ctf-ansible/challenges.yml at master · blairsec/ctf-ansible · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
---
- hosts: challenges
  gather_facts: False
  tasks:
  - name: install python 2
    become: true
    raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)

- hosts: challenges
  vars_files:
    - roles/narwhal/vars/config.yml
  roles:
    - role: caddy_ansible.caddy_ansible
      become: true
      caddy_setcap: yes
      caddy_systemd_capabilities_enabled: true
      caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
      caddy_features: tls.dns.route53
      caddy_environment_variables:
        AWS_ACCESS_KEY_ID: "{{ aws_access_key_id }}"
        AWS_SECRET_ACCESS_KEY: "{{ aws_secret_access_key }}"
      caddy_config: |
        {{ narwhal_url }} {
          tls {{ ca_email }} {
            dns route53
            wildcard
          }
          proxy / localhost:8000 {
            transparent
          }
        }
        {% for url in challenge_urls %}
        *.{{ url }} {
          proxy / localhost:8001 {
            transparent
          }
          tls {{ ca_email }} {
            dns route53
          }
        }
        {% endfor %}
    - narwhal