cryptonas/cbox-tree.d/etc/cryptobox/cryptobox.conf

# this file is directly sourced by some bash scripts
# so there should be no space around the "="

LANGUAGE=de
NET_IFACE=eth0
SAMBA_USER=nobody
SCAN_DEVICES="/dev/hda /dev/hdb /dev/hdc /dev/hde /dev/hdf /dev/hdg /dev/scd0 /dev/scd1 /dev/scd2 /dev/scd3"

# directories
LANGUAGE_DIR=/usr/share/cryptobox/lang
TEMPLATE_DIR=/usr/share/cryptobox/templates
DOC_DIR=/usr/share/doc/cryptobox/html
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
CONFIG_DIR=/mnt/cb-etc
CRYPTO_DIR=/mnt/crypto

# some files
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
LOG_FILE=/var/log/cryptobox.log
CERT_FILE=/mnt/cb-etc/stunnel.pem
OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf
IDLE_COUNTER_FILE=/tmp/cbox-idle-counter

# crypto settings
HASH=sha512
ALGO=aes
CRYPTMAPPER_DEV=/dev/mapper/cryptobox-data

# some programs
SFDISK=/sbin/sfdisk
WIPE=/usr/bin/wipe
MKFS_DATA=/sbin/mkfs.ext3
MKFS_CONFIG=/sbin/mkfs.ext2
CRYPTSETUP=/sbin/cryptsetup

# firewall setings
# do not use multiports (iptables) as the timeout-script depends on
# single port rules
# ssh is allowed too, but the server is not started automatically
ALLOW_TCP_PORTS="22 80 139 443 445"
ALLOW_UDP_PORTS="137 138"