dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
Files
74e4a4d89816efb14610147c474ad87a6158d71b
configpolicy/roles/burp-server/templates/burp-server.conf.j2
Dustin C. Hatch d290eca833 roles/burp-server: switch to version_compare test 
Ansible replaced the `version_compare` filter with a `version_compare`
test that does the same thing.  The former is completely gone now,
causing the template to fail to render, so its usage of that filter
needs to be updated.
2020-01-25 13:54:42 -06:00

198 lines
6.6 KiB
Django/Jinja
Raw Blame History

{% set is_burp2 = burp_version is version_compare('2.0', '>=') %}
# This is an example config file for the burp server.
mode = server
{% if is_burp2 %}
# The default addresses to listen on depend upon compile time options.
# They may be overridden here.
#address = 0.0.0.0
{% endif %}
port = 4971
{% if is_burp2 %}
# Think carefully before changing the status port address, as it can be used
# to view the contents of backups.
#status_address = 127.0.0.1
# If you do not wish to run a status server at all, comment status_port out.
{% endif %}
status_port = 4972
directory = /var/spool/burp
{% if is_burp2 %}
dedup_group = {{ burp_dedup_group|d('global') }}
{% endif %}
{% if is_burp2 %}
# Choose the protocol to use.
# 0 to decide automatically, 1 to force protocol1 mode (file level granularity
# with a pseudo mirrored storage on the server and optional rsync). 2 forces
# protocol2 mode (inline deduplication with variable length blocks).
# Like many other settings, this can be set per client in the clientconfdir
# files.
# protocol = 0
{% endif %}
clientconfdir = /etc/burp/clientconfdir
pidfile = /run/burp/server.pid
hardlinked_archive = {{ burp_hardlinked_archive|bool|int }}
{% if burp_librsync is defined %}
librsync = {{ burp_librsync|bool|int }}
{% endif %}
working_dir_recovery_method = delete
max_children = 5
max_status_children = 5
umask = 0022
syslog = 1
stdout = 0
# The following options can restrict what the client can do.
# Note that restore_clients will still be able to do all of these operations,
# except for force_backup.
client_can_delete = 1
# Set client_can_force_backup to 0 to only allow timed backups.
client_can_force_backup = 1
client_can_list = 1
# Set client_can_restore to 0 if you want restores to only be initialised by
# the server.
client_can_restore = 1
client_can_verify = 1
# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
# ratelimit = 1.5
# Network timeout defaults to 7200 seconds (2 hours).
# network_timeout = 7200
{% if is_burp2 %}
# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
#compression = zlib9
{% endif %}
# When the client version does not match the server version, log a warning.
# Set to 0 to turn it off.
version_warn = 1
# More configuration files can be read, using syntax like the following
# (without the leading '# ').
# . path/to/more/conf
# You can have as many 'keep' lines as you like.
# For example, if running backups daily, setting 7, 4, 6 will keep
# 7 daily backups, 4 weekly, and 6 four-weekly backups.
{% if burp_keep is iterable and burp_keep is not string %}
{% for k in burp_keep %}
keep = {{ k }}
{% endfor %}
{% else %}
keep = {{ burp_keep }}
{% endif %}
# Run as different user/group.
user = burp
group = burp
# CA options.
# If you want your server to be a certificate authority and generate its own
# certificates, uncomment the following lines. If the directory specified in
# ca_conf does not exist, the server will create, populate it, and the paths
# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be
# overwritten. See docs/burp_ca.txt for more information.
ca_conf = /etc/burp/CA.cnf
ca_name = burpCA
ca_server_name = {{ burp_ca_server_name }}
ca_burp_ca = /usr/sbin/burp_ca
{% if is_burp2 %}
# Check for revoked certificates in the certificate revocation list.
# Turn this off if you use the old ssl_extra_checks_script server script.
ca_crl_check = 1
{% endif %}
# SSL certificate authority - same file on both server and client
ssl_cert_ca = /etc/burp/ssl_cert_ca.pem
# Server SSL certificate
ssl_cert = /etc/burp/ssl_cert-server.pem
# Server SSL key
ssl_key = /etc/burp/ssl_cert-server.key
# Server SSL ciphers
#ssl_ciphers =
{% if is_burp2 %}
# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off.
#ssl_compression = zlib5
{% endif %}
# SSL key password
#ssl_key_password = password
# Server DH file.
ssl_dhfile = /etc/burp/dhfile.pem
timer_script = {{ burp_timer_script }}
# Ensure that 20 hours elapse between backups
# Available units:
# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
timer_arg = {{ burp_backup_interval }}
{% if burp_timebands is defined %}
{% for timeband in burp_timebands %}
timer_arg = {{ timeband }}
{% endfor %}
{% else %}
# Allow backups to start in the evenings and nights during weekdays
timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
# Allow more hours at the weekend.
timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
{% endif %}
# Note that, if you specify no timebands, the default timer script will never
# allow backups.
# Uncomment the notify_success_* lines for email notifications of backups that
# succeeded.
# In the subject line, the following are substituted:
# %b - "backup"/"restore"/"verify"
# %c - client name
# %w - number of warnings, if any
{% if burp_notify_success|bool %}
notify_success_script = {{ burp_notify_script }}
notify_success_arg = sendmail -t
notify_success_arg = To: {{ burp_notify }}
notify_success_arg = From: burp
notify_success_arg = Subject: %b succeeded: %c %w
{% endif %}
# Uncomment the following to have success notifications only if there were
# warnings.
#notify_success_warnings_only = 1
# Uncomment the following to have success notifications only if there were
# new or changed files.
#notify_success_changes_only = 1
# Uncomment the following for email notifications of backups that failed.
{% if burp_notify_failure|bool %}
notify_failure_script = {{ burp_notify_script }}
notify_failure_arg = sendmail -t
notify_failure_arg = To: {{ burp_notify }}
notify_failure_arg = From: burp
notify_failure_arg = Subject: %b failed: %c %w
{% endif %}
# The server can run scripts on each connection after authentication and before
# disconnecting.
#server_script_pre = {{ burp_server_script_pre }}
#server_script_pre_arg = /etc/burp/crl
#server_script_pre_arg = /etc/burp/burp-server.conf
#server_script_pre_arg = /etc/burp/server-pre-script.local
# Set server_script_pre_notify to 1 to have notifications on server_script_pre
# returning non-zero. Most people will want to leave this off - it could
# result in a lot of emails because clients normally connect once every 20
# minutes. Requires notify_failure_script to be set above.
#server_script_pre_notify = 0
#server_script_post =
#server_script_post_arg =
#server_script_post_arg =
#server_script_post_run_on_fail=0
# As for server_script_pre_notify, but for post.
#server_script_post_notify = 0
# Clients that are able to list and restore files belonging to any other
# client. If this is too permissive, you may set a restore_client for
# individual original clients in the individual clientconfdir files.
# restore_client = someclient
# restore_client = someotherclient
Reference in New Issue View Git Blame Copy Permalink