Archived

This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Files

Torjus Håkestad 75bac814d4

feat: add NixOS module for declarative deployment

Adds nixos-module.nix with services.oubliette options (enable, package,
settings, configFile) and a hardened systemd service. Exposes the module
as nixosModules.default in flake.nix.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-14 17:01:31 +01:00

1.5 KiB

Raw Blame History

Oubliette

An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.

Named after the medieval dungeon - a place you throw people into and forget about them.

Status

Early development. See PLAN.md for the roadmap.

Usage

Build

# With Nix
nix build

# With Go
nix develop -c go build ./cmd/oubliette

Configure

Copy and edit the example config:

cp oubliette.toml.example oubliette.toml

Key settings:

ssh.listen_addr — listen address (default :2222)
ssh.host_key_path — Ed25519 host key, auto-generated if missing
auth.accept_after — accept login after N failures per IP (default 10)
auth.credential_ttl — how long to remember accepted credentials (default 24h)
auth.static_credentials — always-accepted username/password pairs

Run

./oubliette -config oubliette.toml

Test with:

ssh -o StrictHostKeyChecking=no -p 2222 root@localhost

NixOS Module

Add the flake as an input and enable the service:

{
  services.oubliette = {
    enable = true;
    package = inputs.oubliette.packages.${system}.default;
    settings = {
      ssh.listen_addr = ":2222";
      auth.accept_after = 10;
      auth.static_credentials = [
        { username = "root"; password = "toor"; }
      ];
    };
  };
}

Alternatively, use configFile to pass a pre-written TOML file instead of settings.

1.5 KiB Raw Blame History