# T-Pot config file. Do not remove.

###############################################
# T-Pot Base Settings - Adjust to your needs. #
###############################################

# Set Web usernames and passwords here. This section will be used to create / update the Nginx password file nginxpasswd.
#  <empty>: This is the default
#  <base64 encoded htpasswd usernames / passwords>:
#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the WEB_USER if you want to manually deploy T-Pot, run 'install.sh' to automatically add a user during installation, or 'genuser.sh' if you just want to add a web user.
#   Example: 'htpasswd -n -b "tsec" "tsec" | base64 -w0' will print dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
#   Copy the string and replace WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo=
#   Multiple users are possible:
#   WEB_USER=dHNlYzokYXByMSRYUnE2SC5rbiRVRjZQM1VVQmJVNWJUQmNmSGRuUFQxCgo= dHNlYzokYXByMSR6VUFHVWdmOCRROXI3a09CTjFjY3lCeU1DTloyanEvCgo=
WEB_USER=

# Set Logstash Web usernames and passwords here. This section will be used to create / update the Nginx password file lswebpasswd.
# The Lostsash Web usernames are used for T-Pot log ingestion via Logstash, each sensor should have its own user.
#  <empty>: This is empty by default.
#  <'htpasswd encoded usernames / passwords'>:
#   Use 'htpasswd -n -b "username" "password" | base64 -w0' to create the LS_WEB_USER if you want to manually deploy the sensor.
#   Example: 'htpasswd -n -b "sensor" "sensor" | base64 -w0' will print c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
#   Copy the string and replace / add LS_WEB_USER=c2Vuc29yOiRhcHIxJGVpMHdzUmdYJHNyWHF4UG53ZzZqWUc3aEFaUWxrWDEKCg==
#   Multiple users are possible:
#   LS_WEB_USER=c2Vuc29yMTokYXByMSQ5aXhNRk5yMCR6d3F2dGFwQ2x0cFBhU1pqMm9ZemYxCgo= c2Vuc29yMjokYXByMSRtYTlOS1J2NCQvU3dsVVBMeW5RaVIyM3pyWVAzOUkwCgo=
LS_WEB_USER=

# T-Pot Blackhole
#  ENABLED: T-Pot will download a db of known mass scanners and nullroute them.
#           Be aware, this will put T-Pot off the map for stealth reasons and
#           you will get less traffic. Routes will be active until next reboot
#           and will be re-added with every T-Pot start until disabled.
#  DISABLED: This is the default and no stealth efforts are in place.
TPOT_BLACKHOLE=DISABLED

# T-Pot Persistence
#  on: This is the default. T-Pot will keep the honeypot logfiles and rotate
#      with logrotate for 30 days.
#  off: This is recommended for Raspberry Pi or setups with weaker CPUs or
#       if you just do not need any of the logfiles.
TPOT_PERSISTENCE=on

# T-Pot Type
#  HIVE: This is the default and offers everything to connect T-Pot sensors.
#  SENSOR: This needs to be used when running a sensor. Be aware to adjust all other
#          settings as well.
#          1. You will need to copy compose/sensor.yml to ./docker-comopose.yml
#          2. From HIVE host you will need to copy ~/tpotce/data/nginx/cert/nginx.crt to
#             your SENSOR host to ~/tpotce/data/hive.crt
#          3. On HIVE: Create a web user per SENSOR on HIVE and provide credentials below
#             Create credentials with 'htpasswd ~/tpotce/data/nginx/conf/lswebpasswd <username>'
#          4. On SENSOR: Provide username / password from (3) for TPOT_HIVE_USER as base64 encoded string:
#                        "echo -n 'username:password' | base64 -w0"
TPOT_TYPE=HIVE

# T-Pot Hive User (only relevant for SENSOR deployment)
#  <empty>: This is empty by default.
#  <base64 encoded string>: Provide a base64 encoded string "echo -n 'username:password' | base64 -w0"
#                           i.e. TPOT_HIVE_USER='dXNlcm5hbWU6cGFzc3dvcmQ='
TPOT_HIVE_USER=

# T-Pot Hive IP (only relevant for SENSOR deployment)
#  <empty>: This is empty by default.
#  <IP, FQDN>: This can be either a IP (i.e. 192.168.1.1) or a FQDN (i.e. foo.bar.local)
TPOT_HIVE_IP=

# T-Pot AttackMap Text Output
#  ENABLED: This is the default and the docker container map_data will print events to the console.
#  DISABLED: Printing events to the console is disabled.
TPOT_ATTACKMAP_TEXT=ENABLED

# T-Pot AttackMap Text Output Timezone
#  UTC: (T-Pot default) This is usually the best option.
#  Continent/City: In Linux you can check our timezone with `readlink` /etc/localtime or
#                  see the full list here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
#  Examples: America/New_York, Asia/Taipei, Australia/Melbourne, Europe/Athens, Europe/Berlin
TPOT_ATTACKMAP_TEXT_TIMEZONE=UTC

###################################################################################
# Honeypots / Tools settings
###################################################################################
# Some services / tools offer adjustments using ENVs which can be adjusted here.
###################################################################################

# Suricata ET Pro ruleset
#  OPEN: This is the default and will the ET Open ruleset
#  OINKCODE: Replace OPEN with your Oinkcode to use the ET Pro ruleset
OINKCODE=OPEN


###################################################################################
# NEVER MAKE CHANGES TO THIS SECTION UNLESS YOU REALLY KNOW WHAT YOU ARE DOING!!! #
###################################################################################

# docker.sock Path
TPOT_DOCKER_SOCK=/var/run/docker.sock

# docker compose .env
TPOT_DOCKER_ENV=./.env

# Docker-Compose file
TPOT_DOCKER_COMPOSE=./docker-compose.yml

# T-Pot Docker Repo
#  Depending on where you are located you may choose between DockerHub and GHCR
#  dtagdevsec: This will use the DockerHub image registry
#  ghcr.io/telekom-security: This will use the GitHub container registry
TPOT_REPO=dtagdevsec

# T-Pot Version Tag
TPOT_VERSION=24.04

# T-Pot Pull Policy
#  always: (T-Pot default) Compose implementations SHOULD always pull the image from the registry.
#  never: Compose implementations SHOULD NOT pull the image from a registry and SHOULD rely on the platform cached image.
#  missing: Compose implementations SHOULD pull the image only if it's not available in the platform cache.
#  build: Compose implementations SHOULD build the image. Compose implementations SHOULD rebuild the image if already present.
TPOT_PULL_POLICY=always

# T-Pot Data Path
TPOT_DATA_PATH=./data

# OSType (linux, mac, win)
#  Most docker features are available on linux
TPOT_OSTYPE=linux