-# tripe configuration file
-#
-# this is sourced as a Bourne shell script by /etc/init.d/tripe
-
-# The directory you want tripe to work in. This is where it will search for
-# keyrings, and where its admin socket and logfile are kept.
-# TRIPEDIR=/etc/tripe
-
-# The name of the private key to use. This is usually `tripe-dh' for
-# integer Diffie-Hellman keys (the default) or `tripe-ec' for elliptic
-# curve keys.
-# keytag=tripe-dh
-
-# The address you want tripe to bind to. By default, tripe will accept
-# packets to any address acceptable to the host, and send packets from the
-# most appropriate address for the destination; setting this means it will
-# (a) only accept packets destined for the named address, and (b) send
-# packets from the named address. The latter is probably more useful.
-# addr=MYHOST
-
-# The UDP port you want tripe to use. I've chosen 22003 which isn't reserved
-# in any way. I chose it because it's the first two bytes of the RIPEMD-160
-# hash of the string `TrIPE'. If you don't set a port, tripe gets the kernel
-# to choose a port it's not using right now, and you have to dig it out by
-# saying `tripectl port'.
-# port=22003
-
-# The tunnel device you want tripe to use. The default is to use a system-
-# specific device, if there's one compiled in, or SLIP if not.
-# tunnel=slip
-
-# The user to run as once tripe has initialized. The user (or group -- see
-# `group' below) must be able to open new tunnel interfaces.
-# user=tripe
-
-# The group to run as once tripe has initialized. See caveats for `user'
-# above.
-# group=tripe
-
-# Trace options to pass to tripe. The default is no tracing. The setting
-# `A-cp' gives maxmimum possible verbosity without leaking important
-# secrets.
-# trace=A-cp
-
-# Any other options to pass on to tripectl.
-# miscopts=
-
-# Logfile to write to. The default is `tripe.log' in the working directory.
-# logfile=/var/log/tripe
-
-# Where to put tripectl's pidfile when it starts up. The default is
-# tripectl.pid in the working directory.
-# pidfile=/var/run/tripectl.pid
+### -*-sh-*-
+###
+### This file is sourced as a Bourne shell script by tripe's startup script.
+### There are vaguely sane defaults.
+
+## The directory you want tripe to work in. This is where it will search for
+## keyrings, and where its admin socket and logfile are kept. The default is
+## the CONFIGDIR established at `configure' time, via the `--with-configdir'
+## option.
+##
+#TRIPEDIR=/etc/tripe
+
+## The tag or type of the private key to use. This is usually `tripe'; the
+## default is to try both `tripe' or `tripe-dh', in that order.
+##
+#keytag=tripe
+
+## The address you want tripe to bind to. By default, tripe will accept
+## packets to any address acceptable to the host, and send packets from the
+## most appropriate address for the destination; setting this means it will
+## (a) only accept packets destined for the named address, and (b) send
+## packets from the named address. The latter is probably more useful.
+##
+#addr=MYHOST
+
+## The UDP port you want tripe to use. The default is 4070, which is
+## officially allocated by the IANA. If you explicitly specify port 0 then
+## tripe gets the kernel to choose a port it's not using right now, and you
+## have to dig it out by saying `tripectl port'.
+##
+#port=4070
+
+## The tunnel device you want tripe to use. The default is to use a system-
+## specific device, if there's one compiled in, or SLIP if not.
+##
+#tunnel=slip
+
+## The user to run as once tripe has initialized. TrIPE keeps a separate
+## process running as `root' specifically to open new tunnel devices, but
+## this doesn't work for SLIP devices; in this case, you must ensure that the
+## user (and/or group) you choose has sufficient privileges to request new
+## SLIP tunnels -- or acquires sufficient tunnels at startup time. The
+## default is not to change user.
+##
+#user=tripe
+
+## The group to run as once tripe has initialized. See caveats for `user'
+## above. The default is not to change group.
+##
+#group=tripe
+
+## The permissions to set on the administration socket. The default is 600,
+## which allows only the configured user to connect. Setting 660 allows
+## all members of the group to administer the server, which might be useful.
+## Setting this to 666 is probably a really bad idea.
+#sockmode=600
+
+## Trace options to pass to tripe. The default is no tracing. The setting
+## `A-cp' gives maxmimum possible verbosity without leaking important
+## secrets.
+##
+#trace=A-cp
+
+## Any other options to pass on to tripectl. (If you want to pass options on
+## to the tripe server itself, you'll need to put -SARG,ARG,... in here.)
+## The default is not to pass additional options.
+##
+#miscopts=
+
+## Logfile to write to. The default is determined by the `--with-logfile'
+## configure option, which defaults to `./tripe.log' (relative to
+## $TRIPEDIR). This may be set to `-' to write the log to stdout, or `!' to
+## write to stderr.
+##
+#logfile=/var/log/tripe
+
+## Whether to write a log to syslog. If this is something other than `nil',
+## then logs are written to syslog. If `syslogp' is non-nil and `logfile'
+## above is unset then no logs are written to files.
+#syslogp=nil
+
+## Where to put tripectl's pidfile when it starts up. The default is
+## determined by the `--with-pidfile' configure option, which defaults to
+## `./tripectl.pid' (relative to $TRIPEDIR).
+##
+#pidfile=/var/run/tripectl.pid
+
+## How to open SLIP interfaces. The value is a sequece of zero or more
+## static allocations, followed optionally by the name of a dynamic
+## allocation script, all separated by colons. A static allocation has the
+## form `INFD[,OUTFD]=IFNAME', declaring that the interface IFNAME can be
+## read from file descriptor INFD and written from file descriptor OUTFD
+## (defaults to the same as INFD). The dynamic allocation script name must
+## begin with `/' or `.' (interpreted relative to $TRIPEDIR); the script must
+## write an interface name to standard output followed by a newline, and
+## thereafter speak SLIP over standard input/output; stdin will be closed
+## (and the script process sent SIGTERM) when the interface is no longer
+## needed.
+##
+#TRIPE_SLIPIF=
~mdw / tripe / blobdiff