anti
fe46b8fc0b
The BASE_IMAGE build arg was being unconditionally overwritten by composer.py with the decky's distro build_base (debian:bookworm-slim), turning the conpot container into a bare Debian image with no conpot installation — hence the silent restart loop. Two fixes: 1. composer.py: use args.setdefault() so services that pre-declare BASE_IMAGE in their compose_fragment() win over the distro default. 2. conpot.py: pre-declare BASE_IMAGE=honeynet/conpot:latest in build args so it always uses the upstream image regardless of decky distro. Also removed the USER decnet switch from the conpot Dockerfile. The upstream image already runs as the non-root 'conpot' user; switching to 'decnet' broke pkg_resources because conpot's eggs live under /home/conpot/.local and are only on sys.path for that user.
36 lines
1.1 KiB
Python
36 lines
1.1 KiB
Python
from pathlib import Path
|
|
from decnet.services.base import BaseService
|
|
|
|
|
|
class ConpotService(BaseService):
|
|
"""ICS/SCADA honeypot covering Modbus (502), SNMP (161 UDP), and HTTP (80).
|
|
|
|
Uses a custom build context wrapping the official honeynet/conpot image
|
|
to fix Modbus binding to port 502.
|
|
"""
|
|
|
|
name = "conpot"
|
|
ports = [502, 161, 80]
|
|
default_image = "build"
|
|
|
|
def compose_fragment(self, decky_name: str, log_target: str | None = None, service_cfg: dict | None = None) -> dict:
|
|
env = {
|
|
"CONPOT_TEMPLATE": "default",
|
|
"NODE_NAME": decky_name,
|
|
}
|
|
if log_target:
|
|
env["LOG_TARGET"] = log_target
|
|
|
|
return {
|
|
"build": {
|
|
"context": str(self.dockerfile_context()),
|
|
"args": {"BASE_IMAGE": "honeynet/conpot:latest"},
|
|
},
|
|
"container_name": f"{decky_name}-conpot",
|
|
"restart": "unless-stopped",
|
|
"environment": env,
|
|
}
|
|
|
|
def dockerfile_context(self):
|
|
return Path(__file__).parent.parent.parent / "templates" / "conpot"
|