IT-Intern-Capture-The-Flag/docker-compose.yml at main · Cimlah/IT-Intern-Capture-The-Flag · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Wipe any HTTP(S)_PROXY that Docker injects from ~/.docker/config.json's
# proxies.default block. The proxy is only needed at *build* time to reach
# apt/apk mirrors; at runtime every container talks exclusively to other
# containers on ctfnet, and leaving the proxy set causes corporate proxies
# to intercept bare-hostname traffic (mercury, jupiter-api, ...).
x-no-proxy: &no-proxy
  HTTP_PROXY: ""
  HTTPS_PROXY: ""
  NO_PROXY: ""
  http_proxy: ""
  https_proxy: ""
  no_proxy: ""

services:
  hub:
    build: ./hub
    hostname: hub
    restart: unless-stopped
    ports:
      - "${CTF_SSH_PORT:-2222}:22"
    networks:
      ctfnet:
        aliases:
          - hub
    environment:
      <<: *no-proxy
      CTF_ALLOW_RESET: "${CTF_ALLOW_RESET:-0}"
    volumes:
      - ${CTF_SECRETS_DIR:?CTF_SECRETS_DIR must be set by spin-up.sh}/hub.env:/etc/ctf/hub.env.src:ro
      - ${CTF_SECRETS_DIR}/mentor.hash:/etc/ctf/mentor.hash.src:ro
      - state:/var/ctf/state
    depends_on:
      - mercury
      - mars-hop
      - venus
      - earth-logs
      - jupiter-api
      - saturn-crypto
      - neptune-final

  mercury:
    build: ./tasks/task02-portscan
    hostname: mercury
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task02.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - mercury

  mars-hop:
    build: ./tasks/task05-ssh-hop
    hostname: mars-hop
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task05.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - mars-hop

  venus:
    build: ./tasks/task06-dns
    hostname: venus
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task06.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - venus

  earth-logs:
    build: ./tasks/task07-logs
    hostname: earth-logs
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task07.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - earth-logs

  jupiter-api:
    build: ./tasks/task08-api
    hostname: jupiter-api
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task08.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - jupiter-api

  saturn-crypto:
    build: ./tasks/task09-crypto
    hostname: saturn-crypto
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task09.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - saturn-crypto

  neptune-final:
    build: ./tasks/task10-final
    hostname: neptune-final
    restart: unless-stopped
    env_file: ${CTF_SECRETS_DIR}/task10.env
    environment:
      <<: *no-proxy
    networks:
      ctfnet:
        aliases:
          - neptune-final

  # Decoy containers are defined in the per-instance override file
  # (secrets/<instance>/override.yml), regenerated by
  # scripts/generate-flags.sh with a random subset of names on every spin-up.

networks:
  ctfnet:
    driver: bridge

volumes:
  state: