-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.yaml
More file actions
93 lines (90 loc) · 3.29 KB
/
Copy pathdocker-compose.yaml
File metadata and controls
93 lines (90 loc) · 3.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
services:
redis:
image: redis:7-alpine
container_name: whaley-redis
restart: unless-stopped
command: redis-server --appendonly yes
volumes:
- redis_data:/data
networks:
- ctf-network
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
instancer:
build: .
container_name: ctf-instancer
depends_on:
redis:
condition: service_healthy
ports:
- "${INSTANCER_PORT:-8000}:8000"
volumes:
# Mount Docker socket for container management
- /var/run/docker.sock:/var/run/docker.sock
# Mount challenges directory (read-write for Challenge Manager)
- ./challenges:/challenges
# Mount logs directory
- ./logs:/app/logs
# Mount data directory for SQLite database
- ./data:/app/data
environment:
- HOST=0.0.0.0
- PORT=8000
- DEBUG=${DEBUG:-false}
- AUTH_MODE=${AUTH_MODE:-none}
- CTFD_URL=${CTFD_URL:-https://localhost}
- CTFD_API_KEY=${CTFD_API_KEY:-} # CTFd admin token for dynamic flags/sync
- ADMIN_KEY=${ADMIN_KEY:-} # Local admin key when AUTH_MODE=none
- METRICS_SECRET=${METRICS_SECRET:-} # Bearer token required for /metrics
- ADMIN_RATE_LIMIT=${ADMIN_RATE_LIMIT:-150}
- TRUSTED_PROXIES=${TRUSTED_PROXIES:-127.0.0.1,::1}
- CHALLENGES_DIR=/challenges
- PORT_RANGE_START=${PORT_RANGE_START:-10000}
- PORT_RANGE_END=${PORT_RANGE_END:-60000}
- MAX_INSTANCES_PER_USER=${MAX_INSTANCES_PER_USER:-2}
- MAX_INSTANCES_PER_TEAM=${MAX_INSTANCES_PER_TEAM:-2}
- INSTANCE_TIMEOUT=${INSTANCE_TIMEOUT:-600}
- PUBLIC_HOST=${PUBLIC_HOST:-auto}
- DYNAMIC_FLAGS_ENABLED=${DYNAMIC_FLAGS_ENABLED:-false}
- FLAG_PREFIX=${FLAG_PREFIX:-FLAG}
- TEAM_MODE=${TEAM_MODE:-auto}
# Database settings
- DATABASE_URL=sqlite+aiosqlite:///./data/whaley.db
- DATA_DIR=/app/data
# Redis for distributed locking
- REDIS_URL=redis://redis:6379/0
# Network isolation
- NETWORK_ISOLATION_ENABLED=${NETWORK_ISOLATION_ENABLED:-true}
- NETWORK_ICC_DISABLED=${NETWORK_ICC_DISABLED:-true}
- NETWORK_PREFIX=whaley
- NETWORK_SUBNET_BASE=${NETWORK_SUBNET_BASE:-10.240.0.0/16}
- NETWORK_SUBNET_PREFIX=${NETWORK_SUBNET_PREFIX:-28}
# Instance Forensics settings
- FORENSICS_AUTO_CAPTURE=${FORENSICS_AUTO_CAPTURE:-false}
- FORENSICS_MAX_SIZE_MB=${FORENSICS_MAX_SIZE_MB:-5}
- FORENSICS_TAIL_LINES=${FORENSICS_TAIL_LINES:-1000}
- FORENSICS_RETENTION_HOURS=${FORENSICS_RETENTION_HOURS:-24}
- FORENSICS_COMPRESSION=${FORENSICS_COMPRESSION:-true}
# Native packet capture settings
- PCAP_ENABLED=${PCAP_ENABLED:-true}
- PCAP_MODE=${PCAP_MODE:-all}
- PCAP_SELECTED_CHALLENGES=${PCAP_SELECTED_CHALLENGES:-}
- PCAP_MAX_SIZE_MB=${PCAP_MAX_SIZE_MB:-25}
- PCAP_RETENTION_HOURS=${PCAP_RETENTION_HOURS:-24}
- PCAP_SNAP_LEN=${PCAP_SNAP_LEN:-1024}
- PCAP_BPF_FILTER=${PCAP_BPF_FILTER:-not (host 127.0.0.11 and port 53)}
# Firewall (Experimental)
- FIREWALL_RATE_LIMIT_ENABLED=false
- FIREWALL_USE_NSENTER=false
restart: unless-stopped
networks:
- ctf-network
networks:
ctf-network:
name: ctf-instances
driver: bridge
volumes:
redis_data: