diff options
| author | W. Kosior <koszko@koszko.org> | 2024-05-27 12:19:19 +0200 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2024-05-27 12:29:59 +0200 |
| commit | ee8fac8ab8529e2d105c7e55c2c9b28aefd19b46 (patch) | |
| tree | 7f7559d0ba91710624eb2c76a9765587595d8153 /notes.org | |
| parent | 2d05ae83321cdf8aa3abab6acdd69f331ef4b89a (diff) | |
| download | AGH-ctf-course-2024-magister.tar.gz AGH-ctf-course-2024-magister.zip | |
Diffstat (limited to 'notes.org')
| -rw-r--r-- | notes.org | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/notes.org b/notes.org new file mode 100644 index 0000000..6c30a6c --- /dev/null +++ b/notes.org @@ -0,0 +1,55 @@ +* What, where and how + +The system definition relies on some private Guix modifications you can find +[[https://git.koszko.org/guix/][here]]. + +The VM preparation commands below expect some files to already exist in +project's directory +- =fullchain.pem= - certificate chain +- =privkey.pem= - its private key +- =owner.pub= - SSH public key to set up SSH root access to the VM + +#+begin_src shell-script + # guix shell qemu-minimal parted + qemu-img create -f qcow2 vm.qcow2 100G + sudo modprobe nbd max_part=63 + sudo qemu-nbd -n -c /dev/nbd0 vm.qcow2 + sudo parted --script /dev/nbd0 mktable msdos + sudo parted --script /dev/nbd0 mkpart primary 0% 100% + sudo mkfs.ext4 -L ctftilde-root /dev/nbd0p1 + sudo tune2fs -O ^metadata_csum_seed /dev/nbd0p1 + sudo mount /dev/nbd0p1 /mnt + sudo sh -c "CTFTILDE_DISK_DEV=/dev/nbd0 guix system init vm.scm /mnt/" + sudo mkdir -p /mnt/etc/cert-ctftilde + sudo cp fullchain.pem privkey.pem /mnt/etc/cert-ctftilde/ + sudo umount /mnt + sudo qemu-nbd -d /dev/nbd0 + + # Verification that `guix deploy` works, optional. + HOSTFWD= + for VM_PORT in 22 80 443 1965 20030; do + HOSTFWD="$HOSTFWD,hostfwd=tcp::$VM_PORT-:$VM_PORT" + done + for VM_PORT in 20030; do + HOSTFWD="$HOSTFWD,hostfwd=udp::$VM_PORT-:$VM_PORT" + done + sudo qemu-system-x86_64 -net nic,model=rtl8139 -net user"$HOSTFWD" \ + -m 2G -hda vm.qcow2 -nographic -enable-kvm + ssh-keygen -R localhost + VM_SSH_HOST_KEY="$(ssh root@localhost 'awk "{print \$1 \" \" \$2}" /etc/ssh/ssh_host_ed25519_key.pub')" + sed -i "s|ssh-ed25519 [^\"]\+|$VM_SSH_HOST_KEY|" vm-deploy.scm + guix deploy vm-deploy.scm +#+end_src + +Some work is then needed to manually create Abdul's user account and copy the +relevant files (no automation, unfortunately). + +The HTML version of Abdul's blog has been generated from Gemtext version using a +modifier variant of =convert_gemtext_file.py= from [[https://raw.githubusercontent.com/huntingb/gemtext-html-converter][here]]. The modified variant +is unfortunately not included here (because GPL requires documenting what +exactly got changed and I am too lazy). + +* Copying + +Unless specified otherwise, files were authored by Wojtek Kosior and are +available under the terms of CC0-1.0. |