2
Service Personas
anti edited this page 2026-04-18 06:06:18 -04:00

Service Personas

Every service plugin receives an optional service_cfg dict built from the INI persona block [decky.<slug>]. This page lists only the knobs the plugin source actually reads. Anything you find elsewhere and don't see here is not wired in; file an issue or a plugin PR instead.

See also:

Every snippet below is a [<decky-name>.<slug>] INI subsection — drop it alongside the matching [<decky-name>] block (or [<archetype>] group block) in your deployment INI. See INI format for the subsection-inheritance rules.

Services with no INI knobs

These plugins do not read anything from service_cfg in source. Declaring them under [decky.<name>] with services = <slug> is enough; no persona block is required.

  • rdp
  • vnc
  • smb
  • ftp
  • tftp
  • postgres
  • mssql
  • mongodb
  • elasticsearch
  • imap
  • pop3
  • ldap
  • conpot
  • mqtt
  • sip
  • snmp
  • docker_api
  • k8s
  • llmnr
  • sniffer

ssh

Reads from service_cfg:

  • password — root password baked into the sshd image (default admin)
  • hostname — override container hostname (shown to attacker in the shell prompt / uname -n)
[decky-01.ssh]
password = P@ssw0rd2019!
hostname = mail-gw-03

telnet

Reads from service_cfg:

  • password — root password (default admin)
  • hostname — override container hostname
[decky-02.telnet]
password = cisco
hostname = edge-rtr-07

http

Reads from service_cfg:

  • server_header — value of the HTTP Server: response header
  • response_code — default status code for the root path
  • fake_app — label for the pretend application (served via the template)
  • extra_headers — dict or JSON-encoded string of additional response headers
  • custom_body — override response body text
  • files — host path to a directory bind-mounted read-only at /opt/html_files inside the container
[decky-03.http]
server_header = Apache/2.4.41 (Ubuntu)
response_code = 200
fake_app = phpMyAdmin 4.9.5
custom_body = <html><body><h1>It works!</h1></body></html>
files = /srv/decnet/fake-www/corp-intranet

https

Reads from service_cfg — same as http, plus TLS overrides:

  • server_header
  • response_code
  • fake_app
  • extra_headers
  • custom_body
  • files
  • tls_cert — path or PEM material for the TLS certificate
  • tls_key — path or PEM material for the TLS key
  • tls_cn — Common Name for a self-signed cert generated at startup
[decky-04.https]
server_header = nginx/1.18.0
response_code = 403
fake_app = Jenkins 2.387.3
tls_cn = portal.corp.local

mysql

Reads from service_cfg:

  • version — advertised MySQL server version string
[decky-05.mysql]
version = 5.7.38-log

redis

Reads from service_cfg:

  • version — advertised Redis version
  • os_string — advertised OS string in INFO server output
[decky-06.redis]
version = 6.2.7
os_string = Linux 5.15.0-101-generic x86_64

smtp

Reads from service_cfg:

  • banner — SMTP 220 greeting banner
  • mta — advertised MTA software / version
[decky-07.smtp]
banner = mail.corp.local ESMTP Postfix (Debian/GNU)
mta = Postfix 3.5.13

smtp_relay

Inherits the smtp template with SMTP_OPEN_RELAY=1 hard-wired. Reads from service_cfg:

  • banner — SMTP 220 greeting banner
  • mta — advertised MTA software / version
[decky-08.smtp_relay]
banner = relay.corp.local ESMTP
mta = Sendmail 8.15.2