123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 |
- {%- set fqdn = salt['pillar.get']('burp:server:fqdn') %}
- {%- set ops_mail = salt['pillar.get']('globals:ops_mail') %}
- #
- # FFHO burp server config (Salt managed)
- #
- mode = server
- listen = 0.0.0.0:4971
- max_children = 5
- # Think carefully before changing the status port address, as it can be used
- # to view the contents of backups.
- #listen_status = 127.0.0.1:4972
- #max_status_children = 5
- directory = /srv/burp/
- dedup_group = global
- clientconfdir = /etc/burp/clientconfdir
- # Choose the protocol to use.
- # 0 to decide automatically, 1 to force protocol1 mode (file level granularity
- # with a pseudo mirrored storage on the server and optional rsync). 2 forces
- # protocol2 mode (inline deduplication with variable length blocks).
- # Like many other settings, this can be set per client in the clientconfdir
- # files.
- # protocol = 0
- pidfile = /var/run/burp.server.pid
- hardlinked_archive = 0
- working_dir_recovery_method = delete
- umask = 0022
- syslog = 1
- stdout = 0
- # The following options can restrict what the client can do.
- # Restore clients can override all of these expect for force_backup.
- client_can_delete = 0
- # Set client_can_force_backup to 0 to only allow timed backups.
- client_can_force_backup = 1
- client_can_list = 1
- # Set client_can_restore to 0 if you want restores to only be initialised by
- # the server.
- client_can_restore = 1
- client_can_verify = 1
- # Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
- # ratelimit = 1.5
- # Network timeout defaults to 7200 seconds (2 hours).
- # network_timeout = 7200
- # Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
- #compression = zlib9
- # When the client version does not match the server version, log a warning.
- # Set to 0 to turn it off.
- version_warn = 1
- # More configuration files can be read, using syntax like the following
- # (without the leading '# ').
- # . path/to/more/conf
- # Location of autoupgrade files to serve to clients. Leave it commented out
- # to not autoupgrade clients.
- # autoupgrade_dir = /etc/burp/autoupgrade/server
- # You can have as many 'keep' lines as you like.
- # For example, if running backups daily, setting 7, 4, 6 will keep
- # 7 daily backups, 4 weekly, and 6 four-weekly backups.
- keep = 7
- keep = 4
- keep = 3
- # Run as different user/group.
- # user=graham
- # group=nogroup
- # CA options.
- # If you want your server to be a certificate authority and generate its own
- # certificates, uncomment the following lines. If the directory specified in
- # ca_conf does not exist, the server will create, populate it, and the paths
- # indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
- # overwritten. See docs/burp_ca.txt for more information.
- #ca_conf = /etc/burp/CA.cnf
- #ca_name = burpCA
- #ca_server_name = burpserver
- #ca_burp_ca = /usr/sbin/burp_ca
- #
- # Check for revoked certificates in the certificate revocation list.
- # Turn this off if you use the old ssl_extra_checks_script server script.
- ca_crl_check = 0
- # SSL certificate authority - same file on both server and client
- ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem
- # Server SSL certificate
- ssl_cert = /etc/ssl/certs/{{ fqdn }}.cert.pem
- # Server SSL key
- ssl_key = /etc/ssl/private/{{ fqdn }}.key.pem
- # Server DH file.
- ssl_dhfile = /etc/ssl/dhparam.pem
- # Server SSL ciphers
- #ssl_ciphers =
- # Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
- #ssl_compression = zlib5
- timer_script = /usr/share/burp/scripts/timer_script
- # Ensure that 20 hours elapse between backups
- # Available units:
- # s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
- timer_arg = 20h
- # Allow backups to start in the evenings and nights during weekdays
- timer_arg = Mon,Tue,Wed,Thu,Fri,01,02,03,04,05
- # Allow more hours at the weekend.
- timer_arg = Sat,Sun,01,02,03,04,05
- # Note that, if you specify no timebands, the default timer script will never
- # allow backups.
- # Uncomment the notify_success_* lines for email notifications of backups that
- # succeeded.
- # In the subject line, the following are substituted:
- # %b - "backup"/"restore"/"verify"
- # %c - client name
- # %w - number of warnings, if any
- notify_success_script = /usr/share/burp/scripts/notify_script
- notify_success_arg = sendmail -t
- notify_success_arg = To: {{ ops_mail }}
- notify_success_arg = From: {{ ops_mail }}
- notify_success_arg = Subject: %b succeeded: %c %w
- # Uncomment the following to have success notifications only if there were
- # warnings.
- #notify_success_warnings_only = 1
- # Uncomment the following to have success notifications only if there were
- # new or changed files.
- #notify_success_changes_only = 1
- # Uncomment the following for email notifications of backups that failed.
- notify_failure_script = /usr/share/burp/scripts/notify_script
- notify_failure_arg = sendmail -t
- notify_failure_arg = To: {{ ops_mail }}
- notify_failure_arg = From: {{ ops_mail }}
- notify_failure_arg = Subject: %b failed: %c %w
- # The server can run scripts on each connection after authentication and before
- # disconnecting.
- #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
- #server_script_pre_arg = /etc/burp/crl
- #server_script_pre_arg = /etc/burp/burp-server.conf
- #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
- # Set server_script_pre_notify to 1 to have notifications on server_script_pre
- # returning non-zero. Most people will want to leave this off - it could
- # result in a lot of emails because clients normally connect once every 20
- # minutes. Requires notify_failure_script to be set above.
- #server_script_pre_notify = 0
- #server_script_post =
- #server_script_post_arg =
- #server_script_post_arg =
- #server_script_post_run_on_fail=0
- # As for server_script_pre_notify, but for post.
- #server_script_post_notify = 0
- # Clients that are able to list and restore files belonging to any other
- # client. If this is too permissive, you may set a restore_client for
- # individual original clients in the individual clientconfdir files.
- # restore_client = someclient
- # restore_client = someotherclient
- # Whether or not the server process should cache the tree when a monitor client
- # is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
- #monitor_browse_cache = 1
|