{%- set fqdn = salt['pillar.get']('burp:server:fqdn') %} {%- set ops_mail = salt['pillar.get']('globals:ops_mail') %} # # FFHO burp server config (Salt managed) # mode = server listen = 0.0.0.0:4971 max_children = 5 # Think carefully before changing the status port address, as it can be used # to view the contents of backups. #listen_status = 127.0.0.1:4972 #max_status_children = 5 directory = /srv/burp/ dedup_group = global clientconfdir = /etc/burp/clientconfdir # Choose the protocol to use. # 0 to decide automatically, 1 to force protocol1 mode (file level granularity # with a pseudo mirrored storage on the server and optional rsync). 2 forces # protocol2 mode (inline deduplication with variable length blocks). # Like many other settings, this can be set per client in the clientconfdir # files. # protocol = 0 pidfile = /var/run/burp.server.pid hardlinked_archive = 0 working_dir_recovery_method = delete umask = 0022 syslog = 1 stdout = 0 # The following options can restrict what the client can do. # Restore clients can override all of these expect for force_backup. client_can_delete = 0 # Set client_can_force_backup to 0 to only allow timed backups. client_can_force_backup = 1 client_can_list = 1 # Set client_can_restore to 0 if you want restores to only be initialised by # the server. client_can_restore = 1 client_can_verify = 1 # Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s). # ratelimit = 1.5 # Network timeout defaults to 7200 seconds (2 hours). # network_timeout = 7200 # Server storage compression. Default is zlib9. Set to zlib0 to turn it off. #compression = zlib9 # When the client version does not match the server version, log a warning. # Set to 0 to turn it off. version_warn = 1 # More configuration files can be read, using syntax like the following # (without the leading '# '). # . path/to/more/conf # Location of autoupgrade files to serve to clients. Leave it commented out # to not autoupgrade clients. # autoupgrade_dir = /etc/burp/autoupgrade/server # You can have as many 'keep' lines as you like. # For example, if running backups daily, setting 7, 4, 6 will keep # 7 daily backups, 4 weekly, and 6 four-weekly backups. keep = 7 # keep = 4 # keep = 6 # Run as different user/group. # user=graham # group=nogroup # CA options. # If you want your server to be a certificate authority and generate its own # certificates, uncomment the following lines. If the directory specified in # ca_conf does not exist, the server will create, populate it, and the paths # indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be # overwritten. See docs/burp_ca.txt for more information. #ca_conf = /etc/burp/CA.cnf #ca_name = burpCA #ca_server_name = burpserver #ca_burp_ca = /usr/sbin/burp_ca # # Check for revoked certificates in the certificate revocation list. # Turn this off if you use the old ssl_extra_checks_script server script. ca_crl_check = 0 # SSL certificate authority - same file on both server and client ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem # Server SSL certificate ssl_cert = /etc/ssl/certs/{{ fqdn }}.cert.pem # Server SSL key ssl_key = /etc/ssl/private/{{ fqdn }}.key.pem # Server DH file. ssl_dhfile = /etc/ssl/dhparam.pem # Server SSL ciphers #ssl_ciphers = # Server SSL compression. Default is zlib5. Set to zlib0 to turn it off. #ssl_compression = zlib5 timer_script = /usr/share/burp/scripts/timer_script # Ensure that 20 hours elapse between backups # Available units: # s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months) timer_arg = 20h # Allow backups to start in the evenings and nights during weekdays timer_arg = Mon,Tue,Wed,Thu,Fri,01,02,03,04,05 # Allow more hours at the weekend. timer_arg = Sat,Sun,01,02,03,04,05 # Note that, if you specify no timebands, the default timer script will never # allow backups. # Uncomment the notify_success_* lines for email notifications of backups that # succeeded. # In the subject line, the following are substituted: # %b - "backup"/"restore"/"verify" # %c - client name # %w - number of warnings, if any notify_success_script = /usr/share/burp/scripts/notify_script notify_success_arg = sendmail -t notify_success_arg = To: {{ ops_mail }} notify_success_arg = From: {{ ops_mail }} notify_success_arg = Subject: %b succeeded: %c %w # Uncomment the following to have success notifications only if there were # warnings. #notify_success_warnings_only = 1 # Uncomment the following to have success notifications only if there were # new or changed files. #notify_success_changes_only = 1 # Uncomment the following for email notifications of backups that failed. notify_failure_script = /usr/share/burp/scripts/notify_script notify_failure_arg = sendmail -t notify_failure_arg = To: {{ ops_mail }} notify_failure_arg = From: {{ ops_mail }} notify_failure_arg = Subject: %b failed: %c %w # The server can run scripts on each connection after authentication and before # disconnecting. #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script #server_script_pre_arg = /etc/burp/crl #server_script_pre_arg = /etc/burp/burp-server.conf #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local # Set server_script_pre_notify to 1 to have notifications on server_script_pre # returning non-zero. Most people will want to leave this off - it could # result in a lot of emails because clients normally connect once every 20 # minutes. Requires notify_failure_script to be set above. #server_script_pre_notify = 0 #server_script_post = #server_script_post_arg = #server_script_post_arg = #server_script_post_run_on_fail=0 # As for server_script_pre_notify, but for post. #server_script_post_notify = 0 # Clients that are able to list and restore files belonging to any other # client. If this is too permissive, you may set a restore_client for # individual original clients in the individual clientconfdir files. # restore_client = someclient # restore_client = someotherclient # Whether or not the server process should cache the tree when a monitor client # is browsing a backup. Advantage: speed. Disadvantage: more memory is used. #monitor_browse_cache = 1