from pathlib import Path

from decnet.services.base import BaseService

TEMPLATES_DIR = Path(__file__).parent.parent.parent / "templates" / "real_ssh"


class RealSSHService(BaseService):
    """
    Fully interactive OpenSSH server — no honeypot emulation.

    Used for the deaddeck (entry-point machine). Attackers get a real shell.
    Credentials are intentionally weak to invite exploitation.

    service_cfg keys:
        password      Root password (default: "admin")
        hostname      Override container hostname
    """

    name = "real_ssh"
    ports = [22]
    default_image = "build"

    def compose_fragment(
        self,
        decky_name: str,
        log_target: str | None = None,
        service_cfg: dict | None = None,
    ) -> dict:
        cfg = service_cfg or {}
        env: dict = {
            "SSH_ROOT_PASSWORD": cfg.get("password", "admin"),
        }
        if "hostname" in cfg:
            env["SSH_HOSTNAME"] = cfg["hostname"]

        return {
            "build": {"context": str(TEMPLATES_DIR)},
            "container_name": f"{decky_name}-real-ssh",
            "restart": "unless-stopped",
            "cap_add": ["NET_BIND_SERVICE"],
            "environment": env,
        }

    def dockerfile_context(self) -> Path:
        return TEMPLATES_DIR