ynetd: add hardened ctf-centric fork

haylinmoore · haylinmoore · commit f729dd3bdbb9 · 2025-03-17T20:21:37.000-04:00
diff --git a/pkgs/by-name/yn/ynetd/hardened.nix b/pkgs/by-name/yn/ynetd/hardened.nix
@@ -0,0 +1,29 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "ctf-ynetd";
+  version = "2024.12.31";
+
+  src = fetchurl {
+    url = "https://hxp.io/assets/data/code/ctf-ynetd-2024.12.31.tar.xz";
+    hash = "sha256-hUEZZEulmaV3KfKOqE1wl7y4SRUn2/HoOjVDabk5+YA=";
+  };
+
+  installPhase = ''
+    runHook preInstall
+    install -Dm755 ynetd $out/bin/ynetd
+    runHook postInstall
+  '';
+
+  meta = {
+    description = "Fork of ynetd hardened for CTFs with isolation using PID namespaces, minimal overhead proof-of-work checking, and strict resource limits via cgroups";
+    homepage = "https://hxp.io/code/";
+    license = lib.licenses.mit;
+    platforms = lib.platforms.linux;
+    maintainers = [ lib.maintainers.haylin ];
+    mainProgram = "ynetd";
+  };
+})
diff --git a/pkgs/by-name/yn/ynetd/package.nix b/pkgs/by-name/yn/ynetd/package.nix
@@ -2,6 +2,7 @@
   lib,
   stdenv,
   fetchurl,
+  callPackage,
 }:
 stdenv.mkDerivation (finalAttrs: {
   pname = "ynetd";
@@ -22,6 +23,10 @@ stdenv.mkDerivation (finalAttrs: {
     runHook postInstall
   '';
 
+  # ctf-ynetd releases are based on the last stable ynetd version
+  # these should be kept in sync when possible
+  passthru.hardened = callPackage ./hardened.nix { };
+
   meta = {
     description = "Small server for binding programs to TCP ports";
     homepage = "https://yx7.cc/code/";
