Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Tree: 0b3ae3b258
Branches Tags
ffho-salt-pu...
/
burp
/
server
/
burp-server.conf.tmpl

burp-server.conf.tmpl 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. {%- set fqdn = salt['pillar.get']('burp:server:fqdn') %}
    2. 

  2. {%- set ops_mail = salt['pillar.get']('globals:ops_mail') %}
    3. 

  3. #
    4. 

  4. # FFHO burp server config (Salt managed)
    5. 

  5. #
    6. 

  6. 

  7. mode = server
    8. 

  8. listen = :::4971
    9. 

  9. max_children = 5
    10. 

  10. 

  11. # Think carefully before changing the status port address, as it can be used
    12. 

  12. # to view the contents of backups.
    13. 

  13. #listen_status = 127.0.0.1:4972
    14. 

  14. #max_status_children = 5
    15. 

  15. 

  16. directory = /srv/burp/
    17. 

  17. 

  18. dedup_group = global
    19. 

  19. clientconfdir = /etc/burp/clientconfdir
    20. 

  20. # Choose the protocol to use.
    21. 

  21. # 0 to decide automatically, 1 to force protocol1 mode (file level granularity
    22. 

  22. # with a pseudo mirrored storage on the server and optional rsync). 2 forces
    23. 

  23. # protocol2 mode (inline deduplication with variable length blocks).
    24. 

  24. # Like many other settings, this can be set per client in the clientconfdir
    25. 

  25. # files.
    26. 

  26. # protocol = 0
    27. 

  27. pidfile = /var/run/burp.server.pid
    28. 

  28. hardlinked_archive = 0
    29. 

  29. working_dir_recovery_method = delete
    30. 

  30. umask = 0022
    31. 

  31. syslog = 1
    32. 

  32. stdout = 0
    33. 

  33. # The following options can restrict what the client can do.
    34. 

  34. # Restore clients can override all of these expect for force_backup.
    35. 

  35. client_can_delete = 0
    36. 

  36. # Set client_can_force_backup to 0 to only allow timed backups.
    37. 

  37. client_can_force_backup = 1
    38. 

  38. client_can_list = 1
    39. 

  39. # Set client_can_restore to 0 if you want restores to only be initialised by
    40. 

  40. # the server.
    41. 

  41. client_can_restore = 1
    42. 

  42. client_can_verify = 1
    43. 

  43. # Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
    44. 

  44. # ratelimit = 1.5
    45. 

  45. # Network timeout defaults to 7200 seconds (2 hours).
    46. 

  46. # network_timeout = 7200
    47. 

  47. 

  48. # Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
    49. 

  49. #compression = zlib9
    50. 

  50. 

  51. # When the client version does not match the server version, log a warning.
    52. 

  52. # Set to 0 to turn it off.
    53. 

  53. version_warn = 1
    54. 

  54. 

  55. # More configuration files can be read, using syntax like the following
    56. 

  56. # (without the leading '# ').
    57. 

  57. # . path/to/more/conf
    58. 

  58. 

  59. # Location of autoupgrade files to serve to clients. Leave it commented out
    60. 

  60. # to not autoupgrade clients.
    61. 

  61. # autoupgrade_dir = /etc/burp/autoupgrade/server
    62. 

  62. 

  63. # You can have as many 'keep' lines as you like.
    64. 

  64. # For example, if running backups daily, setting 7, 4, 6 will keep
    65. 

  65. # 7 daily backups, 4 weekly, and 6 four-weekly backups.
    66. 

  66. keep = 7
    67. 

  67. keep = 4
    68. 

  68. keep = 3
    69. 

  69. 

  70. # Run as different user/group.
    71. 

  71. # user=graham
    72. 

  72. # group=nogroup
    73. 

  73. 

  74. # CA options.
    75. 

  75. # If you want your server to be a certificate authority and generate its own
    76. 

  76. # certificates, uncomment the following lines. If the directory specified in
    77. 

  77. # ca_conf does not exist, the server will create, populate it, and the paths
    78. 

  78. # indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
    79. 

  79. # overwritten. See docs/burp_ca.txt for more information.
    80. 

  80. #ca_conf = /etc/burp/CA.cnf
    81. 

  81. #ca_name = burpCA
    82. 

  82. #ca_server_name = burpserver
    83. 

  83. #ca_burp_ca = /usr/sbin/burp_ca
    84. 

  84. #
    85. 

  85. # Check for revoked certificates in the certificate revocation list.
    86. 

  86. # Turn this off if you use the old ssl_extra_checks_script server script.
    87. 

