nsec
diff --git a/‎ctf/models.py‎
Lines changed: 95 additions & 1 deletion b/‎ctf/models.py‎
Lines changed: 95 additions & 1 deletion
diff --git a/‎ctf/new.py‎
Lines changed: 3 additions & 3 deletions b/‎ctf/new.py‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎ctf/templates/init/schemas/track.yaml.json‎
Lines changed: 135 additions & 3 deletions b/‎ctf/templates/init/schemas/track.yaml.json‎
Lines changed: 135 additions & 3 deletions
@@ -1,13 +1,18 @@
 from __future__ import annotations
 
-from typing import Annotated, Any
+from typing import Annotated, Any, Literal
 
 from pydantic import (
     BaseModel,
+    ConfigDict,
+    Field,
+    RootModel,
     StringConstraints,
 )
 
 IncusStr = Annotated[str, StringConstraints(pattern=r"^[a-z][a-z0-9\-]{0,61}[a-z0-9]$")]
+PortNumber = Annotated[int, Field(ge=1, le=65535)]
+CheckType = Literal["http", "https", "ssh", "tcp"]
 
 
 class Track(BaseModel):
@@ -49,3 +54,92 @@ def __str__(self) -> str:
 
     def __repr__(self) -> str:
         return f'{self.__class__.__name__}(error_name="{self.error_name}", error_description="{self.error_description}", track_name="{self.track_name}", details= {self.details})'
+
+
+class TrackContacts(BaseModel):
+    dev: list[str]
+    qa: list[str]
+    support: list[str]
+
+
+class InstanceConfig(BaseModel):
+    model_config = ConfigDict(extra="allow")
+
+
+class InstanceDeviceProperties(BaseModel):
+    model_config = ConfigDict(extra="allow")
+
+
+class InstanceDevice(BaseModel):
+    name: str
+    type: str
+    properties: InstanceDeviceProperties
+
+
+class InstanceWaitFor(BaseModel):
+    model_config = ConfigDict(extra="allow")
+    type: str | None = None
+
+
+class InstanceService(BaseModel):
+    name: str
+    port: PortNumber
+    check: CheckType
+    dev_port_mapping: PortNumber | None = None
+
+
+class TrackInstance(BaseModel):
+    is_build_container: bool = False
+    image: str
+    profiles: list[str]
+    type: Literal["container", "virtual-machine"]
+    description: str
+    hwaddr: str | None = None
+    record: str | None = None
+    ipv6: str | None = None
+    config: InstanceConfig
+    devices: list[InstanceDevice]
+    wait_for: InstanceWaitFor | None = None
+    services: list[InstanceService]
+
+
+class TrackInstances(RootModel[dict[str, TrackInstance]]): ...
+
+
+class FlagTags(BaseModel):
+    model_config = ConfigDict(extra="allow")
+    discourse: str | None = None
+    ui_sound: str | None = None
+    ui_gif: str | None = None
+
+
+class TrackFlag(BaseModel):
+    flag: str
+    value: int
+    description: str | None = None
+    return_string: str
+    cfss: str | None = None
+    tags: FlagTags | None = None
+
+
+class DeprecatedTrackService(BaseModel):
+    name: str
+    instance: str
+    address: str
+    port: PortNumber
+    check: CheckType
+    dev_port_mapping: PortNumber | None = None
+
+
+class TrackYaml(BaseModel):
+    name: str
+    description: str
+    integrated_with_scenario: bool
+    contacts: TrackContacts
+    instances: TrackInstances | None = None
+    flags: list[TrackFlag]
+    services: list[DeprecatedTrackService] | None = None
+
+
+# TrackInstances.model_rebuild()
+# TrackYaml.model_rebuild()
@@ -126,8 +126,10 @@ def new(
         data={
             "name": name,
             "full_ipv6_address": full_ipv6_address,
-            "ipv6_subnet": ipv6_subnet,
+            "hardware_address": hardware_address,
+            "is_windows": template == Template.WINDOWS_VM,
             "template": template.value,
+            "with_build": with_build_container,
         }
     )
     with open(
@@ -201,8 +203,6 @@ def new(
     render = track_template.render(
         data={
             "name": name,
-            "hardware_address": hardware_address,
-            "ipv6": ipv6_address,
             "ipv6_subnet": ipv6_subnet,
             "full_ipv6_address": full_ipv6_address,
             "with_build": with_build_container,
 
