2023-10-22 14:33:43 +00:00
|
|
|
#!/bin/bash
|
2023-07-24 14:14:52 +00:00
|
|
|
|
2023-07-24 15:22:43 +00:00
|
|
|
set -e
|
|
|
|
|
2024-03-22 17:56:57 +00:00
|
|
|
export DOMAIN_NAME="live.fic.srs.epita.fr"
|
|
|
|
export IP_FRONTEND="10.42.192.3/24"
|
|
|
|
export IP_FRONTEND_ROUTER="10.42.192.1"
|
|
|
|
export IP_FIC_SRS_FR=$(host ${DOMAIN_NAME} | grep -o '\([0-9]\{1,3\}.\)\+')
|
2024-03-23 11:56:52 +00:00
|
|
|
export IPS_BACKEND="192.168.3.92/24\\n192.168.4.92/24\\n"
|
2024-03-22 17:56:57 +00:00
|
|
|
export IP_BACKEND_ROUTER="192.168.3.1"
|
|
|
|
|
2024-03-27 20:36:06 +00:00
|
|
|
export AIRBUS_DESTINATION="gaming.cyberrange.lan"
|
2024-03-24 20:22:35 +00:00
|
|
|
export AIRBUS_BASEURL="https://${AIRBUS_DESTINATION}/api"
|
2024-03-22 18:08:21 +00:00
|
|
|
export AIRBUS_TOKEN="abcdef0123456789abcdef0123456789"
|
|
|
|
export AIRBUS_SESSION_NAME="Forensique"
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2024-03-23 11:56:52 +00:00
|
|
|
export IPS_FRONTEND="${IP_FRONTEND}\\n${IP_FIC_SRS_FR}\\n"
|
|
|
|
|
2023-07-24 15:22:43 +00:00
|
|
|
escape_newline () {
|
|
|
|
sed 's/$/\\n/g' | tr -d '\n'
|
|
|
|
}
|
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
if [ $# -gt 0 ]
|
|
|
|
then
|
2023-10-23 12:54:05 +00:00
|
|
|
which jq > /dev/null 2> /dev/null || { echo "Please install jq" >&2; exit 1; }
|
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
# Expect a previous ISO to update:
|
|
|
|
# Keep: DM_CRYPT, DHPARAMs and SYNCHRO_SSH_KEY
|
|
|
|
|
2024-03-23 17:23:55 +00:00
|
|
|
P=$(pwd)
|
|
|
|
D=$(mktemp -d)
|
|
|
|
pushd "${D}" > /dev/null
|
|
|
|
|
|
|
|
isoinfo -i "${P}/$1" -X -find -iname "USER_DAT*" > /dev/null || 7z x "$1" > /dev/null
|
2023-10-23 12:54:05 +00:00
|
|
|
|
2024-03-23 10:40:18 +00:00
|
|
|
FNAME="USER_DAT.;1"
|
2023-10-23 12:54:05 +00:00
|
|
|
if ! [ -f "$FNAME" ] && [ -f user-data ]
|
|
|
|
then
|
|
|
|
FNAME="user-data"
|
|
|
|
fi
|
2023-10-23 08:32:22 +00:00
|
|
|
|
2024-03-23 11:56:52 +00:00
|
|
|
export DM_CRYPT=$(jq -r '."dm-crypt".entries.key.content' "${FNAME}" | tr -d '\n')
|
2023-10-23 16:27:00 +00:00
|
|
|
export DHPARAM=$(jq -r '."tls_config".entries."dhparams-4096.pem".content' "${FNAME}" | escape_newline)
|
|
|
|
export SYNCRO_PRIVATE_KEY=$(jq -r '.synchro.entries.id_ed25519.content' "${FNAME}" | escape_newline)
|
|
|
|
export SYNCRO_PUBLIC_KEY=$(jq -r '.synchro.entries."id_ed25519.pub".content' "${FNAME}" | escape_newline)
|
2024-03-23 17:23:55 +00:00
|
|
|
|
|
|
|
popd > /dev/null
|
|
|
|
rm -rf "${D}"
|
2023-10-23 08:32:22 +00:00
|
|
|
fi
|
|
|
|
|
2023-10-22 13:16:26 +00:00
|
|
|
which vault > /dev/null 2> /dev/null || { echo "Please install vault" >&2; exit 1; }
|
|
|
|
|
2023-07-24 15:22:43 +00:00
|
|
|
export VAULT_ADDR="${VAULT_ADDR:-"https://vault.srs.epita.fr:443"}"
|
|
|
|
SSH_PATH="${SSH_PATH:-/tmp/fic_ssh}"
|
|
|
|
DHPARAM_PATH="${DHPARAM_PATH:-/tmp/dhparam.pem}"
|
2023-07-24 15:55:22 +00:00
|
|
|
OUTPUT_PATH="${OUTPUT_PATH:-"$(mktemp -d)"}"
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-10-22 14:34:34 +00:00
|
|
|
command -v vault &> /dev/null || (echo "vault could not be found" && exit)
|
2023-07-24 15:22:43 +00:00
|
|
|
vault login -method=oidc -no-print 2> /dev/null
|
|
|
|
|
2024-03-23 17:23:55 +00:00
|
|
|
[ -z "${DM_CRYPT}" ] && echo "/!\\ GENERATE NEW DM_CRYPT SECRETS" && export DM_CRYPT="$(tr -d -c "a-zA-Z0-9" < /dev/urandom | fold -w512 | head -n 1)"
|
2024-03-23 11:56:52 +00:00
|
|
|
export CERT_PEM="$(vault kv get --field=cert.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
|
|
|
|
export CHAIN_PEM="$(vault kv get --field=chain.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
|
|
|
|
export FULLCHAIN_PEM="$(vault kv get --field=fullchain.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
|
|
|
|
export PRIVKEY_PEM="$(vault kv get --field=privkey.pem fic/cert/${DOMAIN_NAME} | escape_newline)"
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
if [ -z "${SYNCRO_PUBLIC_KEY}" ] || [ -z "${SYNCRO_PRIVATE_KEY}" ]
|
|
|
|
then
|
|
|
|
ssh-keygen -a 100 -t ed25519 -q -f "$SSH_PATH" -N "" <<< 'y'
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
