# this file is directly sourced by some bash scripts
# so there should be no space around the "="

LANGUAGE=en
NET_IFACE=eth0
SAMBA_USER=nobody
SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd0 scd1 scd2 scd3 sg sda sdb sdc sdd"

# web interface
HTML_TEMPLATE_DIR=/usr/share/cryptobox/templates
STYLESHEET_URL=/cryptobox-data/cryptobox.css

# directories
LANGUAGE_DIR=/usr/share/cryptobox/lang
DOC_DIR=/usr/share/doc/cryptobox/html
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
CONFIG_DIR=/mnt/cb-etc
MNT_PARENT=/mnt/crypto

# some files
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
LOG_FILE=/var/log/cryptobox.log
CERT_FILE=/mnt/cb-etc/stunnel.pem
OPENSSL_CONF_FILE=/etc/cryptobox/ssl-cert.conf
IDLE_COUNTER_FILE=/tmp/cbox-idle-counter
CONFIG_MARKER=cryptobox.marker

# crypto settings
# there is no default hash, as this is ignored by luks
DEFAULT_CIPHER=aes-cbc-essiv:sha256
CRYPTMAPPER_DIR=/dev/mapper

# some programs
SFDISK=/sbin/sfdisk
MKFS_DATA=/sbin/mkfs.ext3
MKFS_CONFIG=/sbin/mkfs.ext2
CRYPTSETUP=/sbin/cryptsetup
IPTABLES=/sbin/iptables

# firewall setings
# do not use multiports (iptables) as the timeout-script depends on
# single port rules
# ssh is allowed too, but the server is not started automatically
ALLOW_TCP_PORTS="22 80 139 443 445"
ALLOW_UDP_PORTS="137 138"