Devops for scc-luhack.lancs.ac.uk

This is the main website used for challenges and writeups.

It is hosted on a SCC vps running ubuntu focal server. It uses the basic configuration found here to automatically update.

You can access it by running

ssh -o ProxyCommand="ssh -W %h:%p <user>@scc-bastion.lancs.ac.uk -p 6767" <user>@scc-luhack.lancs.ac.uk -p 6767

All the files for the website are in /home/simmsb/luhack.

.env file

Run the following command to set the correct permissions on the .env file

chmod o-rwx .env

Discord Setup

The discord bot and oauth integration uses the official discord api.

You can use it to get the oauth keys and setup the bot. You will need to add http://example.com/oauth/auth to the discord oauth redirects lists as well.

The webhook needs to be set up in the discord app itself in the standard way.

NOTE: You will need to enable intents for the discord bot to work.

Tailscale setup

To do all of the tailscale stuff, we use the old unofficial tailscale API. To get the api keys, login to tailscale and use the browser console storage tab to get the tokens.

Database backups

To interact with the database you will want to run commands as the simmsb user.

The basic command to restore a db backup is:

cat mydump.sql | docker exec -i luhack_db_1 sh -c "psql -U postgres"

To create a backup run:

docker exec -t luhack_db_1 pg_dumpall -c -U postgres > dump_`date +%d-%m-%Y"_"%H_%M_%S`.sql

Automation

The backup.sh script works creating a new db dump and uploading it to a dropbox account. This can then be downloaded and used to restore the database.

The file contains the following contents:

#! /bin/bash

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

sudo -u simmsb docker exec -t luhack_db_1 pg_dumpall -c -U postgres > latest.sql

gpg --output db.data --symmetric --cipher-algo AES256 --passphrase-file dropbox.key --batch latest.sql

curl -X POST https://api.dropboxapi.com/2/files/delete_v2 \
  --header 'Authorization: Bearer <TOKEN>' \
  --header 'Content-Type: application/json' \
  --data '{"path":"/db.data"}'

curl -X POST https://content.dropboxapi.com/2/files/upload \
  --header 'Authorization: Bearer <TOKEN>' \
  --header 'Content-Type: application/octet-stream' \
  --header 'Dropbox-API-Arg: {"path":"/db.data"}' \
  --data-binary @./db.data

This uses the dropbox api via curl. You will need the following 3 commands to replicate the file:

• Delete a file
• Upload a file
• Generate a new oauth token

Currently, @MaxAFriedrich has the credentials for this account and the encryption key for the data. If you want to access this data, ask him.

To decrypt the db.data that you download from dropbox run:

gpg --output mydump.sql --decrypt db.data

It runs in the root crontab with:

30 20 * * * cd /home/simmsb/luhack/ && sudo ./backup.sh