export SYNCRO_PUBLIC_KEY="$(cat "$SSH_PATH".pub | escape_newline)"
|
|
|
|
export SYNCRO_PRIVATE_KEY="$(cat "$SSH_PATH" | escape_newline)"
|
|
|
|
fi
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
if [ -z "${DHPARAM}" ] && ! [ -f "$DHPARAM_PATH" ]
|
|
|
|
then
|
|
|
|
command -v openssl &> /dev/null || (echo "openssl could not be found" && exit)
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-10-23 08:32:22 +00:00
|
|
|
echo -e "\n\nGenerating DH params please wait"
|
|
|
|
openssl dhparam -out "$DHPARAM_PATH" 4096 &>/dev/null
|
|
|
|
elif ! [ -f "$DHPARAM_PATH" ]
|
|
|
|
then
|
|
|
|
echo "${DHPARAM}" > "${DHPARAM_PATH}"
|
|
|
|
fi
|
2023-07-24 15:22:43 +00:00
|
|
|
export DHPARAM="$(cat "$DHPARAM_PATH" | escape_newline)"
|
|
|
|
|
2024-03-23 17:23:55 +00:00
|
|
|
export AUTHORIZED_KEYS="$(cat "$(dirname $0)/authorized_keys" | escape_newline)"
|
2024-03-22 18:20:47 +00:00
|
|
|
|
2023-07-24 15:22:43 +00:00
|
|
|
TEMPLATE='
|
2023-07-24 14:14:52 +00:00
|
|
|
{
|
|
|
|
"dm-crypt": {
|
|
|
|
"entries": {
|
|
|
|
"key": {
|
|
|
|
"perm": "0440",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${DM_CRYPT}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"ssh": {
|
|
|
|
"entries": {
|
|
|
|
"authorized_keys": {
|
|
|
|
"perm": "0444",
|
2024-03-22 18:20:47 +00:00
|
|
|
"content": "${AUTHORIZED_KEYS}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"synchro": {
|
|
|
|
"entries": {
|
|
|
|
"id_ed25519": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${SYNCRO_PRIVATE_KEY}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"id_ed25519.pub": {
|
|
|
|
"perm": "0444",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${SYNCRO_PUBLIC_KEY}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2024-03-22 17:56:57 +00:00
|
|
|
"ip_config": {
|
|
|
|
"entries": {
|
|
|
|
"frontend-players": {
|
|
|
|
"perm": "0444",
|
2024-03-23 11:56:52 +00:00
|
|
|
"content": "${IPS_FRONTEND}"
|
2024-03-22 17:56:57 +00:00
|
|
|
},
|
|
|
|
"frontend-router": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${IP_FRONTEND_ROUTER}"
|
|
|
|
},
|
|
|
|
"backend-admin": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${IPS_BACKEND}"
|
|
|
|
},
|
|
|
|
"backend-router": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${IP_BACKEND_ROUTER}"
|
|
|
|
},
|
|
|
|
"domain": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${DOMAIN_NAME}"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2024-03-22 18:08:21 +00:00
|
|
|
"remote_sync": {
|
|
|
|
"entries": {
|
|
|
|
"baseurl": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${AIRBUS_BASEURL}"
|
|
|
|
},
|
2024-03-24 20:22:35 +00:00
|
|
|
"destination": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${AIRBUS_DESTINATION}"
|
|
|
|
},
|
2024-03-22 18:08:21 +00:00
|
|
|
"token": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${AIRBUS_TOKEN}"
|
|
|
|
},
|
|
|
|
"session_name": {
|
|
|
|
"perm": "0444",
|
|
|
|
"content": "${AIRBUS_SESSION_NAME}"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2023-07-24 14:14:52 +00:00
|
|
|
"tls_config": {
|
|
|
|
"entries": {
|
|
|
|
"dhparams-4096.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${DHPARAM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"cert.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${CERT_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"chain.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${CHAIN_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"fullchain.pem": {
|
|
|
|
"perm": "0400",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${FULLCHAIN_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
},
|
|
|
|
"privkey.pem": {
|
|
|
|
"perm": "0444",
|
2023-07-24 15:22:43 +00:00
|
|
|
"content": "${PRIVKEY_PEM}"
|
2023-07-24 14:14:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2023-07-24 15:22:43 +00:00
|
|
|
}'
|
|
|
|
|
2023-07-24 15:55:22 +00:00
|
|
|
echo "$TEMPLATE" | envsubst > "$OUTPUT_PATH"/user-data
|
2023-07-24 15:22:43 +00:00
|
|
|
|
2023-07-24 15:55:22 +00:00
|
|
|
echo -e "Result in $OUTPUT_PATH\nGenerating iso"
|
|
|
|
|
|
|
|
mkisofs -joliet-long -V CIDATA -o fickit-metadata.iso "${OUTPUT_PATH}"
|