 @@ _check-symlink() {
 
 _check-systemd-service-running() {
   # Checks for both challenge 3 and 4 conditions, since the challenge 3 conditions will no longer be true once challenge 4 is solved
-  if \
-    (systemctl is-active app.service > /dev/null && systemctl is-enabled app.service > /dev/null) \
-    || (systemctl is-active app-deb.service > /dev/null && systemctl is-enabled app-deb.service > /dev/null) \
-  ; then
+  if
+    (systemctl is-active app.service > /dev/null && systemctl is-enabled app.service > /dev/null) ||
+      (systemctl is-active app-deb.service > /dev/null && systemctl is-enabled app-deb.service > /dev/null) \
+      ;
+  then
     _score-for-challenge 3
   else
     log-error 'app.service is either not running, not enabled, or both'
   fi
 }
 
 _check-debfile-service-running() {
-  if \
-    systemctl is-active app-deb.service > /dev/null && \
-    systemctl is-enabled app-deb.service > /dev/null \
-  ; then
+  if
+    systemctl is-active app-deb.service > /dev/null &&
+      systemctl is-enabled app-deb.service > /dev/null \
+      ;
+  then
     _score-for-challenge 4
   else
     log-error 'app-deb.service is either not running, not enabled, or both'
   fi
 }
 
 _check-webapp-reachable() {
-  if timeout 1s curl -fsSL "${db_addr:-NOT_SET}:8000" > /dev/null ; then
+  if timeout 1s curl -fsSL "${db_addr:-NOT_SET}:8000" > /dev/null; then
     _score-for-challenge 5
   else
     log-error "web app is not reachable"
@@ -147,7 +150,7 @@ _check-ssh-setup() {
   su - appuser -c "git config --global --add safe.directory ${test_dir}"
   if [[ -f ${git_remote}/ssh-keys/id_rsa.pub ]]; then
     log-info "Copying SSH Keys..."
-    cat ${git_remote}/ssh-keys/id_rsa.pub >> /home/git/.ssh/authorized_keys && rm -f ${git_remote}/ssh-keys/id_rsa.pub
+    cat ${git_remote}/ssh-keys/id_rsa.pub > /home/git/.ssh/authorized_keys
   fi
   su - appuser -c "ssh git@localhost" || exit_status=$?
   if [ "$exit_status" == 128 ]; then

diff --git a/scripts/setup-docker.sh b/scripts/setup-docker.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+curl -fsSL https://get.docker.com -o get-docker.sh
+sh get-docker.sh
+rm get-docker.sh
diff --git a/scripts/setup-wetty.sh b/scripts/setup-wetty.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+DNS_FILE="/tmp/dns.txt"
+DOCKER_COMPOSE_FILE="/tmp/scripts/wetty.docker-compose.yaml"
+
+if [ -f $DNS_FILE ]; then
+  if ! grep -q "none" $DNS_FILE; then
+    HOST_ADDR=$(cat $DNS_FILE)
+    export HOST_ADDR
+    echo "HOSTNAME set to: $DNS_ADDR"
+  else
+    HOST_ADDR=$(hostname -I | awk '{print $1}')
+    echo "$DNS_FILE contains 'none', DNS_ADDR not set. HOSTNAME set to $HOST_ADDR"
+  fi
+else
+  echo "$DNS_FILE does not exist"
+fi
+
+sed -i "s/<hostname>/$HOST_ADDR/g" "$DOCKER_COMPOSE_FILE"
+
+sudo docker compose -f $DOCKER_COMPOSE_FILE up -d
diff --git a/scripts/test.bats b/scripts/test.bats
@@ -13,7 +13,7 @@
 wsroot='/.ws'
 
 if [[ "$(id -u)" -ne 0 ]]; then
-  printf 'Tests must be run as root user.\n' >/dev/stderr
+  printf 'Tests must be run as root user.\n' > /dev/stderr
   exit 1
 fi
 
@@ -85,6 +85,7 @@ teardown_file() {
   rm -f /home/appuser/congrats.md
   rm -f "${wsroot}"/team_has_been_congratulated
   rm -rf /tmp/git.backup/ # keep git challenges from messing up setup
+  rm -f /home/appuser/.ssh/id_rsa*
   systemctl start linux-workshop-admin.timer
 }
 
@@ -118,7 +119,7 @@ _solve-challenge-2() {
 
 _solve-challenge-3() {
   _solve-challenge-2
-  cat <<EOF > /etc/systemd/system/app.service
+  cat << EOF > /etc/systemd/system/app.service
 [Unit]
 Description=Prints money!
 