  87. ca_crl_check = 0
    88. 

  88. 

  89. # SSL certificate authority - same file on both server and client
    90. 

  90. ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem
    91. 

  91. 

  92. # Server SSL certificate
    93. 

  93. ssl_cert = /etc/ssl/certs/{{ fqdn }}.cert.pem
    94. 

  94. 

  95. # Server SSL key
    96. 

  96. ssl_key = /etc/ssl/private/{{ fqdn }}.key.pem
    97. 

  97. 

  98. # Server DH file.
    99. 

  99. ssl_dhfile = /etc/ssl/dhparam.pem
    100. 

  100. 

  101. # Server SSL ciphers
    102. 

  102. #ssl_ciphers =
    103. 

  103. 

  104. # Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
    105. 

  105. #ssl_compression = zlib5
    106. 

  106. 

  107. 

  108. timer_script = /usr/share/burp/scripts/timer_script
    109. 

  109. # Ensure that 20 hours elapse between backups
    110. 

  110. # Available units:
    111. 

  111. # s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
    112. 

  112. timer_arg = 20h
    113. 

  113. # Allow backups to start in the evenings and nights during weekdays
    114. 

  114. timer_arg = Mon,Tue,Wed,Thu,Fri,01,02,03,04,05
    115. 

  115. # Allow more hours at the weekend.
    116. 

  116. timer_arg = Sat,Sun,01,02,03,04,05
    117. 

  117. # Note that, if you specify no timebands, the default timer script will never
    118. 

  118. # allow backups.
    119. 

  119. 

  120. # Uncomment the notify_success_* lines for email notifications of backups that
    121. 

  121. # succeeded.
    122. 

  122. # In the subject line, the following are substituted:
    123. 

  123. # %b - "backup"/"restore"/"verify"
    124. 

  124. # %c - client name
    125. 

  125. # %w - number of warnings, if any
    126. 

  126. notify_success_script = /usr/share/burp/scripts/notify_script
    127. 

  127. notify_success_arg = sendmail -t
    128. 

  128. notify_success_arg = To: {{ ops_mail }}
    129. 

  129. notify_success_arg = From: {{ ops_mail }}
    130. 

  130. notify_success_arg = Subject: %b succeeded: %c %w
    131. 

  131. # Uncomment the following to have success notifications only if there were
    132. 

  132. # warnings.
    133. 

  133. #notify_success_warnings_only = 1
    134. 

  134. # Uncomment the following to have success notifications only if there were
    135. 

  135. # new or changed files.
    136. 

  136. #notify_success_changes_only = 1
    137. 

  137. 

  138. # Uncomment the following for email notifications of backups that failed.
    139. 

  139. notify_failure_script = /usr/share/burp/scripts/notify_script
    140. 

  140. notify_failure_arg = sendmail -t
    141. 

  141. notify_failure_arg = To: {{ ops_mail }}
    142. 

  142. notify_failure_arg = From: {{ ops_mail }}
    143. 

  143. notify_failure_arg = Subject: %b failed: %c %w
    144. 

  144. 

  145. # The server can run scripts on each connection after authentication and before
    146. 

  146. # disconnecting.
    147. 

  147. #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
    148. 

  148. #server_script_pre_arg = /etc/burp/crl
    149. 

  149. #server_script_pre_arg = /etc/burp/burp-server.conf
    150. 

  150. #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
    151. 

  151. # Set server_script_pre_notify to 1 to have notifications on server_script_pre
    152. 

  152. # returning non-zero. Most people will want to leave this off - it could
    153. 

  153. # result in a lot of emails because clients normally connect once every 20
    154. 

  154. # minutes. Requires notify_failure_script to be set above.
    155. 

  155. #server_script_pre_notify = 0
    156. 

  156. #server_script_post =
    157. 

  157. #server_script_post_arg =
    158. 

  158. #server_script_post_arg =
    159. 

  159. #server_script_post_run_on_fail=0
    160. 

  160. # As for server_script_pre_notify, but for post.
    161. 

  161. #server_script_post_notify = 0
    162. 

  162. 

  163. # Clients that are able to list and restore files belonging to any other
    164. 

  164. # client. If this is too permissive, you may set a restore_client for
    165. 

  165. # individual original clients in the individual clientconfdir files.
    166. 

  166. # restore_client = someclient
    167. 

  167. # restore_client = someotherclient
    168. 

  168. 

  169. # Whether or not the server process should cache the tree when a monitor client
    170. 

  170. # is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
    171. 

  171. #monitor_browse_cache = 1
    172.