burp-server.conf.tmpl 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. {%- set fqdn = salt['pillar.get']('burp:server:fqdn') %}
  2. {%- set ops_mail = salt['pillar.get']('globals:ops_mail') %}
  3. #
  4. # FFHO burp server config (Salt managed)
  5. #
  6. mode = server
  7. listen = 0.0.0.0:4971
  8. max_children = 5
  9. # Think carefully before changing the status port address, as it can be used
  10. # to view the contents of backups.
  11. #listen_status = 127.0.0.1:4972
  12. #max_status_children = 5
  13. directory = /srv/burp/
  14. dedup_group = global
  15. clientconfdir = /etc/burp/clientconfdir
  16. # Choose the protocol to use.
  17. # 0 to decide automatically, 1 to force protocol1 mode (file level granularity
  18. # with a pseudo mirrored storage on the server and optional rsync). 2 forces
  19. # protocol2 mode (inline deduplication with variable length blocks).
  20. # Like many other settings, this can be set per client in the clientconfdir
  21. # files.
  22. # protocol = 0
  23. pidfile = /var/run/burp.server.pid
  24. hardlinked_archive = 0
  25. working_dir_recovery_method = delete
  26. umask = 0022
  27. syslog = 1
  28. stdout = 0
  29. # The following options can restrict what the client can do.
  30. # Restore clients can override all of these expect for force_backup.
  31. client_can_delete = 0
  32. # Set client_can_force_backup to 0 to only allow timed backups.
  33. client_can_force_backup = 1
  34. client_can_list = 1
  35. # Set client_can_restore to 0 if you want restores to only be initialised by
  36. # the server.
  37. client_can_restore = 1
  38. client_can_verify = 1
  39. # Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
  40. # ratelimit = 1.5
  41. # Network timeout defaults to 7200 seconds (2 hours).
  42. # network_timeout = 7200
  43. # Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
  44. #compression = zlib9
  45. # When the client version does not match the server version, log a warning.
  46. # Set to 0 to turn it off.
  47. version_warn = 1
  48. # More configuration files can be read, using syntax like the following
  49. # (without the leading '# ').
  50. # . path/to/more/conf
  51. # Location of autoupgrade files to serve to clients. Leave it commented out
  52. # to not autoupgrade clients.
  53. # autoupgrade_dir = /etc/burp/autoupgrade/server
  54. # You can have as many 'keep' lines as you like.
  55. # For example, if running backups daily, setting 7, 4, 6 will keep
  56. # 7 daily backups, 4 weekly, and 6 four-weekly backups.
  57. keep = 7
  58. # keep = 4
  59. # keep = 6
  60. # Run as different user/group.
  61. # user=graham
  62. # group=nogroup
  63. # CA options.
  64. # If you want your server to be a certificate authority and generate its own
  65. # certificates, uncomment the following lines. If the directory specified in
  66. # ca_conf does not exist, the server will create, populate it, and the paths
  67. # indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
  68. # overwritten. See docs/burp_ca.txt for more information.
  69. #ca_conf = /etc/burp/CA.cnf
  70. #ca_name = burpCA
  71. #ca_server_name = burpserver
  72. #ca_burp_ca = /usr/sbin/burp_ca
  73. #
  74. # Check for revoked certificates in the certificate revocation list.
  75. # Turn this off if you use the old ssl_extra_checks_script server script.
  76. ca_crl_check = 0
  77. # SSL certificate authority - same file on both server and client
  78. ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem
  79. # Server SSL certificate
  80. ssl_cert = /etc/ssl/certs/{{ fqdn }}.cert.pem
  81. # Server SSL key
  82. ssl_key = /etc/ssl/private/{{ fqdn }}.key.pem
  83. # Server DH file.
  84. ssl_dhfile = /etc/ssl/dhparam.pem
  85. # Server SSL ciphers
  86. #ssl_ciphers =
  87. # Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
  88. #ssl_compression = zlib5
  89. timer_script = /usr/share/burp/scripts/timer_script
  90. # Ensure that 20 hours elapse between backups
  91. # Available units:
  92. # s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
  93. timer_arg = 20h
  94. # Allow backups to start in the evenings and nights during weekdays
  95. timer_arg = Mon,Tue,Wed,Thu,Fri,01,02,03,04,05
  96. # Allow more hours at the weekend.
  97. timer_arg = Sat,Sun,01,02,03,04,05
  98. # Note that, if you specify no timebands, the default timer script will never
  99. # allow backups.
  100. # Uncomment the notify_success_* lines for email notifications of backups that
  101. # succeeded.
  102. # In the subject line, the following are substituted:
  103. # %b - "backup"/"restore"/"verify"
  104. # %c - client name
  105. # %w - number of warnings, if any
  106. notify_success_script = /usr/share/burp/scripts/notify_script
  107. notify_success_arg = sendmail -t
  108. notify_success_arg = To: {{ ops_mail }}
  109. notify_success_arg = From: {{ ops_mail }}
  110. notify_success_arg = Subject: %b succeeded: %c %w
  111. # Uncomment the following to have success notifications only if there were
  112. # warnings.
  113. #notify_success_warnings_only = 1
  114. # Uncomment the following to have success notifications only if there were
  115. # new or changed files.
  116. #notify_success_changes_only = 1
  117. # Uncomment the following for email notifications of backups that failed.
  118. notify_failure_script = /usr/share/burp/scripts/notify_script
  119. notify_failure_arg = sendmail -t
  120. notify_failure_arg = To: {{ ops_mail }}
  121. notify_failure_arg = From: {{ ops_mail }}
  122. notify_failure_arg = Subject: %b failed: %c %w
  123. # The server can run scripts on each connection after authentication and before
  124. # disconnecting.
  125. #server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script
  126. #server_script_pre_arg = /etc/burp/crl
  127. #server_script_pre_arg = /etc/burp/burp-server.conf
  128. #server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local
  129. # Set server_script_pre_notify to 1 to have notifications on server_script_pre
  130. # returning non-zero. Most people will want to leave this off - it could
  131. # result in a lot of emails because clients normally connect once every 20
  132. # minutes. Requires notify_failure_script to be set above.
  133. #server_script_pre_notify = 0
  134. #server_script_post =
  135. #server_script_post_arg =
  136. #server_script_post_arg =
  137. #server_script_post_run_on_fail=0
  138. # As for server_script_pre_notify, but for post.
  139. #server_script_post_notify = 0
  140. # Clients that are able to list and restore files belonging to any other
  141. # client. If this is too permissive, you may set a restore_client for
  142. # individual original clients in the individual clientconfdir files.
  143. # restore_client = someclient
  144. # restore_client = someotherclient
  145. # Whether or not the server process should cache the tree when a monitor client
  146. # is browsing a backup. Advantage: speed. Disadvantage: more memory is used.
  147. #monitor_browse_cache = 1