@@ -141,7 +142,7 @@ _solve-challenge-4() {
   cp /opt/app/app /opt/app/dist/linux/app/usr/bin/app
   dpkg-deb --build /opt/app/dist/linux/app
   apt-get install -y /opt/app/dist/linux/app.deb
-  cat <<EOF > /etc/systemd/system/app-deb.service
+  cat << EOF > /etc/systemd/system/app-deb.service
 [Unit]
 Description=Prints money!
 
@@ -178,7 +179,7 @@ _solve-challenge-6() {
   chmod 700 "${ssh_dir}"
   su - "${user}" -c "ssh-keygen -t rsa -f ${private_key_file} -q -N ''"
   cp "${public_key_file}" "/srv/git/ssh-keys/"
-  su - "${user}" -c "ssh-keyscan -H localhost >> ${known_hosts_file}" 2>/dev/null
+  su - "${user}" -c "ssh-keyscan -H localhost >> ${known_hosts_file}" 2> /dev/null
 }
 
 _solve-challenge-7() {
@@ -288,10 +289,10 @@ _solve-challenge-7() {
   sleep 1
   printf 'DEBUG: Score from challenge 5: %s\n' "${score}"
   counter=0
-  until timeout 1s curl -fsSL "${db_addr}:8000" ; do
+  until timeout 1s curl -fsSL "${db_addr}:8000"; do
     printf 'Web app not reachable, trying again...\n' >&2
     counter="$((counter + 1))"
-    if [[ "${counter}" -ge 30 ]] ; then
+    if [[ "${counter}" -ge 30 ]]; then
       return 1
     fi
     sleep 1
@@ -322,13 +323,13 @@ _solve-challenge-7() {
   local score="$(_get-score)"
   sleep 1
   printf 'DEBUG: Score from challenge 7: %s\n' "${score}"
-  pushd "${git_dir}" >/dev/null
+  pushd "${git_dir}" > /dev/null
   git config --global --add safe.directory ${git_dir}
-  if [ ! "$(git rev-parse main)" = "$(git rev-parse release/bunnies_v1)" ] ; then
+  if [ ! "$(git rev-parse main)" = "$(git rev-parse release/bunnies_v1)" ]; then
     return 1
   fi
   sleep 1
-  popd >/dev/null
+  popd > /dev/null
   [[ -f "/home/appuser/congrats.md" ]]
 }
 

diff --git a/scripts/wetty.docker-compose.yaml b/scripts/wetty.docker-compose.yaml
@@ -0,0 +1,34 @@
+# Sample docker compose file to demonstrate the usage of wetty behind a reverse
+# proxy, optionally with Let's Encrypt based SSL certificate
+#
+# For SSL support, uncomment the commented lines. Consult traefik documentation
+# for features like automatic forward from HTTP to HTTPS etc.
+
+services:
+  wetty:
+    image: wettyoss/wetty
+    command:
+      - --base=/
+      - --ssh-host=<hostname>
+      - --title "OSC Workshop"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wetty.rule=Host(`<hostname>`)"
+      - "traefik.http.routers.wetty.tls.certResolver=default"
+      - "traefik.http.routers.wetty.tls=true"
+
+  reverse-proxy:
+    image: traefik
+    command:
+      - --providers.docker
+      - --entryPoints.web.address=:80
+      - --entryPoints.websecure.address=:443
+      - --certificatesResolvers.default.acme.email=justin.debo@gmail.com
+      - --certificatesResolvers.default.acme.storage=acme.json
+      - --certificatesResolvers.default.acme.httpChallenge.entryPoint=web
+    ports:
+      - "80:80"
+      - "443:443"
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock