From 50a7127e63674fb31622ba80a9010a054751d184 Mon Sep 17 00:00:00 2001
From: PlexSheep <software@cscherr.de>
Date: Sat, 7 Sep 2024 15:23:32 +0200
Subject: [PATCH] feat: deploy with docker

---
 Dockerfile         | 14 ++++++++++++++
 README.md          | 39 ++++++++++++++++++++++++++++++++++++++-
 docker-compose.yml | 16 ++++++++++++++++
 3 files changed, 68 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7cbbdd7
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+FROM rust:1.80
+
+WORKDIR /usr/src/myapp
+COPY . .
+
+RUN cargo install --path .
+
+EXPOSE 1337/tcp
+
+ENV WOOLY_CHALLENGE 3
+ENV WOOLY_PORT 1337
+ENV WOOLY_ARGS ""
+
+CMD WOOLY_SECRET=$(cat /run/secrets/flag) wooly-vault $WOOLY_CHALLENGE 0.0.0.0:$WOOLY_PORT $WOOLY_ARGS
diff --git a/README.md b/README.md
index 3f1200a..4f96b50 100644
--- a/README.md
+++ b/README.md
@@ -30,5 +30,42 @@ There are a number of challenges:
 
 ## Solution
 
-Solutions for some challenges can be found in [solutions](./solutions/). Don't spoil the 
+Solutions for some challenges can be found in [solutions](./solutions/). Don't spoil the
 challenge for yourself.
+
+## Hosting
+
+As this is a challenge meant for hackers, it is advisable not to run this on
+a system that should not be hacked. Some of the later challenges will possibly
+provide remote code execution through things like SQL-injection. For this reason,
+you should probably use some kind of VM, or at least a container to host this.
+
+### Docker
+
+Wooly-Vault has a [Dockerfile](./Dockerfile) and a 
+[docker compose specification](./docker-compose.yml), so you can run it
+easily in a docker container:
+
+```bash
+WOOLY_SECRET=my_flag docker compose up
+```
+
+To configure what challenge is served and on what networking adress, tweak 
+[docker-compose.yml](./docker-compose.yml).
+
+### The regular way
+
+You can just `cargo run -r` it, or compile with `cargo build -r` and then
+execute the executable.
+
+```bash
+$ WOOLY_SECRET=my_flag wooly-vault 3 127.0.0.1:1337
+
+$ WOOLY_SECRET=my_flag cargo run -r -- 3 127.0.0.1:1337
+```
+
+## Naming
+
+Q: Why is Wooly-Vault wooly?
+
+A: I like sheeps. I'm literally PlexSheep.
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..d82fbf0
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,16 @@
+services:
+  wooly-vault:
+    container_name: wooly-vault
+    build:
+      dockerfile: ./Dockerfile
+    secrets:
+      - flag
+    ports:
+      - 127.0.0.1:1337:1337 # change this depending on who should be able to access
+    environment:
+      WOOLY_CHALLENGE: 3 # change me
+      WOOLY_PORT: 1337
+      WOOLY_ARGS: ""
+secrets:
+  flag:
+    environment: WOOLY_SECRET