First mockup of vuln-dashboard class.

2024-12-06 12:35:49 +01:00 · 2024-12-06 12:35:49 +01:00 · f4616d86c9
commit f4616d86c9
parent 16773b02df
2 changed files with 93 additions and 0 deletions
--- a/global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp
@ -0,0 +1,35 @@
+class soc::vuln-dashboard(
+  String            $hostname         = $facts['networking']['fqdn'],
+  String            $tag              = 'latest',
+  String            $db_datadir       = '/opt/vuln-dashboard/dbdata',
+  String            $pocs_storage_dir = '/opt/vuln-dashboard/pocsdata',
+)
+{
+
+$db_name=lookup('vuln-dashboard.dn_name', undef, undef, 'sunet')
+$db_user=lookup('vuln-dashboard.db_user', undef, undef, 'playground')
+$db_pass=lookup('vuln-dashboard.db_pass', undef, undef, 'password')
+$db_port=lookup('vuln-dashbaord.db_port', undef, undef, '5432')
+$db_host=lookup('vuln-dashboard.db_host', undef, undef, 'postgres')
+$censys_api_secret=lookup('vuln-dashboard.censys_api_secret', undef, undef, 'null')
+$censys_api_id=lookup('vuln-dashboard.censys.api_id', undef, undef, 'null')
+
+file {
+  '/opt/vuln-dashboard':
+    ensure => directory,
+    ;
+  '${db_datadir}':
+    ensure => directory,
+    ;
+  '${pocs_storage_dir}':
+    ensure => directory,
+}
+
+sunet::dockercompose { 'vuln-dashboard':
+  service_name => 'vuln-dashboard',
+  description  => 'SOC vuln dashboard',
+  compose_dir  => '/opt/vuln-dashboard'
+  content      => template('soc/vuln-dashboard/docker-compose.yml.erb'),
+}
+
+}
--- a/global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb
@ -0,0 +1,58 @@
+---
+services:
+
+  # copy that's run locally in docker,
+  # app files are mounted for quick-reload and fast iterations
+  local:
+    container_name: <%= @sso_service_name %>
+    depends_on:
+      - postgres
+    image: dashboard-local:latest
+    pull_policy: never
+    environment:
+      DB_NAME: <%= @db_name %>
+      DB_USER: <%= @db_user %>
+      DB_PW: <%= @db_pass %>
+      DB_HOST: <%= @db_host %>
+      DB_PORT: <%= @db_port %>
+      CENSYS_API_ID: <%= @censys_api_id %>
+      CENSYS_API_SECRET: <%= @censys_api_secret %>
+    ports:
+      - "127.0.0.1:8000:8000"
+    init: true
+    volumes:
+      - pocs-data:/app/stored_pocs
+    networks:
+      - default
+      - sso
+
+  postgres:
+    container_name: postgres
+    image: postgres:latest
+    environment:
+      POSTGRES_DB: <%= @db_name %>
+      POSTGRES_USER: <%= @db_user %>
+      POSTGRES_PASSWORD: <%= @db_pass %>
+    volumes:
+      - postgres-data:/var/lib/postgresql/data  # Maps local folder to the container's data folder
+    restart: always  # Ensures that the container restarts if it crashes or is stopped
+    networks:
+      - default
+
+volumes:
+  postgres-data:
+    driver: local
+    driver_opts:
+      device: <%= @db_datadir %>
+      o: bind
+      type: none
+  pocs-data:
+    driver: local
+    driver_opts:
+      device: <%= $pocs_storage_dir %>
+      o: bind
+      type: none
+
+networks:
+  sso:
+    external: true