@@ -54,8 +54,139 @@
           "support"
         ]
       },
+      "instances": {
+        "description": "Map of instance definitions for this track.",
+        "type": "object",
+        "additionalProperties": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": [
+            "image",
+            "profiles",
+            "type",
+            "description",
+            "hwaddr",
+            "record",
+            "ipv6",
+            "config",
+            "devices",
+            "services"
+          ],
+          "properties": {
+            "is_build_container": {
+              "type": "boolean",
+              "description": "Set to true for build-only containers."
+            },
+            "image": {
+              "type": "string",
+              "minLength": 1,
+              "description": "Incus image reference used by this instance."
+            },
+            "profiles": {
+              "type": "array",
+              "minItems": 1,
+              "items": {
+                "type": "string",
+                "minLength": 1
+              },
+              "description": "Incus profiles applied to this instance."
+            },
+            "type": {
+              "type": "string",
+              "enum": ["container", "virtual-machine"],
+              "description": "Type of instance."
+            },
+            "description": {
+              "type": "string",
+              "minLength": 1,
+              "description": "Instance description."
+            },
+            "hwaddr": {
+              "type": ["string", "null"],
+              "description": "MAC address of the instance network interface."
+            },
+            "record": {
+              "type": ["string", "null"],
+              "description": "DNS record prefix (without .ctf)."
+            },
+            "ipv6": {
+              "type": ["string", "null"],
+              "description": "IPv6 address of the instance."
+            },
+            "config": {
+              "type": "object",
+              "additionalProperties": true,
+              "description": "Incus instance config values."
+            },
+            "devices": {
+              "type": "array",
+              "description": "Extra Incus devices for this instance.",
+              "items": {
+                "type": "object",
+                "additionalProperties": false,
+                "required": ["name", "type", "properties"],
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "minLength": 1
+                  },
+                  "type": {
+                    "type": "string",
+                    "minLength": 1
+                  },
+                  "properties": {
+                    "type": "object",
+                    "additionalProperties": true
+                  }
+                }
+              }
+            },
+            "wait_for": {
+              "type": "object",
+              "description": "Optional wait condition for instance startup.",
+              "additionalProperties": true
+            },
+            "services": {
+              "description": "List of network services running on this instance.",
+              "type": "array",
+              "uniqueItems": true,
+              "items": {
+                "type": "object",
+                "additionalProperties": false,
+                "required": ["name", "port", "check"],
+                "properties": {
+                  "name": {
+                    "description": "Name of the network service. Must be unique for a given instance.",
+                    "type": "string",
+                    "minLength": 1,
+                    "pattern": "^[a-zA-Z0-9-]+$"
+                  },
+                  "port": {
+                    "description": "Port number where the network service listens on.",
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 65535
+                  },
+                  "check": {
+                    "description": "Type of check used to validate service availability.",
+                    "type": "string",
+                    "enum": ["http", "https", "ssh", "tcp"]
+                  },
+                  "dev_port_mapping": {
+                    "type": "integer",
+                    "minimum": 1,
+                    "maximum": 65535,
+                    "description": "Optional localhost port mapping used during development."
+                  }
+                }
+              }
+            }
+          }
+        }
+      },
       "services": {
-        "description": "List of network services used by the track.",
+        "description": "DEPRECATED: List of network services used by the track.",
+        "deprecated": true,
         "type": "array",
         "uniqueItems": true,
         "items": {
@@ -81,7 +212,9 @@
             },
             "port": {
               "description": "Port number where the network service listens on.",
-              "type": "number"
+              "type": "integer",
+              "minimum": 1,
+              "maximum": 65535
             },
             "check": {
               "description": "Type of check to do to make sure this service is up and alert us during the CTF if it's down.",
@@ -167,7 +300,6 @@
       "description",
       "integrated_with_scenario",
       "contacts",
-      "services",
       "flags"
     ]
   }