# this file is directly sourced by some bash scripts
# so there should be no space around the "="

LANGUAGE=en
NET_IFACE=eth0
FILE_USER=cryptobox-data
WEB_USER=www-data
SCAN_DEVICES="sda"
#SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"

# set this to "1" to create a dedicated configuration partition (very small)
# this should only be necessary, if your root filesystem is read-only (as for a live-cd)
USE_SEPERATE_CONFIG_PARTITION=0

# web interface
HTML_TEMPLATE_DIR=/usr/share/cryptobox/templates
STYLESHEET_URL=/cryptobox-misc/cryptobox.css

# directories
LANGUAGE_DIR=/usr/share/cryptobox/lang
DOC_DIR=/usr/share/doc/cryptobox/html
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
CONFIG_DIR=/var/lib/cryptobox/config
MNT_PARENT=/var/lib/cryptobox/mnt

# some files
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
ROOT_PERM_SCRIPT=/usr/lib/cryptobox/cbox-root-actions.sh
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
LOG_FILE=/var/log/cryptobox.log
CERT_FILE=/var/lib/cryptobox/config/stunnel.pem
OPENSSL_CONF_FILE=/etc/cryptobox/ssl-cert.conf
IDLE_COUNTER_FILE=/tmp/cbox-idle-counter
CONFIG_MARKER=cryptobox.marker

# crypto settings
# there is no default hash, as this is ignored by luks
DEFAULT_CIPHER=aes-cbc-essiv:sha256
DEV_MAPPER_DIR=/dev/mapper

# some programs
SFDISK=/sbin/sfdisk
MKFS_DATA=/sbin/mkfs.ext3
MKFS_CONFIG=/sbin/mkfs.ext2
CRYPTSETUP=/sbin/cryptsetup
IPTABLES=/sbin/iptables
IFCONFIG=/sbin/ifconfig

# firewall setings
# do not use multiports (iptables) as the timeout-script depends on
# single port rules
# ssh is allowed too, but the server is not started automatically
ALLOW_TCP_PORTS="22 80 139 443 445"
ALLOW_UDP_PORTS="137 138"