From f4616d86c918fa2728d2ade87b2fcb7f200d93a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Bj=C3=B6rklund?= Date: Fri, 6 Dec 2024 12:35:49 +0100 Subject: [PATCH] First mockup of vuln-dashboard class. --- .../modules/soc/manifests/vuln-dashboard.pp | 35 +++++++++++ .../vuln-dashboard/docker-compose.yml.erb | 58 +++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp create mode 100644 global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb diff --git a/global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp b/global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp new file mode 100644 index 0000000..c1512a9 --- /dev/null +++ b/global/overlay/etc/puppet/modules/soc/manifests/vuln-dashboard.pp @@ -0,0 +1,35 @@ +class soc::vuln-dashboard( + String $hostname = $facts['networking']['fqdn'], + String $tag = 'latest', + String $db_datadir = '/opt/vuln-dashboard/dbdata', + String $pocs_storage_dir = '/opt/vuln-dashboard/pocsdata', +) +{ + +$db_name=lookup('vuln-dashboard.dn_name', undef, undef, 'sunet') +$db_user=lookup('vuln-dashboard.db_user', undef, undef, 'playground') +$db_pass=lookup('vuln-dashboard.db_pass', undef, undef, 'password') +$db_port=lookup('vuln-dashbaord.db_port', undef, undef, '5432') +$db_host=lookup('vuln-dashboard.db_host', undef, undef, 'postgres') +$censys_api_secret=lookup('vuln-dashboard.censys_api_secret', undef, undef, 'null') +$censys_api_id=lookup('vuln-dashboard.censys.api_id', undef, undef, 'null') + +file { + '/opt/vuln-dashboard': + ensure => directory, + ; + '${db_datadir}': + ensure => directory, + ; + '${pocs_storage_dir}': + ensure => directory, +} + +sunet::dockercompose { 'vuln-dashboard': + service_name => 'vuln-dashboard', + description => 'SOC vuln dashboard', + compose_dir => '/opt/vuln-dashboard' + content => template('soc/vuln-dashboard/docker-compose.yml.erb'), +} + +} diff --git a/global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb b/global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb new file mode 100644 index 0000000..20278bc --- /dev/null +++ b/global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb @@ -0,0 +1,58 @@ +--- +services: + + # copy that's run locally in docker, + # app files are mounted for quick-reload and fast iterations + local: + container_name: <%= @sso_service_name %> + depends_on: + - postgres + image: dashboard-local:latest + pull_policy: never + environment: + DB_NAME: <%= @db_name %> + DB_USER: <%= @db_user %> + DB_PW: <%= @db_pass %> + DB_HOST: <%= @db_host %> + DB_PORT: <%= @db_port %> + CENSYS_API_ID: <%= @censys_api_id %> + CENSYS_API_SECRET: <%= @censys_api_secret %> + ports: + - "127.0.0.1:8000:8000" + init: true + volumes: + - pocs-data:/app/stored_pocs + networks: + - default + - sso + + postgres: + container_name: postgres + image: postgres:latest + environment: + POSTGRES_DB: <%= @db_name %> + POSTGRES_USER: <%= @db_user %> + POSTGRES_PASSWORD: <%= @db_pass %> + volumes: + - postgres-data:/var/lib/postgresql/data # Maps local folder to the container's data folder + restart: always # Ensures that the container restarts if it crashes or is stopped + networks: + - default + +volumes: + postgres-data: + driver: local + driver_opts: + device: <%= @db_datadir %> + o: bind + type: none + pocs-data: + driver: local + driver_opts: + device: <%= $pocs_storage_dir %> + o: bind + type: none + +networks: + sso: + external: true