It has a very simple infrastructure with the tools you might need when working on a pentesting team.
It contains:
- WireGuard (VPN)
- PiHole (DNS) - dns.lan
- PwnDoc - pwndoc.lan
- Gitea - git.lan
- Netdata - netdata.lan
- Nginx
- KMS
Before executing the script install.sh
, you need to modify your Ubuntu machine so you can initialise the docker container while having the DNS resolver working for the installation..
- Modify the file
/etc/systemd/resolved.conf
with the following content.
[Resolve]
DNS=1.1.1.1
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=no
DNSStubListener=no
#ReadEtcHosts=yes
- Create a symbolic link for
/run/systemd/resolve/resolv.conf
.
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
- Restart systemd-resolved
sudo systemctl restart systemd-resolved
To deploy the infraestructure, just execute the installation script, passing the PiHole password as argument and the IP or domain where the VPN server will be located.
bash ./install.sh <PIHOLE_PASSWORD>
Once everything is set and running, change the IP of /run/systemd/resolve/resolv.conf
by 127.0.0.1
.
Finally, you only need to add your telegram API key and CHATID to the netdata container so you can be notified if something odd happens on your machine. To do so, follow this link.
sudo tar -czf ~/Infra/BackUps/PwnDoc/mongo-data.tar.gz -C ~/Infra/PwnDoc/backend/mongo-data/ .
docker exec -u git -d -w /backup infra-gitea-1 bash -c '/usr/local/bin/gitea dump --tempdir /backup/'
docker exec -d -w /backup pihole bash -c "pihole -a -t pihole.tar.gz"
- Stop the backend container
docker stop pwndoc-backend
- Restore the data Reference: https://pwndoc.github.io/pwndoc/#/installation?id=backup
sudo rm -rf ./PwnDoc/backend/mongo-data/*
sudo tar -xzf ~/Downloads/mongo-data.tar.gz -C ./PwnDoc/backend/mongo-data
- Restart the frontend container.
docker restart pwndoc-frontend
- Stop the containers
- Copy the backup file, unzip it and move everything to its place. Reference: https://docs.gitea.com/administration/backup-and-restore#using-docker-rootless-restore
sudo cp ~/Downloads/gitea-dump.zip ./Gitea/backup/
sudo chown 1000:1000 ./Gitea/backup/gitea-dump.zip
docker exec -u git -it -w /backup infra-gitea-1 bash
unzip gitea-dump.zip
mv app.ini /etc/gitea/app.ini;
rm -rf /var/lib/gitea/* && mv data/* /var/lib/gitea;
cp -r ./repos/. /var/lib/gitea/git/repositories/
chown -R git:git /etc/gitea/app.ini /var/lib/gitea
- Restore the database
sudo cp ./Gitea/backup/gitea-db.sql ./Gitea/postgres/
docker exec -it infra-gitea-postgress-1 bash
psql -U gitea -d gitea < /var/lib/postgresql/data/gitea-db.sql
- Restart the containers.
docker restart infra-gitea-1 infra-gitea-postgress-1
- Access to
https://raspi.lan/admin/settings.php?tab=teleporter
- Upload the backup file and press on restore.
- Access the container and update the list of ad-serving domains
docker exec -d pihole bash -c 'pihole -g'