log_level = "info"
log_format = "text" # "text" or "json"

[ssh]
listen_addr = ":2222"
host_key_path = "oubliette_host_key"
max_connections = 500

[auth]
accept_after = 10
credential_ttl = "24h"

[[auth.static_credentials]]
username = "root"
password = "toor"

[[auth.static_credentials]]
username = "admin"
password = "admin"

# Route specific credentials to a named shell (optional).
# [[auth.static_credentials]]
# username = "samsung"
# password = "fridge"
# shell = "fridge"

# [[auth.static_credentials]]
# username = "teller"
# password = "banking"
# shell = "banking"

# [[auth.static_credentials]]
# username = "admin"
# password = "cisco"
# shell = "cisco"

[storage]
db_path = "oubliette.db"
retention_days = 90
retention_interval = "1h"

# [web]
# enabled = true
# listen_addr = ":8080"
# metrics_enabled = true
# metrics_token = ""  # bearer token for /metrics; empty = no auth

[shell]
hostname = "ubuntu-server"
# banner = "Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-89-generic x86_64)\r\n\r\n"
# fake_user = ""  # override username in prompt; empty = use authenticated user

# Map usernames to specific shells (regardless of how auth succeeded).
# Credential-specific shell overrides take priority over username routes.
# [shell.username_routes]
# postgres = "psql"
# admin = "bash"

# Per-shell configuration (optional).
# [shell.banking]
# bank_name = "SECUREBANK"
# terminal_id = "SB-0001"   # random if not set
# region = "NORTHEAST"

# [shell.adventure]
# dungeon_name = "THE OUBLIETTE"

# [shell.cisco]
# hostname = "Router"
# model = "C2960"
# ios_version = "15.0(2)SE11"
# enable_password = ""  # empty = accept after 1 failed attempt

# [shell.psql]
# db_name = "postgres"
# pg_version = "15.4"

# [detection]
# enabled = true
# threshold = 0.6          # 0.0–1.0, sessions above this trigger notifications
# update_interval = "5s"   # how often to recompute the score during a session

# [[notify.webhooks]]
# url = "https://ntfy.example.com/honeypot"
# headers = { Authorization = "Bearer your-token" }
# events = ["human_detected", "session_started"]  # empty = all events